initial commit for Enea Linux 5.0 arm

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
author: Tudor Florea <tudor.florea@enea.com> 2015-10-09 22:59:03 +0200
committer: Tudor Florea <tudor.florea@enea.com> 2015-10-09 22:59:03 +0200
commit: 972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch)
tree: 97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-connectivity
download: poky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz
221 files changed, 18102 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb b/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb
new file mode 100644
index 0000000000..eea4d70fab
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb
@@ -0,0 +1,72 @@
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
+                    file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
+                    file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
+                    file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
+                    file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
+require avahi.inc
+inherit python-dir pythonnative
+PACKAGECONFIG ??= "python"
+PACKAGECONFIG[python] = "--enable-python,--disable-python,python-native python"
+PR = "${INC_PR}.0"
+SRC_URI[md5sum] = "2f22745b8f7368ad5a0a3fddac343f2d"
+SRC_URI[sha256sum] = "8372719b24e2dd75de6f59bb1315e600db4fd092805bd1201ed0cb651a2dab48"
+DEPENDS += "avahi gtk+ libglade"
+AVAHI_GTK = "--enable-gtk --disable-gtk3"
+S = "${WORKDIR}/avahi-${PV}"
+PACKAGES = "${PN} ${PN}-utils ${PN}-dbg ${PN}-dev ${PN}-staticdev ${PN}-doc python-avahi avahi-discover avahi-discover-standalone"
+FILES_${PN} = "${libdir}/libavahi-ui*.so.*"
+FILES_${PN}-dbg += "${libdir}/.debug/libavah-ui*"
+FILES_${PN}-dev += "${libdir}/libavahi-ui${SOLIBSDEV}"
+FILES_${PN}-staticdev += "${libdir}/libavahi-ui.a"
+FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*"
+FILES_python-avahi = "${PYTHON_SITEPACKAGES_DIR}/avahi ${PYTHON_SITEPACKAGES_DIR}/avahi_discover"
+FILES_avahi-discover = "${bindir}/avahi-discover \
+                        ${datadir}/applications/avahi-discover.desktop \
+                        ${datadir}/avahi/interfaces/avahi-discover*"
+FILES_avahi-discover-standalone = "${bindir}/avahi-discover-standalone \
+                                   ${datadir}/avahi/interfaces/avahi-discover.glade"
+RDEPENDS_avahi-discover = "python-avahi python-pygtk"
+RDEPENDS_python-avahi = "python-core python-dbus"
+do_install_append () {
+        rm ${D}${sysconfdir} -rf
+        rm ${D}${base_libdir} -rf
+        rm ${D}${systemd_unitdir} -rf
+        # The ${systemd_unitdir} is /lib/systemd, so we need rmdir /lib,
+        # but not ${base_libdir} here. And the /lib may not exist
+        # whithout systemd.
+        [ ! -d ${D}/lib ] || rmdir ${D}/lib --ignore-fail-on-non-empty
+        rm ${D}${bindir}/avahi-b*
+        rm ${D}${bindir}/avahi-p*
+        rm ${D}${bindir}/avahi-r*
+        rm ${D}${bindir}/avahi-s*
+        rm ${D}${includedir}/avahi-c* -rf
+        rm ${D}${includedir}/avahi-g* -rf
+        rm ${D}${libdir}/libavahi-c*
+        rm ${D}${libdir}/libavahi-g*
+        rm ${D}${libdir}/pkgconfig/avahi-c*
+        rm ${D}${libdir}/pkgconfig/avahi-g*
+        rm ${D}${sbindir} -rf
+        rm ${D}${datadir}/avahi/a*
+        rm ${D}${datadir}/avahi/s*
+        rm ${D}${datadir}/locale/ -rf
+        rm ${D}${datadir}/dbus* -rf
+        rm ${D}${mandir}/man1/a*
+        rm ${D}${mandir}/man5 -rf
+        rm ${D}${mandir}/man8 -rf
+}
diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc
new file mode 100644
index 0000000000..b060437c12
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/avahi.inc
@@ -0,0 +1,158 @@
+SUMMARY = "Avahi IPv4LL network address configuration daemon"
+DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \
+allows programs to publish and discover services and hosts running on a local network \
+with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \
+IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \
+configuration from the link-local 169.254.0.0/16 range without the need for a central \
+server.'
+AUTHOR = "Lennart Poettering <lennart@poettering.net>"
+HOMEPAGE = "http://avahi.org"
+BUGTRACKER = "http://avahi.org/report"
+SECTION = "network"
+# major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and
+# python scripts are under GPLv2+
+LICENSE = "GPLv2+ & LGPLv2.1+"
+INC_PR = "r11"
+DEPENDS = "expat libcap libdaemon dbus glib-2.0"
+SRC_URI = "http://avahi.org/download/avahi-${PV}.tar.gz \
+          file://00avahi-autoipd \
+          file://99avahi-autoipd \
+          file://initscript.patch \
+          file://avahi_fix_install_issue.patch \
+          file://fix_for_automake_1.12.x.patch \
+          file://out-of-tree.patch \
+          file://0001-avahi-fix-avahi-status-command-error-prompt.patch \
+          file://reuseport-check.patch \
+          "
+USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
+USERADD_PARAM_avahi-daemon = "--system --home /var/run/avahi-daemon \
+                              --no-create-home --shell /bin/false \
+                              --user-group avahi"
+USERADD_PARAM_avahi-autoipd = "--system --home /var/run/avahi-autoipd \
+                              --no-create-home --shell /bin/false \
+                              --user-group \
+                              -c \"Avahi autoip daemon\" \
+                              avahi-autoipd"
+inherit autotools pkgconfig update-rc.d gettext useradd
+EXTRA_OECONF = "--disable-introspection \
+             --with-avahi-priv-access-group=adm \
+             --disable-stack-protector \
+             --disable-gdbm \
+             --disable-mono \
+             --disable-monodoc \
+             --disable-qt3 \
+             --disable-qt4 \
+             --disable-python \
+             --disable-doxygen-doc \
+             ${EXTRA_OECONF_SYSVINIT} \
+             ${EXTRA_OECONF_SYSTEMD} \
+             ${AVAHI_GTK} \
+           "
+# The distro choice determines what init scripts are installed
+EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}"
+EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}"
+AVAHI_GTK ?= "--disable-gtk --disable-gtk3"
+LDFLAGS_append_libc-uclibc = " -lintl"
+LDFLAGS_append_uclinux-uclibc = " -lintl"
+do_configure_prepend() {
+    sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac
+}
+PACKAGES =+ "avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib libavahi-ui avahi-autoipd avahi-utils"
+# As avahi doesn't put any files into PN, clear the files list to avoid problems
+# if extra libraries appear.
+FILES_avahi = ""
+FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \
+                       ${sysconfdir}/avahi/avahi-autoipd.action \
+                       ${sysconfdir}/dhcp/*/avahi-autoipd \
+                       ${sysconfdir}/udhcpc.d/00avahi-autoipd \
+                       ${sysconfdir}/udhcpc.d/99avahi-autoipd"
+FILES_libavahi-common = "${libdir}/libavahi-common.so.*"
+FILES_libavahi-core = "${libdir}/libavahi-core.so.*"
+FILES_avahi-daemon = "${sbindir}/avahi-daemon \
+                      ${sysconfdir}/avahi/avahi-daemon.conf \
+                      ${sysconfdir}/avahi/hosts \
+                      ${sysconfdir}/avahi/services \
+                      ${sysconfdir}/dbus-1 \
+                      ${sysconfdir}/init.d/avahi-daemon \
+                      ${datadir}/avahi/introspection/*.introspect \
+                      ${datadir}/avahi/avahi-service.dtd \
+                      ${datadir}/avahi/service-types \
+                      ${datadir}/dbus-1/system-services"
+FILES_libavahi-client = "${libdir}/libavahi-client.so.*"
+FILES_libavahi-ui = "${libdir}/libavahi-ui.so.*"
+FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \
+                        ${sysconfdir}/avahi/avahi-dnsconfd.action \
+                        ${sysconfdir}/init.d/avahi-dnsconfd"
+FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*"
+FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.*"
+FILES_avahi-utils = "${bindir}/avahi-*"
+RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})"
+# uclibc has no nss
+RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns"
+RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns"
+RRECOMMENDS_avahi-dev = "expat-dev libcap-dev libdaemon-dev dbus-dev glib-2.0-dev update-rc.d-dev"
+RRECOMMENDS_avahi-dev_append_libc-glibc = " gettext-dev"
+RRECOMMENDS_avahi-dev[nodeprrecs] = "1"
+CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf"
+INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd"
+INITSCRIPT_NAME_avahi-daemon = "avahi-daemon"
+INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19"
+INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd"
+INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19"
+do_install() {
+        autotools_do_install
+        # don't install /var/run when populating rootfs. Do it through volatile
+        # /var/run of current version is empty, so just remove it.
+        # if /var/run become non-empty in the future, need to install it via volatile
+        rm -rf ${D}${localstatedir}/run
+        rmdir --ignore-fail-on-non-empty ${D}${localstatedir}
+        rm -rf ${D}${datadir}/dbus-1/interfaces
+        rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
+        rm -rf ${D}${libdir}/avahi
+        install -d ${D}${sysconfdir}/udhcpc.d
+        install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d
+        install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d
+}
+# At the time the postinst runs, dbus might not be setup so only restart if running 
+# Don't exit early, because update-rc.d needs to run subsequently.
+pkg_postinst_avahi-daemon () {
+if [ -z "$D" ]; then
+        killall -q -HUP dbus-daemon || true
+fi
+}
+pkg_postrm_avahi-daemon () {
+        deluser avahi || true
+        delgroup avahi || true
+}
+pkg_postrm_avahi-autoipd () {
+        deluser avahi-autoipd || true
+        delgroup avahi-autoipd || true
+}
diff --git a/meta/recipes-connectivity/avahi/avahi_0.6.31.bb b/meta/recipes-connectivity/avahi/avahi_0.6.31.bb
new file mode 100644
index 0000000000..5d796a202b
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/avahi_0.6.31.bb
@@ -0,0 +1,22 @@
+require avahi.inc
+inherit systemd
+SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd"
+SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service"
+SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
+                    file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
+                    file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
+                    file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
+                    file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
+PR = "${INC_PR}.1"
+SRC_URI[md5sum] = "2f22745b8f7368ad5a0a3fddac343f2d"
+SRC_URI[sha256sum] = "8372719b24e2dd75de6f59bb1315e600db4fd092805bd1201ed0cb651a2dab48"
+DEPENDS += "intltool-native"
+PACKAGES =+ "libavahi-gobject"
diff --git a/meta/recipes-connectivity/avahi/files/0001-avahi-fix-avahi-status-command-error-prompt.patch b/meta/recipes-connectivity/avahi/files/0001-avahi-fix-avahi-status-command-error-prompt.patch
new file mode 100644
index 0000000000..7590df79f0
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/0001-avahi-fix-avahi-status-command-error-prompt.patch
@@ -0,0 +1,52 @@
+From f774ac25f436a782ccccc4dbe68378a684596799 Mon Sep 17 00:00:00 2001
+From: Lu Chong <Chong.Lu@windriver.com>
+Date: Thu, 7 Nov 2013 14:36:28 +0800
+Subject: [PATCH] avahi: fix avahi status command error prompt
+service --status-all command will display wrong status for avahi-daemon.
+This commit fix this error prompt and make service display right status
+for avahi-daemon.
+Upstream-Status: Pending
+Signed-off-by: Lu Chong <Chong.Lu@windriver.com>
+---
+ initscript/debian/avahi-daemon.in |   14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+diff --git a/initscript/debian/avahi-daemon.in b/initscript/debian/avahi-daemon.in
+index 4793b46..49ec358 100755
+--- a/initscript/debian/avahi-daemon.in
+++ b/initscript/debian/avahi-daemon.in
+@@ -153,7 +153,15 @@ d_reload() {
+ #       Function that check the status of the daemon/service.
+ #
+ d_status() {
+-    $DAEMON -c && echo "$DESC is running" || echo "$DESC is not running"
+    $DAEMON -c
+    status=$?
+    if [ $status = 0 ]; then
+        echo "$DESC is running"
+        return 0
+    else
+        echo "$DESC is not running"
+        return 3
+    fi
+ }
+ 
+ case "$1" in
+@@ -182,9 +190,9 @@ case "$1" in
+         d_status
+        ;;
+     *)
+-        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|reload}" >&2
+        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|reload|status}" >&2
+         exit 1
+         ;;
+ esac
+ 
+-exit 0
+exit $?
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/avahi/files/00avahi-autoipd b/meta/recipes-connectivity/avahi/files/00avahi-autoipd
new file mode 100644
index 0000000000..a0ab814603
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/00avahi-autoipd
@@ -0,0 +1,10 @@
+#!/bin/sh
+[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1
+case "$1" in
+        deconfig|renew|bound)
+                /usr/sbin/avahi-autoipd -k $interface 2> /dev/null
+                ;;
+esac
diff --git a/meta/recipes-connectivity/avahi/files/99avahi-autoipd b/meta/recipes-connectivity/avahi/files/99avahi-autoipd
new file mode 100644
index 0000000000..234cdaa3eb
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/99avahi-autoipd
@@ -0,0 +1,10 @@
+#!/bin/sh
+[ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1
+case "$1" in
+        leasefail)
+                /usr/sbin/avahi-autoipd -wD $interface 2> /dev/null
+                ;;
+esac
diff --git a/meta/recipes-connectivity/avahi/files/avahi_fix_install_issue.patch b/meta/recipes-connectivity/avahi/files/avahi_fix_install_issue.patch
new file mode 100644
index 0000000000..32f20ece43
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/avahi_fix_install_issue.patch
@@ -0,0 +1,32 @@
+Upstream-Status: Pending
+Fixes this install issue
+#| /bin/sh: line 0: cd: /srv/home/nitin/builds/build-gcc47/tmp/work/i586-poky-linux/avahi-0.6.31-r3.0/image//usr/bin: No such file or directory
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com>
+2012/05/03
+Index: avahi-0.6.31/avahi-utils/Makefile.am
+===================================================================
+--- avahi-0.6.31.orig/avahi-utils/Makefile.am
+++ avahi-0.6.31/avahi-utils/Makefile.am
+@@ -54,6 +54,7 @@ avahi_set_host_name_CFLAGS = $(AM_CFLAGS
+ avahi_set_host_name_LDADD = $(AM_LDADD) ../avahi-client/libavahi-client.la ../avahi-common/libavahi-common.la
+ 
+ install-exec-local:
+       $(MKDIR_P) $(DESTDIR)/$(bindir) && \
+        cd $(DESTDIR)/$(bindir) && \
+                rm -f avahi-resolve-host-name avahi-resolve-address avahi-browse-domains avahi-publish-address avahi-publish-service && \
+                $(LN_S) avahi-resolve avahi-resolve-host-name && \
+Index: avahi-0.6.31/avahi-utils/Makefile.in
+===================================================================
+--- avahi-0.6.31.orig/avahi-utils/Makefile.in
+++ avahi-0.6.31/avahi-utils/Makefile.in
+@@ -906,6 +906,7 @@ uninstall-am: uninstall-binPROGRAMS
+ 
+ 
+ @HAVE_DBUS_TRUE@install-exec-local:
+@HAVE_DBUS_TRUE@       $(MKDIR_P) $(DESTDIR)/$(bindir) && \
+ @HAVE_DBUS_TRUE@       cd $(DESTDIR)/$(bindir) && \
+ @HAVE_DBUS_TRUE@               rm -f avahi-resolve-host-name avahi-resolve-address avahi-browse-domains avahi-publish-address avahi-publish-service && \
+ @HAVE_DBUS_TRUE@               $(LN_S) avahi-resolve avahi-resolve-host-name && \
diff --git a/meta/recipes-connectivity/avahi/files/fix_for_automake_1.12.x.patch b/meta/recipes-connectivity/avahi/files/fix_for_automake_1.12.x.patch
new file mode 100644
index 0000000000..0fc4c290c4
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/fix_for_automake_1.12.x.patch
@@ -0,0 +1,34 @@
+Upstream-Status: Pending
+autoamke 1.12.x has depricated use of mkdir_p , and recommends use of MKDIR_P
+instead. Fixed the automake files accordingly to avoid warning-errors.
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com>
+2012/07/09
+Index: avahi-0.6.31/avahi-daemon/Makefile.am
+===================================================================
+--- avahi-0.6.31.orig/avahi-daemon/Makefile.am
+++ avahi-0.6.31/avahi-daemon/Makefile.am
+@@ -169,7 +169,7 @@ xmllint:
+        done
+ 
+ install-data-local:
+-       test -z "$(localstatedir)/run" || $(mkdir_p) "$(DESTDIR)$(localstatedir)/run"
+       test -z "$(localstatedir)/run" || $(MKDIR_P) "$(DESTDIR)$(localstatedir)/run"
+ 
+ update-systemd:
+        curl http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c > sd-daemon.c
+Index: avahi-0.6.31/avahi-autoipd/Makefile.am
+===================================================================
+--- avahi-0.6.31.orig/avahi-autoipd/Makefile.am
+++ avahi-0.6.31/avahi-autoipd/Makefile.am
+@@ -76,7 +76,7 @@ dhcliententerdir = $(sysconfdir)/dhcp/dh
+ dhclientexitdir = $(sysconfdir)/dhcp/dhclient-exit-hooks.d
+ 
+ install-exec-hook: dhclient-exit-hook dhclient-enter-hook
+-       $(mkdir_p) $(DESTDIR)$(dhcliententerdir) $(DESTDIR)$(dhclientexitdir)
+       $(MKDIR_P) $(DESTDIR)$(dhcliententerdir) $(DESTDIR)$(dhclientexitdir)
+        $(INSTALL) dhclient-enter-hook $(DESTDIR)$(dhcliententerdir)/avahi-autoipd
+        $(INSTALL) dhclient-exit-hook $(DESTDIR)$(dhclientexitdir)/avahi-autoipd
+ 
diff --git a/meta/recipes-connectivity/avahi/files/initscript.patch b/meta/recipes-connectivity/avahi/files/initscript.patch
new file mode 100644
index 0000000000..193889eb5c
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/initscript.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Pending
+diff --git a/initscript/debian/avahi-daemon.in b/initscript/debian/avahi-daemon.in
+index 30a2c2f..b5848a8 100755
+--- a/initscript/debian/avahi-daemon.in
+++ b/initscript/debian/avahi-daemon.in
+@@ -1,2 +1,14 @@
+ #!/bin/sh
+-
+### BEGIN INIT INFO
+# Provides:          avahi
+# Required-Start:    $remote_fs dbus
+# Required-Stop:     $remote_fs dbus
+# Should-Start:             $syslog
+# Should-Stop:       $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Avahi mDNS/DNS-SD Daemon
+# Description:       Zeroconf daemon for configuring your network 
+#                    automatically
+### END INIT INFO
+#
+diff --git a/initscript/debian/avahi-dnsconfd.in b/initscript/debian/avahi-dnsconfd.in
+index ac34804..f95c340 100755
+--- a/initscript/debian/avahi-dnsconfd.in
+++ b/initscript/debian/avahi-dnsconfd.in
+@@ -1,1 +1,14 @@
+ #!/bin/sh
+### BEGIN INIT INFO
+# Provides:          avahi-dnsconfd
+# Required-Start:    $remote_fs avahi
+# Required-Stop:     $remote_fs avahi
+# Should-Start:             $syslog
+# Should-Stop:       $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Avahi mDNS/DNS-SD DNS configuration
+# Description:       Zeroconf daemon for configuring your network 
+#                    automatically
+### END INIT INFO
+#
diff --git a/meta/recipes-connectivity/avahi/files/out-of-tree.patch b/meta/recipes-connectivity/avahi/files/out-of-tree.patch
new file mode 100644
index 0000000000..43476cde05
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/out-of-tree.patch
@@ -0,0 +1,32 @@
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+From a62dc95d75691ea4aefa86d8bbe54c62afd78ff6 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 17 Sep 2013 12:27:36 +0100
+Subject: [PATCH] build-sys: fix out-of-tree builds without xmltoman
+If manpages are enabled but xmltoman isn't present, out-of-tree builds fail
+because it checks inside the build directory for the pre-generated manpages.
+Fix this by using $srcdir when looking for files inside the source directory.
+---
+ configure.ac |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/configure.ac b/configure.ac
+index 9debce2..047c7ae 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -1021,7 +1021,7 @@ if test x$manpages = xyes ; then
+     fi
+ 
+     if test x$have_xmltoman = xno -o x$xmltoman = xno; then
+-        if ! test -e man/avahi-daemon.8 ; then
+        if ! test -e $srcdir/man/avahi-daemon.8 ; then
+             AC_MSG_ERROR([*** xmltoman was not found or was disabled, it is required to build the manpages as they have not been pre-built, install xmltoman, pass --disable-manpages or dont pass --disable-xmltoman])
+             exit 1
+         fi
+-- 
+1.7.10.4
diff --git a/meta/recipes-connectivity/avahi/files/reuseport-check.patch b/meta/recipes-connectivity/avahi/files/reuseport-check.patch
new file mode 100644
index 0000000000..bb81c2cb4e
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/reuseport-check.patch
@@ -0,0 +1,30 @@
+Fix avahi-daemon when running on kernel < 3.9 (patch taken from Ubuntu).
+Upstream-Status: Pending (unmaintained upstream)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+Description: SO_REUSEPORT may not exist in running kernel
+ When userspace defines SO_REUSEPORT we will attempt to enable socket
+ port number reuse.  However if the running kernel does not support
+ this call it will fail preventing daemon startup.  If this call is
+ present but fails ENOPROTOOPT then we know that actually the kernel
+ does not support it and we should continue as if we did not have the
+ call at all.  (LP: #1228204)
+ .
+ This patch could be removed from the debian package after jessie release.
+Author: Andy Whitcroft <apw@canonical.com>
+Index: avahi-0.6.31/avahi-core/socket.c
+===================================================================
+--- avahi-0.6.31.orig/avahi-core/socket.c       2013-09-20 16:36:50.000000000 +0100
+++ avahi-0.6.31/avahi-core/socket.c    2013-09-20 16:38:23.781863644 +0100
+@@ -177,7 +177,8 @@
+     yes = 1;
+     if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &yes, sizeof(yes)) < 0) {
+         avahi_log_warn("SO_REUSEPORT failed: %s", strerror(errno));
+-        return -1;
+        if (errno != ENOPROTOOPT)
+            return -1;
+     }
+ #endif
+ 
diff --git a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
new file mode 100644
index 0000000000..0abb475adc
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
@@ -0,0 +1,119 @@
+bind_Fix_for_CVE-2012-5166
+Upstream-Status: Backport
+Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg
+-1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz
+ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before
+9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows
+remote attackers to cause a denial of service (named daemon hang)
+via unspecified combinations of resource records.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+diff -urpN a/bin/named/query.c b/bin/named/query.c
+--- a/bin/named/query.c 2012-10-22 13:24:27.000000000 +0800
+++ b/bin/named/query.c 2012-10-22 13:17:04.000000000 +0800
+@@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d
+                mname = NULL;
+        }
+ 
+-       /*
+-        * If the dns_name_t we're looking up is already in the message,
+-        * we don't want to trigger the caller's name replacement logic.
+-        */
+-       if (name == mname)
+-               mname = NULL;
+-
+        *mnamep = mname;
+ 
+        CTRACE("query_isduplicate: false: done");
+@@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_
+        if (dns_rdataset_isassociated(rdataset) &&
+            !query_isduplicate(client, fname, type, &mname)) {
+                if (mname != NULL) {
+                       INSIST(mname != fname);
+                        query_releasename(client, &fname);
+                        fname = mname;
+                } else
+@@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_
+                        mname = NULL;
+                        if (!query_isduplicate(client, fname,
+                                               dns_rdatatype_a, &mname)) {
+-                               if (mname != NULL) {
+-                                       query_releasename(client, &fname);
+-                                       fname = mname;
+-                               } else
+-                                       need_addname = ISC_TRUE;
+                               if (mname != fname) {
+                                       if (mname != NULL) {
+                                               query_releasename(client, &fname);
+                                               fname = mname;
+                                       } else
+                                               need_addname = ISC_TRUE;
+                               }
+                                ISC_LIST_APPEND(fname->list, rdataset, link);
+                                added_something = ISC_TRUE;
+                                if (sigrdataset != NULL &&
+@@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_
+                        mname = NULL;
+                        if (!query_isduplicate(client, fname,
+                                               dns_rdatatype_aaaa, &mname)) {
+-                               if (mname != NULL) {
+-                                       query_releasename(client, &fname);
+-                                       fname = mname;
+-                               } else
+-                                       need_addname = ISC_TRUE;
+                               if (mname != fname) {
+                                       if (mname != NULL) {
+                                               query_releasename(client, &fname);
+                                               fname = mname;
+                                       } else
+                                               need_addname = ISC_TRUE;
+                               }
+                                ISC_LIST_APPEND(fname->list, rdataset, link);
+                                added_something = ISC_TRUE;
+                                if (sigrdataset != NULL &&
+@@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name
+                    crdataset->type == dns_rdatatype_aaaa) {
+                        if (!query_isduplicate(client, fname, crdataset->type,
+                                               &mname)) {
+-                               if (mname != NULL) {
+-                                       /*
+-                                        * A different type of this name is
+-                                        * already stored in the additional
+-                                        * section.  We'll reuse the name.
+-                                        * Note that this should happen at most
+-                                        * once.  Otherwise, fname->link could
+-                                        * leak below.
+-                                        */
+-                                       INSIST(mname0 == NULL);
+-
+-                                       query_releasename(client, &fname);
+-                                       fname = mname;
+-                                       mname0 = mname;
+-                               } else
+-                                       need_addname = ISC_TRUE;
+                               if (mname != fname) {
+                                       if (mname != NULL) {
+                                               /*
+                                                * A different type of this name is
+                                                * already stored in the additional
+                                                * section.  We'll reuse the name.
+                                                * Note that this should happen at most
+                                                * once.  Otherwise, fname->link could
+                                                * leak below.
+                                                */
+                                               INSIST(mname0 == NULL);
+
+                                               query_releasename(client, &fname);
+                                               fname = mname;
+                                               mname0 = mname;
+                                       } else
+                                               need_addname = ISC_TRUE;
+                               }
+                                ISC_LIST_UNLINK(cfname.list, crdataset, link);
+                                ISC_LIST_APPEND(fname->list, crdataset, link);
+                                added_something = ISC_TRUE;
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
new file mode 100644
index 0000000000..19d8df1c2d
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
@@ -0,0 +1,89 @@
+The patch to fix CVE-2011-4313
+Upstream-Status: Backport
+Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
+query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
+through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
+through 9.9.0b1 allows remote attackers to cause a denial of service
+(assertion failure and named exit) via unknown vectors related to recursive DNS
+queries, error logging, and the caching of an invalid record by the resolver.
+Signed-off-by Ming Liu <ming.liu@windriver.com>
+---
+ bin/named/query.c |   19 ++++++++-----------
+ lib/dns/rbtdb.c   |    4 ++--
+ 2 files changed, 10 insertions(+), 13 deletions(-)
+--- a/bin/named/query.c
+++ b/bin/named/query.c
+@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
+                        goto addname;
+                if (result == DNS_R_NCACHENXRRSET) {
+                        dns_rdataset_disassociate(rdataset);
+-                       /*
+-                        * Negative cache entries don't have sigrdatasets.
+-                        */
+-                       INSIST(sigrdataset == NULL ||
+-                              ! dns_rdataset_isassociated(sigrdataset));
+                       if (sigrdataset != NULL &&
+                           dns_rdataset_isassociated(sigrdataset))
+                               dns_rdataset_disassociate(sigrdataset);
+                }
+                if (result == ISC_R_SUCCESS) {
+                        mname = NULL;
+@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
+                        goto addname;
+                if (result == DNS_R_NCACHENXRRSET) {
+                        dns_rdataset_disassociate(rdataset);
+-                       INSIST(sigrdataset == NULL ||
+-                              ! dns_rdataset_isassociated(sigrdataset));
+                       if (sigrdataset != NULL &&
+                           dns_rdataset_isassociated(sigrdataset))
+                               dns_rdataset_disassociate(sigrdataset);
+                }
+                if (result == ISC_R_SUCCESS) {
+                        mname = NULL;
+@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
+                goto setcache;
+        if (result == DNS_R_NCACHENXRRSET) {
+                dns_rdataset_disassociate(rdataset);
+-               /*
+-                * Negative cache entries don't have sigrdatasets.
+-                */
+-               INSIST(! dns_rdataset_isassociated(sigrdataset));
+               if (dns_rdataset_isassociated(sigrdataset))
+                       dns_rdataset_disassociate(sigrdataset);
+        }
+        if (result == ISC_R_SUCCESS) {
+                /* Remember the result as a cache */
+--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
+@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
+                              rdataset);
+                if (need_headerupdate(found, search.now))
+                        update = found;
+-               if (foundsig != NULL) {
+               if (!NEGATIVE(found) && foundsig != NULL) {
+                        bind_rdataset(search.rbtdb, node, foundsig, search.now,
+                                      sigrdataset);
+                        if (need_headerupdate(foundsig, search.now))
+@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
+        }
+        if (found != NULL) {
+                bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+-               if (foundsig != NULL)
+               if (!NEGATIVE(found) && foundsig != NULL)
+                        bind_rdataset(rbtdb, rbtnode, foundsig, now,
+                                      sigrdataset);
+        }
+@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
+        }
+        if (found != NULL) {
+                bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+-               if (foundsig != NULL)
+               if (!NEGATIVE(found) && foundsig != NULL)
+                        bind_rdataset(rbtdb, rbtnode, foundsig, now,
+                                      sigrdataset);
+        }
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
new file mode 100644
index 0000000000..c441eab65d
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
@@ -0,0 +1,92 @@
+bind CVE-2012-1667
+Upstream-Status: Backport
+ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
+and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource
+records with a zero-length RDATA section, which allows remote DNS servers to
+cause a denial of service (daemon crash or data corruption) or obtain
+sensitive information from process memory via a crafted record.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
+The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package.
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ lib/dns/rdata.c     |    8 ++++----
+ lib/dns/rdataslab.c |   11 ++++++++---
+ 2 files changed, 12 insertions(+), 7 deletions(-)
+diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
+index 063b1f6..9337a80 100644
+--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
+@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
+ 
+        REQUIRE(rdata1 != NULL);
+        REQUIRE(rdata2 != NULL);
+-       REQUIRE(rdata1->data != NULL);
+-       REQUIRE(rdata2->data != NULL);
+       REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+       REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
+        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
+        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
+ 
+@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
+ 
+        REQUIRE(rdata1 != NULL);
+        REQUIRE(rdata2 != NULL);
+-       REQUIRE(rdata1->data != NULL);
+-       REQUIRE(rdata2->data != NULL);
+       REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
+       REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
+        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
+        REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
+ 
+diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
+index a41f16f..ed13b30 100644
+--- a/lib/dns/rdataslab.c
+++ b/lib/dns/rdataslab.c
+@@ -125,6 +125,11 @@ isc_result_t
+ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+                           isc_region_t *region, unsigned int reservelen)
+ {
+       /*
+        * Use &removed as a sentinal pointer for duplicate
+        * rdata as rdata.data == NULL is valid.
+        */
+       static unsigned char removed;
+        struct xrdata  *x;
+        unsigned char  *rawbuf;
+ #if DNS_RDATASET_FIXED
+@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+                INSIST(result == ISC_R_SUCCESS);
+                dns_rdata_init(&x[i].rdata);
+                dns_rdataset_current(rdataset, &x[i].rdata);
+               INSIST(x[i].rdata.data != &removed);
+ #if DNS_RDATASET_FIXED
+                x[i].order = i;
+ #endif
+@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+         */
+        for (i = 1; i < nalloc; i++) {
+                if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
+-                       x[i-1].rdata.data = NULL;
+-                       x[i-1].rdata.length = 0;
+                       x[i-1].rdata.data = &removed;
+ #if DNS_RDATASET_FIXED
+                        /*
+                         * Preserve the least order so A, B, A -> A, B
+@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ #endif
+ 
+        for (i = 0; i < nalloc; i++) {
+-               if (x[i].rdata.data == NULL)
+               if (x[i].rdata.data == &removed)
+                        continue;
+ #if DNS_RDATASET_FIXED
+                offsettable[x[i].order] = rawbuf - offsetbase;
+-- 
+1.7.0.5
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch
new file mode 100644
index 0000000000..1e159bd2f8
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-3817.patch
@@ -0,0 +1,40 @@
+bind: fix for CVE-2012-3817
+Upstream-Status: Backport
+ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2;
+9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation
+is enabled, does not properly initialize the failing-query cache, which allows
+remote attackers to cause a denial of service (assertion failure and daemon exit)
+by sending many queries.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3817
+This patch is back-ported from bind-9.3.6-20.P1.el5_8.2.src.rpm package.
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+---
+ resolver.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
+@@ -8318,6 +8318,7 @@ dns_resolver_addbadcache(dns_resolver_t 
+                        goto cleanup;
+                bad->type = type;
+                bad->hashval = hashval;
+               bad->expire = *expire;
+                isc_buffer_init(&buffer, bad + 1, name->length);
+                dns_name_init(&bad->name, NULL);
+                dns_name_copy(name, &bad->name, &buffer);
+@@ -8329,8 +8330,8 @@ dns_resolver_addbadcache(dns_resolver_t 
+                if (resolver->badcount < resolver->badhash * 2 &&
+                    resolver->badhash > DNS_BADCACHE_SIZE)
+                        resizehash(resolver, &now, ISC_FALSE);
+-       }
+-       bad->expire = *expire;
+       } else
+               bad->expire = *expire;
+  cleanup:
+        UNLOCK(&resolver->lock);
+ }
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
new file mode 100644
index 0000000000..7ec6deb714
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
@@ -0,0 +1,41 @@
+bind: fix for CVE-2013-2266
+Upstream-Status: Backport
+libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2,
+9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows
+remote attackers to cause a denial of service (memory consumption) via a
+crafted regular expression, as demonstrated by a memory-exhaustion attack
+against a machine running a named process.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266
+Signed-off-by Ming Liu <ming.liu@windriver.com>
+---
+ config.h.in  |    3 ---
+ configure.in |    2 +-
+ 2 files changed, 1 insertion(+), 4 deletions(-)
+--- a/config.h.in
+++ b/config.h.in
+@@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int
+ /* Define if your OpenSSL version supports GOST. */
+ #undef HAVE_OPENSSL_GOST
+ 
+-/* Define to 1 if you have the <regex.h> header file. */
+-#undef HAVE_REGEX_H
+-
+ /* Define to 1 if you have the `setegid' function. */
+ #undef HAVE_SETEGID
+ 
+--- a/configure.in
+++ b/configure.in
+@@ -279,7 +279,7 @@ esac
+ 
+ AC_HEADER_STDC
+ 
+-AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
+ [$ac_includes_default
+ #ifdef HAVE_SYS_PARAM_H
+ # include <sys/param.h>
diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
new file mode 100644
index 0000000000..5dd6f69e45
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
@@ -0,0 +1,141 @@
+bind_Fix_for_CVE-2012-4244
+Upstream-Status: Backport
+Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit
+ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
+ and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
+cause a denial of service (assertion failure and named daemon exit) via
+a query for a long resource record.
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
+--- a/lib/dns/include/dns/rdata.h       2012-10-08 12:19:42.000000000 +0800
+++ b/lib/dns/include/dns/rdata.h       2012-10-08 11:26:43.000000000 +0800
+@@ -147,6 +147,17 @@ struct dns_rdata {
+        (((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0)
+ 
+ /*
+ * The maximum length of a RDATA that can be sent on the wire.
+ * Max packet size (65535) less header (12), less name (1), type (2),
+ * class (2), ttl(4), length (2).
+ *
+ * None of the defined types that support name compression can exceed
+ * this and all new types are to be sent uncompressed.
+ */
+
+#define DNS_RDATA_MAXLENGTH    65512U
+
+/*
+  * Flags affecting rdata formatting style.  Flags 0xFFFF0000
+  * are used by masterfile-level formatting and defined elsewhere.
+  * See additional comments at dns_rdata_tofmttext().
+diff -urpN a/lib/dns/master.c b/lib/dns/master.c
+--- a/lib/dns/master.c  2012-10-08 12:19:42.000000000 +0800
+++ b/lib/dns/master.c  2012-10-08 11:27:06.000000000 +0800
+@@ -75,7 +75,7 @@
+ /*%
+  * max message size - header - root - type - class - ttl - rdlen
+  */
+-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
+#define MINTSIZ DNS_RDATA_MAXLENGTH 
+ /*%
+  * Size for tokens in the presentation format,
+  * The largest tokens are the base64 blocks in KEY and CERT records,
+diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c
+--- a/lib/dns/rdata.c   2012-10-08 12:19:42.000000000 +0800
+++ b/lib/dns/rdata.c   2012-10-08 11:27:27.000000000 +0800
+@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+        isc_buffer_t st;
+        isc_boolean_t use_default = ISC_FALSE;
+        isc_uint32_t activelength;
+       size_t length;
+ 
+        REQUIRE(dctx != NULL);
+        if (rdata != NULL) {
+@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+        }
+ 
+        /*
+        * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
+        * as we cannot transmit it.
+        */
+       length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+       if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+               result = DNS_R_FORMERR;
+
+       /*
+         * We should have consumed all of our buffer.
+         */
+        if (result == ISC_R_SUCCESS && !buffer_empty(source))
+@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+ 
+        if (rdata != NULL && result == ISC_R_SUCCESS) {
+                region.base = isc_buffer_used(&st);
+-               region.length = isc_buffer_usedlength(target) -
+-                               isc_buffer_usedlength(&st);
+               region.length = length;
+                dns_rdata_fromregion(rdata, rdclass, type, &region);
+        }
+ 
+@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
+        unsigned long line;
+        void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
+        isc_result_t tresult;
+       size_t length;
+ 
+        REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
+        if (rdata != NULL) {
+@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
+                }
+        } while (1);
+ 
+       length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+       if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+               result = ISC_R_NOSPACE;
+
+        if (rdata != NULL && result == ISC_R_SUCCESS) {
+                region.base = isc_buffer_used(&st);
+-               region.length = isc_buffer_usedlength(target) -
+-                               isc_buffer_usedlength(&st);
+               region.length = length;
+                dns_rdata_fromregion(rdata, rdclass, type, &region);
+        }
+        if (result != ISC_R_SUCCESS) {
+@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
+        isc_buffer_t st;
+        isc_region_t region;
+        isc_boolean_t use_default = ISC_FALSE;
+       size_t length;
+ 
+        REQUIRE(source != NULL);
+        if (rdata != NULL) {
+@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
+        if (use_default)
+                (void)NULL;
+ 
+       length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
+       if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
+               result = ISC_R_NOSPACE;
+
+        if (rdata != NULL && result == ISC_R_SUCCESS) {
+                region.base = isc_buffer_used(&st);
+-               region.length = isc_buffer_usedlength(target) -
+-                               isc_buffer_usedlength(&st);
+               region.length = length;
+                dns_rdata_fromregion(rdata, rdclass, type, &region);
+        }
+        if (result != ISC_R_SUCCESS)
+diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
+--- a/lib/dns/rdataslab.c       2012-10-08 12:19:42.000000000 +0800
+++ b/lib/dns/rdataslab.c       2012-10-08 11:27:54.000000000 +0800
+@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
+                length = x[i].rdata.length;
+                if (rdataset->type == dns_rdatatype_rrsig)
+                        length++;
+               INSIST(length <= 0xffff);
+                *rawbuf++ = (length & 0xff00) >> 8;
+                *rawbuf++ = (length & 0x00ff);
+ #if DNS_RDATASET_FIXED
diff --git a/meta/recipes-connectivity/bind/bind/bind9 b/meta/recipes-connectivity/bind/bind/bind9
new file mode 100644
index 0000000000..968679ff7f
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind9
@@ -0,0 +1,2 @@
+# startup options for the server
+OPTIONS="-u bind"
diff --git a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2014-8500.patch b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2014-8500.patch
new file mode 100644
index 0000000000..62142d2313
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2014-8500.patch
@@ -0,0 +1,990 @@
+From 603a0e2637b35a2da820bc807f69bcf09c682dce Mon Sep 17 00:00:00 2001
+From: Evan Hunt <each@isc.org>
+Date: Mon, 17 Nov 2014 23:49:07 -0800
+Subject: [PATCH] [v9_9] limit recursion depth and iterative queries
+4006.   [security]      A flaw in delegation handling could be exploited
+                        to put named into an infinite loop.  This has
+                        been addressed by placing limits on the number
+                        of levels of recursion named will allow (default 7),
+                        and the number of iterative queries that it will
+                        send (default 50) before terminating a recursive
+                        query (CVE-2014-8500).
+                        The recursion depth limit is configured via the
+                        "max-recursion-depth" option.  [RT #35780]
+Upstream-Status: Backport
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ bin/named/config.c                   |  3 +-
+ bin/named/include/named/query.h      |  2 -
+ bin/named/query.c                    |  7 ++-
+ bin/named/server.c                   |  5 ++
+ bin/tests/system/many/clean.sh       |  7 +++
+ bin/tests/system/many/ns1/named.conf | 33 +++++++++++++
+ bin/tests/system/many/ns2/named.conf | 30 ++++++++++++
+ bin/tests/system/many/ns3/named.conf | 32 +++++++++++++
+ bin/tests/system/many/ns4/named.conf | 30 ++++++++++++
+ bin/tests/system/many/ns5/hints.db   |  2 +
+ bin/tests/system/many/ns5/named.conf | 29 ++++++++++++
+ bin/tests/system/many/setup.sh       | 75 ++++++++++++++++++++++++++++++
+ bin/tests/system/many/tests.sh       | 48 +++++++++++++++++++
+ doc/arm/Bv9ARM-book.xml              | 12 +++++
+ lib/dns/adb.c                        | 58 ++++++++++++++++-------
+ lib/dns/include/dns/adb.h            |  8 ++++
+ lib/dns/include/dns/resolver.h       | 25 ++++++++++
+ lib/dns/resolver.c                   | 90 ++++++++++++++++++++++++++++++------
+ lib/isccfg/namedconf.c               |  1 +
+ 20 files changed, 471 insertions(+), 37 deletions(-)
+ create mode 100644 bin/tests/system/many/clean.sh
+ create mode 100644 bin/tests/system/many/ns1/named.conf
+ create mode 100644 bin/tests/system/many/ns2/named.conf
+ create mode 100644 bin/tests/system/many/ns3/named.conf
+ create mode 100644 bin/tests/system/many/ns4/named.conf
+ create mode 100644 bin/tests/system/many/ns5/hints.db
+ create mode 100644 bin/tests/system/many/ns5/named.conf
+ create mode 100644 bin/tests/system/many/setup.sh
+ create mode 100644 bin/tests/system/many/tests.sh
+diff --git a/bin/named/config.c b/bin/named/config.c
+index 2782720..5ee8c4e 100644
+--- a/bin/named/config.c
+++ b/bin/named/config.c
+@@ -15,8 +15,6 @@
+  * PERFORMANCE OF THIS SOFTWARE.
+  */
+-/* $Id: config.c,v 1.123 2012/01/06 23:46:41 tbox Exp $ */
+-
+ /*! \file */
+ #include <config.h>
+@@ -160,6 +158,7 @@ options {\n\
+        dnssec-accept-expired no;\n\
+        clients-per-query 10;\n\
+        max-clients-per-query 100;\n\
+       max-recursion-depth 7;\n\
+        zero-no-soa-ttl-cache no;\n\
+        nsec3-test-zone no;\n\
+        allow-new-zones no;\n\
+diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h
+index 3beabb8..b5e3900 100644
+--- a/bin/named/include/named/query.h
+++ b/bin/named/include/named/query.h
+@@ -15,8 +15,6 @@
+  * PERFORMANCE OF THIS SOFTWARE.
+  */
+-/* $Id: query.h,v 1.45 2011/01/13 04:59:24 tbox Exp $ */
+-
+ #ifndef NAMED_QUERY_H
+ #define NAMED_QUERY_H 1
+diff --git a/bin/named/query.c b/bin/named/query.c
+index 982f76d..47bfc6a 100644
+--- a/bin/named/query.c
+++ b/bin/named/query.c
+@@ -3877,12 +3877,11 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
+                peeraddr = &client->peeraddr;
+        else
+                peeraddr = NULL;
+-       result = dns_resolver_createfetch2(client->view->resolver,
+       result = dns_resolver_createfetch3(client->view->resolver,
+                                           qname, qtype, qdomain, nameservers,
+                                           NULL, peeraddr, client->message->id,
+-                                          client->query.fetchoptions,
+-                                          client->task,
+-                                          query_resume, client,
+                                          client->query.fetchoptions, 0,
+                                          client->task, query_resume, client,
+                                           rdataset, sigrdataset,
+                                           &client->query.fetch);
+ 
+diff --git a/bin/named/server.c b/bin/named/server.c
+index ac015a4..0559977 100644
+--- a/bin/named/server.c
+++ b/bin/named/server.c
+@@ -3161,6 +3161,11 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
+                                        cfg_obj_asuint32(obj),
+                                        max_clients_per_query);
+ 
+       obj = NULL;
+       result = ns_config_get(maps, "max-recursion-depth", &obj);
+       INSIST(result == ISC_R_SUCCESS);
+       dns_resolver_setmaxdepth(view->resolver, cfg_obj_asuint32(obj));
+
+ #ifdef ALLOW_FILTER_AAAA_ON_V4
+        obj = NULL;
+        result = ns_config_get(maps, "filter-aaaa-on-v4", &obj);
+diff --git a/bin/tests/system/many/clean.sh b/bin/tests/system/many/clean.sh
+new file mode 100644
+index 0000000..119b1f5
+--- /dev/null
+++ b/bin/tests/system/many/clean.sh
+@@ -0,0 +1,7 @@
+rm -f ns1/[1-9]*example.tld?.db
+rm -f ns2/[1-9]*example.tld?.db
+rm -f ns1/zones.conf
+rm -f ns2/zones.conf
+rm -f */root.db
+rm -f ns3/tld1.db
+rm -f ns4/tld2.db
+diff --git a/bin/tests/system/many/ns1/named.conf b/bin/tests/system/many/ns1/named.conf
+new file mode 100644
+index 0000000..abc9dca
+--- /dev/null
+++ b/bin/tests/system/many/ns1/named.conf
+@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+controls { /* empty */ };
+
+options {
+       query-source address 10.53.0.1;
+       notify-source 10.53.0.1;
+       transfer-source 10.53.0.1;
+       port 5300;
+       pid-file "named.pid";
+       listen-on { 10.53.0.1; };
+       listen-on-v6 { none; };
+       recursion no;
+};
+
+include "zones.conf";
+
+// zone "tld1" { type master; file "tld1.db"; };
+// zone "tld2" { type master; file "tld2.db"; };
+diff --git a/bin/tests/system/many/ns2/named.conf b/bin/tests/system/many/ns2/named.conf
+new file mode 100644
+index 0000000..16266e2
+--- /dev/null
+++ b/bin/tests/system/many/ns2/named.conf
+@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+controls { /* empty */ };
+
+options {
+       query-source address 10.53.0.2;
+       notify-source 10.53.0.2;
+       transfer-source 10.53.0.2;
+       port 5300;
+       pid-file "named.pid";
+       listen-on { 10.53.0.2; };
+       listen-on-v6 { none; };
+       recursion no;
+};
+
+include "zones.conf";
+diff --git a/bin/tests/system/many/ns3/named.conf b/bin/tests/system/many/ns3/named.conf
+new file mode 100644
+index 0000000..b950afe
+--- /dev/null
+++ b/bin/tests/system/many/ns3/named.conf
+@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+controls { /* empty */ };
+
+options {
+       query-source address 10.53.0.3;
+       notify-source 10.53.0.3;
+       transfer-source 10.53.0.3;
+       port 5300;
+       pid-file "named.pid";
+       listen-on { 10.53.0.3; };
+       listen-on-v6 { none; };
+       recursion no;
+};
+
+zone "." { type master; file "root.db"; };
+
+zone "tld1" { type master; file "tld1.db"; };
+diff --git a/bin/tests/system/many/ns4/named.conf b/bin/tests/system/many/ns4/named.conf
+new file mode 100644
+index 0000000..ca9aa6a
+--- /dev/null
+++ b/bin/tests/system/many/ns4/named.conf
+@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+controls { /* empty */ };
+
+options {
+       query-source address 10.53.0.4;
+       notify-source 10.53.0.4;
+       transfer-source 10.53.0.4;
+       port 5300;
+       pid-file "named.pid";
+       listen-on { 10.53.0.4; };
+       listen-on-v6 { none; };
+       recursion no;
+};
+
+zone "tld2" { type master; file "tld2.db"; };
+diff --git a/bin/tests/system/many/ns5/hints.db b/bin/tests/system/many/ns5/hints.db
+new file mode 100644
+index 0000000..c05809b
+--- /dev/null
+++ b/bin/tests/system/many/ns5/hints.db
+@@ -0,0 +1,2 @@
+. 60 in ns ns.nil.
+ns.nil. 60 in A 10.53.0.3
+diff --git a/bin/tests/system/many/ns5/named.conf b/bin/tests/system/many/ns5/named.conf
+new file mode 100644
+index 0000000..fce7d59
+--- /dev/null
+++ b/bin/tests/system/many/ns5/named.conf
+@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+controls { /* empty */ };
+
+options {
+       query-source address 10.53.0.5;
+       notify-source 10.53.0.5;
+       transfer-source 10.53.0.5;
+       port 5300;
+       pid-file "named.pid";
+       listen-on { 10.53.0.5; };
+       listen-on-v6 { none; };
+};
+
+zone "." { type hint; file "hints.db"; };
+diff --git a/bin/tests/system/many/setup.sh b/bin/tests/system/many/setup.sh
+new file mode 100644
+index 0000000..80695b5
+--- /dev/null
+++ b/bin/tests/system/many/setup.sh
+@@ -0,0 +1,75 @@
+i=1
+
+cat > ns3/root.db << EOF
+. 60 in soa ns.nil. hostmaster.ns.nil. 1 0 0 0 0
+. 60 in ns ns.nil.
+ns.nil. 60 in a 10.53.0.3
+tld1. 60 in ns ns.tld1.
+ns.tld1. 60 in a 10.53.0.3
+tld2. 60 in ns ns.tld2.
+ns.tld2. 60 in a 10.53.0.4
+EOF
+
+cat > ns3/tld1.db << EOF
+tld1. 60 in soa ns.tld1. hostmaster.ns.tld1. 1 0 0 0 0
+tld1. 60 in ns ns.tld1.
+ns.tld1. 60 in a 10.53.0.1
+EOF
+
+cat > ns4/tld2.db << EOF
+tld2. 60 in soa ns.tld2. hostmaster.ns.tld4. 1 0 0 0 0
+tld2. 60 in ns ns.tld2.
+ns.tld2. 60 in a 10.53.0.1
+EOF
+
+: > ns1/zones.conf
+: > ns2/zones.conf
+
+while [ $i -lt 1000 ]
+do
+j=`expr $i + 1`
+s=`expr $j % 2 + 1`
+n=`expr $i % 2 + 1`
+t=`expr $s + 2`
+
+# i=1 j=2 s=1 n=2
+# i=2 j=3 s=1 n=2
+# i=3 j=4 s=1 n=2
+
+cat > ns1/${i}example.tld${s}.db << EOF
+${i}example.tld${s}. 60 in soa ns.${j}example.tld${n}. hostmaster 1 0 0 0 0
+${i}example.tld${s}. 60 in ns ns.${j}example.tld${n}.
+ns.${i}example.tld${s}. 60 in a 10.53.0.1
+EOF
+
+cat >> ns1/zones.conf << EOF
+zone "${i}example.tld${s}" { type master; file "${i}example.tld${s}.db"; };
+EOF
+
+cat >> ns${t}/tld${s}.db << EOF
+${i}example.tld${s}. 60 in ns ns.${j}example.tld${n}.
+EOF
+
+i=$j
+
+done
+
+j=`expr $i + 1`
+s=`expr $j % 2 + 1`
+n=`expr $s % 2 + 1`
+t=`expr $s + 2`
+
+cat > ns1/${i}example.tld${s}.db << EOF
+${i}example.tld${s}. 60 in soa ns.${i}example.tld${s}. hostmaster 1 0 0 0 0
+${i}example.tld${s}. 60 in ns ns.${i}example.tld${s}.
+ns.${i}example.tld${s}. 60 in a 10.53.0.1
+EOF
+
+cat >> ns1/zones.conf << EOF
+zone "${i}example.tld${s}" { type master; file "${i}example.tld${s}.db"; };
+EOF
+
+cat >> ns${t}/tld${s}.db << EOF
+${i}example.tld${s}. 60 in ns ns.${i}example.tld${s}.
+ns.${i}example.tld${s}. 60 in a 10.53.0.1
+EOF
+diff --git a/bin/tests/system/many/tests.sh b/bin/tests/system/many/tests.sh
+new file mode 100644
+index 0000000..37964e2
+--- /dev/null
+++ b/bin/tests/system/many/tests.sh
+@@ -0,0 +1,48 @@
+#!/bin/sh
+#
+# Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+n=0
+
+n=`expr $n + 1`
+echo "I: attempt lookup 1example.tld2 soa ($n)"
+ret=0
+$DIG +tcp 1example.tld1 soa @10.53.0.5 -p 5300  > dig.out.test$n
+grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo "I: attempt lookup 992example.tld2 soa ($n)"
+ret=0
+$DIG +tcp 992example.tld2 soa @10.53.0.5 -p 5300 >  dig.out.test$n
+grep "status: SERVFAIL" dig.out.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo "I: attempt lookup 993example.tld1 soa ($n)"
+ret=0
+$DIG +tcp 993example.tld1 soa @10.53.0.5 -p 5300 >  dig.out.test$n
+grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status
+diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
+index 9f7bd38..fff4249 100644
+--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
+@@ -4861,6 +4861,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
+     <optional> max-acache-size <replaceable>size_spec</replaceable> ; </optional>
+     <optional> clients-per-query <replaceable>number</replaceable> ; </optional>
+     <optional> max-clients-per-query <replaceable>number</replaceable> ; </optional>
+    <optional> max-recursion-depth <replaceable>number</replaceable> ; </optional>
+     <optional> masterfile-format (<constant>text</constant>|<constant>raw</constant>) ; </optional>
+     <optional> empty-server <replaceable>name</replaceable> ; </optional>
+     <optional> empty-contact <replaceable>name</replaceable> ; </optional>
+@@ -8680,6 +8681,17 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
+              </listitem>
+            </varlistentry>
+ 
+           <varlistentry id="max-recursion-depth">
+             <term><command>max-recursion-depth</command></term>
+             <listitem>
+               <para>
+                 Sets the maximum number of levels of recursion
+                 permitted at any one time while resolving a name.
+                 The default is 7.
+               </para>
+             </listitem>
+           </varlistentry>
+
+            <varlistentry>
+              <term><command>notify-delay</command></term>
+              <listitem>
+diff --git a/lib/dns/adb.c b/lib/dns/adb.c
+index 2ccb51e..fe9b3f7 100644
+--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
+@@ -199,6 +199,7 @@ struct dns_adbfetch {
+        unsigned int                    magic;
+        dns_fetch_t                    *fetch;
+        dns_rdataset_t                  rdataset;
+       unsigned int                    depth;
+ };
+ 
+ /*%
+@@ -300,7 +301,7 @@ static inline void violate_locking_hierarchy(isc_mutex_t *, isc_mutex_t *);
+ static isc_boolean_t clean_namehooks(dns_adb_t *, dns_adbnamehooklist_t *);
+ static void clean_target(dns_adb_t *, dns_name_t *);
+ static void clean_finds_at_name(dns_adbname_t *, isc_eventtype_t,
+-                               unsigned int);
+                               isc_uint32_t, unsigned int);
+ static isc_boolean_t check_expire_namehooks(dns_adbname_t *, isc_stdtime_t);
+ static isc_boolean_t check_expire_entry(dns_adb_t *, dns_adbentry_t **,
+                                        isc_stdtime_t);
+@@ -308,7 +309,7 @@ static void cancel_fetches_at_name(dns_adbname_t *);
+ static isc_result_t dbfind_name(dns_adbname_t *, isc_stdtime_t,
+                                dns_rdatatype_t);
+ static isc_result_t fetch_name(dns_adbname_t *, isc_boolean_t,
+-                              dns_rdatatype_t);
+                              unsigned int, dns_rdatatype_t);
+ static inline void check_exit(dns_adb_t *);
+ static void destroy(dns_adb_t *);
+ static isc_boolean_t shutdown_names(dns_adb_t *);
+@@ -984,7 +985,7 @@ kill_name(dns_adbname_t **n, isc_eventtype_t ev) {
+         * Clean up the name's various lists.  These two are destructive
+         * in that they will always empty the list.
+         */
+-       clean_finds_at_name(name, ev, DNS_ADBFIND_ADDRESSMASK);
+       clean_finds_at_name(name, ev, 0, DNS_ADBFIND_ADDRESSMASK);
+        result4 = clean_namehooks(adb, &name->v4);
+        result6 = clean_namehooks(adb, &name->v6);
+        clean_target(adb, &name->target);
+@@ -1409,7 +1410,7 @@ event_free(isc_event_t *event) {
+  */
+ static void
+ clean_finds_at_name(dns_adbname_t *name, isc_eventtype_t evtype,
+-                   unsigned int addrs)
+                   isc_uint32_t qtotal, unsigned int addrs)
+ {
+        isc_event_t *ev;
+        isc_task_t *task;
+@@ -1469,6 +1470,7 @@ clean_finds_at_name(dns_adbname_t *name, isc_eventtype_t evtype,
+                        ev->ev_sender = find;
+                        find->result_v4 = find_err_map[name->fetch_err];
+                        find->result_v6 = find_err_map[name->fetch6_err];
+                       find->qtotal += qtotal;
+                        ev->ev_type = evtype;
+                        ev->ev_destroy = event_free;
+                        ev->ev_destroy_arg = find;
+@@ -1827,6 +1829,7 @@ new_adbfind(dns_adb_t *adb) {
+        h->flags = 0;
+        h->result_v4 = ISC_R_UNEXPECTED;
+        h->result_v6 = ISC_R_UNEXPECTED;
+       h->qtotal = 0;
+        ISC_LINK_INIT(h, publink);
+        ISC_LINK_INIT(h, plink);
+        ISC_LIST_INIT(h->list);
+@@ -2799,6 +2802,19 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+                   isc_stdtime_t now, dns_name_t *target,
+                   in_port_t port, dns_adbfind_t **findp)
+ {
+       return (dns_adb_createfind2(adb, task, action, arg, name,
+                                   qname, qtype, options, now,
+                                   target, port, 0, findp));
+}
+
+isc_result_t
+dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+                   void *arg, dns_name_t *name, dns_name_t *qname,
+                   dns_rdatatype_t qtype, unsigned int options,
+                   isc_stdtime_t now, dns_name_t *target,
+                   in_port_t port, unsigned int depth,
+                   dns_adbfind_t **findp)
+{
+        dns_adbfind_t *find;
+        dns_adbname_t *adbname;
+        int bucket;
+@@ -3029,7 +3045,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+                 * Start V4.
+                 */
+                if (WANT_INET(wanted_fetches) &&
+-                   fetch_name(adbname, start_at_zone,
+                   fetch_name(adbname, start_at_zone, depth,
+                               dns_rdatatype_a) == ISC_R_SUCCESS) {
+                        DP(DEF_LEVEL,
+                           "dns_adb_createfind: started A fetch for name %p",
+@@ -3040,7 +3056,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+                 * Start V6.
+                 */
+                if (WANT_INET6(wanted_fetches) &&
+-                   fetch_name(adbname, start_at_zone,
+                   fetch_name(adbname, start_at_zone, depth,
+                               dns_rdatatype_aaaa) == ISC_R_SUCCESS) {
+                        DP(DEF_LEVEL,
+                           "dns_adb_createfind: "
+@@ -3656,6 +3672,7 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
+        isc_result_t result;
+        unsigned int address_type;
+        isc_boolean_t want_check_exit = ISC_FALSE;
+       isc_uint32_t qtotal = 0;
+ 
+        UNUSED(task);
+ 
+@@ -3666,6 +3683,8 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
+        adb = name->adb;
+        INSIST(DNS_ADB_VALID(adb));
+ 
+       qtotal = dev->qtotal;
+
+        bucket = name->lock_bucket;
+        LOCK(&adb->namelocks[bucket]);
+ 
+@@ -3783,6 +3802,12 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
+                DP(DEF_LEVEL, "adb: fetch of '%s' %s failed: %s",
+                   buf, address_type == DNS_ADBFIND_INET ? "A" : "AAAA",
+                   dns_result_totext(dev->result));
+               /*
+                * Don't record a failure unless this is the initial
+                * fetch of a chain.
+                */
+               if (fetch->depth > 1)
+                       goto out;
+                /* XXXMLG Don't pound on bad servers. */
+                if (address_type == DNS_ADBFIND_INET) {
+                        name->expire_v4 = ISC_MIN(name->expire_v4, now + 300);
+@@ -3814,15 +3839,14 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
+        free_adbfetch(adb, &fetch);
+        isc_event_free(&ev);
+ 
+-       clean_finds_at_name(name, ev_status, address_type);
+       clean_finds_at_name(name, ev_status, qtotal, address_type);
+ 
+        UNLOCK(&adb->namelocks[bucket]);
+ }
+ 
+ static isc_result_t
+-fetch_name(dns_adbname_t *adbname,
+-          isc_boolean_t start_at_zone,
+-          dns_rdatatype_t type)
+fetch_name(dns_adbname_t *adbname, isc_boolean_t start_at_zone,
+          unsigned int depth, dns_rdatatype_t type)
+ {
+        isc_result_t result;
+        dns_adbfetch_t *fetch = NULL;
+@@ -3867,12 +3891,14 @@ fetch_name(dns_adbname_t *adbname,
+                result = ISC_R_NOMEMORY;
+                goto cleanup;
+        }
+-
+-       result = dns_resolver_createfetch(adb->view->resolver, &adbname->name,
+-                                         type, name, nameservers, NULL,
+-                                         options, adb->task, fetch_callback,
+-                                         adbname, &fetch->rdataset, NULL,
+-                                         &fetch->fetch);
+       fetch->depth = depth;
+
+       result = dns_resolver_createfetch3(adb->view->resolver, &adbname->name,
+                                          type, name, nameservers, NULL,
+                                          NULL, 0, options, depth, adb->task,
+                                          fetch_callback, adbname,
+                                          &fetch->rdataset, NULL,
+                                          &fetch->fetch);
+        if (result != ISC_R_SUCCESS)
+                goto cleanup;
+ 
+diff --git a/lib/dns/include/dns/adb.h b/lib/dns/include/dns/adb.h
+index 35350ff..7501f01 100644
+--- a/lib/dns/include/dns/adb.h
+++ b/lib/dns/include/dns/adb.h
+@@ -118,6 +118,8 @@ struct dns_adbfind {
+        isc_result_t                    result_v6;      /*%< RO: v6 result */
+        ISC_LINK(dns_adbfind_t)         publink;        /*%< RW: client use */
+ 
+       isc_uint32_t                    qtotal;
+
+        /* Private */
+        isc_mutex_t                     lock;           /* locks all below */
+        in_port_t                       port;
+@@ -334,6 +336,12 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+                   dns_rdatatype_t qtype, unsigned int options,
+                   isc_stdtime_t now, dns_name_t *target,
+                   in_port_t port, dns_adbfind_t **find);
+isc_result_t
+dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action,
+                   void *arg, dns_name_t *name, dns_name_t *qname,
+                   dns_rdatatype_t qtype, unsigned int options,
+                   isc_stdtime_t now, dns_name_t *target, in_port_t port,
+                   unsigned int depth, dns_adbfind_t **find);
+ /*%<
+  * Main interface for clients. The adb will look up the name given in
+  * "name" and will build up a list of found addresses, and perhaps start
+diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
+index 4e20eb6..c256049 100644
+--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
+@@ -82,6 +82,7 @@ typedef struct dns_fetchevent {
+        isc_sockaddr_t *                client;
+        dns_messageid_t                 id;
+        isc_result_t                    vresult;
+       isc_uint32_t                    qtotal;
+ } dns_fetchevent_t;
+ 
+ /*
+@@ -275,6 +276,18 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+                          dns_rdataset_t *rdataset,
+                          dns_rdataset_t *sigrdataset,
+                          dns_fetch_t **fetchp);
+isc_result_t
+dns_resolver_createfetch3(dns_resolver_t *res, dns_name_t *name,
+                         dns_rdatatype_t type,
+                         dns_name_t *domain, dns_rdataset_t *nameservers,
+                         dns_forwarders_t *forwarders,
+                         isc_sockaddr_t *client, isc_uint16_t id,
+                         unsigned int options, unsigned int depth,
+                         isc_task_t *task,
+                         isc_taskaction_t action, void *arg,
+                         dns_rdataset_t *rdataset,
+                         dns_rdataset_t *sigrdataset,
+                         dns_fetch_t **fetchp);
+ /*%<
+  * Recurse to answer a question.
+  *
+@@ -576,6 +589,18 @@ dns_resolver_printbadcache(dns_resolver_t *resolver, FILE *fp);
+  * \li resolver to be valid.
+  */
+ 
+void
+dns_resolver_setmaxdepth(dns_resolver_t *resolver, unsigned int maxdepth);
+unsigned int
+dns_resolver_getmaxdepth(dns_resolver_t *resolver);
+/*%
+ * Get and set how many NS indirections will be followed when looking for
+ * nameserver addresses.
+ *
+ * Requires:
+ * \li resolver to be valid.
+ */
+
+ ISC_LANG_ENDDECLS
+ 
+ #endif /* DNS_RESOLVER_H */
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index e517dad..6a635b2 100644
+--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
+@@ -131,6 +131,16 @@
+ #define MAXIMUM_QUERY_TIMEOUT 30 /* The maximum time in seconds for the whole query to live. */
+ #endif
+ 
+/* The default maximum number of recursions to follow before giving up. */
+#ifndef DEFAULT_RECURSION_DEPTH
+#define DEFAULT_RECURSION_DEPTH 7
+#endif
+
+/* The default maximum number of iterative queries to allow before giving up. */
+#ifndef DEFAULT_MAX_QUERIES
+#define DEFAULT_MAX_QUERIES 50
+#endif
+
+ /*%
+  * Maximum EDNS0 input packet size.
+  */
+@@ -297,6 +307,7 @@ struct fetchctx {
+        isc_uint64_t                    duration;
+        isc_boolean_t                   logged;
+        unsigned int                    querysent;
+       unsigned int                    totalqueries;
+        unsigned int                    referrals;
+        unsigned int                    lamecount;
+        unsigned int                    neterr;
+@@ -307,6 +318,7 @@ struct fetchctx {
+        isc_boolean_t                   timeout;
+        dns_adbaddrinfo_t               *addrinfo;
+        isc_sockaddr_t                  *client;
+       unsigned int                    depth;
+ };
+ 
+ #define FCTX_MAGIC                     ISC_MAGIC('F', '!', '!', '!')
+@@ -419,6 +431,7 @@ struct dns_resolver {
+        isc_timer_t *                   spillattimer;
+        isc_boolean_t                   zero_no_soa_ttl;
+        unsigned int                    query_timeout;
+       unsigned int                    maxdepth;
+ 
+        /* Locked by lock. */
+        unsigned int                    references;
+@@ -1097,6 +1110,7 @@ fctx_sendevents(fetchctx_t *fctx, isc_result_t result, int line) {
+                               event->result == DNS_R_NCACHENXRRSET);
+                }
+ 
+               event->qtotal = fctx->totalqueries;
+                isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event));
+                count++;
+        }
+@@ -1537,7 +1551,9 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
+                if (result != ISC_R_SUCCESS)
+                        goto cleanup_dispatch;
+        }
+
+        fctx->querysent++;
+       fctx->totalqueries++;
+ 
+        ISC_LIST_APPEND(fctx->queries, query, link);
+        query->fctx->nqueries++;
+@@ -2194,9 +2210,10 @@ fctx_finddone(isc_task_t *task, isc_event_t *event) {
+                 */
+                INSIST(!SHUTTINGDOWN(fctx));
+                fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
+-               if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES)
+               if (event->ev_type == DNS_EVENT_ADBMOREADDRESSES) {
+                        want_try = ISC_TRUE;
+-               else {
+                       fctx->totalqueries += find->qtotal;
+               } else {
+                        fctx->findfail++;
+                        if (fctx->pending == 0) {
+                                /*
+@@ -2479,12 +2496,13 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
+         * See what we know about this address.
+         */
+        find = NULL;
+-       result = dns_adb_createfind(fctx->adb,
+-                                   res->buckets[fctx->bucketnum].task,
+-                                   fctx_finddone, fctx, name,
+-                                   &fctx->name, fctx->type,
+-                                   options, now, NULL,
+-                                   res->view->dstport, &find);
+       result = dns_adb_createfind2(fctx->adb,
+                                    res->buckets[fctx->bucketnum].task,
+                                    fctx_finddone, fctx, name,
+                                    &fctx->name, fctx->type,
+                                    options, now, NULL,
+                                    res->view->dstport,
+                                    fctx->depth + 1, &find);
+        if (result != ISC_R_SUCCESS) {
+                if (result == DNS_R_ALIAS) {
+                        /*
+@@ -2592,6 +2610,11 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) {
+ 
+        res = fctx->res;
+ 
+       if (fctx->depth > res->maxdepth) {
+               FCTXTRACE("too much NS indirection");
+               return (DNS_R_SERVFAIL);
+       }
+
+        /*
+         * Forwarders.
+         */
+@@ -3030,6 +3053,9 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
+ 
+        REQUIRE(!ADDRWAIT(fctx));
+ 
+       if (fctx->totalqueries > DEFAULT_MAX_QUERIES)
+               fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
+
+        addrinfo = fctx_nextaddress(fctx);
+        if (addrinfo == NULL) {
+                /*
+@@ -3388,6 +3414,7 @@ fctx_start(isc_task_t *task, isc_event_t *event) {
+                 * Normal fctx startup.
+                 */
+                fctx->state = fetchstate_active;
+               fctx->totalqueries = 0;
+                /*
+                 * Reset the control event for later use in shutting down
+                 * the fctx.
+@@ -3457,6 +3484,7 @@ fctx_join(fetchctx_t *fctx, isc_task_t *task, isc_sockaddr_t *client,
+        event->fetch = fetch;
+        event->client = client;
+        event->id = id;
+       event->qtotal = 0;
+        dns_fixedname_init(&event->foundname);
+ 
+        /*
+@@ -3493,7 +3521,8 @@ log_ns_ttl(fetchctx_t *fctx, const char *where) {
+ static isc_result_t
+ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
+            dns_name_t *domain, dns_rdataset_t *nameservers,
+-           unsigned int options, unsigned int bucketnum, fetchctx_t **fctxp)
+           unsigned int options, unsigned int bucketnum, unsigned int depth,
+           fetchctx_t **fctxp)
+ {
+        fetchctx_t *fctx;
+        isc_result_t result;
+@@ -3545,6 +3574,7 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
+        fctx->state = fetchstate_init;
+        fctx->want_shutdown = ISC_FALSE;
+        fctx->cloned = ISC_FALSE;
+       fctx->depth = depth;
+        ISC_LIST_INIT(fctx->queries);
+        ISC_LIST_INIT(fctx->finds);
+        ISC_LIST_INIT(fctx->altfinds);
+@@ -3563,6 +3593,7 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
+        fctx->pending = 0;
+        fctx->restarts = 0;
+        fctx->querysent = 0;
+       fctx->totalqueries = 0;
+        fctx->referrals = 0;
+        TIME_NOW(&fctx->start);
+        fctx->timeouts = 0;
+@@ -7781,6 +7812,7 @@ dns_resolver_create(dns_view_t *view,
+        res->spillattimer = NULL;
+        res->zero_no_soa_ttl = ISC_FALSE;
+        res->query_timeout = DEFAULT_QUERY_TIMEOUT;
+       res->maxdepth = DEFAULT_RECURSION_DEPTH;
+        res->nbuckets = ntasks;
+        res->activebuckets = ntasks;
+        res->buckets = isc_mem_get(view->mctx,
+@@ -8219,9 +8251,9 @@ dns_resolver_createfetch(dns_resolver_t *res, dns_name_t *name,
+                         dns_rdataset_t *sigrdataset,
+                         dns_fetch_t **fetchp)
+ {
+-       return (dns_resolver_createfetch2(res, name, type, domain,
+       return (dns_resolver_createfetch3(res, name, type, domain,
+                                          nameservers, forwarders, NULL, 0,
+-                                         options, task, action, arg,
+                                         options, 0, task, action, arg,
+                                          rdataset, sigrdataset, fetchp));
+ }
+ 
+@@ -8237,6 +8269,25 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+                          dns_rdataset_t *sigrdataset,
+                          dns_fetch_t **fetchp)
+ {
+       return (dns_resolver_createfetch3(res, name, type, domain,
+                                         nameservers, forwarders, client, id,
+                                         options, 0, task, action, arg,
+                                         rdataset, sigrdataset, fetchp));
+}
+
+isc_result_t
+dns_resolver_createfetch3(dns_resolver_t *res, dns_name_t *name,
+                         dns_rdatatype_t type,
+                         dns_name_t *domain, dns_rdataset_t *nameservers,
+                         dns_forwarders_t *forwarders,
+                         isc_sockaddr_t *client, dns_messageid_t id,
+                         unsigned int options, unsigned int depth,
+                         isc_task_t *task,
+                         isc_taskaction_t action, void *arg,
+                         dns_rdataset_t *rdataset,
+                         dns_rdataset_t *sigrdataset,
+                         dns_fetch_t **fetchp)
+{
+        dns_fetch_t *fetch;
+        fetchctx_t *fctx = NULL;
+        isc_result_t result = ISC_R_SUCCESS;
+@@ -8325,11 +8376,12 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name,
+ 
+        if (fctx == NULL) {
+                result = fctx_create(res, name, type, domain, nameservers,
+-                                    options, bucketnum, &fctx);
+                                    options, bucketnum, depth, &fctx);
+                if (result != ISC_R_SUCCESS)
+                        goto unlock;
+                new_fctx = ISC_TRUE;
+-       }
+       } else if (fctx->depth > depth)
+               fctx->depth = depth;
+ 
+        result = fctx_join(fctx, task, client, id, action, arg,
+                           rdataset, sigrdataset, fetch);
+@@ -9101,3 +9153,15 @@ dns_resolver_settimeout(dns_resolver_t *resolver, unsigned int seconds) {
+ 
+        resolver->query_timeout = seconds;
+ }
+
+void
+dns_resolver_setmaxdepth(dns_resolver_t *resolver, unsigned int maxdepth) {
+       REQUIRE(VALID_RESOLVER(resolver));
+       resolver->maxdepth = maxdepth;
+}
+
+unsigned int
+dns_resolver_getmaxdepth(dns_resolver_t *resolver) {
+       REQUIRE(VALID_RESOLVER(resolver));
+       return (resolver->maxdepth);
+}
+diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
+index bfd4bab..5f8b037 100644
+--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
+@@ -1393,6 +1393,7 @@ view_clauses[] = {
+        { "max-cache-ttl", &cfg_type_uint32, 0 },
+        { "max-clients-per-query", &cfg_type_uint32, 0 },
+        { "max-ncache-ttl", &cfg_type_uint32, 0 },
+       { "max-recursion-depth", &cfg_type_uint32, 0 },
+        { "max-udp-size", &cfg_type_uint32, 0 },
+        { "min-roots", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTIMP },
+        { "minimal-responses", &cfg_type_boolean, 0 },
+-- 
+1.9.1
diff --git a/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
new file mode 100644
index 0000000000..896272a471
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind9_9_5-CVE-2015-5477.patch
@@ -0,0 +1,45 @@
+From dbb064aa7972ef918d9a235b713108a4846cbb62 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 14 Jul 2015 14:48:42 +1000
+Subject: [PATCH] 4165.   [bug]           An failure to reset a value to NULL
+ in tkey.c could                         result in an assertion failure.
+ (CVE-2015-5477)                         [RT #40046]
+Upstream-Status: Backport
+[CHANGES file has been edited manually to add CVE-2015-5477 and
+an already applied CVE (CVE-2014-8500)].
+Referenc: https://kb.isc.org/article/AA-01272
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+diff -ruN a/CHANGES b/CHANGES
+--- a/CHANGES   2014-01-27 19:58:24.000000000 +0100
+++ b/CHANGES   2015-07-30 11:03:18.871670769 +0200
+@@ -1,4 +1,15 @@
+        --- 9.9.5 released ---
+4165.   [security]      An failure to reset a value to NULL in tkey.c could
+                        result in an assertion failure. (CVE-2015-5477)
+                        [RT #40046]
+
+4006.   [security]      A flaw in delegation handling could be exploited
+                        to put named into an infinite loop.  This has
+                        been addressed by placing limits on the number
+                        of levels of recursion named will allow (default 7),
+                        and the number of iterative queries that it will
+                        send (default 50) before terminating a recursive
+                        query (CVE-2014-8500).
+ 
+        --- 9.9.5rc2 released ---
+ 
+diff -ruN a/lib/dns/tkey.c b/lib/dns/tkey.c
+--- a/lib/dns/tkey.c    2014-01-27 19:58:24.000000000 +0100
+++ b/lib/dns/tkey.c    2015-07-30 10:58:30.647945942 +0200
+@@ -650,6 +650,7 @@
+                 * Try the answer section, since that's where Win2000
+                 * puts it.
+                 */
+               name = NULL;
+                if (dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
+                                         dns_rdatatype_tkey, 0, &name,
+                                         &tkeyset) != ISC_R_SUCCESS) {
diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind/conf.patch
new file mode 100644
index 0000000000..432c8741cf
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/conf.patch
@@ -0,0 +1,314 @@
+Upstream-Status: Inappropriate [configuration]
+the patch is imported from openembedded project
+11/30/2010 - Qing He <qing.he@intel.com>
+diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0
+--- bind-9.3.1.orig/conf/db.0   1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/db.0        2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL   604800
+@      IN      SOA     localhost. root.localhost. (
+                             1         ; Serial
+                        604800         ; Refresh
+                         86400         ; Retry
+                       2419200         ; Expire
+                        604800 )       ; Negative Cache TTL
+;
+@      IN      NS      localhost.
+diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127
+--- bind-9.3.1.orig/conf/db.127 1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/db.127      2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL   604800
+@      IN      SOA     localhost. root.localhost. (
+                             1         ; Serial
+                        604800         ; Refresh
+                         86400         ; Retry
+                       2419200         ; Expire
+                        604800 )       ; Negative Cache TTL
+;
+@      IN      NS      localhost.
+1.0.0  IN      PTR     localhost.
+diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty
+--- bind-9.3.1.orig/conf/db.empty       1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/db.empty    2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL   86400
+@      IN      SOA     localhost. root.localhost. (
+                             1         ; Serial
+                        604800         ; Refresh
+                         86400         ; Retry
+                       2419200         ; Expire
+                         86400 )       ; Negative Cache TTL
+;
+@      IN      NS      localhost.
+diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local
+--- bind-9.3.1.orig/conf/db.local       1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/db.local    2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,13 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL   604800
+@      IN      SOA     localhost. root.localhost. (
+                             1         ; Serial
+                        604800         ; Refresh
+                         86400         ; Retry
+                       2419200         ; Expire
+                        604800 )       ; Negative Cache TTL
+;
+@      IN      NS      localhost.
+@      IN      A       127.0.0.1
+diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root
+--- bind-9.3.1.orig/conf/db.root        1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/db.root     2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,45 @@
+
+; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
+;; global options:  printcmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
+;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
+
+;; QUESTION SECTION:
+;.                             IN      NS
+
+;; ANSWER SECTION:
+.                      518400  IN      NS      A.ROOT-SERVERS.NET.
+.                      518400  IN      NS      B.ROOT-SERVERS.NET.
+.                      518400  IN      NS      C.ROOT-SERVERS.NET.
+.                      518400  IN      NS      D.ROOT-SERVERS.NET.
+.                      518400  IN      NS      E.ROOT-SERVERS.NET.
+.                      518400  IN      NS      F.ROOT-SERVERS.NET.
+.                      518400  IN      NS      G.ROOT-SERVERS.NET.
+.                      518400  IN      NS      H.ROOT-SERVERS.NET.
+.                      518400  IN      NS      I.ROOT-SERVERS.NET.
+.                      518400  IN      NS      J.ROOT-SERVERS.NET.
+.                      518400  IN      NS      K.ROOT-SERVERS.NET.
+.                      518400  IN      NS      L.ROOT-SERVERS.NET.
+.                      518400  IN      NS      M.ROOT-SERVERS.NET.
+
+;; ADDITIONAL SECTION:
+A.ROOT-SERVERS.NET.    3600000 IN      A       198.41.0.4
+B.ROOT-SERVERS.NET.    3600000 IN      A       192.228.79.201
+C.ROOT-SERVERS.NET.    3600000 IN      A       192.33.4.12
+D.ROOT-SERVERS.NET.    3600000 IN      A       128.8.10.90
+E.ROOT-SERVERS.NET.    3600000 IN      A       192.203.230.10
+F.ROOT-SERVERS.NET.    3600000 IN      A       192.5.5.241
+G.ROOT-SERVERS.NET.    3600000 IN      A       192.112.36.4
+H.ROOT-SERVERS.NET.    3600000 IN      A       128.63.2.53
+I.ROOT-SERVERS.NET.    3600000 IN      A       192.36.148.17
+J.ROOT-SERVERS.NET.    3600000 IN      A       192.58.128.30
+K.ROOT-SERVERS.NET.    3600000 IN      A       193.0.14.129
+L.ROOT-SERVERS.NET.    3600000 IN      A       198.32.64.12
+M.ROOT-SERVERS.NET.    3600000 IN      A       202.12.27.33
+
+;; Query time: 81 msec
+;; SERVER: 198.41.0.4#53(a.root-servers.net.)
+;; WHEN: Sun Feb  1 11:27:14 2004
+;; MSG SIZE  rcvd: 436
+
+diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf
+--- bind-9.3.1.orig/conf/named.conf     1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/named.conf  2005-07-10 22:33:46.000000000 +0200
+@@ -0,0 +1,49 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+
+// prime the server with knowledge of the root servers
+zone "." {
+       type hint;
+       file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+       type master;
+       file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+       type master;
+       file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+       type master;
+       file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+       type master;
+       file "/etc/bind/db.255";
+};
+
+// zone "com" { type delegation-only; };
+// zone "net" { type delegation-only; };
+
+// From the release notes:
+//  Because many of our users are uncomfortable receiving undelegated answers
+//  from root or top level domains, other than a few for whom that behaviour
+//  has been trusted and expected for quite some length of time, we have now
+//  introduced the "root-delegations-only" feature which applies delegation-only
+//  logic to all top level domains, and to the root domain.  An exception list
+//  should be specified, including "MUSEUM" and "DE", and any other top level
+//  domains from whom undelegated responses are expected and trusted.
+// root-delegation-only exclude { "DE"; "MUSEUM"; };
+
+include "/etc/bind/named.conf.local";
+diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local
+--- bind-9.3.1.orig/conf/named.conf.local       1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/named.conf.local    2005-07-10 22:14:06.000000000 +0200
+@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options
+--- bind-9.3.1.orig/conf/named.conf.options     1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/named.conf.options  2005-07-10 22:14:06.000000000 +0200
+@@ -0,0 +1,24 @@
+options {
+       directory "/var/cache/bind";
+
+       // If there is a firewall between you and nameservers you want
+       // to talk to, you might need to uncomment the query-source
+       // directive below.  Previous versions of BIND always asked
+       // questions using port 53, but BIND 8.1 and later use an unprivileged
+       // port by default.
