268 files changed, 6497 insertions, 4514 deletions

diff --git a/poky/bitbake/bitbake/contrib/vim/bitbake.vim b/poky/bitbake/bitbake/contrib/vim/bitbake.vim
new file mode 100644
index 000000000..ff86c19fa
--- /dev/null
+++ b/poky/bitbake/bitbake/contrib/vim/bitbake.vim
@@ -0,0 +1,248 @@
+if exists("b:did_indent")
+    finish
+endif
+
+runtime! indent/sh.vim
+unlet b:did_indent
+
+setlocal indentexpr=BitbakeIndent(v:lnum)
+setlocal autoindent nolisp
+
+function s:is_python_func_def(lnum)
+    let stack = synstack(a:lnum, 1)
+    if len(stack) == 0
+        return 0
+    endif
+
+    let top = synIDattr(stack[0], "name")
+    echo top
+
+    return synIDattr(stack[0], "name") == "bbPyFuncDef"
+endfunction
+
+"""" begin modified from indent/python.vim, upstream commit 7a9bd7c1e0ce1baf5a02daf36eeae3638aa315c7
+"""" This copied code is licensed the same as Vim itself.
+setlocal indentkeys+=<:>,=elif,=except
+
+let s:keepcpo= &cpo
+set cpo&vim
+
+let s:maxoff = 50	" maximum number of lines to look backwards for ()
+
+function GetPythonIndent(lnum)
+
+  " If this line is explicitly joined: If the previous line was also joined,
+  " line it up with that one, otherwise add two 'shiftwidth'
+  if getline(a:lnum - 1) =~ '\\$'
+    if a:lnum > 1 && getline(a:lnum - 2) =~ '\\$'
+      return indent(a:lnum - 1)
+    endif
+    return indent(a:lnum - 1) + (exists("g:pyindent_continue") ? eval(g:pyindent_continue) : (shiftwidth() * 2))
+  endif
+
+  " If the start of the line is in a string don't change the indent.
+  if has('syntax_items')
+	\ && synIDattr(synID(a:lnum, 1, 1), "name") =~ "String$"
+    return -1
+  endif
+
+  " Search backwards for the previous non-empty line.
+  let plnum = prevnonblank(v:lnum - 1)
+
+  if plnum == 0
+    " This is the first non-empty line, use zero indent.
+    return 0
+  endif
+
+  call cursor(plnum, 1)
+
+  " Identing inside parentheses can be very slow, regardless of the searchpair()
+  " timeout, so let the user disable this feature if he doesn't need it
+  let disable_parentheses_indenting = get(g:, "pyindent_disable_parentheses_indenting", 0)
+
+  if disable_parentheses_indenting == 1
+    let plindent = indent(plnum)
+    let plnumstart = plnum
+  else
+    " searchpair() can be slow sometimes, limit the time to 150 msec or what is
+    " put in g:pyindent_searchpair_timeout
+    let searchpair_stopline = 0
+    let searchpair_timeout = get(g:, 'pyindent_searchpair_timeout', 150)
+
+    " If the previous line is inside parenthesis, use the indent of the starting
+    " line.
+    " Trick: use the non-existing "dummy" variable to break out of the loop when
+    " going too far back.
+    let parlnum = searchpair('(\|{\|\[', '', ')\|}\|\]', 'nbW',
+            \ "line('.') < " . (plnum - s:maxoff) . " ? dummy :"
+            \ . " synIDattr(synID(line('.'), col('.'), 1), 'name')"
+            \ . " =~ '\\(Comment\\|Todo\\|String\\)$'",
+            \ searchpair_stopline, searchpair_timeout)
+    if parlnum > 0
+      if s:is_python_func_def(parlnum)
+        let parlnum = 0
+        let plindent = indent(plnum)
+        let plnumstart = plnum
+      else
+        let plindent = indent(parlnum)
+        let plnumstart = parlnum
+      endif
+    else
+      let plindent = indent(plnum)
+      let plnumstart = plnum
+    endif
+
+    " When inside parenthesis: If at the first line below the parenthesis add
+    " two 'shiftwidth', otherwise same as previous line.
+    " i = (a
+    "       + b
+    "       + c)
+    call cursor(a:lnum, 1)
+    let p = searchpair('(\|{\|\[', '', ')\|}\|\]', 'bW',
+            \ "line('.') < " . (a:lnum - s:maxoff) . " ? dummy :"
+            \ . " synIDattr(synID(line('.'), col('.'), 1), 'name')"
+            \ . " =~ '\\(Comment\\|Todo\\|String\\)$'",
+            \ searchpair_stopline, searchpair_timeout)
+    if p > 0
+        if s:is_python_func_def(p)
+          let p = 0
+        else
+          if p == plnum
+            " When the start is inside parenthesis, only indent one 'shiftwidth'.
+            let pp = searchpair('(\|{\|\[', '', ')\|}\|\]', 'bW',
+                \ "line('.') < " . (a:lnum - s:maxoff) . " ? dummy :"
+                \ . " synIDattr(synID(line('.'), col('.'), 1), 'name')"
+                \ . " =~ '\\(Comment\\|Todo\\|String\\)$'",
+                \ searchpair_stopline, searchpair_timeout)
+            if pp > 0
+              return indent(plnum) + (exists("g:pyindent_nested_paren") ? eval(g:pyindent_nested_paren) : shiftwidth())
+            endif
+            return indent(plnum) + (exists("g:pyindent_open_paren") ? eval(g:pyindent_open_paren) : (shiftwidth() * 2))
+          endif
+          if plnumstart == p
+            return indent(plnum)
+          endif
+          return plindent
+        endif
+    endif
+
+  endif
+
+
+  " Get the line and remove a trailing comment.
+  " Use syntax highlighting attributes when possible.
+  let pline = getline(plnum)
+  let pline_len = strlen(pline)
+  if has('syntax_items')
+    " If the last character in the line is a comment, do a binary search for
+    " the start of the comment.  synID() is slow, a linear search would take
+    " too long on a long line.
+    if synIDattr(synID(plnum, pline_len, 1), "name") =~ "\\(Comment\\|Todo\\)$"
+      let min = 1
+      let max = pline_len
+      while min < max
+	let col = (min + max) / 2
+	if synIDattr(synID(plnum, col, 1), "name") =~ "\\(Comment\\|Todo\\)$"
+	  let max = col
+	else
+	  let min = col + 1
+	endif
+      endwhile
+      let pline = strpart(pline, 0, min - 1)
+    endif
+  else
+    let col = 0
+    while col < pline_len
+      if pline[col] == '#'
+	let pline = strpart(pline, 0, col)
+	break
+      endif
+      let col = col + 1
+    endwhile
+  endif
+
+  " If the previous line ended with a colon, indent this line
+  if pline =~ ':\s*$'
+    return plindent + shiftwidth()
+  endif
+
+  " If the previous line was a stop-execution statement...
+  if getline(plnum) =~ '^\s*\(break\|continue\|raise\|return\|pass\)\>'
+    " See if the user has already dedented
+    if indent(a:lnum) > indent(plnum) - shiftwidth()
+      " If not, recommend one dedent
+      return indent(plnum) - shiftwidth()
+    endif
+    " Otherwise, trust the user
+    return -1
+  endif
+
+  " If the current line begins with a keyword that lines up with "try"
+  if getline(a:lnum) =~ '^\s*\(except\|finally\)\>'
+    let lnum = a:lnum - 1
+    while lnum >= 1
+      if getline(lnum) =~ '^\s*\(try\|except\)\>'
+	let ind = indent(lnum)
+	if ind >= indent(a:lnum)
+	  return -1	" indent is already less than this
+	endif
+	return ind	" line up with previous try or except
+      endif
+      let lnum = lnum - 1
+    endwhile
+    return -1		" no matching "try"!
+  endif
+
+  " If the current line begins with a header keyword, dedent
+  if getline(a:lnum) =~ '^\s*\(elif\|else\)\>'
+
+    " Unless the previous line was a one-liner
+    if getline(plnumstart) =~ '^\s*\(for\|if\|try\)\>'
+      return plindent
+    endif
+
+    " Or the user has already dedented
+    if indent(a:lnum) <= plindent - shiftwidth()
+      return -1
+    endif
+
+    return plindent - shiftwidth()
+  endif
+
+  " When after a () construct we probably want to go back to the start line.
+  " a = (b
+  "       + c)
+  " here
+  if parlnum > 0
+    return plindent
+  endif
+
+  return -1
+
+endfunction
+
+let &cpo = s:keepcpo
+unlet s:keepcpo
+
+""" end of stuff from indent/python.vim
+
+
+let b:did_indent = 1
+
+
+function BitbakeIndent(lnum)
+    let stack = synstack(a:lnum, col("."))
+    if len(stack) == 0
+        return -1
+    endif
+
+    let name = synIDattr(stack[0], "name")
+
+    if index(["bbPyDefRegion", "bbPyFuncRegion"], name) != -1
+        let ret = GetPythonIndent(a:lnum)
+        return ret
+    endif
+
+    return -1
+    "return s:pythonIndentExpr()
+endfunction
diff --git a/poky/bitbake/lib/bb/fetch2/git.py b/poky/bitbake/lib/bb/fetch2/git.py
index 2d1d2cabd..fa41b078f 100644
--- a/poky/bitbake/lib/bb/fetch2/git.py
+++ b/poky/bitbake/lib/bb/fetch2/git.py
@@ -292,11 +292,21 @@ class Git(FetchMethod):
     def clonedir_need_update(self, ud, d):
         if not os.path.exists(ud.clonedir):
             return True
+        if ud.shallow and ud.write_shallow_tarballs and self.clonedir_need_shallow_revs(ud, d):
+            return True
         for name in ud.names:
             if not self._contains_ref(ud, d, name, ud.clonedir):
                 return True
         return False
 
+    def clonedir_need_shallow_revs(self, ud, d):
+        for rev in ud.shallow_revs:
+            try:
+                runfetchcmd('%s rev-parse -q --verify %s' % (ud.basecmd, rev), d, quiet=True, workdir=ud.clonedir)
+            except bb.fetch2.FetchError:
+                return rev
+        return None
+
     def shallow_tarball_need_update(self, ud):
         return ud.shallow and ud.write_shallow_tarballs and not os.path.exists(ud.fullshallow)
 
@@ -339,13 +349,7 @@ class Git(FetchMethod):
             runfetchcmd(clone_cmd, d, log=progresshandler)
 
         # Update the checkout if needed
-        needupdate = False
-        for name in ud.names:
-            if not self._contains_ref(ud, d, name, ud.clonedir):
-                needupdate = True
-                break
-
-        if needupdate:
+        if self.clonedir_need_update(ud, d):
             output = runfetchcmd("%s remote" % ud.basecmd, d, quiet=True, workdir=ud.clonedir)
             if "origin" in output:
               runfetchcmd("%s remote rm origin" % ud.basecmd, d, workdir=ud.clonedir)
@@ -369,6 +373,11 @@ class Git(FetchMethod):
             if not self._contains_ref(ud, d, name, ud.clonedir):
                 raise bb.fetch2.FetchError("Unable to find revision %s in branch %s even from upstream" % (ud.revisions[name], ud.branches[name]))
 
+        if ud.shallow and ud.write_shallow_tarballs:
+            missing_rev = self.clonedir_need_shallow_revs(ud, d)
+            if missing_rev:
+                raise bb.fetch2.FetchError("Unable to find revision %s even from upstream" % missing_rev)
+
     def build_mirror_data(self, ud, d):
         if ud.shallow and ud.write_shallow_tarballs:
             if not os.path.exists(ud.fullshallow):
diff --git a/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py b/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py
index 2e84b913d..af64d3446 100644
--- a/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py
+++ b/poky/bitbake/lib/bb/parse/parse_py/ConfHandler.py
@@ -119,30 +119,30 @@ def handle(fn, data, include):
         oldfile = data.getVar('FILE', False)
 
     abs_fn = resolve_file(fn, data)
-    f = open(abs_fn, 'r')
-
-    statements = ast.StatementGroup()
-    lineno = 0
-    while True:
-        lineno = lineno + 1
-        s = f.readline()
-        if not s:
-            break
-        w = s.strip()
-        # skip empty lines
-        if not w:
-            continue
-        s = s.rstrip()
-        while s[-1] == '\\':
-            s2 = f.readline().rstrip()
+    with open(abs_fn, 'r') as f:
+
+        statements = ast.StatementGroup()
+        lineno = 0
+        while True:
             lineno = lineno + 1
-            if (not s2 or s2 and s2[0] != "#") and s[0] == "#" :
-                bb.fatal("There is a confusing multiline, partially commented expression on line %s of file %s (%s).\nPlease clarify whether this is all a comment or should be parsed." % (lineno, fn, s))
-            s = s[:-1] + s2
-        # skip comments
-        if s[0] == '#':
-            continue
-        feeder(lineno, s, abs_fn, statements)
+            s = f.readline()
+            if not s:
+                break
+            w = s.strip()
+            # skip empty lines
+            if not w:
+                continue
+            s = s.rstrip()
+            while s[-1] == '\\':
+                s2 = f.readline().rstrip()
+                lineno = lineno + 1
+                if (not s2 or s2 and s2[0] != "#") and s[0] == "#" :
+                    bb.fatal("There is a confusing multiline, partially commented expression on line %s of file %s (%s).\nPlease clarify whether this is all a comment or should be parsed." % (lineno, fn, s))
+                s = s[:-1] + s2
+            # skip comments
+            if s[0] == '#':
+                continue
+            feeder(lineno, s, abs_fn, statements)
 
     # DONE WITH PARSING... time to evaluate
     data.setVar('FILE', abs_fn)
diff --git a/poky/bitbake/lib/bb/tests/fetch.py b/poky/bitbake/lib/bb/tests/fetch.py
index a0b656b61..83fad3ff0 100644
--- a/poky/bitbake/lib/bb/tests/fetch.py
+++ b/poky/bitbake/lib/bb/tests/fetch.py
@@ -1863,6 +1863,26 @@ class GitShallowTest(FetcherTest):
         with self.assertRaises(bb.fetch2.FetchError):
             self.fetch()
 
+    def test_shallow_fetch_missing_revs(self):
+        self.add_empty_file('a')
+        self.add_empty_file('b')
+        fetcher, ud = self.fetch(self.d.getVar('SRC_URI'))
+        self.git('tag v0.0 master', cwd=self.srcdir)
+        self.d.setVar('BB_GIT_SHALLOW_DEPTH', '0')
+        self.d.setVar('BB_GIT_SHALLOW_REVS', 'v0.0')
+        self.fetch_shallow()
+
+    def test_shallow_fetch_missing_revs_fails(self):
+        self.add_empty_file('a')
+        self.add_empty_file('b')
+        fetcher, ud = self.fetch(self.d.getVar('SRC_URI'))
+        self.d.setVar('BB_GIT_SHALLOW_DEPTH', '0')
+        self.d.setVar('BB_GIT_SHALLOW_REVS', 'v0.0')
+
+        with self.assertRaises(bb.fetch2.FetchError), self.assertLogs("BitBake.Fetcher", level="ERROR") as cm:
+            self.fetch_shallow()
+        self.assertIn("Unable to find revision v0.0 even from upstream", cm.output[0])
+
     @skipIfNoNetwork()
     def test_bitbake(self):
         self.git('remote add --mirror=fetch origin git://github.com/openembedded/bitbake', cwd=self.srcdir)
diff --git a/poky/bitbake/lib/prserv/serv.py b/poky/bitbake/lib/prserv/serv.py
index be3acec36..2bc68904f 100644
--- a/poky/bitbake/lib/prserv/serv.py
+++ b/poky/bitbake/lib/prserv/serv.py
@@ -379,9 +379,8 @@ def stop_daemon(host, port):
     ip = socket.gethostbyname(host)
     pidfile = PIDPREFIX % (ip, port)
     try:
-        pf = open(pidfile,'r')
-        pid = int(pf.readline().strip())
-        pf.close()
+        with open(pidfile) as pf:
+            pid = int(pf.readline().strip())
     except IOError:
         pid = None
 
diff --git a/poky/documentation/bsp-guide/bsp-guide.xml b/poky/documentation/bsp-guide/bsp-guide.xml
index addb42118..dd0c76add 100644
--- a/poky/documentation/bsp-guide/bsp-guide.xml
+++ b/poky/documentation/bsp-guide/bsp-guide.xml
@@ -132,9 +132,9 @@
                 <revremark>Released with the Yocto Project 2.7 Release.</revremark>
             </revision>
             <revision>
-                <revnumber>2.8</revnumber>
+                <revnumber>3.0</revnumber>
                 <date>&REL_MONTH_YEAR;</date>
-                <revremark>Released with the Yocto Project 2.8 Release.</revremark>
+                <revremark>Released with the Yocto Project 3.0 Release.</revremark>
             </revision>
         </revhistory>
 
diff --git a/poky/documentation/dev-manual/dev-manual-common-tasks.xml b/poky/documentation/dev-manual/dev-manual-common-tasks.xml
index f72f81f55..00741ee45 100644
--- a/poky/documentation/dev-manual/dev-manual-common-tasks.xml
+++ b/poky/documentation/dev-manual/dev-manual-common-tasks.xml
@@ -2349,7 +2349,7 @@
                 Most software provides some means of setting build-time
                 configuration options before compilation.
                 Typically, setting these options is accomplished by running a
-                configure script with some options, or by modifying a build
+                configure script with options, or by modifying a build
                 configuration file.
                 <note>
                     As of Yocto Project Release 1.7, some of the core recipes
@@ -2389,6 +2389,7 @@
                         software is built using Autotools.
                         If this is the case, you just need to worry about
                         modifying the configuration.</para>
+
                         <para>When using Autotools, your recipe needs to inherit
                         the
                         <ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-autotools'><filename>autotools</filename></ulink>
@@ -2401,13 +2402,15 @@
                         or
                         <ulink url='&YOCTO_DOCS_REF_URL;#var-PACKAGECONFIG_CONFARGS'><filename>PACKAGECONFIG_CONFARGS</filename></ulink>
                         to pass any needed configure options that are specific
-                        to the recipe.</para></listitem>
+                        to the recipe.
+                        </para></listitem>
                     <listitem><para><emphasis>CMake:</emphasis>
                         If your source files have a
                         <filename>CMakeLists.txt</filename> file, then your
                         software is built using CMake.
                         If this is the case, you just need to worry about
                         modifying the configuration.</para>
+
                         <para>When you use CMake, your recipe needs to inherit
                         the
                         <ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-cmake'><filename>cmake</filename></ulink>
@@ -2417,7 +2420,16 @@
                         You can make some adjustments by setting
                         <ulink url='&YOCTO_DOCS_REF_URL;#var-EXTRA_OECMAKE'><filename>EXTRA_OECMAKE</filename></ulink>
                         to pass any needed configure options that are specific
-                        to the recipe.</para></listitem>
+                        to the recipe.
+                        <note>
+                            If you need to install one or more custom CMake
+                            toolchain files that are supplied by the
+                            application you are building, install the files to
+                            <filename>${D}${datadir}/cmake/</filename> Modules
+                            during
+                            <ulink url='&YOCTO_DOCS_REF_URL;#ref-tasks-install'><filename>do_install</filename></ulink>.
+                        </note>
+                        </para></listitem>
                     <listitem><para><emphasis>Other:</emphasis>
                         If your source files do not have a
                         <filename>configure.ac</filename> or
@@ -2780,6 +2792,14 @@
                         <ulink url='&YOCTO_DOCS_REF_URL;#var-PARALLEL_MAKEINST'><filename>PARALLEL_MAKEINST</filename></ulink>
                         for additional information.
                         </para></listitem>
+                    <listitem><para>
+                        If you need to install one or more custom CMake
+                        toolchain files that are supplied by the
+                        application you are building, install the files to
+                        <filename>${D}${datadir}/cmake/</filename> Modules
+                        during
+                        <ulink url='&YOCTO_DOCS_REF_URL;#ref-tasks-install'><filename>do_install</filename></ulink>.
+                        </para></listitem>
                 </itemizedlist>
             </note>
         </section>
@@ -5420,12 +5440,16 @@
                             <literallayout class='monospaced'>
      BBMULTICONFIG = "x86 arm"
                             </literallayout>
-                          </para>
-
-                          <para>Please note, that a "default" configuration already exists by definition,
-                          this configuration is named: "" (empty string) and is defined by the variables
-                          coming from your local.conf file. So, the previous example actually adds two
-                          additional configurations to your build "arm" and "x86" along with "".
+                            <note>
+                                A "default" configuration already exists by
+                                definition.
+                                This configuration is named: "" (i.e. empty
+                                string) and is defined by the variables coming
+                                from your <filename>local.conf</filename> file.
+                                Consequently, the previous example actually
+                                adds two additional configurations to your
+                                build: "arm" and "x86" along with "".
+                            </note>
                             </para></listitem>
                         <listitem><para>
                             <emphasis>Launch BitBake</emphasis>:
@@ -5445,9 +5469,10 @@
                             <filename>x86.conf</filename> configuration file,
                             a <filename>core-image-sato</filename>
                             image that is configured through the
-                            <filename>arm.conf</filename> configuration file and a
-                            <filename>core-image-base</filename> that is configured
-                            through your <filename>local.conf</filename> configuration file.
+                            <filename>arm.conf</filename> configuration file
+                            and a <filename>core-image-base</filename> that is
+                            configured through your
+                            <filename>local.conf</filename> configuration file.
                             </para></listitem>
                     </itemizedlist>
                     <note>
@@ -10820,6 +10845,47 @@
         </para>
 
         <para>
+            By default, the Yocto Project uses SysVinit as the initialization
+            manager.
+            However, support also exists for systemd,
+            which is a full replacement for init with
+            parallel starting of services, reduced shell overhead and other
+            features that are used by many distributions.
+        </para>
+
+        <para>
+            Within the system, SysVinit treats system components as services.
+            These services are maintained as shell scripts stored in the
+            <filename>/etc/init.d/</filename> directory.
+            Services organize into different run levels.
+            This organization is maintained by putting links to the services
+            in the <filename>/etc/rcN.d/</filename> directories, where
+            <replaceable>N/</replaceable> is one of the following options:
+            "S", "0", "1", "2", "3", "4", "5", or "6".
+            <note>
+                Each runlevel has a dependency on the previous runlevel.
+                This dependency allows the services to work properly.
+            </note>
+        </para>
+
+        <para>
+            In comparison, systemd treats components as units.
+            Using units is a broader concept as compared to using a service.
+            A unit includes several different types of entities.
+            Service is one of the types of entities.
+            The runlevel concept in SysVinit corresponds to the concept of a
+            target in systemd, where target is also a type of supported unit.
+        </para>
+
+        <para>
+            In a SysVinit-based system, services load sequentially (i.e. one
+            by one) during and parallelization is not supported.
+            With systemd, services start in parallel.
+            Needless to say, the method can have an impact on system startup
+            performance.
+        </para>
+
+        <para>
             If you want to use SysVinit, you do
             not have to do anything.
             But, if you want to use systemd, you must
diff --git a/poky/documentation/dev-manual/dev-manual.xml b/poky/documentation/dev-manual/dev-manual.xml
index 42deff102..04fa1e4f9 100644
--- a/poky/documentation/dev-manual/dev-manual.xml
+++ b/poky/documentation/dev-manual/dev-manual.xml
@@ -117,9 +117,9 @@
                 <revremark>Released with the Yocto Project 2.7 Release.</revremark>
             </revision>
             <revision>
-                <revnumber>2.8</revnumber>
+                <revnumber>3.0</revnumber>
                 <date>&REL_MONTH_YEAR;</date>
-                <revremark>Released with the Yocto Project 2.8 Release.</revremark>
+                <revremark>Released with the Yocto Project 3.0 Release.</revremark>
             </revision>
         </revhistory>
 
diff --git a/poky/documentation/kernel-dev/kernel-dev.xml b/poky/documentation/kernel-dev/kernel-dev.xml
index c43330a31..4c5881b07 100644
--- a/poky/documentation/kernel-dev/kernel-dev.xml
+++ b/poky/documentation/kernel-dev/kernel-dev.xml
@@ -102,9 +102,9 @@
                 <revremark>Released with the Yocto Project 2.7 Release.</revremark>
             </revision>
             <revision>
-                <revnumber>2.8</revnumber>
+                <revnumber>3.0</revnumber>
                 <date>&REL_MONTH_YEAR;</date>
-                <revremark>Released with the Yocto Project 2.8 Release.</revremark>
+                <revremark>Released with the Yocto Project 3.0 Release.</revremark>
             </revision>
         </revhistory>
 
diff --git a/poky/documentation/mega-manual/mega-manual.xml b/poky/documentation/mega-manual/mega-manual.xml
index b66b9334f..eac5ea7be 100644
--- a/poky/documentation/mega-manual/mega-manual.xml
+++ b/poky/documentation/mega-manual/mega-manual.xml
@@ -88,9 +88,9 @@
                 <revremark>Released with the Yocto Project 2.7 Release.</revremark>
             </revision>
             <revision>
-                <revnumber>2.8</revnumber>
+                <revnumber>3.0</revnumber>
                 <date>&REL_MONTH_YEAR;</date>
-                <revremark>Released with the Yocto Project 2.8 Release.</revremark>
+                <revremark>Released with the Yocto Project 3.0 Release.</revremark>
             </revision>
        </revhistory>
 
diff --git a/poky/documentation/overview-manual/overview-manual.xml b/poky/documentation/overview-manual/overview-manual.xml
index 728cad57f..c7716e460 100644
--- a/poky/documentation/overview-manual/overview-manual.xml
+++ b/poky/documentation/overview-manual/overview-manual.xml
@@ -47,9 +47,9 @@
                 <revremark>Released with the Yocto Project 2.7 Release.</revremark>
             </revision>
             <revision>
-                <revnumber>2.8</revnumber>
+                <revnumber>3.0</revnumber>
                 <date>&REL_MONTH_YEAR;</date>
-                <revremark>Released with the Yocto Project 2.8 Release.</revremark>
+                <revremark>Released with the Yocto Project 3.0 Release.</revremark>
             </revision>
         </revhistory>
 
diff --git a/poky/documentation/poky.ent b/poky/documentation/poky.ent
index 192b9418f..7af47df72 100644
--- a/poky/documentation/poky.ent
+++ b/poky/documentation/poky.ent
@@ -1,14 +1,14 @@
-<!ENTITY DISTRO "2.8">
-<!ENTITY DISTRO_COMPRESSED "28">
+<!ENTITY DISTRO "3.0">
+<!ENTITY DISTRO_COMPRESSED "30">
 <!ENTITY DISTRO_NAME_NO_CAP "zeus">
 <!ENTITY DISTRO_NAME "Zeus">
 <!ENTITY DISTRO_NAME_NO_CAP_MINUS_ONE "warrior">
 <!ENTITY DISTRO_NAME_MINUS_ONE "Warrior">
-<!ENTITY YOCTO_DOC_VERSION "2.8">
+<!ENTITY YOCTO_DOC_VERSION "3.0">
 <!ENTITY YOCTO_DOC_VERSION_MINUS_ONE "2.7">
-<!ENTITY DISTRO_REL_TAG "yocto-2.8">
+<!ENTITY DISTRO_REL_TAG "yocto-3.0">
 <!ENTITY METAINTELVERSION "9.0">
-<!ENTITY REL_MONTH_YEAR "TBD">
+<!ENTITY REL_MONTH_YEAR "October 2019">
 <!ENTITY META_INTEL_REL_TAG "&METAINTELVERSION;-&DISTRO_NAME_NO_CAP;-&YOCTO_DOC_VERSION;">
 <!ENTITY POKYVERSION "22.0.0">
 <!ENTITY POKYVERSION_COMPRESSED "2200">
diff --git a/poky/documentation/profile-manual/profile-manual.xml b/poky/documentation/profile-manual/profile-manual.xml
index c6e8baf02..c1f461f43 100644
--- a/poky/documentation/profile-manual/profile-manual.xml
+++ b/poky/documentation/profile-manual/profile-manual.xml
@@ -102,9 +102,9 @@
                 <revremark>Released with the Yocto Project 2.7 Release.</revremark>
             </revision>
             <revision>
-                <revnumber>2.8</revnumber>
+                <revnumber>3.0</revnumber>
                 <date>&REL_MONTH_YEAR;</date>
-                <revremark>Released with the Yocto Project 2.8 Release.</revremark>
+                <revremark>Released with the Yocto Project 3.0 Release.</revremark>
             </revision>
         </revhistory>
 
diff --git a/poky/documentation/ref-manual/migration.xml b/poky/documentation/ref-manual/migration.xml
index ade8787b4..aa4495789 100644
--- a/poky/documentation/ref-manual/migration.xml
+++ b/poky/documentation/ref-manual/migration.xml
@@ -2103,10 +2103,9 @@
         </para>
 
         <para>
-            Additionally, a
-            <link linkend='ref-classes-bluetooth'><filename>bluetooth</filename></link>
-            class has been added to make selection of the appropriate bluetooth
-            support within a recipe a little easier.
+            Additionally, a <filename>bluetooth</filename> class has been added
+            to make selection of the appropriate bluetooth support within a
+            recipe a little easier.
             If you wish to make use of this class in a recipe, add something
             such as the following:
             <literallayout class='monospaced'>
@@ -6597,6 +6596,104 @@ id=f4d4f99cfbc2396e49c1613a7d237b9e57f06f81'>commit message</ulink>.
         </para>
     </section>
 </section>
+
+
+
+
+
+
+
+
+
+<section id='moving-to-the-yocto-project-3.0-release'>
+    <title>Moving to the Yocto Project 3.0 Release</title>
+
+    <para>
+        This section provides migration information for moving to the
+        Yocto Project 3.0 Release from the prior release.
+    </para>
+
+    <section id='migration-3.0-lsb-support-removed'>
+        <title>LSB Support Removed</title>
+
+        <para>
+            LSB support has been removed.
+        </para>
+    </section>
+
+    <section id='migration-3.0-poky-lsb-replaced'>
+        <title><filename>poky-lsb</filename> Replaced</title>
+
+        <para>
+            <filename>poky-lsb</filename> replaced by
+            <filename>poky-altcfg</filename> for alternate configurations to
+            be tested on the autobuilder.
+            As well as an example of subclassing a distro config.
+        </para>
+    </section>
+
+    <section id='migration-3.0-openssl-removed'>
+        <title>OpenSSL 1.0.X removed</title>
+
+        <para>
+            OpenSSL 1.0.X removed.
+        </para>
+    </section>
+
+    <section id='migration-3.0-hash-Equivalence added'>
+        <title>Hash Equivalence Added</title>
+
+        <para>
+            Hash Equivalence added.
+            See <ulink url='https://git.openembedded.org/openembedded-core/commit/?id=49b10ab3f802bf36d8a2add7db208a868f525d5b'></ulink>
+            for setup information.
+        </para>
+    </section>
+
+    <section id='migration-3.0-gnu-tests-added'>
+        <title><filename>gcc/glibc/binutls</filename> GNU Tests Added</title>
+
+        <para>
+            <filename>gcc/glibc/binutls</filename> GNU tests added.
+        </para>
+    </section>
+
+    <section id='migration-3.0-removed-recipes'>
+        <title>Removed Recipes</title>
+
+        <para>
+            Some topic...
+         </para>
+    </section>
+
+    <section id='migration-3.0-removed-classes'>
+        <title>Removed Classes</title>
+
+        <para>
+            Some topic...
+        </para>
+    </section>
+
+    <section id='migration-3.0-miscellaneous-changes'>
+        <title>Miscellaneous Changes</title>
+
+        <para>
+            Some topic...
+        </para>
+    </section>
+</section>
+
+
+
+
+
+
+
+
+
+
+
+
 </chapter>
 <!--
 vim: expandtab tw=80 ts=4
diff --git a/poky/documentation/ref-manual/ref-classes.xml b/poky/documentation/ref-manual/ref-classes.xml
index 5403f20b6..f9bbddd72 100644
--- a/poky/documentation/ref-manual/ref-classes.xml
+++ b/poky/documentation/ref-manual/ref-classes.xml
@@ -428,6 +428,14 @@
         variable to specify additional configuration options to be passed
         using the <filename>cmake</filename> command line.
     </para>
+
+    <para>
+        On the occasion that you would be installing custom CMake toolchain
+        files supplied by the application being built, you should install them
+        to the preferred CMake Module directory:
+        <filename>${D}${datadir}/cmake/</filename> Modules during
+        <ulink url='&YOCTO_DOCS_REF_URL;#ref-tasks-install'><filename>do_install</filename></ulink>.
+    </para>
 </section>
 
 <section id='ref-classes-cml1'>
diff --git a/poky/documentation/ref-manual/ref-manual.xml b/poky/documentation/ref-manual/ref-manual.xml
index fc4319773..b442f709a 100644
--- a/poky/documentation/ref-manual/ref-manual.xml
+++ b/poky/documentation/ref-manual/ref-manual.xml
@@ -133,9 +133,9 @@
                 <revremark>Released with the Yocto Project 2.7 Release.</revremark>
             </revision>
             <revision>
-                <revnumber>2.8</revnumber>
+                <revnumber>3.0</revnumber>
                 <date>&REL_MONTH_YEAR;</date>
-                <revremark>Released with the Yocto Project 2.8 Release.</revremark>
+                <revremark>Released with the Yocto Project 3.0 Release.</revremark>
             </revision>
         </revhistory>
 
diff --git a/poky/documentation/ref-manual/ref-variables.xml b/poky/documentation/ref-manual/ref-variables.xml
index 8ad3f9b3c..02abc590c 100644
--- a/poky/documentation/ref-manual/ref-variables.xml
+++ b/poky/documentation/ref-manual/ref-variables.xml
@@ -1349,8 +1349,8 @@
             <glossdef>
                 <para role="glossdeffirst">
 <!--                <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
-                    Specifies each additional separate configuration when you are
-                    building targets with multiple configurations.
+                    Specifies each additional separate configuration when you
+                    are building targets with multiple configurations.
                     Use this variable in your
                     <filename>conf/local.conf</filename> configuration file.
                     Specify a <replaceable>multiconfigname</replaceable> for
@@ -2182,9 +2182,10 @@
 
                 <para>
                     The <filename>BUSYBOX_SPLIT_SUID</filename> variable
-                    defaults to "1", which results in a single output
+                    defaults to "1", which results in splitting the output
                     executable file.
-                    Set the variable to "0" to split the output file.
+                    Set the variable to "0" to get a single output executable
+                    file.
                 </para>
             </glossdef>
         </glossentry>
diff --git a/poky/documentation/sdk-manual/sdk-manual.xml b/poky/documentation/sdk-manual/sdk-manual.xml
index 7edd2c46a..8d5f6ec4d 100644
--- a/poky/documentation/sdk-manual/sdk-manual.xml
+++ b/poky/documentation/sdk-manual/sdk-manual.xml
@@ -67,9 +67,9 @@
                 <revremark>Released with the Yocto Project 2.7 Release.</revremark>
             </revision>
             <revision>
-                <revnumber>2.8</revnumber>
+                <revnumber>3.0</revnumber>
                 <date>&REL_MONTH_YEAR;</date>
-                <revremark>Released with the Yocto Project 2.8 Release.</revremark>
+                <revremark>Released with the Yocto Project 3.0 Release.</revremark>
             </revision>
        </revhistory>
 
diff --git a/poky/documentation/toaster-manual/toaster-manual.xml b/poky/documentation/toaster-manual/toaster-manual.xml
index b31659ffb..d7b4bcee6 100644
--- a/poky/documentation/toaster-manual/toaster-manual.xml
+++ b/poky/documentation/toaster-manual/toaster-manual.xml
@@ -77,9 +77,9 @@
                 <revremark>Released with the Yocto Project 2.7 Release.</revremark>
             </revision>
             <revision>
-                <revnumber>2.8</revnumber>
+                <revnumber>3.0</revnumber>
                 <date>&REL_MONTH_YEAR;</date>
-                <revremark>Released with the Yocto Project 2.8 Release.</revremark>
+                <revremark>Released with the Yocto Project 3.0 Release.</revremark>
             </revision>
        </revhistory>
 
diff --git a/poky/documentation/tools/mega-manual.sed b/poky/documentation/tools/mega-manual.sed
index 9c4f4e2ed..374d8e7b0 100644
--- a/poky/documentation/tools/mega-manual.sed
+++ b/poky/documentation/tools/mega-manual.sed
@@ -1,36 +1,36 @@
 # Processes bitbake-user-manual (<word>-<word>-<word> style).
 # This style is for manual three-word folders, which currently is only the BitBake User Manual.
 # We used to have the "yocto-project-qs" and "poky-ref-manual" folders but no longer do.
-# s@"ulink" href="http://www.yoctoproject.org/docs/2.8/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.8/bitbake-user-manual/bitbake-user-manual.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/3.0/[a-z]*-[a-z]*-[a-z]*/[a-z]*-[a-z]*-[a-z]*.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.0/bitbake-user-manual/bitbake-user-manual.html#@"link" href="#@g
 
 # Processes all other manuals (<word>-<word> style).
 # This style is for manual folders that use two word, which is the standard now (e.g. "ref-manual").
 # Here is the one-liner:
-# s@"ulink" href="http://www.yoctoproject.org/docs/2.8/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
+# s@"ulink" href="http://www.yoctoproject.org/docs/3.0/[a-z]*-[a-z]*/[a-z]*-[a-z]*.html#@"link" href="#@g
 
-s@"ulink" href="http://www.yoctoproject.org/docs/2.8/sdk-manual/sdk-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.8/bsp-guide/bsp-guide.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.8/dev-manual/dev-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.8/overview-manual/overview-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.8/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.8/kernel-dev/kernel-dev.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.8/profile-manual/profile-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.8/ref-manual/ref-manual.html#@"link" href="#@g
-s@"ulink" href="http://www.yoctoproject.org/docs/2.8/toaster-manual/toaster-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.0/sdk-manual/sdk-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.0/bsp-guide/bsp-guide.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.0/dev-manual/dev-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.0/overview-manual/overview-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.0/brief-yoctoprojectqs/brief-yoctoprojectqs.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.0/kernel-dev/kernel-dev.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.0/profile-manual/profile-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.0/ref-manual/ref-manual.html#@"link" href="#@g
+s@"ulink" href="http://www.yoctoproject.org/docs/3.0/toaster-manual/toaster-manual.html#@"link" href="#@g
 
 # Process cases where just an external manual is referenced without an id anchor
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.8/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.8/bitbake-user-manual/bitbake-user-manual.html" target="_top">BitBake User Manual</a>@BitBake User Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.8/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.8/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.8/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.8/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.8/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.8/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.8/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.8/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.0/brief-yoctoprojectqs/brief-yoctoprojectqs.html" target="_top">Yocto Project Quick Build</a>@Yocto Project Quick Build@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.0/bitbake-user-manual/bitbake-user-manual.html" target="_top">BitBake User Manual</a>@BitBake User Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.0/dev-manual/dev-manual.html" target="_top">Yocto Project Development Tasks Manual</a>@Yocto Project Development Tasks Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.0/overview-manual/overview-manual.html" target="_top">Yocto Project Overview and Concepts Manual</a>@Yocto project Overview and Concepts Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.0/sdk-manual/sdk-manual.html" target="_top">Yocto Project Application Development and the Extensible Software Development Kit (eSDK)</a>@Yocto Project Application Development and the Extensible Software Development Kit (eSDK)@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.0/bsp-guide/bsp-guide.html" target="_top">Yocto Project Board Support Package (BSP) Developer's Guide</a>@Yocto Project Board Support Package (BSP) Developer's Guide@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.0/profile-manual/profile-manual.html" target="_top">Yocto Project Profiling and Tracing Manual</a>@Yocto Project Profiling and Tracing Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.0/kernel-dev/kernel-dev.html" target="_top">Yocto Project Linux Kernel Development Manual</a>@Yocto Project Linux Kernel Development Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.0/ref-manual/ref-manual.html" target="_top">Yocto Project Reference Manual</a>@Yocto Project Reference Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.0/toaster-manual/toaster-manual.html" target="_top">Toaster User Manual</a>@Toaster User Manual@g
 
 # Process a single, rouge occurrence of a linked reference to the Mega-Manual.
-s@<a class="ulink" href="http://www.yoctoproject.org/docs/2.8/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
+s@<a class="ulink" href="http://www.yoctoproject.org/docs/3.0/mega-manual/mega-manual.html" target="_top">Yocto Project Mega-Manual</a>@Yocto Project Mega-Manual@g
 
diff --git a/poky/meta-selftest/lib/oeqa/runtime/cases/virgl.py b/poky/meta-selftest/lib/oeqa/runtime/cases/virgl.py
index d301a19fa..c0abfd1b1 100644
--- a/poky/meta-selftest/lib/oeqa/runtime/cases/virgl.py
+++ b/poky/meta-selftest/lib/oeqa/runtime/cases/virgl.py
@@ -13,11 +13,6 @@ class VirglTest(OERuntimeTestCase):
 
     @OETestDepends(['virgl.VirglTest.test_kernel_driver'])
     def test_kmscube(self):
-
-        distro = oe.lsb.distro_identifier()
-        if distro and distro == 'centos-7':
-            self.skipTest('kmscube is not working when centos 7 is the host OS')
-
         status, output = self.target.run('kmscube', timeout=30)
         self.assertEqual(status, 0, "kmscube exited with non-zero status %d and output:\n%s" %(status, output))
         self.assertIn('renderer: "virgl"', output, "kmscube does not seem to use virgl:\n%s" %(output))
diff --git a/poky/meta-selftest/recipes-test/aspell/aspell_0.60.7.bbappend b/poky/meta-selftest/recipes-test/aspell/aspell_0.60.8.bbappend
index 205720982..205720982 100644
--- a/poky/meta-selftest/recipes-test/aspell/aspell_0.60.7.bbappend
+++ b/poky/meta-selftest/recipes-test/aspell/aspell_0.60.8.bbappend
diff --git a/poky/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb b/poky/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb
index 7c20d9a68..0cd0494da 100644
--- a/poky/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb
+++ b/poky/meta-selftest/recipes-test/recipeutils/recipeutils-test_1.2.bb
@@ -4,7 +4,7 @@ require recipeutils-test.inc
 
 LICENSE = "Proprietary"
 LIC_FILES_CHKSUM = "file://${WORKDIR}/somefile;md5=d41d8cd98f00b204e9800998ecf8427e"
-DEPENDS += "virtual/libx11"
+DEPENDS += "zlib"
 
 BBCLASSEXTEND = "native nativesdk"
 
diff --git a/poky/meta/classes/base.bbclass b/poky/meta/classes/base.bbclass
index d3184ecf7..1cea3a221 100644
--- a/poky/meta/classes/base.bbclass
+++ b/poky/meta/classes/base.bbclass
@@ -482,6 +482,7 @@ python () {
     # If we're building a target package we need to use fakeroot (pseudo)
     # in order to capture permissions, owners, groups and special files
     if not bb.data.inherits_class('native', d) and not bb.data.inherits_class('cross', d):
+        d.appendVarFlag('do_prepare_recipe_sysroot', 'depends', ' virtual/fakeroot-native:do_populate_sysroot')
         d.setVarFlag('do_unpack', 'umask', '022')
         d.setVarFlag('do_configure', 'umask', '022')
         d.setVarFlag('do_compile', 'umask', '022')
diff --git a/poky/meta/classes/cmake.bbclass b/poky/meta/classes/cmake.bbclass
index 2b317c832..291f1e8d4 100644
--- a/poky/meta/classes/cmake.bbclass
+++ b/poky/meta/classes/cmake.bbclass
@@ -106,11 +106,12 @@ set( CMAKE_CXX_LINK_FLAGS "${OECMAKE_CXX_LINK_FLAGS}" CACHE STRING "LDFLAGS" )
 
 # only search in the paths provided so cmake doesnt pick
 # up libraries and tools from the native build machine
-set( CMAKE_FIND_ROOT_PATH ${STAGING_DIR_HOST} ${STAGING_DIR_NATIVE} ${CROSS_DIR} ${OECMAKE_PERLNATIVE_DIR} ${OECMAKE_EXTRA_ROOT_PATH} ${EXTERNAL_TOOLCHAIN})
+set( CMAKE_FIND_ROOT_PATH ${STAGING_DIR_HOST} ${STAGING_DIR_NATIVE} ${CROSS_DIR} ${OECMAKE_PERLNATIVE_DIR} ${OECMAKE_EXTRA_ROOT_PATH} ${EXTERNAL_TOOLCHAIN} ${HOSTTOOLS_DIR})
 set( CMAKE_FIND_ROOT_PATH_MODE_PACKAGE ONLY )
 set( CMAKE_FIND_ROOT_PATH_MODE_PROGRAM ${OECMAKE_FIND_ROOT_PATH_MODE_PROGRAM} )
 set( CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY )
 set( CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY )
+set( CMAKE_PROGRAM_PATH "/" )
 
 # Use qt.conf settings
 set( ENV{QT_CONF_PATH} ${WORKDIR}/qt.conf )
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index c00d2910b..1c8b2223a 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -208,19 +208,21 @@ def check_cves(d, patched_cves):
 
             if cve in cve_whitelist:
                 bb.note("%s-%s has been whitelisted for %s" % (product, pv, cve))
+                # TODO: this should be in the report as 'whitelisted'
+                patched_cves.add(cve)
             elif cve in patched_cves:
                 bb.note("%s has been patched" % (cve))
             else:
                 to_append = False
                 if (operator_start == '=' and pv == version_start):
-                    cves_unpatched.append(cve)
+                    to_append = True
                 else:
                     if operator_start:
                         try:
                             to_append_start =  (operator_start == '>=' and LooseVersion(pv) >= LooseVersion(version_start))
                             to_append_start |= (operator_start == '>' and LooseVersion(pv) > LooseVersion(version_start))
                         except:
-                            bb.note("%s: Failed to compare %s %s %s for %s" %
+                            bb.warn("%s: Failed to compare %s %s %s for %s" %
                                     (product, pv, operator_start, version_start, cve))
                             to_append_start = False
                     else:
@@ -231,7 +233,7 @@ def check_cves(d, patched_cves):
                             to_append_end  = (operator_end == '<=' and LooseVersion(pv) <= LooseVersion(version_end))
                             to_append_end |= (operator_end == '<' and LooseVersion(pv) < LooseVersion(version_end))
                         except:
-                            bb.note("%s: Failed to compare %s %s %s for %s" %
+                            bb.warn("%s: Failed to compare %s %s %s for %s" %
                                     (product, pv, operator_end, version_end, cve))
                             to_append_end = False
                     else:
@@ -243,8 +245,11 @@ def check_cves(d, patched_cves):
                         to_append = to_append_start or to_append_end
 
                 if to_append:
+                    bb.note("%s-%s is vulnerable to %s" % (product, pv, cve))
                     cves_unpatched.append(cve)
-                bb.debug(2, "%s-%s is not patched for %s" % (product, pv, cve))
+                else:
+                    bb.note("%s-%s is not vulnerable to %s" % (product, pv, cve))
+                    patched_cves.add(cve)
     conn.close()
 
     return (list(patched_cves), cves_unpatched)
diff --git a/poky/meta/classes/devtool-source.bbclass b/poky/meta/classes/devtool-source.bbclass
index a8110006f..280d6009f 100644
--- a/poky/meta/classes/devtool-source.bbclass
+++ b/poky/meta/classes/devtool-source.bbclass
@@ -97,17 +97,15 @@ python devtool_post_unpack() {
     local_files = oe.recipeutils.get_recipe_local_files(d)
 
     if is_kernel_yocto:
-        for key in local_files.copy():
-            if key.endswith('scc'):
-                sccfile = open(local_files[key], 'r')
+        for key in [f for f in local_files if f.endswith('scc')]:
+            with open(local_files[key], 'r') as sccfile:
                 for l in sccfile:
                     line = l.split()
                     if line and line[0] in ('kconf', 'patch'):
                         cfg = os.path.join(os.path.dirname(local_files[key]), line[-1])
-                        if not cfg in local_files.values():
+                        if cfg not in local_files.values():
                             local_files[line[-1]] = cfg
                             shutil.copy2(cfg, workdir)
-                sccfile.close()
 
     # Ignore local files with subdir={BP}
     srcabspath = os.path.abspath(srcsubdir)
diff --git a/poky/meta/classes/icecc.bbclass b/poky/meta/classes/icecc.bbclass
index 4376aa37d..bc3d6f4cc 100644
--- a/poky/meta/classes/icecc.bbclass
+++ b/poky/meta/classes/icecc.bbclass
@@ -356,17 +356,6 @@ set_icecc_env() {
         return
     fi
 
-    # Create symlinks to icecc in the recipe-sysroot directory
-    mkdir -p ${ICE_PATH}
-    if [ -n "${KERNEL_CC}" ]; then
-        compilers="${@get_cross_kernel_cc(bb,d)}"
-    else
-        compilers="${HOST_PREFIX}gcc ${HOST_PREFIX}g++"
-    fi
-    for compiler in $compilers; do
-        ln -sf ${ICECC_BIN} ${ICE_PATH}/$compiler
-    done
-
     ICECC_CC="${@icecc_get_and_check_tool(bb, d, "gcc")}"
     ICECC_CXX="${@icecc_get_and_check_tool(bb, d, "g++")}"
     # cannot use icecc_get_and_check_tool here because it assumes as without target_sys prefix
@@ -385,6 +374,26 @@ set_icecc_env() {
         return
     fi
 
+    # Create symlinks to icecc and wrapper-scripts in the recipe-sysroot directory
+    mkdir -p $ICE_PATH/symlinks
+    if [ -n "${KERNEL_CC}" ]; then
+        compilers="${@get_cross_kernel_cc(bb,d)}"
+    else
+        compilers="${HOST_PREFIX}gcc ${HOST_PREFIX}g++"
+    fi
+    for compiler in $compilers; do
+        ln -sf $ICECC_BIN $ICE_PATH/symlinks/$compiler
+        rm -f $ICE_PATH/$compiler
+        cat <<-__EOF__ > $ICE_PATH/$compiler
+		#!/bin/sh -e
+		export ICECC_VERSION=$ICECC_VERSION
+		export ICECC_CC=$ICECC_CC
+		export ICECC_CXX=$ICECC_CXX
+		$ICE_PATH/symlinks/$compiler "\$@"
+		__EOF__
+        chmod 775 $ICE_PATH/$compiler
+    done
+
     ICECC_AS="`${ICECC_CC} -print-prog-name=as`"
     # for target recipes should return something like:
     # /OE/tmp-eglibc/sysroots/x86_64-linux/usr/libexec/arm920tt-oe-linux-gnueabi/gcc/arm-oe-linux-gnueabi/4.8.2/as
@@ -417,7 +426,6 @@ set_icecc_env() {
     export CCACHE_PATH="$PATH"
     export CCACHE_DISABLE="1"
 
-    export ICECC_VERSION ICECC_CC ICECC_CXX
     export PATH="$ICE_PATH:$PATH"
 
     bbnote "Using icecc path: $ICE_PATH"
diff --git a/poky/meta/classes/image.bbclass b/poky/meta/classes/image.bbclass
index f4633da3d..c2824395c 100644
--- a/poky/meta/classes/image.bbclass
+++ b/poky/meta/classes/image.bbclass
@@ -124,7 +124,7 @@ python () {
 def rootfs_variables(d):
     from oe.rootfs import variable_depends
     variables = ['IMAGE_DEVICE_TABLE','IMAGE_DEVICE_TABLES','BUILD_IMAGES_FROM_FEEDS','IMAGE_TYPES_MASKED','IMAGE_ROOTFS_ALIGNMENT','IMAGE_OVERHEAD_FACTOR','IMAGE_ROOTFS_SIZE','IMAGE_ROOTFS_EXTRA_SPACE',
-                 'IMAGE_ROOTFS_MAXSIZE','IMAGE_NAME','IMAGE_LINK_NAME','IMAGE_MANIFEST','DEPLOY_DIR_IMAGE','IMAGE_FSTYPES','IMAGE_INSTALL_COMPLEMENTARY','IMAGE_LINGUAS',
+                 'IMAGE_ROOTFS_MAXSIZE','IMAGE_NAME','IMAGE_LINK_NAME','IMAGE_MANIFEST','DEPLOY_DIR_IMAGE','IMAGE_FSTYPES','IMAGE_INSTALL_COMPLEMENTARY','IMAGE_LINGUAS', 'IMAGE_LINGUAS_COMPLEMENTARY',
                  'MULTILIBRE_ALLOW_REP','MULTILIB_TEMP_ROOTFS','MULTILIB_VARIANTS','MULTILIBS','ALL_MULTILIB_PACKAGE_ARCHS','MULTILIB_GLOBAL_VARIANTS','BAD_RECOMMENDATIONS','NO_RECOMMENDATIONS',
                  'PACKAGE_ARCHS','PACKAGE_CLASSES','TARGET_VENDOR','TARGET_ARCH','TARGET_OS','OVERRIDES','BBEXTENDVARIANT','FEED_DEPLOYDIR_BASE_URI','INTERCEPT_DIR','USE_DEVFS',
                  'CONVERSIONTYPES', 'IMAGE_GEN_DEBUGFS', 'ROOTFS_RO_UNNEEDED', 'IMGDEPLOYDIR', 'PACKAGE_EXCLUDE_COMPLEMENTARY', 'REPRODUCIBLE_TIMESTAMP_ROOTFS', 'IMAGE_INSTALL_DEBUGFS']
diff --git a/poky/meta/classes/kernel-devicetree.bbclass b/poky/meta/classes/kernel-devicetree.bbclass
index 8a81c850f..522c46575 100644
--- a/poky/meta/classes/kernel-devicetree.bbclass
+++ b/poky/meta/classes/kernel-devicetree.bbclass
@@ -71,23 +71,23 @@ do_deploy_append() {
 		dtb=`normalize_dtb "$dtbf"`
 		dtb_ext=${dtb##*.}
 		dtb_base_name=`basename $dtb .$dtb_ext`
-		install -d ${DEPLOYDIR}
-		install -m 0644 ${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext ${DEPLOYDIR}/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
-		ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext ${DEPLOYDIR}/$dtb_base_name.$dtb_ext
-		ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext ${DEPLOYDIR}/$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext
+		install -d $deployDir
+		install -m 0644 ${D}/${KERNEL_IMAGEDEST}/$dtb_base_name.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext
+		ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext $deployDir/$dtb_base_name.$dtb_ext
+		ln -sf $dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext $deployDir/$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext
 		for type in ${KERNEL_IMAGETYPE_FOR_MAKE}; do
 			if [ "$type" = "zImage" ] && [ "${KERNEL_DEVICETREE_BUNDLE}" = "1" ]; then
 				cat ${D}/${KERNEL_IMAGEDEST}/$type \
-					${DEPLOYDIR}/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext \
-					> ${DEPLOYDIR}/$type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext.bin
+					$deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext \
+					> $deployDir/$type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext.bin
 				ln -sf $type-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext.bin \
-					${DEPLOYDIR}/$type-$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext.bin
+					$deployDir/$type-$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext.bin
 				if [ -e "${KERNEL_OUTPUT_DIR}/${type}.initramfs" ]; then
 					cat ${KERNEL_OUTPUT_DIR}/${type}.initramfs \
-						${DEPLOYDIR}/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext \
-						>  ${DEPLOYDIR}/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext.bin
+						$deployDir/$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext \
+						>  $deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext.bin
 					ln -sf ${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_NAME}.$dtb_ext.bin \
-						${DEPLOYDIR}/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext.bin
+						$deployDir/${type}-${INITRAMFS_NAME}-$dtb_base_name-${KERNEL_DTB_LINK_NAME}.$dtb_ext.bin
 				fi
 			fi
 		done
diff --git a/poky/meta/classes/kernel-fitimage.bbclass b/poky/meta/classes/kernel-fitimage.bbclass
index 1bcb09c59..ec18a3d69 100644
--- a/poky/meta/classes/kernel-fitimage.bbclass
+++ b/poky/meta/classes/kernel-fitimage.bbclass
@@ -53,6 +53,9 @@ UBOOT_MKIMAGE_DTCOPTS ??= ""
 # fitImage Hash Algo
 FIT_HASH_ALG ?= "sha256"
 
+# fitImage Signature Algo
+FIT_SIGN_ALG ?= "rsa2048"
+
 #
 # Emit the fitImage ITS header
 #
@@ -246,6 +249,7 @@ EOF
 fitimage_emit_section_config() {
 
 	conf_csum="${FIT_HASH_ALG}"
+	conf_sign_algo="${FIT_SIGN_ALG}"
 	if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
 		conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
 	fi
@@ -327,7 +331,7 @@ EOF
 
 		cat << EOF >> ${1}
                         signature@1 {
-                                algo = "${conf_csum},rsa2048";
+                                algo = "${conf_csum},${conf_sign_algo}";
                                 key-name-hint = "${conf_sign_keyname}";
 				${sign_line}
                         };
@@ -500,27 +504,27 @@ kernel_do_deploy_append() {
 	# Update deploy directory
 	if echo ${KERNEL_IMAGETYPES} | grep -wq "fitImage"; then
 		echo "Copying fit-image.its source file..."
-		install -m 0644 ${B}/fit-image.its ${DEPLOYDIR}/fitImage-its-${KERNEL_FIT_NAME}.its
-		ln -snf fitImage-its-${KERNEL_FIT_NAME}.its ${DEPLOYDIR}/fitImage-its-${KERNEL_FIT_LINK_NAME}
+		install -m 0644 ${B}/fit-image.its "$deployDir/fitImage-its-${KERNEL_FIT_NAME}.its"
+		ln -snf fitImage-its-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${KERNEL_FIT_LINK_NAME}"
 
 		echo "Copying linux.bin file..."
-		install -m 0644 ${B}/linux.bin ${DEPLOYDIR}/fitImage-linux.bin-${KERNEL_FIT_NAME}.bin
-		ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}.bin ${DEPLOYDIR}/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}
+		install -m 0644 ${B}/linux.bin $deployDir/fitImage-linux.bin-${KERNEL_FIT_NAME}.bin
+		ln -snf fitImage-linux.bin-${KERNEL_FIT_NAME}.bin "$deployDir/fitImage-linux.bin-${KERNEL_FIT_LINK_NAME}"
 
 		if [ -n "${INITRAMFS_IMAGE}" ]; then
 			echo "Copying fit-image-${INITRAMFS_IMAGE}.its source file..."
-			install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its ${DEPLOYDIR}/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its
-			ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its ${DEPLOYDIR}/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}
+			install -m 0644 ${B}/fit-image-${INITRAMFS_IMAGE}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its"
+			ln -snf fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its "$deployDir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
 
 			echo "Copying fitImage-${INITRAMFS_IMAGE} file..."
-			install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} ${DEPLOYDIR}/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin
-			ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin ${DEPLOYDIR}/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}
+			install -m 0644 ${B}/arch/${ARCH}/boot/fitImage-${INITRAMFS_IMAGE} "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin"
+			ln -snf fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.bin "$deployDir/fitImage-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
 		fi
 		if [ "${UBOOT_SIGN_ENABLE}" = "1" -a -n "${UBOOT_DTB_BINARY}" ] ; then
 			# UBOOT_DTB_IMAGE is a realfile, but we can't use
 			# ${UBOOT_DTB_IMAGE} since it contains ${PV} which is aimed
 			# for u-boot, but we are in kernel env now.
-			install -m 0644 ${B}/u-boot-${MACHINE}*.dtb ${DEPLOYDIR}/
+			install -m 0644 ${B}/u-boot-${MACHINE}*.dtb "$deployDir/"
 		fi
 	fi
 }
diff --git a/poky/meta/classes/libc-package.bbclass b/poky/meta/classes/libc-package.bbclass
index a66e54088..de816bcec 100644
--- a/poky/meta/classes/libc-package.bbclass
+++ b/poky/meta/classes/libc-package.bbclass
@@ -346,14 +346,13 @@ python package_do_split_gconvs () {
 
     if use_bin == "compile":
         makefile = oe.path.join(d.getVar("WORKDIR"), "locale-tree", "Makefile")
-        m = open(makefile, "w")
-        m.write("all: %s\n\n" % " ".join(commands.keys()))
-        total = len(commands)
-        for i, cmd in enumerate(commands):
-            m.write(cmd + ":\n")
-            m.write("\t@echo 'Progress %d/%d'\n" % (i, total))
-            m.write("\t" + commands[cmd] + "\n\n")
-        m.close()
+        with open(makefile, "w") as m:
+            m.write("all: %s\n\n" % " ".join(commands.keys()))
+            total = len(commands)
+            for i, (maketarget, makerecipe) in enumerate(commands.items()):
+                m.write(maketarget + ":\n")
+                m.write("\t@echo 'Progress %d/%d'\n" % (i, total))
+                m.write("\t" + makerecipe + "\n\n")
         d.setVar("EXTRA_OEMAKE", "-C %s ${PARALLEL_MAKE}" % (os.path.dirname(makefile)))
         d.setVarFlag("oe_runmake", "progress", "outof:Progress\s(\d+)/(\d+)")
         bb.note("Executing binary locale generation makefile")
diff --git a/poky/meta/classes/package.bbclass b/poky/meta/classes/package.bbclass
index d8bef3afb..f955df111 100644
--- a/poky/meta/classes/package.bbclass
+++ b/poky/meta/classes/package.bbclass
@@ -826,8 +826,9 @@ python fixup_perms () {
 
     # Now we actually load from the configuration files
     for conf in get_fs_perms_list(d).split():
-        if os.path.exists(conf):
-            f = open(conf)
+        if not os.path.exists(conf):
+            continue
+        with open(conf) as f:
             for line in f:
                 if line.startswith('#'):
                     continue
@@ -848,7 +849,6 @@ python fixup_perms () {
                         fs_perms_table[entry.path] = entry
                         if entry.path in fs_link_table:
                             fs_link_table.pop(entry.path)
-            f.close()
 
     # Debug -- list out in-memory table
     #for dir in fs_perms_table:
@@ -1424,10 +1424,9 @@ fi
     pkgdest = d.getVar('PKGDEST')
     pkgdatadir = d.getVar('PKGDESTWORK')
 
-    data_file = pkgdatadir + d.expand("/${PN}" )
-    f = open(data_file, 'w')
-    f.write("PACKAGES: %s\n" % packages)
-    f.close()
+    data_file = pkgdatadir + d.expand("/${PN}")
+    with open(data_file, 'w') as fd:
+        fd.write("PACKAGES: %s\n" % packages)
 
     pn = d.getVar('PN')
     global_variants = (d.getVar('MULTILIB_GLOBAL_VARIANTS') or "").split()
@@ -1778,21 +1777,20 @@ python package_do_shlibs() {
             bb.note("Renaming %s to %s" % (old, new))
             os.rename(old, new)
             pkgfiles[pkg].remove(old)
-	    
+
         shlibs_file = os.path.join(shlibswork_dir, pkg + ".list")
         if len(sonames):
-            fd = open(shlibs_file, 'w')
-            for s in sonames:
-                if s[0] in shlib_provider and s[1] in shlib_provider[s[0]]:
-                    (old_pkg, old_pkgver) = shlib_provider[s[0]][s[1]]
-                    if old_pkg != pkg:
-                        bb.warn('%s-%s was registered as shlib provider for %s, changing it to %s-%s because it was built later' % (old_pkg, old_pkgver, s[0], pkg, pkgver))
-                bb.debug(1, 'registering %s-%s as shlib provider for %s' % (pkg, pkgver, s[0]))
-                fd.write(s[0] + ':' + s[1] + ':' + s[2] + '\n')
-                if s[0] not in shlib_provider:
-                    shlib_provider[s[0]] = {}
-                shlib_provider[s[0]][s[1]] = (pkg, pkgver)
-            fd.close()
+            with open(shlibs_file, 'w') as fd:
+                for s in sonames:
+                    if s[0] in shlib_provider and s[1] in shlib_provider[s[0]]:
+                        (old_pkg, old_pkgver) = shlib_provider[s[0]][s[1]]
+                        if old_pkg != pkg:
+                            bb.warn('%s-%s was registered as shlib provider for %s, changing it to %s-%s because it was built later' % (old_pkg, old_pkgver, s[0], pkg, pkgver))
+                    bb.debug(1, 'registering %s-%s as shlib provider for %s' % (pkg, pkgver, s[0]))
+                    fd.write(s[0] + ':' + s[1] + ':' + s[2] + '\n')
+                    if s[0] not in shlib_provider:
+                        shlib_provider[s[0]] = {}
+                    shlib_provider[s[0]][s[1]] = (pkg, pkgver)
         if needs_ldconfig and use_ldconfig:
             bb.debug(1, 'adding ldconfig call to postinst for %s' % pkg)
             postinst = d.getVar('pkg_postinst_%s' % pkg)
@@ -1864,11 +1862,10 @@ python package_do_shlibs() {
         deps_file = os.path.join(pkgdest, pkg + ".shlibdeps")
         if os.path.exists(deps_file):
             os.remove(deps_file)
-        if len(deps):
-            fd = open(deps_file, 'w')
-            for dep in sorted(deps):
-                fd.write(dep + '\n')
-            fd.close()
+        if deps:
+            with open(deps_file, 'w') as fd:
+                for dep in sorted(deps):
+                    fd.write(dep + '\n')
 }
 
 python package_do_pkgconfig () {
@@ -1898,9 +1895,8 @@ python package_do_pkgconfig () {
                     pkgconfig_provided[pkg].append(name)
                     if not os.access(file, os.R_OK):
                         continue
-                    f = open(file, 'r')
-                    lines = f.readlines()
-                    f.close()
+                    with open(file, 'r') as f:
+                        lines = f.readlines()
                     for l in lines:
                         m = var_re.match(l)
                         if m:
@@ -1918,10 +1914,9 @@ python package_do_pkgconfig () {
     for pkg in packages.split():
         pkgs_file = os.path.join(shlibswork_dir, pkg + ".pclist")
         if pkgconfig_provided[pkg] != []:
-            f = open(pkgs_file, 'w')
-            for p in pkgconfig_provided[pkg]:
-                f.write('%s\n' % p)
-            f.close()
+            with open(pkgs_file, 'w') as f:
+                for p in pkgconfig_provided[pkg]:
+                    f.write('%s\n' % p)
 
     # Go from least to most specific since the last one found wins
     for dir in reversed(shlibs_dirs):
@@ -1931,9 +1926,8 @@ python package_do_pkgconfig () {
             m = re.match(r'^(.*)\.pclist$', file)
             if m:
                 pkg = m.group(1)
-                fd = open(os.path.join(dir, file))
-                lines = fd.readlines()
-                fd.close()
+                with open(os.path.join(dir, file)) as fd:
+                    lines = fd.readlines()
                 pkgconfig_provided[pkg] = []
                 for l in lines:
                     pkgconfig_provided[pkg].append(l.rstrip())
@@ -1951,10 +1945,9 @@ python package_do_pkgconfig () {
                 bb.note("couldn't find pkgconfig module '%s' in any package" % n)
         deps_file = os.path.join(pkgdest, pkg + ".pcdeps")
         if len(deps):
-            fd = open(deps_file, 'w')
-            for dep in deps:
-                fd.write(dep + '\n')
-            fd.close()
+            with open(deps_file, 'w') as fd:
+                for dep in deps:
+                    fd.write(dep + '\n')
 }
 
 def read_libdep_files(d):
@@ -1965,9 +1958,8 @@ def read_libdep_files(d):
         for extension in ".shlibdeps", ".pcdeps", ".clilibdeps":
             depsfile = d.expand("${PKGDEST}/" + pkg + extension)
             if os.access(depsfile, os.R_OK):
-                fd = open(depsfile)
-                lines = fd.readlines()
-                fd.close()
+                with open(depsfile) as fd:
+                    lines = fd.readlines()
                 for l in lines:
                     l.rstrip()
                     deps = bb.utils.explode_dep_versions2(l)
diff --git a/poky/meta/classes/report-error.bbclass b/poky/meta/classes/report-error.bbclass
index ea043b23e..1a12db120 100644
--- a/poky/meta/classes/report-error.bbclass
+++ b/poky/meta/classes/report-error.bbclass
@@ -78,19 +78,15 @@ python errorreport_handler () {
             taskdata['task'] = task
             if log:
                 try:
-                    logFile = codecs.open(log, 'r', 'utf-8')
-                    logdata = logFile.read()
-
+                    with codecs.open(log, encoding='utf-8') as logFile:
+                        logdata = logFile.read()
                     # Replace host-specific paths so the logs are cleaner
                     for d in ("TOPDIR", "TMPDIR"):
                         s = e.data.getVar(d)
                         if s:
                             logdata = logdata.replace(s, d)
-
-                    logFile.close()
                 except:
                     logdata = "Unable to read log file"
-
             else:
                 logdata = "No Log"
 
diff --git a/poky/meta/classes/sanity.bbclass b/poky/meta/classes/sanity.bbclass
index 2d3f49eb1..a14bf5388 100644
--- a/poky/meta/classes/sanity.bbclass
+++ b/poky/meta/classes/sanity.bbclass
@@ -622,13 +622,14 @@ def check_sanity_version_change(status, d):
     # In other words, these tests run once in a given build directory and then 
     # never again until the sanity version or host distrubution id/version changes.
 
