76 files changed, 5384 insertions, 2792 deletions

diff --git a/poky/meta/recipes-connectivity/avahi/avahi.inc b/poky/meta/recipes-connectivity/avahi/avahi.inc
index 11846849f..8339e451f 100644
--- a/poky/meta/recipes-connectivity/avahi/avahi.inc
+++ b/poky/meta/recipes-connectivity/avahi/avahi.inc
@@ -19,7 +19,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
                     file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
                     file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
 
-SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz"
+SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
+           file://fix-CVE-2017-6519.patch \
+           "
 
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
 SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6"
diff --git a/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch b/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
new file mode 100644
index 000000000..7461fe193
--- /dev/null
+++ b/poky/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
@@ -0,0 +1,48 @@
+Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/e111def]
+
+CVE: CVE-2017-6519
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
+From: Trent Lloyd <trent@lloyd.id.au>
+Date: Sat, 22 Dec 2018 09:06:07 +0800
+Subject: [PATCH] Drop legacy unicast queries from address not on local link
+
+When handling legacy unicast queries, ensure that the source IP is
+inside a subnet on the local link, otherwise drop the packet.
+
+Fixes #145
+Fixes #203
+CVE-2017-6519
+CVE-2018-1000845
+---
+ avahi-core/server.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index a2cb19a8..a2580e38 100644
+--- a/avahi-core/server.c
++++ b/avahi-core/server.c
+@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+ 
+     if (avahi_dns_packet_is_query(p)) {
+         int legacy_unicast = 0;
++        char t[AVAHI_ADDRESS_STR_MAX];
+ 
+         /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
+          * AR section completely here, so far. Until the day we add
+@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+             legacy_unicast = 1;
+         }
+ 
++        if (!is_mdns_mcast_address(dst_address) &&
++            !avahi_interface_address_on_link(i, src_address)) {
++
++            avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
++            return;
++        }
++
+         if (legacy_unicast)
+             reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
+ 
diff --git a/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch b/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
deleted file mode 100644
index 1e23c0f56..000000000
--- a/poky/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-xml2-config is disabled, so change the configure script to use pkgconfig to find
-libxml2.
-
-Upstream-Status: Inappropriate
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-Update context for version 9.10.3-P2.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-Update context for version 9.10.5-P3.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
- configure.in | 23 +++--------------------
- 1 file changed, 3 insertions(+), 20 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 4da73a4..6f2a754 100644
---- a/configure.in
-+++ b/configure.in
-@@ -2282,26 +2282,9 @@ case "$use_libxml2" in
- 		DST_LIBXML2_INC=""
- 		;;
- 	auto|yes)
--		case X`(xml2-config --version) 2>/dev/null` in
--		X2.[[6789]].*)
--			libxml2_libs=`xml2-config --libs`
--			libxml2_cflags=`xml2-config --cflags`
--			;;
--		*)
--			if test "yes" = "$use_libxml2" ; then
--				AC_MSG_RESULT(no)
--				AC_MSG_ERROR(required libxml2 version not available)
--			else
--				libxml2_libs=
--				libxml2_cflags=
--			fi
--			;;
--		esac
--		;;
--	*)
--		if test -f "$use_libxml2/bin/xml2-config" ; then
--			libxml2_libs=`$use_libxml2/bin/xml2-config --libs`
--			libxml2_cflags=`$use_libxml2/bin/xml2-config --cflags`
-+		if pkg-config --exists libxml-2.0 ; then
-+			libxml2_libs=`pkg-config libxml-2.0 --libs`
-+			libxml2_cflags=`pkg-config libxml-2.0 --cflags`
- 		fi
- 		;;
- esac
--- 
-2.1.4
-
diff --git a/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch b/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
deleted file mode 100644
index 7a2ba7eab..000000000
--- a/poky/meta/recipes-connectivity/bind/bind/CVE-2018-5740.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Upstream-Status: Backport [https://ftp.isc.org/isc/bind9/9.11.4-P1/patches/CVE-2018-5740]
-
-CVE: CVE-2018-5740
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
-diff --git a/CHANGES b/CHANGES
-index 750b600..3d8d655 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,9 @@
-+	--- 9.11.4-P1 released ---
-+
-+4997.	[security]	named could crash during recursive processing
-+			of DNAME records when "deny-answer-aliases" was
-+			in use. (CVE-2018-5740) [GL #387]
-+
- 	--- 9.11.4 released ---
- 
- 	--- 9.11.4rc2 released ---
-diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
-index 8f674a2..41d1385 100644
---- a/lib/dns/resolver.c
-+++ b/lib/dns/resolver.c
-@@ -6318,6 +6318,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
- 	unsigned int nlabels;
- 	dns_fixedname_t fixed;
- 	dns_name_t prefix;
-+	int order;
- 
- 	REQUIRE(rdataset != NULL);
- 	REQUIRE(rdataset->type == dns_rdatatype_cname ||
-@@ -6340,17 +6341,25 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
- 		tname = &cname.cname;
- 		break;
- 	case dns_rdatatype_dname:
-+		if (dns_name_fullcompare(qname, rname, &order, &nlabels) !=
-+		    dns_namereln_subdomain)
-+		{
-+			return (ISC_TRUE);
-+		}
- 		result = dns_rdata_tostruct(&rdata, &dname, NULL);
- 		RUNTIME_CHECK(result == ISC_R_SUCCESS);
- 		dns_name_init(&prefix, NULL);
- 		tname = dns_fixedname_initname(&fixed);
--		nlabels = dns_name_countlabels(qname) -
--			  dns_name_countlabels(rname);
-+		nlabels = dns_name_countlabels(rname);
- 		dns_name_split(qname, nlabels, &prefix, NULL);
- 		result = dns_name_concatenate(&prefix, &dname.dname, tname,
- 					      NULL);
--		if (result == DNS_R_NAMETOOLONG)
-+		if (result == DNS_R_NAMETOOLONG) {
-+			if (chainingp != NULL) {
-+				*chainingp = ISC_TRUE;
-+			}
- 			return (ISC_TRUE);
-+		}
- 		RUNTIME_CHECK(result == ISC_R_SUCCESS);
- 		break;
- 	default:
-@@ -7071,7 +7080,9 @@ answer_response(fetchctx_t *fctx) {
- 		}
- 		if ((ardataset->type == dns_rdatatype_cname ||
- 		     ardataset->type == dns_rdatatype_dname) &&
--		     !is_answertarget_allowed(fctx, qname, aname, ardataset,
-+		    type != ardataset->type &&
-+		    type != dns_rdatatype_any &&
-+		    !is_answertarget_allowed(fctx, qname, aname, ardataset,
- 					      NULL))
- 		{
- 			return (DNS_R_SERVFAIL);
diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.5.bb
index cb4a21a9a..67672792b 100644
--- a/poky/meta/recipes-connectivity/bind/bind_9.11.4.bb
+++ b/poky/meta/recipes-connectivity/bind/bind_9.11.5.bb
@@ -20,14 +20,14 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
            file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
            file://0001-avoid-start-failure-with-bind-user.patch \
-           file://CVE-2018-5740.patch \
 "
 
-SRC_URI[md5sum] = "9b4834d78f30cdb796ce437262272a36"
-SRC_URI[sha256sum] = "595070b031f869f8939656b5a5d11b121211967f15f6afeafa895df745279617"
+SRC_URI[md5sum] = "17a0d02102117c9a221e857cf2cc8157"
+SRC_URI[sha256sum] = "a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
 UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/"
+RECIPE_NO_UPDATE_REASON = "9.11 is LTS 2021"
 
 inherit autotools update-rc.d systemd useradd pkgconfig multilib_script
 
@@ -73,8 +73,6 @@ do_install_prepend() {
 
 do_install_append() {
 
-	rm "${D}${bindir}/nslookup"
-	rm "${D}${mandir}/man1/nslookup.1"
 	rmdir "${D}${localstatedir}/run"
 	rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
 	install -d -o bind "${D}${localstatedir}/cache/bind"
@@ -118,8 +116,12 @@ CONFFILES_${PN} = " \
 	${sysconfdir}/bind/db.root \
 	"
 
+ALTERNATIVE_${PN}-utils = "nslookup"
+ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
+ALTERNATIVE_PRIORITY = "100"
+
 PACKAGE_BEFORE_PN += "${PN}-utils"
-FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig"
+FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
 FILES_${PN}-dev += "${bindir}/isc-config.h"
 FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
 
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5.inc b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
index edb44b22a..aaf2af975 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -41,7 +41,7 @@ PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
 PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
 PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
 PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
-PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c"
+PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell"
 PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell"
 
 SRC_URI = "\
@@ -53,6 +53,7 @@ SRC_URI = "\
     file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
     file://0001-test-gatt-Fix-hung-issue.patch \
     file://0001-Makefile.am-Fix-a-race-issue-for-tools.patch \
+    file://CVE-2018-10910.patch \
 "
 S = "${WORKDIR}/bluez-${PV}"
 
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch
new file mode 100644
index 000000000..b4b1846c4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/CVE-2018-10910.patch
@@ -0,0 +1,705 @@
+A bug in Bluez may allow for the Bluetooth Discoverable state being set to on
+when no Bluetooth agent is registered with the system. This situation could
+lead to the unauthorized pairing of certain Bluetooth devices without any
+form of authentication.
+
+CVE: CVE-2018-10910
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Subject:    [PATCH BlueZ 1/4] client: Add discoverable-timeout command
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-25 10:20:32
+Message-ID: 20180725102035.19439-1-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This adds discoverable-timeout command which can be used to get/set
+DiscoverableTimeout property:
+
+[bluetooth]# discoverable-timeout 180
+Changing discoverable-timeout 180 succeeded
+---
+ client/main.c | 43 +++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 43 insertions(+)
+
+diff --git a/client/main.c b/client/main.c
+index 87323d8f7..59820c6d9 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1061,6 +1061,47 @@ static void cmd_discoverable(int argc, char *argv[])
+ 	return bt_shell_noninteractive_quit(EXIT_FAILURE);
+ }
+ 
++static void cmd_discoverable_timeout(int argc, char *argv[])
++{
++	uint32_t value;
++	char *endptr = NULL;
++	char *str;
++
++	if (argc < 2) {
++		DBusMessageIter iter;
++
++		if (!g_dbus_proxy_get_property(default_ctrl->proxy,
++					"DiscoverableTimeout", &iter)) {
++			bt_shell_printf("Unable to get DiscoverableTimeout\n");
++			return bt_shell_noninteractive_quit(EXIT_FAILURE);
++		}
++
++		dbus_message_iter_get_basic(&iter, &value);
++
++		bt_shell_printf("DiscoverableTimeout: %d seconds\n", value);
++
++		return;
++	}
++
++	value = strtol(argv[1], &endptr, 0);
++	if (!endptr || *endptr != '\0' || value > UINT32_MAX) {
++		bt_shell_printf("Invalid argument\n");
++		return bt_shell_noninteractive_quit(EXIT_FAILURE);
++	}
++
++	str = g_strdup_printf("discoverable-timeout %d", value);
++
++	if (g_dbus_proxy_set_property_basic(default_ctrl->proxy,
++					"DiscoverableTimeout",
++					DBUS_TYPE_UINT32, &value,
++					generic_callback, str, g_free))
++		return;
++
++	g_free(str);
++
++	return bt_shell_noninteractive_quit(EXIT_FAILURE);
++}
++
+ static void cmd_agent(int argc, char *argv[])
+ {
+ 	dbus_bool_t enable;
+@@ -2549,6 +2590,8 @@ static const struct bt_shell_menu main_menu = {
+ 	{ "discoverable", "<on/off>", cmd_discoverable,
+ 					"Set controller discoverable mode",
+ 							NULL },
++	{ "discoverable-timeout", "[value]", cmd_discoverable_timeout,
++					"Set discoverable timeout", NULL },
+ 	{ "agent",        "<on/off/capability>", cmd_agent,
+ 				"Enable/disable agent with given capability",
+ 							capability_generator},
+-- 
+2.17.1
+
+Subject:    [PATCH BlueZ 2/4] client: Make show command print DiscoverableTimeout
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-25 10:20:33
+Message-ID: 20180725102035.19439-2-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+Controller XX:XX:XX:XX:XX:XX (public)
+	Name: Vudentz's T460s
+	Alias: Intel-1
+	Class: 0x004c010c
+	Powered: yes
+	Discoverable: no
+	DiscoverableTimeout: 0x00000000
+	Pairable: yes
+	UUID: Headset AG                (00001112-0000-1000-8000-00805f9b34fb)
+	UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
+	UUID: A/V Remote Control        (0000110e-0000-1000-8000-00805f9b34fb)
+	UUID: SIM Access                (0000112d-0000-1000-8000-00805f9b34fb)
+	UUID: Generic Access Profile    (00001800-0000-1000-8000-00805f9b34fb)
+	UUID: PnP Information           (00001200-0000-1000-8000-00805f9b34fb)
+	UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
+	UUID: Audio Source              (0000110a-0000-1000-8000-00805f9b34fb)
+	UUID: Audio Sink                (0000110b-0000-1000-8000-00805f9b34fb)
+	UUID: Headset                   (00001108-0000-1000-8000-00805f9b34fb)
+	Modalias: usb:v1D6Bp0246d0532
+	Discovering: no
+---
+ client/main.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/client/main.c b/client/main.c
+index 59820c6d9..6f472d050 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -877,6 +877,7 @@ static void cmd_show(int argc, char *argv[])
+ 	print_property(proxy, "Class");
+ 	print_property(proxy, "Powered");
+ 	print_property(proxy, "Discoverable");
++	print_property(proxy, "DiscoverableTimeout");
+ 	print_property(proxy, "Pairable");
+ 	print_uuids(proxy);
+ 	print_property(proxy, "Modalias");
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 3/4] adapter: Track pending settings
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-25 10:20:34
+Message-ID: 20180725102035.19439-3-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This tracks settings being changed and in case the settings is already
+pending considered it to be done.
+---
+ src/adapter.c | 30 ++++++++++++++++++++++++++++--
+ 1 file changed, 28 insertions(+), 2 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index af340fd6e..20c20f9e9 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -196,6 +196,7 @@ struct btd_adapter {
+ 	char *name;			/* controller device name */
+ 	char *short_name;		/* controller short name */
+ 	uint32_t supported_settings;	/* controller supported settings */
++	uint32_t pending_settings;	/* pending controller settings */
+ 	uint32_t current_settings;	/* current controller settings */
+ 
+ 	char *path;			/* adapter object path */
+@@ -509,8 +510,10 @@ static void settings_changed(struct btd_adapter *adapter, uint32_t settings)
+ 	changed_mask = adapter->current_settings ^ settings;
+ 
+ 	adapter->current_settings = settings;
++	adapter->pending_settings &= ~changed_mask;
+ 
+ 	DBG("Changed settings: 0x%08x", changed_mask);
++	DBG("Pending settings: 0x%08x", adapter->pending_settings);
+ 
+ 	if (changed_mask & MGMT_SETTING_POWERED) {
+ 	        g_dbus_emit_property_changed(dbus_conn, adapter->path,
+@@ -596,10 +599,31 @@ static bool set_mode(struct btd_adapter *adapter, uint16_t opcode,
+ 							uint8_t mode)
+ {
+ 	struct mgmt_mode cp;
++	uint32_t setting = 0;
+ 
+ 	memset(&cp, 0, sizeof(cp));
+ 	cp.val = mode;
+ 
++	switch (mode) {
++	case MGMT_OP_SET_POWERED:
++		setting = MGMT_SETTING_POWERED;
++		break;
++	case MGMT_OP_SET_CONNECTABLE:
++		setting = MGMT_SETTING_CONNECTABLE;
++		break;
++	case MGMT_OP_SET_FAST_CONNECTABLE:
++		setting = MGMT_SETTING_FAST_CONNECTABLE;
++		break;
++	case MGMT_OP_SET_DISCOVERABLE:
++		setting = MGMT_SETTING_DISCOVERABLE;
++		break;
++	case MGMT_OP_SET_BONDABLE:
++		setting = MGMT_SETTING_DISCOVERABLE;
++		break;
++	}
++
++	adapter->pending_settings |= setting;
++
+ 	DBG("sending set mode command for index %u", adapter->dev_id);
+ 
+ 	if (mgmt_send(adapter->mgmt, opcode,
+@@ -2739,13 +2763,15 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
+ 	else
+ 		current_enable = FALSE;
+ 
+-	if (enable == current_enable) {
++	if (enable == current_enable || adapter->pending_settings & setting) {
+ 		g_dbus_pending_property_success(id);
+ 		return;
+ 	}
+ 
+ 	mode = (enable == TRUE) ? 0x01 : 0x00;
+ 
++	adapter->pending_settings |= setting;
++
+ 	switch (setting) {
+ 	case MGMT_SETTING_POWERED:
+ 		opcode = MGMT_OP_SET_POWERED;
+@@ -2798,7 +2824,7 @@ static void property_set_mode(struct btd_adapter *adapter, uint32_t setting,
+ 	data->id = id;
+ 
+ 	if (mgmt_send(adapter->mgmt, opcode, adapter->dev_id, len, param,
+-				property_set_mode_complete, data, g_free) > 0)
++			property_set_mode_complete, data, g_free) > 0)
+ 		return;
+ 
+ 	g_free(data);
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 4/4] adapter: Check pending when setting DiscoverableTimeout
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-25 10:20:35
+Message-ID: 20180725102035.19439-4-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This makes DiscoverableTimeout check if discoverable is already pending
+and don't attempt to set it once again which may cause discoverable to
+be re-enabled when in fact the application just want to set the timeout
+alone.
+---
+ src/adapter.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index 20c20f9e9..f92c897c7 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -2901,6 +2901,7 @@ static void property_set_discoverable_timeout(
+ 				GDBusPendingPropertySet id, void *user_data)
+ {
+ 	struct btd_adapter *adapter = user_data;
++	bool enabled;
+ 	dbus_uint32_t value;
+ 
+ 	dbus_message_iter_get_basic(iter, &value);
+@@ -2914,8 +2915,19 @@ static void property_set_discoverable_timeout(
+ 	g_dbus_emit_property_changed(dbus_conn, adapter->path,
+ 				ADAPTER_INTERFACE, "DiscoverableTimeout");
+ 
++	if (adapter->pending_settings & MGMT_SETTING_DISCOVERABLE) {
++		if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++			enabled = false;
++		else
++			enabled = true;
++	} else {
++		if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++			enabled = true;
++		else
++			enabled = false;
++	}
+ 
+-	if (adapter->current_settings & MGMT_SETTING_DISCOVERABLE)
++	if (enabled)
+ 		set_discoverable(adapter, 0x01, adapter->discoverable_timeout);
+ }
+ 
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 1/5] doc/adapter-api: Add Discoverable option to SetDiscoveryFilter
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-26 14:17:19
+Message-ID: 20180726141723.20199-1-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This enables the client to set its discoverable setting while
+discovering which is very typical situation as usually the setings
+application would allow incoming pairing request while scanning, so
+this would reduce the number of calls setting Discoverable and
+DiscoverableTimeout and restoring after done with discovery.
+---
+ doc/adapter-api.txt | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/doc/adapter-api.txt b/doc/adapter-api.txt
+index d14d0ca50..4791af2c7 100644
+--- a/doc/adapter-api.txt
++++ b/doc/adapter-api.txt
+@@ -113,6 +113,12 @@ Methods		void StartDiscovery()
+ 				generated for either ManufacturerData and
+ 				ServiceData everytime they are discovered.
+ 
++			bool Discoverable (Default: false)
++
++				Make adapter discoverable while discovering,
++				if the adapter is already discoverable this
++				setting this filter won't do anything.
++
+ 			When discovery filter is set, Device objects will be
+ 			created as new devices with matching criteria are
+ 			discovered regardless of they are connectable or
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 2/5] adapter: Discovery filter discoverable
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-26 14:17:20
+Message-ID: 20180726141723.20199-2-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This implements the discovery filter discoverable and tracks which
+clients had enabled it and restores the settings when the last client
+enabling it exits.
+---
+ src/adapter.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 54 insertions(+), 2 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index f92c897c7..bd9edddc6 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -157,6 +157,7 @@ struct discovery_filter {
+ 	int16_t rssi;
+ 	GSList *uuids;
+ 	bool duplicate;
++	bool discoverable;
+ };
+ 
+ struct watch_client {
+@@ -214,6 +215,7 @@ struct btd_adapter {
+ 
+ 	bool discovering;		/* discovering property state */
+ 	bool filtered_discovery;	/* we are doing filtered discovery */
++	bool filtered_discoverable;	/* we are doing filtered discovery */
+ 	bool no_scan_restart_delay;	/* when this flag is set, restart scan
+ 					 * without delay */
+ 	uint8_t discovery_type;		/* current active discovery type */
+@@ -1842,6 +1844,16 @@ static void discovery_free(void *user_data)
+ 	g_free(client);
+ }
+ 
++static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable)
++{
++	if (adapter->filtered_discoverable == enable)
++		return true;
++
++	adapter->filtered_discoverable = enable;
++
++	return set_discoverable(adapter, enable, 0);
++}
++
+ static void discovery_remove(struct watch_client *client)
+ {
+ 	struct btd_adapter *adapter = client->adapter;
+@@ -1854,6 +1866,22 @@ static void discovery_remove(struct watch_client *client)
+ 	adapter->discovery_list = g_slist_remove(adapter->discovery_list,
+ 								client);
+ 
++	if (adapter->filtered_discoverable &&
++			client->discovery_filter->discoverable) {
++		GSList *l;
++
++		for (l = adapter->discovery_list; l; l = g_slist_next(l)) {
++			struct watch_client *client = l->data;
++
++			if (client->discovery_filter->discoverable)
++				break;
++		}
++
++		/* Disable filtered discoverable if there are no clients */
++		if (!l)
++			set_filtered_discoverable(adapter, false);
++	}
++
+ 	discovery_free(client);
+ 
+ 	/*
+@@ -2224,6 +2252,15 @@ static DBusMessage *start_discovery(DBusConnection *conn,
+ 					     adapter->set_filter_list, client);
+ 		adapter->discovery_list = g_slist_prepend(
+ 					      adapter->discovery_list, client);
++
++		/* Reset discoverable filter if already set */
++		if (adapter->current_settings & MGMT_OP_SET_DISCOVERABLE)
++			goto done;
++
++		/* Set discoverable if filter requires and it*/
++		if (client->discovery_filter->discoverable)
++			set_filtered_discoverable(adapter, true);
++
+ 		goto done;
+ 	}
+ 
+@@ -2348,6 +2385,17 @@ static bool parse_duplicate_data(DBusMessageIter *value,
+ 	return true;
+ }
+ 
++static bool parse_discoverable(DBusMessageIter *value,
++					struct discovery_filter *filter)
++{
++	if (dbus_message_iter_get_arg_type(value) != DBUS_TYPE_BOOLEAN)
++		return false;
++
++	dbus_message_iter_get_basic(value, &filter->discoverable);
++
++	return true;
++}
++
+ struct filter_parser {
+ 	const char *name;
+ 	bool (*func)(DBusMessageIter *iter, struct discovery_filter *filter);
+@@ -2357,6 +2405,7 @@ struct filter_parser {
+ 	{ "Pathloss", parse_pathloss },
+ 	{ "Transport", parse_transport },
+ 	{ "DuplicateData", parse_duplicate_data },
++	{ "Discoverable", parse_discoverable },
+ 	{ }
+ };
+ 
+@@ -2396,6 +2445,7 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter,
+ 	(*filter)->rssi = DISTANCE_VAL_INVALID;
+ 	(*filter)->type = get_scan_type(adapter);
+ 	(*filter)->duplicate = false;
++	(*filter)->discoverable = false;
+ 
+ 	dbus_message_iter_init(msg, &iter);
+ 	if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY ||
+@@ -2441,8 +2491,10 @@ static bool parse_discovery_filter_dict(struct btd_adapter *adapter,
+ 		goto invalid_args;
+ 
+ 	DBG("filtered discovery params: transport: %d rssi: %d pathloss: %d "
+-		" duplicate data: %s ", (*filter)->type, (*filter)->rssi,
+-		(*filter)->pathloss, (*filter)->duplicate ? "true" : "false");
++		" duplicate data: %s discoverable %s", (*filter)->type,
++		(*filter)->rssi, (*filter)->pathloss,
++		(*filter)->duplicate ? "true" : "false",
++		(*filter)->discoverable ? "true" : "false");
+ 
+ 	return true;
+ 
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 3/5] client: Add scan.discoverable command
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-26 14:17:21
+Message-ID: 20180726141723.20199-3-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This adds discoverable command to scan menu which can be used to set
+if adapter should become discoverable while scanning:
+
+[bluetooth]# scan.discoverable on
+[bluetooth]# scan on
+SetDiscoveryFilter success
+[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: yes
+Discovery started
+[CHG] Controller XX:XX:XX:XX:XX:XX Discovering: yes
+[bluetooth]# scan off
+Discovery stopped
+[CHG] Controller XX:XX:XX:XX:XX:XX Discoverable: no
+---
+ client/main.c | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)
+
+diff --git a/client/main.c b/client/main.c
+index 6f472d050..6e6f6d2fb 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1166,6 +1166,7 @@ static struct set_discovery_filter_args {
+ 	char **uuids;
+ 	size_t uuids_len;
+ 	dbus_bool_t duplicate;
++	dbus_bool_t discoverable;
+ 	bool set;
+ } filter = {
+ 	.rssi = DISTANCE_VAL_INVALID,
+@@ -1205,6 +1206,11 @@ static void set_discovery_filter_setup(DBusMessageIter *iter, void *user_data)
+ 						DBUS_TYPE_BOOLEAN,
+ 						&args->duplicate);
+ 
++	if (args->discoverable)
++		g_dbus_dict_append_entry(&dict, "Discoverable",
++						DBUS_TYPE_BOOLEAN,
++						&args->discoverable);
++
+ 	dbus_message_iter_close_container(iter, &dict);
+ }
+ 
+@@ -1362,6 +1368,26 @@ static void cmd_scan_filter_duplicate_data(int argc, char *argv[])
+ 	filter.set = false;
+ }
+ 
++static void cmd_scan_filter_discoverable(int argc, char *argv[])
++{
++	if (argc < 2 || !strlen(argv[1])) {
++		bt_shell_printf("Discoverable: %s\n",
++				filter.discoverable ? "on" : "off");
++		return bt_shell_noninteractive_quit(EXIT_SUCCESS);
++	}
++
++	if (!strcmp(argv[1], "on"))
++		filter.discoverable = true;
++	else if (!strcmp(argv[1], "off"))
++		filter.discoverable = false;
++	else {
++		bt_shell_printf("Invalid option: %s\n", argv[1]);
++		return bt_shell_noninteractive_quit(EXIT_FAILURE);
++	}
++
++	filter.set = false;
++}
++
+ static void filter_clear_uuids(void)
+ {
+ 	g_strfreev(filter.uuids);
+@@ -2510,6 +2536,9 @@ static const struct bt_shell_menu scan_menu = {
+ 	{ "duplicate-data", "[on/off]", cmd_scan_filter_duplicate_data,
+ 				"Set/Get duplicate data filter",
+ 				NULL },
++	{ "discoverable", "[on/off]", cmd_scan_filter_discoverable,
++				"Set/Get discoverable filter",
++				NULL },
+ 	{ "clear", "[uuids/rssi/pathloss/transport/duplicate-data]",
+ 				cmd_scan_filter_clear,
+ 				"Clears discovery filter.",
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 4/5] client: Add scan.clear discoverable
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-26 14:17:22
+Message-ID: 20180726141723.20199-4-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+This implements scan.clear for discoverable filter.
+---
+ client/main.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/client/main.c b/client/main.c
+index 6e6f6d2fb..1a66a3ab4 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -1416,6 +1416,11 @@ static void filter_clear_duplicate(void)
+ 	filter.duplicate = false;
+ }
+ 
++static void filter_clear_discoverable(void)
++{
++	filter.discoverable = false;
++}
++
+ struct clear_entry {
+ 	const char *name;
+ 	void (*clear) (void);
+@@ -1427,6 +1432,7 @@ static const struct clear_entry filter_clear[] = {
+ 	{ "pathloss", filter_clear_pathloss },
+ 	{ "transport", filter_clear_transport },
+ 	{ "duplicate-data", filter_clear_duplicate },
++	{ "discoverable", filter_clear_discoverable },
+ 	{}
+ };
+ 
+@@ -2539,7 +2545,8 @@ static const struct bt_shell_menu scan_menu = {
+ 	{ "discoverable", "[on/off]", cmd_scan_filter_discoverable,
+ 				"Set/Get discoverable filter",
+ 				NULL },
+-	{ "clear", "[uuids/rssi/pathloss/transport/duplicate-data]",
++	{ "clear",
++		"[uuids/rssi/pathloss/transport/duplicate-data/discoverable]",
+ 				cmd_scan_filter_clear,
+ 				"Clears discovery filter.",
+ 				filter_clear_generator },
+-- 
+2.17.1
+Subject:    [PATCH BlueZ 5/5] adapter: Fix not keeping discovery filters
+From:       Luiz Augusto von Dentz <luiz.dentz () gmail ! com>
+Date:       2018-07-26 14:17:23
+Message-ID: 20180726141723.20199-5-luiz.dentz () gmail ! com
+[Download RAW message or body]
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+If the discovery has been stopped and the client has set filters those
+should be put back into filter list since the client may still be
+interested in using them the next time it start a scanning.
+---
+ src/adapter.c | 25 ++++++++++++++++---------
+ 1 file changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/src/adapter.c b/src/adapter.c
+index bd9edddc6..822bd3472 100644
+--- a/src/adapter.c
++++ b/src/adapter.c
+@@ -1854,7 +1854,7 @@ static bool set_filtered_discoverable(struct btd_adapter *adapter, bool enable)
+ 	return set_discoverable(adapter, enable, 0);
+ }
+ 
+-static void discovery_remove(struct watch_client *client)
++static void discovery_remove(struct watch_client *client, bool exit)
+ {
+ 	struct btd_adapter *adapter = client->adapter;
+ 
+@@ -1882,7 +1882,11 @@ static void discovery_remove(struct watch_client *client)
+ 			set_filtered_discoverable(adapter, false);
+ 	}
+ 
+-	discovery_free(client);
++	if (!exit && client->discovery_filter)
++		adapter->set_filter_list = g_slist_prepend(
++					adapter->set_filter_list, client);
++	else
++		discovery_free(client);
+ 
+ 	/*
+ 	 * If there are other client discoveries in progress, then leave
+@@ -1911,8 +1915,11 @@ static void stop_discovery_complete(uint8_t status, uint16_t length,
+ 		goto done;
+ 	}
+ 
+-	if (client->msg)
++	if (client->msg) {
+ 		g_dbus_send_reply(dbus_conn, client->msg, DBUS_TYPE_INVALID);
++		dbus_message_unref(client->msg);
++		client->msg = NULL;
++	}
+ 
+ 	adapter->discovery_type = 0x00;
+ 	adapter->discovery_enable = 0x00;
+@@ -1925,7 +1932,7 @@ static void stop_discovery_complete(uint8_t status, uint16_t length,
+ 	trigger_passive_scanning(adapter);
+ 
+ done:
+-	discovery_remove(client);
++	discovery_remove(client, false);
+ }
+ 
+ static int compare_sender(gconstpointer a, gconstpointer b)
+@@ -2146,14 +2153,14 @@ static int update_discovery_filter(struct btd_adapter *adapter)
+ 	return -EINPROGRESS;
+ }
+ 
+-static int discovery_stop(struct watch_client *client)
++static int discovery_stop(struct watch_client *client, bool exit)
+ {
+ 	struct btd_adapter *adapter = client->adapter;
+ 	struct mgmt_cp_stop_discovery cp;
+ 
+ 	/* Check if there are more client discovering */
+ 	if (g_slist_next(adapter->discovery_list)) {
+-		discovery_remove(client);
++		discovery_remove(client, exit);
+ 		update_discovery_filter(adapter);
+ 		return 0;
+ 	}
+@@ -2163,7 +2170,7 @@ static int discovery_stop(struct watch_client *client)
+ 	 * and so it is enough to send out the signal and just return.
+ 	 */
+ 	if (adapter->discovery_enable == 0x00) {
+-		discovery_remove(client);
++		discovery_remove(client, exit);
+ 		adapter->discovering = false;
+ 		g_dbus_emit_property_changed(dbus_conn, adapter->path,
+ 					ADAPTER_INTERFACE, "Discovering");
+@@ -2188,7 +2195,7 @@ static void discovery_disconnect(DBusConnection *conn, void *user_data)
+ 
+ 	DBG("owner %s", client->owner);
+ 
+-	discovery_stop(client);
++	discovery_stop(client, true);
+ }
+ 
+ /*
+@@ -2586,7 +2593,7 @@ static DBusMessage *stop_discovery(DBusConnection *conn,
+ 	if (client->msg)
+ 		return btd_error_busy(msg);
+ 
+-	err = discovery_stop(client);
++	err = discovery_stop(client, false);
+ 	switch (err) {
+ 	case 0:
+ 		return dbus_message_new_method_return(msg);
+-- 
+2.17.1
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/init b/poky/meta/recipes-connectivity/bluez5/bluez5/init
index d7972f2d9..ca9fa1854 100644
--- a/poky/meta/recipes-connectivity/bluez5/bluez5/init
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/init
@@ -1,5 +1,8 @@
 #!/bin/sh
 
+# Source function library
+. /etc/init.d/functions
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 DESC=bluetooth
 
@@ -44,14 +47,7 @@ case $1 in
 	$0 start
   ;;
   status)
-	 pidof ${DAEMON} >/dev/null
-	 status=$?
-        if [ $status -eq 0 ]; then
-                 echo "bluetooth is running."
-        else
-                echo "bluetooth is not running"
-        fi
-        exit $status
+	status ${DAEMON} || exit $?
    ;;
    *)
 	N=/etc/init.d/bluetooth
diff --git a/poky/meta/recipes-connectivity/connman/connman.inc b/poky/meta/recipes-connectivity/connman/connman.inc
index 2b03f9cb0..0a117e44a 100644
--- a/poky/meta/recipes-connectivity/connman/connman.inc
+++ b/poky/meta/recipes-connectivity/connman/connman.inc
@@ -133,14 +133,14 @@ python populate_packages_prepend() {
         add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False)
     plugin_dir = d.expand('${libdir}/connman/plugins/')
     plugin_name = d.expand('${PN}-plugin-%s')
-    do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+    do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
         '${PN} plugin for %s', extra_depends='', hook=hook, prepend=True )
 
     hook = lambda file,pkg,x,y,z: \
         add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True)
     plugin_dir = d.expand('${libdir}/connman/plugins-vpn/')
     plugin_name = d.expand('${PN}-plugin-vpn-%s')
-    do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+    do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
         '${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True )
 }
 
@@ -156,7 +156,7 @@ RDEPENDS_${PN}-client ="${PN}"
 
 FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \
             ${libdir}/connman/plugins \
-            ${sysconfdir} ${sharedstatedir} ${localstatedir} \
+            ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \
             ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \
             ${datadir}/dbus-1/system-services/* \
             ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf"
diff --git a/poky/meta/recipes-connectivity/connman/connman/includes.patch b/poky/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch
index 9f7395cbb..f344fea10 100644
--- a/poky/meta/recipes-connectivity/connman/connman/includes.patch
+++ b/poky/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch
@@ -1,36 +1,43 @@
-Fix various issues which cause problems under musl.
-
-Upstream-Status: Backport [bd1326ba7d68df38c5ccaafd2403a5fb30bd452b]
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 630516bcc0233b047f65665c003201ba6e77453d Mon Sep 17 00:00:00 2001
+From 181ff3439783c6920f5211730672685a210c318f Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 16:22:36 +0100
-Subject: [PATCH 1/3] Use AC_USE_SYSTEM_EXTENSIONS
+Date: Mon, 8 Oct 2018 22:12:56 +0200
+Subject: [PATCH] Fix various issues which cause problems under musl
+
+Instead of using #define _GNU_SOURCE in some source files which causes
+problems when building with musl as more files need the define, simply
+use AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally.
 
