summaryrefslogtreecommitdiff
path: root/poky/meta/recipes-connectivity
diff options
context:
space:
mode:
authorDave Cobbley <david.j.cobbley@linux.intel.com>2018-08-14 20:05:37 +0300
committerBrad Bishop <bradleyb@fuzziesquirrel.com>2018-08-23 04:26:31 +0300
commiteb8dc40360f0cfef56fb6947cc817a547d6d9bc6 (patch)
treede291a73dc37168da6370e2cf16c347d1eba9df8 /poky/meta/recipes-connectivity
parent9c3cf826d853102535ead04cebc2d6023eff3032 (diff)
downloadopenbmc-eb8dc40360f0cfef56fb6947cc817a547d6d9bc6.tar.xz
[Subtree] Removing import-layers directory
As part of the move to subtrees, need to bring all the import layers content to the top level. Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com> Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-connectivity')
-rw-r--r--poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb62
-rw-r--r--poky/meta/recipes-connectivity/avahi/avahi.inc139
-rw-r--r--poky/meta/recipes-connectivity/avahi/avahi_0.7.bb20
-rw-r--r--poky/meta/recipes-connectivity/avahi/files/00avahi-autoipd10
-rw-r--r--poky/meta/recipes-connectivity/avahi/files/99avahi-autoipd10
-rw-r--r--poky/meta/recipes-connectivity/avahi/files/initscript.patch47
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch54
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch25
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch34
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch48
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch49
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/bind92
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/conf.patch330
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch17
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh8
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch65
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch42
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/named.service22
-rw-r--r--poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch36
-rw-r--r--poky/meta/recipes-connectivity/bind/bind_9.10.6.bb123
-rw-r--r--poky/meta/recipes-connectivity/bluez5/bluez5.inc146
-rw-r--r--poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch63
-rw-r--r--poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch28
-rw-r--r--poky/meta/recipes-connectivity/bluez5/bluez5/init65
-rw-r--r--poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch26
-rw-r--r--poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest31
-rw-r--r--poky/meta/recipes-connectivity/bluez5/bluez5_5.48.bb69
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-conf.bb36
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service10
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup16
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config9
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch277
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch35
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch187
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.pngbin0 -> 490 bytes
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.pngbin0 -> 496 bytes
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.pngbin0 -> 492 bytes
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.pngbin0 -> 470 bytes
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.pngbin0 -> 419 bytes
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch36
-rw-r--r--poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb30
-rw-r--r--poky/meta/recipes-connectivity/connman/connman.inc216
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch29
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch41
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch63
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch35
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch112
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch69
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch77
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch68
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch77
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/connman83
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/includes.patch423
-rw-r--r--poky/meta/recipes-connectivity/connman/connman/no-version-scripts.patch27
-rw-r--r--poky/meta/recipes-connectivity/connman/connman_1.35.bb22
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp.inc143
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch30
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch117
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch38
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch100
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch36
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch30
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch42
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch117
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch28
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch208
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch81
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch37
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch74
-rw-r--r--poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb22
-rw-r--r--poky/meta/recipes-connectivity/dhcp/files/default-relay12
-rw-r--r--poky/meta/recipes-connectivity/dhcp/files/default-server7
-rw-r--r--poky/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper39
-rw-r--r--poky/meta/recipes-connectivity/dhcp/files/dhclient.conf50
-rw-r--r--poky/meta/recipes-connectivity/dhcp/files/dhclient.service13
-rw-r--r--poky/meta/recipes-connectivity/dhcp/files/dhcpd.conf108
-rw-r--r--poky/meta/recipes-connectivity/dhcp/files/dhcpd.service15
-rw-r--r--poky/meta/recipes-connectivity/dhcp/files/dhcpd6.service15
-rw-r--r--poky/meta/recipes-connectivity/dhcp/files/dhcrelay.service10
-rw-r--r--poky/meta/recipes-connectivity/dhcp/files/init-relay44
-rw-r--r--poky/meta/recipes-connectivity/dhcp/files/init-server44
-rw-r--r--poky/meta/recipes-connectivity/iproute2/iproute2.inc54
-rw-r--r--poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch30
-rw-r--r--poky/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch63
-rw-r--r--poky/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch41
-rw-r--r--poky/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch32
-rw-r--r--poky/meta/recipes-connectivity/iproute2/iproute2_4.14.1.bb15
-rwxr-xr-xpoky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init78
-rw-r--r--poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch87
-rw-r--r--poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch29
-rw-r--r--poky/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb51
-rw-r--r--poky/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch41
-rw-r--r--poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch35
-rw-r--r--poky/meta/recipes-connectivity/iw/iw_4.14.bb33
-rw-r--r--poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch56
-rw-r--r--poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb40
-rw-r--r--poky/meta/recipes-connectivity/libpcap/libpcap.inc42
-rw-r--r--poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch41
-rw-r--r--poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch67
-rw-r--r--poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch36
-rw-r--r--poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch29
-rw-r--r--poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch73
-rw-r--r--poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb31
-rw-r--r--poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb13
-rw-r--r--poky/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch35
-rw-r--r--poky/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch36
-rw-r--r--poky/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch30
-rw-r--r--poky/meta/recipes-connectivity/neard/neard/neard.in54
-rw-r--r--poky/meta/recipes-connectivity/neard/neard_0.16.bb50
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch31
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch42
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch27
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch18
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch13
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb27
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch40
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch27
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service15
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service24
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service13
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch37
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch42
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils.conf35
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon63
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver130
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils/proc-fs-nfsd.mount8
-rw-r--r--poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb150
-rw-r--r--poky/meta/recipes-connectivity/ofono/ofono.inc39
-rw-r--r--poky/meta/recipes-connectivity/ofono/ofono/ofono42
-rw-r--r--poky/meta/recipes-connectivity/ofono/ofono/use-python3.patch27
-rw-r--r--poky/meta/recipes-connectivity/ofono/ofono_1.22.bb9
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch47
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch39
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch99
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/init90
-rwxr-xr-xpoky/meta/recipes-connectivity/openssh/openssh/run-ptest44
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/ssh_config48
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/sshd10
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/sshd.socket10
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/sshd@.service13
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys90
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/sshd_config132
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service8
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd2
-rw-r--r--poky/meta/recipes-connectivity/openssh/openssh_7.6p1.bb167
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch45
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch46
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch93
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch69
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch25
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch35
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch71
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch22
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch73
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch15
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch34
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch15
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch15
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch177
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch29
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch68
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch15
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch4658
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch64
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl54
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch24
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh222
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch19
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch34
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch39
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch370
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch34
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch248
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch20
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch21
-rwxr-xr-xpoky/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest2
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch41
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch43
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh222
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl/run-ptest4
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl10.inc285
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb64
-rw-r--r--poky/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb161
-rw-r--r--poky/meta/recipes-connectivity/ppp-dialin/files/host-peer11
-rw-r--r--poky/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin3
-rw-r--r--poky/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb27
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch163
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch30
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch43
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch54
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/08setupdns12
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/92removedns5
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch297
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/copts.patch21
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch30
-rwxr-xr-xpoky/meta/recipes-connectivity/ppp/ppp/init57
-rwxr-xr-xpoky/meta/recipes-connectivity/ppp/ppp/ip-down43
-rwxr-xr-xpoky/meta/recipes-connectivity/ppp/ppp/ip-up44
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch38
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/makefile.patch95
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/pap22
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/poff26
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/pon9
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/ppp@.service9
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/ppp_on_boot21
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch45
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp/provider35
-rw-r--r--poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb101
-rw-r--r--poky/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf4
-rw-r--r--poky/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch20
-rw-r--r--poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb67
-rw-r--r--poky/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch52
-rw-r--r--poky/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch32
-rw-r--r--poky/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch35
-rw-r--r--poky/meta/recipes-connectivity/socat/socat_1.7.3.2.bb41
-rw-r--r--poky/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch21
-rw-r--r--poky/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch22
-rw-r--r--poky/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch15
-rw-r--r--poky/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch19
-rw-r--r--poky/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb50
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant1
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig552
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch1025
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh86
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf690
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane7
-rw-r--r--poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb111
227 files changed, 19456 insertions, 0 deletions
diff --git a/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb b/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb
new file mode 100644
index 000000000..5648e386b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb
@@ -0,0 +1,62 @@
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
+ file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
+ file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
+ file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
+ file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
+
+require avahi.inc
+
+inherit distro_features_check
+ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
+
+SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6"
+SRC_URI[sha256sum] = "57a99b5dfe7fdae794e3d1ee7a62973a368e91e414bd0dfa5d84434de5b14804"
+
+DEPENDS += "avahi"
+
+AVAHI_GTK = "gtk3"
+
+S = "${WORKDIR}/avahi-${PV}"
+
+PACKAGES = "${PN} ${PN}-utils ${PN}-dbg ${PN}-dev ${PN}-staticdev ${PN}-doc avahi-discover"
+
+FILES_${PN} = "${libdir}/libavahi-ui*.so.*"
+FILES_${PN}-dev += "${libdir}/libavahi-ui${SOLIBSDEV}"
+FILES_${PN}-staticdev += "${libdir}/libavahi-ui.a"
+
+FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*"
+
+FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \
+ ${datadir}/avahi/interfaces/avahi-discover.ui \
+ ${bindir}/avahi-discover-standalone \
+ "
+
+do_install_append () {
+ rm ${D}${sysconfdir} -rf
+ rm ${D}${base_libdir} -rf
+ rm ${D}${systemd_unitdir} -rf
+ # The ${systemd_unitdir} is /lib/systemd, so we need rmdir /lib,
+ # but not ${base_libdir} here. And the /lib may not exist
+ # whithout systemd.
+ [ ! -d ${D}/lib ] || rmdir ${D}/lib --ignore-fail-on-non-empty
+ rm ${D}${bindir}/avahi-b*
+ rm ${D}${bindir}/avahi-p*
+ rm ${D}${bindir}/avahi-r*
+ rm ${D}${bindir}/avahi-s*
+ rm ${D}${includedir}/avahi-c* -rf
+ rm ${D}${includedir}/avahi-g* -rf
+ rm ${D}${libdir}/libavahi-c*
+ rm ${D}${libdir}/libavahi-g*
+ rm ${D}${libdir}/pkgconfig/avahi-c*
+ rm ${D}${libdir}/pkgconfig/avahi-g*
+ rm ${D}${sbindir} -rf
+ rm ${D}${datadir}/avahi/a*
+ rm ${D}${datadir}/locale/ -rf
+ rm ${D}${datadir}/dbus* -rf
+ rm ${D}${mandir}/man1/a*
+ rm ${D}${mandir}/man5 -rf
+ rm ${D}${mandir}/man8 -rf
+ rm ${D}${libdir}/girepository-1.0/ -rf
+ rm ${D}${datadir}/gir-1.0/ -rf
+}
+
diff --git a/poky/meta/recipes-connectivity/avahi/avahi.inc b/poky/meta/recipes-connectivity/avahi/avahi.inc
new file mode 100644
index 000000000..ec368de4f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/avahi.inc
@@ -0,0 +1,139 @@
+SUMMARY = "Avahi IPv4LL network address configuration daemon"
+DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \
+allows programs to publish and discover services and hosts running on a local network \
+with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \
+IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \
+configuration from the link-local 169.254.0.0/16 range without the need for a central \
+server.'
+AUTHOR = "Lennart Poettering <lennart@poettering.net>"
+HOMEPAGE = "http://avahi.org"
+BUGTRACKER = "https://github.com/lathiat/avahi/issues"
+SECTION = "network"
+
+# major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and
+# python scripts are under GPLv2+
+LICENSE = "GPLv2+ & LGPLv2.1+"
+
+DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native"
+
+SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
+ file://00avahi-autoipd \
+ file://99avahi-autoipd \
+ file://initscript.patch \
+ "
+UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
+
+# For gtk related PACKAGECONFIGs: gtk, gtk3
+AVAHI_GTK ?= ""
+
+PACKAGECONFIG ??= "dbus ${AVAHI_GTK}"
+PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
+PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+"
+PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3"
+
+USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
+USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \
+ --no-create-home --shell /bin/false \
+ --user-group avahi"
+
+USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \
+ --no-create-home --shell /bin/false \
+ --user-group \
+ -c \"Avahi autoip daemon\" \
+ avahi-autoipd"
+
+inherit autotools pkgconfig update-rc.d gettext useradd gobject-introspection
+
+EXTRA_OECONF = "--with-avahi-priv-access-group=adm \
+ --disable-stack-protector \
+ --disable-gdbm \
+ --disable-mono \
+ --disable-monodoc \
+ --disable-qt3 \
+ --disable-qt4 \
+ --disable-python \
+ --disable-doxygen-doc \
+ --enable-manpages \
+ ${EXTRA_OECONF_SYSVINIT} \
+ ${EXTRA_OECONF_SYSTEMD} \
+ "
+
+# The distro choice determines what init scripts are installed
+EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}"
+EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}"
+
+do_configure_prepend() {
+ sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac
+
+ # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes
+ rm "${S}/common/introspection.m4" || true
+}
+
+do_compile_prepend() {
+ export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs"
+}
+
+PACKAGES =+ "avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib libavahi-ui avahi-autoipd avahi-utils"
+
+# As avahi doesn't put any files into PN, clear the files list to avoid problems
+# if extra libraries appear.
+FILES_${PN} = ""
+FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \
+ ${sysconfdir}/avahi/avahi-autoipd.action \
+ ${sysconfdir}/dhcp/*/avahi-autoipd \
+ ${sysconfdir}/udhcpc.d/00avahi-autoipd \
+ ${sysconfdir}/udhcpc.d/99avahi-autoipd"
+FILES_libavahi-common = "${libdir}/libavahi-common.so.*"
+FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib"
+FILES_avahi-daemon = "${sbindir}/avahi-daemon \
+ ${sysconfdir}/avahi/avahi-daemon.conf \
+ ${sysconfdir}/avahi/hosts \
+ ${sysconfdir}/avahi/services \
+ ${sysconfdir}/dbus-1 \
+ ${sysconfdir}/init.d/avahi-daemon \
+ ${datadir}/avahi/introspection/*.introspect \
+ ${datadir}/avahi/avahi-service.dtd \
+ ${datadir}/avahi/service-types \
+ ${datadir}/dbus-1/system-services"
+FILES_libavahi-client = "${libdir}/libavahi-client.so.*"
+FILES_libavahi-ui = "${libdir}/libavahi-ui.so.*"
+FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \
+ ${sysconfdir}/avahi/avahi-dnsconfd.action \
+ ${sysconfdir}/init.d/avahi-dnsconfd"
+FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*"
+FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.* ${libdir}/girepository-1.0/Avahi*.typelib"
+FILES_avahi-utils = "${bindir}/avahi-*"
+
+RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})"
+
+RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns"
+RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns"
+
+CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf"
+
+INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd"
+INITSCRIPT_NAME_avahi-daemon = "avahi-daemon"
+INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19"
+INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd"
+INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19"
+
+do_install() {
+ autotools_do_install
+ rm -rf ${D}/run
+ rm -rf ${D}${datadir}/dbus-1/interfaces
+ test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
+ rm -rf ${D}${libdir}/avahi
+
+ install -d ${D}${sysconfdir}/udhcpc.d
+ install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d
+ install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d
+}
+
+# At the time the postinst runs, dbus might not be setup so only restart if running
+# Don't exit early, because update-rc.d needs to run subsequently.
+
+pkg_postinst_avahi-daemon () {
+if [ -z "$D" ]; then
+ killall -q -HUP dbus-daemon || true
+fi
+}
diff --git a/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb
new file mode 100644
index 000000000..7c91f10f1
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/avahi_0.7.bb
@@ -0,0 +1,20 @@
+require avahi.inc
+
+inherit systemd
+
+SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd"
+SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service"
+SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
+ file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
+ file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
+ file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
+ file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
+
+SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6"
+SRC_URI[sha256sum] = "57a99b5dfe7fdae794e3d1ee7a62973a368e91e414bd0dfa5d84434de5b14804"
+
+DEPENDS += "intltool-native"
+
+PACKAGES =+ "libavahi-gobject"
diff --git a/poky/meta/recipes-connectivity/avahi/files/00avahi-autoipd b/poky/meta/recipes-connectivity/avahi/files/00avahi-autoipd
new file mode 100644
index 000000000..a0ab81460
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/files/00avahi-autoipd
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1
+
+case "$1" in
+
+ deconfig|renew|bound)
+ /usr/sbin/avahi-autoipd -k $interface 2> /dev/null
+ ;;
+esac
diff --git a/poky/meta/recipes-connectivity/avahi/files/99avahi-autoipd b/poky/meta/recipes-connectivity/avahi/files/99avahi-autoipd
new file mode 100644
index 000000000..234cdaa3e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/files/99avahi-autoipd
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1
+
+case "$1" in
+
+ leasefail)
+ /usr/sbin/avahi-autoipd -wD $interface 2> /dev/null
+ ;;
+esac
diff --git a/poky/meta/recipes-connectivity/avahi/files/initscript.patch b/poky/meta/recipes-connectivity/avahi/files/initscript.patch
new file mode 100644
index 000000000..c856c3df0
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/files/initscript.patch
@@ -0,0 +1,47 @@
+Upstream-Status: Pending
+
+Index: avahi-0.7/initscript/debian/avahi-daemon.in
+===================================================================
+--- avahi-0.7.orig/initscript/debian/avahi-daemon.in
++++ avahi-0.7/initscript/debian/avahi-daemon.in
+@@ -1,5 +1,17 @@
+ #!/bin/sh
+-
++### BEGIN INIT INFO
++# Provides: avahi
++# Required-Start: $remote_fs dbus
++# Required-Stop: $remote_fs dbus
++# Should-Start: $syslog
++# Should-Stop: $syslog
++# Default-Start: 2 3 4 5
++# Default-Stop: 0 1 6
++# Short-Description: Avahi mDNS/DNS-SD Daemon
++# Description: Zeroconf daemon for configuring your network
++# automatically
++### END INIT INFO
++#
+ # This file is part of avahi.
+ #
+ # avahi is free software; you can redistribute it and/or modify it
+Index: avahi-0.7/initscript/debian/avahi-dnsconfd.in
+===================================================================
+--- avahi-0.7.orig/initscript/debian/avahi-dnsconfd.in
++++ avahi-0.7/initscript/debian/avahi-dnsconfd.in
+@@ -1,4 +1,17 @@
+ #!/bin/sh
++### BEGIN INIT INFO
++# Provides: avahi-dnsconfd
++# Required-Start: $remote_fs avahi
++# Required-Stop: $remote_fs avahi
++# Should-Start: $syslog
++# Should-Stop: $syslog
++# Default-Start: 2 3 4 5
++# Default-Stop: 0 1 6
++# Short-Description: Avahi mDNS/DNS-SD DNS configuration
++# Description: Zeroconf daemon for configuring your network
++# automatically
++### END INIT INFO
++#
+
+ # This file is part of avahi.
+ #
diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch b/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
new file mode 100644
index 000000000..1e23c0f56
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
@@ -0,0 +1,54 @@
+xml2-config is disabled, so change the configure script to use pkgconfig to find
+libxml2.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Update context for version 9.10.3-P2.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+Update context for version 9.10.5-P3.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ configure.in | 23 +++--------------------
+ 1 file changed, 3 insertions(+), 20 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index 4da73a4..6f2a754 100644
+--- a/configure.in
++++ b/configure.in
+@@ -2282,26 +2282,9 @@ case "$use_libxml2" in
+ DST_LIBXML2_INC=""
+ ;;
+ auto|yes)
+- case X`(xml2-config --version) 2>/dev/null` in
+- X2.[[6789]].*)
+- libxml2_libs=`xml2-config --libs`
+- libxml2_cflags=`xml2-config --cflags`
+- ;;
+- *)
+- if test "yes" = "$use_libxml2" ; then
+- AC_MSG_RESULT(no)
+- AC_MSG_ERROR(required libxml2 version not available)
+- else
+- libxml2_libs=
+- libxml2_cflags=
+- fi
+- ;;
+- esac
+- ;;
+- *)
+- if test -f "$use_libxml2/bin/xml2-config" ; then
+- libxml2_libs=`$use_libxml2/bin/xml2-config --libs`
+- libxml2_cflags=`$use_libxml2/bin/xml2-config --cflags`
++ if pkg-config --exists libxml-2.0 ; then
++ libxml2_libs=`pkg-config libxml-2.0 --libs`
++ libxml2_cflags=`pkg-config libxml-2.0 --cflags`
+ fi
+ ;;
+ esac
+--
+2.1.4
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch
new file mode 100644
index 000000000..121509371
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch
@@ -0,0 +1,25 @@
+Upstream-Status: Pending
+
+Subject: gen.c: extend DIRNAMESIZE from 256 to 512
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ lib/dns/gen.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/dns/gen.c b/lib/dns/gen.c
+index 7a7dafb..51a0435 100644
+--- a/lib/dns/gen.c
++++ b/lib/dns/gen.c
+@@ -148,7 +148,7 @@ static const char copyright[] =
+ #define TYPECLASSBUF (TYPECLASSLEN + 1)
+ #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
+ #define ATTRIBUTESIZE 256
+-#define DIRNAMESIZE 256
++#define DIRNAMESIZE 512
+
+ static struct cc {
+ struct cc *next;
+--
+1.9.1
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch
new file mode 100644
index 000000000..1ed858cd3
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch
@@ -0,0 +1,34 @@
+From 5bc3167a8b714ec0c4a3f1c7f3b9411296ec0a23 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Wed, 16 Sep 2015 20:23:47 -0700
+Subject: [PATCH] lib/dns/gen.c: fix too long error
+
+The 512 is a little short when build in deep dir, and cause "too long"
+error, use PATH_MAX if defined.
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ lib/dns/gen.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/dns/gen.c b/lib/dns/gen.c
+index 51a0435..3d7214f 100644
+--- a/lib/dns/gen.c
++++ b/lib/dns/gen.c
+@@ -148,7 +148,11 @@ static const char copyright[] =
+ #define TYPECLASSBUF (TYPECLASSLEN + 1)
+ #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
+ #define ATTRIBUTESIZE 256
++#ifdef PATH_MAX
++#define DIRNAMESIZE PATH_MAX
++#else
+ #define DIRNAMESIZE 512
++#endif
+
+ static struct cc {
+ struct cc *next;
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch b/poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
new file mode 100644
index 000000000..8bc4ea30f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
@@ -0,0 +1,48 @@
+From 9b40619ff6fddfef2758ba797789f8487f412df3 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Mon, 16 Feb 2015 00:50:01 -0800
+Subject: [PATCH] confgen: don't build unix.o twice
+
+Fixed:
+unix/os.o: file not recognized: File truncated
+collect2: error: ld returned 1 exit status
+
+This is because os.o was built twice:
+* The implicity rule (depends on unix/os.o)
+* The "make all" in unix subdir (depends on unix/os.o)
+
+Depend on subdirs which is unix only rather than unix/os.o will fix the
+problem.
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+
+Update context(trailing whitespace) for version 9.10.5-P3.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ bin/confgen/Makefile.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
+index dca272f..02becce 100644
+--- a/bin/confgen/Makefile.in
++++ b/bin/confgen/Makefile.in
+@@ -74,11 +74,11 @@ rndc-confgen.@O@: rndc-confgen.c
+ ddns-confgen.@O@: ddns-confgen.c
+ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
+
+-rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
++rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS)
+ export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
+ ${FINALBUILDCMD}
+
+-ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
++ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS)
+ export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
+ ${FINALBUILDCMD}
+
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
new file mode 100644
index 000000000..13df3bb0e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
@@ -0,0 +1,49 @@
+From 9473d29843579802e96b0293a3e953fed93de82c Mon Sep 17 00:00:00 2001
+From: Paul Gortmaker <paul.gortmaker@windriver.com>
+Date: Tue, 9 Jun 2015 11:22:00 -0400
+Subject: [PATCH] bind: ensure searching for json headers searches sysroot
+
+Bind can fail configure by detecting headers w/o libs[1], or
+it can fail the host contamination check as per below:
+
+ERROR: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities.
+Rerun configure task after fixing this. The path was 'build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/build'
+ERROR: Function failed: do_qa_configure
+ERROR: Logfile of failure stored in: build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/temp/log.do_configure.5242
+ERROR: Task 5 (meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure) failed with exit code '1'
+NOTE: Tasks Summary: Attempted 773 tasks of which 768 didn't need to be rerun and 1 failed.
+No currently running tasks (773 of 781)
+
+Summary: 1 task failed:
+ /meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure
+
+One way to fix it would be to unconditionally disable json in bind
+configure[2] but here we fix it by using the path to where we would
+put the header if we had json in the sysroot, in case someone wants
+to make use of the combination some day.
+
+[1] https://trac.macports.org/ticket/45305
+[2] https://trac.macports.org/changeset/126406
+
+Upstream-Status: Inappropriate [OE Specific]
+Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
+---
+ configure.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.in b/configure.in
+index c9ef3a601343..17a1f613e9ac 100644
+--- a/configure.in
++++ b/configure.in
+@@ -2139,7 +2139,7 @@ case "$use_libjson" in
+ libjson_libs=""
+ ;;
+ auto|yes)
+- for d in /usr /usr/local /opt/local
++ for d in "${STAGING_INCDIR}"
+ do
+ if test -f "${d}/include/json/json.h"
+ then
+--
+2.4.2
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/bind9 b/poky/meta/recipes-connectivity/bind/bind/bind9
new file mode 100644
index 000000000..968679ff7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/bind9
@@ -0,0 +1,2 @@
+# startup options for the server
+OPTIONS="-u bind"
diff --git a/poky/meta/recipes-connectivity/bind/bind/conf.patch b/poky/meta/recipes-connectivity/bind/bind/conf.patch
new file mode 100644
index 000000000..aad345f9f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/conf.patch
@@ -0,0 +1,330 @@
+Upstream-Status: Inappropriate [configuration]
+
+the patch is imported from openembedded project
+
+11/30/2010 - Qing He <qing.he@intel.com>
+
+diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0
+--- bind-9.3.1.orig/conf/db.0 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.0 2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,12 @@
++;
++; BIND reverse data file for broadcast zone
++;
++$TTL 604800
++@ IN SOA localhost. root.localhost. (
++ 1 ; Serial
++ 604800 ; Refresh
++ 86400 ; Retry
++ 2419200 ; Expire
++ 604800 ) ; Negative Cache TTL
++;
++@ IN NS localhost.
+diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127
+--- bind-9.3.1.orig/conf/db.127 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.127 2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,13 @@
++;
++; BIND reverse data file for local loopback interface
++;
++$TTL 604800
++@ IN SOA localhost. root.localhost. (
++ 1 ; Serial
++ 604800 ; Refresh
++ 86400 ; Retry
++ 2419200 ; Expire
++ 604800 ) ; Negative Cache TTL
++;
++@ IN NS localhost.
++1.0.0 IN PTR localhost.
+diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty
+--- bind-9.3.1.orig/conf/db.empty 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.empty 2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,14 @@
++; BIND reverse data file for empty rfc1918 zone
++;
++; DO NOT EDIT THIS FILE - it is used for multiple zones.
++; Instead, copy it, edit named.conf, and use that copy.
++;
++$TTL 86400
++@ IN SOA localhost. root.localhost. (
++ 1 ; Serial
++ 604800 ; Refresh
++ 86400 ; Retry
++ 2419200 ; Expire
++ 86400 ) ; Negative Cache TTL
++;
++@ IN NS localhost.
+diff -urN bind-9.3.1.orig/conf/db.255 bind-9.3.1/conf/db.255
+--- bind-9.3.1.orig/conf/db.255 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.255 2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,12 @@
++;
++; BIND reserve data file for broadcast zone
++;
++$TTL 604800
++@ IN SOA localhost. root.localhost. (
++ 1 ; Serial
++ 604800 ; Refresh
++ 86400 ; Retry
++ 2419200 ; Expire
++ 604800 ) ; Negative Cache TTL
++;
++@ IN NS localhost.
+diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local
+--- bind-9.3.1.orig/conf/db.local 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.local 2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,13 @@
++;
++; BIND data file for local loopback interface
++;
++$TTL 604800
++@ IN SOA localhost. root.localhost. (
++ 1 ; Serial
++ 604800 ; Refresh
++ 86400 ; Retry
++ 2419200 ; Expire
++ 604800 ) ; Negative Cache TTL
++;
++@ IN NS localhost.
++@ IN A 127.0.0.1
+diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root
+--- bind-9.3.1.orig/conf/db.root 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/db.root 2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,45 @@
++
++; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
++;; global options: printcmd
++;; Got answer:
++;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
++;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
++
++;; QUESTION SECTION:
++;. IN NS
++
++;; ANSWER SECTION:
++. 518400 IN NS A.ROOT-SERVERS.NET.
++. 518400 IN NS B.ROOT-SERVERS.NET.
++. 518400 IN NS C.ROOT-SERVERS.NET.
++. 518400 IN NS D.ROOT-SERVERS.NET.
++. 518400 IN NS E.ROOT-SERVERS.NET.
++. 518400 IN NS F.ROOT-SERVERS.NET.
++. 518400 IN NS G.ROOT-SERVERS.NET.
++. 518400 IN NS H.ROOT-SERVERS.NET.
++. 518400 IN NS I.ROOT-SERVERS.NET.
++. 518400 IN NS J.ROOT-SERVERS.NET.
++. 518400 IN NS K.ROOT-SERVERS.NET.
++. 518400 IN NS L.ROOT-SERVERS.NET.
++. 518400 IN NS M.ROOT-SERVERS.NET.
++
++;; ADDITIONAL SECTION:
++A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
++B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
++C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
++D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
++E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
++F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
++G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
++H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
++I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
++J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
++K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
++L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12
++M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
++
++;; Query time: 81 msec
++;; SERVER: 198.41.0.4#53(a.root-servers.net.)
++;; WHEN: Sun Feb 1 11:27:14 2004
++;; MSG SIZE rcvd: 436
++
+diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf
+--- bind-9.3.1.orig/conf/named.conf 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/named.conf 2005-07-10 22:33:46.000000000 +0200
+@@ -0,0 +1,49 @@
++// This is the primary configuration file for the BIND DNS server named.
++//
++// If you are just adding zones, please do that in /etc/bind/named.conf.local
++
++include "/etc/bind/named.conf.options";
++
++// prime the server with knowledge of the root servers
++zone "." {
++ type hint;
++ file "/etc/bind/db.root";
++};
++
++// be authoritative for the localhost forward and reverse zones, and for
++// broadcast zones as per RFC 1912
++
++zone "localhost" {
++ type master;
++ file "/etc/bind/db.local";
++};
++
++zone "127.in-addr.arpa" {
++ type master;
++ file "/etc/bind/db.127";
++};
++
++zone "0.in-addr.arpa" {
++ type master;
++ file "/etc/bind/db.0";
++};
++
++zone "255.in-addr.arpa" {
++ type master;
++ file "/etc/bind/db.255";
++};
++
++// zone "com" { type delegation-only; };
++// zone "net" { type delegation-only; };
++
++// From the release notes:
++// Because many of our users are uncomfortable receiving undelegated answers
++// from root or top level domains, other than a few for whom that behaviour
++// has been trusted and expected for quite some length of time, we have now
++// introduced the "root-delegations-only" feature which applies delegation-only
++// logic to all top level domains, and to the root domain. An exception list
++// should be specified, including "MUSEUM" and "DE", and any other top level
++// domains from whom undelegated responses are expected and trusted.
++// root-delegation-only exclude { "DE"; "MUSEUM"; };
++
++include "/etc/bind/named.conf.local";
+diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local
+--- bind-9.3.1.orig/conf/named.conf.local 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/named.conf.local 2005-07-10 22:14:06.000000000 +0200
+@@ -0,0 +1,8 @@
++//
++// Do any local configuration here
++//
++
++// Consider adding the 1918 zones here, if they are not used in your
++// organization
++//include "/etc/bind/zones.rfc1918";
++
+diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options
+--- bind-9.3.1.orig/conf/named.conf.options 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/named.conf.options 2005-07-10 22:14:06.000000000 +0200
+@@ -0,0 +1,24 @@
++options {
++ directory "/var/cache/bind";
++
++ // If there is a firewall between you and nameservers you want
++ // to talk to, you might need to uncomment the query-source
++ // directive below. Previous versions of BIND always asked
++ // questions using port 53, but BIND 8.1 and later use an unprivileged
++ // port by default.
++
++ // query-source address * port 53;
++
++ // If your ISP provided one or more IP addresses for stable
++ // nameservers, you probably want to use them as forwarders.
++ // Uncomment the following block, and insert the addresses replacing
++ // the all-0's placeholder.
++
++ // forwarders {
++ // 0.0.0.0;
++ // };
++
++ auth-nxdomain no; # conform to RFC1035
++
++};
++
+diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918
+--- bind-9.3.1.orig/conf/zones.rfc1918 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/conf/zones.rfc1918 2005-07-10 22:14:10.000000000 +0200
+@@ -0,0 +1,20 @@
++zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++
++zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
++
++zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d
+--- bind-9.3.1.orig/init.d 1970-01-01 01:00:00.000000000 +0100
++++ bind-9.3.1/init.d 2005-07-10 23:09:58.000000000 +0200
+@@ -0,0 +1,70 @@
++#!/bin/sh
++
++PATH=/sbin:/bin:/usr/sbin:/usr/bin
++
++# for a chrooted server: "-u bind -t /var/lib/named"
++# Don't modify this line, change or create /etc/default/bind9.
++OPTIONS=""
++
++test -f /etc/default/bind9 && . /etc/default/bind9
++
++test -x /usr/sbin/rndc || exit 0
++
++case "$1" in
++ start)
++ echo -n "Starting domain name service: named"
++
++ modprobe capability >/dev/null 2>&1 || true
++ if [ ! -f /etc/bind/rndc.key ]; then
++ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
++ chmod 0640 /etc/bind/rndc.key
++ fi
++ if [ -f /var/run/named/named.pid ]; then
++ ps `cat /var/run/named/named.pid` > /dev/null && exit 1
++ fi
++
++ # dirs under /var/run can go away on reboots.
++ mkdir -p /var/run/named
++ mkdir -p /var/cache/bind
++ chmod 775 /var/run/named
++ chown root:bind /var/run/named >/dev/null 2>&1 || true
++
++ if [ ! -x /usr/sbin/named ]; then
++ echo "named binary missing - not starting"
++ exit 1
++ fi
++ if start-stop-daemon --start --quiet --exec /usr/sbin/named \
++ --pidfile /var/run/named/named.pid -- $OPTIONS; then
++ if [ -x /sbin/resolvconf ] ; then
++ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo
++ fi
++ fi
++ echo "."
++ ;;
++
++ stop)
++ echo -n "Stopping domain name service: named"
++ if [ -x /sbin/resolvconf ]; then
++ /sbin/resolvconf -d lo
++ fi
++ /usr/sbin/rndc stop >/dev/null 2>&1
++ echo "."
++ ;;
++
++ reload)
++ /usr/sbin/rndc reload
++ ;;
++
++ restart|force-reload)
++ $0 stop
++ sleep 2
++ $0 start
++ ;;
++
++ *)
++ echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
++ exit 1
++ ;;
++esac
++
++exit 0
diff --git a/poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
new file mode 100644
index 000000000..b02ecb106
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Pending
+
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+Index: bind-9.9.5/bin/Makefile.in
+===================================================================
+--- bind-9.9.5.orig/bin/Makefile.in
++++ bind-9.9.5/bin/Makefile.in
+@@ -19,7 +19,7 @@ srcdir = @srcdir@
+ VPATH = @srcdir@
+ top_srcdir = @top_srcdir@
+
+-SUBDIRS = named rndc dig delv dnssec tools tests nsupdate \
++SUBDIRS = named rndc dig delv dnssec tools nsupdate \
+ check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
+ TARGETS =
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
new file mode 100644
index 000000000..ef915c0ae
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if [ ! -s /etc/bind/rndc.key ]; then
+ echo -n "Generating /etc/bind/rndc.key:"
+ /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+ chown root:bind /etc/bind/rndc.key
+ chmod 0640 /etc/bind/rndc.key
+fi
diff --git a/poky/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch b/poky/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch
new file mode 100644
index 000000000..11db95ede
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch
@@ -0,0 +1,65 @@
+Subject: init.d: add support for read-only rootfs
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ init.d | 40 ++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 40 insertions(+)
+
+diff --git a/init.d b/init.d
+index 0111ed4..24677c8 100644
+--- a/init.d
++++ b/init.d
+@@ -6,8 +6,48 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ # Don't modify this line, change or create /etc/default/bind9.
+ OPTIONS=""
+
++test -f /etc/default/rcS && . /etc/default/rcS
+ test -f /etc/default/bind9 && . /etc/default/bind9
+
++# This function is here because it's possible that /var and / are on different partitions.
++is_on_read_only_partition () {
++ DIRECTORY=$1
++ dir=`readlink -f $DIRECTORY`
++ while true; do
++ if [ ! -d "$dir" ]; then
++ echo "ERROR: $dir is not a directory"
++ exit 1
++ else
++ for flag in `awk -v dir=$dir '{ if ($2 == dir) { print "FOUND"; split($4,FLAGS,",") } }; \
++ END { for (f in FLAGS) print FLAGS[f] }' < /proc/mounts`; do
++ [ "$flag" = "FOUND" ] && partition="read-write"
++ [ "$flag" = "ro" ] && { partition="read-only"; break; }
++ done
++ if [ "$dir" = "/" -o -n "$partition" ]; then
++ break
++ else
++ dir=`dirname $dir`
++ fi
++ fi
++ done
++ [ "$partition" = "read-only" ] && echo "yes" || echo "no"
++}
++
++bind_mount () {
++ olddir=$1
++ newdir=$2
++ mkdir -p $olddir
++ cp -a $newdir/* $olddir
++ mount --bind $olddir $newdir
++}
++
++# Deal with read-only rootfs
++if [ "$ROOTFS_READ_ONLY" = "yes" ]; then
++ [ "$VERBOSE" != "no" ] && echo "WARN: start bind service in read-only rootfs"
++ [ `is_on_read_only_partition /etc/bind` = "yes" ] && bind_mount /var/volatile/bind/etc /etc/bind
++ [ `is_on_read_only_partition /var/named` = "yes" ] && bind_mount /var/volatile/bind/named /var/named
++fi
++
+ test -x /usr/sbin/rndc || exit 0
+
+ case "$1" in
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch b/poky/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
new file mode 100644
index 000000000..146f3e35d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
@@ -0,0 +1,42 @@
+bind: make "/etc/init.d/bind stop" work
+
+Upstream-Status: Inappropriate [configuration]
+
+Add some configurations, make rndc command be able to controls
+the named daemon.
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ conf/named.conf | 5 +++++
+ conf/rndc.conf | 5 +++++
+ 2 files changed, 10 insertions(+), 0 deletions(-)
+ create mode 100644 conf/rndc.conf
+
+diff --git a/conf/named.conf b/conf/named.conf
+index 95829cf..c8899e7 100644
+--- a/conf/named.conf
++++ b/conf/named.conf
+@@ -47,3 +47,8 @@ zone "255.in-addr.arpa" {
+ // root-delegation-only exclude { "DE"; "MUSEUM"; };
+
+ include "/etc/bind/named.conf.local";
++include "/etc/bind/rndc.key" ;
++controls {
++ inet 127.0.0.1 allow { localhost; }
++ keys { rndc-key; };
++};
+diff --git a/conf/rndc.conf b/conf/rndc.conf
+new file mode 100644
+index 0000000..a0b481d
+--- /dev/null
++++ b/conf/rndc.conf
+@@ -0,0 +1,5 @@
++include "/etc/bind/rndc.key";
++options {
++ default-server localhost;
++ default-key rndc-key;
++};
+
+--
+1.7.5.4
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/named.service b/poky/meta/recipes-connectivity/bind/bind/named.service
new file mode 100644
index 000000000..cda56ef01
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/named.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Berkeley Internet Name Domain (DNS)
+Wants=nss-lookup.target
+Before=nss-lookup.target
+After=network.target
+
+[Service]
+Type=forking
+EnvironmentFile=-/etc/default/bind9
+PIDFile=/run/named/named.pid
+
+ExecStartPre=@SBINDIR@/generate-rndc-key.sh
+ExecStart=@SBINDIR@/named $OPTIONS
+
+ExecReload=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc reload > /dev/null 2>&1 || @BASE_BINDIR@/kill -HUP $MAINPID'
+
+ExecStop=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc stop > /dev/null 2>&1 || @BASE_BINDIR@/kill -TERM $MAINPID'
+
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch b/poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch
new file mode 100644
index 000000000..9829f1588
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch
@@ -0,0 +1,36 @@
+Use python3 rather default python which maybe links to python2 for oe. And add
+option for setup.py to install files to right directory.
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+diff --git a/bin/python/Makefile.in b/bin/python/Makefile.in
+index a43a3c1..2e727f2 100644
+--- a/bin/python/Makefile.in
++++ b/bin/python/Makefile.in
+@@ -55,9 +55,9 @@ install:: ${TARGETS} installdirs
+ ${INSTALL_DATA} ${srcdir}/dnssec-coverage.8 ${DESTDIR}${mandir}/man8
+ if test -n "${PYTHON}" ; then \
+ if test -n "${DESTDIR}" ; then \
+- ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} ; \
++ ${PYTHON} ${srcdir}/setup.py install --root=${DESTDIR} --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \
+ else \
+- ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} ; \
++ ${PYTHON} ${srcdir}/setup.py install --prefix=${prefix} --install-lib=${PYTHON_SITEPACKAGES_DIR} ; \
+ fi \
+ fi
+
+diff --git a/configure.in b/configure.in
+index 314bb90..867923e 100644
+--- a/configure.in
++++ b/configure.in
+@@ -227,7 +227,7 @@ AC_ARG_WITH(python,
+ [ --with-python=PATH specify path to python interpreter],
+ use_python="$withval", use_python="unspec")
+
+-python="python python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7"
++python="python3 python3.5 python3.4 python3.3 python3.2 python2 python2.7"
+
+ testargparse='try: import argparse
+ except: exit(1)'
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.10.6.bb b/poky/meta/recipes-connectivity/bind/bind_9.10.6.bb
new file mode 100644
index 000000000..8b8835ba8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind_9.10.6.bb
@@ -0,0 +1,123 @@
+SUMMARY = "ISC Internet Domain Name Server"
+HOMEPAGE = "http://www.isc.org/sw/bind/"
+SECTION = "console/network"
+
+LICENSE = "ISC & BSD"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=dba46507446198119bcde32a4feaab43"
+
+DEPENDS = "openssl libcap"
+
+SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
+ file://conf.patch \
+ file://make-etc-initd-bind-stop-work.patch \
+ file://dont-test-on-host.patch \
+ file://generate-rndc-key.sh \
+ file://named.service \
+ file://bind9 \
+ file://init.d-add-support-for-read-only-rootfs.patch \
+ file://bind-confgen-build-unix.o-once.patch \
+ file://0001-build-use-pkg-config-to-find-libxml2.patch \
+ file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
+ file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \
+ file://0001-lib-dns-gen.c-fix-too-long-error.patch \
+ file://use-python3-and-fix-install-lib-path.patch \
+ "
+
+SRC_URI[md5sum] = "84e663284b17aee0df1ce6f248b137d7"
+SRC_URI[sha256sum] = "17bbcd2bd7b1d32f5ba4b30d5dbe8a39bce200079048073d1e0d050fdf47e69d"
+
+UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
+UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/"
+
+
+ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}"
+EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \
+ --disable-devpoll --enable-epoll --with-gost=no \
+ --with-gssapi=no --with-ecdsa=yes \
+ --sysconfdir=${sysconfdir}/bind \
+ --with-openssl=${STAGING_LIBDIR}/.. \
+ "
+
+inherit autotools update-rc.d systemd useradd pkgconfig python3-dir
+
+export PYTHON_SITEPACKAGES_DIR
+
+# PACKAGECONFIGs readline and libedit should NOT be set at same time
+PACKAGECONFIG ?= "readline"
+PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2"
+PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
+PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
+PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,,"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
+ --user-group bind"
+
+INITSCRIPT_NAME = "bind"
+INITSCRIPT_PARAMS = "defaults"
+
+SYSTEMD_SERVICE_${PN} = "named.service"
+
+PARALLEL_MAKE = ""
+
+RDEPENDS_${PN} = "python3-core"
+RDEPENDS_${PN}-dev = ""
+
+PACKAGE_BEFORE_PN += "${PN}-utils"
+FILES_${PN}-utils = "${bindir}/host ${bindir}/dig"
+FILES_${PN}-dev += "${bindir}/isc-config.h"
+FILES_${PN} += "${sbindir}/generate-rndc-key.sh ${PYTHON_SITEPACKAGES_DIR}"
+
+PACKAGE_BEFORE_PN += "${PN}-libs"
+FILES_${PN}-libs = "${libdir}/*.so*"
+
+do_install_prepend() {
+ # clean host path in isc-config.sh before the hardlink created
+ # by "make install":
+ # bind9-config -> isc-config.sh
+ sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh
+}
+
+do_install_append() {
+ rm "${D}${bindir}/nslookup"
+ rm "${D}${mandir}/man1/nslookup.1"
+ rmdir "${D}${localstatedir}/run"
+ rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+ install -d -o bind "${D}${localstatedir}/cache/bind"
+ install -d "${D}${sysconfdir}/bind"
+ install -d "${D}${sysconfdir}/init.d"
+ install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
+ install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
+ sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds
+
+ # Install systemd related files
+ install -d ${D}${sbindir}
+ install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system
+ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+ -e 's,@SBINDIR@,${sbindir},g' \
+ ${D}${systemd_unitdir}/system/named.service
+
+ install -d ${D}${sysconfdir}/default
+ install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
+
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${sysconfdir}/tmpfiles.d
+ echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
+ fi
+
+ rm -f ${D}${PYTHON_SITEPACKAGES_DIR}/isc/*.pyc
+}
+
+CONFFILES_${PN} = " \
+ ${sysconfdir}/bind/named.conf \
+ ${sysconfdir}/bind/named.conf.local \
+ ${sysconfdir}/bind/named.conf.options \
+ ${sysconfdir}/bind/db.0 \
+ ${sysconfdir}/bind/db.127 \
+ ${sysconfdir}/bind/db.empty \
+ ${sysconfdir}/bind/db.local \
+ ${sysconfdir}/bind/db.root \
+ "
+
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
new file mode 100644
index 000000000..ae2a833c0
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -0,0 +1,146 @@
+SUMMARY = "Linux Bluetooth Stack Userland V5"
+DESCRIPTION = "Linux Bluetooth stack V5 userland components. These include a system configurations, daemons, tools and system libraries."
+HOMEPAGE = "http://www.bluez.org"
+SECTION = "libs"
+LICENSE = "GPLv2+ & LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
+ file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
+ file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e"
+DEPENDS = "udev dbus-glib glib-2.0"
+PROVIDES += "bluez-hcidump"
+RPROVIDES_${PN} += "bluez-hcidump"
+
+RCONFLICTS_${PN} = "bluez4"
+
+PACKAGECONFIG ??= "obex-profiles \
+ readline \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+ a2dp-profiles \
+ avrcp-profiles \
+ network-profiles \
+ hid-profiles \
+ hog-profiles \
+ tools \
+ deprecated \
+"
+PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical"
+PACKAGECONFIG[readline] = "--enable-client,--disable-client,readline,"
+PACKAGECONFIG[testing] = "--enable-testing,--disable-testing"
+PACKAGECONFIG[midi] = "--enable-midi,--disable-midi,alsa-lib"
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd"
+PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,,cups"
+PACKAGECONFIG[nfc] = "--enable-nfc,--disable-nfc"
+PACKAGECONFIG[sap-profiles] = "--enable-sap,--disable-sap"
+PACKAGECONFIG[a2dp-profiles] = "--enable-a2dp,--disable-a2dp"
+PACKAGECONFIG[avrcp-profiles] = "--enable-avrcp,--disable-avrcp"
+PACKAGECONFIG[network-profiles] = "--enable-network,--disable-network"
+PACKAGECONFIG[hid-profiles] = "--enable-hid,--disable-hid"
+PACKAGECONFIG[hog-profiles] = "--enable-hog,--disable-hog"
+PACKAGECONFIG[health-profiles] = "--enable-health,--disable-health"
+PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
+PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
+PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
+PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
+PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c"
+
+SRC_URI = "\
+ ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
+ file://out-of-tree.patch \
+ file://init \
+ file://run-ptest \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
+ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
+"
+S = "${WORKDIR}/bluez-${PV}"
+
+CVE_PRODUCT = "bluez"
+
+inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest gobject-introspection-data
+
+EXTRA_OECONF = "\
+ --enable-test \
+ --enable-datafiles \
+ --enable-library \
+"
+
+# bluez5 builds a large number of useful utilities but does not
+# install them. Specify which ones we want put into ${PN}-noinst-tools.
+NOINST_TOOLS_READLINE ??= ""
+NOINST_TOOLS_TESTING ??= ""
+NOINST_TOOLS_BT ??= ""
+NOINST_TOOLS = " \
+ ${@bb.utils.contains('PACKAGECONFIG', 'readline', '${NOINST_TOOLS_READLINE}', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'testing', '${NOINST_TOOLS_TESTING}', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \
+"
+
+do_install_append() {
+ install -d ${D}${INIT_D_DIR}
+ install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth
+
+ install -d ${D}${sysconfdir}/bluetooth/
+ if [ -f ${S}/profiles/network/network.conf ]; then
+ install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/
+ fi
+ if [ -f ${S}/profiles/input/input.conf ]; then
+ install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
+ fi
+
+ if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then
+ sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth
+ fi
+
+ # Install desired tools that upstream leaves in build area
+ for f in ${NOINST_TOOLS} ; do
+ install -m 755 ${B}/$f ${D}/${bindir}
+ done
+
+ # Patch python tools to use Python 3; they should be source compatible, but
+ # still refer to Python 2 in the shebang
+ sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/bluez/test/*
+}
+
+PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools"
+
+FILES_${PN} += " \
+ ${libdir}/bluetooth/plugins/*.so \
+ ${systemd_unitdir}/ ${datadir}/dbus-1 \
+ ${libdir}/cups \
+"
+FILES_${PN}-dev += " \
+ ${libdir}/bluetooth/plugins/*.la \
+"
+
+FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \
+ ${exec_prefix}/lib/systemd/user/obex.service \
+ ${datadir}/dbus-1/services/org.bluez.obex.service \
+ "
+SYSTEMD_SERVICE_${PN}-obex = "obex.service"
+
+FILES_${PN}-testtools = "${libdir}/bluez/test/*"
+
+def get_noinst_tools_paths (d, bb, tools):
+ s = list()
+ bindir = d.getVar("bindir")
+ for bdp in tools.split():
+ f = os.path.basename(bdp)
+ s.append("%s/%s" % (bindir, f))
+ return "\n".join(s)
+
+FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}"
+
+RDEPENDS_${PN}-testtools += "python3 python3-dbus"
+RDEPENDS_${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
+
+SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}"
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME_${PN} = "bluetooth"
+
+do_compile_ptest() {
+ oe_runmake buildtests
+}
+
+do_install_ptest() {
+ cp -r ${B}/unit/ ${D}${PTEST_PATH}
+ rm -f ${D}${PTEST_PATH}/unit/*.o
+}
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
new file mode 100644
index 000000000..2fde7bc06
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
@@ -0,0 +1,63 @@
+From: Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org>
+Date: Sat, 12 Oct 2013 17:45:25 +0200
+Subject: [PATCH] Allow using obexd without systemd in the user session
+
+Not all sessions run systemd --user (actually, the majority
+doesn't), so the dbus daemon must be able to spawn obexd
+directly, and to do so it needs the full path of the daemon.
+
+Upstream-Status: Denied
+
+Not accepted by upstream maintainer for being a distro specific
+configuration. See thread:
+
+http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843
+
+Signed-off-by: Javier Viguera <javier.viguera@digi.com>
+---
+ Makefile.obexd | 4 ++--
+ obexd/src/org.bluez.obex.service | 4 ----
+ obexd/src/org.bluez.obex.service.in | 4 ++++
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+ delete mode 100644 obexd/src/org.bluez.obex.service
+ create mode 100644 obexd/src/org.bluez.obex.service.in
+
+diff --git a/Makefile.obexd b/Makefile.obexd
+index 2e33cbc72f2b..d5d858c857b4 100644
+--- a/Makefile.obexd
++++ b/Makefile.obexd
+@@ -2,12 +2,12 @@
+ if SYSTEMD
+ systemduserunitdir = @SYSTEMD_USERUNITDIR@
+ systemduserunit_DATA = obexd/src/obex.service
++endif
+
+ dbussessionbusdir = @DBUS_SESSIONBUSDIR@
+ dbussessionbus_DATA = obexd/src/org.bluez.obex.service
+-endif
+
+-EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service
++EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service.in
+
+ obex_plugindir = $(libdir)/obex/plugins
+
+diff --git a/obexd/src/org.bluez.obex.service b/obexd/src/org.bluez.obex.service
+deleted file mode 100644
+index a53808884554..000000000000
+--- a/obexd/src/org.bluez.obex.service
++++ /dev/null
+@@ -1,4 +0,0 @@
+-[D-BUS Service]
+-Name=org.bluez.obex
+-Exec=/bin/false
+-SystemdService=dbus-org.bluez.obex.service
+diff --git a/obexd/src/org.bluez.obex.service.in b/obexd/src/org.bluez.obex.service.in
+new file mode 100644
+index 000000000000..9c815f246b77
+--- /dev/null
++++ b/obexd/src/org.bluez.obex.service.in
+@@ -0,0 +1,4 @@
++[D-BUS Service]
++Name=org.bluez.obex
++Exec=@libexecdir@/obexd
++SystemdService=dbus-org.bluez.obex.service
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
new file mode 100644
index 000000000..24ddae6b6
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
@@ -0,0 +1,28 @@
+From 4bdf0f96dcaa945fd29f26d56e5b36d8c23e4c8b Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Fri, 1 Apr 2016 17:07:34 +0300
+Subject: [PATCH] tests: add a target for building tests without running them
+
+Upstream-Status: Inappropriate [oe specific]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ Makefile.am | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index 1a48a71..ba3b92f 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -425,6 +425,9 @@ endif
+ TESTS = $(unit_tests)
+ AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69
+
++# This allows building tests without running them
++buildtests: $(TESTS)
++
+ if DBUS_RUN_SESSION
+ AM_TESTS_ENVIRONMENT += dbus-run-session --
+ endif
+--
+2.8.0.rc3
+
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/init b/poky/meta/recipes-connectivity/bluez5/bluez5/init
new file mode 100644
index 000000000..d7972f2d9
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/init
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DESC=bluetooth
+
+DAEMON=@LIBEXECDIR@/bluetooth/bluetoothd
+
+# If you want to be ignore error of "org.freedesktop.hostname1",
+# please enable NOPLUGIN_OPTION.
+# NOPLUGIN_OPTION="--noplugin=hostname"
+NOPLUGIN_OPTION=""
+SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- $NOPLUGIN_OPTION"
+
+test -f $DAEMON || exit 0
+
+# FIXME: any of the sourced files may fail if/with syntax errors
+test -f /etc/default/bluetooth && . /etc/default/bluetooth
+test -f /etc/default/rcS && . /etc/default/rcS
+
+set -e
+
+case $1 in
+ start)
+ echo -n "Starting $DESC: "
+ if test "$BLUETOOTH_ENABLED" = 0; then
+ echo "disabled (see /etc/default/bluetooth)."
+ exit 0
+ fi
+ start-stop-daemon --start --background $SSD_OPTIONS
+ echo "${DAEMON##*/}."
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ if test "$BLUETOOTH_ENABLED" = 0; then
+ echo "disabled (see /etc/default/bluetooth)."
+ exit 0
+ fi
+ start-stop-daemon --stop $SSD_OPTIONS
+ echo "${DAEMON##*/}."
+ ;;
+ restart|force-reload)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ status)
+ pidof ${DAEMON} >/dev/null
+ status=$?
+ if [ $status -eq 0 ]; then
+ echo "bluetooth is running."
+ else
+ echo "bluetooth is not running"
+ fi
+ exit $status
+ ;;
+ *)
+ N=/etc/init.d/bluetooth
+ echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# vim:noet
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
new file mode 100644
index 000000000..3ee79d704
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
@@ -0,0 +1,26 @@
+From ed55b49a226ca3909f52416be2ae5ce1c5ca2cb2 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Fri, 22 Apr 2016 15:40:37 +0100
+Subject: [PATCH] Makefile.obexd: add missing mkdir in builtin.h generation
+
+In parallel out-of-tree builds it's possible that obexd/src/builtin.h is
+generated before the target directory has been implicitly created. Solve this by
+creating the directory before writing into it.
+
+Upstream-Status: Submitted
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+---
+ Makefile.obexd | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.obexd b/Makefile.obexd
+index 2e33cbc..c8286f0 100644
+--- a/Makefile.obexd
++++ b/Makefile.obexd
+@@ -105,2 +105,3 @@ obexd/src/plugin.$(OBJEXT): obexd/src/builtin.h
+ obexd/src/builtin.h: obexd/src/genbuiltin $(obexd_builtin_sources)
++ $(AM_V_at)$(MKDIR_P) $(dir $@)
+ $(AM_V_GEN)$(srcdir)/obexd/src/genbuiltin $(obexd_builtin_modules) > $@
+--
+2.8.0.rc3
+
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest
new file mode 100644
index 000000000..21df00c32
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/run-ptest
@@ -0,0 +1,31 @@
+#! /bin/sh
+
+cd unit
+
+failed=0
+all=0
+
+for f in test-*; do
+ "./$f"
+ case "$?" in
+ 0)
+ echo "PASS: $f"
+ all=$((all + 1))
+ ;;
+ 77)
+ echo "SKIP: $f"
+ ;;
+ *)
+ echo "FAIL: $f"
+ failed=$((failed + 1))
+ all=$((all + 1))
+ ;;
+ esac
+done
+
+if [ "$failed" -eq 0 ] ; then
+ echo "All $all tests passed"
+else
+ echo "$failed of $all tests failed"
+fi
+
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5_5.48.bb b/poky/meta/recipes-connectivity/bluez5/bluez5_5.48.bb
new file mode 100644
index 000000000..84a6cd22d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5_5.48.bb
@@ -0,0 +1,69 @@
+require bluez5.inc
+
+REQUIRED_DISTRO_FEATURES = "bluez5"
+
+SRC_URI[md5sum] = "c9c853f3c90564cabec75ab35106c355"
+SRC_URI[sha256sum] = "b9a8723072ef66bae7ec301c774902ebcb444c9c5b149b5a199e60a1ba970e90"
+
+# noinst programs in Makefile.tools that are conditional on READLINE
+# support
+NOINST_TOOLS_READLINE ?= " \
+ ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \
+ tools/obex-client-tool \
+ tools/obex-server-tool \
+ tools/bluetooth-player \
+ tools/obexctl \
+ tools/btmgmt \
+"
+
+# noinst programs in Makefile.tools that are conditional on TESTING
+# support
+NOINST_TOOLS_TESTING ?= " \
+ emulator/btvirt \
+ emulator/b1ee \
+ emulator/hfp \
+ peripheral/btsensor \
+ tools/3dsp \
+ tools/mgmt-tester \
+ tools/gap-tester \
+ tools/l2cap-tester \
+ tools/sco-tester \
+ tools/smp-tester \
+ tools/hci-tester \
+ tools/rfcomm-tester \
+ tools/bnep-tester \
+ tools/userchan-tester \
+"
+
+# noinst programs in Makefile.tools that are conditional on TOOLS
+# support
+NOINST_TOOLS_BT ?= " \
+ tools/bdaddr \
+ tools/avinfo \
+ tools/avtest \
+ tools/scotest \
+ tools/amptest \
+ tools/hwdb \
+ tools/hcieventmask \
+ tools/hcisecfilter \
+ tools/btinfo \
+ tools/btsnoop \
+ tools/btproxy \
+ tools/btiotest \
+ tools/bneptest \
+ tools/mcaptest \
+ tools/cltest \
+ tools/oobtest \
+ tools/advtest \
+ tools/seq2bseq \
+ tools/nokfw \
+ tools/create-image \
+ tools/eddystone \
+ tools/ibeacon \
+ tools/btgatt-client \
+ tools/btgatt-server \
+ tools/test-runner \
+ tools/check-selftest \
+ tools/gatt-service \
+ profiles/iap/iapd \
+"
diff --git a/poky/meta/recipes-connectivity/connman/connman-conf.bb b/poky/meta/recipes-connectivity/connman/connman-conf.bb
new file mode 100644
index 000000000..9a519ec86
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-conf.bb
@@ -0,0 +1,36 @@
+SUMMARY = "Connman config to setup wired interface on qemu machines"
+DESCRIPTION = "This is the ConnMan configuration to set up a Wired \
+network interface for a qemu machine."
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+
+inherit systemd
+
+SRC_URI_append_qemuall = " file://wired.config \
+ file://wired-setup \
+ file://wired-connection.service \
+"
+PR = "r2"
+
+S = "${WORKDIR}"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+FILES_${PN} = "${localstatedir}/* ${datadir}/*"
+
+do_install() {
+ #Configure Wired network interface in case of qemu* machines
+ if test -e ${WORKDIR}/wired.config &&
+ test -e ${WORKDIR}/wired-setup &&
+ test -e ${WORKDIR}/wired-connection.service; then
+ install -d ${D}${localstatedir}/lib/connman
+ install -m 0644 ${WORKDIR}/wired.config ${D}${localstatedir}/lib/connman
+ install -d ${D}${datadir}/connman
+ install -m 0755 ${WORKDIR}/wired-setup ${D}${datadir}/connman
+ install -d ${D}${systemd_system_unitdir}
+ install -m 0644 ${WORKDIR}/wired-connection.service ${D}${systemd_system_unitdir}
+ sed -i -e 's|@SCRIPTDIR@|${datadir}/connman|g' ${D}${systemd_system_unitdir}/wired-connection.service
+ fi
+}
+
+SYSTEMD_SERVICE_${PN}_qemuall = "wired-connection.service"
diff --git a/poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service b/poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service
new file mode 100644
index 000000000..48adfc08a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Setup a wired interface
+Before=connman.service
+
+[Service]
+Type=oneshot
+ExecStart=@SCRIPTDIR@/wired-setup
+
+[Install]
+WantedBy=network.target
diff --git a/poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup b/poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup
new file mode 100644
index 000000000..c46899ef3
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+CONFIGF=/var/lib/connman/wired.config
+
+# Extract wired network config from /proc/cmdline
+NET_CONF=`cat /proc/cmdline |sed -ne 's/^.*ip=\([^ ]*\):\([^ ]*\):\([^ ]*\):\([^ ]*\).*$/\1\/\4\/\3/p'`
+
+# Check if eth0 is already set via kernel cmdline
+if [ "x$NET_CONF" = "x" ]; then
+ # Wired interface is not configured via kernel cmdline
+ # Remove connman config file template
+ rm -f ${CONFIGF}
+else
+ # Setup a connman config accordingly
+ sed -i -e "s|^IPv4 =.*|IPv4 = ${NET_CONF}|" ${CONFIGF}
+fi
diff --git a/poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config b/poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config
new file mode 100644
index 000000000..42998ce89
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config
@@ -0,0 +1,9 @@
+[global]
+Name = Wired
+Description = Wired network configuration
+
+[service_ethernet]
+Type = ethernet
+IPv4 =
+MAC = 52:54:00:12:34:56
+Nameservers = 8.8.8.8
diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch b/poky/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch
new file mode 100644
index 000000000..c93e9b465
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch
@@ -0,0 +1,277 @@
+From a59b0fac02e74a971ac3f08bf28c17ce361a9526 Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Wed, 2 Mar 2016 15:47:49 +0200
+Subject: [PATCH] Port to Gtk3
+
+Some unused (or not useful) code was removed, functionality should stay
+the same.
+
+Code still contains quite a few uses of deprecated API.
+
+Upstream-Status: Submitted
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+---
+ applet/agent.c | 3 +--
+ applet/main.c | 43 -------------------------------------------
+ applet/status.c | 8 --------
+ configure.ac | 3 +--
+ properties/ethernet.c | 14 +++++++-------
+ properties/main.c | 2 +-
+ properties/wifi.c | 12 ++++++------
+ 7 files changed, 16 insertions(+), 69 deletions(-)
+
+diff --git a/applet/agent.c b/applet/agent.c
+index 65bed08..04fe86a 100644
+--- a/applet/agent.c
++++ b/applet/agent.c
+@@ -126,7 +126,6 @@ static void request_input_dialog(GHashTable *request,
+ gtk_window_set_position(GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+ gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+ gtk_window_set_urgency_hint(GTK_WINDOW(dialog), TRUE);
+- gtk_dialog_set_has_separator(GTK_DIALOG(dialog), FALSE);
+ input->dialog = dialog;
+
+ gtk_dialog_add_button(GTK_DIALOG(dialog),
+@@ -139,7 +138,7 @@ static void request_input_dialog(GHashTable *request,
+ gtk_table_set_row_spacings(GTK_TABLE(table), 4);
+ gtk_table_set_col_spacings(GTK_TABLE(table), 20);
+ gtk_container_set_border_width(GTK_CONTAINER(table), 12);
+- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table);
++ gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area (GTK_DIALOG(dialog))), table);
+
+ label = gtk_label_new(_("Please provide some network information:"));
+ gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0);
+diff --git a/applet/main.c b/applet/main.c
+index f12d371..cd16285 100644
+--- a/applet/main.c
++++ b/applet/main.c
+@@ -157,46 +157,6 @@ static void name_owner_changed(DBusGProxy *proxy, const char *name,
+ }
+ }
+
+-static void open_uri(GtkWindow *parent, const char *uri)
+-{
+- GtkWidget *dialog;
+- GdkScreen *screen;
+- GError *error = NULL;
+- gchar *cmdline;
+-
+- screen = gtk_window_get_screen(parent);
+-
+- cmdline = g_strconcat("xdg-open ", uri, NULL);
+-
+- if (gdk_spawn_command_line_on_screen(screen,
+- cmdline, &error) == FALSE) {
+- dialog = gtk_message_dialog_new(parent,
+- GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR,
+- GTK_BUTTONS_CLOSE, "%s", error->message);
+- gtk_dialog_run(GTK_DIALOG(dialog));
+- gtk_widget_destroy(dialog);
+- g_error_free(error);
+- }
+-
+- g_free(cmdline);
+-}
+-
+-static void about_url_hook(GtkAboutDialog *dialog,
+- const gchar *url, gpointer data)
+-{
+- open_uri(GTK_WINDOW(dialog), url);
+-}
+-
+-static void about_email_hook(GtkAboutDialog *dialog,
+- const gchar *email, gpointer data)
+-{
+- gchar *uri;
+-
+- uri = g_strconcat("mailto:", email, NULL);
+- open_uri(GTK_WINDOW(dialog), uri);
+- g_free(uri);
+-}
+-
+ static void about_callback(GtkWidget *item, gpointer user_data)
+ {
+ const gchar *authors[] = {
+@@ -204,9 +164,6 @@ static void about_callback(GtkWidget *item, gpointer user_data)
+ NULL
+ };
+
+- gtk_about_dialog_set_url_hook(about_url_hook, NULL, NULL);
+- gtk_about_dialog_set_email_hook(about_email_hook, NULL, NULL);
+-
+ gtk_show_about_dialog(NULL, "version", VERSION,
+ "copyright", "Copyright \xc2\xa9 2008 Intel Corporation",
+ "comments", _("A connection manager for the GNOME desktop"),
+diff --git a/applet/status.c b/applet/status.c
+index aed6f1e..015ff29 100644
+--- a/applet/status.c
++++ b/applet/status.c
+@@ -102,8 +102,6 @@ static void icon_animation_start(IconAnimation *animation,
+ {
+ available = TRUE;
+
+- gtk_status_icon_set_tooltip(statusicon, NULL);
+-
+ animation->start = start;
+ animation->end = (end == 0) ? animation->count - 1 : end;
+
+@@ -120,8 +118,6 @@ static void icon_animation_stop(IconAnimation *animation)
+ {
+ available = TRUE;
+
+- gtk_status_icon_set_tooltip(statusicon, NULL);
+-
+ if (animation->id > 0)
+ g_source_remove(animation->id);
+
+@@ -251,8 +247,6 @@ void status_unavailable(void)
+ available = FALSE;
+
+ gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_notifier);
+- gtk_status_icon_set_tooltip(statusicon,
+- "Connection Manager daemon is not running");
+
+ gtk_status_icon_set_visible(statusicon, TRUE);
+ }
+@@ -299,7 +293,6 @@ static void set_ready(gint signal)
+
+ if (signal < 0) {
+ gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_wired);
+- gtk_status_icon_set_tooltip(statusicon, NULL);
+ return;
+ }
+
+@@ -311,7 +304,6 @@ static void set_ready(gint signal)
+ index = 4;
+
+ gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_signal[index]);
+- gtk_status_icon_set_tooltip(statusicon, NULL);
+ }
+
+ struct timeout_data {
+diff --git a/configure.ac b/configure.ac
+index b972e07..a4dad5d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -55,8 +55,7 @@ AC_SUBST(DBUS_LIBS)
+ DBUS_BINDING_TOOL="dbus-binding-tool"
+ AC_SUBST(DBUS_BINDING_TOOL)
+
+-PKG_CHECK_MODULES(GTK, gtk+-2.0 >= 2.8, dummy=yes,
+- AC_MSG_ERROR(gtk+ >= 2.8 is required))
++PKG_CHECK_MODULES(GTK, gtk+-3.0)
+ AC_SUBST(GTK_CFLAGS)
+ AC_SUBST(GTK_LIBS)
+
+diff --git a/properties/ethernet.c b/properties/ethernet.c
+index 31db7a0..0b6b423 100644
+--- a/properties/ethernet.c
++++ b/properties/ethernet.c
+@@ -82,7 +82,7 @@ void add_ethernet_switch_button(GtkWidget *mainbox, GtkTreeIter *iter,
+ gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
+ gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
+
+- table = gtk_table_new(1, 1, TRUE);
++ table = gtk_table_new(1, 1, FALSE);
+ gtk_table_set_row_spacings(GTK_TABLE(table), 10);
+ gtk_table_set_col_spacings(GTK_TABLE(table), 10);
+ gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
+@@ -136,7 +136,7 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d
+ gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
+ gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
+
+- table = gtk_table_new(5, 5, TRUE);
++ table = gtk_table_new(5, 5, FALSE);
+ gtk_table_set_row_spacings(GTK_TABLE(table), 10);
+ gtk_table_set_col_spacings(GTK_TABLE(table), 10);
+ gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
+@@ -144,9 +144,9 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d
+ label = gtk_label_new(_("Configuration:"));
+ gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 0, 1);
+
+- combo = gtk_combo_box_new_text();
+- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP");
+- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "MANUAL");
++ combo = gtk_combo_box_text_new();
++ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP");
++ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "MANUAL");
+ gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo),
+ separator_function, NULL, NULL);
+ gtk_table_attach_defaults(GTK_TABLE(table), combo, 2, 4, 0, 1);
+@@ -219,7 +219,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy)
+ case CONNMAN_POLICY_DHCP:
+ gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0);
+ for (i = 0; i < 3; i++) {
+- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0);
++ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0);
+ gtk_widget_set_sensitive(entry[i], 0);
+ gtk_entry_set_text(GTK_ENTRY(entry[i]), _(""));
+ }
+@@ -227,7 +227,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy)
+ case CONNMAN_POLICY_MANUAL:
+ gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1);
+ for (i = 0; i < 3; i++) {
+- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1);
++ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1);
+ gtk_widget_set_sensitive(entry[i], 1);
+ }
+ break;
+diff --git a/properties/main.c b/properties/main.c
+index c05f443..6f76361 100644
+--- a/properties/main.c
++++ b/properties/main.c
+@@ -429,7 +429,7 @@ static GtkWidget *create_interfaces(GtkWidget *window)
+
+ scrolled = gtk_scrolled_window_new(NULL, NULL);
+ gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolled),
+- GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC);
++ GTK_POLICY_NEVER, GTK_POLICY_AUTOMATIC);
+ gtk_scrolled_window_set_shadow_type(GTK_SCROLLED_WINDOW(scrolled),
+ GTK_SHADOW_OUT);
+ gtk_box_pack_start(GTK_BOX(hbox), scrolled, FALSE, TRUE, 0);
+diff --git a/properties/wifi.c b/properties/wifi.c
+index bd325ef..a5827e0 100644
+--- a/properties/wifi.c
++++ b/properties/wifi.c
+@@ -125,7 +125,7 @@ void add_wifi_switch_button(GtkWidget *mainbox, GtkTreeIter *iter,
+ gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
+ gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
+
+- table = gtk_table_new(1, 1, TRUE);
++ table = gtk_table_new(1, 1, FALSE);
+ gtk_table_set_row_spacings(GTK_TABLE(table), 10);
+ gtk_table_set_col_spacings(GTK_TABLE(table), 10);
+ gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
+@@ -185,9 +185,9 @@ static void wifi_ipconfig(GtkWidget *table, struct config_data *data, GtkTreeIte
+ gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 3, 4);
+ data->ipv4.label[0] = label;
+
+- combo = gtk_combo_box_new_text();
+- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP");
+- gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "Manual");
++ combo = gtk_combo_box_text_new();
++ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP");
++ gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "Manual");
+
+ gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo),
+ separator_function, NULL, NULL);
+@@ -335,14 +335,14 @@ void update_wifi_ipv4(struct config_data *data, guint policy)
+ case CONNMAN_POLICY_DHCP:
+ gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0);
+ for (i = 0; i < 3; i++) {
+- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0);
++ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0);
+ gtk_widget_set_sensitive(entry[i], 0);
+ }
+ break;
+ case CONNMAN_POLICY_MANUAL:
+ gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1);
+ for (i = 0; i < 3; i++) {
+- gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1);
++ gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1);
+ gtk_widget_set_sensitive(entry[i], 1);
+ }
+ break;
+--
+2.8.1
+
diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch b/poky/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch
new file mode 100644
index 000000000..7957500dc
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch
@@ -0,0 +1,35 @@
+From 5907a23ad2f49702960a33f9e2039552673eabc7 Mon Sep 17 00:00:00 2001
+From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
+Date: Mon, 17 Dec 2012 14:01:18 +0200
+Subject: [PATCH] Removed icon from connman-gnome "about" applet
+
+The connman-gnome "about" applet showed a picture that
+can not be displayed. There is no designated picture
+in connman-gnome to be used in the about section, so
+it was removed.
+
+[OE-Core #2509]
+
+Upstream-Status: Pending
+
+Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
+---
+ applet/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/applet/main.c b/applet/main.c
+index f12d371..c7b3c7f 100644
+--- a/applet/main.c
++++ b/applet/main.c
+@@ -212,7 +212,7 @@ static void about_callback(GtkWidget *item, gpointer user_data)
+ "comments", _("A connection manager for the GNOME desktop"),
+ "authors", authors,
+ "translator-credits", _("translator-credits"),
+- "logo-icon-name", "network-wireless", NULL);
++ NULL);
+ }
+
+ static void settings_callback(GtkWidget *item, gpointer user_data)
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch b/poky/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch
new file mode 100644
index 000000000..f4049fa3e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch
@@ -0,0 +1,187 @@
+connman-gnome: fix dbus interface name
+
+This patch resolves following error:
+
+"connman-dbus.xml": "connman" is not a valid D-Bus interface name
+
+https://502552.bugs.gentoo.org/attachment.cgi?id=380652
+
+Upstream-Status: Backport
+
+Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
+---
+ common/connman-client.c | 24 ++++++++++++------------
+ common/connman-client.h | 4 ++--
+ common/connman-dbus.c | 6 +++---
+ common/connman-dbus.xml | 2 +-
+ 4 files changed, 18 insertions(+), 18 deletions(-)
+
+diff --git a/common/connman-client.c b/common/connman-client.c
+index c55e25c..9d818b2 100644
+--- a/common/connman-client.c
++++ b/common/connman-client.c
+@@ -289,7 +289,7 @@ gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device,
+
+ g_value_init(&value, DBUS_TYPE_G_DICTIONARY);
+ g_value_set_boxed(&value, ipv4);
+- ret = connman_set_property(proxy, "IPv4.Configuration", &value, NULL);
++ ret = net_connman_set_property(proxy, "IPv4.Configuration", &value, NULL);
+
+ g_object_unref(proxy);
+
+@@ -317,7 +317,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device,
+ g_value_set_boolean(&value, powered);
+
+ error = NULL;
+- connman_set_property(proxy, "Powered", &value, &error);
++ net_connman_set_property(proxy, "Powered", &value, &error);
+ if( error )
+ fprintf (stderr, "error: %s\n", error->message);
+
+@@ -325,7 +325,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device,
+ }
+
+ void connman_client_scan(ConnmanClient *client, const gchar *device,
+- connman_scan_reply callback, gpointer user_data)
++ net_connman_scan_reply callback, gpointer user_data)
+ {
+ ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client);
+ DBusGProxy *proxy;
+@@ -339,7 +339,7 @@ void connman_client_scan(ConnmanClient *client, const gchar *device,
+ if (proxy == NULL)
+ return;
+
+- connman_scan_async(proxy, callback, user_data);
++ net_connman_scan_async(proxy, callback, user_data);
+
+ g_object_unref(proxy);
+ }
+@@ -353,7 +353,7 @@ gboolean connman_client_get_offline_status(ConnmanClient *client)
+
+ DBG("client %p", client);
+
+- ret = connman_get_properties(priv->manager, &hash, NULL);
++ ret = net_connman_get_properties(priv->manager, &hash, NULL);
+
+ if (ret == FALSE)
+ goto done;
+@@ -375,7 +375,7 @@ void connman_client_set_offlinemode(ConnmanClient *client, gboolean status)
+ g_value_init(&value, G_TYPE_BOOLEAN);
+ g_value_set_boolean(&value, status);
+
+- connman_set_property(priv->manager, "OfflineMode", &value, NULL);
++ net_connman_set_property(priv->manager, "OfflineMode", &value, NULL);
+ }
+
+ static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path,
+@@ -398,7 +398,7 @@ static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path,
+ return TRUE;
+
+ if (type == CONNMAN_TYPE_WIFI)
+- connman_disconnect(proxy, NULL);
++ net_connman_disconnect(proxy, NULL);
+
+ g_object_unref(proxy);
+
+@@ -422,13 +422,13 @@ void connman_client_connect(ConnmanClient *client, const gchar *network)
+ if (proxy == NULL)
+ return;
+
+- connman_connect(proxy, NULL);
++ net_connman_connect(proxy, NULL);
+
+ g_object_unref(proxy);
+ }
+
+ void connman_client_connect_async(ConnmanClient *client, const gchar *network,
+- connman_connect_reply callback, gpointer userdata)
++ net_connman_connect_reply callback, gpointer userdata)
+ {
+ ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client);
+ DBusGProxy *proxy;
+@@ -446,7 +446,7 @@ void connman_client_connect_async(ConnmanClient *client, const gchar *network,
+ if (proxy == NULL)
+ goto done;
+
+- connman_connect_async(proxy, callback, userdata);
++ net_connman_connect_async(proxy, callback, userdata);
+
+ done:
+ return;
+@@ -476,7 +476,7 @@ void connman_client_disconnect(ConnmanClient *client, const gchar *network)
+ if (proxy == NULL)
+ return;
+
+- connman_disconnect(proxy, NULL);
++ net_connman_disconnect(proxy, NULL);
+
+ g_object_unref(proxy);
+ }
+@@ -532,7 +532,7 @@ void connman_client_remove(ConnmanClient *client, const gchar *network)
+ if (proxy == NULL)
+ return;
+
+- connman_remove(proxy, NULL);
++ net_connman_remove(proxy, NULL);
+
+ g_object_unref(proxy);
+ }
+diff --git a/common/connman-client.h b/common/connman-client.h
+index 9e2e6d5..98241de 100644
+--- a/common/connman-client.h
++++ b/common/connman-client.h
+@@ -70,13 +70,13 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device,
+ gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device,
+ struct ipv4_config *ipv4_config);
+ void connman_client_scan(ConnmanClient *client, const gchar *device,
+- connman_scan_reply callback, gpointer user_data);
++ net_connman_scan_reply callback, gpointer user_data);
+
+ void connman_client_connect(ConnmanClient *client, const gchar *network);
+ void connman_client_disconnect(ConnmanClient *client, const gchar *network);
+ gchar *connman_client_get_security(ConnmanClient *client, const gchar *network);
+ void connman_client_connect_async(ConnmanClient *client, const gchar *network,
+- connman_connect_reply callback, gpointer userdata);
++ net_connman_connect_reply callback, gpointer userdata);
+ void connman_client_set_remember(ConnmanClient *client, const gchar *network,
+ gboolean remember);
+
+diff --git a/common/connman-dbus.c b/common/connman-dbus.c
+index b82b3e1..543eb43 100644
+--- a/common/connman-dbus.c
++++ b/common/connman-dbus.c
+@@ -655,15 +655,15 @@ DBusGProxy *connman_dbus_create_manager(DBusGConnection *conn,
+
+ DBG("getting manager properties");
+
+- connman_get_properties_async(proxy, manager_properties, store);
++ net_connman_get_properties_async(proxy, manager_properties, store);
+
+ DBG("getting technologies");
+
+- connman_get_technologies_async(proxy, manager_technologies, store);
++ net_connman_get_technologies_async(proxy, manager_technologies, store);
+
+ DBG("getting services");
+
+- connman_get_services_async(proxy, manager_services, store);
++ net_connman_get_services_async(proxy, manager_services, store);
+
+ return proxy;
+ }
+diff --git a/common/connman-dbus.xml b/common/connman-dbus.xml
+index 56b9582..0199d52 100644
+--- a/common/connman-dbus.xml
++++ b/common/connman-dbus.xml
+@@ -1,7 +1,7 @@
+ <?xml version="1.0" encoding="UTF-8" ?>
+
+ <node name="/">
+- <interface name="connman">
++ <interface name="net.connman">
+ <method name="GetProperties">
+ <arg type="a{sv}" direction="out"/>
+ </method>
+--
+1.9.1
+
diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png b/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png
new file mode 100644
index 000000000..33247c1e2
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png
Binary files differ
diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png b/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png
new file mode 100644
index 000000000..a94fb952f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png
Binary files differ
diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png b/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png
new file mode 100644
index 000000000..b5eb405a9
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png
Binary files differ
diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png b/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png
new file mode 100644
index 000000000..be54419fa
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png
Binary files differ
diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png b/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png
new file mode 100644
index 000000000..1c40ac9a1
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png
Binary files differ
diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch b/poky/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch
new file mode 100644
index 000000000..0421cda0b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch
@@ -0,0 +1,36 @@
+In networks that don't have a DHCP server configured, ipv4 address
+allocation fails and the ipv4 structure doesn't get populated. When
+the GUI is trying to read the ipv4_config.method field to see whether
+it contains "dhcp" string, a segmentation fault is generated.