-    # Check the python install is complete. glib-2.0-natives requries
-    # xml.parsers.expat
+    # Check the python install is complete. Examples that are often removed in
+    # minimal installations: glib-2.0-natives requries # xml.parsers.expat and icu
+    # requires distutils.sysconfig.
     try:
         import xml.parsers.expat
-    except ImportError:
-        status.addresult('Your python is not a full install. Please install the module xml.parsers.expat (python-xml on openSUSE and SUSE Linux).\n')
-    import stat
+        import distutils.sysconfig
+    except ImportError as e:
+        status.addresult('Your Python 3 is not a full install. Please install the module %s (see the Getting Started guide for further information).\n' % e.name)
 
     status.addresult(check_make_version(d))
     status.addresult(check_patch_version(d))
@@ -664,6 +665,7 @@ def check_sanity_version_change(status, d):
         status.addresult('Please use ASSUME_PROVIDED +=, not ASSUME_PROVIDED = in your local.conf\n')
 
     # Check that TMPDIR isn't on a filesystem with limited filename length (eg. eCryptFS)
+    import stat
     tmpdir = d.getVar('TMPDIR')
     status.addresult(check_create_long_filename(tmpdir, "TMPDIR"))
     tmpdirmode = os.stat(tmpdir).st_mode
@@ -798,6 +800,11 @@ def check_sanity_everybuild(status, d):
         elif d.getVar('SDK_ARCH', False) == "${BUILD_ARCH}":
             status.addresult('SDKMACHINE is set, but SDK_ARCH has not been changed as a result - SDKMACHINE may have been set too late (e.g. in the distro configuration)\n')
 
+    # If SDK_VENDOR looks like "-my-sdk" then the triples are badly formed so fail early
+    sdkvendor = d.getVar("SDK_VENDOR")
+    if not (sdkvendor.startswith("-") and sdkvendor.count("-") == 1):
+        status.addresult("SDK_VENDOR should be of the form '-foosdk' with a single dash\n")
+
     check_supported_distro(d)
 
     omask = os.umask(0o022)
diff --git a/poky/meta/classes/systemd.bbclass b/poky/meta/classes/systemd.bbclass
index 1dca09964..9e8a82c9f 100644
--- a/poky/meta/classes/systemd.bbclass
+++ b/poky/meta/classes/systemd.bbclass
@@ -32,11 +32,7 @@ if type systemctl >/dev/null 2>/dev/null; then
 
 	if [ "${SYSTEMD_AUTO_ENABLE}" = "enable" ]; then
 		for service in ${SYSTEMD_SERVICE_ESCAPED}; do
-			case "${service}" in
-			*@*)
-				systemctl ${OPTS} enable "${service}"
-				;;
-			esac
+			systemctl ${OPTS} enable "$service"
 		done
 	fi
 
diff --git a/poky/meta/classes/testimage.bbclass b/poky/meta/classes/testimage.bbclass
index 525c5a617..844ed8794 100644
--- a/poky/meta/classes/testimage.bbclass
+++ b/poky/meta/classes/testimage.bbclass
@@ -262,6 +262,24 @@ def testimage_main(d):
     # It would be better to find these modules using instrospection.
     target_kwargs['target_modules_path'] = d.getVar('BBPATH')
 
+    # hardware controlled targets might need further access
+    target_kwargs['powercontrol_cmd'] = d.getVar("TEST_POWERCONTROL_CMD") or None
+    target_kwargs['powercontrol_extra_args'] = d.getVar("TEST_POWERCONTROL_EXTRA_ARGS") or ""
+    target_kwargs['serialcontrol_cmd'] = d.getVar("TEST_SERIALCONTROL_CMD") or None
+    target_kwargs['serialcontrol_extra_args'] = d.getVar("TEST_SERIALCONTROL_EXTRA_ARGS") or ""
+
+    def export_ssh_agent(d):
+        import os
+
+        variables = ['SSH_AGENT_PID', 'SSH_AUTH_SOCK']
+        for v in variables:
+            if v not in os.environ.keys():
+                val = d.getVar(v)
+                if val is not None:
+                    os.environ[v] = val
+
+    export_ssh_agent(d)
+
     # runtime use network for download projects for build
     export_proxies(d)
 
diff --git a/poky/meta/classes/tinderclient.bbclass b/poky/meta/classes/tinderclient.bbclass
deleted file mode 100644
index 00f453cec..000000000
--- a/poky/meta/classes/tinderclient.bbclass
+++ /dev/null
@@ -1,368 +0,0 @@
-def tinder_http_post(server, selector, content_type, body):
-    import httplib
-    # now post it
-    for i in range(0,5):
-        try:
-            h = httplib.HTTP(server)
-            h.putrequest('POST', selector)
-            h.putheader('content-type', content_type)
-            h.putheader('content-length', str(len(body)))
-            h.endheaders()
-            h.send(body)
-            errcode, errmsg, headers = h.getreply()
-            #print(errcode, errmsg, headers)
-            return (errcode,errmsg, headers, h.file)
-        except:
-            print("Error sending the report!")
-            # try again
-            pass
-
-    # return some garbage
-    return (-1, "unknown", "unknown", None)
-
-def tinder_form_data(bound, dict, log):
-    output = []
-    # for each key in the dictionary
-    for name in dict:
-        assert dict[name]
-        output.append( "--" + bound )
-        output.append( 'Content-Disposition: form-data; name="%s"' % name )
-        output.append( "" )
-        output.append( dict[name] )
-    if log:
-        output.append( "--" + bound )
-        output.append( 'Content-Disposition: form-data; name="log"; filename="log.txt"' )
-        output.append( '' )
-        output.append( log )
-    output.append( '--' + bound + '--' )
-    output.append( '' )
-
-    return "\r\n".join(output)
-
-def tinder_time_string():
-    """
-    Return the time as GMT
-    """
-    return ""
-
-def tinder_format_http_post(d,status,log):
-    """
-    Format the Tinderbox HTTP post with the data needed
-    for the tinderbox to be happy.
-    """
-
-    import random
-
-    # the variables we will need to send on this form post
-    variables =  {
-        "tree"         : d.getVar('TINDER_TREE'),
-        "machine_name" : d.getVar('TINDER_MACHINE'),
-        "os"           : os.uname()[0],
-        "os_version"   : os.uname()[2],
-        "compiler"     : "gcc",
-        "clobber"      : d.getVar('TINDER_CLOBBER') or "0",
-        "srcdate"      : d.getVar('SRCDATE'),
-        "PN"           : d.getVar('PN'),
-        "PV"           : d.getVar('PV'),
-        "PR"           : d.getVar('PR'),
-        "FILE"         : d.getVar('FILE') or "N/A",
-        "TARGETARCH"   : d.getVar('TARGET_ARCH'),
-        "TARGETFPU"    : d.getVar('TARGET_FPU') or "Unknown",
-        "TARGETOS"     : d.getVar('TARGET_OS') or "Unknown",
-        "MACHINE"      : d.getVar('MACHINE') or "Unknown",
-        "DISTRO"       : d.getVar('DISTRO') or "Unknown",
-        "zecke-rocks"  : "sure",
-    }
-
-    # optionally add the status
-    if status:
-        variables["status"] = str(status)
-
-    # try to load the machine id
-    # we only need on build_status.pl but sending it
-    # always does not hurt
-    try:
-        f = open(d.getVar('TMPDIR')+'/tinder-machine.id', 'r')
-        id = f.read()
-        variables['machine_id'] = id
-    except:
-        pass
-
-    # the boundary we will need
-    boundary = "----------------------------------%d" % int(random.random()*1000000000000)
-
-    # now format the body
-    body = tinder_form_data( boundary, variables, log )
-
-    return ("multipart/form-data; boundary=%s" % boundary),body
-
-
-def tinder_build_start(d):
-    """
-    Inform the tinderbox that a build is starting. We do this
-    by posting our name and tree to the build_start.pl script
-    on the server.
-    """
-
-    # get the body and type
-    content_type, body = tinder_format_http_post(d,None,None)
-    server = d.getVar('TINDER_HOST')
-    url    = d.getVar('TINDER_URL')
-
-    selector = url + "/xml/build_start.pl"
-
-    #print("selector %s and url %s" % (selector, url))
-
-    # now post it
-    errcode, errmsg, headers, h_file = tinder_http_post(server,selector,content_type, body)
-    #print(errcode, errmsg, headers)
-    report = h_file.read()
-
-    # now let us find the machine id that was assigned to us
-    search = "<machine id='"
-    report = report[report.find(search)+len(search):]
-    report = report[0:report.find("'")]
-
-    bb.note("Machine ID assigned by tinderbox: %s" % report )
-
-    # now we will need to save the machine number
-    # we will override any previous numbers
-    f = open(d.getVar('TMPDIR')+"/tinder-machine.id", 'w')
-    f.write(report)
-
-
-def tinder_send_http(d, status, _log):
-    """
-    Send this log as build status
-    """
-
-    # get the body and type
-    server = d.getVar('TINDER_HOST')
-    url    = d.getVar('TINDER_URL')
-
-    selector = url + "/xml/build_status.pl"
-
-    # now post it - in chunks of 10.000 characters
-    new_log = _log
-    while len(new_log) > 0:
-        content_type, body = tinder_format_http_post(d,status,new_log[0:18000])
-        errcode, errmsg, headers, h_file = tinder_http_post(server,selector,content_type, body)
-        #print(errcode, errmsg, headers)
-        #print(h.file.read())
-        new_log = new_log[18000:]
-
-
-def tinder_print_info(d):
-    """
-    Print the TinderBox Info
-        Including informations of the BaseSystem and the Tree
-        we use.
-    """
-
-    # get the local vars
-    time    = tinder_time_string()
-    ops     = os.uname()[0]
-    version = os.uname()[2]
-    url     = d.getVar('TINDER_URL')
-    tree    = d.getVar('TINDER_TREE')
-    branch  = d.getVar('TINDER_BRANCH')
-    srcdate = d.getVar('SRCDATE')
-    machine = d.getVar('MACHINE')
-    distro  = d.getVar('DISTRO')
-    bbfiles = d.getVar('BBFILES')
-    tarch   = d.getVar('TARGET_ARCH')
-    fpu     = d.getVar('TARGET_FPU')
-    oerev   = d.getVar('OE_REVISION') or "unknown"
-
-    # there is a bug with tipple quoted strings
-    # i will work around but will fix the original
-    # bug as well
-    output = []
-    output.append("== Tinderbox Info" )
-    output.append("Time: %(time)s" )
-    output.append("OS: %(ops)s" )
-    output.append("%(version)s" )
-    output.append("Compiler: gcc" )
-    output.append("Tinderbox Client: 0.1" )
-    output.append("Tinderbox Client Last Modified: yesterday" )
-    output.append("Tinderbox Protocol: 0.1" )
-    output.append("URL: %(url)s" )
-    output.append("Tree: %(tree)s" )
-    output.append("Config:" )
-    output.append("branch = '%(branch)s'" )
-    output.append("TARGET_ARCH = '%(tarch)s'" )
-    output.append("TARGET_FPU = '%(fpu)s'" )
-    output.append("SRCDATE = '%(srcdate)s'" )
-    output.append("MACHINE = '%(machine)s'" )
-    output.append("DISTRO = '%(distro)s'" )
-    output.append("BBFILES = '%(bbfiles)s'" )
-    output.append("OEREV = '%(oerev)s'" )
-    output.append("== End Tinderbox Client Info" )
-
-    # now create the real output
-    return "\n".join(output) % vars()
-
-
-def tinder_print_env():
-    """
-    Print the environment variables of this build
-    """
-    time_start = tinder_time_string()
-    time_end   = tinder_time_string()
-
-    # build the environment
-    env = ""
-    for var in os.environ:
-        env += "%s=%s\n" % (var, os.environ[var])
-
-    output = []
-    output.append( "---> TINDERBOX RUNNING env %(time_start)s" )
-    output.append( env )
-    output.append( "<--- TINDERBOX FINISHED (SUCCESS) %(time_end)s" )
-
-    return "\n".join(output) % vars()
-
-def tinder_tinder_start(d, event):
-    """
-    PRINT the configuration of this build
-    """
-
-    time_start = tinder_time_string()
-    config = tinder_print_info(d)
-    #env    = tinder_print_env()
-    time_end   = tinder_time_string()
-    packages = " ".join( event.getPkgs() ) 
-
-    output = []
-    output.append( "---> TINDERBOX PRINTING CONFIGURATION %(time_start)s" )
-    output.append( config )
-    #output.append( env    )
-    output.append( "<--- TINDERBOX FINISHED PRINTING CONFIGURATION %(time_end)s" )
-    output.append( "---> TINDERBOX BUILDING '%(packages)s'" )
-    output.append( "<--- TINDERBOX STARTING BUILD NOW" )
-
-    output.append( "" )
-
-    return "\n".join(output) % vars()
-
-def tinder_do_tinder_report(event):
-    """
-    Report to the tinderbox:
-        On the BuildStart we will inform the box directly
-        On the other events we will write to the TINDER_LOG and
-        when the Task is finished we will send the report.
-
-    The above is not yet fully implemented. Currently we send
-    information immediately. The caching/queuing needs to be
-    implemented. Also sending more or less information is not
-    implemented yet.
-
-    We have two temporary files stored in the TMP directory. One file
-    contains the assigned machine id for the tinderclient. This id gets
-    assigned when we connect the box and start the build process the second
-    file is used to workaround an EventHandler limitation. If BitBake is ran
-    with the continue option we want the Build to fail even if we get the
-    BuildCompleted Event. In this case we have to look up the status and
-    send it instead of 100/success.
-    """
-    import glob
-
-    # variables
-    name = bb.event.getName(event)
-    log  = ""
-    status = 1
-    # Check what we need to do Build* shows we start or are done
-    if name == "BuildStarted":
-        tinder_build_start(event.data)
-        log = tinder_tinder_start(event.data,event)
-
-        try:
-            # truncate the tinder log file
-            f = open(event.data.getVar('TINDER_LOG'), 'w')
-            f.write("")
-            f.close()
-        except:
-            pass
-
-        try:
-            # write a status to the file. This is needed for the -k option
-            # of BitBake
-            g = open(event.data.getVar('TMPDIR')+"/tinder-status", 'w')
-            g.write("")
-            g.close()
-        except IOError:
-            pass
-
-    # Append the Task-Log (compile,configure...) to the log file
-    # we will send to the server
-    if name == "TaskSucceeded" or name == "TaskFailed":
-        log_file = glob.glob("%s/log.%s.*" % (event.data.getVar('T'), event.task))
-
-        if len(log_file) != 0:
-            to_file  = event.data.getVar('TINDER_LOG')
-            log     += "".join(open(log_file[0], 'r').readlines())
-
-    # set the right 'HEADER'/Summary for the TinderBox
-    if name == "TaskStarted":
-        log += "---> TINDERBOX Task %s started\n" % event.task
-    elif name == "TaskSucceeded":
-        log += "<--- TINDERBOX Task %s done (SUCCESS)\n" % event.task
-    elif name == "TaskFailed":
-        log += "<--- TINDERBOX Task %s failed (FAILURE)\n" % event.task
-    elif name == "PkgStarted":
-        log += "---> TINDERBOX Package %s started\n" % event.data.getVar('PF')
-    elif name == "PkgSucceeded":
-        log += "<--- TINDERBOX Package %s done (SUCCESS)\n" % event.data.getVar('PF')
-    elif name == "PkgFailed":
-        if not event.data.getVar('TINDER_AUTOBUILD') == "0":
-            build.exec_task('do_clean', event.data)
-        log += "<--- TINDERBOX Package %s failed (FAILURE)\n" % event.data.getVar('PF')
-        status = 200
-        # remember the failure for the -k case
-        h = open(event.data.getVar('TMPDIR')+"/tinder-status", 'w')
-        h.write("200")
-    elif name == "BuildCompleted":
-        log += "Build Completed\n"
-        status = 100
-        # Check if we have a old status...
-        try:
-            h = open(event.data.getVar('TMPDIR')+'/tinder-status', 'r')
-            status = int(h.read())
-        except:
-            pass
-
-    elif name == "MultipleProviders":
-        log += "---> TINDERBOX Multiple Providers\n"
-        log += "multiple providers are available (%s);\n" % ", ".join(event.getCandidates())
-        log += "consider defining PREFERRED_PROVIDER_%s\n" % event.getItem()
-        log += "is runtime: %d\n" % event.isRuntime()
-        log += "<--- TINDERBOX Multiple Providers\n"
-    elif name == "NoProvider":
-        log += "Error: No Provider for: %s\n" % event.getItem()
-        log += "Error:Was Runtime: %d\n" % event.isRuntime()
-        status = 200
-        # remember the failure for the -k case
-        h = open(event.data.getVar('TMPDIR')+"/tinder-status", 'w')
-        h.write("200")
-
-    # now post the log
-    if len(log) == 0:
-        return
-
-    # for now we will use the http post method as it is the only one
-    log_post_method = tinder_send_http
-    log_post_method(event.data, status, log)
-
-
-# we want to be an event handler
-addhandler tinderclient_eventhandler
-python tinderclient_eventhandler() {
-    if e.data is None or bb.event.getName(e) == "MsgNote":
-        return
-
-    do_tinder_report = e.data.getVar('TINDER_REPORT')
-    if do_tinder_report and do_tinder_report == "1":
-        tinder_do_tinder_report(e)
-
-    return
-}
diff --git a/poky/meta/classes/uninative.bbclass b/poky/meta/classes/uninative.bbclass
index 3326c0db3..9f8645a36 100644
--- a/poky/meta/classes/uninative.bbclass
+++ b/poky/meta/classes/uninative.bbclass
@@ -45,7 +45,7 @@ python uninative_event_fetchloader() {
         tarballdir = os.path.join(d.getVar("UNINATIVE_DLDIR"), chksum)
         tarballpath = os.path.join(tarballdir, tarball)
 
-        if not os.path.exists(tarballpath):
+        if not os.path.exists(tarballpath + ".done"):
             bb.utils.mkdirhier(tarballdir)
             if d.getVar("UNINATIVE_URL") == "unset":
                 bb.fatal("Uninative selected but not configured, please set UNINATIVE_URL")
diff --git a/poky/meta/conf/machine/qemuriscv64.conf b/poky/meta/conf/machine/qemuriscv64.conf
index 99b48b309..b45fdd556 100644
--- a/poky/meta/conf/machine/qemuriscv64.conf
+++ b/poky/meta/conf/machine/qemuriscv64.conf
@@ -5,5 +5,5 @@
 require conf/machine/include/riscv/qemuriscv.inc
 
 EXTRA_IMAGEDEPENDS += "u-boot"
-UBOOT_MACHINE = "qemu-riscv64_defconfig"
+UBOOT_MACHINE = "qemu-riscv64_smode_defconfig"
 UBOOT_ELF = "u-boot"
diff --git a/poky/meta/lib/oe/buildhistory_analysis.py b/poky/meta/lib/oe/buildhistory_analysis.py
index 708e1b388..5b28774c9 100644
--- a/poky/meta/lib/oe/buildhistory_analysis.py
+++ b/poky/meta/lib/oe/buildhistory_analysis.py
@@ -413,7 +413,7 @@ def compare_dict_blobs(path, ablob, bblob, report_all, report_ver):
                 if abs(percentchg) < monitor_numeric_threshold:
                     continue
             elif (not report_all) and key in list_fields:
-                if key == "FILELIST" and path.endswith("-dbg") and bstr.strip() != '':
+                if key == "FILELIST" and (path.endswith("-dbg") or path.endswith("-src")) and bstr.strip() != '':
                     continue
                 if key in ['RPROVIDES', 'RDEPENDS', 'RRECOMMENDS', 'RSUGGESTS', 'RREPLACES', 'RCONFLICTS']:
                     (depvera, depverb) = compare_pkg_lists(astr, bstr)
diff --git a/poky/meta/lib/oe/package_manager.py b/poky/meta/lib/oe/package_manager.py
index 7c373715a..c7135ce91 100644
--- a/poky/meta/lib/oe/package_manager.py
+++ b/poky/meta/lib/oe/package_manager.py
@@ -298,7 +298,7 @@ class DpkgIndexer(Indexer):
                 release.write("Label: %s\n" % arch)
 
             cmd += "PSEUDO_UNLOAD=1 %s release . >> Release" % apt_ftparchive
-            
+
             index_cmds.append(cmd)
 
             deb_dirs_found = True
@@ -570,6 +570,8 @@ class PackageManager(object, metaclass=ABCMeta):
 
             for lang in split_linguas:
                 globs += " *-locale-%s" % lang
+                for complementary_linguas in (self.d.getVar('IMAGE_LINGUAS_COMPLEMENTARY') or "").split():
+                    globs += (" " + complementary_linguas) % lang
 
         if globs is None:
             return
@@ -655,7 +657,7 @@ def create_packages_dir(d, subrepo_dir, deploydir, taskname, filterbydependencie
     pn = d.getVar("PN")
     seendirs = set()
     multilibs = {}
-   
+
     bb.utils.remove(subrepo_dir, recurse=True)
     bb.utils.mkdirhier(subrepo_dir)
 
@@ -1006,8 +1008,8 @@ class RpmPM(PackageManager):
     def load_old_install_solution(self):
         if not os.path.exists(self.solution_manifest):
             return []
-
-        return open(self.solution_manifest, 'r').read().split()
+        with open(self.solution_manifest, 'r') as fd:
+            return fd.read().split()
 
     def _script_num_prefix(self, path):
         files = os.listdir(path)
diff --git a/poky/meta/lib/oe/packagedata.py b/poky/meta/lib/oe/packagedata.py
index cbde380b0..a82085a79 100644
--- a/poky/meta/lib/oe/packagedata.py
+++ b/poky/meta/lib/oe/packagedata.py
@@ -17,9 +17,8 @@ def read_pkgdatafile(fn):
 
     if os.access(fn, os.R_OK):
         import re
-        f = open(fn, 'r')
-        lines = f.readlines()
-        f.close()
+        with open(fn, 'r') as f:
+            lines = f.readlines()
         r = re.compile("([^:]+):\s*(.*)")
         for l in lines:
             m = r.match(l)
diff --git a/poky/meta/lib/oe/types.py b/poky/meta/lib/oe/types.py
index 77ee7ee54..bbbabafbf 100644
--- a/poky/meta/lib/oe/types.py
+++ b/poky/meta/lib/oe/types.py
@@ -154,7 +154,8 @@ def path(value, relativeto='', normalize='true', mustexist='false'):
 
     if boolean(mustexist):
         try:
-            open(value, 'r')
+            with open(value, 'r'):
+                pass
         except IOError as exc:
             if exc.errno == errno.ENOENT:
                 raise ValueError("{0}: {1}".format(value, os.strerror(errno.ENOENT)))
@@ -183,4 +184,3 @@ def qemu_use_kvm(kvm, target_arch):
         elif build_arch == target_arch:
             use_kvm = True
     return use_kvm
-
diff --git a/poky/meta/lib/oeqa/core/decorator/data.py b/poky/meta/lib/oeqa/core/decorator/data.py
index babc9789d..12d462f20 100644
--- a/poky/meta/lib/oeqa/core/decorator/data.py
+++ b/poky/meta/lib/oeqa/core/decorator/data.py
@@ -113,3 +113,21 @@ class skipIfNotFeature(OETestDecorator):
         self.logger.debug(msg)
         if not has_feature(self.case.td, self.value):
             self.case.skipTest(self.msg)
+
+@registerDecorator
+class skipIfFeature(OETestDecorator):
+    """
+        Skip test based on DISTRO_FEATURES.
+
+        value must not be in distro features or it will skip the test
+        with msg as the reason.
+    """
+
+    attrs = ('value', 'msg')
+
+    def setUpDecorator(self):
+        msg = ('Checking if %s is not in DISTRO_FEATURES '
+               'or IMAGE_FEATURES' % (self.value))
+        self.logger.debug(msg)
+        if has_feature(self.case.td, self.value):
+            self.case.skipTest(self.msg)
diff --git a/poky/meta/lib/oeqa/runtime/cases/df.py b/poky/meta/lib/oeqa/runtime/cases/df.py
index d8d79f32e..89fd0fb90 100644
--- a/poky/meta/lib/oeqa/runtime/cases/df.py
+++ b/poky/meta/lib/oeqa/runtime/cases/df.py
@@ -11,7 +11,7 @@ class DfTest(OERuntimeTestCase):
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     @OEHasPackage(['coreutils', 'busybox'])
     def test_df(self):
-        cmd = "df / | sed -n '2p' | awk '{print $4}'"
+        cmd = "df -P / | sed -n '2p' | awk '{print $4}'"
         (status,output) = self.target.run(cmd)
         msg = 'Not enough space on image. Current size is %s' % output
         self.assertTrue(int(output)>5120, msg=msg)
diff --git a/poky/meta/lib/oeqa/runtime/cases/opkg.py b/poky/meta/lib/oeqa/runtime/cases/opkg.py
index bb8b6d99d..750706161 100644
--- a/poky/meta/lib/oeqa/runtime/cases/opkg.py
+++ b/poky/meta/lib/oeqa/runtime/cases/opkg.py
@@ -5,7 +5,7 @@
 import os
 from oeqa.utils.httpserver import HTTPService
 from oeqa.runtime.case import OERuntimeTestCase
-from oeqa.core.decorator.data import skipIfNotDataVar, skipIfNotFeature
+from oeqa.core.decorator.data import skipIfNotDataVar, skipIfNotFeature, skipIfFeature
 from oeqa.runtime.decorator.package import OEHasPackage
 
 class OpkgTest(OERuntimeTestCase):
@@ -45,6 +45,8 @@ class OpkgRepoTest(OpkgTest):
                       'Test requires package-management to be in IMAGE_FEATURES')
     @skipIfNotDataVar('IMAGE_PKGTYPE', 'ipk',
                       'IPK is not the primary package manager')
+    @skipIfFeature('read-only-rootfs',
+                   'Test does not work with read-only-rootfs in IMAGE_FEATURES')
     @OEHasPackage(['opkg'])
     def test_opkg_install_from_repo(self):
         self.setup_source_config_for_package_install()
diff --git a/poky/meta/lib/oeqa/runtime/cases/systemd.py b/poky/meta/lib/oeqa/runtime/cases/systemd.py
index c11fa49b0..7c44abe8e 100644
--- a/poky/meta/lib/oeqa/runtime/cases/systemd.py
+++ b/poky/meta/lib/oeqa/runtime/cases/systemd.py
@@ -9,7 +9,7 @@ from oeqa.runtime.case import OERuntimeTestCase
 from oeqa.core.decorator.depends import OETestDepends
 from oeqa.core.decorator.data import skipIfDataVar, skipIfNotDataVar
 from oeqa.runtime.decorator.package import OEHasPackage
-from oeqa.core.decorator.data import skipIfNotFeature
+from oeqa.core.decorator.data import skipIfNotFeature, skipIfFeature
 
 class SystemdTest(OERuntimeTestCase):
 
@@ -114,12 +114,26 @@ class SystemdServiceTests(SystemdTest):
         self.systemctl('is-active', 'avahi-daemon.service', verbose=True)
 
     @OETestDepends(['systemd.SystemdServiceTests.test_systemd_status'])
+    @skipIfFeature('read-only-rootfs',
+                   'Test is only meant to run without read-only-rootfs in IMAGE_FEATURES')
     def test_systemd_disable_enable(self):
         self.systemctl('disable', 'avahi-daemon.service')
         self.systemctl('is-enabled', 'avahi-daemon.service', expected=1)
         self.systemctl('enable', 'avahi-daemon.service')
         self.systemctl('is-enabled', 'avahi-daemon.service')
 
+    @OETestDepends(['systemd.SystemdServiceTests.test_systemd_status'])
+    @skipIfNotFeature('read-only-rootfs',
+                      'Test is only meant to run with read-only-rootfs in IMAGE_FEATURES')
+    def test_systemd_disable_enable_ro(self):
+        status = self.target.run('mount -orw,remount /')[0]
+        self.assertTrue(status == 0, msg='Remounting / as r/w failed')
+        try:
+            self.test_systemd_disable_enable()
+        finally:
+            status = self.target.run('mount -oro,remount /')[0]
+            self.assertTrue(status == 0, msg='Remounting / as r/o failed')
+
 class SystemdJournalTests(SystemdTest):
 
     @OETestDepends(['systemd.SystemdBasicTests.test_systemd_basic'])
diff --git a/poky/meta/lib/oeqa/runtime/context.py b/poky/meta/lib/oeqa/runtime/context.py
index 77d58eefa..ef738a335 100644
--- a/poky/meta/lib/oeqa/runtime/context.py
+++ b/poky/meta/lib/oeqa/runtime/context.py
@@ -138,7 +138,7 @@ class OERuntimeTestContextExecutor(OETestContextExecutor):
         def add_controller_list(path):
             if not os.path.exists(os.path.join(path, '__init__.py')):
                 raise OSError('Controllers directory %s exists but is missing __init__.py' % path)
-            files = sorted([f for f in os.listdir(path) if f.endswith('.py') and not f.startswith('_')])
+            files = sorted([f for f in os.listdir(path) if f.endswith('.py') and not f.startswith('_') and not f.startswith('.#')])
             for f in files:
                 module = 'oeqa.controllers.' + f[:-3]
                 if module not in controllerslist:
diff --git a/poky/meta/lib/oeqa/selftest/cases/bblayers.py b/poky/meta/lib/oeqa/selftest/cases/bblayers.py
index 954488dfd..f131d9856 100644
--- a/poky/meta/lib/oeqa/selftest/cases/bblayers.py
+++ b/poky/meta/lib/oeqa/selftest/cases/bblayers.py
@@ -14,21 +14,21 @@ class BitbakeLayers(OESelftestTestCase):
 
     def test_bitbakelayers_showcrossdepends(self):
         result = runCmd('bitbake-layers show-cross-depends')
-        self.assertTrue('aspell' in result.output, msg = "No dependencies were shown. bitbake-layers show-cross-depends output: %s" % result.output)
+        self.assertIn('aspell', result.output)
 
     def test_bitbakelayers_showlayers(self):
         result = runCmd('bitbake-layers show-layers')
-        self.assertTrue('meta-selftest' in result.output, msg = "No layers were shown. bitbake-layers show-layers output: %s" % result.output)
+        self.assertIn('meta-selftest', result.output)
 
     def test_bitbakelayers_showappends(self):
         recipe = "xcursor-transparent-theme"
         bb_file = self.get_recipe_basename(recipe)
         result = runCmd('bitbake-layers show-appends')
-        self.assertTrue(bb_file in result.output, msg="%s file was not recognised. bitbake-layers show-appends output: %s" % (bb_file, result.output))
+        self.assertIn(bb_file, result.output)
 
     def test_bitbakelayers_showoverlayed(self):
         result = runCmd('bitbake-layers show-overlayed')
-        self.assertTrue('aspell' in result.output, msg="aspell overlayed recipe was not recognised bitbake-layers show-overlayed %s" % result.output)
+        self.assertIn('aspell', result.output)
 
     def test_bitbakelayers_flatten(self):
         recipe = "xcursor-transparent-theme"
diff --git a/poky/meta/lib/oeqa/selftest/cases/bbtests.py b/poky/meta/lib/oeqa/selftest/cases/bbtests.py
index 9461c7ed1..dc423ec43 100644
--- a/poky/meta/lib/oeqa/selftest/cases/bbtests.py
+++ b/poky/meta/lib/oeqa/selftest/cases/bbtests.py
@@ -44,7 +44,7 @@ class BitbakeTests(OESelftestTestCase):
         find_build_completed = re.search(r"Tasks Summary:.*(\n.*)*NOTE: Test for bb\.event\.BuildCompleted", result.output)
         self.assertTrue(find_build_started, msg = "Match failed in:\n%s"  % result.output)
         self.assertTrue(find_build_completed, msg = "Match failed in:\n%s" % result.output)
-        self.assertFalse('Test for bb.event.InvalidEvent' in result.output, msg = "\"Test for bb.event.InvalidEvent\" message found during bitbake process. bitbake output: %s" % result.output)
+        self.assertNotIn('Test for bb.event.InvalidEvent', result.output)
 
     def test_local_sstate(self):
         bitbake('m4-native')
@@ -59,7 +59,7 @@ class BitbakeTests(OESelftestTestCase):
 
     def test_bitbake_invalid_target(self):
         result = bitbake('asdf', ignore_status=True)
-        self.assertTrue("ERROR: Nothing PROVIDES 'asdf'" in result.output, msg = "Though no 'asdf' target exists, bitbake didn't output any err. message. bitbake output: %s" % result.output)
+        self.assertIn("ERROR: Nothing PROVIDES 'asdf'", result.output)
 
     def test_warnings_errors(self):
         result = bitbake('-b asdf', ignore_status=True)
@@ -123,7 +123,7 @@ class BitbakeTests(OESelftestTestCase):
         for f in ['pn-buildlist', 'task-depends.dot']:
             self.addCleanup(os.remove, f)
         self.assertTrue('Task dependencies saved to \'task-depends.dot\'' in result.output, msg = "No task dependency \"task-depends.dot\" file was generated for the given task target. bitbake output: %s" % result.output)
-        self.assertTrue(recipe in ftools.read_file(os.path.join(self.builddir, 'task-depends.dot')), msg = "No \"%s\" dependency found in task-depends.dot file." % recipe)
+        self.assertIn(recipe, ftools.read_file(os.path.join(self.builddir, 'task-depends.dot')))
 
     def test_image_manifest(self):
         bitbake('core-image-minimal')
@@ -147,8 +147,7 @@ INHERIT_remove = \"report-error\"
         bitbake('-ccleanall man-db')
         self.delete_recipeinc('man-db')
         self.assertEqual(result.status, 1, msg="Command succeded when it should have failed. bitbake output: %s" % result.output)
-        self.assertTrue('Fetcher failure: Unable to find file file://invalid anywhere. The paths that were searched were:' in result.output, msg = "\"invalid\" file \
-doesn't exist, yet no error message encountered. bitbake output: %s" % result.output)
+        self.assertIn('Fetcher failure: Unable to find file file://invalid anywhere. The paths that were searched were:', result.output)
         line = self.getline(result, 'Fetcher failure for URL: \'file://invalid\'. Unable to fetch URL from any source.')
         self.assertTrue(line and line.startswith("ERROR:"), msg = "\"invalid\" file \
 doesn't exist, yet fetcher didn't report any error. bitbake output: %s" % result.output)
@@ -173,7 +172,7 @@ SSTATE_DIR = \"${TOPDIR}/download-selftest\"
     def test_environment(self):
         self.write_config("TEST_ENV=\"localconf\"")
         result = runCmd('bitbake -e | grep TEST_ENV=')
-        self.assertTrue('localconf' in result.output, msg = "bitbake didn't report any value for TEST_ENV variable. To test, run 'bitbake -e | grep TEST_ENV='")
+        self.assertIn('localconf', result.output)
 
     def test_dry_run(self):
         result = runCmd('bitbake -n m4-native')
@@ -193,10 +192,10 @@ SSTATE_DIR = \"${TOPDIR}/download-selftest\"
         self.track_for_cleanup(preconf)
         ftools.write_file(preconf ,"TEST_PREFILE=\"prefile\"")
         result = runCmd('bitbake -r conf/prefile.conf -e | grep TEST_PREFILE=')
-        self.assertTrue('prefile' in result.output, "Preconfigure file \"prefile.conf\"was not taken into consideration. ")
+        self.assertIn('prefile', result.output)
         self.write_config("TEST_PREFILE=\"localconf\"")
         result = runCmd('bitbake -r conf/prefile.conf -e | grep TEST_PREFILE=')
-        self.assertTrue('localconf' in result.output, "Preconfigure file \"prefile.conf\"was not taken into consideration.")
+        self.assertIn('localconf', result.output)
 
     def test_postfile(self):
         postconf = os.path.join(self.builddir, 'conf/postfile.conf')
@@ -204,7 +203,7 @@ SSTATE_DIR = \"${TOPDIR}/download-selftest\"
         ftools.write_file(postconf , "TEST_POSTFILE=\"postfile\"")
         self.write_config("TEST_POSTFILE=\"localconf\"")
         result = runCmd('bitbake -R conf/postfile.conf -e | grep TEST_POSTFILE=')
-        self.assertTrue('postfile' in result.output, "Postconfigure file \"postfile.conf\"was not taken into consideration.")
+        self.assertIn('postfile', result.output)
 
     def test_checkuri(self):
         result = runCmd('bitbake -c checkuri m4')
diff --git a/poky/meta/lib/oeqa/selftest/cases/imagefeatures.py b/poky/meta/lib/oeqa/selftest/cases/imagefeatures.py
index cf2a42aab..ef2eefa86 100644
--- a/poky/meta/lib/oeqa/selftest/cases/imagefeatures.py
+++ b/poky/meta/lib/oeqa/selftest/cases/imagefeatures.py
@@ -124,7 +124,7 @@ class ImageFeatures(OESelftestTestCase):
 
         # check if result image is sparse
         image_stat = os.stat(image_path)
-        self.assertTrue(image_stat.st_size > image_stat.st_blocks * 512)
+        self.assertGreater(image_stat.st_size, image_stat.st_blocks * 512)
 
         # check if the resulting gzip is valid
         self.assertTrue(runCmd('gzip -t %s' % gzip_path))
diff --git a/poky/meta/lib/oeqa/selftest/cases/incompatible_lic.py b/poky/meta/lib/oeqa/selftest/cases/incompatible_lic.py
index 424a9e69c..904b5b409 100644
--- a/poky/meta/lib/oeqa/selftest/cases/incompatible_lic.py
+++ b/poky/meta/lib/oeqa/selftest/cases/incompatible_lic.py
@@ -73,3 +73,21 @@ INCOMPATIBLE_LICENSE_pn-core-image-minimal = "GPL-3.0 LGPL-3.0"
 
         bitbake('core-image-minimal')
 
+class NoGPL3InImagesTests(OESelftestTestCase):
+    def test_core_image_minimal(self):
+        self.write_config("""
+INCOMPATIBLE_LICENSE_pn-core-image-minimal = "GPL-3.0 LGPL-3.0"
+""")
+        bitbake('core-image-minimal')
+
+    def test_core_image_full_cmdline(self):
+        self.write_config("""
+INHERIT += "testimage"\n
+INCOMPATIBLE_LICENSE_pn-core-image-full-cmdline = "GPL-3.0 LGPL-3.0"\n
+RDEPENDS_packagegroup-core-full-cmdline-utils_remove = "bash bc coreutils cpio ed findutils gawk grep mc mc-fish mc-helpers mc-helpers-perl sed tar time"\n
+RDEPENDS_packagegroup-core-full-cmdline-dev-utils_remove = "diffutils m4 make patch"\n
+RDEPENDS_packagegroup-core-full-cmdline-multiuser_remove = "gzip"\n
+""")
+        bitbake('core-image-full-cmdline')
+        bitbake('-c testimage core-image-full-cmdline')
+
diff --git a/poky/meta/lib/oeqa/selftest/cases/oescripts.py b/poky/meta/lib/oeqa/selftest/cases/oescripts.py
index c169885cf..80d8b2c4c 100644
--- a/poky/meta/lib/oeqa/selftest/cases/oescripts.py
+++ b/poky/meta/lib/oeqa/selftest/cases/oescripts.py
@@ -121,3 +121,9 @@ class OEGitproxyTests(OESelftestTestCase):
         if dash is None:
             self.skipTest("No \"dash\" found on test system.")
         self.run_oegitproxy(custom_shell=dash)
+
+class OeRunNativeTest(OESelftestTestCase):
+    def test_oe_run_native(self):
+        bitbake("qemu-helper-native -c addto_recipe_sysroot")
+        result = runCmd("oe-run-native qemu-helper-native tunctl -h")
+        self.assertIn("Delete: tunctl -d device-name [-f tun-clone-device]", result.output)
diff --git a/poky/meta/lib/oeqa/selftest/cases/recipetool.py b/poky/meta/lib/oeqa/selftest/cases/recipetool.py
index 1c701a40b..c1562c63b 100644
--- a/poky/meta/lib/oeqa/selftest/cases/recipetool.py
+++ b/poky/meta/lib/oeqa/selftest/cases/recipetool.py
@@ -685,7 +685,9 @@ class RecipetoolAppendsrcTests(RecipetoolAppendsrcBase):
 
         self._test_appendsrcfile(testrecipe, filepath, srcdir=subdir)
         bitbake('%s:do_unpack' % testrecipe)
-        self.assertEqual(open(self.testfile, 'r').read(), open(os.path.join(srcdir, filepath), 'r').read())
+        with open(self.testfile, 'r') as testfile:
+            with open(os.path.join(srcdir, filepath), 'r') as makefilein:
+                self.assertEqual(testfile.read(), makefilein.read())
 
     def test_recipetool_appendsrcfiles_basic(self, destdir=None):
         newfiles = [self.testfile]
diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
index 3f212bd0e..7d3922ce4 100644
--- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -179,6 +179,8 @@ class TestImage(OESelftestTestCase):
         distro = oe.lsb.distro_identifier()
         if distro and distro == 'debian-8':
             self.skipTest('virgl isn\'t working with Debian 8')
+        if distro and distro == 'centos-7':
+            self.skipTest('virgl isn\'t working with Centos 7')
 
         qemu_packageconfig = get_bb_var('PACKAGECONFIG', 'qemu-system-native')
         features = 'INHERIT += "testimage"\n'
diff --git a/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch b/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch
index a9806cfdf..8a0138bbe 100644
--- a/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch
+++ b/poky/meta/recipes-bsp/gnu-efi/gnu-efi/parallel-make-archives.patch
@@ -19,25 +19,7 @@ Signed-off-by: Darren Hart <dvhart@linux.intel.com>
 Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
 [Rebased for 3.0.8]
 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- gnuefi/Makefile | 3 ++-
- lib/Makefile    | 2 +-
- 2 files changed, 3 insertions(+), 2 deletions(-)
 
-diff --git a/gnuefi/Makefile b/gnuefi/Makefile
-index 2a61699..89b560a 100644
---- a/gnuefi/Makefile
-+++ b/gnuefi/Makefile
-@@ -54,7 +54,8 @@ TARGETS	= crt0-efi-$(ARCH).o libgnuefi.a
- 
- all:	$(TARGETS)
- 
--libgnuefi.a: $(patsubst %,libgnuefi.a(%),$(OBJS))
-+libgnuefi.a: $(OBJS)
-+	$(AR) $(ARFLAGS) $@ $(OBJS)
- 
- clean:
- 	rm -f $(TARGETS) *~ *.o $(OBJS)
 diff --git a/lib/Makefile b/lib/Makefile
 index 0e6410d..048751a 100644
 --- a/lib/Makefile
diff --git a/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.9.bb b/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.11.bb
index 6d4c30335..9954d7f57 100644
--- a/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.9.bb
+++ b/poky/meta/recipes-bsp/gnu-efi/gnu-efi_3.0.11.bb
@@ -18,8 +18,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \
            file://gnu-efi-3.0.9-fix-clang-build.patch \
            "
 
-SRC_URI[md5sum] = "32af17b917545a693e549af2439c4a99"
-SRC_URI[sha256sum] = "6715ea7eae1c7e4fc5041034bd3f107ec2911962ed284a081e491646b12277f0"
+SRC_URI[md5sum] = "21148bbcccec385a9bfdf5f678959577"
+SRC_URI[sha256sum] = "f28da792a2532e91e18e0101468811739a22cde9eee5eacfd0efb9bf3a61d6b9"
 
 COMPATIBLE_HOST = "(x86_64.*|i.86.*|aarch64.*|arm.*)-linux"
 COMPATIBLE_HOST_armv4 = 'null'
diff --git a/poky/meta/recipes-bsp/opensbi/opensbi_0.4.bb b/poky/meta/recipes-bsp/opensbi/opensbi_0.5.bb
index b03043668..759bbbfda 100644
--- a/poky/meta/recipes-bsp/opensbi/opensbi_0.4.bb
+++ b/poky/meta/recipes-bsp/opensbi/opensbi_0.5.bb
@@ -8,7 +8,7 @@ require opensbi-payloads.inc
 
 inherit autotools-brokensep deploy
 
-SRCREV = "ce228ee0919deb9957192d723eecc8aaae2697c6"
+SRCREV = "be92da280d87c38a2e0adc5d3f43bab7b5468f09"
 SRC_URI = "git://github.com/riscv/opensbi.git \
            file://0001-Makefile-Don-t-specify-mabi-or-march.patch \
           "
diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-CVE-2019-13103.patch b/poky/meta/recipes-bsp/u-boot/files/0001-CVE-2019-13103.patch
deleted file mode 100644
index 1a5d1eb99..000000000
--- a/poky/meta/recipes-bsp/u-boot/files/0001-CVE-2019-13103.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 39a759494f734c4cdc3e2b919671bfb3134b41ae Mon Sep 17 00:00:00 2001
-From: Paul Emge <paulemge@forallsecure.com>
-Date: Mon, 8 Jul 2019 16:37:03 -0700
-Subject: [PATCH 1/9] CVE-2019-13103: disk: stop infinite recursion in DOS
- Partitions
-
-part_get_info_extended and print_partition_extended can recurse infinitely
-while parsing a self-referential filesystem or one with a silly number of
-extended partitions. This patch adds a limit to the number of recursive
-partitions.
-
-Signed-off-by: Paul Emge <paulemge@forallsecure.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
-                 h=232e2f4fd9a24bf08215ddc8c53ccadffc841fb5]
-
-CVE: CVE-2019-13103
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- disk/part_dos.c | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/disk/part_dos.c b/disk/part_dos.c
-index 936cee0d36..aae9d95906 100644
---- a/disk/part_dos.c
-+++ b/disk/part_dos.c
-@@ -23,6 +23,10 @@
- 
- #define DOS_PART_DEFAULT_SECTOR 512
- 
-+/* should this be configurable? It looks like it's not very common at all
-+ * to use large numbers of partitions */
-+#define MAX_EXT_PARTS 256
-+
- /* Convert char[4] in little endian format to the host format integer
-  */
- static inline unsigned int le32_to_int(unsigned char *le32)
-@@ -126,6 +130,13 @@ static void print_partition_extended(struct blk_desc *dev_desc,
- 	dos_partition_t *pt;
- 	int i;
- 
-+	/* set a maximum recursion level */
-+	if (part_num > MAX_EXT_PARTS)
-+	{
-+		printf("** Nested DOS partitions detected, stopping **\n");
-+		return;
-+    }
-+
- 	if (blk_dread(dev_desc, ext_part_sector, 1, (ulong *)buffer) != 1) {
- 		printf ("** Can't read partition table on %d:" LBAFU " **\n",
- 			dev_desc->devnum, ext_part_sector);
-@@ -191,6 +202,13 @@ static int part_get_info_extended(struct blk_desc *dev_desc,
- 	int i;
- 	int dos_type;
- 
-+	/* set a maximum recursion level */
-+	if (part_num > MAX_EXT_PARTS)
-+	{
-+		printf("** Nested DOS partitions detected, stopping **\n");
-+		return -1;
-+    }
-+
- 	if (blk_dread(dev_desc, ext_part_sector, 1, (ulong *)buffer) != 1) {
- 		printf ("** Can't read partition table on %d:" LBAFU " **\n",
- 			dev_desc->devnum, ext_part_sector);
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0001-include-env.h-Ensure-ulong-is-defined.patch b/poky/meta/recipes-bsp/u-boot/files/0001-include-env.h-Ensure-ulong-is-defined.patch
new file mode 100644
index 000000000..b9118164d
--- /dev/null
+++ b/poky/meta/recipes-bsp/u-boot/files/0001-include-env.h-Ensure-ulong-is-defined.patch
@@ -0,0 +1,31 @@
+From 0565a080d153d5baaaacfeb5045a832e126f4f9e Mon Sep 17 00:00:00 2001
+From: Alistair Francis <alistair.francis@wdc.com>
+Date: Mon, 14 Oct 2019 17:37:30 -0700
+Subject: [PATCH] include/env.h: Ensure ulong is defined
+
+To fix these failures when building with musl:
+   include/env.h:166:1: error: unknown type name 'ulong'; did you mean 'long'?
+ensure that ulong is defined.
+
+Upstream-Status: Pending
+Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
+---
+ include/env.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/include/env.h b/include/env.h
+index b72239f6a5..5ca49a3456 100644
+--- a/include/env.h
++++ b/include/env.h
+@@ -13,6 +13,8 @@
+ #include <stdbool.h>
+ #include <linux/types.h>
+ 
++typedef unsigned long           ulong;
++
+ struct environment_s;
+ 
+ /* Value for environment validity */
+-- 
+2.23.0
+
diff --git a/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch b/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch
deleted file mode 100644
index de122b27d..000000000
--- a/poky/meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 1d36545e43003f4b1bb3a303a3b468abd482fa2f Mon Sep 17 00:00:00 2001
-From: Paul Emge <paulemge@forallsecure.com>
-Date: Mon, 8 Jul 2019 16:37:05 -0700
-Subject: [PATCH 2/9] CVE-2019-13104: ext4: check for underflow in
- ext4fs_read_file
-
-in ext4fs_read_file, it is possible for a broken/malicious file
-system to cause a memcpy of a negative number of bytes, which
-overflows all memory. This patch fixes the issue by checking for
-a negative length.
-
-Signed-off-by: Paul Emge <paulemge@forallsecure.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
-                 h=878269dbe74229005dd7f27aca66c554e31dad8e]
-
-CVE: CVE-2019-13104
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- fs/ext4/ext4fs.c | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
-index 26db677a1f..c8c8655ed8 100644
---- a/fs/ext4/ext4fs.c
-+++ b/fs/ext4/ext4fs.c
-@@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
- 
- 	ext_cache_init(&cache);
- 
--	if (blocksize <= 0)
--		return -1;
--
- 	/* Adjust len so it we can't read past the end of the file. */
- 	if (len + pos > filesize)
- 		len = (filesize - pos);
- 
-+	if (blocksize <= 0 || len <= 0) {
-+		ext_cache_fini(&cache);
-+		return -1;
-+	}
-+
- 	blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);
- 
- 	for (i = lldiv(pos, blocksize); i < blockcnt; i++) {
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch b/poky/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch
deleted file mode 100644
index f525147e5..000000000
--- a/poky/meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 4e937d0de669ee69cf41c20494cbf66c339c3174 Mon Sep 17 00:00:00 2001
-From: Paul Emge <paulemge@forallsecure.com>
-Date: Mon, 8 Jul 2019 16:37:04 -0700
-Subject: [PATCH 3/9] CVE-2019-13105: ext4: fix double-free in ext4_cache_read
-
-ext_cache_read doesn't null cache->buf, after freeing, which results
-in a later function double-freeing it. This patch fixes
-ext_cache_read to call ext_cache_fini instead of free.
-
-Signed-off-by: Paul Emge <paulemge@forallsecure.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
-                 h=6e5a79de658cb1c8012c86e0837379aa6eabd024]
-
-CVE: CVE-2019-13105
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- fs/ext4/ext4fs.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
-index c8c8655ed8..e2b740cac4 100644
---- a/fs/ext4/ext4fs.c
-+++ b/fs/ext4/ext4fs.c
-@@ -288,7 +288,7 @@ int ext_cache_read(struct ext_block_cache *cache, lbaint_t block, int size)
- 	if (!cache->buf)
- 		return 0;
- 	if (!ext4fs_devread(block, 0, size, cache->buf)) {
--		free(cache->buf);
-+		ext_cache_fini(cache);
- 		return 0;
- 	}
- 	cache->block = block;
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch b/poky/meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch
deleted file mode 100644
index 8e1a1a994..000000000
--- a/poky/meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 1307dabf5422372483f840dda3963f9dbd2e8e6f Mon Sep 17 00:00:00 2001
-From: Paul Emge <paulemge@forallsecure.com>
-Date: Mon, 8 Jul 2019 16:37:07 -0700
-Subject: [PATCH 4/9] CVE-2019-13106: ext4: fix out-of-bounds memset
-
-In ext4fs_read_file in ext4fs.c, a memset can overwrite the bounds of
-the destination memory region. This patch adds a check to disallow
-this.
-
-Signed-off-by: Paul Emge <paulemge@forallsecure.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
-                 h=e205896c5383c938274262524adceb2775fb03ba]
-
-CVE: CVE-2019-13106
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- fs/ext4/ext4fs.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
-index e2b740cac4..37b31d9f0f 100644
---- a/fs/ext4/ext4fs.c
-+++ b/fs/ext4/ext4fs.c
-@@ -61,6 +61,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
- 	lbaint_t delayed_skipfirst = 0;
- 	lbaint_t delayed_next = 0;
- 	char *delayed_buf = NULL;
-+	char *start_buf = buf;
- 	short status;
- 	struct ext_block_cache cache;
- 
-@@ -139,6 +140,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
- 			}
- 		} else {
- 			int n;
-+			int n_left;
- 			if (previous_block_number != -1) {
- 				/* spill */
- 				status = ext4fs_devread(delayed_start,
-@@ -153,8 +155,9 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
- 			}
- 			/* Zero no more than `len' bytes. */
- 			n = blocksize - skipfirst;
--			if (n > len)
--				n = len;
-+			n_left = len - ( buf - start_buf );
-+			if (n > n_left)
-+				n = n_left;
- 			memset(buf, 0, n);
- 		}
- 		buf += blocksize - skipfirst;
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0005-CVE-2019-14192-14193-14199.patch b/poky/meta/recipes-bsp/u-boot/files/0005-CVE-2019-14192-14193-14199.patch
deleted file mode 100644
index a19545a2d..000000000
--- a/poky/meta/recipes-bsp/u-boot/files/0005-CVE-2019-14192-14193-14199.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From e8e602f4a4b2aacfb3da32bb8a838be15ea70e7b Mon Sep 17 00:00:00 2001
-From: "liucheng (G)" <liucheng32@huawei.com>
-Date: Thu, 29 Aug 2019 13:47:33 +0000
-Subject: [PATCH 5/9] CVE: net: fix unbounded memcpy of UDP packet
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds a check to udp_len to fix unbounded memcpy for
-CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199.
-
-Signed-off-by: Cheng Liu <liucheng32@huawei.com>
-Reviewed-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
-Reported-by: Fermín Serna <fermin@semmle.com>
-Acked-by: Joe Hershberger <joe.hershberger@ni.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
-                 h=fe7288069d2e6659117049f7d27e261b550bb725]
-
-CVE: CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- net/net.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/net.c b/net/net.c
-index 58b0417cbe..38105f1142 100644
---- a/net/net.c
-+++ b/net/net.c
-@@ -1252,6 +1252,9 @@ void net_process_received_packet(uchar *in_packet, int len)
- 			return;
- 		}
- 
-+		if (ntohs(ip->udp_len) < UDP_HDR_SIZE || ntohs(ip->udp_len) > ntohs(ip->ip_len))
-+			return;
-+
- 		debug_cond(DEBUG_DEV_PKT,
- 			   "received UDP (to=%pI4, from=%pI4, len=%d)\n",
- 			   &dst_ip, &src_ip, len);
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch b/poky/meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch
deleted file mode 100644
index 04a09e46d..000000000
--- a/poky/meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 261658ddaf24bb35edd477cf09ec055569fd9894 Mon Sep 17 00:00:00 2001
-From: "liucheng (G)" <liucheng32@huawei.com>
-Date: Thu, 29 Aug 2019 13:47:40 +0000
-Subject: [PATCH 6/9] CVE: nfs: fix stack-based buffer overflow in some
- nfs_handler reply helper functions
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds a check to nfs_handler to fix buffer overflow for CVE-2019-14197,
-CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204.
-
-Signed-off-by: Cheng Liu <liucheng32@huawei.com>
-Reported-by: Fermín Serna <fermin@semmle.com>
-Acked-by: Joe Hershberger <joe.hershberger@ni.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
-                 h=741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21]
-
-CVE: CVE-2019-14197, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202,
-     CVE-2019-14203 and CVE-2019-14204
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- net/nfs.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/nfs.c b/net/nfs.c
-index d6a7f8e827..b7cf3b3a18 100644
---- a/net/nfs.c
-+++ b/net/nfs.c
-@@ -732,6 +732,9 @@ static void nfs_handler(uchar *pkt, unsigned dest, struct in_addr sip,
- 
- 	debug("%s\n", __func__);
- 
-+	if (len > sizeof(struct rpc_t))
-+		return;
-+
- 	if (dest != nfs_our_port)
- 		return;
- 
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0007-CVE-2019-14194-14198.patch b/poky/meta/recipes-bsp/u-boot/files/0007-CVE-2019-14194-14198.patch
deleted file mode 100644
index b3e3b72eb..000000000
--- a/poky/meta/recipes-bsp/u-boot/files/0007-CVE-2019-14194-14198.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From fb6dc193bf2685b7574b218f7ca558aa54659e11 Mon Sep 17 00:00:00 2001
-From: "liucheng (G)" <liucheng32@huawei.com>
-Date: Thu, 29 Aug 2019 13:47:48 +0000
-Subject: [PATCH 7/9] CVE-2019-14194/CVE-2019-14198: nfs: fix unbounded memcpy
- with a failed length check at nfs_read_reply
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds a check to rpc_pkt.u.reply.data at nfs_read_reply.
-
-Signed-off-by: Cheng Liu <liucheng32@huawei.com>
-Reported-by: Fermín Serna <fermin@semmle.com>
-Acked-by: Joe Hershberger <joe.hershberger@ni.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
-                 h=aa207cf3a6d68f39d64cd29057a4fb63943e9078]
-
-CVE: CVE-2019-14194 and CVE-2019-14198
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- net/nfs.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/nfs.c b/net/nfs.c
-index b7cf3b3a18..11941fad1a 100644
---- a/net/nfs.c
-+++ b/net/nfs.c
-@@ -701,6 +701,9 @@ static int nfs_read_reply(uchar *pkt, unsigned len)
- 			&(rpc_pkt.u.reply.data[4 + nfsv3_data_offset]);
- 	}
- 
-+	if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + rlen) > len)
-+			return -9999;
-+
- 	if (store_block(data_ptr, nfs_offset, rlen))
- 			return -9999;
- 
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0008-CVE-2019-14195.patch b/poky/meta/recipes-bsp/u-boot/files/0008-CVE-2019-14195.patch
deleted file mode 100644
index bf9fb0ef5..000000000
--- a/poky/meta/recipes-bsp/u-boot/files/0008-CVE-2019-14195.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 2236973b8a173ff54ae1ebf8ec2300928e69bd1b Mon Sep 17 00:00:00 2001
-From: "liucheng (G)" <liucheng32@huawei.com>
-Date: Thu, 29 Aug 2019 13:47:54 +0000
-Subject: [PATCH 8/9] CVE-2019-14195: nfs: fix unbounded memcpy with
- unvalidated length at nfs_readlink_reply
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds a check to rpc_pkt.u.reply.data at nfs_readlink_reply.
-
-Signed-off-by: Cheng Liu <liucheng32@huawei.com>
-Reported-by: Fermín Serna <fermin@semmle.com>
-Acked-by: Joe Hershberger <joe.hershberger@ni.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
-                 h=cf3a4f1e86ecdd24f87b615051b49d8e1968c230]
-
-CVE: CVE-2019-14195
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- net/nfs.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/nfs.c b/net/nfs.c
-index 11941fad1a..915acd95cf 100644
---- a/net/nfs.c
-+++ b/net/nfs.c
-@@ -634,6 +634,9 @@ static int nfs_readlink_reply(uchar *pkt, unsigned len)
- 	/* new path length */
- 	rlen = ntohl(rpc_pkt.u.reply.data[1 + nfsv3_data_offset]);
- 
-+	if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + rlen) > len)
-+		return -NFS_RPC_DROP;
-+
- 	if (*((char *)&(rpc_pkt.u.reply.data[2 + nfsv3_data_offset])) != '/') {
- 		int pathlen;
- 
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/files/0009-CVE-2019-14196.patch b/poky/meta/recipes-bsp/u-boot/files/0009-CVE-2019-14196.patch
deleted file mode 100644
index f06e02529..000000000
--- a/poky/meta/recipes-bsp/u-boot/files/0009-CVE-2019-14196.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 74c468caa95c86cdb12c4b8073e154c435ac0bf7 Mon Sep 17 00:00:00 2001
-From: "liucheng (G)" <liucheng32@huawei.com>
-Date: Thu, 29 Aug 2019 13:48:02 +0000
-Subject: [PATCH 9/9] CVE-2019-14196: nfs: fix unbounded memcpy with a failed
- length check at nfs_lookup_reply
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch adds a check to rpc_pkt.u.reply.data at nfs_lookup_reply.
-
-Signed-off-by: Cheng Liu <liucheng32@huawei.com>
-Reported-by: Fermín Serna <fermin@semmle.com>
-Acked-by: Joe Hershberger <joe.hershberger@ni.com>
-
-Upstream-Status: Backport[http://git.denx.de/?p=u-boot.git;a=commit;
-                 h=5d14ee4e53a81055d34ba280cb8fd90330f22a96]
-
-CVE: CVE-2019-14196
-
-Signed-off-by: Meng Li <Meng.Li@windriver.com>
----
- net/nfs.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/net/nfs.c b/net/nfs.c
-index 915acd95cf..89952aeb66 100644
---- a/net/nfs.c
-+++ b/net/nfs.c
-@@ -566,11 +566,15 @@ static int nfs_lookup_reply(uchar *pkt, unsigned len)
- 	}
- 
- 	if (supported_nfs_versions & NFSV2_FLAG) {
-+		if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + NFS_FHSIZE) > len)
-+			return -NFS_RPC_DROP;
- 		memcpy(filefh, rpc_pkt.u.reply.data + 1, NFS_FHSIZE);
- 	} else {  /* NFSV3_FLAG */
- 		filefh3_length = ntohl(rpc_pkt.u.reply.data[1]);
- 		if (filefh3_length > NFS3_FHSIZE)
- 			filefh3_length  = NFS3_FHSIZE;
-+		if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + filefh3_length) > len)
-+			return -NFS_RPC_DROP;
- 		memcpy(filefh, rpc_pkt.u.reply.data + 2, filefh3_length);
- 	}
- 
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
index f63dfa3b7..c3e458e92 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
+++ b/poky/meta/recipes-bsp/u-boot/u-boot-common.inc
@@ -12,18 +12,9 @@ PE = "1"
 
 # We use the revision in order to avoid having to fetch it from the
 # repo during parse
-SRCREV = "e5aee22e4be75e75a854ab64503fc80598bc2004"
+SRCREV = "61ba1244b548463dbfb3c5285b6b22e7c772c5bd"
 
 SRC_URI = "git://git.denx.de/u-boot.git \
-           file://0001-CVE-2019-13103.patch \
-           file://0002-CVE-2019-13104.patch \
-           file://0003-CVE-2019-13105.patch \
-           file://0004-CVE-2019-13106.patch \
-           file://0005-CVE-2019-14192-14193-14199.patch \
-           file://0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch \
-           file://0007-CVE-2019-14194-14198.patch \
-           file://0008-CVE-2019-14195.patch \
-           file://0009-CVE-2019-14196.patch \
-"
+          "
 
 S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-fw-utils_2019.07.bb b/poky/meta/recipes-bsp/u-boot/u-boot-fw-utils_2019.10.bb
index b5ce56847..04321b7b6 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot-fw-utils_2019.07.bb
+++ b/poky/meta/recipes-bsp/u-boot/u-boot-fw-utils_2019.10.bb
@@ -3,6 +3,8 @@ require u-boot-common.inc
 SUMMARY = "U-Boot bootloader fw_printenv/setenv utilities"
 DEPENDS += "mtd-utils"
 
