reset upstream subtrees to HEAD

Reset the following subtrees on HEAD:
  poky: 8217b477a1(master)
  meta-xilinx: 64aa3d35ae(master)
  meta-openembedded: 0435c9e193(master)
  meta-raspberrypi: 490a4441ac(master)
  meta-security: cb6d1c85ee(master)

Squashed patches:
  meta-phosphor: drop systemd 239 patches
  meta-phosphor: mrw-api: use correct install path

Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch
index b12690b..13510cd 100644
--- a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch
+++ b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0005-Disable-new-gcc8-warnings.patch
@@ -1,4 +1,4 @@
-From d65e48b68076d5b304e6d865967003ae1fea0e6c Mon Sep 17 00:00:00 2001
+From f82f8faf9942f51e9c3c773b56574652695bef5a Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Wed, 9 May 2018 21:45:38 -0700
 Subject: [PATCH] Disable new gcc8 warnings
@@ -7,17 +7,17 @@
 already in place
 
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
 ---
-Upstream-Status: Submitted [https://github.com/collectd/collectd/pull/2768]
  src/libcollectdclient/network_parse.c | 7 +++++++
  src/write_sensu.c                     | 7 +++++++
  2 files changed, 14 insertions(+)
 
 diff --git a/src/libcollectdclient/network_parse.c b/src/libcollectdclient/network_parse.c
-index 2365ab0a..79e6ed96 100644
+index aa753ce..fef43a9 100644
 --- a/src/libcollectdclient/network_parse.c
 +++ b/src/libcollectdclient/network_parse.c
-@@ -163,6 +163,11 @@ static int parse_int(void *payload, size_t payload_size, uint64_t *out) {
+@@ -148,6 +148,11 @@ static int parse_int(void *payload, size_t payload_size, uint64_t *out) {
    return 0;
  }
  
@@ -29,7 +29,7 @@
  static int parse_string(void *payload, size_t payload_size, char *out,
                          size_t out_size) {
    char *in = payload;
-@@ -175,6 +180,8 @@ static int parse_string(void *payload, size_t payload_size, char *out,
+@@ -160,6 +165,8 @@ static int parse_string(void *payload, size_t payload_size, char *out,
    return 0;
  }
  
@@ -39,22 +39,22 @@
                              lcc_value_list_t *state) {
    char buf[LCC_NAME_LEN];
 diff --git a/src/write_sensu.c b/src/write_sensu.c
-index ce23e654..63e1f599 100644
+index bd7a56d..6cb59d5 100644
 --- a/src/write_sensu.c
 +++ b/src/write_sensu.c
-@@ -569,6 +569,11 @@ static char *sensu_value_to_json(struct sensu_host const *host, /* {{{ */
+@@ -570,6 +570,11 @@ static char *sensu_value_to_json(struct sensu_host const *host, /* {{{ */
    return ret_str;
  } /* }}} char *sensu_value_to_json */
  
 +#pragma GCC diagnostic push
-+#if __GNUC__ == 8
++#if __GNUC__ > 7
 +#pragma GCC diagnostic ignored "-Wstringop-overflow"
 +#pragma GCC diagnostic ignored "-Wstringop-truncation"
 +#endif
  /*
   * Uses replace_str2() implementation from
   * http://creativeandcritical.net/str-replace-c/
-@@ -631,6 +636,8 @@ static char *replace_str(const char *str, const char *old, /* {{{ */
+@@ -632,6 +637,8 @@ static char *replace_str(const char *str, const char *old, /* {{{ */
    return ret;
  } /* }}} char *replace_str */
  
diff --git a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0006-libcollectdclient-Fix-string-overflow-errors.patch b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0006-libcollectdclient-Fix-string-overflow-errors.patch
new file mode 100644
index 0000000..3ed652f
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd/0006-libcollectdclient-Fix-string-overflow-errors.patch
@@ -0,0 +1,31 @@
+From 98719ea7f717750c790a1f9384ea8d0117e7f52d Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 17 Dec 2018 18:15:05 -0800
+Subject: [PATCH] libcollectdclient: Fix string overflow errors
+
+Ensure that string has a space for ending null char
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/libcollectdclient/network_parse.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/libcollectdclient/network_parse.c b/src/libcollectdclient/network_parse.c
+index fef43a9..6d65266 100644
+--- a/src/libcollectdclient/network_parse.c
++++ b/src/libcollectdclient/network_parse.c
+@@ -169,9 +169,9 @@ static int parse_string(void *payload, size_t payload_size, char *out,
+ 
+ static int parse_identifier(uint16_t type, void *payload, size_t payload_size,
+                             lcc_value_list_t *state) {
+-  char buf[LCC_NAME_LEN];
+-
+-  if (parse_string(payload, payload_size, buf, sizeof(buf)) != 0)
++  char buf[LCC_NAME_LEN+1];
++  buf[LCC_NAME_LEN] = '\0';
++  if (parse_string(payload, payload_size, buf, LCC_NAME_LEN) != 0)
+     return EINVAL;
+ 
+   switch (type) {
diff --git a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.0.bb b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.1.bb
similarity index 94%
rename from meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.0.bb
rename to meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.1.bb
index df9fa23..6dff18c 100644
--- a/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.0.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/collectd/collectd_5.8.1.bb
@@ -13,9 +13,10 @@
            file://0001-fix-to-build-with-glibc-2.25.patch \
            file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch \
            file://0005-Disable-new-gcc8-warnings.patch \
+           file://0006-libcollectdclient-Fix-string-overflow-errors.patch \
            "
-SRC_URI[md5sum] = "a841159323624f18bf03198e9f5aa364"
-SRC_URI[sha256sum] = "b06ff476bbf05533cb97ae6749262cc3c76c9969f032bd8496690084ddeb15c9"
+SRC_URI[md5sum] = "bfce96c42cede5243028510bcc57c1e6"
+SRC_URI[sha256sum] = "e796fda27ce06377f491ad91aa286962a68c2b54076aa77a29673d53204453da"
 
 inherit autotools pythonnative update-rc.d pkgconfig systemd
 
diff --git a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch
index 36fd57c..020ac2c 100644
--- a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch
+++ b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged/haveged-init.d-Makefile.am-add-missing-dependency.patch
@@ -3,13 +3,14 @@
 Date: Tue, 27 Mar 2018 10:21:09 +0800
 Subject: [PATCH] init.d/Makefile.am: add missing dependency
 
-install-data-hook should epend on install-exec-hook, or the
+install-data-hook should depend on install-exec-hook, or the
 haveged.service might be installed incorrectly when build
 with -j option.
 
-Upstream-Status: Inappropriate [no upstream mailing list]
+Upstream-Status: Submitted [https://github.com/jirka-h/haveged/pull/13]
 
 Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+Signed-off-by: Khem Raj raj.khem@gmail.com
 ---
  init.d/Makefile.am | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
@@ -21,12 +22,11 @@
 @@ -33,7 +33,7 @@ if ENABLE_SYSTEMD
  install-exec-hook:
  	$(do_subst) < $(srcdir)/$(src_tmpl) > haveged.service;
- 
+
 -install-data-hook:
 +install-data-hook: install-exec-hook
  if ENABLE_SYSTEMD_LOOKUP
  	install -p -D -m644 haveged.service $(DESTDIR)`pkg-config --variable=systemdsystemunitdir systemd`/haveged.service;
  else
--- 
+--
 2.11.0
-
diff --git a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.2.bb b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.4.bb
similarity index 83%
rename from meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.2.bb
rename to meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.4.bb
index bf13673..32aab59 100644
--- a/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.2.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/haveged/haveged_1.9.4.bb
@@ -5,14 +5,14 @@
 LICENSE = "GPLv3"
 LIC_FILES_CHKSUM="file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
-SRC_URI = "http://www.issihosts.com/haveged/haveged-${PV}.tar.gz \
+# v1.9.4
+SRCREV = "faa40ff345af194d3253f5fb030403e3c9831c36"
+SRC_URI = "git://github.com/jirka-h/haveged.git \
            file://haveged-init.d-Makefile.am-add-missing-dependency.patch \
 "
+S = "${WORKDIR}/git"
 
-SRC_URI[md5sum] = "fb1d8b3dcbb9d06b30eccd8aa500fd31"
-SRC_URI[sha256sum] = "f77d9adbdf421b61601fa29faa9ce3b479d910f73c66b9e364ba8642ccbfbe70"
-
-UPSTREAM_CHECK_URI = "http://www.issihosts.com/haveged/downloads.html"
+UPSTREAM_CHECK_URI = "https://github.com/jirka-h/haveged/releases"
 
 inherit autotools update-rc.d systemd
 
diff --git a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.11.bb b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.11.bb
deleted file mode 100644
index 370fa22..0000000
--- a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.11.bb
+++ /dev/null
@@ -1,12 +0,0 @@
-SUMMARY = "Jansson is a C library for encoding, decoding and manipulating JSON data"
-HOMEPAGE = "http://www.digip.org/jansson/"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=8b70213ec164c7bd876ec2120ba52f61"
-
-SRC_URI = "http://www.digip.org/jansson/releases/${BPN}-${PV}.tar.gz"
-
-SRC_URI[md5sum] = "7af071db9970441e1eaaf25662310e33"
-SRC_URI[sha256sum] = "6e85f42dabe49a7831dbdd6d30dca8a966956b51a9a50ed534b82afc3fa5b2f4"
-
-inherit autotools pkgconfig
-
diff --git a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.12.bb b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.12.bb
new file mode 100644
index 0000000..3cc353e
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.12.bb
@@ -0,0 +1,13 @@
+SUMMARY = "Jansson is a C library for encoding, decoding and manipulating JSON data"
+HOMEPAGE = "http://www.digip.org/jansson/"
+BUGTRACKER = "https://github.com/akheron/jansson/issues"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=fc2548c0eb83800f29330040e18b5a05"
+
+SRC_URI = "http://www.digip.org/jansson/releases/${BPN}-${PV}.tar.gz"
+
+SRC_URI[md5sum] = "0ed1f3a924604aae68067c214b0010ef"
+SRC_URI[sha256sum] = "5f8dec765048efac5d919aded51b26a32a05397ea207aa769ff6b53c7027d2c9"
+
+inherit autotools pkgconfig
+
diff --git a/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb b/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb
index 93a09f2..1354997 100644
--- a/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/lcdproc/lcdproc_git.bb
@@ -19,9 +19,10 @@
 
 inherit autotools pkgconfig update-rc.d
 
-COMPATIBLE_HOST_arm_libc-musl = "null"
-
 LCD_DRIVERS ?= "all,!irman,!svga"
+LCD_DRIVERS_append_aarch64 = ",!serialVFD"
+LCD_DRIVERS_append_arm = ",!serialVFD"
+
 LCD_DEFAULT_DRIVER ?= "curses"
 
 PACKAGECONFIG ??= "usb"
diff --git a/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.18.bb b/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.20.bb
similarity index 92%
rename from meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.18.bb
rename to meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.20.bb
index 35f0cc0..54a188d 100644
--- a/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.18.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/libblockdev/libblockdev_2.20.bb
@@ -10,7 +10,7 @@
 
 inherit autotools python3native gobject-introspection
 
-SRCREV = "0debeb45562ac3d8f6f43f6f942b238abab55be9"
+SRCREV = "cb308566c3c5222b8422f78997a1742713b265a9"
 SRC_URI = " \
     git://github.com/rhinstaller/libblockdev;branch=master \
 "
@@ -19,7 +19,7 @@
 
 FILES_${PN} += "${PYTHON_SITEPACKAGES_DIR}"
 
-PACKAGECONFIG ??= "python3 lvm dm kmod parted fs escrow btrfs crypto mdraid kbd mpath"
+PACKAGECONFIG ??= "python3 lvm dm kmod parted fs escrow btrfs crypto mdraid kbd mpath nvdimm"
 PACKAGECONFIG[python3] = "--with-python3, --without-python3,,python3"
 PACKAGECONFIG[python2] = "--with-python2, --without-python2,,python2"
 PACKAGECONFIG[lvm] = "--with-lvm, --without-lvm, multipath-tools, lvm2"
@@ -30,7 +30,7 @@
 PACKAGECONFIG[parted] = "--with-part, --without-part, parted"
 PACKAGECONFIG[fs] = "--with-fs, --without-fs, util-linux"
 PACKAGECONFIG[doc] = "--with-gtk-doc, --without-gtk-doc, gtk-doc-native"
-PACKAGECONFIG[nvdimm] = "--with-nvdimm, --without-nvdimm"
+PACKAGECONFIG[nvdimm] = "--with-nvdimm, --without-nvdimm, ndctl util-linux"
 PACKAGECONFIG[vdo] = "--with-vdo, --without-vdo"
 PACKAGECONFIG[escrow] = "--with-escrow, --without-escrow, nss volume-key"
 PACKAGECONFIG[btrfs] = "--with-btrfs,--without-btrfs,libbytesize btrfs-tools"
diff --git a/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.5.bb b/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.7.bb
similarity index 96%
rename from meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.5.bb
rename to meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.7.bb
index 542956c..da22836 100644
--- a/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.5.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/libreport/libreport_2.9.7.bb
@@ -17,7 +17,7 @@
             file://0003-without-build-plugins.patch \
             file://0004-configure.ac-remove-prog-test-of-augparse.patch \
 "
-SRCREV = "15f92bcaf73e5eb8958fbde655a57dcd111757a7"
+SRCREV = "1d5cc00e44af4800fcae9761625dd4230681e82a"
 