-Instead of using #define _GNU_SOURCE in some source files which causes problems
-when building with musl as more files need the define, simply use
-AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally.
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+Upstream-Status: Backport [bd1326ba7d68df38c5ccaafd2403a5fb30bd452b]
 ---
- configure.ac       | 1 +
- gdhcp/client.c     | 1 -
- plugins/tist.c     | 1 -
- src/backtrace.c    | 1 -
- src/inet.c         | 1 -
- src/log.c          | 1 -
- src/ntp.c          | 1 -
- src/resolver.c     | 1 -
- src/rfkill.c       | 1 -
- src/stats.c        | 1 -
- src/timezone.c     | 1 -
- tools/stats-tool.c | 1 -
- tools/tap-test.c   | 1 -
- tools/wispr.c      | 1 -
- vpn/plugins/vpn.c  | 1 -
- 15 files changed, 1 insertion(+), 14 deletions(-)
+ configure.ac                 | 3 +++
+ gdhcp/client.c               | 1 -
+ gdhcp/common.h               | 5 +++--
+ gweb/gresolv.c               | 1 +
+ plugins/tist.c               | 1 -
+ plugins/wifi.c               | 3 +--
+ src/backtrace.c              | 1 -
+ src/inet.c                   | 1 -
+ src/ippool.c                 | 1 -
+ src/iptables.c               | 2 +-
+ src/log.c                    | 1 -
+ src/ntp.c                    | 1 -
+ src/resolver.c               | 1 -
+ src/rfkill.c                 | 1 -
+ src/stats.c                  | 1 -
+ src/tethering.c              | 2 --
+ src/timezone.c               | 1 -
+ tools/dhcp-test.c            | 1 -
+ tools/dnsproxy-test.c        | 1 +
+ tools/private-network-test.c | 2 +-
+ tools/stats-tool.c           | 1 -
+ tools/tap-test.c             | 3 +--
+ tools/wispr.c                | 1 -
+ vpn/plugins/vpn.c            | 1 -
+ 24 files changed, 12 insertions(+), 25 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 6e66ab3..bacf5ec 100644
+index 39745f76..984126c2 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -20,6 +20,7 @@ AC_SUBST(abs_top_srcdir)
@@ -41,8 +48,17 @@ index 6e66ab3..bacf5ec 100644
  
  AC_PROG_CC
  AM_PROG_CC_C_O
+@@ -185,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
+ AC_CHECK_HEADERS([execinfo.h])
+ AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"])
+ 
++AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]])
++
+ AC_CHECK_FUNC(signalfd, dummy=yes,
+ 			AC_MSG_ERROR(signalfd support is required))
+ 
 diff --git a/gdhcp/client.c b/gdhcp/client.c
-index fbb40ab..3aeb089 100644
+index 67357782..c7db76f0 100644
 --- a/gdhcp/client.c
 +++ b/gdhcp/client.c
 @@ -23,7 +23,6 @@
@@ -53,8 +69,43 @@ index fbb40ab..3aeb089 100644
  #include <stdio.h>
  #include <errno.h>
  #include <unistd.h>
+diff --git a/gdhcp/common.h b/gdhcp/common.h
+index 75abc183..6899499e 100644
+--- a/gdhcp/common.h
++++ b/gdhcp/common.h
+@@ -19,6 +19,7 @@
+  *
+  */
+ 
++#include <config.h>
+ #include <netinet/udp.h>
+ #include <netinet/ip.h>
+ 
+@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths[] = {
+ 	[OPTION_U32]	= 4,
+ };
+ 
+-/* already defined within netinet/in.h if using GNU compiler */
+-#ifndef __USE_GNU
++/* already defined within netinet/in.h if using glibc or musl */
++#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR
+ struct in6_pktinfo {
+ 	struct in6_addr ipi6_addr;  /* src/dst IPv6 address */
+ 	unsigned int ipi6_ifindex;  /* send/recv interface index */
+diff --git a/gweb/gresolv.c b/gweb/gresolv.c
+index 81c79b6c..b06f8932 100644
+--- a/gweb/gresolv.c
++++ b/gweb/gresolv.c
+@@ -29,6 +29,7 @@
+ #include <string.h>
+ #include <stdlib.h>
+ #include <resolv.h>
++#include <stdio.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <netdb.h>
 diff --git a/plugins/tist.c b/plugins/tist.c
-index ad5ef79..cc2800a 100644
+index ad5ef79e..cc2800a1 100644
 --- a/plugins/tist.c
 +++ b/plugins/tist.c
 @@ -23,7 +23,6 @@
@@ -65,8 +116,23 @@ index ad5ef79..cc2800a 100644
  #include <stdio.h>
  #include <stdbool.h>
  #include <stdlib.h>
+diff --git a/plugins/wifi.c b/plugins/wifi.c
+index dc08c6af..46e4cca4 100644
+--- a/plugins/wifi.c
++++ b/plugins/wifi.c
+@@ -30,9 +30,8 @@
+ #include <string.h>
+ #include <sys/ioctl.h>
+ #include <sys/socket.h>
+-#include <linux/if_arp.h>
+-#include <linux/wireless.h>
+ #include <net/ethernet.h>
++#include <linux/wireless.h>
+ 
+ #ifndef IFF_LOWER_UP
+ #define IFF_LOWER_UP	0x10000
 diff --git a/src/backtrace.c b/src/backtrace.c
-index 6a66c0a..4dbdda8 100644
+index e8d7f432..bede6698 100644
 --- a/src/backtrace.c
 +++ b/src/backtrace.c
 @@ -24,7 +24,6 @@
@@ -78,7 +144,7 @@ index 6a66c0a..4dbdda8 100644
  #include <unistd.h>
  #include <stdlib.h>
 diff --git a/src/inet.c b/src/inet.c
-index 69ded19..81d92c2 100644
+index a31372b5..a58ce7c1 100644
 --- a/src/inet.c
 +++ b/src/inet.c
 @@ -25,7 +25,6 @@
@@ -89,8 +155,33 @@ index 69ded19..81d92c2 100644
  #include <stdio.h>
  #include <errno.h>
  #include <unistd.h>
+diff --git a/src/ippool.c b/src/ippool.c
+index cea1dccd..8a645da2 100644
+--- a/src/ippool.c
++++ b/src/ippool.c
+@@ -28,7 +28,6 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <unistd.h>
+-#include <sys/errno.h>
+ #include <sys/socket.h>
+ 
+ #include "connman.h"
+diff --git a/src/iptables.c b/src/iptables.c
+index f3670e77..469effed 100644
+--- a/src/iptables.c
++++ b/src/iptables.c
+@@ -28,7 +28,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <unistd.h>
+-#include <sys/errno.h>
++#include <errno.h>
+ #include <sys/socket.h>
+ #include <xtables.h>
+ #include <inttypes.h>
 diff --git a/src/log.c b/src/log.c
-index 9bae4a3..f7e82e5 100644
+index 9bae4a3d..f7e82e5d 100644
 --- a/src/log.c
 +++ b/src/log.c
 @@ -23,7 +23,6 @@
@@ -102,7 +193,7 @@ index 9bae4a3..f7e82e5 100644
  #include <unistd.h>
  #include <stdarg.h>
 diff --git a/src/ntp.c b/src/ntp.c
-index dd246eb..db8ae96 100644
+index 51ba9aac..724ca188 100644
 --- a/src/ntp.c
 +++ b/src/ntp.c
 @@ -23,7 +23,6 @@
@@ -114,7 +205,7 @@ index dd246eb..db8ae96 100644
  #include <fcntl.h>
  #include <unistd.h>
 diff --git a/src/resolver.c b/src/resolver.c
-index fbe4be7..ef61f92 100644
+index 76f0a8e1..10121aa5 100644
 --- a/src/resolver.c
 +++ b/src/resolver.c
 @@ -23,7 +23,6 @@
@@ -126,7 +217,7 @@ index fbe4be7..ef61f92 100644
  #include <errno.h>
  #include <fcntl.h>
 diff --git a/src/rfkill.c b/src/rfkill.c
-index 2bfb092..af49d12 100644
+index d9bed4d2..b2514c41 100644
 --- a/src/rfkill.c
 +++ b/src/rfkill.c
 @@ -23,7 +23,6 @@
@@ -138,7 +229,7 @@ index 2bfb092..af49d12 100644
  #include <errno.h>
  #include <fcntl.h>
 diff --git a/src/stats.c b/src/stats.c
-index 26343b1..cfcdc94 100644
+index 663bc382..c9ddc2e8 100644
 --- a/src/stats.c
 +++ b/src/stats.c
 @@ -23,7 +23,6 @@
@@ -149,8 +240,21 @@ index 26343b1..cfcdc94 100644
  #include <errno.h>
  #include <sys/mman.h>
  #include <sys/types.h>
+diff --git a/src/tethering.c b/src/tethering.c
+index 4b202369..f3cb36f4 100644
+--- a/src/tethering.c
++++ b/src/tethering.c
+@@ -34,8 +34,6 @@
+ #include <string.h>
+ #include <fcntl.h>
+ #include <netinet/in.h>
+-#include <linux/sockios.h>
+-#include <linux/if_tun.h>
+ #include <linux/if_bridge.h>
+ 
+ #include "connman.h"
 diff --git a/src/timezone.c b/src/timezone.c
-index e346b11..8e91267 100644
+index e346b11a..8e912670 100644
 --- a/src/timezone.c
 +++ b/src/timezone.c
 @@ -23,7 +23,6 @@
@@ -161,210 +265,8 @@ index e346b11..8e91267 100644
  #include <errno.h>
  #include <stdio.h>
  #include <fcntl.h>
-diff --git a/tools/stats-tool.c b/tools/stats-tool.c
-index b076478..428d94b 100644
---- a/tools/stats-tool.c
-+++ b/tools/stats-tool.c
-@@ -22,7 +22,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <sys/mman.h>
- #include <sys/types.h>
- #include <sys/stat.h>
-diff --git a/tools/tap-test.c b/tools/tap-test.c
-index fdc098a..57917f5 100644
---- a/tools/tap-test.c
-+++ b/tools/tap-test.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/tools/wispr.c b/tools/wispr.c
-index d5f9341..e56dfc1 100644
---- a/tools/wispr.c
-+++ b/tools/wispr.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <fcntl.h>
- #include <unistd.h>
-diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
-index 9a42385..479c3a7 100644
---- a/vpn/plugins/vpn.c
-+++ b/vpn/plugins/vpn.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <string.h>
- #include <fcntl.h>
- #include <unistd.h>
--- 
-2.8.1
-
-
-From b8b7878e6cb2a1ed4fcfa256f7e232511a40e3d9 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 15:37:50 +0100
-Subject: [PATCH 2/3] Check for in6_pktinfo.ipi6_addr explicitly
-
-Instead of assuming that just glibc has this structure, check for it at
-configure as musl also has it.
-
-Based on work by Khem Raj <raj.khem@gmail.com>.
----
- configure.ac   | 2 ++
- gdhcp/common.h | 5 +++--
- 2 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index bacf5ec..ad00456 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -186,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
- AC_CHECK_HEADERS([execinfo.h])
- AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"])
- 
-+AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]])
-+
- AC_CHECK_FUNC(signalfd, dummy=yes,
- 			AC_MSG_ERROR(signalfd support is required))
- 
-diff --git a/gdhcp/common.h b/gdhcp/common.h
-index 75abc18..6899499 100644
---- a/gdhcp/common.h
-+++ b/gdhcp/common.h
-@@ -19,6 +19,7 @@
-  *
-  */
- 
-+#include <config.h>
- #include <netinet/udp.h>
- #include <netinet/ip.h>
- 
-@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths[] = {
- 	[OPTION_U32]	= 4,
- };
- 
--/* already defined within netinet/in.h if using GNU compiler */
--#ifndef __USE_GNU
-+/* already defined within netinet/in.h if using glibc or musl */
-+#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR
- struct in6_pktinfo {
- 	struct in6_addr ipi6_addr;  /* src/dst IPv6 address */
- 	unsigned int ipi6_ifindex;  /* send/recv interface index */
--- 
-2.8.1
-
-
-From c0726e432fa0274a2b9c70179b03df6720972816 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 15:19:23 +0100
-Subject: [PATCH 3/3] Rationalise includes
-
-gweb/gresolv.c uses snprintf() and isspace() so it should include stdio.h and
-ctype.h.
-
-tools/dnsproxy-test uses functions from stdio.h.
-
-musl warns when sys/ headers are included when the non-sys form should be used,
-so switch sys/errno.h and so on to errno.h.
-
-musl also causes redefinition errors when pieces of the networking headers are
-included, so remove the redundant includes.
-
-Based on work by Khem Raj <raj.khem@gmail.com>.
----
- gweb/gresolv.c               | 2 ++
- plugins/wifi.c               | 3 +--
- src/ippool.c                 | 1 -
- src/iptables.c               | 2 +-
- src/tethering.c              | 2 --
- tools/dhcp-test.c            | 1 -
- tools/dnsproxy-test.c        | 1 +
- tools/private-network-test.c | 2 +-
- tools/tap-test.c             | 2 +-
- 9 files changed, 7 insertions(+), 9 deletions(-)
-
-diff --git a/gweb/gresolv.c b/gweb/gresolv.c
-index 8a51a9f..d55027c 100644
---- a/gweb/gresolv.c
-+++ b/gweb/gresolv.c
-@@ -29,6 +29,7 @@
- #include <string.h>
- #include <stdlib.h>
- #include <resolv.h>
-+#include <stdio.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <netdb.h>
-diff --git a/plugins/wifi.c b/plugins/wifi.c
-index 9d56671..148131d 100644
---- a/plugins/wifi.c
-+++ b/plugins/wifi.c
-@@ -30,9 +30,8 @@
- #include <string.h>
- #include <sys/ioctl.h>
- #include <sys/socket.h>
--#include <linux/if_arp.h>
--#include <linux/wireless.h>
- #include <net/ethernet.h>
-+#include <linux/wireless.h>
- 
- #ifndef IFF_LOWER_UP
- #define IFF_LOWER_UP	0x10000
-diff --git a/src/ippool.c b/src/ippool.c
-index cea1dcc..8a645da 100644
---- a/src/ippool.c
-+++ b/src/ippool.c
-@@ -28,7 +28,6 @@
- #include <stdio.h>
- #include <string.h>
- #include <unistd.h>
--#include <sys/errno.h>
- #include <sys/socket.h>
- 
- #include "connman.h"
-diff --git a/src/iptables.c b/src/iptables.c
-index 5ef757a..82e3ac4 100644
---- a/src/iptables.c
-+++ b/src/iptables.c
-@@ -28,7 +28,7 @@
- #include <stdio.h>
- #include <string.h>
- #include <unistd.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <sys/socket.h>
- #include <xtables.h>
- #include <inttypes.h>
-diff --git a/src/tethering.c b/src/tethering.c
-index 3153349..ad062d5 100644
---- a/src/tethering.c
-+++ b/src/tethering.c
-@@ -31,10 +31,8 @@
- #include <stdio.h>
- #include <sys/ioctl.h>
- #include <net/if.h>
--#include <linux/sockios.h>
- #include <string.h>
- #include <fcntl.h>
--#include <linux/if_tun.h>
- #include <netinet/in.h>
- #include <linux/if_bridge.h>
- 
 diff --git a/tools/dhcp-test.c b/tools/dhcp-test.c
-index c34e10a..eae66fc 100644
+index c34e10a8..eae66fc2 100644
 --- a/tools/dhcp-test.c
 +++ b/tools/dhcp-test.c
 @@ -33,7 +33,6 @@
@@ -376,7 +278,7 @@ index c34e10a..eae66fc 100644
  #include <gdhcp/gdhcp.h>
  
 diff --git a/tools/dnsproxy-test.c b/tools/dnsproxy-test.c
-index 551cae9..371e2e2 100644
+index 551cae91..371e2e23 100644
 --- a/tools/dnsproxy-test.c
 +++ b/tools/dnsproxy-test.c
 @@ -24,6 +24,7 @@
@@ -388,7 +290,7 @@ index 551cae9..371e2e2 100644
  #include <string.h>
  #include <unistd.h>
 diff --git a/tools/private-network-test.c b/tools/private-network-test.c
-index 3dd115b..2828bb3 100644
+index 3dd115ba..2828bb30 100644
 --- a/tools/private-network-test.c
 +++ b/tools/private-network-test.c
 @@ -32,7 +32,7 @@
@@ -400,11 +302,29 @@ index 3dd115b..2828bb3 100644
  #include <sys/signalfd.h>
  #include <unistd.h>
  
+diff --git a/tools/stats-tool.c b/tools/stats-tool.c
+index efa39de2..5695048f 100644
+--- a/tools/stats-tool.c
++++ b/tools/stats-tool.c
+@@ -22,7 +22,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <sys/mman.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
 diff --git a/tools/tap-test.c b/tools/tap-test.c
-index 57917f5..cb3ee62 100644
+index fdc098aa..cb3ee622 100644
 --- a/tools/tap-test.c
 +++ b/tools/tap-test.c
-@@ -28,7 +28,7 @@
+@@ -23,13 +23,12 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
  #include <fcntl.h>
  #include <unistd.h>
  #include <string.h>
@@ -413,5 +333,30 @@ index 57917f5..cb3ee62 100644
  #include <sys/ioctl.h>
  
