meta-openembedded: subtree update:fd1a0c9210..1bfaa2e63a

Alex Kiernan (1):
      ostree: Upgrade 2019.3 -> 2019.4

Alexander Kanavin (1):
      lua: change a hard readline dependency into an optional one

Andreas Müller (5):
      catfish: upgrade 1.4.9 -> 1.4.10
      polkit-group-rules: Fix error in do_rootfs for rpm package-manager
      jack: upgrade 1.9.12 -> 1.9.13
      fluidsynth: upgrade 2.0.6 -> 2.0.7
      xfce4-panel: upgrade 4.14.0 -> 4.14.1

Bartosz Golaszewski (3):
      networkd-dispatcher: use distro_features_check to check for systemd
      networkd-dispatcher: remove unneeded RDEPENDS
      networkd-dispatcher: inherit systemd class

Changqing Li (1):
      multipath-tools: upgrade 0.8.1 -> 0.8.2

Hongxu Jia (1):
      lvm2: remove unsupported OPTIONS+="event_timeout" rule

Khem Raj (6):
      nvme-cli: Use install-spec target
      jsonrpc: Disable coverage in default build
      bdwgc: Enable C++ support and Additional options for musl
      a2jmidid: Fix build on risv
      tinyalsa: Update to latest
      packagegroup-meta-multimedia: Remove libsquish from rdeps

Martin Schwan (1):
      python-waitress: Add recipes

Paul Eggleton (1):
      mosquitto: update to 1.6.7

Peiran Hong (1):
      tcpdump: Delete unused patch

Peter Kjellerstedt (1):
      kconfig-frontends: Retrieve the Git repository from GitLab

Randy MacLeod (1):
      rwmem: add DESCRIPTION since the summary is vague

Trevor Gamblin (1):
      rsyslog: fix CVE-2019-17040

Zang Ruochen (7):
      firewalld: upgrade 0.7.1 -> 0.7.2
      fetchmail: upgrade 6.3.26 -> 6.4.1
      python-asn1crypto: upgrade 0.24.0 -> 1.0.1
      python-attrs: upgrade 19.1.0 -> 19.2.0
      python-beautifulsoup4: upgrade 4.8.0 -> 4.8.1
      python-cmd2: upgrade 0.9.17 -> 0.9.18
      python-jinja2: upgrade 2.10.1 -> 2.10.3

Change-Id: Ief2d129403b43b308c19093ac63a498c8d51eb50
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc b/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
index 9e1c323..c4c623a 100644
--- a/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc
@@ -5,8 +5,8 @@
 LIC_FILES_CHKSUM = "file://LICENSE;md5=fc178bcd425090939a8b634d1d6a9594"
 
 SRC_URI = "git://github.com/FluidSynth/fluidsynth.git"
-SRCREV = "f78486a50bd785200412ea16434b38edc4a45a6c"
+SRCREV = "62b38b1c66aec606f83b322bb03bd84810bbda41"
 S = "${WORKDIR}/git"
-PV = "2.0.6"
+PV = "2.0.7"
 
 inherit cmake pkgconfig lib_package
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb
index 365618d..cef45f9 100644
--- a/meta-openembedded/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb
@@ -27,7 +27,7 @@
     fluidsynth cdparanoia vorbis-tools tremor caps libao libavc1394 \
     opusfile gerbera libdvdcss webrtc-audio-processing \
     rtmpdump libopenmpt schroedinger mpd mpc libmpdclient \
-    ncmpc libmpd libsquish dcadec libiec61883 \
+    ncmpc libmpd dcadec libiec61883 \
     ${@bb.utils.contains("DISTRO_FEATURES", "pam", "", "", d)} \
     ${@bb.utils.contains("LICENSE_FLAGS_WHITELIST", "commercial", "minidlna gst-fluendo-mpegdemux vlc", "", d)} \
     ${@bb.utils.contains("LICENSE_FLAGS_WHITELIST", "commercial", "vo-aacenc sox libde265 gst-openmax", "", d)} \
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/tinyalsa/tinyalsa.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/tinyalsa/tinyalsa.bb
index 157e4c9..8b86f82 100644
--- a/meta-openembedded/meta-multimedia/recipes-multimedia/tinyalsa/tinyalsa.bb
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/tinyalsa/tinyalsa.bb
@@ -6,7 +6,7 @@
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://NOTICE;md5=dbdefe400d894b510a9de14813181d0b"
 
-SRCREV = "67b9210d344c34e8d1aa0cfe638abce71c5221ca"
+SRCREV = "8449529c7e50f432091539ba7b438e79b04059b5"
 SRC_URI = "git://github.com/tinyalsa/tinyalsa"
 PV = "1.1.1+git${SRCPV}"
 
@@ -19,6 +19,3 @@
 #
 #    unresolvable R_AARCH64_ADR_PREL_PG_HI21 relocation against symbol `stderr@@GLIBC_2.17'
 CFLAGS += " -fPIC -DPIC "
-
-PACKAGES =+ "${PN}-tools"
-FILES_${PN}-tools = "${bindir}/*"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.7.1.bb b/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.7.2.bb
similarity index 95%
rename from meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.7.1.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.7.2.bb
index fab27f1..7d80a63 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.7.1.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/firewalld/firewalld_0.7.2.bb
@@ -8,8 +8,8 @@
 SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \
            file://firewalld.init \
 "
-SRC_URI[md5sum] = "32c16df3f6cc859d0df627baf5ee8401"
-SRC_URI[sha256sum] = "88bc63a011209ac046fb5d7bfc73ddcc0bc616ddf3013bbb6bf1a421cb497f76"
+SRC_URI[md5sum] = "2549c2006def07a19b4c77ec960e5aab"
+SRC_URI[sha256sum] = "fbd1b72b3c4b4d0c20659f664b2ba36175364ffbb9cebf3bdfaf9b5e6983be77"
 
 # glib-2.0-native is needed for GSETTINGS_RULES autoconf macro from gsettings.m4
 DEPENDS = "intltool-native glib-2.0-native libxslt-native docbook-xsl-stylesheets-native"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.6.bb b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.7.bb
similarity index 95%
rename from meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.6.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.7.bb
index 1f2e0c6..340f643 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.6.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.6.7.bb
@@ -18,8 +18,8 @@
            file://mosquitto.init \
 "
 
-SRC_URI[md5sum] = "529b6de33bac18363c2db46194d8d91c"
-SRC_URI[sha256sum] = "82676bf4201ff102be1511b56b041a9450fbbfeda40b21aa28be0fee56e8de17"
+SRC_URI[md5sum] = "ec9074c4f337f64eaa9a4320c6dab020"
+SRC_URI[sha256sum] = "bcd31a8fbbd053fee328986fadd8666d3058357ded56b9782f7d4f19931d178e"
 
 inherit systemd update-rc.d useradd
 
diff --git a/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.0.1.bb b/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.0.1.bb
index 008a7ac..8523ae8 100644
--- a/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.0.1.bb
+++ b/meta-openembedded/meta-networking/recipes-daemons/networkd-dispatcher/networkd-dispatcher_2.0.1.bb
@@ -1,9 +1,3 @@
-python __anonymous() {
-    features = d.getVar('DISTRO_FEATURES')
-    if not features or 'systemd' not in features:
-        raise bb.parse.SkipPackage('networkd-dispatcher needs systemd in DISTRO_FEATURES')
-}
-
 SUMMARY = "Dispatcher service for systemd-networkd connection status changes"
 DESCRIPTION = "This daemon is similar to NetworkManager-dispatcher, but is much \
 more limited in the types of events it supports due to the limited nature of \
@@ -13,12 +7,19 @@
 LICENSE = "GPLv3"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=84dcc94da3adb52b53ae4fa38fe49e5d"
 
-RDEPENDS_${PN} = "systemd python3 python3-pygobject python3-dbus"
+inherit distro_features_check systemd
+
+RDEPENDS_${PN} = "python3-pygobject python3-dbus"
+REQUIRED_DISTRO_FEATURES = "systemd"
 
 SRC_URI = "https://gitlab.com/craftyguy/networkd-dispatcher/-/archive/${PV}/networkd-dispatcher-${PV}.tar.bz2"
 SRC_URI[md5sum] = "304d7dcc21331ea295e207f8493cb8d8"
 SRC_URI[sha256sum] = "21f84c3646a043329dc64787e4e58dfce592b2559b0e3069af82c469805660c2"
 