+SRC_URI += "file://0001-include-env.h-Ensure-ulong-is-defined.patch"
+
 INSANE_SKIP_${PN} = "already-stripped"
 EXTRA_OEMAKE_class-target = 'CROSS_COMPILE=${TARGET_PREFIX} CC="${CC} ${CFLAGS} ${LDFLAGS}" HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" V=1'
 EXTRA_OEMAKE_class-cross = 'HOSTCC="${CC} ${CFLAGS} ${LDFLAGS}" V=1'
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2019.10.bb
index bede984ef..bede984ef 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot-tools_2019.07.bb
+++ b/poky/meta/recipes-bsp/u-boot/u-boot-tools_2019.10.bb
diff --git a/poky/meta/recipes-bsp/u-boot/u-boot_2019.07.bb b/poky/meta/recipes-bsp/u-boot/u-boot_2019.10.bb
index 02d67c0db..02d67c0db 100644
--- a/poky/meta/recipes-bsp/u-boot/u-boot_2019.07.bb
+++ b/poky/meta/recipes-bsp/u-boot/u-boot_2019.10.bb
diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch b/poky/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch
new file mode 100644
index 000000000..2fed99e1b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch
@@ -0,0 +1,64 @@
+Backport patch to fix CVE-2019-6471.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2019-6471
+
+CVE: CVE-2019-6471
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/3a9c7bb]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 3a9c7bb80d4a609b86427406d9dd783199920b5b Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 19 Mar 2019 14:14:21 +1100
+Subject: [PATCH] move item_out test inside lock in dns_dispatch_getnext()
+
+(cherry picked from commit 60c42f849d520564ed42e5ed0ba46b4b69c07712)
+---
+ lib/dns/dispatch.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
+index 408beda367..3278db4a07 100644
+--- a/lib/dns/dispatch.c
++++ b/lib/dns/dispatch.c
+@@ -134,7 +134,7 @@ struct dns_dispentry {
+ 	isc_task_t		       *task;
+ 	isc_taskaction_t		action;
+ 	void			       *arg;
+-	bool			item_out;
++	bool				item_out;
+ 	dispsocket_t			*dispsocket;
+ 	ISC_LIST(dns_dispatchevent_t)	items;
+ 	ISC_LINK(dns_dispentry_t)	link;
+@@ -3422,13 +3422,14 @@ dns_dispatch_getnext(dns_dispentry_t *resp, dns_dispatchevent_t **sockevent) {
+ 	disp = resp->disp;
+ 	REQUIRE(VALID_DISPATCH(disp));
+ 
+-	REQUIRE(resp->item_out == true);
+-	resp->item_out = false;
+-
+ 	ev = *sockevent;
+ 	*sockevent = NULL;
+ 
+ 	LOCK(&disp->lock);
++
++	REQUIRE(resp->item_out == true);
++	resp->item_out = false;
++
+ 	if (ev->buffer.base != NULL)
+ 		free_buffer(disp, ev->buffer.base, ev->buffer.length);
+ 	free_devent(disp, ev);
+@@ -3573,6 +3574,9 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp,
+ 		isc_task_send(disp->task[0], &disp->ctlevent);
+ }
+ 
++/*
++ * disp must be locked.
++ */
+ static void
+ do_cancel(dns_dispatch_t *disp) {
+ 	dns_dispatchevent_t *ev;
+-- 
+2.20.1
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch b/poky/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch
new file mode 100644
index 000000000..48ae125f8
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0001-fix-enforcement-of-tcp-clients-v1.patch
@@ -0,0 +1,60 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ec2d50d]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From ec2d50da8d81814640e28593d912f4b96c7efece Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
+Date: Thu, 3 Jan 2019 14:17:43 +0100
+Subject: [PATCH 1/6] fix enforcement of tcp-clients (v1)
+
+tcp-clients settings could be exceeded in some cases by
+creating more and more active TCP clients that are over
+the set quota limit, which in the end could lead to a
+DoS attack by e.g. exhaustion of file descriptors.
+
+If TCP client we're closing went over the quota (so it's
+not attached to a quota) mark it as mortal - so that it
+will be destroyed and not set up to listen for new
+connections - unless it's the last client for a specific
+interface.
+
+(cherry picked from commit f97131d21b97381cef72b971b157345c1f9b4115)
+(cherry picked from commit 9689ffc485df8f971f0ad81ab8ab1f5389493776)
+---
+ bin/named/client.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index d482da7121..0739dd48af 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -421,8 +421,19 @@ exit_check(ns_client_t *client) {
+ 			isc_socket_detach(&client->tcpsocket);
+ 		}
+ 
+-		if (client->tcpquota != NULL)
++		if (client->tcpquota != NULL) {
+ 			isc_quota_detach(&client->tcpquota);
++		} else {
++			/*
++			 * We went over quota with this client, we don't
++			 * want to restart listening unless this is the
++			 * last client on this interface, which is
++			 * checked later.
++			 */
++			if (TCP_CLIENT(client)) {
++				client->mortal = true;
++			}
++		}
+ 
+ 		if (client->timerset) {
+ 			(void)isc_timer_reset(client->timer,
+-- 
+2.20.1
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch b/poky/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch
new file mode 100644
index 000000000..ca4e8b1a6
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0002-tcp-clients-could-still-be-exceeded-v2.patch
@@ -0,0 +1,670 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/719f604]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 719f604e3fad5b7479bd14e2fa0ef4413f0a8fdc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Witold=20Kr=C4=99cicki?= <wpk@isc.org>
+Date: Fri, 4 Jan 2019 12:50:51 +0100
+Subject: [PATCH 2/6] tcp-clients could still be exceeded (v2)
+
+the TCP client quota could still be ineffective under some
+circumstances.  this change:
+
+- improves quota accounting to ensure that TCP clients are
+  properly limited, while still guaranteeing that at least one client
+  is always available to serve TCP connections on each interface.
+- uses more descriptive names and removes one (ntcptarget) that
+  was no longer needed
+- adds comments
+
+(cherry picked from commit 924651f1d5e605cd186d03f4f7340bcc54d77cc2)
+(cherry picked from commit 55a7a458e30e47874d34bdf1079eb863a0512396)
+---
+ bin/named/client.c                     | 311 ++++++++++++++++++++-----
+ bin/named/include/named/client.h       |  14 +-
+ bin/named/include/named/interfacemgr.h |  11 +-
+ bin/named/interfacemgr.c               |   8 +-
+ 4 files changed, 267 insertions(+), 77 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index 0739dd48af..a7b49a0f71 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -246,10 +246,11 @@ static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
+ static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 			       dns_dispatch_t *disp, bool tcp);
+ static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp,
+-			       isc_socket_t *sock);
++			       isc_socket_t *sock, ns_client_t *oldclient);
+ static inline bool
+-allowed(isc_netaddr_t *addr, dns_name_t *signer, isc_netaddr_t *ecs_addr,
+-	uint8_t ecs_addrlen, uint8_t *ecs_scope, dns_acl_t *acl);
++allowed(isc_netaddr_t *addr, dns_name_t *signer,
++	isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen,
++	uint8_t *ecs_scope, dns_acl_t *acl)
+ static void compute_cookie(ns_client_t *client, uint32_t when,
+ 			   uint32_t nonce, const unsigned char *secret,
+ 			   isc_buffer_t *buf);
+@@ -405,8 +406,11 @@ exit_check(ns_client_t *client) {
+ 		 */
+ 		INSIST(client->recursionquota == NULL);
+ 		INSIST(client->newstate <= NS_CLIENTSTATE_READY);
+-		if (client->nreads > 0)
++
++		if (client->nreads > 0) {
+ 			dns_tcpmsg_cancelread(&client->tcpmsg);
++		}
++
+ 		if (client->nreads != 0) {
+ 			/* Still waiting for read cancel completion. */
+ 			return (true);
+@@ -416,25 +420,58 @@ exit_check(ns_client_t *client) {
+ 			dns_tcpmsg_invalidate(&client->tcpmsg);
+ 			client->tcpmsg_valid = false;
+ 		}
++
+ 		if (client->tcpsocket != NULL) {
+ 			CTRACE("closetcp");
+ 			isc_socket_detach(&client->tcpsocket);
++
++			if (client->tcpactive) {
++				LOCK(&client->interface->lock);
++				INSIST(client->interface->ntcpactive > 0);
++				client->interface->ntcpactive--;
++				UNLOCK(&client->interface->lock);
++				client->tcpactive = false;
++			}
+ 		}
+ 
+ 		if (client->tcpquota != NULL) {
+-			isc_quota_detach(&client->tcpquota);
+-		} else {
+ 			/*
+-			 * We went over quota with this client, we don't
+-			 * want to restart listening unless this is the
+-			 * last client on this interface, which is
+-			 * checked later.
++			 * If we are not in a pipeline group, or
++			 * we are the last client in the group, detach from
++			 * tcpquota; otherwise, transfer the quota to
++			 * another client in the same group.
+ 			 */
+-			if (TCP_CLIENT(client)) {
+-				client->mortal = true;
++			if (!ISC_LINK_LINKED(client, glink) ||
++			    (client->glink.next == NULL &&
++			     client->glink.prev == NULL))
++			{
++				isc_quota_detach(&client->tcpquota);
++			} else if (client->glink.next != NULL) {
++				INSIST(client->glink.next->tcpquota == NULL);
++				client->glink.next->tcpquota = client->tcpquota;
++				client->tcpquota = NULL;
++			} else {
++				INSIST(client->glink.prev->tcpquota == NULL);
++				client->glink.prev->tcpquota = client->tcpquota;
++				client->tcpquota = NULL;
+ 			}
+ 		}
+ 
++		/*
++		 * Unlink from pipeline group.
++		 */
++		if (ISC_LINK_LINKED(client, glink)) {
++			if (client->glink.next != NULL) {
++				client->glink.next->glink.prev =
++					client->glink.prev;
++			}
++			if (client->glink.prev != NULL) {
++				client->glink.prev->glink.next =
++					client->glink.next;
++			}
++			ISC_LINK_INIT(client, glink);
++		}
++
+ 		if (client->timerset) {
+ 			(void)isc_timer_reset(client->timer,
+ 					      isc_timertype_inactive,
+@@ -455,15 +492,16 @@ exit_check(ns_client_t *client) {
+ 		 * that already.  Check whether this client needs to remain
+ 		 * active and force it to go inactive if not.
+ 		 *
+-		 * UDP clients go inactive at this point, but TCP clients
+-		 * may remain active if we have fewer active TCP client
+-		 * objects than desired due to an earlier quota exhaustion.
++		 * UDP clients go inactive at this point, but a TCP client
++		 * will needs to remain active if no other clients are
++		 * listening for TCP requests on this interface, to
++		 * prevent this interface from going nonresponsive.
+ 		 */
+ 		if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
+ 			LOCK(&client->interface->lock);
+-			if (client->interface->ntcpcurrent <
+-				    client->interface->ntcptarget)
++			if (client->interface->ntcpaccepting == 0) {
+ 				client->mortal = false;
++			}
+ 			UNLOCK(&client->interface->lock);
+ 		}
+ 
+@@ -472,15 +510,17 @@ exit_check(ns_client_t *client) {
+ 		 * queue for recycling.
+ 		 */
+ 		if (client->mortal) {
+-			if (client->newstate > NS_CLIENTSTATE_INACTIVE)
++			if (client->newstate > NS_CLIENTSTATE_INACTIVE) {
+ 				client->newstate = NS_CLIENTSTATE_INACTIVE;
++			}
+ 		}
+ 
+ 		if (NS_CLIENTSTATE_READY == client->newstate) {
+ 			if (TCP_CLIENT(client)) {
+ 				client_accept(client);
+-			} else
++			} else {
+ 				client_udprecv(client);
++			}
+ 			client->newstate = NS_CLIENTSTATE_MAX;
+ 			return (true);
+ 		}
+@@ -492,41 +532,57 @@ exit_check(ns_client_t *client) {
+ 		/*
+ 		 * We are trying to enter the inactive state.
+ 		 */
+-		if (client->naccepts > 0)
++		if (client->naccepts > 0) {
+ 			isc_socket_cancel(client->tcplistener, client->task,
+ 					  ISC_SOCKCANCEL_ACCEPT);
++		}
+ 
+ 		/* Still waiting for accept cancel completion. */
+-		if (! (client->naccepts == 0))
++		if (! (client->naccepts == 0)) {
+ 			return (true);
++		}
+ 
+ 		/* Accept cancel is complete. */
+-		if (client->nrecvs > 0)
++		if (client->nrecvs > 0) {
+ 			isc_socket_cancel(client->udpsocket, client->task,
+ 					  ISC_SOCKCANCEL_RECV);
++		}
+ 
+ 		/* Still waiting for recv cancel completion. */
+-		if (! (client->nrecvs == 0))
++		if (! (client->nrecvs == 0)) {
+ 			return (true);
++		}
+ 
+ 		/* Still waiting for control event to be delivered */
+-		if (client->nctls > 0)
++		if (client->nctls > 0) {
+ 			return (true);
+-
+-		/* Deactivate the client. */
+-		if (client->interface)
+-			ns_interface_detach(&client->interface);
++		}
+ 
+ 		INSIST(client->naccepts == 0);
+ 		INSIST(client->recursionquota == NULL);
+-		if (client->tcplistener != NULL)
++		if (client->tcplistener != NULL) {
+ 			isc_socket_detach(&client->tcplistener);
+ 
+-		if (client->udpsocket != NULL)
++			if (client->tcpactive) {
++				LOCK(&client->interface->lock);
++				INSIST(client->interface->ntcpactive > 0);
++				client->interface->ntcpactive--;
++				UNLOCK(&client->interface->lock);
++				client->tcpactive = false;
++			}
++		}
++		if (client->udpsocket != NULL) {
+ 			isc_socket_detach(&client->udpsocket);
++		}
+ 
+-		if (client->dispatch != NULL)
++		/* Deactivate the client. */
++		if (client->interface != NULL) {
++			ns_interface_detach(&client->interface);
++		}
++
++		if (client->dispatch != NULL) {
+ 			dns_dispatch_detach(&client->dispatch);
++		}
+ 
+ 		client->attributes = 0;
+ 		client->mortal = false;
+@@ -551,10 +607,13 @@ exit_check(ns_client_t *client) {
+ 			client->newstate = NS_CLIENTSTATE_MAX;
+ 			if (!ns_g_clienttest && manager != NULL &&
+ 			    !manager->exiting)
++			{
+ 				ISC_QUEUE_PUSH(manager->inactive, client,
+ 					       ilink);
+-			if (client->needshutdown)
++			}
++			if (client->needshutdown) {
+ 				isc_task_shutdown(client->task);
++			}
+ 			return (true);
+ 		}
+ 	}
+@@ -675,7 +734,6 @@ client_start(isc_task_t *task, isc_event_t *event) {
+ 	}
+ }
+ 
+-
+ /*%
+  * The client's task has received a shutdown event.
+  */
+@@ -2507,17 +2565,12 @@ client_request(isc_task_t *task, isc_event_t *event) {
+ 	/*
+ 	 * Pipeline TCP query processing.
+ 	 */
+-	if (client->message->opcode != dns_opcode_query)
++	if (client->message->opcode != dns_opcode_query) {
+ 		client->pipelined = false;
++	}
+ 	if (TCP_CLIENT(client) && client->pipelined) {
+-		result = isc_quota_reserve(&ns_g_server->tcpquota);
+-		if (result == ISC_R_SUCCESS)
+-			result = ns_client_replace(client);
++		result = ns_client_replace(client);
+ 		if (result != ISC_R_SUCCESS) {
+-			ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+-				      NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
+-				      "no more TCP clients(read): %s",
+-				      isc_result_totext(result));
+ 			client->pipelined = false;
+ 		}
+ 	}
+@@ -3087,6 +3140,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	client->filter_aaaa = dns_aaaa_ok;
+ #endif
+ 	client->needshutdown = ns_g_clienttest;
++	client->tcpactive = false;
+ 
+ 	ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
+ 		       NS_EVENT_CLIENTCONTROL, client_start, client, client,
+@@ -3100,6 +3154,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	client->formerrcache.id = 0;
+ 	ISC_LINK_INIT(client, link);
+ 	ISC_LINK_INIT(client, rlink);
++	ISC_LINK_INIT(client, glink);
+ 	ISC_QLINK_INIT(client, ilink);
+ 	client->keytag = NULL;
+ 	client->keytag_len = 0;
+@@ -3193,12 +3248,19 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 
+ 	INSIST(client->state == NS_CLIENTSTATE_READY);
+ 
++	/*
++	 * The accept() was successful and we're now establishing a new
++	 * connection. We need to make note of it in the client and
++	 * interface objects so client objects can do the right thing
++	 * when going inactive in exit_check() (see comments in
++	 * client_accept() for details).
++	 */
+ 	INSIST(client->naccepts == 1);
+ 	client->naccepts--;
+ 
+ 	LOCK(&client->interface->lock);
+-	INSIST(client->interface->ntcpcurrent > 0);
+-	client->interface->ntcpcurrent--;
++	INSIST(client->interface->ntcpaccepting > 0);
++	client->interface->ntcpaccepting--;
+ 	UNLOCK(&client->interface->lock);
+ 
+ 	/*
+@@ -3232,6 +3294,9 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ 			      "accept failed: %s",
+ 			      isc_result_totext(nevent->result));
++		if (client->tcpquota != NULL) {
++			isc_quota_detach(&client->tcpquota);
++		}
+ 	}
+ 
+ 	if (exit_check(client))
+@@ -3270,18 +3335,12 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 		 * deny service to legitimate TCP clients.
+ 		 */
+ 		client->pipelined = false;
+-		result = isc_quota_attach(&ns_g_server->tcpquota,
+-					  &client->tcpquota);
+-		if (result == ISC_R_SUCCESS)
+-			result = ns_client_replace(client);
+-		if (result != ISC_R_SUCCESS) {
+-			ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+-				      NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
+-				      "no more TCP clients(accept): %s",
+-				      isc_result_totext(result));
+-		} else if (ns_g_server->keepresporder == NULL ||
+-			   !allowed(&netaddr, NULL, NULL, 0, NULL,
+-				    ns_g_server->keepresporder)) {
++		result = ns_client_replace(client);
++		if (result == ISC_R_SUCCESS &&
++		    (client->sctx->keepresporder == NULL ||
++		     !allowed(&netaddr, NULL, NULL, 0, NULL,
++			      ns_g_server->keepresporder)))
++		{
+ 			client->pipelined = true;
+ 		}
+ 
+@@ -3298,12 +3357,80 @@ client_accept(ns_client_t *client) {
+ 
+ 	CTRACE("accept");
+ 
++	/*
++	 * The tcpquota object can only be simultaneously referenced a
++	 * pre-defined number of times; this is configured by 'tcp-clients'
++	 * in named.conf. If we can't attach to it here, that means the TCP
++	 * client quota has been exceeded.
++	 */
++	result = isc_quota_attach(&client->sctx->tcpquota,
++				  &client->tcpquota);
++	if (result != ISC_R_SUCCESS) {
++			bool exit;
++
++			ns_client_log(client, NS_LOGCATEGORY_CLIENT,
++				      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
++				      "no more TCP clients: %s",
++				      isc_result_totext(result));
++
++			/*
++			 * We have exceeded the system-wide TCP client
++			 * quota.  But, we can't just block this accept
++			 * in all cases, because if we did, a heavy TCP
++			 * load on other interfaces might cause this
++			 * interface to be starved, with no clients able
++			 * to accept new connections.
++			 *
++			 * So, we check here to see if any other client
++			 * is already servicing TCP queries on this
++			 * interface (whether accepting, reading, or
++			 * processing).
++			 *
++			 * If so, then it's okay *not* to call
++			 * accept - we can let this client to go inactive
++			 * and the other one handle the next connection
++			 * when it's ready.
++			 *
++			 * But if not, then we need to be a little bit
++			 * flexible about the quota. We allow *one* extra
++			 * TCP client through, to ensure we're listening on
++			 * every interface.
++			 *
++			 * (Note: In practice this means that the *real*
++			 * TCP client quota is tcp-clients plus the number
++			 * of interfaces.)
++			 */
++			LOCK(&client->interface->lock);
++			exit = (client->interface->ntcpactive > 0);
++			UNLOCK(&client->interface->lock);
++
++			if (exit) {
++				client->newstate = NS_CLIENTSTATE_INACTIVE;
++				(void)exit_check(client);
++				return;
++			}
++	}
++
++	/*
++	 * By incrementing the interface's ntcpactive counter we signal
++	 * that there is at least one client servicing TCP queries for the
++	 * interface.
++	 *
++	 * We also make note of the fact in the client itself with the
++	 * tcpactive flag. This ensures proper accounting by preventing
++	 * us from accidentally incrementing or decrementing ntcpactive
++	 * more than once per client object.
++	 */
++	if (!client->tcpactive) {
++		LOCK(&client->interface->lock);
++		client->interface->ntcpactive++;
++		UNLOCK(&client->interface->lock);
++		client->tcpactive = true;
++	}
++
+ 	result = isc_socket_accept(client->tcplistener, client->task,
+ 				   client_newconn, client);
+ 	if (result != ISC_R_SUCCESS) {
+-		UNEXPECTED_ERROR(__FILE__, __LINE__,
+-				 "isc_socket_accept() failed: %s",
+-				 isc_result_totext(result));
+ 		/*
+ 		 * XXXRTH  What should we do?  We're trying to accept but
+ 		 *	   it didn't work.  If we just give up, then TCP
+@@ -3311,12 +3438,39 @@ client_accept(ns_client_t *client) {
+ 		 *
+ 		 *	   For now, we just go idle.
+ 		 */
++		UNEXPECTED_ERROR(__FILE__, __LINE__,
++				 "isc_socket_accept() failed: %s",
++				 isc_result_totext(result));
++		if (client->tcpquota != NULL) {
++			isc_quota_detach(&client->tcpquota);
++		}
+ 		return;
+ 	}
++
++	/*
++	 * The client's 'naccepts' counter indicates that this client has
++	 * called accept() and is waiting for a new connection. It should
++	 * never exceed 1.
++	 */
+ 	INSIST(client->naccepts == 0);
+ 	client->naccepts++;
++
++	/*
++	 * The interface's 'ntcpaccepting' counter is incremented when
++	 * any client calls accept(), and decremented in client_newconn()
++	 * once the connection is established.
++	 *
++	 * When the client object is shutting down after handling a TCP
++	 * request (see exit_check()), it looks to see whether this value is
++	 * non-zero. If so, that means another client has already called
++	 * accept() and is waiting to establish the next connection, which
++	 * means the first client is free to go inactive. Otherwise,
++	 * the first client must come back and call accept() again; this
++	 * guarantees there will always be at least one client listening
++	 * for new TCP connections on each interface.
++	 */
+ 	LOCK(&client->interface->lock);
+-	client->interface->ntcpcurrent++;
++	client->interface->ntcpaccepting++;
+ 	UNLOCK(&client->interface->lock);
+ }
+ 
+@@ -3390,13 +3544,14 @@ ns_client_replace(ns_client_t *client) {
+ 	tcp = TCP_CLIENT(client);
+ 	if (tcp && client->pipelined) {
+ 		result = get_worker(client->manager, client->interface,
+-				    client->tcpsocket);
++				    client->tcpsocket, client);
+ 	} else {
+ 		result = get_client(client->manager, client->interface,
+ 				    client->dispatch, tcp);
+ 	}
+-	if (result != ISC_R_SUCCESS)
++	if (result != ISC_R_SUCCESS) {
+ 		return (result);
++	}
+ 
+ 	/*
+ 	 * The responsibility for listening for new requests is hereby
+@@ -3585,6 +3740,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 		client->attributes |= NS_CLIENTATTR_TCP;
+ 		isc_socket_attach(ifp->tcpsocket,
+ 				  &client->tcplistener);
++
+ 	} else {
+ 		isc_socket_t *sock;
+ 
+@@ -3602,7 +3758,8 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ }
+ 
+ static isc_result_t
+-get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
++get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
++	   ns_client_t *oldclient)
+ {
+ 	isc_result_t result = ISC_R_SUCCESS;
+ 	isc_event_t *ev;
+@@ -3610,6 +3767,7 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
+ 	MTRACE("get worker");
+ 
+ 	REQUIRE(manager != NULL);
++	REQUIRE(oldclient != NULL);
+ 
+ 	if (manager->exiting)
+ 		return (ISC_R_SHUTTINGDOWN);
+@@ -3642,7 +3800,28 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
+ 	ns_interface_attach(ifp, &client->interface);
+ 	client->newstate = client->state = NS_CLIENTSTATE_WORKING;
+ 	INSIST(client->recursionquota == NULL);
+-	client->tcpquota = &ns_g_server->tcpquota;
++
++	/*
++	 * Transfer TCP quota to the new client.
++	 */
++	INSIST(client->tcpquota == NULL);
++	INSIST(oldclient->tcpquota != NULL);
++	client->tcpquota = oldclient->tcpquota;
++	oldclient->tcpquota = NULL;
++
++	/*
++	 * Link to a pipeline group, creating it if needed.
++	 */
++	if (!ISC_LINK_LINKED(oldclient, glink)) {
++		oldclient->glink.next = NULL;
++		oldclient->glink.prev = NULL;
++	}
++	client->glink.next = oldclient->glink.next;
++	client->glink.prev = oldclient;
++	if (oldclient->glink.next != NULL) {
++		oldclient->glink.next->glink.prev = client;
++	}
++	oldclient->glink.next = client;
+ 
+ 	client->dscp = ifp->dscp;
+ 
+@@ -3656,6 +3835,12 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock)
+ 	(void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr);
+ 	client->peeraddr_valid = true;
+ 
++	LOCK(&client->interface->lock);
++	client->interface->ntcpactive++;
++	UNLOCK(&client->interface->lock);
++
++	client->tcpactive = true;
++
+ 	INSIST(client->tcpmsg_valid == false);
+ 	dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg);
+ 	client->tcpmsg_valid = true;
+diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
+index b23a7b191d..1f7973f9c5 100644
+--- a/bin/named/include/named/client.h
++++ b/bin/named/include/named/client.h
+@@ -94,7 +94,8 @@ struct ns_client {
+ 	int			nupdates;
+ 	int			nctls;
+ 	int			references;
+-	bool		needshutdown; 	/*
++	bool			tcpactive;
++	bool			needshutdown; 	/*
+ 						 * Used by clienttest to get
+ 						 * the client to go from
+ 						 * inactive to free state
+@@ -130,9 +131,9 @@ struct ns_client {
+ 	isc_stdtime_t		now;
+ 	isc_time_t		tnow;
+ 	dns_name_t		signername;   /*%< [T]SIG key name */
+-	dns_name_t *		signer;	      /*%< NULL if not valid sig */
+-	bool		mortal;	      /*%< Die after handling request */
+-	bool		pipelined;   /*%< TCP queries not in sequence */
++	dns_name_t		*signer;      /*%< NULL if not valid sig */
++	bool			mortal;	      /*%< Die after handling request */
++	bool			pipelined;   /*%< TCP queries not in sequence */
+ 	isc_quota_t		*tcpquota;
+ 	isc_quota_t		*recursionquota;
+ 	ns_interface_t		*interface;
+@@ -143,8 +144,8 @@ struct ns_client {
+ 	isc_sockaddr_t		destsockaddr;
+ 
+ 	isc_netaddr_t		ecs_addr;	/*%< EDNS client subnet */
+-	uint8_t		ecs_addrlen;
+-	uint8_t		ecs_scope;
++	uint8_t			ecs_addrlen;
++	uint8_t			ecs_scope;
+ 
+ 	struct in6_pktinfo	pktinfo;
+ 	isc_dscp_t		dscp;
+@@ -166,6 +167,7 @@ struct ns_client {
+ 
+ 	ISC_LINK(ns_client_t)	link;
+ 	ISC_LINK(ns_client_t)	rlink;
++	ISC_LINK(ns_client_t)	glink;
+ 	ISC_QLINK(ns_client_t)	ilink;
+ 	unsigned char		cookie[8];
+ 	uint32_t		expire;
+diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
+index 7d1883e1e8..61b08826a6 100644
+--- a/bin/named/include/named/interfacemgr.h
++++ b/bin/named/include/named/interfacemgr.h
+@@ -77,9 +77,14 @@ struct ns_interface {
+ 						/*%< UDP dispatchers. */
+ 	isc_socket_t *		tcpsocket;	/*%< TCP socket. */
+ 	isc_dscp_t		dscp;		/*%< "listen-on" DSCP value */
+-	int			ntcptarget;	/*%< Desired number of concurrent
+-						     TCP accepts */
+-	int			ntcpcurrent;	/*%< Current ditto, locked */
++	int			ntcpaccepting;	/*%< Number of clients
++						     ready to accept new
++						     TCP connections on this
++						     interface */
++	int			ntcpactive;	/*%< Number of clients
++						     servicing TCP queries
++						     (whether accepting or
++						     connected) */
+ 	int			nudpdispatch;	/*%< Number of UDP dispatches */
+ 	ns_clientmgr_t *	clientmgr;	/*%< Client manager. */
+ 	ISC_LINK(ns_interface_t) link;
+diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
+index 419927bf54..955096ef47 100644
+--- a/bin/named/interfacemgr.c
++++ b/bin/named/interfacemgr.c
+@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
+ 	 * connections will be handled in parallel even though there is
+ 	 * only one client initially.
+ 	 */
+-	ifp->ntcptarget = 1;
+-	ifp->ntcpcurrent = 0;
++	ifp->ntcpaccepting = 0;
++	ifp->ntcpactive = 0;
+ 	ifp->nudpdispatch = 0;
+ 
+ 	ifp->dscp = -1;
+@@ -522,9 +522,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
+ 	 */
+ 	(void)isc_socket_filter(ifp->tcpsocket, "dataready");
+ 
+-	result = ns_clientmgr_createclients(ifp->clientmgr,
+-					    ifp->ntcptarget, ifp,
+-					    true);
++	result = ns_clientmgr_createclients(ifp->clientmgr, 1, ifp, true);
+ 	if (result != ISC_R_SUCCESS) {
+ 		UNEXPECTED_ERROR(__FILE__, __LINE__,
+ 				 "TCP ns_clientmgr_createclients(): %s",
+-- 
+2.20.1
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch b/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch
new file mode 100644
index 000000000..032cfb8c4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0003-use-reference-counter-for-pipeline-groups-v3.patch
@@ -0,0 +1,278 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/366b4e1]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 366b4e1ede8aed690e981e07137cb1cb77879c36 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
+Date: Thu, 17 Jan 2019 15:53:38 +0100
+Subject: [PATCH 3/6] use reference counter for pipeline groups (v3)
+
+Track pipeline groups using a shared reference counter
+instead of a linked list.
+
+(cherry picked from commit 513afd33eb17d5dc41a3f0d2d38204ef8c5f6f91)
+(cherry picked from commit 9446629b730c59c4215f08d37fbaf810282fbccb)
+---
+ bin/named/client.c               | 171 ++++++++++++++++++++-----------
+ bin/named/include/named/client.h |   2 +-
+ 2 files changed, 110 insertions(+), 63 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index a7b49a0f71..277656cef0 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -299,6 +299,75 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
+ 	}
+ }
+ 
++/*%
++ * Allocate a reference counter that will track the number of client structures
++ * using the TCP connection that 'client' called accept() for.  This counter
++ * will be shared between all client structures associated with this TCP
++ * connection.
++ */
++static void
++pipeline_init(ns_client_t *client) {
++	isc_refcount_t *refs;
++
++	REQUIRE(client->pipeline_refs == NULL);
++
++	/*
++	 * A global memory context is used for the allocation as different
++	 * client structures may have different memory contexts assigned and a
++	 * reference counter allocated here might need to be freed by a
++	 * different client.  The performance impact caused by memory context
++	 * contention here is expected to be negligible, given that this code
++	 * is only executed for TCP connections.
++	 */
++	refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs));
++	isc_refcount_init(refs, 1);
++	client->pipeline_refs = refs;
++}
++
++/*%
++ * Increase the count of client structures using the TCP connection that
++ * 'source' is associated with and put a pointer to that count in 'target',
++ * thus associating it with the same TCP connection.
++ */
++static void
++pipeline_attach(ns_client_t *source, ns_client_t *target) {
++	int old_refs;
++
++	REQUIRE(source->pipeline_refs != NULL);
++	REQUIRE(target->pipeline_refs == NULL);
++
++	old_refs = isc_refcount_increment(source->pipeline_refs);
++	INSIST(old_refs > 0);
++	target->pipeline_refs = source->pipeline_refs;
++}
++
++/*%
++ * Decrease the count of client structures using the TCP connection that
++ * 'client' is associated with.  If this is the last client using this TCP
++ * connection, free the reference counter and return true; otherwise, return
++ * false.
++ */
++static bool
++pipeline_detach(ns_client_t *client) {
++	isc_refcount_t *refs;
++	int old_refs;
++
++	REQUIRE(client->pipeline_refs != NULL);
++
++	refs = client->pipeline_refs;
++	client->pipeline_refs = NULL;
++
++	old_refs = isc_refcount_decrement(refs);
++	INSIST(old_refs > 0);
++
++	if (old_refs == 1) {
++		isc_mem_free(client->sctx->mctx, refs);
++		return (true);
++	}
++
++	return (false);
++}
++
+ /*%
+  * Check for a deactivation or shutdown request and take appropriate
+  * action.  Returns true if either is in progress; in this case
+@@ -421,6 +490,40 @@ exit_check(ns_client_t *client) {
+ 			client->tcpmsg_valid = false;
+ 		}
+ 
++		if (client->tcpquota != NULL) {
++			if (client->pipeline_refs == NULL ||
++			    pipeline_detach(client))
++			{
++				/*
++				 * Only detach from the TCP client quota if
++				 * there are no more client structures using
++				 * this TCP connection.
++				 *
++				 * Note that we check 'pipeline_refs' and not
++				 * 'pipelined' because in some cases (e.g.
++				 * after receiving a request with an opcode
++				 * different than QUERY) 'pipelined' is set to
++				 * false after the reference counter gets
++				 * allocated in pipeline_init() and we must
++				 * still drop our reference as failing to do so
++				 * would prevent the reference counter itself
++				 * from being freed.
++				 */
++				isc_quota_detach(&client->tcpquota);
++			} else {
++				/*
++				 * There are other client structures using this
++				 * TCP connection, so we cannot detach from the
++				 * TCP client quota to prevent excess TCP
++				 * connections from being accepted.  However,
++				 * this client structure might later be reused
++				 * for accepting new connections and thus must
++				 * have its 'tcpquota' field set to NULL.
++				 */
++				client->tcpquota = NULL;
++			}
++		}
++
+ 		if (client->tcpsocket != NULL) {
+ 			CTRACE("closetcp");
+ 			isc_socket_detach(&client->tcpsocket);
+@@ -434,44 +537,6 @@ exit_check(ns_client_t *client) {
+ 			}
+ 		}
+ 
+-		if (client->tcpquota != NULL) {
+-			/*
+-			 * If we are not in a pipeline group, or
+-			 * we are the last client in the group, detach from
+-			 * tcpquota; otherwise, transfer the quota to
+-			 * another client in the same group.
+-			 */
+-			if (!ISC_LINK_LINKED(client, glink) ||
+-			    (client->glink.next == NULL &&
+-			     client->glink.prev == NULL))
+-			{
+-				isc_quota_detach(&client->tcpquota);
+-			} else if (client->glink.next != NULL) {
+-				INSIST(client->glink.next->tcpquota == NULL);
+-				client->glink.next->tcpquota = client->tcpquota;
+-				client->tcpquota = NULL;
+-			} else {
+-				INSIST(client->glink.prev->tcpquota == NULL);
+-				client->glink.prev->tcpquota = client->tcpquota;
+-				client->tcpquota = NULL;
+-			}
+-		}
+-
+-		/*
+-		 * Unlink from pipeline group.
+-		 */
+-		if (ISC_LINK_LINKED(client, glink)) {
+-			if (client->glink.next != NULL) {
+-				client->glink.next->glink.prev =
+-					client->glink.prev;
+-			}
+-			if (client->glink.prev != NULL) {
+-				client->glink.prev->glink.next =
+-					client->glink.next;
+-			}
+-			ISC_LINK_INIT(client, glink);
+-		}
+-
+ 		if (client->timerset) {
+ 			(void)isc_timer_reset(client->timer,
+ 					      isc_timertype_inactive,
+@@ -3130,6 +3195,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	dns_name_init(&client->signername, NULL);
+ 	client->mortal = false;
+ 	client->pipelined = false;
++	client->pipeline_refs = NULL;
+ 	client->tcpquota = NULL;
+ 	client->recursionquota = NULL;
+ 	client->interface = NULL;
+@@ -3154,7 +3220,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	client->formerrcache.id = 0;
+ 	ISC_LINK_INIT(client, link);
+ 	ISC_LINK_INIT(client, rlink);
+-	ISC_LINK_INIT(client, glink);
+ 	ISC_QLINK_INIT(client, ilink);
+ 	client->keytag = NULL;
+ 	client->keytag_len = 0;
+@@ -3341,6 +3406,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 		     !allowed(&netaddr, NULL, NULL, 0, NULL,
+ 			      ns_g_server->keepresporder)))
+ 		{
++			pipeline_init(client);
+ 			client->pipelined = true;
+ 		}
+ 
+@@ -3800,35 +3866,16 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
+ 	ns_interface_attach(ifp, &client->interface);
+ 	client->newstate = client->state = NS_CLIENTSTATE_WORKING;
+ 	INSIST(client->recursionquota == NULL);
+-
+-	/*
+-	 * Transfer TCP quota to the new client.
+-	 */
+-	INSIST(client->tcpquota == NULL);
+-	INSIST(oldclient->tcpquota != NULL);
+-	client->tcpquota = oldclient->tcpquota;
+-	oldclient->tcpquota = NULL;
+-
+-	/*
+-	 * Link to a pipeline group, creating it if needed.
+-	 */
+-	if (!ISC_LINK_LINKED(oldclient, glink)) {
+-		oldclient->glink.next = NULL;
+-		oldclient->glink.prev = NULL;
+-	}
+-	client->glink.next = oldclient->glink.next;
+-	client->glink.prev = oldclient;
+-	if (oldclient->glink.next != NULL) {
+-		oldclient->glink.next->glink.prev = client;
+-	}
+-	oldclient->glink.next = client;
++	client->tcpquota = &client->sctx->tcpquota;
+ 
+ 	client->dscp = ifp->dscp;
+ 
+ 	client->attributes |= NS_CLIENTATTR_TCP;
+-	client->pipelined = true;
+ 	client->mortal = true;
+ 
++	pipeline_attach(oldclient, client);
++	client->pipelined = true;
++
+ 	isc_socket_attach(ifp->tcpsocket, &client->tcplistener);
+ 	isc_socket_attach(sock, &client->tcpsocket);
+ 	isc_socket_setname(client->tcpsocket, "worker-tcp", NULL);
+diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
+index 1f7973f9c5..aeed9ccdda 100644
+--- a/bin/named/include/named/client.h
++++ b/bin/named/include/named/client.h
+@@ -134,6 +134,7 @@ struct ns_client {
+ 	dns_name_t		*signer;      /*%< NULL if not valid sig */
+ 	bool			mortal;	      /*%< Die after handling request */
+ 	bool			pipelined;   /*%< TCP queries not in sequence */
++	isc_refcount_t		*pipeline_refs;
+ 	isc_quota_t		*tcpquota;
+ 	isc_quota_t		*recursionquota;
+ 	ns_interface_t		*interface;
+@@ -167,7 +168,6 @@ struct ns_client {
+ 
+ 	ISC_LINK(ns_client_t)	link;
+ 	ISC_LINK(ns_client_t)	rlink;
+-	ISC_LINK(ns_client_t)	glink;
+ 	ISC_QLINK(ns_client_t)	ilink;
+ 	unsigned char		cookie[8];
+ 	uint32_t		expire;
+-- 
+2.20.1
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch b/poky/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch
new file mode 100644
index 000000000..034ab1330
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0004-better-tcpquota-accounting-and-client-mortality-chec.patch
@@ -0,0 +1,512 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/2ab8a08]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 2ab8a085b3c666f28f1f9229bd6ecb59915b26c3 Mon Sep 17 00:00:00 2001
+From: Evan Hunt <each@isc.org>
+Date: Fri, 5 Apr 2019 16:12:18 -0700
+Subject: [PATCH 4/6] better tcpquota accounting and client mortality checks
+
+- ensure that tcpactive is cleaned up correctly when accept() fails.
+- set 'client->tcpattached' when the client is attached to the tcpquota.
+  carry this value on to new clients sharing the same pipeline group.
+  don't call isc_quota_detach() on the tcpquota unless tcpattached is
+  set.  this way clients that were allowed to accept TCP connections
+  despite being over quota (and therefore, were never attached to the
+  quota) will not inadvertently detach from it and mess up the
+  accounting.
+- simplify the code for tcpquota disconnection by using a new function
+  tcpquota_disconnect().
+- before deciding whether to reject a new connection due to quota
+  exhaustion, check to see whether there are at least two active
+  clients. previously, this was "at least one", but that could be
+  insufficient if there was one other client in READING state (waiting
+  for messages on an open connection) but none in READY (listening
+  for new connections).
+- before deciding whether a TCP client object can to go inactive, we
+  must ensure there are enough other clients to maintain service
+  afterward -- both accepting new connections and reading/processing new
+  queries.  A TCP client can't shut down unless at least one
+  client is accepting new connections and (in the case of pipelined
+  clients) at least one additional client is waiting to read.
+
+(cherry picked from commit c7394738b2445c16f728a88394864dd61baad900)
+(cherry picked from commit e965d5f11d3d0f6d59704e614fceca2093cb1856)
+(cherry picked from commit 87d431161450777ea093821212abfb52d51b36e3)
+---
+ bin/named/client.c               | 244 +++++++++++++++++++------------
+ bin/named/include/named/client.h |   3 +-
+ 2 files changed, 152 insertions(+), 95 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index 277656cef0..61e96dd28c 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -244,13 +244,14 @@ static void client_start(isc_task_t *task, isc_event_t *event);
+ static void client_request(isc_task_t *task, isc_event_t *event);
+ static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
+ static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+-			       dns_dispatch_t *disp, bool tcp);
++			       dns_dispatch_t *disp, ns_client_t *oldclient,
++			       bool tcp);
+ static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 			       isc_socket_t *sock, ns_client_t *oldclient);
+ static inline bool
+ allowed(isc_netaddr_t *addr, dns_name_t *signer,
+ 	isc_netaddr_t *ecs_addr, uint8_t ecs_addrlen,
+-	uint8_t *ecs_scope, dns_acl_t *acl)
++	uint8_t *ecs_scope, dns_acl_t *acl);
+ static void compute_cookie(ns_client_t *client, uint32_t when,
+ 			   uint32_t nonce, const unsigned char *secret,
+ 			   isc_buffer_t *buf);
+@@ -319,7 +320,7 @@ pipeline_init(ns_client_t *client) {
+ 	 * contention here is expected to be negligible, given that this code
+ 	 * is only executed for TCP connections.
+ 	 */
+-	refs = isc_mem_allocate(client->sctx->mctx, sizeof(*refs));
++	refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs));
+ 	isc_refcount_init(refs, 1);
+ 	client->pipeline_refs = refs;
+ }
+@@ -331,13 +332,13 @@ pipeline_init(ns_client_t *client) {
+  */
+ static void
+ pipeline_attach(ns_client_t *source, ns_client_t *target) {
+-	int old_refs;
++	int refs;
+ 
+ 	REQUIRE(source->pipeline_refs != NULL);
+ 	REQUIRE(target->pipeline_refs == NULL);
+ 
+-	old_refs = isc_refcount_increment(source->pipeline_refs);
+-	INSIST(old_refs > 0);
++	isc_refcount_increment(source->pipeline_refs, &refs);
++	INSIST(refs > 1);
+ 	target->pipeline_refs = source->pipeline_refs;
+ }
+ 
+@@ -349,25 +350,51 @@ pipeline_attach(ns_client_t *source, ns_client_t *target) {
+  */
+ static bool
+ pipeline_detach(ns_client_t *client) {
+-	isc_refcount_t *refs;
+-	int old_refs;
++	isc_refcount_t *refcount;
++	int refs;
+ 
+ 	REQUIRE(client->pipeline_refs != NULL);
+ 
+-	refs = client->pipeline_refs;
++	refcount = client->pipeline_refs;
+ 	client->pipeline_refs = NULL;
+ 
+-	old_refs = isc_refcount_decrement(refs);
+-	INSIST(old_refs > 0);
++	isc_refcount_decrement(refcount, refs);
+ 
+-	if (old_refs == 1) {
+-		isc_mem_free(client->sctx->mctx, refs);
++	if (refs == 0) {
++		isc_mem_free(ns_g_mctx, refs);
+ 		return (true);
+ 	}
+ 
+ 	return (false);
+ }
+ 
++/*
++ * Detach a client from the TCP client quota if appropriate, and set
++ * the quota pointer to NULL.
++ *
++ * Sometimes when the TCP client quota is exhausted but there are no other
++ * clients servicing the interface, a client will be allowed to continue
++ * running despite not having been attached to the quota. In this event,
++ * the TCP quota was never attached to the client, so when the client (or
++ * associated pipeline group) shuts down, the quota must NOT be detached.
++ *
++ * Otherwise, if the quota pointer is set, it should be detached. If not
++ * set at all, we just return without doing anything.
++ */
++static void
++tcpquota_disconnect(ns_client_t *client) {
++	if (client->tcpquota == NULL) {
++		return;
++	}
++
++	if (client->tcpattached) {
++		isc_quota_detach(&client->tcpquota);
++		client->tcpattached = false;
++	} else {
++		client->tcpquota = NULL;
++	}
++}
++
+ /*%
+  * Check for a deactivation or shutdown request and take appropriate
+  * action.  Returns true if either is in progress; in this case
+@@ -490,38 +517,31 @@ exit_check(ns_client_t *client) {
+ 			client->tcpmsg_valid = false;
+ 		}
+ 
+-		if (client->tcpquota != NULL) {
+-			if (client->pipeline_refs == NULL ||
+-			    pipeline_detach(client))
+-			{
+-				/*
+-				 * Only detach from the TCP client quota if
+-				 * there are no more client structures using
+-				 * this TCP connection.
+-				 *
+-				 * Note that we check 'pipeline_refs' and not
+-				 * 'pipelined' because in some cases (e.g.
+-				 * after receiving a request with an opcode
+-				 * different than QUERY) 'pipelined' is set to
+-				 * false after the reference counter gets
+-				 * allocated in pipeline_init() and we must
+-				 * still drop our reference as failing to do so
+-				 * would prevent the reference counter itself
+-				 * from being freed.
+-				 */
+-				isc_quota_detach(&client->tcpquota);
+-			} else {
+-				/*
+-				 * There are other client structures using this
+-				 * TCP connection, so we cannot detach from the
+-				 * TCP client quota to prevent excess TCP
+-				 * connections from being accepted.  However,
+-				 * this client structure might later be reused
+-				 * for accepting new connections and thus must
+-				 * have its 'tcpquota' field set to NULL.
+-				 */
+-				client->tcpquota = NULL;
+-			}
++		/*
++		 * Detach from pipeline group and from TCP client quota,
++		 * if appropriate.
++		 *
++		 * - If no pipeline group is active, attempt to
++		 *   detach from the TCP client quota.
++		 *
++		 * - If a pipeline group is active, detach from it;
++		 *   if the return code indicates that there no more
++		 *   clients left if this pipeline group, we also detach
++		 *   from the TCP client quota.
++		 *
++		 * - Otherwise we don't try to detach, we just set the
++		 *   TCP quota pointer to NULL if it wasn't NULL already.
++		 *
++		 * tcpquota_disconnect() will set tcpquota to NULL, either
++		 * by detaching it or by assignment, depending on the
++		 * needs of the client. See the comments on that function
++		 * for further information.
++		 */
++		if (client->pipeline_refs == NULL || pipeline_detach(client)) {
++			tcpquota_disconnect(client);
++		} else {
++			client->tcpquota = NULL;
++			client->tcpattached = false;
+ 		}
+ 
+ 		if (client->tcpsocket != NULL) {
+@@ -544,8 +564,6 @@ exit_check(ns_client_t *client) {
+ 			client->timerset = false;
+ 		}
+ 
+-		client->pipelined = false;
+-
+ 		client->peeraddr_valid = false;
+ 
+ 		client->state = NS_CLIENTSTATE_READY;
+@@ -558,18 +576,27 @@ exit_check(ns_client_t *client) {
+ 		 * active and force it to go inactive if not.
+ 		 *
+ 		 * UDP clients go inactive at this point, but a TCP client
+-		 * will needs to remain active if no other clients are
+-		 * listening for TCP requests on this interface, to
+-		 * prevent this interface from going nonresponsive.
++		 * may need to remain active and go into ready state if
++		 * no other clients are available to listen for TCP
++		 * requests on this interface or (in the case of pipelined
++		 * clients) to read for additional messages on the current
++		 * connection.
+ 		 */
+ 		if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
+ 			LOCK(&client->interface->lock);
+-			if (client->interface->ntcpaccepting == 0) {
++			if ((client->interface->ntcpaccepting == 0 ||
++			    (client->pipelined &&
++			     client->interface->ntcpactive < 2)) &&
++			    client->newstate != NS_CLIENTSTATE_FREED)
++			{
+ 				client->mortal = false;
++				client->newstate = NS_CLIENTSTATE_READY;
+ 			}
+ 			UNLOCK(&client->interface->lock);
+ 		}
+ 
++		client->pipelined = false;
++
+ 		/*
+ 		 * We don't need the client; send it to the inactive
+ 		 * queue for recycling.
+@@ -2634,6 +2661,18 @@ client_request(isc_task_t *task, isc_event_t *event) {
+ 		client->pipelined = false;
+ 	}
+ 	if (TCP_CLIENT(client) && client->pipelined) {
++		/*
++		 * We're pipelining. Replace the client; the
++		 * the replacement can read the TCP socket looking
++		 * for new messages and this client can process the
++		 * current message asynchronously.
++		 *
++		 * There are now at least three clients using this
++		 * TCP socket - one accepting new connections,
++		 * one reading an existing connection to get new
++		 * messages, and one answering the message already
++		 * received.
++		 */
+ 		result = ns_client_replace(client);
+ 		if (result != ISC_R_SUCCESS) {
+ 			client->pipelined = false;
+@@ -3197,6 +3236,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	client->pipelined = false;
+ 	client->pipeline_refs = NULL;
+ 	client->tcpquota = NULL;
++	client->tcpattached = false;
+ 	client->recursionquota = NULL;
+ 	client->interface = NULL;
+ 	client->peeraddr_valid = false;
+@@ -3359,9 +3399,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ 			      "accept failed: %s",
+ 			      isc_result_totext(nevent->result));
+-		if (client->tcpquota != NULL) {
+-			isc_quota_detach(&client->tcpquota);
+-		}
++		tcpquota_disconnect(client);
+ 	}
+ 
+ 	if (exit_check(client))
+@@ -3402,7 +3440,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 		client->pipelined = false;
+ 		result = ns_client_replace(client);
+ 		if (result == ISC_R_SUCCESS &&
+-		    (client->sctx->keepresporder == NULL ||
++		    (ns_g_server->keepresporder == NULL ||
+ 		     !allowed(&netaddr, NULL, NULL, 0, NULL,
+ 			      ns_g_server->keepresporder)))
+ 		{
+@@ -3429,7 +3467,7 @@ client_accept(ns_client_t *client) {
+ 	 * in named.conf. If we can't attach to it here, that means the TCP
+ 	 * client quota has been exceeded.
+ 	 */
+-	result = isc_quota_attach(&client->sctx->tcpquota,
++	result = isc_quota_attach(&ns_g_server->tcpquota,
+ 				  &client->tcpquota);
+ 	if (result != ISC_R_SUCCESS) {
+ 			bool exit;
+@@ -3447,27 +3485,27 @@ client_accept(ns_client_t *client) {
+ 			 * interface to be starved, with no clients able
+ 			 * to accept new connections.
+ 			 *
+-			 * So, we check here to see if any other client
+-			 * is already servicing TCP queries on this
++			 * So, we check here to see if any other clients
++			 * are already servicing TCP queries on this
+ 			 * interface (whether accepting, reading, or
+-			 * processing).
+-			 *
+-			 * If so, then it's okay *not* to call
+-			 * accept - we can let this client to go inactive
+-			 * and the other one handle the next connection
+-			 * when it's ready.
++			 * processing). If there are at least two
++			 * (one reading and one processing a request)
++			 * then it's okay *not* to call accept - we
++			 * can let this client go inactive and another
++			 * one will resume accepting when it's done.
+ 			 *
+-			 * But if not, then we need to be a little bit
+-			 * flexible about the quota. We allow *one* extra
+-			 * TCP client through, to ensure we're listening on
+-			 * every interface.
++			 * If there aren't enough active clients on the
++			 * interface, then we can be a little bit
++			 * flexible about the quota. We'll allow *one*
++			 * extra client through to ensure we're listening
++			 * on every interface.
+ 			 *
+-			 * (Note: In practice this means that the *real*
+-			 * TCP client quota is tcp-clients plus the number
+-			 * of interfaces.)
++			 * (Note: In practice this means that the real
++			 * TCP client quota is tcp-clients plus the
++			 * number of listening interfaces plus 2.)
+ 			 */
+ 			LOCK(&client->interface->lock);
+-			exit = (client->interface->ntcpactive > 0);
++			exit = (client->interface->ntcpactive > 1);
+ 			UNLOCK(&client->interface->lock);
+ 
+ 			if (exit) {
+@@ -3475,6 +3513,9 @@ client_accept(ns_client_t *client) {
+ 				(void)exit_check(client);
+ 				return;
+ 			}
++
++	} else {
++		client->tcpattached = true;
+ 	}
+ 
+ 	/*
+@@ -3507,9 +3548,16 @@ client_accept(ns_client_t *client) {
+ 		UNEXPECTED_ERROR(__FILE__, __LINE__,
+ 				 "isc_socket_accept() failed: %s",
+ 				 isc_result_totext(result));
+-		if (client->tcpquota != NULL) {
+-			isc_quota_detach(&client->tcpquota);
++
++		tcpquota_disconnect(client);
++
++		if (client->tcpactive) {
++			LOCK(&client->interface->lock);
++			client->interface->ntcpactive--;
++			UNLOCK(&client->interface->lock);
++			client->tcpactive = false;
+ 		}
++
+ 		return;
+ 	}
+ 
+@@ -3527,13 +3575,12 @@ client_accept(ns_client_t *client) {
+ 	 * once the connection is established.
+ 	 *
+ 	 * When the client object is shutting down after handling a TCP
+-	 * request (see exit_check()), it looks to see whether this value is
+-	 * non-zero. If so, that means another client has already called
+-	 * accept() and is waiting to establish the next connection, which
+-	 * means the first client is free to go inactive. Otherwise,
+-	 * the first client must come back and call accept() again; this
+-	 * guarantees there will always be at least one client listening
+-	 * for new TCP connections on each interface.
++	 * request (see exit_check()), if this value is at least one, that
++	 * means another client has called accept() and is waiting to
++	 * establish the next connection. That means the client may be
++	 * be free to become inactive; otherwise it may need to start
++	 * listening for connections itself to prevent the interface
++	 * going dead.
+ 	 */
+ 	LOCK(&client->interface->lock);
+ 	client->interface->ntcpaccepting++;
+@@ -3613,19 +3660,19 @@ ns_client_replace(ns_client_t *client) {
+ 				    client->tcpsocket, client);
+ 	} else {
+ 		result = get_client(client->manager, client->interface,
+-				    client->dispatch, tcp);
++				    client->dispatch, client, tcp);
++
++		/*
++		 * The responsibility for listening for new requests is hereby
++		 * transferred to the new client.  Therefore, the old client
++		 * should refrain from listening for any more requests.
++		 */
++		client->mortal = true;
+ 	}
+ 	if (result != ISC_R_SUCCESS) {
+ 		return (result);
+ 	}
+ 
+-	/*
+-	 * The responsibility for listening for new requests is hereby
+-	 * transferred to the new client.  Therefore, the old client
+-	 * should refrain from listening for any more requests.
+-	 */
+-	client->mortal = true;
+-
+ 	return (ISC_R_SUCCESS);
+ }
+ 
+@@ -3759,7 +3806,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
+ 
+ static isc_result_t
+ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+-	   dns_dispatch_t *disp, bool tcp)
++	   dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp)
+ {
+ 	isc_result_t result = ISC_R_SUCCESS;
+ 	isc_event_t *ev;
+@@ -3803,6 +3850,16 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 	client->dscp = ifp->dscp;
+ 
+ 	if (tcp) {
++		client->tcpattached = false;
++		if (oldclient != NULL) {
++			client->tcpattached = oldclient->tcpattached;
++		}
++
++		LOCK(&client->interface->lock);
++		client->interface->ntcpactive++;
++		UNLOCK(&client->interface->lock);
++		client->tcpactive = true;
++
+ 		client->attributes |= NS_CLIENTATTR_TCP;
+ 		isc_socket_attach(ifp->tcpsocket,
+ 				  &client->tcplistener);
+@@ -3866,7 +3923,8 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
+ 	ns_interface_attach(ifp, &client->interface);
+ 	client->newstate = client->state = NS_CLIENTSTATE_WORKING;
+ 	INSIST(client->recursionquota == NULL);
+-	client->tcpquota = &client->sctx->tcpquota;
++	client->tcpquota = &ns_g_server->tcpquota;
++	client->tcpattached = oldclient->tcpattached;
+ 
+ 	client->dscp = ifp->dscp;
+ 
+@@ -3885,7 +3943,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
+ 	LOCK(&client->interface->lock);
+ 	client->interface->ntcpactive++;
+ 	UNLOCK(&client->interface->lock);
+-
+ 	client->tcpactive = true;
+ 
+ 	INSIST(client->tcpmsg_valid == false);
+@@ -3913,7 +3970,8 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
+ 	MTRACE("createclients");
+ 
+ 	for (disp = 0; disp < n; disp++) {
+-		result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp);
++		result = get_client(manager, ifp, ifp->udpdispatch[disp],
++				    NULL, tcp);
+ 		if (result != ISC_R_SUCCESS)
+ 			break;
+ 	}
+diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
+index aeed9ccdda..e2c40acd28 100644
+--- a/bin/named/include/named/client.h
++++ b/bin/named/include/named/client.h
+@@ -9,8 +9,6 @@
+  * information regarding copyright ownership.
+  */
+ 
+-/* $Id: client.h,v 1.96 2012/01/31 23:47:31 tbox Exp $ */
+-
+ #ifndef NAMED_CLIENT_H
+ #define NAMED_CLIENT_H 1
+ 
+@@ -136,6 +134,7 @@ struct ns_client {
+ 	bool			pipelined;   /*%< TCP queries not in sequence */
+ 	isc_refcount_t		*pipeline_refs;
+ 	isc_quota_t		*tcpquota;
++	bool			tcpattached;
+ 	isc_quota_t		*recursionquota;
+ 	ns_interface_t		*interface;
+ 
+-- 
+2.20.1
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch b/poky/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch
new file mode 100644
index 000000000..987e75bc0
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch
@@ -0,0 +1,911 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/c47ccf6]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From c47ccf630f147378568b33e8fdb7b754f228c346 Mon Sep 17 00:00:00 2001
+From: Evan Hunt <each@isc.org>
+Date: Fri, 5 Apr 2019 16:26:05 -0700
+Subject: [PATCH 5/6] refactor tcpquota and pipeline refs; allow special-case
+ overrun in isc_quota
+
+- if the TCP quota has been exceeded but there are no clients listening
+  for new connections on the interface, we can now force attachment to the
+  quota using isc_quota_force(), instead of carrying on with the quota not
+  attached.
+- the TCP client quota is now referenced via a reference-counted
+  'ns_tcpconn' object, one of which is created whenever a client begins
+  listening for new connections, and attached to by members of that
+  client's pipeline group. when the last reference to the tcpconn
+  object is detached, it is freed and the TCP quota slot is released.
+- reduce code duplication by adding mark_tcp_active() function.
+- convert counters to atomic.
+
+(cherry picked from commit 7e8222378ca24f1302a0c1c638565050ab04681b)
+(cherry picked from commit 4939451275722bfda490ea86ca13e84f6bc71e46)
+(cherry picked from commit 13f7c918b8720d890408f678bd73c20e634539d9)
+---
+ bin/named/client.c                     | 444 +++++++++++--------------
+ bin/named/include/named/client.h       |  12 +-
+ bin/named/include/named/interfacemgr.h |   6 +-
+ bin/named/interfacemgr.c               |   1 +
+ lib/isc/include/isc/quota.h            |   7 +
+ lib/isc/quota.c                        |  33 +-
+ lib/isc/win32/libisc.def.in            |   1 +
+ 7 files changed, 236 insertions(+), 268 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index 61e96dd28c..d826ab32bf 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -244,8 +244,7 @@ static void client_start(isc_task_t *task, isc_event_t *event);
+ static void client_request(isc_task_t *task, isc_event_t *event);
+ static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
+ static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+-			       dns_dispatch_t *disp, ns_client_t *oldclient,
+-			       bool tcp);
++			       dns_dispatch_t *disp, bool tcp);
+ static isc_result_t get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 			       isc_socket_t *sock, ns_client_t *oldclient);
+ static inline bool
+@@ -301,16 +300,32 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
+ }
+ 
+ /*%
+- * Allocate a reference counter that will track the number of client structures
+- * using the TCP connection that 'client' called accept() for.  This counter
+- * will be shared between all client structures associated with this TCP
+- * connection.
++ * Allocate a reference-counted object that will maintain a single pointer to
++ * the (also reference-counted) TCP client quota, shared between all the
++ * clients processing queries on a single TCP connection, so that all
++ * clients sharing the one socket will together consume only one slot in
++ * the 'tcp-clients' quota.
+  */
+-static void
+-pipeline_init(ns_client_t *client) {
+-	isc_refcount_t *refs;
++static isc_result_t
++tcpconn_init(ns_client_t *client, bool force) {
++	isc_result_t result;
++	isc_quota_t *quota = NULL;
++	ns_tcpconn_t *tconn = NULL;
+ 
+-	REQUIRE(client->pipeline_refs == NULL);
++	REQUIRE(client->tcpconn == NULL);
++
++	/*
++	 * Try to attach to the quota first, so we won't pointlessly
++	 * allocate memory for a tcpconn object if we can't get one.
++	 */
++	if (force) {
++		result = isc_quota_force(&ns_g_server->tcpquota, &quota);
++	} else {
++		result = isc_quota_attach(&ns_g_server->tcpquota, &quota);
++	}
++	if (result != ISC_R_SUCCESS) {
++		return (result);
++	}
+ 
+ 	/*
+ 	 * A global memory context is used for the allocation as different
+@@ -320,78 +335,80 @@ pipeline_init(ns_client_t *client) {
+ 	 * contention here is expected to be negligible, given that this code
+ 	 * is only executed for TCP connections.
+ 	 */
+-	refs = isc_mem_allocate(ns_g_mctx, sizeof(*refs));
+-	isc_refcount_init(refs, 1);
+-	client->pipeline_refs = refs;
++	tconn = isc_mem_allocate(ns_g_mctx, sizeof(*tconn));
++
++	isc_refcount_init(&tconn->refs, 1);
++	tconn->tcpquota = quota;
++	quota = NULL;
++	tconn->pipelined = false;
++
++	client->tcpconn = tconn;
++
++	return (ISC_R_SUCCESS);
+ }
+ 
+ /*%
+- * Increase the count of client structures using the TCP connection that
+- * 'source' is associated with and put a pointer to that count in 'target',
+- * thus associating it with the same TCP connection.
++ * Increase the count of client structures sharing the TCP connection
++ * that 'source' is associated with; add a pointer to the same tcpconn
++ * to 'target', thus associating it with the same TCP connection.
+  */
+ static void
+-pipeline_attach(ns_client_t *source, ns_client_t *target) {
++tcpconn_attach(ns_client_t *source, ns_client_t *target) {
+ 	int refs;
+ 
+-	REQUIRE(source->pipeline_refs != NULL);
+-	REQUIRE(target->pipeline_refs == NULL);
++	REQUIRE(source->tcpconn != NULL);
++	REQUIRE(target->tcpconn == NULL);
++	REQUIRE(source->tcpconn->pipelined);
+ 
+-	isc_refcount_increment(source->pipeline_refs, &refs);
++	isc_refcount_increment(&source->tcpconn->refs, &refs);
+ 	INSIST(refs > 1);
+-	target->pipeline_refs = source->pipeline_refs;
++	target->tcpconn = source->tcpconn;
+ }
+ 
+ /*%
+- * Decrease the count of client structures using the TCP connection that
++ * Decrease the count of client structures sharing the TCP connection that
+  * 'client' is associated with.  If this is the last client using this TCP
+- * connection, free the reference counter and return true; otherwise, return
+- * false.
++ * connection, we detach from the TCP quota and free the tcpconn
++ * object. Either way, client->tcpconn is set to NULL.
+  */
+-static bool
+-pipeline_detach(ns_client_t *client) {
+-	isc_refcount_t *refcount;
++static void
++tcpconn_detach(ns_client_t *client) {
++	ns_tcpconn_t *tconn = NULL;
+ 	int refs;
+ 
+-	REQUIRE(client->pipeline_refs != NULL);
+-
+-	refcount = client->pipeline_refs;
+-	client->pipeline_refs = NULL;
++	REQUIRE(client->tcpconn != NULL);
+ 
+-	isc_refcount_decrement(refcount, refs);
++	tconn = client->tcpconn;
++	client->tcpconn = NULL;
+ 
++	isc_refcount_decrement(&tconn->refs, &refs);
+ 	if (refs == 0) {
+-		isc_mem_free(ns_g_mctx, refs);
+-		return (true);
++		isc_quota_detach(&tconn->tcpquota);
++		isc_mem_free(ns_g_mctx, tconn);
+ 	}
+-
+-	return (false);
+ }
+ 
+-/*
+- * Detach a client from the TCP client quota if appropriate, and set
+- * the quota pointer to NULL.
+- *
+- * Sometimes when the TCP client quota is exhausted but there are no other
+- * clients servicing the interface, a client will be allowed to continue
+- * running despite not having been attached to the quota. In this event,
+- * the TCP quota was never attached to the client, so when the client (or
+- * associated pipeline group) shuts down, the quota must NOT be detached.
++/*%
++ * Mark a client as active and increment the interface's 'ntcpactive'
++ * counter, as a signal that there is at least one client servicing
++ * TCP queries for the interface. If we reach the TCP client quota at
++ * some point, this will be used to determine whether a quota overrun
++ * should be permitted.
+  *
+- * Otherwise, if the quota pointer is set, it should be detached. If not
+- * set at all, we just return without doing anything.
++ * Marking the client active with the 'tcpactive' flag ensures proper
++ * accounting, by preventing us from incrementing or decrementing
++ * 'ntcpactive' more than once per client.
+  */
+ static void
+-tcpquota_disconnect(ns_client_t *client) {
+-	if (client->tcpquota == NULL) {
+-		return;
+-	}
+-
+-	if (client->tcpattached) {
+-		isc_quota_detach(&client->tcpquota);
+-		client->tcpattached = false;
+-	} else {
+-		client->tcpquota = NULL;
++mark_tcp_active(ns_client_t *client, bool active) {
++	if (active && !client->tcpactive) {
++		isc_atomic_xadd(&client->interface->ntcpactive, 1);
++		client->tcpactive = active;
++	} else if (!active && client->tcpactive) {
++		uint32_t old =
++			isc_atomic_xadd(&client->interface->ntcpactive, -1);
++		INSIST(old > 0);
++		client->tcpactive = active;
+ 	}
+ }
+ 
+@@ -484,7 +501,8 @@ exit_check(ns_client_t *client) {
+ 		INSIST(client->recursionquota == NULL);
+ 
+ 		if (NS_CLIENTSTATE_READING == client->newstate) {
+-			if (!client->pipelined) {
++			INSIST(client->tcpconn != NULL);
++			if (!client->tcpconn->pipelined) {
+ 				client_read(client);
+ 				client->newstate = NS_CLIENTSTATE_MAX;
+ 				return (true); /* We're done. */
+@@ -507,8 +525,8 @@ exit_check(ns_client_t *client) {
+ 			dns_tcpmsg_cancelread(&client->tcpmsg);
+ 		}
+ 
+-		if (client->nreads != 0) {
+-			/* Still waiting for read cancel completion. */
++		/* Still waiting for read cancel completion. */
++		if (client->nreads > 0) {
+ 			return (true);
+ 		}
+ 
+@@ -518,43 +536,45 @@ exit_check(ns_client_t *client) {
+ 		}
+ 
+ 		/*
+-		 * Detach from pipeline group and from TCP client quota,
+-		 * if appropriate.
++		 * Soon the client will be ready to accept a new TCP
++		 * connection or UDP request, but we may have enough
++		 * clients doing that already.  Check whether this client
++		 * needs to remain active and allow it go inactive if
++		 * not.
+ 		 *
+-		 * - If no pipeline group is active, attempt to
+-		 *   detach from the TCP client quota.
++		 * UDP clients always go inactive at this point, but a TCP
++		 * client may need to stay active and return to READY
++		 * state if no other clients are available to listen
++		 * for TCP requests on this interface.
+ 		 *
+-		 * - If a pipeline group is active, detach from it;
+-		 *   if the return code indicates that there no more
+-		 *   clients left if this pipeline group, we also detach
+-		 *   from the TCP client quota.
+-		 *
+-		 * - Otherwise we don't try to detach, we just set the
+-		 *   TCP quota pointer to NULL if it wasn't NULL already.
+-		 *
+-		 * tcpquota_disconnect() will set tcpquota to NULL, either
+-		 * by detaching it or by assignment, depending on the
+-		 * needs of the client. See the comments on that function
+-		 * for further information.
++		 * Regardless, if we're going to FREED state, that means
++		 * the system is shutting down and we don't need to
++		 * retain clients.
+ 		 */
+-		if (client->pipeline_refs == NULL || pipeline_detach(client)) {
+-			tcpquota_disconnect(client);
+-		} else {
+-			client->tcpquota = NULL;
+-			client->tcpattached = false;
++		if (client->mortal && TCP_CLIENT(client) &&
++		    client->newstate != NS_CLIENTSTATE_FREED &&
++		    !ns_g_clienttest &&
++		    isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
++		{
++			/* Nobody else is accepting */
++			client->mortal = false;
++			client->newstate = NS_CLIENTSTATE_READY;
++		}
++
++		/*
++		 * Detach from TCP connection and TCP client quota,
++		 * if appropriate. If this is the last reference to
++		 * the TCP connection in our pipeline group, the
++		 * TCP quota slot will be released.
++		 */
++		if (client->tcpconn) {
++			tcpconn_detach(client);
+ 		}
+ 
+ 		if (client->tcpsocket != NULL) {
+ 			CTRACE("closetcp");
+ 			isc_socket_detach(&client->tcpsocket);
+-
+-			if (client->tcpactive) {
+-				LOCK(&client->interface->lock);
+-				INSIST(client->interface->ntcpactive > 0);
+-				client->interface->ntcpactive--;
+-				UNLOCK(&client->interface->lock);
+-				client->tcpactive = false;
+-			}
++			mark_tcp_active(client, false);
+ 		}
+ 
+ 		if (client->timerset) {
+@@ -567,35 +587,6 @@ exit_check(ns_client_t *client) {
+ 		client->peeraddr_valid = false;
+ 
+ 		client->state = NS_CLIENTSTATE_READY;
+-		INSIST(client->recursionquota == NULL);
+-
+-		/*
+-		 * Now the client is ready to accept a new TCP connection
+-		 * or UDP request, but we may have enough clients doing
+-		 * that already.  Check whether this client needs to remain
+-		 * active and force it to go inactive if not.
+-		 *
+-		 * UDP clients go inactive at this point, but a TCP client
+-		 * may need to remain active and go into ready state if
+-		 * no other clients are available to listen for TCP
+-		 * requests on this interface or (in the case of pipelined
+-		 * clients) to read for additional messages on the current
+-		 * connection.
+-		 */
+-		if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
+-			LOCK(&client->interface->lock);
+-			if ((client->interface->ntcpaccepting == 0 ||
+-			    (client->pipelined &&
+-			     client->interface->ntcpactive < 2)) &&
+-			    client->newstate != NS_CLIENTSTATE_FREED)
+-			{
+-				client->mortal = false;
+-				client->newstate = NS_CLIENTSTATE_READY;
+-			}
+-			UNLOCK(&client->interface->lock);
+-		}
+-
+-		client->pipelined = false;
+ 
+ 		/*
+ 		 * We don't need the client; send it to the inactive
+@@ -630,7 +621,7 @@ exit_check(ns_client_t *client) {
+ 		}
+ 
+ 		/* Still waiting for accept cancel completion. */
+-		if (! (client->naccepts == 0)) {
++		if (client->naccepts > 0) {
+ 			return (true);
+ 		}
+ 
+@@ -641,7 +632,7 @@ exit_check(ns_client_t *client) {
+ 		}
+ 
+ 		/* Still waiting for recv cancel completion. */
+-		if (! (client->nrecvs == 0)) {
++		if (client->nrecvs > 0) {
+ 			return (true);
+ 		}
+ 
+@@ -654,14 +645,7 @@ exit_check(ns_client_t *client) {
+ 		INSIST(client->recursionquota == NULL);
+ 		if (client->tcplistener != NULL) {
+ 			isc_socket_detach(&client->tcplistener);
+-
+-			if (client->tcpactive) {
+-				LOCK(&client->interface->lock);
+-				INSIST(client->interface->ntcpactive > 0);
+-				client->interface->ntcpactive--;
+-				UNLOCK(&client->interface->lock);
+-				client->tcpactive = false;
+-			}
++			mark_tcp_active(client, false);
+ 		}
+ 		if (client->udpsocket != NULL) {
+ 			isc_socket_detach(&client->udpsocket);
+@@ -816,7 +800,7 @@ client_start(isc_task_t *task, isc_event_t *event) {
+ 		return;
+ 
+ 	if (TCP_CLIENT(client)) {
+-		if (client->pipelined) {
++		if (client->tcpconn != NULL) {
+ 			client_read(client);
+ 		} else {
+ 			client_accept(client);
+@@ -2470,6 +2454,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
+ 		client->nrecvs--;
+ 	} else {
+ 		INSIST(TCP_CLIENT(client));
++		INSIST(client->tcpconn != NULL);
+ 		REQUIRE(event->ev_type == DNS_EVENT_TCPMSG);
+ 		REQUIRE(event->ev_sender == &client->tcpmsg);
+ 		buffer = &client->tcpmsg.buffer;
+@@ -2657,17 +2642,19 @@ client_request(isc_task_t *task, isc_event_t *event) {
+ 	/*
+ 	 * Pipeline TCP query processing.
+ 	 */
+-	if (client->message->opcode != dns_opcode_query) {
+-		client->pipelined = false;
++	if (TCP_CLIENT(client) &&
++	    client->message->opcode != dns_opcode_query)
++	{
++		client->tcpconn->pipelined = false;
+ 	}
+-	if (TCP_CLIENT(client) && client->pipelined) {
++	if (TCP_CLIENT(client) && client->tcpconn->pipelined) {
+ 		/*
+ 		 * We're pipelining. Replace the client; the
+-		 * the replacement can read the TCP socket looking
+-		 * for new messages and this client can process the
++		 * replacement can read the TCP socket looking
++		 * for new messages and this one can process the
+ 		 * current message asynchronously.
+ 		 *
+-		 * There are now at least three clients using this
++		 * There will now be at least three clients using this
+ 		 * TCP socket - one accepting new connections,
+ 		 * one reading an existing connection to get new
+ 		 * messages, and one answering the message already
+@@ -2675,7 +2662,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
+ 		 */
+ 		result = ns_client_replace(client);
+ 		if (result != ISC_R_SUCCESS) {
+-			client->pipelined = false;
++			client->tcpconn->pipelined = false;
+ 		}
+ 	}
+ 
+@@ -3233,10 +3220,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
+ 	client->signer = NULL;
+ 	dns_name_init(&client->signername, NULL);
+ 	client->mortal = false;
+-	client->pipelined = false;
+-	client->pipeline_refs = NULL;
+-	client->tcpquota = NULL;
+-	client->tcpattached = false;
++	client->tcpconn = NULL;
+ 	client->recursionquota = NULL;
+ 	client->interface = NULL;
+ 	client->peeraddr_valid = false;
+@@ -3341,9 +3325,10 @@ client_read(ns_client_t *client) {
+ 
+ static void
+ client_newconn(isc_task_t *task, isc_event_t *event) {
++	isc_result_t result;
+ 	ns_client_t *client = event->ev_arg;
+ 	isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
+-	isc_result_t result;
++	uint32_t old;
+ 
+ 	REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
+ 	REQUIRE(NS_CLIENT_VALID(client));
+@@ -3363,10 +3348,8 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 	INSIST(client->naccepts == 1);
+ 	client->naccepts--;
+ 
+-	LOCK(&client->interface->lock);
+-	INSIST(client->interface->ntcpaccepting > 0);
+-	client->interface->ntcpaccepting--;
+-	UNLOCK(&client->interface->lock);
++	old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
++	INSIST(old > 0);
+ 
+ 	/*
+ 	 * We must take ownership of the new socket before the exit
+@@ -3399,7 +3382,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+ 			      "accept failed: %s",
+ 			      isc_result_totext(nevent->result));
+-		tcpquota_disconnect(client);
++		tcpconn_detach(client);
+ 	}
+ 
+ 	if (exit_check(client))
+@@ -3437,15 +3420,13 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 		 * telnetting to port 53 (once per CPU) will
+ 		 * deny service to legitimate TCP clients.
+ 		 */
+-		client->pipelined = false;
+ 		result = ns_client_replace(client);
+ 		if (result == ISC_R_SUCCESS &&
+ 		    (ns_g_server->keepresporder == NULL ||
+ 		     !allowed(&netaddr, NULL, NULL, 0, NULL,
+ 			      ns_g_server->keepresporder)))
+ 		{
+-			pipeline_init(client);
+-			client->pipelined = true;
++			client->tcpconn->pipelined = true;
+ 		}
+ 
+ 		client_read(client);
+@@ -3462,78 +3443,59 @@ client_accept(ns_client_t *client) {
+ 	CTRACE("accept");
+ 
+ 	/*
+-	 * The tcpquota object can only be simultaneously referenced a
+-	 * pre-defined number of times; this is configured by 'tcp-clients'
+-	 * in named.conf. If we can't attach to it here, that means the TCP
+-	 * client quota has been exceeded.
++	 * Set up a new TCP connection. This means try to attach to the
++	 * TCP client quota (tcp-clients), but fail if we're over quota.
+ 	 */
+-	result = isc_quota_attach(&ns_g_server->tcpquota,
+-				  &client->tcpquota);
++	result = tcpconn_init(client, false);
+ 	if (result != ISC_R_SUCCESS) {
+-			bool exit;
++		bool exit;
+ 
+-			ns_client_log(client, NS_LOGCATEGORY_CLIENT,
+-				      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
+-				      "no more TCP clients: %s",
+-				      isc_result_totext(result));
+-
+-			/*
+-			 * We have exceeded the system-wide TCP client
+-			 * quota.  But, we can't just block this accept
+-			 * in all cases, because if we did, a heavy TCP
+-			 * load on other interfaces might cause this
+-			 * interface to be starved, with no clients able
+-			 * to accept new connections.
+-			 *
+-			 * So, we check here to see if any other clients
+-			 * are already servicing TCP queries on this
+-			 * interface (whether accepting, reading, or
+-			 * processing). If there are at least two
+-			 * (one reading and one processing a request)
+-			 * then it's okay *not* to call accept - we
+-			 * can let this client go inactive and another
+-			 * one will resume accepting when it's done.
+-			 *
+-			 * If there aren't enough active clients on the
+-			 * interface, then we can be a little bit
+-			 * flexible about the quota. We'll allow *one*
+-			 * extra client through to ensure we're listening
+-			 * on every interface.
+-			 *
+-			 * (Note: In practice this means that the real
+-			 * TCP client quota is tcp-clients plus the
+-			 * number of listening interfaces plus 2.)
+-			 */
+-			LOCK(&client->interface->lock);
+-			exit = (client->interface->ntcpactive > 1);
+-			UNLOCK(&client->interface->lock);
++		ns_client_log(client, NS_LOGCATEGORY_CLIENT,
++			      NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
++			      "TCP client quota reached: %s",
++			      isc_result_totext(result));
+ 
+-			if (exit) {
+-				client->newstate = NS_CLIENTSTATE_INACTIVE;
+-				(void)exit_check(client);
+-				return;
+-			}
++		/*
++		 * We have exceeded the system-wide TCP client quota.  But,
++		 * we can't just block this accept in all cases, because if
++		 * we did, a heavy TCP load on other interfaces might cause
++		 * this interface to be starved, with no clients able to
++		 * accept new connections.
++		 *
++		 * So, we check here to see if any other clients are
++		 * already servicing TCP queries on this interface (whether
++		 * accepting, reading, or processing). If we find at least
++		 * one, then it's okay *not* to call accept - we can let this
++		 * client go inactive and another will take over when it's
++		 * done.
++		 *
++		 * If there aren't enough active clients on the interface,
++		 * then we can be a little bit flexible about the quota.
++		 * We'll allow *one* extra client through to ensure we're
++		 * listening on every interface; we do this by setting the
++		 * 'force' option to tcpconn_init().
++		 *
++		 * (Note: In practice this means that the real TCP client
++		 * quota is tcp-clients plus the number of listening
++		 * interfaces plus 1.)
++		 */
++		exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0);
++		if (exit) {
++			client->newstate = NS_CLIENTSTATE_INACTIVE;
++			(void)exit_check(client);
++			return;
++		}
+ 
+-	} else {
+-		client->tcpattached = true;
++		result = tcpconn_init(client, true);
++		RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ 	}
+ 
+ 	/*
+-	 * By incrementing the interface's ntcpactive counter we signal
+-	 * that there is at least one client servicing TCP queries for the
+-	 * interface.
+-	 *
+-	 * We also make note of the fact in the client itself with the
+-	 * tcpactive flag. This ensures proper accounting by preventing
+-	 * us from accidentally incrementing or decrementing ntcpactive
+-	 * more than once per client object.
++	 * If this client was set up using get_client() or get_worker(),
++	 * then TCP is already marked active. However, if it was restarted
++	 * from exit_check(), it might not be, so we take care of it now.
+ 	 */
+-	if (!client->tcpactive) {
+-		LOCK(&client->interface->lock);
+-		client->interface->ntcpactive++;
+-		UNLOCK(&client->interface->lock);
+-		client->tcpactive = true;
+-	}
++	mark_tcp_active(client, true);
+ 
+ 	result = isc_socket_accept(client->tcplistener, client->task,
+ 				   client_newconn, client);
+@@ -3549,15 +3511,8 @@ client_accept(ns_client_t *client) {
+ 				 "isc_socket_accept() failed: %s",
+ 				 isc_result_totext(result));
+ 
+-		tcpquota_disconnect(client);
+-
+-		if (client->tcpactive) {
+-			LOCK(&client->interface->lock);
+-			client->interface->ntcpactive--;
+-			UNLOCK(&client->interface->lock);
+-			client->tcpactive = false;
+-		}
+-
++		tcpconn_detach(client);
++		mark_tcp_active(client, false);
+ 		return;
+ 	}
+ 
+@@ -3582,9 +3537,7 @@ client_accept(ns_client_t *client) {
+ 	 * listening for connections itself to prevent the interface
+ 	 * going dead.
+ 	 */
+-	LOCK(&client->interface->lock);
+-	client->interface->ntcpaccepting++;
+-	UNLOCK(&client->interface->lock);
++	isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
+ }
+ 
+ static void
+@@ -3655,24 +3608,25 @@ ns_client_replace(ns_client_t *client) {
+ 	REQUIRE(client->manager != NULL);
+ 
+ 	tcp = TCP_CLIENT(client);
+-	if (tcp && client->pipelined) {
++	if (tcp && client->tcpconn != NULL && client->tcpconn->pipelined) {
+ 		result = get_worker(client->manager, client->interface,
+ 				    client->tcpsocket, client);
+ 	} else {
+ 		result = get_client(client->manager, client->interface,
+-				    client->dispatch, client, tcp);
++				    client->dispatch, tcp);
+ 
+-		/*
+-		 * The responsibility for listening for new requests is hereby
+-		 * transferred to the new client.  Therefore, the old client
+-		 * should refrain from listening for any more requests.
+-		 */
+-		client->mortal = true;
+ 	}
+ 	if (result != ISC_R_SUCCESS) {
+ 		return (result);
+ 	}
+ 
++	/*
++	 * The responsibility for listening for new requests is hereby
++	 * transferred to the new client.  Therefore, the old client
++	 * should refrain from listening for any more requests.
++	 */
++	client->mortal = true;
++
+ 	return (ISC_R_SUCCESS);
+ }
+ 
+@@ -3806,7 +3760,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
+ 
+ static isc_result_t
+ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+-	   dns_dispatch_t *disp, ns_client_t *oldclient, bool tcp)
++	   dns_dispatch_t *disp, bool tcp)
+ {
+ 	isc_result_t result = ISC_R_SUCCESS;
+ 	isc_event_t *ev;
+@@ -3850,15 +3804,7 @@ get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
+ 	client->dscp = ifp->dscp;
+ 
+ 	if (tcp) {
+-		client->tcpattached = false;
+-		if (oldclient != NULL) {
+-			client->tcpattached = oldclient->tcpattached;
+-		}
+-
+-		LOCK(&client->interface->lock);
+-		client->interface->ntcpactive++;
+-		UNLOCK(&client->interface->lock);
+-		client->tcpactive = true;
++		mark_tcp_active(client, true);
+ 
+ 		client->attributes |= NS_CLIENTATTR_TCP;
+ 		isc_socket_attach(ifp->tcpsocket,
+@@ -3923,16 +3869,14 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
+ 	ns_interface_attach(ifp, &client->interface);
+ 	client->newstate = client->state = NS_CLIENTSTATE_WORKING;
+ 	INSIST(client->recursionquota == NULL);
+-	client->tcpquota = &ns_g_server->tcpquota;
+-	client->tcpattached = oldclient->tcpattached;
+ 
+ 	client->dscp = ifp->dscp;
+ 
+ 	client->attributes |= NS_CLIENTATTR_TCP;
+ 	client->mortal = true;
+ 
+-	pipeline_attach(oldclient, client);
+-	client->pipelined = true;
++	tcpconn_attach(oldclient, client);
++	mark_tcp_active(client, true);
+ 
+ 	isc_socket_attach(ifp->tcpsocket, &client->tcplistener);
+ 	isc_socket_attach(sock, &client->tcpsocket);
+@@ -3940,11 +3884,6 @@ get_worker(ns_clientmgr_t *manager, ns_interface_t *ifp, isc_socket_t *sock,
+ 	(void)isc_socket_getpeername(client->tcpsocket, &client->peeraddr);
+ 	client->peeraddr_valid = true;
+ 
+-	LOCK(&client->interface->lock);
+-	client->interface->ntcpactive++;
+-	UNLOCK(&client->interface->lock);
+-	client->tcpactive = true;
+-
+ 	INSIST(client->tcpmsg_valid == false);
+ 	dns_tcpmsg_init(client->mctx, client->tcpsocket, &client->tcpmsg);
+ 	client->tcpmsg_valid = true;
+@@ -3970,8 +3909,7 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
+ 	MTRACE("createclients");
+ 
+ 	for (disp = 0; disp < n; disp++) {
+-		result = get_client(manager, ifp, ifp->udpdispatch[disp],
+-				    NULL, tcp);
++		result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp);
+ 		if (result != ISC_R_SUCCESS)
+ 			break;
+ 	}
+diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h
+index e2c40acd28..969ee4c08f 100644
+--- a/bin/named/include/named/client.h
++++ b/bin/named/include/named/client.h
+@@ -78,6 +78,13 @@
+  *** Types
+  ***/
+ 
++/*% reference-counted TCP connection object */
++typedef struct ns_tcpconn {
++	isc_refcount_t		refs;
++	isc_quota_t		*tcpquota;
++	bool			pipelined;
++} ns_tcpconn_t;
++
+ /*% nameserver client structure */
+ struct ns_client {
+ 	unsigned int		magic;
+@@ -131,10 +138,7 @@ struct ns_client {
+ 	dns_name_t		signername;   /*%< [T]SIG key name */
+ 	dns_name_t		*signer;      /*%< NULL if not valid sig */
+ 	bool			mortal;	      /*%< Die after handling request */
+-	bool			pipelined;   /*%< TCP queries not in sequence */
+-	isc_refcount_t		*pipeline_refs;
+-	isc_quota_t		*tcpquota;
+-	bool			tcpattached;
++	ns_tcpconn_t		*tcpconn;
+ 	isc_quota_t		*recursionquota;
+ 	ns_interface_t		*interface;
+ 
+diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
+index 61b08826a6..3535ef22a8 100644
+--- a/bin/named/include/named/interfacemgr.h
++++ b/bin/named/include/named/interfacemgr.h
+@@ -9,8 +9,6 @@
+  * information regarding copyright ownership.
+  */
+ 
+-/* $Id: interfacemgr.h,v 1.35 2011/07/28 23:47:58 tbox Exp $ */
+-
+ #ifndef NAMED_INTERFACEMGR_H
+ #define NAMED_INTERFACEMGR_H 1
+ 
+@@ -77,11 +75,11 @@ struct ns_interface {
+ 						/*%< UDP dispatchers. */
+ 	isc_socket_t *		tcpsocket;	/*%< TCP socket. */
+ 	isc_dscp_t		dscp;		/*%< "listen-on" DSCP value */
+-	int			ntcpaccepting;	/*%< Number of clients
++	int32_t			ntcpaccepting;	/*%< Number of clients
+ 						     ready to accept new
+ 						     TCP connections on this
+ 						     interface */
+-	int			ntcpactive;	/*%< Number of clients
++	int32_t			ntcpactive;	/*%< Number of clients
+ 						     servicing TCP queries
+ 						     (whether accepting or
+ 						     connected) */
+diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
+index 955096ef47..d9f6df5802 100644
+--- a/bin/named/interfacemgr.c
++++ b/bin/named/interfacemgr.c
+@@ -388,6 +388,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
+ 	 */
+ 	ifp->ntcpaccepting = 0;
+ 	ifp->ntcpactive = 0;
++
+ 	ifp->nudpdispatch = 0;
+ 
+ 	ifp->dscp = -1;
+diff --git a/lib/isc/include/isc/quota.h b/lib/isc/include/isc/quota.h
+index b9bf59877a..36c5830242 100644
+--- a/lib/isc/include/isc/quota.h
++++ b/lib/isc/include/isc/quota.h
+@@ -100,6 +100,13 @@ isc_quota_attach(isc_quota_t *quota, isc_quota_t **p);
+  * quota if successful (ISC_R_SUCCESS or ISC_R_SOFTQUOTA).
+  */
+ 
++isc_result_t
++isc_quota_force(isc_quota_t *quota, isc_quota_t **p);
++/*%<
++ * Like isc_quota_attach, but will attach '*p' to the quota
++ * even if the hard quota has been exceeded.
++ */
++
+ void
+ isc_quota_detach(isc_quota_t **p);
+ /*%<
+diff --git a/lib/isc/quota.c b/lib/isc/quota.c
+index 3ddff0d875..556a61f21d 100644
+--- a/lib/isc/quota.c
++++ b/lib/isc/quota.c
+@@ -74,20 +74,39 @@ isc_quota_release(isc_quota_t *quota) {
+ 	UNLOCK(&quota->lock);
+ }
+ 
+-isc_result_t
+-isc_quota_attach(isc_quota_t *quota, isc_quota_t **p)
+-{
++static isc_result_t
++doattach(isc_quota_t *quota, isc_quota_t **p, bool force) {
+ 	isc_result_t result;
+-	INSIST(p != NULL && *p == NULL);
++	REQUIRE(p != NULL && *p == NULL);
++
+ 	result = isc_quota_reserve(quota);
+-	if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA)
++	if (result == ISC_R_SUCCESS || result == ISC_R_SOFTQUOTA) {
++		*p = quota;
++	} else if (result == ISC_R_QUOTA && force) {
++		/* attach anyway */
++		LOCK(&quota->lock);
++		quota->used++;
++		UNLOCK(&quota->lock);
++
+ 		*p = quota;
++		result = ISC_R_SUCCESS;
++	}
++
+ 	return (result);
+ }
+ 
++isc_result_t
++isc_quota_attach(isc_quota_t *quota, isc_quota_t **p) {
++	return (doattach(quota, p, false));
++}
++
++isc_result_t
++isc_quota_force(isc_quota_t *quota, isc_quota_t **p) {
++	return (doattach(quota, p, true));
++}
++
+ void
+-isc_quota_detach(isc_quota_t **p)
+-{
++isc_quota_detach(isc_quota_t **p) {
+ 	INSIST(p != NULL && *p != NULL);
+ 	isc_quota_release(*p);
+ 	*p = NULL;
+diff --git a/lib/isc/win32/libisc.def.in b/lib/isc/win32/libisc.def.in
+index a82facec0f..7b9f23d776 100644
+--- a/lib/isc/win32/libisc.def.in
++++ b/lib/isc/win32/libisc.def.in
+@@ -519,6 +519,7 @@ isc_portset_removerange
+ isc_quota_attach
+ isc_quota_destroy
+ isc_quota_detach
++isc_quota_force
+ isc_quota_init
+ isc_quota_max
+ isc_quota_release
+-- 
+2.20.1
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch b/poky/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch
new file mode 100644
index 000000000..3821d1850
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0006-restore-allowance-for-tcp-clients-interfaces.patch
@@ -0,0 +1,80 @@
+Backport patch to fix CVE-2018-5743.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2018-5743
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/59434b9]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 59434b987e8eb436b08c24e559ee094c4e939daa Mon Sep 17 00:00:00 2001
+From: Evan Hunt <each@isc.org>
+Date: Fri, 5 Apr 2019 16:26:19 -0700
+Subject: [PATCH 6/6] restore allowance for tcp-clients < interfaces
+
+in the "refactor tcpquota and pipeline refs" commit, the counting
+of active interfaces was tightened in such a way that named could
+fail to listen on an interface if there were more interfaces than
+tcp-clients. when checking the quota to start accepting on an
+interface, if the number of active clients was above zero, then
+it was presumed that some other client was able to handle accepting
+new connections. this, however, ignored the fact that the current client
+could be included in that count, so if the quota was already exceeded
+before all the interfaces were listening, some interfaces would never
+listen.
+
+we now check whether the current client has been marked active; if so,
+then the number of active clients on the interface must be greater
+than 1, not 0.
+
+(cherry picked from commit 0b4e2cd4c3192ba88569dd344f542a8cc43742b5)
+(cherry picked from commit d01023aaac35543daffbdf48464e320150235d41)
+---
+ bin/named/client.c      | 8 +++++---
+ doc/arm/Bv9ARM-book.xml | 3 ++-
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index d826ab32bf..845326abc0 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -3464,8 +3464,9 @@ client_accept(ns_client_t *client) {
+ 		 *
+ 		 * So, we check here to see if any other clients are
+ 		 * already servicing TCP queries on this interface (whether
+-		 * accepting, reading, or processing). If we find at least
+-		 * one, then it's okay *not* to call accept - we can let this
++		 * accepting, reading, or processing). If we find that at
++		 * least one client other than this one is active, then
++		 * it's okay *not* to call accept - we can let this
+ 		 * client go inactive and another will take over when it's
+ 		 * done.
+ 		 *
+@@ -3479,7 +3480,8 @@ client_accept(ns_client_t *client) {
+ 		 * quota is tcp-clients plus the number of listening
+ 		 * interfaces plus 1.)
+ 		 */
+-		exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) > 0);
++		exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
++			(client->tcpactive ? 1 : 0));
+ 		if (exit) {
+ 			client->newstate = NS_CLIENTSTATE_INACTIVE;
+ 			(void)exit_check(client);
+diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
+index 381768d540..9c76d3cd6f 100644
+--- a/doc/arm/Bv9ARM-book.xml
++++ b/doc/arm/Bv9ARM-book.xml
+@@ -8493,7 +8493,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
+ 		<para>
+ 		  The number of file descriptors reserved for TCP, stdio,
+ 		  etc.  This needs to be big enough to cover the number of
+-		  interfaces <command>named</command> listens on, <command>tcp-clients</command> as well as
++		  interfaces <command>named</command> listens on plus
++		  <command>tcp-clients</command>, as well as
+ 		  to provide room for outgoing TCP queries and incoming zone
+ 		  transfers.  The default is <literal>512</literal>.
+ 		  The minimum value is <literal>128</literal> and the
+-- 
+2.20.1
+
diff --git a/poky/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch b/poky/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch
new file mode 100644
index 000000000..1a84eca58
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bind/bind/0007-Replace-atomic-operations-in-bin-named-client.c-with.patch
@@ -0,0 +1,140 @@
+Backport commit to fix compile error on arm caused by commits which are
+to fix CVE-2018-5743.
+
+CVE: CVE-2018-5743
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/ef49780]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From ef49780d30d3ddc5735cfc32561b678a634fa72f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
+Date: Wed, 17 Apr 2019 15:22:27 +0200
+Subject: [PATCH] Replace atomic operations in bin/named/client.c with
+ isc_refcount reference counting
+
+---
+ bin/named/client.c                     | 18 +++++++-----------
+ bin/named/include/named/interfacemgr.h |  5 +++--
+ bin/named/interfacemgr.c               |  7 +++++--
+ 3 files changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/bin/named/client.c b/bin/named/client.c
+index 845326abc0..29fecadca8 100644
+--- a/bin/named/client.c
++++ b/bin/named/client.c
+@@ -402,12 +402,10 @@ tcpconn_detach(ns_client_t *client) {
+ static void
+ mark_tcp_active(ns_client_t *client, bool active) {
+ 	if (active && !client->tcpactive) {
+-		isc_atomic_xadd(&client->interface->ntcpactive, 1);
++		isc_refcount_increment0(&client->interface->ntcpactive, NULL);
+ 		client->tcpactive = active;
+ 	} else if (!active && client->tcpactive) {
+-		uint32_t old =
+-			isc_atomic_xadd(&client->interface->ntcpactive, -1);
+-		INSIST(old > 0);
++		isc_refcount_decrement(&client->interface->ntcpactive, NULL);
+ 		client->tcpactive = active;
+ 	}
+ }
+@@ -554,7 +552,7 @@ exit_check(ns_client_t *client) {
+ 		if (client->mortal && TCP_CLIENT(client) &&
+ 		    client->newstate != NS_CLIENTSTATE_FREED &&
+ 		    !ns_g_clienttest &&
+-		    isc_atomic_xadd(&client->interface->ntcpaccepting, 0) == 0)
++		    isc_refcount_current(&client->interface->ntcpaccepting) == 0)
+ 		{
+ 			/* Nobody else is accepting */
+ 			client->mortal = false;
+@@ -3328,7 +3326,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 	isc_result_t result;
+ 	ns_client_t *client = event->ev_arg;
+ 	isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
+-	uint32_t old;
+ 
+ 	REQUIRE(event->ev_type == ISC_SOCKEVENT_NEWCONN);
+ 	REQUIRE(NS_CLIENT_VALID(client));
+@@ -3348,8 +3345,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
+ 	INSIST(client->naccepts == 1);
+ 	client->naccepts--;
+ 
+-	old = isc_atomic_xadd(&client->interface->ntcpaccepting, -1);
+-	INSIST(old > 0);
++	isc_refcount_decrement(&client->interface->ntcpaccepting, NULL);
+ 
+ 	/*
+ 	 * We must take ownership of the new socket before the exit
+@@ -3480,8 +3476,8 @@ client_accept(ns_client_t *client) {
+ 		 * quota is tcp-clients plus the number of listening
+ 		 * interfaces plus 1.)
+ 		 */
+-		exit = (isc_atomic_xadd(&client->interface->ntcpactive, 0) >
+-			(client->tcpactive ? 1 : 0));
++		exit = (isc_refcount_current(&client->interface->ntcpactive) >
++			(client->tcpactive ? 1U : 0U));
+ 		if (exit) {
+ 			client->newstate = NS_CLIENTSTATE_INACTIVE;
+ 			(void)exit_check(client);
+@@ -3539,7 +3535,7 @@ client_accept(ns_client_t *client) {
+ 	 * listening for connections itself to prevent the interface
+ 	 * going dead.
+ 	 */
+-	isc_atomic_xadd(&client->interface->ntcpaccepting, 1);
++	isc_refcount_increment0(&client->interface->ntcpaccepting, NULL);
+ }
+ 
+ static void
+diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h
+index 3535ef22a8..6e10f210fd 100644
+--- a/bin/named/include/named/interfacemgr.h
++++ b/bin/named/include/named/interfacemgr.h
+@@ -45,6 +45,7 @@
+ #include <isc/magic.h>
+ #include <isc/mem.h>
+ #include <isc/socket.h>
++#include <isc/refcount.h>
+ 
+ #include <dns/result.h>
+ 
+@@ -75,11 +76,11 @@ struct ns_interface {
+ 						/*%< UDP dispatchers. */
+ 	isc_socket_t *		tcpsocket;	/*%< TCP socket. */
+ 	isc_dscp_t		dscp;		/*%< "listen-on" DSCP value */
+-	int32_t			ntcpaccepting;	/*%< Number of clients
++	isc_refcount_t		ntcpaccepting;	/*%< Number of clients
+ 						     ready to accept new
+ 						     TCP connections on this
+ 						     interface */
+-	int32_t			ntcpactive;	/*%< Number of clients
++	isc_refcount_t		ntcpactive;	/*%< Number of clients
+ 						     servicing TCP queries
+ 						     (whether accepting or
+ 						     connected) */
+diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
+index d9f6df5802..135533be6b 100644
+--- a/bin/named/interfacemgr.c
++++ b/bin/named/interfacemgr.c
+@@ -386,8 +386,8 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
+ 	 * connections will be handled in parallel even though there is
+ 	 * only one client initially.
+ 	 */
+-	ifp->ntcpaccepting = 0;
+-	ifp->ntcpactive = 0;
++	isc_refcount_init(&ifp->ntcpaccepting, 0);
++	isc_refcount_init(&ifp->ntcpactive, 0);
+ 
+ 	ifp->nudpdispatch = 0;
+ 
+@@ -618,6 +618,9 @@ ns_interface_destroy(ns_interface_t *ifp) {
+ 
+ 	ns_interfacemgr_detach(&ifp->mgr);
+ 
++	isc_refcount_destroy(&ifp->ntcpactive);
++	isc_refcount_destroy(&ifp->ntcpaccepting);
++
+ 	ifp->magic = 0;
+ 	isc_mem_put(mctx, ifp, sizeof(*ifp));
+ }
+-- 
+2.20.1
+
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
index f4e985036..3e2412dfa 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
@@ -20,6 +20,14 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
            file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
            file://0001-avoid-start-failure-with-bind-user.patch \
+           file://0001-bind-fix-CVE-2019-6471.patch \
+           file://0001-fix-enforcement-of-tcp-clients-v1.patch \
+           file://0002-tcp-clients-could-still-be-exceeded-v2.patch \
+           file://0003-use-reference-counter-for-pipeline-groups-v3.patch \
+           file://0004-better-tcpquota-accounting-and-client-mortality-chec.patch \
+           file://0005-refactor-tcpquota-and-pipeline-refs-allow-special-ca.patch \
+           file://0006-restore-allowance-for-tcp-clients-interfaces.patch \
+           file://0007-Replace-atomic-operations-in-bin-named-client.c-with.patch \
 "
 