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
 
diff --git a/meta-openembedded/meta-oe/recipes-extended/libserialport/libserialport_0.1.1.bb b/meta-openembedded/meta-oe/recipes-extended/libserialport/libserialport_0.1.1.bb
new file mode 100644
index 0000000..192d4bc
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/libserialport/libserialport_0.1.1.bb
@@ -0,0 +1,12 @@
+DESCRIPTION = "libserialport is a minimal, cross-platform shared library written in C that is intended to take care of the OS-specific details when writing software that uses serial ports."
+HOMEPAGE = "https://sigrok.org/wiki/Libserialport"
+
+LICENSE = "LGPL-3.0+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=e6a600fd5e1d9cbde2d983680233ad02"
+
+inherit autotools
+
+SRC_URI = "http://sigrok.org/download/source/libserialport/libserialport-${PV}.tar.gz"
+
+SRC_URI[md5sum] = "b93f0325a6157198152b5bd7e8182b51"
+SRC_URI[sha256sum] = "4a2af9d9c3ff488e92fb75b4ba38b35bcf9b8a66df04773eba2a7bbf1fa7529d"
diff --git a/meta-openembedded/meta-oe/recipes-extended/libzip/libzip_1.5.1.bb b/meta-openembedded/meta-oe/recipes-extended/libzip/libzip_1.5.1.bb
new file mode 100644
index 0000000..ce73700
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/libzip/libzip_1.5.1.bb
@@ -0,0 +1,18 @@
+DESCRIPTION = "libzip is a C library for reading, creating, and modifying zip archives."
+HOMEPAGE = "https://libzip.org/"
+
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=01f8b1b8da6403739094396e15b1e722"
+
+DEPENDS = "zlib bzip2"
+
+PACKAGECONFIG[ssl] = "-DENABLE_OPENSSL=ON,-DENABLE_OPENSSL=OFF,openssl"
+
+PACKAGECONFIG ?= "ssl"
+
+inherit cmake
+
+SRC_URI = "https://libzip.org/download/libzip-${PV}.tar.xz"
+
+SRC_URI[md5sum] = "6fe665aa6d6bf3a99eb6fa9c553283fd"
+SRC_URI[sha256sum] = "04ea35b6956c7b3453f1ed3f3fe40e3ddae1f43931089124579e8384e79ed372"
diff --git a/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb b/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb
index aea539e..275a8f2 100644
--- a/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/logwatch/logwatch_7.4.3.bb
@@ -20,9 +20,9 @@
     install -m 0755 -d ${D}${datadir}/logwatch/dist.conf/logfiles
     install -m 0755 -d ${D}${datadir}/logwatch/dist.conf/services
     install -m 0755 -d ${D}${localstatedir}/cache/logwatch
-    mv conf/ ${D}${datadir}/logwatch/default.conf
-    mv scripts/ ${D}${datadir}/logwatch/scripts
-    mv lib ${D}${datadir}/logwatch/lib
+    cp -r -f conf/ ${D}${datadir}/logwatch/default.conf
+    cp -r -f scripts/ ${D}${datadir}/logwatch/scripts
+    cp -r -f lib ${D}${datadir}/logwatch/lib
     chown -R root:root ${D}${datadir}/logwatch
 
     install -m 0755 -d ${D}${mandir}/man1
diff --git a/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs/format-overflow.patch b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs/format-overflow.patch
new file mode 100644
index 0000000..29c6a7b
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs/format-overflow.patch
@@ -0,0 +1,21 @@
+Drop enable format string warnings to help gcc9
+
+Fixes
+| /mnt/a/yoe/build/tmp/work/core2-64-yoe-linux-musl/mozjs/52.9.1-r0/mozjs-52.9.1/js/src/jit/x64/BaseAssembler-x64.h:596:13: error: '%s' directive argument is null [-Werror=format-overflow=]
+|   596 |         spew("movq       " MEM_obs ", %s", ADDR_obs(offset, base, index, scale), GPReg64Name(dst));
+|       |         ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Upstream-Status: Inappropriate [Workaround for gcc9]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+--- a/js/src/moz.build
++++ b/js/src/moz.build
+@@ -785,7 +785,7 @@ if CONFIG['JS_HAS_CTYPES']:
+         DEFINES['FFI_BUILDING'] = True
+ 
+ if CONFIG['GNU_CXX']:
+-    CXXFLAGS += ['-Wno-shadow', '-Werror=format']
++    CXXFLAGS += ['-Wno-shadow']
+ 
+ # Suppress warnings in third-party code.
+ if CONFIG['CLANG_CXX']:
diff --git a/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb
index 7c8a7ae..92d1572 100644
--- a/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/mozjs/mozjs_52.9.1.bb
@@ -14,6 +14,7 @@
            file://disable-mozglue-in-stand-alone-builds.patch \
            file://add-riscv-support.patch \
            file://0001-mozjs-fix-coredump-caused-by-getenv.patch \
+           file://format-overflow.patch \
            file://JS_PUBLIC_API.patch \
            "
 SRC_URI_append_libc-musl = " \
@@ -44,7 +45,7 @@
     --host=${BUILD_SYS} \
     --prefix=${prefix} \
     --libdir=${libdir} \
-    --disable-tests \
+    --disable-tests --disable-strip --disable-optimize \
     --with-nspr-libs='-lplds4 -lplc4 -lnspr4' \
     ${@bb.utils.contains('DISTRO_FEATURES', 'ld-is-gold', "--enable-gold", '--disable-gold', d)} \
 "
@@ -52,9 +53,15 @@
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}"
 PACKAGECONFIG[x11] = "--x-includes=${STAGING_INCDIR} --x-libraries=${STAGING_LIBDIR},--x-includes=no --x-libraries=no,virtual/libx11"
 
-EXTRA_OEMAKE_task-compile += "OS_LDFLAGS='-Wl,-latomic ${LDFLAGS}'"
+EXTRA_OEMAKE_task-compile += "BUILD_OPT=1 OS_LDFLAGS='-Wl,-latomic ${LDFLAGS}'"
 EXTRA_OEMAKE_task-install += "STATIC_LIBRARY_NAME=js_static"
 
+export HOST_CC = "${BUILD_CC}"
+export HOST_CXX = "${BUILD_CXX}"
+export HOST_CFLAGS = "${BUILD_CFLAGS}"
+export HOST_CPPFLAGS = "${BUILD_CPPFLAGS}"
+export HOST_CXXFLAGS = "${BUILD_CXXFLAGS}"
+
 do_configure() {
     export SHELL="/bin/sh"
     export TMP="${B}"
diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch
new file mode 100644
index 0000000..4dcd108
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch
@@ -0,0 +1,42 @@
+From f2c37fab5dbaffa06c1268ee1309596306c9a4df Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 20 Nov 2018 12:23:47 -0800
+Subject: [PATCH] Adjust for CURLE_SSL_CACERT deprecation in curl >= 7.62
+
+Use CURLE_PEER_FAILED_VERIFICATION instead
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ src/lib/wsman-curl-client-transport.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
+index d0a3829b..92727f4f 100644
+--- a/src/lib/wsman-curl-client-transport.c
++++ b/src/lib/wsman-curl-client-transport.c
+@@ -186,16 +186,23 @@ convert_to_last_error(CURLcode r)
+ 		return WS_LASTERR_SSL_CONNECT_ERROR;
+         case CURLE_BAD_FUNCTION_ARGUMENT:
+                 return WS_LASTERR_CURL_BAD_FUNCTION_ARG;
++#if LIBCURL_VERSION_NUM < 0x073E00
+ 	case CURLE_SSL_PEER_CERTIFICATE:
+ 		return WS_LASTERR_SSL_PEER_CERTIFICATE;
++#endif
+ 	case CURLE_SSL_ENGINE_NOTFOUND:
+ 		return WS_LASTERR_SSL_ENGINE_NOTFOUND;
+ 	case CURLE_SSL_ENGINE_SETFAILED:
+ 		return WS_LASTERR_SSL_ENGINE_SETFAILED;
+ 	case CURLE_SSL_CERTPROBLEM:
+ 		return WS_LASTERR_SSL_CERTPROBLEM;
++#if LIBCURL_VERSION_NUM < 0x073E00
+ 	case CURLE_SSL_CACERT:
+ 		return WS_LASTERR_SSL_CACERT;
++#else
++	case CURLE_PEER_FAILED_VERIFICATION:
++		return WS_LASTERR_SSL_PEER_CERTIFICATE;
++#endif
+ #if LIBCURL_VERSION_NUM > 0x70C01
+ 	case CURLE_SSL_ENGINE_INITFAILED:
+ 		return WS_LASTERR_SSL_ENGINE_INITFAILED;
diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch
deleted file mode 100644
index 49afa56..0000000
--- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-Port-to-OpenSSL-1.1.0.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-From f78643d2388dd0697f83f17880403253a0596d83 Mon Sep 17 00:00:00 2001
-From: Vitezslav Crhonek <vcrhonek@redhat.com>
-Date: Wed, 5 Sep 2018 11:23:46 -0700
-Subject: [PATCH 1/2] Port to OpenSSL 1.1.0
-
-Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- src/lib/wsman-curl-client-transport.c |  6 +++-
- src/server/shttpd/io_ssl.c            | 17 ----------
- src/server/shttpd/shttpd.c            | 20 ++++--------
- src/server/shttpd/ssl.h               | 46 ---------------------------
- 4 files changed, 12 insertions(+), 77 deletions(-)
-
-diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
-index cd7f517a..e64ad097 100644
---- a/src/lib/wsman-curl-client-transport.c
-+++ b/src/lib/wsman-curl-client-transport.c
-@@ -241,12 +241,16 @@ write_handler( void *ptr, size_t size, size_t nmemb, void *data)
- static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
- {
- 	unsigned char *thumbprint = (unsigned char *)arg;
--	X509 *cert = ctx->cert;
- 	EVP_MD                                  *tempDigest;
- 
- 	unsigned char   tempFingerprint[EVP_MAX_MD_SIZE];
- 	unsigned int      tempFingerprintLen;
- 	tempDigest = (EVP_MD*)EVP_sha1( );
-+
-+	X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
-+	if(!cert)
-+		return 0;
-+
- 	if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
- 		return 0;
- 	if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
-diff --git a/src/server/shttpd/io_ssl.c b/src/server/shttpd/io_ssl.c
-index 6de0db2a..7ac669e4 100644
---- a/src/server/shttpd/io_ssl.c
-+++ b/src/server/shttpd/io_ssl.c
-@@ -11,23 +11,6 @@
- #include "defs.h"
- 
- #if !defined(NO_SSL)
--struct ssl_func	ssl_sw[] = {
--	{"SSL_free",			{0}},
--	{"SSL_accept",			{0}},
--	{"SSL_connect",			{0}},
--	{"SSL_read",			{0}},
--	{"SSL_write",			{0}},
--	{"SSL_get_error",		{0}},
--	{"SSL_set_fd",			{0}},
--	{"SSL_new",			{0}},
--	{"SSL_CTX_new",			{0}},
--	{"SSLv23_server_method",	{0}},
--	{"SSL_library_init",		{0}},
--	{"SSL_CTX_use_PrivateKey_file",	{0}},
--	{"SSL_CTX_use_certificate_file",{0}},
--	{NULL,				{0}}
--};
--
- void
- _shttpd_ssl_handshake(struct stream *stream)
- {
-diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
-index 5876392e..4c1dbf32 100644
---- a/src/server/shttpd/shttpd.c
-+++ b/src/server/shttpd/shttpd.c
-@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
- 	int		retval = FALSE;
- 	EC_KEY*		key;
- 
--	/* Load SSL library dynamically */
--	if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
--		_shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB);
--		return (FALSE);
--	}
--
--	for (fp = ssl_sw; fp->name != NULL; fp++)
--		if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
--			_shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name);
--			return (FALSE);
--		}
--
- 	/* Initialize SSL crap */
-+	debug("Initialize SSL");
-+	SSL_load_error_strings();
-+	#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	SSL_library_init();
-+	#else
-+	OPENSSL_init_ssl(0, NULL);
-+	#endif
- 
- 	if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
- 		_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
-@@ -1532,7 +1526,7 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
- 			if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
- 				//_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
- 				debug("SSL: disable %s protocol", protocols[idx].name);
--				SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
-+				SSL_CTX_set_options(CTX, protocols[idx].opt);
- 				break;
- 			}
- 		}
-diff --git a/src/server/shttpd/ssl.h b/src/server/shttpd/ssl.h
-index a863f2c7..8dad0109 100644
---- a/src/server/shttpd/ssl.h
-+++ b/src/server/shttpd/ssl.h
-@@ -12,50 +12,4 @@
- 
- #include <openssl/ssl.h>
- 
--#else
--
--/*
-- * Snatched from OpenSSL includes. I put the prototypes here to be independent
-- * from the OpenSSL source installation. Having this, shttpd + SSL can be
-- * built on any system with binary SSL libraries installed.
-- */
--
--typedef struct ssl_st SSL;
--typedef struct ssl_method_st SSL_METHOD;
--typedef struct ssl_ctx_st SSL_CTX;
--
--#define	SSL_ERROR_WANT_READ	2
--#define	SSL_ERROR_WANT_WRITE	3
--#define	SSL_ERROR_SYSCALL	5
--#define	SSL_FILETYPE_PEM	1
--
- #endif
--
--/*
-- * Dynamically loaded SSL functionality
-- */
--struct ssl_func {
--	const char	*name;		/* SSL function name	*/
--	union variant	ptr;		/* Function pointer	*/
--};
--
--extern struct ssl_func	ssl_sw[];
--
--#define	FUNC(x)	ssl_sw[x].ptr.v_func
--
--#define	SSL_free(x)	(* (void (*)(SSL *)) FUNC(0))(x)
--#define	SSL_accept(x)	(* (int (*)(SSL *)) FUNC(1))(x)
--#define	SSL_connect(x)	(* (int (*)(SSL *)) FUNC(2))(x)
--#define	SSL_read(x,y,z)	(* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z))
--#define	SSL_write(x,y,z) \
--	(* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z))
--#define	SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
--#define	SSL_set_fd(x,y)	(* (int (*)(SSL *, int)) FUNC(6))((x), (y))
--#define	SSL_new(x)	(* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
--#define	SSL_CTX_new(x)	(* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
--#define	SSLv23_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
--#define	SSL_library_init() (* (int (*)(void)) FUNC(10))()
--#define	SSL_CTX_use_PrivateKey_file(x,y,z)	(* (int (*)(SSL_CTX *, \
--		const char *, int)) FUNC(11))((x), (y), (z))
--#define	SSL_CTX_use_certificate_file(x,y,z)	(* (int (*)(SSL_CTX *, \
--		const char *, int)) FUNC(12))((x), (y), (z))
--- 
-2.18.0
-
diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch
new file mode 100644
index 0000000..8d230ba
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0001-openSSL-1.1.0-API-fixes.patch
@@ -0,0 +1,77 @@
+From 634b95157e1823672a2c95fac0cecf079b5967e7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
+Date: Mon, 19 Nov 2018 15:31:27 +0100
+Subject: [PATCH] openSSL 1.1.0 API fixes
+
+---
+ src/server/shttpd/io_ssl.c |  5 +++++
+ src/server/shttpd/shttpd.c | 11 ++++++++++-
+ src/server/shttpd/ssl.h    |  3 +++
+ 3 files changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/src/server/shttpd/io_ssl.c b/src/server/shttpd/io_ssl.c
+index 6de0db2a..ece610ef 100644
+--- a/src/server/shttpd/io_ssl.c
++++ b/src/server/shttpd/io_ssl.c
+@@ -21,8 +21,13 @@ struct ssl_func	ssl_sw[] = {
+ 	{"SSL_set_fd",			{0}},
+ 	{"SSL_new",			{0}},
+ 	{"SSL_CTX_new",			{0}},
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	{"SSLv23_server_method",	{0}},
+ 	{"SSL_library_init",		{0}},
++#else
++	{"TLS_server_method",	{0}},
++	{"OPENSSL_init_ssl",		{0}},
++#endif
+ 	{"SSL_CTX_use_PrivateKey_file",	{0}},
+ 	{"SSL_CTX_use_certificate_file",{0}},
+ 	{NULL,				{0}}
+diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
+index f0f3fbd8..652aea17 100644
+--- a/src/server/shttpd/shttpd.c
++++ b/src/server/shttpd/shttpd.c
+@@ -1489,9 +1489,14 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
+ 		}
+ 
+ 	/* Initialize SSL crap */
+-	SSL_library_init();
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++	SSL_library_init();
+ 	if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
++#else
++        OPENSSL_init_ssl();
++	if ((CTX = SSL_CTX_new(TLS_server_method())) == NULL)
++#endif
+ 		_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
+ 	else if (SSL_CTX_use_certificate_file(CTX, wsmand_options_get_ssl_cert_file(), SSL_FILETYPE_PEM) != 1)
+ 		_shttpd_elog(E_LOG, NULL, "cannot open certificate file %s", pem);
+@@ -1552,6 +1557,10 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
+           if (rc != 1) {
+             _shttpd_elog(E_LOG, NULL, "Failed to set SSL cipher list \"%s\"", ssl_cipher_list);
+           }
++          else if ((*ssl_cipher_list == 0) || (*ssl_cipher_list == ' ')) {
++            _shttpd_elog(E_LOG, NULL, "Empty 'ssl_cipher_list' defaults to 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'.");
++            _shttpd_elog(E_LOG, NULL, "Check openSSL documentation.");
++          }
+         }
+ 	ctx->ssl_ctx = CTX;
+ 
+diff --git a/src/server/shttpd/ssl.h b/src/server/shttpd/ssl.h
+index 2304b70a..89a73c49 100644
+--- a/src/server/shttpd/ssl.h
++++ b/src/server/shttpd/ssl.h
+@@ -56,6 +56,9 @@ extern struct ssl_func	ssl_sw[];
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #define	SSLv23_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
+ #define	SSL_library_init() (* (int (*)(void)) FUNC(10))()
++#else
++#define	TLS_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
++#define	OPENSSL_init_ssl() (* (int (*)(void)) FUNC(10))()
+ #endif
+ #define	SSL_CTX_use_PrivateKey_file(x,y,z)	(* (int (*)(SSL_CTX *, \
+ 		const char *, int)) FUNC(11))((x), (y), (z))
+-- 
+2.19.1
+
diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch
deleted file mode 100644
index 5ae2e00..0000000
--- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman/0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 75669b077bd54bedbc086c60cbe137e7f4c685b5 Mon Sep 17 00:00:00 2001
-From: Vitezslav Crhonek <vcrhonek@redhat.com>
-Date: Mon, 24 Apr 2017 11:28:39 +0200
-Subject: [PATCH 2/2] Check OpenSSL version number to allow builds with older
- version
-
-Upstream-Status: Submitted [https://github.com/Openwsman/openwsman/pull/99]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- src/lib/wsman-curl-client-transport.c | 4 ++++
- src/server/shttpd/shttpd.c            | 4 ++++
- 2 files changed, 8 insertions(+)
-
-diff --git a/src/lib/wsman-curl-client-transport.c b/src/lib/wsman-curl-client-transport.c
-index e64ad097..4fc047e8 100644
---- a/src/lib/wsman-curl-client-transport.c
-+++ b/src/lib/wsman-curl-client-transport.c
-@@ -247,7 +247,11 @@ static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void
- 	unsigned int      tempFingerprintLen;
- 	tempDigest = (EVP_MD*)EVP_sha1( );
- 
-+	#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+	X509 *cert = ctx->cert;
-+	#else
- 	X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
-+	#endif
- 	if(!cert)
- 		return 0;
- 
-diff --git a/src/server/shttpd/shttpd.c b/src/server/shttpd/shttpd.c
-index 4c1dbf32..161720c8 100644
---- a/src/server/shttpd/shttpd.c
-+++ b/src/server/shttpd/shttpd.c
-@@ -1526,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const char *pem)
- 			if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
- 				//_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
- 				debug("SSL: disable %s protocol", protocols[idx].name);
-+				#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+				SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
-+				#else
- 				SSL_CTX_set_options(CTX, protocols[idx].opt);
-+				#endif
- 				break;
- 			}
- 		}
--- 
-2.18.0
-
diff --git a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb
similarity index 88%
rename from meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb
rename to meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb
index 5fba385..f04ff01 100644
--- a/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.5.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/openwsman/openwsman_2.6.8.bb
@@ -15,15 +15,15 @@
 inherit distro_features_check
 REQUIRED_DISTRO_FEATURES = "pam"
 