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE_${PN} = "networkd-dispatcher.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+
 # Nothing to build, just a python script to install
 do_configure[noexec] = "1"
 do_compile[noexec] = "1"
@@ -28,5 +29,3 @@
     install -D -m 0644 ${S}/networkd-dispatcher.service ${D}/${systemd_system_unitdir}/networkd-dispatcher.service
     install -D -m 0644 ${S}/networkd-dispatcher.conf ${D}/${sysconfdir}/conf.d/networkd-dispatcher.conf
 }
-
-FILES_${PN} += "${systemd_system_unitdir}/networkd-dispatcher.service"
diff --git a/meta-openembedded/meta-networking/recipes-support/fetchmail/fetchmail/02_remove_SSLv3.patch b/meta-openembedded/meta-networking/recipes-support/fetchmail/fetchmail/02_remove_SSLv3.patch
deleted file mode 100644
index 95cfa2f..0000000
--- a/meta-openembedded/meta-networking/recipes-support/fetchmail/fetchmail/02_remove_SSLv3.patch
+++ /dev/null
@@ -1,1576 +0,0 @@
-Description: <short summary of the patch>
- TODO: Put a short summary on the line above and replace this paragraph
- with a longer explanation of this change. Complete the meta-information
- with other relevant fields (see below for details). To make it easier, the
- information below has been extracted from the changelog. Adjust it or drop
- it.
- .
- fetchmail (6.3.26-2) unstable; urgency=low
- .
-   * New maintainer (closes: #800750).
-   * Backport upstream fix for SSLv3 removal (closes: #804604) and do not
-     recommend SSLv3 (closes: #801178).
-   * Remove quilt and its usage.
-   * Add dh-python to build depends.
-   * Update upstream URLs.
-   * Update watch file.
-   * Update Standards-Version to 3.9.6 .
-Author: Laszlo Boszormenyi (GCS) <gcs@debian.org>
-Bug-Debian: https://bugs.debian.org/800750
-Bug-Debian: https://bugs.debian.org/801178
-Bug-Debian: https://bugs.debian.org/804604
-
----
-The information above should follow the Patch Tagging Guidelines, please
-checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
-are templates for supplementary fields that you might want to add:
-
-Origin: <vendor|upstream|other>, <url of original patch>
-Bug: <url in upstream bugtracker>
-Bug-Debian: https://bugs.debian.org/<bugnumber>
-Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
-Forwarded: <no|not-needed|url proving that it has been forwarded>
-Reviewed-By: <name and email of someone who approved the patch>
-Last-Update: <YYYY-MM-DD>
-
---- fetchmail-6.3.26.orig/Makefile.am
-+++ fetchmail-6.3.26/Makefile.am
-@@ -31,7 +31,7 @@ libfm_a_SOURCES=	xmalloc.c base64.c rfc8
- 			servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \
- 			smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \
- 			libesmtp/gethostbyname.h libesmtp/gethostbyname.c \
--			smbtypes.h fm_getaddrinfo.c tls.c rfc822valid.c \
-+			smbtypes.h fm_getaddrinfo.c starttls.c rfc822valid.c \
- 			xmalloc.h sdump.h sdump.c x509_name_match.c \
- 			fm_strl.h md5c.c
- if NTLM_ENABLE
---- fetchmail-6.3.26.orig/Makefile.in
-+++ fetchmail-6.3.26/Makefile.in
-@@ -97,14 +97,14 @@ am__libfm_a_SOURCES_DIST = xmalloc.c bas
- 	rfc2047e.c servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \
- 	smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \
- 	libesmtp/gethostbyname.h libesmtp/gethostbyname.c smbtypes.h \
--	fm_getaddrinfo.c tls.c rfc822valid.c xmalloc.h sdump.h sdump.c \
-+	fm_getaddrinfo.c starttls.c rfc822valid.c xmalloc.h sdump.h sdump.c \
- 	x509_name_match.c fm_strl.h md5c.c ntlmsubr.c
- @NTLM_ENABLE_TRUE@am__objects_1 = ntlmsubr.$(OBJEXT)
- am_libfm_a_OBJECTS = xmalloc.$(OBJEXT) base64.$(OBJEXT) \
- 	rfc822.$(OBJEXT) report.$(OBJEXT) rfc2047e.$(OBJEXT) \
- 	servport.$(OBJEXT) smbdes.$(OBJEXT) smbencrypt.$(OBJEXT) \
- 	smbmd4.$(OBJEXT) smbutil.$(OBJEXT) gethostbyname.$(OBJEXT) \
--	fm_getaddrinfo.$(OBJEXT) tls.$(OBJEXT) rfc822valid.$(OBJEXT) \
-+	fm_getaddrinfo.$(OBJEXT) starttls.$(OBJEXT) rfc822valid.$(OBJEXT) \
- 	sdump.$(OBJEXT) x509_name_match.$(OBJEXT) md5c.$(OBJEXT) \
- 	$(am__objects_1)
- libfm_a_OBJECTS = $(am_libfm_a_OBJECTS)
-@@ -483,7 +483,7 @@ libfm_a_SOURCES = xmalloc.c base64.c rfc
- 	servport.c ntlm.h smbbyteorder.h smbdes.h smbmd4.h \
- 	smbencrypt.h smbdes.c smbencrypt.c smbmd4.c smbutil.c \
- 	libesmtp/gethostbyname.h libesmtp/gethostbyname.c smbtypes.h \
--	fm_getaddrinfo.c tls.c rfc822valid.c xmalloc.h sdump.h sdump.c \
-+	fm_getaddrinfo.c starttls.c rfc822valid.c xmalloc.h sdump.h sdump.c \
- 	x509_name_match.c fm_strl.h md5c.c $(am__append_1)
- libfm_a_LIBADD = $(EXTRAOBJ)
- libfm_a_DEPENDENCIES = $(EXTRAOBJ)
---- fetchmail-6.3.26.orig/NEWS
-+++ fetchmail-6.3.26/NEWS
-@@ -51,8 +51,6 @@ removed from a 6.4.0 or newer release.)
- * The --bsmtp - mode of operation may be removed in a future release.
- * Given that OpenSSL is severely underdocumented, and needs license exceptions,
-   fetchmail may switch to a different SSL library.
--* SSLv2 support will be removed from a future fetchmail release. It has been
--  obsolete for more than a decade.
- 
- --------------------------------------------------------------------------------
- 
---- fetchmail-6.3.26.orig/README.SSL
-+++ fetchmail-6.3.26/README.SSL
-@@ -11,36 +11,45 @@ specific to fetchmail.
- In case of troubles, mail the README.SSL-SERVER file to your ISP and 
- have them check their server configuration against it.
- 
--Unfortunately, fetchmail confuses SSL/TLS protocol levels with whether 
--a service needs to use in-band negotiation (STLS/STARTTLS for POP3/IMAP4) or is 
--totally SSL-wrapped on a separate port.  For compatibility reasons, this cannot 
--be fixed in a bugfix release.
-+Unfortunately, fetchmail confuses SSL/TLS protocol levels with whether a
-+service needs to use in-band negotiation (STLS/STARTTLS for POP3/IMAP4)
-+or is totally SSL-wrapped on a separate port.  For compatibility
-+reasons, this cannot be fixed in a bugfix or minor release.
-+
-+Also, fetchmail 6.4.0 and newer releases changed some of the semantics
-+as the result of a bug-fix, and will auto-negotiate TLSv1 or newer only.
-+If your server does not support this, you may have to specify --sslproto
-+ssl3.  This is in order to prefer the newer TLS protocols, because SSLv2
-+and v3 are broken.
- 
--	-- Matthias Andree, 2009-05-09
-+       -- Matthias Andree, 2015-01-16
- 
- 
- Quickstart
- ----------
- 
-+Use an up-to-date release of OpenSSL 1.0.1 or newer, so as to get
-+TLSv1.2 support.
-+
- For use of SSL or TLS with in-band negotiation on the regular service's port, 
- i. e. with STLS or STARTTLS, use these command line options
- 
--    --sslproto tls1 --sslcertck
-+    --sslproto auto --sslcertck
- 
- or these options in the rcfile (after the respective "user"... options)
- 
--      sslproto tls1   sslcertck
-+      sslproto auto   sslcertck
- 
- 
- For use of SSL or TLS on a separate port, if the whole TCP connection is 
--SSL-encrypted from the very beginning, use these command line options (in the 
--rcfile, omit all leading "--"):
-+SSL-encrypted from the very beginning (SSL- or TLS-wrapped), use these
-+command line options (in the rcfile, omit all leading "--"):
- 
--    --ssl --sslproto ssl3 --sslcertck
-+    --ssl --sslproto auto --sslcertck
- 
- or these options in the rcfile (after the respective "user"... options)
- 
--      ssl   sslproto ssl3   sslcertck
-+      ssl   sslproto auto   sslcertck
- 
- 
- Background and use (long version :-))
---- fetchmail-6.3.26.orig/config.h.in
-+++ fetchmail-6.3.26/config.h.in
-@@ -49,9 +49,9 @@
-    don't. */
- #undef HAVE_DECL_H_ERRNO
- 
--/* Define to 1 if you have the declaration of `SSLv2_client_method', and to 0
-+/* Define to 1 if you have the declaration of `SSLv3_client_method', and to 0
-    if you don't. */
--#undef HAVE_DECL_SSLV2_CLIENT_METHOD
-+#undef HAVE_DECL_SSLV3_CLIENT_METHOD
- 
- /* Define to 1 if you have the declaration of `strerror', and to 0 if you
-    don't. */
---- fetchmail-6.3.26.orig/configure
-+++ fetchmail-6.3.26/configure
-@@ -1,13 +1,11 @@
- #! /bin/sh
- # Guess values for system-dependent variables and create Makefiles.
--# Generated by GNU Autoconf 2.68 for fetchmail 6.3.26.
-+# Generated by GNU Autoconf 2.69 for fetchmail 6.3.26.
- #
- # Report bugs to <fetchmail-users@lists.berlios.de>.
- #
- #
--# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
--# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
--# Foundation, Inc.
-+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
- #
- #
- # This configure script is free software; the Free Software Foundation
-@@ -136,6 +134,31 @@ export LANGUAGE
- # CDPATH.
- (unset CDPATH) >/dev/null 2>&1 && unset CDPATH
- 
-+# Use a proper internal environment variable to ensure we don't fall
-+  # into an infinite loop, continuously re-executing ourselves.
-+  if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
-+    _as_can_reexec=no; export _as_can_reexec;
-+    # We cannot yet assume a decent shell, so we have to provide a
-+# neutralization value for shells without unset; and this also
-+# works around shells that cannot unset nonexistent variables.
-+# Preserve -v and -x to the replacement shell.
-+BASH_ENV=/dev/null
-+ENV=/dev/null
-+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-+case $- in # ((((
-+  *v*x* | *x*v* ) as_opts=-vx ;;
-+  *v* ) as_opts=-v ;;
-+  *x* ) as_opts=-x ;;
-+  * ) as_opts= ;;
-+esac
-+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-+# Admittedly, this is quite paranoid, since all the known shells bail
-+# out after a failed `exec'.
-+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-+as_fn_exit 255
-+  fi
-+  # We don't want this to propagate to other subprocesses.
-+          { _as_can_reexec=; unset _as_can_reexec;}
- if test "x$CONFIG_SHELL" = x; then
-   as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
-   emulate sh
-@@ -169,7 +192,8 @@ if ( set x; as_fn_ret_success y && test
- else
-   exitcode=1; echo positional parameters were not saved.
- fi
--test x\$exitcode = x0 || exit 1"
-+test x\$exitcode = x0 || exit 1
-+test -x / || exit 1"
-   as_suggested="  as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
-   as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
-   eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
-@@ -214,21 +238,25 @@ IFS=$as_save_IFS
- 
- 
-       if test "x$CONFIG_SHELL" != x; then :
--  # We cannot yet assume a decent shell, so we have to provide a
--	# neutralization value for shells without unset; and this also
--	# works around shells that cannot unset nonexistent variables.
--	# Preserve -v and -x to the replacement shell.
--	BASH_ENV=/dev/null
--	ENV=/dev/null
--	(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
--	export CONFIG_SHELL
--	case $- in # ((((
--	  *v*x* | *x*v* ) as_opts=-vx ;;
--	  *v* ) as_opts=-v ;;
--	  *x* ) as_opts=-x ;;
--	  * ) as_opts= ;;
--	esac
--	exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"}
-+  export CONFIG_SHELL
-+             # We cannot yet assume a decent shell, so we have to provide a
-+# neutralization value for shells without unset; and this also
-+# works around shells that cannot unset nonexistent variables.
-+# Preserve -v and -x to the replacement shell.
-+BASH_ENV=/dev/null
-+ENV=/dev/null
-+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-+case $- in # ((((
-+  *v*x* | *x*v* ) as_opts=-vx ;;
-+  *v* ) as_opts=-v ;;
-+  *x* ) as_opts=-x ;;
-+  * ) as_opts= ;;
-+esac
-+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-+# Admittedly, this is quite paranoid, since all the known shells bail
-+# out after a failed `exec'.
-+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-+exit 255
- fi
- 
-     if test x$as_have_required = xno; then :
-@@ -331,6 +359,14 @@ $as_echo X"$as_dir" |
- 
- 
- } # as_fn_mkdir_p
-+
-+# as_fn_executable_p FILE
-+# -----------------------
-+# Test if FILE is an executable regular file.
-+as_fn_executable_p ()
-+{
-+  test -f "$1" && test -x "$1"
-+} # as_fn_executable_p
- # as_fn_append VAR VALUE
- # ----------------------
- # Append the text in VALUE to the end of the definition contained in VAR. Take
-@@ -452,6 +488,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
-   chmod +x "$as_me.lineno" ||
-     { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
- 
-+  # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
-+  # already done that, so ensure we don't try to do so again and fall
-+  # in an infinite loop.  This has already happened in practice.
-+  _as_can_reexec=no; export _as_can_reexec
-   # Don't try to exec as it changes $[0], causing all sort of problems
-   # (the dirname of $[0] is not the place where we might find the
-   # original and so on.  Autoconf is especially sensitive to this).
-@@ -486,16 +526,16 @@ if (echo >conf$$.file) 2>/dev/null; then
-     # ... but there are two gotchas:
-     # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
-     # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
--    # In both cases, we have to default to `cp -p'.
-+    # In both cases, we have to default to `cp -pR'.
-     ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
--      as_ln_s='cp -p'
-+      as_ln_s='cp -pR'
-   elif ln conf$$.file conf$$ 2>/dev/null; then
-     as_ln_s=ln
-   else
--    as_ln_s='cp -p'
-+    as_ln_s='cp -pR'
-   fi
- else
--  as_ln_s='cp -p'
-+  as_ln_s='cp -pR'
- fi
- rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
- rmdir conf$$.dir 2>/dev/null
-@@ -507,28 +547,8 @@ else
-   as_mkdir_p=false
- fi
- 
--if test -x / >/dev/null 2>&1; then
--  as_test_x='test -x'
--else
--  if ls -dL / >/dev/null 2>&1; then
--    as_ls_L_option=L
--  else
--    as_ls_L_option=
--  fi
--  as_test_x='
--    eval sh -c '\''
--      if test -d "$1"; then
--	test -d "$1/.";
--      else
--	case $1 in #(
--	-*)set "./$1";;
--	esac;
--	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
--	???[sx]*):;;*)false;;esac;fi
--    '\'' sh
--  '
--fi
--as_executable_p=$as_test_x
-+as_test_x='test -x'
-+as_executable_p=as_fn_executable_p
- 
- # Sed expression to map a string onto a valid CPP name.
- as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-@@ -742,6 +762,7 @@ infodir
- docdir
- oldincludedir
- includedir
-+runstatedir
- localstatedir
- sharedstatedir
- sysconfdir
-@@ -841,6 +862,7 @@ datadir='${datarootdir}'
- sysconfdir='${prefix}/etc'
- sharedstatedir='${prefix}/com'
- localstatedir='${prefix}/var'
-+runstatedir='${localstatedir}/run'
- includedir='${prefix}/include'
- oldincludedir='/usr/include'
- docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
-@@ -1093,6 +1115,15 @@ do
-   | -silent | --silent | --silen | --sile | --sil)
-     silent=yes ;;
- 
-+  -runstatedir | --runstatedir | --runstatedi | --runstated \
-+  | --runstate | --runstat | --runsta | --runst | --runs \
-+  | --run | --ru | --r)
-+    ac_prev=runstatedir ;;
-+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
-+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
-+  | --run=* | --ru=* | --r=*)
-+    runstatedir=$ac_optarg ;;
-+
-   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
-     ac_prev=sbindir ;;
-   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
-@@ -1230,7 +1261,7 @@ fi
- for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
- 		datadir sysconfdir sharedstatedir localstatedir includedir \
- 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
--		libdir localedir mandir
-+		libdir localedir mandir runstatedir
- do
-   eval ac_val=\$$ac_var
-   # Remove trailing slashes.
-@@ -1258,8 +1289,6 @@ target=$target_alias
- if test "x$host_alias" != x; then
-   if test "x$build_alias" = x; then
-     cross_compiling=maybe
--    $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
--    If a cross compiler is detected then cross compile mode will be used" >&2
-   elif test "x$build_alias" != "x$host_alias"; then
-     cross_compiling=yes
-   fi
-@@ -1385,6 +1414,7 @@ Fine tuning of the installation director
-   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
-   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
-   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
-+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
-   --libdir=DIR            object code libraries [EPREFIX/lib]
-   --includedir=DIR        C header files [PREFIX/include]
-   --oldincludedir=DIR     C header files for non-gcc [/usr/include]
-@@ -1548,9 +1578,9 @@ test -n "$ac_init_help" && exit $ac_stat
- if $ac_init_version; then
-   cat <<\_ACEOF
- fetchmail configure 6.3.26
--generated by GNU Autoconf 2.68
-+generated by GNU Autoconf 2.69
- 
--Copyright (C) 2010 Free Software Foundation, Inc.
-+Copyright (C) 2012 Free Software Foundation, Inc.
- This configure script is free software; the Free Software Foundation
- gives unlimited permission to copy, distribute and modify it.
- _ACEOF
-@@ -1827,7 +1857,7 @@ $as_echo "$ac_try_echo"; } >&5
- 	 test ! -s conftest.err
-        } && test -s conftest$ac_exeext && {
- 	 test "$cross_compiling" = yes ||
--	 $as_test_x conftest$ac_exeext
-+	 test -x conftest$ac_exeext
-        }; then :
-   ac_retval=0
- else
-@@ -2030,7 +2060,8 @@ int
- main ()
- {
- static int test_array [1 - 2 * !(($2) >= 0)];
--test_array [0] = 0
-+test_array [0] = 0;
-+return test_array [0];
- 
-   ;
-   return 0;
-@@ -2046,7 +2077,8 @@ int
- main ()
- {
- static int test_array [1 - 2 * !(($2) <= $ac_mid)];
--test_array [0] = 0
-+test_array [0] = 0;
-+return test_array [0];
- 
-   ;
-   return 0;
-@@ -2072,7 +2104,8 @@ int
- main ()
- {
- static int test_array [1 - 2 * !(($2) < 0)];
--test_array [0] = 0
-+test_array [0] = 0;
-+return test_array [0];
- 
-   ;
-   return 0;
-@@ -2088,7 +2121,8 @@ int
- main ()
- {
- static int test_array [1 - 2 * !(($2) >= $ac_mid)];
--test_array [0] = 0
-+test_array [0] = 0;
-+return test_array [0];
- 
-   ;
-   return 0;
-@@ -2122,7 +2156,8 @@ int
- main ()
- {
- static int test_array [1 - 2 * !(($2) <= $ac_mid)];
--test_array [0] = 0
-+test_array [0] = 0;
-+return test_array [0];
- 
-   ;
-   return 0;
-@@ -2195,7 +2230,7 @@ This file contains any messages produced
- running configure, to aid debugging if configure makes a mistake.
- 
- It was created by fetchmail $as_me 6.3.26, which was
--generated by GNU Autoconf 2.68.  Invocation command line was
-+generated by GNU Autoconf 2.69.  Invocation command line was
- 
-   $ $0 $@
- 
-@@ -2689,7 +2724,7 @@ case $as_dir/ in #((
-     # by default.
-     for ac_prog in ginstall scoinst install; do
-       for ac_exec_ext in '' $ac_executable_extensions; do
--	if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
-+	if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
- 	  if test $ac_prog = install &&
- 	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- 	    # AIX install.  It has an incompatible calling convention.
-@@ -2858,7 +2893,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_STRIP="${ac_tool_prefix}strip"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -2898,7 +2933,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_ac_ct_STRIP="strip"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -2949,7 +2984,7 @@ do
-   test -z "$as_dir" && as_dir=.
-     for ac_prog in mkdir gmkdir; do
- 	 for ac_exec_ext in '' $ac_executable_extensions; do
--	   { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
-+	   as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue
- 	   case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
- 	     'mkdir (GNU coreutils) '* | \
- 	     'mkdir (coreutils) '* | \
-@@ -3002,7 +3037,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_AWK="$ac_prog"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -3295,7 +3330,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -3466,7 +3501,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_AWK="$ac_prog"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -3512,7 +3547,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_CC="${ac_tool_prefix}gcc"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -3552,7 +3587,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_ac_ct_CC="gcc"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -3605,7 +3640,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_CC="${ac_tool_prefix}cc"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -3646,7 +3681,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