 SRC_URI[md5sum] = "8ddab4b61fa4516fe404679c74e37960"
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index f582a07e2..170232328 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -58,6 +58,7 @@ SRC_URI = "\
     file://CVE-2018-10910.patch \
     file://gcc9-fixes.patch \
     file://0001-tools-Fix-build-after-y2038-changes-in-glibc.patch \
+    file://0001-tools-btpclient.c-include-signal.h.patch \
 "
 S = "${WORKDIR}/bluez-${PV}"
 
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch
index 3c227a8ea..b6cb97839 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch
@@ -1,32 +1,30 @@
-From 048e1844092cb4b3afd23f16fc2cc70dd2e122b7 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 24 Dec 2018 17:57:14 -0800
-Subject: [PATCH] Makefile.am: Fix a race issue for tools
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
 
-Fixed:
-cp ../bluez-5.50/tools/hid2hci.rules tools/97-hid2hci.rules
-cp: cannot create regular file tools/97-hid2hci.rules: No such file or directory
-make[1]: *** [tools/97-hid2hci.rules] Error 1
+From 117c41242c01e057295aed80ed973c6dc7e35fe2 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 8 Oct 2019 11:01:56 +0100
+Subject: [PATCH BlueZ] Makefile.am: add missing mkdir in rules generation
 
-Upstream-Status: Submitted[https://www.spinics.net/lists/linux-bluetooth/msg78361.html]
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+In parallel out-of-tree builds it's possible that tools/*.rules are
+generated before the target directory has been implicitly created. Solve this by
+creating the directory before writing into it.
 ---
  Makefile.am | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/Makefile.am b/Makefile.am
-index 6d1ff11..35a01f2 100644
+index 2ac28b23d..e7bcd2366 100644
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -504,6 +504,7 @@ src/builtin.h: src/genbuiltin $(builtin_sources)
+@@ -589,6 +589,7 @@ src/builtin.h: src/genbuiltin $(builtin_sources)
  	$(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
  
  tools/%.rules:
-+	[ -e tools ] || $(MKDIR_P) tools
++	$(AM_V_at)$(MKDIR_P) tools
  	$(AM_V_GEN)cp $(srcdir)/$(subst 97-,,$@) $@
  
  $(lib_libbluetooth_la_OBJECTS): $(local_headers)
 -- 
-2.10.2
+2.20.1
 
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch
new file mode 100644
index 000000000..620aaabc6
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch
@@ -0,0 +1,30 @@
+From 0b1766514f6847c7367fce07f19a750ec74c11a6 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Thu, 26 Sep 2019 16:19:34 +0800
+Subject: [PATCH] tools/btpclient.c: include signal.h
+
+Fix compile failure when configure --enable-btpclient:
+btpclient.c:2834:7: error: 'SIGINT' undeclared (first use in this function)
+
+Upstream-Status: Backport [A subset of the full fix that went upstream]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ tools/btpclient.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/btpclient.c b/tools/btpclient.c
+index b217df5..aece7fe 100644
+--- a/tools/btpclient.c
++++ b/tools/btpclient.c
+@@ -29,6 +29,7 @@
+ #include <stdlib.h>
+ #include <assert.h>
+ #include <getopt.h>
++#include <signal.h>
+ 
+ #include <ell/ell.h>
+ 
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
index 3ee79d704..76ed77925 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
@@ -7,7 +7,7 @@ In parallel out-of-tree builds it's possible that obexd/src/builtin.h is
 generated before the target directory has been implicitly created. Solve this by
 creating the directory before writing into it.
 
-Upstream-Status: Submitted
+Upstream-Status: Backport
 Signed-off-by: Ross Burton <ross.burton@intel.com>
 ---
  Makefile.obexd | 1 +
diff --git a/poky/meta/recipes-connectivity/connman/connman.inc b/poky/meta/recipes-connectivity/connman/connman.inc
index ee0047992..fb38ab4fc 100644
--- a/poky/meta/recipes-connectivity/connman/connman.inc
+++ b/poky/meta/recipes-connectivity/connman/connman.inc
@@ -59,7 +59,7 @@ INITSCRIPT_NAME = "connman"
 INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ."
 
 python __anonymous () {
-    systemd_packages = "${PN}"
+    systemd_packages = "${PN} ${PN}-wait-online"
     pkgconfig = d.getVar('PACKAGECONFIG')
     if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split():
         systemd_packages += " ${PN}-vpn"
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
index d5e9c38a9..0f5747cc6 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
@@ -107,7 +107,7 @@ stop_nfsd(){
 #FIXME: need to create the /var/lib/nfs/... directories
 case "$1" in
   start)
-	exportfs -r
+	test -r /etc/exports && exportfs -r
 	start_nfsd "$NFS_SERVERS"
 	start_mountd
 	test -r /etc/exports && exportfs -a;;
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
index 7e80354e4..eb32bccb5 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
@@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84"
 
 # util-linux for libblkid
 DEPENDS = "libcap libevent util-linux sqlite3 libtirpc"
-RDEPENDS_${PN} = "${PN}-client bash"
+RDEPENDS_${PN} = "${PN}-client"
 RRECOMMENDS_${PN} = "kernel-module-nfsd"
 
 inherit useradd
diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.30.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.30.bb
deleted file mode 100644
index c916cb1b2..000000000
--- a/poky/meta/recipes-connectivity/ofono/ofono_1.30.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require ofono.inc
-
-SRC_URI  = "\
-  ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
-  file://ofono \
-  file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
-"
-SRC_URI[md5sum] = "2b1ce11a4db1f4b5c8cd96eb7e96ba0c"
-SRC_URI[sha256sum] = "8079735efc5d7f33be9e792e791f2f7ff75c31ce67d477b994673e32319eec5c"
diff --git a/poky/meta/recipes-connectivity/ofono/ofono.inc b/poky/meta/recipes-connectivity/ofono/ofono_1.31.bb
index bdbb0b5bc..7d0976ad7 100644
--- a/poky/meta/recipes-connectivity/ofono/ofono.inc
+++ b/poky/meta/recipes-connectivity/ofono/ofono_1.31.bb
@@ -1,28 +1,35 @@
-HOMEPAGE = "http://www.ofono.org"
-SUMMARY  = "open source telephony"
+SUMMARY = "open source telephony"
 DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands."
-LICENSE  = "GPLv2"
+HOMEPAGE = "http://www.ofono.org"
+BUGTRACKER = "https://01.org/jira/browse/OF"
+LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
                     file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee"
+DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell"
 
-inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
+SRC_URI = "\
+    ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+    file://ofono \
+    file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
+"
+SRC_URI[md5sum] = "1c26340e3c6ed132cc812595081bb3dc"
+SRC_URI[sha256sum] = "a15c5d28096c10eb30e47a68b6dc2e7c4a5a99d7f4cfedf0b69624f33d859e9b"
 
-DEPENDS  = "dbus glib-2.0 udev mobile-broadband-provider-info ell"
+inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
 
 INITSCRIPT_NAME = "ofono"
 INITSCRIPT_PARAMS = "defaults 22"
+SYSTEMD_SERVICE_${PN} = "ofono.service"
 
 PACKAGECONFIG ??= "\
     ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
-    "
+"
 PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir="
 PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5"
 
 EXTRA_OECONF += "--enable-test --enable-external-ell"
 
-SYSTEMD_SERVICE_${PN} = "ofono.service"
-
 do_install_append() {
   install -d ${D}${sysconfdir}/init.d/
   install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
@@ -30,10 +37,14 @@ do_install_append() {
 
 PACKAGES =+ "${PN}-tests"
 
-RDEPENDS_${PN} += "dbus"
-RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info"
-
 FILES_${PN} += "${systemd_unitdir}"
 FILES_${PN}-tests = "${libdir}/${BPN}/test"
-RDEPENDS_${PN}-tests = "python3-core python3-dbus"
-RDEPENDS_${PN}-tests += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
+
+RDEPENDS_${PN} += "dbus"
+RDEPENDS_${PN}-tests = "\
+    python3-core \
+    python3-dbus \
+    ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \
+"
+
+RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info"
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch b/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch
new file mode 100644
index 000000000..3265be348
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch
@@ -0,0 +1,40 @@
+From 2014fad3d28090b59d2f8a0971166c06e5fa6da6 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Fri, 18 Oct 2019 14:56:58 +0800
+Subject: [PATCH] upstream: fix integer overflow in XMSS private key parsing.
+
+Reported by Adam Zabrocki via SecuriTeam's SSH program.
+
+Note that this code is experimental and not compiled by default.
+
+ok markus@
+
+OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
+
+Signed-off-by: "djm@openbsd.org" <djm@openbsd.org>
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/a546b17bbaeb12beac4c9aeed56f74a42b18a93a]
+CVE: CVE-2019-16905
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ sshkey-xmss.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/sshkey-xmss.c b/sshkey-xmss.c
+index aaae702..c57681a 100644
+--- a/sshkey-xmss.c
++++ b/sshkey-xmss.c
+@@ -977,7 +977,8 @@ sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded,
+ 		goto out;
+ 	}
+ 	/* check that an appropriate amount of auth data is present */
+-	if (sshbuf_len(encoded) < encrypted_len + authlen) {
++	if (sshbuf_len(encoded) < authlen ||
++	    sshbuf_len(encoded) - authlen < encrypted_len) {
+ 		r = SSH_ERR_INVALID_FORMAT;
+ 		goto out;
+ 	}
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
index 01eaecd4e..2ffbc9a95 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
@@ -24,6 +24,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
            file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
+           file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \
            "
 SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d"
 SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
index 072f727e0..8819e19ec 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -148,7 +148,7 @@ do_install_append_class-native () {
 	    OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
 	    SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
 	    SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
-	    OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
+	    OPENSSL_ENGINES=${libdir}/engines-1.1
 }
 
 do_install_append_class-nativesdk () {
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
new file mode 100644
index 000000000..7b0713cf6
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
@@ -0,0 +1,82 @@
+hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication
+of disconnection in certain situations because source address validation is
+mishandled. This is a denial of service that should have been prevented by PMF
+(aka management frame protection). The attacker must send a crafted 802.11 frame
+from a location that is within the 802.11 communications range.
+
+CVE: CVE-2019-16275
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Thu, 29 Aug 2019 11:52:04 +0300
+Subject: [PATCH] AP: Silently ignore management frame from unexpected source
+ address
+
+Do not process any received Management frames with unexpected/invalid SA
+so that we do not add any state for unexpected STA addresses or end up
+sending out frames to unexpected destination. This prevents unexpected
+sequences where an unprotected frame might end up causing the AP to send
+out a response to another device and that other device processing the
+unexpected response.
+
+In particular, this prevents some potential denial of service cases
+where the unexpected response frame from the AP might result in a
+connected station dropping its association.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/drv_callbacks.c | 13 +++++++++++++
+ src/ap/ieee802_11.c    | 12 ++++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
+index 31587685fe3b..34ca379edc3d 100644
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
+ 			   "hostapd_notif_assoc: Skip event with no address");
+ 		return -1;
+ 	}
++
++	if (is_multicast_ether_addr(addr) ||
++	    is_zero_ether_addr(addr) ||
++	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
++			   " in received indication - ignore this indication silently",
++			   __func__, MAC2STR(addr));
++		return 0;
++	}
++
+ 	random_add_randomness(addr, ETH_ALEN);
+ 
+ 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index c85a28db44b7..e7065372e158 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
+ 	fc = le_to_host16(mgmt->frame_control);
+ 	stype = WLAN_FC_GET_STYPE(fc);
+ 
++	if (is_multicast_ether_addr(mgmt->sa) ||
++	    is_zero_ether_addr(mgmt->sa) ||
++	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
++			   " in received frame - ignore this frame silently",
++			   MAC2STR(mgmt->sa));
++		return 0;
++	}
++
+ 	if (stype == WLAN_FC_STYPE_BEACON) {
+ 		handle_beacon(hapd, mgmt, len, fi);
+ 		return 1;
+-- 
+2.20.1
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index ad9e6ea4b..3e92427bb 100644
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -25,6 +25,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  \
            file://wpa_supplicant.conf-sane \
            file://99_wpa_supplicant \
            file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
+		   file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \
           "
 SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190"
 SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17"
diff --git a/poky/meta/recipes-core/coreutils/coreutils_8.31.bb b/poky/meta/recipes-core/coreutils/coreutils_8.31.bb
index 4a74f619a..57b2c1bdb 100644
--- a/poky/meta/recipes-core/coreutils/coreutils_8.31.bb
+++ b/poky/meta/recipes-core/coreutils/coreutils_8.31.bb
@@ -49,7 +49,7 @@ bindir_progs = "arch basename chcon cksum comm csplit cut dir dircolors dirname
                 env expand expr factor fmt fold groups head hostid id install \
                 join link logname md5sum mkfifo nl nohup nproc od paste pathchk \
                 pinky pr printf ptx readlink realpath runcon seq sha1sum sha224sum sha256sum \
-                sha384sum sha512sum shred shuf sort split stdbuf sum tac tail tee test timeout \
+                sha384sum sha512sum shred shuf sort split sum tac tail tee test timeout \
                 tr truncate tsort tty unexpand uniq unlink uptime users vdir wc who whoami yes"
 
 # hostname gets a special treatment and is not included in this
@@ -58,6 +58,10 @@ base_bindir_progs = "cat chgrp chmod chown cp date dd echo false hostname kill l
 
 sbindir_progs= "chroot"
 
+PACKAGE_BEFORE_PN_class-target += "coreutils-stdbuf"
+FILES_coreutils-stdbuf = "${bindir}/stdbuf ${libdir}/coreutils/libstdbuf.so"
+RDEPENDS_coreutils_class-target += "coreutils-stdbuf"
+
 # Let aclocal use the relative path for the m4 file rather than the
 # absolute since coreutils has a lot of m4 files, otherwise there might
 # be an "Argument list too long" error when it is built in a long/deep
diff --git a/poky/meta/recipes-core/dbus/dbus/dbus-1.init b/poky/meta/recipes-core/dbus/dbus/dbus-1.init
index 42c86297c..90e167e57 100644
--- a/poky/meta/recipes-core/dbus/dbus/dbus-1.init
+++ b/poky/meta/recipes-core/dbus/dbus/dbus-1.init
@@ -21,8 +21,8 @@
 
 DAEMON=@bindir@/dbus-daemon
 NAME=dbus
-DAEMONUSER=messagebus           # must match /etc/dbus-1/system.conf
-PIDFILE=/var/run/messagebus.pid # must match /etc/dbus-1/system.conf
+DAEMONUSER=messagebus           # must match /usr/share/dbus-1/system.conf
+PIDFILE=/var/run/dbus/pid # must match /usr/share/dbus-1/system.conf
 UUIDDIR=/var/lib/dbus
 DESC="system message bus"
 EVENTDIR=/etc/dbus-1/event.d
diff --git a/poky/meta/recipes-core/ell/ell_0.22.bb b/poky/meta/recipes-core/ell/ell_0.26.bb
index b3942fc30..f1f252ce4 100644
--- a/poky/meta/recipes-core/ell/ell_0.22.bb
+++ b/poky/meta/recipes-core/ell/ell_0.26.bb
@@ -14,8 +14,8 @@ DEPENDS = "dbus"
 inherit autotools pkgconfig
 
 SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz"
-SRC_URI[md5sum] = "a4e7d74404f11e71775b89f53a8f1c33"
-SRC_URI[sha256sum] = "3c1d6d997e17dfcbe4ebcd1331d9a7be5c64f2f0a0813bc223790e570d8da2e3"
+SRC_URI[md5sum] = "4660e25541071e933a2bb02ef2f94e7d"
+SRC_URI[sha256sum] = "7855b4b8f271ba6ee67d87d0965b975a9a8dbeaa616665ca2248afa3b5fcbc77"
 
 do_configure_prepend () {
     mkdir -p ${S}/build-aux
diff --git a/poky/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch b/poky/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch
new file mode 100644
index 000000000..7870c4ba3
--- /dev/null
+++ b/poky/meta/recipes-core/ncurses/files/0001-ncurses-selective-backport-of-20191012-patch.patch
@@ -0,0 +1,169 @@
+From 064b77f173337aa790f1cec0d741bfbc61a33d31 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <trevor.gamblin@windriver.com>
+Date: Fri, 18 Oct 2019 09:57:43 -0400
+Subject: [PATCH] ncurses: selective backport of 20191012 patch
+
+Upstream-Status: Backport [https://salsa.debian.org/debian/ncurses/commit/243908b1e3d81]
+
+Contents of the upstream patch that are not applied to comp_hash.c, 
+parse_entry.c, or dump_entry.c have been omitted.
+
+CVE: CVE-2019-17594
+CVE: CVE-2019-17595
+
+Signed-off-by: Trevor Gamblin  <trevor.gamblin@windriver.com>
+
+---
+ ncurses/tinfo/comp_hash.c   | 14 ++++++++++----
+ ncurses/tinfo/parse_entry.c | 32 ++++++++++++++++----------------
+ progs/dump_entry.c          |  7 ++++---
+ 3 files changed, 30 insertions(+), 23 deletions(-)
+
+diff --git a/ncurses/tinfo/comp_hash.c b/ncurses/tinfo/comp_hash.c
+index 21f165ca..a62d38f9 100644
+--- a/ncurses/tinfo/comp_hash.c
++++ b/ncurses/tinfo/comp_hash.c
+@@ -44,7 +44,7 @@
+ #include <tic.h>
+ #include <hashsize.h>
+ 
+-MODULE_ID("$Id: comp_hash.c,v 1.49 2019/03/10 00:06:48 tom Exp $")
++MODULE_ID("$Id: comp_hash.c,v 1.51 2019/10/12 16:32:13 tom Exp $")
+ 
+ /*
+  * Finds the entry for the given string in the hash table if present.
+@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
+ 
+     hashvalue = data->hash_of(string);
+ 
+-    if (data->table_data[hashvalue] >= 0) {
++    if (hashvalue >= 0
++	&& (unsigned) hashvalue < data->table_size
++	&& data->table_data[hashvalue] >= 0) {
+ 
+ 	real_table = _nc_get_table(termcap);
+ 	ptr = real_table + data->table_data[hashvalue];
+@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
+     const HashData *data = _nc_get_hash_info(termcap);
+     int hashvalue = data->hash_of(string);
+ 
+-    if (data->table_data[hashvalue] >= 0) {
++    if (hashvalue >= 0
++	&& (unsigned) hashvalue < data->table_size
++	&& data->table_data[hashvalue] >= 0) {
+ 	const struct name_table_entry *const table = _nc_get_table(termcap);
+ 
+ 	ptr = table + data->table_data[hashvalue];
+@@ -124,7 +128,9 @@ _nc_find_user_entry(const char *string)
+ 
+     hashvalue = data->hash_of(string);
+ 
+-    if (data->table_data[hashvalue] >= 0) {
++    if (hashvalue >= 0
++	&& (unsigned) hashvalue < data->table_size
++	&& data->table_data[hashvalue] >= 0) {
+ 
+ 	real_table = _nc_get_userdefs_table();
+ 	ptr = real_table + data->table_data[hashvalue];
+diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
+index f8cca8b5..064376c5 100644
+--- a/ncurses/tinfo/parse_entry.c
++++ b/ncurses/tinfo/parse_entry.c
+@@ -47,7 +47,7 @@
+ #include <ctype.h>
+ #include <tic.h>
+ 
+-MODULE_ID("$Id: parse_entry.c,v 1.97 2019/08/03 23:10:38 tom Exp $")
++MODULE_ID("$Id: parse_entry.c,v 1.98 2019/10/12 00:50:31 tom Exp $")
+ 
+ #ifdef LINT
+ static short const parametrized[] =
+@@ -654,12 +654,12 @@ _nc_capcmp(const char *s, const char *t)
+ }
+ 
+ static void
+-append_acs0(string_desc * dst, int code, int src)
++append_acs0(string_desc * dst, int code, char *src, size_t off)
+ {
+-    if (src != 0) {
++    if (src != 0 && off < strlen(src)) {
+ 	char temp[3];
+ 	temp[0] = (char) code;
+-	temp[1] = (char) src;
++	temp[1] = src[off];
+ 	temp[2] = 0;
+ 	_nc_safe_strcat(dst, temp);
+     }
+@@ -669,7 +669,7 @@ static void
+ append_acs(string_desc * dst, int code, char *src)
+ {
+     if (VALID_STRING(src) && strlen(src) == 1) {
+-	append_acs0(dst, code, *src);
++	append_acs0(dst, code, src, 0);
+     }
+ }
+ 
+@@ -1038,17 +1038,17 @@ postprocess_terminfo(TERMTYPE2 *tp)
+ 	_nc_str_init(&result, buf2, sizeof(buf2));
+ 	_nc_safe_strcat(&result, acs_chars);
+ 
+-	append_acs0(&result, 'l', box_chars_1[0]);	/* ACS_ULCORNER */
+-	append_acs0(&result, 'q', box_chars_1[1]);	/* ACS_HLINE */
+-	append_acs0(&result, 'k', box_chars_1[2]);	/* ACS_URCORNER */
+-	append_acs0(&result, 'x', box_chars_1[3]);	/* ACS_VLINE */
+-	append_acs0(&result, 'j', box_chars_1[4]);	/* ACS_LRCORNER */
+-	append_acs0(&result, 'm', box_chars_1[5]);	/* ACS_LLCORNER */
+-	append_acs0(&result, 'w', box_chars_1[6]);	/* ACS_TTEE */
+-	append_acs0(&result, 'u', box_chars_1[7]);	/* ACS_RTEE */
+-	append_acs0(&result, 'v', box_chars_1[8]);	/* ACS_BTEE */
+-	append_acs0(&result, 't', box_chars_1[9]);	/* ACS_LTEE */
+-	append_acs0(&result, 'n', box_chars_1[10]);	/* ACS_PLUS */
++	append_acs0(&result, 'l', box_chars_1, 0);	/* ACS_ULCORNER */
++	append_acs0(&result, 'q', box_chars_1, 1);	/* ACS_HLINE */
++	append_acs0(&result, 'k', box_chars_1, 2);	/* ACS_URCORNER */
++	append_acs0(&result, 'x', box_chars_1, 3);	/* ACS_VLINE */
++	append_acs0(&result, 'j', box_chars_1, 4);	/* ACS_LRCORNER */
++	append_acs0(&result, 'm', box_chars_1, 5);	/* ACS_LLCORNER */
++	append_acs0(&result, 'w', box_chars_1, 6);	/* ACS_TTEE */
++	append_acs0(&result, 'u', box_chars_1, 7);	/* ACS_RTEE */
++	append_acs0(&result, 'v', box_chars_1, 8);	/* ACS_BTEE */
++	append_acs0(&result, 't', box_chars_1, 9);	/* ACS_LTEE */
++	append_acs0(&result, 'n', box_chars_1, 10);	/* ACS_PLUS */
+ 
+ 	if (buf2[0]) {
+ 	    acs_chars = _nc_save_str(buf2);
+diff --git a/progs/dump_entry.c b/progs/dump_entry.c
+index d0e420ec..8a47084a 100644
+--- a/progs/dump_entry.c
++++ b/progs/dump_entry.c
+@@ -39,7 +39,7 @@
+ #include "termsort.c"		/* this C file is generated */
+ #include <parametrized.h>	/* so is this */
+ 
+-MODULE_ID("$Id: dump_entry.c,v 1.173 2019/05/11 21:02:24 tom Exp $")
++MODULE_ID("$Id: dump_entry.c,v 1.175 2019/10/12 15:59:07 tom Exp $")
+ 
+ #define DISCARD(string) string = ABSENT_STRING
+ #define PRINTF (void) printf
+@@ -1136,7 +1136,8 @@ fmt_entry(TERMTYPE2 *tterm,
+ 				*d++ = '\\';
+ 				*d = ':';
+ 			    } else if (*d == '\\') {
+-				*++d = *s++;
++				if ((*++d = *s++) == '\0')
++				    break;
+ 			    }
+ 			    d++;
+ 			    *d = '\0';
+@@ -1396,7 +1397,7 @@ one_one_mapping(const char *mapping)
+ 
+     if (VALID_STRING(mapping)) {
+ 	int n = 0;
+-	while (mapping[n] != '\0') {
++	while (mapping[n] != '\0' && mapping[n + 1] != '\0') {
+ 	    if (isLine(mapping[n]) &&
+ 		mapping[n] != mapping[n + 1]) {
+ 		result = FALSE;
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb b/poky/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb
index a44d78e4f..e638a3737 100644
--- a/poky/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb
+++ b/poky/meta/recipes-core/ncurses/ncurses_6.1+20190803.bb
@@ -3,6 +3,7 @@ require ncurses.inc
 SRC_URI += "file://0001-tic-hang.patch \
             file://0002-configure-reproducible.patch \
             file://config.cache \
+            file://0001-ncurses-selective-backport-of-20191012-patch.patch \
 "
 # commit id corresponds to the revision in package version
 SRCREV = "3c9b2677c96c645496997321bf2fe465a5e7e21f"
diff --git a/poky/meta/recipes-core/util-linux/util-linux/0001-lsblk-force-to-print-PKNAME-for-partition.patch b/poky/meta/recipes-core/util-linux/util-linux/0001-lsblk-force-to-print-PKNAME-for-partition.patch
new file mode 100644
index 000000000..5d4c148fb
--- /dev/null
+++ b/poky/meta/recipes-core/util-linux/util-linux/0001-lsblk-force-to-print-PKNAME-for-partition.patch
@@ -0,0 +1,36 @@
+From e3bb9bfb76c17b1d05814436ced62c05c4011f48 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 27 Jun 2019 09:22:18 +0200
+Subject: [PATCH] lsblk: force to print PKNAME for partition
+
+PKNAME (parent kernel device name) is based on printed tree according
+to parent -> child relationship. The tree is optional and not printed
+if partition specified (.e.g "lsblk -o+PKNAME /dev/sda1"), but old
+versions print the PKNAME also in this case.
+
+Upstream-Status: Backport [https://github.com/karelzak/util-linux/commit/e3bb9bfb76c17b1d05814436ced62c05c4011f48]
+
+Addresses: https://github.com/karelzak/util-linux/issues/813
+Signed-off-by: Karel Zak <kzak@redhat.com>
+Signed-off-by: Liwei Song <liwei.song@windriver.com>
+---
+ misc-utils/lsblk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/misc-utils/lsblk.c b/misc-utils/lsblk.c
+index e95af7af0256..3ce6da730264 100644
+--- a/misc-utils/lsblk.c
++++ b/misc-utils/lsblk.c
+@@ -1019,6 +1019,9 @@ static void device_to_scols(
+ 	DBG(DEV, ul_debugobj(dev, "add '%s' to scols", dev->name));
+ 	ON_DBG(DEV, if (ul_path_isopen_dirfd(dev->sysfs)) ul_debugobj(dev, " %s ---> is open!", dev->name));
+ 
++	if (!parent && dev->wholedisk)
++		parent = dev->wholedisk;
++
+ 	/* Do not print device more than one in --list mode */
+ 	if (!(lsblk->flags & LSBLK_TREE) && dev->is_printed)
+ 		return;
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-core/util-linux/util-linux_2.34.bb b/poky/meta/recipes-core/util-linux/util-linux_2.34.bb
index 262f4bacb..e9c2d80e9 100644
--- a/poky/meta/recipes-core/util-linux/util-linux_2.34.bb
+++ b/poky/meta/recipes-core/util-linux/util-linux_2.34.bb
@@ -7,6 +7,7 @@ SRC_URI += "file://configure-sbindir.patch \
             file://run-ptest \
             file://display_testname_for_subtest.patch \
             file://avoid_parallel_tests.patch \
+            file://0001-lsblk-force-to-print-PKNAME-for-partition.patch \
 "
 SRC_URI[md5sum] = "a78cbeaed9c39094b96a48ba8f891d50"
 SRC_URI[sha256sum] = "743f9d0c7252b6db246b659c1e1ce0bd45d8d4508b4dfa427bbb4a3e9b9f62b5"
diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.32.inc b/poky/meta/recipes-devtools/binutils/binutils-2.32.inc
index 19baf8a88..349c3e115 100644
--- a/poky/meta/recipes-devtools/binutils/binutils-2.32.inc
+++ b/poky/meta/recipes-devtools/binutils/binutils-2.32.inc
@@ -49,6 +49,8 @@ SRC_URI = "\
      file://CVE-2019-12972.patch \
      file://CVE-2019-14250.patch \
      file://CVE-2019-14444.patch \
+     file://CVE-2019-17450.patch \
+     file://CVE-2019-17451.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
new file mode 100644
index 000000000..a6ce0b9a8
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17450.patch
@@ -0,0 +1,99 @@
+From 09dd135df9ebc7a4b640537e23e26a03a288a789 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 9 Oct 2019 00:07:29 +1030
+Subject: [PATCH] PR25078, stack overflow in function find_abstract_instance
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17450, so backport it to master and zeus.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79]
+CVE: CVE-2019-17450
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+
+	PR 25078
+	* dwarf2.c (find_abstract_instance): Delete orig_info_ptr, add
+	recur_count.  Error on recur_count reaching 100 rather than
+	info_ptr matching orig_info_ptr.  Adjust calls.
+
+---
+ bfd/dwarf2.c | 35 +++++++++++++++++------------------
+ 1 file changed, 17 insertions(+), 18 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..20ec9e2e56 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -2803,13 +2803,13 @@ lookup_symbol_in_variable_table (struct comp_unit *unit,
+ }
+ 
+ static bfd_boolean
+-find_abstract_instance (struct comp_unit *   unit,
+-			bfd_byte *           orig_info_ptr,
+-			struct attribute *   attr_ptr,
+-			const char **        pname,
+-			bfd_boolean *        is_linkage,
+-			char **              filename_ptr,
+-			int *                linenumber_ptr)
++find_abstract_instance (struct comp_unit *unit,
++			struct attribute *attr_ptr,
++			unsigned int recur_count,
++			const char **pname,
++			bfd_boolean *is_linkage,
++			char **filename_ptr,
++			int *linenumber_ptr)
+ {
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr;
+@@ -2820,6 +2820,14 @@ find_abstract_instance (struct comp_unit *   unit,
+   struct attribute attr;
+   const char *name = NULL;
+ 
++  if (recur_count == 100)
++    {
++      _bfd_error_handler
++	(_("DWARF error: abstract instance recursion detected"));
++      bfd_set_error (bfd_error_bad_value);
++      return FALSE;
++    }
++
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+      is an offset from the .debug_info section, not the current CU.  */
+   if (attr_ptr->form == DW_FORM_ref_addr)
+@@ -2939,15 +2947,6 @@ find_abstract_instance (struct comp_unit *   unit,
+ 					 info_ptr, info_ptr_end);
+ 	      if (info_ptr == NULL)
+ 		break;
+-	      /* It doesn't ever make sense for DW_AT_specification to
+-		 refer to the same DIE.  Stop simple recursion.  */
+-	      if (info_ptr == orig_info_ptr)
+-		{
+-		  _bfd_error_handler
+-		    (_("DWARF error: abstract instance recursion detected"));
+-		  bfd_set_error (bfd_error_bad_value);
+-		  return FALSE;
+-		}
+ 	      switch (attr.name)
+ 		{
+ 		case DW_AT_name:
+@@ -2961,7 +2960,7 @@ find_abstract_instance (struct comp_unit *   unit,
+ 		    }
+ 		  break;
+ 		case DW_AT_specification:
+-		  if (!find_abstract_instance (unit, info_ptr, &attr,
++		  if (!find_abstract_instance (unit, &attr, recur_count + 1,
+ 					       &name, is_linkage,
+ 					       filename_ptr, linenumber_ptr))
+ 		    return FALSE;
+@@ -3175,7 +3174,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ 
+ 		case DW_AT_abstract_origin:
+ 		case DW_AT_specification:
+-		  if (!find_abstract_instance (unit, info_ptr, &attr,
++		  if (!find_abstract_instance (unit, &attr, 0,
+ 					       &func->name,
+ 					       &func->is_linkage,
+ 					       &func->file,
+-- 
+2.23.0
+
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
new file mode 100644
index 000000000..b36a53266
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch
@@ -0,0 +1,51 @@
+From 0192438051a7e781585647d5581a2a6f62fda362 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 9 Oct 2019 10:47:13 +1030
+Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line
+
+Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog
+file. There are newer versions of binutils, but none of them contain the
+commit fixing CVE-2019-17451, so backport it to master and zeus.
+
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848]
+CVE: CVE-2019-17451
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+
+
+Evil testcase with two debug info sections, with sizes of 2aaaabac4ec1
+and ffffd5555453b140 result in a total size of 1.  Reading the first
+section of course overflows the buffer and tramples on other memory.
+
+	PR 25070
+	* dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
+	total_size calculation.
+---
+ bfd/dwarf2.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0b4e485582..a91597b1d0 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -4426,7 +4426,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
+       for (total_size = 0;
+ 	   msec;
+ 	   msec = find_debug_info (debug_bfd, debug_sections, msec))
+-	total_size += msec->size;
++	{
++	  /* Catch PR25070 testcase overflowing size calculation here.  */
++	  if (total_size + msec->size < total_size
++	      || total_size + msec->size < msec->size)
++	    {
++	      bfd_set_error (bfd_error_no_memory);
++	      return FALSE;
++	    }
++	  total_size += msec->size;
++	}
+ 
+       stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
+       if (stash->info_ptr_memory == NULL)
+-- 
+2.23.0
+
diff --git a/poky/meta/recipes-devtools/bison/bison_3.4.1.bb b/poky/meta/recipes-devtools/bison/bison_3.4.2.bb
index 7946e20c5..46f0f908d 100644
--- a/poky/meta/recipes-devtools/bison/bison_3.4.1.bb
+++ b/poky/meta/recipes-devtools/bison/bison_3.4.2.bb
@@ -17,8 +17,8 @@ SRC_URI = "${GNU_MIRROR}/bison/bison-${PV}.tar.xz \
 # No point in hardcoding path to m4, just use PATH
 EXTRA_OECONF += "M4=m4"
 
-SRC_URI[md5sum] = "201286a573b12da109df96282fe4ff4a"
-SRC_URI[sha256sum] = "27159ac5ebf736dffd5636fd2cd625767c9e437de65baa63cb0de83570bd820d"
+SRC_URI[md5sum] = "d1ceb9dfde2d03b24a4c1137f7f1b572"
+SRC_URI[sha256sum] = "27d05534699735dc69e86add5b808d6cb35900ad3fd63fa82e3eb644336abfa0"
 
 inherit autotools gettext texinfo
 
diff --git a/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.2.2.bb b/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.3.bb
index 6b73c01dc..12b5c4562 100644
--- a/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.2.2.bb
+++ b/poky/meta/recipes-devtools/btrfs-tools/btrfs-tools_5.3.bb
@@ -14,7 +14,7 @@ DEPENDS = "util-linux attr e2fsprogs lzo acl"
 DEPENDS_append_class-target = " udev"
 RDEPENDS_${PN} = "libgcc"
 
-SRCREV = "55a8c9626fb906c20c3206f8fd39b9a8fb259b79"
+SRCREV = "de7856cee5907938441f765ebab7cc106b7faf70"
 SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git \
            file://0001-Add-a-possibility-to-specify-where-python-modules-ar.patch \
            "
diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb
index fdc9454b5..90db71df0 100644
--- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.3.bb
+++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.45.4.bb
@@ -11,7 +11,7 @@ SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permissio
                                 file://quiet-debugfs.patch \
 "
 
-SRCREV = "1f56fb81236fe3e25e2c60c1e89ea0aa7cb36260"
+SRCREV = "984ff8d6a0a1d5dc300505f67b38ed5047d51dac"
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+\.\d+(\.\d+)*)$"
 
 EXTRA_OECONF += "--libdir=${base_libdir} --sbindir=${base_sbindir} \
diff --git a/poky/meta/recipes-devtools/elfutils/elfutils_0.177.bb b/poky/meta/recipes-devtools/elfutils/elfutils_0.177.bb
index 818794266..e7740c7fb 100644
--- a/poky/meta/recipes-devtools/elfutils/elfutils_0.177.bb
+++ b/poky/meta/recipes-devtools/elfutils/elfutils_0.177.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://sourceware.org/elfutils"
 SECTION = "base"
 LICENSE = "GPLv2 & LGPLv3+ & GPLv3+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-DEPENDS = "bzip2 zlib virtual/libintl"
+DEPENDS = "zlib virtual/libintl"
 DEPENDS_append_libc-musl = " argp-standalone fts musl-obstack "
 # The Debian patches below are from:
 # http://ftp.de.debian.org/debian/pool/main/e/elfutils/elfutils_0.176-1.debian.tar.xz
@@ -46,8 +46,15 @@ SRC_URI[sha256sum] = "fa489deccbcae7d8c920f60d85906124c1989c591196d90e0fd668e3dc
 
 inherit autotools gettext ptest
 
-EXTRA_OECONF = "--program-prefix=eu- --without-lzma"
-EXTRA_OECONF_append_class-native = " --without-bzlib"
+EXTRA_OECONF = "--program-prefix=eu-"
+
+DEPENDS_BZIP2 = "bzip2-replacement-native"
+DEPENDS_BZIP2_class-target = "bzip2"
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[bzip2] = "--with-bzlib,--without-bzlib,${DEPENDS_BZIP2}"
+PACKAGECONFIG[xz] = "--with-lzma,--without-lzma,xz"
+
 RDEPENDS_${PN}-ptest += "libasm libelf bash make coreutils ${PN}-binutils"
 
 EXTRA_OECONF_append_class-target += "--disable-tests-rpath"
diff --git a/poky/meta/recipes-devtools/file/file_5.37.bb b/poky/meta/recipes-devtools/file/file_5.37.bb
index a840dbc01..c53a120b8 100644
--- a/poky/meta/recipes-devtools/file/file_5.37.bb
+++ b/poky/meta/recipes-devtools/file/file_5.37.bb
@@ -21,6 +21,8 @@ S = "${WORKDIR}/git"
 
 inherit autotools update-alternatives
 
+EXTRA_OECONF += "--disable-libseccomp"
+
 ALTERNATIVE_${PN} = "file"
 ALTERNATIVE_LINK_NAME[file] = "${bindir}/file"
 
diff --git a/poky/meta/recipes-devtools/gcc/gcc-8.3/CVE-2019-14250.patch b/poky/meta/recipes-devtools/gcc/gcc-8.3/CVE-2019-14250.patch
deleted file mode 100644
index e327684e1..000000000
--- a/poky/meta/recipes-devtools/gcc/gcc-8.3/CVE-2019-14250.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From a4f1b58eb48b349a5f353bc69c30be553506d33b Mon Sep 17 00:00:00 2001
-From: rguenth <rguenth@138bc75d-0d04-0410-961f-82ee72b054a4>
-Date: Thu, 25 Jul 2019 10:48:26 +0000
-Subject: [PATCH] 2019-07-25  Richard Biener  <rguenther@suse.de>
-
-	PR lto/90924
-	Backport from mainline
-	2019-07-12  Ren Kimura  <rkx1209dev@gmail.com>
-
-	* simple-object-elf.c (simple_object_elf_match): Check zero value
-	shstrndx.
-
-
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-8-branch@273794 138bc75d-0d04-0410-961f-82ee72b054a4
-
-Upstream-Status: Backport
-Affectes: <  9.2
-CVE: CVE-2019-14250
-Dropped changelog
-Signed-off-by: Armin Kuster <Akustre@mvista.com>
-
----
- libiberty/simple-object-elf.c | 8 ++++++++
- 2 files changed, 17 insertions(+)
-
-Index: gcc-8.2.0/libiberty/simple-object-elf.c
-===================================================================
---- gcc-8.2.0.orig/libiberty/simple-object-elf.c
-+++ gcc-8.2.0/libiberty/simple-object-elf.c
-@@ -549,6 +549,14 @@ simple_object_elf_match (unsigned char h
-       return NULL;
-     }
- 
-+  if (eor->shstrndx == 0)
-+    {
-+      *errmsg = "invalid ELF shstrndx == 0";
-+      *err = 0;
-+      XDELETE (eor);
-+      return NULL;
-+    }
-+
-   return (void *) eor;
- }
- 
diff --git a/poky/meta/recipes-devtools/git/git.inc b/poky/meta/recipes-devtools/git/git.inc
index 6e137432f..95ab397f6 100644
--- a/poky/meta/recipes-devtools/git/git.inc
+++ b/poky/meta/recipes-devtools/git/git.inc
@@ -39,12 +39,12 @@ do_compile_prepend () {
 do_install () {
 	oe_runmake install DESTDIR="${D}" bindir=${bindir} \
 		template_dir=${datadir}/git-core/templates
-	install -d ${D}/${mandir}/man1
-	install -d ${D}/${mandir}/man5
-	install -d ${D}/${mandir}/man7
-	install -t ${D}/${mandir}/man1 ${WORKDIR}/man1/*
-	install -t ${D}/${mandir}/man5 ${WORKDIR}/man5/*
-	install -t ${D}/${mandir}/man7 ${WORKDIR}/man7/*
+
+	for section in man1 man5 man7; do
+		install -d ${D}/${mandir}/$section
+		install -t ${D}/${mandir}/$section ${WORKDIR}/$section/*
+	done
+
 	install -d ${D}/${datadir}/bash-completion/completions/
 	install -m 644 ${S}/contrib/completion/git-completion.bash ${D}/${datadir}/bash-completion/completions/git
 }
@@ -94,19 +94,15 @@ do_install_append_class-nativesdk() {
 FILES_${PN} += "${datadir}/git-core ${libexecdir}/git-core/"
 
 PERLTOOLS = " \
+    ${bindir}/git-cvsserver \
     ${libexecdir}/git-core/git-add--interactive \
     ${libexecdir}/git-core/git-archimport \
     ${libexecdir}/git-core/git-cvsexportcommit \
     ${libexecdir}/git-core/git-cvsimport \
     ${libexecdir}/git-core/git-cvsserver \
-    ${bindir}/git-cvsserver \
-    ${libexecdir}/git-core/git-difftool \
     ${libexecdir}/git-core/git-send-email \
     ${libexecdir}/git-core/git-svn \
     ${libexecdir}/git-core/git-instaweb \
-    ${libexecdir}/git-core/git-submodule \
-    ${libexecdir}/git-core/git-am \
-    ${libexecdir}/git-core/git-request-pull \
     ${datadir}/gitweb/gitweb.cgi \
     ${datadir}/git-core/templates/hooks/prepare-commit-msg.sample \
     ${datadir}/git-core/templates/hooks/pre-rebase.sample \
diff --git a/poky/meta/recipes-devtools/go/go-1.12.inc b/poky/meta/recipes-devtools/go/go-1.12.inc
index 39157ff88..ed14b175e 100644
--- a/poky/meta/recipes-devtools/go/go-1.12.inc
+++ b/poky/meta/recipes-devtools/go/go-1.12.inc
@@ -16,6 +16,7 @@ SRC_URI += "\
     file://0006-cmd-dist-separate-host-and-target-builds.patch \
     file://0007-cmd-go-make-GOROOT-precious-by-default.patch \
     file://0008-use-GOBUILDMODE-to-set-buildmode.patch \
+    file://0001-release-branch.go1.12-security-net-textproto-don-t-n.patch \
 "
 SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch"
 
diff --git a/poky/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch b/poky/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
new file mode 100644
index 000000000..7b39dbd73
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
@@ -0,0 +1,163 @@
+From 265b691ac440bfb711d8de323346f7d72e620efe Mon Sep 17 00:00:00 2001
+From: Filippo Valsorda <filippo@golang.org>
+Date: Thu, 12 Sep 2019 12:37:36 -0400
+Subject: [PATCH] [release-branch.go1.12-security] net/textproto: don't
+ normalize headers with spaces before the colon
+
+RFC 7230 is clear about headers with a space before the colon, like
+
+X-Answer : 42
+
+being invalid, but we've been accepting and normalizing them for compatibility
+purposes since CL 5690059 in 2012.
+
+On the client side, this is harmless and indeed most browsers behave the same
+to this day. On the server side, this becomes a security issue when the
+behavior doesn't match that of a reverse proxy sitting in front of the server.
+
+For example, if a WAF accepts them without normalizing them, it might be
+possible to bypass its filters, because the Go server would interpret the
+header differently. Worse, if the reverse proxy coalesces requests onto a
+single HTTP/1.1 connection to a Go server, the understanding of the request
+boundaries can get out of sync between them, allowing an attacker to tack an
+arbitrary method and path onto a request by other clients, including
+authentication headers unknown to the attacker.
+
+This was recently presented at multiple security conferences:
+https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn
+
+net/http servers already reject header keys with invalid characters.
+Simply stop normalizing extra spaces in net/textproto, let it return them
+unchanged like it does for other invalid headers, and let net/http enforce
+RFC 7230, which is HTTP specific. This loses us normalization on the client
+side, but there's no right answer on the client side anyway, and hiding the
+issue sounds worse than letting the application decide.
+
+Fixes CVE-2019-16276
+
+Change-Id: I6d272de827e0870da85d93df770d6a0e161bbcf1
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/549719
+Reviewed-by: Brad Fitzpatrick <bradfitz@google.com>
+(cherry picked from commit 1280b868e82bf173ea3e988be3092d160ee66082)
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/558776
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+
+CVE: CVE-2019-16276
+
+Upstream-Status: Backport [https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/net/http/serve_test.go       |  4 ++++
+ src/net/http/transport_test.go   | 27 +++++++++++++++++++++++++++
+ src/net/textproto/reader.go      | 10 ++--------
+ src/net/textproto/reader_test.go | 13 ++++++-------
+ 4 files changed, 39 insertions(+), 15 deletions(-)
+
+diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
+index 6eb0088a96..89bfdfbb82 100644
+--- a/src/net/http/serve_test.go
++++ b/src/net/http/serve_test.go
+@@ -4748,6 +4748,10 @@ func TestServerValidatesHeaders(t *testing.T) {
+ 		{"foo\xffbar: foo\r\n", 400},                         // binary in header
+ 		{"foo\x00bar: foo\r\n", 400},                         // binary in header
+ 		{"Foo: " + strings.Repeat("x", 1<<21) + "\r\n", 431}, // header too large
++		// Spaces between the header key and colon are not allowed.
++		// See RFC 7230, Section 3.2.4.
++		{"Foo : bar\r\n", 400},
++		{"Foo\t: bar\r\n", 400},
+ 
+ 		{"foo: foo foo\r\n", 200},    // LWS space is okay
+ 		{"foo: foo\tfoo\r\n", 200},   // LWS tab is okay
+diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go
+index 5c329543e2..5e5438a708 100644
+--- a/src/net/http/transport_test.go
++++ b/src/net/http/transport_test.go
+@@ -5133,3 +5133,30 @@ func TestTransportIgnores408(t *testing.T) {
+ 	}
+ 	t.Fatalf("timeout after %v waiting for Transport connections to die off", time.Since(t0))
+ }
++
++func TestInvalidHeaderResponse(t *testing.T) {
++	setParallel(t)
++	defer afterTest(t)
++	cst := newClientServerTest(t, h1Mode, HandlerFunc(func(w ResponseWriter, r *Request) {
++		conn, buf, _ := w.(Hijacker).Hijack()
++		buf.Write([]byte("HTTP/1.1 200 OK\r\n" +
++			"Date: Wed, 30 Aug 2017 19:09:27 GMT\r\n" +
++			"Content-Type: text/html; charset=utf-8\r\n" +
++			"Content-Length: 0\r\n" +
++			"Foo : bar\r\n\r\n"))
++		buf.Flush()
++		conn.Close()
++	}))
++	defer cst.close()
++	res, err := cst.c.Get(cst.ts.URL)
++	if err != nil {
++		t.Fatal(err)
++	}
++	defer res.Body.Close()
++	if v := res.Header.Get("Foo"); v != "" {
++		t.Errorf(`unexpected "Foo" header: %q`, v)
++	}
++	if v := res.Header.Get("Foo "); v != "bar" {
++		t.Errorf(`bad "Foo " header value: %q, want %q`, v, "bar")
++	}
++}
+diff --git a/src/net/textproto/reader.go b/src/net/textproto/reader.go
+index 2c4f25d5ae..1a5e364cf7 100644
+--- a/src/net/textproto/reader.go
++++ b/src/net/textproto/reader.go
+@@ -493,18 +493,12 @@ func (r *Reader) ReadMIMEHeader() (MIMEHeader, error) {
+ 			return m, err
+ 		}
+ 
+-		// Key ends at first colon; should not have trailing spaces
+-		// but they appear in the wild, violating specs, so we remove
+-		// them if present.
++		// Key ends at first colon.
+ 		i := bytes.IndexByte(kv, ':')
+ 		if i < 0 {
+ 			return m, ProtocolError("malformed MIME header line: " + string(kv))
+ 		}
+-		endKey := i
+-		for endKey > 0 && kv[endKey-1] == ' ' {
+-			endKey--
+-		}
+-		key := canonicalMIMEHeaderKey(kv[:endKey])
++		key := canonicalMIMEHeaderKey(kv[:i])
+ 
+ 		// As per RFC 7230 field-name is a token, tokens consist of one or more chars.
+ 		// We could return a ProtocolError here, but better to be liberal in what we
+diff --git a/src/net/textproto/reader_test.go b/src/net/textproto/reader_test.go
+index f85fbdc36d..b92fdcd3c7 100644
+--- a/src/net/textproto/reader_test.go
++++ b/src/net/textproto/reader_test.go
+@@ -188,11 +188,10 @@ func TestLargeReadMIMEHeader(t *testing.T) {
+ 	}
+ }
+ 
+-// Test that we read slightly-bogus MIME headers seen in the wild,
+-// with spaces before colons, and spaces in keys.
++// TestReadMIMEHeaderNonCompliant checks that we don't normalize headers
++// with spaces before colons, and accept spaces in keys.
+ func TestReadMIMEHeaderNonCompliant(t *testing.T) {
+-	// Invalid HTTP response header as sent by an Axis security
+-	// camera: (this is handled by IE, Firefox, Chrome, curl, etc.)
++	// These invalid headers will be rejected by net/http according to RFC 7230.
+ 	r := reader("Foo: bar\r\n" +
+ 		"Content-Language: en\r\n" +
+ 		"SID : 0\r\n" +
+@@ -202,9 +201,9 @@ func TestReadMIMEHeaderNonCompliant(t *testing.T) {
+ 	want := MIMEHeader{
+ 		"Foo":              {"bar"},
+ 		"Content-Language": {"en"},
+-		"Sid":              {"0"},
+-		"Audio Mode":       {"None"},
+-		"Privilege":        {"127"},
++		"SID ":             {"0"},
++		"Audio Mode ":      {"None"},
++		"Privilege ":       {"127"},
+ 	}
+ 	if !reflect.DeepEqual(m, want) || err != nil {
+ 		t.Fatalf("ReadMIMEHeader =\n%v, %v; want:\n%v", m, err, want)
diff --git a/poky/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb b/poky/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb
index dcbd05aed..c5761170a 100644
--- a/poky/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb
+++ b/poky/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb
@@ -31,6 +31,7 @@ FILES_${PN}-misc = "${sbindir}/i2c-stub-from-dump \
 RDEPENDS_${PN}-misc = "${PN} perl perl-module-posix \
                        perl-module-constant perl-module-file-basename \
                        perl-module-fcntl perl-module-strict perl-module-vars \
+		       perl-module-carp \
                       "
 
 ALTERNATIVE_PRIORITY = "100"
diff --git a/poky/meta/recipes-devtools/libmodulemd/libmodulemd-v1/0001-Do-not-generate-gtkdoc-or-python-bindings.patch b/poky/meta/recipes-devtools/libmodulemd/libmodulemd-v1/0001-Do-not-generate-gtkdoc-or-python-bindings.patch
deleted file mode 100644
index d950ad586..000000000
--- a/poky/meta/recipes-devtools/libmodulemd/libmodulemd-v1/0001-Do-not-generate-gtkdoc-or-python-bindings.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 71c51206e037c0bb5759e01b307b7ce1d5934703 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Fri, 6 Sep 2019 17:07:00 +0200
-Subject: [PATCH] Do not generate gtkdoc or python bindings
-
-All of these really need a configuration option.
-
-Upstream-Status: Inappropriate [oe-core specific]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- meson.build          | 12 ------------
- modulemd/meson.build |  8 --------
- 2 files changed, 20 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index 155c9e7..fe35d5e 100644
---- a/meson.build
-+++ b/meson.build
-@@ -51,25 +51,13 @@ gnome = import('gnome')
- pkg = import('pkgconfig')
- gobject = dependency('gobject-2.0')
- yaml = dependency('yaml-0.1')
--gtkdoc = dependency('gtk-doc')
- 
- glib_prefix = dependency('glib-2.0').get_pkgconfig_variable('prefix')
--glib_docpath = join_paths(glib_prefix, 'share', 'gtk-doc', 'html')
- 
- sh = find_program('sh')
- sed = find_program('sed')
- test = find_program('test')
- 
--ret = run_command ([test, '-e', join_paths(glib_docpath, 'glib/index.html')])
--if ret.returncode() != 0
--  error('Missing documentation for GLib.')
--endif
--
--ret = run_command ([test, '-e', join_paths(glib_docpath, 'gobject/index.html')])
--if ret.returncode() != 0
--  error('Missing documentation for GObject.')
--endif
--
- python_name = get_option('python_name')
- 
- if python_name != ''
-diff --git a/modulemd/meson.build b/modulemd/meson.build
-index 9a164b5..349c982 100644
---- a/modulemd/meson.build
-+++ b/modulemd/meson.build
-@@ -523,11 +523,3 @@ configure_file(
-   configuration : xcdata
- )
- 
--gnome.gtkdoc(
--    'modulemd-1.0',
--    install_dir: 'modulemd-1.0',
--    src_dir : './modulemd',
--    main_xml : 'modulemd-docs.xml',
--    install : true,
--)
--
diff --git a/poky/meta/recipes-devtools/libmodulemd/libmodulemd-v1_git.bb b/poky/meta/recipes-devtools/libmodulemd/libmodulemd-v1_git.bb
index 9790470f4..5409051d7 100644
--- a/poky/meta/recipes-devtools/libmodulemd/libmodulemd-v1_git.bb
+++ b/poky/meta/recipes-devtools/libmodulemd/libmodulemd-v1_git.bb
@@ -4,18 +4,17 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=25a3927bff3ee4f5b21bcb0ed3fcd6bb"
 
 SRC_URI = "git://github.com/fedora-modularity/libmodulemd;protocol=https;branch=1.x-maint \
            file://0001-spec_tmpl.sh-use-bin-sh-not-usr-bin-sh.patch \
-           file://0001-Do-not-generate-gtkdoc-or-python-bindings.patch \
            "
 
-PV = "1.8.15"
-SRCREV = "2d461725f781c6fdcf32893d8dcfa40bcef8dda5"
+PV = "1.8.16"
+SRCREV = "d0dcf7b373b3cf85cd39eb3bc23d31e06195a75a"
 UPSTREAM_CHECK_GITTAGREGEX = "libmodulemd-(?P<pver>1.*\d)"
 
 S = "${WORKDIR}/git"
 
 inherit meson gobject-introspection
 
-EXTRA_OEMESON = "-Ddeveloper_build=false"
+EXTRA_OEMESON = "-Ddeveloper_build=false -Dwith_docs=false"
 
 DEPENDS += "glib-2.0 libyaml glib-2.0-native python3"
 
diff --git a/poky/meta/recipes-devtools/llvm/llvm/0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch b/poky/meta/recipes-devtools/llvm/llvm/0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch
index d75c94e9e..d02b7ba6a 100644
--- a/poky/meta/recipes-devtools/llvm/llvm/0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch
+++ b/poky/meta/recipes-devtools/llvm/llvm/0006-llvm-TargetLibraryInfo-Undefine-libc-functions-if-th.patch
@@ -1,3 +1,6 @@
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
 From dbeecdb307be8b783b42cbc89dcb9c5e7f528989 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sat, 21 May 2016 00:33:20 +0000
diff --git a/poky/meta/recipes-devtools/llvm/llvm/0007-llvm-allow-env-override-of-exe-path.patch b/poky/meta/recipes-devtools/llvm/llvm/0007-llvm-allow-env-override-of-exe-path.patch
index 58dce513c..b01b8647c 100644
--- a/poky/meta/recipes-devtools/llvm/llvm/0007-llvm-allow-env-override-of-exe-path.patch
+++ b/poky/meta/recipes-devtools/llvm/llvm/0007-llvm-allow-env-override-of-exe-path.patch
@@ -1,3 +1,6 @@
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
 From 61b00e1e051e367f5483d7b5253b6c85a9e8a90f Mon Sep 17 00:00:00 2001
 From: Martin Kelly <mkelly@xevo.com>
 Date: Fri, 19 May 2017 00:22:57 -0700
diff --git a/poky/meta/recipes-devtools/makedevs/makedevs/makedevs.c b/poky/meta/recipes-devtools/makedevs/makedevs/makedevs.c
index cba768141..32b987293 100644
--- a/poky/meta/recipes-devtools/makedevs/makedevs/makedevs.c
+++ b/poky/meta/recipes-devtools/makedevs/makedevs/makedevs.c
@@ -230,7 +230,7 @@ static void add_new_directory(char *name, char *path,
 		unsigned long uid, unsigned long gid, unsigned long mode)
 {
 	if (trace)
-		fprintf(stderr, "Directory: %s %s  UID: %ld  GID %ld  MODE: %04lo", path, name, uid, gid, mode);
+		fprintf(stderr, "Directory: %s %s  UID: %lu  GID %lu  MODE: %04lo", path, name, uid, gid, mode);
 
 	if (mkdir(path, mode) < 0) {
 		if (EEXIST == errno) {
@@ -251,7 +251,7 @@ static void add_new_device(char *name, char *path, unsigned long uid,
 	struct stat sb;
 
 	if (trace) {
-		fprintf(stderr, "Device: %s %s  UID: %ld  GID: %ld  MODE: %04lo  MAJOR: %d  MINOR: %d",
+		fprintf(stderr, "Device: %s %s  UID: %lu  GID: %lu  MODE: %04lo  MAJOR: %d  MINOR: %d",
 				path, name, uid, gid, mode, (short)(rdev >> 8), (short)(rdev & 0xff));
 	}
 
@@ -292,7 +292,7 @@ static void add_new_file(char *name, char *path, unsigned long uid,
 				  unsigned long gid, unsigned long mode)
 {
 	if (trace) {
-		fprintf(stderr, "File: %s %s  UID: %ld  GID: %ld  MODE: %04lo\n",
+		fprintf(stderr, "File: %s %s  UID: %lu  GID: %lu  MODE: %04lo\n",
 			path, name, gid, uid, mode);
 	}
 
@@ -311,7 +311,7 @@ static void add_new_fifo(char *name, char *path, unsigned long uid,
 				  unsigned long gid, unsigned long mode)
 {
 	if (trace) {
-		printf("Fifo: %s %s  UID: %ld  GID: %ld  MODE: %04lo\n",
+		printf("Fifo: %s %s  UID: %lu  GID: %lu  MODE: %04lo\n",
 			path, name, gid, uid, mode);
 	}
 
@@ -360,7 +360,7 @@ static int interpret_table_entry(char *line)
 	unsigned long mode = 0755, uid = 0, gid = 0, major = 0, minor = 0;
 	unsigned long start = 0, increment = 1, count = 0;
 