+
+Ethernet manual configuration behavior remains unchanged after this fix.
+
+Upstream-Status: Pending
+
+Signed-off-by: Emilia Ciobanu <emilia.maria.silvia.ciobanu@intel.com>
+Index: git/properties/ethernet.c
+===================================================================
+--- git.orig/properties/ethernet.c
++++ git/properties/ethernet.c
+@@ -194,7 +194,7 @@ void add_ethernet_service(GtkWidget *mai
+
+ data->button = button;
+
+- if (g_str_equal(ipv4_config.method, "dhcp") == TRUE)
++ if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE)
+ update_ethernet_ipv4(data, CONNMAN_POLICY_DHCP);
+ else
+ update_ethernet_ipv4(data, CONNMAN_POLICY_MANUAL);
+Index: git/properties/wifi.c
+===================================================================
+--- git.orig/properties/wifi.c
++++ git/properties/wifi.c
+@@ -230,7 +230,7 @@ static void wifi_ipconfig(GtkWidget *tab
+
+ data->ipv4_config = ipv4_config;
+
+- if (g_str_equal(ipv4_config.method, "dhcp") == TRUE)
++ if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE)
+ update_wifi_ipv4(data, CONNMAN_POLICY_DHCP);
+ else
+ update_wifi_ipv4(data, CONNMAN_POLICY_MANUAL);
diff --git a/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
new file mode 100644
index 000000000..a56bd3751
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -0,0 +1,30 @@
+SUMMARY = "GTK+ frontend for the ConnMan network connection manager"
+HOMEPAGE = "http://connman.net/"
+SECTION = "libs/network"
+LICENSE = "GPLv2 & LGPLv2.1"
+LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
+ file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \
+ file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a"
+
+DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native"
+
+# 0.7 tag
+SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143"
+SRC_URI = "git://github.com/connectivity/connman-gnome.git \
+ file://0001-Removed-icon-from-connman-gnome-about-applet.patch \
+ file://null_check_for_ipv4_config.patch \
+ file://images/* \
+ file://connman-gnome-fix-dbus-interface-name.patch \
+ file://0001-Port-to-Gtk3.patch \
+ "
+
+S = "${WORKDIR}/git"
+
+inherit autotools-brokensep gtk-icon-cache pkgconfig distro_features_check
+ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
+
+RDEPENDS_${PN} = "connman"
+
+do_install_append() {
+ install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/
+}
diff --git a/poky/meta/recipes-connectivity/connman/connman.inc b/poky/meta/recipes-connectivity/connman/connman.inc
new file mode 100644
index 000000000..2b03f9cb0
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman.inc
@@ -0,0 +1,216 @@
+SUMMARY = "A daemon for managing internet connections within embedded devices"
+DESCRIPTION = "The ConnMan project provides a daemon for managing \
+internet connections within embedded devices running the Linux \
+operating system. The Connection Manager is designed to be slim and \
+to use as few resources as possible, so it can be easily integrated. \
+It is a fully modular system that can be extended, through plug-ins, \
+to support all kinds of wired or wireless technologies. Also, \
+configuration methods, like DHCP and domain name resolving, are \
+implemented using plug-ins."
+HOMEPAGE = "http://connman.net/"
+BUGTRACKER = "https://01.org/jira/browse/CM"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
+ file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36"
+
+inherit autotools pkgconfig systemd update-rc.d bluetooth update-alternatives
+
+DEPENDS = "dbus glib-2.0 ppp readline"
+
+INC_PR = "r20"
+
+EXTRA_OECONF += "\
+ ac_cv_path_WPASUPPLICANT=${sbindir}/wpa_supplicant \
+ ac_cv_path_PPPD=${sbindir}/pppd \
+ --enable-debug \
+ --enable-loopback \
+ --enable-ethernet \
+ --enable-tools \
+ --disable-polkit \
+ --enable-client \
+"
+
+PACKAGECONFIG ??= "wispr \
+ ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
+ iptables \
+"
+
+# If you want ConnMan to support VPN, add following statement into
+# local.conf or distro config
+# PACKAGECONFIG_append_pn-connman = " openvpn vpnc l2tp pptp"
+
+PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''"
+PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant"
+PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}, ${BLUEZ}"
+PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono"
+PACKAGECONFIG[tist] = "--enable-tist,--disable-tist,"
+PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn"
+PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc"
+PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2tp,,xl2tpd"
+PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux"
+# WISPr support for logging into hotspots, requires TLS
+PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls,"
+PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables-ipv4 kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-meta kernel-module-nft-masq-ipv4 kernel-module-nft-nat"
+PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables"
+
+INITSCRIPT_NAME = "connman"
+INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ."
+
+python __anonymous () {
+ systemd_packages = "${PN}"
+ pkgconfig = d.getVar('PACKAGECONFIG')
+ if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split():
+ systemd_packages += " ${PN}-vpn"
+ d.setVar('SYSTEMD_PACKAGES', systemd_packages)
+}
+
+SYSTEMD_SERVICE_${PN} = "connman.service"
+SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service"
+SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service"
+
+ALTERNATIVE_PRIORITY = "100"
+ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
+ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}"
+ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
+
+do_install_append() {
+ if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
+ install -d ${D}${sysconfdir}/init.d
+ install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman
+ sed -i s%@DATADIR@%${datadir}% ${D}${sysconfdir}/init.d/connman
+ fi
+
+ install -d ${D}${bindir}
+ install -m 0755 ${B}/tools/*-test ${D}${bindir}
+ if [ -e ${B}/tools/wispr ]; then
+ install -m 0755 ${B}/tools/wispr ${D}${bindir}
+ fi
+ install -m 0755 ${B}/client/connmanctl ${D}${bindir}
+
+ # We don't need to package an empty directory
+ rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts
+
+ # Automake 1.12 won't install empty directories, but we need the
+ # plugins directory to be present for ownership
+ mkdir -p ${D}${libdir}/connman/plugins
+
+ # For read-only filesystem, do not create links during bootup
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ ln -sf ../run/connman/resolv.conf ${D}${sysconfdir}/resolv-conf.connman
+ fi
+}
+
+# These used to be plugins, but now they are core
+RPROVIDES_${PN} = "\
+ connman-plugin-loopback \
+ connman-plugin-ethernet \
+ ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'wifi','connman-plugin-wifi', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \
+ "
+
+RDEPENDS_${PN} = "\
+ dbus \
+ "
+
+PACKAGES_DYNAMIC += "^${PN}-plugin-.*"
+
+def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip):
+ plugintype = pkg.split( '-' )[-1]
+ if plugintype in depmap:
+ rdepends = map(lambda x: multilib_prefix + x, \
+ depmap[plugintype].split())
+ d.setVar("RDEPENDS_%s" % pkg, " ".join(rdepends))
+ if add_insane_skip:
+ d.appendVar("INSANE_SKIP_%s" % pkg, "dev-so")
+
+python populate_packages_prepend() {
+ depmap = dict(pppd="ppp")
+ multilib_prefix = (d.getVar("MLPREFIX") or "")
+
+ hook = lambda file,pkg,x,y,z: \
+ add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False)
+ plugin_dir = d.expand('${libdir}/connman/plugins/')
+ plugin_name = d.expand('${PN}-plugin-%s')
+ do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+ '${PN} plugin for %s', extra_depends='', hook=hook, prepend=True )
+
+ hook = lambda file,pkg,x,y,z: \
+ add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True)
+ plugin_dir = d.expand('${libdir}/connman/plugins-vpn/')
+ plugin_name = d.expand('${PN}-plugin-vpn-%s')
+ do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+ '${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True )
+}
+
+PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client"
+
+FILES_${PN}-tools = "${bindir}/wispr"
+RDEPENDS_${PN}-tools ="${PN}"
+
+FILES_${PN}-tests = "${bindir}/*-test"
+
+FILES_${PN}-client = "${bindir}/connmanctl"
+RDEPENDS_${PN}-client ="${PN}"
+
+FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \
+ ${libdir}/connman/plugins \
+ ${sysconfdir} ${sharedstatedir} ${localstatedir} \
+ ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \
+ ${datadir}/dbus-1/system-services/* \
+ ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf"
+
+FILES_${PN}-dev += "${libdir}/connman/*/*.la"
+
+PACKAGES =+ "${PN}-vpn ${PN}-wait-online"
+
+SUMMARY_${PN}-vpn = "A daemon for managing VPN connections within embedded devices"
+DESCRIPTION_${PN}-vpn = "The ConnMan VPN provides a daemon for \
+managing VPN connections within embedded devices running the Linux \
+operating system. The connman-vpnd handles all the VPN connections \
+and starts/stops VPN client processes when necessary. The connman-vpnd \
+provides a DBus API for managing VPN connections. All the different \
+VPN technogies are implemented using plug-ins."
+FILES_${PN}-vpn += "${sbindir}/connman-vpnd \
+ ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \
+ ${datadir}/dbus-1/system-services/net.connman.vpn.service \
+ ${systemd_unitdir}/system/connman-vpn.service"
+
+SUMMARY_${PN}-wait-online = "A program that will return once ConnMan has connected to a network"
+DESCRIPTION_${PN}-wait-online = "A service that can be enabled so that \
+the system waits until a network connection is established."
+FILES_${PN}-wait-online += "${sbindir}/connmand-wait-online \
+ ${systemd_unitdir}/system/connman-wait-online.service"
+
+SUMMARY_${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN"
+DESCRIPTION_${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \
+to create a VPN connection to OpenVPN server."
+FILES_${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \
+ ${libdir}/connman/plugins-vpn/openvpn.so"
+RDEPENDS_${PN}-plugin-vpn-openvpn += "${PN}-vpn"
+RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}"
+
+SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN"
+DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \
+to create a VPN connection to Cisco3000 VPN Concentrator."
+FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \
+ ${libdir}/connman/plugins-vpn/vpnc.so"
+RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn"
+RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}"
+
+SUMMARY_${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN"
+DESCRIPTION_${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \
+to create a VPN connection to L2TP server."
+FILES_${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \
+ ${libdir}/connman/plugins-vpn/l2tp.so"
+RDEPENDS_${PN}-plugin-vpn-l2tp += "${PN}-vpn"
+RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}"
+
+SUMMARY_${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN"
+DESCRIPTION_${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \
+to create a VPN connection to PPTP server."
+FILES_${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \
+ ${libdir}/connman/plugins-vpn/pptp.so"
+RDEPENDS_${PN}-plugin-vpn-pptp += "${PN}-vpn"
+RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}"
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch b/poky/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch
new file mode 100644
index 000000000..8e2e0bd02
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch
@@ -0,0 +1,29 @@
+From 9f70b94ebf18f52c115634642652830fa77f27a1 Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Mon, 12 Jun 2017 16:52:39 +0300
+Subject: [PATCH] connman.service: stop systemd-resolved when we use connman
+
+Stop systemd-resolved service when we use connman as network manager.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ src/connman.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/connman.service.in b/src/connman.service.in
+index 9f5c10f..dab48bc 100644
+--- a/src/connman.service.in
++++ b/src/connman.service.in
+@@ -6,6 +6,7 @@ RequiresMountsFor=@localstatedir@/lib/connman
+ After=dbus.service network-pre.target systemd-sysusers.service
+ Before=network.target multi-user.target shutdown.target
+ Wants=network.target
++Conflicts=systemd-resolved.service
+
+ [Service]
+ Type=dbus
+--
+2.4.0
+
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch b/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch
new file mode 100644
index 000000000..f9080d4ba
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch
@@ -0,0 +1,41 @@
+From 929fc9b7068100444e0ffcccd25841f78791e619 Mon Sep 17 00:00:00 2001
+From: Jian Liang <jianliang@tycoint.com>
+Date: Fri, 15 Sep 2017 06:40:08 -0400
+Subject: [PATCH] gweb: Fix a crash using wispr over TLS
+To: connman@lists.01.org
+Cc: wagi@monom.org
+
+When gnutls_channel is instantiated, the gnutls_channel->established
+has to be initiated as FALSE. Otherwise, check_handshake function
+won't work. A random initial value 1 of gnutls_channel->established
+will make check_handshake return G_IO_STATUS_NORMAL, when the channel
+is actually not ready to be used. The observed behaviours are,
+
+- wispr is getting random errors in wispr_portal_web_result
+- ConnMan crashes on exit after those random errors
+- when wispr is luckly working, ConnMan doesn't crash on exit
+
+Signed-off-by: Jian Liang <jianliang@tycoint.com>
+
+---
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=73e53f3bd9e7debae86341f1eee7b97862a56a5e]
+Signed-off-by: André Draszik <andre.draszik@jci.com>
+ gweb/giognutls.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gweb/giognutls.c b/gweb/giognutls.c
+index 09dc9e7..c029a8b 100644
+--- a/gweb/giognutls.c
++++ b/gweb/giognutls.c
+@@ -421,7 +421,7 @@ GIOChannel *g_io_channel_gnutls_new(int fd)
+
+ DBG("");
+
+- gnutls_channel = g_new(GIOGnuTLSChannel, 1);
++ gnutls_channel = g_new0(GIOGnuTLSChannel, 1);
+
+ channel = (GIOChannel *) gnutls_channel;
+
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch b/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch
new file mode 100644
index 000000000..dd7b35674
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch
@@ -0,0 +1,63 @@
+From 508dc60a1f0758ebc586b6b086478a176d493086 Mon Sep 17 00:00:00 2001
+From: Jian Liang <jianliang@tycoint.com>
+Date: Thu, 5 Oct 2017 09:34:41 +0100
+Subject: [PATCH 1/4] inet: Add prefixlen to iproute_default_function
+To: connman@lists.01.org
+Cc: wagi@monom.org
+
+Add prefixlen parameter to this function in preparation for using
+it also in creating subnet route later, e.g.
+
+default via 192.168.100.1 dev eth0
+192.168.100.0/24 dev eth0
+
+Signed-off-by: Jian Liang <jianliang@tycoint.com>
+
+---
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=edda5b695de2ee79f02314abc9b46fdd46b388e1]
+Signed-off-by: André Draszik <andre.draszik@jci.com>
+ src/inet.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/inet.c b/src/inet.c
+index b887aa0..ab8aec8 100644
+--- a/src/inet.c
++++ b/src/inet.c
+@@ -2796,7 +2796,7 @@ int __connman_inet_del_fwmark_rule(uint32_t table_id, int family, uint32_t fwmar
+ }
+
+ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
+- const char *gateway)
++ const char *gateway, unsigned char prefixlen)
+ {
+ struct __connman_inet_rtnl_handle rth;
+ unsigned char buf[sizeof(struct in6_addr)];
+@@ -2829,6 +2829,7 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
+ rth.req.u.r.rt.rtm_protocol = RTPROT_BOOT;
+ rth.req.u.r.rt.rtm_scope = RT_SCOPE_UNIVERSE;
+ rth.req.u.r.rt.rtm_type = RTN_UNICAST;
++ rth.req.u.r.rt.rtm_dst_len = prefixlen;
+
+ __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), RTA_GATEWAY,
+ buf, len);
+@@ -2860,7 +2861,7 @@ int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex,
+ {
+ /* ip route add default via 1.2.3.4 dev wlan0 table 1234 */
+
+- return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway);
++ return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, 0);
+ }
+
+ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
+@@ -2868,7 +2869,7 @@ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
+ {
+ /* ip route del default via 1.2.3.4 dev wlan0 table 1234 */
+
+- return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway);
++ return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, 0);
+ }
+
+ int __connman_inet_get_interface_ll_address(int index, int family,
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch b/poky/meta/recipes-connectivity/connman/connman/0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch
new file mode 100644
index 000000000..e6f03e632
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch
@@ -0,0 +1,35 @@
+From 4ddaf78dad5a9ee4a0658235f71b75132192123e Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 7 Apr 2012 18:52:12 -0700
+Subject: [PATCH] plugin.h: Change visibility to default for debug symbols
+
+gold refuses to link in undefined weak symbols which
+have hidden visibility
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+
+Upstream-Status: Pending
+---
+ include/plugin.h | 4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/plugin.h b/include/plugin.h
+index 692a4e5..a9361c3 100644
+--- a/include/plugin.h
++++ b/include/plugin.h
+@@ -89,9 +89,9 @@ struct connman_plugin_desc {
+ #else
+ #define CONNMAN_PLUGIN_DEFINE(name, description, version, priority, init, exit) \
+ extern struct connman_debug_desc __start___debug[] \
+- __attribute__ ((weak, visibility("hidden"))); \
++ __attribute__ ((weak, visibility("default"))); \
+ extern struct connman_debug_desc __stop___debug[] \
+- __attribute__ ((weak, visibility("hidden"))); \
++ __attribute__ ((weak, visibility("default"))); \
+ extern struct connman_plugin_desc connman_plugin_desc \
+ __attribute__ ((visibility("default"))); \
+ struct connman_plugin_desc connman_plugin_desc = { \
+--
+1.7.5.4
+
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch b/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch
new file mode 100644
index 000000000..f1b4d0aaa
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch
@@ -0,0 +1,112 @@
+From b5fd5945886fa1845db5c969424b63d894fe0376 Mon Sep 17 00:00:00 2001
+From: Jian Liang <jianliang@tycoint.com>
+Date: Fri, 25 Aug 2017 10:02:16 -0400
+Subject: [PATCH 1/2] session: Keep track of addr in fw_snat & session
+To: connman@lists.01.org
+Cc: wagi@monom.org
+
+When there is more than one session in fw_snat's list of sessions,
+fw_snat failed to be re-created when update-session-state is triggered
+with new IP address. This is because index alone is not sufficient to
+decide if fw_snat needs to be re-created. The solution here is to keep
+a track of IP addr and use it to avoid false lookup of fw_snat.
+
+Signed-off-by: Jian Liang <jianliang@tycoint.com>
+
+---
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=f9e27d4abfcab5c80a38e0850b5ddb26277f97c1]
+Signed-off-by: André Draszik <andre.draszik@jci.com>
+ src/session.c | 19 +++++++++++++++----
+ 1 file changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/src/session.c b/src/session.c
+index 9e3c559..965ac06 100644
+--- a/src/session.c
++++ b/src/session.c
+@@ -65,6 +65,7 @@ struct connman_session {
+ struct firewall_context *fw;
+ uint32_t mark;
+ int index;
++ char *addr;
+ char *gateway;
+ bool policy_routing;
+ bool snat_enabled;
+@@ -79,6 +80,7 @@ struct fw_snat {
+ GSList *sessions;
+ int id;
+ int index;
++ char *addr;
+ struct firewall_context *fw;
+ };
+
+@@ -200,7 +202,7 @@ static char *service2bearer(enum connman_service_type type)
+ return "";
+ }
+
+-static struct fw_snat *fw_snat_lookup(int index)
++static struct fw_snat *fw_snat_lookup(int index, const char *addr)
+ {
+ struct fw_snat *fw_snat;
+ GSList *list;
+@@ -208,8 +210,11 @@ static struct fw_snat *fw_snat_lookup(int index)
+ for (list = fw_snat_list; list; list = list->next) {
+ fw_snat = list->data;
+
+- if (fw_snat->index == index)
++ if (fw_snat->index == index) {
++ if (g_strcmp0(addr, fw_snat->addr) != 0)
++ continue;
+ return fw_snat;
++ }
+ }
+ return NULL;
+ }
+@@ -224,6 +229,7 @@ static int fw_snat_create(struct connman_session *session,
+
+ fw_snat->fw = __connman_firewall_create();
+ fw_snat->index = index;
++ fw_snat->addr = g_strdup(addr);
+
+ fw_snat->id = __connman_firewall_enable_snat(fw_snat->fw,
+ index, ifname, addr);
+@@ -238,6 +244,7 @@ static int fw_snat_create(struct connman_session *session,
+ return 0;
+ err:
+ __connman_firewall_destroy(fw_snat->fw);
++ g_free(fw_snat->addr);
+ g_free(fw_snat);
+ return err;
+ }
+@@ -393,7 +400,7 @@ static void del_nat_rules(struct connman_session *session)
+ return;
+
+ session->snat_enabled = false;
+- fw_snat = fw_snat_lookup(session->index);
++ fw_snat = fw_snat_lookup(session->index, session->addr);
+
+ if (!fw_snat)
+ return;
+@@ -420,8 +427,11 @@ static void add_nat_rules(struct connman_session *session)
+ if (!addr)
+ return;
+
++ g_free(session->addr);
++ session->addr = g_strdup(addr);
++
+ session->snat_enabled = true;
+- fw_snat = fw_snat_lookup(index);
++ fw_snat = fw_snat_lookup(index, session->addr);
+ if (fw_snat) {
+ fw_snat_ref(session, fw_snat);
+ return;
+@@ -502,6 +512,7 @@ static void free_session(struct connman_session *session)
+ g_free(session->info);
+ g_free(session->info_last);
+ g_free(session->gateway);
++ g_free(session->addr);
+
+ g_free(session);
+ }
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch b/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch
new file mode 100644
index 000000000..9c953e5d5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch
@@ -0,0 +1,69 @@
+From 08cda4004491d3971a8b9df937426c43800d15b1 Mon Sep 17 00:00:00 2001
+From: Jian Liang <jianliang@tycoint.com>
+Date: Thu, 5 Oct 2017 09:37:06 +0100
+Subject: [PATCH 2/4] inet: Implement subnet route creation/deletion in
+ iproute_default_modify
+To: connman@lists.01.org
+Cc: wagi@monom.org
+
+- Calculate subnet address base on gateway address and prefixlen
+- Differentiate creation of routes to gateway and subnet
+
+Signed-off-by: Jian Liang <jianliang@tycoint.com>
+
+---
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=ff7dcf91f12a2a237feebc6e606d0a8e92975528]
+Signed-off-by: André Draszik <andre.draszik@jci.com>
+ src/inet.c | 22 +++++++++++++++++++---
+ 1 file changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/src/inet.c b/src/inet.c
+index ab8aec8..0ddb030 100644
+--- a/src/inet.c
++++ b/src/inet.c
+@@ -2802,6 +2802,9 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
+ unsigned char buf[sizeof(struct in6_addr)];
+ int ret, len;
+ int family = connman_inet_check_ipaddress(gateway);
++ char *dst = NULL;
++
++ DBG("gateway %s/%u table %u", gateway, prefixlen, table_id);
+
+ switch (family) {
+ case AF_INET:
+@@ -2814,7 +2817,19 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
+ return -EINVAL;
+ }
+
+- ret = inet_pton(family, gateway, buf);
++ if (prefixlen) {
++ struct in_addr ipv4_subnet_addr, ipv4_mask;
++
++ memset(&ipv4_subnet_addr, 0, sizeof(ipv4_subnet_addr));
++ ipv4_mask.s_addr = htonl((0xffffffff << (32 - prefixlen)) & 0xffffffff);
++ ipv4_subnet_addr.s_addr = inet_addr(gateway);
++ ipv4_subnet_addr.s_addr &= ipv4_mask.s_addr;
++
++ dst = g_strdup(inet_ntoa(ipv4_subnet_addr));
++ }
++
++ ret = inet_pton(family, dst ? dst : gateway, buf);
++ g_free(dst);
+ if (ret <= 0)
+ return -EINVAL;
+
+@@ -2831,8 +2846,9 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
+ rth.req.u.r.rt.rtm_type = RTN_UNICAST;
+ rth.req.u.r.rt.rtm_dst_len = prefixlen;
+
+- __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), RTA_GATEWAY,
+- buf, len);
++ __connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req),
++ prefixlen > 0 ? RTA_DST : RTA_GATEWAY, buf, len);
++
+ if (table_id < 256) {
+ rth.req.u.r.rt.rtm_table = table_id;
+ } else {
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
new file mode 100644
index 000000000..059342771
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
@@ -0,0 +1,77 @@
+From 10b0d16d04b811b1ccd1f9b0cfe757bce8d876a1 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 6 Apr 2015 23:02:21 -0700
+Subject: [PATCH 2/3] resolve: musl does not implement res_ninit
+
+ported from
+http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gweb/gresolv.c | 33 ++++++++++++---------------------
+ 1 file changed, 12 insertions(+), 21 deletions(-)
+
+diff --git a/gweb/gresolv.c b/gweb/gresolv.c
+index 5cf7a9a..3ad8e70 100644
+--- a/gweb/gresolv.c
++++ b/gweb/gresolv.c
+@@ -875,8 +875,6 @@ GResolv *g_resolv_new(int index)
+ resolv->index = index;
+ resolv->nameserver_list = NULL;
+
+- res_ninit(&resolv->res);
+-
+ return resolv;
+ }
+
+@@ -916,8 +914,6 @@ void g_resolv_unref(GResolv *resolv)
+
+ flush_nameservers(resolv);
+
+- res_nclose(&resolv->res);
+-
+ g_free(resolv);
+ }
+
+@@ -1020,24 +1016,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname,
+ debug(resolv, "hostname %s", hostname);
+
+ if (!resolv->nameserver_list) {
+- int i;
+-
+- for (i = 0; i < resolv->res.nscount; i++) {
+- char buf[100];
+- int family = resolv->res.nsaddr_list[i].sin_family;
+- void *sa_addr = &resolv->res.nsaddr_list[i].sin_addr;
+-
+- if (family != AF_INET &&
+- resolv->res._u._ext.nsaddrs[i]) {
+- family = AF_INET6;
+- sa_addr = &resolv->res._u._ext.nsaddrs[i]->sin6_addr;
++ FILE *f = fopen("/etc/resolv.conf", "r");
++ if (f) {
++ char line[256], *s;
++ int i;
++ while (fgets(line, sizeof(line), f)) {
++ if (strncmp(line, "nameserver", 10) || !isspace(line[10]))
++ continue;
++ for (s = &line[11]; isspace(s[0]); s++);
++ for (i = 0; s[i] && !isspace(s[i]); i++);
++ s[i] = 0;
++ g_resolv_add_nameserver(resolv, s, 53, 0);
+ }
+-
+- if (family != AF_INET && family != AF_INET6)
+- continue;
+-
+- if (inet_ntop(family, sa_addr, buf, sizeof(buf)))
+- g_resolv_add_nameserver(resolv, buf, 53, 0);
++ fclose(f);
+ }
+
+ if (!resolv->nameserver_list)
+--
+2.5.1
+
diff --git a/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch b/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch
new file mode 100644
index 000000000..56ba5c3f4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch
@@ -0,0 +1,68 @@
+From a9243f13d6e1aadd69bfcc27f75f69c38be51677 Mon Sep 17 00:00:00 2001
+From: Jian Liang <jianliang@tycoint.com>
+Date: Wed, 4 Oct 2017 17:30:17 +0100
+Subject: [PATCH 3/4] inet: Implement APIs for creating and deleting subnet
+ route
+To: connman@lists.01.org
+Cc: wagi@monom.org
+
+Signed-off-by: Jian Liang <jianliang@tycoint.com>
+
+---
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=3a15b0b7fccd053aff91da2cc68585509d0c509b]
+Signed-off-by: André Draszik <andre.draszik@jci.com>
+ src/connman.h | 4 ++++
+ src/inet.c | 14 ++++++++++++++
+ 2 files changed, 18 insertions(+)
+
+diff --git a/src/connman.h b/src/connman.h
+index 21b7080..da4446a 100644
+--- a/src/connman.h
++++ b/src/connman.h
+@@ -240,7 +240,11 @@ int __connman_inet_rtnl_addattr32(struct nlmsghdr *n, size_t maxlen,
+ int __connman_inet_add_fwmark_rule(uint32_t table_id, int family, uint32_t fwmark);
+ int __connman_inet_del_fwmark_rule(uint32_t table_id, int family, uint32_t fwmark);
+ int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex, const char *gateway);
++int __connman_inet_add_subnet_to_table(uint32_t table_id, int ifindex,
++ const char *gateway, unsigned char prefixlen);
+ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex, const char *gateway);
++int __connman_inet_del_subnet_from_table(uint32_t table_id, int ifindex,
++ const char *gateway, unsigned char prefixlen);
+ int __connman_inet_get_address_netmask(int ifindex,
+ struct sockaddr_in *address, struct sockaddr_in *netmask);
+
+diff --git a/src/inet.c b/src/inet.c
+index 0ddb030..dcd1ab2 100644
+--- a/src/inet.c
++++ b/src/inet.c
+@@ -2880,6 +2880,13 @@ int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex,
+ return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, 0);
+ }
+
++int __connman_inet_add_subnet_to_table(uint32_t table_id, int ifindex,
++ const char *gateway, unsigned char prefixlen)
++{
++ /* ip route add 1.2.3.4/24 dev eth0 table 1234 */
++ return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, prefixlen);
++}
++
+ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
+ const char *gateway)
+ {
+@@ -2888,6 +2895,13 @@ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
+ return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, 0);
+ }
+
++int __connman_inet_del_subnet_from_table(uint32_t table_id, int ifindex,
++ const char *gateway, unsigned char prefixlen)
++{
++ /* ip route del 1.2.3.4/24 dev eth0 table 1234 */
++ return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, prefixlen);
++}
++
+ int __connman_inet_get_interface_ll_address(int index, int family,
+ void *address)
+ {
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch b/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch
new file mode 100644
index 000000000..ca213eb18
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch
@@ -0,0 +1,77 @@
+From deb9372db8396da4f7cd20555ce7c9a8b3ad96bd Mon Sep 17 00:00:00 2001
+From: Jian Liang <jianliang@tycoint.com>
+Date: Fri, 6 Oct 2017 11:40:16 +0100
+Subject: [PATCH 4/4] session: Use subnet route creation and deletion APIs
+To: connman@lists.01.org
+Cc: wagi@monom.org
+
+As subnet route is address and session specific in this case, so add
+prefixlen into struct connman_session, and update it along with ipconfig.
+Then use it in subnet route related APIs.
+
+Signed-off-by: Jian Liang <jianliang@tycoint.com>
+
+---
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=285f25ef6cc9e4a43dab83523f3e2eab4365ac26]
+Signed-off-by: André Draszik <andre.draszik@jci.com>
+ src/session.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/src/session.c b/src/session.c
+index 965ac06..7b7a14b 100644
+--- a/src/session.c
++++ b/src/session.c
+@@ -67,6 +67,7 @@ struct connman_session {
+ int index;
+ char *addr;
+ char *gateway;
++ unsigned char prefixlen;
+ bool policy_routing;
+ bool snat_enabled;
+ };
+@@ -357,13 +358,17 @@ static void del_default_route(struct connman_session *session)
+ if (!session->gateway)
+ return;
+
+- DBG("index %d routing table %d default gateway %s",
+- session->index, session->mark, session->gateway);
++ DBG("index %d routing table %d default gateway %s/%u",
++ session->index, session->mark, session->gateway, session->prefixlen);
++
++ __connman_inet_del_subnet_from_table(session->mark,
++ session->index, session->gateway, session->prefixlen);
+
+ __connman_inet_del_default_from_table(session->mark,
+ session->index, session->gateway);
+ g_free(session->gateway);
+ session->gateway = NULL;
++ session->prefixlen = 0;
+ session->index = -1;
+ }
+
+@@ -383,13 +388,20 @@ static void add_default_route(struct connman_session *session)
+ if (!session->gateway)
+ session->gateway = g_strdup(inet_ntoa(addr));
+
+- DBG("index %d routing table %d default gateway %s",
+- session->index, session->mark, session->gateway);
++ session->prefixlen = __connman_ipconfig_get_prefixlen(ipconfig);
++
++ DBG("index %d routing table %d default gateway %s/%u",
++ session->index, session->mark, session->gateway, session->prefixlen);
+
+ err = __connman_inet_add_default_to_table(session->mark,
+ session->index, session->gateway);
+ if (err < 0)
+ DBG("session %p %s", session, strerror(-err));
++
++ err = __connman_inet_add_subnet_to_table(session->mark,
++ session->index, session->gateway, session->prefixlen);
++ if (err < 0)
++ DBG("session add subnet route %p %s", session, strerror(-err));
+ }
+
+ static void del_nat_rules(struct connman_session *session)
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/connman/connman/connman b/poky/meta/recipes-connectivity/connman/connman/connman
new file mode 100644
index 000000000..c64fa0d71
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/connman
@@ -0,0 +1,83 @@
+#!/bin/sh
+
+DAEMON=/usr/sbin/connmand
+PIDFILE=/var/run/connmand.pid
+DESC="Connection Manager"
+
+if [ -f /etc/default/connman ] ; then
+ . /etc/default/connman
+fi
+
+set -e
+
+nfsroot=0
+
+exec 9<&0 < /proc/mounts
+while read dev mtpt fstype rest; do
+ if test $mtpt = "/" ; then
+ case $fstype in
+ nfs | nfs4)
+ nfsroot=1
+ break
+ ;;
+ *)
+ ;;
+ esac
+ fi
+done
+
+do_start() {
+ EXTRA_PARAM=""
+ if test $nfsroot -eq 1 ; then
+ NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 ]*\):.*$/\1/p'`
+ NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ :]*\).*$/\1/p'`
+
+ if [ ! -z "$NET_ADDR" ]; then
+ if [ "$NET_ADDR" = dhcp ]; then
+ ethn=`ifconfig | grep "^eth" | sed -e "s/\(eth[0-9]\)\(.*\)/\1/"`
+ if [ ! -z "$ethn" ]; then
+ EXTRA_PARAM="-I $ethn"
+ fi
+ else
+ for i in $NET_DEVS; do
+ ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 's/^.*inet \([0-9.]*\) .*$/\1/p'`
+ if [ "$NET_ADDR" = "$ADDR" ]; then
+ EXTRA_PARAM="-I $i"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if [ -f @DATADIR@/connman/wired-setup ] ; then
+ . @DATADIR@/connman/wired-setup
+ fi
+ $DAEMON $EXTRA_PARAM
+}
+
+do_stop() {
+ start-stop-daemon --stop --name connmand --quiet
+}
+
+case "$1" in
+ start)
+ echo "Starting $DESC"
+ do_start
+ ;;
+ stop)
+ echo "Stopping $DESC"
+ do_stop
+ ;;
+ restart|force-reload)
+ echo "Restarting $DESC"
+ do_stop
+ sleep 1
+ do_start
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/poky/meta/recipes-connectivity/connman/connman/includes.patch b/poky/meta/recipes-connectivity/connman/connman/includes.patch
new file mode 100644
index 000000000..55cb18793
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/includes.patch
@@ -0,0 +1,423 @@
+Fix various issues which cause problems under musl.
+
+Upstream-Status: Submitted
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 630516bcc0233b047f65665c003201ba6e77453d Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 9 Aug 2016 16:22:36 +0100
+Subject: [PATCH 1/3] Use AC_USE_SYSTEM_EXTENSIONS
+
+Instead of using #define _GNU_SOURCE in some source files which causes problems
+when building with musl as more files need the define, simply use
+AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally.
+---
+ configure.ac | 1 +
+ gdhcp/client.c | 1 -
+ plugins/tist.c | 1 -
+ src/backtrace.c | 1 -
+ src/inet.c | 1 -
+ src/log.c | 1 -
+ src/ntp.c | 1 -
+ src/resolver.c | 1 -
+ src/rfkill.c | 1 -
+ src/stats.c | 1 -
+ src/timezone.c | 1 -
+ tools/stats-tool.c | 1 -
+ tools/tap-test.c | 1 -
+ tools/wispr.c | 1 -
+ vpn/plugins/vpn.c | 1 -
+ 15 files changed, 1 insertion(+), 14 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 6e66ab3..bacf5ec 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -20,6 +20,7 @@ AC_SUBST(abs_top_srcdir)
+ AC_SUBST(abs_top_builddir)
+
+ AC_LANG_C
++AC_USE_SYSTEM_EXTENSIONS
+
+ AC_PROG_CC
+ AM_PROG_CC_C_O
+diff --git a/gdhcp/client.c b/gdhcp/client.c
+index fbb40ab..3aeb089 100644
+--- a/gdhcp/client.c
++++ b/gdhcp/client.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <unistd.h>
+diff --git a/plugins/tist.c b/plugins/tist.c
+index ad5ef79..cc2800a 100644
+--- a/plugins/tist.c
++++ b/plugins/tist.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <stdbool.h>
+ #include <stdlib.h>
+diff --git a/src/backtrace.c b/src/backtrace.c
+index 6a66c0a..4dbdda8 100644
+--- a/src/backtrace.c
++++ b/src/backtrace.c
+@@ -24,7 +24,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <stdlib.h>
+diff --git a/src/inet.c b/src/inet.c
+index 69ded19..81d92c2 100644
+--- a/src/inet.c
++++ b/src/inet.c
+@@ -25,7 +25,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <unistd.h>
+diff --git a/src/log.c b/src/log.c
+index 9bae4a3..f7e82e5 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <stdarg.h>
+diff --git a/src/ntp.c b/src/ntp.c
+index dd246eb..db8ae96 100644
+--- a/src/ntp.c
++++ b/src/ntp.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+diff --git a/src/resolver.c b/src/resolver.c
+index fbe4be7..ef61f92 100644
+--- a/src/resolver.c
++++ b/src/resolver.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <fcntl.h>
+diff --git a/src/rfkill.c b/src/rfkill.c
+index 2bfb092..af49d12 100644
+--- a/src/rfkill.c
++++ b/src/rfkill.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <fcntl.h>
+diff --git a/src/stats.c b/src/stats.c
+index 26343b1..cfcdc94 100644
+--- a/src/stats.c
++++ b/src/stats.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <errno.h>
+ #include <sys/mman.h>
+ #include <sys/types.h>
+diff --git a/src/timezone.c b/src/timezone.c
+index e346b11..8e91267 100644
+--- a/src/timezone.c
++++ b/src/timezone.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <errno.h>
+ #include <stdio.h>
+ #include <fcntl.h>
+diff --git a/tools/stats-tool.c b/tools/stats-tool.c
+index b076478..428d94b 100644
+--- a/tools/stats-tool.c
++++ b/tools/stats-tool.c
+@@ -22,7 +22,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <sys/mman.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+diff --git a/tools/tap-test.c b/tools/tap-test.c
+index fdc098a..57917f5 100644
+--- a/tools/tap-test.c
++++ b/tools/tap-test.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <fcntl.h>
+diff --git a/tools/wispr.c b/tools/wispr.c
+index d5f9341..e56dfc1 100644
+--- a/tools/wispr.c
++++ b/tools/wispr.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
+index 9a42385..479c3a7 100644
+--- a/vpn/plugins/vpn.c
++++ b/vpn/plugins/vpn.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+
+-#define _GNU_SOURCE
+ #include <string.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+--
+2.8.1
+
+
+From b8b7878e6cb2a1ed4fcfa256f7e232511a40e3d9 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 9 Aug 2016 15:37:50 +0100
+Subject: [PATCH 2/3] Check for in6_pktinfo.ipi6_addr explicitly
+
+Instead of assuming that just glibc has this structure, check for it at
+configure as musl also has it.
+
+Based on work by Khem Raj <raj.khem@gmail.com>.
+---
+ configure.ac | 2 ++
+ gdhcp/common.h | 5 +++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index bacf5ec..ad00456 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -186,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
+ AC_CHECK_HEADERS([execinfo.h])
+ AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"])
+
++AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]])
++
+ AC_CHECK_FUNC(signalfd, dummy=yes,
+ AC_MSG_ERROR(signalfd support is required))
+
+diff --git a/gdhcp/common.h b/gdhcp/common.h
+index 75abc18..6899499 100644
+--- a/gdhcp/common.h
++++ b/gdhcp/common.h
+@@ -19,6 +19,7 @@
+ *
+ */
+
++#include <config.h>
+ #include <netinet/udp.h>
+ #include <netinet/ip.h>
+
+@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths[] = {
+ [OPTION_U32] = 4,
+ };
+
+-/* already defined within netinet/in.h if using GNU compiler */
+-#ifndef __USE_GNU
++/* already defined within netinet/in.h if using glibc or musl */
++#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR
+ struct in6_pktinfo {
+ struct in6_addr ipi6_addr; /* src/dst IPv6 address */
+ unsigned int ipi6_ifindex; /* send/recv interface index */
+--
+2.8.1
+
+
+From c0726e432fa0274a2b9c70179b03df6720972816 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 9 Aug 2016 15:19:23 +0100
+Subject: [PATCH 3/3] Rationalise includes
+
+gweb/gresolv.c uses snprintf() and isspace() so it should include stdio.h and
+ctype.h.
+
+tools/dnsproxy-test uses functions from stdio.h.
+
+musl warns when sys/ headers are included when the non-sys form should be used,
+so switch sys/errno.h and so on to errno.h.
+
+musl also causes redefinition errors when pieces of the networking headers are
+included, so remove the redundant includes.
+
+Based on work by Khem Raj <raj.khem@gmail.com>.
+---
+ gweb/gresolv.c | 2 ++
+ plugins/wifi.c | 3 +--
+ src/ippool.c | 1 -
+ src/iptables.c | 2 +-
+ src/tethering.c | 2 --
+ tools/dhcp-test.c | 1 -
+ tools/dnsproxy-test.c | 1 +
+ tools/private-network-test.c | 2 +-
+ tools/tap-test.c | 2 +-
+ 9 files changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/gweb/gresolv.c b/gweb/gresolv.c
+index 8a51a9f..d55027c 100644
+--- a/gweb/gresolv.c
++++ b/gweb/gresolv.c
+@@ -23,11 +23,13 @@
+ #include <config.h>
+ #endif
+
++#include <ctype.h>
+ #include <errno.h>
+ #include <unistd.h>
+ #include <stdarg.h>
+ #include <string.h>
+ #include <stdlib.h>
++#include <stdio.h>
+ #include <resolv.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+diff --git a/plugins/wifi.c b/plugins/wifi.c
+index 9d56671..148131d 100644
+--- a/plugins/wifi.c
++++ b/plugins/wifi.c
+@@ -30,9 +30,8 @@
+ #include <string.h>
+ #include <sys/ioctl.h>
+ #include <sys/socket.h>
+-#include <linux/if_arp.h>
+-#include <linux/wireless.h>
+ #include <net/ethernet.h>
++#include <linux/wireless.h>
+
+ #ifndef IFF_LOWER_UP
+ #define IFF_LOWER_UP 0x10000
+diff --git a/src/ippool.c b/src/ippool.c
+index cea1dcc..8a645da 100644
+--- a/src/ippool.c
++++ b/src/ippool.c
+@@ -28,7 +28,6 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <unistd.h>
+-#include <sys/errno.h>
+ #include <sys/socket.h>
+
+ #include "connman.h"
+diff --git a/src/iptables.c b/src/iptables.c
+index 5ef757a..82e3ac4 100644
+--- a/src/iptables.c
++++ b/src/iptables.c
+@@ -28,7 +28,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <unistd.h>
+-#include <sys/errno.h>
++#include <errno.h>
+ #include <sys/socket.h>
+ #include <xtables.h>
+ #include <inttypes.h>
+diff --git a/src/tethering.c b/src/tethering.c
+index 3153349..ad062d5 100644
+--- a/src/tethering.c
++++ b/src/tethering.c
+@@ -31,10 +31,8 @@
+ #include <stdio.h>
+ #include <sys/ioctl.h>
+ #include <net/if.h>
+-#include <linux/sockios.h>
+ #include <string.h>
+ #include <fcntl.h>
+-#include <linux/if_tun.h>
+ #include <netinet/in.h>
+ #include <linux/if_bridge.h>
+
+diff --git a/tools/dhcp-test.c b/tools/dhcp-test.c
+index c34e10a..eae66fc 100644
+--- a/tools/dhcp-test.c
++++ b/tools/dhcp-test.c
+@@ -33,7 +33,6 @@
+ #include <arpa/inet.h>
+ #include <net/route.h>
+ #include <net/ethernet.h>
+-#include <linux/if_arp.h>
+
+ #include <gdhcp/gdhcp.h>
+
+diff --git a/tools/dnsproxy-test.c b/tools/dnsproxy-test.c
+index 551cae9..371e2e2 100644
+--- a/tools/dnsproxy-test.c
++++ b/tools/dnsproxy-test.c
+@@ -24,6 +24,7 @@
+ #endif
+
+ #include <errno.h>
++#include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
+diff --git a/tools/private-network-test.c b/tools/private-network-test.c
+index 3dd115b..2828bb3 100644
+--- a/tools/private-network-test.c
++++ b/tools/private-network-test.c
+@@ -32,7 +32,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <signal.h>
+-#include <sys/poll.h>
++#include <poll.h>
+ #include <sys/signalfd.h>
+ #include <unistd.h>
+
+diff --git a/tools/tap-test.c b/tools/tap-test.c
+index 57917f5..cb3ee62 100644
+--- a/tools/tap-test.c
++++ b/tools/tap-test.c
+@@ -28,7 +28,7 @@
+ #include <fcntl.h>
+ #include <unistd.h>
+ #include <string.h>
+-#include <sys/poll.h>
++#include <poll.h>
+ #include <sys/ioctl.h>
+
+ #include <netinet/in.h>
+--
+2.8.1
diff --git a/poky/meta/recipes-connectivity/connman/connman/no-version-scripts.patch b/poky/meta/recipes-connectivity/connman/connman/no-version-scripts.patch
new file mode 100644
index 000000000..e96e38bcf
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman/no-version-scripts.patch
@@ -0,0 +1,27 @@
+With binutils 2.27 on at least MIPS, connmand will crash on startup. This
+appears to be due to the symbol visibilty scripts hiding symbols that stdio
+looks up at runtime, resulting in it segfaulting.
+
+This certainly appears to be a bug in binutils 2.27 although the problem has
+been known about for some time:
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=17908
+
+As the version scripts are only used to hide symbols from plugins we can safely
+remove the scripts to work around the problem until binutils is fixed.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/Makefile.am b/Makefile.am
+index d70725c..76ae432 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -132,2 +132 @@ src_connmand_LDADD = gdbus/libgdbus-internal.la $(builtin_libadd) \
+-src_connmand_LDFLAGS = -Wl,--export-dynamic \
+- -Wl,--version-script=$(srcdir)/src/connman.ver
++src_connmand_LDFLAGS = -Wl,--export-dynamic
+@@ -166,2 +165 @@ vpn_connman_vpnd_LDADD = gdbus/libgdbus-internal.la $(builtin_vpn_libadd) \
+-vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic \
+- -Wl,--version-script=$(srcdir)/vpn/vpn.ver
++vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic
diff --git a/poky/meta/recipes-connectivity/connman/connman_1.35.bb b/poky/meta/recipes-connectivity/connman/connman_1.35.bb
new file mode 100644
index 000000000..ff2118113
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman_1.35.bb
@@ -0,0 +1,22 @@
+require connman.inc
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+ file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
+ file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
+ file://connman \
+ file://no-version-scripts.patch \
+ file://includes.patch \
+ file://0001-session-Keep-track-of-addr-in-fw_snat-session.patch \
+ file://0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch \
+ file://0001-inet-Add-prefixlen-to-iproute_default_function.patch \
+ file://0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch \
+ file://0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch \
+ file://0004-session-Use-subnet-route-creation-and-deletion-APIs.patch \
+ "
+SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \
+ "
+
+SRC_URI[md5sum] = "bae37b45ee9b3db5ec8115188f8a7652"
+SRC_URI[sha256sum] = "66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa"
+
+RRECOMMENDS_${PN} = "connman-conf"
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp.inc b/poky/meta/recipes-connectivity/dhcp/dhcp.inc
new file mode 100644
index 000000000..e94370786
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp.inc
@@ -0,0 +1,143 @@
+SECTION = "console/network"
+SUMMARY = "Internet Software Consortium DHCP package"
+DESCRIPTION = "DHCP (Dynamic Host Configuration Protocol) is a protocol \
+which allows individual devices on an IP network to get their own \
+network configuration information from a server. DHCP helps make it \
+easier to administer devices."
+
+HOMEPAGE = "http://www.isc.org/"
+
+LICENSE = "ISC"
+LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1753"
+
+DEPENDS = "openssl bind"
+
+SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
+ file://init-relay file://default-relay \
+ file://init-server file://default-server \
+ file://dhclient.conf file://dhcpd.conf \
+ file://dhclient-systemd-wrapper \
+ file://dhclient.service \
+ file://dhcpd.service file://dhcrelay.service \
+ file://dhcpd6.service \
+ "
+UPSTREAM_CHECK_URI = "ftp://ftp.isc.org/isc/dhcp/"
+UPSTREAM_CHECK_REGEX = "(?P<pver>\d+\.\d+\.(\d+?))/"
+
+inherit autotools systemd useradd update-rc.d
+
+USERADD_PACKAGES = "${PN}-server"
+USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${BPN} --shell /bin/false --user-group ${BPN}"
+
+SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay ${PN}-client"
+SYSTEMD_SERVICE_${PN}-server = "dhcpd.service dhcpd6.service"
+SYSTEMD_AUTO_ENABLE_${PN}-server = "disable"
+
+SYSTEMD_SERVICE_${PN}-relay = "dhcrelay.service"
+SYSTEMD_AUTO_ENABLE_${PN}-relay = "disable"
+
+SYSTEMD_SERVICE_${PN}-client = "dhclient.service"
+SYSTEMD_AUTO_ENABLE_${PN}-client = "disable"
+
+INITSCRIPT_PACKAGES = "dhcp-server"
+INITSCRIPT_NAME_dhcp-server = "dhcp-server"
+INITSCRIPT_PARAMS_dhcp-server = "defaults"
+
+TARGET_CFLAGS += "-D_GNU_SOURCE"
+EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \
+ --with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \
+ --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \
+ --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \
+ --with-libbind=${STAGING_LIBDIR}/ \
+ --enable-paranoia --disable-static \
+ --with-randomdev=/dev/random \
+ "
+
+do_install_append () {
+ install -d ${D}${sysconfdir}/init.d
+ install -d ${D}${sysconfdir}/default
+ install -d ${D}${sysconfdir}/dhcp
+ install -m 0755 ${WORKDIR}/init-relay ${D}${sysconfdir}/init.d/dhcp-relay
+ install -m 0644 ${WORKDIR}/default-relay ${D}${sysconfdir}/default/dhcp-relay
+ install -m 0755 ${WORKDIR}/init-server ${D}${sysconfdir}/init.d/dhcp-server
+ install -m 0644 ${WORKDIR}/default-server ${D}${sysconfdir}/default/dhcp-server
+
+ rm -f ${D}${sysconfdir}/dhclient.conf*
+ rm -f ${D}${sysconfdir}/dhcpd.conf*
+ install -m 0644 ${WORKDIR}/dhclient.conf ${D}${sysconfdir}/dhcp/dhclient.conf
+ install -m 0644 ${WORKDIR}/dhcpd.conf ${D}${sysconfdir}/dhcp/dhcpd.conf
+
+ install -d ${D}${base_sbindir}/
+ if [ "${sbindir}" != "${base_sbindir}" ]; then
+ mv ${D}${sbindir}/dhclient ${D}${base_sbindir}/
+ fi
+ install -m 0755 ${S}/client/scripts/linux ${D}${base_sbindir}/dhclient-script
+
+ # Install systemd unit files
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/dhcpd.service ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/dhcpd6.service ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/dhcrelay.service ${D}${systemd_unitdir}/system
+ sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service ${D}${systemd_unitdir}/system/dhcrelay.service
+ sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
+ sed -i -e 's,@base_bindir@,${base_bindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
+ sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
+ sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcrelay.service
+
+ install -d ${D}${base_sbindir}
+ install -m 0755 ${WORKDIR}/dhclient-systemd-wrapper ${D}${base_sbindir}/dhclient-systemd-wrapper
+ install -m 0644 ${WORKDIR}/dhclient.service ${D}${systemd_unitdir}/system
+ sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhclient.service
+ sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/dhclient.service
+}
+
+PACKAGES += "dhcp-libs dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell"
+
+PACKAGES_remove = "${PN}"
+RDEPENDS_${PN}-dev = ""
+RDEPENDS_${PN}-staticdev = ""
+
+FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0*"
+
+FILES_${PN}-server = "${sbindir}/dhcpd ${sysconfdir}/init.d/dhcp-server"
+RRECOMMENDS_${PN}-server = "dhcp-server-config"
+
+FILES_${PN}-server-config = "${sysconfdir}/default/dhcp-server ${sysconfdir}/dhcp/dhcpd.conf"
+
+FILES_${PN}-relay = "${sbindir}/dhcrelay ${sysconfdir}/init.d/dhcp-relay ${sysconfdir}/default/dhcp-relay"
+
+FILES_${PN}-client = "${base_sbindir}/dhclient \
+ ${base_sbindir}/dhclient-script \
+ ${sysconfdir}/dhcp/dhclient.conf \
+ ${base_sbindir}/dhclient-systemd-wrapper \
+ "
+
+FILES_${PN}-omshell = "${bindir}/omshell"
+
+pkg_postinst_dhcp-server() {
+ mkdir -p $D/${localstatedir}/lib/dhcp
+ touch $D/${localstatedir}/lib/dhcp/dhcpd.leases
+ touch $D/${localstatedir}/lib/dhcp/dhcpd6.leases
+}
+
+pkg_postinst_dhcp-client() {
+ mkdir -p $D/${localstatedir}/lib/dhcp
+}
+
+pkg_postrm_dhcp-server() {
+ rm -f $D/${localstatedir}/lib/dhcp/dhcpd.leases
+ rm -f $D/${localstatedir}/lib/dhcp/dhcpd6.leases
+
+ if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then
+ echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty."
+ fi
+}
+
+pkg_postrm_dhcp-client() {
+ rm -f $D/${localstatedir}/lib/dhcp/dhclient.leases
+ rm -f $D/${localstatedir}/lib/dhcp/dhclient6.leases
+
+ if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then
+ echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty."
+ fi
+}
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
new file mode 100644
index 000000000..e5b3cf9bc
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
@@ -0,0 +1,30 @@
+From 7cc29144535a622fc671dc86eb1da65b0473a7c4 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 16:14:22 +0800
+Subject: [PATCH 01/11] define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF
+
+Upstream-Status: Inappropriate [OE specific]
+
+Rebase to 4.3.6
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ includes/site.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/includes/site.h b/includes/site.h
+index b2f7fd7..280fbb9 100644
+--- a/includes/site.h
++++ b/includes/site.h
+@@ -149,7 +149,8 @@
+ /* Define this if you want the dhcpd.conf file to go somewhere other than
+ the default location. By default, it goes in /etc/dhcpd.conf. */
+
+-/* #define _PATH_DHCPD_CONF "/etc/dhcpd.conf" */
++#define _PATH_DHCPD_CONF "/etc/dhcp/dhcpd.conf"
++#define _PATH_DHCLIENT_CONF "/etc/dhcp/dhclient.conf"
+
+ /* Network API definitions. You do not need to choose one of these - if
+ you don't choose, one will be chosen for you in your system's config
+--
+1.8.3.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
new file mode 100644
index 000000000..101c33f67
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
@@ -0,0 +1,117 @@
+From be7540d31c356e80ee02e90e8bf162b7ac6e5ba5 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 14:56:56 +0800
+Subject: [PATCH 02/11] dhclient dbus
+
+Upstream-Status: Inappropriate [distribution]
+
+Rebase to 4.3.6
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/scripts/bsdos | 5 +++++
+ client/scripts/freebsd | 5 +++++
+ client/scripts/linux | 5 +++++
+ client/scripts/netbsd | 5 +++++
+ client/scripts/openbsd | 5 +++++
+ client/scripts/solaris | 5 +++++
+ 6 files changed, 30 insertions(+)
+
+diff --git a/client/scripts/bsdos b/client/scripts/bsdos
+index d69d0d8..095b143 100755
+--- a/client/scripts/bsdos
++++ b/client/scripts/bsdos
+@@ -45,6 +45,11 @@ exit_with_hooks() {
+ . /etc/dhclient-exit-hooks
+ fi
+ # probably should do something with exit status of the local script
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+diff --git a/client/scripts/freebsd b/client/scripts/freebsd
+index 8f3e2a2..ad7fb44 100755
+--- a/client/scripts/freebsd
++++ b/client/scripts/freebsd
+@@ -89,6 +89,11 @@ exit_with_hooks() {
+ . /etc/dhclient-exit-hooks
+ fi
+ # probably should do something with exit status of the local script
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 5fb1612..3d447b6 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -174,6 +174,11 @@ exit_with_hooks() {
+ exit_status=$?
+ fi
+
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+diff --git a/client/scripts/netbsd b/client/scripts/netbsd
+index 07383b7..aaba8e8 100755
+--- a/client/scripts/netbsd
++++ b/client/scripts/netbsd
+@@ -45,6 +45,11 @@ exit_with_hooks() {
+ . /etc/dhclient-exit-hooks
+ fi
+ # probably should do something with exit status of the local script
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+diff --git a/client/scripts/openbsd b/client/scripts/openbsd
+index e7f4746..56b980c 100644
+--- a/client/scripts/openbsd
++++ b/client/scripts/openbsd
+@@ -45,6 +45,11 @@ exit_with_hooks() {
+ . /etc/dhclient-exit-hooks
+ fi
+ # probably should do something with exit status of the local script
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+diff --git a/client/scripts/solaris b/client/scripts/solaris
+index af553b9..4a2aa69 100755
+--- a/client/scripts/solaris
++++ b/client/scripts/solaris
+@@ -26,6 +26,11 @@ exit_with_hooks() {
+ . /etc/dhclient-exit-hooks
+ fi
+ # probably should do something with exit status of the local script
++ if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++ dbus-send --system --dest=com.redhat.dhcp \
++ --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++ 'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++ fi
+ exit $exit_status
+ }
+
+--
+1.8.3.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
new file mode 100644
index 000000000..810c7b6da
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
@@ -0,0 +1,38 @@
+From d80bd792323dbd56269309f85b4506eb6b1b60e9 Mon Sep 17 00:00:00 2001
+From: Andrei Gherzan <andrei@gherzan.ro>
+Date: Tue, 15 Aug 2017 15:05:47 +0800
+Subject: [PATCH 03/11] link with lcrypto
+
+From 4.2.0 final release, -lcrypto check was removed and we compile
+static libraries
+from bind that are linked to libcrypto. This is why i added a patch in
+order to add
+-lcrypto to LIBS.
+
+Upstream-Status: Pending
+Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
+
+Rebase to 4.3.6
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ configure.ac | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index cdfa352..44fb57e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -591,6 +591,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn));
+ # Look for optional headers.
+ AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
+
++# find an MD5 library
++AC_SEARCH_LIBS(MD5_Init, [crypto])
++AC_SEARCH_LIBS(MD5Init, [crypto])
++
+ # Solaris needs some libraries for functions
+ AC_SEARCH_LIBS(socket, [socket])
+ AC_SEARCH_LIBS(inet_ntoa, [nsl])
+--
+1.8.3.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
new file mode 100644
index 000000000..7d1d86798
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
@@ -0,0 +1,100 @@
+From cccec0344d68dac4100b6f260ee24e7c2da9dfda Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 15:08:22 +0800
+Subject: [PATCH 04/11] Fix out of tree builds
+
+Upstream-Status: Pending
+
+RP 2013/03/21
+
+Rebase to 4.3.6
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/Makefile.am | 4 ++--
+ common/Makefile.am | 3 ++-
+ dhcpctl/Makefile.am | 2 ++
+ omapip/Makefile.am | 1 +
+ relay/Makefile.am | 2 +-
+ server/Makefile.am | 2 +-
+ 6 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/client/Makefile.am b/client/Makefile.am
+index 2cb83d8..4730bb3 100644
+--- a/client/Makefile.am
++++ b/client/Makefile.am
+@@ -7,11 +7,11 @@ SUBDIRS = . tests
+ BINDLIBDIR = @BINDDIR@/lib
+
+ AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
+- -DLOCALSTATEDIR='"$(localstatedir)"'
++ -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
+
+ dist_sysconf_DATA = dhclient.conf.example
+ sbin_PROGRAMS = dhclient
+-dhclient_SOURCES = clparse.c dhclient.c dhc6.c \
++dhclient_SOURCES = $(srcdir)/clparse.c $(srcdir)/dhclient.c $(srcdir)/dhc6.c \
+ scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
+ scripts/netbsd scripts/nextstep scripts/openbsd \
+ scripts/solaris scripts/openwrt
+diff --git a/common/Makefile.am b/common/Makefile.am
+index 113aee8..0f24fbb 100644
+--- a/common/Makefile.am
++++ b/common/Makefile.am
+@@ -1,4 +1,5 @@
+-AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
++AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
++
+ AM_CFLAGS = $(LDAP_CFLAGS)
+
+ noinst_LIBRARIES = libdhcp.a
+diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
+index ceb0de1..ba8dd8b 100644
+--- a/dhcpctl/Makefile.am
++++ b/dhcpctl/Makefile.am
+@@ -1,5 +1,7 @@
+ BINDLIBDIR = @BINDDIR@/lib
+
++AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
++
+ bin_PROGRAMS = omshell
+ lib_LIBRARIES = libdhcpctl.a
+ noinst_PROGRAMS = cltest
+diff --git a/omapip/Makefile.am b/omapip/Makefile.am
+index 446a594..dd1afa0 100644
+--- a/omapip/Makefile.am
++++ b/omapip/Makefile.am
+@@ -1,4 +1,5 @@
+ BINDLIBDIR = @BINDDIR@/lib
++AM_CPPFLAGS = -I$(top_srcdir)/includes
+
+ lib_LIBRARIES = libomapi.a
+ noinst_PROGRAMS = svtest
+diff --git a/relay/Makefile.am b/relay/Makefile.am
+index 3060eca..6d652f6 100644
+--- a/relay/Makefile.am
++++ b/relay/Makefile.am
+@@ -1,6 +1,6 @@
+ BINDLIBDIR = @BINDDIR@/lib
+
+-AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"'
++AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+
+ sbin_PROGRAMS = dhcrelay
+ dhcrelay_SOURCES = dhcrelay.c
+diff --git a/server/Makefile.am b/server/Makefile.am
+index 54feedf..3990b9c 100644
+--- a/server/Makefile.am
++++ b/server/Makefile.am
+@@ -6,7 +6,7 @@ SUBDIRS = . tests
+
+ BINDLIBDIR = @BINDDIR@/lib
+
+-AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
++AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+
+ dist_sysconf_DATA = dhcpd.conf.example
+ sbin_PROGRAMS = dhcpd
+--
+1.8.3.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
new file mode 100644
index 000000000..dd56381b1
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
@@ -0,0 +1,36 @@
+From 2e8ff0e4f6d39e346ea86b8c514ab4ccc78fa359 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 15:24:14 +0800
+Subject: [PATCH 05/11] dhcp-client: fix invoke dhclient-script failed on
+ Read-only file system
+
+In read-only file system, '/etc' is on the readonly partition,
+and '/etc/resolv.conf' is symlinked to a separate writable
+partition.
+
+In this situation, we create temp files 'resolv.conf.dhclient-new'
+in /tmp dir.
+
+Upstream-Status: Pending
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/scripts/linux | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 3d447b6..3122a75 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -40,7 +40,7 @@ make_resolv_conf() {
+ # DHCPv4
+ if [ -n "$new_domain_search" ] || [ -n "$new_domain_name" ] ||
+ [ -n "$new_domain_name_servers" ]; then
+- new_resolv_conf=/etc/resolv.conf.dhclient-new
++ new_resolv_conf=/tmp/resolv.conf.dhclient-new
+ rm -f $new_resolv_conf
+
+ if [ -n "$new_domain_name" ]; then
+--
+1.8.3.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch
new file mode 100644
index 000000000..c62b283d5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch
@@ -0,0 +1,30 @@
+From 01641d146e4e6bea954e4a4ee1f6230b822665b4 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Tue, 15 Aug 2017 15:37:49 +0800
+Subject: [PATCH 06/11] site.h: enable gentle shutdown
+
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+Rebase to 4.3.6
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ includes/site.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/includes/site.h b/includes/site.h
+index 280fbb9..e6c2972 100644
+--- a/includes/site.h
++++ b/includes/site.h
+@@ -296,7 +296,7 @@
+ situations. We plan to revisit this feature and may
+ make non-backwards compatible changes including the
+ removal of this define. Use at your own risk. */
+-/* #define ENABLE_GENTLE_SHUTDOWN */
++#define ENABLE_GENTLE_SHUTDOWN
+
+ /* Include old error codes. This is provided in case you
+ are building an external program similar to omshell for
+--
+1.8.3.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
new file mode 100644
index 000000000..43c26ea21
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
@@ -0,0 +1,42 @@
+From 7107511fd209f08f9a96f8938041ae48f3295895 Mon Sep 17 00:00:00 2001
+From: Christopher Larson <chris_larson@mentor.com>
+Date: Tue, 15 Aug 2017 16:17:49 +0800
+Subject: [PATCH 07/11] Add configure argument to make the libxml2 dependency
+ explicit and determinisitic.
+
+Upstream-Status: Pending
+
+Signed-off-by: Christopher Larson <chris_larson@mentor.com>
+
+Rebase to 4.3.6
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ configure.ac | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 44fb57e..8e9f509 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -611,6 +611,17 @@ AC_CHECK_FUNCS(strlcat)
+ # For HP/UX we need -lipv6 for if_nametoindex, perhaps others.
+ AC_SEARCH_LIBS(if_nametoindex, [ipv6])
+
++AC_ARG_WITH(libxml2,
++ AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]),
++ with_libxml2="$withval", with_libxml2="no")
++
++if test x$with_libxml2 != xno; then
++ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],
++ [if test x$with_libxml2 != xauto; then
++ AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
++ fi])
++fi
++
+ # check for /dev/random (declares HAVE_DEV_RANDOM)
+ AC_MSG_CHECKING(for random device)
+ AC_ARG_WITH(randomdev,
+--
+1.8.3.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
new file mode 100644
index 000000000..006d18ae7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
@@ -0,0 +1,117 @@
+From 92875f5cc44914515e50c11c503a09cec90497b2 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Sat, 11 Jun 2016 22:51:44 -0400
+Subject: [PATCH 08/11] tweak to support external bind
+
+Tweak the external bind to oe-core's sysroot rather than
+external bind source build.
+
+Upstream-Status: Inappropriate <oe-core specific>
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/Makefile.am | 2 +-
+ client/tests/Makefile.am | 2 +-
+ common/tests/Makefile.am | 2 +-
+ dhcpctl/Makefile.am | 2 +-
+ omapip/Makefile.am | 2 +-
+ relay/Makefile.am | 2 +-
+ server/Makefile.am | 2 +-
+ server/tests/Makefile.am | 2 +-
+ 8 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/client/Makefile.am b/client/Makefile.am
+index 4730bb3..84d8131 100644
+--- a/client/Makefile.am
++++ b/client/Makefile.am
+@@ -4,7 +4,7 @@
+ # production code. Sadly, we are not there yet.
+ SUBDIRS = . tests
+
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+
+ AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
+ -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
+diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am
+index 5031d0c..a8dfd26 100644
+--- a/client/tests/Makefile.am
++++ b/client/tests/Makefile.am
+@@ -1,6 +1,6 @@
+ SUBDIRS = .
+
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+
+ AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
+ AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
+diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
+index f6a43e4..2f98d22 100644
+--- a/common/tests/Makefile.am
++++ b/common/tests/Makefile.am
+@@ -1,6 +1,6 @@
+ SUBDIRS = .
+
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+
+ AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes
+
+diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
+index ba8dd8b..9b2486e 100644
+--- a/dhcpctl/Makefile.am
++++ b/dhcpctl/Makefile.am
+@@ -1,4 +1,4 @@
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+
+ AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
+
+diff --git a/omapip/Makefile.am b/omapip/Makefile.am
+index dd1afa0..e4a8599 100644
+--- a/omapip/Makefile.am
++++ b/omapip/Makefile.am
+@@ -1,4 +1,4 @@
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+ AM_CPPFLAGS = -I$(top_srcdir)/includes
+
+ lib_LIBRARIES = libomapi.a
+diff --git a/relay/Makefile.am b/relay/Makefile.am
+index 6d652f6..b3bf578 100644
+--- a/relay/Makefile.am
++++ b/relay/Makefile.am
+@@ -1,4 +1,4 @@
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+
+ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+
+diff --git a/server/Makefile.am b/server/Makefile.am
+index 3990b9c..b5d8c2d 100644
+--- a/server/Makefile.am
++++ b/server/Makefile.am
+@@ -4,7 +4,7 @@
+ # production code. Sadly, we are not there yet.
+ SUBDIRS = . tests
+
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+
+ AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+
+diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
+index a87c5e7..9821081 100644
+--- a/server/tests/Makefile.am
++++ b/server/tests/Makefile.am
+@@ -1,6 +1,6 @@
+ SUBDIRS = .
+
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+
+ AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
+ AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
+--
+1.8.3.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
new file mode 100644
index 000000000..912b6d631
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
@@ -0,0 +1,28 @@
+From f3f8b7726e50e24ef3edf5fa5a17e31d39118d7e Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <armccurdy@gmail.com>
+Date: Tue, 15 Aug 2017 15:49:31 +0800
+Subject: [PATCH 09/11] remove dhclient-script bash dependency
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+
+Rebase to 4.3.6
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/scripts/linux | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 3122a75..1712d7d 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ # dhclient-script for Linux. Dan Halbert, March, 1997.
+ # Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
+ # No guarantees about this. I'm a novice at the details of Linux
+--
+1.8.3.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch
new file mode 100644
index 000000000..f128731c6
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch
@@ -0,0 +1,208 @@
+From 76c370a929e5ab5dbc81c2fbcf4e50f4fbc08ce9 Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Tue, 15 Aug 2017 15:53:37 +0800
+Subject: [PATCH 10/11] build shared libs
+
+Upstream-Status: Pending
+
+Port patches from Fedora to build shared libs rather than static libs.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+Rebase to 4.3.6
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/Makefile.am | 4 ++--
+ common/tests/Makefile.am | 13 +++++--------
+ configure.ac | 12 ++----------
+ dhcpctl/Makefile.am | 14 ++++++--------
+ omapip/Makefile.am | 7 +++----
+ relay/Makefile.am | 5 ++---
+ server/Makefile.am | 7 +++----
+ server/tests/Makefile.am | 7 +++----
+ 8 files changed, 26 insertions(+), 43 deletions(-)
+
+diff --git a/client/Makefile.am b/client/Makefile.am
+index 84d8131..e776bf0 100644
+--- a/client/Makefile.am
++++ b/client/Makefile.am
+@@ -15,7 +15,7 @@ dhclient_SOURCES = $(srcdir)/clparse.c $(srcdir)/dhclient.c $(srcdir)/dhc6.c \
+ scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
+ scripts/netbsd scripts/nextstep scripts/openbsd \
+ scripts/solaris scripts/openwrt
+-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+ man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
+ EXTRA_DIST = $(man_MANS)
+diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
+index 2f98d22..8745e88 100644
+--- a/common/tests/Makefile.am
++++ b/common/tests/Makefile.am
+@@ -15,26 +15,23 @@ ATF_TESTS += alloc_unittest dns_unittest misc_unittest ns_name_unittest
+ alloc_unittest_SOURCES = test_alloc.c $(top_srcdir)/tests/t_api_dhcp.c
+ alloc_unittest_LDADD = $(ATF_LDFLAGS)
+ alloc_unittest_LDADD += ../libdhcp.a \
+- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc
+
+ dns_unittest_SOURCES = dns_unittest.c $(top_srcdir)/tests/t_api_dhcp.c
+ dns_unittest_LDADD = $(ATF_LDFLAGS)
+ dns_unittest_LDADD += ../libdhcp.a \
+- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc
+
+ misc_unittest_SOURCES = misc_unittest.c $(top_srcdir)/tests/t_api_dhcp.c
+ misc_unittest_LDADD = $(ATF_LDFLAGS)
+ misc_unittest_LDADD += ../libdhcp.a \
+- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++ ../../omapip/libomapi.la -L$(BINDLIBDIR) -ldns -lisccfg -lisc
+
+ ns_name_unittest_SOURCES = ns_name_test.c $(top_srcdir)/tests/t_api_dhcp.c
+ ns_name_unittest_LDADD = $(ATF_LDFLAGS)
+ ns_name_unittest_LDADD += ../libdhcp.a \
+- ../../omapip/libomapi.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++ ../../omapip/libomapi.a -L$(BINDLIBDIR) \
++ -ldns -lisccfg -lisc
+
+ check: $(ATF_TESTS)
+ @if test $(top_srcdir) != ${top_builddir}; then \
+diff --git a/configure.ac b/configure.ac
+index 8e9f509..bfe988a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -47,16 +47,8 @@ AM_CONDITIONAL(CROSS_COMPILING, test "$cross_compiling" = "yes")
+ # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API.
+ AC_USE_SYSTEM_EXTENSIONS
+
+-AC_PROG_RANLIB
+-
+-AC_PATH_PROG(AR, ar)
+-AC_SUBST(AR)
+-
+-if test "X$AR" = "X"; then
+- AC_MSG_ERROR([
+-ar program not found. Please fix your PATH to include the directory in
+-which ar resides, or set AR in the environment with the full path to ar.])
+-fi
++# Use libtool to simplify building of shared libraries
++AC_PROG_LIBTOOL
+
+ AC_CONFIG_HEADERS([includes/config.h])
+
+diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
+index 9b2486e..784cdf7 100644
+--- a/dhcpctl/Makefile.am
++++ b/dhcpctl/Makefile.am
+@@ -3,19 +3,17 @@ BINDLIBDIR = @BINDDIR@
+ AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
+
+ bin_PROGRAMS = omshell
+-lib_LIBRARIES = libdhcpctl.a
++lib_LTLIBRARIES = libdhcpctl.la
+ noinst_PROGRAMS = cltest
+ man_MANS = omshell.1 dhcpctl.3
+ EXTRA_DIST = $(man_MANS)
+
+ omshell_SOURCES = omshell.c
+-omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
+- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++omshell_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+
+-libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
++libdhcpctl_la_SOURCES = dhcpctl.c callback.c remote.c
+
+ cltest_SOURCES = cltest.c
+-cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
+- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++cltest_LDADD = libdhcpctl.la ../common/libdhcp.a ../omapip/libomapi.la \
++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+diff --git a/omapip/Makefile.am b/omapip/Makefile.am
+index e4a8599..c0c7a1e 100644
+--- a/omapip/Makefile.am
++++ b/omapip/Makefile.am
+@@ -1,10 +1,10 @@
+ BINDLIBDIR = @BINDDIR@
+ AM_CPPFLAGS = -I$(top_srcdir)/includes
+
+-lib_LIBRARIES = libomapi.a
++lib_LTLIBRARIES = libomapi.la
+ noinst_PROGRAMS = svtest
+
+-libomapi_a_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
++libomapi_la_SOURCES = protocol.c buffer.c alloc.c result.c connection.c \
+ errwarn.c listener.c dispatch.c generic.c support.c \
+ handle.c message.c convert.c hash.c auth.c inet_addr.c \
+ array.c trace.c toisc.c iscprint.c isclib.c
+@@ -13,6 +13,5 @@ man_MANS = omapi.3
+ EXTRA_DIST = $(man_MANS)
+
+ svtest_SOURCES = test.c
+-svtest_LDADD = libomapi.a $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++svtest_LDADD = libomapi.la -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+
+diff --git a/relay/Makefile.am b/relay/Makefile.am
+index b3bf578..f47009f 100644
+--- a/relay/Makefile.am
++++ b/relay/Makefile.am
+@@ -4,9 +4,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+
+ sbin_PROGRAMS = dhcrelay
+ dhcrelay_SOURCES = dhcrelay.c
+-dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
+- $(BINDLIBDIR)/libirs.a $(BINDLIBDIR)/libdns.a \
+- $(BINDLIBDIR)/libisccfg.a $(BINDLIBDIR)/libisc.a
++dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+ man_MANS = dhcrelay.8
+ EXTRA_DIST = $(man_MANS)
+
+diff --git a/server/Makefile.am b/server/Makefile.am
+index b5d8c2d..d7f876d 100644
+--- a/server/Makefile.am
++++ b/server/Makefile.am
+@@ -15,10 +15,9 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
+ dhcpv6.c mdb6.c ldap.c ldap_casa.c leasechain.c ldap_krb_helper.c
+
+ dhcpd_CFLAGS = $(LDAP_CFLAGS)
+-dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
+- ../dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \
+- $(BINDLIBDIR)/libisc.a $(LDAP_LIBS)
++dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
++ ../dhcpctl/libdhcpctl.la -L$(BINDLIBDIR) \
++ -lirs -ldns -lisccfg -lisc $(LDAP_LIBS)
+
+ man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
+ EXTRA_DIST = $(man_MANS)
+diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
+index 9821081..de95872 100644
+--- a/server/tests/Makefile.am
++++ b/server/tests/Makefile.am
+@@ -19,10 +19,9 @@ DHCPSRC = ../dhcp.c ../bootp.c ../confpars.c ../db.c ../class.c \
+ ../ddns.c ../dhcpleasequery.c ../dhcpv6.c ../mdb6.c \
+ ../ldap.c ../ldap_casa.c ../dhcpd.c ../leasechain.c
+
+-DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.a \
+- $(top_builddir)/dhcpctl/libdhcpctl.a $(BINDLIBDIR)/libirs.a \
+- $(BINDLIBDIR)/libdns.a $(BINDLIBDIR)/libisccfg.a \
+- $(BINDLIBDIR)/libisc.a
++DHCPLIBS = $(top_builddir)/common/libdhcp.a $(top_builddir)/omapip/libomapi.la \
++ $(top_builddir)/dhcpctl/libdhcpctl.la \
++ -L$(BINDLIBDIR) -lirs -ldns -lisccfg -lisc
+
+ ATF_TESTS =
+ if HAVE_ATF
+--
+1.8.3.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch
new file mode 100644
index 000000000..67bb4631a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch
@@ -0,0 +1,81 @@
+From 37725f3e22edb50e0ca2d1fff971321a5a4d5112 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Wed, 12 Jul 2017 03:05:13 -0400
+Subject: [PATCH 11/11] Moved the call to isc_app_ctxstart() to not get signal
+ block by all threads
+
+Signed-off-by: Francis Dupont <fdupont@isc.org>
+
+In https://source.isc.org/git/bind9.git, since the following
+commit applied:
+...
+commit b99bfa184bc9375421b5df915eea7dfac6a68a99
+Author: Evan Hunt <each@isc.org>
+Date: Wed Apr 10 13:49:57 2013 -0700
+
+ [master] unify internal and export libraries
+
+ 3550. [func] Unified the internal and export versions of the
+ BIND libraries, allowing external clients to use
+ the same libraries as BIND. [RT #33131]
+...
+(git show b99bfa184bc9375421b5df915eea7dfac6a68a99 -- ./lib/isc/unix/app.c)
+
+In this commit, if bind9 enable threads(ISC_PLATFORM_USETHREADS),
+it blocks signal SIGHUP, SIGINT and SIGTERM in isc__app_ctxstart.
+Which caused dhclient/dhcpd could not be stopped by SIGTERM.
+
+It caused systemd's reboot hung which send SIGTERM by default.