-        ac_prog_rejected=yes
-        continue
-@@ -3704,7 +3739,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -3748,7 +3783,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_ac_ct_CC="$ac_prog"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -4194,8 +4229,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
- /* end confdefs.h.  */
- #include <stdarg.h>
- #include <stdio.h>
--#include <sys/types.h>
--#include <sys/stat.h>
-+struct stat;
- /* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
- struct buf { int x; };
- FILE * (*rcsopen) (struct buf *, struct stat *, int);
-@@ -4751,7 +4785,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -4791,7 +4825,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_ac_ct_RANLIB="ranlib"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -4859,7 +4893,7 @@ do
-     for ac_prog in grep ggrep; do
-     for ac_exec_ext in '' $ac_executable_extensions; do
-       ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
--      { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
-+      as_fn_executable_p "$ac_path_GREP" || continue
- # Check for GNU ac_path_GREP and select it if it is found.
-   # Check for GNU $ac_path_GREP
- case `"$ac_path_GREP" --version 2>&1` in
-@@ -4925,7 +4959,7 @@ do
-     for ac_prog in egrep; do
-     for ac_exec_ext in '' $ac_executable_extensions; do
-       ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
--      { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
-+      as_fn_executable_p "$ac_path_EGREP" || continue
- # Check for GNU ac_path_EGREP and select it if it is found.
-   # Check for GNU $ac_path_EGREP
- case `"$ac_path_EGREP" --version 2>&1` in
-@@ -5132,8 +5166,8 @@ else
-   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- 
--#	  define __EXTENSIONS__ 1
--	  $ac_includes_default
-+#         define __EXTENSIONS__ 1
-+          $ac_includes_default
- int
- main ()
- {
-@@ -5513,11 +5547,11 @@ else
- int
- main ()
- {
--/* FIXME: Include the comments suggested by Paul. */
-+
- #ifndef __cplusplus
--  /* Ultrix mips cc rejects this.  */
-+  /* Ultrix mips cc rejects this sort of thing.  */
-   typedef int charset[2];
--  const charset cs;
-+  const charset cs = { 0, 0 };
-   /* SunOS 4.1.1 cc rejects this.  */
-   char const *const *pcpcc;
-   char **ppc;
-@@ -5534,8 +5568,9 @@ main ()
-   ++pcpcc;
-   ppc = (char**) pcpcc;
-   pcpcc = (char const *const *) ppc;
--  { /* SCO 3.2v4 cc rejects this.  */
--    char *t;
-+  { /* SCO 3.2v4 cc rejects this sort of thing.  */
-+    char tx;
-+    char *t = &tx;
-     char const *s = 0 ? (char *) 0 : (char const *) 0;
- 
-     *t++ = 0;
-@@ -5551,10 +5586,10 @@ main ()
-     iptr p = 0;
-     ++p;
-   }
--  { /* AIX XL C 1.02.0.0 rejects this saying
-+  { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
-        "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
--    struct s { int j; const int *ap[3]; };
--    struct s *b; b->j = 5;
-+    struct s { int j; const int *ap[3]; } bx;
-+    struct s *b = &bx; b->j = 5;
-   }
-   { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
-     const int foo = 10;
-@@ -5600,7 +5635,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_LEX="$ac_prog"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -5632,7 +5667,8 @@ a { ECHO; }
- b { REJECT; }
- c { yymore (); }
- d { yyless (1); }
--e { yyless (input () != 0); }
-+e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument.  */
-+    yyless ((input () != 0)); }
- f { unput (yytext[0]); }
- . { BEGIN INITIAL; }
- %%
-@@ -5792,7 +5828,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_prog_YACC="$ac_prog"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -6044,7 +6080,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -8548,7 +8584,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_path_procmail="$as_dir/$ac_word$ac_exec_ext"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -8590,7 +8626,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_path_sendmail="$as_dir/$ac_word$ac_exec_ext"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -8632,7 +8668,7 @@ do
-   IFS=$as_save_IFS
-   test -z "$as_dir" && as_dir=.
-     for ac_exec_ext in '' $ac_executable_extensions; do
--  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-     ac_cv_path_maildrop="$as_dir/$ac_word$ac_exec_ext"
-     $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-     break 2
-@@ -10121,16 +10157,16 @@ $as_echo "$as_me: WARNING: Consider re-r
- fi
- 
- case "$LIBS" in *-lssl*)
--	ac_fn_c_check_decl "$LINENO" "SSLv2_client_method" "ac_cv_have_decl_SSLv2_client_method" "#include <openssl/ssl.h>
-+	ac_fn_c_check_decl "$LINENO" "SSLv3_client_method" "ac_cv_have_decl_SSLv3_client_method" "#include <openssl/ssl.h>
- "
--if test "x$ac_cv_have_decl_SSLv2_client_method" = xyes; then :
-+if test "x$ac_cv_have_decl_SSLv3_client_method" = xyes; then :
-   ac_have_decl=1
- else
-   ac_have_decl=0
- fi
- 
- cat >>confdefs.h <<_ACEOF
--#define HAVE_DECL_SSLV2_CLIENT_METHOD $ac_have_decl
-+#define HAVE_DECL_SSLV3_CLIENT_METHOD $ac_have_decl
- _ACEOF
- 
- 	;;
-@@ -11334,16 +11370,16 @@ if (echo >conf$$.file) 2>/dev/null; then
-     # ... but there are two gotchas:
-     # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
-     # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
--    # In both cases, we have to default to `cp -p'.
-+    # In both cases, we have to default to `cp -pR'.
-     ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
--      as_ln_s='cp -p'
-+      as_ln_s='cp -pR'
-   elif ln conf$$.file conf$$ 2>/dev/null; then
-     as_ln_s=ln
-   else
--    as_ln_s='cp -p'
-+    as_ln_s='cp -pR'
-   fi
- else
--  as_ln_s='cp -p'
-+  as_ln_s='cp -pR'
- fi
- rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
- rmdir conf$$.dir 2>/dev/null
-@@ -11403,28 +11439,16 @@ else
-   as_mkdir_p=false
- fi
- 
--if test -x / >/dev/null 2>&1; then
--  as_test_x='test -x'
--else
--  if ls -dL / >/dev/null 2>&1; then
--    as_ls_L_option=L
--  else
--    as_ls_L_option=
--  fi
--  as_test_x='
--    eval sh -c '\''
--      if test -d "$1"; then
--	test -d "$1/.";
--      else
--	case $1 in #(
--	-*)set "./$1";;
--	esac;
--	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
--	???[sx]*):;;*)false;;esac;fi
--    '\'' sh
--  '
--fi
--as_executable_p=$as_test_x
-+
-+# as_fn_executable_p FILE
-+# -----------------------
-+# Test if FILE is an executable regular file.
-+as_fn_executable_p ()
-+{
-+  test -f "$1" && test -x "$1"
-+} # as_fn_executable_p
-+as_test_x='test -x'
-+as_executable_p=as_fn_executable_p
- 
- # Sed expression to map a string onto a valid CPP name.
- as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-@@ -11446,7 +11470,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri
- # values after options handling.
- ac_log="
- This file was extended by fetchmail $as_me 6.3.26, which was
--generated by GNU Autoconf 2.68.  Invocation command line was
-+generated by GNU Autoconf 2.69.  Invocation command line was
- 
-   CONFIG_FILES    = $CONFIG_FILES
-   CONFIG_HEADERS  = $CONFIG_HEADERS
-@@ -11512,10 +11536,10 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_writ
- ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
- ac_cs_version="\\
- fetchmail config.status 6.3.26
--configured by $0, generated by GNU Autoconf 2.68,
-+configured by $0, generated by GNU Autoconf 2.69,
-   with options \\"\$ac_cs_config\\"
- 
--Copyright (C) 2010 Free Software Foundation, Inc.
-+Copyright (C) 2012 Free Software Foundation, Inc.
- This config.status script is free software; the Free Software Foundation
- gives unlimited permission to copy, distribute and modify it."
- 
-@@ -11606,7 +11630,7 @@ fi
- _ACEOF
- cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- if \$ac_cs_recheck; then
--  set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
-+  set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
-   shift
-   \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
-   CONFIG_SHELL='$SHELL'
---- fetchmail-6.3.26.orig/configure.ac
-+++ fetchmail-6.3.26/configure.ac
-@@ -802,7 +802,7 @@ else
- fi
- 
- case "$LIBS" in *-lssl*)
--	AC_CHECK_DECLS([SSLv2_client_method],,,[#include <openssl/ssl.h>])
-+	AC_CHECK_DECLS([SSLv3_client_method],,,[#include <openssl/ssl.h>])
- 	;;
- esac
- 
---- fetchmail-6.3.26.orig/fetchmail-FAQ.html
-+++ fetchmail-6.3.26/fetchmail-FAQ.html
-@@ -667,8 +667,8 @@ because there is not currently a standar
- also uses this method, so the two will interoperate happily. They
- better, because this is how Craig gets his mail ;-)</p>
- 
--<p>Finally, you can use <a href="#K5">SSL</a> for complete
--end-to-end encryption if you have an SSL-enabled mailserver.</p>
-+<p>Finally, you can use <a href="#K5">SSL or TLS</a> for complete
-+end-to-end encryption if you have a TLS-enabled mailserver.</p>
- 
- <h2><a id="G11" name="G11">G11. Is any special configuration needed
- to use a dynamic IP address?</a></h2>
-@@ -2120,7 +2120,7 @@ SSL?</a></h2>
- 
- <p>You'll need to have the <a
- href="http://www.openssl.org/">OpenSSL</a> libraries installed, and they
--should at least be version 0.9.7.
-+should at least be version 0.9.8, with 1.0.1 preferred.
- Configure with --with-ssl. If you have the OpenSSL libraries
- installed in commonly-used default locations, this will
- suffice. If you have them installed in a non-default location,
-@@ -2130,7 +2130,7 @@ to --with-ssl after an equal sign.</p>
- <p>Fetchmail binaries built this way support <code>ssl</code>,
- <code>sslkey</code>, and <code>sslcert</code> options that control
- SSL encryption, and will automatically use <code>tls</code> if the
--server offers it. You will need to have an SSL-enabled mailserver to
-+server offers it. You will need to have an SSL/TLS-enabled mailserver to
- use these options. See the manual page for details and some words
- of care on the limited security provided.</p>
- 
-@@ -2155,13 +2155,14 @@ poll MYSERVER port 993 plugin "openssl s
-         protocol imap username MYUSERNAME password MYPASSWORD
- </pre>
- 
--<p>You should note that SSL is only secure against a "man-in-the-middle"
--attack if the client is able to verify that the peer's public key is the
--correct one, and has not been substituted by an attacker. fetchmail can do
--this in one of two ways: by verifying the SSL certificate, or by checking
--the fingerprint of the peer's public key.</p>
-+<p>You should note that SSL or TLS are only secure against a
-+"man-in-the-middle" attack if the client is able to verify that the
-+peer's public key is the correct one, and has not been substituted by an
-+attacker. fetchmail can do this in one of two ways: by verifying the SSL
-+certificate, or by checking the fingerprint of the peer's public
-+key.</p>
- 
--<p>There are three parts to SSL certificate verification: checking that the
-+<p>There are three parts to TLS certificate verification: checking that the
- domain name in the certificate matches the hostname you asked to connect to;
- checking that the certificate expiry date has not passed; and checking that
- the certificate has been signed by a known Certificate Authority (CA). This
-@@ -2227,8 +2228,12 @@ will automatically attempt TLS negotiati
- time.  This can however cause problems if the upstream didn't configure
- his certificates properly.</p>
- 
--<p>In order to prevent fetchmail from trying TLS (STLS, STARTTLS)
--negotiation, add this option:</p>
-+<p>In order to prevent fetchmail 6.4.0 and newer versions from trying
-+STLS or STARTTLS negotiation, add this option:</p>
-+<pre>sslproto ''</pre>
-+
-+<p>In order to prevent older fetchmail versions from trying TLS (STLS, STARTTLS)
-+negotiation where the above does not work, try this option:</p>
- 
- <pre>sslproto ssl23</pre>
- 
-@@ -2876,15 +2881,22 @@ need to say something like '<code>envelo
- 
- <pre>
- Received: from send103.yahoomail.com (send103.yahoomail.com [205.180.60.92])
--    by iserv.ttns.net (8.8.5/8.8.5) with SMTP id RAA10088
--    for &lt;ksturgeon@fbceg.org&gt;; Wed, 9 Sep 1998 17:01:59 -0700
-+    by iserv.example.net (8.8.5/8.8.5) with SMTP id RAA10088
-+    for &lt;ksturgeon@fbceg.example.org&gt;; Wed, 9 Sep 1998 17:01:59 -0700
- </pre>
- 
--<p>it checks to see if 'iserv.ttns.net' is a DNS alias of your
--mailserver before accepting 'ksturgeon@fbceg.org' as an envelope
-+<p>it checks to see if 'iserv.example.net' is a DNS alias of your
-+mailserver before accepting 'ksturgeon@fbceg.example.org' as an envelope
- address. This check might fail if your DNS were misconfigured, or
--if you were using 'no dns' and had failed to declare iserv.ttns.net
--as an alias of your server.</p>
-+if you were using 'no dns' and had failed to declare iserv.example.net
-+as an alias of your server. The typical hint is logging similar to:
-+<code>line rejected, iserv.example.net is not an alias of the mailserver</code>,
-+if you use fetchmail in verbose mode.</p>
-+
-+<p><strong>Workaround:</strong> You can specify the alias explicitly, with <code>aka
-+    <em>iserv.example.net</em></code> statements in the rcfile. Replace
-+<em>iserv.example.net</em> by the name you find in <strong>your</strong>
-+'by' part of the 'Received:' line.</p>
- 
- <h2><a id="M8" name="M8">M8. Users are getting multiple copies of
- messages.</a></h2>
-@@ -3237,6 +3249,8 @@ Hayes mode escape "+++".</p>
- <h2><a id="X8" name="X8">X8. A spurious ) is being appended to my
- messages.</a></h2>
- 
-+<p><em>Fetchmail 6.3.5 and newer releases are supposed to fix this.</em></p>
-+
- <p>Due to the problem described in <a href="#S2">S2</a>, the
- IMAP support in fetchmail cannot follow the IMAP protocol 100&nbsp;%.
- Most of the time it doesn't matter, but if you combine it with an
-@@ -3279,8 +3293,6 @@ it at the end of the message it forwards
- on, you'll get a message about actual != expected.</li>
- </ol>
- 
--<p>There is no fix for this.</p>
--
- <h2><a id="X9" name="X9">X9. Missing "Content-Transfer-Encoding" header
- 	with Domino IMAP</a></h2>
- 
---- fetchmail-6.3.26.orig/fetchmail.c
-+++ fetchmail-6.3.26/fetchmail.c
-@@ -54,6 +54,10 @@
- #define ENETUNREACH   128       /* Interactive doesn't know this */
- #endif /* ENETUNREACH */
- 
-+#ifdef SSL_ENABLE
-+#include <openssl/ssl.h>	/* for OPENSSL_NO_SSL2 and ..._SSL3 checks */
-+#endif
-+
- /* prototypes for internal functions */
- static int load_params(int, char **, int);
- static void dump_params (struct runctl *runp, struct query *, flag implicit);
-@@ -138,7 +142,7 @@ static void printcopyright(FILE *fp) {
- 		   "Copyright (C) 2004 Matthias Andree, Eric S. Raymond,\n"
- 		   "                   Robert M. Funk, Graham Wilson\n"
- 		   "Copyright (C) 2005 - 2012 Sunil Shetye\n"
--		   "Copyright (C) 2005 - 2013 Matthias Andree\n"
-+		   "Copyright (C) 2005 - 2015 Matthias Andree\n"
- 		   ));
- 	fprintf(fp, GT_("Fetchmail comes with ABSOLUTELY NO WARRANTY. This is free software, and you\n"
- 		   "are welcome to redistribute it under certain conditions. For details,\n"
-@@ -262,6 +266,9 @@ int main(int argc, char **argv)
- #endif /* ODMR_ENABLE */
- #ifdef SSL_ENABLE
- 	"+SSL"
-+#if (HAVE_DECL_SSLV3_CLIENT_METHOD + 0 == 0) || defined(OPENSSL_NO_SSL3)
-+	"-SSLv3"
-+#endif
- #endif
- #ifdef OPIE_ENABLE
- 	"+OPIE"
---- fetchmail-6.3.26.orig/fetchmail.h
-+++ fetchmail-6.3.26/fetchmail.h
-@@ -771,9 +771,9 @@ int servport(const char *service);
- int fm_getaddrinfo(const char *node, const char *serv, const struct addrinfo *hints, struct addrinfo **res);
- void fm_freeaddrinfo(struct addrinfo *ai);
- 
--/* prototypes from tls.c */
--int maybe_tls(struct query *ctl);
--int must_tls(struct query *ctl);
-+/* prototypes from starttls.c */
-+int maybe_starttls(struct query *ctl);
-+int must_starttls(struct query *ctl);
- 
- /* prototype from rfc822valid.c */
- int rfc822_valid_msgid(const unsigned char *);
---- fetchmail-6.3.26.orig/fetchmail.man
-+++ fetchmail-6.3.26/fetchmail.man
-@@ -412,23 +412,22 @@ from. The folder information is written
- .B \-\-ssl
- (Keyword: ssl)
- .br
--Causes the connection to the mail server to be encrypted
--via SSL.  Connect to the server using the specified base protocol over a
--connection secured by SSL. This option defeats opportunistic starttls
--negotiation. It is highly recommended to use \-\-sslproto 'SSL3'
--\-\-sslcertck to validate the certificates presented by the server and
--defeat the obsolete SSLv2 negotiation. More information is available in
--the \fIREADME.SSL\fP file that ships with fetchmail.
--.IP
--Note that fetchmail may still try to negotiate SSL through starttls even
--if this option is omitted. You can use the \-\-sslproto option to defeat
--this behavior or tell fetchmail to negotiate a particular SSL protocol.
-+Causes the connection to the mail server to be encrypted via SSL, by
-+negotiating SSL directly after connecting (SSL-wrapped mode).  It is
-+highly recommended to use \-\-sslcertck to validate the certificates
-+presented by the server.  Please see the description of \-\-sslproto
-+below!  More information is available in the \fIREADME.SSL\fP file that
-+ships with fetchmail.
-+.IP
-+Note that even if this option is omitted, fetchmail may still negotiate
-+SSL in-band for POP3 or IMAP, through the STLS or STARTTLS feature.  You
-+can use the \-\-sslproto option to modify that behavior.
- .IP
- If no port is specified, the connection is attempted to the well known
- port of the SSL version of the base protocol.  This is generally a
- different port than the port used by the base protocol.  For IMAP, this
- is port 143 for the clear protocol and port 993 for the SSL secured
--protocol, for POP3, it is port 110 for the clear text and port 995 for
-+protocol; for POP3, it is port 110 for the clear text and port 995 for
- the encrypted variant.
- .IP
- If your system lacks the corresponding entries from /etc/services, see
-@@ -470,39 +469,73 @@ cause some complications in daemon mode.
- .IP
- Also see \-\-sslcert above.
- .TP
--.B \-\-sslproto <name>
--(Keyword: sslproto)
-+.B \-\-sslproto <value>
-+(Keyword: sslproto, NOTE: semantic changes since v6.4.0)
- .br
--Forces an SSL/TLS protocol. Possible values are \fB''\fP,
--\&'\fBSSL2\fP' (not supported on all systems),
--\&'\fBSSL23\fP', (use of these two values is discouraged
--and should only be used as a last resort) \&'\fBSSL3\fP', and
--\&'\fBTLS1\fP'.  The default behaviour if this option is unset is: for
--connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will
--opportunistically try STARTTLS negotiation with TLS1. You can configure
--this option explicitly if the default handshake (TLS1 if \-\-ssl is not
--used) does not work for your server.
--.IP
--Use this option with '\fBTLS1\fP' value to enforce a STARTTLS
--connection. In this mode, it is highly recommended to also use
--\-\-sslcertck (see below).  Note that this will then cause fetchmail
--v6.3.19 to force STARTTLS negotiation even if it is not advertised by
--the server.
--.IP
--To defeat opportunistic TLSv1 negotiation when the server advertises
--STARTTLS or STLS, and use a cleartext connection use \fB''\fP.  This
--option, even if the argument is the empty string, will also suppress the
--diagnostic 'SERVER: opportunistic upgrade to TLS.' message in verbose
--mode. The default is to try appropriate protocols depending on context.
-+This option has a dual use, out of historic fetchmail behaviour. It
-+controls both the SSL/TLS protocol version and, if \-\-ssl is not
-+specified, the STARTTLS behaviour (upgrading the protocol to an SSL or
-+TLS connection in-band). Some other options may however make TLS
-+mandatory.
-+.PP
-+Only if this option and \-\-ssl are both missing for a poll, there will
-+be opportunistic TLS for POP3 and IMAP, where fetchmail will attempt to
-+upgrade to TLSv1 or newer.
-+.PP
-+Recognized values for \-\-sslproto are given below. You should normally
-+chose one of the auto-negotiating options, i. e. '\fBauto\fP' or one of