-	if (0 > sscanf(line, "%4095s %c %lo %40s %40s %lu %lu %lu %lu %lu", path,
+	if (0 > sscanf(line, "%4095s %c %lo %39s %39s %lu %lu %lu %lu %lu", path,
 		    &type, &mode, usr_buf, grp_buf, &major, &minor, &start,
 		    &increment, &count))
 	{
diff --git a/poky/meta/recipes-devtools/meson/meson.inc b/poky/meta/recipes-devtools/meson/meson.inc
index ae0091c05..84bcc8409 100644
--- a/poky/meta/recipes-devtools/meson/meson.inc
+++ b/poky/meta/recipes-devtools/meson/meson.inc
@@ -16,6 +16,7 @@ SRC_URI = "https://github.com/mesonbuild/meson/releases/download/${PV}/meson-${P
            file://cross-prop-default.patch \
            file://0001-mesonbuild-environment.py-check-environment-for-vari.patch \
            file://0001-modules-python.py-do-not-substitute-python-s-install.patch \
+           file://dbc9e971bd320f3df15c1ee74f54858e6792b183.patch \
            "
 SRC_URI[sha256sum] = "d60f75f0dedcc4fd249dbc7519d6f3ce6df490033d276ef1cf27453ef4938d32"
 SRC_URI[md5sum] = "7ea7772414dda8ae11072244bf7ba991"
diff --git a/poky/meta/recipes-devtools/meson/meson/dbc9e971bd320f3df15c1ee74f54858e6792b183.patch b/poky/meta/recipes-devtools/meson/meson/dbc9e971bd320f3df15c1ee74f54858e6792b183.patch
new file mode 100644
index 000000000..7ea8a133e
--- /dev/null
+++ b/poky/meta/recipes-devtools/meson/meson/dbc9e971bd320f3df15c1ee74f54858e6792b183.patch
@@ -0,0 +1,95 @@
+From dbc9e971bd320f3df15c1ee74f54858e6792b183 Mon Sep 17 00:00:00 2001
+From: Xavier Claessens <xavier.claessens@collabora.com>
+Date: Fri, 11 Oct 2019 11:01:22 -0400
+Subject: [PATCH] Remove duplicated object files in static libraries
+
+When a static library link_whole to a bunch of other static libraries,
+we have to extract all their objects recursively. But that could
+introduce duplicated objects. ar is dumb enough to allow this without
+error, but once the resulting static library is linked into an
+executable or shared library, the linker will complain about duplicated
+symbols.
+
+Upstream-Status: Backport
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+---
+ mesonbuild/backend/backends.py                 |  3 ++-
+ test cases/unit/69 static link/lib/func17.c    |  4 ++++
+ test cases/unit/69 static link/lib/func18.c    |  6 ++++++
+ test cases/unit/69 static link/lib/func19.c    |  7 +++++++
+ test cases/unit/69 static link/lib/meson.build | 12 ++++++++++++
+ 5 files changed, 31 insertions(+), 1 deletion(-)
+ create mode 100644 test cases/unit/69 static link/lib/func17.c
+ create mode 100644 test cases/unit/69 static link/lib/func18.c
+ create mode 100644 test cases/unit/69 static link/lib/func19.c
+
+diff --git a/mesonbuild/backend/backends.py b/mesonbuild/backend/backends.py
+index 947be1cbef..e54809657f 100644
+--- a/mesonbuild/backend/backends.py
++++ b/mesonbuild/backend/backends.py
+@@ -281,7 +281,8 @@ def relpath(self, todir, fromdir):
+                                os.path.join('dummyprefixdir', fromdir))
+ 
+     def flatten_object_list(self, target, proj_dir_to_build_root=''):
+-        return self._flatten_object_list(target, target.get_objects(), proj_dir_to_build_root)
++        obj_list = self._flatten_object_list(target, target.get_objects(), proj_dir_to_build_root)
++        return list(dict.fromkeys(obj_list))
+ 
+     def _flatten_object_list(self, target, objects, proj_dir_to_build_root):
+         obj_list = []
+diff --git a/test cases/unit/69 static link/lib/func17.c b/test cases/unit/69 static link/lib/func17.c
+new file mode 100644
+index 0000000000..d1d8ec498c
+--- /dev/null
++++ b/test cases/unit/69 static link/lib/func17.c	
+@@ -0,0 +1,4 @@
++int func17()
++{
++  return 1;
++}
+diff --git a/test cases/unit/69 static link/lib/func18.c b/test cases/unit/69 static link/lib/func18.c
+new file mode 100644
+index 0000000000..c149085ba4
+--- /dev/null
++++ b/test cases/unit/69 static link/lib/func18.c	
+@@ -0,0 +1,6 @@
++int func17();
++
++int func18()
++{
++  return func17() + 1;
++}
+diff --git a/test cases/unit/69 static link/lib/func19.c b/test cases/unit/69 static link/lib/func19.c
+new file mode 100644
+index 0000000000..69120e4bf8
+--- /dev/null
++++ b/test cases/unit/69 static link/lib/func19.c	
+@@ -0,0 +1,7 @@
++int func17();
++int func18();
++
++int func19()
++{
++  return func17() + func18();
++}
+diff --git a/test cases/unit/69 static link/lib/meson.build b/test cases/unit/69 static link/lib/meson.build
+index 5f04aab6a1..8f95fc4546 100644
+--- a/test cases/unit/69 static link/lib/meson.build	
++++ b/test cases/unit/69 static link/lib/meson.build	
+@@ -66,3 +66,15 @@ libfunc15 = static_library('func15', 'func15.c',
+ libfunc16 = static_library('func16', 'func16.c',
+   link_with : libfunc15,
+   install : true)
++
++# Verify func17.c.o gets included only once into libfunc19, otherwise
++# func19-shared would failed with duplicated symbol.
++libfunc17 = static_library('func17', 'func17.c',
++  install : false)
++libfunc18 = static_library('func18', 'func18.c',
++  link_with : libfunc17,
++  install : false)
++libfunc19 = static_library('func19', 'func19.c',
++  link_whole : [libfunc17, libfunc18],
++  install : false)
++shared_library('func19-shared', link_whole : [libfunc19])
diff --git a/poky/meta/recipes-devtools/python-numpy/files/aarch64/_numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/aarch64/_numpyconfig.h
deleted file mode 100644
index 109deb043..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/aarch64/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#define NPY_HAVE_ENDIAN_H 1
-#define NPY_SIZEOF_SHORT SIZEOF_SHORT
-#define NPY_SIZEOF_INT SIZEOF_INT
-#define NPY_SIZEOF_LONG SIZEOF_LONG
-#define NPY_SIZEOF_FLOAT 4
-#define NPY_SIZEOF_COMPLEX_FLOAT 8
-#define NPY_SIZEOF_DOUBLE 8
-#define NPY_SIZEOF_COMPLEX_DOUBLE 16
-#define NPY_SIZEOF_LONGDOUBLE 16
-#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
-#define NPY_SIZEOF_PY_INTPTR_T 8
-#define NPY_SIZEOF_PY_LONG_LONG 8
-#define NPY_SIZEOF_LONGLONG 8
-#define NPY_SIZEOF_OFF_T 8
-#define NPY_NO_SMP 0
-#define NPY_HAVE_DECL_ISNAN
-#define NPY_HAVE_DECL_ISINF
-#define NPY_HAVE_DECL_ISFINITE
-#define NPY_HAVE_DECL_SIGNBIT
-#define NPY_USE_C99_COMPLEX 1
-#define NPY_HAVE_COMPLEX_DOUBLE 1
-#define NPY_HAVE_COMPLEX_FLOAT 1
-#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
-#define NPY_ENABLE_SEPARATE_COMPILATION 1
-#define NPY_USE_C99_FORMATS 1
-#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
-#define NPY_ABI_VERSION 0x01000009
-#define NPY_API_VERSION 0x0000000A
-
-#ifndef __STDC_FORMAT_MACROS
-#define __STDC_FORMAT_MACROS 1
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/aarch64/config.h b/poky/meta/recipes-devtools/python-numpy/files/aarch64/config.h
deleted file mode 100644
index c30b868f2..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/aarch64/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
-#define HAVE_ENDIAN_H 1
-#define SIZEOF_PY_INTPTR_T 8
-#define SIZEOF_PY_LONG_LONG 8
-#define MATHLIB m
-#define HAVE_SIN 1
-#define HAVE_COS 1
-#define HAVE_TAN 1
-#define HAVE_SINH 1
-#define HAVE_COSH 1
-#define HAVE_TANH 1
-#define HAVE_FABS 1
-#define HAVE_FLOOR 1
-#define HAVE_CEIL 1
-#define HAVE_SQRT 1
-#define HAVE_LOG10 1
-#define HAVE_LOG 1
-#define HAVE_EXP 1
-#define HAVE_ASIN 1
-#define HAVE_ACOS 1
-#define HAVE_ATAN 1
-#define HAVE_FMOD 1
-#define HAVE_MODF 1
-#define HAVE_FREXP 1
-#define HAVE_LDEXP 1
-#define HAVE_RINT 1
-#define HAVE_TRUNC 1
-#define HAVE_EXP2 1
-#define HAVE_LOG2 1
-#define HAVE_ATAN2 1
-#define HAVE_POW 1
-#define HAVE_NEXTAFTER 1
-#define HAVE_SINF 1
-#define HAVE_COSF 1
-#define HAVE_TANF 1
-#define HAVE_SINHF 1
-#define HAVE_COSHF 1
-#define HAVE_TANHF 1
-#define HAVE_FABSF 1
-#define HAVE_FLOORF 1
-#define HAVE_CEILF 1
-#define HAVE_RINTF 1
-#define HAVE_TRUNCF 1
-#define HAVE_SQRTF 1
-#define HAVE_LOG10F 1
-#define HAVE_LOGF 1
-#define HAVE_LOG1PF 1
-#define HAVE_EXPF 1
-#define HAVE_EXPM1F 1
-#define HAVE_ASINF 1
-#define HAVE_ACOSF 1
-#define HAVE_ATANF 1
-#define HAVE_ASINHF 1
-#define HAVE_ACOSHF 1
-#define HAVE_ATANHF 1
-#define HAVE_HYPOTF 1
-#define HAVE_ATAN2F 1
-#define HAVE_POWF 1
-#define HAVE_FMODF 1
-#define HAVE_MODFF 1
-#define HAVE_FREXPF 1
-#define HAVE_LDEXPF 1
-#define HAVE_EXP2F 1
-#define HAVE_LOG2F 1
-#define HAVE_COPYSIGNF 1
-#define HAVE_NEXTAFTERF 1
-#define HAVE_SINL 1
-#define HAVE_COSL 1
-#define HAVE_TANL 1
-#define HAVE_SINHL 1
-#define HAVE_COSHL 1
-#define HAVE_TANHL 1
-#define HAVE_FABSL 1
-#define HAVE_FLOORL 1
-#define HAVE_CEILL 1
-#define HAVE_RINTL 1
-#define HAVE_TRUNCL 1
-#define HAVE_SQRTL 1
-#define HAVE_LOG10L 1
-#define HAVE_LOGL 1
-#define HAVE_LOG1PL 1
-#define HAVE_EXPL 1
-#define HAVE_EXPM1L 1
-#define HAVE_ASINL 1
-#define HAVE_ACOSL 1
-#define HAVE_ATANL 1
-#define HAVE_ASINHL 1
-#define HAVE_ACOSHL 1
-#define HAVE_ATANHL 1
-#define HAVE_HYPOTL 1
-#define HAVE_ATAN2L 1
-#define HAVE_POWL 1
-#define HAVE_FMODL 1
-#define HAVE_MODFL 1
-#define HAVE_FREXPL 1
-#define HAVE_LDEXPL 1
-#define HAVE_EXP2L 1
-#define HAVE_LOG2L 1
-#define HAVE_COPYSIGNL 1
-#define HAVE_NEXTAFTERL 1
-#define HAVE_DECL_SIGNBIT
-#define HAVE_COMPLEX_H 1
-#define HAVE_CREAL 1
-#define HAVE_CIMAG 1
-#define HAVE_CABS 1
-#define HAVE_CARG 1
-#define HAVE_CEXP 1
-#define HAVE_CSQRT 1
-#define HAVE_CLOG 1
-#define HAVE_CCOS 1
-#define HAVE_CSIN 1
-#define HAVE_CPOW 1
-#define HAVE_CREALF 1
-#define HAVE_CIMAGF 1
-#define HAVE_CABSF 1
-#define HAVE_CARGF 1
-#define HAVE_CEXPF 1
-#define HAVE_CSQRTF 1
-#define HAVE_CLOGF 1
-#define HAVE_CCOSF 1
-#define HAVE_CSINF 1
-#define HAVE_CPOWF 1
-#define HAVE_CREALL 1
-#define HAVE_CIMAGL 1
-#define HAVE_CABSL 1
-#define HAVE_CARGL 1
-#define HAVE_CEXPL 1
-#define HAVE_CSQRTL 1
-#define HAVE_CLOGL 1
-#define HAVE_CCOSL 1
-#define HAVE_CSINL 1
-#define HAVE_CPOWL 1
-#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-#ifndef _NPY_NPY_CONFIG_H_
-#error config.h should never be included directly, include npy_config.h instead
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/arm/config.h b/poky/meta/recipes-devtools/python-numpy/files/arm/config.h
deleted file mode 100644
index 17ef186d5..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/arm/config.h
+++ /dev/null
@@ -1,21 +0,0 @@
-/* ./src.linux-i686-2.5/numpy/core/include/numpy/config.h */
-/* #define SIZEOF_SHORT 2 */
-/* #define SIZEOF_INT 4 */
-/* #define SIZEOF_LONG 4 */
-/* #define SIZEOF_FLOAT 4 */
-/* #define SIZEOF_DOUBLE 8 */
-#define SIZEOF_LONG_DOUBLE 12
-#define SIZEOF_PY_INTPTR_T 4
-/* #define SIZEOF_LONG_LONG 8 */
-#define SIZEOF_PY_LONG_LONG 8
-/* #define CHAR_BIT 8 */
-#define MATHLIB m
-#define HAVE_FLOAT_FUNCS
-#define HAVE_LOG1P
-#define HAVE_EXPM1
-#define HAVE_INVERSE_HYPERBOLIC
-#define HAVE_INVERSE_HYPERBOLIC_FLOAT
-#define HAVE_ISNAN
-#define HAVE_ISINF
-#define HAVE_RINT
-
diff --git a/poky/meta/recipes-devtools/python-numpy/files/arm/numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/arm/numpyconfig.h
deleted file mode 100644
index c4bf6547f..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/arm/numpyconfig.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/* cat ./src.linux-i686-2.5/numpy/core/include/numpy/numpyconfig.h */
-/*
- *  * This file is generated by numpy/core/setup.pyc. DO NOT EDIT 
- *   */
-#define NPY_SIZEOF_SHORT 2 
-#define NPY_SIZEOF_INT 4 
-#define NPY_SIZEOF_LONG 4 
-#define NPY_SIZEOF_FLOAT 4 
-#define NPY_SIZEOF_DOUBLE 8 
-#define NPY_SIZEOF_LONGDOUBLE 12 
-#define NPY_SIZEOF_PY_INTPTR_T 4 
-#define NPY_NO_SMP 0
-
-#define NPY_SIZEOF_LONGLONG 8 
-#define NPY_SIZEOF_PY_LONG_LONG 8 
-/* #define CHAR_BIT 8 */
-
diff --git a/poky/meta/recipes-devtools/python-numpy/files/armeb/config.h b/poky/meta/recipes-devtools/python-numpy/files/armeb/config.h
deleted file mode 100644
index 17ef186d5..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/armeb/config.h
+++ /dev/null
@@ -1,21 +0,0 @@
-/* ./src.linux-i686-2.5/numpy/core/include/numpy/config.h */
-/* #define SIZEOF_SHORT 2 */
-/* #define SIZEOF_INT 4 */
-/* #define SIZEOF_LONG 4 */
-/* #define SIZEOF_FLOAT 4 */
-/* #define SIZEOF_DOUBLE 8 */
-#define SIZEOF_LONG_DOUBLE 12
-#define SIZEOF_PY_INTPTR_T 4
-/* #define SIZEOF_LONG_LONG 8 */
-#define SIZEOF_PY_LONG_LONG 8
-/* #define CHAR_BIT 8 */
-#define MATHLIB m
-#define HAVE_FLOAT_FUNCS
-#define HAVE_LOG1P
-#define HAVE_EXPM1
-#define HAVE_INVERSE_HYPERBOLIC
-#define HAVE_INVERSE_HYPERBOLIC_FLOAT
-#define HAVE_ISNAN
-#define HAVE_ISINF
-#define HAVE_RINT
-
diff --git a/poky/meta/recipes-devtools/python-numpy/files/armeb/numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/armeb/numpyconfig.h
deleted file mode 100644
index c4bf6547f..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/armeb/numpyconfig.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/* cat ./src.linux-i686-2.5/numpy/core/include/numpy/numpyconfig.h */
-/*
- *  * This file is generated by numpy/core/setup.pyc. DO NOT EDIT 
- *   */
-#define NPY_SIZEOF_SHORT 2 
-#define NPY_SIZEOF_INT 4 
-#define NPY_SIZEOF_LONG 4 
-#define NPY_SIZEOF_FLOAT 4 
-#define NPY_SIZEOF_DOUBLE 8 
-#define NPY_SIZEOF_LONGDOUBLE 12 
-#define NPY_SIZEOF_PY_INTPTR_T 4 
-#define NPY_NO_SMP 0
-
-#define NPY_SIZEOF_LONGLONG 8 
-#define NPY_SIZEOF_PY_LONG_LONG 8 
-/* #define CHAR_BIT 8 */
-
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/_numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/_numpyconfig.h
deleted file mode 100644
index debb39009..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#define NPY_HAVE_ENDIAN_H 1
-#define NPY_SIZEOF_SHORT SIZEOF_SHORT
-#define NPY_SIZEOF_INT SIZEOF_INT
-#define NPY_SIZEOF_LONG SIZEOF_LONG
-#define NPY_SIZEOF_FLOAT 4
-#define NPY_SIZEOF_COMPLEX_FLOAT 8
-#define NPY_SIZEOF_DOUBLE 8
-#define NPY_SIZEOF_COMPLEX_DOUBLE 16
-#define NPY_SIZEOF_LONGDOUBLE 16
-#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
-#define NPY_ENABLE_SEPARATE_COMPILATION 1
-#define NPY_SIZEOF_PY_INTPTR_T 8
-#define NPY_SIZEOF_PY_LONG_LONG 8
-#define NPY_SIZEOF_LONGLONG 8
-#define NPY_SIZEOF_OFF_T 8
-#define NPY_NO_SMP 0
-#define NPY_HAVE_DECL_ISNAN
-#define NPY_HAVE_DECL_ISINF
-#define NPY_HAVE_DECL_ISFINITE
-#define NPY_HAVE_DECL_SIGNBIT
-#define NPY_USE_C99_COMPLEX 1
-#define NPY_HAVE_COMPLEX_DOUBLE 1
-#define NPY_HAVE_COMPLEX_FLOAT 1
-#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
-#define NPY_USE_C99_FORMATS 1
-#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
-#define NPY_ABI_VERSION 0x01000009
-#define NPY_API_VERSION 0x0000000A
-
-#ifndef __STDC_FORMAT_MACROS
-#define __STDC_FORMAT_MACROS 1
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/config.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/config.h
deleted file mode 100644
index c30b868f2..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32eb/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
-#define HAVE_ENDIAN_H 1
-#define SIZEOF_PY_INTPTR_T 8
-#define SIZEOF_PY_LONG_LONG 8
-#define MATHLIB m
-#define HAVE_SIN 1
-#define HAVE_COS 1
-#define HAVE_TAN 1
-#define HAVE_SINH 1
-#define HAVE_COSH 1
-#define HAVE_TANH 1
-#define HAVE_FABS 1
-#define HAVE_FLOOR 1
-#define HAVE_CEIL 1
-#define HAVE_SQRT 1
-#define HAVE_LOG10 1
-#define HAVE_LOG 1
-#define HAVE_EXP 1
-#define HAVE_ASIN 1
-#define HAVE_ACOS 1
-#define HAVE_ATAN 1
-#define HAVE_FMOD 1
-#define HAVE_MODF 1
-#define HAVE_FREXP 1
-#define HAVE_LDEXP 1
-#define HAVE_RINT 1
-#define HAVE_TRUNC 1
-#define HAVE_EXP2 1
-#define HAVE_LOG2 1
-#define HAVE_ATAN2 1
-#define HAVE_POW 1
-#define HAVE_NEXTAFTER 1
-#define HAVE_SINF 1
-#define HAVE_COSF 1
-#define HAVE_TANF 1
-#define HAVE_SINHF 1
-#define HAVE_COSHF 1
-#define HAVE_TANHF 1
-#define HAVE_FABSF 1
-#define HAVE_FLOORF 1
-#define HAVE_CEILF 1
-#define HAVE_RINTF 1
-#define HAVE_TRUNCF 1
-#define HAVE_SQRTF 1
-#define HAVE_LOG10F 1
-#define HAVE_LOGF 1
-#define HAVE_LOG1PF 1
-#define HAVE_EXPF 1
-#define HAVE_EXPM1F 1
-#define HAVE_ASINF 1
-#define HAVE_ACOSF 1
-#define HAVE_ATANF 1
-#define HAVE_ASINHF 1
-#define HAVE_ACOSHF 1
-#define HAVE_ATANHF 1
-#define HAVE_HYPOTF 1
-#define HAVE_ATAN2F 1
-#define HAVE_POWF 1
-#define HAVE_FMODF 1
-#define HAVE_MODFF 1
-#define HAVE_FREXPF 1
-#define HAVE_LDEXPF 1
-#define HAVE_EXP2F 1
-#define HAVE_LOG2F 1
-#define HAVE_COPYSIGNF 1
-#define HAVE_NEXTAFTERF 1
-#define HAVE_SINL 1
-#define HAVE_COSL 1
-#define HAVE_TANL 1
-#define HAVE_SINHL 1
-#define HAVE_COSHL 1
-#define HAVE_TANHL 1
-#define HAVE_FABSL 1
-#define HAVE_FLOORL 1
-#define HAVE_CEILL 1
-#define HAVE_RINTL 1
-#define HAVE_TRUNCL 1
-#define HAVE_SQRTL 1
-#define HAVE_LOG10L 1
-#define HAVE_LOGL 1
-#define HAVE_LOG1PL 1
-#define HAVE_EXPL 1
-#define HAVE_EXPM1L 1
-#define HAVE_ASINL 1
-#define HAVE_ACOSL 1
-#define HAVE_ATANL 1
-#define HAVE_ASINHL 1
-#define HAVE_ACOSHL 1
-#define HAVE_ATANHL 1
-#define HAVE_HYPOTL 1
-#define HAVE_ATAN2L 1
-#define HAVE_POWL 1
-#define HAVE_FMODL 1
-#define HAVE_MODFL 1
-#define HAVE_FREXPL 1
-#define HAVE_LDEXPL 1
-#define HAVE_EXP2L 1
-#define HAVE_LOG2L 1
-#define HAVE_COPYSIGNL 1
-#define HAVE_NEXTAFTERL 1
-#define HAVE_DECL_SIGNBIT
-#define HAVE_COMPLEX_H 1
-#define HAVE_CREAL 1
-#define HAVE_CIMAG 1
-#define HAVE_CABS 1
-#define HAVE_CARG 1
-#define HAVE_CEXP 1
-#define HAVE_CSQRT 1
-#define HAVE_CLOG 1
-#define HAVE_CCOS 1
-#define HAVE_CSIN 1
-#define HAVE_CPOW 1
-#define HAVE_CREALF 1
-#define HAVE_CIMAGF 1
-#define HAVE_CABSF 1
-#define HAVE_CARGF 1
-#define HAVE_CEXPF 1
-#define HAVE_CSQRTF 1
-#define HAVE_CLOGF 1
-#define HAVE_CCOSF 1
-#define HAVE_CSINF 1
-#define HAVE_CPOWF 1
-#define HAVE_CREALL 1
-#define HAVE_CIMAGL 1
-#define HAVE_CABSL 1
-#define HAVE_CARGL 1
-#define HAVE_CEXPL 1
-#define HAVE_CSQRTL 1
-#define HAVE_CLOGL 1
-#define HAVE_CCOSL 1
-#define HAVE_CSINL 1
-#define HAVE_CPOWL 1
-#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-#ifndef _NPY_NPY_CONFIG_H_
-#error config.h should never be included directly, include npy_config.h instead
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32el/_numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32el/_numpyconfig.h
deleted file mode 100644
index 8e2b5d094..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32el/_numpyconfig.h
+++ /dev/null
@@ -1,31 +0,0 @@
-#define NPY_HAVE_ENDIAN_H 1
-#define NPY_SIZEOF_SHORT SIZEOF_SHORT
-#define NPY_SIZEOF_INT SIZEOF_INT
-#define NPY_SIZEOF_LONG SIZEOF_LONG
-#define NPY_SIZEOF_FLOAT 4
-#define NPY_SIZEOF_COMPLEX_FLOAT 8
-#define NPY_SIZEOF_DOUBLE 8
-#define NPY_SIZEOF_COMPLEX_DOUBLE 16
-#define NPY_SIZEOF_LONGDOUBLE 16
-#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
-#define NPY_ENABLE_SEPARATE_COMPILATION 1
-#define NPY_SIZEOF_PY_INTPTR_T 8
-#define NPY_SIZEOF_PY_LONG_LONG 8
-#define NPY_SIZEOF_LONGLONG 8
-#define NPY_NO_SMP 0
-#define NPY_HAVE_DECL_ISNAN
-#define NPY_HAVE_DECL_ISINF
-#define NPY_HAVE_DECL_ISFINITE
-#define NPY_HAVE_DECL_SIGNBIT
-#define NPY_USE_C99_COMPLEX 1
-#define NPY_HAVE_COMPLEX_DOUBLE 1
-#define NPY_HAVE_COMPLEX_FLOAT 1
-#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
-#define NPY_USE_C99_FORMATS 1
-#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
-#define NPY_ABI_VERSION 0x01000009
-#define NPY_API_VERSION 0x0000000A
-
-#ifndef __STDC_FORMAT_MACROS
-#define __STDC_FORMAT_MACROS 1
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32el/config.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32el/config.h
deleted file mode 100644
index 48727039a..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn32el/config.h
+++ /dev/null
@@ -1,138 +0,0 @@
-#define SIZEOF_PY_INTPTR_T 8
-#define SIZEOF_PY_LONG_LONG 8
-#define MATHLIB m
-#define HAVE_SIN 1
-#define HAVE_COS 1
-#define HAVE_TAN 1
-#define HAVE_SINH 1
-#define HAVE_COSH 1
-#define HAVE_TANH 1
-#define HAVE_FABS 1
-#define HAVE_FLOOR 1
-#define HAVE_CEIL 1
-#define HAVE_SQRT 1
-#define HAVE_LOG10 1
-#define HAVE_LOG 1
-#define HAVE_EXP 1
-#define HAVE_ASIN 1
-#define HAVE_ACOS 1
-#define HAVE_ATAN 1
-#define HAVE_FMOD 1
-#define HAVE_MODF 1
-#define HAVE_FREXP 1
-#define HAVE_LDEXP 1
-#define HAVE_RINT 1
-#define HAVE_TRUNC 1
-#define HAVE_EXP2 1
-#define HAVE_LOG2 1
-#define HAVE_ATAN2 1
-#define HAVE_POW 1
-#define HAVE_NEXTAFTER 1
-#define HAVE_SINF 1
-#define HAVE_COSF 1
-#define HAVE_TANF 1
-#define HAVE_SINHF 1
-#define HAVE_COSHF 1
-#define HAVE_TANHF 1
-#define HAVE_FABSF 1
-#define HAVE_FLOORF 1
-#define HAVE_CEILF 1
-#define HAVE_RINTF 1
-#define HAVE_TRUNCF 1
-#define HAVE_SQRTF 1
-#define HAVE_LOG10F 1
-#define HAVE_LOGF 1
-#define HAVE_LOG1PF 1
-#define HAVE_EXPF 1
-#define HAVE_EXPM1F 1
-#define HAVE_ASINF 1
-#define HAVE_ACOSF 1
-#define HAVE_ATANF 1
-#define HAVE_ASINHF 1
-#define HAVE_ACOSHF 1
-#define HAVE_ATANHF 1
-#define HAVE_HYPOTF 1
-#define HAVE_ATAN2F 1
-#define HAVE_POWF 1
-#define HAVE_FMODF 1
-#define HAVE_MODFF 1
-#define HAVE_FREXPF 1
-#define HAVE_LDEXPF 1
-#define HAVE_EXP2F 1
-#define HAVE_LOG2F 1
-#define HAVE_COPYSIGNF 1
-#define HAVE_NEXTAFTERF 1
-#define HAVE_SINL 1
-#define HAVE_COSL 1
-#define HAVE_TANL 1
-#define HAVE_SINHL 1
-#define HAVE_COSHL 1
-#define HAVE_TANHL 1
-#define HAVE_FABSL 1
-#define HAVE_FLOORL 1
-#define HAVE_CEILL 1
-#define HAVE_RINTL 1
-#define HAVE_TRUNCL 1
-#define HAVE_SQRTL 1
-#define HAVE_LOG10L 1
-#define HAVE_LOGL 1
-#define HAVE_LOG1PL 1
-#define HAVE_EXPL 1
-#define HAVE_EXPM1L 1
-#define HAVE_ASINL 1
-#define HAVE_ACOSL 1
-#define HAVE_ATANL 1
-#define HAVE_ASINHL 1
-#define HAVE_ACOSHL 1
-#define HAVE_ATANHL 1
-#define HAVE_HYPOTL 1
-#define HAVE_ATAN2L 1
-#define HAVE_POWL 1
-#define HAVE_FMODL 1
-#define HAVE_MODFL 1
-#define HAVE_FREXPL 1
-#define HAVE_LDEXPL 1
-#define HAVE_EXP2L 1
-#define HAVE_LOG2L 1
-#define HAVE_COPYSIGNL 1
-#define HAVE_NEXTAFTERL 1
-#define HAVE_DECL_SIGNBIT
-#define HAVE_COMPLEX_H 1
-#define HAVE_CREAL 1
-#define HAVE_CIMAG 1
-#define HAVE_CABS 1
-#define HAVE_CARG 1
-#define HAVE_CEXP 1
-#define HAVE_CSQRT 1
-#define HAVE_CLOG 1
-#define HAVE_CCOS 1
-#define HAVE_CSIN 1
-#define HAVE_CPOW 1
-#define HAVE_CREALF 1
-#define HAVE_CIMAGF 1
-#define HAVE_CABSF 1
-#define HAVE_CARGF 1
-#define HAVE_CEXPF 1
-#define HAVE_CSQRTF 1
-#define HAVE_CLOGF 1
-#define HAVE_CCOSF 1
-#define HAVE_CSINF 1
-#define HAVE_CPOWF 1
-#define HAVE_CREALL 1
-#define HAVE_CIMAGL 1
-#define HAVE_CABSL 1
-#define HAVE_CARGL 1
-#define HAVE_CEXPL 1
-#define HAVE_CSQRTL 1
-#define HAVE_CLOGL 1
-#define HAVE_CCOSL 1
-#define HAVE_CSINL 1
-#define HAVE_CPOWL 1
-#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-#ifndef _NPY_NPY_CONFIG_H_
-#error config.h should never be included directly, include npy_config.h instead
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/_numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/_numpyconfig.h
deleted file mode 100644
index debb39009..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#define NPY_HAVE_ENDIAN_H 1
-#define NPY_SIZEOF_SHORT SIZEOF_SHORT
-#define NPY_SIZEOF_INT SIZEOF_INT
-#define NPY_SIZEOF_LONG SIZEOF_LONG
-#define NPY_SIZEOF_FLOAT 4
-#define NPY_SIZEOF_COMPLEX_FLOAT 8
-#define NPY_SIZEOF_DOUBLE 8
-#define NPY_SIZEOF_COMPLEX_DOUBLE 16
-#define NPY_SIZEOF_LONGDOUBLE 16
-#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
-#define NPY_ENABLE_SEPARATE_COMPILATION 1
-#define NPY_SIZEOF_PY_INTPTR_T 8
-#define NPY_SIZEOF_PY_LONG_LONG 8
-#define NPY_SIZEOF_LONGLONG 8
-#define NPY_SIZEOF_OFF_T 8
-#define NPY_NO_SMP 0
-#define NPY_HAVE_DECL_ISNAN
-#define NPY_HAVE_DECL_ISINF
-#define NPY_HAVE_DECL_ISFINITE
-#define NPY_HAVE_DECL_SIGNBIT
-#define NPY_USE_C99_COMPLEX 1
-#define NPY_HAVE_COMPLEX_DOUBLE 1
-#define NPY_HAVE_COMPLEX_FLOAT 1
-#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
-#define NPY_USE_C99_FORMATS 1
-#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
-#define NPY_ABI_VERSION 0x01000009
-#define NPY_API_VERSION 0x0000000A
-
-#ifndef __STDC_FORMAT_MACROS
-#define __STDC_FORMAT_MACROS 1
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/config.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/config.h
deleted file mode 100644
index c30b868f2..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64eb/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
-#define HAVE_ENDIAN_H 1
-#define SIZEOF_PY_INTPTR_T 8
-#define SIZEOF_PY_LONG_LONG 8
-#define MATHLIB m
-#define HAVE_SIN 1
-#define HAVE_COS 1
-#define HAVE_TAN 1
-#define HAVE_SINH 1
-#define HAVE_COSH 1
-#define HAVE_TANH 1
-#define HAVE_FABS 1
-#define HAVE_FLOOR 1
-#define HAVE_CEIL 1
-#define HAVE_SQRT 1
-#define HAVE_LOG10 1
-#define HAVE_LOG 1
-#define HAVE_EXP 1
-#define HAVE_ASIN 1
-#define HAVE_ACOS 1
-#define HAVE_ATAN 1
-#define HAVE_FMOD 1
-#define HAVE_MODF 1
-#define HAVE_FREXP 1
-#define HAVE_LDEXP 1
-#define HAVE_RINT 1
-#define HAVE_TRUNC 1
-#define HAVE_EXP2 1
-#define HAVE_LOG2 1
-#define HAVE_ATAN2 1
-#define HAVE_POW 1
-#define HAVE_NEXTAFTER 1
-#define HAVE_SINF 1
-#define HAVE_COSF 1
-#define HAVE_TANF 1
-#define HAVE_SINHF 1
-#define HAVE_COSHF 1
-#define HAVE_TANHF 1
-#define HAVE_FABSF 1
-#define HAVE_FLOORF 1
-#define HAVE_CEILF 1
-#define HAVE_RINTF 1
-#define HAVE_TRUNCF 1
-#define HAVE_SQRTF 1
-#define HAVE_LOG10F 1
-#define HAVE_LOGF 1
-#define HAVE_LOG1PF 1
-#define HAVE_EXPF 1
-#define HAVE_EXPM1F 1
-#define HAVE_ASINF 1
-#define HAVE_ACOSF 1
-#define HAVE_ATANF 1
-#define HAVE_ASINHF 1
-#define HAVE_ACOSHF 1
-#define HAVE_ATANHF 1
-#define HAVE_HYPOTF 1
-#define HAVE_ATAN2F 1
-#define HAVE_POWF 1
-#define HAVE_FMODF 1
-#define HAVE_MODFF 1
-#define HAVE_FREXPF 1
-#define HAVE_LDEXPF 1
-#define HAVE_EXP2F 1
-#define HAVE_LOG2F 1
-#define HAVE_COPYSIGNF 1
-#define HAVE_NEXTAFTERF 1
-#define HAVE_SINL 1
-#define HAVE_COSL 1
-#define HAVE_TANL 1
-#define HAVE_SINHL 1
-#define HAVE_COSHL 1
-#define HAVE_TANHL 1
-#define HAVE_FABSL 1
-#define HAVE_FLOORL 1
-#define HAVE_CEILL 1
-#define HAVE_RINTL 1
-#define HAVE_TRUNCL 1
-#define HAVE_SQRTL 1
-#define HAVE_LOG10L 1
-#define HAVE_LOGL 1
-#define HAVE_LOG1PL 1
-#define HAVE_EXPL 1
-#define HAVE_EXPM1L 1
-#define HAVE_ASINL 1
-#define HAVE_ACOSL 1
-#define HAVE_ATANL 1
-#define HAVE_ASINHL 1
-#define HAVE_ACOSHL 1
-#define HAVE_ATANHL 1
-#define HAVE_HYPOTL 1
-#define HAVE_ATAN2L 1
-#define HAVE_POWL 1
-#define HAVE_FMODL 1
-#define HAVE_MODFL 1
-#define HAVE_FREXPL 1
-#define HAVE_LDEXPL 1
-#define HAVE_EXP2L 1
-#define HAVE_LOG2L 1
-#define HAVE_COPYSIGNL 1
-#define HAVE_NEXTAFTERL 1
-#define HAVE_DECL_SIGNBIT
-#define HAVE_COMPLEX_H 1
-#define HAVE_CREAL 1
-#define HAVE_CIMAG 1
-#define HAVE_CABS 1
-#define HAVE_CARG 1
-#define HAVE_CEXP 1
-#define HAVE_CSQRT 1
-#define HAVE_CLOG 1
-#define HAVE_CCOS 1
-#define HAVE_CSIN 1
-#define HAVE_CPOW 1
-#define HAVE_CREALF 1
-#define HAVE_CIMAGF 1
-#define HAVE_CABSF 1
-#define HAVE_CARGF 1
-#define HAVE_CEXPF 1
-#define HAVE_CSQRTF 1
-#define HAVE_CLOGF 1
-#define HAVE_CCOSF 1
-#define HAVE_CSINF 1
-#define HAVE_CPOWF 1
-#define HAVE_CREALL 1
-#define HAVE_CIMAGL 1
-#define HAVE_CABSL 1
-#define HAVE_CARGL 1
-#define HAVE_CEXPL 1
-#define HAVE_CSQRTL 1
-#define HAVE_CLOGL 1
-#define HAVE_CCOSL 1
-#define HAVE_CSINL 1
-#define HAVE_CPOWL 1
-#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-#ifndef _NPY_NPY_CONFIG_H_
-#error config.h should never be included directly, include npy_config.h instead
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64el/_numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64el/_numpyconfig.h
deleted file mode 100644
index debb39009..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64el/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#define NPY_HAVE_ENDIAN_H 1
-#define NPY_SIZEOF_SHORT SIZEOF_SHORT
-#define NPY_SIZEOF_INT SIZEOF_INT
-#define NPY_SIZEOF_LONG SIZEOF_LONG
-#define NPY_SIZEOF_FLOAT 4
-#define NPY_SIZEOF_COMPLEX_FLOAT 8
-#define NPY_SIZEOF_DOUBLE 8
-#define NPY_SIZEOF_COMPLEX_DOUBLE 16
-#define NPY_SIZEOF_LONGDOUBLE 16
-#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
-#define NPY_ENABLE_SEPARATE_COMPILATION 1
-#define NPY_SIZEOF_PY_INTPTR_T 8
-#define NPY_SIZEOF_PY_LONG_LONG 8
-#define NPY_SIZEOF_LONGLONG 8
-#define NPY_SIZEOF_OFF_T 8
-#define NPY_NO_SMP 0
-#define NPY_HAVE_DECL_ISNAN
-#define NPY_HAVE_DECL_ISINF
-#define NPY_HAVE_DECL_ISFINITE
-#define NPY_HAVE_DECL_SIGNBIT
-#define NPY_USE_C99_COMPLEX 1
-#define NPY_HAVE_COMPLEX_DOUBLE 1
-#define NPY_HAVE_COMPLEX_FLOAT 1
-#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
-#define NPY_USE_C99_FORMATS 1
-#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
-#define NPY_ABI_VERSION 0x01000009
-#define NPY_API_VERSION 0x0000000A
-
-#ifndef __STDC_FORMAT_MACROS
-#define __STDC_FORMAT_MACROS 1
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64el/config.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64el/config.h
deleted file mode 100644
index 48727039a..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarchn64el/config.h
+++ /dev/null
@@ -1,138 +0,0 @@
-#define SIZEOF_PY_INTPTR_T 8
-#define SIZEOF_PY_LONG_LONG 8
-#define MATHLIB m
-#define HAVE_SIN 1
-#define HAVE_COS 1
-#define HAVE_TAN 1
-#define HAVE_SINH 1
-#define HAVE_COSH 1
-#define HAVE_TANH 1
-#define HAVE_FABS 1
-#define HAVE_FLOOR 1
-#define HAVE_CEIL 1
-#define HAVE_SQRT 1
-#define HAVE_LOG10 1
-#define HAVE_LOG 1
-#define HAVE_EXP 1
-#define HAVE_ASIN 1
-#define HAVE_ACOS 1
-#define HAVE_ATAN 1
-#define HAVE_FMOD 1
-#define HAVE_MODF 1
-#define HAVE_FREXP 1
-#define HAVE_LDEXP 1
-#define HAVE_RINT 1
-#define HAVE_TRUNC 1
-#define HAVE_EXP2 1
-#define HAVE_LOG2 1
-#define HAVE_ATAN2 1
-#define HAVE_POW 1
-#define HAVE_NEXTAFTER 1
-#define HAVE_SINF 1
-#define HAVE_COSF 1
-#define HAVE_TANF 1
-#define HAVE_SINHF 1
-#define HAVE_COSHF 1
-#define HAVE_TANHF 1
-#define HAVE_FABSF 1
-#define HAVE_FLOORF 1
-#define HAVE_CEILF 1
-#define HAVE_RINTF 1
-#define HAVE_TRUNCF 1
-#define HAVE_SQRTF 1
-#define HAVE_LOG10F 1
-#define HAVE_LOGF 1
-#define HAVE_LOG1PF 1
-#define HAVE_EXPF 1
-#define HAVE_EXPM1F 1
-#define HAVE_ASINF 1
-#define HAVE_ACOSF 1
-#define HAVE_ATANF 1
-#define HAVE_ASINHF 1
-#define HAVE_ACOSHF 1
-#define HAVE_ATANHF 1
-#define HAVE_HYPOTF 1
-#define HAVE_ATAN2F 1
-#define HAVE_POWF 1
-#define HAVE_FMODF 1
-#define HAVE_MODFF 1
-#define HAVE_FREXPF 1
-#define HAVE_LDEXPF 1
-#define HAVE_EXP2F 1
-#define HAVE_LOG2F 1
-#define HAVE_COPYSIGNF 1
-#define HAVE_NEXTAFTERF 1
-#define HAVE_SINL 1
-#define HAVE_COSL 1
-#define HAVE_TANL 1
-#define HAVE_SINHL 1
-#define HAVE_COSHL 1
-#define HAVE_TANHL 1
-#define HAVE_FABSL 1
-#define HAVE_FLOORL 1
-#define HAVE_CEILL 1
-#define HAVE_RINTL 1
-#define HAVE_TRUNCL 1
-#define HAVE_SQRTL 1
-#define HAVE_LOG10L 1
-#define HAVE_LOGL 1
-#define HAVE_LOG1PL 1
-#define HAVE_EXPL 1
-#define HAVE_EXPM1L 1
-#define HAVE_ASINL 1
-#define HAVE_ACOSL 1
-#define HAVE_ATANL 1
-#define HAVE_ASINHL 1
-#define HAVE_ACOSHL 1
-#define HAVE_ATANHL 1
-#define HAVE_HYPOTL 1
-#define HAVE_ATAN2L 1
-#define HAVE_POWL 1
-#define HAVE_FMODL 1
-#define HAVE_MODFL 1
-#define HAVE_FREXPL 1
-#define HAVE_LDEXPL 1
-#define HAVE_EXP2L 1
-#define HAVE_LOG2L 1
-#define HAVE_COPYSIGNL 1
-#define HAVE_NEXTAFTERL 1
-#define HAVE_DECL_SIGNBIT
-#define HAVE_COMPLEX_H 1
-#define HAVE_CREAL 1
-#define HAVE_CIMAG 1
-#define HAVE_CABS 1
-#define HAVE_CARG 1
-#define HAVE_CEXP 1
-#define HAVE_CSQRT 1
-#define HAVE_CLOG 1
-#define HAVE_CCOS 1
-#define HAVE_CSIN 1
-#define HAVE_CPOW 1
-#define HAVE_CREALF 1
-#define HAVE_CIMAGF 1
-#define HAVE_CABSF 1
-#define HAVE_CARGF 1
-#define HAVE_CEXPF 1
-#define HAVE_CSQRTF 1
-#define HAVE_CLOGF 1
-#define HAVE_CCOSF 1
-#define HAVE_CSINF 1
-#define HAVE_CPOWF 1
-#define HAVE_CREALL 1
-#define HAVE_CIMAGL 1
-#define HAVE_CABSL 1
-#define HAVE_CARGL 1
-#define HAVE_CEXPL 1
-#define HAVE_CSQRTL 1
-#define HAVE_CLOGL 1
-#define HAVE_CCOSL 1
-#define HAVE_CSINL 1
-#define HAVE_CPOWL 1
-#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-#ifndef _NPY_NPY_CONFIG_H_
-#error config.h should never be included directly, include npy_config.h instead
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/_numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/_numpyconfig.h
deleted file mode 100644
index 4c465c216..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#define NPY_HAVE_ENDIAN_H 1
-#define NPY_SIZEOF_SHORT SIZEOF_SHORT
-#define NPY_SIZEOF_INT SIZEOF_INT
-#define NPY_SIZEOF_LONG SIZEOF_LONG
-#define NPY_SIZEOF_FLOAT 4
-#define NPY_SIZEOF_COMPLEX_FLOAT 8
-#define NPY_SIZEOF_DOUBLE 8
-#define NPY_SIZEOF_COMPLEX_DOUBLE 16
-#define NPY_SIZEOF_LONGDOUBLE 8
-#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 16
-#define NPY_ENABLE_SEPARATE_COMPILATION 1
-#define NPY_SIZEOF_PY_INTPTR_T 4
-#define NPY_SIZEOF_PY_LONG_LONG 8
-#define NPY_SIZEOF_LONGLONG 8
-#define NPY_SIZEOF_OFF_T 8
-#define NPY_NO_SMP 0
-#define NPY_HAVE_DECL_ISNAN
-#define NPY_HAVE_DECL_ISINF
-#define NPY_HAVE_DECL_ISFINITE
-#define NPY_HAVE_DECL_SIGNBIT
-#define NPY_USE_C99_COMPLEX 1
-#define NPY_HAVE_COMPLEX_DOUBLE 1
-#define NPY_HAVE_COMPLEX_FLOAT 1
-#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
-#define NPY_USE_C99_FORMATS 1
-#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
-#define NPY_ABI_VERSION 0x01000009
-#define NPY_API_VERSION 0x0000000A
-
-#ifndef __STDC_FORMAT_MACROS
-#define __STDC_FORMAT_MACROS 1
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/config.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/config.h
deleted file mode 100644
index 2f6135adc..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32eb/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
-#define HAVE_ENDIAN_H 1
-#define SIZEOF_PY_INTPTR_T 4
-#define SIZEOF_PY_LONG_LONG 8
-#define MATHLIB m
-#define HAVE_SIN 1
-#define HAVE_COS 1
-#define HAVE_TAN 1
-#define HAVE_SINH 1
-#define HAVE_COSH 1
-#define HAVE_TANH 1
-#define HAVE_FABS 1
-#define HAVE_FLOOR 1
-#define HAVE_CEIL 1
-#define HAVE_SQRT 1
-#define HAVE_LOG10 1
-#define HAVE_LOG 1
-#define HAVE_EXP 1
-#define HAVE_ASIN 1
-#define HAVE_ACOS 1
-#define HAVE_ATAN 1
-#define HAVE_FMOD 1
-#define HAVE_MODF 1
-#define HAVE_FREXP 1
-#define HAVE_LDEXP 1
-#define HAVE_RINT 1
-#define HAVE_TRUNC 1
-#define HAVE_EXP2 1
-#define HAVE_LOG2 1
-#define HAVE_ATAN2 1
-#define HAVE_POW 1
-#define HAVE_NEXTAFTER 1
-#define HAVE_SINF 1
-#define HAVE_COSF 1
-#define HAVE_TANF 1
-#define HAVE_SINHF 1
-#define HAVE_COSHF 1
-#define HAVE_TANHF 1
-#define HAVE_FABSF 1
-#define HAVE_FLOORF 1
-#define HAVE_CEILF 1
-#define HAVE_RINTF 1
-#define HAVE_TRUNCF 1
-#define HAVE_SQRTF 1
-#define HAVE_LOG10F 1
-#define HAVE_LOGF 1
-#define HAVE_LOG1PF 1
-#define HAVE_EXPF 1
-#define HAVE_EXPM1F 1
-#define HAVE_ASINF 1
-#define HAVE_ACOSF 1
-#define HAVE_ATANF 1
-#define HAVE_ASINHF 1
-#define HAVE_ACOSHF 1
-#define HAVE_ATANHF 1
-#define HAVE_HYPOTF 1
-#define HAVE_ATAN2F 1
-#define HAVE_POWF 1
-#define HAVE_FMODF 1
-#define HAVE_MODFF 1
-#define HAVE_FREXPF 1
-#define HAVE_LDEXPF 1
-#define HAVE_EXP2F 1
-#define HAVE_LOG2F 1
-#define HAVE_COPYSIGNF 1
-#define HAVE_NEXTAFTERF 1
-#define HAVE_SINL 1
-#define HAVE_COSL 1
-#define HAVE_TANL 1
-#define HAVE_SINHL 1
-#define HAVE_COSHL 1
-#define HAVE_TANHL 1
-#define HAVE_FABSL 1
-#define HAVE_FLOORL 1
-#define HAVE_CEILL 1
-#define HAVE_RINTL 1
-#define HAVE_TRUNCL 1
-#define HAVE_SQRTL 1
-#define HAVE_LOG10L 1
-#define HAVE_LOGL 1
-#define HAVE_LOG1PL 1
-#define HAVE_EXPL 1
-#define HAVE_EXPM1L 1
-#define HAVE_ASINL 1
-#define HAVE_ACOSL 1
-#define HAVE_ATANL 1
-#define HAVE_ASINHL 1
-#define HAVE_ACOSHL 1
-#define HAVE_ATANHL 1
-#define HAVE_HYPOTL 1
-#define HAVE_ATAN2L 1
-#define HAVE_POWL 1
-#define HAVE_FMODL 1
-#define HAVE_MODFL 1
-#define HAVE_FREXPL 1
-#define HAVE_LDEXPL 1
-#define HAVE_EXP2L 1
-#define HAVE_LOG2L 1
-#define HAVE_COPYSIGNL 1
-#define HAVE_NEXTAFTERL 1
-#define HAVE_DECL_SIGNBIT
-#define HAVE_COMPLEX_H 1
-#define HAVE_CREAL 1
-#define HAVE_CIMAG 1
-#define HAVE_CABS 1
-#define HAVE_CARG 1
-#define HAVE_CEXP 1
-#define HAVE_CSQRT 1
-#define HAVE_CLOG 1
-#define HAVE_CCOS 1
-#define HAVE_CSIN 1
-#define HAVE_CPOW 1
-#define HAVE_CREALF 1
-#define HAVE_CIMAGF 1
-#define HAVE_CABSF 1
-#define HAVE_CARGF 1
-#define HAVE_CEXPF 1
-#define HAVE_CSQRTF 1
-#define HAVE_CLOGF 1
-#define HAVE_CCOSF 1
-#define HAVE_CSINF 1
-#define HAVE_CPOWF 1
-#define HAVE_CREALL 1
-#define HAVE_CIMAGL 1
-#define HAVE_CABSL 1
-#define HAVE_CARGL 1
-#define HAVE_CEXPL 1
-#define HAVE_CSQRTL 1
-#define HAVE_CLOGL 1
-#define HAVE_CCOSL 1
-#define HAVE_CSINL 1
-#define HAVE_CPOWL 1
-#define HAVE_LDOUBLE_IEEE_DOUBLE_BE 1
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-#ifndef _NPY_NPY_CONFIG_H_
-#error config.h should never be included directly, include npy_config.h instead
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32el/config.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32el/config.h
deleted file mode 100644
index 17ef186d5..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32el/config.h
+++ /dev/null
@@ -1,21 +0,0 @@
-/* ./src.linux-i686-2.5/numpy/core/include/numpy/config.h */
-/* #define SIZEOF_SHORT 2 */
-/* #define SIZEOF_INT 4 */
-/* #define SIZEOF_LONG 4 */
-/* #define SIZEOF_FLOAT 4 */
-/* #define SIZEOF_DOUBLE 8 */
-#define SIZEOF_LONG_DOUBLE 12
-#define SIZEOF_PY_INTPTR_T 4
-/* #define SIZEOF_LONG_LONG 8 */
-#define SIZEOF_PY_LONG_LONG 8
-/* #define CHAR_BIT 8 */
-#define MATHLIB m
-#define HAVE_FLOAT_FUNCS
-#define HAVE_LOG1P
-#define HAVE_EXPM1
-#define HAVE_INVERSE_HYPERBOLIC
-#define HAVE_INVERSE_HYPERBOLIC_FLOAT
-#define HAVE_ISNAN
-#define HAVE_ISINF
-#define HAVE_RINT
-
diff --git a/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32el/numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32el/numpyconfig.h
deleted file mode 100644
index 0b7cd51af..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/mipsarcho32el/numpyconfig.h
+++ /dev/null
@@ -1,18 +0,0 @@
-/* cat ./src.linux-i686-2.5/numpy/core/include/numpy/numpyconfig.h */
-/*
- *  * This file is generated by numpy/core/setup.pyc. DO NOT EDIT 
- *   */
-#define NPY_SIZEOF_SHORT 2 
-#define NPY_SIZEOF_INT 4 
-#define NPY_SIZEOF_LONG 4 
-#define NPY_SIZEOF_FLOAT 4 
-#define NPY_SIZEOF_DOUBLE 8 
-#define NPY_SIZEOF_LONGDOUBLE 12 
-#define NPY_SIZEOF_PY_INTPTR_T 4 
-#define NPY_NO_SMP 0
-
-#define NPY_SIZEOF_LONGLONG 8 
-#define NPY_SIZEOF_PY_LONG_LONG 8 
-#define NPY_SIZEOF_OFF_T 8
-/* #define CHAR_BIT 8 */
-
diff --git a/poky/meta/recipes-devtools/python-numpy/files/powerpc/_numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/powerpc/_numpyconfig.h
deleted file mode 100644
index 6e7262ad9..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/powerpc/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#define NPY_HAVE_ENDIAN_H 1
-#define NPY_SIZEOF_SHORT SIZEOF_SHORT
-#define NPY_SIZEOF_INT SIZEOF_INT
-#define NPY_SIZEOF_LONG SIZEOF_LONG
-#define NPY_SIZEOF_FLOAT 4
-#define NPY_SIZEOF_COMPLEX_FLOAT 8
-#define NPY_SIZEOF_DOUBLE 8
-#define NPY_SIZEOF_COMPLEX_DOUBLE 16
-#define NPY_SIZEOF_LONGDOUBLE 16
-#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
-#define NPY_ENABLE_SEPARATE_COMPILATION 1
-#define NPY_SIZEOF_PY_INTPTR_T 4
-#define NPY_SIZEOF_PY_LONG_LONG 8
-#define NPY_SIZEOF_LONGLONG 8
-#define NPY_SIZEOF_OFF_T 8
-#define NPY_NO_SMP 0
-#define NPY_HAVE_DECL_ISNAN
-#define NPY_HAVE_DECL_ISINF
-#define NPY_HAVE_DECL_ISFINITE
-#define NPY_HAVE_DECL_SIGNBIT
-#define NPY_USE_C99_COMPLEX 1
-#define NPY_HAVE_COMPLEX_DOUBLE 1
-#define NPY_HAVE_COMPLEX_FLOAT 1
-#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
-#define NPY_USE_C99_FORMATS 1
-#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
-#define NPY_ABI_VERSION 0x01000009
-#define NPY_API_VERSION 0x0000000A
-
-#ifndef __STDC_FORMAT_MACROS
-#define __STDC_FORMAT_MACROS 1
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/powerpc/config.h b/poky/meta/recipes-devtools/python-numpy/files/powerpc/config.h
deleted file mode 100644
index f65d39d5d..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/powerpc/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
-#define HAVE_ENDIAN_H 1
-#define SIZEOF_PY_INTPTR_T 4
-#define SIZEOF_PY_LONG_LONG 8
-#define MATHLIB m
-#define HAVE_SIN 1
-#define HAVE_COS 1
-#define HAVE_TAN 1
-#define HAVE_SINH 1
-#define HAVE_COSH 1
-#define HAVE_TANH 1
-#define HAVE_FABS 1
-#define HAVE_FLOOR 1
-#define HAVE_CEIL 1
-#define HAVE_SQRT 1
-#define HAVE_LOG10 1
-#define HAVE_LOG 1
-#define HAVE_EXP 1
-#define HAVE_ASIN 1
-#define HAVE_ACOS 1
-#define HAVE_ATAN 1
-#define HAVE_FMOD 1
-#define HAVE_MODF 1
-#define HAVE_FREXP 1
-#define HAVE_LDEXP 1
-#define HAVE_RINT 1
-#define HAVE_TRUNC 1
-#define HAVE_EXP2 1
-#define HAVE_LOG2 1
-#define HAVE_ATAN2 1
-#define HAVE_POW 1
-#define HAVE_NEXTAFTER 1
-#define HAVE_SINF 1
-#define HAVE_COSF 1
-#define HAVE_TANF 1
-#define HAVE_SINHF 1
-#define HAVE_COSHF 1
-#define HAVE_TANHF 1
-#define HAVE_FABSF 1
-#define HAVE_FLOORF 1
-#define HAVE_CEILF 1
-#define HAVE_RINTF 1
-#define HAVE_TRUNCF 1
-#define HAVE_SQRTF 1
-#define HAVE_LOG10F 1
-#define HAVE_LOGF 1
-#define HAVE_LOG1PF 1
-#define HAVE_EXPF 1
-#define HAVE_EXPM1F 1
-#define HAVE_ASINF 1
-#define HAVE_ACOSF 1
-#define HAVE_ATANF 1
-#define HAVE_ASINHF 1
-#define HAVE_ACOSHF 1
-#define HAVE_ATANHF 1
-#define HAVE_HYPOTF 1
-#define HAVE_ATAN2F 1
-#define HAVE_POWF 1
-#define HAVE_FMODF 1
-#define HAVE_MODFF 1
-#define HAVE_FREXPF 1
-#define HAVE_LDEXPF 1
-#define HAVE_EXP2F 1
-#define HAVE_LOG2F 1
-#define HAVE_COPYSIGNF 1
-#define HAVE_NEXTAFTERF 1
-#define HAVE_SINL 1
-#define HAVE_COSL 1
-#define HAVE_TANL 1
-#define HAVE_SINHL 1
-#define HAVE_COSHL 1
-#define HAVE_TANHL 1
-#define HAVE_FABSL 1
-#define HAVE_FLOORL 1
-#define HAVE_CEILL 1
-#define HAVE_RINTL 1
-#define HAVE_TRUNCL 1
-#define HAVE_SQRTL 1
-#define HAVE_LOG10L 1
-#define HAVE_LOGL 1
-#define HAVE_LOG1PL 1
-#define HAVE_EXPL 1
-#define HAVE_EXPM1L 1
-#define HAVE_ASINL 1
-#define HAVE_ACOSL 1
-#define HAVE_ATANL 1
-#define HAVE_ASINHL 1
-#define HAVE_ACOSHL 1
-#define HAVE_ATANHL 1
-#define HAVE_HYPOTL 1
-#define HAVE_ATAN2L 1
-#define HAVE_POWL 1
-#define HAVE_FMODL 1
-#define HAVE_MODFL 1
-#define HAVE_FREXPL 1
-#define HAVE_LDEXPL 1
-#define HAVE_EXP2L 1
-#define HAVE_LOG2L 1
-#define HAVE_COPYSIGNL 1
-#define HAVE_NEXTAFTERL 1
-#define HAVE_DECL_SIGNBIT
-#define HAVE_COMPLEX_H 1
-#define HAVE_CREAL 1
-#define HAVE_CIMAG 1
-#define HAVE_CABS 1
-#define HAVE_CARG 1
-#define HAVE_CEXP 1
-#define HAVE_CSQRT 1
-#define HAVE_CLOG 1
-#define HAVE_CCOS 1
-#define HAVE_CSIN 1
-#define HAVE_CPOW 1
-#define HAVE_CREALF 1
-#define HAVE_CIMAGF 1
-#define HAVE_CABSF 1
-#define HAVE_CARGF 1
-#define HAVE_CEXPF 1
-#define HAVE_CSQRTF 1
-#define HAVE_CLOGF 1
-#define HAVE_CCOSF 1
-#define HAVE_CSINF 1
-#define HAVE_CPOWF 1
-#define HAVE_CREALL 1
-#define HAVE_CIMAGL 1
-#define HAVE_CABSL 1
-#define HAVE_CARGL 1
-#define HAVE_CEXPL 1
-#define HAVE_CSQRTL 1
-#define HAVE_CLOGL 1
-#define HAVE_CCOSL 1
-#define HAVE_CSINL 1
-#define HAVE_CPOWL 1
-#define HAVE_LDOUBLE_DOUBLE_DOUBLE_BE 1
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-#ifndef _NPY_NPY_CONFIG_H_
-#error config.h should never be included directly, include npy_config.h instead
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/powerpc64/_numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/powerpc64/_numpyconfig.h
deleted file mode 100644
index debb39009..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/powerpc64/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#define NPY_HAVE_ENDIAN_H 1
-#define NPY_SIZEOF_SHORT SIZEOF_SHORT
-#define NPY_SIZEOF_INT SIZEOF_INT
-#define NPY_SIZEOF_LONG SIZEOF_LONG
-#define NPY_SIZEOF_FLOAT 4
-#define NPY_SIZEOF_COMPLEX_FLOAT 8
-#define NPY_SIZEOF_DOUBLE 8
-#define NPY_SIZEOF_COMPLEX_DOUBLE 16
-#define NPY_SIZEOF_LONGDOUBLE 16
-#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
-#define NPY_ENABLE_SEPARATE_COMPILATION 1
-#define NPY_SIZEOF_PY_INTPTR_T 8
-#define NPY_SIZEOF_PY_LONG_LONG 8
-#define NPY_SIZEOF_LONGLONG 8
-#define NPY_SIZEOF_OFF_T 8
-#define NPY_NO_SMP 0
-#define NPY_HAVE_DECL_ISNAN
-#define NPY_HAVE_DECL_ISINF
-#define NPY_HAVE_DECL_ISFINITE
-#define NPY_HAVE_DECL_SIGNBIT
-#define NPY_USE_C99_COMPLEX 1
-#define NPY_HAVE_COMPLEX_DOUBLE 1
-#define NPY_HAVE_COMPLEX_FLOAT 1
-#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
-#define NPY_USE_C99_FORMATS 1
-#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
-#define NPY_ABI_VERSION 0x01000009
-#define NPY_API_VERSION 0x0000000A
-
-#ifndef __STDC_FORMAT_MACROS
-#define __STDC_FORMAT_MACROS 1
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/powerpc64/config.h b/poky/meta/recipes-devtools/python-numpy/files/powerpc64/config.h
deleted file mode 100644
index c30b868f2..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/powerpc64/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
-#define HAVE_ENDIAN_H 1
-#define SIZEOF_PY_INTPTR_T 8
-#define SIZEOF_PY_LONG_LONG 8
-#define MATHLIB m
-#define HAVE_SIN 1
-#define HAVE_COS 1
-#define HAVE_TAN 1
-#define HAVE_SINH 1
-#define HAVE_COSH 1
-#define HAVE_TANH 1
-#define HAVE_FABS 1
-#define HAVE_FLOOR 1
-#define HAVE_CEIL 1
-#define HAVE_SQRT 1
-#define HAVE_LOG10 1
-#define HAVE_LOG 1
-#define HAVE_EXP 1
-#define HAVE_ASIN 1
-#define HAVE_ACOS 1
-#define HAVE_ATAN 1
-#define HAVE_FMOD 1
-#define HAVE_MODF 1
-#define HAVE_FREXP 1
-#define HAVE_LDEXP 1
-#define HAVE_RINT 1
-#define HAVE_TRUNC 1
-#define HAVE_EXP2 1
-#define HAVE_LOG2 1
-#define HAVE_ATAN2 1
-#define HAVE_POW 1
-#define HAVE_NEXTAFTER 1
-#define HAVE_SINF 1
-#define HAVE_COSF 1
-#define HAVE_TANF 1
-#define HAVE_SINHF 1
-#define HAVE_COSHF 1
-#define HAVE_TANHF 1
-#define HAVE_FABSF 1
-#define HAVE_FLOORF 1
-#define HAVE_CEILF 1
-#define HAVE_RINTF 1
-#define HAVE_TRUNCF 1
-#define HAVE_SQRTF 1
-#define HAVE_LOG10F 1
-#define HAVE_LOGF 1
-#define HAVE_LOG1PF 1
-#define HAVE_EXPF 1
-#define HAVE_EXPM1F 1
-#define HAVE_ASINF 1
-#define HAVE_ACOSF 1
-#define HAVE_ATANF 1
-#define HAVE_ASINHF 1
-#define HAVE_ACOSHF 1
-#define HAVE_ATANHF 1
-#define HAVE_HYPOTF 1
-#define HAVE_ATAN2F 1
-#define HAVE_POWF 1
-#define HAVE_FMODF 1
-#define HAVE_MODFF 1
-#define HAVE_FREXPF 1
-#define HAVE_LDEXPF 1
-#define HAVE_EXP2F 1
-#define HAVE_LOG2F 1
-#define HAVE_COPYSIGNF 1
-#define HAVE_NEXTAFTERF 1
-#define HAVE_SINL 1
-#define HAVE_COSL 1
-#define HAVE_TANL 1
-#define HAVE_SINHL 1
-#define HAVE_COSHL 1
-#define HAVE_TANHL 1
-#define HAVE_FABSL 1
-#define HAVE_FLOORL 1
-#define HAVE_CEILL 1
-#define HAVE_RINTL 1
-#define HAVE_TRUNCL 1
-#define HAVE_SQRTL 1
-#define HAVE_LOG10L 1
-#define HAVE_LOGL 1
-#define HAVE_LOG1PL 1
-#define HAVE_EXPL 1
-#define HAVE_EXPM1L 1
-#define HAVE_ASINL 1
-#define HAVE_ACOSL 1
-#define HAVE_ATANL 1
-#define HAVE_ASINHL 1
-#define HAVE_ACOSHL 1
-#define HAVE_ATANHL 1
-#define HAVE_HYPOTL 1
-#define HAVE_ATAN2L 1
-#define HAVE_POWL 1
-#define HAVE_FMODL 1
-#define HAVE_MODFL 1
-#define HAVE_FREXPL 1
-#define HAVE_LDEXPL 1
-#define HAVE_EXP2L 1
-#define HAVE_LOG2L 1
-#define HAVE_COPYSIGNL 1
-#define HAVE_NEXTAFTERL 1
-#define HAVE_DECL_SIGNBIT
-#define HAVE_COMPLEX_H 1
-#define HAVE_CREAL 1
-#define HAVE_CIMAG 1
-#define HAVE_CABS 1
-#define HAVE_CARG 1
-#define HAVE_CEXP 1
-#define HAVE_CSQRT 1
-#define HAVE_CLOG 1
-#define HAVE_CCOS 1
-#define HAVE_CSIN 1
-#define HAVE_CPOW 1
-#define HAVE_CREALF 1
-#define HAVE_CIMAGF 1
-#define HAVE_CABSF 1
-#define HAVE_CARGF 1
-#define HAVE_CEXPF 1
-#define HAVE_CSQRTF 1
-#define HAVE_CLOGF 1
-#define HAVE_CCOSF 1
-#define HAVE_CSINF 1
-#define HAVE_CPOWF 1
-#define HAVE_CREALL 1
-#define HAVE_CIMAGL 1
-#define HAVE_CABSL 1
-#define HAVE_CARGL 1
-#define HAVE_CEXPL 1
-#define HAVE_CSQRTL 1
-#define HAVE_CLOGL 1
-#define HAVE_CCOSL 1
-#define HAVE_CSINL 1
-#define HAVE_CPOWL 1
-#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-#ifndef _NPY_NPY_CONFIG_H_
-#error config.h should never be included directly, include npy_config.h instead
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/riscv64/_numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/riscv64/_numpyconfig.h
deleted file mode 100644
index 109deb043..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/riscv64/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#define NPY_HAVE_ENDIAN_H 1
-#define NPY_SIZEOF_SHORT SIZEOF_SHORT
-#define NPY_SIZEOF_INT SIZEOF_INT
-#define NPY_SIZEOF_LONG SIZEOF_LONG
-#define NPY_SIZEOF_FLOAT 4
-#define NPY_SIZEOF_COMPLEX_FLOAT 8
-#define NPY_SIZEOF_DOUBLE 8
-#define NPY_SIZEOF_COMPLEX_DOUBLE 16
-#define NPY_SIZEOF_LONGDOUBLE 16
-#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
-#define NPY_SIZEOF_PY_INTPTR_T 8
-#define NPY_SIZEOF_PY_LONG_LONG 8
-#define NPY_SIZEOF_LONGLONG 8
-#define NPY_SIZEOF_OFF_T 8
-#define NPY_NO_SMP 0
-#define NPY_HAVE_DECL_ISNAN
-#define NPY_HAVE_DECL_ISINF
-#define NPY_HAVE_DECL_ISFINITE
-#define NPY_HAVE_DECL_SIGNBIT
-#define NPY_USE_C99_COMPLEX 1
-#define NPY_HAVE_COMPLEX_DOUBLE 1
-#define NPY_HAVE_COMPLEX_FLOAT 1
-#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
-#define NPY_ENABLE_SEPARATE_COMPILATION 1
-#define NPY_USE_C99_FORMATS 1
-#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
-#define NPY_ABI_VERSION 0x01000009
-#define NPY_API_VERSION 0x0000000A
-
-#ifndef __STDC_FORMAT_MACROS
-#define __STDC_FORMAT_MACROS 1
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/riscv64/config.h b/poky/meta/recipes-devtools/python-numpy/files/riscv64/config.h
deleted file mode 100644
index c30b868f2..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/riscv64/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
-#define HAVE_ENDIAN_H 1
-#define SIZEOF_PY_INTPTR_T 8
-#define SIZEOF_PY_LONG_LONG 8
-#define MATHLIB m
-#define HAVE_SIN 1
-#define HAVE_COS 1
-#define HAVE_TAN 1
-#define HAVE_SINH 1
-#define HAVE_COSH 1
-#define HAVE_TANH 1
-#define HAVE_FABS 1
-#define HAVE_FLOOR 1
-#define HAVE_CEIL 1
-#define HAVE_SQRT 1
-#define HAVE_LOG10 1
-#define HAVE_LOG 1
-#define HAVE_EXP 1
-#define HAVE_ASIN 1
-#define HAVE_ACOS 1
-#define HAVE_ATAN 1
-#define HAVE_FMOD 1
-#define HAVE_MODF 1
-#define HAVE_FREXP 1
-#define HAVE_LDEXP 1
-#define HAVE_RINT 1
-#define HAVE_TRUNC 1
-#define HAVE_EXP2 1
-#define HAVE_LOG2 1
-#define HAVE_ATAN2 1
-#define HAVE_POW 1
-#define HAVE_NEXTAFTER 1
-#define HAVE_SINF 1
-#define HAVE_COSF 1
-#define HAVE_TANF 1
-#define HAVE_SINHF 1
-#define HAVE_COSHF 1
-#define HAVE_TANHF 1
-#define HAVE_FABSF 1
-#define HAVE_FLOORF 1
-#define HAVE_CEILF 1
-#define HAVE_RINTF 1
-#define HAVE_TRUNCF 1
-#define HAVE_SQRTF 1
-#define HAVE_LOG10F 1
-#define HAVE_LOGF 1
-#define HAVE_LOG1PF 1
-#define HAVE_EXPF 1
-#define HAVE_EXPM1F 1
-#define HAVE_ASINF 1
-#define HAVE_ACOSF 1
-#define HAVE_ATANF 1
-#define HAVE_ASINHF 1
-#define HAVE_ACOSHF 1
-#define HAVE_ATANHF 1
-#define HAVE_HYPOTF 1
-#define HAVE_ATAN2F 1
-#define HAVE_POWF 1
-#define HAVE_FMODF 1
-#define HAVE_MODFF 1
-#define HAVE_FREXPF 1
-#define HAVE_LDEXPF 1
-#define HAVE_EXP2F 1
-#define HAVE_LOG2F 1
-#define HAVE_COPYSIGNF 1
-#define HAVE_NEXTAFTERF 1
-#define HAVE_SINL 1
-#define HAVE_COSL 1
-#define HAVE_TANL 1
-#define HAVE_SINHL 1
-#define HAVE_COSHL 1
-#define HAVE_TANHL 1
-#define HAVE_FABSL 1
-#define HAVE_FLOORL 1
-#define HAVE_CEILL 1
-#define HAVE_RINTL 1
-#define HAVE_TRUNCL 1
-#define HAVE_SQRTL 1
-#define HAVE_LOG10L 1
-#define HAVE_LOGL 1
-#define HAVE_LOG1PL 1
-#define HAVE_EXPL 1
-#define HAVE_EXPM1L 1
-#define HAVE_ASINL 1
-#define HAVE_ACOSL 1
-#define HAVE_ATANL 1
-#define HAVE_ASINHL 1
-#define HAVE_ACOSHL 1
-#define HAVE_ATANHL 1
-#define HAVE_HYPOTL 1
-#define HAVE_ATAN2L 1
-#define HAVE_POWL 1
-#define HAVE_FMODL 1
-#define HAVE_MODFL 1
-#define HAVE_FREXPL 1
-#define HAVE_LDEXPL 1
-#define HAVE_EXP2L 1
-#define HAVE_LOG2L 1
-#define HAVE_COPYSIGNL 1
-#define HAVE_NEXTAFTERL 1
-#define HAVE_DECL_SIGNBIT
-#define HAVE_COMPLEX_H 1
-#define HAVE_CREAL 1
-#define HAVE_CIMAG 1
-#define HAVE_CABS 1
-#define HAVE_CARG 1
-#define HAVE_CEXP 1
-#define HAVE_CSQRT 1
-#define HAVE_CLOG 1
-#define HAVE_CCOS 1
-#define HAVE_CSIN 1
-#define HAVE_CPOW 1
-#define HAVE_CREALF 1
-#define HAVE_CIMAGF 1
-#define HAVE_CABSF 1
-#define HAVE_CARGF 1
-#define HAVE_CEXPF 1
-#define HAVE_CSQRTF 1
-#define HAVE_CLOGF 1
-#define HAVE_CCOSF 1
-#define HAVE_CSINF 1
-#define HAVE_CPOWF 1
-#define HAVE_CREALL 1
-#define HAVE_CIMAGL 1
-#define HAVE_CABSL 1
-#define HAVE_CARGL 1
-#define HAVE_CEXPL 1
-#define HAVE_CSQRTL 1
-#define HAVE_CLOGL 1
-#define HAVE_CCOSL 1
-#define HAVE_CSINL 1
-#define HAVE_CPOWL 1
-#define HAVE_LDOUBLE_IEEE_QUAD_LE 1
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-#ifndef _NPY_NPY_CONFIG_H_
-#error config.h should never be included directly, include npy_config.h instead
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/x86-64/_numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/x86-64/_numpyconfig.h
deleted file mode 100644
index b33036164..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/x86-64/_numpyconfig.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#define NPY_HAVE_ENDIAN_H 1
-#define NPY_SIZEOF_SHORT SIZEOF_SHORT
-#define NPY_SIZEOF_INT SIZEOF_INT
-#define NPY_SIZEOF_LONG SIZEOF_LONG
-#define NPY_SIZEOF_FLOAT 4
-#define NPY_SIZEOF_COMPLEX_FLOAT 8
-#define NPY_SIZEOF_DOUBLE 8
-#define NPY_SIZEOF_OFF_T 8
-#define NPY_SIZEOF_COMPLEX_DOUBLE 16
-#define NPY_SIZEOF_LONGDOUBLE 16
-#define NPY_SIZEOF_COMPLEX_LONGDOUBLE 32
-#define NPY_ENABLE_SEPARATE_COMPILATION 1
-#define NPY_SIZEOF_PY_INTPTR_T 8
-#define NPY_SIZEOF_PY_LONG_LONG 8
-#define NPY_SIZEOF_LONGLONG 8
-#define NPY_NO_SMP 0
-#define NPY_HAVE_DECL_ISNAN
-#define NPY_HAVE_DECL_ISINF
-#define NPY_HAVE_DECL_ISFINITE
-#define NPY_HAVE_DECL_SIGNBIT
-#define NPY_USE_C99_COMPLEX 1
-#define NPY_HAVE_COMPLEX_DOUBLE 1
-#define NPY_HAVE_COMPLEX_FLOAT 1
-#define NPY_HAVE_COMPLEX_LONG_DOUBLE 1
-#define NPY_USE_C99_FORMATS 1
-#define NPY_VISIBILITY_HIDDEN __attribute__((visibility("hidden")))
-#define NPY_ABI_VERSION 0x01000009
-#define NPY_API_VERSION 0x0000000A
-
-#ifndef __STDC_FORMAT_MACROS
-#define __STDC_FORMAT_MACROS 1
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/x86-64/config.h b/poky/meta/recipes-devtools/python-numpy/files/x86-64/config.h
deleted file mode 100644
index 0ce63b7d2..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/x86-64/config.h
+++ /dev/null
@@ -1,139 +0,0 @@
-#define HAVE_ENDIAN_H 1
-#define SIZEOF_PY_INTPTR_T 8
-#define SIZEOF_PY_LONG_LONG 8
-#define MATHLIB m
-#define HAVE_SIN 1
-#define HAVE_COS 1
-#define HAVE_TAN 1
-#define HAVE_SINH 1
-#define HAVE_COSH 1
-#define HAVE_TANH 1
-#define HAVE_FABS 1
-#define HAVE_FLOOR 1
-#define HAVE_CEIL 1
-#define HAVE_SQRT 1
-#define HAVE_LOG10 1
-#define HAVE_LOG 1
-#define HAVE_EXP 1
-#define HAVE_ASIN 1
-#define HAVE_ACOS 1
-#define HAVE_ATAN 1
-#define HAVE_FMOD 1
-#define HAVE_MODF 1
-#define HAVE_FREXP 1
-#define HAVE_LDEXP 1
-#define HAVE_RINT 1
-#define HAVE_TRUNC 1
-#define HAVE_EXP2 1
-#define HAVE_LOG2 1
-#define HAVE_ATAN2 1
-#define HAVE_POW 1
-#define HAVE_NEXTAFTER 1
-#define HAVE_SINF 1
-#define HAVE_COSF 1
-#define HAVE_TANF 1
-#define HAVE_SINHF 1
-#define HAVE_COSHF 1
-#define HAVE_TANHF 1
-#define HAVE_FABSF 1
-#define HAVE_FLOORF 1
-#define HAVE_CEILF 1
-#define HAVE_RINTF 1
-#define HAVE_TRUNCF 1
-#define HAVE_SQRTF 1
-#define HAVE_LOG10F 1
-#define HAVE_LOGF 1
-#define HAVE_LOG1PF 1
-#define HAVE_EXPF 1
-#define HAVE_EXPM1F 1
-#define HAVE_ASINF 1
-#define HAVE_ACOSF 1
-#define HAVE_ATANF 1
-#define HAVE_ASINHF 1
-#define HAVE_ACOSHF 1
-#define HAVE_ATANHF 1
-#define HAVE_HYPOTF 1
-#define HAVE_ATAN2F 1
-#define HAVE_POWF 1
-#define HAVE_FMODF 1
-#define HAVE_MODFF 1
-#define HAVE_FREXPF 1
-#define HAVE_LDEXPF 1
-#define HAVE_EXP2F 1
-#define HAVE_LOG2F 1
-#define HAVE_COPYSIGNF 1
-#define HAVE_NEXTAFTERF 1
-#define HAVE_SINL 1
-#define HAVE_COSL 1
-#define HAVE_TANL 1
-#define HAVE_SINHL 1
-#define HAVE_COSHL 1
-#define HAVE_TANHL 1
-#define HAVE_FABSL 1
-#define HAVE_FLOORL 1
-#define HAVE_CEILL 1
-#define HAVE_RINTL 1
-#define HAVE_TRUNCL 1
-#define HAVE_SQRTL 1
-#define HAVE_LOG10L 1
-#define HAVE_LOGL 1
-#define HAVE_LOG1PL 1
-#define HAVE_EXPL 1
-#define HAVE_EXPM1L 1
-#define HAVE_ASINL 1
-#define HAVE_ACOSL 1
-#define HAVE_ATANL 1
-#define HAVE_ASINHL 1
-#define HAVE_ACOSHL 1
-#define HAVE_ATANHL 1
-#define HAVE_HYPOTL 1
-#define HAVE_ATAN2L 1
-#define HAVE_POWL 1
-#define HAVE_FMODL 1
-#define HAVE_MODFL 1
-#define HAVE_FREXPL 1
-#define HAVE_LDEXPL 1
-#define HAVE_EXP2L 1
-#define HAVE_LOG2L 1
-#define HAVE_COPYSIGNL 1
-#define HAVE_NEXTAFTERL 1
-#define HAVE_DECL_SIGNBIT
-#define HAVE_COMPLEX_H 1
-#define HAVE_CREAL 1
-#define HAVE_CIMAG 1
-#define HAVE_CABS 1
-#define HAVE_CARG 1
-#define HAVE_CEXP 1
-#define HAVE_CSQRT 1
-#define HAVE_CLOG 1
-#define HAVE_CCOS 1
-#define HAVE_CSIN 1
-#define HAVE_CPOW 1
-#define HAVE_CREALF 1
-#define HAVE_CIMAGF 1
-#define HAVE_CABSF 1
-#define HAVE_CARGF 1
-#define HAVE_CEXPF 1
-#define HAVE_CSQRTF 1
-#define HAVE_CLOGF 1
-#define HAVE_CCOSF 1
-#define HAVE_CSINF 1
-#define HAVE_CPOWF 1
-#define HAVE_CREALL 1
-#define HAVE_CIMAGL 1
-#define HAVE_CABSL 1
-#define HAVE_CARGL 1
-#define HAVE_CEXPL 1
-#define HAVE_CSQRTL 1
-#define HAVE_CLOGL 1
-#define HAVE_CCOSL 1
-#define HAVE_CSINL 1
-#define HAVE_CPOWL 1
-#define HAVE_LDOUBLE_INTEL_EXTENDED_16_BYTES_LE 1
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-#ifndef _NPY_NPY_CONFIG_H_
-#error config.h should never be included directly, include npy_config.h instead
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/x86/config.h b/poky/meta/recipes-devtools/python-numpy/files/x86/config.h
deleted file mode 100644
index 08e41e3d9..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/x86/config.h
+++ /dev/null
@@ -1,108 +0,0 @@
-#define SIZEOF_PY_INTPTR_T 4
-#define SIZEOF_PY_LONG_LONG 8
-#define MATHLIB m
-#define HAVE_SIN
-#define HAVE_COS
-#define HAVE_TAN
-#define HAVE_SINH
-#define HAVE_COSH
-#define HAVE_TANH
-#define HAVE_FABS
-#define HAVE_FLOOR
-#define HAVE_CEIL
-#define HAVE_SQRT
-#define HAVE_LOG10
-#define HAVE_LOG
-#define HAVE_EXP
-#define HAVE_ASIN
-#define HAVE_ACOS
-#define HAVE_ATAN
-#define HAVE_FMOD
-#define HAVE_MODF
-#define HAVE_FREXP
-#define HAVE_LDEXP
-#define HAVE_RINT
-#define HAVE_TRUNC
-#define HAVE_EXP2
-#define HAVE_LOG2
-#define HAVE_ATAN2
-#define HAVE_POW
-#define HAVE_NEXTAFTER
-#define HAVE_SINF
-#define HAVE_COSF
-#define HAVE_TANF
-#define HAVE_SINHF
-#define HAVE_COSHF
-#define HAVE_TANHF
-#define HAVE_FABSF
-#define HAVE_FLOORF
-#define HAVE_CEILF
-#define HAVE_RINTF
-#define HAVE_TRUNCF
-#define HAVE_SQRTF
-#define HAVE_LOG10F
-#define HAVE_LOGF
-#define HAVE_LOG1PF
-#define HAVE_EXPF
-#define HAVE_EXPM1F
-#define HAVE_ASINF
-#define HAVE_ACOSF
-#define HAVE_ATANF
-#define HAVE_ASINHF
-#define HAVE_ACOSHF
-#define HAVE_ATANHF
-#define HAVE_HYPOTF
-#define HAVE_ATAN2F
-#define HAVE_POWF
-#define HAVE_FMODF
-#define HAVE_MODFF
-#define HAVE_FREXPF
-#define HAVE_LDEXPF
-#define HAVE_EXP2F
-#define HAVE_LOG2F
-#define HAVE_COPYSIGNF
-#define HAVE_NEXTAFTERF
-#define HAVE_SINL
-#define HAVE_COSL
-#define HAVE_TANL
-#define HAVE_SINHL
-#define HAVE_COSHL
-#define HAVE_TANHL
-#define HAVE_FABSL
-#define HAVE_FLOORL
-#define HAVE_CEILL
-#define HAVE_RINTL
-#define HAVE_TRUNCL
-#define HAVE_SQRTL
-#define HAVE_LOG10L
-#define HAVE_LOGL
-#define HAVE_LOG1PL
-#define HAVE_EXPL
-#define HAVE_EXPM1L
-#define HAVE_ASINL
-#define HAVE_ACOSL
-#define HAVE_ATANL
-#define HAVE_ASINHL
-#define HAVE_ACOSHL
-#define HAVE_ATANHL
-#define HAVE_HYPOTL
-#define HAVE_ATAN2L
-#define HAVE_POWL
-#define HAVE_FMODL
-#define HAVE_MODFL
-#define HAVE_FREXPL
-#define HAVE_LDEXPL
-#define HAVE_EXP2L
-#define HAVE_LOG2L
-#define HAVE_COPYSIGNL
-#define HAVE_NEXTAFTERL
-#define HAVE_DECL_SIGNBIT
-#define HAVE_COMPLEX_H
-#define HAVE_LDOUBLE_INTEL_EXTENDED_12_BYTES_LE 1
-#ifndef __cplusplus
-/* #undef inline */
-#endif
-
-#ifndef _NPY_NPY_CONFIG_H_
-#error config.h should never be included directly, include npy_config.h instead
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/files/x86/numpyconfig.h b/poky/meta/recipes-devtools/python-numpy/files/x86/numpyconfig.h
deleted file mode 100644
index ff7938cd9..000000000
--- a/poky/meta/recipes-devtools/python-numpy/files/x86/numpyconfig.h
+++ /dev/null
@@ -1,24 +0,0 @@
-#ifndef _NPY_NUMPYCONFIG_H_
-#define _NPY_NUMPYCONFIG_H_
-
-#include "_numpyconfig.h"
-
-/* 
- * On Mac OS X, because there is only one configuration stage for all the archs
- * in universal builds, any macro which depends on the arch needs to be
- * harcoded
- */
-#ifdef __APPLE__
-	#undef NPY_SIZEOF_LONG
-	#undef NPY_SIZEOF_PY_INTPTR_T
-
-	#ifdef __LP64__
-		#define NPY_SIZEOF_LONG 		8
-		#define NPY_SIZEOF_PY_INTPTR_T 	8
-	#else
-		#define NPY_SIZEOF_LONG 		4
-		#define NPY_SIZEOF_PY_INTPTR_T 	4
-	#endif
-#endif
-
-#endif
diff --git a/poky/meta/recipes-devtools/python-numpy/python-numpy.inc b/poky/meta/recipes-devtools/python-numpy/python-numpy.inc
index a12e72f96..f68b90e6b 100644
--- a/poky/meta/recipes-devtools/python-numpy/python-numpy.inc
+++ b/poky/meta/recipes-devtools/python-numpy/python-numpy.inc
@@ -8,7 +8,6 @@ SRCNAME = "numpy"
 SRC_URI = "https://github.com/${SRCNAME}/${SRCNAME}/releases/download/v${PV}/${SRCNAME}-${PV}.tar.gz \
            file://0001-Don-t-search-usr-and-so-on-for-libraries-by-default-.patch \
            file://0001-npy_cpu-Add-riscv-support.patch \
-           ${CONFIGFILESURI} \
            file://0001-numpy-random-setup.py-remove-the-detection-of-x86-ta.patch \
            "
 SRC_URI[md5sum] = "c48b2ad785f82cdfe28c907ce35e2a71"
@@ -20,77 +19,10 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"
 # Needed for building with gcc 4.x from centos 7
 CFLAGS_append_class-native = " -std=c99"
 