  #include <netinet/in.h>
+diff --git a/tools/wispr.c b/tools/wispr.c
+index d5f9341f..e56dfc16 100644
+--- a/tools/wispr.c
++++ b/tools/wispr.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
+index 10548aaf..6e3f640c 100644
+--- a/vpn/plugins/vpn.c
++++ b/vpn/plugins/vpn.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <string.h>
+ #include <fcntl.h>
+ #include <unistd.h>
 -- 
-2.8.1
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch b/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch
deleted file mode 100644
index f9080d4ba..000000000
--- a/poky/meta/recipes-connectivity/connman/connman/0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 929fc9b7068100444e0ffcccd25841f78791e619 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Fri, 15 Sep 2017 06:40:08 -0400
-Subject: [PATCH] gweb: Fix a crash using wispr over TLS
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-When gnutls_channel is instantiated, the gnutls_channel->established
-has to be initiated as FALSE. Otherwise, check_handshake function
-won't work. A random initial value 1 of gnutls_channel->established
-will make check_handshake return G_IO_STATUS_NORMAL, when the channel
-is actually not ready to be used. The observed behaviours are,
-
-- wispr is getting random errors in wispr_portal_web_result
-- ConnMan crashes on exit after those random errors
-- when wispr is luckly working, ConnMan doesn't crash on exit
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=73e53f3bd9e7debae86341f1eee7b97862a56a5e]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- gweb/giognutls.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/gweb/giognutls.c b/gweb/giognutls.c
-index 09dc9e7..c029a8b 100644
---- a/gweb/giognutls.c
-+++ b/gweb/giognutls.c
-@@ -421,7 +421,7 @@ GIOChannel *g_io_channel_gnutls_new(int fd)
- 
- 	DBG("");
- 
--	gnutls_channel = g_new(GIOGnuTLSChannel, 1);
-+	gnutls_channel = g_new0(GIOGnuTLSChannel, 1);
- 
- 	channel = (GIOChannel *) gnutls_channel;
- 
--- 
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch b/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch
deleted file mode 100644
index dd7b35674..000000000
--- a/poky/meta/recipes-connectivity/connman/connman/0001-inet-Add-prefixlen-to-iproute_default_function.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 508dc60a1f0758ebc586b6b086478a176d493086 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Thu, 5 Oct 2017 09:34:41 +0100
-Subject: [PATCH 1/4] inet: Add prefixlen to iproute_default_function
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-Add prefixlen parameter to this function in preparation for using
-it also in creating subnet route later, e.g.
-
-default via 192.168.100.1 dev eth0
-192.168.100.0/24 dev eth0
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=edda5b695de2ee79f02314abc9b46fdd46b388e1]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/inet.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/inet.c b/src/inet.c
-index b887aa0..ab8aec8 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -2796,7 +2796,7 @@ int __connman_inet_del_fwmark_rule(uint32_t table_id, int family, uint32_t fwmar
- }
- 
- static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
--			const char *gateway)
-+			const char *gateway, unsigned char prefixlen)
- {
- 	struct __connman_inet_rtnl_handle rth;
- 	unsigned char buf[sizeof(struct in6_addr)];
-@@ -2829,6 +2829,7 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- 	rth.req.u.r.rt.rtm_protocol = RTPROT_BOOT;
- 	rth.req.u.r.rt.rtm_scope = RT_SCOPE_UNIVERSE;
- 	rth.req.u.r.rt.rtm_type = RTN_UNICAST;
-+	rth.req.u.r.rt.rtm_dst_len = prefixlen;
- 
- 	__connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), RTA_GATEWAY,
- 								buf, len);
-@@ -2860,7 +2861,7 @@ int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex,
- {
- 	/* ip route add default via 1.2.3.4 dev wlan0 table 1234 */
- 
--	return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway);
-+	return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, 0);
- }
- 
- int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
-@@ -2868,7 +2869,7 @@ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
- {
- 	/* ip route del default via 1.2.3.4 dev wlan0 table 1234 */
- 
--	return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway);
-+	return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, 0);
- }
- 
- int __connman_inet_get_interface_ll_address(int index, int family,
--- 
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch b/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch
deleted file mode 100644
index f1b4d0aaa..000000000
--- a/poky/meta/recipes-connectivity/connman/connman/0001-session-Keep-track-of-addr-in-fw_snat-session.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From b5fd5945886fa1845db5c969424b63d894fe0376 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Fri, 25 Aug 2017 10:02:16 -0400
-Subject: [PATCH 1/2] session: Keep track of addr in fw_snat & session
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-When there is more than one session in fw_snat's list of sessions,
-fw_snat failed to be re-created when update-session-state is triggered
-with new IP address. This is because index alone is not sufficient to
-decide if fw_snat needs to be re-created. The solution here is to keep
-a track of IP addr and use it to avoid false lookup of fw_snat.
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=f9e27d4abfcab5c80a38e0850b5ddb26277f97c1]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/session.c | 19 +++++++++++++++----
- 1 file changed, 15 insertions(+), 4 deletions(-)
-
-diff --git a/src/session.c b/src/session.c
-index 9e3c559..965ac06 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -65,6 +65,7 @@ struct connman_session {
- 	struct firewall_context *fw;
- 	uint32_t mark;
- 	int index;
-+	char *addr;
- 	char *gateway;
- 	bool policy_routing;
- 	bool snat_enabled;
-@@ -79,6 +80,7 @@ struct fw_snat {
- 	GSList *sessions;
- 	int id;
- 	int index;
-+	char *addr;
- 	struct firewall_context *fw;
- };
- 
-@@ -200,7 +202,7 @@ static char *service2bearer(enum connman_service_type type)
- 	return "";
- }
- 
--static struct fw_snat *fw_snat_lookup(int index)
-+static struct fw_snat *fw_snat_lookup(int index, const char *addr)
- {
- 	struct fw_snat *fw_snat;
- 	GSList *list;
-@@ -208,8 +210,11 @@ static struct fw_snat *fw_snat_lookup(int index)
- 	for (list = fw_snat_list; list; list = list->next) {
- 		fw_snat = list->data;
- 
--		if (fw_snat->index == index)
-+		if (fw_snat->index == index) {
-+			if (g_strcmp0(addr, fw_snat->addr) != 0)
-+				continue;
- 			return fw_snat;
-+		}
- 	}
- 	return NULL;
- }
-@@ -224,6 +229,7 @@ static int fw_snat_create(struct connman_session *session,
- 
- 	fw_snat->fw = __connman_firewall_create();
- 	fw_snat->index = index;
-+	fw_snat->addr = g_strdup(addr);
- 
- 	fw_snat->id = __connman_firewall_enable_snat(fw_snat->fw,
- 						index, ifname, addr);
-@@ -238,6 +244,7 @@ static int fw_snat_create(struct connman_session *session,
- 	return 0;
- err:
- 	__connman_firewall_destroy(fw_snat->fw);
-+	g_free(fw_snat->addr);
- 	g_free(fw_snat);
- 	return err;
- }
-@@ -393,7 +400,7 @@ static void del_nat_rules(struct connman_session *session)
- 		return;
- 
- 	session->snat_enabled = false;
--	fw_snat = fw_snat_lookup(session->index);
-+	fw_snat = fw_snat_lookup(session->index, session->addr);
- 
- 	if (!fw_snat)
- 		return;
-@@ -420,8 +427,11 @@ static void add_nat_rules(struct connman_session *session)
- 	if (!addr)
- 		return;
- 
-+	g_free(session->addr);
-+	session->addr = g_strdup(addr);
-+
- 	session->snat_enabled = true;
--	fw_snat = fw_snat_lookup(index);
-+	fw_snat = fw_snat_lookup(index, session->addr);
- 	if (fw_snat) {
- 		fw_snat_ref(session, fw_snat);
- 		return;
-@@ -502,6 +512,7 @@ static void free_session(struct connman_session *session)
- 	g_free(session->info);
- 	g_free(session->info_last);
- 	g_free(session->gateway);
-+	g_free(session->addr);
- 
- 	g_free(session);
- }
--- 
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch b/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch
deleted file mode 100644
index 9c953e5d5..000000000
--- a/poky/meta/recipes-connectivity/connman/connman/0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 08cda4004491d3971a8b9df937426c43800d15b1 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Thu, 5 Oct 2017 09:37:06 +0100
-Subject: [PATCH 2/4] inet: Implement subnet route creation/deletion in
- iproute_default_modify
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-- Calculate subnet address base on gateway address and prefixlen
-- Differentiate creation of routes to gateway and subnet
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=ff7dcf91f12a2a237feebc6e606d0a8e92975528]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/inet.c | 22 +++++++++++++++++++---
- 1 file changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/src/inet.c b/src/inet.c
-index ab8aec8..0ddb030 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -2802,6 +2802,9 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- 	unsigned char buf[sizeof(struct in6_addr)];
- 	int ret, len;
- 	int family = connman_inet_check_ipaddress(gateway);
-+	char *dst = NULL;
-+
-+	DBG("gateway %s/%u table %u", gateway, prefixlen, table_id);
- 
- 	switch (family) {
- 	case AF_INET:
-@@ -2814,7 +2817,19 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- 		return -EINVAL;
- 	}
- 
--	ret = inet_pton(family, gateway, buf);
-+	if (prefixlen) {
-+		struct in_addr ipv4_subnet_addr, ipv4_mask;
-+
-+		memset(&ipv4_subnet_addr, 0, sizeof(ipv4_subnet_addr));
-+		ipv4_mask.s_addr = htonl((0xffffffff << (32 - prefixlen)) & 0xffffffff);
-+		ipv4_subnet_addr.s_addr = inet_addr(gateway);
-+		ipv4_subnet_addr.s_addr &= ipv4_mask.s_addr;
-+
-+		dst = g_strdup(inet_ntoa(ipv4_subnet_addr));
-+	}
-+
-+	ret = inet_pton(family, dst ? dst : gateway, buf);
-+	g_free(dst);
- 	if (ret <= 0)
- 		return -EINVAL;
- 
-@@ -2831,8 +2846,9 @@ static int iproute_default_modify(int cmd, uint32_t table_id, int ifindex,
- 	rth.req.u.r.rt.rtm_type = RTN_UNICAST;
- 	rth.req.u.r.rt.rtm_dst_len = prefixlen;
- 
--	__connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req), RTA_GATEWAY,
--								buf, len);
-+	__connman_inet_rtnl_addattr_l(&rth.req.n, sizeof(rth.req),
-+		prefixlen > 0 ? RTA_DST : RTA_GATEWAY, buf, len);
-+
- 	if (table_id < 256) {
- 		rth.req.u.r.rt.rtm_table = table_id;
- 	} else {
--- 
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch b/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch
deleted file mode 100644
index 56ba5c3f4..000000000
--- a/poky/meta/recipes-connectivity/connman/connman/0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From a9243f13d6e1aadd69bfcc27f75f69c38be51677 Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Wed, 4 Oct 2017 17:30:17 +0100
-Subject: [PATCH 3/4] inet: Implement APIs for creating and deleting subnet
- route
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=3a15b0b7fccd053aff91da2cc68585509d0c509b]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/connman.h |  4 ++++
- src/inet.c    | 14 ++++++++++++++
- 2 files changed, 18 insertions(+)
-
-diff --git a/src/connman.h b/src/connman.h
-index 21b7080..da4446a 100644
---- a/src/connman.h
-+++ b/src/connman.h
-@@ -240,7 +240,11 @@ int __connman_inet_rtnl_addattr32(struct nlmsghdr *n, size_t maxlen,
- int __connman_inet_add_fwmark_rule(uint32_t table_id, int family, uint32_t fwmark);
- int __connman_inet_del_fwmark_rule(uint32_t table_id, int family, uint32_t fwmark);
- int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex, const char *gateway);
-+int __connman_inet_add_subnet_to_table(uint32_t table_id, int ifindex,
-+			const char *gateway, unsigned char prefixlen);
- int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex, const char *gateway);
-+int __connman_inet_del_subnet_from_table(uint32_t table_id, int ifindex,
-+			const char *gateway, unsigned char prefixlen);
- int __connman_inet_get_address_netmask(int ifindex,
- 		struct sockaddr_in *address, struct sockaddr_in *netmask);
- 
-diff --git a/src/inet.c b/src/inet.c
-index 0ddb030..dcd1ab2 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -2880,6 +2880,13 @@ int __connman_inet_add_default_to_table(uint32_t table_id, int ifindex,
- 	return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, 0);
- }
- 
-+int __connman_inet_add_subnet_to_table(uint32_t table_id, int ifindex,
-+						const char *gateway, unsigned char prefixlen)
-+{
-+	/* ip route add 1.2.3.4/24 dev eth0 table 1234 */
-+	return iproute_default_modify(RTM_NEWROUTE, table_id, ifindex, gateway, prefixlen);
-+}
-+
- int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
- 						const char *gateway)
- {
-@@ -2888,6 +2895,13 @@ int __connman_inet_del_default_from_table(uint32_t table_id, int ifindex,
- 	return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, 0);
- }
- 
-+int __connman_inet_del_subnet_from_table(uint32_t table_id, int ifindex,
-+						const char *gateway, unsigned char prefixlen)
-+{
-+	/* ip route del 1.2.3.4/24 dev eth0 table 1234 */
-+	return iproute_default_modify(RTM_DELROUTE, table_id, ifindex, gateway, prefixlen);
-+}
-+
- int __connman_inet_get_interface_ll_address(int index, int family,
- 								void *address)
- {
--- 
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch b/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch
deleted file mode 100644
index ca213eb18..000000000
--- a/poky/meta/recipes-connectivity/connman/connman/0004-session-Use-subnet-route-creation-and-deletion-APIs.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From deb9372db8396da4f7cd20555ce7c9a8b3ad96bd Mon Sep 17 00:00:00 2001
-From: Jian Liang <jianliang@tycoint.com>
-Date: Fri, 6 Oct 2017 11:40:16 +0100
-Subject: [PATCH 4/4] session: Use subnet route creation and deletion APIs
-To: connman@lists.01.org
-Cc: wagi@monom.org
-
-As subnet route is address and session specific in this case, so add
-prefixlen into struct connman_session, and update it along with ipconfig.
-Then use it in subnet route related APIs.
-
-Signed-off-by: Jian Liang <jianliang@tycoint.com>
-
----
-Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=285f25ef6cc9e4a43dab83523f3e2eab4365ac26]
-Signed-off-by: André Draszik <andre.draszik@jci.com>
- src/session.c | 20 ++++++++++++++++----
- 1 file changed, 16 insertions(+), 4 deletions(-)
-
-diff --git a/src/session.c b/src/session.c
-index 965ac06..7b7a14b 100644
---- a/src/session.c
-+++ b/src/session.c
-@@ -67,6 +67,7 @@ struct connman_session {
- 	int index;
- 	char *addr;
- 	char *gateway;
-+	unsigned char prefixlen;
- 	bool policy_routing;
- 	bool snat_enabled;
- };
-@@ -357,13 +358,17 @@ static void del_default_route(struct connman_session *session)
- 	if (!session->gateway)
- 		return;
- 
--	DBG("index %d routing table %d default gateway %s",
--		session->index, session->mark, session->gateway);
-+	DBG("index %d routing table %d default gateway %s/%u",
-+		session->index, session->mark, session->gateway, session->prefixlen);
-+
-+		__connman_inet_del_subnet_from_table(session->mark,
-+			session->index, session->gateway, session->prefixlen);
- 
- 	__connman_inet_del_default_from_table(session->mark,
- 					session->index, session->gateway);
- 	g_free(session->gateway);
- 	session->gateway = NULL;
-+	session->prefixlen = 0;
- 	session->index = -1;
- }
- 
-@@ -383,13 +388,20 @@ static void add_default_route(struct connman_session *session)
- 	if (!session->gateway)
- 		session->gateway = g_strdup(inet_ntoa(addr));
- 
--	DBG("index %d routing table %d default gateway %s",
--		session->index, session->mark, session->gateway);
-+	session->prefixlen = __connman_ipconfig_get_prefixlen(ipconfig);
-+
-+	DBG("index %d routing table %d default gateway %s/%u",
-+		session->index, session->mark, session->gateway, session->prefixlen);
- 
- 	err = __connman_inet_add_default_to_table(session->mark,
- 					session->index, session->gateway);
- 	if (err < 0)
- 		DBG("session %p %s", session, strerror(-err));
-+
-+	err = __connman_inet_add_subnet_to_table(session->mark,
-+					session->index, session->gateway, session->prefixlen);
-+	if (err < 0)
-+		DBG("session add subnet route %p %s", session, strerror(-err));
- }
- 
- static void del_nat_rules(struct connman_session *session)
--- 
-2.7.4
-
diff --git a/poky/meta/recipes-connectivity/connman/connman_1.35.bb b/poky/meta/recipes-connectivity/connman/connman_1.35.bb
deleted file mode 100644
index ff2118113..000000000
--- a/poky/meta/recipes-connectivity/connman/connman_1.35.bb
+++ /dev/null
@@ -1,22 +0,0 @@
-require connman.inc
-
-SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
-            file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
-            file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
-            file://connman \
-            file://no-version-scripts.patch \
-            file://includes.patch \
-            file://0001-session-Keep-track-of-addr-in-fw_snat-session.patch \
-            file://0001-giognutls-Fix-a-crash-using-wispr-over-TLS.patch \
-            file://0001-inet-Add-prefixlen-to-iproute_default_function.patch \
-            file://0002-inet-Implement-subnet-route-creation-deletion-in-ipr.patch \
-            file://0003-inet-Implement-APIs-for-creating-and-deleting-subnet.patch \
-            file://0004-session-Use-subnet-route-creation-and-deletion-APIs.patch \
-            "
-SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch \
-                             "
-
-SRC_URI[md5sum] = "bae37b45ee9b3db5ec8115188f8a7652"
-SRC_URI[sha256sum] = "66d7deb98371545c6e417239a9b3b3e3201c1529d08eedf40afbc859842cf2aa"
-
-RRECOMMENDS_${PN} = "connman-conf"
diff --git a/poky/meta/recipes-connectivity/connman/connman_1.36.bb b/poky/meta/recipes-connectivity/connman/connman_1.36.bb
new file mode 100644
index 000000000..6e4dbdfda
--- /dev/null
+++ b/poky/meta/recipes-connectivity/connman/connman_1.36.bb
@@ -0,0 +1,16 @@
+require connman.inc
+
+SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+            file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
+            file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
+            file://connman \
+            file://no-version-scripts.patch \
+            file://0001-Fix-various-issues-which-cause-problems-under-musl.patch \
+"
+
+SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
+
+SRC_URI[md5sum] = "dae77d9c904d2c223ae849e32079d57e"
+SRC_URI[sha256sum] = "c789db41cc443fa41e661217ea321492ad59a004bebcd1aa013f3bc10a6e0074"
+
+RRECOMMENDS_${PN} = "connman-conf"
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch
new file mode 100644
index 000000000..d2e57714c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch
@@ -0,0 +1,2882 @@
+From ffb1d1325bd6503df9a324befac5f5039ac77432 Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster@mvista.com>
+Date: Tue, 23 Oct 2018 10:36:56 +0000
+Subject: [PATCH] dhcpd: fix Replace custom isc_boolean_t with C standard bool
+ type
+
+
+Upstream-Status: Pending
+
+Fixes issues introduced by bind when they changed their headers.
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ includes/dhcpd.h           | 34 +++++++++++++++++-----------------
+ includes/heap.h            |  2 +-
+ includes/omapip/omapip.h   |  2 +-
+ includes/omapip/omapip_p.h |  6 +++---
+ includes/tree.h            |  2 +-
+ 5 files changed, 23 insertions(+), 23 deletions(-)
+
+Index: dhcp-4.4.1/includes/dhcpd.h
+===================================================================
+--- dhcp-4.4.1.orig/includes/dhcpd.h
++++ dhcp-4.4.1/includes/dhcpd.h
+@@ -461,20 +461,20 @@ struct packet {
+ 	 * options we got in a previous exchange were still there, we need
+ 	 * to signal this in a reliable way.
+ 	 */
+-	isc_boolean_t agent_options_stashed;
++	bool agent_options_stashed;
+ 
+ 	/*
+ 	 * ISC_TRUE if packet received unicast (as opposed to multicast).
+ 	 * Only used in DHCPv6.
+ 	 */
+-	isc_boolean_t unicast;
++	bool unicast;
+ 
+ 	/* Propagates server value SV_ECHO_CLIENT_ID so it is available
+          * in cons_options() */
+ 	int sv_echo_client_id;
+ 
+ 	/* Relay port check */
+-	isc_boolean_t relay_source_port;
++	bool relay_source_port;
+ };
+ 
+ /*
+@@ -1174,7 +1174,7 @@ struct dhc6_lease {
+ 	struct dhc6_lease *next;
+ 	struct data_string server_id;
+ 
+-	isc_boolean_t released;
++	bool released;
+ 	int score;
+ 	u_int8_t pref;
+ 
+@@ -1695,8 +1695,8 @@ struct ipv6_pool {
+ 	int bits;				/* number of bits, CIDR style */
+ 	int units;				/* allocation unit in bits */
+ 	iasubopt_hash_t *leases;		/* non-free leases */
+-	isc_uint64_t num_active;		/* count of active leases */
+-	isc_uint64_t num_abandoned;		/* count of abandoned leases */
++	uint64_t num_active;			/* count of active leases */
++	uint64_t num_abandoned;			/* count of abandoned leases */
+ 	isc_heap_t *active_timeouts;		/* timeouts for active leases */
+ 	int num_inactive;			/* count of inactive leases */
+ 	isc_heap_t *inactive_timeouts;		/* timeouts for expired or
+@@ -1732,11 +1732,11 @@ struct ipv6_pond {
+ 	struct ipv6_pool **ipv6_pools;	/* NULL-terminated array */
+ 	int last_ipv6_pool;		/* offset of last IPv6 pool
+ 					   used to issue a lease */
+-	isc_uint64_t num_total;	    /* Total number of elements in the pond */
+-	isc_uint64_t num_active;    /* Number of elements in the pond in use */
+-	isc_uint64_t num_abandoned;	/* count of abandoned leases */
++	uint64_t num_total;	    	/* Total number of elements in the pond */
++	uint64_t num_active;    	/* Number of elements in the pond in use */
++	uint64_t num_abandoned;		/* count of abandoned leases */
+ 	int logged;			/* already logged a message */
+-	isc_uint64_t low_threshold;	/* low threshold to restart logging */
++	uint64_t low_threshold;		/* low threshold to restart logging */
+ 	int jumbo_range;
+ #ifdef EUI_64
+ 	int use_eui_64;		/* use EUI-64 address assignment when true */
+@@ -1745,9 +1745,9 @@ struct ipv6_pond {
+ 
+ /*
+  * Max addresses in a pond that can be supported by log threshold
+- * Currently based on max value supported by isc_uint64_t.
++ * Currently based on max value supported by uint64_t.
+ */
+-#define POND_TRACK_MAX ISC_UINT64_MAX
++#define POND_TRACK_MAX UINT64_MAX
+ 
+ /* Flags for dhcp_ddns_cb_t */
+ #define DDNS_UPDATE_ADDR		0x0001
+@@ -1868,7 +1868,7 @@ lookup_fqdn6_option(struct universe *uni
+ 		    unsigned code);
+ void
+ save_fqdn6_option(struct universe *universe, struct option_state *options,
+-		  struct option_cache *oc, isc_boolean_t appendp);
++		  struct option_cache *oc, bool appendp);
+ void
+ delete_fqdn6_option(struct universe *universe, struct option_state *options,
+ 		    int code);
+@@ -1953,7 +1953,7 @@ void save_option(struct universe *, stru
+ void also_save_option(struct universe *, struct option_state *,
+ 		      struct option_cache *);
+ void save_hashed_option(struct universe *, struct option_state *,
+-			struct option_cache *, isc_boolean_t appendp);
++			struct option_cache *, bool appendp);
+ void delete_option (struct universe *, struct option_state *, int);
+ void delete_hashed_option (struct universe *,
+ 			   struct option_state *, int);
+@@ -2041,7 +2041,7 @@ int linked_option_state_dereference (str
+ 				     struct option_state *,
+ 				     const char *, int);
+ void save_linked_option(struct universe *, struct option_state *,
+-			struct option_cache *, isc_boolean_t appendp);
++			struct option_cache *, bool appendp);
+ void linked_option_space_foreach (struct packet *, struct lease *,
+ 				  struct client_state *,
+ 				  struct option_state *,
+@@ -2069,7 +2069,7 @@ void do_packet (struct interface_info *,
+ 		struct dhcp_packet *, unsigned,
+ 		unsigned int, struct iaddr, struct hardware *);
+ void do_packet6(struct interface_info *, const char *,
+-		int, int, const struct iaddr *, isc_boolean_t);
++		int, int, const struct iaddr *, bool);
+ int packet6_len_okay(const char *, int);
+ 
+ int validate_packet(struct packet *);
+@@ -2224,7 +2224,7 @@ uint32_t parse_byte_order_uint32(const v
+ int ddns_updates(struct packet *, struct lease *, struct lease *,
+ 		 struct iasubopt *, struct iasubopt *, struct option_state *);
+ isc_result_t ddns_removals(struct lease *, struct iasubopt *,
+-			   struct dhcp_ddns_cb *, isc_boolean_t);
++			   struct dhcp_ddns_cb *, bool);
+ u_int16_t get_conflict_mask(struct option_state *input_options);
+ #if defined (TRACING)
+ void trace_ddns_init(void);
+@@ -2450,7 +2450,7 @@ void dhcpleasequery (struct packet *, in
+ void dhcpv6_leasequery (struct data_string *, struct packet *);
+ 
+ /* dhcpv6.c */
+-isc_boolean_t server_duid_isset(void);
++bool server_duid_isset(void);
+ void copy_server_duid(struct data_string *ds, const char *file, int line);
+ void set_server_duid(struct data_string *new_duid);
+ isc_result_t set_server_duid_from_option(void);
+@@ -2852,7 +2852,7 @@ extern void (*bootp_packet_handler) (str
+ 				     struct iaddr, struct hardware *);
+ extern void (*dhcpv6_packet_handler)(struct interface_info *,
+ 				     const char *, int,
+-				     int, const struct iaddr *, isc_boolean_t);
++				     int, const struct iaddr *, bool);
+ extern struct timeout *timeouts;
+ extern omapi_object_type_t *dhcp_type_interface;
+ #if defined (TRACING)
+@@ -2943,7 +2943,7 @@ int addr_or(struct iaddr *result,
+ 	    const struct iaddr *a1, const struct iaddr *a2);
+ int addr_and(struct iaddr *result,
+ 	     const struct iaddr *a1, const struct iaddr *a2);
+-isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits);
++bool is_cidr_mask_valid(const struct iaddr *addr, int bits);
+ isc_result_t range2cidr(struct iaddrcidrnetlist **result,
+ 			const struct iaddr *lo, const struct iaddr *hi);
+ isc_result_t free_iaddrcidrnetlist(struct iaddrcidrnetlist **result);
+@@ -3787,7 +3787,7 @@ isc_result_t ia_add_iasubopt(struct ia_x
+ 			     const char *file, int line);
+ void ia_remove_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt,
+ 			const char *file, int line);
+-isc_boolean_t ia_equal(const struct ia_xx *a, const struct ia_xx *b);
++bool ia_equal(const struct ia_xx *a, const struct ia_xx *b);
+ 
+ isc_result_t ipv6_pool_allocate(struct ipv6_pool **pool, u_int16_t type,
+ 				const struct in6_addr *start_addr,
+@@ -3820,9 +3820,9 @@ isc_result_t expire_lease6(struct iasubo
+ 			   struct ipv6_pool *pool, time_t now);
+ isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease);
+ isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease);
+-isc_boolean_t lease6_exists(const struct ipv6_pool *pool,
++bool lease6_exists(const struct ipv6_pool *pool,
+ 			    const struct in6_addr *addr);
+-isc_boolean_t lease6_usable(struct iasubopt *lease);
++bool lease6_usable(struct iasubopt *lease);
+ isc_result_t cleanup_lease6(ia_hash_t *ia_table,
+ 			    struct ipv6_pool *pool,
+ 			    struct iasubopt *lease,
+@@ -3834,13 +3834,13 @@ isc_result_t create_prefix6(struct ipv6_
+ 			    unsigned int *attempts,
+ 			    const struct data_string *uid,
+ 			    time_t soft_lifetime_end_time);
+-isc_boolean_t prefix6_exists(const struct ipv6_pool *pool,
++bool prefix6_exists(const struct ipv6_pool *pool,
+ 			     const struct in6_addr *pref, u_int8_t plen);
+ 
+ isc_result_t add_ipv6_pool(struct ipv6_pool *pool);
+ isc_result_t find_ipv6_pool(struct ipv6_pool **pool, u_int16_t type,
+ 			    const struct in6_addr *addr);
+-isc_boolean_t ipv6_in_pool(const struct in6_addr *addr,
++bool ipv6_in_pool(const struct in6_addr *addr,
+ 			   const struct ipv6_pool *pool);
+ isc_result_t ipv6_pond_allocate(struct ipv6_pond **pond,
+ 				const char *file, int line);
+Index: dhcp-4.4.1/includes/heap.h
+===================================================================
+--- dhcp-4.4.1.orig/includes/heap.h
++++ dhcp-4.4.1/includes/heap.h
+@@ -26,7 +26,7 @@
+  * The comparision function returns ISC_TRUE if the first argument has
+  * higher priority than the second argument, and ISC_FALSE otherwise.
+  */
+-typedef isc_boolean_t (*isc_heapcompare_t)(void *, void *);
++typedef bool (*isc_heapcompare_t)(void *, void *);
+ 
+ /*%
+  * The index function allows the client of the heap to receive a callback
+Index: dhcp-4.4.1/includes/omapip/omapip.h
+===================================================================
+--- dhcp-4.4.1.orig/includes/omapip/omapip.h
++++ dhcp-4.4.1/includes/omapip/omapip.h
+@@ -264,7 +264,7 @@ isc_result_t omapi_protocol_connect (oma
+ isc_result_t omapi_connect_list (omapi_object_t *, omapi_addr_list_t *,
+ 				 omapi_addr_t *);
+ isc_result_t omapi_protocol_listen (omapi_object_t *, unsigned, int);
+-isc_boolean_t omapi_protocol_authenticated (omapi_object_t *);
++bool omapi_protocol_authenticated (omapi_object_t *);
+ isc_result_t omapi_protocol_configure_security (omapi_object_t *,
+ 						isc_result_t (*)
+ 						(omapi_object_t *,
+Index: dhcp-4.4.1/includes/omapip/omapip_p.h
+===================================================================
+--- dhcp-4.4.1.orig/includes/omapip/omapip_p.h
++++ dhcp-4.4.1/includes/omapip/omapip_p.h
+@@ -149,7 +149,7 @@ typedef struct __omapi_protocol_object {
+ 	omapi_remote_auth_t *remote_auth_list;	/* Authenticators active on
+ 						   this connection. */
+ 
+-	isc_boolean_t insecure;		/* Set to allow unauthenticated
++	bool insecure;		/* Set to allow unauthenticated
+ 					   messages. */
+ 
+ 	isc_result_t (*verify_auth) (omapi_object_t *, omapi_auth_key_t *);
+@@ -158,7 +158,7 @@ typedef struct __omapi_protocol_object {
+ typedef struct {
+ 	OMAPI_OBJECT_PREAMBLE;
+ 
+-	isc_boolean_t insecure;		/* Set to allow unauthenticated
++	bool insecure;		/* Set to allow unauthenticated
+ 					   messages. */
+ 
+ 	isc_result_t (*verify_auth) (omapi_object_t *, omapi_auth_key_t *);
+@@ -208,7 +208,7 @@ typedef struct __omapi_io_object {
+ 	isc_result_t (*writer) (omapi_object_t *);
+ 	isc_result_t (*reaper) (omapi_object_t *);
+ 	isc_socket_t *fd;
+-	isc_boolean_t closed; /* ISC_TRUE = closed, do not use */
++	bool closed; /* ISC_TRUE = closed, do not use */
+ } omapi_io_object_t;
+ 
+ typedef struct __omapi_generic_object {
+Index: dhcp-4.4.1/includes/tree.h
+===================================================================
+--- dhcp-4.4.1.orig/includes/tree.h
++++ dhcp-4.4.1/includes/tree.h
+@@ -304,7 +304,7 @@ struct universe {
+ 					     struct option_state *,
+ 					     unsigned);
+ 	void (*save_func) (struct universe *, struct option_state *,
+-			   struct option_cache *, isc_boolean_t);
++			   struct option_cache *, bool );
+ 	void (*foreach) (struct packet *,
+ 			 struct lease *, struct client_state *,
+ 			 struct option_state *, struct option_state *,
+Index: dhcp-4.4.1/common/conflex.c
+===================================================================
+--- dhcp-4.4.1.orig/common/conflex.c
++++ dhcp-4.4.1/common/conflex.c
+@@ -322,7 +322,7 @@ get_raw_token(struct parse *cfile) {
+ 
+ static enum dhcp_token 
+ get_next_token(const char **rval, unsigned *rlen, 
+-	       struct parse *cfile, isc_boolean_t raw) {
++	       struct parse *cfile, bool raw) {
+ 	int rv;
+ 
+ 	if (cfile -> token) {
+@@ -367,7 +367,7 @@ get_next_token(const char **rval, unsign
+ 
+ enum dhcp_token
+ next_token(const char **rval, unsigned *rlen, struct parse *cfile) {
+-	return get_next_token(rval, rlen, cfile, ISC_FALSE);
++	return get_next_token(rval, rlen, cfile, false);
+ }
+ 
+ 
+@@ -378,7 +378,7 @@ next_token(const char **rval, unsigned *
+ 
+ enum dhcp_token
+ next_raw_token(const char **rval, unsigned *rlen, struct parse *cfile) {
+-	return get_next_token(rval, rlen, cfile, ISC_TRUE);
++	return get_next_token(rval, rlen, cfile, true);
+ }
+ 
+ 
+@@ -393,7 +393,7 @@ next_raw_token(const char **rval, unsign
+ 
+ enum dhcp_token
+ do_peek_token(const char **rval, unsigned int *rlen,
+-	      struct parse *cfile, isc_boolean_t raw) {
++	      struct parse *cfile, bool raw) {
+ 	int x;
+ 
+ 	if (!cfile->token || (!raw && (cfile->token == WHITESPACE))) {
+@@ -441,7 +441,7 @@ do_peek_token(const char **rval, unsigne
+ 
+ enum dhcp_token
+ peek_token(const char **rval, unsigned *rlen, struct parse *cfile) {
+-	return do_peek_token(rval, rlen, cfile, ISC_FALSE);
++	return do_peek_token(rval, rlen, cfile, false);
+ }
+ 
+ 
+@@ -452,7 +452,7 @@ peek_token(const char **rval, unsigned *
+ 
+ enum dhcp_token
+ peek_raw_token(const char **rval, unsigned *rlen, struct parse *cfile) {
+-	return do_peek_token(rval, rlen, cfile, ISC_TRUE);
++	return do_peek_token(rval, rlen, cfile, true);
+ }
+ 
+ static void skip_to_eol (cfile)
+Index: dhcp-4.4.1/common/discover.c
+===================================================================
+--- dhcp-4.4.1.orig/common/discover.c
++++ dhcp-4.4.1/common/discover.c
+@@ -73,7 +73,7 @@ void (*bootp_packet_handler) (struct int
+ void (*dhcpv6_packet_handler)(struct interface_info *,
+ 			      const char *, int,
+ 			      int, const struct iaddr *,
+-			      isc_boolean_t);
++			      bool);
+ #endif /* DHCPv6 */
+ 
+ 
+@@ -236,7 +236,7 @@ struct iface_conf_list {
+ struct iface_info {
+ 	char name[IF_NAMESIZE+1];	/* name of the interface, e.g. "bge0" */
+ 	struct sockaddr_storage addr;	/* address information */
+-	isc_uint64_t flags;		/* interface flags, e.g. IFF_LOOPBACK */
++	uint64_t flags;			/* interface flags, e.g. IFF_LOOPBACK */
+ };
+ 
+ /* 
+@@ -312,14 +312,14 @@ int
+ next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
+ 	struct LIFREQ *p;
+ 	struct LIFREQ tmp;
+-	isc_boolean_t foundif;
++	bool foundif;
+ #if defined(sun) || defined(__linux)
+ 	/* Pointer used to remove interface aliases. */
+ 	char *s;
+ #endif
+ 
+ 	do {
+-		foundif = ISC_FALSE;
++		foundif = false;
+ 
+ 		if (ifaces->next >= ifaces->num) {
+ 			*err = 0;
+@@ -353,8 +353,8 @@ next_iface(struct iface_info *info, int
+ 		}
+ #endif /* defined(sun) || defined(__linux) */
+ 
+-		foundif = ISC_TRUE;
+-	} while ((foundif == ISC_FALSE) ||
++		foundif = true;
++	} while ((foundif == false) ||
+ 		 (strncmp(info->name, "dummy", 5) == 0));
+ 	
+ 	memset(&tmp, 0, sizeof(tmp));
+@@ -410,7 +410,7 @@ struct iface_conf_list {
+ struct iface_info {
+ 	char name[IFNAMSIZ];		/* name of the interface, e.g. "bge0" */
+ 	struct sockaddr_storage addr;	/* address information */
+-	isc_uint64_t flags;		/* interface flags, e.g. IFF_LOOPBACK */
++	uint64_t flags;			/* interface flags, e.g. IFF_LOOPBACK */
+ };
+ 
+ /* 
+@@ -1190,9 +1190,9 @@ got_one_v6(omapi_object_t *h) {
+ 		 * If a packet is not multicast, we assume it is unicast.
+ 		 */
+ 		if (IN6_IS_ADDR_MULTICAST(&to)) { 
+-			is_unicast = ISC_FALSE;
++			is_unicast = false;
+ 		} else {
+-			is_unicast = ISC_TRUE;
++			is_unicast = true;
+ 		}
+ 
+ 		ifrom.len = 16;
+Index: dhcp-4.4.1/omapip/iscprint.c
+===================================================================
+--- dhcp-4.4.1.orig/omapip/iscprint.c
++++ dhcp-4.4.1/omapip/iscprint.c
+@@ -59,8 +59,8 @@ isc_print_vsnprintf(char *str, size_t si
+ 	int plus;
+ 	int space;
+ 	int neg;
+-	isc_int64_t tmpi;
+-	isc_uint64_t tmpui;
++	int64_t tmpi;
++	uint64_t tmpui;
+ 	unsigned long width;
+ 	unsigned long precision;
+ 	unsigned int length;
+@@ -234,7 +234,7 @@ isc_print_vsnprintf(char *str, size_t si
+ 				goto printint;
+ 			case 'o':
+ 				if (q)
+-					tmpui = va_arg(ap, isc_uint64_t);
++					tmpui = va_arg(ap, uint64_t);
+ 				else if (l)
+ 					tmpui = va_arg(ap, long int);
+ 				else
+@@ -244,7 +244,7 @@ isc_print_vsnprintf(char *str, size_t si
+ 				goto printint;
+ 			case 'u':
+ 				if (q)
+-					tmpui = va_arg(ap, isc_uint64_t);
++					tmpui = va_arg(ap, uint64_t);
+ 				else if (l)
+ 					tmpui = va_arg(ap, unsigned long int);
+ 				else
+@@ -253,7 +253,7 @@ isc_print_vsnprintf(char *str, size_t si
+ 				goto printint;
+ 			case 'x':
+ 				if (q)
+-					tmpui = va_arg(ap, isc_uint64_t);
++					tmpui = va_arg(ap, uint64_t);
+ 				else if (l)
+ 					tmpui = va_arg(ap, unsigned long int);
+ 				else
+@@ -267,7 +267,7 @@ isc_print_vsnprintf(char *str, size_t si
+ 				goto printint;
+ 			case 'X':
+ 				if (q)
+-					tmpui = va_arg(ap, isc_uint64_t);
++					tmpui = va_arg(ap, uint64_t);
+ 				else if (l)
+ 					tmpui = va_arg(ap, unsigned long int);
+ 				else
+Index: dhcp-4.4.1/server/confpars.c
+===================================================================
+--- dhcp-4.4.1.orig/server/confpars.c
++++ dhcp-4.4.1/server/confpars.c
+@@ -4005,15 +4005,15 @@ add_ipv6_pool_to_subnet(struct subnet *s
+ 
+ 	/* Only bother if we aren't already flagged as jumbo */
+ 	if (pond->jumbo_range == 0) {
+-		if ((units - bits) > (sizeof(isc_uint64_t) * 8)) {
++		if ((units - bits) > (sizeof(uint64_t) * 8)) {
+ 			pond->jumbo_range = 1;
+ 			pond->num_total = POND_TRACK_MAX;
+ 		}
+ 		else {
+-			isc_uint64_t space_left
++			uint64_t space_left
+ 				= POND_TRACK_MAX - pond->num_total;
+-			isc_uint64_t addon
+-				= (isc_uint64_t)(1) << (units - bits);
++			uint64_t addon
++				= (uint64_t)(1) << (units - bits);
+ 
+ 			if (addon > space_left) {
+ 				pond->jumbo_range = 1;
+@@ -4739,7 +4739,7 @@ parse_ia_na_declaration(struct parse *cf
+ 	struct iasubopt *iaaddr;
+ 	struct ipv6_pool *pool;
+ 	char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+-	isc_boolean_t newbinding;
++	bool newbinding;
+ 	struct binding_scope *scope = NULL;
+ 	struct binding *bnd;
+ 	struct binding_value *nv = NULL;
+@@ -4959,9 +4959,9 @@ parse_ia_na_declaration(struct parse *cf
+ 					}
+ 					strcpy(bnd->name, val);
+ 
+-					newbinding = ISC_TRUE;
++					newbinding = true;
+ 				} else {
+-					newbinding = ISC_FALSE;
++					newbinding = false;
+ 				}
+ 
+ 				if (!binding_value_allocate(&nv, MDL)) {
+@@ -5186,7 +5186,7 @@ parse_ia_ta_declaration(struct parse *cf
+ 	struct iasubopt *iaaddr;
+ 	struct ipv6_pool *pool;
+ 	char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+-	isc_boolean_t newbinding;
++	bool newbinding;
+ 	struct binding_scope *scope = NULL;
+ 	struct binding *bnd;
+ 	struct binding_value *nv = NULL;
+@@ -5406,9 +5406,9 @@ parse_ia_ta_declaration(struct parse *cf
+ 					}
+ 					strcpy(bnd->name, val);
+ 
+-					newbinding = ISC_TRUE;
++					newbinding = true;
+ 				} else {
+-					newbinding = ISC_FALSE;
++					newbinding = false;
+ 				}
+ 
+ 				if (!binding_value_allocate(&nv, MDL)) {
+@@ -5623,7 +5623,7 @@ parse_ia_pd_declaration(struct parse *cf
+ 	struct iasubopt *iapref;
+ 	struct ipv6_pool *pool;
+ 	char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+-	isc_boolean_t newbinding;
++	bool newbinding;
+ 	struct binding_scope *scope = NULL;
+ 	struct binding *bnd;
+ 	struct binding_value *nv = NULL;
+@@ -5843,9 +5843,9 @@ parse_ia_pd_declaration(struct parse *cf
+ 					}
+ 					strcpy(bnd->name, val);
+ 
+-					newbinding = ISC_TRUE;
++					newbinding = true;
+ 				} else {
+-					newbinding = ISC_FALSE;
++					newbinding = false;
+ 				}
+ 
+ 				if (!binding_value_allocate(&nv, MDL)) {
+Index: dhcp-4.4.1/server/dhcpv6.c
+===================================================================
+--- dhcp-4.4.1.orig/server/dhcpv6.c
++++ dhcp-4.4.1/server/dhcpv6.c
+@@ -71,8 +71,8 @@ struct reply_state {
+ 	unsigned ia_count;
+ 	unsigned pd_count;
+ 	unsigned client_resources;
+-	isc_boolean_t resources_included;
+-	isc_boolean_t static_lease;
++	bool resources_included;
++	bool static_lease;
+ 	unsigned static_prefixes;
+ 	struct ia_xx *ia;
+ 	struct ia_xx *old_ia;
+@@ -123,7 +123,7 @@ static isc_result_t shared_network_from_
+ 						struct packet *packet);
+ static void seek_shared_host(struct host_decl **hp,
+ 			     struct shared_network *shared);
+-static isc_boolean_t fixed_matches_shared(struct host_decl *host,
++static bool fixed_matches_shared(struct host_decl *host,
+ 					  struct shared_network *shared);
+ static isc_result_t reply_process_ia_na(struct reply_state *reply,
+ 					struct option_cache *ia);
+@@ -131,9 +131,9 @@ static isc_result_t reply_process_ia_ta(
+ 					struct option_cache *ia);
+ static isc_result_t reply_process_addr(struct reply_state *reply,
+ 				       struct option_cache *addr);
+-static isc_boolean_t address_is_owned(struct reply_state *reply,
++static bool address_is_owned(struct reply_state *reply,
+ 				      struct iaddr *addr);
+-static isc_boolean_t temporary_is_available(struct reply_state *reply,
++static bool temporary_is_available(struct reply_state *reply,
+ 					    struct iaddr *addr);
+ static isc_result_t find_client_temporaries(struct reply_state *reply);
+ static isc_result_t reply_process_try_addr(struct reply_state *reply,
+@@ -151,7 +151,7 @@ static isc_result_t reply_process_ia_pd(
+ static struct group *find_group_by_prefix(struct reply_state *reply);
+ static isc_result_t reply_process_prefix(struct reply_state *reply,
+ 					 struct option_cache *pref);
+-static isc_boolean_t prefix_is_owned(struct reply_state *reply,
++static bool prefix_is_owned(struct reply_state *reply,
+ 				     struct iaddrcidrnet *pref);
+ static isc_result_t find_client_prefix(struct reply_state *reply);
+ static isc_result_t reply_process_try_prefix(struct reply_state *reply,
+@@ -174,7 +174,7 @@ static void unicast_reject(struct data_s
+ 		  const struct data_string *client_id,
+ 		  const struct data_string *server_id);
+ 
+-static isc_boolean_t is_unicast_option_defined(struct packet *packet);
++static bool is_unicast_option_defined(struct packet *packet);
+ static isc_result_t shared_network_from_requested_addr (struct shared_network
+ 							**shared,
+ 							struct packet* packet);
+@@ -363,7 +363,7 @@ static struct data_string server_duid;
+ /*
+  * Check if the server_duid has been set.
+  */
+-isc_boolean_t
++bool
+ server_duid_isset(void) {
+ 	return (server_duid.data != NULL);
+ }
+@@ -992,7 +992,7 @@ void check_pool6_threshold(struct reply_
+ 			   struct iasubopt *lease)
+ {
+ 	struct ipv6_pond *pond;
+-	isc_uint64_t used, count, high_threshold;
++	uint64_t used, count, high_threshold;
+ 	int poolhigh = 0, poollow = 0;
+ 	char *shared_name = "no name";
+ 	char tmp_addr[INET6_ADDRSTRLEN];
+@@ -1310,9 +1310,9 @@ pick_v6_address(struct reply_state *repl
+ 	unsigned int attempts;
+ 	char tmp_buf[INET6_ADDRSTRLEN];
+ 	struct iasubopt **addr = &reply->lease;
+-        isc_uint64_t total = 0;
+-        isc_uint64_t active = 0;
+-        isc_uint64_t abandoned = 0;
++        uint64_t total = 0;
++        uint64_t active = 0;
++        uint64_t abandoned = 0;
+ 	int jumbo_range = 0;
+ 	char *shared_name = (reply->shared->name ?
+ 			     reply->shared->name : "(no name)");
+@@ -1825,7 +1825,7 @@ lease_to_client(struct data_string *repl
+ 
+ 		/* Start counting resources (addresses) offered. */
+ 		reply.client_resources = 0;
+-		reply.resources_included = ISC_FALSE;
++		reply.resources_included = false;
+ 
+ 		status = reply_process_ia_na(&reply, oc);
+ 
+@@ -1843,7 +1843,7 @@ lease_to_client(struct data_string *repl
+ 
+ 		/* Start counting resources (addresses) offered. */
+ 		reply.client_resources = 0;
+-		reply.resources_included = ISC_FALSE;
++		reply.resources_included = false;
+ 
+ 		status = reply_process_ia_ta(&reply, oc);
+ 
+@@ -1864,7 +1864,7 @@ lease_to_client(struct data_string *repl
+ 
+ 		/* Start counting resources (prefixes) offered. */
+ 		reply.client_resources = 0;
+-		reply.resources_included = ISC_FALSE;
++		reply.resources_included = false;
+ 
+ 		status = reply_process_ia_pd(&reply, oc);
+ 
+@@ -2077,9 +2077,9 @@ reply_process_ia_na(struct reply_state *
+ 					tmp_addr, MDL) == 0)
+ 			log_fatal("Impossible condition at %s:%d.", MDL);
+ 
+-		reply->static_lease = ISC_TRUE;
++		reply->static_lease = true;
+ 	} else
+-		reply->static_lease = ISC_FALSE;
++		reply->static_lease = false;
+ 
+ 	/*
+ 	 * Save the cursor position at the start of the IA, so we can
+@@ -2778,7 +2778,7 @@ reply_process_addr(struct reply_state *r
+  * (fault out all else).  Otherwise it's a dynamic address, so lookup
+  * that address and make sure it belongs to this DUID:IAID pair.
+  */
+-static isc_boolean_t
++static bool
+ address_is_owned(struct reply_state *reply, struct iaddr *addr) {
+ 	int i;
+ 	struct ipv6_pond *pond;
+@@ -2791,13 +2791,13 @@ address_is_owned(struct reply_state *rep
+ 			log_fatal("Impossible condition at %s:%d.", MDL);
+ 
+ 		if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
+-			return (ISC_TRUE);
++			return (true);
+ 
+-		return (ISC_FALSE);
++		return (false);
+ 	}
+ 
+ 	if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
+-		return (ISC_FALSE);
++		return (false);
+ 
+ 	for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
+ 		struct iasubopt *tmp;
+@@ -2805,8 +2805,8 @@ address_is_owned(struct reply_state *rep
+ 		tmp = reply->old_ia->iasubopt[i];
+ 
+ 		if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
+-			if (lease6_usable(tmp) == ISC_FALSE) {
+-				return (ISC_FALSE);
++			if (lease6_usable(tmp) == false) {
++				return (false);
+ 			}
+ 
+ 			pond = tmp->ipv6_pool->ipv6_pond;
+@@ -2814,15 +2814,15 @@ address_is_owned(struct reply_state *rep
+ 			     (permitted(reply->packet, pond->prohibit_list))) ||
+ 			    ((pond->permit_list != NULL) &&
+ 			     (!permitted(reply->packet, pond->permit_list))))
+-				return (ISC_FALSE);
++				return (false);
+ 
+ 			iasubopt_reference(&reply->lease, tmp, MDL);
+ 
+-			return (ISC_TRUE);
++			return (true);
+ 		}
+ 	}
+ 
+-	return (ISC_FALSE);
++	return (false);
+ }
+ 
+ /* Process a client-supplied IA_TA.  This may append options to the tail of
+@@ -2890,7 +2890,7 @@ reply_process_ia_ta(struct reply_state *
+ 	/*
+ 	 * Temporary leases are dynamic by definition.
+ 	 */
+-	reply->static_lease = ISC_FALSE;
++	reply->static_lease = false;
+ 
+ 	/*
+ 	 * Save the cursor position at the start of the IA, so we can
+@@ -2972,7 +2972,7 @@ reply_process_ia_ta(struct reply_state *
+ 		}
+ 		status = ISC_R_CANCELED;
+ 		reply->client_resources = 0;
+-		reply->resources_included = ISC_FALSE;
++		reply->resources_included = false;
+ 		if (reply->lease != NULL)
+ 			iasubopt_dereference(&reply->lease, MDL);
+ 	}
+@@ -3364,7 +3364,7 @@ void shorten_lifetimes(struct reply_stat
+ /*
+  * Verify the temporary address is available.
+  */
+-static isc_boolean_t
++static bool
+ temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
+ 	struct in6_addr tmp_addr;
+ 	struct subnet *subnet;
+@@ -3379,7 +3379,7 @@ temporary_is_available(struct reply_stat
+ 	 * So this is not a request for this address.
+ 	 */
+ 	if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
+-		return ISC_FALSE;
++		return false;
+ 
+ 	/*
+ 	 * Verify that this address is on the client's network.
+@@ -3393,13 +3393,13 @@ temporary_is_available(struct reply_stat
+ 
+ 	/* Address not found on shared network. */
+ 	if (subnet == NULL)
+-		return ISC_FALSE;
++		return false;
+ 
+ 	/*
+ 	 * Check if this address is owned (must be before next step).
+ 	 */
+ 	if (address_is_owned(reply, addr))
+-		return ISC_TRUE;
++		return true;
+ 
+ 	/*
+ 	 * Verify that this address is in a temporary pool and try to get it.
+@@ -3424,18 +3424,18 @@ temporary_is_available(struct reply_stat
+ 	}
+ 
+ 	if (pool == NULL)
+-		return ISC_FALSE;
++		return false;
+ 	if (lease6_exists(pool, &tmp_addr))
+-		return ISC_FALSE;
++		return false;
+ 	if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
+-		return ISC_FALSE;
++		return false;
+ 	reply->lease->addr = tmp_addr;
+ 	reply->lease->plen = 0;
+ 	/* Default is soft binding for 2 minutes. */
+ 	if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
+-		return ISC_FALSE;
++		return false;
+ 
+-	return ISC_TRUE;
++	return true;
+ }
+ 
+ /*
+@@ -3652,7 +3652,7 @@ find_client_address(struct reply_state *
+ 			 */
+ 
+ 			if ((candidate_shared != reply->shared) ||
+-			    (lease6_usable(lease) != ISC_TRUE))
++			    (lease6_usable(lease) != true))
+ 				continue;
+ 
+ 			if (((pond->prohibit_list != NULL) &&
+@@ -3971,7 +3971,7 @@ reply_process_send_addr(struct reply_sta
+ 		goto cleanup;
+ 	}
+ 
+-	reply->resources_included = ISC_TRUE;
++	reply->resources_included = true;
+ 
+       cleanup:
+ 	if (data.data != NULL)
+@@ -4722,7 +4722,7 @@ reply_process_prefix(struct reply_state
+  * (fault out all else).  Otherwise it's a dynamic prefix, so lookup
+  * that prefix and make sure it belongs to this DUID:IAID pair.
+  */
+-static isc_boolean_t
++static bool
+ prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
+ 	struct iaddrcidrnetlist *l;
+ 	int i;
+@@ -4736,14 +4736,14 @@ prefix_is_owned(struct reply_state *repl
+ 			if ((pref->bits == l->cidrnet.bits) &&
+ 			    (memcmp(pref->lo_addr.iabuf,
+ 				    l->cidrnet.lo_addr.iabuf, 16) == 0))
+-				return (ISC_TRUE);
++				return (true);
+ 		}
+-		return (ISC_FALSE);
++		return (false);
+ 	}
+ 
+ 	if ((reply->old_ia == NULL) ||
+ 	    (reply->old_ia->num_iasubopt == 0))
+-		return (ISC_FALSE);
++		return (false);
+ 
+ 	for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
+ 		struct iasubopt *tmp;
+@@ -4752,8 +4752,8 @@ prefix_is_owned(struct reply_state *repl
+ 
+ 		if ((pref->bits == (int) tmp->plen) &&
+ 		    (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
+-			if (lease6_usable(tmp) == ISC_FALSE) {
+-				return (ISC_FALSE);
++			if (lease6_usable(tmp) == false) {
++				return (false);
+ 			}
+ 
+ 			pond = tmp->ipv6_pool->ipv6_pond;
+@@ -4761,14 +4761,14 @@ prefix_is_owned(struct reply_state *repl
+ 			     (permitted(reply->packet, pond->prohibit_list))) ||
+ 			    ((pond->permit_list != NULL) &&
+ 			     (!permitted(reply->packet, pond->permit_list))))
+-				return (ISC_FALSE);
++				return (false);
+ 
+ 			iasubopt_reference(&reply->lease, tmp, MDL);
+-			return (ISC_TRUE);
++			return (true);
+ 		}
+ 	}
+ 
+-	return (ISC_FALSE);
++	return (false);
+ }
+ 
+ /*
+@@ -4914,7 +4914,7 @@ find_client_prefix(struct reply_state *r
+ 			 */
+ 			if (((candidate_shared != NULL) &&
+ 			     (candidate_shared != reply->shared)) ||
+-			    (lease6_usable(prefix) != ISC_TRUE))
++			    (lease6_usable(prefix) != true))
+ 				continue;
+ 
+ 			/*
+@@ -5233,7 +5233,7 @@ reply_process_send_prefix(struct reply_s
+ 		goto cleanup;
+ 	}
+ 
+-	reply->resources_included = ISC_TRUE;
++	reply->resources_included = true;
+ 
+       cleanup:
+ 	if (data.data != NULL)
+@@ -5383,8 +5383,8 @@ dhcpv6_request(struct data_string *reply
+ 
+ 	/* If the REQUEST arrived via unicast and unicast option isn't set,
+  	 * reject it per RFC 3315, Sec 18.2.1 */
+-	if (packet->unicast == ISC_TRUE &&
+-	    is_unicast_option_defined(packet) == ISC_FALSE) {
++	if (packet->unicast == true &&
++	    is_unicast_option_defined(packet) == false) {
+ 		unicast_reject(reply_ret, packet, &client_id, &server_id);
+ 	} else {
+ 		/*
+@@ -5505,7 +5505,7 @@ dhcpv6_confirm(struct data_string *reply
+ 	struct option_state *cli_enc_opt_state, *opt_state;
+ 	struct iaddr cli_addr;
+ 	int pass;
+-	isc_boolean_t inappropriate, has_addrs;
++	bool inappropriate, has_addrs;
+ 	char reply_data[65536];
+ 	struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
+ 	int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
+@@ -5556,7 +5556,7 @@ dhcpv6_confirm(struct data_string *reply
+ 		goto exit;
+ 
+ 	/* Are the addresses in all the IA's appropriate for that link? */
+-	has_addrs = inappropriate = ISC_FALSE;
++	has_addrs = inappropriate = false;
+ 	pass = D6O_IA_NA;
+ 	while(!inappropriate) {
+ 		/* If we've reached the end of the IA_NA pass, move to the
+@@ -5602,7 +5602,7 @@ dhcpv6_confirm(struct data_string *reply
+ 			data_string_forget(&iaaddr, MDL);
+ 
+ 			/* Record that we've processed at least one address. */
+-			has_addrs = ISC_TRUE;
++			has_addrs = true;
+ 
+ 			/* Find out if any subnets cover this address. */
+ 			for (subnet = shared->subnets ; subnet != NULL ;
+@@ -5621,7 +5621,7 @@ dhcpv6_confirm(struct data_string *reply
+ 			 * continue searching.
+ 			 */
+ 			if (subnet == NULL) {
+-				inappropriate = ISC_TRUE;
++				inappropriate = true;
+ 				break;
+ 			}
+ 		}
+@@ -5719,8 +5719,8 @@ dhcpv6_renew(struct data_string *reply,
+ 
+ 	/* If the RENEW arrived via unicast and unicast option isn't set,
+ 	 * reject it per RFC 3315, Sec 18.2.3 */
+-	if (packet->unicast == ISC_TRUE &&
+-	    is_unicast_option_defined(packet) == ISC_FALSE) {
++	if (packet->unicast == true &&
++	    is_unicast_option_defined(packet) == false) {
+ 		unicast_reject(reply, packet, &client_id, &server_id);
+ 	} else {
+ 		/*
+@@ -6142,8 +6142,8 @@ dhcpv6_decline(struct data_string *reply
+ 
+ 	/* If the DECLINE arrived via unicast and unicast option isn't set,
+ 	 * reject it per RFC 3315, Sec 18.2.7 */
+-	if (packet->unicast == ISC_TRUE &&
+-	    is_unicast_option_defined(packet) == ISC_FALSE) {
++	if (packet->unicast == true &&
++	    is_unicast_option_defined(packet) == false) {
+ 		unicast_reject(reply, packet, &client_id, &server_id);
+ 	} else {
+ 		/*
+@@ -6597,8 +6597,8 @@ dhcpv6_release(struct data_string *reply
+ 
+ 	/* If the RELEASE arrived via unicast and unicast option isn't set,
+  	 * reject it per RFC 3315, Sec 18.2.6 */
+-	if (packet->unicast == ISC_TRUE &&
+-	    is_unicast_option_defined(packet) == ISC_FALSE) {
++	if (packet->unicast == true &&
++	    is_unicast_option_defined(packet) == false) {
+ 		unicast_reject(reply, packet, &client_id, &server_id);
+ 	} else {
+ 		/*
+@@ -6897,7 +6897,7 @@ dhcpv6_relay_forw(struct data_string *re
+ 		}
+ 		data_string_forget(&a_opt, MDL);
+ 
+-		packet->relay_source_port = ISC_TRUE;
++		packet->relay_source_port = true;
+ 	}
+ #endif
+ 
+@@ -7219,7 +7219,7 @@ dhcp4o6_relay_forw(struct data_string *r
+ 		}
+ 		data_string_forget(&a_opt, MDL);
+ 
+-		packet->relay_source_port = ISC_TRUE;
++		packet->relay_source_port = true;
+ 	}
+ #endif
+ 
+@@ -8036,35 +8036,35 @@ seek_shared_host(struct host_decl **hp,
+ 		host_reference(hp, seek, MDL);
+ }
+ 
+-static isc_boolean_t
++static bool
+ fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
+ 	struct subnet *subnet;
+ 	struct data_string addr;
+-	isc_boolean_t matched;
++	bool matched;
+ 	struct iaddr fixed;
+ 
+ 	if (host->fixed_addr == NULL)
+-		return ISC_FALSE;
++		return false;
+ 
+ 	memset(&addr, 0, sizeof(addr));
+ 	if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
+ 				   &global_scope, host->fixed_addr, MDL))
+-		return ISC_FALSE;
++		return false;
+ 
+ 	if (addr.len < 16) {
+ 		data_string_forget(&addr, MDL);
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 
+ 	fixed.len = 16;
+ 	memcpy(fixed.iabuf, addr.data, 16);
+ 
+-	matched = ISC_FALSE;
++	matched = false;
+ 	for (subnet = shared->subnets ; subnet != NULL ;
+ 	     subnet = subnet->next_sibling) {
+ 		if (addr_eq(subnet_number(fixed, subnet->netmask),
+ 			    subnet->net)) {
+-			matched = ISC_TRUE;
++			matched = true;
+ 			break;
+ 		}
+ 	}
+@@ -8167,15 +8167,15 @@ unicast_reject(struct data_string *reply
+  * statements from the network's group outward into a local option cache.
+  * The option cache is then scanned for the presence of unicast option.  If
+  * the packet cannot be mapped to a shared network, the function returns
+- * ISC_FALSE.
++ * false.
+  * \param packet inbound packet from the client
+  *
+- * \return ISC_TRUE if the dhcp6.unicast option is defined, false otherwise.
++ * \return true if the dhcp6.unicast option is defined, false otherwise.
+  *
+  */
+-isc_boolean_t
++bool
+ is_unicast_option_defined(struct packet *packet) {
+-        isc_boolean_t is_defined = ISC_FALSE;
++        bool is_defined = false;
+ 	struct option_state *opt_state = NULL;
+ 	struct option_cache *oc = NULL;
+ 	struct shared_network *shared = NULL;
+@@ -8195,7 +8195,7 @@ is_unicast_option_defined(struct packet
+ 		 * logic will catch it */
+ 		log_error("is_unicast_option_defined:"
+ 			  "cannot attribute packet to a network.");
+-		return (ISC_FALSE);
++		return (false);
+ 	}
+ 
+ 	/* Now that we've mapped it to a network, execute statments to that
+@@ -8205,7 +8205,7 @@ is_unicast_option_defined(struct packet
+ 				    &global_scope, shared->group, NULL, NULL);
+ 
+ 	oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
+-	is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE);
++	is_defined = (oc != NULL ? true : false);
+ 	log_debug("is_unicast_option_defined: option found : %d", is_defined);
+ 
+ 	if (shared != NULL) {
+Index: dhcp-4.4.1/client/clparse.c
+===================================================================
+--- dhcp-4.4.1.orig/client/clparse.c
++++ dhcp-4.4.1/client/clparse.c
+@@ -1527,7 +1527,7 @@ parse_client6_lease_statement(struct par
+ 
+ 		      case TOKEN_RELEASED:
+ 		      case TOKEN_ABANDONED:
+-			lease->released = ISC_TRUE;
++			lease->released = true;
+ 			break;
+ 
+ 		      default:
+Index: dhcp-4.4.1/client/dhc6.c
+===================================================================
+--- dhcp-4.4.1.orig/client/dhc6.c
++++ dhcp-4.4.1/client/dhc6.c
+@@ -109,7 +109,7 @@ static isc_result_t dhc6_add_ia_pd(struc
+ 				   u_int8_t message,
+ 				   int wanted,
+ 				   int *added);
+-static isc_boolean_t stopping_finished(void);
++static bool stopping_finished(void);
+ static void dhc6_merge_lease(struct dhc6_lease *src, struct dhc6_lease *dst);
+ void do_select6(void *input);
+ void do_refresh6(void *input);
+@@ -131,7 +131,7 @@ static void script_write_params6(struct
+ 				 const char *prefix,
+ 				 struct option_state *options);
+ static void script_write_requested6(struct client_state *client);
+-static isc_boolean_t active_prefix(struct client_state *client);
++static bool active_prefix(struct client_state *client);
+ 
+ static int check_timing6(struct client_state *client, u_int8_t msg_type,
+ 			 char *msg_str, struct dhc6_lease *lease,
+@@ -149,7 +149,7 @@ static isc_result_t dhc6_add_ia_na_decli
+ 					   struct data_string *packet,
+ 					   struct dhc6_lease *lease);
+ static int drop_declined_addrs(struct dhc6_lease *lease);
+-static isc_boolean_t unexpired_address_in_lease(struct dhc6_lease *lease);
++static bool unexpired_address_in_lease(struct dhc6_lease *lease);
+ 
+ extern int onetry;
+ extern int stateless;
+@@ -418,14 +418,14 @@ valid_reply(struct packet *packet, struc
+ {
+ 	struct data_string sid, cid;
+ 	struct option_cache *oc;
+-	int rval = ISC_TRUE;
++	int rval = true;
+ 
+ 	memset(&sid, 0, sizeof(sid));
+ 	memset(&cid, 0, sizeof(cid));
+ 
+ 	if (!lookup_option(&dhcpv6_universe, packet->options, D6O_SERVERID)) {