+
+Upstream-Status: Backport [https://source.isc.org/git/dhcp.git]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ omapip/isclib.c | 25 +++++++++++++++----------
+ 1 file changed, 15 insertions(+), 10 deletions(-)
+
+diff --git a/omapip/isclib.c b/omapip/isclib.c
+index ce86490..6a04345 100644
+--- a/omapip/isclib.c
++++ b/omapip/isclib.c
+@@ -185,16 +185,6 @@ dhcp_context_create(int flags,
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+- result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
+- if (result != ISC_R_SUCCESS)
+- return (result);
+- dhcp_gbl_ctx.actx_started = ISC_TRUE;
+-
+- /* Not all OSs support suppressing SIGPIPE through socket
+- * options, so set the sigal action to be ignore. This allows
+- * broken connections to fail gracefully with EPIPE on writes */
+- handle_signal(SIGPIPE, SIG_IGN);
+-
+ result = isc_taskmgr_createinctx(dhcp_gbl_ctx.mctx,
+ dhcp_gbl_ctx.actx,
+ 1, 0,
+@@ -217,6 +207,21 @@ dhcp_context_create(int flags,
+ result = isc_task_create(dhcp_gbl_ctx.taskmgr, 0, &dhcp_gbl_ctx.task);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
++
++ result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
++ if (result != ISC_R_SUCCESS)
++ return (result);
++ dhcp_gbl_ctx.actx_started = ISC_TRUE;
++
++ /* Not all OSs support suppressing SIGPIPE through socket
++ * options, so set the sigal action to be ignore. This allows
++ * broken connections to fail gracefully with EPIPE on writes */
++ handle_signal(SIGPIPE, SIG_IGN);
++
++ /* Reset handlers installed by isc_app_ctxstart()
++ * to default for control-c and kill */
++ handle_signal(SIGINT, SIG_DFL);
++ handle_signal(SIGTERM, SIG_DFL);
+ }
+
+ #if defined (NSUPDATE)
+--
+1.8.3.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
new file mode 100644
index 000000000..2d3af9db0
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
@@ -0,0 +1,37 @@
+From 501543b3ef715488a142e3d301ff2733aa33eec7 Mon Sep 17 00:00:00 2001
+From: Awais Belal <awais_belal@mentor.com>
+Date: Wed, 25 Oct 2017 21:00:05 +0500
+Subject: [PATCH] dhcp: correct the intention for xml2 lib search
+
+A missing case breaks the build when libxml2 is
+required and found appropriately. The third argument
+to the function AC_SEARCH_LIB is action-if-found which
+was mistakenly been used for the case where the library
+is not found and hence breaks the configure phase
+where it shoud actually pass.
+We now pass on silently when action-if-found is
+executed.
+
+Upstream-Status: Pending
+
+Signed-off-by: Awais Belal <awais_belal@mentor.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index bfe988a..f0459e6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -608,7 +608,7 @@ AC_ARG_WITH(libxml2,
+ with_libxml2="$withval", with_libxml2="no")
+
+ if test x$with_libxml2 != xno; then
+- AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],
++ AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],,
+ [if test x$with_libxml2 != xauto; then
+ AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
+ fi])
+--
+2.11.1
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
new file mode 100644
index 000000000..2b2688cb2
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
@@ -0,0 +1,74 @@
+From 8cfdedee369c26d2869b6ec4a64460b5f5a30934 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Thu, 7 Dec 2017 11:39:30 -0500
+Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI
+
+ Merges in rt46767.
+
+Upstream-Status: Backport
+[https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4]
+
+CVE: CVE-2017-3144
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ RELNOTES | 7 +++++++
+ omapip/buffer.c | 9 +++++++++
+ omapip/message.c | 2 +-
+ 3 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/RELNOTES b/RELNOTES
+index dd40aaf..3741b80 100644
+--- a/RELNOTES
++++ b/RELNOTES
+@@ -66,6 +66,13 @@ We welcome comments from DHCP users, about this or anything else we do.
+ Email Vicky Risk, Product Manager at vicky@isc.org or discuss on
+ dhcp-users@lists.isc.org.
+
++- Plugged a socket descriptor leak in OMAPI, that can occur when there is
++ data pending to be written to an OMAPI connection, when the connection
++ is closed by the reader. Thanks to Pavel Zhukov at RedHat for bringing
++ this issue to our attention and whose patch helped guide us in the right
++ direction.
++ [ISc-Bugs #46767]
++
+ Changes since 4.3.6b1
+
+ - None
+diff --git a/omapip/buffer.c b/omapip/buffer.c
+index f7fdc32..809034d 100644
+--- a/omapip/buffer.c
++++ b/omapip/buffer.c
+@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
+ omapi_buffer_dereference (&buffer, MDL);
+ }
+ }
++
++ /* If we had data left to write when we're told to disconnect,
++ * we need recall disconnect, now that we're done writing.
++ * See rt46767. */
++ if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
++ omapi_disconnect (h, 1);
++ return ISC_R_SHUTTINGDOWN;
++ }
++
+ return ISC_R_SUCCESS;
+ }
+
+diff --git a/omapip/message.c b/omapip/message.c
+index 59ccdc2..21bcfc3 100644
+--- a/omapip/message.c
++++ b/omapip/message.c
+@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
+ }
+
+ #ifdef DEBUG_PROTOCOL
+-static const char *omapi_message_op_name(int op) {
++const char *omapi_message_op_name(int op) {
+ switch (op) {
+ case OMAPI_OP_OPEN: return "OMAPI_OP_OPEN";
+ case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
new file mode 100644
index 000000000..cc135493e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
@@ -0,0 +1,22 @@
+require dhcp.inc
+
+SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \
+ file://0002-dhclient-dbus.patch \
+ file://0003-link-with-lcrypto.patch \
+ file://0004-Fix-out-of-tree-builds.patch \
+ file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \
+ file://0006-site.h-enable-gentle-shutdown.patch \
+ file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \
+ file://0008-tweak-to-support-external-bind.patch \
+ file://0009-remove-dhclient-script-bash-dependency.patch \
+ file://0010-build-shared-libs.patch \
+ file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \
+ file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
+ file://CVE-2017-3144.patch \
+ "
+
+SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc"
+SRC_URI[sha256sum] = "a41eaf6364f1377fe065d35671d9cf82bbbc8f21207819b2b9f33f652aec6f1b"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2"
diff --git a/poky/meta/recipes-connectivity/dhcp/files/default-relay b/poky/meta/recipes-connectivity/dhcp/files/default-relay
new file mode 100644
index 000000000..7961f014b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/files/default-relay
@@ -0,0 +1,12 @@
+# Defaults for dhcp-relay initscript
+# sourced by /etc/init.d/dhcp-relay
+
+# What servers should the DHCP relay forward requests to?
+# e.g: SERVERS="192.168.0.1"
+SERVERS=""
+
+# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests?
+INTERFACES=""
+
+# Additional options that are passed to the DHCP relay daemon?
+OPTIONS=""
diff --git a/poky/meta/recipes-connectivity/dhcp/files/default-server b/poky/meta/recipes-connectivity/dhcp/files/default-server
new file mode 100644
index 000000000..0385d1699
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/files/default-server
@@ -0,0 +1,7 @@
+# Defaults for dhcp initscript
+# sourced by /etc/init.d/dhcp-server
+# installed at /etc/default/dhcp-server by the maintainer scripts
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACES=""
diff --git a/poky/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper b/poky/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper
new file mode 100644
index 000000000..7d0e224a1
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# In case the interface is used for nfs, skip it.
+nfsroot=0
+interfaces=""
+exec 9<&0 < /proc/mounts
+while read dev mtpt fstype rest; do
+ if test $mtpt = "/" ; then
+ case $fstype in
+ nfs | nfs4)
+ nfsroot=1
+ nfs_addr=`echo $rest | sed -e 's/^.*addr=\([0-9.]*\).*$/\1/'`
+ break
+ ;;
+ *)
+ ;;
+ esac
+ fi
+done
+exec 0<&9 9<&-
+
+if [ $nfsroot -eq 0 ]; then
+ interfaces="$INTERFACES"
+else
+ if [ -x /bin/ip -o -x /sbin/ip ] ; then
+ nfs_iface=`ip route get $nfs_addr | grep dev | sed -e 's/^.*dev \([-a-z0-9.]*\).*$/\1/'`
+ fi
+ for i in $INTERFACES; do
+ if test "x$i" = "x$nfs_iface"; then
+ echo "dhclient skipping nfsroot interface $i"
+ else
+ interfaces="$interfaces $i"
+ fi
+ done
+fi
+
+if test "x$interfaces" != "x"; then
+ /sbin/dhclient -d -cf /etc/dhcp/dhclient.conf -q -lf /var/lib/dhcp/dhclient.leases $interfaces
+fi
diff --git a/poky/meta/recipes-connectivity/dhcp/files/dhclient.conf b/poky/meta/recipes-connectivity/dhcp/files/dhclient.conf
new file mode 100644
index 000000000..0e6dcf96c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/files/dhclient.conf
@@ -0,0 +1,50 @@
+# Configuration file for /sbin/dhclient, which is included in Debian's
+# dhcp3-client package.
+#
+# This is a sample configuration file for dhclient. See dhclient.conf's
+# man page for more information about the syntax of this file
+# and a more comprehensive list of the parameters understood by
+# dhclient.
+#
+# Normally, if the DHCP server provides reasonable information and does
+# not leave anything out (like the domain name, for example), then
+# few changes must be made to this file, if any.
+#
+
+#send host-name "andare.fugue.com";
+#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
+#send dhcp-lease-time 3600;
+#supersede domain-name "fugue.com home.vix.com";
+#prepend domain-name-servers 127.0.0.1;
+request subnet-mask, broadcast-address, time-offset, routers,
+ domain-name, domain-name-servers, host-name,
+ netbios-name-servers, netbios-scope;
+#require subnet-mask, domain-name-servers;
+#timeout 60;
+#retry 60;
+#reboot 10;
+#select-timeout 5;
+#initial-interval 2;
+#script "/etc/dhcp3/dhclient-script";
+#media "-link0 -link1 -link2", "link0 link1";
+#reject 192.33.137.209;
+
+#alias {
+# interface "eth0";
+# fixed-address 192.5.5.213;
+# option subnet-mask 255.255.255.255;
+#}
+
+#lease {
+# interface "eth0";
+# fixed-address 192.33.137.200;
+# medium "link0 link1";
+# option host-name "andare.swiftmedia.com";
+# option subnet-mask 255.255.255.0;
+# option broadcast-address 192.33.137.255;
+# option routers 192.33.137.250;
+# option domain-name-servers 127.0.0.1;
+# renew 2 2000/1/12 00:00:01;
+# rebind 2 2000/1/12 00:00:01;
+# expire 2 2000/1/12 00:00:01;
+#}
diff --git a/poky/meta/recipes-connectivity/dhcp/files/dhclient.service b/poky/meta/recipes-connectivity/dhcp/files/dhclient.service
new file mode 100644
index 000000000..9ddb4d1df
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/files/dhclient.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Dynamic Host Configuration Protocol (DHCP)
+Wants=network.target
+Before=network.target
+After=systemd-udevd.service
+
+[Service]
+EnvironmentFile=-@SYSCONFDIR@/default/dhcp-client
+ExecStart=@BASE_SBINDIR@/dhclient-systemd-wrapper
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/dhcp/files/dhcpd.conf b/poky/meta/recipes-connectivity/dhcp/files/dhcpd.conf
new file mode 100644
index 000000000..0001c0f00
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/files/dhcpd.conf
@@ -0,0 +1,108 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+option domain-name "example.org";
+option domain-name-servers ns1.example.org, ns2.example.org;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+# range 10.254.239.10 10.254.239.20;
+# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+# range dynamic-bootp 10.254.239.40 10.254.239.60;
+# option broadcast-address 10.254.239.31;
+# option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+# range 10.5.5.26 10.5.5.30;
+# option domain-name-servers ns1.internal.example.org;
+# option domain-name "internal.example.org";
+# option routers 10.5.5.1;
+# option broadcast-address 10.5.5.31;
+# default-lease-time 600;
+# max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements. If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+# hardware ethernet 0:0:c0:5d:bd:95;
+# filename "vmunix.passacaglia";
+# server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts. These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP. Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+# hardware ethernet 08:00:07:26:c0:a5;
+# fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that. The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+# subnet 10.17.224.0 netmask 255.255.255.0 {
+# option routers rtr-224.example.org;
+# }
+# subnet 10.0.29.0 netmask 255.255.255.0 {
+# option routers rtr-29.example.org;
+# }
+# pool {
+# allow members of "foo";
+# range 10.17.224.10 10.17.224.250;
+# }
+# pool {
+# deny members of "foo";
+# range 10.0.29.10 10.0.29.230;
+# }
+#}
diff --git a/poky/meta/recipes-connectivity/dhcp/files/dhcpd.service b/poky/meta/recipes-connectivity/dhcp/files/dhcpd.service
new file mode 100644
index 000000000..ae4f93eca
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/files/dhcpd.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=DHCPv4 Server Daemon
+Documentation=man:dhcpd(8) man:dhcpd.conf(5)
+After=network.target
+After=time-sync.target
+
+[Service]
+PIDFile=@localstatedir@/run/dhcpd.pid
+EnvironmentFile=@SYSCONFDIR@/default/dhcp-server
+EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcp-server
+ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd.leases
+ExecStart=@SBINDIR@/dhcpd -f -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd.pid $DHCPDARGS -q $INTERFACES
+
+[Install]
+WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/dhcp/files/dhcpd6.service b/poky/meta/recipes-connectivity/dhcp/files/dhcpd6.service
new file mode 100644
index 000000000..ca96abb83
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/files/dhcpd6.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=DHCPv6 Server Daemon
+Documentation=man:dhcpd(8) man:dhcpd.conf(5)
+After=network.target
+After=time-sync.target
+
+[Service]
+PIDFile=@localstatedir@/run/dhcpd6.pid
+EnvironmentFile=@SYSCONFDIR@/default/dhcp-server
+EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcpd6
+ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd6.leases
+ExecStart=@SBINDIR@/dhcpd -f -6 -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd6.pid $DHCPDARGS -q $INTERFACES
+
+[Install]
+WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/dhcp/files/dhcrelay.service b/poky/meta/recipes-connectivity/dhcp/files/dhcrelay.service
new file mode 100644
index 000000000..15ff927d3
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/files/dhcrelay.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=DHCP Relay Agent Daemon
+After=network.target
+
+[Service]
+EnvironmentFile=@SYSCONFDIR@/default/dhcp-relay
+ExecStart=@SBINDIR@/dhcrelay -d --no-pid -q $SERVERS
+
+[Install]
+WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/dhcp/files/init-relay b/poky/meta/recipes-connectivity/dhcp/files/init-relay
new file mode 100644
index 000000000..019a7e84c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/files/init-relay
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# $Id: dhcp3-relay,v 1.1 2004/04/16 15:41:08 ml Exp $
+#
+
+# It is not safe to start if we don't have a default configuration...
+if [ ! -f /etc/default/dhcp-relay ]; then
+ echo "/etc/default/dhcp-relay does not exist! - Aborting..."
+ echo "create this file to fix the problem."
+ exit 1
+fi
+
+# Read init script configuration (interfaces the daemon should listen on
+# and the DHCP server we should forward requests to.)
+. /etc/default/dhcp-relay
+
+# Build command line for interfaces (will be passed to dhrelay below.)
+IFCMD=""
+if test "$INTERFACES" != ""; then
+ for I in $INTERFACES; do
+ IFCMD=${IFCMD}"-i "${I}" "
+ done
+fi
+
+DHCRELAYPID=/var/run/dhcrelay.pid
+
+case "$1" in
+ start)
+ start-stop-daemon -S -x /usr/sbin/dhcrelay -- -q $OPTIONS $IFCMD $SERVERS
+ ;;
+ stop)
+ start-stop-daemon -K -x /usr/sbin/dhcrelay
+ ;;
+ restart | force-reload)
+ $0 stop
+ sleep 2
+ $0 start
+ ;;
+ *)
+ echo "Usage: /etc/init.d/dhcp-relay {start|stop|restart|force-reload}"
+ exit 1
+esac
+
+exit 0
diff --git a/poky/meta/recipes-connectivity/dhcp/files/init-server b/poky/meta/recipes-connectivity/dhcp/files/init-server
new file mode 100644
index 000000000..5e693adf7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/files/init-server
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $
+#
+
+test -f /usr/sbin/dhcpd || exit 0
+
+# It is not safe to start if we don't have a default configuration...
+if [ ! -f /etc/default/dhcp-server ]; then
+ echo "/etc/default/dhcp-server does not exist! - Aborting..."
+ exit 0
+fi
+
+# Read init script configuration (so far only interfaces the daemon
+# should listen on.)
+. /etc/default/dhcp-server
+
+case "$1" in
+ start)
+ echo -n "Starting DHCP server: "
+ test -d /var/lib/dhcp/ || mkdir -p /var/lib/dhcp/
+ test -f /var/lib/dhcp/dhcpd.leases || touch /var/lib/dhcp/dhcpd.leases
+ start-stop-daemon -S -x /usr/sbin/dhcpd -- -q $INTERFACES -user dhcp -group dhcp
+ echo "."
+ ;;
+ stop)
+ echo -n "Stopping DHCP server: dhcpd3"
+ start-stop-daemon -K -x /usr/sbin/dhcpd
+ echo "."
+ ;;
+ restart | force-reload)
+ $0 stop
+ sleep 2
+ $0 start
+ if [ "$?" != "0" ]; then
+ exit 1
+ fi
+ ;;
+ *)
+ echo "Usage: /etc/init.d/dhcp-server {start|stop|restart|force-reload}"
+ exit 1
+esac
+
+exit 0
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2.inc b/poky/meta/recipes-connectivity/iproute2/iproute2.inc
new file mode 100644
index 000000000..4fbfec6f0
--- /dev/null
+++ b/poky/meta/recipes-connectivity/iproute2/iproute2.inc
@@ -0,0 +1,54 @@
+SUMMARY = "TCP / IP networking and traffic control utilities"
+DESCRIPTION = "Iproute2 is a collection of utilities for controlling \
+TCP / IP networking and traffic control in Linux. Of the utilities ip \
+and tc are the most important. ip controls IPv4 and IPv6 \
+configuration and tc stands for traffic control."
+HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2"
+SECTION = "base"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
+ file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817"
+
+DEPENDS = "flex-native bison-native iptables elfutils"
+
+inherit update-alternatives bash-completion pkgconfig
+
+CLEANBROKEN = "1"
+
+PACKAGECONFIG ??= "tipc"
+PACKAGECONFIG[tipc] = ",,libmnl,"
+
+EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.contains('PACKAGECONFIG', 'tipc', 'tipc', '', d)}' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'"
+
+do_configure_append () {
+ sh configure ${STAGING_INCDIR}
+ # Explicitly disable ATM support
+ sed -i -e '/TC_CONFIG_ATM/d' config.mk
+}
+
+do_install () {
+ oe_runmake DESTDIR=${D} install
+ mv ${D}${base_sbindir}/ip ${D}${base_sbindir}/ip.iproute2
+ install -d ${D}${datadir}
+ mv ${D}/share/* ${D}${datadir}/ || true
+ rm ${D}/share -rf || true
+}
+
+# The .so files in iproute2-tc are modules, not traditional libraries
+INSANE_SKIP_${PN}-tc = "dev-so"
+
+PACKAGES =+ "${PN}-tc ${PN}-lnstat ${PN}-ifstat ${PN}-genl ${PN}-rtacct ${PN}-nstat ${PN}-ss ${@bb.utils.contains('PACKAGECONFIG', 'tipc', '${PN}-tipc', '', d)}"
+FILES_${PN}-tc = "${base_sbindir}/tc* \
+ ${libdir}/tc/*.so"
+FILES_${PN}-lnstat = "${base_sbindir}/lnstat ${base_sbindir}/ctstat ${base_sbindir}/rtstat"
+FILES_${PN}-ifstat = "${base_sbindir}/ifstat"
+FILES_${PN}-genl = "${base_sbindir}/genl"
+FILES_${PN}-rtacct = "${base_sbindir}/rtacct"
+FILES_${PN}-nstat = "${base_sbindir}/nstat"
+FILES_${PN}-ss = "${base_sbindir}/ss"
+FILES_${PN}-tipc = "${base_sbindir}/tipc"
+
+ALTERNATIVE_${PN} = "ip"
+ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}"
+ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip"
+ALTERNATIVE_PRIORITY = "100"
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch b/poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch
new file mode 100644
index 000000000..a9027c5b5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch
@@ -0,0 +1,30 @@
+From 02ed10fc5215c4a32e6740b0a0c2439659be6801 Mon Sep 17 00:00:00 2001
+From: Changhyeok Bae <changhyeok.bae@gmail.com>
+Date: Mon, 13 Nov 2017 15:59:35 +0000
+Subject: [PATCH] ip: Remove unneed header
+
+Fix redefinition of struct ethhdr with a suitably patched musl libc
+that suppresses the kernel if_ether.h.
+
+Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
+
+Upstream-Status: Pending [netdev@vger.kernel.org]
+---
+ ip/iplink_bridge.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c
+index cccdec1..f065b22 100644
+--- a/ip/iplink_bridge.c
++++ b/ip/iplink_bridge.c
+@@ -13,7 +13,6 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <netinet/in.h>
+-#include <netinet/ether.h>
+ #include <linux/if_link.h>
+ #include <linux/if_bridge.h>
+ #include <net/if.h>
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch b/poky/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch
new file mode 100644
index 000000000..c3d3fea9c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch
@@ -0,0 +1,63 @@
+Subject: [PATCH] iproute2: de-bash scripts
+
+de-bash these two scripts to make iproute2 not depend on bash.
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ ip/ifcfg | 15 ++++++++-------
+ ip/rtpr | 2 +-
+ 2 files changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/ip/ifcfg b/ip/ifcfg
+index 30a2dc4..8677b2e 100644
+--- a/ip/ifcfg
++++ b/ip/ifcfg
+@@ -1,12 +1,13 @@
+-#! /bin/bash
++#! /bin/sh
+
+ CheckForwarding () {
+- local sbase fwd
++ local sbase fwd forwarding
+ sbase=/proc/sys/net/ipv4/conf
+ fwd=0
+ if [ -d $sbase ]; then
+ for dir in $sbase/*/forwarding; do
+- fwd=$[$fwd + `cat $dir`]
++ forwarding=`cat $dir`
++ fwd=$(($fwd+$forwarding))
+ done
+ else
+ fwd=2
+@@ -127,12 +128,12 @@ fi
+ arping -q -A -c 1 -I $dev $ipaddr
+ noarp=$?
+ ( sleep 2 ;
+- arping -q -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null &
++ arping -q -U -c 1 -I $dev $ipaddr ) > /dev/null 2>&1 </dev/null &
+
+-ip route add unreachable 224.0.0.0/24 >& /dev/null
+-ip route add unreachable 255.255.255.255 >& /dev/null
++ip route add unreachable 224.0.0.0/24 > /dev/null 2>&1
++ip route add unreachable 255.255.255.255 > /dev/null 2>&1
+ if [ "`ip link ls $dev | grep -c MULTICAST`" -ge 1 ]; then
+- ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null
++ ip route add 224.0.0.0/4 dev $dev scope global > /dev/null 2>&1
+ fi
+
+ if [ $fwd -eq 0 ]; then
+diff --git a/ip/rtpr b/ip/rtpr
+index c3629fd..674198d 100644
+--- a/ip/rtpr
++++ b/ip/rtpr
+@@ -1,4 +1,4 @@
+-#! /bin/bash
++#! /bin/sh
+
+ exec tr "[\\\\]" "[
+ ]"
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch b/poky/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch
new file mode 100644
index 000000000..50c4bfb0f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch
@@ -0,0 +1,41 @@
+From b7d96340c55afb7023ded0041107c63dbd886196 Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Thu, 22 Dec 2016 15:26:30 +0200
+Subject: [PATCH] libc-compat.h: add musl workaround
+
+The libc-compat.h kernel header uses glibc specific macros (__GLIBC__ and
+__USE_MISC) to solve conflicts with libc provided headers. This patch makes
+libc-compat.h work for musl libc as well.
+
+Upstream-Status: Pending
+
+Taken From:
+https://git.buildroot.net/buildroot/tree/package/iproute2/0001-Add-the-musl-workaround-to-the-libc-compat.h-copy.patch
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ include/uapi/linux/libc-compat.h | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/include/uapi/linux/libc-compat.h b/include/uapi/linux/libc-compat.h
+index f38571d..30f0b67 100644
+--- a/include/uapi/linux/libc-compat.h
++++ b/include/uapi/linux/libc-compat.h
+@@ -49,10 +49,12 @@
+ #define _LIBC_COMPAT_H
+
+ /* We have included glibc headers... */
+-#if defined(__GLIBC__)
++#if 1
++#define __USE_MISC
+
+ /* Coordinate with glibc net/if.h header. */
+ #if defined(_NET_IF_H) && defined(__USE_MISC)
++#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0
+
+ /* GLIBC headers included first so don't define anything
+ * that would already be defined. */
+--
+2.4.0
+
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch b/poky/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
new file mode 100644
index 000000000..8b75a2ada
--- /dev/null
+++ b/poky/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
@@ -0,0 +1,32 @@
+From 85b0589b4843c03e8e6fd9416d71ea449a73c5c0 Mon Sep 17 00:00:00 2001
+From: Koen Kooi <koen@dominion.thruhere.net>
+Date: Thu, 3 Nov 2011 10:46:16 +0100
+Subject: [PATCH] make configure cross compile safe
+
+According to Kevin Tian:
+Upstream-Status: Pending
+
+Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
+Signed-off-by: Shane Wang <shane.wang@intel.com>
+
+Index: iproute2-4.14.1/configure
+===================================================================
+--- iproute2-4.14.1.orig/configure
++++ iproute2-4.14.1/configure
+@@ -2,6 +2,7 @@
+ # This is not an autoconf generated configure
+ #
+ INCLUDE=${1:-"$PWD/include"}
++SYSROOT=$1
+
+ # Output file which is input to Makefile
+ CONFIG=config.mk
+@@ -195,7 +196,7 @@ check_ipt_lib_dir()
+ return
+ fi
+
+- for dir in /lib /usr/lib /usr/local/lib
++ for dir in $SYSROOT/lib $SYSROOT/usr/lib $SYSROOT/usr/local/lib
+ do
+ for file in $dir/{xtables,iptables}/lib*t_*so ; do
+ if [ -f $file ]; then
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2_4.14.1.bb b/poky/meta/recipes-connectivity/iproute2/iproute2_4.14.1.bb
new file mode 100644
index 000000000..81e2e4a16
--- /dev/null
+++ b/poky/meta/recipes-connectivity/iproute2/iproute2_4.14.1.bb
@@ -0,0 +1,15 @@
+require iproute2.inc
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
+ file://configure-cross.patch \
+ file://0001-iproute2-de-bash-scripts.patch \
+ file://0001-libc-compat.h-add-musl-workaround.patch \
+ file://0001-ip-Remove-unneed-header.patch \
+ "
+
+SRC_URI[md5sum] = "1075423d7029e02a8f23ed4f42b7e372"
+SRC_URI[sha256sum] = "d43ac068afcc350a448f4581b6e292331ef7e4e7aa746e34981582d5fdb10067"
+
+# CFLAGS are computed in Makefile and reference CCOPTS
+#
+EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'"
diff --git a/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init b/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
new file mode 100755
index 000000000..6f29e9c6e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
@@ -0,0 +1,78 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: irda
+# Required-Start: $network $remote_fs
+# Required-Stop: $network $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Infrared port support
+### END INIT INFO
+
+NAME="irattach"
+test -x "$IRDA_DAEMON" || IRDA_DAEMON=/usr/sbin/irattach
+test -z "$IRATTACH_PID" && IRATTACH_PID=/var/run/irattach.pid
+
+# Source function library.
+. /etc/init.d/functions
+
+module_id() {
+ awk 'BEGIN { FS=": " } /Hardware/ { print $2 } ' </proc/cpuinfo
+}
+
+if [ ! -f /etc/sysconfig/irda ]; then
+ case `module_id` in
+ "HP iPAQ H2200" | "HP iPAQ HX4700" | "HTC Universal")
+ IRDA=yes
+ DEVICE=/dev/ttyS2
+ DONGLE=
+ DISCOVERY=
+ ;;
+ *)
+ IRDA=yes
+ DEVICE=/dev/ttyS1
+ DONGLE=
+ DISCOVERY=
+ ;;
+ esac
+else
+ . /etc/sysconfig/irda
+fi
+
+# Check that irda is up.
+[ ${IRDA} = "no" ] && exit 0
+
+[ -f /usr/sbin/irattach ] || exit 0
+
+ARGS=
+if [ $DONGLE ]; then
+ ARGS="$ARGS -d $DONGLE"
+fi
+if [ "$DISCOVERY" = "yes" ];then
+ ARGS="$ARGS -s"
+fi
+
+case "$1" in
+ start)
+ echo -n "Starting IrDA: $NAME"
+ start-stop-daemon --start --quiet --exec "$IRDA_DAEMON" ${DEVICE} ${ARGS} --pidfile "$IRATTACH_PID"
+ sleep 1
+ [ -f /var/run/irattach.pid ] && echo " done" || echo " fail"
+ ;;
+ stop)
+ echo "Stopping IrDA: $NAME"
+ start-stop-daemon --stop --quiet --exec "$IRDA_DAEMON" --pidfile "$IRATTACH_PID"
+ ;;
+ restart|force-reload)
+ $0 stop
+ $0 start
+ ;;
+ status)
+ status irattach
+ exit $?
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
diff --git a/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch b/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
new file mode 100644
index 000000000..b246de8f5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
@@ -0,0 +1,87 @@
+Obey LDFLAGS
+
+Signed-off-by: Christopher Larson <chris_larson@mentor.com>
+Upstream-Status: Pending
+
+Index: irda-utils-0.9.18/findchip/Makefile
+===================================================================
+--- irda-utils-0.9.18.orig/findchip/Makefile
++++ irda-utils-0.9.18/findchip/Makefile
+@@ -65,5 +65,5 @@ install: findchip
+
+ gfindchip: gfindchip.c
+ $(prn_cc)
+- $(ECMD))$(CC) $(CFLAGS) `gtk-config --cflags` $< -o $@ `gtk-config --libs`
++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `gtk-config --cflags` $< -o $@ `gtk-config --libs`
+
+Index: irda-utils-0.9.18/irattach/Makefile
+===================================================================
+--- irda-utils-0.9.18.orig/irattach/Makefile
++++ irda-utils-0.9.18/irattach/Makefile
+@@ -49,13 +49,13 @@ all: $(TARGETS)
+
+ irattach: irattach.o util.o
+ $(prn_cc_o)
+- $(ECMD)$(CC) $(CFLAGS) irattach.o util.o -o $@
++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) irattach.o util.o -o $@
+
+
+
+ dongle_attach: dongle_attach.o
+ $(prn_cc_o)
+- $(ECMD)$(CC) $(CFLAGS) dongle_attach.o -o $@
++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) dongle_attach.o -o $@
+
+
+ install: $(TARGETS)
+Index: irda-utils-0.9.18/irdadump/Makefile
+===================================================================
+--- irda-utils-0.9.18.orig/irdadump/Makefile
++++ irda-utils-0.9.18/irdadump/Makefile
+@@ -40,7 +40,7 @@ lib_irdadump.a: $(LIBIRDADUMP_OBJS)
+
+ irdadump: $(IRDADUMP_OBJS) $(LIBIRDADUMP_TARGET)
+ $(prn_cc_o)
+- $(ECMD)$(CC) $(CFLAGS) `pkg-config --libs glib-2.0` -o $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `pkg-config --libs glib-2.0` -o $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
+
+
+ .c.o:
+Index: irda-utils-0.9.18/irdaping/Makefile
+===================================================================
+--- irda-utils-0.9.18.orig/irdaping/Makefile
++++ irda-utils-0.9.18/irdaping/Makefile
+@@ -56,7 +56,7 @@ all: $(TARGETS)
+
+ irdaping: $(OBJS)
+ $(prn_cc_o)
+- $(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
+
+
+ .c.o:
+Index: irda-utils-0.9.18/irnetd/Makefile
+===================================================================
+--- irda-utils-0.9.18.orig/irnetd/Makefile
++++ irda-utils-0.9.18/irnetd/Makefile
+@@ -50,7 +50,7 @@ all: $(TARGETS)
+
+ irnetd: $(OBJS)
+ $(prn_cc_o)
+- $(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
+
+
+ install: irnetd
+Index: irda-utils-0.9.18/psion/Makefile
+===================================================================
+--- irda-utils-0.9.18.orig/psion/Makefile
++++ irda-utils-0.9.18/psion/Makefile
+@@ -25,4 +25,4 @@ install: $(PSION_TARGETS)
+ CFLAGS += -g -I../include -Wall -Wstrict-prototypes $(RPM_OPT_FLAGS)
+ irpsion5:
+ $(prn_cc_o)
+- $(ECMD)$(CC) $(CFLAGS) $(PSION_SRC) -o $@
+\ No newline at end of file
++ $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(PSION_SRC) -o $@
+\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch b/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch
new file mode 100644
index 000000000..97eb97502
--- /dev/null
+++ b/poky/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch
@@ -0,0 +1,29 @@
+Replace use of <net/if_packet.h> with <linux/if_packet.h>.
+
+kernel headers <linux/if_packet.h> already provides the
+needed definitions, moreover not all libc implementations
+provide if_packet.h e.g. musl
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Pending
+
+Index: irda-utils-0.9.18/irdaping/irdaping.c
+===================================================================
+--- irda-utils-0.9.18.orig/irdaping/irdaping.c
++++ irda-utils-0.9.18/irdaping/irdaping.c
+@@ -33,7 +33,6 @@
+ #include <sys/socket.h>
+ #include <sys/ioctl.h>
+ #include <net/if.h> /* For struct ifreq */
+-#include <net/if_packet.h> /* For struct sockaddr_pkt */
+ #include <net/if_arp.h> /* For ARPHRD_IRDA */
+ #include <netinet/if_ether.h> /* For ETH_P_ALL */
+ #include <netinet/in.h> /* For htons */
+@@ -46,6 +45,7 @@
+ #include <asm/byteorder.h> /* __cpu_to_le32 and co. */
+
+ #include <linux/types.h> /* For __u8 and co. */
++#include <linux/if_packet.h> /* For struct sockaddr_pkt */
+ #include <irda.h>
+
+ #ifndef AF_IRDA
diff --git a/poky/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb b/poky/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
new file mode 100644
index 000000000..11b2ee911
--- /dev/null
+++ b/poky/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
@@ -0,0 +1,51 @@
+SUMMARY = "Common files for IrDA"
+DESCRIPTION = "Provides common files needed to use IrDA. \
+IrDA allows communication over Infrared with other devices \
+such as phones and laptops."
+HOMEPAGE = "http://irda.sourceforge.net/"
+BUGTRACKER = "http://sourceforge.net/p/irda/bugs/"
+SECTION = "base"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://irdadump/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
+ file://smcinit/COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
+ file://man/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
+ file://irdadump/irdadump.c;beginline=1;endline=24;md5=d78b9dce3cd78c2220250c9c7a2be178"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/irda/irda-utils-${PV}.tar.gz \
+ file://ldflags.patch \
+ file://musl.patch \
+ file://init"
+
+SRC_URI[md5sum] = "84dc12aa4c3f61fccb8d8919bf4079bb"
+SRC_URI[sha256sum] = "61980551e46b2eaa9e17ad31cbc1a638074611fc33bff34163d10c7a67a9fdc6"
+
+inherit update-rc.d
+
+EXTRA_OEMAKE = "\
+ 'CC=${CC}' \
+ 'LD=${LD}' \
+ 'CFLAGS=${CFLAGS}' \
+ 'LDFLAGS=${LDFLAGS}' \
+ 'SYS_INCLUDES=' \
+ 'V=1' \
+"
+
+INITSCRIPT_NAME = "irattach"
+INITSCRIPT_PARAMS = "defaults 20"
+
+TARGETS ??= "irattach irdaping"
+do_compile () {
+ for t in ${TARGETS}; do
+ oe_runmake -C $t
+ done
+}
+
+do_install () {
+ install -d ${D}${sbindir}
+ for t in ${TARGETS}; do
+ oe_runmake -C $t ROOT="${D}" install
+ done
+
+ install -d ${D}${sysconfdir}/init.d
+ install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME}
+}
diff --git a/poky/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch b/poky/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch
new file mode 100644
index 000000000..715b88d46
--- /dev/null
+++ b/poky/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch
@@ -0,0 +1,41 @@
+Subject: [PATCH] iw: version.sh: don't use git describe for versioning
+
+It will detect top-level git repositories like the Angstrom setup-scripts and break.
+
+Upstream-Status: Pending
+
+Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+diff -Naur iw-4.7-orig/version.sh iw-4.7/version.sh
+--- iw-4.7-orig/version.sh 2016-05-31 12:52:46.000000000 +0300
++++ iw-4.7/version.sh 2016-06-01 11:21:58.307409060 +0300
+@@ -15,27 +15,7 @@
+ SRC_DIR=$(cd ${SRC_DIR}; pwd)
+ cd "${SRC_DIR}"
+
+-v=""
+-if [ -d .git ] && head=`git rev-parse --verify HEAD 2>/dev/null`; then
+- git update-index --refresh --unmerged > /dev/null
+- descr=$(git describe --match=v* 2>/dev/null)
+- if [ $? -eq 0 ]; then
+- # on git builds check that the version number above
+- # is correct...
+- if [ "${descr%%-*}" = "v$VERSION" ]; then
+- v="${descr#v}"
+- if git diff-index --name-only HEAD | read dummy ; then
+- v="$v"-dirty
+- fi
+- fi
+- fi
+-fi
+-
+-# set to the default version when failed to get the version
+-# information with git
+-if [ -z "${v}" ]; then
+- v="$VERSION"
+-fi
++v="$VERSION"
+
+ echo '#include "iw.h"' > "$OUT"
+ echo "const char iw_version[] = \"$v\";" >> "$OUT"
diff --git a/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch
new file mode 100644
index 000000000..0ea6a5278
--- /dev/null
+++ b/poky/meta/recipes-connectivity/iw/iw/separate-objdir.patch
@@ -0,0 +1,35 @@
+Subject: [PATCH] Support separation of SRCDIR and OBJDIR
+
+Typical use of VPATH to locate the sources.
+
+Upstream-Status: Pending
+
+Signed-off-by: Christopher Larson <chris_larson@mentor.com>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+diff -Naur iw-4.3-origin/Makefile iw-4.3/Makefile
+--- iw-4.3-origin/Makefile 2015-11-20 16:37:58.752077287 +0200
++++ iw-4.3/Makefile 2015-11-20 16:57:15.510615815 +0200
+@@ -1,5 +1,7 @@
+ MAKEFLAGS += --no-print-directory
+-
++SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST)))
++OBJDIR ?= $(PWD)
++VPATH = $(SRCDIR)
+ PREFIX ?= /usr
+ SBINDIR ?= $(PREFIX)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+@@ -95,11 +97,11 @@
+ version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \
+ $(wildcard .git/index .git/refs/tags)
+ @$(NQ) ' GEN ' $@
+- $(Q)./version.sh $@
++ $(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@
+
+ %.o: %.c iw.h nl80211.h
+ @$(NQ) ' CC ' $@
+- $(Q)$(CC) $(CFLAGS) -c -o $@ $<
++ $(Q)$(CC) -I$(SRCDIR) $(CFLAGS) -c -o $@ $<
+
+ ifeq ($(IW_ANDROID_BUILD),)
+ iw: $(OBJS)
diff --git a/poky/meta/recipes-connectivity/iw/iw_4.14.bb b/poky/meta/recipes-connectivity/iw/iw_4.14.bb
new file mode 100644
index 000000000..e1b17de4c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/iw/iw_4.14.bb
@@ -0,0 +1,33 @@
+SUMMARY = "nl80211 based CLI configuration utility for wireless devices"
+DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \
+wireless devices. It supports almost all new drivers that have been added \
+to the kernel recently. "
+HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw"
+SECTION = "base"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774"
+
+DEPENDS = "libnl"
+
+SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \
+ file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \
+ file://separate-objdir.patch \
+"
+
+SRC_URI[md5sum] = "2067516ca9940fdb8c091ee3250da374"
+SRC_URI[sha256sum] = "a0c3aad6ff52234d03a2522ba2eba570e36abb3e60dc29bf0b1ce88dd725d6d4"
+
+inherit pkgconfig
+
+EXTRA_OEMAKE = "\
+ -f '${S}/Makefile' \
+ \
+ 'PREFIX=${prefix}' \
+ 'SBINDIR=${sbindir}' \
+ 'MANDIR=${mandir}' \
+"
+B = "${WORKDIR}/build"
+
+do_install() {
+ oe_runmake 'DESTDIR=${D}' install
+}
diff --git a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch
new file mode 100644
index 000000000..f63eb90cd
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch
@@ -0,0 +1,56 @@
+From bdf01a581d58eb5340e9238d143dbcac9db5b11c Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 30 Jan 2016 19:29:45 +0000
+Subject: [PATCH] check for nss.h
+
+nss.h may not available on all libc implementations, e.g. musl does not
+have this header, this patch detects nss.h presence and defines the data
+types that are required if nss.h is missing on platform
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ configure.ac | 2 +-
+ src/nss.c | 11 +++++++++++
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index aa66bc6..ce19b07 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -71,7 +71,7 @@ AC_PROG_LIBTOOL
+
+ # Checks for header files.
+ AC_HEADER_STDC
+-AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h])
++AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h nss.h])
+
+ # Checks for typedefs, structures, and compiler characteristics.
+ AC_C_CONST
+diff --git a/src/nss.c b/src/nss.c
+index e48e315..406733b 100644
+--- a/src/nss.c
++++ b/src/nss.c
+@@ -29,7 +29,18 @@
+ #include <assert.h>
+ #include <netdb.h>
+ #include <sys/socket.h>
++#ifdef HAVE_NSS_H
+ #include <nss.h>
++#else
++enum nss_status {
++ NSS_STATUS_TRYAGAIN = -2,
++ NSS_STATUS_UNAVAIL,
++ NSS_STATUS_NOTFOUND,
++ NSS_STATUS_SUCCESS,
++ NSS_STATUS_RETURN
++};
++#endif
++
+ #include <stdio.h>
+ #include <stdlib.h>
+
+--
+2.7.0
+
diff --git a/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
new file mode 100644
index 000000000..8d2feec76
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
@@ -0,0 +1,40 @@
+SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution"
+HOMEPAGE = "http://0pointer.de/lennart/projects/nss-mdns/"
+SECTION = "libs"
+
+LICENSE = "LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1"
+
+DEPENDS = "avahi"
+PR = "r7"
+
+SRC_URI = "http://0pointer.de/lennart/projects/nss-mdns/nss-mdns-${PV}.tar.gz \
+ file://0001-check-for-nss.h.patch \
+ "
+
+SRC_URI[md5sum] = "03938f17646efbb50aa70ba5f99f51d7"
+SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d8134fa6d"
+
+S = "${WORKDIR}/nss-mdns-${PV}"
+
+inherit autotools
+
+EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi"
+
+# suppress warning, but don't bother with autonamer
+LEAD_SONAME = "libnss_mdns.so"
+DEBIANNAME_${PN} = "libnss-mdns"
+
+RDEPENDS_${PN} = "avahi-daemon"
+
+pkg_postinst_${PN} () {
+ sed -e '/^hosts:/s/\s*\<mdns\>//' \
+ -e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 mdns4_minimal [NOTFOUND=return]\3\4 mdns\5/' \
+ -i $D${sysconfdir}/nsswitch.conf
+}
+
+pkg_prerm_${PN} () {
+ sed -e '/^hosts:/s/\s*\<mdns\>//' \
+ -e '/^hosts:/s/\s*mdns4_minimal\s\+\[NOTFOUND=return\]//' \
+ -i $D${sysconfdir}/nsswitch.conf
+}
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap.inc b/poky/meta/recipes-connectivity/libpcap/libpcap.inc
new file mode 100644
index 000000000..e57ea87b3
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap.inc
@@ -0,0 +1,42 @@
+SUMMARY = "Interface for user-level network packet capture"
+DESCRIPTION = "Libpcap provides a portable framework for low-level network \
+monitoring. Libpcap can provide network statistics collection, \
+security monitoring and network debugging."
+HOMEPAGE = "http://www.tcpdump.org/"
+BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577"
+SECTION = "libs/network"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
+ file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
+DEPENDS = "flex-native bison-native"
+
+INC_PR = "r5"
+
+SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz"
+
+BINCONFIG = "${bindir}/pcap-config"
+
+inherit autotools binconfig-disabled pkgconfig bluetooth
+
+EXTRA_OECONF = "--with-pcap=linux"
+EXTRA_AUTORECONF += "--exclude=aclocal"
+
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
+"
+PACKAGECONFIG[bluez4] = "--enable-bluetooth,--disable-bluetooth,bluez4"
+# Add a dummy PACKAGECONFIG for bluez5 since it is not supported by libpcap.
+PACKAGECONFIG[bluez5] = ",,"
+PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
+
+CPPFLAGS_prepend = "-I${S} "
+CFLAGS_prepend = "-I${S} "
+CXXFLAGS_prepend = "-I${S} "
+
+do_configure_prepend () {
+ sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in
+}
+
+BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch
new file mode 100644
index 000000000..edb6ae566
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch
@@ -0,0 +1,41 @@
+From 64aa033a061c43fc15c711f2490ae41d23b868c3 Mon Sep 17 00:00:00 2001
+From: Fabio Berton <fabio.berton@ossystems.com.br>
+Date: Thu, 17 Nov 2016 09:44:42 -0200
+Subject: [PATCH 1/2] Fix compiler_state_t.ai usage when INET6 is not defined
+Organization: O.S. Systems Software LTDA.
+
+Fix error:
+
+/
+| ../libpcap-1.8.1/gencode.c: In function 'pcap_compile':
+| ../libpcap-1.8.1/gencode.c:693:8: error: 'compiler_state_t
+| {aka struct _compiler_state}' has no member named 'ai'
+| cstate.ai = NULL;
+\
+
+Upstream-Status: Submitted [1]
+
+[1] https://github.com/the-tcpdump-group/libpcap/pull/541
+
+Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
+---
+ gencode.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/gencode.c b/gencode.c
+index a887f27..e103c70 100644
+--- a/gencode.c
++++ b/gencode.c
+@@ -690,7 +690,9 @@ pcap_compile(pcap_t *p, struct bpf_program *program,
+ }
+ initchunks(&cstate);
+ cstate.no_optimize = 0;
++#ifdef INET6
+ cstate.ai = NULL;
++#endif
+ cstate.ic.root = NULL;
+ cstate.ic.cur_mark = 0;
+ cstate.bpf_pcap = p;
+--
+2.1.4
+
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch
new file mode 100644
index 000000000..032b265f0
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch
@@ -0,0 +1,67 @@
+From 50ec0a088d5924a8305b2d70dcba71b0942dee1a Mon Sep 17 00:00:00 2001
+From: Fabio Berton <fabio.berton@ossystems.com.br>
+Date: Thu, 17 Nov 2016 09:47:29 -0200
+Subject: [PATCH 2/2] Add missing compiler_state_t parameter
+Organization: O.S. Systems Software LTDA.
+
+Fix error:
+
+/
+|../libpcap-1.8.1/gencode.c: In function 'gen_gateway':
+|../libpcap-1.8.1/gencode.c:4914:13: error: 'cstate' undeclared
+| (first use in this function)
+| bpf_error(cstate, "direction applied to 'gateway'");
+\
+
+Upstream-Status: Submitted [1]
+
+[1] https://github.com/the-tcpdump-group/libpcap/pull/541
+
+Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
+---
+ gencode.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/gencode.c b/gencode.c
+index e103c70..f07c0be 100644
+--- a/gencode.c
++++ b/gencode.c
+@@ -523,7 +523,7 @@ static struct block *gen_host6(compiler_state_t *, struct in6_addr *,
+ struct in6_addr *, int, int, int);
+ #endif
+ #ifndef INET6
+-static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
++static struct block *gen_gateway(compiler_state_t *, const u_char *, bpf_u_int32 **, int, int);
+ #endif
+ static struct block *gen_ipfrag(compiler_state_t *);
+ static struct block *gen_portatom(compiler_state_t *, int, bpf_int32);
+@@ -4904,11 +4904,12 @@ gen_host6(compiler_state_t *cstate, struct in6_addr *addr,
+
+ #ifndef INET6
+ static struct block *
+-gen_gateway(eaddr, alist, proto, dir)
+- const u_char *eaddr;
+- bpf_u_int32 **alist;
+- int proto;
+- int dir;
++gen_gateway(cstate, eaddr, alist, proto, dir)
++ compiler_state_t *cstate;
++ const u_char *eaddr;
++ bpf_u_int32 **alist;
++ int proto;
++ int dir;
+ {
+ struct block *b0, *b1, *tmp;
+
+@@ -6472,7 +6473,7 @@ gen_scode(compiler_state_t *cstate, const char *name, struct qual q)
+ alist = pcap_nametoaddr(name);
+ if (alist == NULL || *alist == NULL)
+ bpf_error(cstate, "unknown host '%s'", name);
+- b = gen_gateway(eaddr, alist, proto, dir);
++ b = gen_gateway(cstate, eaddr, alist, proto, dir);
+ free(eaddr);
+ return b;
+ #else
+--
+2.1.4
+
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch
new file mode 100644
index 000000000..7e1eea6b1
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch
@@ -0,0 +1,36 @@
+Disable bits of remote capture support inherited from the WinPCAP merge
+which cause applications to FTBFS if they define HAVE_REMOTE.
+
+Patch from:
+https://anonscm.debian.org/cgit/users/rfrancoise/libpcap.git/commit/?
+id=f35949969269dfdcc3549b12fade604755e1e326
+
+Upstream-Status: Pending
+
+--- a/pcap/pcap.h
++++ b/pcap/pcap.h
+@@ -506,6 +506,11 @@
+ #define MODE_STAT 1
+ #define MODE_MON 2
+
++#ifdef HAVE_REMOTE
++ /* Includes most of the public stuff that is needed for the remote capture */
++ #include <remote-ext.h>
++#endif /* HAVE_REMOTE */
++
+ #elif defined(MSDOS)
+
+ /*
+@@ -526,11 +531,6 @@
+
+ #endif /* _WIN32/MSDOS/UN*X */
+
+-#ifdef HAVE_REMOTE
+- /* Includes most of the public stuff that is needed for the remote capture */
+- #include <remote-ext.h>
+-#endif /* HAVE_REMOTE */
+-
+ #ifdef __cplusplus
+ }
+ #endif
+
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch
new file mode 100644
index 000000000..f40e655c4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch
@@ -0,0 +1,29 @@
+Fix a missing dependency that can result in:
+
+../libpcap-1.8.1/grammar.y:78:10: fatal error: scanner.h: No such file or directory
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 0dd90a6bdbce4dca14106859eee63ef643a106e2 Mon Sep 17 00:00:00 2001
+From: Alfredo Alvarez Fernandez <alfredoalvarezernandez@gmail.com>
+Date: Tue, 21 Feb 2017 11:41:43 +0100
+Subject: [PATCH] Makefile.in: Fix missing dependency
+
+---
+ Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 7044f043..f5d443ae 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -465,7 +465,7 @@ grammar.h: grammar.c
+ $(MAKE) $(MAKEFLAGS) grammar.c; \
+ fi
+
+-grammar.o: grammar.c
++grammar.o: grammar.c scanner.h
+ $(CC) $(FULL_CFLAGS) -c grammar.c
+
+ gencode.o: $(srcdir)/gencode.c grammar.h scanner.h
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
new file mode 100644
index 000000000..afaa3bea9
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
@@ -0,0 +1,73 @@
+From 2796129af52901dd68595e5e88a639308541def9 Mon Sep 17 00:00:00 2001
+From: Fabio Berton <fabio.berton@ossystems.com.br>
+Date: Thu, 3 Nov 2016 17:56:29 -0200
+Subject: [PATCH] libpcap: pkgconfig support
+Organization: O.S. Systems Software LTDA.
+
+Adding basic structure to support pkg-config.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
+---
+ Makefile.in | 5 +++++
+ configure.ac | 1 +
+ libpcap.pc.in | 10 ++++++++++
+ 3 files changed, 16 insertions(+)
+ create mode 100644 libpcap.pc.in
+
+diff --git a/Makefile.in b/Makefile.in
+index e71d973..d7004ed 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -61,6 +61,10 @@ V_RPATH_OPT = @V_RPATH_OPT@
+ DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@
+ PROG=libpcap
+
++# pkgconfig support
++pkgconfigdir = $(libdir)/pkgconfig
++pkgconfig_DATA = libpcap.pc
++
+ # Standard CFLAGS
+ FULL_CFLAGS = $(CCOPT) $(INCLS) $(DEFS) $(CFLAGS)
+
+@@ -286,6 +290,7 @@ EXTRA_DIST = \
+ lbl/os-solaris2.h \
+ lbl/os-sunos4.h \
+ lbl/os-ultrix4.h \
++ libpcap.pc \
+ missing/getopt.c \
+ missing/getopt.h \
+ missing/snprintf.c \
+diff --git a/configure.ac b/configure.ac
+index da2f940..4fc67bf 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1805,6 +1805,7 @@ fi
+ AC_PROG_INSTALL
+
+ AC_CONFIG_HEADER(config.h)
++AC_CONFIG_FILES([libpcap.pc])
+
+ AC_OUTPUT_COMMANDS([if test -f .devel; then
+ echo timestamp > stamp-h
+diff --git a/libpcap.pc.in b/libpcap.pc.in
+new file mode 100644
+index 0000000..4f78ad8
+--- /dev/null
++++ b/libpcap.pc.in
+@@ -0,0 +1,10 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: libpcap
++Description: System-independent interface for user-level packet capture.
++Version: @VERSION@
++Libs: -L${libdir} -lpcap
++Cflags: -I${includedir}
+--
+2.1.4
+
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb b/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb
new file mode 100644
index 000000000..13dfbd67a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb
@@ -0,0 +1,31 @@
+require libpcap.inc
+
+SRC_URI += " \
+ file://libpcap-pkgconfig-support.patch \
+ file://0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch \
+ file://0002-Add-missing-compiler_state_t-parameter.patch \
+ file://disable-remote.patch \
+ file://fix-grammar-deps.patch \
+"
+
+SRC_URI[md5sum] = "3d48f9cd171ff12b0efd9134b52f1447"
+SRC_URI[sha256sum] = "673dbc69fdc3f5a86fb5759ab19899039a8e5e6c631749e48dcd9c6f0c83541e"
+
+#
+# make install doesn't cover the shared lib
+# make install-shared is just broken (no symlinks)
+#
+
+do_configure_prepend () {
+ #remove hardcoded references to /usr/include
+ sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
+}
+
+do_install_prepend () {
+ install -d ${D}${libdir}
+ install -d ${D}${bindir}
+ oe_runmake install-shared DESTDIR=${D}
+ oe_libinstall -a -so libpcap ${D}${libdir}
+ sed "s|@VERSION@|${PV}|" -i ${B}/libpcap.pc
+ install -D -m 0644 libpcap.pc ${D}${libdir}/pkgconfig/libpcap.pc
+}
diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
new file mode 100644
index 000000000..dbc578e2d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -0,0 +1,13 @@
+SUMMARY = "Mobile Broadband Service Provider Database"
+HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders"
+SECTION = "network"
+LICENSE = "PD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
+SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c"
+PV = "20170310"
+PE = "1"
+
+SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info"
+S = "${WORKDIR}/git"
+
+inherit autotools
diff --git a/poky/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch b/poky/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
new file mode 100644
index 000000000..d8e8a5e5d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
@@ -0,0 +1,35 @@
+From affaa2021a54c30353e4e1fee09c13a4de2196be Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Fri, 17 Mar 2017 14:24:29 +0200
+Subject: [PATCH] Add header dependency to nciattach.o
+
+This can happen when compiling nciattach.o:
+
+| In file included from ../neard-0.16/tools/nciattach.c:47:0:
+| ../neard-0.16/src/near.h:30:27: fatal error: near/nfc_copy.h: No such
+file or directory
+| #include <near/nfc_copy.h>
+
+Add the missing dependency to local headers.
+
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Upstream-Status: Submitted [mailinglist]
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index fa552ee..acef6ba 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -253,6 +253,7 @@ se/builtin.h: src/genbuiltin $(builtin_se_sources)
+
+ $(src_neard_OBJECTS) \
+ $(tools_nfctool_nfctool_OBJECTS) \
++$(tools_nciattach_OBJECTS) \
+ $(plugin_objects) \
+ $(se_seeld_OBJECTS) \
+ $(unit_test_ndef_parse_OBJECTS) \
+--
+2.11.0
+
diff --git a/poky/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch b/poky/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch
new file mode 100644
index 000000000..16875e054
--- /dev/null
+++ b/poky/meta/recipes-connectivity/neard/neard/Makefile.am-do-not-ship-version.h.patch
@@ -0,0 +1,36 @@
+From bfd32d68cfc9f1e31dab88e07446d1c02bc80b5e Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Thu, 12 Feb 2015 00:39:29 -0800
+Subject: [PATCH] Makefile.am: do not ship version.h
+
+The HEADERS' name has been changed to pkginclude_HEADERS, so use
+nodist_pkginclude_HEADERS, otherwise version.h would be shipped.
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ Makefile.am | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 3334790..69cd58f 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -10,11 +10,11 @@ pkginclude_HEADERS = include/types.h include/log.h include/plugin.h \
+ include/tlv.h include/setting.h include/device.h \
+ include/nfc_copy.h include/snep.h
+
+-nodist_include_HEADERS = include/version.h
++nodist_pkginclude_HEADERS = include/version.h
+
+ noinst_HEADERS = include/dbus.h
+
+-local_headers = $(foreach file,$(pkginclude_HEADERS) $(nodist_include_HEADERS) \
++local_headers = $(foreach file,$(pkginclude_HEADERS) $(nodist_pkginclude_HEADERS) \
+ $(noinst_HEADERS), include/near/$(notdir $(file)))
+
+ gdbus_sources = gdbus/gdbus.h gdbus/mainloop.c gdbus/watch.c \
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch b/poky/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
new file mode 100644
index 000000000..6e864079a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
@@ -0,0 +1,30 @@
+From 43acc56d5506c7e318f717fb3634bc16e3438913 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Thu, 15 Jan 2015 18:12:07 -0800
+Subject: [PATCH] Makefile.am: fix parallel issue
+
+There might be no src dir if src/builtin.h runs earlier, create it to
+fix the race issue:
+
+src/genbuiltin nfctype1 nfctype2 nfctype3 nfctype4 p2p > src/builtin.h
+/bin/sh: src/builtin.h: No such file or directory
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+Index: neard-0.16/Makefile.am
+===================================================================
+--- neard-0.16.orig/Makefile.am
++++ neard-0.16/Makefile.am
+@@ -244,6 +244,7 @@ SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(di
+ src/plugin.$(OBJEXT): src/builtin.h
+
+ src/builtin.h: src/genbuiltin $(builtin_sources)
++ $(AM_V_at)$(MKDIR_P) src
+ $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
+
+ se/plugin.$(OBJEXT): se/builtin.h
diff --git a/poky/meta/recipes-connectivity/neard/neard/neard.in b/poky/meta/recipes-connectivity/neard/neard/neard.in
new file mode 100644
index 000000000..a47d4d96c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/neard/neard/neard.in
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# start/stop neard daemon.
+
+### BEGIN INIT INFO
+# Provides: neard
+# Required-Start: $network
+# Required-Stop: $network
+# Default-Start: S 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: NFC daemon
+# Description: neard is a daemon used to enable NFC features
+### END INIT INFO
+
+DAEMON=@installpath@/neard
+PIDFILE=/var/run/neard.pid
+DESC="Linux NFC daemon"
+
+if [ -f /etc/default/neard ] ; then
+ . /etc/default/neard
+fi
+
+set -e
+
+do_start() {
+ $DAEMON
+}
+
+do_stop() {
+ start-stop-daemon --stop --name neard --quiet
+}
+
+case "$1" in
+ start)
+ echo "Starting $DESC"
+ do_start
+ ;;
+ stop)
+ echo "Stopping $DESC"
+ do_stop
+ ;;
+ restart|force-reload)
+ echo "Restarting $DESC"
+ do_stop
+ sleep 1
+ do_start
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/poky/meta/recipes-connectivity/neard/neard_0.16.bb b/poky/meta/recipes-connectivity/neard/neard_0.16.bb
new file mode 100644
index 000000000..cc6af4e1c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/neard/neard_0.16.bb
@@ -0,0 +1,50 @@
+SUMMARY = "Linux NFC daemon"
+DESCRIPTION = "A daemon for the Linux Near Field Communication stack"
+HOMEPAGE = "http://01.org/linux-nfc"
+LICENSE = "GPLv2"
+
+DEPENDS = "dbus glib-2.0 libnl"
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BP}.tar.xz \
+ file://neard.in \
+ file://Makefile.am-fix-parallel-issue.patch \
+ file://Makefile.am-do-not-ship-version.h.patch \
+ file://0001-Add-header-dependency-to-nciattach.o.patch \
+ "
+SRC_URI[md5sum] = "5c691fb7872856dc0d909c298bc8cb41"
+SRC_URI[sha256sum] = "eae3b11c541a988ec11ca94b7deab01080cd5b58cfef3ced6ceac9b6e6e65b36"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
+ file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
+ "
+
+inherit autotools pkgconfig systemd update-rc.d bluetooth
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+
+PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd"
+
+EXTRA_OECONF += "--enable-tools"
+
+# This would copy neard start-stop shell and test scripts
+do_install_append() {
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
+ install -d ${D}${sysconfdir}/init.d/
+ sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \
+ > ${D}${sysconfdir}/init.d/neard
+ chmod 0755 ${D}${sysconfdir}/init.d/neard
+ fi
+}
+
+RDEPENDS_${PN} = "dbus"
+
+# Bluez & Wifi are not mandatory except for handover
+RRECOMMENDS_${PN} = "\
+ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \
+ "
+
+INITSCRIPT_NAME = "neard"
+INITSCRIPT_PARAMS = "defaults 64"
+
+SYSTEMD_SERVICE_${PN} = "neard.service"
diff --git a/poky/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch b/poky/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch
new file mode 100644
index 000000000..822939f0d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch
@@ -0,0 +1,31 @@
+From 398fed3bb0350cb1229e54e7020ae0e044c206d1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ulrich=20=C3=96lmann?= <u.oelmann@pengutronix.de>
+Date: Wed, 17 Feb 2016 08:33:45 +0100
+Subject: bugfix: adjust statd service name
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Upstream uses 'rpc-statd.service' and Yocto introduced 'nfs-statd.service'
+instead but forgot to update the mount.nfs helper 'start-statd' accordingly.
+
+Upstream-Status: Inappropriate [other]
+
+Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
+---
+ utils/statd/start-statd | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: nfs-utils-2.1.1/utils/statd/start-statd
+===================================================================
+--- nfs-utils-2.1.1.orig/utils/statd/start-statd
++++ nfs-utils-2.1.1/utils/statd/start-statd
+@@ -28,7 +28,7 @@ fi
+ # First try systemd if it's installed.
+ if [ -d /run/systemd/system ]; then
+ # Quit only if the call worked.
+- systemctl start rpc-statd.service && exit
++ systemctl start nfs-statd.service && exit
+ fi
+
+ cd /
diff --git a/poky/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch b/poky/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch
new file mode 100644
index 000000000..ede0dcefc
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch
@@ -0,0 +1,42 @@
+[PATCH] nfs-utils: debianize start-statd
+
+Upstream-Status: Pending
+
+make start-statd command to use nfscommon configure, too.
+
+Signed-off-by: Henrik Riomar <henrik.riomar@ericsson.com>
+Signed-off-by: Li Wang <li.wang@windriver.com>
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ utils/statd/start-statd | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/utils/statd/start-statd b/utils/statd/start-statd
+index 2fd6039..f591b34 100755
+--- a/utils/statd/start-statd
++++ b/utils/statd/start-statd
+@@ -17,6 +17,14 @@ then
+ # statd already running - must have been slow to respond.
+ exit 0
+ fi
++
++# Read config
++DEFAULTFILE=/etc/default/nfs-common
++NEED_IDMAPD=
++if [ -f $DEFAULTFILE ]; then
++ . $DEFAULTFILE
++fi
++
+ # First try systemd if it's installed.
+ if [ -d /run/systemd/system ]; then
+ # Quit only if the call worked.
+@@ -25,4 +33,4 @@ fi
+
+ cd /
+ # Fall back to launching it ourselves.
+-exec rpc.statd --no-notify
++exec rpc.statd --no-notify $STATDOPTS
+--
+2.6.6
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch
new file mode 100644
index 000000000..4ac529044
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch
@@ -0,0 +1,27 @@
+From a5e95a42e7bceddc9ecad06694c1a0588f4bafc8 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 14 Apr 2015 07:22:47 -0700
+Subject: [PATCH] include sys/types.h for getting u_* typedefs
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ cfg.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/cfg.h b/cfg.h
+index d4d4cab..fe49e8f 100644
+--- a/cfg.h
++++ b/cfg.h
+@@ -33,6 +33,7 @@
+ #ifndef _CONF_H_
+ #define _CONF_H_
+
++#include <sys/types.h>
+ #include "queue.h"
+
+ struct conf_list_node {
+--
+2.1.4
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch
new file mode 100644
index 000000000..4633da919
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch
@@ -0,0 +1,18 @@
+Set nobody user and group
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+--- a/idmapd.conf
++++ b/idmapd.conf
+@@ -17,8 +17,8 @@
+
+ [Mapping]
+
+-#Nobody-User = nobody
+-#Nobody-Group = nobody
++Nobody-User = nobody
++Nobody-Group = nogroup
+
+ [Translation]
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch
new file mode 100644
index 000000000..d81c7c5f3
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch
@@ -0,0 +1,13 @@
+Upstream-Status: Inappropriate [configuration]
+
+--- a/configure.in
++++ b/configure.in
+@@ -1,7 +1,7 @@
+ # -*- Autoconf -*-
+ # Process this file with autoconf to produce a configure script.
+
+-AC_PREREQ([2.68])
++AC_PREREQ([2.65])
+ AC_INIT([libnfsidmap],[0.25],[linux-nfs@vger.kernel.org])
+ AC_CONFIG_SRCDIR([nfsidmap.h])
+ AC_CONFIG_MACRO_DIR([m4])
diff --git a/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb
new file mode 100644
index 000000000..256577100
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb
@@ -0,0 +1,27 @@
+SUMMARY = "NFS id mapping library"
+HOMEPAGE = "http://www.citi.umich.edu/projects/nfsv4/linux/"
+SECTION = "libs"
+
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d9c6a2a0ca6017fda7cd905ed2739b37"
+
+SRC_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/${BPN}-${PV}.tar.gz \
+ file://fix-ac-prereq.patch \
+ file://Set_nobody_user_group.patch \
+ file://0001-include-sys-types.h-for-getting-u_-typedefs.patch \
+ "
+
+SRC_URI[md5sum] = "2ac4893c92716add1a1447ae01df77ab"
+SRC_URI[sha256sum] = "656d245d84400e1030f8f40a5a27da76370690c4a932baf249110f047fe7efcf"
+
+UPSTREAM_CHECK_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/"
+
+inherit autotools
+
+EXTRA_OECONF = "--disable-ldap"
+
+do_install_append () {
+ install -d ${D}${sysconfdir}/
+ install -m 0644 ${WORKDIR}/${BPN}-${PV}/idmapd.conf ${D}${sysconfdir}/idmapd.conf
+}
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch
new file mode 100644
index 000000000..26b558c81
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch
@@ -0,0 +1,40 @@
+From 9b84cff305866abd150cf1a4c6e7e5ebf8a7eb3a Mon Sep 17 00:00:00 2001
+From: Martin Jansa <Martin.Jansa@gmail.com>
+Date: Fri, 15 Nov 2013 23:21:35 +0100
+Subject: [PATCH] configure: Allow to explicitly disable nfsidmap
+
+* keyutils availability is autodetected and builds aren't reproducible
+
+Upstream-Status: Pending
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ configure.ac | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+Index: nfs-utils-2.1.1/configure.ac
+===================================================================
+--- nfs-utils-2.1.1.orig/configure.ac
++++ nfs-utils-2.1.1/configure.ac
+@@ -92,6 +92,12 @@ AC_ARG_ENABLE(nfsv4,
+ AC_SUBST(enable_nfsv4)
+ AM_CONDITIONAL(CONFIG_NFSV4, [test "$enable_nfsv4" = "yes"])
+
++AC_ARG_ENABLE(nfsidmap,
++ [AC_HELP_STRING([--enable-nfsidmap],
++ [enable support for NFSv4 idmapper @<:@default=yes@:>@])],
++ enable_nfsidmap=$enableval,
++ enable_nfsidmap=yes)
++
+ AC_ARG_ENABLE(nfsv41,
+ [AC_HELP_STRING([--disable-nfsv41],
+ [disable support for NFSv41 @<:@default=no@:>@])],
+@@ -339,7 +345,7 @@ fi
+
+ dnl enable nfsidmap when its support by libnfsidmap
+ AM_CONDITIONAL(CONFIG_NFSDCLTRACK, [test "$enable_nfsdcltrack" = "yes" ])
+-AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"])
++AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$enable_nfsidmap$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyesyes"])
+
+
+ if test "$knfsd_cv_glibc2" = no; then
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch
new file mode 100644
index 000000000..235a2c76f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-include-stdint.h-for-UINT16_MAX-definition.patch
@@ -0,0 +1,27 @@
+From 36b48057bce76dced335d67a2894a420967811c9 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 20 May 2017 14:07:53 -0700
+Subject: [PATCH] include stdint.h for UINT16_MAX definition
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ support/nsm/rpc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/support/nsm/rpc.c b/support/nsm/rpc.c
+index 4e5f40e..d91c6ea 100644
+--- a/support/nsm/rpc.c
++++ b/support/nsm/rpc.c
+@@ -40,6 +40,7 @@
+
+ #include <time.h>
+ #include <stdbool.h>
++#include <stdint.h>
+ #include <string.h>
+ #include <unistd.h>
+ #include <fcntl.h>
+--
+2.13.0
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
new file mode 100644
index 000000000..27ea58d36
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=NFS Mount Daemon
+DefaultDependencies=no
+Requires=proc-fs-nfsd.mount
+After=proc-fs-nfsd.mount
+After=network.target local-fs.target
+BindsTo=nfs-server.service
+ConditionPathExists=@SYSCONFDIR@/exports
+
+[Service]
+EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
+ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS
+
+[Install]
+WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
new file mode 100644
index 000000000..6481377d8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
@@ -0,0 +1,24 @@
+[Unit]
+Description=NFS server and services
+DefaultDependencies=no
+Requires=network.target proc-fs-nfsd.mount
+Requires=nfs-mountd.service
+Wants=rpcbind.service
+After=local-fs.target
+After=network.target proc-fs-nfsd.mount rpcbind.service nfs-mountd.service
+ConditionPathExists=@SYSCONFDIR@/exports
+
+[Service]
+Type=oneshot
+EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
+ExecStartPre=@SBINDIR@/exportfs -r
+ExecStart=@SBINDIR@/rpc.nfsd $NFSD_OPTS $NFSD_COUNT
+ExecStop=@SBINDIR@/rpc.nfsd 0
+ExecStopPost=@SBINDIR@/exportfs -au
+ExecStopPost=@SBINDIR@/exportfs -f
+ExecReload=@SBINDIR@/exportfs -r
+StandardError=syslog
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
new file mode 100644
index 000000000..6e196b8c8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=NFS status monitor for NFSv2/3 locking.
+DefaultDependencies=no
+Conflicts=umount.target
+Requires=nss-lookup.target rpcbind.service
+After=network.target nss-lookup.target rpcbind.service
+
+[Service]
+EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
+ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS
+
+[Install]
+WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch
new file mode 100644
index 000000000..89a8a5726
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch
@@ -0,0 +1,37 @@
+Fixes errors like
+sm-notify[1070]: DNS resolution of a.b.c.d..com failed; retrying later
+This error will occur anytime sm-notify is run before the network if fully up,
+which is happening more and more with parallel startup systems.
+The res_init() call is simple, safe, quick, and a patch to use it should be
+able to go upstream. Presumably the whole reason sm-notify tries several
+times is to wait for possible changes to the network configuration, but without
+calling res_init() it will never be aware of those changes
+
+Backported drom Fedora
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+
+Index: nfs-utils-2.1.1/utils/statd/sm-notify.c
+===================================================================
+--- nfs-utils-2.1.1.orig/utils/statd/sm-notify.c
++++ nfs-utils-2.1.1/utils/statd/sm-notify.c
+@@ -28,6 +28,9 @@
+ #include <netdb.h>
+ #include <errno.h>
+ #include <grp.h>
++#include <netinet/in.h>
++#include <arpa/nameser.h>
++#include <resolv.h>
+
+ #include "conffile.h"
+ #include "sockaddr.h"
+@@ -89,6 +92,7 @@ smn_lookup(const char *name)
+ };
+ int error;
+
++ res_init();
+ error = getaddrinfo(name, NULL, &hint, &ai);
+ if (error != 0) {
+ xlog(D_GENERAL, "getaddrinfo(3): %s", gai_strerror(error));
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
new file mode 100644
index 000000000..993f1e5ea
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
@@ -0,0 +1,42 @@
+nfs-utils: Do not pass CFLAGS to gcc while building
+
+Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has
+been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD).
+
+Upstream-Status: Pending
+
+Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
+---
+ tools/locktest/Makefile.am | 2 ++
+ tools/rpcgen/Makefile.am | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
+index 3156815..1729fd1 100644
+--- a/tools/locktest/Makefile.am
++++ b/tools/locktest/Makefile.am
+@@ -1,6 +1,8 @@
+ ## Process this file with automake to produce Makefile.in
+
+ CC=$(CC_FOR_BUILD)
++CFLAGS=
++LDFLAGS=
+ LIBTOOL = @LIBTOOL@ --tag=CC
+
+ noinst_PROGRAMS = testlk
+diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am
+index 8a9ec89..8bacdaa 100644
+--- a/tools/rpcgen/Makefile.am
++++ b/tools/rpcgen/Makefile.am
+@@ -1,6 +1,8 @@
+ ## Process this file with automake to produce Makefile.in
+
+ CC=$(CC_FOR_BUILD)
++CFLAGS=
++LDFLAGS=
+ LIBTOOL = @LIBTOOL@ --tag=CC
+
+ noinst_PROGRAMS = rpcgen
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils.conf b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils.conf
new file mode 100644
index 000000000..a1007a7fb
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils.conf
@@ -0,0 +1,35 @@
+# Parameters to be passed to nfs-utils (clients & server) service files.
+#
+
+# Options to pass to rpc.nfsd.
+NFSD_OPTS=""
+
+# Number of servers to start up; the default is 8 servers.
+NFSD_COUNT=""
+
+# Where to mount nfsd filesystem; the default is "/proc/fs/nfsd".
+PROCNFSD_MOUNTPOINT=""
+
+# Options used to mount nfsd filesystem; the default is "rw,nodev,noexec,nosuid".
+PROCNFSD_MOUNTOPTS=""
+
+# Options for rpc.mountd.
+# If you have a port-based firewall, you might want to set up
+# a fixed port here using the --port option.
+MOUNTD_OPTS=""
+
+# Parameters to be passed to nfs-common (nfs clients & server) init script.
+#
+
+# If you do not set values for the NEED_ options, they will be attempted
+# autodetected; this should be sufficient for most people. Valid alternatives
+# for the NEED_ options are "yes" and "no".
+
+# Do you want to start the statd daemon? It is not needed for NFSv4.
+NEED_STATD=""
+
+# Options to pass to rpc.statd.
+# N.B. statd normally runs on both client and server, and run-time
+# options should be specified accordingly.
+# STATD_OPTS="-p 32765 -o 32766"
+STATD_OPTS=""
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon
new file mode 100644
index 000000000..992267d5a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon
@@ -0,0 +1,63 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: nfs-common
+# Required-Start: $portmap hwclock
+# Required-Stop: $portmap hwclock
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: NFS support for both client and server
+# Description: NFS is a popular protocol for file sharing across
+# TCP/IP networks. This service provides various
+# support functions for NFS mounts.
+### END INIT INFO
+#
+# Startup script for nfs-utils
+#
+#
+# Location of executables:
+
+# Source function library.
+. /etc/init.d/functions
+
+test -x "$NFS_STATD" || NFS_STATD=/usr/sbin/rpc.statd
+test -z "$STATD_PID" && STATD_PID=/var/run/rpc.statd.pid
+#
+# The default state directory is /var/lib/nfs
+test -n "$NFS_STATEDIR" || NFS_STATEDIR=/var/lib/nfs
+#
+#----------------------------------------------------------------------
+# Startup and shutdown functions.
+# Actual startup/shutdown is at the end of this file.
+
+start_statd(){
+ echo -n "starting statd: "
+ start-stop-daemon --start --exec "$NFS_STATD" --pidfile "$STATD_PID"
+ echo done
+}
+stop_statd(){
+ echo -n 'stopping statd: '
+ start-stop-daemon --stop --quiet --signal 1 --pidfile "$STATD_PID"
+ echo done
+}
+#----------------------------------------------------------------------
+#
+# supported options:
+# start
+# stop
+# restart: stops and starts mountd
+#FIXME: need to create the /var/lib/nfs/... directories
+case "$1" in
+ start)
+ start_statd;;
+ stop)
+ stop_statd;;
+ status)
+ status $NFS_STATD
+ exit $?;;
+ restart)
+ $0 stop
+ $0 start;;
+ *)
+ echo "Usage: $0 {start|stop|status|restart}"
+ exit 1;;
+esac
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
new file mode 100644
index 000000000..d5e9c38a9
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
@@ -0,0 +1,130 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: nfs-kernel-server
+# Required-Start: $remote_fs nfs-common $portmap hwclock
+# Required-Stop: $remote_fs nfs-common $portmap hwclock
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Kernel NFS server support
+# Description: NFS is a popular protocol for file sharing across
+# TCP/IP networks. This service provides NFS server
+# functionality, which is configured via the
+# /etc/exports file.
+### END INIT INFO
+#
+# Startup script for nfs-utils
+#
+# Source function library.
+. /etc/init.d/functions
+#
+# The environment variable NFS_SERVERS may be set in /etc/default/nfsd
+# Other control variables may be overridden here too
+test -r /etc/default/nfsd && . /etc/default/nfsd
+#
+# Location of executables:
+test -x "$NFS_MOUNTD" || NFS_MOUNTD=/usr/sbin/rpc.mountd
+test -x "$NFS_NFSD" || NFS_NFSD=/usr/sbin/rpc.nfsd
+#
+# The user mode program must also exist (it just starts the kernel
+# threads using the kernel module code).
+test -x "$NFS_MOUNTD" || exit 0
+test -x "$NFS_NFSD" || exit 0
+#
+# Default is 8 threads, value is settable between 1 and the truely
+# ridiculous 99
+test "$NFS_SERVERS" != "" && test "$NFS_SERVERS" -gt 0 && test "$NFS_SERVERS" -lt 100 || NFS_SERVERS=8
+#
+#----------------------------------------------------------------------
+# Startup and shutdown functions.
+# Actual startup/shutdown is at the end of this file.
+#mountd
+start_mountd(){
+ echo -n 'starting mountd: '
+ start-stop-daemon --start --exec "$NFS_MOUNTD" -- "$@"
+ echo done
+}
+stop_mountd(){
+ echo -n 'stopping mountd: '
+ start-stop-daemon --stop --quiet --exec "$NFS_MOUNTD"
+ echo done
+}
+#
+#nfsd
+start_nfsd(){
+ modprobe -q nfsd
+ grep -q nfsd /proc/filesystems || {
+ echo NFS daemon support not enabled in kernel
+ exit 1
+ }
+ grep -q nfsd /proc/mounts || mount -t nfsd nfsd /proc/fs/nfsd
+ grep -q nfsd /proc/mounts || {
+ echo nfsd filesystem could not be mounted at /proc/fs/nfsd
+ exit 1
+ }
+
+ echo -n "starting $1 nfsd kernel threads: "
+ start-stop-daemon --start --exec "$NFS_NFSD" -- "$@"
+ echo done
+}
+delay_nfsd(){
+ for delay in 0 1 2 3 4 5 6 7 8 9
+ do
+ if pidof nfsd >/dev/null
+ then
+ echo -n .
+ sleep 1
+ else
+ return 0
+ fi
+ done
+ return 1
+}
+stop_nfsd(){
+ # WARNING: this kills any process with the executable
+ # name 'nfsd'.
+ echo -n 'stopping nfsd: '
+ start-stop-daemon --stop --quiet --signal 1 --name nfsd
+ if delay_nfsd || {
+ echo failed
+ echo ' using signal 9: '
+ start-stop-daemon --stop --quiet --signal 9 --name nfsd
+ delay_nfsd
+ }
+ then
+ echo done
+ else
+ echo failed
+ fi
+}
+
+#----------------------------------------------------------------------
+#
+# supported options:
+# start
+# stop
+# reload: reloads the exports file
+# restart: stops and starts mountd
+#FIXME: need to create the /var/lib/nfs/... directories
+case "$1" in
+ start)
+ exportfs -r
+ start_nfsd "$NFS_SERVERS"
+ start_mountd
+ test -r /etc/exports && exportfs -a;;
+ stop) exportfs -ua
+ stop_mountd
+ stop_nfsd;;
+ status)
+ status /usr/sbin/rpc.mountd
+ RETVAL=$?
+ status nfsd
+ rval=$?
+ [ $RETVAL -eq 0 ] && exit $rval
+ exit $RETVAL;;
+ reload) test -r /etc/exports && exportfs -r;;
+ restart)
+ $0 stop
+ $0 start;;
+ *) echo "Usage: $0 {start|stop|status|reload|restart}"
+ exit 1;;
+esac
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/proc-fs-nfsd.mount b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/proc-fs-nfsd.mount
new file mode 100644
index 000000000..630801b37
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/proc-fs-nfsd.mount
@@ -0,0 +1,8 @@
+[Unit]
+Description=NFSD configuration filesystem
+After=systemd-modules-load.service
+
+[Mount]
+What=nfsd
+Where=/proc/fs/nfsd
+Type=nfsd
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb
new file mode 100644
index 000000000..79453ad20
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.1.1.bb
@@ -0,0 +1,150 @@
+SUMMARY = "userspace utilities for kernel nfs"
+DESCRIPTION = "The nfs-utils package provides a daemon for the kernel \
+NFS server and related tools."