-CONFIGFILESURI ?= ""
-
-CONFIGFILESURI_aarch64 = " \
-    file://config.h \
-    file://_numpyconfig.h \
-"
-CONFIGFILESURI_arm = " \
-    file://config.h \
-    file://numpyconfig.h \
-"
-CONFIGFILESURI_armeb = " \
-    file://config.h \
-    file://numpyconfig.h \
-"
-CONFIGFILESURI_mipsarcho32el = " \
-    file://config.h \
-    file://numpyconfig.h \
-"
-CONFIGFILESURI_x86 = " \
-    file://config.h \
-    file://numpyconfig.h \
-"
-CONFIGFILESURI_x86-64 = " \
-    file://config.h \
-    file://_numpyconfig.h \
-"
-CONFIGFILESURI_mipsarcho32eb = " \
-    file://config.h \
-    file://_numpyconfig.h \
-"
-CONFIGFILESURI_powerpc = " \
-    file://config.h \
-    file://_numpyconfig.h \
-"
-CONFIGFILESURI_powerpc64 = " \
-    file://config.h \
-    file://_numpyconfig.h \
-"
-CONFIGFILESURI_mipsarchn64eb = " \
-    file://config.h \
-    file://_numpyconfig.h \
-"
-CONFIGFILESURI_mipsarchn64el = " \
-    file://config.h \
-    file://_numpyconfig.h \
-"
-CONFIGFILESURI_mipsarchn32eb = " \
-    file://config.h \
-    file://_numpyconfig.h \
-"
-CONFIGFILESURI_mipsarchn32el = " \
-    file://config.h \
-    file://_numpyconfig.h \
-"
-CONFIGFILESURI_riscv64 = " \
-    file://config.h \
-    file://_numpyconfig.h \
-"
-
 S = "${WORKDIR}/numpy-${PV}"
 
 CLEANBROKEN = "1"
 
-# Make the build fail and replace *config.h with proper one
-# This is a ugly, ugly hack - Koen
-do_compile_prepend_class-target() {
-    ${STAGING_BINDIR_NATIVE}/${PYTHON_PN}-native/${PYTHON_PN} setup.py build ${DISTUTILS_BUILD_ARGS} || \
-    true
-    cp ${WORKDIR}/*config.h ${S}/build/$(ls ${S}/build | grep src)/numpy/core/include/numpy/
-}
-
 FILES_${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/numpy/core/lib/*.a"
 
 # install what is needed for numpy.test()
diff --git a/poky/meta/recipes-devtools/python/python-native/debug.patch b/poky/meta/recipes-devtools/python/python-native/debug.patch
deleted file mode 100644
index 361788264..000000000
--- a/poky/meta/recipes-devtools/python/python-native/debug.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Upstream-Status: Pending
-
-Index: Python-2.7.12/Lib/distutils/unixccompiler.py
-===================================================================
---- Python-2.7.12.orig/Lib/distutils/unixccompiler.py
-+++ Python-2.7.12/Lib/distutils/unixccompiler.py
-@@ -278,6 +278,8 @@ class UnixCCompiler(CCompiler):
- 
- 
- 
-+        print "Looking in %s for %s" % (lib, dirs)
-+
-         for dir in dirs:
-             shared = os.path.join(dir, shared_f)
-             dylib = os.path.join(dir, dylib_f)
-@@ -298,12 +300,16 @@ class UnixCCompiler(CCompiler):
-             # assuming that *all* Unix C compilers do.  And of course I'm
-             # ignoring even GCC's "-static" option.  So sue me.
-             if os.path.exists(dylib):
-+                print "Found %s" % (dylib)
-                 return dylib
-             elif os.path.exists(xcode_stub):
-+                print "Found %s" % (xcode_stub)
-                 return xcode_stub
-             elif os.path.exists(shared):
-+                print "Found %s" % (shared)
-                 return shared
-             elif os.path.exists(static):
-+                print "Found %s" % (static)
-                 return static
- 
-         # Oops, didn't find it in *any* of 'dirs'
diff --git a/poky/meta/recipes-devtools/python/python-native_2.7.16.bb b/poky/meta/recipes-devtools/python/python-native_2.7.16.bb
index b7442800d..90103af8b 100644
--- a/poky/meta/recipes-devtools/python/python-native_2.7.16.bb
+++ b/poky/meta/recipes-devtools/python/python-native_2.7.16.bb
@@ -7,7 +7,6 @@ SRC_URI += "\
             file://10-distutils-fix-swig-parameter.patch \
             file://11-distutils-never-modify-shebang-line.patch \
             file://0001-distutils-set-the-prefix-to-be-inside-staging-direct.patch \
-            file://debug.patch \
             file://unixccompiler.patch \
             file://nohostlibs.patch \
             file://multilib.patch \
diff --git a/poky/meta/recipes-devtools/python/python-setuptools.inc b/poky/meta/recipes-devtools/python/python-setuptools.inc
index 322197eed..027e259be 100644
--- a/poky/meta/recipes-devtools/python/python-setuptools.inc
+++ b/poky/meta/recipes-devtools/python/python-setuptools.inc
@@ -10,8 +10,8 @@ inherit pypi
 
 SRC_URI_append_class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch"
 
-SRC_URI[md5sum] = "a3470ce184da33f0fa6c9f44f6221bc0"
-SRC_URI[sha256sum] = "66b86bbae7cc7ac2e867f52dc08a6bd064d938bac59dfec71b9b565dd36d6012"
+SRC_URI[md5sum] = "89a592d733b31e180a4b6ad760c0685a"
+SRC_URI[sha256sum] = "7eae782ccf36b790c21bde7d86a4f303a441cd77036b25c559a602cf5186ce4d"
 
 DEPENDS += "${PYTHON_PN}"
 
diff --git a/poky/meta/recipes-devtools/python/python-setuptools_41.2.0.bb b/poky/meta/recipes-devtools/python/python-setuptools_41.4.0.bb
index cf9440495..cf9440495 100644
--- a/poky/meta/recipes-devtools/python/python-setuptools_41.2.0.bb
+++ b/poky/meta/recipes-devtools/python/python-setuptools_41.4.0.bb
diff --git a/poky/meta/recipes-devtools/python/python/0001-2.7-bpo-38243-Escape-the-server-title-of-DocXMLRPCSe.patch b/poky/meta/recipes-devtools/python/python/0001-2.7-bpo-38243-Escape-the-server-title-of-DocXMLRPCSe.patch
new file mode 100644
index 000000000..3025cf7bc
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python/0001-2.7-bpo-38243-Escape-the-server-title-of-DocXMLRPCSe.patch
@@ -0,0 +1,101 @@
+From b161c89c8bd66fe928192e21364678c8e9b8fcc0 Mon Sep 17 00:00:00 2001
+From: Dong-hee Na <donghee.na92@gmail.com>
+Date: Tue, 1 Oct 2019 19:58:01 +0900
+Subject: [PATCH] [2.7] bpo-38243: Escape the server title of DocXMLRPCServer
+ (GH-16447)
+
+Escape the server title of DocXMLRPCServer.DocXMLRPCServer
+when rendering the document page as HTML.
+
+CVE: CVE-2019-16935
+
+Upstream-Status: Backport [https://github.com/python/cpython/pull/16447/commits/b41cde823d026f2adc21ef14b1c2e92b1006de06]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ Lib/DocXMLRPCServer.py                        | 13 +++++++++++-
+ Lib/test/test_docxmlrpc.py                    | 20 +++++++++++++++++++
+ .../2019-09-25-13-21-09.bpo-38243.1pfz24.rst  |  3 +++
+ 3 files changed, 35 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
+
+diff --git a/Lib/DocXMLRPCServer.py b/Lib/DocXMLRPCServer.py
+index 4064ec2e48..90b037dd35 100644
+--- a/Lib/DocXMLRPCServer.py
++++ b/Lib/DocXMLRPCServer.py
+@@ -20,6 +20,16 @@ from SimpleXMLRPCServer import (SimpleXMLRPCServer,
+             CGIXMLRPCRequestHandler,
+             resolve_dotted_attribute)
+ 
++
++def _html_escape_quote(s):
++    s = s.replace("&", "&amp;") # Must be done first!
++    s = s.replace("<", "&lt;")
++    s = s.replace(">", "&gt;")
++    s = s.replace('"', "&quot;")
++    s = s.replace('\'', "&#x27;")
++    return s
++
++
+ class ServerHTMLDoc(pydoc.HTMLDoc):
+     """Class used to generate pydoc HTML document for a server"""
+ 
+@@ -210,7 +220,8 @@ class XMLRPCDocGenerator:
+                                 methods
+                             )
+ 
+-        return documenter.page(self.server_title, documentation)
++        title = _html_escape_quote(self.server_title)
++        return documenter.page(title, documentation)
+ 
+ class DocXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
+     """XML-RPC and documentation request handler class.
+diff --git a/Lib/test/test_docxmlrpc.py b/Lib/test/test_docxmlrpc.py
+index 4dff4159e2..c45b892b8b 100644
+--- a/Lib/test/test_docxmlrpc.py
++++ b/Lib/test/test_docxmlrpc.py
+@@ -1,5 +1,6 @@
+ from DocXMLRPCServer import DocXMLRPCServer
+ import httplib
++import re
+ import sys
+ from test import test_support
+ threading = test_support.import_module('threading')
+@@ -176,6 +177,25 @@ class DocXMLRPCHTTPGETServer(unittest.TestCase):
+         self.assertIn("""Try&nbsp;self.<strong>add</strong>,&nbsp;too.""",
+                       response.read())
+ 
++    def test_server_title_escape(self):
++        """Test that the server title and documentation
++        are escaped for HTML.
++        """
++        self.serv.set_server_title('test_title<script>')
++        self.serv.set_server_documentation('test_documentation<script>')
++        self.assertEqual('test_title<script>', self.serv.server_title)
++        self.assertEqual('test_documentation<script>',
++                self.serv.server_documentation)
++
++        generated = self.serv.generate_html_documentation()
++        title = re.search(r'<title>(.+?)</title>', generated).group()
++        documentation = re.search(r'<p><tt>(.+?)</tt></p>', generated).group()
++        self.assertEqual('<title>Python: test_title&lt;script&gt;</title>',
++                title)
++        self.assertEqual('<p><tt>test_documentation&lt;script&gt;</tt></p>',
++                documentation)
++
++
+ def test_main():
+     test_support.run_unittest(DocXMLRPCHTTPGETServer)
+ 
+diff --git a/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst b/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
+new file mode 100644
+index 0000000000..8f02baed9e
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
+@@ -0,0 +1,3 @@
++Escape the server title of :class:`DocXMLRPCServer.DocXMLRPCServer`
++when rendering the document page as HTML.
++(Contributed by Dong-hee Na in :issue:`38243`.)
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch b/poky/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
new file mode 100644
index 000000000..1b6cb8cf3
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
@@ -0,0 +1,81 @@
+From 5a1033fe5be764a135adcfff2fdc14edc3e5f327 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 10 Oct 2019 16:32:19 +0800
+Subject: [PATCH] bpo-36742: Fixes handling of pre-normalization characters in
+ urlsplit() bpo-36742: Corrects fix to handle decomposition in usernames
+
+Upstream-Status: Backport
+
+https://github.com/python/cpython/commit/98a4dcefbbc3bce5ab07e7c0830a183157250259
+https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de#diff-b577545d73dd0cdb2c337a4c5f89e1d7
+
+CVE: CVE-2019-10160
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ Lib/test/test_urlparse.py | 19 +++++++++++++------
+ Lib/urlparse.py           | 14 +++++++++-----
+ 2 files changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 1830d0b..857ed96 100644
+--- a/Lib/test/test_urlparse.py
++++ b/Lib/test/test_urlparse.py
+@@ -641,13 +641,20 @@ class UrlParseTestCase(unittest.TestCase):
+         self.assertIn(u'\u2100', denorm_chars)
+         self.assertIn(u'\uFF03', denorm_chars)
+ 
++        # bpo-36742: Verify port separators are ignored when they
++        # existed prior to decomposition
++        urlparse.urlsplit(u'http://\u30d5\u309a:80')
++        with self.assertRaises(ValueError):
++            urlparse.urlsplit(u'http://\u30d5\u309a\ufe1380')
++
+         for scheme in [u"http", u"https", u"ftp"]:
+-            for c in denorm_chars:
+-                url = u"{}://netloc{}false.netloc/path".format(scheme, c)
+-                if test_support.verbose:
+-                    print "Checking %r" % url
+-                with self.assertRaises(ValueError):
+-                    urlparse.urlsplit(url)
++            for netloc in [u"netloc{}false.netloc", u"n{}user@netloc"]:
++                for c in denorm_chars:
++                    url = u"{}://{}/path".format(scheme, netloc.format(c))
++                    if test_support.verbose:
++                        print "Checking %r" % url
++                    with self.assertRaises(ValueError):
++                        urlparse.urlsplit(url)
+ 
+ def test_main():
+     test_support.run_unittest(UrlParseTestCase)
+diff --git a/Lib/urlparse.py b/Lib/urlparse.py
+index 54eda08..e34b368 100644
+--- a/Lib/urlparse.py
++++ b/Lib/urlparse.py
+@@ -171,14 +171,18 @@ def _checknetloc(netloc):
+     # looking for characters like \u2100 that expand to 'a/c'
+     # IDNA uses NFKC equivalence, so normalize for this check
+     import unicodedata
+-    netloc2 = unicodedata.normalize('NFKC', netloc)
+-    if netloc == netloc2:
++    n = netloc.replace(u'@', u'') # ignore characters already included
++    n = n.replace(u':', u'')      # but not the surrounding text
++    n = n.replace(u'#', u'')
++    n = n.replace(u'?', u'')
++
++    netloc2 = unicodedata.normalize('NFKC', n)
++    if n == netloc2:
+         return
+-    _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
+     for c in '/?#@:':
+         if c in netloc2:
+-            raise ValueError("netloc '" + netloc2 + "' contains invalid " +
+-                             "characters under NFKC normalization")
++            raise ValueError(u"netloc '" + netloc + u"' contains invalid " +
++                             u"characters under NFKC normalization")
+ 
+ def urlsplit(url, scheme='', allow_fragments=True):
+     """Parse a URL into 5 components:
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-devtools/python/python3-pip_19.2.3.bb b/poky/meta/recipes-devtools/python/python3-pip_19.3.1.bb
index 019e327e0..d27e6fce5 100644
--- a/poky/meta/recipes-devtools/python/python3-pip_19.2.3.bb
+++ b/poky/meta/recipes-devtools/python/python3-pip_19.3.1.bb
@@ -6,8 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8ba06d529c955048e5ddd7c45459eb2e"
 
 DEPENDS += "python3 python3-setuptools-native"
 
-SRC_URI[md5sum] = "f417444c66a0db1a82c8d9d2283a2f95"
-SRC_URI[sha256sum] = "e7a31f147974362e6c82d84b91c7f2bdf57e4d3163d3d454e6c3e71944d67135"
+SRC_URI[md5sum] = "1aaaf90fbafc50e7ba1e66ffceb00960"
+SRC_URI[sha256sum] = "21207d76c1031e517668898a6b46a9fb1501c7a4710ef5dfd6a40ad9e6757ea7"
 
 inherit pypi distutils3
 
diff --git a/poky/meta/recipes-devtools/python/python3-setuptools_41.2.0.bb b/poky/meta/recipes-devtools/python/python3-setuptools_41.4.0.bb
index 0dc1ed862..0dc1ed862 100644
--- a/poky/meta/recipes-devtools/python/python3-setuptools_41.2.0.bb
+++ b/poky/meta/recipes-devtools/python/python3-setuptools_41.4.0.bb
diff --git a/poky/meta/recipes-devtools/python/python3/0001-bpo-38243-xmlrpc.server-Escape-the-server_title-GH-1.patch b/poky/meta/recipes-devtools/python/python3/0001-bpo-38243-xmlrpc.server-Escape-the-server_title-GH-1.patch
new file mode 100644
index 000000000..1a4c93207
--- /dev/null
+++ b/poky/meta/recipes-devtools/python/python3/0001-bpo-38243-xmlrpc.server-Escape-the-server_title-GH-1.patch
@@ -0,0 +1,86 @@
+From c25abd43e8877b4a7098f79eaacb248710731c2b Mon Sep 17 00:00:00 2001
+From: Dong-hee Na <donghee.na92@gmail.com>
+Date: Sat, 28 Sep 2019 04:59:37 +0900
+Subject: [PATCH] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373)
+
+Escape the server title of xmlrpc.server.DocXMLRPCServer
+when rendering the document page as HTML.
+
+CVE: CVE-2019-16935
+
+Upstream-Status: Backport [https://github.com/python/cpython/commit/e8650a4f8c7fb76f570d4ca9c1fbe44e91c8dfaa]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ Lib/test/test_docxmlrpc.py                       | 16 ++++++++++++++++
+ Lib/xmlrpc/server.py                             |  3 ++-
+ .../2019-09-25-13-21-09.bpo-38243.1pfz24.rst     |  3 +++
+ 3 files changed, 21 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
+
+diff --git a/Lib/test/test_docxmlrpc.py b/Lib/test/test_docxmlrpc.py
+index f077f05f5b..38215659b6 100644
+--- a/Lib/test/test_docxmlrpc.py
++++ b/Lib/test/test_docxmlrpc.py
+@@ -1,5 +1,6 @@
+ from xmlrpc.server import DocXMLRPCServer
+ import http.client
++import re
+ import sys
+ import threading
+ from test import support
+@@ -193,6 +194,21 @@ class DocXMLRPCHTTPGETServer(unittest.TestCase):
+              b'method_annotation</strong></a>(x: bytes)</dt></dl>'),
+             response.read())
+ 
++    def test_server_title_escape(self):
++        # bpo-38243: Ensure that the server title and documentation
++        # are escaped for HTML.
++        self.serv.set_server_title('test_title<script>')
++        self.serv.set_server_documentation('test_documentation<script>')
++        self.assertEqual('test_title<script>', self.serv.server_title)
++        self.assertEqual('test_documentation<script>',
++                self.serv.server_documentation)
++
++        generated = self.serv.generate_html_documentation()
++        title = re.search(r'<title>(.+?)</title>', generated).group()
++        documentation = re.search(r'<p><tt>(.+?)</tt></p>', generated).group()
++        self.assertEqual('<title>Python: test_title&lt;script&gt;</title>', title)
++        self.assertEqual('<p><tt>test_documentation&lt;script&gt;</tt></p>', documentation)
++
+ 
+ if __name__ == '__main__':
+     unittest.main()
+diff --git a/Lib/xmlrpc/server.py b/Lib/xmlrpc/server.py
+index f1c467eb1b..32aba4df4c 100644
+--- a/Lib/xmlrpc/server.py
++++ b/Lib/xmlrpc/server.py
+@@ -108,6 +108,7 @@ from xmlrpc.client import Fault, dumps, loads, gzip_encode, gzip_decode
+ from http.server import BaseHTTPRequestHandler
+ from functools import partial
+ from inspect import signature
++import html
+ import http.server
+ import socketserver
+ import sys
+@@ -894,7 +895,7 @@ class XMLRPCDocGenerator:
+                                 methods
+                             )
+ 
+-        return documenter.page(self.server_title, documentation)
++        return documenter.page(html.escape(self.server_title), documentation)
+ 
+ class DocXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
+     """XML-RPC and documentation request handler class.
+diff --git a/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst b/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
+new file mode 100644
+index 0000000000..98d7be1295
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
+@@ -0,0 +1,3 @@
++Escape the server title of :class:`xmlrpc.server.DocXMLRPCServer`
++when rendering the document page as HTML.
++(Contributed by Dong-hee Na in :issue:`38243`.)
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-devtools/python/python3/python3-manifest.json b/poky/meta/recipes-devtools/python/python3/python3-manifest.json
index 1ad85a9ff..dba92b0e3 100644
--- a/poky/meta/recipes-devtools/python/python3/python3-manifest.json
+++ b/poky/meta/recipes-devtools/python/python3/python3-manifest.json
@@ -210,7 +210,10 @@
         "summary": "Python interpreter and core modules",
         "rdepends": [],
         "files": [
-            "${bindir}/python*[!-config]",
+            "${bindir}/python3",
+            "${bindir}/python${PYTHON_MAJMIN}",
+            "${bindir}/python${PYTHON_MAJMIN}.real",
+            "${bindir}/python${PYTHON_BINABI}",
             "${includedir}/python${PYTHON_BINABI}/pyconfig*.h",
             "${prefix}/lib/python${PYTHON_MAJMIN}/config*/*[!.a]",
             "${libdir}/python${PYTHON_MAJMIN}/UserDict.py",
@@ -487,7 +490,7 @@
         "files": [
             "${base_libdir}/*.a",
             "${base_libdir}/*.o",
-            "${bindir}/python*-config",
+            "${bindir}/python*-config*",
             "${datadir}/aclocal",
             "${datadir}/pkgconfig",
             "${includedir}",
@@ -498,7 +501,8 @@
             "${libdir}/pkgconfig"
         ],
         "rdepends": [
-            "core"
+            "core",
+            "distutils"
         ],
         "summary": "Python development package"
     },
diff --git a/poky/meta/recipes-devtools/python/python3_3.7.4.bb b/poky/meta/recipes-devtools/python/python3_3.7.4.bb
index c8b63fee9..dd61c0aa4 100644
--- a/poky/meta/recipes-devtools/python/python3_3.7.4.bb
+++ b/poky/meta/recipes-devtools/python/python3_3.7.4.bb
@@ -30,6 +30,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
            file://0001-test_locale.py-correct-the-test-output-format.patch \
            file://0017-setup.py-do-not-report-missing-dependencies-for-disa.patch \
            file://0001-bpo-34155-Dont-parse-domains-containing-GH-13079.patch \
+           file://0001-bpo-38243-xmlrpc.server-Escape-the-server_title-GH-1.patch \
            "
 
 SRC_URI_append_class-native = " \
@@ -59,9 +60,9 @@ inherit autotools pkgconfig qemu ptest multilib_header update-alternatives
 
 MULTILIB_SUFFIX = "${@d.getVar('base_libdir',1).split('/')[-1]}"
 
-ALTERNATIVE_${PN}-dev = "python-config"
-ALTERNATIVE_LINK_NAME[python-config] = "${bindir}/python${PYTHON_BINABI}-config"
-ALTERNATIVE_TARGET[python-config] = "${bindir}/python${PYTHON_BINABI}-config-${MULTILIB_SUFFIX}"
+ALTERNATIVE_${PN}-dev = "python3-config"
+ALTERNATIVE_LINK_NAME[python3-config] = "${bindir}/python${PYTHON_BINABI}-config"
+ALTERNATIVE_TARGET[python3-config] = "${bindir}/python${PYTHON_BINABI}-config-${MULTILIB_SUFFIX}"
 
 
 DEPENDS = "bzip2-replacement-native libffi bzip2 openssl sqlite3 zlib virtual/libintl xz virtual/crypt util-linux libtirpc libnsl2"
@@ -303,11 +304,14 @@ do_create_manifest[depends] += "${PN}:do_prepare_recipe_sysroot"
 do_create_manifest[depends] += "${PN}:do_patch"
 
 # manual dependency additions
-RPROVIDES_${PN}-modules = "${PN}"
 RRECOMMENDS_${PN}-core_append_class-nativesdk = " nativesdk-python3-modules"
 RRECOMMENDS_${PN}-crypt_append_class-target = " openssl ca-certificates"
 RRECOMMENDS_${PN}-crypt_append_class-nativesdk = " openssl ca-certificates"
 
+# For historical reasons PN is empty and provided by python3-modules
+FILES_${PN} = ""
+RPROVIDES_${PN}-modules = "${PN}"
+
 FILES_${PN}-pydoc += "${bindir}/pydoc${PYTHON_MAJMIN} ${bindir}/pydoc3"
 FILES_${PN}-idle += "${bindir}/idle3 ${bindir}/idle${PYTHON_MAJMIN}"
 
diff --git a/poky/meta/recipes-devtools/python/python_2.7.16.bb b/poky/meta/recipes-devtools/python/python_2.7.16.bb
index aec877825..625c5312a 100644
--- a/poky/meta/recipes-devtools/python/python_2.7.16.bb
+++ b/poky/meta/recipes-devtools/python/python_2.7.16.bb
@@ -31,6 +31,8 @@ SRC_URI += " \
            file://float-endian.patch \
            file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \
            file://0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch \
+           file://bpo-36742-cve-2019-10160.patch \
+           file://0001-2.7-bpo-38243-Escape-the-server-title-of-DocXMLRPCSe.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
index d9d9da0fa..372eebd88 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
+++ b/poky/meta/recipes-devtools/qemu/qemu-helper-native_1.0.bb
@@ -12,7 +12,7 @@ S = "${WORKDIR}"
 inherit native
 
 do_compile() {
-	${CC} tunctl.c -o tunctl
+	${CC} ${CFLAGS} ${LDFLAGS} -Wall tunctl.c -o tunctl
 }
 
 do_install() {
diff --git a/poky/meta/recipes-devtools/qemu/qemu-helper/tunctl.c b/poky/meta/recipes-devtools/qemu/qemu-helper/tunctl.c
index 16e24a2ad..d745dd06c 100644
--- a/poky/meta/recipes-devtools/qemu/qemu-helper/tunctl.c
+++ b/poky/meta/recipes-devtools/qemu/qemu-helper/tunctl.c
@@ -19,7 +19,7 @@
 #define TUNSETGROUP   _IOW('T', 206, int)
 #endif
 
-static void Usage(char *name)
+static void Usage(char *name, int status)
 {
   fprintf(stderr, "Create: %s [-b] [-u owner] [-g group] [-t device-name] "
 	  "[-f tun-clone-device]\n", name);
@@ -28,7 +28,7 @@ static void Usage(char *name)
   fprintf(stderr, "The default tun clone device is /dev/net/tun - some systems"
 	  " use\n/dev/misc/net/tun instead\n\n");
   fprintf(stderr, "-b will result in brief output (just the device name)\n");
-  exit(1);
+  exit(status);
 }
 
 int main(int argc, char **argv)
@@ -41,7 +41,7 @@ int main(int argc, char **argv)
   int tap_fd, opt, delete = 0, brief = 0;
   char *tun = "", *file = "/dev/net/tun", *name = argv[0], *end;
 
-  while((opt = getopt(argc, argv, "bd:f:t:u:g:")) > 0){
+  while((opt = getopt(argc, argv, "bd:f:t:u:g:h")) > 0){
     switch(opt) {
       case 'b':
         brief = 1;
@@ -63,7 +63,7 @@ int main(int argc, char **argv)
 	if(*end != '\0'){
 	  fprintf(stderr, "'%s' is neither a username nor a numeric uid.\n",
 		  optarg);
-	  Usage(name);
+	  Usage(name, 1);
 	}
         break;
       case 'g':
@@ -76,7 +76,7 @@ int main(int argc, char **argv)
 	if(*end != '\0'){
 	  fprintf(stderr, "'%s' is neither a groupname nor a numeric group.\n",
 		  optarg);
-	  Usage(name);
+	  Usage(name, 1);
 	}
         break;
 
@@ -84,8 +84,10 @@ int main(int argc, char **argv)
         tun = optarg;
         break;
       case 'h':
+        Usage(name, 0);
+        break;
       default:
-        Usage(name);
+        Usage(name, 1);
     }
   }
 
@@ -93,7 +95,7 @@ int main(int argc, char **argv)
   argc -= optind;
 
   if(argc > 0)
-    Usage(name);
+    Usage(name, 1);
 
   if((tap_fd = open(file, O_RDWR)) < 0){
     fprintf(stderr, "Failed to open '%s' : ", file);
diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc
index 88ae68a1e..601fc2286 100644
--- a/poky/meta/recipes-devtools/qemu/qemu.inc
+++ b/poky/meta/recipes-devtools/qemu/qemu.inc
@@ -28,6 +28,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://0009-Fix-webkitgtk-builds.patch \
            file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \
            file://CVE-2019-15890.patch \
+           file://CVE-2019-12068.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
@@ -94,6 +95,7 @@ do_configure_prepend_class-native() {
 do_configure() {
     ${S}/configure ${EXTRA_OECONF}
 }
+do_configure[cleandirs] += "${B}"
 
 do_install () {
 	export STRIP=""
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch
new file mode 100644
index 000000000..f1655e407
--- /dev/null
+++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch
@@ -0,0 +1,108 @@
+From de594e47659029316bbf9391efb79da0a1a08e08 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Wed, 14 Aug 2019 17:35:21 +0530
+Subject: [PATCH] scsi: lsi: exit infinite loop while executing script
+ (CVE-2019-12068)
+
+When executing script in lsi_execute_script(), the LSI scsi adapter
+emulator advances 's->dsp' index to read next opcode. This can lead
+to an infinite loop if the next opcode is empty. Move the existing
+loop exit after 10k iterations so that it covers no-op opcodes as
+well.
+
+Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08]
+CVE: CVE-2019-12068
+
+Reported-by: Bugs SysSec <bugs-syssec@rub.de>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ hw/scsi/lsi53c895a.c | 41 +++++++++++++++++++++++++++--------------
+ 1 file changed, 27 insertions(+), 14 deletions(-)
+
+diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
+index 222a286..ec53b14 100644
+--- a/hw/scsi/lsi53c895a.c
++++ b/hw/scsi/lsi53c895a.c
+@@ -186,6 +186,9 @@ static const char *names[] = {
+ /* Flag set if this is a tagged command.  */
+ #define LSI_TAG_VALID     (1 << 16)
+ 
++/* Maximum instructions to process. */
++#define LSI_MAX_INSN    10000
++
+ typedef struct lsi_request {
+     SCSIRequest *req;
+     uint32_t tag;
+@@ -1133,7 +1136,21 @@ static void lsi_execute_script(LSIState *s)
+ 
+     s->istat1 |= LSI_ISTAT1_SRUN;
+ again:
+-    insn_processed++;
++    if (++insn_processed > LSI_MAX_INSN) {
++        /* Some windows drivers make the device spin waiting for a memory
++           location to change.  If we have been executed a lot of code then
++           assume this is the case and force an unexpected device disconnect.
++           This is apparently sufficient to beat the drivers into submission.
++         */
++        if (!(s->sien0 & LSI_SIST0_UDC)) {
++            qemu_log_mask(LOG_GUEST_ERROR,
++                          "lsi_scsi: inf. loop with UDC masked");
++        }
++        lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
++        lsi_disconnect(s);
++        trace_lsi_execute_script_stop();
++        return;
++    }
+     insn = read_dword(s, s->dsp);
+     if (!insn) {
+         /* If we receive an empty opcode increment the DSP by 4 bytes
+@@ -1570,19 +1587,7 @@ again:
+             }
+         }
+     }
+-    if (insn_processed > 10000 && s->waiting == LSI_NOWAIT) {
+-        /* Some windows drivers make the device spin waiting for a memory
+-           location to change.  If we have been executed a lot of code then
+-           assume this is the case and force an unexpected device disconnect.
+-           This is apparently sufficient to beat the drivers into submission.
+-         */
+-        if (!(s->sien0 & LSI_SIST0_UDC)) {
+-            qemu_log_mask(LOG_GUEST_ERROR,
+-                          "lsi_scsi: inf. loop with UDC masked");
+-        }
+-        lsi_script_scsi_interrupt(s, LSI_SIST0_UDC, 0);
+-        lsi_disconnect(s);
+-    } else if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) {
++    if (s->istat1 & LSI_ISTAT1_SRUN && s->waiting == LSI_NOWAIT) {
+         if (s->dcntl & LSI_DCNTL_SSM) {
+             lsi_script_dma_interrupt(s, LSI_DSTAT_SSI);
+         } else {
+@@ -1970,6 +1975,10 @@ static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
+     case 0x2f: /* DSP[24:31] */
+         s->dsp &= 0x00ffffff;
+         s->dsp |= val << 24;
++        /*
++         * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one
++         * instruction.  Is this correct?
++         */
+         if ((s->dmode & LSI_DMODE_MAN) == 0
+             && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
+             lsi_execute_script(s);
+@@ -1988,6 +1997,10 @@ static void lsi_reg_writeb(LSIState *s, int offset, uint8_t val)
+         break;
+     case 0x3b: /* DCNTL */
+         s->dcntl = val & ~(LSI_DCNTL_PFF | LSI_DCNTL_STD);
++        /*
++         * FIXME: if s->waiting != LSI_NOWAIT, this will only execute one
++         * instruction.  Is this correct?
++         */
+         if ((val & LSI_DCNTL_STD) && (s->istat1 & LSI_ISTAT1_SRUN) == 0)
+             lsi_execute_script(s);
+         break;
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-devtools/ruby/ruby.inc b/poky/meta/recipes-devtools/ruby/ruby.inc
index a98249afb..c0ceb1c10 100644
--- a/poky/meta/recipes-devtools/ruby/ruby.inc
+++ b/poky/meta/recipes-devtools/ruby/ruby.inc
@@ -6,12 +6,12 @@ It is simple, straight-forward, and extensible. \
 "
 HOMEPAGE = "http://www.ruby-lang.org/"
 SECTION = "devel/ruby"
-LICENSE = "Ruby | BSD | GPLv2"
+LICENSE = "Ruby | BSD-2-Clause | BSD-3-Clause | GPLv2 | ISC | MIT"
 LIC_FILES_CHKSUM = "\
     file://COPYING;md5=340948e1882e579731841bf49cdc22c1 \
     file://BSDL;md5=19aaf65c88a40b508d17ae4be539c4b5\
     file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263\
-    file://LEGAL;md5=23a79bb4c1a40f6cc9bcb6f4e7c39799 \
+    file://LEGAL;md5=4ac0b84d1f7f420bca282e1adefc7f99 \
 "
 
 DEPENDS = "ruby-native zlib openssl tcl libyaml gdbm readline libffi"
@@ -19,7 +19,7 @@ DEPENDS_class-native = "openssl-native libyaml-native readline-native zlib-nativ
 
 SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
 SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
-           file://extmk.patch \
+           file://0001-extmk-fix-cross-compilation-of-external-gems.patch \
            file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \
            "
 UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-extmk-fix-cross-compilation-of-external-gems.patch b/poky/meta/recipes-devtools/ruby/ruby/0001-extmk-fix-cross-compilation-of-external-gems.patch
new file mode 100644
index 000000000..2e3156880
--- /dev/null
+++ b/poky/meta/recipes-devtools/ruby/ruby/0001-extmk-fix-cross-compilation-of-external-gems.patch
@@ -0,0 +1,34 @@
+From a6e12b25a54d112c899b70c89c0bec9c5e5ebf3c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com>
+Date: Mon, 30 Sep 2019 16:57:01 +0100
+Subject: [PATCH 1/3] extmk: fix cross-compilation of external gems
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Note that I (André) didn't actually write this patch, I
+only updated it so that git-am works.
+
+Upstream-Status: Pending
+Signed-off-by: André Draszik <andre.draszik@jci.com>
+---
+ ext/extmk.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/extmk.rb b/ext/extmk.rb
+index 1389dc4117..e4d923d7a7 100755
+--- a/ext/extmk.rb
++++ b/ext/extmk.rb
+@@ -413,8 +413,8 @@ def $mflags.defined?(var)
+ end
+ $ruby = [$ruby]
+ $ruby << "-I'$(topdir)'"
++$ruby << "-I'$(top_srcdir)/lib'"
+ unless CROSS_COMPILING
+-  $ruby << "-I'$(top_srcdir)/lib'"
+   $ruby << "-I'$(extout)/$(arch)'" << "-I'$(extout)/common'" if $extout
+   ENV["RUBYLIB"] = "-"
+ end
+-- 
+2.23.0.rc1
+
diff --git a/poky/meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch b/poky/meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
index 4cf579f42..5979d8bd7 100644
--- a/poky/meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
+++ b/poky/meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
@@ -1,25 +1,27 @@
-Upstream-Status: Pending
-
-From 306e95a9818d39d3349075aac9609e062b0f19ce Mon Sep 17 00:00:00 2001
+From 6d608326970b1613633d7715ebb7d628dfcd16ee Mon Sep 17 00:00:00 2001
 From: Christopher Larson <chris_larson@mentor.com>
 Date: Thu, 5 May 2016 10:59:07 -0700
-Subject: [PATCH 2/2] Obey LDFLAGS for the link of libruby
+Subject: [PATCH 2/3] Obey LDFLAGS for the link of libruby
 
 Signed-off-by: Christopher Larson <chris_larson@mentor.com>
+Upstream-Status: Pending
 ---
  Makefile.in | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-Index: ruby-2.5.0/Makefile.in
-===================================================================
---- ruby-2.5.0.orig/Makefile.in
-+++ ruby-2.5.0/Makefile.in
-@@ -77,7 +77,7 @@ LIBS = @LIBS@ $(EXTLIBS)
- MISSING = @LIBOBJS@ @ALLOCA@
+diff --git a/Makefile.in b/Makefile.in
+index fa1e19ef37..bbd07fa34b 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -109,7 +109,7 @@ MISSING = @LIBOBJS@ @ALLOCA@
  ENABLE_SHARED = @ENABLE_SHARED@
  LDSHARED = @LIBRUBY_LDSHARED@
+ DLDSHARED = @DLDSHARED@
 -DLDFLAGS = @LIBRUBY_DLDFLAGS@ $(XLDFLAGS) $(ARCH_FLAG)
 +DLDFLAGS = @LIBRUBY_DLDFLAGS@ @LDFLAGS@ $(XLDFLAGS) $(ARCH_FLAG)
  SOLIBS = @SOLIBS@
  ENABLE_DEBUG_ENV = @ENABLE_DEBUG_ENV@
  MAINLIBS = @MAINLIBS@
+-- 
+2.23.0.rc1
+
diff --git a/poky/meta/recipes-devtools/ruby/ruby/0001-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch b/poky/meta/recipes-devtools/ruby/ruby/0003-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch
index 4cc1fa027..1a8cff3e8 100644
--- a/poky/meta/recipes-devtools/ruby/ruby/0001-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch
+++ b/poky/meta/recipes-devtools/ruby/ruby/0003-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch
@@ -1,7 +1,7 @@
-From 3a8189530312e81d6c005c396565f985a47f3383 Mon Sep 17 00:00:00 2001
+From bd71b698bf733e6e93282cd2b1b93f51e1a33c7c Mon Sep 17 00:00:00 2001
 From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
 Date: Fri, 8 Feb 2019 07:22:55 +0000
-Subject: [PATCH] configure.ac: check finite,isinf,isnan as macros first
+Subject: [PATCH 3/3] configure.ac: check finite,isinf,isnan as macros first
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -12,7 +12,6 @@ git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67036 b2dd03c8-39d4-4d8f-98ff-
 
 ---
 Upstream-Status: Backport [https://github.com/ruby/ruby/commit/74f94b3e6ebf15b76f3b357e754095412b006e94]
-(modified so as to apply cleanly here)
 Signed-off-by: André Draszik <andre.draszik@jci.com>
 ---
  aclocal.m4                    |  1 +
@@ -22,19 +21,22 @@ Signed-off-by: André Draszik <andre.draszik@jci.com>
  create mode 100644 tool/m4/ruby_replace_funcs.m4
 
 diff --git a/aclocal.m4 b/aclocal.m4
-index 18ba297b05..2a907b3467 100644
+index b0fe3eb959..ed7d14ef63 100644
 --- a/aclocal.m4
 +++ b/aclocal.m4
-@@ -13,3 +13,4 @@
- 
- m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
- m4_include([acinclude.m4])
+@@ -35,6 +35,7 @@ m4_include([tool/m4/ruby_func_attribute.m4])
+ m4_include([tool/m4/ruby_mingw32.m4])
+ m4_include([tool/m4/ruby_prepend_option.m4])
+ m4_include([tool/m4/ruby_prog_gnu_ld.m4])
 +m4_include([tool/m4/ruby_replace_funcs.m4])
+ m4_include([tool/m4/ruby_replace_type.m4])
+ m4_include([tool/m4/ruby_rm_recursive.m4])
+ m4_include([tool/m4/ruby_setjmp_type.m4])
 diff --git a/configure.ac b/configure.ac
-index 8a7cee55b8..b97c5b3cc9 100644
+index 2c4d2888d2..2691da6a3c 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1189,9 +1189,6 @@ main()
+@@ -946,9 +946,6 @@ main()
  		ac_cv_func_fsync=yes
  		ac_cv_func_seekdir=yes
  		ac_cv_func_telldir=yes
@@ -44,7 +46,7 @@ index 8a7cee55b8..b97c5b3cc9 100644
  		ac_cv_func_lchown=yes
  		ac_cv_func_link=yes
  		ac_cv_func_readlink=yes
-@@ -1239,9 +1236,6 @@ main()
+@@ -999,9 +996,6 @@ main()
  [netbsd*], [	LIBS="-lm $LIBS"
  		],
  [dragonfly*], [	LIBS="-lm $LIBS"
@@ -54,7 +56,7 @@ index 8a7cee55b8..b97c5b3cc9 100644
  		],
  [aix*],[	LIBS="-lm $LIBS"
  		ac_cv_func_round=no
-@@ -2213,11 +2207,8 @@ AC_REPLACE_FUNCS(dup2)
+@@ -1724,11 +1718,8 @@ AC_REPLACE_FUNCS(dup2)
  AC_REPLACE_FUNCS(erf)
  AC_REPLACE_FUNCS(explicit_bzero)
  AC_REPLACE_FUNCS(ffs)
@@ -65,8 +67,8 @@ index 8a7cee55b8..b97c5b3cc9 100644
 -AC_REPLACE_FUNCS(isnan)
  AC_REPLACE_FUNCS(lgamma_r)
  AC_REPLACE_FUNCS(memmove)
- AC_REPLACE_FUNCS(nextafter)
-@@ -2229,6 +2220,10 @@ AC_REPLACE_FUNCS(strlcpy)
+ AC_REPLACE_FUNCS(nan)
+@@ -1741,6 +1732,10 @@ AC_REPLACE_FUNCS(strlcpy)
  AC_REPLACE_FUNCS(strstr)
  AC_REPLACE_FUNCS(tgamma)
  
diff --git a/poky/meta/recipes-devtools/ruby/ruby/extmk.patch b/poky/meta/recipes-devtools/ruby/ruby/extmk.patch
deleted file mode 100644
index 404b9af7a..000000000
--- a/poky/meta/recipes-devtools/ruby/ruby/extmk.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Upstream-Status: Pending
-diff -ru ruby-1.8.7-p248.orig/ext/extmk.rb ruby-1.8.7-p248/ext/extmk.rb
---- ruby-1.8.7-p248.orig/ext/extmk.rb	2009-12-24 03:01:58.000000000 -0600
-+++ ruby-1.8.7-p248/ext/extmk.rb	2010-02-12 15:55:27.370061558 -0600
-@@ -413,8 +413,8 @@ def $mflags.defined?(var)
- end
- $ruby = [$ruby]
- $ruby << "-I'$(topdir)'"
-+$ruby << "-I'$(top_srcdir)/lib'"
- unless CROSS_COMPILING
--  $ruby << "-I'$(top_srcdir)/lib'"
-   $ruby << "-I'$(extout)/$(arch)'" << "-I'$(extout)/common'" if $extout
-   ENV["RUBYLIB"] = "-"
- end
--- 
-
diff --git a/poky/meta/recipes-devtools/ruby/ruby_2.5.5.bb b/poky/meta/recipes-devtools/ruby/ruby_2.6.4.bb
index 223b0371e..fb202b8f1 100644
--- a/poky/meta/recipes-devtools/ruby/ruby_2.5.5.bb
+++ b/poky/meta/recipes-devtools/ruby/ruby_2.6.4.bb
@@ -1,12 +1,12 @@
 require ruby.inc
 
 SRC_URI += " \
-           file://0001-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch \
+           file://0003-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch \
            file://run-ptest \
            "
 
-SRC_URI[md5sum] = "7e156fb526b8f4bb1b30a3dd8a7ce400"
-SRC_URI[sha256sum] = "28a945fdf340e6ba04fc890b98648342e3cccfd6d223a48f3810572f11b2514c"
+SRC_URI[md5sum] = "49b628cdb21db967d8a3f6ca6e222583"
+SRC_URI[sha256sum] = "4fc1d8ba75505b3797020a6ffc85a8bcff6adc4dabae343b6572bf281ee17937"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
@@ -15,8 +15,6 @@ PACKAGECONFIG[valgrind] = "--with-valgrind=yes, --with-valgrind=no, valgrind"
 PACKAGECONFIG[gmp] = "--with-gmp=yes, --with-gmp=no, gmp"
 PACKAGECONFIG[ipv6] = "--enable-ipv6, --disable-ipv6,"
 
-EXTRA_AUTORECONF += "--exclude=aclocal"
-
 EXTRA_OECONF = "\
     --disable-versioned-paths \
     --disable-rpath \
@@ -42,16 +40,18 @@ do_install_append_class-target () {
            -e 's:${RECIPE_SYSROOT}::g' \
            -e 's:${BASE_WORKDIR}/${MULTIMACH_TARGET_SYS}::g' \
         ${D}$rbconfig_rb
-
-    # Find out created.rid from .installed.list
-    created_rid=`grep created.rid ${B}/.installed.list`
-    # Remove build host directories
-    sed -i -e 's:${WORKDIR}::g' ${D}$created_rid
-
 }
 
 do_install_ptest () {
     cp -rf ${S}/test ${D}${PTEST_PATH}/
+    # install test-binaries
+    find $(find ./.ext -path '*/-test-') -name '*.so' -print0 \
+        | tar --no-recursion --null -T - --no-same-owner --preserve-permissions -cf - \
+        | tar -C ${D}${libdir}/ruby/${SHRT_VER}.0/ --no-same-owner --preserve-permissions --strip-components=2 -xf -
+    # adjust path to not assume build directory layout
+    sed -e 's|File.expand_path(.*\.\./bin/erb[^)]*|File.expand_path("${bindir}/erb"|g' \
+        -i ${D}${PTEST_PATH}/test/erb/test_erb_command.rb
+
     cp -r ${S}/include ${D}/${libdir}/ruby/
     test_case_rb=`grep rubygems/test_case.rb ${B}/.installed.list`
     sed -i -e 's:../../../test/:../../../ptest/test/:g' ${D}/$test_case_rb
@@ -69,6 +69,9 @@ FILES_${PN}-rdoc += "${libdir}/ruby/*/rdoc ${bindir}/rdoc"
 
 FILES_${PN} += "${datadir}/rubygems"
 
-FILES_${PN}-ptest_append_class-target += "${libdir}/ruby/include"
+FILES_${PN}-ptest_append_class-target = "\
+    ${libdir}/ruby/include \
+    ${libdir}/ruby/${SHRT_VER}.0/*/-test- \
+"
 
 BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-tools-4.3-sysmacros.patch b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-tools-4.3-sysmacros.patch
deleted file mode 100644
index f2e88f416..000000000
--- a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-tools-4.3-sysmacros.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-fs/squashfs-tools/files/squashfs-tools-4.3-sysmacros.patch
-
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-
-Upstream-Status: Pending
-
-
-sys/types.h might not always include sys/sysmacros.h for major/minor/makedev
-
---- a/squashfs-tools/mksquashfs.c
-+++ b/squashfs-tools/mksquashfs.c
-@@ -59,6 +59,7 @@
- #else
- #include <endian.h>
- #include <sys/sysinfo.h>
-+#include <sys/sysmacros.h>
- #endif
- 
- #include "squashfs_fs.h"
---- a/squashfs-tools/unsquashfs.c
-+++ b/squashfs-tools/unsquashfs.c
-@@ -40,6 +40,10 @@
- #include <limits.h>
- #include <ctype.h>
- 
-+#ifdef linux
-+#include <sys/sysmacros.h>
-+#endif
-+
- struct cache *fragment_cache, *data_cache;
- struct queue *to_reader, *to_inflate, *to_writer, *from_writer;
- pthread_t *thread, *inflator_thread;
diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
index 51e4a5939..4fd33f804 100644
--- a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
+++ b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb
@@ -5,13 +5,10 @@ SECTION = "base"
 LICENSE = "GPL-2"
 LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
-PV = "4.3+gitr${SRCPV}"
-SRCREV = "f95864afe8833fe3ad782d714b41378e860977b1"
+PV = "4.4"
+SRCREV = "52eb4c279cd283ed9802dd1ceb686560b22ffb67"
 SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https \
-           file://squashfs-tools-4.3-sysmacros.patch;striplevel=2 \
 "
-SRC_URI[lzma.md5sum] = "29d5ffd03a5a3e51aef6a74e9eafb759"
-SRC_URI[lzma.sha256sum] = "c935fd04dd8e0e8c688a3078f3675d699679a90be81c12686837e0880aa0fa1e"
 
 S = "${WORKDIR}/git/squashfs-tools"
 
@@ -31,13 +28,11 @@ PACKAGECONFIG[zstd] = "ZSTD_SUPPORT=1,ZSTD_SUPPORT=0,zstd"
 PACKAGECONFIG[reproducible] = "REPRODUCIBLE_DEFAULT=1,REPRODUCIBLE_DEFAULT=0,"
 
 do_compile() {
-	oe_runmake mksquashfs unsquashfs
+	oe_runmake all
 }
 
-do_install () {
-	install -d ${D}${sbindir}
-	install -m 0755 mksquashfs ${D}${sbindir}/
-	install -m 0755 unsquashfs ${D}${sbindir}/
+do_install() {
+	oe_runmake install INSTALL_DIR=${D}${sbindir}
 }
 
 ARM_INSTRUCTION_SET_armv4 = "arm"
diff --git a/poky/meta/recipes-devtools/unfs3/unfs3/0001-Add-listen-action-for-a-tcp-socket.patch b/poky/meta/recipes-devtools/unfs3/unfs3/0001-Add-listen-action-for-a-tcp-socket.patch
new file mode 100644
index 000000000..e9b9d3df4
--- /dev/null
+++ b/poky/meta/recipes-devtools/unfs3/unfs3/0001-Add-listen-action-for-a-tcp-socket.patch
@@ -0,0 +1,54 @@
+From b42ab8e1aca951dd06c113159491b3fd5cf06f2e Mon Sep 17 00:00:00 2001
+From: Haiqing Bai <Haiqing.Bai@windriver.com>
+Date: Thu, 24 Oct 2019 09:39:04 +0800
+Subject: [PATCH] Add "listen" action for a tcp socket which does not call
+ 'listen' after 'bind'
+
+It is found that /usr/bin/unfsd customus 100% cpu after starting qemu with 'nfs'
+option, and below lots of error messages shows when strace the process:
+
+poll([{fd=3, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND},{fd=4, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND},
+{fd=5, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND},{fd=6, events =POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}],
+4, 2000) = 2 ([{fd=4, revents=POLLHUP},{fd=6, revents=POLLHUP}])
+accept(4, 0x7ffd5e6dddc0, [128]) = -1 EINVAL (Invalid argument)
+accept(6, 0x7ffd5e6dddc0, [128]) = -1 EINVAL (Invalid argument)
+
+% time     seconds  usecs/call     calls    errors syscall
+------ ----------- ----------- --------- --------- ----------------
+ 70.87    0.005392           0    513886    513886 accept
+ 29.13    0.002216           0    256943           poll
+  0.00    0.000000           0         4           read
+
+The root cause is that 'listen' is not called for the binded
+socket. The depended libtipc does not call 'listen' if found
+the incomming socket is binded, so 'accept' reports the error
+in the 'for' loop and cpu consumed.
+
+Upstream-Status: Pending
+
+Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
+---
+ daemon.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/daemon.c b/daemon.c
+index 028a181..4c85903 100644
+--- a/daemon.c
++++ b/daemon.c
+@@ -814,6 +814,13 @@ static SVCXPRT *create_tcp_transport(unsigned int port)
+ 	    fprintf(stderr, "Couldn't bind to tcp port %d\n", port);
+ 	    exit(1);
+ 	}
++
++	if (listen(sock, SOMAXCONN) < 0) {
++	    perror("listen");
++	    fprintf(stderr, "Couldn't listen on the address \n");
++	    close(sock);
++	    exit(1);
++	}
+     }
+ 
+     transp = svctcp_create(sock, 0, 0);
+-- 
+1.9.1
+
diff --git a/poky/meta/recipes-devtools/unfs3/unfs3_git.bb b/poky/meta/recipes-devtools/unfs3/unfs3_git.bb
index 79d09788d..d60cee87c 100644
--- a/poky/meta/recipes-devtools/unfs3/unfs3_git.bb
+++ b/poky/meta/recipes-devtools/unfs3/unfs3_git.bb
@@ -23,6 +23,7 @@ SRC_URI = "git://github.com/unfs3/unfs3.git;protocol=https \
            file://tcp_no_delay.patch \
            file://0001-daemon.c-Libtirpc-porting-fixes.patch \
            file://0001-attr-fix-utime-for-symlink.patch \
+           file://0001-Add-listen-action-for-a-tcp-socket.patch \
           "
 SRCREV = "c12a5c69a8d59be6916cbd0e0f41c159f1962425"
 UPSTREAM_CHECK_GITTAGREGEX = "unfs3\-(?P<pver>.+)"
diff --git a/poky/meta/recipes-extended/gawk/gawk_5.0.1.bb b/poky/meta/recipes-extended/gawk/gawk_5.0.1.bb
index b3eb39e4e..eaba6c78e 100644
--- a/poky/meta/recipes-extended/gawk/gawk_5.0.1.bb
+++ b/poky/meta/recipes-extended/gawk/gawk_5.0.1.bb
@@ -11,8 +11,8 @@ SECTION = "console/utils"
 LICENSE = "GPLv3"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
-DEPENDS += "readline"
-
+PACKAGECONFIG ??= "readline"
+PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline"
 PACKAGECONFIG[mpfr] = "--with-mpfr,--without-mpfr, mpfr"
 
 SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \
diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-overcommit_memory-update-for-mm-fix-false-positive-O.patch b/poky/meta/recipes-extended/ltp/ltp/0001-overcommit_memory-update-for-mm-fix-false-positive-O.patch
new file mode 100644
index 000000000..bed84712a
--- /dev/null
+++ b/poky/meta/recipes-extended/ltp/ltp/0001-overcommit_memory-update-for-mm-fix-false-positive-O.patch
@@ -0,0 +1,57 @@
+From d656a447893dccc310c975a239f482278550c3e0 Mon Sep 17 00:00:00 2001
+From: Jan Stancek <jstancek@redhat.com>
+Date: Tue, 21 May 2019 10:10:44 +0200
+Subject: [PATCH] overcommit_memory: update for "mm: fix false-positive
+ OVERCOMMIT_GUESS failures"
+
+commit 8c7829b04c52 ("mm: fix false-positive OVERCOMMIT_GUESS failures")
+changes logic of __vm_enough_memory(), simplifying it to:
+    When in GUESS mode, catch wild allocations by comparing their request
+    size to total amount of ram and swap in the system.
+
+Testcase currently allocates mem_total + swap_total, which doesn't trigger
+new condition. Make it more extreme, but assuming free_total / 2 will PASS,
+and 2*sum_total will FAIL.
+
+Signed-off-by: Jan Stancek <jstancek@redhat.com>
+Acked-by: Cyril Hrubis <chrubis@suse.cz>
+
+Upstream-Status: Backport [https://github.com/linux-test-project/ltp/commit/d656a447893dccc310c975a239f482278550c3e0]
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ testcases/kernel/mem/tunable/overcommit_memory.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/testcases/kernel/mem/tunable/overcommit_memory.c b/testcases/kernel/mem/tunable/overcommit_memory.c
+index 555298f..345764d 100644
+--- a/testcases/kernel/mem/tunable/overcommit_memory.c
++++ b/testcases/kernel/mem/tunable/overcommit_memory.c
+@@ -36,11 +36,10 @@
+  *
+  * The program is designed to test the two tunables:
+  *
+- * When overcommit_memory = 0, allocatable memory can't overextends
+- * the amount of free memory. I choose the three cases:
++ * When overcommit_memory = 0, allocatable memory can't overextend
++ * the amount of total memory:
+  * a. less than free_total:    free_total / 2, alloc should pass.
+- * b. greater than free_total: free_total * 2, alloc should fail.
+- * c. equal to sum_total:      sum_tatal,      alloc should fail
++ * b. greater than sum_total:   sum_total * 2, alloc should fail.
+  *
+  * When overcommit_memory = 1, it can alloc enough much memory, I
+  * choose the three cases:
+@@ -164,9 +163,7 @@ static void overcommit_memory_test(void)
+ 
+ 	update_mem();
+ 	alloc_and_check(free_total / 2, EXPECT_PASS);
+-	update_mem();
+-	alloc_and_check(free_total * 2, EXPECT_FAIL);
+-	alloc_and_check(sum_total, EXPECT_FAIL);
++	alloc_and_check(sum_total * 2, EXPECT_FAIL);
+ 
+ 	/* start to test overcommit_memory=1 */
+ 	set_sys_tune("overcommit_memory", 1, 1);
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-extended/ltp/ltp_20190517.bb b/poky/meta/recipes-extended/ltp/ltp_20190517.bb
index 465071560..5915b1c72 100644
--- a/poky/meta/recipes-extended/ltp/ltp_20190517.bb
+++ b/poky/meta/recipes-extended/ltp/ltp_20190517.bb
@@ -49,6 +49,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git \
            file://0001-testcases-use-python3-everywhere-to-run-python-scrip.patch \
            file://0001-syscall-rt_sigtimedwait01-Fix-wrong-sigset-length-fo.patch \
            file://0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch \
+           file://0001-overcommit_memory-update-for-mm-fix-false-positive-O.patch \
            "
 
 S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb
index 639382e13..64f519e75 100644
--- a/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb
+++ b/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb
@@ -43,13 +43,12 @@ CFLAGS_append_powerpc64 = ' -D__SANE_USERSPACE_TYPES__'
 CFLAGS_append_mipsarchn64 = ' -D__SANE_USERSPACE_TYPES__'
 CFLAGS_append_mipsarchn32 = ' -D__SANE_USERSPACE_TYPES__'
 
-EXTRA_OEMAKE = 'CHECK_RUN_DIR=0 CXFLAGS="${CFLAGS}"'
+EXTRA_OEMAKE = 'CHECK_RUN_DIR=0 CXFLAGS="${CFLAGS}" SYSTEMD_DIR=${systemd_unitdir}/system \
+                BINDIR="${base_sbindir}" UDEVDIR="${nonarch_base_libdir}/udev"'
 