+
+       // query-source address * port 53;
+
+       // If your ISP provided one or more IP addresses for stable 
+       // nameservers, you probably want to use them as forwarders.  
+       // Uncomment the following block, and insert the addresses replacing 
+       // the all-0's placeholder.
+
+       // forwarders {
+       //      0.0.0.0;
+       // };
+
+       auth-nxdomain no;    # conform to RFC1035
+
+};
+
+diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918
+--- bind-9.3.1.orig/conf/zones.rfc1918  1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/zones.rfc1918       2005-07-10 22:14:10.000000000 +0200
+@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d
+--- bind-9.3.1.orig/init.d      1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/init.d   2005-07-10 23:09:58.000000000 +0200
+@@ -0,0 +1,70 @@
+#!/bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
+# for a chrooted server: "-u bind -t /var/lib/named"
+# Don't modify this line, change or create /etc/default/bind9.
+OPTIONS=""
+
+test -f /etc/default/bind9 && . /etc/default/bind9
+
+test -x /usr/sbin/rndc || exit 0
+
+case "$1" in
+    start)
+       echo -n "Starting domain name service: named"
+
+       modprobe capability >/dev/null 2>&1 || true
+       if [ ! -f /etc/bind/rndc.key ]; then
+           /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+           chmod 0640 /etc/bind/rndc.key
+       fi
+       if [ -f /var/run/named/named.pid ]; then
+           ps `cat /var/run/named/named.pid` > /dev/null && exit 1
+       fi
+
+       # dirs under /var/run can go away on reboots.
+       mkdir -p /var/run/named
+       mkdir -p /var/cache/bind
+       chmod 775 /var/run/named
+       chown root:bind /var/run/named >/dev/null 2>&1 || true
+
+       if [ ! -x /usr/sbin/named ]; then
+           echo "named binary missing - not starting"
+           exit 1
+       fi
+       if start-stop-daemon --start --quiet --exec /usr/sbin/named \
+               --pidfile /var/run/named/named.pid -- $OPTIONS; then
+           if [ -x /sbin/resolvconf ] ; then
+               echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo
+           fi
+       fi
+       echo "."        
+    ;;
+
+    stop)
+       echo -n "Stopping domain name service: named"
+       if [ -x /sbin/resolvconf ]; then
+           /sbin/resolvconf -d lo
+       fi
+       /usr/sbin/rndc stop >/dev/null 2>&1
+       echo "."        
+    ;;
+
+    reload)
+       /usr/sbin/rndc reload
+    ;;
+
+    restart|force-reload)
+       $0 stop
+       sleep 2
+       $0 start
+    ;;
+    
+    *)
+       echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
+       exit 1
+    ;;
+esac
+
+exit 0
diff --git a/meta/recipes-connectivity/bind/bind/cross-build-fix.patch b/meta/recipes-connectivity/bind/bind/cross-build-fix.patch
new file mode 100644
index 0000000000..4c37b6b00c
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/cross-build-fix.patch
@@ -0,0 +1,21 @@
+Upstream-Status: Inappropriate [configuration]
+11/30/2010
+gen.c should be build by ${BUILD_CC}
+Signed-off-by: Qing He <qing.he@intel.com>
+diff --git a/lib/export/dns/Makefile.in b/lib/export/dns/Makefile.in
+index aeadf57..d3fae74 100644
+--- a/lib/export/dns/Makefile.in
+++ b/lib/export/dns/Makefile.in
+@@ -166,7 +166,8 @@ code.h:     gen
+        ./gen -s ${srcdir} > code.h
+ 
+ gen: ${srcdir}/gen.c
+-       ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ ${srcdir}/gen.c ${LIBS}
+       ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
+       ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
+ 
+ #We don't need rbtdb64 for this library
+ #rbtdb64.@O@: rbtdb.c
diff --git a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
new file mode 100644
index 0000000000..288e58bb60
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Pending
+Signed-off-by Saul Wold <sgw@linux.intel.com>
+Index: bind-9.9.5/bin/Makefile.in
+===================================================================
+--- bind-9.9.5.orig/bin/Makefile.in
+++ bind-9.9.5/bin/Makefile.in
+@@ -19,7 +19,7 @@ srcdir =      @srcdir@
+ VPATH =                @srcdir@
+ top_srcdir =   @top_srcdir@
+ 
+-SUBDIRS =      named rndc dig dnssec tools tests nsupdate \
+SUBDIRS =      named rndc dig dnssec tools nsupdate \
+                check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
+ TARGETS =
+ 
diff --git a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
new file mode 100644
index 0000000000..db201270fa
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+if [ ! -s /etc/bind/rndc.key ]; then
+    echo -n "Generating /etc/bind/rndc.key:"
+    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+    chmod 0640 /etc/bind/rndc.key
+fi
diff --git a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch
new file mode 100644
index 0000000000..11db95ede1
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch
@@ -0,0 +1,65 @@
+Subject: init.d: add support for read-only rootfs
+Upstream-Status: Inappropriate [oe specific]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ init.d |   40 ++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 40 insertions(+)
+diff --git a/init.d b/init.d
+index 0111ed4..24677c8 100644
+--- a/init.d
+++ b/init.d
+@@ -6,8 +6,48 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ # Don't modify this line, change or create /etc/default/bind9.
+ OPTIONS=""
+ 
+test -f /etc/default/rcS && . /etc/default/rcS
+ test -f /etc/default/bind9 && . /etc/default/bind9
+ 
+# This function is here because it's possible that /var and / are on different partitions.
+is_on_read_only_partition () {
+    DIRECTORY=$1
+    dir=`readlink -f $DIRECTORY`
+    while true; do
+       if [ ! -d "$dir" ]; then
+           echo "ERROR: $dir is not a directory"
+           exit 1
+       else
+           for flag in `awk -v dir=$dir '{ if ($2 == dir) { print "FOUND"; split($4,FLAGS,",") } }; \
+               END { for (f in FLAGS) print FLAGS[f] }' < /proc/mounts`; do
+               [ "$flag" = "FOUND" ] && partition="read-write"
+               [ "$flag" = "ro" ] && { partition="read-only"; break; }
+           done
+           if [ "$dir" = "/" -o -n "$partition" ]; then
+               break
+           else
+               dir=`dirname $dir`
+           fi
+       fi
+    done
+    [ "$partition" = "read-only" ] && echo "yes" || echo "no"
+}
+
+bind_mount () {
+    olddir=$1
+    newdir=$2
+    mkdir -p $olddir
+    cp -a $newdir/* $olddir
+    mount --bind $olddir $newdir
+}
+
+# Deal with read-only rootfs
+if [ "$ROOTFS_READ_ONLY" = "yes" ]; then
+    [ "$VERBOSE" != "no" ] && echo "WARN: start bind service in read-only rootfs"
+    [ `is_on_read_only_partition /etc/bind` = "yes" ] && bind_mount /var/volatile/bind/etc /etc/bind
+    [ `is_on_read_only_partition /var/named` = "yes" ] && bind_mount /var/volatile/bind/named /var/named
+fi
+
+ test -x /usr/sbin/rndc || exit 0
+ 
+ case "$1" in
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
new file mode 100644
index 0000000000..146f3e35db
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
@@ -0,0 +1,42 @@
+bind: make "/etc/init.d/bind stop" work
+Upstream-Status: Inappropriate [configuration]
+Add some configurations, make rndc command be able to controls
+the named daemon.
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ conf/named.conf |    5 +++++
+ conf/rndc.conf  |    5 +++++
+ 2 files changed, 10 insertions(+), 0 deletions(-)
+ create mode 100644 conf/rndc.conf
+diff --git a/conf/named.conf b/conf/named.conf
+index 95829cf..c8899e7 100644
+--- a/conf/named.conf
+++ b/conf/named.conf
+@@ -47,3 +47,8 @@ zone "255.in-addr.arpa" {
+ // root-delegation-only exclude { "DE"; "MUSEUM"; };
+ 
+ include "/etc/bind/named.conf.local";
+include "/etc/bind/rndc.key" ;
+controls {
+       inet 127.0.0.1 allow { localhost; }
+       keys { rndc-key; };
+};
+diff --git a/conf/rndc.conf b/conf/rndc.conf
+new file mode 100644
+index 0000000..a0b481d
+--- /dev/null
+++ b/conf/rndc.conf
+@@ -0,0 +1,5 @@
+include "/etc/bind/rndc.key";
+options {
+       default-server  localhost;
+       default-key     rndc-key;
+};
+-- 
+1.7.5.4
diff --git a/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff b/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
new file mode 100644
index 0000000000..2930796b6a
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
@@ -0,0 +1,104 @@
+bind: port a patch to fix a build failure
+mips1 does not support ll and sc instructions, and lead to below error, now
+we port a patch from debian to fix it
+[http://security.debian.org/debian-security/pool/updates/main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u1.diff.gz]
+| {standard input}: Assembler messages:
+| {standard input}:47: Error: Opcode not supported on this processor: mips1 (mips1) `ll $3,0($6)'
+| {standard input}:50: Error: Opcode not supported on this processor: mips1 (mips1) `sc $3,0($6)'
+Upstream-Status: Pending
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+--- bind9-9.8.4.dfsg.P1.orig/lib/isc/mips/include/isc/atomic.h
+++ bind9-9.8.4.dfsg.P1/lib/isc/mips/include/isc/atomic.h
+@@ -31,18 +31,20 @@
+ isc_atomic_xadd(isc_int32_t *p, int val) {
+        isc_int32_t orig;
+ 
+-       /* add is a cheat, since MIPS has no mov instruction */
+-       __asm__ volatile (
+-           "1:"
+-           "ll $3, %1\n"
+-           "add %0, $0, $3\n"
+-           "add $3, $3, %2\n"
+-           "sc $3, %1\n"
+-           "beq $3, 0, 1b"
+-           : "=&r"(orig)
+-           : "m"(*p), "r"(val)
+-           : "memory", "$3"
+-               );
+       __asm__ __volatile__ (
+       "       .set    push            \n"
+       "       .set    mips2           \n"
+       "       .set    noreorder       \n"
+       "       .set    noat            \n"
+       "1:     ll      $1, %1          \n"
+       "       addu    %0, $1, %2      \n"
+       "       sc      %0, %1          \n"
+       "       beqz    %0, 1b          \n"
+       "       move    %0, $1          \n"
+       "       .set    pop             \n"
+       : "=&r" (orig), "+R" (*p)
+       : "r" (val)
+       : "memory");
+ 
+        return (orig);
+ }
+@@ -52,16 +54,7 @@
+  */
+ static inline void
+ isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
+-       __asm__ volatile (
+-           "1:"
+-           "ll $3, %0\n"
+-           "add $3, $0, %1\n"
+-           "sc $3, %0\n"
+-           "beq $3, 0, 1b"
+-           :
+-           : "m"(*p), "r"(val)
+-           : "memory", "$3"
+-               );
+       *p = val;
+ }
+ 
+ /*
+@@ -72,20 +65,23 @@
+ static inline isc_int32_t
+ isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) {
+        isc_int32_t orig;
+       isc_int32_t tmp;
+ 
+-       __asm__ volatile(
+-           "1:"
+-           "ll $3, %1\n"
+-           "add %0, $0, $3\n"
+-           "bne $3, %2, 2f\n"
+-           "add $3, $0, %3\n"
+-           "sc $3, %1\n"
+-           "beq $3, 0, 1b\n"
+-           "2:"
+-           : "=&r"(orig)
+-           : "m"(*p), "r"(cmpval), "r"(val)
+-           : "memory", "$3"
+-               );
+       __asm__ __volatile__ (
+       "       .set    push            \n"
+       "       .set    mips2           \n"
+       "       .set    noreorder       \n"
+       "       .set    noat            \n"
+       "1:     ll      $1, %1          \n"
+       "       bne     $1, %3, 2f      \n"
+       "       move    %2, %4          \n"
+       "       sc      %2, %1          \n"
+       "       beqz    %2, 1b          \n"
+       "2:     move    %0, $1          \n"
+       "       .set    pop             \n"
+       : "=&r"(orig), "+R" (*p), "=r" (tmp)
+       : "r"(cmpval), "r"(val)
+       : "memory");
+ 
+        return (orig);
+ }
diff --git a/meta/recipes-connectivity/bind/bind/named.service b/meta/recipes-connectivity/bind/bind/named.service
new file mode 100644
index 0000000000..cda56ef015
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/named.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Berkeley Internet Name Domain (DNS)
+Wants=nss-lookup.target
+Before=nss-lookup.target
+After=network.target
+[Service]
+Type=forking
+EnvironmentFile=-/etc/default/bind9
+PIDFile=/run/named/named.pid
+ExecStartPre=@SBINDIR@/generate-rndc-key.sh
+ExecStart=@SBINDIR@/named $OPTIONS
+ExecReload=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc reload > /dev/null 2>&1 || @BASE_BINDIR@/kill -HUP $MAINPID'
+ExecStop=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc stop > /dev/null 2>&1 || @BASE_BINDIR@/kill -TERM $MAINPID'
+PrivateTmp=true
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/bind/bind_9.9.5.bb b/meta/recipes-connectivity/bind/bind_9.9.5.bb
new file mode 100644
index 0000000000..e206cc45d8
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind_9.9.5.bb
@@ -0,0 +1,99 @@
+SUMMARY = "ISC Internet Domain Name Server"
+HOMEPAGE = "http://www.isc.org/sw/bind/"
+SECTION = "console/network"
+LICENSE = "ISC & BSD"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=a3df5f651469919a0e6cb42f84fb6ff1"
+DEPENDS = "openssl libcap"
+SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
+           file://conf.patch \
+           file://cross-build-fix.patch \
+           file://make-etc-initd-bind-stop-work.patch \
+           file://mips1-not-support-opcode.diff \
+           file://dont-test-on-host.patch \
+           file://generate-rndc-key.sh \
+           file://named.service \
+           file://bind9 \
+           file://init.d-add-support-for-read-only-rootfs.patch \
+           file://bind9_9_5-CVE-2014-8500.patch \
+           file://bind9_9_5-CVE-2015-5477.patch \
+           "
+SRC_URI[md5sum] = "e676c65cad5234617ee22f48e328c24e"
+SRC_URI[sha256sum] = "d4b64c1dde442145a316679acff2df4008aa117ae52dfa3a6bc69efecc7840d1"
+# --enable-exportlib is necessary for building dhcp
+ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}"
+EXTRA_OECONF = " ${ENABLE_IPV6} --with-randomdev=/dev/random --disable-threads \
+                 --disable-devpoll --disable-epoll --with-gost=no \
+                 --with-gssapi=no --with-ecdsa=yes \
+                 --sysconfdir=${sysconfdir}/bind \
+                 --with-openssl=${STAGING_LIBDIR}/.. --with-libxml2=${STAGING_LIBDIR}/.. \
+                 --enable-exportlib --with-export-includedir=${includedir} --with-export-libdir=${libdir} \
+               "
+inherit autotools-brokensep update-rc.d systemd useradd
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --home /var/cache/bind --no-create-home \
+                       --user-group bind"
+INITSCRIPT_NAME = "bind"
+INITSCRIPT_PARAMS = "defaults"
+SYSTEMD_SERVICE_${PN} = "named.service"
+PARALLEL_MAKE = ""
+RDEPENDS_${PN} = "python-core"
+PACKAGE_BEFORE_PN += "${PN}-utils"
+FILES_${PN}-utils = "${bindir}/host ${bindir}/dig"
+FILES_${PN}-dev += "${bindir}/isc-config.h"
+FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
+do_install_prepend() {
+        # clean host path in isc-config.sh before the hardlink created
+        # by "make install":
+        #   bind9-config -> isc-config.sh
+        sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${S}/isc-config.sh
+}
+do_install_append() {
+        rm "${D}${bindir}/nslookup"
+        rm "${D}${mandir}/man1/nslookup.1"
+        rmdir "${D}${localstatedir}/run"
+        rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+        install -d "${D}${localstatedir}/cache/bind"
+        install -d "${D}${sysconfdir}/bind"
+        install -d "${D}${sysconfdir}/init.d"
+        install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
+        install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
+        sed -i -e '1s,#!.*python,#! /usr/bin/env python,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds
+        # Install systemd related files
+        install -d ${D}${localstatedir}/cache/bind
+        install -d ${D}${sbindir}
+        install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
+        install -d ${D}${systemd_unitdir}/system
+        install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system
+        sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+               -e 's,@SBINDIR@,${sbindir},g' \
+               ${D}${systemd_unitdir}/system/named.service
+        install -d ${D}${sysconfdir}/default
+        install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
+}
+CONFFILES_${PN} = " \
+        ${sysconfdir}/bind/named.conf \
+        ${sysconfdir}/bind/named.conf.local \
+        ${sysconfdir}/bind/named.conf.options \
+        ${sysconfdir}/bind/db.0 \
+        ${sysconfdir}/bind/db.127 \
+        ${sysconfdir}/bind/db.empty \
+        ${sysconfdir}/bind/db.local \
+        ${sysconfdir}/bind/db.root \
+        "
diff --git a/meta/recipes-connectivity/bluez/bluez-hcidump-2.5/obsolete_automake_macros.patch b/meta/recipes-connectivity/bluez/bluez-hcidump-2.5/obsolete_automake_macros.patch
new file mode 100644
index 0000000000..0c77f1a20d
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/bluez-hcidump-2.5/obsolete_automake_macros.patch
@@ -0,0 +1,14 @@
+Upstream-Status: Pending [package obsolete/not maintained by upstream]
+Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
+diff -Nurd bluez-hcidump-2.5/configure.ac bluez-hcidump-2.5/configure.ac
+--- bluez-hcidump-2.5/configure.ac      2012-11-30 10:29:41.000000000 +0200
+++ bluez-hcidump-2.5/configure.ac      2013-01-12 10:02:10.609511463 +0200
+@@ -2,7 +2,7 @@
+ AC_INIT(bluez-hcidump, 2.5)
+ AM_INIT_AUTOMAKE([foreign subdir-objects])
+-AM_CONFIG_HEADER(config.h)
+AC_CONFIG_HEADERS(config.h)
+ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
diff --git a/meta/recipes-connectivity/bluez/bluez-hcidump_2.5.bb b/meta/recipes-connectivity/bluez/bluez-hcidump_2.5.bb
new file mode 100644
index 0000000000..3950630a86
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/bluez-hcidump_2.5.bb
@@ -0,0 +1,22 @@
+SUMMARY = "Linux Bluetooth Stack HCI Debugger Tool"
+DESCRIPTION = "The hcidump tool reads raw HCI data coming from and going to a Bluetooth device \
+and displays the commands, events and data in a human-readable form."
+SECTION = "console"
+# hcidump was integrated into bluez5
+DEPENDS = "bluez4"
+RCONFLICTS_${PN} = "bluez5"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
+                    file://src/hcidump.c;beginline=1;endline=23;md5=3bee3a162dff43a5be7470710b99fbcf"
+PR = "r1"
+SRC_URI = "http://www.kernel.org/pub/linux/bluetooth/bluez-hcidump-${PV}.tar.gz \
+           file://obsolete_automake_macros.patch \
+"
+SRC_URI[md5sum] = "2eab54bbd2b59a2ed4274ebb9390cf18"
+SRC_URI[sha256sum] = "9b7c52b375081883738cf049ecabc103b97d094b19c6544fb241267905d88881"
+S = "${WORKDIR}/bluez-hcidump-${PV}"
+inherit autotools
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/bluetooth.conf b/meta/recipes-connectivity/bluez/bluez4-4.101/bluetooth.conf
new file mode 100644
index 0000000000..ca5e9e4f2f
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/bluez4-4.101/bluetooth.conf
@@ -0,0 +1,16 @@
+<!-- This configuration file specifies the required security policies
+     for Bluetooth core daemon to work. -->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <!-- ../system.conf have denied everything, so we just punch some holes -->
+  <policy context="default">
+    <allow own="org.bluez"/>
+    <allow send_destination="org.bluez"/>
+    <allow send_interface="org.bluez.Agent"/>
+  </policy>
+</busconfig>
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/fix-udev-paths.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/fix-udev-paths.patch
new file mode 100644
index 0000000000..80899148ee
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/bluez4-4.101/fix-udev-paths.patch
@@ -0,0 +1,37 @@
+Add udevdir/udevrulesdir options
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Constantin Musca <constantinx.musca@intel.com>
+Index: bluez-4.101/Makefile.am
+===================================================================
+--- bluez-4.101.orig/Makefile.am
+++ bluez-4.101/Makefile.am
+@@ -395,7 +395,7 @@ EXTRA_DIST += audio/bluetooth.conf
+ include Makefile.tools
+ 
+ if DATAFILES
+-rulesdir = @UDEV_DIR@/rules.d
+rulesdir = @UDEV_RULES_DIR@
+ 
+ udev_files =
+ 
+Index: bluez-4.101/configure.ac
+===================================================================
+--- bluez-4.101.orig/configure.ac
+++ bluez-4.101/configure.ac
+@@ -61,4 +61,14 @@ if (test -n "${path_systemdunit}"); then
+ fi
+ AM_CONDITIONAL(SYSTEMD, test -n "${path_systemdunit}")
+ 
+AC_ARG_WITH([udevdir],
+    AS_HELP_STRING([--with-udevdir=DIR], [udev directory]),
+    [], [with_udevdir=/lib/udev/])
+AC_SUBST([UDEV_DIR], [$with_udevdir])
+
+AC_ARG_WITH([udevrulesdir],
+    AS_HELP_STRING([--with-udevrulesdir=DIR], [udev rules directory]),
+    [], [with_udevrulesdir=/lib/udev/rules.d])
+AC_SUBST([UDEV_RULES_DIR], [$with_udevrulesdir])
+
+ AC_OUTPUT(Makefile doc/version.xml src/bluetoothd.8 src/bluetooth.service bluez.pc)
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/install-test-script.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/install-test-script.patch
new file mode 100644
index 0000000000..23f7d999b3
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/bluez4-4.101/install-test-script.patch
@@ -0,0 +1,26 @@
+Upstream-Status: Inappropriate
+Install the bluez's test scripts
+Signed-off-by: Zhong Hongbo <hongbo.zhong@windriver.com>
+diff -Nurd bluez-4.101.orig/Makefile.tools bluez-4.101/Makefile.tools
+--- bluez-4.101.orig/Makefile.tools     2013-11-19 15:49:07.688838000 +0800
+++ bluez-4.101/Makefile.tools  2013-11-19 15:50:09.256837848 +0800
+@@ -227,6 +227,17 @@
+                test/service-spp.xml test/service-opp.xml test/service-ftp.xml \
+                test/simple-player test/test-nap
+ 
+bluez4_testdir = $(libdir)/bluez4/test/
+dist_bluez4_test_SCRIPTS = test/sap-client test/hsplay test/hsmicro \
+               test/monitor-bluetooth test/list-devices \
+               test/test-discovery test/test-manager test/test-adapter \
+               test/test-device test/test-service test/test-serial \
+               test/test-telephony test/test-network test/simple-agent \
+               test/simple-service test/simple-endpoint test/test-audio \
+               test/test-input test/test-sap-server test/test-oob \
+               test/test-attrib test/test-proximity test/test-thermometer \
+               test/test-serial-proxy test/test-health test/test-health-sink \
+               test/simple-player test/test-nap
+ if HIDD
+ bin_PROGRAMS += compat/hidd
+ 
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/network-fix-network-Connect-method-parameters.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/network-fix-network-Connect-method-parameters.patch
new file mode 100644
index 0000000000..37f919926e
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/bluez4-4.101/network-fix-network-Connect-method-parameters.patch
@@ -0,0 +1,30 @@
+Upstream-Status: Backport
+Signed-off-by: Peter A. Bigot <pab@pabigot.com>
+From 57170b311f1468330f4a9961dc0b3ac45f97bc13 Mon Sep 17 00:00:00 2001
+From: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
+Date: Sat, 30 Jun 2012 00:39:05 -0300
+Subject: [PATCH] network: fix network Connect() method parameters
+---
+ network/connection.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/network/connection.c b/network/connection.c
+index 544ec3a..59423a9 100644
+--- a/network/connection.c
+++ b/network/connection.c
+@@ -554,7 +554,9 @@ static void path_unregister(void *data)
+ 
+ static const GDBusMethodTable connection_methods[] = {
+        { GDBUS_ASYNC_METHOD("Connect",
+-                       NULL, NULL, connection_connect) },
+                               GDBUS_ARGS({"uuid", "s"}),
+                               GDBUS_ARGS({"interface", "s"}),
+                               connection_connect) },
+        { GDBUS_METHOD("Disconnect",
+                        NULL, NULL, connection_disconnect) },
+        { GDBUS_METHOD("GetProperties",
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/obsolete_automake_macros.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/obsolete_automake_macros.patch
new file mode 100644
index 0000000000..1068f2482a
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/bluez4-4.101/obsolete_automake_macros.patch
@@ -0,0 +1,14 @@
+Upstream-Status: Backport
+Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
+diff -Nurd bluez-4.101/configure.ac bluez-4.101/configure.ac
+--- bluez-4.101/configure.ac    2012-06-22 19:36:49.000000000 +0300
+++ bluez-4.101/configure.ac    2013-01-07 06:13:18.385888966 +0200
+@@ -2,7 +2,7 @@
+ AC_INIT(bluez, 4.101)
+ AM_INIT_AUTOMAKE([foreign subdir-objects color-tests])
+-AM_CONFIG_HEADER(config.h)
+AC_CONFIG_HEADERS(config.h)
+ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/sbc_mmx.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/sbc_mmx.patch
new file mode 100644
index 0000000000..98fab458b0
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/bluez4-4.101/sbc_mmx.patch
@@ -0,0 +1,24 @@
+on x86 and x86_64 gcc 4.7 complains
+sbc/sbc_primitives_mmx.c: In function 'sbc_calc_scalefactors_mmx':
+sbc/sbc_primitives_mmx.c:294:4: warning: asm operand 2 probably doesn't match constraints [enabled by default]
+sbc/sbc_primitives_mmx.c:294:4: error: impossible constraint in 'asm'
+This patch is taken from https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/911871
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Pending
+Index: bluez-4.98/sbc/sbc_primitives_mmx.c
+===================================================================
+--- bluez-4.98.orig/sbc/sbc_primitives_mmx.c    2011-12-21 14:53:54.000000000 -0800
+++ bluez-4.98/sbc/sbc_primitives_mmx.c 2012-02-24 10:07:03.422073800 -0800
+@@ -318,7 +318,7 @@
+                                "movl          %k0, 4(%3)\n"
+                        : "+r" (blk)
+                        : "r" (&sb_sample_f[0][ch][sb]),
+-                               "i" ((char *) &sb_sample_f[1][0][0] -
+                               "r" ((char *) &sb_sample_f[1][0][0] -
+                                        (char *) &sb_sample_f[0][0][0]),
+                                "r" (&scale_factor[ch][sb]),
+                                "r" (&consts),
diff --git a/meta/recipes-connectivity/bluez/bluez4-4.101/use-legacy-pygobject-instead-ofgobject-introspection.patch b/meta/recipes-connectivity/bluez/bluez4-4.101/use-legacy-pygobject-instead-ofgobject-introspection.patch
new file mode 100644
index 0000000000..37037f52e3
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/bluez4-4.101/use-legacy-pygobject-instead-ofgobject-introspection.patch
@@ -0,0 +1,27 @@
+Upstream-Status: Inappropriate
+use legacy pygobject instead of gobject-introspection
+Signed-off-by: Zhong Hongbo <hongbo.zhong@windriver.com>
+---
+diff -Nurd bluez-4.101.orig/test/simple-agent bluez-4.101/test/simple-agent
+--- bluez-4.101.orig/test/simple-agent  2013-11-13 17:14:08.138118159 +0800
+++ bluez-4.101/test/simple-agent       2013-11-13 17:14:29.034118107 +0800
+@@ -2,7 +2,7 @@
+ 
+ from __future__ import absolute_import, print_function, unicode_literals
+ 
+-from gi.repository import GObject
+import gobject
+ 
+ import sys
+ import dbus
+@@ -122,7 +122,7 @@
+        path = "/test/agent"
+        agent = Agent(bus, path)
+ 
+-       mainloop = GObject.MainLoop()
+       mainloop = gobject.MainLoop()
+ 
+        if len(args) > 1:
+                if len(args) > 2:
diff --git a/meta/recipes-connectivity/bluez/bluez4.inc b/meta/recipes-connectivity/bluez/bluez4.inc
new file mode 100644
index 0000000000..11c961617a
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/bluez4.inc
@@ -0,0 +1,46 @@
+SUMMARY = "Linux Bluetooth Stack Userland V4"
+DESCRIPTION = "Linux Bluetooth stack V4 userland components.  These include a system configurations, daemons, tools and system libraries."
+HOMEPAGE = "http://www.bluez.org"
+SECTION = "libs"
+LICENSE = "GPLv2+ & LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
+                    file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
+                    file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e \
+                    file://sbc/sbc.c;beginline=1;endline=25;md5=1a40781ed30d50d8639323a184aeb191"
+DEPENDS = "udev libusb dbus-glib glib-2.0 libcheck readline libsndfile1"
+RDEPENDS_${PN}-dev = "bluez-hcidump"
+PACKAGECONFIG ??= "\
+    ${@bb.utils.contains('DISTRO_FEATURES', 'alsa', 'alsa', '', d)}\
+    ${@bb.utils.contains('DISTRO_FEATURES', 'pie', 'pie', '', d)}\
+"
+PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib"
+PACKAGECONFIG[pie] = "--enable-pie,--disable-pie,"
+ASNEEDED = ""
+SRC_URI = "\
+  ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.gz \
+"
+S = "${WORKDIR}/bluez-${PV}"
+inherit autotools-brokensep pkgconfig
+EXTRA_OECONF = "\
+  --disable-gstreamer \
+  --enable-usb \
+  --enable-tools \
+  --enable-bccmd \
+  --enable-hid2hci \
+  --enable-dfutool \
+  --disable-hidd \
+  --disable-pand \
+  --disable-dund \
+  --disable-cups \
+  --enable-test \
+  --enable-datafiles \
+  --with-udevdir=`pkg-config --variable=udevdir udev` \
+  --with-udevrulesdir=`pkg-config --variable=udevdir udev`/rules.d \
+"
+EXCLUDE_FROM_WORLD = "1"
diff --git a/meta/recipes-connectivity/bluez/bluez4_4.101.bb b/meta/recipes-connectivity/bluez/bluez4_4.101.bb
new file mode 100644
index 0000000000..28a94ed127
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/bluez4_4.101.bb
@@ -0,0 +1,46 @@
+require bluez4.inc
+PR = "r11"
+SRC_URI += "file://bluetooth.conf \
+            file://sbc_mmx.patch \
+            file://fix-udev-paths.patch \
+            file://obsolete_automake_macros.patch \
+            file://network-fix-network-Connect-method-parameters.patch \
+            file://install-test-script.patch \
+            file://use-legacy-pygobject-instead-ofgobject-introspection.patch \
+"
+SRC_URI[md5sum] = "fb42cb7038c380eb0e2fa208987c96ad"
+SRC_URI[sha256sum] = "59738410ade9f0e61a13c0f77d9aaffaafe49ba9418107e4ad75fe52846f7487"
+RCONFLICTS_${PN} = "bluez5"
+do_install_append() {
+        install -m 0644 ${S}/audio/audio.conf ${D}/${sysconfdir}/bluetooth/
+        install -m 0644 ${S}/network/network.conf ${D}/${sysconfdir}/bluetooth/
+        install -m 0644 ${S}/input/input.conf ${D}/${sysconfdir}/bluetooth/
+        # at_console doesn't really work with the current state of OE, so punch some more holes so people can actually use BT
+        install -m 0644 ${WORKDIR}/bluetooth.conf ${D}/${sysconfdir}/dbus-1/system.d/
+}
+RDEPENDS_${PN}-dev = "bluez-hcidump"
+RDEPENDS_${PN}-testtools += "python python-dbus python-pygobject"
+ALLOW_EMPTY_libasound-module-bluez = "1"
+PACKAGES =+ "libasound-module-bluez ${PN}-testtools"
+FILES_libasound-module-bluez = "${libdir}/alsa-lib/lib*.so ${datadir}/alsa"
+FILES_${PN} += "${libdir}/bluetooth/plugins ${libdir}/bluetooth/plugins/*.so ${base_libdir}/udev/ ${nonarch_base_libdir}/udev/ ${systemd_unitdir}/ ${datadir}/dbus-1"
+FILES_${PN}-dev += "\
+  ${libdir}/bluetooth/plugins/*.la \
+  ${libdir}/alsa-lib/*.la \
+"
+FILES_${PN}-testtools = "${libdir}/bluez4/test/*"
+FILES_${PN}-dbg += "\
+  ${libdir}/bluetooth/plugins/.debug \
+  ${libdir}/*/.debug \
+  */udev/.debug \
+  "
diff --git a/meta/recipes-connectivity/bluez/gst-plugin-bluetooth_4.101.bb b/meta/recipes-connectivity/bluez/gst-plugin-bluetooth_4.101.bb
new file mode 100644
index 0000000000..f2dc0da06c
--- /dev/null
+++ b/meta/recipes-connectivity/bluez/gst-plugin-bluetooth_4.101.bb
@@ -0,0 +1,38 @@
+require bluez4.inc
+require recipes-multimedia/gstreamer/gst-plugins-package.inc
+PR = "r1"
+SRC_URI[md5sum] = "fb42cb7038c380eb0e2fa208987c96ad"
+SRC_URI[sha256sum] = "59738410ade9f0e61a13c0f77d9aaffaafe49ba9418107e4ad75fe52846f7487"
+DEPENDS = "bluez4 gst-plugins-base"
+EXTRA_OECONF = "\
+  --enable-gstreamer \
+"
+# clean unwanted files
+do_install_append() {
+        rm -rf ${D}${bindir}
+        rm -rf ${D}${sbindir}
+        rm -f  ${D}${libdir}/lib*
+        rm -rf ${D}${libdir}/pkgconfig
+        rm -rf ${D}${sysconfdir}
+        rm -rf ${D}${base_libdir}
+        rm -rf ${D}${libdir}/bluetooth
+        rm -rf ${D}${localstatedir}
+        rm -rf ${D}${libdir}/alsa-lib
+        rm -rf ${D}${datadir}
+        rm -rf ${D}${includedir}
+}
+FILES_${PN} = "${libdir}/gstreamer-0.10/lib*.so"
+FILES_${PN}-dev += "\
+  ${libdir}/gstreamer-0.10/*.la \
+"
+FILES_${PN}-dbg += "\
+  ${libdir}/*/.debug \
+"
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
new file mode 100644
index 0000000000..b385a916ef
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -0,0 +1,79 @@
+SUMMARY = "Linux Bluetooth Stack Userland V5"
+DESCRIPTION = "Linux Bluetooth stack V5 userland components.  These include a system configurations, daemons, tools and system libraries."
+HOMEPAGE = "http://www.bluez.org"
+SECTION = "libs"
+LICENSE = "GPLv2+ & LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
+                    file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
+                    file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e"
+DEPENDS = "udev libusb dbus-glib glib-2.0 libcheck readline"
+PROVIDES += "bluez-hcidump"
+RPROVIDES_${PN} += "bluez-hcidump"
+RCONFLICTS_${PN} = "bluez4"
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'alsa', 'alsa', '', d)} obex-profiles"
+PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical"
+SRC_URI = "\
+    ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
+    file://bluetooth.conf \
+"
+S = "${WORKDIR}/bluez-${PV}"
+inherit autotools-brokensep pkgconfig systemd
+EXTRA_OECONF = "\
+  --enable-tools \
+  --disable-cups \
+  --enable-test \
+  --enable-datafiles \
+  ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdunitdir=${systemd_unitdir}/system/', '--disable-systemd', d)} \
+  --enable-library \
+"
+do_install_append() {
+        install -d ${D}${sysconfdir}/bluetooth/
+        if [ -f ${S}/profiles/audio/audio.conf ]; then
+            install -m 0644 ${S}/profiles/audio/audio.conf ${D}/${sysconfdir}/bluetooth/
+        fi
+        if [ -f ${S}/profiles/network/network.conf ]; then
+            install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/
+        fi
+        if [ -f ${S}/profiles/input/input.conf ]; then
+            install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
+        fi
+        # at_console doesn't really work with the current state of OE, so punch some more holes so people can actually use BT
+        install -m 0644 ${WORKDIR}/bluetooth.conf ${D}/${sysconfdir}/dbus-1/system.d/
+}
+ALLOW_EMPTY_libasound-module-bluez = "1"
+PACKAGES =+ "libasound-module-bluez ${PN}-testtools ${PN}-obex"
+FILES_libasound-module-bluez = "${libdir}/alsa-lib/lib*.so ${datadir}/alsa"
+FILES_${PN} += "${libdir}/bluetooth/plugins ${libdir}/bluetooth/plugins/*.so ${base_libdir}/udev/ ${nonarch_base_libdir}/udev/ ${systemd_unitdir}/ ${datadir}/dbus-1"
+FILES_${PN}-dev += "\
+  ${libdir}/bluetooth/plugins/*.la \
+  ${libdir}/alsa-lib/*.la \
+"
+FILES_${PN}-obex = "${libdir}/bluez5/bluetooth/obexd \
+                    ${exec_prefix}/lib/systemd/user/obex.service \
+                    ${datadir}/dbus-1/services/org.bluez.obex.service \
+                   "
+SYSTEMD_SERVICE_${PN}-obex = "obex.service"
+FILES_${PN}-testtools = "${libdir}/bluez/test/*"
+FILES_${PN}-dbg += "\
+  ${libdir}/${BPN}/bluetooth/.debug \
+  ${libdir}/bluetooth/plugins/.debug \
+  ${libdir}/*/.debug \
+  */udev/.debug \
+  "
+RDEPENDS_${PN}-testtools += "python python-dbus python-pygobject"
+SYSTEMD_SERVICE_${PN} = "bluetooth.service"
+EXCLUDE_FROM_WORLD = "1"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/bluetooth.conf b/meta/recipes-connectivity/bluez5/bluez5/bluetooth.conf
new file mode 100644
index 0000000000..26845bb73c
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/bluetooth.conf
@@ -0,0 +1,17 @@
+<!-- This configuration file specifies the required security policies
+     for Bluetooth core daemon to work. -->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <!-- ../system.conf have denied everything, so we just punch some holes -->
+  <policy context="default">
+    <allow own="org.bluez"/>
+    <allow send_destination="org.bluez"/>
+    <allow send_interface="org.bluez.Agent1"/>
+    <allow send_type="method_call"/>
+  </policy>
+</busconfig>
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.22.bb b/meta/recipes-connectivity/bluez5/bluez5_5.22.bb
new file mode 100644
index 0000000000..04116ed9d0
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.22.bb
@@ -0,0 +1,3 @@
+require bluez5.inc
+SRC_URI[md5sum] = "fd0783c8bc524bc9b26514aad1f85814"
+SRC_URI[sha256sum] = "e8b866515a18116c7048a55081be9238a51447c9448ed20997b0432b13ba0882"
diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb
new file mode 100644
index 0000000000..af726401e2
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-conf.bb
@@ -0,0 +1,24 @@
+SUMMARY = "Connman config to setup wired interface on qemu machines"
+DESCRIPTION = "This is the ConnMan configuration to set up a Wired \
+network interface for a qemu machine."
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+SRC_URI_append_qemuall = "file://wired.config \
+                          file://wired-setup \
+                         "
+PR = "r2"
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+FILES_${PN} = "${localstatedir}/* ${libdir}/*"
+do_install() {
+    #Configure Wired network interface in case of qemu* machines
+    if test -e ${WORKDIR}/wired.config && test -e ${WORKDIR}/wired-setup; then
+        install -d ${D}${localstatedir}/lib/connman
+        install -m 0644 ${WORKDIR}/wired.config ${D}${localstatedir}/lib/connman
+        install -d ${D}${libdir}/connman
+        install -m 0755 ${WORKDIR}/wired-setup ${D}${libdir}/connman
+    fi
+}
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup
new file mode 100644
index 0000000000..c46899ef32
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup
@@ -0,0 +1,16 @@
+#!/bin/sh
+CONFIGF=/var/lib/connman/wired.config
+# Extract wired network config from /proc/cmdline
+NET_CONF=`cat /proc/cmdline |sed -ne 's/^.*ip=\([^ ]*\):\([^ ]*\):\([^ ]*\):\([^ ]*\).*$/\1\/\4\/\3/p'`
+# Check if eth0 is already set via kernel cmdline
+if [ "x$NET_CONF" = "x" ]; then
+        # Wired interface is not configured via kernel cmdline
+        # Remove connman config file template
+        rm -f ${CONFIGF}
+else
+        # Setup a connman config accordingly
+        sed -i -e "s|^IPv4 =.*|IPv4 = ${NET_CONF}|" ${CONFIGF}
+fi
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config
new file mode 100644
index 0000000000..42998ce897
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config
@@ -0,0 +1,9 @@
+[global]
+Name = Wired
+Description = Wired network configuration
+[service_ethernet]
+Type = ethernet
+IPv4 =
+MAC = 52:54:00:12:34:56
+Nameservers = 8.8.8.8
diff --git a/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch b/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch
new file mode 100644
index 0000000000..4f36b95601
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch
@@ -0,0 +1,35 @@
+From 5907a23ad2f49702960a33f9e2039552673eabc7 Mon Sep 17 00:00:00 2001
+From: Andrei Dinu <andrei.adrianx.dinu@intel.com>
+Date: Mon, 17 Dec 2012 14:01:18 +0200
+Subject: [PATCH] Removed icon from connman-gnome "about" applet
+The connman-gnome "about" applet showed a picture that
+can not be displayed. There is no designated picture
+in connman-gnome to be used in the about section, so
+it was removed.
+[OE-Core #2509]
+Upstream-Status : Pending
+Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
+---
+ applet/main.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/applet/main.c b/applet/main.c
+index f12d371..c7b3c7f 100644
+--- a/applet/main.c
+++ b/applet/main.c
+@@ -212,7 +212,7 @@ static void about_callback(GtkWidget *item, gpointer user_data)
+                        "comments", _("A connection manager for the GNOME desktop"),
+                        "authors", authors,
+                        "translator-credits", _("translator-credits"),
+-                       "logo-icon-name", "network-wireless", NULL);
+                       NULL);
+ }
+ 
+ static void settings_callback(GtkWidget *item, gpointer user_data)
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch b/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch
new file mode 100644
index 0000000000..0be516f054
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-gnome/connman-gnome-fix-dbus-interface-name.patch
@@ -0,0 +1,186 @@
+connman-gnome: fix dbus interface name
+This patch resolves following error:
+"connman-dbus.xml": "connman" is not a valid D-Bus interface name
+https://502552.bugs.gentoo.org/attachment.cgi?id=380652
+Upstream-Status: Backport
+Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
+---
+ common/connman-client.c | 24 ++++++++++++------------
+ common/connman-client.h |  4 ++--
+ common/connman-dbus.c   |  6 +++---
+ common/connman-dbus.xml |  2 +-
+ 4 files changed, 18 insertions(+), 18 deletions(-)
+diff --git a/common/connman-client.c b/common/connman-client.c
+index c55e25c..9d818b2 100644
+--- a/common/connman-client.c
+++ b/common/connman-client.c
+@@ -289,7 +289,7 @@ gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device,
+        g_value_init(&value, DBUS_TYPE_G_DICTIONARY);
+        g_value_set_boxed(&value, ipv4);
+-       ret = connman_set_property(proxy, "IPv4.Configuration", &value, NULL);
+       ret = net_connman_set_property(proxy, "IPv4.Configuration", &value, NULL);
+        g_object_unref(proxy);
+@@ -317,7 +317,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device,
+        g_value_set_boolean(&value, powered);
+        error = NULL;
+-       connman_set_property(proxy, "Powered", &value, &error);
+       net_connman_set_property(proxy, "Powered", &value, &error);
+        if( error )
+                fprintf (stderr, "error: %s\n", error->message);
+@@ -325,7 +325,7 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device,
+ }
+ void connman_client_scan(ConnmanClient *client, const gchar *device,
+-                                               connman_scan_reply callback, gpointer user_data)
+                                               net_connman_scan_reply callback, gpointer user_data)
+ {
+        ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client);
+        DBusGProxy *proxy;
+@@ -339,7 +339,7 @@ void connman_client_scan(ConnmanClient *client, const gchar *device,
+        if (proxy == NULL)
+                return;
+-       connman_scan_async(proxy, callback, user_data);
+       net_connman_scan_async(proxy, callback, user_data);
+        g_object_unref(proxy);
+ }
+@@ -353,7 +353,7 @@ gboolean connman_client_get_offline_status(ConnmanClient *client)
+        DBG("client %p", client);
+-       ret = connman_get_properties(priv->manager, &hash, NULL);
+       ret = net_connman_get_properties(priv->manager, &hash, NULL);
+        if (ret == FALSE)
+                goto done;
+@@ -375,7 +375,7 @@ void connman_client_set_offlinemode(ConnmanClient *client, gboolean status)
+        g_value_init(&value, G_TYPE_BOOLEAN);
+        g_value_set_boolean(&value, status);
+-       connman_set_property(priv->manager, "OfflineMode", &value, NULL);
+       net_connman_set_property(priv->manager, "OfflineMode", &value, NULL);
+ }
+ static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path,
+@@ -398,7 +398,7 @@ static gboolean network_disconnect(GtkTreeModel *model, GtkTreePath *path,
+                return TRUE;
+        if (type == CONNMAN_TYPE_WIFI)
+-               connman_disconnect(proxy, NULL);
+               net_connman_disconnect(proxy, NULL);
+        g_object_unref(proxy);
+@@ -422,13 +422,13 @@ void connman_client_connect(ConnmanClient *client, const gchar *network)
+        if (proxy == NULL)
+                return;
+-       connman_connect(proxy, NULL);
+       net_connman_connect(proxy, NULL);
+        g_object_unref(proxy);
+ }
+ void connman_client_connect_async(ConnmanClient *client, const gchar *network,
+-               connman_connect_reply callback, gpointer userdata)
+               net_connman_connect_reply callback, gpointer userdata)
+ {
+        ConnmanClientPrivate *priv = CONNMAN_CLIENT_GET_PRIVATE(client);
+        DBusGProxy *proxy;
+@@ -446,7 +446,7 @@ void connman_client_connect_async(ConnmanClient *client, const gchar *network,
+        if (proxy == NULL)
+                goto done;
+-       connman_connect_async(proxy, callback, userdata);
+       net_connman_connect_async(proxy, callback, userdata);
+ done:
+        return;
+@@ -476,7 +476,7 @@ void connman_client_disconnect(ConnmanClient *client, const gchar *network)
+        if (proxy == NULL)
+                return;
+-       connman_disconnect(proxy, NULL);
+       net_connman_disconnect(proxy, NULL);
+        g_object_unref(proxy);
+ }
+@@ -532,7 +532,7 @@ void connman_client_remove(ConnmanClient *client, const gchar *network)
+        if (proxy == NULL)
+                return;
+-       connman_remove(proxy, NULL);
+       net_connman_remove(proxy, NULL);
+        g_object_unref(proxy);
+ }
+diff --git a/common/connman-client.h b/common/connman-client.h
+index 9e2e6d5..98241de 100644
+--- a/common/connman-client.h
+++ b/common/connman-client.h
+@@ -70,13 +70,13 @@ void connman_client_set_powered(ConnmanClient *client, const gchar *device,
+ gboolean connman_client_set_ipv4(ConnmanClient *client, const gchar *device,
+                                struct ipv4_config *ipv4_config);
+ void connman_client_scan(ConnmanClient *client, const gchar *device,
+-                                                       connman_scan_reply callback, gpointer user_data);
+                                                       net_connman_scan_reply callback, gpointer user_data);
+ void connman_client_connect(ConnmanClient *client, const gchar *network);
+ void connman_client_disconnect(ConnmanClient *client, const gchar *network);
+ gchar *connman_client_get_security(ConnmanClient *client, const gchar *network);
+ void connman_client_connect_async(ConnmanClient *client, const gchar *network,
+-                               connman_connect_reply callback, gpointer userdata);
+                               net_connman_connect_reply callback, gpointer userdata);
+ void connman_client_set_remember(ConnmanClient *client, const gchar *network,
+                                                        gboolean remember);
+diff --git a/common/connman-dbus.c b/common/connman-dbus.c
+index b82b3e1..543eb43 100644
+--- a/common/connman-dbus.c
+++ b/common/connman-dbus.c
+@@ -655,15 +655,15 @@ DBusGProxy *connman_dbus_create_manager(DBusGConnection *conn,
+        DBG("getting manager properties");
+-       connman_get_properties_async(proxy, manager_properties, store);
+       net_connman_get_properties_async(proxy, manager_properties, store);
+        DBG("getting technologies");
+-       connman_get_technologies_async(proxy, manager_technologies, store);
+       net_connman_get_technologies_async(proxy, manager_technologies, store);
+        DBG("getting services");
+-       connman_get_services_async(proxy, manager_services, store);
+       net_connman_get_services_async(proxy, manager_services, store);
+        return proxy;
+ }
+diff --git a/common/connman-dbus.xml b/common/connman-dbus.xml
+index 56b9582..0199d52 100644
+--- a/common/connman-dbus.xml
+++ b/common/connman-dbus.xml
+@@ -1,7 +1,7 @@
+ <?xml version="1.0" encoding="UTF-8" ?>
+ <node name="/">
+-  <interface name="connman">
+  <interface name="net.connman">
+     <method name="GetProperties">
+       <arg type="a{sv}" direction="out"/>
+     </method>
+--
+1.9.1
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png
new file mode 100644
index 0000000000..33247c1e2d
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-01.png
Binary files differ
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png
new file mode 100644
index 0000000000..a94fb952ff
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-02.png
Binary files differ
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png
new file mode 100644
index 0000000000..b5eb405a90
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-03.png
Binary files differ
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png
new file mode 100644
index 0000000000..be54419fa7
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-04.png
Binary files differ
diff --git a/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png
new file mode 100644
index 0000000000..1c40ac9a10
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-gnome/images/connman-signal-05.png
Binary files differ
diff --git a/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch b/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch
new file mode 100644
index 0000000000..0421cda0b2
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-gnome/null_check_for_ipv4_config.patch
@@ -0,0 +1,36 @@
+In networks that don't have a DHCP server configured, ipv4 address
+allocation fails and the ipv4 structure doesn't get populated. When
+the GUI is trying to read the ipv4_config.method field to see whether
+it contains "dhcp" string, a segmentation fault is generated.
+Ethernet manual configuration behavior remains unchanged after this fix.
+Upstream-Status: Pending
+Signed-off-by: Emilia Ciobanu <emilia.maria.silvia.ciobanu@intel.com>
+Index: git/properties/ethernet.c
+===================================================================
+--- git.orig/properties/ethernet.c
+++ git/properties/ethernet.c
+@@ -194,7 +194,7 @@ void add_ethernet_service(GtkWidget *mai
+        data->button = button;
+-       if (g_str_equal(ipv4_config.method, "dhcp") == TRUE)
+       if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE)
+                update_ethernet_ipv4(data, CONNMAN_POLICY_DHCP);
+        else
+                update_ethernet_ipv4(data, CONNMAN_POLICY_MANUAL);
+Index: git/properties/wifi.c
+===================================================================
+--- git.orig/properties/wifi.c
+++ git/properties/wifi.c
+@@ -230,7 +230,7 @@ static void wifi_ipconfig(GtkWidget *tab
+        data->ipv4_config = ipv4_config;
+-       if (g_str_equal(ipv4_config.method, "dhcp") == TRUE)
+       if (!ipv4_config.method || g_str_equal(ipv4_config.method, "dhcp") == TRUE)
+                update_wifi_ipv4(data, CONNMAN_POLICY_DHCP);
+        else
+                update_wifi_ipv4(data, CONNMAN_POLICY_MANUAL);
diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
new file mode 100644
index 0000000000..f5575d2938
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -0,0 +1,28 @@
+SUMMARY = "GTK+ frontend for the ConnMan network connection manager"
+HOMEPAGE = "http://connman.net/"
+SECTION = "libs/network"
+LICENSE = "GPLv2 & LGPLv2.1"
+LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
+                    file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \
+                    file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a"
+DEPENDS = "gtk+ dbus-glib intltool-native"
+# 0.7 tag
+SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143"
+SRC_URI = "git://github.com/connectivity/connman-gnome.git \
+           file://0001-Removed-icon-from-connman-gnome-about-applet.patch \
+           file://null_check_for_ipv4_config.patch \
+           file://images/* \
+           file://connman-gnome-fix-dbus-interface-name.patch \
+          "
+S = "${WORKDIR}/git"
+inherit autotools-brokensep gtk-icon-cache pkgconfig
+RDEPENDS_${PN} = "connman"
+do_install_append() {
+    install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/
+}
diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc
new file mode 100644
index 0000000000..f121a81f1e
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -0,0 +1,215 @@
+SUMMARY = "A daemon for managing internet connections within embedded devices"
+DESCRIPTION = "The ConnMan project provides a daemon for managing \
+internet connections within embedded devices running the Linux \
+operating system.  The Connection Manager is designed to be slim and \
+to use as few resources as possible, so it can be easily integrated. \
+It is a fully modular system that can be extended, through plug-ins, \
+to support all kinds of wired or wireless technologies. Also, \
+configuration methods, like DHCP and domain name resolving, are \
+implemented using plug-ins."
+HOMEPAGE = "http://connman.net/"
+BUGTRACKER = "https://01.org/jira/browse/CM"
+LICENSE  = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
+                    file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36"
+DEPENDS  = "dbus glib-2.0 ppp iptables"
+INC_PR = "r20"
+EXTRA_OECONF += "\
+    ac_cv_path_WPASUPPLICANT=${sbindir}/wpa_supplicant \
+    ac_cv_path_PPPD=${sbindir}/pppd \
+    --enable-debug \
+    --enable-loopback \
+    --enable-ethernet \
+    --enable-tools \
+    --enable-test \
+    --disable-polkit \
+    --enable-client \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdunitdir=${systemd_unitdir}/system/', '--with-systemdunitdir=', d)} \
+"
+PACKAGECONFIG ??= "wispr \
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wifi', '', d)} \
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth','bluetooth', '', d)} \
+                   ${@bb.utils.contains('DISTRO_FEATURES', '3g','3g', '', d)} \
+"
+# If you want ConnMan to support VPN, add following statement into
+# local.conf or distro config
+# PACKAGECONFIG_append_pn-connman = " openvpn vpnc l2tp pptp"
+PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant"
+PACKAGECONFIG[bluetooth] = "--enable-bluetooth, --disable-bluetooth, bluez4"
+PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono"
+PACKAGECONFIG[tist] = "--enable-tist,--disable-tist,"
+PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn"
+PACKAGECONFIG[vpnc] = "--enable-vpnc --with-vpnc=${sbindir}/vpnc,--disable-vpnc,,vpnc"
+PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2tp,,xl2tpd"
+PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux"
+# WISPr support for logging into hotspots, requires TLS
+PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls,"
+INITSCRIPT_NAME = "connman"
+INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ."
+python __anonymous () {
+    systemd_packages = "${PN}"
+    pkgconfig = d.getVar('PACKAGECONFIG', True)
+    if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split():
+        systemd_packages += " ${PN}-vpn"
+    d.setVar('SYSTEMD_PACKAGES', systemd_packages)
+}
+SYSTEMD_SERVICE_${PN} = "connman.service"
+SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service"
+SYSTEMD_WIRED_SETUP = "ExecStartPre=-${libdir}/connman/wired-setup"
+inherit autotools-brokensep pkgconfig systemd update-rc.d
+do_configure_append () {
+        sed -i "s#ExecStart=#${SYSTEMD_WIRED_SETUP}\nExecStart=#" ${S}/src/connman.service
+}
+# This allows *everyone* to access ConnMan over DBus, without any access
+# control.  Really the at_console flag should work, which would mean that
+# both this and the xuser patch can be dropped.
+do_compile_append() {
+        sed -i -e s:deny:allow:g src/connman-dbus.conf
+        sed -i -e s:deny:allow:g vpn/vpn-dbus.conf
+}
+do_install_append() {
+        if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
+                install -d ${D}${sysconfdir}/init.d
+                install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman
+                sed -i s%@LIBDIR@%${libdir}% ${D}${sysconfdir}/init.d/connman
+        fi
+        install -d ${D}${bindir}
+        install -m 0755 ${S}/tools/*-test ${D}${bindir}
+        if [ -e ${S}/tools/wispr ]; then
+                install -m 0755 ${S}/tools/wispr ${D}${bindir}
+        fi
+        install -m 0755 ${B}/client/connmanctl ${D}${bindir}
+        # We don't need to package an empty directory
+        rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts
+        # Automake 1.12 won't install empty directories, but we need the
+        # plugins directory to be present for ownership
+        mkdir -p ${D}${libdir}/connman/plugins
+}
+# These used to be plugins, but now they are core
+RPROVIDES_${PN} = "\
+        connman-plugin-loopback \
+        connman-plugin-ethernet \
+        ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \
+        ${@bb.utils.contains('PACKAGECONFIG', 'wifi','connman-plugin-wifi', '', d)} \
+        ${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \
+        "
+RDEPENDS_${PN} = "\
+        dbus \
+        ${@bb.utils.contains('PACKAGECONFIG', 'bluetooth', 'bluez4', '', d)} \
+        ${@bb.utils.contains('PACKAGECONFIG', 'wifi','wpa-supplicant', '', d)} \
+        ${@bb.utils.contains('PACKAGECONFIG', '3g','ofono', '', d)} \
+        xuser-account \
+        "
+PACKAGES_DYNAMIC += "^${PN}-plugin-.*"
+def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip):
+    plugintype = pkg.split( '-' )[-1]
+    if plugintype in depmap:
+        rdepends = map(lambda x: multilib_prefix + x, \
+                       depmap[plugintype].split())
+        d.setVar("RDEPENDS_%s" % pkg, " ".join(rdepends))
+    if add_insane_skip:
+        d.appendVar("INSANE_SKIP_%s" % pkg, "dev-so")
+python populate_packages_prepend() {
+    depmap = dict(pppd="ppp")
+    multilib_prefix = (d.getVar("MLPREFIX", True) or "")
+    hook = lambda file,pkg,x,y,z: \
+        add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False)
+    plugin_dir = d.expand('${libdir}/connman/plugins/')
+    plugin_name = d.expand('${PN}-plugin-%s')
+    do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+        '${PN} plugin for %s', extra_depends='', hook=hook, prepend=True )
+    hook = lambda file,pkg,x,y,z: \
+        add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True)
+    plugin_dir = d.expand('${libdir}/connman/plugins-vpn/')
+    plugin_name = d.expand('${PN}-plugin-vpn-%s')
+    do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+        '${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True )
+}
+PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client"
+FILES_${PN}-tools = "${bindir}/wispr"
+FILES_${PN}-tests = "${bindir}/*-test ${libdir}/${BPN}/test/*"
+RDEPENDS_${PN}-tests = "python-dbus python-pygobject python-textutils python-subprocess python-fcntl python-netclient"
+FILES_${PN}-client = "${bindir}/connmanctl"
+FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \
+            ${libdir}/connman/plugins \
+            ${sysconfdir} ${sharedstatedir} ${localstatedir} \
+            ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \
+            ${datadir}/dbus-1/system-services/*"
+FILES_${PN}-dbg += "${libdir}/connman/*/.debug"
+FILES_${PN}-dev += "${libdir}/connman/*/*.la"
+PACKAGES =+ "${PN}-vpn"
+SUMMARY_${PN}-vpn = "A daemon for managing VPN connections within embedded devices"
+DESCRIPTION_${PN}-vpn = "The ConnMan VPN provides a daemon for \
+managing VPN connections within embedded devices running the Linux \
+operating system.  The connman-vpnd handles all the VPN connections \
+and starts/stops VPN client processes when necessary. The connman-vpnd \
+provides a DBus API for managing VPN connections. All the different \
+VPN technogies are implemented using plug-ins."
+FILES_${PN}-vpn += "${sbindir}/connman-vpnd \
+                    ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \
+                    ${datadir}/dbus-1/system-services/net.connman.vpn.service \
+                    ${systemd_unitdir}/system/connman-vpn.service"
+SUMMARY_${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN"
+DESCRIPTION_${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \
+to create a VPN connection to OpenVPN server."
+FILES_${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \
+                                   ${libdir}/connman/plugins-vpn/openvpn.so"
+RDEPENDS_${PN}-plugin-vpn-openvpn += "${PN}-vpn"
+RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}"
+SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN"
+DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \
+to create a VPN connection to Cisco3000 VPN Concentrator."
+FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \
+                                ${libdir}/connman/plugins-vpn/vpnc.so"
+RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn"
+RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}"
+SUMMARY_${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN"
+DESCRIPTION_${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \
+to create a VPN connection to L2TP server."
+FILES_${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \
+                                ${libdir}/connman/plugins-vpn/l2tp.so"
+RDEPENDS_${PN}-plugin-vpn-l2tp += "${PN}-vpn"
+RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}"
+SUMMARY_${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN"
+DESCRIPTION_${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \
+to create a VPN connection to PPTP server."
+FILES_${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \
+                                ${libdir}/connman/plugins-vpn/pptp.so"
+RDEPENDS_${PN}-plugin-vpn-pptp += "${PN}-vpn"
+RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}"
diff --git a/meta/recipes-connectivity/connman/connman/0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch b/meta/recipes-connectivity/connman/connman/0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch
new file mode 100644
index 0000000000..e6f03e632e
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch
@@ -0,0 +1,35 @@
+From 4ddaf78dad5a9ee4a0658235f71b75132192123e Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 7 Apr 2012 18:52:12 -0700
+Subject: [PATCH] plugin.h: Change visibility to default for debug symbols
+gold refuses to link in undefined weak symbols which
+have hidden visibility
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Pending
+---
+ include/plugin.h |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+diff --git a/include/plugin.h b/include/plugin.h
+index 692a4e5..a9361c3 100644
+--- a/include/plugin.h
+++ b/include/plugin.h
+@@ -89,9 +89,9 @@ struct connman_plugin_desc {
+ #else
+ #define CONNMAN_PLUGIN_DEFINE(name, description, version, priority, init, exit) \
+                extern struct connman_debug_desc __start___debug[] \
+-                               __attribute__ ((weak, visibility("hidden"))); \
+                               __attribute__ ((weak, visibility("default"))); \
+                extern struct connman_debug_desc __stop___debug[] \
+-                               __attribute__ ((weak, visibility("hidden"))); \
+                               __attribute__ ((weak, visibility("default"))); \
+                extern struct connman_plugin_desc connman_plugin_desc \
+                                __attribute__ ((visibility("default"))); \
+                struct connman_plugin_desc connman_plugin_desc = { \
+-- 
+1.7.5.4
diff --git a/meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch b/meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch
new file mode 100644
index 0000000000..707b3cafba
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch
@@ -0,0 +1,21 @@
+Because Poky doesn't support at_console we need to special-case the session
+user.
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+diff --git a/src/connman-dbus.conf b/src/connman-dbus.conf
+index 98a773e..466809c 100644
+--- a/src/connman-dbus.conf
+++ b/src/connman-dbus.conf
+@@ -8,6 +8,9 @@
+         <allow send_interface="net.connman.Counter"/>
+         <allow send_interface="net.connman.Notification"/>
+     </policy>
+    <policy user="xuser">
+        <allow send_destination="net.connman"/>
+    </policy>
+     <policy at_console="true">
+         <allow send_destination="net.connman"/>
+     </policy>
diff --git a/meta/recipes-connectivity/connman/connman/connman b/meta/recipes-connectivity/connman/connman/connman
new file mode 100644
index 0000000000..bf7a94a06d
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/connman
@@ -0,0 +1,83 @@
+#!/bin/sh
+DAEMON=/usr/sbin/connmand
+PIDFILE=/var/run/connmand.pid
+DESC="Connection Manager"
+if [ -f /etc/default/connman ] ; then
+        . /etc/default/connman
+fi
+set -e
+nfsroot=0
+exec 9<&0 < /proc/mounts
+while read dev mtpt fstype rest; do
+        if test $mtpt = "/" ; then
+                case $fstype in
+                    nfs | nfs4)
+                        nfsroot=1
+                        break
+                        ;;
+                    *)
+                        ;;
+                esac
+        fi
+done
+do_start() {
+        EXTRA_PARAM=""
+        if test $nfsroot -eq 1 ; then
+            NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 ]*\):.*$/\1/p'`
+            NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ :]*\).*$/\1/p'`
+            if [ ! -z "$NET_ADDR" ]; then
+                if [ "$NET_ADDR" = dhcp ]; then
+                    ethn=`ifconfig | grep "^eth" | sed -e "s/\(eth[0-9]\)\(.*\)/\1/"`
+                    if [ ! -z "$ethn" ]; then
+                        EXTRA_PARAM="-I $ethn"
+                    fi
+                else
+                    for i in $NET_DEVS; do
+                        ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 's/^.*inet \([0-9.]*\) .*$/\1/p'`
+                        if [ "$NET_ADDR" = "$ADDR" ]; then
+                            EXTRA_PARAM="-I $i"
+                            break
+                        fi
+                    done
+                fi
+            fi
+        fi
+        if [ -f @LIBDIR@/connman/wired-setup ] ; then
+                . @LIBDIR@/connman/wired-setup
+        fi
+        $DAEMON $EXTRA_PARAM
+}
+do_stop() {
+        start-stop-daemon --stop --name connmand --quiet
+}
+case "$1" in
+  start)
+        echo "Starting $DESC"
+        do_start
+        ;;
+  stop)
+        echo "Stopping $DESC"
+        do_stop
+        ;;
+  restart|force-reload)
+        echo "Restarting $DESC"
+        do_stop
+        sleep 1
+        do_start
+        ;;
+  *)
+        echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
+exit 0
diff --git a/meta/recipes-connectivity/connman/connman_1.25.bb b/meta/recipes-connectivity/connman/connman_1.25.bb
new file mode 100644
index 0000000000..1758c95ee1
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman_1.25.bb
@@ -0,0 +1,11 @@
+require connman.inc
+SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+            file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
+            file://add_xuser_dbus_permission.patch \
+            file://connman \
+            "
+SRC_URI[md5sum] = "a449d2e49871494506e48765747e6624"
+SRC_URI[sha256sum] = "c1d266d6be18d2f66231f3537a7ed17b57637ca43c27328bc13c508cbeacce6e"
+RRECOMMENDS_${PN} = "connman-conf"
diff --git a/meta/recipes-connectivity/dhcp/dhcp.inc b/meta/recipes-connectivity/dhcp/dhcp.inc
new file mode 100644
index 0000000000..4949e0201e
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp.inc
@@ -0,0 +1,115 @@
+SECTION = "console/network"
+SUMMARY = "Internet Software Consortium DHCP package"
+DESCRIPTION = "DHCP (Dynamic Host Configuration Protocol) is a protocol \
+which allows individual devices on an IP network to get their own \
+network configuration information from a server.  DHCP helps make it \
+easier to administer devices."
+HOMEPAGE = "http://www.isc.org/"
+LICENSE = "ISC"
+LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1753"
+DEPENDS = "openssl bind"
+SRC_URI = "ftp://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
+           file://site.h \
+           file://init-relay file://default-relay \
+           file://init-server file://default-server \
+           file://dhclient.conf file://dhcpd.conf \
+           file://dhcpd.service file://dhcrelay.service"
+inherit autotools systemd
+SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay"
+SYSTEMD_SERVICE_${PN}-server = "dhcpd.service"
+SYSTEMD_AUTO_ENABLE_${PN}-server = "disable"
+SYSTEMD_SERVICE_${PN}-relay = "dhcrelay.service"
+SYSTEMD_AUTO_ENABLE_${PN}-relay = "disable"
+TARGET_CFLAGS += "-D_GNU_SOURCE"
+EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \
+                --with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \
+                --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \
+                --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \
+                --with-libbind=${STAGING_LIBDIR}/ \
+               "
+do_compile_prepend () {
+        cp -f ${WORKDIR}/site.h ${S}/includes
+}
+do_install_append () {
+        install -d ${D}${sysconfdir}/init.d
+        install -d ${D}${sysconfdir}/default
+        install -d ${D}${sysconfdir}/dhcp
+        install -m 0755 ${WORKDIR}/init-relay ${D}${sysconfdir}/init.d/dhcp-relay
+        install -m 0644 ${WORKDIR}/default-relay ${D}${sysconfdir}/default/dhcp-relay
+        install -m 0755 ${WORKDIR}/init-server ${D}${sysconfdir}/init.d/dhcp-server
+        install -m 0644 ${WORKDIR}/default-server ${D}${sysconfdir}/default/dhcp-server
+        rm -f ${D}${sysconfdir}/dhclient.conf*
+        rm -f ${D}${sysconfdir}/dhcpd.conf*
+        install -m 0644 ${WORKDIR}/dhclient.conf ${D}${sysconfdir}/dhcp/dhclient.conf
+        install -m 0644 ${WORKDIR}/dhcpd.conf ${D}${sysconfdir}/dhcp/dhcpd.conf
+        install -d ${D}${base_sbindir}/
+        if [ "${sbindir}" != "${base_sbindir}" ]; then
+                mv ${D}${sbindir}/dhclient ${D}${base_sbindir}/
+        fi
+        install -m 0755 ${S}/client/scripts/linux ${D}${base_sbindir}/dhclient-script
+        # Install systemd unit files
+        install -d ${D}${systemd_unitdir}/system
+        install -m 0644 ${WORKDIR}/dhcpd.service ${D}${systemd_unitdir}/system
+        install -m 0644 ${WORKDIR}/dhcrelay.service ${D}${systemd_unitdir}/system
+        sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/dhcpd.service ${D}${systemd_unitdir}/system/dhcrelay.service
+        sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcpd.service
+}
+PACKAGES += "dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell"
+FILES_${PN} = ""
+RDEPENDS_${PN}-dev = ""
+RDEPENDS_${PN}-staticdev = ""
+FILES_dhcp-server = "${sbindir}/dhcpd ${sysconfdir}/init.d/dhcp-server"
+RRECOMMENDS_dhcp-server = "dhcp-server-config"
+FILES_dhcp-server-config = "${sysconfdir}/default/dhcp-server ${sysconfdir}/dhcp/dhcpd.conf"
+FILES_dhcp-relay = "${sbindir}/dhcrelay ${sysconfdir}/init.d/dhcp-relay ${sysconfdir}/default/dhcp-relay"
+FILES_dhcp-client = "${base_sbindir}/dhclient ${base_sbindir}/dhclient-script ${sysconfdir}/dhcp/dhclient.conf"
+RDEPENDS_dhcp-client = "bash"
+FILES_dhcp-omshell = "${bindir}/omshell"
+pkg_postinst_dhcp-server() {
+    mkdir -p $D/${localstatedir}/lib/dhcp
+    touch $D/${localstatedir}/lib/dhcp/dhcpd.leases
+    touch $D/${localstatedir}/lib/dhcp/dhcpd6.leases
+}
+pkg_postinst_dhcp-client() {
+    mkdir -p $D/${localstatedir}/lib/dhcp
+}
+pkg_postrm_dhcp-server() {
+    rm -f $D/${localstatedir}/lib/dhcp/dhcpd.leases
+    rm -f $D/${localstatedir}/lib/dhcp/dhcpd6.leases
+    if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then
+        echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty."
+    fi
+}
+pkg_postrm_dhcp-client() {
+    rm -f $D/${localstatedir}/lib/dhcp/dhclient.leases
+    rm -f $D/${localstatedir}/lib/dhcp/dhclient6.leases
+    if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then
+        echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty."
+    fi
+}
diff --git a/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch b/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch
new file mode 100644
index 0000000000..47ea5554b8
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch
@@ -0,0 +1,70 @@
+dhcp-client: fix invoke dhclient-script failed on Read-only file system
+In read-only file system, '/etc' is on the readonly partition,
+and '/etc/resolv.conf' is symlinked to a separate writable
+partition.
+In this situation, we should use shell variable to instead of
+temp files '/etc/resolv.conf.dhclient' and '/etc/resolv.conf.dhclient6'.
+Upstream-Status: Pending
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/scripts/linux | 20 +++++++++-----------
+ 1 file changed, 9 insertions(+), 11 deletions(-)
+diff --git a/client/scripts/linux b/client/scripts/linux
+--- a/client/scripts/linux
+++ b/client/scripts/linux
+@@ -27,27 +27,25 @@ ip=/sbin/ip
+ 
+ make_resolv_conf() {
+   if [ x"$new_domain_name_servers" != x ]; then
+-    cat /dev/null > /etc/resolv.conf.dhclient
+-    chmod 644 /etc/resolv.conf.dhclient
+    resolv_conf=""
+     if [ x"$new_domain_search" != x ]; then
+-      echo search $new_domain_search >> /etc/resolv.conf.dhclient
+      resolv_conf="search ${new_domain_search}\n"
+     elif [ x"$new_domain_name" != x ]; then
+       # Note that the DHCP 'Domain Name Option' is really just a domain
+       # name, and that this practice of using the domain name option as
+       # a search path is both nonstandard and deprecated.
+-      echo search $new_domain_name >> /etc/resolv.conf.dhclient
+      resolv_conf="search ${new_domain_name}\n"
+     fi
+     for nameserver in $new_domain_name_servers; do
+-      echo nameserver $nameserver >>/etc/resolv.conf.dhclient
+      resolv_conf="${resolv_conf}nameserver ${nameserver}\n"
+     done
+ 
+-    mv /etc/resolv.conf.dhclient /etc/resolv.conf
+    echo -e "${resolv_conf}" > /etc/resolv.conf
+   elif [ "x${new_dhcp6_name_servers}" != x ] ; then
+-    cat /dev/null > /etc/resolv.conf.dhclient6
+-    chmod 644 /etc/resolv.conf.dhclient6
+    resolv_conf=""
+ 
+     if [ "x${new_dhcp6_domain_search}" != x ] ; then
+-      echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6
+      resolv_conf="search ${new_dhcp6_domain_search}\n"
+     fi
+     shopt -s nocasematch 
+     for nameserver in ${new_dhcp6_name_servers} ; do
+@@ -59,11 +57,11 @@ make_resolv_conf() {
+       else
+        zone_id=
+       fi
+-      echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6
+      resolv_conf="${resolv_conf}nameserver ${nameserver}$zone_id\n"
+     done
+     shopt -u nocasematch 
+ 
+-    mv /etc/resolv.conf.dhclient6 /etc/resolv.conf
+    echo -e "${resolv_conf}" > /etc/resolv.conf
+   fi
+ }
+ 
+-- 
+1.8.1.2
diff --git a/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch b/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch
new file mode 100644
index 0000000000..b4a666d106
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch
@@ -0,0 +1,86 @@
+Upstream-Status: Inappropriate [distribution]
+--- client/scripts/bsdos
+++ client/scripts/bsdos
+@@ -47,6 +47,11 @@
+     . /etc/dhcp/dhclient-exit-hooks
+   fi
+ # probably should do something with exit status of the local script
+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
+    dbus-send --system --dest=com.redhat.dhcp \
+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
+  fi
+   exit $exit_status
+ }
+ 
+--- client/scripts/freebsd
+++ client/scripts/freebsd
+@@ -57,6 +57,11 @@
+     . /etc/dhcp/dhclient-exit-hooks
+   fi
+ # probably should do something with exit status of the local script
+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
+    dbus-send --system --dest=com.redhat.dhcp \
+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
+  fi
+   exit $exit_status
+ }
+ 
+--- client/scripts/linux
+++ client/scripts/linux
+@@ -69,6 +69,11 @@
+     . /etc/dhcp/dhclient-exit-hooks
+   fi
+ # probably should do something with exit status of the local script
+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
+    dbus-send --system --dest=com.redhat.dhcp \
+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
+  fi
+   exit $exit_status
+ }
+ 
+--- client/scripts/netbsd
+++ client/scripts/netbsd
+@@ -47,6 +47,11 @@
+     . /etc/dhcp/dhclient-exit-hooks
+   fi
+ # probably should do something with exit status of the local script
+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
+    dbus-send --system --dest=com.redhat.dhcp \
+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
+  fi
+   exit $exit_status
+ }
+ 
+--- client/scripts/openbsd
+++ client/scripts/openbsd
+@@ -47,6 +47,11 @@
+     . /etc/dhcp/dhclient-exit-hooks
+   fi
+ # probably should do something with exit status of the local script
+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
+    dbus-send --system --dest=com.redhat.dhcp \
+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
+  fi
+   exit $exit_status
+ }
+ 
+--- client/scripts/solaris
+++ client/scripts/solaris
+@@ -47,6 +47,11 @@
+     . /etc/dhcp/dhclient-exit-hooks
+   fi
+ # probably should do something with exit status of the local script
+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
+    dbus-send --system --dest=com.redhat.dhcp \
+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
+  fi
+   exit $exit_status
+ }
+ 
diff --git a/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch b/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch
new file mode 100644
index 0000000000..a291fdaf52
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch
@@ -0,0 +1,112 @@
+Upstream-Status: Pending
+11/30/2010
+--with-libbind=PATH is available but not used by Makefile,
+this patch is to allow building with external bind
+Signed-off-by: Qing He <qing.he@intel.com>
+Index: dhcp-4.3.0/Makefile.am
+===================================================================
+--- dhcp-4.3.0.orig/Makefile.am
+++ dhcp-4.3.0/Makefile.am
+@@ -25,7 +25,7 @@ EXTRA_DIST = RELNOTES LICENSE \
+             bind/Makefile bind/bind.tar.gz bind/version.tmp \
+             common/tests/Atffile server/tests/Atffile
+ 
+-SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server
+SUBDIRS = includes tests common dst omapip client dhcpctl relay server
+ 
+ nobase_include_HEADERS = dhcpctl/dhcpctl.h
+ 
+Index: dhcp-4.3.0/client/Makefile.am
+===================================================================
+--- dhcp-4.3.0.orig/client/Makefile.am
+++ dhcp-4.3.0/client/Makefile.am
+@@ -4,8 +4,8 @@ dhclient_SOURCES = clparse.c dhclient.c
+                   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
+                   scripts/netbsd scripts/nextstep scripts/openbsd \
+                   scripts/solaris scripts/openwrt
+-dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../bind/lib/libirs.a \
+-                ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(libbind)/libirs.a \
+                $(libbind)/libdns.a $(libbind)/libisccfg.a $(libbind)/libisc.a
+ man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
+ EXTRA_DIST = $(man_MANS)
+ 
+Index: dhcp-4.3.0/configure.ac
+===================================================================
+--- dhcp-4.3.0.orig/configure.ac
+++ dhcp-4.3.0/configure.ac
+@@ -566,6 +566,7 @@ no)
+        libbind="$use_libbind"
+        ;;
+ esac
+AC_SUBST([libbind])
+ 
+ # OpenLDAP support.
+ AC_ARG_WITH(ldap,
+Index: dhcp-4.3.0/dhcpctl/Makefile.am
+===================================================================
+--- dhcp-4.3.0.orig/dhcpctl/Makefile.am
+++ dhcp-4.3.0/dhcpctl/Makefile.am
+@@ -6,12 +6,12 @@ EXTRA_DIST = $(man_MANS)
+ 
+ omshell_SOURCES = omshell.c
+ omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
+-               ../bind/lib/libirs.a ../bind/lib/libdns.a \
+-               ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+               $(libbind)/libirs.a $(libbind)/libdns.a \
+               $(libbind)/libisccfg.a $(libbind)/libisc.a
+ 
+ libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
+ 
+ cltest_SOURCES = cltest.c
+ cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
+-              ../bind/lib/libirs.a ../bind/lib/libdns.a \
+-               ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+              $(libbind)/libirs.a $(libbind)/libdns.a \
+               $(libbind)/libisccfg.a $(libbind)/libisc.a
+Index: dhcp-4.3.0/omapip/Makefile.am
+===================================================================
+--- dhcp-4.3.0.orig/omapip/Makefile.am
+++ dhcp-4.3.0/omapip/Makefile.am
+@@ -10,6 +10,6 @@ man_MANS = omapi.3
+ EXTRA_DIST = $(man_MANS)
+ 
+ svtest_SOURCES = test.c
+-svtest_LDADD = libomapi.a ../bind/lib/libirs.a ../bind/lib/libdns.a \
+-               ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+svtest_LDADD = libomapi.a $(libbind)/libirs.a $(libbind)/libdns.a \
+               $(libbind)/libisccfg.a $(libbind)/libisc.a
+ 
+Index: dhcp-4.3.0/relay/Makefile.am
+===================================================================
+--- dhcp-4.3.0.orig/relay/Makefile.am
+++ dhcp-4.3.0/relay/Makefile.am
+@@ -3,8 +3,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
+ sbin_PROGRAMS = dhcrelay
+ dhcrelay_SOURCES = dhcrelay.c
+ dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
+-                ../bind/lib/libirs.a ../bind/lib/libdns.a \
+-                ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+                $(libbind)/libirs.a $(libbind)/libdns.a \
+                $(libbind)/libisccfg.a $(libbind)/libisc.a
+ man_MANS = dhcrelay.8
+ EXTRA_DIST = $(man_MANS)
+ 
+Index: dhcp-4.3.0/server/Makefile.am
+===================================================================
+--- dhcp-4.3.0.orig/server/Makefile.am
+++ dhcp-4.3.0/server/Makefile.am
+@@ -14,8 +14,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
+ 
+ dhcpd_CFLAGS = $(LDAP_CFLAGS)
+ dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
+-             ../dhcpctl/libdhcpctl.a ../bind/lib/libirs.a \
+-             ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a
+             ../dhcpctl/libdhcpctl.a $(libbind)/libirs.a \
+             $(libbind)/libdns.a $(libbind)/libisccfg.a $(libbind)/libisc.a
+ 
+ man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
+ EXTRA_DIST = $(man_MANS)
diff --git a/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch b/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch
new file mode 100644
index 0000000000..e686afd2d2
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch
@@ -0,0 +1,90 @@
+Fix out of tree builds
+Upstream-Status: Pending
+RP 2013/03/21
+Index: dhcp-4.2.5/common/Makefile.am
+===================================================================
+--- dhcp-4.2.5.orig/common/Makefile.am  2013-03-21 12:54:11.345063519 +0000
+++ dhcp-4.2.5/common/Makefile.am       2013-03-21 12:54:11.805063510 +0000
+@@ -1,4 +1,4 @@
+-AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
+ AM_CFLAGS = $(LDAP_CFLAGS)
+ 
+ noinst_LIBRARIES = libdhcp.a
+Index: dhcp-4.2.5/dst/Makefile.am
+===================================================================
+--- dhcp-4.2.5.orig/dst/Makefile.am     2013-03-21 12:54:11.345063519 +0000
+++ dhcp-4.2.5/dst/Makefile.am  2013-03-21 12:54:11.805063510 +0000
+@@ -1,4 +1,4 @@
+-AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
+AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5 -I$(top_srcdir)/includes
+ 
+ lib_LIBRARIES = libdst.a
+ 
+Index: dhcp-4.2.5/omapip/Makefile.am
+===================================================================
+--- dhcp-4.2.5.orig/omapip/Makefile.am  2013-03-21 12:54:11.677063511 +0000
+++ dhcp-4.2.5/omapip/Makefile.am       2013-03-21 12:54:11.809063510 +0000
+@@ -1,3 +1,5 @@
+AM_CPPFLAGS = -I$(top_srcdir)/includes
+
+ lib_LIBRARIES = libomapi.a
+ noinst_PROGRAMS = svtest
+ 
+Index: dhcp-4.2.5/client/Makefile.am
+===================================================================
+--- dhcp-4.2.5.orig/client/Makefile.am  2013-03-21 12:54:11.677063511 +0000
+++ dhcp-4.2.5/client/Makefile.am       2013-03-21 12:54:11.809063510 +0000
+@@ -1,3 +1,5 @@
+AM_CPPFLAGS = -I$(top_srcdir)/includes
+
+ dist_sysconf_DATA = dhclient.conf.example
+ sbin_PROGRAMS = dhclient
+ dhclient_SOURCES = clparse.c dhclient.c dhc6.c \
+@@ -11,8 +13,8 @@
+ 
+ dhclient.o: dhclient.c
+        $(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
+-                  -DLOCALSTATEDIR='"$(localstatedir)"' -c dhclient.c
+                  -DLOCALSTATEDIR='"$(localstatedir)"' -c $(srcdir)/dhclient.c
+ 
+ dhc6.o: dhc6.c
+        $(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
+-                  -DLOCALSTATEDIR='"$(localstatedir)"' -c dhc6.c
+                  -DLOCALSTATEDIR='"$(localstatedir)"' -c $(srcdir)/dhc6.c
+Index: dhcp-4.2.5/dhcpctl/Makefile.am
+===================================================================
+--- dhcp-4.2.5.orig/dhcpctl/Makefile.am 2013-03-21 12:54:11.677063511 +0000
+++ dhcp-4.2.5/dhcpctl/Makefile.am      2013-03-21 12:54:11.809063510 +0000
+@@ -1,3 +1,5 @@
+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
+
+ bin_PROGRAMS = omshell
+ lib_LIBRARIES = libdhcpctl.a
+ noinst_PROGRAMS = cltest
+Index: dhcp-4.2.5/relay/Makefile.am
+===================================================================
+--- dhcp-4.2.5.orig/relay/Makefile.am   2013-03-21 12:54:11.677063511 +0000
+++ dhcp-4.2.5/relay/Makefile.am        2013-03-21 12:54:11.809063510 +0000
+@@ -1,4 +1,4 @@
+-AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"'
+AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+ 
+ sbin_PROGRAMS = dhcrelay
+ dhcrelay_SOURCES = dhcrelay.c
+Index: dhcp-4.2.5/server/Makefile.am
+===================================================================
+--- dhcp-4.2.5.orig/server/Makefile.am  2013-03-21 12:54:11.677063511 +0000
+++ dhcp-4.2.5/server/Makefile.am       2013-03-21 12:55:01.509062081 +0000
+@@ -4,7 +4,7 @@
+ # production code. Sadly, we are not there yet.