+HOMEPAGE = "http://nfs.sourceforge.net/"
+SECTION = "console/network"
+
+LICENSE = "MIT & GPLv2+ & BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84"
+
+# util-linux for libblkid
+DEPENDS = "libcap libnfsidmap libevent util-linux sqlite3 libtirpc"
+RDEPENDS_${PN} = "${PN}-client bash"
+RRECOMMENDS_${PN} = "kernel-module-nfsd"
+
+inherit useradd
+
+USERADD_PACKAGES = "${PN}-client"
+USERADD_PARAM_${PN}-client = "--system --home-dir /var/lib/nfs \
+ --shell /bin/false --user-group rpcuser"
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \
+ file://0001-configure-Allow-to-explicitly-disable-nfsidmap.patch \
+ file://nfs-utils-1.2.3-sm-notify-res_init.patch \
+ file://nfsserver \
+ file://nfscommon \
+ file://nfs-utils.conf \
+ file://nfs-server.service \
+ file://nfs-mountd.service \
+ file://nfs-statd.service \
+ file://proc-fs-nfsd.mount \
+ file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \
+ file://nfs-utils-debianize-start-statd.patch \
+ file://bugfix-adjust-statd-service-name.patch \
+ file://0001-include-stdint.h-for-UINT16_MAX-definition.patch \
+"
+
+SRC_URI[md5sum] = "59dfcb2e6254b129f901f40c86086b13"
+SRC_URI[sha256sum] = "0faeb54c70b84e6bd3b9b6901544b1f6add8d246f35c1683e402daf4e0c719ef"
+
+# Only kernel-module-nfsd is required here (but can be built-in) - the nfsd module will
+# pull in the remainder of the dependencies.
+
+INITSCRIPT_PACKAGES = "${PN} ${PN}-client"
+INITSCRIPT_NAME = "nfsserver"
+INITSCRIPT_PARAMS = "defaults"
+INITSCRIPT_NAME_${PN}-client = "nfscommon"
+INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21"
+
+inherit autotools-brokensep update-rc.d systemd pkgconfig
+
+SYSTEMD_PACKAGES = "${PN} ${PN}-client"
+SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service"
+SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service"
+
+# --enable-uuid is need for cross-compiling
+EXTRA_OECONF = "--with-statduser=rpcuser \
+ --enable-mountconfig \
+ --enable-libmount-mount \
+ --enable-uuid \
+ --disable-gss \
+ --disable-nfsdcltrack \
+ --with-statdpath=/var/lib/nfs/statd \
+ "
+
+PACKAGECONFIG ??= "tcp-wrappers \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
+"
+PACKAGECONFIG_remove_libc-musl = "tcp-wrappers"
+PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers"
+PACKAGECONFIG[nfsidmap] = "--enable-nfsidmap,--disable-nfsidmap,keyutils"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+# libdevmapper is available in meta-oe
+PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper"
+
+PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats"
+
+CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \
+ ${localstatedir}/lib/nfs/rmtab \
+ ${localstatedir}/lib/nfs/xtab \
+ ${localstatedir}/lib/nfs/statd/state \
+ ${sysconfdir}/nfsmount.conf"
+
+FILES_${PN}-client = "${sbindir}/*statd \
+ ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \
+ ${sbindir}/showmount ${sbindir}/nfsstat \
+ ${localstatedir}/lib/nfs \
+ ${sysconfdir}/nfs-utils.conf \
+ ${sysconfdir}/nfsmount.conf \
+ ${sysconfdir}/init.d/nfscommon \
+ ${systemd_unitdir}/system/nfs-statd.service"
+RDEPENDS_${PN}-client = "${PN}-mount rpcbind"
+
+FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*"
+
+FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat"
+RDEPENDS_${PN}-stats = "python3-core"
+
+FILES_${PN} += "${systemd_unitdir}"
+
+do_configure_prepend() {
+ sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \
+ ${S}/utils/mount/Makefile.am
+
+ sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \
+ ${S}/utils/osd_login/Makefile.am
+}
+
+# Make clean needed because the package comes with
+# precompiled 64-bit objects that break the build
+do_compile_prepend() {
+ make clean
+}
+
+do_install_append () {
+ install -d ${D}${sysconfdir}/init.d
+ install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver
+ install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon
+
+ install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir}
+ install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir}
+
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/
+ install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/
+ install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/
+ sed -i -e 's,@SBINDIR@,${sbindir},g' \
+ -e 's,@SYSCONFDIR@,${sysconfdir},g' \
+ ${D}${systemd_unitdir}/system/*.service
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/
+ install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/
+ ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount
+ fi
+
+ # kernel code as of 3.8 hard-codes this path as a default
+ install -d ${D}/var/lib/nfs/v4recovery
+
+ # chown the directories and files
+ chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd
+ chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state
+
+ # the following are built by CC_FOR_BUILD
+ rm -f ${D}${sbindir}/rpcdebug
+ rm -f ${D}${sbindir}/rpcgen
+ rm -f ${D}${sbindir}/locktest
+
+ # Make python tools use python 3
+ sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat
+
+}
diff --git a/poky/meta/recipes-connectivity/ofono/ofono.inc b/poky/meta/recipes-connectivity/ofono/ofono.inc
new file mode 100644
index 000000000..0472414b1
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ofono/ofono.inc
@@ -0,0 +1,39 @@
+HOMEPAGE = "http://www.ofono.org"
+SUMMARY = "open source telephony"
+DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands."
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
+ file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee"
+
+inherit autotools pkgconfig update-rc.d systemd bluetooth gobject-introspection-data
+
+DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info"
+
+INITSCRIPT_NAME = "ofono"
+INITSCRIPT_PARAMS = "defaults 22"
+
+PACKAGECONFIG ??= "\
+ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
+ "
+PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir="
+PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}"
+
+EXTRA_OECONF += "--enable-test"
+
+SYSTEMD_SERVICE_${PN} = "ofono.service"
+
+do_install_append() {
+ install -d ${D}${sysconfdir}/init.d/
+ install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
+}
+
+PACKAGES =+ "${PN}-tests"
+
+RDEPENDS_${PN} += "dbus"
+RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info"
+
+FILES_${PN} += "${systemd_unitdir}"
+FILES_${PN}-tests = "${libdir}/${BPN}/test"
+RDEPENDS_${PN}-tests = "python3 python3-dbus"
+RDEPENDS_${PN}-tests += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
diff --git a/poky/meta/recipes-connectivity/ofono/ofono/ofono b/poky/meta/recipes-connectivity/ofono/ofono/ofono
new file mode 100644
index 000000000..cc9970929
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ofono/ofono/ofono
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+DAEMON=/usr/sbin/ofonod
+PIDFILE=/var/run/ofonod.pid
+DESC="Telephony daemon"
+
+if [ -f /etc/default/ofono ] ; then
+ . /etc/default/ofono
+fi
+
+set -e
+
+do_start() {
+ $DAEMON
+}
+
+do_stop() {
+ start-stop-daemon --stop --name ofonod --quiet
+}
+
+case "$1" in
+ start)
+ echo "Starting $DESC"
+ do_start
+ ;;
+ stop)
+ echo "Stopping $DESC"
+ do_stop
+ ;;
+ restart|force-reload)
+ echo "Restarting $DESC"
+ do_stop
+ sleep 1
+ do_start
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/poky/meta/recipes-connectivity/ofono/ofono/use-python3.patch b/poky/meta/recipes-connectivity/ofono/ofono/use-python3.patch
new file mode 100644
index 000000000..7b8407525
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ofono/ofono/use-python3.patch
@@ -0,0 +1,27 @@
+set-ddr should use Python3 like all the other tests.
+
+Upstream-Status: Submitted
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 17b69cd1da4c5c5f732acb38ca1602446c567ee7 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Mon, 29 Jan 2018 11:31:25 +0000
+Subject: [PATCH] test/setddr: use Python 3
+
+All the other tests use Python 3, so this should to.
+---
+ test/set-ddr | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/set-ddr b/test/set-ddr
+index 5d061b95..33631f31 100755
+--- a/test/set-ddr
++++ b/test/set-ddr
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/python3
+
+ import sys
+ import dbus
+--
+2.11.0
diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.22.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.22.bb
new file mode 100644
index 000000000..e57eaa77e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ofono/ofono_1.22.bb
@@ -0,0 +1,9 @@
+require ofono.inc
+
+SRC_URI = "\
+ ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+ file://ofono \
+ file://use-python3.patch \
+"
+SRC_URI[md5sum] = "2a683ab8e98448ad8bc5dc9868d2893e"
+SRC_URI[sha256sum] = "8e34a6696c300c9841b55e8dff640bd3096e49f5dbe55bbebaa69a71676f687e"
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/poky/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
new file mode 100644
index 000000000..b8402a4de
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
@@ -0,0 +1,47 @@
+Adjust test cases to work with busybox.
+
+- Replace dd parameter "obs" with "bs".
+- Replace "head -<num>" with "head -n <num>".
+
+Signed-off-by: Maxin B. John <maxin.john@enea.com>
+Upstream-Status: Pending
+
+Index: openssh-7.6p1/regress/cipher-speed.sh
+===================================================================
+--- openssh-7.6p1.orig/regress/cipher-speed.sh
++++ openssh-7.6p1/regress/cipher-speed.sh
+@@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for
+ printf "%-60s" "$c/$m:"
+ ( ${SSH} -o 'compression no' \
+ -F $OBJ/ssh_proxy -m $m -c $c somehost \
+- exec sh -c \'"dd of=/dev/null obs=32k"\' \
++ exec sh -c \'"dd of=/dev/null bs=32k"\' \
+ < ${DATA} ) 2>&1 | getbytes
+
+ if [ $? -ne 0 ]; then
+Index: openssh-7.6p1/regress/transfer.sh
+===================================================================
+--- openssh-7.6p1.orig/regress/transfer.sh
++++ openssh-7.6p1/regress/transfer.sh
+@@ -13,7 +13,7 @@ cmp ${DATA} ${COPY} || fail "corrupted
+ for s in 10 100 1k 32k 64k 128k 256k; do
+ trace "dd-size ${s}"
+ rm -f ${COPY}
+- dd if=$DATA obs=${s} 2> /dev/null | \
++ dd if=$DATA bs=${s} 2> /dev/null | \
+ ${SSH} -q -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+Index: openssh-7.6p1/regress/key-options.sh
+===================================================================
+--- openssh-7.6p1.orig/regress/key-options.sh
++++ openssh-7.6p1/regress/key-options.sh
+@@ -47,7 +47,7 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do
+ fi
+
+ sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
+- from=`head -1 $authkeys | cut -f1 -d ' '`
++ from=`head -n 1 $authkeys | cut -f1 -d ' '`
+ verbose "key option $from"
+ r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'`
+ if [ "$r" = "true" ]; then
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch b/poky/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch
new file mode 100644
index 000000000..8a2d1a0a7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch
@@ -0,0 +1,39 @@
+From 265eaab8b39d8d8721224a48eefed5bf1696d353 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Wed, 18 Apr 2018 21:58:32 +0800
+Subject: [PATCH] disable ciphers not supported by OpenSSL DES
+
+While compiling openssl with option `no-des', it caused the openssh
+build failure
+...
+cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function);
+...
+
+OpenSSL configured that way defines OPENSSL_NO_DES to disable des
+
+Suggested by dtucker@
+
+Upstream-Status: Submitted [openssh-unix-dev@mindrot.org]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ cipher.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/cipher.c b/cipher.c
+index c3cd5dc..86558e1 100644
+--- a/cipher.c
++++ b/cipher.c
+@@ -82,7 +82,9 @@ struct sshcipher {
+
+ static const struct sshcipher ciphers[] = {
+ #ifdef WITH_OPENSSL
++#ifndef OPENSSL_NO_DES
+ { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },
++#endif
+ { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
+ { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
+ { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
new file mode 100644
index 000000000..7e043a2db
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
@@ -0,0 +1,99 @@
+From 3328e98bcbf2930cd7eea3e6c92ad5dcbdf4794f Mon Sep 17 00:00:00 2001
+From: Yuanjie Huang <yuanjie.huang@windriver.com>
+Date: Wed, 24 Aug 2016 03:15:43 +0000
+Subject: [PATCH] Fix potential signed overflow in pointer arithmatic
+
+Pointer arithmatic results in implementation defined signed integer
+type, so that 's - src' in strlcpy and others may trigger signed overflow.
+In case of compilation by gcc or clang with -ftrapv option, the overflow
+would lead to program abort.
+
+Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
+
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ openbsd-compat/strlcat.c | 8 ++++++--
+ openbsd-compat/strlcpy.c | 8 ++++++--
+ openbsd-compat/strnlen.c | 8 ++++++--
+ 3 files changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
+index bcc1b61..e758ebf 100644
+--- a/openbsd-compat/strlcat.c
++++ b/openbsd-compat/strlcat.c
+@@ -23,6 +23,7 @@
+
+ #include <sys/types.h>
+ #include <string.h>
++#include <stdint.h>
+
+ /*
+ * Appends src to string dst of size siz (unlike strncat, siz is the
+@@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz)
+ s++;
+ }
+ *d = '\0';
+-
+- return(dlen + (s - src)); /* count does not include NUL */
++ /*
++ * Cast pointers to unsigned type before calculation, to avoid signed
++ * overflow when the string ends where the MSB has changed.
++ */
++ return (dlen + ((uintptr_t)s - (uintptr_t)src)); /* count does not include NUL */
+ }
+
+ #endif /* !HAVE_STRLCAT */
+diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c
+index b4b1b60..b06f374 100644
+--- a/openbsd-compat/strlcpy.c
++++ b/openbsd-compat/strlcpy.c
+@@ -23,6 +23,7 @@
+
+ #include <sys/types.h>
+ #include <string.h>
++#include <stdint.h>
+
+ /*
+ * Copy src to string dst of size siz. At most siz-1 characters
+@@ -51,8 +52,11 @@ strlcpy(char *dst, const char *src, size_t siz)
+ while (*s++)
+ ;
+ }
+-
+- return(s - src - 1); /* count does not include NUL */
++ /*
++ * Cast pointers to unsigned type before calculation, to avoid signed
++ * overflow when the string ends where the MSB has changed.
++ */
++ return ((uintptr_t)s - (uintptr_t)src - 1); /* count does not include NUL */
+ }
+
+ #endif /* !HAVE_STRLCPY */
+diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c
+index 93d5155..9b8de5d 100644
+--- a/openbsd-compat/strnlen.c
++++ b/openbsd-compat/strnlen.c
+@@ -23,6 +23,7 @@
+ #include <sys/types.h>
+
+ #include <string.h>
++#include <stdint.h>
+
+ size_t
+ strnlen(const char *str, size_t maxlen)
+@@ -31,7 +32,10 @@ strnlen(const char *str, size_t maxlen)
+
+ for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
+ ;
+-
+- return (size_t)(cp - str);
++ /*
++ * Cast pointers to unsigned type before calculation, to avoid signed
++ * overflow when the string ends where the MSB has changed.
++ */
++ return (size_t)((uintptr_t)cp - (uintptr_t)str);
+ }
+ #endif
+--
+1.9.1
+
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/init b/poky/meta/recipes-connectivity/openssh/openssh/init
new file mode 100644
index 000000000..34ba0f846
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/init
@@ -0,0 +1,90 @@
+#! /bin/sh
+set -e
+
+PIDFILE=/var/run/sshd.pid
+
+# source function library
+. /etc/init.d/functions
+
+# /etc/init.d/ssh: start and stop the OpenBSD "secure shell" daemon
+
+test -x /usr/sbin/sshd || exit 0
+( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
+
+# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
+if test -f /etc/default/ssh; then
+ . /etc/default/ssh
+fi
+
+[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
+mkdir -p $SYSCONFDIR
+
+check_for_no_start() {
+ # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
+ if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then
+ echo "OpenBSD Secure Shell server not in use ($SYSCONFDIR/sshd_not_to_be_run)"
+ exit 0
+ fi
+}
+
+check_privsep_dir() {
+ # Create the PrivSep empty dir if necessary
+ if [ ! -d /var/run/sshd ]; then
+ mkdir /var/run/sshd
+ chmod 0755 /var/run/sshd
+ fi
+}
+
+check_config() {
+ /usr/sbin/sshd -t $SSHD_OPTS || exit 1
+}
+
+export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
+
+case "$1" in
+ start)
+ check_for_no_start
+ echo "Starting OpenBSD Secure Shell server: sshd"
+ @LIBEXECDIR@/sshd_check_keys
+ check_privsep_dir
+ start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
+ echo "done."
+ ;;
+ stop)
+ echo -n "Stopping OpenBSD Secure Shell server: sshd"
+ start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd
+ echo "."
+ ;;
+
+ reload|force-reload)
+ check_for_no_start
+ @LIBEXECDIR@/sshd_check_keys
+ check_config
+ echo -n "Reloading OpenBSD Secure Shell server's configuration"
+ start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd
+ echo "."
+ ;;
+
+ restart)
+ @LIBEXECDIR@/sshd_check_keys
+ check_config
+ echo -n "Restarting OpenBSD Secure Shell server: sshd"
+ start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd
+ check_for_no_start
+ check_privsep_dir
+ sleep 2
+ start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
+ echo "."
+ ;;
+
+ status)
+ status /usr/sbin/sshd
+ exit $?
+ ;;
+
+ *)
+ echo "Usage: /etc/init.d/ssh {start|stop|status|reload|force-reload|restart}"
+ exit 1
+esac
+
+exit 0
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/run-ptest b/poky/meta/recipes-connectivity/openssh/openssh/run-ptest
new file mode 100755
index 000000000..36a3d2a7b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/run-ptest
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+export TEST_SHELL=sh
+
+cd regress
+sed -i "/\t\tagent-ptrace /d" Makefile
+make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \
+ | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
+
+SSHAGENT=`which ssh-agent`
+GDB=`which gdb`
+
+if [ -z "${SSHAGENT}" -o -z "${GDB}" ]; then
+ echo "SKIP: agent-ptrace"
+ exit
+fi
+
+useradd openssh-test
+
+eval `su -c "${SSHAGENT} -s" openssh-test` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ echo "FAIL: could not start ssh-agent: exit code $r"
+else
+ su -c "gdb -p ${SSH_AGENT_PID}" openssh-test > /tmp/gdb.out 2>&1 << EOF
+ quit
+EOF
+ r=$?
+ if [ $r -ne 0 ]; then
+ echo "gdb failed: exit code $r"
+ fi
+ egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null /tmp/gdb.out
+ r=$?
+ rm -f /tmp/gdb.out
+ if [ $r -ne 0 ]; then
+ echo "FAIL: ptrace agent"
+ else
+ echo "PASS: ptrace agent"
+ fi
+
+ ${SSHAGENT} -k > /dev/null
+fi
+userdel openssh-test
+
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/ssh_config b/poky/meta/recipes-connectivity/openssh/openssh/ssh_config
new file mode 100644
index 000000000..9e919156d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/ssh_config
@@ -0,0 +1,48 @@
+# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
+
+# This is the ssh client system-wide configuration file. See
+# ssh_config(5) for more information. This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+# Configuration data is parsed as follows:
+# 1. command line options
+# 2. user-specific file
+# 3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+
+# Site-wide defaults for some commonly used options. For a comprehensive
+# list of available options, their meanings and defaults, please see the
+# ssh_config(5) man page.
+
+Host *
+ ForwardAgent yes
+ ForwardX11 yes
+# RhostsRSAAuthentication no
+# RSAAuthentication yes
+# PasswordAuthentication yes
+# HostbasedAuthentication no
+# GSSAPIAuthentication no
+# GSSAPIDelegateCredentials no
+# BatchMode no
+# CheckHostIP yes
+# AddressFamily any
+# ConnectTimeout 0
+# StrictHostKeyChecking ask
+# IdentityFile ~/.ssh/identity
+# IdentityFile ~/.ssh/id_rsa
+# IdentityFile ~/.ssh/id_dsa
+# Port 22
+# Protocol 2,1
+# Cipher 3des
+# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
+# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+# EscapeChar ~
+# Tunnel no
+# TunnelDevice any:any
+# PermitLocalCommand no
+# VisualHostKey no
+# ProxyCommand ssh -q -W %h:%p gateway.example.com
+# RekeyLimit 1G 1h
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd b/poky/meta/recipes-connectivity/openssh/openssh/sshd
new file mode 100644
index 000000000..4882e58b4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd
@@ -0,0 +1,10 @@
+#%PAM-1.0
+
+auth include common-auth
+account required pam_nologin.so
+account include common-account
+password include common-password
+session optional pam_keyinit.so force revoke
+session include common-session
+session required pam_loginuid.so
+
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket b/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket
new file mode 100644
index 000000000..12c39b26b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd.socket
@@ -0,0 +1,10 @@
+[Unit]
+Conflicts=sshd.service
+
+[Socket]
+ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service b/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service
new file mode 100644
index 000000000..9d83dfb2b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd@.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=OpenSSH Per-Connection Daemon
+Wants=sshdgenkeys.service
+After=sshdgenkeys.service
+
+[Service]
+Environment="SSHD_OPTS="
+EnvironmentFile=-/etc/default/ssh
+ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS
+ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
+StandardInput=socket
+StandardError=syslog
+KillMode=process
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
new file mode 100644
index 000000000..5463b1a4c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -0,0 +1,90 @@
+#! /bin/sh
+
+generate_key() {
+ local FILE=$1
+ local TYPE=$2
+ local DIR="$(dirname "$FILE")"
+
+ mkdir -p "$DIR"
+ ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE
+
+ # Atomically rename file public key
+ mv -f "${FILE}.tmp.pub" "${FILE}.pub"
+
+ # This sync does double duty: Ensuring that the data in the temporary
+ # private key file is on disk before the rename, and ensuring that the
+ # public key rename is completed before the private key rename, since we
+ # switch on the existence of the private key to trigger key generation.
+ # This does mean it is possible for the public key to exist, but be garbage
+ # but this is OK because in that case the private key won't exist and the
+ # keys will be regenerated.
+ #
+ # In the event that sync understands arguments that limit what it tries to
+ # fsync(), we provided them. If it does not, it will simply call sync()
+ # which is just as well
+ sync "${FILE}.pub" "$DIR" "${FILE}.tmp"
+
+ mv "${FILE}.tmp" "$FILE"
+
+ # sync to ensure the atomic rename is committed
+ sync "$DIR"
+}
+
+# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
+if test -f /etc/default/ssh; then
+ . /etc/default/ssh
+fi
+
+[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
+mkdir -p $SYSCONFDIR
+
+# parse sshd options
+set -- ${SSHD_OPTS} --
+sshd_config=/etc/ssh/sshd_config
+while true ; do
+ case "$1" in
+ -f*) if [ "$1" = "-f" ] ; then
+ sshd_config="$2"
+ shift
+ else
+ sshd_config="${1#-f}"
+ fi
+ shift
+ ;;
+ --) shift; break;;
+ *) shift;;
+ esac
+done
+
+# parse location of keys
+HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
+HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
+HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
+HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
+[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
+
+# create keys if necessary
+if [ ! -f $HOST_KEY_RSA ]; then
+ echo " generating ssh RSA key..."
+ generate_key $HOST_KEY_RSA rsa
+fi
+if [ ! -f $HOST_KEY_ECDSA ]; then
+ echo " generating ssh ECDSA key..."
+ generate_key $HOST_KEY_ECDSA ecdsa
+fi
+if [ ! -f $HOST_KEY_DSA ]; then
+ echo " generating ssh DSA key..."
+ generate_key $HOST_KEY_DSA dsa
+fi
+if [ ! -f $HOST_KEY_ED25519 ]; then
+ echo " generating ssh ED25519 key..."
+ generate_key $HOST_KEY_ED25519 ed25519
+fi
+
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshd_config b/poky/meta/recipes-connectivity/openssh/openssh/sshd_config
new file mode 100644
index 000000000..31fe5d924
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -0,0 +1,132 @@
+# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options change a
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#PermitUserEnvironment no
+Compression no
+ClientAliveInterval 15
+ClientAliveCountMax 4
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem sftp /usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/poky/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
new file mode 100644
index 000000000..603c33787
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenSSH Key Generation
+RequiresMountsFor=/var /run
+
+[Service]
+ExecStart=@LIBEXECDIR@/sshd_check_keys
+Type=oneshot
+RemainAfterExit=yes
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd b/poky/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd
new file mode 100644
index 000000000..a0d2af3c6
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd
@@ -0,0 +1,2 @@
+d root root 0755 /var/run/sshd none
+f root root 0644 /var/log/lastlog none
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_7.6p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_7.6p1.bb
new file mode 100644
index 000000000..e11e8d774
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh_7.6p1.bb
@@ -0,0 +1,167 @@
+SUMMARY = "A suite of security-related network utilities based on \
+the SSH protocol including the ssh client and sshd server"
+DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
+Ssh (Secure Shell) is a program for logging into a remote machine \
+and for executing commands on a remote machine."
+HOMEPAGE = "http://www.openssh.com/"
+SECTION = "console/network"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8"
+
+# openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48
+DEPENDS = "zlib openssl10"
+DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+
+SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
+ file://sshd_config \
+ file://ssh_config \
+ file://init \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+ file://sshd.socket \
+ file://sshd@.service \
+ file://sshdgenkeys.service \
+ file://volatiles.99_sshd \
+ file://run-ptest \
+ file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
+ file://sshd_check_keys \
+ file://add-test-support-for-busybox.patch \
+ file://disable-ciphers-not-supported-by-OpenSSL-DES.patch \
+ "
+
+PAM_SRC_URI = "file://sshd"
+
+SRC_URI[md5sum] = "06a88699018e5fef13d4655abfed1f63"
+SRC_URI[sha256sum] = "a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723"
+
+inherit useradd update-rc.d update-alternatives systemd
+
+USERADD_PACKAGES = "${PN}-sshd"
+USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
+INITSCRIPT_PACKAGES = "${PN}-sshd"
+INITSCRIPT_NAME_${PN}-sshd = "sshd"
+INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
+
+SYSTEMD_PACKAGES = "${PN}-sshd"
+SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket"
+
+inherit autotools-brokensep ptest
+
+# LFS support:
+CFLAGS += "-D__FILE_OFFSET_BITS=64"
+
+EXTRA_AUTORECONF += "--exclude=aclocal"
+
+# login path is hardcoded in sshd
+EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
+ --without-zlib-version-check \
+ --with-privsep-path=/var/run/sshd \
+ --sysconfdir=${sysconfdir}/ssh \
+ --with-xauth=/usr/bin/xauth \
+ --disable-strip \
+ "
+
+# musl doesn't implement wtmp/utmp
+EXTRA_OECONF_append_libc-musl = " --disable-wtmp"
+
+# Since we do not depend on libbsd, we do not want configure to use it
+# just because it finds libutil.h. But, specifying --disable-libutil
+# causes compile errors, so...
+CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no"
+
+# passwd path is hardcoded in sshd
+CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
+
+# We don't want to depend on libblockfile
+CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no"
+
+do_configure_prepend () {
+ export LD="${CC}"
+ install -m 0644 ${WORKDIR}/sshd_config ${B}/
+ install -m 0644 ${WORKDIR}/ssh_config ${B}/
+}
+
+do_compile_ptest() {
+ # skip regress/unittests/ binaries: this will silently skip
+ # unittests in run-ptests which is good because they are so slow.
+ oe_runmake regress/modpipe regress/setuid-allowed regress/netcat
+}
+
+do_install_append () {
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
+ install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
+ sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
+ fi
+
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then
+ sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config
+ fi
+
+ install -d ${D}${sysconfdir}/init.d
+ install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
+ rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
+ rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
+ install -d ${D}/${sysconfdir}/default/volatiles
+ install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
+ install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir}
+
+ # Create config files for read-only rootfs
+ install -d ${D}${sysconfdir}/ssh
+ install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
+ sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
+ echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+ echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+ echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+ echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+
+ install -d ${D}${systemd_unitdir}/system
+ install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
+ install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system
+ install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system
+ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+ -e 's,@SBINDIR@,${sbindir},g' \
+ -e 's,@BINDIR@,${bindir},g' \
+ -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
+ ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
+
+ sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
+ ${D}${sysconfdir}/init.d/sshd
+
+ install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
+}
+
+do_install_ptest () {
+ sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh
+ cp -r regress ${D}${PTEST_PATH}
+}
+
+ALLOW_EMPTY_${PN} = "1"
+
+PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
+FILES_${PN}-scp = "${bindir}/scp.${BPN}"
+FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
+FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
+FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
+FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
+FILES_${PN}-sftp = "${bindir}/sftp"
+FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
+FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
+FILES_${PN}-keygen = "${bindir}/ssh-keygen"
+
+RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
+RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
+RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make"
+
+RPROVIDES_${PN}-ssh = "ssh"
+RPROVIDES_${PN}-sshd = "sshd"
+
+RCONFLICTS_${PN} = "dropbear"
+RCONFLICTS_${PN}-sshd = "dropbear"
+RCONFLICTS_${PN}-keygen = "ssh-keygen"
+
+CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
+CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
+
+ALTERNATIVE_PRIORITY = "90"
+ALTERNATIVE_${PN}-scp = "scp"
+ALTERNATIVE_${PN}-ssh = "ssh"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch
new file mode 100644
index 000000000..2270962a6
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch
@@ -0,0 +1,45 @@
+From 2f6026cb8b16cf00726e3c5625c023f196680f07 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 17 Mar 2017 12:52:08 -0700
+Subject: [PATCH] Fix build with clang using external assembler
+
+Cherry-picked from
+https://github.com/openssl/openssl/commit/11208dcfb9105e8afa37233185decefd45e89e17
+https://github.com/openssl/openssl/commit/fbab8baddef8d3346ae40ff068871e2ddaf10270
+https://github.com/openssl/openssl/commit/6cf412c473d8145562b76219ce3da73b201b3255
+
+Fixes
+
+| ghash-armv4.S: Assembler messages:
+| ghash-armv4.S:81: Error: bad instruction `ldrbpl r12,[r2,r3]'
+| ghash-armv4.S:91: Error: bad instruction `ldrbpl r8,[r0,r3]'
+| ghash-armv4.S:137: Error: bad instruction `ldrbne r12,[r2,#15]'
+| ghash-armv4.S:224: Error: bad instruction `ldrbpl r12,[r0,r3]'
+| clang-4.0: error: assembler command failed with exit code 1 (use -v to see invocation)
+| make[2]: *** [<builtin>: ghash-armv4.o] Error 1
+
+Upstream-Status: Backport
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ crypto/modes/asm/ghash-armv4.pl | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
+index 8ccc963ef..442fed4da 100644
+--- a/crypto/modes/asm/ghash-armv4.pl
++++ b/crypto/modes/asm/ghash-armv4.pl
+@@ -124,7 +124,10 @@ $code=<<___;
+ #include "arm_arch.h"
+
+ .text
++#if defined(__thumb2__) || defined(__clang__)
++.syntax unified
++#endif
+ .code 32
+
+ #ifdef __clang__
+ #define ldrplb ldrbpl
+--
+2.12.0
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch
new file mode 100644
index 000000000..dd1a9b1dd
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch
@@ -0,0 +1,46 @@
+From 3d9199423d48766649a2b2ebb3924e892ed16fa4 Mon Sep 17 00:00:00 2001
+From: Randy MacLeod <Randy.MacLeod@windriver.com>
+Date: Tue, 20 Jun 2017 15:32:08 -0400
+Subject: [PATCH] openssl: Force soft link to avoid rare race
+
+This patch works around a rare parallel build race condition.
+The error seen is:
+
+ln: failed to create symbolic link 'libssl.so': File exists
+make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1
+make[4]: Leaving directory
+'/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k'
+
+The openssl team is rewriting their build files so it's not
+appropriate for openssl upstream and fixing the root cause of
+the Makefile race condition was also not pursued.
+
+Upstream-Status: Inappropriate [build rules rewrite in progress]
+Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
+---
+ Makefile.shared | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.shared b/Makefile.shared
+index e8d222a..1bff92f 100644
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -118,14 +118,14 @@
+ if [ -n "$$SHLIB_COMPAT" ]; then \
+ for x in $$SHLIB_COMPAT; do \
+ ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
+- ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
++ ln -sf $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
+ prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
++ ln -sf $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+ fi
+
+--
+2.9.3
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch
new file mode 100644
index 000000000..2122fa1fb
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch
@@ -0,0 +1,93 @@
+From a176c69f4fdfbfa7e4ccb79d91c3b6602da7e69a Mon Sep 17 00:00:00 2001
+From: Anders Roxell <anders.roxell@enea.com>
+Date: Thu, 24 Apr 2014 19:28:25 +0200
+Subject: [PATCH 19/28] openssl: enable ptest support
+
+Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
+cross-compiled.
+
+Signed-off-by: Anders Roxell <anders.roxell@enea.com>
+Signed-off-by: Maxin B. John <maxin.john@enea.com>
+Upstream-Status: Pending
+
+---
+ Makefile.org | 10 +-
+ Makefile.org.orig | 7 +-
+ test/Makefile | 13 +-
+ test/Makefile.orig | 987 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 1009 insertions(+), 8 deletions(-)
+ create mode 100644 test/Makefile.orig
+
+diff --git a/Makefile.org b/Makefile.org
+index 111fbba..8e7936c 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -468,8 +468,16 @@ rehash.time: certs apps
+ test: tests
+
+ tests: rehash
++ $(MAKE) buildtest
++ $(MAKE) runtest
++
++buildtest:
++ @(cd test && \
++ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
++
++runtest:
+ @(cd test && echo "testing..." && \
+- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
++ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
+ OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
+
+ report:
+diff --git a/test/Makefile b/test/Makefile
+index a1f7eeb..b2984c4 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -150,7 +150,7 @@ tests: exe apps $(TESTS)
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+
+-alltests: \
++all-tests= \
+ test_des test_idea test_sha test_md4 test_md5 test_hmac \
+ test_md2 test_mdc2 test_wp \
+ test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+@@ -162,6 +162,11 @@ alltests: \
+ test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
+ test_dtls test_bad_dtls test_fatalerr
+
++alltests:
++ @(for i in $(all-tests); do \
++ ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
++ done)
++
+ test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
+ ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
+
+@@ -230,7 +235,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pe
+ echo test second x509v3 certificate
+ sh ./tx509 v3-cert2.pem 2>/dev/null
+
+-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
++test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
+ @sh ./trsa 2>/dev/null
+ ../util/shlib_wrap.sh ./$(RSATEST)
+
+@@ -331,11 +336,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
+ sh ./testtsa; \
+ fi
+
+-test_ige: $(IGETEST)$(EXE_EXT)
++test_ige:
+ @echo "Test IGE mode"
+ ../util/shlib_wrap.sh ./$(IGETEST)
+
+-test_jpake: $(JPAKETEST)$(EXE_EXT)
++test_jpake:
+ @echo "Test JPAKE"
+ ../util/shlib_wrap.sh ./$(JPAKETEST)
+
+--
+2.15.1
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch
new file mode 100644
index 000000000..58c9ee784
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch
@@ -0,0 +1,69 @@
+From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
+From: Rich Salz <rsalz@akamai.com>
+Date: Sat, 13 Jun 2015 17:03:39 -0400
+Subject: [PATCH] Use SHA256 not MD5 as default digest.
+
+Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
+
+Upstream-Status: Backport
+Backport from OpenSSL 2.0 to OpenSSL 1.0.2
+Commit f8547f62c212837dbf44fb7e2755e5774a59a57b
+
+CVE: CVE-2004-2761
+
+ The MD5 Message-Digest Algorithm is not collision resistant,
+ which makes it easier for context-dependent attackers to
+ conduct spoofing attacks, as demonstrated by attacks on the
+ use of MD5 in the signature algorithm of an X.509 certificate.
+
+Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
+Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
+Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
+---
+ apps/ca.c | 2 +-
+ apps/dgst.c | 2 +-
+ apps/enc.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/apps/ca.c b/apps/ca.c
+index 3b7336c..8f3a84b 100644
+--- a/apps/ca.c
++++ b/apps/ca.c
+@@ -1612,7 +1612,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ } else
+ BIO_printf(bio_err, "Signature ok\n");
+
+- if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
++ if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
+ goto err;
+
+ ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+diff --git a/apps/dgst.c b/apps/dgst.c
+index 95e5fa3..0d1529f 100644
+--- a/apps/dgst.c
++++ b/apps/dgst.c
+@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv)
+ goto end;
+ }
+ if (md == NULL)
+- md = EVP_md5();
++ md = EVP_sha256();
+ if (!EVP_DigestInit_ex(mctx, md, impl)) {
+ BIO_printf(bio_err, "Error setting digest %s\n", pname);
+ ERR_print_errors(bio_err);
+diff --git a/apps/enc.c b/apps/enc.c
+index 7b7c70b..a7d944c 100644
+--- a/apps/enc.c
++++ b/apps/enc.c
+@@ -344,7 +344,7 @@ int MAIN(int argc, char **argv)
+ }
+
+ if (dgst == NULL) {
+- dgst = EVP_md5();
++ dgst = EVP_sha256();
+ }
+
+ if (bufsize != NULL) {
+--
+1.9.1
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch
new file mode 100644
index 000000000..f357b3f59
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch
@@ -0,0 +1,25 @@
+Add musl triplet support
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: openssl-1.0.2a/Configure
+===================================================================
+--- openssl-1.0.2a.orig/Configure
++++ openssl-1.0.2a/Configure
+@@ -431,7 +431,7 @@ my %table=(
+ #
+ # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
+ #
+-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # Configure script adds minimally required -march for assembly support,
+ # if no -march was specified at command line. mips32 and mips64 below
+@@ -504,4 +504,6 @@ my %table=(
+ "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+ "linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch
new file mode 100644
index 000000000..1e0158972
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch
@@ -0,0 +1,35 @@
+Upstream-Status: Inappropriate [embedded specific]
+
+The number of colons are important :)
+
+
+---
+ Configure | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+Index: openssl-1.0.2a/Configure
+===================================================================
+--- openssl-1.0.2a.orig/Configure
++++ openssl-1.0.2a/Configure
+@@ -443,6 +443,21 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+
++
++# Linux on ARM
++"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
++"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
++
++#### Linux on MIPS/MIPS64
++"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
+ # Android: linux-* but without pointers to headers and libs.
+ "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch
new file mode 100644
index 000000000..3820e3e30
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch
@@ -0,0 +1,71 @@
+From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Wed, 21 Apr 2010 15:52:10 +0200
+Subject: [PATCH] also create old hash for compatibility
+
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.2n/tools/c_rehash.in
+===================================================================
+--- openssl-1.0.2n.orig/tools/c_rehash.in
++++ openssl-1.0.2n/tools/c_rehash.in
+@@ -8,8 +8,6 @@ my $prefix;
+
+ my $openssl = $ENV{OPENSSL} || "openssl";
+ my $pwd;
+-my $x509hash = "-subject_hash";
+-my $crlhash = "-hash";
+ my $verbose = 0;
+ my $symlink_exists=eval {symlink("",""); 1};
+ my $removelinks = 1;
+@@ -18,10 +16,7 @@ my $removelinks = 1;
+ while ( $ARGV[0] =~ /^-/ ) {
+ my $flag = shift @ARGV;
+ last if ( $flag eq '--');
+- if ( $flag eq '-old') {
+- $x509hash = "-subject_hash_old";
+- $crlhash = "-hash_old";
+- } elsif ( $flag eq '-h') {
++ if ( $flag eq '-h') {
+ help();
+ } elsif ( $flag eq '-n' ) {
+ $removelinks = 0;
+@@ -113,7 +108,9 @@ sub hash_dir {
+ next;
+ }
+ link_hash_cert($fname) if($cert);
++ link_hash_cert_old($fname) if($cert);
+ link_hash_crl($fname) if($crl);
++ link_hash_crl_old($fname) if($crl);
+ }
+ }
+
+@@ -146,6 +143,7 @@ sub check_file {
+
+ sub link_hash_cert {
+ my $fname = $_[0];
++ my $x509hash = $_[1] || '-subject_hash';
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
+ chomp $hash;
+@@ -177,10 +175,20 @@ sub link_hash_cert {
+ $hashlist{$hash} = $fprint;
+ }
+
++sub link_hash_cert_old {
++ link_hash_cert($_[0], '-subject_hash_old');
++}
++
++sub link_hash_crl_old {
++ link_hash_crl($_[0], '-hash_old');
++}
++
++
+ # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+
+ sub link_hash_crl {
+ my $fname = $_[0];
++ my $crlhash = $_[1] || "-hash";
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+ chomp $hash;
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
new file mode 100644
index 000000000..fb745e439
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
@@ -0,0 +1,22 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-0.9.8m/apps/CA.pl.in
+===================================================================
+--- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000
++++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000
+@@ -65,6 +65,7 @@
+ foreach (@ARGV) {
+ if ( /^(-\?|-h|-help)$/ ) {
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+ exit 0;
+ } elsif (/^-newcert$/) {
+ # create a certificate
+@@ -165,6 +166,7 @@
+ } else {
+ print STDERR "Unknown arg $_\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+ exit 1;
+ }
+ }
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch
new file mode 100644
index 000000000..35d92bedb
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch
@@ -0,0 +1,73 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.2n/Configure
+===================================================================
+--- openssl-1.0.2n.orig/Configure
++++ openssl-1.0.2n/Configure
+@@ -133,6 +133,10 @@ my $clang_devteam_warn = "-Wno-unused-pa
+ # Warn that "make depend" should be run?
+ my $warn_make_depend = 0;
+
++# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
++my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
++$debian_cflags =~ s/\n/ /g;
++
+ my $strict_warnings = 0;
+
+ my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+@@ -369,6 +373,55 @@ my %table=(
+ "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+ "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
+
++# Debian GNU/* (various architectures)
++"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
++"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
++
+ ####
+ #### Variety of LINUX:-)
+ ####
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch
new file mode 100644
index 000000000..4085e3b1d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.org
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100
++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100
+@@ -131,7 +131,7 @@
+
+ MAKEFILE= Makefile
+
+-MANDIR=$(OPENSSLDIR)/man
++MANDIR=/usr/share/man
+ MAN1=1
+ MAN3=3
+ MANSUFFIX=
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch
new file mode 100644
index 000000000..21c1d1a4e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch
@@ -0,0 +1,34 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.org
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100
++++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100
+@@ -160,7 +160,8 @@
+ MANDIR=/usr/share/man
+ MAN1=1
+ MAN3=3
+-MANSUFFIX=
++MANSUFFIX=ssl
++MANSECTION=SSL
+ HTMLSUFFIX=html
+ HTMLDIR=$(OPENSSLDIR)/html
+ SHELL=/bin/sh
+@@ -651,7 +652,7 @@
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+- --section=$$sec --center=OpenSSL \
++ --section=$${sec}$(MANSECTION) --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
+@@ -668,7 +669,7 @@
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+- --section=$$sec --center=OpenSSL \
++ --section=$${sec}$(MANSECTION) --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch
new file mode 100644
index 000000000..1ccb3b86e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.shared
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200
++++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
+@@ -153,7 +153,7 @@
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+
+ #This is rather special. It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch
new file mode 100644
index 000000000..cc4408ab7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.0c/Makefile.shared
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
++++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100
+@@ -151,7 +151,7 @@
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
++ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+ DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch
new file mode 100644
index 000000000..bfda3888b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch
@@ -0,0 +1,177 @@
+Upstream-Status: Backport [debian]
+
+Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200
++++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200
+@@ -16,6 +16,11 @@
+
+ &push("edi");
+
++ &call (&label("pic_point0"));
++ &set_label("pic_point0");
++ &blindpop("ebp");
++ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++
+ &comment("");
+ &comment("Load the data words");
+ &mov($L,&DWP(0,"ebx","",0));
+@@ -47,15 +52,21 @@
+ &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+ &mov(&swtmp(1), "eax");
+ &mov(&swtmp(0), "ebx");
+- &call("DES_encrypt2");
++ &exch("ebx", "ebp");
++ &call("DES_encrypt2\@PLT");
++ &exch("ebx", "ebp");
+ &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
+ &mov(&swtmp(1), "edi");
+ &mov(&swtmp(0), "ebx");
+- &call("DES_encrypt2");
++ &exch("ebx", "ebp");
++ &call("DES_encrypt2\@PLT");
++ &exch("ebx", "ebp");
+ &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+ &mov(&swtmp(1), "esi");
+ &mov(&swtmp(0), "ebx");
+- &call("DES_encrypt2");
++ &exch("ebx", "ebp");
++ &call("DES_encrypt2\@PLT");
++ &exch("ebx", "ebp");
+
+ &stack_pop(3);
+ &mov($L,&DWP(0,"ebx","",0));
+Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200
++++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200
+@@ -122,7 +122,11 @@
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($enc_func);
++ &call (&label("pic_point0"));
++ &set_label("pic_point0");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++ &call("$enc_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0));
+ &mov("ebx", &DWP($data_off+4,"esp","",0));
+@@ -185,7 +189,11 @@
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($enc_func);
++ &call (&label("pic_point1"));
++ &set_label("pic_point1");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
++ &call("$enc_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0));
+ &mov("ebx", &DWP($data_off+4,"esp","",0));
+@@ -218,7 +226,11 @@
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put back
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($dec_func);
++ &call (&label("pic_point2"));
++ &set_label("pic_point2");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
++ &call("$dec_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0)); # get return
+ &mov("ebx", &DWP($data_off+4,"esp","",0)); #
+@@ -261,7 +273,11 @@
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put back
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($dec_func);
++ &call (&label("pic_point3"));
++ &set_label("pic_point3");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
++ &call("$dec_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0)); # get return
+ &mov("ebx", &DWP($data_off+4,"esp","",0)); #
+Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100
++++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200
+@@ -161,6 +161,7 @@
+ if ($::macosx) { push (@out,"$tmp,2\n"); }
+ elsif ($::elf) { push (@out,"$tmp,4\n"); }
+ else { push (@out,"$tmp\n"); }
++ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
+ }
+ push(@out,$initseg) if ($initseg);
+ }
+@@ -218,8 +219,23 @@
+ elsif ($::elf)
+ { $initseg.=<<___;
+ .section .init
++___
++ if ($::pic)
++ { $initseg.=<<___;
++ pushl %ebx
++ call .pic_point0
++.pic_point0:
++ popl %ebx
++ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
++ call $f\@PLT
++ popl %ebx
++___
++ }
++ else
++ { $initseg.=<<___;
+ call $f
+ ___
++ }
+ }
+ elsif ($::coff)
+ { $initseg.=<<___; # applies to both Cygwin and Mingw
+Index: openssl-1.0.1c/crypto/x86cpuid.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100
++++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200
+@@ -8,6 +8,8 @@
+
+ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
++push(@out, ".hidden OPENSSL_ia32cap_P\n");
++
+ &function_begin("OPENSSL_ia32_cpuid");
+ &xor ("edx","edx");
+ &pushf ();
+@@ -139,9 +141,7 @@
+ &set_label("nocpuid");
+ &function_end("OPENSSL_ia32_cpuid");
+
+-&external_label("OPENSSL_ia32cap_P");
+-
+-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_rdtsc");
+ &xor ("eax","eax");
+ &xor ("edx","edx");
+ &picmeup("ecx","OPENSSL_ia32cap_P");
+@@ -155,7 +155,7 @@
+ # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
+ # but it's safe to call it on any [supported] 32-bit platform...
+ # Just check for [non-]zero return value...
+-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_instrument_halt");
+ &picmeup("ecx","OPENSSL_ia32cap_P");
+ &bt (&DWP(0,"ecx"),4);
+ &jnc (&label("nohalt")); # no TSC
+@@ -222,7 +222,7 @@
+ &ret ();
+ &function_end_B("OPENSSL_far_spin");
+
+-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_wipe_cpu");
+ &xor ("eax","eax");
+ &xor ("edx","edx");
+ &picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch
new file mode 100644
index 000000000..c43bcd1c7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch
@@ -0,0 +1,29 @@
+From: Raphael Geissert <geissert@debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-11-05
+
+Upstream-Status: Backport [debian]
+
+
+Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100
++++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100
+@@ -964,10 +964,11 @@
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+ {
+ x = sk_X509_value(ctx->chain, i);
+- /* Mark DigiNotar certificates as revoked, no matter
+- * where in the chain they are.
++ /* Mark certificates containing the following names as
++ * revoked, no matter where in the chain they are.
+ */
+- if (x->name && strstr(x->name, "DigiNotar"))
++ if (x->name && (strstr(x->name, "DigiNotar") ||
++ strstr(x->name, "Digicert Sdn. Bhd.")))
+ {
+ ctx->error = X509_V_ERR_CERT_REVOKED;
+ ctx->error_depth = i;
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch
new file mode 100644
index 000000000..d81e22cd8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch
@@ -0,0 +1,68 @@
+From: Raphael Geissert <geissert@debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "DigiNotar" is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-09-08
+Bug: http://bugs.debian.org/639744
+Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
+Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
+
+This is not meant as final patch.
+
+Upstream-Status: Backport [debian]
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
++++ openssl-1.0.2g/crypto/x509/x509_vfy.c
+@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
+ static int check_revocation(X509_STORE_CTX *ctx);
+ static int check_cert(X509_STORE_CTX *ctx);
+ static int check_policy(X509_STORE_CTX *ctx);
++static int check_ca_blacklist(X509_STORE_CTX *ctx);
+
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+ unsigned int *preasons, X509_CRL *crl, X509 *x);
+@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+ if (!ok)
+ goto err;
+
++ ok = check_ca_blacklist(ctx);
++ if(!ok) goto err;
++
+ #ifndef OPENSSL_NO_RFC3779
+ /* RFC 3779 path validation, now that CRL check has been done */
+ ok = v3_asid_validate_path(ctx);
+@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
+ return 1;
+ }
+
++static int check_ca_blacklist(X509_STORE_CTX *ctx)
++ {
++ X509 *x;
++ int i;
++ /* Check all certificates against the blacklist */
++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
++ {
++ x = sk_X509_value(ctx->chain, i);
++ /* Mark DigiNotar certificates as revoked, no matter
++ * where in the chain they are.
++ */
++ if (x->name && strstr(x->name, "DigiNotar"))
++ {
++ ctx->error = X509_V_ERR_CERT_REVOKED;
++ ctx->error_depth = i;
++ ctx->current_cert = x;
++ if (!ctx->verify_cb(0,ctx))
++ return 0;
++ }
++ }
++ return 1;
++ }
++
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+ X509 **pissuer, int *pscore, unsigned int *preasons,
+ STACK_OF(X509_CRL) *crls)
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch
new file mode 100644
index 000000000..09dd9eaf8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Inappropriate
+
+Index: openssl-1.0.2d/crypto/opensslv.h
+===================================================================
+--- openssl-1.0.2d.orig/crypto/opensslv.h
++++ openssl-1.0.2d/crypto/opensslv.h
+@@ -88,7 +88,7 @@ extern "C" {
+ * should only keep the versions that are binary compatible with the current.
+ */
+ # define SHLIB_VERSION_HISTORY ""
+-# define SHLIB_VERSION_NUMBER "1.0.0"
++# define SHLIB_VERSION_NUMBER "1.0.2"
+
+
+ #ifdef __cplusplus
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch
new file mode 100644
index 000000000..e404ee331
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch
@@ -0,0 +1,4658 @@
+Upstream-Status: Inappropriate
+
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
+===================================================================
+--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100
+@@ -1651,6 +1651,8 @@
+ }
+ }
+
++$shared_ldflag .= " -Wl,--version-script=openssl.ld";
++
+ open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+ unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+ open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
+@@ -0,0 +1,4608 @@
++OPENSSL_1.0.2d {
++ global:
++ BIO_f_ssl;
++ BIO_new_buffer_ssl_connect;
++ BIO_new_ssl;
++ BIO_new_ssl_connect;
++ BIO_proxy_ssl_copy_session_id;
++ BIO_ssl_copy_session_id;
++ BIO_ssl_shutdown;
++ d2i_SSL_SESSION;
++ DTLSv1_client_method;
++ DTLSv1_method;
++ DTLSv1_server_method;
++ ERR_load_SSL_strings;
++ i2d_SSL_SESSION;
++ kssl_build_principal_2;
++ kssl_cget_tkt;
++ kssl_check_authent;
++ kssl_ctx_free;
++ kssl_ctx_new;
++ kssl_ctx_setkey;
++ kssl_ctx_setprinc;
++ kssl_ctx_setstring;
++ kssl_ctx_show;
++ kssl_err_set;
++ kssl_krb5_free_data_contents;
++ kssl_sget_tkt;
++ kssl_skip_confound;
++ kssl_validate_times;
++ PEM_read_bio_SSL_SESSION;
++ PEM_read_SSL_SESSION;
++ PEM_write_bio_SSL_SESSION;
++ PEM_write_SSL_SESSION;
++ SSL_accept;
++ SSL_add_client_CA;
++ SSL_add_dir_cert_subjects_to_stack;
++ SSL_add_dir_cert_subjs_to_stk;
++ SSL_add_file_cert_subjects_to_stack;
++ SSL_add_file_cert_subjs_to_stk;
++ SSL_alert_desc_string;
++ SSL_alert_desc_string_long;
++ SSL_alert_type_string;
++ SSL_alert_type_string_long;
++ SSL_callback_ctrl;
++ SSL_check_private_key;
++ SSL_CIPHER_description;
++ SSL_CIPHER_get_bits;
++ SSL_CIPHER_get_name;
++ SSL_CIPHER_get_version;
++ SSL_clear;
++ SSL_COMP_add_compression_method;
++ SSL_COMP_get_compression_methods;
++ SSL_COMP_get_compress_methods;
++ SSL_COMP_get_name;
++ SSL_connect;
++ SSL_copy_session_id;
++ SSL_ctrl;
++ SSL_CTX_add_client_CA;
++ SSL_CTX_add_session;
++ SSL_CTX_callback_ctrl;
++ SSL_CTX_check_private_key;
++ SSL_CTX_ctrl;
++ SSL_CTX_flush_sessions;
++ SSL_CTX_free;
++ SSL_CTX_get_cert_store;
++ SSL_CTX_get_client_CA_list;
++ SSL_CTX_get_client_cert_cb;
++ SSL_CTX_get_ex_data;
++ SSL_CTX_get_ex_new_index;
++ SSL_CTX_get_info_callback;
++ SSL_CTX_get_quiet_shutdown;
++ SSL_CTX_get_timeout;
++ SSL_CTX_get_verify_callback;
++ SSL_CTX_get_verify_depth;
++ SSL_CTX_get_verify_mode;
++ SSL_CTX_load_verify_locations;
++ SSL_CTX_new;
++ SSL_CTX_remove_session;
++ SSL_CTX_sess_get_get_cb;
++ SSL_CTX_sess_get_new_cb;
++ SSL_CTX_sess_get_remove_cb;
++ SSL_CTX_sessions;
++ SSL_CTX_sess_set_get_cb;
++ SSL_CTX_sess_set_new_cb;
++ SSL_CTX_sess_set_remove_cb;
++ SSL_CTX_set1_param;
++ SSL_CTX_set_cert_store;
++ SSL_CTX_set_cert_verify_callback;
++ SSL_CTX_set_cert_verify_cb;
++ SSL_CTX_set_cipher_list;
++ SSL_CTX_set_client_CA_list;
++ SSL_CTX_set_client_cert_cb;
++ SSL_CTX_set_client_cert_engine;
++ SSL_CTX_set_cookie_generate_cb;
++ SSL_CTX_set_cookie_verify_cb;
++ SSL_CTX_set_default_passwd_cb;
++ SSL_CTX_set_default_passwd_cb_userdata;
++ SSL_CTX_set_default_verify_paths;
++ SSL_CTX_set_def_passwd_cb_ud;