 DEBUG_OPTIMIZATION_append = " -Wno-error"
 
 do_compile() {
-	# Point to right sbindir
-	sed -i -e "s;BINDIR  = /sbin;BINDIR = $base_sbindir;" -e "s;UDEVDIR = /lib;UDEVDIR = $nonarch_base_libdir;" -e "s;SYSTEMD_DIR=/lib/systemd/system;SYSTEMD_DIR=${systemd_unitdir}/system;" ${S}/Makefile
 	oe_runmake SYSROOT="${STAGING_DIR_TARGET}"
 }
 
diff --git a/poky/meta/recipes-extended/screen/screen/0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch b/poky/meta/recipes-extended/screen/screen/0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch
deleted file mode 100644
index 1274b2794..000000000
--- a/poky/meta/recipes-extended/screen/screen/0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 4b258c5a9078f8df60684ab7536ce3a8ff207e08 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Thu, 12 Oct 2017 10:03:57 +0000
-Subject: [PATCH] configure.ac: fix configure failed while build dir contains "yes"
-
-While the name of build dir contains "yes", the AC_EGREP_CPP
-test always return true.
-
-We rarely use "yes;" to name build dir, so s/yes/yes;/g
-could fix the issue
-
-Upstream-Status: Accepted
-https://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=8c2b4061d16756ee2ed37f08db063b8215656943
-
-Signed-off-by: Jian Kang <jian.kang@windriver.com>
----
- configure.ac | 20 ++++++++++----------
- 1 file changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 12996cd..4765af6 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -128,7 +128,7 @@ fi
- 
- 
- AC_CHECKING(for Ultrix)
--AC_EGREP_CPP(yes,
-+AC_EGREP_CPP(yes;,
- [#if defined(ultrix) || defined(__ultrix)
-    yes;
- #endif
-@@ -145,7 +145,7 @@ dnl ghazi@caip.rutgers.edu (Kaveh R. Ghazi):
- dnl BBN butterfly is not POSIX, but a MACH BSD system.
- dnl Do not define POSIX and TERMIO.
- AC_CHECKING(for butterfly)
--AC_EGREP_CPP(yes,
-+AC_EGREP_CPP(yes;,
- [#if defined(butterfly)
-   yes;
- #endif
-@@ -156,7 +156,7 @@ if test -n "$ULTRIX"; then
-   test -z "$GCC" && CC="$CC -YBSD"
- fi
- AC_CHECKING(for POSIX.1)
--AC_EGREP_CPP(yes,
-+AC_EGREP_CPP(yes;,
- [#include <sys/types.h>
- #include <unistd.h>
- main () {
-@@ -173,14 +173,14 @@ AC_TRY_COMPILE(
- #include <fcntl.h>], [int x = SIGCHLD | FNDELAY;], , AC_DEFINE(SYSV))
- 
- AC_CHECKING(for sequent/ptx)
--AC_EGREP_CPP(yes,
-+AC_EGREP_CPP(yes;,
- [#ifdef _SEQUENT_
-   yes;
- #endif
- ], LIBS="$LIBS -lsocket -linet";seqptx=1)
- 
- AC_CHECKING(SVR4)
--AC_EGREP_CPP(yes,
-+AC_EGREP_CPP(yes;,
- [main () {
- #if defined(SVR4) || defined(__SVR4)
-   yes;
-@@ -200,9 +200,9 @@ fi
- AC_CHECK_HEADERS([stropts.h string.h strings.h])
- 
- AC_CHECKING(for Solaris 2.x)
--AC_EGREP_CPP(yes,
-+AC_EGREP_CPP(yes;,
- [#if defined(SVR4) && defined(sun)
--  yes
-+  yes;
- #endif
- ], LIBS="$LIBS -lsocket -lnsl -lkstat")
- 
-@@ -697,7 +697,7 @@ else
- pdir='/dev'
- fi
- dnl SCO uses ptyp%d
--AC_EGREP_CPP(yes,
-+AC_EGREP_CPP(yes;,
- [#ifdef M_UNIX
-    yes;
- #endif
-@@ -880,7 +880,7 @@ fi
- )
- 
- if test -z "$load" ; then
--AC_EGREP_CPP(yes,
-+AC_EGREP_CPP(yes;,
- [#if defined(NeXT) || defined(apollo) || defined(linux)
-   yes;
- #endif
-@@ -1112,7 +1112,7 @@ AC_CHECKING(syslog in libbsd.a)
- AC_TRY_LINK(, [closelog();], AC_NOTE(- found.), [LIBS="$oldlibs"
- AC_NOTE(- bad news: syslog missing.) AC_DEFINE(NOSYSLOG)])])
- 
--AC_EGREP_CPP(yes,
-+AC_EGREP_CPP(yes;,
- [#ifdef M_UNIX
-    yes;
- #endif
--- 
-2.13.3
-
diff --git a/poky/meta/recipes-extended/screen/screen/Avoid-mis-identifying-systems-as-SVR4.patch b/poky/meta/recipes-extended/screen/screen/Avoid-mis-identifying-systems-as-SVR4.patch
deleted file mode 100644
index e184aa1f3..000000000
--- a/poky/meta/recipes-extended/screen/screen/Avoid-mis-identifying-systems-as-SVR4.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 79afb676904653403145fda9e1a6a9d3ea1cb22a Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Fri, 7 Aug 2015 11:10:32 +0300
-Subject: [PATCH 4/4] Avoid mis-identifying systems as SVR4
-
-Linux can be misdetected as SVR4 because it has
-libelf installed. This leads to linking with libelf, even though no
-symbols from that library were actually used, and to a workaround for
-a buggy getlogin() being enabled.
-
-It is not documented which exact SVR4 system had the bug that the
-workaround was added for, so all I could do is make an educated guess
-at the #defines its compiler would be likely to set.
-
-Modified from patch by Maarten ter Huurne.
-
-Upstream-Status: Submitted [http://savannah.gnu.org/bugs/?43223]
-
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
----
- configure.ac | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index dc928ae..65439ce 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -179,14 +179,24 @@ AC_EGREP_CPP(yes,
- #endif
- ], LIBS="$LIBS -lsocket -linet";seqptx=1)
- 
-+AC_CHECKING(SVR4)
-+AC_EGREP_CPP(yes,
-+[main () {
-+#if defined(SVR4) || defined(__SVR4)
-+  yes;
-+#endif
-+], AC_NOTE(- you have a SVR4 system) AC_DEFINE(SVR4) svr4=1)
-+if test -n "$svr4" ; then
- oldlibs="$LIBS"
- LIBS="$LIBS -lelf"
- AC_CHECKING(SVR4)
- AC_TRY_LINK([#include <utmpx.h>
- ],,
--[AC_CHECK_HEADER(dwarf.h, AC_DEFINE(SVR4) AC_DEFINE(BUGGYGETLOGIN),
--[AC_CHECK_HEADER(elf.h, AC_DEFINE(SVR4) AC_DEFINE(BUGGYGETLOGIN))])]
-+[AC_CHECK_HEADER(dwarf.h, AC_DEFINE(BUGGYGETLOGIN),
-+[AC_CHECK_HEADER(elf.h, AC_DEFINE(BUGGYGETLOGIN))])]
- ,LIBS="$oldlibs")
-+fi
-+
- AC_CHECK_HEADERS([stropts.h string.h strings.h])
- 
- AC_CHECKING(for Solaris 2.x)
--- 
-2.1.4
-
diff --git a/poky/meta/recipes-extended/screen/screen/Provide-cross-compile-alternatives-for-AC_TRY_RUN.patch b/poky/meta/recipes-extended/screen/screen/Provide-cross-compile-alternatives-for-AC_TRY_RUN.patch
deleted file mode 100644
index 248bf087e..000000000
--- a/poky/meta/recipes-extended/screen/screen/Provide-cross-compile-alternatives-for-AC_TRY_RUN.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From cd0f7f10a3fffbc60fe55eb200474d13fe1da65b Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Fri, 7 Aug 2015 10:34:29 +0300
-Subject: [PATCH 2/4] Provide cross compile alternatives for AC_TRY_RUN
-
-Modified from patch by Maarten ter Huurne.
-
-Upstream-Status: Submitted [http://savannah.gnu.org/bugs/?43223]
-
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
----
- configure.ac | 32 ++++++++++++++++++++------------
- 1 file changed, 20 insertions(+), 12 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 27690a6..ce89f56 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -348,7 +348,8 @@ main()
-   exit(0);
- }
- ], AC_NOTE(- your fifos are usable) fifo=1,
--AC_NOTE(- your fifos are not usable))
-+AC_NOTE(- your fifos are not usable),
-+AC_NOTE(- skipping check because we are cross compiling; assuming fifos are usable) fifo=1)
- rm -f /tmp/conftest*
- 
- if test -n "$fifo"; then
-@@ -396,7 +397,8 @@ main()
-   exit(0);
- }
- ], AC_NOTE(- your implementation is ok), 
--AC_NOTE(- you have a broken implementation) AC_DEFINE(BROKEN_PIPE) fifobr=1)
-+AC_NOTE(- you have a broken implementation) AC_DEFINE(BROKEN_PIPE) fifobr=1,
-+AC_NOTE(- skipping check because we are cross compiling; assuming fifo implementation is ok))
- rm -f /tmp/conftest*
- fi
- 
-@@ -458,7 +460,8 @@ main()
-   exit(0);
- }
- ], AC_NOTE(- your sockets are usable) sock=1,
--AC_NOTE(- your sockets are not usable))
-+AC_NOTE(- your sockets are not usable),
-+AC_NOTE(- skipping check because we are cross compiling; assuming sockets are usable) sock=1)
- rm -f /tmp/conftest*
- 
- if test -n "$sock"; then
-@@ -497,7 +500,8 @@ main()
- }
- ],AC_NOTE(- you are normal),
- AC_NOTE(- unix domain sockets are not kept in the filesystem)
--AC_DEFINE(SOCK_NOT_IN_FS) socknofs=1)
-+AC_DEFINE(SOCK_NOT_IN_FS) socknofs=1,
-+AC_NOTE(- skipping check because we are cross compiling; assuming sockets are normal))
- rm -f /tmp/conftest*
- fi
- 
-@@ -624,7 +628,8 @@ main()
-   exit(0);
- }
- ],AC_NOTE(- select is ok),
--AC_NOTE(- select can't count) AC_DEFINE(SELECT_BROKEN))
-+AC_NOTE(- select can't count) AC_DEFINE(SELECT_BROKEN),
-+AC_NOTE(- skipping check because we are cross compiling; assuming select is ok))
- 
- dnl
- dnl    ****  termcap or terminfo  ****
-@@ -666,7 +671,8 @@ main()
- {
-  exit(strcmp(tgoto("%p1%d", 0, 1), "1") ? 0 : 1);
- }], AC_NOTE(- you use the termcap database),
--AC_NOTE(- you use the terminfo database) AC_DEFINE(TERMINFO))
-+AC_NOTE(- you use the terminfo database) AC_DEFINE(TERMINFO),
-+AC_NOTE(- skipping check because we are cross compiling; assuming terminfo database is used) AC_DEFINE(TERMINFO))
- AC_CHECKING(ospeed)
- AC_TRY_LINK(extern short ospeed;,ospeed=5;,,AC_DEFINE(NEED_OSPEED))
- 
-@@ -801,7 +807,8 @@ main()
-     else
-       AC_NOTE(- can't determine - assume ptys are world accessable)
-     fi
--  ]
-+  ],
-+  AC_NOTE(- skipping check because we are cross compiling; assuming ptys are world accessable)
- )
- rm -f conftest_grp
- fi
-@@ -885,7 +892,7 @@ AC_EGREP_CPP(yes,
- #endif
- ], load=1)
- fi
--if test -z "$load" ; then
-+if test -z "$load" && test "$cross_compiling" = no ; then
- AC_CHECKING(for kernelfile)
- for core in /unix /vmunix /dynix /hp-ux /xelos /dev/ksyms /kernel/unix /kernel/genunix /unicos /mach /netbsd /386bsd /dgux /bsd /stand/vmunix; do
-   if test -f $core || test -c $core; then
-@@ -1078,7 +1085,7 @@ main()
- #endif
-   exit(0);
- }
--],,AC_DEFINE(SYSVSIGS))
-+],,AC_DEFINE(SYSVSIGS),:)
- 
- fi
- 
-@@ -1158,7 +1165,7 @@ main() {
-   if (strncmp(buf, "cdedef", 6))
-     exit(1);
-   exit(0); /* libc version works properly.  */
--}], AC_DEFINE(USEBCOPY))
-+}], AC_DEFINE(USEBCOPY),,:)
- 
- AC_TRY_RUN([
- #define bcopy(s,d,l) memmove(d,s,l)
-@@ -1173,7 +1180,8 @@ main() {
-   if (strncmp(buf, "cdedef", 6))
-     exit(1);
-   exit(0); /* libc version works properly.  */
--}], AC_DEFINE(USEMEMMOVE))
-+}], AC_DEFINE(USEMEMMOVE),,
-+  AC_NOTE(- skipping check because we are cross compiling; use memmove) AC_DEFINE(USEMEMMOVE))
- 
- 
- AC_TRY_RUN([
-@@ -1189,7 +1197,7 @@ main() {
-   if (strncmp(buf, "cdedef", 6))
-     exit(1);
-   exit(0); /* libc version works properly.  */
--}], AC_DEFINE(USEMEMCPY))
-+}], AC_DEFINE(USEMEMCPY),,:)
- 
- AC_SYS_LONG_FILE_NAMES
- 
--- 
-2.1.4
-
diff --git a/poky/meta/recipes-extended/screen/screen/Remove-redundant-compiler-sanity-checks.patch b/poky/meta/recipes-extended/screen/screen/Remove-redundant-compiler-sanity-checks.patch
deleted file mode 100644
index cc62c12e0..000000000
--- a/poky/meta/recipes-extended/screen/screen/Remove-redundant-compiler-sanity-checks.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 73b726c25f94c1b15514ed9249b927afdfbbfb94 Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Fri, 7 Aug 2015 10:30:40 +0300
-Subject: [PATCH 1/4] Remove redundant compiler sanity checks
-
-AC_PROG_CC already performs sanity checks. And unlike the removed
-checks, it does so in a way that supports cross compilation.
-
-Modified from patch by Maarten ter Huurne.
-
-Upstream-Status: Submitted [http://savannah.gnu.org/bugs/?43223]
-
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
----
- configure.ac | 27 ---------------------------
- 1 file changed, 27 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index ffe2e37..27690a6 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -48,31 +48,6 @@ AC_PROG_GCC_TRADITIONAL
- AC_ISC_POSIX
- AC_USE_SYSTEM_EXTENSIONS
- 
--AC_TRY_RUN(main(){exit(0);},,[
--if test $CC != cc ; then
--AC_NOTE(Your $CC failed - restarting with CC=cc)
--AC_NOTE()
--CC=cc
--export CC
--exec $0 $configure_args
--fi
--])
--
--AC_TRY_RUN(main(){exit(0);},,
--exec 5>&2
--eval $ac_link
--AC_NOTE(CC=$CC; CFLAGS=$CFLAGS; LIBS=$LIBS;)
--AC_NOTE($ac_compile)
--AC_MSG_ERROR(Can't run the compiler - sorry))
--
--AC_TRY_RUN([
--main()
--{
--  int __something_strange_();
--  __something_strange_(0);
--}
--],AC_MSG_ERROR(Your compiler does not set the exit status - sorry))
--
- AC_PROG_AWK
- 
- AC_PROG_INSTALL
-@@ -1300,8 +1275,6 @@ fi
- dnl Ptx bug workaround -- insert -lc after -ltermcap
- test -n "$seqptx" && LIBS="-ltermcap -lc -lsocket -linet -lnsl -lsec -lseq"
- 
--AC_TRY_RUN(main(){exit(0);},,AC_MSG_ERROR(Can't run the compiler - internal error. Sorry.))
--
- ETCSCREENRC=
- AC_MSG_CHECKING(for the global screenrc file)
- AC_ARG_WITH(sys-screenrc, [  --with-sys-screenrc=path to the global screenrc file], [ ETCSCREENRC="${withval}" ])
--- 
-2.1.4
-
diff --git a/poky/meta/recipes-extended/screen/screen/Skip-host-file-system-checks-when-cross-compiling.patch b/poky/meta/recipes-extended/screen/screen/Skip-host-file-system-checks-when-cross-compiling.patch
deleted file mode 100644
index d7e55a445..000000000
--- a/poky/meta/recipes-extended/screen/screen/Skip-host-file-system-checks-when-cross-compiling.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From d0b20e4cacc60ad62a2150ce07388cb5a25c2040 Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Fri, 7 Aug 2015 11:09:01 +0300
-Subject: [PATCH 3/4] Skip host file system checks when cross-compiling
-
-Modified from patch by Maarten ter Huurne.
-
-Upstream-Status: Submitted [http://savannah.gnu.org/bugs/?43223]
-
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
----
- configure.ac | 23 +++++++++++++++++++----
- 1 file changed, 19 insertions(+), 4 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index ce89f56..dc928ae 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -85,7 +85,7 @@ AC_ARG_ENABLE(socket-dir,
- dnl
- dnl    ****  special unix variants  ****
- dnl
--if test -n "$ISC"; then
-+if test "$cross_compiling" = no && test -n "$ISC" ; then
-   AC_DEFINE(ISC) LIBS="$LIBS -linet"
- fi
- 
-@@ -96,10 +96,11 @@ dnl AC_DEFINE(OSF1)	# this disables MIPS again....
- dnl fi
- dnl fi
- 
--if test -f /sysV68 ; then
-+if test "$cross_compiling" = no && test -f /sysV68 ; then
- AC_DEFINE(sysV68)
- fi
- 
-+if test "$cross_compiling" = no ; then
- AC_CHECKING(for MIPS)
- if test -f /lib/libmld.a || test -f /usr/lib/libmld.a || test -f /usr/lib/cmplrs/cc/libmld.a; then
- oldlibs="$LIBS"
-@@ -123,6 +124,7 @@ AC_DEFINE(USE_WAIT2) LIBS="$LIBS -lbsd" ; CC="$CC -I/usr/include/bsd"
- ))
- fi
- fi
-+fi
- 
- 
- AC_CHECKING(for Ultrix)
-@@ -132,7 +134,7 @@ AC_EGREP_CPP(yes,
- #endif
- ], ULTRIX=1)
- 
--if test -f /usr/lib/libpyr.a ; then
-+if test "$cross_compiling" = no && test -f /usr/lib/libpyr.a ; then
- oldlibs="$LIBS"
- LIBS="$LIBS -lpyr"
- AC_CHECKING(Pyramid OSX)
-@@ -679,17 +681,21 @@ AC_TRY_LINK(extern short ospeed;,ospeed=5;,,AC_DEFINE(NEED_OSPEED))
- dnl
- dnl    ****  PTY specific things  ****
- dnl
-+if test "$cross_compiling" = no ; then
- AC_CHECKING(for /dev/ptc)
- if test -r /dev/ptc; then
- AC_DEFINE(HAVE_DEV_PTC)
- fi
-+fi
- 
-+if test "$cross_compiling" = no ; then
- AC_CHECKING(for SVR4 ptys)
- sysvr4ptys=
- if test -c /dev/ptmx ; then
- AC_TRY_LINK([],[ptsname(0);grantpt(0);unlockpt(0);],[AC_DEFINE(HAVE_SVR4_PTYS)
- sysvr4ptys=1])
- fi
-+fi
- 
- AC_CHECK_FUNCS(getpt)
- 
-@@ -699,6 +705,7 @@ AC_CHECK_FUNCS(openpty,,
- [AC_CHECK_LIB(util,openpty, [AC_DEFINE(HAVE_OPENPTY)] [LIBS="$LIBS -lutil"])])
- fi
- 
-+if test "$cross_compiling" = no ; then
- AC_CHECKING(for ptyranges)
- if test -d /dev/ptym ; then
- pdir='/dev/ptym'
-@@ -722,6 +729,7 @@ p1=`echo $ptys | tr ' ' '\012' | sed -e 's/^.*\(.\)$/\1/g'  | sort -u | tr -d '\
- AC_DEFINE_UNQUOTED(PTYRANGE0,"$p0")
- AC_DEFINE_UNQUOTED(PTYRANGE1,"$p1")
- fi
-+fi
- 
- dnl    ****  pty mode/group handling ****
- dnl
-@@ -869,14 +877,16 @@ fi
- dnl
- dnl    ****  loadav  ****
- dnl
-+if test "$cross_compiling" = no ; then
- AC_CHECKING(for libutil(s))
- test -f /usr/lib/libutils.a && LIBS="$LIBS -lutils"
- test -f /usr/lib/libutil.a && LIBS="$LIBS -lutil"
-+fi
- 
- AC_CHECKING(getloadavg)
- AC_TRY_LINK(,[getloadavg((double *)0, 0);],
- AC_DEFINE(LOADAV_GETLOADAVG) load=1,
--if test -f /usr/lib/libkvm.a ; then
-+if test "$cross_compiling" = no && test -f /usr/lib/libkvm.a ; then
- olibs="$LIBS"
- LIBS="$LIBS -lkvm"
- AC_CHECKING(getloadavg with -lkvm)
-@@ -1094,13 +1104,18 @@ dnl    ****  libraries  ****
- dnl
- 
- AC_CHECKING(for crypt and sec libraries)
-+if test "$cross_compiling" = no ; then
- test -f /lib/libcrypt_d.a || test -f /usr/lib/libcrypt_d.a && LIBS="$LIBS -lcrypt_d"
-+fi
- oldlibs="$LIBS"
- LIBS="$LIBS -lcrypt"
- AC_CHECKING(crypt)
- AC_TRY_LINK(,,,LIBS="$oldlibs")
-+if test "$cross_compiling" = no ; then
- test -f /lib/libsec.a || test -f /usr/lib/libsec.a && LIBS="$LIBS -lsec"
- test -f /lib/libshadow.a || test -f /usr/lib/libshadow.a && LIBS="$LIBS -lshadow"
-+fi
-+
- oldlibs="$LIBS"
- LIBS="$LIBS -lsun"
- AC_CHECKING(IRIX sun library)
--- 
-2.1.4
-
diff --git a/poky/meta/recipes-extended/screen/screen_4.6.2.bb b/poky/meta/recipes-extended/screen/screen_4.7.0.bb
index 21b476ddb..67aa5f1fc 100644
--- a/poky/meta/recipes-extended/screen/screen_4.6.2.bb
+++ b/poky/meta/recipes-extended/screen/screen_4.7.0.bb
@@ -17,18 +17,13 @@ RDEPENDS_${PN} = "base-files"
 
 SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
            ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'file://screen.pam', '', d)} \
-           file://Remove-redundant-compiler-sanity-checks.patch \
-           file://Provide-cross-compile-alternatives-for-AC_TRY_RUN.patch \
-           file://Skip-host-file-system-checks-when-cross-compiling.patch \
-           file://Avoid-mis-identifying-systems-as-SVR4.patch \
            file://0002-comm.h-now-depends-on-term.h.patch \
            file://0001-fix-for-multijob-build.patch \
-           file://0001-configure.ac-fix-configure-failed-while-build-dir-ha.patch \
            file://0001-Remove-more-compatibility-stuff.patch \
           "
 
-SRC_URI[md5sum] = "a0f529d3333b128dfaa324d978ba73a8"
-SRC_URI[sha256sum] = "1b6922520e6a0ce5e28768d620b0f640a6631397f95ccb043b70b91bb503fa3a"
+SRC_URI[md5sum] = "b8971ebd68d046f2814d1040cb8e6641"
+SRC_URI[sha256sum] = "da775328fa783bd2a787d722014dbd99c6093effc11f337827604c2efc5d20c1"
 
 inherit autotools texinfo
 
diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng/0001-bash-completion-remove-the-shebang-at-the-start.patch b/poky/meta/recipes-extended/stress-ng/stress-ng/0001-bash-completion-remove-the-shebang-at-the-start.patch
deleted file mode 100644
index 66d99dd88..000000000
--- a/poky/meta/recipes-extended/stress-ng/stress-ng/0001-bash-completion-remove-the-shebang-at-the-start.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 042147675c7c2ea7dd65b2597f2e350376a710aa Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Tue, 6 Aug 2019 17:28:56 +0200
-Subject: [PATCH] bash-completion: remove the shebang at the start
-
-bash completion files do not need to specify that.
-
-Upstream-Status: Pending
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- bash-completion/stress-ng | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/bash-completion/stress-ng b/bash-completion/stress-ng
-index 8b1421c..7f195be 100755
---- a/bash-completion/stress-ng
-+++ b/bash-completion/stress-ng
-@@ -1,5 +1,3 @@
--#!/bin/bash
--#
- # stress-ng tab completion for bash.
- #
- # Copyright (C) 2019 Canonical
diff --git a/poky/meta/recipes-extended/stress-ng/stress-ng_0.10.00.bb b/poky/meta/recipes-extended/stress-ng/stress-ng_0.10.08.bb
index 7d194b305..470f42295 100644
--- a/poky/meta/recipes-extended/stress-ng/stress-ng_0.10.00.bb
+++ b/poky/meta/recipes-extended/stress-ng/stress-ng_0.10.08.bb
@@ -7,10 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
 SRC_URI = "https://kernel.ubuntu.com/~cking/tarballs/${BPN}/${BP}.tar.xz \
            file://0001-Do-not-preserve-ownership-when-installing-example-jo.patch \
-           file://0001-bash-completion-remove-the-shebang-at-the-start.patch \
            "
-SRC_URI[md5sum] = "46aa41d37690324ceab4febfcc549018"
-SRC_URI[sha256sum] = "d09dd2a1aea549e478995bf9be90b38906a4cdf33ea7b245ef9d46aa5213c074"
+SRC_URI[md5sum] = "e02acd0bc00d3c6a81412537393c2436"
+SRC_URI[sha256sum] = "4addeaabcfcb709581cbc4c61182317b8d91bcf31f529bfa899d170facfd75ce"
 
 DEPENDS = "coreutils-native"
 
diff --git a/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
new file mode 100644
index 000000000..2a11e3f7e
--- /dev/null
+++ b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
@@ -0,0 +1,178 @@
+From f752ae5cee163253730ff7cdf293e34a91aa5520 Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Thu, 10 Oct 2019 10:04:13 -0600
+Subject: [PATCH] Treat an ID of -1 as invalid since that means "no change".
+ Fixes CVE-2019-14287. Found by Joe Vennix from Apple Information Security.
+
+Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/f752ae5cee163253730ff7cdf293e34a91aa5520]
+CVE: CVE-2019-14287
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ lib/util/strtoid.c | 100 ++++++++++++++++++++++++++++-------------------------
+ 1 files changed, 53 insertions(+), 46 deletions(-)
+
+diff --git a/lib/util/strtoid.c b/lib/util/strtoid.c
+index 2dfce75..6b3916b 100644
+--- a/lib/util/strtoid.c
++++ b/lib/util/strtoid.c
+@@ -49,6 +49,27 @@
+ #include "sudo_util.h"
+ 
+ /*
++ * Make sure that the ID ends with a valid separator char.
++ */
++static bool
++valid_separator(const char *p, const char *ep, const char *sep)
++{
++    bool valid = false;
++    debug_decl(valid_separator, SUDO_DEBUG_UTIL)
++
++    if (ep != p) {
++	/* check for valid separator (including '\0') */
++	if (sep == NULL)
++	    sep = "";
++	do {
++	    if (*ep == *sep)
++		valid = true;
++	} while (*sep++ != '\0');
++    }
++    debug_return_bool(valid);
++}
++
++/*
+  * Parse a uid/gid in string form.
+  * If sep is non-NULL, it contains valid separator characters (e.g. comma, space)
+  * If endp is non-NULL it is set to the next char after the ID.
+@@ -62,36 +83,33 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
+     char *ep;
+     id_t ret = 0;
+     long long llval;
+-    bool valid = false;
+     debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+     /* skip leading space so we can pick up the sign, if any */
+     while (isspace((unsigned char)*p))
+ 	p++;
+-    if (sep == NULL)
+-	sep = "";
++
++    /* While id_t may be 64-bit signed, uid_t and gid_t are 32-bit unsigned. */
+     errno = 0;
+     llval = strtoll(p, &ep, 10);
+-    if (ep != p) {
+-	/* check for valid separator (including '\0') */
+-	do {
+-	    if (*ep == *sep)
+-		valid = true;
+-	} while (*sep++ != '\0');
++    if ((errno == ERANGE && llval == LLONG_MAX) || llval > (id_t)UINT_MAX) {
++	errno = ERANGE;
++	if (errstr != NULL)
++	    *errstr = N_("value too large");
++	goto done;
+     }
+-    if (!valid) {
++    if ((errno == ERANGE && llval == LLONG_MIN) || llval < INT_MIN) {
++	errno = ERANGE;
+ 	if (errstr != NULL)
+-	    *errstr = N_("invalid value");
+-	errno = EINVAL;
++	    *errstr = N_("value too small");
+ 	goto done;
+     }
+-    if (errno == ERANGE) {
+-	if (errstr != NULL) {
+-	    if (llval == LLONG_MAX)
+-		*errstr = N_("value too large");
+-	    else
+-		*errstr = N_("value too small");
+-	}
++
++    /* Disallow id -1, which means "no change". */
++    if (!valid_separator(p, ep, sep) || llval == -1 || llval == (id_t)UINT_MAX) {
++	if (errstr != NULL)
++	    *errstr = N_("invalid value");
++	errno = EINVAL;
+ 	goto done;
+     }
+     ret = (id_t)llval;
+@@ -108,30 +126,15 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
+ {
+     char *ep;
+     id_t ret = 0;
+-    bool valid = false;
+     debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL)
+ 
+     /* skip leading space so we can pick up the sign, if any */
+     while (isspace((unsigned char)*p))
+ 	p++;
+-    if (sep == NULL)
+-	sep = "";
++
+     errno = 0;
+     if (*p == '-') {
+ 	long lval = strtol(p, &ep, 10);
+-	if (ep != p) {
+-	    /* check for valid separator (including '\0') */
+-	    do {
+-		if (*ep == *sep)
+-		    valid = true;
+-	    } while (*sep++ != '\0');
+-	}
+-	if (!valid) {
+-	    if (errstr != NULL)
+-		*errstr = N_("invalid value");
+-	    errno = EINVAL;
+-	    goto done;
+-	}
+ 	if ((errno == ERANGE && lval == LONG_MAX) || lval > INT_MAX) {
+ 	    errno = ERANGE;
+ 	    if (errstr != NULL)
+@@ -144,28 +147,31 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr
+ 		*errstr = N_("value too small");
+ 	    goto done;
+ 	}
+-	ret = (id_t)lval;
+-    } else {
+-	unsigned long ulval = strtoul(p, &ep, 10);
+-	if (ep != p) {
+-	    /* check for valid separator (including '\0') */
+-	    do {
+-		if (*ep == *sep)
+-		    valid = true;
+-	    } while (*sep++ != '\0');
+-	}
+-	if (!valid) {
++
++	/* Disallow id -1, which means "no change". */
++	if (!valid_separator(p, ep, sep) || lval == -1) {
+ 	    if (errstr != NULL)
+ 		*errstr = N_("invalid value");
+ 	    errno = EINVAL;
+ 	    goto done;
+ 	}
++	ret = (id_t)lval;
++    } else {
++	unsigned long ulval = strtoul(p, &ep, 10);
+ 	if ((errno == ERANGE && ulval == ULONG_MAX) || ulval > UINT_MAX) {
+ 	    errno = ERANGE;
+ 	    if (errstr != NULL)
+ 		*errstr = N_("value too large");
+ 	    goto done;
+ 	}
++
++	/* Disallow id -1, which means "no change". */
++	if (!valid_separator(p, ep, sep) || ulval == UINT_MAX) {
++	    if (errstr != NULL)
++		*errstr = N_("invalid value");
++	    errno = EINVAL;
++	    goto done;
++	}
+ 	ret = (id_t)ulval;
+     }
+     if (errstr != NULL)
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
new file mode 100644
index 000000000..453a8b09a
--- /dev/null
+++ b/poky/meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
@@ -0,0 +1,112 @@
+From 396bc57feff3e360007634f62448b64e0626390c Mon Sep 17 00:00:00 2001
+From: "Todd C. Miller" <Todd.Miller@sudo.ws>
+Date: Thu, 10 Oct 2019 10:04:13 -0600
+Subject: [PATCH] Add sudo_strtoid() tests for -1 and range errors. Also adjust
+ testsudoers/test5 which relied upon gid -1 parsing.
+
+Upstream-Status: Backport [https://github.com/sudo-project/sudo/commit/396bc57]
+CVE: CVE-2019-14287
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+---
+ lib/util/regress/atofoo/atofoo_test.c            | 36 ++++++++++++++++------
+ plugins/sudoers/regress/testsudoers/test5.out.ok |  2 +-
+ plugins/sudoers/regress/testsudoers/test5.sh     |  2 +-
+ 3 files changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/lib/util/regress/atofoo/atofoo_test.c b/lib/util/regress/atofoo/atofoo_test.c
+index 031a7ed..fb41c1a 100644
+--- a/lib/util/regress/atofoo/atofoo_test.c
++++ b/lib/util/regress/atofoo/atofoo_test.c
+@@ -26,6 +26,7 @@
+ #else
+ # include "compat/stdbool.h"
+ #endif
++#include <errno.h>
+ 
+ #include "sudo_compat.h"
+ #include "sudo_util.h"
+@@ -80,15 +81,20 @@ static struct strtoid_data {
+     id_t id;
+     const char *sep;
+     const char *ep;
++    int errnum;
+ } strtoid_data[] = {
+-    { "0,1", 0, ",", "," },
+-    { "10", 10, NULL, NULL },
+-    { "-2", -2, NULL, NULL },
++    { "0,1", 0, ",", ",", 0 },
++    { "10", 10, NULL, NULL, 0 },
++    { "-1", 0, NULL, NULL, EINVAL },
++    { "4294967295", 0, NULL, NULL, EINVAL },
++    { "4294967296", 0, NULL, NULL, ERANGE },
++    { "-2147483649", 0, NULL, NULL, ERANGE },
++    { "-2", -2, NULL, NULL, 0 },
+ #if SIZEOF_ID_T != SIZEOF_LONG_LONG
+-    { "-2", (id_t)4294967294U, NULL, NULL },
++    { "-2", (id_t)4294967294U, NULL, NULL, 0 },
+ #endif
+-    { "4294967294", (id_t)4294967294U, NULL, NULL },
+-    { NULL, 0, NULL, NULL }
++    { "4294967294", (id_t)4294967294U, NULL, NULL, 0 },
++    { NULL, 0, NULL, NULL, 0 }
+ };
+ 
+ static int
+@@ -104,11 +110,23 @@ test_strtoid(int *ntests)
+ 	(*ntests)++;
+ 	errstr = "some error";
+ 	value = sudo_strtoid(d->idstr, d->sep, &ep, &errstr);
+-	if (errstr != NULL) {
+-	    if (d->id != (id_t)-1) {
+-		sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
++	if (d->errnum != 0) {
++	    if (errstr == NULL) {
++		sudo_warnx_nodebug("FAIL: %s: missing errstr for errno %d",
++		    d->idstr, d->errnum);
++		errors++;
++	    } else if (value != 0) {
++		sudo_warnx_nodebug("FAIL: %s should return 0 on error",
++		    d->idstr);
++		errors++;
++	    } else if (errno != d->errnum) {
++		sudo_warnx_nodebug("FAIL: %s: errno mismatch, %d != %d",
++		    d->idstr, errno, d->errnum);
+ 		errors++;
+ 	    }
++	} else if (errstr != NULL) {
++	    sudo_warnx_nodebug("FAIL: %s: %s", d->idstr, errstr);
++	    errors++;
+ 	} else if (value != d->id) {
+ 	    sudo_warnx_nodebug("FAIL: %s != %u", d->idstr, (unsigned int)d->id);
+ 	    errors++;
+diff --git a/plugins/sudoers/regress/testsudoers/test5.out.ok b/plugins/sudoers/regress/testsudoers/test5.out.ok
+index 5e319c9..cecf700 100644
+--- a/plugins/sudoers/regress/testsudoers/test5.out.ok
++++ b/plugins/sudoers/regress/testsudoers/test5.out.ok
+@@ -4,7 +4,7 @@ Parse error in sudoers near line 1.
+ Entries for user root:
+ 
+ Command unmatched
+-testsudoers: test5.inc should be owned by gid 4294967295
++testsudoers: test5.inc should be owned by gid 4294967294
+ Parse error in sudoers near line 1.
+ 
+ Entries for user root:
+diff --git a/plugins/sudoers/regress/testsudoers/test5.sh b/plugins/sudoers/regress/testsudoers/test5.sh
+index 9e690a6..94d585c 100755
+--- a/plugins/sudoers/regress/testsudoers/test5.sh
++++ b/plugins/sudoers/regress/testsudoers/test5.sh
+@@ -24,7 +24,7 @@ EOF
+ 
+ # Test group writable
+ chmod 664 $TESTFILE
+-./testsudoers -U $MYUID -G -1 root id <<EOF
++./testsudoers -U $MYUID -G -2 root id <<EOF
+ #include $TESTFILE
+ EOF
+ 
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb b/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb
index 9d2d6bd42..0a11a1b28 100644
--- a/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb
+++ b/poky/meta/recipes-extended/sudo/sudo_1.8.27.bb
@@ -1,8 +1,10 @@
 require sudo.inc
 
-SRC_URI = "http://www.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
+SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
            ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
            file://0001-Include-sys-types.h-for-id_t-definition.patch \
+           file://CVE-2019-14287-1.patch \
+           file://CVE-2019-14287-2.patch \
            "
 
 PAM_SRC_URI = "file://sudo.pam"
diff --git a/poky/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch b/poky/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch
new file mode 100644
index 000000000..46b111806
--- /dev/null
+++ b/poky/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch
@@ -0,0 +1,46 @@
+From 603ae4ed8cd65abf0776ef7f68354a5c24a3411c Mon Sep 17 00:00:00 2001
+From: Sebastien GODARD <sysstat@users.noreply.github.com>
+Date: Tue, 15 Oct 2019 14:39:33 +0800
+Subject: [PATCH] Fix #232: Memory corruption bug due to Integer Overflow in
+ remap_struct()
+
+Try to avoid integer overflow when reading a corrupted binary datafile
+with sadf.
+
+Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/83fad9c895d1ac13f76af5883b7451b3302beef5]
+CVE: CVE-2019-16167
+
+Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
+Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
+---
+ sa_common.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/sa_common.c b/sa_common.c
+index 395c11c..cfa9007 100644
+--- a/sa_common.c
++++ b/sa_common.c
+@@ -1336,7 +1336,8 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[],
+ 	/* Remap [unsigned] int fields */
+ 	d = gtypes_nr[1] - ftypes_nr[1];
+ 	if (d) {
+-		if (ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
++		if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
++		    ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
+ 			/* Overflow */
+ 			return -1;
+ 
+@@ -1365,7 +1366,9 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[],
+ 	/* Remap possible fields (like strings of chars) following int fields */
+ 	d = gtypes_nr[2] - ftypes_nr[2];
+ 	if (d) {
+-		if (ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])
++		if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
++		    gtypes_nr[1] * UL_ALIGNMENT_WIDTH +
++		    ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])
+ 			/* Overflow */
+ 			return -1;
+ 
+-- 
+1.9.1
+
diff --git a/poky/meta/recipes-extended/sysstat/sysstat_12.1.6.bb b/poky/meta/recipes-extended/sysstat/sysstat_12.1.6.bb
index 8cf8c36d9..362888d50 100644
--- a/poky/meta/recipes-extended/sysstat/sysstat_12.1.6.bb
+++ b/poky/meta/recipes-extended/sysstat/sysstat_12.1.6.bb
@@ -2,7 +2,9 @@ require sysstat.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a23a74b3f4caf9616230789d94217acb"
 
-SRC_URI += "file://0001-Include-needed-headers-explicitly.patch"
+SRC_URI += "file://0001-Include-needed-headers-explicitly.patch \
+	    file://0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch \
+"
 
 SRC_URI[md5sum] = "d8e3bbb9c873dd370f6d33664e326570"
 SRC_URI[sha256sum] = "f752f3c406153a6fc446496f1102872505ace3f0931d975c1d664c81ec09f129"
diff --git a/poky/meta/recipes-gnome/epiphany/epiphany_3.34.1.bb b/poky/meta/recipes-gnome/epiphany/epiphany_3.34.1.bb
index f5f086391..d1cb515a5 100644
--- a/poky/meta/recipes-gnome/epiphany/epiphany_3.34.1.bb
+++ b/poky/meta/recipes-gnome/epiphany/epiphany_3.34.1.bb
@@ -1,4 +1,5 @@
 SUMMARY = "WebKit based web browser for GNOME"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/epiphany"
 LICENSE = "GPLv3+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
diff --git a/poky/meta/recipes-gnome/gcr/gcr_3.28.1.bb b/poky/meta/recipes-gnome/gcr/gcr_3.34.0.bb
index 2299199c3..616b0e5bf 100644
--- a/poky/meta/recipes-gnome/gcr/gcr_3.28.1.bb
+++ b/poky/meta/recipes-gnome/gcr/gcr_3.34.0.bb
@@ -1,19 +1,22 @@
 SUMMARY = "A library for bits of crypto UI and parsing etc"
-HOMEPAGE = "http://www.gnome.org/"
-BUGTRACKER = "https://bugzilla.gnome.org/"
+DESCRIPTION = "GCR is a library for displaying certificates, and crypto UI, \
+accessing key stores. It also provides the viewer for crypto files on the \
+GNOME desktop."
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/gcr"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/gcr/issues"
 
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605"
 
-DEPENDS = "intltool-native gtk+3 p11-kit glib-2.0 libgcrypt \
+DEPENDS = "gtk+3 p11-kit glib-2.0 libgcrypt \
            ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'libxslt-native', '', d)}"
 
-inherit gnomebase gtk-icon-cache gtk-doc distro_features_check upstream-version-is-even vala gobject-introspection
+inherit gnomebase gtk-icon-cache gtk-doc distro_features_check upstream-version-is-even vala gobject-introspection gettext
 # depends on gtk+3, but also x11 through gtk+-x11
 REQUIRED_DISTRO_FEATURES = "x11"
 
-SRC_URI[archive.md5sum] = "afd88cacfd54c1ac5b3e0eb35e3aa674"
-SRC_URI[archive.sha256sum] = "95204aa2111c301778ebfbe60975ce3ed698c958430ffcc2a785ac5e593d168b"
+SRC_URI[archive.md5sum] = "4af28919fb1dd36d93603e8230283b6f"
+SRC_URI[archive.sha256sum] = "29df50974a90987af694c0fb8926a6b366e68cacd8abd813817cfe1eb5d54524"
 
 FILES_${PN} += " \
     ${datadir}/dbus-1 \
diff --git a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.38.2.bb b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.38.2.bb
index 0f3a63d89..c99510609 100644
--- a/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.38.2.bb
+++ b/poky/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.38.2.bb
@@ -1,6 +1,9 @@
 SUMMARY = "Image loading library for GTK+"
-HOMEPAGE = "http://www.gtk.org/"
-BUGTRACKER = "https://bugzilla.gnome.org/"
+DESCRIPTION = "The GDK Pixbuf library provides: Image loading and saving \
+facilities, fast scaling and compositing of pixbufs and Simple animation \
+loading (ie. animated GIFs)"
+HOMEPAGE = "https://wiki.gnome.org/Projects/GdkPixbuf"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/gdk-pixbuf/issues"
 
 LICENSE = "LGPLv2.1"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
diff --git a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Don-t-use-AC_CANONICAL_HOST.patch b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Don-t-use-AC_CANONICAL_HOST.patch
index 4a9836331..a062aa63d 100644
--- a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Don-t-use-AC_CANONICAL_HOST.patch
+++ b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme/0001-Don-t-use-AC_CANONICAL_HOST.patch
@@ -19,7 +19,7 @@ index 4a84501..52dbb8e 100644
 +++ b/configure.ac
 @@ -3,7 +3,6 @@ AC_PREREQ(2.53)
  
- AC_INIT([adwaita-icon-theme], [3.32.0],
+ AC_INIT([adwaita-icon-theme], [3.34.0],
          [http://bugzilla.gnome.org/enter_bug.cgi?product=adwaita-icon-theme])
 -AC_CANONICAL_HOST
  AC_CONFIG_MACRO_DIR([m4])
diff --git a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_3.32.0.bb b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.0.bb
index 02676f440..3f6b60fbd 100644
--- a/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_3.32.0.bb
+++ b/poky/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.0.bb
@@ -1,6 +1,6 @@
 SUMMARY = "GTK+ icon theme"
-HOMEPAGE = "http://ftp.gnome.org/pub/GNOME/sources/adwaita-icon-theme/"
-BUGTRACKER = "https://bugzilla.gnome.org/"
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme/issues"
 SECTION = "x11/gnome"
 
 LICENSE = "LGPL-3.0 | CC-BY-SA-3.0"
@@ -14,8 +14,8 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
            file://0001-Run-installation-commands-as-shell-jobs.patch \
            "
 
-SRC_URI[md5sum] = "4b16278cfed860a86c8221de62eec151"
-SRC_URI[sha256sum] = "698db6e407bb987baec736c6a30216dfc0317e3ca2403c7adf3a5aa46c193286"
+SRC_URI[md5sum] = "41b860c17efe065849b0cbf46e88811a"
+SRC_URI[sha256sum] = "40b7e91f8263552b64d0f9beff33150291b086618ce498c71bf10035e48c7c7f"
 
 DEPENDS += "librsvg-native"
 
diff --git a/poky/meta/recipes-gnome/gnome/gconf_3.2.6.bb b/poky/meta/recipes-gnome/gnome/gconf_3.2.6.bb
index e6742f37d..b8466d483 100644
--- a/poky/meta/recipes-gnome/gnome/gconf_3.2.6.bb
+++ b/poky/meta/recipes-gnome/gnome/gconf_3.2.6.bb
@@ -1,4 +1,7 @@
 SUMMARY = "GNOME configuration system"
+DESCRIPTION = "GConf is a system for storing application preferences. \
+It is intended for user preferences; not configuration of something like \
+Apache, or arbitrary data storage."
 SECTION = "x11/gnome"
 HOMEPAGE = "https://projects.gnome.org/gconf/"
 LICENSE = "LGPLv2+"
diff --git a/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb b/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb
index c925115fb..a9739cc55 100644
--- a/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb
+++ b/poky/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb
@@ -1,6 +1,10 @@
 SUMMARY = "Middleware layer between GObject-using C libraries and language bindings"
+DESCRIPTION = "GObject Introspection is a project for providing machine \
+readable introspection data of the API of C libraries. This introspection \
+data can be used in several different use cases, for example automatic code \
+generation for bindings, API verification and documentation generation."
 HOMEPAGE = "https://wiki.gnome.org/action/show/Projects/GObjectIntrospection"
-BUGTRACKER = "https://bugzilla.gnome.org/"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/gobject-introspection/issues"
 SECTION = "libs"
 LICENSE = "LGPLv2+ & GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=c434e8128a68bedd59b80b2ac1eb1c4a \
@@ -92,7 +96,7 @@ EOF
 
         # Write out a wrapper for g-ir-scanner itself, which will be used when building introspection files
         # for glib-based packages. This wrapper calls the native version of the scanner, and tells it to use
-        # a qemu wrapper for running transient target binaries produced by the scanner, and an include directory 
+        # a qemu wrapper for running transient target binaries produced by the scanner, and an include directory
         # from the target sysroot.
         cat > ${B}/g-ir-scanner-wrapper << EOF
 #!/bin/sh
@@ -132,7 +136,7 @@ do_compile_prepend() {
         export GIR_EXTRA_LIBS_PATH=$B/.libs
 }
 
-# Our wrappers need to be available system-wide, because they will be used 
+# Our wrappers need to be available system-wide, because they will be used
 # to build introspection files for all other gobject-based packages
 do_install_append_class-target() {
         install -d ${D}${bindir}/
diff --git a/poky/meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_3.32.0.bb b/poky/meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_3.32.0.bb
deleted file mode 100644
index 859f70466..000000000
--- a/poky/meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_3.32.0.bb
+++ /dev/null
@@ -1,16 +0,0 @@
-SUMMARY = "GNOME desktop-wide GSettings schemas"
-HOMEPAGE = "http://live.gnome.org/gsettings-desktop-schemas"
-BUGTRACKER = "https://bugzilla.gnome.org/"
-
-LICENSE = "LGPLv2.1"
-LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
-
-DEPENDS = "glib-2.0"
-
-GNOMEBASEBUILDCLASS = "meson"
-
-inherit gnomebase gsettings gobject-introspection gettext upstream-version-is-even
-
-SRC_URI[archive.md5sum] = "0c2d468a482c12594757442c983aa8ea"
-SRC_URI[archive.sha256sum] = "2d59b4b3a548859dfae46314ee4666787a00d5c82db382e97df7aa9d0e310a35"
-SRC_URI += "file://0001-Do-not-skip-gir-installation-for-cross-compiling.patch"
diff --git a/poky/meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_3.34.0.bb b/poky/meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_3.34.0.bb
new file mode 100644
index 000000000..eea578bb6
--- /dev/null
+++ b/poky/meta/recipes-gnome/gsettings-desktop-schemas/gsettings-desktop-schemas_3.34.0.bb
@@ -0,0 +1,18 @@
+SUMMARY = "GNOME desktop-wide GSettings schemas"
+DESCRIPTION = "GSettings desktop-wide schemas contains a collection of \
+GSettings schemas for settings shared by various components of a desktop."
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/gsettings-desktop-schemas"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/gsettings-desktop-schemas/issues"
+
+LICENSE = "LGPLv2.1"
+LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
+
+DEPENDS = "glib-2.0"
+
+GNOMEBASEBUILDCLASS = "meson"
+
+inherit gnomebase gsettings gobject-introspection gettext upstream-version-is-even
+
+SRC_URI[archive.md5sum] = "9759ef53fb2e53fc8d19190e58f2c332"
+SRC_URI[archive.sha256sum] = "288b04260f7040b0e004a8d59c773cfb4e32df4f1b4a0f9d705c51afccc95ead"
+SRC_URI += "file://0001-Do-not-skip-gir-installation-for-cross-compiling.patch"
diff --git a/poky/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.17.bb b/poky/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.17.bb
index fb8033448..aad7eff25 100644
--- a/poky/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.17.bb
+++ b/poky/meta/recipes-gnome/hicolor-icon-theme/hicolor-icon-theme_0.17.bb
@@ -1,5 +1,7 @@
 SUMMARY = "Default icon theme that all icon themes automatically inherit from"
-HOMEPAGE = "http://icon-theme.freedesktop.org/wiki/HicolorTheme"
+DESCRIPTION = "The hicolor-icon-theme package contains a default fallback \
+theme for implementations of the icon theme specification."
+HOMEPAGE = "https://www.freedesktop.org/wiki/Software/icon-theme"
 BUGTRACKER = "https://bugs.freedesktop.org/"
 
 LICENSE = "GPLv2"
diff --git a/poky/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb b/poky/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb
index 1c663f93e..5143d73ed 100644
--- a/poky/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb
+++ b/poky/meta/recipes-gnome/json-glib/json-glib_1.4.4.bb
@@ -3,7 +3,8 @@ DESCRIPTION = "Use JSON-GLib it is possible to parse and generate valid JSON\
  data structures, using a DOM-like API. JSON-GLib also offers GObject \
 integration, providing the ability to serialize and deserialize GObject \
 instances to and from JSON data types."
-HOMEPAGE = "http://live.gnome.org/JsonGlib"
+HOMEPAGE = "https://wiki.gnome.org/Projects/JsonGlib"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/json-glib/issues"
 
 LICENSE = "LGPLv2.1"
 LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34"
diff --git a/poky/meta/recipes-gnome/libdazzle/libdazzle_3.34.1.bb b/poky/meta/recipes-gnome/libdazzle/libdazzle_3.34.1.bb
index cf61ed501..e2973905f 100644
--- a/poky/meta/recipes-gnome/libdazzle/libdazzle_3.34.1.bb
+++ b/poky/meta/recipes-gnome/libdazzle/libdazzle_3.34.1.bb
@@ -1,5 +1,10 @@
 SUMMARY = "The libdazzle library is a companion library to GObject and Gtk+."
+DESCRIPTION = "A wide range of components from utilities for GIO, widgets for \
+GTK+, an animation framework, state machines, paneling and high-performance \
+counters are included."
 LICENSE = "GPLv3+"
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/libdazzle"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/libdazzle/issues"
 LIC_FILES_CHKSUM = "file://COPYING;md5=8f0e2cd40e05189ec81232da84bd6e1a"
 
 GNOMEBASEBUILDCLASS = "meson"
diff --git a/poky/meta/recipes-gnome/libgudev/libgudev_233.bb b/poky/meta/recipes-gnome/libgudev/libgudev_233.bb
index a9f6bdd65..8bc379ff6 100644
--- a/poky/meta/recipes-gnome/libgudev/libgudev_233.bb
+++ b/poky/meta/recipes-gnome/libgudev/libgudev_233.bb
@@ -1,5 +1,10 @@
 SUMMARY = "GObject wrapper for libudev"
+DESCRIPTION = "This library makes it much simpler to use libudev from programs \
+already using GObject. It also makes it possible to easily use libudev from \
+other programming languages, such as Javascript, because of GObject \
+introspection support."
 HOMEPAGE = "https://wiki.gnome.org/Projects/libgudev"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/libgudev/issues"
 SRC_URI[archive.sha256sum] = "587c4970eb23f4e2deee2cb1fb7838c94a78c578f41ce12cac0a3f4a80dabb03"
 SRC_URI[archive.md5sum] = "d59a317a40aaa02a2226056c0bb4d3e1"
 
diff --git a/poky/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb b/poky/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb
index 1c9084d91..f4cda7bc7 100644
--- a/poky/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb
+++ b/poky/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb
@@ -1,5 +1,6 @@
 SUMMARY = "Library for sending desktop notifications to a notification daemon"
-HOMEPAGE = "http://www.gnome.org"
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/libnotify"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/libnotify/issues"
 SECTION = "libs"
 LICENSE = "LGPLv2.1"
 LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34"
diff --git a/poky/meta/recipes-gnome/librsvg/librsvg_2.40.20.bb b/poky/meta/recipes-gnome/librsvg/librsvg_2.40.20.bb
index 6a798e6a9..7f98127fd 100644
--- a/poky/meta/recipes-gnome/librsvg/librsvg_2.40.20.bb
+++ b/poky/meta/recipes-gnome/librsvg/librsvg_2.40.20.bb
@@ -1,6 +1,10 @@
 SUMMARY = "Library for rendering SVG files"
-HOMEPAGE = "http://ftp.gnome.org/pub/GNOME/sources/librsvg/"
-BUGTRACKER = "https://bugzilla.gnome.org/"
+DESCRIPTION = "A small library to render Scalable Vector Graphics (SVG), \
+associated with the GNOME Project. It renders SVG files to Cairo surfaces. \
+Cairo is the 2D, antialiased drawing library that GNOME uses to draw things to \
+the screen or to generate output for printing."
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/librsvg"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/librsvg/issues"
 
 RECIPE_NO_UPDATE_REASON = "Versions from 2.41.0 requires Rust compiler to build it"
 
diff --git a/poky/meta/recipes-gnome/libsecret/libsecret_0.19.1.bb b/poky/meta/recipes-gnome/libsecret/libsecret_0.19.1.bb
index 0d7607523..3da2a4aca 100644
--- a/poky/meta/recipes-gnome/libsecret/libsecret_0.19.1.bb
+++ b/poky/meta/recipes-gnome/libsecret/libsecret_0.19.1.bb
@@ -1,5 +1,10 @@
 SUMMARY = "libsecret is a library for storing and retrieving passwords and other secrets"
+DESCRIPTION = "A GObject-based library for accessing the Secret Service API of \
+the freedesktop.org project, a cross-desktop effort to access passwords, \
+tokens and other types of secrets. libsecret provides a convenient wrapper \
+for these methods so consumers do not have to call the low-level DBus methods."
 LICENSE = "LGPLv2.1"
+BUGTRACKER = "https://gitlab.gnome.org/GNOME/libsecret/issues"
 LIC_FILES_CHKSUM = "file://COPYING;md5=23c2a5e0106b99d75238986559bb5fc6"
 
 inherit gnomebase gtk-doc vala gobject-introspection manpages
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch
new file mode 100644
index 000000000..674decccb
--- /dev/null
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch
@@ -0,0 +1,34 @@
+From 85138c1ec673e05263ae666baf61f79384daf7e0 Mon Sep 17 00:00:00 2001
+From: Sam Lantinga <slouken@libsdl.org>
+Date: Tue, 30 Jul 2019 11:00:00 -0700
+Subject: [PATCH] Fixed bug 4538 - validate image size when loading BMP files
+
+Upstream-Status: Backport
+[https://hg.libsdl.org/SDL/rev/e7ba650a643a]
+
+CVE: CVE-2019-13616
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/video/SDL_bmp.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/video/SDL_bmp.c b/src/video/SDL_bmp.c
+index 0b68918..a06b0c9 100644
+--- a/src/video/SDL_bmp.c
++++ b/src/video/SDL_bmp.c
+@@ -226,6 +226,11 @@ SDL_LoadBMP_RW(SDL_RWops * src, int freesrc)
+             SDL_RWseek(src, (biSize - headerSize), RW_SEEK_CUR);
+         }
+     }
++    if (biWidth <= 0 || biHeight == 0) {
++        SDL_SetError("BMP file with bad dimensions (%dx%d)", biWidth, biHeight);
++        was_error = SDL_TRUE;
++        goto done;
++    }
+     if (biHeight < 0) {
+         topDown = SDL_TRUE;
+         biHeight = -biHeight;
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2/0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch b/poky/meta/recipes-graphics/libsdl2/libsdl2/0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch
new file mode 100644
index 000000000..8f5b6a0ce
--- /dev/null
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2/0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch
@@ -0,0 +1,41 @@
+# HG changeset patch
+# User Sylvain Becker <sylvain.becker@gmail.com>
+# Date 1570898876 -7200
+#      Sat Oct 12 18:47:56 2019 +0200
+# Node ID 369b01006eb2f6fd563f7c315d29ae3fe503c432
+# Parent  4cbaffd0083b8cd17070dbd9d4ab1ce0fa9fca2d
+Fixed bug 4797 - SDL fails to compile with Mesa Master (thanks Michael Olbrich!)
+
+fix building with Mesa 19.2
+
+With Mesa 19.2 building fails with:
+
+/include/GLES/gl.h:63:25: error: conflicting types for 'GLsizeiptr'
+
+The same type is defined in include/SDL_opengl.h for OpenGL and the two
+headers should not be included at the same time.
+This was just never noticed because the same header guard '__gl_h_' was
+used. This was changed in Mesa. The result is this error.
+
+Fix this the same way GLES2 already handles this: Don't include the GLES
+header when the OpenGL header was already included.
+(https://hg.libsdl.org/SDL/rev/a60b3c292f0f)
+
+Upstream-Status: Backport [https://hg.libsdl.org/SDL/rev/369b01006eb2]
+Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
+
+diff --git a/src/video/SDL_video.c b/src/video/SDL_video.c
+--- a/src/video/SDL_video.c
++++ b/src/video/SDL_video.c
+@@ -37,9 +37,9 @@
+ #include "SDL_opengl.h"
+ #endif /* SDL_VIDEO_OPENGL */
+ 
+-#if SDL_VIDEO_OPENGL_ES
++#if SDL_VIDEO_OPENGL_ES && !SDL_VIDEO_OPENGL
+ #include "SDL_opengles.h"
+-#endif /* SDL_VIDEO_OPENGL_ES */
++#endif /* SDL_VIDEO_OPENGL_ES && !SDL_VIDEO_OPENGL */
+ 
+ /* GL and GLES2 headers conflict on Linux 32 bits */
+ #if SDL_VIDEO_OPENGL_ES2 && !SDL_VIDEO_OPENGL
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
index 3a0654b86..862abe1d5 100644
--- a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
@@ -14,6 +14,8 @@ PROVIDES = "virtual/libsdl2"
 
 SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
            file://more-gen-depends.patch \
+           file://0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch \
+           file://0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch \
 "
 
 S = "${WORKDIR}/SDL2-${PV}"
diff --git a/poky/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch b/poky/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch
index 3458c1919..346b21758 100644
--- a/poky/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch
+++ b/poky/meta/recipes-graphics/mesa/files/0003-Allow-enable-DRI-without-DRI-drivers.patch
@@ -23,7 +23,7 @@ index 0e50bb26c0a..de065c290d6 100644
  with_dri_swrast = dri_drivers.contains('swrast')
  
 -with_dri = dri_drivers.length() != 0 and dri_drivers != ['']
-+with_dri = get_option('dri') or (_drivers.length() != 0 and _drivers != [''])
++with_dri = get_option('dri') or (dri_drivers.length() != 0 and dri_drivers != [''])
  
  gallium_drivers = get_option('gallium-drivers')
  if gallium_drivers.contains('auto')
diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11/no-host-libtool.patch b/poky/meta/recipes-graphics/xorg-lib/libx11/no-host-libtool.patch
deleted file mode 100644
index 56d9983b1..000000000
--- a/poky/meta/recipes-graphics/xorg-lib/libx11/no-host-libtool.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/lib/libx11/merge_requests/22]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From edc7680ed5a03cedb5facf14693823455e12c29c Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 6 Aug 2019 14:53:43 +0100
-Subject: [PATCH libX11] src/util/Makefile: explicitly reset LINK to not use
- libtool
-
-Simply looking at libtool redefines LINK globally to use libtool, which when
-you're trying to cross-compile to Windows can cause complications.
-
-As in src/util/ we're simply building a small binary for the build host, reset
-LINK to the automake default so that the traditional compile/link steps occur
-without libtool.
-
-Also remove -all-static from LDFLAGS as that is a libtool-specific argument
-intended to solve this problem.
-
-Closes: #100
-Signed-off-by: Ross Burton <ross.burton@intel.com>
----
- src/util/Makefile.am | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/Makefile.am b/src/util/Makefile.am
-index 37314370..b7236530 100644
---- a/src/util/Makefile.am
-+++ b/src/util/Makefile.am
-@@ -7,10 +7,11 @@ AM_CFLAGS = \
- AM_CPPFLAGS = \
- 	-I$(top_srcdir)/include
- 
-+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
- CC = @CC_FOR_BUILD@
- CPPFLAGS = @CPPFLAGS_FOR_BUILD@
- CFLAGS = @CFLAGS_FOR_BUILD@
--LDFLAGS = @LDFLAGS_FOR_BUILD@ -all-static
-+LDFLAGS = @LDFLAGS_FOR_BUILD@
- LIBS =
- EXEEXT = @EXEEXT_FOR_BUILD@
- 
--- 
-2.20.1
-
diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11/no-host-x.patch b/poky/meta/recipes-graphics/xorg-lib/libx11/no-host-x.patch
deleted file mode 100644
index 803f8b408..000000000
--- a/poky/meta/recipes-graphics/xorg-lib/libx11/no-host-x.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From cf2ef27831173c5ed6f98be3c39caff18fd4e7f1 Mon Sep 17 00:00:00 2001
-From: Adam Jackson <ajax@redhat.com>
-Date: Mon, 17 Jun 2019 13:36:08 -0400
-Subject: [PATCH 1/2] makekeys: Detach ourselves from X headers entirely
-
-Subsequent to a121b7b0c210efe10bf93453b29050282324c906 we are no longer
-building makekeys with enough -I/foo/bar to find the X11 headers, so if
-they're not in a system include path, things fail. Since this utility is
-only needed at build time, there's no real reason to demand the X
-headers be installed for both the build and target machines if cross-
-compiling, we can just assume a vaguely ANSI environment instead.
-
-Tested-by: Niclas Zeising <zeising@daemonic.se>
-Reviewed-by: Keith Packard <keithp@keithp.com>
-Reviewed-by: Matt Turner <mattst88@gmail.com>
----
- src/util/makekeys.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/makekeys.c b/src/util/makekeys.c
-index bcb5b7d5..07563315 100644
---- a/src/util/makekeys.c
-+++ b/src/util/makekeys.c
-@@ -35,8 +35,10 @@ from The Open Group.
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-+#include <stdint.h>
-+#include <inttypes.h>
- 
--#include "../Xresinternal.h"
-+typedef uint32_t Signature;
- 
- #define KTNUM 4000
- 
--- 
-2.20.1
diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11_1.6.8.bb b/poky/meta/recipes-graphics/xorg-lib/libx11_1.6.8.bb
deleted file mode 100644
index 0d27bc2bc..000000000
--- a/poky/meta/recipes-graphics/xorg-lib/libx11_1.6.8.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require libx11.inc
-
-SRC_URI += "file://disable_tests.patch"
-
-inherit gettext
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-graphics/xorg-lib/libx11.inc b/poky/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
index cce0cb992..8c2a57c67 100644
--- a/poky/meta/recipes-graphics/xorg-lib/libx11.inc
+++ b/poky/meta/recipes-graphics/xorg-lib/libx11_1.6.9.bb
@@ -11,11 +11,10 @@ FILESEXTRAPATHS =. "${FILE_DIRNAME}/libx11:"
 PE = "1"
 
 SRC_URI += "file://Fix-hanging-issue-in-_XReply.patch \
-            file://no-host-libtool.patch \
-            file://no-host-x.patch"
+            file://disable_tests.patch"
 
-SRC_URI[md5sum] = "c5fa5a86a20e3591bed6c046498d4b8f"
-SRC_URI[sha256sum] = "b289a845c189e251e0e884cc0f9269bbe97c238df3741e854ec4c17c21e473d5"
+SRC_URI[md5sum] = "55adbfb6d4370ecac5e70598c4e7eed2"
+SRC_URI[sha256sum] = "9cc7e8d000d6193fa5af580d50d689380b8287052270f5bb26a5fb6b58b2bed1"
 
 PROVIDES = "virtual/libx11"
 
@@ -37,6 +36,10 @@ CPPFLAGS_FOR_BUILD += "-D_GNU_SOURCE"
 
 PACKAGES =+ "${PN}-xcb"
 
+inherit gettext
+
 FILES_${PN} += "${datadir}/X11/XKeysymDB ${datadir}/X11/XErrorDB ${datadir}/X11/Xcms.txt"
 FILES_${PN}-xcb += "${libdir}/libX11-xcb.so.*"
 FILES_${PN}-locale += "${datadir}/X11/locale ${libdir}/X11/locale"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-graphics/xorg-lib/libxvmc_1.0.11.bb b/poky/meta/recipes-graphics/xorg-lib/libxvmc_1.0.12.bb
index d95f809ed..29ed0c43d 100644
--- a/poky/meta/recipes-graphics/xorg-lib/libxvmc_1.0.11.bb
+++ b/poky/meta/recipes-graphics/xorg-lib/libxvmc_1.0.12.bb
@@ -15,5 +15,5 @@ PE = "1"
 
 XORG_PN = "libXvMC"
 
-SRC_URI[md5sum] = "707175185a2e0490b8173686c657324f"
-SRC_URI[sha256sum] = "4a2e34d444a683a7c010b01b23cefe2b8043a063ce4dc6a9b855836b5262622d"
+SRC_URI[md5sum] = "3569ff7f3e26864d986d6a21147eaa58"
+SRC_URI[sha256sum] = "6b3da7977b3f7eaf4f0ac6470ab1e562298d82c4e79077765787963ab7966dcd"
diff --git a/poky/meta/recipes-graphics/xorg-proto/xorgproto_2019.1.bb b/poky/meta/recipes-graphics/xorg-proto/xorgproto_2019.2.bb
index 2c7ce2a56..8acbe895a 100644
--- a/poky/meta/recipes-graphics/xorg-proto/xorgproto_2019.1.bb
+++ b/poky/meta/recipes-graphics/xorg-proto/xorgproto_2019.2.bb
@@ -1,6 +1,6 @@
 require xorg-proto-common.inc
 
-SUMMARY = "XCalibrate: Touchscreen calibration headers"
+SUMMARY = "X Window System unified protocol definitions"
 
 DESCRIPTION = "This package provides the headers and specification documents defining \
 the core protocol and (many) extensions for the X Window System"
@@ -8,7 +8,7 @@ the core protocol and (many) extensions for the X Window System"
 LICENSE = "MIT-style"
 LIC_FILES_CHKSUM = "file://COPYING-x11proto;md5=b9e051107d5628966739a0b2e9b32676"
 
-SRC_URI[md5sum] = "802ccb9e977ba3cf94ba798ddb2898a4"
-SRC_URI[sha256sum] = "a6daaa7a6cbc8e374032d83ff7f47d41be98f1e0f4475d66a4da3aa766a0d49b"
+SRC_URI[md5sum] = "a02dcaff48b4141b949ac99dfc344d86"
+SRC_URI[sha256sum] = "46ecd0156c561d41e8aa87ce79340910cdf38373b759e737fcbba5df508e7b8e"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
index 1edcd7eda..32edb6026 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "02f0c38dd20819c0e9d279e3b1e95280101ea8ab"
-SRCREV_meta ?= "a7cb57afb9fb9787079c28a1028d797632105e56"
+SRCREV_machine ?= "0e4a79e608e92830693e511a3dd282ce7c3b3f41"
+SRCREV_meta ?= "ad6f8b357720ca8167a090713b7746230cf4b314"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "4.19.72"
+LINUX_VERSION ?= "4.19.78"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb
index e3fe54441..423331e19 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-rt_5.2.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "0a9f6ee2443b54c614107728ca76485916010023"
-SRCREV_meta ?= "b867b78b5019ae455af97dec7794cff7527d7624"
+SRCREV_machine ?= "55e3ee387b073d8d609e8899859561340d8b6911"
+SRCREV_meta ?= "bd0762cd138f1624b5a5f8669cfa3ac2b71cb87b"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.2;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "5.2.17"
+LINUX_VERSION ?= "5.2.20"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
index 446bce3a8..0682aef50 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "4.19.72"
+LINUX_VERSION ?= "4.19.78"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "283b870cef5f79a6f07465828a51f27a6aed4c50"
-SRCREV_machine ?= "2d7c98a6748a64ca36fd1d2e60c517b16326df61"
-SRCREV_meta ?= "a7cb57afb9fb9787079c28a1028d797632105e56"
+SRCREV_machine_qemuarm ?= "be50001808f00efee538c2a3e7c0a5a2a2df65da"
+SRCREV_machine ?= "a915fbeae8ed987402f69666d90bef15a01c5823"
+SRCREV_meta ?= "ad6f8b357720ca8167a090713b7746230cf4b314"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb
index f3f546866..f7239d022 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto-tiny_5.2.bb
@@ -6,7 +6,7 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "5.2.17"
+LINUX_VERSION ?= "5.2.20"
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -15,9 +15,9 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine_qemuarm ?= "aaa66d462ec17345dadd69b1ec0f3fcc83e82536"
-SRCREV_machine ?= "255a750d28cd45df8923c3aba1e82c322757a50d"
-SRCREV_meta ?= "b867b78b5019ae455af97dec7794cff7527d7624"
+SRCREV_machine_qemuarm ?= "501d680535903acc00808c36f2cc07f2dc725adc"
+SRCREV_machine ?= "dd25a04fc5e2e4549fc9b86157a01e0c72b53b03"
+SRCREV_meta ?= "bd0762cd138f1624b5a5f8669cfa3ac2b71cb87b"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_4.19.bb b/poky/meta/recipes-kernel/linux/linux-yocto_4.19.bb
index 96debc42d..d8cb20f2f 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_4.19.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_4.19.bb
@@ -11,22 +11,22 @@ KBRANCH_qemux86  ?= "v4.19/standard/base"
 KBRANCH_qemux86-64 ?= "v4.19/standard/base"
 KBRANCH_qemumips64 ?= "v4.19/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "b0be447bc9053d07f3438999778bd077679ae756"
-SRCREV_machine_qemuarm64 ?= "2d7c98a6748a64ca36fd1d2e60c517b16326df61"
-SRCREV_machine_qemumips ?= "3c8b21d0a335b5f418682969448574dfd0011f02"
-SRCREV_machine_qemuppc ?= "2d7c98a6748a64ca36fd1d2e60c517b16326df61"
-SRCREV_machine_qemux86 ?= "2d7c98a6748a64ca36fd1d2e60c517b16326df61"
-SRCREV_machine_qemux86-64 ?= "2d7c98a6748a64ca36fd1d2e60c517b16326df61"
-SRCREV_machine_qemumips64 ?= "2854797711fee4061fb760c2b6e0e3d3135195ab"
-SRCREV_machine ?= "2d7c98a6748a64ca36fd1d2e60c517b16326df61"
-SRCREV_meta ?= "a7cb57afb9fb9787079c28a1028d797632105e56"
+SRCREV_machine_qemuarm ?= "7fde51abcaf389193ce5d87ebfb8e8fb66a9271a"
+SRCREV_machine_qemuarm64 ?= "a915fbeae8ed987402f69666d90bef15a01c5823"
+SRCREV_machine_qemumips ?= "8ac68d42beb24b275ac0d2a54a0a2291970e5dde"
+SRCREV_machine_qemuppc ?= "a915fbeae8ed987402f69666d90bef15a01c5823"
+SRCREV_machine_qemux86 ?= "a915fbeae8ed987402f69666d90bef15a01c5823"
+SRCREV_machine_qemux86-64 ?= "a915fbeae8ed987402f69666d90bef15a01c5823"
+SRCREV_machine_qemumips64 ?= "ea2cb8731306f734bf0227575e04cafac7dfade0"
+SRCREV_machine ?= "a915fbeae8ed987402f69666d90bef15a01c5823"
+SRCREV_meta ?= "ad6f8b357720ca8167a090713b7746230cf4b314"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.19;destsuffix=${KMETA} \
           "
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "4.19.72"
+LINUX_VERSION ?= "4.19.78"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/linux/linux-yocto_5.2.bb b/poky/meta/recipes-kernel/linux/linux-yocto_5.2.bb
index 1a2c3ffcd..8f75f67c3 100644
--- a/poky/meta/recipes-kernel/linux/linux-yocto_5.2.bb
+++ b/poky/meta/recipes-kernel/linux/linux-yocto_5.2.bb
@@ -12,16 +12,16 @@ KBRANCH_qemux86  ?= "v5.2/standard/base"
 KBRANCH_qemux86-64 ?= "v5.2/standard/base"
 KBRANCH_qemumips64 ?= "v5.2/standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "47b80ef7bd932830f299ed76e2302df631ae4fbe"
-SRCREV_machine_qemuarm64 ?= "255a750d28cd45df8923c3aba1e82c322757a50d"
-SRCREV_machine_qemumips ?= "45ff64cb3f87c38db6f46353ea93005d049b0cf6"
-SRCREV_machine_qemuppc ?= "255a750d28cd45df8923c3aba1e82c322757a50d"
-SRCREV_machine_qemuriscv64 ?= "255a750d28cd45df8923c3aba1e82c322757a50d"
-SRCREV_machine_qemux86 ?= "255a750d28cd45df8923c3aba1e82c322757a50d"
-SRCREV_machine_qemux86-64 ?= "255a750d28cd45df8923c3aba1e82c322757a50d"
-SRCREV_machine_qemumips64 ?= "ea0fd387a459803ac60e9b8a1729f2fc7d3215f1"
-SRCREV_machine ?= "255a750d28cd45df8923c3aba1e82c322757a50d"
-SRCREV_meta ?= "b867b78b5019ae455af97dec7794cff7527d7624"
+SRCREV_machine_qemuarm ?= "fcbe51dfa0a763a07e4cd66204d6c0ba054663ce"
+SRCREV_machine_qemuarm64 ?= "dd25a04fc5e2e4549fc9b86157a01e0c72b53b03"
+SRCREV_machine_qemumips ?= "9cad7bb8bcd3686f580a3363847ee9c9e86928b1"
+SRCREV_machine_qemuppc ?= "dd25a04fc5e2e4549fc9b86157a01e0c72b53b03"
+SRCREV_machine_qemuriscv64 ?= "dd25a04fc5e2e4549fc9b86157a01e0c72b53b03"
+SRCREV_machine_qemux86 ?= "dd25a04fc5e2e4549fc9b86157a01e0c72b53b03"
+SRCREV_machine_qemux86-64 ?= "dd25a04fc5e2e4549fc9b86157a01e0c72b53b03"
+SRCREV_machine_qemumips64 ?= "dc2be1a546e937374590ce3858b717489ded2c21"
+SRCREV_machine ?= "dd25a04fc5e2e4549fc9b86157a01e0c72b53b03"
+SRCREV_meta ?= "bd0762cd138f1624b5a5f8669cfa3ac2b71cb87b"
 
 # remap qemuarm to qemuarma15 for the 5.2 kernel
 # KMACHINE_qemuarm ?= "qemuarma15"
@@ -30,7 +30,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.2;destsuffix=${KMETA}"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.2.17"
+LINUX_VERSION ?= "5.2.20"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
 DEPENDS += "openssl-native util-linux-native"
diff --git a/poky/meta/recipes-kernel/perf/perf.bb b/poky/meta/recipes-kernel/perf/perf.bb
index 8201c0cb6..5f0ba7c18 100644
--- a/poky/meta/recipes-kernel/perf/perf.bb
+++ b/poky/meta/recipes-kernel/perf/perf.bb
@@ -25,6 +25,7 @@ PACKAGECONFIG[jvmti] = ",NO_JVMTI=1"
 # libaudit support would need scripting to be enabled
 PACKAGECONFIG[audit] = ",NO_LIBAUDIT=1,audit"
 PACKAGECONFIG[manpages] = ",,xmlto-native asciidoc-native"
+PACKAGECONFIG[cap] = ",,libcap"
 
 # libunwind is not yet ported for some architectures
 PACKAGECONFIG_remove_arc = "libunwind"
@@ -105,7 +106,6 @@ EXTRA_OEMAKE += "\
 EXTRA_OEMAKE_append_task-configure = " JOBS=1"
 
 PERF_SRC ?= "Makefile \
-             include \
              tools/arch \
              tools/build \
              tools/include \
@@ -113,6 +113,8 @@ PERF_SRC ?= "Makefile \
              tools/Makefile \
              tools/perf \
              tools/scripts \
+             scripts/ \
+             arch/${ARCH}/Makefile \
 "
 
 PERF_EXTRA_LDFLAGS = ""
@@ -151,6 +153,8 @@ python copy_perf_source_from_kernel() {
         if os.path.isdir(src):
             oe.path.copyhardlinktree(src, dest)
         else:
+            src_path = os.path.dirname(s)
+            os.makedirs(os.path.join(dest_dir,src_path),exist_ok=True)
             bb.utils.copyfile(src, dest)
 }
 
@@ -243,9 +247,6 @@ do_configure_prepend () {
     # so we copy it from the sysroot unistd.h to the perf unistd.h
     install -D -m0644 ${STAGING_INCDIR}/asm-generic/unistd.h ${S}/tools/include/uapi/asm-generic/unistd.h
     install -D -m0644 ${STAGING_INCDIR}/asm-generic/unistd.h ${S}/include/uapi/asm-generic/unistd.h
-
-    # bits.h can have the same issue as unistd.h, so we make the tools variant take precedence
-    [ -e ${S}/tools/include/linux/bits.h ] && install -D -m0644 ${S}/tools/include/linux/bits.h ${S}/include/linux/bits.h
 }
 
 python do_package_prepend() {
diff --git a/poky/meta/recipes-kernel/systemtap/systemtap_git.bb b/poky/meta/recipes-kernel/systemtap/systemtap_git.bb
index 6ee3e1c0f..1c9f2aed1 100644
--- a/poky/meta/recipes-kernel/systemtap/systemtap_git.bb
+++ b/poky/meta/recipes-kernel/systemtap/systemtap_git.bb
@@ -51,10 +51,13 @@ do_install_append () {
       rm ${D}${libexecdir}/${PN}/stap-env
    fi
 
-   # Fix makefile hardcoded path assumptions for systemd (assumes $prefix)
-   install -d `dirname ${D}${systemd_unitdir}`
-   mv ${D}${prefix}/lib/systemd `dirname ${D}${systemd_unitdir}`
-   rmdir ${D}${prefix}/lib --ignore-fail-on-non-empty
+   if [ ${D}${prefix}/lib != `dirname ${D}${systemd_unitdir}` ]; then
+      # Fix makefile hardcoded path assumptions for systemd (assumes $prefix)
+      # without usrmerge distro feature enabled
+      install -d `dirname ${D}${systemd_unitdir}`
+      mv ${D}${prefix}/lib/systemd `dirname ${D}${systemd_unitdir}`
+      rmdir ${D}${prefix}/lib --ignore-fail-on-non-empty
+   fi
 
    # Ensure correct ownership for files copied in
    chown root:root ${D}${sysconfdir}/stap-exporter/* -R
diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-examples_git.bb b/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.16.0.bb
index f2a3afbbf..e83ea8cb7 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gst-examples_git.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gst-examples_1.16.0.bb
@@ -10,7 +10,6 @@ SRC_URI = "git://gitlab.freedesktop.org/gstreamer/gst-examples.git;protocol=http
            "
 