-SRCREV = "e90e5c96e3006c372bf45e0185e33c9250e67df6"
-PV = "2.6.5"
+# v2.6.8
+SRCREV = "b9cd0b72534854abb6dd834c8c11e02111b4c8d7"
 
 SRC_URI = "git://github.com/Openwsman/openwsman.git \
            file://libssl-is-required-if-eventint-supported.patch \
            file://openwsmand.service \
            file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \
-           file://0001-Port-to-OpenSSL-1.1.0.patch \
-           file://0002-Check-OpenSSL-version-number-to-allow-builds-with-ol.patch \
+           file://0001-openSSL-1.1.0-API-fixes.patch \
+           file://0001-Adjust-for-CURLE_SSL_CACERT-deprecation-in-curl-7.62.patch \
            "
 
 S = "${WORKDIR}/git"
@@ -31,7 +31,7 @@
 LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d4f53d4c6cf73b9d43186ce3be6dd0ba"
 
-inherit systemd cmake pkgconfig pythonnative perlnative
+inherit systemd cmake pkgconfig python3native perlnative
 
 SYSTEMD_SERVICE_${PN} = "openwsmand.service"
 SYSTEMD_AUTO_ENABLE = "disable"
@@ -41,6 +41,8 @@
 EXTRA_OECMAKE = "-DBUILD_BINDINGS=NO \
                  -DBUILD_LIBCIM=NO \
                  -DBUILD_PERL=YES \
+                 -DBUILD_PYTHON3=YES \
+                 -DBUILD_PYTHON=NO \
                  -DCMAKE_INSTALL_PREFIX=${prefix} \
                  -DLIB=${baselib} \
                 "
diff --git a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch
new file mode 100644
index 0000000..2d75a18
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch
@@ -0,0 +1,879 @@
+From 37e233307a79a9250962dcf77b7c7e27a02a1a35 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 1 Feb 2019 22:44:10 -0800
+Subject: [PATCH] Adapt to OpenSSL 1.1.1
+
+From: Guido Falsi <mad@madpilot.net>
+https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch/
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ authfd.c    |  50 ++++++++++++++++++++
+ bufbn.c     |   4 ++
+ cipher.h    |   6 ++-
+ kex.h       |   9 +++-
+ key.c       | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++--
+ ssh-dss.c   |  51 ++++++++++++++++----
+ ssh-ecdsa.c |  40 ++++++++++++----
+ ssh-rsa.c   |  22 +++++++--
+ 8 files changed, 287 insertions(+), 28 deletions(-)
+
+diff --git a/authfd.c b/authfd.c
+index 212e06b..f91514d 100644
+--- a/authfd.c
++++ b/authfd.c
+@@ -367,6 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
+ 	case 1:
+ 		key = pamsshagentauth_key_new(KEY_RSA1);
+ 		bits = pamsshagentauth_buffer_get_int(&auth->identities);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e);
+ 		pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n);
+ 		*comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL);
+@@ -374,6 +375,15 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
+ 		if (keybits < 0 || bits != (u_int)keybits)
+ 			pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u",
+ 			    BN_num_bits(key->rsa->n), bits);
++#else
++		pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_e(key->rsa));
++		pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_n(key->rsa));
++		*comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL);
++		keybits = BN_num_bits(RSA_get0_n(key->rsa));
++		if (keybits < 0 || bits != (u_int)keybits)
++			pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u",
++			    BN_num_bits(RSA_get0_n(key->rsa)), bits);
++#endif
+ 		break;
+ 	case 2:
+ 		blob = pamsshagentauth_buffer_get_string(&auth->identities, &blen);
+@@ -417,9 +427,15 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
+ 	}
+ 	pamsshagentauth_buffer_init(&buffer);
+ 	pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n));
+ 	pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e);
+ 	pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n);
++#else
++	pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(RSA_get0_n(key->rsa)));
++	pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_e(key->rsa));
++	pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_n(key->rsa));
++#endif
+ 	pamsshagentauth_buffer_put_bignum(&buffer, challenge);
+ 	pamsshagentauth_buffer_append(&buffer, session_id, 16);
+ 	pamsshagentauth_buffer_put_int(&buffer, response_type);
+@@ -496,6 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
+ static void
+ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n));
+ 	pamsshagentauth_buffer_put_bignum(b, key->n);
+ 	pamsshagentauth_buffer_put_bignum(b, key->e);
+@@ -504,6 +521,16 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
+ 	pamsshagentauth_buffer_put_bignum(b, key->iqmp);	/* ssh key->u */
+ 	pamsshagentauth_buffer_put_bignum(b, key->q);	/* ssh key->p, SSL key->q */
+ 	pamsshagentauth_buffer_put_bignum(b, key->p);	/* ssh key->q, SSL key->p */
++#else
++	pamsshagentauth_buffer_put_int(b, BN_num_bits(RSA_get0_n(key)));
++	pamsshagentauth_buffer_put_bignum(b, RSA_get0_n(key));
++	pamsshagentauth_buffer_put_bignum(b, RSA_get0_e(key));
++	pamsshagentauth_buffer_put_bignum(b, RSA_get0_d(key));
++	/* To keep within the protocol: p < q for ssh. in SSL p > q */
++	pamsshagentauth_buffer_put_bignum(b, RSA_get0_iqmp(key));	/* ssh key->u */
++	pamsshagentauth_buffer_put_bignum(b, RSA_get0_q(key));	/* ssh key->p, SSL key->q */
++	pamsshagentauth_buffer_put_bignum(b, RSA_get0_p(key));	/* ssh key->q, SSL key->p */
++#endif
+ 	pamsshagentauth_buffer_put_cstring(b, comment);
+ }
+ 
+@@ -513,19 +540,36 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
+ 	pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key));
+ 	switch (key->type) {
+ 	case KEY_RSA:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		pamsshagentauth_buffer_put_bignum2(b, key->rsa->n);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->rsa->e);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->rsa->d);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->rsa->iqmp);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->rsa->p);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->rsa->q);
++#else
++		pamsshagentauth_buffer_put_bignum2(b, RSA_get0_n(key->rsa));
++		pamsshagentauth_buffer_put_bignum2(b, RSA_get0_e(key->rsa));
++		pamsshagentauth_buffer_put_bignum2(b, RSA_get0_d(key->rsa));
++		pamsshagentauth_buffer_put_bignum2(b, RSA_get0_iqmp(key->rsa));
++		pamsshagentauth_buffer_put_bignum2(b, RSA_get0_p(key->rsa));
++		pamsshagentauth_buffer_put_bignum2(b, RSA_get0_q(key->rsa));
++#endif
+ 		break;
+ 	case KEY_DSA:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		pamsshagentauth_buffer_put_bignum2(b, key->dsa->p);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->dsa->q);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->dsa->g);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->dsa->pub_key);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->dsa->priv_key);
++#else
++		pamsshagentauth_buffer_put_bignum2(b, DSA_get0_p(key->dsa));
++		pamsshagentauth_buffer_put_bignum2(b, DSA_get0_q(key->dsa));
++		pamsshagentauth_buffer_put_bignum2(b, DSA_get0_g(key->dsa));
++		pamsshagentauth_buffer_put_bignum2(b, DSA_get0_pub_key(key->dsa));
++		pamsshagentauth_buffer_put_bignum2(b, DSA_get0_priv_key(key->dsa));
++#endif
+ 		break;
+ 	}
+ 	pamsshagentauth_buffer_put_cstring(b, comment);
+@@ -605,9 +649,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
+ 
+ 	if (key->type == KEY_RSA1) {
+ 		pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n));
+ 		pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e);
+ 		pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n);
++#else
++		pamsshagentauth_buffer_put_int(&msg, BN_num_bits(RSA_get0_n(key->rsa)));
++		pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_e(key->rsa));
++		pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_n(key->rsa));
++#endif
+ 	} else if (key->type == KEY_DSA || key->type == KEY_RSA) {
+ 		pamsshagentauth_key_to_blob(key, &blob, &blen);
+ 		pamsshagentauth_buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
+diff --git a/bufbn.c b/bufbn.c
+index 6a49c73..4ecedc1 100644
+--- a/bufbn.c
++++ b/bufbn.c
+@@ -151,7 +151,11 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
+ 		pamsshagentauth_buffer_put_int(buffer, 0);
+ 		return 0;
+ 	}
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	if (value->neg) {
++#else
++	if (BN_is_negative(value)) {
++#endif
+ 		pamsshagentauth_logerror("buffer_put_bignum2_ret: negative numbers not supported");
+ 		return (-1);
+ 	}
+diff --git a/cipher.h b/cipher.h
+index 49bbc16..64f59ca 100644
+--- a/cipher.h
++++ b/cipher.h
+@@ -59,15 +59,18 @@
+ #define CIPHER_DECRYPT		0
+ 
+ typedef struct Cipher Cipher;
+-typedef struct CipherContext CipherContext;
++// typedef struct CipherContext CipherContext;
+ 
+ struct Cipher;
++/*
+ struct CipherContext {
+ 	int	plaintext;
+ 	EVP_CIPHER_CTX evp;
+ 	Cipher *cipher;
+ };
++*/
+ 
++/*
+ u_int	 cipher_mask_ssh1(int);
+ Cipher	*cipher_by_name(const char *);
+ Cipher	*cipher_by_number(int);
+@@ -88,4 +91,5 @@ void	 cipher_set_keyiv(CipherContext *, u_char *);
+ int	 cipher_get_keyiv_len(const CipherContext *);
+ int	 cipher_get_keycontext(const CipherContext *, u_char *);
+ void	 cipher_set_keycontext(CipherContext *, u_char *);
++*/
+ #endif				/* CIPHER_H */
+diff --git a/kex.h b/kex.h
+index 8e29c90..81ca57d 100644
+--- a/kex.h
++++ b/kex.h
+@@ -70,7 +70,7 @@ enum kex_exchange {
+ #define KEX_INIT_SENT	0x0001
+ 
+ typedef struct Kex Kex;
+-typedef struct Mac Mac;
++// typedef struct Mac Mac;
+ typedef struct Comp Comp;
+ typedef struct Enc Enc;
+ typedef struct Newkeys Newkeys;
+@@ -84,6 +84,7 @@ struct Enc {
+ 	u_char	*key;
+ 	u_char	*iv;
+ };
++/*
+ struct Mac {
+ 	char	*name;
+ 	int	enabled;
+@@ -95,11 +96,13 @@ struct Mac {
+ 	HMAC_CTX	evp_ctx;
+ 	struct umac_ctx *umac_ctx;
+ };
++*/
+ struct Comp {
+ 	int	type;
+ 	int	enabled;
+ 	char	*name;
+ };
++/*
+ struct Newkeys {
+ 	Enc	enc;
+ 	Mac	mac;
+@@ -126,7 +129,9 @@ struct Kex {
+ 	int	(*host_key_index)(Key *);
+ 	void	(*kex[KEX_MAX])(Kex *);
+ };
++*/
+ 
++/*
+ Kex	*kex_setup(char *[PROPOSAL_MAX]);
+ void	 kex_finish(Kex *);
+ 
+@@ -152,6 +157,8 @@ kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *,
+ void
+ derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
+ 
++*/
++
+ #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
+ void	dump_digest(char *, u_char *, int);
+ #endif
+diff --git a/key.c b/key.c
+index 107a442..aedbbb5 100644
+--- a/key.c
++++ b/key.c
+@@ -77,15 +77,21 @@ pamsshagentauth_key_new(int type)
+ 	case KEY_RSA:
+ 		if ((rsa = RSA_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new: RSA_new failed");
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if ((rsa->n = BN_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new: BN_new failed");
+ 		if ((rsa->e = BN_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new: BN_new failed");
++#else
++		if (RSA_set0_key(rsa, BN_new(), BN_new(), NULL) != 1)
++			pamsshagentauth_fatal("key_new: RSA_set0_key failed");
++#endif
+ 		k->rsa = rsa;
+ 		break;
+ 	case KEY_DSA:
+ 		if ((dsa = DSA_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new: DSA_new failed");
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if ((dsa->p = BN_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new: BN_new failed");
+ 		if ((dsa->q = BN_new()) == NULL)
+@@ -94,6 +100,12 @@ pamsshagentauth_key_new(int type)
+ 			pamsshagentauth_fatal("key_new: BN_new failed");
+ 		if ((dsa->pub_key = BN_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new: BN_new failed");
++#else
++		if (DSA_set0_pqg(dsa, BN_new(), BN_new(), BN_new()) != 1)
++			pamsshagentauth_fatal("key_new: DSA_set0_pqg failed");
++		if (DSA_set0_key(dsa, BN_new(), NULL) != 1)
++			pamsshagentauth_fatal("key_new: DSA_set0_key failed");
++#endif
+ 		k->dsa = dsa;
+ 		break;
+ 	case KEY_ECDSA:
+@@ -118,6 +130,7 @@ pamsshagentauth_key_new_private(int type)
+ 	switch (k->type) {
+ 	case KEY_RSA1:
+ 	case KEY_RSA:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if ((k->rsa->d = BN_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new_private: BN_new failed");
+ 		if ((k->rsa->iqmp = BN_new()) == NULL)
+@@ -130,14 +143,30 @@ pamsshagentauth_key_new_private(int type)
+ 			pamsshagentauth_fatal("key_new_private: BN_new failed");
+ 		if ((k->rsa->dmp1 = BN_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new_private: BN_new failed");
++#else
++		if (RSA_set0_key(k->rsa, NULL, NULL, BN_new()) != 1)
++			pamsshagentauth_fatal("key_new: RSA_set0_key failed");
++		if (RSA_set0_crt_params(k->rsa, BN_new(), BN_new(), BN_new()) != 1)
++			pamsshagentauth_fatal("key_new: RSA_set0_crt_params failed");
++		if (RSA_set0_factors(k->rsa, BN_new(), BN_new()) != 1)
++			pamsshagentauth_fatal("key_new: RSA_set0_factors failed");
++#endif
+ 		break;
+ 	case KEY_DSA:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if ((k->dsa->priv_key = BN_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new_private: BN_new failed");
++#else
++		if (DSA_set0_key(k->dsa, NULL, BN_new()) != 1)
++			pamsshagentauth_fatal("key_new_private: DSA_set0_key failed");
++#endif
+ 		break;
+ 	case KEY_ECDSA:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1)
+ 			pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed");
++#else
++#endif
+ 		break;
+ 	case KEY_ED25519:
+ 		RAND_bytes(k->ed25519->sk, sizeof(k->ed25519->sk));
+@@ -195,14 +224,26 @@ pamsshagentauth_key_equal(const Key *a, const Key *b)
+ 	case KEY_RSA1:
+ 	case KEY_RSA:
+ 		return a->rsa != NULL && b->rsa != NULL &&
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		    BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
+ 		    BN_cmp(a->rsa->n, b->rsa->n) == 0;
++#else
++		    BN_cmp(RSA_get0_e(a->rsa), RSA_get0_e(b->rsa)) == 0 &&
++		    BN_cmp(RSA_get0_n(a->rsa), RSA_get0_n(b->rsa)) == 0;
++#endif
+ 	case KEY_DSA:
+ 		return a->dsa != NULL && b->dsa != NULL &&
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		    BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
+ 		    BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
+ 		    BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
+ 		    BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
++#else
++		    BN_cmp(DSA_get0_p(a->dsa), DSA_get0_p(b->dsa)) == 0 &&
++		    BN_cmp(DSA_get0_q(a->dsa), DSA_get0_q(b->dsa)) == 0 &&
++		    BN_cmp(DSA_get0_g(a->dsa), DSA_get0_g(b->dsa)) == 0 &&
++		    BN_cmp(DSA_get0_pub_key(a->dsa), DSA_get0_pub_key(b->dsa)) == 0;
++#endif
+ 	case KEY_ECDSA:
+ 		return a->ecdsa != NULL && b->ecdsa != NULL &&
+ 			EC_KEY_check_key(a->ecdsa) == 1 &&
+@@ -231,7 +272,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+     u_int *dgst_raw_length)
+ {
+ 	const EVP_MD *md = NULL;
+-	EVP_MD_CTX ctx;
++	EVP_MD_CTX *ctx;
+ 	u_char *blob = NULL;
+ 	u_char *retval = NULL;
+ 	u_int len = 0;
+@@ -252,12 +293,21 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+ 	}
+ 	switch (k->type) {
+ 	case KEY_RSA1:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		nlen = BN_num_bytes(k->rsa->n);
+ 		elen = BN_num_bytes(k->rsa->e);
+ 		len = nlen + elen;
+ 		blob = pamsshagentauth_xmalloc(len);
+ 		BN_bn2bin(k->rsa->n, blob);
+ 		BN_bn2bin(k->rsa->e, blob + nlen);
++#else
++		nlen = BN_num_bytes(RSA_get0_n(k->rsa));
++		elen = BN_num_bytes(RSA_get0_e(k->rsa));
++		len = nlen + elen;