-+the options ending in a plus (\fB+\fP) character. Note that depending
-+on OpenSSL library version and configuration, some options cause
-+run-time errors because the requested SSL or TLS versions are not
-+supported by the particular installed OpenSSL library.
-+.RS
-+.IP "\fB''\fP, the empty string"
-+Disable STARTTLS. If \-\-ssl is given for the same server, log an error
-+and pretend that '\fBauto\fP' had been used instead.
-+.IP '\fBauto\fP'
-+(default). Since v6.4.0. Require TLS. Auto-negotiate TLSv1 or newer, disable SSLv3 downgrade.
-+(fetchmail 6.3.26 and older have auto-negotiated all protocols that
-+their OpenSSL library supported, including the broken SSLv3).
-+.IP "\&'\fBSSL23\fP'
-+see '\fBauto\fP'.
-+.IP \&'\fBSSL3\fP'
-+Require SSLv3 exactly. SSLv3 is broken, not supported on all systems, avoid it
-+if possible.  This will make fetchmail negotiate SSLv3 only, and is the
-+only way besides '\fBSSL3+\fP' to have fetchmail 6.4.0 or newer permit SSLv3.
-+.IP \&'\fBSSL3+\fP'
-+same as '\fBauto\fP', but permit SSLv3 as well. This is the only way
-+besides '\fBSSL3\fP' to have fetchmail 6.4.0 or newer permit SSLv3.
-+.IP \&'\fBTLS1\fP'
-+Require TLSv1. This does not negotiate TLSv1.1 or newer, and is
-+discouraged. Replace by TLS1+ unless the latter chokes your server.
-+.IP \&'\fBTLS1+\fP'
-+Since v6.4.0. See 'fBauto\fP'.
-+.IP \&'\fBTLS1.1\fP'
-+Since v6.4.0. Require TLS v1.1 exactly.
-+.IP \&'\fBTLS1.1+\fP'
-+Since v6.4.0. Require TLS. Auto-negotiate TLSv1.1 or newer.
-+.IP \&'\fBTLS1.2\fP'
-+Since v6.4.0. Require TLS v1.2 exactly.
-+.IP '\fBTLS1.2+\fP'
-+Since v6.4.0. Require TLS. Auto-negotiate TLSv1.2 or newer.
-+.IP "Unrecognized parameters"
-+are treated the same as '\fBauto\fP'.
-+.RE
-+.IP
-+NOTE: you should hardly ever need to use anything other than '' (to
-+force an unencrypted connection) or 'auto' (to enforce TLS).
- .TP
- .B \-\-sslcertck
- (Keyword: sslcertck)
- .br
--Causes fetchmail to strictly check the server certificate against a set of
--local trusted certificates (see the \fBsslcertfile\fP and \fBsslcertpath\fP
--options). If the server certificate cannot be obtained or is not signed by one
--of the trusted ones (directly or indirectly), the SSL connection will fail,
--regardless of the \fBsslfingerprint\fP option.
-+Causes fetchmail to require that SSL/TLS be used and disconnect if it
-+can not successfully negotiate SSL or TLS, or if it cannot successfully
-+verify and validate the certificate and follow it to a trust anchor (or
-+trusted root certificate). The trust anchors are given as a set of local
-+trusted certificates (see the \fBsslcertfile\fP and \fBsslcertpath\fP
-+options). If the server certificate cannot be obtained or is not signed
-+by one of the trusted ones (directly or indirectly), fetchmail will
-+disconnect, regardless of the \fBsslfingerprint\fP option.
- .IP
- Note that CRL (certificate revocation lists) are only supported in
- OpenSSL 0.9.7 and newer! Your system clock should also be reasonably
-@@ -1202,31 +1235,33 @@ capability response. Specify a user opti
- username and the part to the right as the NTLM domain.
- 
- .SS Secure Socket Layers (SSL) and Transport Layer Security (TLS)
-+.PP All retrieval protocols can use SSL or TLS wrapping for the
-+transport. Additionally, POP3 and IMAP retrival can also negotiate
-+SSL/TLS by means of STARTTLS (or STLS).
- .PP
- Note that fetchmail currently uses the OpenSSL library, which is
- severely underdocumented, so failures may occur just because the
- programmers are not aware of OpenSSL's requirement of the day.
- For instance, since v6.3.16, fetchmail calls
- OpenSSL_add_all_algorithms(), which is necessary to support certificates
--using SHA256 on OpenSSL 0.9.8 -- this information is deeply hidden in the
--documentation and not at all obvious.  Please do not hesitate to report
--subtle SSL failures.
--.PP
--You can access SSL encrypted services by specifying the \-\-ssl option.
--You can also do this using the "ssl" user option in the .fetchmailrc
--file. With SSL encryption enabled, queries are initiated over a
--connection after negotiating an SSL session, and the connection fails if
--SSL cannot be negotiated.  Some services, such as POP3 and IMAP, have
-+using SHA256 on OpenSSL 0.9.8 -- this information is deeply hidden in
-+the documentation and not at all obvious.  Please do not hesitate to
-+report subtle SSL failures.
-+.PP
-+You can access SSL encrypted services by specifying the options starting
-+with \-\-ssl, such as \-\-ssl, \-\-sslproto, \-\-sslcertck, and others.
-+You can also do this using the corresponding user options in the .fetchmailrc
-+file.  Some services, such as POP3 and IMAP, have
- different well known ports defined for the SSL encrypted services.  The
- encrypted ports will be selected automatically when SSL is enabled and
--no explicit port is specified. The \-\-sslproto 'SSL3' option should be
--used to select the SSLv3 protocol (default if unset: v2 or v3).  Also,
--the \-\-sslcertck command line or sslcertck run control file option
--should be used to force strict certificate checking - see below.
-+no explicit port is specified.   Also, the \-\-sslcertck command line or
-+sslcertck run control file option should be used to force strict
-+certificate checking - see below.
- .PP
- If SSL is not configured, fetchmail will usually opportunistically try to use
--STARTTLS. STARTTLS can be enforced by using \-\-sslproto "TLS1". TLS
--connections use the same port as the unencrypted version of the
-+STARTTLS. STARTTLS can be enforced by using \-\-sslproto\~auto and
-+defeated by using \-\-sslproto\~''.
-+TLS connections use the same port as the unencrypted version of the
- protocol and negotiate TLS via special command. The \-\-sslcertck
- command line or sslcertck run control file option should be used to
- force strict certificate checking - see below.
---- fetchmail-6.3.26.orig/imap.c
-+++ fetchmail-6.3.26/imap.c
-@@ -405,6 +405,8 @@ static int imap_getauth(int sock, struct
- /* apply for connection authorization */
- {
-     int ok = 0;
-+    char *commonname;
-+
-     (void)greeting;
- 
-     /*
-@@ -429,25 +431,21 @@ static int imap_getauth(int sock, struct
-         return(PS_SUCCESS);
-     }
- 
--#ifdef SSL_ENABLE
--    if (maybe_tls(ctl)) {
--	char *commonname;
--
--	commonname = ctl->server.pollname;
--	if (ctl->server.via)
--	    commonname = ctl->server.via;
--	if (ctl->sslcommonname)
--	    commonname = ctl->sslcommonname;
-+    commonname = ctl->server.pollname;
-+    if (ctl->server.via)
-+	commonname = ctl->server.via;
-+    if (ctl->sslcommonname)
-+	commonname = ctl->sslcommonname;
- 
--	if (strstr(capabilities, "STARTTLS")
--		|| must_tls(ctl)) /* if TLS is mandatory, ignore capabilities */
-+#ifdef SSL_ENABLE
-+    if (maybe_starttls(ctl)) {
-+	if ((strstr(capabilities, "STARTTLS") && maybe_starttls(ctl))
-+		|| must_starttls(ctl)) /* if TLS is mandatory, ignore capabilities */
- 	{
--	    /* Use "tls1" rather than ctl->sslproto because tls1 is the only
--	     * protocol that will work with STARTTLS.  Don't need to worry
--	     * whether TLS is mandatory or opportunistic unless SSLOpen() fails
--	     * (see below). */
-+	    /* Don't need to worry whether TLS is mandatory or
-+	     * opportunistic unless SSLOpen() fails (see below). */
- 	    if (gen_transact(sock, "STARTTLS") == PS_SUCCESS
--		    && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
-+		    && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, ctl->sslproto, ctl->sslcertck,
- 			ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
- 			ctl->server.pollname, &ctl->remotename)) != -1)
- 	    {
-@@ -470,7 +468,7 @@ static int imap_getauth(int sock, struct
- 		{
- 		    report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname);
- 		}
--	    } else if (must_tls(ctl)) {
-+	    } else if (must_starttls(ctl)) {
- 		/* Config required TLS but we couldn't guarantee it, so we must
- 		 * stop. */
- 		set_timeout(0);
-@@ -492,6 +490,10 @@ static int imap_getauth(int sock, struct
- 		/* Usable.  Proceed with authenticating insecurely. */
- 	    }
- 	}
-+    } else {
-+	if (strstr(capabilities, "STARTTLS") && outlevel >= O_VERBOSE) {
-+	    report(stdout, GT_("%s: WARNING: server offered STARTTLS but sslproto '' given.\n"), commonname);
-+	}
-     }
- #endif /* SSL_ENABLE */
- 
---- fetchmail-6.3.26.orig/po/Makevars
-+++ fetchmail-6.3.26/po/Makevars
-@@ -46,3 +46,15 @@ MSGID_BUGS_ADDRESS = fetchmail-devel@lis
- # This is the list of locale categories, beyond LC_MESSAGES, for which the
- # message catalogs shall be used.  It is usually empty.
- EXTRA_LOCALE_CATEGORIES =
-+
-+# This tells whether the $(DOMAIN).pot file contains messages with an 'msgctxt'
-+# context.  Possible values are "yes" and "no".  Set this to yes if the
-+# package uses functions taking also a message context, like pgettext(), or
-+# if in $(XGETTEXT_OPTIONS) you define keywords with a context argument.
-+USE_MSGCTXT = no
-+
-+# These options get passed to msgmerge.
-+# Useful options are in particular:
-+#   --previous            to keep previous msgids of translated messages,
-+#   --quiet               to reduce the verbosity.
-+MSGMERGE_OPTIONS =
---- fetchmail-6.3.26.orig/pop3.c
-+++ fetchmail-6.3.26/pop3.c
-@@ -281,6 +281,7 @@ static int pop3_getauth(int sock, struct
- #endif /* OPIE_ENABLE */
- #ifdef SSL_ENABLE
-     flag connection_may_have_tls_errors = FALSE;
-+    char *commonname;
- #endif /* SSL_ENABLE */
- 
-     done_capa = FALSE;
-@@ -393,7 +394,7 @@ static int pop3_getauth(int sock, struct
- 		(ctl->server.authenticate == A_KERBEROS_V5) ||
- 		(ctl->server.authenticate == A_OTP) ||
- 		(ctl->server.authenticate == A_CRAM_MD5) ||
--		maybe_tls(ctl))
-+		maybe_starttls(ctl))
- 	{
- 	    if ((ok = capa_probe(sock)) != PS_SUCCESS)
- 		/* we are in STAGE_GETAUTH => failure is PS_AUTHFAIL! */
-@@ -406,12 +407,12 @@ static int pop3_getauth(int sock, struct
- 		    (ok == PS_SOCKET && !ctl->wehaveauthed))
- 		{
- #ifdef SSL_ENABLE
--		    if (must_tls(ctl)) {
-+		    if (must_starttls(ctl)) {
- 			/* fail with mandatory STLS without repoll */
- 			report(stderr, GT_("TLS is mandatory for this session, but server refused CAPA command.\n"));
- 			report(stderr, GT_("The CAPA command is however necessary for TLS.\n"));
- 			return ok;
--		    } else if (maybe_tls(ctl)) {
-+		    } else if (maybe_starttls(ctl)) {
- 			/* defeat opportunistic STLS */
- 			xfree(ctl->sslproto);
- 			ctl->sslproto = xstrdup("");
-@@ -431,24 +432,19 @@ static int pop3_getauth(int sock, struct
- 	}
- 
- #ifdef SSL_ENABLE
--	if (maybe_tls(ctl)) {
--	    char *commonname;
-+	commonname = ctl->server.pollname;
-+	if (ctl->server.via)
-+	    commonname = ctl->server.via;
-+	if (ctl->sslcommonname)
-+	    commonname = ctl->sslcommonname;
- 
--	    commonname = ctl->server.pollname;
--	    if (ctl->server.via)
--		commonname = ctl->server.via;
--	    if (ctl->sslcommonname)
--		commonname = ctl->sslcommonname;
--
--	   if (has_stls
--		   || must_tls(ctl)) /* if TLS is mandatory, ignore capabilities */
-+	if (maybe_starttls(ctl)) {
-+	   if (has_stls || must_starttls(ctl)) /* if TLS is mandatory, ignore capabilities */
- 	   {
--	       /* Use "tls1" rather than ctl->sslproto because tls1 is the only
--		* protocol that will work with STARTTLS.  Don't need to worry
--		* whether TLS is mandatory or opportunistic unless SSLOpen() fails
--		* (see below). */
-+	       /* Don't need to worry whether TLS is mandatory or
-+		* opportunistic unless SSLOpen() fails (see below). */
- 	       if (gen_transact(sock, "STLS") == PS_SUCCESS
--		       && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, "tls1", ctl->sslcertck,
-+		       && (set_timeout(mytimeout), SSLOpen(sock, ctl->sslcert, ctl->sslkey, ctl->sslproto, ctl->sslcertck,
- 			   ctl->sslcertfile, ctl->sslcertpath, ctl->sslfingerprint, commonname,
- 			   ctl->server.pollname, &ctl->remotename)) != -1)
- 	       {
-@@ -475,7 +471,7 @@ static int pop3_getauth(int sock, struct
- 		   {
- 		       report(stdout, GT_("%s: upgrade to TLS succeeded.\n"), commonname);
- 		   }
--	       } else if (must_tls(ctl)) {
-+	       } else if (must_starttls(ctl)) {
- 		   /* Config required TLS but we couldn't guarantee it, so we must
- 		    * stop. */
- 		   set_timeout(0);
-@@ -495,7 +491,11 @@ static int pop3_getauth(int sock, struct
- 		   }
- 	       }
- 	   }
--	} /* maybe_tls() */
-+	} else { /* maybe_starttls() */
-+	    if (has_stls && outlevel >= O_VERBOSE) {
-+		report(stdout, GT_("%s: WARNING: server offered STLS, but sslproto '' given.\n"), commonname);
-+	    }
-+	} /* maybe_starttls() */
- #endif /* SSL_ENABLE */
- 
- 	/*
---- fetchmail-6.3.26.orig/socket.c
-+++ fetchmail-6.3.26/socket.c
-@@ -876,7 +876,9 @@ int SSLOpen(int sock, char *mycert, char
- {
-         struct stat randstat;
-         int i;
-+	int avoid_ssl_versions = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
- 	long sslopts = SSL_OP_ALL;
-+	int ssle_connect = 0;
- 
- 	SSL_load_error_strings();
- 	SSL_library_init();
-@@ -906,25 +908,57 @@ int SSLOpen(int sock, char *mycert, char
- 	/* Make sure a connection referring to an older context is not left */
- 	_ssl_context[sock] = NULL;
- 	if(myproto) {
--		if(!strcasecmp("ssl2",myproto)) {
--#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
--			_ctx[sock] = SSL_CTX_new(SSLv2_client_method());
-+		if(!strcasecmp("ssl3",myproto)) {
-+#if (HAVE_DECL_SSLV3_CLIENT_METHOD > 0) && (0 == OPENSSL_NO_SSL3 + 0)
-+			_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
-+			avoid_ssl_versions &= ~SSL_OP_NO_SSLv3;
- #else
--			report(stderr, GT_("Your operating system does not support SSLv2.\n"));
-+			report(stderr, GT_("Your OpenSSL version does not support SSLv3.\n"));
- 			return -1;
- #endif
--		} else if(!strcasecmp("ssl3",myproto)) {
--			_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
-+		} else if(!strcasecmp("ssl3+",myproto)) {
-+			avoid_ssl_versions &= ~SSL_OP_NO_SSLv3;
-+			myproto = NULL;
- 		} else if(!strcasecmp("tls1",myproto)) {
- 			_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
--		} else if (!strcasecmp("ssl23",myproto)) {
-+		} else if(!strcasecmp("tls1+",myproto)) {
-+			myproto = NULL;
-+#if defined(TLS1_1_VERSION) && TLS_MAX_VERSION >= TLS1_1_VERSION
-+		} else if(!strcasecmp("tls1.1",myproto)) {
-+			_ctx[sock] = SSL_CTX_new(TLSv1_1_client_method());
-+		} else if(!strcasecmp("tls1.1+",myproto)) {
-+			myproto = NULL;
-+			avoid_ssl_versions |= SSL_OP_NO_TLSv1;
-+#else
-+		} else if(!strcasecmp("tls1.1",myproto) || !strcasecmp("tls1.1+", myproto)) {
-+			report(stderr, GT_("Your OpenSSL version does not support TLS v1.1.\n"));
-+			return -1;
-+#endif
-+#if defined(TLS1_2_VERSION) && TLS_MAX_VERSION >= TLS1_2_VERSION
-+		} else if(!strcasecmp("tls1.2",myproto)) {
-+			_ctx[sock] = SSL_CTX_new(TLSv1_2_client_method());
-+		} else if(!strcasecmp("tls1.2+",myproto)) {
-+			myproto = NULL;
-+			avoid_ssl_versions |= SSL_OP_NO_TLSv1;
-+			avoid_ssl_versions |= SSL_OP_NO_TLSv1_1;
-+#else
-+		} else if(!strcasecmp("tls1.2",myproto) || !strcasecmp("tls1.2+", myproto)) {
-+			report(stderr, GT_("Your OpenSSL version does not support TLS v1.2.\n"));
-+			return -1;
-+#endif
-+		} else if (!strcasecmp("ssl23",myproto) || 0 == strcasecmp("auto",myproto)) {
- 			myproto = NULL;
- 		} else {
--			report(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto);
-+			report(stderr,GT_("Invalid SSL protocol '%s' specified, using default autoselect (SSL23).\n"), myproto);
- 			myproto = NULL;
- 		}
- 	}
--	if(!myproto) {
-+	// do not combine into an else { } as myproto may be nulled
-+	// above!
-+	if (!myproto) {
-+		// SSLv23 is a misnomer and will in fact use the best
-+		// available protocol, subject to SSL_OP_NO*
-+		// constraints.
- 		_ctx[sock] = SSL_CTX_new(SSLv23_client_method());
- 	}
- 	if(_ctx[sock] == NULL) {
-@@ -938,7 +972,7 @@ int SSLOpen(int sock, char *mycert, char
- 		sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
- 	}
- 
--	SSL_CTX_set_options(_ctx[sock], sslopts);
-+	SSL_CTX_set_options(_ctx[sock], sslopts | avoid_ssl_versions);
- 
- 	if (certck) {
- 		SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
-@@ -1008,8 +1042,18 @@ int SSLOpen(int sock, char *mycert, char
- 	}
- 
- 	if (SSL_set_fd(_ssl_context[sock], sock) == 0 
--	    || SSL_connect(_ssl_context[sock]) < 1) {
-+	    || (ssle_connect = SSL_connect(_ssl_context[sock])) < 1) {
-+		int e = errno;
-+		unsigned long ssle_err_from_queue = ERR_peek_error();
-+		unsigned long ssle_err_from_get_error = SSL_get_error(_ssl_context[sock], ssle_connect);
- 		ERR_print_errors_fp(stderr);
-+		if (SSL_ERROR_SYSCALL == ssle_err_from_get_error && 0 == ssle_err_from_queue) {
-+		    if (0 == ssle_connect) {
-+			report(stderr, GT_("Server shut down connection prematurely during SSL_connect().\n"));
-+		    } else if (ssle_connect < 0) {
-+			report(stderr, GT_("System error during SSL_connect(): %s\n"), strerror(e));
-+		    }
-+		}
- 		SSL_free( _ssl_context[sock] );
- 		_ssl_context[sock] = NULL;
- 		SSL_CTX_free(_ctx[sock]);
-@@ -1017,6 +1061,24 @@ int SSLOpen(int sock, char *mycert, char
- 		return(-1);
- 	}
- 
-+	if (outlevel >= O_VERBOSE) {
-+	    SSL_CIPHER const *sc;
-+	    int bitsmax, bitsused;
-+
-+	    const char *ver;
-+
-+	    ver = SSL_get_version(_ssl_context[sock]);
-+
-+	    sc = SSL_get_current_cipher(_ssl_context[sock]);
-+	    if (!sc) {
-+		report (stderr, GT_("Cannot obtain current SSL/TLS cipher - no session established?\n"));
-+	    } else {
-+		bitsused = SSL_CIPHER_get_bits(sc, &bitsmax);
-+		report(stdout, GT_("SSL/TLS: using protocol %s, cipher %s, %d/%d secret/processed bits\n"),
-+			ver, SSL_CIPHER_get_name(sc), bitsused, bitsmax);
-+	    }
-+	}
-+
- 	/* Paranoia: was the callback not called as we expected? */
- 	if (!_depth0ck) {
- 		report(stderr, GT_("Certificate/fingerprint verification was somehow skipped!\n"));
---- /dev/null
-+++ fetchmail-6.3.26/starttls.c
-@@ -0,0 +1,37 @@
-+/** \file tls.c - collect common TLS functionality 
-+ * \author Matthias Andree
-+ * \date 2006
-+ */
-+
-+#include "fetchmail.h"
-+
-+#include <string.h>
-+
-+#ifdef HAVE_STRINGS_H
-+#include <strings.h>
-+#endif
-+
-+/** return true if user allowed opportunistic STARTTLS/STLS */
-+int maybe_starttls(struct query *ctl) {
-+#ifdef SSL_ENABLE
-+         /* opportunistic  or forced TLS */
-+    return (!ctl->sslproto || strlen(ctl->sslproto))
-+	&& !ctl->use_ssl;
-+#else
-+    (void)ctl;
-+    return 0;
-+#endif
-+}
-+
-+/** return true if user requires STARTTLS/STLS, note though that this
-+ * code must always use a logical AND with maybe_tls(). */
-+int must_starttls(struct query *ctl) {
-+#ifdef SSL_ENABLE
-+    return maybe_starttls(ctl)
-+	&& (ctl->sslfingerprint || ctl->sslcertck
-+		|| (ctl->sslproto && !strcasecmp(ctl->sslproto, "tls1")));
-+#else
-+    (void)ctl;
-+    return 0;
-+#endif
-+}
diff --git a/meta-openembedded/meta-networking/recipes-support/fetchmail/fetchmail_6.3.26.bb b/meta-openembedded/meta-networking/recipes-support/fetchmail/fetchmail_6.4.1.bb
similarity index 76%
rename from meta-openembedded/meta-networking/recipes-support/fetchmail/fetchmail_6.3.26.bb
rename to meta-openembedded/meta-networking/recipes-support/fetchmail/fetchmail_6.4.1.bb
index 5af5d0d..21caa91 100644
--- a/meta-openembedded/meta-networking/recipes-support/fetchmail/fetchmail_6.3.26.bb
+++ b/meta-openembedded/meta-networking/recipes-support/fetchmail/fetchmail_6.4.1.bb
@@ -3,15 +3,14 @@
 DESCRIPTION = "Fetchmail is a full-featured, robust, well-documented remote-mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It supports every remote-mail protocol now in use on the Internet: POP2, POP3, RPOP, APOP, KPOP, all flavors of IMAP, ETRN, and ODMR. It can even support IPv6 and IPSEC."
 SECTION = "mail"
 LICENSE = "GPLv2 & MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=fbb509e0303f5ded1cbfc0cc8705f28c"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ca53985c1fd053ae0bffffaa89ed49f1"
 