++ SSL_CTX_set_def_verify_paths;
++ SSL_CTX_set_ex_data;
++ SSL_CTX_set_generate_session_id;
++ SSL_CTX_set_info_callback;
++ SSL_CTX_set_msg_callback;
++ SSL_CTX_set_psk_client_callback;
++ SSL_CTX_set_psk_server_callback;
++ SSL_CTX_set_purpose;
++ SSL_CTX_set_quiet_shutdown;
++ SSL_CTX_set_session_id_context;
++ SSL_CTX_set_ssl_version;
++ SSL_CTX_set_timeout;
++ SSL_CTX_set_tmp_dh_callback;
++ SSL_CTX_set_tmp_ecdh_callback;
++ SSL_CTX_set_tmp_rsa_callback;
++ SSL_CTX_set_trust;
++ SSL_CTX_set_verify;
++ SSL_CTX_set_verify_depth;
++ SSL_CTX_use_cert_chain_file;
++ SSL_CTX_use_certificate;
++ SSL_CTX_use_certificate_ASN1;
++ SSL_CTX_use_certificate_chain_file;
++ SSL_CTX_use_certificate_file;
++ SSL_CTX_use_PrivateKey;
++ SSL_CTX_use_PrivateKey_ASN1;
++ SSL_CTX_use_PrivateKey_file;
++ SSL_CTX_use_psk_identity_hint;
++ SSL_CTX_use_RSAPrivateKey;
++ SSL_CTX_use_RSAPrivateKey_ASN1;
++ SSL_CTX_use_RSAPrivateKey_file;
++ SSL_do_handshake;
++ SSL_dup;
++ SSL_dup_CA_list;
++ SSLeay_add_ssl_algorithms;
++ SSL_free;
++ SSL_get1_session;
++ SSL_get_certificate;
++ SSL_get_cipher_list;
++ SSL_get_ciphers;
++ SSL_get_client_CA_list;
++ SSL_get_current_cipher;
++ SSL_get_current_compression;
++ SSL_get_current_expansion;
++ SSL_get_default_timeout;
++ SSL_get_error;
++ SSL_get_ex_data;
++ SSL_get_ex_data_X509_STORE_CTX_idx;
++ SSL_get_ex_d_X509_STORE_CTX_idx;
++ SSL_get_ex_new_index;
++ SSL_get_fd;
++ SSL_get_finished;
++ SSL_get_info_callback;
++ SSL_get_peer_cert_chain;
++ SSL_get_peer_certificate;
++ SSL_get_peer_finished;
++ SSL_get_privatekey;
++ SSL_get_psk_identity;
++ SSL_get_psk_identity_hint;
++ SSL_get_quiet_shutdown;
++ SSL_get_rbio;
++ SSL_get_read_ahead;
++ SSL_get_rfd;
++ SSL_get_servername;
++ SSL_get_servername_type;
++ SSL_get_session;
++ SSL_get_shared_ciphers;
++ SSL_get_shutdown;
++ SSL_get_SSL_CTX;
++ SSL_get_ssl_method;
++ SSL_get_verify_callback;
++ SSL_get_verify_depth;
++ SSL_get_verify_mode;
++ SSL_get_verify_result;
++ SSL_get_version;
++ SSL_get_wbio;
++ SSL_get_wfd;
++ SSL_has_matching_session_id;
++ SSL_library_init;
++ SSL_load_client_CA_file;
++ SSL_load_error_strings;
++ SSL_new;
++ SSL_peek;
++ SSL_pending;
++ SSL_read;
++ SSL_renegotiate;
++ SSL_renegotiate_pending;
++ SSL_rstate_string;
++ SSL_rstate_string_long;
++ SSL_SESSION_cmp;
++ SSL_SESSION_free;
++ SSL_SESSION_get_ex_data;
++ SSL_SESSION_get_ex_new_index;
++ SSL_SESSION_get_id;
++ SSL_SESSION_get_time;
++ SSL_SESSION_get_timeout;
++ SSL_SESSION_hash;
++ SSL_SESSION_new;
++ SSL_SESSION_print;
++ SSL_SESSION_print_fp;
++ SSL_SESSION_set_ex_data;
++ SSL_SESSION_set_time;
++ SSL_SESSION_set_timeout;
++ SSL_set1_param;
++ SSL_set_accept_state;
++ SSL_set_bio;
++ SSL_set_cipher_list;
++ SSL_set_client_CA_list;
++ SSL_set_connect_state;
++ SSL_set_ex_data;
++ SSL_set_fd;
++ SSL_set_generate_session_id;
++ SSL_set_info_callback;
++ SSL_set_msg_callback;
++ SSL_set_psk_client_callback;
++ SSL_set_psk_server_callback;
++ SSL_set_purpose;
++ SSL_set_quiet_shutdown;
++ SSL_set_read_ahead;
++ SSL_set_rfd;
++ SSL_set_session;
++ SSL_set_session_id_context;
++ SSL_set_session_secret_cb;
++ SSL_set_session_ticket_ext;
++ SSL_set_session_ticket_ext_cb;
++ SSL_set_shutdown;
++ SSL_set_SSL_CTX;
++ SSL_set_ssl_method;
++ SSL_set_tmp_dh_callback;
++ SSL_set_tmp_ecdh_callback;
++ SSL_set_tmp_rsa_callback;
++ SSL_set_trust;
++ SSL_set_verify;
++ SSL_set_verify_depth;
++ SSL_set_verify_result;
++ SSL_set_wfd;
++ SSL_shutdown;
++ SSL_state;
++ SSL_state_string;
++ SSL_state_string_long;
++ SSL_use_certificate;
++ SSL_use_certificate_ASN1;
++ SSL_use_certificate_file;
++ SSL_use_PrivateKey;
++ SSL_use_PrivateKey_ASN1;
++ SSL_use_PrivateKey_file;
++ SSL_use_psk_identity_hint;
++ SSL_use_RSAPrivateKey;
++ SSL_use_RSAPrivateKey_ASN1;
++ SSL_use_RSAPrivateKey_file;
++ SSLv23_client_method;
++ SSLv23_method;
++ SSLv23_server_method;
++ SSLv2_client_method;
++ SSLv2_method;
++ SSLv2_server_method;
++ SSLv3_client_method;
++ SSLv3_method;
++ SSLv3_server_method;
++ SSL_version;
++ SSL_want;
++ SSL_write;
++ TLSv1_client_method;
++ TLSv1_method;
++ TLSv1_server_method;
++
++
++ SSLeay;
++ SSLeay_version;
++ ASN1_BIT_STRING_asn1_meth;
++ ASN1_HEADER_free;
++ ASN1_HEADER_new;
++ ASN1_IA5STRING_asn1_meth;
++ ASN1_INTEGER_get;
++ ASN1_INTEGER_set;
++ ASN1_INTEGER_to_BN;
++ ASN1_OBJECT_create;
++ ASN1_OBJECT_free;
++ ASN1_OBJECT_new;
++ ASN1_PRINTABLE_type;
++ ASN1_STRING_cmp;
++ ASN1_STRING_dup;
++ ASN1_STRING_free;
++ ASN1_STRING_new;
++ ASN1_STRING_print;
++ ASN1_STRING_set;
++ ASN1_STRING_type_new;
++ ASN1_TYPE_free;
++ ASN1_TYPE_new;
++ ASN1_UNIVERSALSTRING_to_string;
++ ASN1_UTCTIME_check;
++ ASN1_UTCTIME_print;
++ ASN1_UTCTIME_set;
++ ASN1_check_infinite_end;
++ ASN1_d2i_bio;
++ ASN1_d2i_fp;
++ ASN1_digest;
++ ASN1_dup;
++ ASN1_get_object;
++ ASN1_i2d_bio;
++ ASN1_i2d_fp;
++ ASN1_object_size;
++ ASN1_parse;
++ ASN1_put_object;
++ ASN1_sign;
++ ASN1_verify;
++ BF_cbc_encrypt;
++ BF_cfb64_encrypt;
++ BF_ecb_encrypt;
++ BF_encrypt;
++ BF_ofb64_encrypt;
++ BF_options;
++ BF_set_key;
++ BIO_CONNECT_free;
++ BIO_CONNECT_new;
++ BIO_accept;
++ BIO_ctrl;
++ BIO_int_ctrl;
++ BIO_debug_callback;
++ BIO_dump;
++ BIO_dup_chain;
++ BIO_f_base64;
++ BIO_f_buffer;
++ BIO_f_cipher;
++ BIO_f_md;
++ BIO_f_null;
++ BIO_f_proxy_server;
++ BIO_fd_non_fatal_error;
++ BIO_fd_should_retry;
++ BIO_find_type;
++ BIO_free;
++ BIO_free_all;
++ BIO_get_accept_socket;
++ BIO_get_filter_bio;
++ BIO_get_host_ip;
++ BIO_get_port;
++ BIO_get_retry_BIO;
++ BIO_get_retry_reason;
++ BIO_gethostbyname;
++ BIO_gets;
++ BIO_new;
++ BIO_new_accept;
++ BIO_new_connect;
++ BIO_new_fd;
++ BIO_new_file;
++ BIO_new_fp;
++ BIO_new_socket;
++ BIO_pop;
++ BIO_printf;
++ BIO_push;
++ BIO_puts;
++ BIO_read;
++ BIO_s_accept;
++ BIO_s_connect;
++ BIO_s_fd;
++ BIO_s_file;
++ BIO_s_mem;
++ BIO_s_null;
++ BIO_s_proxy_client;
++ BIO_s_socket;
++ BIO_set;
++ BIO_set_cipher;
++ BIO_set_tcp_ndelay;
++ BIO_sock_cleanup;
++ BIO_sock_error;
++ BIO_sock_init;
++ BIO_sock_non_fatal_error;
++ BIO_sock_should_retry;
++ BIO_socket_ioctl;
++ BIO_write;
++ BN_CTX_free;
++ BN_CTX_new;
++ BN_MONT_CTX_free;
++ BN_MONT_CTX_new;
++ BN_MONT_CTX_set;
++ BN_add;
++ BN_add_word;
++ BN_hex2bn;
++ BN_bin2bn;
++ BN_bn2hex;
++ BN_bn2bin;
++ BN_clear;
++ BN_clear_bit;
++ BN_clear_free;
++ BN_cmp;
++ BN_copy;
++ BN_div;
++ BN_div_word;
++ BN_dup;
++ BN_free;
++ BN_from_montgomery;
++ BN_gcd;
++ BN_generate_prime;
++ BN_get_word;
++ BN_is_bit_set;
++ BN_is_prime;
++ BN_lshift;
++ BN_lshift1;
++ BN_mask_bits;
++ BN_mod;
++ BN_mod_exp;
++ BN_mod_exp_mont;
++ BN_mod_exp_simple;
++ BN_mod_inverse;
++ BN_mod_mul;
++ BN_mod_mul_montgomery;
++ BN_mod_word;
++ BN_mul;
++ BN_new;
++ BN_num_bits;
++ BN_num_bits_word;
++ BN_options;
++ BN_print;
++ BN_print_fp;
++ BN_rand;
++ BN_reciprocal;
++ BN_rshift;
++ BN_rshift1;
++ BN_set_bit;
++ BN_set_word;
++ BN_sqr;
++ BN_sub;
++ BN_to_ASN1_INTEGER;
++ BN_ucmp;
++ BN_value_one;
++ BUF_MEM_free;
++ BUF_MEM_grow;
++ BUF_MEM_new;
++ BUF_strdup;
++ CONF_free;
++ CONF_get_number;
++ CONF_get_section;
++ CONF_get_string;
++ CONF_load;
++ CRYPTO_add_lock;
++ CRYPTO_dbg_free;
++ CRYPTO_dbg_malloc;
++ CRYPTO_dbg_realloc;
++ CRYPTO_dbg_remalloc;
++ CRYPTO_free;
++ CRYPTO_get_add_lock_callback;
++ CRYPTO_get_id_callback;
++ CRYPTO_get_lock_name;
++ CRYPTO_get_locking_callback;
++ CRYPTO_get_mem_functions;
++ CRYPTO_lock;
++ CRYPTO_malloc;
++ CRYPTO_mem_ctrl;
++ CRYPTO_mem_leaks;
++ CRYPTO_mem_leaks_cb;
++ CRYPTO_mem_leaks_fp;
++ CRYPTO_realloc;
++ CRYPTO_remalloc;
++ CRYPTO_set_add_lock_callback;
++ CRYPTO_set_id_callback;
++ CRYPTO_set_locking_callback;
++ CRYPTO_set_mem_functions;
++ CRYPTO_thread_id;
++ DH_check;
++ DH_compute_key;
++ DH_free;
++ DH_generate_key;
++ DH_generate_parameters;
++ DH_new;
++ DH_size;
++ DHparams_print;
++ DHparams_print_fp;
++ DSA_free;
++ DSA_generate_key;
++ DSA_generate_parameters;
++ DSA_is_prime;
++ DSA_new;
++ DSA_print;
++ DSA_print_fp;
++ DSA_sign;
++ DSA_sign_setup;
++ DSA_size;
++ DSA_verify;
++ DSAparams_print;
++ DSAparams_print_fp;
++ ERR_clear_error;
++ ERR_error_string;
++ ERR_free_strings;
++ ERR_func_error_string;
++ ERR_get_err_state_table;
++ ERR_get_error;
++ ERR_get_error_line;
++ ERR_get_state;
++ ERR_get_string_table;
++ ERR_lib_error_string;
++ ERR_load_ASN1_strings;
++ ERR_load_BIO_strings;
++ ERR_load_BN_strings;
++ ERR_load_BUF_strings;
++ ERR_load_CONF_strings;
++ ERR_load_DH_strings;
++ ERR_load_DSA_strings;
++ ERR_load_ERR_strings;
++ ERR_load_EVP_strings;
++ ERR_load_OBJ_strings;
++ ERR_load_PEM_strings;
++ ERR_load_PROXY_strings;
++ ERR_load_RSA_strings;
++ ERR_load_X509_strings;
++ ERR_load_crypto_strings;
++ ERR_load_strings;
++ ERR_peek_error;
++ ERR_peek_error_line;
++ ERR_print_errors;
++ ERR_print_errors_fp;
++ ERR_put_error;
++ ERR_reason_error_string;
++ ERR_remove_state;
++ EVP_BytesToKey;
++ EVP_CIPHER_CTX_cleanup;
++ EVP_CipherFinal;
++ EVP_CipherInit;
++ EVP_CipherUpdate;
++ EVP_DecodeBlock;
++ EVP_DecodeFinal;
++ EVP_DecodeInit;
++ EVP_DecodeUpdate;
++ EVP_DecryptFinal;
++ EVP_DecryptInit;
++ EVP_DecryptUpdate;
++ EVP_DigestFinal;
++ EVP_DigestInit;
++ EVP_DigestUpdate;
++ EVP_EncodeBlock;
++ EVP_EncodeFinal;
++ EVP_EncodeInit;
++ EVP_EncodeUpdate;
++ EVP_EncryptFinal;
++ EVP_EncryptInit;
++ EVP_EncryptUpdate;
++ EVP_OpenFinal;
++ EVP_OpenInit;
++ EVP_PKEY_assign;
++ EVP_PKEY_copy_parameters;
++ EVP_PKEY_free;
++ EVP_PKEY_missing_parameters;
++ EVP_PKEY_new;
++ EVP_PKEY_save_parameters;
++ EVP_PKEY_size;
++ EVP_PKEY_type;
++ EVP_SealFinal;
++ EVP_SealInit;
++ EVP_SignFinal;
++ EVP_VerifyFinal;
++ EVP_add_alias;
++ EVP_add_cipher;
++ EVP_add_digest;
++ EVP_bf_cbc;
++ EVP_bf_cfb64;
++ EVP_bf_ecb;
++ EVP_bf_ofb;
++ EVP_cleanup;
++ EVP_des_cbc;
++ EVP_des_cfb64;
++ EVP_des_ecb;
++ EVP_des_ede;
++ EVP_des_ede3;
++ EVP_des_ede3_cbc;
++ EVP_des_ede3_cfb64;
++ EVP_des_ede3_ofb;
++ EVP_des_ede_cbc;
++ EVP_des_ede_cfb64;
++ EVP_des_ede_ofb;
++ EVP_des_ofb;
++ EVP_desx_cbc;
++ EVP_dss;
++ EVP_dss1;
++ EVP_enc_null;
++ EVP_get_cipherbyname;
++ EVP_get_digestbyname;
++ EVP_get_pw_prompt;
++ EVP_idea_cbc;
++ EVP_idea_cfb64;
++ EVP_idea_ecb;
++ EVP_idea_ofb;
++ EVP_md2;
++ EVP_md5;
++ EVP_md_null;
++ EVP_rc2_cbc;
++ EVP_rc2_cfb64;
++ EVP_rc2_ecb;
++ EVP_rc2_ofb;
++ EVP_rc4;
++ EVP_read_pw_string;
++ EVP_set_pw_prompt;
++ EVP_sha;
++ EVP_sha1;
++ MD2;
++ MD2_Final;
++ MD2_Init;
++ MD2_Update;
++ MD2_options;
++ MD5;
++ MD5_Final;
++ MD5_Init;
++ MD5_Update;
++ MDC2;
++ MDC2_Final;
++ MDC2_Init;
++ MDC2_Update;
++ NETSCAPE_SPKAC_free;
++ NETSCAPE_SPKAC_new;
++ NETSCAPE_SPKI_free;
++ NETSCAPE_SPKI_new;
++ NETSCAPE_SPKI_sign;
++ NETSCAPE_SPKI_verify;
++ OBJ_add_object;
++ OBJ_bsearch;
++ OBJ_cleanup;
++ OBJ_cmp;
++ OBJ_create;
++ OBJ_dup;
++ OBJ_ln2nid;
++ OBJ_new_nid;
++ OBJ_nid2ln;
++ OBJ_nid2obj;
++ OBJ_nid2sn;
++ OBJ_obj2nid;
++ OBJ_sn2nid;
++ OBJ_txt2nid;
++ PEM_ASN1_read;
++ PEM_ASN1_read_bio;
++ PEM_ASN1_write;
++ PEM_ASN1_write_bio;
++ PEM_SealFinal;
++ PEM_SealInit;
++ PEM_SealUpdate;
++ PEM_SignFinal;
++ PEM_SignInit;
++ PEM_SignUpdate;
++ PEM_X509_INFO_read;
++ PEM_X509_INFO_read_bio;
++ PEM_X509_INFO_write_bio;
++ PEM_dek_info;
++ PEM_do_header;
++ PEM_get_EVP_CIPHER_INFO;
++ PEM_proc_type;
++ PEM_read;
++ PEM_read_DHparams;
++ PEM_read_DSAPrivateKey;
++ PEM_read_DSAparams;
++ PEM_read_PKCS7;
++ PEM_read_PrivateKey;
++ PEM_read_RSAPrivateKey;
++ PEM_read_X509;
++ PEM_read_X509_CRL;
++ PEM_read_X509_REQ;
++ PEM_read_bio;
++ PEM_read_bio_DHparams;
++ PEM_read_bio_DSAPrivateKey;
++ PEM_read_bio_DSAparams;
++ PEM_read_bio_PKCS7;
++ PEM_read_bio_PrivateKey;
++ PEM_read_bio_RSAPrivateKey;
++ PEM_read_bio_X509;
++ PEM_read_bio_X509_CRL;
++ PEM_read_bio_X509_REQ;
++ PEM_write;
++ PEM_write_DHparams;
++ PEM_write_DSAPrivateKey;
++ PEM_write_DSAparams;
++ PEM_write_PKCS7;
++ PEM_write_PrivateKey;
++ PEM_write_RSAPrivateKey;
++ PEM_write_X509;
++ PEM_write_X509_CRL;
++ PEM_write_X509_REQ;
++ PEM_write_bio;
++ PEM_write_bio_DHparams;
++ PEM_write_bio_DSAPrivateKey;
++ PEM_write_bio_DSAparams;
++ PEM_write_bio_PKCS7;
++ PEM_write_bio_PrivateKey;
++ PEM_write_bio_RSAPrivateKey;
++ PEM_write_bio_X509;
++ PEM_write_bio_X509_CRL;
++ PEM_write_bio_X509_REQ;
++ PKCS7_DIGEST_free;
++ PKCS7_DIGEST_new;
++ PKCS7_ENCRYPT_free;
++ PKCS7_ENCRYPT_new;
++ PKCS7_ENC_CONTENT_free;
++ PKCS7_ENC_CONTENT_new;
++ PKCS7_ENVELOPE_free;
++ PKCS7_ENVELOPE_new;
++ PKCS7_ISSUER_AND_SERIAL_digest;
++ PKCS7_ISSUER_AND_SERIAL_free;
++ PKCS7_ISSUER_AND_SERIAL_new;
++ PKCS7_RECIP_INFO_free;
++ PKCS7_RECIP_INFO_new;
++ PKCS7_SIGNED_free;
++ PKCS7_SIGNED_new;
++ PKCS7_SIGNER_INFO_free;
++ PKCS7_SIGNER_INFO_new;
++ PKCS7_SIGN_ENVELOPE_free;
++ PKCS7_SIGN_ENVELOPE_new;
++ PKCS7_dup;
++ PKCS7_free;
++ PKCS7_new;
++ PROXY_ENTRY_add_noproxy;
++ PROXY_ENTRY_clear_noproxy;
++ PROXY_ENTRY_free;
++ PROXY_ENTRY_get_noproxy;
++ PROXY_ENTRY_new;
++ PROXY_ENTRY_set_server;
++ PROXY_add_noproxy;
++ PROXY_add_server;
++ PROXY_check_by_host;
++ PROXY_check_url;
++ PROXY_clear_noproxy;
++ PROXY_free;
++ PROXY_get_noproxy;
++ PROXY_get_proxies;
++ PROXY_get_proxy_entry;
++ PROXY_load_conf;
++ PROXY_new;
++ PROXY_print;
++ RAND_bytes;
++ RAND_cleanup;
++ RAND_file_name;
++ RAND_load_file;
++ RAND_screen;
++ RAND_seed;
++ RAND_write_file;
++ RC2_cbc_encrypt;
++ RC2_cfb64_encrypt;
++ RC2_ecb_encrypt;
++ RC2_encrypt;
++ RC2_ofb64_encrypt;
++ RC2_set_key;
++ RC4;
++ RC4_options;
++ RC4_set_key;
++ RSAPrivateKey_asn1_meth;
++ RSAPrivateKey_dup;
++ RSAPublicKey_dup;
++ RSA_PKCS1_SSLeay;
++ RSA_free;
++ RSA_generate_key;
++ RSA_new;
++ RSA_new_method;
++ RSA_print;
++ RSA_print_fp;
++ RSA_private_decrypt;
++ RSA_private_encrypt;
++ RSA_public_decrypt;
++ RSA_public_encrypt;
++ RSA_set_default_method;
++ RSA_sign;
++ RSA_sign_ASN1_OCTET_STRING;
++ RSA_size;
++ RSA_verify;
++ RSA_verify_ASN1_OCTET_STRING;
++ SHA;
++ SHA1;
++ SHA1_Final;
++ SHA1_Init;
++ SHA1_Update;
++ SHA_Final;
++ SHA_Init;
++ SHA_Update;
++ OpenSSL_add_all_algorithms;
++ OpenSSL_add_all_ciphers;
++ OpenSSL_add_all_digests;
++ TXT_DB_create_index;
++ TXT_DB_free;
++ TXT_DB_get_by_index;
++ TXT_DB_insert;
++ TXT_DB_read;
++ TXT_DB_write;
++ X509_ALGOR_free;
++ X509_ALGOR_new;
++ X509_ATTRIBUTE_free;
++ X509_ATTRIBUTE_new;
++ X509_CINF_free;
++ X509_CINF_new;
++ X509_CRL_INFO_free;
++ X509_CRL_INFO_new;
++ X509_CRL_add_ext;
++ X509_CRL_cmp;
++ X509_CRL_delete_ext;
++ X509_CRL_dup;
++ X509_CRL_free;
++ X509_CRL_get_ext;
++ X509_CRL_get_ext_by_NID;
++ X509_CRL_get_ext_by_OBJ;
++ X509_CRL_get_ext_by_critical;
++ X509_CRL_get_ext_count;
++ X509_CRL_new;
++ X509_CRL_sign;
++ X509_CRL_verify;
++ X509_EXTENSION_create_by_NID;
++ X509_EXTENSION_create_by_OBJ;
++ X509_EXTENSION_dup;
++ X509_EXTENSION_free;
++ X509_EXTENSION_get_critical;
++ X509_EXTENSION_get_data;
++ X509_EXTENSION_get_object;
++ X509_EXTENSION_new;
++ X509_EXTENSION_set_critical;
++ X509_EXTENSION_set_data;
++ X509_EXTENSION_set_object;
++ X509_INFO_free;
++ X509_INFO_new;
++ X509_LOOKUP_by_alias;
++ X509_LOOKUP_by_fingerprint;
++ X509_LOOKUP_by_issuer_serial;
++ X509_LOOKUP_by_subject;
++ X509_LOOKUP_ctrl;
++ X509_LOOKUP_file;
++ X509_LOOKUP_free;
++ X509_LOOKUP_hash_dir;
++ X509_LOOKUP_init;
++ X509_LOOKUP_new;
++ X509_LOOKUP_shutdown;
++ X509_NAME_ENTRY_create_by_NID;
++ X509_NAME_ENTRY_create_by_OBJ;
++ X509_NAME_ENTRY_dup;
++ X509_NAME_ENTRY_free;
++ X509_NAME_ENTRY_get_data;
++ X509_NAME_ENTRY_get_object;
++ X509_NAME_ENTRY_new;
++ X509_NAME_ENTRY_set_data;
++ X509_NAME_ENTRY_set_object;
++ X509_NAME_add_entry;
++ X509_NAME_cmp;
++ X509_NAME_delete_entry;
++ X509_NAME_digest;
++ X509_NAME_dup;
++ X509_NAME_entry_count;
++ X509_NAME_free;
++ X509_NAME_get_entry;
++ X509_NAME_get_index_by_NID;
++ X509_NAME_get_index_by_OBJ;
++ X509_NAME_get_text_by_NID;
++ X509_NAME_get_text_by_OBJ;
++ X509_NAME_hash;
++ X509_NAME_new;
++ X509_NAME_oneline;
++ X509_NAME_print;
++ X509_NAME_set;
++ X509_OBJECT_free_contents;
++ X509_OBJECT_retrieve_by_subject;
++ X509_OBJECT_up_ref_count;
++ X509_PKEY_free;
++ X509_PKEY_new;
++ X509_PUBKEY_free;
++ X509_PUBKEY_get;
++ X509_PUBKEY_new;
++ X509_PUBKEY_set;
++ X509_REQ_INFO_free;
++ X509_REQ_INFO_new;
++ X509_REQ_dup;
++ X509_REQ_free;
++ X509_REQ_get_pubkey;
++ X509_REQ_new;
++ X509_REQ_print;
++ X509_REQ_print_fp;
++ X509_REQ_set_pubkey;
++ X509_REQ_set_subject_name;
++ X509_REQ_set_version;
++ X509_REQ_sign;
++ X509_REQ_to_X509;
++ X509_REQ_verify;
++ X509_REVOKED_add_ext;
++ X509_REVOKED_delete_ext;
++ X509_REVOKED_free;
++ X509_REVOKED_get_ext;
++ X509_REVOKED_get_ext_by_NID;
++ X509_REVOKED_get_ext_by_OBJ;
++ X509_REVOKED_get_ext_by_critical;
++ X509_REVOKED_get_ext_by_critic;
++ X509_REVOKED_get_ext_count;
++ X509_REVOKED_new;
++ X509_SIG_free;
++ X509_SIG_new;
++ X509_STORE_CTX_cleanup;
++ X509_STORE_CTX_init;
++ X509_STORE_add_cert;
++ X509_STORE_add_lookup;
++ X509_STORE_free;
++ X509_STORE_get_by_subject;
++ X509_STORE_load_locations;
++ X509_STORE_new;
++ X509_STORE_set_default_paths;
++ X509_VAL_free;
++ X509_VAL_new;
++ X509_add_ext;
++ X509_asn1_meth;
++ X509_certificate_type;
++ X509_check_private_key;
++ X509_cmp_current_time;
++ X509_delete_ext;
++ X509_digest;
++ X509_dup;
++ X509_free;
++ X509_get_default_cert_area;
++ X509_get_default_cert_dir;
++ X509_get_default_cert_dir_env;
++ X509_get_default_cert_file;
++ X509_get_default_cert_file_env;
++ X509_get_default_private_dir;
++ X509_get_ext;
++ X509_get_ext_by_NID;
++ X509_get_ext_by_OBJ;
++ X509_get_ext_by_critical;
++ X509_get_ext_count;
++ X509_get_issuer_name;
++ X509_get_pubkey;
++ X509_get_pubkey_parameters;
++ X509_get_serialNumber;
++ X509_get_subject_name;
++ X509_gmtime_adj;
++ X509_issuer_and_serial_cmp;
++ X509_issuer_and_serial_hash;
++ X509_issuer_name_cmp;
++ X509_issuer_name_hash;
++ X509_load_cert_file;
++ X509_new;
++ X509_print;
++ X509_print_fp;
++ X509_set_issuer_name;
++ X509_set_notAfter;
++ X509_set_notBefore;
++ X509_set_pubkey;
++ X509_set_serialNumber;
++ X509_set_subject_name;
++ X509_set_version;
++ X509_sign;
++ X509_subject_name_cmp;
++ X509_subject_name_hash;
++ X509_to_X509_REQ;
++ X509_verify;
++ X509_verify_cert;
++ X509_verify_cert_error_string;
++ X509v3_add_ext;
++ X509v3_add_extension;
++ X509v3_add_netscape_extensions;
++ X509v3_add_standard_extensions;
++ X509v3_cleanup_extensions;
++ X509v3_data_type_by_NID;
++ X509v3_data_type_by_OBJ;
++ X509v3_delete_ext;
++ X509v3_get_ext;
++ X509v3_get_ext_by_NID;
++ X509v3_get_ext_by_OBJ;
++ X509v3_get_ext_by_critical;
++ X509v3_get_ext_count;
++ X509v3_pack_string;
++ X509v3_pack_type_by_NID;
++ X509v3_pack_type_by_OBJ;
++ X509v3_unpack_string;
++ _des_crypt;
++ a2d_ASN1_OBJECT;
++ a2i_ASN1_INTEGER;
++ a2i_ASN1_STRING;
++ asn1_Finish;
++ asn1_GetSequence;
++ bn_div_words;
++ bn_expand2;
++ bn_mul_add_words;
++ bn_mul_words;
++ BN_uadd;
++ BN_usub;
++ bn_sqr_words;
++ _ossl_old_crypt;
++ d2i_ASN1_BIT_STRING;
++ d2i_ASN1_BOOLEAN;
++ d2i_ASN1_HEADER;
++ d2i_ASN1_IA5STRING;
++ d2i_ASN1_INTEGER;
++ d2i_ASN1_OBJECT;
++ d2i_ASN1_OCTET_STRING;
++ d2i_ASN1_PRINTABLE;
++ d2i_ASN1_PRINTABLESTRING;
++ d2i_ASN1_SET;
++ d2i_ASN1_T61STRING;
++ d2i_ASN1_TYPE;
++ d2i_ASN1_UTCTIME;
++ d2i_ASN1_bytes;
++ d2i_ASN1_type_bytes;
++ d2i_DHparams;
++ d2i_DSAPrivateKey;
++ d2i_DSAPrivateKey_bio;
++ d2i_DSAPrivateKey_fp;
++ d2i_DSAPublicKey;
++ d2i_DSAparams;
++ d2i_NETSCAPE_SPKAC;
++ d2i_NETSCAPE_SPKI;
++ d2i_Netscape_RSA;
++ d2i_PKCS7;
++ d2i_PKCS7_DIGEST;
++ d2i_PKCS7_ENCRYPT;
++ d2i_PKCS7_ENC_CONTENT;
++ d2i_PKCS7_ENVELOPE;
++ d2i_PKCS7_ISSUER_AND_SERIAL;
++ d2i_PKCS7_RECIP_INFO;
++ d2i_PKCS7_SIGNED;
++ d2i_PKCS7_SIGNER_INFO;
++ d2i_PKCS7_SIGN_ENVELOPE;
++ d2i_PKCS7_bio;
++ d2i_PKCS7_fp;
++ d2i_PrivateKey;
++ d2i_PublicKey;
++ d2i_RSAPrivateKey;
++ d2i_RSAPrivateKey_bio;
++ d2i_RSAPrivateKey_fp;
++ d2i_RSAPublicKey;
++ d2i_X509;
++ d2i_X509_ALGOR;
++ d2i_X509_ATTRIBUTE;
++ d2i_X509_CINF;
++ d2i_X509_CRL;
++ d2i_X509_CRL_INFO;
++ d2i_X509_CRL_bio;
++ d2i_X509_CRL_fp;
++ d2i_X509_EXTENSION;
++ d2i_X509_NAME;
++ d2i_X509_NAME_ENTRY;
++ d2i_X509_PKEY;
++ d2i_X509_PUBKEY;
++ d2i_X509_REQ;
++ d2i_X509_REQ_INFO;
++ d2i_X509_REQ_bio;
++ d2i_X509_REQ_fp;
++ d2i_X509_REVOKED;
++ d2i_X509_SIG;
++ d2i_X509_VAL;
++ d2i_X509_bio;
++ d2i_X509_fp;
++ DES_cbc_cksum;
++ DES_cbc_encrypt;
++ DES_cblock_print_file;
++ DES_cfb64_encrypt;
++ DES_cfb_encrypt;
++ DES_decrypt3;
++ DES_ecb3_encrypt;
++ DES_ecb_encrypt;
++ DES_ede3_cbc_encrypt;
++ DES_ede3_cfb64_encrypt;
++ DES_ede3_ofb64_encrypt;
++ DES_enc_read;
++ DES_enc_write;
++ DES_encrypt1;
++ DES_encrypt2;
++ DES_encrypt3;
++ DES_fcrypt;
++ DES_is_weak_key;
++ DES_key_sched;
++ DES_ncbc_encrypt;
++ DES_ofb64_encrypt;
++ DES_ofb_encrypt;
++ DES_options;
++ DES_pcbc_encrypt;
++ DES_quad_cksum;
++ DES_random_key;
++ _ossl_old_des_random_seed;
++ _ossl_old_des_read_2passwords;
++ _ossl_old_des_read_password;
++ _ossl_old_des_read_pw;
++ _ossl_old_des_read_pw_string;
++ DES_set_key;
++ DES_set_odd_parity;
++ DES_string_to_2keys;
++ DES_string_to_key;
++ DES_xcbc_encrypt;
++ DES_xwhite_in2out;
++ fcrypt_body;
++ i2a_ASN1_INTEGER;
++ i2a_ASN1_OBJECT;
++ i2a_ASN1_STRING;
++ i2d_ASN1_BIT_STRING;
++ i2d_ASN1_BOOLEAN;
++ i2d_ASN1_HEADER;
++ i2d_ASN1_IA5STRING;
++ i2d_ASN1_INTEGER;
++ i2d_ASN1_OBJECT;
++ i2d_ASN1_OCTET_STRING;
++ i2d_ASN1_PRINTABLE;
++ i2d_ASN1_SET;
++ i2d_ASN1_TYPE;
++ i2d_ASN1_UTCTIME;
++ i2d_ASN1_bytes;
++ i2d_DHparams;
++ i2d_DSAPrivateKey;
++ i2d_DSAPrivateKey_bio;
++ i2d_DSAPrivateKey_fp;
++ i2d_DSAPublicKey;
++ i2d_DSAparams;
++ i2d_NETSCAPE_SPKAC;
++ i2d_NETSCAPE_SPKI;
++ i2d_Netscape_RSA;
++ i2d_PKCS7;
++ i2d_PKCS7_DIGEST;
++ i2d_PKCS7_ENCRYPT;
++ i2d_PKCS7_ENC_CONTENT;
++ i2d_PKCS7_ENVELOPE;
++ i2d_PKCS7_ISSUER_AND_SERIAL;
++ i2d_PKCS7_RECIP_INFO;
++ i2d_PKCS7_SIGNED;
++ i2d_PKCS7_SIGNER_INFO;
++ i2d_PKCS7_SIGN_ENVELOPE;
++ i2d_PKCS7_bio;
++ i2d_PKCS7_fp;
++ i2d_PrivateKey;
++ i2d_PublicKey;
++ i2d_RSAPrivateKey;
++ i2d_RSAPrivateKey_bio;
++ i2d_RSAPrivateKey_fp;
++ i2d_RSAPublicKey;
++ i2d_X509;
++ i2d_X509_ALGOR;
++ i2d_X509_ATTRIBUTE;
++ i2d_X509_CINF;
++ i2d_X509_CRL;
++ i2d_X509_CRL_INFO;
++ i2d_X509_CRL_bio;
++ i2d_X509_CRL_fp;
++ i2d_X509_EXTENSION;
++ i2d_X509_NAME;
++ i2d_X509_NAME_ENTRY;
++ i2d_X509_PKEY;
++ i2d_X509_PUBKEY;
++ i2d_X509_REQ;
++ i2d_X509_REQ_INFO;
++ i2d_X509_REQ_bio;
++ i2d_X509_REQ_fp;
++ i2d_X509_REVOKED;
++ i2d_X509_SIG;
++ i2d_X509_VAL;
++ i2d_X509_bio;
++ i2d_X509_fp;
++ idea_cbc_encrypt;
++ idea_cfb64_encrypt;
++ idea_ecb_encrypt;
++ idea_encrypt;
++ idea_ofb64_encrypt;
++ idea_options;
++ idea_set_decrypt_key;
++ idea_set_encrypt_key;
++ lh_delete;
++ lh_doall;
++ lh_doall_arg;
++ lh_free;
++ lh_insert;
++ lh_new;
++ lh_node_stats;
++ lh_node_stats_bio;
++ lh_node_usage_stats;
++ lh_node_usage_stats_bio;
++ lh_retrieve;
++ lh_stats;
++ lh_stats_bio;
++ lh_strhash;
++ sk_delete;
++ sk_delete_ptr;
++ sk_dup;
++ sk_find;
++ sk_free;
++ sk_insert;
++ sk_new;
++ sk_pop;
++ sk_pop_free;
++ sk_push;
++ sk_set_cmp_func;
++ sk_shift;
++ sk_unshift;
++ sk_zero;
++ BIO_f_nbio_test;
++ ASN1_TYPE_get;
++ ASN1_TYPE_set;
++ PKCS7_content_free;
++ ERR_load_PKCS7_strings;
++ X509_find_by_issuer_and_serial;
++ X509_find_by_subject;
++ PKCS7_ctrl;
++ PKCS7_set_type;
++ PKCS7_set_content;
++ PKCS7_SIGNER_INFO_set;
++ PKCS7_add_signer;
++ PKCS7_add_certificate;
++ PKCS7_add_crl;
++ PKCS7_content_new;
++ PKCS7_dataSign;
++ PKCS7_dataVerify;
++ PKCS7_dataInit;
++ PKCS7_add_signature;
++ PKCS7_cert_from_signer_info;
++ PKCS7_get_signer_info;
++ EVP_delete_alias;
++ EVP_mdc2;
++ PEM_read_bio_RSAPublicKey;
++ PEM_write_bio_RSAPublicKey;
++ d2i_RSAPublicKey_bio;
++ i2d_RSAPublicKey_bio;
++ PEM_read_RSAPublicKey;
++ PEM_write_RSAPublicKey;
++ d2i_RSAPublicKey_fp;
++ i2d_RSAPublicKey_fp;
++ BIO_copy_next_retry;
++ RSA_flags;
++ X509_STORE_add_crl;
++ X509_load_crl_file;
++ EVP_rc2_40_cbc;
++ EVP_rc4_40;
++ EVP_CIPHER_CTX_init;
++ HMAC;
++ HMAC_Init;
++ HMAC_Update;
++ HMAC_Final;
++ ERR_get_next_error_library;
++ EVP_PKEY_cmp_parameters;
++ HMAC_cleanup;
++ BIO_ptr_ctrl;
++ BIO_new_file_internal;
++ BIO_new_fp_internal;
++ BIO_s_file_internal;
++ BN_BLINDING_convert;
++ BN_BLINDING_invert;
++ BN_BLINDING_update;
++ RSA_blinding_on;
++ RSA_blinding_off;
++ i2t_ASN1_OBJECT;
++ BN_BLINDING_new;
++ BN_BLINDING_free;
++ EVP_cast5_cbc;
++ EVP_cast5_cfb64;
++ EVP_cast5_ecb;
++ EVP_cast5_ofb;
++ BF_decrypt;
++ CAST_set_key;
++ CAST_encrypt;
++ CAST_decrypt;
++ CAST_ecb_encrypt;
++ CAST_cbc_encrypt;
++ CAST_cfb64_encrypt;
++ CAST_ofb64_encrypt;
++ RC2_decrypt;
++ OBJ_create_objects;
++ BN_exp;
++ BN_mul_word;
++ BN_sub_word;
++ BN_dec2bn;
++ BN_bn2dec;
++ BIO_ghbn_ctrl;
++ CRYPTO_free_ex_data;
++ CRYPTO_get_ex_data;
++ CRYPTO_set_ex_data;
++ ERR_load_CRYPTO_strings;
++ ERR_load_CRYPTOlib_strings;
++ EVP_PKEY_bits;
++ MD5_Transform;
++ SHA1_Transform;
++ SHA_Transform;
++ X509_STORE_CTX_get_chain;
++ X509_STORE_CTX_get_current_cert;
++ X509_STORE_CTX_get_error;
++ X509_STORE_CTX_get_error_depth;
++ X509_STORE_CTX_get_ex_data;
++ X509_STORE_CTX_set_cert;
++ X509_STORE_CTX_set_chain;
++ X509_STORE_CTX_set_error;
++ X509_STORE_CTX_set_ex_data;
++ CRYPTO_dup_ex_data;
++ CRYPTO_get_new_lockid;
++ CRYPTO_new_ex_data;
++ RSA_set_ex_data;
++ RSA_get_ex_data;
++ RSA_get_ex_new_index;
++ RSA_padding_add_PKCS1_type_1;
++ RSA_padding_add_PKCS1_type_2;
++ RSA_padding_add_SSLv23;
++ RSA_padding_add_none;
++ RSA_padding_check_PKCS1_type_1;
++ RSA_padding_check_PKCS1_type_2;
++ RSA_padding_check_SSLv23;
++ RSA_padding_check_none;
++ bn_add_words;
++ d2i_Netscape_RSA_2;
++ CRYPTO_get_ex_new_index;
++ RIPEMD160_Init;
++ RIPEMD160_Update;
++ RIPEMD160_Final;
++ RIPEMD160;
++ RIPEMD160_Transform;
++ RC5_32_set_key;
++ RC5_32_ecb_encrypt;
++ RC5_32_encrypt;
++ RC5_32_decrypt;
++ RC5_32_cbc_encrypt;
++ RC5_32_cfb64_encrypt;
++ RC5_32_ofb64_encrypt;
++ BN_bn2mpi;
++ BN_mpi2bn;
++ ASN1_BIT_STRING_get_bit;
++ ASN1_BIT_STRING_set_bit;
++ BIO_get_ex_data;
++ BIO_get_ex_new_index;
++ BIO_set_ex_data;
++ X509v3_get_key_usage;
++ X509v3_set_key_usage;
++ a2i_X509v3_key_usage;
++ i2a_X509v3_key_usage;
++ EVP_PKEY_decrypt;
++ EVP_PKEY_encrypt;
++ PKCS7_RECIP_INFO_set;
++ PKCS7_add_recipient;
++ PKCS7_add_recipient_info;
++ PKCS7_set_cipher;
++ ASN1_TYPE_get_int_octetstring;
++ ASN1_TYPE_get_octetstring;
++ ASN1_TYPE_set_int_octetstring;
++ ASN1_TYPE_set_octetstring;
++ ASN1_UTCTIME_set_string;
++ ERR_add_error_data;
++ ERR_set_error_data;
++ EVP_CIPHER_asn1_to_param;
++ EVP_CIPHER_param_to_asn1;
++ EVP_CIPHER_get_asn1_iv;
++ EVP_CIPHER_set_asn1_iv;
++ EVP_rc5_32_12_16_cbc;
++ EVP_rc5_32_12_16_cfb64;
++ EVP_rc5_32_12_16_ecb;
++ EVP_rc5_32_12_16_ofb;
++ asn1_add_error;
++ d2i_ASN1_BMPSTRING;
++ i2d_ASN1_BMPSTRING;
++ BIO_f_ber;
++ BN_init;
++ COMP_CTX_new;
++ COMP_CTX_free;
++ COMP_CTX_compress_block;
++ COMP_CTX_expand_block;
++ X509_STORE_CTX_get_ex_new_index;
++ OBJ_NAME_add;
++ BIO_socket_nbio;
++ EVP_rc2_64_cbc;
++ OBJ_NAME_cleanup;
++ OBJ_NAME_get;
++ OBJ_NAME_init;
++ OBJ_NAME_new_index;
++ OBJ_NAME_remove;
++ BN_MONT_CTX_copy;
++ BIO_new_socks4a_connect;
++ BIO_s_socks4a_connect;
++ PROXY_set_connect_mode;
++ RAND_SSLeay;
++ RAND_set_rand_method;
++ RSA_memory_lock;
++ bn_sub_words;
++ bn_mul_normal;
++ bn_mul_comba8;
++ bn_mul_comba4;
++ bn_sqr_normal;
++ bn_sqr_comba8;
++ bn_sqr_comba4;
++ bn_cmp_words;
++ bn_mul_recursive;
++ bn_mul_part_recursive;
++ bn_sqr_recursive;
++ bn_mul_low_normal;
++ BN_RECP_CTX_init;
++ BN_RECP_CTX_new;
++ BN_RECP_CTX_free;
++ BN_RECP_CTX_set;
++ BN_mod_mul_reciprocal;
++ BN_mod_exp_recp;
++ BN_div_recp;
++ BN_CTX_init;
++ BN_MONT_CTX_init;
++ RAND_get_rand_method;
++ PKCS7_add_attribute;
++ PKCS7_add_signed_attribute;
++ PKCS7_digest_from_attributes;
++ PKCS7_get_attribute;
++ PKCS7_get_issuer_and_serial;
++ PKCS7_get_signed_attribute;
++ COMP_compress_block;
++ COMP_expand_block;
++ COMP_rle;
++ COMP_zlib;
++ ms_time_diff;
++ ms_time_new;
++ ms_time_free;
++ ms_time_cmp;
++ ms_time_get;
++ PKCS7_set_attributes;
++ PKCS7_set_signed_attributes;
++ X509_ATTRIBUTE_create;
++ X509_ATTRIBUTE_dup;
++ ASN1_GENERALIZEDTIME_check;
++ ASN1_GENERALIZEDTIME_print;
++ ASN1_GENERALIZEDTIME_set;
++ ASN1_GENERALIZEDTIME_set_string;
++ ASN1_TIME_print;
++ BASIC_CONSTRAINTS_free;
++ BASIC_CONSTRAINTS_new;
++ ERR_load_X509V3_strings;
++ NETSCAPE_CERT_SEQUENCE_free;
++ NETSCAPE_CERT_SEQUENCE_new;
++ OBJ_txt2obj;
++ PEM_read_NETSCAPE_CERT_SEQUENCE;
++ PEM_read_NS_CERT_SEQ;
++ PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
++ PEM_read_bio_NS_CERT_SEQ;
++ PEM_write_NETSCAPE_CERT_SEQUENCE;
++ PEM_write_NS_CERT_SEQ;
++ PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
++ PEM_write_bio_NS_CERT_SEQ;
++ X509V3_EXT_add;
++ X509V3_EXT_add_alias;
++ X509V3_EXT_add_conf;
++ X509V3_EXT_cleanup;
++ X509V3_EXT_conf;
++ X509V3_EXT_conf_nid;
++ X509V3_EXT_get;
++ X509V3_EXT_get_nid;
++ X509V3_EXT_print;
++ X509V3_EXT_print_fp;
++ X509V3_add_standard_extensions;
++ X509V3_add_value;
++ X509V3_add_value_bool;
++ X509V3_add_value_int;
++ X509V3_conf_free;
++ X509V3_get_value_bool;
++ X509V3_get_value_int;
++ X509V3_parse_list;
++ d2i_ASN1_GENERALIZEDTIME;
++ d2i_ASN1_TIME;
++ d2i_BASIC_CONSTRAINTS;
++ d2i_NETSCAPE_CERT_SEQUENCE;
++ d2i_ext_ku;
++ ext_ku_free;
++ ext_ku_new;
++ i2d_ASN1_GENERALIZEDTIME;
++ i2d_ASN1_TIME;
++ i2d_BASIC_CONSTRAINTS;
++ i2d_NETSCAPE_CERT_SEQUENCE;
++ i2d_ext_ku;
++ EVP_MD_CTX_copy;
++ i2d_ASN1_ENUMERATED;
++ d2i_ASN1_ENUMERATED;
++ ASN1_ENUMERATED_set;
++ ASN1_ENUMERATED_get;
++ BN_to_ASN1_ENUMERATED;
++ ASN1_ENUMERATED_to_BN;
++ i2a_ASN1_ENUMERATED;
++ a2i_ASN1_ENUMERATED;
++ i2d_GENERAL_NAME;
++ d2i_GENERAL_NAME;
++ GENERAL_NAME_new;
++ GENERAL_NAME_free;
++ GENERAL_NAMES_new;
++ GENERAL_NAMES_free;
++ d2i_GENERAL_NAMES;
++ i2d_GENERAL_NAMES;
++ i2v_GENERAL_NAMES;
++ i2s_ASN1_OCTET_STRING;
++ s2i_ASN1_OCTET_STRING;
++ X509V3_EXT_check_conf;
++ hex_to_string;
++ string_to_hex;
++ DES_ede3_cbcm_encrypt;
++ RSA_padding_add_PKCS1_OAEP;
++ RSA_padding_check_PKCS1_OAEP;
++ X509_CRL_print_fp;
++ X509_CRL_print;
++ i2v_GENERAL_NAME;
++ v2i_GENERAL_NAME;
++ i2d_PKEY_USAGE_PERIOD;
++ d2i_PKEY_USAGE_PERIOD;
++ PKEY_USAGE_PERIOD_new;
++ PKEY_USAGE_PERIOD_free;
++ v2i_GENERAL_NAMES;
++ i2s_ASN1_INTEGER;
++ X509V3_EXT_d2i;
++ name_cmp;
++ str_dup;
++ i2s_ASN1_ENUMERATED;
++ i2s_ASN1_ENUMERATED_TABLE;
++ BIO_s_log;
++ BIO_f_reliable;
++ PKCS7_dataFinal;
++ PKCS7_dataDecode;
++ X509V3_EXT_CRL_add_conf;
++ BN_set_params;
++ BN_get_params;
++ BIO_get_ex_num;
++ BIO_set_ex_free_func;
++ EVP_ripemd160;
++ ASN1_TIME_set;
++ i2d_AUTHORITY_KEYID;
++ d2i_AUTHORITY_KEYID;
++ AUTHORITY_KEYID_new;
++ AUTHORITY_KEYID_free;
++ ASN1_seq_unpack;
++ ASN1_seq_pack;
++ ASN1_unpack_string;
++ ASN1_pack_string;
++ PKCS12_pack_safebag;
++ PKCS12_MAKE_KEYBAG;
++ PKCS8_encrypt;
++ PKCS12_MAKE_SHKEYBAG;
++ PKCS12_pack_p7data;
++ PKCS12_pack_p7encdata;
++ PKCS12_add_localkeyid;
++ PKCS12_add_friendlyname_asc;
++ PKCS12_add_friendlyname_uni;
++ PKCS12_get_friendlyname;
++ PKCS12_pbe_crypt;
++ PKCS12_decrypt_d2i;
++ PKCS12_i2d_encrypt;
++ PKCS12_init;
++ PKCS12_key_gen_asc;
++ PKCS12_key_gen_uni;
++ PKCS12_gen_mac;
++ PKCS12_verify_mac;
++ PKCS12_set_mac;
++ PKCS12_setup_mac;
++ OPENSSL_asc2uni;
++ OPENSSL_uni2asc;
++ i2d_PKCS12_BAGS;
++ PKCS12_BAGS_new;
++ d2i_PKCS12_BAGS;
++ PKCS12_BAGS_free;
++ i2d_PKCS12;
++ d2i_PKCS12;
++ PKCS12_new;
++ PKCS12_free;
++ i2d_PKCS12_MAC_DATA;
++ PKCS12_MAC_DATA_new;
++ d2i_PKCS12_MAC_DATA;
++ PKCS12_MAC_DATA_free;
++ i2d_PKCS12_SAFEBAG;
++ PKCS12_SAFEBAG_new;
++ d2i_PKCS12_SAFEBAG;
++ PKCS12_SAFEBAG_free;
++ ERR_load_PKCS12_strings;
++ PKCS12_PBE_add;
++ PKCS8_add_keyusage;
++ PKCS12_get_attr_gen;
++ PKCS12_parse;
++ PKCS12_create;
++ i2d_PKCS12_bio;
++ i2d_PKCS12_fp;
++ d2i_PKCS12_bio;
++ d2i_PKCS12_fp;
++ i2d_PBEPARAM;
++ PBEPARAM_new;
++ d2i_PBEPARAM;
++ PBEPARAM_free;
++ i2d_PKCS8_PRIV_KEY_INFO;
++ PKCS8_PRIV_KEY_INFO_new;
++ d2i_PKCS8_PRIV_KEY_INFO;
++ PKCS8_PRIV_KEY_INFO_free;
++ EVP_PKCS82PKEY;
++ EVP_PKEY2PKCS8;
++ PKCS8_set_broken;
++ EVP_PBE_ALGOR_CipherInit;
++ EVP_PBE_alg_add;
++ PKCS5_pbe_set;
++ EVP_PBE_cleanup;
++ i2d_SXNET;
++ d2i_SXNET;
++ SXNET_new;
++ SXNET_free;
++ i2d_SXNETID;
++ d2i_SXNETID;
++ SXNETID_new;
++ SXNETID_free;
++ DSA_SIG_new;
++ DSA_SIG_free;
++ DSA_do_sign;
++ DSA_do_verify;
++ d2i_DSA_SIG;
++ i2d_DSA_SIG;
++ i2d_ASN1_VISIBLESTRING;
++ d2i_ASN1_VISIBLESTRING;
++ i2d_ASN1_UTF8STRING;
++ d2i_ASN1_UTF8STRING;
++ i2d_DIRECTORYSTRING;
++ d2i_DIRECTORYSTRING;
++ i2d_DISPLAYTEXT;
++ d2i_DISPLAYTEXT;
++ d2i_ASN1_SET_OF_X509;
++ i2d_ASN1_SET_OF_X509;
++ i2d_PBKDF2PARAM;
++ PBKDF2PARAM_new;
++ d2i_PBKDF2PARAM;
++ PBKDF2PARAM_free;
++ i2d_PBE2PARAM;
++ PBE2PARAM_new;
++ d2i_PBE2PARAM;
++ PBE2PARAM_free;
++ d2i_ASN1_SET_OF_GENERAL_NAME;
++ i2d_ASN1_SET_OF_GENERAL_NAME;
++ d2i_ASN1_SET_OF_SXNETID;
++ i2d_ASN1_SET_OF_SXNETID;
++ d2i_ASN1_SET_OF_POLICYQUALINFO;
++ i2d_ASN1_SET_OF_POLICYQUALINFO;
++ d2i_ASN1_SET_OF_POLICYINFO;
++ i2d_ASN1_SET_OF_POLICYINFO;
++ SXNET_add_id_asc;
++ SXNET_add_id_ulong;
++ SXNET_add_id_INTEGER;
++ SXNET_get_id_asc;
++ SXNET_get_id_ulong;
++ SXNET_get_id_INTEGER;
++ X509V3_set_conf_lhash;
++ i2d_CERTIFICATEPOLICIES;
++ CERTIFICATEPOLICIES_new;
++ CERTIFICATEPOLICIES_free;
++ d2i_CERTIFICATEPOLICIES;
++ i2d_POLICYINFO;
++ POLICYINFO_new;
++ d2i_POLICYINFO;
++ POLICYINFO_free;
++ i2d_POLICYQUALINFO;
++ POLICYQUALINFO_new;
++ d2i_POLICYQUALINFO;
++ POLICYQUALINFO_free;
++ i2d_USERNOTICE;
++ USERNOTICE_new;
++ d2i_USERNOTICE;
++ USERNOTICE_free;
++ i2d_NOTICEREF;
++ NOTICEREF_new;
++ d2i_NOTICEREF;
++ NOTICEREF_free;
++ X509V3_get_string;
++ X509V3_get_section;
++ X509V3_string_free;
++ X509V3_section_free;
++ X509V3_set_ctx;
++ s2i_ASN1_INTEGER;
++ CRYPTO_set_locked_mem_functions;
++ CRYPTO_get_locked_mem_functions;
++ CRYPTO_malloc_locked;
++ CRYPTO_free_locked;
++ BN_mod_exp2_mont;
++ ERR_get_error_line_data;
++ ERR_peek_error_line_data;
++ PKCS12_PBE_keyivgen;
++ X509_ALGOR_dup;
++ d2i_ASN1_SET_OF_DIST_POINT;
++ i2d_ASN1_SET_OF_DIST_POINT;
++ i2d_CRL_DIST_POINTS;
++ CRL_DIST_POINTS_new;
++ CRL_DIST_POINTS_free;
++ d2i_CRL_DIST_POINTS;
++ i2d_DIST_POINT;
++ DIST_POINT_new;
++ d2i_DIST_POINT;
++ DIST_POINT_free;
++ i2d_DIST_POINT_NAME;
++ DIST_POINT_NAME_new;
++ DIST_POINT_NAME_free;
++ d2i_DIST_POINT_NAME;
++ X509V3_add_value_uchar;
++ d2i_ASN1_SET_OF_X509_ATTRIBUTE;
++ i2d_ASN1_SET_OF_ASN1_TYPE;
++ d2i_ASN1_SET_OF_X509_EXTENSION;
++ d2i_ASN1_SET_OF_X509_NAME_ENTRY;
++ d2i_ASN1_SET_OF_ASN1_TYPE;
++ i2d_ASN1_SET_OF_X509_ATTRIBUTE;
++ i2d_ASN1_SET_OF_X509_EXTENSION;
++ i2d_ASN1_SET_OF_X509_NAME_ENTRY;
++ X509V3_EXT_i2d;
++ X509V3_EXT_val_prn;
++ X509V3_EXT_add_list;
++ EVP_CIPHER_type;
++ EVP_PBE_CipherInit;
++ X509V3_add_value_bool_nf;
++ d2i_ASN1_UINTEGER;
++ sk_value;
++ sk_num;
++ sk_set;
++ i2d_ASN1_SET_OF_X509_REVOKED;
++ sk_sort;
++ d2i_ASN1_SET_OF_X509_REVOKED;
++ i2d_ASN1_SET_OF_X509_ALGOR;
++ i2d_ASN1_SET_OF_X509_CRL;
++ d2i_ASN1_SET_OF_X509_ALGOR;
++ d2i_ASN1_SET_OF_X509_CRL;
++ i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++ i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
++ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
++ d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
++ PKCS5_PBE_add;
++ PEM_write_bio_PKCS8;
++ i2d_PKCS8_fp;
++ PEM_read_bio_PKCS8_PRIV_KEY_INFO;
++ PEM_read_bio_P8_PRIV_KEY_INFO;
++ d2i_PKCS8_bio;
++ d2i_PKCS8_PRIV_KEY_INFO_fp;
++ PEM_write_bio_PKCS8_PRIV_KEY_INFO;
++ PEM_write_bio_P8_PRIV_KEY_INFO;
++ PEM_read_PKCS8;
++ d2i_PKCS8_PRIV_KEY_INFO_bio;
++ d2i_PKCS8_fp;
++ PEM_write_PKCS8;
++ PEM_read_PKCS8_PRIV_KEY_INFO;
++ PEM_read_P8_PRIV_KEY_INFO;
++ PEM_read_bio_PKCS8;
++ PEM_write_PKCS8_PRIV_KEY_INFO;
++ PEM_write_P8_PRIV_KEY_INFO;
++ PKCS5_PBE_keyivgen;
++ i2d_PKCS8_bio;
++ i2d_PKCS8_PRIV_KEY_INFO_fp;
++ i2d_PKCS8_PRIV_KEY_INFO_bio;
++ BIO_s_bio;
++ PKCS5_pbe2_set;
++ PKCS5_PBKDF2_HMAC_SHA1;
++ PKCS5_v2_PBE_keyivgen;
++ PEM_write_bio_PKCS8PrivateKey;
++ PEM_write_PKCS8PrivateKey;
++ BIO_ctrl_get_read_request;
++ BIO_ctrl_pending;
++ BIO_ctrl_wpending;
++ BIO_new_bio_pair;
++ BIO_ctrl_get_write_guarantee;
++ CRYPTO_num_locks;
++ CONF_load_bio;
++ CONF_load_fp;
++ i2d_ASN1_SET_OF_ASN1_OBJECT;
++ d2i_ASN1_SET_OF_ASN1_OBJECT;
++ PKCS7_signatureVerify;
++ RSA_set_method;
++ RSA_get_method;
++ RSA_get_default_method;
++ RSA_check_key;
++ OBJ_obj2txt;
++ DSA_dup_DH;
++ X509_REQ_get_extensions;
++ X509_REQ_set_extension_nids;
++ BIO_nwrite;
++ X509_REQ_extension_nid;
++ BIO_nread;
++ X509_REQ_get_extension_nids;
++ BIO_nwrite0;
++ X509_REQ_add_extensions_nid;
++ BIO_nread0;
++ X509_REQ_add_extensions;
++ BIO_new_mem_buf;
++ DH_set_ex_data;
++ DH_set_method;
++ DSA_OpenSSL;
++ DH_get_ex_data;
++ DH_get_ex_new_index;
++ DSA_new_method;
++ DH_new_method;
++ DH_OpenSSL;
++ DSA_get_ex_new_index;
++ DH_get_default_method;
++ DSA_set_ex_data;
++ DH_set_default_method;
++ DSA_get_ex_data;
++ X509V3_EXT_REQ_add_conf;
++ NETSCAPE_SPKI_print;
++ NETSCAPE_SPKI_set_pubkey;
++ NETSCAPE_SPKI_b64_encode;
++ NETSCAPE_SPKI_get_pubkey;
++ NETSCAPE_SPKI_b64_decode;
++ UTF8_putc;
++ UTF8_getc;
++ RSA_null_method;
++ ASN1_tag2str;
++ BIO_ctrl_reset_read_request;
++ DISPLAYTEXT_new;
++ ASN1_GENERALIZEDTIME_free;
++ X509_REVOKED_get_ext_d2i;
++ X509_set_ex_data;
++ X509_reject_set_bit_asc;
++ X509_NAME_add_entry_by_txt;
++ X509_NAME_add_entry_by_NID;
++ X509_PURPOSE_get0;
++ PEM_read_X509_AUX;
++ d2i_AUTHORITY_INFO_ACCESS;
++ PEM_write_PUBKEY;
++ ACCESS_DESCRIPTION_new;
++ X509_CERT_AUX_free;
++ d2i_ACCESS_DESCRIPTION;
++ X509_trust_clear;
++ X509_TRUST_add;
++ ASN1_VISIBLESTRING_new;
++ X509_alias_set1;
++ ASN1_PRINTABLESTRING_free;
++ EVP_PKEY_get1_DSA;
++ ASN1_BMPSTRING_new;
++ ASN1_mbstring_copy;
++ ASN1_UTF8STRING_new;
++ DSA_get_default_method;
++ i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
++ ASN1_T61STRING_free;
++ DSA_set_method;
++ X509_get_ex_data;
++ ASN1_STRING_type;
++ X509_PURPOSE_get_by_sname;
++ ASN1_TIME_free;
++ ASN1_OCTET_STRING_cmp;
++ ASN1_BIT_STRING_new;
++ X509_get_ext_d2i;
++ PEM_read_bio_X509_AUX;
++ ASN1_STRING_set_default_mask_asc;
++ ASN1_STRING_set_def_mask_asc;
++ PEM_write_bio_RSA_PUBKEY;
++ ASN1_INTEGER_cmp;
++ d2i_RSA_PUBKEY_fp;
++ X509_trust_set_bit_asc;
++ PEM_write_bio_DSA_PUBKEY;
++ X509_STORE_CTX_free;
++ EVP_PKEY_set1_DSA;
++ i2d_DSA_PUBKEY_fp;
++ X509_load_cert_crl_file;
++ ASN1_TIME_new;
++ i2d_RSA_PUBKEY;
++ X509_STORE_CTX_purpose_inherit;
++ PEM_read_RSA_PUBKEY;
++ d2i_X509_AUX;
++ i2d_DSA_PUBKEY;
++ X509_CERT_AUX_print;
++ PEM_read_DSA_PUBKEY;
++ i2d_RSA_PUBKEY_bio;
++ ASN1_BIT_STRING_num_asc;
++ i2d_PUBKEY;
++ ASN1_UTCTIME_free;
++ DSA_set_default_method;
++ X509_PURPOSE_get_by_id;
++ ACCESS_DESCRIPTION_free;
++ PEM_read_bio_PUBKEY;
++ ASN1_STRING_set_by_NID;
++ X509_PURPOSE_get_id;
++ DISPLAYTEXT_free;
++ OTHERNAME_new;
++ X509_CERT_AUX_new;
++ X509_TRUST_cleanup;
++ X509_NAME_add_entry_by_OBJ;
++ X509_CRL_get_ext_d2i;
++ X509_PURPOSE_get0_name;
++ PEM_read_PUBKEY;
++ i2d_DSA_PUBKEY_bio;
++ i2d_OTHERNAME;
++ ASN1_OCTET_STRING_free;
++ ASN1_BIT_STRING_set_asc;
++ X509_get_ex_new_index;
++ ASN1_STRING_TABLE_cleanup;
++ X509_TRUST_get_by_id;
++ X509_PURPOSE_get_trust;
++ ASN1_STRING_length;
++ d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
++ ASN1_PRINTABLESTRING_new;
++ X509V3_get_d2i;
++ ASN1_ENUMERATED_free;
++ i2d_X509_CERT_AUX;
++ X509_STORE_CTX_set_trust;
++ ASN1_STRING_set_default_mask;
++ X509_STORE_CTX_new;
++ EVP_PKEY_get1_RSA;
++ DIRECTORYSTRING_free;
++ PEM_write_X509_AUX;
++ ASN1_OCTET_STRING_set;
++ d2i_DSA_PUBKEY_fp;
++ d2i_RSA_PUBKEY;
++ X509_TRUST_get0_name;
++ X509_TRUST_get0;
++ AUTHORITY_INFO_ACCESS_free;
++ ASN1_IA5STRING_new;
++ d2i_DSA_PUBKEY;
++ X509_check_purpose;
++ ASN1_ENUMERATED_new;
++ d2i_RSA_PUBKEY_bio;
++ d2i_PUBKEY;
++ X509_TRUST_get_trust;
++ X509_TRUST_get_flags;
++ ASN1_BMPSTRING_free;
++ ASN1_T61STRING_new;
++ ASN1_UTCTIME_new;
++ i2d_AUTHORITY_INFO_ACCESS;
++ EVP_PKEY_set1_RSA;
++ X509_STORE_CTX_set_purpose;
++ ASN1_IA5STRING_free;
++ PEM_write_bio_X509_AUX;
++ X509_PURPOSE_get_count;
++ CRYPTO_add_info;
++ X509_NAME_ENTRY_create_by_txt;
++ ASN1_STRING_get_default_mask;
++ X509_alias_get0;
++ ASN1_STRING_data;
++ i2d_ACCESS_DESCRIPTION;
++ X509_trust_set_bit;
++ ASN1_BIT_STRING_free;
++ PEM_read_bio_RSA_PUBKEY;
++ X509_add1_reject_object;
++ X509_check_trust;
++ PEM_read_bio_DSA_PUBKEY;
++ X509_PURPOSE_add;
++ ASN1_STRING_TABLE_get;
++ ASN1_UTF8STRING_free;
++ d2i_DSA_PUBKEY_bio;
++ PEM_write_RSA_PUBKEY;
++ d2i_OTHERNAME;
++ X509_reject_set_bit;
++ PEM_write_DSA_PUBKEY;
++ X509_PURPOSE_get0_sname;
++ EVP_PKEY_set1_DH;
++ ASN1_OCTET_STRING_dup;
++ ASN1_BIT_STRING_set;
++ X509_TRUST_get_count;
++ ASN1_INTEGER_free;
++ OTHERNAME_free;
++ i2d_RSA_PUBKEY_fp;
++ ASN1_INTEGER_dup;
++ d2i_X509_CERT_AUX;
++ PEM_write_bio_PUBKEY;
++ ASN1_VISIBLESTRING_free;
++ X509_PURPOSE_cleanup;
++ ASN1_mbstring_ncopy;
++ ASN1_GENERALIZEDTIME_new;
++ EVP_PKEY_get1_DH;
++ ASN1_OCTET_STRING_new;
++ ASN1_INTEGER_new;
++ i2d_X509_AUX;
++ ASN1_BIT_STRING_name_print;
++ X509_cmp;
++ ASN1_STRING_length_set;
++ DIRECTORYSTRING_new;
++ X509_add1_trust_object;
++ PKCS12_newpass;
++ SMIME_write_PKCS7;
++ SMIME_read_PKCS7;
++ DES_set_key_checked;
++ PKCS7_verify;
++ PKCS7_encrypt;
++ DES_set_key_unchecked;
++ SMIME_crlf_copy;
++ i2d_ASN1_PRINTABLESTRING;
++ PKCS7_get0_signers;
++ PKCS7_decrypt;
++ SMIME_text;
++ PKCS7_simple_smimecap;
++ PKCS7_get_smimecap;
++ PKCS7_sign;
++ PKCS7_add_attrib_smimecap;
++ CRYPTO_dbg_set_options;
++ CRYPTO_remove_all_info;
++ CRYPTO_get_mem_debug_functions;
++ CRYPTO_is_mem_check_on;
++ CRYPTO_set_mem_debug_functions;
++ CRYPTO_pop_info;
++ CRYPTO_push_info_;
++ CRYPTO_set_mem_debug_options;
++ PEM_write_PKCS8PrivateKey_nid;
++ PEM_write_bio_PKCS8PrivateKey_nid;
++ PEM_write_bio_PKCS8PrivKey_nid;
++ d2i_PKCS8PrivateKey_bio;
++ ASN1_NULL_free;
++ d2i_ASN1_NULL;
++ ASN1_NULL_new;
++ i2d_PKCS8PrivateKey_bio;
++ i2d_PKCS8PrivateKey_fp;
++ i2d_ASN1_NULL;
++ i2d_PKCS8PrivateKey_nid_fp;
++ d2i_PKCS8PrivateKey_fp;
++ i2d_PKCS8PrivateKey_nid_bio;
++ i2d_PKCS8PrivateKeyInfo_fp;
++ i2d_PKCS8PrivateKeyInfo_bio;
++ PEM_cb;
++ i2d_PrivateKey_fp;
++ d2i_PrivateKey_bio;
++ d2i_PrivateKey_fp;
++ i2d_PrivateKey_bio;
++ X509_reject_clear;
++ X509_TRUST_set_default;
++ d2i_AutoPrivateKey;
++ X509_ATTRIBUTE_get0_type;
++ X509_ATTRIBUTE_set1_data;
++ X509at_get_attr;
++ X509at_get_attr_count;
++ X509_ATTRIBUTE_create_by_NID;
++ X509_ATTRIBUTE_set1_object;
++ X509_ATTRIBUTE_count;
++ X509_ATTRIBUTE_create_by_OBJ;
++ X509_ATTRIBUTE_get0_object;
++ X509at_get_attr_by_NID;
++ X509at_add1_attr;
++ X509_ATTRIBUTE_get0_data;
++ X509at_delete_attr;
++ X509at_get_attr_by_OBJ;
++ RAND_add;
++ BIO_number_written;
++ BIO_number_read;
++ X509_STORE_CTX_get1_chain;
++ ERR_load_RAND_strings;
++ RAND_pseudo_bytes;
++ X509_REQ_get_attr_by_NID;
++ X509_REQ_get_attr;
++ X509_REQ_add1_attr_by_NID;
++ X509_REQ_get_attr_by_OBJ;
++ X509at_add1_attr_by_NID;
++ X509_REQ_add1_attr_by_OBJ;
++ X509_REQ_get_attr_count;
++ X509_REQ_add1_attr;
++ X509_REQ_delete_attr;
++ X509at_add1_attr_by_OBJ;
++ X509_REQ_add1_attr_by_txt;
++ X509_ATTRIBUTE_create_by_txt;
++ X509at_add1_attr_by_txt;
++ BN_pseudo_rand;
++ BN_is_prime_fasttest;
++ BN_CTX_end;
++ BN_CTX_start;
++ BN_CTX_get;
++ EVP_PKEY2PKCS8_broken;
++ ASN1_STRING_TABLE_add;
++ CRYPTO_dbg_get_options;
++ AUTHORITY_INFO_ACCESS_new;
++ CRYPTO_get_mem_debug_options;
++ DES_crypt;
++ PEM_write_bio_X509_REQ_NEW;
++ PEM_write_X509_REQ_NEW;
++ BIO_callback_ctrl;
++ RAND_egd;
++ RAND_status;
++ bn_dump1;
++ DES_check_key_parity;
++ lh_num_items;
++ RAND_event;
++ DSO_new;
++ DSO_new_method;
++ DSO_free;
++ DSO_flags;
++ DSO_up;
++ DSO_set_default_method;
++ DSO_get_default_method;
++ DSO_get_method;
++ DSO_set_method;
++ DSO_load;
++ DSO_bind_var;
++ DSO_METHOD_null;
++ DSO_METHOD_openssl;
++ DSO_METHOD_dlfcn;
++ DSO_METHOD_win32;
++ ERR_load_DSO_strings;
++ DSO_METHOD_dl;
++ NCONF_load;
++ NCONF_load_fp;
++ NCONF_new;
++ NCONF_get_string;
++ NCONF_free;
++ NCONF_get_number;
++ CONF_dump_fp;
++ NCONF_load_bio;
++ NCONF_dump_fp;
++ NCONF_get_section;
++ NCONF_dump_bio;
++ CONF_dump_bio;
++ NCONF_free_data;
++ CONF_set_default_method;
++ ERR_error_string_n;
++ BIO_snprintf;
++ DSO_ctrl;
++ i2d_ASN1_SET_OF_ASN1_INTEGER;
++ i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
++ i2d_ASN1_SET_OF_PKCS7;
++ BIO_vfree;
++ d2i_ASN1_SET_OF_ASN1_INTEGER;
++ d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
++ ASN1_UTCTIME_get;
++ X509_REQ_digest;
++ X509_CRL_digest;
++ d2i_ASN1_SET_OF_PKCS7;
++ EVP_CIPHER_CTX_set_key_length;
++ EVP_CIPHER_CTX_ctrl;
++ BN_mod_exp_mont_word;
++ RAND_egd_bytes;
++ X509_REQ_get1_email;
++ X509_get1_email;
++ X509_email_free;
++ i2d_RSA_NET;
++ d2i_RSA_NET_2;
++ d2i_RSA_NET;
++ DSO_bind_func;
++ CRYPTO_get_new_dynlockid;
++ sk_new_null;
++ CRYPTO_set_dynlock_destroy_callback;
++ CRYPTO_set_dynlock_destroy_cb;
++ CRYPTO_destroy_dynlockid;
++ CRYPTO_set_dynlock_size;
++ CRYPTO_set_dynlock_create_callback;
++ CRYPTO_set_dynlock_create_cb;
++ CRYPTO_set_dynlock_lock_callback;
++ CRYPTO_set_dynlock_lock_cb;
++ CRYPTO_get_dynlock_lock_callback;
++ CRYPTO_get_dynlock_lock_cb;
++ CRYPTO_get_dynlock_destroy_callback;
++ CRYPTO_get_dynlock_destroy_cb;
++ CRYPTO_get_dynlock_value;
++ CRYPTO_get_dynlock_create_callback;
++ CRYPTO_get_dynlock_create_cb;
++ c2i_ASN1_BIT_STRING;
++ i2c_ASN1_BIT_STRING;
++ RAND_poll;
++ c2i_ASN1_INTEGER;
++ i2c_ASN1_INTEGER;
++ BIO_dump_indent;
++ ASN1_parse_dump;
++ c2i_ASN1_OBJECT;
++ X509_NAME_print_ex_fp;
++ ASN1_STRING_print_ex_fp;
++ X509_NAME_print_ex;
++ ASN1_STRING_print_ex;
++ MD4;
++ MD4_Transform;
++ MD4_Final;
++ MD4_Update;
++ MD4_Init;
++ EVP_md4;
++ i2d_PUBKEY_bio;
++ i2d_PUBKEY_fp;
++ d2i_PUBKEY_bio;
++ ASN1_STRING_to_UTF8;
++ BIO_vprintf;
++ BIO_vsnprintf;
++ d2i_PUBKEY_fp;
++ X509_cmp_time;
++ X509_STORE_CTX_set_time;
++ X509_STORE_CTX_get1_issuer;
++ X509_OBJECT_retrieve_match;
++ X509_OBJECT_idx_by_subject;
++ X509_STORE_CTX_set_flags;
++ X509_STORE_CTX_trusted_stack;
++ X509_time_adj;
++ X509_check_issued;
++ ASN1_UTCTIME_cmp_time_t;
++ DES_set_weak_key_flag;
++ DES_check_key;
++ DES_rw_mode;
++ RSA_PKCS1_RSAref;
++ X509_keyid_set1;
++ BIO_next;
++ DSO_METHOD_vms;
++ BIO_f_linebuffer;
++ BN_bntest_rand;
++ OPENSSL_issetugid;
++ BN_rand_range;
++ ERR_load_ENGINE_strings;
++ ENGINE_set_DSA;
++ ENGINE_get_finish_function;
++ ENGINE_get_default_RSA;
++ ENGINE_get_BN_mod_exp;
++ DSA_get_default_openssl_method;
++ ENGINE_set_DH;
++ ENGINE_set_def_BN_mod_exp_crt;
++ ENGINE_set_default_BN_mod_exp_crt;
++ ENGINE_init;
++ DH_get_default_openssl_method;
++ RSA_set_default_openssl_method;
++ ENGINE_finish;
++ ENGINE_load_public_key;
++ ENGINE_get_DH;
++ ENGINE_ctrl;
++ ENGINE_get_init_function;
++ ENGINE_set_init_function;
++ ENGINE_set_default_DSA;
++ ENGINE_get_name;
++ ENGINE_get_last;
++ ENGINE_get_prev;
++ ENGINE_get_default_DH;
++ ENGINE_get_RSA;
++ ENGINE_set_default;
++ ENGINE_get_RAND;
++ ENGINE_get_first;
++ ENGINE_by_id;
++ ENGINE_set_finish_function;
++ ENGINE_get_def_BN_mod_exp_crt;
++ ENGINE_get_default_BN_mod_exp_crt;
++ RSA_get_default_openssl_method;
++ ENGINE_set_RSA;
++ ENGINE_load_private_key;
++ ENGINE_set_default_RAND;
++ ENGINE_set_BN_mod_exp;
++ ENGINE_remove;
++ ENGINE_free;
++ ENGINE_get_BN_mod_exp_crt;
++ ENGINE_get_next;
++ ENGINE_set_name;
++ ENGINE_get_default_DSA;
++ ENGINE_set_default_BN_mod_exp;
++ ENGINE_set_default_RSA;
++ ENGINE_get_default_RAND;
++ ENGINE_get_default_BN_mod_exp;
++ ENGINE_set_RAND;
++ ENGINE_set_id;
++ ENGINE_set_BN_mod_exp_crt;
++ ENGINE_set_default_DH;
++ ENGINE_new;
++ ENGINE_get_id;
++ DSA_set_default_openssl_method;
++ ENGINE_add;
++ DH_set_default_openssl_method;
++ ENGINE_get_DSA;
++ ENGINE_get_ctrl_function;
++ ENGINE_set_ctrl_function;
++ BN_pseudo_rand_range;
++ X509_STORE_CTX_set_verify_cb;
++ ERR_load_COMP_strings;
++ PKCS12_item_decrypt_d2i;
++ ASN1_UTF8STRING_it;
++ ENGINE_unregister_ciphers;
++ ENGINE_get_ciphers;
++ d2i_OCSP_BASICRESP;
++ KRB5_CHECKSUM_it;
++ EC_POINT_add;
++ ASN1_item_ex_i2d;
++ OCSP_CERTID_it;
++ d2i_OCSP_RESPBYTES;
++ X509V3_add1_i2d;
++ PKCS7_ENVELOPE_it;
++ UI_add_input_boolean;
++ ENGINE_unregister_RSA;
++ X509V3_EXT_nconf;
++ ASN1_GENERALSTRING_free;
++ d2i_OCSP_CERTSTATUS;
++ X509_REVOKED_set_serialNumber;
++ X509_print_ex;
++ OCSP_ONEREQ_get1_ext_d2i;
++ ENGINE_register_all_RAND;
++ ENGINE_load_dynamic;
++ PBKDF2PARAM_it;
++ EXTENDED_KEY_USAGE_new;
++ EC_GROUP_clear_free;
++ OCSP_sendreq_bio;
++ ASN1_item_digest;
++ OCSP_BASICRESP_delete_ext;
++ OCSP_SIGNATURE_it;
++ X509_CRL_it;
++ OCSP_BASICRESP_add_ext;
++ KRB5_ENCKEY_it;
++ UI_method_set_closer;
++ X509_STORE_set_purpose;
++ i2d_ASN1_GENERALSTRING;
++ OCSP_response_status;
++ i2d_OCSP_SERVICELOC;
++ ENGINE_get_digest_engine;
++ EC_GROUP_set_curve_GFp;
++ OCSP_REQUEST_get_ext_by_OBJ;
++ _ossl_old_des_random_key;
++ ASN1_T61STRING_it;
++ EC_GROUP_method_of;
++ i2d_KRB5_APREQ;
++ _ossl_old_des_encrypt;
++ ASN1_PRINTABLE_new;
++ HMAC_Init_ex;
++ d2i_KRB5_AUTHENT;
++ OCSP_archive_cutoff_new;
++ EC_POINT_set_Jprojective_coordinates_GFp;
++ EC_POINT_set_Jproj_coords_GFp;
++ _ossl_old_des_is_weak_key;
++ OCSP_BASICRESP_get_ext_by_OBJ;
++ EC_POINT_oct2point;
++ OCSP_SINGLERESP_get_ext_count;
++ UI_ctrl;
++ _shadow_DES_rw_mode;
++ asn1_do_adb;
++ ASN1_template_i2d;
++ ENGINE_register_DH;
++ UI_construct_prompt;
++ X509_STORE_set_trust;
++ UI_dup_input_string;
++ d2i_KRB5_APREQ;
++ EVP_MD_CTX_copy_ex;
++ OCSP_request_is_signed;
++ i2d_OCSP_REQINFO;
++ KRB5_ENCKEY_free;
++ OCSP_resp_get0;
++ GENERAL_NAME_it;
++ ASN1_GENERALIZEDTIME_it;
++ X509_STORE_set_flags;
++ EC_POINT_set_compressed_coordinates_GFp;
++ EC_POINT_set_compr_coords_GFp;
++ OCSP_response_status_str;
++ d2i_OCSP_REVOKEDINFO;
++ OCSP_basic_add1_cert;
++ ERR_get_implementation;
++ EVP_CipherFinal_ex;
++ OCSP_CERTSTATUS_new;
++ CRYPTO_cleanup_all_ex_data;
++ OCSP_resp_find;
++ BN_nnmod;
++ X509_CRL_sort;
++ X509_REVOKED_set_revocationDate;
++ ENGINE_register_RAND;
++ OCSP_SERVICELOC_new;
++ EC_POINT_set_affine_coordinates_GFp;
++ EC_POINT_set_affine_coords_GFp;
++ _ossl_old_des_options;
++ SXNET_it;
++ UI_dup_input_boolean;
++ PKCS12_add_CSPName_asc;
++ EC_POINT_is_at_infinity;
++ ENGINE_load_cryptodev;
++ DSO_convert_filename;
++ POLICYQUALINFO_it;
++ ENGINE_register_ciphers;
++ BN_mod_lshift_quick;
++ DSO_set_filename;
++ ASN1_item_free;
++ KRB5_TKTBODY_free;
++ AUTHORITY_KEYID_it;
++ KRB5_APREQBODY_new;
++ X509V3_EXT_REQ_add_nconf;
++ ENGINE_ctrl_cmd_string;
++ i2d_OCSP_RESPDATA;
++ EVP_MD_CTX_init;
++ EXTENDED_KEY_USAGE_free;
++ PKCS7_ATTR_SIGN_it;
++ UI_add_error_string;
++ KRB5_CHECKSUM_free;
++ OCSP_REQUEST_get_ext;
++ ENGINE_load_ubsec;
++ ENGINE_register_all_digests;
++ PKEY_USAGE_PERIOD_it;
++ PKCS12_unpack_authsafes;
++ ASN1_item_unpack;
++ NETSCAPE_SPKAC_it;
++ X509_REVOKED_it;
++ ASN1_STRING_encode;
++ EVP_aes_128_ecb;
++ KRB5_AUTHENT_free;
++ OCSP_BASICRESP_get_ext_by_critical;
++ OCSP_BASICRESP_get_ext_by_crit;
++ OCSP_cert_status_str;
++ d2i_OCSP_REQUEST;
++ UI_dup_info_string;
++ _ossl_old_des_xwhite_in2out;
++ PKCS12_it;
++ OCSP_SINGLERESP_get_ext_by_critical;
++ OCSP_SINGLERESP_get_ext_by_crit;
++ OCSP_CERTSTATUS_free;
++ _ossl_old_des_crypt;
++ ASN1_item_i2d;
++ EVP_DecryptFinal_ex;
++ ENGINE_load_openssl;
++ ENGINE_get_cmd_defns;
++ ENGINE_set_load_privkey_function;
++ ENGINE_set_load_privkey_fn;
++ EVP_EncryptFinal_ex;
++ ENGINE_set_default_digests;
++ X509_get0_pubkey_bitstr;
++ asn1_ex_i2c;
++ ENGINE_register_RSA;
++ ENGINE_unregister_DSA;
++ _ossl_old_des_key_sched;
++ X509_EXTENSION_it;
++ i2d_KRB5_AUTHENT;
++ SXNETID_it;
++ d2i_OCSP_SINGLERESP;
++ EDIPARTYNAME_new;
++ PKCS12_certbag2x509;
++ _ossl_old_des_ofb64_encrypt;
++ d2i_EXTENDED_KEY_USAGE;
++ ERR_print_errors_cb;
++ ENGINE_set_ciphers;
++ d2i_KRB5_APREQBODY;
++ UI_method_get_flusher;
++ X509_PUBKEY_it;
++ _ossl_old_des_enc_read;
++ PKCS7_ENCRYPT_it;
++ i2d_OCSP_RESPONSE;
++ EC_GROUP_get_cofactor;
++ PKCS12_unpack_p7data;
++ d2i_KRB5_AUTHDATA;
++ OCSP_copy_nonce;
++ KRB5_AUTHDATA_new;
++ OCSP_RESPDATA_new;
++ EC_GFp_mont_method;
++ OCSP_REVOKEDINFO_free;
++ UI_get_ex_data;
++ KRB5_APREQBODY_free;
++ EC_GROUP_get0_generator;
++ UI_get_default_method;
++ X509V3_set_nconf;
++ PKCS12_item_i2d_encrypt;
++ X509_add1_ext_i2d;
++ PKCS7_SIGNER_INFO_it;
++ KRB5_PRINCNAME_new;
++ PKCS12_SAFEBAG_it;
++ EC_GROUP_get_order;
++ d2i_OCSP_RESPID;
++ OCSP_request_verify;
++ NCONF_get_number_e;
++ _ossl_old_des_decrypt3;
++ X509_signature_print;
++ OCSP_SINGLERESP_free;
++ ENGINE_load_builtin_engines;
++ i2d_OCSP_ONEREQ;
++ OCSP_REQUEST_add_ext;
++ OCSP_RESPBYTES_new;
++ EVP_MD_CTX_create;
++ OCSP_resp_find_status;
++ X509_ALGOR_it;
++ ASN1_TIME_it;
++ OCSP_request_set1_name;
++ OCSP_ONEREQ_get_ext_count;
++ UI_get0_result;
++ PKCS12_AUTHSAFES_it;
++ EVP_aes_256_ecb;
++ PKCS12_pack_authsafes;
++ ASN1_IA5STRING_it;
++ UI_get_input_flags;
++ EC_GROUP_set_generator;
++ _ossl_old_des_string_to_2keys;
++ OCSP_CERTID_free;
++ X509_CERT_AUX_it;
++ CERTIFICATEPOLICIES_it;
++ _ossl_old_des_ede3_cbc_encrypt;
++ RAND_set_rand_engine;
++ DSO_get_loaded_filename;
++ X509_ATTRIBUTE_it;
++ OCSP_ONEREQ_get_ext_by_NID;
++ PKCS12_decrypt_skey;
++ KRB5_AUTHENT_it;
++ UI_dup_error_string;
++ RSAPublicKey_it;
++ i2d_OCSP_REQUEST;
++ PKCS12_x509crl2certbag;
++ OCSP_SERVICELOC_it;
++ ASN1_item_sign;
++ X509_CRL_set_issuer_name;
++ OBJ_NAME_do_all_sorted;
++ i2d_OCSP_BASICRESP;
++ i2d_OCSP_RESPBYTES;
++ PKCS12_unpack_p7encdata;
++ HMAC_CTX_init;
++ ENGINE_get_digest;
++ OCSP_RESPONSE_print;
++ KRB5_TKTBODY_it;
++ ACCESS_DESCRIPTION_it;
++ PKCS7_ISSUER_AND_SERIAL_it;
++ PBE2PARAM_it;
++ PKCS12_certbag2x509crl;
++ PKCS7_SIGNED_it;
++ ENGINE_get_cipher;
++ i2d_OCSP_CRLID;
++ OCSP_SINGLERESP_new;
++ ENGINE_cmd_is_executable;
++ RSA_up_ref;
++ ASN1_GENERALSTRING_it;
++ ENGINE_register_DSA;
++ X509V3_EXT_add_nconf_sk;
++ ENGINE_set_load_pubkey_function;
++ PKCS8_decrypt;
++ PEM_bytes_read_bio;
++ DIRECTORYSTRING_it;
++ d2i_OCSP_CRLID;
++ EC_POINT_is_on_curve;
++ CRYPTO_set_locked_mem_ex_functions;
++ CRYPTO_set_locked_mem_ex_funcs;
++ d2i_KRB5_CHECKSUM;
++ ASN1_item_dup;
++ X509_it;
++ BN_mod_add;
++ KRB5_AUTHDATA_free;
++ _ossl_old_des_cbc_cksum;
++ ASN1_item_verify;
++ CRYPTO_set_mem_ex_functions;
++ EC_POINT_get_Jprojective_coordinates_GFp;
++ EC_POINT_get_Jproj_coords_GFp;
++ ZLONG_it;
++ CRYPTO_get_locked_mem_ex_functions;
++ CRYPTO_get_locked_mem_ex_funcs;
++ ASN1_TIME_check;
++ UI_get0_user_data;
++ HMAC_CTX_cleanup;
++ DSA_up_ref;
++ _ossl_old_des_ede3_cfb64_encrypt;
++ _ossl_odes_ede3_cfb64_encrypt;
++ ASN1_BMPSTRING_it;
++ ASN1_tag2bit;
++ UI_method_set_flusher;
++ X509_ocspid_print;
++ KRB5_ENCDATA_it;
++ ENGINE_get_load_pubkey_function;
++ UI_add_user_data;
++ OCSP_REQUEST_delete_ext;
++ UI_get_method;
++ OCSP_ONEREQ_free;
++ ASN1_PRINTABLESTRING_it;
++ X509_CRL_set_nextUpdate;
++ OCSP_REQUEST_it;
++ OCSP_BASICRESP_it;
++ AES_ecb_encrypt;
++ BN_mod_sqr;
++ NETSCAPE_CERT_SEQUENCE_it;
++ GENERAL_NAMES_it;
++ AUTHORITY_INFO_ACCESS_it;
++ ASN1_FBOOLEAN_it;
++ UI_set_ex_data;
++ _ossl_old_des_string_to_key;
++ ENGINE_register_all_RSA;
++ d2i_KRB5_PRINCNAME;
++ OCSP_RESPBYTES_it;
++ X509_CINF_it;
++ ENGINE_unregister_digests;
++ d2i_EDIPARTYNAME;
++ d2i_OCSP_SERVICELOC;
++ ENGINE_get_digests;
++ _ossl_old_des_set_odd_parity;
++ OCSP_RESPDATA_free;
++ d2i_KRB5_TICKET;
++ OTHERNAME_it;
++ EVP_MD_CTX_cleanup;
++ d2i_ASN1_GENERALSTRING;
++ X509_CRL_set_version;
++ BN_mod_sub;
++ OCSP_SINGLERESP_get_ext_by_NID;
++ ENGINE_get_ex_new_index;
++ OCSP_REQUEST_free;
++ OCSP_REQUEST_add1_ext_i2d;
++ X509_VAL_it;
++ EC_POINTs_make_affine;
++ EC_POINT_mul;
++ X509V3_EXT_add_nconf;
++ X509_TRUST_set;
++ X509_CRL_add1_ext_i2d;
++ _ossl_old_des_fcrypt;
++ DISPLAYTEXT_it;
++ X509_CRL_set_lastUpdate;
++ OCSP_BASICRESP_free;
++ OCSP_BASICRESP_add1_ext_i2d;
++ d2i_KRB5_AUTHENTBODY;
++ CRYPTO_set_ex_data_implementation;
++ CRYPTO_set_ex_data_impl;
++ KRB5_ENCDATA_new;
++ DSO_up_ref;
++ OCSP_crl_reason_str;
++ UI_get0_result_string;
++ ASN1_GENERALSTRING_new;
++ X509_SIG_it;
++ ERR_set_implementation;
++ ERR_load_EC_strings;
++ UI_get0_action_string;
++ OCSP_ONEREQ_get_ext;
++ EC_POINT_method_of;
++ i2d_KRB5_APREQBODY;
++ _ossl_old_des_ecb3_encrypt;
++ CRYPTO_get_mem_ex_functions;
++ ENGINE_get_ex_data;
++ UI_destroy_method;
++ ASN1_item_i2d_bio;
++ OCSP_ONEREQ_get_ext_by_OBJ;
++ ASN1_primitive_new;
++ ASN1_PRINTABLE_it;
++ EVP_aes_192_ecb;
++ OCSP_SIGNATURE_new;
++ LONG_it;
++ ASN1_VISIBLESTRING_it;
++ OCSP_SINGLERESP_add1_ext_i2d;
++ d2i_OCSP_CERTID;
++ ASN1_item_d2i_fp;
++ CRL_DIST_POINTS_it;
++ GENERAL_NAME_print;
++ OCSP_SINGLERESP_delete_ext;
++ PKCS12_SAFEBAGS_it;
++ d2i_OCSP_SIGNATURE;
++ OCSP_request_add1_nonce;
++ ENGINE_set_cmd_defns;
++ OCSP_SERVICELOC_free;
++ EC_GROUP_free;
++ ASN1_BIT_STRING_it;
++ X509_REQ_it;
++ _ossl_old_des_cbc_encrypt;
++ ERR_unload_strings;
++ PKCS7_SIGN_ENVELOPE_it;
++ EDIPARTYNAME_free;
++ OCSP_REQINFO_free;
++ EC_GROUP_new_curve_GFp;
++ OCSP_REQUEST_get1_ext_d2i;
++ PKCS12_item_pack_safebag;
++ asn1_ex_c2i;
++ ENGINE_register_digests;
++ i2d_OCSP_REVOKEDINFO;
++ asn1_enc_restore;
++ UI_free;
++ UI_new_method;
++ EVP_EncryptInit_ex;
++ X509_pubkey_digest;
++ EC_POINT_invert;
++ OCSP_basic_sign;
++ i2d_OCSP_RESPID;
++ OCSP_check_nonce;
++ ENGINE_ctrl_cmd;
++ d2i_KRB5_ENCKEY;
++ OCSP_parse_url;
++ OCSP_SINGLERESP_get_ext;
++ OCSP_CRLID_free;
++ OCSP_BASICRESP_get1_ext_d2i;
++ RSAPrivateKey_it;
++ ENGINE_register_all_DH;
++ i2d_EDIPARTYNAME;
++ EC_POINT_get_affine_coordinates_GFp;
++ EC_POINT_get_affine_coords_GFp;
++ OCSP_CRLID_new;
++ ENGINE_get_flags;
++ OCSP_ONEREQ_it;
++ UI_process;
++ ASN1_INTEGER_it;
++ EVP_CipherInit_ex;
++ UI_get_string_type;
++ ENGINE_unregister_DH;
++ ENGINE_register_all_DSA;
++ OCSP_ONEREQ_get_ext_by_critical;
++ bn_dup_expand;
++ OCSP_cert_id_new;
++ BASIC_CONSTRAINTS_it;
++ BN_mod_add_quick;
++ EC_POINT_new;
++ EVP_MD_CTX_destroy;
++ OCSP_RESPBYTES_free;
++ EVP_aes_128_cbc;
++ OCSP_SINGLERESP_get1_ext_d2i;
++ EC_POINT_free;
++ DH_up_ref;
++ X509_NAME_ENTRY_it;
++ UI_get_ex_new_index;
++ BN_mod_sub_quick;
++ OCSP_ONEREQ_add_ext;
++ OCSP_request_sign;
++ EVP_DigestFinal_ex;
++ ENGINE_set_digests;
++ OCSP_id_issuer_cmp;
++ OBJ_NAME_do_all;
++ EC_POINTs_mul;
++ ENGINE_register_complete;
++ X509V3_EXT_nconf_nid;
++ ASN1_SEQUENCE_it;
++ UI_set_default_method;
++ RAND_query_egd_bytes;
++ UI_method_get_writer;
++ UI_OpenSSL;
++ PEM_def_callback;
++ ENGINE_cleanup;
++ DIST_POINT_it;
++ OCSP_SINGLERESP_it;
++ d2i_KRB5_TKTBODY;
++ EC_POINT_cmp;
++ OCSP_REVOKEDINFO_new;
++ i2d_OCSP_CERTSTATUS;
++ OCSP_basic_add1_nonce;
++ ASN1_item_ex_d2i;
++ BN_mod_lshift1_quick;
++ UI_set_method;
++ OCSP_id_get0_info;
++ BN_mod_sqrt;
++ EC_GROUP_copy;
++ KRB5_ENCDATA_free;
++ _ossl_old_des_cfb_encrypt;
++ OCSP_SINGLERESP_get_ext_by_OBJ;
++ OCSP_cert_to_id;
++ OCSP_RESPID_new;
++ OCSP_RESPDATA_it;
++ d2i_OCSP_RESPDATA;
++ ENGINE_register_all_complete;
++ OCSP_check_validity;
++ PKCS12_BAGS_it;
++ OCSP_url_svcloc_new;
++ ASN1_template_free;
++ OCSP_SINGLERESP_add_ext;