++		blob = pamsshagentauth_xmalloc(len);
++		BN_bn2bin(RSA_get0_n(k->rsa), blob);
++		BN_bn2bin(RSA_get0_e(k->rsa), blob + nlen);
++#endif
+ 		break;
+ 	case KEY_DSA:
+ 	case KEY_ECDSA:
+@@ -273,11 +323,14 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+ 	}
+ 	if (blob != NULL) {
+ 		retval = pamsshagentauth_xmalloc(EVP_MAX_MD_SIZE);
+-		EVP_DigestInit(&ctx, md);
+-		EVP_DigestUpdate(&ctx, blob, len);
+-		EVP_DigestFinal(&ctx, retval, dgst_raw_length);
++		/* XXX Errors from EVP_* functions are not hadled */
++		ctx = EVP_MD_CTX_create();
++		EVP_DigestInit(ctx, md);
++		EVP_DigestUpdate(ctx, blob, len);
++		EVP_DigestFinal(ctx, retval, dgst_raw_length);
+ 		memset(blob, 0, len);
+ 		pamsshagentauth_xfree(blob);
++		EVP_MD_CTX_destroy(ctx);
+ 	} else {
+ 		pamsshagentauth_fatal("key_fingerprint_raw: blob is null");
+ 	}
+@@ -457,10 +510,17 @@ pamsshagentauth_key_read(Key *ret, char **cpp)
+ 			return -1;
+ 		*cpp = cp;
+ 		/* Get public exponent, public modulus. */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if (!read_bignum(cpp, ret->rsa->e))
+ 			return -1;
+ 		if (!read_bignum(cpp, ret->rsa->n))
+ 			return -1;
++#else
++		if (!read_bignum(cpp, RSA_get0_e(ret->rsa)))
++			return -1;
++		if (!read_bignum(cpp, RSA_get0_n(ret->rsa)))
++			return -1;
++#endif
+ 		success = 1;
+ 		break;
+ 	case KEY_UNSPEC:
+@@ -583,10 +643,17 @@ pamsshagentauth_key_write(const Key *key, FILE *f)
+ 
+ 	if (key->type == KEY_RSA1 && key->rsa != NULL) {
+ 		/* size of modulus 'n' */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		bits = BN_num_bits(key->rsa->n);
+ 		fprintf(f, "%u", bits);
+ 		if (write_bignum(f, key->rsa->e) &&
+ 		    write_bignum(f, key->rsa->n)) {
++#else
++		bits = BN_num_bits(RSA_get0_n(key->rsa));
++		fprintf(f, "%u", bits);
++		if (write_bignum(f, RSA_get0_e(key->rsa)) &&
++		    write_bignum(f, RSA_get0_n(key->rsa))) {
++#endif
+ 			success = 1;
+ 		} else {
+ 			pamsshagentauth_logerror("key_write: failed for RSA key");
+@@ -675,10 +742,17 @@ pamsshagentauth_key_size(const Key *k)
+ {
+ 	switch (k->type) {
+ 	case KEY_RSA1:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	case KEY_RSA:
+ 		return BN_num_bits(k->rsa->n);
+ 	case KEY_DSA:
+ 		return BN_num_bits(k->dsa->p);
++#else
++	case KEY_RSA:
++		return BN_num_bits(RSA_get0_n(k->rsa));
++	case KEY_DSA:
++		return BN_num_bits(DSA_get0_p(k->dsa));
++#endif
+ 	case KEY_ECDSA:
+ 	{
+ 		int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(k->ecdsa));
+@@ -769,17 +843,29 @@ pamsshagentauth_key_from_private(const Key *k)
+ 	switch (k->type) {
+ 	case KEY_DSA:
+ 		n = pamsshagentauth_key_new(k->type);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
+ 		    (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
+ 		    (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
+ 		    (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL))
++#else
++		if ((BN_copy(DSA_get0_p(n->dsa), DSA_get0_p(k->dsa)) == NULL) ||
++		    (BN_copy(DSA_get0_q(n->dsa), DSA_get0_q(k->dsa)) == NULL) ||
++		    (BN_copy(DSA_get0_g(n->dsa), DSA_get0_g(k->dsa)) == NULL) ||
++		    (BN_copy(DSA_get0_pub_key(n->dsa), DSA_get0_pub_key(k->dsa)) == NULL))
++#endif
+ 			pamsshagentauth_fatal("key_from_private: BN_copy failed");
+ 		break;
+ 	case KEY_RSA:
+ 	case KEY_RSA1:
+ 		n = pamsshagentauth_key_new(k->type);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
+ 		    (BN_copy(n->rsa->e, k->rsa->e) == NULL))
++#else
++		if ((BN_copy(RSA_get0_n(n->rsa), RSA_get0_n(k->rsa)) == NULL) ||
++		    (BN_copy(RSA_get0_e(n->rsa), RSA_get0_e(k->rsa)) == NULL))
++#endif
+ 			pamsshagentauth_fatal("key_from_private: BN_copy failed");
+ 		break;
+ 	case KEY_ECDSA:
+@@ -881,8 +967,13 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
+ 	switch (type) {
+ 	case KEY_RSA:
+ 		key = pamsshagentauth_key_new(type);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||
+ 		    pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
++#else
++		if (pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_e(key->rsa)) == -1 ||
++		    pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_n(key->rsa)) == -1) {
++#endif
+ 			pamsshagentauth_logerror("key_from_blob: can't read rsa key");
+ 			pamsshagentauth_key_free(key);
+ 			key = NULL;
+@@ -894,10 +985,17 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
+ 		break;
+ 	case KEY_DSA:
+ 		key = pamsshagentauth_key_new(type);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 ||
+ 		    pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 ||
+ 		    pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 ||
+ 		    pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) {
++#else
++		if (pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_p(key->dsa)) == -1 ||
++		    pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_q(key->dsa)) == -1 ||
++		    pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_g(key->dsa)) == -1 ||
++		    pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_pub_key(key->dsa)) == -1) {
++#endif
+ 			pamsshagentauth_logerror("key_from_blob: can't read dsa key");
+ 			pamsshagentauth_key_free(key);
+ 			key = NULL;
+@@ -1015,6 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
+ 	}
+ 	pamsshagentauth_buffer_init(&b);
+ 	switch (key->type) {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	case KEY_DSA:
+ 		pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key));
+ 		pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p);
+@@ -1027,6 +1126,20 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
+ 		pamsshagentauth_buffer_put_bignum2(&b, key->rsa->e);
+ 		pamsshagentauth_buffer_put_bignum2(&b, key->rsa->n);
+ 		break;
++#else
++	case KEY_DSA:
++		pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key));
++		pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_p(key->dsa));
++		pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_q(key->dsa));
++		pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_g(key->dsa));
++		pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_pub_key(key->dsa));
++		break;
++	case KEY_RSA:
++		pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key));
++		pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_e(key->rsa));
++		pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_n(key->rsa));
++		break;
++#endif
+ 	case KEY_ECDSA:
+ 	{
+ 		size_t l = 0;
+@@ -1138,14 +1251,20 @@ pamsshagentauth_key_demote(const Key *k)
+ 	case KEY_RSA:
+ 		if ((pk->rsa = RSA_new()) == NULL)
+ 			pamsshagentauth_fatal("key_demote: RSA_new failed");
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
+ 			pamsshagentauth_fatal("key_demote: BN_dup failed");
+ 		if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
+ 			pamsshagentauth_fatal("key_demote: BN_dup failed");
++#else
++		if (RSA_set0_key(pk->rsa, BN_dup(RSA_get0_n(k->rsa)), BN_dup(RSA_get0_e(k->rsa)), NULL) != 1)
++			pamsshagentauth_fatal("key_demote: RSA_set0_key failed");
++#endif
+ 		break;
+ 	case KEY_DSA:
+ 		if ((pk->dsa = DSA_new()) == NULL)
+ 			pamsshagentauth_fatal("key_demote: DSA_new failed");
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
+ 			pamsshagentauth_fatal("key_demote: BN_dup failed");
+ 		if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
+@@ -1154,6 +1273,12 @@ pamsshagentauth_key_demote(const Key *k)
+ 			pamsshagentauth_fatal("key_demote: BN_dup failed");
+ 		if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
+ 			pamsshagentauth_fatal("key_demote: BN_dup failed");
++#else
++		if (DSA_set0_pqg(pk->dsa, BN_dup(DSA_get0_p(k->dsa)), BN_dup(DSA_get0_q(k->dsa)), BN_dup(DSA_get0_g(k->dsa))) != 1)
++			pamsshagentauth_fatal("key_demote: DSA_set0_pqg failed");
++		if (DSA_set0_key(pk->dsa, BN_dup(DSA_get0_pub_key(k->dsa)), NULL) != 1)
++			pamsshagentauth_fatal("key_demote: DSA_set0_key failed");
++#endif
+ 		break;
+ 	case KEY_ECDSA:
+ 		pamsshagentauth_fatal("key_demote: implement me");
+diff --git a/ssh-dss.c b/ssh-dss.c
+index 9fdaa5d..1051ae2 100644
+--- a/ssh-dss.c
++++ b/ssh-dss.c
+@@ -48,37 +48,53 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+ {
+ 	DSA_SIG *sig;
+ 	const EVP_MD *evp_md = EVP_sha1();
+-	EVP_MD_CTX md;
++	EVP_MD_CTX *md;
+ 	u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
+ 	u_int rlen, slen, len, dlen;
+ 	Buffer b;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++	const BIGNUM *r, *s;
++#endif
+ 
+ 	if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) {
+ 		pamsshagentauth_logerror("ssh_dss_sign: no DSA key");
+ 		return -1;
+ 	}
+-	EVP_DigestInit(&md, evp_md);
+-	EVP_DigestUpdate(&md, data, datalen);
+-	EVP_DigestFinal(&md, digest, &dlen);
++	md = EVP_MD_CTX_create();
++	EVP_DigestInit(md, evp_md);
++	EVP_DigestUpdate(md, data, datalen);
++	EVP_DigestFinal(md, digest, &dlen);
+ 
+ 	sig = DSA_do_sign(digest, dlen, key->dsa);
+ 	memset(digest, 'd', sizeof(digest));
++	EVP_MD_CTX_destroy(md);
+ 
+ 	if (sig == NULL) {
+ 		pamsshagentauth_logerror("ssh_dss_sign: sign failed");
+ 		return -1;
+ 	}
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	rlen = BN_num_bytes(sig->r);
+ 	slen = BN_num_bytes(sig->s);
++#else
++	DSA_SIG_get0((const DSA_SIG *)sig, (const BIGNUM **)r, (const BIGNUM **)s);
++	rlen = BN_num_bytes(r);
++	slen = BN_num_bytes(s);
++#endif
+ 	if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
+ 		pamsshagentauth_logerror("bad sig size %u %u", rlen, slen);
+ 		DSA_SIG_free(sig);
+ 		return -1;
+ 	}
+ 	memset(sigblob, 0, SIGBLOB_LEN);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
+ 	BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
++#else
++	BN_bn2bin(r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
++	BN_bn2bin(s, sigblob+ SIGBLOB_LEN - slen);
++#endif
+ 	DSA_SIG_free(sig);
+ 
+ 	if (datafellows & SSH_BUG_SIGBLOB) {
+@@ -110,11 +126,14 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ {
+ 	DSA_SIG *sig;
+ 	const EVP_MD *evp_md = EVP_sha1();
+-	EVP_MD_CTX md;
++	EVP_MD_CTX *md;
+ 	u_char digest[EVP_MAX_MD_SIZE], *sigblob;
+ 	u_int len, dlen;
+ 	int rlen, ret;
+ 	Buffer b;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++	BIGNUM *r, *s;
++#endif
+ 
+ 	if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) {
+ 		pamsshagentauth_logerror("ssh_dss_verify: no DSA key");
+@@ -157,6 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ 	/* parse signature */
+ 	if ((sig = DSA_SIG_new()) == NULL)
+ 		pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed");
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	if ((sig->r = BN_new()) == NULL)
+ 		pamsshagentauth_fatal("ssh_dss_verify: BN_new failed");
+ 	if ((sig->s = BN_new()) == NULL)
+@@ -164,18 +184,33 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ 	if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
+ 	    (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))
+ 		pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed");
++#else
++	if ((r = BN_new()) == NULL)
++		pamsshagentauth_fatal("ssh_dss_verify: BN_new failed");
++	if ((s = BN_new()) == NULL)
++		pamsshagentauth_fatal("ssh_dss_verify: BN_new failed");
++	if (DSA_SIG_set0(sig, r, s) != 1)
++		pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed");
++	if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) ||
++	    (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL))
++		pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed");
++	if (DSA_SIG_set0(sig, r, s) != 1)
++		pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed");
++#endif
+ 
+ 	/* clean up */
+ 	memset(sigblob, 0, len);
+ 	pamsshagentauth_xfree(sigblob);
+ 
+ 	/* sha1 the data */
+-	EVP_DigestInit(&md, evp_md);
+-	EVP_DigestUpdate(&md, data, datalen);
+-	EVP_DigestFinal(&md, digest, &dlen);
++	md = EVP_MD_CTX_create();
++	EVP_DigestInit(md, evp_md);
++	EVP_DigestUpdate(md, data, datalen);
++	EVP_DigestFinal(md, digest, &dlen);
+ 
+ 	ret = DSA_do_verify(digest, dlen, sig, key->dsa);
+ 	memset(digest, 'd', sizeof(digest));
++	EVP_MD_CTX_destroy(md);
+ 
+ 	DSA_SIG_free(sig);
+ 
+diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
+index efa0f3d..c213959 100644
+--- a/ssh-ecdsa.c
++++ b/ssh-ecdsa.c
+@@ -41,22 +41,27 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+ {
+     ECDSA_SIG *sig;
+     const EVP_MD *evp_md = evp_from_key(key);
+-    EVP_MD_CTX md;
++    EVP_MD_CTX *md;
+     u_char digest[EVP_MAX_MD_SIZE];
+     u_int len, dlen;
+     Buffer b, bb;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++	BIGNUM *r, *s;
++#endif
+ 
+     if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) {
+         pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key");
+         return -1;
+     }
+ 
+-    EVP_DigestInit(&md, evp_md);
+-    EVP_DigestUpdate(&md, data, datalen);
+-    EVP_DigestFinal(&md, digest, &dlen);
++    md = EVP_MD_CTX_create();
++    EVP_DigestInit(md, evp_md);
++    EVP_DigestUpdate(md, data, datalen);
++    EVP_DigestFinal(md, digest, &dlen);
+ 
+     sig = ECDSA_do_sign(digest, dlen, key->ecdsa);
+     memset(digest, 'd', sizeof(digest));
++    EVP_MD_CTX_destroy(md);
+ 
+     if (sig == NULL) {
+         pamsshagentauth_logerror("ssh_ecdsa_sign: sign failed");
+@@ -64,8 +69,14 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+     }
+ 
+     pamsshagentauth_buffer_init(&bb);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 ||
+         pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) {
++#else
++    DSA_SIG_get0(sig, &r, &s);
++    if (pamsshagentauth_buffer_get_bignum2_ret(&bb, r) == -1 ||
++        pamsshagentauth_buffer_get_bignum2_ret(&bb, s) == -1) {
++#endif
+         pamsshagentauth_logerror("couldn't serialize signature");
+         ECDSA_SIG_free(sig);
+         return -1;
+@@ -94,11 +105,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ {
+     ECDSA_SIG *sig;
+     const EVP_MD *evp_md = evp_from_key(key);
+-    EVP_MD_CTX md;
++    EVP_MD_CTX *md;
+     u_char digest[EVP_MAX_MD_SIZE], *sigblob;
+     u_int len, dlen;
+     int rlen, ret;
+     Buffer b;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++	BIGNUM *r, *s;
++#endif
+ 
+     if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) {
+         pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key");
+@@ -127,8 +141,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ 
+     pamsshagentauth_buffer_init(&b);
+     pamsshagentauth_buffer_append(&b, sigblob, len);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) ||
+         (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1))
++#else
++    DSA_SIG_get0(sig, &r, &s);
++    if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) ||
++        (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1))
++#endif
+         pamsshagentauth_fatal("ssh_ecdsa_verify:"
+             "pamsshagentauth_buffer_get_bignum2_ret failed");
+ 
+@@ -137,16 +157,18 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+     pamsshagentauth_xfree(sigblob);
+ 
+     /* sha256 the data */
+-    EVP_DigestInit(&md, evp_md);
+-    EVP_DigestUpdate(&md, data, datalen);
+-    EVP_DigestFinal(&md, digest, &dlen);
++    md = EVP_MD_CTX_create();
++    EVP_DigestInit(md, evp_md);
++    EVP_DigestUpdate(md, data, datalen);
++    EVP_DigestFinal(md, digest, &dlen);