 DEPENDS = "openssl"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz \
-           file://02_remove_SSLv3.patch \
            "
-SRC_URI[md5sum] = "61b66faad044afa26e142bb1791aa2b3"
-SRC_URI[sha256sum] = "79b4c54cdbaf02c1a9a691d9948fcb1a77a1591a813e904283a8b614b757e850"
+SRC_URI[md5sum] = "c2b836a919cdd4ec53b06b70e0aa3e63"
+SRC_URI[sha256sum] = "3f33f11dd08c3e8cc3e9d18eec686b1626d4818f4d5a72791507bbc4dce6a9a0"
 
 inherit autotools gettext python-dir pythonnative
 
diff --git a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch b/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch
deleted file mode 100644
index 919f2b0..0000000
--- a/meta-openembedded/meta-networking/recipes-support/tcpdump/tcpdump/0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From c45443a0d3e16b92622bea6b589e5930e8f0d815 Mon Sep 17 00:00:00 2001
-From: Peiran Hong <peiran.hong@windriver.com>
-Date: Fri, 13 Sep 2019 17:02:57 -0400
-Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check.
-
----
- netdissect.h | 12 ++++++++++++
- print-aoe.c  |  1 +
- 2 files changed, 13 insertions(+)
-
-diff --git a/netdissect.h b/netdissect.h
-index 089b0406..cd05fdb9 100644
---- a/netdissect.h
-+++ b/netdissect.h
-@@ -69,6 +69,11 @@ typedef struct {
- typedef unsigned char nd_uint8_t;
- typedef signed char nd_int8_t;
- 
-+/*
-+ * Use this for MAC addresses.
-+ */
-+#define MAC_ADDR_LEN    6               /* length of MAC addresses */
-+
- /* snprintf et al */
- 
- #include <stdarg.h>
-@@ -309,12 +314,19 @@ struct netdissect_options {
- 	((uintptr_t)ndo->ndo_snapend - (l) <= (uintptr_t)ndo->ndo_snapend && \
-          (uintptr_t)&(var) <= (uintptr_t)ndo->ndo_snapend - (l)))
- 
-+#define ND_TTEST_LEN(p, l) \
-+  (IS_NOT_NEGATIVE(l) && \
-+        ((uintptr_t)ndo->ndo_snapend - (l) <= (uintptr_t)ndo->ndo_snapend && \
-+         (uintptr_t)(p) <= (uintptr_t)ndo->ndo_snapend - (l)))
-+
- /* True if "var" was captured */
- #define ND_TTEST(var) ND_TTEST2(var, sizeof(var))
- 
- /* Bail if "l" bytes of "var" were not captured */
- #define ND_TCHECK2(var, l) if (!ND_TTEST2(var, l)) goto trunc
- 
-+#define ND_TCHECK_LEN(p, l) if (!ND_TTEST_LEN(p, l)) goto trunc
-+
- /* Bail if "var" was not captured */
- #define ND_TCHECK(var) ND_TCHECK2(var, sizeof(var))
- 
-diff --git a/print-aoe.c b/print-aoe.c
-index 97e93df2..ac097a04 100644
---- a/print-aoe.c
-+++ b/print-aoe.c
-@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo,
- 		goto invalid;
- 	/* addresses */
- 	for (i = 0; i < nmacs; i++) {
-+		ND_TCHECK_LEN(cp, MAC_ADDR_LEN);
- 		ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp)));
- 		cp += ETHER_ADDR_LEN;
- 	}
--- 
-2.21.0
-
diff --git a/meta-openembedded/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb b/meta-openembedded/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb
index 256d83f..6133b3a 100644
--- a/meta-openembedded/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb
+++ b/meta-openembedded/meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb
@@ -15,7 +15,7 @@
 inherit bash-completion systemd
 
 do_install() {
-    oe_runmake install DESTDIR=${D} PREFIX=${prefix} \
+    oe_runmake install-spec DESTDIR=${D} PREFIX=${prefix} \
         UDEVDIR=${nonarch_base_libdir}/udev SYSTEMDDIR=${systemd_unitdir}
 }
 