++ KRB5_AUTHENTBODY_it;
++ X509_supported_extension;
++ i2d_KRB5_AUTHDATA;
++ UI_method_get_opener;
++ ENGINE_set_ex_data;
++ OCSP_REQUEST_print;
++ CBIGNUM_it;
++ KRB5_TICKET_new;
++ KRB5_APREQ_new;
++ EC_GROUP_get_curve_GFp;
++ KRB5_ENCKEY_new;
++ ASN1_template_d2i;
++ _ossl_old_des_quad_cksum;
++ OCSP_single_get0_status;
++ BN_swap;
++ POLICYINFO_it;
++ ENGINE_set_destroy_function;
++ asn1_enc_free;
++ OCSP_RESPID_it;
++ EC_GROUP_new;
++ EVP_aes_256_cbc;
++ i2d_KRB5_PRINCNAME;
++ _ossl_old_des_encrypt2;
++ _ossl_old_des_encrypt3;
++ PKCS8_PRIV_KEY_INFO_it;
++ OCSP_REQINFO_it;
++ PBEPARAM_it;
++ KRB5_AUTHENTBODY_new;
++ X509_CRL_add0_revoked;
++ EDIPARTYNAME_it;
++ NETSCAPE_SPKI_it;
++ UI_get0_test_string;
++ ENGINE_get_cipher_engine;
++ ENGINE_register_all_ciphers;
++ EC_POINT_copy;
++ BN_kronecker;
++ _ossl_old_des_ede3_ofb64_encrypt;
++ _ossl_odes_ede3_ofb64_encrypt;
++ UI_method_get_reader;
++ OCSP_BASICRESP_get_ext_count;
++ ASN1_ENUMERATED_it;
++ UI_set_result;
++ i2d_KRB5_TICKET;
++ X509_print_ex_fp;
++ EVP_CIPHER_CTX_set_padding;
++ d2i_OCSP_RESPONSE;
++ ASN1_UTCTIME_it;
++ _ossl_old_des_enc_write;
++ OCSP_RESPONSE_new;
++ AES_set_encrypt_key;
++ OCSP_resp_count;
++ KRB5_CHECKSUM_new;
++ ENGINE_load_cswift;
++ OCSP_onereq_get0_id;
++ ENGINE_set_default_ciphers;
++ NOTICEREF_it;
++ X509V3_EXT_CRL_add_nconf;
++ OCSP_REVOKEDINFO_it;
++ AES_encrypt;
++ OCSP_REQUEST_new;
++ ASN1_ANY_it;
++ CRYPTO_ex_data_new_class;
++ _ossl_old_des_ncbc_encrypt;
++ i2d_KRB5_TKTBODY;
++ EC_POINT_clear_free;
++ AES_decrypt;
++ asn1_enc_init;
++ UI_get_result_maxsize;
++ OCSP_CERTID_new;
++ ENGINE_unregister_RAND;
++ UI_method_get_closer;
++ d2i_KRB5_ENCDATA;
++ OCSP_request_onereq_count;
++ OCSP_basic_verify;
++ KRB5_AUTHENTBODY_free;
++ ASN1_item_d2i;
++ ASN1_primitive_free;
++ i2d_EXTENDED_KEY_USAGE;
++ i2d_OCSP_SIGNATURE;
++ asn1_enc_save;
++ ENGINE_load_nuron;
++ _ossl_old_des_pcbc_encrypt;
++ PKCS12_MAC_DATA_it;
++ OCSP_accept_responses_new;
++ asn1_do_lock;
++ PKCS7_ATTR_VERIFY_it;
++ KRB5_APREQBODY_it;
++ i2d_OCSP_SINGLERESP;
++ ASN1_item_ex_new;
++ UI_add_verify_string;
++ _ossl_old_des_set_key;
++ KRB5_PRINCNAME_it;
++ EVP_DecryptInit_ex;
++ i2d_OCSP_CERTID;
++ ASN1_item_d2i_bio;
++ EC_POINT_dbl;
++ asn1_get_choice_selector;
++ i2d_KRB5_CHECKSUM;
++ ENGINE_set_table_flags;
++ AES_options;
++ ENGINE_load_chil;
++ OCSP_id_cmp;
++ OCSP_BASICRESP_new;
++ OCSP_REQUEST_get_ext_by_NID;
++ KRB5_APREQ_it;
++ ENGINE_get_destroy_function;
++ CONF_set_nconf;
++ ASN1_PRINTABLE_free;
++ OCSP_BASICRESP_get_ext_by_NID;
++ DIST_POINT_NAME_it;
++ X509V3_extensions_print;
++ _ossl_old_des_cfb64_encrypt;
++ X509_REVOKED_add1_ext_i2d;
++ _ossl_old_des_ofb_encrypt;
++ KRB5_TKTBODY_new;
++ ASN1_OCTET_STRING_it;
++ ERR_load_UI_strings;
++ i2d_KRB5_ENCKEY;
++ ASN1_template_new;
++ OCSP_SIGNATURE_free;
++ ASN1_item_i2d_fp;
++ KRB5_PRINCNAME_free;
++ PKCS7_RECIP_INFO_it;
++ EXTENDED_KEY_USAGE_it;
++ EC_GFp_simple_method;
++ EC_GROUP_precompute_mult;
++ OCSP_request_onereq_get0;
++ UI_method_set_writer;
++ KRB5_AUTHENT_new;
++ X509_CRL_INFO_it;
++ DSO_set_name_converter;
++ AES_set_decrypt_key;
++ PKCS7_DIGEST_it;
++ PKCS12_x5092certbag;
++ EVP_DigestInit_ex;
++ i2a_ACCESS_DESCRIPTION;
++ OCSP_RESPONSE_it;
++ PKCS7_ENC_CONTENT_it;
++ OCSP_request_add0_id;
++ EC_POINT_make_affine;
++ DSO_get_filename;
++ OCSP_CERTSTATUS_it;
++ OCSP_request_add1_cert;
++ UI_get0_output_string;
++ UI_dup_verify_string;
++ BN_mod_lshift;
++ KRB5_AUTHDATA_it;
++ asn1_set_choice_selector;
++ OCSP_basic_add1_status;
++ OCSP_RESPID_free;
++ asn1_get_field_ptr;
++ UI_add_input_string;
++ OCSP_CRLID_it;
++ i2d_KRB5_AUTHENTBODY;
++ OCSP_REQUEST_get_ext_count;
++ ENGINE_load_atalla;
++ X509_NAME_it;
++ USERNOTICE_it;
++ OCSP_REQINFO_new;
++ OCSP_BASICRESP_get_ext;
++ CRYPTO_get_ex_data_implementation;
++ CRYPTO_get_ex_data_impl;
++ ASN1_item_pack;
++ i2d_KRB5_ENCDATA;
++ X509_PURPOSE_set;
++ X509_REQ_INFO_it;
++ UI_method_set_opener;
++ ASN1_item_ex_free;
++ ASN1_BOOLEAN_it;
++ ENGINE_get_table_flags;
++ UI_create_method;
++ OCSP_ONEREQ_add1_ext_i2d;
++ _shadow_DES_check_key;
++ d2i_OCSP_REQINFO;
++ UI_add_info_string;
++ UI_get_result_minsize;
++ ASN1_NULL_it;
++ BN_mod_lshift1;
++ d2i_OCSP_ONEREQ;
++ OCSP_ONEREQ_new;
++ KRB5_TICKET_it;
++ EVP_aes_192_cbc;
++ KRB5_TICKET_free;
++ UI_new;
++ OCSP_response_create;
++ _ossl_old_des_xcbc_encrypt;
++ PKCS7_it;
++ OCSP_REQUEST_get_ext_by_critical;
++ OCSP_REQUEST_get_ext_by_crit;
++ ENGINE_set_flags;
++ _ossl_old_des_ecb_encrypt;
++ OCSP_response_get1_basic;
++ EVP_Digest;
++ OCSP_ONEREQ_delete_ext;
++ ASN1_TBOOLEAN_it;
++ ASN1_item_new;
++ ASN1_TIME_to_generalizedtime;
++ BIGNUM_it;
++ AES_cbc_encrypt;
++ ENGINE_get_load_privkey_function;
++ ENGINE_get_load_privkey_fn;
++ OCSP_RESPONSE_free;
++ UI_method_set_reader;
++ i2d_ASN1_T61STRING;
++ EC_POINT_set_to_infinity;
++ ERR_load_OCSP_strings;
++ EC_POINT_point2oct;
++ KRB5_APREQ_free;
++ ASN1_OBJECT_it;
++ OCSP_crlID_new;
++ OCSP_crlID2_new;
++ CONF_modules_load_file;
++ CONF_imodule_set_usr_data;
++ ENGINE_set_default_string;
++ CONF_module_get_usr_data;
++ ASN1_add_oid_module;
++ CONF_modules_finish;
++ OPENSSL_config;
++ CONF_modules_unload;
++ CONF_imodule_get_value;
++ CONF_module_set_usr_data;
++ CONF_parse_list;
++ CONF_module_add;
++ CONF_get1_default_config_file;
++ CONF_imodule_get_flags;
++ CONF_imodule_get_module;
++ CONF_modules_load;
++ CONF_imodule_get_name;
++ ERR_peek_top_error;
++ CONF_imodule_get_usr_data;
++ CONF_imodule_set_flags;
++ ENGINE_add_conf_module;
++ ERR_peek_last_error_line;
++ ERR_peek_last_error_line_data;
++ ERR_peek_last_error;
++ DES_read_2passwords;
++ DES_read_password;
++ UI_UTIL_read_pw;
++ UI_UTIL_read_pw_string;
++ ENGINE_load_aep;
++ ENGINE_load_sureware;
++ OPENSSL_add_all_algorithms_noconf;
++ OPENSSL_add_all_algo_noconf;
++ OPENSSL_add_all_algorithms_conf;
++ OPENSSL_add_all_algo_conf;
++ OPENSSL_load_builtin_modules;
++ AES_ofb128_encrypt;
++ AES_ctr128_encrypt;
++ AES_cfb128_encrypt;
++ ENGINE_load_4758cca;
++ _ossl_096_des_random_seed;
++ EVP_aes_256_ofb;
++ EVP_aes_192_ofb;
++ EVP_aes_128_cfb128;
++ EVP_aes_256_cfb128;
++ EVP_aes_128_ofb;
++ EVP_aes_192_cfb128;
++ CONF_modules_free;
++ NCONF_default;
++ OPENSSL_no_config;
++ NCONF_WIN32;
++ ASN1_UNIVERSALSTRING_new;
++ EVP_des_ede_ecb;
++ i2d_ASN1_UNIVERSALSTRING;
++ ASN1_UNIVERSALSTRING_free;
++ ASN1_UNIVERSALSTRING_it;
++ d2i_ASN1_UNIVERSALSTRING;
++ EVP_des_ede3_ecb;
++ X509_REQ_print_ex;
++ ENGINE_up_ref;
++ BUF_MEM_grow_clean;
++ CRYPTO_realloc_clean;
++ BUF_strlcat;
++ BIO_indent;
++ BUF_strlcpy;
++ OpenSSLDie;
++ OPENSSL_cleanse;
++ ENGINE_setup_bsd_cryptodev;
++ ERR_release_err_state_table;
++ EVP_aes_128_cfb8;
++ FIPS_corrupt_rsa;
++ FIPS_selftest_des;
++ EVP_aes_128_cfb1;
++ EVP_aes_192_cfb8;
++ FIPS_mode_set;
++ FIPS_selftest_dsa;
++ EVP_aes_256_cfb8;
++ FIPS_allow_md5;
++ DES_ede3_cfb_encrypt;
++ EVP_des_ede3_cfb8;
++ FIPS_rand_seeded;
++ AES_cfbr_encrypt_block;
++ AES_cfb8_encrypt;
++ FIPS_rand_seed;
++ FIPS_corrupt_des;
++ EVP_aes_192_cfb1;
++ FIPS_selftest_aes;
++ FIPS_set_prng_key;
++ EVP_des_cfb8;
++ FIPS_corrupt_dsa;
++ FIPS_test_mode;
++ FIPS_rand_method;
++ EVP_aes_256_cfb1;
++ ERR_load_FIPS_strings;
++ FIPS_corrupt_aes;
++ FIPS_selftest_sha1;
++ FIPS_selftest_rsa;
++ FIPS_corrupt_sha1;
++ EVP_des_cfb1;
++ FIPS_dsa_check;
++ AES_cfb1_encrypt;
++ EVP_des_ede3_cfb1;
++ FIPS_rand_check;
++ FIPS_md5_allowed;
++ FIPS_mode;
++ FIPS_selftest_failed;
++ sk_is_sorted;
++ X509_check_ca;
++ HMAC_CTX_set_flags;
++ d2i_PROXY_CERT_INFO_EXTENSION;
++ PROXY_POLICY_it;
++ i2d_PROXY_POLICY;
++ i2d_PROXY_CERT_INFO_EXTENSION;
++ d2i_PROXY_POLICY;
++ PROXY_CERT_INFO_EXTENSION_new;
++ PROXY_CERT_INFO_EXTENSION_free;
++ PROXY_CERT_INFO_EXTENSION_it;
++ PROXY_POLICY_free;
++ PROXY_POLICY_new;
++ BN_MONT_CTX_set_locked;
++ FIPS_selftest_rng;
++ EVP_sha384;
++ EVP_sha512;
++ EVP_sha224;
++ EVP_sha256;
++ FIPS_selftest_hmac;
++ FIPS_corrupt_rng;
++ BN_mod_exp_mont_consttime;
++ RSA_X931_hash_id;
++ RSA_padding_check_X931;
++ RSA_verify_PKCS1_PSS;
++ RSA_padding_add_X931;
++ RSA_padding_add_PKCS1_PSS;
++ PKCS1_MGF1;
++ BN_X931_generate_Xpq;
++ RSA_X931_generate_key;
++ BN_X931_derive_prime;
++ BN_X931_generate_prime;
++ RSA_X931_derive;
++ BIO_new_dgram;
++ BN_get0_nist_prime_384;
++ ERR_set_mark;
++ X509_STORE_CTX_set0_crls;
++ ENGINE_set_STORE;
++ ENGINE_register_ECDSA;
++ STORE_meth_set_list_start_fn;
++ STORE_method_set_list_start_function;
++ BN_BLINDING_invert_ex;
++ NAME_CONSTRAINTS_free;
++ STORE_ATTR_INFO_set_number;
++ BN_BLINDING_get_thread_id;
++ X509_STORE_CTX_set0_param;
++ POLICY_MAPPING_it;
++ STORE_parse_attrs_start;
++ POLICY_CONSTRAINTS_free;
++ EVP_PKEY_add1_attr_by_NID;
++ BN_nist_mod_192;
++ EC_GROUP_get_trinomial_basis;
++ STORE_set_method;
++ GENERAL_SUBTREE_free;
++ NAME_CONSTRAINTS_it;
++ ECDH_get_default_method;
++ PKCS12_add_safe;
++ EC_KEY_new_by_curve_name;
++ STORE_meth_get_update_store_fn;
++ STORE_method_get_update_store_function;
++ ENGINE_register_ECDH;
++ SHA512_Update;
++ i2d_ECPrivateKey;
++ BN_get0_nist_prime_192;
++ STORE_modify_certificate;
++ EC_POINT_set_affine_coordinates_GF2m;
++ EC_POINT_set_affine_coords_GF2m;
++ BN_GF2m_mod_exp_arr;
++ STORE_ATTR_INFO_modify_number;
++ X509_keyid_get0;
++ ENGINE_load_gmp;
++ pitem_new;
++ BN_GF2m_mod_mul_arr;
++ STORE_list_public_key_endp;
++ o2i_ECPublicKey;
++ EC_KEY_copy;
++ BIO_dump_fp;
++ X509_policy_node_get0_parent;
++ EC_GROUP_check_discriminant;
++ i2o_ECPublicKey;
++ EC_KEY_precompute_mult;
++ a2i_IPADDRESS;
++ STORE_meth_set_initialise_fn;
++ STORE_method_set_initialise_function;
++ X509_STORE_CTX_set_depth;
++ X509_VERIFY_PARAM_inherit;
++ EC_POINT_point2bn;
++ STORE_ATTR_INFO_set_dn;
++ X509_policy_tree_get0_policies;
++ EC_GROUP_new_curve_GF2m;
++ STORE_destroy_method;
++ ENGINE_unregister_STORE;
++ EVP_PKEY_get1_EC_KEY;
++ STORE_ATTR_INFO_get0_number;
++ ENGINE_get_default_ECDH;
++ EC_KEY_get_conv_form;
++ ASN1_OCTET_STRING_NDEF_it;
++ STORE_delete_public_key;
++ STORE_get_public_key;
++ STORE_modify_arbitrary;
++ ENGINE_get_static_state;
++ pqueue_iterator;
++ ECDSA_SIG_new;
++ OPENSSL_DIR_end;
++ BN_GF2m_mod_sqr;
++ EC_POINT_bn2point;
++ X509_VERIFY_PARAM_set_depth;
++ EC_KEY_set_asn1_flag;
++ STORE_get_method;
++ EC_KEY_get_key_method_data;
++ ECDSA_sign_ex;
++ STORE_parse_attrs_end;
++ EC_GROUP_get_point_conversion_form;
++ EC_GROUP_get_point_conv_form;
++ STORE_method_set_store_function;
++ STORE_ATTR_INFO_in;
++ PEM_read_bio_ECPKParameters;
++ EC_GROUP_get_pentanomial_basis;
++ EVP_PKEY_add1_attr_by_txt;
++ BN_BLINDING_set_flags;
++ X509_VERIFY_PARAM_set1_policies;
++ X509_VERIFY_PARAM_set1_name;
++ X509_VERIFY_PARAM_set_purpose;
++ STORE_get_number;
++ ECDSA_sign_setup;
++ BN_GF2m_mod_solve_quad_arr;
++ EC_KEY_up_ref;
++ POLICY_MAPPING_free;
++ BN_GF2m_mod_div;
++ X509_VERIFY_PARAM_set_flags;
++ EC_KEY_free;
++ STORE_meth_set_list_next_fn;
++ STORE_method_set_list_next_function;
++ PEM_write_bio_ECPrivateKey;
++ d2i_EC_PUBKEY;
++ STORE_meth_get_generate_fn;
++ STORE_method_get_generate_function;
++ STORE_meth_set_list_end_fn;
++ STORE_method_set_list_end_function;
++ pqueue_print;
++ EC_GROUP_have_precompute_mult;
++ EC_KEY_print_fp;
++ BN_GF2m_mod_arr;
++ PEM_write_bio_X509_CERT_PAIR;
++ EVP_PKEY_cmp;
++ X509_policy_level_node_count;
++ STORE_new_engine;
++ STORE_list_public_key_start;
++ X509_VERIFY_PARAM_new;
++ ECDH_get_ex_data;
++ EVP_PKEY_get_attr;
++ ECDSA_do_sign;
++ ENGINE_unregister_ECDH;
++ ECDH_OpenSSL;
++ EC_KEY_set_conv_form;
++ EC_POINT_dup;
++ GENERAL_SUBTREE_new;
++ STORE_list_crl_endp;
++ EC_get_builtin_curves;
++ X509_policy_node_get0_qualifiers;
++ X509_pcy_node_get0_qualifiers;
++ STORE_list_crl_end;
++ EVP_PKEY_set1_EC_KEY;
++ BN_GF2m_mod_sqrt_arr;
++ i2d_ECPrivateKey_bio;
++ ECPKParameters_print_fp;
++ pqueue_find;
++ ECDSA_SIG_free;
++ PEM_write_bio_ECPKParameters;
++ STORE_method_set_ctrl_function;
++ STORE_list_public_key_end;
++ EC_KEY_set_private_key;
++ pqueue_peek;
++ STORE_get_arbitrary;
++ STORE_store_crl;
++ X509_policy_node_get0_policy;
++ PKCS12_add_safes;
++ BN_BLINDING_convert_ex;
++ X509_policy_tree_free;
++ OPENSSL_ia32cap_loc;
++ BN_GF2m_poly2arr;
++ STORE_ctrl;
++ STORE_ATTR_INFO_compare;
++ BN_get0_nist_prime_224;
++ i2d_ECParameters;
++ i2d_ECPKParameters;
++ BN_GENCB_call;
++ d2i_ECPKParameters;
++ STORE_meth_set_generate_fn;
++ STORE_method_set_generate_function;
++ ENGINE_set_ECDH;
++ NAME_CONSTRAINTS_new;
++ SHA256_Init;
++ EC_KEY_get0_public_key;
++ PEM_write_bio_EC_PUBKEY;
++ STORE_ATTR_INFO_set_cstr;
++ STORE_list_crl_next;
++ STORE_ATTR_INFO_in_range;
++ ECParameters_print;
++ STORE_meth_set_delete_fn;
++ STORE_method_set_delete_function;
++ STORE_list_certificate_next;
++ ASN1_generate_nconf;
++ BUF_memdup;
++ BN_GF2m_mod_mul;
++ STORE_meth_get_list_next_fn;
++ STORE_method_get_list_next_function;
++ STORE_ATTR_INFO_get0_dn;
++ STORE_list_private_key_next;
++ EC_GROUP_set_seed;
++ X509_VERIFY_PARAM_set_trust;
++ STORE_ATTR_INFO_free;
++ STORE_get_private_key;
++ EVP_PKEY_get_attr_count;
++ STORE_ATTR_INFO_new;
++ EC_GROUP_get_curve_GF2m;
++ STORE_meth_set_revoke_fn;
++ STORE_method_set_revoke_function;
++ STORE_store_number;
++ BN_is_prime_ex;
++ STORE_revoke_public_key;
++ X509_STORE_CTX_get0_param;
++ STORE_delete_arbitrary;
++ PEM_read_X509_CERT_PAIR;
++ X509_STORE_set_depth;
++ ECDSA_get_ex_data;
++ SHA224;
++ BIO_dump_indent_fp;
++ EC_KEY_set_group;
++ BUF_strndup;
++ STORE_list_certificate_start;
++ BN_GF2m_mod;
++ X509_REQ_check_private_key;
++ EC_GROUP_get_seed_len;
++ ERR_load_STORE_strings;
++ PEM_read_bio_EC_PUBKEY;
++ STORE_list_private_key_end;
++ i2d_EC_PUBKEY;
++ ECDSA_get_default_method;
++ ASN1_put_eoc;
++ X509_STORE_CTX_get_explicit_policy;
++ X509_STORE_CTX_get_expl_policy;
++ X509_VERIFY_PARAM_table_cleanup;
++ STORE_modify_private_key;
++ X509_VERIFY_PARAM_free;
++ EC_METHOD_get_field_type;
++ EC_GFp_nist_method;
++ STORE_meth_set_modify_fn;
++ STORE_method_set_modify_function;
++ STORE_parse_attrs_next;
++ ENGINE_load_padlock;
++ EC_GROUP_set_curve_name;
++ X509_CERT_PAIR_it;
++ STORE_meth_get_revoke_fn;
++ STORE_method_get_revoke_function;
++ STORE_method_set_get_function;
++ STORE_modify_number;
++ STORE_method_get_store_function;
++ STORE_store_private_key;
++ BN_GF2m_mod_sqr_arr;
++ RSA_setup_blinding;
++ BIO_s_datagram;
++ STORE_Memory;
++ sk_find_ex;
++ EC_GROUP_set_curve_GF2m;
++ ENGINE_set_default_ECDSA;
++ POLICY_CONSTRAINTS_new;
++ BN_GF2m_mod_sqrt;
++ ECDH_set_default_method;
++ EC_KEY_generate_key;
++ SHA384_Update;
++ BN_GF2m_arr2poly;
++ STORE_method_get_get_function;
++ STORE_meth_set_cleanup_fn;
++ STORE_method_set_cleanup_function;
++ EC_GROUP_check;
++ d2i_ECPrivateKey_bio;
++ EC_KEY_insert_key_method_data;
++ STORE_meth_get_lock_store_fn;
++ STORE_method_get_lock_store_function;
++ X509_VERIFY_PARAM_get_depth;
++ SHA224_Final;
++ STORE_meth_set_update_store_fn;
++ STORE_method_set_update_store_function;
++ SHA224_Update;
++ d2i_ECPrivateKey;
++ ASN1_item_ndef_i2d;
++ STORE_delete_private_key;
++ ERR_pop_to_mark;
++ ENGINE_register_all_STORE;
++ X509_policy_level_get0_node;
++ i2d_PKCS7_NDEF;
++ EC_GROUP_get_degree;
++ ASN1_generate_v3;
++ STORE_ATTR_INFO_modify_cstr;
++ X509_policy_tree_level_count;
++ BN_GF2m_add;
++ EC_KEY_get0_group;
++ STORE_generate_crl;
++ STORE_store_public_key;
++ X509_CERT_PAIR_free;
++ STORE_revoke_private_key;
++ BN_nist_mod_224;
++ SHA512_Final;
++ STORE_ATTR_INFO_modify_dn;
++ STORE_meth_get_initialise_fn;
++ STORE_method_get_initialise_function;
++ STORE_delete_number;
++ i2d_EC_PUBKEY_bio;
++ BIO_dgram_non_fatal_error;
++ EC_GROUP_get_asn1_flag;
++ STORE_ATTR_INFO_in_ex;
++ STORE_list_crl_start;
++ ECDH_get_ex_new_index;
++ STORE_meth_get_modify_fn;
++ STORE_method_get_modify_function;
++ v2i_ASN1_BIT_STRING;
++ STORE_store_certificate;
++ OBJ_bsearch_ex;
++ X509_STORE_CTX_set_default;
++ STORE_ATTR_INFO_set_sha1str;
++ BN_GF2m_mod_inv;
++ BN_GF2m_mod_exp;
++ STORE_modify_public_key;
++ STORE_meth_get_list_start_fn;
++ STORE_method_get_list_start_function;
++ EC_GROUP_get0_seed;
++ STORE_store_arbitrary;
++ STORE_meth_set_unlock_store_fn;
++ STORE_method_set_unlock_store_function;
++ BN_GF2m_mod_div_arr;
++ ENGINE_set_ECDSA;
++ STORE_create_method;
++ ECPKParameters_print;
++ EC_KEY_get0_private_key;
++ PEM_write_EC_PUBKEY;
++ X509_VERIFY_PARAM_set1;
++ ECDH_set_method;
++ v2i_GENERAL_NAME_ex;
++ ECDH_set_ex_data;
++ STORE_generate_key;
++ BN_nist_mod_521;
++ X509_policy_tree_get0_level;
++ EC_GROUP_set_point_conversion_form;
++ EC_GROUP_set_point_conv_form;
++ PEM_read_EC_PUBKEY;
++ i2d_ECDSA_SIG;
++ ECDSA_OpenSSL;
++ STORE_delete_crl;
++ EC_KEY_get_enc_flags;
++ ASN1_const_check_infinite_end;
++ EVP_PKEY_delete_attr;
++ ECDSA_set_default_method;
++ EC_POINT_set_compressed_coordinates_GF2m;
++ EC_POINT_set_compr_coords_GF2m;
++ EC_GROUP_cmp;
++ STORE_revoke_certificate;
++ BN_get0_nist_prime_256;
++ STORE_meth_get_delete_fn;
++ STORE_method_get_delete_function;
++ SHA224_Init;
++ PEM_read_ECPrivateKey;
++ SHA512_Init;
++ STORE_parse_attrs_endp;
++ BN_set_negative;
++ ERR_load_ECDSA_strings;
++ EC_GROUP_get_basis_type;
++ STORE_list_public_key_next;
++ i2v_ASN1_BIT_STRING;
++ STORE_OBJECT_free;
++ BN_nist_mod_384;
++ i2d_X509_CERT_PAIR;
++ PEM_write_ECPKParameters;
++ ECDH_compute_key;
++ STORE_ATTR_INFO_get0_sha1str;
++ ENGINE_register_all_ECDH;
++ pqueue_pop;
++ STORE_ATTR_INFO_get0_cstr;
++ POLICY_CONSTRAINTS_it;
++ STORE_get_ex_new_index;
++ EVP_PKEY_get_attr_by_OBJ;
++ X509_VERIFY_PARAM_add0_policy;
++ BN_GF2m_mod_solve_quad;
++ SHA256;
++ i2d_ECPrivateKey_fp;
++ X509_policy_tree_get0_user_policies;
++ X509_pcy_tree_get0_usr_policies;
++ OPENSSL_DIR_read;
++ ENGINE_register_all_ECDSA;
++ X509_VERIFY_PARAM_lookup;
++ EC_POINT_get_affine_coordinates_GF2m;
++ EC_POINT_get_affine_coords_GF2m;
++ EC_GROUP_dup;
++ ENGINE_get_default_ECDSA;
++ EC_KEY_new;
++ SHA256_Transform;
++ EC_KEY_set_enc_flags;
++ ECDSA_verify;
++ EC_POINT_point2hex;
++ ENGINE_get_STORE;
++ SHA512;
++ STORE_get_certificate;
++ ECDSA_do_sign_ex;
++ ECDSA_do_verify;
++ d2i_ECPrivateKey_fp;
++ STORE_delete_certificate;
++ SHA512_Transform;
++ X509_STORE_set1_param;
++ STORE_method_get_ctrl_function;
++ STORE_free;
++ PEM_write_ECPrivateKey;
++ STORE_meth_get_unlock_store_fn;
++ STORE_method_get_unlock_store_function;
++ STORE_get_ex_data;
++ EC_KEY_set_public_key;
++ PEM_read_ECPKParameters;
++ X509_CERT_PAIR_new;
++ ENGINE_register_STORE;
++ RSA_generate_key_ex;
++ DSA_generate_parameters_ex;
++ ECParameters_print_fp;
++ X509V3_NAME_from_section;
++ EVP_PKEY_add1_attr;
++ STORE_modify_crl;
++ STORE_list_private_key_start;
++ POLICY_MAPPINGS_it;
++ GENERAL_SUBTREE_it;
++ EC_GROUP_get_curve_name;
++ PEM_write_X509_CERT_PAIR;
++ BIO_dump_indent_cb;
++ d2i_X509_CERT_PAIR;
++ STORE_list_private_key_endp;
++ asn1_const_Finish;
++ i2d_EC_PUBKEY_fp;
++ BN_nist_mod_256;
++ X509_VERIFY_PARAM_add0_table;
++ pqueue_free;
++ BN_BLINDING_create_param;
++ ECDSA_size;
++ d2i_EC_PUBKEY_bio;
++ BN_get0_nist_prime_521;
++ STORE_ATTR_INFO_modify_sha1str;
++ BN_generate_prime_ex;
++ EC_GROUP_new_by_curve_name;
++ SHA256_Final;
++ DH_generate_parameters_ex;
++ PEM_read_bio_ECPrivateKey;
++ STORE_meth_get_cleanup_fn;
++ STORE_method_get_cleanup_function;
++ ENGINE_get_ECDH;
++ d2i_ECDSA_SIG;
++ BN_is_prime_fasttest_ex;
++ ECDSA_sign;
++ X509_policy_check;
++ EVP_PKEY_get_attr_by_NID;
++ STORE_set_ex_data;
++ ENGINE_get_ECDSA;
++ EVP_ecdsa;
++ BN_BLINDING_get_flags;
++ PKCS12_add_cert;
++ STORE_OBJECT_new;
++ ERR_load_ECDH_strings;
++ EC_KEY_dup;
++ EVP_CIPHER_CTX_rand_key;
++ ECDSA_set_method;
++ a2i_IPADDRESS_NC;
++ d2i_ECParameters;
++ STORE_list_certificate_end;
++ STORE_get_crl;
++ X509_POLICY_NODE_print;
++ SHA384_Init;
++ EC_GF2m_simple_method;
++ ECDSA_set_ex_data;
++ SHA384_Final;
++ PKCS7_set_digest;
++ EC_KEY_print;
++ STORE_meth_set_lock_store_fn;
++ STORE_method_set_lock_store_function;
++ ECDSA_get_ex_new_index;
++ SHA384;
++ POLICY_MAPPING_new;
++ STORE_list_certificate_endp;
++ X509_STORE_CTX_get0_policy_tree;
++ EC_GROUP_set_asn1_flag;
++ EC_KEY_check_key;
++ d2i_EC_PUBKEY_fp;
++ PKCS7_set0_type_other;
++ PEM_read_bio_X509_CERT_PAIR;
++ pqueue_next;
++ STORE_meth_get_list_end_fn;
++ STORE_method_get_list_end_function;
++ EVP_PKEY_add1_attr_by_OBJ;
++ X509_VERIFY_PARAM_set_time;
++ pqueue_new;
++ ENGINE_set_default_ECDH;
++ STORE_new_method;
++ PKCS12_add_key;
++ DSO_merge;
++ EC_POINT_hex2point;
++ BIO_dump_cb;
++ SHA256_Update;
++ pqueue_insert;
++ pitem_free;
++ BN_GF2m_mod_inv_arr;
++ ENGINE_unregister_ECDSA;
++ BN_BLINDING_set_thread_id;
++ get_rfc3526_prime_8192;
++ X509_VERIFY_PARAM_clear_flags;
++ get_rfc2409_prime_1024;
++ DH_check_pub_key;
++ get_rfc3526_prime_2048;
++ get_rfc3526_prime_6144;
++ get_rfc3526_prime_1536;
++ get_rfc3526_prime_3072;
++ get_rfc3526_prime_4096;
++ get_rfc2409_prime_768;
++ X509_VERIFY_PARAM_get_flags;
++ EVP_CIPHER_CTX_new;
++ EVP_CIPHER_CTX_free;
++ Camellia_cbc_encrypt;
++ Camellia_cfb128_encrypt;
++ Camellia_cfb1_encrypt;
++ Camellia_cfb8_encrypt;
++ Camellia_ctr128_encrypt;
++ Camellia_cfbr_encrypt_block;
++ Camellia_decrypt;
++ Camellia_ecb_encrypt;
++ Camellia_encrypt;
++ Camellia_ofb128_encrypt;
++ Camellia_set_key;
++ EVP_camellia_128_cbc;
++ EVP_camellia_128_cfb128;
++ EVP_camellia_128_cfb1;
++ EVP_camellia_128_cfb8;
++ EVP_camellia_128_ecb;
++ EVP_camellia_128_ofb;
++ EVP_camellia_192_cbc;
++ EVP_camellia_192_cfb128;
++ EVP_camellia_192_cfb1;
++ EVP_camellia_192_cfb8;
++ EVP_camellia_192_ecb;
++ EVP_camellia_192_ofb;
++ EVP_camellia_256_cbc;
++ EVP_camellia_256_cfb128;
++ EVP_camellia_256_cfb1;
++ EVP_camellia_256_cfb8;
++ EVP_camellia_256_ecb;
++ EVP_camellia_256_ofb;
++ a2i_ipadd;
++ ASIdentifiers_free;
++ i2d_ASIdOrRange;
++ EVP_CIPHER_block_size;
++ v3_asid_is_canonical;
++ IPAddressChoice_free;
++ EVP_CIPHER_CTX_set_app_data;
++ BIO_set_callback_arg;
++ v3_addr_add_prefix;
++ IPAddressOrRange_it;
++ BIO_set_flags;
++ ASIdentifiers_it;
++ v3_addr_get_range;
++ BIO_method_type;
++ v3_addr_inherits;
++ IPAddressChoice_it;
++ AES_ige_encrypt;
++ v3_addr_add_range;
++ EVP_CIPHER_CTX_nid;
++ d2i_ASRange;
++ v3_addr_add_inherit;
++ v3_asid_add_id_or_range;
++ v3_addr_validate_resource_set;
++ EVP_CIPHER_iv_length;
++ EVP_MD_type;
++ v3_asid_canonize;
++ IPAddressRange_free;
++ v3_asid_add_inherit;
++ EVP_CIPHER_CTX_key_length;
++ IPAddressRange_new;
++ ASIdOrRange_new;
++ EVP_MD_size;
++ EVP_MD_CTX_test_flags;
++ BIO_clear_flags;
++ i2d_ASRange;
++ IPAddressRange_it;
++ IPAddressChoice_new;
++ ASIdentifierChoice_new;
++ ASRange_free;
++ EVP_MD_pkey_type;
++ EVP_MD_CTX_clear_flags;
++ IPAddressFamily_free;
++ i2d_IPAddressFamily;
++ IPAddressOrRange_new;
++ EVP_CIPHER_flags;
++ v3_asid_validate_resource_set;
++ d2i_IPAddressRange;
++ AES_bi_ige_encrypt;
++ BIO_get_callback;
++ IPAddressOrRange_free;
++ v3_addr_subset;
++ d2i_IPAddressFamily;
++ v3_asid_subset;
++ BIO_test_flags;
++ i2d_ASIdentifierChoice;
++ ASRange_it;
++ d2i_ASIdentifiers;
++ ASRange_new;
++ d2i_IPAddressChoice;
++ v3_addr_get_afi;
++ EVP_CIPHER_key_length;
++ EVP_Cipher;
++ i2d_IPAddressOrRange;
++ ASIdOrRange_it;
++ EVP_CIPHER_nid;
++ i2d_IPAddressChoice;
++ EVP_CIPHER_CTX_block_size;
++ ASIdentifiers_new;
++ v3_addr_validate_path;
++ IPAddressFamily_new;
++ EVP_MD_CTX_set_flags;
++ v3_addr_is_canonical;
++ i2d_IPAddressRange;
++ IPAddressFamily_it;
++ v3_asid_inherits;
++ EVP_CIPHER_CTX_cipher;
++ EVP_CIPHER_CTX_get_app_data;
++ EVP_MD_block_size;
++ EVP_CIPHER_CTX_flags;
++ v3_asid_validate_path;
++ d2i_IPAddressOrRange;
++ v3_addr_canonize;
++ ASIdentifierChoice_it;
++ EVP_MD_CTX_md;
++ d2i_ASIdentifierChoice;
++ BIO_method_name;
++ EVP_CIPHER_CTX_iv_length;
++ ASIdOrRange_free;
++ ASIdentifierChoice_free;
++ BIO_get_callback_arg;
++ BIO_set_callback;
++ d2i_ASIdOrRange;
++ i2d_ASIdentifiers;
++ SEED_decrypt;
++ SEED_encrypt;
++ SEED_cbc_encrypt;
++ EVP_seed_ofb;
++ SEED_cfb128_encrypt;
++ SEED_ofb128_encrypt;
++ EVP_seed_cbc;
++ SEED_ecb_encrypt;
++ EVP_seed_ecb;
++ SEED_set_key;
++ EVP_seed_cfb128;
++ X509_EXTENSIONS_it;
++ X509_get1_ocsp;
++ OCSP_REQ_CTX_free;
++ i2d_X509_EXTENSIONS;
++ OCSP_sendreq_nbio;
++ OCSP_sendreq_new;
++ d2i_X509_EXTENSIONS;
++ X509_ALGORS_it;
++ X509_ALGOR_get0;
++ X509_ALGOR_set0;
++ AES_unwrap_key;
++ AES_wrap_key;
++ X509at_get0_data_by_OBJ;
++ ASN1_TYPE_set1;
++ ASN1_STRING_set0;
++ i2d_X509_ALGORS;
++ BIO_f_zlib;
++ COMP_zlib_cleanup;
++ d2i_X509_ALGORS;
++ CMS_ReceiptRequest_free;
++ PEM_write_CMS;
++ CMS_add0_CertificateChoices;
++ CMS_unsigned_add1_attr_by_OBJ;
++ ERR_load_CMS_strings;
++ CMS_sign_receipt;
++ i2d_CMS_ContentInfo;
++ CMS_signed_delete_attr;
++ d2i_CMS_bio;
++ CMS_unsigned_get_attr_by_NID;
++ CMS_verify;
++ SMIME_read_CMS;
++ CMS_decrypt_set1_key;
++ CMS_SignerInfo_get0_algs;
++ CMS_add1_cert;
++ CMS_set_detached;
++ CMS_encrypt;
++ CMS_EnvelopedData_create;
++ CMS_uncompress;
++ CMS_add0_crl;
++ CMS_SignerInfo_verify_content;
++ CMS_unsigned_get0_data_by_OBJ;
++ PEM_write_bio_CMS;
++ CMS_unsigned_get_attr;
++ CMS_RecipientInfo_ktri_cert_cmp;
++ CMS_RecipientInfo_ktri_get0_algs;
++ CMS_RecipInfo_ktri_get0_algs;
++ CMS_ContentInfo_free;
++ CMS_final;
++ CMS_add_simple_smimecap;
++ CMS_SignerInfo_verify;
++ CMS_data;
++ CMS_ContentInfo_it;
++ d2i_CMS_ReceiptRequest;
++ CMS_compress;
++ CMS_digest_create;
++ CMS_SignerInfo_cert_cmp;
++ CMS_SignerInfo_sign;
++ CMS_data_create;
++ i2d_CMS_bio;
++ CMS_EncryptedData_set1_key;
++ CMS_decrypt;
++ int_smime_write_ASN1;
++ CMS_unsigned_delete_attr;
++ CMS_unsigned_get_attr_count;
++ CMS_add_smimecap;
++ PEM_read_CMS;
++ CMS_signed_get_attr_by_OBJ;
++ d2i_CMS_ContentInfo;
++ CMS_add_standard_smimecap;
++ CMS_ContentInfo_new;
++ CMS_RecipientInfo_type;
++ CMS_get0_type;
++ CMS_is_detached;
++ CMS_sign;
++ CMS_signed_add1_attr;
++ CMS_unsigned_get_attr_by_OBJ;
++ SMIME_write_CMS;
++ CMS_EncryptedData_decrypt;
++ CMS_get0_RecipientInfos;
++ CMS_add0_RevocationInfoChoice;
++ CMS_decrypt_set1_pkey;
++ CMS_SignerInfo_set1_signer_cert;
++ CMS_get0_signers;
++ CMS_ReceiptRequest_get0_values;
++ CMS_signed_get0_data_by_OBJ;
++ CMS_get0_SignerInfos;
++ CMS_add0_cert;
++ CMS_EncryptedData_encrypt;
++ CMS_digest_verify;
++ CMS_set1_signers_certs;
++ CMS_signed_get_attr;
++ CMS_RecipientInfo_set0_key;
++ CMS_SignedData_init;
++ CMS_RecipientInfo_kekri_get0_id;
++ CMS_verify_receipt;
++ CMS_ReceiptRequest_it;
++ PEM_read_bio_CMS;
++ CMS_get1_crls;
++ CMS_add0_recipient_key;
++ SMIME_read_ASN1;
++ CMS_ReceiptRequest_new;
++ CMS_get0_content;
++ CMS_get1_ReceiptRequest;
++ CMS_signed_add1_attr_by_OBJ;
++ CMS_RecipientInfo_kekri_id_cmp;
++ CMS_add1_ReceiptRequest;
++ CMS_SignerInfo_get0_signer_id;
++ CMS_unsigned_add1_attr_by_NID;
++ CMS_unsigned_add1_attr;
++ CMS_signed_get_attr_by_NID;
++ CMS_get1_certs;
++ CMS_signed_add1_attr_by_NID;
++ CMS_unsigned_add1_attr_by_txt;
++ CMS_dataFinal;
++ CMS_RecipientInfo_ktri_get0_signer_id;
++ CMS_RecipInfo_ktri_get0_sigr_id;
++ i2d_CMS_ReceiptRequest;
++ CMS_add1_recipient_cert;
++ CMS_dataInit;
++ CMS_signed_add1_attr_by_txt;
++ CMS_RecipientInfo_decrypt;
++ CMS_signed_get_attr_count;
++ CMS_get0_eContentType;
++ CMS_set1_eContentType;
++ CMS_ReceiptRequest_create0;
++ CMS_add1_signer;
++ CMS_RecipientInfo_set0_pkey;
++ ENGINE_set_load_ssl_client_cert_function;
++ ENGINE_set_ld_ssl_clnt_cert_fn;
++ ENGINE_get_ssl_client_cert_function;
++ ENGINE_get_ssl_client_cert_fn;
++ ENGINE_load_ssl_client_cert;
++ ENGINE_load_capi;
++ OPENSSL_isservice;
++ FIPS_dsa_sig_decode;
++ EVP_CIPHER_CTX_clear_flags;
++ FIPS_rand_status;
++ FIPS_rand_set_key;
++ CRYPTO_set_mem_info_functions;
++ RSA_X931_generate_key_ex;
++ int_ERR_set_state_func;
++ int_EVP_MD_set_engine_callbacks;
++ int_CRYPTO_set_do_dynlock_callback;
++ FIPS_rng_stick;
++ EVP_CIPHER_CTX_set_flags;
++ BN_X931_generate_prime_ex;
++ FIPS_selftest_check;
++ FIPS_rand_set_dt;
++ CRYPTO_dbg_pop_info;
++ FIPS_dsa_free;
++ RSA_X931_derive_ex;
++ FIPS_rsa_new;
++ FIPS_rand_bytes;
++ fips_cipher_test;
++ EVP_CIPHER_CTX_test_flags;
++ CRYPTO_malloc_debug_init;
++ CRYPTO_dbg_push_info;
++ FIPS_corrupt_rsa_keygen;
++ FIPS_dh_new;
++ FIPS_corrupt_dsa_keygen;
++ FIPS_dh_free;
++ fips_pkey_signature_test;
++ EVP_add_alg_module;
++ int_RAND_init_engine_callbacks;
++ int_EVP_CIPHER_set_engine_callbacks;
++ int_EVP_MD_init_engine_callbacks;
++ FIPS_rand_test_mode;
++ FIPS_rand_reset;
++ FIPS_dsa_new;
++ int_RAND_set_callbacks;
++ BN_X931_derive_prime_ex;
++ int_ERR_lib_init;
++ int_EVP_CIPHER_init_engine_callbacks;
++ FIPS_rsa_free;
++ FIPS_dsa_sig_encode;
++ CRYPTO_dbg_remove_all_info;
++ OPENSSL_init;
++ CRYPTO_strdup;
++ JPAKE_STEP3A_process;
++ JPAKE_STEP1_release;
++ JPAKE_get_shared_key;
++ JPAKE_STEP3B_init;
++ JPAKE_STEP1_generate;
++ JPAKE_STEP1_init;
++ JPAKE_STEP3B_process;
++ JPAKE_STEP2_generate;
++ JPAKE_CTX_new;
++ JPAKE_CTX_free;
++ JPAKE_STEP3B_release;
++ JPAKE_STEP3A_release;
++ JPAKE_STEP2_process;
++ JPAKE_STEP3B_generate;
++ JPAKE_STEP1_process;
++ JPAKE_STEP3A_generate;
++ JPAKE_STEP2_release;
++ JPAKE_STEP3A_init;
++ ERR_load_JPAKE_strings;
++ JPAKE_STEP2_init;
++ pqueue_size;
++ i2d_TS_ACCURACY;
++ i2d_TS_MSG_IMPRINT_fp;
++ i2d_TS_MSG_IMPRINT;
++ EVP_PKEY_print_public;
++ EVP_PKEY_CTX_new;
++ i2d_TS_TST_INFO;
++ EVP_PKEY_asn1_find;
++ DSO_METHOD_beos;
++ TS_CONF_load_cert;
++ TS_REQ_get_ext;
++ EVP_PKEY_sign_init;
++ ASN1_item_print;
++ TS_TST_INFO_set_nonce;
++ TS_RESP_dup;
++ ENGINE_register_pkey_meths;
++ EVP_PKEY_asn1_add0;
++ PKCS7_add0_attrib_signing_time;
++ i2d_TS_TST_INFO_fp;
++ BIO_asn1_get_prefix;
++ TS_TST_INFO_set_time;
++ EVP_PKEY_meth_set_decrypt;
++ EVP_PKEY_set_type_str;
++ EVP_PKEY_CTX_get_keygen_info;
++ TS_REQ_set_policy_id;
++ d2i_TS_RESP_fp;
++ ENGINE_get_pkey_asn1_meth_engine;
++ ENGINE_get_pkey_asn1_meth_eng;
++ WHIRLPOOL_Init;
++ TS_RESP_set_status_info;
++ EVP_PKEY_keygen;
++ EVP_DigestSignInit;
++ TS_ACCURACY_set_millis;
++ TS_REQ_dup;
++ GENERAL_NAME_dup;
++ ASN1_SEQUENCE_ANY_it;
++ WHIRLPOOL;
++ X509_STORE_get1_crls;
++ ENGINE_get_pkey_asn1_meth;
++ EVP_PKEY_asn1_new;
++ BIO_new_NDEF;
++ ENGINE_get_pkey_meth;
++ TS_MSG_IMPRINT_set_algo;
++ i2d_TS_TST_INFO_bio;
++ TS_TST_INFO_set_ordering;
++ TS_TST_INFO_get_ext_by_OBJ;
++ CRYPTO_THREADID_set_pointer;
++ TS_CONF_get_tsa_section;
++ SMIME_write_ASN1;
++ TS_RESP_CTX_set_signer_key;
++ EVP_PKEY_encrypt_old;
++ EVP_PKEY_encrypt_init;
++ CRYPTO_THREADID_cpy;
++ ASN1_PCTX_get_cert_flags;
++ i2d_ESS_SIGNING_CERT;
++ TS_CONF_load_key;
++ i2d_ASN1_SEQUENCE_ANY;
++ d2i_TS_MSG_IMPRINT_bio;
++ EVP_PKEY_asn1_set_public;
++ b2i_PublicKey_bio;
++ BIO_asn1_set_prefix;
++ EVP_PKEY_new_mac_key;
++ BIO_new_CMS;
++ CRYPTO_THREADID_cmp;
++ TS_REQ_ext_free;
++ EVP_PKEY_asn1_set_free;
++ EVP_PKEY_get0_asn1;
++ d2i_NETSCAPE_X509;
++ EVP_PKEY_verify_recover_init;
++ EVP_PKEY_CTX_set_data;
++ EVP_PKEY_keygen_init;
++ TS_RESP_CTX_set_status_info;
++ TS_MSG_IMPRINT_get_algo;
++ TS_REQ_print_bio;
++ EVP_PKEY_CTX_ctrl_str;
++ EVP_PKEY_get_default_digest_nid;
++ PEM_write_bio_PKCS7_stream;
++ TS_MSG_IMPRINT_print_bio;
++ BN_asc2bn;
++ TS_REQ_get_policy_id;
++ ENGINE_set_default_pkey_asn1_meths;
++ ENGINE_set_def_pkey_asn1_meths;
++ d2i_TS_ACCURACY;
++ DSO_global_lookup;
++ TS_CONF_set_tsa_name;
++ i2d_ASN1_SET_ANY;
++ ENGINE_load_gost;
++ WHIRLPOOL_BitUpdate;
++ ASN1_PCTX_get_flags;
++ TS_TST_INFO_get_ext_by_NID;
++ TS_RESP_new;
++ ESS_CERT_ID_dup;
++ TS_STATUS_INFO_dup;
++ TS_REQ_delete_ext;
++ EVP_DigestVerifyFinal;
++ EVP_PKEY_print_params;
++ i2d_CMS_bio_stream;
++ TS_REQ_get_msg_imprint;
++ OBJ_find_sigid_by_algs;
++ TS_TST_INFO_get_serial;
++ TS_REQ_get_nonce;
++ X509_PUBKEY_set0_param;
++ EVP_PKEY_CTX_set0_keygen_info;
++ DIST_POINT_set_dpname;
++ i2d_ISSUING_DIST_POINT;
++ ASN1_SET_ANY_it;
++ EVP_PKEY_CTX_get_data;
++ TS_STATUS_INFO_print_bio;
++ EVP_PKEY_derive_init;
++ d2i_TS_TST_INFO;
++ EVP_PKEY_asn1_add_alias;
++ d2i_TS_RESP_bio;
++ OTHERNAME_cmp;
++ GENERAL_NAME_set0_value;
++ PKCS7_RECIP_INFO_get0_alg;
++ TS_RESP_CTX_new;
++ TS_RESP_set_tst_info;
++ PKCS7_final;
++ EVP_PKEY_base_id;
++ TS_RESP_CTX_set_signer_cert;
++ TS_REQ_set_msg_imprint;
++ EVP_PKEY_CTX_ctrl;
++ TS_CONF_set_digests;
++ d2i_TS_MSG_IMPRINT;
++ EVP_PKEY_meth_set_ctrl;
++ TS_REQ_get_ext_by_NID;
++ PKCS5_pbe_set0_algor;
++ BN_BLINDING_thread_id;
++ TS_ACCURACY_new;
++ X509_CRL_METHOD_free;
++ ASN1_PCTX_get_nm_flags;
++ EVP_PKEY_meth_set_sign;
++ CRYPTO_THREADID_current;
++ EVP_PKEY_decrypt_init;
++ NETSCAPE_X509_free;
++ i2b_PVK_bio;
++ EVP_PKEY_print_private;
++ GENERAL_NAME_get0_value;
++ b2i_PVK_bio;
++ ASN1_UTCTIME_adj;
++ TS_TST_INFO_new;
++ EVP_MD_do_all_sorted;
++ TS_CONF_set_default_engine;
++ TS_ACCURACY_set_seconds;
++ TS_TST_INFO_get_time;
++ PKCS8_pkey_get0;
++ EVP_PKEY_asn1_get0;
++ OBJ_add_sigid;
++ PKCS7_SIGNER_INFO_sign;
++ EVP_PKEY_paramgen_init;
++ EVP_PKEY_sign;
++ OBJ_sigid_free;
++ EVP_PKEY_meth_set_init;
++ d2i_ESS_ISSUER_SERIAL;
++ ISSUING_DIST_POINT_new;
++ ASN1_TIME_adj;
++ TS_OBJ_print_bio;
++ EVP_PKEY_meth_set_verify_recover;
++ EVP_PKEY_meth_set_vrfy_recover;
++ TS_RESP_get_status_info;
++ CMS_stream;
++ EVP_PKEY_CTX_set_cb;
++ PKCS7_to_TS_TST_INFO;
++ ASN1_PCTX_get_oid_flags;
++ TS_TST_INFO_add_ext;
++ EVP_PKEY_meth_set_derive;
++ i2d_TS_RESP_fp;
++ i2d_TS_MSG_IMPRINT_bio;
++ TS_RESP_CTX_set_accuracy;
++ TS_REQ_set_nonce;
++ ESS_CERT_ID_new;
++ ENGINE_pkey_asn1_find_str;
++ TS_REQ_get_ext_count;
++ BUF_reverse;
++ TS_TST_INFO_print_bio;
++ d2i_ISSUING_DIST_POINT;
++ ENGINE_get_pkey_meths;
++ i2b_PrivateKey_bio;
++ i2d_TS_RESP;
++ b2i_PublicKey;
++ TS_VERIFY_CTX_cleanup;
++ TS_STATUS_INFO_free;
++ TS_RESP_verify_token;
++ OBJ_bsearch_ex_;
++ ASN1_bn_print;
++ EVP_PKEY_asn1_get_count;
++ ENGINE_register_pkey_asn1_meths;
++ ASN1_PCTX_set_nm_flags;
++ EVP_DigestVerifyInit;
++ ENGINE_set_default_pkey_meths;
++ TS_TST_INFO_get_policy_id;
++ TS_REQ_get_cert_req;
++ X509_CRL_set_meth_data;
++ PKCS8_pkey_set0;
++ ASN1_STRING_copy;
++ d2i_TS_TST_INFO_fp;
++ X509_CRL_match;
++ EVP_PKEY_asn1_set_private;
++ TS_TST_INFO_get_ext_d2i;
++ TS_RESP_CTX_add_policy;
++ d2i_TS_RESP;
++ TS_CONF_load_certs;
++ TS_TST_INFO_get_msg_imprint;
++ ERR_load_TS_strings;
++ TS_TST_INFO_get_version;
++ EVP_PKEY_CTX_dup;
++ EVP_PKEY_meth_set_verify;
++ i2b_PublicKey_bio;
++ TS_CONF_set_certs;
++ EVP_PKEY_asn1_get0_info;
++ TS_VERIFY_CTX_free;
++ TS_REQ_get_ext_by_critical;
++ TS_RESP_CTX_set_serial_cb;
++ X509_CRL_get_meth_data;
++ TS_RESP_CTX_set_time_cb;
++ TS_MSG_IMPRINT_get_msg;
++ TS_TST_INFO_ext_free;
++ TS_REQ_get_version;
++ TS_REQ_add_ext;
++ EVP_PKEY_CTX_set_app_data;
++ OBJ_bsearch_;
++ EVP_PKEY_meth_set_verifyctx;
++ i2d_PKCS7_bio_stream;
++ CRYPTO_THREADID_set_numeric;
++ PKCS7_sign_add_signer;
++ d2i_TS_TST_INFO_bio;
++ TS_TST_INFO_get_ordering;
++ TS_RESP_print_bio;
++ TS_TST_INFO_get_exts;
++ HMAC_CTX_copy;
++ PKCS5_pbe2_set_iv;
++ ENGINE_get_pkey_asn1_meths;
++ b2i_PrivateKey;
++ EVP_PKEY_CTX_get_app_data;
++ TS_REQ_set_cert_req;
++ CRYPTO_THREADID_set_callback;
++ TS_CONF_set_serial;
++ TS_TST_INFO_free;
++ d2i_TS_REQ_fp;
++ TS_RESP_verify_response;
++ i2d_ESS_ISSUER_SERIAL;
++ TS_ACCURACY_get_seconds;
++ EVP_CIPHER_do_all;
++ b2i_PrivateKey_bio;
++ OCSP_CERTID_dup;
++ X509_PUBKEY_get0_param;
++ TS_MSG_IMPRINT_dup;
++ PKCS7_print_ctx;
++ i2d_TS_REQ_bio;
++ EVP_whirlpool;
++ EVP_PKEY_asn1_set_param;
++ EVP_PKEY_meth_set_encrypt;
++ ASN1_PCTX_set_flags;
++ i2d_ESS_CERT_ID;
++ TS_VERIFY_CTX_new;
++ TS_RESP_CTX_set_extension_cb;
++ ENGINE_register_all_pkey_meths;
++ TS_RESP_CTX_set_status_info_cond;
++ TS_RESP_CTX_set_stat_info_cond;
++ EVP_PKEY_verify;
++ WHIRLPOOL_Final;
++ X509_CRL_METHOD_new;
++ EVP_DigestSignFinal;
++ TS_RESP_CTX_set_def_policy;
++ NETSCAPE_X509_it;
++ TS_RESP_create_response;
++ PKCS7_SIGNER_INFO_get0_algs;
++ TS_TST_INFO_get_nonce;
++ EVP_PKEY_decrypt_old;
++ TS_TST_INFO_set_policy_id;
++ TS_CONF_set_ess_cert_id_chain;
++ EVP_PKEY_CTX_get0_pkey;
++ d2i_TS_REQ;
++ EVP_PKEY_asn1_find_str;
++ BIO_f_asn1;
++ ESS_SIGNING_CERT_new;
++ EVP_PBE_find;
++ X509_CRL_get0_by_cert;
++ EVP_PKEY_derive;
++ i2d_TS_REQ;
++ TS_TST_INFO_delete_ext;
++ ESS_ISSUER_SERIAL_free;
++ ASN1_PCTX_set_str_flags;
++ ENGINE_get_pkey_asn1_meth_str;
++ TS_CONF_set_signer_key;
++ TS_ACCURACY_get_millis;
++ TS_RESP_get_token;
++ TS_ACCURACY_dup;
++ ENGINE_register_all_pkey_asn1_meths;
++ ENGINE_reg_all_pkey_asn1_meths;
++ X509_CRL_set_default_method;
++ CRYPTO_THREADID_hash;
++ CMS_ContentInfo_print_ctx;
++ TS_RESP_free;
++ ISSUING_DIST_POINT_free;
++ ESS_ISSUER_SERIAL_new;
++ CMS_add1_crl;
++ PKCS7_add1_attrib_digest;
++ TS_RESP_CTX_add_md;
++ TS_TST_INFO_dup;
++ ENGINE_set_pkey_asn1_meths;
++ PEM_write_bio_Parameters;
++ TS_TST_INFO_get_accuracy;
++ X509_CRL_get0_by_serial;
++ TS_TST_INFO_set_version;
++ TS_RESP_CTX_get_tst_info;
++ TS_RESP_verify_signature;
++ CRYPTO_THREADID_get_callback;
++ TS_TST_INFO_get_tsa;
++ TS_STATUS_INFO_new;
++ EVP_PKEY_CTX_get_cb;
++ TS_REQ_get_ext_d2i;
++ GENERAL_NAME_set0_othername;
++ TS_TST_INFO_get_ext_count;
++ TS_RESP_CTX_get_request;
++ i2d_NETSCAPE_X509;
++ ENGINE_get_pkey_meth_engine;
++ EVP_PKEY_meth_set_signctx;
++ EVP_PKEY_asn1_copy;
++ ASN1_TYPE_cmp;
++ EVP_CIPHER_do_all_sorted;
++ EVP_PKEY_CTX_free;
++ ISSUING_DIST_POINT_it;
++ d2i_TS_MSG_IMPRINT_fp;
++ X509_STORE_get1_certs;
++ EVP_PKEY_CTX_get_operation;
++ d2i_ESS_SIGNING_CERT;
++ TS_CONF_set_ordering;
++ EVP_PBE_alg_add_type;
++ TS_REQ_set_version;
++ EVP_PKEY_get0;
++ BIO_asn1_set_suffix;
++ i2d_TS_STATUS_INFO;
++ EVP_MD_do_all;
++ TS_TST_INFO_set_accuracy;
++ PKCS7_add_attrib_content_type;
++ ERR_remove_thread_state;
++ EVP_PKEY_meth_add0;
++ TS_TST_INFO_set_tsa;
++ EVP_PKEY_meth_new;
++ WHIRLPOOL_Update;
++ TS_CONF_set_accuracy;
++ ASN1_PCTX_set_oid_flags;
++ ESS_SIGNING_CERT_dup;
++ d2i_TS_REQ_bio;
++ X509_time_adj_ex;
++ TS_RESP_CTX_add_flags;
++ d2i_TS_STATUS_INFO;
++ TS_MSG_IMPRINT_set_msg;
++ BIO_asn1_get_suffix;
++ TS_REQ_free;
++ EVP_PKEY_meth_free;
++ TS_REQ_get_exts;
++ TS_RESP_CTX_set_clock_precision_digits;
++ TS_RESP_CTX_set_clk_prec_digits;
++ TS_RESP_CTX_add_failure_info;
++ i2d_TS_RESP_bio;
++ EVP_PKEY_CTX_get0_peerkey;
++ PEM_write_bio_CMS_stream;
++ TS_REQ_new;
++ TS_MSG_IMPRINT_new;
++ EVP_PKEY_meth_find;
++ EVP_PKEY_id;
++ TS_TST_INFO_set_serial;
++ a2i_GENERAL_NAME;
++ TS_CONF_set_crypto_device;
++ EVP_PKEY_verify_init;
++ TS_CONF_set_policies;
++ ASN1_PCTX_new;
++ ESS_CERT_ID_free;
++ ENGINE_unregister_pkey_meths;
++ TS_MSG_IMPRINT_free;
++ TS_VERIFY_CTX_init;
++ PKCS7_stream;
++ TS_RESP_CTX_set_certs;
++ TS_CONF_set_def_policy;
++ ASN1_GENERALIZEDTIME_adj;
++ NETSCAPE_X509_new;
++ TS_ACCURACY_free;
++ TS_RESP_get_tst_info;
++ EVP_PKEY_derive_set_peer;
++ PEM_read_bio_Parameters;
++ TS_CONF_set_clock_precision_digits;
++ TS_CONF_set_clk_prec_digits;
++ ESS_ISSUER_SERIAL_dup;
++ TS_ACCURACY_get_micros;
++ ASN1_PCTX_get_str_flags;
++ NAME_CONSTRAINTS_check;
++ ASN1_BIT_STRING_check;
++ X509_check_akid;
++ ENGINE_unregister_pkey_asn1_meths;
++ ENGINE_unreg_pkey_asn1_meths;
++ ASN1_PCTX_free;
++ PEM_write_bio_ASN1_stream;
++ i2d_ASN1_bio_stream;
++ TS_X509_ALGOR_print_bio;
++ EVP_PKEY_meth_set_cleanup;
++ EVP_PKEY_asn1_free;
++ ESS_SIGNING_CERT_free;
++ TS_TST_INFO_set_msg_imprint;
++ GENERAL_NAME_cmp;
++ d2i_ASN1_SET_ANY;
++ ENGINE_set_pkey_meths;
++ i2d_TS_REQ_fp;
++ d2i_ASN1_SEQUENCE_ANY;
++ GENERAL_NAME_get0_otherName;
++ d2i_ESS_CERT_ID;
++ OBJ_find_sigid_algs;
++ EVP_PKEY_meth_set_keygen;
++ PKCS5_PBKDF2_HMAC;
++ EVP_PKEY_paramgen;
++ EVP_PKEY_meth_set_paramgen;
++ BIO_new_PKCS7;
++ EVP_PKEY_verify_recover;
++ TS_ext_print_bio;
++ TS_ASN1_INTEGER_print_bio;
++ check_defer;
++ DSO_pathbyaddr;
++ EVP_PKEY_set_type;
++ TS_ACCURACY_set_micros;
++ TS_REQ_to_TS_VERIFY_CTX;
++ EVP_PKEY_meth_set_copy;
++ ASN1_PCTX_set_cert_flags;
++ TS_TST_INFO_get_ext;
++ EVP_PKEY_asn1_set_ctrl;
++ TS_TST_INFO_get_ext_by_critical;
++ EVP_PKEY_CTX_new_id;
++ TS_REQ_get_ext_by_OBJ;
++ TS_CONF_set_signer_cert;
++ X509_NAME_hash_old;
++ ASN1_TIME_set_string;
++ EVP_MD_flags;
++ TS_RESP_CTX_free;
++ DSAparams_dup;
++ DHparams_dup;
++ OCSP_REQ_CTX_add1_header;
++ OCSP_REQ_CTX_set1_req;
++ X509_STORE_set_verify_cb;
++ X509_STORE_CTX_get0_current_crl;
++ X509_STORE_CTX_get0_parent_ctx;
++ X509_STORE_CTX_get0_current_issuer;
++ X509_STORE_CTX_get0_cur_issuer;
++ X509_issuer_name_hash_old;
++ X509_subject_name_hash_old;
++ EVP_CIPHER_CTX_copy;
++ UI_method_get_prompt_constructor;
++ UI_method_get_prompt_constructr;
++ UI_method_set_prompt_constructor;
++ UI_method_set_prompt_constructr;
++ EVP_read_pw_string_min;
++ CRYPTO_cts128_encrypt;
++ CRYPTO_cts128_decrypt_block;
++ CRYPTO_cfb128_1_encrypt;
++ CRYPTO_cbc128_encrypt;
++ CRYPTO_ctr128_encrypt;
++ CRYPTO_ofb128_encrypt;
++ CRYPTO_cts128_decrypt;
++ CRYPTO_cts128_encrypt_block;
++ CRYPTO_cbc128_decrypt;
++ CRYPTO_cfb128_encrypt;
++ CRYPTO_cfb128_8_encrypt;
++ SSL_renegotiate_abbreviated;
++ TLSv1_1_method;
++ TLSv1_1_client_method;
++ TLSv1_1_server_method;
++ SSL_CTX_set_srp_client_pwd_callback;
++ SSL_CTX_set_srp_client_pwd_cb;
++ SSL_get_srp_g;
++ SSL_CTX_set_srp_username_callback;
++ SSL_CTX_set_srp_un_cb;
++ SSL_get_srp_userinfo;
++ SSL_set_srp_server_param;
++ SSL_set_srp_server_param_pw;
++ SSL_get_srp_N;
++ SSL_get_srp_username;
++ SSL_CTX_set_srp_password;
++ SSL_CTX_set_srp_strength;
++ SSL_CTX_set_srp_verify_param_callback;
++ SSL_CTX_set_srp_vfy_param_cb;
++ SSL_CTX_set_srp_cb_arg;
++ SSL_CTX_set_srp_username;
++ SSL_CTX_SRP_CTX_init;
++ SSL_SRP_CTX_init;
++ SRP_Calc_A_param;
++ SRP_generate_server_master_secret;
++ SRP_gen_server_master_secret;
++ SSL_CTX_SRP_CTX_free;
++ SRP_generate_client_master_secret;
++ SRP_gen_client_master_secret;
++ SSL_srp_server_param_with_username;
++ SSL_srp_server_param_with_un;
++ SSL_SRP_CTX_free;
++ SSL_set_debug;
++ SSL_SESSION_get0_peer;
++ TLSv1_2_client_method;
++ SSL_SESSION_set1_id_context;
++ TLSv1_2_server_method;
++ SSL_cache_hit;
++ SSL_get0_kssl_ctx;
++ SSL_set0_kssl_ctx;
++ SSL_set_state;
++ SSL_CIPHER_get_id;
++ TLSv1_2_method;
++ kssl_ctx_get0_client_princ;
++ SSL_export_keying_material;
++ SSL_set_tlsext_use_srtp;
++ SSL_CTX_set_next_protos_advertised_cb;
++ SSL_CTX_set_next_protos_adv_cb;
++ SSL_get0_next_proto_negotiated;
++ SSL_get_selected_srtp_profile;
++ SSL_CTX_set_tlsext_use_srtp;
++ SSL_select_next_proto;
++ SSL_get_srtp_profiles;
++ SSL_CTX_set_next_proto_select_cb;
++ SSL_CTX_set_next_proto_sel_cb;
++ SSL_SESSION_get_compress_id;
++
++ SRP_VBASE_get_by_user;
++ SRP_Calc_server_key;
++ SRP_create_verifier;
++ SRP_create_verifier_BN;
++ SRP_Calc_u;
++ SRP_VBASE_free;
++ SRP_Calc_client_key;
++ SRP_get_default_gN;
++ SRP_Calc_x;
++ SRP_Calc_B;
++ SRP_VBASE_new;
++ SRP_check_known_gN_param;
++ SRP_Calc_A;
++ SRP_Verify_A_mod_N;
++ SRP_VBASE_init;
++ SRP_Verify_B_mod_N;
++ EC_KEY_set_public_key_affine_coordinates;
++ EC_KEY_set_pub_key_aff_coords;
++ EVP_aes_192_ctr;
++ EVP_PKEY_meth_get0_info;
++ EVP_PKEY_meth_copy;
++ ERR_add_error_vdata;
++ EVP_aes_128_ctr;
++ EVP_aes_256_ctr;
++ EC_GFp_nistp224_method;
++ EC_KEY_get_flags;
++ RSA_padding_add_PKCS1_PSS_mgf1;
++ EVP_aes_128_xts;
++ EVP_aes_256_xts;
++ EVP_aes_128_gcm;
++ EC_KEY_clear_flags;
++ EC_KEY_set_flags;
++ EVP_aes_256_ccm;
++ RSA_verify_PKCS1_PSS_mgf1;
++ EVP_aes_128_ccm;
++ EVP_aes_192_gcm;
++ X509_ALGOR_set_md;
++ RAND_init_fips;
++ EVP_aes_256_gcm;
++ EVP_aes_192_ccm;
++ CMAC_CTX_copy;
++ CMAC_CTX_free;
++ CMAC_CTX_get0_cipher_ctx;
++ CMAC_CTX_cleanup;
++ CMAC_Init;
++ CMAC_Update;
++ CMAC_resume;
++ CMAC_CTX_new;
++ CMAC_Final;
++ CRYPTO_ctr128_encrypt_ctr32;
++ CRYPTO_gcm128_release;
++ CRYPTO_ccm128_decrypt_ccm64;
++ CRYPTO_ccm128_encrypt;
++ CRYPTO_gcm128_encrypt;
++ CRYPTO_xts128_encrypt;
++ EVP_rc4_hmac_md5;
++ CRYPTO_nistcts128_decrypt_block;
++ CRYPTO_gcm128_setiv;
++ CRYPTO_nistcts128_encrypt;
++ EVP_aes_128_cbc_hmac_sha1;
++ CRYPTO_gcm128_tag;
++ CRYPTO_ccm128_encrypt_ccm64;
++ ENGINE_load_rdrand;
++ CRYPTO_ccm128_setiv;
++ CRYPTO_nistcts128_encrypt_block;
++ CRYPTO_gcm128_aad;
++ CRYPTO_ccm128_init;
++ CRYPTO_nistcts128_decrypt;
++ CRYPTO_gcm128_new;
++ CRYPTO_ccm128_tag;
++ CRYPTO_ccm128_decrypt;
++ CRYPTO_ccm128_aad;
++ CRYPTO_gcm128_init;
++ CRYPTO_gcm128_decrypt;
++ ENGINE_load_rsax;
++ CRYPTO_gcm128_decrypt_ctr32;
++ CRYPTO_gcm128_encrypt_ctr32;
++ CRYPTO_gcm128_finish;
++ EVP_aes_256_cbc_hmac_sha1;
++ PKCS5_pbkdf2_set;
++ CMS_add0_recipient_password;
++ CMS_decrypt_set1_password;
++ CMS_RecipientInfo_set0_password;
++ RAND_set_fips_drbg_type;
++ X509_REQ_sign_ctx;
++ RSA_PSS_PARAMS_new;
++ X509_CRL_sign_ctx;
++ X509_signature_dump;
++ d2i_RSA_PSS_PARAMS;
++ RSA_PSS_PARAMS_it;
++ RSA_PSS_PARAMS_free;
++ X509_sign_ctx;
++ i2d_RSA_PSS_PARAMS;
++ ASN1_item_sign_ctx;
++ EC_GFp_nistp521_method;
++ EC_GFp_nistp256_method;
++ OPENSSL_stderr;
++ OPENSSL_cpuid_setup;
++ OPENSSL_showfatal;
++ BIO_new_dgram_sctp;
++ BIO_dgram_sctp_msg_waiting;
++ BIO_dgram_sctp_wait_for_dry;
++ BIO_s_datagram_sctp;
++ BIO_dgram_is_sctp;
++ BIO_dgram_sctp_notification_cb;
++ CRYPTO_memcmp;
++ SSL_CTX_set_alpn_protos;
++ SSL_set_alpn_protos;
++ SSL_CTX_set_alpn_select_cb;
++ SSL_get0_alpn_selected;
++ SSL_CTX_set_custom_cli_ext;
++ SSL_CTX_set_custom_srv_ext;
++ SSL_CTX_set_srv_supp_data;
++ SSL_CTX_set_cli_supp_data;
++ SSL_set_cert_cb;
++ SSL_CTX_use_serverinfo;
++ SSL_CTX_use_serverinfo_file;
++ SSL_CTX_set_cert_cb;
++ SSL_CTX_get0_param;
++ SSL_get0_param;
++ SSL_certs_clear;
++ DTLSv1_2_method;
++ DTLSv1_2_server_method;
++ DTLSv1_2_client_method;
++ DTLS_method;
++ DTLS_server_method;
++ DTLS_client_method;
++ SSL_CTX_get_ssl_method;
++ SSL_CTX_get0_certificate;
++ SSL_CTX_get0_privatekey;
++ SSL_COMP_set0_compression_methods;
++ SSL_COMP_free_compression_methods;
++ SSL_CIPHER_find;
++ SSL_is_server;
++ SSL_CONF_CTX_new;
++ SSL_CONF_CTX_finish;
++ SSL_CONF_CTX_free;
++ SSL_CONF_CTX_set_flags;
++ SSL_CONF_CTX_clear_flags;
++ SSL_CONF_CTX_set1_prefix;
++ SSL_CONF_CTX_set_ssl;
++ SSL_CONF_CTX_set_ssl_ctx;
++ SSL_CONF_cmd;
++ SSL_CONF_cmd_argv;
++ SSL_CONF_cmd_value_type;
++ SSL_trace;
++ SSL_CIPHER_standard_name;
++ SSL_get_tlsa_record_byname;
++ ASN1_TIME_diff;
++ BIO_hex_string;
++ CMS_RecipientInfo_get0_pkey_ctx;
++ CMS_RecipientInfo_encrypt;
++ CMS_SignerInfo_get0_pkey_ctx;
++ CMS_SignerInfo_get0_md_ctx;
++ CMS_SignerInfo_get0_signature;
++ CMS_RecipientInfo_kari_get0_alg;
++ CMS_RecipientInfo_kari_get0_reks;
++ CMS_RecipientInfo_kari_get0_orig_id;
++ CMS_RecipientInfo_kari_orig_id_cmp;
++ CMS_RecipientEncryptedKey_get0_id;
++ CMS_RecipientEncryptedKey_cert_cmp;
++ CMS_RecipientInfo_kari_set0_pkey;
++ CMS_RecipientInfo_kari_get0_ctx;
++ CMS_RecipientInfo_kari_decrypt;
++ CMS_SharedInfo_encode;
++ DH_compute_key_padded;
++ d2i_DHxparams;
++ i2d_DHxparams;
++ DH_get_1024_160;
++ DH_get_2048_224;
++ DH_get_2048_256;
++ DH_KDF_X9_42;
++ ECDH_KDF_X9_62;
++ ECDSA_METHOD_new;
++ ECDSA_METHOD_free;
++ ECDSA_METHOD_set_app_data;
++ ECDSA_METHOD_get_app_data;
++ ECDSA_METHOD_set_sign;
++ ECDSA_METHOD_set_sign_setup;
++ ECDSA_METHOD_set_verify;
++ ECDSA_METHOD_set_flags;
++ ECDSA_METHOD_set_name;
++ EVP_des_ede3_wrap;
++ EVP_aes_128_wrap;
++ EVP_aes_192_wrap;
++ EVP_aes_256_wrap;
++ EVP_aes_128_cbc_hmac_sha256;
++ EVP_aes_256_cbc_hmac_sha256;
++ CRYPTO_128_wrap;
++ CRYPTO_128_unwrap;
++ OCSP_REQ_CTX_nbio;
++ OCSP_REQ_CTX_new;
++ OCSP_set_max_response_length;
++ OCSP_REQ_CTX_i2d;
++ OCSP_REQ_CTX_nbio_d2i;
++ OCSP_REQ_CTX_get0_mem_bio;
++ OCSP_REQ_CTX_http;
++ RSA_padding_add_PKCS1_OAEP_mgf1;
++ RSA_padding_check_PKCS1_OAEP_mgf1;
++ RSA_OAEP_PARAMS_free;
++ RSA_OAEP_PARAMS_it;
++ RSA_OAEP_PARAMS_new;
++ SSL_get_sigalgs;
++ SSL_get_shared_sigalgs;
++ SSL_check_chain;
++ X509_chain_up_ref;
++ X509_http_nbio;
++ X509_CRL_http_nbio;
++ X509_REVOKED_dup;
++ i2d_re_X509_tbs;
++ X509_get0_signature;
++ X509_get_signature_nid;
++ X509_CRL_diff;
++ X509_chain_check_suiteb;
++ X509_CRL_check_suiteb;
++ X509_check_host;
++ X509_check_email;
++ X509_check_ip;
++ X509_check_ip_asc;
++ X509_STORE_set_lookup_crls_cb;
++ X509_STORE_CTX_get0_store;
++ X509_VERIFY_PARAM_set1_host;
++ X509_VERIFY_PARAM_add1_host;
++ X509_VERIFY_PARAM_set_hostflags;
++ X509_VERIFY_PARAM_get0_peername;
++ X509_VERIFY_PARAM_set1_email;
++ X509_VERIFY_PARAM_set1_ip;
++ X509_VERIFY_PARAM_set1_ip_asc;
++ X509_VERIFY_PARAM_get0_name;
++ X509_VERIFY_PARAM_get_count;
++ X509_VERIFY_PARAM_get0;
++ X509V3_EXT_free;
++ EC_GROUP_get_mont_data;
++ EC_curve_nid2nist;
++ EC_curve_nist2nid;
++ PEM_write_bio_DHxparams;
++ PEM_write_DHxparams;
++ SSL_CTX_add_client_custom_ext;
++ SSL_CTX_add_server_custom_ext;
++ SSL_extension_supported;
++ BUF_strnlen;
++ sk_deep_copy;
++ SSL_test_functions;
++
++ local:
++ *;
++};
++
++OPENSSL_1.0.2g {
++ global:
++ SRP_VBASE_get1_by_user;
++ SRP_user_pwd_free;
++} OPENSSL_1.0.2d;
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.2 {
++ global:
++ bind_engine;
++ v_check;
++ OPENSSL_init;
++ OPENSSL_finish;
++ local:
++ *;
++};
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
+@@ -0,0 +1,10 @@
++OPENSSL_1.0.2 {
++ global:
++ bind_engine;
++ v_check;
++ OPENSSL_init;
++ OPENSSL_finish;
++ local:
++ *;
++};
++
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch
new file mode 100644
index 000000000..a5746483e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch
@@ -0,0 +1,64 @@
+Upstream-Status: Inappropriate [configuration]
+
+
+Index: openssl-1.0.2/engines/Makefile
+===================================================================
+--- openssl-1.0.2.orig/engines/Makefile
++++ openssl-1.0.2/engines/Makefile
+@@ -107,13 +107,13 @@ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
++ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
+ for l in $(LIBNAMES); do \
+ ( echo installing $$l; \
+ pfx=lib; \
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -122,10 +122,10 @@ install:
+ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+ *) sfx=".bad";; \
+ esac; \
+- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+ fi; \
+- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+ @target=install; $(RECURSIVE_MAKE)
+Index: openssl-1.0.2/engines/ccgost/Makefile
+===================================================================
+--- openssl-1.0.2.orig/engines/ccgost/Makefile
++++ openssl-1.0.2/engines/ccgost/Makefile
+@@ -47,7 +47,7 @@ install:
+ pfx=lib; \
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -56,10 +56,10 @@ install:
+ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+ *) sfx=".bad";; \
+ esac; \
+- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ fi; \
+- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
+ fi
+
+ links:
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl
new file mode 100644
index 000000000..8e1b42c88
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl
@@ -0,0 +1,54 @@
+warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";
+
+# This library is deprecated and unmaintained. It is included for
+# compatibility with Perl 4 scripts which may use it, but it will be
+# removed in a future version of Perl. Please use the File::Find module
+# instead.
+
+# Usage:
+# require "find.pl";
+#
+# &find('/foo','/bar');
+#
+# sub wanted { ... }
+# where wanted does whatever you want. $dir contains the
+# current directory name, and $_ the current filename within
+# that directory. $name contains "$dir/$_". You are cd'ed
+# to $dir when the function is called. The function may
+# set $prune to prune the tree.
+#
+# For example,
+#
+# find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
+#
+# corresponds to this
+#
+# sub wanted {
+# /^\.nfs.*$/ &&
+# (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
+# int(-M _) > 7 &&
+# unlink($_)
+# ||
+# ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
+# $dev < 0 &&
+# ($prune = 1);
+# }
+#
+# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats.
+
+use File::Find ();
+
+*name = *File::Find::name;
+*prune = *File::Find::prune;
+*dir = *File::Find::dir;
+*topdir = *File::Find::topdir;
+*topdev = *File::Find::topdev;
+*topino = *File::Find::topino;
+*topmode = *File::Find::topmode;
+*topnlink = *File::Find::topnlink;
+
+sub find {
+ &File::Find::find(\&wanted, @_);
+}
+
+1;
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch
new file mode 100644
index 000000000..292e13dc5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch
@@ -0,0 +1,24 @@
+Upstream-Status: Inappropriate [open-embedded]
+
+Index: openssl-1.0.0/Makefile.shared
+===================================================================
+--- openssl-1.0.0.orig/Makefile.shared
++++ openssl-1.0.0/Makefile.shared
+@@ -92,7 +92,7 @@
+ LINK_APP= \
+ ( $(SET_X); \
+ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+- LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
++ LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+@@ -102,7 +102,7 @@
+ ( $(SET_X); \
+ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+ SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
++ SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh
new file mode 100644
index 000000000..6620fdcb5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh
@@ -0,0 +1,222 @@
+#!/bin/sh
+#
+# Ben Secrest <blsecres@gmail.com>
+#
+# sh c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+#
+# based on the c_rehash perl script distributed with openssl
+#
+# LICENSE: See OpenSSL license
+# ^^acceptable?^^
+#
+
+# default certificate location
+DIR=/etc/openssl
+
+# for filetype bitfield
+IS_CERT=$(( 1 << 0 ))
+IS_CRL=$(( 1 << 1 ))
+
+
+# check to see if a file is a certificate file or a CRL file
+# arguments:
+# 1. the filename to be scanned
+# returns:
+# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
+#
+check_file()
+{
+ local IS_TYPE=0
+
+ # make IFS a newline so we can process grep output line by line
+ local OLDIFS=${IFS}
+ IFS=$( printf "\n" )
+
+ # XXX: could be more efficient to have two 'grep -m' but is -m portable?
+ for LINE in $( grep '^-----BEGIN .*-----' ${1} )
+ do
+ if echo ${LINE} \
+ | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ break
+ fi
+ elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ break
+ fi
+ fi
+ done
+
+ # restore IFS
+ IFS=${OLDIFS}
+
+ return ${IS_TYPE}
+}
+
+
+#
+# use openssl to fingerprint a file
+# arguments:
+# 1. the filename to fingerprint
+# 2. the method to use (x509, crl)
+# returns:
+# none
+# assumptions:
+# user will capture output from last stage of pipeline
+#
+fingerprint()
+{
+ ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+}
+
+
+#
+# link_hash - create links to certificate files
+# arguments:
+# 1. the filename to create a link for
+# 2. the type of certificate being linked (x509, crl)
+# returns:
+# 0 on success, 1 otherwise
+#
+link_hash()
+{
+ local FINGERPRINT=$( fingerprint ${1} ${2} )
+ local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
+ local SUFFIX=0
+ local LINKFILE=''
+ local TAG=''
+
+ if [ ${2} = "crl" ]
+ then
+ TAG='r'
+ fi
+
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+
+ while [ -f ${LINKFILE} ]
+ do
+ if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
+ then
+ echo "NOTE: Skipping duplicate file ${1}" >&2
+ return 1
+ fi
+
+ SUFFIX=$(( ${SUFFIX} + 1 ))
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+ done
+
+ echo "${3} => ${LINKFILE}"
+
+ # assume any system with a POSIX shell will either support symlinks or
+ # do something to handle this gracefully
+ ln -s ${3} ${LINKFILE}
+
+ return 0
+}
+
+
+# hash_dir create hash links in a given directory
+hash_dir()
+{
+ echo "Doing ${1}"
+
+ cd ${1}
+
+ ls -1 * 2>/dev/null | while read FILE
+ do
+ if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
+ && [ -h "${FILE}" ]
+ then
+ rm ${FILE}
+ fi
+ done
+
+ ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
+ do
+ REAL_FILE=${FILE}
+ # if we run on build host then get to the real files in rootfs
+ if [ -n "${SYSROOT}" -a -h ${FILE} ]
+ then
+ FILE=$( readlink ${FILE} )
+ # check the symlink is absolute (or dangling in other word)
+ if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
+ then
+ REAL_FILE=${SYSROOT}/${FILE}
+ fi
+ fi
+
+ check_file ${REAL_FILE}
+ local FILE_TYPE=${?}
+ local TYPE_STR=''
+
+ if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ TYPE_STR='x509'
+ elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ TYPE_STR='crl'
+ else
+ echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
+ continue
+ fi
+
+ link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
+ done
+}
+
+
+# choose the name of an ssl application
+if [ -n "${OPENSSL}" ]
+then
+ SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
+else
+ SSL_CMD=/usr/bin/openssl
+ OPENSSL=${SSL_CMD}
+ export OPENSSL
+fi
+
+# fix paths
+PATH=${PATH}:${DIR}/bin
+export PATH
+
+# confirm existance/executability of ssl command
+if ! [ -x ${SSL_CMD} ]
+then
+ echo "${0}: rehashing skipped ('openssl' program not available)" >&2
+ exit 0
+fi
+
+# determine which directories to process
+old_IFS=$IFS
+if [ ${#} -gt 0 ]
+then
+ IFS=':'
+ DIRLIST=${*}
+elif [ -n "${SSL_CERT_DIR}" ]
+then
+ DIRLIST=$SSL_CERT_DIR
+else
+ DIRLIST=${DIR}/certs
+fi
+
+IFS=':'
+
+# process directories
+for CERT_DIR in ${DIRLIST}
+do
+ if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
+ then
+ IFS=$old_IFS
+ hash_dir ${CERT_DIR}
+ IFS=':'
+ fi
+done
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch
new file mode 100644
index 000000000..de49729e5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch
@@ -0,0 +1,19 @@
+openssl: Fix pod2man des.pod error on Ubuntu 12.04
+
+This is a formatting fix, '=back' is required before
+'=head1' on Ubuntu 12.04.
+
+Upstream-Status: Pending
+Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
+diff -urpN a_origin/des.pod b_modify/des.pod
+--- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800
++++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800
+@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin
+ output. If there is no name specified after the B<-u>, the name text.des
+ will be embedded in the header.
+
++=back
++
+ =head1 SEE ALSO
+
+ ps(1),
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch
new file mode 100644
index 000000000..065b9b122
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch
@@ -0,0 +1,34 @@
+From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Mon, 19 Sep 2016 22:06:28 -0700
+Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC
+
+Fixed when building on Debian-testing:
+| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
+
+The find.pl is added by oe-core, so once openssl/find.pl is removed,
+then this patch can be dropped.
+
+Upstream-Status: Inappropriate [OE-Specific]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ util/perlpath.pl | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/util/perlpath.pl b/util/perlpath.pl
+index a1f236b..5599892 100755
+--- a/util/perlpath.pl
++++ b/util/perlpath.pl
+@@ -4,6 +4,8 @@
+ # line in all scripts that rely on perl.