+ 		log_error("Response without a server identifier received.");
+-		rval = ISC_FALSE;
++		rval = false;
+ 	}
+ 
+ 	oc = lookup_option(&dhcpv6_universe, packet->options, D6O_CLIENTID);
+@@ -434,7 +434,7 @@ valid_reply(struct packet *packet, struc
+ 				   client->sent_options, &global_scope, oc,
+ 				   MDL)) {
+ 		log_error("Response without a client identifier.");
+-		rval = ISC_FALSE;
++		rval = false;
+ 	}
+ 
+ 	oc = lookup_option(&dhcpv6_universe, client->sent_options,
+@@ -444,7 +444,7 @@ valid_reply(struct packet *packet, struc
+ 				   client->sent_options, NULL, &global_scope,
+ 				   oc, MDL)) {
+ 		log_error("Local client identifier is missing!");
+-		rval = ISC_FALSE;
++		rval = false;
+ 	}
+ 
+ 	if (sid.len == 0 ||
+@@ -452,7 +452,7 @@ valid_reply(struct packet *packet, struc
+ 	    memcmp(sid.data, cid.data, sid.len)) {
+ 		log_error("Advertise with matching transaction ID, but "
+ 			  "mismatching client id.");
+-		rval = ISC_FALSE;
++		rval = false;
+ 	}
+ 
+ 	/* clean up pointers to the strings */
+@@ -2375,7 +2375,7 @@ start_release6(struct client_state *clie
+ 	/* Note this in the lease file. */
+ 	if (client->active_lease == NULL)
+ 		return;
+-	client->active_lease->released = ISC_TRUE;
++	client->active_lease->released = true;
+ 	write_client6_lease(client, client->active_lease, 0, 1);
+ 
+ 	/* Set timers per RFC3315 section 18.1.6. */
+@@ -2612,7 +2612,7 @@ dhc6_check_advertise(struct dhc6_lease *
+ {
+ 	struct dhc6_ia *ia;
+ 	isc_result_t rval = ISC_R_SUCCESS;
+-	int have_addrs = ISC_FALSE;
++	int have_addrs = false;
+ 	unsigned code;
+ 	const char *scope;
+ 	int got_na = 0, got_ta = 0, got_pd = 0;
+@@ -2650,14 +2650,14 @@ dhc6_check_advertise(struct dhc6_lease *
+ 		 * Should we check the addr itself for usability?
+ 		 */
+ 		if (ia->addrs != NULL) {
+-			have_addrs = ISC_TRUE;
++			have_addrs = true;
+ 		}
+ 	}
+ 
+ 	/* If we didn't get some addrs or the user required us to
+ 	 * get all of the requested IAs and we didn't return an error
+ 	 */
+-	if ((have_addrs != ISC_TRUE) ||
++	if ((have_addrs != true) ||
+ 	    ((require_all_ias != 0) &&
+ 	     ((got_na < wanted_ia_na) ||
+ 	      (got_ta < wanted_ia_ta) ||
+@@ -2670,7 +2670,7 @@ dhc6_check_advertise(struct dhc6_lease *
+ /* status code <-> action matrix for the client in INIT state
+  * (rapid/commit).  Returns always false as no action is defined.
+  */
+-static isc_boolean_t
++static bool
+ dhc6_init_action(struct client_state *client, isc_result_t *rvalp,
+ 		 unsigned code)
+ {
+@@ -2679,21 +2679,21 @@ dhc6_init_action(struct client_state *cl
+ 
+ 	if (client == NULL) {
+ 		*rvalp = DHCP_R_INVALIDARG;
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 
+ 	if (*rvalp == ISC_R_SUCCESS)
+-		return ISC_FALSE;
++		return false;
+ 
+ 	/* No possible action in any case... */
+-	return ISC_FALSE;
++	return false;
+ }
+ 
+ /* status code <-> action matrix for the client in SELECT state
+  * (request/reply).  Returns true if action was taken (and the
+  * packet should be ignored), or false if no action was taken.
+  */
+-static isc_boolean_t
++static bool
+ dhc6_select_action(struct client_state *client, isc_result_t *rvalp,
+ 		   unsigned code)
+ {
+@@ -2705,12 +2705,12 @@ dhc6_select_action(struct client_state *
+ 
+ 	if (client == NULL) {
+ 		*rvalp = DHCP_R_INVALIDARG;
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 	rval = *rvalp;
+ 
+ 	if (rval == ISC_R_SUCCESS)
+-		return ISC_FALSE;
++		return false;
+ 
+ 	switch (code) {
+ 		/* We may have an earlier failure status code (so no
+@@ -2723,7 +2723,7 @@ dhc6_select_action(struct client_state *
+ 	      case STATUS_NoBinding:
+ 	      case STATUS_UseMulticast:
+ 		/* Take no action. */
+-		return ISC_FALSE;
++		return false;
+ 
+ 		/* If the server can't deal with us, either try the
+ 		 * next advertised server, or continue retrying if there
+@@ -2739,7 +2739,7 @@ dhc6_select_action(struct client_state *
+ 
+ 			break;
+ 		} else /* Take no action - continue to retry. */
+-			return ISC_FALSE;
++			return false;
+ 
+ 		/* If the server has no addresses, try other servers if
+ 		 * we got some, otherwise go to INIT to hope for more
+@@ -2748,7 +2748,7 @@ dhc6_select_action(struct client_state *
+ 	      case STATUS_NoAddrsAvail:
+ 	      case STATUS_NoPrefixAvail:
+ 		if (client->state == S_REBOOTING)
+-			return ISC_FALSE;
++			return false;
+ 
+ 		if (client->selected_lease == NULL)
+ 			log_fatal("Impossible case at %s:%d.", MDL);
+@@ -2794,7 +2794,7 @@ dhc6_select_action(struct client_state *
+ 		break;
+ 	}
+ 
+-	return ISC_TRUE;
++	return true;
+ }
+ 
+ static void
+@@ -2821,7 +2821,7 @@ dhc6_withdraw_lease(struct client_state
+  * (request/reply).  Returns true if action was taken (and the
+  * packet should be ignored), or false if no action was taken.
+  */
+-static isc_boolean_t
++static bool
+ dhc6_reply_action(struct client_state *client, isc_result_t *rvalp,
+ 		  unsigned code)
+ {
+@@ -2832,12 +2832,12 @@ dhc6_reply_action(struct client_state *c
+ 
+ 	if (client == NULL) {
+ 		*rvalp = DHCP_R_INVALIDARG;
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 	rval = *rvalp;
+ 
+ 	if (rval == ISC_R_SUCCESS)
+-		return ISC_FALSE;
++		return false;
+ 
+ 	switch (code) {
+ 		/* It's possible an earlier status code set rval to a failure
+@@ -2852,7 +2852,7 @@ dhc6_reply_action(struct client_state *c
+ 	      case STATUS_UnspecFail:
+ 		/* For unknown codes...it's a soft (retryable) error. */
+ 	      default:
+-		return ISC_FALSE;
++		return false;
+ 
+ 		/* The server is telling us to use a multicast address, so
+ 		 * we have to delete the unicast option from the active
+@@ -2865,7 +2865,7 @@ dhc6_reply_action(struct client_state *c
+ 			delete_option(&dhcp_universe,
+ 				      client->active_lease->options,
+ 				      D6O_UNICAST);
+-		return ISC_FALSE;
++		return false;
+ 
+ 		/* "When the client receives a NotOnLink status from the
+ 		 *  server in response to a Request, the client can either
+@@ -2914,7 +2914,7 @@ dhc6_reply_action(struct client_state *c
+ 		break;
+ 	}
+ 
+-	return ISC_TRUE;
++	return true;
+ }
+ 
+ /* status code <-> action matrix for the client in STOPPED state
+@@ -2922,7 +2922,7 @@ dhc6_reply_action(struct client_state *c
+  * packet should be ignored), or false if no action was taken.
+  * NoBinding is translated into Success.
+  */
+-static isc_boolean_t
++static bool
+ dhc6_stop_action(struct client_state *client, isc_result_t *rvalp,
+ 		  unsigned code)
+ {
+@@ -2933,12 +2933,12 @@ dhc6_stop_action(struct client_state *cl
+ 
+ 	if (client == NULL) {
+ 		*rvalp = DHCP_R_INVALIDARG;
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 	rval = *rvalp;
+ 
+ 	if (rval == ISC_R_SUCCESS)
+-		return ISC_FALSE;
++		return false;
+ 
+ 	switch (code) {
+ 		/* It's possible an earlier status code set rval to a failure
+@@ -2948,13 +2948,13 @@ dhc6_stop_action(struct client_state *cl
+ 		/* For unknown codes...it's a soft (retryable) error. */
+ 	      case STATUS_UnspecFail:
+ 	      default:
+-		return ISC_FALSE;
++		return false;
+ 
+ 		/* NoBinding is not an error */
+ 	      case STATUS_NoBinding:
+ 		if (rval == ISC_R_FAILURE)
+ 			*rvalp = ISC_R_SUCCESS;
+-		return ISC_FALSE;
++		return false;
+ 
+ 		/* Should not happen */
+ 	      case STATUS_NoAddrsAvail:
+@@ -2976,13 +2976,13 @@ dhc6_stop_action(struct client_state *cl
+ 			delete_option(&dhcp_universe,
+ 				      client->active_lease->options,
+ 				      D6O_UNICAST);
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 
+-	return ISC_TRUE;
++	return true;
+ }
+ 
+-static isc_boolean_t
++static bool
+ dhc6_decline_action(struct client_state *client, isc_result_t *rvalp,
+ 		  unsigned code)
+ {
+@@ -2993,12 +2993,12 @@ dhc6_decline_action(struct client_state
+ 
+ 	if (client == NULL) {
+ 		*rvalp = DHCP_R_INVALIDARG;
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 	rval = *rvalp;
+ 
+ 	if (rval == ISC_R_SUCCESS) {
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 
+ 	switch (code) {
+@@ -3013,13 +3013,13 @@ dhc6_decline_action(struct client_state
+ 			delete_option(&dhcp_universe,
+ 				      client->active_lease->options,
+ 				      D6O_UNICAST);
+-		return ISC_FALSE;
++		return false;
+ 	default:
+ 		/* Anything else is basically meaningless */
+ 		break;
+ 	}
+ 
+-	return ISC_TRUE;
++	return true;
+ }
+ 
+ 
+@@ -3029,14 +3029,14 @@ dhc6_decline_action(struct client_state
+ static isc_result_t
+ dhc6_check_reply(struct client_state *client, struct dhc6_lease *new)
+ {
+-	isc_boolean_t (*action)(struct client_state *,
++	bool (*action)(struct client_state *,
+ 				isc_result_t *, unsigned);
+ 	struct dhc6_ia *ia;
+ 	isc_result_t rval = ISC_R_SUCCESS;
+ 	unsigned code;
+ 	const char *scope;
+ 	int nscore, sscore;
+-	int have_addrs = ISC_FALSE;
++	int have_addrs = false;
+ 	int got_na = 0, got_ta = 0, got_pd = 0;
+ 
+ 	if ((client == NULL) || (new == NULL))
+@@ -3102,7 +3102,7 @@ dhc6_check_reply(struct client_state *cl
+ 			return ISC_R_CANCELED;
+ 
+ 		if (ia->addrs != NULL) {
+-			have_addrs = ISC_TRUE;
++			have_addrs = true;
+ 		}
+ 	}
+ 
+@@ -3119,13 +3119,13 @@ dhc6_check_reply(struct client_state *cl
+ 	 * check in and commented it as I eventually do want
+ 	 * us to check for TAs as well.  SAR
+ 	 */
+-	if ((have_addrs != ISC_TRUE) ||
++	if ((have_addrs != true) ||
+ 	    ((require_all_ias != 0) &&
+ 	     ((got_na < wanted_ia_na) ||
+ 	      /*(got_ta < wanted_ia_ta) ||*/
+ 	      (got_pd < wanted_ia_pd)))) {
+ 		rval = ISC_R_FAILURE;
+-		if (action(client, &rval, STATUS_NoAddrsAvail) == ISC_TRUE) {
++		if (action(client, &rval, STATUS_NoAddrsAvail) == true) {
+ 			return ISC_R_CANCELED;
+ 		}
+ 	}
+@@ -4256,7 +4256,7 @@ dhc6_add_ia_pd(struct client_state *clie
+ 
+ /* stopping_finished() checks if there is a remaining work to do.
+  */
+-static isc_boolean_t
++static bool
+ stopping_finished(void)
+ {
+ 	struct interface_info *ip;
+@@ -4265,12 +4265,12 @@ stopping_finished(void)
+ 	for (ip = interfaces; ip; ip = ip -> next) {
+ 		for (client = ip -> client; client; client = client -> next) {
+ 			if (client->state != S_STOPPED)
+-				return ISC_FALSE;
++				return false;
+ 			if (client->active_lease != NULL)
+-				return ISC_FALSE;
++				return false;
+ 		}
+ 	}
+-	return ISC_TRUE;
++	return true;
+ }
+ 
+ /* reply_handler() accepts a Reply while we're attempting Select or Renew or
+@@ -4474,8 +4474,8 @@ dhc6_check_times(struct client_state *cl
+ 	struct dhc6_addr *addr;
+ 	TIME renew=MAX_TIME, rebind=MAX_TIME, depref=MAX_TIME,
+ 	     lo_expire=MAX_TIME, hi_expire=0, max_ia_starts = 0, tmp;
+-	int has_addrs = ISC_FALSE;
+-	int has_preferred_addrs = ISC_FALSE;
++	int has_addrs = false;
++	int has_preferred_addrs = false;
+ 	struct timeval tv;
+ 
+ 	lease = client->active_lease;
+@@ -4506,7 +4506,7 @@ dhc6_check_times(struct client_state *cl
+ 					depref = tmp;
+ 
+ 				if (!(addr->flags & DHC6_ADDR_EXPIRED)) {
+-					has_preferred_addrs = ISC_TRUE;
++					has_preferred_addrs = true;
+ 				}
+ 			}
+ 
+@@ -4525,7 +4525,7 @@ dhc6_check_times(struct client_state *cl
+ 				if (tmp < this_ia_lo_expire)
+ 					this_ia_lo_expire = tmp;
+ 
+-				has_addrs = ISC_TRUE;
++				has_addrs = true;
+ 			}
+ 		}
+ 
+@@ -4603,7 +4603,7 @@ dhc6_check_times(struct client_state *cl
+ 	 * In the future, we may decide that we're done here, or to
+ 	 * schedule a future request (using 4-pkt info-request model).
+ 	 */
+-	if (has_addrs == ISC_FALSE) {
++	if (has_addrs == false) {
+ 		dhc6_lease_destroy(&client->active_lease, MDL);
+ 		client->active_lease = NULL;
+ 
+@@ -4855,7 +4855,7 @@ start_bound(struct client_state *client)
+ 			  "is selected.");
+ 		return;
+ 	}
+-	lease->released = ISC_FALSE;
++	lease->released = false;
+ 	old = client->old_lease;
+ 
+ 	client->v6_handler = bound_handler;
+@@ -5448,8 +5448,8 @@ do_expire(void *input)
+ 	struct dhc6_lease *lease;
+ 	struct dhc6_ia *ia, **tia;
+ 	struct dhc6_addr *addr;
+-	int has_addrs = ISC_FALSE;
+-	int ia_has_addrs = ISC_FALSE;
++	int has_addrs = false;
++	int ia_has_addrs = false;
+ 
+ 	client = (struct client_state *)input;
+ 
+@@ -5458,7 +5458,7 @@ do_expire(void *input)
+ 		return;
+ 
+ 	for (ia = lease->bindings, tia = &lease->bindings; ia != NULL ; ) {
+-		ia_has_addrs = ISC_FALSE;
++		ia_has_addrs = false;
+ 		for (addr = ia->addrs ; addr != NULL ; addr = addr->next) {
+ 			if (addr->flags & DHC6_ADDR_EXPIRED)
+ 				continue;
+@@ -5495,14 +5495,14 @@ do_expire(void *input)
+ 				continue;
+ 			}
+ 
+-			ia_has_addrs = ISC_TRUE;
+-			has_addrs = ISC_TRUE;
++			ia_has_addrs = true;
++			has_addrs = true;
+ 		}
+ 
+ 		/* Update to the next ia and git rid of this ia
+ 		 * if it doesn't have any leases.
+ 		 */
+-		if (ia_has_addrs == ISC_TRUE) {
++		if (ia_has_addrs == true) {
+ 			/* leases, just advance the list pointer */
+ 			tia = &(*tia)->next;
+ 		} else {
+@@ -5517,7 +5517,7 @@ do_expire(void *input)
+ 	}
+ 
+ 	/* Clean up empty leases. */
+-	if (has_addrs == ISC_FALSE) {
++	if (has_addrs == false) {
+ 		log_info("PRC: Bound lease is devoid of active addresses."
+ 			 "  Re-initializing.");
+ 
+@@ -5596,14 +5596,14 @@ dhc6_check_irt(struct client_state *clie
+ 	TIME expire = MAX_TIME;
+ 	struct timeval tv;
+ 	int i;
+-	isc_boolean_t found = ISC_FALSE;
++	bool found = false;
+ 
+ 	cancel_timeout(refresh_info_request6, client);
+ 
+ 	req = client->config->requested_options;
+ 	for (i = 0; req[i] != NULL; i++) {
+ 		if (req[i] == irt_option) {
+-			found = ISC_TRUE;
++			found = true;
+ 			break;
+ 		}
+ 	}
+@@ -5924,7 +5924,7 @@ static void script_write_requested6(clie
+ /*
+  * Check if there is something not fully defined in the active lease.
+  */
+-static isc_boolean_t
++static bool
+ active_prefix(struct client_state *client)
+ {
+ 	struct dhc6_lease *lease;
+@@ -5934,21 +5934,21 @@ active_prefix(struct client_state *clien
+ 
+ 	lease = client->active_lease;
+ 	if (lease == NULL)
+-		return ISC_FALSE;
++		return false;
+ 	memset(zeros, 0, 16);
+ 	for (ia = lease->bindings; ia != NULL; ia = ia->next) {
+ 		if (ia->ia_type != D6O_IA_PD)
+ 			continue;
+ 		for (pref = ia->addrs; pref != NULL; pref = pref->next) {
+ 			if (pref->plen == 0)
+-				return ISC_FALSE;
++				return false;
+ 			if (pref->address.len != 16)
+-				return ISC_FALSE;
++				return false;
+ 			if (memcmp(pref->address.iabuf, zeros, 16) == 0)
+-				return ISC_FALSE;
++				return false;
+ 		}
+ 	}
+-	return ISC_TRUE;
++	return true;
+ }
+ 
+ /* Adds a leases's declined addreses to the outbound packet
+@@ -6111,26 +6111,26 @@ int drop_declined_addrs(struct dhc6_leas
+ /* Run through the addresses in lease and return true if there's any unexpired.
+  * Return false otherwise.
+  */
+-static isc_boolean_t
++static bool
+ unexpired_address_in_lease(struct dhc6_lease *lease)
+ {
+ 	struct dhc6_ia *ia;
+ 	struct dhc6_addr *addr;
+ 
+ 	if (lease == NULL) {
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 
+ 	for (ia = lease->bindings ; ia != NULL ; ia = ia->next) {
+ 		for (addr = ia->addrs ; addr != NULL ; addr = addr->next) {
+ 			if (!(addr->flags & DHC6_ADDR_EXPIRED) &&
+ 			    (addr->starts + addr->max_life > cur_time)) {
+-				return ISC_TRUE;
++				return true;
+ 			}
+ 		}
+ 	}
+ 
+ 	log_debug("PRC: Previous lease is devoid of active addresses.");
+-	return ISC_FALSE;
++	return false;
+ }
+ #endif /* DHCPv6 */
+Index: dhcp-4.4.1/client/dhclient.c
+===================================================================
+--- dhcp-4.4.1.orig/client/dhclient.c
++++ dhcp-4.4.1/client/dhclient.c
+@@ -52,7 +52,7 @@ char *path_dhclient_script = path_dhclie
+ const char *path_dhclient_duid = NULL;
+ 
+ /* False (default) => we write and use a pid file */
+-isc_boolean_t no_pid_file = ISC_FALSE;
++bool no_pid_file = false;
+ 
+ int dhcp_max_agent_option_packet_length = 0;
+ 
+@@ -397,7 +397,7 @@ main(int argc, char **argv) {
+ 			path_dhclient_pid = argv[i];
+ 			no_dhclient_pid = 1;
+ 		} else if (!strcmp(argv[i], "--no-pid")) {
+-			no_pid_file = ISC_TRUE;
++			no_pid_file = true;
+ 		} else if (!strcmp(argv[i], "-cf")) {
+ 			if (++i == argc)
+ 				usage(use_noarg, argv[i-1]);
+@@ -652,7 +652,7 @@ main(int argc, char **argv) {
+ 	 * to write a pid file - we assume they are controlling
+ 	 * the process in some other fashion.
+ 	 */
+-	if ((release_mode || exit_mode) && (no_pid_file == ISC_FALSE)) {
++	if ((release_mode || exit_mode) && (no_pid_file == false)) {
+ 		FILE *pidfd;
+ 		pid_t oldpid;
+ 		long temp;
+@@ -4469,7 +4469,7 @@ void write_client_pid_file ()
+ 	int pfdesc;
+ 
+ 	/* nothing to do if the user doesn't want a pid file */
+-	if (no_pid_file == ISC_TRUE) {
++	if (no_pid_file == true) {
+ 		return;
+ 	}
+ 
+@@ -4727,7 +4727,7 @@ unsigned cons_agent_information_options
+ static void shutdown_exit (void *foo)
+ {
+ 	/* get rid of the pid if we can */
+-	if (no_pid_file == ISC_FALSE)
++	if (no_pid_file == false)
+ 		(void) unlink(path_dhclient_pid);
+ 	finish(0);
+ }
+Index: dhcp-4.4.1/common/inet.c
+===================================================================
+--- dhcp-4.4.1.orig/common/inet.c
++++ dhcp-4.4.1/common/inet.c
+@@ -299,7 +299,7 @@ addr_and(struct iaddr *result, const str
+  *
+  * Because the final ".1" would get masked out by the /8.
+  */
+-isc_boolean_t
++bool
+ is_cidr_mask_valid(const struct iaddr *addr, int bits) {
+ 	int zero_bits;
+ 	int zero_bytes;
+@@ -311,10 +311,10 @@ is_cidr_mask_valid(const struct iaddr *a
+ 	 * Check our bit boundaries.
+ 	 */
+ 	if (bits < 0) {
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 	if (bits > (addr->len * 8)) {
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 
+ 	/*
+@@ -328,7 +328,7 @@ is_cidr_mask_valid(const struct iaddr *a
+ 	 */
+ 	for (i=1; i<=zero_bytes; i++) {
+ 		if (addr->iabuf[addr->len-i] != 0) {
+-			return ISC_FALSE;
++			return false;
+ 		}
+ 	}
+ 
+@@ -340,7 +340,7 @@ is_cidr_mask_valid(const struct iaddr *a
+ 	 * happy.
+ 	 */
+ 	shift_bits = zero_bits % 8;
+-	if (shift_bits == 0) return ISC_TRUE;
++	if (shift_bits == 0) return true;
+ 	byte = addr->iabuf[addr->len-zero_bytes-1];
+ 	return (((byte >> shift_bits) << shift_bits) == byte);
+ }
+Index: dhcp-4.4.1/common/options.c
+===================================================================
+--- dhcp-4.4.1.orig/common/options.c
++++ dhcp-4.4.1/common/options.c
+@@ -676,7 +676,7 @@ cons_options(struct packet *inpacket, st
+ 		 * the priority_list. This way we'll send it whether or not it
+ 		 * is in the PRL. */
+ 		if ((inpacket != NULL) && (priority_len < PRIORITY_COUNT) &&
+-		    (inpacket->sv_echo_client_id == ISC_TRUE)) {
++		    (inpacket->sv_echo_client_id == true)) {
+ 			priority_list[priority_len++] =
+ 				DHO_DHCP_CLIENT_IDENTIFIER;
+ 		}
+@@ -1802,7 +1802,7 @@ const char *pretty_print_option (option,
+ 	const unsigned char *dp = data;
+ 	char comma;
+ 	unsigned long tval;
+-	isc_boolean_t a_array = ISC_FALSE;
++	bool a_array = false;
+ 	int len_used;
+ 
+ 	if (emit_commas)
+@@ -1828,7 +1828,7 @@ const char *pretty_print_option (option,
+ 		fmtbuf [l] = option -> format [i];
+ 		switch (option -> format [i]) {
+ 		      case 'a':
+-			a_array = ISC_TRUE;
++			a_array = true;
+ 			/* Fall through */
+ 		      case 'A':
+ 			--numelem;
+@@ -1858,7 +1858,7 @@ const char *pretty_print_option (option,
+ 				hunksize++;
+ 				comma = ':';
+ 				numhunk = 0;
+-				a_array = ISC_TRUE;
++				a_array = true;
+ 				hunkinc = 1;
+ 			}
+ 			fmtbuf [l + 1] = 0;
+@@ -1954,7 +1954,7 @@ const char *pretty_print_option (option,
+ 
+ 	/* If this is an array, compute its size. */
+ 	if (numhunk == 0) {
+-		if (a_array == ISC_TRUE) {
++		if (a_array == true) {
+ 			/*
+ 			 * It is an 'a' type array - we repeat the
+ 			 * last format type.  A binary string for 'X'
+@@ -2006,7 +2006,7 @@ const char *pretty_print_option (option,
+ 
+ 	/* Cycle through the array (or hunk) printing the data. */
+ 	for (i = 0; i < numhunk; i++) {
+-		if ((a_array == ISC_TRUE) && (i != 0) && (numelem > 0)) {
++		if ((a_array == true) && (i != 0) && (numelem > 0)) {
+ 			/*
+ 			 * For 'a' type of arrays we repeat
+ 			 * only the last format character
+@@ -2734,7 +2734,7 @@ save_option(struct universe *universe, s
+ 	    struct option_cache *oc)
+ {
+ 	if (universe->save_func)
+-		(*universe->save_func)(universe, options, oc, ISC_FALSE);
++		(*universe->save_func)(universe, options, oc, true);
+ 	else
+ 		log_error("can't store options in %s space.", universe->name);
+ }
+@@ -2745,14 +2745,14 @@ also_save_option(struct universe *univer
+ 		 struct option_cache *oc)
+ {
+ 	if (universe->save_func)
+-		(*universe->save_func)(universe, options, oc, ISC_TRUE);
++		(*universe->save_func)(universe, options, oc, true);
+ 	else
+ 		log_error("can't store options in %s space.", universe->name);
+ }
+ 
+ void
+ save_hashed_option(struct universe *universe, struct option_state *options,
+-		   struct option_cache *oc, isc_boolean_t appendp)
++		   struct option_cache *oc, bool appendp)
+ {
+ 	int hashix;
+ 	pair bptr;
+@@ -3062,7 +3062,7 @@ store_option(struct data_string *result,
+ 						  cfg_options, scope, subu);
+ 				subu = NULL;
+ 			}
+-		} while (ISC_FALSE);
++		} while (false);
+ 
+ 		status = append_option(result, universe, oc->option, &tmp);
+ 		data_string_forget(&tmp, MDL);
+@@ -3459,7 +3459,7 @@ lookup_fqdn6_option(struct universe *uni
+  */
+ void
+ save_fqdn6_option(struct universe *universe, struct option_state *options,
+-		  struct option_cache *oc, isc_boolean_t appendp)
++		  struct option_cache *oc, bool appendp)
+ {
+ 	log_fatal("Impossible condition at %s:%d.", MDL);
+ }
+@@ -3784,7 +3784,7 @@ void hashed_option_space_foreach (struct
+ 
+ void
+ save_linked_option(struct universe *universe, struct option_state *options,
+-		   struct option_cache *oc, isc_boolean_t appendp)
++		   struct option_cache *oc, bool appendp)
+ {
+ 	pair *tail;
+ 	struct option_chain_head *head;
+@@ -4073,7 +4073,7 @@ packet6_len_okay(const char *packet, int
+ void
+ do_packet6(struct interface_info *interface, const char *packet,
+ 	   int len, int from_port, const struct iaddr *from,
+-	   isc_boolean_t was_unicast) {
++	   bool was_unicast) {
+ 	unsigned char msg_type;
+ 	const struct dhcpv6_packet *msg;
+ 	const struct dhcpv6_relay_packet *relay;
+Index: dhcp-4.4.1/common/parse.c
+===================================================================
+--- dhcp-4.4.1.orig/common/parse.c
++++ dhcp-4.4.1/common/parse.c
+@@ -4952,7 +4952,7 @@ int parse_option_token (rv, cfile, fmt,
+ 	unsigned len;
+ 	struct iaddr addr;
+ 	int compress;
+-	isc_boolean_t freeval = ISC_FALSE;
++	bool freeval = false;
+ 	const char *f, *g;
+ 	struct enumeration_value *e;
+ 
+@@ -5038,7 +5038,7 @@ int parse_option_token (rv, cfile, fmt,
+ 			return 0;
+ 		}
+ 		len = strlen (val);
+-		freeval = ISC_TRUE;
++		freeval = true;
+ 		goto make_string;
+ 
+ 	      case 't': /* Text string... */
+@@ -5055,9 +5055,9 @@ int parse_option_token (rv, cfile, fmt,
+ 		if (!make_const_data (&t, (const unsigned char *)val,
+ 				      len, 1, 1, MDL))
+ 			log_fatal ("No memory for concatenation");
+-		if (freeval == ISC_TRUE) {
++		if (freeval == true) {
+ 			dfree((char *)val, MDL);
+-			freeval = ISC_FALSE;
++			freeval = false;
+ 			POST(freeval);
+ 		}
+ 		break;
+Index: dhcp-4.4.1/omapip/dispatch.c
+===================================================================
+--- dhcp-4.4.1.orig/omapip/dispatch.c
++++ dhcp-4.4.1/omapip/dispatch.c
+@@ -156,7 +156,7 @@ omapi_iscsock_cb(isc_task_t   *task,
+ 	 * This should be a temporary fix until we arrange to properly
+ 	 * close the socket.
+ 	 */
+-	if (obj->closed == ISC_TRUE) {
++	if (obj->closed == true) {
+ 		return(0);
+ 	}
+ #endif	  
+@@ -223,7 +223,7 @@ isc_result_t omapi_register_io_object (o
+ 	status = omapi_io_allocate (&obj, MDL);
+ 	if (status != ISC_R_SUCCESS)
+ 		return status;
+-	obj->closed = ISC_FALSE;  /* mark as open */
++	obj->closed = false;  /* mark as open */
+ 
+ 	status = omapi_object_reference (&obj -> inner, h, MDL);
+ 	if (status != ISC_R_SUCCESS) {
+@@ -404,7 +404,7 @@ isc_result_t omapi_unregister_io_object
+ 		isc_socket_detach(&obj->fd);
+ 	}
+ #else
+-	obj->closed = ISC_TRUE;
++	obj->closed = true;
+ #endif
+ 
+ 	omapi_io_dereference (&ph, MDL);
+Index: dhcp-4.4.1/omapip/isclib.c
+===================================================================
+--- dhcp-4.4.1.orig/omapip/isclib.c
++++ dhcp-4.4.1/omapip/isclib.c
+@@ -106,9 +106,9 @@ isclib_cleanup(void)
+ 	if (dhcp_gbl_ctx.taskmgr != NULL)
+ 		isc_taskmgr_destroy(&dhcp_gbl_ctx.taskmgr);
+ 
+-	if (dhcp_gbl_ctx.actx_started != ISC_FALSE) {
++	if (dhcp_gbl_ctx.actx_started != false) {
+ 		isc_app_ctxfinish(dhcp_gbl_ctx.actx);
+-		dhcp_gbl_ctx.actx_started = ISC_FALSE;
++		dhcp_gbl_ctx.actx_started = false;
+ 	}
+ 
+ 	if (dhcp_gbl_ctx.actx != NULL)
+@@ -211,7 +211,7 @@ dhcp_context_create(int flags,
+ 		result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
+ 		if (result != ISC_R_SUCCESS)
+ 			return (result);
+-		dhcp_gbl_ctx.actx_started = ISC_TRUE;
++		dhcp_gbl_ctx.actx_started = true;
+ 
+ 		/* Not all OSs support suppressing SIGPIPE through socket
+ 		 * options, so set the sigal action to be ignore.  This allows
+Index: dhcp-4.4.1/omapip/protocol.c
+===================================================================
+--- dhcp-4.4.1.orig/omapip/protocol.c
++++ dhcp-4.4.1/omapip/protocol.c
+@@ -950,14 +950,14 @@ isc_result_t omapi_protocol_stuff_values
+ /* Returns a boolean indicating whether this protocol requires that
+    messages be authenticated or not. */
+ 
+-isc_boolean_t omapi_protocol_authenticated (omapi_object_t *h)
++bool omapi_protocol_authenticated (omapi_object_t *h)
+ {
+ 	if (h -> type != omapi_type_protocol)
+-		return isc_boolean_false;
++		return false;
+ 	if (((omapi_protocol_object_t *)h) -> insecure)
+-		return isc_boolean_false;
++		return false;
+ 	else
+-		return isc_boolean_true;
++		return true;
+ }
+ 
+ /* Sets the address and authenticator verification callbacks.  The handle
+Index: dhcp-4.4.1/relay/dhcrelay.c
+===================================================================
+--- dhcp-4.4.1.orig/relay/dhcrelay.c
++++ dhcp-4.4.1/relay/dhcrelay.c
+@@ -45,9 +45,9 @@ char *token_line;
+ char *tlname;
+ 
+ const char *path_dhcrelay_pid = _PATH_DHCRELAY_PID;
+-isc_boolean_t no_dhcrelay_pid = ISC_FALSE;
++bool no_dhcrelay_pid = false;
+ /* False (default) => we write and use a pid file */
+-isc_boolean_t no_pid_file = ISC_FALSE;
++bool no_pid_file = false;
+ 
+ int bogus_agent_drops = 0;	/* Packets dropped because agent option
+ 				   field was specified and we're not relaying
+@@ -82,7 +82,7 @@ int dfd[2] = { -1, -1 };
+ 
+ #ifdef DHCPv6
+ 	/* Force use of DHCPv6 interface-id option. */
+-isc_boolean_t use_if_id = ISC_FALSE;
++bool use_if_id = false;
+ #endif
+ 
+ 	/* Maximum size of a packet with agent options added. */
+@@ -556,7 +556,7 @@ main(int argc, char **argv) {
+ 			}
+ 			local_family_set = 1;
+ 			local_family = AF_INET6;
+-			use_if_id = ISC_TRUE;
++			use_if_id = true;
+ 		} else if (!strcmp(argv[i], "-l")) {
+ 			if (local_family_set && (local_family == AF_INET)) {
+ 				usage(use_v6command, argv[i]);
+@@ -564,7 +564,7 @@ main(int argc, char **argv) {
+ 			local_family_set = 1;
+ 			local_family = AF_INET6;
+ 			if (downstreams != NULL)
+-				use_if_id = ISC_TRUE;
++				use_if_id = true;
+ 			if (++i == argc)
+ 				usage(use_noarg, argv[i-1]);
+ 			sl = parse_downstream(argv[i]);
+@@ -595,9 +595,9 @@ main(int argc, char **argv) {
+ 			if (++i == argc)
+ 				usage(use_noarg, argv[i-1]);
+ 			path_dhcrelay_pid = argv[i];
+-			no_dhcrelay_pid = ISC_TRUE;
++			no_dhcrelay_pid = true;
+ 		} else if (!strcmp(argv[i], "--no-pid")) {
+-			no_pid_file = ISC_TRUE;
++			no_pid_file = true;
+  		} else if (argv[i][0] == '-') {
+ 			usage("Unknown command: %s", argv[i]);
+  		} else {
+@@ -645,7 +645,7 @@ main(int argc, char **argv) {
+ 	 * If the user didn't specify a pid file directly
+ 	 * find one from environment variables or defaults
+ 	 */
+-	if (no_dhcrelay_pid == ISC_FALSE) {
++	if (no_dhcrelay_pid == false) {
+ 		if (local_family == AF_INET) {
+ 			path_dhcrelay_pid = getenv("PATH_DHCRELAY_PID");
+ 			if (path_dhcrelay_pid == NULL)
+@@ -774,7 +774,7 @@ main(int argc, char **argv) {
+ 		}
+ 
+ 		/* Create the pid file. */
+-		if (no_pid_file == ISC_FALSE) {
++		if (no_pid_file == false) {
+ 			pfdesc = open(path_dhcrelay_pid,
+ 				      O_CREAT | O_TRUNC | O_WRONLY, 0644);
+ 
+@@ -1569,7 +1569,7 @@ static void
+ setup_streams(void) {
+ 	struct stream_list *dp, *up;
+ 	int i;
+-	isc_boolean_t link_is_set;
++	bool link_is_set;
+ 
+ 	for (dp = downstreams; dp; dp = dp->next) {
+ 		/* Check interface */
+@@ -1579,9 +1579,9 @@ setup_streams(void) {
+ 
+ 		/* Check/set link. */
+ 		if (IN6_IS_ADDR_UNSPECIFIED(&dp->link.sin6_addr))
+-			link_is_set = ISC_FALSE;
++			link_is_set = false;
+ 		else
+-			link_is_set = ISC_TRUE;
++			link_is_set = true;
+ 		for (i = 0; i < dp->ifp->v6address_count; i++) {
+ 			if (IN6_IS_ADDR_LINKLOCAL(&dp->ifp->v6addresses[i]))
+ 				continue;
+@@ -2076,7 +2076,7 @@ dhcp_set_control_state(control_object_st
+ 	if (newstate != server_shutdown)
+ 		return ISC_R_SUCCESS;
+ 
+-	if (no_pid_file == ISC_FALSE)
++	if (no_pid_file == false)
+ 		(void) unlink(path_dhcrelay_pid);
+ 
+ 	if (!no_daemon && dfd[0] != -1 && dfd[1] != -1) {
+Index: dhcp-4.4.1/server/dhcp.c
+===================================================================
+--- dhcp-4.4.1.orig/server/dhcp.c
++++ dhcp-4.4.1/server/dhcp.c
+@@ -225,7 +225,7 @@ dhcp (struct packet *packet) {
+ 			packet->options->universe_count =
+ 						agent_universe.index + 1;
+ 
+-		packet->agent_options_stashed = ISC_TRUE;
++		packet->agent_options_stashed = true;
+ 	}
+       nolease:
+ 
+@@ -1094,7 +1094,7 @@ void dhcpinform (packet, ms_nulltp)
+ 	int nulltp;
+ 	struct sockaddr_in to;
+ 	struct in_addr from;
+-	isc_boolean_t zeroed_ciaddr;
++	bool zeroed_ciaddr;
+ 	struct interface_info *interface;
+ 	int result, h_m_client_ip = 0;
+ 	struct host_decl  *host = NULL, *hp = NULL, *h;
+@@ -1109,7 +1109,7 @@ void dhcpinform (packet, ms_nulltp)
+ 	   it's common for clients not to do this, so we'll use their IP
+ 	   source address if they didn't set ciaddr. */
+ 	if (!packet->raw->ciaddr.s_addr) {
+-		zeroed_ciaddr = ISC_TRUE;
++		zeroed_ciaddr = true;
+ 		/* With DHCPv4-over-DHCPv6 it can be an IPv6 address
+ 		   so we check its length. */
+ 		if (packet->client_addr.len == 4) {
+@@ -1122,7 +1122,7 @@ void dhcpinform (packet, ms_nulltp)
+ 			addr_type = "v4o6";
+ 		}
+ 	} else {
+-		zeroed_ciaddr = ISC_FALSE;
++		zeroed_ciaddr = false;
+ 		cip.len = 4;
+ 		memcpy(cip.iabuf, &packet->raw->ciaddr, 4);
+ 		addr_type = "client";
+@@ -1133,7 +1133,7 @@ void dhcpinform (packet, ms_nulltp)
+ 	if (packet->raw->giaddr.s_addr) {
+ 		gip.len = 4;
+ 		memcpy(gip.iabuf, &packet->raw->giaddr, 4);
+-		if (zeroed_ciaddr == ISC_TRUE) {
++		if (zeroed_ciaddr == true) {
+ 			addr_type = "relay";
+ 			memcpy(sip.iabuf, gip.iabuf, 4);
+ 		}
+@@ -1207,7 +1207,7 @@ void dhcpinform (packet, ms_nulltp)
+ 		save_option(&dhcp_universe, options, noc);
+ 		option_cache_dereference(&noc, MDL);
+ 
+-		if ((zeroed_ciaddr == ISC_TRUE) && (gip.len != 0))
++		if ((zeroed_ciaddr == true) && (gip.len != 0))
+ 			addr_type = "relay link select";
+ 		else
+ 			addr_type = "selected";
+@@ -1261,7 +1261,7 @@ void dhcpinform (packet, ms_nulltp)
+ 				    NULL, NULL);
+ 
+ 	/* If we have ciaddr, find its lease so we can find its pool. */
+-	if (zeroed_ciaddr == ISC_FALSE) {
++	if (zeroed_ciaddr == false) {
+ 		struct lease* cip_lease = NULL;
+ 
+ 		find_lease_by_ip_addr (&cip_lease, cip, MDL);
+@@ -2036,7 +2036,7 @@ void echo_client_id(packet, lease, in_op
+ 		unsigned int opcode = DHO_DHCP_CLIENT_IDENTIFIER;
+ 
+ 		/* Save knowledge that echo is enabled to the packet */
+-		packet->sv_echo_client_id = ISC_TRUE;
++		packet->sv_echo_client_id = true;
+ 
+ 		/* Now see if inbound packet contains client-id */
+ 		oc = lookup_option(&dhcp_universe, packet->options, opcode);
+@@ -2187,7 +2187,7 @@ void ack_lease (packet, lease, offer, wh
+ 	struct iaddr cip;
+ #if defined(DELAYED_ACK)
+ 	/* By default we don't do the enqueue */
+-	isc_boolean_t enqueue = ISC_FALSE;
++	bool enqueue = false;
+ #endif
+ 	int use_old_lease = 0;
+ 
+@@ -3217,7 +3217,7 @@ void ack_lease (packet, lease, offer, wh
+ 		 * can just answer right away, set a flag to indicate this.
+ 		 */
+ 		if (commit)
+-			enqueue = ISC_TRUE;
++			enqueue = true;
+ 
+ 		/* Install the new information on 'lt' onto the lease at
+ 		 * 'lease'.  We will not 'commit' this information to disk
+@@ -4234,7 +4234,7 @@ int find_lease (struct lease **lp,
+ 	 * preference, so the first one is the best one.
+ 	 */
+ 	while (uid_lease) {
+-		isc_boolean_t do_release = !packet->raw->ciaddr.s_addr;
++		bool do_release = !packet->raw->ciaddr.s_addr;
+ #if defined (DEBUG_FIND_LEASE)
+ 		log_info ("trying next lease matching client id: %s",
+ 			  piaddr (uid_lease -> ip_addr));
+@@ -4267,7 +4267,7 @@ int find_lease (struct lease **lp,
+ #endif
+ 			/* Allow multiple leases using the same UID
+ 			   on different subnetworks. */
+-			do_release = ISC_FALSE;
++			do_release = false;
+ 			goto n_uid;
+ 		}
+ 
+@@ -5331,7 +5331,7 @@ get_server_source_address(struct in_addr
+ 	struct option_cache *oc = NULL;
+ 	struct data_string d;
+ 	struct in_addr *a = NULL;
+-	isc_boolean_t found = ISC_FALSE;
++	bool found = false;
+ 	int allocate = 0;
+ 
+ 	memset(&d, 0, sizeof(d));
+@@ -5344,7 +5344,7 @@ get_server_source_address(struct in_addr
+ 					  packet->options, options, 
+ 					  &global_scope, oc, MDL)) {
+ 			if (d.len == sizeof(*from)) {
+-				found = ISC_TRUE;
++				found = true;
+ 				memcpy(from, d.data, sizeof(*from));
+ 
+ 				/*
+@@ -5362,7 +5362,7 @@ get_server_source_address(struct in_addr
+ 		oc = NULL;
+ 	}
+ 
+-	if ((found == ISC_FALSE) &&
++	if ((found == false) &&
+ 	    (packet->interface->address_count > 0)) {
+ 		*from = packet->interface->addresses[0];
+ 
+Index: dhcp-4.4.1/server/failover.c
+===================================================================
+--- dhcp-4.4.1.orig/server/failover.c
++++ dhcp-4.4.1/server/failover.c
+@@ -45,7 +45,7 @@ static isc_result_t failover_message_der
+ static void dhcp_failover_pool_balance(dhcp_failover_state_t *state);
+ static void dhcp_failover_pool_reqbalance(dhcp_failover_state_t *state);
+ static int dhcp_failover_pool_dobalance(dhcp_failover_state_t *state,
+-					isc_boolean_t *sendreq);
++					bool *sendreq);
+ static inline int secondary_not_hoarding(dhcp_failover_state_t *state,
+ 					 struct pool *p);
+ static void scrub_lease(struct lease* lease, const char *file, int line);
+@@ -2464,7 +2464,7 @@ void
+ dhcp_failover_pool_rebalance(void *failover_state)
+ {
+ 	dhcp_failover_state_t *state;
+-	isc_boolean_t sendreq = ISC_FALSE;
++	bool sendreq = false;
+ 
+ 	state = (dhcp_failover_state_t *)failover_state;
+ 
+@@ -2512,7 +2512,7 @@ dhcp_failover_pool_reqbalance(dhcp_failo
+  */
+ static int
+ dhcp_failover_pool_dobalance(dhcp_failover_state_t *state,
+-			    isc_boolean_t *sendreq)
++			    bool *sendreq)
+ {
+ 	int lts, total, thresh, hold, panic, pass;
+ 	int leases_queued = 0;
+@@ -2581,7 +2581,7 @@ dhcp_failover_pool_dobalance(dhcp_failov
+ 
+ 		if ((sendreq != NULL) && (lts < panic)) {
+ 			reqlog = "  (requesting peer rebalance!)";
+-			*sendreq = ISC_TRUE;
++			*sendreq = true;
+ 		} else
+ 			reqlog = "";
+ 
+@@ -5111,7 +5111,7 @@ isc_result_t dhcp_failover_send_update_d
+  * a more detailed system of preferences is required, so this is something we
+  * should monitor as we gain experience with these dueling events.
+  */
+-static isc_boolean_t
++static bool
+ failover_lease_is_better(dhcp_failover_state_t *state, struct lease *lease,
+ 			 failover_message_t *msg)
+ {
+@@ -5132,15 +5132,15 @@ failover_lease_is_better(dhcp_failover_s
+ 	      case FTS_ACTIVE:
+ 		if (msg->binding_status == FTS_ACTIVE) {
+ 			if (msg_cltt < lease->cltt)
+-				return ISC_TRUE;
++				return true;
+ 			else if (msg_cltt > lease->cltt)
+-				return ISC_FALSE;
++				return false;
+ 			else if (state->i_am == primary)
+-				return ISC_TRUE;
++				return true;
+ 			else
+-				return ISC_FALSE;
++				return false;
+ 		} else if (msg->binding_status == FTS_EXPIRED) {
+-			return ISC_FALSE;
++			return false;
+ 		}
+ 		/* FALL THROUGH */
+ 
+@@ -5151,11 +5151,11 @@ failover_lease_is_better(dhcp_failover_s
+ 	      case FTS_ABANDONED:
+ 	      case FTS_RESET:
+ 		if (msg->binding_status == FTS_ACTIVE)
+-			return ISC_FALSE;
++			return false;
+ 		else if (state->i_am == primary)
+-			return ISC_TRUE;
++			return true;
+ 		else
+-			return ISC_FALSE;
++			return false;
+ 		/* FALL THROUGH to impossible condition */
+ 
+ 	      default:
+@@ -5164,7 +5164,7 @@ failover_lease_is_better(dhcp_failover_s
+ 
+ 	log_fatal("Impossible condition at %s:%d.", MDL);
+ 	/* Silence compiler warning. */
+-	return ISC_FALSE;
++	return false;
+ }
+ 
+ isc_result_t dhcp_failover_process_bind_update (dhcp_failover_state_t *state,
+@@ -5177,8 +5177,8 @@ isc_result_t dhcp_failover_process_bind_
+ 	int new_binding_state;
+ 	int send_to_backup = 0;
+ 	int required_options;
+-	isc_boolean_t chaddr_changed = ISC_FALSE;
+-	isc_boolean_t ident_changed = ISC_FALSE;
++	bool chaddr_changed = false;
++	bool ident_changed = false;
+ 
+ 	/* Validate the binding update. */
+ 	required_options = FTB_ASSIGNED_IP_ADDRESS | FTB_BINDING_STATUS;
+@@ -5250,7 +5250,7 @@ isc_result_t dhcp_failover_process_bind_
+ 		if ((lt->hardware_addr.hlen != msg->chaddr.count) ||
+ 		    (memcmp(lt->hardware_addr.hbuf, msg->chaddr.data,
+ 			    msg->chaddr.count) != 0))
+-			chaddr_changed = ISC_TRUE;
++			chaddr_changed = true;
+ 
+ 		lt -> hardware_addr.hlen = msg -> chaddr.count;
+ 		memcpy (lt -> hardware_addr.hbuf, msg -> chaddr.data,
+@@ -5262,7 +5262,7 @@ isc_result_t dhcp_failover_process_bind_
+ 		reason = FTR_MISSING_BINDINFO;
+ 		goto bad;
+ 	} else if (msg->binding_status == FTS_ABANDONED) {
+-		chaddr_changed = ISC_TRUE;
++		chaddr_changed = true;
+ 		lt->hardware_addr.hlen = 0;
+ 		if (lt->scope)
+ 			binding_scope_dereference(&lt->scope, MDL);
+@@ -5282,7 +5282,7 @@ isc_result_t dhcp_failover_process_bind_
+ 		    (lt->uid == NULL) || /* Sanity; should never happen. */
+ 		    (memcmp(lt->uid, msg->client_identifier.data,
+ 			    lt->uid_len) != 0))
+-			ident_changed = ISC_TRUE;
++			ident_changed = true;
+ 
+ 		lt->uid_len = msg->client_identifier.count;
+ 
+@@ -5312,7 +5312,7 @@ isc_result_t dhcp_failover_process_bind_
+ 	} else if (lt->uid && msg->binding_status != FTS_RESET &&
+ 		   msg->binding_status != FTS_FREE &&
+ 		   msg->binding_status != FTS_BACKUP) {
+-		ident_changed = ISC_TRUE;
++		ident_changed = true;
+ 		if (lt->uid != lt->uid_buf)
+ 			dfree (lt->uid, MDL);
+ 		lt->uid = NULL;
+@@ -5347,7 +5347,7 @@ isc_result_t dhcp_failover_process_bind_
+ 	if (msg->binding_status == FTS_ACTIVE &&
+ 	    (chaddr_changed || ident_changed)) {
+ #if defined (NSUPDATE)
+-		(void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
++		(void) ddns_removals(lease, NULL, NULL, false);
+ #endif /* NSUPDATE */
+ 
+ 		if (lease->scope != NULL)
+@@ -5534,7 +5534,7 @@ isc_result_t dhcp_failover_process_bind_
+ 	struct iaddr ia;
+ 	const char *message = "no memory";
+ 	u_int32_t pot_expire;
+-	int send_to_backup = ISC_FALSE;
++	int send_to_backup = false;
+ 	struct timeval tv;
+ 
+ 	ia.len = sizeof msg -> assigned_addr;
+@@ -5621,7 +5621,7 @@ isc_result_t dhcp_failover_process_bind_
+ 		if (state->i_am == primary &&
+ 		    !(lease->flags & (RESERVED_LEASE | BOOTP_LEASE)) &&
+ 		    peer_wants_lease(lease))
+-			send_to_backup = ISC_TRUE;
++			send_to_backup = true;
+ 
+ 		if (!send_to_backup && state->me.state == normal)
+ 			commit_leases();
+Index: dhcp-4.4.1/server/dhcpd.c
+===================================================================
+--- dhcp-4.4.1.orig/server/dhcpd.c
++++ dhcp-4.4.1/server/dhcpd.c
+@@ -98,7 +98,7 @@ const char *path_dhcpd_conf = _PATH_DHCP
+ const char *path_dhcpd_db = _PATH_DHCPD_DB;
+ const char *path_dhcpd_pid = _PATH_DHCPD_PID;
+ /* False (default) => we write and use a pid file */
+-isc_boolean_t no_pid_file = ISC_FALSE;
++bool no_pid_file = false;
+ 
+ int dhcp_max_agent_option_packet_length = DHCP_MTU_MAX;
+ 
+@@ -476,7 +476,7 @@ main(int argc, char **argv) {
+ 			path_dhcpd_pid = argv [i];
+ 			have_dhcpd_pid = 1;
+ 		} else if (!strcmp(argv[i], "--no-pid")) {
+-			no_pid_file = ISC_TRUE;
++			no_pid_file = true;
+                 } else if (!strcmp (argv [i], "-t")) {
+ 			/* test configurations only */
+ #ifndef DEBUG
+@@ -863,7 +863,7 @@ main(int argc, char **argv) {
+ 	 * - we don't have a pid file to check
+ 	 * - there is no other process running
+ 	 */
+-	if ((lftest == 0) && (no_pid_file == ISC_FALSE)) {
++	if ((lftest == 0) && (no_pid_file == false)) {
+ 		/*Read previous pid file. */
+ 		if ((i = open(path_dhcpd_pid, O_RDONLY)) >= 0) {
+ 			status = read(i, pbuf, (sizeof pbuf) - 1);
+@@ -974,7 +974,7 @@ main(int argc, char **argv) {
+ 	 * that we have forked we can write our pid if
+ 	 * appropriate.
+ 	 */
+-	if (no_pid_file == ISC_FALSE) {
++	if (no_pid_file == false) {
+ 		i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+ 		if (i >= 0) {
+ 			sprintf(pbuf, "%d\n", (int) getpid());
+@@ -1730,7 +1730,7 @@ static isc_result_t dhcp_io_shutdown_cou
+ 	    free_everything ();
+ 	    omapi_print_dmalloc_usage_by_caller ();
+ #endif
+-	    if (no_pid_file == ISC_FALSE)
++	    if (no_pid_file == false)
+ 		    (void) unlink(path_dhcpd_pid);
+ 	    exit (0);
+ 	}
+@@ -1741,7 +1741,7 @@ static isc_result_t dhcp_io_shutdown_cou
+ 		free_everything ();
+ 		omapi_print_dmalloc_usage_by_caller ();
+ #endif
+-		if (no_pid_file == ISC_FALSE)
++		if (no_pid_file == false)
+ 			(void) unlink(path_dhcpd_pid);
+ 		exit (0);
+ 	}
+@@ -1750,7 +1750,7 @@ static isc_result_t dhcp_io_shutdown_cou
+ #if defined(FAILOVER_PROTOCOL)
+ 	    !failover_connection_count &&
+ #endif
+-	    ISC_TRUE) {
++	    true) {
+ 		shutdown_state = shutdown_done;
+ 		shutdown_time = cur_time;
+ 		goto oncemore;
+Index: dhcp-4.4.1/server/mdb6.c
+===================================================================
+--- dhcp-4.4.1.orig/server/mdb6.c
++++ dhcp-4.4.1/server/mdb6.c
+@@ -514,10 +514,10 @@ ia_remove_all_lease(struct ia_xx *ia, co
+ /*
+  * Compare two IA.
+  */
+-isc_boolean_t
++bool
+ ia_equal(const struct ia_xx *a, const struct ia_xx *b) 
+ {
+-	isc_boolean_t found;
++	bool found;
+ 	int i, j;
+ 
+ 	/*
+@@ -525,9 +525,9 @@ ia_equal(const struct ia_xx *a, const st
+ 	 */
+ 	if (a == NULL) {
+ 		if (b == NULL) {
+-			return ISC_TRUE;
++			return true;
+ 		} else {
+-			return ISC_FALSE;
++			return false;
+ 		}
+ 	}	
+ 
+@@ -535,58 +535,58 @@ ia_equal(const struct ia_xx *a, const st
+ 	 * Check the type is the same.
+ 	 */
+ 	if (a->ia_type != b->ia_type) {
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 
+ 	/*
+ 	 * Check the DUID is the same.
+ 	 */
+ 	if (a->iaid_duid.len != b->iaid_duid.len) {
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 	if (memcmp(a->iaid_duid.data, 
+ 		   b->iaid_duid.data, a->iaid_duid.len) != 0) {
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 
+ 	/*
+ 	 * Make sure we have the same number of addresses/prefixes in each.
+ 	 */
+ 	if (a->num_iasubopt != b->num_iasubopt) {
+-		return ISC_FALSE;
++		return false;
+ 	}
+ 
+ 	/*
+ 	 * Check that each address/prefix is present in both.
+ 	 */
+ 	for (i=0; i<a->num_iasubopt; i++) {
+-		found = ISC_FALSE;
++		found = false;
+ 		for (j=0; j<a->num_iasubopt; j++) {
+ 			if (a->iasubopt[i]->plen != b->iasubopt[i]->plen)
+ 				continue;
+ 			if (memcmp(&(a->iasubopt[i]->addr),
+ 			           &(b->iasubopt[j]->addr), 
+ 				   sizeof(struct in6_addr)) == 0) {
+-				found = ISC_TRUE;
++				found = true;
+ 				break;
+ 			}
+ 		}
+ 		if (!found) {
+-			return ISC_FALSE;
++			return false;
+ 		}
+ 	}
+ 
+ 	/*
+ 	 * These are the same in every way we care about.
+ 	 */
+-	return ISC_TRUE;
++	return true;
+ }
+ 
+ /*
+  * Helper function for lease heaps.
+  * Makes the top of the heap the oldest lease.
+  */
+-static isc_boolean_t 
++static bool 
+ lease_older(void *a, void *b) {
+ 	struct iasubopt *la = (struct iasubopt *)a;
+ 	struct iasubopt *lb = (struct iasubopt *)b;
+@@ -1038,8 +1038,8 @@ create_lease6(struct ipv6_pool *pool, st
+ 	struct data_string new_ds;
+ 	struct iasubopt *iaaddr;
+ 	isc_result_t result;
+-	isc_boolean_t reserved_iid;
+-	static isc_boolean_t init_resiid = ISC_FALSE;
++	bool reserved_iid;
++	static bool init_resiid = false;
+ 
+ 	/*
+ 	 * Fill the reserved IIDs.
+@@ -1049,7 +1049,7 @@ create_lease6(struct ipv6_pool *pool, st
+ 		memset(&resany, 0, 8);
+ 		resany.s6_addr[8] = 0xfd;
+ 		memset(&resany.s6_addr[9], 0xff, 6);
+-		init_resiid = ISC_TRUE;
++		init_resiid = true;
+ 	}
+ 
+ 	/* 
+@@ -1094,14 +1094,14 @@ create_lease6(struct ipv6_pool *pool, st
+ 		/*
+ 		 * Avoid reserved interface IDs. (cf. RFC 5453)
+ 		 */
+-		reserved_iid = ISC_FALSE;
++		reserved_iid = false;
+ 		if (memcmp(&tmp.s6_addr[8], &rtany.s6_addr[8], 8) == 0) {
+-			reserved_iid = ISC_TRUE;
++			reserved_iid = true;
+ 		}
+ 		if (!reserved_iid &&
+ 		    (memcmp(&tmp.s6_addr[8], &resany.s6_addr[8], 7) == 0) &&
+ 		    ((tmp.s6_addr[15] & 0x80) == 0x80)) {
+-			reserved_iid = ISC_TRUE;
++			reserved_iid = true;
+ 		}
+ 
+ 		/*
+@@ -1177,7 +1177,7 @@ create_lease6_eui_64(struct ipv6_pool *p
+ 	struct iasubopt *test_iaaddr;
+ 	struct iasubopt *iaaddr;
+ 	isc_result_t result;
+-	static isc_boolean_t init_resiid = ISC_FALSE;
++	static bool init_resiid = false;
+ 
+ 	/*  Fill the reserved IIDs.  */
+ 	if (!init_resiid) {
+@@ -1185,7 +1185,7 @@ create_lease6_eui_64(struct ipv6_pool *p
+ 		memset(&resany, 0, 8);
+ 		resany.s6_addr[8] = 0xfd;
+ 		memset(&resany.s6_addr[9], 0xff, 6);
+-		init_resiid = ISC_TRUE;
++		init_resiid = true;
+ 	}
+ 
+ 	/* Pool must be IA_NA */
+@@ -1520,7 +1520,7 @@ add_lease6(struct ipv6_pool *pool, struc
+ /*
+  * Determine if an address is present in a pool or not.
+  */
+-isc_boolean_t
++bool
+ lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr) {
+ 	struct iasubopt *test_iaaddr;
+ 
+@@ -1528,9 +1528,9 @@ lease6_exists(const struct ipv6_pool *po
+ 	if (iasubopt_hash_lookup(&test_iaaddr, pool->leases, 
+ 				 (void *)addr, sizeof(*addr), MDL)) {
+ 		iasubopt_dereference(&test_iaaddr, MDL);
+-		return ISC_TRUE;
++		return true;
+ 	} else {
+-		return ISC_FALSE;
++		return false;
+ 	}
+ }
+ 
+@@ -1545,20 +1545,20 @@ lease6_exists(const struct ipv6_pool *po
+  * \param[in] lease = lease to check
+  *
+  * \return
+- * ISC_TRUE  = The lease is allowed to use that address
+- * ISC_FALSE = The lease isn't allowed to use that address
++ * true  = The lease is allowed to use that address
++ * false = The lease isn't allowed to use that address
+  */
+-isc_boolean_t
++bool
+ lease6_usable(struct iasubopt *lease) {
+ 	struct iasubopt *test_iaaddr;
+-	isc_boolean_t status = ISC_TRUE;
++	bool status = true;
+ 
+ 	test_iaaddr = NULL;
+ 	if (iasubopt_hash_lookup(&test_iaaddr, lease->ipv6_pool->leases,
+ 				 (void *)&lease->addr,
+ 				 sizeof(lease->addr), MDL)) {
+ 		if (test_iaaddr != lease) {
+-			status = ISC_FALSE;
++			status = false;
+ 		}
+ 		iasubopt_dereference(&test_iaaddr, MDL);
+ 	}
+@@ -1697,7 +1697,7 @@ move_lease_to_inactive(struct ipv6_pool
+ #if defined (NSUPDATE)
+ 		/* Process events upon expiration. */
+ 		if (pool->pool_type != D6O_IA_PD) {
+-			(void) ddns_removals(NULL, lease, NULL, ISC_FALSE);
++			(void) ddns_removals(NULL, lease, NULL, false);
+ 		}
+ #endif
+ 
+@@ -1977,21 +1977,21 @@ create_prefix6(struct ipv6_pool *pool, s
+ /*
+  * Determine if a prefix is present in a pool or not.
+  */
+-isc_boolean_t
++bool
+ prefix6_exists(const struct ipv6_pool *pool,
+ 	       const struct in6_addr *pref, u_int8_t plen) {
+ 	struct iasubopt *test_iapref;
+ 
+ 	if ((int)plen != pool->units)
+-		return ISC_FALSE;
++		return false;
+ 
+ 	test_iapref = NULL;
+ 	if (iasubopt_hash_lookup(&test_iapref, pool->leases, 
+ 				 (void *)pref, sizeof(*pref), MDL)) {
+ 		iasubopt_dereference(&test_iapref, MDL);
+-		return ISC_TRUE;
++		return true;
+ 	} else {
+-		return ISC_FALSE;
++		return false;
+ 	}
+ }
+ 
+@@ -2267,15 +2267,15 @@ ipv6_network_portion(struct in6_addr *re
+ /*
+  * Determine if the given address/prefix is in the pool.
+  */
+-isc_boolean_t
++bool
+ ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool) {
+ 	struct in6_addr tmp;
+ 
+ 	ipv6_network_portion(&tmp, addr, pool->bits);
+ 	if (memcmp(&tmp, &pool->start_addr, sizeof(tmp)) == 0) {
+-		return ISC_TRUE;
++		return true;
+ 	} else {
+-		return ISC_FALSE;
++		return false;
+ 	}
+ }
+ 
+Index: dhcp-4.4.1/server/ddns.c
+===================================================================
+--- dhcp-4.4.1.orig/server/ddns.c
++++ dhcp-4.4.1/server/ddns.c
+@@ -373,7 +373,7 @@ ddns_updates(struct packet *packet, stru
+ 
+ 		/* If desired do the removals */
+ 		if (do_remove != 0) {
+-			(void) ddns_removals(lease, lease6, NULL, ISC_TRUE);
++			(void) ddns_removals(lease, lease6, NULL, true);
+ 		}
+ 		goto out;
+ 	}
+@@ -618,7 +618,7 @@ ddns_updates(struct packet *packet, stru
+ 		 * We should log a more specific error closer to the actual
+ 		 * error if we want one. ddns_removal failure not logged here.
+ 		 */
+-		 (void) ddns_removals(lease, lease6, ddns_cb, ISC_TRUE);
++		 (void) ddns_removals(lease, lease6, ddns_cb, true);
+ 	}
+ 	else {
+ 		ddns_fwd_srv_connector(lease, lease6, scope, ddns_cb,
+@@ -1907,7 +1907,7 @@ ddns_fwd_srv_rem1(dhcp_ddns_cb_t *ddns_c
+  *     the current entry.
+  *
+  * \li active - indication about the status of the lease. It is
+- *     ISC_TRUE if the lease is still active, and FALSE if the lease
++ *     true if the lease is still active, and FALSE if the lease
+  *     is inactive.  This is used to indicate if the lease is inactive or going
+  *     to inactive so we can avoid trying to update the lease with cb pointers
+  *     and text information if it isn't useful.
+@@ -1923,7 +1923,7 @@ isc_result_t
+ ddns_removals(struct lease    *lease,
+ 	      struct iasubopt *lease6,
+ 	      dhcp_ddns_cb_t  *add_ddns_cb,
+-	      isc_boolean_t    active)
++	      bool    active)
+ {
+ 	isc_result_t rcode, execute_add = ISC_R_FAILURE;
+ 	struct binding_scope **scope = NULL;
+@@ -1970,7 +1970,7 @@ ddns_removals(struct lease    *lease,
+ 			if (((ddns_cb->state == DDNS_STATE_ADD_PTR) ||
+ 			     (ddns_cb->state == DDNS_STATE_ADD_FW_NXDOMAIN) ||
+ 			     (ddns_cb->state == DDNS_STATE_ADD_FW_YXDHCID)) ||
+-			    ((active == ISC_FALSE) &&
++			    ((active == false) &&
+ 			     ((ddns_cb->flags & DDNS_ACTIVE_LEASE) != 0))) {
+ 				/* Cancel the current request */
+ 				ddns_cancel(lease->ddns_cb, MDL);
+@@ -1998,7 +1998,7 @@ ddns_removals(struct lease    *lease,
+ 			if (((ddns_cb->state == DDNS_STATE_ADD_PTR) ||
+ 			     (ddns_cb->state == DDNS_STATE_ADD_FW_NXDOMAIN) ||
+ 			     (ddns_cb->state == DDNS_STATE_ADD_FW_YXDHCID)) ||
+-			    ((active == ISC_FALSE) &&
++			    ((active == false) &&
+ 			     ((ddns_cb->flags & DDNS_ACTIVE_LEASE) != 0))) {
+ 				/* Cancel the current request */
+ 				ddns_cancel(lease6->ddns_cb, MDL);
+@@ -2053,7 +2053,7 @@ ddns_removals(struct lease    *lease,
+ 	 * the lease information for v6 when the response
+ 	 * from the DNS code is processed.
+ 	 */
+-	if (active == ISC_TRUE) {
++	if (active == true) {
+ 		ddns_cb->flags |= DDNS_ACTIVE_LEASE;
+ 	}
+ 
+Index: dhcp-4.4.1/server/mdb.c
+===================================================================
+--- dhcp-4.4.1.orig/server/mdb.c
++++ dhcp-4.4.1/server/mdb.c
+@@ -1504,7 +1504,7 @@ void make_binding_state_transition (stru
+ 	      lease -> binding_state == FTS_ACTIVE &&
+ 	      lease -> next_binding_state != FTS_RELEASED))) {
+ #if defined (NSUPDATE)
+-		(void) ddns_removals(lease, NULL, NULL, ISC_TRUE);
++		(void) ddns_removals(lease, NULL, NULL, true);
+ #endif
+ 		if (lease->on_star.on_expiry) {
+ 			execute_statements(NULL, NULL, lease,
+@@ -1568,7 +1568,7 @@ void make_binding_state_transition (stru
+ 		 * release message.  This is not true of expiry, where the
+ 		 * peer may have extended the lease.
+ 		 */
+-		(void) ddns_removals(lease, NULL, NULL, ISC_TRUE);
++		(void) ddns_removals(lease, NULL, NULL, true);
+ #endif
+ 		if (lease->on_star.on_release) {
+ 			execute_statements(NULL, NULL, lease,
+@@ -1736,7 +1736,7 @@ void release_lease (lease, packet)
+ 	/* If there are statements to execute when the lease is
+ 	   released, execute them. */
+ #if defined (NSUPDATE)
+-	(void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
++	(void) ddns_removals(lease, NULL, NULL, false);
+ #endif
+ 	if (lease->on_star.on_release) {
+ 		execute_statements (NULL, packet, lease,
+@@ -1810,7 +1810,7 @@ void abandon_lease (lease, message)
+ {
+ 	struct lease *lt = NULL;
+ #if defined (NSUPDATE)
+-	(void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
++	(void) ddns_removals(lease, NULL, NULL, false);
+ #endif
+ 
+ 	if (!lease_copy(&lt, lease, MDL)) {
+@@ -1860,7 +1860,7 @@ void dissociate_lease (lease)
+ {
+ 	struct lease *lt = (struct lease *)0;
+ #if defined (NSUPDATE)
+-	(void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
++	(void) ddns_removals(lease, NULL, NULL, false);
+ #endif
+ 
+ 	if (!lease_copy (&lt, lease, MDL))
+@@ -2072,38 +2072,38 @@ int find_lease_by_hw_addr (struct lease
+  *    should never see reset leases for this.
+  * 4) Abandoned leases are always dead last.
+  */
+-static isc_boolean_t
++static bool
+ client_lease_preferred(struct lease *cand, struct lease *lease)
+ {
+ 	if (cand->binding_state == FTS_ACTIVE) {
+ 		if (lease->binding_state == FTS_ACTIVE &&
+ 		    lease->ends >= cand->ends)
+-			return ISC_TRUE;
++			return true;
+ 	} else if (cand->binding_state == FTS_EXPIRED ||
+ 		   cand->binding_state == FTS_RELEASED) {
+ 		if (lease->binding_state == FTS_ACTIVE)
+-			return ISC_TRUE;
++			return true;
+ 
+ 		if ((lease->binding_state == FTS_EXPIRED ||
+ 		     lease->binding_state == FTS_RELEASED) &&
+ 		    lease->cltt >= cand->cltt)
+-			return ISC_TRUE;
++			return true;
+ 	} else if (cand->binding_state != FTS_ABANDONED) {
+ 		if (lease->binding_state == FTS_ACTIVE ||
+ 		    lease->binding_state == FTS_EXPIRED ||
+ 		    lease->binding_state == FTS_RELEASED)
+-			return ISC_TRUE;
++			return true;
+ 
+ 		if (lease->binding_state != FTS_ABANDONED &&
+ 		    lease->cltt >= cand->cltt)
+-			return ISC_TRUE;
++			return true;
+ 	} else /* (cand->binding_state == FTS_ABANDONED) */ {
+ 		if (lease->binding_state != FTS_ABANDONED ||
+ 		    lease->cltt >= cand->cltt)
+-			return ISC_TRUE;
++			return true;
+ 	}
+ 
+-	return ISC_FALSE;
++	return false;
+ }
+ 
+ /* Add the specified lease to the uid hash. */
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
deleted file mode 100644
index 006d18ae7..000000000
--- a/poky/meta/recipes-connectivity/dhcp/dhcp/0008-tweak-to-support-external-bind.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 92875f5cc44914515e50c11c503a09cec90497b2 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Sat, 11 Jun 2016 22:51:44 -0400
-Subject: [PATCH 08/11] tweak to support external bind
-
-Tweak the external bind to oe-core's sysroot rather than
-external bind source build.
-
-Upstream-Status: Inappropriate <oe-core specific>
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/Makefile.am       | 2 +-
- client/tests/Makefile.am | 2 +-
- common/tests/Makefile.am | 2 +-
- dhcpctl/Makefile.am      | 2 +-
- omapip/Makefile.am       | 2 +-
- relay/Makefile.am        | 2 +-
- server/Makefile.am       | 2 +-
- server/tests/Makefile.am | 2 +-
- 8 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/client/Makefile.am b/client/Makefile.am
-index 4730bb3..84d8131 100644
---- a/client/Makefile.am
-+++ b/client/Makefile.am
-@@ -4,7 +4,7 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
- 
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
- 	      -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
-diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am
-index 5031d0c..a8dfd26 100644
---- a/client/tests/Makefile.am
-+++ b/client/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
- 
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
- AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
-diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
-index f6a43e4..2f98d22 100644
---- a/common/tests/Makefile.am
-+++ b/common/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
- 
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes
- 
-diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
-index ba8dd8b..9b2486e 100644
---- a/dhcpctl/Makefile.am
-+++ b/dhcpctl/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
- 
-diff --git a/omapip/Makefile.am b/omapip/Makefile.am
-index dd1afa0..e4a8599 100644
---- a/omapip/Makefile.am
-+++ b/omapip/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- AM_CPPFLAGS = -I$(top_srcdir)/includes
- 
- lib_LIBRARIES = libomapi.a
-diff --git a/relay/Makefile.am b/relay/Makefile.am
-index 6d652f6..b3bf578 100644
---- a/relay/Makefile.am
-+++ b/relay/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
- 
-diff --git a/server/Makefile.am b/server/Makefile.am
-index 3990b9c..b5d8c2d 100644
---- a/server/Makefile.am
-+++ b/server/Makefile.am
-@@ -4,7 +4,7 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
- 
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
- 
-diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
-index a87c5e7..9821081 100644
---- a/server/tests/Makefile.am
-+++ b/server/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
- 
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
- AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
--- 
-1.8.3.1
-
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
index 159abbc40..ca0daa181 100644
--- a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
             file://0009-remove-dhclient-script-bash-dependency.patch \
             file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
             file://0013-fixup_use_libbind.patch \
+            file://0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch \
 "
 
 SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede"
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
new file mode 100644
index 000000000..d4764f586
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
@@ -0,0 +1,31 @@
+Upstream-Status: Pending
+
+Subject: rcp: fix to work with large files
+
+When we copy file by rcp command, if the file > 2GB, it will fail.
+The cause is that it used incorrect data type on file size in sink() of rcp.
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/rcp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/rcp.c b/src/rcp.c
+index 21f55b6..bafa35f 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -876,9 +876,9 @@ sink (int argc, char *argv[])
+   enum
+   { YES, NO, DISPLAYED } wrerr;
+   BUF *bp;
+-  off_t i, j;
++  off_t i, j, size;
+   int amt, count, exists, first, mask, mode, ofd, omode;
+-  int setimes, size, targisdir, wrerrno;
++  int setimes, targisdir, wrerrno;
+   char ch, *cp, *np, *targ, *vect[1], buf[BUFSIZ];
+   const char *why;
+ 
+-- 
+1.9.1
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
new file mode 100644
index 000000000..24c134fca
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
@@ -0,0 +1,83 @@
+Upstream: http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html
+
+Upstream-Status: Pending
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ ping/ping_common.h | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/ping/ping_common.h b/ping/ping_common.h
+index 1dfd1b5..3bfbd12 100644
+--- a/ping/ping_common.h
++++ b/ping/ping_common.h
+@@ -17,10 +17,14 @@
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see `http://www.gnu.org/licenses/'. */
+ 
++#include <config.h>
++
+ #include <netinet/in_systm.h>
+ #include <netinet/in.h>
+ #include <netinet/ip.h>
++#ifdef HAVE_IPV6
+ #include <netinet/icmp6.h>
++#endif
+ #include <icmp.h>
+ #include <error.h>
+ #include <progname.h>
+@@ -62,7 +66,12 @@ struct ping_stat
+    want to follow the traditional behaviour of ping.  */
+ #define DEFAULT_PING_COUNT 0
+ 
++#ifdef HAVE_IPV6
+ #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN)
++#else
++#define PING_HEADER_LEN (ICMP_MINLEN)
++#endif
++
+ #define PING_TIMING(s)  ((s) >= sizeof (struct timeval))
+ #define PING_DATALEN    (64 - PING_HEADER_LEN)  /* default data length */
+ 
+@@ -74,13 +83,20 @@ struct ping_stat
+   (t).tv_usec = ((i)%PING_PRECISION)*(1000000/PING_PRECISION) ;\
+ } while (0)
+ 
++#ifdef HAVE_IPV6
+ /* FIXME: Adjust IPv6 case for options and their consumption.  */
+ #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \
+ 				   (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN))
+ 
++#else
++#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)
++#endif
++
++#ifdef HAVE_IPV6
+ typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest,
+ 			  struct sockaddr_in6 * from, struct icmp6_hdr * icmp,
+ 			  int datalen);
++#endif
+ 
+ typedef int (*ping_efp) (int code,
+ 			 void *closure,
+@@ -89,13 +105,17 @@ typedef int (*ping_efp) (int code,
+ 			 struct ip * ip, icmphdr_t * icmp, int datalen);
+ 
+ union event {
++#ifdef HAVE_IPV6
+   ping_efp6 handler6;
++#endif
+   ping_efp handler;
+ };
+ 
+ union ping_address {
+   struct sockaddr_in ping_sockaddr;
++#ifdef HAVE_IPV6
+   struct sockaddr_in6 ping_sockaddr6;
++#endif
+ };
+ 
+ typedef struct ping_data PING;
+-- 
+2.8.3
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
new file mode 100644
index 000000000..3da4e9f55
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
@@ -0,0 +1,29 @@
+From 552a7d64ad4a7188a9b7cd89933ae7caf7ebfe90 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier at gentoo.org>
+Date: Thu, 18 Nov 2010 16:59:14 -0500
+Subject: [PATCH gnulib] printf-parse: pull in features.h for __GLIBC__
+
+Upstream-Status: Pending
+
+Signed-off-by: Mike Frysinger <vapier at gentoo.org>
+---
+ lib/printf-parse.h |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/lib/printf-parse.h b/lib/printf-parse.h
+index 67a4a2a..3bd6152 100644
+--- a/lib/printf-parse.h
++++ b/lib/printf-parse.h
+@@ -25,6 +25,9 @@
+ 
+ #include "printf-args.h"
+ 
++#ifdef HAVE_FEATURES_H
++# include <features.h>	/* for __GLIBC__ */
++#endif
+ 
+ /* Flags */
+ #define FLAG_GROUP       1      /* ' flag */
+-- 
+1.7.3.2
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
new file mode 100644
index 000000000..b13bb9229
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
@@ -0,0 +1,14 @@
+Upstream-Status: Pending
+
+--- inetutils-1.8/lib/wchar.in.h
++++ inetutils-1.8/lib/wchar.in.h
+@@ -70,6 +70,9 @@
+ /* The include_next requires a split double-inclusion guard.  */
+ #if @HAVE_WCHAR_H@
+ # @INCLUDE_NEXT@ @NEXT_WCHAR_H@
++#else
++# include <stddef.h>
++# define MB_CUR_MAX 1
+ #endif
+ 
+ #undef _GL_ALREADY_INCLUDING_WCHAR_H
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
new file mode 100644
index 000000000..2592989a9
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
@@ -0,0 +1,26 @@
+inetutils: define PATH_PROCNET_DEV if not already defined
+
+this prevents the following compilation error :
+system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function)
+
+this patch comes from :
+ http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/
+
+Upstream-Status: Inappropriate [not author]
+
+Signed-of-by: Eric Bénard <eric@eukrea.com>
+---
+diff -Naur inetutils-1.9.orig/ifconfig/system/linux.c inetutils-1.9/ifconfig/system/linux.c
+--- inetutils-1.9.orig/ifconfig/system/linux.c	2012-01-04 16:31:36.000000000 -0500
++++ inetutils-1.9/ifconfig/system/linux.c	2012-01-04 16:40:53.000000000 -0500
+@@ -49,6 +49,10 @@
+ #include "../ifconfig.h"
+ 
+ 
++#ifndef PATH_PROCNET_DEV
++  #define PATH_PROCNET_DEV "/proc/net/dev"
++#endif
++
+ /* ARPHRD stuff.  */
+ 
+ static void
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
new file mode 100644
index 000000000..ff3abd86a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
@@ -0,0 +1,40 @@
+Only check security/pam_appl.h which is provided by package libpam when pam is
+enabled.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+diff --git a/configure.ac b/configure.ac
+index b35e672..e78a751 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -195,6 +195,19 @@ fi
+ 
+ # See if we have libpam.a.  Investigate PAM versus Linux-PAM.
+ if test "$with_pam" = yes ; then
++  AC_CHECK_HEADERS([security/pam_appl.h], [], [], [
++#include <sys/types.h>
++#ifdef HAVE_NETINET_IN_SYSTM_H
++# include <netinet/in_systm.h>
++#endif
++#include <netinet/in.h>
++#ifdef HAVE_NETINET_IP_H
++# include <netinet/ip.h>
++#endif
++#ifdef HAVE_SYS_PARAM_H
++# include <sys/param.h>
++#endif
++])
+   AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl)
+   AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam)
+   if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then
+@@ -587,7 +600,7 @@ AC_HEADER_DIRENT
+ AC_CHECK_HEADERS([arpa/nameser.h errno.h fcntl.h features.h \
+ 		  glob.h memory.h netinet/ether.h netinet/in_systm.h \
+ 		  netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \
+-		  security/pam_appl.h shadow.h \
++		  shadow.h \
+ 		  stdarg.h stdlib.h string.h stropts.h sys/tty.h \
+ 		  sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
+ 		  sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
new file mode 100644
index 000000000..30e81ef45
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
@@ -0,0 +1,20 @@
+# default: off
+# description:
+# Rexecd is the server for the rexec program. The server provides remote 
+# execution facilities with authentication based on user names and 
+# passwords.
+#
+service exec
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rexecd
+	disable		= yes
+}
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
new file mode 100644
index 000000000..21b55da9a
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
@@ -0,0 +1,23 @@
+# default: off
+# description:
+# Rlogind is a server for the rlogin program. The server provides remote 
+# execution with authentication based on privileged port numbers from trusted
+# host
+#
+service login
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rlogind -a
+	disable		= yes
+}
+							
+							
+							
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
new file mode 100644
index 000000000..2b894a74b
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
@@ -0,0 +1,21 @@
+# default: off
+# description:
+# The rshd server is a server for the rcmd(3) routine and, 
+# consequently, for the rsh(1) program. The server provides 
+# remote execution facilities with authentication based on 
+# privileged port numbers from trusted hosts.
+#
+service shell
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rshd -aL
+	disable		= yes
+}
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
new file mode 100644
index 000000000..2d9a0408c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
@@ -0,0 +1,13 @@
+# default: on
+# description: The telnet server serves telnet sessions; it uses \
+#       unencrypted username/password pairs for authentication.
+service telnet
+{
+	disable		= no
+	flags		= REUSE
+	socket_type	= stream
+	wait		= no
+	user		= root
+	server		= @SBINDIR@/in.telnetd
+	log_on_failure	+= USERID
+}
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils b/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
new file mode 100644
index 000000000..67b44c43e
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
@@ -0,0 +1,19 @@
+# default: off
+# description:
+# Tftpd is a server which supports the Internet Trivial File Transfer
+# Pro-tocol (RFC 783). The TFTP server operates at the port indicated
+# in the tftp service description; see services(5).
+#
+service tftp
+{
+        disable         = yes
+        socket_type     = dgram
+        protocol        = udp
+        flags           = IPv6
+        wait            = yes
+        user            = root
+        group           = root
+        server          = @SBINDIR@/in.tftpd
+        server_args     = /tftpboot
+}
+
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch b/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch
new file mode 100644
index 000000000..532a0e5c0
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils/version.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Pending
+
+remove m4_esyscmd function
+
+Signed-off-by: Chunrong Guo <b40290@freescale.com>
+--- inetutils-1.9.1/configure.ac	2012-01-06 22:05:05.000000000 +0800
++++ inetutils-1.9.1/configure.ac	2012-11-12 14:01:11.732957019 +0800
+@@ -20,8 +20,7 @@
+ 
+ AC_PREREQ(2.59)
+ 
+-AC_INIT([GNU inetutils],
+- m4_esyscmd([build-aux/git-version-gen .tarball-version 's/inetutils-/v/;s/_/./g']),
++AC_INIT([GNU inetutils],[1.9.4],
+  [bug-inetutils@gnu.org])
+ 
+ AC_CONFIG_SRCDIR([src/inetd.c])
diff --git a/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
new file mode 100644
index 000000000..ec1384eab
--- /dev/null
+++ b/poky/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
@@ -0,0 +1,209 @@
+DESCRIPTION = "The GNU inetutils are a collection of common \
+networking utilities and servers including ftp, ftpd, rcp, \
+rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \
+talkd, telnet, telnetd, tftp, tftpd, and uucpd."
+HOMEPAGE = "http://www.gnu.org/software/inetutils"
+SECTION = "net"
+DEPENDS = "ncurses netbase readline virtual/crypt"
+
+LICENSE = "GPLv3"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
+
+SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \
+           file://version.patch \
+           file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \
+           file://inetutils-1.8-0003-wchar.patch \
+           file://rexec.xinetd.inetutils  \
+           file://rlogin.xinetd.inetutils \
+           file://rsh.xinetd.inetutils \
+           file://telnet.xinetd.inetutils \
+           file://tftpd.xinetd.inetutils \
+           file://inetutils-1.9-PATH_PROCNET_DEV.patch \
+           file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
+           file://0001-rcp-fix-to-work-with-large-files.patch \
+"
+
+SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"
+SRC_URI[sha256sum] = "be8f75eff936b8e41b112462db51adf689715658a1b09e0d6b05d11ec92cc616"
+
+inherit autotools gettext update-alternatives texinfo
+
+acpaths = "-I ./m4"
+
+SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}"
+
+PACKAGECONFIG ??= "ftp uucpd \
+                   ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \
+                  "
+PACKAGECONFIG[ftp] = "--enable-ftp,--disable-ftp,readline"
+PACKAGECONFIG[uucpd] = "--enable-uucpd,--disable-uucpd,readline"
+PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no,"
+PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6,"
+
+EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \
+        inetutils_cv_path_login=${base_bindir}/login \
+        --with-libreadline-prefix=${STAGING_LIBDIR} \
+        --enable-rpath=no \
+"
+
+# These are horrible for security, disable them
+EXTRA_OECONF_append = " --disable-rsh --disable-rshd --disable-rcp \
+        --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd"
+
+do_configure_prepend () {
+    export HELP2MAN='true'
+    cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath
+    install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}
+    install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}
+    rm -f ${S}/glob/configure*
+}
+
+do_install_append () {
+    install -m 0755 -d ${D}${base_sbindir}
+    install -m 0755 -d ${D}${sbindir}
+    install -m 0755 -d ${D}${sysconfdir}/xinetd.d
+    if [ "${base_bindir}" != "${bindir}" ] ; then
+         install -m 0755 -d ${D}${base_bindir}
+         mv ${D}${bindir}/ping* ${D}${base_bindir}/
+         mv ${D}${bindir}/hostname ${D}${base_bindir}/
+    fi
+    mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/
+    mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/
+    mv ${D}${libexecdir}/tftpd ${D}${sbindir}/in.tftpd
+    mv ${D}${libexecdir}/telnetd ${D}${sbindir}/in.telnetd
+    if [ -e ${D}${libexecdir}/rexecd ]; then
+        mv ${D}${libexecdir}/rexecd ${D}${sbindir}/in.rexecd
+        cp ${WORKDIR}/rexec.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rexec
+    fi
+    if [ -e ${D}${libexecdir}/rlogind ]; then
+        mv ${D}${libexecdir}/rlogind ${D}${sbindir}/in.rlogind
+        cp ${WORKDIR}/rlogin.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rlogin
+    fi
+    if [ -e ${D}${libexecdir}/rshd ]; then
+        mv ${D}${libexecdir}/rshd ${D}${sbindir}/in.rshd
+        cp ${WORKDIR}/rsh.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rsh
+    fi
+    if [ -e ${D}${libexecdir}/talkd ]; then
+        mv ${D}${libexecdir}/talkd ${D}${sbindir}/in.talkd
+    fi
+    mv ${D}${libexecdir}/uucpd ${D}${sbindir}/in.uucpd
+    mv ${D}${libexecdir}/* ${D}${bindir}/
+    cp ${WORKDIR}/telnet.xinetd.inetutils  ${D}/${sysconfdir}/xinetd.d/telnet
+    cp ${WORKDIR}/tftpd.xinetd.inetutils  ${D}/${sysconfdir}/xinetd.d/tftpd
+
+    sed -e 's,@SBINDIR@,${sbindir},g' -i ${D}/${sysconfdir}/xinetd.d/*
+    if [ -e ${D}${libdir}/charset.alias ]; then
+        rm -rf ${D}${libdir}/charset.alias
+    fi
+    rm -rf ${D}${libexecdir}/
+    # remove usr/lib if empty
+    rmdir ${D}${libdir} || true
+}
+
+PACKAGES =+ "${PN}-ping ${PN}-ping6 ${PN}-hostname ${PN}-ifconfig \
+${PN}-tftp ${PN}-logger ${PN}-traceroute ${PN}-syslogd \
+${PN}-ftp ${PN}-ftpd ${PN}-tftpd ${PN}-telnet ${PN}-telnetd ${PN}-inetd \
+${PN}-rsh ${PN}-rshd"
+
+# The packages tftpd, telnetd and rshd conflict with the ones
+# provided by netkit, so add the corresponding -dbg packages
+# for them to avoid the confliction between the dbg package
+# of inetutils and netkit.
+PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg"
+NOAUTOPACKAGEDEBUG = "1"
+
+ALTERNATIVE_PRIORITY = "79"
+ALTERNATIVE_${PN} = "whois"
+ALTERNATIVE_LINK_NAME[uucpd]  = "${sbindir}/in.uucpd"
+
+ALTERNATIVE_PRIORITY_${PN}-logger = "60"
+ALTERNATIVE_${PN}-logger = "logger"
+ALTERNATIVE_${PN}-syslogd = "syslogd"
+ALTERNATIVE_LINK_NAME[syslogd]  = "${base_sbindir}/syslogd"
+
+ALTERNATIVE_${PN}-ftp = "ftp"
+ALTERNATIVE_${PN}-ftpd = "ftpd"
+ALTERNATIVE_${PN}-tftp = "tftp"
+ALTERNATIVE_${PN}-tftpd = "tftpd"
+ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd"
+ALTERNATIVE_TARGET[tftpd]  = "${sbindir}/in.tftpd"
+
+ALTERNATIVE_${PN}-telnet = "telnet"
+ALTERNATIVE_${PN}-telnetd = "telnetd"
+ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd"
+ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd"
+
+ALTERNATIVE_${PN}-inetd= "inetd"
+ALTERNATIVE_${PN}-traceroute = "traceroute"
+
+ALTERNATIVE_${PN}-hostname = "hostname"
+ALTERNATIVE_LINK_NAME[hostname]  = "${base_bindir}/hostname"
+
+ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8"
+ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1"
+ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1"
+ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1"
+ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8"
+
+ALTERNATIVE_${PN}-ifconfig = "ifconfig"
+ALTERNATIVE_LINK_NAME[ifconfig]  = "${base_sbindir}/ifconfig"
+
+ALTERNATIVE_${PN}-ping = "ping"
+ALTERNATIVE_LINK_NAME[ping]   = "${base_bindir}/ping"
+
+ALTERNATIVE_${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}"
+ALTERNATIVE_LINK_NAME[ping6]  = "${base_bindir}/ping6"
+
+
+FILES_${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug"
+FILES_${PN}-ping = "${base_bindir}/ping.${BPN}"
+FILES_${PN}-ping6 = "${base_bindir}/ping6.${BPN}"
+FILES_${PN}-hostname = "${base_bindir}/hostname.${BPN}"
+FILES_${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}"
+FILES_${PN}-traceroute = "${bindir}/traceroute.${BPN}"
+FILES_${PN}-logger = "${bindir}/logger.${BPN}"
+
+FILES_${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}"
+RCONFLICTS_${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng"
+
+FILES_${PN}-ftp = "${bindir}/ftp.${BPN}"
+
+FILES_${PN}-tftp = "${bindir}/tftp.${BPN}"
+FILES_${PN}-telnet = "${bindir}/telnet.${BPN}"
+
+# We make us of RCONFLICTS / RPROVIDES here rather than using the normal
+# alternatives method as this leads to packaging QA issues when using
+# musl as that library does not provide what these applications need to
+# build.
+FILES_${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp"
+RCONFLICTS_${PN}-rsh += "netkit-rsh-client"
+RPROVIDES_${PN}-rsh = "rsh"
+
+FILES_${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \
+                    ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec"
+FILES_${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd"
+RDEPENDS_${PN}-rshd += "xinetd tcp-wrappers"
+RCONFLICTS_${PN}-rshd += "netkit-rshd-server"
+RPROVIDES_${PN}-rshd = "rshd"
+
+FILES_${PN}-ftpd = "${bindir}/ftpd.${BPN}"
+FILES_${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}"
+RDEPENDS_${PN}-ftpd += "xinetd"
+
+FILES_${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd"
+FILES_${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd"
+RCONFLICTS_${PN}-tftpd += "netkit-tftpd"
+RDEPENDS_${PN}-tftpd += "xinetd"
+
+FILES_${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet"
+FILES_${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd"
+RCONFLICTS_${PN}-telnetd += "netkit-telnetd"
+RPROVIDES_${PN}-telnetd = "telnetd"
+RDEPENDS_${PN}-telnetd += "xinetd"
+
+FILES_${PN}-inetd = "${bindir}/inetd.${BPN}"
+
+RDEPENDS_${PN} = "xinetd"
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2.inc b/poky/meta/recipes-connectivity/iproute2/iproute2.inc
index b28358906..1aa1eec0d 100644
--- a/poky/meta/recipes-connectivity/iproute2/iproute2.inc
+++ b/poky/meta/recipes-connectivity/iproute2/iproute2.inc
@@ -52,3 +52,7 @@ ALTERNATIVE_${PN} = "ip"
 ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}"
 ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip"
 ALTERNATIVE_PRIORITY = "100"
+
+ALTERNATIVE_${PN}-tc = "tc"
+ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc"
+ALTERNATIVE_PRIORITY_${PN}-tc = "100"
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch
deleted file mode 100644
index edb6ae566..000000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap/0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 64aa033a061c43fc15c711f2490ae41d23b868c3 Mon Sep 17 00:00:00 2001
-From: Fabio Berton <fabio.berton@ossystems.com.br>
-Date: Thu, 17 Nov 2016 09:44:42 -0200
-Subject: [PATCH 1/2] Fix compiler_state_t.ai usage when INET6 is not defined
-Organization: O.S. Systems Software LTDA.
-
-Fix error:
-
-/
-| ../libpcap-1.8.1/gencode.c: In function 'pcap_compile':
-| ../libpcap-1.8.1/gencode.c:693:8: error: 'compiler_state_t
-| {aka struct _compiler_state}' has no member named 'ai'
-|   cstate.ai = NULL;
-\
-
-Upstream-Status: Submitted [1]
-
-[1] https://github.com/the-tcpdump-group/libpcap/pull/541
-
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
----
- gencode.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/gencode.c b/gencode.c
-index a887f27..e103c70 100644
---- a/gencode.c
-+++ b/gencode.c
-@@ -690,7 +690,9 @@ pcap_compile(pcap_t *p, struct bpf_program *program,
- 	}
- 	initchunks(&cstate);
- 	cstate.no_optimize = 0;
-+#ifdef INET6
- 	cstate.ai = NULL;
-+#endif
- 	cstate.ic.root = NULL;
- 	cstate.ic.cur_mark = 0;
- 	cstate.bpf_pcap = p;
--- 
-2.1.4
-
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
new file mode 100644
index 000000000..01773834c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
@@ -0,0 +1,29 @@
+From aafa3512b7b742f5e66a5543e41974cc5e7eebfa Mon Sep 17 00:00:00 2001
+From: maxice8 <thinkabit.ukim@gmail.com>
+Date: Sun, 22 Jul 2018 18:54:17 -0300
+Subject: [PATCH] pcap-usb-linux.c: add missing limits.h for musl systems.
+
+fix compilation on musl libc systems like Void Linux and Alpine.
+
+Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/d557c98a16dc254aaff03762b694fe624e180bea]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ pcap-usb-linux.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pcap-usb-linux.c b/pcap-usb-linux.c
+index 6f8adf65..b92c05ea 100644
+--- a/pcap-usb-linux.c
++++ b/pcap-usb-linux.c
+@@ -50,6 +50,7 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <fcntl.h>
++#include <limits.h>
+ #include <string.h>
+ #include <dirent.h>
+ #include <byteswap.h>
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch
deleted file mode 100644
index 032b265f0..000000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap/0002-Add-missing-compiler_state_t-parameter.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 50ec0a088d5924a8305b2d70dcba71b0942dee1a Mon Sep 17 00:00:00 2001
-From: Fabio Berton <fabio.berton@ossystems.com.br>
-Date: Thu, 17 Nov 2016 09:47:29 -0200
-Subject: [PATCH 2/2] Add missing compiler_state_t parameter
-Organization: O.S. Systems Software LTDA.
-
-Fix error:
-
-/
-|../libpcap-1.8.1/gencode.c: In function 'gen_gateway':
-|../libpcap-1.8.1/gencode.c:4914:13: error: 'cstate' undeclared
-| (first use in this function)
-|    bpf_error(cstate, "direction applied to 'gateway'");
-\
-
-Upstream-Status: Submitted [1]
-
-[1] https://github.com/the-tcpdump-group/libpcap/pull/541
-
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
----
- gencode.c | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/gencode.c b/gencode.c
-index e103c70..f07c0be 100644
---- a/gencode.c
-+++ b/gencode.c
-@@ -523,7 +523,7 @@ static struct block *gen_host6(compiler_state_t *, struct in6_addr *,
-     struct in6_addr *, int, int, int);
- #endif
- #ifndef INET6
--static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
-+static struct block *gen_gateway(compiler_state_t *, const u_char *, bpf_u_int32 **, int, int);
- #endif
- static struct block *gen_ipfrag(compiler_state_t *);
- static struct block *gen_portatom(compiler_state_t *, int, bpf_int32);
-@@ -4904,11 +4904,12 @@ gen_host6(compiler_state_t *cstate, struct in6_addr *addr,
- 
- #ifndef INET6
- static struct block *
--gen_gateway(eaddr, alist, proto, dir)
--	const u_char *eaddr;
--	bpf_u_int32 **alist;
--	int proto;
--	int dir;
-+gen_gateway(cstate, eaddr, alist, proto, dir)
-+    compiler_state_t *cstate;
-+    const u_char *eaddr;
-+    bpf_u_int32 **alist;
-+    int proto;
-+    int dir;
- {
- 	struct block *b0, *b1, *tmp;
- 
-@@ -6472,7 +6473,7 @@ gen_scode(compiler_state_t *cstate, const char *name, struct qual q)
- 		alist = pcap_nametoaddr(name);
- 		if (alist == NULL || *alist == NULL)
- 			bpf_error(cstate, "unknown host '%s'", name);
--		b = gen_gateway(eaddr, alist, proto, dir);
-+		b = gen_gateway(cstate, eaddr, alist, proto, dir);
- 		free(eaddr);
- 		return b;
- #else
--- 
-2.1.4
-
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch
deleted file mode 100644
index 7e1eea6b1..000000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap/disable-remote.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Disable bits of remote capture support inherited from the WinPCAP merge
-which cause applications to FTBFS if they define HAVE_REMOTE.
-
-Patch from:
-https://anonscm.debian.org/cgit/users/rfrancoise/libpcap.git/commit/?
-id=f35949969269dfdcc3549b12fade604755e1e326
-
-Upstream-Status: Pending
-
---- a/pcap/pcap.h
-+++ b/pcap/pcap.h
-@@ -506,6 +506,11 @@
-   #define MODE_STAT 1
-   #define MODE_MON 2
- 
-+#ifdef HAVE_REMOTE
-+  /* Includes most of the public stuff that is needed for the remote capture */
-+  #include <remote-ext.h>
-+#endif	 /* HAVE_REMOTE */
-+
- #elif defined(MSDOS)
- 
-   /*
-@@ -526,11 +531,6 @@
- 
- #endif /* _WIN32/MSDOS/UN*X */
- 
--#ifdef HAVE_REMOTE
--  /* Includes most of the public stuff that is needed for the remote capture */
--  #include <remote-ext.h>
--#endif	 /* HAVE_REMOTE */
--
- #ifdef __cplusplus
- }
- #endif
-
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch
deleted file mode 100644
index f40e655c4..000000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap/fix-grammar-deps.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Fix a missing dependency that can result in:
-
-../libpcap-1.8.1/grammar.y:78:10: fatal error: scanner.h: No such file or directory
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 0dd90a6bdbce4dca14106859eee63ef643a106e2 Mon Sep 17 00:00:00 2001
-From: Alfredo Alvarez Fernandez <alfredoalvarezernandez@gmail.com>
-Date: Tue, 21 Feb 2017 11:41:43 +0100
-Subject: [PATCH] Makefile.in: Fix missing dependency
-
----
- Makefile.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 7044f043..f5d443ae 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -465,7 +465,7 @@ grammar.h: grammar.c
- 		$(MAKE) $(MAKEFLAGS) grammar.c; \
- 	fi
- 
--grammar.o: grammar.c
-+grammar.o: grammar.c scanner.h
- 	$(CC) $(FULL_CFLAGS) -c grammar.c
- 
- gencode.o: $(srcdir)/gencode.c grammar.h scanner.h
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch b/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
deleted file mode 100644
index afaa3bea9..000000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 2796129af52901dd68595e5e88a639308541def9 Mon Sep 17 00:00:00 2001
-From: Fabio Berton <fabio.berton@ossystems.com.br>
-Date: Thu, 3 Nov 2016 17:56:29 -0200
-Subject: [PATCH] libpcap: pkgconfig support
-Organization: O.S. Systems Software LTDA.
-
-Adding basic structure to support pkg-config.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
----
- Makefile.in   |  5 +++++
- configure.ac  |  1 +
- libpcap.pc.in | 10 ++++++++++
- 3 files changed, 16 insertions(+)
- create mode 100644 libpcap.pc.in
-
-diff --git a/Makefile.in b/Makefile.in
-index e71d973..d7004ed 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -61,6 +61,10 @@ V_RPATH_OPT = @V_RPATH_OPT@
- DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@
- PROG=libpcap
- 
-+# pkgconfig support
-+pkgconfigdir = $(libdir)/pkgconfig
-+pkgconfig_DATA = libpcap.pc
-+
- # Standard CFLAGS
- FULL_CFLAGS = $(CCOPT) $(INCLS) $(DEFS) $(CFLAGS)
- 
-@@ -286,6 +290,7 @@ EXTRA_DIST = \
- 	lbl/os-solaris2.h \
- 	lbl/os-sunos4.h \
- 	lbl/os-ultrix4.h \
-+	libpcap.pc \
- 	missing/getopt.c \
- 	missing/getopt.h \
- 	missing/snprintf.c \
-diff --git a/configure.ac b/configure.ac
-index da2f940..4fc67bf 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1805,6 +1805,7 @@ fi
- AC_PROG_INSTALL
- 
- AC_CONFIG_HEADER(config.h)
-+AC_CONFIG_FILES([libpcap.pc])
- 
- AC_OUTPUT_COMMANDS([if test -f .devel; then
- 	echo timestamp > stamp-h
-diff --git a/libpcap.pc.in b/libpcap.pc.in
-new file mode 100644
-index 0000000..4f78ad8
---- /dev/null
-+++ b/libpcap.pc.in
-@@ -0,0 +1,10 @@
-+prefix=@prefix@
-+exec_prefix=@exec_prefix@
-+libdir=@libdir@
-+includedir=@includedir@
-+
-+Name: libpcap
-+Description: System-independent interface for user-level packet capture.
-+Version: @VERSION@
-+Libs: -L${libdir} -lpcap
-+Cflags: -I${includedir}
--- 
-2.1.4
-
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb b/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb
deleted file mode 100644
index 13dfbd67a..000000000
--- a/poky/meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb
+++ /dev/null
@@ -1,31 +0,0 @@
-require libpcap.inc
-
-SRC_URI += " \
-    file://libpcap-pkgconfig-support.patch \
-    file://0001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch \
-    file://0002-Add-missing-compiler_state_t-parameter.patch \
-    file://disable-remote.patch \
-    file://fix-grammar-deps.patch \
-"
-
-SRC_URI[md5sum] = "3d48f9cd171ff12b0efd9134b52f1447"
-SRC_URI[sha256sum] = "673dbc69fdc3f5a86fb5759ab19899039a8e5e6c631749e48dcd9c6f0c83541e"
-
-#
-# make install doesn't cover the shared lib
-# make install-shared is just broken (no symlinks)
-#
-
-do_configure_prepend () {
-    #remove hardcoded references to /usr/include
-    sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
-}
-
-do_install_prepend () {
-    install -d ${D}${libdir}
-    install -d ${D}${bindir}
-    oe_runmake install-shared DESTDIR=${D}
-    oe_libinstall -a -so libpcap ${D}${libdir}
-    sed "s|@VERSION@|${PV}|" -i ${B}/libpcap.pc
-    install -D -m 0644 libpcap.pc ${D}${libdir}/pkgconfig/libpcap.pc
-}
diff --git a/poky/meta/recipes-connectivity/libpcap/libpcap.inc b/poky/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb
index e57ea87b3..78361561e 100644
--- a/poky/meta/recipes-connectivity/libpcap/libpcap.inc
+++ b/poky/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb
@@ -10,33 +10,36 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
                     file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
 DEPENDS = "flex-native bison-native"
 