@@ -25,5 +25,6 @@
 
 PACKAGES =+ "${PN}-dracut ${PN}-zsh-completion"
 
+FILES_${PN} += "${systemd_system_unitdir}"
 FILES_${PN}-dracut = "${libdir}/dracut/dracut.conf.d"
 FILES_${PN}-zsh-completion = "${datadir}/zsh/site-functions"
diff --git a/meta-openembedded/meta-oe/recipes-bsp/rwmem/rwmem_1.2.bb b/meta-openembedded/meta-oe/recipes-bsp/rwmem/rwmem_1.2.bb
index 0a15134..5d81fdb 100644
--- a/meta-openembedded/meta-oe/recipes-bsp/rwmem/rwmem_1.2.bb
+++ b/meta-openembedded/meta-oe/recipes-bsp/rwmem/rwmem_1.2.bb
@@ -1,4 +1,13 @@
 SUMMARY = "A small tool to read/write memory"
+DESCRIPTION = "rwmem is a small tool for reading and writing device registers. \
+rwmem supports two modes: mmap mode and i2c mode. \
+\
+In mmap mode rwmem accesses a file by memory mapping it. \
+Using /dev/mem as the memory mapped file makes rwmem access memory and \
+can thus be used to access devices which have memory mapped registers. \
+\
+In i2c mode rwmem accesses an i2c peripheral by sending i2c messages to it."
+
 LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
diff --git a/meta-openembedded/meta-oe/recipes-devtools/jsonrpc/jsonrpc_1.2.0.bb b/meta-openembedded/meta-oe/recipes-devtools/jsonrpc/jsonrpc_1.2.0.bb
index b237757..dbf44d7 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/jsonrpc/jsonrpc_1.2.0.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/jsonrpc/jsonrpc_1.2.0.bb
@@ -14,6 +14,9 @@
 
 S = "${WORKDIR}/git"
 
+PACKAGECONFIG ?= ""
+PACKAGECONFIG[coverage] = "-DWITH_COVERAGE=YES,-DWITH_COVERAGE=NO,,"
+
 inherit cmake
 
 EXTRA_OECMAKE += "-DCOMPILE_TESTS=NO -DCOMPILE_STUBGEN=NO -DCOMPILE_EXAMPLES=NO \
diff --git a/meta-openembedded/meta-oe/recipes-devtools/kconfig-frontends/kconfig-frontends_4.11.0.1.bb b/meta-openembedded/meta-oe/recipes-devtools/kconfig-frontends/kconfig-frontends_4.11.0.1.bb
index de9a6eb..fae80a7 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/kconfig-frontends/kconfig-frontends_4.11.0.1.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/kconfig-frontends/kconfig-frontends_4.11.0.1.bb
@@ -7,13 +7,13 @@
 kconfig infrastructure, ready for use by third-party projects. \
 The kconfig-frontends package provides the kconfig parser, as well as all \
 the frontends"
-HOMEPAGE = "http://ymorin.is-a-geek.org/projects/kconfig-frontends"
+HOMEPAGE = "https://gitlab.com/ymorin/kconfig-frontends"
 LICENSE = "GPL-2.0"
 LIC_FILES_CHKSUM = "file://COPYING;md5=9b8cf60ff39767ff04b671fca8302408"
 SECTION = "devel"
 DEPENDS += "ncurses flex bison gperf-native bison-native"
 RDEPENDS_${PN} += "python3 bash"
-SRC_URI = "git://ymorin.is-a-geek.org/kconfig-frontends;branch=4.11.x \
+SRC_URI = "git://gitlab.com/ymorin/kconfig-frontends.git;protocol=https;branch=4.11.x \
 	   file://0001-Makefile-ensure-frontends-exits-before-writing-into-.patch \
            file://0001-Switch-utils-kconfig-diff-to-use-Python-3.patch"
 
diff --git a/meta-openembedded/meta-oe/recipes-devtools/lua/lua/0001-Allow-building-lua-without-readline-on-Linux.patch b/meta-openembedded/meta-oe/recipes-devtools/lua/lua/0001-Allow-building-lua-without-readline-on-Linux.patch
new file mode 100644
index 0000000..e767900
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/lua/lua/0001-Allow-building-lua-without-readline-on-Linux.patch
@@ -0,0 +1,59 @@
+From 601ef636fc4dfb2af3e7fda88d8ea1c1d92affe4 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Wed, 2 Oct 2019 17:54:15 +0200
+Subject: [PATCH] Allow building lua without readline on Linux
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ Makefile      | 2 +-
+ src/Makefile  | 3 +++
+ src/luaconf.h | 5 +++++
+ 3 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 119110d..9f6df45 100644
+--- a/Makefile
++++ b/Makefile
+@@ -36,7 +36,7 @@ RM= rm -f
+ # == END OF USER SETTINGS -- NO NEED TO CHANGE ANYTHING BELOW THIS LINE =======
+ 
+ # Convenience platforms targets.
+-PLATS= aix bsd c89 freebsd generic linux macosx mingw posix solaris
++PLATS= aix bsd c89 freebsd generic linux linux-no-readline macosx mingw posix solaris
+ 
+ # What to install.
+ TO_BIN= lua luac
+diff --git a/src/Makefile b/src/Makefile
+index 64c78f7..5c0428a 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -109,6 +109,9 @@ generic: $(ALL)
+ linux:
+ 	$(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX" SYSLIBS="-Wl,-E -ldl -lreadline"
+ 
++linux-no-readline:
++	$(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX_NO_READLINE" SYSLIBS="-Wl,-E -ldl"
++
+ macosx:
+ 	$(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_MACOSX" SYSLIBS="-lreadline"
+ 
+diff --git a/src/luaconf.h b/src/luaconf.h
+index 9eeeea6..d71ca25 100644
+--- a/src/luaconf.h
++++ b/src/luaconf.h
+@@ -64,6 +64,11 @@
+ #define LUA_USE_READLINE	/* needs some extra libraries */
+ #endif
+ 
++#if defined(LUA_USE_LINUX_NO_READLINE)
++#define LUA_USE_POSIX
++#define LUA_USE_DLOPEN		/* needs an extra library: -ldl */
++#endif
++
+ 
+ #if defined(LUA_USE_MACOSX)
+ #define LUA_USE_POSIX
+-- 
+2.17.1
+
diff --git a/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.5.bb b/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.5.bb
index 265e251..ae41e62 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.5.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/lua/lua_5.3.5.bb
@@ -4,9 +4,9 @@
 LIC_FILES_CHKSUM = "file://doc/readme.html;beginline=318;endline=352;md5=60aa5cfdbd40086501778d9b6ebf29ee"
 HOMEPAGE = "http://www.lua.org/"
 
-DEPENDS = "readline"
 SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
            file://lua.pc.in \
+           file://0001-Allow-building-lua-without-readline-on-Linux.patch \
            "
 
 # if no test suite matches PV release of Lua exactly, download the suite for the closest Lua release.
@@ -24,18 +24,21 @@
 
 inherit pkgconfig binconfig ptest
 
+PACKAGECONFIG ??= "readline"
+PACKAGECONFIG[readline] = ",,readline"
+
 UCLIBC_PATCHES += "file://uclibc-pthread.patch"
 SRC_URI_append_libc-uclibc = "${UCLIBC_PATCHES}"
 
 TARGET_CC_ARCH += " -fPIC ${LDFLAGS}"
-EXTRA_OEMAKE = "'CC=${CC} -fPIC' 'MYCFLAGS=${CFLAGS} -DLUA_USE_LINUX -fPIC' MYLDFLAGS='${LDFLAGS}'"
+EXTRA_OEMAKE = "'CC=${CC} -fPIC' 'MYCFLAGS=${CFLAGS} -fPIC' MYLDFLAGS='${LDFLAGS}'"
 
 do_configure_prepend() {
     sed -i -e s:/usr/local:${prefix}:g src/luaconf.h
 }
 
 do_compile () {
-    oe_runmake linux
+    oe_runmake ${@bb.utils.contains('PACKAGECONFIG', 'readline', 'linux', 'linux-no-readline', d)}
 }
 
 do_install () {
diff --git a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.3.bb b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.4.bb
similarity index 98%
rename from meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.3.bb
rename to meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.4.bb
index 1fe7dcf..505c9fc 100644
--- a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.3.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.4.bb
@@ -28,7 +28,7 @@
     file://0001-Always-enable-trivial-httpd-for-tests.patch \
     file://0002-Gate-ostree-trivial-httpd-on-BUILDOPT_TRIVIAL_HTTPD.patch \
 "
-SRCREV = "5c1697da78ebf6250a7130b8b9e6cbfbeaa34296"
+SRCREV = "9d39e7d91e8497987cad69a3fbed5c5fc91eebdc"
 
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+\.\d+)"
 
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc
index 06ab106..8ced8ab 100644
--- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc
+++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc
@@ -8,6 +8,6 @@
 
 do_install_prepend() {
     install -m 700 -d ${D}${sysconfdir}/polkit-1/rules.d
-    chown polkitd:polkitd ${D}${sysconfdir}/polkit-1/rules.d
+    chown polkitd:root ${D}/${sysconfdir}/polkit-1/rules.d
 }
 USERADD_PARAM_${PN}_prepend = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;"
diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
new file mode 100644
index 0000000..b494ca6
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch
@@ -0,0 +1,31 @@
+From b0894088b680666035a3418326e13bc99d4fed49 Mon Sep 17 00:00:00 2001
+From: Philippe Duveau <pduveau@users.noreply.github.com>
+Date: Tue, 24 Sep 2019 20:45:25 +0200
+Subject: [PATCH] Out of bounds issue
+
+Add a new sanity check after determining the level len.
+---
+ contrib/pmdb2diag/pmdb2diag.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/commit/b0894088b6]
+CVE: CVE-2019-17040
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+diff --git a/contrib/pmdb2diag/pmdb2diag.c b/contrib/pmdb2diag/pmdb2diag.c
+index 2b5916301..5810eb4df 100644
+--- a/contrib/pmdb2diag/pmdb2diag.c
++++ b/contrib/pmdb2diag/pmdb2diag.c
+@@ -134,6 +134,10 @@ CODESTARTparse2
+ 		ABORT_FINALIZE(0);
+ 	}
+ 
++	/* let recheck with the real level len */
++	if(pMsg->iLenRawMsg - (int)pMsg->offAfterPRI < pInst->levelpos+lvl_len)
++		ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE);
++
+ 	DBGPRINTF("db2parse Level %d\n", pMsg->iSeverity);
+ 
+ 	end = (char*)pMsg->pszRawMsg + pMsg->iLenRawMsg ;
+-- 
+2.17.1
+
diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
index bbb4b11..bd0dbc1 100644
--- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb
@@ -23,6 +23,7 @@
            file://rsyslog.logrotate \
            file://use-pkgconfig-to-check-libgcrypt.patch \
            file://run-ptest \
+           file://0001-Out-of-bounds-issue.patch \
 "
 
 SRC_URI_append_libc-musl = " \
diff --git a/meta-openembedded/meta-oe/recipes-multimedia/jack/a2jmidid/riscv_ucontext.patch b/meta-openembedded/meta-oe/recipes-multimedia/jack/a2jmidid/riscv_ucontext.patch
new file mode 100644
index 0000000..23618f1
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-multimedia/jack/a2jmidid/riscv_ucontext.patch
@@ -0,0 +1,24 @@
+Add riscv specific checks to choose correct gregs and context structure definitions
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+--- a/sigsegv.c
++++ b/sigsegv.c
+@@ -91,7 +91,7 @@ static void signal_segv(int signum, sigi
+     a2j_error("info.si_errno = %d", info->si_errno);
+     a2j_error("info.si_code  = %d (%s)", info->si_code, si_codes[info->si_code]);
+     a2j_error("info.si_addr  = %p", info->si_addr);
+-#if !defined(__alpha__) && !defined(__ia64__) && !defined(__FreeBSD_kernel__) && !defined(__arm__) && !defined(__hppa__) && !defined(__sh__) && !defined(__aarch64__)
++#if !defined(__alpha__) && !defined(__ia64__) && !defined(__FreeBSD_kernel__) && !defined(__arm__) && !defined(__hppa__) && !defined(__sh__) && !defined(__aarch64__) && !defined(__riscv)
+     for(i = 0; i < NGREG; i++)
+         a2j_error("reg[%02d]       = 0x" REGFORMAT, i,
+ #if defined(__powerpc__)
+@@ -102,7 +102,7 @@ static void signal_segv(int signum, sigi
+                 ucontext->uc_mcontext.gregs[i]
+ #endif
+                 );
+-#endif /* alpha, ia64, kFreeBSD, arm, hppa aarch64 */
++#endif /* alpha, ia64, kFreeBSD, arm, hppa aarch64 riscv */
+ 
+ #if defined(SIGSEGV_STACK_X86) || defined(SIGSEGV_STACK_IA64)
+ # if defined(SIGSEGV_STACK_IA64)
diff --git a/meta-openembedded/meta-oe/recipes-multimedia/jack/a2jmidid_8.bb b/meta-openembedded/meta-oe/recipes-multimedia/jack/a2jmidid_8.bb
index 7dcaaf6..a0aa412 100644
--- a/meta-openembedded/meta-oe/recipes-multimedia/jack/a2jmidid_8.bb
+++ b/meta-openembedded/meta-oe/recipes-multimedia/jack/a2jmidid_8.bb
@@ -13,6 +13,7 @@
     http://download.gna.org/${BPN}/${BPN}-${PV}.tar.bz2 \
     file://0001-wscript-add-pthread-library-dependency-to-fix-linkin.patch \
     file://0002-aarch64.patch \
+    file://riscv_ucontext.patch \
 "
 SRC_URI[md5sum] = "9cf4edbc3ad2ddeeaf6c8c1791ff3ddd"
 SRC_URI[sha256sum] = "2a9635f62aabc59edb54ada07048dd47e896b90caff94bcee710d3582606f55f"
diff --git a/meta-openembedded/meta-oe/recipes-multimedia/jack/jack/0001-Fix-OSX-build.patch b/meta-openembedded/meta-oe/recipes-multimedia/jack/jack/0001-Fix-OSX-build.patch
deleted file mode 100644
index d9a3ab7..0000000
--- a/meta-openembedded/meta-oe/recipes-multimedia/jack/jack/0001-Fix-OSX-build.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From dd65685c24bb25a800ed42388ed0a1e8792b2ed2 Mon Sep 17 00:00:00 2001
-From: falkTX <falktx@gmail.com>
-Date: Sat, 24 Nov 2018 14:29:58 +0100
-Subject: [PATCH] Fix OSX build
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Backport [https://github.com/jackaudio/jack2/commit/d851fada460d42508a6f82b19867f63853062583]
----
- posix/JackNetUnixSocket.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/posix/JackNetUnixSocket.cpp b/posix/JackNetUnixSocket.cpp
-index 7a5585ef..a4cb5036 100644
---- a/posix/JackNetUnixSocket.cpp
-+++ b/posix/JackNetUnixSocket.cpp
-@@ -169,7 +169,7 @@ namespace Jack
- 
-     int JackNetUnixSocket::Bind()
-     {
--        return bind(fSockfd, reinterpret_cast<socket_address_t*>(&fRecvAddr), sizeof(socket_address_t));
-+        return ::bind(fSockfd, reinterpret_cast<socket_address_t*>(&fRecvAddr), sizeof(socket_address_t));
-     }
- 
-     int JackNetUnixSocket::BindWith(const char* ip)
--- 
-2.20.1
-
diff --git a/meta-openembedded/meta-oe/recipes-multimedia/jack/jack/0001-Python-3.7-fixes-2126.patch b/meta-openembedded/meta-oe/recipes-multimedia/jack/jack/0001-Python-3.7-fixes-2126.patch
deleted file mode 100644
index e6021cd..0000000
--- a/meta-openembedded/meta-oe/recipes-multimedia/jack/jack/0001-Python-3.7-fixes-2126.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 72564b04151b61fa8d954bbb43afc58108ee50ec Mon Sep 17 00:00:00 2001
-From: Thomas Nagy <tnagy@waf.io>
-Date: Mon, 12 Mar 2018 20:42:55 +0100
-Subject: [PATCH] Python 3.7 fixes #2126
-
-Upstream-Status: Backport
-[https://gitlab.com/ita1024/waf/commit/facdc0b173d933073832c768ec1917c553cb369c]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- waflib/Node.py | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/waflib/Node.py b/waflib/Node.py
-index fb3cd273..405a6fec 100644
---- a/waflib/Node.py
-+++ b/waflib/Node.py
-@@ -537,8 +537,6 @@ class Node(object):
- 					if maxdepth:
- 						for k in node.ant_iter(accept=accept, maxdepth=maxdepth - 1, pats=npats, dir=dir, src=src, remove=remove):
- 							yield k
--		raise StopIteration
--
- 	def ant_glob(self, *k, **kw):
- 		"""
- 		This method is used for finding files across folders. It behaves like ant patterns:
diff --git a/meta-openembedded/meta-oe/recipes-multimedia/jack/jack_git.bb b/meta-openembedded/meta-oe/recipes-multimedia/jack/jack_git.bb
index 477af8c..9f7d5b0 100644
--- a/meta-openembedded/meta-oe/recipes-multimedia/jack/jack_git.bb
+++ b/meta-openembedded/meta-oe/recipes-multimedia/jack/jack_git.bb
@@ -14,12 +14,9 @@
 