+ SUBDIRS = . tests
+ 
+-AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
+AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+ 
+ dist_sysconf_DATA = dhcpd.conf.example
+ sbin_PROGRAMS = dhcpd
diff --git a/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch b/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch
new file mode 100644
index 0000000000..57e10b0297
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch
@@ -0,0 +1,25 @@
+Author: Andrei Gherzan <andrei@gherzan.ro>
+Date:   Thu Feb 2 23:59:11 2012 +0200
+From 4.2.0 final release, -lcrypto check was removed and we compile static libraries
+from bind that are linked to libcrypto. This is why i added a patch in order to add
+-lcrypto to LIBS.
+Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
+Upstream-Status: Pending
+Index: dhcp-4.2.3-P2-r0/dhcp-4.2.3-P2/configure.ac
+===================================================================
+--- dhcp-4.2.3-P2.orig/configure.ac     2012-02-02 18:04:20.843023196 +0200
+++ dhcp-4.2.3-P2/configure.ac  2012-02-02 17:58:16.000000000 +0200
+@@ -456,6 +456,10 @@
+ # Look for optional headers.
+ AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
+ 
+# find an MD5 library
+AC_SEARCH_LIBS(MD5_Init, [crypto])
+AC_SEARCH_LIBS(MD5Init, [crypto])
+
+ # Solaris needs some libraries for functions
+ AC_SEARCH_LIBS(socket, [socket])
+ AC_SEARCH_LIBS(inet_ntoa, [nsl])
diff --git a/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch b/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch
new file mode 100644
index 0000000000..61dd6a7186
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch
@@ -0,0 +1,176 @@
+Found this patch here:
+https://lists.isc.org/pipermail/dhcp-users/2011-January/012910.html
+and made some adjustments/updates to make it work with this version.
+Wasn't able to find that why this patch was not accepted by ISC DHCP developers.
+Upstream-Status: Pending
+Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
+--- dhcp-4.2.5-P1/client/scripts/linux.orig     2013-09-04 12:22:55.000000000 +0500
+++ dhcp-4.2.5-P1/client/scripts/linux  2013-09-04 12:52:19.068761518 +0500
+@@ -103,17 +103,11 @@
+ if [ x$old_broadcast_address != x ]; then
+   old_broadcast_arg="broadcast $old_broadcast_address"
+ fi
+-if [ x$new_subnet_mask != x ]; then
+-  new_subnet_arg="netmask $new_subnet_mask"
+-fi
+-if [ x$old_subnet_mask != x ]; then
+-  old_subnet_arg="netmask $old_subnet_mask"
+-fi
+-if [ x$alias_subnet_mask != x ]; then
+-  alias_subnet_arg="netmask $alias_subnet_mask"
+if [ -n "$new_subnet_mask" ]; then
+    new_mask="/$new_subnet_mask"
+ fi
+-if [ x$new_interface_mtu != x ]; then
+-  mtu_arg="mtu $new_interface_mtu"
+if [ -n "$alias_subnet_mask" ]; then
+    alias_mask="/$alias_subnet_mask"
+ fi
+ if [ x$IF_METRIC != x ]; then
+   metric_arg="metric $IF_METRIC"
+@@ -127,9 +121,9 @@
+ if [ x$reason = xPREINIT ]; then
+   if [ x$alias_ip_address != x ]; then
+     # Bring down alias interface. Its routes will disappear too.
+-    ifconfig $interface:0- inet 0
+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
+   fi
+-  ifconfig $interface 0 up
+  ${ip} link set dev ${interface} up
+ 
+   # We need to give the kernel some time to get the interface up.
+   sleep 1
+@@ -156,25 +150,30 @@
+   if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \
+                [ x$alias_ip_address != x$old_ip_address ]; then
+     # Possible new alias. Remove old alias.
+-    ifconfig $interface:0- inet 0
+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
+   fi
+   if [ x$old_ip_address != x ] && [ x$old_ip_address != x$new_ip_address ]; then
+     # IP address changed. Bringing down the interface will delete all routes,
+     # and clear the ARP cache.
+-    ifconfig $interface inet 0 down
+    ${ip} -4 addr flush dev ${interface} label ${interface}
+ 
+   fi
+   if [ x$old_ip_address = x ] || [ x$old_ip_address != x$new_ip_address ] || \
+      [ x$reason = xBOUND ] || [ x$reason = xREBOOT ]; then
+ 
+-    ifconfig $interface inet $new_ip_address $new_subnet_arg \
+-                                       $new_broadcast_arg $mtu_arg
+    ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \
+                dev ${interface} label ${interface}
+    if [ -n "$new_interface_mtu" ]; then
+      # set MTU
+      ${ip} link set dev ${interface} mtu ${new_interface_mtu}
+    fi
+     # Add a network route to the computed network address.
+     for router in $new_routers; do
+       if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
+-       route add -host $router dev $interface
+        ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
+       fi
+-      route add default gw $router $metric_arg dev $interface
+      ${ip} -4 route add default via ${router} dev ${interface} \
+        ${metric_arg} >/dev/null 2>&1
+     done
+   else
+     # we haven't changed the address, have we changed other options           
+@@ -182,21 +181,23 @@
+     if [ x$new_routers != x ] && [ x$new_routers != x$old_routers ] ; then
+       # if we've changed routers delete the old and add the new.
+       for router in $old_routers; do
+-        route del default gw $router
+        ${ip} -4 route delete default via ${router}
+       done
+       for router in $new_routers; do
+         if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
+-         route add -host $router dev $interface
+-       fi
+-       route add default gw $router $metric_arg dev $interface
+             ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
+           fi
+        ${ip} -4 route add default via ${router} dev ${interface} \
+          ${metric_arg} >/dev/null 2>&1
+       done
+     fi
+   fi
+   if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ];
+    then
+-    ifconfig $interface:0- inet 0
+-    ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
+-    route add -host $alias_ip_address $interface:0
+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
+    ${ip} -4 addr add ${alias_ip_address}${alias_mask} \
+        dev ${interface} label ${interface}:0
+    ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
+   fi
+   make_resolv_conf
+   exit_with_hooks 0
+@@ -206,42 +207,49 @@
+    || [ x$reason = xSTOP ]; then
+   if [ x$alias_ip_address != x ]; then
+     # Turn off alias interface.
+-    ifconfig $interface:0- inet 0
+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
+   fi
+   if [ x$old_ip_address != x ]; then
+     # Shut down interface, which will delete routes and clear arp cache.
+-    ifconfig $interface inet 0 down
+    ${ip} -4 addr flush dev ${interface} label ${interface}
+   fi
+   if [ x$alias_ip_address != x ]; then
+-    ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
+-    route add -host $alias_ip_address $interface:0
+    ${ip} -4 addr add ${alias_ip_address}${alias_network_arg} \
+        dev ${interface} label ${interface}:0
+    ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
+   fi
+   exit_with_hooks 0
+ fi
+ 
+ if [ x$reason = xTIMEOUT ]; then
+   if [ x$alias_ip_address != x ]; then
+-    ifconfig $interface:0- inet 0
+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
+  fi
+  ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \
+            dev ${interface} label ${interface}
+  if [ -n "$new_interface_mtu" ]; then
+    # set MTU
+    ip link set dev ${interface} mtu ${new_interface_mtu}
+   fi
+-  ifconfig $interface inet $new_ip_address $new_subnet_arg \
+-                                       $new_broadcast_arg $mtu_arg
+   set $new_routers
+   if ping -q -c 1 $1; then
+     if [ x$new_ip_address != x$alias_ip_address ] && \
+                        [ x$alias_ip_address != x ]; then
+-      ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
+-      route add -host $alias_ip_address dev $interface:0
+      ${ip} -4 addr add ${alias_ip_address}${alias_mask} \
+            dev ${interface} label ${interface}:0
+      ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
+     fi
+     for router in $new_routers; do
+       if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
+-       route add -host $router dev $interface
+           ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
+       fi
+-      route add default gw $router $metric_arg dev $interface
+      ${ip} -4 route add default via ${router} dev ${interface} \
+        ${metric_arg} >/dev/null 2>&1
+     done
+     make_resolv_conf
+     exit_with_hooks 0
+   fi
+-  ifconfig $interface inet 0 down
+  ${ip} -4 addr flush dev ${interface}
+   exit_with_hooks 1
+ fi
+ 
diff --git a/meta/recipes-connectivity/dhcp/dhcp/site.h b/meta/recipes-connectivity/dhcp/dhcp/site.h
new file mode 100644
index 0000000000..2289554ef3
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/site.h
@@ -0,0 +1,21 @@
+/*
+ * define config file location in ${S}/includes/site.h
+ * still need to take care of installation path (${sysconfdir}/dhcpd.conf)
+ *
+ * 7/22/2010 - qhe
+ */
+/* Define this if you want DNS update functionality to be available. */
+#define NSUPDATE
+/* Define this if you aren't debugging and you want to save memory
+   (potentially a _lot_ of memory) by allocating leases in chunks rather
+   than one at a time. */
+#define COMPACT_LEASES
+/* local */
+#define _PATH_DHCPD_CONF     "/etc/dhcp/dhcpd.conf"
+#define _PATH_DHCLIENT_CONF  "/etc/dhcp/dhclient.conf"
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.0.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.0.bb
new file mode 100644
index 0000000000..13bcceb5a8
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.3.0.bb
@@ -0,0 +1,12 @@
+require dhcp.inc
+SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
+            file://fix-external-bind.patch \
+            file://link-with-lcrypto.patch \
+            file://fixsepbuild.patch \
+            file://dhclient-script-drop-resolv.conf.dhclient.patch \
+            file://replace-ifconfig-route.patch \
+           "
+SRC_URI[md5sum] = "1020d77e1a4c1f01b76279caff9beb80"
+SRC_URI[sha256sum] = "a7b6517d5cf32c5e49d2323a63de00efe5391df7cb0045dfa0ec8f6ee46ebe8a"
diff --git a/meta/recipes-connectivity/dhcp/files/default-relay b/meta/recipes-connectivity/dhcp/files/default-relay
new file mode 100644
index 0000000000..7961f014be
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/files/default-relay
@@ -0,0 +1,12 @@
+# Defaults for dhcp-relay initscript
+# sourced by /etc/init.d/dhcp-relay
+# What servers should the DHCP relay forward requests to?
+# e.g: SERVERS="192.168.0.1"
+SERVERS=""
+# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests?
+INTERFACES=""
+# Additional options that are passed to the DHCP relay daemon?
+OPTIONS=""
diff --git a/meta/recipes-connectivity/dhcp/files/default-server b/meta/recipes-connectivity/dhcp/files/default-server
new file mode 100644
index 0000000000..0385d16992
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/files/default-server
@@ -0,0 +1,7 @@
+# Defaults for dhcp initscript
+# sourced by /etc/init.d/dhcp-server
+# installed at /etc/default/dhcp-server by the maintainer scripts
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACES=""
diff --git a/meta/recipes-connectivity/dhcp/files/dhclient.conf b/meta/recipes-connectivity/dhcp/files/dhclient.conf
new file mode 100644
index 0000000000..0e6dcf96c2
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/files/dhclient.conf
@@ -0,0 +1,50 @@
+# Configuration file for /sbin/dhclient, which is included in Debian's
+#       dhcp3-client package.
+#
+# This is a sample configuration file for dhclient. See dhclient.conf's
+#       man page for more information about the syntax of this file
+#       and a more comprehensive list of the parameters understood by
+#       dhclient.
+#
+# Normally, if the DHCP server provides reasonable information and does
+#       not leave anything out (like the domain name, for example), then
+#       few changes must be made to this file, if any.
+#
+#send host-name "andare.fugue.com";
+#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
+#send dhcp-lease-time 3600;
+#supersede domain-name "fugue.com home.vix.com";
+#prepend domain-name-servers 127.0.0.1;
+request subnet-mask, broadcast-address, time-offset, routers,
+        domain-name, domain-name-servers, host-name,
+        netbios-name-servers, netbios-scope;
+#require subnet-mask, domain-name-servers;
+#timeout 60;
+#retry 60;
+#reboot 10;
+#select-timeout 5;
+#initial-interval 2;
+#script "/etc/dhcp3/dhclient-script";
+#media "-link0 -link1 -link2", "link0 link1";
+#reject 192.33.137.209;
+#alias {
+#  interface "eth0";
+#  fixed-address 192.5.5.213;
+#  option subnet-mask 255.255.255.255;
+#}
+#lease {
+#  interface "eth0";
+#  fixed-address 192.33.137.200;
+#  medium "link0 link1";
+#  option host-name "andare.swiftmedia.com";
+#  option subnet-mask 255.255.255.0;
+#  option broadcast-address 192.33.137.255;
+#  option routers 192.33.137.250;
+#  option domain-name-servers 127.0.0.1;
+#  renew 2 2000/1/12 00:00:01;
+#  rebind 2 2000/1/12 00:00:01;
+#  expire 2 2000/1/12 00:00:01;
+#}
diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd.conf b/meta/recipes-connectivity/dhcp/files/dhcpd.conf
new file mode 100644
index 0000000000..0001c0f00e
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/files/dhcpd.conf
@@ -0,0 +1,108 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
+#
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+# option definitions common to all supported networks...
+option domain-name "example.org";
+option domain-name-servers ns1.example.org, ns2.example.org;
+default-lease-time 600;
+max-lease-time 7200;
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+# This is a very basic subnet declaration.
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd.service b/meta/recipes-connectivity/dhcp/files/dhcpd.service
new file mode 100644
index 0000000000..8648f1a253
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/files/dhcpd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=DHCP Server Daemon
+After=network.target
+After=time-sync.target
+[Service]
+EnvironmentFile=@SYSCONFDIR@/default/dhcp-server
+ExecStart=-@SBINDIR@/dhcpd -q $INTERFACES
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcp/files/dhcrelay.service b/meta/recipes-connectivity/dhcp/files/dhcrelay.service
new file mode 100644
index 0000000000..a2d818917d
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/files/dhcrelay.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=DHCP Relay Agent Daemon
+After=network.target
+[Service]
+ExecStart=@SBINDIR@/dhcrelay -d --no-pid
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcp/files/init-relay b/meta/recipes-connectivity/dhcp/files/init-relay
new file mode 100644
index 0000000000..019a7e84cf
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/files/init-relay
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# $Id: dhcp3-relay,v 1.1 2004/04/16 15:41:08 ml Exp $
+#
+# It is not safe to start if we don't have a default configuration...
+if [ ! -f /etc/default/dhcp-relay ]; then
+        echo "/etc/default/dhcp-relay does not exist! - Aborting..."
+        echo "create this file to fix the problem."
+        exit 1
+fi
+# Read init script configuration (interfaces the daemon should listen on
+# and the DHCP server we should forward requests to.)
+. /etc/default/dhcp-relay
+# Build command line for interfaces (will be passed to dhrelay below.)
+IFCMD=""
+if test "$INTERFACES" != ""; then
+        for I in $INTERFACES; do
+                IFCMD=${IFCMD}"-i "${I}" "
+        done
+fi
+DHCRELAYPID=/var/run/dhcrelay.pid
+case "$1" in
+        start)
+                start-stop-daemon -S -x /usr/sbin/dhcrelay -- -q $OPTIONS $IFCMD $SERVERS
+                ;;
+        stop)
+                start-stop-daemon -K -x /usr/sbin/dhcrelay
+                ;;
+        restart | force-reload)
+                $0 stop
+                sleep 2
+                $0 start
+                ;;
+        *)
+                echo "Usage: /etc/init.d/dhcp-relay {start|stop|restart|force-reload}"
+                exit 1 
+esac
+exit 0
diff --git a/meta/recipes-connectivity/dhcp/files/init-server b/meta/recipes-connectivity/dhcp/files/init-server
new file mode 100644
index 0000000000..34c20852b9
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/files/init-server
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $
+#
+test -f /usr/sbin/dhcpd || exit 0
+# It is not safe to start if we don't have a default configuration...
+if [ ! -f /etc/default/dhcp-server ]; then
+        echo "/etc/default/dhcp-server does not exist! - Aborting..."
+        exit 0
+fi
+# Read init script configuration (so far only interfaces the daemon
+# should listen on.)
+. /etc/default/dhcp-server
+case "$1" in
+        start)
+                echo -n "Starting DHCP server: "
+                test -d /var/lib/dhcp/ || mkdir -p /var/lib/dhcp/
+                test -f /var/lib/dhcp/dhcpd.leases || touch /var/lib/dhcp/dhcpd.leases  
+                start-stop-daemon -S -x /usr/sbin/dhcpd -- -q $INTERFACES
+                echo "."
+                ;;
+        stop)
+                echo -n "Stopping DHCP server: dhcpd3"
+                start-stop-daemon -K -x /usr/sbin/dhcpd
+                echo "."
+                ;;
+        restart | force-reload)
+                $0 stop
+                sleep 2
+                $0 start
+                if [ "$?" != "0" ]; then
+                        exit 1
+                fi
+                ;;
+        *)
+                echo "Usage: /etc/init.d/dhcp-server {start|stop|restart|force-reload}"
+                exit 1 
+esac
+exit 0
diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc b/meta/recipes-connectivity/iproute2/iproute2.inc
new file mode 100644
index 0000000000..09ea3d2602
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2.inc
@@ -0,0 +1,38 @@
+SUMMARY = "TCP / IP networking and traffic control utilities"
+DESCRIPTION = "Iproute2 is a collection of utilities for controlling \
+TCP / IP networking and traffic control in Linux.  Of the utilities ip \
+and tc are the most important.  ip controls IPv4 and IPv6 \
+configuration and tc stands for traffic control."
+HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2"
+SECTION = "base"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
+                    file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817"
+DEPENDS = "flex-native bison-native iptables"
+inherit update-alternatives
+EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'"
+do_install () {
+    oe_runmake DESTDIR=${D} install
+    mv ${D}${base_sbindir}/ip ${D}${base_sbindir}/ip.iproute2
+    install -d ${D}${datadir}
+    mv ${D}/share/* ${D}${datadir}/ || true
+    rm ${D}/share -rf || true
+}
+# The .so files in iproute2-tc are modules, not traditional libraries
+INSANE_SKIP_${PN}-tc = "dev-so"
+PACKAGES =+ "${PN}-tc"
+FILES_${PN}-tc = "${base_sbindir}/tc* \
+                  ${libdir}/tc/*.so"
+FILES_${PN}-dbg += "${libdir}/tc/.debug"
+ALTERNATIVE_${PN} = "ip"
+ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}"
+ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip"
+ALTERNATIVE_PRIORITY = "100"
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-ip-link-Remove-unnecessary-device-checking.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-ip-link-Remove-unnecessary-device-checking.patch
new file mode 100644
index 0000000000..640accefb0
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2/0001-ip-link-Remove-unnecessary-device-checking.patch
@@ -0,0 +1,34 @@
+From 38790ccf7bd0e6eab78024ec381fd98d7c6a2782 Mon Sep 17 00:00:00 2001
+From: vadimk <vadim4j@gmail.com>
+Date: Sat, 30 Aug 2014 15:06:00 +0300
+Subject: [PATCH] ip link: Remove unnecessary device checking
+The real checking is performed later in iplink_modify(..) func which
+checks device existence if NLM_F_CREATE flag is set.
+Also it fixes the case when impossible to add veth link which was
+caused by 9a02651a87 (ip: check for missing dev arg when doing VF rate)
+because these devices are not exist yet.
+Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
+Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ ip/iplink.c |    2 --
+ 1 file changed, 2 deletions(-)
+diff --git a/ip/iplink.c b/ip/iplink.c
+index 1a907d9..ea06871 100644
+--- a/ip/iplink.c
+++ b/ip/iplink.c
+@@ -593,8 +593,6 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req,
+                                duparg2("dev", *argv);
+                        *dev = *argv;
+                        dev_index = ll_name_to_index(*dev);
+-                       if (dev_index == 0)
+-                               invarg("Unknown device", *argv);
+                }
+                argc--; argv++;
+        }
+--
+1.7.10.4
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch
new file mode 100644
index 0000000000..39c7d40319
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch
@@ -0,0 +1,64 @@
+Subject: [PATCH] iproute2: de-bash scripts
+de-bash these two scripts to make iproute2 not depend on bash.
+Upstream-Status: Pending
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ ip/ifcfg |   15 ++++++++-------
+ ip/rtpr  |    2 +-
+ 2 files changed, 9 insertions(+), 8 deletions(-)
+diff --git a/ip/ifcfg b/ip/ifcfg
+index 083d9df..60bcf1f 100644
+--- a/ip/ifcfg
+++ b/ip/ifcfg
+@@ -1,12 +1,13 @@
+-#! /bin/bash
+#! /bin/sh
+ 
+ CheckForwarding () {
+-  local sbase fwd
+  local sbase fwd forwarding
+   sbase=/proc/sys/net/ipv4/conf
+   fwd=0
+   if [ -d $sbase ]; then
+     for dir in $sbase/*/forwarding; do
+-      fwd=$[$fwd + `cat $dir`]
+      forwarding=`cat $dir`
+      fwd=$(($fwd+$forwarding))
+     done
+   else
+     fwd=2
+@@ -127,12 +128,12 @@ fi
+ arping -q -A -c 1 -I $dev $ipaddr
+ noarp=$?
+ ( sleep 2 ;
+-  arping -q -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null &
+  arping -q -U -c 1 -I $dev $ipaddr ) > /dev/null 2>&1 </dev/null &
+ 
+-ip route add unreachable 224.0.0.0/24 >& /dev/null
+-ip route add unreachable 255.255.255.255 >& /dev/null
+ip route add unreachable 224.0.0.0/24 > /dev/null 2>&1
+ip route add unreachable 255.255.255.255 > /dev/null 2>&1
+ if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
+-  ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null
+  ip route add 224.0.0.0/4 dev $dev scope global > /dev/null 2>&1
+ fi
+ 
+ if [ $fwd -eq 0 ]; then
+diff --git a/ip/rtpr b/ip/rtpr
+index c3629fd..674198d 100644
+--- a/ip/rtpr
+++ b/ip/rtpr
+@@ -1,4 +1,4 @@
+-#! /bin/bash
+#! /bin/sh
+ 
+ exec tr "[\\\\]" "[
+ ]"
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch b/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
new file mode 100644
index 0000000000..866609ca99
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
@@ -0,0 +1,32 @@
+From 85b0589b4843c03e8e6fd9416d71ea449a73c5c0 Mon Sep 17 00:00:00 2001
+From: Koen Kooi <koen@dominion.thruhere.net>
+Date: Thu, 3 Nov 2011 10:46:16 +0100
+Subject: [PATCH] make configure cross compile safe
+According to Kevin Tian:
+Upstream-Status: Pending
+Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
+Signed-off-by: Shane Wang <shane.wang@intel.com>
+Index: iproute2-3.7.0/configure
+===================================================================
+--- iproute2-3.7.0.orig/configure
+++ iproute2-3.7.0/configure
+@@ -2,6 +2,7 @@
+ # This is not an autconf generated configure
+ #
+ INCLUDE=${1:-"$PWD/include"}
+SYSROOT=$1
+ 
+ # Make a temp directory in build tree.
+ TMPDIR=$(mktemp -d config.XXXXXX)
+@@ -158,7 +159,7 @@ check_ipt_lib_dir()
+                return
+        fi
+ 
+-       for dir in /lib /usr/lib /usr/local/lib
+       for dir in $SYSROOT/lib $SYSROOT/usr/lib $SYSROOT/usr/local/lib
+        do
+                for file in $dir/{xtables,iptables}/lib*t_*so ; do
+                        if [ -f $file ]; then
diff --git a/meta/recipes-connectivity/iproute2/iproute2_3.16.0.bb b/meta/recipes-connectivity/iproute2/iproute2_3.16.0.bb
new file mode 100644
index 0000000000..39fe9c83b8
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2_3.16.0.bb
@@ -0,0 +1,13 @@
+require iproute2.inc
+SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
+           file://configure-cross.patch \
+           file://0001-iproute2-de-bash-scripts.patch \
+           file://0001-ip-link-Remove-unnecessary-device-checking.patch \
+          "
+SRC_URI[md5sum] = "6c823b40fdcfa7b8120743349a52ac18"
+SRC_URI[sha256sum] = "1f0a8a6c0e872166f75433f5cbf9766f3002b5c2f13501b3bb8c51846a127b79"
+# CFLAGS are computed in Makefile and reference CCOPTS
+#
+EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'"
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
new file mode 100755
index 0000000000..6f29e9c6ed
--- /dev/null
+++ b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
@@ -0,0 +1,78 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          irda
+# Required-Start:    $network $remote_fs
+# Required-Stop:     $network $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Infrared port support
+### END INIT INFO
+NAME="irattach"
+test -x "$IRDA_DAEMON" || IRDA_DAEMON=/usr/sbin/irattach
+test -z "$IRATTACH_PID" && IRATTACH_PID=/var/run/irattach.pid
+# Source function library.
+. /etc/init.d/functions
+module_id() {
+        awk 'BEGIN { FS=": " } /Hardware/ { print $2 } ' </proc/cpuinfo
+}
+if [ ! -f /etc/sysconfig/irda ]; then
+    case `module_id` in
+        "HP iPAQ H2200" | "HP iPAQ HX4700" | "HTC Universal")
+            IRDA=yes
+            DEVICE=/dev/ttyS2
+            DONGLE=
+            DISCOVERY=
+            ;;
+        *)
+            IRDA=yes
+            DEVICE=/dev/ttyS1
+            DONGLE=
+            DISCOVERY=
+            ;;
+    esac
+else
+    . /etc/sysconfig/irda
+fi
+# Check that irda is up.
+[ ${IRDA} = "no" ] && exit 0
+[ -f /usr/sbin/irattach ] || exit 0
+ARGS=
+if [ $DONGLE ]; then
+        ARGS="$ARGS -d $DONGLE"
+fi
+if [ "$DISCOVERY" = "yes" ];then
+        ARGS="$ARGS -s"
+fi
+case "$1" in
+  start)
+        echo -n "Starting IrDA: $NAME"
+        start-stop-daemon --start --quiet --exec "$IRDA_DAEMON" ${DEVICE} ${ARGS} --pidfile "$IRATTACH_PID"
+        sleep 1
+        [ -f /var/run/irattach.pid ] && echo " done" || echo " fail"
+        ;;
+  stop)
+        echo "Stopping IrDA: $NAME"
+        start-stop-daemon --stop --quiet --exec "$IRDA_DAEMON" --pidfile "$IRATTACH_PID"
+        ;;
+  restart|force-reload)
+        $0 stop
+        $0 start
+        ;;
+  status)
+        status irattach
+        exit $?
+        ;;
+  *)
+        N=/etc/init.d/$NAME
+        echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
+        exit 1
+        ;;
+esac
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
new file mode 100644
index 0000000000..2cdd1ac08b
--- /dev/null
+++ b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
@@ -0,0 +1,75 @@
+Obey LDFLAGS
+Signed-off-by: Christopher Larson <chris_larson@mentor.com>
+Upstream-status: Pending
+--- irda-utils-0.9.18.orig/findchip/Makefile
+++ irda-utils-0.9.18/findchip/Makefile
+@@ -65,5 +65,5 @@ install: findchip
+ gfindchip: gfindchip.c
+        $(prn_cc)
+-       $(ECMD))$(CC) $(CFLAGS) `gtk-config --cflags`  $< -o $@ `gtk-config --libs`
+       $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `gtk-config --cflags`  $< -o $@ `gtk-config --libs`
+--- irda-utils-0.9.18.orig/irattach/Makefile
+++ irda-utils-0.9.18/irattach/Makefile
+@@ -49,13 +49,13 @@ all: $(TARGETS)
+ irattach: irattach.o util.o
+        $(prn_cc_o)
+-       $(ECMD)$(CC) $(CFLAGS) irattach.o util.o -o $@
+       $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) irattach.o util.o -o $@
+ dongle_attach: dongle_attach.o
+        $(prn_cc_o)
+-       $(ECMD)$(CC) $(CFLAGS) dongle_attach.o -o $@
+       $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) dongle_attach.o -o $@
+ install: $(TARGETS)
+--- irda-utils-0.9.18.orig/irdadump/Makefile
+++ irda-utils-0.9.18/irdadump/Makefile
+@@ -40,7 +40,7 @@ lib_irdadump.a: $(LIBIRDADUMP_OBJS)
+ irdadump: $(IRDADUMP_OBJS) $(LIBIRDADUMP_TARGET)
+        $(prn_cc_o)
+-       $(ECMD)$(CC) $(CFLAGS) `pkg-config --libs glib-2.0` -o  $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
+       $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `pkg-config --libs glib-2.0` -o  $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
+ .c.o:
+--- irda-utils-0.9.18.orig/irdaping/Makefile
+++ irda-utils-0.9.18/irdaping/Makefile
+@@ -56,7 +56,7 @@ all: $(TARGETS)
+ irdaping: $(OBJS)
+        $(prn_cc_o)
+-       $(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
+       $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
+ .c.o:
+--- irda-utils-0.9.18.orig/irnetd/Makefile
+++ irda-utils-0.9.18/irnetd/Makefile
+@@ -50,7 +50,7 @@ all: $(TARGETS)
+ irnetd: $(OBJS)
+        $(prn_cc_o)
+-       $(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
+       $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
+ install: irnetd
+--- irda-utils-0.9.18.orig/psion/Makefile
+++ irda-utils-0.9.18/psion/Makefile
+@@ -25,4 +25,4 @@ install: $(PSION_TARGETS)
+ CFLAGS += -g -I../include -Wall -Wstrict-prototypes $(RPM_OPT_FLAGS)
+ irpsion5:
+        $(prn_cc_o)
+-       $(ECMD)$(CC) $(CFLAGS) $(PSION_SRC) -o $@
+\ No newline at end of file
+       $(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(PSION_SRC) -o $@
+\ No newline at end of file
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb b/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
new file mode 100644
index 0000000000..bd60b9f1e6
--- /dev/null
+++ b/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
@@ -0,0 +1,47 @@
+SUMMARY = "Common files for IrDA"
+DESCRIPTION = "Provides common files needed to use IrDA. \
+IrDA allows communication over Infrared with other devices \
+such as phones and laptops."
+HOMEPAGE = "http://irda.sourceforge.net/"
+BUGTRACKER = "irda-users@lists.sourceforge.net"
+SECTION = "base"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://irdadump/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
+                    file://smcinit/COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
+                    file://man/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
+                    file://irdadump/irdadump.c;beginline=1;endline=24;md5=d78b9dce3cd78c2220250c9c7a2be178"
+SRC_URI = "${SOURCEFORGE_MIRROR}/irda/irda-utils-${PV}.tar.gz \
+           file://ldflags.patch \
+           file://init"
+SRC_URI[md5sum] = "84dc12aa4c3f61fccb8d8919bf4079bb"
+SRC_URI[sha256sum] = "61980551e46b2eaa9e17ad31cbc1a638074611fc33bff34163d10c7a67a9fdc6"
+inherit update-rc.d
+EXTRA_OEMAKE = "\
+    'CC=${CC}' \
+    'LD=${LD}' \
+    'CFLAGS=${CFLAGS}' \
+    'LDFLAGS=${LDFLAGS}' \
+    'SYS_INCLUDES=' \
+    'V=1' \
+"
+INITSCRIPT_NAME = "irattach"
+INITSCRIPT_PARAMS = "defaults 20"
+do_compile () {
+        oe_runmake -C irattach
+        oe_runmake -C irdaping
+}
+do_install () {
+        install -d ${D}${sbindir}
+        oe_runmake -C irattach ROOT="${D}" install
+        oe_runmake -C irdaping ROOT="${D}" install
+        install -d ${D}${sysconfdir}/init.d
+        install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME}
+}
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
new file mode 100644
index 0000000000..0b936ef092
--- /dev/null
+++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
@@ -0,0 +1,38 @@
+SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution"
+HOMEPAGE = "http://0pointer.de/lennart/projects/nss-mdns/"
+SECTION = "libs"
+LICENSE = "LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1"
+DEPENDS = "avahi"
+PR = "r7"
+SRC_URI = "http://0pointer.de/lennart/projects/nss-mdns/nss-mdns-${PV}.tar.gz"
+SRC_URI[md5sum] = "03938f17646efbb50aa70ba5f99f51d7"
+SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d8134fa6d"
+S = "${WORKDIR}/nss-mdns-${PV}"
+inherit autotools
+EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi"
+# suppress warning, but don't bother with autonamer
+LEAD_SONAME = "libnss_mdns.so"
+DEBIANNAME_${PN} = "libnss-mdns"
+RDEPENDS_${PN} = "avahi-daemon"
+pkg_postinst_${PN} () {
+        sed -e '/^hosts:/s/\s*\<mdns\>//' \
+                -e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 mdns4_minimal [NOTFOUND=return]\3\4 mdns\5/' \
+                -i $D${sysconfdir}/nsswitch.conf
+}
+pkg_prerm_${PN} () {
+        sed -e '/^hosts:/s/\s*\<mdns\>//' \
+                -e '/^hosts:/s/\s*mdns4_minimal\s\+\[NOTFOUND=return\]//' \
+                -i $D${sysconfdir}/nsswitch.conf
+}
diff --git a/meta/recipes-connectivity/libpcap/libpcap.inc b/meta/recipes-connectivity/libpcap/libpcap.inc
new file mode 100644
index 0000000000..a12eb16615
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap.inc
@@ -0,0 +1,41 @@
+SUMMARY = "Interface for user-level network packet capture"
+DESCRIPTION = "Libpcap provides a portable framework for low-level network \
+monitoring.  Libpcap can provide network statistics collection, \
+security monitoring and network debugging."
+HOMEPAGE = "http://www.tcpdump.org/"
+BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577"
+SECTION = "libs/network"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1d4b0366557951c84a94fabe3529f867 \
+                    file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
+DEPENDS = "flex-native bison-native"
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluetooth', '', d)}"
+PACKAGECONFIG[bluetooth] = "--enable-bluetooth,--disable-bluetooth,bluez4"
+PACKAGECONFIG[canusb] = "--enable-canusb,--enable-canusb=no,libusb"
+PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
+INC_PR = "r5"
+SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz"
+BINCONFIG = "${bindir}/pcap-config"
+inherit autotools binconfig-disabled
+EXTRA_OECONF = "--with-pcap=linux"
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[libnl1] = "--with-libnl,--without-libnl,libnl1,libnl1"
+PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
+CPPFLAGS_prepend = "-I${S} "
+CFLAGS_prepend = "-I${S} "
+CXXFLAGS_prepend = "-I${S} "
+do_configure_prepend () {
+    if [ ! -e ${S}/acinclude.m4 ]; then
+        cat ${S}/aclocal.m4 > ${S}/acinclude.m4
+    fi
+    sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in
+}
diff --git a/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch b/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch
new file mode 100644
index 0000000000..21519825c3
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch
@@ -0,0 +1,167 @@
+Upstream-Status: Inappropriate [configuration]
+diff -ruN libpcap-1.1.1-orig/aclocal.m4 libpcap-1.1.1/aclocal.m4
+--- libpcap-1.1.1-orig/aclocal.m4       2010-06-29 10:46:32.815117569 +0800
+++ libpcap-1.1.1/aclocal.m4    2010-06-29 10:49:17.150149949 +0800
+@@ -37,7 +37,7 @@
+ dnl AC_LBL_C_INIT.  Now, we run AC_LBL_C_INIT_BEFORE_CC, AC_PROG_CC,
+ dnl and AC_LBL_C_INIT at the top level.
+ dnl
+-AC_DEFUN(AC_LBL_C_INIT_BEFORE_CC,
+AC_DEFUN([AC_LBL_C_INIT_BEFORE_CC],
+ [
+     AC_BEFORE([$0], [AC_LBL_C_INIT])
+     AC_BEFORE([$0], [AC_PROG_CC])
+@@ -90,7 +90,7 @@
+ dnl     LDFLAGS
+ dnl     LBL_CFLAGS
+ dnl
+-AC_DEFUN(AC_LBL_C_INIT,
+AC_DEFUN([AC_LBL_C_INIT],
+ [
+     AC_BEFORE([$0], [AC_LBL_FIXINCLUDES])
+     AC_BEFORE([$0], [AC_LBL_DEVEL])
+@@ -217,7 +217,7 @@
+ dnl    V_SONAME_OPT
+ dnl    V_RPATH_OPT
+ dnl
+-AC_DEFUN(AC_LBL_SHLIBS_INIT,
+AC_DEFUN([AC_LBL_SHLIBS_INIT],
+     [AC_PREREQ(2.50)
+     if test "$GCC" = yes ; then
+            #
+@@ -361,7 +361,7 @@
+ # Make sure we use the V_CCOPT flags, because some of those might
+ # disable inlining.
+ #
+-AC_DEFUN(AC_LBL_C_INLINE,
+AC_DEFUN([AC_LBL_C_INLINE],
+     [AC_MSG_CHECKING(for inline)
+     save_CFLAGS="$CFLAGS"
+     CFLAGS="$V_CCOPT"
+@@ -407,7 +407,7 @@
+ dnl
+ dnl    AC_LBL_FIXINCLUDES
+ dnl
+-AC_DEFUN(AC_LBL_FIXINCLUDES,
+AC_DEFUN([AC_LBL_FIXINCLUDES],
+     [if test "$GCC" = yes ; then
+            AC_MSG_CHECKING(for ANSI ioctl definitions)
+            AC_CACHE_VAL(ac_cv_lbl_gcc_fixincludes,
+@@ -453,7 +453,7 @@
+ dnl    $2 (yacc appended)
+ dnl    $3 (optional flex and bison -P prefix)
+ dnl
+-AC_DEFUN(AC_LBL_LEX_AND_YACC,
+AC_DEFUN([AC_LBL_LEX_AND_YACC],
+     [AC_ARG_WITH(flex, [  --without-flex          don't use flex])
+     AC_ARG_WITH(bison, [  --without-bison         don't use bison])
+     if test "$with_flex" = no ; then
+@@ -506,7 +506,7 @@
+ dnl
+ dnl    DECLWAITSTATUS (defined)
+ dnl
+-AC_DEFUN(AC_LBL_UNION_WAIT,
+AC_DEFUN([AC_LBL_UNION_WAIT],
+     [AC_MSG_CHECKING(if union wait is used)
+     AC_CACHE_VAL(ac_cv_lbl_union_wait,
+        AC_TRY_COMPILE([
+@@ -535,7 +535,7 @@
+ dnl
+ dnl    HAVE_SOCKADDR_SA_LEN (defined)
+ dnl
+-AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN,
+AC_DEFUN([AC_LBL_SOCKADDR_SA_LEN],
+     [AC_MSG_CHECKING(if sockaddr struct has the sa_len member)
+     AC_CACHE_VAL(ac_cv_lbl_sockaddr_has_sa_len,
+        AC_TRY_COMPILE([
+@@ -560,7 +560,7 @@
+ dnl
+ dnl    HAVE_SOCKADDR_STORAGE (defined)
+ dnl
+-AC_DEFUN(AC_LBL_SOCKADDR_STORAGE,
+AC_DEFUN([AC_LBL_SOCKADDR_STORAGE],
+     [AC_MSG_CHECKING(if sockaddr_storage struct exists)
+     AC_CACHE_VAL(ac_cv_lbl_has_sockaddr_storage,
+        AC_TRY_COMPILE([
+@@ -593,7 +593,7 @@
+ dnl won't be using code that would use that member, or we wouldn't
+ dnl compile in any case).
+ dnl
+-AC_DEFUN(AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1,
+AC_DEFUN([AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1],
+     [AC_MSG_CHECKING(if dl_hp_ppa_info_t struct has dl_module_id_1 member)
+     AC_CACHE_VAL(ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1,
+        AC_TRY_COMPILE([
+@@ -619,7 +619,7 @@
+ dnl
+ dnl    ac_cv_lbl_have_run_path (yes or no)
+ dnl
+-AC_DEFUN(AC_LBL_HAVE_RUN_PATH,
+AC_DEFUN([AC_LBL_HAVE_RUN_PATH],
+     [AC_MSG_CHECKING(for ${CC-cc} -R)
+     AC_CACHE_VAL(ac_cv_lbl_have_run_path,
+        [echo 'main(){}' > conftest.c
+@@ -644,7 +644,7 @@
+ dnl
+ dnl    LBL_ALIGN (DEFINED)
+ dnl
+-AC_DEFUN(AC_LBL_UNALIGNED_ACCESS,
+AC_DEFUN([AC_LBL_UNALIGNED_ACCESS],
+     [AC_MSG_CHECKING(if unaligned accesses fail)
+     AC_CACHE_VAL(ac_cv_lbl_unaligned_fail,
+        [case "$host_cpu" in
+@@ -749,7 +749,7 @@
+ dnl    HAVE_OS_PROTO_H (defined)
+ dnl    os-proto.h (symlinked)
+ dnl
+-AC_DEFUN(AC_LBL_DEVEL,
+AC_DEFUN([AC_LBL_DEVEL],
+     [rm -f os-proto.h
+     if test "${LBL_CFLAGS+set}" = set; then
+            $1="$$1 ${LBL_CFLAGS}"
+@@ -886,7 +886,7 @@
+ dnl statically and happen to have a libresolv.a lying around (and no
+ dnl libnsl.a).
+ dnl
+-AC_DEFUN(AC_LBL_LIBRARY_NET, [
+AC_DEFUN([AC_LBL_LIBRARY_NET], [
+     # Most operating systems have gethostbyname() in the default searched
+     # libraries (i.e. libc):
+     # Some OSes (eg. Solaris) place it in libnsl
+@@ -909,7 +909,7 @@
+ dnl Test for __attribute__
+ dnl
+ 
+-AC_DEFUN(AC_C___ATTRIBUTE__, [
+AC_DEFUN([AC_C___ATTRIBUTE__], [
+ AC_MSG_CHECKING(for __attribute__)
+ AC_CACHE_VAL(ac_cv___attribute__, [
+ AC_COMPILE_IFELSE(
+@@ -947,7 +947,7 @@
+ dnl
+ dnl -Scott Barron
+ dnl
+-AC_DEFUN(AC_LBL_TPACKET_STATS,
+AC_DEFUN([AC_LBL_TPACKET_STATS],
+    [AC_MSG_CHECKING(if if_packet.h has tpacket_stats defined)
+    AC_CACHE_VAL(ac_cv_lbl_tpacket_stats,
+    AC_TRY_COMPILE([
+@@ -976,7 +976,7 @@
+ dnl doesn't have that member (which is OK, as either we won't be using
+ dnl code that would use that member, or we wouldn't compile in any case).
+ dnl
+-AC_DEFUN(AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI,
+AC_DEFUN([AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI],
+     [AC_MSG_CHECKING(if tpacket_auxdata struct has tp_vlan_tci member)
+     AC_CACHE_VAL(ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1,
+        AC_TRY_COMPILE([
+@@ -1003,7 +1003,7 @@
+ dnl 
+ dnl    HAVE_DLPI_PASSIVE (defined)
+ dnl
+-AC_DEFUN(AC_LBL_DL_PASSIVE_REQ_T,
+AC_DEFUN([AC_LBL_DL_PASSIVE_REQ_T],
+         [AC_MSG_CHECKING(if dl_passive_req_t struct exists)
+        AC_CACHE_VAL(ac_cv_lbl_has_dl_passive_req_t,
+                 AC_TRY_COMPILE([
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.6.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.6.1.bb
new file mode 100644
index 0000000000..f570ebba95
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.6.1.bb
@@ -0,0 +1,22 @@
+require libpcap.inc
+SRC_URI += "file://aclocal.patch"
+SRC_URI[md5sum] = "5eb05edf6b6c6e63d536d1c9fbfb2f7c"
+SRC_URI[sha256sum] = "116cbb3ac9e96d5dd7b39638a2f894a67fa3dcf06d794e6dae2b9a942ad13476"
+#
+# make install doesn't cover the shared lib
+# make install-shared is just broken (no symlinks)
+#
+do_configure_prepend () {
+    #remove hardcoded references to /usr/include
+    sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.in
+}
+do_install_prepend () {
+    install -d ${D}${libdir}
+    install -d ${D}${bindir}
+    oe_runmake install-shared DESTDIR=${D}
+    oe_libinstall -a -so libpcap ${D}${libdir}
+}
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
new file mode 100644
index 0000000000..31cf2bb5fc
--- /dev/null
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -0,0 +1,12 @@
+SUMMARY = "Mobile Broadband Service Provider Database"
+SECTION = "network"
+LICENSE = "PD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
+SRCREV = "d06ebd314a7cdd087d38e4966c19de42c8c55246"
+PV = "20140618+gitr${SRCPV}"
+PE = "1"
+SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info"
+S = "${WORKDIR}/git"
+inherit autotools
diff --git a/meta/recipes-connectivity/neard/neard.inc b/meta/recipes-connectivity/neard/neard.inc
new file mode 100644
index 0000000000..e714cadc2b
--- /dev/null
+++ b/meta/recipes-connectivity/neard/neard.inc
@@ -0,0 +1,59 @@
+SUMMARY = "Linux NFC daemon"
+DESCRIPTION = "A daemon for the Linux Near Field Communication stack"
+HOMEPAGE = "http://01.org/linux-nfc"
+LICENSE = "GPLv2"
+DEPENDS = "dbus glib-2.0 libnl"
+LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
+ file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
+ "
+inherit autotools-brokensep pkgconfig systemd update-rc.d
+EXTRA_OECONF += "--enable-tools"
+do_install() {
+        oe_runmake DESTDIR=${D} libexecdir=${libexecdir} install
+}
+# This would copy neard start-stop shell and test scripts
+do_install_append() {
+        if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
+                install -d ${D}${sysconfdir}/init.d/
+                sed "s:@installpath@:${libexecdir}:" ${WORKDIR}/neard.in \
+                  > ${D}${sysconfdir}/init.d/neard
+                chmod 0755 ${D}${sysconfdir}/init.d/neard
+        fi
+        if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+                install -d ${D}${systemd_unitdir}/system
+                sed "s:@installpath@:${libexecdir}:" ${WORKDIR}/neard.service.in \
+                  > ${D}${systemd_unitdir}/system/neard.service
+        fi
+        # Install the tests for neard-tests
+        install -d ${D}${libdir}/neard
+        install -m 0755 ${S}/test/* ${D}${libdir}/${BPN}/
+        install -m 0755 ${S}/tools/nfctool/nfctool ${D}${libdir}/${BPN}/
+}
+PACKAGES =+ "${PN}-tests"
+FILES_${PN}-tests = "${libdir}/${BPN}/*-test"
+FILES_${PN}-dbg += "${libdir}/${BPN}/*/.debug"
+RDEPENDS_${PN} = "dbus python python-dbus python-pygobject"
+# Bluez & Wifi are not mandatory except for handover
+RRECOMMENDS_${PN} = "\
+                     ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez4', '', d)} \
+                     ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \
+                    "
+RDEPENDS_${PN}-tests = "python python-dbus python-pygobject"
+INITSCRIPT_NAME = "neard"
+INITSCRIPT_PARAMS = "defaults 64"
+SYSTEMD_SERVICE_${PN} = "neard.service"
diff --git a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
new file mode 100644
index 0000000000..466067693d
--- /dev/null
+++ b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
@@ -0,0 +1,33 @@
+From 43acc56d5506c7e318f717fb3634bc16e3438913 Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Thu, 15 Jan 2015 18:12:07 -0800
+Subject: [PATCH] Makefile.am: fix parallel issue
+There might be no src dir if src/builtin.h runs earlier, create it to
+fix the race issue:
+src/genbuiltin nfctype1 nfctype2 nfctype3 nfctype4 p2p > src/builtin.h
+/bin/sh: src/builtin.h: No such file or directory
+Upstream-Status: Pending
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ Makefile.am |    1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/Makefile.am b/Makefile.am
+index 3241311..a43eaa2 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -164,6 +164,7 @@ MAINTAINERCLEANFILES = Makefile.in \
+ src/plugin.$(OBJEXT): src/builtin.h
+ 
+ src/builtin.h: src/genbuiltin $(builtin_sources)
+       $(AM_V_at)$(MKDIR_P) src
+        $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
+ 
+ $(src_neard_OBJECTS) \
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/neard/neard/neard.in b/meta/recipes-connectivity/neard/neard/neard.in
new file mode 100644
index 0000000000..a47d4d96c9
--- /dev/null
+++ b/meta/recipes-connectivity/neard/neard/neard.in
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# start/stop neard daemon.
+### BEGIN INIT INFO
+# Provides:          neard
+# Required-Start:    $network
+# Required-Stop:     $network
+# Default-Start:     S 2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: NFC daemon
+# Description:       neard is a daemon used to enable NFC features
+### END INIT INFO
+DAEMON=@installpath@/neard
+PIDFILE=/var/run/neard.pid
+DESC="Linux NFC daemon"
+if [ -f /etc/default/neard ] ; then
+        . /etc/default/neard
+fi
+set -e
+do_start() {
+        $DAEMON
+}
+do_stop() {
+        start-stop-daemon --stop --name neard --quiet
+}
+case "$1" in
+  start)
+        echo "Starting $DESC"
+        do_start
+        ;;
+  stop)
+        echo "Stopping $DESC"
+        do_stop
+        ;;
+  restart|force-reload)
+        echo "Restarting $DESC"
+        do_stop
+        sleep 1
+        do_start
+        ;;
+  *)
+        echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
+exit 0
diff --git a/meta/recipes-connectivity/neard/neard/neard.service.in b/meta/recipes-connectivity/neard/neard/neard.service.in
new file mode 100644
index 0000000000..a6f8a84180
--- /dev/null
+++ b/meta/recipes-connectivity/neard/neard/neard.service.in
@@ -0,0 +1,13 @@
+[Unit]
+Description=neard service
+Documentation=man:neard(8)
+After=syslog.target
+[Service]
+Type=dbus
+BusName=org.neard
+ExecStart=@installpath@/neard -n
+[Install]
+Alias=dbus-org.neard.service
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/neard/neard/parallel-build.patch b/meta/recipes-connectivity/neard/neard/parallel-build.patch
new file mode 100644
index 0000000000..56247495e5
--- /dev/null
+++ b/meta/recipes-connectivity/neard/neard/parallel-build.patch
@@ -0,0 +1,40 @@
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+From 488e898300f7a4ab9ba73307967ae9e02b7a6511 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Fri, 13 Jun 2014 17:49:45 +0100
+Subject: [PATCH] Makefile: add missing binaries to dependency on
+ local_headers
+seeld and snap_send were missing from the rule that generates the header symlink
+farm, resulting in headers not being available in highly parallel builds.
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+---
+ Makefile.am |    9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+diff --git a/Makefile.am b/Makefile.am
+index c51351f..8e58ac1 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -254,7 +254,14 @@ se/plugin.$(OBJEXT): se/builtin.h
+ se/builtin.h: src/genbuiltin $(builtin_se_sources)
+        $(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_se_modules) > $@
+ 
+-$(src_neard_OBJECTS) $(tools_nfctool_nfctool_OBJECTS) $(plugin_objects): $(local_headers)
+$(src_neard_OBJECTS) \
+$(tools_nfctool_nfctool_OBJECTS) \
+$(plugin_objects) \
+$(se_seeld_OBJECTS) \
+$(unit_test_ndef_parse_OBJECTS) \
+$(unit_test_ndef_build_OBJECTS) \
+$(unit_test_snep_read_OBJECTS) \
+$(tools_snep_send_OBJECTS): $(local_headers)
+ 
+ include/near/version.h: include/version.h
+        $(AM_V_at)$(MKDIR_P) include/near
+-- 
+1.7.10.4
diff --git a/meta/recipes-connectivity/neard/neard_0.14.bb b/meta/recipes-connectivity/neard/neard_0.14.bb
new file mode 100644
index 0000000000..2fb47cc3d7
--- /dev/null
+++ b/meta/recipes-connectivity/neard/neard_0.14.bb
@@ -0,0 +1,11 @@
+require neard.inc
+SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BPN}-${PV}.tar.xz \
+           file://parallel-build.patch \
+           file://neard.in \
+           file://neard.service.in \
+           file://Makefile.am-fix-parallel-issue.patch \
+          "
+SRC_URI[md5sum] = "692ba2653d60155255244c87396c486b"
+SRC_URI[sha256sum] = "6ea724b443d39d679168fc7776a965d1f64727c3735391df2c01469ee7cd8cca"
diff --git a/meta/recipes-connectivity/nfs-utils/files/Set_nobody_user_group.patch b/meta/recipes-connectivity/nfs-utils/files/Set_nobody_user_group.patch
new file mode 100644
index 0000000000..4633da919e
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/files/Set_nobody_user_group.patch
@@ -0,0 +1,18 @@
+Set nobody user and group
+Upstream-Status: Inappropriate [configuration]
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+--- a/idmapd.conf
+++ b/idmapd.conf
+@@ -17,8 +17,8 @@
+ 
+ [Mapping]
+ 
+-#Nobody-User = nobody
+-#Nobody-Group = nobody
+Nobody-User = nobody
+Nobody-Group = nogroup
+ 
+ [Translation]
+ 
diff --git a/meta/recipes-connectivity/nfs-utils/files/fix-ac-prereq.patch b/meta/recipes-connectivity/nfs-utils/files/fix-ac-prereq.patch
new file mode 100644
index 0000000000..d81c7c5f32
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/files/fix-ac-prereq.patch
@@ -0,0 +1,13 @@
+Upstream-Status: Inappropriate [configuration]
+--- a/configure.in
+++ b/configure.in
+@@ -1,7 +1,7 @@
+ #                                               -*- Autoconf -*-
+ # Process this file with autoconf to produce a configure script.
+ 
+-AC_PREREQ([2.68])
+AC_PREREQ([2.65])
+ AC_INIT([libnfsidmap],[0.25],[linux-nfs@vger.kernel.org])
+ AC_CONFIG_SRCDIR([nfsidmap.h])
+ AC_CONFIG_MACRO_DIR([m4])
diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb b/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb
new file mode 100644
index 0000000000..fcc9e87db5
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb
@@ -0,0 +1,24 @@
+SUMMARY = "NFS id mapping library"
+HOMEPAGE = "http://www.citi.umich.edu/projects/nfsv4/linux/"
+SECTION = "libs"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d9c6a2a0ca6017fda7cd905ed2739b37"
+SRC_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/${BPN}-${PV}.tar.gz \
+           file://fix-ac-prereq.patch \
+           file://Set_nobody_user_group.patch \
+          "
+SRC_URI[md5sum] = "2ac4893c92716add1a1447ae01df77ab"
+SRC_URI[sha256sum] = "656d245d84400e1030f8f40a5a27da76370690c4a932baf249110f047fe7efcf"
+inherit autotools
+EXTRA_OECONF = "--disable-ldap"
+do_install_append () {
+        install -d ${D}${sysconfdir}/
+        install -m 0644 ${WORKDIR}/${BPN}-${PV}/idmapd.conf ${D}${sysconfdir}/idmapd.conf
+}
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch
new file mode 100644
index 0000000000..7025fb555c
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch
@@ -0,0 +1,43 @@
+From 9b84cff305866abd150cf1a4c6e7e5ebf8a7eb3a Mon Sep 17 00:00:00 2001
+From: Martin Jansa <Martin.Jansa@gmail.com>
+Date: Fri, 15 Nov 2013 23:21:35 +0100
+Subject: [PATCH] configure: Allow to explicitly disable nfsidmap
+* keyutils availability is autodetected and builds aren't reproducible
+Upstream-Status: Pending
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ configure.ac | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+diff --git a/configure.ac b/configure.ac
+index bf433d6..28a8f62 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -69,6 +69,12 @@ AC_ARG_ENABLE(nfsv4,
+        AC_SUBST(enable_nfsv4)
+        AM_CONDITIONAL(CONFIG_NFSV4, [test "$enable_nfsv4" = "yes"])
+ 
+AC_ARG_ENABLE(nfsidmap,
+        [AC_HELP_STRING([--enable-nfsidmap],
+                        [enable support for NFSv4 idmapper @<:@default=yes@:>@])],
+        enable_nfsidmap=$enableval,
+        enable_nfsidmap=yes)
+
+ AC_ARG_ENABLE(nfsv41,
+        [AC_HELP_STRING([--enable-nfsv41],
+                         [enable support for NFSv41 @<:@default=yes@:>@])],
+@@ -296,7 +302,7 @@ fi
+ 
+ dnl enable nfsidmap when its support by libnfsidmap
+ AM_CONDITIONAL(CONFIG_NFSDCLTRACK, [test "$enable_nfsdcltrack" = "yes" ])
+-AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"])
+AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$enable_nfsidmap$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyesyes"])
+ 
+ 
+ if test "$knfsd_cv_glibc2" = no; then
+-- 
+1.8.4.3
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-fixed-the-with-statdpath-flag.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-fixed-the-with-statdpath-flag.patch
new file mode 100644
index 0000000000..2ce824cf9e
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-fixed-the-with-statdpath-flag.patch
@@ -0,0 +1,41 @@
+From 3b1457d219ceb1058d44bacc657581f13437ae40 Mon Sep 17 00:00:00 2001
+From: Steve Dickson <steved@redhat.com>
+Date: Tue, 17 Jun 2014 13:28:53 -0400
+Subject: [PATCH] statd: fixed the --with-statdpath= flag
+Create the given path set with --with-statdpath
+Signed-off-by: chendt.fnst@cn.fujitsu.com
+Reported-by: yaoxp@cn.fujitsu.com
+Signed-off-by: Steve Dickson <steved@redhat.com>
+Upstream-Status: Backport
+---
+ Makefile.am | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+diff --git a/Makefile.am b/Makefile.am
+index ae7cd16..5824adc 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -54,13 +54,13 @@ install-data-hook:
+        touch $(DESTDIR)$(statedir)/xtab; chmod 644 $(DESTDIR)$(statedir)/xtab
+        touch $(DESTDIR)$(statedir)/etab; chmod 644 $(DESTDIR)$(statedir)/etab
+        touch $(DESTDIR)$(statedir)/rmtab; chmod 644 $(DESTDIR)$(statedir)/rmtab
+-       mkdir -p $(DESTDIR)$(statedir)/sm $(DESTDIR)$(statedir)/sm.bak
+-       touch $(DESTDIR)$(statedir)/state
+-       chmod go-rwx $(DESTDIR)$(statedir)/sm $(DESTDIR)$(statedir)/sm.bak $(DESTDIR)$(statedir)/state
+-       -chown $(statduser) $(DESTDIR)$(statedir)/sm $(DESTDIR)$(statedir)/sm.bak $(DESTDIR)$(statedir)/state
+       mkdir -p $(DESTDIR)$(statdpath)/sm $(DESTDIR)$(statdpath)/sm.bak
+       touch $(DESTDIR)$(statdpath)/state
+       chmod go-rwx $(DESTDIR)$(statdpath)/sm $(DESTDIR)$(statdpath)/sm.bak $(DESTDIR)$(statdpath)/state
+       -chown $(statduser) $(DESTDIR)$(statdpath)/sm $(DESTDIR)$(statdpath)/sm.bak $(DESTDIR)$(statdpath)/state
+ 
+ uninstall-hook:
+        rm $(DESTDIR)$(statedir)/xtab
+        rm $(DESTDIR)$(statedir)/etab
+        rm $(DESTDIR)$(statedir)/rmtab
+-       rm $(DESTDIR)$(statedir)/state
+       rm $(DESTDIR)$(statdpath)/state
+-- 
+1.8.4.2
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
new file mode 100644
index 0000000000..613ddc003a
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=NFS Mount Daemon
+After=rpcbind.service nfs-server.service
+Requires=rpcbind.service nfs-server.service
+[Service]
+EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
+ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
new file mode 100644
index 0000000000..147d7a7b5f
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=NFS Server
+Requires=rpcbind.service nfs-mountd.service
+After=rpcbind.service
+[Service]
+Type=oneshot
+EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
+ExecStartPre=@SBINDIR@/exportfs -r
+ExecStart=@SBINDIR@/rpc.nfsd $NFSD_OPTS $NFSD_COUNT
+ExecStop=@SBINDIR@/rpc.nfsd 0
+ExecStopPost=@SBINDIR@/exportfs -f
+ExecReload=@SBINDIR@/exportfs -r
+StandardError=syslog
+RemainAfterExit=yes
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
new file mode 100644
index 0000000000..746dacf056
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=NFS file locking service
+After=rpcbind.service
+Requires=rpcbind.service
+Before=remote-fs-pre.target
+[Service]
+EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
+ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.0.6-uclibc.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.0.6-uclibc.patch
new file mode 100644
index 0000000000..c3442380e1
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.0.6-uclibc.patch
@@ -0,0 +1,27 @@
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Inappropriate [embedded specific]
+Index: nfs-utils-1.2.6/support/nfs/svc_socket.c
+===================================================================
+--- nfs-utils-1.2.6.orig/support/nfs/svc_socket.c       2012-05-14 07:40:52.000000000 -0700
+++ nfs-utils-1.2.6/support/nfs/svc_socket.c    2012-10-28 02:42:50.179222457 -0700
+@@ -40,8 +40,9 @@
+        char rpcdata[1024], servdata[1024];
+        struct rpcent rpcbuf, *rpcp;
+        struct servent servbuf, *servp = NULL;
+-       int ret;
+       int ret = 0;
+ 
+#ifndef __UCLIBC__     /* neither getrpcbynumber() nor getrpcbynumber_r() is SuSv3 */
+        ret = getrpcbynumber_r(number, &rpcbuf, rpcdata, sizeof rpcdata,
+                                &rpcp);
+        if (ret == 0 && rpcp != NULL) {
+@@ -60,6 +61,7 @@
+                        }
+                }
+        }
+#endif /* __UCLIBC__ */
+ 
+        if (ret == 0 && servp != NULL)
+                return ntohs(servp->s_port);
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch
new file mode 100644
index 0000000000..d8f8181670
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch
@@ -0,0 +1,36 @@
+Fixes errors like
+sm-notify[1070]: DNS resolution of a.b.c.d..com failed; retrying later
+This error will occur anytime sm-notify is run before the network if fully up,
+which is happening more and more with parallel startup systems.
+The res_init() call is simple, safe, quick, and a patch to use it should be
+able to go upstream.  Presumably the whole reason sm-notify tries several
+times is to wait for possible changes to the network configuration, but without
+calling res_init() it will never be aware of those changes
+Backported drom Fedora
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+diff -up nfs-utils-1.2.3/utils/statd/sm-notify.c.orig nfs-utils-1.2.3/utils/statd/sm-notify.c
+--- nfs-utils-1.2.3/utils/statd/sm-notify.c.orig        2010-09-28 08:24:16.000000000 -0400
+++ nfs-utils-1.2.3/utils/statd/sm-notify.c     2010-10-15 16:44:43.487119601 -0400
+@@ -28,6 +28,9 @@
+ #include <netdb.h>
+ #include <errno.h>
+ #include <grp.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+ 
+ #include "sockaddr.h"
+ #include "xlog.h"
+@@ -84,6 +87,7 @@ smn_lookup(const char *name)
+        };
+        int error;
+ 
+       res_init();
+        error = getaddrinfo(name, NULL, &hint, &ai);
+        if (error != 0) {
+                xlog(D_GENERAL, "getaddrinfo(3): %s", gai_strerror(error));
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
new file mode 100644
index 0000000000..993f1e5ea5
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
@@ -0,0 +1,42 @@
+nfs-utils: Do not pass CFLAGS to gcc while building
+Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has
+been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD).
+Upstream-Status: Pending
+Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
+---
+ tools/locktest/Makefile.am |    2 ++
+ tools/rpcgen/Makefile.am   |    2 ++
+ 2 files changed, 4 insertions(+)
+diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
+index 3156815..1729fd1 100644
+--- a/tools/locktest/Makefile.am
+++ b/tools/locktest/Makefile.am
+@@ -1,6 +1,8 @@
+ ## Process this file with automake to produce Makefile.in
+ 
+ CC=$(CC_FOR_BUILD)
+CFLAGS=
+LDFLAGS=
+ LIBTOOL = @LIBTOOL@ --tag=CC
+ 
+ noinst_PROGRAMS = testlk
+diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am
+index 8a9ec89..8bacdaa 100644
+--- a/tools/rpcgen/Makefile.am
+++ b/tools/rpcgen/Makefile.am
+@@ -1,6 +1,8 @@
+ ## Process this file with automake to produce Makefile.in
+ 
+ CC=$(CC_FOR_BUILD)
+CFLAGS=
+LDFLAGS=
+ LIBTOOL = @LIBTOOL@ --tag=CC
+ 
+ noinst_PROGRAMS = rpcgen
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils.conf b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils.conf
new file mode 100644
index 0000000000..a1007a7fbf
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils.conf
@@ -0,0 +1,35 @@
+# Parameters to be passed to nfs-utils (clients & server) service files.
+#
+# Options to pass to rpc.nfsd.
+NFSD_OPTS=""
+# Number of servers to start up; the default is 8 servers.
+NFSD_COUNT=""
+# Where to mount nfsd filesystem; the default is "/proc/fs/nfsd".
+PROCNFSD_MOUNTPOINT=""
+# Options used to mount nfsd filesystem; the default is "rw,nodev,noexec,nosuid".
+PROCNFSD_MOUNTOPTS=""
+# Options for rpc.mountd.
+# If you have a port-based firewall, you might want to set up
+# a fixed port here using the --port option.
+MOUNTD_OPTS=""
+# Parameters to be passed to nfs-common (nfs clients & server) init script.
+#
+# If you do not set values for the NEED_ options, they will be attempted
+# autodetected; this should be sufficient for most people. Valid alternatives
+# for the NEED_ options are "yes" and "no".
+# Do you want to start the statd daemon? It is not needed for NFSv4.
+NEED_STATD=""
+# Options to pass to rpc.statd.
+# N.B. statd normally runs on both client and server, and run-time
+# options should be specified accordingly.
+# STATD_OPTS="-p 32765 -o 32766"
+STATD_OPTS=""
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon
new file mode 100644
index 0000000000..992267d5a1
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfscommon
@@ -0,0 +1,63 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          nfs-common
+# Required-Start:    $portmap hwclock
+# Required-Stop:     $portmap hwclock
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: NFS support for both client and server
+# Description:       NFS is a popular protocol for file sharing across
+#                    TCP/IP networks. This service provides various
+#                    support functions for NFS mounts.
+### END INIT INFO
+#
+# Startup script for nfs-utils
+#
+#
+# Location of executables:
+# Source function library.
+. /etc/init.d/functions
+test -x "$NFS_STATD" || NFS_STATD=/usr/sbin/rpc.statd
+test -z "$STATD_PID" && STATD_PID=/var/run/rpc.statd.pid
+#
+# The default state directory is /var/lib/nfs
+test -n "$NFS_STATEDIR" || NFS_STATEDIR=/var/lib/nfs
+#
+#----------------------------------------------------------------------
+# Startup and shutdown functions.
+#  Actual startup/shutdown is at the end of this file.
+start_statd(){
+        echo -n "starting statd: "
+        start-stop-daemon --start --exec "$NFS_STATD" --pidfile "$STATD_PID"
+        echo done
+}
+stop_statd(){
+        echo -n 'stopping statd: '
+        start-stop-daemon --stop --quiet --signal 1 --pidfile "$STATD_PID"
+        echo done
+}
+#----------------------------------------------------------------------
+#
+# supported options:
+#  start
+#  stop
+#  restart: stops and starts mountd
+#FIXME: need to create the /var/lib/nfs/... directories
+case "$1" in
+  start)
+        start_statd;;
+  stop)
+        stop_statd;;
+  status)
+        status $NFS_STATD
+        exit $?;;
+  restart)
+        $0 stop
+        $0 start;;
+  *)
+        echo "Usage: $0 {start|stop|status|restart}"
+        exit 1;;
+esac
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
new file mode 100644
index 0000000000..6e0df7e2ea
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
@@ -0,0 +1,129 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          nfs-kernel-server
+# Required-Start:    $remote_fs nfs-common $portmap hwclock
+# Required-Stop:     $remote_fs nfs-common $portmap hwclock
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Kernel NFS server support
+# Description:       NFS is a popular protocol for file sharing across
+#                    TCP/IP networks. This service provides NFS server
+#                    functionality, which is configured via the
+#                    /etc/exports file.
+### END INIT INFO
+#
+# Startup script for nfs-utils
+#
+# Source function library.
+. /etc/init.d/functions
+#
+# The environment variable NFS_SERVERS may be set in /etc/default/nfsd
+# Other control variables may be overridden here too
+test -r /etc/default/nfsd && . /etc/default/nfsd
+#
+# Location of executables:
+test -x "$NFS_MOUNTD" || NFS_MOUNTD=/usr/sbin/rpc.mountd
+test -x "$NFS_NFSD" || NFS_NFSD=/usr/sbin/rpc.nfsd
+#
+# The user mode program must also exist (it just starts the kernel
+# threads using the kernel module code).
+test -x "$NFS_MOUNTD" || exit 0
+test -x "$NFS_NFSD" || exit 0
+#
+# Default is 8 threads, value is settable between 1 and the truely
+# ridiculous 99
+test "$NFS_SERVERS" != "" && test "$NFS_SERVERS" -gt 0 && test "$NFS_SERVERS" -lt 100 || NFS_SERVERS=8
+#
+#----------------------------------------------------------------------
+# Startup and shutdown functions.
+#  Actual startup/shutdown is at the end of this file.
+#mountd
+start_mountd(){
+        echo -n 'starting mountd: '
+        start-stop-daemon --start --exec "$NFS_MOUNTD" -- "-f /etc/exports $@"
+        echo done
+}
+stop_mountd(){
+        echo -n 'stopping mountd: '
+        start-stop-daemon --stop --quiet --exec "$NFS_MOUNTD"
+        echo done
+}
+#
+#nfsd
+start_nfsd(){
+        modprobe -q nfsd
+        grep -q nfsd /proc/filesystems || {
+                echo NFS daemon support not enabled in kernel
+                exit 1
+        }
+        grep -q nfsd /proc/mounts || mount -t nfsd nfsd /proc/fs/nfsd
+        grep -q nfsd /proc/mounts || {
+                echo nfsd filesystem could not be mounted at /proc/fs/nfsd
+                exit 1
+        }
+        echo -n "starting $1 nfsd kernel threads: "
+        start-stop-daemon --start --exec "$NFS_NFSD" -- "$@"
+        echo done
+}
+delay_nfsd(){
+        for delay in 0 1 2 3 4 5 6 7 8 9 
+        do
+                if pidof nfsd >/dev/null
+                then
+                        echo -n .
+                        sleep 1
+                else
+                        return 0
+                fi
+        done
+        return 1
+}
+stop_nfsd(){
+        # WARNING: this kills any process with the executable
+        # name 'nfsd'.
+        echo -n 'stopping nfsd: '
+        start-stop-daemon --stop --quiet --signal 1 --name nfsd
+        if delay_nfsd || {
+                echo failed
+                echo ' using signal 9: '
+                start-stop-daemon --stop --quiet --signal 9 --name nfsd
+                delay_nfsd
+        }
+        then
+                echo done
+        else
+                echo failed
+        fi
+}
+#----------------------------------------------------------------------
+#
+# supported options:
+#  start
+#  stop
+#  reload: reloads the exports file
+#  restart: stops and starts mountd
+#FIXME: need to create the /var/lib/nfs/... directories
+case "$1" in
+  start)
+        start_nfsd "$NFS_SERVERS"
+        start_mountd
+        test -r /etc/exports && exportfs -a;;
+  stop) exportfs -ua
+        stop_mountd
+        stop_nfsd;;
+  status)
+        status /usr/sbin/rpc.mountd
+        RETVAL=$?
+        status nfsd
+        rval=$?
+        [ $RETVAL -eq 0 ] && exit $rval
+        exit $RETVAL;;
+  reload)       test -r /etc/exports && exportfs -r;;
+  restart)
+        $0 stop
+        $0 start;;
+  *)    echo "Usage: $0 {start|stop|status|reload|restart}"
+        exit 1;;
+esac
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.0.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.0.bb
new file mode 100644
index 0000000000..6e6d09bf42
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.0.bb
@@ -0,0 +1,116 @@
+SUMMARY = "userspace utilities for kernel nfs"
+DESCRIPTION = "The nfs-utils package provides a daemon for the kernel \
+NFS server and related tools."
+HOMEPAGE = "http://nfs.sourceforge.net/"
+SECTION = "console/network"
+LICENSE = "MIT & GPLv2+ & BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84"
+# util-linux for libblkid
+DEPENDS = "libcap libnfsidmap libevent util-linux sqlite3"
+RDEPENDS_${PN}-client = "rpcbind bash"
+RDEPENDS_${PN} = "${PN}-client bash"
+RRECOMMENDS_${PN} = "kernel-module-nfsd"
+inherit useradd
+USERADD_PACKAGES = "${PN}-client"
+USERADD_PARAM_${PN}-client = "--system  --home-dir /var/lib/nfs \
+                              --shell /bin/false --user-group rpcuser"
+SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \
+           file://0001-configure-Allow-to-explicitly-disable-nfsidmap.patch \
+           file://nfs-utils-1.0.6-uclibc.patch \
+           file://nfs-utils-1.2.3-sm-notify-res_init.patch \
+           file://nfsserver \
+           file://nfscommon \
+           file://nfs-utils.conf \
+           file://nfs-server.service \
+           file://nfs-mountd.service \
+           file://nfs-statd.service \
+           file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \
+           file://0001-statd-fixed-the-with-statdpath-flag.patch \
+"
+SRC_URI[md5sum] = "6e93a7997ca3a1eac56bf219adab72a8"
+SRC_URI[sha256sum] = "ab8384d0e487ed6a18c5380d5df28015f7dd98680bf08f3247c97d9f7d99e56f"
+PARALLEL_MAKE = ""
+# Only kernel-module-nfsd is required here (but can be built-in)  - the nfsd module will
+# pull in the remainder of the dependencies.
+INITSCRIPT_PACKAGES = "${PN} ${PN}-client"
+INITSCRIPT_NAME = "nfsserver"
+INITSCRIPT_PARAMS = "defaults"
+INITSCRIPT_NAME_${PN}-client = "nfscommon"
+INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21"
+inherit autotools-brokensep update-rc.d systemd pkgconfig
+SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service"
+SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+# --enable-uuid is need for cross-compiling
+EXTRA_OECONF = "--with-statduser=rpcuser \
+                --enable-mountconfig \
+                --enable-libmount-mount \
+                --disable-nfsv41 \
+                --enable-uuid \
+                --disable-gss \
+                --disable-tirpc \
+                --disable-nfsdcltrack \
+                --with-statdpath=/var/lib/nfs/statd \
+               "
+PACKAGECONFIG ??= "tcp-wrappers"
+PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers"
+PACKAGECONFIG[nfsidmap] = "--enable-nfsidmap,--disable-nfsidmap,keyutils"
+INHIBIT_AUTO_STAGE = "1"
+PACKAGES =+ "${PN}-client ${PN}-stats"
+FILES_${PN}-client = "${base_sbindir}/*mount.nfs* ${sbindir}/*statd \
+                      ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \
+                      ${sbindir}/showmount ${sbindir}/nfsstat \
+                      ${localstatedir}/lib/nfs \
+                      ${sysconfdir}/nfs-utils.conf \
+                      ${sysconfdir}/init.d/nfscommon \
+                      ${systemd_unitdir}/system/nfs-statd.service"
+FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat"
+RDEPENDS_${PN}-stats = "python"
+# Make clean needed because the package comes with
+# precompiled 64-bit objects that break the build
+do_compile_prepend() {
+        make clean
+}
+do_install_append () {
+        install -d ${D}${sysconfdir}/init.d
+        install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver
+        install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon
+        install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir}
+        install -d ${D}${systemd_unitdir}/system
+        install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/
+        install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/
+        install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/
+        sed -i -e 's,@SBINDIR@,${sbindir},g' \
+                -e 's,@SYSCONFDIR@,${sysconfdir},g' \
+                ${D}${systemd_unitdir}/system/*.service
+        # kernel code as of 3.8 hard-codes this path as a default
+        install -d ${D}/var/lib/nfs/v4recovery
+        # chown the directories and files
+        chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd
+        chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state
+        # the following are built by CC_FOR_BUILD
+        rm -f ${D}${sbindir}/rpcdebug
+        rm -f ${D}${sbindir}/rpcgen
+        rm -f ${D}${sbindir}/locktest
+}
diff --git a/meta/recipes-connectivity/ofono/ofono.inc b/meta/recipes-connectivity/ofono/ofono.inc
new file mode 100644
index 0000000000..9f65f4f144
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono.inc
@@ -0,0 +1,33 @@
+HOMEPAGE = "http://www.ofono.org"
+SUMMARY  = "open source telephony"
+DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands."
+LICENSE  = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
+                    file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee"
+inherit autotools pkgconfig update-rc.d systemd
+DEPENDS  = "dbus glib-2.0 udev mobile-broadband-provider-info ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth','bluez4', '', d)}"
+INITSCRIPT_NAME = "ofono"
+INITSCRIPT_PARAMS = "defaults 22"
+EXTRA_OECONF += "\
+    ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdunitdir=${systemd_unitdir}/system/', '--with-systemdunitdir=', d)} \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth','--enable-bluetooth', '--disable-bluetooth', d)} \
+    --enable-test \
+"
+SYSTEMD_SERVICE_${PN} = "ofono.service"
+do_install_append() {
+  install -d ${D}${sysconfdir}/init.d/
+  install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
+}
+PACKAGES =+ "${PN}-tests"
+RDEPENDS_${PN} += "dbus"
+FILES_${PN} += "${base_libdir}/udev ${systemd_unitdir}"
+FILES_${PN}-tests = "${libdir}/${BPN}/test"
+RDEPENDS_${PN}-tests = "python python-pygobject python-dbus"
diff --git a/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch b/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch
new file mode 100644
index 0000000000..5f8ca77101
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch
@@ -0,0 +1,1270 @@
+Upstream-Status: Inappropriate [configuration]
+From 572fc23f6efd65a2ef9e6c957b2506108738672b Mon Sep 17 00:00:00 2001
+From: Cristian Iorga <cristian.iorga@intel.com>
+Date: Mon, 25 Aug 2014 16:59:39 +0300
+Subject: [PATCH] Revert "test: Convert to Python 3"
+This reverts commit c027ab9fbc1a8e8c9e76bcd123df1ad7696307c2.