-INC_PR = "r5"
+SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
+           file://0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch \
+           "
+SRC_URI[md5sum] = "dffd65cb14406ab9841f421732eb0f33"
+SRC_URI[sha256sum] = "2edb88808e5913fdaa8e9c1fcaf272e19b2485338742b5074b9fe44d68f37019"
 
-SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz"
+inherit autotools binconfig-disabled pkgconfig bluetooth
 
 BINCONFIG = "${bindir}/pcap-config"
 
-inherit autotools binconfig-disabled pkgconfig bluetooth
-
-EXTRA_OECONF = "--with-pcap=linux"
+# Explicitly disable dag support. We don't have recipe for it and if enabled here,
+# configure script poisons the include dirs with /usr/local/include even when the
+# support hasn't been detected.
+EXTRA_OECONF = " \
+                 --with-pcap=linux \
+                 --without-dag \
+                 "
 EXTRA_AUTORECONF += "--exclude=aclocal"
 
 PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
                    ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
 "
-PACKAGECONFIG[bluez4] = "--enable-bluetooth,--disable-bluetooth,bluez4"
-# Add a dummy PACKAGECONFIG for bluez5 since it is not supported by libpcap.
-PACKAGECONFIG[bluez5] = ",,"
+PACKAGECONFIG[bluez5] = "--enable-bluetooth,--disable-bluetooth,bluez5"
 PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
 
-CPPFLAGS_prepend = "-I${S} "
-CFLAGS_prepend = "-I${S} "
-CXXFLAGS_prepend = "-I${S} "
-
 do_configure_prepend () {
-    sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in
+    #remove hardcoded references to /usr/include
+    sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
 }
 