+ 
+     ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa);
+     memset(digest, 'd', sizeof(digest));
++    EVP_MD_CTX_destroy(md);
+ 
+     ECDSA_SIG_free(sig);
+ 
+     pamsshagentauth_verbose("ssh_ecdsa_verify: signature %s",
+         ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");
+     return ret;
+-}
+\ No newline at end of file
++}
+diff --git a/ssh-rsa.c b/ssh-rsa.c
+index d05844b..9d74eb6 100644
+--- a/ssh-rsa.c
++++ b/ssh-rsa.c
+@@ -40,7 +40,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+     const u_char *data, u_int datalen)
+ {
+ 	const EVP_MD *evp_md;
+-	EVP_MD_CTX md;
++	EVP_MD_CTX *md;
+ 	u_char digest[EVP_MAX_MD_SIZE], *sig;
+ 	u_int slen, dlen, len;
+ 	int ok, nid;
+@@ -55,6 +55,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+ 		pamsshagentauth_logerror("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
+ 		return -1;
+ 	}
++	md = EVP_MD_CTX_create();
+ 	EVP_DigestInit(&md, evp_md);
+ 	EVP_DigestUpdate(&md, data, datalen);
+ 	EVP_DigestFinal(&md, digest, &dlen);
+@@ -64,6 +65,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+ 
+ 	ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
+ 	memset(digest, 'd', sizeof(digest));
++	EVP_MD_CTX_destroy(md);
+ 
+ 	if (ok != 1) {
+ 		int ecode = ERR_get_error();
+@@ -107,7 +109,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ {
+ 	Buffer b;
+ 	const EVP_MD *evp_md;
+-	EVP_MD_CTX md;
++	EVP_MD_CTX *md;
+ 	char *ktype;
+ 	u_char digest[EVP_MAX_MD_SIZE], *sigblob;
+ 	u_int len, dlen, modlen;
+@@ -117,9 +119,17 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ 		pamsshagentauth_logerror("ssh_rsa_verify: no RSA key");
+ 		return -1;
+ 	}
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
++#else
++	if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
++#endif
+ 		pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits",
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		    BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
++#else
++		    BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE);
++#endif
+ 		return -1;
+ 	}
+ 	pamsshagentauth_buffer_init(&b);
+@@ -161,12 +171,14 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ 		pamsshagentauth_xfree(sigblob);
+ 		return -1;
+ 	}
+-	EVP_DigestInit(&md, evp_md);
+-	EVP_DigestUpdate(&md, data, datalen);
+-	EVP_DigestFinal(&md, digest, &dlen);
++	md = EVP_MD_CTX_create();
++	EVP_DigestInit(md, evp_md);
++	EVP_DigestUpdate(md, data, datalen);
++	EVP_DigestFinal(md, digest, &dlen);
+ 
+ 	ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
+ 	memset(digest, 'd', sizeof(digest));
++	EVP_MD_CTX_destroy(md);
+ 	memset(sigblob, 's', len);
+ 	pamsshagentauth_xfree(sigblob);
+ 	pamsshagentauth_verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
diff --git a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch
new file mode 100644
index 0000000..b03b43f
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch
@@ -0,0 +1,365 @@
+From b2ee29809a54e16567323d8fbac2d652ee58c692 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 1 Feb 2019 22:45:19 -0800
+Subject: [PATCH] Check against the correct OPENSSL_VERSION_NUMBER
+
+From: Guido Falsi <mad@madpilot.net>
+https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch/
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ authfd.c    | 12 ++++++------
+ bufbn.c     |  2 +-
+ key.c       | 36 ++++++++++++++++++------------------
+ ssh-dss.c   | 10 +++++-----
+ ssh-ecdsa.c |  8 ++++----
+ ssh-rsa.c   |  4 ++--
+ 6 files changed, 36 insertions(+), 36 deletions(-)
+
+diff --git a/authfd.c b/authfd.c
+index f91514d..4c6cec8 100644
+--- a/authfd.c
++++ b/authfd.c
+@@ -367,7 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
+ 	case 1:
+ 		key = pamsshagentauth_key_new(KEY_RSA1);
+ 		bits = pamsshagentauth_buffer_get_int(&auth->identities);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e);
+ 		pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n);
+ 		*comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL);
+@@ -427,7 +427,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
+ 	}
+ 	pamsshagentauth_buffer_init(&buffer);
+ 	pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 	pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n));
+ 	pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e);
+ 	pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n);
+@@ -512,7 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
+ static void
+ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 	pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n));
+ 	pamsshagentauth_buffer_put_bignum(b, key->n);
+ 	pamsshagentauth_buffer_put_bignum(b, key->e);
+@@ -540,7 +540,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
+ 	pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key));
+ 	switch (key->type) {
+ 	case KEY_RSA:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		pamsshagentauth_buffer_put_bignum2(b, key->rsa->n);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->rsa->e);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->rsa->d);
+@@ -557,7 +557,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
+ #endif
+ 		break;
+ 	case KEY_DSA:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		pamsshagentauth_buffer_put_bignum2(b, key->dsa->p);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->dsa->q);
+ 		pamsshagentauth_buffer_put_bignum2(b, key->dsa->g);
+@@ -649,7 +649,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
+ 
+ 	if (key->type == KEY_RSA1) {
+ 		pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n));
+ 		pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e);
+ 		pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n);
+diff --git a/bufbn.c b/bufbn.c
+index 4ecedc1..b4754cc 100644
+--- a/bufbn.c
++++ b/bufbn.c
+@@ -151,7 +151,7 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
+ 		pamsshagentauth_buffer_put_int(buffer, 0);
+ 		return 0;
+ 	}
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 	if (value->neg) {
+ #else
+ 	if (BN_is_negative(value)) {
+diff --git a/key.c b/key.c
+index aedbbb5..dcc5fc8 100644
+--- a/key.c
++++ b/key.c
+@@ -77,7 +77,7 @@ pamsshagentauth_key_new(int type)
+ 	case KEY_RSA:
+ 		if ((rsa = RSA_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new: RSA_new failed");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if ((rsa->n = BN_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new: BN_new failed");
+ 		if ((rsa->e = BN_new()) == NULL)
+@@ -91,7 +91,7 @@ pamsshagentauth_key_new(int type)
+ 	case KEY_DSA:
+ 		if ((dsa = DSA_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new: DSA_new failed");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if ((dsa->p = BN_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new: BN_new failed");
+ 		if ((dsa->q = BN_new()) == NULL)
+@@ -130,7 +130,7 @@ pamsshagentauth_key_new_private(int type)
+ 	switch (k->type) {
+ 	case KEY_RSA1:
+ 	case KEY_RSA:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if ((k->rsa->d = BN_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new_private: BN_new failed");
+ 		if ((k->rsa->iqmp = BN_new()) == NULL)
+@@ -153,7 +153,7 @@ pamsshagentauth_key_new_private(int type)
+ #endif
+ 		break;
+ 	case KEY_DSA:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if ((k->dsa->priv_key = BN_new()) == NULL)
+ 			pamsshagentauth_fatal("key_new_private: BN_new failed");
+ #else
+@@ -162,7 +162,7 @@ pamsshagentauth_key_new_private(int type)
+ #endif
+ 		break;
+ 	case KEY_ECDSA:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1)
+ 			pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed");
+ #else
+@@ -224,7 +224,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b)
+ 	case KEY_RSA1:
+ 	case KEY_RSA:
+ 		return a->rsa != NULL && b->rsa != NULL &&
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		    BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
+ 		    BN_cmp(a->rsa->n, b->rsa->n) == 0;
+ #else
+@@ -233,7 +233,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b)
+ #endif
+ 	case KEY_DSA:
+ 		return a->dsa != NULL && b->dsa != NULL &&
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		    BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
+ 		    BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
+ 		    BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
+@@ -293,7 +293,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+ 	}
+ 	switch (k->type) {
+ 	case KEY_RSA1:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		nlen = BN_num_bytes(k->rsa->n);
+ 		elen = BN_num_bytes(k->rsa->e);
+ 		len = nlen + elen;
+@@ -510,7 +510,7 @@ pamsshagentauth_key_read(Key *ret, char **cpp)
+ 			return -1;
+ 		*cpp = cp;
+ 		/* Get public exponent, public modulus. */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if (!read_bignum(cpp, ret->rsa->e))
+ 			return -1;
+ 		if (!read_bignum(cpp, ret->rsa->n))
+@@ -643,7 +643,7 @@ pamsshagentauth_key_write(const Key *key, FILE *f)
+ 
+ 	if (key->type == KEY_RSA1 && key->rsa != NULL) {
+ 		/* size of modulus 'n' */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		bits = BN_num_bits(key->rsa->n);
+ 		fprintf(f, "%u", bits);
+ 		if (write_bignum(f, key->rsa->e) &&
+@@ -742,7 +742,7 @@ pamsshagentauth_key_size(const Key *k)
+ {
+ 	switch (k->type) {
+ 	case KEY_RSA1:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 	case KEY_RSA:
+ 		return BN_num_bits(k->rsa->n);
+ 	case KEY_DSA:
+@@ -843,7 +843,7 @@ pamsshagentauth_key_from_private(const Key *k)
+ 	switch (k->type) {
+ 	case KEY_DSA:
+ 		n = pamsshagentauth_key_new(k->type);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
+ 		    (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
+ 		    (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
+@@ -859,7 +859,7 @@ pamsshagentauth_key_from_private(const Key *k)
+ 	case KEY_RSA:
+ 	case KEY_RSA1:
+ 		n = pamsshagentauth_key_new(k->type);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
+ 		    (BN_copy(n->rsa->e, k->rsa->e) == NULL))
+ #else
+@@ -967,7 +967,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
+ 	switch (type) {
+ 	case KEY_RSA:
+ 		key = pamsshagentauth_key_new(type);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||
+ 		    pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
+ #else
+@@ -985,7 +985,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
+ 		break;
+ 	case KEY_DSA:
+ 		key = pamsshagentauth_key_new(type);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 ||
+ 		    pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 ||
+ 		    pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 ||
+@@ -1113,7 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
+ 	}
+ 	pamsshagentauth_buffer_init(&b);
+ 	switch (key->type) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 	case KEY_DSA:
+ 		pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key));
+ 		pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p);
+@@ -1251,7 +1251,7 @@ pamsshagentauth_key_demote(const Key *k)
+ 	case KEY_RSA:
+ 		if ((pk->rsa = RSA_new()) == NULL)
+ 			pamsshagentauth_fatal("key_demote: RSA_new failed");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
+ 			pamsshagentauth_fatal("key_demote: BN_dup failed");
+ 		if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
+@@ -1264,7 +1264,7 @@ pamsshagentauth_key_demote(const Key *k)
+ 	case KEY_DSA:
+ 		if ((pk->dsa = DSA_new()) == NULL)
+ 			pamsshagentauth_fatal("key_demote: DSA_new failed");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
+ 			pamsshagentauth_fatal("key_demote: BN_dup failed");
+ 		if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
+diff --git a/ssh-dss.c b/ssh-dss.c
+index 1051ae2..9b96274 100644
+--- a/ssh-dss.c
++++ b/ssh-dss.c
+@@ -52,7 +52,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+ 	u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
+ 	u_int rlen, slen, len, dlen;
+ 	Buffer b;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ 	const BIGNUM *r, *s;
+ #endif
+ 
+@@ -74,7 +74,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+ 		return -1;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 	rlen = BN_num_bytes(sig->r);
+ 	slen = BN_num_bytes(sig->s);
+ #else
+@@ -88,7 +88,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+ 		return -1;
+ 	}
+ 	memset(sigblob, 0, SIGBLOB_LEN);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 	BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
+ 	BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
+ #else
+@@ -131,7 +131,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ 	u_int len, dlen;
+ 	int rlen, ret;
+ 	Buffer b;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ 	BIGNUM *r, *s;
+ #endif
+ 
+@@ -176,7 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ 	/* parse signature */
+ 	if ((sig = DSA_SIG_new()) == NULL)
+ 		pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 	if ((sig->r = BN_new()) == NULL)
+ 		pamsshagentauth_fatal("ssh_dss_verify: BN_new failed");
+ 	if ((sig->s = BN_new()) == NULL)
+diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
+index c213959..5b13b30 100644
+--- a/ssh-ecdsa.c
++++ b/ssh-ecdsa.c
+@@ -45,7 +45,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+     u_char digest[EVP_MAX_MD_SIZE];
+     u_int len, dlen;
+     Buffer b, bb;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ 	BIGNUM *r, *s;
+ #endif
+ 
+@@ -69,7 +69,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+     }
+ 
+     pamsshagentauth_buffer_init(&bb);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+     if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 ||
+         pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) {
+ #else
+@@ -110,7 +110,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+     u_int len, dlen;
+     int rlen, ret;
+     Buffer b;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ 	BIGNUM *r, *s;
+ #endif
+ 
+@@ -141,7 +141,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ 
+     pamsshagentauth_buffer_init(&b);
+     pamsshagentauth_buffer_append(&b, sigblob, len);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+     if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) ||
+         (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1))
+ #else
+diff --git a/ssh-rsa.c b/ssh-rsa.c
+index 9d74eb6..35f2e36 100644
+--- a/ssh-rsa.c
++++ b/ssh-rsa.c
+@@ -119,13 +119,13 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ 		pamsshagentauth_logerror("ssh_rsa_verify: no RSA key");
+ 		return -1;
+ 	}
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+ #else
+ 	if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+ #endif
+ 		pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits",
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ 		    BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
+ #else
+ 		    BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE);
diff --git a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb
index 2a461fc..ac7fa4b 100644
--- a/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb
@@ -7,11 +7,14 @@
                     file://OPENSSH_LICENSE;md5=7ae09218173be1643c998a4b71027f9b \
 "
 