+---
+ test/activate-context          |  2 +-
+ test/answer-calls              |  2 +-
+ test/backtrace                 |  2 +-
+ test/cancel-ussd               |  2 +-
+ test/cdma-connman-disable      |  2 +-
+ test/cdma-connman-enable       |  2 +-
+ test/cdma-dial-number          |  2 +-
+ test/cdma-hangup               |  2 +-
+ test/cdma-list-call            |  2 +-
+ test/cdma-set-credentials      |  2 +-
+ test/change-pin                |  2 +-
+ test/create-internet-context   |  2 +-
+ test/create-mms-context        |  2 +-
+ test/create-multiparty         |  2 +-
+ test/deactivate-all            |  2 +-
+ test/deactivate-context        |  2 +-
+ test/dial-number               |  2 +-
+ test/disable-call-forwarding   |  2 +-
+ test/disable-gprs              |  2 +-
+ test/disable-modem             |  2 +-
+ test/display-icon              |  2 +-
+ test/enable-cbs                |  2 +-
+ test/enable-gprs               |  2 +-
+ test/enable-modem              |  2 +-
+ test/enter-pin                 |  2 +-
+ test/get-icon                  |  2 +-
+ test/get-operators             |  2 +-
+ test/get-tech-preference       |  2 +-
+ test/hangup-active             |  2 +-
+ test/hangup-all                |  2 +-
+ test/hangup-call               |  2 +-
+ test/hangup-multiparty         |  2 +-
+ test/hold-and-answer           |  2 +-
+ test/initiate-ussd             |  4 ++--
+ test/list-calls                |  2 +-
+ test/list-contexts             |  2 +-
+ test/list-messages             |  2 +-
+ test/list-modems               |  2 +-
+ test/list-operators            |  2 +-
+ test/lock-pin                  |  2 +-
+ test/lockdown-modem            |  2 +-
+ test/monitor-ofono             |  4 ++--
+ test/offline-modem             |  2 +-
+ test/online-modem              |  2 +-
+ test/private-chat              |  2 +-
+ test/process-context-settings  |  2 +-
+ test/receive-sms               |  2 +-
+ test/reject-calls              |  2 +-
+ test/release-and-answer        |  2 +-
+ test/release-and-swap          |  2 +-
+ test/remove-contexts           |  2 +-
+ test/reset-pin                 |  2 +-
+ test/scan-for-operators        |  2 +-
+ test/send-sms                  |  2 +-
+ test/send-ussd                 |  4 ++--
+ test/send-vcal                 |  2 +-
+ test/send-vcard                |  2 +-
+ test/set-call-forwarding       |  2 +-
+ test/set-cbs-topics            |  2 +-
+ test/set-context-property      |  2 +-
+ test/set-fast-dormancy         |  2 +-
+ test/set-gsm-band              |  2 +-
+ test/set-mic-volume            |  2 +-
+ test/set-mms-details           |  2 +-
+ test/set-msisdn                |  2 +-
+ test/set-roaming-allowed       |  2 +-
+ test/set-speaker-volume        |  2 +-
+ test/set-tech-preference       |  2 +-
+ test/set-tty                   |  2 +-
+ test/set-umts-band             |  2 +-
+ test/set-use-sms-reports       |  2 +-
+ test/swap-calls                |  2 +-
+ test/test-advice-of-charge     |  2 +-
+ test/test-call-barring         |  2 +-
+ test/test-call-forwarding      |  2 +-
+ test/test-call-settings        |  2 +-
+ test/test-cbs                  |  4 ++--
+ test/test-gnss                 |  4 ++--
+ test/test-message-waiting      |  2 +-
+ test/test-modem                |  2 +-
+ test/test-network-registration |  2 +-
+ test/test-phonebook            |  2 +-
+ test/test-push-notification    |  2 +-
+ test/test-smart-messaging      |  2 +-
+ test/test-sms                  | 18 +++++++++---------
+ test/test-ss                   |  2 +-
+ test/test-ss-control-cb        |  2 +-
+ test/test-ss-control-cf        |  2 +-
+ test/test-ss-control-cs        |  2 +-
+ test/test-stk-menu             | 34 +++++++++++++++++-----------------
+ test/unlock-pin                |  2 +-
+ 94 files changed, 124 insertions(+), 124 deletions(-)
+diff --git a/test/activate-context b/test/activate-context
+index e4fc702..4241396 100755
+--- a/test/activate-context
+++ b/test/activate-context
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/answer-calls b/test/answer-calls
+index daa794b..45ff08f 100755
+--- a/test/answer-calls
+++ b/test/answer-calls
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ 
+diff --git a/test/backtrace b/test/backtrace
+index 03c7632..c624709 100755
+--- a/test/backtrace
+++ b/test/backtrace
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import os
+ import re
+diff --git a/test/cancel-ussd b/test/cancel-ussd
+index e7559ba..1797f26 100755
+--- a/test/cancel-ussd
+++ b/test/cancel-ussd
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/cdma-connman-disable b/test/cdma-connman-disable
+index 3adc14d..0ddc0cd 100755
+--- a/test/cdma-connman-disable
+++ b/test/cdma-connman-disable
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/cdma-connman-enable b/test/cdma-connman-enable
+index ac16a2d..a3cca01 100755
+--- a/test/cdma-connman-enable
+++ b/test/cdma-connman-enable
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/cdma-dial-number b/test/cdma-dial-number
+index 683431e..9cdfb24 100755
+--- a/test/cdma-dial-number
+++ b/test/cdma-dial-number
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/cdma-hangup b/test/cdma-hangup
+index 41ffa60..493ece4 100755
+--- a/test/cdma-hangup
+++ b/test/cdma-hangup
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/cdma-list-call b/test/cdma-list-call
+index b132353..5d36a69 100755
+--- a/test/cdma-list-call
+++ b/test/cdma-list-call
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ 
+diff --git a/test/cdma-set-credentials b/test/cdma-set-credentials
+index a60c86e..a286b0e 100755
+--- a/test/cdma-set-credentials
+++ b/test/cdma-set-credentials
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/change-pin b/test/change-pin
+index 301c6ce..000ce53 100755
+--- a/test/change-pin
+++ b/test/change-pin
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/create-internet-context b/test/create-internet-context
+index 1089053..efd0998 100755
+--- a/test/create-internet-context
+++ b/test/create-internet-context
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/create-mms-context b/test/create-mms-context
+index 598336f..e5be08d 100755
+--- a/test/create-mms-context
+++ b/test/create-mms-context
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/create-multiparty b/test/create-multiparty
+index 1b76010..97047c3 100755
+--- a/test/create-multiparty
+++ b/test/create-multiparty
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/deactivate-all b/test/deactivate-all
+index 5aa8587..427009e 100755
+--- a/test/deactivate-all
+++ b/test/deactivate-all
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/deactivate-context b/test/deactivate-context
+index 5c86a71..df47d2e 100755
+--- a/test/deactivate-context
+++ b/test/deactivate-context
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/dial-number b/test/dial-number
+index fe5adad..ee674d9 100755
+--- a/test/dial-number
+++ b/test/dial-number
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/disable-call-forwarding b/test/disable-call-forwarding
+index 811e4fa..3609816 100755
+--- a/test/disable-call-forwarding
+++ b/test/disable-call-forwarding
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ from gi.repository import GLib
+diff --git a/test/disable-gprs b/test/disable-gprs
+index 61ce216..c6c40a5 100755
+--- a/test/disable-gprs
+++ b/test/disable-gprs
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/disable-modem b/test/disable-modem
+index 6fba857..ca8c8d8 100755
+--- a/test/disable-modem
+++ b/test/disable-modem
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/display-icon b/test/display-icon
+index ac40818..753d14d 100755
+--- a/test/display-icon
+++ b/test/display-icon
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/enable-cbs b/test/enable-cbs
+index 4a8bf66..c08bf2b 100755
+--- a/test/enable-cbs
+++ b/test/enable-cbs
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/enable-gprs b/test/enable-gprs
+index 68d5ef0..8664891 100755
+--- a/test/enable-gprs
+++ b/test/enable-gprs
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/enable-modem b/test/enable-modem
+index fc5958a..dfaaaa8 100755
+--- a/test/enable-modem
+++ b/test/enable-modem
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/enter-pin b/test/enter-pin
+index 9556363..c6ee669 100755
+--- a/test/enter-pin
+++ b/test/enter-pin
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/get-icon b/test/get-icon
+index 5569a33..fdaaee7 100755
+--- a/test/get-icon
+++ b/test/get-icon
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/get-operators b/test/get-operators
+index 0f35c80..62354c5 100755
+--- a/test/get-operators
+++ b/test/get-operators
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/get-tech-preference b/test/get-tech-preference
+index 7ba6365..77d20d0 100755
+--- a/test/get-tech-preference
+++ b/test/get-tech-preference
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus, sys
+ 
+diff --git a/test/hangup-active b/test/hangup-active
+index 82e0eb0..5af62ab 100755
+--- a/test/hangup-active
+++ b/test/hangup-active
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/hangup-all b/test/hangup-all
+index 3a0138d..32933db 100755
+--- a/test/hangup-all
+++ b/test/hangup-all
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/hangup-call b/test/hangup-call
+index 5a2de20..447020c 100755
+--- a/test/hangup-call
+++ b/test/hangup-call
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/hangup-multiparty b/test/hangup-multiparty
+index 24751c3..48fe342 100755
+--- a/test/hangup-multiparty
+++ b/test/hangup-multiparty
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/hold-and-answer b/test/hold-and-answer
+index da3be57..2c47e27 100755
+--- a/test/hold-and-answer
+++ b/test/hold-and-answer
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/initiate-ussd b/test/initiate-ussd
+index faf50d0..d7022f1 100755
+--- a/test/initiate-ussd
+++ b/test/initiate-ussd
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+@@ -45,7 +45,7 @@ if state == "idle":
+ print("State: %s" % (state))
+ 
+ while state == "user-response":
+-       response = input("Enter response: ")
+       response = raw_input("Enter response: ")
+ 
+        result = ussd.Respond(response, timeout=100)
+ 
+diff --git a/test/list-calls b/test/list-calls
+index f3ee991..08668c6 100755
+--- a/test/list-calls
+++ b/test/list-calls
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ 
+diff --git a/test/list-contexts b/test/list-contexts
+index 78278ca..f0d4094 100755
+--- a/test/list-contexts
+++ b/test/list-contexts
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ 
+diff --git a/test/list-messages b/test/list-messages
+index 9f5bce3..cfccbea 100755
+--- a/test/list-messages
+++ b/test/list-messages
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ 
+diff --git a/test/list-modems b/test/list-modems
+index b9f510a..ed66124 100755
+--- a/test/list-modems
+++ b/test/list-modems
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ 
+diff --git a/test/list-operators b/test/list-operators
+index 064c4e3..349bf41 100755
+--- a/test/list-operators
+++ b/test/list-operators
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/lock-pin b/test/lock-pin
+index 96ea9c2..5579735 100755
+--- a/test/lock-pin
+++ b/test/lock-pin
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/lockdown-modem b/test/lockdown-modem
+index 4e04205..781abb6 100755
+--- a/test/lockdown-modem
+++ b/test/lockdown-modem
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/monitor-ofono b/test/monitor-ofono
+index 8830757..bd31617 100755
+--- a/test/monitor-ofono
+++ b/test/monitor-ofono
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ 
+@@ -6,7 +6,7 @@ import dbus
+ import dbus.mainloop.glib
+ 
+ _dbus2py = {
+-       dbus.String : str,
+       dbus.String : unicode,
+        dbus.UInt32 : int,
+        dbus.Int32 : int,
+        dbus.Int16 : int,
+diff --git a/test/offline-modem b/test/offline-modem
+index e8c043a..ea1f522 100755
+--- a/test/offline-modem
+++ b/test/offline-modem
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus, sys
+ 
+diff --git a/test/online-modem b/test/online-modem
+index 029c4a5..310ed7d 100755
+--- a/test/online-modem
+++ b/test/online-modem
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus, sys
+ 
+diff --git a/test/private-chat b/test/private-chat
+index e7e5406..ef2ef6c 100755
+--- a/test/private-chat
+++ b/test/private-chat
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/process-context-settings b/test/process-context-settings
+index 8a3ecfa..0f058b2 100755
+--- a/test/process-context-settings
+++ b/test/process-context-settings
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import os
+ import dbus
+diff --git a/test/receive-sms b/test/receive-sms
+index a0c6915..c23eb14 100755
+--- a/test/receive-sms
+++ b/test/receive-sms
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ 
+diff --git a/test/reject-calls b/test/reject-calls
+index 71b243e..9edf1ff 100755
+--- a/test/reject-calls
+++ b/test/reject-calls
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ 
+diff --git a/test/release-and-answer b/test/release-and-answer
+index dec8e17..25fd818 100755
+--- a/test/release-and-answer
+++ b/test/release-and-answer
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/release-and-swap b/test/release-and-swap
+index cb8c84e..7b3569f 100755
+--- a/test/release-and-swap
+++ b/test/release-and-swap
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/remove-contexts b/test/remove-contexts
+index b54184e..c5082cb 100755
+--- a/test/remove-contexts
+++ b/test/remove-contexts
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ 
+diff --git a/test/reset-pin b/test/reset-pin
+index 3fbd126..b429254 100755
+--- a/test/reset-pin
+++ b/test/reset-pin
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/scan-for-operators b/test/scan-for-operators
+index b4fc05e..749c710 100755
+--- a/test/scan-for-operators
+++ b/test/scan-for-operators
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/send-sms b/test/send-sms
+index 98808aa..e06444d 100755
+--- a/test/send-sms
+++ b/test/send-sms
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/send-ussd b/test/send-ussd
+index a20e098..e585883 100755
+--- a/test/send-ussd
+++ b/test/send-ussd
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+@@ -46,7 +46,7 @@ if state == "idle":
+ print("State: %s" % (state))
+ 
+ while state == "user-response":
+-       response = input("Enter response: ")
+       response = raw_input("Enter response: ")
+ 
+        print(ussd.Respond(response, timeout=100))
+ 
+diff --git a/test/send-vcal b/test/send-vcal
+index 566daef..7f8272b 100755
+--- a/test/send-vcal
+++ b/test/send-vcal
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/send-vcard b/test/send-vcard
+index 4dedf51..250b36f 100755
+--- a/test/send-vcard
+++ b/test/send-vcard
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/set-call-forwarding b/test/set-call-forwarding
+index 49d1ce0..9fd358b 100755
+--- a/test/set-call-forwarding
+++ b/test/set-call-forwarding
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ from gi.repository import GLib
+diff --git a/test/set-cbs-topics b/test/set-cbs-topics
+index db95e16..78d6d44 100755
+--- a/test/set-cbs-topics
+++ b/test/set-cbs-topics
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/set-context-property b/test/set-context-property
+index 5ff7a67..64a6fb8 100755
+--- a/test/set-context-property
+++ b/test/set-context-property
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/set-fast-dormancy b/test/set-fast-dormancy
+index ef77bcd..7bf7715 100755
+--- a/test/set-fast-dormancy
+++ b/test/set-fast-dormancy
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/set-gsm-band b/test/set-gsm-band
+index b37bcb5..3c17c10 100755
+--- a/test/set-gsm-band
+++ b/test/set-gsm-band
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/set-mic-volume b/test/set-mic-volume
+index cd6c73f..e0bff49 100755
+--- a/test/set-mic-volume
+++ b/test/set-mic-volume
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/set-mms-details b/test/set-mms-details
+index 6ee59fa..d2d0838 100755
+--- a/test/set-mms-details
+++ b/test/set-mms-details
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/set-msisdn b/test/set-msisdn
+index b5fe819..01f284d 100755
+--- a/test/set-msisdn
+++ b/test/set-msisdn
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/set-roaming-allowed b/test/set-roaming-allowed
+index 698c8b6..9e3e058 100755
+--- a/test/set-roaming-allowed
+++ b/test/set-roaming-allowed
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/set-speaker-volume b/test/set-speaker-volume
+index 6d4e301..7962f39 100755
+--- a/test/set-speaker-volume
+++ b/test/set-speaker-volume
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/set-tech-preference b/test/set-tech-preference
+index b549abc..2666cbd 100755
+--- a/test/set-tech-preference
+++ b/test/set-tech-preference
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/set-tty b/test/set-tty
+index eed1fba..53d6b99 100755
+--- a/test/set-tty
+++ b/test/set-tty
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/set-umts-band b/test/set-umts-band
+index 0bae5c4..c1e6448 100755
+--- a/test/set-umts-band
+++ b/test/set-umts-band
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/set-use-sms-reports b/test/set-use-sms-reports
+index 288d4e1..a4efe4f 100755
+--- a/test/set-use-sms-reports
+++ b/test/set-use-sms-reports
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+diff --git a/test/swap-calls b/test/swap-calls
+index 018a8d3..eeb257b 100755
+--- a/test/swap-calls
+++ b/test/swap-calls
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/test-advice-of-charge b/test/test-advice-of-charge
+index 6e87e61..0f1f57f 100755
+--- a/test/test-advice-of-charge
+++ b/test/test-advice-of-charge
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ import sys
+diff --git a/test/test-call-barring b/test/test-call-barring
+index eedb69f..be4ab57 100755
+--- a/test/test-call-barring
+++ b/test/test-call-barring
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ import sys
+diff --git a/test/test-call-forwarding b/test/test-call-forwarding
+index 5db84d7..01a7294 100755
+--- a/test/test-call-forwarding
+++ b/test/test-call-forwarding
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ 
+diff --git a/test/test-call-settings b/test/test-call-settings
+index 435594c..5d7ee49 100755
+--- a/test/test-call-settings
+++ b/test/test-call-settings
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ 
+diff --git a/test/test-cbs b/test/test-cbs
+index a5cec06..13cdd80 100755
+--- a/test/test-cbs
+++ b/test/test-cbs
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import dbus.mainloop.glib
+@@ -78,7 +78,7 @@ def set_topics(cbs):
+        invalidData = False;
+        index = 0
+ 
+-       topics = input('Enter the topic ID(s) you want to register to: ')
+       topics = raw_input('Enter the topic ID(s) you want to register to: ')
+ 
+        while index < len(topics):
+                if topics[index] == ',' or topics[index] == '-':
+diff --git a/test/test-gnss b/test/test-gnss
+index 6ae64db..aa0b160 100755
+--- a/test/test-gnss
+++ b/test/test-gnss
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ import sys
+@@ -40,7 +40,7 @@ def print_menu():
+ def stdin_handler(channel, condition, gnss, path):
+        in_key = os.read(channel.unix_get_fd(), 160).rstrip().decode('UTF-8')
+        if in_key == '0':
+-               xml = input('type the element and press enter: ')
+               xml = raw_input('type the element and press enter: ')
+                try:
+                        gnss.SendPositioningElement(dbus.String(xml))
+                        print("ok")
+diff --git a/test/test-message-waiting b/test/test-message-waiting
+index 432862e..b93fbf3 100755
+--- a/test/test-message-waiting
+++ b/test/test-message-waiting
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ import sys
+diff --git a/test/test-modem b/test/test-modem
+index aa38b1f..29dbf14 100755
+--- a/test/test-modem
+++ b/test/test-modem
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ 
+diff --git a/test/test-network-registration b/test/test-network-registration
+index 68b4347..c5ad586 100755
+--- a/test/test-network-registration
+++ b/test/test-network-registration
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ import sys
+diff --git a/test/test-phonebook b/test/test-phonebook
+index 42646d3..116fd4f 100755
+--- a/test/test-phonebook
+++ b/test/test-phonebook
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus, sys
+ 
+diff --git a/test/test-push-notification b/test/test-push-notification
+index d972ad3..ecc6afb 100755
+--- a/test/test-push-notification
+++ b/test/test-push-notification
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ 
+diff --git a/test/test-smart-messaging b/test/test-smart-messaging
+index f22efd2..188ac1e 100755
+--- a/test/test-smart-messaging
+++ b/test/test-smart-messaging
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ 
+diff --git a/test/test-sms b/test/test-sms
+index 30ac651..49935e1 100755
+--- a/test/test-sms
+++ b/test/test-sms
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ # -*- coding: utf-8 -*-
+ 
+ from gi.repository import GLib
+@@ -132,7 +132,7 @@ def stdin_handler(channel, condition, sms, value, number):
+                lock = "on"
+                if in_key == '0':
+                        print_send_sms_menu()
+-                       sms_type = input('Select SMS type: ')
+                       sms_type = raw_input('Select SMS type: ')
+ 
+                        if sms_type == '1':
+                                message_send(sms, number, value)
+@@ -150,49 +150,49 @@ def stdin_handler(channel, condition, sms, value, number):
+ 
+                elif in_key == '1':
+                        message_delivery_report(sms, 1)
+-                       send_msg = input('Send test message[y/n]?: ')
+                       send_msg = raw_input('Send test message[y/n]?: ')
+                        if send_msg == 'y':
+                                message_send(sms, number, ("(1)" + value +
+                                                ": UseDeliveryReports[TRUE]"))
+ 
+                elif in_key == '2':
+                        message_delivery_report(sms, 0)
+-                       send_msg = input('Send test message[y/n]?: ')
+                       send_msg = raw_input('Send test message[y/n]?: ')
+                        if send_msg == 'y':
+                                message_send(sms, number, ("(2) " + value +
+                                                ": UseDeliveryReports[FALSE]"))
+ 
+                elif in_key == '3':
+                        message_service_center_address(sms, SCA)
+-                       send_msg = input('Send test message[y/n]?: ')
+                       send_msg = raw_input('Send test message[y/n]?: ')
+                        if send_msg == 'y':
+                                message_send(sms, number, ("(3) " + value +
+                                                ": ServiceCenterAddress"))
+ 
+                elif in_key == '4':
+                        message_bearer(sms, "ps-only")
+-                       send_msg = input('Send test message[y/n]?: ')
+                       send_msg = raw_input('Send test message[y/n]?: ')
+                        if send_msg == 'y':
+                                message_send(sms, number, ("(4) " + value +
+                                                ": Bearer[ps-only]"))
+ 
+                elif in_key == '5':
+                        message_bearer(sms, "cs-only")
+-                       send_msg = input('Send test message[y/n]?: ')
+                       send_msg = raw_input('Send test message[y/n]?: ')
+                        if send_msg == 'y':
+                                message_send(sms, number, ("(5) " + value +
+                                                ": Bearer[cs-only]"))
+ 
+                elif in_key == '6':
+                        message_bearer(sms, "ps-preferred")
+-                       send_msg = input('Send test message[y/n]?: ')
+                       send_msg = raw_input('Send test message[y/n]?: ')
+                        if send_msg == 'y':
+                                message_send(sms, number, ("(6) " + value +
+                                                ": Bearer[ps-preferred]"))
+ 
+                elif in_key == '7':
+                        message_bearer(sms, "cs-preferred")
+-                       send_msg = input('Send test message[y/n]?: ')
+                       send_msg = raw_input('Send test message[y/n]?: ')
+                        if send_msg == 'y':
+                                message_send(sms,number, ("(7) " + value +
+                                                ": Bearer[cs-preferred]"))
+diff --git a/test/test-ss b/test/test-ss
+index 4cd8732..2c80806 100755
+--- a/test/test-ss
+++ b/test/test-ss
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import sys
+ import dbus
+diff --git a/test/test-ss-control-cb b/test/test-ss-control-cb
+index ddae6d3..86bac9b 100755
+--- a/test/test-ss-control-cb
+++ b/test/test-ss-control-cb
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ 
+diff --git a/test/test-ss-control-cf b/test/test-ss-control-cf
+index 095eb5d..d30bf4f 100755
+--- a/test/test-ss-control-cf
+++ b/test/test-ss-control-cf
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ 
+diff --git a/test/test-ss-control-cs b/test/test-ss-control-cs
+index 8180474..e0ed1d1 100755
+--- a/test/test-ss-control-cs
+++ b/test/test-ss-control-cs
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ 
+diff --git a/test/test-stk-menu b/test/test-stk-menu
+index 0cf8fa2..ac0a5bd 100755
+--- a/test/test-stk-menu
+++ b/test/test-stk-menu
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ from gi.repository import GLib
+ 
+@@ -58,7 +58,7 @@ class StkAgent(dbus.service.Object):
+                        index += 1
+ 
+                print("\nDefault: %d" % (default))
+-               select = input("Enter Selection (t, b):")
+               select = raw_input("Enter Selection (t, b):")
+ 
+                if select == 'b':
+                        raise GoBack("User wishes to go back")
+@@ -75,7 +75,7 @@ class StkAgent(dbus.service.Object):
+                print("DisplayText (%s)" % (title))
+                print("Icon: (%d)" % (int(icon)))
+                print("Urgent: (%d)" % (urgent))
+-               key = input("Press return to clear ('t' terminates, "
+               key = raw_input("Press return to clear ('t' terminates, "
+                                                "'b' goes back, 'n' busy, "
+                                                "'w' return and wait):")
+ 
+@@ -108,7 +108,7 @@ class StkAgent(dbus.service.Object):
+                print("Hide typing: (%s)" % (hide_typing))
+                print("Enter characters, min: %d, max: %d:" % (min_chars,
+                                                                max_chars))
+-               userin = input("")
+               userin = raw_input("")
+ 
+                return userin
+ 
+@@ -122,7 +122,7 @@ class StkAgent(dbus.service.Object):
+                print("Hide typing: (%s)" % (hide_typing))
+                print("Enter digits, min: %d, max: %d:" % (min_chars,
+                                                                max_chars))
+-               userin = input("'t' terminates, 'b' goes back:")
+               userin = raw_input("'t' terminates, 'b' goes back:")
+ 
+                if userin == 'b':
+                        raise GoBack("User wishes to go back")
+@@ -136,7 +136,7 @@ class StkAgent(dbus.service.Object):
+        def RequestKey(self, title, icon):
+                print("Title: (%s)" % (title))
+                print("Icon: (%d)" % (int(icon)))
+-               key = input("Enter Key (t, b):")
+               key = raw_input("Enter Key (t, b):")
+ 
+                if key == 'b':
+                        raise GoBack("User wishes to go back")
+@@ -150,7 +150,7 @@ class StkAgent(dbus.service.Object):
+        def RequestDigit(self, title, icon):
+                print("Title: (%s)" % (title))
+                print("Icon: (%d)" % (int(icon)))
+-               key = input("Enter Digit (t, b):")
+               key = raw_input("Enter Digit (t, b):")
+ 
+                if key == 'b':
+                        raise GoBack("User wishes to go back")
+@@ -164,7 +164,7 @@ class StkAgent(dbus.service.Object):
+        def RequestQuickDigit(self, title, icon):
+                print("Title: (%s)" % (title))
+                print("Icon: (%d)" % (int(icon)))
+-               key = input("Quick digit (0-9, *, #, t, b):")
+               key = raw_input("Quick digit (0-9, *, #, t, b):")
+ 
+                if key == 'b':
+                        raise GoBack("User wishes to go back")
+@@ -178,7 +178,7 @@ class StkAgent(dbus.service.Object):
+        def RequestConfirmation(self, title, icon):
+                print("Title: (%s)" % (title))
+                print("Icon: (%d)" % (int(icon)))
+-               key = input("Enter Confirmation (t, b, y, n):")
+               key = raw_input("Enter Confirmation (t, b, y, n):")
+ 
+                if key == 'b':
+                        raise GoBack("User wishes to go back")
+@@ -194,7 +194,7 @@ class StkAgent(dbus.service.Object):
+        def ConfirmCallSetup(self, info, icon):
+                print("Information: (%s)" % (info))
+                print("Icon: (%d)" % (int(icon)))
+-               key = input("Enter Confirmation (t, y, n):")
+               key = raw_input("Enter Confirmation (t, y, n):")
+ 
+                if key == 't':
+                        raise EndSession("User wishes to terminate session")
+@@ -209,7 +209,7 @@ class StkAgent(dbus.service.Object):
+                print("Information: (%s)" % (info))
+                print("Icon: (%d)" % (int(icon)))
+                print("URL (%s)" % (url))
+-               key = input("Enter Confirmation (y, n):")
+               key = raw_input("Enter Confirmation (y, n):")
+ 
+                if key == 'y':
+                        return True
+@@ -232,7 +232,7 @@ class StkAgent(dbus.service.Object):
+                signal.alarm(5)
+ 
+                try:
+-                       key = input("Press return to end before end of"
+                       key = raw_input("Press return to end before end of"
+                                                         " single tone (t):")
+                        signal.alarm(0)
+ 
+@@ -250,7 +250,7 @@ class StkAgent(dbus.service.Object):
+                print("LoopTone: %s" % (tone))
+                print("Text: %s" % (text))
+                print("Icon: %d" % (int(icon)))
+-               key = input("Press return to end before timeout "
+               key = raw_input("Press return to end before timeout "
+                                "('t' terminates, 'w' return and wait):")
+ 
+                if key == 'w':
+@@ -279,7 +279,7 @@ class StkAgent(dbus.service.Object):
+        def DisplayAction(self, text, icon):
+                print("Text: (%s)" % (text))
+                print("Icon: (%d)" % (int(icon)))
+-               key = input("Press 't' to terminate the session ")
+               key = raw_input("Press 't' to terminate the session ")
+ 
+                if key == 't':
+                        raise EndSession("User wishes to terminate session")
+@@ -289,7 +289,7 @@ class StkAgent(dbus.service.Object):
+        def ConfirmOpenChannel(self, info, icon):
+                print("Open channel confirmation: (%s)" % (info))
+                print("Icon: (%d)" % (int(icon)))
+-               key = input("Enter Confirmation (t, y, n):")
+               key = raw_input("Enter Confirmation (t, y, n):")
+ 
+                if key == 't':
+                        raise EndSession("User wishes to terminate session")
+@@ -299,7 +299,7 @@ class StkAgent(dbus.service.Object):
+                        return False
+ 
+ _dbus2py = {
+-       dbus.String : str,
+       dbus.String : unicode,
+        dbus.UInt32 : int,
+        dbus.Int32 : int,
+        dbus.Int16 : int,
+@@ -396,7 +396,7 @@ if __name__ == '__main__':
+                except:
+                        pass
+ 
+-               select = int(input("Enter Selection: "))
+               select = int(raw_input("Enter Selection: "))
+                stk.SelectItem(select, path)
+        elif mode == 'agent':
+                path = "/test/agent"
+diff --git a/test/unlock-pin b/test/unlock-pin
+index 61f4765..10b6626 100755
+--- a/test/unlock-pin
+++ b/test/unlock-pin
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
+#!/usr/bin/python
+ 
+ import dbus
+ import sys
+-- 
+1.9.1
diff --git a/meta/recipes-connectivity/ofono/ofono/ofono b/meta/recipes-connectivity/ofono/ofono/ofono
new file mode 100644
index 0000000000..cc9970929c
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/ofono
@@ -0,0 +1,42 @@
+#!/bin/sh
+DAEMON=/usr/sbin/ofonod
+PIDFILE=/var/run/ofonod.pid
+DESC="Telephony daemon"
+if [ -f /etc/default/ofono ] ; then
+        . /etc/default/ofono
+fi
+set -e
+do_start() {
+        $DAEMON
+}
+do_stop() {
+        start-stop-daemon --stop --name ofonod --quiet
+}
+case "$1" in
+  start)
+        echo "Starting $DESC"
+        do_start
+        ;;
+  stop)
+        echo "Stopping $DESC"
+        do_stop
+        ;;
+  restart|force-reload)
+        echo "Restarting $DESC"
+        do_stop
+        sleep 1
+        do_start
+        ;;
+  *)
+        echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
+exit 0
diff --git a/meta/recipes-connectivity/ofono/ofono_1.15.bb b/meta/recipes-connectivity/ofono/ofono_1.15.bb
new file mode 100644
index 0000000000..bee2b4745c
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono_1.15.bb
@@ -0,0 +1,12 @@
+require ofono.inc
+SRC_URI  = "\
+  ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+  file://ofono \
+  file://Revert-test-Convert-to-Python-3.patch \
+"
+SRC_URI[md5sum] = "4d03de85239d8100dc7721bf0dad2bd2"
+SRC_URI[sha256sum] = "978807a05e8904eb4e57d6533ed71e75676a55fa3819a39fe2c878f45dbf7af6"
+CFLAGS_append_libc-uclibc = " -D_GNU_SOURCE"
diff --git a/meta/recipes-connectivity/ofono/ofono_git.bb b/meta/recipes-connectivity/ofono/ofono_git.bb
new file mode 100644
index 0000000000..beafb775c2
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono_git.bb
@@ -0,0 +1,14 @@
+require ofono.inc
+S        = "${WORKDIR}/git"
+SRCREV = "14544d5996836f628613c2ce544380ee6fc8f514"
+PV       = "0.12-git${SRCPV}"
+PR = "r5"
+SRC_URI  = "git://git.kernel.org/pub/scm/network/ofono/ofono.git \
+            file://ofono"
+do_configure_prepend () {
+  ${S}/bootstrap
+}
diff --git a/meta/recipes-connectivity/openssh/files/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/files/add-test-support-for-busybox.patch
new file mode 100644
index 0000000000..5913597dfd
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/files/add-test-support-for-busybox.patch
@@ -0,0 +1,61 @@
+Adjust test cases to work with busybox.
+- Replace dd parameter "obs" with "bs".
+- Replace "head -<num>" with "head -n <num>".
+Signed-off-by: Björn Stenberg <bjst@enea.com>
+Upstream-status: Pending
+--- a/regress/cipher-speed.sh   2012-06-30 07:08:53.000000000 +0200
+++ b/regress/cipher-speed.sh   2013-02-15 11:30:20.670022055 +0100
+@@ -26,7 +26,7 @@
+                echon "$c/$m:\t"
+                ( ${SSH} -o 'compression no' \
+                        -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \
+-                       exec sh -c \'"dd of=/dev/null obs=32k"\' \
+                       exec sh -c \'"dd of=/dev/null bs=32k"\' \
+                < ${DATA} ) 2>&1 | getbytes
+ 
+                if [ $? -ne 0 ]; then
+@@ -42,7 +42,7 @@
+                echon "$c:\t"
+                ( ${SSH} -o 'compression no' \
+                        -F $OBJ/ssh_proxy -1 -c $c somehost \
+-                       exec sh -c \'"dd of=/dev/null obs=32k"\' \
+                       exec sh -c \'"dd of=/dev/null bs=32k"\' \
+                < ${DATA} ) 2>&1 | getbytes
+                if [ $? -ne 0 ]; then
+                        fail "ssh -1 failed with cipher $c"
+--- a/regress/transfer.sh       2003-09-04 06:54:40.000000000 +0200
+++ b/regress/transfer.sh       2013-02-15 11:25:34.666411185 +0100
+@@ -18,7 +18,7 @@
+        for s in 10 100 1k 32k 64k 128k 256k; do
+                trace "proto $p dd-size ${s}"
+                rm -f ${COPY}
+-               dd if=$DATA obs=${s} 2> /dev/null | \
+               dd if=$DATA bs=${s} 2> /dev/null | \
+                        ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
+                if [ $? -ne 0 ]; then
+                        fail "ssh cat $DATA failed"
+--- a/regress/yes-head.sh       2005-11-28 06:41:03.000000000 +0100
+++ b/regress/yes-head.sh       2013-02-15 11:55:11.413715068 +0100
+@@ -4,7 +4,7 @@
+ tid="yes pipe head"
+ 
+ for p in 1 2; do
+-       lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)`
+       lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)`
+        if [ $? -ne 0 ]; then
+                fail "yes|head test failed"
+                lines = 0;
+--- a/regress/key-options.sh    2008-07-04 09:08:58.000000000 +0200
+++ b/regress/key-options.sh    2013-02-15 12:06:05.109486098 +0100
+@@ -54,7 +54,7 @@
+        fi
+ 
+        sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
+-       from=`head -1 $authkeys | cut -f1 -d ' '`
+       from=`head -n 1 $authkeys | cut -f1 -d ' '`
+        verbose "key option proto $p $from"
+        r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'`
+        if [ "$r" = "true" ]; then
diff --git a/meta/recipes-connectivity/openssh/files/run-ptest b/meta/recipes-connectivity/openssh/files/run-ptest
new file mode 100755
index 0000000000..3e725cf282
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/files/run-ptest
@@ -0,0 +1,7 @@
+#!/bin/sh
+export TEST_SHELL=sh
+cd regress
+make -k .OBJDIR=`pwd` .CURDIR=`pwd` tests \
+        | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
diff --git a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
new file mode 100644
index 0000000000..07af667869
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
@@ -0,0 +1,61 @@
+Adjust test cases to work with busybox.
+- Replace dd parameter "obs" with "bs".
+- Replace "head -<num>" with "head -n <num>".
+Signed-off-by: Maxin B. John <maxin.john@enea.com>
+Upstream-Status: Pending
+--- a/regress/cipher-speed.sh   2012-06-30 07:08:53.000000000 +0200
+++ b/regress/cipher-speed.sh   2013-02-15 11:30:20.670022055 +0100
+@@ -26,7 +26,7 @@
+                echon "$c/$m:\t"
+                ( ${SSH} -o 'compression no' \
+                        -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \
+-                       exec sh -c \'"dd of=/dev/null obs=32k"\' \
+                       exec sh -c \'"dd of=/dev/null bs=32k"\' \
+                < ${DATA} ) 2>&1 | getbytes
+ 
+                if [ $? -ne 0 ]; then
+@@ -42,7 +42,7 @@
+                echon "$c:\t"
+                ( ${SSH} -o 'compression no' \
+                        -F $OBJ/ssh_proxy -1 -c $c somehost \
+-                       exec sh -c \'"dd of=/dev/null obs=32k"\' \
+                       exec sh -c \'"dd of=/dev/null bs=32k"\' \
+                < ${DATA} ) 2>&1 | getbytes
+                if [ $? -ne 0 ]; then
+                        fail "ssh -1 failed with cipher $c"
+--- a/regress/transfer.sh       2003-09-04 06:54:40.000000000 +0200
+++ b/regress/transfer.sh       2013-02-15 11:25:34.666411185 +0100
+@@ -18,7 +18,7 @@
+        for s in 10 100 1k 32k 64k 128k 256k; do
+                trace "proto $p dd-size ${s}"
+                rm -f ${COPY}
+-               dd if=$DATA obs=${s} 2> /dev/null | \
+               dd if=$DATA bs=${s} 2> /dev/null | \
+                        ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
+                if [ $? -ne 0 ]; then
+                        fail "ssh cat $DATA failed"
+--- a/regress/yes-head.sh       2005-11-28 06:41:03.000000000 +0100
+++ b/regress/yes-head.sh       2013-02-15 11:55:11.413715068 +0100
+@@ -4,7 +4,7 @@
+ tid="yes pipe head"
+ 
+ for p in 1 2; do
+-       lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)`
+       lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)`
+        if [ $? -ne 0 ]; then
+                fail "yes|head test failed"
+                lines = 0;
+--- a/regress/key-options.sh    2008-07-04 09:08:58.000000000 +0200
+++ b/regress/key-options.sh    2013-02-15 12:06:05.109486098 +0100
+@@ -54,7 +54,7 @@
+        fi
+ 
+        sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
+-       from=`head -1 $authkeys | cut -f1 -d ' '`
+       from=`head -n 1 $authkeys | cut -f1 -d ' '`
+        verbose "key option proto $p $from"
+        r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'`
+        if [ "$r" = "true" ]; then
diff --git a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
new file mode 100644
index 0000000000..ba13cd1919
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
@@ -0,0 +1,30 @@
+Upstream-Status: Pending
+Subject: auth2-none.c: avoid authenticate empty passwords to mess up with PAM
+If UsePAM, PermitEmptyPasswords, PasswordAuthentication are enabled. The ssh daemon
+will try to authenticate an empty password, resulting in login failures of any user.
+If PAM is enabled, then we should leave the task of password authentication to PAM.
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ auth2-none.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/auth2-none.c b/auth2-none.c
+index c8c6c74..b48b2fd 100644
+--- a/auth2-none.c
+++ b/auth2-none.c
+@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt)
+ {
+        none_enabled = 0;
+        packet_check_eom();
+-       if (options.permit_empty_passwd && options.password_authentication)
+       if (options.permit_empty_passwd && options.password_authentication && !options.use_pam)
+                return (PRIVSEP(auth_password(authctxt, "")));
+        return (0);
+ }
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/openssh/openssh/init b/meta/recipes-connectivity/openssh/openssh/init
new file mode 100644
index 0000000000..70d4a34659
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/init
@@ -0,0 +1,115 @@
+#! /bin/sh
+set -e
+PIDFILE=/var/run/sshd.pid
+# source function library
+. /etc/init.d/functions
+# /etc/init.d/ssh: start and stop the OpenBSD "secure shell" daemon
+test -x /usr/sbin/sshd || exit 0
+( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
+# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
+if test -f /etc/default/ssh; then
+    . /etc/default/ssh
+fi
+[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
+mkdir -p $SYSCONFDIR
+HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
+HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
+HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
+HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
+check_for_no_start() {
+    # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
+    if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then
+        echo "OpenBSD Secure Shell server not in use ($SYSCONFDIR/sshd_not_to_be_run)"
+        exit 0
+    fi
+}
+check_privsep_dir() {
+    # Create the PrivSep empty dir if necessary
+    if [ ! -d /var/run/sshd ]; then
+        mkdir /var/run/sshd
+        chmod 0755 /var/run/sshd
+    fi
+}
+check_config() {
+        /usr/sbin/sshd -t || exit 1
+}
+check_keys() {
+        # create keys if necessary
+        if [ ! -f $HOST_KEY_RSA ]; then
+                echo "  generating ssh RSA key..."
+                ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
+        fi
+        if [ ! -f $HOST_KEY_ECDSA ]; then
+                echo "  generating ssh ECDSA key..."
+                ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
+        fi
+        if [ ! -f $HOST_KEY_DSA ]; then
+                echo "  generating ssh DSA key..."
+                ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
+        fi
+        if [ ! -f $HOST_KEY_ED25519 ]; then
+                echo "  generating ssh ED25519 key..."
+                ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
+        fi
+}
+export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
+case "$1" in
+  start)
+        check_for_no_start
+        echo "Starting OpenBSD Secure Shell server: sshd"
+        check_keys
+        check_privsep_dir
+        start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
+        echo "done."
+        ;;
+  stop)
+        echo -n "Stopping OpenBSD Secure Shell server: sshd"
+        start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd
+        echo "."
+        ;;
+  reload|force-reload)
+        check_for_no_start
+        check_keys
+        check_config
+        echo -n "Reloading OpenBSD Secure Shell server's configuration"
+        start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd
+        echo "."
+        ;;
+  restart)
+        check_keys
+        check_config
+        echo -n "Restarting OpenBSD Secure Shell server: sshd"
+        start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd
+        check_for_no_start
+        check_privsep_dir
+        sleep 2
+        start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
+        echo "."
+        ;;
+  status)
+        status /usr/sbin/sshd
+        exit $?
+  ;;
+  *)
+        echo "Usage: /etc/init.d/ssh {start|stop|status|reload|force-reload|restart}"
+        exit 1
+esac
+exit 0
diff --git a/meta/recipes-connectivity/openssh/openssh/nostrip.patch b/meta/recipes-connectivity/openssh/openssh/nostrip.patch
new file mode 100644
index 0000000000..33111f5494
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/nostrip.patch
@@ -0,0 +1,20 @@
+Disable stripping binaries during make install.
+Upstream-Status: Inappropriate [configuration]
+Build system specific.
+Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+diff -ur openssh-5.6p1.orig/Makefile.in openssh-5.6p1/Makefile.in
+--- openssh-5.6p1.orig/Makefile.in      2010-05-11 23:51:39.000000000 -0700
+++ openssh-5.6p1/Makefile.in   2010-08-30 16:49:54.000000000 -0700
+@@ -29,7 +29,7 @@
+ RAND_HELPER=$(libexecdir)/ssh-rand-helper
+ PRIVSEP_PATH=@PRIVSEP_PATH@
+ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
+-STRIP_OPT=@STRIP_OPT@
+STRIP_OPT=
+ 
+ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
+        -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2011-4327.patch
new file mode 100644
index 0000000000..30c11cf432
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2011-4327.patch
@@ -0,0 +1,29 @@
+openssh-CVE-2011-4327
+A security flaw was found in the way ssh-keysign,
+a ssh helper program for host based authentication,
+attempted to retrieve enough entropy information on configurations that
+lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
+be executed to retrieve the entropy from the system environment).
+A local attacker could use this flaw to obtain unauthorized access to host keys
+via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
+http://www.openssh.com/txt/portable-keysign-rand-helper.adv
+Upstream-Status: Pending
+Signed-off-by: Li Wang <li.wang@windriver.com>
+--- a/ssh-keysign.c
+++ b/ssh-keysign.c
+@@ -170,6 +170,10 @@
+        key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
+        key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
+        key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
+       if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 ||
+           fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 ||
+           fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0)
+               fatal("fcntl failed");
+ 
+        original_real_uid = getuid();   /* XXX readconf.c needs this */
+        if ((pw = getpwuid(original_real_uid)) == NULL)
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch
new file mode 100644
index 0000000000..3deaf3f0e9
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch
@@ -0,0 +1,22 @@
+Upstream-Status: Backport
+Fix for CVE-2014-2532
+Backported from openssh-6.6p1.tar.gz
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+--- a/session.c
+++ b/session.c
+@@ -955,6 +955,11 @@
+        u_int envsize;
+        u_int i, namelen;
+ 
+       if (strchr(name, '=') != NULL) {
+               error("Invalid environment variable \"%.100s\"", name);
+               return;
+       }
+
+        /*
+         * If we're passed an uninitialized list, allocate a single null
+         * entry before continuing.
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2653.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2653.patch
new file mode 100644
index 0000000000..674d186044
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2653.patch
@@ -0,0 +1,114 @@
+Upstream-Status: Backport
+This CVE could be removed if openssh is upgrade to 6.6 or higher.
+Below are some details.
+Attempt SSHFP lookup even if server presents a certificate
+Reference:
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513
+If an ssh server presents a certificate to the client, then the client
+does not check the DNS for SSHFP records. This means that a malicious
+server can essentially disable DNS-host-key-checking, which means the
+client will fall back to asking the user (who will just say "yes" to
+the fingerprint, sadly).
+This patch means that the ssh client will, if necessary, extract the
+server key from the proffered certificate, and attempt to verify it
+against the DNS. The patch was written by Mark Wooding
+<mdw@distorted.org.uk>. I modified it to add one debug2 call, reviewed
+it, and tested it.
+Signed-off-by: Matthew Vernon <matthew@debian.org>
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+--- a/sshconnect.c
+++ b/sshconnect.c
+@@ -1210,36 +1210,63 @@ fail:
+        return -1;
+ }
+ 
+static int
+check_host_key_sshfp(char *host, struct sockaddr *hostaddr, Key *host_key)
+{
+       int rc = -1;
+       int flags = 0;
+       Key *raw_key = NULL;
+
+       if (!options.verify_host_key_dns)
+               goto done;
+
+       /* XXX certs are not yet supported for DNS; try looking the raw key
+        * up in the DNS anyway.
+        */
+       if (key_is_cert(host_key)) {
+               debug2("Extracting key from cert for SSHFP lookup");
+               raw_key = key_from_private(host_key);
+               if (key_drop_cert(raw_key))
+                       fatal("Couldn't drop certificate");
+               host_key = raw_key;
+       }
+
+       if (verify_host_key_dns(host, hostaddr, host_key, &flags))
+               goto done;
+
+       if (flags & DNS_VERIFY_FOUND) {
+
+               if (options.verify_host_key_dns == 1 &&
+                               flags & DNS_VERIFY_MATCH &&
+                               flags & DNS_VERIFY_SECURE) {
+                       rc = 0;
+               } else if (flags & DNS_VERIFY_MATCH) {
+                       matching_host_key_dns = 1;
+               } else {
+                       warn_changed_key(host_key);
+                       error("Update the SSHFP RR in DNS with the new "
+                                       "host key to get rid of this message.");
+               }
+       }
+
+done:
+       if (raw_key)
+               key_free(raw_key);
+       return rc;
+}
+
+ /* returns 0 if key verifies or -1 if key does NOT verify */
+ int
+ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
+ {
+-       int flags = 0;
+        char *fp;
+ 
+        fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+        debug("Server host key: %s %s", key_type(host_key), fp);
+        free(fp);
+ 
+-       /* XXX certs are not yet supported for DNS */
+-       if (!key_is_cert(host_key) && options.verify_host_key_dns &&
+-           verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
+-               if (flags & DNS_VERIFY_FOUND) {
+-
+-                       if (options.verify_host_key_dns == 1 &&
+-                           flags & DNS_VERIFY_MATCH &&
+-                           flags & DNS_VERIFY_SECURE)
+-                               return 0;
+-
+-                       if (flags & DNS_VERIFY_MATCH) {
+-                               matching_host_key_dns = 1;
+-                       } else {
+-                               warn_changed_key(host_key);
+-                               error("Update the SSHFP RR in DNS with the new "
+-                                   "host key to get rid of this message.");
+-                       }
+-               }
+-       }
+       if (check_host_key_sshfp(host, hostaddr, host_key) == 0)
+               return 0;
+ 
+        return check_host_key(host, hostaddr, options.port, host_key, RDRW,
+            options.user_hostfiles, options.num_user_hostfiles,
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-ptest-fix-sshconnect.patch b/meta/recipes-connectivity/openssh/openssh/openssh-ptest-fix-sshconnect.patch
new file mode 100644
index 0000000000..091370129a
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-ptest-fix-sshconnect.patch
@@ -0,0 +1,57 @@
+Fixed openssh ptest
+ptests for openssh, apart from a lot of .sh scripts, also
+require 2 executables to be cross-compiled for the target
+and deployed there, that will be called from the test
+scripts.
+Those 2 files were not built when cross-compiling
+(Makefile target all:), so I added them to the build,
+under the target all_test.
+This new make target is intended to be run from
+do_compile_ptest(), that builds everything needed for
+performing the ptests.
+Because both these 2 executables required for ptest
+are linked with libssh (LDFLAGS += -lssh), I also
+added it as dependency for each of them.
+Upstream-status: Inappropriate
+Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
+---
+--- a/Makefile.in       2014-12-10 16:19:37.513373454 +0100
+++ b/Makefile.in       2014-12-10 16:25:23.262764227 +0100
+@@ -130,6 +130,8 @@ FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fix
+ 
+ all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
+ 
+all_test: regress/modpipe$(EXEEXT) regress/setuid-allowed$(EXEEXT)
+
+ $(LIBSSH_OBJS): Makefile.in config.h
+ $(SSHOBJS): Makefile.in config.h
+ $(SSHDOBJS): Makefile.in config.h
+@@ -394,18 +396,18 @@ uninstall:
+        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+ 
+-regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c
+regress/modpipe$(EXEEXT): libssh.a
+        [ -d `pwd`/regress ]  ||  mkdir -p `pwd`/regress
+        [ -f `pwd`/regress/Makefile ]  || \
+            ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
+-       $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+       $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \
+        $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+ 
+-regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c
+regress/setuid-allowed$(EXEEXT): libssh.a
+        [ -d `pwd`/regress ]  ||  mkdir -p `pwd`/regress
+        [ -f `pwd`/regress/Makefile ]  || \
+            ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
+-       $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+       $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/setuid-allowed.c \
+        $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+ 
+ tests interop-tests:   $(TARGETS) regress/modpipe$(EXEEXT) regress/setuid-allowed$(EXEEXT)
diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest
new file mode 100755
index 0000000000..3e725cf282
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/run-ptest
@@ -0,0 +1,7 @@
+#!/bin/sh
+export TEST_SHELL=sh
+cd regress
+make -k .OBJDIR=`pwd` .CURDIR=`pwd` tests \
+        | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config
new file mode 100644
index 0000000000..4a4a649ba8
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/ssh_config
@@ -0,0 +1,46 @@
+#       $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+# Site-wide defaults for some commonly used options.  For a comprehensive
+# list of available options, their meanings and defaults, please see the
+# ssh_config(5) man page.
+Host *
+  ForwardAgent yes
+  ForwardX11 yes
+#   RhostsRSAAuthentication no
+#   RSAAuthentication yes
+#   PasswordAuthentication yes
+#   HostbasedAuthentication no
+#   GSSAPIAuthentication no
+#   GSSAPIDelegateCredentials no
+#   BatchMode no
+#   CheckHostIP yes
+#   AddressFamily any
+#   ConnectTimeout 0
+#   StrictHostKeyChecking ask
+#   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_rsa
+#   IdentityFile ~/.ssh/id_dsa
+#   Port 22
+#   Protocol 2,1
+#   Cipher 3des
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
+#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+#   EscapeChar ~
+#   Tunnel no
+#   TunnelDevice any:any
+#   PermitLocalCommand no
+#   VisualHostKey no
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd b/meta/recipes-connectivity/openssh/openssh/sshd
new file mode 100644
index 0000000000..4882e58b48
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshd
@@ -0,0 +1,10 @@
+#%PAM-1.0
+auth       include      common-auth
+account    required     pam_nologin.so
+account    include      common-account
+password   include      common-password
+session    optional     pam_keyinit.so force revoke
+session    include      common-session
+session    required     pam_loginuid.so
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket
new file mode 100644
index 0000000000..12c39b26b5
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket
@@ -0,0 +1,10 @@
+[Unit]
+Conflicts=sshd.service
+[Socket]
+ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
+ListenStream=22
+Accept=yes
+[Install]
+WantedBy=sockets.target
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service b/meta/recipes-connectivity/openssh/openssh/sshd@.service
new file mode 100644
index 0000000000..bb2d68e96a
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshd@.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenSSH Per-Connection Daemon
+Wants=sshdgenkeys.service
+After=sshdgenkeys.service
+[Service]
+ExecStart=-@SBINDIR@/sshd -i
+ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
+StandardInput=socket
+StandardError=syslog
+KillMode=process
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
new file mode 100644
index 0000000000..4f9b626fbd
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -0,0 +1,119 @@
+#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+# Disable legacy (protocol version 1) support in the server for new
+# installations. In future the default will change to require explicit
+# activation of protocol 1
+Protocol 2
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+# Authentication:
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+#AuthorizedKeysFile     .ssh/authorized_keys
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+# Set this to 'yes' to enable PAM authentication, account processing, 
+# and session processing. If this is enabled, PAM authentication will 
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+Compression no
+ClientAliveInterval 15
+ClientAliveCountMax 4
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10
+#PermitTunnel no
+#ChrootDirectory none
+# no default banner path
+#Banner none
+# override default of no subsystems
+Subsystem       sftp    /usr/libexec/sftp-server
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#       X11Forwarding no
+#       AllowTcpForwarding no
+#       ForceCommand cvs server
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
new file mode 100644
index 0000000000..c21d70baf0
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=OpenSSH Key Generation
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
+[Service]
+ExecStart=@BINDIR@/ssh-keygen -A
+Type=oneshot
+RemainAfterExit=yes
diff --git a/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd b/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd
new file mode 100644
index 0000000000..a0d2af3c65
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/volatiles.99_sshd
@@ -0,0 +1,2 @@
+d root root 0755 /var/run/sshd none
+f root root 0644 /var/log/lastlog none
diff --git a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
new file mode 100644
index 0000000000..f575665e4c
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
@@ -0,0 +1,151 @@
+SUMMARY = "Secure rlogin/rsh/rcp/telnet replacement"
+DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
+Ssh (Secure Shell) is a program for logging into a remote machine \
+and for executing commands on a remote machine."
+HOMEPAGE = "http://openssh.org"
+SECTION = "console/network"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
+DEPENDS = "zlib openssl"
+DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
+           file://nostrip.patch \
+           file://sshd_config \
+           file://ssh_config \
+           file://init \
+           file://openssh-CVE-2011-4327.patch \
+           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           file://sshd.socket \
+           file://sshd@.service \
+           file://sshdgenkeys.service \
+           file://volatiles.99_sshd \
+           file://add-test-support-for-busybox.patch \
+           file://run-ptest \
+           file://openssh-CVE-2014-2532.patch \
+           file://openssh-CVE-2014-2653.patch \
+           file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch"
+PAM_SRC_URI = "file://sshd"
+SRC_URI[md5sum] = "3e9800e6bca1fbac0eea4d41baa7f239"
+SRC_URI[sha256sum] = "48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb"
+inherit useradd update-rc.d update-alternatives systemd
+USERADD_PACKAGES = "${PN}-sshd"
+USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
+INITSCRIPT_PACKAGES = "${PN}-sshd"
+INITSCRIPT_NAME_${PN}-sshd = "sshd"
+INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
+SYSTEMD_PACKAGES = "${PN}-sshd"
+SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket"
+PACKAGECONFIG ??= "tcp-wrappers"
+PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,,tcp-wrappers"
+inherit autotools-brokensep ptest
+# LFS support:
+CFLAGS += "-D__FILE_OFFSET_BITS=64"
+# login path is hardcoded in sshd
+EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
+                ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
+                --without-zlib-version-check \
+                --with-privsep-path=/var/run/sshd \
+                --sysconfdir=${sysconfdir}/ssh \
+                --with-xauth=/usr/bin/xauth"
+# Since we do not depend on libbsd, we do not want configure to use it
+# just because it finds libutil.h.  But, specifying --disable-libutil
+# causes compile errors, so...
+CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no"
+# passwd path is hardcoded in sshd
+CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
+# This is a workaround for uclibc because including stdio.h
+# pulls in pthreads.h and causes conflicts in function prototypes.
+# This results in compilation failure, so unless this is fixed,
+# disable pam for uclibc.
+EXTRA_OECONF_append_libc-uclibc=" --without-pam"
+do_configure_prepend () {
+        export LD="${CC}"
+        install -m 0644 ${WORKDIR}/sshd_config ${B}/
+        install -m 0644 ${WORKDIR}/ssh_config ${B}/
+        if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then
+                cp aclocal.m4 acinclude.m4
+        fi
+}
+do_install_append () {
+        if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then
+                install -D -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
+                sed -i -e 's:#UsePAM no:UsePAM yes:' ${WORKDIR}/sshd_config ${D}${sysconfdir}/ssh/sshd_config
+        fi
+        install -d ${D}${sysconfdir}/init.d
+        install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
+        rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
+        rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
+        install -d ${D}/${sysconfdir}/default/volatiles
+        install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
+        install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir}
+        # Create config files for read-only rootfs
+        install -d ${D}${sysconfdir}/ssh
+        install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
+        sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
+        echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+        echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+        echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+        install -d ${D}${systemd_unitdir}/system
+        install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
+        install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system
+        install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system
+        sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+                -e 's,@SBINDIR@,${sbindir},g' \
+                -e 's,@BINDIR@,${bindir},g' \
+                ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
+}
+do_install_ptest () {
+        sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libdir}/${PN}/sftp-server|" regress/test-exec.sh
+        cp -r regress ${D}${PTEST_PATH}
+}
+ALLOW_EMPTY_${PN} = "1"
+PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
+FILES_${PN}-scp = "${bindir}/scp.${BPN}"
+FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
+FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
+FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
+FILES_${PN}-sftp = "${bindir}/sftp"
+FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
+FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
+FILES_${PN}-keygen = "${bindir}/ssh-keygen"
+RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
+RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
+RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make"
+RPROVIDES_${PN}-ssh = "ssh"
+RPROVIDES_${PN}-sshd = "sshd"
+RCONFLICTS_${PN} = "dropbear"
+RCONFLICTS_${PN}-sshd = "dropbear"
+RCONFLICTS_${PN}-keygen = "ssh-keygen"
+CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
+CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
+ALTERNATIVE_PRIORITY = "90"
+ALTERNATIVE_${PN}-scp = "scp"
+ALTERNATIVE_${PN}-ssh = "ssh"
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
new file mode 100644
index 0000000000..31dfd8fea7
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -0,0 +1,204 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+# "openssl | SSLeay" dual license
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+DEPENDS = "perl-native-runtime"
+DEPENDS_append_class-target = " openssl-native"
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+          "
+S = "${WORKDIR}/openssl-${PV}"
+PACKAGECONFIG[perl] = ",,,"
+AR_append = " r"
+# Avoid binaries being marked as requiring an executable stack since it 
+# doesn't(which causes and this causes issues with SELinux
+CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
+        -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
+# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
+CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
+CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
+export DIRS = "crypto ssl apps"
+export EX_LIBS = "-lgcc -ldl"
+export AS = "${CC} -c"
+inherit pkgconfig siteinfo multilib_header ptest
+PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
+FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl.so.*"
+FILES_${PN} =+ " ${libdir}/ssl/*"
+FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
+RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
+FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
+# Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
+# package RRECOMMENDS on this package.  This will enable the configuration
+# file to be installed for both the base openssl package and the libcrypto
+# package since the base openssl package depends on the libcrypto package.
+FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+RRECOMMENDS_libcrypto += "openssl-conf"
+RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
+do_configure_prepend_darwin () {
+        sed -i -e '/version-script=openssl\.ld/d' Configure
+}
+do_configure () {
+        cd util
+        perl perlpath.pl ${STAGING_BINDIR_NATIVE}
+        cd ..
+        ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
+        os=${HOST_OS}
+        case $os in
+        linux-uclibc |\
+        linux-uclibceabi |\
+        linux-gnueabi |\
+        linux-uclibcspe |\
+        linux-gnuspe |\
+        linux-musl*)
+                os=linux
+                ;;
+                *)
+                ;;
+        esac
+        target="$os-${HOST_ARCH}"
+        case $target in
+        linux-arm)
+                target=linux-armv4
+                ;;
+        linux-armeb)
+                target=linux-elf-armeb
+                ;;
+        linux-aarch64*)
+                target=linux-generic64
+                ;;
+        linux-sh3)
+                target=debian-sh3
+                ;;
+        linux-sh4)
+                target=debian-sh4
+                ;;
+        linux-i486)
+                target=debian-i386-i486
+                ;;
+        linux-i586 | linux-viac3)
+                target=debian-i386-i586
+                ;;
+        linux-i686)
+                target=debian-i386-i686/cmov
+                ;;
+        linux-gnux32-x86_64)
+                target=linux-x32
+                ;;
+        linux-gnu64-x86_64)
+                target=linux-x86_64
+                ;;
+        linux-mips)
+                target=debian-mips
+                ;;
+        linux-mipsel)
+                target=debian-mipsel
+                ;;
+        linux-*-mips64)
+               target=linux-mips
+                ;;
+        linux-powerpc)
+                target=linux-ppc
+                ;;
+        linux-powerpc64)
+                target=linux-ppc64
+                ;;
+        linux-supersparc)
+                target=linux-sparcv8
+                ;;
+        linux-sparc)
+                target=linux-sparcv8
+                ;;
+        darwin-i386)
+                target=darwin-i386-cc
+                ;;
+        esac
+        # inject machine-specific flags
+        sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
+        useprefix=${prefix}
+        if [ "x$useprefix" = "x" ]; then
+                useprefix=/
+        fi        
+        perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
+}
+do_compile_prepend_class-target () {
+    sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+}
+do_compile () {
+        oe_runmake
+}
+do_compile_ptest () {
+        oe_runmake buildtest
+}
+do_install () {
+        oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
+        oe_libinstall -so libcrypto ${D}${libdir}
+        oe_libinstall -so libssl ${D}${libdir}
+        # Moving libcrypto to /lib
+        if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
+                mkdir -p ${D}/${base_libdir}/
+                mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
+                sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
+        fi
+        install -d ${D}${includedir}
+        cp --dereference -R include/openssl ${D}${includedir}
+        oe_multilib_header openssl/opensslconf.h
+        if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
+                install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
+                sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
+                # The c_rehash utility isn't installed by the normal installation process.
+        else
+                rm -f ${D}${bindir}/c_rehash
+                rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
+        fi
+}
+do_install_ptest () {
+        cp -r Makefile test ${D}${PTEST_PATH}
+        cp -r certs ${D}${PTEST_PATH}
+        mkdir -p ${D}${PTEST_PATH}/apps
+        ln -sf /usr/lib/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
+        ln -sf /usr/lib/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+        ln -sf /usr/bin/openssl         ${D}${PTEST_PATH}/apps
+        cp apps/server2.pem             ${D}${PTEST_PATH}/apps
+        mkdir -p ${D}${PTEST_PATH}/util
+        install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
+        install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
+}
+do_install_append_virtclass-native() {
+        create_wrapper ${D}${bindir}/openssl \
+            OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
+            SSL_CERT_DIR=${libdir}/ssl/certs \
+            SSL_CERT_FILE=${libdir}/ssl/cert.pem \
+            OPENSSL_ENGINES=${libdir}/ssl/engines
+}
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
new file mode 100644
index 0000000000..ac53a9142b
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
@@ -0,0 +1,75 @@
+Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
+cross-compiled.
+Signed-off-by: Anders Roxell <anders.roxell@enea.com>
+Signed-off-by: Maxin B. John <maxin.john@enea.com>
+Upstream-Status: Pending
+---
+diff -uNr a/Makefile b/Makefile
+--- a/Makefile.org      2012-05-10 17:06:02.000000000 +0200
+++ b/Makefile.org      2012-10-27 00:05:55.359424024 +0200
+@@ -411,8 +411,16 @@
+ test:   tests
+ 
+ tests: rehash
+       $(MAKE) buildtest
+       $(MAKE) runtest
+
+buildtest:
+       @(cd test && \
+       $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
+
+runtest:
+        @(cd test && echo "testing..." && \
+-       $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
+       $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
+        OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
+ 
+ report:
+diff --git a/test/Makefile b/test/Makefile
+index 3912f82..1696767 100644
+--- a/test/Makefile
+++ b/test/Makefile
+@@ -128,7 +128,7 @@ tests:      exe apps $(TESTS)
+ apps:
+        @(cd ..; $(MAKE) DIRS=apps all)
+ 
+-alltests: \
+all-tests= \
+        test_des test_idea test_sha test_md4 test_md5 test_hmac \
+        test_md2 test_mdc2 test_wp \
+        test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+@@ -138,6 +138,11 @@ alltests: \
+        test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
+        test_jpake test_cms
+ 
+alltests:
+       @(for i in $(all-tests); do \
+       ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
+       done)
+
+ test_evp:
+        ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
+ 
+@@ -203,7 +208,7 @@ test_x509:
+        echo test second x509v3 certificate
+        sh ./tx509 v3-cert2.pem 2>/dev/null
+ 
+-test_rsa: $(RSATEST)$(EXE_EXT)
+test_rsa:
+        @sh ./trsa 2>/dev/null
+        ../util/shlib_wrap.sh ./$(RSATEST)
+ 
+@@ -298,11 +303,11 @@ test_tsa:
+          sh ./testtsa; \
+        fi
+ 
+-test_ige: $(IGETEST)$(EXE_EXT)
+test_ige:
+        @echo "Test IGE mode"
+        ../util/shlib_wrap.sh ./$(IGETEST)
+ 
+-test_jpake: $(JPAKETEST)$(EXE_EXT)
+test_jpake:
+        @echo "Test JPAKE"
+        ../util/shlib_wrap.sh ./$(JPAKETEST)
diff --git a/meta/recipes-connectivity/openssl/openssl/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
new file mode 100644
index 0000000000..dbc10f91b1
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
@@ -0,0 +1,34 @@
+Upstream-Status: Inappropriate [embedded specific]
+The number of colons are important :)
+---
+ Configure |   16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+--- a/Configure
+++ b/Configure
+@@ -403,6 +403,22 @@ my %table=(
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ 
+ # Linux on ARM
+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"linux-avr32","$ENV{'CC'}: -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
+
+#### Linux on MIPS/MIPS64
+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+ # Android: linux-* but without pointers to headers and libs.
+ "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
new file mode 100644
index 0000000000..ac1b19b943
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
@@ -0,0 +1,45 @@
+Upstream-Status: Backport [debian]
+From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Wed, 21 Apr 2010 15:52:10 +0200
+Subject: [PATCH] also create old hash for compatibility
+---
+ tools/c_rehash.in |    8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletions(-)
+Index: openssl-1.0.0d/tools/c_rehash.in
+===================================================================
+--- openssl-1.0.0d.orig/tools/c_rehash.in       2011-04-13 20:41:28.000000000 +0000
+++ openssl-1.0.0d/tools/c_rehash.in    2011-04-13 20:41:28.000000000 +0000
+@@ -86,6 +86,7 @@
+                        }
+                }
+                link_hash_cert($fname) if($cert);
+               link_hash_cert_old($fname) if($cert);
+                link_hash_crl($fname) if($crl);
+        }
+ }
+@@ -119,8 +120,9 @@
+ 
+ sub link_hash_cert {
+                my $fname = $_[0];
+               my $hashopt = $_[1] || '-subject_hash';
+                $fname =~ s/'/'\\''/g;
+-               my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
+               my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
+                chomp $hash;
+                chomp $fprint;
+                $fprint =~ s/^.*=//;
+@@ -150,6 +152,10 @@
+                $hashlist{$hash} = $fprint;
+ }
+ 
+sub link_hash_cert_old {
+               link_hash_cert($_[0], '-subject_hash_old');
+}
+
+ # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+ 
+ sub link_hash_crl {
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
new file mode 100644
index 0000000000..aba4d42983
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
@@ -0,0 +1,22 @@
+Upstream-Status: Backport [debian]
+Index: openssl-0.9.8m/apps/CA.pl.in
+===================================================================
+--- openssl-0.9.8m.orig/apps/CA.pl.in   2006-04-28 00:28:51.000000000 +0000
+++ openssl-0.9.8m/apps/CA.pl.in        2010-02-27 00:36:51.000000000 +0000
+@@ -65,6 +65,7 @@
+ foreach (@ARGV) {
+        if ( /^(-\?|-h|-help)$/ ) {
+            print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+           print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+            exit 0;
+        } elsif (/^-newcert$/) {
+            # create a certificate
+@@ -165,6 +166,7 @@
+        } else {
+            print STDERR "Unknown arg $_\n";
+            print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+           print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+            exit 1;
+        }
+ }
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
new file mode 100644
index 0000000000..8101edf0b0
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
@@ -0,0 +1,66 @@
+Upstream-Status: Backport [debian]
+Index: openssl-1.0.1/Configure
+===================================================================
+--- openssl-1.0.1.orig/Configure        2012-03-17 15:37:54.000000000 +0000
+++ openssl-1.0.1/Configure     2012-03-17 16:13:49.000000000 +0000
+@@ -105,6 +105,10 @@
+ 
+ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+ 
+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
+$debian_cflags =~ s/\n/ /g;
+
+ my $strict_warnings = 0;
+ 
+ my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+@@ -338,6 +342,48 @@
+ "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+ "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
+ 
+# Debian GNU/* (various architectures)
+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mips",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-mipsel",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-m68k",  "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sh3",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sh4",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sh3eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sh4eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+ ####
+ #### Variety of LINUX:-)
+ ####
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
new file mode 100644
index 0000000000..ee0a62c3c7
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+Index: openssl-1.0.1/Makefile.org
+===================================================================
+--- openssl-1.0.1.orig/Makefile.org     2012-03-17 09:41:07.000000000 +0000
+++ openssl-1.0.1/Makefile.org  2012-03-17 09:41:21.000000000 +0000
+@@ -135,7 +135,7 @@
+ 
+ BASEADDR=
+ 
+-DIRS=   crypto ssl engines apps test tools
+DIRS=   crypto ssl engines apps tools
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+ 
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch
new file mode 100644
index 0000000000..4085e3b1d7
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+Index: openssl-1.0.0c/Makefile.org
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.org    2010-12-12 16:11:27.000000000 +0100
+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100
+@@ -131,7 +131,7 @@
+ 
+ MAKEFILE= Makefile
+ 
+-MANDIR=$(OPENSSLDIR)/man
+MANDIR=/usr/share/man
+ MAN1=1
+ MAN3=3
+ MANSUFFIX=
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
new file mode 100644
index 0000000000..21c1d1a4eb
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
@@ -0,0 +1,34 @@
+Upstream-Status: Backport [debian]
+Index: openssl-1.0.0c/Makefile.org
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.org    2010-12-12 16:11:37.000000000 +0100
+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100
+@@ -160,7 +160,8 @@
+ MANDIR=/usr/share/man
+ MAN1=1
+ MAN3=3
+-MANSUFFIX=
+MANSUFFIX=ssl
+MANSECTION=SSL
+ HTMLSUFFIX=html
+ HTMLDIR=$(OPENSSLDIR)/html
+ SHELL=/bin/sh
+@@ -651,7 +652,7 @@
+                echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+                (cd `$(PERL) util/dirname.pl $$i`; \
+                sh -c "$$pod2man \
+-                       --section=$$sec --center=OpenSSL \
+                       --section=$${sec}$(MANSECTION) --center=OpenSSL \
+                        --release=$(VERSION) `basename $$i`") \
+                        >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+                $(PERL) util/extract-names.pl < $$i | \
+@@ -668,7 +669,7 @@
+                echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+                (cd `$(PERL) util/dirname.pl $$i`; \
+                sh -c "$$pod2man \
+-                       --section=$$sec --center=OpenSSL \
+                       --section=$${sec}$(MANSECTION) --center=OpenSSL \
+                        --release=$(VERSION) `basename $$i`") \
+                        >  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+                $(PERL) util/extract-names.pl < $$i | \
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
new file mode 100644
index 0000000000..1ccb3b86ee
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+Index: openssl-1.0.0c/Makefile.shared
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200
+++ openssl-1.0.0c/Makefile.shared      2010-12-12 16:13:36.000000000 +0100
+@@ -153,7 +153,7 @@
+        NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+        SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
new file mode 100644
index 0000000000..cc4408ab7d
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Backport [debian]
+Index: openssl-1.0.0c/Makefile.shared
+===================================================================
+--- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
+++ openssl-1.0.0c/Makefile.shared      2010-12-12 16:13:44.000000000 +0100
+@@ -151,7 +151,7 @@
+        SHLIB_SUFFIX=; \
+        ALLSYMSFLAGS='-Wl,--whole-archive'; \
+        NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+-       SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+       SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+ DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl/debian/pic.patch
new file mode 100644
index 0000000000..bfda3888bf
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/pic.patch
@@ -0,0 +1,177 @@
+Upstream-Status: Backport [debian]
+Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl       2001-10-24 23:20:56.000000000 +0200
+++ openssl-1.0.1c/crypto/des/asm/desboth.pl    2012-07-29 14:15:26.000000000 +0200
+@@ -16,6 +16,11 @@
+ 
+        &push("edi");
+ 
+       &call   (&label("pic_point0"));
+       &set_label("pic_point0");
+       &blindpop("ebp");
+       &add    ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
+
+        &comment("");
+        &comment("Load the data words");
+        &mov($L,&DWP(0,"ebx","",0));
+@@ -47,15 +52,21 @@
+        &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+        &mov(&swtmp(1), "eax");
+        &mov(&swtmp(0), "ebx");
+-       &call("DES_encrypt2");
+       &exch("ebx", "ebp");
+       &call("DES_encrypt2\@PLT");
+       &exch("ebx", "ebp");
+        &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
+        &mov(&swtmp(1), "edi");
+        &mov(&swtmp(0), "ebx");
+-       &call("DES_encrypt2");
+       &exch("ebx", "ebp");
+       &call("DES_encrypt2\@PLT");
+       &exch("ebx", "ebp");
+        &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+        &mov(&swtmp(1), "esi");
+        &mov(&swtmp(0), "ebx");
+-       &call("DES_encrypt2");
+       &exch("ebx", "ebp");
+       &call("DES_encrypt2\@PLT");
+       &exch("ebx", "ebp");
+ 
+        &stack_pop(3);
+        &mov($L,&DWP(0,"ebx","",0));
+Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl   2011-07-13 08:22:46.000000000 +0200
+++ openssl-1.0.1c/crypto/perlasm/cbc.pl        2012-07-29 14:15:26.000000000 +0200
+@@ -122,7 +122,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($enc_func);
+       &call   (&label("pic_point0"));
+       &set_label("pic_point0");
+       &blindpop("ebx");
+       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
+       &call("$enc_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));
+@@ -185,7 +189,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put in array for call
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($enc_func);
+       &call   (&label("pic_point1"));
+       &set_label("pic_point1");
+       &blindpop("ebx");
+       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
+       &call("$enc_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));
+@@ -218,7 +226,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($dec_func);
+       &call   (&label("pic_point2"));
+       &set_label("pic_point2");
+       &blindpop("ebx");
+       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
+       &call("$dec_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
+@@ -261,7 +273,11 @@
+        &mov(&DWP($data_off,"esp","",0),        "eax"); # put back
+        &mov(&DWP($data_off+4,"esp","",0),      "ebx"); #
+ 
+-       &call($dec_func);
+       &call   (&label("pic_point3"));
+       &set_label("pic_point3");
+       &blindpop("ebx");
+       &add    ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
+       &call("$dec_func\@PLT");
+ 
+        &mov("eax",     &DWP($data_off,"esp","",0));    # get return
+        &mov("ebx",     &DWP($data_off+4,"esp","",0));  #
+Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl        2011-12-09 20:16:35.000000000 +0100
+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl     2012-07-29 14:15:26.000000000 +0200
+@@ -161,6 +161,7 @@
+        if ($::macosx)  { push (@out,"$tmp,2\n"); }
+        elsif ($::elf)  { push (@out,"$tmp,4\n"); }
+        else            { push (@out,"$tmp\n"); }
+       if ($::elf)     { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
+     }
+     push(@out,$initseg) if ($initseg);
+ }
+@@ -218,8 +219,23 @@
+     elsif ($::elf)
+     {  $initseg.=<<___;
+ .section       .init
+___
+        if ($::pic)
+       {   $initseg.=<<___;
+       pushl   %ebx
+       call    .pic_point0
+.pic_point0:
+       popl    %ebx
+       addl    \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
+       call    $f\@PLT
+       popl    %ebx
+___
+       }
+       else
+       {   $initseg.=<<___;
+        call    $f
+ ___
+       }
+     }
+     elsif ($::coff)
+     {   $initseg.=<<___;       # applies to both Cygwin and Mingw
+Index: openssl-1.0.1c/crypto/x86cpuid.pl
+===================================================================
+--- openssl-1.0.1c.orig/crypto/x86cpuid.pl      2012-02-28 15:20:34.000000000 +0100
+++ openssl-1.0.1c/crypto/x86cpuid.pl   2012-07-29 14:15:26.000000000 +0200
+@@ -8,6 +8,8 @@
+ 
+ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+ 
+push(@out, ".hidden OPENSSL_ia32cap_P\n");
+
+ &function_begin("OPENSSL_ia32_cpuid");
+        &xor    ("edx","edx");
+        &pushf  ();
+@@ -139,9 +141,7 @@
+ &set_label("nocpuid");
+ &function_end("OPENSSL_ia32_cpuid");
+ 
+-&external_label("OPENSSL_ia32cap_P");
+-
+-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+&function_begin_B("OPENSSL_rdtsc");
+        &xor    ("eax","eax");
+        &xor    ("edx","edx");
+        &picmeup("ecx","OPENSSL_ia32cap_P");
+@@ -155,7 +155,7 @@
+ # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
+ # but it's safe to call it on any [supported] 32-bit platform...
+ # Just check for [non-]zero return value...