 BBCLASSEXTEND = "native"
diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch
deleted file mode 100644
index 7e97e8ec3..000000000
--- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info/multilibfix.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-The mobile-broadband-provider-info.pc file is installed into a non-arch directory
-yet contains libdir which can vary depending on which multilib is configured.
-The .pc file does not require libdir so remove this to fix multilib builds.
-
-Upstream-Status: Backport [8109fcd3c7299fae859fb891ff416927581a9955]
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
-
-Index: git/mobile-broadband-provider-info.pc.in
-===================================================================
---- git.orig/mobile-broadband-provider-info.pc.in	2018-08-07 13:09:31.811364063 +0800
-+++ git/mobile-broadband-provider-info.pc.in	2018-08-10 17:49:25.645288320 +0800
-@@ -1,6 +1,5 @@
- prefix=@prefix@
- exec_prefix=@exec_prefix@
--libdir=@libdir@
- datarootdir = @datarootdir@
- pkgdatadir=${datarootdir}/@PACKAGE@
- includedir=@includedir@
diff --git a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index 7f1dd78c1..77adcebba 100644
--- a/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/poky/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -3,13 +3,11 @@ HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProvider
 SECTION = "network"
 LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c"
-PV = "20170310"
+SRCREV = "c7def60ba50d9cc30a90f69f89d7e82243501e86"
+PV = "20190116"
 PE = "1"
 
-SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https \
-           file://multilibfix.patch \
-"
+SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https"
 S = "${WORKDIR}/git"
 
 inherit autotools
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch
new file mode 100644
index 000000000..a44d1bf2f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch
@@ -0,0 +1,32 @@
+From 4f115fc314646500f7b4178d7248a02654c7cd10 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 30 Nov 2018 16:47:57 -0800
+Subject: [PATCH] Do not pass null pointer to freeaddrinfo()
+
+Passing null pointer as input parameter to freeaddrinfo() is undefined
+behaviour, some libcs e.g. glibc might just call free() which does
+accept null pointer but other libcs e.g. musl might not and instead
+cause the program to segfault. Therefore do not rely on undefined
+behaviour instead make it deterministic
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ support/export/client.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Index: nfs-utils-2.3.2/support/export/client.c
+===================================================================
+--- nfs-utils-2.3.2.orig/support/export/client.c
++++ nfs-utils-2.3.2/support/export/client.c
+@@ -309,7 +309,8 @@ client_lookup(char *hname, int canonical
+ 		init_addrlist(clp, ai);
+ 
+ out:
+-	freeaddrinfo(ai);
++	if (ai)
++		freeaddrinfo(ai);
+ 	return clp;
+ }
+ 
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch
new file mode 100644
index 000000000..23bc3eaf7
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch
@@ -0,0 +1,40 @@
+From 79019d976584c598f8d0a9d8de43c989946f974b Mon Sep 17 00:00:00 2001
+From: Pascal Bach <pascal.bach@siemens.com>
+Date: Wed, 13 Feb 2019 09:28:07 +0100
+Subject: [PATCH] Don't build tools with CC_FOR_BUILD
+
+The tools are intended for the target not for the host.
+
+Upstream-Status: Pending
+
+Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
+---
+ tools/locktest/Makefile.am | 1 -
+ tools/rpcgen/Makefile.am   | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
+index 3156815..87d0bac 100644
+--- a/tools/locktest/Makefile.am
++++ b/tools/locktest/Makefile.am
+@@ -1,6 +1,5 @@
+ ## Process this file with automake to produce Makefile.in
+ 
+-CC=$(CC_FOR_BUILD)
+ LIBTOOL = @LIBTOOL@ --tag=CC
+ 
+ noinst_PROGRAMS = testlk
+diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am
+index 8a9ec89..3e092c9 100644
+--- a/tools/rpcgen/Makefile.am
++++ b/tools/rpcgen/Makefile.am
+@@ -1,6 +1,5 @@
+ ## Process this file with automake to produce Makefile.in
+ 
+-CC=$(CC_FOR_BUILD)
+ LIBTOOL = @LIBTOOL@ --tag=CC
+ 
+ noinst_PROGRAMS = rpcgen
+-- 
+2.11.0
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
new file mode 100644
index 000000000..aa551ebd1
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
@@ -0,0 +1,295 @@
+From 690a90a5b7786e40b5447ad7c5f19a7657d27405 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Fri, 14 Dec 2018 17:44:32 +0800
+Subject: [PATCH] Makefile.am: fix undefined function for libnsm.a
+
+The source file of libnsm.a uses some function
+in ../support/misc/file.c, add ../support/misc/file.c
+to libnsm_a_SOURCES to fix build error when run
+"make -C tests statdb_dump":
+| ../support/nsm/libnsm.a(file.o): In function `nsm_make_pathname':
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| ../support/nsm/libnsm.a(file.o): In function `nsm_setup_pathnames':
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:280: undefined reference to `generic_setup_basedir'
+| collect2: error: ld returned 1 exit status
+
+As there is already one source file named file.c
+as support/nsm/file.c in support/nsm/Makefile.am,
+so rename ../support/misc/file.c to ../support/misc/misc.c.
+
+Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ support/misc/Makefile.am |   2 +-
+ support/misc/file.c      | 111 -----------------------------------------------
+ support/misc/misc.c      | 111 +++++++++++++++++++++++++++++++++++++++++++++++
+ support/nsm/Makefile.am  |   2 +-
+ 4 files changed, 113 insertions(+), 113 deletions(-)
+ delete mode 100644 support/misc/file.c
+ create mode 100644 support/misc/misc.c
+
+diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am
+index 8936b0d..d4c1f76 100644
+--- a/support/misc/Makefile.am
++++ b/support/misc/Makefile.am
+@@ -1,6 +1,6 @@
+ ## Process this file with automake to produce Makefile.in
+ 
+ noinst_LIBRARIES = libmisc.a
+-libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c file.c
++libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c misc.c
+ 
+ MAINTAINERCLEANFILES = Makefile.in
+diff --git a/support/misc/file.c b/support/misc/file.c
+deleted file mode 100644
+index e7c3819..0000000
+--- a/support/misc/file.c
++++ /dev/null
+@@ -1,111 +0,0 @@
+-/*
+- * Copyright 2009 Oracle.  All rights reserved.
+- * Copyright 2017 Red Hat, Inc.  All rights reserved.
+- *
+- * This file is part of nfs-utils.
+- *
+- * nfs-utils is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; either version 2 of the License, or
+- * (at your option) any later version.
+- *
+- * nfs-utils is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with nfs-utils.  If not, see <http://www.gnu.org/licenses/>.
+- */
+-
+-#include <sys/stat.h>
+-
+-#include <string.h>
+-#include <libgen.h>
+-#include <stdio.h>
+-#include <errno.h>
+-#include <dirent.h>
+-#include <stdlib.h>
+-#include <stdbool.h>
+-#include <limits.h>
+-
+-#include "xlog.h"
+-#include "misc.h"
+-
+-/*
+- * Returns a dynamically allocated, '\0'-terminated buffer
+- * containing an appropriate pathname, or NULL if an error
+- * occurs.  Caller must free the returned result with free(3).
+- */
+-__attribute__((__malloc__))
+-char *
+-generic_make_pathname(const char *base, const char *leaf)
+-{
+-	size_t size;
+-	char *path;
+-	int len;
+-
+-	size = strlen(base) + strlen(leaf) + 2;
+-	if (size > PATH_MAX)
+-		return NULL;
+-
+-	path = malloc(size);
+-	if (path == NULL)
+-		return NULL;
+-
+-	len = snprintf(path, size, "%s/%s", base, leaf);
+-	if ((len < 0) || ((size_t)len >= size)) {
+-		free(path);
+-		return NULL;
+-	}
+-
+-	return path;
+-}
+-
+-
+-/**
+- * generic_setup_basedir - set up basedir
+- * @progname: C string containing name of program, for error messages
+- * @parentdir: C string containing pathname to on-disk state, or NULL
+- * @base: character buffer to contain the basedir that is set up
+- * @baselen: size of @base in bytes
+- *
+- * This runs before logging is set up, so error messages are directed
+- * to stderr.
+- *
+- * Returns true and sets up our basedir, if @parentdir was valid
+- * and usable; otherwise false is returned.
+- */
+-_Bool
+-generic_setup_basedir(const char *progname, const char *parentdir, char *base,
+-		      const size_t baselen)
+-{
+-	static char buf[PATH_MAX];
+-	struct stat st;
+-	char *path;
+-
+-	/* First: test length of name and whether it exists */
+-	if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) {
+-		(void)fprintf(stderr, "%s: Directory name too long: %s",
+-				progname, parentdir);
+-		return false;
+-	}
+-	if (lstat(parentdir, &st) == -1) {
+-		(void)fprintf(stderr, "%s: Failed to stat %s: %s",
+-				progname, parentdir, strerror(errno));
+-		return false;
+-	}
+-
+-	/* Ensure we have a clean directory pathname */
+-	strncpy(buf, parentdir, sizeof(buf)-1);
+-	path = dirname(buf);
+-	if (*path == '.') {
+-		(void)fprintf(stderr, "%s: Unusable directory %s",
+-				progname, parentdir);
+-		return false;
+-	}
+-
+-	xlog(D_CALL, "Using %s as the state directory", parentdir);
+-	strcpy(base, parentdir);
+-	return true;
+-}
+diff --git a/support/misc/misc.c b/support/misc/misc.c
+new file mode 100644
+index 0000000..e7c3819
+--- /dev/null
++++ b/support/misc/misc.c
+@@ -0,0 +1,111 @@
++/*
++ * Copyright 2009 Oracle.  All rights reserved.
++ * Copyright 2017 Red Hat, Inc.  All rights reserved.
++ *
++ * This file is part of nfs-utils.
++ *
++ * nfs-utils is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * nfs-utils is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with nfs-utils.  If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include <sys/stat.h>
++
++#include <string.h>
++#include <libgen.h>
++#include <stdio.h>
++#include <errno.h>
++#include <dirent.h>
++#include <stdlib.h>
++#include <stdbool.h>
++#include <limits.h>
++
++#include "xlog.h"
++#include "misc.h"
++
++/*
++ * Returns a dynamically allocated, '\0'-terminated buffer
++ * containing an appropriate pathname, or NULL if an error
++ * occurs.  Caller must free the returned result with free(3).
++ */
++__attribute__((__malloc__))
++char *
++generic_make_pathname(const char *base, const char *leaf)
++{
++	size_t size;
++	char *path;
++	int len;
++
++	size = strlen(base) + strlen(leaf) + 2;
++	if (size > PATH_MAX)
++		return NULL;
++
++	path = malloc(size);
++	if (path == NULL)
++		return NULL;
++
++	len = snprintf(path, size, "%s/%s", base, leaf);
++	if ((len < 0) || ((size_t)len >= size)) {
++		free(path);
++		return NULL;
++	}
++
++	return path;
++}
++
++
++/**
++ * generic_setup_basedir - set up basedir
++ * @progname: C string containing name of program, for error messages
++ * @parentdir: C string containing pathname to on-disk state, or NULL
++ * @base: character buffer to contain the basedir that is set up
++ * @baselen: size of @base in bytes
++ *
++ * This runs before logging is set up, so error messages are directed
++ * to stderr.
++ *
++ * Returns true and sets up our basedir, if @parentdir was valid
++ * and usable; otherwise false is returned.
++ */
++_Bool
++generic_setup_basedir(const char *progname, const char *parentdir, char *base,
++		      const size_t baselen)
++{
++	static char buf[PATH_MAX];
++	struct stat st;
++	char *path;
++
++	/* First: test length of name and whether it exists */
++	if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) {
++		(void)fprintf(stderr, "%s: Directory name too long: %s",
++				progname, parentdir);
++		return false;
++	}
++	if (lstat(parentdir, &st) == -1) {
++		(void)fprintf(stderr, "%s: Failed to stat %s: %s",
++				progname, parentdir, strerror(errno));
++		return false;
++	}
++
++	/* Ensure we have a clean directory pathname */
++	strncpy(buf, parentdir, sizeof(buf)-1);
++	path = dirname(buf);
++	if (*path == '.') {
++		(void)fprintf(stderr, "%s: Unusable directory %s",
++				progname, parentdir);
++		return false;
++	}
++
++	xlog(D_CALL, "Using %s as the state directory", parentdir);
++	strcpy(base, parentdir);
++	return true;
++}
+diff --git a/support/nsm/Makefile.am b/support/nsm/Makefile.am
+index 8f5874e..68f1a46 100644
+--- a/support/nsm/Makefile.am
++++ b/support/nsm/Makefile.am
+@@ -10,7 +10,7 @@ GENFILES	= $(GENFILES_CLNT) $(GENFILES_SVC) $(GENFILES_XDR) $(GENFILES_H)
+ EXTRA_DIST	= sm_inter.x
+ 
+ noinst_LIBRARIES = libnsm.a
+-libnsm_a_SOURCES = $(GENFILES) file.c rpc.c
++libnsm_a_SOURCES = $(GENFILES) ../misc/misc.c file.c rpc.c
+ 
+ BUILT_SOURCES = $(GENFILES)
+ 
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch
new file mode 100644
index 000000000..906ac0f90
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch
@@ -0,0 +1,50 @@
+From fcece65d1b713eaeef41706898440302f8ce92d9 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Thu, 12 Jul 2018 15:19:41 +0800
+Subject: [PATCH] Makefile.am: update the path of libnfs.a
+
+The libnfs.a is under ../support/nfs/.libs/ now,
+update the reference path accordingly to fix below
+build error when run "make -C tests statdb_dump":
+| make: *** No rule to make target '../support/nfs/libnfs.a', needed by 'statdb_dump'.  Stop.
+
+And below error when run "make -C tests/nsm_client nsm_client"
+| make: *** No rule to make target '../../support/nfs/libnfs.a', needed by 'nsm_client'.  Stop.
+
+Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502636522745&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ tests/Makefile.am            | 2 +-
+ tests/nsm_client/Makefile.am | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 1f96264..74aa629 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -3,7 +3,7 @@
+ check_PROGRAMS = statdb_dump
+ statdb_dump_SOURCES = statdb_dump.c
+ 
+-statdb_dump_LDADD = ../support/nfs/libnfs.a \
++statdb_dump_LDADD = ../support/nfs/.libs/libnfs.a \
+ 		    ../support/nsm/libnsm.a $(LIBCAP)
+ 
+ SUBDIRS = nsm_client
+diff --git a/tests/nsm_client/Makefile.am b/tests/nsm_client/Makefile.am
+index a8fc131..43db9c2 100644
+--- a/tests/nsm_client/Makefile.am
++++ b/tests/nsm_client/Makefile.am
+@@ -13,7 +13,7 @@ check_PROGRAMS	= nsm_client
+ nsm_client_SOURCES = $(GENFILES) nsm_client.c
+ 
+ BUILT_SOURCES = $(GENFILES)
+-nsm_client_LDADD = ../../support/nfs/libnfs.a \
++nsm_client_LDADD = ../../support/nfs/.libs/libnfs.a \
+ 		   ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC)
+ 
+ if CONFIG_RPCGEN
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch
new file mode 100644
index 000000000..bafff5b9c
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch
@@ -0,0 +1,38 @@
+From ac32b813f5d6f9a2de944015cf9bb98d68e0203a Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 1 Dec 2018 10:02:12 -0800
+Subject: [PATCH] cacheio: use intmax_t for formatted IO
+
+time_t is not same size on x32 ABI (ILP32)
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ support/nfs/cacheio.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/support/nfs/cacheio.c b/support/nfs/cacheio.c
+index 9dc4cf1..2086a95 100644
+--- a/support/nfs/cacheio.c
++++ b/support/nfs/cacheio.c
+@@ -17,6 +17,7 @@
+ 
+ #include <nfslib.h>
+ #include <stdio.h>
++#include <inttypes.h>
+ #include <stdio_ext.h>
+ #include <string.h>
+ #include <ctype.h>
+@@ -234,7 +235,7 @@ cache_flush(int force)
+ 	    stb.st_mtime > now)
+ 		stb.st_mtime = time(0);
+ 	
+-	sprintf(stime, "%ld\n", stb.st_mtime);
++	sprintf(stime, "%jd\n", (intmax_t)stb.st_mtime);
+ 	for (c=0; cachelist[c]; c++) {
+ 		int fd;
+ 		sprintf(path, "/proc/net/rpc/%s/flush", cachelist[c]);
+-- 
+2.19.2
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch
new file mode 100644
index 000000000..17aabb9e4
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch
@@ -0,0 +1,43 @@
+From 66471fbf7106917da7a1536b18a0a77d07479779 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Mon, 17 Dec 2018 15:29:47 +0800
+Subject: [PATCH] configure.ac: Do not fatalize -Wmissing-prototypes
+
+There comes below error when run "make -C tests/nsm_client nsm_client"
+| nlm_sm_inter_svc.c:20:1: error: no previous prototype for 'nlm_sm_prog_3' [-Werror=missing-prototypes]
+
+It is because rpcgen doesn't generate -Wmissing-prototypes
+free code for nlm_sm_inter_svc.c with below logic
+in tests/nsm_client/Makefile.am
+[snip]
+GENFILES_SVC    = nlm_sm_inter_svc.c
+[snip]
+$(GENFILES_SVC): %_svc.c: %.x $(RPCGEN)
+        test -f $@ && rm -rf $@ || true
+        $(RPCGEN) -m -o $@ $<
+
+So add the logic not to fatalize -Wmissing-prototypes.
+
+Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154503260323936&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index e82ff14..d0cc5d5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -548,7 +548,7 @@ my_am_cflags="\
+  -Wall \
+  -Wextra \
+  -Werror=strict-prototypes \
+- -Werror=missing-prototypes \
++ -Wmissing-prototypes \
+  -Werror=missing-declarations \
+  -Werror=format=2 \
+  -Werror=undef \
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch
new file mode 100644
index 000000000..1d693e414
--- /dev/null
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch
@@ -0,0 +1,183 @@
+Clang comes up with more printf format warnings
+Correcting “format string is not a string literal” warning
+requires us to declare that parameter is a printf style 
+format using the attribute flag
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: nfs-utils-2.3.3/support/include/xcommon.h
+===================================================================
+--- nfs-utils-2.3.3.orig/support/include/xcommon.h
++++ nfs-utils-2.3.3/support/include/xcommon.h
+@@ -27,7 +27,7 @@
+ 
+ /* Functions in sundries.c that are used in mount.c and umount.c  */ 
+ char *canonicalize (const char *path);
+-void nfs_error (const char *fmt, ...);
++void nfs_error (const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
+ void *xmalloc (size_t size);
+ void *xrealloc(void *p, size_t size);
+ void xfree(void *);
+@@ -36,9 +36,9 @@ char *xstrndup (const char *s, int n);
+ char *xstrconcat2 (const char *, const char *);
+ char *xstrconcat3 (const char *, const char *, const char *);
+ char *xstrconcat4 (const char *, const char *, const char *, const char *);
+-void die (int errcode, const char *fmt, ...);
++void die (int errcode, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
+ 
+-extern void die(int err, const char *fmt, ...);
++extern void die(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
+ extern void (*at_die)(void);
+ 
+ /* exit status - bits below are ORed */
+Index: nfs-utils-2.3.3/support/include/xlog.h
+===================================================================
+--- nfs-utils-2.3.3.orig/support/include/xlog.h
++++ nfs-utils-2.3.3/support/include/xlog.h
+@@ -43,10 +43,10 @@ void			xlog_config(int fac, int on);
+ void			xlog_sconfig(char *, int on);
+ void			xlog_from_conffile(char *);
+ int			xlog_enabled(int fac);
+-void			xlog(int fac, const char *fmt, ...);
+-void			xlog_warn(const char *fmt, ...);
+-void			xlog_err(const char *fmt, ...);
+-void			xlog_errno(int err, const char *fmt, ...);
+-void			xlog_backend(int fac, const char *fmt, va_list args);
++void			xlog(int fac, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
++void			xlog_warn(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
++void			xlog_err(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
++void			xlog_errno(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
++void			xlog_backend(int fac, const char *fmt, va_list args) __attribute__((__format__ (__printf__, 2, 0)));
+ 
+ #endif /* XLOG_H */
+Index: nfs-utils-2.3.3/support/nfs/xcommon.c
+===================================================================
+--- nfs-utils-2.3.3.orig/support/nfs/xcommon.c
++++ nfs-utils-2.3.3/support/nfs/xcommon.c
+@@ -93,7 +93,10 @@ nfs_error (const char *fmt, ...) {
+ 
+      fmt2 = xstrconcat2 (fmt, "\n");
+      va_start (args, fmt);
++#pragma clang diagnostic push
++#pragma clang diagnostic ignored "-Wformat-nonliteral"
+      vfprintf (stderr, fmt2, args);
++#pragma clang diagnostic pop
+      va_end (args);
+      free (fmt2);
+ }
+Index: nfs-utils-2.3.3/utils/exportfs/exportfs.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/exportfs/exportfs.c
++++ nfs-utils-2.3.3/utils/exportfs/exportfs.c
+@@ -644,6 +644,7 @@ out:
+ 	return result;
+ }
+ 
++__attribute__((__format__ (__printf__, 2, 3)))
+ static char
+ dumpopt(char c, char *fmt, ...)
+ {
+Index: nfs-utils-2.3.3/utils/statd/statd.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/statd/statd.c
++++ nfs-utils-2.3.3/utils/statd/statd.c
+@@ -136,7 +136,7 @@ static void log_modes(void)
+ 	strcat(buf, "TI-RPC ");
+ #endif
+ 
+-	xlog_warn(buf);
++	xlog_warn("%s", buf);
+ }
+ 
+ /*
+Index: nfs-utils-2.3.3/support/nfs/svc_create.c
+===================================================================
+--- nfs-utils-2.3.3.orig/support/nfs/svc_create.c
++++ nfs-utils-2.3.3/support/nfs/svc_create.c
+@@ -184,7 +184,7 @@ svc_create_sock(const struct sockaddr *s
+ 		type = SOCK_STREAM;
+ 		break;
+ 	default:
+-		xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %u",
++		xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %lu",
+ 			__func__, nconf->nc_semantics);
+ 		return -1;
+ 	}
+Index: nfs-utils-2.3.3/support/nsm/rpc.c
+===================================================================
+--- nfs-utils-2.3.3.orig/support/nsm/rpc.c
++++ nfs-utils-2.3.3/support/nsm/rpc.c
+@@ -182,7 +182,7 @@ nsm_xmit_getport(const int sock, const s
+ 	uint32_t xid;
+ 	XDR xdr;
+ 
+-	xlog(D_CALL, "Sending PMAP_GETPORT for %u, %u, udp", program, version);
++	xlog(D_CALL, "Sending PMAP_GETPORT for %lu, %lu, udp", program, version);
+ 
+ 	nsm_init_xdrmem(msgbuf, NSM_MAXMSGSIZE, &xdr);
+ 	xid = nsm_init_rpc_header(PMAPPROG, PMAPVERS,
+Index: nfs-utils-2.3.3/utils/mountd/cache.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/mountd/cache.c
++++ nfs-utils-2.3.3/utils/mountd/cache.c
+@@ -968,8 +968,7 @@ lookup_export(char *dom, char *path, str
+ 			} else if (found_type == i && found->m_warned == 0) {
+ 				xlog(L_WARNING, "%s exported to both %s and %s, "
+ 				     "arbitrarily choosing options from first",
+-				     path, found->m_client->m_hostname, exp->m_client->m_hostname,
+-				     dom);
++				     path, found->m_client->m_hostname, exp->m_client->m_hostname);
+ 				found->m_warned = 1;
+ 			}
+ 		}
+Index: nfs-utils-2.3.3/utils/mountd/mountd.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/mountd/mountd.c
++++ nfs-utils-2.3.3/utils/mountd/mountd.c
+@@ -213,7 +213,7 @@ static void
+ sig_hup (int sig)
+ {
+ 	/* don't exit on SIGHUP */
+-	xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig);
++	xlog (L_NOTICE, "Received SIGHUP(%d)... Ignoring.\n", sig);
+ 	return;
+ }
+ 
+Index: nfs-utils-2.3.3/utils/statd/rmtcall.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/statd/rmtcall.c
++++ nfs-utils-2.3.3/utils/statd/rmtcall.c
+@@ -247,7 +247,7 @@ process_reply(FD_SET_TYPE *rfds)
+ 		xlog_warn("%s: service %d not registered on localhost",
+ 			__func__, NL_MY_PROG(lp));
+ 	} else {
+-		xlog(D_GENERAL, "%s: Callback to %s (for %d) succeeded",
++		xlog(D_GENERAL, "%s: Callback to %s (for %s) succeeded",
+ 			__func__, NL_MY_NAME(lp), NL_MON_NAME(lp));
+ 	}
+ 	nlist_free(&notify, lp);
+Index: nfs-utils-2.3.3/utils/statd/svc_run.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/statd/svc_run.c
++++ nfs-utils-2.3.3/utils/statd/svc_run.c
+@@ -53,6 +53,7 @@
+ 
+ #include <errno.h>
+ #include <time.h>
++#include <inttypes.h>
+ #include "statd.h"
+ #include "notlist.h"
+ 
+@@ -104,8 +105,8 @@ my_svc_run(int sockfd)
+ 
+ 			tv.tv_sec  = NL_WHEN(notify) - now;
+ 			tv.tv_usec = 0;
+-			xlog(D_GENERAL, "Waiting for reply... (timeo %d)",
+-							tv.tv_sec);
++			xlog(D_GENERAL, "Waiting for reply... (timeo %jd)",
++							(intmax_t)tv.tv_sec);
+ 			selret = select(FD_SETSIZE, &readfds,
+ 				(void *) 0, (void *) 0, &tv);
+ 		} else {
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
deleted file mode 100644
index 993f1e5ea..000000000
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-nfs-utils: Do not pass CFLAGS to gcc while building
-
-Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has
-been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD).
-
-Upstream-Status: Pending
-
-Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
----
- tools/locktest/Makefile.am |    2 ++
- tools/rpcgen/Makefile.am   |    2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
-index 3156815..1729fd1 100644
---- a/tools/locktest/Makefile.am
-+++ b/tools/locktest/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
- 
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
- 
- noinst_PROGRAMS = testlk
-diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am
-index 8a9ec89..8bacdaa 100644
---- a/tools/rpcgen/Makefile.am
-+++ b/tools/rpcgen/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
- 
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
- 
- noinst_PROGRAMS = rpcgen
--- 
-1.7.9.5
-
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
index a169e6a22..22002fadc 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
@@ -1,17 +1,24 @@
+From caa19231196d73541445728e6813c8fa70345acb Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Tue, 26 Jun 2018 15:59:00 +0800
+Subject: [PATCH] nfs-utils: 2.1.1 -> 2.3.1
+
 Fixed:
 configure: error: res_querydomain needed
 
-Upstream-Status: Pending [https://git.alpinelinux.org/cgit/aports/tree/main/nfs-utils/musl-res_querydomain.patch?id=f6734a77d3caee73325f8cc1f77d1b5117a75096]
+Upstream-Status: Pending [https://github.com/alpinelinux/aports/blob/master/main/nfs-utils/musl-configure_ac.patch]
 
 Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+
 ---
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ configure.ac | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
+index 276dec3..760238b 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -401,7 +401,7 @@ if test "$enable_gss" = yes; then
+@@ -408,7 +408,7 @@ if test "$enable_gss" = yes; then
  fi
  
  dnl libdnsidmap specific checks
@@ -20,3 +27,31 @@ diff --git a/configure.ac b/configure.ac
  
  AC_ARG_ENABLE([ldap],
  	[AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:default=detect@:>@])])
+@@ -547,11 +547,11 @@ my_am_cflags="\
+  -pipe \
+  -Wall \
+  -Wextra \
+- -Werror=strict-prototypes \
+- -Werror=missing-prototypes \
+- -Werror=missing-declarations \
++ -Wstrict-prototypes \
++ -Wmissing-prototypes \
++ -Wmissing-declarations \
+  -Werror=format=2 \
+- -Werror=undef \
++ -Wundef \
+  -Werror=missing-include-dirs \
+  -Werror=strict-aliasing=2 \
+  -Werror=init-self \
+@@ -579,10 +579,9 @@ AC_DEFUN([CHECK_CCSUPPORT], [
+ 
+ CHECK_CCSUPPORT([-Werror=format-overflow=2], [flg1])
+ CHECK_CCSUPPORT([-Werror=int-conversion], [flg2])
+-CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3])
+ CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4])
+ 
+-AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"])
++AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg4"])
+ 
+ # Make sure that $ACLOCAL_FLAGS are used during a rebuild
+ AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"])
diff --git a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.3.bb
index 6d450c751..ac4437b92 100644
--- a/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.1.bb
+++ b/poky/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.3.bb
@@ -26,16 +26,21 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
            file://nfs-mountd.service \
            file://nfs-statd.service \
            file://proc-fs-nfsd.mount \
-           file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \
            file://nfs-utils-debianize-start-statd.patch \
            file://bugfix-adjust-statd-service-name.patch \
            file://nfs-utils-musl-limits.patch \
+           file://0001-cacheio-use-intmax_t-for-formatted-IO.patch \
+           file://0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch \
+           file://clang-format-string.patch \
+           file://0001-Makefile.am-update-the-path-of-libnfs.a.patch \
+           file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
+           file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \
 "
-
+SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch"
 SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch"
 
-SRC_URI[md5sum] = "d77b182a9ee396aa6221ac2401ad7046"
-SRC_URI[sha256sum] = "96d06b5a86b185815760d8f04c34fdface8fa8b9949ff256ac05c3ebc08335a5"
+SRC_URI[md5sum] = "b6c9c032995af1c08fea9fbcc1ce33e9"
+SRC_URI[sha256sum] = "f68b34793831b05f1fd5760d6bdec92772c7684177586a99a61e7b444f336322"
 
 # Only kernel-module-nfsd is required here (but can be built-in)  - the nfsd module will
 # pull in the remainder of the dependencies.
@@ -62,6 +67,8 @@ EXTRA_OECONF = "--with-statduser=rpcuser \
                 --with-statdpath=/var/lib/nfs/statd \
                "
 
+CFLAGS += "-Wno-error=format-overflow"
+
 PACKAGECONFIG ??= "tcp-wrappers \
     ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
 "
@@ -140,11 +147,6 @@ do_install_append () {
 	chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd
 	chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state
 
-	# the following are built by CC_FOR_BUILD
-	rm -f ${D}${sbindir}/rpcdebug
-	rm -f ${D}${sbindir}/rpcgen
-	rm -f ${D}${sbindir}/locktest
-
         # Make python tools use python 3
         sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat
 
diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb
deleted file mode 100644
index be7d9ea85..000000000
--- a/poky/meta/recipes-connectivity/ofono/ofono_1.24.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require ofono.inc
-
-SRC_URI  = "\
-  ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
-  file://ofono \
-  file://use-python3.patch \
-"
-SRC_URI[md5sum] = "be24e80f6551f46fea0c5b5879964d6c"
-SRC_URI[sha256sum] = "9c8e351b7658f4b43f9a4380b731c47d2d7544a89987c48c3f227e73636c87ae"
diff --git a/poky/meta/recipes-connectivity/ofono/ofono_1.25.bb b/poky/meta/recipes-connectivity/ofono/ofono_1.25.bb
new file mode 100644
index 000000000..3688b9d2f
--- /dev/null
+++ b/poky/meta/recipes-connectivity/ofono/ofono_1.25.bb
@@ -0,0 +1,9 @@
+require ofono.inc
+
+SRC_URI  = "\
+  ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+  file://ofono \
+  file://use-python3.patch \
+"
+SRC_URI[md5sum] = "31450cabdd8dbbf3f808ea2f2f066863"
+SRC_URI[sha256sum] = "eb011fcd3080e93f3a56f96be60350b6595a8b5f36b61646312ba41b0bcb0d75"
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb b/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
index f54dfb5de..2a23f64b8 100644
--- a/poky/meta/recipes-connectivity/openssh/openssh_7.8p1+git.bb
+++ b/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8"
 DEPENDS = "zlib openssl"
 DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
-SRC_URI = "git://github.com/openssh/openssh-portable;branch=master \
+SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
            file://sshd_config \
            file://ssh_config \
            file://init \
@@ -25,13 +25,11 @@ SRC_URI = "git://github.com/openssh/openssh-portable;branch=master \
            file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
            "
+SRC_URI[md5sum] = "c6af50b7a474d04726a5aa747a5dce8f"
+SRC_URI[sha256sum] = "6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad"
 
 PAM_SRC_URI = "file://sshd"
 
-SRCREV = "cce8cbe0ed7d1ba3a575310e0b63c193326ae616"
-
-S = "${WORKDIR}/git"
-
 inherit useradd update-rc.d update-alternatives systemd
 
 USERADD_PACKAGES = "${PN}-sshd"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
index 80b62ab18..949c78834 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ b/poky/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -20,6 +20,11 @@ https://patchwork.openembedded.org/patch/147229/
 
 Upstream-Status: Inappropriate [OE specific]
 Signed-off-by: Martin Hundebøll <martin@geanix.com>
+
+
+Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
 ---
  Configurations/unix-Makefile.tmpl | 10 +++++++++-
  crypto/build.info                 |  2 +-
@@ -29,7 +34,7 @@ diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tm
 index 16af4d2087..54c162784c 100644
 --- a/Configurations/unix-Makefile.tmpl
 +++ b/Configurations/unix-Makefile.tmpl
-@@ -317,13 +317,21 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
+@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
                           '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
  BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
  
@@ -43,6 +48,7 @@ index 16af4d2087..54c162784c 100644
  
 +CFLAGS_Q={- for (@{$config{CFLAGS}}) {
 +              s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
++              s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
 +            }
 +            join(' ', @{$config{CFLAGS}}) -}
 +
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch
new file mode 100644
index 000000000..900ef97fc
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch
@@ -0,0 +1,69 @@
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 5 Mar 2019 14:39:15 +0000
+Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305
+
+ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
+every encryption operation. RFC 7539 specifies that the nonce value (IV)
+should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
+front pads the nonce with 0 bytes if it is less than 12 bytes. However it
+also incorrectly allows a nonce to be set of up to 16 bytes. In this case
+only the last 12 bytes are significant and any additional leading bytes are
+ignored.
+
+It is a requirement of using this cipher that nonce values are unique.
+Messages encrypted using a reused nonce value are susceptible to serious
+confidentiality and integrity attacks. If an application changes the
+default nonce length to be longer than 12 bytes and then makes a change to
+the leading bytes of the nonce expecting the new value to be a new unique
+nonce then such an application could inadvertently encrypt messages with a
+reused nonce.
+
+Additionally the ignored bytes in a long nonce are not covered by the
+integrity guarantee of this cipher. Any application that relies on the
+integrity of these ignored leading bytes of a long nonce may be further
+affected.
+
+Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
+because no such use sets such a long nonce value. However user
+applications that use this cipher directly and set a non-default nonce
+length to be longer than 12 bytes may be vulnerable.
+
+CVE: CVE-2019-1543
+
+Fixes #8345
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8406)
+
+(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6)
+---
+ crypto/evp/e_chacha20_poly1305.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
+index c1917bb86a6..d3e2c622a1b 100644
+--- a/crypto/evp/e_chacha20_poly1305.c
++++ b/crypto/evp/e_chacha20_poly1305.c
+@@ -30,6 +30,8 @@ typedef struct {
+ 
+ #define data(ctx)   ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
+ 
++#define CHACHA20_POLY1305_MAX_IVLEN     12
++
+ static int chacha_init_key(EVP_CIPHER_CTX *ctx,
+                            const unsigned char user_key[CHACHA_KEY_SIZE],
+                            const unsigned char iv[CHACHA_CTR_SIZE], int enc)
+@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+         return 1;
+ 
+     case EVP_CTRL_AEAD_SET_IVLEN:
+-        if (arg <= 0 || arg > CHACHA_CTR_SIZE)
++        if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
+             return 0;
+         actx->nonce_len = arg;
+         return 1;
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch b/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch
new file mode 100644
index 000000000..7c4b084f3
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssl/openssl/afalg.patch
@@ -0,0 +1,31 @@
+Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
+
+Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/Configure b/Configure
+index 3baa8ce..9ef52ed 100755
+--- a/Configure
++++ b/Configure
+@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
+ unless ($disabled{afalgeng}) {
+     $config{afalgeng}="";
+     if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+-        my $minver = 4*10000 + 1*100 + 0;
+-        if ($config{CROSS_COMPILE} eq "") {
+-            my $verstr = `uname -r`;
+-            my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+-            ($mi2) = $mi2 =~ /(\d+)/;
+-            my $ver = $ma*10000 + $mi1*100 + $mi2;
+-            if ($ver < $minver) {
+-                $disabled{afalgeng} = "too-old-kernel";
+-            } else {
+-                push @{$config{engdirs}}, "afalg";
+-            }
+-        } else {
+-            $disabled{afalgeng} = "cross-compiling";
+-        }
++        push @{$config{engdirs}}, "afalg";
+     } else {
+         $disabled{afalgeng}  = "not-linux";
+     }
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
deleted file mode 100644
index 6620fdcb5..000000000
--- a/poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/sh
-#
-# Ben Secrest <blsecres@gmail.com>
-#
-# sh c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-#
-# based on the c_rehash perl script distributed with openssl
-#
-# LICENSE: See OpenSSL license
-# ^^acceptable?^^
-#
-
-# default certificate location
-DIR=/etc/openssl
-
-# for filetype bitfield
-IS_CERT=$(( 1 << 0 ))
-IS_CRL=$(( 1 << 1 ))
-
-
-# check to see if a file is a certificate file or a CRL file
-# arguments:
-#       1. the filename to be scanned
-# returns:
-#       bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
-#
-check_file()
-{
-    local IS_TYPE=0
-
-    # make IFS a newline so we can process grep output line by line
-    local OLDIFS=${IFS}
-    IFS=$( printf "\n" )
-
-    # XXX: could be more efficient to have two 'grep -m' but is -m portable?
-    for LINE in $( grep '^-----BEGIN .*-----' ${1} )
-    do
-	if echo ${LINE} \
-	    | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
-	then
-	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
-
-	    if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
-	    then
-	    	break
-	    fi
-	elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
-	then
-	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
-
-	    if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
-	    then
-	    	break
-	    fi
-	fi
-    done
-
-    # restore IFS
-    IFS=${OLDIFS}
-
-    return ${IS_TYPE}
-}
-
-
-#
-# use openssl to fingerprint a file
-#    arguments:
-#	1. the filename to fingerprint
-#	2. the method to use (x509, crl)
-#    returns:
-#	none
-#    assumptions:
-#	user will capture output from last stage of pipeline
-#
-fingerprint()
-{
-    ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
-}
-
-
-#
-# link_hash - create links to certificate files
-#    arguments:
-#       1. the filename to create a link for
-#	2. the type of certificate being linked (x509, crl)
-#    returns:
-#	0 on success, 1 otherwise
-#
-link_hash()
-{
-    local FINGERPRINT=$( fingerprint ${1} ${2} )
-    local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
-    local SUFFIX=0
-    local LINKFILE=''
-    local TAG=''
-
-    if [ ${2} = "crl" ]
-    then
-    	TAG='r'
-    fi
-
-    LINKFILE=${HASH}.${TAG}${SUFFIX}
-
-    while [ -f ${LINKFILE} ]
-    do
-	if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
-	then
-	    echo "NOTE: Skipping duplicate file ${1}" >&2
-	    return 1
-	fi	
-
-	SUFFIX=$(( ${SUFFIX} + 1 ))
-	LINKFILE=${HASH}.${TAG}${SUFFIX}
-    done
-
-    echo "${3} => ${LINKFILE}"
-
-    # assume any system with a POSIX shell will either support symlinks or
-    # do something to handle this gracefully
-    ln -s ${3} ${LINKFILE}
-
-    return 0
-}
-
-
-# hash_dir create hash links in a given directory
-hash_dir()
-{
-    echo "Doing ${1}"
-
-    cd ${1}
-
-    ls -1 * 2>/dev/null | while read FILE
-    do
-        if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
-	    	&& [ -h "${FILE}" ]
-        then
-            rm ${FILE}
-        fi
-    done
-
-    ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
-    do
-	REAL_FILE=${FILE}
-	# if we run on build host then get to the real files in rootfs
-	if [ -n "${SYSROOT}" -a -h ${FILE} ]
-	then
-	    FILE=$( readlink ${FILE} )
-	    # check the symlink is absolute (or dangling in other word)
-	    if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
-	    then
-		REAL_FILE=${SYSROOT}/${FILE}
-	    fi
-	fi
-
-	check_file ${REAL_FILE}
-        local FILE_TYPE=${?}
-	local TYPE_STR=''
-
-        if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
-        then
-            TYPE_STR='x509'
-        elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
-        then
-            TYPE_STR='crl'
-        else
-            echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
-	    continue
-        fi
-
-	link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
-    done
-}
-
-
-# choose the name of an ssl application
-if [ -n "${OPENSSL}" ]
-then
-    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
-else
-    SSL_CMD=/usr/bin/openssl
-    OPENSSL=${SSL_CMD}
-    export OPENSSL
-fi
-
-# fix paths
-PATH=${PATH}:${DIR}/bin
-export PATH
-
-# confirm existance/executability of ssl command
-if ! [ -x ${SSL_CMD} ]
-then
-    echo "${0}: rehashing skipped ('openssl' program not available)" >&2
-    exit 0
-fi
-
-# determine which directories to process
-old_IFS=$IFS
-if [ ${#} -gt 0 ]
-then
-    IFS=':'
-    DIRLIST=${*}
-elif [ -n "${SSL_CERT_DIR}" ]
-then
-    DIRLIST=$SSL_CERT_DIR
-else
-    DIRLIST=${DIR}/certs
-fi
-
-IFS=':'
-
-# process directories
-for CERT_DIR in ${DIRLIST}
-do
-    if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
-    then
-        IFS=$old_IFS
-        hash_dir ${CERT_DIR}
-        IFS=':'
-    fi
-done
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/run-ptest b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest
index 0a620dea7..3fb22471f 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ b/poky/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -9,4 +9,4 @@ export TOP=.
 # OPENSSL_ENGINES is relative from the test binaries
 export OPENSSL_ENGINES=../engines
 