-SRC_URI = "http://sourceforge.net/projects/pamsshagentauth/files/pam_ssh_agent_auth/v${PV}/pam_ssh_agent_auth-${PV}.tar.bz2"
+SRC_URI = "http://sourceforge.net/projects/pamsshagentauth/files/pam_ssh_agent_auth/v${PV}/pam_ssh_agent_auth-${PV}.tar.bz2 \
+           file://0001-Adapt-to-OpenSSL-1.1.1.patch \
+           file://0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch \
+           "
 SRC_URI[md5sum] = "8dbe90ab3625e545036333e6f51ccf1d"
 SRC_URI[sha256sum] = "3c53d358d6eaed1b211239df017c27c6f9970995d14102ae67bae16d4f47a763"
 
-DEPENDS += "libpam openssl10"
+DEPENDS += "libpam openssl"
 
 inherit distro_features_check
 REQUIRED_DISTRO_FEATURES = "pam"
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc
index 40e4005..06ab106 100644
--- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc
+++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc
@@ -1,6 +1,9 @@
 # polkit must prepare polkitd group
 DEPENDS += "polkit"
 
+inherit distro_features_check
+REQUIRED_DISTRO_FEATURES = "polkit"
+
 inherit useradd
 
 do_install_prepend() {
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch
deleted file mode 100644
index 6fd20dc..0000000
--- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit/CVE-2019-6133.patch
+++ /dev/null
@@ -1,190 +0,0 @@
-From 6cc6aafee135ba44ea748250d7d29b562ca190e3 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@verbum.org>
-Date: Fri, 4 Jan 2019 14:24:48 -0500
-Subject: [PATCH] backend: Compare PolkitUnixProcess uids for temporary
- authorizations
-
-It turns out that the combination of `(pid, start time)` is not
-enough to be unique.  For temporary authorizations, we can avoid
-separate users racing on pid reuse by simply comparing the uid.
-
-https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
-
-And the above original email report is included in full in a new comment.
-
-Reported-by: Jann Horn <jannh@google.com>
-
-Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75
-
-CVE: CVE-2019-6133
-Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit.git]
-
-Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
----
- src/polkit/polkitsubject.c                    |  2 +
- src/polkit/polkitunixprocess.c                | 71 ++++++++++++++++++-
- .../polkitbackendinteractiveauthority.c       | 39 +++++++++-
- 3 files changed, 110 insertions(+), 2 deletions(-)
-
-diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
-index d4c1182..ccabd0a 100644
---- a/src/polkit/polkitsubject.c
-+++ b/src/polkit/polkitsubject.c
-@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject)
-  * @b: A #PolkitSubject.
-  *
-  * Checks if @a and @b are equal, ie. represent the same subject.
-+ * However, avoid calling polkit_subject_equal() to compare two processes;
-+ * for more information see the `PolkitUnixProcess` documentation.
-  *
-  * This function can be used in e.g. g_hash_table_new().
-  *
-diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
-index b02b258..78d7251 100644
---- a/src/polkit/polkitunixprocess.c
-+++ b/src/polkit/polkitunixprocess.c
-@@ -51,7 +51,10 @@
-  * @title: PolkitUnixProcess
-  * @short_description: Unix processs
-  *
-- * An object for representing a UNIX process.
-+ * An object for representing a UNIX process.  NOTE: This object as
-+ * designed is now known broken; a mechanism to exploit a delay in
-+ * start time in the Linux kernel was identified.  Avoid
-+ * calling polkit_subject_equal() to compare two processes.
-  *
-  * To uniquely identify processes, both the process id and the start
-  * time of the process (a monotonic increasing value representing the
-@@ -66,6 +69,72 @@
-  * polkit_unix_process_new_for_owner() with trusted data.
-  */
- 
-+/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75
-+
-+  But quoting the original email in full here to ensure it's preserved:
-+
-+  From: Jann Horn <jannh@google.com>
-+  Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork
-+  Date: Wednesday, October 10, 2018 5:34 PM
-+
-+When a (non-root) user attempts to e.g. control systemd units in the system
-+instance from an active session over DBus, the access is gated by a polkit
-+policy that requires "auth_admin_keep" auth. This results in an auth prompt
-+being shown to the user, asking the user to confirm the action by entering the
-+password of an administrator account.
-+
-+After the action has been confirmed, the auth decision for "auth_admin_keep" is
-+cached for up to five minutes. Subject to some restrictions, similar actions can
-+then be performed in this timespan without requiring re-auth:
-+
-+ - The PID of the DBus client requesting the new action must match the PID of
-+   the DBus client requesting the old action (based on SO_PEERCRED information
-+   forwarded by the DBus daemon).
-+ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22)
-+   must not have changed. The granularity of this timestamp is in the
-+   millisecond range.
-+ - polkit polls every two seconds whether a process with the expected start time
-+   still exists. If not, the temporary auth entry is purged.
-+
-+Without the start time check, this would obviously be buggy because an attacker
-+could simply wait for the legitimate client to disappear, then create a new
-+client with the same PID.
-+
-+Unfortunately, the start time check is bypassable because fork() is not atomic.
-+Looking at the source code of copy_process() in the kernel:
-+
-+        p->start_time = ktime_get_ns();
-+        p->real_start_time = ktime_get_boot_ns();
-+        [...]
-+        retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls);
-+        if (retval)
-+                goto bad_fork_cleanup_io;
-+
-+        if (pid != &init_struct_pid) {
-+                pid = alloc_pid(p->nsproxy->pid_ns_for_children);
-+                if (IS_ERR(pid)) {
-+                        retval = PTR_ERR(pid);
-+                        goto bad_fork_cleanup_thread;
-+                }
-+        }
-+
-+The ktime_get_boot_ns() call is where the "start time" of the process is
-+recorded. The alloc_pid() call is where a free PID is allocated. In between
-+these, some time passes; and because the copy_thread_tls() call between them can
-+access userspace memory when sys_clone() is invoked through the 32-bit syscall
-+entry point, an attacker can even stall the kernel arbitrarily long at this
-+point (by supplying a pointer into userspace memory that is associated with a
-+userfaultfd or is backed by a custom FUSE filesystem).
-+
-+This means that an attacker can immediately call sys_clone() when the victim
-+process is created, often resulting in a process that has the exact same start
-+time reported in procfs; and then the attacker can delay the alloc_pid() call
-+until after the victim process has died and the PID assignment has cycled
-+around. This results in an attacker process that polkit can't distinguish from
-+the victim process.
-+*/
-+
-+
- /**
-  * PolkitUnixProcess:
-  *
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index a1630b9..80e8141 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -3031,6 +3031,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store)
-   g_free (store);
- }
- 
-+/* See the comment at the top of polkitunixprocess.c */
-+static gboolean
-+subject_equal_for_authz (PolkitSubject *a,
-+                         PolkitSubject *b)
-+{
-+  if (!polkit_subject_equal (a, b))
-+    return FALSE;
-+
-+  /* Now special case unix processes, as we want to protect against
-+   * pid reuse by including the UID.
-+   */
-+  if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) {
-+    PolkitUnixProcess *ap = (PolkitUnixProcess*)a;
-+    int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a);
-+    PolkitUnixProcess *bp = (PolkitUnixProcess*)b;
-+    int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b);
-+
-+    if (uid_a != -1 && uid_b != -1)
-+      {
-+        if (uid_a == uid_b)
-+          {
-+            return TRUE;
-+          }
-+        else
-+          {
-+            g_printerr ("denying slowfork; pid %d uid %d != %d!\n",
-+                        polkit_unix_process_get_pid (ap),
-+                        uid_a, uid_b);
-+            return FALSE;
-+          }
-+      }
-+    /* Fall through; one of the uids is unset so we can't reliably compare */
-+  }
-+
-+  return TRUE;
-+}
-+
- static gboolean
- temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store,
-                                                  PolkitSubject               *subject,
-@@ -3073,7 +3110,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st
-     TemporaryAuthorization *authorization = l->data;
- 
-     if (strcmp (action_id, authorization->action_id) == 0 &&
--        polkit_subject_equal (subject_to_use, authorization->subject))
-+        subject_equal_for_authz (subject_to_use, authorization->subject))
-       {
-         ret = TRUE;
-         if (out_tmp_authz_id != NULL)
--- 
-2.20.1
-
diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb
index 8d59205..13c4b02 100644
--- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit_0.115.bb
@@ -7,7 +7,9 @@
 
 DEPENDS = "expat glib-2.0 intltool-native mozjs"
 
-inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection
+inherit autotools gtk-doc pkgconfig useradd systemd gobject-introspection distro_features_check
+
+REQUIRED_DISTRO_FEATURES = "polkit"
 
 PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
                  ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', \
@@ -23,7 +25,6 @@
 SRC_URI = "http://www.freedesktop.org/software/polkit/releases/polkit-${PV}.tar.gz \
     file://0001-make-netgroup-support-configurable.patch \
     ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
-    file://CVE-2019-6133.patch \
 "
 SRC_URI[md5sum] = "f03b055d6ae5fc8eac76838c7d83d082"
 SRC_URI[sha256sum] = "2f87ecdabfbd415c6306673ceadc59846f059b18ef2fce42bac63fe283f12131"
diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.8.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.12.bb
similarity index 90%
rename from meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.8.bb
rename to meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.12.bb
index 80d36d2..af99537 100644
--- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.8.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_4.0.12.bb
@@ -17,9 +17,10 @@
 
 SRC_URI_append_mips = " file://remove-atomics.patch"
 SRC_URI_append_arm = " file://remove-atomics.patch"
+SRC_URI_append_powerpc = " file://remove-atomics.patch"
 
-SRC_URI[md5sum] = "c75b11e4177e153e4dc1d8dd3a6174e4"
-SRC_URI[sha256sum] = "ff0c38b8c156319249fec61e5018cf5b5fe63a65b61690bec798f4c998c232ad"
+SRC_URI[md5sum] = "48f240fd2d96b1b579300b866398edbc"
+SRC_URI[sha256sum] = "6447259d2eed426a949c9c13f8fdb2d91fb66d9dc915dd50db13b87f46d93162"
 
 inherit autotools-brokensep update-rc.d systemd useradd
 
diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-fix-jump-misses-init-error.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-fix-jump-misses-init-error.patch
deleted file mode 100644
index 68b6863..0000000
--- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-fix-jump-misses-init-error.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 3e5a0cb440c788e2383e40ab23ac1cf01d96961b Mon Sep 17 00:00:00 2001
-From: Mingli Yu <mingli.yu@windriver.com>
-Date: Tue, 24 Jul 2018 01:30:25 -0700
-Subject: [PATCH] src/tcp.c: fix jump-misses-init error
-
-Fix below jump-misses-init error
-
-| In file included from ../../git/src/tcp.c:51:
-| ../../git/src/tcp.c: In function 'relpTcpConnect':
-| ../../git/src/relp.h:220:3: error: jump skips variable initialization [-Werror=jump-misses-init]
-|    goto finalize_it;  \
-|    ^~~~
-| ../../git/src/tcp.c:1951:3: note: in expansion of macro 'ABORT_FINALIZE'
-|    ABORT_FINALIZE(RELP_RET_IO_ERR);
-|    ^~~~~~~~~~~~~~
-| ../../git/src/tcp.c:2005:1: note: label 'finalize_it' defined here
-|  finalize_it:
-|  ^~~~~~~~~~~
-| ../../git/src/tcp.c:1991:6: note: 'r' declared here
-|   int r = getsockopt(pThis->sock, SOL_SOCKET, SO_ERROR, &so_error, &len);
-|       ^
-| In file included from ../../git/src/tcp.c:51:
-| ../../git/src/relp.h:220:3: error: jump skips variable initialization [-Werror=jump-misses-init]
-|    goto finalize_it;  \
-|    ^~~~
-| ../../git/src/tcp.c:1951:3: note: in expansion of macro 'ABORT_FINALIZE'
-|    ABORT_FINALIZE(RELP_RET_IO_ERR);
-|    ^~~~~~~~~~~~~~
-| ../../git/src/tcp.c:2005:1: note: label 'finalize_it' defined here
-|  finalize_it:
-|  ^~~~~~~~~~~
-| ../../git/src/tcp.c:1989:12: note: 'len' declared here
-|   socklen_t len = sizeof so_error;
-|             ^~~
-
-Upstream-Status: Submitted[https://github.com/rsyslog/librelp/pull/117]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- src/tcp.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/tcp.c b/src/tcp.c
-index f35eb84..fb34dc7 100644
---- a/src/tcp.c
-+++ b/src/tcp.c
-@@ -1936,6 +1936,9 @@ relpTcpConnect(relpTcp_t *const pThis,
- 	struct addrinfo hints;
- 	struct addrinfo *reslocal = NULL;
- 	struct pollfd pfd;
-+	int so_error;
-+	socklen_t len = sizeof so_error;
-+	int r;
- 
- 	ENTER_RELPFUNC;
- 	RELPOBJ_assert(pThis, Tcp);
-@@ -1985,10 +1988,8 @@ relpTcpConnect(relpTcp_t *const pThis,
- 		ABORT_FINALIZE(RELP_RET_TIMED_OUT);
- 	}
- 
--	int so_error;
--	socklen_t len = sizeof so_error;
- 
--	int r = getsockopt(pThis->sock, SOL_SOCKET, SO_ERROR, &so_error, &len);
-+	r = getsockopt(pThis->sock, SOL_SOCKET, SO_ERROR, &so_error, &len);
- 	if (r == -1 || so_error != 0) {
- 		pThis->pEngine->dbgprint("socket has an error %d\n", so_error);
- 		ABORT_FINALIZE(RELP_RET_IO_ERR);
--- 
-2.17.1
-
diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-increase-the-size-of-szHname.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-increase-the-size-of-szHname.patch
deleted file mode 100644
index 5a62e15..0000000
--- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp/0001-src-tcp.c-increase-the-size-of-szHname.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From d8950ad273d79ec516468289adbd427e681dbc66 Mon Sep 17 00:00:00 2001
-From: Mingli Yu <mingli.yu@windriver.com>
-Date: Mon, 30 Jul 2018 01:22:56 -0700
-Subject: [PATCH] src/tcp.c: increase the size of szHname
-
-Increase the size of szHname to fix below
-error:
-| ../../git/src/tcp.c: In function 'relpTcpSetRemHost':
-| ../../git/src/tcp.c:352:57: error: '%s' directive output may be truncated writing up to 1024 bytes into a region of size 1011 [-Werror=format-truncation=]
-|      snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP);
-|                                                          ^~    ~~~~
-| In file included from /poky-build/tmp/work/i586-poky-linux/librelp/1.2.16-r0/recipe-sysroot/usr/include/stdio.h:862,
-|                  from ../../git/src/tcp.c:38:
-| /poky-build/tmp/work/i586-poky-linux/librelp/1.2.16-r0/recipe-sysroot/usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 16 and 1040 bytes into a destination of size 1025
-|    return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
-|           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-|         __bos (__s), __fmt, __va_arg_pack ());
-|         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-| cc1: all warnings being treated as errors
-| Makefile:536: recipe for target 'librelp_la-tcp.lo' failed
-
-Upstream-Status: Submitted[https://github.com/rsyslog/librelp/pull/118]
-
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
----
- src/tcp.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/tcp.c b/src/tcp.c
-index fb34dc7..2c38b0b 100644
---- a/src/tcp.c
-+++ b/src/tcp.c
-@@ -319,7 +319,7 @@ relpTcpSetRemHost(relpTcp_t *const pThis, struct sockaddr *pAddr)
- 	relpEngine_t *pEngine;
- 	int error;
- 	unsigned char szIP[NI_MAXHOST] = "";
--	unsigned char szHname[NI_MAXHOST] = "";
-+	unsigned char szHname[1045] = "";
- 	struct addrinfo hints, *res;
- 	size_t len;
- 	
-@@ -349,7 +349,7 @@ relpTcpSetRemHost(relpTcp_t *const pThis, struct sockaddr *pAddr)
- 			if(getaddrinfo((char*)szHname, NULL, &hints, &res) == 0) {
- 				freeaddrinfo (res);
- 				/* OK, we know we have evil, so let's indicate this to our caller */
--				snprintf((char*)szHname, NI_MAXHOST, "[MALICIOUS:IP=%s]", szIP);
-+				snprintf((char*)szHname, sizeof(szHname), "[MALICIOUS:IP=%s]", szIP);
- 				pEngine->dbgprint("Malicious PTR record, IP = \"%s\" HOST = \"%s\"", szIP, szHname);
- 				iRet = RELP_RET_MALICIOUS_HNAME;
- 			}
--- 
-2.17.1
-
diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.2.16.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.2.16.bb
deleted file mode 100644
index 17478ef..0000000
--- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.2.16.bb
+++ /dev/null
@@ -1,18 +0,0 @@
-SUMMARY = "A reliable logging library"
-HOMEPAGE = "https://github.com/rsyslog/libfastjson"
-
-LICENSE = "GPLv3"
-LIC_FILES_CHKSUM = "file://COPYING;md5=1fb9c10ed9fd6826757615455ca893a9"
-
-DEPENDS = "gmp nettle libidn zlib gnutls"
-
-SRC_URI = "git://github.com/rsyslog/librelp.git;protocol=https \
-           file://0001-src-tcp.c-fix-jump-misses-init-error.patch \
-           file://0001-src-tcp.c-increase-the-size-of-szHname.patch \
-"
-
-SRCREV = "5e849ff060be0c7dce972e194c54fdacfee0adc2"
-
-S = "${WORKDIR}/git"
-
-inherit autotools pkgconfig
diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.4.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.4.0.bb
new file mode 100644
index 0000000..9e57dd5
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/librelp_1.4.0.bb
@@ -0,0 +1,16 @@
+SUMMARY = "A reliable logging library"
+HOMEPAGE = "https://github.com/rsyslog/librelp"
+
+LICENSE = "GPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=1fb9c10ed9fd6826757615455ca893a9"
+
+DEPENDS = "gmp nettle libidn zlib gnutls openssl"
+
+SRC_URI = "git://github.com/rsyslog/librelp.git;protocol=https \
+"
+
+SRCREV = "e96443dda3c080fa991decec26bc4ac98d24b9a2"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig
diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch
deleted file mode 100644
index a248f75..0000000
--- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/rsyslog-fix-ptest-not-finish.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 07ad2a1905089b9124623324a9969e4522317110 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Fri, 12 Sep 2014 03:41:11 -0400
-Subject: [PATCH] rsyslog: update configure to fix ptest
-
-$MaxMessageSize doesn't work if before $IncludeConfig diag-common.conf, then
-test cases fall into infinite loop with error message:
-
-8062.511110729:4902c480: error: message received is larger than max msg size, we split it
-8062.511152265:4902c480: discarding zero-sized message
-
-Update configure to fix it.
-
-Upstream-Status: Pending
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
----
- tests/testsuites/complex1.conf             | 2 +-
- tests/testsuites/gzipwr_large.conf         | 2 +-
- tests/testsuites/gzipwr_large_dynfile.conf | 2 +-
- tests/testsuites/imptcp_conndrop.conf      | 2 +-
- tests/testsuites/imptcp_large.conf         | 2 +-
- tests/testsuites/imtcp_conndrop.conf       | 2 +-
- tests/testsuites/wr_large.conf             | 2 +-
- 7 files changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/tests/testsuites/complex1.conf b/tests/testsuites/complex1.conf
-index 9b6a9f3..e00caa4 100644
---- a/tests/testsuites/complex1.conf
-+++ b/tests/testsuites/complex1.conf
-@@ -1,7 +1,7 @@
- # complex test case with multiple actions in gzip mode
- # rgerhards, 2009-05-22
--$MaxMessageSize 10k
- $IncludeConfig diag-common.conf
-+$MaxMessageSize 10k
- 
- $MainMsgQueueTimeoutEnqueue 5000
- 
-diff --git a/tests/testsuites/gzipwr_large.conf b/tests/testsuites/gzipwr_large.conf
-index 54ad3bb..e8247a9 100644
---- a/tests/testsuites/gzipwr_large.conf
-+++ b/tests/testsuites/gzipwr_large.conf
-@@ -1,7 +1,7 @@
- # simple async writing test
- # rgerhards, 2010-03-09
--$MaxMessageSize 10k
- $IncludeConfig diag-common.conf
-+$MaxMessageSize 10k
- 
- $ModLoad ../plugins/imtcp/.libs/imtcp
- $MainMsgQueueTimeoutShutdown 10000
-diff --git a/tests/testsuites/gzipwr_large_dynfile.conf b/tests/testsuites/gzipwr_large_dynfile.conf
-index 3a1b255..297cb70 100644
---- a/tests/testsuites/gzipwr_large_dynfile.conf
-+++ b/tests/testsuites/gzipwr_large_dynfile.conf
-@@ -1,7 +1,7 @@
- # simple async writing test
- # rgerhards, 2010-03-09
--$MaxMessageSize 10k
- $IncludeConfig diag-common.conf
-+$MaxMessageSize 10k
- 
- $ModLoad ../plugins/imtcp/.libs/imtcp
- $MainMsgQueueTimeoutShutdown 10000
-diff --git a/tests/testsuites/imptcp_conndrop.conf b/tests/testsuites/imptcp_conndrop.conf
-index 77a5d79..d9a14a8 100644
---- a/tests/testsuites/imptcp_conndrop.conf
-+++ b/tests/testsuites/imptcp_conndrop.conf
-@@ -1,7 +1,7 @@
- # simple async writing test
- # rgerhards, 2010-03-09
--$MaxMessageSize 10k
- $IncludeConfig diag-common.conf
-+$MaxMessageSize 10k
- 
- $ModLoad ../plugins/imptcp/.libs/imptcp
- $MainMsgQueueTimeoutShutdown 10000
-diff --git a/tests/testsuites/imptcp_large.conf b/tests/testsuites/imptcp_large.conf
-index 77a5d79..d9a14a8 100644
---- a/tests/testsuites/imptcp_large.conf
-+++ b/tests/testsuites/imptcp_large.conf
-@@ -1,7 +1,7 @@
- # simple async writing test
- # rgerhards, 2010-03-09
--$MaxMessageSize 10k
- $IncludeConfig diag-common.conf
-+$MaxMessageSize 10k
- 
- $ModLoad ../plugins/imptcp/.libs/imptcp
- $MainMsgQueueTimeoutShutdown 10000
-diff --git a/tests/testsuites/imtcp_conndrop.conf b/tests/testsuites/imtcp_conndrop.conf
-index de41bc4..7844dc7 100644
---- a/tests/testsuites/imtcp_conndrop.conf
-+++ b/tests/testsuites/imtcp_conndrop.conf
-@@ -1,7 +1,7 @@
- # simple async writing test
- # rgerhards, 2010-03-09
--$MaxMessageSize 10k
- $IncludeConfig diag-common.conf
-+$MaxMessageSize 10k
- 
- $ModLoad ../plugins/imtcp/.libs/imtcp
- $MainMsgQueueTimeoutShutdown 10000
-diff --git a/tests/testsuites/wr_large.conf b/tests/testsuites/wr_large.conf
-index b64f132..b0ae264 100644
---- a/tests/testsuites/wr_large.conf
-+++ b/tests/testsuites/wr_large.conf
-@@ -1,7 +1,7 @@
- # simple async writing test
- # rgerhards, 2010-03-09
--$MaxMessageSize 10k
- $IncludeConfig diag-common.conf
-+$MaxMessageSize 10k
- 
- $ModLoad ../plugins/imtcp/.libs/imtcp
- $MainMsgQueueTimeoutShutdown 10000
diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.37.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1903.0.bb
similarity index 95%
rename from meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.37.0.bb
rename to meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1903.0.bb
index 1fb4390..e06141e 100644
--- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.37.0.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1903.0.bb
@@ -23,15 +23,15 @@
            file://rsyslog.logrotate \
            file://use-pkgconfig-to-check-libgcrypt.patch \
            file://run-ptest \
-           file://rsyslog-fix-ptest-not-finish.patch \
 "
 