+-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+&function_begin_B("OPENSSL_instrument_halt");
+        &picmeup("ecx","OPENSSL_ia32cap_P");
+        &bt     (&DWP(0,"ecx"),4);
+        &jnc    (&label("nohalt"));     # no TSC
+@@ -222,7 +222,7 @@
+        &ret    ();
+ &function_end_B("OPENSSL_far_spin");
+ 
+-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
+&function_begin_B("OPENSSL_wipe_cpu");
+        &xor    ("eax","eax");
+        &xor    ("edx","edx");
+        &picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
new file mode 100644
index 0000000000..ece8b9b46c
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
@@ -0,0 +1,4670 @@
+Upstream-Status: Backport [debian]
+Index: openssl-1.0.1d/Configure
+===================================================================
+--- openssl-1.0.1d.orig/Configure       2013-02-06 19:41:43.000000000 +0100
+++ openssl-1.0.1d/Configure    2013-02-06 19:41:43.000000000 +0100
+@@ -1621,6 +1621,8 @@
+                }
+        }
+ 
+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
+
+ open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+ unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+ open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+Index: openssl-1.0.1d/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.1d/openssl.ld   2013-02-06 19:44:25.000000000 +0100
+@@ -0,0 +1,4620 @@
+OPENSSL_1.0.0 {
+       global:
+               BIO_f_ssl;
+               BIO_new_buffer_ssl_connect;
+               BIO_new_ssl;
+               BIO_new_ssl_connect;
+               BIO_proxy_ssl_copy_session_id;
+               BIO_ssl_copy_session_id;
+               BIO_ssl_shutdown;
+               d2i_SSL_SESSION;
+               DTLSv1_client_method;
+               DTLSv1_method;
+               DTLSv1_server_method;
+               ERR_load_SSL_strings;
+               i2d_SSL_SESSION;
+               kssl_build_principal_2;
+               kssl_cget_tkt;
+               kssl_check_authent;
+               kssl_ctx_free;
+               kssl_ctx_new;
+               kssl_ctx_setkey;
+               kssl_ctx_setprinc;
+               kssl_ctx_setstring;
+               kssl_ctx_show;
+               kssl_err_set;
+               kssl_krb5_free_data_contents;
+               kssl_sget_tkt;
+               kssl_skip_confound;
+               kssl_validate_times;
+               PEM_read_bio_SSL_SESSION;
+               PEM_read_SSL_SESSION;
+               PEM_write_bio_SSL_SESSION;
+               PEM_write_SSL_SESSION;
+               SSL_accept;
+               SSL_add_client_CA;
+               SSL_add_dir_cert_subjects_to_stack;
+               SSL_add_dir_cert_subjs_to_stk;
+               SSL_add_file_cert_subjects_to_stack;
+               SSL_add_file_cert_subjs_to_stk;
+               SSL_alert_desc_string;
+               SSL_alert_desc_string_long;
+               SSL_alert_type_string;
+               SSL_alert_type_string_long;
+               SSL_callback_ctrl;
+               SSL_check_private_key;
+               SSL_CIPHER_description;
+               SSL_CIPHER_get_bits;
+               SSL_CIPHER_get_name;
+               SSL_CIPHER_get_version;
+               SSL_clear;
+               SSL_COMP_add_compression_method;
+               SSL_COMP_get_compression_methods;
+               SSL_COMP_get_compress_methods;
+               SSL_COMP_get_name;
+               SSL_connect;
+               SSL_copy_session_id;
+               SSL_ctrl;
+               SSL_CTX_add_client_CA;
+               SSL_CTX_add_session;
+               SSL_CTX_callback_ctrl;
+               SSL_CTX_check_private_key;
+               SSL_CTX_ctrl;
+               SSL_CTX_flush_sessions;
+               SSL_CTX_free;
+               SSL_CTX_get_cert_store;
+               SSL_CTX_get_client_CA_list;
+               SSL_CTX_get_client_cert_cb;
+               SSL_CTX_get_ex_data;
+               SSL_CTX_get_ex_new_index;
+               SSL_CTX_get_info_callback;
+               SSL_CTX_get_quiet_shutdown;
+               SSL_CTX_get_timeout;
+               SSL_CTX_get_verify_callback;
+               SSL_CTX_get_verify_depth;
+               SSL_CTX_get_verify_mode;
+               SSL_CTX_load_verify_locations;
+               SSL_CTX_new;
+               SSL_CTX_remove_session;
+               SSL_CTX_sess_get_get_cb;
+               SSL_CTX_sess_get_new_cb;
+               SSL_CTX_sess_get_remove_cb;
+               SSL_CTX_sessions;
+               SSL_CTX_sess_set_get_cb;
+               SSL_CTX_sess_set_new_cb;
+               SSL_CTX_sess_set_remove_cb;
+               SSL_CTX_set1_param;
+               SSL_CTX_set_cert_store;
+               SSL_CTX_set_cert_verify_callback;
+               SSL_CTX_set_cert_verify_cb;
+               SSL_CTX_set_cipher_list;
+               SSL_CTX_set_client_CA_list;
+               SSL_CTX_set_client_cert_cb;
+               SSL_CTX_set_client_cert_engine;
+               SSL_CTX_set_cookie_generate_cb;
+               SSL_CTX_set_cookie_verify_cb;
+               SSL_CTX_set_default_passwd_cb;
+               SSL_CTX_set_default_passwd_cb_userdata;
+               SSL_CTX_set_default_verify_paths;
+               SSL_CTX_set_def_passwd_cb_ud;
+               SSL_CTX_set_def_verify_paths;
+               SSL_CTX_set_ex_data;
+               SSL_CTX_set_generate_session_id;
+               SSL_CTX_set_info_callback;
+               SSL_CTX_set_msg_callback;
+               SSL_CTX_set_psk_client_callback;
+               SSL_CTX_set_psk_server_callback;
+               SSL_CTX_set_purpose;
+               SSL_CTX_set_quiet_shutdown;
+               SSL_CTX_set_session_id_context;
+               SSL_CTX_set_ssl_version;
+               SSL_CTX_set_timeout;
+               SSL_CTX_set_tmp_dh_callback;
+               SSL_CTX_set_tmp_ecdh_callback;
+               SSL_CTX_set_tmp_rsa_callback;
+               SSL_CTX_set_trust;
+               SSL_CTX_set_verify;
+               SSL_CTX_set_verify_depth;
+               SSL_CTX_use_cert_chain_file;
+               SSL_CTX_use_certificate;
+               SSL_CTX_use_certificate_ASN1;
+               SSL_CTX_use_certificate_chain_file;
+               SSL_CTX_use_certificate_file;
+               SSL_CTX_use_PrivateKey;
+               SSL_CTX_use_PrivateKey_ASN1;
+               SSL_CTX_use_PrivateKey_file;
+               SSL_CTX_use_psk_identity_hint;
+               SSL_CTX_use_RSAPrivateKey;
+               SSL_CTX_use_RSAPrivateKey_ASN1;
+               SSL_CTX_use_RSAPrivateKey_file;
+               SSL_do_handshake;
+               SSL_dup;
+               SSL_dup_CA_list;
+               SSLeay_add_ssl_algorithms;
+               SSL_free;
+               SSL_get1_session;
+               SSL_get_certificate;
+               SSL_get_cipher_list;
+               SSL_get_ciphers;
+               SSL_get_client_CA_list;
+               SSL_get_current_cipher;
+               SSL_get_current_compression;
+               SSL_get_current_expansion;
+               SSL_get_default_timeout;
+               SSL_get_error;
+               SSL_get_ex_data;
+               SSL_get_ex_data_X509_STORE_CTX_idx;
+               SSL_get_ex_d_X509_STORE_CTX_idx;
+               SSL_get_ex_new_index;
+               SSL_get_fd;
+               SSL_get_finished;
+               SSL_get_info_callback;
+               SSL_get_peer_cert_chain;
+               SSL_get_peer_certificate;
+               SSL_get_peer_finished;
+               SSL_get_privatekey;
+               SSL_get_psk_identity;
+               SSL_get_psk_identity_hint;
+               SSL_get_quiet_shutdown;
+               SSL_get_rbio;
+               SSL_get_read_ahead;
+               SSL_get_rfd;
+               SSL_get_servername;
+               SSL_get_servername_type;
+               SSL_get_session;
+               SSL_get_shared_ciphers;
+               SSL_get_shutdown;
+               SSL_get_SSL_CTX;
+               SSL_get_ssl_method;
+               SSL_get_verify_callback;
+               SSL_get_verify_depth;
+               SSL_get_verify_mode;
+               SSL_get_verify_result;
+               SSL_get_version;
+               SSL_get_wbio;
+               SSL_get_wfd;
+               SSL_has_matching_session_id;
+               SSL_library_init;
+               SSL_load_client_CA_file;
+               SSL_load_error_strings;
+               SSL_new;
+               SSL_peek;
+               SSL_pending;
+               SSL_read;
+               SSL_renegotiate;
+               SSL_renegotiate_pending;
+               SSL_rstate_string;
+               SSL_rstate_string_long;
+               SSL_SESSION_cmp;
+               SSL_SESSION_free;
+               SSL_SESSION_get_ex_data;
+               SSL_SESSION_get_ex_new_index;
+               SSL_SESSION_get_id;
+               SSL_SESSION_get_time;
+               SSL_SESSION_get_timeout;
+               SSL_SESSION_hash;
+               SSL_SESSION_new;
+               SSL_SESSION_print;
+               SSL_SESSION_print_fp;
+               SSL_SESSION_set_ex_data;
+               SSL_SESSION_set_time;
+               SSL_SESSION_set_timeout;
+               SSL_set1_param;
+               SSL_set_accept_state;
+               SSL_set_bio;
+               SSL_set_cipher_list;
+               SSL_set_client_CA_list;
+               SSL_set_connect_state;
+               SSL_set_ex_data;
+               SSL_set_fd;
+               SSL_set_generate_session_id;
+               SSL_set_info_callback;
+               SSL_set_msg_callback;
+               SSL_set_psk_client_callback;
+               SSL_set_psk_server_callback;
+               SSL_set_purpose;
+               SSL_set_quiet_shutdown;
+               SSL_set_read_ahead;
+               SSL_set_rfd;
+               SSL_set_session;
+               SSL_set_session_id_context;
+               SSL_set_session_secret_cb;
+               SSL_set_session_ticket_ext;
+               SSL_set_session_ticket_ext_cb;
+               SSL_set_shutdown;
+               SSL_set_SSL_CTX;
+               SSL_set_ssl_method;
+               SSL_set_tmp_dh_callback;
+               SSL_set_tmp_ecdh_callback;
+               SSL_set_tmp_rsa_callback;
+               SSL_set_trust;
+               SSL_set_verify;
+               SSL_set_verify_depth;
+               SSL_set_verify_result;
+               SSL_set_wfd;
+               SSL_shutdown;
+               SSL_state;
+               SSL_state_string;
+               SSL_state_string_long;
+               SSL_use_certificate;
+               SSL_use_certificate_ASN1;
+               SSL_use_certificate_file;
+               SSL_use_PrivateKey;
+               SSL_use_PrivateKey_ASN1;
+               SSL_use_PrivateKey_file;
+               SSL_use_psk_identity_hint;
+               SSL_use_RSAPrivateKey;
+               SSL_use_RSAPrivateKey_ASN1;
+               SSL_use_RSAPrivateKey_file;
+               SSLv23_client_method;
+               SSLv23_method;
+               SSLv23_server_method;
+               SSLv2_client_method;
+               SSLv2_method;
+               SSLv2_server_method;
+               SSLv3_client_method;
+               SSLv3_method;
+               SSLv3_server_method;
+               SSL_version;
+               SSL_want;
+               SSL_write;
+               TLSv1_client_method;
+               TLSv1_method;
+               TLSv1_server_method;
+
+
+               SSLeay;
+               SSLeay_version;
+               ASN1_BIT_STRING_asn1_meth;
+               ASN1_HEADER_free;
+               ASN1_HEADER_new;
+               ASN1_IA5STRING_asn1_meth;
+               ASN1_INTEGER_get;
+               ASN1_INTEGER_set;
+               ASN1_INTEGER_to_BN;
+               ASN1_OBJECT_create;
+               ASN1_OBJECT_free;
+               ASN1_OBJECT_new;
+               ASN1_PRINTABLE_type;
+               ASN1_STRING_cmp;
+               ASN1_STRING_dup;
+               ASN1_STRING_free;
+               ASN1_STRING_new;
+               ASN1_STRING_print;
+               ASN1_STRING_set;
+               ASN1_STRING_type_new;
+               ASN1_TYPE_free;
+               ASN1_TYPE_new;
+               ASN1_UNIVERSALSTRING_to_string;
+               ASN1_UTCTIME_check;
+               ASN1_UTCTIME_print;
+               ASN1_UTCTIME_set;
+               ASN1_check_infinite_end;
+               ASN1_d2i_bio;
+               ASN1_d2i_fp;
+               ASN1_digest;
+               ASN1_dup;
+               ASN1_get_object;
+               ASN1_i2d_bio;
+               ASN1_i2d_fp;
+               ASN1_object_size;
+               ASN1_parse;
+               ASN1_put_object;
+               ASN1_sign;
+               ASN1_verify;
+               BF_cbc_encrypt;
+               BF_cfb64_encrypt;
+               BF_ecb_encrypt;
+               BF_encrypt;
+               BF_ofb64_encrypt;
+               BF_options;
+               BF_set_key;
+               BIO_CONNECT_free;
+               BIO_CONNECT_new;
+               BIO_accept;
+               BIO_ctrl;
+               BIO_int_ctrl;
+               BIO_debug_callback;
+               BIO_dump;
+               BIO_dup_chain;
+               BIO_f_base64;
+               BIO_f_buffer;
+               BIO_f_cipher;
+               BIO_f_md;
+               BIO_f_null;
+               BIO_f_proxy_server;
+               BIO_fd_non_fatal_error;
+               BIO_fd_should_retry;
+               BIO_find_type;
+               BIO_free;
+               BIO_free_all;
+               BIO_get_accept_socket;
+               BIO_get_filter_bio;
+               BIO_get_host_ip;
+               BIO_get_port;
+               BIO_get_retry_BIO;
+               BIO_get_retry_reason;
+               BIO_gethostbyname;
+               BIO_gets;
+               BIO_new;
+               BIO_new_accept;
+               BIO_new_connect;
+               BIO_new_fd;
+               BIO_new_file;
+               BIO_new_fp;
+               BIO_new_socket;
+               BIO_pop;
+               BIO_printf;
+               BIO_push;
+               BIO_puts;
+               BIO_read;
+               BIO_s_accept;
+               BIO_s_connect;
+               BIO_s_fd;
+               BIO_s_file;
+               BIO_s_mem;
+               BIO_s_null;
+               BIO_s_proxy_client;
+               BIO_s_socket;
+               BIO_set;
+               BIO_set_cipher;
+               BIO_set_tcp_ndelay;
+               BIO_sock_cleanup;
+               BIO_sock_error;
+               BIO_sock_init;
+               BIO_sock_non_fatal_error;
+               BIO_sock_should_retry;
+               BIO_socket_ioctl;
+               BIO_write;
+               BN_CTX_free;
+               BN_CTX_new;
+               BN_MONT_CTX_free;
+               BN_MONT_CTX_new;
+               BN_MONT_CTX_set;
+               BN_add;
+               BN_add_word;
+               BN_hex2bn;
+               BN_bin2bn;
+               BN_bn2hex;
+               BN_bn2bin;
+               BN_clear;
+               BN_clear_bit;
+               BN_clear_free;
+               BN_cmp;
+               BN_copy;
+               BN_div;
+               BN_div_word;
+               BN_dup;
+               BN_free;
+               BN_from_montgomery;
+               BN_gcd;
+               BN_generate_prime;
+               BN_get_word;
+               BN_is_bit_set;
+               BN_is_prime;
+               BN_lshift;
+               BN_lshift1;
+               BN_mask_bits;
+               BN_mod;
+               BN_mod_exp;
+               BN_mod_exp_mont;
+               BN_mod_exp_simple;
+               BN_mod_inverse;
+               BN_mod_mul;
+               BN_mod_mul_montgomery;
+               BN_mod_word;
+               BN_mul;
+               BN_new;
+               BN_num_bits;
+               BN_num_bits_word;
+               BN_options;
+               BN_print;
+               BN_print_fp;
+               BN_rand;
+               BN_reciprocal;
+               BN_rshift;
+               BN_rshift1;
+               BN_set_bit;
+               BN_set_word;
+               BN_sqr;
+               BN_sub;
+               BN_to_ASN1_INTEGER;
+               BN_ucmp;
+               BN_value_one;
+               BUF_MEM_free;
+               BUF_MEM_grow;
+               BUF_MEM_new;
+               BUF_strdup;
+               CONF_free;
+               CONF_get_number;
+               CONF_get_section;
+               CONF_get_string;
+               CONF_load;
+               CRYPTO_add_lock;
+               CRYPTO_dbg_free;
+               CRYPTO_dbg_malloc;
+               CRYPTO_dbg_realloc;
+               CRYPTO_dbg_remalloc;
+               CRYPTO_free;
+               CRYPTO_get_add_lock_callback;
+               CRYPTO_get_id_callback;
+               CRYPTO_get_lock_name;
+               CRYPTO_get_locking_callback;
+               CRYPTO_get_mem_functions;
+               CRYPTO_lock;
+               CRYPTO_malloc;
+               CRYPTO_mem_ctrl;
+               CRYPTO_mem_leaks;
+               CRYPTO_mem_leaks_cb;
+               CRYPTO_mem_leaks_fp;
+               CRYPTO_realloc;
+               CRYPTO_remalloc;
+               CRYPTO_set_add_lock_callback;
+               CRYPTO_set_id_callback;
+               CRYPTO_set_locking_callback;
+               CRYPTO_set_mem_functions;
+               CRYPTO_thread_id;
+               DH_check;
+               DH_compute_key;
+               DH_free;
+               DH_generate_key;
+               DH_generate_parameters;
+               DH_new;
+               DH_size;
+               DHparams_print;
+               DHparams_print_fp;
+               DSA_free;
+               DSA_generate_key;
+               DSA_generate_parameters;
+               DSA_is_prime;
+               DSA_new;
+               DSA_print;
+               DSA_print_fp;
+               DSA_sign;
+               DSA_sign_setup;
+               DSA_size;
+               DSA_verify;
+               DSAparams_print;
+               DSAparams_print_fp;
+               ERR_clear_error;
+               ERR_error_string;
+               ERR_free_strings;
+               ERR_func_error_string;
+               ERR_get_err_state_table;
+               ERR_get_error;
+               ERR_get_error_line;
+               ERR_get_state;
+               ERR_get_string_table;
+               ERR_lib_error_string;
+               ERR_load_ASN1_strings;
+               ERR_load_BIO_strings;
+               ERR_load_BN_strings;
+               ERR_load_BUF_strings;
+               ERR_load_CONF_strings;
+               ERR_load_DH_strings;
+               ERR_load_DSA_strings;
+               ERR_load_ERR_strings;
+               ERR_load_EVP_strings;
+               ERR_load_OBJ_strings;
+               ERR_load_PEM_strings;
+               ERR_load_PROXY_strings;
+               ERR_load_RSA_strings;
+               ERR_load_X509_strings;
+               ERR_load_crypto_strings;
+               ERR_load_strings;
+               ERR_peek_error;
+               ERR_peek_error_line;
+               ERR_print_errors;
+               ERR_print_errors_fp;
+               ERR_put_error;
+               ERR_reason_error_string;
+               ERR_remove_state;
+               EVP_BytesToKey;
+               EVP_CIPHER_CTX_cleanup;
+               EVP_CipherFinal;
+               EVP_CipherInit;
+               EVP_CipherUpdate;
+               EVP_DecodeBlock;
+               EVP_DecodeFinal;
+               EVP_DecodeInit;
+               EVP_DecodeUpdate;
+               EVP_DecryptFinal;
+               EVP_DecryptInit;
+               EVP_DecryptUpdate;
+               EVP_DigestFinal;
+               EVP_DigestInit;
+               EVP_DigestUpdate;
+               EVP_EncodeBlock;
+               EVP_EncodeFinal;
+               EVP_EncodeInit;
+               EVP_EncodeUpdate;
+               EVP_EncryptFinal;
+               EVP_EncryptInit;
+               EVP_EncryptUpdate;
+               EVP_OpenFinal;
+               EVP_OpenInit;
+               EVP_PKEY_assign;
+               EVP_PKEY_copy_parameters;
+               EVP_PKEY_free;
+               EVP_PKEY_missing_parameters;
+               EVP_PKEY_new;
+               EVP_PKEY_save_parameters;
+               EVP_PKEY_size;
+               EVP_PKEY_type;
+               EVP_SealFinal;
+               EVP_SealInit;
+               EVP_SignFinal;
+               EVP_VerifyFinal;
+               EVP_add_alias;
+               EVP_add_cipher;
+               EVP_add_digest;
+               EVP_bf_cbc;
+               EVP_bf_cfb64;
+               EVP_bf_ecb;
+               EVP_bf_ofb;
+               EVP_cleanup;
+               EVP_des_cbc;
+               EVP_des_cfb64;
+               EVP_des_ecb;
+               EVP_des_ede;
+               EVP_des_ede3;
+               EVP_des_ede3_cbc;
+               EVP_des_ede3_cfb64;
+               EVP_des_ede3_ofb;
+               EVP_des_ede_cbc;
+               EVP_des_ede_cfb64;
+               EVP_des_ede_ofb;
+               EVP_des_ofb;
+               EVP_desx_cbc;
+               EVP_dss;
+               EVP_dss1;
+               EVP_enc_null;
+               EVP_get_cipherbyname;
+               EVP_get_digestbyname;
+               EVP_get_pw_prompt;
+               EVP_idea_cbc;
+               EVP_idea_cfb64;
+               EVP_idea_ecb;
+               EVP_idea_ofb;
+               EVP_md2;
+               EVP_md5;
+               EVP_md_null;
+               EVP_rc2_cbc;
+               EVP_rc2_cfb64;
+               EVP_rc2_ecb;
+               EVP_rc2_ofb;
+               EVP_rc4;
+               EVP_read_pw_string;
+               EVP_set_pw_prompt;
+               EVP_sha;
+               EVP_sha1;
+               MD2;
+               MD2_Final;
+               MD2_Init;
+               MD2_Update;
+               MD2_options;
+               MD5;
+               MD5_Final;
+               MD5_Init;
+               MD5_Update;
+               MDC2;
+               MDC2_Final;
+               MDC2_Init;
+               MDC2_Update;
+               NETSCAPE_SPKAC_free;
+               NETSCAPE_SPKAC_new;
+               NETSCAPE_SPKI_free;
+               NETSCAPE_SPKI_new;
+               NETSCAPE_SPKI_sign;
+               NETSCAPE_SPKI_verify;
+               OBJ_add_object;
+               OBJ_bsearch;
+               OBJ_cleanup;
+               OBJ_cmp;
+               OBJ_create;
+               OBJ_dup;
+               OBJ_ln2nid;
+               OBJ_new_nid;
+               OBJ_nid2ln;
+               OBJ_nid2obj;
+               OBJ_nid2sn;
+               OBJ_obj2nid;
+               OBJ_sn2nid;
+               OBJ_txt2nid;
+               PEM_ASN1_read;
+               PEM_ASN1_read_bio;
+               PEM_ASN1_write;
+               PEM_ASN1_write_bio;
+               PEM_SealFinal;
+               PEM_SealInit;
+               PEM_SealUpdate;
+               PEM_SignFinal;
+               PEM_SignInit;
+               PEM_SignUpdate;
+               PEM_X509_INFO_read;
+               PEM_X509_INFO_read_bio;
+               PEM_X509_INFO_write_bio;
+               PEM_dek_info;
+               PEM_do_header;
+               PEM_get_EVP_CIPHER_INFO;
+               PEM_proc_type;
+               PEM_read;
+               PEM_read_DHparams;
+               PEM_read_DSAPrivateKey;
+               PEM_read_DSAparams;
+               PEM_read_PKCS7;
+               PEM_read_PrivateKey;
+               PEM_read_RSAPrivateKey;
+               PEM_read_X509;
+               PEM_read_X509_CRL;
+               PEM_read_X509_REQ;
+               PEM_read_bio;
+               PEM_read_bio_DHparams;
+               PEM_read_bio_DSAPrivateKey;
+               PEM_read_bio_DSAparams;
+               PEM_read_bio_PKCS7;
+               PEM_read_bio_PrivateKey;
+               PEM_read_bio_RSAPrivateKey;
+               PEM_read_bio_X509;
+               PEM_read_bio_X509_CRL;
+               PEM_read_bio_X509_REQ;
+               PEM_write;
+               PEM_write_DHparams;
+               PEM_write_DSAPrivateKey;
+               PEM_write_DSAparams;
+               PEM_write_PKCS7;
+               PEM_write_PrivateKey;
+               PEM_write_RSAPrivateKey;
+               PEM_write_X509;
+               PEM_write_X509_CRL;
+               PEM_write_X509_REQ;
+               PEM_write_bio;
+               PEM_write_bio_DHparams;
+               PEM_write_bio_DSAPrivateKey;
+               PEM_write_bio_DSAparams;
+               PEM_write_bio_PKCS7;
+               PEM_write_bio_PrivateKey;
+               PEM_write_bio_RSAPrivateKey;
+               PEM_write_bio_X509;
+               PEM_write_bio_X509_CRL;
+               PEM_write_bio_X509_REQ;
+               PKCS7_DIGEST_free;
+               PKCS7_DIGEST_new;
+               PKCS7_ENCRYPT_free;
+               PKCS7_ENCRYPT_new;
+               PKCS7_ENC_CONTENT_free;
+               PKCS7_ENC_CONTENT_new;
+               PKCS7_ENVELOPE_free;
+               PKCS7_ENVELOPE_new;
+               PKCS7_ISSUER_AND_SERIAL_digest;
+               PKCS7_ISSUER_AND_SERIAL_free;
+               PKCS7_ISSUER_AND_SERIAL_new;
+               PKCS7_RECIP_INFO_free;
+               PKCS7_RECIP_INFO_new;
+               PKCS7_SIGNED_free;
+               PKCS7_SIGNED_new;
+               PKCS7_SIGNER_INFO_free;
+               PKCS7_SIGNER_INFO_new;
+               PKCS7_SIGN_ENVELOPE_free;
+               PKCS7_SIGN_ENVELOPE_new;
+               PKCS7_dup;
+               PKCS7_free;
+               PKCS7_new;
+               PROXY_ENTRY_add_noproxy;
+               PROXY_ENTRY_clear_noproxy;
+               PROXY_ENTRY_free;
+               PROXY_ENTRY_get_noproxy;
+               PROXY_ENTRY_new;
+               PROXY_ENTRY_set_server;
+               PROXY_add_noproxy;
+               PROXY_add_server;
+               PROXY_check_by_host;
+               PROXY_check_url;
+               PROXY_clear_noproxy;
+               PROXY_free;
+               PROXY_get_noproxy;
+               PROXY_get_proxies;
+               PROXY_get_proxy_entry;
+               PROXY_load_conf;
+               PROXY_new;
+               PROXY_print;
+               RAND_bytes;
+               RAND_cleanup;
+               RAND_file_name;
+               RAND_load_file;
+               RAND_screen;
+               RAND_seed;
+               RAND_write_file;
+               RC2_cbc_encrypt;
+               RC2_cfb64_encrypt;
+               RC2_ecb_encrypt;
+               RC2_encrypt;
+               RC2_ofb64_encrypt;
+               RC2_set_key;
+               RC4;
+               RC4_options;
+               RC4_set_key;
+               RSAPrivateKey_asn1_meth;
+               RSAPrivateKey_dup;
+               RSAPublicKey_dup;
+               RSA_PKCS1_SSLeay;
+               RSA_free;
+               RSA_generate_key;
+               RSA_new;
+               RSA_new_method;
+               RSA_print;
+               RSA_print_fp;
+               RSA_private_decrypt;
+               RSA_private_encrypt;
+               RSA_public_decrypt;
+               RSA_public_encrypt;
+               RSA_set_default_method;
+               RSA_sign;
+               RSA_sign_ASN1_OCTET_STRING;
+               RSA_size;
+               RSA_verify;
+               RSA_verify_ASN1_OCTET_STRING;
+               SHA;
+               SHA1;
+               SHA1_Final;
+               SHA1_Init;
+               SHA1_Update;
+               SHA_Final;
+               SHA_Init;
+               SHA_Update;
+               OpenSSL_add_all_algorithms;
+               OpenSSL_add_all_ciphers;
+               OpenSSL_add_all_digests;
+               TXT_DB_create_index;
+               TXT_DB_free;
+               TXT_DB_get_by_index;
+               TXT_DB_insert;
+               TXT_DB_read;
+               TXT_DB_write;
+               X509_ALGOR_free;
+               X509_ALGOR_new;
+               X509_ATTRIBUTE_free;
+               X509_ATTRIBUTE_new;
+               X509_CINF_free;
+               X509_CINF_new;
+               X509_CRL_INFO_free;
+               X509_CRL_INFO_new;
+               X509_CRL_add_ext;
+               X509_CRL_cmp;
+               X509_CRL_delete_ext;
+               X509_CRL_dup;
+               X509_CRL_free;
+               X509_CRL_get_ext;
+               X509_CRL_get_ext_by_NID;
+               X509_CRL_get_ext_by_OBJ;
+               X509_CRL_get_ext_by_critical;
+               X509_CRL_get_ext_count;
+               X509_CRL_new;
+               X509_CRL_sign;
+               X509_CRL_verify;
+               X509_EXTENSION_create_by_NID;
+               X509_EXTENSION_create_by_OBJ;
+               X509_EXTENSION_dup;
+               X509_EXTENSION_free;
+               X509_EXTENSION_get_critical;
+               X509_EXTENSION_get_data;
+               X509_EXTENSION_get_object;
+               X509_EXTENSION_new;
+               X509_EXTENSION_set_critical;
+               X509_EXTENSION_set_data;
+               X509_EXTENSION_set_object;
+               X509_INFO_free;
+               X509_INFO_new;
+               X509_LOOKUP_by_alias;
+               X509_LOOKUP_by_fingerprint;
+               X509_LOOKUP_by_issuer_serial;
+               X509_LOOKUP_by_subject;
+               X509_LOOKUP_ctrl;
+               X509_LOOKUP_file;
+               X509_LOOKUP_free;
+               X509_LOOKUP_hash_dir;
+               X509_LOOKUP_init;
+               X509_LOOKUP_new;
+               X509_LOOKUP_shutdown;
+               X509_NAME_ENTRY_create_by_NID;
+               X509_NAME_ENTRY_create_by_OBJ;
+               X509_NAME_ENTRY_dup;
+               X509_NAME_ENTRY_free;
+               X509_NAME_ENTRY_get_data;
+               X509_NAME_ENTRY_get_object;
+               X509_NAME_ENTRY_new;
+               X509_NAME_ENTRY_set_data;
+               X509_NAME_ENTRY_set_object;
+               X509_NAME_add_entry;
+               X509_NAME_cmp;
+               X509_NAME_delete_entry;
+               X509_NAME_digest;
+               X509_NAME_dup;
+               X509_NAME_entry_count;
+               X509_NAME_free;
+               X509_NAME_get_entry;
+               X509_NAME_get_index_by_NID;
+               X509_NAME_get_index_by_OBJ;
+               X509_NAME_get_text_by_NID;
+               X509_NAME_get_text_by_OBJ;
+               X509_NAME_hash;
+               X509_NAME_new;
+               X509_NAME_oneline;
+               X509_NAME_print;
+               X509_NAME_set;
+               X509_OBJECT_free_contents;
+               X509_OBJECT_retrieve_by_subject;
+               X509_OBJECT_up_ref_count;
+               X509_PKEY_free;
+               X509_PKEY_new;
+               X509_PUBKEY_free;
+               X509_PUBKEY_get;
+               X509_PUBKEY_new;
+               X509_PUBKEY_set;
+               X509_REQ_INFO_free;
+               X509_REQ_INFO_new;
+               X509_REQ_dup;
+               X509_REQ_free;
+               X509_REQ_get_pubkey;
+               X509_REQ_new;
+               X509_REQ_print;
+               X509_REQ_print_fp;
+               X509_REQ_set_pubkey;
+               X509_REQ_set_subject_name;
+               X509_REQ_set_version;
+               X509_REQ_sign;
+               X509_REQ_to_X509;
+               X509_REQ_verify;
+               X509_REVOKED_add_ext;
+               X509_REVOKED_delete_ext;
+               X509_REVOKED_free;
+               X509_REVOKED_get_ext;
+               X509_REVOKED_get_ext_by_NID;
+               X509_REVOKED_get_ext_by_OBJ;
+               X509_REVOKED_get_ext_by_critical;
+               X509_REVOKED_get_ext_by_critic;
+               X509_REVOKED_get_ext_count;
+               X509_REVOKED_new;
+               X509_SIG_free;
+               X509_SIG_new;
+               X509_STORE_CTX_cleanup;
+               X509_STORE_CTX_init;
+               X509_STORE_add_cert;
+               X509_STORE_add_lookup;
+               X509_STORE_free;
+               X509_STORE_get_by_subject;
+               X509_STORE_load_locations;
+               X509_STORE_new;
+               X509_STORE_set_default_paths;
+               X509_VAL_free;
+               X509_VAL_new;
+               X509_add_ext;
+               X509_asn1_meth;
+               X509_certificate_type;
+               X509_check_private_key;
+               X509_cmp_current_time;
+               X509_delete_ext;
+               X509_digest;
+               X509_dup;
+               X509_free;
+               X509_get_default_cert_area;
+               X509_get_default_cert_dir;
+               X509_get_default_cert_dir_env;
+               X509_get_default_cert_file;
+               X509_get_default_cert_file_env;
+               X509_get_default_private_dir;
+               X509_get_ext;
+               X509_get_ext_by_NID;
+               X509_get_ext_by_OBJ;
+               X509_get_ext_by_critical;
+               X509_get_ext_count;
+               X509_get_issuer_name;
+               X509_get_pubkey;
+               X509_get_pubkey_parameters;
+               X509_get_serialNumber;
+               X509_get_subject_name;
+               X509_gmtime_adj;
+               X509_issuer_and_serial_cmp;
+               X509_issuer_and_serial_hash;
+               X509_issuer_name_cmp;
+               X509_issuer_name_hash;
+               X509_load_cert_file;
+               X509_new;
+               X509_print;
+               X509_print_fp;
+               X509_set_issuer_name;
+               X509_set_notAfter;
+               X509_set_notBefore;
+               X509_set_pubkey;
+               X509_set_serialNumber;
+               X509_set_subject_name;
+               X509_set_version;
+               X509_sign;
+               X509_subject_name_cmp;
+               X509_subject_name_hash;
+               X509_to_X509_REQ;
+               X509_verify;
+               X509_verify_cert;
+               X509_verify_cert_error_string;
+               X509v3_add_ext;
+               X509v3_add_extension;
+               X509v3_add_netscape_extensions;
+               X509v3_add_standard_extensions;
+               X509v3_cleanup_extensions;
+               X509v3_data_type_by_NID;
+               X509v3_data_type_by_OBJ;
+               X509v3_delete_ext;
+               X509v3_get_ext;
+               X509v3_get_ext_by_NID;
+               X509v3_get_ext_by_OBJ;
+               X509v3_get_ext_by_critical;
+               X509v3_get_ext_count;
+               X509v3_pack_string;
+               X509v3_pack_type_by_NID;
+               X509v3_pack_type_by_OBJ;
+               X509v3_unpack_string;
+               _des_crypt;
+               a2d_ASN1_OBJECT;
+               a2i_ASN1_INTEGER;
+               a2i_ASN1_STRING;
+               asn1_Finish;
+               asn1_GetSequence;
+               bn_div_words;
+               bn_expand2;
+               bn_mul_add_words;
+               bn_mul_words;
+               BN_uadd;
+               BN_usub;
+               bn_sqr_words;
+               _ossl_old_crypt;
+               d2i_ASN1_BIT_STRING;
+               d2i_ASN1_BOOLEAN;
+               d2i_ASN1_HEADER;
+               d2i_ASN1_IA5STRING;
+               d2i_ASN1_INTEGER;
+               d2i_ASN1_OBJECT;
+               d2i_ASN1_OCTET_STRING;
+               d2i_ASN1_PRINTABLE;
+               d2i_ASN1_PRINTABLESTRING;
+               d2i_ASN1_SET;
+               d2i_ASN1_T61STRING;
+               d2i_ASN1_TYPE;
+               d2i_ASN1_UTCTIME;
+               d2i_ASN1_bytes;
+               d2i_ASN1_type_bytes;
+               d2i_DHparams;
+               d2i_DSAPrivateKey;
+               d2i_DSAPrivateKey_bio;
+               d2i_DSAPrivateKey_fp;
+               d2i_DSAPublicKey;
+               d2i_DSAparams;
+               d2i_NETSCAPE_SPKAC;
+               d2i_NETSCAPE_SPKI;
+               d2i_Netscape_RSA;
+               d2i_PKCS7;
+               d2i_PKCS7_DIGEST;
+               d2i_PKCS7_ENCRYPT;
+               d2i_PKCS7_ENC_CONTENT;
+               d2i_PKCS7_ENVELOPE;
+               d2i_PKCS7_ISSUER_AND_SERIAL;
+               d2i_PKCS7_RECIP_INFO;
+               d2i_PKCS7_SIGNED;
+               d2i_PKCS7_SIGNER_INFO;
+               d2i_PKCS7_SIGN_ENVELOPE;
+               d2i_PKCS7_bio;
+               d2i_PKCS7_fp;
+               d2i_PrivateKey;
+               d2i_PublicKey;
+               d2i_RSAPrivateKey;
+               d2i_RSAPrivateKey_bio;
+               d2i_RSAPrivateKey_fp;
+               d2i_RSAPublicKey;
+               d2i_X509;
+               d2i_X509_ALGOR;
+               d2i_X509_ATTRIBUTE;
+               d2i_X509_CINF;
+               d2i_X509_CRL;
+               d2i_X509_CRL_INFO;
+               d2i_X509_CRL_bio;
+               d2i_X509_CRL_fp;
+               d2i_X509_EXTENSION;
+               d2i_X509_NAME;
+               d2i_X509_NAME_ENTRY;
+               d2i_X509_PKEY;
+               d2i_X509_PUBKEY;
+               d2i_X509_REQ;
+               d2i_X509_REQ_INFO;
+               d2i_X509_REQ_bio;
+               d2i_X509_REQ_fp;
+               d2i_X509_REVOKED;
+               d2i_X509_SIG;
+               d2i_X509_VAL;
+               d2i_X509_bio;
+               d2i_X509_fp;
+               DES_cbc_cksum;
+               DES_cbc_encrypt;
+               DES_cblock_print_file;
+               DES_cfb64_encrypt;
+               DES_cfb_encrypt;
+               DES_decrypt3;
+               DES_ecb3_encrypt;
+               DES_ecb_encrypt;
+               DES_ede3_cbc_encrypt;
+               DES_ede3_cfb64_encrypt;
+               DES_ede3_ofb64_encrypt;
+               DES_enc_read;
+               DES_enc_write;
+               DES_encrypt1;
+               DES_encrypt2;
+               DES_encrypt3;
+               DES_fcrypt;
+               DES_is_weak_key;
+               DES_key_sched;
+               DES_ncbc_encrypt;
+               DES_ofb64_encrypt;
+               DES_ofb_encrypt;
+               DES_options;
+               DES_pcbc_encrypt;
+               DES_quad_cksum;
+               DES_random_key;
+               _ossl_old_des_random_seed;
+               _ossl_old_des_read_2passwords;
+               _ossl_old_des_read_password;
+               _ossl_old_des_read_pw;
+               _ossl_old_des_read_pw_string;
+               DES_set_key;
+               DES_set_odd_parity;
+               DES_string_to_2keys;
+               DES_string_to_key;
+               DES_xcbc_encrypt;
+               DES_xwhite_in2out;
+               fcrypt_body;
+               i2a_ASN1_INTEGER;
+               i2a_ASN1_OBJECT;
+               i2a_ASN1_STRING;
+               i2d_ASN1_BIT_STRING;
+               i2d_ASN1_BOOLEAN;
+               i2d_ASN1_HEADER;
+               i2d_ASN1_IA5STRING;
+               i2d_ASN1_INTEGER;
+               i2d_ASN1_OBJECT;
+               i2d_ASN1_OCTET_STRING;
+               i2d_ASN1_PRINTABLE;
+               i2d_ASN1_SET;
+               i2d_ASN1_TYPE;
+               i2d_ASN1_UTCTIME;
+               i2d_ASN1_bytes;
+               i2d_DHparams;
+               i2d_DSAPrivateKey;
+               i2d_DSAPrivateKey_bio;
+               i2d_DSAPrivateKey_fp;
+               i2d_DSAPublicKey;
+               i2d_DSAparams;
+               i2d_NETSCAPE_SPKAC;
+               i2d_NETSCAPE_SPKI;
+               i2d_Netscape_RSA;
+               i2d_PKCS7;
+               i2d_PKCS7_DIGEST;
+               i2d_PKCS7_ENCRYPT;
+               i2d_PKCS7_ENC_CONTENT;
+               i2d_PKCS7_ENVELOPE;
+               i2d_PKCS7_ISSUER_AND_SERIAL;
+               i2d_PKCS7_RECIP_INFO;
+               i2d_PKCS7_SIGNED;
+               i2d_PKCS7_SIGNER_INFO;
+               i2d_PKCS7_SIGN_ENVELOPE;
+               i2d_PKCS7_bio;
+               i2d_PKCS7_fp;
+               i2d_PrivateKey;
+               i2d_PublicKey;
+               i2d_RSAPrivateKey;
+               i2d_RSAPrivateKey_bio;
+               i2d_RSAPrivateKey_fp;
+               i2d_RSAPublicKey;
+               i2d_X509;
+               i2d_X509_ALGOR;
+               i2d_X509_ATTRIBUTE;
+               i2d_X509_CINF;
+               i2d_X509_CRL;
+               i2d_X509_CRL_INFO;
+               i2d_X509_CRL_bio;
+               i2d_X509_CRL_fp;
+               i2d_X509_EXTENSION;
+               i2d_X509_NAME;
+               i2d_X509_NAME_ENTRY;
+               i2d_X509_PKEY;
+               i2d_X509_PUBKEY;
+               i2d_X509_REQ;
+               i2d_X509_REQ_INFO;
+               i2d_X509_REQ_bio;
+               i2d_X509_REQ_fp;
+               i2d_X509_REVOKED;
+               i2d_X509_SIG;
+               i2d_X509_VAL;
+               i2d_X509_bio;
+               i2d_X509_fp;
+               idea_cbc_encrypt;
+               idea_cfb64_encrypt;
+               idea_ecb_encrypt;
+               idea_encrypt;
+               idea_ofb64_encrypt;
+               idea_options;
+               idea_set_decrypt_key;
+               idea_set_encrypt_key;
+               lh_delete;
+               lh_doall;
+               lh_doall_arg;
+               lh_free;
+               lh_insert;
+               lh_new;
+               lh_node_stats;
+               lh_node_stats_bio;
+               lh_node_usage_stats;
+               lh_node_usage_stats_bio;
+               lh_retrieve;
+               lh_stats;
+               lh_stats_bio;
+               lh_strhash;
+               sk_delete;
+               sk_delete_ptr;
+               sk_dup;
+               sk_find;
+               sk_free;
+               sk_insert;
+               sk_new;
+               sk_pop;
+               sk_pop_free;
+               sk_push;
+               sk_set_cmp_func;
+               sk_shift;
+               sk_unshift;
+               sk_zero;
+               BIO_f_nbio_test;
+               ASN1_TYPE_get;
+               ASN1_TYPE_set;
+               PKCS7_content_free;
+               ERR_load_PKCS7_strings;
+               X509_find_by_issuer_and_serial;
+               X509_find_by_subject;
+               PKCS7_ctrl;
+               PKCS7_set_type;
+               PKCS7_set_content;
+               PKCS7_SIGNER_INFO_set;
+               PKCS7_add_signer;
+               PKCS7_add_certificate;
+               PKCS7_add_crl;
+               PKCS7_content_new;
+               PKCS7_dataSign;
+               PKCS7_dataVerify;
+               PKCS7_dataInit;
+               PKCS7_add_signature;
+               PKCS7_cert_from_signer_info;
+               PKCS7_get_signer_info;
+               EVP_delete_alias;
+               EVP_mdc2;
+               PEM_read_bio_RSAPublicKey;
+               PEM_write_bio_RSAPublicKey;
+               d2i_RSAPublicKey_bio;
+               i2d_RSAPublicKey_bio;
+               PEM_read_RSAPublicKey;
+               PEM_write_RSAPublicKey;
+               d2i_RSAPublicKey_fp;
+               i2d_RSAPublicKey_fp;
+               BIO_copy_next_retry;
+               RSA_flags;
+               X509_STORE_add_crl;
+               X509_load_crl_file;
+               EVP_rc2_40_cbc;
+               EVP_rc4_40;
+               EVP_CIPHER_CTX_init;
+               HMAC;
+               HMAC_Init;
+               HMAC_Update;
+               HMAC_Final;
+               ERR_get_next_error_library;
+               EVP_PKEY_cmp_parameters;
+               HMAC_cleanup;
+               BIO_ptr_ctrl;
+               BIO_new_file_internal;
+               BIO_new_fp_internal;
+               BIO_s_file_internal;
+               BN_BLINDING_convert;
+               BN_BLINDING_invert;
+               BN_BLINDING_update;
+               RSA_blinding_on;
+               RSA_blinding_off;
+               i2t_ASN1_OBJECT;
+               BN_BLINDING_new;
+               BN_BLINDING_free;
+               EVP_cast5_cbc;
+               EVP_cast5_cfb64;
+               EVP_cast5_ecb;
+               EVP_cast5_ofb;
+               BF_decrypt;
+               CAST_set_key;
+               CAST_encrypt;
+               CAST_decrypt;
+               CAST_ecb_encrypt;
+               CAST_cbc_encrypt;
+               CAST_cfb64_encrypt;
+               CAST_ofb64_encrypt;
+               RC2_decrypt;
+               OBJ_create_objects;
+               BN_exp;
+               BN_mul_word;
+               BN_sub_word;
+               BN_dec2bn;
+               BN_bn2dec;
+               BIO_ghbn_ctrl;
+               CRYPTO_free_ex_data;
+               CRYPTO_get_ex_data;
+               CRYPTO_set_ex_data;
+               ERR_load_CRYPTO_strings;
+               ERR_load_CRYPTOlib_strings;
+               EVP_PKEY_bits;
+               MD5_Transform;
+               SHA1_Transform;
+               SHA_Transform;
+               X509_STORE_CTX_get_chain;
+               X509_STORE_CTX_get_current_cert;
+               X509_STORE_CTX_get_error;
+               X509_STORE_CTX_get_error_depth;
+               X509_STORE_CTX_get_ex_data;
+               X509_STORE_CTX_set_cert;
+               X509_STORE_CTX_set_chain;
+               X509_STORE_CTX_set_error;
+               X509_STORE_CTX_set_ex_data;
+               CRYPTO_dup_ex_data;
+               CRYPTO_get_new_lockid;
+               CRYPTO_new_ex_data;
+               RSA_set_ex_data;
+               RSA_get_ex_data;
+               RSA_get_ex_new_index;
+               RSA_padding_add_PKCS1_type_1;
+               RSA_padding_add_PKCS1_type_2;
+               RSA_padding_add_SSLv23;
+               RSA_padding_add_none;
+               RSA_padding_check_PKCS1_type_1;
+               RSA_padding_check_PKCS1_type_2;
+               RSA_padding_check_SSLv23;
+               RSA_padding_check_none;
+               bn_add_words;
+               d2i_Netscape_RSA_2;
+               CRYPTO_get_ex_new_index;
+               RIPEMD160_Init;
+               RIPEMD160_Update;
+               RIPEMD160_Final;
+               RIPEMD160;
+               RIPEMD160_Transform;
+               RC5_32_set_key;
+               RC5_32_ecb_encrypt;
+               RC5_32_encrypt;
+               RC5_32_decrypt;
+               RC5_32_cbc_encrypt;
+               RC5_32_cfb64_encrypt;
+               RC5_32_ofb64_encrypt;
+               BN_bn2mpi;
+               BN_mpi2bn;
+               ASN1_BIT_STRING_get_bit;
+               ASN1_BIT_STRING_set_bit;
+               BIO_get_ex_data;
+               BIO_get_ex_new_index;
+               BIO_set_ex_data;
+               X509v3_get_key_usage;
+               X509v3_set_key_usage;
+               a2i_X509v3_key_usage;
+               i2a_X509v3_key_usage;
+               EVP_PKEY_decrypt;
+               EVP_PKEY_encrypt;
+               PKCS7_RECIP_INFO_set;
+               PKCS7_add_recipient;
+               PKCS7_add_recipient_info;
+               PKCS7_set_cipher;
+               ASN1_TYPE_get_int_octetstring;
+               ASN1_TYPE_get_octetstring;
+               ASN1_TYPE_set_int_octetstring;
+               ASN1_TYPE_set_octetstring;
+               ASN1_UTCTIME_set_string;
+               ERR_add_error_data;
+               ERR_set_error_data;
+               EVP_CIPHER_asn1_to_param;
+               EVP_CIPHER_param_to_asn1;
+               EVP_CIPHER_get_asn1_iv;
+               EVP_CIPHER_set_asn1_iv;
+               EVP_rc5_32_12_16_cbc;
+               EVP_rc5_32_12_16_cfb64;
+               EVP_rc5_32_12_16_ecb;
+               EVP_rc5_32_12_16_ofb;
+               asn1_add_error;
+               d2i_ASN1_BMPSTRING;
+               i2d_ASN1_BMPSTRING;
+               BIO_f_ber;
+               BN_init;
+               COMP_CTX_new;
+               COMP_CTX_free;
+               COMP_CTX_compress_block;
+               COMP_CTX_expand_block;
+               X509_STORE_CTX_get_ex_new_index;
+               OBJ_NAME_add;
+               BIO_socket_nbio;
+               EVP_rc2_64_cbc;
+               OBJ_NAME_cleanup;
+               OBJ_NAME_get;
+               OBJ_NAME_init;
+               OBJ_NAME_new_index;
+               OBJ_NAME_remove;
+               BN_MONT_CTX_copy;
+               BIO_new_socks4a_connect;
+               BIO_s_socks4a_connect;
+               PROXY_set_connect_mode;
+               RAND_SSLeay;
+               RAND_set_rand_method;
+               RSA_memory_lock;
+               bn_sub_words;
+               bn_mul_normal;
+               bn_mul_comba8;
+               bn_mul_comba4;
+               bn_sqr_normal;
+               bn_sqr_comba8;
+               bn_sqr_comba4;
+               bn_cmp_words;
+               bn_mul_recursive;
+               bn_mul_part_recursive;
+               bn_sqr_recursive;
+               bn_mul_low_normal;
+               BN_RECP_CTX_init;
+               BN_RECP_CTX_new;
+               BN_RECP_CTX_free;
+               BN_RECP_CTX_set;
+               BN_mod_mul_reciprocal;
+               BN_mod_exp_recp;
+               BN_div_recp;
+               BN_CTX_init;
+               BN_MONT_CTX_init;
+               RAND_get_rand_method;
+               PKCS7_add_attribute;
+               PKCS7_add_signed_attribute;
+               PKCS7_digest_from_attributes;
+               PKCS7_get_attribute;
+               PKCS7_get_issuer_and_serial;
+               PKCS7_get_signed_attribute;
+               COMP_compress_block;
+               COMP_expand_block;
+               COMP_rle;
+               COMP_zlib;
+               ms_time_diff;
+               ms_time_new;
+               ms_time_free;
+               ms_time_cmp;
+               ms_time_get;
+               PKCS7_set_attributes;
+               PKCS7_set_signed_attributes;
+               X509_ATTRIBUTE_create;
+               X509_ATTRIBUTE_dup;
+               ASN1_GENERALIZEDTIME_check;
+               ASN1_GENERALIZEDTIME_print;
+               ASN1_GENERALIZEDTIME_set;
+               ASN1_GENERALIZEDTIME_set_string;
+               ASN1_TIME_print;
+               BASIC_CONSTRAINTS_free;
+               BASIC_CONSTRAINTS_new;
+               ERR_load_X509V3_strings;
+               NETSCAPE_CERT_SEQUENCE_free;
+               NETSCAPE_CERT_SEQUENCE_new;
+               OBJ_txt2obj;
+               PEM_read_NETSCAPE_CERT_SEQUENCE;
+               PEM_read_NS_CERT_SEQ;
+               PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
+               PEM_read_bio_NS_CERT_SEQ;
+               PEM_write_NETSCAPE_CERT_SEQUENCE;
+               PEM_write_NS_CERT_SEQ;
+               PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
+               PEM_write_bio_NS_CERT_SEQ;
+               X509V3_EXT_add;
+               X509V3_EXT_add_alias;
+               X509V3_EXT_add_conf;
+               X509V3_EXT_cleanup;
+               X509V3_EXT_conf;
+               X509V3_EXT_conf_nid;
+               X509V3_EXT_get;
+               X509V3_EXT_get_nid;
+               X509V3_EXT_print;
+               X509V3_EXT_print_fp;
+               X509V3_add_standard_extensions;
+               X509V3_add_value;
+               X509V3_add_value_bool;
+               X509V3_add_value_int;
+               X509V3_conf_free;
+               X509V3_get_value_bool;
+               X509V3_get_value_int;
+               X509V3_parse_list;
+               d2i_ASN1_GENERALIZEDTIME;
+               d2i_ASN1_TIME;
+               d2i_BASIC_CONSTRAINTS;
+               d2i_NETSCAPE_CERT_SEQUENCE;
+               d2i_ext_ku;
+               ext_ku_free;
+               ext_ku_new;
+               i2d_ASN1_GENERALIZEDTIME;
+               i2d_ASN1_TIME;
+               i2d_BASIC_CONSTRAINTS;
+               i2d_NETSCAPE_CERT_SEQUENCE;
+               i2d_ext_ku;
+               EVP_MD_CTX_copy;
+               i2d_ASN1_ENUMERATED;
+               d2i_ASN1_ENUMERATED;
+               ASN1_ENUMERATED_set;
+               ASN1_ENUMERATED_get;
+               BN_to_ASN1_ENUMERATED;
+               ASN1_ENUMERATED_to_BN;
+               i2a_ASN1_ENUMERATED;
+               a2i_ASN1_ENUMERATED;
+               i2d_GENERAL_NAME;
+               d2i_GENERAL_NAME;
+               GENERAL_NAME_new;
+               GENERAL_NAME_free;
+               GENERAL_NAMES_new;
+               GENERAL_NAMES_free;
+               d2i_GENERAL_NAMES;
+               i2d_GENERAL_NAMES;
+               i2v_GENERAL_NAMES;
+               i2s_ASN1_OCTET_STRING;
+               s2i_ASN1_OCTET_STRING;
+               X509V3_EXT_check_conf;
+               hex_to_string;
+               string_to_hex;
+               DES_ede3_cbcm_encrypt;
+               RSA_padding_add_PKCS1_OAEP;
+               RSA_padding_check_PKCS1_OAEP;
+               X509_CRL_print_fp;
+               X509_CRL_print;
+               i2v_GENERAL_NAME;
+               v2i_GENERAL_NAME;
+               i2d_PKEY_USAGE_PERIOD;
+               d2i_PKEY_USAGE_PERIOD;
+               PKEY_USAGE_PERIOD_new;
+               PKEY_USAGE_PERIOD_free;
+               v2i_GENERAL_NAMES;
+               i2s_ASN1_INTEGER;
+               X509V3_EXT_d2i;
+               name_cmp;
+               str_dup;
+               i2s_ASN1_ENUMERATED;
+               i2s_ASN1_ENUMERATED_TABLE;
+               BIO_s_log;
+               BIO_f_reliable;
+               PKCS7_dataFinal;
+               PKCS7_dataDecode;
+               X509V3_EXT_CRL_add_conf;
+               BN_set_params;
+               BN_get_params;
+               BIO_get_ex_num;
+               BIO_set_ex_free_func;
+               EVP_ripemd160;
+               ASN1_TIME_set;
+               i2d_AUTHORITY_KEYID;
+               d2i_AUTHORITY_KEYID;
+               AUTHORITY_KEYID_new;
+               AUTHORITY_KEYID_free;
+               ASN1_seq_unpack;
+               ASN1_seq_pack;
+               ASN1_unpack_string;
+               ASN1_pack_string;
+               PKCS12_pack_safebag;
+               PKCS12_MAKE_KEYBAG;
+               PKCS8_encrypt;
+               PKCS12_MAKE_SHKEYBAG;
+               PKCS12_pack_p7data;
+               PKCS12_pack_p7encdata;
+               PKCS12_add_localkeyid;
+               PKCS12_add_friendlyname_asc;
+               PKCS12_add_friendlyname_uni;
+               PKCS12_get_friendlyname;
+               PKCS12_pbe_crypt;
+               PKCS12_decrypt_d2i;
+               PKCS12_i2d_encrypt;
+               PKCS12_init;
+               PKCS12_key_gen_asc;
+               PKCS12_key_gen_uni;
+               PKCS12_gen_mac;
+               PKCS12_verify_mac;
+               PKCS12_set_mac;
+               PKCS12_setup_mac;
+               OPENSSL_asc2uni;
+               OPENSSL_uni2asc;
+               i2d_PKCS12_BAGS;
+               PKCS12_BAGS_new;
+               d2i_PKCS12_BAGS;
+               PKCS12_BAGS_free;
+               i2d_PKCS12;
+               d2i_PKCS12;
+               PKCS12_new;
+               PKCS12_free;
+               i2d_PKCS12_MAC_DATA;
+               PKCS12_MAC_DATA_new;
+               d2i_PKCS12_MAC_DATA;
+               PKCS12_MAC_DATA_free;
+               i2d_PKCS12_SAFEBAG;
+               PKCS12_SAFEBAG_new;
+               d2i_PKCS12_SAFEBAG;
+               PKCS12_SAFEBAG_free;
+               ERR_load_PKCS12_strings;
+               PKCS12_PBE_add;
+               PKCS8_add_keyusage;
+               PKCS12_get_attr_gen;
+               PKCS12_parse;
+               PKCS12_create;
+               i2d_PKCS12_bio;
+               i2d_PKCS12_fp;
+               d2i_PKCS12_bio;
+               d2i_PKCS12_fp;
+               i2d_PBEPARAM;
+               PBEPARAM_new;
+               d2i_PBEPARAM;
+               PBEPARAM_free;
+               i2d_PKCS8_PRIV_KEY_INFO;
+               PKCS8_PRIV_KEY_INFO_new;
+               d2i_PKCS8_PRIV_KEY_INFO;
+               PKCS8_PRIV_KEY_INFO_free;
+               EVP_PKCS82PKEY;
+               EVP_PKEY2PKCS8;
+               PKCS8_set_broken;
+               EVP_PBE_ALGOR_CipherInit;
+               EVP_PBE_alg_add;
+               PKCS5_pbe_set;
+               EVP_PBE_cleanup;
+               i2d_SXNET;
+               d2i_SXNET;
+               SXNET_new;
+               SXNET_free;
+               i2d_SXNETID;
+               d2i_SXNETID;
+               SXNETID_new;
+               SXNETID_free;
+               DSA_SIG_new;
+               DSA_SIG_free;
+               DSA_do_sign;
+               DSA_do_verify;
+               d2i_DSA_SIG;
+               i2d_DSA_SIG;
+               i2d_ASN1_VISIBLESTRING;
+               d2i_ASN1_VISIBLESTRING;
+               i2d_ASN1_UTF8STRING;
+               d2i_ASN1_UTF8STRING;
+               i2d_DIRECTORYSTRING;
+               d2i_DIRECTORYSTRING;
+               i2d_DISPLAYTEXT;
+               d2i_DISPLAYTEXT;
+               d2i_ASN1_SET_OF_X509;
+               i2d_ASN1_SET_OF_X509;
+               i2d_PBKDF2PARAM;
+               PBKDF2PARAM_new;
+               d2i_PBKDF2PARAM;
+               PBKDF2PARAM_free;
+               i2d_PBE2PARAM;
+               PBE2PARAM_new;
+               d2i_PBE2PARAM;
+               PBE2PARAM_free;
+               d2i_ASN1_SET_OF_GENERAL_NAME;
+               i2d_ASN1_SET_OF_GENERAL_NAME;
+               d2i_ASN1_SET_OF_SXNETID;
+               i2d_ASN1_SET_OF_SXNETID;
+               d2i_ASN1_SET_OF_POLICYQUALINFO;
+               i2d_ASN1_SET_OF_POLICYQUALINFO;
+               d2i_ASN1_SET_OF_POLICYINFO;
+               i2d_ASN1_SET_OF_POLICYINFO;
+               SXNET_add_id_asc;
+               SXNET_add_id_ulong;
+               SXNET_add_id_INTEGER;
+               SXNET_get_id_asc;
+               SXNET_get_id_ulong;
+               SXNET_get_id_INTEGER;
+               X509V3_set_conf_lhash;
+               i2d_CERTIFICATEPOLICIES;
+               CERTIFICATEPOLICIES_new;
+               CERTIFICATEPOLICIES_free;
+               d2i_CERTIFICATEPOLICIES;
+               i2d_POLICYINFO;
+               POLICYINFO_new;
+               d2i_POLICYINFO;
+               POLICYINFO_free;
+               i2d_POLICYQUALINFO;
+               POLICYQUALINFO_new;
+               d2i_POLICYQUALINFO;
+               POLICYQUALINFO_free;
+               i2d_USERNOTICE;
+               USERNOTICE_new;
+               d2i_USERNOTICE;
+               USERNOTICE_free;
+               i2d_NOTICEREF;
+               NOTICEREF_new;
+               d2i_NOTICEREF;
+               NOTICEREF_free;
+               X509V3_get_string;
+               X509V3_get_section;
+               X509V3_string_free;
+               X509V3_section_free;
+               X509V3_set_ctx;
+               s2i_ASN1_INTEGER;
+               CRYPTO_set_locked_mem_functions;
+               CRYPTO_get_locked_mem_functions;
+               CRYPTO_malloc_locked;
+               CRYPTO_free_locked;
+               BN_mod_exp2_mont;
+               ERR_get_error_line_data;
+               ERR_peek_error_line_data;
+               PKCS12_PBE_keyivgen;
+               X509_ALGOR_dup;
+               d2i_ASN1_SET_OF_DIST_POINT;
+               i2d_ASN1_SET_OF_DIST_POINT;
+               i2d_CRL_DIST_POINTS;
+               CRL_DIST_POINTS_new;
+               CRL_DIST_POINTS_free;
+               d2i_CRL_DIST_POINTS;
+               i2d_DIST_POINT;
+               DIST_POINT_new;
+               d2i_DIST_POINT;
+               DIST_POINT_free;
+               i2d_DIST_POINT_NAME;
+               DIST_POINT_NAME_new;
+               DIST_POINT_NAME_free;
+               d2i_DIST_POINT_NAME;
+               X509V3_add_value_uchar;
+               d2i_ASN1_SET_OF_X509_ATTRIBUTE;
+               i2d_ASN1_SET_OF_ASN1_TYPE;
+               d2i_ASN1_SET_OF_X509_EXTENSION;
+               d2i_ASN1_SET_OF_X509_NAME_ENTRY;
+               d2i_ASN1_SET_OF_ASN1_TYPE;
+               i2d_ASN1_SET_OF_X509_ATTRIBUTE;
+               i2d_ASN1_SET_OF_X509_EXTENSION;
+               i2d_ASN1_SET_OF_X509_NAME_ENTRY;
+               X509V3_EXT_i2d;
+               X509V3_EXT_val_prn;
+               X509V3_EXT_add_list;
+               EVP_CIPHER_type;
+               EVP_PBE_CipherInit;
+               X509V3_add_value_bool_nf;
+               d2i_ASN1_UINTEGER;
+               sk_value;
+               sk_num;
+               sk_set;
+               i2d_ASN1_SET_OF_X509_REVOKED;
+               sk_sort;
+               d2i_ASN1_SET_OF_X509_REVOKED;
+               i2d_ASN1_SET_OF_X509_ALGOR;
+               i2d_ASN1_SET_OF_X509_CRL;
+               d2i_ASN1_SET_OF_X509_ALGOR;
+               d2i_ASN1_SET_OF_X509_CRL;
+               i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
+               i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
+               d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
+               d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
+               PKCS5_PBE_add;
+               PEM_write_bio_PKCS8;
+               i2d_PKCS8_fp;
+               PEM_read_bio_PKCS8_PRIV_KEY_INFO;
+               PEM_read_bio_P8_PRIV_KEY_INFO;
+               d2i_PKCS8_bio;
+               d2i_PKCS8_PRIV_KEY_INFO_fp;
+               PEM_write_bio_PKCS8_PRIV_KEY_INFO;
+               PEM_write_bio_P8_PRIV_KEY_INFO;
+               PEM_read_PKCS8;
+               d2i_PKCS8_PRIV_KEY_INFO_bio;
+               d2i_PKCS8_fp;
+               PEM_write_PKCS8;
+               PEM_read_PKCS8_PRIV_KEY_INFO;
+               PEM_read_P8_PRIV_KEY_INFO;
+               PEM_read_bio_PKCS8;
+               PEM_write_PKCS8_PRIV_KEY_INFO;
+               PEM_write_P8_PRIV_KEY_INFO;
+               PKCS5_PBE_keyivgen;
+               i2d_PKCS8_bio;
+               i2d_PKCS8_PRIV_KEY_INFO_fp;
+               i2d_PKCS8_PRIV_KEY_INFO_bio;
+               BIO_s_bio;
+               PKCS5_pbe2_set;
+               PKCS5_PBKDF2_HMAC_SHA1;
+               PKCS5_v2_PBE_keyivgen;
+               PEM_write_bio_PKCS8PrivateKey;
+               PEM_write_PKCS8PrivateKey;
+               BIO_ctrl_get_read_request;
+               BIO_ctrl_pending;
+               BIO_ctrl_wpending;
+               BIO_new_bio_pair;
+               BIO_ctrl_get_write_guarantee;
+               CRYPTO_num_locks;
+               CONF_load_bio;
+               CONF_load_fp;
+               i2d_ASN1_SET_OF_ASN1_OBJECT;
+               d2i_ASN1_SET_OF_ASN1_OBJECT;
+               PKCS7_signatureVerify;
+               RSA_set_method;
+               RSA_get_method;
+               RSA_get_default_method;
+               RSA_check_key;
+               OBJ_obj2txt;
+               DSA_dup_DH;
+               X509_REQ_get_extensions;
+               X509_REQ_set_extension_nids;
+               BIO_nwrite;
+               X509_REQ_extension_nid;
+               BIO_nread;
+               X509_REQ_get_extension_nids;
+               BIO_nwrite0;
+               X509_REQ_add_extensions_nid;
+               BIO_nread0;
+               X509_REQ_add_extensions;
+               BIO_new_mem_buf;
+               DH_set_ex_data;
+               DH_set_method;
+               DSA_OpenSSL;
+               DH_get_ex_data;
+               DH_get_ex_new_index;
+               DSA_new_method;
+               DH_new_method;
+               DH_OpenSSL;
+               DSA_get_ex_new_index;
+               DH_get_default_method;
+               DSA_set_ex_data;
+               DH_set_default_method;
+               DSA_get_ex_data;
+               X509V3_EXT_REQ_add_conf;
+               NETSCAPE_SPKI_print;
+               NETSCAPE_SPKI_set_pubkey;
+               NETSCAPE_SPKI_b64_encode;
+               NETSCAPE_SPKI_get_pubkey;
+               NETSCAPE_SPKI_b64_decode;
+               UTF8_putc;
+               UTF8_getc;
+               RSA_null_method;
+               ASN1_tag2str;
+               BIO_ctrl_reset_read_request;
+               DISPLAYTEXT_new;
+               ASN1_GENERALIZEDTIME_free;
+               X509_REVOKED_get_ext_d2i;
+               X509_set_ex_data;
+               X509_reject_set_bit_asc;
+               X509_NAME_add_entry_by_txt;
+               X509_NAME_add_entry_by_NID;
+               X509_PURPOSE_get0;
+               PEM_read_X509_AUX;
+               d2i_AUTHORITY_INFO_ACCESS;
+               PEM_write_PUBKEY;
+               ACCESS_DESCRIPTION_new;
+               X509_CERT_AUX_free;
+               d2i_ACCESS_DESCRIPTION;
+               X509_trust_clear;
+               X509_TRUST_add;
+               ASN1_VISIBLESTRING_new;
+               X509_alias_set1;
+               ASN1_PRINTABLESTRING_free;
+               EVP_PKEY_get1_DSA;
+               ASN1_BMPSTRING_new;
+               ASN1_mbstring_copy;
+               ASN1_UTF8STRING_new;
+               DSA_get_default_method;
+               i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
+               ASN1_T61STRING_free;
+               DSA_set_method;
+               X509_get_ex_data;
+               ASN1_STRING_type;
+               X509_PURPOSE_get_by_sname;
+               ASN1_TIME_free;
+               ASN1_OCTET_STRING_cmp;
+               ASN1_BIT_STRING_new;
+               X509_get_ext_d2i;
+               PEM_read_bio_X509_AUX;
+               ASN1_STRING_set_default_mask_asc;
+               ASN1_STRING_set_def_mask_asc;
+               PEM_write_bio_RSA_PUBKEY;
+               ASN1_INTEGER_cmp;
+               d2i_RSA_PUBKEY_fp;
+               X509_trust_set_bit_asc;
+               PEM_write_bio_DSA_PUBKEY;
+               X509_STORE_CTX_free;
+               EVP_PKEY_set1_DSA;
+               i2d_DSA_PUBKEY_fp;
+               X509_load_cert_crl_file;
+               ASN1_TIME_new;
+               i2d_RSA_PUBKEY;
+               X509_STORE_CTX_purpose_inherit;
+               PEM_read_RSA_PUBKEY;
+               d2i_X509_AUX;
+               i2d_DSA_PUBKEY;
+               X509_CERT_AUX_print;
+               PEM_read_DSA_PUBKEY;
+               i2d_RSA_PUBKEY_bio;
+               ASN1_BIT_STRING_num_asc;
+               i2d_PUBKEY;
+               ASN1_UTCTIME_free;
+               DSA_set_default_method;
+               X509_PURPOSE_get_by_id;
+               ACCESS_DESCRIPTION_free;
+               PEM_read_bio_PUBKEY;
+               ASN1_STRING_set_by_NID;
+               X509_PURPOSE_get_id;
+               DISPLAYTEXT_free;
+               OTHERNAME_new;
+               X509_CERT_AUX_new;
+               X509_TRUST_cleanup;
+               X509_NAME_add_entry_by_OBJ;
+               X509_CRL_get_ext_d2i;
+               X509_PURPOSE_get0_name;
+               PEM_read_PUBKEY;
+               i2d_DSA_PUBKEY_bio;
+               i2d_OTHERNAME;
+               ASN1_OCTET_STRING_free;
+               ASN1_BIT_STRING_set_asc;
+               X509_get_ex_new_index;
+               ASN1_STRING_TABLE_cleanup;
+               X509_TRUST_get_by_id;
+               X509_PURPOSE_get_trust;
+               ASN1_STRING_length;
+               d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
+               ASN1_PRINTABLESTRING_new;
+               X509V3_get_d2i;
+               ASN1_ENUMERATED_free;
+               i2d_X509_CERT_AUX;
+               X509_STORE_CTX_set_trust;
+               ASN1_STRING_set_default_mask;
+               X509_STORE_CTX_new;
+               EVP_PKEY_get1_RSA;
+               DIRECTORYSTRING_free;
+               PEM_write_X509_AUX;
+               ASN1_OCTET_STRING_set;
+               d2i_DSA_PUBKEY_fp;
+               d2i_RSA_PUBKEY;
+               X509_TRUST_get0_name;
+               X509_TRUST_get0;
+               AUTHORITY_INFO_ACCESS_free;
+               ASN1_IA5STRING_new;
+               d2i_DSA_PUBKEY;
+               X509_check_purpose;
+               ASN1_ENUMERATED_new;
+               d2i_RSA_PUBKEY_bio;
+               d2i_PUBKEY;
+               X509_TRUST_get_trust;
+               X509_TRUST_get_flags;
+               ASN1_BMPSTRING_free;
+               ASN1_T61STRING_new;
+               ASN1_UTCTIME_new;
+               i2d_AUTHORITY_INFO_ACCESS;
+               EVP_PKEY_set1_RSA;
+               X509_STORE_CTX_set_purpose;
+               ASN1_IA5STRING_free;
+               PEM_write_bio_X509_AUX;
+               X509_PURPOSE_get_count;
+               CRYPTO_add_info;
+               X509_NAME_ENTRY_create_by_txt;
+               ASN1_STRING_get_default_mask;
+               X509_alias_get0;
+               ASN1_STRING_data;
+               i2d_ACCESS_DESCRIPTION;
+               X509_trust_set_bit;
+               ASN1_BIT_STRING_free;
+               PEM_read_bio_RSA_PUBKEY;
+               X509_add1_reject_object;
+               X509_check_trust;
+               PEM_read_bio_DSA_PUBKEY;
+               X509_PURPOSE_add;
+               ASN1_STRING_TABLE_get;
+               ASN1_UTF8STRING_free;
+               d2i_DSA_PUBKEY_bio;
+               PEM_write_RSA_PUBKEY;
+               d2i_OTHERNAME;
+               X509_reject_set_bit;
+               PEM_write_DSA_PUBKEY;
+               X509_PURPOSE_get0_sname;
+               EVP_PKEY_set1_DH;
+               ASN1_OCTET_STRING_dup;
+               ASN1_BIT_STRING_set;
+               X509_TRUST_get_count;
+               ASN1_INTEGER_free;
+               OTHERNAME_free;
+               i2d_RSA_PUBKEY_fp;
+               ASN1_INTEGER_dup;
+               d2i_X509_CERT_AUX;
+               PEM_write_bio_PUBKEY;
+               ASN1_VISIBLESTRING_free;
+               X509_PURPOSE_cleanup;
+               ASN1_mbstring_ncopy;
+               ASN1_GENERALIZEDTIME_new;
+               EVP_PKEY_get1_DH;
+               ASN1_OCTET_STRING_new;
+               ASN1_INTEGER_new;
+               i2d_X509_AUX;
+               ASN1_BIT_STRING_name_print;
+               X509_cmp;
+               ASN1_STRING_length_set;
+               DIRECTORYSTRING_new;
+               X509_add1_trust_object;
+               PKCS12_newpass;
+               SMIME_write_PKCS7;
+               SMIME_read_PKCS7;
+               DES_set_key_checked;
+               PKCS7_verify;
+               PKCS7_encrypt;
+               DES_set_key_unchecked;
+               SMIME_crlf_copy;
+               i2d_ASN1_PRINTABLESTRING;
+               PKCS7_get0_signers;
+               PKCS7_decrypt;
+               SMIME_text;
+               PKCS7_simple_smimecap;
+               PKCS7_get_smimecap;
+               PKCS7_sign;
+               PKCS7_add_attrib_smimecap;
+               CRYPTO_dbg_set_options;
+               CRYPTO_remove_all_info;
+               CRYPTO_get_mem_debug_functions;
+               CRYPTO_is_mem_check_on;
+               CRYPTO_set_mem_debug_functions;
+               CRYPTO_pop_info;
+               CRYPTO_push_info_;
+               CRYPTO_set_mem_debug_options;
+               PEM_write_PKCS8PrivateKey_nid;
+               PEM_write_bio_PKCS8PrivateKey_nid;
+               PEM_write_bio_PKCS8PrivKey_nid;
+               d2i_PKCS8PrivateKey_bio;
+               ASN1_NULL_free;
+               d2i_ASN1_NULL;
+               ASN1_NULL_new;
+               i2d_PKCS8PrivateKey_bio;
+               i2d_PKCS8PrivateKey_fp;
+               i2d_ASN1_NULL;
+               i2d_PKCS8PrivateKey_nid_fp;
+               d2i_PKCS8PrivateKey_fp;
+               i2d_PKCS8PrivateKey_nid_bio;
+               i2d_PKCS8PrivateKeyInfo_fp;
+               i2d_PKCS8PrivateKeyInfo_bio;
+               PEM_cb;
+               i2d_PrivateKey_fp;
+               d2i_PrivateKey_bio;
+               d2i_PrivateKey_fp;
+               i2d_PrivateKey_bio;
+               X509_reject_clear;
+               X509_TRUST_set_default;
+               d2i_AutoPrivateKey;
+               X509_ATTRIBUTE_get0_type;
+               X509_ATTRIBUTE_set1_data;
+               X509at_get_attr;
+               X509at_get_attr_count;
+               X509_ATTRIBUTE_create_by_NID;
+               X509_ATTRIBUTE_set1_object;
+               X509_ATTRIBUTE_count;
+               X509_ATTRIBUTE_create_by_OBJ;
+               X509_ATTRIBUTE_get0_object;
+               X509at_get_attr_by_NID;
+               X509at_add1_attr;
+               X509_ATTRIBUTE_get0_data;
+               X509at_delete_attr;
+               X509at_get_attr_by_OBJ;
+               RAND_add;
+               BIO_number_written;
+               BIO_number_read;
+               X509_STORE_CTX_get1_chain;
+               ERR_load_RAND_strings;
+               RAND_pseudo_bytes;
+               X509_REQ_get_attr_by_NID;
+               X509_REQ_get_attr;
+               X509_REQ_add1_attr_by_NID;
+               X509_REQ_get_attr_by_OBJ;
+               X509at_add1_attr_by_NID;
+               X509_REQ_add1_attr_by_OBJ;
+               X509_REQ_get_attr_count;
+               X509_REQ_add1_attr;
+               X509_REQ_delete_attr;
+               X509at_add1_attr_by_OBJ;
+               X509_REQ_add1_attr_by_txt;
+               X509_ATTRIBUTE_create_by_txt;
+               X509at_add1_attr_by_txt;
+               BN_pseudo_rand;
+               BN_is_prime_fasttest;
+               BN_CTX_end;
+               BN_CTX_start;
+               BN_CTX_get;
+               EVP_PKEY2PKCS8_broken;
+               ASN1_STRING_TABLE_add;
+               CRYPTO_dbg_get_options;
+               AUTHORITY_INFO_ACCESS_new;
+               CRYPTO_get_mem_debug_options;
+               DES_crypt;
+               PEM_write_bio_X509_REQ_NEW;
+               PEM_write_X509_REQ_NEW;
+               BIO_callback_ctrl;
+               RAND_egd;
+               RAND_status;
+               bn_dump1;
+               DES_check_key_parity;
+               lh_num_items;
+               RAND_event;
+               DSO_new;
+               DSO_new_method;
+               DSO_free;
+               DSO_flags;
+               DSO_up;
+               DSO_set_default_method;
+               DSO_get_default_method;
+               DSO_get_method;
+               DSO_set_method;
+               DSO_load;
+               DSO_bind_var;
+               DSO_METHOD_null;
+               DSO_METHOD_openssl;
+               DSO_METHOD_dlfcn;
+               DSO_METHOD_win32;
+               ERR_load_DSO_strings;
+               DSO_METHOD_dl;
+               NCONF_load;
+               NCONF_load_fp;
+               NCONF_new;
+               NCONF_get_string;
+               NCONF_free;
+               NCONF_get_number;
+               CONF_dump_fp;
+               NCONF_load_bio;
+               NCONF_dump_fp;
+               NCONF_get_section;
+               NCONF_dump_bio;
+               CONF_dump_bio;
+               NCONF_free_data;
+               CONF_set_default_method;
+               ERR_error_string_n;
+               BIO_snprintf;
+               DSO_ctrl;
+               i2d_ASN1_SET_OF_ASN1_INTEGER;
+               i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
+               i2d_ASN1_SET_OF_PKCS7;
+               BIO_vfree;
+               d2i_ASN1_SET_OF_ASN1_INTEGER;
+               d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
+               ASN1_UTCTIME_get;
+               X509_REQ_digest;
+               X509_CRL_digest;
+               d2i_ASN1_SET_OF_PKCS7;
+               EVP_CIPHER_CTX_set_key_length;
+               EVP_CIPHER_CTX_ctrl;
+               BN_mod_exp_mont_word;
+               RAND_egd_bytes;
+               X509_REQ_get1_email;
+               X509_get1_email;
+               X509_email_free;
+               i2d_RSA_NET;
+               d2i_RSA_NET_2;
+               d2i_RSA_NET;
+               DSO_bind_func;
+               CRYPTO_get_new_dynlockid;
+               sk_new_null;
+               CRYPTO_set_dynlock_destroy_callback;
+               CRYPTO_set_dynlock_destroy_cb;
+               CRYPTO_destroy_dynlockid;
+               CRYPTO_set_dynlock_size;
+               CRYPTO_set_dynlock_create_callback;
+               CRYPTO_set_dynlock_create_cb;
+               CRYPTO_set_dynlock_lock_callback;
+               CRYPTO_set_dynlock_lock_cb;
+               CRYPTO_get_dynlock_lock_callback;
+               CRYPTO_get_dynlock_lock_cb;
+               CRYPTO_get_dynlock_destroy_callback;
+               CRYPTO_get_dynlock_destroy_cb;
+               CRYPTO_get_dynlock_value;
+               CRYPTO_get_dynlock_create_callback;
+               CRYPTO_get_dynlock_create_cb;
+               c2i_ASN1_BIT_STRING;
+               i2c_ASN1_BIT_STRING;
+               RAND_poll;
+               c2i_ASN1_INTEGER;
+               i2c_ASN1_INTEGER;
+               BIO_dump_indent;
+               ASN1_parse_dump;
+               c2i_ASN1_OBJECT;
+               X509_NAME_print_ex_fp;
+               ASN1_STRING_print_ex_fp;
+               X509_NAME_print_ex;
+               ASN1_STRING_print_ex;
+               MD4;
+               MD4_Transform;
+               MD4_Final;
+               MD4_Update;
+               MD4_Init;
+               EVP_md4;
+               i2d_PUBKEY_bio;
+               i2d_PUBKEY_fp;
+               d2i_PUBKEY_bio;
+               ASN1_STRING_to_UTF8;
+               BIO_vprintf;
+               BIO_vsnprintf;
+               d2i_PUBKEY_fp;
+               X509_cmp_time;
+               X509_STORE_CTX_set_time;
+               X509_STORE_CTX_get1_issuer;
+               X509_OBJECT_retrieve_match;
+               X509_OBJECT_idx_by_subject;
+               X509_STORE_CTX_set_flags;
+               X509_STORE_CTX_trusted_stack;
+               X509_time_adj;
+               X509_check_issued;
+               ASN1_UTCTIME_cmp_time_t;
+               DES_set_weak_key_flag;
+               DES_check_key;
+               DES_rw_mode;
+               RSA_PKCS1_RSAref;
+               X509_keyid_set1;
+               BIO_next;
+               DSO_METHOD_vms;
+               BIO_f_linebuffer;
+               BN_bntest_rand;
+               OPENSSL_issetugid;
+               BN_rand_range;
+               ERR_load_ENGINE_strings;
+               ENGINE_set_DSA;
+               ENGINE_get_finish_function;
+               ENGINE_get_default_RSA;
+               ENGINE_get_BN_mod_exp;
+               DSA_get_default_openssl_method;
+               ENGINE_set_DH;
+               ENGINE_set_def_BN_mod_exp_crt;
+               ENGINE_set_default_BN_mod_exp_crt;
+               ENGINE_init;
+               DH_get_default_openssl_method;
+               RSA_set_default_openssl_method;
+               ENGINE_finish;
+               ENGINE_load_public_key;
+               ENGINE_get_DH;
+               ENGINE_ctrl;
+               ENGINE_get_init_function;
+               ENGINE_set_init_function;
+               ENGINE_set_default_DSA;
+               ENGINE_get_name;
+               ENGINE_get_last;
+               ENGINE_get_prev;
+               ENGINE_get_default_DH;
+               ENGINE_get_RSA;
+               ENGINE_set_default;
+               ENGINE_get_RAND;
+               ENGINE_get_first;
+               ENGINE_by_id;
+               ENGINE_set_finish_function;
+               ENGINE_get_def_BN_mod_exp_crt;
+               ENGINE_get_default_BN_mod_exp_crt;
+               RSA_get_default_openssl_method;
+               ENGINE_set_RSA;
+               ENGINE_load_private_key;
+               ENGINE_set_default_RAND;
+               ENGINE_set_BN_mod_exp;
+               ENGINE_remove;
+               ENGINE_free;
+               ENGINE_get_BN_mod_exp_crt;
+               ENGINE_get_next;
+               ENGINE_set_name;
+               ENGINE_get_default_DSA;
+               ENGINE_set_default_BN_mod_exp;
+               ENGINE_set_default_RSA;
+               ENGINE_get_default_RAND;
+               ENGINE_get_default_BN_mod_exp;
+               ENGINE_set_RAND;
+               ENGINE_set_id;
+               ENGINE_set_BN_mod_exp_crt;
+               ENGINE_set_default_DH;
+               ENGINE_new;
+               ENGINE_get_id;
+               DSA_set_default_openssl_method;
+               ENGINE_add;
+               DH_set_default_openssl_method;
+               ENGINE_get_DSA;
+               ENGINE_get_ctrl_function;
+               ENGINE_set_ctrl_function;
+               BN_pseudo_rand_range;
+               X509_STORE_CTX_set_verify_cb;
+               ERR_load_COMP_strings;
+               PKCS12_item_decrypt_d2i;
+               ASN1_UTF8STRING_it;
+               ASN1_UTF8STRING_it;
+               ENGINE_unregister_ciphers;
+               ENGINE_get_ciphers;
+               d2i_OCSP_BASICRESP;
+               KRB5_CHECKSUM_it;
+               KRB5_CHECKSUM_it;
+               EC_POINT_add;
+               ASN1_item_ex_i2d;
+               OCSP_CERTID_it;
+               OCSP_CERTID_it;
+               d2i_OCSP_RESPBYTES;
+               X509V3_add1_i2d;
+               PKCS7_ENVELOPE_it;
+               PKCS7_ENVELOPE_it;
+               UI_add_input_boolean;
+               ENGINE_unregister_RSA;
+               X509V3_EXT_nconf;
+               ASN1_GENERALSTRING_free;
+               d2i_OCSP_CERTSTATUS;
+               X509_REVOKED_set_serialNumber;
+               X509_print_ex;
+               OCSP_ONEREQ_get1_ext_d2i;
+               ENGINE_register_all_RAND;
+               ENGINE_load_dynamic;
+               PBKDF2PARAM_it;
+               PBKDF2PARAM_it;
+               EXTENDED_KEY_USAGE_new;
+               EC_GROUP_clear_free;
+               OCSP_sendreq_bio;
+               ASN1_item_digest;
+               OCSP_BASICRESP_delete_ext;
+               OCSP_SIGNATURE_it;
+               OCSP_SIGNATURE_it;
+               X509_CRL_it;
+               X509_CRL_it;
+               OCSP_BASICRESP_add_ext;
+               KRB5_ENCKEY_it;
+               KRB5_ENCKEY_it;
+               UI_method_set_closer;
+               X509_STORE_set_purpose;
+               i2d_ASN1_GENERALSTRING;
+               OCSP_response_status;
+               i2d_OCSP_SERVICELOC;
+               ENGINE_get_digest_engine;
+               EC_GROUP_set_curve_GFp;
+               OCSP_REQUEST_get_ext_by_OBJ;
+               _ossl_old_des_random_key;
+               ASN1_T61STRING_it;
+               ASN1_T61STRING_it;
+               EC_GROUP_method_of;
+               i2d_KRB5_APREQ;
+               _ossl_old_des_encrypt;
+               ASN1_PRINTABLE_new;
+               HMAC_Init_ex;
+               d2i_KRB5_AUTHENT;
+               OCSP_archive_cutoff_new;
+               EC_POINT_set_Jprojective_coordinates_GFp;
+               EC_POINT_set_Jproj_coords_GFp;
+               _ossl_old_des_is_weak_key;
+               OCSP_BASICRESP_get_ext_by_OBJ;
+               EC_POINT_oct2point;
+               OCSP_SINGLERESP_get_ext_count;
+               UI_ctrl;
+               _shadow_DES_rw_mode;
+               _shadow_DES_rw_mode;
+               asn1_do_adb;
+               ASN1_template_i2d;
+               ENGINE_register_DH;
+               UI_construct_prompt;
+               X509_STORE_set_trust;
+               UI_dup_input_string;
+               d2i_KRB5_APREQ;
+               EVP_MD_CTX_copy_ex;
+               OCSP_request_is_signed;
+               i2d_OCSP_REQINFO;
+               KRB5_ENCKEY_free;
+               OCSP_resp_get0;
+               GENERAL_NAME_it;
+               GENERAL_NAME_it;
+               ASN1_GENERALIZEDTIME_it;
+               ASN1_GENERALIZEDTIME_it;
+               X509_STORE_set_flags;
+               EC_POINT_set_compressed_coordinates_GFp;
+               EC_POINT_set_compr_coords_GFp;
+               OCSP_response_status_str;
+               d2i_OCSP_REVOKEDINFO;
+               OCSP_basic_add1_cert;
+               ERR_get_implementation;
+               EVP_CipherFinal_ex;
+               OCSP_CERTSTATUS_new;
+               CRYPTO_cleanup_all_ex_data;
+               OCSP_resp_find;
+               BN_nnmod;
+               X509_CRL_sort;
+               X509_REVOKED_set_revocationDate;
+               ENGINE_register_RAND;
+               OCSP_SERVICELOC_new;
+               EC_POINT_set_affine_coordinates_GFp;
+               EC_POINT_set_affine_coords_GFp;
+               _ossl_old_des_options;
+               SXNET_it;
+               SXNET_it;
+               UI_dup_input_boolean;
+               PKCS12_add_CSPName_asc;
+               EC_POINT_is_at_infinity;
+               ENGINE_load_cryptodev;
+               DSO_convert_filename;
+               POLICYQUALINFO_it;
+               POLICYQUALINFO_it;
+               ENGINE_register_ciphers;
+               BN_mod_lshift_quick;
+               DSO_set_filename;
+               ASN1_item_free;
+               KRB5_TKTBODY_free;
+               AUTHORITY_KEYID_it;
+               AUTHORITY_KEYID_it;
+               KRB5_APREQBODY_new;
+               X509V3_EXT_REQ_add_nconf;
+               ENGINE_ctrl_cmd_string;
+               i2d_OCSP_RESPDATA;
+               EVP_MD_CTX_init;
+               EXTENDED_KEY_USAGE_free;
+               PKCS7_ATTR_SIGN_it;
+               PKCS7_ATTR_SIGN_it;
+               UI_add_error_string;
+               KRB5_CHECKSUM_free;
+               OCSP_REQUEST_get_ext;
+               ENGINE_load_ubsec;
+               ENGINE_register_all_digests;
+               PKEY_USAGE_PERIOD_it;
+               PKEY_USAGE_PERIOD_it;
+               PKCS12_unpack_authsafes;
+               ASN1_item_unpack;
+               NETSCAPE_SPKAC_it;
+               NETSCAPE_SPKAC_it;
+               X509_REVOKED_it;
+               X509_REVOKED_it;
+               ASN1_STRING_encode;
+               EVP_aes_128_ecb;
+               KRB5_AUTHENT_free;
+               OCSP_BASICRESP_get_ext_by_critical;
+               OCSP_BASICRESP_get_ext_by_crit;
+               OCSP_cert_status_str;
+               d2i_OCSP_REQUEST;
+               UI_dup_info_string;
+               _ossl_old_des_xwhite_in2out;
+               PKCS12_it;
+               PKCS12_it;
+               OCSP_SINGLERESP_get_ext_by_critical;
+               OCSP_SINGLERESP_get_ext_by_crit;
+               OCSP_CERTSTATUS_free;
+               _ossl_old_des_crypt;
+               ASN1_item_i2d;
+               EVP_DecryptFinal_ex;
+               ENGINE_load_openssl;
+               ENGINE_get_cmd_defns;
+               ENGINE_set_load_privkey_function;
+               ENGINE_set_load_privkey_fn;
+               EVP_EncryptFinal_ex;
+               ENGINE_set_default_digests;
+               X509_get0_pubkey_bitstr;
+               asn1_ex_i2c;
+               ENGINE_register_RSA;
+               ENGINE_unregister_DSA;
+               _ossl_old_des_key_sched;
+               X509_EXTENSION_it;
+               X509_EXTENSION_it;
+               i2d_KRB5_AUTHENT;
+               SXNETID_it;
+               SXNETID_it;
+               d2i_OCSP_SINGLERESP;
+               EDIPARTYNAME_new;
+               PKCS12_certbag2x509;
+               _ossl_old_des_ofb64_encrypt;
+               d2i_EXTENDED_KEY_USAGE;
+               ERR_print_errors_cb;
+               ENGINE_set_ciphers;
+               d2i_KRB5_APREQBODY;
+               UI_method_get_flusher;
+               X509_PUBKEY_it;
+               X509_PUBKEY_it;
+               _ossl_old_des_enc_read;
+               PKCS7_ENCRYPT_it;
+               PKCS7_ENCRYPT_it;
+               i2d_OCSP_RESPONSE;
+               EC_GROUP_get_cofactor;
+               PKCS12_unpack_p7data;
+               d2i_KRB5_AUTHDATA;
+               OCSP_copy_nonce;
+               KRB5_AUTHDATA_new;
+               OCSP_RESPDATA_new;
+               EC_GFp_mont_method;
+               OCSP_REVOKEDINFO_free;