 SRCREV = "d953c127c1146b50d5676618299933950685dcd7"
-PV = "1.16.0"
 
 S = "${WORKDIR}/git"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gst-validate_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gst-validate_1.16.1.bb
index 1f4370619..7d602eabc 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gst-validate_1.16.0.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gst-validate_1.16.1.bb
@@ -9,8 +9,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
 SRC_URI = "https://gstreamer.freedesktop.org/src/${BPN}/${BP}.tar.xz \
            file://0001-connect-has-a-different-signature-on-musl.patch \
            "
-SRC_URI[md5sum] = "c5c57f3325a2e62aae4a8ec4931f7711"
-SRC_URI[sha256sum] = "9331ae48a173a048243539730cc7a88607777762dea4aebbc3ab55981e68d6c9"
+SRC_URI[md5sum] = "793e75f4717f718ad204c554d577b160"
+SRC_URI[sha256sum] = "7f079b9b2a127604b98e297037dc8847ef50f4ce2b508aa2df0cac5b77562899"
 
 DEPENDS = "json-glib glib-2.0 glib-2.0-native gstreamer1.0 gstreamer1.0-plugins-base"
 RRECOMMENDS_${PN} = "git"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/gtkdoc-no-tree.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/gtkdoc-no-tree.patch
deleted file mode 100644
index a36fdc9a1..000000000
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav/gtkdoc-no-tree.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 6f720cebe632d7dc187c6907857d67ce1f7313d6 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Mon, 9 Sep 2019 22:48:49 +0100
-Subject: [PATCH] docs: don't include the type hierarchy
-
-gtk-doc can't generate a type hierarchy when scanning gst-libav, and gtk-doc
-1.30 onwards doesn't write a file if there is no type hierarchy (unlike previous
-releases, which wrote an empty file).  This results in the build failing with
-gtk-doc 1.30 onwards, so remove the type hierarchy section from the
-documentation as it doesn't serve any purpose.
-
-Fixes https://gitlab.freedesktop.org/gstreamer/gst-libav/issues/57
----
- docs/plugins/gst-libav-plugins-docs.sgml | 5 -----
- 1 file changed, 5 deletions(-)
-
-diff --git a/docs/plugins/gst-libav-plugins-docs.sgml b/docs/plugins/gst-libav-plugins-docs.sgml
-index 75c68f4..f68d554 100644
---- a/docs/plugins/gst-libav-plugins-docs.sgml
-+++ b/docs/plugins/gst-libav-plugins-docs.sgml
-@@ -32,9 +32,4 @@
-     <title>gst-libav Plugins</title>
-     <xi:include href="xml/plugin-libav.xml" />
-   </chapter>
--
--  <chapter>
--    <title>Object Hierarchy</title>
--    <xi:include href="xml/tree_index.sgml" />
--  </chapter>
- </book>
--- 
-2.22.0
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.1.bb
index d2629b506..10955ff16 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.0.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-libav_1.16.1.bb
@@ -12,16 +12,15 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://gst-libs/ext/libav/COPYING.LGPLv2.1;md5=bd7a443320af8c812e4c18d1b79df004 \
                     file://gst-libs/ext/libav/COPYING.LGPLv3;md5=e6a600fd5e1d9cbde2d983680233ad02"
 
-SRC_URI = "http://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz \
+SRC_URI = "https://gstreamer.freedesktop.org/src/gst-libav/gst-libav-${PV}.tar.xz \
            file://0001-Disable-yasm-for-libav-when-disable-yasm.patch \
            file://workaround-to-build-gst-libav-for-i586-with-gcc.patch \
            file://mips64_cpu_detection.patch \
            file://0001-configure-check-for-armv7ve-variant.patch \
            file://0001-fix-host-contamination.patch \
-           file://gtkdoc-no-tree.patch \
            "
-SRC_URI[md5sum] = "e3a201a45985ddc1327cd496046ca818"
-SRC_URI[sha256sum] = "dfac119043a9cfdcacd7acde77f674ab172cf2537b5812be52f49e9cddc53d9a"
+SRC_URI[md5sum] = "58023f4c71bbd711061e350fcd76c09d"
+SRC_URI[sha256sum] = "e8a5748ae9a4a7be9696512182ea9ffa6efe0be9b7976916548e9d4381ca61c4"
 
 S = "${WORKDIR}/gst-libav-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.1.bb
index d94bad36f..cb2f7045a 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.0.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-omx_1.16.1.bb
@@ -7,10 +7,10 @@ LICENSE_FLAGS = "commercial"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
                     file://omx/gstomx.h;beginline=1;endline=21;md5=5c8e1fca32704488e76d2ba9ddfa935f"
 
-SRC_URI = "http://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
+SRC_URI = "https://gstreamer.freedesktop.org/src/gst-omx/gst-omx-${PV}.tar.xz"
 
-SRC_URI[md5sum] = "c6f8554513980682099a2a9832250b01"
-SRC_URI[sha256sum] = "fef77cddc02784608451c46b9def880b63230a246decf8900f2da2ed54a8af4a"
+SRC_URI[md5sum] = "89772e7a277fd0abfc250eaf8e4e9ce9"
+SRC_URI[sha256sum] = "cbf54121a2cba575d460833e8132265781252ce32cf5b8f9fa8753e42ab24bb2"
 
 S = "${WORKDIR}/gst-omx-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.1.bb
index f9289e92d..1731be844 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.0.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad_1.16.1.bb
@@ -1,15 +1,15 @@
 require gstreamer1.0-plugins.inc
 
 SRC_URI = " \
-    http://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-${PV}.tar.xz \
+    https://gstreamer.freedesktop.org/src/gst-plugins-bad/gst-plugins-bad-${PV}.tar.xz \
     file://configure-allow-to-disable-libssh2.patch \
     file://fix-maybe-uninitialized-warnings-when-compiling-with-Os.patch \
     file://avoid-including-sys-poll.h-directly.patch \
     file://ensure-valid-sentinels-for-gst_structure_get-etc.patch \
     file://0001-introspection.m4-prefix-pkgconfig-paths-with-PKG_CON.patch \
 "
-SRC_URI[md5sum] = "e9e562d86c1527c44d904500dd35e326"
-SRC_URI[sha256sum] = "22139de35626ada6090bdfa3423b27b7fc15a0198331d25c95e6b12cb1072b05"
+SRC_URI[md5sum] = "24d4d30ecc67d5cbc77c0475bcea1210"
+SRC_URI[sha256sum] = "56481c95339b8985af13bac19b18bc8da7118c2a7d9440ed70e7dcd799c2adb5"
 
 S = "${WORKDIR}/gst-plugins-bad-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.1.bb
index 1d6f15e9c..cb99fba5f 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.0.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.16.1.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6762ed442b3822387a51c92d928ead0d \
                     file://common/coverage/coverage-report.pl;beginline=2;endline=17;md5=a4e1830fce078028c8f0974161272607"
 
 SRC_URI = " \
-            http://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-${PV}.tar.xz \
+            https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-${PV}.tar.xz \
             file://get-caps-from-src-pad-when-query-caps.patch \
             file://0003-ssaparse-enhance-SSA-text-lines-parsing.patch \
             file://make-gio_unix_2_0-dependency-configurable.patch \
@@ -18,8 +18,8 @@ SRC_URI = " \
             file://0001-gstreamer-gl.pc.in-don-t-append-GL_CFLAGS-to-CFLAGS.patch \
             file://link-with-libvchostif.patch \
             "
-SRC_URI[md5sum] = "41dde92930710c75cdb49169c5cc6dfc"
-SRC_URI[sha256sum] = "4093aa7b51e28fb24dfd603893fead8d1b7782f088b05ed0f22a21ef176fb5ae"
+SRC_URI[md5sum] = "b5eb0651bab70bf1714f103bdd66ce47"
+SRC_URI[sha256sum] = "5c3cc489933d0597087c9bc6ba251c93693d64554bcc563539a084fa2d5fcb2b"
 
 S = "${WORKDIR}/gst-plugins-base-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-scaletempo-Advertise-interleaved-layout-in-caps-temp.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-scaletempo-Advertise-interleaved-layout-in-caps-temp.patch
deleted file mode 100644
index caa080c8e..000000000
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/0001-scaletempo-Advertise-interleaved-layout-in-caps-temp.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From aadfa5f20f53601785e417fe3fcbe6d574880988 Mon Sep 17 00:00:00 2001
-From: Philippe Normand <philn@igalia.com>
-Date: Tue, 23 Apr 2019 10:10:01 +0100
-Subject: [PATCH] scaletempo: Advertise interleaved layout in caps templates
-
-Scaletempo doesn't support non-interleaved layout. Not explicitely stating this
-would trigger critical warnings and a caps negotiation failure when scaletempo
-is used as playbin audio-filter.
-
-Patch suggested by George Kiagiadakis <george.kiagiadakis@collabora.com>.
-
-Fixes #591
-Upstream-Status: Backport [merged, on track for 1.16.1.]
----
- gst/audiofx/gstscaletempo.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/gst/audiofx/gstscaletempo.c b/gst/audiofx/gstscaletempo.c
-index 3a719719a..83ee8fe24 100644
---- a/gst/audiofx/gstscaletempo.c
-+++ b/gst/audiofx/gstscaletempo.c
-@@ -93,9 +93,9 @@ enum
- 
- #define SUPPORTED_CAPS \
- GST_STATIC_CAPS ( \
--    GST_AUDIO_CAPS_MAKE (GST_AUDIO_NE (F32)) "; " \
--    GST_AUDIO_CAPS_MAKE (GST_AUDIO_NE (F64)) "; " \
--    GST_AUDIO_CAPS_MAKE (GST_AUDIO_NE (S16)) \
-+    GST_AUDIO_CAPS_MAKE (GST_AUDIO_NE (F32)) ", layout=(string)interleaved; " \
-+    GST_AUDIO_CAPS_MAKE (GST_AUDIO_NE (F64)) ", layout=(string)interleaved; " \
-+    GST_AUDIO_CAPS_MAKE (GST_AUDIO_NE (S16)) ", layout=(string)interleaved" \
- )
- 
- static GstStaticPadTemplate sink_template = GST_STATIC_PAD_TEMPLATE ("sink",
--- 
-2.20.1
-
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/headerfix.patch b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/headerfix.patch
deleted file mode 100644
index 34d25a0a4..000000000
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/headerfix.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Things break with overlapping defines between glib and gstreamer with glibc 2.30.
-
-Discussion in the link below, basically internal __ prefixed variables 
-shouldn't be redefined.
-
-Upstream-Status: Submitted [https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/issues/635]
-RP 2019/8/6
-
-Index: gst-plugins-good-1.16.0/sys/v4l2/ext/types-compat.h
-===================================================================
---- gst-plugins-good-1.16.0.orig/sys/v4l2/ext/types-compat.h
-+++ gst-plugins-good-1.16.0/sys/v4l2/ext/types-compat.h
-@@ -24,29 +24,6 @@
- #ifndef __TYPES_COMPAT_H__
- #define __TYPES_COMPAT_H__
- 
--/* From linux/types.h */
--#ifndef __bitwise__
--#  ifdef __CHECKER__
--#    define __bitwise__ __attribute__((bitwise))
--#  else
--#    define __bitwise__
--#  endif
--#endif
--
--#ifndef __bitwise
--#  ifdef __CHECK_ENDIAN__
--#    define __bitwise __bitwise__
--#  else
--#    define __bitwise
--#  endif
--#endif
--
--#define __u64 guint64
--#define __u32 guint32
--#define __u16 guint16
--#define __u8 guint8
--#define __s64 gint64
--#define __s32 gint32
--#define __le32 guint32 __bitwise
-+#include <linux/types.h>
- 
- #endif /* __TYPES_COMPAT_H__ */
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.1.bb
index 5751467db..0fa7b86ff 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.0.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.16.1.bb
@@ -1,14 +1,12 @@
 require gstreamer1.0-plugins.inc
 
 SRC_URI = " \
-            http://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-${PV}.tar.xz \
-            file://0001-scaletempo-Advertise-interleaved-layout-in-caps-temp.patch \
+            https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-${PV}.tar.xz \
             file://0001-introspection.m4-prefix-pkgconfig-paths-with-PKG_CON.patch \
-            file://headerfix.patch \
             "
 
-SRC_URI[md5sum] = "d1a7b442994d9522418de4af4330e034"
-SRC_URI[sha256sum] = "654adef33380d604112f702c2927574cfc285e31307b79e584113858838bb0fd"
+SRC_URI[md5sum] = "515987ee763256840a11bd8ea098f2bf"
+SRC_URI[sha256sum] = "9fbabe69018fcec707df0b71150168776040cde6c1a26bb5a82a136755fa8f1f"
 
 S = "${WORKDIR}/gst-plugins-good-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.1.bb
index 11a0e790e..ecab31889 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.0.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-ugly_1.16.1.bb
@@ -7,11 +7,11 @@ LICENSE = "GPLv2+ & LGPLv2.1+ & LGPLv2+"
 LICENSE_FLAGS = "commercial"
 
 SRC_URI = " \
-            http://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
+            https://gstreamer.freedesktop.org/src/gst-plugins-ugly/gst-plugins-ugly-${PV}.tar.xz \
             file://0001-introspection.m4-prefix-pkgconfig-paths-with-PKG_CON.patch \
             "
-SRC_URI[md5sum] = "1ec343c58d4b17d682f7befa8453c11c"
-SRC_URI[sha256sum] = "e30964c5f031c32289e0b25e176c3c95a5737f2052dfc81d0f7427ef0233a4c2"
+SRC_URI[md5sum] = "668795903cb4971fba9aa89abdea8369"
+SRC_URI[sha256sum] = "4bf913b2ca5195ac3b53b5e3ade2dc7c45d2258507552ddc850c5fa425968a1d"
 
 S = "${WORKDIR}/gst-plugins-ugly-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.1.bb
index 0f3aac190..5a950f183 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.0.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-python_1.16.1.bb
@@ -5,9 +5,9 @@ SECTION = "multimedia"
 LICENSE = "LGPLv2.1"
 LIC_FILES_CHKSUM = "file://COPYING;md5=c34deae4e395ca07e725ab0076a5f740"
 
-SRC_URI = "http://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
-SRC_URI[md5sum] = "877b2ed2aaffdb62e63f38ea9469b70f"
-SRC_URI[sha256sum] = "55dc7aaed1855565f9b9ef842d93e93bfc5cb2b376faef6af5b463e1774e2d38"
+SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz"
+SRC_URI[md5sum] = "499645fbd1790c5845c02a3998dccc1b"
+SRC_URI[sha256sum] = "b469c8955126f41b8ce0bf689b7029f182cd305f422b3a8df35b780bd8347489"
 
 DEPENDS = "gstreamer1.0 python3-pygobject"
 RDEPENDS_${PN} += "gstreamer1.0 python3-pygobject"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.1.bb
index 042938b88..45302ef4f 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.0.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-rtsp-server_1.16.1.bb
@@ -8,13 +8,13 @@ DEPENDS = "gstreamer1.0 gstreamer1.0-plugins-base"
 
 PNREAL = "gst-rtsp-server"
 
-SRC_URI = "http://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz \
+SRC_URI = "https://gstreamer.freedesktop.org/src/${PNREAL}/${PNREAL}-${PV}.tar.xz \
            file://0001-introspection.m4-prefix-pkgconfig-paths-with-PKG_CON.patch \
            file://gtk-doc-tweaks.patch \
            "
 
-SRC_URI[md5sum] = "adc4460239ec2eccf58ad9752ce53bfd"
-SRC_URI[sha256sum] = "198e9eec1a3e32dc810d3fbf3a714850a22c6288d4a5c8e802c5ff984af03f19"
+SRC_URI[md5sum] = "380d6a42e856c32fcefa508ad57129e0"
+SRC_URI[sha256sum] = "b0abacad2f86f60d63781d2b24443c5668733e8b08664bbef94124906d700144"
 
 S = "${WORKDIR}/${PNREAL}-${PV}"
 
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.1.bb
index e5dfb6124..61cf705fd 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.0.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0-vaapi_1.16.1.bb
@@ -13,8 +13,8 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/${REALPN}/${REALPN}-${PV}.tar.x
            file://0001-vaapsink-downgrade-to-marginal.patch \
            "
 
-SRC_URI[md5sum] = "8c3f9ee3e47cbdb75a94f7183460b721"
-SRC_URI[sha256sum] = "4e7fce626ee0590dca74b5a8341d25bac76307945131a970b414fc5895f5171f"
+SRC_URI[md5sum] = "15b08f76777359d87b0b4a561db05f1f"
+SRC_URI[sha256sum] = "cb570f6f1e78cb364fbe3c4fb8751824ee9db0c942ba61b62380b9b5abb7603a"
 
 S = "${WORKDIR}/${REALPN}-${PV}"
 DEPENDS = "libva gstreamer1.0 gstreamer1.0-plugins-base gstreamer1.0-plugins-bad"
diff --git a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.0.bb b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.1.bb
index da2d14cd9..ff92f63ba 100644
--- a/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.0.bb
+++ b/poky/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.16.1.bb
@@ -20,15 +20,15 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=6762ed442b3822387a51c92d928ead0d \
 S = "${WORKDIR}/gstreamer-${PV}"
 
 SRC_URI = " \
-    http://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.xz \
+    https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-${PV}.tar.xz \
     file://0001-introspection.m4-prefix-pkgconfig-paths-with-PKG_CON.patch \
     file://gtk-doc-tweaks.patch \
     file://0001-gst-gstpluginloader.c-when-env-var-is-set-do-not-fal.patch \
     file://add-a-target-to-compile-tests.patch \
     file://run-ptest \
 "
-SRC_URI[md5sum] = "862b7e4263d946bc2ef31b3c582e5587"
-SRC_URI[sha256sum] = "0e8e2f7118be437cba879353970cf83c2acced825ecb9275ba05d9186ef07c00"
+SRC_URI[md5sum] = "c505fb818b36988daaa846e9e63eabe8"
+SRC_URI[sha256sum] = "02211c3447c4daa55919c5c0f43a82a6fbb51740d57fc3af0639d46f1cf4377d"
 
 PACKAGECONFIG ??= "${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)} \
                    "
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-17546.patch b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-17546.patch
new file mode 100644
index 000000000..04c541093
--- /dev/null
+++ b/poky/meta/recipes-multimedia/libtiff/tiff/CVE-2019-17546.patch
@@ -0,0 +1,103 @@
+libtiff: fix CVE-2019-17546
+
+Added after 4.0.10 release.
+
+CVE: CVE-2019-17546
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff]
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+commit 4bb584a35f87af42d6cf09d15e9ce8909a839145
+Author: Even Rouault <even.rouault@spatialys.com>
+Date:   Thu Aug 15 15:05:28 2019 +0200
+
+    RGBA interface: fix integer overflow potentially causing write heap buffer overflow, especially on 32 bit builds. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443. Credit to OSS Fuzz
+
+diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
+index c88b5fa..4da785d 100644
+--- a/libtiff/tif_getimage.c
++++ b/libtiff/tif_getimage.c
+@@ -949,16 +949,23 @@ gtStripContig(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
+ 	fromskew = (w < imagewidth ? imagewidth - w : 0);
+ 	for (row = 0; row < h; row += nrow)
+ 	{
++		uint32 temp;
+ 		rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip;
+ 		nrow = (row + rowstoread > h ? h - row : rowstoread);
+ 		nrowsub = nrow;
+ 		if ((nrowsub%subsamplingver)!=0)
+ 			nrowsub+=subsamplingver-nrowsub%subsamplingver;
++		temp = (row + img->row_offset)%rowsperstrip + nrowsub;
++		if( scanline > 0 && temp > (size_t)(TIFF_TMSIZE_T_MAX / scanline) )
++		{
++			TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in gtStripContig");
++			return 0;
++		}
+ 		if (_TIFFReadEncodedStripAndAllocBuffer(tif,
+ 		    TIFFComputeStrip(tif,row+img->row_offset, 0),
+ 		    (void**)(&buf),
+                     maxstripsize,
+-		    ((row + img->row_offset)%rowsperstrip + nrowsub) * scanline)==(tmsize_t)(-1)
++		    temp * scanline)==(tmsize_t)(-1)
+ 		    && (buf == NULL || img->stoponerr))
+ 		{
+ 			ret = 0;
+@@ -1051,15 +1058,22 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
+ 	fromskew = (w < imagewidth ? imagewidth - w : 0);
+ 	for (row = 0; row < h; row += nrow)
+ 	{
++                uint32 temp;
+ 		rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip;
+ 		nrow = (row + rowstoread > h ? h - row : rowstoread);
+ 		offset_row = row + img->row_offset;
++                temp = (row + img->row_offset)%rowsperstrip + nrow;
++                if( scanline > 0 && temp > (size_t)(TIFF_TMSIZE_T_MAX / scanline) )
++                {
++                        TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in gtStripSeparate");
++                        return 0;
++                }
+                 if( buf == NULL )
+                 {
+                     if (_TIFFReadEncodedStripAndAllocBuffer(
+                             tif, TIFFComputeStrip(tif, offset_row, 0),
+                             (void**) &buf, bufsize,
+-                            ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1)
++                            temp * scanline)==(tmsize_t)(-1)
+                         && (buf == NULL || img->stoponerr))
+                     {
+                             ret = 0;
+@@ -1079,7 +1093,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
+                     }
+                 }
+ 		else if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 0),
+-		    p0, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1)
++		    p0, temp * scanline)==(tmsize_t)(-1)
+ 		    && img->stoponerr)
+ 		{
+ 			ret = 0;
+@@ -1087,7 +1101,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
+ 		}
+ 		if (colorchannels > 1 
+                     && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 1),
+-                                            p1, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1)
++                                            p1, temp * scanline) == (tmsize_t)(-1)
+ 		    && img->stoponerr)
+ 		{
+ 			ret = 0;
+@@ -1095,7 +1109,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
+ 		}
+ 		if (colorchannels > 1 
+                     && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 2),
+-                                            p2, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1)
++                                            p2, temp * scanline) == (tmsize_t)(-1)
+ 		    && img->stoponerr)
+ 		{
+ 			ret = 0;
+@@ -1104,7 +1118,7 @@ gtStripSeparate(TIFFRGBAImage* img, uint32* raster, uint32 w, uint32 h)
+ 		if (alpha)
+ 		{
+ 			if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, colorchannels),
+-			    pa, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1)
++			    pa, temp * scanline)==(tmsize_t)(-1)
+ 			    && img->stoponerr)
+ 			{
+ 				ret = 0;
diff --git a/poky/meta/recipes-multimedia/libtiff/tiff_4.0.10.bb b/poky/meta/recipes-multimedia/libtiff/tiff_4.0.10.bb
index 0432763cc..5c008c53f 100644
--- a/poky/meta/recipes-multimedia/libtiff/tiff_4.0.10.bb
+++ b/poky/meta/recipes-multimedia/libtiff/tiff_4.0.10.bb
@@ -8,6 +8,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2019-6128.patch \
            file://CVE-2019-7663.patch \
            file://CVE-2019-14973.patch \
+           file://CVE-2019-17546.patch \
 "
 SRC_URI[md5sum] = "114192d7ebe537912a2b97408832e7fd"
 SRC_URI[sha256sum] = "2c52d11ccaf767457db0c46795d9c7d1a8d8f76f68b0b800a3dfe45786b996e4"
diff --git a/poky/meta/recipes-support/aspell/aspell_0.60.7.bb b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb
index da99d1263..629987810 100644
--- a/poky/meta/recipes-support/aspell/aspell_0.60.7.bb
+++ b/poky/meta/recipes-support/aspell/aspell_0.60.8.bb
@@ -4,11 +4,9 @@ SECTION = "console/utils"
 LICENSE = "LGPLv2 | LGPLv2.1"
 LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34"
 
-PR = "r1"
-
 SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz"
-SRC_URI[md5sum] = "8ef2252609c511cd2bb26f3a3932ef28"
-SRC_URI[sha256sum] = "5ca8fc8cb0370cc6c9eb5b64c6d1bc5d57b3750dbf17887726c3407d833b70e4"
+SRC_URI[md5sum] = "012fa9209203ae4e5a61c2a668fd10e3"
+SRC_URI[sha256sum] = "f9b77e515334a751b2e60daab5db23499e26c9209f5e7b7443b05235ad0226f2"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[curses] = "--enable-curses,--disable-curses,ncurses"
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.10.bb
index 43f76dc56..43f76dc56 100644
--- a/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.9.bb
+++ b/poky/meta/recipes-support/libcap-ng/libcap-ng-python_0.7.10.bb
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng.inc b/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
index 739b91fd2..aec83896e 100644
--- a/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
+++ b/poky/meta/recipes-support/libcap-ng/libcap-ng.inc
@@ -11,7 +11,7 @@ SRC_URI = "http://people.redhat.com/sgrubb/libcap-ng/libcap-ng-${PV}.tar.gz \
            file://python.patch \
 "
 
-SRC_URI[md5sum] = "2398d695508fab9ce33668c53a89b0e9"
-SRC_URI[sha256sum] = "4a1532bcf3731aade40936f6d6a586ed5a66ca4c7455e1338d1f6c3e09221328"
+SRC_URI[md5sum] = "57dc267e2949cdecb651a929f9206572"
+SRC_URI[sha256sum] = "a84ca7b4e0444283ed269b7a29f5b6187f647c82e2b876636b49b9a744f0ffbf"
 
-BBCLASSEXTEND = "native nativesdk"
\ No newline at end of file
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/libcap-ng/libcap-ng_0.7.9.bb b/poky/meta/recipes-support/libcap-ng/libcap-ng_0.7.10.bb
index 6e6de4549..a9a046571 100644
--- a/poky/meta/recipes-support/libcap-ng/libcap-ng_0.7.9.bb
+++ b/poky/meta/recipes-support/libcap-ng/libcap-ng_0.7.10.bb
@@ -3,6 +3,7 @@ require libcap-ng.inc
 inherit lib_package autotools
 
 EXTRA_OECONF += "--without-python --without-python3"
+LDFLAGS_append_class-native = " -pthread"
 
 BBCLASSEXTEND = "native nativesdk"
 
diff --git a/poky/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch b/poky/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
new file mode 100644
index 000000000..4df96f001
--- /dev/null
+++ b/poky/meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
@@ -0,0 +1,90 @@
+From 1374254c2904ab5b18ba4a890856824a102d4705 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Sat, 27 Apr 2019 19:33:28 +0300
+Subject: [PATCH 1/3] Prefetch GCM look-up tables
+
+* cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables)
+(prefetch_tables): New.
+(ghash_internal): Call prefetch_tables.
+--
+
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+Upstream-Status: Backport
+[https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705]
+
+CVE: CVE-2019-12904
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ cipher/cipher-gcm.c | 33 +++++++++++++++++++++++++++++++++
+ 1 file changed, 33 insertions(+)
+
+diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
+index c19f09f..11f119a 100644
+--- a/cipher/cipher-gcm.c
++++ b/cipher/cipher-gcm.c
+@@ -118,6 +118,34 @@ static const u16 gcmR[256] = {
+   0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
+ };
+ 
++static inline
++void prefetch_table(const void *tab, size_t len)
++{
++  const volatile byte *vtab = tab;
++  size_t i;
++
++  for (i = 0; i < len; i += 8 * 32)
++    {
++      (void)vtab[i + 0 * 32];
++      (void)vtab[i + 1 * 32];
++      (void)vtab[i + 2 * 32];
++      (void)vtab[i + 3 * 32];
++      (void)vtab[i + 4 * 32];
++      (void)vtab[i + 5 * 32];
++      (void)vtab[i + 6 * 32];
++      (void)vtab[i + 7 * 32];
++    }
++
++  (void)vtab[len - 1];
++}
++
++static inline void
++do_prefetch_tables (const void *gcmM, size_t gcmM_size)
++{
++  prefetch_table(gcmM, gcmM_size);
++  prefetch_table(gcmR, sizeof(gcmR));
++}
++
+ #ifdef GCM_TABLES_USE_U64
+ static void
+ bshift (u64 * b0, u64 * b1)
+@@ -365,6 +393,8 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM)
+ #define fillM(c) \
+   do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table)
+ #define GHASH(c, result, buf) do_ghash (result, buf, c->u_mode.gcm.gcm_table)
++#define prefetch_tables(c) \
++  do_prefetch_tables(c->u_mode.gcm.gcm_table, sizeof(c->u_mode.gcm.gcm_table))
+ 
+ #else
+ 
+@@ -430,6 +460,7 @@ do_ghash (unsigned char *hsub, unsigned char *result, const unsigned char *buf)
+ 
+ #define fillM(c) do { } while (0)
+ #define GHASH(c, result, buf) do_ghash (c->u_mode.gcm.u_ghash_key.key, result, buf)
++#define prefetch_tables(c) do {} while (0)
+ 
+ #endif /* !GCM_USE_TABLES */
+ 
+@@ -441,6 +472,8 @@ ghash_internal (gcry_cipher_hd_t c, byte *result, const byte *buf,
+   const unsigned int blocksize = GCRY_GCM_BLOCK_LEN;
+   unsigned int burn = 0;
+ 
++  prefetch_tables (c);
++
+   while (nblocks)
+     {
+       burn = GHASH (c, result, buf);
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-support/libgcrypt/files/0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch b/poky/meta/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch
index d41c3de3b..cd8a5993b 100644
--- a/poky/meta/recipes-support/libgcrypt/files/0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch
+++ b/poky/meta/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch
@@ -1,41 +1,26 @@
-From 72b9e9040d58c15f0302bd8abda28179f04e1c5f Mon Sep 17 00:00:00 2001
-From: Richard Purdie <richard.purdie@linuxfoundation.org>
-Date: Wed, 16 Aug 2017 10:43:18 +0800
-Subject: [PATCH 1/4] Add and use pkg-config for libgcrypt instead of -config
- scripts.
+From bee26d7c4ea0b4a397c289b819b89e78bc325ba0 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <trevor.gamblin@windriver.com>
+Date: Tue, 29 Oct 2019 14:08:32 -0400
+Subject: [PATCH] libgcrypt: fix m4 file for oe-core
 
-Upstream-Status: Denied [upstream have indicated they don't want a
-pkg-config dependency]
+Modify libgcrypt pkgconfig specifically for oe-core. Changes
+are based on a previous patch from RP, using wiggle to
+incorporate the parts that aren't in the upstream pkgconfig
+settings.
 
-RP 2014/5/22
+Upstream-Status: Inappropriate [oe-specific]
 
-Rebase to 1.8.0
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
- configure.ac        |  1 +
- src/libgcrypt.m4    | 71 +++--------------------------------------------------
- src/libgcrypt.pc.in | 33 +++++++++++++++++++++++++
- 3 files changed, 38 insertions(+), 67 deletions(-)
- create mode 100644 src/libgcrypt.pc.in
+ src/libgcrypt.m4 | 90 +++---------------------------------------------
+ 1 file changed, 4 insertions(+), 86 deletions(-)
 
-diff --git a/configure.ac b/configure.ac
-index bbe8104..3d2de73 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2607,6 +2607,7 @@ random/Makefile
- doc/Makefile
- src/Makefile
- src/gcrypt.h
-+src/libgcrypt.pc
- src/libgcrypt-config
- src/versioninfo.rc
- tests/Makefile
 diff --git a/src/libgcrypt.m4 b/src/libgcrypt.m4
-index c67cfec..4ea5f2c 100644
+index 37dfbea2..3d2e90a8 100644
 --- a/src/libgcrypt.m4
 +++ b/src/libgcrypt.m4
-@@ -29,30 +29,6 @@ dnl is added to the gpg_config_script_warn variable.
+@@ -29,41 +29,6 @@ dnl is added to the gpg_config_script_warn variable.
  dnl
  AC_DEFUN([AM_PATH_LIBGCRYPT],
  [ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -46,8 +31,20 @@ index c67cfec..4ea5f2c 100644
 -  if test x"${LIBGCRYPT_CONFIG}" = x ; then
 -     if test x"${libgcrypt_config_prefix}" != x ; then
 -        LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
--     else
--       case "${SYSROOT}" in
+-     fi
+-  fi
+-
+-  use_gpgrt_config=""
+-  if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
+-    if $GPGRT_CONFIG libgcrypt --exists; then
+-      LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt"
+-      AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config])
+-      use_gpgrt_config=yes
+-    fi
+-  fi
+-  if test -z "$use_gpgrt_config"; then
+-    if test x"${LIBGCRYPT_CONFIG}" = x ; then
+-      case "${SYSROOT}" in
 -         /*)
 -           if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
 -             LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
@@ -58,15 +55,14 @@ index c67cfec..4ea5f2c 100644
 -          *)
 -           AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
 -           ;;
--       esac
--     fi
+-      esac
+-    fi
+-    AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
 -  fi
--
--  AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+ 
    tmp=ifelse([$1], ,1:1.2.0,$1)
    if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
-      req_libgcrypt_api=`echo "$tmp"     | sed 's/\(.*\):\(.*\)/\1/'`
-@@ -62,48 +38,13 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+@@ -74,56 +39,13 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
       min_libgcrypt_version="$tmp"
    fi
  
@@ -79,7 +75,11 @@ index c67cfec..4ea5f2c 100644
 -               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
 -    req_micro=`echo $min_libgcrypt_version | \
 -               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
--    libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
+-    if test -z "$use_gpgrt_config"; then
+-      libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
+-    else
+-      libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion`
+-    fi
 -    major=`echo $libgcrypt_config_version | \
 -               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
 -    minor=`echo $libgcrypt_config_version | \
@@ -113,24 +113,29 @@ index c67cfec..4ea5f2c 100644
       # If we have a recent libgcrypt, we should also check that the
       # API is compatible
       if test "$req_libgcrypt_api" -gt 0 ; then
--        tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
+-        if test -z "$use_gpgrt_config"; then
+-           tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
+-	else
+-           tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0`
+-	fi
 +        tmp=`$PKG_CONFIG --variable=api_version libgcrypt`
          if test "$tmp" -gt 0 ; then
             AC_MSG_CHECKING([LIBGCRYPT API version])
             if test "$req_libgcrypt_api" -eq "$tmp" ; then
-@@ -116,10 +57,8 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+@@ -136,11 +58,9 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
       fi
    fi
    if test $ok = yes; then
 -    LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
 -    LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
      ifelse([$2], , :, [$2])
--    libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
-+    libgcrypt_config_host=`$PKG_CONFIG --variable=host libgcrypt`
-     if test x"$libgcrypt_config_host" != xnone ; then
-       if test x"$libgcrypt_config_host" != x"$host" ; then
-   AC_MSG_WARN([[
-@@ -134,8 +73,6 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+     if test -z "$use_gpgrt_config"; then
+-      libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
++      libgcrypt_config_host=`$PKG_CONFIG --variable=host libgcrypt`
+     else
+       libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none`
+     fi
+@@ -158,8 +78,6 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
        fi
      fi
    else
@@ -139,45 +144,6 @@ index c67cfec..4ea5f2c 100644
      ifelse([$3], , :, [$3])
    fi
    AC_SUBST(LIBGCRYPT_CFLAGS)
-diff --git a/src/libgcrypt.pc.in b/src/libgcrypt.pc.in
-new file mode 100644
-index 0000000..2fc8f53
---- /dev/null
-+++ b/src/libgcrypt.pc.in
-@@ -0,0 +1,33 @@
-+# Process this file with autoconf to produce a pkg-config metadata file.
-+# Copyright (C) 2002, 2003, 2004, 2005, 2006 Free Software Foundation
-+# Author: Simon Josefsson
-+#
-+# This file is free software; as a special exception the author gives
-+# unlimited permission to copy and/or distribute it, with or without
-+# modifications, as long as this notice is preserved.
-+#
-+# This file is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
-+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-+
-+prefix=@prefix@
-+exec_prefix=@exec_prefix@
-+libdir=@libdir@
-+includedir=@includedir@
-+
-+# API info
-+api_version=@LIBGCRYPT_CONFIG_API_VERSION@
-+host=@LIBGCRYPT_CONFIG_HOST@
-+
-+# Misc information.
-+symmetric_ciphers=@LIBGCRYPT_CIPHERS@
-+asymmetric_ciphers=@LIBGCRYPT_PUBKEY_CIPHERS@
-+digests=@LIBGCRYPT_DIGESTS@
-+
-+Name: libgcrypt
-+Description: GNU crypto library
-+URL: http://www.gnupg.org
-+Version: @VERSION@
-+Libs: -L${libdir} -lgcrypt
-+Libs.private: -L${libdir} -lgpg-error
-+Cflags: -I${includedir} 
 -- 
-1.8.3.1
+2.17.1
 
diff --git a/poky/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch b/poky/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
new file mode 100644
index 000000000..c82c5b5c8
--- /dev/null
+++ b/poky/meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
@@ -0,0 +1,332 @@
+From 119348dd9aa52ab229afb5e2d3342d2b76fe81bf Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Fri, 31 May 2019 17:18:09 +0300
+Subject: [PATCH 2/3] AES: move look-up tables to .data section and unshare between
+ processes
+
+* cipher/rijndael-internal.h (ATTR_ALIGNED_64): New.
+* cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure.
+(enc_tables): New structure for encryption table with counters before
+and after.
+(encT): New macro.
+(dec_tables): Add counters before and after encryption table; Move
+from .rodata to .data section.
+(do_encrypt): Change 'encT' to 'enc_tables.T'.
+(do_decrypt): Change '&dec_tables' to 'dec_tables.T'.
+* cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input
+with length not multiple of 256.
+(prefetch_enc, prefetch_dec): Modify pre- and post-table counters
+to unshare look-up table pages between processes.
+--
+
+GnuPG-bug-id: 4541
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+Upstream-Status: Backport
+[https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762]
+
+CVE: CVE-2019-12904
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ cipher/rijndael-internal.h |   4 +-
+ cipher/rijndael-tables.h   | 155 +++++++++++++++++++++++++--------------------
+ cipher/rijndael.c          |  35 ++++++++--
+ 3 files changed, 118 insertions(+), 76 deletions(-)
+
+diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h
+index 160fb8c..a62d4b7 100644
+--- a/cipher/rijndael-internal.h
++++ b/cipher/rijndael-internal.h
+@@ -29,11 +29,13 @@
+ #define BLOCKSIZE               (128/8)
+ 
+ 
+-/* Helper macro to force alignment to 16 bytes.  */
++/* Helper macro to force alignment to 16 or 64 bytes.  */
+ #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
+ # define ATTR_ALIGNED_16  __attribute__ ((aligned (16)))
++# define ATTR_ALIGNED_64  __attribute__ ((aligned (64)))
+ #else
+ # define ATTR_ALIGNED_16
++# define ATTR_ALIGNED_64
+ #endif
+ 
+ 
+diff --git a/cipher/rijndael-tables.h b/cipher/rijndael-tables.h
+index 8359470..b54d959 100644
+--- a/cipher/rijndael-tables.h
++++ b/cipher/rijndael-tables.h
+@@ -21,80 +21,98 @@
+ /* To keep the actual implementation at a readable size we use this
+    include file to define the tables.  */
+ 
+-static const u32 encT[256] =
++static struct
++{
++  volatile u32 counter_head;
++  u32 cacheline_align[64 / 4 - 1];
++  u32 T[256];
++  volatile u32 counter_tail;
++} enc_tables ATTR_ALIGNED_64 =
+   {
+-    0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
+-    0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
+-    0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
+-    0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
+-    0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
+-    0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
+-    0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
+-    0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
+-    0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+-    0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
+-    0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
+-    0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+-    0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
+-    0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
+-    0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+-    0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
+-    0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
+-    0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+-    0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
+-    0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
+-    0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
+-    0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
+-    0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
+-    0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+-    0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
+-    0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
+-    0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
+-    0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
+-    0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
+-    0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
+-    0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
+-    0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
+-    0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+-    0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
+-    0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
+-    0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+-    0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
+-    0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
+-    0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
+-    0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
+-    0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
+-    0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
+-    0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
+-    0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
+-    0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
+-    0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
+-    0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
+-    0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
+-    0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
+-    0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
+-    0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+-    0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
+-    0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
+-    0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
+-    0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
+-    0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
+-    0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
+-    0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
+-    0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
+-    0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+-    0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
+-    0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
+-    0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
+-    0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
++    0,
++    { 0, },
++    {
++      0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
++      0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
++      0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
++      0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
++      0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
++      0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
++      0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
++      0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
++      0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
++      0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
++      0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
++      0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
++      0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
++      0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
++      0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
++      0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
++      0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
++      0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
++      0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
++      0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
++      0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
++      0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
++      0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
++      0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
++      0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
++      0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
++      0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
++      0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
++      0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
++      0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
++      0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
++      0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
++      0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
++      0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
++      0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
++      0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
++      0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
++      0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
++      0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
++      0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
++      0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
++      0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
++      0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
++      0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
++      0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
++      0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
++      0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
++      0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
++      0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
++      0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
++      0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
++      0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
++      0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
++      0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
++      0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
++      0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
++      0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
++      0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
++      0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
++      0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
++      0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
++      0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
++      0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
++      0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
++    },
++    0
+   };
+ 
+-static const struct
++#define encT enc_tables.T
++
++static struct
+ {
++  volatile u32 counter_head;
++  u32 cacheline_align[64 / 4 - 1];
+   u32 T[256];
+   byte inv_sbox[256];
+-} dec_tables =
++  volatile u32 counter_tail;
++} dec_tables ATTR_ALIGNED_64 =
+   {
++    0,
++    { 0, },
+     {
+       0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
+       0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
+@@ -194,7 +212,8 @@ static const struct
+       0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+       0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+       0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+-    }
++    },
++    0
+   };
+ 
+ #define decT dec_tables.T
+diff --git a/cipher/rijndael.c b/cipher/rijndael.c
+index 8637195..d0edab2 100644
+--- a/cipher/rijndael.c
++++ b/cipher/rijndael.c
+@@ -227,11 +227,11 @@ static const char *selftest(void);
+ 
+ 
+ /* Prefetching for encryption/decryption tables. */
+-static void prefetch_table(const volatile byte *tab, size_t len)
++static inline void prefetch_table(const volatile byte *tab, size_t len)
+ {
+   size_t i;
+ 
+-  for (i = 0; i < len; i += 8 * 32)
++  for (i = 0; len - i >= 8 * 32; i += 8 * 32)
+     {
+       (void)tab[i + 0 * 32];
+       (void)tab[i + 1 * 32];
+@@ -242,17 +242,37 @@ static void prefetch_table(const volatile byte *tab, size_t len)
+       (void)tab[i + 6 * 32];
+       (void)tab[i + 7 * 32];
+     }
++  for (; i < len; i += 32)
++    {
++      (void)tab[i];
++    }
+ 
+   (void)tab[len - 1];
+ }
+ 
+ static void prefetch_enc(void)
+ {
+-  prefetch_table((const void *)encT, sizeof(encT));
++  /* Modify counters to trigger copy-on-write and unsharing if physical pages
++   * of look-up table are shared between processes.  Modifying counters also
++   * causes checksums for pages to change and hint same-page merging algorithm
++   * that these pages are frequently changing.  */
++  enc_tables.counter_head++;
++  enc_tables.counter_tail++;
++
++  /* Prefetch look-up tables to cache.  */
++  prefetch_table((const void *)&enc_tables, sizeof(enc_tables));
+ }
+ 
+ static void prefetch_dec(void)
+ {
++  /* Modify counters to trigger copy-on-write and unsharing if physical pages
++   * of look-up table are shared between processes.  Modifying counters also
++   * causes checksums for pages to change and hint same-page merging algorithm
++   * that these pages are frequently changing.  */
++  dec_tables.counter_head++;
++  dec_tables.counter_tail++;
++
++  /* Prefetch look-up tables to cache.  */
+   prefetch_table((const void *)&dec_tables, sizeof(dec_tables));
+ }
+ 
+@@ -737,7 +757,7 @@ do_encrypt (const RIJNDAEL_context *ctx,
+ #ifdef USE_AMD64_ASM
+ # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
+   return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
+-				       encT);
++				       enc_tables.T);
+ # else
+   /* Call SystemV ABI function without storing non-volatile XMM registers,
+    * as target function does not use vector instruction sets. */
+@@ -757,7 +777,8 @@ do_encrypt (const RIJNDAEL_context *ctx,
+   return ret;
+ # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
+ #elif defined(USE_ARM_ASM)
+-  return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT);
++  return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
++				     enc_tables.T);
+ #else
+   return do_encrypt_fn (ctx, bx, ax);
+ #endif /* !USE_ARM_ASM && !USE_AMD64_ASM*/
+@@ -1120,7 +1141,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx,
+ #ifdef USE_AMD64_ASM
+ # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
+   return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
+-				       &dec_tables);
++				       dec_tables.T);
+ # else
+   /* Call SystemV ABI function without storing non-volatile XMM registers,
+    * as target function does not use vector instruction sets. */
+@@ -1141,7 +1162,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx,
+ # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
+ #elif defined(USE_ARM_ASM)
+   return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
+-				     &dec_tables);
++				     dec_tables.T);
+ #else
+   return do_decrypt_fn (ctx, bx, ax);
+ #endif /*!USE_ARM_ASM && !USE_AMD64_ASM*/
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch b/poky/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch
new file mode 100644
index 000000000..b580b7b13
--- /dev/null
+++ b/poky/meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch
@@ -0,0 +1,178 @@
+From a4c561aab1014c3630bc88faf6f5246fee16b020 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Fri, 31 May 2019 17:27:25 +0300
+Subject: [PATCH 3/3] GCM: move look-up table to .data section and unshare
+ between processes
+
+* cipher/cipher-gcm.c (ATTR_ALIGNED_64): New.
+(gcmR): Move to 'gcm_table' structure.
+(gcm_table): New structure for look-up table with counters before and
+after.
+(gcmR): New macro.
+(prefetch_table): Handle input with length not multiple of 256.
+(do_prefetch_tables): Modify pre- and post-table counters to unshare
+look-up table pages between processes.
+--
+
+GnuPG-bug-id: 4541
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+Upstream-Status: Backport
+[https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020]
+
+CVE: CVE-2019-12904
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ cipher/cipher-gcm.c | 106 ++++++++++++++++++++++++++++++++++------------------
+ 1 file changed, 70 insertions(+), 36 deletions(-)
+
+diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
+index 11f119a..194e2ec 100644
+--- a/cipher/cipher-gcm.c
++++ b/cipher/cipher-gcm.c
+@@ -30,6 +30,14 @@
+ #include "./cipher-internal.h"
+ 
+ 
++/* Helper macro to force alignment to 16 or 64 bytes.  */
++#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
++# define ATTR_ALIGNED_64  __attribute__ ((aligned (64)))
++#else
++# define ATTR_ALIGNED_64
++#endif
++
++
+ #ifdef GCM_USE_INTEL_PCLMUL
+ extern void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c);
+ 
+@@ -83,40 +91,54 @@ ghash_armv7_neon (gcry_cipher_hd_t c, byte *result, const byte *buf,
+ 
+ 
+ #ifdef GCM_USE_TABLES
+-static const u16 gcmR[256] = {
+-  0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
+-  0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
+-  0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
+-  0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
+-  0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
+-  0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
+-  0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
+-  0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
+-  0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
+-  0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
+-  0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
+-  0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
+-  0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
+-  0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
+-  0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
+-  0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
+-  0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
+-  0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
+-  0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
+-  0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
+-  0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
+-  0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
+-  0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
+-  0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
+-  0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
+-  0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
+-  0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
+-  0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
+-  0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
+-  0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
+-  0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
+-  0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
+-};
++static struct
++{
++  volatile u32 counter_head;
++  u32 cacheline_align[64 / 4 - 1];
++  u16 R[256];
++  volatile u32 counter_tail;
++} gcm_table ATTR_ALIGNED_64 =
++  {
++    0,
++    { 0, },
++    {
++      0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
++      0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
++      0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
++      0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
++      0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
++      0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
++      0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
++      0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
++      0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
++      0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
++      0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
++      0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
++      0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
++      0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
++      0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
++      0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
++      0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
++      0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
++      0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
++      0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
++      0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
++      0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
++      0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
++      0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
++      0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
++      0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
++      0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
++      0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
++      0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
++      0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
++      0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
++      0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
++    },
++    0
++  };
++
++#define gcmR gcm_table.R
+ 
+ static inline
+ void prefetch_table(const void *tab, size_t len)
+@@ -124,7 +146,7 @@ void prefetch_table(const void *tab, size_t len)
+   const volatile byte *vtab = tab;
+   size_t i;
+ 
+-  for (i = 0; i < len; i += 8 * 32)
++  for (i = 0; len - i >= 8 * 32; i += 8 * 32)
+     {
+       (void)vtab[i + 0 * 32];
+       (void)vtab[i + 1 * 32];
+@@ -135,6 +157,10 @@ void prefetch_table(const void *tab, size_t len)
+       (void)vtab[i + 6 * 32];
+       (void)vtab[i + 7 * 32];
+     }
++  for (; i < len; i += 32)
++    {
++      (void)vtab[i];
++    }
+ 
+   (void)vtab[len - 1];
+ }
+@@ -142,8 +168,16 @@ void prefetch_table(const void *tab, size_t len)
+ static inline void
+ do_prefetch_tables (const void *gcmM, size_t gcmM_size)
+ {
++  /* Modify counters to trigger copy-on-write and unsharing if physical pages
++   * of look-up table are shared between processes.  Modifying counters also
++   * causes checksums for pages to change and hint same-page merging algorithm
++   * that these pages are frequently changing.  */
++  gcm_table.counter_head++;
++  gcm_table.counter_tail++;
++
++  /* Prefetch look-up tables to cache.  */
+   prefetch_table(gcmM, gcmM_size);
+-  prefetch_table(gcmR, sizeof(gcmR));
++  prefetch_table(&gcm_table, sizeof(gcm_table));
+ }
+ 
+ #ifdef GCM_TABLES_USE_U64
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
index fda68a293..04785574f 100644
--- a/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb
+++ b/poky/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
@@ -17,13 +17,16 @@ DEPENDS = "libgpg-error"
 
 UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
 SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
-           file://0001-Add-and-use-pkg-config-for-libgcrypt-instead-of-conf.patch \
+           file://0001-libgcrypt-fix-m4-file-for-oe-core.patch \
            file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \
            file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
            file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
+           file://0001-Prefetch-GCM-look-up-tables.patch \
+           file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \
+           file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \
 "
-SRC_URI[md5sum] = "fbfdaebbbc6d7e5fbbf6ffdb3e139573"
-SRC_URI[sha256sum] = "f638143a0672628fde0cad745e9b14deb85dffb175709cacc1f4fe24b93f2227"
+SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743"
+SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3"
 
 BINCONFIG = "${bindir}/libgcrypt-config"
 
diff --git a/poky/meta/recipes-support/libical/libical/0001-Use-our-hand-build-native-src-generator.patch b/poky/meta/recipes-support/libical/libical/0001-Use-our-hand-build-native-src-generator.patch
new file mode 100644
index 000000000..b7b757d74
--- /dev/null
+++ b/poky/meta/recipes-support/libical/libical/0001-Use-our-hand-build-native-src-generator.patch
@@ -0,0 +1,33 @@
+From e33bc310238bba1690f2c71ad333e10b9e422ea9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com>
+Date: Sat, 19 Oct 2019 14:23:06 +0200
+Subject: [PATCH] Use our hand-build native src-generator
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Upstream-Status: Inappropriate [oe-core specific]
+
+Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
+---
+ src/libical-glib/CMakeLists.txt | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libical-glib/CMakeLists.txt b/src/libical-glib/CMakeLists.txt
+index f3704e6..ce9db16 100644
+--- a/src/libical-glib/CMakeLists.txt
++++ b/src/libical-glib/CMakeLists.txt
+@@ -63,8 +63,8 @@ endforeach()
+ 
+ add_custom_command (
+   OUTPUT ${LIBICAL_GLIB_SOURCES} ${CMAKE_CURRENT_BINARY_DIR}/libical-glib-private.h ${CMAKE_CURRENT_BINARY_DIR}/i-cal-forward-declarations.h
+-  COMMAND ${EXECUTABLE_OUTPUT_PATH}/src-generator "${CMAKE_CURRENT_SOURCE_DIR}/tools" "${CMAKE_CURRENT_SOURCE_DIR}/api"
+-  DEPENDS ${EXECUTABLE_OUTPUT_PATH}/src-generator ${xml_files}
++  COMMAND ${CMAKE_BINARY_DIR}/src-generator "${CMAKE_CURRENT_SOURCE_DIR}/tools" "${CMAKE_CURRENT_SOURCE_DIR}/api"
++  DEPENDS ${CMAKE_BINARY_DIR}/src-generator ${xml_files}
+ )
+ 
+ configure_file(
+-- 
+2.21.0
+
diff --git a/poky/meta/recipes-support/libical/libical_3.0.6.bb b/poky/meta/recipes-support/libical/libical_3.0.6.bb
index 032f3655e..f9be898a1 100644
--- a/poky/meta/recipes-support/libical/libical_3.0.6.bb
+++ b/poky/meta/recipes-support/libical/libical_3.0.6.bb
@@ -7,27 +7,35 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=1910a2a76ddf6a9ba369182494170d87 \
                     file://LICENSE.MPL2.txt;md5=9741c346eef56131163e13b9db1241b3"
 SECTION = "libs"
 
-SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz"
-
+SRC_URI = " \
+    https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
+    file://0001-Use-our-hand-build-native-src-generator.patch \
+"
 SRC_URI[md5sum] = "463a59244c6767b8e67b29379405e297"
 SRC_URI[sha256sum] = "5c8a21c2b732ece4a33e5c862970b4f35a8548bbcda50de5695f6fc211ac4d97"
 UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases"
 
 inherit cmake pkgconfig
 
-PACKAGECONFIG ??= "icu"
+do_compile_prepend() {
+	# As long as https://github.com/libical/libical/issues/394 is open build native src-generator manually
+	NATIVE_CFLAGS="${BUILD_CFLAGS} `pkg-config-native --cflags glib-2.0` `pkg-config-native --cflags libxml-2.0`"
+	NATIVE_LDFLAGS="${BUILD_LDFLAGS} `pkg-config-native --libs glib-2.0` `pkg-config-native --libs libxml-2.0`"
+	${BUILD_CC} $NATIVE_CFLAGS ${S}/src/libical-glib/tools/generator.c ${S}/src/libical-glib/tools/xml-parser.c -o ${B}/src-generator $NATIVE_LDFLAGS
+}
+
+PACKAGECONFIG ??= "icu glib"
 PACKAGECONFIG[bdb] = ",-DCMAKE_DISABLE_FIND_PACKAGE_BDB=True,db"
+PACKAGECONFIG[glib] = "-DICAL_GLIB=True,-DICAL_GLIB=False,glib-2.0-native libxml2-native glib-2.0 libxml2"
 # ICU is used for RSCALE (RFC7529) support
 PACKAGECONFIG[icu] = ",-DCMAKE_DISABLE_FIND_PACKAGE_ICU=True,icu"
 
 # No need to use perl-native, the host perl is sufficient.
 EXTRA_OECMAKE += "-DPERL_EXECUTABLE=${HOSTTOOLS_DIR}/perl"
+# doc build fails with linker error (??) for libical-glib so disable it
+EXTRA_OECMAKE += "-DICAL_BUILD_DOCS=false"
 
-# The glib library can't be cross-compiled, disable for now.
-# https://github.com/libical/libical/issues/394
-EXTRA_OECMAKE += "-DICAL_GLIB=false"
-
-do_install_append_class-target () {
+do_install_append () {
     # Remove build host references
     sed -i \
        -e 's,${STAGING_LIBDIR},${libdir},g' \
diff --git a/poky/meta/recipes-support/libksba/libksba_1.3.5.bb b/poky/meta/recipes-support/libksba/libksba_1.3.5.bb
index a7ea53fed..4deda1843 100644
--- a/poky/meta/recipes-support/libksba/libksba_1.3.5.bb
+++ b/poky/meta/recipes-support/libksba/libksba_1.3.5.bb
@@ -1,6 +1,8 @@
 SUMMARY = "Easy API to create and parse X.509 and CMS related objects"
 HOMEPAGE = "http://www.gnupg.org/related_software/libksba/"
-LICENSE = "GPLv2+ | LGPLv3+ | GPLv3+"
+LICENSE = "GPLv3+ & (GPLv2+ | LGPLv3+)"
+LICENSE_${PN} = "GPLv2+ | LGPLv3+"
+LICENSE_${PN}-doc = "GPLv3+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=fd541d83f75d038c4e0617b672ed8bda \
                     file://COPYING.GPLv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://COPYING.GPLv3;md5=2f31b266d3440dd7ee50f92cf67d8e6c \
diff --git a/poky/meta/recipes-support/libxslt/files/CVE-2019-18197.patch b/poky/meta/recipes-support/libxslt/files/CVE-2019-18197.patch
new file mode 100644
index 000000000..5f2b62039
--- /dev/null
+++ b/poky/meta/recipes-support/libxslt/files/CVE-2019-18197.patch
@@ -0,0 +1,33 @@
+libxslt: fix CVE-2019-18197
+
+Added after 1.1.33 release.
+
+CVE: CVE-2019-18197
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt.git]
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+commit 2232473733b7313d67de8836ea3b29eec6e8e285
+Author: Nick Wellnhofer <wellnhofer@aevum.de>
+Date:   Sat Aug 17 16:51:53 2019 +0200
+
+    Fix dangling pointer in xsltCopyText
+    
+    xsltCopyText didn't reset ctxt->lasttext in some cases which could
+    lead to various memory errors in relation with CDATA sections in input
+    documents.
+    
+    Found by OSS-Fuzz.
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 95ebd07..d7ab0b6 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
+ 	    if ((copy->content = xmlStrdup(cur->content)) == NULL)
+ 		return NULL;
+ 	}
++
++	ctxt->lasttext = NULL;
+     } else {
+         /*
+ 	 * normal processing. keep counters to extend the text node
diff --git a/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb b/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb
index abc00a09e..9f268e7bb 100644
--- a/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb
+++ b/poky/meta/recipes-support/libxslt/libxslt_1.1.33.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \
            file://0001-Fix-security-framework-bypass.patch \
            file://CVE-2019-13117.patch \
            file://CVE-2019-13118.patch \
+           file://CVE-2019-18197.patch \
 "
 
 SRC_URI[md5sum] = "b3bd254a03e46d58f8ad1e4559cd2c2f"
diff --git a/poky/meta/recipes-support/nspr/nspr/0004-Add-ARC-support.patch b/poky/meta/recipes-support/nspr/nspr/0004-Add-ARC-support.patch
deleted file mode 100644
index 9d686017d..000000000
--- a/poky/meta/recipes-support/nspr/nspr/0004-Add-ARC-support.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From 6cb5b0be8837222a1e01745f2cf57cd0e593186d Mon Sep 17 00:00:00 2001
-From: Antoine Tenart <antoine.tenart@free-electrons.com>
-Date: Mon, 23 Oct 2017 10:28:20 +0200
-Subject: [PATCH] Add ARC support
-
-[Alexey: Rebased on top of other patches like RiscV, NIOS2 etc].
-
-Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
-Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
-
-Upstream-Status: Submitted [ https://bugzilla.mozilla.org/show_bug.cgi?id=1492378 ]
----
- pr/include/md/_linux.cfg | 45 ++++++++++++++++++++++++++++++++++++++++
- pr/include/md/_linux.h   |  2 ++
- 2 files changed, 47 insertions(+)
-
-diff --git a/pr/include/md/_linux.cfg b/pr/include/md/_linux.cfg
-index fec8525378dc..5f4fa0eac783 100644
---- a/pr/include/md/_linux.cfg
-+++ b/pr/include/md/_linux.cfg
-@@ -1157,6 +1157,51 @@
- #define PR_BYTES_PER_WORD_LOG2  3
- #define PR_BYTES_PER_DWORD_LOG2 3
- 
-+#elif defined(__arc__)
-+
-+#define IS_LITTLE_ENDIAN 1
-+#undef  IS_BIG_ENDIAN
-+
-+#define PR_BYTES_PER_BYTE   1
-+#define PR_BYTES_PER_SHORT  2
-+#define PR_BYTES_PER_INT    4
-+#define PR_BYTES_PER_INT64  8
-+#define PR_BYTES_PER_LONG   4
-+#define PR_BYTES_PER_FLOAT  4
-+#define PR_BYTES_PER_DOUBLE 8
-+#define PR_BYTES_PER_WORD   4
-+#define PR_BYTES_PER_DWORD  8
-+
-+#define PR_BITS_PER_BYTE    8
-+#define PR_BITS_PER_SHORT   16
-+#define PR_BITS_PER_INT     32
-+#define PR_BITS_PER_INT64   64
-+#define PR_BITS_PER_LONG    32
-+#define PR_BITS_PER_FLOAT   32
-+#define PR_BITS_PER_DOUBLE  64
-+#define PR_BITS_PER_WORD    32
-+
-+#define PR_BITS_PER_BYTE_LOG2   3
-+#define PR_BITS_PER_SHORT_LOG2  4
-+#define PR_BITS_PER_INT_LOG2    5
-+#define PR_BITS_PER_INT64_LOG2  6
-+#define PR_BITS_PER_LONG_LOG2   5
-+#define PR_BITS_PER_FLOAT_LOG2  5
-+#define PR_BITS_PER_DOUBLE_LOG2 6
-+#define PR_BITS_PER_WORD_LOG2   5
-+
-+#define PR_ALIGN_OF_SHORT   2
-+#define PR_ALIGN_OF_INT     4
-+#define PR_ALIGN_OF_LONG    4
-+#define PR_ALIGN_OF_INT64   4
-+#define PR_ALIGN_OF_FLOAT   4
-+#define PR_ALIGN_OF_DOUBLE  4
-+#define PR_ALIGN_OF_POINTER 4
-+#define PR_ALIGN_OF_WORD    4
-+
-+#define PR_BYTES_PER_WORD_LOG2   2
-+#define PR_BYTES_PER_DWORD_LOG2  3
-+
- #else
- 
- #error "Unknown CPU architecture"
-diff --git a/pr/include/md/_linux.h b/pr/include/md/_linux.h
-index 8e04fad479a1..628b1217e9c8 100644
---- a/pr/include/md/_linux.h
-+++ b/pr/include/md/_linux.h
-@@ -63,6 +63,8 @@
- #define _PR_SI_ARCHITECTURE "riscv32"
- #elif defined(__riscv) && (__riscv_xlen == 64)
- #define _PR_SI_ARCHITECTURE "riscv64"
-+#elif defined(__arc__)
-+#define _PR_SI_ARCHITECTURE "arc"
- #else
- #error "Unknown CPU architecture"
- #endif
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-support/nspr/nspr_4.21.bb b/poky/meta/recipes-support/nspr/nspr_4.23.bb
index 25563e50f..8e2761c20 100644
--- a/poky/meta/recipes-support/nspr/nspr_4.21.bb
+++ b/poky/meta/recipes-support/nspr/nspr_4.23.bb
@@ -11,7 +11,6 @@ SRC_URI = "http://ftp.mozilla.org/pub/nspr/releases/v${PV}/src/nspr-${PV}.tar.gz
            file://remove-srcdir-from-configure-in.patch \
            file://0002-Add-nios2-support.patch \
            file://0001-md-Fix-build-with-musl.patch \
-           file://0004-Add-ARC-support.patch \
            file://Makefile.in-remove-_BUILD_STRING-and-_BUILD_TIME.patch \
            file://nspr.pc.in \
 "
@@ -24,8 +23,8 @@ CACHED_CONFIGUREVARS_append_libc-musl = " CFLAGS='${CFLAGS} -D_PR_POLL_AVAILABLE
 UPSTREAM_CHECK_URI = "http://ftp.mozilla.org/pub/nspr/releases/"
 UPSTREAM_CHECK_REGEX = "v(?P<pver>\d+(\.\d+)+)/"
 
-SRC_URI[md5sum] = "b865586f19912a50acc3755d8a45dbaa"
-SRC_URI[sha256sum] = "15ea32c7b100217b6e3193bc03e77f485d9bf7504051443ba9ce86d1c17c6b5a"
+SRC_URI[md5sum] = "90af0450423b0588f0eba6255c07ab79"
+SRC_URI[sha256sum] = "4b9d821037faf5723da901515ed9cac8b23ef1ea3729022259777393453477a4"
 
 CVE_PRODUCT = "netscape_portable_runtime"
 
diff --git a/poky/scripts/lib/devtool/deploy.py b/poky/scripts/lib/devtool/deploy.py
index d1ce2309f..6a997735f 100644
--- a/poky/scripts/lib/devtool/deploy.py
+++ b/poky/scripts/lib/devtool/deploy.py
@@ -212,6 +212,9 @@ def deploy(args, config, basepath, workspace):
             scp_port = "-P %s" % args.port
             ssh_port = "-p %s" % args.port
 
+        if args.key:
+            extraoptions += ' -i %s' % args.key
+
         # In order to delete previously deployed files and have the manifest file on
         # the target, we write out a shell script and then copy it to the target
         # so we can then run it (piping tar output to it).
@@ -326,6 +329,8 @@ def register_commands(subparsers, context):
     parser_deploy.add_argument('--no-check-space', help='Do not check for available space before deploying', action='store_true')
     parser_deploy.add_argument('-e', '--ssh-exec', help='Executable to use in place of ssh')
     parser_deploy.add_argument('-P', '--port', help='Specify port to use for connection to the target')
+    parser_deploy.add_argument('-I', '--key',
+                               help='Specifiy ssh private key for connection to the target')
 
     strip_opts = parser_deploy.add_mutually_exclusive_group(required=False)
     strip_opts.add_argument('-S', '--strip',
@@ -349,4 +354,7 @@ def register_commands(subparsers, context):
     parser_undeploy.add_argument('-n', '--dry-run', help='List files to be undeployed only', action='store_true')
     parser_undeploy.add_argument('-e', '--ssh-exec', help='Executable to use in place of ssh')
     parser_undeploy.add_argument('-P', '--port', help='Specify port to use for connection to the target')
+    parser_undeploy.add_argument('-I', '--key',
+                               help='Specifiy ssh private key for connection to the target')
+
     parser_undeploy.set_defaults(func=undeploy)
diff --git a/poky/scripts/lib/devtool/standard.py b/poky/scripts/lib/devtool/standard.py
index 1646971a9..8d9c1a302 100644
--- a/poky/scripts/lib/devtool/standard.py
+++ b/poky/scripts/lib/devtool/standard.py
@@ -1852,7 +1852,7 @@ def status(args, config, basepath, workspace):
     return 0
 
 
-def _reset(recipes, no_clean, config, basepath, workspace):
+def _reset(recipes, no_clean, remove_work, config, basepath, workspace):
     """Reset one or more recipes"""
     import oe.path
 
@@ -1930,10 +1930,15 @@ def _reset(recipes, no_clean, config, basepath, workspace):
         srctreebase = workspace[pn]['srctreebase']
         if os.path.isdir(srctreebase):
             if os.listdir(srctreebase):
-                # We don't want to risk wiping out any work in progress
-                logger.info('Leaving source tree %s as-is; if you no '
-                            'longer need it then please delete it manually'
-                            % srctreebase)
+                    if remove_work:
+                        logger.info('-r argument used on %s, removing source tree.'
+                                    ' You will lose any unsaved work' %pn)
+                        shutil.rmtree(srctreebase)
+                    else:
+                        # We don't want to risk wiping out any work in progress
+                        logger.info('Leaving source tree %s as-is; if you no '
+                                    'longer need it then please delete it manually'
+                                    % srctreebase)
             else:
                 # This is unlikely, but if it's empty we can just remove it
                 os.rmdir(srctreebase)
@@ -1943,6 +1948,10 @@ def _reset(recipes, no_clean, config, basepath, workspace):
 def reset(args, config, basepath, workspace):
     """Entry point for the devtool 'reset' subcommand"""
     import bb
+    import shutil
+
+    recipes = ""
+
     if args.recipename:
         if args.all:
             raise DevtoolError("Recipe cannot be specified if -a/--all is used")
@@ -1957,7 +1966,7 @@ def reset(args, config, basepath, workspace):
     else:
         recipes = args.recipename
 
-    _reset(recipes, args.no_clean, config, basepath, workspace)
+    _reset(recipes, args.no_clean, args.remove_work, config, basepath, workspace)
 
     return 0
 
@@ -2009,6 +2018,7 @@ def finish(args, config, basepath, workspace):
             raise DevtoolError('Source tree is not clean:\n\n%s\nEnsure you have committed your changes or use -f/--force if you are sure there\'s nothing that needs to be committed' % dirty)
 
     no_clean = args.no_clean
+    remove_work=args.remove_work
     tinfoil = setup_tinfoil(basepath=basepath, tracking=True)
     try:
         rd = parse_recipe(config, tinfoil, args.recipename, True, False)
@@ -2160,7 +2170,7 @@ def finish(args, config, basepath, workspace):
     if args.dry_run:
         logger.info('Resetting recipe (dry-run)')
     else:
-        _reset([args.recipename], no_clean=no_clean, config=config, basepath=basepath, workspace=workspace)
+        _reset([args.recipename], no_clean=no_clean, remove_work=remove_work, config=config, basepath=basepath, workspace=workspace)
 
     return 0
 
@@ -2272,6 +2282,7 @@ def register_commands(subparsers, context):
     parser_reset.add_argument('recipename', nargs='*', help='Recipe to reset')
     parser_reset.add_argument('--all', '-a', action="store_true", help='Reset all recipes (clear workspace)')
     parser_reset.add_argument('--no-clean', '-n', action="store_true", help='Don\'t clean the sysroot to remove recipe output')
+    parser_reset.add_argument('--remove-work', '-r', action="store_true", help='Clean the sources directory along with append')
     parser_reset.set_defaults(func=reset)
 
     parser_finish = subparsers.add_parser('finish', help='Finish working on a recipe in your workspace',
@@ -2282,6 +2293,7 @@ def register_commands(subparsers, context):
     parser_finish.add_argument('--mode', '-m', choices=['patch', 'srcrev', 'auto'], default='auto', help='Update mode (where %(metavar)s is %(choices)s; default is %(default)s)', metavar='MODE')
     parser_finish.add_argument('--initial-rev', help='Override starting revision for patches')
     parser_finish.add_argument('--force', '-f', action="store_true", help='Force continuing even if there are uncommitted changes in the source tree repository')
+    parser_finish.add_argument('--remove-work', '-r', action="store_true", help='Clean the sources directory under workspace')
     parser_finish.add_argument('--no-clean', '-n', action="store_true", help='Don\'t clean the sysroot to remove recipe output')
     parser_finish.add_argument('--no-overrides', '-O', action="store_true", help='Do not handle other override branches (if they exist)')
     parser_finish.add_argument('--dry-run', '-N', action="store_true", help='Dry-run (just report changes instead of writing them)')
diff --git a/poky/scripts/lib/wic/engine.py b/poky/scripts/lib/wic/engine.py
index 61939ad19..18776fa8a 100644
--- a/poky/scripts/lib/wic/engine.py
+++ b/poky/scripts/lib/wic/engine.py
@@ -541,7 +541,7 @@ def wic_write(args, native_sysroot):
     """
     Write image to a target device.
     """
-    disk = Disk(args.image, native_sysroot, ('fat', 'ext', 'swap'))
+    disk = Disk(args.image, native_sysroot, ('fat', 'ext', 'linux-swap'))
     disk.write(args.target, args.expand)
 
 def find_canned(scripts_path, file_name):
diff --git a/poky/scripts/lib/wic/help.py b/poky/scripts/lib/wic/help.py
index 3a40fc0ea..af7d0576e 100644
--- a/poky/scripts/lib/wic/help.py
+++ b/poky/scripts/lib/wic/help.py
@@ -478,7 +478,7 @@ NAME
 SYNOPSIS
     wic write <image> <target>
     wic write <image> <target> --expand auto
-    wic write <image> <target> --expand 1:100M-2:300M
+    wic write <image> <target> --expand 1:100M,2:300M
     wic write <image> <target> --native-sysroot <path>
 
 DESCRIPTION
@@ -489,7 +489,7 @@ DESCRIPTION
     The --expand option is used to resize image partitions.
     --expand auto expands partitions to occupy all free space available on the target device.
     It's also possible to specify expansion rules in a format
-    <partition>:<size>[-<partition>:<size>...] for one or more partitions.
+    <partition>:<size>[,<partition>:<size>...] for one or more partitions.
     Specifying size 0 will keep partition unmodified.
     Note: Resizing boot partition can result in non-bootable image for non-EFI images. It is
     recommended to use size 0 for boot partition to keep image bootable.
diff --git a/poky/scripts/lib/wic/plugins/source/rawcopy.py b/poky/scripts/lib/wic/plugins/source/rawcopy.py
index df86d6729..82970ce51 100644
--- a/poky/scripts/lib/wic/plugins/source/rawcopy.py
+++ b/poky/scripts/lib/wic/plugins/source/rawcopy.py
@@ -59,6 +59,9 @@ class RawCopyPlugin(SourcePlugin):
         src = os.path.join(kernel_dir, source_params['file'])
         dst = os.path.join(cr_workdir, "%s.%s" % (source_params['file'], part.lineno))
 
+        if not os.path.exists(os.path.dirname(dst)):
+            os.makedirs(os.path.dirname(dst))
+
         if 'skip' in source_params:
             sparse_copy(src, dst, skip=int(source_params['skip']))
         else:
diff --git a/poky/scripts/oe-pkgdata-util b/poky/scripts/oe-pkgdata-util
index 9cc78d110..93220e361 100755
--- a/poky/scripts/oe-pkgdata-util
+++ b/poky/scripts/oe-pkgdata-util
@@ -389,21 +389,16 @@ def list_pkgs(args):
                     return False
         return True
 
+    pkglist = []
     if args.recipe:
         packages = get_recipe_pkgs(args.pkgdata_dir, args.recipe, args.unpackaged)
 
         if args.runtime:
-            pkglist = []
             runtime_pkgs = lookup_pkglist(packages, args.pkgdata_dir, False)
             for rtpkgs in runtime_pkgs.values():
                 pkglist.extend(rtpkgs)
         else:
             pkglist = packages
-
-        for pkg in pkglist:
-            if matchpkg(pkg):
-                found = True
-                print("%s" % pkg)
     else:
         if args.runtime:
             searchdir = 'runtime-reverse'
@@ -414,9 +409,13 @@ def list_pkgs(args):
             for fn in files:
                 if fn.endswith('.packaged'):
                     continue
-                if matchpkg(fn):
-                    found = True
-                    print("%s" % fn)
+                pkglist.append(fn)
+
+    for pkg in sorted(pkglist):
+        if matchpkg(pkg):
+            found = True
+            print("%s" % pkg)
+
     if not found:
         if args.pkgspec:
             logger.error("Unable to find any package matching %s" % args.pkgspec)