 DEPENDS = "libsamplerate0 libsndfile1 readline"
 
-SRC_URI = "git://github.com/jackaudio/jack2.git \
-           file://0001-Python-3.7-fixes-2126.patch \
-           file://0001-Fix-OSX-build.patch \
-           "
-SRCREV = "c1647819eed6d11f94b21981d9c869629299f357"
-PV = "1.9.12"
+SRC_URI = "git://github.com/jackaudio/jack2.git"
+SRCREV = "37250ff470277f9947fbf3ba738f943053e30525"
+PV = "1.9.13"
 S = "${WORKDIR}/git"
 
 inherit waf pkgconfig
diff --git a/meta-openembedded/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb b/meta-openembedded/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb
index 4c1393c..905f953 100644
--- a/meta-openembedded/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb
+++ b/meta-openembedded/meta-oe/recipes-support/bdwgc/bdwgc_8.0.4.bb
@@ -37,4 +37,8 @@
 PACKAGECONFIG ??= "libatomic-ops"
 PACKAGECONFIG[libatomic-ops] = "--with-libatomic-ops=yes,--with-libatomic-ops=no,libatomic-ops"
 
+EXTRA_OECONF += "--enable-cpluscplus"
+
+CFLAGS_append_libc-musl = " -D_GNU_SOURCE -DNO_GETCONTEXT -DSEARCH_FOR_DATA_START -DUSE_MMAP -DHAVE_DL_ITERATE_PHDR"
+
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openembedded/meta-oe/recipes-support/lvm2/lvm2/0001-udev-remove-unsupported-OPTIONS-event_timeout-rule.patch b/meta-openembedded/meta-oe/recipes-support/lvm2/lvm2/0001-udev-remove-unsupported-OPTIONS-event_timeout-rule.patch
new file mode 100644
index 0000000..5a6db4b
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/lvm2/lvm2/0001-udev-remove-unsupported-OPTIONS-event_timeout-rule.patch
@@ -0,0 +1,39 @@
+From e48f8328f9d35f23a24e5b27237e8ebf1dbfa269 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Thu, 10 Oct 2019 22:38:00 -0400
+Subject: [PATCH] udev: remove unsupported OPTIONS+="event_timeout" rule
+
+The OPTIONS+="event_timeout" is Unsupported since systemd/udev version 216,
+that is ~5 years ago.
+
+Since systemd/udev version 243, there's a new message printed if unsupported
+OPTIONS value is used:
+
+  Invalid value for OPTIONS key, ignoring: 'event_timeout=180'
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740666
+
+Signed-off-by: Peter Rajnoha <prajnoha@redhat.com>
+
+Upstream-Status: Backport [https://github.com/lvmteam/lvm2/commit/125f27ac37bc9b93cc96f64052b9681b3d479ee1]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ udev/11-dm-lvm.rules.in | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/udev/11-dm-lvm.rules.in b/udev/11-dm-lvm.rules.in
+index 91cb991..7c58994 100644
+--- a/udev/11-dm-lvm.rules.in
++++ b/udev/11-dm-lvm.rules.in
+@@ -37,8 +37,6 @@ ENV{DM_SUBSYSTEM_UDEV_FLAG0}!="1", ENV{DM_NOSCAN}=="1", ENV{DM_UDEV_DISABLE_OTHE
+ 
+ ENV{DM_UDEV_DISABLE_SUBSYSTEM_RULES_FLAG}=="1", GOTO="lvm_end"
+ 
+-OPTIONS+="event_timeout=180"
+-
+ # Do not create symlinks for inappropriate subdevices.
+ ENV{DM_LV_NAME}=="pvmove?*|?*_vorigin", GOTO="lvm_disable"
+ ENV{DM_LV_LAYER}=="?*", GOTO="lvm_disable"
+-- 
+2.23.0
+
diff --git a/meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.03.02.bb b/meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.03.02.bb
index 9907d4f..875709c 100644
--- a/meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.03.02.bb
+++ b/meta-openembedded/meta-oe/recipes-support/lvm2/lvm2_2.03.02.bb
@@ -5,6 +5,7 @@
 SRC_URI += " \
             file://0001-dev-hdc-open-failed-No-medium-found-will-print-out-i.patch \
             file://0001-fix-command-bin-findmnt-bin-lsblk-bin-sort-not-found.patch \
+            file://0001-udev-remove-unsupported-OPTIONS-event_timeout-rule.patch \
            "
 
 DEPENDS += "autoconf-archive-native"
diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0022-RH-Remove-the-property-blacklist-exception-builtin.patch b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0022-RH-Remove-the-property-blacklist-exception-builtin.patch
index fd10608..21b8ec6 100644
--- a/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0022-RH-Remove-the-property-blacklist-exception-builtin.patch
+++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0022-RH-Remove-the-property-blacklist-exception-builtin.patch
@@ -1,7 +1,7 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17  00:00:00 2001
-From:Benjamin Marzinski <bmarzins@redhat.com> 
-Date: Wed, 2 Jul  2014 12:49:53 -0500 
-Subject: [PATCH] RH: Remove the property blacklist  exception builtin
+From 0000000000000000000000000000000000000000 Mon Sep 17
+00:00:00 2001 From:Benjamin Marzinski <bmarzins@redhat.com> Date: Wed, 2 Jul
+2014 12:49:53 -0500 Subject: [PATCH] RH: Remove the property blacklist
+exception builtin
 
 Multipath set the default property blacklist exceptions to
 (ID_SCSI_VPD|ID_WWN).  This has the effect of blacklisting some internal
@@ -15,14 +15,14 @@
 
 Upsteam-Status: Pending
 
-Update patch to 0.8.0
+Update patch to 0.8.2
 Signed-off-by: Changqing Li <changqing.li@windriver.com>
 ---
  libmultipath/blacklist.c | 13 +++++--------
  1 file changed, 5 insertions(+), 8 deletions(-)
 
 diff --git a/libmultipath/blacklist.c b/libmultipath/blacklist.c
-index e0d0279..9f58313 100644
+index 00e8dbd..5204501 100644
 --- a/libmultipath/blacklist.c
 +++ b/libmultipath/blacklist.c
 @@ -192,12 +192,6 @@ setup_default_blist (struct config * conf)
@@ -38,8 +38,8 @@
  	str = STRDUP("^(td|hd|vd)[a-z]");
  	if (!str)
  		return 1;
-@@ -415,8 +409,11 @@ filter_property(struct config *conf, struct udev_device *udev, int lvl)
- 		}
+@@ -437,8 +431,11 @@ filter_property(struct config *conf, struct udev_device *udev, int lvl,
+ 			r = MATCH_NOTHING;
  	}
  
 -	log_filter(devname, NULL, NULL, NULL, env, NULL, r, lvl);
diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0026-RH-add-wwids-from-kernel-cmdline-mpath.wwids-with-A.patch b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0026-RH-add-wwids-from-kernel-cmdline-mpath.wwids-with-A.patch
index 938262b..724bef8 100644
--- a/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0026-RH-add-wwids-from-kernel-cmdline-mpath.wwids-with-A.patch
+++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0026-RH-add-wwids-from-kernel-cmdline-mpath.wwids-with-A.patch
@@ -1,7 +1,10 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17  00:00:00 2001 
-From: Benjamin Marzinski <bmarzins@redhat.com>
-Date: Fri, 17  Oct 2014 11:20:34 -0500
-Subject: [PATCH] RH: add wwids from kernel cmdline  mpath.wwids with -A
+From 0f54b3120ca06ff3168cdbf901a27b68c4638398 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 26 Sep 2019 16:29:48 +0800
+Subject: [PATCH] From 0000000000000000000000000000000000000000 Mon Sep 17 
+ 00:00:00 2001 From: Benjamin Marzinski <bmarzins@redhat.com> Date: Fri, 17 
+ Oct 2014 11:20:34 -0500 Subject: [PATCH] RH: add wwids from kernel cmdline 
+ mpath.wwids with -A
 
 This patch adds another option to multipath, "-A", which reads
 /proc/cmdline for mpath.wwid=<WWID> options, and adds any wwids it finds
@@ -16,7 +19,7 @@
 
 Upstream-Status: Pending
 
-Update this patch to new version 0.8.0
+Update this patch to new version 0.8.2
 
 Signed-off-by: Changqing Li <changqing.li@windriver.com>
 ---
@@ -28,10 +31,10 @@
  5 files changed, 57 insertions(+), 1 deletion(-)
 
 diff --git a/libmultipath/wwids.c b/libmultipath/wwids.c
-index 53e7951..9ba9b62 100644
+index ef74812..19c4d68 100644
 --- a/libmultipath/wwids.c
 +++ b/libmultipath/wwids.c
-@@ -443,3 +443,47 @@ int op ## _wwid(const char *wwid) \
+@@ -444,3 +444,47 @@ int op ## _wwid(const char *wwid) \
  declare_failed_wwid_op(is_failed, false)
  declare_failed_wwid_op(mark_failed, true)
  declare_failed_wwid_op(unmark_failed, true)
@@ -92,27 +95,27 @@
  enum {
  	WWID_IS_NOT_FAILED = 0,
 diff --git a/multipath/main.c b/multipath/main.c
-index 5abb118..c751b31 100644
+index 96a1146..5fc65ef 100644
 --- a/multipath/main.c
 +++ b/multipath/main.c
-@@ -134,6 +134,7 @@ usage (char * progname)
- 	fprintf (stderr, VERSION_STRING);
- 	fprintf (stderr, "Usage:\n");
- 	fprintf (stderr, "  %s [-a|-c|-w|-W] [-d] [-r] [-i] [-v lvl] [-p pol] [-b fil] [-q] [dev]\n", progname);
-+	fprintf (stderr, "  %s [-a|-A|-c|-w|-W] [-d] [-r] [-i] [-v lvl] [-p pol] [-b fil] [-q] [dev]\n", progname);
- 	fprintf (stderr, "  %s -l|-ll|-f [-v lvl] [-b fil] [-R num] [dev]\n", progname);
- 	fprintf (stderr, "  %s -F [-v lvl] [-R num]\n", progname);
- 	fprintf (stderr, "  %s [-t|-T]\n", progname);
-@@ -147,6 +148,8 @@ usage (char * progname)
+@@ -139,6 +139,7 @@ usage (char * progname)
+ 	fprintf (stderr, "  %s [-v level] [-l|-ll] [device]\n", progname);
+ 	fprintf (stderr, "  %s [-v level] [-a|-w] device\n", progname);
+ 	fprintf (stderr, "  %s [-v level] -W\n", progname);
++        fprintf (stderr, "  %s [-v level] -A\n", progname);
+ 	fprintf (stderr, "  %s [-v level] [-i] [-c|-C] device\n", progname);
+ 	fprintf (stderr, "  %s [-v level] [-i] [-u|-U]\n", progname);
+ 	fprintf (stderr, "  %s [-h|-t|-T]\n", progname);
+@@ -151,6 +152,8 @@ usage (char * progname)
  		"  -f      flush a multipath device map\n"
  		"  -F      flush all multipath device maps\n"
  		"  -a      add a device wwid to the wwids file\n"
-+		"  -A      add devices from kernel command line mpath.wwids\n"
-+		"          parameters to wwids file\n"
++                "  -A      add devices from kernel command line mpath.wwids\n"
++                "          parameters to wwids file\n"
  		"  -c      check if a device should be a path in a multipath device\n"
  		"  -C      check if a multipath device has usable paths\n"
  		"  -q      allow queue_if_no_path when multipathd is not running\n"
-@@ -870,7 +873,7 @@ main (int argc, char *argv[])
+@@ -905,7 +908,7 @@ main (int argc, char *argv[])
  		exit(RTVL_FAIL);
  	multipath_conf = conf;
  	conf->retrigger_tries = 0;
@@ -121,17 +124,17 @@
  		switch(arg) {
  		case 1: printf("optarg : %s\n",optarg);
  			break;
-@@ -937,6 +940,10 @@ main (int argc, char *argv[])
- 		case 't':
- 			r = dump_config(conf, NULL, NULL) ? RTVL_FAIL : RTVL_OK;
- 			goto out_free_config;
+@@ -998,6 +1001,10 @@ main (int argc, char *argv[])
+ 		case 'R':
+ 			retries = atoi(optarg);
+ 			break;
 +		case 'A':
 +			if (remember_cmdline_wwid() != 0)
 +				exit(1);
 +			exit(0);
- 		case 'T':
- 			cmd = CMD_DUMP_CONFIG;
- 			break;
+ 		case ':':
+ 			fprintf(stderr, "Missing option argument\n");
+ 			usage(argv[0]);
 diff --git a/multipath/multipath.8 b/multipath/multipath.8
 index 9cdd05a..1e120f3 100644
 --- a/multipath/multipath.8
diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0027-RH-warn-on-invalid-regex-instead-of-failing.patch b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0027-RH-warn-on-invalid-regex-instead-of-failing.patch
index 95624ad..c59edbb 100644
--- a/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0027-RH-warn-on-invalid-regex-instead-of-failing.patch
+++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/files/0027-RH-warn-on-invalid-regex-instead-of-failing.patch
@@ -1,10 +1,7 @@
-From 56d65ecb1c6d814929f6ff3159ade09dc203cc83 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Mon, 26 Nov 2018 10:31:30 +0800
-Subject: [PATCH] From 0000000000000000000000000000000000000000 Mon Sep 17
- 00:00:00 2001 From: Benjamin Marzinski <bmarzins@redhat.com> Date: Mon, 6 Nov
- 2017 21:39:28 -0600 Subject: [PATCH] RH: warn on invalid regex instead of
- failing
+From 0000000000000000000000000000000000000000 Mon Sep 17
+00:00:00 2001 From: Benjamin Marzinski <bmarzins@redhat.com> Date: Mon, 6 Nov
+2017 21:39:28 -0600 Subject: [PATCH] RH: warn on invalid regex instead of
+failing
 
 multipath.conf used to allow "*" as a match everything regular expression,
 instead of requiring ".*". Instead of erroring when the old style
@@ -15,10 +12,9 @@
 