+               UI_get_ex_data;
+               KRB5_APREQBODY_free;
+               EC_GROUP_get0_generator;
+               UI_get_default_method;
+               X509V3_set_nconf;
+               PKCS12_item_i2d_encrypt;
+               X509_add1_ext_i2d;
+               PKCS7_SIGNER_INFO_it;
+               PKCS7_SIGNER_INFO_it;
+               KRB5_PRINCNAME_new;
+               PKCS12_SAFEBAG_it;
+               PKCS12_SAFEBAG_it;
+               EC_GROUP_get_order;
+               d2i_OCSP_RESPID;
+               OCSP_request_verify;
+               NCONF_get_number_e;
+               _ossl_old_des_decrypt3;
+               X509_signature_print;
+               OCSP_SINGLERESP_free;
+               ENGINE_load_builtin_engines;
+               i2d_OCSP_ONEREQ;
+               OCSP_REQUEST_add_ext;
+               OCSP_RESPBYTES_new;
+               EVP_MD_CTX_create;
+               OCSP_resp_find_status;
+               X509_ALGOR_it;
+               X509_ALGOR_it;
+               ASN1_TIME_it;
+               ASN1_TIME_it;
+               OCSP_request_set1_name;
+               OCSP_ONEREQ_get_ext_count;
+               UI_get0_result;
+               PKCS12_AUTHSAFES_it;
+               PKCS12_AUTHSAFES_it;
+               EVP_aes_256_ecb;
+               PKCS12_pack_authsafes;
+               ASN1_IA5STRING_it;
+               ASN1_IA5STRING_it;
+               UI_get_input_flags;
+               EC_GROUP_set_generator;
+               _ossl_old_des_string_to_2keys;
+               OCSP_CERTID_free;
+               X509_CERT_AUX_it;
+               X509_CERT_AUX_it;
+               CERTIFICATEPOLICIES_it;
+               CERTIFICATEPOLICIES_it;
+               _ossl_old_des_ede3_cbc_encrypt;
+               RAND_set_rand_engine;
+               DSO_get_loaded_filename;
+               X509_ATTRIBUTE_it;
+               X509_ATTRIBUTE_it;
+               OCSP_ONEREQ_get_ext_by_NID;
+               PKCS12_decrypt_skey;
+               KRB5_AUTHENT_it;
+               KRB5_AUTHENT_it;
+               UI_dup_error_string;
+               RSAPublicKey_it;
+               RSAPublicKey_it;
+               i2d_OCSP_REQUEST;
+               PKCS12_x509crl2certbag;
+               OCSP_SERVICELOC_it;
+               OCSP_SERVICELOC_it;
+               ASN1_item_sign;
+               X509_CRL_set_issuer_name;
+               OBJ_NAME_do_all_sorted;
+               i2d_OCSP_BASICRESP;
+               i2d_OCSP_RESPBYTES;
+               PKCS12_unpack_p7encdata;
+               HMAC_CTX_init;
+               ENGINE_get_digest;
+               OCSP_RESPONSE_print;
+               KRB5_TKTBODY_it;
+               KRB5_TKTBODY_it;
+               ACCESS_DESCRIPTION_it;
+               ACCESS_DESCRIPTION_it;
+               PKCS7_ISSUER_AND_SERIAL_it;
+               PKCS7_ISSUER_AND_SERIAL_it;
+               PBE2PARAM_it;
+               PBE2PARAM_it;
+               PKCS12_certbag2x509crl;
+               PKCS7_SIGNED_it;
+               PKCS7_SIGNED_it;
+               ENGINE_get_cipher;
+               i2d_OCSP_CRLID;
+               OCSP_SINGLERESP_new;
+               ENGINE_cmd_is_executable;
+               RSA_up_ref;
+               ASN1_GENERALSTRING_it;
+               ASN1_GENERALSTRING_it;
+               ENGINE_register_DSA;
+               X509V3_EXT_add_nconf_sk;
+               ENGINE_set_load_pubkey_function;
+               PKCS8_decrypt;
+               PEM_bytes_read_bio;
+               DIRECTORYSTRING_it;
+               DIRECTORYSTRING_it;
+               d2i_OCSP_CRLID;
+               EC_POINT_is_on_curve;
+               CRYPTO_set_locked_mem_ex_functions;
+               CRYPTO_set_locked_mem_ex_funcs;
+               d2i_KRB5_CHECKSUM;
+               ASN1_item_dup;
+               X509_it;
+               X509_it;
+               BN_mod_add;
+               KRB5_AUTHDATA_free;
+               _ossl_old_des_cbc_cksum;
+               ASN1_item_verify;
+               CRYPTO_set_mem_ex_functions;
+               EC_POINT_get_Jprojective_coordinates_GFp;
+               EC_POINT_get_Jproj_coords_GFp;
+               ZLONG_it;
+               ZLONG_it;
+               CRYPTO_get_locked_mem_ex_functions;
+               CRYPTO_get_locked_mem_ex_funcs;
+               ASN1_TIME_check;
+               UI_get0_user_data;
+               HMAC_CTX_cleanup;
+               DSA_up_ref;
+               _ossl_old_des_ede3_cfb64_encrypt;
+               _ossl_odes_ede3_cfb64_encrypt;
+               ASN1_BMPSTRING_it;
+               ASN1_BMPSTRING_it;
+               ASN1_tag2bit;
+               UI_method_set_flusher;
+               X509_ocspid_print;
+               KRB5_ENCDATA_it;
+               KRB5_ENCDATA_it;
+               ENGINE_get_load_pubkey_function;
+               UI_add_user_data;
+               OCSP_REQUEST_delete_ext;
+               UI_get_method;
+               OCSP_ONEREQ_free;
+               ASN1_PRINTABLESTRING_it;
+               ASN1_PRINTABLESTRING_it;
+               X509_CRL_set_nextUpdate;
+               OCSP_REQUEST_it;
+               OCSP_REQUEST_it;
+               OCSP_BASICRESP_it;
+               OCSP_BASICRESP_it;
+               AES_ecb_encrypt;
+               BN_mod_sqr;
+               NETSCAPE_CERT_SEQUENCE_it;
+               NETSCAPE_CERT_SEQUENCE_it;
+               GENERAL_NAMES_it;
+               GENERAL_NAMES_it;
+               AUTHORITY_INFO_ACCESS_it;
+               AUTHORITY_INFO_ACCESS_it;
+               ASN1_FBOOLEAN_it;
+               ASN1_FBOOLEAN_it;
+               UI_set_ex_data;
+               _ossl_old_des_string_to_key;
+               ENGINE_register_all_RSA;
+               d2i_KRB5_PRINCNAME;
+               OCSP_RESPBYTES_it;
+               OCSP_RESPBYTES_it;
+               X509_CINF_it;
+               X509_CINF_it;
+               ENGINE_unregister_digests;
+               d2i_EDIPARTYNAME;
+               d2i_OCSP_SERVICELOC;
+               ENGINE_get_digests;
+               _ossl_old_des_set_odd_parity;
+               OCSP_RESPDATA_free;
+               d2i_KRB5_TICKET;
+               OTHERNAME_it;
+               OTHERNAME_it;
+               EVP_MD_CTX_cleanup;
+               d2i_ASN1_GENERALSTRING;
+               X509_CRL_set_version;
+               BN_mod_sub;
+               OCSP_SINGLERESP_get_ext_by_NID;
+               ENGINE_get_ex_new_index;
+               OCSP_REQUEST_free;
+               OCSP_REQUEST_add1_ext_i2d;
+               X509_VAL_it;
+               X509_VAL_it;
+               EC_POINTs_make_affine;
+               EC_POINT_mul;
+               X509V3_EXT_add_nconf;
+               X509_TRUST_set;
+               X509_CRL_add1_ext_i2d;
+               _ossl_old_des_fcrypt;
+               DISPLAYTEXT_it;
+               DISPLAYTEXT_it;
+               X509_CRL_set_lastUpdate;
+               OCSP_BASICRESP_free;
+               OCSP_BASICRESP_add1_ext_i2d;
+               d2i_KRB5_AUTHENTBODY;
+               CRYPTO_set_ex_data_implementation;
+               CRYPTO_set_ex_data_impl;
+               KRB5_ENCDATA_new;
+               DSO_up_ref;
+               OCSP_crl_reason_str;
+               UI_get0_result_string;
+               ASN1_GENERALSTRING_new;
+               X509_SIG_it;
+               X509_SIG_it;
+               ERR_set_implementation;
+               ERR_load_EC_strings;
+               UI_get0_action_string;
+               OCSP_ONEREQ_get_ext;
+               EC_POINT_method_of;
+               i2d_KRB5_APREQBODY;
+               _ossl_old_des_ecb3_encrypt;
+               CRYPTO_get_mem_ex_functions;
+               ENGINE_get_ex_data;
+               UI_destroy_method;
+               ASN1_item_i2d_bio;
+               OCSP_ONEREQ_get_ext_by_OBJ;
+               ASN1_primitive_new;
+               ASN1_PRINTABLE_it;
+               ASN1_PRINTABLE_it;
+               EVP_aes_192_ecb;
+               OCSP_SIGNATURE_new;
+               LONG_it;
+               LONG_it;
+               ASN1_VISIBLESTRING_it;
+               ASN1_VISIBLESTRING_it;
+               OCSP_SINGLERESP_add1_ext_i2d;
+               d2i_OCSP_CERTID;
+               ASN1_item_d2i_fp;
+               CRL_DIST_POINTS_it;
+               CRL_DIST_POINTS_it;
+               GENERAL_NAME_print;
+               OCSP_SINGLERESP_delete_ext;
+               PKCS12_SAFEBAGS_it;
+               PKCS12_SAFEBAGS_it;
+               d2i_OCSP_SIGNATURE;
+               OCSP_request_add1_nonce;
+               ENGINE_set_cmd_defns;
+               OCSP_SERVICELOC_free;
+               EC_GROUP_free;
+               ASN1_BIT_STRING_it;
+               ASN1_BIT_STRING_it;
+               X509_REQ_it;
+               X509_REQ_it;
+               _ossl_old_des_cbc_encrypt;
+               ERR_unload_strings;
+               PKCS7_SIGN_ENVELOPE_it;
+               PKCS7_SIGN_ENVELOPE_it;
+               EDIPARTYNAME_free;
+               OCSP_REQINFO_free;
+               EC_GROUP_new_curve_GFp;
+               OCSP_REQUEST_get1_ext_d2i;
+               PKCS12_item_pack_safebag;
+               asn1_ex_c2i;
+               ENGINE_register_digests;
+               i2d_OCSP_REVOKEDINFO;
+               asn1_enc_restore;
+               UI_free;
+               UI_new_method;
+               EVP_EncryptInit_ex;
+               X509_pubkey_digest;
+               EC_POINT_invert;
+               OCSP_basic_sign;
+               i2d_OCSP_RESPID;
+               OCSP_check_nonce;
+               ENGINE_ctrl_cmd;
+               d2i_KRB5_ENCKEY;
+               OCSP_parse_url;
+               OCSP_SINGLERESP_get_ext;
+               OCSP_CRLID_free;
+               OCSP_BASICRESP_get1_ext_d2i;
+               RSAPrivateKey_it;
+               RSAPrivateKey_it;
+               ENGINE_register_all_DH;
+               i2d_EDIPARTYNAME;
+               EC_POINT_get_affine_coordinates_GFp;
+               EC_POINT_get_affine_coords_GFp;
+               OCSP_CRLID_new;
+               ENGINE_get_flags;
+               OCSP_ONEREQ_it;
+               OCSP_ONEREQ_it;
+               UI_process;
+               ASN1_INTEGER_it;
+               ASN1_INTEGER_it;
+               EVP_CipherInit_ex;
+               UI_get_string_type;
+               ENGINE_unregister_DH;
+               ENGINE_register_all_DSA;
+               OCSP_ONEREQ_get_ext_by_critical;
+               bn_dup_expand;
+               OCSP_cert_id_new;
+               BASIC_CONSTRAINTS_it;
+               BASIC_CONSTRAINTS_it;
+               BN_mod_add_quick;
+               EC_POINT_new;
+               EVP_MD_CTX_destroy;
+               OCSP_RESPBYTES_free;
+               EVP_aes_128_cbc;
+               OCSP_SINGLERESP_get1_ext_d2i;
+               EC_POINT_free;
+               DH_up_ref;
+               X509_NAME_ENTRY_it;
+               X509_NAME_ENTRY_it;
+               UI_get_ex_new_index;
+               BN_mod_sub_quick;
+               OCSP_ONEREQ_add_ext;
+               OCSP_request_sign;
+               EVP_DigestFinal_ex;
+               ENGINE_set_digests;
+               OCSP_id_issuer_cmp;
+               OBJ_NAME_do_all;
+               EC_POINTs_mul;
+               ENGINE_register_complete;
+               X509V3_EXT_nconf_nid;
+               ASN1_SEQUENCE_it;
+               ASN1_SEQUENCE_it;
+               UI_set_default_method;
+               RAND_query_egd_bytes;
+               UI_method_get_writer;
+               UI_OpenSSL;
+               PEM_def_callback;
+               ENGINE_cleanup;
+               DIST_POINT_it;
+               DIST_POINT_it;
+               OCSP_SINGLERESP_it;
+               OCSP_SINGLERESP_it;
+               d2i_KRB5_TKTBODY;
+               EC_POINT_cmp;
+               OCSP_REVOKEDINFO_new;
+               i2d_OCSP_CERTSTATUS;
+               OCSP_basic_add1_nonce;
+               ASN1_item_ex_d2i;
+               BN_mod_lshift1_quick;
+               UI_set_method;
+               OCSP_id_get0_info;
+               BN_mod_sqrt;
+               EC_GROUP_copy;
+               KRB5_ENCDATA_free;
+               _ossl_old_des_cfb_encrypt;
+               OCSP_SINGLERESP_get_ext_by_OBJ;
+               OCSP_cert_to_id;
+               OCSP_RESPID_new;
+               OCSP_RESPDATA_it;
+               OCSP_RESPDATA_it;
+               d2i_OCSP_RESPDATA;
+               ENGINE_register_all_complete;
+               OCSP_check_validity;
+               PKCS12_BAGS_it;
+               PKCS12_BAGS_it;
+               OCSP_url_svcloc_new;
+               ASN1_template_free;
+               OCSP_SINGLERESP_add_ext;
+               KRB5_AUTHENTBODY_it;
+               KRB5_AUTHENTBODY_it;
+               X509_supported_extension;
+               i2d_KRB5_AUTHDATA;
+               UI_method_get_opener;
+               ENGINE_set_ex_data;
+               OCSP_REQUEST_print;
+               CBIGNUM_it;
+               CBIGNUM_it;
+               KRB5_TICKET_new;
+               KRB5_APREQ_new;
+               EC_GROUP_get_curve_GFp;
+               KRB5_ENCKEY_new;
+               ASN1_template_d2i;
+               _ossl_old_des_quad_cksum;
+               OCSP_single_get0_status;
+               BN_swap;
+               POLICYINFO_it;
+               POLICYINFO_it;
+               ENGINE_set_destroy_function;
+               asn1_enc_free;
+               OCSP_RESPID_it;
+               OCSP_RESPID_it;
+               EC_GROUP_new;
+               EVP_aes_256_cbc;
+               i2d_KRB5_PRINCNAME;
+               _ossl_old_des_encrypt2;
+               _ossl_old_des_encrypt3;
+               PKCS8_PRIV_KEY_INFO_it;
+               PKCS8_PRIV_KEY_INFO_it;
+               OCSP_REQINFO_it;
+               OCSP_REQINFO_it;
+               PBEPARAM_it;
+               PBEPARAM_it;
+               KRB5_AUTHENTBODY_new;
+               X509_CRL_add0_revoked;
+               EDIPARTYNAME_it;
+               EDIPARTYNAME_it;
+               NETSCAPE_SPKI_it;
+               NETSCAPE_SPKI_it;
+               UI_get0_test_string;
+               ENGINE_get_cipher_engine;
+               ENGINE_register_all_ciphers;
+               EC_POINT_copy;
+               BN_kronecker;
+               _ossl_old_des_ede3_ofb64_encrypt;
+               _ossl_odes_ede3_ofb64_encrypt;
+               UI_method_get_reader;
+               OCSP_BASICRESP_get_ext_count;
+               ASN1_ENUMERATED_it;
+               ASN1_ENUMERATED_it;
+               UI_set_result;
+               i2d_KRB5_TICKET;
+               X509_print_ex_fp;
+               EVP_CIPHER_CTX_set_padding;
+               d2i_OCSP_RESPONSE;
+               ASN1_UTCTIME_it;
+               ASN1_UTCTIME_it;
+               _ossl_old_des_enc_write;
+               OCSP_RESPONSE_new;
+               AES_set_encrypt_key;
+               OCSP_resp_count;
+               KRB5_CHECKSUM_new;
+               ENGINE_load_cswift;
+               OCSP_onereq_get0_id;
+               ENGINE_set_default_ciphers;
+               NOTICEREF_it;
+               NOTICEREF_it;
+               X509V3_EXT_CRL_add_nconf;
+               OCSP_REVOKEDINFO_it;
+               OCSP_REVOKEDINFO_it;
+               AES_encrypt;
+               OCSP_REQUEST_new;
+               ASN1_ANY_it;
+               ASN1_ANY_it;
+               CRYPTO_ex_data_new_class;
+               _ossl_old_des_ncbc_encrypt;
+               i2d_KRB5_TKTBODY;
+               EC_POINT_clear_free;
+               AES_decrypt;
+               asn1_enc_init;
+               UI_get_result_maxsize;
+               OCSP_CERTID_new;
+               ENGINE_unregister_RAND;
+               UI_method_get_closer;
+               d2i_KRB5_ENCDATA;
+               OCSP_request_onereq_count;
+               OCSP_basic_verify;
+               KRB5_AUTHENTBODY_free;
+               ASN1_item_d2i;
+               ASN1_primitive_free;
+               i2d_EXTENDED_KEY_USAGE;
+               i2d_OCSP_SIGNATURE;
+               asn1_enc_save;
+               ENGINE_load_nuron;
+               _ossl_old_des_pcbc_encrypt;
+               PKCS12_MAC_DATA_it;
+               PKCS12_MAC_DATA_it;
+               OCSP_accept_responses_new;
+               asn1_do_lock;
+               PKCS7_ATTR_VERIFY_it;
+               PKCS7_ATTR_VERIFY_it;
+               KRB5_APREQBODY_it;
+               KRB5_APREQBODY_it;
+               i2d_OCSP_SINGLERESP;
+               ASN1_item_ex_new;
+               UI_add_verify_string;
+               _ossl_old_des_set_key;
+               KRB5_PRINCNAME_it;
+               KRB5_PRINCNAME_it;
+               EVP_DecryptInit_ex;
+               i2d_OCSP_CERTID;
+               ASN1_item_d2i_bio;
+               EC_POINT_dbl;
+               asn1_get_choice_selector;
+               i2d_KRB5_CHECKSUM;
+               ENGINE_set_table_flags;
+               AES_options;
+               ENGINE_load_chil;
+               OCSP_id_cmp;
+               OCSP_BASICRESP_new;
+               OCSP_REQUEST_get_ext_by_NID;
+               KRB5_APREQ_it;
+               KRB5_APREQ_it;
+               ENGINE_get_destroy_function;
+               CONF_set_nconf;
+               ASN1_PRINTABLE_free;
+               OCSP_BASICRESP_get_ext_by_NID;
+               DIST_POINT_NAME_it;
+               DIST_POINT_NAME_it;
+               X509V3_extensions_print;
+               _ossl_old_des_cfb64_encrypt;
+               X509_REVOKED_add1_ext_i2d;
+               _ossl_old_des_ofb_encrypt;
+               KRB5_TKTBODY_new;
+               ASN1_OCTET_STRING_it;
+               ASN1_OCTET_STRING_it;
+               ERR_load_UI_strings;
+               i2d_KRB5_ENCKEY;
+               ASN1_template_new;
+               OCSP_SIGNATURE_free;
+               ASN1_item_i2d_fp;
+               KRB5_PRINCNAME_free;
+               PKCS7_RECIP_INFO_it;
+               PKCS7_RECIP_INFO_it;
+               EXTENDED_KEY_USAGE_it;
+               EXTENDED_KEY_USAGE_it;
+               EC_GFp_simple_method;
+               EC_GROUP_precompute_mult;
+               OCSP_request_onereq_get0;
+               UI_method_set_writer;
+               KRB5_AUTHENT_new;
+               X509_CRL_INFO_it;
+               X509_CRL_INFO_it;
+               DSO_set_name_converter;
+               AES_set_decrypt_key;
+               PKCS7_DIGEST_it;
+               PKCS7_DIGEST_it;
+               PKCS12_x5092certbag;
+               EVP_DigestInit_ex;
+               i2a_ACCESS_DESCRIPTION;
+               OCSP_RESPONSE_it;
+               OCSP_RESPONSE_it;
+               PKCS7_ENC_CONTENT_it;
+               PKCS7_ENC_CONTENT_it;
+               OCSP_request_add0_id;
+               EC_POINT_make_affine;
+               DSO_get_filename;
+               OCSP_CERTSTATUS_it;
+               OCSP_CERTSTATUS_it;
+               OCSP_request_add1_cert;
+               UI_get0_output_string;
+               UI_dup_verify_string;
+               BN_mod_lshift;
+               KRB5_AUTHDATA_it;
+               KRB5_AUTHDATA_it;
+               asn1_set_choice_selector;
+               OCSP_basic_add1_status;
+               OCSP_RESPID_free;
+               asn1_get_field_ptr;
+               UI_add_input_string;
+               OCSP_CRLID_it;
+               OCSP_CRLID_it;
+               i2d_KRB5_AUTHENTBODY;
+               OCSP_REQUEST_get_ext_count;
+               ENGINE_load_atalla;
+               X509_NAME_it;
+               X509_NAME_it;
+               USERNOTICE_it;
+               USERNOTICE_it;
+               OCSP_REQINFO_new;
+               OCSP_BASICRESP_get_ext;
+               CRYPTO_get_ex_data_implementation;
+               CRYPTO_get_ex_data_impl;
+               ASN1_item_pack;
+               i2d_KRB5_ENCDATA;
+               X509_PURPOSE_set;
+               X509_REQ_INFO_it;
+               X509_REQ_INFO_it;
+               UI_method_set_opener;
+               ASN1_item_ex_free;
+               ASN1_BOOLEAN_it;
+               ASN1_BOOLEAN_it;
+               ENGINE_get_table_flags;
+               UI_create_method;
+               OCSP_ONEREQ_add1_ext_i2d;
+               _shadow_DES_check_key;
+               _shadow_DES_check_key;
+               d2i_OCSP_REQINFO;
+               UI_add_info_string;
+               UI_get_result_minsize;
+               ASN1_NULL_it;
+               ASN1_NULL_it;
+               BN_mod_lshift1;
+               d2i_OCSP_ONEREQ;
+               OCSP_ONEREQ_new;
+               KRB5_TICKET_it;
+               KRB5_TICKET_it;
+               EVP_aes_192_cbc;
+               KRB5_TICKET_free;
+               UI_new;
+               OCSP_response_create;
+               _ossl_old_des_xcbc_encrypt;
+               PKCS7_it;
+               PKCS7_it;
+               OCSP_REQUEST_get_ext_by_critical;
+               OCSP_REQUEST_get_ext_by_crit;
+               ENGINE_set_flags;
+               _ossl_old_des_ecb_encrypt;
+               OCSP_response_get1_basic;
+               EVP_Digest;
+               OCSP_ONEREQ_delete_ext;
+               ASN1_TBOOLEAN_it;
+               ASN1_TBOOLEAN_it;
+               ASN1_item_new;
+               ASN1_TIME_to_generalizedtime;
+               BIGNUM_it;
+               BIGNUM_it;
+               AES_cbc_encrypt;
+               ENGINE_get_load_privkey_function;
+               ENGINE_get_load_privkey_fn;
+               OCSP_RESPONSE_free;
+               UI_method_set_reader;
+               i2d_ASN1_T61STRING;
+               EC_POINT_set_to_infinity;
+               ERR_load_OCSP_strings;
+               EC_POINT_point2oct;
+               KRB5_APREQ_free;
+               ASN1_OBJECT_it;
+               ASN1_OBJECT_it;
+               OCSP_crlID_new;
+               OCSP_crlID2_new;
+               CONF_modules_load_file;
+               CONF_imodule_set_usr_data;
+               ENGINE_set_default_string;
+               CONF_module_get_usr_data;
+               ASN1_add_oid_module;
+               CONF_modules_finish;
+               OPENSSL_config;
+               CONF_modules_unload;
+               CONF_imodule_get_value;
+               CONF_module_set_usr_data;
+               CONF_parse_list;
+               CONF_module_add;
+               CONF_get1_default_config_file;
+               CONF_imodule_get_flags;
+               CONF_imodule_get_module;
+               CONF_modules_load;
+               CONF_imodule_get_name;
+               ERR_peek_top_error;
+               CONF_imodule_get_usr_data;
+               CONF_imodule_set_flags;
+               ENGINE_add_conf_module;
+               ERR_peek_last_error_line;
+               ERR_peek_last_error_line_data;
+               ERR_peek_last_error;
+               DES_read_2passwords;
+               DES_read_password;
+               UI_UTIL_read_pw;
+               UI_UTIL_read_pw_string;
+               ENGINE_load_aep;
+               ENGINE_load_sureware;
+               OPENSSL_add_all_algorithms_noconf;
+               OPENSSL_add_all_algo_noconf;
+               OPENSSL_add_all_algorithms_conf;
+               OPENSSL_add_all_algo_conf;
+               OPENSSL_load_builtin_modules;
+               AES_ofb128_encrypt;
+               AES_ctr128_encrypt;
+               AES_cfb128_encrypt;
+               ENGINE_load_4758cca;
+               _ossl_096_des_random_seed;
+               EVP_aes_256_ofb;
+               EVP_aes_192_ofb;
+               EVP_aes_128_cfb128;
+               EVP_aes_256_cfb128;
+               EVP_aes_128_ofb;
+               EVP_aes_192_cfb128;
+               CONF_modules_free;
+               NCONF_default;
+               OPENSSL_no_config;
+               NCONF_WIN32;
+               ASN1_UNIVERSALSTRING_new;
+               EVP_des_ede_ecb;
+               i2d_ASN1_UNIVERSALSTRING;
+               ASN1_UNIVERSALSTRING_free;
+               ASN1_UNIVERSALSTRING_it;
+               ASN1_UNIVERSALSTRING_it;
+               d2i_ASN1_UNIVERSALSTRING;
+               EVP_des_ede3_ecb;
+               X509_REQ_print_ex;
+               ENGINE_up_ref;
+               BUF_MEM_grow_clean;
+               CRYPTO_realloc_clean;
+               BUF_strlcat;
+               BIO_indent;
+               BUF_strlcpy;
+               OpenSSLDie;
+               OPENSSL_cleanse;
+               ENGINE_setup_bsd_cryptodev;
+               ERR_release_err_state_table;
+               EVP_aes_128_cfb8;
+               FIPS_corrupt_rsa;
+               FIPS_selftest_des;
+               EVP_aes_128_cfb1;
+               EVP_aes_192_cfb8;
+               FIPS_mode_set;
+               FIPS_selftest_dsa;
+               EVP_aes_256_cfb8;
+               FIPS_allow_md5;
+               DES_ede3_cfb_encrypt;
+               EVP_des_ede3_cfb8;
+               FIPS_rand_seeded;
+               AES_cfbr_encrypt_block;
+               AES_cfb8_encrypt;
+               FIPS_rand_seed;
+               FIPS_corrupt_des;
+               EVP_aes_192_cfb1;
+               FIPS_selftest_aes;
+               FIPS_set_prng_key;
+               EVP_des_cfb8;
+               FIPS_corrupt_dsa;
+               FIPS_test_mode;
+               FIPS_rand_method;
+               EVP_aes_256_cfb1;
+               ERR_load_FIPS_strings;
+               FIPS_corrupt_aes;
+               FIPS_selftest_sha1;
+               FIPS_selftest_rsa;
+               FIPS_corrupt_sha1;
+               EVP_des_cfb1;
+               FIPS_dsa_check;
+               AES_cfb1_encrypt;
+               EVP_des_ede3_cfb1;
+               FIPS_rand_check;
+               FIPS_md5_allowed;
+               FIPS_mode;
+               FIPS_selftest_failed;
+               sk_is_sorted;
+               X509_check_ca;
+               HMAC_CTX_set_flags;
+               d2i_PROXY_CERT_INFO_EXTENSION;
+               PROXY_POLICY_it;
+               PROXY_POLICY_it;
+               i2d_PROXY_POLICY;
+               i2d_PROXY_CERT_INFO_EXTENSION;
+               d2i_PROXY_POLICY;
+               PROXY_CERT_INFO_EXTENSION_new;
+               PROXY_CERT_INFO_EXTENSION_free;
+               PROXY_CERT_INFO_EXTENSION_it;
+               PROXY_CERT_INFO_EXTENSION_it;
+               PROXY_POLICY_free;
+               PROXY_POLICY_new;
+               BN_MONT_CTX_set_locked;
+               FIPS_selftest_rng;
+               EVP_sha384;
+               EVP_sha512;
+               EVP_sha224;
+               EVP_sha256;
+               FIPS_selftest_hmac;
+               FIPS_corrupt_rng;
+               BN_mod_exp_mont_consttime;
+               RSA_X931_hash_id;
+               RSA_padding_check_X931;
+               RSA_verify_PKCS1_PSS;
+               RSA_padding_add_X931;
+               RSA_padding_add_PKCS1_PSS;
+               PKCS1_MGF1;
+               BN_X931_generate_Xpq;
+               RSA_X931_generate_key;
+               BN_X931_derive_prime;
+               BN_X931_generate_prime;
+               RSA_X931_derive;
+               BIO_new_dgram;
+               BN_get0_nist_prime_384;
+               ERR_set_mark;
+               X509_STORE_CTX_set0_crls;
+               ENGINE_set_STORE;
+               ENGINE_register_ECDSA;
+               STORE_meth_set_list_start_fn;
+               STORE_method_set_list_start_function;
+               BN_BLINDING_invert_ex;
+               NAME_CONSTRAINTS_free;
+               STORE_ATTR_INFO_set_number;
+               BN_BLINDING_get_thread_id;
+               X509_STORE_CTX_set0_param;
+               POLICY_MAPPING_it;
+               POLICY_MAPPING_it;
+               STORE_parse_attrs_start;
+               POLICY_CONSTRAINTS_free;
+               EVP_PKEY_add1_attr_by_NID;
+               BN_nist_mod_192;
+               EC_GROUP_get_trinomial_basis;
+               STORE_set_method;
+               GENERAL_SUBTREE_free;
+               NAME_CONSTRAINTS_it;
+               NAME_CONSTRAINTS_it;
+               ECDH_get_default_method;
+               PKCS12_add_safe;
+               EC_KEY_new_by_curve_name;
+               STORE_meth_get_update_store_fn;
+               STORE_method_get_update_store_function;
+               ENGINE_register_ECDH;
+               SHA512_Update;
+               i2d_ECPrivateKey;
+               BN_get0_nist_prime_192;
+               STORE_modify_certificate;
+               EC_POINT_set_affine_coordinates_GF2m;
+               EC_POINT_set_affine_coords_GF2m;
+               BN_GF2m_mod_exp_arr;
+               STORE_ATTR_INFO_modify_number;
+               X509_keyid_get0;
+               ENGINE_load_gmp;
+               pitem_new;
+               BN_GF2m_mod_mul_arr;
+               STORE_list_public_key_endp;
+               o2i_ECPublicKey;
+               EC_KEY_copy;
+               BIO_dump_fp;
+               X509_policy_node_get0_parent;
+               EC_GROUP_check_discriminant;
+               i2o_ECPublicKey;
+               EC_KEY_precompute_mult;
+               a2i_IPADDRESS;
+               STORE_meth_set_initialise_fn;
+               STORE_method_set_initialise_function;
+               X509_STORE_CTX_set_depth;
+               X509_VERIFY_PARAM_inherit;
+               EC_POINT_point2bn;
+               STORE_ATTR_INFO_set_dn;
+               X509_policy_tree_get0_policies;
+               EC_GROUP_new_curve_GF2m;
+               STORE_destroy_method;
+               ENGINE_unregister_STORE;
+               EVP_PKEY_get1_EC_KEY;
+               STORE_ATTR_INFO_get0_number;
+               ENGINE_get_default_ECDH;
+               EC_KEY_get_conv_form;
+               ASN1_OCTET_STRING_NDEF_it;
+               ASN1_OCTET_STRING_NDEF_it;
+               STORE_delete_public_key;
+               STORE_get_public_key;
+               STORE_modify_arbitrary;
+               ENGINE_get_static_state;
+               pqueue_iterator;
+               ECDSA_SIG_new;
+               OPENSSL_DIR_end;
+               BN_GF2m_mod_sqr;
+               EC_POINT_bn2point;
+               X509_VERIFY_PARAM_set_depth;
+               EC_KEY_set_asn1_flag;
+               STORE_get_method;
+               EC_KEY_get_key_method_data;
+               ECDSA_sign_ex;
+               STORE_parse_attrs_end;
+               EC_GROUP_get_point_conversion_form;
+               EC_GROUP_get_point_conv_form;
+               STORE_method_set_store_function;
+               STORE_ATTR_INFO_in;
+               PEM_read_bio_ECPKParameters;
+               EC_GROUP_get_pentanomial_basis;
+               EVP_PKEY_add1_attr_by_txt;
+               BN_BLINDING_set_flags;
+               X509_VERIFY_PARAM_set1_policies;
+               X509_VERIFY_PARAM_set1_name;
+               X509_VERIFY_PARAM_set_purpose;
+               STORE_get_number;
+               ECDSA_sign_setup;
+               BN_GF2m_mod_solve_quad_arr;
+               EC_KEY_up_ref;
+               POLICY_MAPPING_free;
+               BN_GF2m_mod_div;
+               X509_VERIFY_PARAM_set_flags;
+               EC_KEY_free;
+               STORE_meth_set_list_next_fn;
+               STORE_method_set_list_next_function;
+               PEM_write_bio_ECPrivateKey;
+               d2i_EC_PUBKEY;
+               STORE_meth_get_generate_fn;
+               STORE_method_get_generate_function;
+               STORE_meth_set_list_end_fn;
+               STORE_method_set_list_end_function;
+               pqueue_print;
+               EC_GROUP_have_precompute_mult;
+               EC_KEY_print_fp;
+               BN_GF2m_mod_arr;
+               PEM_write_bio_X509_CERT_PAIR;
+               EVP_PKEY_cmp;
+               X509_policy_level_node_count;
+               STORE_new_engine;
+               STORE_list_public_key_start;
+               X509_VERIFY_PARAM_new;
+               ECDH_get_ex_data;
+               EVP_PKEY_get_attr;
+               ECDSA_do_sign;
+               ENGINE_unregister_ECDH;
+               ECDH_OpenSSL;
+               EC_KEY_set_conv_form;
+               EC_POINT_dup;
+               GENERAL_SUBTREE_new;
+               STORE_list_crl_endp;
+               EC_get_builtin_curves;
+               X509_policy_node_get0_qualifiers;
+               X509_pcy_node_get0_qualifiers;
+               STORE_list_crl_end;
+               EVP_PKEY_set1_EC_KEY;
+               BN_GF2m_mod_sqrt_arr;
+               i2d_ECPrivateKey_bio;
+               ECPKParameters_print_fp;
+               pqueue_find;
+               ECDSA_SIG_free;
+               PEM_write_bio_ECPKParameters;
+               STORE_method_set_ctrl_function;
+               STORE_list_public_key_end;
+               EC_KEY_set_private_key;
+               pqueue_peek;
+               STORE_get_arbitrary;
+               STORE_store_crl;
+               X509_policy_node_get0_policy;
+               PKCS12_add_safes;
+               BN_BLINDING_convert_ex;
+               X509_policy_tree_free;
+               OPENSSL_ia32cap_loc;
+               BN_GF2m_poly2arr;
+               STORE_ctrl;
+               STORE_ATTR_INFO_compare;
+               BN_get0_nist_prime_224;
+               i2d_ECParameters;
+               i2d_ECPKParameters;
+               BN_GENCB_call;
+               d2i_ECPKParameters;
+               STORE_meth_set_generate_fn;
+               STORE_method_set_generate_function;
+               ENGINE_set_ECDH;
+               NAME_CONSTRAINTS_new;
+               SHA256_Init;
+               EC_KEY_get0_public_key;
+               PEM_write_bio_EC_PUBKEY;
+               STORE_ATTR_INFO_set_cstr;
+               STORE_list_crl_next;
+               STORE_ATTR_INFO_in_range;
+               ECParameters_print;
+               STORE_meth_set_delete_fn;
+               STORE_method_set_delete_function;
+               STORE_list_certificate_next;
+               ASN1_generate_nconf;
+               BUF_memdup;
+               BN_GF2m_mod_mul;
+               STORE_meth_get_list_next_fn;
+               STORE_method_get_list_next_function;
+               STORE_ATTR_INFO_get0_dn;
+               STORE_list_private_key_next;
+               EC_GROUP_set_seed;
+               X509_VERIFY_PARAM_set_trust;
+               STORE_ATTR_INFO_free;
+               STORE_get_private_key;
+               EVP_PKEY_get_attr_count;
+               STORE_ATTR_INFO_new;
+               EC_GROUP_get_curve_GF2m;
+               STORE_meth_set_revoke_fn;
+               STORE_method_set_revoke_function;
+               STORE_store_number;
+               BN_is_prime_ex;
+               STORE_revoke_public_key;
+               X509_STORE_CTX_get0_param;
+               STORE_delete_arbitrary;
+               PEM_read_X509_CERT_PAIR;
+               X509_STORE_set_depth;
+               ECDSA_get_ex_data;
+               SHA224;
+               BIO_dump_indent_fp;
+               EC_KEY_set_group;
+               BUF_strndup;
+               STORE_list_certificate_start;
+               BN_GF2m_mod;
+               X509_REQ_check_private_key;
+               EC_GROUP_get_seed_len;
+               ERR_load_STORE_strings;
+               PEM_read_bio_EC_PUBKEY;
+               STORE_list_private_key_end;
+               i2d_EC_PUBKEY;
+               ECDSA_get_default_method;
+               ASN1_put_eoc;
+               X509_STORE_CTX_get_explicit_policy;
+               X509_STORE_CTX_get_expl_policy;
+               X509_VERIFY_PARAM_table_cleanup;
+               STORE_modify_private_key;
+               X509_VERIFY_PARAM_free;
+               EC_METHOD_get_field_type;
+               EC_GFp_nist_method;
+               STORE_meth_set_modify_fn;
+               STORE_method_set_modify_function;
+               STORE_parse_attrs_next;
+               ENGINE_load_padlock;
+               EC_GROUP_set_curve_name;
+               X509_CERT_PAIR_it;
+               X509_CERT_PAIR_it;
+               STORE_meth_get_revoke_fn;
+               STORE_method_get_revoke_function;
+               STORE_method_set_get_function;
+               STORE_modify_number;
+               STORE_method_get_store_function;
+               STORE_store_private_key;
+               BN_GF2m_mod_sqr_arr;
+               RSA_setup_blinding;
+               BIO_s_datagram;
+               STORE_Memory;
+               sk_find_ex;
+               EC_GROUP_set_curve_GF2m;
+               ENGINE_set_default_ECDSA;
+               POLICY_CONSTRAINTS_new;
+               BN_GF2m_mod_sqrt;
+               ECDH_set_default_method;
+               EC_KEY_generate_key;
+               SHA384_Update;
+               BN_GF2m_arr2poly;
+               STORE_method_get_get_function;
+               STORE_meth_set_cleanup_fn;
+               STORE_method_set_cleanup_function;
+               EC_GROUP_check;
+               d2i_ECPrivateKey_bio;
+               EC_KEY_insert_key_method_data;
+               STORE_meth_get_lock_store_fn;
+               STORE_method_get_lock_store_function;
+               X509_VERIFY_PARAM_get_depth;
+               SHA224_Final;
+               STORE_meth_set_update_store_fn;
+               STORE_method_set_update_store_function;
+               SHA224_Update;
+               d2i_ECPrivateKey;
+               ASN1_item_ndef_i2d;
+               STORE_delete_private_key;
+               ERR_pop_to_mark;
+               ENGINE_register_all_STORE;
+               X509_policy_level_get0_node;
+               i2d_PKCS7_NDEF;
+               EC_GROUP_get_degree;
+               ASN1_generate_v3;
+               STORE_ATTR_INFO_modify_cstr;
+               X509_policy_tree_level_count;
+               BN_GF2m_add;
+               EC_KEY_get0_group;
+               STORE_generate_crl;
+               STORE_store_public_key;
+               X509_CERT_PAIR_free;
+               STORE_revoke_private_key;
+               BN_nist_mod_224;
+               SHA512_Final;
+               STORE_ATTR_INFO_modify_dn;
+               STORE_meth_get_initialise_fn;
+               STORE_method_get_initialise_function;
+               STORE_delete_number;
+               i2d_EC_PUBKEY_bio;
+               BIO_dgram_non_fatal_error;
+               EC_GROUP_get_asn1_flag;
+               STORE_ATTR_INFO_in_ex;
+               STORE_list_crl_start;
+               ECDH_get_ex_new_index;
+               STORE_meth_get_modify_fn;
+               STORE_method_get_modify_function;
+               v2i_ASN1_BIT_STRING;
+               STORE_store_certificate;
+               OBJ_bsearch_ex;
+               X509_STORE_CTX_set_default;
+               STORE_ATTR_INFO_set_sha1str;
+               BN_GF2m_mod_inv;
+               BN_GF2m_mod_exp;
+               STORE_modify_public_key;
+               STORE_meth_get_list_start_fn;
+               STORE_method_get_list_start_function;
+               EC_GROUP_get0_seed;
+               STORE_store_arbitrary;
+               STORE_meth_set_unlock_store_fn;
+               STORE_method_set_unlock_store_function;
+               BN_GF2m_mod_div_arr;
+               ENGINE_set_ECDSA;
+               STORE_create_method;
+               ECPKParameters_print;
+               EC_KEY_get0_private_key;
+               PEM_write_EC_PUBKEY;
+               X509_VERIFY_PARAM_set1;
+               ECDH_set_method;
+               v2i_GENERAL_NAME_ex;
+               ECDH_set_ex_data;
+               STORE_generate_key;
+               BN_nist_mod_521;
+               X509_policy_tree_get0_level;
+               EC_GROUP_set_point_conversion_form;
+               EC_GROUP_set_point_conv_form;
+               PEM_read_EC_PUBKEY;
+               i2d_ECDSA_SIG;
+               ECDSA_OpenSSL;
+               STORE_delete_crl;
+               EC_KEY_get_enc_flags;
+               ASN1_const_check_infinite_end;
+               EVP_PKEY_delete_attr;
+               ECDSA_set_default_method;
+               EC_POINT_set_compressed_coordinates_GF2m;
+               EC_POINT_set_compr_coords_GF2m;
+               EC_GROUP_cmp;
+               STORE_revoke_certificate;
+               BN_get0_nist_prime_256;
+               STORE_meth_get_delete_fn;
+               STORE_method_get_delete_function;
+               SHA224_Init;
+               PEM_read_ECPrivateKey;
+               SHA512_Init;
+               STORE_parse_attrs_endp;
+               BN_set_negative;
+               ERR_load_ECDSA_strings;
+               EC_GROUP_get_basis_type;
+               STORE_list_public_key_next;
+               i2v_ASN1_BIT_STRING;
+               STORE_OBJECT_free;
+               BN_nist_mod_384;
+               i2d_X509_CERT_PAIR;
+               PEM_write_ECPKParameters;
+               ECDH_compute_key;
+               STORE_ATTR_INFO_get0_sha1str;
+               ENGINE_register_all_ECDH;
+               pqueue_pop;
+               STORE_ATTR_INFO_get0_cstr;
+               POLICY_CONSTRAINTS_it;
+               POLICY_CONSTRAINTS_it;
+               STORE_get_ex_new_index;
+               EVP_PKEY_get_attr_by_OBJ;
+               X509_VERIFY_PARAM_add0_policy;
+               BN_GF2m_mod_solve_quad;
+               SHA256;
+               i2d_ECPrivateKey_fp;
+               X509_policy_tree_get0_user_policies;
+               X509_pcy_tree_get0_usr_policies;
+               OPENSSL_DIR_read;
+               ENGINE_register_all_ECDSA;
+               X509_VERIFY_PARAM_lookup;
+               EC_POINT_get_affine_coordinates_GF2m;
+               EC_POINT_get_affine_coords_GF2m;
+               EC_GROUP_dup;
+               ENGINE_get_default_ECDSA;
+               EC_KEY_new;
+               SHA256_Transform;
+               EC_KEY_set_enc_flags;
+               ECDSA_verify;
+               EC_POINT_point2hex;
+               ENGINE_get_STORE;
+               SHA512;
+               STORE_get_certificate;
+               ECDSA_do_sign_ex;
+               ECDSA_do_verify;
+               d2i_ECPrivateKey_fp;
+               STORE_delete_certificate;
+               SHA512_Transform;
+               X509_STORE_set1_param;
+               STORE_method_get_ctrl_function;
+               STORE_free;
+               PEM_write_ECPrivateKey;
+               STORE_meth_get_unlock_store_fn;
+               STORE_method_get_unlock_store_function;
+               STORE_get_ex_data;
+               EC_KEY_set_public_key;
+               PEM_read_ECPKParameters;
+               X509_CERT_PAIR_new;
+               ENGINE_register_STORE;
+               RSA_generate_key_ex;
+               DSA_generate_parameters_ex;
+               ECParameters_print_fp;
+               X509V3_NAME_from_section;
+               EVP_PKEY_add1_attr;
+               STORE_modify_crl;
+               STORE_list_private_key_start;
+               POLICY_MAPPINGS_it;
+               POLICY_MAPPINGS_it;
+               GENERAL_SUBTREE_it;
+               GENERAL_SUBTREE_it;
+               EC_GROUP_get_curve_name;
+               PEM_write_X509_CERT_PAIR;
+               BIO_dump_indent_cb;
+               d2i_X509_CERT_PAIR;
+               STORE_list_private_key_endp;
+               asn1_const_Finish;
+               i2d_EC_PUBKEY_fp;
+               BN_nist_mod_256;
+               X509_VERIFY_PARAM_add0_table;
+               pqueue_free;
+               BN_BLINDING_create_param;
+               ECDSA_size;
+               d2i_EC_PUBKEY_bio;
+               BN_get0_nist_prime_521;
+               STORE_ATTR_INFO_modify_sha1str;
+               BN_generate_prime_ex;
+               EC_GROUP_new_by_curve_name;
+               SHA256_Final;
+               DH_generate_parameters_ex;
+               PEM_read_bio_ECPrivateKey;
+               STORE_meth_get_cleanup_fn;
+               STORE_method_get_cleanup_function;
+               ENGINE_get_ECDH;
+               d2i_ECDSA_SIG;
+               BN_is_prime_fasttest_ex;
+               ECDSA_sign;
+               X509_policy_check;
+               EVP_PKEY_get_attr_by_NID;
+               STORE_set_ex_data;
+               ENGINE_get_ECDSA;
+               EVP_ecdsa;
+               BN_BLINDING_get_flags;
+               PKCS12_add_cert;
+               STORE_OBJECT_new;
+               ERR_load_ECDH_strings;
+               EC_KEY_dup;
+               EVP_CIPHER_CTX_rand_key;
+               ECDSA_set_method;
+               a2i_IPADDRESS_NC;
+               d2i_ECParameters;
+               STORE_list_certificate_end;
+               STORE_get_crl;
+               X509_POLICY_NODE_print;
+               SHA384_Init;
+               EC_GF2m_simple_method;
+               ECDSA_set_ex_data;
+               SHA384_Final;
+               PKCS7_set_digest;
+               EC_KEY_print;
+               STORE_meth_set_lock_store_fn;
+               STORE_method_set_lock_store_function;
+               ECDSA_get_ex_new_index;
+               SHA384;
+               POLICY_MAPPING_new;
+               STORE_list_certificate_endp;
+               X509_STORE_CTX_get0_policy_tree;
+               EC_GROUP_set_asn1_flag;
+               EC_KEY_check_key;
+               d2i_EC_PUBKEY_fp;
+               PKCS7_set0_type_other;
+               PEM_read_bio_X509_CERT_PAIR;
+               pqueue_next;
+               STORE_meth_get_list_end_fn;
+               STORE_method_get_list_end_function;
+               EVP_PKEY_add1_attr_by_OBJ;
+               X509_VERIFY_PARAM_set_time;
+               pqueue_new;
+               ENGINE_set_default_ECDH;
+               STORE_new_method;
+               PKCS12_add_key;
+               DSO_merge;
+               EC_POINT_hex2point;
+               BIO_dump_cb;
+               SHA256_Update;
+               pqueue_insert;
+               pitem_free;
+               BN_GF2m_mod_inv_arr;
+               ENGINE_unregister_ECDSA;
+               BN_BLINDING_set_thread_id;
+               get_rfc3526_prime_8192;
+               X509_VERIFY_PARAM_clear_flags;
+               get_rfc2409_prime_1024;
+               DH_check_pub_key;
+               get_rfc3526_prime_2048;
+               get_rfc3526_prime_6144;
+               get_rfc3526_prime_1536;
+               get_rfc3526_prime_3072;
+               get_rfc3526_prime_4096;
+               get_rfc2409_prime_768;
+               X509_VERIFY_PARAM_get_flags;
+               EVP_CIPHER_CTX_new;
+               EVP_CIPHER_CTX_free;
+               Camellia_cbc_encrypt;
+               Camellia_cfb128_encrypt;
+               Camellia_cfb1_encrypt;
+               Camellia_cfb8_encrypt;
+               Camellia_ctr128_encrypt;
+               Camellia_cfbr_encrypt_block;
+               Camellia_decrypt;
+               Camellia_ecb_encrypt;
+               Camellia_encrypt;
+               Camellia_ofb128_encrypt;
+               Camellia_set_key;
+               EVP_camellia_128_cbc;
+               EVP_camellia_128_cfb128;
+               EVP_camellia_128_cfb1;
+               EVP_camellia_128_cfb8;
+               EVP_camellia_128_ecb;
+               EVP_camellia_128_ofb;
+               EVP_camellia_192_cbc;
+               EVP_camellia_192_cfb128;
+               EVP_camellia_192_cfb1;
+               EVP_camellia_192_cfb8;
+               EVP_camellia_192_ecb;
+               EVP_camellia_192_ofb;
+               EVP_camellia_256_cbc;
+               EVP_camellia_256_cfb128;
+               EVP_camellia_256_cfb1;
+               EVP_camellia_256_cfb8;
+               EVP_camellia_256_ecb;
+               EVP_camellia_256_ofb;
+               a2i_ipadd;
+               ASIdentifiers_free;
+               i2d_ASIdOrRange;
+               EVP_CIPHER_block_size;
+               v3_asid_is_canonical;
+               IPAddressChoice_free;
+               EVP_CIPHER_CTX_set_app_data;
+               BIO_set_callback_arg;
+               v3_addr_add_prefix;
+               IPAddressOrRange_it;
+               IPAddressOrRange_it;
+               BIO_set_flags;
+               ASIdentifiers_it;
+               ASIdentifiers_it;
+               v3_addr_get_range;
+               BIO_method_type;
+               v3_addr_inherits;
+               IPAddressChoice_it;
+               IPAddressChoice_it;
+               AES_ige_encrypt;
+               v3_addr_add_range;
+               EVP_CIPHER_CTX_nid;
+               d2i_ASRange;
+               v3_addr_add_inherit;
+               v3_asid_add_id_or_range;
+               v3_addr_validate_resource_set;
+               EVP_CIPHER_iv_length;
+               EVP_MD_type;
+               v3_asid_canonize;
+               IPAddressRange_free;
+               v3_asid_add_inherit;
+               EVP_CIPHER_CTX_key_length;
+               IPAddressRange_new;
+               ASIdOrRange_new;
+               EVP_MD_size;
+               EVP_MD_CTX_test_flags;
+               BIO_clear_flags;
+               i2d_ASRange;
+               IPAddressRange_it;
+               IPAddressRange_it;
+               IPAddressChoice_new;
+               ASIdentifierChoice_new;
+               ASRange_free;
+               EVP_MD_pkey_type;
+               EVP_MD_CTX_clear_flags;
+               IPAddressFamily_free;
+               i2d_IPAddressFamily;
+               IPAddressOrRange_new;
+               EVP_CIPHER_flags;
+               v3_asid_validate_resource_set;
+               d2i_IPAddressRange;
+               AES_bi_ige_encrypt;
+               BIO_get_callback;
+               IPAddressOrRange_free;
+               v3_addr_subset;
+               d2i_IPAddressFamily;
+               v3_asid_subset;
+               BIO_test_flags;
+               i2d_ASIdentifierChoice;
+               ASRange_it;
+               ASRange_it;
+               d2i_ASIdentifiers;
+               ASRange_new;
+               d2i_IPAddressChoice;
+               v3_addr_get_afi;
+               EVP_CIPHER_key_length;
+               EVP_Cipher;
+               i2d_IPAddressOrRange;
+               ASIdOrRange_it;
+               ASIdOrRange_it;
+               EVP_CIPHER_nid;
+               i2d_IPAddressChoice;
+               EVP_CIPHER_CTX_block_size;
+               ASIdentifiers_new;
+               v3_addr_validate_path;
+               IPAddressFamily_new;
+               EVP_MD_CTX_set_flags;
+               v3_addr_is_canonical;
+               i2d_IPAddressRange;
+               IPAddressFamily_it;
+               IPAddressFamily_it;
+               v3_asid_inherits;
+               EVP_CIPHER_CTX_cipher;
+               EVP_CIPHER_CTX_get_app_data;
+               EVP_MD_block_size;
+               EVP_CIPHER_CTX_flags;
+               v3_asid_validate_path;
+               d2i_IPAddressOrRange;
+               v3_addr_canonize;
+               ASIdentifierChoice_it;
+               ASIdentifierChoice_it;
+               EVP_MD_CTX_md;
+               d2i_ASIdentifierChoice;
+               BIO_method_name;
+               EVP_CIPHER_CTX_iv_length;
+               ASIdOrRange_free;
+               ASIdentifierChoice_free;
+               BIO_get_callback_arg;
+               BIO_set_callback;
+               d2i_ASIdOrRange;
+               i2d_ASIdentifiers;
+               SEED_decrypt;
+               SEED_encrypt;
+               SEED_cbc_encrypt;
+               EVP_seed_ofb;
+               SEED_cfb128_encrypt;
+               SEED_ofb128_encrypt;
+               EVP_seed_cbc;
+               SEED_ecb_encrypt;
+               EVP_seed_ecb;
+               SEED_set_key;
+               EVP_seed_cfb128;
+               X509_EXTENSIONS_it;
+               X509_EXTENSIONS_it;
+               X509_get1_ocsp;
+               OCSP_REQ_CTX_free;
+               i2d_X509_EXTENSIONS;
+               OCSP_sendreq_nbio;
+               OCSP_sendreq_new;
+               d2i_X509_EXTENSIONS;
+               X509_ALGORS_it;
+               X509_ALGORS_it;
+               X509_ALGOR_get0;
+               X509_ALGOR_set0;
+               AES_unwrap_key;
+               AES_wrap_key;
+               X509at_get0_data_by_OBJ;
+               ASN1_TYPE_set1;
+               ASN1_STRING_set0;
+               i2d_X509_ALGORS;
+               BIO_f_zlib;
+               COMP_zlib_cleanup;
+               d2i_X509_ALGORS;
+               CMS_ReceiptRequest_free;
+               PEM_write_CMS;
+               CMS_add0_CertificateChoices;
+               CMS_unsigned_add1_attr_by_OBJ;
+               ERR_load_CMS_strings;
+               CMS_sign_receipt;
+               i2d_CMS_ContentInfo;
+               CMS_signed_delete_attr;
+               d2i_CMS_bio;
+               CMS_unsigned_get_attr_by_NID;
+               CMS_verify;
+               SMIME_read_CMS;
+               CMS_decrypt_set1_key;
+               CMS_SignerInfo_get0_algs;
+               CMS_add1_cert;
+               CMS_set_detached;
+               CMS_encrypt;
+               CMS_EnvelopedData_create;
+               CMS_uncompress;
+               CMS_add0_crl;
+               CMS_SignerInfo_verify_content;
+               CMS_unsigned_get0_data_by_OBJ;
+               PEM_write_bio_CMS;
+               CMS_unsigned_get_attr;
+               CMS_RecipientInfo_ktri_cert_cmp;
+               CMS_RecipientInfo_ktri_get0_algs;
+               CMS_RecipInfo_ktri_get0_algs;
+               CMS_ContentInfo_free;
+               CMS_final;
+               CMS_add_simple_smimecap;
+               CMS_SignerInfo_verify;
+               CMS_data;
+               CMS_ContentInfo_it;
+               CMS_ContentInfo_it;
+               d2i_CMS_ReceiptRequest;
+               CMS_compress;
+               CMS_digest_create;
+               CMS_SignerInfo_cert_cmp;
+               CMS_SignerInfo_sign;
+               CMS_data_create;
+               i2d_CMS_bio;
+               CMS_EncryptedData_set1_key;
+               CMS_decrypt;
+               int_smime_write_ASN1;
+               CMS_unsigned_delete_attr;
+               CMS_unsigned_get_attr_count;
+               CMS_add_smimecap;
+               PEM_read_CMS;
+               CMS_signed_get_attr_by_OBJ;
+               d2i_CMS_ContentInfo;
+               CMS_add_standard_smimecap;
+               CMS_ContentInfo_new;
+               CMS_RecipientInfo_type;
+               CMS_get0_type;
+               CMS_is_detached;
+               CMS_sign;
+               CMS_signed_add1_attr;
+               CMS_unsigned_get_attr_by_OBJ;
+               SMIME_write_CMS;
+               CMS_EncryptedData_decrypt;
+               CMS_get0_RecipientInfos;
+               CMS_add0_RevocationInfoChoice;
+               CMS_decrypt_set1_pkey;
+               CMS_SignerInfo_set1_signer_cert;
+               CMS_get0_signers;
+               CMS_ReceiptRequest_get0_values;
+               CMS_signed_get0_data_by_OBJ;
+               CMS_get0_SignerInfos;
+               CMS_add0_cert;
+               CMS_EncryptedData_encrypt;
+               CMS_digest_verify;
+               CMS_set1_signers_certs;
+               CMS_signed_get_attr;
+               CMS_RecipientInfo_set0_key;
+               CMS_SignedData_init;
+               CMS_RecipientInfo_kekri_get0_id;
+               CMS_verify_receipt;
+               CMS_ReceiptRequest_it;
+               CMS_ReceiptRequest_it;
+               PEM_read_bio_CMS;
+               CMS_get1_crls;
+               CMS_add0_recipient_key;
+               SMIME_read_ASN1;
+               CMS_ReceiptRequest_new;
+               CMS_get0_content;
+               CMS_get1_ReceiptRequest;
+               CMS_signed_add1_attr_by_OBJ;
+               CMS_RecipientInfo_kekri_id_cmp;
+               CMS_add1_ReceiptRequest;
+               CMS_SignerInfo_get0_signer_id;
+               CMS_unsigned_add1_attr_by_NID;
+               CMS_unsigned_add1_attr;
+               CMS_signed_get_attr_by_NID;
+               CMS_get1_certs;
+               CMS_signed_add1_attr_by_NID;
+               CMS_unsigned_add1_attr_by_txt;
+               CMS_dataFinal;
+               CMS_RecipientInfo_ktri_get0_signer_id;
+               CMS_RecipInfo_ktri_get0_sigr_id;
+               i2d_CMS_ReceiptRequest;
+               CMS_add1_recipient_cert;
+               CMS_dataInit;
+               CMS_signed_add1_attr_by_txt;
+               CMS_RecipientInfo_decrypt;
+               CMS_signed_get_attr_count;
+               CMS_get0_eContentType;
+               CMS_set1_eContentType;
+               CMS_ReceiptRequest_create0;
+               CMS_add1_signer;
+               CMS_RecipientInfo_set0_pkey;
+               ENGINE_set_load_ssl_client_cert_function;
+               ENGINE_set_ld_ssl_clnt_cert_fn;
+               ENGINE_get_ssl_client_cert_function;
+               ENGINE_get_ssl_client_cert_fn;
+               ENGINE_load_ssl_client_cert;
+               ENGINE_load_capi;
+               OPENSSL_isservice;
+               FIPS_dsa_sig_decode;
+               EVP_CIPHER_CTX_clear_flags;
+               FIPS_rand_status;
+               FIPS_rand_set_key;
+               CRYPTO_set_mem_info_functions;
+               RSA_X931_generate_key_ex;
+               int_ERR_set_state_func;
+               int_EVP_MD_set_engine_callbacks;
+               int_CRYPTO_set_do_dynlock_callback;
+               FIPS_rng_stick;
+               EVP_CIPHER_CTX_set_flags;
+               BN_X931_generate_prime_ex;
+               FIPS_selftest_check;
+               FIPS_rand_set_dt;
+               CRYPTO_dbg_pop_info;
+               FIPS_dsa_free;
+               RSA_X931_derive_ex;
+               FIPS_rsa_new;
+               FIPS_rand_bytes;
+               fips_cipher_test;
+               EVP_CIPHER_CTX_test_flags;
+               CRYPTO_malloc_debug_init;
+               CRYPTO_dbg_push_info;
+               FIPS_corrupt_rsa_keygen;
+               FIPS_dh_new;
+               FIPS_corrupt_dsa_keygen;
+               FIPS_dh_free;
+               fips_pkey_signature_test;
+               EVP_add_alg_module;
+               int_RAND_init_engine_callbacks;
+               int_EVP_CIPHER_set_engine_callbacks;
+               int_EVP_MD_init_engine_callbacks;
+               FIPS_rand_test_mode;
+               FIPS_rand_reset;
+               FIPS_dsa_new;
+               int_RAND_set_callbacks;
+               BN_X931_derive_prime_ex;
+               int_ERR_lib_init;
+               int_EVP_CIPHER_init_engine_callbacks;
+               FIPS_rsa_free;
+               FIPS_dsa_sig_encode;
+               CRYPTO_dbg_remove_all_info;
+               OPENSSL_init;
+               CRYPTO_strdup;
+               JPAKE_STEP3A_process;
+               JPAKE_STEP1_release;
+               JPAKE_get_shared_key;
+               JPAKE_STEP3B_init;
+               JPAKE_STEP1_generate;
+               JPAKE_STEP1_init;
+               JPAKE_STEP3B_process;
+               JPAKE_STEP2_generate;
+               JPAKE_CTX_new;
+               JPAKE_CTX_free;
+               JPAKE_STEP3B_release;
+               JPAKE_STEP3A_release;
+               JPAKE_STEP2_process;
+               JPAKE_STEP3B_generate;
+               JPAKE_STEP1_process;
+               JPAKE_STEP3A_generate;
+               JPAKE_STEP2_release;
+               JPAKE_STEP3A_init;
+               ERR_load_JPAKE_strings;
+               JPAKE_STEP2_init;
+               pqueue_size;
+               i2d_TS_ACCURACY;
+               i2d_TS_MSG_IMPRINT_fp;
+               i2d_TS_MSG_IMPRINT;
+               EVP_PKEY_print_public;
+               EVP_PKEY_CTX_new;
+               i2d_TS_TST_INFO;
+               EVP_PKEY_asn1_find;
+               DSO_METHOD_beos;
+               TS_CONF_load_cert;
+               TS_REQ_get_ext;
+               EVP_PKEY_sign_init;
+               ASN1_item_print;
+               TS_TST_INFO_set_nonce;
+               TS_RESP_dup;
+               ENGINE_register_pkey_meths;
+               EVP_PKEY_asn1_add0;
+               PKCS7_add0_attrib_signing_time;
+               i2d_TS_TST_INFO_fp;
+               BIO_asn1_get_prefix;
+               TS_TST_INFO_set_time;
+               EVP_PKEY_meth_set_decrypt;
+               EVP_PKEY_set_type_str;
+               EVP_PKEY_CTX_get_keygen_info;
+               TS_REQ_set_policy_id;
+               d2i_TS_RESP_fp;
+               ENGINE_get_pkey_asn1_meth_engine;
+               ENGINE_get_pkey_asn1_meth_eng;
+               WHIRLPOOL_Init;
+               TS_RESP_set_status_info;
+               EVP_PKEY_keygen;
+               EVP_DigestSignInit;
+               TS_ACCURACY_set_millis;
+               TS_REQ_dup;
+               GENERAL_NAME_dup;
+               ASN1_SEQUENCE_ANY_it;
+               ASN1_SEQUENCE_ANY_it;
+               WHIRLPOOL;
+               X509_STORE_get1_crls;
+               ENGINE_get_pkey_asn1_meth;
+               EVP_PKEY_asn1_new;
+               BIO_new_NDEF;
+               ENGINE_get_pkey_meth;
+               TS_MSG_IMPRINT_set_algo;
+               i2d_TS_TST_INFO_bio;
+               TS_TST_INFO_set_ordering;
+               TS_TST_INFO_get_ext_by_OBJ;
+               CRYPTO_THREADID_set_pointer;
+               TS_CONF_get_tsa_section;
+               SMIME_write_ASN1;
+               TS_RESP_CTX_set_signer_key;
+               EVP_PKEY_encrypt_old;
+               EVP_PKEY_encrypt_init;
+               CRYPTO_THREADID_cpy;
+               ASN1_PCTX_get_cert_flags;
+               i2d_ESS_SIGNING_CERT;
+               TS_CONF_load_key;
+               i2d_ASN1_SEQUENCE_ANY;
+               d2i_TS_MSG_IMPRINT_bio;
+               EVP_PKEY_asn1_set_public;
+               b2i_PublicKey_bio;
+               BIO_asn1_set_prefix;
+               EVP_PKEY_new_mac_key;
+               BIO_new_CMS;
+               CRYPTO_THREADID_cmp;
+               TS_REQ_ext_free;
+               EVP_PKEY_asn1_set_free;
+               EVP_PKEY_get0_asn1;
+               d2i_NETSCAPE_X509;
+               EVP_PKEY_verify_recover_init;
+               EVP_PKEY_CTX_set_data;
+               EVP_PKEY_keygen_init;
+               TS_RESP_CTX_set_status_info;
+               TS_MSG_IMPRINT_get_algo;
+               TS_REQ_print_bio;
+               EVP_PKEY_CTX_ctrl_str;
+               EVP_PKEY_get_default_digest_nid;
+               PEM_write_bio_PKCS7_stream;
+               TS_MSG_IMPRINT_print_bio;
+               BN_asc2bn;
+               TS_REQ_get_policy_id;
+               ENGINE_set_default_pkey_asn1_meths;
+               ENGINE_set_def_pkey_asn1_meths;
+               d2i_TS_ACCURACY;
+               DSO_global_lookup;
+               TS_CONF_set_tsa_name;
+               i2d_ASN1_SET_ANY;
+               ENGINE_load_gost;
+               WHIRLPOOL_BitUpdate;
+               ASN1_PCTX_get_flags;
+               TS_TST_INFO_get_ext_by_NID;
+               TS_RESP_new;
+               ESS_CERT_ID_dup;
+               TS_STATUS_INFO_dup;
+               TS_REQ_delete_ext;
+               EVP_DigestVerifyFinal;
+               EVP_PKEY_print_params;
+               i2d_CMS_bio_stream;
+               TS_REQ_get_msg_imprint;
+               OBJ_find_sigid_by_algs;
+               TS_TST_INFO_get_serial;
+               TS_REQ_get_nonce;
+               X509_PUBKEY_set0_param;
+               EVP_PKEY_CTX_set0_keygen_info;
+               DIST_POINT_set_dpname;
+               i2d_ISSUING_DIST_POINT;
+               ASN1_SET_ANY_it;
+               ASN1_SET_ANY_it;
+               EVP_PKEY_CTX_get_data;
+               TS_STATUS_INFO_print_bio;
+               EVP_PKEY_derive_init;
+               d2i_TS_TST_INFO;
+               EVP_PKEY_asn1_add_alias;
+               d2i_TS_RESP_bio;
+               OTHERNAME_cmp;
+               GENERAL_NAME_set0_value;
+               PKCS7_RECIP_INFO_get0_alg;
+               TS_RESP_CTX_new;
+               TS_RESP_set_tst_info;
+               PKCS7_final;
+               EVP_PKEY_base_id;
+               TS_RESP_CTX_set_signer_cert;
+               TS_REQ_set_msg_imprint;
+               EVP_PKEY_CTX_ctrl;
+               TS_CONF_set_digests;
+               d2i_TS_MSG_IMPRINT;
+               EVP_PKEY_meth_set_ctrl;
+               TS_REQ_get_ext_by_NID;
+               PKCS5_pbe_set0_algor;
+               BN_BLINDING_thread_id;
+               TS_ACCURACY_new;
+               X509_CRL_METHOD_free;
+               ASN1_PCTX_get_nm_flags;
+               EVP_PKEY_meth_set_sign;
+               CRYPTO_THREADID_current;
+               EVP_PKEY_decrypt_init;
+               NETSCAPE_X509_free;
+               i2b_PVK_bio;
+               EVP_PKEY_print_private;
+               GENERAL_NAME_get0_value;
+               b2i_PVK_bio;
+               ASN1_UTCTIME_adj;
+               TS_TST_INFO_new;
+               EVP_MD_do_all_sorted;
+               TS_CONF_set_default_engine;
+               TS_ACCURACY_set_seconds;
+               TS_TST_INFO_get_time;
+               PKCS8_pkey_get0;
+               EVP_PKEY_asn1_get0;
+               OBJ_add_sigid;
+               PKCS7_SIGNER_INFO_sign;
+               EVP_PKEY_paramgen_init;
+               EVP_PKEY_sign;
+               OBJ_sigid_free;
+               EVP_PKEY_meth_set_init;
+               d2i_ESS_ISSUER_SERIAL;
+               ISSUING_DIST_POINT_new;
+               ASN1_TIME_adj;
+               TS_OBJ_print_bio;
+               EVP_PKEY_meth_set_verify_recover;
+               EVP_PKEY_meth_set_vrfy_recover;
+               TS_RESP_get_status_info;
+               CMS_stream;
+               EVP_PKEY_CTX_set_cb;
+               PKCS7_to_TS_TST_INFO;
+               ASN1_PCTX_get_oid_flags;
+               TS_TST_INFO_add_ext;
+               EVP_PKEY_meth_set_derive;
+               i2d_TS_RESP_fp;
+               i2d_TS_MSG_IMPRINT_bio;
+               TS_RESP_CTX_set_accuracy;
+               TS_REQ_set_nonce;
+               ESS_CERT_ID_new;
+               ENGINE_pkey_asn1_find_str;
+               TS_REQ_get_ext_count;
+               BUF_reverse;
+               TS_TST_INFO_print_bio;
+               d2i_ISSUING_DIST_POINT;
+               ENGINE_get_pkey_meths;
+               i2b_PrivateKey_bio;
+               i2d_TS_RESP;
+               b2i_PublicKey;
+               TS_VERIFY_CTX_cleanup;
+               TS_STATUS_INFO_free;
+               TS_RESP_verify_token;
+               OBJ_bsearch_ex_;
+               ASN1_bn_print;
+               EVP_PKEY_asn1_get_count;
+               ENGINE_register_pkey_asn1_meths;
+               ASN1_PCTX_set_nm_flags;
+               EVP_DigestVerifyInit;
+               ENGINE_set_default_pkey_meths;
+               TS_TST_INFO_get_policy_id;
+               TS_REQ_get_cert_req;
+               X509_CRL_set_meth_data;
+               PKCS8_pkey_set0;
+               ASN1_STRING_copy;
+               d2i_TS_TST_INFO_fp;
+               X509_CRL_match;
+               EVP_PKEY_asn1_set_private;
+               TS_TST_INFO_get_ext_d2i;
+               TS_RESP_CTX_add_policy;
+               d2i_TS_RESP;
+               TS_CONF_load_certs;
+               TS_TST_INFO_get_msg_imprint;
+               ERR_load_TS_strings;
+               TS_TST_INFO_get_version;
+               EVP_PKEY_CTX_dup;
+               EVP_PKEY_meth_set_verify;
+               i2b_PublicKey_bio;
+               TS_CONF_set_certs;
+               EVP_PKEY_asn1_get0_info;
+               TS_VERIFY_CTX_free;
+               TS_REQ_get_ext_by_critical;
+               TS_RESP_CTX_set_serial_cb;
+               X509_CRL_get_meth_data;
+               TS_RESP_CTX_set_time_cb;
+               TS_MSG_IMPRINT_get_msg;
+               TS_TST_INFO_ext_free;
+               TS_REQ_get_version;
+               TS_REQ_add_ext;
+               EVP_PKEY_CTX_set_app_data;
+               OBJ_bsearch_;
+               EVP_PKEY_meth_set_verifyctx;
+               i2d_PKCS7_bio_stream;
+               CRYPTO_THREADID_set_numeric;
+               PKCS7_sign_add_signer;
+               d2i_TS_TST_INFO_bio;
+               TS_TST_INFO_get_ordering;
+               TS_RESP_print_bio;
+               TS_TST_INFO_get_exts;
+               HMAC_CTX_copy;
+               PKCS5_pbe2_set_iv;
+               ENGINE_get_pkey_asn1_meths;
+               b2i_PrivateKey;
+               EVP_PKEY_CTX_get_app_data;
+               TS_REQ_set_cert_req;
+               CRYPTO_THREADID_set_callback;
+               TS_CONF_set_serial;
+               TS_TST_INFO_free;
+               d2i_TS_REQ_fp;
+               TS_RESP_verify_response;
+               i2d_ESS_ISSUER_SERIAL;
+               TS_ACCURACY_get_seconds;
+               EVP_CIPHER_do_all;
+               b2i_PrivateKey_bio;
+               OCSP_CERTID_dup;
+               X509_PUBKEY_get0_param;
+               TS_MSG_IMPRINT_dup;
+               PKCS7_print_ctx;
+               i2d_TS_REQ_bio;
+               EVP_whirlpool;
+               EVP_PKEY_asn1_set_param;
+               EVP_PKEY_meth_set_encrypt;
+               ASN1_PCTX_set_flags;
+               i2d_ESS_CERT_ID;
+               TS_VERIFY_CTX_new;
+               TS_RESP_CTX_set_extension_cb;
+               ENGINE_register_all_pkey_meths;
+               TS_RESP_CTX_set_status_info_cond;
+               TS_RESP_CTX_set_stat_info_cond;
+               EVP_PKEY_verify;
+               WHIRLPOOL_Final;
+               X509_CRL_METHOD_new;
+               EVP_DigestSignFinal;
+               TS_RESP_CTX_set_def_policy;
+               NETSCAPE_X509_it;
+               NETSCAPE_X509_it;
+               TS_RESP_create_response;
+               PKCS7_SIGNER_INFO_get0_algs;
+               TS_TST_INFO_get_nonce;
+               EVP_PKEY_decrypt_old;
+               TS_TST_INFO_set_policy_id;
+               TS_CONF_set_ess_cert_id_chain;
+               EVP_PKEY_CTX_get0_pkey;
+               d2i_TS_REQ;
+               EVP_PKEY_asn1_find_str;
+               BIO_f_asn1;
+               ESS_SIGNING_CERT_new;
+               EVP_PBE_find;
+               X509_CRL_get0_by_cert;
+               EVP_PKEY_derive;
+               i2d_TS_REQ;
+               TS_TST_INFO_delete_ext;
+               ESS_ISSUER_SERIAL_free;
+               ASN1_PCTX_set_str_flags;
+               ENGINE_get_pkey_asn1_meth_str;
+               TS_CONF_set_signer_key;
+               TS_ACCURACY_get_millis;
+               TS_RESP_get_token;
+               TS_ACCURACY_dup;
+               ENGINE_register_all_pkey_asn1_meths;
+               ENGINE_reg_all_pkey_asn1_meths;
+               X509_CRL_set_default_method;
+               CRYPTO_THREADID_hash;
+               CMS_ContentInfo_print_ctx;
+               TS_RESP_free;
+               ISSUING_DIST_POINT_free;
+               ESS_ISSUER_SERIAL_new;
+               CMS_add1_crl;
+               PKCS7_add1_attrib_digest;
+               TS_RESP_CTX_add_md;
+               TS_TST_INFO_dup;
+               ENGINE_set_pkey_asn1_meths;
+               PEM_write_bio_Parameters;
+               TS_TST_INFO_get_accuracy;
+               X509_CRL_get0_by_serial;
+               TS_TST_INFO_set_version;
+               TS_RESP_CTX_get_tst_info;
+               TS_RESP_verify_signature;
+               CRYPTO_THREADID_get_callback;
+               TS_TST_INFO_get_tsa;
+               TS_STATUS_INFO_new;
+               EVP_PKEY_CTX_get_cb;
+               TS_REQ_get_ext_d2i;
+               GENERAL_NAME_set0_othername;
+               TS_TST_INFO_get_ext_count;
+               TS_RESP_CTX_get_request;
+               i2d_NETSCAPE_X509;
+               ENGINE_get_pkey_meth_engine;
+               EVP_PKEY_meth_set_signctx;
+               EVP_PKEY_asn1_copy;
+               ASN1_TYPE_cmp;
+               EVP_CIPHER_do_all_sorted;
+               EVP_PKEY_CTX_free;
+               ISSUING_DIST_POINT_it;
+               ISSUING_DIST_POINT_it;
+               d2i_TS_MSG_IMPRINT_fp;
+               X509_STORE_get1_certs;
+               EVP_PKEY_CTX_get_operation;
+               d2i_ESS_SIGNING_CERT;
+               TS_CONF_set_ordering;
+               EVP_PBE_alg_add_type;
+               TS_REQ_set_version;
+               EVP_PKEY_get0;
+               BIO_asn1_set_suffix;
+               i2d_TS_STATUS_INFO;
+               EVP_MD_do_all;
+               TS_TST_INFO_set_accuracy;
+               PKCS7_add_attrib_content_type;
+               ERR_remove_thread_state;
+               EVP_PKEY_meth_add0;
+               TS_TST_INFO_set_tsa;
+               EVP_PKEY_meth_new;
+               WHIRLPOOL_Update;
+               TS_CONF_set_accuracy;
+               ASN1_PCTX_set_oid_flags;
+               ESS_SIGNING_CERT_dup;
+               d2i_TS_REQ_bio;
+               X509_time_adj_ex;
+               TS_RESP_CTX_add_flags;
+               d2i_TS_STATUS_INFO;
+               TS_MSG_IMPRINT_set_msg;
+               BIO_asn1_get_suffix;
+               TS_REQ_free;
+               EVP_PKEY_meth_free;
+               TS_REQ_get_exts;
+               TS_RESP_CTX_set_clock_precision_digits;
+               TS_RESP_CTX_set_clk_prec_digits;
+               TS_RESP_CTX_add_failure_info;
+               i2d_TS_RESP_bio;
+               EVP_PKEY_CTX_get0_peerkey;
+               PEM_write_bio_CMS_stream;
+               TS_REQ_new;
+               TS_MSG_IMPRINT_new;
+               EVP_PKEY_meth_find;
+               EVP_PKEY_id;
+               TS_TST_INFO_set_serial;
+               a2i_GENERAL_NAME;
+               TS_CONF_set_crypto_device;
+               EVP_PKEY_verify_init;
+               TS_CONF_set_policies;
+               ASN1_PCTX_new;
+               ESS_CERT_ID_free;
+               ENGINE_unregister_pkey_meths;
+               TS_MSG_IMPRINT_free;
+               TS_VERIFY_CTX_init;
+               PKCS7_stream;
+               TS_RESP_CTX_set_certs;
+               TS_CONF_set_def_policy;
+               ASN1_GENERALIZEDTIME_adj;
+               NETSCAPE_X509_new;
+               TS_ACCURACY_free;
+               TS_RESP_get_tst_info;
+               EVP_PKEY_derive_set_peer;
+               PEM_read_bio_Parameters;
+               TS_CONF_set_clock_precision_digits;
+               TS_CONF_set_clk_prec_digits;
+               ESS_ISSUER_SERIAL_dup;
+               TS_ACCURACY_get_micros;
+               ASN1_PCTX_get_str_flags;
+               NAME_CONSTRAINTS_check;
+               ASN1_BIT_STRING_check;
+               X509_check_akid;
+               ENGINE_unregister_pkey_asn1_meths;
+               ENGINE_unreg_pkey_asn1_meths;
+               ASN1_PCTX_free;
+               PEM_write_bio_ASN1_stream;
+               i2d_ASN1_bio_stream;
+               TS_X509_ALGOR_print_bio;
+               EVP_PKEY_meth_set_cleanup;
+               EVP_PKEY_asn1_free;
+               ESS_SIGNING_CERT_free;
+               TS_TST_INFO_set_msg_imprint;
+               GENERAL_NAME_cmp;
+               d2i_ASN1_SET_ANY;
+               ENGINE_set_pkey_meths;
+               i2d_TS_REQ_fp;
+               d2i_ASN1_SEQUENCE_ANY;
+               GENERAL_NAME_get0_otherName;
+               d2i_ESS_CERT_ID;
+               OBJ_find_sigid_algs;
+               EVP_PKEY_meth_set_keygen;
+               PKCS5_PBKDF2_HMAC;
+               EVP_PKEY_paramgen;
+               EVP_PKEY_meth_set_paramgen;
+               BIO_new_PKCS7;
+               EVP_PKEY_verify_recover;
+               TS_ext_print_bio;
+               TS_ASN1_INTEGER_print_bio;
+               check_defer;
+               DSO_pathbyaddr;
+               EVP_PKEY_set_type;
+               TS_ACCURACY_set_micros;
+               TS_REQ_to_TS_VERIFY_CTX;
+               EVP_PKEY_meth_set_copy;
+               ASN1_PCTX_set_cert_flags;
+               TS_TST_INFO_get_ext;
+               EVP_PKEY_asn1_set_ctrl;
+               TS_TST_INFO_get_ext_by_critical;
+               EVP_PKEY_CTX_new_id;
+               TS_REQ_get_ext_by_OBJ;
+               TS_CONF_set_signer_cert;
+               X509_NAME_hash_old;
+               ASN1_TIME_set_string;
+               EVP_MD_flags;
+               TS_RESP_CTX_free;
+               DSAparams_dup;
+               DHparams_dup;
+               OCSP_REQ_CTX_add1_header;
+               OCSP_REQ_CTX_set1_req;
+               X509_STORE_set_verify_cb;
+               X509_STORE_CTX_get0_current_crl;
+               X509_STORE_CTX_get0_parent_ctx;
+               X509_STORE_CTX_get0_current_issuer;
+               X509_STORE_CTX_get0_cur_issuer;
+               X509_issuer_name_hash_old;
+               X509_subject_name_hash_old;
+               EVP_CIPHER_CTX_copy;
+               UI_method_get_prompt_constructor;
+               UI_method_get_prompt_constructr;
+               UI_method_set_prompt_constructor;
+               UI_method_set_prompt_constructr;
+               EVP_read_pw_string_min;
+               CRYPTO_cts128_encrypt;
+               CRYPTO_cts128_decrypt_block;
+               CRYPTO_cfb128_1_encrypt;
+               CRYPTO_cbc128_encrypt;
+               CRYPTO_ctr128_encrypt;
+               CRYPTO_ofb128_encrypt;
+               CRYPTO_cts128_decrypt;
+               CRYPTO_cts128_encrypt_block;
+               CRYPTO_cbc128_decrypt;
+               CRYPTO_cfb128_encrypt;
+               CRYPTO_cfb128_8_encrypt;
+
+       local:
+               *;
+};
+
+
+OPENSSL_1.0.1 {
+       global:
+               SSL_renegotiate_abbreviated;
+               TLSv1_1_method;
+               TLSv1_1_client_method;
+               TLSv1_1_server_method;
+               SSL_CTX_set_srp_client_pwd_callback;
+               SSL_CTX_set_srp_client_pwd_cb;
+               SSL_get_srp_g;
+               SSL_CTX_set_srp_username_callback;
+               SSL_CTX_set_srp_un_cb;
+               SSL_get_srp_userinfo;
+               SSL_set_srp_server_param;
+               SSL_set_srp_server_param_pw;
+               SSL_get_srp_N;
+               SSL_get_srp_username;
+               SSL_CTX_set_srp_password;
+               SSL_CTX_set_srp_strength;
+               SSL_CTX_set_srp_verify_param_callback;
+               SSL_CTX_set_srp_vfy_param_cb;
+               SSL_CTX_set_srp_cb_arg;
+               SSL_CTX_set_srp_username;
+               SSL_CTX_SRP_CTX_init;
+               SSL_SRP_CTX_init;
+               SRP_Calc_A_param;
+               SRP_generate_server_master_secret;
+               SRP_gen_server_master_secret;
+               SSL_CTX_SRP_CTX_free;
+               SRP_generate_client_master_secret;
+               SRP_gen_client_master_secret;
+               SSL_srp_server_param_with_username;
+               SSL_srp_server_param_with_un;
+               SSL_SRP_CTX_free;
+               SSL_set_debug;
+               SSL_SESSION_get0_peer;
+               TLSv1_2_client_method;
+               SSL_SESSION_set1_id_context;
+               TLSv1_2_server_method;
+               SSL_cache_hit;
+               SSL_get0_kssl_ctx;
+               SSL_set0_kssl_ctx;
+               SSL_set_state;
+               SSL_CIPHER_get_id;
+               TLSv1_2_method;
+               kssl_ctx_get0_client_princ;
+               SSL_export_keying_material;
+               SSL_set_tlsext_use_srtp;
+               SSL_CTX_set_next_protos_advertised_cb;
+               SSL_CTX_set_next_protos_adv_cb;
+               SSL_get0_next_proto_negotiated;
+               SSL_get_selected_srtp_profile;
+               SSL_CTX_set_tlsext_use_srtp;
+               SSL_select_next_proto;
+               SSL_get_srtp_profiles;
+               SSL_CTX_set_next_proto_select_cb;
+               SSL_CTX_set_next_proto_sel_cb;
+               SSL_SESSION_get_compress_id;
+
+               SRP_VBASE_get_by_user;
+               SRP_Calc_server_key;
+               SRP_create_verifier;
+               SRP_create_verifier_BN;
+               SRP_Calc_u;
+               SRP_VBASE_free;
+               SRP_Calc_client_key;
+               SRP_get_default_gN;
+               SRP_Calc_x;
+               SRP_Calc_B;
+               SRP_VBASE_new;
+               SRP_check_known_gN_param;
+               SRP_Calc_A;
+               SRP_Verify_A_mod_N;
+               SRP_VBASE_init;
+               SRP_Verify_B_mod_N;
+               EC_KEY_set_public_key_affine_coordinates;
+               EC_KEY_set_pub_key_aff_coords;
+               EVP_aes_192_ctr;
+               EVP_PKEY_meth_get0_info;
+               EVP_PKEY_meth_copy;
+               ERR_add_error_vdata;
+               EVP_aes_128_ctr;
+               EVP_aes_256_ctr;
+               EC_GFp_nistp224_method;
+               EC_KEY_get_flags;
+               RSA_padding_add_PKCS1_PSS_mgf1;
+               EVP_aes_128_xts;
+               EVP_aes_256_xts;
+               EVP_aes_128_gcm;
+               EC_KEY_clear_flags;
+               EC_KEY_set_flags;
+               EVP_aes_256_ccm;
+               RSA_verify_PKCS1_PSS_mgf1;
+               EVP_aes_128_ccm;
+               EVP_aes_192_gcm;
+               X509_ALGOR_set_md;
+               RAND_init_fips;
+               EVP_aes_256_gcm;
+               EVP_aes_192_ccm;
+               CMAC_CTX_copy;
+               CMAC_CTX_free;
+               CMAC_CTX_get0_cipher_ctx;
+               CMAC_CTX_cleanup;
+               CMAC_Init;
+               CMAC_Update;
+               CMAC_resume;
+               CMAC_CTX_new;
+               CMAC_Final;
+               CRYPTO_ctr128_encrypt_ctr32;
+               CRYPTO_gcm128_release;
+               CRYPTO_ccm128_decrypt_ccm64;
+               CRYPTO_ccm128_encrypt;
+               CRYPTO_gcm128_encrypt;
+               CRYPTO_xts128_encrypt;
+               EVP_rc4_hmac_md5;
+               CRYPTO_nistcts128_decrypt_block;
+               CRYPTO_gcm128_setiv;
+               CRYPTO_nistcts128_encrypt;
+               EVP_aes_128_cbc_hmac_sha1;
+               CRYPTO_gcm128_tag;
+               CRYPTO_ccm128_encrypt_ccm64;
+               ENGINE_load_rdrand;
+               CRYPTO_ccm128_setiv;
+               CRYPTO_nistcts128_encrypt_block;
+               CRYPTO_gcm128_aad;
+               CRYPTO_ccm128_init;
+               CRYPTO_nistcts128_decrypt;
+               CRYPTO_gcm128_new;
+               CRYPTO_ccm128_tag;
+               CRYPTO_ccm128_decrypt;
+               CRYPTO_ccm128_aad;
+               CRYPTO_gcm128_init;
+               CRYPTO_gcm128_decrypt;
+               ENGINE_load_rsax;
+               CRYPTO_gcm128_decrypt_ctr32;
+               CRYPTO_gcm128_encrypt_ctr32;
+               CRYPTO_gcm128_finish;
+               EVP_aes_256_cbc_hmac_sha1;
+               PKCS5_pbkdf2_set;
+               CMS_add0_recipient_password;
+               CMS_decrypt_set1_password;
+               CMS_RecipientInfo_set0_password;
+               RAND_set_fips_drbg_type;
+               X509_REQ_sign_ctx;
+               RSA_PSS_PARAMS_new;
+               X509_CRL_sign_ctx;
+               X509_signature_dump;
+               d2i_RSA_PSS_PARAMS;
+               RSA_PSS_PARAMS_it;
+               RSA_PSS_PARAMS_it;
+               RSA_PSS_PARAMS_free;
+               X509_sign_ctx;
+               i2d_RSA_PSS_PARAMS;
+               ASN1_item_sign_ctx;
+               EC_GFp_nistp521_method;
+               EC_GFp_nistp256_method;
+               OPENSSL_stderr;
+               OPENSSL_cpuid_setup;
+               OPENSSL_showfatal;
+               BIO_new_dgram_sctp;
+               BIO_dgram_sctp_msg_waiting;
+               BIO_dgram_sctp_wait_for_dry;
+               BIO_s_datagram_sctp;
+               BIO_dgram_is_sctp;
+               BIO_dgram_sctp_notification_cb;
+} OPENSSL_1.0.0;
+
+OPENSSL_1.0.1d {
+       global:
+               CRYPTO_memcmp;
+} OPENSSL_1.0.1;
+
+Index: openssl-1.0.1d/engines/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.1d/engines/openssl.ld   2013-02-06 19:41:43.000000000 +0100
+@@ -0,0 +1,10 @@
+OPENSSL_1.0.0 {
+       global:
+               bind_engine;
+               v_check;
+               OPENSSL_init;
+               OPENSSL_finish;
+       local:
+               *;
+};
+
+Index: openssl-1.0.1d/engines/ccgost/openssl.ld
+===================================================================
+--- /dev/null   1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.1d/engines/ccgost/openssl.ld    2013-02-06 19:41:43.000000000 +0100
+@@ -0,0 +1,10 @@
+OPENSSL_1.0.0 {
+       global:
+               bind_engine;
+               v_check;
+               OPENSSL_init;
+               OPENSSL_finish;
+       local:
+               *;
+};
+
diff --git a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
new file mode 100644
index 0000000000..d8a6f1a23c
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
@@ -0,0 +1,56 @@
+Upstream-Status: Inappropriate [configuration]
+Index: openssl-1.0.0/engines/Makefile
+===================================================================
+--- openssl-1.0.0.orig/engines/Makefile
+++ openssl-1.0.0/engines/Makefile
+@@ -107,7 +107,7 @@
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @if [ -n "$(SHARED_LIBS)" ]; then \
+                set -e; \
+-               $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
+               $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
+                for l in $(LIBNAMES); do \
+                        ( echo installing $$l; \
+                          pfx=lib; \
+@@ -119,13 +119,13 @@
+                                *DSO_WIN32*)    sfx="eay32.dll"; pfx=;; \
+                                *)              sfx=".bad";;    \
+                                esac; \
+-                               cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+                               cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+                          else \
+                                sfx=".so"; \
+-                               cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+                               cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+                          fi; \
+-                         chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+-                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+                         chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+                         mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
+                done; \
+        fi
+        @target=install; $(RECURSIVE_MAKE)
+Index: openssl-1.0.0/engines/ccgost/Makefile
+===================================================================
+--- openssl-1.0.0.orig/engines/ccgost/Makefile
+++ openssl-1.0.0/engines/ccgost/Makefile
+@@ -53,13 +53,13 @@
+                        *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+                        *) sfx=".bad";; \
+                        esac; \
+-                       cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+                       cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+                else \
+                        sfx=".so"; \
+-                       cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+                       cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+                fi; \
+-               chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+-               mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
+               chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+               mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
+        fi
+ 
+ links:
diff --git a/meta/recipes-connectivity/openssl/openssl/find.pl b/meta/recipes-connectivity/openssl/openssl/find.pl
new file mode 100644
index 0000000000..8e1b42c88a
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/find.pl
@@ -0,0 +1,54 @@
+warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";
+# This library is deprecated and unmaintained. It is included for
+# compatibility with Perl 4 scripts which may use it, but it will be
+# removed in a future version of Perl. Please use the File::Find module
+# instead.