-perl ./test/run_tests.pl $*
+perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;'
diff --git a/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
index 54af100f9..87df4f517 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl10_1.0.2r.bb
@@ -53,8 +53,8 @@ SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
-SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"
+SRC_URI[md5sum] = "0d2baaf04c56d542f6cc757b9c2a2aac"
+SRC_URI[sha256sum] = "ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6"
 
 S = "${WORKDIR}/openssl-${PV}"
 
@@ -78,9 +78,6 @@ EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABL
 
 export OE_LDFLAGS = "${LDFLAGS}"
 
-# openssl fails with ccache: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12810
-CCACHE = ""
-
 TERMIO ?= "-DTERMIO"
 TERMIO_libc-musl = "-DTERMIOS"
 EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
diff --git a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
index e9e9facd3..d3404d2ef 100644
--- a/poky/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
+++ b/poky/meta/recipes-connectivity/openssl/openssl_1.1.1b.bb
@@ -7,26 +7,33 @@ SECTION = "libs/network"
 # "openssl" here actually means both OpenSSL and SSLeay licenses apply
 # (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
 LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
 
 DEPENDS = "hostperl-runtime-native"
 
 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://run-ptest \
-           file://openssl-c_rehash.sh \
            file://0001-skip-test_symbol_presence.patch \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+           file://afalg.patch \
+           file://CVE-2019-1543.patch \
            "
 
 SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[md5sum] = "963deb2272d6be7d4c2458afd2517b73"
-SRC_URI[sha256sum] = "fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41"
+SRC_URI[md5sum] = "4532712e7bcc9414f5bce995e4e13930"
+SRC_URI[sha256sum] = "5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b"
 
 inherit lib_package multilib_header ptest
 
+PACKAGECONFIG ?= ""
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+
 B = "${WORKDIR}/build"
 do_configure[cleandirs] = "${B}"
 
@@ -113,6 +120,7 @@ do_configure () {
 	# environment variables set by bitbake. Adjust the environment variables instead.
 	PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
 	perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
+	perl ${B}/configdata.pm --dump
 }
 
 do_install () {
@@ -141,12 +149,6 @@ do_install_append_class-native () {
 	    SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
 	    SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
 	    OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
-
-	# Install a custom version of c_rehash that can handle sysroots properly.
-	# This version is used for example when installing ca-certificates during
-	# image creation.
-	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
-	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
 }
 
 do_install_append_class-nativesdk () {
@@ -195,16 +197,10 @@ FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/open
 CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 
 RRECOMMENDS_libcrypto += "openssl-conf"
-RDEPENDS_${PN}-bin = "perl"
-RDEPENDS_${PN}-misc = "perl"
-RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash python"
+RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
 
 RPROVIDES_openssl-conf = "openssl10-conf"
 RREPLACES_openssl-conf = "openssl10-conf"
 RCONFLICTS_openssl-conf = "openssl10-conf"
 
 BBCLASSEXTEND = "native nativesdk"
-
-inherit multilib_script
-
-MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
new file mode 100644
index 000000000..a476cf040
--- /dev/null
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
@@ -0,0 +1,52 @@
+From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001
+From: Joshua DeWeese <jdeweese@hennypenny.com>
+Date: Wed, 30 Jan 2019 16:19:47 -0500
+Subject: [PATCH] replace systemd install Alias with WantedBy
+
+According to the systemd documentation "WantedBy=foo.service in a
+service bar.service is mostly equivalent to
+Alias=foo.service.wants/bar.service in the same file." However,
+this is not really the intended purpose of install Aliases.
+
+Upstream-Status: Submitted [hostap@lists.infradead.org]
+
+Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
+---
+ wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in   | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant.service.arg.in         | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+index 03ac507..da69a87 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+index c8a744d..ca3054b 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+index 7788b38..55d2b9c 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant@%i.service
++WantedBy=multi-user.target
+-- 
+2.7.4
+
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch
deleted file mode 100644
index d4d49e7fc..000000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch
+++ /dev/null
@@ -1,191 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 14 Jul 2017 15:15:35 +0200
-Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
-
-Do not reinstall TK to the driver during Reassociation Response frame
-processing if the first attempt of setting the TK succeeded. This avoids
-issues related to clearing the TX/RX PN that could result in reusing
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and
-also hitting replay protection on the receiver) and accepting replayed
-frames on RX side.
-
-This issue was introduced by the commit
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple
-times with the same PTK. While the second configuration attempt is
-needed with some drivers, it must be done only if the first attempt
-failed.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/ap/ieee802_11.c  | 16 +++++++++++++---
- src/ap/wpa_auth.c    | 11 +++++++++++
- src/ap/wpa_auth.h    |  3 ++-
- src/ap/wpa_auth_ft.c | 10 ++++++++++
- src/ap/wpa_auth_i.h  |  1 +
- 5 files changed, 37 insertions(+), 4 deletions(-)
-
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index 4e04169..333035f 100644
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
- {
- 	struct ieee80211_ht_capabilities ht_cap;
- 	struct ieee80211_vht_capabilities vht_cap;
-+	int set = 1;
- 
- 	/*
- 	 * Remove the STA entry to ensure the STA PS state gets cleared and
-@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
- 	 * FT-over-the-DS, where a station re-associates back to the same AP but
- 	 * skips the authentication flow, or if working with a driver that
- 	 * does not support full AP client state.
-+	 *
-+	 * Skip this if the STA has already completed FT reassociation and the
-+	 * TK has been configured since the TX/RX PN must not be reset to 0 for
-+	 * the same key.
- 	 */
--	if (!sta->added_unassoc)
-+	if (!sta->added_unassoc &&
-+	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
-+	     !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
- 		hostapd_drv_sta_remove(hapd, sta->addr);
-+		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
-+		set = 0;
-+	}
- 
- #ifdef CONFIG_IEEE80211N
- 	if (sta->flags & WLAN_STA_HT)
-@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
- 			    sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
- 			    sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
- 			    sta->vht_opmode, sta->p2p_ie ? 1 : 0,
--			    sta->added_unassoc)) {
-+			    set)) {
- 		hostapd_logger(hapd, sta->addr,
- 			       HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
- 			       "Could not %s STA to kernel driver",
--			       sta->added_unassoc ? "set" : "add");
-+			       set ? "set" : "add");
- 
- 		if (sta->added_unassoc) {
- 			hostapd_drv_sta_remove(hapd, sta->addr);
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 3587086..707971d 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
- #else /* CONFIG_IEEE80211R */
- 		break;
- #endif /* CONFIG_IEEE80211R */
-+	case WPA_DRV_STA_REMOVED:
-+		sm->tk_already_set = FALSE;
-+		return 0;
- 	}
- 
- #ifdef CONFIG_IEEE80211R
-@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
- }
- 
- 
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
-+{
-+	if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
-+		return 0;
-+	return sm->tk_already_set;
-+}
-+
-+
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- 			     struct rsn_pmksa_cache_entry *entry)
- {
-diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
-index 0de8d97..97461b0 100644
---- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
- 		 u8 *data, size_t data_len);
- enum wpa_event {
- 	WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
--	WPA_REAUTH_EAPOL, WPA_ASSOC_FT
-+	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
- };
- void wpa_remove_ptk(struct wpa_state_machine *sm);
- int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
-@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
- int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
- int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
- int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- 			     struct rsn_pmksa_cache_entry *entry);
- struct rsn_pmksa_cache_entry *
-diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
-index 42242a5..e63b99a 100644
---- a/src/ap/wpa_auth_ft.c
-+++ b/src/ap/wpa_auth_ft.c
-@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
- 		return;
- 	}
- 
-+	if (sm->tk_already_set) {
-+		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
-+		 * PN in the driver */
-+		wpa_printf(MSG_DEBUG,
-+			   "FT: Do not re-install same PTK to the driver");
-+		return;
-+	}
-+
- 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
- 	 * most likely without this.. At the moment, STA entry is added only
- 	 * after association has been completed. This function will be called
-@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
- 
- 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
- 	sm->pairwise_set = TRUE;
-+	sm->tk_already_set = TRUE;
- }
- 
- 
-@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
- 
- 	sm->pairwise = pairwise;
- 	sm->PTK_valid = TRUE;
-+	sm->tk_already_set = FALSE;
- 	wpa_ft_install_ptk(sm);
- 
- 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
-diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
-index 72b7eb3..7fd8f05 100644
---- a/src/ap/wpa_auth_i.h
-+++ b/src/ap/wpa_auth_i.h
-@@ -65,6 +65,7 @@ struct wpa_state_machine {
- 	struct wpa_ptk PTK;
- 	Boolean PTK_valid;
- 	Boolean pairwise_set;
-+	Boolean tk_already_set;
- 	int keycount;
- 	Boolean Pair;
- 	struct wpa_key_replay_counter {
--- 
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch
deleted file mode 100644
index 501bb4b56..000000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Wed, 12 Jul 2017 16:03:24 +0200
-Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
-
-Track the current GTK and IGTK that is in use and when receiving a
-(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
-not install the given key if it is already in use. This prevents an
-attacker from trying to trick the client into resetting or lowering the
-sequence counter associated to the group key.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h |  11 +++++
- src/rsn_supp/wpa.c      | 116 ++++++++++++++++++++++++++++++------------------
- src/rsn_supp/wpa_i.h    |   4 ++
- 3 files changed, 87 insertions(+), 44 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index af1d0f0..d200285 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -217,6 +217,17 @@ struct wpa_ptk {
- 	size_t tk_len;
- };
- 
-+struct wpa_gtk {
-+	u8 gtk[WPA_GTK_MAX_LEN];
-+	size_t gtk_len;
-+};
-+
-+#ifdef CONFIG_IEEE80211W
-+struct wpa_igtk {
-+	u8 igtk[WPA_IGTK_MAX_LEN];
-+	size_t igtk_len;
-+};
-+#endif /* CONFIG_IEEE80211W */
- 
- /* WPA IE version 1
-  * 00-50-f2:1 (OUI:OUI type)
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 3c47879..95bd7be 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- 	const u8 *_gtk = gd->gtk;
- 	u8 gtk_buf[32];
- 
-+	/* Detect possible key reinstallation */
-+	if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+	    os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
-+			gd->keyidx, gd->tx, gd->gtk_len);
-+		return 0;
-+	}
-+
- 	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
- 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
-@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- 	}
- 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
- 
-+	sm->gtk.gtk_len = gd->gtk_len;
-+	os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+
- 	return 0;
- }
- 
-@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- }
- 
- 
-+#ifdef CONFIG_IEEE80211W
-+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-+				       const struct wpa_igtk_kde *igtk)
-+{
-+	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
-+	u16 keyidx = WPA_GET_LE16(igtk->keyid);
-+
-+	/* Detect possible key reinstallation */
-+	if (sm->igtk.igtk_len == len &&
-+	    os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
-+			keyidx);
-+		return  0;
-+	}
-+
-+	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+		"WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
-+		keyidx, MAC2STR(igtk->pn));
-+	wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
-+	if (keyidx > 4095) {
-+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+			"WPA: Invalid IGTK KeyID %d", keyidx);
-+		return -1;
-+	}
-+	if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-+			   broadcast_ether_addr,
-+			   keyidx, 0, igtk->pn, sizeof(igtk->pn),
-+			   igtk->igtk, len) < 0) {
-+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+			"WPA: Failed to configure IGTK to the driver");
-+		return -1;
-+	}
-+
-+	sm->igtk.igtk_len = len;
-+	os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+
-+	return 0;
-+}
-+#endif /* CONFIG_IEEE80211W */
-+
-+
- static int ieee80211w_set_keys(struct wpa_sm *sm,
- 			       struct wpa_eapol_ie_parse *ie)
- {
-@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- 	if (ie->igtk) {
- 		size_t len;
- 		const struct wpa_igtk_kde *igtk;
--		u16 keyidx;
-+
- 		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- 		if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
- 			return -1;
-+
- 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
--		keyidx = WPA_GET_LE16(igtk->keyid);
--		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
--			"pn %02x%02x%02x%02x%02x%02x",
--			keyidx, MAC2STR(igtk->pn));
--		wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
--				igtk->igtk, len);
--		if (keyidx > 4095) {
--			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
--				"WPA: Invalid IGTK KeyID %d", keyidx);
--			return -1;
--		}
--		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
--				   broadcast_ether_addr,
--				   keyidx, 0, igtk->pn, sizeof(igtk->pn),
--				   igtk->igtk, len) < 0) {
--			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
--				"WPA: Failed to configure IGTK to the driver");
-+		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- 			return -1;
--		}
- 	}
- 
- 	return 0;
-@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
-  */
- void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- {
--	int clear_ptk = 1;
-+	int clear_keys = 1;
- 
- 	if (sm == NULL)
- 		return;
-@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- 		/* Prepare for the next transition */
- 		wpa_ft_prepare_auth_request(sm, NULL);
- 
--		clear_ptk = 0;
-+		clear_keys = 0;
- 	}
- #endif /* CONFIG_IEEE80211R */
- 
--	if (clear_ptk) {
-+	if (clear_keys) {
- 		/*
- 		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
- 		 * this is not part of a Fast BSS Transition.
-@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- 		os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- 		sm->tptk_set = 0;
- 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- 	}
- 
- #ifdef CONFIG_TDLS
-@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- 	os_memset(sm->pmk, 0, sizeof(sm->pmk));
- 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
- 	os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
-@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- 		os_memset(&gd, 0, sizeof(gd));
- #ifdef CONFIG_IEEE80211W
- 	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
--		struct wpa_igtk_kde igd;
--		u16 keyidx;
--
--		os_memset(&igd, 0, sizeof(igd));
--		keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
--		os_memcpy(igd.keyid, buf + 2, 2);
--		os_memcpy(igd.pn, buf + 4, 6);
--
--		keyidx = WPA_GET_LE16(igd.keyid);
--		os_memcpy(igd.igtk, buf + 10, keylen);
--
--		wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
--				igd.igtk, keylen);
--		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
--				   broadcast_ether_addr,
--				   keyidx, 0, igd.pn, sizeof(igd.pn),
--				   igd.igtk, keylen) < 0) {
--			wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
--				   "WNM mode");
--			os_memset(&igd, 0, sizeof(igd));
-+		const struct wpa_igtk_kde *igtk;
-+
-+		igtk = (const struct wpa_igtk_kde *) (buf + 2);
-+		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- 			return -1;
--		}
--		os_memset(&igd, 0, sizeof(igd));
- #endif /* CONFIG_IEEE80211W */
- 	} else {
- 		wpa_printf(MSG_DEBUG, "Unknown element id");
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index f653ba6..afc9e37 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -31,6 +31,10 @@ struct wpa_sm {
- 	u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
- 	int rx_replay_counter_set;
- 	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
-+	struct wpa_gtk gtk;
-+#ifdef CONFIG_IEEE80211W
-+	struct wpa_igtk igtk;
-+#endif /* CONFIG_IEEE80211W */
- 
- 	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
- 
--- 
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch
deleted file mode 100644
index 2e2265585..000000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:12:24 +0300
-Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
- Mode cases
-
-This extends the protection to track last configured GTK/IGTK value
-separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
-corner case where these two different mechanisms may get used when the
-GTK/IGTK has changed and tracking a single value is not sufficient to
-detect a possible key reconfiguration.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c   | 53 +++++++++++++++++++++++++++++++++++++---------------
- src/rsn_supp/wpa_i.h |  2 ++
- 2 files changed, 40 insertions(+), 15 deletions(-)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 95bd7be..7a2c68d 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -709,14 +709,17 @@ struct wpa_gtk_data {
- 
- static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- 				      const struct wpa_gtk_data *gd,
--				      const u8 *key_rsc)
-+				      const u8 *key_rsc, int wnm_sleep)
- {
- 	const u8 *_gtk = gd->gtk;
- 	u8 gtk_buf[32];
- 
- 	/* Detect possible key reinstallation */
--	if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
--	    os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+	if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+	     os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
-+	    (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
-+	     os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+		       sm->gtk_wnm_sleep.gtk_len) == 0)) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
- 			gd->keyidx, gd->tx, gd->gtk_len);
-@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- 	}
- 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
- 
--	sm->gtk.gtk_len = gd->gtk_len;
--	os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+	if (wnm_sleep) {
-+		sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
-+		os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+			  sm->gtk_wnm_sleep.gtk_len);
-+	} else {
-+		sm->gtk.gtk_len = gd->gtk_len;
-+		os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+	}
- 
- 	return 0;
- }
-@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- 	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
- 					       gtk_len, gtk_len,
- 					       &gd.key_rsc_len, &gd.alg) ||
--	     wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
-+	     wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"RSN: Failed to install GTK");
- 		os_memset(&gd, 0, sizeof(gd));
-@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- 
- #ifdef CONFIG_IEEE80211W
- static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
--				       const struct wpa_igtk_kde *igtk)
-+				       const struct wpa_igtk_kde *igtk,
-+				       int wnm_sleep)
- {
- 	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- 	u16 keyidx = WPA_GET_LE16(igtk->keyid);
- 
- 	/* Detect possible key reinstallation */
--	if (sm->igtk.igtk_len == len &&
--	    os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+	if ((sm->igtk.igtk_len == len &&
-+	     os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
-+	    (sm->igtk_wnm_sleep.igtk_len == len &&
-+	     os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+		       sm->igtk_wnm_sleep.igtk_len) == 0)) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
- 			keyidx);
-@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
- 		return -1;
- 	}
- 
--	sm->igtk.igtk_len = len;
--	os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+	if (wnm_sleep) {
-+		sm->igtk_wnm_sleep.igtk_len = len;
-+		os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+			  sm->igtk_wnm_sleep.igtk_len);
-+	} else {
-+		sm->igtk.igtk_len = len;
-+		os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+	}
- 
- 	return 0;
- }
-@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- 			return -1;
- 
- 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
--		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+		if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
- 			return -1;
- 	}
- 
-@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
- 	if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
- 		key_rsc = null_rsc;
- 
--	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
-+	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
- 	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
- 		goto failed;
- 	os_memset(&gd, 0, sizeof(gd));
-@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- 		sm->tptk_set = 0;
- 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- 		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+		os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- 		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+		os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- 	}
- 
-@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- 	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+	os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- 	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+	os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
-@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- 
- 		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
- 				gd.gtk, gd.gtk_len);
--		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
-+		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
- 			os_memset(&gd, 0, sizeof(gd));
- 			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
- 				   "WNM mode");
-@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- 		const struct wpa_igtk_kde *igtk;
- 
- 		igtk = (const struct wpa_igtk_kde *) (buf + 2);
--		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+		if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
- 			return -1;
- #endif /* CONFIG_IEEE80211W */
- 	} else {
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index afc9e37..9a54631 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -32,8 +32,10 @@ struct wpa_sm {
- 	int rx_replay_counter_set;
- 	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
- 	struct wpa_gtk gtk;
-+	struct wpa_gtk gtk_wnm_sleep;
- #ifdef CONFIG_IEEE80211W
- 	struct wpa_igtk igtk;
-+	struct wpa_igtk igtk_wnm_sleep;
- #endif /* CONFIG_IEEE80211W */
- 
- 	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
--- 
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
deleted file mode 100644
index 6c1948696..000000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 29 Sep 2017 04:22:51 +0200
-Subject: [PATCH 4/8] Prevent installation of an all-zero TK
-
-Properly track whether a PTK has already been installed to the driver
-and the TK part cleared from memory. This prevents an attacker from
-trying to trick the client into installing an all-zero TK.
-
-This fixes the earlier fix in commit
-ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
-driver in EAPOL-Key 3/4 retry case') which did not take into account
-possibility of an extra message 1/4 showing up between retries of
-message 3/4.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h | 1 +
- src/rsn_supp/wpa.c      | 5 ++---
- src/rsn_supp/wpa_i.h    | 1 -
- 3 files changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index d200285..1021ccb 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -215,6 +215,7 @@ struct wpa_ptk {
- 	size_t kck_len;
- 	size_t kek_len;
- 	size_t tk_len;
-+	int installed; /* 1 if key has already been installed to driver */
- };
- 
- struct wpa_gtk {
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 7a2c68d..0550a41 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
- 		os_memset(buf, 0, sizeof(buf));
- 	}
- 	sm->tptk_set = 1;
--	sm->tk_to_set = 1;
- 
- 	kde = sm->assoc_wpa_ie;
- 	kde_len = sm->assoc_wpa_ie_len;
-@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
- 	enum wpa_alg alg;
- 	const u8 *key_rsc;
- 
--	if (!sm->tk_to_set) {
-+	if (sm->ptk.installed) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"WPA: Do not re-install same PTK to the driver");
- 		return 0;
-@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
- 
- 	/* TK is not needed anymore in supplicant */
- 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
--	sm->tk_to_set = 0;
-+	sm->ptk.installed = 1;
- 
- 	if (sm->wpa_ptk_rekey) {
- 		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 9a54631..41f371f 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -24,7 +24,6 @@ struct wpa_sm {
- 	struct wpa_ptk ptk, tptk;
- 	int ptk_set, tptk_set;
- 	unsigned int msg_3_of_4_ok:1;
--	unsigned int tk_to_set:1;
- 	u8 snonce[WPA_NONCE_LEN];
- 	u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
- 	int renew_snonce;
--- 
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
deleted file mode 100644
index b262dcac5..000000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:32:57 +0300
-Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
-
-The Authenticator state machine path for PTK rekeying ended up bypassing
-the AUTHENTICATION2 state where a new ANonce is generated when going
-directly to the PTKSTART state since there is no need to try to
-determine the PMK again in such a case. This is far from ideal since the
-new PTK would depend on a new nonce only from the supplicant.
-
-Fix this by generating a new ANonce when moving to the PTKSTART state
-for the purpose of starting new 4-way handshake to rekey PTK.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
- 1 file changed, 21 insertions(+), 3 deletions(-)
-
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 707971d..bf10cc1 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
- }
- 
- 
-+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
-+{
-+	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
-+		wpa_printf(MSG_ERROR,
-+			   "WPA: Failed to get random data for ANonce");
-+		sm->Disconnect = TRUE;
-+		return -1;
-+	}
-+	wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
-+		    WPA_NONCE_LEN);
-+	sm->TimeoutCtr = 0;
-+	return 0;
-+}
-+
-+
- SM_STATE(WPA_PTK, INITPMK)
- {
- 	u8 msk[2 * PMK_LEN];
-@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
- 		SM_ENTER(WPA_PTK, AUTHENTICATION);
- 	else if (sm->ReAuthenticationRequest)
- 		SM_ENTER(WPA_PTK, AUTHENTICATION2);
--	else if (sm->PTKRequest)
--		SM_ENTER(WPA_PTK, PTKSTART);
--	else switch (sm->wpa_ptk_state) {
-+	else if (sm->PTKRequest) {
-+		if (wpa_auth_sm_ptk_update(sm) < 0)
-+			SM_ENTER(WPA_PTK, DISCONNECTED);
-+		else
-+			SM_ENTER(WPA_PTK, PTKSTART);
-+	} else switch (sm->wpa_ptk_state) {
- 	case WPA_PTK_INITIALIZE:
- 		break;
- 	case WPA_PTK_DISCONNECT:
--- 
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch
deleted file mode 100644
index 15183f40c..000000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch
+++ /dev/null
@@ -1,149 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:03:15 +0300
-Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
-
-Do not try to reconfigure the same TPK-TK to the driver after it has
-been successfully configured. This is an explicit check to avoid issues
-related to resetting the TX/RX packet number. There was already a check
-for this for TPK M2 (retries of that message are ignored completely), so
-that behavior does not get modified.
-
-For TPK M3, the TPK-TK could have been reconfigured, but that was
-followed by immediate teardown of the link due to an issue in updating
-the STA entry. Furthermore, for TDLS with any real security (i.e.,
-ignoring open/WEP), the TPK message exchange is protected on the AP path
-and simple replay attacks are not feasible.
-
-As an additional corner case, make sure the local nonce gets updated if
-the peer uses a very unlikely "random nonce" of all zeros.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
- 1 file changed, 36 insertions(+), 2 deletions(-)
-
-diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
-index e424168..9eb9738 100644
---- a/src/rsn_supp/tdls.c
-+++ b/src/rsn_supp/tdls.c
-@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
- 		u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
- 	} tpk;
- 	int tpk_set;
-+	int tk_set; /* TPK-TK configured to the driver */
- 	int tpk_success;
- 	int tpk_in_progress;
- 
-@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- 	u8 rsc[6];
- 	enum wpa_alg alg;
- 
-+	if (peer->tk_set) {
-+		/*
-+		 * This same TPK-TK has already been configured to the driver
-+		 * and this new configuration attempt (likely due to an
-+		 * unexpected retransmitted frame) would result in clearing
-+		 * the TX/RX sequence number which can break security, so must
-+		 * not allow that to happen.
-+		 */
-+		wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
-+			   " has already been configured to the driver - do not reconfigure",
-+			   MAC2STR(peer->addr));
-+		return -1;
-+	}
-+
- 	os_memset(rsc, 0, 6);
- 
- 	switch (peer->cipher) {
-@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- 		return -1;
- 	}
- 
-+	wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
-+		   MAC2STR(peer->addr));
- 	if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
- 			   rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
- 		wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
- 			   "driver");
- 		return -1;
- 	}
-+	peer->tk_set = 1;
- 	return 0;
- }
- 
-@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- 	peer->cipher = 0;
- 	peer->qos_info = 0;
- 	peer->wmm_capable = 0;
--	peer->tpk_set = peer->tpk_success = 0;
-+	peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
- 	peer->chan_switch_enabled = 0;
- 	os_memset(&peer->tpk, 0, sizeof(peer->tpk));
- 	os_memset(peer->inonce, 0, WPA_NONCE_LEN);
-@@ -1159,6 +1177,7 @@ skip_rsnie:
- 		wpa_tdls_peer_free(sm, peer);
- 		return -1;
- 	}
-+	peer->tk_set = 0; /* A new nonce results in a new TK */
- 	wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
- 		    peer->inonce, WPA_NONCE_LEN);
- 	os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
-@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
- }
- 
- 
-+static int tdls_nonce_set(const u8 *nonce)
-+{
-+	int i;
-+
-+	for (i = 0; i < WPA_NONCE_LEN; i++) {
-+		if (nonce[i])
-+			return 1;
-+	}
-+
-+	return 0;
-+}
-+
-+
- static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
- 				   const u8 *buf, size_t len)
- {
-@@ -2004,7 +2036,8 @@ skip_rsn:
- 	peer->rsnie_i_len = kde.rsn_ie_len;
- 	peer->cipher = cipher;
- 
--	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
-+	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
-+	    !tdls_nonce_set(peer->inonce)) {
- 		/*
- 		 * There is no point in updating the RNonce for every obtained
- 		 * TPK M1 frame (e.g., retransmission due to timeout) with the
-@@ -2020,6 +2053,7 @@ skip_rsn:
- 				"TDLS: Failed to get random data for responder nonce");
- 			goto error;
- 		}
-+		peer->tk_set = 0; /* A new nonce results in a new TK */
- 	}
- 
- #if 0
--- 
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch
deleted file mode 100644
index 2e12bc755..000000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:25:02 +0300
-Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
- request
-
-Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
-Mode Response if WNM-Sleep Mode has not been used') started ignoring the
-response when no WNM-Sleep Mode Request had been used during the
-association. This can be made tighter by clearing the used flag when
-successfully processing a response. This adds an additional layer of
-protection against unexpected retransmissions of the response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/wnm_sta.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
-index 1b3409c..67a07ff 100644
---- a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
- 
- 	if (!wpa_s->wnmsleep_used) {
- 		wpa_printf(MSG_DEBUG,
--			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
-+			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
- 		return;
- 	}
- 
-@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
- 		return;
- 	}
- 
-+	wpa_s->wnmsleep_used = 0;
-+
- 	if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
- 	    wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
- 		wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
--- 
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch
deleted file mode 100644
index 7f5390c31..000000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
-result in unauthenticated clients gaining access to the network.
-
-Backport a number of patches from upstream to fix this.
-
-CVE: CVE-2017-13077
-CVE: CVE-2017-13078
-CVE: CVE-2017-13079
-CVE: CVE-2017-13080
-CVE: CVE-2017-13081
-CVE: CVE-2017-13082
-CVE: CVE-2017-13086
-CVE: CVE-2017-13087
-CVE: CVE-2017-13088
-
-Upstream-Status: Backport
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 12:06:37 +0300
-Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
-
-The driver is expected to not report a second association event without
-the station having explicitly request a new association. As such, this
-case should not be reachable. However, since reconfiguring the same
-pairwise or group keys to the driver could result in nonce reuse issues,
-be extra careful here and do an additional state check to avoid this
-even if the local driver ends up somehow accepting an unexpected
-Reassociation Response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c    | 3 +++
- src/rsn_supp/wpa_ft.c | 8 ++++++++
- src/rsn_supp/wpa_i.h  | 1 +
- 3 files changed, 12 insertions(+)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 0550a41..2a53c6f 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
- #ifdef CONFIG_TDLS
- 	wpa_tdls_disassoc(sm);
- #endif /* CONFIG_TDLS */
-+#ifdef CONFIG_IEEE80211R
-+	sm->ft_reassoc_completed = 0;
-+#endif /* CONFIG_IEEE80211R */
- 
- 	/* Keys are not needed in the WPA state machine anymore */
- 	wpa_sm_drop_sa(sm);
-diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
-index 205793e..d45bb45 100644
---- a/src/rsn_supp/wpa_ft.c
-+++ b/src/rsn_supp/wpa_ft.c
-@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
- 	u16 capab;
- 
- 	sm->ft_completed = 0;
-+	sm->ft_reassoc_completed = 0;
- 
- 	buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
- 		2 + sm->r0kh_id_len + ric_ies_len + 100;
-@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- 		return -1;
- 	}
- 
-+	if (sm->ft_reassoc_completed) {
-+		wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
-+		return 0;
-+	}
-+
- 	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
- 		wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
- 		return -1;
-@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- 		return -1;
- 	}
- 
-+	sm->ft_reassoc_completed = 1;
-+
- 	if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
- 		return -1;
- 
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 41f371f..56f88dc 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -128,6 +128,7 @@ struct wpa_sm {
- 	size_t r0kh_id_len;
- 	u8 r1kh_id[FT_R1KH_ID_LEN];
- 	int ft_completed;
-+	int ft_reassoc_completed;
- 	int over_the_ds_in_progress;
- 	u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
- 	int set_ptk_after_assoc;
--- 
-2.7.4
\ No newline at end of file
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch
deleted file mode 100644
index e800a410e..000000000
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-wpa_supplicant-2.6: Fix CVE-2018-14526
-
-[No upstream tracking] -- https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
-
-wpa: Ignore unauthenticated encrypted EAPOL-Key data
-
-Ignore unauthenticated encrypted EAPOL-Key data in supplicant
-processing. When using WPA2, these are frames that have the Encrypted
-flag set, but not the MIC flag.
-
-When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
-not the MIC flag, had their data field decrypted without first verifying
-the MIC. In case the data field was encrypted using RC4 (i.e., when
-negotiating TKIP as the pairwise cipher), this meant that
-unauthenticated but decrypted data would then be processed. An adversary
-could abuse this as a decryption oracle to recover sensitive information
-in the data field of EAPOL-Key messages (e.g., the group key).
-
-Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/src/rsn_supp/wpa.c?id=3e34cfdff6b192fe337c6fb3f487f73e96582961]
-CVE: CVE-2018-14526
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 3c47879..6bdf923 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
-
- 	if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
- 	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
-+		/*
-+		 * Only decrypt the Key Data field if the frame's authenticity
-+		 * was verified. When using AES-SIV (FILS), the MIC flag is not
-+		 * set, so this check should only be performed if mic_len != 0
-+		 * which is the case in this code branch.
-+		 */
-+		if (!(key_info & WPA_KEY_INFO_MIC)) {
-+			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+				"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
-+			goto out;
-+		}
- 		if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
- 						    &key_data_len))
- 			goto out;
diff --git a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb
index aa4c4c2da..fe5fa2b82 100644
--- a/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb
+++ b/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb
@@ -3,9 +3,9 @@ HOMEPAGE = "http://w1.fi/wpa_supplicant/"
 BUGTRACKER = "http://w1.fi/security/"
 SECTION = "network"
 LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=292eece3f2ebbaa25608eed8464018a3 \
-                    file://README;beginline=1;endline=56;md5=3f01d778be8f953962388307ee38ed2b \
-                    file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=4061612fc5715696134e3baf933e8aba"
+LIC_FILES_CHKSUM = "file://COPYING;md5=a3791c270ad6bb026707d17bf750e5ef \
+                    file://README;beginline=1;endline=56;md5=495cbce6008253de4b4d8f4cdfae9f4f \
+                    file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=a5687903a31b8679e6a06b3afa5c819e"
 DEPENDS = "dbus libnl"
 RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
 
@@ -24,18 +24,10 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  \
            file://wpa_supplicant.conf \
            file://wpa_supplicant.conf-sane \
            file://99_wpa_supplicant \
-           file://key-replay-cve-multiple1.patch \
-           file://key-replay-cve-multiple2.patch \
-           file://key-replay-cve-multiple3.patch \
-           file://key-replay-cve-multiple4.patch \
-           file://key-replay-cve-multiple5.patch \
-           file://key-replay-cve-multiple6.patch \
-           file://key-replay-cve-multiple7.patch \
-           file://key-replay-cve-multiple8.patch \
-           file://wpa_supplicant-CVE-2018-14526.patch \
+           file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
           "
-SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c"
-SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450"
+SRC_URI[md5sum] = "a68538fb62766f40f890125026c42c10"
+SRC_URI[sha256sum] = "76ea6b06b7a2ea8e6d9eb1a9166166f1656e6d48c7508914f592100c95c73074"
 
 CVE_PRODUCT = "wpa_supplicant"
 
@@ -50,8 +42,6 @@ CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf"
 do_configure () {
 	${MAKE} -C wpa_supplicant clean
 	install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config
-	echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
-	echo "DRV_CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
 	
 	if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then
         	ssl=openssl