 SRC_URI_append_libc-musl = " \
     file://0001-Include-sys-time-h.patch \
 "
 
-SRC_URI[md5sum] = "e0942b4b88a13602a6b6352bf9f05091"
-SRC_URI[sha256sum] = "295c289b4c8abd8f8f3fe35a83249b739cedabe82721702b910255f9faf147e7"
+SRC_URI[md5sum] = "f0d454c79d4040e3f25fcd12f8f33fe2"
+SRC_URI[sha256sum] = "d0d23a493dcec64c7b6807a1bb8ee864ed0f3760c2ff3088008bb661d304056f"
+
 
 UPSTREAM_CHECK_URI = "https://github.com/rsyslog/rsyslog/releases"
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)"
@@ -162,5 +162,8 @@
 VALGRIND_arm = ""
 VALGRIND_aarch64 = ""
 VALGRIND_riscv64 = ""
-RDEPENDS_${PN}-ptest += "make diffutils gzip bash gawk coreutils procps"
+RDEPENDS_${PN}-ptest += "\
+  make diffutils gzip bash gawk coreutils procps \
+  libgcc python-core python-io \
+  "
 RRECOMMENDS_${PN}-ptest += "${TCLIBC}-dbg ${VALGRIND}"
diff --git a/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrok_0.5.1.bb b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrok_0.5.1.bb
new file mode 100644
index 0000000..8152ca7
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrok_0.5.1.bb
@@ -0,0 +1,23 @@
+DESCRIPTION = "libsigrok is a shared library written in C, which provides the basic hardware access drivers for logic analyzers and other supported devices, as well as input/output file format support."
+HOMEPAGE = "http://sigrok.org/wiki/Main_Page"
+
+LICENSE = "GPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
+
+DEPENDS = "glib-2.0 libzip"
+
+PACKAGECONFIG[serialport] = "--with-libserialport,--without-libserialport,libserialport"
+PACKAGECONFIG[ftdi] = "--with-libftdi,--without-libftdi,libftdi"
+PACKAGECONFIG[usb] = "--with-libusb,--without-libusb,libusb"
+PACKAGECONFIG[cxx] = "--enable-cxx,--disable-cxx,glibmm doxygen-native"
+
+PACKAGECONFIG ??= "serialport ftdi usb"
+
+inherit autotools pkgconfig
+
+SRC_URI = "http://sigrok.org/download/source/libsigrok/libsigrok-${PV}.tar.gz"
+
+SRC_URI[md5sum] = "a3de9e52a660e51d27a6aca025d204a7"
+SRC_URI[sha256sum] = "e40fde7af98d29e922e9d3cbe0a6c0569889153fc31e47b8b1afe4d846292b9c"
+
+FILES_${PN} += "${datadir}/*"
diff --git a/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrokdecode_0.5.2.bb b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrokdecode_0.5.2.bb
new file mode 100644
index 0000000..b8e1e47
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/sigrok/libsigrokdecode_0.5.2.bb
@@ -0,0 +1,14 @@
+DESCRIPTION = "libsigrokdecode is a shared library written in C, which provides (streaming) protocol decoding functionality."
+HOMEPAGE = "http://sigrok.org/wiki/Main_Page"
+
+LICENSE = "GPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
+
+DEPENDS = "glib-2.0 python3"
+
+inherit autotools pkgconfig
+
+SRC_URI = "http://sigrok.org/download/source/libsigrokdecode/libsigrokdecode-${PV}.tar.gz"
+
+SRC_URI[md5sum] = "b9033bc7e68bc17fffffd4fdd793f5a1"
+SRC_URI[sha256sum] = "e08d9e797c54eccf3144da631b6e5f1498ac531e51520428df537a1da82583f0"
diff --git a/meta-openembedded/meta-oe/recipes-extended/sigrok/sigrok-cli_0.7.0.bb b/meta-openembedded/meta-oe/recipes-extended/sigrok/sigrok-cli_0.7.0.bb
new file mode 100644
index 0000000..d31bcd2
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/sigrok/sigrok-cli_0.7.0.bb
@@ -0,0 +1,18 @@
+DESCRIPTION = "sigrok-cli is a command-line frontend for sigrok."
+HOMEPAGE = "http://sigrok.org/wiki/Main_Page"
+
+LICENSE = "GPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
+
+DEPENDS = "libsigrok"
+
+PACKAGECONFIG[decode] = "--with-libsigrokdecode,--without-libsigrokdecode,libsigrokdecode"
+
+PACKAGECONFIG ??= "decode"
+
+inherit autotools pkgconfig
+
+SRC_URI = "http://sigrok.org/download/source/sigrok-cli/sigrok-cli-${PV}.tar.gz"
+
+SRC_URI[md5sum] = "77cb745e2fa239c7bd1ea81e2d67ede9"
+SRC_URI[sha256sum] = "5669d968c2de3dfc6adfda76e83789b6ba76368407c832438cef5e7099a65e1c"
diff --git a/meta-openembedded/meta-oe/recipes-extended/smartmontools/files/0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch b/meta-openembedded/meta-oe/recipes-extended/smartmontools/files/0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch
deleted file mode 100644
index 91e64d2..0000000
--- a/meta-openembedded/meta-oe/recipes-extended/smartmontools/files/0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From f28aa188e5b0ea85369febe657b8807b8025038b Mon Sep 17 00:00:00 2001
-From: chrfranke <authors@smartmontools.org>
-Date: Wed, 8 Nov 2017 06:15:50 +0000
-Subject: [PATCH] os_linux.cpp: Use 'realpath()' (BSD, POSIX) instead of
- 'canonicalize_file_name()' (GNU extension). This fixes build on systems with
- musl libc (#921).
-
-git-svn-id: http://svn.code.sf.net/p/smartmontools/code/trunk@4603 4ea69e1a-61f1-4043-bf83-b5c94c648137
-
-Upstream-Status: Backport [https://www.smartmontools.org/ticket/921]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- os_linux.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/os_linux.cpp b/os_linux.cpp
-index 134d5bc..935f9c7 100644
---- a/os_linux.cpp
-+++ b/os_linux.cpp
-@@ -3176,7 +3176,7 @@ static bool is_hpsa(const char * name)
- {
-   char path[128];
-   snprintf(path, sizeof(path), "/sys/block/%s/device", name);
--  char * syshostpath = canonicalize_file_name(path);
-+  char * syshostpath = realpath(name, (char *)0);
-   if (!syshostpath)
-     return false;
- 
diff --git a/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_6.6.bb b/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_7.0.bb
similarity index 89%
rename from meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_6.6.bb
rename to meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_7.0.bb
index c77c105..d984566 100644
--- a/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_6.6.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/smartmontools/smartmontools_7.0.bb
@@ -16,15 +16,14 @@
            file://initd.smartd \
            file://smartmontools.default \
            file://smartd.service \
-           file://0001-os_linux.cpp-Use-realpath-BSD-POSIX-instead-of-canon.patch \
            "
 
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'libcap-ng selinux', d)}"
 PACKAGECONFIG[libcap-ng] = "--with-libcap-ng=yes,--with-libcap-ng=no,libcap-ng"
 PACKAGECONFIG[selinux] = "--with-selinux=yes,--with-selinux=no,libselinux"
 
-SRC_URI[md5sum] = "9ae2c6e7131cd2813edcc65cbe5f223f"
-SRC_URI[sha256sum] = "51f43d0fb064fccaf823bbe68cf0d317d0895ff895aa353b3339a3b316a53054"
+SRC_URI[md5sum] = "b2a80e4789af23d67dfe1e88a997abbf"
+SRC_URI[sha256sum] = "e5e1ac2786bc87fdbd6f92d0ee751b799fbb3e1a09c0a6a379f9eb64b3e8f61c"
 
 inherit autotools update-rc.d systemd
 
diff --git a/meta-openembedded/meta-oe/recipes-extended/triggerhappy/triggerhappy_0.5.0.bb b/meta-openembedded/meta-oe/recipes-extended/triggerhappy/triggerhappy_0.5.0.bb
new file mode 100644
index 0000000..037ce06
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/triggerhappy/triggerhappy_0.5.0.bb
@@ -0,0 +1,47 @@
+SUMMARY = "A lightweight hotkey daemon"
+HOMEPAGE = "https://github.com/wertarbyte/triggerhappy"
+
+LICENSE = "GPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
+
+SRC_URI = "https://github.com/wertarbyte/triggerhappy/archive/debian/0.5.0-1.tar.gz"
+
+SRC_URI[md5sum] = "77f90a18c775e47c4c5e9e08987ca32f"
+SRC_URI[sha256sum] = "9150bafbf7f2de7d57e6cc154676c33da98dc11ac6442e1ca57e5dce82bd4292"
+
+S = "${WORKDIR}/${PN}-debian-${PV}-1"
+
+inherit autotools-brokensep pkgconfig update-rc.d systemd
+
+PACKAGECONFIG = "${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd','',d)}"
+PACKAGECONFIG[systemd] = ",,systemd"
+
+INITSCRIPT_NAME = "triggerhappy"
+INITSCRIPT_PARAMS = "defaults"
+SYSTEMD_SERVICE_${PN} = "triggerhappy.service triggerhappy.socket"
+
+FILES_${PN} = "\
+${sbindir}/thd \
+${sbindir}/th-cmd \
+${sysconfdir}/triggerhappy/triggers.d \
+${nonarch_base_libdir}/udev/rules.d/80-triggerhappy.rules \
+${sysconfdir}/init.d/triggerhappy \
+${systemd_unitdir}/system \
+"
+CONFFILES_${PN} = "${sysconfdir}/udev/rules.d/80-triggerhappy.rules"
+
+do_install_append() {
+    install -d ${D}${sysconfdir}/triggerhappy/triggers.d
+
+    install -d ${D}${nonarch_base_libdir}/udev/rules.d
+    install -m 0644 ${S}/udev/triggerhappy-udev.rules ${D}${nonarch_base_libdir}/udev/rules.d/80-triggerhappy.rules
+
+    install -d ${D}${sysconfdir}/init.d
+    install -m 0755 ${S}/debian/init.d ${D}${sysconfdir}/init.d/triggerhappy
+
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        install -d ${D}/${systemd_unitdir}/system
+        install -m 0644 ${S}/systemd/triggerhappy.socket ${D}${systemd_unitdir}/system
+        install -m 0644 ${S}/systemd/triggerhappy.service ${D}${systemd_unitdir}/system
+    fi
+}
diff --git a/meta-openembedded/meta-oe/recipes-extended/upm/upm/0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch b/meta-openembedded/meta-oe/recipes-extended/upm/upm/0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch
new file mode 100644
index 0000000..4b9a195
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-extended/upm/upm/0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch
@@ -0,0 +1,38 @@
+From 3707f467f9a26a7df3d41385023b43c3d08911d2 Mon Sep 17 00:00:00 2001
+From: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com>
+Date: Tue, 12 Feb 2019 17:46:52 -0800
+Subject: [PATCH][v3] CMakeLists.txt: Use SWIG_SUPPORT_FILES to find the list
+ of generated files for cmake version 3.12 or higher
+
+Use SWIG_SUPPORT_FILES to find the list of python files generated by
+CMake Swig module and install those files. This should be applicable to
+cmake version 3.12 or higher
+
+Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com>
+---
+ src/CMakeLists.txt | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index e19cda2..b565814 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -337,8 +337,14 @@ macro(_upm_swig_python)
+       OUTPUT_NAME _pyupm_${libname}
+       LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_PYTHON_BINARY_DIR})
+ 
++  if (CMAKE_VERSION VERSION_LESS "3.12")
++     set(support_files ${swig_extra_generated_files})
++  else()
++     get_property(support_files TARGET _${python_wrapper_name} PROPERTY SWIG_SUPPORT_FILES)
++  endif()
++
+   # Install .py's to python packages directory/upm
+-  install (FILES ${swig_extra_generated_files}
++  install (FILES ${support_files}
+       DESTINATION ${PYTHON_PACKAGES_PATH}/upm
+       COMPONENT ${CMAKE_PROJECT_NAME}-python${PYTHON_VERSION_MAJOR})
+ 
+-- 
+2.7.4
+
diff --git a/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb b/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb
index babe5f4..8854a33 100644
--- a/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/upm/upm_git.bb
@@ -13,6 +13,7 @@
 SRC_URI = "git://github.com/intel-iot-devkit/${BPN}.git;protocol=http \
            file://0001-Replace-strncpy-with-memcpy.patch \
            file://0001-include-sys-types.h-for-uint-definition.patch \
+           file://0001-CMakeLists.txt-Use-SWIG_SUPPORT_FILES-to-find-the-li.patch \
            "
 
 S = "${WORKDIR}/git"
@@ -20,7 +21,7 @@
 # Depends on mraa which only supports x86 and ARM for now
 COMPATIBLE_HOST = "(x86_64.*|i.86.*|aarch64.*|arm.*)-linux"
 
-inherit distutils3-base cmake
+inherit distutils3-base cmake pkgconfig
 
 # override this in local.conf to get needed bindings.
 # BINDINGS_pn-upm="python"
diff --git a/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.11.bb b/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb
similarity index 71%
rename from meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.11.bb
rename to meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb
index c41b20c..398ca5c 100644
--- a/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.11.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/volume_key/volume-key_0.3.12.bb
@@ -10,8 +10,8 @@
 
 SRC_URI = "https://releases.pagure.org/volume_key/volume_key-${PV}.tar.xz \
 "
-SRC_URI[md5sum] = "30df56c7743eb7c965293b3d61194232"
-SRC_URI[sha256sum] = "e6b279c25ae477b555f938db2e41818f90c8cde942b0eec92f70b6c772095f6d"
+SRC_URI[md5sum] = "200591290173c3ea71528411838f9080"
+SRC_URI[sha256sum] = "6ca3748fc1dad22c450bbf6601d4e706cb11c5e662d11bb4aeb473a9cd77309b"
 
 SRCNAME = "volume_key"
 S = "${WORKDIR}/${SRCNAME}-${PV}"
@@ -27,6 +27,10 @@
     swig-native \
 "
 
+PACKAGECONFIG ??= "python3"
+PACKAGECONFIG[python] = "--with-python,--without-python,python,python"
+PACKAGECONFIG[python3] = "--with-python3,--without-python3,python3,python3"
+
 RDEPENDS_python3-${PN} += "${PN}"
 
 PACKAGES += "python3-${PN}"