 Upstream-Status: Pending
 
-update this patch to new version
+update this patch to 0.8.2
 
 Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
 ---
  libmultipath/dict.c   | 29 ++++++++++++++++++++++-------
  libmultipath/parser.c | 13 +++++++++++++
@@ -26,7 +22,7 @@
  3 files changed, 36 insertions(+), 7 deletions(-)
 
 diff --git a/libmultipath/dict.c b/libmultipath/dict.c
-index eaad4f1..fb30577 100644
+index c6eba0f..05ed3d8 100644
 --- a/libmultipath/dict.c
 +++ b/libmultipath/dict.c
 @@ -59,6 +59,21 @@ set_str(vector strvec, void *ptr)
@@ -51,7 +47,7 @@
  set_yes_no(vector strvec, void *ptr)
  {
  	char * buff;
-@@ -1373,8 +1388,8 @@ ble_ ## option ## _handler (struct config *conf, vector strvec)		\
+@@ -1415,8 +1430,8 @@ ble_ ## option ## _handler (struct config *conf, vector strvec)		\
  									\
  	if (!conf->option)						\
  		return 1;						\
@@ -62,7 +58,7 @@
  	if (!buff)							\
  		return 1;						\
  									\
-@@ -1390,7 +1405,7 @@ ble_ ## option ## _ ## name ## _handler (struct config *conf, vector strvec) \
+@@ -1432,7 +1447,7 @@ ble_ ## option ## _ ## name ## _handler (struct config *conf, vector strvec) \
  	if (!conf->option)						\
  		return 1;						\
  									\
@@ -71,7 +67,7 @@
  	if (!buff)							\
  		return 1;						\
  									\
-@@ -1493,16 +1508,16 @@ device_handler(struct config *conf, vector strvec)
+@@ -1535,16 +1550,16 @@ device_handler(struct config *conf, vector strvec)
  	return 0;
  }
  
@@ -93,11 +89,11 @@
  
  declare_hw_handler(hwhandler, set_str)
 diff --git a/libmultipath/parser.c b/libmultipath/parser.c
-index 92ef7cf..0e2cf49 100644
+index e00c5ff..6ca5842 100644
 --- a/libmultipath/parser.c
 +++ b/libmultipath/parser.c
-@@ -384,6 +384,19 @@ set_value(vector strvec)
- 	return alloc;
+@@ -382,6 +382,19 @@ oom:
+ 	return NULL;
  }
  
 +void *
@@ -128,3 +124,6 @@
  extern int process_file(struct config *conf, char *conf_file);
  extern struct keyword * find_keyword(vector keywords, vector v, char * name);
  int snprint_keyword(char *buff, int len, char *fmt, struct keyword *kw,
+-- 
+2.7.4
+
diff --git a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.1.bb b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.2.bb
similarity index 98%
rename from meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.1.bb
rename to meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.2.bb
index 8d86e60..06e78c7 100644
--- a/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.1.bb
+++ b/meta-openembedded/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.2.bb
@@ -47,7 +47,7 @@
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
 
-SRCREV = "e23b5d7cf67a9c543e118f2f6b902594a02a804a"
+SRCREV = "8a7e9b6648898f2c2d2bbd2d22871f79612e716e"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-asn1crypto.inc b/meta-openembedded/meta-python/recipes-devtools/python/python-asn1crypto.inc
index e85ce9a..b18dbaf 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python-asn1crypto.inc
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python-asn1crypto.inc
@@ -2,12 +2,12 @@
 HOMEPAGE = "https://github.com/wbond/asn1crypto"
 SECTION = "devel/python"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=52010cd3c7d7bd965b55721ef4d93ec2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=7439e38f5e04ff62fae436184786b7ca"
 
 PYPI_PACKAGE = "asn1crypto"
 
-SRC_URI[md5sum] = "de3520426e81a6581352d4366f310eb1"
-SRC_URI[sha256sum] = "9d5c20441baf0cb60a4ac34cc447c6c189024b6b4c6cd7877034f4965c464e49"
+SRC_URI[md5sum] = "cf33950b47b5148e29f1d62a6b6c009b"
+SRC_URI[sha256sum] = "0b199f211ae690df3db4fd6c1c4ff976497fb1da689193e368eedbadc53d9292"
 
 inherit pypi
 
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-asn1crypto_0.24.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python-asn1crypto_1.0.1.bb
similarity index 100%
rename from meta-openembedded/meta-python/recipes-devtools/python/python-asn1crypto_0.24.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python-asn1crypto_1.0.1.bb
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-attrs.inc b/meta-openembedded/meta-python/recipes-devtools/python/python-attrs.inc
index bd0f7ee..13c9e5f 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python-attrs.inc
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python-attrs.inc
@@ -3,8 +3,8 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=d4ab25949a73fe7d4fdee93bcbdbf8ff"
 
-SRC_URI[sha256sum] = "f0b870f674851ecbfbbbd364d6b5cbdff9dcedbc7f3f5e18a6891057f21fe399"
-SRC_URI[md5sum] = "2be7bce157988928f5ff2bb50a0b510d"
+SRC_URI[sha256sum] = "f913492e1663d3c36f502e5e9ba6cd13cf19d7fab50aa13239e420fef95e1396"
+SRC_URI[md5sum] = "d5a6ee80beaa072bd2b3bcb6fee0d508"
 
 inherit pypi
 
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-attrs_19.1.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python-attrs_19.2.0.bb
similarity index 100%
rename from meta-openembedded/meta-python/recipes-devtools/python/python-attrs_19.1.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python-attrs_19.2.0.bb
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-beautifulsoup4.inc b/meta-openembedded/meta-python/recipes-devtools/python/python-beautifulsoup4.inc
index a7fa081..acf52dd 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python-beautifulsoup4.inc
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python-beautifulsoup4.inc
@@ -3,8 +3,8 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING.txt;md5=f2d38d8a40bf73fd4b3d16ca2e5882d1"
 
-SRC_URI[md5sum] = "2b34208b26b5c49d4c84a4b9cf78656a"
-SRC_URI[sha256sum] = "25288c9e176f354bf277c0a10aa96c782a6a18a17122dba2e8cec4a97e03343b"
+SRC_URI[md5sum] = "be03d778cf61cf6734a480e2010d6657"
+SRC_URI[sha256sum] = "6135db2ba678168c07950f9a16c4031822c6f4aec75a65e0a97bc5ca09789931"
 
 inherit pypi
 
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-beautifulsoup4_4.8.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python-beautifulsoup4_4.8.1.bb
similarity index 100%
rename from meta-openembedded/meta-python/recipes-devtools/python/python-beautifulsoup4_4.8.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python-beautifulsoup4_4.8.1.bb
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-cmd2.inc b/meta-openembedded/meta-python/recipes-devtools/python/python-cmd2.inc
index 3afa93a..7782b14 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python-cmd2.inc
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python-cmd2.inc
@@ -3,8 +3,8 @@
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=01aeabea7ae1529a8e4b674b7107d6bc"
 
-SRC_URI[md5sum] = "c030c7364422609d16028fe1ea023bfe"
-SRC_URI[sha256sum] = "77bea602eb3b553a573188fa9514234bb1e44269d830a0ef8c4357f47aa9e46a"
+SRC_URI[md5sum] = "f7a51dc68ad377ebc6a84408044dc1a2"
+SRC_URI[sha256sum] = "840cdbf50e83761fea69ca5beadcba7569ab03734e3ee42b0dbf7f6f90e1213d"
 
 inherit pypi
 
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-cmd2_0.9.17.bb b/meta-openembedded/meta-python/recipes-devtools/python/python-cmd2_0.9.18.bb
similarity index 100%
rename from meta-openembedded/meta-python/recipes-devtools/python/python-cmd2_0.9.17.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python-cmd2_0.9.18.bb
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-jinja2.inc b/meta-openembedded/meta-python/recipes-devtools/python/python-jinja2.inc
index aee7bd3..6a6aad9 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python-jinja2.inc
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python-jinja2.inc
@@ -1,11 +1,11 @@
 DESCRIPTION = "Python Jinja2: A small but fast and easy to use stand-alone template engine written in pure python."
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=20c831f91dd3bd486020f672ba2be386"
+LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
 
 PYPI_PACKAGE = "Jinja2"
 
-SRC_URI[md5sum] = "0ae535be40fd215a8114a090c8b68e5a"
-SRC_URI[sha256sum] = "065c4f02ebe7f7cf559e49ee5a95fb800a9e4528727aec6f24402a5374c65013"
+SRC_URI[md5sum] = "7883559bc5cc3e2781d94b4be61cfdcd"
+SRC_URI[sha256sum] = "9fe95f19286cfefaa917656583d020be14e7859c6b0252588391e47db34527de"
 
 RDEPENDS_${PN} += "${PYTHON_PN}-io ${PYTHON_PN}-pickle ${PYTHON_PN}-crypt \
     ${PYTHON_PN}-math ${PYTHON_PN}-netclient \
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-jinja2_2.10.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python-jinja2_2.10.3.bb
similarity index 100%
rename from meta-openembedded/meta-python/recipes-devtools/python/python-jinja2_2.10.1.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python-jinja2_2.10.3.bb
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-waitress.inc b/meta-openembedded/meta-python/recipes-devtools/python/python-waitress.inc
new file mode 100644
index 0000000..732c31d
--- /dev/null
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python-waitress.inc
@@ -0,0 +1,10 @@
+SUMMARY = "A WSGI server for Python"
+DESCRIPTION = "Waitress is meant to be a production-quality pure-Python WSGI \
+    server with very acceptable performance."
+HOMEPAGE = "https://github.com/Pylons/waitress"
+SECTION = "devel/python"
+LICENSE = "ZPL-2.1"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=78ccb3640dc841e1baecb3e27a6966b2"
+
+SRC_URI[md5sum] = "d9132d313de0c5e0fec34ef9ede5442e"
+SRC_URI[sha256sum] = "278e09d6849acc1365404bbf7d790d0423b159802e850c726e8cd0a126a2dac7"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python-waitress_1.3.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python-waitress_1.3.1.bb
new file mode 100644
index 0000000..26a628e
--- /dev/null
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python-waitress_1.3.1.bb
@@ -0,0 +1,2 @@
+inherit setuptools pypi
+require python-waitress.inc
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-asn1crypto_0.24.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-asn1crypto_1.0.1.bb
similarity index 100%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-asn1crypto_0.24.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-asn1crypto_1.0.1.bb
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-attrs_19.1.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-attrs_19.2.0.bb
similarity index 100%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-attrs_19.1.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-attrs_19.2.0.bb
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-beautifulsoup4_4.8.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-beautifulsoup4_4.8.1.bb
similarity index 100%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-beautifulsoup4_4.8.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-beautifulsoup4_4.8.1.bb
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-cmd2_0.9.17.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-cmd2_0.9.18.bb
similarity index 100%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-cmd2_0.9.17.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-cmd2_0.9.18.bb
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-jinja2_2.10.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-jinja2_2.10.3.bb
similarity index 100%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-jinja2_2.10.1.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-jinja2_2.10.3.bb
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-waitress_1.3.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-waitress_1.3.1.bb
new file mode 100644
index 0000000..83c8b66
--- /dev/null
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-waitress_1.3.1.bb
@@ -0,0 +1,2 @@
+inherit setuptools3 pypi
+require python-waitress.inc
diff --git a/meta-openembedded/meta-xfce/recipes-apps/catfish/catfish_1.4.9.bb b/meta-openembedded/meta-xfce/recipes-apps/catfish/catfish_1.4.10.bb
similarity index 72%
rename from meta-openembedded/meta-xfce/recipes-apps/catfish/catfish_1.4.9.bb
rename to meta-openembedded/meta-xfce/recipes-apps/catfish/catfish_1.4.10.bb
index eec525b..602368b 100644
--- a/meta-openembedded/meta-xfce/recipes-apps/catfish/catfish_1.4.9.bb
+++ b/meta-openembedded/meta-xfce/recipes-apps/catfish/catfish_1.4.10.bb
@@ -9,8 +9,8 @@
 
 B = "${S}"
 
-SRC_URI[md5sum] = "829824fba33e86d03345bbc718e7b2d9"
-SRC_URI[sha256sum] = "29a39b85804336e4819dceff203693a5904b7e11d7e024b49b5aab2649ed944e"
+SRC_URI[md5sum] = "1b8e7bfd955364b7912fb0a248329b3a"
+SRC_URI[sha256sum] = "2573a004105031f871c92fed22a0c4b15bb96f2dff6e36c4f2959f56b62e343d"
 
 FILES_${PN} += "${datadir}/metainfo"
 
diff --git a/meta-openembedded/meta-xfce/recipes-xfce/xfce4-panel/files/0001-use-lxdm-to-replace-dm-tool.patch b/meta-openembedded/meta-xfce/recipes-xfce/xfce4-panel/files/0002-use-lxdm-to-replace-dm-tool.patch
similarity index 100%
rename from meta-openembedded/meta-xfce/recipes-xfce/xfce4-panel/files/0001-use-lxdm-to-replace-dm-tool.patch
rename to meta-openembedded/meta-xfce/recipes-xfce/xfce4-panel/files/0002-use-lxdm-to-replace-dm-tool.patch
diff --git a/meta-openembedded/meta-xfce/recipes-xfce/xfce4-panel/xfce4-panel_4.14.0.bb b/meta-openembedded/meta-xfce/recipes-xfce/xfce4-panel/xfce4-panel_4.14.1.bb
similarity index 87%
rename from meta-openembedded/meta-xfce/recipes-xfce/xfce4-panel/xfce4-panel_4.14.0.bb
rename to meta-openembedded/meta-xfce/recipes-xfce/xfce4-panel/xfce4-panel_4.14.1.bb
index 749c3fe..a1b571e 100644
--- a/meta-openembedded/meta-xfce/recipes-xfce/xfce4-panel/xfce4-panel_4.14.0.bb
+++ b/meta-openembedded/meta-xfce/recipes-xfce/xfce4-panel/xfce4-panel_4.14.1.bb
@@ -8,11 +8,11 @@
 
 REQUIRED_DISTRO_FEATURES = "x11"
 
-SRC_URI[md5sum] = "940e8b430e28093a2e56e390055bcd51"
-SRC_URI[sha256sum] = "d5f8f3bd7e142139987e5e62cda26135a424baabb5e47aa0c23b4169d0a66ef4"
+SRC_URI[md5sum] = "3323588f1c18f04891e013243da1e355"
+SRC_URI[sha256sum] = "9c3c78b49ddfac7d42a804e6a6ad9d22ad64ec60bbe17d8724bc52d3e3f6d114"
 SRC_URI += " \
     file://0001-windowmenu-do-not-display-desktop-icon-when-no-windo.patch \
-    file://0001-use-lxdm-to-replace-dm-tool.patch \
+    file://0002-use-lxdm-to-replace-dm-tool.patch \
 "
 
 python populate_packages_prepend() {