+# Usage:
+#       require "find.pl";
+#
+#       &find('/foo','/bar');
+#
+#       sub wanted { ... }
+#               where wanted does whatever you want.  $dir contains the
+#               current directory name, and $_ the current filename within
+#               that directory.  $name contains "$dir/$_".  You are cd'ed
+#               to $dir when the function is called.  The function may
+#               set $prune to prune the tree.
+#
+# For example,
+#
+#   find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
+#
+# corresponds to this
+#
+#       sub wanted {
+#           /^\.nfs.*$/ &&
+#           (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
+#           int(-M _) > 7 &&
+#           unlink($_)
+#           ||
+#           ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
+#           $dev < 0 &&
+#           ($prune = 1);
+#       }
+#
+# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats.
+use File::Find ();
+*name           = *File::Find::name;
+*prune          = *File::Find::prune;
+*dir            = *File::Find::dir;
+*topdir         = *File::Find::topdir;
+*topdev         = *File::Find::topdev;
+*topino         = *File::Find::topino;
+*topmode        = *File::Find::topmode;
+*topnlink       = *File::Find::topnlink;
+sub find {
+    &File::Find::find(\&wanted, @_);
+}
+1;
diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
new file mode 100644
index 0000000000..2412a3b7ab
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
@@ -0,0 +1,25 @@
+Upstream-Status: Submitted
+This patch adds the fix for one of the ciphers used in openssl, namely
+the cipher des-ede3-cfb1. Complete bug log and patch is present here:
+http://rt.openssl.org/Ticket/Display.html?id=2867
+Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
+diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
+index 3232cfe..df84922 100644
+===================================================================
+--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
+@@ -181,7 +181,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+     size_t n;
+     unsigned char c[1], d[1];
+ 
+-    for (n = 0; n < inl; ++n) {
+    for (n = 0; n < inl * 8; ++n) {
+         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+         DES_ede3_cfb_encrypt(c, d, 1, 1,
+                              &data(ctx)->ks1, &data(ctx)->ks2,
diff --git a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
new file mode 100644
index 0000000000..972b367993
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
@@ -0,0 +1,141 @@
+From: Andy Polyakov <appro@openssl.org>
+Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
+Subject: Initial aarch64 bits.
+X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
+Initial aarch64 bits.
+Upstream-Status: backport (will be included in 1.0.2)
+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
+---
+ crypto/bn/bn_lcl.h       |    9 +++++++++
+ crypto/md32_common.h     |   18 ++++++++++++++++++
+ crypto/modes/modes_lcl.h |    8 ++++++++
+ crypto/sha/sha512.c      |   13 +++++++++++++
+ 4 files changed, 48 insertions(+)
+Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
+===================================================================
+--- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h      2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/crypto/bn/bn_lcl.h   2014-02-28 10:37:55.495979037 +0200
+@@ -295,6 +295,15 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+              : "r"(a), "r"(b));
+ #    endif
+ #   endif
+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
+#  if defined(__GNUC__) && __GNUC__>=2
+#   define BN_UMULT_HIGH(a,b)  ({  \
+   register BN_ULONG ret;      \
+   asm ("umulh %0,%1,%2"   \
+        : "=r"(ret)        \
+        : "r"(a), "r"(b));     \
+   ret;            })
+#  endif
+ #  endif                        /* cpu */
+ # endif                         /* OPENSSL_NO_ASM */
+ 
+Index: openssl-1.0.1f/crypto/md32_common.h
+===================================================================
+--- openssl-1.0.1f.orig/crypto/md32_common.h    2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/crypto/md32_common.h 2014-02-28 10:39:21.751979107 +0200
+@@ -213,6 +213,42 @@
+                                    asm ("bswapl %0":"=r"(r):"0"(r));    \
+                                    *((unsigned int *)(c))=r; (c)+=4; r; })
+ #    endif
+#  elif defined(__aarch64__)
+#   if defined(__BYTE_ORDER__)
+#    if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#     define HOST_c2l(c,l) ({ unsigned int r;      \
+                  asm ("rev    %w0,%w1"    \
+                   :"=r"(r)        \
+                   :"r"(*((const unsigned int *)(c))));\
+                  (c)+=4; (l)=r;       })
+#     define HOST_l2c(l,c) ({ unsigned int r;      \
+                  asm ("rev    %w0,%w1"    \
+                   :"=r"(r)        \
+                   :"r"((unsigned int)(l)));\
+                  *((unsigned int *)(c))=r; (c)+=4; r; })
+#    elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
+#     define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
+#     define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
+#    endif
+#   endif
+#   endif
+#  elif defined(__aarch64__)
+#   if defined(__BYTE_ORDER__)
+#    if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#     define HOST_c2l(c,l) ({ unsigned int r;      \
+                  asm ("rev    %w0,%w1"    \
+                   :"=r"(r)        \
+                   :"r"(*((const unsigned int *)(c))));\
+                  (c)+=4; (l)=r;       })
+#     define HOST_l2c(l,c) ({ unsigned int r;      \
+                  asm ("rev    %w0,%w1"    \
+                   :"=r"(r)        \
+                   :"r"((unsigned int)(l)));\
+                  *((unsigned int *)(c))=r; (c)+=4; r; })
+#    elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
+#     define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
+#     define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
+#    endif
+ #   endif
+ #  endif
+ # endif
+Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
+===================================================================
+--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h        2014-02-28 10:47:48.731979011 +0200
+++ openssl-1.0.1f/crypto/modes/modes_lcl.h     2014-02-28 10:48:49.707978919 +0200
+@@ -28,6 +28,7 @@ typedef unsigned char u8;
+ #if defined(__i386)     || defined(__i386__)    || \
+     defined(__x86_64)   || defined(__x86_64__)  || \
+     defined(_M_IX86)    || defined(_M_AMD64)    || defined(_M_X64) || \
+    defined(__aarch64__)           || \
+     defined(__s390__)   || defined(__s390x__)
+ # undef STRICT_ALIGNMENT
+ #endif
+@@ -49,6 +50,13 @@ typedef unsigned char u8;
+ #   define BSWAP4(x) ({ u32 ret=(x);                    \
+                         asm ("bswapl %0"                \
+                         : "+r"(ret));   ret;            })
+# elif defined(__aarch64__)
+#  define BSWAP8(x) ({ u64 ret;            \
+           asm ("rev %0,%1"        \
+           : "=r"(ret) : "r"(x)); ret; })
+#  define BSWAP4(x) ({ u32 ret;            \
+           asm ("rev %w0,%w1"      \
+           : "=r"(ret) : "r"(x)); ret; })
+ #  elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
+ #   define BSWAP8(x) ({  u32 lo=(u64)(x)>>32,hi=(x);     \
+                         asm ("rev %0,%0; rev %1,%1"     \
+Index: openssl-1.0.1f/crypto/sha/sha512.c
+===================================================================
+--- openssl-1.0.1f.orig/crypto/sha/sha512.c     2014-01-06 15:47:42.000000000 +0200
+++ openssl-1.0.1f/crypto/sha/sha512.c  2014-02-28 10:52:14.579978981 +0200
+@@ -55,6 +55,7 @@ const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT;
+ # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+     defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
+     defined(__s390__) || defined(__s390x__) || \
+    defined(__aarch64__) || \
+     defined(SHA512_ASM)
+ #  define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+ # endif
+@@ -353,6 +354,18 @@ static const SHA_LONG64 K512[80] = {
+                                 asm ("rotrdi %0,%1,%2"  \
+                                 : "=r"(ret)             \
+                                 : "r"(a),"K"(n)); ret;  })
+#  elif defined(__aarch64__)
+#   define ROTR(a,n)   ({ SHA_LONG64 ret;      \
+               asm ("ror %0,%1,%2" \
+               : "=r"(ret)     \
+               : "r"(a),"I"(n)); ret;  })
+#   if  defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+   __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#    define PULL64(x)  ({ SHA_LONG64 ret;          \
+               asm ("rev   %0,%1"      \
+               : "=r"(ret)         \
+               : "r"(*((const SHA_LONG64 *)(&(x))))); ret;     })
+#   endif
+ #    endif
+ #   elif defined(_MSC_VER)
+ #    if defined(_WIN64)         /* applies to both IA-64 and AMD64 */
diff --git a/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch
new file mode 100644
index 0000000000..292e13dc5f
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch
@@ -0,0 +1,24 @@
+Upstream-Status: Inappropriate [open-embedded]
+Index: openssl-1.0.0/Makefile.shared
+===================================================================
+--- openssl-1.0.0.orig/Makefile.shared
+++ openssl-1.0.0/Makefile.shared
+@@ -92,7 +92,7 @@
+ LINK_APP=      \
+   ( $(SET_X);   \
+     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+-    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
+    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+@@ -102,7 +102,7 @@
+   ( $(SET_X);   \
+     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
+     SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
+-    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+    SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
new file mode 100644
index 0000000000..36aa442223
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -0,0 +1,24 @@
+openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
+We should avoid accessing the type pointer if it's NULL,
+this could happen if ctx->digest is not NULL.
+Upstream-Status: Submitted
+http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
+Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
+---
+--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
+@@ -199,7 +199,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+         type = ctx->digest;
+     }
+ #endif
+-    if (ctx->digest != type) {
+    if (type && (ctx->digest != type)) {
+         if (ctx->digest && ctx->digest->ctx_size)
+             OPENSSL_free(ctx->md_data);
+         ctx->digest = type;
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
new file mode 100644
index 0000000000..de49729e5e
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
@@ -0,0 +1,19 @@
+openssl: Fix pod2man des.pod error on Ubuntu 12.04
+This is a formatting fix, '=back' is required before
+'=head1' on Ubuntu 12.04.
+Upstream-Status: Pending
+Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
+diff -urpN a_origin/des.pod b_modify/des.pod
+--- a_origin/crypto/des/des.pod 2013-08-15 15:02:56.211674589 +0800
+++ b_modify/crypto/des/des.pod 2013-08-15 15:04:14.439674580 +0800
+@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin
+ output.  If there is no name specified after the B<-u>, the name text.des
+ will be embedded in the header.
+ 
+=back
+
+ =head1 SEE ALSO
+ 
+ ps(1),
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
new file mode 100644
index 0000000000..ab1434a0e7
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
@@ -0,0 +1,97 @@
+Upstream-Status: Pending
+Received from H J Liu @ Intel
+Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
+ported the patch to the 1.0.0e version
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
+ported the patch to the 1.0.0m version
+Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> 2015/03/24
+Index: openssl-1.0.1e/Configure
+===================================================================
+--- openssl-1.0.1e.orig/Configure
+++ openssl-1.0.1e/Configure
+@@ -402,6 +402,7 @@ my %table=(
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-x86_64",        "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+ "linux64-s390x",       "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### So called "highgprs" target for z/Architecture CPUs
+ # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
+@@ -55,7 +55,7 @@
+  *    machine.
+  */
+ 
+-# ifdef _WIN64
+# if defined _WIN64 || !defined __LP64__
+ #  define BN_ULONG unsigned long long
+ # else
+ #  define BN_ULONG unsigned long
+Index: openssl-1.0.1e/crypto/bn/bn.h
+===================================================================
+--- openssl-1.0.1e.orig/crypto/bn/bn.h
+++ openssl-1.0.1e/crypto/bn/bn.h
+@@ -173,6 +173,13 @@ extern "C" {
+ #  endif
+ # endif
+ 
+/* Address type.  */
+# ifdef _WIN64
+#   define BN_ADDR unsigned long long
+# else
+#   define BN_ADDR unsigned long
+# endif
+
+ /*
+  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
+===================================================================
+--- openssl-1.0.1m/crypto/bn/asm/x86_64-gcc.c   2015-03-19 13:37:10.000000000 +0000
+++ openssl-1.0.1m-modif/crypto/bn/asm/x86_64-gcc.c     2015-04-14 17:09:11.876533194 +0100
+@@ -211,9 +211,9 @@
+     asm volatile ("       subq    %2,%2           \n"
+                   ".p2align 4                     \n"
+-                  "1:     movq    (%4,%2,8),%0    \n"
+-                  "       adcq    (%5,%2,8),%0    \n"
+-                  "       movq    %0,(%3,%2,8)    \n"
+                  "1:     movq    (%q4,%2,8),%0   \n"
+                  "       adcq    (%q5,%2,8),%0   \n"
+                  "       movq    %0,(%q3,%2,8)   \n"
+                   "       leaq    1(%2),%2        \n"
+                   "       loop    1b              \n"
+                   "       sbbq    %0,%0           \n":"=&a" (ret), "+c"(n),
+@@ -235,9 +235,9 @@
+     asm volatile ("       subq    %2,%2           \n"
+                   ".p2align 4                     \n"
+-                  "1:     movq    (%4,%2,8),%0    \n"
+-                  "       sbbq    (%5,%2,8),%0    \n"
+-                  "       movq    %0,(%3,%2,8)    \n"
+                  "1:     movq    (%q4,%2,8),%0   \n"
+                  "       sbbq    (%q5,%2,8),%0   \n"
+                  "       movq    %0,(%q3,%2,8)   \n"
+                   "       leaq    1(%2),%2        \n"
+                   "       loop    1b              \n"
+                   "       sbbq    %0,%0           \n":"=&a" (ret), "+c"(n)
+Index: openssl-1.0.1e/crypto/bn/bn_exp.c
+===================================================================
+--- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
+++ openssl-1.0.1e/crypto/bn/bn_exp.c
+@@ -572,7 +572,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+  * multiple.
+  */
+ #define MOD_EXP_CTIME_ALIGN(x_) \
+-        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+ 
+ /*
+  * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
new file mode 100644
index 0000000000..527e10c53b
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
@@ -0,0 +1,30 @@
+Remove Makefile dependencies for test targets
+These are probably here because the executables aren't always built for
+other platforms (e.g. Windows); however we can safely assume they'll
+always be there. None of the other test targets have such dependencies
+and if we don't remove them, make tries to rebuild the executables and
+fails during run-ptest.
+Upstream-Status: Inappropriate [config]
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+diff --git a/test/Makefile b/test/Makefile
+index e6fcfb4..5ae043b 100644
+--- a/test/Makefile
+++ b/test/Makefile
+@@ -322,11 +322,11 @@ test_cms:
+        @echo "CMS consistency test"
+        $(PERL) cms-test.pl
+ 
+-test_srp: $(SRPTEST)$(EXE_EXT)
+test_srp:
+        @echo "Test SRP"
+        ../util/shlib_wrap.sh ./srptest
+ 
+-test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
+test_heartbeat:
+        ../util/shlib_wrap.sh ./$(HEARTBEATTEST)
+ 
+ lint:
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest
new file mode 100644
index 0000000000..3b20fce1ee
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -0,0 +1,2 @@
+#!/bin/sh
+make -k runtest
diff --git a/meta/recipes-connectivity/openssl/openssl/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl/shared-libs.patch
new file mode 100644
index 0000000000..a7ca0a3078
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/shared-libs.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Inappropriate [configuration]
+Index: openssl-1.0.1e/crypto/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/crypto/Makefile
+++ openssl-1.0.1e/crypto/Makefile
+@@ -108,7 +108,7 @@ $(LIB):     $(LIBOBJ)
+ 
+ shared: buildinf.h lib subdirs
+        if [ -n "$(SHARED_LIBS)" ]; then \
+-               (cd ..; $(MAKE) $(SHARED_LIB)); \
+               (cd ..; $(MAKE) -e $(SHARED_LIB)); \
+        fi
+ 
+ libs:
+Index: openssl-1.0.1e/Makefile.org
+===================================================================
+--- openssl-1.0.1e.orig/Makefile.org
+++ openssl-1.0.1e/Makefile.org
+@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
+ 
+ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+        @if [ "$(SHLIB_TARGET)" != "" ]; then \
+-               $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+               $(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+        else \
+                echo "There's no support for shared libraries on this platform" >&2; \
+                exit 1; \
+Index: openssl-1.0.1e/ssl/Makefile
+===================================================================
+--- openssl-1.0.1e.orig/ssl/Makefile
+++ openssl-1.0.1e/ssl/Makefile
+@@ -62,7 +62,7 @@ lib:  $(LIBOBJ)
+ 
+ shared: lib
+        if [ -n "$(SHARED_LIBS)" ]; then \
+-               (cd ..; $(MAKE) $(SHARED_LIB)); \
+               (cd ..; $(MAKE) -e $(SHARED_LIB)); \
+        fi
+ 
+ files:
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1p.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1p.bb
new file mode 100644
index 0000000000..3f6179089b
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1p.bb
@@ -0,0 +1,55 @@
+require openssl.inc
+# For target side versions of openssl enable support for OCF Linux driver
+# if they are available.
+DEPENDS += "cryptodev-linux"
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+SRC_URI += "file://configure-targets.patch \
+            file://shared-libs.patch \
+            file://oe-ldflags.patch \
+            file://engines-install-in-libdir-ssl.patch \
+            file://debian/version-script.patch \
+            file://debian/pic.patch \
+            file://debian/c_rehash-compat.patch \
+            file://debian/ca.patch \
+            file://debian/make-targets.patch \
+            file://debian/no-rpath.patch \
+            file://debian/man-dir.patch \
+            file://debian/man-section.patch \
+            file://debian/no-symbolic.patch \
+            file://debian/debian-targets.patch \
+            file://openssl_fix_for_x32.patch \
+            file://fix-cipher-des-ede3-cfb1.patch \
+            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
+            file://initial-aarch64-bits.patch \
+            file://find.pl \
+            file://openssl-fix-des.pod-error.patch \
+            file://Makefiles-ptest.patch \
+            file://ptest-deps.patch \
+            file://run-ptest \
+           "
+SRC_URI[md5sum] = "7563e92327199e0067ccd0f79f436976"
+SRC_URI[sha256sum] = "bd5ee6803165c0fb60bbecbacacf244f1f90d2aa0d71353af610c29121e9b2f1"
+PACKAGES =+ " \
+        ${PN}-engines \
+        ${PN}-engines-dbg \
+        "
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
+PARALLEL_MAKE = ""
+PARALLEL_MAKEINST = ""
+do_configure_prepend() {
+  cp ${WORKDIR}/find.pl ${S}/util/find.pl
+}
diff --git a/meta/recipes-connectivity/portmap/portmap-6.0/destdir-no-strip.patch b/meta/recipes-connectivity/portmap/portmap-6.0/destdir-no-strip.patch
new file mode 100644
index 0000000000..2fbf784b73
--- /dev/null
+++ b/meta/recipes-connectivity/portmap/portmap-6.0/destdir-no-strip.patch
@@ -0,0 +1,46 @@
+Upstream-Status: Backport
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sun, 13 May 2007 21:15:12 +0000 (-0400)
+Subject: respect DESTDIR and dont use -s with install
+X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=603c59b978c04df2354f68d4a2dc676a758ff46d
+respect DESTDIR and dont use -s with install
+$(DESTDIR) is the standard for installing into other trees, not $(BASEDIR) ...
+so I've converted the Makefile to use that.  I've also left in $(BASEDIR) as a
+default to support old installs; not sure if you'd just cut it.
+Stripping should be left to the person to handle, not automatically done by
+the install step.  Also, `install -s` always calls `strip` which is
+wrong/undesired in cross-compiling scenarios.
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+Signed-off-by: Neil Brown <neilb@suse.de>
+---
+diff --git a/Makefile b/Makefile
+index 9e9a4b4..5343428 100644
+--- a/Makefile
+++ b/Makefile
+@@ -135,13 +135,14 @@ from_local: CPPFLAGS += -DTEST
+ portmap.man : portmap.8
+        sed $(MAN_SED) < portmap.8 > portmap.man
+ 
+DESTDIR = $(BASEDIR)
+ install: all
+-       install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin
+-       install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/sbin
+-       install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/sbin
+-       install -o root -g root -m 0644 portmap.man ${BASEDIR}/usr/share/man/man8/portmap.8
+-       install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8
+-       install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8
+       install -o root -g root -m 0755 portmap $(DESTDIR)/sbin
+       install -o root -g root -m 0755 pmap_dump $(DESTDIR)/sbin
+       install -o root -g root -m 0755 pmap_set $(DESTDIR)/sbin
+       install -o root -g root -m 0644 portmap.man $(DESTDIR)/usr/share/man/man8/portmap.8
+       install -o root -g root -m 0644 pmap_dump.8 $(DESTDIR)/usr/share/man/man8
+       install -o root -g root -m 0644 pmap_set.8 $(DESTDIR)/usr/share/man/man8
+ 
+ clean:
+        rm -f *.o portmap pmap_dump pmap_set from_local \
diff --git a/meta/recipes-connectivity/portmap/portmap-6.0/tcpd-config.patch b/meta/recipes-connectivity/portmap/portmap-6.0/tcpd-config.patch
new file mode 100644
index 0000000000..2f25058095
--- /dev/null
+++ b/meta/recipes-connectivity/portmap/portmap-6.0/tcpd-config.patch
@@ -0,0 +1,30 @@
+Upstream-Status: Backport
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sun, 13 May 2007 21:17:32 +0000 (-0400)
+Subject: fix building with tcpd support disabled
+X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=7847207aed1b44faf077eed14a9ac9c68244eba5
+fix building with tcpd support disabled
+Make sure pmap_check.c only includes tcpd.h when HOSTS_ACCESS is defined.
+Signed-off-by: Timothy Redaelli <drizzt@gentoo.org>
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+Signed-off-by: Neil Brown <neilb@suse.de>
+---
+diff --git a/pmap_check.c b/pmap_check.c
+index 84f2c12..443a822 100644
+--- a/pmap_check.c
+++ b/pmap_check.c
+@@ -44,7 +44,9 @@
+ #include <netinet/in.h>
+ #include <rpc/rpcent.h>
+ #endif
+#ifdef HOSTS_ACCESS
+ #include <tcpd.h>
+#endif
+ #include <arpa/inet.h>
+ #include <grp.h>
+ 
diff --git a/meta/recipes-connectivity/portmap/portmap.inc b/meta/recipes-connectivity/portmap/portmap.inc
new file mode 100644
index 0000000000..f5f7fde8be
--- /dev/null
+++ b/meta/recipes-connectivity/portmap/portmap.inc
@@ -0,0 +1,34 @@
+SUMMARY = "RPC program number mapper"
+HOMEPAGE = "http://neil.brown.name/portmap/"
+SECTION = "console/network"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://portmap.c;beginline=2;endline=31;md5=51ff67e66ec84b2009b017b1f94afbf4 \
+                    file://from_local.c;beginline=9;endline=35;md5=1bec938a2268b8b423c58801ace3adc1"
+DEPENDS = "virtual/fakeroot-native"
+SRC_URI = "${DEBIAN_MIRROR}/main/p/portmap/portmap_5.orig.tar.gz \
+        ${DEBIAN_MIRROR}/main/p/portmap/portmap_${PV}.diff.gz \
+        file://portmap.init \
+        file://make.patch;apply=yes"
+S = "${WORKDIR}/portmap_5beta"
+INITSCRIPT_NAME = "portmap"
+INITSCRIPT_PARAMS = "start 10 2 3 4 5 . stop 32 0 1 6 ."
+inherit update-rc.d systemd
+SYSTEMD_SERVICE_${PN} = "portmap.service"
+sbindir = "/sbin"
+fakeroot do_install() {
+        install -d ${D}${sysconfdir}/init.d
+        install -d ${D}${base_sbindir}
+        install -m 0755 ${WORKDIR}/portmap.init ${D}${sysconfdir}/init.d/portmap
+        oe_runmake 'docdir=${docdir}/portmap' 'DESTDIR=${D}' install
+}
+PACKAGES =+ "portmap-utils"
+FILES_portmap-utils = "/sbin/pmap_set /sbin/pmap_dump"
+FILES_${PN}-doc += "${docdir}"
diff --git a/meta/recipes-connectivity/portmap/portmap/portmap.init b/meta/recipes-connectivity/portmap/portmap/portmap.init
new file mode 100755
index 0000000000..621aa171ae
--- /dev/null
+++ b/meta/recipes-connectivity/portmap/portmap/portmap.init
@@ -0,0 +1,67 @@
+#!/bin/sh
+#
+### BEGIN INIT INFO
+# Provides:          portmap
+# Required-Start:    $network
+# Required-Stop:     $network
+# Default-Start:     S 2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: The RPC portmapper
+# Description:       Portmap is a server that converts RPC (Remote
+#                    Procedure Call) program numbers into DARPA
+#                    protocol port numbers. It must be running in
+#                    order to make RPC calls. Services that use
+#                    RPC include NFS and NIS.
+### END INIT INFO
+test -f /sbin/portmap || exit 0
+case "$1" in
+    start)
+        echo "Starting portmap daemon..."
+        start-stop-daemon --start --quiet --exec /sbin/portmap
+        if [ -f /var/run/portmap.upgrade-state ]; then
+          echo "Restoring old RPC service information..."
+          sleep 1 # needs a short pause or pmap_set won't work. :(
+          pmap_set </var/run/portmap.upgrade-state
+          rm -f /var/run/portmap.upgrade-state
+          echo "done."
+        fi
+        ;;
+    stop)
+        echo "Stopping portmap daemon..."
+        start-stop-daemon --stop --quiet --exec /sbin/portmap
+        ;;
+    reload)
+        ;;
+    force-reload)
+        $0 restart
+        ;;
+    restart)
+        # pmap_dump and pmap_set may be in a different package and not installed...
+        if [ -f /sbin/pmap_dump -a -f /sbin/pmap_set ]; then
+                do_state=1
+        else
+                do_state=0
+        fi
+        [ $do_state -eq 1 ] && pmap_dump >/var/run/portmap.state
+        $0 stop
+        $0 start
+        if [ $do_state -eq 1 ]; then
+          if [ ! -f /var/run/portmap.upgrade-state ]; then
+            sleep 1
+            pmap_set </var/run/portmap.state
+          fi
+          rm -f /var/run/portmap.state
+        fi
+        ;;
+    *)
+        echo "Usage: /etc/init.d/portmap {start|stop|reload|restart}"
+        exit 1
+        ;;
+esac
+exit 0
diff --git a/meta/recipes-connectivity/portmap/portmap/portmap.service b/meta/recipes-connectivity/portmap/portmap/portmap.service
new file mode 100644
index 0000000000..7ef9d7b02e
--- /dev/null
+++ b/meta/recipes-connectivity/portmap/portmap/portmap.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=The RPC portmapper
+After=network.target
+[Service]
+Type=forking
+ExecStart=@BASE_SBINDIR@/portmap
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/portmap/portmap_6.0.bb b/meta/recipes-connectivity/portmap/portmap_6.0.bb
new file mode 100644
index 0000000000..8b65a03346
--- /dev/null
+++ b/meta/recipes-connectivity/portmap/portmap_6.0.bb
@@ -0,0 +1,31 @@
+require portmap.inc
+PR = "r9"
+SRC_URI = "http://www.sourcefiles.org/Networking/Tools/Miscellanenous/portmap-6.0.tgz \
+           file://destdir-no-strip.patch \
+           file://tcpd-config.patch \
+           file://portmap.init \
+           file://portmap.service"
+SRC_URI[md5sum] = "ac108ab68bf0f34477f8317791aaf1ff"
+SRC_URI[sha256sum] = "02c820d39f3e6e729d1bea3287a2d8a6c684f1006fb9612f97dcad4a281d41de"
+S = "${WORKDIR}/${BPN}_${PV}/"
+PACKAGECONFIG ??= "tcp-wrappers"
+PACKAGECONFIG[tcp-wrappers] = ",,tcp-wrappers"
+CPPFLAGS += "-DFACILITY=LOG_DAEMON -DENABLE_DNS -DHOSTS_ACCESS"
+CFLAGS += "-Wall -Wstrict-prototypes -fPIC"
+EXTRA_OEMAKE += "'NO_TCP_WRAPPER=${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', '', '1', d)}'"
+fakeroot do_install() {
+    install -d ${D}${mandir}/man8/ ${D}${base_sbindir} ${D}${sysconfdir}/init.d
+    install -m 0755 ${WORKDIR}/portmap.init ${D}${sysconfdir}/init.d/portmap
+    oe_runmake install DESTDIR=${D}
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/portmap.service ${D}${systemd_unitdir}/system
+    sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/portmap.service
+}
diff --git a/meta/recipes-connectivity/ppp-dialin/files/host-peer b/meta/recipes-connectivity/ppp-dialin/files/host-peer
new file mode 100644
index 0000000000..e7e2e11d49
--- /dev/null
+++ b/meta/recipes-connectivity/ppp-dialin/files/host-peer
@@ -0,0 +1,11 @@
+-detach
+defaultroute
+nocrtscts
+lock
+noauth
+lcp-echo-interval 5
+lcp-echo-failure 3
+usepeerdns
+115200
+local
+asyncmap 0
diff --git a/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin b/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin
new file mode 100644
index 0000000000..ea2771311a
--- /dev/null
+++ b/meta/recipes-connectivity/ppp-dialin/files/ppp-dialin
@@ -0,0 +1,3 @@
+#!/bin/sh
+/usr/sbin/pppd call host
diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
new file mode 100644
index 0000000000..68b83d00f1
--- /dev/null
+++ b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
@@ -0,0 +1,26 @@
+SUMMARY = "Enables PPP dial-in through a serial connection"
+SECTION = "console/network"
+DEPENDS = "ppp"
+RDEPENDS_${PN} = "ppp"
+PR = "r8"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+SRC_URI = "file://host-peer \
+           file://ppp-dialin"
+inherit allarch useradd
+do_install() {
+        install -d ${D}${sysconfdir}/ppp/peers
+        install -m 0644 ${WORKDIR}/host-peer ${D}${sysconfdir}/ppp/peers/host
+        install -d ${D}${sbindir}
+        install -m 0755 ${WORKDIR}/ppp-dialin ${D}${sbindir}
+}
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --home /dev/null \
+                       --no-create-home --shell ${sbindir}/ppp-dialin \
+                       --no-user-group --gid nogroup ppp"
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch
new file mode 100644
index 0000000000..8aa2d2e678
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch
@@ -0,0 +1,75 @@
+From ba0f6058d1f25b2b60fc31ab2656bf12a71ffdab Mon Sep 17 00:00:00 2001
+From: Lu Chong <Chong.Lu@windriver.com>
+Date: Tue, 5 Nov 2013 17:32:56 +0800
+Subject: [PATCH] ppp: Fix compilation errors in Makefile
+This patch fixes below issues:
+1. Make can't exit while compilation error occurs in subdir for plugins building.
+2. If build ppp with newer kernel (3.10.10), it will pick 'if_pppox.h' from sysroot-dir and
+   'if_pppol2tp.h' from its own source dir, this cause below build errors:
+        bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:84:26:
+        error: field 'pppol2tp' has incomplete type
+          struct pppol2tpin6_addr pppol2tp;
+                                  ^
+        bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:99:28:
+        error: field 'pppol2tp' has incomplete type
+          struct pppol2tpv3in6_addr pppol2tp;
+                                    ^
+The 'sysroot-dir/if_pppox.h' enabled ipv6 support but the 'source-dir/if_pppol2tp.h' lost
+related structure definitions, we should use both header files from sysroots to fix this
+build failure.
+Upstream-Status: Pending
+Signed-off-by: Lu Chong <Chong.Lu@windriver.com>
+---
+ pppd/plugins/Makefile.linux          |    2 +-
+ pppd/plugins/pppol2tp/Makefile.linux |    2 +-
+ pppd/plugins/rp-pppoe/Makefile.linux |    2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
+index 0a7ec7b..2a2c15a 100644
+--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
+@@ -20,7 +20,7 @@ include .depend
+ endif
+ 
+ all:   $(PLUGINS)
+-       for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
+       for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all || exit 1; done
+ 
+ %.so: %.c
+        $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
+diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
+index 19eff67..feb2f52 100644
+--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
+@@ -1,6 +1,6 @@
+ #CC    = gcc
+ COPTS  = -O2 -g
+-CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
+CFLAGS = $(COPTS) -I. -I../.. -fPIC
+ LDFLAGS        = -shared
+ INSTALL        = install
+ 
+diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
+index f078991..15b9118 100644
+--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
+@@ -26,7 +26,7 @@ INSTALL       = install
+ RP_VERSION=3.8p
+ 
+ COPTS=-O2 -g
+-CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
+CFLAGS=$(COPTS) '-DRP_VERSION="$(RP_VERSION)"'
+ all: rp-pppoe.so pppoe-discovery
+ 
+ pppoe-discovery: pppoe-discovery.o debug.o
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/ppp/ppp/08setupdns b/meta/recipes-connectivity/ppp/ppp/08setupdns
new file mode 100644
index 0000000000..998219de97
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/08setupdns
@@ -0,0 +1,12 @@
+#!/bin/sh
+ACTUALCONF=/var/run/resolv.conf
+PPPCONF=/var/run/ppp/resolv.conf
+if [ -f $PPPCONF ] ; then
+        if [ -f $ACTUALCONF ] ; then
+                if [ ! -h $ACTUALCONF -o ! "`readlink $ACTUALCONF 2>&1`" = "$PPPCONF" ] ; then
+                        mv $ACTUALCONF $ACTUALCONF.ppporig
+                fi
+        fi
+        ln -sf $PPPCONF $ACTUALCONF
+fi
diff --git a/meta/recipes-connectivity/ppp/ppp/92removedns b/meta/recipes-connectivity/ppp/ppp/92removedns
new file mode 100644
index 0000000000..2eadec6899
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/92removedns
@@ -0,0 +1,5 @@
+#!/bin/sh
+ACTUALCONF=/var/run/resolv.conf
+if [ -f $ACTUALCONF.ppporig ] ; then
+        mv $ACTUALCONF.ppporig $ACTUALCONF
+fi
diff --git a/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch b/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch
new file mode 100644
index 0000000000..db4dbc27a9
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch
@@ -0,0 +1,292 @@
+This patch comes from OpenEmbedded.
+The original patch is from Debian / SuSE to implement replacedefaultroute
+Rebased it to fit ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
+Upstream-Status: Inappropriate [debian/suse patches]
+diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
+--- ppp-2.4.5-orig/pppd/ipcp.c  2010-06-30 15:51:12.050166398 +0800
+++ ppp-2.4.5/pppd/ipcp.c       2010-06-30 16:40:00.478716855 +0800
+@@ -198,6 +198,16 @@
+       "disable defaultroute option", OPT_ALIAS | OPT_A2CLR,
+       &ipcp_wantoptions[0].default_route },
+ 
+#ifdef __linux__
+    { "replacedefaultroute", o_bool,
+                               &ipcp_wantoptions[0].replace_default_route,
+      "Replace default route", 1
+    },
+    { "noreplacedefaultroute", o_bool,
+                               &ipcp_allowoptions[0].replace_default_route,
+      "Never replace default route", OPT_A2COPY,
+                               &ipcp_wantoptions[0].replace_default_route },
+#endif
+     { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp,
+       "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp },
+     { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp,
+@@ -271,7 +281,7 @@
+     ip_active_pkt
+ };
+ 
+-static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t));
+static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t, bool));
+ static void ipcp_script __P((char *, int));    /* Run an up/down script */
+ static void ipcp_script_done __P((void *));
+ 
+@@ -1742,7 +1752,12 @@
+     if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE))
+        return 0;
+     if (wo->default_route)
+#ifndef __linux__
+        if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr))
+#else
+       if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr,
+                                            wo->replace_default_route))
+#endif
+            default_route_set[u] = 1;
+     if (wo->proxy_arp)
+        if (sifproxyarp(u, wo->hisaddr))
+@@ -1830,7 +1845,8 @@
+      */
+     if (demand) {
+        if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) {
+-           ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr);
+           ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr, 
+                                     wo->replace_default_route);
+            if (go->ouraddr != wo->ouraddr) {
+                warn("Local IP address changed to %I", go->ouraddr);
+                script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0);
+@@ -1855,7 +1871,12 @@
+ 
+            /* assign a default route through the interface if required */
+            if (ipcp_wantoptions[f->unit].default_route) 
+#ifndef __linux__
+                if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr))
+#else
+               if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr,
+                                            wo->replace_default_route))
+#endif
+                    default_route_set[f->unit] = 1;
+ 
+            /* Make a proxy ARP entry if requested. */
+@@ -1905,7 +1926,12 @@
+ 
+        /* assign a default route through the interface if required */
+        if (ipcp_wantoptions[f->unit].default_route) 
+#ifndef __linux__
+            if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr))
+#else
+           if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr,
+                                        wo->replace_default_route))
+#endif
+                default_route_set[f->unit] = 1;
+ 
+        /* Make a proxy ARP entry if requested. */
+@@ -1983,7 +2009,7 @@
+        sifnpmode(f->unit, PPP_IP, NPMODE_DROP);
+        sifdown(f->unit);
+        ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr,
+-                        ipcp_hisoptions[f->unit].hisaddr);
+                        ipcp_hisoptions[f->unit].hisaddr, 0);
+     }
+ 
+     /* Execute the ip-down script */
+@@ -1999,12 +2025,21 @@
+  * proxy arp entries, etc.
+  */
+ static void
+-ipcp_clear_addrs(unit, ouraddr, hisaddr)
+ipcp_clear_addrs(unit, ouraddr, hisaddr, replacedefaultroute)
+     int unit;
+     u_int32_t ouraddr;  /* local address */
+     u_int32_t hisaddr;  /* remote address */
+    bool replacedefaultroute;
+ {
+-    if (proxy_arp_set[unit]) {
+    /* If replacedefaultroute, sifdefaultroute will be called soon
+     * with replacedefaultroute set and that will overwrite the current
+     * default route. This is the case only when doing demand, otherwise
+     * during demand, this cifdefaultroute would restore the old default
+     * route which is not what we want in this case. In the non-demand
+     * case, we'll delete the default route and restore the old if there
+     * is one saved by an sifdefaultroute with replacedefaultroute.
+     */
+    if (!replacedefaultroute && default_route_set[unit]) {
+        cifproxyarp(unit, hisaddr);
+        proxy_arp_set[unit] = 0;
+     }
+diff -urN ppp-2.4.5-orig/pppd/ipcp.h ppp-2.4.5/pppd/ipcp.h
+--- ppp-2.4.5-orig/pppd/ipcp.h  2010-06-30 15:51:12.043682063 +0800
+++ ppp-2.4.5/pppd/ipcp.h       2010-06-30 16:40:49.586203129 +0800
+@@ -70,6 +70,7 @@
+     bool old_addrs;            /* Use old (IP-Addresses) option? */
+     bool req_addr;             /* Ask peer to send IP address? */
+     bool default_route;                /* Assign default route through interface? */
+    bool replace_default_route; /* Replace default route through interface? */
+     bool proxy_arp;            /* Make proxy ARP entry for peer? */
+     bool neg_vj;               /* Van Jacobson Compression? */
+     bool old_vj;               /* use old (short) form of VJ option? */
+diff -urN ppp-2.4.5-orig/pppd/pppd.8 ppp-2.4.5/pppd/pppd.8
+--- ppp-2.4.5-orig/pppd/pppd.8  2010-06-30 15:51:12.043682063 +0800
+++ ppp-2.4.5/pppd/pppd.8       2010-06-30 16:42:47.102413859 +0800
+@@ -121,6 +121,13 @@
+ This entry is removed when the PPP connection is broken.  This option
+ is privileged if the \fInodefaultroute\fR option has been specified.
+ .TP
+.B replacedefaultroute
+This option is a flag to the defaultroute option. If defaultroute is
+set and this flag is also set, pppd replaces an existing default route
+with the new default route.
+
+
+.TP
+ .B disconnect \fIscript
+ Execute the command specified by \fIscript\fR, by passing it to a
+ shell, after
+@@ -717,7 +724,12 @@
+ .TP
+ .B nodefaultroute
+ Disable the \fIdefaultroute\fR option.  The system administrator who
+-wishes to prevent users from creating default routes with pppd
+wishes to prevent users from adding a default route with pppd
+can do so by placing this option in the /etc/ppp/options file.
+.TP
+.B noreplacedefaultroute
+Disable the \fIreplacedefaultroute\fR option. The system administrator who
+wishes to prevent users from replacing a default route with pppd
+ can do so by placing this option in the /etc/ppp/options file.
+ .TP
+ .B nodeflate
+diff -urN ppp-2.4.5-orig/pppd/pppd.h ppp-2.4.5/pppd/pppd.h
+--- ppp-2.4.5-orig/pppd/pppd.h  2010-06-30 15:51:12.050166398 +0800
+++ ppp-2.4.5/pppd/pppd.h       2010-06-30 16:43:36.514148327 +0800
+@@ -643,7 +643,11 @@
+ int  cif6addr __P((int, eui64_t, eui64_t));
+                                /* Remove an IPv6 address from i/f */
+ #endif
+#ifndef __linux__
+ int  sifdefaultroute __P((int, u_int32_t, u_int32_t));
+#else
+int  sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt));
+#endif
+                                /* Create default route through i/f */
+ int  cifdefaultroute __P((int, u_int32_t, u_int32_t));
+                                /* Delete default route through i/f */
+diff -urN ppp-2.4.5-orig/pppd/sys-linux.c ppp-2.4.5/pppd/sys-linux.c
+--- ppp-2.4.5-orig/pppd/sys-linux.c     2010-06-30 15:51:12.050166398 +0800
+++ ppp-2.4.5/pppd/sys-linux.c  2010-06-30 16:54:00.362716231 +0800
+@@ -206,6 +206,8 @@
+ 
+ static int     if_is_up;       /* Interface has been marked up */
+ static int     have_default_route;     /* Gateway for default route added */
+static struct rtentry old_def_rt;       /* Old default route */
+static int       default_rt_repl_rest;  /* replace and restore old default rt */
+ static u_int32_t proxy_arp_addr;       /* Addr for proxy arp entry added */
+ static char proxy_arp_dev[16];         /* Device for proxy arp entry */
+ static u_int32_t our_old_addr;         /* for detecting address changes */
+@@ -1537,6 +1539,9 @@
+        p = NULL;
+     }
+ 
+    SET_SA_FAMILY (rt->rt_dst,     AF_INET);
+    SET_SA_FAMILY (rt->rt_gateway, AF_INET);
+
+     SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16);
+     SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16);
+     SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16);
+@@ -1606,20 +1611,51 @@
+ /********************************************************************
+  *
+  * sifdefaultroute - assign a default route through the address given.
+- */
+-
+-int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway)
+-{
+-    struct rtentry rt;
+-
+-    if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) {
+-       if (rt.rt_flags & RTF_GATEWAY)
+-           error("not replacing existing default route via %I",
+-                 SIN_ADDR(rt.rt_gateway));
+-       else
+-           error("not replacing existing default route through %s",
+-                 rt.rt_dev);
+-       return 0;
+ *
+ * If the global default_rt_repl_rest flag is set, then this function
+ * already replaced the original system defaultroute with some other
+ * route and it should just replace the current defaultroute with
+ * another one, without saving the current route. Use: demand mode,
+ * when pppd sets first a defaultroute it it's temporary ppp0 addresses
+ * and then changes the temporary addresses to the addresses for the real
+ * ppp connection when it has come up.
+ */
+
+int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replace)
+{
+    struct rtentry rt, tmp_rt;
+    struct rtentry *del_rt = NULL;
+
+    if (default_rt_repl_rest) {
+       /* We have already reclaced the original defaultroute, if we
+         * are called again, we will delete the current default route
+         * and set the new default route in this function.  
+         * - this is normally only the case the doing demand: */
+       if (defaultroute_exists( &tmp_rt ))
+               del_rt = &tmp_rt;
+    } else if ( defaultroute_exists( &old_def_rt                ) &&
+                            strcmp(  old_def_rt.rt_dev, ifname ) != 0) {
+       /* We did not yet replace an existing default route, let's
+        * check if we should save and replace a default route:
+         */
+       u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway);
+       if (old_gateway != gateway) {
+           if (!replace) {
+               error("not replacing default route to %s [%I]",
+                       old_def_rt.rt_dev, old_gateway);
+               return 0;
+           } else {
+               // we need to copy rt_dev because we need it permanent too:
+               char * tmp_dev = malloc(strlen(old_def_rt.rt_dev)+1);
+               strcpy(tmp_dev, old_def_rt.rt_dev);
+               old_def_rt.rt_dev = tmp_dev;
+
+               notice("replacing old default route to %s [%I]",
+                       old_def_rt.rt_dev, old_gateway);
+               default_rt_repl_rest = 1;
+               del_rt = &old_def_rt;
+           }
+       }
+     }
+ 
+     memset (&rt, 0, sizeof (rt));
+@@ -1638,6 +1674,12 @@
+            error("default route ioctl(SIOCADDRT): %m");
+        return 0;
+     }
+    if (default_rt_repl_rest && del_rt)
+        if (ioctl(sock_fd, SIOCDELRT, del_rt) < 0) {
+           if ( ! ok_error ( errno ))
+               error("del old default route ioctl(SIOCDELRT): %m(%d)", errno);
+           return 0;
+        }
+ 
+     have_default_route = 1;
+     return 1;
+@@ -1673,6 +1715,16 @@
+            return 0;
+        }
+     }
+    if (default_rt_repl_rest) {
+       notice("restoring old default route to %s [%I]",
+                       old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway));
+        if (ioctl(sock_fd, SIOCADDRT, &old_def_rt) < 0) {
+           if ( ! ok_error ( errno ))
+               error("restore default route ioctl(SIOCADDRT): %m(%d)", errno);
+           return 0;
+        }
+        default_rt_repl_rest = 0;
+    }
+ 
+     return 1;
+ }
diff --git a/meta/recipes-connectivity/ppp/ppp/copts.patch b/meta/recipes-connectivity/ppp/ppp/copts.patch
new file mode 100644
index 0000000000..53ff06e03e
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/copts.patch
@@ -0,0 +1,21 @@
+ppp: use build system CFLAGS when compiling
+Upstream-Status: Pending
+Override the hard-coded COPTS make variables with
+CFLAGS.  Add COPTS into one Makefile that did not
+use it.
+Signed-off-by: Joe Slater <jslater@windriver.com>
+--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
+@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ 
+ INSTALL        = install
+ 
+ PLUGIN=radius.so radattr.so radrealms.so
+-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
+CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
+ 
+ # Uncomment the next line to include support for Microsoft's
+ # MS-CHAP authentication protocol.
diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
new file mode 100644
index 0000000000..c9edb30597
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
@@ -0,0 +1,29 @@
+ppp: Buffer overflow in radius plugin
+From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450
+Upstream-Status: Backport
+On systems with more than 65535 processes running, pppd aborts when
+sending a "start" accounting message to the RADIUS server because of a
+buffer overflow in rc_mksid.
+The process id is used in rc_mksid to generate a pseudo-unique string,
+assuming that the hex representation of the pid will be at most 4
+characters (FFFF). __sprintf_chk(), used when compiling with
+optimization levels greater than 0 and FORTIFY_SOURCE, detects the
+buffer overflow and makes pppd crash.
+The following patch fixes the problem.
+--- ppp-2.4.6.orig/pppd/plugins/radius/util.c
+++ ppp-2.4.6/pppd/plugins/radius/util.c
+@@ -77,7 +77,7 @@ rc_mksid (void)
+   static unsigned short int cnt = 0;
+   sprintf (buf, "%08lX%04X%02hX",
+           (unsigned long int) time (NULL),
+-          (unsigned int) getpid (),
+          (unsigned int) getpid () % 65535,
+           cnt & 0xFF);
+   cnt++;
+   return buf;
diff --git a/meta/recipes-connectivity/ppp/ppp/init b/meta/recipes-connectivity/ppp/ppp/init
new file mode 100755
index 0000000000..0c0136049b
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/init
@@ -0,0 +1,57 @@
+#!/bin/sh
+#
+#   /etc/init.d/ppp: start or stop PPP link.
+#
+# If you want PPP started on boot time (most dialup systems won't need it)
+# rename the /etc/ppp/no_ppp_on_boot file to /etc/ppp/ppp_on_boot, and
+# follow the instructions in the comments in that file.
+# Source function library.
+. /etc/init.d/functions
+test -x /usr/sbin/pppd -a -f /etc/ppp/ppp_on_boot || exit 0
+if [ -x /etc/ppp/ppp_on_boot ]; then RUNFILE=1; fi
+case "$1" in
+  start)
+      echo -n "Starting up PPP link: pppd"
+      if [ "$RUNFILE" = "1" ]; then
+        /etc/ppp/ppp_on_boot
+      else
+        pppd call provider
+      fi
+      echo "."
+    ;;
+  stop)
+      echo -n "Shutting down PPP link: pppd"
+      if [ "$RUNFILE" = "1" ]; then
+        poff
+      else
+        poff provider
+      fi
+      echo "."
+    ;;
+  status)
+    status /usr/sbin/pppd;
+    exit $?
+    ;;
+  restart|force-reload)
+    echo -n "Restarting PPP link: pppd"
+    if [ "$RUNFILE" = "1" ]; then      
+      poff
+      sleep 5
+      /etc/ppp/ppp_on_boot
+    else                  
+      poff provider
+      sleep 5
+      pppd call provider
+    fi
+    echo "."
+    ;;
+  *)
+      echo "Usage: /etc/init.d/ppp {start|stop|status|restart|force-reload}"
+      exit 1
+    ;;
+esac
+exit 0
diff --git a/meta/recipes-connectivity/ppp/ppp/ip-down b/meta/recipes-connectivity/ppp/ppp/ip-down
new file mode 100755
index 0000000000..06d35487a5
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/ip-down
@@ -0,0 +1,43 @@
+#!/bin/sh
+#
+# $Id: ip-down,v 1.2 1998/02/10 21:21:55 phil Exp $
+#
+# This script is run by the pppd _after_ the link is brought down.
+# It uses run-parts to run scripts in /etc/ppp/ip-down.d, so to delete
+# routes, unset IP addresses etc. you should create script(s) there.
+#
+# Be aware that other packages may include /etc/ppp/ip-down.d scripts (named
+# after that package), so choose local script names with that in mind.
+#
+# This script is called with the following arguments:
+#    Arg  Name                          Example
+#    $1   Interface name                ppp0
+#    $2   The tty                       ttyS1
+#    $3   The link speed                38400
+#    $4   Local IP number               12.34.56.78
+#    $5   Peer  IP number               12.34.56.99
+#    $6   Optional ``ipparam'' value    foo
+# The  environment is cleared before executing this script
+# so the path must be reset
+PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+export PATH
+# These variables are for the use of the scripts run by run-parts
+PPP_IFACE="$1"
+PPP_TTY="$2"
+PPP_SPEED="$3"
+PPP_LOCAL="$4"
+PPP_REMOTE="$5"
+PPP_IPPARAM="$6"
+export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
+# as an additional convenience, $PPP_TTYNAME is set to the tty name,
+# stripped of /dev/ (if present) for easier matching.
+PPP_TTYNAME=`/usr/bin/basename "$2"`
+export PPP_TTYNAME 
+# Main Script starts here
+run-parts /etc/ppp/ip-down.d
+# last line
diff --git a/meta/recipes-connectivity/ppp/ppp/ip-up b/meta/recipes-connectivity/ppp/ppp/ip-up
new file mode 100755
index 0000000000..fc2fae9fe0
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/ip-up
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# $Id: ip-up,v 1.2 1998/02/10 21:25:34 phil Exp $
+#
+# This script is run by the pppd after the link is established.
+# It uses run-parts to run scripts in /etc/ppp/ip-up.d, so to add routes,
+# set IP address, run the mailq etc. you should create script(s) there.
+#
+# Be aware that other packages may include /etc/ppp/ip-up.d scripts (named
+# after that package), so choose local script names with that in mind.
+#
+# This script is called with the following arguments:
+#    Arg  Name                          Example
+#    $1   Interface name                ppp0
+#    $2   The tty                       ttyS1
+#    $3   The link speed                38400
+#    $4   Local IP number               12.34.56.78
+#    $5   Peer  IP number               12.34.56.99
+#    $6   Optional ``ipparam'' value    foo
+# The  environment is cleared before executing this script
+# so the path must be reset
+PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
+export PATH
+# These variables are for the use of the scripts run by run-parts
+PPP_IFACE="$1"
+PPP_TTY="$2"
+PPP_SPEED="$3"
+PPP_LOCAL="$4"
+PPP_REMOTE="$5"
+PPP_IPPARAM="$6"
+export PPP_IFACE PPP_TTY PPP_SPEED PPP_LOCAL PPP_REMOTE PPP_IPPARAM
+# as an additional convenience, $PPP_TTYNAME is set to the tty name,
+# stripped of /dev/ (if present) for easier matching.
+PPP_TTYNAME=`/usr/bin/basename "$2"`
+export PPP_TTYNAME 
+# Main Script starts here
+run-parts /etc/ppp/ip-up.d
+# last line
diff --git a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch b/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
new file mode 100644
index 0000000000..d59717ebd3
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
@@ -0,0 +1,37 @@
+The patch comes from OpenEmbedded.
+Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
+Updated from OE-Classic to include the pcap hunk.
+Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
+Upstream-Status: Inappropriate [configuration]
+diff -urN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux
+--- ppp-2.4.5-orig/pppd/Makefile.linux  2010-06-30 15:51:12.043682063 +0800
+++ ppp-2.4.5/pppd/Makefile.linux       2010-06-30 17:08:21.806363042 +0800
+@@ -117,10 +117,10 @@
+ #LIBS     += -lshadow $(LIBS)
+ endif
+ 
+-ifneq ($(wildcard /usr/include/crypt.h),)
+#ifneq ($(wildcard /usr/include/crypt.h),)
+ CFLAGS  += -DHAVE_CRYPT_H=1
+ LIBS   += -lcrypt
+-endif
+#endif
+ 
+ ifdef NEEDDES
+ ifndef USE_CRYPT
+@@ -169,10 +169,10 @@
+ endif
+ 
+ ifdef FILTER
+-ifneq ($(wildcard /usr/include/pcap-bpf.h),)
+#ifneq ($(wildcard /usr/include/pcap-bpf.h),)
+ LIBS    += -lpcap
+ CFLAGS  += -DPPP_FILTER
+-endif
+#endif
+ endif
+ 
+ ifdef HAVE_INET6
diff --git a/meta/recipes-connectivity/ppp/ppp/makefile.patch b/meta/recipes-connectivity/ppp/ppp/makefile.patch
new file mode 100644
index 0000000000..2d09baf5d0
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/makefile.patch
@@ -0,0 +1,95 @@
+The patch comes from OpenEmbedded
+Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
+Upstream-Status: Inappropriate [configuration]
+diff -ruN ppp-2.4.5-orig/chat/Makefile.linux ppp-2.4.5/chat/Makefile.linux
+--- ppp-2.4.5-orig/chat/Makefile.linux  2010-06-30 15:51:12.050166398 +0800
+++ ppp-2.4.5/chat/Makefile.linux       2010-06-30 15:51:30.450118446 +0800
+@@ -25,7 +25,7 @@
+ 
+ install: chat
+        mkdir -p $(BINDIR) $(MANDIR)
+-       $(INSTALL) -s -c chat $(BINDIR)
+       $(INSTALL) -c chat $(BINDIR)
+        $(INSTALL) -c -m 644 chat.8 $(MANDIR)
+ 
+ clean:
+diff -ruN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux
+--- ppp-2.4.5-orig/pppd/Makefile.linux  2010-06-30 15:51:12.043682063 +0800
+++ ppp-2.4.5/pppd/Makefile.linux       2010-06-30 15:52:11.214170607 +0800
+@@ -99,7 +99,7 @@
+ CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
+ LIBS   += -lsrp -L/usr/local/ssl/lib -lcrypto
+ TARGETS        += srp-entry
+-EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry
+EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
+ MANPAGES += srp-entry.8
+ EXTRACLEAN += srp-entry.o
+ NEEDDES=y
+@@ -200,7 +200,7 @@
+ install: pppd
+        mkdir -p $(BINDIR) $(MANDIR)
+        $(EXTRAINSTALL)
+-       $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd
+       $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
+        if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
+          chmod o-rx,u+s $(BINDIR)/pppd; fi
+        $(INSTALL) -c -m 444 pppd.8 $(MANDIR)
+diff -ruN ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux ppp-2.4.5/pppd/plugins/radius/Makefile.linux
+--- ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux   2010-06-30 15:51:12.047676187 +0800
+++ ppp-2.4.5/pppd/plugins/radius/Makefile.linux        2010-06-30 15:53:47.750182267 +0800
+@@ -36,11 +36,11 @@
+ 
+ install: all
+        $(INSTALL) -d -m 755 $(LIBDIR)
+-       $(INSTALL) -s -c -m 755 radius.so $(LIBDIR)
+-       $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR)
+-       $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR)
+-       $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR)
+-       $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
+       $(INSTALL) -c -m 755 radius.so $(LIBDIR)
+       $(INSTALL) -c -m 755 radattr.so $(LIBDIR)
+       $(INSTALL) -c -m 755 radrealms.so $(LIBDIR)
+       $(INSTALL) -m 444 pppd-radius.8 $(MANDIR)
+       $(INSTALL) -m 444 pppd-radattr.8 $(MANDIR)
+ 
+ radius.so: radius.o libradiusclient.a
+        $(CC) -o radius.so -shared radius.o libradiusclient.a
+diff -ruN ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux
+--- ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux 2010-06-30 15:51:12.047676187 +0800
+++ ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux      2010-06-30 15:53:15.454486877 +0800
+@@ -43,9 +43,9 @@
+ 
+ install: all
+        $(INSTALL) -d -m 755 $(LIBDIR)
+-       $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR)
+       $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
+        $(INSTALL) -d -m 755 $(BINDIR)
+-       $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR)
+       $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
+ 
+ clean:
+        rm -f *.o *.so pppoe-discovery
+diff -ruN ppp-2.4.5-orig/pppdump/Makefile.linux ppp-2.4.5/pppdump/Makefile.linux
+--- ppp-2.4.5-orig/pppdump/Makefile.linux       2010-06-30 15:51:12.058183383 +0800
+++ ppp-2.4.5/pppdump/Makefile.linux    2010-06-30 15:52:25.762183537 +0800
+@@ -17,5 +17,5 @@
+ 
+ install:
+        mkdir -p $(BINDIR) $(MANDIR)
+-       $(INSTALL) -s -c pppdump $(BINDIR)
+       $(INSTALL) -c pppdump $(BINDIR)
+        $(INSTALL) -c -m 444 pppdump.8 $(MANDIR)
+diff -ruN ppp-2.4.5-orig/pppstats/Makefile.linux ppp-2.4.5/pppstats/Makefile.linux
+--- ppp-2.4.5-orig/pppstats/Makefile.linux      2010-06-30 15:51:12.058183383 +0800
+++ ppp-2.4.5/pppstats/Makefile.linux   2010-06-30 15:52:42.486341081 +0800
+@@ -22,7 +22,7 @@
+ 
+ install: pppstats
+        -mkdir -p $(MANDIR)
+-       $(INSTALL) -s -c pppstats $(BINDIR)
+       $(INSTALL) -c pppstats $(BINDIR)
+        $(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
+ 
+ pppstats: $(PPPSTATSRCS)
diff --git a/meta/recipes-connectivity/ppp/ppp/pap b/meta/recipes-connectivity/ppp/ppp/pap
new file mode 100644
index 0000000000..093c32607a
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/pap
@@ -0,0 +1,22 @@
+# You can use this script unmodified to connect to sites which allow
+# authentication via PAP, CHAP and similar protocols.
+# This script can be shared among different pppd peer configurations.
+# To use it, add something like this to your /etc/ppp/peers/ file:
+#
+# connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T PHONE-NUMBER"
+# user YOUR-USERNAME-IN-PAP-SECRETS
+# noauth
+# Uncomment the following line to see the connect speed.
+# It will be logged to stderr or to the file specified with the -r chat option.
+#REPORT         CONNECT
+ABORT           BUSY
+ABORT           VOICE
+ABORT           "NO CARRIER"
+ABORT           "NO DIALTONE"
+ABORT           "NO DIAL TONE"
+""              ATZ
+OK              ATDT\T
+CONNECT         ""
diff --git a/meta/recipes-connectivity/ppp/ppp/poff b/meta/recipes-connectivity/ppp/ppp/poff
new file mode 100644
index 0000000000..0521a9406a
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/poff
@@ -0,0 +1,26 @@
+#!/bin/sh
+# Lets see how many pppds are running....
+set -- `cat /var/run/ppp*.pid 2>/dev/null`
+case $# in
+  0) # pppd only creates a pid file once ppp is up, so let's try killing pppd
+     # on the assumption that we've not got that far yet.
+     killall pppd
+     ;;
+  1) # If only one was running then it can be killed (apparently killall
+     # caused problems for some, so lets try killing the pid from the file)
+     kill $1
+     ;;
+  *) # More than one! Aieehh.. Dont know which one to kill.
+     echo "More than one pppd running. None stopped"
+     exit 1
+     ;;
+esac
+if [ -r /var/run/ppp-quick ]
+then
+    rm -f /var/run/ppp-quick
+fi
+exit 0
diff --git a/meta/recipes-connectivity/ppp/ppp/pon b/meta/recipes-connectivity/ppp/ppp/pon
new file mode 100644
index 0000000000..91c059501a
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/pon
@@ -0,0 +1,9 @@
+#!/bin/sh
+if [ "$1" = "quick" ]
+then
+    touch /var/run/ppp-quick
+    shift
+fi
+/usr/sbin/pppd call ${1:-provider}
diff --git a/meta/recipes-connectivity/ppp/ppp/ppp@.service b/meta/recipes-connectivity/ppp/ppp/ppp@.service
new file mode 100644
index 0000000000..2bf0b5e347
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/ppp@.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=PPP link to %I
+Before=network.target
+[Service]
+ExecStart=@SBINDIR@/pppd call %I nodetach nolog
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/ppp/ppp/ppp_on_boot b/meta/recipes-connectivity/ppp/ppp/ppp_on_boot
new file mode 100644
index 0000000000..9793761840
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/ppp_on_boot
@@ -0,0 +1,21 @@
+###!/bin/sh
+#
+#   Rename this file to ppp_on_boot and pppd will be fired up as
+#   soon as the system comes up, connecting to `provider'.
+#
+#   If you also make this file executable, and replace the first line
+#   with just "#!/bin/sh", the commands below will be executed instead.
+#
+# The location of the ppp daemon itself (shouldn't need to be changed)
+PPPD=/usr/sbin/pppd
+# The default provider to connect to
+$PPPD call provider
+# Additional connections, which would just use settings from
+# /etc/ppp/options.<tty>
+#$PPPD ttyS0
+#$PPPD ttyS1
+#$PPPD ttyS2
+#$PPPD ttyS3
diff --git a/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch b/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch
new file mode 100644
index 0000000000..a72414ff8a
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch
@@ -0,0 +1,45 @@
+The patch comes from OpenEmbedded
+Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
+Upstream-Status: Inappropriate [embedded specific]
+diff -ruN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
+--- ppp-2.4.5-orig/pppd/ipcp.c  2010-06-30 15:51:12.050166398 +0800
+++ ppp-2.4.5/pppd/ipcp.c       2010-06-30 17:02:33.930393283 +0800
+@@ -55,6 +55,8 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+#include <sys/stat.h>
+#include <unistd.h>
+ 
+ #include "pppd.h"
+ #include "fsm.h"
+@@ -2095,6 +2097,14 @@
+     u_int32_t peerdns1, peerdns2;
+ {
+     FILE *f;
+    struct stat dirinfo;
+
+    if(stat(_PATH_OUTDIR, &dirinfo)) {
+        if(mkdir(_PATH_OUTDIR, 0775)) {
+            error("Failed to create directory %s: %m", _PATH_OUTDIR);
+            return;
+        }
+    }
+ 
+     f = fopen(_PATH_RESOLV, "w");
+     if (f == NULL) {
+diff -ruN ppp-2.4.5-orig/pppd/pathnames.h ppp-2.4.5/pppd/pathnames.h
+--- ppp-2.4.5-orig/pppd/pathnames.h     2010-06-30 15:51:12.043682063 +0800
+++ ppp-2.4.5/pppd/pathnames.h  2010-06-30 17:03:20.594371055 +0800
+@@ -30,7 +30,8 @@
+ #define _PATH_TTYOPT    _ROOT_PATH "/etc/ppp/options."
+ #define _PATH_CONNERRS  _ROOT_PATH "/etc/ppp/connect-errors"
+ #define _PATH_PEERFILES         _ROOT_PATH "/etc/ppp/peers/"
+-#define _PATH_RESOLV    _ROOT_PATH "/etc/ppp/resolv.conf"
+#define _PATH_OUTDIR   _ROOT_PATH _PATH_VARRUN "/ppp"
+#define _PATH_RESOLV   _PATH_OUTDIR "/resolv.conf"
+ 
+ #define _PATH_USEROPT   ".ppprc"
+ #define        _PATH_PSEUDONYM  ".ppp_pseudonym"
diff --git a/meta/recipes-connectivity/ppp/ppp/provider b/meta/recipes-connectivity/ppp/ppp/provider
new file mode 100644
index 0000000000..e74d71a8eb
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+# Serial device to which the modem is connected.
+/dev/modem
+# Speed of the serial line.
+115200
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+# Makes pppd "dial again" when the connection is lost.
+persist
+# Do not ask the remote to authenticate.
+noauth
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.6.bb b/meta/recipes-connectivity/ppp/ppp_2.4.6.bb
new file mode 100644
index 0000000000..b6b4048fff
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp_2.4.6.bb
@@ -0,0 +1,93 @@
+SUMMARY = "Point-to-Point Protocol (PPP) support"
+DESCRIPTION = "ppp (Paul's PPP Package) is an open source package which implements \
+the Point-to-Point Protocol (PPP) on Linux and Solaris systems."
+SECTION = "console/network"
+HOMEPAGE = "http://samba.org/ppp/"
+BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
+DEPENDS = "libpcap"
+LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"
+LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
+                    file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
+                    file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \
+                    file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"
+SRC_URI = "http://ppp.samba.org/ftp/ppp/ppp-${PV}.tar.gz \
+           file://makefile.patch \
+           file://cifdefroute.patch \
+           file://pppd-resolv-varrun.patch \
+           file://makefile-remove-hard-usr-reference.patch \
+           file://pon \
+           file://poff \
+           file://init \
+           file://ip-up \
+           file://ip-down \
+           file://08setupdns \
+           file://92removedns \
+           file://copts.patch \
+           file://pap \
+           file://ppp_on_boot \
+           file://provider \
+           file://0001-ppp-Fix-compilation-errors-in-Makefile.patch \
+           file://ppp@.service \
+           file://fix-CVE-2015-3310.patch \
+"
+SRC_URI[md5sum] = "3434d2cc9327167a0723aaaa8670083b"
+SRC_URI[sha256sum] = "1b33181a03962c8a092c055fb9980e9722728a8d98a4bb7ec7acda17c1b1b49d"
+inherit autotools-brokensep systemd
+TARGET_CC_ARCH += " ${LDFLAGS}"
+EXTRA_OEMAKE = "STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}"
+EXTRA_OECONF = "--disable-strip"
+# Package Makefile computes CFLAGS, referencing COPTS.
+# Typically hard-coded to '-O2 -g' in the Makefile's.
+#
+EXTRA_OEMAKE += ' COPTS="${CFLAGS}"'
+do_install_append () {
+        make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp
+        mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d
+        mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/
+        mkdir -p ${D}${sysconfdir}/ppp/ip-down.d/
+        install -m 0755 ${WORKDIR}/pon ${D}${bindir}/pon
+        install -m 0755 ${WORKDIR}/poff ${D}${bindir}/poff
+        install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/ppp
+        install -m 0755 ${WORKDIR}/ip-up ${D}${sysconfdir}/ppp/
+        install -m 0755 ${WORKDIR}/ip-down ${D}${sysconfdir}/ppp/
+        install -m 0755 ${WORKDIR}/08setupdns ${D}${sysconfdir}/ppp/ip-up.d/
+        install -m 0755 ${WORKDIR}/92removedns ${D}${sysconfdir}/ppp/ip-down.d/
+        mkdir -p ${D}${sysconfdir}/chatscripts
+        mkdir -p ${D}${sysconfdir}/ppp/peers
+        install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts
+        install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot
+        install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider
+        install -d ${D}${systemd_unitdir}/system
+        install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_unitdir}/system
+        sed -i -e 's,@SBINDIR@,${sbindir},g' \
+               ${D}${systemd_unitdir}/system/ppp@.service
+        rm -rf ${D}/${mandir}/man8/man8
+        chmod u+s ${D}${sbindir}/pppd
+}
+CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
+PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools"
+FILES_${PN}        = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service"
+FILES_${PN}-dbg += "${libdir}/pppd/${PV}/.debug"
+FILES_${PN}-oa       = "${libdir}/pppd/${PV}/pppoatm.so"
+FILES_${PN}-oe       = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/rp-pppoe.so"
+FILES_${PN}-radius   = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so"
+FILES_${PN}-winbind  = "${libdir}/pppd/${PV}/winbind.so"
+FILES_${PN}-minconn  = "${libdir}/pppd/${PV}/minconn.so"
+FILES_${PN}-password = "${libdir}/pppd/${PV}/pass*.so"
+FILES_${PN}-l2tp     = "${libdir}/pppd/${PV}/*l2tp.so"
+FILES_${PN}-tools    = "${sbindir}/pppstats ${sbindir}/pppdump"
+SUMMARY_${PN}-oa       = "Plugin for PPP for PPP-over-ATM support"
+SUMMARY_${PN}-oe       = "Plugin for PPP for PPP-over-Ethernet support"
+SUMMARY_${PN}-radius   = "Plugin for PPP for RADIUS support"
+SUMMARY_${PN}-winbind  = "Plugin for PPP to authenticate against Samba or Windows"
+SUMMARY_${PN}-minconn  = "Plugin for PPP to set a delay before the idle timeout applies"
+SUMMARY_${PN}-password = "Plugin for PPP to get passwords via a pipe"
+SUMMARY_${PN}-l2tp     = "Plugin for PPP for l2tp support"
+SUMMARY_${PN}-tools    = "Additional tools for the PPP package"
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf b/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf
new file mode 100644
index 0000000000..3790d774a7
--- /dev/null
+++ b/meta/recipes-connectivity/resolvconf/resolvconf/99_resolvconf
@@ -0,0 +1,4 @@
+d root root 0755 /var/run/resolvconf/interface none
+f root root 0644 /etc/resolvconf/run/resolv.conf none
+f root root 0644 /etc/resolvconf/run/enable-updates none
+l root root 0644 /etc/resolv.conf /etc/resolvconf/run/resolv.conf
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch b/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch
new file mode 100644
index 0000000000..fc4605e94d
--- /dev/null
+++ b/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch
@@ -0,0 +1,19 @@
+busybox installs readlink into /usr/bin, so ensure /usr/bin
+is in the path.
+Upstream-Status: Submitted
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+Index: resolvconf-1.76/etc/resolvconf/update.d/libc
+===================================================================
+--- resolvconf-1.76.orig/etc/resolvconf/update.d/libc
+++ resolvconf-1.76/etc/resolvconf/update.d/libc
+@@ -16,7 +16,7 @@
+ #
+ set -e
+-PATH=/sbin:/bin
+PATH=/sbin:/bin:/usr/bin
+ [ -x /lib/resolvconf/list-records ] || exit 1
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.75.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.75.bb
new file mode 100644
index 0000000000..ee171c065e
--- /dev/null
+++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.75.bb
@@ -0,0 +1,64 @@
+SUMMARY = "name server information handler"
+DESCRIPTION = "Resolvconf is a framework for keeping track of the system's \
+information about currently available nameservers. It sets \
+itself up as the intermediary between programs that supply \
+nameserver information and programs that need nameserver \
+information."
+SECTION = "console/network"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
+AUTHOR = "Thomas Hood"
+HOMEPAGE = "http://packages.debian.org/resolvconf"
+RDEPENDS_${PN} = "bash"
+SRC_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/resolvconf_${PV}.tar.xz \
+           file://fix-path-for-busybox.patch \
+           file://99_resolvconf \
+          "
+SRC_URI[md5sum] = "4b8bc86a3cf070e3fd0e9aff7eaaba56"
+SRC_URI[sha256sum] = "16167f37a77ef4bc4596dcbefece269b6a10d10fa448594ec55ed3303193086e"
+inherit allarch
+do_compile () {
+        :
+}
+do_install () {
+        install -d ${D}${sysconfdir}/default/volatiles
+        install -m 0644 ${WORKDIR}/99_resolvconf ${D}${sysconfdir}/default/volatiles
+        if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+                install -d ${D}${sysconfdir}/tmpfiles.d
+                echo "d /run/${BPN}/interface - - - -" \
+                     > ${D}${sysconfdir}/tmpfiles.d/resolvconf.conf
+        fi
+        install -d ${D}${base_libdir}/${BPN}
+        install -d ${D}${sysconfdir}/${BPN}
+        ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run
+        install -d ${D}${sysconfdir} ${D}${base_sbindir}
+        install -d ${D}${mandir}/man8 ${D}${docdir}/${P}
+        cp -pPR etc/* ${D}${sysconfdir}/
+        chown -R root:root ${D}${sysconfdir}/
+        install -m 0755 bin/resolvconf ${D}${base_sbindir}/
+        install -m 0755 bin/list-records ${D}${base_libdir}/${BPN}
+        install -d ${D}/${sysconfdir}/network/if-up.d
+        install -m 0755 debian/resolvconf.000resolvconf.if-up ${D}/${sysconfdir}/network/if-up.d/000resolvconf
+        install -d ${D}/${sysconfdir}/network/if-down.d
+        install -m 0755 debian/resolvconf.resolvconf.if-down ${D}/${sysconfdir}/network/if-down.d/resolvconf
+        install -m 0644 README ${D}${docdir}/${P}/
+        install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/
+}
+pkg_postinst_${PN} () {
+        if [ -z "$D" ]; then
+                if command -v systemd-tmpfiles >/dev/null; then
+                        systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf
+                elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+                        ${sysconfdir}/init.d/populate-volatile.sh update
+                fi
+        fi
+}
+FILES_${PN} += "${base_libdir}/${BPN}"
diff --git a/meta/recipes-connectivity/socat/socat/fix-cross-compiling-failed.patch b/meta/recipes-connectivity/socat/socat/fix-cross-compiling-failed.patch
new file mode 100644
index 0000000000..b9d3ca3bab
--- /dev/null
+++ b/meta/recipes-connectivity/socat/socat/fix-cross-compiling-failed.patch
@@ -0,0 +1,36 @@
+Fix build during cross-compilation as it fails to detect that our prefixed
+compiler is gcc, and falls back to executing code to determine type sizes:
+| configure: using code run method to find basic types
+| checking for equivalent simple type of size_t...