+ #
+
++BEGIN { unshift @INC, "."; }
++
+ require "find.pl";
+
+ $#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
+--
+2.9.0
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch
new file mode 100644
index 000000000..0f08a642f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch
@@ -0,0 +1,39 @@
+Upstream-Status: Pending
+
+Received from H J Liu @ Intel
+Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
+Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
+
+ported the patch to the 1.0.0e version
+Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
+Index: openssl-1.0.2/crypto/bn/bn.h
+===================================================================
+--- openssl-1.0.2.orig/crypto/bn/bn.h
++++ openssl-1.0.2/crypto/bn/bn.h
+@@ -173,6 +173,13 @@ extern "C" {
+ # endif
+ # endif
+
++/* Address type. */
++#ifdef _WIN64
++#define BN_ADDR unsigned long long
++#else
++#define BN_ADDR unsigned long
++#endif
++
+ /*
+ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+Index: openssl-1.0.2/crypto/bn/bn_exp.c
+===================================================================
+--- openssl-1.0.2.orig/crypto/bn/bn_exp.c
++++ openssl-1.0.2/crypto/bn/bn_exp.c
+@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
+ * multiple.
+ */
+ #define MOD_EXP_CTIME_ALIGN(x_) \
+- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
++ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+
+ /*
+ * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch
new file mode 100644
index 000000000..e5413bf38
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch
@@ -0,0 +1,370 @@
+From 7fb1192f112c1920bfd39f4185f34e9afff3cff2 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Sat, 5 Mar 2016 00:12:02 +0000
+Subject: [PATCH 24/28] Fix the parallel races in the Makefiles.
+
+This patch was taken from the Gentoo packaging:
+https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
+
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Refreshed for 1.0.2i
+Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
+
+---
+ Makefile.org | 14 +-
+ Makefile.org.orig | 10 +-
+ Makefile.shared | 2 +
+ Makefile.shared.orig | 655 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ crypto/Makefile | 10 +-
+ engines/Makefile | 6 +-
+ engines/Makefile.orig | 338 ++++++++++++++++++++++++++
+ test/Makefile | 92 +++----
+ test/Makefile.orig | 88 ++++---
+ 9 files changed, 1108 insertions(+), 107 deletions(-)
+ create mode 100644 Makefile.shared.orig
+ create mode 100644 engines/Makefile.orig
+
+diff --git a/Makefile.org b/Makefile.org
+index 8e7936c..ed98d2a 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -283,17 +283,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc
+ build_libssl: build_ssl libssl.pc
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
++ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
++ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+- @dir=test; target=all; $(BUILD_ONE_CMD)
++ +@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ +@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -565,7 +565,7 @@ install_sw:
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+diff --git a/Makefile.shared b/Makefile.shared
+index f6f92e7..8164186 100644
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -105,6 +105,7 @@ LINK_SO= \
+ SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@ SYMLINK_SO= \
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+diff --git a/crypto/Makefile b/crypto/Makefile
+index 17a87f8..29c2dcf 100644
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -85,11 +85,11 @@ testapps:
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@ links:
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ $(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@ install:
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+diff --git a/engines/Makefile b/engines/Makefile
+index fe8e9ca..a43d21b 100644
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -72,7 +72,7 @@ top:
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@ lib: $(LIBOBJ)
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@ install:
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+diff --git a/test/Makefile b/test/Makefile
+index 40abd60..78d3788 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -145,7 +145,7 @@ install:
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -444,139 +444,139 @@ BUILD_CMD_STATIC=shlib_target=; \
+ link_app.$${shlib_target}
+
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+- @target=$(RSATEST); $(BUILD_CMD)
++ +@target=$(RSATEST); $(BUILD_CMD)
+
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+- @target=$(BNTEST); $(BUILD_CMD)
++ +@target=$(BNTEST); $(BUILD_CMD)
+
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+- @target=$(ECTEST); $(BUILD_CMD)
++ +@target=$(ECTEST); $(BUILD_CMD)
+
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+- @target=$(EXPTEST); $(BUILD_CMD)
++ +@target=$(EXPTEST); $(BUILD_CMD)
+
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+- @target=$(IDEATEST); $(BUILD_CMD)
++ +@target=$(IDEATEST); $(BUILD_CMD)
+
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+- @target=$(MD2TEST); $(BUILD_CMD)
++ +@target=$(MD2TEST); $(BUILD_CMD)
+
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+- @target=$(SHATEST); $(BUILD_CMD)
++ +@target=$(SHATEST); $(BUILD_CMD)
+
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+- @target=$(SHA1TEST); $(BUILD_CMD)
++ +@target=$(SHA1TEST); $(BUILD_CMD)
+
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+- @target=$(SHA256TEST); $(BUILD_CMD)
++ +@target=$(SHA256TEST); $(BUILD_CMD)
+
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+- @target=$(SHA512TEST); $(BUILD_CMD)
++ +@target=$(SHA512TEST); $(BUILD_CMD)
+
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+- @target=$(RMDTEST); $(BUILD_CMD)
++ +@target=$(RMDTEST); $(BUILD_CMD)
+
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+- @target=$(MDC2TEST); $(BUILD_CMD)
++ +@target=$(MDC2TEST); $(BUILD_CMD)
+
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+- @target=$(MD4TEST); $(BUILD_CMD)
++ +@target=$(MD4TEST); $(BUILD_CMD)
+
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+- @target=$(MD5TEST); $(BUILD_CMD)
++ +@target=$(MD5TEST); $(BUILD_CMD)
+
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+- @target=$(HMACTEST); $(BUILD_CMD)
++ +@target=$(HMACTEST); $(BUILD_CMD)
+
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+- @target=$(WPTEST); $(BUILD_CMD)
++ +@target=$(WPTEST); $(BUILD_CMD)
+
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+- @target=$(RC2TEST); $(BUILD_CMD)
++ +@target=$(RC2TEST); $(BUILD_CMD)
+
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+- @target=$(BFTEST); $(BUILD_CMD)
++ +@target=$(BFTEST); $(BUILD_CMD)
+
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+- @target=$(CASTTEST); $(BUILD_CMD)
++ +@target=$(CASTTEST); $(BUILD_CMD)
+
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+- @target=$(RC4TEST); $(BUILD_CMD)
++ +@target=$(RC4TEST); $(BUILD_CMD)
+
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+- @target=$(RC5TEST); $(BUILD_CMD)
++ +@target=$(RC5TEST); $(BUILD_CMD)
+
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+- @target=$(DESTEST); $(BUILD_CMD)
++ +@target=$(DESTEST); $(BUILD_CMD)
+
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+- @target=$(RANDTEST); $(BUILD_CMD)
++ +@target=$(RANDTEST); $(BUILD_CMD)
+
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+- @target=$(DHTEST); $(BUILD_CMD)
++ +@target=$(DHTEST); $(BUILD_CMD)
+
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+- @target=$(DSATEST); $(BUILD_CMD)
++ +@target=$(DSATEST); $(BUILD_CMD)
+
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+- @target=$(METHTEST); $(BUILD_CMD)
++ +@target=$(METHTEST); $(BUILD_CMD)
+
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+- @target=$(ENGINETEST); $(BUILD_CMD)
++ +@target=$(ENGINETEST); $(BUILD_CMD)
+
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+- @target=$(EVPTEST); $(BUILD_CMD)
++ +@target=$(EVPTEST); $(BUILD_CMD)
+
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+- @target=$(EVPEXTRATEST); $(BUILD_CMD)
++ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
+
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+- @target=$(ECDSATEST); $(BUILD_CMD)
++ +@target=$(ECDSATEST); $(BUILD_CMD)
+
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+- @target=$(ECDHTEST); $(BUILD_CMD)
++ +@target=$(ECDHTEST); $(BUILD_CMD)
+
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+- @target=$(IGETEST); $(BUILD_CMD)
++ +@target=$(IGETEST); $(BUILD_CMD)
+
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+- @target=$(JPAKETEST); $(BUILD_CMD)
++ +@target=$(JPAKETEST); $(BUILD_CMD)
+
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+- @target=$(ASN1TEST); $(BUILD_CMD)
++ +@target=$(ASN1TEST); $(BUILD_CMD)
+
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+- @target=$(SRPTEST); $(BUILD_CMD)
++ +@target=$(SRPTEST); $(BUILD_CMD)
+
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+- @target=$(V3NAMETEST); $(BUILD_CMD)
++ +@target=$(V3NAMETEST); $(BUILD_CMD)
+
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+- @target=$(CONSTTIMETEST) $(BUILD_CMD)
++ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
+
+ $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
+- @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
++ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+
+ $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
+- @target=$(CLIENTHELLOTEST) $(BUILD_CMD)
++ +@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+
+ $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
+- @target=$(BADDTLSTEST) $(BUILD_CMD)
++ +@target=$(BADDTLSTEST) $(BUILD_CMD)
+
+ $(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+ @target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+
+ $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
+- @target=$(SSLV2CONFTEST) $(BUILD_CMD)
++ +@target=$(SSLV2CONFTEST) $(BUILD_CMD)
+
+ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
++ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -589,7 +589,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ +@target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+--
+2.15.1
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch
new file mode 100644
index 000000000..ef6d17934
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch
@@ -0,0 +1,34 @@
+Remove Makefile dependencies for test targets
+
+These are probably here because the executables aren't always built for
+other platforms (e.g. Windows); however we can safely assume they'll
+always be there. None of the other test targets have such dependencies
+and if we don't remove them, make tries to rebuild the executables and
+fails during run-ptest.
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+Index: openssl-1.0.2/test/Makefile
+===================================================================
+--- openssl-1.0.2.orig/test/Makefile
++++ openssl-1.0.2/test/Makefile
+@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
+ @echo "CMS consistency test"
+ $(PERL) cms-test.pl
+
+-test_srp: $(SRPTEST)$(EXE_EXT)
++test_srp:
+ @echo "Test SRP"
+ ../util/shlib_wrap.sh ./srptest
+
+@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
+ @echo "Test X509v3_check_*"
+ ../util/shlib_wrap.sh ./$(V3NAMETEST)
+
+-test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
++test_heartbeat:
+ ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
+
+ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch
new file mode 100644
index 000000000..4202e61d1
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch
@@ -0,0 +1,248 @@
+Additional Makefile dependencies removal for test targets
+
+Removing the dependency check for test targets as these tests are
+causing a number of failures and "noise" during ptest execution.
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+
+diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile
+--- openssl-1.0.2d-orig/test/Makefile 2015-09-28 12:50:41.530022979 +0300
++++ openssl-1.0.2d/test/Makefile 2015-09-28 12:57:45.930717240 +0300
+@@ -155,67 +155,67 @@
+ ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
+ done)
+
+-test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
++test_evp:
+ ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
+
+-test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT)
++test_evp_extra:
+ ../util/shlib_wrap.sh ./$(EVPEXTRATEST)
+
+-test_des: $(DESTEST)$(EXE_EXT)
++test_des:
+ ../util/shlib_wrap.sh ./$(DESTEST)
+
+-test_idea: $(IDEATEST)$(EXE_EXT)
++test_idea:
+ ../util/shlib_wrap.sh ./$(IDEATEST)
+
+-test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT)
++test_sha:
+ ../util/shlib_wrap.sh ./$(SHATEST)
+ ../util/shlib_wrap.sh ./$(SHA1TEST)
+ ../util/shlib_wrap.sh ./$(SHA256TEST)
+ ../util/shlib_wrap.sh ./$(SHA512TEST)
+
+-test_mdc2: $(MDC2TEST)$(EXE_EXT)
++test_mdc2:
+ ../util/shlib_wrap.sh ./$(MDC2TEST)
+
+-test_md5: $(MD5TEST)$(EXE_EXT)
++test_md5:
+ ../util/shlib_wrap.sh ./$(MD5TEST)
+
+-test_md4: $(MD4TEST)$(EXE_EXT)
++test_md4:
+ ../util/shlib_wrap.sh ./$(MD4TEST)
+
+-test_hmac: $(HMACTEST)$(EXE_EXT)
++test_hmac:
+ ../util/shlib_wrap.sh ./$(HMACTEST)
+
+-test_wp: $(WPTEST)$(EXE_EXT)
++test_wp:
+ ../util/shlib_wrap.sh ./$(WPTEST)
+
+-test_md2: $(MD2TEST)$(EXE_EXT)
++test_md2:
+ ../util/shlib_wrap.sh ./$(MD2TEST)
+
+-test_rmd: $(RMDTEST)$(EXE_EXT)
++test_rmd:
+ ../util/shlib_wrap.sh ./$(RMDTEST)
+
+-test_bf: $(BFTEST)$(EXE_EXT)
++test_bf:
+ ../util/shlib_wrap.sh ./$(BFTEST)
+
+-test_cast: $(CASTTEST)$(EXE_EXT)
++test_cast:
+ ../util/shlib_wrap.sh ./$(CASTTEST)
+
+-test_rc2: $(RC2TEST)$(EXE_EXT)
++test_rc2:
+ ../util/shlib_wrap.sh ./$(RC2TEST)
+
+-test_rc4: $(RC4TEST)$(EXE_EXT)
++test_rc4:
+ ../util/shlib_wrap.sh ./$(RC4TEST)
+
+-test_rc5: $(RC5TEST)$(EXE_EXT)
++test_rc5:
+ ../util/shlib_wrap.sh ./$(RC5TEST)
+
+-test_rand: $(RANDTEST)$(EXE_EXT)
++test_rand:
+ ../util/shlib_wrap.sh ./$(RANDTEST)
+
+-test_enc: ../apps/openssl$(EXE_EXT) testenc
++test_enc:
+ @sh ./testenc
+
+-test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem
++test_x509:
+ echo test normal x509v1 certificate
+ sh ./tx509 2>/dev/null
+ echo test first x509v3 certificate
+@@ -223,25 +223,25 @@
+ echo test second x509v3 certificate
+ sh ./tx509 v3-cert2.pem 2>/dev/null
+
+-test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
++test_rsa:
+ @sh ./trsa 2>/dev/null
+ ../util/shlib_wrap.sh ./$(RSATEST)
+
+-test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem
++test_crl:
+ @sh ./tcrl 2>/dev/null
+
+-test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem
++test_sid:
+ @sh ./tsid 2>/dev/null
+
+-test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem
++test_req:
+ @sh ./treq 2>/dev/null
+ @sh ./treq testreq2.pem 2>/dev/null
+
+-test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem
++test_pkcs7:
+ @sh ./tpkcs7 2>/dev/null
+ @sh ./tpkcs7d 2>/dev/null
+
+-test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest
++test_bn:
+ @echo starting big number library test, could take a while...
+ @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
+ @echo quit >>tmp.bntest
+@@ -250,33 +250,33 @@
+ @echo 'test a^b%c implementations'
+ ../util/shlib_wrap.sh ./$(EXPTEST)
+
+-test_ec: $(ECTEST)$(EXE_EXT)
++test_ec:
+ @echo 'test elliptic curves'
+ ../util/shlib_wrap.sh ./$(ECTEST)
+
+-test_ecdsa: $(ECDSATEST)$(EXE_EXT)
++test_ecdsa:
+ @echo 'test ecdsa'
+ ../util/shlib_wrap.sh ./$(ECDSATEST)
+
+-test_ecdh: $(ECDHTEST)$(EXE_EXT)
++test_ecdh:
+ @echo 'test ecdh'
+ ../util/shlib_wrap.sh ./$(ECDHTEST)
+
+-test_verify: ../apps/openssl$(EXE_EXT)
++test_verify:
+ @echo "The following command should have some OK's and some failures"
+ @echo "There are definitly a few expired certificates"
+ ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
+
+-test_dh: $(DHTEST)$(EXE_EXT)
++test_dh:
+ @echo "Generate a set of DH parameters"
+ ../util/shlib_wrap.sh ./$(DHTEST)
+
+-test_dsa: $(DSATEST)$(EXE_EXT)
++test_dsa:
+ @echo "Generate a set of DSA parameters"
+ ../util/shlib_wrap.sh ./$(DSATEST)
+ ../util/shlib_wrap.sh ./$(DSATEST) -app2_1
+
+-test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf
++test_gen testreq.pem:
+ @echo "Generate and verify a certificate request"
+ @sh ./testgen
+
+@@ -288,13 +288,11 @@
+ @cat certCA.ss certU.ss > intP1.ss
+ @cat certCA.ss certU.ss certP1.ss > intP2.ss
+
+-test_engine: $(ENGINETEST)$(EXE_EXT)
++test_engine:
+ @echo "Manipulate the ENGINE structures"
+ ../util/shlib_wrap.sh ./$(ENGINETEST)
+
+-test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
+- intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \
+- ../apps/server2.pem serverinfo.pem
++test_ssl:
+ @echo "test SSL protocol"
+ @if [ -n "$(FIPSCANLIB)" ]; then \
+ sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
+@@ -304,7 +302,7 @@
+ @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
+ @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
+
+-test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf
++test_ca:
+ @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+ echo "skipping CA.sh test -- requires RSA"; \
+ else \
+@@ -312,11 +310,11 @@
+ sh ./testca; \
+ fi
+
+-test_aes: #$(AESTEST)
++test_aes:
+ # @echo "test Rijndael"
+ # ../util/shlib_wrap.sh ./$(AESTEST)
+
+-test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
++test_tsa:
+ @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
+ echo "skipping testtsa test -- requires RSA"; \
+ else \
+@@ -331,7 +329,7 @@
+ @echo "Test JPAKE"
+ ../util/shlib_wrap.sh ./$(JPAKETEST)
+
+-test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt
++test_cms:
+ @echo "CMS consistency test"
+ $(PERL) cms-test.pl
+
+@@ -339,22 +337,22 @@
+ @echo "Test SRP"
+ ../util/shlib_wrap.sh ./srptest
+
+-test_ocsp: ../apps/openssl$(EXE_EXT) tocsp
++test_ocsp:
+ @echo "Test OCSP"
+ @sh ./tocsp
+
+-test_v3name: $(V3NAMETEST)$(EXE_EXT)
++test_v3name:
+ @echo "Test X509v3_check_*"
+ ../util/shlib_wrap.sh ./$(V3NAMETEST)
+
+ test_heartbeat:
+ ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
+
+-test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
++test_constant_time:
+ @echo "Test constant time utilites"
+ ../util/shlib_wrap.sh ./$(CONSTTIMETEST)
+
+-test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
++test_verify_extra:
+ @echo $(START) $@
+ ../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch
new file mode 100644
index 000000000..2803cb039
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch
@@ -0,0 +1,20 @@
+Allow passing custom c-flags to mkbuildinf.pl in order to pass
+flags without any build host references
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+--- Makefile 2018-03-06 14:50:18.342138147 -0800
++++ Makefile 2018-03-06 15:24:04.794239071 -0800
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -55,7 +55,7 @@
+ all: shared
+
+ buildinf.h: ../Makefile
+- $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
++ $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC_INFO)" "$(PLATFORM)" >buildinf.h
+
+ x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl
+ $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch
new file mode 100644
index 000000000..b55673121
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch
@@ -0,0 +1,21 @@
+If SOURCE_DATE_EPOCH is present in the environment, use it as build date.
+Also make sure to use UTC time.
+
+Upstream-Status: Backport [ https://github.com/openssl/openssl/blob/master/util/mkbuildinf.pl ]
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+--- mkbuildinf.pl 2018-03-06 14:20:09.438048058 -0800
++++ mkbuildinf.pl 2018-03-06 14:19:20.722045632 -0800
+--- a/util/mkbuildinf.pl
++++ b/util/mkbuildinf.pl
+@@ -3,7 +3,8 @@
+ my ($cflags, $platform) = @ARGV;
+
+ $cflags = "compiler: $cflags";
+-$date = localtime();
++my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC";
++
+ print <<"END_OUTPUT";
+ #ifndef MK1MF_BUILD
+ /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest
new file mode 100755
index 000000000..3b20fce1e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest
@@ -0,0 +1,2 @@
+#!/bin/sh
+make -k runtest
diff --git a/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch
new file mode 100644
index 000000000..a7ca0a307
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Inappropriate [configuration]
+
+Index: openssl-1.0.1e/crypto/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/crypto/Makefile
++++ openssl-1.0.1e/crypto/Makefile
+@@ -108,7 +108,7 @@ $(LIB): $(LIBOBJ)
+
+ shared: buildinf.h lib subdirs
+ if [ -n "$(SHARED_LIBS)" ]; then \
+- (cd ..; $(MAKE) $(SHARED_LIB)); \
++ (cd ..; $(MAKE) -e $(SHARED_LIB)); \
+ fi
+
+ libs:
+Index: openssl-1.0.1e/Makefile.org
+===================================================================
+--- openssl-1.0.1e.orig/Makefile.org
++++ openssl-1.0.1e/Makefile.org
+@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
+
+ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
++ $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+Index: openssl-1.0.1e/ssl/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/ssl/Makefile
++++ openssl-1.0.1e/ssl/Makefile
+@@ -62,7 +62,7 @@ lib: $(LIBOBJ)
+
+ shared: lib
+ if [ -n "$(SHARED_LIBS)" ]; then \
+- (cd ..; $(MAKE) $(SHARED_LIB)); \
++ (cd ..; $(MAKE) -e $(SHARED_LIB)); \
+ fi
+
+ files:
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
new file mode 100644
index 000000000..6ce4e47d7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-Take-linking-flags-from-LDFLAGS-env-var.patch
@@ -0,0 +1,43 @@
+From 08face4353d80111973aba9c1304c92158cfad0e Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Tue, 28 Mar 2017 16:40:12 +0300
+Subject: [PATCH] Take linking flags from LDFLAGS env var
+
+This fixes "No GNU_HASH in the elf binary" issues.
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ Configurations/unix-Makefile.tmpl | 2 +-
+ Configure | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index c029817..43b769b 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -173,7 +173,7 @@ CROSS_COMPILE= {- $config{cross_compile_prefix} -}
+ CC= $(CROSS_COMPILE){- $target{cc} -}
+ CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -}
+ CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -}
+-LDFLAGS= {- $target{lflags} -}
++LDFLAGS= {- $target{lflags}." ".$ENV{'LDFLAGS'} -}
+ PLIB_LDFLAGS= {- $target{plib_lflags} -}
+ EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -}
+ LIB_CFLAGS={- $target{shared_cflag} || "" -}
+diff --git a/Configure b/Configure
+index aee7cc3..274d236 100755
+--- a/Configure
++++ b/Configure
+@@ -979,7 +979,7 @@ $config{build_file} = $target{build_file};
+ $config{defines} = [];
+ $config{cflags} = "";
+ $config{ex_libs} = "";
+-$config{shared_ldflag} = "";
++$config{shared_ldflag} = $ENV{'LDFLAGS'};
+
+ # Make sure build_scheme is consistent.
+ $target{build_scheme} = [ $target{build_scheme} ]
+--
+2.11.0
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
new file mode 100644
index 000000000..6620fdcb5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
@@ -0,0 +1,222 @@
+#!/bin/sh
+#
+# Ben Secrest <blsecres@gmail.com>
+#
+# sh c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+#
+# based on the c_rehash perl script distributed with openssl
+#
+# LICENSE: See OpenSSL license
+# ^^acceptable?^^
+#
+
+# default certificate location
+DIR=/etc/openssl
+
+# for filetype bitfield
+IS_CERT=$(( 1 << 0 ))
+IS_CRL=$(( 1 << 1 ))
+
+
+# check to see if a file is a certificate file or a CRL file
+# arguments:
+# 1. the filename to be scanned
+# returns:
+# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
+#
+check_file()
+{
+ local IS_TYPE=0
+
+ # make IFS a newline so we can process grep output line by line
+ local OLDIFS=${IFS}
+ IFS=$( printf "\n" )
+
+ # XXX: could be more efficient to have two 'grep -m' but is -m portable?
+ for LINE in $( grep '^-----BEGIN .*-----' ${1} )
+ do
+ if echo ${LINE} \
+ | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ break
+ fi
+ elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ break
+ fi
+ fi
+ done
+
+ # restore IFS
+ IFS=${OLDIFS}
+
+ return ${IS_TYPE}
+}
+
+
+#
+# use openssl to fingerprint a file
+# arguments:
+# 1. the filename to fingerprint
+# 2. the method to use (x509, crl)
+# returns:
+# none
+# assumptions:
+# user will capture output from last stage of pipeline
+#
+fingerprint()
+{
+ ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+}
+
+
+#
+# link_hash - create links to certificate files
+# arguments:
+# 1. the filename to create a link for
+# 2. the type of certificate being linked (x509, crl)
+# returns:
+# 0 on success, 1 otherwise
+#
+link_hash()
+{
+ local FINGERPRINT=$( fingerprint ${1} ${2} )
+ local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
+ local SUFFIX=0
+ local LINKFILE=''
+ local TAG=''
+
+ if [ ${2} = "crl" ]
+ then
+ TAG='r'
+ fi
+
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+
+ while [ -f ${LINKFILE} ]
+ do
+ if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
+ then
+ echo "NOTE: Skipping duplicate file ${1}" >&2
+ return 1
+ fi
+
+ SUFFIX=$(( ${SUFFIX} + 1 ))
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+ done
+
+ echo "${3} => ${LINKFILE}"
+
+ # assume any system with a POSIX shell will either support symlinks or
+ # do something to handle this gracefully
+ ln -s ${3} ${LINKFILE}
+
+ return 0
+}
+
+
+# hash_dir create hash links in a given directory
+hash_dir()
+{
+ echo "Doing ${1}"
+
+ cd ${1}
+
+ ls -1 * 2>/dev/null | while read FILE
+ do
+ if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
+ && [ -h "${FILE}" ]
+ then
+ rm ${FILE}
+ fi
+ done
+
+ ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
+ do
+ REAL_FILE=${FILE}
+ # if we run on build host then get to the real files in rootfs
+ if [ -n "${SYSROOT}" -a -h ${FILE} ]
+ then
+ FILE=$( readlink ${FILE} )
+ # check the symlink is absolute (or dangling in other word)
+ if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
+ then
+ REAL_FILE=${SYSROOT}/${FILE}
+ fi
+ fi
+
+ check_file ${REAL_FILE}
+ local FILE_TYPE=${?}
+ local TYPE_STR=''
+
+ if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ TYPE_STR='x509'
+ elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ TYPE_STR='crl'
+ else
+ echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
+ continue
+ fi
+
+ link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
+ done
+}
+
+
+# choose the name of an ssl application
+if [ -n "${OPENSSL}" ]
+then
+ SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
+else
+ SSL_CMD=/usr/bin/openssl
+ OPENSSL=${SSL_CMD}
+ export OPENSSL
+fi
+
+# fix paths
+PATH=${PATH}:${DIR}/bin
+export PATH
+
+# confirm existance/executability of ssl command
+if ! [ -x ${SSL_CMD} ]
+then
+ echo "${0}: rehashing skipped ('openssl' program not available)" >&2
+ exit 0
+fi
+
+# determine which directories to process
+old_IFS=$IFS
+if [ ${#} -gt 0 ]
+then
+ IFS=':'
+ DIRLIST=${*}
+elif [ -n "${SSL_CERT_DIR}" ]
+then
+ DIRLIST=$SSL_CERT_DIR
+else
+ DIRLIST=${DIR}/certs
+fi
+
+IFS=':'
+
+# process directories
+for CERT_DIR in ${DIRLIST}
+do
+ if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
+ then
+ IFS=$old_IFS
+ hash_dir ${CERT_DIR}
+ IFS=':'
+ fi
+done
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/run-ptest b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest
new file mode 100644
index 000000000..65c6cc7b8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -0,0 +1,4 @@
+#!/bin/sh
+cd test
+OPENSSL_ENGINES=../engines BLDTOP=.. SRCTOP=.. perl run_tests.pl
+cd ..
diff --git a/poky/meta/recipes-connectivity/openssl/openssl10.inc b/poky/meta/recipes-connectivity/openssl/openssl10.inc
new file mode 100644
index 000000000..645d64ec8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl10.inc
@@ -0,0 +1,285 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+
+DEPENDS = "makedepend-native hostperl-runtime-native"
+DEPENDS_append_class-target = " openssl-native"
+
+PROVIDES += "openssl10"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+ "
+S = "${WORKDIR}/openssl-${PV}"
+
+PACKAGECONFIG ?= "cryptodev-linux"
+PACKAGECONFIG[perl] = ",,,"
+PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
+
+TERMIO_libc-musl = "-DTERMIOS"
+TERMIO ?= "-DTERMIO"
+# Avoid binaries being marked as requiring an executable stack since it
+# doesn't(which causes and this causes issues with SELinux
+CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
+ ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack"
+
+export DIRS = "crypto ssl apps"
+export EX_LIBS = "-lgcc -ldl"
+export AS = "${CC} -c"
+
+inherit pkgconfig siteinfo multilib_header ptest relative_symlinks
+
+PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
+FILES_${PN} =+ " ${libdir}/ssl/*"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
+RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
+
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the base openssl package and the libcrypto
+# package since the base openssl package depends on the libcrypto package.
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+RRECOMMENDS_libcrypto += "openssl-conf"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+
+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
+# vulnerability
+EXTRA_OECONF = " -no-ssl3"
+
+do_configure_prepend_darwin () {
+ sed -i -e '/version-script=openssl\.ld/d' Configure
+}
+
+do_configure () {
+ cd util
+ perl perlpath.pl ${STAGING_BINDIR_NATIVE}
+ cd ..
+ ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
+
+ os=${HOST_OS}
+ case $os in
+ linux-gnueabi |\
+ linux-gnuspe |\
+ linux-musleabi |\
+ linux-muslspe |\
+ linux-musl )
+ os=linux
+ ;;
+ *)
+ ;;
+ esac
+ target="$os-${HOST_ARCH}"
+ case $target in
+ linux-arm)
+ target=linux-armv4
+ ;;
+ linux-armeb)
+ target=linux-elf-armeb
+ ;;
+ linux-aarch64*)
+ target=linux-aarch64
+ ;;
+ linux-sh3)
+ target=debian-sh3
+ ;;
+ linux-sh4)
+ target=debian-sh4
+ ;;
+ linux-i486)
+ target=debian-i386-i486
+ ;;
+ linux-i586 | linux-viac3)
+ target=debian-i386-i586
+ ;;
+ linux-i686)
+ target=debian-i386-i686/cmov
+ ;;
+ linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+ target=linux-x32
+ ;;
+ linux-gnu64-x86_64)
+ target=linux-x86_64
+ ;;
+ linux-gnun32-mips*el)
+ target=debian-mipsn32el
+ ;;
+ linux-gnun32-mips*)
+ target=debian-mipsn32
+ ;;
+ linux-mips*64*el)
+ target=debian-mips64el
+ ;;
+ linux-mips*64*)
+ target=debian-mips64
+ ;;
+ linux-mips*el)
+ target=debian-mipsel
+ ;;
+ linux-mips*)
+ target=debian-mips
+ ;;
+ linux-microblaze*|linux-nios2*|linux-gnu*ilp32**)
+ target=linux-generic32
+ ;;
+ linux-powerpc)
+ target=linux-ppc
+ ;;
+ linux-powerpc64)
+ target=linux-ppc64
+ ;;
+ linux-riscv64)
+ target=linux-generic64
+ ;;
+ linux-riscv32)
+ target=linux-generic32
+ ;;
+ linux-supersparc)
+ target=linux-sparcv8
+ ;;
+ linux-sparc)
+ target=linux-sparcv8
+ ;;
+ darwin-i386)
+ target=darwin-i386-cc
+ ;;
+ esac
+ # inject machine-specific flags
+ sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
+ perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=${libdirleaf} $target
+}
+
+do_compile_prepend_class-target () {
+ sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+ oe_runmake depend
+ cc_sanitized=`echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g'`
+ oe_runmake CC_INFO="${cc_sanitized}"
+}
+
+do_compile () {
+ oe_runmake depend
+ oe_runmake
+}
+
+do_compile_ptest () {
+ # build dependencies for test directory too
+ export DIRS="$DIRS test"
+ oe_runmake depend
+ oe_runmake buildtest
+}
+
+do_install () {
+ # Create ${D}/${prefix} to fix parallel issues
+ mkdir -p ${D}/${prefix}/
+
+ oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
+
+ oe_libinstall -so libcrypto ${D}${libdir}
+ oe_libinstall -so libssl ${D}${libdir}
+
+ install -d ${D}${includedir}
+ cp --dereference -R include/openssl ${D}${includedir}
+
+ install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+ sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+
+ oe_multilib_header openssl/opensslconf.h
+ if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
+ sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
+ sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
+ else
+ rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
+ fi
+
+ # Create SSL structure
+ install -d ${D}${sysconfdir}/ssl/
+ mv ${D}${libdir}/ssl/openssl.cnf \
+ ${D}${libdir}/ssl/certs \
+ ${D}${libdir}/ssl/private \
+ \
+ ${D}${sysconfdir}/ssl/
+ ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+ ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
+
+ # Rename man pages to prefix openssl10-*
+ for f in `find ${D}${mandir} -type f`; do
+ mv $f $(dirname $f)/openssl10-$(basename $f)
+ done
+ for f in `find ${D}${mandir} -type l`; do
+ ln_f=`readlink $f`
+ rm -f $f
+ ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
+ done
+}
+
+do_install_ptest () {
+ cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
+
+ # Replace the path to native perl with the path to target perl
+ sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
+
+ cp Configure config e_os.h ${D}${PTEST_PATH}
+ cp -r -L include ${D}${PTEST_PATH}
+ ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
+ ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
+ mkdir -p ${D}${PTEST_PATH}/crypto
+ cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
+ cp -r certs ${D}${PTEST_PATH}
+ mkdir -p ${D}${PTEST_PATH}/apps
+ ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+ ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
+ cp apps/server.pem ${D}${PTEST_PATH}/apps
+ cp apps/server2.pem ${D}${PTEST_PATH}/apps
+ mkdir -p ${D}${PTEST_PATH}/util
+ install util/opensslwrap.sh ${D}${PTEST_PATH}/util
+ install util/shlib_wrap.sh ${D}${PTEST_PATH}/util
+ # Time stamps are relevant for "make alltests", otherwise
+ # make may try to recompile binaries. Not only must the
+ # binary files be newer than the sources, they also must
+ # be more recent than the header files in /usr/include.
+ #
+ # Using "cp -a" is not sufficient, because do_install
+ # does not preserve the original time stamps.
+ #
+ # So instead of using the original file stamps, we set
+ # the current time for all files. Binaries will get
+ # modified again later when stripping them, but that's okay.
+ touch ${D}${PTEST_PATH}
+ find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
+
+ # exclude binary files or the package won't install
+ for d in ssltest_old v3ext x509aux; do
+ rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
+ done
+
+ # Remove build host references
+ sed -i \
+ -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+ -e 's|${DEBUG_PREFIX_MAP}||g' \
+ ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
+}
+
+do_install_append_class-native() {
+ create_wrapper ${D}${bindir}/openssl \
+ OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+ SSL_CERT_DIR=${libdir}/ssl/certs \
+ SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+ OPENSSL_ENGINES=${libdir}/ssl/engines
+}
+
+BBCLASSEXTEND = "native nativesdk"
+
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
new file mode 100644
index 000000000..413ebf37f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
@@ -0,0 +1,64 @@
+require openssl10.inc
+
+# For target side versions of openssl enable support for OCF Linux driver
+# if they are available.
+
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+CFLAG_append_class-native = " -fPIC"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
+
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+
+SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
+ file://run-ptest \
+ file://openssl-c_rehash.sh \
+ file://configure-targets.patch \
+ file://shared-libs.patch \
+ file://oe-ldflags.patch \
+ file://engines-install-in-libdir-ssl.patch \
+ file://debian1.0.2/block_diginotar.patch \
+ file://debian1.0.2/block_digicert_malaysia.patch \
+ file://debian/ca.patch \
+ file://debian/c_rehash-compat.patch \
+ file://debian/debian-targets.patch \
+ file://debian/man-dir.patch \
+ file://debian/man-section.patch \
+ file://debian/no-rpath.patch \
+ file://debian/no-symbolic.patch \
+ file://debian/pic.patch \
+ file://debian1.0.2/version-script.patch \
+ file://debian1.0.2/soname.patch \
+ file://openssl_fix_for_x32.patch \
+ file://openssl-fix-des.pod-error.patch \
+ file://Makefiles-ptest.patch \
+ file://ptest-deps.patch \
+ file://ptest_makefile_deps.patch \
+ file://configure-musl-target.patch \
+ file://parallel.patch \
+ file://openssl-util-perlpath.pl-cwd.patch \
+ file://Use-SHA256-not-MD5-as-default-digest.patch \
+ file://0001-Fix-build-with-clang-using-external-assembler.patch \
+ file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
+ "
+
+SRC_URI_append_class-target = "\
+ file://reproducible-cflags.patch \
+ file://reproducible-mkbuildinf.patch \
+ "
+SRC_URI[md5sum] = "44279b8557c3247cbe324e2322ecd114"
+SRC_URI[sha256sum] = "ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d"
+
+PACKAGES =+ "${PN}-engines"
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+
+# The crypto_use_bigint patch means that perl's bignum module needs to be
+# installed, but some distributions (for example Fedora 23) don't ship it by
+# default. As the resulting error is very misleading check for bignum before
+# building.
+do_configure_prepend() {
+ if ! perl -Mbigint -e true; then
+ bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake."
+ fi
+}
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
new file mode 100644
index 000000000..94b75eb92
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
@@ -0,0 +1,161 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
+
+BBCLASSEXTEND = "native nativesdk"
+
+SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
+SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+ file://run-ptest \
+ file://openssl-c_rehash.sh \
+ file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
+ "
+
+S = "${WORKDIR}/openssl-${PV}"
+
+inherit lib_package multilib_header ptest
+
+do_configure () {
+ os=${HOST_OS}
+ case $os in
+ linux-uclibc |\
+ linux-uclibceabi |\
+ linux-gnueabi |\
+ linux-uclibcspe |\
+ linux-gnuspe |\
+ linux-musl*)
+ os=linux
+ ;;
+ *)
+ ;;
+ esac
+ target="$os-${HOST_ARCH}"
+ case $target in
+ linux-arm)
+ target=linux-armv4
+ ;;
+ linux-armeb)
+ target=linux-armv4
+ ;;
+ linux-aarch64*)
+ target=linux-aarch64
+ ;;
+ linux-sh3)
+ target=linux-generic32
+ ;;
+ linux-sh4)
+ target=linux-generic32
+ ;;
+ linux-i486)
+ target=linux-elf
+ ;;
+ linux-i586 | linux-viac3)
+ target=linux-elf
+ ;;
+ linux-i686)
+ target=linux-elf
+ ;;
+ linux-gnux32-x86_64)
+ target=linux-x32
+ ;;
+ linux-gnu64-x86_64)
+ target=linux-x86_64
+ ;;
+ linux-mips)
+ # specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+ target="linux-mips32 ${TARGET_CC_ARCH}"
+ ;;
+ linux-mipsel)
+ target="linux-mips32 ${TARGET_CC_ARCH}"
+ ;;
+ linux-gnun32-mips*)
+ target=linux-mips64
+ ;;
+ linux-*-mips64 | linux-mips64)
+ target=linux64-mips64
+ ;;
+ linux-*-mips64el | linux-mips64el)
+ target=linux64-mips64
+ ;;
+ linux-microblaze*|linux-nios2*)
+ target=linux-generic32
+ ;;
+ linux-powerpc)
+ target=linux-ppc
+ ;;
+ linux-powerpc64)
+ target=linux-ppc64
+ ;;
+ linux-riscv64)
+ target=linux-generic64
+ ;;
+ linux-riscv32)
+ target=linux-generic32
+ ;;
+ linux-supersparc)
+ target=linux-sparcv9
+ ;;
+ linux-sparc)
+ target=linux-sparcv9
+ ;;
+ darwin-i386)
+ target=darwin-i386-cc
+ ;;
+ esac
+ useprefix=${prefix}
+ if [ "x$useprefix" = "x" ]; then
+ useprefix=/
+ fi
+ libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
+ perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdirleaf} $target
+}
+
+#| engines/afalg/e_afalg.c: In function 'eventfd':
+#| engines/afalg/e_afalg.c:110:20: error: '__NR_eventfd' undeclared (first use in this function)
+#| return syscall(__NR_eventfd, n);
+#| ^~~~~~~~~~~~
+EXTRA_OECONF_aarch64 += "no-afalgeng"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF_libc-musl += "-DOPENSSL_NO_ASYNC"
+
+do_install () {
+ oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+ oe_multilib_header openssl/opensslconf.h
+}
+
+do_install_append_class-native () {
+ # Install a custom version of c_rehash that can handle sysroots properly.
+ # This version is used for example when installing ca-certificates during
+ # image creation.
+ install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+ sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+}
+
+do_install_ptest() {
+ cp -r * ${D}${PTEST_PATH}
+
+ # Putting .so files in ptest package will mess up the dependencies of the main openssl package
+ # so we rename them to .so.ptest and patch the test accordingly
+ mv ${D}${PTEST_PATH}/libcrypto.so ${D}${PTEST_PATH}/libcrypto.so.ptest
+ mv ${D}${PTEST_PATH}/libssl.so ${D}${PTEST_PATH}/libssl.so.ptest
+ sed -i 's/$target{shared_extension_simple}/".so.ptest"/' ${D}${PTEST_PATH}/test/recipes/90-test_shlibload.t
+}
+
+RDEPENDS_${PN}-ptest += "perl-module-file-spec-functions bash python"
+
+FILES_${PN} =+ " ${libdir}/ssl-1.1/*"
+
+PACKAGES =+ "${PN}-engines"
+FILES_${PN}-engines = "${libdir}/engines-1.1"
+
diff --git a/poky/meta/recipes-connectivity/ppp-dialin/files/host-peer b/poky/meta/recipes-connectivity/ppp-dialin/files/host-peer
new file mode 100644
index 000000000..e7e2e11d4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp-dialin/files/host-peer
@@ -0,0 +1,11 @@
+-detach
+defaultroute
+nocrtscts
+lock
+noauth
+lcp-echo-interval 5
+lcp-echo-failure 3
+usepeerdns
+115200
+local
+asyncmap 0
diff --git a/poky/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin b/poky/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin
new file mode 100644
index 000000000..ea2771311
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+/usr/sbin/pppd call host
diff --git a/poky/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/poky/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
new file mode 100644
index 000000000..b5f68951d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
@@ -0,0 +1,27 @@
+SUMMARY = "Enables PPP dial-in through a serial connection"
+SECTION = "console/network"
+DEPENDS = "ppp"
+RDEPENDS_${PN} = "ppp"
+PR = "r8"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+SRC_URI = "file://host-peer \
+ file://ppp-dialin"
+
+inherit allarch useradd
+
+S = "${WORKDIR}"
+
+do_install() {
+ install -d ${D}${sysconfdir}/ppp/peers
+ install -m 0644 ${WORKDIR}/host-peer ${D}${sysconfdir}/ppp/peers/host
+
+ install -d ${D}${sbindir}
+ install -m 0755 ${WORKDIR}/ppp-dialin ${D}${sbindir}
+}
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --home /dev/null \
+ --no-create-home --shell ${sbindir}/ppp-dialin \
+ --no-user-group --gid nogroup ppp"
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch b/poky/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch
new file mode 100644
index 000000000..763e37448
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch
@@ -0,0 +1,163 @@
+From 52a1e41d7541b2c936285844c59bd1be21797860 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 29 May 2015 14:57:05 -0700
+Subject: [PATCH] Fix build with musl
+
+There are several assumption about glibc
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ include/net/ppp_defs.h | 2 ++
+ pppd/Makefile.linux | 2 +-
+ pppd/magic.h | 6 +++---
+ pppd/plugins/rp-pppoe/config.h | 5 ++++-
+ pppd/plugins/rp-pppoe/plugin.c | 1 -
+ pppd/plugins/rp-pppoe/pppoe-discovery.c | 8 ++++----
+ pppd/plugins/rp-pppoe/pppoe.h | 2 +-
+ pppd/sys-linux.c | 3 ++-
+ 8 files changed, 17 insertions(+), 12 deletions(-)
+
+diff --git a/include/net/ppp_defs.h b/include/net/ppp_defs.h
+index b06eda5..dafa36c 100644
+--- a/include/net/ppp_defs.h
++++ b/include/net/ppp_defs.h
+@@ -38,6 +38,8 @@
+ #ifndef _PPP_DEFS_H_
+ #define _PPP_DEFS_H_
+
++#include <sys/time.h>
++
+ /*
+ * The basic PPP frame.
+ */
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index 8ab2102..d7e2564 100644
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -126,7 +126,7 @@ LIBS += -lcrypt
+ #endif
+
+ ifdef USE_LIBUTIL
+-CFLAGS += -DHAVE_LOGWTMP=1
++#CFLAGS += -DHAVE_LOGWTMP=1
+ LIBS += -lutil
+ endif
+
+diff --git a/pppd/magic.h b/pppd/magic.h
+index c81213b..9d399e3 100644
+--- a/pppd/magic.h
++++ b/pppd/magic.h
+@@ -42,8 +42,8 @@
+ * $Id: magic.h,v 1.5 2003/06/11 23:56:26 paulus Exp $
+ */
+
+-void magic_init __P((void)); /* Initialize the magic number generator */
+-u_int32_t magic __P((void)); /* Returns the next magic number */
++void magic_init (void); /* Initialize the magic number generator */
++u_int32_t magic (void); /* Returns the next magic number */
+
+ /* Fill buffer with random bytes */
+-void random_bytes __P((unsigned char *buf, int len));
++void random_bytes (unsigned char *buf, int len);
+diff --git a/pppd/plugins/rp-pppoe/config.h b/pppd/plugins/rp-pppoe/config.h
+index 5703087..fff032e 100644
+--- a/pppd/plugins/rp-pppoe/config.h
++++ b/pppd/plugins/rp-pppoe/config.h
+@@ -78,8 +78,9 @@
+ #define HAVE_NET_IF_ARP_H 1
+
+ /* Define if you have the <net/ethernet.h> header file. */
++#ifdef __GLIBC__
+ #define HAVE_NET_ETHERNET_H 1
+-
++#endif
+ /* Define if you have the <net/if.h> header file. */
+ #define HAVE_NET_IF_H 1
+
+@@ -102,7 +103,9 @@
+ #define HAVE_NETPACKET_PACKET_H 1
+
+ /* Define if you have the <sys/cdefs.h> header file. */
++#ifdef __GLIBC__
+ #define HAVE_SYS_CDEFS_H 1
++#endif
+
+ /* Define if you have the <sys/dlpi.h> header file. */
+ /* #undef HAVE_SYS_DLPI_H */
+diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
+index a8c2bb4..ca34d79 100644
+--- a/pppd/plugins/rp-pppoe/plugin.c
++++ b/pppd/plugins/rp-pppoe/plugin.c
+@@ -46,7 +46,6 @@ static char const RCSID[] =
+ #include <unistd.h>
+ #include <fcntl.h>
+ #include <signal.h>
+-#include <net/ethernet.h>
+ #include <net/if_arp.h>
+ #include <linux/ppp_defs.h>
+ #include <linux/if_pppox.h>
+diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+index 3d3bf4e..d42f619 100644
+--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+@@ -27,10 +27,6 @@
+ #include <linux/if_packet.h>
+ #endif
+
+-#ifdef HAVE_NET_ETHERNET_H
+-#include <net/ethernet.h>
+-#endif
+-
+ #ifdef HAVE_ASM_TYPES_H
+ #include <asm/types.h>
+ #endif
+@@ -47,6 +43,10 @@
+ #include <net/if_arp.h>
+ #endif
+
++#ifndef __GLIBC__
++#define error(x...) fprintf(stderr, x)
++#endif
++
+ char *xstrdup(const char *s);
+ void usage(void);
+
+diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
+index 9ab2eee..75b9004 100644
+--- a/pppd/plugins/rp-pppoe/pppoe.h
++++ b/pppd/plugins/rp-pppoe/pppoe.h
+@@ -92,7 +92,7 @@ typedef unsigned long UINT32_t;
+ #ifdef HAVE_SYS_SOCKET_H
+ #include <sys/socket.h>
+ #endif
+-#ifndef HAVE_SYS_DLPI_H
++#if !defined HAVE_SYS_DLPI_H && defined HAVE_NET_ETHERNET_H
+ #include <netinet/if_ether.h>
+ #endif
+ #endif
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index a105505..49b0273 100644
+--- a/pppd/sys-linux.c
++++ b/pppd/sys-linux.c
+@@ -112,7 +112,7 @@
+ #include <linux/types.h>
+ #include <linux/if.h>
+ #include <linux/if_arp.h>
+-#include <linux/route.h>
++/* #include <linux/route.h> */
+ #include <linux/if_ether.h>
+ #endif
+ #include <netinet/in.h>
+@@ -145,6 +145,7 @@
+ #endif
+
+ #ifdef INET6
++#include <net/route.h>
+ #ifndef _LINUX_IN6_H
+ /*
+ * This is in linux/include/net/ipv6.h.
+--
+2.1.4
+
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch b/poky/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch
new file mode 100644
index 000000000..ea4969b36
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch
@@ -0,0 +1,30 @@
+From ba0f6058d1f25b2b60fc31ab2656bf12a71ffdab Mon Sep 17 00:00:00 2001
+From: Lu Chong <Chong.Lu@windriver.com>
+Date: Tue, 5 Nov 2013 17:32:56 +0800
+Subject: [PATCH] ppp: Fix compilation errors in Makefile
+
+Make can't exit while compilation error occurs in subdir for plugins building.
+
+Upstream-Status: Pending
+
+Signed-off-by: Lu Chong <Chong.Lu@windriver.com>
+---
+ pppd/plugins/Makefile.linux | 1 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
+index 0a7ec7b..2a2c15a 100644
+--- a/pppd/plugins/Makefile.linux
++++ b/pppd/plugins/Makefile.linux
+@@ -20,7 +20,7 @@ include .depend
+ endif
+
+ all: $(PLUGINS)
+- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
++ for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all || exit 1; done
+
+ %.so: %.c
+ $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch b/poky/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch
new file mode 100644
index 000000000..a32f89fbc
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch
@@ -0,0 +1,43 @@
+commit cd90fd147844a0cfec101f1e2db7a3c59d236621
+Author: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Wed Dec 28 14:11:22 2016 +0200
+
+pppol2tp plugin: Remove unneeded include
+
+The include is not required and will break compile on musl libc with
+
+| In file included from pppol2tp.c:34:0:
+| /usr/include/linux/if.h:97:2: error: expected identifier before numeric constant
+| IFF_LOWER_UP = 1<<16, /* __volatile__ */
+
+Patch originally from Khem Raj.
+
+Upstream-Status: Pending [https://github.com/paulusmack/ppp/issues/73]
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+
+diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
+index 9643b96..458316b 100644
+--- a/pppd/plugins/pppol2tp/openl2tp.c
++++ b/pppd/plugins/pppol2tp/openl2tp.c
+@@ -47,7 +47,6 @@
+ #include <linux/if_ether.h>
+ #include <linux/ppp_defs.h>
+ #include <linux/if_ppp.h>
+-#include <linux/if_pppox.h>
+ #include <linux/if_pppol2tp.h>
+
+ #include "l2tp_event.h"
+diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
+index 0e28606..4f6d98c 100644
+--- a/pppd/plugins/pppol2tp/pppol2tp.c
++++ b/pppd/plugins/pppol2tp/pppol2tp.c
+@@ -46,7 +46,6 @@
+ #include <linux/if_ether.h>
+ #include <linux/ppp_defs.h>
+ #include <linux/if_ppp.h>
+-#include <linux/if_pppox.h>
+ #include <linux/if_pppol2tp.h>
+
+ /* should be added to system's socket.h... */
+---
+
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch b/poky/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch
new file mode 100644
index 000000000..9362d1264
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch
@@ -0,0 +1,54 @@
+From 50a2997b256e0e0ef7a46fae133f56f60fce539c Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Mon, 9 Jan 2017 13:34:23 +0000
+Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
+
+This fixes builds with newer kernels. Basically, <netinet/in.h> needs to be
+included before <linux/in.h> otherwise the earlier, unaware of the latter,
+tries to redefine symbols and structures. Also, <linux/if_pppox.h> doesn't work
+alone anymore, since it pulls the headers in the wrong order, so we better
+include <netinet/in.h> early.
+
+Upstream-Status: Backport
+[https://github.com/paulusmack/ppp/commit/50a2997b256e0e0ef7a46fae133f56f60fce539c]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ pppd/plugins/rp-pppoe/pppoe.h | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
+index 9ab2eee..c4aaa6e 100644
+--- a/pppd/plugins/rp-pppoe/pppoe.h
++++ b/pppd/plugins/rp-pppoe/pppoe.h
+@@ -47,6 +47,10 @@
+ #include <sys/socket.h>
+ #endif
+
++/* This has to be included before Linux 4.8's linux/in.h
++ * gets dragged in. */
++#include <netinet/in.h>
++
+ /* Ugly header files on some Linux boxes... */
+ #if defined(HAVE_LINUX_IF_H)
+ #include <linux/if.h>
+@@ -84,8 +88,6 @@ typedef unsigned long UINT32_t;
+ #include <linux/if_ether.h>
+ #endif
+
+-#include <netinet/in.h>
+-
+ #ifdef HAVE_NETINET_IF_ETHER_H
+ #include <sys/types.h>
+
+@@ -98,7 +100,6 @@ typedef unsigned long UINT32_t;
+ #endif
+
+
+-
+ /* Ethernet frame types according to RFC 2516 */
+ #define ETH_PPPOE_DISCOVERY 0x8863
+ #define ETH_PPPOE_SESSION 0x8864
+--
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/08setupdns b/poky/meta/recipes-connectivity/ppp/ppp/08setupdns
new file mode 100644
index 000000000..998219de9
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/08setupdns
@@ -0,0 +1,12 @@
+#!/bin/sh
+ACTUALCONF=/var/run/resolv.conf
+PPPCONF=/var/run/ppp/resolv.conf
+if [ -f $PPPCONF ] ; then
+ if [ -f $ACTUALCONF ] ; then
+ if [ ! -h $ACTUALCONF -o ! "`readlink $ACTUALCONF 2>&1`" = "$PPPCONF" ] ; then
+ mv $ACTUALCONF $ACTUALCONF.ppporig
+ fi
+ fi
+
+ ln -sf $PPPCONF $ACTUALCONF
+fi
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/92removedns b/poky/meta/recipes-connectivity/ppp/ppp/92removedns
new file mode 100644
index 000000000..2eadec689
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/92removedns
@@ -0,0 +1,5 @@
+#!/bin/sh
+ACTUALCONF=/var/run/resolv.conf
+if [ -f $ACTUALCONF.ppporig ] ; then
+ mv $ACTUALCONF.ppporig $ACTUALCONF
+fi
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch b/poky/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch
new file mode 100644
index 000000000..7dd69d8f4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch
@@ -0,0 +1,297 @@
+This patch comes from OpenEmbedded.
+The original patch is from Debian / SuSE to implement replacedefaultroute
+Rebased it to fit ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
+
+Upstream-Status: Inappropriate [debian/suse patches]
+
+Index: ppp-2.4.7/pppd/ipcp.c
+===================================================================
+--- ppp-2.4.7.orig/pppd/ipcp.c
++++ ppp-2.4.7/pppd/ipcp.c
+@@ -198,6 +198,16 @@ static option_t ipcp_option_list[] = {
+ "disable defaultroute option", OPT_ALIAS | OPT_A2CLR,
+ &ipcp_wantoptions[0].default_route },
+
++#ifdef __linux__
++ { "replacedefaultroute", o_bool,
++ &ipcp_wantoptions[0].replace_default_route,
++ "Replace default route", 1
++ },
++ { "noreplacedefaultroute", o_bool,
++ &ipcp_allowoptions[0].replace_default_route,
++ "Never replace default route", OPT_A2COPY,
++ &ipcp_wantoptions[0].replace_default_route },
++#endif
+ { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp,
+ "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp },
+ { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp,
+@@ -271,7 +281,7 @@ struct protent ipcp_protent = {
+ ip_active_pkt
+ };
+
+-static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t));
++static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t, bool));
+ static void ipcp_script __P((char *, int)); /* Run an up/down script */
+ static void ipcp_script_done __P((void *));
+
+@@ -1761,7 +1771,12 @@ ip_demand_conf(u)
+ if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE))
+ return 0;
+ if (wo->default_route)
++#ifndef __linux__
+ if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr))
++#else
++ if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr,
++ wo->replace_default_route))
++#endif
+ default_route_set[u] = 1;
+ if (wo->proxy_arp)
+ if (sifproxyarp(u, wo->hisaddr))
+@@ -1849,7 +1864,8 @@ ipcp_up(f)
+ */
+ if (demand) {
+ if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) {
+- ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr);
++ ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr,
++ wo->replace_default_route);
+ if (go->ouraddr != wo->ouraddr) {
+ warn("Local IP address changed to %I", go->ouraddr);
+ script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0);
+@@ -1874,7 +1890,12 @@ ipcp_up(f)
+
+ /* assign a default route through the interface if required */
+ if (ipcp_wantoptions[f->unit].default_route)
++#ifndef __linux__
+ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr))
++#else
++ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr,
++ wo->replace_default_route))
++#endif
+ default_route_set[f->unit] = 1;
+
+ /* Make a proxy ARP entry if requested. */
+@@ -1924,7 +1945,12 @@ ipcp_up(f)
+
+ /* assign a default route through the interface if required */
+ if (ipcp_wantoptions[f->unit].default_route)
++#ifndef __linux__
+ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr))
++#else
++ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr,
++ wo->replace_default_route))
++#endif
+ default_route_set[f->unit] = 1;
+
+ /* Make a proxy ARP entry if requested. */
+@@ -2002,7 +2028,7 @@ ipcp_down(f)
+ sifnpmode(f->unit, PPP_IP, NPMODE_DROP);
+ sifdown(f->unit);
+ ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr,
+- ipcp_hisoptions[f->unit].hisaddr);
++ ipcp_hisoptions[f->unit].hisaddr, 0);
+ }
+
+ /* Execute the ip-down script */
+@@ -2018,12 +2044,21 @@ ipcp_down(f)
+ * proxy arp entries, etc.
+ */
+ static void
+-ipcp_clear_addrs(unit, ouraddr, hisaddr)
++ipcp_clear_addrs(unit, ouraddr, hisaddr, replacedefaultroute)
+ int unit;
+ u_int32_t ouraddr; /* local address */
+ u_int32_t hisaddr; /* remote address */
++ bool replacedefaultroute;
+ {
+- if (proxy_arp_set[unit]) {
++ /* If replacedefaultroute, sifdefaultroute will be called soon
++ * with replacedefaultroute set and that will overwrite the current
++ * default route. This is the case only when doing demand, otherwise
++ * during demand, this cifdefaultroute would restore the old default
++ * route which is not what we want in this case. In the non-demand
++ * case, we'll delete the default route and restore the old if there
++ * is one saved by an sifdefaultroute with replacedefaultroute.
++ */
++ if (!replacedefaultroute && default_route_set[unit]) {
+ cifproxyarp(unit, hisaddr);
+ proxy_arp_set[unit] = 0;
+ }
+Index: ppp-2.4.7/pppd/ipcp.h
+===================================================================
+--- ppp-2.4.7.orig/pppd/ipcp.h
++++ ppp-2.4.7/pppd/ipcp.h
+@@ -70,6 +70,7 @@ typedef struct ipcp_options {
+ bool old_addrs; /* Use old (IP-Addresses) option? */
+ bool req_addr; /* Ask peer to send IP address? */
+ bool default_route; /* Assign default route through interface? */
++ bool replace_default_route; /* Replace default route through interface? */
+ bool proxy_arp; /* Make proxy ARP entry for peer? */
+ bool neg_vj; /* Van Jacobson Compression? */
+ bool old_vj; /* use old (short) form of VJ option? */
+Index: ppp-2.4.7/pppd/pppd.8
+===================================================================
+--- ppp-2.4.7.orig/pppd/pppd.8
++++ ppp-2.4.7/pppd/pppd.8
+@@ -121,6 +121,13 @@ the gateway, when IPCP negotiation is su
+ This entry is removed when the PPP connection is broken. This option
+ is privileged if the \fInodefaultroute\fR option has been specified.
+ .TP
++.B replacedefaultroute
++This option is a flag to the defaultroute option. If defaultroute is
++set and this flag is also set, pppd replaces an existing default route
++with the new default route.
++
++
++.TP
+ .B disconnect \fIscript
+ Execute the command specified by \fIscript\fR, by passing it to a
+ shell, after
+@@ -734,7 +741,12 @@ disable both forms of hardware flow cont
+ .TP
+ .B nodefaultroute
+ Disable the \fIdefaultroute\fR option. The system administrator who
+-wishes to prevent users from creating default routes with pppd
++wishes to prevent users from adding a default route with pppd
++can do so by placing this option in the /etc/ppp/options file.
++.TP
++.B noreplacedefaultroute
++Disable the \fIreplacedefaultroute\fR option. The system administrator who
++wishes to prevent users from replacing a default route with pppd
+ can do so by placing this option in the /etc/ppp/options file.
+ .TP
+ .B nodeflate
+Index: ppp-2.4.7/pppd/pppd.h
+===================================================================
+--- ppp-2.4.7.orig/pppd/pppd.h
++++ ppp-2.4.7/pppd/pppd.h
+@@ -665,7 +665,11 @@ int sif6addr __P((int, eui64_t, eui64_t
+ int cif6addr __P((int, eui64_t, eui64_t));
+ /* Remove an IPv6 address from i/f */
+ #endif
++#ifndef __linux__
+ int sifdefaultroute __P((int, u_int32_t, u_int32_t));
++#else
++int sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt));
++#endif
+ /* Create default route through i/f */
+ int cifdefaultroute __P((int, u_int32_t, u_int32_t));
+ /* Delete default route through i/f */
+Index: ppp-2.4.7/pppd/sys-linux.c
+===================================================================
+--- ppp-2.4.7.orig/pppd/sys-linux.c
++++ ppp-2.4.7/pppd/sys-linux.c
+@@ -207,6 +207,8 @@ static unsigned char inbuf[512]; /* buff
+ static int if_is_up; /* Interface has been marked up */
+ static int if6_is_up; /* Interface has been marked up for IPv6, to help differentiate */
+ static int have_default_route; /* Gateway for default route added */
++static struct rtentry old_def_rt; /* Old default route */
++static int default_rt_repl_rest; /* replace and restore old default rt */
+ static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */
+ static char proxy_arp_dev[16]; /* Device for proxy arp entry */
+ static u_int32_t our_old_addr; /* for detecting address changes */
+@@ -1545,6 +1547,9 @@ static int read_route_table(struct rtent
+ p = NULL;
+ }
+
++ SET_SA_FAMILY (rt->rt_dst, AF_INET);
++ SET_SA_FAMILY (rt->rt_gateway, AF_INET);
++
+ SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16);
+ SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16);
+ SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16);
+@@ -1614,20 +1619,51 @@ int have_route_to(u_int32_t addr)
+ /********************************************************************
+ *
+ * sifdefaultroute - assign a default route through the address given.
+- */
+-
+-int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway)
+-{
+- struct rtentry rt;
+-
+- if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) {
+- if (rt.rt_flags & RTF_GATEWAY)
+- error("not replacing existing default route via %I",
+- SIN_ADDR(rt.rt_gateway));
+- else
+- error("not replacing existing default route through %s",
+- rt.rt_dev);
+- return 0;
++ *
++ * If the global default_rt_repl_rest flag is set, then this function
++ * already replaced the original system defaultroute with some other
++ * route and it should just replace the current defaultroute with
++ * another one, without saving the current route. Use: demand mode,
++ * when pppd sets first a defaultroute it it's temporary ppp0 addresses
++ * and then changes the temporary addresses to the addresses for the real
++ * ppp connection when it has come up.
++ */
++
++int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replace)
++{
++ struct rtentry rt, tmp_rt;
++ struct rtentry *del_rt = NULL;
++
++ if (default_rt_repl_rest) {
++ /* We have already reclaced the original defaultroute, if we
++ * are called again, we will delete the current default route
++ * and set the new default route in this function.
++ * - this is normally only the case the doing demand: */
++ if (defaultroute_exists( &tmp_rt ))
++ del_rt = &tmp_rt;
++ } else if ( defaultroute_exists( &old_def_rt ) &&
++ strcmp( old_def_rt.rt_dev, ifname ) != 0) {
++ /* We did not yet replace an existing default route, let's
++ * check if we should save and replace a default route:
++ */
++ u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway);
++ if (old_gateway != gateway) {
++ if (!replace) {
++ error("not replacing default route to %s [%I]",
++ old_def_rt.rt_dev, old_gateway);
++ return 0;
++ } else {
++ // we need to copy rt_dev because we need it permanent too:
++ char * tmp_dev = malloc(strlen(old_def_rt.rt_dev)+1);
++ strcpy(tmp_dev, old_def_rt.rt_dev);
++ old_def_rt.rt_dev = tmp_dev;
++
++ notice("replacing old default route to %s [%I]",
++ old_def_rt.rt_dev, old_gateway);
++ default_rt_repl_rest = 1;
++ del_rt = &old_def_rt;
++ }
++ }
+ }
+
+ memset (&rt, 0, sizeof (rt));
+@@ -1646,6 +1682,12 @@ int sifdefaultroute (int unit, u_int32_t
+ error("default route ioctl(SIOCADDRT): %m");
+ return 0;
+ }
++ if (default_rt_repl_rest && del_rt)
++ if (ioctl(sock_fd, SIOCDELRT, del_rt) < 0) {
++ if ( ! ok_error ( errno ))
++ error("del old default route ioctl(SIOCDELRT): %m(%d)", errno);
++ return 0;
++ }
+
+ have_default_route = 1;
+ return 1;
+@@ -1681,6 +1723,16 @@ int cifdefaultroute (int unit, u_int32_t
+ return 0;
+ }
+ }
++ if (default_rt_repl_rest) {
++ notice("restoring old default route to %s [%I]",
++ old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway));
++ if (ioctl(sock_fd, SIOCADDRT, &old_def_rt) < 0) {
++ if ( ! ok_error ( errno ))
++ error("restore default route ioctl(SIOCADDRT): %m(%d)", errno);
++ return 0;
++ }
++ default_rt_repl_rest = 0;
++ }
+
+ return 1;
+ }
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/copts.patch b/poky/meta/recipes-connectivity/ppp/ppp/copts.patch
new file mode 100644
index 000000000..53ff06e03
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/copts.patch
@@ -0,0 +1,21 @@
+ppp: use build system CFLAGS when compiling
+
+Upstream-Status: Pending
+
+Override the hard-coded COPTS make variables with
+CFLAGS. Add COPTS into one Makefile that did not
+use it.
+
+Signed-off-by: Joe Slater <jslater@windriver.com>
+
+--- a/pppd/plugins/radius/Makefile.linux
++++ b/pppd/plugins/radius/Makefile.linux
+@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/
+ INSTALL = install
+
+ PLUGIN=radius.so radattr.so radrealms.so
+-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
++CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
+
+ # Uncomment the next line to include support for Microsoft's
+ # MS-CHAP authentication protocol.
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
new file mode 100644
index 000000000..c5a0be86f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
@@ -0,0 +1,30 @@
+ppp: Buffer overflow in radius plugin
+
+From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450
+
+Upstream-Status: Backport
+CVE: CVE-2015-3310
+
+On systems with more than 65535 processes running, pppd aborts when
+sending a "start" accounting message to the RADIUS server because of a
+buffer overflow in rc_mksid.
+
+The process id is used in rc_mksid to generate a pseudo-unique string,
+assuming that the hex representation of the pid will be at most 4
+characters (FFFF). __sprintf_chk(), used when compiling with
+optimization levels greater than 0 and FORTIFY_SOURCE, detects the
+buffer overflow and makes pppd crash.
+
+The following patch fixes the problem.
+
+--- ppp-2.4.6.orig/pppd/plugins/radius/util.c
++++ ppp-2.4.6/pppd/plugins/radius/util.c
+@@ -77,7 +77,7 @@ rc_mksid (void)
+ static unsigned short int cnt = 0;
+ sprintf (buf, "%08lX%04X%02hX",
+ (unsigned long int) time (NULL),
+- (unsigned int) getpid (),
++ (unsigned int) getpid () % 65535,
+ cnt & 0xFF);
+ cnt++;
+ return buf;
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/init b/poky/meta/recipes-connectivity/ppp/ppp/init
new file mode 100755
index 000000000..0c0136049
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/init
@@ -0,0 +1,57 @@
+#!/bin/sh
+#
+# /etc/init.d/ppp: start or stop PPP link.
+#
+# If you want PPP started on boot time (most dialup systems won't need it)
+# rename the /etc/ppp/no_ppp_on_boot file to /etc/ppp/ppp_on_boot, and
+# follow the instructions in the comments in that file.
+
+# Source function library.
+. /etc/init.d/functions
+
+test -x /usr/sbin/pppd -a -f /etc/ppp/ppp_on_boot || exit 0
+if [ -x /etc/ppp/ppp_on_boot ]; then RUNFILE=1; fi
+
+case "$1" in
+ start)
+ echo -n "Starting up PPP link: pppd"
+ if [ "$RUNFILE" = "1" ]; then
+ /etc/ppp/ppp_on_boot
+ else
+ pppd call provider
+ fi
+ echo "."
+ ;;
+ stop)
+ echo -n "Shutting down PPP link: pppd"
+ if [ "$RUNFILE" = "1" ]; then
+ poff
+ else
+ poff provider
+ fi
+ echo "."
+ ;;
+ status)
+ status /usr/sbin/pppd;
+ exit $?
+ ;;
+ restart|force-reload)
+ echo -n "Restarting PPP link: pppd"
+ if [ "$RUNFILE" = "1" ]; then
+ poff
+ sleep 5
+ /etc/ppp/ppp_on_boot
+ else
+ poff provider
+ sleep 5
+ pppd call provider
+ fi
+ echo "."
+ ;;
+ *)
+ echo "Usage: /etc/init.d/ppp {start|stop|status|restart|force-reload}"
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/ip-down b/poky/meta/recipes-connectivity/ppp/ppp/ip-down
new file mode 100755
index 000000000..06d35487a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/ip-down
@@ -0,0 +1,43 @@
+#!/bin/sh
+#
+# $Id: ip-down,v 1.2 1998/02/10 21:21:55 phil Exp $
+#
+# This script is run by the pppd _after_ the link is brought down.
+# It uses run-parts to run scripts in /etc/ppp/ip-down.d, so to delete
+# routes, unset IP addresses etc. you should create script(s) there.
+#
+# Be aware that other packages may include /etc/ppp/ip-down.d scripts (named
+# after that package), so choose local script names with that in mind.
+#
+# This script is called with the following arguments:
+# Arg Name Example
+# $1 Interface name ppp0
+# $2 The tty ttyS1
+# $3 The link speed 38400
+# $4 Local IP number 12.34.56.78
+# $5 Peer IP number 12.34.56.99
+# $6 Optional ``ipparam'' value foo
+
+# The environment is cleared before executing this script
+# so the path must be reset
+PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+export PATH
+# These variables are for the use of the scripts run by run-parts
+PPP_IFACE="$1"
+PPP_TTY="$2"
+PPP_SPEED="$3"
+PPP_LOCAL="$4"
+PPP_REMOTE="$5"
+PPP_IPPARAM="$6"
+export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
+
+# as an additional convenience, $PPP_TTYNAME is set to the tty name,
+# stripped of /dev/ (if present) for easier matching.
+PPP_TTYNAME=`/usr/bin/basename "$2"`
+export PPP_TTYNAME
+
+# Main Script starts here
+
+run-parts /etc/ppp/ip-down.d
+
+# last line
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/ip-up b/poky/meta/recipes-connectivity/ppp/ppp/ip-up
new file mode 100755
index 000000000..fc2fae9fe
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/ip-up
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# $Id: ip-up,v 1.2 1998/02/10 21:25:34 phil Exp $
+#
+# This script is run by the pppd after the link is established.
+# It uses run-parts to run scripts in /etc/ppp/ip-up.d, so to add routes,
+# set IP address, run the mailq etc. you should create script(s) there.
+#
+# Be aware that other packages may include /etc/ppp/ip-up.d scripts (named
+# after that package), so choose local script names with that in mind.
+#
+# This script is called with the following arguments:
+# Arg Name Example
+# $1 Interface name ppp0
+# $2 The tty ttyS1
+# $3 The link speed 38400
+# $4 Local IP number 12.34.56.78
+# $5 Peer IP number 12.34.56.99
+# $6 Optional ``ipparam'' value foo
+
+# The environment is cleared before executing this script
+# so the path must be reset
+PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+export PATH
+# These variables are for the use of the scripts run by run-parts
+PPP_IFACE="$1"
+PPP_TTY="$2"
+PPP_SPEED="$3"
+PPP_LOCAL="$4"
+PPP_REMOTE="$5"
+PPP_IPPARAM="$6"
+export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
+
+
+# as an additional convenience, $PPP_TTYNAME is set to the tty name,
+# stripped of /dev/ (if present) for easier matching.
+PPP_TTYNAME=`/usr/bin/basename "$2"`
+export PPP_TTYNAME
+
+# Main Script starts here
+
+run-parts /etc/ppp/ip-up.d
+
+# last line
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch b/poky/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
new file mode 100644
index 000000000..8a69396cc
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
@@ -0,0 +1,38 @@
+The patch comes from OpenEmbedded.
+Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
+
+Updated from OE-Classic to include the pcap hunk.
+Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
+
+Upstream-Status: Inappropriate [configuration]
+
+Index: ppp-2.4.7/pppd/Makefile.linux
+===================================================================
+--- ppp-2.4.7.orig/pppd/Makefile.linux
++++ ppp-2.4.7/pppd/Makefile.linux
+@@ -120,10 +120,10 @@ CFLAGS += -DHAS_SHADOW
+ #LIBS += -lshadow $(LIBS)
+ endif
+
+-ifneq ($(wildcard /usr/include/crypt.h),)
++#ifneq ($(wildcard /usr/include/crypt.h),)
+ CFLAGS += -DHAVE_CRYPT_H=1
+ LIBS += -lcrypt
+-endif
++#endif
+
+ ifdef USE_LIBUTIL
+ CFLAGS += -DHAVE_LOGWTMP=1
+@@ -177,10 +177,10 @@ LIBS += -ldl
+ endif
+
+ ifdef FILTER
+-ifneq ($(wildcard /usr/include/pcap-bpf.h),)
++#ifneq ($(wildcard /usr/include/pcap-bpf.h),)
+ LIBS += -lpcap
+ CFLAGS += -DPPP_FILTER
+-endif
++#endif
+ endif
+
+ ifdef HAVE_INET6
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/makefile.patch b/poky/meta/recipes-connectivity/ppp/ppp/makefile.patch
new file mode 100644
index 000000000..2d09baf5d
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/makefile.patch
@@ -0,0 +1,95 @@
+The patch comes from OpenEmbedded
+Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
+
+Upstream-Status: Inappropriate [configuration]
+
+diff -ruN ppp-2.4.5-orig/chat/Makefile.linux ppp-2.4.5/chat/Makefile.linux
+--- ppp-2.4.5-orig/chat/Makefile.linux 2010-06-30 15:51:12.050166398 +0800
++++ ppp-2.4.5/chat/Makefile.linux 2010-06-30 15:51:30.450118446 +0800
+@@ -25,7 +25,7 @@
+
+ install: chat
+ mkdir -p $(BINDIR) $(MANDIR)
+- $(INSTALL) -s -c chat $(BINDIR)
++ $(INSTALL) -c chat $(BINDIR)
+ $(INSTALL) -c -m 644 chat.8 $(MANDIR)
+
+ clean:
+diff -ruN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux
+--- ppp-2.4.5-orig/pppd/Makefile.linux 2010-06-30 15:51:12.043682063 +0800
++++ ppp-2.4.5/pppd/Makefile.linux 2010-06-30 15:52:11.214170607 +0800
+@@ -99,7 +99,7 @@
+ CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
+ LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto
+ TARGETS += srp-entry
+-EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry
++EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
+ MANPAGES += srp-entry.8
+ EXTRACLEAN += srp-entry.o
+ NEEDDES=y
+@@ -200,7 +200,7 @@
+ install: pppd
+ mkdir -p $(BINDIR) $(MANDIR)
+ $(EXTRAINSTALL)
+- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd
++ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
+ if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
+ chmod o-rx,u+s $(BINDIR)/pppd; fi
+ $(INSTALL) -c -m 444 pppd.8 $(MANDIR)
+diff -ruN ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux ppp-2.4.5/pppd/plugins/radius/Makefile.linux
+--- ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux 2010-06-30 15:51:12.047676187 +0800
++++ ppp-2.4.5/pppd/plugins/radius/Makefile.linux 2010-06-30 15:53:47.750182267 +0800
+@@ -36,11 +36,11 @@
+
+ install: all
+ $(INSTALL) -d -m 755 $(LIBDIR)
+- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR)
+- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR)
+- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR)
+- $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR)
+- $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
++ $(INSTALL) -c -m 755 radius.so $(LIBDIR)
++ $(INSTALL) -c -m 755 radattr.so $(LIBDIR)
++ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR)
++ $(INSTALL) -m 444 pppd-radius.8 $(MANDIR)
++ $(INSTALL) -m 444 pppd-radattr.8 $(MANDIR)
+
+ radius.so: radius.o libradiusclient.a
+ $(CC) -o radius.so -shared radius.o libradiusclient.a
+diff -ruN ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux
+--- ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux 2010-06-30 15:51:12.047676187 +0800
++++ ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux 2010-06-30 15:53:15.454486877 +0800
+@@ -43,9 +43,9 @@
+
+ install: all
+ $(INSTALL) -d -m 755 $(LIBDIR)
+- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR)
++ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
+ $(INSTALL) -d -m 755 $(BINDIR)
+- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR)
++ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
+
+ clean:
+ rm -f *.o *.so pppoe-discovery
+diff -ruN ppp-2.4.5-orig/pppdump/Makefile.linux ppp-2.4.5/pppdump/Makefile.linux
+--- ppp-2.4.5-orig/pppdump/Makefile.linux 2010-06-30 15:51:12.058183383 +0800
++++ ppp-2.4.5/pppdump/Makefile.linux 2010-06-30 15:52:25.762183537 +0800
+@@ -17,5 +17,5 @@
+
+ install:
+ mkdir -p $(BINDIR) $(MANDIR)
+- $(INSTALL) -s -c pppdump $(BINDIR)
++ $(INSTALL) -c pppdump $(BINDIR)
+ $(INSTALL) -c -m 444 pppdump.8 $(MANDIR)
+diff -ruN ppp-2.4.5-orig/pppstats/Makefile.linux ppp-2.4.5/pppstats/Makefile.linux
+--- ppp-2.4.5-orig/pppstats/Makefile.linux 2010-06-30 15:51:12.058183383 +0800
++++ ppp-2.4.5/pppstats/Makefile.linux 2010-06-30 15:52:42.486341081 +0800
+@@ -22,7 +22,7 @@
+
+ install: pppstats
+ -mkdir -p $(MANDIR)
+- $(INSTALL) -s -c pppstats $(BINDIR)
++ $(INSTALL) -c pppstats $(BINDIR)
+ $(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
+
+ pppstats: $(PPPSTATSRCS)
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/pap b/poky/meta/recipes-connectivity/ppp/ppp/pap
new file mode 100644
index 000000000..093c32607
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/pap
@@ -0,0 +1,22 @@
+# You can use this script unmodified to connect to sites which allow
+# authentication via PAP, CHAP and similar protocols.
+# This script can be shared among different pppd peer configurations.
+# To use it, add something like this to your /etc/ppp/peers/ file:
+#
+# connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T PHONE-NUMBER"
+# user YOUR-USERNAME-IN-PAP-SECRETS
+# noauth
+
+# Uncomment the following line to see the connect speed.
+# It will be logged to stderr or to the file specified with the -r chat option.
+#REPORT CONNECT
+
+ABORT BUSY
+ABORT VOICE
+ABORT "NO CARRIER"
+ABORT "NO DIALTONE"
+ABORT "NO DIAL TONE"
+"" ATZ
+OK ATDT\T
+CONNECT ""
+
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/poff b/poky/meta/recipes-connectivity/ppp/ppp/poff
new file mode 100644
index 000000000..0521a9406
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/poff
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# Lets see how many pppds are running....
+set -- `cat /var/run/ppp*.pid 2>/dev/null`
+
+case $# in
+ 0) # pppd only creates a pid file once ppp is up, so let's try killing pppd
+ # on the assumption that we've not got that far yet.
+ killall pppd
+ ;;
+ 1) # If only one was running then it can be killed (apparently killall
+ # caused problems for some, so lets try killing the pid from the file)
+ kill $1
+ ;;
+ *) # More than one! Aieehh.. Dont know which one to kill.
+ echo "More than one pppd running. None stopped"
+ exit 1
+ ;;
+esac
+
+if [ -r /var/run/ppp-quick ]
+then
+ rm -f /var/run/ppp-quick
+fi
+
+exit 0
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/pon b/poky/meta/recipes-connectivity/ppp/ppp/pon
new file mode 100644
index 000000000..91c059501
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/pon
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$1" = "quick" ]
+then
+ touch /var/run/ppp-quick
+ shift
+fi
+
+/usr/sbin/pppd call ${1:-provider}
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/ppp@.service b/poky/meta/recipes-connectivity/ppp/ppp/ppp@.service
new file mode 100644
index 000000000..2bf0b5e34
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/ppp@.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=PPP link to %I
+Before=network.target
+
+[Service]
+ExecStart=@SBINDIR@/pppd call %I nodetach nolog
+
+[Install]
+WantedBy=multi-user.target
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/ppp_on_boot b/poky/meta/recipes-connectivity/ppp/ppp/ppp_on_boot
new file mode 100644
index 000000000..979376184
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/ppp_on_boot
@@ -0,0 +1,21 @@
+###!/bin/sh
+#
+# Rename this file to ppp_on_boot and pppd will be fired up as
+# soon as the system comes up, connecting to `provider'.
+#
+# If you also make this file executable, and replace the first line
+# with just "#!/bin/sh", the commands below will be executed instead.
+#
+
+# The location of the ppp daemon itself (shouldn't need to be changed)
+PPPD=/usr/sbin/pppd
+
+# The default provider to connect to
+$PPPD call provider
+
+# Additional connections, which would just use settings from
+# /etc/ppp/options.<tty>
+#$PPPD ttyS0
+#$PPPD ttyS1
+#$PPPD ttyS2
+#$PPPD ttyS3
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch b/poky/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch
new file mode 100644
index 000000000..a72414ff8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch
@@ -0,0 +1,45 @@
+The patch comes from OpenEmbedded
+Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
+
+Upstream-Status: Inappropriate [embedded specific]
+
+diff -ruN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
+--- ppp-2.4.5-orig/pppd/ipcp.c 2010-06-30 15:51:12.050166398 +0800
++++ ppp-2.4.5/pppd/ipcp.c 2010-06-30 17:02:33.930393283 +0800
+@@ -55,6 +55,8 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
++#include <sys/stat.h>
++#include <unistd.h>
+
+ #include "pppd.h"
+ #include "fsm.h"
+@@ -2095,6 +2097,14 @@
+ u_int32_t peerdns1, peerdns2;
+ {
+ FILE *f;
++ struct stat dirinfo;
++
++ if(stat(_PATH_OUTDIR, &dirinfo)) {
++ if(mkdir(_PATH_OUTDIR, 0775)) {
++ error("Failed to create directory %s: %m", _PATH_OUTDIR);
++ return;
++ }
++ }
+
+ f = fopen(_PATH_RESOLV, "w");
+ if (f == NULL) {
+diff -ruN ppp-2.4.5-orig/pppd/pathnames.h ppp-2.4.5/pppd/pathnames.h
+--- ppp-2.4.5-orig/pppd/pathnames.h 2010-06-30 15:51:12.043682063 +0800
++++ ppp-2.4.5/pppd/pathnames.h 2010-06-30 17:03:20.594371055 +0800
+@@ -30,7 +30,8 @@
+ #define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."
+ #define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"
+ #define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"
+-#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf"
++#define _PATH_OUTDIR _ROOT_PATH _PATH_VARRUN "/ppp"
++#define _PATH_RESOLV _PATH_OUTDIR "/resolv.conf"
+
+ #define _PATH_USEROPT ".ppprc"
+ #define _PATH_PSEUDONYM ".ppp_pseudonym"
diff --git a/poky/meta/recipes-connectivity/ppp/ppp/provider b/poky/meta/recipes-connectivity/ppp/ppp/provider
new file mode 100644
index 000000000..e74d71a8e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
new file mode 100644
index 000000000..a5f764f6e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
@@ -0,0 +1,101 @@
+SUMMARY = "Point-to-Point Protocol (PPP) support"
+DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \
+the Point-to-Point Protocol (PPP) on Linux and Solaris systems."
+SECTION = "console/network"
+HOMEPAGE = "http://samba.org/ppp/"
+BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
+DEPENDS = "libpcap"
+LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"
+LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
+ file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
+ file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \
+ file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"
+
+SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
+ file://makefile.patch \
+ file://cifdefroute.patch \
+ file://pppd-resolv-varrun.patch \
+ file://makefile-remove-hard-usr-reference.patch \
+ file://pon \
+ file://poff \
+ file://init \
+ file://ip-up \
+ file://ip-down \
+ file://08setupdns \
+ file://92removedns \
+ file://copts.patch \
+ file://pap \
+ file://ppp_on_boot \
+ file://provider \
+ file://0001-ppp-Fix-compilation-errors-in-Makefile.patch \
+ file://ppp@.service \
+ file://fix-CVE-2015-3310.patch \
+ file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
+ file://0001-ppp-Remove-unneeded-include.patch \
+"
+
+SRC_URI_append_libc-musl = "\
+ file://0001-Fix-build-with-musl.patch \
+"
+SRC_URI[md5sum] = "78818f40e6d33a1d1de68a1551f6595a"
+SRC_URI[sha256sum] = "02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30"
+
+inherit autotools-brokensep systemd
+
+TARGET_CC_ARCH += " ${LDFLAGS}"
+EXTRA_OEMAKE = "STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}"
+EXTRA_OECONF = "--disable-strip"
+
+# Package Makefile computes CFLAGS, referencing COPTS.
+# Typically hard-coded to '-O2 -g' in the Makefile's.
+#
+EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'
+
+do_configure () {
+ oe_runconf
+}
+
+do_install_append () {
+ make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp
+ mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d
+ mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/
+ mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/
+ install -m 0755 ${WORKDIR}/pon ${D}${bindir}/pon
+ install -m 0755 ${WORKDIR}/poff ${D}${bindir}/poff
+ install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/ppp
+ install -m 0755 ${WORKDIR}/ip-up ${D}${sysconfdir}/ppp/
+ install -m 0755 ${WORKDIR}/ip-down ${D}${sysconfdir}/ppp/
+ install -m 0755 ${WORKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/
+ install -m 0755 ${WORKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/
+ mkdir -p ${D}${sysconfdir}/chatscripts
+ mkdir -p ${D}${sysconfdir}/ppp/peers
+ install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts
+ install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot
+ install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_unitdir}/system
+ sed -i -e 's,@SBINDIR@,${sbindir},g' \
+ ${D}${systemd_unitdir}/system/ppp@.service
+ rm -rf ${D}/${mandir}/man8/man8
+ chmod u+s ${D}${sbindir}/pppd
+}
+
+CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
+PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools"
+FILES_${PN} = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service"
+FILES_${PN}-oa = "${libdir}/pppd/${PV}/pppoatm.so"
+FILES_${PN}-oe = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/rp-pppoe.so"
+FILES_${PN}-radius = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so"
+FILES_${PN}-winbind = "${libdir}/pppd/${PV}/winbind.so"
+FILES_${PN}-minconn = "${libdir}/pppd/${PV}/minconn.so"
+FILES_${PN}-password = "${libdir}/pppd/${PV}/pass*.so"
+FILES_${PN}-l2tp = "${libdir}/pppd/${PV}/*l2tp.so"
+FILES_${PN}-tools = "${sbindir}/pppstats ${sbindir}/pppdump"
+SUMMARY_${PN}-oa = "Plugin for PPP for PPP-over-ATM support"
+SUMMARY_${PN}-oe = "Plugin for PPP for PPP-over-Ethernet support"
+SUMMARY_${PN}-radius = "Plugin for PPP for RADIUS support"
+SUMMARY_${PN}-winbind = "Plugin for PPP to authenticate against Samba or Windows"
+SUMMARY_${PN}-minconn = "Plugin for PPP to set a delay before the idle timeout applies"
+SUMMARY_${PN}-password = "Plugin for PPP to get passwords via a pipe"
+SUMMARY_${PN}-l2tp = "Plugin for PPP for l2tp support"
+SUMMARY_${PN}-tools = "Additional tools for the PPP package"
diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf b/poky/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf
new file mode 100644
index 000000000..3790d774a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf
@@ -0,0 +1,4 @@
+d root root 0755 /var/run/resolvconf/interface none
+f root root 0644 /etc/resolvconf/run/resolv.conf none
+f root root 0644 /etc/resolvconf/run/enable-updates none
+l root root 0644 /etc/resolv.conf /etc/resolvconf/run/resolv.conf
diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch b/poky/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch
new file mode 100644
index 000000000..1aead0786
--- /dev/null
+++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch
@@ -0,0 +1,20 @@
+
+busybox installs readlink into /usr/bin, so ensure /usr/bin
+is in the path.
+
+Upstream-Status: Submitted
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+
+Index: resolvconf-1.76/etc/resolvconf/update.d/libc
+===================================================================
+--- resolvconf-1.76.orig/etc/resolvconf/update.d/libc
++++ resolvconf-1.76/etc/resolvconf/update.d/libc
+@@ -16,7 +16,7 @@
+ #
+
+ set -e
+-PATH=/sbin:/bin
++PATH=/sbin:/bin:/usr/bin
+
+ [ -x /lib/resolvconf/list-records ] || exit 1
+
diff --git a/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb
new file mode 100644
index 000000000..855017728
--- /dev/null
+++ b/poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb
@@ -0,0 +1,67 @@
+SUMMARY = "name server information handler"
+DESCRIPTION = "Resolvconf is a framework for keeping track of the system's \
+information about currently available nameservers. It sets \
+itself up as the intermediary between programs that supply \
+nameserver information and programs that need nameserver \
+information."
+SECTION = "console/network"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
+AUTHOR = "Thomas Hood"
+HOMEPAGE = "http://packages.debian.org/resolvconf"
+RDEPENDS_${PN} = "bash"
+
+SRC_URI = "http://snapshot.debian.org/archive/debian/20160520T044340Z/pool/main/r/${BPN}/${BPN}_1.79.tar.xz \
+ file://fix-path-for-busybox.patch \
+ file://99_resolvconf \
+ "
+
+SRC_URI[md5sum] = "aab2382020fc518f06a06e924c56d300"
+SRC_URI[sha256sum] = "8e2843cd4162b706f0481b3c281657728cbc2822e50a64fff79b79bd8aa870a0"
+
+# the package is taken from snapshots.debian.org; that source is static and goes stale
+# so we check the latest upstream from a directory that does get updated
+UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/"
+
+inherit allarch
+
+do_compile () {
+ :
+}
+
+do_install () {
+ install -d ${D}${sysconfdir}/default/volatiles
+ install -m 0644 ${WORKDIR}/99_resolvconf ${D}${sysconfdir}/default/volatiles
+ if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${sysconfdir}/tmpfiles.d
+ echo "d /run/${BPN}/interface - - - -" \
+ > ${D}${sysconfdir}/tmpfiles.d/resolvconf.conf
+ fi
+ install -d ${D}${base_libdir}/${BPN}
+ install -d ${D}${sysconfdir}/${BPN}
+ ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run
+ install -d ${D}${sysconfdir} ${D}${base_sbindir}
+ install -d ${D}${mandir}/man8 ${D}${docdir}/${P}
+ cp -pPR etc/* ${D}${sysconfdir}/
+ chown -R root:root ${D}${sysconfdir}/
+ install -m 0755 bin/resolvconf ${D}${base_sbindir}/
+ install -m 0755 bin/list-records ${D}${base_libdir}/${BPN}
+ install -d ${D}/${sysconfdir}/network/if-up.d
+ install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf
+ install -d ${D}/${sysconfdir}/network/if-down.d
+ install -m 0755 debian/resolvconf.resolvconf.if-down ${D}/${sysconfdir}/network/if-down.d/resolvconf
+ install -m 0644 README ${D}${docdir}/${P}/
+ install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/
+}
+
+pkg_postinst_${PN} () {
+ if [ -z "$D" ]; then
+ if command -v systemd-tmpfiles >/dev/null; then
+ systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf
+ elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+ ${sysconfdir}/init.d/populate-volatile.sh update
+ fi
+ fi
+}
+
+FILES_${PN} += "${base_libdir}/${BPN}"
diff --git a/poky/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch b/poky/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch
new file mode 100644
index 000000000..c0e27f3d7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch
@@ -0,0 +1,52 @@
+From fb10ab134d630705cae0c7be42437cc289af7d32 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 15 Mar 2016 21:36:02 +0000
+Subject: [PATCH] Use __c_ispeed and __c_ospeed on musl
+
+Original intention of these asserts is to find if termios structure
+is mapped correctly to locally define union, the get* APIs for
+baudrate would not do the right thing since they do not return the
+value from c_ospeed/c_ispeed but the value which is stored in iflag
+for baudrate.
+
+So we check if we are on Linux but not using glibc then we use
+__c_ispeed and __c_ospeed as defined in musl, however these are
+internal elements of structs it should not have been used this
+way.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+Upstream-Status: Pending
+
+ xioinitialize.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/xioinitialize.c b/xioinitialize.c
+index 9f50155..8fb2e4c 100644
+--- a/xioinitialize.c
++++ b/xioinitialize.c
+@@ -65,6 +65,12 @@ int xioinitialize(void) {
+ #if HAVE_TERMIOS_ISPEED && (ISPEED_OFFSET != -1) && (OSPEED_OFFSET != -1)
+ #if defined(ISPEED_OFFSET) && (ISPEED_OFFSET != -1)
+ #if defined(OSPEED_OFFSET) && (OSPEED_OFFSET != -1)
++#if defined(__linux__) && !defined(__GLIBC__)
++ tdata.termarg.__c_ispeed = 0x56789abc;
++ tdata.termarg.__c_ospeed = 0x6789abcd;
++ assert(tdata.termarg.__c_ispeed == tdata.speeds[ISPEED_OFFSET]);
++ assert(tdata.termarg.__c_ospeed == tdata.speeds[OSPEED_OFFSET]);
++#else
+ tdata.termarg.c_ispeed = 0x56789abc;
+ tdata.termarg.c_ospeed = 0x6789abcd;
+ assert(tdata.termarg.c_ispeed == tdata.speeds[ISPEED_OFFSET]);
+@@ -72,6 +78,7 @@ int xioinitialize(void) {
+ #endif
+ #endif
+ #endif
++#endif
+ }
+ #endif
+
+--
+2.8.0
+
diff --git a/poky/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch b/poky/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch
new file mode 100644
index 000000000..4bbd36766
--- /dev/null
+++ b/poky/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch
@@ -0,0 +1,32 @@
+From e6a7d96fa3675bdd3f4d7a3d7682381789eef22f Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 15 Feb 2016 20:25:34 +0000
+Subject: [PATCH] define NETDB_INTERNAL to -1 if not available
+
+helps build with musl
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ compat.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/compat.h b/compat.h
+index c8bee4d..bfb013a 100644
+--- a/compat.h
++++ b/compat.h
+@@ -666,6 +666,10 @@ typedef int sig_atomic_t;
+ # define NETDB_INTERNAL h_NETDB_INTERNAL
+ #endif
+
++#if !defined(NETDB_INTERNAL)
++# define NETDB_INTERNAL (-1)
++#endif
++
+ #ifndef INET_ADDRSTRLEN
+ # define INET_ADDRSTRLEN sizeof(struct sockaddr_in)
+ #endif
+--
+2.7.1
+
diff --git a/poky/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch b/poky/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch
new file mode 100644
index 000000000..aa4db65a7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch
@@ -0,0 +1,35 @@
+From c6f0080b55679b6e8b5d332d6e05fdcbda1e4064 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Mon, 4 May 2015 00:58:47 -0700
+Subject: [PATCH] Makefile.in: fix for parallel build
+
+Fixed:
+vsnprintf_r.o: file not recognized: File truncated
+collect2: error: ld returned 3 exit status
+Makefile:122: recipe for target 'filan' failed
+
+Let filan depend on vsnprintf_r.o and snprinterr.o to fix the issue.
+
+Upstream-Status: Pending
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index f2a6edb..88b784b 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -118,7 +118,7 @@ PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysut
+ procan: $(PROCAN_OBJS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(PROCAN_OBJS) $(CLIBS)
+
+-filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o
++filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o $(CLIBS)
+
+ libxio.a: $(XIOOBJS) $(UTLOBJS)
+--
+1.7.9.5
+
diff --git a/poky/meta/recipes-connectivity/socat/socat_1.7.3.2.bb b/poky/meta/recipes-connectivity/socat/socat_1.7.3.2.bb
new file mode 100644
index 000000000..4dcb7b4ad
--- /dev/null
+++ b/poky/meta/recipes-connectivity/socat/socat_1.7.3.2.bb
@@ -0,0 +1,41 @@
+SUMMARY = "Multipurpose relay for bidirectional data transfer"
+DESCRIPTION = "Socat is a relay for bidirectional data \
+transfer between two independent data channels."
+HOMEPAGE = "http://www.dest-unreach.org/socat/"
+
+SECTION = "console/network"
+
+DEPENDS = "openssl readline"
+
+LICENSE = "GPL-2.0+-with-OpenSSL-exception"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f"
+
+
+SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
+ file://Makefile.in-fix-for-parallel-build.patch \
+ file://0001-define-NETDB_INTERNAL-to-1-if-not-available.patch \
+ file://0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch \
+"
+
+SRC_URI[md5sum] = "607a24c15bd2cb54e9328bfbbd3a1ae9"
+SRC_URI[sha256sum] = "e3561f808739383eb10fada1e5d4f26883f0311b34fd0af7837d0c95ef379251"
+
+inherit autotools
+
+EXTRA_AUTORECONF += "--exclude=autoheader"
+
+EXTRA_OECONF += "ac_cv_have_z_modifier=yes \
+ ac_cv_header_bsd_libutil_h=no \
+"
+
+PACKAGECONFIG_class-target ??= "tcp-wrappers"
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
+
+do_install_prepend () {
+ mkdir -p ${D}${bindir}
+ install -d ${D}${bindir} ${D}${mandir}/man1
+}
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch
new file mode 100644
index 000000000..f34e243de
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch
@@ -0,0 +1,21 @@
+wireless_tools: Avoid stripping iwmulticall
+
+Upstream-Status: Inappropriate [other]
+ The removed code was from upstream.
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+
+diff -ur wireless_tools.29.orig/Makefile wireless_tools.29/Makefile
+--- wireless_tools.29.orig/Makefile 2011-06-18 11:35:12.183907453 -0500
++++ wireless_tools.29/Makefile 2011-06-18 11:38:09.995907985 -0500
+@@ -135,9 +135,8 @@
+
+ macaddr: macaddr.o $(IWLIB)
+
+-# Always do symbol stripping here
+ iwmulticall: iwmulticall.o
+- $(CC) $(LDFLAGS) -Wl,-s $(XCFLAGS) -o $@ $^ $(LIBS)
++ $(CC) $(LDFLAGS) $(STRIPFLAGS) $(XCFLAGS) -o $@ $^ $(LIBS)
+
+ # It's a kind of magic...
+ wireless.h:
diff --git a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch
new file mode 100644
index 000000000..6c0d8cbd2
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch
@@ -0,0 +1,22 @@
+wireless-tools: Remove QA warning: No GNU_HASH in the elf binary
+
+Upstream-Status: Inappropriate [other]
+ Useful within bitbake environment only.
+
+Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
+
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- wireless_tools.29.orig/Makefile
++++ wireless_tools.29/Makefile
+@@ -144,7 +144,7 @@ wireless.h:
+
+ # Compilation of the dynamic library
+ $(DYNAMIC): $(OBJS:.o=.so)
+- $(CC) -shared -o $@ -Wl,-soname,$@ $(STRIPFLAGS) $(LIBS) -lc $^
++ $(CC) -shared -o $@ -Wl,-soname,$@ $(LDFLAGS) $(STRIPFLAGS) $(LIBS) -lc $^
+
+ # Compilation of the static library
+ $(STATIC): $(OBJS:.o=.so)
diff --git a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch
new file mode 100644
index 000000000..6a757dae7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Inappropriate [configuration]
+
+Index: wireless_tools.30/Makefile
+===================================================================
+--- wireless_tools.30.orig/Makefile 2014-02-01 00:21:04.148463382 -0800
++++ wireless_tools.30/Makefile 2014-02-01 00:23:35.448072279 -0800
+@@ -76,7 +76,7 @@
+ INSTALL_DIR= $(PREFIX)/sbin
+ INSTALL_LIB= $(PREFIX)/lib
+ INSTALL_INC= $(PREFIX)/include
+-INSTALL_MAN= $(PREFIX)/man
++INSTALL_MAN= $(PREFIX)/share/man
+
+ # Various commands
+ RM = rm -f
diff --git a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch
new file mode 100644
index 000000000..3a22c3f1e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch
@@ -0,0 +1,19 @@
+When /etc/ld.so.cache is writeable by user running bitbake then it creates invalid cache
+(in my case libstdc++.so cannot be found after building zlib(-native) and I have to call
+touch */libstdc++.so && /sbin/ldconfig to fix it.
+
+So remove ldconfig call from make install-libs
+
+Upstream-Status: Inappropriate [disable feature]
+
+diff -uNr wireless_tools.29.orig/Makefile wireless_tools.29/Makefile
+--- wireless_tools.29.orig/Makefile 2007-09-18 01:56:46.000000000 +0200
++++ wireless_tools.29/Makefile 2012-02-15 20:46:41.780763514 +0100
+@@ -163,7 +163,6 @@
+ install -m 755 $(DYNAMIC) $(INSTALL_LIB)
+ ln -sfn $(DYNAMIC) $(INSTALL_LIB)/$(DYNAMIC_LINK)
+ @echo "*** Don't forget to add $(INSTALL_LIB) to /etc/ld.so.conf, and run ldconfig as root. ***"
+- @$(LDCONFIG) || echo "*** Could not run ldconfig ! ***"
+
+ # Install the static library
+ install-static:: $(STATIC)
diff --git a/poky/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb
new file mode 100644
index 000000000..0a342071e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb
@@ -0,0 +1,50 @@
+SUMMARY = "Tools for the Linux Standard Wireless Extension Subsystem"
+HOMEPAGE = "https://hewlettpackard.github.io/wireless-tools/Tools.html"
+LICENSE = "GPLv2 & (LGPLv2.1 | MPL-1.1 | BSD)"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
+ file://iwconfig.c;beginline=1;endline=12;md5=cf710eb1795c376eb10ea4ff04649caf \
+ file://iwevent.c;beginline=59;endline=72;md5=d66a10026d4394f0a5b1c5587bce4537 \
+ file://sample_enc.c;beginline=1;endline=4;md5=838372be07874260b566bae2f6ed33b6"
+SECTION = "base"
+PE = "1"
+
+SRC_URI = "https://hewlettpackard.github.io/wireless-tools/wireless_tools.${PV}.tar.gz \
+ file://remove.ldconfig.call.patch \
+ file://man.patch \
+ file://avoid_strip.patch \
+ file://ldflags.patch \
+ "
+SRC_URI[md5sum] = "ca91ba7c7eff9bfff6926b1a34a4697d"
+SRC_URI[sha256sum] = "abd9c5c98abf1fdd11892ac2f8a56737544fe101e1be27c6241a564948f34c63"
+
+UPSTREAM_CHECK_URI = "https://hewlettpackard.github.io/wireless-tools/Tools.html"
+UPSTREAM_CHECK_REGEX = "wireless_tools\.(?P<pver>(\d+)(\..*|))\.tar\.gz"
+
+S = "${WORKDIR}/wireless_tools.30"
+
+CFLAGS =+ "-I${S}"
+EXTRA_OEMAKE = "-e 'BUILD_SHARED=y' \
+ 'INSTALL_DIR=${D}${base_sbindir}' \
+ 'INSTALL_LIB=${D}${libdir}' \
+ 'INSTALL_INC=${D}${includedir}' \
+ 'INSTALL_MAN=${D}${mandir}'"
+
+do_compile() {
+ oe_runmake all libiw.a
+}
+
+do_install() {
+ oe_runmake PREFIX=${D} install-iwmulticall install-dynamic install-man install-hdr
+ install -d ${D}${sbindir}
+ install -m 0755 ifrename ${D}${sbindir}/ifrename
+}
+
+PACKAGES = "libiw libiw-dev libiw-doc ifrename-doc ifrename ${PN} ${PN}-doc ${PN}-dbg"
+
+FILES_libiw = "${libdir}/*.so.*"
+FILES_libiw-dev = "${libdir}/*.a ${libdir}/*.so ${includedir}"
+FILES_libiw-doc = "${mandir}/man7"
+FILES_ifrename = "${sbindir}/ifrename"
+FILES_ifrename-doc = "${mandir}/man8/ifrename.8 ${mandir}/man5/iftab.5"
+FILES_${PN} = "${bindir} ${sbindir}/iw* ${base_sbindir} ${base_bindir} ${sysconfdir}/network"
+FILES_${PN}-doc = "${mandir}"
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant
new file mode 100644
index 000000000..6ff4dd882
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant
@@ -0,0 +1 @@
+d root root 0700 /var/run/wpa_supplicant none
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
new file mode 100644
index 000000000..f04e398fd
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
@@ -0,0 +1,552 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Example configuration for various cross-compilation platforms
+
+#### sveasoft (e.g., for Linksys WRT54G) ######################################
+#CC=mipsel-uclibc-gcc
+#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
+#CFLAGS += -Os
+#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
+#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
+###############################################################################
+
+#### openwrt (e.g., for Linksys WRT54G) #######################################
+#CC=mipsel-uclibc-gcc
+#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
+#CFLAGS += -Os
+#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
+# -I../WRT54GS/release/src/include
+#LIBS = -lssl
+###############################################################################
+
+
+# Driver interface for Host AP driver
+CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for Agere driver
+#CONFIG_DRIVER_HERMES=y
+# Change include directories to match with the local setup
+#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
+#CFLAGS += -I../../include/wireless
+
+# Driver interface for madwifi driver
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
+#CONFIG_DRIVER_MADWIFI=y
+# Set include directory to the madwifi source tree
+#CFLAGS += -I../../madwifi
+
+# Driver interface for ndiswrapper
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
+#CONFIG_DRIVER_NDISWRAPPER=y
+
+# Driver interface for Atmel driver
+# CONFIG_DRIVER_ATMEL=y
+
+# Driver interface for old Broadcom driver
+# Please note that the newer Broadcom driver ("hybrid Linux driver") supports
+# Linux wireless extensions and does not need (or even work) with the old
+# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver.
+#CONFIG_DRIVER_BROADCOM=y
+# Example path for wlioctl.h; change to match your configuration
+#CFLAGS += -I/opt/WRT54GS/release/src/include
+
+# Driver interface for Intel ipw2100/2200 driver
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
+#CONFIG_DRIVER_IPW=y
+
+# Driver interface for Ralink driver
+#CONFIG_DRIVER_RALINK=y
+
+# Driver interface for generic Linux wireless extensions
+# Note: WEXT is deprecated in the current Linux kernel version and no new
+# functionality is added to it. nl80211-based interface is the new
+# replacement for WEXT and its use allows wpa_supplicant to properly control
+# the driver to improve existing functionality like roaming and to support new
+# functionality.
+CONFIG_DRIVER_WEXT=y
+
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for development testing
+#CONFIG_DRIVER_TEST=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
+# included)
+CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
+# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
+# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
+#CONFIG_EAP_FAST=y
+
+# EAP-GTC
+CONFIG_EAP_GTC=y
+
+# EAP-OTP
+CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+#CONFIG_EAP_SIM=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd (secure authentication using only a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-PAX
+#CONFIG_EAP_PAX=y
+
+# LEAP
+CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-TNC and related Trusted Network Connect support (experimental)
+#CONFIG_EAP_TNC=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable WSC 2.0 support
+#CONFIG_WPS2=y
+# Enable WPS external registrar functionality
+#CONFIG_WPS_ER=y
+# Disable credentials for an open network by default when acting as a WPS
+# registrar.
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# EAP-EKE
+#CONFIG_EAP_EKE=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+#CONFIG_PCSC=y
+
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
+#CONFIG_HT_OVERRIDES=y
+
+# Support VHT overrides (disable VHT, mask MCS rates, etc.)
+#CONFIG_VHT_OVERRIDES=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+
+# Include internal line edit mode in wpa_cli. This can be used as a replacement
+# for GNU Readline to provide limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+
+# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+# path is given on command line, not here; this option is just used to
+# select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+#CONFIG_NO_CONFIG_WRITE=y
+
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operatins system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+#CONFIG_ELOOP=eloop
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection), also known as PMF
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# none = Empty template
+#CONFIG_TLS=openssl
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used. It should be noted that some existing TLS v1.0 -based
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
+# sent prior to negotiating which version will be used)
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms. It should be
+# noted that some existing TLS v1.0 -based implementation may not be compatible
+# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
+# will be used)
+#CONFIG_TLSV12=y
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for old DBus control interface
+# (fi.epitest.hostap.WPASupplicant)
+#CONFIG_CTRL_IFACE_DBUS=y
+
+# Add support for new DBus control interface
+# (fi.w1.hostap.wpa_supplicant1)
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# Add introspection support for new DBus control interface
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+#CONFIG_IEEE80211R=y
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+#CONFIG_DEBUG_SYSLOG=y
+# Set syslog facility for debug messages
+#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+#CONFIG_DELAYED_MIC_ERROR_REPORT=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, uncomment these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, uncomment these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+CONFIG_TLS = %ssl%
+CONFIG_CTRL_IFACE_DBUS=y
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# wpa_supplicant depends on strong random number generation being available
+# from the operating system. os_get_random() function is used to fetch random
+# data when needed, e.g., for key generation. On Linux and BSD systems, this
+# works by reading /dev/urandom. It should be noted that the OS entropy pool
+# needs to be properly initialized before wpa_supplicant is started. This is
+# important especially on embedded devices that do not have a hardware random
+# number generator and may by default start up with minimal entropy available
+# for random number generation.
+#
+# As a safety net, wpa_supplicant is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data fetched
+# from the OS. This by itself is not considered to be very strong, but it may
+# help in cases where the system pool is not initialized properly. However, it
+# is very strongly recommended that the system pool is initialized with enough
+# entropy either by using hardware assisted random number generator or by
+# storing state over device reboots.
+#
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal wpa_supplicant random pool can be
+# disabled. This will save some in binary size and CPU use. However, this
+# should only be considered for builds that are known to be used on devices
+# that meet the requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# IEEE 802.11n (High Throughput) support (mainly for AP mode)
+#CONFIG_IEEE80211N=y
+
+# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
+# (depends on CONFIG_IEEE80211N)
+#CONFIG_IEEE80211AC=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks (GAS/ANQP to learn more about the networks and network
+# selection based on available credentials).
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Disable roaming in wpa_supplicant
+#CONFIG_NO_ROAMING=y
+
+# AP mode operations with wpa_supplicant
+# This can be used for controlling AP mode operations with wpa_supplicant. It
+# should be noted that this is mainly aimed at simple cases like
+# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
+# external RADIUS server can be supported with hostapd.
+CONFIG_AP=y
+
+CONFIG_BGSCAN_SIMPLE=y
+
+# P2P (Wi-Fi Direct)
+# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
+# more information on P2P operations.
+#CONFIG_P2P=y
+
+# Enable TDLS support
+#CONFIG_TDLS=y
+
+# Wi-Fi Direct
+# This can be used to enable Wi-Fi Direct extensions for P2P using an external
+# program to control the additional information exchanges in the messages.
+#CONFIG_WIFI_DISPLAY=y
+
+# Autoscan
+# This can be used to enable automatic scan support in wpa_supplicant.
+# See wpa_supplicant.conf for more information on autoscan usage.
+#
+# Enabling directly a module will enable autoscan support.
+# For exponential module:
+CONFIG_AUTOSCAN_EXPONENTIAL=y
+# For periodic module:
+#CONFIG_AUTOSCAN_PERIODIC=y
+
+# Password (and passphrase, etc.) backend for external storage
+# These optional mechanisms can be used to add support for storing passwords
+# and other secrets in external (to wpa_supplicant) location. This allows, for
+# example, operating system specific key storage to be used
+#
+# External password backend for testing purposes (developer use)
+#CONFIG_EXT_PASSWORD_TEST=y
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch
new file mode 100644
index 000000000..436520fe6
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple.patch
@@ -0,0 +1,1025 @@
+The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
+result in unauthenticated clients gaining access to the network.
+
+Backport a number of patches from upstream to fix this.
+
+CVE: CVE-2017-13077
+CVE: CVE-2017-13078
+CVE: CVE-2017-13079
+CVE: CVE-2017-13080
+CVE: CVE-2017-13081
+CVE: CVE-2017-13082
+CVE: CVE-2017-13086
+CVE: CVE-2017-13087
+CVE: CVE-2017-13088
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/ap/ieee802_11.c | 16 +++++++++++++---
+ src/ap/wpa_auth.c | 11 +++++++++++
+ src/ap/wpa_auth.h | 3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++++++++++
+ src/ap/wpa_auth_i.h | 1 +
+ 5 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index 4e04169..333035f 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ {
+ struct ieee80211_ht_capabilities ht_cap;
+ struct ieee80211_vht_capabilities vht_cap;
++ int set = 1;
+
+ /*
+ * Remove the STA entry to ensure the STA PS state gets cleared and
+@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ * FT-over-the-DS, where a station re-associates back to the same AP but
+ * skips the authentication flow, or if working with a driver that
+ * does not support full AP client state.
++ *
++ * Skip this if the STA has already completed FT reassociation and the
++ * TK has been configured since the TX/RX PN must not be reset to 0 for
++ * the same key.
+ */
+- if (!sta->added_unassoc)
++ if (!sta->added_unassoc &&
++ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
++ set = 0;
++ }
+
+ #ifdef CONFIG_IEEE80211N
+ if (sta->flags & WLAN_STA_HT)
+@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
+ sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
+ sta->vht_opmode, sta->p2p_ie ? 1 : 0,
+- sta->added_unassoc)) {
++ set)) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
+ "Could not %s STA to kernel driver",
+- sta->added_unassoc ? "set" : "add");
++ set ? "set" : "add");
+
+ if (sta->added_unassoc) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 3587086..707971d 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
+ #else /* CONFIG_IEEE80211R */
+ break;
+ #endif /* CONFIG_IEEE80211R */
++ case WPA_DRV_STA_REMOVED:
++ sm->tk_already_set = FALSE;
++ return 0;
+ }
+
+ #ifdef CONFIG_IEEE80211R
+@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
+ }
+
+
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
++{
++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
++ return 0;
++ return sm->tk_already_set;
++}
++
++
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry)
+ {
+diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
+index 0de8d97..97461b0 100644
+--- a/src/ap/wpa_auth.h
++++ b/src/ap/wpa_auth.h
+@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
+ u8 *data, size_t data_len);
+ enum wpa_event {
+ WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
+- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
+ };
+ void wpa_remove_ptk(struct wpa_state_machine *sm);
+ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
+@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+ int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+ int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
+ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry);
+ struct rsn_pmksa_cache_entry *
+diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
+index 42242a5..e63b99a 100644
+--- a/src/ap/wpa_auth_ft.c
++++ b/src/ap/wpa_auth_ft.c
+@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+ return;
+ }
+
++ if (sm->tk_already_set) {
++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
++ * PN in the driver */
++ wpa_printf(MSG_DEBUG,
++ "FT: Do not re-install same PTK to the driver");
++ return;
++ }
++
+ /* FIX: add STA entry to kernel/driver here? The set_key will fail
+ * most likely without this.. At the moment, STA entry is added only
+ * after association has been completed. This function will be called
+@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+
+ /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
+ sm->pairwise_set = TRUE;
++ sm->tk_already_set = TRUE;
+ }
+
+
+@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
+
+ sm->pairwise = pairwise;
+ sm->PTK_valid = TRUE;
++ sm->tk_already_set = FALSE;
+ wpa_ft_install_ptk(sm);
+
+ buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
+index 72b7eb3..7fd8f05 100644
+--- a/src/ap/wpa_auth_i.h
++++ b/src/ap/wpa_auth_i.h
+@@ -65,6 +65,7 @@ struct wpa_state_machine {
+ struct wpa_ptk PTK;
+ Boolean PTK_valid;
+ Boolean pairwise_set;
++ Boolean tk_already_set;
+ int keycount;
+ Boolean Pair;
+ struct wpa_key_replay_counter {
+--
+2.7.4
+
+From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Wed, 12 Jul 2017 16:03:24 +0200
+Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
+
+Track the current GTK and IGTK that is in use and when receiving a
+(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
+not install the given key if it is already in use. This prevents an
+attacker from trying to trick the client into resetting or lowering the
+sequence counter associated to the group key.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 11 +++++
+ src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
+ src/rsn_supp/wpa_i.h | 4 ++
+ 3 files changed, 87 insertions(+), 44 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index af1d0f0..d200285 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -217,6 +217,17 @@ struct wpa_ptk {
+ size_t tk_len;
+ };
+
++struct wpa_gtk {
++ u8 gtk[WPA_GTK_MAX_LEN];
++ size_t gtk_len;
++};
++
++#ifdef CONFIG_IEEE80211W
++struct wpa_igtk {
++ u8 igtk[WPA_IGTK_MAX_LEN];
++ size_t igtk_len;
++};
++#endif /* CONFIG_IEEE80211W */
+
+ /* WPA IE version 1
+ * 00-50-f2:1 (OUI:OUI type)
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 3c47879..95bd7be 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
++ /* Detect possible key reinstallation */
++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
++ gd->keyidx, gd->tx, gd->gtk_len);
++ return 0;
++ }
++
+ wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
+@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++
+ return 0;
+ }
+
+@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ }
+
+
++#ifdef CONFIG_IEEE80211W
++static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
++ const struct wpa_igtk_kde *igtk)
++{
++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
++ u16 keyidx = WPA_GET_LE16(igtk->keyid);
++
++ /* Detect possible key reinstallation */
++ if (sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
++ keyidx);
++ return 0;
++ }
++
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
++ keyidx, MAC2STR(igtk->pn));
++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
++ if (keyidx > 4095) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Invalid IGTK KeyID %d", keyidx);
++ return -1;
++ }
++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
++ broadcast_ether_addr,
++ keyidx, 0, igtk->pn, sizeof(igtk->pn),
++ igtk->igtk, len) < 0) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Failed to configure IGTK to the driver");
++ return -1;
++ }
++
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++
++ return 0;
++}
++#endif /* CONFIG_IEEE80211W */
++
++
+ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ struct wpa_eapol_ie_parse *ie)
+ {
+@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ if (ie->igtk) {
+ size_t len;
+ const struct wpa_igtk_kde *igtk;
+- u16 keyidx;
++
+ len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
+ return -1;
++
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- keyidx = WPA_GET_LE16(igtk->keyid);
+- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
+- "pn %02x%02x%02x%02x%02x%02x",
+- keyidx, MAC2STR(igtk->pn));
+- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
+- igtk->igtk, len);
+- if (keyidx > 4095) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Invalid IGTK KeyID %d", keyidx);
+- return -1;
+- }
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igtk->pn, sizeof(igtk->pn),
+- igtk->igtk, len) < 0) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Failed to configure IGTK to the driver");
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+ }
+
+ return 0;
+@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
+ */
+ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ {
+- int clear_ptk = 1;
++ int clear_keys = 1;
+
+ if (sm == NULL)
+ return;
+@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ /* Prepare for the next transition */
+ wpa_ft_prepare_auth_request(sm, NULL);
+
+- clear_ptk = 0;
++ clear_keys = 0;
+ }
+ #endif /* CONFIG_IEEE80211R */
+
+- if (clear_ptk) {
++ if (clear_keys) {
+ /*
+ * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
+ * this is not part of a Fast BSS Transition.
+@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ }
+
+ #ifdef CONFIG_TDLS
+@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(sm->pmk, 0, sizeof(sm->pmk));
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+ os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
+@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ os_memset(&gd, 0, sizeof(gd));
+ #ifdef CONFIG_IEEE80211W
+ } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
+- struct wpa_igtk_kde igd;
+- u16 keyidx;
+-
+- os_memset(&igd, 0, sizeof(igd));
+- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
+- os_memcpy(igd.keyid, buf + 2, 2);
+- os_memcpy(igd.pn, buf + 4, 6);
+-
+- keyidx = WPA_GET_LE16(igd.keyid);
+- os_memcpy(igd.igtk, buf + 10, keylen);
+-
+- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
+- igd.igtk, keylen);
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igd.pn, sizeof(igd.pn),
+- igd.igtk, keylen) < 0) {
+- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
+- "WNM mode");
+- os_memset(&igd, 0, sizeof(igd));
++ const struct wpa_igtk_kde *igtk;
++
++ igtk = (const struct wpa_igtk_kde *) (buf + 2);
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+- os_memset(&igd, 0, sizeof(igd));
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+ wpa_printf(MSG_DEBUG, "Unknown element id");
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index f653ba6..afc9e37 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -31,6 +31,10 @@ struct wpa_sm {
+ u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
++ struct wpa_gtk gtk;
++#ifdef CONFIG_IEEE80211W
++ struct wpa_igtk igtk;
++#endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+
+--
+2.7.4
+
+From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:12:24 +0300
+Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
+ Mode cases
+
+This extends the protection to track last configured GTK/IGTK value
+separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
+corner case where these two different mechanisms may get used when the
+GTK/IGTK has changed and tracking a single value is not sufficient to
+detect a possible key reconfiguration.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
+ src/rsn_supp/wpa_i.h | 2 ++
+ 2 files changed, 40 insertions(+), 15 deletions(-)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 95bd7be..7a2c68d 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -709,14 +709,17 @@ struct wpa_gtk_data {
+
+ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const struct wpa_gtk_data *gd,
+- const u8 *key_rsc)
++ const u8 *key_rsc, int wnm_sleep)
+ {
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
+ /* Detect possible key reinstallation */
+- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ gd->keyidx, gd->tx, gd->gtk_len);
+@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
+- sm->gtk.gtk_len = gd->gtk_len;
+- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ if (wnm_sleep) {
++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len);
++ } else {
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ }
+
+ return 0;
+ }
+@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
+ gtk_len, gtk_len,
+ &gd.key_rsc_len, &gd.alg) ||
+- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "RSN: Failed to install GTK");
+ os_memset(&gd, 0, sizeof(gd));
+@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+
+ #ifdef CONFIG_IEEE80211W
+ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+- const struct wpa_igtk_kde *igtk)
++ const struct wpa_igtk_kde *igtk,
++ int wnm_sleep)
+ {
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
+
+ /* Detect possible key reinstallation */
+- if (sm->igtk.igtk_len == len &&
+- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ if ((sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
++ (sm->igtk_wnm_sleep.igtk_len == len &&
++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ keyidx);
+@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ return -1;
+ }
+
+- sm->igtk.igtk_len = len;
+- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ if (wnm_sleep) {
++ sm->igtk_wnm_sleep.igtk_len = len;
++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len);
++ } else {
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ }
+
+ return 0;
+ }
+@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ return -1;
+
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
+ return -1;
+ }
+
+@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
+ if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
+ key_rsc = null_rsc;
+
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
+ wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
+ goto failed;
+ os_memset(&gd, 0, sizeof(gd));
+@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ }
+
+@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+
+ wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
+ gd.gtk, gd.gtk_len);
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
+ os_memset(&gd, 0, sizeof(gd));
+ wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
+ "WNM mode");
+@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ const struct wpa_igtk_kde *igtk;
+
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
+ return -1;
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index afc9e37..9a54631 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -32,8 +32,10 @@ struct wpa_sm {
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ struct wpa_gtk gtk;
++ struct wpa_gtk gtk_wnm_sleep;
+ #ifdef CONFIG_IEEE80211W
+ struct wpa_igtk igtk;
++ struct wpa_igtk igtk_wnm_sleep;
+ #endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+--
+2.7.4
+
+From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 29 Sep 2017 04:22:51 +0200
+Subject: [PATCH 4/8] Prevent installation of an all-zero TK
+
+Properly track whether a PTK has already been installed to the driver
+and the TK part cleared from memory. This prevents an attacker from
+trying to trick the client into installing an all-zero TK.
+
+This fixes the earlier fix in commit
+ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
+driver in EAPOL-Key 3/4 retry case') which did not take into account
+possibility of an extra message 1/4 showing up between retries of
+message 3/4.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 1 +
+ src/rsn_supp/wpa.c | 5 ++---
+ src/rsn_supp/wpa_i.h | 1 -
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index d200285..1021ccb 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -215,6 +215,7 @@ struct wpa_ptk {
+ size_t kck_len;
+ size_t kek_len;
+ size_t tk_len;
++ int installed; /* 1 if key has already been installed to driver */
+ };
+
+ struct wpa_gtk {
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 7a2c68d..0550a41 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ os_memset(buf, 0, sizeof(buf));
+ }
+ sm->tptk_set = 1;
+- sm->tk_to_set = 1;
+
+ kde = sm->assoc_wpa_ie;
+ kde_len = sm->assoc_wpa_ie_len;
+@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ enum wpa_alg alg;
+ const u8 *key_rsc;
+
+- if (!sm->tk_to_set) {
++ if (sm->ptk.installed) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Do not re-install same PTK to the driver");
+ return 0;
+@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+
+ /* TK is not needed anymore in supplicant */
+ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+- sm->tk_to_set = 0;
++ sm->ptk.installed = 1;
+
+ if (sm->wpa_ptk_rekey) {
+ eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 9a54631..41f371f 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -24,7 +24,6 @@ struct wpa_sm {
+ struct wpa_ptk ptk, tptk;
+ int ptk_set, tptk_set;
+ unsigned int msg_3_of_4_ok:1;
+- unsigned int tk_to_set:1;
+ u8 snonce[WPA_NONCE_LEN];
+ u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+ int renew_snonce;
+--
+2.7.4
+
+From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:32:57 +0300
+Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
+
+The Authenticator state machine path for PTK rekeying ended up bypassing
+the AUTHENTICATION2 state where a new ANonce is generated when going
+directly to the PTKSTART state since there is no need to try to
+determine the PMK again in such a case. This is far from ideal since the
+new PTK would depend on a new nonce only from the supplicant.
+
+Fix this by generating a new ANonce when moving to the PTKSTART state
+for the purpose of starting new 4-way handshake to rekey PTK.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 707971d..bf10cc1 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
+ }
+
+
++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
++{
++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
++ wpa_printf(MSG_ERROR,
++ "WPA: Failed to get random data for ANonce");
++ sm->Disconnect = TRUE;
++ return -1;
++ }
++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
++ WPA_NONCE_LEN);
++ sm->TimeoutCtr = 0;
++ return 0;
++}
++
++
+ SM_STATE(WPA_PTK, INITPMK)
+ {
+ u8 msk[2 * PMK_LEN];
+@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
+ SM_ENTER(WPA_PTK, AUTHENTICATION);
+ else if (sm->ReAuthenticationRequest)
+ SM_ENTER(WPA_PTK, AUTHENTICATION2);
+- else if (sm->PTKRequest)
+- SM_ENTER(WPA_PTK, PTKSTART);
+- else switch (sm->wpa_ptk_state) {
++ else if (sm->PTKRequest) {
++ if (wpa_auth_sm_ptk_update(sm) < 0)
++ SM_ENTER(WPA_PTK, DISCONNECTED);
++ else
++ SM_ENTER(WPA_PTK, PTKSTART);
++ } else switch (sm->wpa_ptk_state) {
+ case WPA_PTK_INITIALIZE:
+ break;
+ case WPA_PTK_DISCONNECT:
+--
+2.7.4
+
+From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:03:15 +0300
+Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
+
+Do not try to reconfigure the same TPK-TK to the driver after it has
+been successfully configured. This is an explicit check to avoid issues
+related to resetting the TX/RX packet number. There was already a check
+for this for TPK M2 (retries of that message are ignored completely), so
+that behavior does not get modified.
+
+For TPK M3, the TPK-TK could have been reconfigured, but that was
+followed by immediate teardown of the link due to an issue in updating
+the STA entry. Furthermore, for TDLS with any real security (i.e.,
+ignoring open/WEP), the TPK message exchange is protected on the AP path
+and simple replay attacks are not feasible.
+
+As an additional corner case, make sure the local nonce gets updated if
+the peer uses a very unlikely "random nonce" of all zeros.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 36 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
+index e424168..9eb9738 100644
+--- a/src/rsn_supp/tdls.c
++++ b/src/rsn_supp/tdls.c
+@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
+ u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
+ } tpk;
+ int tpk_set;
++ int tk_set; /* TPK-TK configured to the driver */
+ int tpk_success;
+ int tpk_in_progress;
+
+@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ u8 rsc[6];
+ enum wpa_alg alg;
+
++ if (peer->tk_set) {
++ /*
++ * This same TPK-TK has already been configured to the driver
++ * and this new configuration attempt (likely due to an
++ * unexpected retransmitted frame) would result in clearing
++ * the TX/RX sequence number which can break security, so must
++ * not allow that to happen.
++ */
++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
++ " has already been configured to the driver - do not reconfigure",
++ MAC2STR(peer->addr));
++ return -1;
++ }
++
+ os_memset(rsc, 0, 6);
+
+ switch (peer->cipher) {
+@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ return -1;
+ }
+
++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
++ MAC2STR(peer->addr));
+ if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
+ rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
+ wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
+ "driver");
+ return -1;
+ }
++ peer->tk_set = 1;
+ return 0;
+ }
+
+@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ peer->cipher = 0;
+ peer->qos_info = 0;
+ peer->wmm_capable = 0;
+- peer->tpk_set = peer->tpk_success = 0;
++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
+ peer->chan_switch_enabled = 0;
+ os_memset(&peer->tpk, 0, sizeof(peer->tpk));
+ os_memset(peer->inonce, 0, WPA_NONCE_LEN);
+@@ -1159,6 +1177,7 @@ skip_rsnie:
+ wpa_tdls_peer_free(sm, peer);
+ return -1;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
+ peer->inonce, WPA_NONCE_LEN);
+ os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
+@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
+ }
+
+
++static int tdls_nonce_set(const u8 *nonce)
++{
++ int i;
++
++ for (i = 0; i < WPA_NONCE_LEN; i++) {
++ if (nonce[i])
++ return 1;
++ }
++
++ return 0;
++}
++
++
+ static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
+ const u8 *buf, size_t len)
+ {
+@@ -2004,7 +2036,8 @@ skip_rsn:
+ peer->rsnie_i_len = kde.rsn_ie_len;
+ peer->cipher = cipher;
+
+- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
++ !tdls_nonce_set(peer->inonce)) {
+ /*
+ * There is no point in updating the RNonce for every obtained
+ * TPK M1 frame (e.g., retransmission due to timeout) with the
+@@ -2020,6 +2053,7 @@ skip_rsn:
+ "TDLS: Failed to get random data for responder nonce");
+ goto error;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ }
+
+ #if 0
+--
+2.7.4
+
+From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:25:02 +0300
+Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
+ request
+
+Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
+Mode Response if WNM-Sleep Mode has not been used') started ignoring the
+response when no WNM-Sleep Mode Request had been used during the
+association. This can be made tighter by clearing the used flag when
+successfully processing a response. This adds an additional layer of
+protection against unexpected retransmissions of the response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ wpa_supplicant/wnm_sta.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
+index 1b3409c..67a07ff 100644
+--- a/wpa_supplicant/wnm_sta.c
++++ b/wpa_supplicant/wnm_sta.c
+@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+
+ if (!wpa_s->wnmsleep_used) {
+ wpa_printf(MSG_DEBUG,
+- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
+ return;
+ }
+
+@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+ return;
+ }
+
++ wpa_s->wnmsleep_used = 0;
++
+ if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
+ wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
+ wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
+--
+2.7.4
+
+From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 12:06:37 +0300
+Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
+
+The driver is expected to not report a second association event without
+the station having explicitly request a new association. As such, this
+case should not be reachable. However, since reconfiguring the same
+pairwise or group keys to the driver could result in nonce reuse issues,
+be extra careful here and do an additional state check to avoid this
+even if the local driver ends up somehow accepting an unexpected
+Reassociation Response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 3 +++
+ src/rsn_supp/wpa_ft.c | 8 ++++++++
+ src/rsn_supp/wpa_i.h | 1 +
+ 3 files changed, 12 insertions(+)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 0550a41..2a53c6f 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
+ #ifdef CONFIG_TDLS
+ wpa_tdls_disassoc(sm);
+ #endif /* CONFIG_TDLS */
++#ifdef CONFIG_IEEE80211R
++ sm->ft_reassoc_completed = 0;
++#endif /* CONFIG_IEEE80211R */
+
+ /* Keys are not needed in the WPA state machine anymore */
+ wpa_sm_drop_sa(sm);
+diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
+index 205793e..d45bb45 100644
+--- a/src/rsn_supp/wpa_ft.c
++++ b/src/rsn_supp/wpa_ft.c
+@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
+ u16 capab;
+
+ sm->ft_completed = 0;
++ sm->ft_reassoc_completed = 0;
+
+ buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+ 2 + sm->r0kh_id_len + ric_ies_len + 100;
+@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ if (sm->ft_reassoc_completed) {
++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
++ return 0;
++ }
++
+ if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
+ wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
+ return -1;
+@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ sm->ft_reassoc_completed = 1;
++
+ if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
+ return -1;
+
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 41f371f..56f88dc 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -128,6 +128,7 @@ struct wpa_sm {
+ size_t r0kh_id_len;
+ u8 r1kh_id[FT_R1KH_ID_LEN];
+ int ft_completed;
++ int ft_reassoc_completed;
+ int over_the_ds_in_progress;
+ u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
+ int set_ptk_after_assoc;
+--
+2.7.4
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
new file mode 100644
index 000000000..35a1aa639
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
@@ -0,0 +1,86 @@
+#!/bin/sh
+
+
+WPA_SUP_BIN="/usr/sbin/wpa_supplicant"
+WPA_SUP_PNAME="wpa_supplicant"
+WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid"
+WPA_COMMON_CTRL_IFACE="/var/run/wpa_supplicant"
+WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE"
+
+VERBOSITY=0
+
+
+if [ -s "$IF_WPA_CONF" ]; then
+ WPA_SUP_CONF="-c $IF_WPA_CONF"
+else
+ exit 0
+fi
+
+if [ ! -x "$WPA_SUP_BIN" ]; then
+
+ if [ "$VERBOSITY" = "1" ]; then
+ echo "$WPA_SUP_PNAME: binaries not executable or missing from $WPA_SUP_BIN"
+ fi
+
+ exit 1
+fi
+
+if [ "$MODE" = "start" ] ; then
+ # driver type of interface, defaults to wext when undefined
+ if [ -s "/etc/wpa_supplicant/driver.$IFACE" ]; then
+ IF_WPA_DRIVER=$(cat "/etc/wpa_supplicant/driver.$IFACE")
+ elif [ -z "$IF_WPA_DRIVER" ]; then
+
+ if [ "$VERBOSITY" = "1" ]; then
+ echo "$WPA_SUP_PNAME: wpa-driver not provided, using \"wext\""
+ fi
+
+ IF_WPA_DRIVER="wext"
+ fi
+
+ # if we have passed the criteria, start wpa_supplicant
+ if [ -n "$WPA_SUP_CONF" ]; then
+
+ if [ "$VERBOSITY" = "1" ]; then
+ echo "$WPA_SUP_PNAME: $WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER"
+ fi
+
+ start-stop-daemon --start --quiet \
+ --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \
+ -- $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER
+ fi
+
+ # if the interface socket exists, then wpa_supplicant was invoked successfully
+ if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then
+
+ if [ "$VERBOSITY" = "1" ]; then
+ echo "$WPA_SUP_PNAME: ctrl_interface socket located at $WPA_COMMON_CTRL_IFACE/$IFACE"
+ fi
+
+ exit 0
+
+ fi
+
+elif [ "$MODE" = "stop" ]; then
+
+ if [ -f "$WPA_SUP_PIDFILE" ]; then
+
+ if [ "$VERBOSITY" = "1" ]; then
+ echo "$WPA_SUP_PNAME: terminating $WPA_SUP_PNAME daemon"
+ fi
+
+ start-stop-daemon --stop --quiet \
+ --name $WPA_SUP_PNAME --pidfile $WPA_SUP_PIDFILE
+
+ if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then
+ rm -f $WPA_COMMON_CTRL_IFACE/$IFACE
+ fi
+
+ if [ -f "$WPA_SUP_PIDFILE" ]; then
+ rm -f $WPA_SUP_PIDFILE
+ fi
+ fi
+
+fi
+
+exit 0
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf
new file mode 100644
index 000000000..68258f5ee
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf
@@ -0,0 +1,690 @@
+##### Example wpa_supplicant configuration file ###############################
+#
+# This file describes configuration file format and lists all available option.
+# Please also take a look at simpler configuration examples in 'examples'
+# subdirectory.
+#
+# Empty lines and lines starting with # are ignored
+
+# NOTE! This file may contain password information and should probably be made
+# readable only by root user on multiuser systems.
+
+# Note: All file paths in this configuration file should use full (absolute,
+# not relative to working directory) path in order to allow working directory
+# to be changed. This can happen if wpa_supplicant is run in the background.
+
+# Whether to allow wpa_supplicant to update (overwrite) configuration
+#
+# This option can be used to allow wpa_supplicant to overwrite configuration
+# file whenever configuration is changed (e.g., new network block is added with
+# wpa_cli or wpa_gui, or a password is changed). This is required for
+# wpa_cli/wpa_gui to be able to store the configuration changes permanently.
+# Please note that overwriting configuration file will remove the comments from
+# it.
+#update_config=1
+
+# global configuration (shared by all network blocks)
+#
+# Parameters for the control interface. If this is specified, wpa_supplicant
+# will open a control interface that is available for external programs to
+# manage wpa_supplicant. The meaning of this string depends on which control
+# interface mechanism is used. For all cases, the existence of this parameter
+# in configuration is used to determine whether the control interface is
+# enabled.
+#
+# For UNIX domain sockets (default on Linux and BSD): This is a directory that
+# will be created for UNIX domain sockets for listening to requests from
+# external programs (CLI/GUI, etc.) for status information and configuration.
+# The socket file will be named based on the interface name, so multiple
+# wpa_supplicant processes can be run at the same time if more than one
+# interface is used.
+# /var/run/wpa_supplicant is the recommended directory for sockets and by
+# default, wpa_cli will use it when trying to connect with wpa_supplicant.
+#
+# Access control for the control interface can be configured by setting the
+# directory to allow only members of a group to use sockets. This way, it is
+# possible to run wpa_supplicant as root (since it needs to change network
+# configuration and open raw sockets) and still allow GUI/CLI components to be
+# run as non-root users. However, since the control interface can be used to
+# change the network configuration, this access needs to be protected in many
+# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you
+# want to allow non-root users to use the control interface, add a new group
+# and change this value to match with that group. Add users that should have
+# control interface access to this group. If this variable is commented out or
+# not included in the configuration file, group will not be changed from the
+# value it got by default when the directory or socket was created.
+#
+# When configuring both the directory and group, use following format:
+# DIR=/var/run/wpa_supplicant GROUP=wheel
+# DIR=/var/run/wpa_supplicant GROUP=0
+# (group can be either group name or gid)
+#
+# For UDP connections (default on Windows): The value will be ignored. This
+# variable is just used to select that the control interface is to be created.
+# The value can be set to, e.g., udp (ctrl_interface=udp)
+#
+# For Windows Named Pipe: This value can be used to set the security descriptor
+# for controlling access to the control interface. Security descriptor can be
+# set using Security Descriptor String Format (see http://msdn.microsoft.com/
+# library/default.asp?url=/library/en-us/secauthz/security/
+# security_descriptor_string_format.asp). The descriptor string needs to be
+# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty
+# DACL (which will reject all connections). See README-Windows.txt for more
+# information about SDDL string format.
+#
+ctrl_interface=/var/run/wpa_supplicant
+
+# IEEE 802.1X/EAPOL version
+# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines
+# EAPOL version 2. However, there are many APs that do not handle the new
+# version number correctly (they seem to drop the frames completely). In order
+# to make wpa_supplicant interoperate with these APs, the version number is set
+# to 1 by default. This configuration value can be used to set it to the new
+# version (2).
+eapol_version=1
+
+# AP scanning/selection
+# By default, wpa_supplicant requests driver to perform AP scanning and then
+# uses the scan results to select a suitable AP. Another alternative is to
+# allow the driver to take care of AP scanning and selection and use
+# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
+# information from the driver.
+# 1: wpa_supplicant initiates scanning and AP selection
+# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
+# parameters (e.g., WPA IE generation); this mode can also be used with
+# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
+# APs (i.e., external program needs to control association). This mode must
+# also be used when using wired Ethernet drivers.
+# 2: like 0, but associate with APs using security policy and SSID (but not
+# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
+# enable operation with hidden SSIDs and optimized roaming; in this mode,
+# the network blocks in the configuration file are tried one by one until
+# the driver reports successful association; each network block should have
+# explicit security policy (i.e., only one option in the lists) for
+# key_mgmt, pairwise, group, proto variables
+ap_scan=1
+
+# EAP fast re-authentication
+# By default, fast re-authentication is enabled for all EAP methods that
+# support it. This variable can be used to disable fast re-authentication.
+# Normally, there is no need to disable this.
+fast_reauth=1
+
+# OpenSSL Engine support
+# These options can be used to load OpenSSL engines.
+# The two engines that are supported currently are shown below:
+# They are both from the opensc project (http://www.opensc.org/)
+# By default no engines are loaded.
+# make the opensc engine available
+#opensc_engine_path=/usr/lib/opensc/engine_opensc.so
+# make the pkcs11 engine available
+#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
+# configure the path to the pkcs11 module required by the pkcs11 engine
+#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
+
+# Dynamic EAP methods
+# If EAP methods were built dynamically as shared object files, they need to be
+# loaded here before being used in the network blocks. By default, EAP methods
+# are included statically in the build, so these lines are not needed
+#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so
+#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so
+
+# Driver interface parameters
+# This field can be used to configure arbitrary driver interace parameters. The
+# format is specific to the selected driver interface. This field is not used
+# in most cases.
+#driver_param="field=value"
+
+# Maximum lifetime for PMKSA in seconds; default 43200
+#dot11RSNAConfigPMKLifetime=43200
+# Threshold for reauthentication (percentage of PMK lifetime); default 70
+#dot11RSNAConfigPMKReauthThreshold=70
+# Timeout for security association negotiation in seconds; default 60
+#dot11RSNAConfigSATimeout=60
+
+# network block
+#
+# Each network (usually AP's sharing the same SSID) is configured as a separate
+# block in this configuration file. The network blocks are in preference order
+# (the first match is used).
+#
+# network block fields:
+#
+# disabled:
+# 0 = this network can be used (default)
+# 1 = this network block is disabled (can be enabled through ctrl_iface,
+# e.g., with wpa_cli or wpa_gui)
+#
+# id_str: Network identifier string for external scripts. This value is passed
+# to external action script through wpa_cli as WPA_ID_STR environment
+# variable to make it easier to do network specific configuration.
+#
+# ssid: SSID (mandatory); either as an ASCII string with double quotation or
+# as hex string; network name
+#
+# scan_ssid:
+# 0 = do not scan this SSID with specific Probe Request frames (default)
+# 1 = scan with SSID-specific Probe Request frames (this can be used to
+# find APs that do not accept broadcast SSID or use multiple SSIDs;
+# this will add latency to scanning, so enable this only when needed)
+#
+# bssid: BSSID (optional); if set, this network block is used only when
+# associating with the AP using the configured BSSID
+#
+# priority: priority group (integer)
+# By default, all networks will get same priority group (0). If some of the
+# networks are more desirable, this field can be used to change the order in
+# which wpa_supplicant goes through the networks when selecting a BSS. The
+# priority groups will be iterated in decreasing priority (i.e., the larger the
+# priority value, the sooner the network is matched against the scan results).
+# Within each priority group, networks will be selected based on security
+# policy, signal strength, etc.
+# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not
+# using this priority to select the order for scanning. Instead, they try the
+# networks in the order that used in the configuration file.
+#
+# mode: IEEE 802.11 operation mode
+# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
+# 1 = IBSS (ad-hoc, peer-to-peer)
+# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
+# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
+# to be set to 2 for IBSS. WPA-None requires following network block options:
+# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
+# both), and psk must also be set.
+#
+# proto: list of accepted protocols
+# WPA = WPA/IEEE 802.11i/D3.0
+# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
+# If not set, this defaults to: WPA RSN
+#
+# key_mgmt: list of accepted authenticated key management protocols
+# WPA-PSK = WPA pre-shared key (this requires 'psk' field)
+# WPA-EAP = WPA using EAP authentication (this can use an external
+# program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
+# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
+# generated WEP keys
+# NONE = WPA is not used; plaintext or static WEP could be used
+# If not set, this defaults to: WPA-PSK WPA-EAP
+#
+# auth_alg: list of allowed IEEE 802.11 authentication algorithms
+# OPEN = Open System authentication (required for WPA/WPA2)
+# SHARED = Shared Key authentication (requires static WEP keys)
+# LEAP = LEAP/Network EAP (only used with LEAP)
+# If not set, automatic selection is used (Open System with LEAP enabled if
+# LEAP is allowed as one of the EAP methods).
+#
+# pairwise: list of accepted pairwise (unicast) ciphers for WPA
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# NONE = Use only Group Keys (deprecated, should not be included if APs support
+# pairwise keys)
+# If not set, this defaults to: CCMP TKIP
+#
+# group: list of accepted group (broadcast/multicast) ciphers for WPA
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
+# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]
+# If not set, this defaults to: CCMP TKIP WEP104 WEP40
+#
+# psk: WPA preshared key; 256-bit pre-shared key
+# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
+# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
+# generated using the passphrase and SSID). ASCII passphrase must be between
+# 8 and 63 characters (inclusive).
+# This field is not needed, if WPA-EAP is used.
+# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
+# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
+# startup and reconfiguration time can be optimized by generating the PSK only
+# only when the passphrase or SSID has actually changed.
+#
+# eapol_flags: IEEE 802.1X/EAPOL options (bit field)
+# Dynamic WEP key required for non-WPA mode
+# bit0 (1): require dynamically generated unicast WEP key
+# bit1 (2): require dynamically generated broadcast WEP key
+# (3 = require both keys; default)
+# Note: When using wired authentication, eapol_flags must be set to 0 for the
+# authentication to be completed successfully.
+#
+# proactive_key_caching:
+# Enable/disable opportunistic PMKSA caching for WPA2.
+# 0 = disabled (default)
+# 1 = enabled
+#
+# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or
+# hex without quotation, e.g., 0102030405)
+# wep_tx_keyidx: Default WEP key index (TX) (0..3)
+#
+# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is
+# allowed. This is only used with RSN/WPA2.
+# 0 = disabled (default)
+# 1 = enabled
+#peerkey=1
+#
+# Following fields are only used with internal EAP implementation.
+# eap: space-separated list of accepted EAP methods
+# MD5 = EAP-MD5 (unsecure and does not generate keying material ->
+# cannot be used with WPA; to be used as a Phase 2 method
+# with EAP-PEAP or EAP-TTLS)
+# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
+# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+# OTP = EAP-OTP (cannot be used separately with WPA; to be used
+# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+# GTC = EAP-GTC (cannot be used separately with WPA; to be used
+# as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+# TLS = EAP-TLS (client and server certificate)
+# PEAP = EAP-PEAP (with tunnelled EAP authentication)
+# TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2
+# authentication)
+# If not set, all compiled in methods are allowed.
+#
+# identity: Identity string for EAP
+# anonymous_identity: Anonymous identity string for EAP (to be used as the
+# unencrypted identity with EAP types that support different tunnelled
+# identity, e.g., EAP-TTLS)
+# password: Password string for EAP
+# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
+# or more trusted CA certificates. If ca_cert and ca_path are not
+# included, server certificate will not be verified. This is insecure and
+# a trusted CA certificate should always be configured when using
+# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
+# change when wpa_supplicant is run in the background.
+# On Windows, trusted CA certificates can be loaded from the system
+# certificate store by setting this to cert_store://<name>, e.g.,
+# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".
+# Note that when running wpa_supplicant as an application, the user
+# certificate store (My user account) is used, whereas computer store
+# (Computer account) is used when running wpasvc as a service.
+# ca_path: Directory path for CA certificate files (PEM). This path may
+# contain multiple CA certificates in OpenSSL format. Common use for this
+# is to point to system trusted CA list which is often installed into
+# directory like /etc/ssl/certs. If configured, these certificates are
+# added to the list of trusted CAs. ca_cert may also be included in that
+# case, but it is not required.
+# client_cert: File path to client certificate file (PEM/DER)
+# Full path should be used since working directory may change when
+# wpa_supplicant is run in the background.
+# Alternatively, a named configuration blob can be used by setting this
+# to blob://<blob name>.
+# private_key: File path to client private key file (PEM/DER/PFX)
+# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
+# commented out. Both the private key and certificate will be read from
+# the PKCS#12 file in this case. Full path should be used since working
+# directory may change when wpa_supplicant is run in the background.
+# Windows certificate store can be used by leaving client_cert out and
+# configuring private_key in one of the following formats:
+# cert://substring_to_match
+# hash://certificate_thumbprint_in_hex
+# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
+# Note that when running wpa_supplicant as an application, the user
+# certificate store (My user account) is used, whereas computer store
+# (Computer account) is used when running wpasvc as a service.
+# Alternatively, a named configuration blob can be used by setting this
+# to blob://<blob name>.
+# private_key_passwd: Password for private key file (if left out, this will be
+# asked through control interface)
+# dh_file: File path to DH/DSA parameters file (in PEM format)
+# This is an optional configuration file for setting parameters for an
+# ephemeral DH key exchange. In most cases, the default RSA
+# authentication does not use this configuration. However, it is possible
+# setup RSA to use ephemeral DH key exchange. In addition, ciphers with
+# DSA keys always use ephemeral DH keys. This can be used to achieve
+# forward secrecy. If the file is in DSA parameters format, it will be
+# automatically converted into DH params.
+# subject_match: Substring to be matched against the subject of the
+# authentication server certificate. If this string is set, the server
+# sertificate is only accepted if it contains this string in the subject.
+# The subject string is in following format:
+# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
+# altsubject_match: Semicolon separated string of entries to be matched against
+# the alternative subject name of the authentication server certificate.
+# If this string is set, the server sertificate is only accepted if it
+# contains one of the entries in an alternative subject name extension.
+# altSubjectName string is in following format: TYPE:VALUE
+# Example: EMAIL:server@example.com
+# Example: DNS:server.example.com;DNS:server2.example.com
+# Following types are supported: EMAIL, DNS, URI
+# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
+# (string with field-value pairs, e.g., "peapver=0" or
+# "peapver=1 peaplabel=1")
+# 'peapver' can be used to force which PEAP version (0 or 1) is used.
+# 'peaplabel=1' can be used to force new label, "client PEAP encryption",
+# to be used during key derivation when PEAPv1 or newer. Most existing
+# PEAPv1 implementation seem to be using the old label, "client EAP
+# encryption", and wpa_supplicant is now using that as the default value.
+# Some servers, e.g., Radiator, may require peaplabel=1 configuration to
+# interoperate with PEAPv1; see eap_testing.txt for more details.
+# 'peap_outer_success=0' can be used to terminate PEAP authentication on
+# tunneled EAP-Success. This is required with some RADIUS servers that
+# implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
+# Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)
+# include_tls_length=1 can be used to force wpa_supplicant to include
+# TLS Message Length field in all TLS messages even if they are not
+# fragmented.
+# sim_min_num_chal=3 can be used to configure EAP-SIM to require three
+# challenges (by default, it accepts 2 or 3)
+# phase2: Phase2 (inner authentication with TLS tunnel) parameters
+# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
+# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
+# Following certificate/private key fields are used in inner Phase2
+# authentication when using EAP-TTLS or EAP-PEAP.
+# ca_cert2: File path to CA certificate file. This file can have one or more
+# trusted CA certificates. If ca_cert2 and ca_path2 are not included,
+# server certificate will not be verified. This is insecure and a trusted
+# CA certificate should always be configured.
+# ca_path2: Directory path for CA certificate files (PEM)
+# client_cert2: File path to client certificate file
+# private_key2: File path to client private key file
+# private_key2_passwd: Password for private key file
+# dh_file2: File path to DH/DSA parameters file (in PEM format)
+# subject_match2: Substring to be matched against the subject of the
+# authentication server certificate.
+# altsubject_match2: Substring to be matched against the alternative subject
+# name of the authentication server certificate.
+#
+# fragment_size: Maximum EAP fragment size in bytes (default 1398).
+# This value limits the fragment size for EAP methods that support
+# fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set
+# small enough to make the EAP messages fit in MTU of the network
+# interface used for EAPOL. The default value is suitable for most
+# cases.
+#
+# EAP-PSK variables:
+# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
+# nai: user NAI
+#
+# EAP-PAX variables:
+# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
+#
+# EAP-SAKE variables:
+# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format
+# (this is concatenation of Root-Secret-A and Root-Secret-B)
+# nai: user NAI (PEERID)
+#
+# EAP-GPSK variables:
+# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits)
+# nai: user NAI (ID_Client)
+#
+# EAP-FAST variables:
+# pac_file: File path for the PAC entries. wpa_supplicant will need to be able
+# to create this file and write updates to it when PAC is being
+# provisioned or refreshed. Full path to the file should be used since
+# working directory may change when wpa_supplicant is run in the
+# background. Alternatively, a named configuration blob can be used by
+# setting this to blob://<blob name>
+# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST
+# credentials (PAC)
+#
+# wpa_supplicant supports number of "EAP workarounds" to work around
+# interoperability issues with incorrectly behaving authentication servers.
+# These are enabled by default because some of the issues are present in large
+# number of authentication servers. Strict EAP conformance mode can be
+# configured by disabling workarounds with eap_workaround=0.
+
+# Example blocks:
+
+# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
+network={
+ ssid="simple"
+ psk="very secret passphrase"
+ priority=5
+}
+
+# Same as previous, but request SSID-specific scanning (for APs that reject
+# broadcast SSID)
+network={
+ ssid="second ssid"
+ scan_ssid=1
+ psk="very secret passphrase"
+ priority=2
+}
+
+# Only WPA-PSK is used. Any valid cipher combination is accepted.
+network={
+ ssid="example"
+ proto=WPA
+ key_mgmt=WPA-PSK
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
+ priority=2
+}
+
+# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
+# or WEP40 as the group cipher will not be accepted.
+network={
+ ssid="example"
+ proto=RSN
+ key_mgmt=WPA-EAP
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ priority=1
+}
+
+# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
+# (e.g., Radiator)
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase1="peaplabel=1"
+ phase2="auth=MSCHAPV2"
+ priority=10
+}
+
+# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
+# unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ priority=2
+}
+
+# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted
+# use. Real identity is sent only within an encrypted TLS tunnel.
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase2="auth=MSCHAPV2"
+}
+
+# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
+# authentication.
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ # Phase1 / outer authentication
+ anonymous_identity="anonymous@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ # Phase 2 / inner authentication
+ phase2="autheap=TLS"
+ ca_cert2="/etc/cert/ca2.pem"
+ client_cert2="/etc/cer/user.pem"
+ private_key2="/etc/cer/user.prv"
+ private_key2_passwd="password"
+ priority=2
+}
+
+# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and
+# group cipher.
+network={
+ ssid="example"
+ bssid=00:11:22:33:44:55
+ proto=WPA RSN
+ key_mgmt=WPA-PSK WPA-EAP
+ pairwise=CCMP
+ group=CCMP
+ psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
+}
+
+# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP
+# and all valid ciphers.
+network={
+ ssid=00010203
+ psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+}
+
+
+# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using
+# EAP-TLS for authentication and key generation; require both unicast and
+# broadcast WEP keys.
+network={
+ ssid="1x-test"
+ key_mgmt=IEEE8021X
+ eap=TLS
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ eapol_flags=3
+}
+
+
+# LEAP with dynamic WEP keys
+network={
+ ssid="leap-example"
+ key_mgmt=IEEE8021X
+ eap=LEAP
+ identity="user"
+ password="foobar"
+}
+
+# Plaintext connection (no WPA, no IEEE 802.1X)
+network={
+ ssid="plaintext-test"
+ key_mgmt=NONE
+}
+
+
+# Shared WEP key connection (no WPA, no IEEE 802.1X)
+network={
+ ssid="static-wep-test"
+ key_mgmt=NONE
+ wep_key0="abcde"
+ wep_key1=0102030405
+ wep_key2="1234567890123"
+ wep_tx_keyidx=0
+ priority=5
+}
+
+
+# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
+# IEEE 802.11 authentication
+network={
+ ssid="static-wep-test2"
+ key_mgmt=NONE
+ wep_key0="abcde"
+ wep_key1=0102030405
+ wep_key2="1234567890123"
+ wep_tx_keyidx=0
+ priority=5
+ auth_alg=SHARED
+}
+
+
+# IBSS/ad-hoc network with WPA-None/TKIP.
+network={
+ ssid="test adhoc"
+ mode=1
+ proto=WPA
+ key_mgmt=WPA-NONE
+ pairwise=NONE
+ group=TKIP
+ psk="secret passphrase"
+}
+
+
+# Catch all example that allows more or less all configuration modes
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk="very secret passphrase"
+ eap=TTLS PEAP TLS
+ identity="user@example.com"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ phase1="peaplabel=0"
+}
+
+# Example of EAP-TLS with smartcard (openssl engine)
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TLS
+ proto=RSN
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ identity="user@example.com"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+
+ engine=1
+
+ # The engine configured here must be available. Look at
+ # OpenSSL engine support in the global section.
+ # The key available through the engine must be the private key
+ # matching the client certificate configured above.
+
+ # use the opensc engine
+ #engine_id="opensc"
+ #key_id="45"
+
+ # use the pkcs11 engine
+ engine_id="pkcs11"
+ key_id="id_45"
+
+ # Optional PIN configuration; this can be left out and PIN will be
+ # asked through the control interface
+ pin="1234"
+}
+
+# Example configuration showing how to use an inlined blob as a CA certificate
+# data instead of using external file
+network={
+ ssid="example"
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="user@example.com"
+ anonymous_identity="anonymous@example.com"
+ password="foobar"
+ ca_cert="blob://exampleblob"
+ priority=20
+}
+
+blob-base64-exampleblob={
+SGVsbG8gV29ybGQhCg==
+}
+
+
+# Wildcard match for SSID (plaintext APs only). This example select any
+# open AP regardless of its SSID.
+network={
+ key_mgmt=NONE
+}
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane
new file mode 100644
index 000000000..c91ffe0c8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane
@@ -0,0 +1,7 @@
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=0
+update_config=1
+
+network={
+ key_mgmt=NONE
+}
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
new file mode 100644
index 000000000..d6d4206a5
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
@@ -0,0 +1,111 @@
+SUMMARY = "Client for Wi-Fi Protected Access (WPA)"
+HOMEPAGE = "http://w1.fi/wpa_supplicant/"
+BUGTRACKER = "http://w1.fi/security/"
+SECTION = "network"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=292eece3f2ebbaa25608eed8464018a3 \
+ file://README;beginline=1;endline=56;md5=3f01d778be8f953962388307ee38ed2b \
+ file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=4061612fc5715696134e3baf933e8aba"
+DEPENDS = "dbus libnl"
+RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
+
+PACKAGECONFIG ??= "gnutls"
+PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
+PACKAGECONFIG[openssl] = ",,openssl"
+
+inherit pkgconfig systemd
+
+SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+
+SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
+ file://defconfig \
+ file://wpa-supplicant.sh \
+ file://wpa_supplicant.conf \
+ file://wpa_supplicant.conf-sane \
+ file://99_wpa_supplicant \
+ file://key-replay-cve-multiple.patch \
+ "
+SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
+SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"
+
+CVE_PRODUCT = "wpa_supplicant"
+
+S = "${WORKDIR}/wpa_supplicant-${PV}"
+
+PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli "
+FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase"
+FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli"
+FILES_${PN} += "${datadir}/dbus-1/system-services/*"
+CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf"
+
+do_configure () {
+ ${MAKE} -C wpa_supplicant clean
+ install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config
+ echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
+ echo "DRV_CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
+
+ if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then
+ ssl=openssl
+ elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then
+ ssl=gnutls
+ fi
+ if [ -n "$ssl" ]; then
+ sed -i "s/%ssl%/$ssl/" wpa_supplicant/.config
+ fi
+
+ # For rebuild
+ rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d
+}
+
+export EXTRA_CFLAGS = "${CFLAGS}"
+export BINDIR = "${sbindir}"
+
+do_compile () {
+ unset CFLAGS CPPFLAGS CXXFLAGS
+ sed -e "s:CFLAGS\ =.*:& \$(EXTRA_CFLAGS):g" -i ${S}/src/lib.rules
+ oe_runmake -C wpa_supplicant
+}
+
+do_install () {
+ install -d ${D}${sbindir}
+ install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir}
+ install -m 755 wpa_supplicant/wpa_cli ${D}${sbindir}
+
+ install -d ${D}${bindir}
+ install -m 755 wpa_supplicant/wpa_passphrase ${D}${bindir}
+
+ install -d ${D}${docdir}/wpa_supplicant
+ install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant
+
+ install -d ${D}${sysconfdir}
+ install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf
+
+ install -d ${D}${sysconfdir}/network/if-pre-up.d/
+ install -d ${D}${sysconfdir}/network/if-post-down.d/
+ install -d ${D}${sysconfdir}/network/if-down.d/
+ install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant
+ cd ${D}${sysconfdir}/network/ && \
+ ln -sf ../if-pre-up.d/wpa-supplicant if-post-down.d/wpa-supplicant
+
+ install -d ${D}/${sysconfdir}/dbus-1/system.d
+ install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d
+ install -d ${D}/${datadir}/dbus-1/system-services
+ install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services
+
+ if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+ install -d ${D}/${systemd_unitdir}/system
+ install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system
+ fi
+
+ install -d ${D}/etc/default/volatiles
+ install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles
+}
+
+pkg_postinst_wpa-supplicant () {
+ # If we're offline, we don't need to do this.
+ if [ "x$D" = "x" ]; then
+ killall -q -HUP dbus-daemon || true
+ fi
+
+}