+| configure: error: in `/data/poky-master/tmp/work/core2-32-poky-linux/socat/1.7.2.4-r0/build':
+| configure: error: cannot run test program while cross compiling
+This is caused by configure.in assuming that $CC can be literally compared with
+"gcc" to determine if the compiler is GCC.  Our gcc is host-prefixed so this
+test fails, however autoconf provides $GCC for this purpose (which was used up
+to 1.7.2.3).
+Upstream-Status: Submitted (via email)
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+---
+ configure.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/configure.in b/configure.in
+--- a/configure.in
+++ b/configure.in
+@@ -41,7 +41,7 @@ AC_CHECK_PROG(AR, ar, ar, gar)
+ # fail
+ AC_LANG_COMPILER_REQUIRE()
+ 
+-if test "$CC" = "gcc"; then
+if test "$GCC" = yes; then
+    CFLAGS="$CFLAGS -D_GNU_SOURCE -Wall -Wno-parentheses"
+    ERRONWARN="-Werror -O0"
+ elif test "$CC" = "clang"; then
+-- 
+1.8.1.2
diff --git a/meta/recipes-connectivity/socat/socat_1.7.2.4.bb b/meta/recipes-connectivity/socat/socat_1.7.2.4.bb
new file mode 100644
index 0000000000..44d72202ac
--- /dev/null
+++ b/meta/recipes-connectivity/socat/socat_1.7.2.4.bb
@@ -0,0 +1,38 @@
+SUMMARY = "Multipurpose relay for bidirectional data transfer"
+DESCRIPTION = "Socat is a relay for bidirectional data \
+transfer between two independent data channels."
+HOMEPAGE = "http://www.dest-unreach.org/socat/"
+SECTION = "console/network"
+DEPENDS = "openssl readline"
+LICENSE = "GPL-2.0+-with-OpenSSL-exception"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+                    file://README;beginline=257;endline=287;md5=79246f11a1db0b6ccec54d1fb711c01e"
+SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
+           file://fix-cross-compiling-failed.patch \
+"
+SRC_URI[md5sum] = "69b8155dd442a6f24e28ef5407d868eb"
+SRC_URI[sha256sum] = "4b7739901c6fad1e460f3e5b1868fb4c2a1427febbba7a510cd2e42fd4941e09"
+inherit autotools
+EXTRA_AUTORECONF += "--exclude=autoheader"
+EXTRA_OECONF += "ac_cv_have_z_modifier=yes sc_cv_sys_crdly_shift=9 \
+        sc_cv_sys_tabdly_shift=11 sc_cv_sys_csize_shift=4 \
+        ac_cv_ispeed_offset=13 \
+        ac_cv_header_bsd_libutil_h=no \
+"
+PACKAGECONFIG ??= "tcp-wrappers"
+PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
+do_install_prepend () {
+    mkdir -p ${D}${bindir}
+    install -d ${D}${bindir} ${D}${mandir}/man1
+}
diff --git a/meta/recipes-connectivity/telepathy/libtelepathy/doublefix.patch b/meta/recipes-connectivity/telepathy/libtelepathy/doublefix.patch
new file mode 100644
index 0000000000..a7737fbf03
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/libtelepathy/doublefix.patch
@@ -0,0 +1,18 @@
+Fix double reference to this file to work with recent autoconf+automake
+RP 1/2/10
+Upstream-Status: Inappropriate [configuration]
+Index: libtelepathy-0.3.3/src/Makefile.am
+===================================================================
+--- libtelepathy-0.3.3.orig/src/Makefile.am     2010-02-01 13:13:50.869038984 +0000
+++ libtelepathy-0.3.3/src/Makefile.am  2010-02-01 13:14:23.267789456 +0000
+@@ -27,7 +27,6 @@
+     tp-chan-type-text-gen.h \
+     tp-chan-type-tubes-gen.h \
+     tp-conn-iface-aliasing-gen.h \
+-    tp-conn-iface-avatars-gen.h \
+     tp-conn-iface-capabilities-gen.h \
+     tp-conn-iface-contact-info-gen.h \
+     tp-conn-iface-forwarding-gen.h \
diff --git a/meta/recipes-connectivity/telepathy/libtelepathy/prefer_python_2.5.patch b/meta/recipes-connectivity/telepathy/libtelepathy/prefer_python_2.5.patch
new file mode 100644
index 0000000000..37679ab761
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/libtelepathy/prefer_python_2.5.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Inappropriate [configuration]
+Index: libtelepathy-0.3.1/configure.ac
+===================================================================
+--- libtelepathy-0.3.1.orig/configure.ac        2007-11-22 19:05:56.000000000 +0000
+++ libtelepathy-0.3.1/configure.ac     2008-01-04 12:07:28.000000000 +0000
+@@ -51,7 +51,7 @@
+   AC_MSG_ERROR([xsltproc (from the libxslt source package) is required])
+ fi
+ 
+-AC_CHECK_PROGS([PYTHON], [python2.3 python2.4 python2.5 python])
+AC_CHECK_PROGS([PYTHON], [python2.5 python2.4 python2.3 python])
+ if test -z "$PYTHON"; then
+   AC_MSG_ERROR([Python is required to compile this package])
+ fi
diff --git a/meta/recipes-connectivity/telepathy/libtelepathy_0.3.3.bb b/meta/recipes-connectivity/telepathy/libtelepathy_0.3.3.bb
new file mode 100644
index 0000000000..f13e7093c8
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/libtelepathy_0.3.3.bb
@@ -0,0 +1,23 @@
+SUMMARY = "Telepathy framework"
+DESCRIPTION = "Telepathy is a D-Bus framework for unifying real time \
+communication, including instant messaging, voice calls and video calls.  It \
+abstracts differences between protocols to provide a unified interface for \
+applications."
+HOMEPAGE = "http://telepathy.freedesktop.org/wiki/"
+DEPENDS = "glib-2.0 dbus dbus-glib telepathy-glib libxslt-native"
+LICENSE = "LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343 \
+                    file://src/tp-conn.c;beginline=1;endline=19;md5=4c58069f77d601cc59200bce5396c7cb"
+PR = "r5"
+SRC_URI = "http://telepathy.freedesktop.org/releases/libtelepathy/libtelepathy-${PV}.tar.gz \
+           file://prefer_python_2.5.patch \
+           file://doublefix.patch"
+SRC_URI[md5sum] = "490ca1a0c614d4466394b72d43bf7370"
+SRC_URI[sha256sum] = "e0d230be855125163579743418203c6f6be2f10f98c4f065735c1dc9ed115878"
+inherit autotools pkgconfig pythonnative
+FILES_${PN} += "${datadir}/telepathy \
+                ${datadir}/dbus-1"
diff --git a/meta/recipes-connectivity/telepathy/telepathy-glib_0.24.0.bb b/meta/recipes-connectivity/telepathy/telepathy-glib_0.24.0.bb
new file mode 100644
index 0000000000..6b8c20c381
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/telepathy-glib_0.24.0.bb
@@ -0,0 +1,16 @@
+SUMMARY = "Telepathy Framework glib-base helper library"
+DESCRIPTION = "Telepathy Framework: GLib-based helper library for connection managers"
+HOMEPAGE = "http://telepathy.freedesktop.org/wiki/"
+DEPENDS = "glib-2.0 dbus python-native-runtime dbus-native dbus-glib libxslt-native"
+LICENSE = "LGPLv2.1+"
+SRC_URI = "http://telepathy.freedesktop.org/releases/telepathy-glib/${BP}.tar.gz"
+SRC_URI[md5sum] = "93c429e37750b25dcf8de86bb514664f"
+SRC_URI[sha256sum] = "ae0002134991217f42e503c43dea7817853afc18863b913744d51ffa029818cf"
+LIC_FILES_CHKSUM = "file://COPYING;md5=e413d83db6ee8f2c8e6055719096a48e"
+inherit autotools pkgconfig gettext
+FILES_${PN} += "${datadir}/telepathy \
+                ${datadir}/dbus-1"
diff --git a/meta/recipes-connectivity/telepathy/telepathy-idle/fix-svc-gtk-doc.h-target.patch b/meta/recipes-connectivity/telepathy/telepathy-idle/fix-svc-gtk-doc.h-target.patch
new file mode 100644
index 0000000000..2cd2c78c31
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/telepathy-idle/fix-svc-gtk-doc.h-target.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Pending
+Signed-off-by: Constantin Musca <constantinx.musca@intel.com>
+--- a/extensions/Makefile.am
+++ b/extensions/Makefile.am
+@@ -37,8 +37,8 @@ _gen/all.xml: all.xml $(wildcard $(srcdi
+                --xinclude $(tools_dir)/identity.xsl \
+                $< > $@
+ 
+-extensions.html: _gen/all.xml $(tools_dir)/doc-generator.xsl
+extensions.html _gen/svc-gtk-doc.h: _gen/all.xml $(tools_dir)/doc-generator.xsl
+        $(AM_V_GEN)$(XSLTPROC) $(XSLTPROCFLAGS) \
+                $(tools_dir)/doc-generator.xsl \
+                $< > $@
+ 
diff --git a/meta/recipes-connectivity/telepathy/telepathy-idle_0.2.0.bb b/meta/recipes-connectivity/telepathy/telepathy-idle_0.2.0.bb
new file mode 100644
index 0000000000..ca09f6daf3
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/telepathy-idle_0.2.0.bb
@@ -0,0 +1,17 @@
+SUMMARY = "Telepathy IRC connection manager"
+DESCRIPTION = "Telepathy implementation of the Internet Relay Chat protocols."
+HOMEPAGE = "http://telepathy.freedesktop.org/wiki/"
+DEPENDS = "glib-2.0 dbus telepathy-glib openssl libxslt-native"
+LICENSE = "LGPLv2.1"
+LIC_FILES_CHKSUM = "file://COPYING;md5=2d5025d4aa3495befef8f17206a5b0a1 \
+                    file://src/idle.c;beginline=1;endline=19;md5=b06b1e2594423111a1a7910b0eefc7f9"
+SRC_URI = "http://telepathy.freedesktop.org/releases/${BPN}/${BPN}-${PV}.tar.gz \
+           file://fix-svc-gtk-doc.h-target.patch"
+SRC_URI[md5sum] = "92a2de5198284cbd3c430b0d1a971a86"
+SRC_URI[sha256sum] = "3013ad4b38d14ee630b8cc8ada5e95ccaa849b9a6fe15d2eaf6d0717d76f2fab"
+inherit autotools pkgconfig pythonnative
+FILES_${PN} += "${datadir}/telepathy \
+                ${datadir}/dbus-1"
diff --git a/meta/recipes-connectivity/telepathy/telepathy-mission-control/tmc-Makefile-fix-race.patch b/meta/recipes-connectivity/telepathy/telepathy-mission-control/tmc-Makefile-fix-race.patch
new file mode 100644
index 0000000000..ece1da6bc3
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/telepathy-mission-control/tmc-Makefile-fix-race.patch
@@ -0,0 +1,76 @@
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Sun, 22 Sep 2013 23:21:01 -0400
+Subject: [PATCH] src/Makefile.am: fix race issue for _gen/gtypes.h and _gen/gtypes-body.h
+There might be an error when parallel build:
+[snip]
+Traceback (most recent call last):
+  File "/path/to/tools/glib-gtypes-generator.py", line 304, in <module>
+    GTypesGenerator(dom, argv[1], argv[2])()
+  File "/path/to/tools/glib-gtypes-generator.py", line 295, in __call__
+    file_set_contents(self.output + '.h', ''.join(self.header))
+  File "/path/to/tools/libtpcodegen.py", line 42, in file_set_contents
+    os.rename(filename + '.tmp', filename)
+OSError: [Errno 2] No such file or directory
+[snip]
+This is a race issue, the _gen/gtypes.h and _gen/gtypes-body.h may
+write(remove/rename) _gen/gtypes.tmp at the same time, then there would
+be the error.
+There was a similar bug in telepathy-glib which was already fixed, we use the
+similar patch to fix it.
+Upstream-Status: Pending
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ src/Makefile.am |   18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+diff --git a/src/Makefile.am b/src/Makefile.am
+--- a/src/Makefile.am
+++ b/src/Makefile.am
+@@ -288,7 +288,11 @@ _gen/interfaces-body.h: _gen/mcd.xml \
+                $(tools_dir)/glib-interfaces-body-generator.xsl \
+                $< > $@
+ 
+-_gen/gtypes.h _gen/gtypes-body.h: _gen/mcd.xml \
+# do nothing, output as a side-effect
+_gen/gtypes.h: _gen/gtypes-body.h
+       @:
+
+_gen/gtypes-body.h: _gen/mcd.xml \
+        $(top_srcdir)/tools/glib-gtypes-generator.py
+        $(AM_V_GEN)$(PYTHON) $(top_srcdir)/tools/glib-gtypes-generator.py \
+                $< _gen/gtypes mc
+@@ -309,7 +313,11 @@ _gen/%.xml: %.xml $(wildcard $(top_srcdir)/xml/*.xml) Makefile.am
+        $(AM_V_GEN)$(XSLTPROC) $(XSLTPROCFLAGS) --xinclude $(tools_dir)/identity.xsl \
+                $< > $@
+ 
+-_gen/cli-%-body.h _gen/cli-%.h: _gen/%.xml \
+# do nothing, output as a side-effect
+_gen/cli-%.h: _gen/cli-%-body.h
+       @:
+
+_gen/cli-%-body.h: _gen/%.xml \
+        $(tools_dir)/glib-client-gen.py Makefile.am
+        $(AM_V_GEN)$(PYTHON) $(tools_dir)/glib-client-gen.py \
+                --group=`echo $* | tr x- x_` \
+@@ -317,7 +325,11 @@ _gen/cli-%-body.h _gen/cli-%.h: _gen/%.xml \
+                --tp-proxy-api=0.7.6 \
+                $< Mc_Cli _gen/cli-$*
+ 
+-_gen/svc-%.c _gen/svc-%.h: _gen/%.xml \
+# do nothing, output as a side-effect
+_gen/svc-%.h: _gen/svc-%.c
+       @:
+
+_gen/svc-%.c: _gen/%.xml \
+        $(tools_dir)/glib-ginterface-gen.py Makefile.am
+        $(AM_V_GEN)$(PYTHON) $(tools_dir)/glib-ginterface-gen.py \
+                --filename=_gen/svc-$* \
+-- 
+1.7.10.4
diff --git a/meta/recipes-connectivity/telepathy/telepathy-mission-control_5.16.1.bb b/meta/recipes-connectivity/telepathy/telepathy-mission-control_5.16.1.bb
new file mode 100644
index 0000000000..9ae68ddea9
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/telepathy-mission-control_5.16.1.bb
@@ -0,0 +1,51 @@
+SUMMARY = "Central control for Telepathy IM connection managers"
+HOMEPAGE = "http://telepathy.freedesktop.org/wiki/Mission_Control/"
+LICENSE = "LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d8045f3b8f929c1cb29a1e3fd737b499 \
+                    file://src/request.h;beginline=1;endline=21;md5=f80534d9af1c33291b3b79609f196eb2"
+SECTION = "libs"
+DEPENDS = "libtelepathy dbus-glib gconf libxslt-native"
+SRC_URI = "http://telepathy.freedesktop.org/releases/telepathy-mission-control/${BP}.tar.gz \
+           file://tmc-Makefile-fix-race.patch \
+          "
+SRC_URI[md5sum] = "421115a35b9e427807326877f86e7f43"
+SRC_URI[sha256sum] = "14ceb7d53535b43d44b8271ad11319d1d0fe6d193d154636b9e62b42799b9723"
+inherit autotools-brokensep pkgconfig pythonnative
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[upower] = "--enable-upower,--disable-upower,upower"
+# to select connman or nm you need to use "connectivity" and "connman" or "nm", default is to disable both
+PACKAGECONFIG[connectivity] = ",--with-connectivity=no"
+PACKAGECONFIG[connman] = "--with-connectivity=connman,,connman"
+PACKAGECONFIG[nm] = "--with-connectivity=nm,,networkmanager"
+PACKAGES =+ " \
+        libmissioncontrol \
+        libmissioncontrol-config \
+        libmissioncontrol-server \
+        libmissioncontrol-dev \
+        libmissioncontrol-config-dev \
+        libmissioncontrol-server-dev \
+        libmissioncontrol-dbg \
+        libmissioncontrol-config-dbg \
+        libmissioncontrol-server-dbg \
+"
+FILES_${PN} += "${datadir}/dbus* ${datadir}/glib-2.0/schemas"
+FILES_libmissioncontrol = "${libdir}/libmissioncontrol.so.*"
+FILES_libmissioncontrol-config = "${libdir}/libmissioncontrol-config.so.*"
+FILES_libmissioncontrol-server = "${libdir}/libmissioncontrol-server.so.*"
+FILES_libmissioncontrol-dev = "${libdir}/libmissioncontrol.* \
+                               ${includedir}/libmissioncontrol/ \
+                               ${libdir}/pkgconfig/libmissioncontrol.pc"
+FILES_libmissioncontrol-config-dev = "${libdir}/libmissioncontrol-config.*"
+FILES_libmissioncontrol-server-dev = "${libdir}/libmissioncontrol-server.*"
+FILES_libmissioncontrol-dbg = "${libdir}/.debug/libmissioncontrol.so.*"
+FILES_libmissioncontrol-config-dbg = "${libdir}/.debug/libmissioncontrol-config.so.*"
+FILES_libmissioncontrol-server-dbg = "${libdir}/.debug/libmissioncontrol-server.so.*"
diff --git a/meta/recipes-connectivity/telepathy/telepathy-python-0.15.19/parallel_make.patch b/meta/recipes-connectivity/telepathy/telepathy-python-0.15.19/parallel_make.patch
new file mode 100644
index 0000000000..248824606e
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/telepathy-python-0.15.19/parallel_make.patch
@@ -0,0 +1,43 @@
+Add dependency of __init__.py
+Tasks must be done after exec of __init__, which creates the
+src/_generated directory that tasks are based on.
+Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
+Upstream-Status: Submitted
+(However it seems that this project is out of maintanence.)
+diff -ruN telepathy-python-0.15.19-orig/src/Makefile.am telepathy-python-0.15.19/src/Makefile.am
+--- telepathy-python-0.15.19-orig/src/Makefile.am       2011-03-10 08:51:49.000000000 +0800
+++ telepathy-python-0.15.19/src/Makefile.am    2011-03-10 08:54:45.000000000 +0800
+@@ -39,17 +39,17 @@
+ XSLTPROC_OPTS = --nonet --novalid --xinclude
+ tools_dir = $(top_srcdir)/tools
+ 
+-_generated/interfaces.py: $(tools_dir)/python-interfaces-generator.xsl $(wildcard $(spec_dir)/*.xml)
+_generated/interfaces.py: _generated/__init__.py $(tools_dir)/python-interfaces-generator.xsl $(wildcard $(spec_dir)/*.xml)
+        $(AM_V_GEN)$(XSLTPROC) $(XSLTPROC_OPTS) -o $@ \
+            $(tools_dir)/python-interfaces-generator.xsl \
+            $(spec_dir)/all.xml
+ 
+-_generated/constants.py: $(tools_dir)/python-constants-generator.xsl $(wildcard $(spec_dir)/*.xml)
+_generated/constants.py: _generated/__init__.py $(tools_dir)/python-constants-generator.xsl $(wildcard $(spec_dir)/*.xml)
+        $(AM_V_GEN)$(XSLTPROC) $(XSLTPROC_OPTS) -o $@ \
+            $(tools_dir)/python-constants-generator.xsl \
+            $(spec_dir)/all.xml
+ 
+-_generated/errors.py: $(tools_dir)/python-errors-generator.xsl $(wildcard $(spec_dir)/*.xml)
+_generated/errors.py: _generated/__init__.py $(tools_dir)/python-errors-generator.xsl $(wildcard $(spec_dir)/*.xml)
+        $(AM_V_GEN)$(XSLTPROC) $(XSLTPROC_OPTS) -o $@ \
+            $(tools_dir)/python-errors-generator.xsl \
+            $(spec_dir)/all.xml
+@@ -58,7 +58,7 @@
+        $(AM_V_GEN)$(mkdir_p) $(dir $@)
+        @echo "# Placeholder for package" > $@
+ 
+-_generated/%.py: $(tools_dir)/spec-to-python.xsl $(spec_dir)/%.xml
+_generated/%.py: _generated/__init__.py $(tools_dir)/spec-to-python.xsl $(spec_dir)/%.xml
+        $(AM_V_GEN)$(XSLTPROC) $(XSLTPROC_OPTS) -o $@ \
+            $(tools_dir)/spec-to-python.xsl \
+            $(spec_dir)/$*.xml
diff --git a/meta/recipes-connectivity/telepathy/telepathy-python-0.15.19/remove_duplicate_install.patch b/meta/recipes-connectivity/telepathy/telepathy-python-0.15.19/remove_duplicate_install.patch
new file mode 100644
index 0000000000..df95a4c138
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/telepathy-python-0.15.19/remove_duplicate_install.patch
@@ -0,0 +1,26 @@
+commit f6c67662145de889055a86a6b3b12c70a45fc8d5
+Author: Dongxiao Xu <dongxiao.xu@intel.com>
+Date:   Wed Sep 7 16:02:20 2011 +0800
+    Avoid duplicated installation of errors.py
+    
+    newer version of autotools don't seem to like listing files to install
+    twice. Remove one errors.py from the installation list.
+    
+    Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
+    
+    Upstream-Status: Inappropirate [upstream inactive]
+    
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 5c27dfe..7536e43 100644
+--- a/src/Makefile.am
+++ b/src/Makefile.am
+@@ -11,7 +11,7 @@ telepathy_PYTHON = \
+ 
+ # telepathy._generated.* auto-generated modules
+ spec_dir = $(top_srcdir)/spec
+-spec_files := $(patsubst $(spec_dir)%.xml,_generated%.py,$(wildcard $(spec_dir)/*.xml))
+spec_files := $(filter-out _generated/errors.py, $(patsubst $(spec_dir)%.xml,_generated%.py,$(wildcard $(spec_dir)/*.xml)))
+ 
+ BUILT_SOURCES = \
+        _generated/interfaces.py \
diff --git a/meta/recipes-connectivity/telepathy/telepathy-python-0.15.19/telepathy-python_fix_for_automake_1.12.patch b/meta/recipes-connectivity/telepathy/telepathy-python-0.15.19/telepathy-python_fix_for_automake_1.12.patch
new file mode 100644
index 0000000000..f613fdce4d
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/telepathy-python-0.15.19/telepathy-python_fix_for_automake_1.12.patch
@@ -0,0 +1,26 @@
+Upstream-Status: Pending
+automake 1.12 has deprecated use of mkdir_p, and it recommends
+use of MKDIR_P instead. Changed the code to avoid these kind 
+of warning-errors.
+| make[1]: _generated/: Command not found
+| make[1]: *** [_generated/__init__.py] Error 127
+| make[1]: Leaving directory `/srv/home/nitin/builds2/build0/tmp/work/i586-poky-linux/telepathy-python-0.15.19-r4/telepathy-python-0.15.19/src'
+| make: *** [all-recursive] Error 1
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com>
+2012/07/10
+Index: telepathy-python-0.15.19/src/Makefile.am
+===================================================================
+--- telepathy-python-0.15.19.orig/src/Makefile.am
+++ telepathy-python-0.15.19/src/Makefile.am
+@@ -55,7 +55,7 @@ _generated/errors.py: _generated/__init_
+            $(spec_dir)/all.xml
+ 
+ _generated/__init__.py:
+-       $(AM_V_GEN)$(mkdir_p) $(dir $@)
+       $(AM_V_GEN)$(MKDIR_P) $(dir $@)
+        @echo "# Placeholder for package" > $@
+ 
+ _generated/%.py: _generated/__init__.py $(tools_dir)/spec-to-python.xsl $(spec_dir)/%.xml
diff --git a/meta/recipes-connectivity/telepathy/telepathy-python_0.15.19.bb b/meta/recipes-connectivity/telepathy/telepathy-python_0.15.19.bb
new file mode 100644
index 0000000000..17167022b9
--- /dev/null
+++ b/meta/recipes-connectivity/telepathy/telepathy-python_0.15.19.bb
@@ -0,0 +1,32 @@
+SUMMARY = "Telepathy IM framework - Python package"
+HOMEPAGE = "http://telepathy.freedesktop.org/wiki/"
+LICENSE = "LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=2d5025d4aa3495befef8f17206a5b0a1 \
+                    file://src/utils.py;beginline=1;endline=17;md5=9a07d1a9791a7429a14e7b25c6c86822"
+DEPENDS = "libxslt-native"
+RDEPENDS_${PN} += "python-dbus"
+SRC_URI = "http://telepathy.freedesktop.org/releases/${BPN}/${BPN}-${PV}.tar.gz \
+           file://parallel_make.patch \
+           file://remove_duplicate_install.patch \
+           file://telepathy-python_fix_for_automake_1.12.patch"
+PR = "r6"
+inherit autotools pythonnative
+SRC_URI[md5sum] = "f7ca25ab3c88874015b7e9728f7f3017"
+SRC_URI[sha256sum] = "244c0e1bf4bbd78ae298ea659fe10bf3a73738db550156767cc2477aedf72376"
+FILES_${PN} += "\
+    ${libdir}/python*/site-packages/telepathy/*.py \
+    ${libdir}/python*/site-packages/telepathy/*/*.py \
+    "
+do_install_append () {
+        rm -f ${D}${libdir}/python*/site-packages/telepathy/*.pyc
+        rm -f ${D}${libdir}/python*/site-packages/telepathy/*.pyo
+        rm -f ${D}${libdir}/python*/site-packages/telepathy/*/*.pyc
+        rm -f ${D}${libdir}/python*/site-packages/telepathy/*/*.pyo
+}
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch
new file mode 100644
index 0000000000..f34e243de9
--- /dev/null
+++ b/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch
@@ -0,0 +1,21 @@
+wireless_tools: Avoid stripping iwmulticall
+Upstream-Status: Inappropriate [other]
+  The removed code was from upstream.
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+diff -ur wireless_tools.29.orig/Makefile wireless_tools.29/Makefile
+--- wireless_tools.29.orig/Makefile     2011-06-18 11:35:12.183907453 -0500
+++ wireless_tools.29/Makefile  2011-06-18 11:38:09.995907985 -0500
+@@ -135,9 +135,8 @@
+ 
+ macaddr: macaddr.o $(IWLIB)
+ 
+-# Always do symbol stripping here
+ iwmulticall: iwmulticall.o
+-       $(CC) $(LDFLAGS) -Wl,-s $(XCFLAGS) -o $@ $^ $(LIBS)
+       $(CC) $(LDFLAGS) $(STRIPFLAGS) $(XCFLAGS) -o $@ $^ $(LIBS)
+ 
+ # It's a kind of magic...
+ wireless.h:
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch
new file mode 100644
index 0000000000..6c0d8cbd2e
--- /dev/null
+++ b/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch
@@ -0,0 +1,22 @@
+wireless-tools: Remove QA warning: No GNU_HASH in the elf binary
+Upstream-Status: Inappropriate [other]
+  Useful within bitbake environment only.
+Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
+---
+ Makefile |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+--- wireless_tools.29.orig/Makefile
+++ wireless_tools.29/Makefile
+@@ -144,7 +144,7 @@ wireless.h:
+ 
+ # Compilation of the dynamic library
+ $(DYNAMIC): $(OBJS:.o=.so)
+-       $(CC) -shared -o $@ -Wl,-soname,$@ $(STRIPFLAGS) $(LIBS) -lc $^
+       $(CC) -shared -o $@ -Wl,-soname,$@ $(LDFLAGS) $(STRIPFLAGS) $(LIBS) -lc $^
+ 
+ # Compilation of the static library
+ $(STATIC): $(OBJS:.o=.so)
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch
new file mode 100644
index 0000000000..6a757dae76
--- /dev/null
+++ b/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Inappropriate [configuration]
+Index: wireless_tools.30/Makefile
+===================================================================
+--- wireless_tools.30.orig/Makefile     2014-02-01 00:21:04.148463382 -0800
+++ wireless_tools.30/Makefile  2014-02-01 00:23:35.448072279 -0800
+@@ -76,7 +76,7 @@
+ INSTALL_DIR= $(PREFIX)/sbin
+ INSTALL_LIB= $(PREFIX)/lib
+ INSTALL_INC= $(PREFIX)/include
+-INSTALL_MAN= $(PREFIX)/man
+INSTALL_MAN= $(PREFIX)/share/man
+ 
+ # Various commands
+ RM = rm -f
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch
new file mode 100644
index 0000000000..3a22c3f1e7
--- /dev/null
+++ b/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch
@@ -0,0 +1,19 @@
+When /etc/ld.so.cache is writeable by user running bitbake then it creates invalid cache 
+(in my case libstdc++.so cannot be found after building zlib(-native) and I have to call 
+touch */libstdc++.so && /sbin/ldconfig to fix it.
+So remove ldconfig call from make install-libs
+Upstream-Status: Inappropriate [disable feature]
+diff -uNr wireless_tools.29.orig/Makefile wireless_tools.29/Makefile
+--- wireless_tools.29.orig/Makefile     2007-09-18 01:56:46.000000000 +0200
+++ wireless_tools.29/Makefile  2012-02-15 20:46:41.780763514 +0100
+@@ -163,7 +163,6 @@
+        install -m 755 $(DYNAMIC) $(INSTALL_LIB)
+        ln -sfn $(DYNAMIC) $(INSTALL_LIB)/$(DYNAMIC_LINK)
+        @echo "*** Don't forget to add $(INSTALL_LIB) to /etc/ld.so.conf, and run ldconfig as root. ***"
+-       @$(LDCONFIG) || echo "*** Could not run ldconfig ! ***"
+ 
+ # Install the static library
+ install-static:: $(STATIC)
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/wireless-tools.if-pre-up b/meta/recipes-connectivity/wireless-tools/wireless-tools/wireless-tools.if-pre-up
new file mode 100755
index 0000000000..2518a5c834
--- /dev/null
+++ b/meta/recipes-connectivity/wireless-tools/wireless-tools/wireless-tools.if-pre-up
@@ -0,0 +1,122 @@
+#!/bin/sh
+case "$METHOD" in loopback) exit 0 ;; esac
+IWCONFIG=/sbin/iwconfig
+IWPRIV=/sbin/iwpriv
+if [ ! -x $IWCONFIG ]; then
+  exit 0
+fi
+# Detect and do nothing for linux-wlan-ng interfaces;
+# which are configured by thier own if-pre-up script.
+if [ -n "$IF_WIRELESS_TYPE" -a "$IF_WIRELESS_TYPE" = "wlan-ng" ]; then
+  exit 0
+fi
+if [ -n "$IF_NEEDS_RESET" ]; then
+  $IWPRIV "$IFACE" reset 1
+  sleep 1
+fi
+if [ -n "$IF_NEEDS_FIRMWARE" ]; then
+  $IF_NEEDS_FIRMWARE "$IFACE"
+fi
+if [ -n "$IF_WIRELESS_SENS" ]; then
+  $IWCONFIG "$IFACE" sens $IF_WIRELESS_SENS
+fi
+if [ -n "$IF_WIRELESS_RATE" ]; then
+  $IWCONFIG "$IFACE" rate $IF_WIRELESS_RATE
+fi
+if [ -n "$IF_WIRELESS_RTS" ]; then
+  $IWCONFIG "$IFACE" rts $IF_WIRELESS_RTS
+fi
+if [ -n "$IF_WIRELESS_FRAG" ]; then
+  $IWCONFIG "$IFACE" frag $IF_WIRELESS_FRAG
+fi
+if [ -n "$IF_WIRELESS_POWER" ]; then
+  $IWCONFIG "$IFACE" power $IF_WIRELESS_POWER
+fi
+if [ -n "$IF_WIRELESS_POWERPERIOD" ]; then
+  $IWCONFIG "$IFACE" power period $IF_WIRELESS_POWERPERIOD
+fi
+if [ -n "$IF_WIRELESS_POWERTIMEOUT" ]; then
+  $IWCONFIG "$IFACE" power timeout $IF_WIRELESS_POWERTIMEOUT
+fi
+if [ -n "$IF_WIRELESS_TXPOWER" ]; then
+  $IWCONFIG "$IFACE" txpower $IF_WIRELESS_TXPOWER
+fi
+if [ -n "$IF_WIRELESS_RETRY" ]; then
+  $IWCONFIG "$IFACE" retry $IF_WIRELESS_RETRY
+fi
+if [ -n "$IF_WIRELESS_NICK" ]; then
+  $IWCONFIG "$IFACE" nick "$IF_WIRELESS_NICK"
+fi
+if [ -n "$IF_WIRELESS_NWID" ]; then
+  $IWCONFIG "$IFACE" nwid "$IF_WIRELESS_NWID"
+fi
+if [ -n "$IF_WIRELESS_ENC" ]; then
+  eval $IWCONFIG "$IFACE" enc $IF_WIRELESS_ENC
+fi
+if [ -n "$IF_WIRELESS_KEY" ]; then
+  eval $IWCONFIG "$IFACE" key $IF_WIRELESS_KEY
+fi
+if [ -n "$IF_WIRELESS_KEY1" ]; then
+  $IWCONFIG "$IFACE" key [1] "$IF_WIRELESS_KEY1"
+fi
+if [ -n "$IF_WIRELESS_KEY2" ]; then
+  $IWCONFIG "$IFACE" key [2] "$IF_WIRELESS_KEY2"
+fi
+if [ -n "$IF_WIRELESS_KEY3" ]; then
+  $IWCONFIG "$IFACE" key [3] "$IF_WIRELESS_KEY3"
+fi
+if [ -n "$IF_WIRELESS_KEY4" ]; then
+  $IWCONFIG "$IFACE" key [4] "$IF_WIRELESS_KEY4"
+fi
+if [ -n "$IF_WIRELESS_DEFAULTKEY" ]; then
+  $IWCONFIG "$IFACE" key ["$IF_WIRELESS_DEFAULTKEY"]
+fi
+if [ -n "$IF_WIRELESS_KEYMODE" ]; then
+  $IWCONFIG "$IFACE" key "$IF_WIRELESS_KEYMODE"
+fi
+if [ -n "$IF_WIRELESS_MODE" ]; then
+  $IWCONFIG "$IFACE" mode $IF_WIRELESS_MODE
+fi
+if [ -n "$IF_WIRELESS_FREQ" ]; then
+  $IWCONFIG "$IFACE" freq $IF_WIRELESS_FREQ
+fi
+if [ -n "$IF_WIRELESS_CHANNEL" ]; then
+  $IWCONFIG "$IFACE" channel $IF_WIRELESS_CHANNEL
+fi
+if [ -n "$IF_WIRELESS_ESSID" ]; then
+  $IWCONFIG "$IFACE" essid "$IF_WIRELESS_ESSID"
+fi
+if [ -n "$IF_WIRELESS_COMMIT" ]; then
+  $IWCONFIG "$IFACE" commit
+fi
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/zzz-wireless.if-pre-up b/meta/recipes-connectivity/wireless-tools/wireless-tools/zzz-wireless.if-pre-up
new file mode 100644
index 0000000000..4c8e95bf2a
--- /dev/null
+++ b/meta/recipes-connectivity/wireless-tools/wireless-tools/zzz-wireless.if-pre-up
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# /etc/network/if-pre-up.d/zzz-wireless
+# by Stefan Tomanek (stefan@pico.ruhr.de)
+IWCONFIG=/sbin/iwconfig
+IFCONFIG=/sbin/ifconfig
+GREP=/bin/grep
+LOGGER=/usr/bin/logger
+SLEEP=/bin/sleep
+# How long do we wait for association?
+RETRIES=15
+SLEEPTIME=1
+# Only sleep if we use DHCP (add others methods seperated by spaces)
+ONLY_FOR="static dhcp"
+if [ -z "$IF_WIRELESS_TYPE" ] && echo "$ONLY_FOR" | grep -q "$METHOD" ; then
+        $IFCONFIG $IFACE up
+        $LOGGER Checking for WLAN association...
+        while ( [ $RETRIES -gt 0 ] && ($IWCONFIG "$IFACE" | $GREP -q "Access Point: Not-Associated") ); do
+                $LOGGER No association yet, $RETRIES retries until timeout
+                RETRIES=$(($RETRIES-1))
+                $SLEEP $SLEEPTIME
+        done
+        
+        if [ $RETRIES -eq 0 ]; then
+                $LOGGER Timeout waiting for association, continuing anyway...
+        else
+                $LOGGER Found association!
+        fi
+fi
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb b/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb
new file mode 100644
index 0000000000..26ecdf3b40
--- /dev/null
+++ b/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb
@@ -0,0 +1,56 @@
+SUMMARY = "Tools for the Linux Standard Wireless Extension Subsystem"
+HOMEPAGE = "http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html"
+LICENSE = "GPLv2 & (LGPLv2.1 | MPL-1.1 | BSD)"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
+                        file://iwconfig.c;beginline=1;endline=12;md5=cf710eb1795c376eb10ea4ff04649caf \
+                        file://iwevent.c;beginline=59;endline=72;md5=d66a10026d4394f0a5b1c5587bce4537 \
+                        file://sample_enc.c;beginline=1;endline=4;md5=838372be07874260b566bae2f6ed33b6"
+SECTION = "base"
+PE = "1"
+SRC_URI = "http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/wireless_tools.${PV}.tar.gz \
+           file://wireless-tools.if-pre-up \
+           file://zzz-wireless.if-pre-up \
+           file://remove.ldconfig.call.patch \
+           file://man.patch \
+           file://avoid_strip.patch \
+           file://ldflags.patch \
+          "
+SRC_URI[md5sum] = "ca91ba7c7eff9bfff6926b1a34a4697d"
+SRC_URI[sha256sum] = "abd9c5c98abf1fdd11892ac2f8a56737544fe101e1be27c6241a564948f34c63"
+S = "${WORKDIR}/wireless_tools.30"
+CFLAGS =+ "-I${S}"
+EXTRA_OEMAKE = "-e 'BUILD_SHARED=y' \
+                'INSTALL_DIR=${D}${base_sbindir}' \
+                'INSTALL_LIB=${D}${libdir}' \
+                'INSTALL_INC=${D}${includedir}' \
+                'INSTALL_MAN=${D}${mandir}'"
+do_compile() {
+        oe_runmake all libiw.a
+}
+do_install() {
+        oe_runmake PREFIX=${D} install-iwmulticall install-dynamic install-man install-hdr
+        install -d ${D}${sbindir}
+        install -m 0755 ifrename ${D}${sbindir}/ifrename
+        # Disabled by RP - 20/8/08 - We don't seem to need/use these
+        #install -d ${D}${sysconfdir}/network/if-pre-up.d
+        #install ${WORKDIR}/wireless-tools.if-pre-up ${D}${sysconfdir}/network/if-pre-up.d/wireless-tools
+        #install ${WORKDIR}/zzz-wireless.if-pre-up ${D}${sysconfdir}/network/if-pre-up.d/zzz-wireless
+}
+PACKAGES = "libiw-dbg ifrename-dbg ${PN}-dbg \
+libiw libiw-dev libiw-doc ifrename-doc ifrename ${PN} ${PN}-doc"
+FILES_libiw-dbg = "${libdir}/.debug/*.so.*"
+FILES_ifrename-dbg = "${sbindir}/.debug/ifrename"
+FILES_libiw = "${libdir}/*.so.*"
+FILES_libiw-dev = "${libdir}/*.a ${libdir}/*.so ${includedir}"
+FILES_libiw-doc = "${mandir}/man7"
+FILES_ifrename = "${sbindir}/ifrename"
+FILES_ifrename-doc = "${mandir}/man8/ifrename.8 ${mandir}/man5/iftab.5"
+FILES_${PN} = "${bindir} ${sbindir}/iw* ${base_sbindir} ${base_bindir} ${sysconfdir}/network"
+FILES_${PN}-doc = "${mandir}"
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant.inc b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant.inc
new file mode 100644
index 0000000000..7923bb94a3
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant.inc
@@ -0,0 +1,107 @@
+SUMMARY = "Client for Wi-Fi Protected Access (WPA)"
+HOMEPAGE = "http://hostap.epitest.fi/wpa_supplicant/"
+BUGTRACKER = "http://hostap.epitest.fi/bugz/"
+SECTION = "network"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ab87f20cd7e8c0d0a6539b34d3791d0e \
+                    file://README;beginline=1;endline=56;md5=a07250b28e857455336bb59fc31cb845 \
+                    file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=e8e021e30f3a6ab7c341b66b86626a5a"
+DEPENDS = "dbus libnl libgcrypt"
+RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
+PACKAGECONFIG ??= "gnutls"
+PACKAGECONFIG[gnutls] = ",,gnutls"
+PACKAGECONFIG[openssl] = ",,openssl"
+inherit systemd
+SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+SRC_URI = "http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \
+           file://defconfig \
+           file://wpa-supplicant.sh \
+           file://wpa_supplicant.conf \
+           file://wpa_supplicant.conf-sane \
+           file://99_wpa_supplicant \
+           file://fix-libnl3-host-contamination.patch \
+          "
+SRC_URI[md5sum] = "238e8e888bbd558e1a57e3eb28d1dd07"
+SRC_URI[sha256sum] = "e0d8b8fd68a659636eaba246bb2caacbf53d22d53b2b6b90eb4b4fef0993c8ed"
+S = "${WORKDIR}/wpa_supplicant-${PV}"
+PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli "
+FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase"
+FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli"
+FILES_${PN} += "${datadir}/dbus-1/system-services/*"
+CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf"
+do_configure () {
+        install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config
+        echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
+        
+        if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then
+                ssl=openssl
+        elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then
+                ssl=gnutls
+        fi
+        if [ -n "$ssl" ]; then
+                sed -i "s/%ssl%/$ssl/" wpa_supplicant/.config
+        fi
+        # For rebuild
+        rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d
+}
+export EXTRA_CFLAGS = "${CFLAGS}"
+export BINDIR = "${sbindir}"
+do_compile () {
+        unset CFLAGS CPPFLAGS CXXFLAGS
+        sed -e "s:CFLAGS\ =.*:& \$(EXTRA_CFLAGS):g" -i ${S}/src/lib.rules
+        oe_runmake -C wpa_supplicant
+}
+do_install () {
+        install -d ${D}${sbindir}
+        install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir}
+        install -m 755 wpa_supplicant/wpa_cli        ${D}${sbindir}
+        install -d ${D}${bindir}
+        install -m 755 wpa_supplicant/wpa_passphrase ${D}${bindir}
+        install -d ${D}${docdir}/wpa_supplicant
+        install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant
+        install -d ${D}${sysconfdir}
+        install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf
+        install -d ${D}${sysconfdir}/network/if-pre-up.d/
+        install -d ${D}${sysconfdir}/network/if-post-down.d/
+        install -d ${D}${sysconfdir}/network/if-down.d/
+        install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant
+        cd ${D}${sysconfdir}/network/ && \
+        ln -sf ../if-pre-up.d/wpa-supplicant if-post-down.d/wpa-supplicant
+        install -d ${D}/${sysconfdir}/dbus-1/system.d
+        install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d
+        install -d ${D}/${datadir}/dbus-1/system-services
+        install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services
+        if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+                install -d ${D}/${systemd_unitdir}/system
+                install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system
+        fi
+        install -d ${D}/etc/default/volatiles
+        install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles
+}
+pkg_postinst_wpa-supplicant () {
+        # If we're offline, we don't need to do this.
+        if [ "x$D" = "x" ]; then
+                killall -q -HUP dbus-daemon || true
+        fi
+}
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant
new file mode 100644
index 0000000000..6ff4dd8826
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/99_wpa_supplicant
@@ -0,0 +1 @@
+d root root 0700 /var/run/wpa_supplicant none
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
new file mode 100644
index 0000000000..f04e398fdb
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/defconfig
@@ -0,0 +1,552 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+# Example configuration for various cross-compilation platforms
+#### sveasoft (e.g., for Linksys WRT54G) ######################################
+#CC=mipsel-uclibc-gcc
+#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
+#CFLAGS += -Os
+#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
+#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
+###############################################################################
+#### openwrt (e.g., for Linksys WRT54G) #######################################
+#CC=mipsel-uclibc-gcc
+#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
+#CFLAGS += -Os
+#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
+#       -I../WRT54GS/release/src/include
+#LIBS = -lssl
+###############################################################################
+# Driver interface for Host AP driver
+CONFIG_DRIVER_HOSTAP=y
+# Driver interface for Agere driver
+#CONFIG_DRIVER_HERMES=y
+# Change include directories to match with the local setup
+#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
+#CFLAGS += -I../../include/wireless
+# Driver interface for madwifi driver
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
+#CONFIG_DRIVER_MADWIFI=y
+# Set include directory to the madwifi source tree
+#CFLAGS += -I../../madwifi
+# Driver interface for ndiswrapper
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
+#CONFIG_DRIVER_NDISWRAPPER=y
+# Driver interface for Atmel driver
+# CONFIG_DRIVER_ATMEL=y
+# Driver interface for old Broadcom driver
+# Please note that the newer Broadcom driver ("hybrid Linux driver") supports
+# Linux wireless extensions and does not need (or even work) with the old
+# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver.
+#CONFIG_DRIVER_BROADCOM=y
+# Example path for wlioctl.h; change to match your configuration
+#CFLAGS += -I/opt/WRT54GS/release/src/include
+# Driver interface for Intel ipw2100/2200 driver
+# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
+#CONFIG_DRIVER_IPW=y
+# Driver interface for Ralink driver
+#CONFIG_DRIVER_RALINK=y
+# Driver interface for generic Linux wireless extensions
+# Note: WEXT is deprecated in the current Linux kernel version and no new
+# functionality is added to it. nl80211-based interface is the new
+# replacement for WEXT and its use allows wpa_supplicant to properly control
+# the driver to improve existing functionality like roaming and to support new
+# functionality.
+CONFIG_DRIVER_WEXT=y
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+CONFIG_LIBNL32=y
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+# Driver interface for development testing
+#CONFIG_DRIVER_TEST=y
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
+# included)
+CONFIG_IEEE8021X_EAPOL=y
+# EAP-MD5
+CONFIG_EAP_MD5=y
+# EAP-MSCHAPv2
+CONFIG_EAP_MSCHAPV2=y
+# EAP-TLS
+CONFIG_EAP_TLS=y
+# EAL-PEAP
+CONFIG_EAP_PEAP=y
+# EAP-TTLS
+CONFIG_EAP_TTLS=y
+# EAP-FAST
+# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
+# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
+# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
+#CONFIG_EAP_FAST=y
+# EAP-GTC
+CONFIG_EAP_GTC=y
+# EAP-OTP
+CONFIG_EAP_OTP=y
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+#CONFIG_EAP_SIM=y
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+# EAP-pwd (secure authentication using only a password)
+#CONFIG_EAP_PWD=y
+# EAP-PAX
+#CONFIG_EAP_PAX=y
+# LEAP
+CONFIG_EAP_LEAP=y
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+#CONFIG_EAP_AKA=y
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+# EAP-TNC and related Trusted Network Connect support (experimental)
+#CONFIG_EAP_TNC=y
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable WSC 2.0 support
+#CONFIG_WPS2=y
+# Enable WPS external registrar functionality
+#CONFIG_WPS_ER=y
+# Disable credentials for an open network by default when acting as a WPS
+# registrar.
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+# EAP-EKE
+#CONFIG_EAP_EKE=y
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+#CONFIG_PCSC=y
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
+#CONFIG_HT_OVERRIDES=y
+# Support VHT overrides (disable VHT, mask MCS rates, etc.)
+#CONFIG_VHT_OVERRIDES=y
+# Development testing
+#CONFIG_EAPOL_TEST=y
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+# Include internal line edit mode in wpa_cli. This can be used as a replacement
+# for GNU Readline to provide limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+#       path is given on command line, not here; this option is just used to
+#       select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+#CONFIG_NO_CONFIG_WRITE=y
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+# Select wrapper for operatins system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+#CONFIG_ELOOP=eloop
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+# IEEE 802.11w (management frame protection), also known as PMF
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# none = Empty template
+#CONFIG_TLS=openssl
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used. It should be noted that some existing TLS v1.0 -based
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
+# sent prior to negotiating which version will be used)
+#CONFIG_TLSV11=y
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms. It should be
+# noted that some existing TLS v1.0 -based implementation may not be compatible
+# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
+# will be used)
+#CONFIG_TLSV12=y
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+# Add support for old DBus control interface
+# (fi.epitest.hostap.WPASupplicant)
+#CONFIG_CTRL_IFACE_DBUS=y
+# Add support for new DBus control interface
+# (fi.w1.hostap.wpa_supplicant1)
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+# Add introspection support for new DBus control interface
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+#CONFIG_IEEE80211R=y
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+#CONFIG_DEBUG_FILE=y
+# Send debug messages to syslog instead of stdout
+#CONFIG_DEBUG_SYSLOG=y
+# Set syslog facility for debug messages
+#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+#CONFIG_DELAYED_MIC_ERROR_REPORT=y
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, uncomment these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, uncomment these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+CONFIG_TLS = %ssl%
+CONFIG_CTRL_IFACE_DBUS=y
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+# wpa_supplicant depends on strong random number generation being available
+# from the operating system. os_get_random() function is used to fetch random
+# data when needed, e.g., for key generation. On Linux and BSD systems, this
+# works by reading /dev/urandom. It should be noted that the OS entropy pool
+# needs to be properly initialized before wpa_supplicant is started. This is
+# important especially on embedded devices that do not have a hardware random
+# number generator and may by default start up with minimal entropy available
+# for random number generation.
+#
+# As a safety net, wpa_supplicant is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data fetched
+# from the OS. This by itself is not considered to be very strong, but it may
+# help in cases where the system pool is not initialized properly. However, it
+# is very strongly recommended that the system pool is initialized with enough
+# entropy either by using hardware assisted random number generator or by
+# storing state over device reboots.
+#
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal wpa_supplicant random pool can be
+# disabled. This will save some in binary size and CPU use. However, this
+# should only be considered for builds that are known to be used on devices
+# that meet the requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+# IEEE 802.11n (High Throughput) support (mainly for AP mode)
+#CONFIG_IEEE80211N=y
+# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
+# (depends on CONFIG_IEEE80211N)
+#CONFIG_IEEE80211AC=y
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks (GAS/ANQP to learn more about the networks and network
+# selection based on available credentials).
+#CONFIG_INTERWORKING=y
+# Hotspot 2.0
+#CONFIG_HS20=y
+# Disable roaming in wpa_supplicant
+#CONFIG_NO_ROAMING=y
+# AP mode operations with wpa_supplicant
+# This can be used for controlling AP mode operations with wpa_supplicant. It
+# should be noted that this is mainly aimed at simple cases like
+# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
+# external RADIUS server can be supported with hostapd.
+CONFIG_AP=y
+CONFIG_BGSCAN_SIMPLE=y
+# P2P (Wi-Fi Direct)
+# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
+# more information on P2P operations.
+#CONFIG_P2P=y
+# Enable TDLS support
+#CONFIG_TDLS=y
+# Wi-Fi Direct
+# This can be used to enable Wi-Fi Direct extensions for P2P using an external
+# program to control the additional information exchanges in the messages.
+#CONFIG_WIFI_DISPLAY=y
+# Autoscan
+# This can be used to enable automatic scan support in wpa_supplicant.
+# See wpa_supplicant.conf for more information on autoscan usage.
+#
+# Enabling directly a module will enable autoscan support.
+# For exponential module:
+CONFIG_AUTOSCAN_EXPONENTIAL=y
+# For periodic module:
+#CONFIG_AUTOSCAN_PERIODIC=y
+# Password (and passphrase, etc.) backend for external storage
+# These optional mechanisms can be used to add support for storing passwords
+# and other secrets in external (to wpa_supplicant) location. This allows, for
+# example, operating system specific key storage to be used
+#
+# External password backend for testing purposes (developer use)
+#CONFIG_EXT_PASSWORD_TEST=y
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/fix-libnl3-host-contamination.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/fix-libnl3-host-contamination.patch
new file mode 100644
index 0000000000..eb8036f50c
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/fix-libnl3-host-contamination.patch
@@ -0,0 +1,42 @@
+Upstream-Status: Pending
+From 37d6b3dd5a737cd67468e4a58b372bddd924a7be Mon Sep 17 00:00:00 2001
+From: Andreas Oberritter <obi@opendreambox.org>
+Date: Fri, 8 Mar 2013 22:55:19 +0100
+Subject: [PATCH] Revert "build: Use updated libnl3 header paths"
+This reverts commit e7ecddf33a446072effbc85a27a078a8e582c89e.
+---
+ src/drivers/drivers.mak |    2 +-
+ src/drivers/drivers.mk  |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+diff --git a/src/drivers/drivers.mak b/src/drivers/drivers.mak
+index 68ff910..1f38f57 100644
+--- a/src/drivers/drivers.mak
+++ b/src/drivers/drivers.mak
+@@ -30,7 +30,7 @@ NEED_RFKILL=y
+ ifdef CONFIG_LIBNL32
+   DRV_LIBS += -lnl-3
+   DRV_LIBS += -lnl-genl-3
+-  DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
+  DRV_CFLAGS += -DCONFIG_LIBNL20
+ else
+   ifdef CONFIG_LIBNL_TINY
+     DRV_LIBS += -lnl-tiny
+diff --git a/src/drivers/drivers.mk b/src/drivers/drivers.mk
+index db8561a..c93e88d 100644
+--- a/src/drivers/drivers.mk
+++ b/src/drivers/drivers.mk
+@@ -30,7 +30,7 @@ NEED_RFKILL=y
+ ifdef CONFIG_LIBNL32
+   DRV_LIBS += -lnl-3
+   DRV_LIBS += -lnl-genl-3
+-  DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
+  DRV_CFLAGS += -DCONFIG_LIBNL20
+ else
+   ifdef CONFIG_LIBNL_TINY
+     DRV_LIBS += -lnl-tiny
+-- 
+1.7.10.4
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
new file mode 100644
index 0000000000..5c9e5d33a7
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
@@ -0,0 +1,85 @@
+#!/bin/sh
+WPA_SUP_BIN="/usr/sbin/wpa_supplicant"
+WPA_SUP_PNAME="wpa_supplicant"
+WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid"
+WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE"
+VERBOSITY=0
+if [ -s "$IF_WPA_CONF" ]; then
+        WPA_SUP_CONF="-c $IF_WPA_CONF"
+else
+        exit 0
+fi
+if [ ! -x "$WPA_SUP_BIN" ]; then
+        
+        if [ "$VERBOSITY" = "1" ]; then
+                echo "$WPA_SUP_PNAME: binaries not executable or missing from $WPA_SUP_BIN"
+        fi
+        
+        exit 1
+fi
+if [ "$MODE" = "start" ] ; then
+        # driver type of interface, defaults to wext when undefined
+        if [ -s "/etc/wpa_supplicant/driver.$IFACE" ]; then
+                IF_WPA_DRIVER=$(cat "/etc/wpa_supplicant/driver.$IFACE")
+        elif [ -z "$IF_WPA_DRIVER" ]; then
+                
+                if [ "$VERBOSITY" = "1" ]; then
+                        echo "$WPA_SUP_PNAME: wpa-driver not provided, using \"wext\""
+                fi
+                
+                IF_WPA_DRIVER="wext"
+        fi
+        
+        # if we have passed the criteria, start wpa_supplicant
+        if [ -n "$WPA_SUP_CONF" ]; then
+                
+                if [ "$VERBOSITY" = "1" ]; then
+                        echo "$WPA_SUP_PNAME: $WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER"
+                fi
+                
+                start-stop-daemon --start --quiet \
+                        --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \
+                        --  $WPA_SUP_OPTIONS $WPA_SUP_CONF -D $IF_WPA_DRIVER
+        fi
+        # if the interface socket exists, then wpa_supplicant was invoked successfully
+        if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then
+        
+                if [ "$VERBOSITY" = "1" ]; then
+                        echo "$WPA_SUP_PNAME: ctrl_interface socket located at $WPA_COMMON_CTRL_IFACE/$IFACE"
+                fi
+                exit 0
+                
+        fi
+        
+elif [ "$MODE" = "stop" ]; then
+        if [ -f "$WPA_SUP_PIDFILE" ]; then
+                
+                if [ "$VERBOSITY" = "1" ]; then
+                        echo "$WPA_SUP_PNAME: terminating $WPA_SUP_PNAME daemon"
+                fi
+                
+                start-stop-daemon --stop --quiet \
+                        --name $WPA_SUP_PNAME --pidfile $WPA_SUP_PIDFILE
+                        
+                if [ -S "$WPA_COMMON_CTRL_IFACE/$IFACE" ]; then
+                        rm -f $WPA_COMMON_CTRL_IFACE/$IFACE
+                fi
+                        
+                if [ -f "$WPA_SUP_PIDFILE" ]; then
+                        rm -f $WPA_SUP_PIDFILE
+                fi
+        fi
+fi
+exit 0
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf
new file mode 100644
index 0000000000..68258f5ee2
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf
@@ -0,0 +1,690 @@
+##### Example wpa_supplicant configuration file ###############################
+#
+# This file describes configuration file format and lists all available option.
+# Please also take a look at simpler configuration examples in 'examples'
+# subdirectory.
+#
+# Empty lines and lines starting with # are ignored
+# NOTE! This file may contain password information and should probably be made
+# readable only by root user on multiuser systems.
+# Note: All file paths in this configuration file should use full (absolute,
+# not relative to working directory) path in order to allow working directory
+# to be changed. This can happen if wpa_supplicant is run in the background.
+# Whether to allow wpa_supplicant to update (overwrite) configuration
+#
+# This option can be used to allow wpa_supplicant to overwrite configuration
+# file whenever configuration is changed (e.g., new network block is added with
+# wpa_cli or wpa_gui, or a password is changed). This is required for
+# wpa_cli/wpa_gui to be able to store the configuration changes permanently.
+# Please note that overwriting configuration file will remove the comments from
+# it.
+#update_config=1
+# global configuration (shared by all network blocks)
+#
+# Parameters for the control interface. If this is specified, wpa_supplicant
+# will open a control interface that is available for external programs to
+# manage wpa_supplicant. The meaning of this string depends on which control
+# interface mechanism is used. For all cases, the existence of this parameter
+# in configuration is used to determine whether the control interface is
+# enabled.
+#
+# For UNIX domain sockets (default on Linux and BSD): This is a directory that
+# will be created for UNIX domain sockets for listening to requests from
+# external programs (CLI/GUI, etc.) for status information and configuration.
+# The socket file will be named based on the interface name, so multiple
+# wpa_supplicant processes can be run at the same time if more than one
+# interface is used.
+# /var/run/wpa_supplicant is the recommended directory for sockets and by
+# default, wpa_cli will use it when trying to connect with wpa_supplicant.
+#
+# Access control for the control interface can be configured by setting the
+# directory to allow only members of a group to use sockets. This way, it is
+# possible to run wpa_supplicant as root (since it needs to change network
+# configuration and open raw sockets) and still allow GUI/CLI components to be
+# run as non-root users. However, since the control interface can be used to
+# change the network configuration, this access needs to be protected in many
+# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you
+# want to allow non-root users to use the control interface, add a new group
+# and change this value to match with that group. Add users that should have
+# control interface access to this group. If this variable is commented out or
+# not included in the configuration file, group will not be changed from the
+# value it got by default when the directory or socket was created.
+#
+# When configuring both the directory and group, use following format:
+# DIR=/var/run/wpa_supplicant GROUP=wheel
+# DIR=/var/run/wpa_supplicant GROUP=0
+# (group can be either group name or gid)
+#
+# For UDP connections (default on Windows): The value will be ignored. This
+# variable is just used to select that the control interface is to be created.
+# The value can be set to, e.g., udp (ctrl_interface=udp)
+#
+# For Windows Named Pipe: This value can be used to set the security descriptor
+# for controlling access to the control interface. Security descriptor can be
+# set using Security Descriptor String Format (see http://msdn.microsoft.com/
+# library/default.asp?url=/library/en-us/secauthz/security/
+# security_descriptor_string_format.asp). The descriptor string needs to be
+# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty
+# DACL (which will reject all connections). See README-Windows.txt for more
+# information about SDDL string format.
+#
+ctrl_interface=/var/run/wpa_supplicant
+# IEEE 802.1X/EAPOL version
+# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines
+# EAPOL version 2. However, there are many APs that do not handle the new
+# version number correctly (they seem to drop the frames completely). In order
+# to make wpa_supplicant interoperate with these APs, the version number is set
+# to 1 by default. This configuration value can be used to set it to the new
+# version (2).
+eapol_version=1
+# AP scanning/selection
+# By default, wpa_supplicant requests driver to perform AP scanning and then
+# uses the scan results to select a suitable AP. Another alternative is to
+# allow the driver to take care of AP scanning and selection and use
+# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
+# information from the driver.
+# 1: wpa_supplicant initiates scanning and AP selection
+# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
+#    parameters (e.g., WPA IE generation); this mode can also be used with
+#    non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
+#    APs (i.e., external program needs to control association). This mode must
+#    also be used when using wired Ethernet drivers.
+# 2: like 0, but associate with APs using security policy and SSID (but not
+#    BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
+#    enable operation with hidden SSIDs and optimized roaming; in this mode,
+#    the network blocks in the configuration file are tried one by one until
+#    the driver reports successful association; each network block should have
+#    explicit security policy (i.e., only one option in the lists) for
+#    key_mgmt, pairwise, group, proto variables
+ap_scan=1
+# EAP fast re-authentication
+# By default, fast re-authentication is enabled for all EAP methods that
+# support it. This variable can be used to disable fast re-authentication.
+# Normally, there is no need to disable this.
+fast_reauth=1
+# OpenSSL Engine support
+# These options can be used to load OpenSSL engines.
+# The two engines that are supported currently are shown below:
+# They are both from the opensc project (http://www.opensc.org/)
+# By default no engines are loaded.
+# make the opensc engine available
+#opensc_engine_path=/usr/lib/opensc/engine_opensc.so
+# make the pkcs11 engine available
+#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
+# configure the path to the pkcs11 module required by the pkcs11 engine
+#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
+# Dynamic EAP methods
+# If EAP methods were built dynamically as shared object files, they need to be
+# loaded here before being used in the network blocks. By default, EAP methods
+# are included statically in the build, so these lines are not needed
+#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so
+#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so
+# Driver interface parameters
+# This field can be used to configure arbitrary driver interace parameters. The
+# format is specific to the selected driver interface. This field is not used
+# in most cases.
+#driver_param="field=value"
+# Maximum lifetime for PMKSA in seconds; default 43200
+#dot11RSNAConfigPMKLifetime=43200
+# Threshold for reauthentication (percentage of PMK lifetime); default 70
+#dot11RSNAConfigPMKReauthThreshold=70
+# Timeout for security association negotiation in seconds; default 60
+#dot11RSNAConfigSATimeout=60
+# network block
+#
+# Each network (usually AP's sharing the same SSID) is configured as a separate
+# block in this configuration file. The network blocks are in preference order
+# (the first match is used).
+#
+# network block fields:
+#
+# disabled:
+#       0 = this network can be used (default)
+#       1 = this network block is disabled (can be enabled through ctrl_iface,
+#           e.g., with wpa_cli or wpa_gui)
+#
+# id_str: Network identifier string for external scripts. This value is passed
+#       to external action script through wpa_cli as WPA_ID_STR environment
+#       variable to make it easier to do network specific configuration.
+#
+# ssid: SSID (mandatory); either as an ASCII string with double quotation or
+#       as hex string; network name
+#
+# scan_ssid:
+#       0 = do not scan this SSID with specific Probe Request frames (default)
+#       1 = scan with SSID-specific Probe Request frames (this can be used to
+#           find APs that do not accept broadcast SSID or use multiple SSIDs;
+#           this will add latency to scanning, so enable this only when needed)
+#
+# bssid: BSSID (optional); if set, this network block is used only when
+#       associating with the AP using the configured BSSID
+#
+# priority: priority group (integer)
+# By default, all networks will get same priority group (0). If some of the
+# networks are more desirable, this field can be used to change the order in
+# which wpa_supplicant goes through the networks when selecting a BSS. The
+# priority groups will be iterated in decreasing priority (i.e., the larger the
+# priority value, the sooner the network is matched against the scan results).
+# Within each priority group, networks will be selected based on security
+# policy, signal strength, etc.
+# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not
+# using this priority to select the order for scanning. Instead, they try the
+# networks in the order that used in the configuration file.
+#
+# mode: IEEE 802.11 operation mode
+# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
+# 1 = IBSS (ad-hoc, peer-to-peer)
+# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
+# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
+# to be set to 2 for IBSS. WPA-None requires following network block options:
+# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
+# both), and psk must also be set.
+#
+# proto: list of accepted protocols
+# WPA = WPA/IEEE 802.11i/D3.0
+# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
+# If not set, this defaults to: WPA RSN
+#
+# key_mgmt: list of accepted authenticated key management protocols
+# WPA-PSK = WPA pre-shared key (this requires 'psk' field)
+# WPA-EAP = WPA using EAP authentication (this can use an external
+#       program, e.g., Xsupplicant, for IEEE 802.1X EAP Authentication
+# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically
+#       generated WEP keys
+# NONE = WPA is not used; plaintext or static WEP could be used
+# If not set, this defaults to: WPA-PSK WPA-EAP
+#
+# auth_alg: list of allowed IEEE 802.11 authentication algorithms
+# OPEN = Open System authentication (required for WPA/WPA2)
+# SHARED = Shared Key authentication (requires static WEP keys)
+# LEAP = LEAP/Network EAP (only used with LEAP)
+# If not set, automatic selection is used (Open System with LEAP enabled if
+# LEAP is allowed as one of the EAP methods).
+#
+# pairwise: list of accepted pairwise (unicast) ciphers for WPA
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# NONE = Use only Group Keys (deprecated, should not be included if APs support
+#       pairwise keys)
+# If not set, this defaults to: CCMP TKIP
+#
+# group: list of accepted group (broadcast/multicast) ciphers for WPA
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
+# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11]
+# If not set, this defaults to: CCMP TKIP WEP104 WEP40
+#
+# psk: WPA preshared key; 256-bit pre-shared key
+# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e.,
+# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be
+# generated using the passphrase and SSID). ASCII passphrase must be between
+# 8 and 63 characters (inclusive).
+# This field is not needed, if WPA-EAP is used.
+# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys
+# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant
+# startup and reconfiguration time can be optimized by generating the PSK only
+# only when the passphrase or SSID has actually changed.
+#
+# eapol_flags: IEEE 802.1X/EAPOL options (bit field)
+# Dynamic WEP key required for non-WPA mode
+# bit0 (1): require dynamically generated unicast WEP key
+# bit1 (2): require dynamically generated broadcast WEP key
+#       (3 = require both keys; default)
+# Note: When using wired authentication, eapol_flags must be set to 0 for the
+# authentication to be completed successfully.
+#
+# proactive_key_caching:
+# Enable/disable opportunistic PMKSA caching for WPA2.
+# 0 = disabled (default)
+# 1 = enabled
+#
+# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or
+# hex without quotation, e.g., 0102030405)
+# wep_tx_keyidx: Default WEP key index (TX) (0..3)
+#
+# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is
+# allowed. This is only used with RSN/WPA2.
+# 0 = disabled (default)
+# 1 = enabled
+#peerkey=1
+#
+# Following fields are only used with internal EAP implementation.
+# eap: space-separated list of accepted EAP methods
+#       MD5 = EAP-MD5 (unsecure and does not generate keying material ->
+#                       cannot be used with WPA; to be used as a Phase 2 method
+#                       with EAP-PEAP or EAP-TTLS)
+#       MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used
+#               as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+#       OTP = EAP-OTP (cannot be used separately with WPA; to be used
+#               as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+#       GTC = EAP-GTC (cannot be used separately with WPA; to be used
+#               as a Phase 2 method with EAP-PEAP or EAP-TTLS)
+#       TLS = EAP-TLS (client and server certificate)
+#       PEAP = EAP-PEAP (with tunnelled EAP authentication)
+#       TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2
+#                        authentication)
+#       If not set, all compiled in methods are allowed.
+#
+# identity: Identity string for EAP
+# anonymous_identity: Anonymous identity string for EAP (to be used as the
+#       unencrypted identity with EAP types that support different tunnelled
+#       identity, e.g., EAP-TTLS)
+# password: Password string for EAP
+# ca_cert: File path to CA certificate file (PEM/DER). This file can have one
+#       or more trusted CA certificates. If ca_cert and ca_path are not
+#       included, server certificate will not be verified. This is insecure and
+#       a trusted CA certificate should always be configured when using
+#       EAP-TLS/TTLS/PEAP. Full path should be used since working directory may
+#       change when wpa_supplicant is run in the background.
+#       On Windows, trusted CA certificates can be loaded from the system
+#       certificate store by setting this to cert_store://<name>, e.g.,
+#       ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".
+#       Note that when running wpa_supplicant as an application, the user
+#       certificate store (My user account) is used, whereas computer store
+#       (Computer account) is used when running wpasvc as a service.
+# ca_path: Directory path for CA certificate files (PEM). This path may
+#       contain multiple CA certificates in OpenSSL format. Common use for this
+#       is to point to system trusted CA list which is often installed into
+#       directory like /etc/ssl/certs. If configured, these certificates are
+#       added to the list of trusted CAs. ca_cert may also be included in that
+#       case, but it is not required.
+# client_cert: File path to client certificate file (PEM/DER)
+#       Full path should be used since working directory may change when
+#       wpa_supplicant is run in the background.
+#       Alternatively, a named configuration blob can be used by setting this
+#       to blob://<blob name>.
+# private_key: File path to client private key file (PEM/DER/PFX)
+#       When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
+#       commented out. Both the private key and certificate will be read from
+#       the PKCS#12 file in this case. Full path should be used since working
+#       directory may change when wpa_supplicant is run in the background.
+#       Windows certificate store can be used by leaving client_cert out and
+#       configuring private_key in one of the following formats:
+#       cert://substring_to_match
+#       hash://certificate_thumbprint_in_hex
+#       for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
+#       Note that when running wpa_supplicant as an application, the user
+#       certificate store (My user account) is used, whereas computer store
+#       (Computer account) is used when running wpasvc as a service.
+#       Alternatively, a named configuration blob can be used by setting this
+#       to blob://<blob name>.
+# private_key_passwd: Password for private key file (if left out, this will be
+#       asked through control interface)
+# dh_file: File path to DH/DSA parameters file (in PEM format)
+#       This is an optional configuration file for setting parameters for an
+#       ephemeral DH key exchange. In most cases, the default RSA
+#       authentication does not use this configuration. However, it is possible
+#       setup RSA to use ephemeral DH key exchange. In addition, ciphers with
+#       DSA keys always use ephemeral DH keys. This can be used to achieve
+#       forward secrecy. If the file is in DSA parameters format, it will be
+#       automatically converted into DH params.
+# subject_match: Substring to be matched against the subject of the
+#       authentication server certificate. If this string is set, the server
+#       sertificate is only accepted if it contains this string in the subject.
+#       The subject string is in following format:
+#       /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com
+# altsubject_match: Semicolon separated string of entries to be matched against
+#       the alternative subject name of the authentication server certificate.
+#       If this string is set, the server sertificate is only accepted if it
+#       contains one of the entries in an alternative subject name extension.
+#       altSubjectName string is in following format: TYPE:VALUE
+#       Example: EMAIL:server@example.com
+#       Example: DNS:server.example.com;DNS:server2.example.com
+#       Following types are supported: EMAIL, DNS, URI
+# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
+#       (string with field-value pairs, e.g., "peapver=0" or
+#       "peapver=1 peaplabel=1")
+#       'peapver' can be used to force which PEAP version (0 or 1) is used.
+#       'peaplabel=1' can be used to force new label, "client PEAP encryption",
+#       to be used during key derivation when PEAPv1 or newer. Most existing
+#       PEAPv1 implementation seem to be using the old label, "client EAP
+#       encryption", and wpa_supplicant is now using that as the default value.
+#       Some servers, e.g., Radiator, may require peaplabel=1 configuration to
+#       interoperate with PEAPv1; see eap_testing.txt for more details.
+#       'peap_outer_success=0' can be used to terminate PEAP authentication on
+#       tunneled EAP-Success. This is required with some RADIUS servers that
+#       implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
+#       Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode)
+#       include_tls_length=1 can be used to force wpa_supplicant to include
+#       TLS Message Length field in all TLS messages even if they are not
+#       fragmented.
+#       sim_min_num_chal=3 can be used to configure EAP-SIM to require three
+#       challenges (by default, it accepts 2 or 3)
+# phase2: Phase2 (inner authentication with TLS tunnel) parameters
+#       (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or
+#       "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS)
+# Following certificate/private key fields are used in inner Phase2
+# authentication when using EAP-TTLS or EAP-PEAP.
+# ca_cert2: File path to CA certificate file. This file can have one or more
+#       trusted CA certificates. If ca_cert2 and ca_path2 are not included,
+#       server certificate will not be verified. This is insecure and a trusted
+#       CA certificate should always be configured.
+# ca_path2: Directory path for CA certificate files (PEM)
+# client_cert2: File path to client certificate file
+# private_key2: File path to client private key file
+# private_key2_passwd: Password for private key file
+# dh_file2: File path to DH/DSA parameters file (in PEM format)
+# subject_match2: Substring to be matched against the subject of the
+#       authentication server certificate.
+# altsubject_match2: Substring to be matched against the alternative subject
+#       name of the authentication server certificate.
+#
+# fragment_size: Maximum EAP fragment size in bytes (default 1398).
+#       This value limits the fragment size for EAP methods that support
+#       fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set
+#       small enough to make the EAP messages fit in MTU of the network
+#       interface used for EAPOL. The default value is suitable for most
+#       cases.
+#
+# EAP-PSK variables:
+# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
+# nai: user NAI
+#
+# EAP-PAX variables:
+# eappsk: 16-byte (128-bit, 32 hex digits) pre-shared key in hex format
+#
+# EAP-SAKE variables:
+# eappsk: 32-byte (256-bit, 64 hex digits) pre-shared key in hex format
+#       (this is concatenation of Root-Secret-A and Root-Secret-B)
+# nai: user NAI (PEERID)
+#
+# EAP-GPSK variables:
+# eappsk: Pre-shared key in hex format (at least 128 bits, i.e., 32 hex digits)
+# nai: user NAI (ID_Client)
+#
+# EAP-FAST variables:
+# pac_file: File path for the PAC entries. wpa_supplicant will need to be able
+#       to create this file and write updates to it when PAC is being
+#       provisioned or refreshed. Full path to the file should be used since
+#       working directory may change when wpa_supplicant is run in the
+#       background. Alternatively, a named configuration blob can be used by
+#       setting this to blob://<blob name>
+# phase1: fast_provisioning=1 option enables in-line provisioning of EAP-FAST
+#       credentials (PAC)
+#
+# wpa_supplicant supports number of "EAP workarounds" to work around
+# interoperability issues with incorrectly behaving authentication servers.
+# These are enabled by default because some of the issues are present in large
+# number of authentication servers. Strict EAP conformance mode can be
+# configured by disabling workarounds with eap_workaround=0.
+# Example blocks:
+# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
+network={
+        ssid="simple"
+        psk="very secret passphrase"
+        priority=5
+}
+# Same as previous, but request SSID-specific scanning (for APs that reject
+# broadcast SSID)
+network={
+        ssid="second ssid"
+        scan_ssid=1
+        psk="very secret passphrase"
+        priority=2
+}
+# Only WPA-PSK is used. Any valid cipher combination is accepted.
+network={
+        ssid="example"
+        proto=WPA
+        key_mgmt=WPA-PSK
+        pairwise=CCMP TKIP
+        group=CCMP TKIP WEP104 WEP40
+        psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
+        priority=2
+}
+# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104
+# or WEP40 as the group cipher will not be accepted.
+network={
+        ssid="example"
+        proto=RSN
+        key_mgmt=WPA-EAP
+        pairwise=CCMP TKIP
+        group=CCMP TKIP
+        eap=TLS
+        identity="user@example.com"
+        ca_cert="/etc/cert/ca.pem"
+        client_cert="/etc/cert/user.pem"
+        private_key="/etc/cert/user.prv"
+        private_key_passwd="password"
+        priority=1
+}
+# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
+# (e.g., Radiator)
+network={
+        ssid="example"
+        key_mgmt=WPA-EAP
+        eap=PEAP
+        identity="user@example.com"
+        password="foobar"
+        ca_cert="/etc/cert/ca.pem"
+        phase1="peaplabel=1"
+        phase2="auth=MSCHAPV2"
+        priority=10
+}
+# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
+# unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
+network={
+        ssid="example"
+        key_mgmt=WPA-EAP
+        eap=TTLS
+        identity="user@example.com"
+        anonymous_identity="anonymous@example.com"
+        password="foobar"
+        ca_cert="/etc/cert/ca.pem"
+        priority=2
+}
+# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted
+# use. Real identity is sent only within an encrypted TLS tunnel.
+network={
+        ssid="example"
+        key_mgmt=WPA-EAP
+        eap=TTLS
+        identity="user@example.com"
+        anonymous_identity="anonymous@example.com"
+        password="foobar"
+        ca_cert="/etc/cert/ca.pem"
+        phase2="auth=MSCHAPV2"
+}
+# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner
+# authentication.
+network={
+        ssid="example"
+        key_mgmt=WPA-EAP
+        eap=TTLS
+        # Phase1 / outer authentication
+        anonymous_identity="anonymous@example.com"
+        ca_cert="/etc/cert/ca.pem"
+        # Phase 2 / inner authentication
+        phase2="autheap=TLS"
+        ca_cert2="/etc/cert/ca2.pem"
+        client_cert2="/etc/cer/user.pem"
+        private_key2="/etc/cer/user.prv"
+        private_key2_passwd="password"
+        priority=2
+}
+# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and
+# group cipher.
+network={
+        ssid="example"
+        bssid=00:11:22:33:44:55
+        proto=WPA RSN
+        key_mgmt=WPA-PSK WPA-EAP
+        pairwise=CCMP
+        group=CCMP
+        psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
+}
+# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP
+# and all valid ciphers.
+network={
+        ssid=00010203
+        psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+}
+# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using
+# EAP-TLS for authentication and key generation; require both unicast and
+# broadcast WEP keys.
+network={
+        ssid="1x-test"
+        key_mgmt=IEEE8021X
+        eap=TLS
+        identity="user@example.com"
+        ca_cert="/etc/cert/ca.pem"
+        client_cert="/etc/cert/user.pem"
+        private_key="/etc/cert/user.prv"
+        private_key_passwd="password"
+        eapol_flags=3
+}
+# LEAP with dynamic WEP keys
+network={
+        ssid="leap-example"
+        key_mgmt=IEEE8021X
+        eap=LEAP
+        identity="user"
+        password="foobar"
+}
+# Plaintext connection (no WPA, no IEEE 802.1X)
+network={
+        ssid="plaintext-test"
+        key_mgmt=NONE
+}
+# Shared WEP key connection (no WPA, no IEEE 802.1X)
+network={
+        ssid="static-wep-test"
+        key_mgmt=NONE
+        wep_key0="abcde"
+        wep_key1=0102030405
+        wep_key2="1234567890123"
+        wep_tx_keyidx=0
+        priority=5
+}
+# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
+# IEEE 802.11 authentication
+network={
+        ssid="static-wep-test2"
+        key_mgmt=NONE
+        wep_key0="abcde"
+        wep_key1=0102030405
+        wep_key2="1234567890123"
+        wep_tx_keyidx=0
+        priority=5
+        auth_alg=SHARED
+}
+# IBSS/ad-hoc network with WPA-None/TKIP.
+network={
+        ssid="test adhoc"
+        mode=1
+        proto=WPA
+        key_mgmt=WPA-NONE
+        pairwise=NONE
+        group=TKIP
+        psk="secret passphrase"
+}
+# Catch all example that allows more or less all configuration modes
+network={
+        ssid="example"
+        scan_ssid=1
+        key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+        pairwise=CCMP TKIP
+        group=CCMP TKIP WEP104 WEP40
+        psk="very secret passphrase"
+        eap=TTLS PEAP TLS
+        identity="user@example.com"
+        password="foobar"
+        ca_cert="/etc/cert/ca.pem"
+        client_cert="/etc/cert/user.pem"
+        private_key="/etc/cert/user.prv"
+        private_key_passwd="password"
+        phase1="peaplabel=0"
+}
+# Example of EAP-TLS with smartcard (openssl engine)
+network={
+        ssid="example"
+        key_mgmt=WPA-EAP
+        eap=TLS
+        proto=RSN
+        pairwise=CCMP TKIP
+        group=CCMP TKIP
+        identity="user@example.com"
+        ca_cert="/etc/cert/ca.pem"
+        client_cert="/etc/cert/user.pem"
+        engine=1
+        # The engine configured here must be available. Look at
+        # OpenSSL engine support in the global section.
+        # The key available through the engine must be the private key
+        # matching the client certificate configured above.
+        # use the opensc engine
+        #engine_id="opensc"
+        #key_id="45"
+        # use the pkcs11 engine
+        engine_id="pkcs11"
+        key_id="id_45"
+        # Optional PIN configuration; this can be left out and PIN will be
+        # asked through the control interface
+        pin="1234"
+}
+# Example configuration showing how to use an inlined blob as a CA certificate
+# data instead of using external file
+network={
+        ssid="example"
+        key_mgmt=WPA-EAP
+        eap=TTLS
+        identity="user@example.com"
+        anonymous_identity="anonymous@example.com"
+        password="foobar"
+        ca_cert="blob://exampleblob"
+        priority=20
+}
+blob-base64-exampleblob={
+SGVsbG8gV29ybGQhCg==
+}
+# Wildcard match for SSID (plaintext APs only). This example select any
+# open AP regardless of its SSID.
+network={
+        key_mgmt=NONE
+}
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane
new file mode 100644
index 0000000000..c91ffe0c84
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant.conf-sane
@@ -0,0 +1,7 @@
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=0
+update_config=1
+network={
+        key_mgmt=NONE
+}
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.2.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.2.bb
new file mode 100644
index 0000000000..afd0654016
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.2.bb
@@ -0,0 +1,2 @@
+require wpa-supplicant.inc
author	Tudor Florea <tudor.florea@enea.com>	2015-10-09 22:59:03 +0200
committer	Tudor Florea <tudor.florea@enea.com>	2015-10-09 22:59:03 +0200
commit	972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch)
tree	97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-connectivity
download	poky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz