diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb
index 3966b4c..ac36461 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb
@@ -6,22 +6,20 @@
 
 require avahi.inc
 
-inherit python-dir pythonnative distro_features_check
-ANY_OF_DISTRO_FEATURES = "${GTK2DISTROFEATURES}"
+inherit distro_features_check
+ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
-PACKAGECONFIG ??= "dbus python"
-PACKAGECONFIG[python] = "--enable-python,--disable-python,python-native python"
-
+SRC_URI += "file://0001-configure.ac-install-GtkBuilder-interface-files-for-.patch"
 SRC_URI[md5sum] = "22b5e705d3eabb31d26f2e1e7b074013"
 SRC_URI[sha256sum] = "d54991185d514a0aba54ebeb408d7575b60f5818a772e28fa0e18b98bc1db454"
 
-DEPENDS += "avahi gtk+ libglade"
+DEPENDS += "avahi"
 
-AVAHI_GTK = "--enable-gtk --disable-gtk3 --disable-pygtk"
+AVAHI_GTK = "gtk3"
 
 S = "${WORKDIR}/avahi-${PV}"
 
-PACKAGES = "${PN} ${PN}-utils ${PN}-dbg ${PN}-dev ${PN}-staticdev ${PN}-doc python-avahi avahi-discover"
+PACKAGES = "${PN} ${PN}-utils ${PN}-dbg ${PN}-dev ${PN}-staticdev ${PN}-doc avahi-discover"
 
 FILES_${PN} = "${libdir}/libavahi-ui*.so.*"
 FILES_${PN}-dev += "${libdir}/libavahi-ui${SOLIBSDEV}"
@@ -29,14 +27,10 @@
 
 FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*"
 
-FILES_python-avahi = "${PYTHON_SITEPACKAGES_DIR}/avahi ${PYTHON_SITEPACKAGES_DIR}/avahi_discover"
 FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \
-                        ${datadir}/avahi/interfaces/avahi-discover* \
+                        ${datadir}/avahi/interfaces/avahi-discover.ui \
                         ${bindir}/avahi-discover-standalone \
-                        ${datadir}/avahi/interfaces/avahi-discover.glade"
-
-RDEPENDS_python-avahi = "python-core python-dbus"
-
+                        "
 
 do_install_append () {
 	rm ${D}${sysconfdir} -rf
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc
index 81aad79..234646d 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi.inc
@@ -23,8 +23,14 @@
           "
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
 
-PACKAGECONFIG ??= "dbus"
+# For gtk related PACKAGECONFIGs: gtk, gtk3 and pygtk
+AVAHI_GTK ?= ""
+
+PACKAGECONFIG ??= "dbus ${AVAHI_GTK}"
 PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
+PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+"
+PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3"
+PACKAGECONFIG[pygtk] = "--enable-pygtk,--disable-pygtk,"
 
 USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
 USERADD_PARAM_avahi-daemon = "--system --home /var/run/avahi-daemon \
@@ -51,14 +57,12 @@
              --disable-manpages \
              ${EXTRA_OECONF_SYSVINIT} \
              ${EXTRA_OECONF_SYSTEMD} \
-             ${AVAHI_GTK} \
            "
 
 # The distro choice determines what init scripts are installed
 EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}"
 EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}"
 
-AVAHI_GTK ?= "--disable-gtk --disable-gtk3"
 
 LDFLAGS_append_libc-uclibc = " -lintl"
 LDFLAGS_append_uclinux-uclibc = " -lintl"
@@ -71,7 +75,7 @@
 }
 
 do_compile_prepend() {
-    export GIR_EXTRA_LIBS_PATH="${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs"
+    export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs"
 }
 
 PACKAGES =+ "avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib libavahi-ui avahi-autoipd avahi-utils"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi_0.6.32.bb b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi_0.6.32.bb
index 6670106..bfa6304 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi_0.6.32.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/avahi_0.6.32.bb
@@ -12,6 +12,8 @@
                     file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
                     file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
 
+SRC_URI += "file://avahi-fix-resource-unavaiable.patch"
+
 SRC_URI[md5sum] = "22b5e705d3eabb31d26f2e1e7b074013"
 SRC_URI[sha256sum] = "d54991185d514a0aba54ebeb408d7575b60f5818a772e28fa0e18b98bc1db454"
 
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch
new file mode 100644
index 0000000..8ccef08
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch
@@ -0,0 +1,28 @@
+From a59f13fab31a6e25bb03b2c2bc3aea576f857b6c Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Sun, 12 Jun 2016 18:32:49 +0300
+Subject: [PATCH] configure.ac: install GtkBuilder interface files for GTK+3
+ too
+
+Upstream-Status: Pending
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index aebb716..48bdf63 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -965,7 +965,7 @@ AC_SUBST(avahi_socket)
+ #
+ # Avahi interfaces dir
+ #
+-if test "x$HAVE_PYTHON_DBUS" = "xyes" -o "x$HAVE_GTK" = "xyes"; then
++if test "x$HAVE_PYTHON_DBUS" = "xyes" -o "x$HAVE_GTK" = "xyes" -o "x$HAVE_GTK3" = "xyes"; then
+ 	interfacesdir="${datadir}/${PACKAGE}/interfaces/"
+ 	AC_SUBST(interfacesdir)
+ fi
+-- 
+2.1.4
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/avahi-fix-resource-unavaiable.patch b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/avahi-fix-resource-unavaiable.patch
new file mode 100644
index 0000000..5a2fd75
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/avahi/files/avahi-fix-resource-unavaiable.patch
@@ -0,0 +1,30 @@
+Upstream-Status: Backport
+
+Backport from:
+https://github.com/experimental-platform/platform-hostname-avahi/pull/9
+
+It sometimes fails to run avahi with error: "Could not receive return value
+from daemon process". It has same root cause with
+https://github.com/lxc/lxc/issues/25.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+From 5150983102ad5ad43f0dae203cb332c168eb5a71 Mon Sep 17 00:00:00 2001
+From: Hinnerk Haardt <haardt@information-control.de>
+Date: Thu, 17 Dec 2015 11:52:19 +0100
+Subject: [PATCH] Fix `chroot.c: fork() failed: Resource temporarily
+ unavailable` as per https://github.com/lxc/lxc/issues/25.
+
+---
+ avahi-daemon/avahi-daemon.conf | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/avahi-daemon/avahi-daemon.conf b/avahi-daemon/avahi-daemon.conf
+index 95166f8..3d5b7a6 100644
+--- a/avahi-daemon/avahi-daemon.conf
++++ b/avahi-daemon/avahi-daemon.conf
+@@ -65,4 +65,3 @@ rlimit-data=4194304
+ rlimit-fsize=0
+ rlimit-nofile=768
+ rlimit-stack=4194304
+-rlimit-nproc=3
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
index a31ea81..5f5cb0d 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
@@ -5,6 +5,9 @@
  failure due to improper                         DNAME handling when parsing
  fetch reply messages.                         (CVE-2016-1286) [RT #41753]
 
+CVE: CVE-2016-1286
+Upstream-Status: Backport
+
 (cherry picked from commit 2de89ee9de8c8da9dc153a754b02dcdbb7fe2374)
 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
 ---
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch
new file mode 100644
index 0000000..5393063
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch
@@ -0,0 +1,90 @@
+From 9d8aba8a7778721ae2cee6e4670a8e6be6590b05 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Wed, 12 Oct 2016 19:52:59 +0900
+Subject: [PATCH]
+4406.   [security]      getrrsetbyname with a non absolute name could
+                        trigger an infinite recursion bug in lwresd
+                        and named with lwres configured if when combined
+                        with a search list entry the resulting name is
+                        too long. (CVE-2016-2775) [RT #42694]
+
+Backport commit 38cc2d14e218e536e0102fa70deef99461354232 from the
+v9.11.0_patch branch.
+
+CVE: CVE-2016-2775
+Upstream-Status: Backport
+
+Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com>
+
+---
+ CHANGES                          |  6 ++++++
+ bin/named/lwdgrbn.c              | 16 ++++++++++------
+ bin/tests/system/lwresd/lwtest.c |  9 ++++++++-
+ 3 files changed, 24 insertions(+), 7 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index d2e3360..d0a9d12 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -1,3 +1,9 @@
++4406.   [security]      getrrsetbyname with a non absolute name could
++                        trigger an infinite recursion bug in lwresd
++                        and named with lwres configured if when combined
++                        with a search list entry the resulting name is
++                        too long. (CVE-2016-2775) [RT #42694]
++
+ 4322.  [security]      Duplicate EDNS COOKIE options in a response could
+                        trigger an assertion failure. (CVE-2016-2088)
+                        [RT #41809]
+diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c
+index 3e7b15b..e1e9adc 100644
+--- a/bin/named/lwdgrbn.c
++++ b/bin/named/lwdgrbn.c
+@@ -403,14 +403,18 @@ start_lookup(ns_lwdclient_t *client) {
+ 	INSIST(client->lookup == NULL);
+ 
+ 	dns_fixedname_init(&absname);
+-	result = ns_lwsearchctx_current(&client->searchctx,
+-					dns_fixedname_name(&absname));
++
+ 	/*
+-	 * This will return failure if relative name + suffix is too long.
+-	 * In this case, just go on to the next entry in the search path.
++         * Perform search across all search domains until success
++         * is returned. Return in case of failure.
+ 	 */
+-	if (result != ISC_R_SUCCESS)
+-		start_lookup(client);
++        while (ns_lwsearchctx_current(&client->searchctx,
++                        dns_fixedname_name(&absname)) != ISC_R_SUCCESS) {
++                if (ns_lwsearchctx_next(&client->searchctx) != ISC_R_SUCCESS) {
++                        ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
++                        return;
++                }
++        }
+ 
+ 	result = dns_lookup_create(cm->mctx,
+ 				   dns_fixedname_name(&absname),
+diff --git a/bin/tests/system/lwresd/lwtest.c b/bin/tests/system/lwresd/lwtest.c
+index ad9b551..3eb4a66 100644
+--- a/bin/tests/system/lwresd/lwtest.c
++++ b/bin/tests/system/lwresd/lwtest.c
+@@ -768,7 +768,14 @@ main(void) {
+ 	test_getrrsetbyname("e.example1.", 1, 2, 1, 1, 1);
+ 	test_getrrsetbyname("e.example1.", 1, 46, 2, 0, 1);
+ 	test_getrrsetbyname("", 1, 1, 0, 0, 0);
+-
++        test_getrrsetbyname("123456789.123456789.123456789.123456789."
++                            "123456789.123456789.123456789.123456789."
++                            "123456789.123456789.123456789.123456789."
++                            "123456789.123456789.123456789.123456789."
++                            "123456789.123456789.123456789.123456789."
++                            "123456789.123456789.123456789.123456789."
++                            "123456789", 1, 1, 0, 0, 0);
++ 
+ 	if (fails == 0)
+ 		printf("I:ok\n");
+ 	return (fails);
+-- 
+2.7.4
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch
new file mode 100644
index 0000000..738bf60
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch
@@ -0,0 +1,123 @@
+From 1171111657081970585f9f0e03b476358c33a6c0 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Wed, 12 Oct 2016 20:36:52 +0900
+Subject: [PATCH] 
+4467.   [security]      It was possible to trigger an assertion when 
+                        rendering a message. (CVE-2016-2776) [RT #43139]
+
+Backport commit 2bd0922cf995b9ac205fc83baf7e220b95c6bf12 from the
+v9.11.0_patch branch.
+
+CVE: CVE-2016-2776
+Upstream-Status: Backport
+
+Signed-off-by: zhengruoqin <zhengrq.fnst@cn.fujitsu.com>
+
+---
+ CHANGES           |  3 +++
+ lib/dns/message.c | 42 +++++++++++++++++++++++++++++++-----------
+ 2 files changed, 34 insertions(+), 11 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index d0a9d12..5c8c61a 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -1,3 +1,6 @@
++4467.   [security]      It was possible to trigger an assertion when
++                        rendering a message. (CVE-2016-2776) [RT #43139]
++
+ 4406.   [security]      getrrsetbyname with a non absolute name could
+                         trigger an infinite recursion bug in lwresd
+                         and named with lwres configured if when combined
+diff --git a/lib/dns/message.c b/lib/dns/message.c
+index 6b5b4bb..b74dc81 100644
+--- a/lib/dns/message.c
++++ b/lib/dns/message.c
+@@ -1754,7 +1754,7 @@ dns_message_renderbegin(dns_message_t *msg, dns_compress_t *cctx,
+ 	if (r.length < DNS_MESSAGE_HEADERLEN)
+ 		return (ISC_R_NOSPACE);
+ 
+-	if (r.length < msg->reserved)
++        if (r.length - DNS_MESSAGE_HEADERLEN < msg->reserved)
+ 		return (ISC_R_NOSPACE);
+ 
+ 	/*
+@@ -1895,8 +1895,29 @@ norender_rdataset(const dns_rdataset_t *rdataset, unsigned int options,
+ 
+ 	return (ISC_TRUE);
+ }
+-
+ #endif
++
++static isc_result_t
++renderset(dns_rdataset_t *rdataset, dns_name_t *owner_name,
++         dns_compress_t *cctx, isc_buffer_t *target,
++         unsigned int reserved, unsigned int options, unsigned int *countp)
++{
++       isc_result_t result;
++
++       /*
++        * Shrink the space in the buffer by the reserved amount.
++        */
++       if (target->length - target->used < reserved)
++               return (ISC_R_NOSPACE);
++
++       target->length -= reserved;
++       result = dns_rdataset_towire(rdataset, owner_name,
++                                    cctx, target, options, countp);
++       target->length += reserved;
++
++       return (result);
++}
++
+ isc_result_t
+ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
+ 			  unsigned int options)
+@@ -1939,6 +1960,8 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
+ 	/*
+ 	 * Shrink the space in the buffer by the reserved amount.
+ 	 */
++        if (msg->buffer->length - msg->buffer->used < msg->reserved)
++                return (ISC_R_NOSPACE);
+ 	msg->buffer->length -= msg->reserved;
+ 
+ 	total = 0;
+@@ -2214,9 +2237,8 @@ dns_message_renderend(dns_message_t *msg) {
+ 		 * Render.
+ 		 */
+ 		count = 0;
+-		result = dns_rdataset_towire(msg->opt, dns_rootname,
+-					     msg->cctx, msg->buffer, 0,
+-					     &count);
++                result = renderset(msg->opt, dns_rootname, msg->cctx,
++                                   msg->buffer, msg->reserved, 0, &count);
+ 		msg->counts[DNS_SECTION_ADDITIONAL] += count;
+ 		if (result != ISC_R_SUCCESS)
+ 			return (result);
+@@ -2232,9 +2254,8 @@ dns_message_renderend(dns_message_t *msg) {
+ 		if (result != ISC_R_SUCCESS)
+ 			return (result);
+ 		count = 0;
+-		result = dns_rdataset_towire(msg->tsig, msg->tsigname,
+-					     msg->cctx, msg->buffer, 0,
+-					     &count);
++                result = renderset(msg->tsig, msg->tsigname, msg->cctx,
++                                   msg->buffer, msg->reserved, 0, &count);
+ 		msg->counts[DNS_SECTION_ADDITIONAL] += count;
+ 		if (result != ISC_R_SUCCESS)
+ 			return (result);
+@@ -2255,9 +2276,8 @@ dns_message_renderend(dns_message_t *msg) {
+ 		 * the owner name of a SIG(0) is irrelevant, and will not
+ 		 * be set in a message being rendered.
+ 		 */
+-		result = dns_rdataset_towire(msg->sig0, dns_rootname,
+-					     msg->cctx, msg->buffer, 0,
+-					     &count);
++                result = renderset(msg->sig0, dns_rootname, msg->cctx,
++                                   msg->buffer, msg->reserved, 0, &count);
+ 		msg->counts[DNS_SECTION_ADDITIONAL] += count;
+ 		if (result != ISC_R_SUCCESS)
+ 			return (result);
+-- 
+2.7.4
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
index 6989d6d..b02ecb1 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
@@ -1,6 +1,6 @@
 Upstream-Status: Pending
 
-Signed-off-by Saul Wold <sgw@linux.intel.com>
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
 
 Index: bind-9.9.5/bin/Makefile.in
 ===================================================================
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
index 1e3a20f..4e2e856 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
@@ -25,6 +25,8 @@
            file://CVE-2016-1286_1.patch \
            file://CVE-2016-1286_2.patch \
            file://CVE-2016-2088.patch \
+           file://CVE-2016-2775.patch \
+           file://CVE-2016-2776.patch \
            "
 
 SRC_URI[md5sum] = "bcf7e772b616f7259420a3edc5df350a"
@@ -56,7 +58,7 @@
 
 PARALLEL_MAKE = ""
 
-RDEPENDS_${PN} = "python-core"
+RDEPENDS_${PN} = "python3-core"
 RDEPENDS_${PN}-dev = ""
 
 PACKAGE_BEFORE_PN += "${PN}-utils"
@@ -81,7 +83,7 @@
 	install -d "${D}${sysconfdir}/init.d"
 	install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
 	install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
-	sed -i -e '1s,#!.*python,#! /usr/bin/env python,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds
+	sed -i -e '1s,#!.*python,#! /usr/bin/python3,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds
 
 	# Install systemd related files
 	install -d ${D}${sbindir}
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc
index a508229..ecefb7b 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -18,6 +18,7 @@
 
 SRC_URI = "\
     ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
+    file://out-of-tree.patch \
     file://init \
     file://run-ptest \
     ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
@@ -25,7 +26,7 @@
 "
 S = "${WORKDIR}/bluez-${PV}"
 
-inherit autotools-brokensep pkgconfig systemd update-rc.d distro_features_check ptest
+inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest
 
 EXTRA_OECONF = "\
   --enable-tools \
@@ -60,17 +61,25 @@
 	    install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
 	fi
 
+  if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then
+    sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth
+  fi
+
 	# Install desired tools that upstream leaves in build area
         for f in ${NOINST_TOOLS} ; do
 	    install -m 755 ${B}/$f ${D}/${bindir}
 	done
+
+        # Patch python tools to use Python 3; they should be source compatible, but
+        # still refer to Python 2 in the shebang
+        sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/bluez/test/*
 }
 
 ALLOW_EMPTY_libasound-module-bluez = "1"
 PACKAGES =+ "libasound-module-bluez ${PN}-testtools ${PN}-obex ${PN}-noinst-tools"
 
 FILES_libasound-module-bluez = "${libdir}/alsa-lib/lib*.so ${datadir}/alsa"
-FILES_${PN} += "${libdir}/bluetooth/plugins/*.so ${base_libdir}/udev/ ${nonarch_base_libdir}/udev/ ${systemd_unitdir}/ ${datadir}/dbus-1"
+FILES_${PN} += "${libdir}/bluetooth/plugins/*.so ${systemd_unitdir}/ ${datadir}/dbus-1"
 FILES_${PN}-dev += "\
   ${libdir}/bluetooth/plugins/*.la \
   ${libdir}/alsa-lib/*.la \
@@ -94,7 +103,7 @@
 
 FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS', True))}"
 
-RDEPENDS_${PN}-testtools += "python python-dbus python-pygobject"
+RDEPENDS_${PN}-testtools += "python3 python3-dbus python3-pygobject"
 
 SYSTEMD_SERVICE_${PN} = "bluetooth.service"
 INITSCRIPT_PACKAGES = "${PN}"
@@ -108,5 +117,5 @@
 
 do_install_ptest() {
         cp -r ${B}/unit/ ${D}${PTEST_PATH}
-        rm ${D}${PTEST_PATH}/unit/*.c ${D}${PTEST_PATH}/unit/*.o
+        rm -f ${D}${PTEST_PATH}/unit/*.o
 }
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init
index 1606a5c..489e9b9 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/init
@@ -3,7 +3,7 @@
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 DESC=bluetooth
 
-DAEMON=/usr/lib/bluez5/bluetooth/bluetoothd
+DAEMON=@LIBEXECDIR@/bluetooth/bluetoothd
 
 # If you want to be ignore error of "org.freedesktop.hostname1",
 # please enable NOPLUGIN_OPTION.
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
new file mode 100644
index 0000000..3ee79d7
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
@@ -0,0 +1,26 @@
+From ed55b49a226ca3909f52416be2ae5ce1c5ca2cb2 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Fri, 22 Apr 2016 15:40:37 +0100
+Subject: [PATCH] Makefile.obexd: add missing mkdir in builtin.h generation
+
+In parallel out-of-tree builds it's possible that obexd/src/builtin.h is
+generated before the target directory has been implicitly created. Solve this by
+creating the directory before writing into it.
+
+Upstream-Status: Submitted
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+---
+ Makefile.obexd | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.obexd b/Makefile.obexd
+index 2e33cbc..c8286f0 100644
+--- a/Makefile.obexd
++++ b/Makefile.obexd
+@@ -105,2 +105,3 @@ obexd/src/plugin.$(OBJEXT): obexd/src/builtin.h
+ obexd/src/builtin.h: obexd/src/genbuiltin $(obexd_builtin_sources)
++	$(AM_V_at)$(MKDIR_P) $(dir $@)
+ 	$(AM_V_GEN)$(srcdir)/obexd/src/genbuiltin $(obexd_builtin_modules) > $@
+-- 
+2.8.0.rc3
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.37.bb b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.41.bb
similarity index 88%
rename from import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.37.bb
rename to import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.41.bb
index db20f79..522aab7 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.37.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/bluez5/bluez5_5.41.bb
@@ -2,8 +2,8 @@
 
 REQUIRED_DISTRO_FEATURES = "bluez5"
 
-SRC_URI[md5sum] = "33177e5743e24b2b3738f72be64e3ffb"
-SRC_URI[sha256sum] = "c14ba9ddcb0055522073477b8fd8bf1ddf5d219e75fdfd4699b7e0ce5350d6b0"
+SRC_URI[md5sum] = "318341b2188698130adb73236ee69244"
+SRC_URI[sha256sum] = "df7dc4462494dad4e60a2943240d584f6e760235dca64f5f10eba46dbab7f5f0"
 
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support
@@ -13,6 +13,7 @@
     tools/obex-server-tool \
     tools/bluetooth-player \
     tools/obexctl \
+    tools/btmgmt \
 "
 
 # noinst programs in Makefile.tools that are conditional on EXPERIMENTAL
@@ -37,7 +38,6 @@
     tools/hwdb \
     tools/hcieventmask \
     tools/hcisecfilter \
-    tools/btmgmt \
     tools/btinfo \
     tools/btattach \
     tools/btsnoop \
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch
new file mode 100644
index 0000000..c93e9b4
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch
@@ -0,0 +1,277 @@
+From a59b0fac02e74a971ac3f08bf28c17ce361a9526 Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Wed, 2 Mar 2016 15:47:49 +0200
+Subject: [PATCH] Port to Gtk3
+
+Some unused (or not useful) code was removed, functionality should stay
+the same.
+
+Code still contains quite a few uses of deprecated API.
+
+Upstream-Status: Submitted
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+---
+ applet/agent.c        |  3 +--
+ applet/main.c         | 43 -------------------------------------------
+ applet/status.c       |  8 --------
+ configure.ac          |  3 +--
+ properties/ethernet.c | 14 +++++++-------
+ properties/main.c     |  2 +-
+ properties/wifi.c     | 12 ++++++------
+ 7 files changed, 16 insertions(+), 69 deletions(-)
+
+diff --git a/applet/agent.c b/applet/agent.c
+index 65bed08..04fe86a 100644
+--- a/applet/agent.c
++++ b/applet/agent.c
+@@ -126,7 +126,6 @@ static void request_input_dialog(GHashTable *request,
+ 	gtk_window_set_position(GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+ 	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+ 	gtk_window_set_urgency_hint(GTK_WINDOW(dialog), TRUE);
+-	gtk_dialog_set_has_separator(GTK_DIALOG(dialog), FALSE);
+ 	input->dialog = dialog;
+ 
+ 	gtk_dialog_add_button(GTK_DIALOG(dialog),
+@@ -139,7 +138,7 @@ static void request_input_dialog(GHashTable *request,
+ 	gtk_table_set_row_spacings(GTK_TABLE(table), 4);
+ 	gtk_table_set_col_spacings(GTK_TABLE(table), 20);
+ 	gtk_container_set_border_width(GTK_CONTAINER(table), 12);
+-	gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table);
++	gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area (GTK_DIALOG(dialog))), table);
+ 
+ 	label = gtk_label_new(_("Please provide some network information:"));
+ 	gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0);
+diff --git a/applet/main.c b/applet/main.c
+index f12d371..cd16285 100644
+--- a/applet/main.c
++++ b/applet/main.c
+@@ -157,46 +157,6 @@ static void name_owner_changed(DBusGProxy *proxy, const char *name,
+ 	}
+ }
+ 
+-static void open_uri(GtkWindow *parent, const char *uri)
+-{
+-	GtkWidget *dialog;
+-	GdkScreen *screen;
+-	GError *error = NULL;
+-	gchar *cmdline;
+-
+-	screen = gtk_window_get_screen(parent);
+-
+-	cmdline = g_strconcat("xdg-open ", uri, NULL);
+-
+-	if (gdk_spawn_command_line_on_screen(screen,
+-				cmdline, &error) == FALSE) {
+-		dialog = gtk_message_dialog_new(parent,
+-				GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR,
+-				GTK_BUTTONS_CLOSE, "%s", error->message);
+-		gtk_dialog_run(GTK_DIALOG(dialog));
+-		gtk_widget_destroy(dialog);
+-		g_error_free(error);
+-	}
+-
+-	g_free(cmdline);
+-}
+-
+-static void about_url_hook(GtkAboutDialog *dialog,
+-				const gchar *url, gpointer data)
+-{
+-	open_uri(GTK_WINDOW(dialog), url);
+-}
+-
+-static void about_email_hook(GtkAboutDialog *dialog,
+-				const gchar *email, gpointer data)
+-{
+-	gchar *uri;
+-
+-	uri = g_strconcat("mailto:", email, NULL);
+-	open_uri(GTK_WINDOW(dialog), uri);
+-	g_free(uri);
+-}
+-
+ static void about_callback(GtkWidget *item, gpointer user_data)
+ {
+ 	const gchar *authors[] = {
+@@ -204,9 +164,6 @@ static void about_callback(GtkWidget *item, gpointer user_data)
+ 		NULL
+ 	};
+ 
+-	gtk_about_dialog_set_url_hook(about_url_hook, NULL, NULL);
+-	gtk_about_dialog_set_email_hook(about_email_hook, NULL, NULL);
+-
+ 	gtk_show_about_dialog(NULL, "version", VERSION,
+ 			"copyright", "Copyright \xc2\xa9 2008 Intel Corporation",
+ 			"comments", _("A connection manager for the GNOME desktop"),
+diff --git a/applet/status.c b/applet/status.c
+index aed6f1e..015ff29 100644
+--- a/applet/status.c
++++ b/applet/status.c
+@@ -102,8 +102,6 @@ static void icon_animation_start(IconAnimation *animation,
+ {
+ 	available = TRUE;
+ 
+-	gtk_status_icon_set_tooltip(statusicon, NULL);
+-
+ 	animation->start = start;
+ 	animation->end = (end == 0) ? animation->count - 1 : end;
+ 
+@@ -120,8 +118,6 @@ static void icon_animation_stop(IconAnimation *animation)
+ {
+ 	available = TRUE;
+ 
+-	gtk_status_icon_set_tooltip(statusicon, NULL);
+-
+ 	if (animation->id > 0)
+ 		g_source_remove(animation->id);
+ 
+@@ -251,8 +247,6 @@ void status_unavailable(void)
+ 	available = FALSE;
+ 
+ 	gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_notifier);
+-	gtk_status_icon_set_tooltip(statusicon,
+-				"Connection Manager daemon is not running");
+ 
+ 	gtk_status_icon_set_visible(statusicon, TRUE);
+ }
+@@ -299,7 +293,6 @@ static void set_ready(gint signal)
+ 
+ 	if (signal < 0) {
+ 		gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_wired);
+-		gtk_status_icon_set_tooltip(statusicon, NULL);
+ 		return;
+ 	}
+ 
+@@ -311,7 +304,6 @@ static void set_ready(gint signal)
+ 		index = 4;
+ 
+ 	gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_signal[index]);
+-	gtk_status_icon_set_tooltip(statusicon, NULL);
+ }
+ 
+ struct timeout_data {
+diff --git a/configure.ac b/configure.ac
+index b972e07..a4dad5d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -55,8 +55,7 @@ AC_SUBST(DBUS_LIBS)
+ DBUS_BINDING_TOOL="dbus-binding-tool"
+ AC_SUBST(DBUS_BINDING_TOOL)
+ 
+-PKG_CHECK_MODULES(GTK, gtk+-2.0 >= 2.8, dummy=yes,
+-				AC_MSG_ERROR(gtk+ >= 2.8 is required))
++PKG_CHECK_MODULES(GTK, gtk+-3.0)
+ AC_SUBST(GTK_CFLAGS)
+ AC_SUBST(GTK_LIBS)
+ 
+diff --git a/properties/ethernet.c b/properties/ethernet.c
+index 31db7a0..0b6b423 100644
+--- a/properties/ethernet.c
++++ b/properties/ethernet.c
+@@ -82,7 +82,7 @@ void add_ethernet_switch_button(GtkWidget *mainbox, GtkTreeIter *iter,
+ 	gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
+ 	gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
+ 
+-	table = gtk_table_new(1, 1, TRUE);
++	table = gtk_table_new(1, 1, FALSE);
+ 	gtk_table_set_row_spacings(GTK_TABLE(table), 10);
+ 	gtk_table_set_col_spacings(GTK_TABLE(table), 10);
+ 	gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
+@@ -136,7 +136,7 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d
+ 	gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
+ 	gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
+ 
+-	table = gtk_table_new(5, 5, TRUE);
++	table = gtk_table_new(5, 5, FALSE);
+ 	gtk_table_set_row_spacings(GTK_TABLE(table), 10);
+ 	gtk_table_set_col_spacings(GTK_TABLE(table), 10);
+ 	gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
+@@ -144,9 +144,9 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d
+ 	label = gtk_label_new(_("Configuration:"));
+ 	gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 0, 1);
+ 
+-	combo = gtk_combo_box_new_text();
+-	gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP");
+-	gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "MANUAL");
++	combo = gtk_combo_box_text_new();
++	gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP");
++	gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "MANUAL");
+ 	gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo),
+ 					separator_function, NULL, NULL);
+ 	gtk_table_attach_defaults(GTK_TABLE(table), combo, 2, 4, 0, 1);
+@@ -219,7 +219,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy)
+ 	case CONNMAN_POLICY_DHCP:
+ 		gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0);
+ 		for (i = 0; i < 3; i++) {
+-			gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0);
++			gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0);
+ 			gtk_widget_set_sensitive(entry[i], 0);
+ 			gtk_entry_set_text(GTK_ENTRY(entry[i]), _(""));
+ 		}
+@@ -227,7 +227,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy)
+ 	case CONNMAN_POLICY_MANUAL:
+ 		gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1);
+ 		for (i = 0; i < 3; i++) {
+-			gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1);
++			gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1);
+ 			gtk_widget_set_sensitive(entry[i], 1);
+ 		}
+ 		break;
+diff --git a/properties/main.c b/properties/main.c
+index c05f443..6f76361 100644
+--- a/properties/main.c
++++ b/properties/main.c
+@@ -429,7 +429,7 @@ static GtkWidget *create_interfaces(GtkWidget *window)
+ 
+ 	scrolled = gtk_scrolled_window_new(NULL, NULL);
+ 	gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolled),
+-				GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC);
++				GTK_POLICY_NEVER, GTK_POLICY_AUTOMATIC);
+ 	gtk_scrolled_window_set_shadow_type(GTK_SCROLLED_WINDOW(scrolled),
+ 							GTK_SHADOW_OUT);
+ 	gtk_box_pack_start(GTK_BOX(hbox), scrolled, FALSE, TRUE, 0);
+diff --git a/properties/wifi.c b/properties/wifi.c
+index bd325ef..a5827e0 100644
+--- a/properties/wifi.c
++++ b/properties/wifi.c
+@@ -125,7 +125,7 @@ void add_wifi_switch_button(GtkWidget *mainbox, GtkTreeIter *iter,
+ 	gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
+ 	gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
+ 
+-	table = gtk_table_new(1, 1, TRUE);
++	table = gtk_table_new(1, 1, FALSE);
+ 	gtk_table_set_row_spacings(GTK_TABLE(table), 10);
+ 	gtk_table_set_col_spacings(GTK_TABLE(table), 10);
+ 	gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
+@@ -185,9 +185,9 @@ static void wifi_ipconfig(GtkWidget *table, struct config_data *data, GtkTreeIte
+ 	gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 3, 4);
+ 	data->ipv4.label[0] = label;
+ 
+-	combo = gtk_combo_box_new_text();
+-	gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP");
+-	gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "Manual");
++	combo = gtk_combo_box_text_new();
++	gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP");
++	gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "Manual");
+ 
+ 	gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo),
+ 			separator_function, NULL, NULL);
+@@ -335,14 +335,14 @@ void update_wifi_ipv4(struct config_data *data, guint policy)
+ 	case CONNMAN_POLICY_DHCP:
+ 		gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0);
+ 		for (i = 0; i < 3; i++) {
+-			gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0);
++			gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0);
+ 			gtk_widget_set_sensitive(entry[i], 0);
+ 		}
+ 		break;
+ 	case CONNMAN_POLICY_MANUAL:
+ 		gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1);
+ 		for (i = 0; i < 3; i++) {
+-			gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1);
++			gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1);
+ 			gtk_widget_set_sensitive(entry[i], 1);
+ 		}
+ 		break;
+-- 
+2.8.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
index 7b875f0..a56bd37 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -6,7 +6,7 @@
                     file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \
                     file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a"
 
-DEPENDS = "gtk+ dbus-glib intltool-native gettext-native"
+DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native"
 
 # 0.7 tag
 SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143"
@@ -15,12 +15,13 @@
            file://null_check_for_ipv4_config.patch \
            file://images/* \
            file://connman-gnome-fix-dbus-interface-name.patch \
+           file://0001-Port-to-Gtk3.patch \
           "
 
 S = "${WORKDIR}/git"
 
 inherit autotools-brokensep gtk-icon-cache pkgconfig distro_features_check
-ANY_OF_DISTRO_FEATURES = "${GTK2DISTROFEATURES}"
+ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
 RDEPENDS_${PN} = "connman"
 
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc
index c375251..35a7eed 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman.inc
@@ -26,11 +26,9 @@
     --enable-loopback \
     --enable-ethernet \
     --enable-tools \
-    --enable-test \
     --disable-polkit \
     --enable-client \
 "
-CFLAGS += "-D_GNU_SOURCE"
 
 PACKAGECONFIG ??= "wispr \
                    ${@bb.utils.contains('DISTRO_FEATURES', 'systemd','systemd', '', d)} \
@@ -140,10 +138,7 @@
 FILES_${PN}-tools = "${bindir}/wispr"
 RDEPENDS_${PN}-tools ="${PN}"
 
-FILES_${PN}-tests = "${bindir}/*-test ${libdir}/${BPN}/test/*"
-RDEPENDS_${PN}-tests = "python-dbus python-pygobject python-textutils python-subprocess python-fcntl python-netclient \
-                        ${PN} \
-"
+FILES_${PN}-tests = "${bindir}/*-test"
 
 FILES_${PN}-client = "${bindir}/connmanctl"
 RDEPENDS_${PN}-client ="${PN}"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Detect-backtrace-API-availability-before-using-it.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Detect-backtrace-API-availability-before-using-it.patch
deleted file mode 100644
index 5dc6fd6..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-Detect-backtrace-API-availability-before-using-it.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 00d4447395725abaa651e12ed40095081e04011e Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sun, 13 Sep 2015 13:22:01 -0700
-Subject: [PATCH 1/3] Detect backtrace() API availability before using it
-
-C libraries besides glibc do not have backtrace() implemented
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- configure.ac | 2 ++
- src/log.c    | 5 ++---
- 2 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 69c0eeb..90099f2 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -171,6 +171,8 @@ fi
- AM_CONDITIONAL(PPTP, test "${enable_pptp}" != "no")
- AM_CONDITIONAL(PPTP_BUILTIN, test "${enable_pptp}" = "builtin")
- 
-+AC_CHECK_HEADERS([execinfo.h])
-+
- AC_CHECK_HEADERS(resolv.h, dummy=yes,
- 	AC_MSG_ERROR(resolver header files are required))
- AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
-diff --git a/src/log.c b/src/log.c
-index a693bd0..5b40c1f 100644
---- a/src/log.c
-+++ b/src/log.c
-@@ -30,7 +30,6 @@
- #include <stdlib.h>
- #include <string.h>
- #include <syslog.h>
--#include <execinfo.h>
- #include <dlfcn.h>
- 
- #include "connman.h"
-@@ -215,9 +214,9 @@ static void print_backtrace(unsigned int offset)
- static void signal_handler(int signo)
- {
- 	connman_error("Aborting (signal %d) [%s]", signo, program_exec);
--
-+#ifdef HAVE_EXECINFO_H
- 	print_backtrace(2);
--
-+#endif /* HAVE_EXECINFO_H */
- 	exit(EXIT_FAILURE);
- }
- 
--- 
-2.5.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-iptables-Add-missing-function-item-of-xtables-to-mat.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-iptables-Add-missing-function-item-of-xtables-to-mat.patch
deleted file mode 100644
index 1b5a3e4..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0001-iptables-Add-missing-function-item-of-xtables-to-mat.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From acea08a0e4234a4c1a87bedc087c73ff36de0c7b Mon Sep 17 00:00:00 2001
-From: Wu Zheng <wu.zheng@intel.com>
-Date: Thu, 28 Jan 2016 18:04:17 +0800
-Subject: [PATCH] iptables: Add missing function item of xtables to match
- iptables 1.6
-
-The struct of xtables_globals has been modified in iptables 1.6.
-If connman runs with iptables 1.6, it can crash.
-
-Program received signal SIGSEGV, Segmentation fault.
-0x00000000 in ?? ()
-0xb7dea89c in xtables_find_target () from /usr/lib/libxtables.so.11
-0xb7deac1c in ?? () from /usr/lib/libxtables.so.11
-0xb7dea793 in xtables_find_target () from /usr/lib/libxtables.so.11
-
-The the missing function item of xtables is added to xtables_globals.
-
-Upstream-Status: Backport
-
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
-Signed-off-by: Wu Zheng <wu.zheng@intel.com>
----
- src/iptables.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/iptables.c b/src/iptables.c
-index bc0c763..5ef757a 100644
---- a/src/iptables.c
-+++ b/src/iptables.c
-@@ -1566,6 +1566,9 @@ struct xtables_globals iptables_globals = {
- 	.option_offset = 0,
- 	.opts = iptables_opts,
- 	.orig_opts = iptables_opts,
-+#if XTABLES_VERSION_CODE > 10
-+	.compat_rev = xtables_compatible_revision,
-+#endif
- };
- 
- static struct xtables_target *prepare_target(struct connman_iptables *table,
--- 
-2.4.0
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-Fix-header-inclusions-for-musl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-Fix-header-inclusions-for-musl.patch
deleted file mode 100644
index eefc683..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/0003-Fix-header-inclusions-for-musl.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 67645a01a2f3f52625d8dd77f2811a9e213e1b7d Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sun, 13 Sep 2015 13:28:20 -0700
-Subject: [PATCH] Fix header inclusions for musl
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- gweb/gresolv.c        | 1 +
- plugins/wifi.c        | 3 +--
- src/tethering.c       | 2 --
- tools/dhcp-test.c     | 1 -
- tools/dnsproxy-test.c | 1 +
- 5 files changed, 3 insertions(+), 5 deletions(-)
-
-Index: connman-1.30/gweb/gresolv.c
-===================================================================
---- connman-1.30.orig/gweb/gresolv.c
-+++ connman-1.30/gweb/gresolv.c
-@@ -28,6 +28,7 @@
- #include <stdarg.h>
- #include <string.h>
- #include <stdlib.h>
-+#include <stdio.h>
- #include <resolv.h>
- #include <sys/types.h>
- #include <sys/socket.h>
-Index: connman-1.30/plugins/wifi.c
-===================================================================
---- connman-1.30.orig/plugins/wifi.c
-+++ connman-1.30/plugins/wifi.c
-@@ -30,9 +30,8 @@
- #include <string.h>
- #include <sys/ioctl.h>
- #include <sys/socket.h>
--#include <linux/if_arp.h>
--#include <linux/wireless.h>
- #include <net/ethernet.h>
-+#include <linux/wireless.h>
- 
- #ifndef IFF_LOWER_UP
- #define IFF_LOWER_UP	0x10000
-Index: connman-1.30/src/tethering.c
-===================================================================
---- connman-1.30.orig/src/tethering.c
-+++ connman-1.30/src/tethering.c
-@@ -31,10 +31,8 @@
- #include <stdio.h>
- #include <sys/ioctl.h>
- #include <net/if.h>
--#include <linux/sockios.h>
- #include <string.h>
- #include <fcntl.h>
--#include <linux/if_tun.h>
- #include <netinet/in.h>
- #include <linux/if_bridge.h>
- 
-Index: connman-1.30/tools/dhcp-test.c
-===================================================================
---- connman-1.30.orig/tools/dhcp-test.c
-+++ connman-1.30/tools/dhcp-test.c
-@@ -33,7 +33,6 @@
- #include <arpa/inet.h>
- #include <net/route.h>
- #include <net/ethernet.h>
--#include <linux/if_arp.h>
- 
- #include <gdhcp/gdhcp.h>
- 
-Index: connman-1.30/tools/dnsproxy-test.c
-===================================================================
---- connman-1.30.orig/tools/dnsproxy-test.c
-+++ connman-1.30/tools/dnsproxy-test.c
-@@ -27,6 +27,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-+#include <stdio.h>
- #include <arpa/inet.h>
- #include <netinet/in.h>
- #include <sys/types.h>
-Index: connman-1.30/configure.ac
-===================================================================
---- connman-1.30.orig/configure.ac
-+++ connman-1.30/configure.ac
-@@ -173,6 +173,8 @@ AM_CONDITIONAL(PPTP_BUILTIN, test "${ena
- 
- AC_CHECK_HEADERS([execinfo.h])
- 
-+AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]])
-+
- AC_CHECK_HEADERS(resolv.h, dummy=yes,
- 	AC_MSG_ERROR(resolver header files are required))
- AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
-Index: connman-1.30/gdhcp/common.h
-===================================================================
---- connman-1.30.orig/gdhcp/common.h
-+++ connman-1.30/gdhcp/common.h
-@@ -19,6 +19,7 @@
-  *
-  */
- 
-+#include <config.h>
- #include <netinet/udp.h>
- #include <netinet/ip.h>
- 
-@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths
- 	[OPTION_U32]	= 4,
- };
- 
--/* already defined within netinet/in.h if using GNU compiler */
--#ifndef __USE_GNU
-+/* already defined within netinet/in.h if using GNU or musl libc */
-+#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR
- struct in6_pktinfo {
- 	struct in6_addr ipi6_addr;  /* src/dst IPv6 address */
- 	unsigned int ipi6_ifindex;  /* send/recv interface index */
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/includes.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/includes.patch
new file mode 100644
index 0000000..55cb187
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/includes.patch
@@ -0,0 +1,423 @@
+Fix various issues which cause problems under musl.
+
+Upstream-Status: Submitted
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 630516bcc0233b047f65665c003201ba6e77453d Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 9 Aug 2016 16:22:36 +0100
+Subject: [PATCH 1/3] Use AC_USE_SYSTEM_EXTENSIONS
+
+Instead of using #define _GNU_SOURCE in some source files which causes problems
+when building with musl as more files need the define, simply use
+AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally.
+---
+ configure.ac       | 1 +
+ gdhcp/client.c     | 1 -
+ plugins/tist.c     | 1 -
+ src/backtrace.c    | 1 -
+ src/inet.c         | 1 -
+ src/log.c          | 1 -
+ src/ntp.c          | 1 -
+ src/resolver.c     | 1 -
+ src/rfkill.c       | 1 -
+ src/stats.c        | 1 -
+ src/timezone.c     | 1 -
+ tools/stats-tool.c | 1 -
+ tools/tap-test.c   | 1 -
+ tools/wispr.c      | 1 -
+ vpn/plugins/vpn.c  | 1 -
+ 15 files changed, 1 insertion(+), 14 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 6e66ab3..bacf5ec 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -20,6 +20,7 @@ AC_SUBST(abs_top_srcdir)
+ AC_SUBST(abs_top_builddir)
+ 
+ AC_LANG_C
++AC_USE_SYSTEM_EXTENSIONS
+ 
+ AC_PROG_CC
+ AM_PROG_CC_C_O
+diff --git a/gdhcp/client.c b/gdhcp/client.c
+index fbb40ab..3aeb089 100644
+--- a/gdhcp/client.c
++++ b/gdhcp/client.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <unistd.h>
+diff --git a/plugins/tist.c b/plugins/tist.c
+index ad5ef79..cc2800a 100644
+--- a/plugins/tist.c
++++ b/plugins/tist.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <stdbool.h>
+ #include <stdlib.h>
+diff --git a/src/backtrace.c b/src/backtrace.c
+index 6a66c0a..4dbdda8 100644
+--- a/src/backtrace.c
++++ b/src/backtrace.c
+@@ -24,7 +24,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <stdlib.h>
+diff --git a/src/inet.c b/src/inet.c
+index 69ded19..81d92c2 100644
+--- a/src/inet.c
++++ b/src/inet.c
+@@ -25,7 +25,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <unistd.h>
+diff --git a/src/log.c b/src/log.c
+index 9bae4a3..f7e82e5 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <stdarg.h>
+diff --git a/src/ntp.c b/src/ntp.c
+index dd246eb..db8ae96 100644
+--- a/src/ntp.c
++++ b/src/ntp.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+diff --git a/src/resolver.c b/src/resolver.c
+index fbe4be7..ef61f92 100644
+--- a/src/resolver.c
++++ b/src/resolver.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <fcntl.h>
+diff --git a/src/rfkill.c b/src/rfkill.c
+index 2bfb092..af49d12 100644
+--- a/src/rfkill.c
++++ b/src/rfkill.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <fcntl.h>
+diff --git a/src/stats.c b/src/stats.c
+index 26343b1..cfcdc94 100644
+--- a/src/stats.c
++++ b/src/stats.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <errno.h>
+ #include <sys/mman.h>
+ #include <sys/types.h>
+diff --git a/src/timezone.c b/src/timezone.c
+index e346b11..8e91267 100644
+--- a/src/timezone.c
++++ b/src/timezone.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <errno.h>
+ #include <stdio.h>
+ #include <fcntl.h>
+diff --git a/tools/stats-tool.c b/tools/stats-tool.c
+index b076478..428d94b 100644
+--- a/tools/stats-tool.c
++++ b/tools/stats-tool.c
+@@ -22,7 +22,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <sys/mman.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+diff --git a/tools/tap-test.c b/tools/tap-test.c
+index fdc098a..57917f5 100644
+--- a/tools/tap-test.c
++++ b/tools/tap-test.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <errno.h>
+ #include <fcntl.h>
+diff --git a/tools/wispr.c b/tools/wispr.c
+index d5f9341..e56dfc1 100644
+--- a/tools/wispr.c
++++ b/tools/wispr.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
+index 9a42385..479c3a7 100644
+--- a/vpn/plugins/vpn.c
++++ b/vpn/plugins/vpn.c
+@@ -23,7 +23,6 @@
+ #include <config.h>
+ #endif
+ 
+-#define _GNU_SOURCE
+ #include <string.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+-- 
+2.8.1
+
+
+From b8b7878e6cb2a1ed4fcfa256f7e232511a40e3d9 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 9 Aug 2016 15:37:50 +0100
+Subject: [PATCH 2/3] Check for in6_pktinfo.ipi6_addr explicitly
+
+Instead of assuming that just glibc has this structure, check for it at
+configure as musl also has it.
+
+Based on work by Khem Raj <raj.khem@gmail.com>.
+---
+ configure.ac   | 2 ++
+ gdhcp/common.h | 5 +++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index bacf5ec..ad00456 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -186,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
+ AC_CHECK_HEADERS([execinfo.h])
+ AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"])
+ 
++AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]])
++
+ AC_CHECK_FUNC(signalfd, dummy=yes,
+ 			AC_MSG_ERROR(signalfd support is required))
+ 
+diff --git a/gdhcp/common.h b/gdhcp/common.h
+index 75abc18..6899499 100644
+--- a/gdhcp/common.h
++++ b/gdhcp/common.h
+@@ -19,6 +19,7 @@
+  *
+  */
+ 
++#include <config.h>
+ #include <netinet/udp.h>
+ #include <netinet/ip.h>
+ 
+@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths[] = {
+ 	[OPTION_U32]	= 4,
+ };
+ 
+-/* already defined within netinet/in.h if using GNU compiler */
+-#ifndef __USE_GNU
++/* already defined within netinet/in.h if using glibc or musl */
++#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR
+ struct in6_pktinfo {
+ 	struct in6_addr ipi6_addr;  /* src/dst IPv6 address */
+ 	unsigned int ipi6_ifindex;  /* send/recv interface index */
+-- 
+2.8.1
+
+
+From c0726e432fa0274a2b9c70179b03df6720972816 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 9 Aug 2016 15:19:23 +0100
+Subject: [PATCH 3/3] Rationalise includes
+
+gweb/gresolv.c uses snprintf() and isspace() so it should include stdio.h and
+ctype.h.
+
+tools/dnsproxy-test uses functions from stdio.h.
+
+musl warns when sys/ headers are included when the non-sys form should be used,
+so switch sys/errno.h and so on to errno.h.
+
+musl also causes redefinition errors when pieces of the networking headers are
+included, so remove the redundant includes.
+
+Based on work by Khem Raj <raj.khem@gmail.com>.
+---
+ gweb/gresolv.c               | 2 ++
+ plugins/wifi.c               | 3 +--
+ src/ippool.c                 | 1 -
+ src/iptables.c               | 2 +-
+ src/tethering.c              | 2 --
+ tools/dhcp-test.c            | 1 -
+ tools/dnsproxy-test.c        | 1 +
+ tools/private-network-test.c | 2 +-
+ tools/tap-test.c             | 2 +-
+ 9 files changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/gweb/gresolv.c b/gweb/gresolv.c
+index 8a51a9f..d55027c 100644
+--- a/gweb/gresolv.c
++++ b/gweb/gresolv.c
+@@ -23,11 +23,13 @@
+ #include <config.h>
+ #endif
+ 
++#include <ctype.h>
+ #include <errno.h>
+ #include <unistd.h>
+ #include <stdarg.h>
+ #include <string.h>
+ #include <stdlib.h>
++#include <stdio.h>
+ #include <resolv.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+diff --git a/plugins/wifi.c b/plugins/wifi.c
+index 9d56671..148131d 100644
+--- a/plugins/wifi.c
++++ b/plugins/wifi.c
+@@ -30,9 +30,8 @@
+ #include <string.h>
+ #include <sys/ioctl.h>
+ #include <sys/socket.h>
+-#include <linux/if_arp.h>
+-#include <linux/wireless.h>
+ #include <net/ethernet.h>
++#include <linux/wireless.h>
+ 
+ #ifndef IFF_LOWER_UP
+ #define IFF_LOWER_UP	0x10000
+diff --git a/src/ippool.c b/src/ippool.c
+index cea1dcc..8a645da 100644
+--- a/src/ippool.c
++++ b/src/ippool.c
+@@ -28,7 +28,6 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <unistd.h>
+-#include <sys/errno.h>
+ #include <sys/socket.h>
+ 
+ #include "connman.h"
+diff --git a/src/iptables.c b/src/iptables.c
+index 5ef757a..82e3ac4 100644
+--- a/src/iptables.c
++++ b/src/iptables.c
+@@ -28,7 +28,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <unistd.h>
+-#include <sys/errno.h>
++#include <errno.h>
+ #include <sys/socket.h>
+ #include <xtables.h>
+ #include <inttypes.h>
+diff --git a/src/tethering.c b/src/tethering.c
+index 3153349..ad062d5 100644
+--- a/src/tethering.c
++++ b/src/tethering.c
+@@ -31,10 +31,8 @@
+ #include <stdio.h>
+ #include <sys/ioctl.h>
+ #include <net/if.h>
+-#include <linux/sockios.h>
+ #include <string.h>
+ #include <fcntl.h>
+-#include <linux/if_tun.h>
+ #include <netinet/in.h>
+ #include <linux/if_bridge.h>
+ 
+diff --git a/tools/dhcp-test.c b/tools/dhcp-test.c
+index c34e10a..eae66fc 100644
+--- a/tools/dhcp-test.c
++++ b/tools/dhcp-test.c
+@@ -33,7 +33,6 @@
+ #include <arpa/inet.h>
+ #include <net/route.h>
+ #include <net/ethernet.h>
+-#include <linux/if_arp.h>
+ 
+ #include <gdhcp/gdhcp.h>
+ 
+diff --git a/tools/dnsproxy-test.c b/tools/dnsproxy-test.c
+index 551cae9..371e2e2 100644
+--- a/tools/dnsproxy-test.c
++++ b/tools/dnsproxy-test.c
+@@ -24,6 +24,7 @@
+ #endif
+ 
+ #include <errno.h>
++#include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
+diff --git a/tools/private-network-test.c b/tools/private-network-test.c
+index 3dd115b..2828bb3 100644
+--- a/tools/private-network-test.c
++++ b/tools/private-network-test.c
+@@ -32,7 +32,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <signal.h>
+-#include <sys/poll.h>
++#include <poll.h>
+ #include <sys/signalfd.h>
+ #include <unistd.h>
+ 
+diff --git a/tools/tap-test.c b/tools/tap-test.c
+index 57917f5..cb3ee62 100644
+--- a/tools/tap-test.c
++++ b/tools/tap-test.c
+@@ -28,7 +28,7 @@
+ #include <fcntl.h>
+ #include <unistd.h>
+ #include <string.h>
+-#include <sys/poll.h>
++#include <poll.h>
+ #include <sys/ioctl.h>
+ 
+ #include <netinet/in.h>
+-- 
+2.8.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/no-version-scripts.patch b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/no-version-scripts.patch
new file mode 100644
index 0000000..e96e38b
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman/no-version-scripts.patch
@@ -0,0 +1,27 @@
+With binutils 2.27 on at least MIPS, connmand will crash on startup.  This
+appears to be due to the symbol visibilty scripts hiding symbols that stdio
+looks up at runtime, resulting in it segfaulting.
+
+This certainly appears to be a bug in binutils 2.27 although the problem has
+been known about for some time:
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=17908
+
+As the version scripts are only used to hide symbols from plugins we can safely
+remove the scripts to work around the problem until binutils is fixed.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/Makefile.am b/Makefile.am
+index d70725c..76ae432 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -132,2 +132 @@ src_connmand_LDADD = gdbus/libgdbus-internal.la $(builtin_libadd) \
+-src_connmand_LDFLAGS = -Wl,--export-dynamic \
+-				-Wl,--version-script=$(srcdir)/src/connman.ver
++src_connmand_LDFLAGS = -Wl,--export-dynamic
+@@ -166,2 +165 @@ vpn_connman_vpnd_LDADD = gdbus/libgdbus-internal.la $(builtin_vpn_libadd) \
+-vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic \
+-				-Wl,--version-script=$(srcdir)/vpn/vpn.ver
++vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.31.bb b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.31.bb
deleted file mode 100644
index e71d221..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.31.bb
+++ /dev/null
@@ -1,15 +0,0 @@
-require connman.inc
-
-SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
-            file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
-            file://0001-Detect-backtrace-API-availability-before-using-it.patch \
-            file://0002-resolve-musl-does-not-implement-res_ninit.patch \
-            file://0003-Fix-header-inclusions-for-musl.patch \
-            file://0001-iptables-Add-missing-function-item-of-xtables-to-mat.patch \
-            file://connman \
-            "
-SRC_URI[md5sum] = "cb1c413fcc4f49430294bbd7a92f5f3c"
-SRC_URI[sha256sum] = "88fcf0b6df334796b90e2fd2e434d6f5b36cd6f13b886a119b8c90276b72b8e2"
-
-RRECOMMENDS_${PN} = "connman-conf"
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.33.bb b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.33.bb
new file mode 100644
index 0000000..6ea1a08
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/connman/connman_1.33.bb
@@ -0,0 +1,14 @@
+require connman.inc
+
+SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+            file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
+            file://connman \
+            file://no-version-scripts.patch \
+            file://includes.patch \
+            "
+SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
+
+SRC_URI[md5sum] = "c51903fd3e7a6a371d12ac5d72a1fa01"
+SRC_URI[sha256sum] = "bc8946036fa70124d663136f9f6b6238d897ca482782df907b07a428b09df5a0"
+
+RRECOMMENDS_${PN} = "connman-conf"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc
index 5e396f1..aafdd0a 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp.inc
@@ -46,7 +46,8 @@
                 --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \
                 --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \
                 --with-libbind=${STAGING_LIBDIR}/ \
-		--enable-paranoia \
+                --enable-paranoia \
+                --with-randomdev=/dev/random \
                "
 
 do_install_append () {
@@ -78,6 +79,7 @@
 	sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
 	sed -i -e 's,@base_bindir@,${base_bindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
 	sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
+       sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcrelay.service
 }
 
 PACKAGES += "dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell"
@@ -94,7 +96,6 @@
 FILES_${PN}-relay = "${sbindir}/dhcrelay ${sysconfdir}/init.d/dhcp-relay ${sysconfdir}/default/dhcp-relay"
 
 FILES_${PN}-client = "${base_sbindir}/dhclient ${base_sbindir}/dhclient-script ${sysconfdir}/dhcp/dhclient.conf"
-RDEPENDS_${PN}-client = "bash"
 
 FILES_${PN}-omshell = "${bindir}/omshell"
 
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch
index 4344212..47443a5 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch
@@ -8,10 +8,10 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/includes/site.h b/includes/site.h
-index 73fa4e8..9c33de3 100644
+index 1dd1251..abb66e4 100644
 --- a/includes/site.h
 +++ b/includes/site.h
-@@ -280,7 +280,7 @@
+@@ -289,7 +289,7 @@
     situations.  We plan to revisit this feature and may
     make non-backwards compatible changes including the
     removal of this define.  Use at your own risk.  */
@@ -21,5 +21,5 @@
  /* Include old error codes.  This is provided in case you
     are building an external program similar to omshell for
 -- 
-1.9.1
+2.8.1
 
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
deleted file mode 100644
index 923d5d5..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-Solves CVE-2015-8605 that caused DoS when an invalid lenght field in IPv4 UDP
-was recived by the server.
-
-Upstream-Status: Backport
-CVE: CVE-2015-8605
-
-Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
-
-=======================================================================
-diff --git a/common/packet.c b/common/packet.c
-index b530432..e600e37 100644
---- a/common/packet.c
-+++ b/common/packet.c
-@@ -220,7 +220,28 @@ ssize_t decode_hw_header (interface, buf, bufix, from)
- 	}
- }
- 
--/* UDP header and IP header decoded together for convenience. */
-+/*!
-+ *
-+ * \brief UDP header and IP header decoded together for convenience.
-+ *
-+ * Attempt to decode the UDP and IP headers and, if necessary, checksum
-+ * the packet.
-+ *
-+ * \param inteface - the interface on which the packet was recevied
-+ * \param buf - a pointer to the buffer for the received packet
-+ * \param bufix - where to start processing the buffer, previous
-+ *                routines may have processed parts of the buffer already
-+ * \param from - space to return the address of the packet sender
-+ * \param buflen - remaining length of the buffer, this will have been
-+ *                 decremented by bufix by the caller
-+ * \param rbuflen - space to return the length of the payload from the udp
-+ *                  header
-+ * \param csum_ready - indication if the checksum is valid for use
-+ *                     non-zero indicates the checksum should be validated
-+ *
-+ * \return - the index to the first byte of the udp payload (that is the
-+ *           start of the DHCP packet
-+ */
- 
- ssize_t
- decode_udp_ip_header(struct interface_info *interface,
-@@ -231,7 +252,7 @@ decode_udp_ip_header(struct interface_info *interface,
-   unsigned char *data;
-   struct ip ip;
-   struct udphdr udp;
--  unsigned char *upp, *endbuf;
-+  unsigned char *upp;
-   u_int32_t ip_len, ulen, pkt_len;
-   static unsigned int ip_packets_seen = 0;
-   static unsigned int ip_packets_bad_checksum = 0;
-@@ -241,11 +262,8 @@ decode_udp_ip_header(struct interface_info *interface,
-   static unsigned int udp_packets_length_overflow = 0;
-   unsigned len;
- 
--  /* Designate the end of the input buffer for bounds checks. */
--  endbuf = buf + bufix + buflen;
--
-   /* Assure there is at least an IP header there. */
--  if ((buf + bufix + sizeof(ip)) > endbuf)
-+  if (sizeof(ip) > buflen)
- 	  return -1;
- 
-   /* Copy the IP header into a stack aligned structure for inspection.
-@@ -257,13 +275,17 @@ decode_udp_ip_header(struct interface_info *interface,
-   ip_len = (*upp & 0x0f) << 2;
-   upp += ip_len;
- 
--  /* Check the IP packet length. */
-+  /* Check packet lengths are within the buffer:
-+   * first the ip header (ip_len)
-+   * then the packet length from the ip header (pkt_len)
-+   * then the udp header (ip_len + sizeof(udp)
-+   * We are liberal in what we accept, the udp payload should fit within
-+   * pkt_len, but we only check against the full buffer size.
-+   */
-   pkt_len = ntohs(ip.ip_len);
--  if (pkt_len > buflen)
--	return -1;
--
--  /* Assure after ip_len bytes that there is enough room for a UDP header. */
--  if ((upp + sizeof(udp)) > endbuf)
-+  if ((ip_len > buflen) ||
-+      (pkt_len > buflen) ||
-+      ((ip_len + sizeof(udp)) > buflen))
- 	  return -1;
- 
-   /* Copy the UDP header into a stack aligned structure for inspection. */
-@@ -284,7 +306,8 @@ decode_udp_ip_header(struct interface_info *interface,
- 	return -1;
- 
-   udp_packets_length_checked++;
--  if ((upp + ulen) > endbuf) {
-+  /* verify that the payload length from the udp packet fits in the buffer */
-+  if ((ip_len + ulen) > buflen) {
- 	udp_packets_length_overflow++;
- 	if (((udp_packets_length_checked > 4) &&
- 	     (udp_packets_length_overflow != 0)) &&
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch
deleted file mode 100644
index 4836dbc..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From b9f56d578ebfd649b5d829960540859ac6ca931c Mon Sep 17 00:00:00 2001
-From: Catalin Enache <catalin.enache@windriver.com>
-Date: Tue, 12 Apr 2016 18:23:31 +0300
-Subject: [PATCH] Add patch to limit the value of an fd we accept for a
- connection.
-
-By limiting the highest value we accept for an fd we limit the number
-of connections.
-
-Upstream-Status: Backport
-CVE: CVE-2016-2774
-
-Author: Shawn Routhier <sar@isc.org>
-Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
----
- includes/site.h   | 6 ++++++
- omapip/listener.c | 9 +++++++--
- 3 files changed, 18 insertions(+), 2 deletions(-)
-
-diff --git a/includes/site.h b/includes/site.h
-index 9c33de3..df020c8 100644
---- a/includes/site.h
-+++ b/includes/site.h
-@@ -290,6 +290,12 @@
-    this option will be removed at some time. */
- /* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */
- 
-+/* Limit the value of a file descriptor the serve will use
-+   when accepting a connecting request.  This can be used to
-+   limit the number of TCP connections that the server will
-+   allow at one time.  A value of 0 means there is no limit.*/
-+#define MAX_FD_VALUE 200
-+
- /* Include definitions for various options.  In general these
-    should be left as is, but if you have already defined one
-    of these and prefer your definition you can comment the 
-diff --git a/omapip/listener.c b/omapip/listener.c
-index 8bdcdbd..61473cf 100644
---- a/omapip/listener.c
-+++ b/omapip/listener.c
-@@ -3,7 +3,7 @@
-    Subroutines that support the generic listener object. */
- 
- /*
-- * Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
-+ * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC")
-  * Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC")
-  * Copyright (c) 1999-2003 by Internet Software Consortium
-  *
-@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_t *h)
- 			return ISC_R_NORESOURCES;
- 		return ISC_R_UNEXPECTED;
- 	}
--	
-+
-+	if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {
-+		close(socket);
-+		return (ISC_R_NORESOURCES);
-+	}
-+
- #if defined (TRACING)
- 	/* If we're recording a trace, remember the connection. */
- 	if (trace_record ()) {
--- 
-2.7.4
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch
index 47ea555..96095a5 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch
@@ -66,5 +66,5 @@
  }
  
 -- 
-1.8.1.2
+2.8.1
 
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch
deleted file mode 100644
index 956c5d8..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-Upstream-Status: Pending
-
-11/30/2010
---with-libbind=PATH is available but not used by Makefile,
-this patch is to allow building with external bind
-
-Signed-off-by: Qing He <qing.he@intel.com>
-
-Rebase the patch to 4.3.3
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
-diff --git a/Makefile.am b/Makefile.am
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -25,7 +25,7 @@ EXTRA_DIST = RELNOTES LICENSE \
- 	     bind/Makefile.in bind/bind.tar.gz bind/version.tmp \
- 	     common/tests/Atffile server/tests/Atffile
- 
--SUBDIRS = bind includes tests common omapip client dhcpctl relay server
-+SUBDIRS = includes tests common omapip client dhcpctl relay server
- 
- nobase_include_HEADERS = dhcpctl/dhcpctl.h
- 
-diff --git a/client/Makefile.am b/client/Makefile.am
---- a/client/Makefile.am
-+++ b/client/Makefile.am
-@@ -10,8 +10,8 @@ dhclient_SOURCES = clparse.c dhclient.c dhc6.c \
- 		   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
- 		   scripts/netbsd scripts/nextstep scripts/openbsd \
- 		   scripts/solaris scripts/openwrt
--dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../bind/lib/libirs.a \
--		 ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(libbind)/libirs.a \
-+		 $(libbind)/libdns.a $(libbind)/libisccfg.a $(libbind)/libisc.a
- man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
- EXTRA_DIST = $(man_MANS)
- 
-diff --git a/configure.ac b/configure.ac
---- a/configure.ac
-+++ b/configure.ac
-@@ -623,6 +623,7 @@ no)
- 	fi	
- 	;;
- esac
-+AC_SUBST([libbind])
- 
- # OpenLDAP support.
- AC_ARG_WITH(ldap,
-diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
---- a/dhcpctl/Makefile.am
-+++ b/dhcpctl/Makefile.am
-@@ -6,12 +6,12 @@ EXTRA_DIST = $(man_MANS)
- 
- omshell_SOURCES = omshell.c
- omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
--	        ../bind/lib/libirs.a ../bind/lib/libdns.a \
--	        ../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+	        $(libbind)/libirs.a $(libbind)/libdns.a \
-+	        $(libbind)/libisccfg.a $(libbind)/libisc.a
- 
- libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
- 
- cltest_SOURCES = cltest.c
- cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
--	       ../bind/lib/libirs.a ../bind/lib/libdns.a \
--               ../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+	       $(libbind)/libirs.a $(libbind)/libdns.a \
-+               $(libbind)/libisccfg.a $(libbind)/libisc.a
-diff --git a/omapip/Makefile.am b/omapip/Makefile.am
---- a/omapip/Makefile.am
-+++ b/omapip/Makefile.am
-@@ -10,6 +10,6 @@ man_MANS = omapi.3
- EXTRA_DIST = $(man_MANS)
- 
- svtest_SOURCES = test.c
--svtest_LDADD = libomapi.a ../bind/lib/libirs.a ../bind/lib/libdns.a \
--		../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+svtest_LDADD = libomapi.a $(libbind)/libirs.a $(libbind)/libdns.a \
-+		$(libbind)/libisccfg.a $(libbind)/libisc.a
- 
-diff --git a/relay/Makefile.am b/relay/Makefile.am
---- a/relay/Makefile.am
-+++ b/relay/Makefile.am
-@@ -3,8 +3,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"'
- sbin_PROGRAMS = dhcrelay
- dhcrelay_SOURCES = dhcrelay.c
- dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--		 ../bind/lib/libirs.a ../bind/lib/libdns.a \
--		 ../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+		 $(libbind)/libirs.a $(libbind)/libdns.a \
-+		 $(libbind)/libisccfg.a $(libbind)/libisc.a
- man_MANS = dhcrelay.8
- EXTRA_DIST = $(man_MANS)
- 
-diff --git a/server/Makefile.am b/server/Makefile.am
---- a/server/Makefile.am
-+++ b/server/Makefile.am
-@@ -14,10 +14,12 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
- 
- dhcpd_CFLAGS = $(LDAP_CFLAGS)
- dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--	      ../dhcpctl/libdhcpctl.a ../bind/lib/libirs.a \
--	      ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a \
-+	      ../dhcpctl/libdhcpctl.a $(libbind)/libirs.a \
-+	      $(libbind)/libdns.a $(libbind)/libisccfg.a $(libbind)/libisc.a \
- 	      $(LDAP_LIBS)		
- 
-+ dhcpd_CFLAGS = $(LDAP_CFLAGS)
-+
- man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
- EXTRA_DIST = $(man_MANS)
- 
--- 
-1.9.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch
index b3f8fdb..2f44147 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch
@@ -4,80 +4,88 @@
 
 RP 2013/03/21
 
-Rebase to 4.3.1
+Rebase to 4.3.4
+
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
+ client/Makefile.am  | 4 ++--
+ common/Makefile.am  | 3 ++-
+ dhcpctl/Makefile.am | 2 ++
+ omapip/Makefile.am  | 1 +
+ relay/Makefile.am   | 2 +-
+ server/Makefile.am  | 2 +-
+ 6 files changed, 9 insertions(+), 5 deletions(-)
+
 diff --git a/client/Makefile.am b/client/Makefile.am
-index 8411960..1740f72 100644
+index 2cb83d8..4730bb3 100644
 --- a/client/Makefile.am
 +++ b/client/Makefile.am
-@@ -4,6 +4,8 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
+@@ -7,11 +7,11 @@ SUBDIRS = . tests
+ BINDLIBDIR = @BINDDIR@/lib
  
-+AM_CPPFLAGS = -I$(top_srcdir)/includes
-+
+ AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
+-	      -DLOCALSTATEDIR='"$(localstatedir)"'
++	      -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
+ 
  dist_sysconf_DATA = dhclient.conf.example
  sbin_PROGRAMS = dhclient
- dhclient_SOURCES = clparse.c dhclient.c dhc6.c \
-@@ -17,8 +19,8 @@ EXTRA_DIST = $(man_MANS)
- 
- dhclient.o: dhclient.c
- 	$(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
--		   -DLOCALSTATEDIR='"$(localstatedir)"' -c dhclient.c
-+		   -DLOCALSTATEDIR='"$(localstatedir)"' -c $(srcdir)/dhclient.c
- 
- dhc6.o: dhc6.c
- 	$(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
--		   -DLOCALSTATEDIR='"$(localstatedir)"' -c dhc6.c
-+		   -DLOCALSTATEDIR='"$(localstatedir)"' -c $(srcdir)/dhc6.c
+-dhclient_SOURCES = clparse.c dhclient.c dhc6.c \
++dhclient_SOURCES = $(srcdir)/clparse.c $(srcdir)/dhclient.c $(srcdir)/dhc6.c \
+ 		   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
+ 		   scripts/netbsd scripts/nextstep scripts/openbsd \
+ 		   scripts/solaris scripts/openwrt
 diff --git a/common/Makefile.am b/common/Makefile.am
-index eddef05..5ce045f 100644
+index 113aee8..0f24fbb 100644
 --- a/common/Makefile.am
 +++ b/common/Makefile.am
-@@ -1,4 +1,4 @@
--AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
+@@ -1,4 +1,5 @@
+-AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
 +AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
++
  AM_CFLAGS = $(LDAP_CFLAGS)
  
  noinst_LIBRARIES = libdhcp.a
 diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
-index 2987a53..cd72d75 100644
+index ceb0de1..ba8dd8b 100644
 --- a/dhcpctl/Makefile.am
 +++ b/dhcpctl/Makefile.am
-@@ -1,3 +1,5 @@
+@@ -1,5 +1,7 @@
+ BINDLIBDIR = @BINDDIR@/lib
+ 
 +AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
 +
  bin_PROGRAMS = omshell
  lib_LIBRARIES = libdhcpctl.a
  noinst_PROGRAMS = cltest
 diff --git a/omapip/Makefile.am b/omapip/Makefile.am
-index 5074479..9c0fab3 100644
+index 446a594..dd1afa0 100644
 --- a/omapip/Makefile.am
 +++ b/omapip/Makefile.am
-@@ -1,3 +1,5 @@
+@@ -1,4 +1,5 @@
+ BINDLIBDIR = @BINDDIR@/lib
 +AM_CPPFLAGS = -I$(top_srcdir)/includes
-+
+ 
  lib_LIBRARIES = libomapi.a
  noinst_PROGRAMS = svtest
- 
 diff --git a/relay/Makefile.am b/relay/Makefile.am
-index ec72a31..f842071 100644
+index 3060eca..6d652f6 100644
 --- a/relay/Makefile.am
 +++ b/relay/Makefile.am
-@@ -1,4 +1,4 @@
+@@ -1,6 +1,6 @@
+ BINDLIBDIR = @BINDDIR@/lib
+ 
 -AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"'
 +AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
  
  sbin_PROGRAMS = dhcrelay
  dhcrelay_SOURCES = dhcrelay.c
 diff --git a/server/Makefile.am b/server/Makefile.am
-index a446f0b..d0b873a 100644
+index 54feedf..3990b9c 100644
 --- a/server/Makefile.am
 +++ b/server/Makefile.am
-@@ -4,7 +4,7 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
+@@ -6,7 +6,7 @@ SUBDIRS = . tests
+ 
+ BINDLIBDIR = @BINDDIR@/lib
  
 -AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
 +AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
@@ -85,5 +93,5 @@
  dist_sysconf_DATA = dhcpd.conf.example
  sbin_PROGRAMS = dhcpd
 -- 
-1.9.1
+2.8.1
 
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch
new file mode 100644
index 0000000..1435662
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch
@@ -0,0 +1,38 @@
+Add configure argument to make the libxml2 dependency explicit and
+determinisitic.
+
+Upstream-Status: Pending
+
+Signed-off-by: Christopher Larson <chris_larson@mentor.com>
+
+Rebase to 4.3.4
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ configure.ac | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 726c88e..1684df1 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -718,7 +718,16 @@ AC_SUBST(BINDSRCDIR)
+ 
+ # We need to find libxml2 if bind was built with support enabled
+ # otherwise we'll fail to build omapip/test.c
+-AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],)
++AC_ARG_WITH(libxml2,
++	AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]),
++	with_libxml2="$withval", with_libxml2="no")
++
++if test x$with_libxml2 != xno; then
++    AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],
++                   [if test x$with_libxml2 != xauto; then
++                        AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
++                    fi])
++fi
+ 
+ # OpenLDAP support.
+ AC_ARG_WITH(ldap,
+-- 
+2.8.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch
index 57e10b0..0d0e0dd 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch
@@ -5,14 +5,20 @@
 from bind that are linked to libcrypto. This is why i added a patch in order to add
 -lcrypto to LIBS.
 
-Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
 Upstream-Status: Pending
+Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
 
-Index: dhcp-4.2.3-P2-r0/dhcp-4.2.3-P2/configure.ac
-===================================================================
---- dhcp-4.2.3-P2.orig/configure.ac	2012-02-02 18:04:20.843023196 +0200
-+++ dhcp-4.2.3-P2/configure.ac	2012-02-02 17:58:16.000000000 +0200
-@@ -456,6 +456,10 @@
+Rebase to 4.3.4
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ configure.ac | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 097b0c3..726c88e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -584,6 +584,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn));
  # Look for optional headers.
  AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
  
@@ -23,3 +29,6 @@
  # Solaris needs some libraries for functions
  AC_SEARCH_LIBS(socket, [socket])
  AC_SEARCH_LIBS(inet_ntoa, [nsl])
+-- 
+2.8.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch
new file mode 100644
index 0000000..997b9f6
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch
@@ -0,0 +1,55 @@
+From 8aed2a9ff09cb0d584ad0a7340fe3a596879d9b1 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <armccurdy@gmail.com>
+Date: Thu, 21 Jul 2016 19:07:02 -0700
+Subject: [PATCH] remove dhclient-script bash dependency
+
+Take the dash compatible IPv6 link-local address test from the Debian
+version of dhclient-script.
+
+Note that although "echo -e" in the OE version of dhclient-script is
+technically bash specific too, it is supported by Busybox echo when
+Busybox is configured with CONFIG_FEATURE_FANCY_ECHO enabled (which
+is the default in the OE Busybox defconfig) therefore leave as-is.
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ client/scripts/linux | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 232a0aa..1383f46 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ # dhclient-script for Linux. Dan Halbert, March, 1997.
+ # Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
+ # No guarantees about this. I'm a novice at the details of Linux
+@@ -47,11 +47,11 @@ make_resolv_conf() {
+     if [ "x${new_dhcp6_domain_search}" != x ] ; then
+       resolv_conf="search ${new_dhcp6_domain_search}\n"
+     fi
+-    shopt -s nocasematch 
+     for nameserver in ${new_dhcp6_name_servers} ; do
+       # If the nameserver has a link-local address
+       # add a <zone_id> (interface name) to it.
+-      if  [[ "$nameserver" =~ ^fe80:: ]]
++      if [ "${nameserver##fe80::}" != "$nameserver" ] ||
++         [ "${nameserver##FE80::}" != "$nameserver" ]
+       then
+ 	zone_id="%$interface"
+       else
+@@ -59,7 +59,6 @@ make_resolv_conf() {
+       fi
+       resolv_conf="${resolv_conf}nameserver ${nameserver}$zone_id\n"
+     done
+-    shopt -u nocasematch 
+ 
+     echo -e "${resolv_conf}" > /etc/resolv.conf
+   fi
+-- 
+1.9.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch
index 61dd6a7..d84df5c 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch
@@ -8,23 +8,32 @@
 
 Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
 
---- dhcp-4.2.5-P1/client/scripts/linux.orig	2013-09-04 12:22:55.000000000 +0500
-+++ dhcp-4.2.5-P1/client/scripts/linux	2013-09-04 12:52:19.068761518 +0500
-@@ -103,17 +103,11 @@
+Rebase to 4.3.4
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/scripts/linux | 82 ++++++++++++++++++++++++++++------------------------
+ 1 file changed, 45 insertions(+), 37 deletions(-)
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index a02cfd9..232a0aa 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -101,17 +101,11 @@ fi
  if [ x$old_broadcast_address != x ]; then
    old_broadcast_arg="broadcast $old_broadcast_address"
  fi
 -if [ x$new_subnet_mask != x ]; then
 -  new_subnet_arg="netmask $new_subnet_mask"
--fi
++if [ -n "$new_subnet_mask" ]; then
++    new_mask="/$new_subnet_mask"
+ fi
 -if [ x$old_subnet_mask != x ]; then
 -  old_subnet_arg="netmask $old_subnet_mask"
 -fi
 -if [ x$alias_subnet_mask != x ]; then
 -  alias_subnet_arg="netmask $alias_subnet_mask"
-+if [ -n "$new_subnet_mask" ]; then
-+    new_mask="/$new_subnet_mask"
- fi
+-fi
 -if [ x$new_interface_mtu != x ]; then
 -  mtu_arg="mtu $new_interface_mtu"
 +if [ -n "$alias_subnet_mask" ]; then
@@ -32,7 +41,7 @@
  fi
  if [ x$IF_METRIC != x ]; then
    metric_arg="metric $IF_METRIC"
-@@ -127,9 +121,9 @@
+@@ -125,9 +119,9 @@ fi
  if [ x$reason = xPREINIT ]; then
    if [ x$alias_ip_address != x ]; then
      # Bring down alias interface. Its routes will disappear too.
@@ -44,7 +53,7 @@
  
    # We need to give the kernel some time to get the interface up.
    sleep 1
-@@ -156,25 +150,30 @@
+@@ -154,25 +148,30 @@ if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
    if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \
  		[ x$alias_ip_address != x$old_ip_address ]; then
      # Possible new alias. Remove old alias.
@@ -81,7 +90,7 @@
      done
    else
      # we haven't changed the address, have we changed other options           
-@@ -182,21 +181,23 @@
+@@ -180,21 +179,23 @@ if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
      if [ x$new_routers != x ] && [ x$new_routers != x$old_routers ] ; then
        # if we've changed routers delete the old and add the new.
        for router in $old_routers; do
@@ -112,7 +121,7 @@
    fi
    make_resolv_conf
    exit_with_hooks 0
-@@ -206,42 +207,49 @@
+@@ -204,42 +205,49 @@ if [ x$reason = xEXPIRE ] || [ x$reason = xFAIL ] || [ x$reason = xRELEASE ] \
     || [ x$reason = xSTOP ]; then
    if [ x$alias_ip_address != x ]; then
      # Turn off alias interface.
@@ -174,3 +183,6 @@
    exit_with_hooks 1
  fi
  
+-- 
+2.8.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/tweak-to-support-external-bind.patch b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/tweak-to-support-external-bind.patch
new file mode 100644
index 0000000..03c6abb
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp/tweak-to-support-external-bind.patch
@@ -0,0 +1,117 @@
+From ad7bb401f47714fc30c408853b796ce0f1c7e65f Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Sat, 11 Jun 2016 22:51:44 -0400
+Subject: [PATCH] tweak to support external bind
+
+Tweak the external bind to oe-core's sysroot rather than
+external bind source build.
+
+Upstream-Status: Inappropriate <oe-core specific>
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/Makefile.am       | 2 +-
+ client/tests/Makefile.am | 2 +-
+ common/tests/Makefile.am | 2 +-
+ dhcpctl/Makefile.am      | 2 +-
+ omapip/Makefile.am       | 2 +-
+ relay/Makefile.am        | 2 +-
+ server/Makefile.am       | 2 +-
+ server/tests/Makefile.am | 2 +-
+ 8 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/client/Makefile.am b/client/Makefile.am
+index 4730bb3..84d8131 100644
+--- a/client/Makefile.am
++++ b/client/Makefile.am
+@@ -4,7 +4,7 @@
+ # production code. Sadly, we are not there yet.
+ SUBDIRS = . tests
+ 
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+ 
+ AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
+ 	      -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
+diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am
+index da69ea9..fe35e57 100644
+--- a/client/tests/Makefile.am
++++ b/client/tests/Makefile.am
+@@ -1,6 +1,6 @@
+ SUBDIRS = .
+ 
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+ 
+ AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
+ AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
+diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
+index f8d6b0e..05cd9c1 100644
+--- a/common/tests/Makefile.am
++++ b/common/tests/Makefile.am
+@@ -1,6 +1,6 @@
+ SUBDIRS = .
+ 
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+ 
+ AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes
+ 
+diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
+index ba8dd8b..9b2486e 100644
+--- a/dhcpctl/Makefile.am
++++ b/dhcpctl/Makefile.am
+@@ -1,4 +1,4 @@
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+ 
+ AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
+ 
+diff --git a/omapip/Makefile.am b/omapip/Makefile.am
+index dd1afa0..e4a8599 100644
+--- a/omapip/Makefile.am
++++ b/omapip/Makefile.am
+@@ -1,4 +1,4 @@
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+ AM_CPPFLAGS = -I$(top_srcdir)/includes
+ 
+ lib_LIBRARIES = libomapi.a
+diff --git a/relay/Makefile.am b/relay/Makefile.am
+index 6d652f6..b3bf578 100644
+--- a/relay/Makefile.am
++++ b/relay/Makefile.am
+@@ -1,4 +1,4 @@
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+ 
+ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+ 
+diff --git a/server/Makefile.am b/server/Makefile.am
+index 3990b9c..b5d8c2d 100644
+--- a/server/Makefile.am
++++ b/server/Makefile.am
+@@ -4,7 +4,7 @@
+ # production code. Sadly, we are not there yet.
+ SUBDIRS = . tests
+ 
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+ 
+ AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+ 
+diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
+index 65a9f74..2892309 100644
+--- a/server/tests/Makefile.am
++++ b/server/tests/Makefile.am
+@@ -1,6 +1,6 @@
+ SUBDIRS = .
+ 
+-BINDLIBDIR = @BINDDIR@/lib
++BINDLIBDIR = @BINDDIR@
+ 
+ AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
+ AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
+-- 
+2.8.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb
deleted file mode 100644
index 4e8cd27..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb
+++ /dev/null
@@ -1,15 +0,0 @@
-require dhcp.inc
-
-SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
-            file://fix-external-bind.patch \
-            file://link-with-lcrypto.patch \
-            file://fixsepbuild.patch \
-            file://dhclient-script-drop-resolv.conf.dhclient.patch \
-            file://replace-ifconfig-route.patch \
-            file://CVE-2015-8605.patch \
-            file://0001-site.h-enable-gentle-shutdown.patch \
-            file://CVE-2016-2774.patch \
-           "
-
-SRC_URI[md5sum] = "c5577b09c9017cdd319a11ff6364268e"
-SRC_URI[sha256sum] = "553c4945b09b1c1b904c4780f34f72aaefa2fc8c6556715de0bc9d4e3d255ede"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.4.bb b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.4.bb
new file mode 100644
index 0000000..4151eb1
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/dhcp_4.3.4.bb
@@ -0,0 +1,18 @@
+require dhcp.inc
+
+SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
+            file://link-with-lcrypto.patch \
+            file://fixsepbuild.patch \
+            file://dhclient-script-drop-resolv.conf.dhclient.patch \
+            file://replace-ifconfig-route.patch \
+            file://0001-site.h-enable-gentle-shutdown.patch \
+            file://libxml2-configure-argument.patch \
+            file://tweak-to-support-external-bind.patch \
+            file://remove-dhclient-script-bash-dependency.patch \
+           "
+
+SRC_URI[md5sum] = "0138319fe2b788cf4bdf34fbeaf9ff54"
+SRC_URI[sha256sum] = "f5115aee3dd3e6925de4ba47b80ab732ba48b481c8364b6ebade2d43698d607e"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcrelay.service b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcrelay.service
index a2d8189..15ff927 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcrelay.service
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/dhcp/files/dhcrelay.service
@@ -3,7 +3,8 @@
 After=network.target
 
 [Service]
-ExecStart=@SBINDIR@/dhcrelay -d --no-pid
+EnvironmentFile=@SYSCONFDIR@/default/dhcp-relay
+ExecStart=@SBINDIR@/dhcrelay -d --no-pid -q $SERVERS
 
 [Install]
 WantedBy=multi-user.target
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc
index 86e9310..63e7ca9 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2.inc
@@ -11,7 +11,7 @@
 
 DEPENDS = "flex-native bison-native iptables elfutils"
 
-inherit update-alternatives
+inherit update-alternatives bash-completion
 
 EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'"
 
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-4.3.0-musl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-4.3.0-musl.patch
index 1b415a5..8c078f6 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-4.3.0-musl.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-4.3.0-musl.patch
@@ -1,64 +1,35 @@
-From 48596709d8ab59727b79a5c6db33ebb251c36543 Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Date: Thu, 19 Nov 2015 17:44:25 +0100
 Subject: [PATCH] Avoid in6_addr redefinition
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
 
 Due to both <netinet/in.h> and <linux/in6.h> being included, the
 in6_addr is being redefined: once from the C library headers and once
 from the kernel headers. This causes some build failures with for
-example the musl C library:
-
-In file included from ../include/linux/xfrm.h:4:0,
-                 from xfrm.h:29,
-                 from ipxfrm.c:39:
-../include/linux/in6.h:32:8: error: redefinition of ‘struct in6_addr’
- struct in6_addr {
-        ^
-In file included from .../output/host/usr/x86_64-buildroot-linux-musl/sysroot/usr/include/netdb.h:9:0,
-                 from ipxfrm.c:34:
-.../output/host/usr/x86_64-buildroot-linux-musl/sysroot/usr/include/netinet/in.h:24:8: note: originally defined here
- struct in6_addr
-        ^
+example the musl C library.
 
 In order to fix this, use just the C library header <netinet/in.h>.
-
 Original patch taken from
 http://git.alpinelinux.org/cgit/aports/tree/main/iproute2/musl-fixes.patch.
 
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
----
+(Refreshed the patch for 4.6 release)
+
 Upstream-Status: Pending
 
- include/libiptc/ipt_kernel_headers.h | 2 --
- include/linux/if_bridge.h            | 1 -
- include/linux/netfilter.h            | 2 --
- include/linux/xfrm.h                 | 1 -
- 4 files changed, 6 deletions(-)
-
-diff --git a/include/libiptc/ipt_kernel_headers.h b/include/libiptc/ipt_kernel_headers.h
-index 7e87828..9566be5 100644
---- a/include/libiptc/ipt_kernel_headers.h
-+++ b/include/libiptc/ipt_kernel_headers.h
-@@ -15,12 +15,10 @@
- #else /* libc5 */
- #include <sys/socket.h>
- #include <linux/ip.h>
--#include <linux/in.h>
- #include <linux/if.h>
- #include <linux/icmp.h>
- #include <linux/tcp.h>
- #include <linux/udp.h>
- #include <linux/types.h>
--#include <linux/in6.h>
- #endif
- #endif
-diff --git a/include/linux/if_bridge.h b/include/linux/if_bridge.h
-index ee197a3..f823aa4 100644
---- a/include/linux/if_bridge.h
-+++ b/include/linux/if_bridge.h
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+----
+diff -Naur iproute2-4.6.0-orig/include/libiptc/ipt_kernel_headers.h iproute2-4.6.0/include/libiptc/ipt_kernel_headers.h
+--- iproute2-4.6.0-orig/include/libiptc/ipt_kernel_headers.h	2016-05-23 12:03:23.821826910 +0300
++++ iproute2-4.6.0/include/libiptc/ipt_kernel_headers.h	2016-05-23 12:04:23.714078154 +0300
+@@ -6,7 +6,6 @@
+ #include <limits.h>
+ 
+ #include <netinet/ip.h>
+-#include <netinet/in.h>
+ #include <netinet/ip_icmp.h>
+ #include <netinet/tcp.h>
+ #include <netinet/udp.h>
+diff -Naur iproute2-4.6.0-orig/include/linux/if_bridge.h iproute2-4.6.0/include/linux/if_bridge.h
+--- iproute2-4.6.0-orig/include/linux/if_bridge.h	2016-05-23 12:03:23.821826910 +0300
++++ iproute2-4.6.0/include/linux/if_bridge.h	2016-05-23 12:04:23.716078129 +0300
 @@ -15,7 +15,6 @@
  
  #include <linux/types.h>
@@ -67,10 +38,9 @@
  
  #define SYSFS_BRIDGE_ATTR	"bridge"
  #define SYSFS_BRIDGE_FDB	"brforward"
-diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
-index b71b4c9..3e4e6ae 100644
---- a/include/linux/netfilter.h
-+++ b/include/linux/netfilter.h
+diff -Naur iproute2-4.6.0-orig/include/linux/netfilter.h iproute2-4.6.0/include/linux/netfilter.h
+--- iproute2-4.6.0-orig/include/linux/netfilter.h	2016-05-23 12:03:23.821826910 +0300
++++ iproute2-4.6.0/include/linux/netfilter.h	2016-05-23 12:04:23.717078117 +0300
 @@ -4,8 +4,6 @@
  #include <linux/types.h>
  
@@ -80,10 +50,20 @@
  
  /* Responses from hook functions. */
  #define NF_DROP 0
-diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
-index b8f5451..a9761a5 100644
---- a/include/linux/xfrm.h
-+++ b/include/linux/xfrm.h
+diff -Naur iproute2-4.6.0-orig/include/linux/netfilter_ipv4/ip_tables.h iproute2-4.6.0/include/linux/netfilter_ipv4/ip_tables.h
+--- iproute2-4.6.0-orig/include/linux/netfilter_ipv4/ip_tables.h	2016-05-18 21:56:02.000000000 +0300
++++ iproute2-4.6.0/include/linux/netfilter_ipv4/ip_tables.h	2016-05-23 12:09:22.888337961 +0300
+@@ -17,7 +17,6 @@
+ 
+ #include <linux/types.h>
+ 
+-#include <linux/if.h>
+ #include <linux/netfilter_ipv4.h>
+ 
+ #include <linux/netfilter/x_tables.h>
+diff -Naur iproute2-4.6.0-orig/include/linux/xfrm.h iproute2-4.6.0/include/linux/xfrm.h
+--- iproute2-4.6.0-orig/include/linux/xfrm.h	2016-05-23 12:03:23.821826910 +0300
++++ iproute2-4.6.0/include/linux/xfrm.h	2016-05-23 12:04:23.718078104 +0300
 @@ -1,7 +1,6 @@
  #ifndef _LINUX_XFRM_H
  #define _LINUX_XFRM_H
@@ -92,6 +72,14 @@
  #include <linux/types.h>
  
  /* All of the structures in this file may not change size as they are
--- 
-2.6.3
-
+diff -Naur iproute2-4.6.0-orig/include/utils.h iproute2-4.6.0/include/utils.h
+--- iproute2-4.6.0-orig/include/utils.h	2016-05-23 12:03:23.821826910 +0300
++++ iproute2-4.6.0/include/utils.h	2016-05-23 12:04:23.718078104 +0300
+@@ -1,6 +1,7 @@
+ #ifndef __UTILS_H__
+ #define __UTILS_H__ 1
+ 
++#include <sys/param.h>  /* MAXPATHLEN */
+ #include <sys/types.h>
+ #include <asm/types.h>
+ #include <resolv.h>
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-fix-building-with-musl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-fix-building-with-musl.patch
deleted file mode 100644
index c83a243..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2/iproute2-fix-building-with-musl.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-iproute2: fix building with musl
-
-We need limits.h for PATH_MAX, fixes:
-
-rt_names.c:364:13: error: ‘PATH_MAX’ undeclared (first use in this
-function)
-
-Upstream-Status: Backport
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
----
-diff --git a/lib/rt_names.c b/lib/rt_names.c
-index f6d17c0..b665d3e 100644
---- a/lib/rt_names.c
-+++ b/lib/rt_names.c
-@@ -18,6 +18,7 @@
- #include <sys/time.h>
- #include <sys/socket.h>
- #include <dirent.h>
-+#include <limits.h>
- 
- #include <asm/types.h>
- #include <linux/rtnetlink.h>
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.4.0.bb b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.7.0.bb
similarity index 63%
rename from import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.4.0.bb
rename to import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.7.0.bb
index 7979e8b..426f989 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.4.0.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/iproute2/iproute2_4.7.0.bb
@@ -4,10 +4,9 @@
            file://configure-cross.patch \
            file://0001-iproute2-de-bash-scripts.patch \
            file://iproute2-4.3.0-musl.patch \
-           file://iproute2-fix-building-with-musl.patch \
           "
-SRC_URI[md5sum] = "d762653ec3e1ab0d4a9689e169ca184f"
-SRC_URI[sha256sum] = "bc91c367288a19f78ef800cd6840363be1f22da8436fbae88e1a7250490d6514"
+SRC_URI[md5sum] = "d4b205830cdc2702f8a0cbd6232129cd"
+SRC_URI[sha256sum] = "8f60dbcfb33a79daae0638f53bdcaa4310c0aa59ae39af8a234020dc69bb7b92"
 
 # CFLAGS are computed in Makefile and reference CCOPTS
 #
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch b/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch
index 2e52c80..715b88d 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch
@@ -7,27 +7,33 @@
 Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
 Signed-off-by: Maxin B. John <maxin.john@intel.com>
 ---
-diff -Naur iw-4.3-origin/version.sh iw-4.3/version.sh
---- iw-4.3-origin/version.sh	2015-11-20 16:37:58.762077162 +0200
-+++ iw-4.3/version.sh	2015-11-20 16:52:05.526491150 +0200
-@@ -3,21 +3,7 @@
- VERSION="4.3"
- OUT="$1"
+diff -Naur iw-4.7-orig/version.sh iw-4.7/version.sh
+--- iw-4.7-orig/version.sh	2016-05-31 12:52:46.000000000 +0300
++++ iw-4.7/version.sh	2016-06-01 11:21:58.307409060 +0300
+@@ -15,27 +15,7 @@
+ SRC_DIR=$(cd ${SRC_DIR}; pwd)
+ cd "${SRC_DIR}"
  
+-v=""
 -if [ -d .git ] && head=`git rev-parse --verify HEAD 2>/dev/null`; then
--	git update-index --refresh --unmerged > /dev/null
--	descr=$(git describe --match=v*)
+-    git update-index --refresh --unmerged > /dev/null
+-    descr=$(git describe --match=v* 2>/dev/null)
+-    if [ $? -eq 0 ]; then
+-        # on git builds check that the version number above
+-        # is correct...
+-        if [ "${descr%%-*}" = "v$VERSION" ]; then
+-            v="${descr#v}"
+-            if git diff-index --name-only HEAD | read dummy ; then
+-                v="$v"-dirty
+-            fi
+-        fi
+-    fi
+-fi
 -
--	# on git builds check that the version number above
--	# is correct...
--	[ "${descr%%-*}" = "v$VERSION" ] || exit 2
--
--	v="${descr#v}"
--	if git diff-index --name-only HEAD | read dummy ; then
--		v="$v"-dirty
--	fi
--else
--	v="$VERSION"
+-# set to the default version when failed to get the version
+-# information with git
+-if [ -z "${v}" ]; then
+-    v="$VERSION"
 -fi
 +v="$VERSION"
  
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw_4.3.bb b/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw_4.7.bb
similarity index 85%
rename from import-layers/yocto-poky/meta/recipes-connectivity/iw/iw_4.3.bb
rename to import-layers/yocto-poky/meta/recipes-connectivity/iw/iw_4.7.bb
index 6865e7a..e9f4141 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw_4.3.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/iw/iw_4.7.bb
@@ -14,8 +14,8 @@
            file://separate-objdir.patch \
 "
 
-SRC_URI[md5sum] = "5ca622a270687d6862c9024fab266871"
-SRC_URI[sha256sum] = "2a853d95ffbd2b06c058b40ef4e6fa76a52c2709b05fb1976761fe13e9d9e39f"
+SRC_URI[md5sum] = "19d1edd276b2ac0c6cccfc7ae8d2b732"
+SRC_URI[sha256sum] = "758092229f13d691968060a0ad41364ba8eb8da4503626c20233a5b1eb33b4d9"
 
 inherit pkgconfig
 
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc
index b7601b0..7b29a52 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/libpcap/libpcap.inc
@@ -20,12 +20,15 @@
 
 EXTRA_OECONF = "--with-pcap=linux"
 
-PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)}"
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
+"
 PACKAGECONFIG[bluez4] = "--enable-bluetooth,--disable-bluetooth,bluez4"
 # Add a dummy PACKAGECONFIG for bluez5 since it is not supported by libpcap.
 PACKAGECONFIG[bluez5] = ",,"
 PACKAGECONFIG[canusb] = "--enable-canusb,--enable-canusb=no,libusb"
 PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
 
 CPPFLAGS_prepend = "-I${S} "
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard_0.15.bb b/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard_0.16.bb
similarity index 75%
rename from import-layers/yocto-poky/meta/recipes-connectivity/neard/neard_0.15.bb
rename to import-layers/yocto-poky/meta/recipes-connectivity/neard/neard_0.16.bb
index 93bddb3..5433dc3 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard_0.15.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/neard/neard_0.16.bb
@@ -10,8 +10,8 @@
            file://Makefile.am-fix-parallel-issue.patch \
            file://Makefile.am-do-not-ship-version.h.patch \
           "
-SRC_URI[md5sum] = "b746ce62eeef88e8de90765e00a75a1c"
-SRC_URI[sha256sum] = "651f6513d32cdaf8a426255d03aff38a6620a89b0567ec2b36606c6330a93353"
+SRC_URI[md5sum] = "5c691fb7872856dc0d909c298bc8cb41"
+SRC_URI[sha256sum] = "eae3b11c541a988ec11ca94b7deab01080cd5b58cfef3ced6ceac9b6e6e65b36"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
  file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
@@ -33,18 +33,9 @@
 		  > ${D}${sysconfdir}/init.d/neard
 		chmod 0755 ${D}${sysconfdir}/init.d/neard
 	fi
-
-	# Install the tests for neard-tests
-	install -d ${D}${libdir}/neard
-	install -m 0755 ${S}/test/* ${D}${libdir}/${BPN}/
-	install -m 0755 ${B}/tools/nfctool/nfctool ${D}${libdir}/${BPN}/
 }
 
-PACKAGES =+ "${PN}-tests"
-
-FILES_${PN}-tests = "${libdir}/${BPN}/*-test"
-
-RDEPENDS_${PN} = "dbus python python-dbus python-pygobject"
+RDEPENDS_${PN} = "dbus"
 
 # Bluez & Wifi are not mandatory except for handover
 RRECOMMENDS_${PN} = "\
@@ -52,8 +43,6 @@
                      ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \
                     "
 
-RDEPENDS_${PN}-tests = "python python-dbus python-pygobject"
-
 INITSCRIPT_NAME = "neard"
 INITSCRIPT_PARAMS = "defaults 64"
 
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.3.bb b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.3.bb
index a6268f3..8540503 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.3.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.3.bb
@@ -64,10 +64,13 @@
                 --with-statdpath=/var/lib/nfs/statd \
                "
 
-PACKAGECONFIG ??= "tcp-wrappers"
+PACKAGECONFIG ??= "tcp-wrappers \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
+"
 PACKAGECONFIG_remove_libc-musl = "tcp-wrappers"
 PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers"
 PACKAGECONFIG[nfsidmap] = "--enable-nfsidmap,--disable-nfsidmap,keyutils"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 
 INHIBIT_AUTO_STAGE = "1"
 
@@ -88,7 +91,7 @@
 		      ${sysconfdir}/init.d/nfscommon \
 		      ${systemd_unitdir}/system/nfs-statd.service"
 FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat"
-RDEPENDS_${PN}-stats = "python"
+RDEPENDS_${PN}-stats = "python3-core"
 
 FILES_${PN} += "${systemd_unitdir}"
 
@@ -140,4 +143,8 @@
 	rm -f ${D}${sbindir}/rpcdebug
 	rm -f ${D}${sbindir}/rpcgen
 	rm -f ${D}${sbindir}/locktest
+
+        # Make python tools use python 3
+        sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat
+
 }
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono.inc b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono.inc
index c415a39..9c47c6f 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono.inc
@@ -26,12 +26,17 @@
 do_install_append() {
   install -d ${D}${sysconfdir}/init.d/
   install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
+
+  # Ofono still has one test tool that refers to Python 2 in the shebang
+  sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/ofono/test/set-ddr
+
 }
 
 PACKAGES =+ "${PN}-tests"
 
 RDEPENDS_${PN} += "dbus"
+RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info"
 
-FILES_${PN} += "${base_libdir}/udev ${systemd_unitdir}"
+FILES_${PN} += "${systemd_unitdir}"
 FILES_${PN}-tests = "${libdir}/${BPN}/test"
-RDEPENDS_${PN}-tests = "python python-pygobject python-dbus"
+RDEPENDS_${PN}-tests = "python3 python3-pygobject python3-dbus"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch
deleted file mode 100644
index 5f8ca77..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch
+++ /dev/null
@@ -1,1270 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-From 572fc23f6efd65a2ef9e6c957b2506108738672b Mon Sep 17 00:00:00 2001
-From: Cristian Iorga <cristian.iorga@intel.com>
-Date: Mon, 25 Aug 2014 16:59:39 +0300
-Subject: [PATCH] Revert "test: Convert to Python 3"
-
-This reverts commit c027ab9fbc1a8e8c9e76bcd123df1ad7696307c2.
----
- test/activate-context          |  2 +-
- test/answer-calls              |  2 +-
- test/backtrace                 |  2 +-
- test/cancel-ussd               |  2 +-
- test/cdma-connman-disable      |  2 +-
- test/cdma-connman-enable       |  2 +-
- test/cdma-dial-number          |  2 +-
- test/cdma-hangup               |  2 +-
- test/cdma-list-call            |  2 +-
- test/cdma-set-credentials      |  2 +-
- test/change-pin                |  2 +-
- test/create-internet-context   |  2 +-
- test/create-mms-context        |  2 +-
- test/create-multiparty         |  2 +-
- test/deactivate-all            |  2 +-
- test/deactivate-context        |  2 +-
- test/dial-number               |  2 +-
- test/disable-call-forwarding   |  2 +-
- test/disable-gprs              |  2 +-
- test/disable-modem             |  2 +-
- test/display-icon              |  2 +-
- test/enable-cbs                |  2 +-
- test/enable-gprs               |  2 +-
- test/enable-modem              |  2 +-
- test/enter-pin                 |  2 +-
- test/get-icon                  |  2 +-
- test/get-operators             |  2 +-
- test/get-tech-preference       |  2 +-
- test/hangup-active             |  2 +-
- test/hangup-all                |  2 +-
- test/hangup-call               |  2 +-
- test/hangup-multiparty         |  2 +-
- test/hold-and-answer           |  2 +-
- test/initiate-ussd             |  4 ++--
- test/list-calls                |  2 +-
- test/list-contexts             |  2 +-
- test/list-messages             |  2 +-
- test/list-modems               |  2 +-
- test/list-operators            |  2 +-
- test/lock-pin                  |  2 +-
- test/lockdown-modem            |  2 +-
- test/monitor-ofono             |  4 ++--
- test/offline-modem             |  2 +-
- test/online-modem              |  2 +-
- test/private-chat              |  2 +-
- test/process-context-settings  |  2 +-
- test/receive-sms               |  2 +-
- test/reject-calls              |  2 +-
- test/release-and-answer        |  2 +-
- test/release-and-swap          |  2 +-
- test/remove-contexts           |  2 +-
- test/reset-pin                 |  2 +-
- test/scan-for-operators        |  2 +-
- test/send-sms                  |  2 +-
- test/send-ussd                 |  4 ++--
- test/send-vcal                 |  2 +-
- test/send-vcard                |  2 +-
- test/set-call-forwarding       |  2 +-
- test/set-cbs-topics            |  2 +-
- test/set-context-property      |  2 +-
- test/set-fast-dormancy         |  2 +-
- test/set-gsm-band              |  2 +-
- test/set-mic-volume            |  2 +-
- test/set-mms-details           |  2 +-
- test/set-msisdn                |  2 +-
- test/set-roaming-allowed       |  2 +-
- test/set-speaker-volume        |  2 +-
- test/set-tech-preference       |  2 +-
- test/set-tty                   |  2 +-
- test/set-umts-band             |  2 +-
- test/set-use-sms-reports       |  2 +-
- test/swap-calls                |  2 +-
- test/test-advice-of-charge     |  2 +-
- test/test-call-barring         |  2 +-
- test/test-call-forwarding      |  2 +-
- test/test-call-settings        |  2 +-
- test/test-cbs                  |  4 ++--
- test/test-gnss                 |  4 ++--
- test/test-message-waiting      |  2 +-
- test/test-modem                |  2 +-
- test/test-network-registration |  2 +-
- test/test-phonebook            |  2 +-
- test/test-push-notification    |  2 +-
- test/test-smart-messaging      |  2 +-
- test/test-sms                  | 18 +++++++++---------
- test/test-ss                   |  2 +-
- test/test-ss-control-cb        |  2 +-
- test/test-ss-control-cf        |  2 +-
- test/test-ss-control-cs        |  2 +-
- test/test-stk-menu             | 34 +++++++++++++++++-----------------
- test/unlock-pin                |  2 +-
- 94 files changed, 124 insertions(+), 124 deletions(-)
-
-diff --git a/test/activate-context b/test/activate-context
-index e4fc702..4241396 100755
---- a/test/activate-context
-+++ b/test/activate-context
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/answer-calls b/test/answer-calls
-index daa794b..45ff08f 100755
---- a/test/answer-calls
-+++ b/test/answer-calls
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/backtrace b/test/backtrace
-index 03c7632..c624709 100755
---- a/test/backtrace
-+++ b/test/backtrace
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import os
- import re
-diff --git a/test/cancel-ussd b/test/cancel-ussd
-index e7559ba..1797f26 100755
---- a/test/cancel-ussd
-+++ b/test/cancel-ussd
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/cdma-connman-disable b/test/cdma-connman-disable
-index 3adc14d..0ddc0cd 100755
---- a/test/cdma-connman-disable
-+++ b/test/cdma-connman-disable
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/cdma-connman-enable b/test/cdma-connman-enable
-index ac16a2d..a3cca01 100755
---- a/test/cdma-connman-enable
-+++ b/test/cdma-connman-enable
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/cdma-dial-number b/test/cdma-dial-number
-index 683431e..9cdfb24 100755
---- a/test/cdma-dial-number
-+++ b/test/cdma-dial-number
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/cdma-hangup b/test/cdma-hangup
-index 41ffa60..493ece4 100755
---- a/test/cdma-hangup
-+++ b/test/cdma-hangup
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/cdma-list-call b/test/cdma-list-call
-index b132353..5d36a69 100755
---- a/test/cdma-list-call
-+++ b/test/cdma-list-call
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/cdma-set-credentials b/test/cdma-set-credentials
-index a60c86e..a286b0e 100755
---- a/test/cdma-set-credentials
-+++ b/test/cdma-set-credentials
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/change-pin b/test/change-pin
-index 301c6ce..000ce53 100755
---- a/test/change-pin
-+++ b/test/change-pin
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/create-internet-context b/test/create-internet-context
-index 1089053..efd0998 100755
---- a/test/create-internet-context
-+++ b/test/create-internet-context
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/create-mms-context b/test/create-mms-context
-index 598336f..e5be08d 100755
---- a/test/create-mms-context
-+++ b/test/create-mms-context
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/create-multiparty b/test/create-multiparty
-index 1b76010..97047c3 100755
---- a/test/create-multiparty
-+++ b/test/create-multiparty
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/deactivate-all b/test/deactivate-all
-index 5aa8587..427009e 100755
---- a/test/deactivate-all
-+++ b/test/deactivate-all
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/deactivate-context b/test/deactivate-context
-index 5c86a71..df47d2e 100755
---- a/test/deactivate-context
-+++ b/test/deactivate-context
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/dial-number b/test/dial-number
-index fe5adad..ee674d9 100755
---- a/test/dial-number
-+++ b/test/dial-number
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/disable-call-forwarding b/test/disable-call-forwarding
-index 811e4fa..3609816 100755
---- a/test/disable-call-forwarding
-+++ b/test/disable-call-forwarding
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- from gi.repository import GLib
-diff --git a/test/disable-gprs b/test/disable-gprs
-index 61ce216..c6c40a5 100755
---- a/test/disable-gprs
-+++ b/test/disable-gprs
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/disable-modem b/test/disable-modem
-index 6fba857..ca8c8d8 100755
---- a/test/disable-modem
-+++ b/test/disable-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/display-icon b/test/display-icon
-index ac40818..753d14d 100755
---- a/test/display-icon
-+++ b/test/display-icon
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/enable-cbs b/test/enable-cbs
-index 4a8bf66..c08bf2b 100755
---- a/test/enable-cbs
-+++ b/test/enable-cbs
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/enable-gprs b/test/enable-gprs
-index 68d5ef0..8664891 100755
---- a/test/enable-gprs
-+++ b/test/enable-gprs
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/enable-modem b/test/enable-modem
-index fc5958a..dfaaaa8 100755
---- a/test/enable-modem
-+++ b/test/enable-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/enter-pin b/test/enter-pin
-index 9556363..c6ee669 100755
---- a/test/enter-pin
-+++ b/test/enter-pin
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/get-icon b/test/get-icon
-index 5569a33..fdaaee7 100755
---- a/test/get-icon
-+++ b/test/get-icon
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/get-operators b/test/get-operators
-index 0f35c80..62354c5 100755
---- a/test/get-operators
-+++ b/test/get-operators
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/get-tech-preference b/test/get-tech-preference
-index 7ba6365..77d20d0 100755
---- a/test/get-tech-preference
-+++ b/test/get-tech-preference
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus, sys
- 
-diff --git a/test/hangup-active b/test/hangup-active
-index 82e0eb0..5af62ab 100755
---- a/test/hangup-active
-+++ b/test/hangup-active
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/hangup-all b/test/hangup-all
-index 3a0138d..32933db 100755
---- a/test/hangup-all
-+++ b/test/hangup-all
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/hangup-call b/test/hangup-call
-index 5a2de20..447020c 100755
---- a/test/hangup-call
-+++ b/test/hangup-call
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/hangup-multiparty b/test/hangup-multiparty
-index 24751c3..48fe342 100755
---- a/test/hangup-multiparty
-+++ b/test/hangup-multiparty
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/hold-and-answer b/test/hold-and-answer
-index da3be57..2c47e27 100755
---- a/test/hold-and-answer
-+++ b/test/hold-and-answer
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/initiate-ussd b/test/initiate-ussd
-index faf50d0..d7022f1 100755
---- a/test/initiate-ussd
-+++ b/test/initiate-ussd
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-@@ -45,7 +45,7 @@ if state == "idle":
- print("State: %s" % (state))
- 
- while state == "user-response":
--	response = input("Enter response: ")
-+	response = raw_input("Enter response: ")
- 
- 	result = ussd.Respond(response, timeout=100)
- 
-diff --git a/test/list-calls b/test/list-calls
-index f3ee991..08668c6 100755
---- a/test/list-calls
-+++ b/test/list-calls
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/list-contexts b/test/list-contexts
-index 78278ca..f0d4094 100755
---- a/test/list-contexts
-+++ b/test/list-contexts
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/list-messages b/test/list-messages
-index 9f5bce3..cfccbea 100755
---- a/test/list-messages
-+++ b/test/list-messages
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/list-modems b/test/list-modems
-index b9f510a..ed66124 100755
---- a/test/list-modems
-+++ b/test/list-modems
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/list-operators b/test/list-operators
-index 064c4e3..349bf41 100755
---- a/test/list-operators
-+++ b/test/list-operators
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/lock-pin b/test/lock-pin
-index 96ea9c2..5579735 100755
---- a/test/lock-pin
-+++ b/test/lock-pin
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/lockdown-modem b/test/lockdown-modem
-index 4e04205..781abb6 100755
---- a/test/lockdown-modem
-+++ b/test/lockdown-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/monitor-ofono b/test/monitor-ofono
-index 8830757..bd31617 100755
---- a/test/monitor-ofono
-+++ b/test/monitor-ofono
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-@@ -6,7 +6,7 @@ import dbus
- import dbus.mainloop.glib
- 
- _dbus2py = {
--	dbus.String : str,
-+	dbus.String : unicode,
- 	dbus.UInt32 : int,
- 	dbus.Int32 : int,
- 	dbus.Int16 : int,
-diff --git a/test/offline-modem b/test/offline-modem
-index e8c043a..ea1f522 100755
---- a/test/offline-modem
-+++ b/test/offline-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus, sys
- 
-diff --git a/test/online-modem b/test/online-modem
-index 029c4a5..310ed7d 100755
---- a/test/online-modem
-+++ b/test/online-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus, sys
- 
-diff --git a/test/private-chat b/test/private-chat
-index e7e5406..ef2ef6c 100755
---- a/test/private-chat
-+++ b/test/private-chat
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/process-context-settings b/test/process-context-settings
-index 8a3ecfa..0f058b2 100755
---- a/test/process-context-settings
-+++ b/test/process-context-settings
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import os
- import dbus
-diff --git a/test/receive-sms b/test/receive-sms
-index a0c6915..c23eb14 100755
---- a/test/receive-sms
-+++ b/test/receive-sms
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/reject-calls b/test/reject-calls
-index 71b243e..9edf1ff 100755
---- a/test/reject-calls
-+++ b/test/reject-calls
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/release-and-answer b/test/release-and-answer
-index dec8e17..25fd818 100755
---- a/test/release-and-answer
-+++ b/test/release-and-answer
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/release-and-swap b/test/release-and-swap
-index cb8c84e..7b3569f 100755
---- a/test/release-and-swap
-+++ b/test/release-and-swap
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/remove-contexts b/test/remove-contexts
-index b54184e..c5082cb 100755
---- a/test/remove-contexts
-+++ b/test/remove-contexts
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/reset-pin b/test/reset-pin
-index 3fbd126..b429254 100755
---- a/test/reset-pin
-+++ b/test/reset-pin
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/scan-for-operators b/test/scan-for-operators
-index b4fc05e..749c710 100755
---- a/test/scan-for-operators
-+++ b/test/scan-for-operators
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/send-sms b/test/send-sms
-index 98808aa..e06444d 100755
---- a/test/send-sms
-+++ b/test/send-sms
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/send-ussd b/test/send-ussd
-index a20e098..e585883 100755
---- a/test/send-ussd
-+++ b/test/send-ussd
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-@@ -46,7 +46,7 @@ if state == "idle":
- print("State: %s" % (state))
- 
- while state == "user-response":
--	response = input("Enter response: ")
-+	response = raw_input("Enter response: ")
- 
- 	print(ussd.Respond(response, timeout=100))
- 
-diff --git a/test/send-vcal b/test/send-vcal
-index 566daef..7f8272b 100755
---- a/test/send-vcal
-+++ b/test/send-vcal
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/send-vcard b/test/send-vcard
-index 4dedf51..250b36f 100755
---- a/test/send-vcard
-+++ b/test/send-vcard
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-call-forwarding b/test/set-call-forwarding
-index 49d1ce0..9fd358b 100755
---- a/test/set-call-forwarding
-+++ b/test/set-call-forwarding
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- from gi.repository import GLib
-diff --git a/test/set-cbs-topics b/test/set-cbs-topics
-index db95e16..78d6d44 100755
---- a/test/set-cbs-topics
-+++ b/test/set-cbs-topics
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-context-property b/test/set-context-property
-index 5ff7a67..64a6fb8 100755
---- a/test/set-context-property
-+++ b/test/set-context-property
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-fast-dormancy b/test/set-fast-dormancy
-index ef77bcd..7bf7715 100755
---- a/test/set-fast-dormancy
-+++ b/test/set-fast-dormancy
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-gsm-band b/test/set-gsm-band
-index b37bcb5..3c17c10 100755
---- a/test/set-gsm-band
-+++ b/test/set-gsm-band
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-mic-volume b/test/set-mic-volume
-index cd6c73f..e0bff49 100755
---- a/test/set-mic-volume
-+++ b/test/set-mic-volume
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-mms-details b/test/set-mms-details
-index 6ee59fa..d2d0838 100755
---- a/test/set-mms-details
-+++ b/test/set-mms-details
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-msisdn b/test/set-msisdn
-index b5fe819..01f284d 100755
---- a/test/set-msisdn
-+++ b/test/set-msisdn
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-roaming-allowed b/test/set-roaming-allowed
-index 698c8b6..9e3e058 100755
---- a/test/set-roaming-allowed
-+++ b/test/set-roaming-allowed
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-speaker-volume b/test/set-speaker-volume
-index 6d4e301..7962f39 100755
---- a/test/set-speaker-volume
-+++ b/test/set-speaker-volume
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-tech-preference b/test/set-tech-preference
-index b549abc..2666cbd 100755
---- a/test/set-tech-preference
-+++ b/test/set-tech-preference
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-tty b/test/set-tty
-index eed1fba..53d6b99 100755
---- a/test/set-tty
-+++ b/test/set-tty
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-umts-band b/test/set-umts-band
-index 0bae5c4..c1e6448 100755
---- a/test/set-umts-band
-+++ b/test/set-umts-band
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-use-sms-reports b/test/set-use-sms-reports
-index 288d4e1..a4efe4f 100755
---- a/test/set-use-sms-reports
-+++ b/test/set-use-sms-reports
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/swap-calls b/test/swap-calls
-index 018a8d3..eeb257b 100755
---- a/test/swap-calls
-+++ b/test/swap-calls
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/test-advice-of-charge b/test/test-advice-of-charge
-index 6e87e61..0f1f57f 100755
---- a/test/test-advice-of-charge
-+++ b/test/test-advice-of-charge
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- import sys
-diff --git a/test/test-call-barring b/test/test-call-barring
-index eedb69f..be4ab57 100755
---- a/test/test-call-barring
-+++ b/test/test-call-barring
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- import sys
-diff --git a/test/test-call-forwarding b/test/test-call-forwarding
-index 5db84d7..01a7294 100755
---- a/test/test-call-forwarding
-+++ b/test/test-call-forwarding
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-call-settings b/test/test-call-settings
-index 435594c..5d7ee49 100755
---- a/test/test-call-settings
-+++ b/test/test-call-settings
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-cbs b/test/test-cbs
-index a5cec06..13cdd80 100755
---- a/test/test-cbs
-+++ b/test/test-cbs
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import dbus.mainloop.glib
-@@ -78,7 +78,7 @@ def set_topics(cbs):
- 	invalidData = False;
- 	index = 0
- 
--	topics = input('Enter the topic ID(s) you want to register to: ')
-+	topics = raw_input('Enter the topic ID(s) you want to register to: ')
- 
- 	while index < len(topics):
- 		if topics[index] == ',' or topics[index] == '-':
-diff --git a/test/test-gnss b/test/test-gnss
-index 6ae64db..aa0b160 100755
---- a/test/test-gnss
-+++ b/test/test-gnss
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- import sys
-@@ -40,7 +40,7 @@ def print_menu():
- def stdin_handler(channel, condition, gnss, path):
- 	in_key = os.read(channel.unix_get_fd(), 160).rstrip().decode('UTF-8')
- 	if in_key == '0':
--		xml = input('type the element and press enter: ')
-+		xml = raw_input('type the element and press enter: ')
- 		try:
- 			gnss.SendPositioningElement(dbus.String(xml))
- 			print("ok")
-diff --git a/test/test-message-waiting b/test/test-message-waiting
-index 432862e..b93fbf3 100755
---- a/test/test-message-waiting
-+++ b/test/test-message-waiting
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- import sys
-diff --git a/test/test-modem b/test/test-modem
-index aa38b1f..29dbf14 100755
---- a/test/test-modem
-+++ b/test/test-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-network-registration b/test/test-network-registration
-index 68b4347..c5ad586 100755
---- a/test/test-network-registration
-+++ b/test/test-network-registration
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- import sys
-diff --git a/test/test-phonebook b/test/test-phonebook
-index 42646d3..116fd4f 100755
---- a/test/test-phonebook
-+++ b/test/test-phonebook
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus, sys
- 
-diff --git a/test/test-push-notification b/test/test-push-notification
-index d972ad3..ecc6afb 100755
---- a/test/test-push-notification
-+++ b/test/test-push-notification
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-smart-messaging b/test/test-smart-messaging
-index f22efd2..188ac1e 100755
---- a/test/test-smart-messaging
-+++ b/test/test-smart-messaging
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-sms b/test/test-sms
-index 30ac651..49935e1 100755
---- a/test/test-sms
-+++ b/test/test-sms
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- # -*- coding: utf-8 -*-
- 
- from gi.repository import GLib
-@@ -132,7 +132,7 @@ def stdin_handler(channel, condition, sms, value, number):
- 		lock = "on"
- 		if in_key == '0':
- 			print_send_sms_menu()
--			sms_type = input('Select SMS type: ')
-+			sms_type = raw_input('Select SMS type: ')
- 
- 			if sms_type == '1':
- 				message_send(sms, number, value)
-@@ -150,49 +150,49 @@ def stdin_handler(channel, condition, sms, value, number):
- 
- 		elif in_key == '1':
- 			message_delivery_report(sms, 1)
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(1)" + value +
- 						": UseDeliveryReports[TRUE]"))
- 
- 		elif in_key == '2':
- 			message_delivery_report(sms, 0)
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(2) " + value +
- 						": UseDeliveryReports[FALSE]"))
- 
- 		elif in_key == '3':
- 			message_service_center_address(sms, SCA)
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(3) " + value +
- 						": ServiceCenterAddress"))
- 
- 		elif in_key == '4':
- 			message_bearer(sms, "ps-only")
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(4) " + value +
- 						": Bearer[ps-only]"))
- 
- 		elif in_key == '5':
- 			message_bearer(sms, "cs-only")
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(5) " + value +
- 						": Bearer[cs-only]"))
- 
- 		elif in_key == '6':
- 			message_bearer(sms, "ps-preferred")
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(6) " + value +
- 						": Bearer[ps-preferred]"))
- 
- 		elif in_key == '7':
- 			message_bearer(sms, "cs-preferred")
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms,number, ("(7) " + value +
- 						": Bearer[cs-preferred]"))
-diff --git a/test/test-ss b/test/test-ss
-index 4cd8732..2c80806 100755
---- a/test/test-ss
-+++ b/test/test-ss
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/test-ss-control-cb b/test/test-ss-control-cb
-index ddae6d3..86bac9b 100755
---- a/test/test-ss-control-cb
-+++ b/test/test-ss-control-cb
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-ss-control-cf b/test/test-ss-control-cf
-index 095eb5d..d30bf4f 100755
---- a/test/test-ss-control-cf
-+++ b/test/test-ss-control-cf
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-ss-control-cs b/test/test-ss-control-cs
-index 8180474..e0ed1d1 100755
---- a/test/test-ss-control-cs
-+++ b/test/test-ss-control-cs
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-stk-menu b/test/test-stk-menu
-index 0cf8fa2..ac0a5bd 100755
---- a/test/test-stk-menu
-+++ b/test/test-stk-menu
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-@@ -58,7 +58,7 @@ class StkAgent(dbus.service.Object):
- 			index += 1
- 
- 		print("\nDefault: %d" % (default))
--		select = input("Enter Selection (t, b):")
-+		select = raw_input("Enter Selection (t, b):")
- 
- 		if select == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -75,7 +75,7 @@ class StkAgent(dbus.service.Object):
- 		print("DisplayText (%s)" % (title))
- 		print("Icon: (%d)" % (int(icon)))
- 		print("Urgent: (%d)" % (urgent))
--		key = input("Press return to clear ('t' terminates, "
-+		key = raw_input("Press return to clear ('t' terminates, "
- 						"'b' goes back, 'n' busy, "
- 						"'w' return and wait):")
- 
-@@ -108,7 +108,7 @@ class StkAgent(dbus.service.Object):
- 		print("Hide typing: (%s)" % (hide_typing))
- 		print("Enter characters, min: %d, max: %d:" % (min_chars,
- 								max_chars))
--		userin = input("")
-+		userin = raw_input("")
- 
- 		return userin
- 
-@@ -122,7 +122,7 @@ class StkAgent(dbus.service.Object):
- 		print("Hide typing: (%s)" % (hide_typing))
- 		print("Enter digits, min: %d, max: %d:" % (min_chars,
- 								max_chars))
--		userin = input("'t' terminates, 'b' goes back:")
-+		userin = raw_input("'t' terminates, 'b' goes back:")
- 
- 		if userin == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -136,7 +136,7 @@ class StkAgent(dbus.service.Object):
- 	def RequestKey(self, title, icon):
- 		print("Title: (%s)" % (title))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Enter Key (t, b):")
-+		key = raw_input("Enter Key (t, b):")
- 
- 		if key == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -150,7 +150,7 @@ class StkAgent(dbus.service.Object):
- 	def RequestDigit(self, title, icon):
- 		print("Title: (%s)" % (title))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Enter Digit (t, b):")
-+		key = raw_input("Enter Digit (t, b):")
- 
- 		if key == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -164,7 +164,7 @@ class StkAgent(dbus.service.Object):
- 	def RequestQuickDigit(self, title, icon):
- 		print("Title: (%s)" % (title))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Quick digit (0-9, *, #, t, b):")
-+		key = raw_input("Quick digit (0-9, *, #, t, b):")
- 
- 		if key == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -178,7 +178,7 @@ class StkAgent(dbus.service.Object):
- 	def RequestConfirmation(self, title, icon):
- 		print("Title: (%s)" % (title))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Enter Confirmation (t, b, y, n):")
-+		key = raw_input("Enter Confirmation (t, b, y, n):")
- 
- 		if key == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -194,7 +194,7 @@ class StkAgent(dbus.service.Object):
- 	def ConfirmCallSetup(self, info, icon):
- 		print("Information: (%s)" % (info))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Enter Confirmation (t, y, n):")
-+		key = raw_input("Enter Confirmation (t, y, n):")
- 
- 		if key == 't':
- 			raise EndSession("User wishes to terminate session")
-@@ -209,7 +209,7 @@ class StkAgent(dbus.service.Object):
- 		print("Information: (%s)" % (info))
- 		print("Icon: (%d)" % (int(icon)))
- 		print("URL (%s)" % (url))
--		key = input("Enter Confirmation (y, n):")
-+		key = raw_input("Enter Confirmation (y, n):")
- 
- 		if key == 'y':
- 			return True
-@@ -232,7 +232,7 @@ class StkAgent(dbus.service.Object):
- 		signal.alarm(5)
- 
- 		try:
--			key = input("Press return to end before end of"
-+			key = raw_input("Press return to end before end of"
- 							 " single tone (t):")
- 			signal.alarm(0)
- 
-@@ -250,7 +250,7 @@ class StkAgent(dbus.service.Object):
- 		print("LoopTone: %s" % (tone))
- 		print("Text: %s" % (text))
- 		print("Icon: %d" % (int(icon)))
--		key = input("Press return to end before timeout "
-+		key = raw_input("Press return to end before timeout "
- 				"('t' terminates, 'w' return and wait):")
- 
- 		if key == 'w':
-@@ -279,7 +279,7 @@ class StkAgent(dbus.service.Object):
- 	def DisplayAction(self, text, icon):
- 		print("Text: (%s)" % (text))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Press 't' to terminate the session ")
-+		key = raw_input("Press 't' to terminate the session ")
- 
- 		if key == 't':
- 			raise EndSession("User wishes to terminate session")
-@@ -289,7 +289,7 @@ class StkAgent(dbus.service.Object):
- 	def ConfirmOpenChannel(self, info, icon):
- 		print("Open channel confirmation: (%s)" % (info))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Enter Confirmation (t, y, n):")
-+		key = raw_input("Enter Confirmation (t, y, n):")
- 
- 		if key == 't':
- 			raise EndSession("User wishes to terminate session")
-@@ -299,7 +299,7 @@ class StkAgent(dbus.service.Object):
- 			return False
- 
- _dbus2py = {
--	dbus.String : str,
-+	dbus.String : unicode,
- 	dbus.UInt32 : int,
- 	dbus.Int32 : int,
- 	dbus.Int16 : int,
-@@ -396,7 +396,7 @@ if __name__ == '__main__':
- 		except:
- 			pass
- 
--		select = int(input("Enter Selection: "))
-+		select = int(raw_input("Enter Selection: "))
- 		stk.SelectItem(select, path)
- 	elif mode == 'agent':
- 		path = "/test/agent"
-diff --git a/test/unlock-pin b/test/unlock-pin
-index 61f4765..10b6626 100755
---- a/test/unlock-pin
-+++ b/test/unlock-pin
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
--- 
-1.9.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.17.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.17.bb
deleted file mode 100644
index 947f9d7..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.17.bb
+++ /dev/null
@@ -1,11 +0,0 @@
-require ofono.inc
-
-SRC_URI  = "\
-  ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
-  file://ofono \
-  file://Revert-test-Convert-to-Python-3.patch \
-"
-SRC_URI[md5sum] = "d280b1d267ba5bf391d2a898fea7c748"
-SRC_URI[sha256sum] = "cbf20f07fd15253c682b23c1786d517f505c3688f7c4ea93da777e1523b89635"
-
-CFLAGS_append_libc-uclibc = " -D_GNU_SOURCE"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.18.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.18.bb
new file mode 100644
index 0000000..b070731
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/ofono/ofono_1.18.bb
@@ -0,0 +1,10 @@
+require ofono.inc
+
+SRC_URI  = "\
+  ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+  file://ofono \
+"
+SRC_URI[md5sum] = "0a6b37c8ace891cb2a7ca5d121043a0a"
+SRC_URI[sha256sum] = "53cdbf342913f46bce4827241c60e24255a3d43a94945edf77482ae5b312d51f"
+
+CFLAGS_append_libc-uclibc = " -D_GNU_SOURCE"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch
deleted file mode 100644
index 9fac69c..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001
-From: "mmcc@openbsd.org" <mmcc@openbsd.org>
-Date: Tue, 20 Oct 2015 03:36:35 +0000
-Subject: [PATCH] upstream commit
-
-Replace a function-local allocation with stack memory.
-
-ok djm@
-
-Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
-Upstream-Status: Backport
-CVE: CVE-2016-1907
-
-[YOCTO #8935]
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- clientloop.c | 9 ++-------
- 1 file changed, 2 insertions(+), 7 deletions(-)
-
-diff --git a/clientloop.c b/clientloop.c
-index 87ceb3d..1e05cba 100644
---- a/clientloop.c
-+++ b/clientloop.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
-+/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */
- /*
-  * Author: Tatu Ylonen <ylo@cs.hut.fi>
-  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-@@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path,
- 	static char proto[512], data[512];
- 	FILE *f;
- 	int got_data = 0, generated = 0, do_unlink = 0, i;
--	char *xauthdir, *xauthfile;
-+	char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = "";
- 	struct stat st;
- 	u_int now, x11_timeout_real;
- 
--	xauthdir = xauthfile = NULL;
- 	*_proto = proto;
- 	*_data = data;
- 	proto[0] = data[0] = '\0';
-@@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
- 			display = xdisplay;
- 		}
- 		if (trusted == 0) {
--			xauthdir = xmalloc(PATH_MAX);
--			xauthfile = xmalloc(PATH_MAX);
- 			mktemp_proto(xauthdir, PATH_MAX);
- 			/*
- 			 * The authentication cookie should briefly outlive
-@@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
- 		unlink(xauthfile);
- 		rmdir(xauthdir);
- 	}
--	free(xauthdir);
--	free(xauthfile);
- 
- 	/*
- 	 * If we didn't get authentication data, just make up some
--- 
-1.9.1
-
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_3.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_3.patch
deleted file mode 100644
index 3dfc51a..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_3.patch
+++ /dev/null
@@ -1,329 +0,0 @@
-From ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Wed, 13 Jan 2016 23:04:47 +0000
-Subject: [PATCH] upstream commit
-
-eliminate fallback from untrusted X11 forwarding to trusted
- forwarding when the X server disables the SECURITY extension; Reported by
- Thomas Hoger; ok deraadt@
-
-Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
-Upstream-Status: Backport
-CVE: CVE-2016-1907
-
-[YOCTO #8935]
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- clientloop.c | 114 ++++++++++++++++++++++++++++++++++++-----------------------
- clientloop.h |   4 +--
- mux.c        |  22 ++++++------
- ssh.c        |  23 +++++-------
- 4 files changed, 93 insertions(+), 70 deletions(-)
-
-Index: openssh-7.1p2/clientloop.c
-===================================================================
---- openssh-7.1p2.orig/clientloop.c
-+++ openssh-7.1p2/clientloop.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */
-+/* $OpenBSD: clientloop.c,v 1.279 2016/01/13 23:04:47 djm Exp $ */
- /*
-  * Author: Tatu Ylonen <ylo@cs.hut.fi>
-  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-@@ -288,6 +288,9 @@ client_x11_display_valid(const char *dis
- {
- 	size_t i, dlen;
- 
-+	if (display == NULL)
-+		return 0;
-+
- 	dlen = strlen(display);
- 	for (i = 0; i < dlen; i++) {
- 		if (!isalnum((u_char)display[i]) &&
-@@ -301,34 +304,33 @@ client_x11_display_valid(const char *dis
- 
- #define SSH_X11_PROTO		"MIT-MAGIC-COOKIE-1"
- #define X11_TIMEOUT_SLACK	60
--void
-+int
- client_x11_get_proto(const char *display, const char *xauth_path,
-     u_int trusted, u_int timeout, char **_proto, char **_data)
- {
--	char cmd[1024];
--	char line[512];
--	char xdisplay[512];
-+	char cmd[1024], line[512], xdisplay[512];
-+	char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
- 	static char proto[512], data[512];
- 	FILE *f;
--	int got_data = 0, generated = 0, do_unlink = 0, i;
--	char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = "";
-+	int got_data = 0, generated = 0, do_unlink = 0, i, r;
- 	struct stat st;
- 	u_int now, x11_timeout_real;
- 
- 	*_proto = proto;
- 	*_data = data;
--	proto[0] = data[0] = '\0';
-+	proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
- 
--	if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
--		debug("No xauth program.");
--	} else if (!client_x11_display_valid(display)) {
--		logit("DISPLAY '%s' invalid, falling back to fake xauth data",
-+	if (!client_x11_display_valid(display)) {
-+		logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
- 		    display);
--	} else {
--		if (display == NULL) {
--			debug("x11_get_proto: DISPLAY not set");
--			return;
--		}
-+		return -1;
-+	}
-+	if (xauth_path != NULL && stat(xauth_path, &st) == -1) {
-+		debug("No xauth program.");
-+		xauth_path = NULL;
-+	}
-+
-+	if (xauth_path != NULL) {
- 		/*
- 		 * Handle FamilyLocal case where $DISPLAY does
- 		 * not match an authorization entry.  For this we
-@@ -337,43 +339,60 @@ client_x11_get_proto(const char *display
- 		 *      is not perfect.
- 		 */
- 		if (strncmp(display, "localhost:", 10) == 0) {
--			snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
--			    display + 10);
-+			if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
-+			    display + 10)) < 0 ||
-+			    (size_t)r >= sizeof(xdisplay)) {
-+				error("%s: display name too long", __func__);
-+				return -1;
-+			}
- 			display = xdisplay;
- 		}
- 		if (trusted == 0) {
--			mktemp_proto(xauthdir, PATH_MAX);
- 			/*
-+			 * Generate an untrusted X11 auth cookie.
-+			 *
- 			 * The authentication cookie should briefly outlive
- 			 * ssh's willingness to forward X11 connections to
- 			 * avoid nasty fail-open behaviour in the X server.
- 			 */
-+			mktemp_proto(xauthdir, sizeof(xauthdir));
-+			if (mkdtemp(xauthdir) == NULL) {
-+				error("%s: mkdtemp: %s",
-+				    __func__, strerror(errno));
-+				return -1;
-+			}
-+			do_unlink = 1;
-+			if ((r = snprintf(xauthfile, sizeof(xauthfile),
-+			    "%s/xauthfile", xauthdir)) < 0 ||
-+			    (size_t)r >= sizeof(xauthfile)) {
-+				error("%s: xauthfile path too long", __func__);
-+				unlink(xauthfile);
-+				rmdir(xauthdir);
-+				return -1;
-+			}
-+
- 			if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
- 				x11_timeout_real = UINT_MAX;
- 			else
- 				x11_timeout_real = timeout + X11_TIMEOUT_SLACK;
--			if (mkdtemp(xauthdir) != NULL) {
--				do_unlink = 1;
--				snprintf(xauthfile, PATH_MAX, "%s/xauthfile",
--				    xauthdir);
--				snprintf(cmd, sizeof(cmd),
--				    "%s -f %s generate %s " SSH_X11_PROTO
--				    " untrusted timeout %u 2>" _PATH_DEVNULL,
--				    xauth_path, xauthfile, display,
--				    x11_timeout_real);
--				debug2("x11_get_proto: %s", cmd);
--				if (x11_refuse_time == 0) {
--					now = monotime() + 1;
--					if (UINT_MAX - timeout < now)
--						x11_refuse_time = UINT_MAX;
--					else
--						x11_refuse_time = now + timeout;
--					channel_set_x11_refuse_time(
--					    x11_refuse_time);
--				}
--				if (system(cmd) == 0)
--					generated = 1;
-+			if ((r = snprintf(cmd, sizeof(cmd),
-+			    "%s -f %s generate %s " SSH_X11_PROTO
-+			    " untrusted timeout %u 2>" _PATH_DEVNULL,
-+			    xauth_path, xauthfile, display,
-+			    x11_timeout_real)) < 0 ||
-+			    (size_t)r >= sizeof(cmd))
-+				fatal("%s: cmd too long", __func__);
-+			debug2("%s: %s", __func__, cmd);
-+			if (x11_refuse_time == 0) {
-+				now = monotime() + 1;
-+				if (UINT_MAX - timeout < now)
-+					x11_refuse_time = UINT_MAX;
-+				else
-+					x11_refuse_time = now + timeout;
-+				channel_set_x11_refuse_time(x11_refuse_time);
- 			}
-+			if (system(cmd) == 0)
-+				generated = 1;
- 		}
- 
- 		/*
-@@ -395,9 +414,7 @@ client_x11_get_proto(const char *display
- 				got_data = 1;
- 			if (f)
- 				pclose(f);
--		} else
--			error("Warning: untrusted X11 forwarding setup failed: "
--			    "xauth key data not generated");
-+		}
- 	}
- 
- 	if (do_unlink) {
-@@ -405,6 +422,13 @@ client_x11_get_proto(const char *display
- 		rmdir(xauthdir);
- 	}
- 
-+	/* Don't fall back to fake X11 data for untrusted forwarding */
-+	if (!trusted && !got_data) {
-+		error("Warning: untrusted X11 forwarding setup failed: "
-+		    "xauth key data not generated");
-+		return -1;
-+	}
-+
- 	/*
- 	 * If we didn't get authentication data, just make up some
- 	 * data.  The forwarding code will check the validity of the
-@@ -427,6 +451,8 @@ client_x11_get_proto(const char *display
- 			rnd >>= 8;
- 		}
- 	}
-+
-+	return 0;
- }
- 
- /*
-Index: openssh-7.1p2/clientloop.h
-===================================================================
---- openssh-7.1p2.orig/clientloop.h
-+++ openssh-7.1p2/clientloop.h
-@@ -1,4 +1,4 @@
--/* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */
-+/* $OpenBSD: clientloop.h,v 1.32 2016/01/13 23:04:47 djm Exp $ */
- 
- /*
-  * Author: Tatu Ylonen <ylo@cs.hut.fi>
-@@ -39,7 +39,7 @@
- 
- /* Client side main loop for the interactive session. */
- int	 client_loop(int, int, int);
--void	 client_x11_get_proto(const char *, const char *, u_int, u_int,
-+int	 client_x11_get_proto(const char *, const char *, u_int, u_int,
- 	    char **, char **);
- void	 client_global_request_reply_fwd(int, u_int32_t, void *);
- void	 client_session2_setup(int, int, int, const char *, struct termios *,
-Index: openssh-7.1p2/mux.c
-===================================================================
---- openssh-7.1p2.orig/mux.c
-+++ openssh-7.1p2/mux.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */
-+/* $OpenBSD: mux.c,v 1.58 2016/01/13 23:04:47 djm Exp $ */
- /*
-  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
-  *
-@@ -1354,16 +1354,18 @@ mux_session_confirm(int id, int success,
- 		char *proto, *data;
- 
- 		/* Get reasonable local authentication information. */
--		client_x11_get_proto(display, options.xauth_location,
-+		if (client_x11_get_proto(display, options.xauth_location,
- 		    options.forward_x11_trusted, options.forward_x11_timeout,
--		    &proto, &data);
--		/* Request forwarding with authentication spoofing. */
--		debug("Requesting X11 forwarding with authentication "
--		    "spoofing.");
--		x11_request_forwarding_with_spoofing(id, display, proto,
--		    data, 1);
--		client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
--		/* XXX exit_on_forward_failure */
-+		    &proto, &data) == 0) {
-+			/* Request forwarding with authentication spoofing. */
-+			debug("Requesting X11 forwarding with authentication "
-+			    "spoofing.");
-+			x11_request_forwarding_with_spoofing(id, display, proto,
-+			    data, 1);
-+			/* XXX exit_on_forward_failure */
-+			client_expect_confirm(id, "X11 forwarding",
-+			    CONFIRM_WARN);
-+		}
- 	}
- 
- 	if (cctx->want_agent_fwd && options.forward_agent) {
-Index: openssh-7.1p2/ssh.c
-===================================================================
---- openssh-7.1p2.orig/ssh.c
-+++ openssh-7.1p2/ssh.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: ssh.c,v 1.420 2015/07/30 00:01:34 djm Exp $ */
-+/* $OpenBSD: ssh.c,v 1.433 2016/01/13 23:04:47 djm Exp $ */
- /*
-  * Author: Tatu Ylonen <ylo@cs.hut.fi>
-  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-@@ -1604,6 +1604,7 @@ ssh_session(void)
- 	struct winsize ws;
- 	char *cp;
- 	const char *display;
-+	char *proto = NULL, *data = NULL;
- 
- 	/* Enable compression if requested. */
- 	if (options.compression) {
-@@ -1674,13 +1675,9 @@ ssh_session(void)
- 	display = getenv("DISPLAY");
- 	if (display == NULL && options.forward_x11)
- 		debug("X11 forwarding requested but DISPLAY not set");
--	if (options.forward_x11 && display != NULL) {
--		char *proto, *data;
--		/* Get reasonable local authentication information. */
--		client_x11_get_proto(display, options.xauth_location,
--		    options.forward_x11_trusted,
--		    options.forward_x11_timeout,
--		    &proto, &data);
-+	if (options.forward_x11 && client_x11_get_proto(display,
-+	    options.xauth_location, options.forward_x11_trusted,
-+	    options.forward_x11_timeout, &proto, &data) == 0) {
- 		/* Request forwarding with authentication spoofing. */
- 		debug("Requesting X11 forwarding with authentication "
- 		    "spoofing.");
-@@ -1770,6 +1767,7 @@ ssh_session2_setup(int id, int success,
- 	extern char **environ;
- 	const char *display;
- 	int interactive = tty_flag;
-+	char *proto = NULL, *data = NULL;
- 
- 	if (!success)
- 		return; /* No need for error message, channels code sens one */
-@@ -1777,12 +1775,9 @@ ssh_session2_setup(int id, int success,
- 	display = getenv("DISPLAY");
- 	if (display == NULL && options.forward_x11)
- 		debug("X11 forwarding requested but DISPLAY not set");
--	if (options.forward_x11 && display != NULL) {
--		char *proto, *data;
--		/* Get reasonable local authentication information. */
--		client_x11_get_proto(display, options.xauth_location,
--		    options.forward_x11_trusted,
--		    options.forward_x11_timeout, &proto, &data);
-+	if (options.forward_x11 && client_x11_get_proto(display,
-+	    options.xauth_location, options.forward_x11_trusted,
-+	    options.forward_x11_timeout, &proto, &data) == 0) {
- 		/* Request forwarding with authentication spoofing. */
- 		debug("Requesting X11 forwarding with authentication "
- 		    "spoofing.");
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch
deleted file mode 100644
index f3d132e..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From d77148e3a3ef6c29b26ec74331455394581aa257 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Sun, 8 Nov 2015 21:59:11 +0000
-Subject: [PATCH] upstream commit
-
-fix OOB read in packet code caused by missing return
- statement found by Ben Hawkes; ok markus@ deraadt@
-
-Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
-
-Upstream-Status: Backport
-CVE: CVE-2016-1907
-
-[YOCTO #8935]
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- packet.c | 1 +
- 1 file changed, 1 insertion(+)
-
-Index: openssh-7.1p2/packet.c
-===================================================================
---- openssh-7.1p2.orig/packet.c
-+++ openssh-7.1p2/packet.c
-@@ -1855,6 +1855,7 @@ ssh_packet_process_incoming(struct ssh *
- 		if (len >= state->packet_discard) {
- 			if ((r = ssh_packet_stop_discard(ssh)) != 0)
- 				return r;
-+			return SSH_ERR_CONN_CORRUPT;
- 		}
- 		state->packet_discard -= len;
- 		return 0;
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
new file mode 100644
index 0000000..df64a14
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
@@ -0,0 +1,99 @@
+From 3328e98bcbf2930cd7eea3e6c92ad5dcbdf4794f Mon Sep 17 00:00:00 2001
+From: Yuanjie Huang <yuanjie.huang@windriver.com>
+Date: Wed, 24 Aug 2016 03:15:43 +0000
+Subject: [PATCH] Fix potential signed overflow in pointer arithmatic
+
+Pointer arithmatic results in implementation defined signed integer
+type, so that 's - src' in strlcpy and others may trigger signed overflow.
+In case of compilation by gcc or clang with -ftrapv option, the overflow
+would lead to program abort.
+
+Upstream-status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
+
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+---
+ openbsd-compat/strlcat.c | 8 ++++++--
+ openbsd-compat/strlcpy.c | 8 ++++++--
+ openbsd-compat/strnlen.c | 8 ++++++--
+ 3 files changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
+index bcc1b61..e758ebf 100644
+--- a/openbsd-compat/strlcat.c
++++ b/openbsd-compat/strlcat.c
+@@ -23,6 +23,7 @@
+ 
+ #include <sys/types.h>
+ #include <string.h>
++#include <stdint.h>
+ 
+ /*
+  * Appends src to string dst of size siz (unlike strncat, siz is the
+@@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz)
+ 		s++;
+ 	}
+ 	*d = '\0';
+-
+-	return(dlen + (s - src));	/* count does not include NUL */
++        /*
++	 * Cast pointers to unsigned type before calculation, to avoid signed
++	 * overflow when the string ends where the MSB has changed.
++	 */
++	return (dlen + ((uintptr_t)s - (uintptr_t)src));	/* count does not include NUL */
+ }
+ 
+ #endif /* !HAVE_STRLCAT */
+diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c
+index b4b1b60..b06f374 100644
+--- a/openbsd-compat/strlcpy.c
++++ b/openbsd-compat/strlcpy.c
+@@ -23,6 +23,7 @@
+ 
+ #include <sys/types.h>
+ #include <string.h>
++#include <stdint.h>
+ 
+ /*
+  * Copy src to string dst of size siz.  At most siz-1 characters
+@@ -51,8 +52,11 @@ strlcpy(char *dst, const char *src, size_t siz)
+ 		while (*s++)
+ 			;
+ 	}
+-
+-	return(s - src - 1);	/* count does not include NUL */
++        /*
++	 * Cast pointers to unsigned type before calculation, to avoid signed
++	 * overflow when the string ends where the MSB has changed.
++	 */
++	return ((uintptr_t)s - (uintptr_t)src - 1);	/* count does not include NUL */
+ }
+ 
+ #endif /* !HAVE_STRLCPY */
+diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c
+index 93d5155..9b8de5d 100644
+--- a/openbsd-compat/strnlen.c
++++ b/openbsd-compat/strnlen.c
+@@ -23,6 +23,7 @@
+ #include <sys/types.h>
+ 
+ #include <string.h>
++#include <stdint.h>
+ 
+ size_t
+ strnlen(const char *str, size_t maxlen)
+@@ -31,7 +32,10 @@ strnlen(const char *str, size_t maxlen)
+ 
+ 	for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
+ 		;
+-
+-	return (size_t)(cp - str);
++        /*
++	 * Cast pointers to unsigned type before calculation, to avoid signed
++	 * overflow when the string ends where the MSB has changed.
++	 */
++	return (size_t)((uintptr_t)cp - (uintptr_t)str);
+ }
+ #endif
+-- 
+1.9.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/init b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/init
index 70d4a34..1f63725 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/init
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/init
@@ -41,7 +41,7 @@
 }
 
 check_config() {
-	/usr/sbin/sshd -t || exit 1
+	/usr/sbin/sshd -t $SSHD_OPTS || exit 1
 }
 
 check_keys() {
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
new file mode 100644
index 0000000..2773c14
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
@@ -0,0 +1,118 @@
+From d7eb26785ad4f25fb09fae46726ab8ca3fe16921 Mon Sep 17 00:00:00 2001
+From: Haiqing Bai <Haiqing.Bai@windriver.com>
+Date: Mon, 22 Aug 2016 14:11:16 +0300
+Subject: [PATCH] Remove des in cipher.
+
+Upstream-Status: Pending
+
+Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+---
+ cipher.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/cipher.c b/cipher.c
+index 031bda9..6cd667a 100644
+--- a/cipher.c
++++ b/cipher.c
+@@ -53,8 +53,10 @@
+ 
+ #ifdef WITH_SSH1
+ extern const EVP_CIPHER *evp_ssh1_bf(void);
++#ifndef OPENSSL_NO_DES
+ extern const EVP_CIPHER *evp_ssh1_3des(void);
+ extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
++#endif /* OPENSSL_NO_DES */
+ #endif
+ 
+ struct sshcipher {
+@@ -79,15 +81,19 @@ struct sshcipher {
+ 
+ static const struct sshcipher ciphers[] = {
+ #ifdef WITH_SSH1
++#ifndef OPENSSL_NO_DES
+ 	{ "des",	SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
+ 	{ "3des",	SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
++#endif /* OPENSSL_NO_DES */
+ # ifndef OPENSSL_NO_BF
+ 	{ "blowfish",	SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
+ # endif /* OPENSSL_NO_BF */
+ #endif /* WITH_SSH1 */
+ #ifdef WITH_OPENSSL
+ 	{ "none",	SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
++#ifndef OPENSSL_NO_DES
+ 	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
++#endif /* OPENSSL_NO_DES */
+ # ifndef OPENSSL_NO_BF
+ 	{ "blowfish-cbc",
+ 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
+@@ -171,8 +177,10 @@ cipher_keylen(const struct sshcipher *c)
+ u_int
+ cipher_seclen(const struct sshcipher *c)
+ {
++#ifndef OPENSSL_NO_DES
+ 	if (strcmp("3des-cbc", c->name) == 0)
+ 		return 14;
++#endif /* OPENSSL_NO_DES */
+ 	return cipher_keylen(c);
+ }
+ 
+@@ -209,11 +217,13 @@ u_int
+ cipher_mask_ssh1(int client)
+ {
+ 	u_int mask = 0;
++#ifndef OPENSSL_NO_DES
+ 	mask |= 1 << SSH_CIPHER_3DES;		/* Mandatory */
+ 	mask |= 1 << SSH_CIPHER_BLOWFISH;
+ 	if (client) {
+ 		mask |= 1 << SSH_CIPHER_DES;
+ 	}
++#endif /*OPENSSL_NO_DES*/
+ 	return mask;
+ }
+ 
+@@ -553,7 +563,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
+ 	switch (c->number) {
+ #ifdef WITH_OPENSSL
+ 	case SSH_CIPHER_SSH2:
++#ifndef OPENSSL_NO_DES
+ 	case SSH_CIPHER_DES:
++#endif /* OPENSSL_NO_DES */
+ 	case SSH_CIPHER_BLOWFISH:
+ 		evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+ 		if (evplen == 0)
+@@ -576,8 +588,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
+ 		break;
+ #endif
+ #ifdef WITH_SSH1
++#ifndef OPENSSL_NO_DES
+ 	case SSH_CIPHER_3DES:
+ 		return ssh1_3des_iv(&cc->evp, 0, iv, 24);
++#endif /* OPENSSL_NO_DES */
+ #endif
+ 	default:
+ 		return SSH_ERR_INVALID_ARGUMENT;
+@@ -601,7 +615,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
+ 	switch (c->number) {
+ #ifdef WITH_OPENSSL
+ 	case SSH_CIPHER_SSH2:
++#ifndef OPENSSL_NO_DES
+ 	case SSH_CIPHER_DES:
++#endif /* OPENSSL_NO_DES */
+ 	case SSH_CIPHER_BLOWFISH:
+ 		evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+ 		if (evplen <= 0)
+@@ -616,8 +632,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
+ 		break;
+ #endif
+ #ifdef WITH_SSH1
++#ifndef OPENSSL_NO_DES
+ 	case SSH_CIPHER_3DES:
+ 		return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24);
++#endif /* OPENSSL_NO_DES */
+ #endif
+ 	default:
+ 		return SSH_ERR_INVALID_ARGUMENT;
+-- 
+2.1.4
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch
new file mode 100644
index 0000000..815af42
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch
@@ -0,0 +1,70 @@
+From 04cfd84423f693d879dc3ffebb0f6fe2680c254f Mon Sep 17 00:00:00 2001
+From: Haiqing Bai <Haiqing.Bai@windriver.com>
+Date: Fri, 18 Mar 2016 15:59:21 +0800
+Subject: [PATCH 3/3] remove des in pkcs11.
+
+Upstream-Status: Pending
+
+Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
+
+---
+ pkcs11.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/pkcs11.h b/pkcs11.h
+index b01d58f..98b36e6 100644
+--- a/pkcs11.h
++++ b/pkcs11.h
+@@ -342,9 +342,11 @@ typedef unsigned long ck_key_type_t;
+ #define CKK_GENERIC_SECRET	(0x10)
+ #define CKK_RC2			(0x11)
+ #define CKK_RC4			(0x12)
++#ifndef OPENSSL_NO_DES
+ #define CKK_DES			(0x13)
+ #define CKK_DES2		(0x14)
+ #define CKK_DES3		(0x15)
++#endif /* OPENSSL_NO_DES */
+ #define CKK_CAST		(0x16)
+ #define CKK_CAST3		(0x17)
+ #define CKK_CAST128		(0x18)
+@@ -512,6 +514,7 @@ typedef unsigned long ck_mechanism_type_t;
+ #define CKM_RC2_CBC_PAD			(0x105)
+ #define CKM_RC4_KEY_GEN			(0x110)
+ #define CKM_RC4				(0x111)
++#ifndef OPENSSL_NO_DES
+ #define CKM_DES_KEY_GEN			(0x120)
+ #define CKM_DES_ECB			(0x121)
+ #define CKM_DES_CBC			(0x122)
+@@ -525,6 +528,7 @@ typedef unsigned long ck_mechanism_type_t;
+ #define CKM_DES3_MAC			(0x134)
+ #define CKM_DES3_MAC_GENERAL		(0x135)
+ #define CKM_DES3_CBC_PAD		(0x136)
++#endif /* OPENSSL_NO_DES */
+ #define CKM_CDMF_KEY_GEN		(0x140)
+ #define CKM_CDMF_ECB			(0x141)
+ #define CKM_CDMF_CBC			(0x142)
+@@ -610,8 +614,10 @@ typedef unsigned long ck_mechanism_type_t;
+ #define CKM_MD5_KEY_DERIVATION		(0x390)
+ #define CKM_MD2_KEY_DERIVATION		(0x391)
+ #define CKM_SHA1_KEY_DERIVATION		(0x392)
++#ifndef OPENSSL_NO_DES
+ #define CKM_PBE_MD2_DES_CBC		(0x3a0)
+ #define CKM_PBE_MD5_DES_CBC		(0x3a1)
++#endif /* OPENSSL_NO_DES */
+ #define CKM_PBE_MD5_CAST_CBC		(0x3a2)
+ #define CKM_PBE_MD5_CAST3_CBC		(0x3a3)
+ #define CKM_PBE_MD5_CAST5_CBC		(0x3a4)
+@@ -620,8 +626,10 @@ typedef unsigned long ck_mechanism_type_t;
+ #define CKM_PBE_SHA1_CAST128_CBC	(0x3a5)
+ #define CKM_PBE_SHA1_RC4_128		(0x3a6)
+ #define CKM_PBE_SHA1_RC4_40		(0x3a7)
++#ifndef OPENSSL_NO_DES
+ #define CKM_PBE_SHA1_DES3_EDE_CBC	(0x3a8)
+ #define CKM_PBE_SHA1_DES2_EDE_CBC	(0x3a9)
++#endif /* OPENSSL_NO_DES */
+ #define CKM_PBE_SHA1_RC2_128_CBC	(0x3aa)
+ #define CKM_PBE_SHA1_RC2_40_CBC		(0x3ab)
+ #define CKM_PKCS5_PBKD2			(0x3b0)
+-- 
+1.9.1
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.1p2.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
similarity index 89%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.1p2.bb
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
index 3b5e28a..039b0ff 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.1p2.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
@@ -1,8 +1,9 @@
-SUMMARY = "Secure rlogin/rsh/rcp/telnet replacement"
+SUMMARY = "A suite of security-related network utilities based on \
+the SSH protocol including the ssh client and sshd server"
 DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
 Ssh (Secure Shell) is a program for logging into a remote machine \
 and for executing commands on a remote machine."
-HOMEPAGE = "http://openssh.org"
+HOMEPAGE = "http://www.openssh.com/"
 SECTION = "console/network"
 LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
@@ -10,7 +11,7 @@
 DEPENDS = "zlib openssl"
 DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
-SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
+SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
            file://sshd_config \
            file://ssh_config \
            file://init \
@@ -21,14 +22,15 @@
            file://volatiles.99_sshd \
            file://add-test-support-for-busybox.patch \
            file://run-ptest \
-           file://CVE-2016-1907_upstream_commit.patch \
-           file://CVE-2016-1907_2.patch \
-           file://CVE-2016-1907_3.patch "
+           file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \
+           file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
+           file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
+           "
 
 PAM_SRC_URI = "file://sshd"
 
-SRC_URI[md5sum] = "4d8547670e2a220d5ef805ad9e47acf2"
-SRC_URI[sha256sum] = "dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd"
+SRC_URI[md5sum] = "dfadd9f035d38ce5d58a3bf130b86d08"
+SRC_URI[sha256sum] = "3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc"
 
 inherit useradd update-rc.d update-alternatives systemd
 
@@ -113,6 +115,7 @@
 	echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+	echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 
 	install -d ${D}${systemd_unitdir}/system
 	install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc
index a5ddf4d..f3a2c5a 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl.inc
@@ -8,7 +8,7 @@
 LICENSE = "openssl"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
 
-DEPENDS = "hostperl-runtime-native"
+DEPENDS = "makedepend-native hostperl-runtime-native"
 DEPENDS_append_class-target = " openssl-native"
 
 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
@@ -36,15 +36,15 @@
 FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
 FILES_libssl = "${libdir}/libssl${SOLIBS}"
 FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
+FILES_${PN}-misc = "${libdir}/ssl/misc"
 RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
 
 # Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
 # package RRECOMMENDS on this package.  This will enable the configuration
 # file to be installed for both the base openssl package and the libcrypto
 # package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 RRECOMMENDS_libcrypto += "openssl-conf"
 RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
 
@@ -114,7 +114,10 @@
 		target=debian-mipsel
 		;;
         linux-*-mips64 | linux-mips64)
-               target=linux-mips
+               target=debian-mips64
+                ;;
+        linux-*-mips64el | linux-mips64el)
+               target=debian-mips64el
                 ;;
 	linux-microblaze*|linux-nios2*)
 		target=linux-generic32
@@ -149,10 +152,14 @@
 }
 
 do_compile () {
+	oe_runmake depend
 	oe_runmake
 }
 
 do_compile_ptest () {
+	# build dependencies for test directory too
+	export DIRS="$DIRS test"
+	oe_runmake depend
 	oe_runmake buildtest
 }
 
@@ -168,36 +175,60 @@
 	install -d ${D}${includedir}
 	cp --dereference -R include/openssl ${D}${includedir}
 
+	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
+	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
+
 	oe_multilib_header openssl/opensslconf.h
 	if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
-		install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
-		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
 		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
 		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
-		# The c_rehash utility isn't installed by the normal installation process.
 	else
-		rm -f ${D}${bindir}/c_rehash
 		rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
 	fi
+
+	# Create SSL structure
+	install -d ${D}${sysconfdir}/ssl/
+	mv ${D}${libdir}/ssl/openssl.cnf \
+	   ${D}${libdir}/ssl/certs \
+	   ${D}${libdir}/ssl/private \
+	   \
+	   ${D}${sysconfdir}/ssl/
+	ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+	ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
 }
 
 do_install_ptest () {
 	cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
 	cp Configure config e_os.h ${D}${PTEST_PATH}
 	cp -r -L include ${D}${PTEST_PATH}
-	ln -sf ${base_libdir}/libcrypto.a ${D}${PTEST_PATH}
+	ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
 	ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
 	mkdir -p ${D}${PTEST_PATH}/crypto
 	cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
 	cp -r certs ${D}${PTEST_PATH}
 	mkdir -p ${D}${PTEST_PATH}/apps
 	ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
-	ln -sf ${libdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
 	ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
+	cp apps/server.pem              ${D}${PTEST_PATH}/apps
 	cp apps/server2.pem             ${D}${PTEST_PATH}/apps
 	mkdir -p ${D}${PTEST_PATH}/util
 	install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
 	install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
+	# Time stamps are relevant for "make alltests", otherwise
+	# make may try to recompile binaries. Not only must the
+	# binary files be newer than the sources, they also must
+	# be more recent than the header files in /usr/include.
+	#
+	# Using "cp -a" is not sufficient, because do_install
+	# does not preserve the original time stamps.
+	#
+	# So instead of using the original file stamps, we set
+	# the current time for all files. Binaries will get
+	# modified again later when stripping them, but that's okay.
+	touch ${D}${PTEST_PATH}
+	find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
 }
 
 do_install_append_class-native() {
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
deleted file mode 100644
index af3989f..0000000
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Upstream-Status: Backport
-
-When building on x32 systems where the default type is 32bit, make sure
-we can transparently represent 64bit integers.  Otherwise we end up with
-build errors like:
-/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
-Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
-...
-ghash-x86_64.s: Assembler messages:
-ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
-
-We don't enable this globally as there are some cases where we'd get
-32bit values interpreted as unsigned when we need them as signed.
-
-Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
-URL: https://bugs.gentoo.org/542618
-
-Signed-off-By: Armin Kuster <akuster@mvista.com>
-
-Index: openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
-===================================================================
---- openssl-1.0.2a.orig/crypto/perlasm/x86_64-xlate.pl
-+++ openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
-@@ -194,7 +194,10 @@ my %globals;
-     }
-     sub out {
-     	my $self = shift;
--
-+	# When building on x32 ABIs, the expanded hex value might be too
-+	# big to fit into 32bits. Enable transparent 64bit support here
-+	# so we can safely print it out.
-+	use bigint;
- 	if ($gas) {
- 	    # Solaris /usr/ccs/bin/as can't handle multiplications
- 	    # in $self->{value}
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
index aba4d42..fb745e4 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
@@ -7,7 +7,7 @@
 @@ -65,6 +65,7 @@
  foreach (@ARGV) {
  	if ( /^(-\?|-h|-help)$/ ) {
- 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+ 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
 +	    print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
  	    exit 0;
  	} elsif (/^-newcert$/) {
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
index 06d1ea6..2a318a4 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
@@ -4,7 +4,7 @@
 the cipher des-ede3-cfb1. Complete bug log and patch is present here:
 http://rt.openssl.org/Ticket/Display.html?id=2867
 
-Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
+Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
 
 Index: openssl-1.0.2/crypto/evp/e_des3.c
 ===================================================================
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index cebc8cf..f736e5c 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -8,16 +8,16 @@
 
 Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
 ---
-Index: openssl-1.0.2/crypto/evp/digest.c
+Index: openssl-1.0.2h/crypto/evp/digest.c
 ===================================================================
---- openssl-1.0.2.orig/crypto/evp/digest.c
-+++ openssl-1.0.2/crypto/evp/digest.c
-@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
-         return 0;
+--- openssl-1.0.2h.orig/crypto/evp/digest.c
++++ openssl-1.0.2h/crypto/evp/digest.c
+@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+         type = ctx->digest;
      }
  #endif
 -    if (ctx->digest != type) {
 +    if (type && (ctx->digest != type)) {
-         if (ctx->digest && ctx->digest->ctx_size)
+         if (ctx->digest && ctx->digest->ctx_size) {
              OPENSSL_free(ctx->md_data);
-         ctx->digest = type;
+             ctx->md_data = NULL;
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
new file mode 100644
index 0000000..f67f415
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
@@ -0,0 +1,210 @@
+#!/bin/sh
+#
+# Ben Secrest <blsecres@gmail.com>
+#
+# sh c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+#
+# based on the c_rehash perl script distributed with openssl
+#
+# LICENSE: See OpenSSL license
+# ^^acceptable?^^
+#
+
+# default certificate location
+DIR=/etc/openssl
+
+# for filetype bitfield
+IS_CERT=$(( 1 << 0 ))
+IS_CRL=$(( 1 << 1 ))
+
+
+# check to see if a file is a certificate file or a CRL file
+# arguments:
+#       1. the filename to be scanned
+# returns:
+#       bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
+#
+check_file()
+{
+    local IS_TYPE=0
+
+    # make IFS a newline so we can process grep output line by line
+    local OLDIFS=${IFS}
+    IFS=$( printf "\n" )
+
+    # XXX: could be more efficient to have two 'grep -m' but is -m portable?
+    for LINE in $( grep '^-----BEGIN .*-----' ${1} )
+    do
+	if echo ${LINE} \
+	    | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
+	then
+	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
+
+	    if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
+	    then
+	    	break
+	    fi
+	elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
+	then
+	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
+
+	    if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
+	    then
+	    	break
+	    fi
+	fi
+    done
+
+    # restore IFS
+    IFS=${OLDIFS}
+
+    return ${IS_TYPE}
+}
+
+
+#
+# use openssl to fingerprint a file
+#    arguments:
+#	1. the filename to fingerprint
+#	2. the method to use (x509, crl)
+#    returns:
+#	none
+#    assumptions:
+#	user will capture output from last stage of pipeline
+#
+fingerprint()
+{
+    ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+}
+
+
+#
+# link_hash - create links to certificate files
+#    arguments:
+#       1. the filename to create a link for
+#	2. the type of certificate being linked (x509, crl)
+#    returns:
+#	0 on success, 1 otherwise
+#
+link_hash()
+{
+    local FINGERPRINT=$( fingerprint ${1} ${2} )
+    local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
+    local SUFFIX=0
+    local LINKFILE=''
+    local TAG=''
+
+    if [ ${2} = "crl" ]
+    then
+    	TAG='r'
+    fi
+
+    LINKFILE=${HASH}.${TAG}${SUFFIX}
+
+    while [ -f ${LINKFILE} ]
+    do
+	if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
+	then
+	    echo "NOTE: Skipping duplicate file ${1}" >&2
+	    return 1
+	fi	
+
+	SUFFIX=$(( ${SUFFIX} + 1 ))
+	LINKFILE=${HASH}.${TAG}${SUFFIX}
+    done
+
+    echo "${1} => ${LINKFILE}"
+
+    # assume any system with a POSIX shell will either support symlinks or
+    # do something to handle this gracefully
+    ln -s ${1} ${LINKFILE}
+
+    return 0
+}
+
+
+# hash_dir create hash links in a given directory
+hash_dir()
+{
+    echo "Doing ${1}"
+
+    cd ${1}
+
+    ls -1 * 2>/dev/null | while read FILE
+    do
+        if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
+	    	&& [ -h "${FILE}" ]
+        then
+            rm ${FILE}
+        fi
+    done
+
+    ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
+    do
+	check_file ${FILE}
+        local FILE_TYPE=${?}
+	local TYPE_STR=''
+
+        if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
+        then
+            TYPE_STR='x509'
+        elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
+        then
+            TYPE_STR='crl'
+        else
+            echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
+	    continue
+        fi
+
+	link_hash ${FILE} ${TYPE_STR}
+    done
+}
+
+
+# choose the name of an ssl application
+if [ -n "${OPENSSL}" ]
+then
+    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
+else
+    SSL_CMD=/usr/bin/openssl
+    OPENSSL=${SSL_CMD}
+    export OPENSSL
+fi
+
+# fix paths
+PATH=${PATH}:${DIR}/bin
+export PATH
+
+# confirm existance/executability of ssl command
+if ! [ -x ${SSL_CMD} ]
+then
+    echo "${0}: rehashing skipped ('openssl' program not available)" >&2
+    exit 0
+fi
+
+# determine which directories to process
+old_IFS=$IFS
+if [ ${#} -gt 0 ]
+then
+    IFS=':'
+    DIRLIST=${*}
+elif [ -n "${SSL_CERT_DIR}" ]
+then
+    DIRLIST=$SSL_CERT_DIR
+else
+    DIRLIST=${DIR}/certs
+fi
+
+IFS=':'
+
+# process directories
+for CERT_DIR in ${DIRLIST}
+do
+    if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
+    then
+        IFS=$old_IFS
+        hash_dir ${CERT_DIR}
+        IFS=':'
+    fi
+done
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
new file mode 100644
index 0000000..065b9b1
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
@@ -0,0 +1,34 @@
+From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Mon, 19 Sep 2016 22:06:28 -0700
+Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC
+
+Fixed when building on Debian-testing:
+| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
+
+The find.pl is added by oe-core, so once openssl/find.pl is removed,
+then this patch can be dropped.
+
+Upstream-Status: Inappropriate [OE-Specific]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ util/perlpath.pl | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/util/perlpath.pl b/util/perlpath.pl
+index a1f236b..5599892 100755
+--- a/util/perlpath.pl
++++ b/util/perlpath.pl
+@@ -4,6 +4,8 @@
+ # line in all scripts that rely on perl.
+ #
+ 
++BEGIN { unshift @INC, "."; }
++
+ require "find.pl";
+ 
+ $#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
+-- 
+2.9.0
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
index cbce32c..0f08a64 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
@@ -2,10 +2,10 @@
 
 Received from H J Liu @ Intel
 Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
+Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
 
 ported the patch to the 1.0.0e version
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
+Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
 Index: openssl-1.0.2/crypto/bn/bn.h
 ===================================================================
 --- openssl-1.0.2.orig/crypto/bn/bn.h
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch
index b6c2c14..f3f4c99 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl/parallel.patch
@@ -6,6 +6,9 @@
 Upstream-Status: Pending
 Signed-off-by: Ross Burton <ross.burton@intel.com>
 
+Refreshed for 1.0.2i
+Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
+
 --- openssl-1.0.2g/crypto/Makefile
 +++ openssl-1.0.2g/crypto/Makefile
 @@ -85,11 +85,11 @@
@@ -133,7 +136,7 @@
  		fi; \
 --- openssl-1.0.2g/test/Makefile
 +++ openssl-1.0.2g/test/Makefile
-@@ -139,7 +139,7 @@
+@@ -144,7 +144,7 @@
  tags:
  	ctags $(SRC)
  
@@ -142,7 +145,7 @@
  
  apps:
  	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -421,130 +421,130 @@
+@@ -438,136 +438,136 @@
  		link_app.$${shlib_target}
  
  $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@@ -309,13 +312,21 @@
 -	@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
 +	+@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
  
+ $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
+-	@target=$(BADDTLSTEST) $(BUILD_CMD)
++	+@target=$(BADDTLSTEST) $(BUILD_CMD)
+ 
  $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
 -	@target=$(SSLV2CONFTEST) $(BUILD_CMD)
 +	+@target=$(SSLV2CONFTEST) $(BUILD_CMD)
  
+ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+-	@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
++	+@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+ 
  #$(AESTEST).o: $(AESTEST).c
  #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -557,7 +557,7 @@
+@@ -580,6 +580,6 @@
  #	fi
  
  dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
similarity index 89%
rename from import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
rename to import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
index 290f129..257e3cf 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2g.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
@@ -13,6 +13,7 @@
 
 SRC_URI += "file://find.pl;subdir=${BP}/util/ \
             file://run-ptest \
+            file://openssl-c_rehash.sh \
             file://configure-targets.patch \
             file://shared-libs.patch \
             file://oe-ldflags.patch \
@@ -34,15 +35,14 @@
             file://openssl-fix-des.pod-error.patch \
             file://Makefiles-ptest.patch \
             file://ptest-deps.patch \
-            file://crypto_use_bigint_in_x86-64_perl.patch \
             file://openssl-1.0.2a-x32-asm.patch \
             file://ptest_makefile_deps.patch  \
             file://configure-musl-target.patch \
             file://parallel.patch \
+            file://openssl-util-perlpath.pl-cwd.patch \
            "
-
-SRC_URI[md5sum] = "f3c710c045cdee5fd114feb69feba7aa"
-SRC_URI[sha256sum] = "b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33"
+SRC_URI[md5sum] = "96322138f0b69e61b7212bc53d5e912b"
+SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"
 
 PACKAGES =+ "${PN}-engines"
 FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ppp-fix-building-with-linux-4.8.patch b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ppp-fix-building-with-linux-4.8.patch
new file mode 100644
index 0000000..f77b0de
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp/ppp-fix-building-with-linux-4.8.patch
@@ -0,0 +1,44 @@
+From 3da19af53e2eee2e77b456cfbb9d633b06656d38 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Thu, 13 Oct 2016 13:41:43 +0800
+Subject: [PATCH] ppp: fix building with linux-4.8
+
+Fix a build error when using the linux-4.8 headers that results in:
+
+In file included from pppoe.h:87:0,
+                 from plugin.c:29:
+../usr/include/netinet/in.h:211:8: note: originally defined here
+ struct in6_addr
+        ^~~~~~~~
+In file included from ../usr/include/linux/if_pppol2tp.h:20:0,
+                 from ../usr/include/linux/if_pppox.h:26,
+                 from plugin.c:52:
+../usr/include/linux/in6.h:49:8: error: redefinition of 'struct sockaddr_in6'
+ struct sockaddr_in6 {
+        ^~~~~~~~~~~~
+
+Upstream-Status: Submitted [1]
+
+[1] https://github.com/paulusmack/ppp/pull/69
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ pppd/plugins/rp-pppoe/pppoe.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
+index 9ab2eee..96d2794 100644
+--- a/pppd/plugins/rp-pppoe/pppoe.h
++++ b/pppd/plugins/rp-pppoe/pppoe.h
+@@ -84,7 +84,7 @@ typedef unsigned long UINT32_t;
+ #include <linux/if_ether.h>
+ #endif
+ 
+-#include <netinet/in.h>
++#include <linux/in.h>
+ 
+ #ifdef HAVE_NETINET_IF_ETHER_H
+ #include <sys/types.h>
+-- 
+2.8.3
+
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
index 4437b5c..56dbd98 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
@@ -30,6 +30,7 @@
            file://0001-ppp-Fix-compilation-errors-in-Makefile.patch \
            file://ppp@.service \
            file://fix-CVE-2015-3310.patch \
+           file://ppp-fix-building-with-linux-4.8.patch \
 "
 
 SRC_URI_append_libc-musl = "\
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf_1.78.bb b/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb
similarity index 90%
rename from import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf_1.78.bb
rename to import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb
index f4c5851..8550177 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf_1.78.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb
@@ -11,13 +11,13 @@
 HOMEPAGE = "http://packages.debian.org/resolvconf"
 RDEPENDS_${PN} = "bash"
 
-SRC_URI = "http://snapshot.debian.org/archive/debian/20150828T220730Z/pool/main/r/${BPN}/${BPN}_1.78.tar.xz \
+SRC_URI = "http://snapshot.debian.org/archive/debian/20160520T044340Z/pool/main/r/${BPN}/${BPN}_1.79.tar.xz \
            file://fix-path-for-busybox.patch \
            file://99_resolvconf \
           "
 
-SRC_URI[md5sum] = "373a9f9544c84aa477a7425ae773b8b5"
-SRC_URI[sha256sum] = "961b22e8fcf0c7de7e90a050323e6fa221bc8b25a5348c160be3506f7e73a7a3"
+SRC_URI[md5sum] = "aab2382020fc518f06a06e924c56d300"
+SRC_URI[sha256sum] = "8e2843cd4162b706f0481b3c281657728cbc2822e50a64fff79b79bd8aa870a0"
 
 # the package is taken from snapshots.debian.org; that source is static and goes stale
 # so we check the latest upstream from a directory that does get updated
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat_1.7.3.1.bb b/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat_1.7.3.1.bb
index 6da9a17..4da6d39 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat_1.7.3.1.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/socat/socat_1.7.3.1.bb
@@ -25,9 +25,7 @@
 
 EXTRA_AUTORECONF += "--exclude=autoheader"
 
-EXTRA_OECONF += "ac_cv_have_z_modifier=yes sc_cv_sys_crdly_shift=9 \
-        sc_cv_sys_tabdly_shift=11 sc_cv_sys_csize_shift=4 \
-        ac_cv_ispeed_offset=13 \
+EXTRA_OECONF += "ac_cv_have_z_modifier=yes \
         ac_cv_header_bsd_libutil_h=no \
 "
 
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
new file mode 100644
index 0000000..dd7d5f7
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
@@ -0,0 +1,55 @@
+From 73e4abb24a936014727924d8b0b2965edfc117dd Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Fri, 4 Mar 2016 18:46:41 +0200
+Subject: [PATCH 1/3] Reject psk parameter set with invalid passphrase
+ character
+
+WPA/WPA2-Personal passphrase is not allowed to include control
+characters. Reject a passphrase configuration attempt if that passphrase
+includes an invalid passphrase.
+
+This fixes an issue where wpa_supplicant could have updated the
+configuration file psk parameter with arbitrary data from the control
+interface or D-Bus interface. While those interfaces are supposed to be
+accessible only for trusted users/applications, it may be possible that
+an untrusted user has access to a management software component that
+does not validate the passphrase value before passing it to
+wpa_supplicant.
+
+This could allow such an untrusted user to inject up to 63 characters of
+almost arbitrary data into the configuration file. Such configuration
+file could result in wpa_supplicant trying to load a library (e.g.,
+opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
+load_dynamic_eap) from user controlled location when starting again.
+This would allow code from that library to be executed under the
+wpa_supplicant process privileges.
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-4477
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
+---
+ wpa_supplicant/config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index b1c7870..fdd9643 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -478,6 +478,12 @@ static int wpa_config_parse_psk(const struct parse_data *data,
+ 		}
+ 		wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)",
+ 				      (u8 *) value, len);
++		if (has_ctrl_char((u8 *) value, len)) {
++			wpa_printf(MSG_ERROR,
++				   "Line %d: Invalid passphrase character",
++				   line);
++			return -1;
++		}
+ 		if (ssid->passphrase && os_strlen(ssid->passphrase) == len &&
+ 		    os_memcmp(ssid->passphrase, value, len) == 0) {
+ 			/* No change to the previously configured value */
+-- 
+1.9.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
new file mode 100644
index 0000000..db222e4
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
@@ -0,0 +1,86 @@
+From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Fri, 4 Mar 2016 17:20:18 +0200
+Subject: [PATCH 1/2] WPS: Reject a Credential with invalid passphrase
+
+WPA/WPA2-Personal passphrase is not allowed to include control
+characters. Reject a Credential received from a WPS Registrar both as
+STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
+WPA2PSK authentication type and includes an invalid passphrase.
+
+This fixes an issue where hostapd or wpa_supplicant could have updated
+the configuration file PSK/passphrase parameter with arbitrary data from
+an external device (Registrar) that may not be fully trusted. Should
+such data include a newline character, the resulting configuration file
+could become invalid and fail to be parsed.
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-4476
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
+---
+ src/utils/common.c         | 12 ++++++++++++
+ src/utils/common.h         |  1 +
+ src/wps/wps_attr_process.c | 10 ++++++++++
+ 3 files changed, 23 insertions(+)
+
+diff --git a/src/utils/common.c b/src/utils/common.c
+index 450e2c6..27b7c02 100644
+--- a/src/utils/common.c
++++ b/src/utils/common.c
+@@ -697,6 +697,18 @@ int is_hex(const u8 *data, size_t len)
+ }
+ 
+ 
++int has_ctrl_char(const u8 *data, size_t len)
++{
++	size_t i;
++
++	for (i = 0; i < len; i++) {
++		if (data[i] < 32 || data[i] == 127)
++			return 1;
++	}
++	return 0;
++}
++
++
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ 			 const u8 *src1, size_t src1_len,
+ 			 const u8 *src2, size_t src2_len)
+diff --git a/src/utils/common.h b/src/utils/common.h
+index 701dbb2..a972240 100644
+--- a/src/utils/common.h
++++ b/src/utils/common.h
+@@ -488,6 +488,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
+ 
+ char * wpa_config_parse_string(const char *value, size_t *len);
+ int is_hex(const u8 *data, size_t len);
++int has_ctrl_char(const u8 *data, size_t len);
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ 			 const u8 *src1, size_t src1_len,
+ 			 const u8 *src2, size_t src2_len);
+diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
+index eadb22f..e8c4579 100644
+--- a/src/wps/wps_attr_process.c
++++ b/src/wps/wps_attr_process.c
+@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred)
+ 		cred->key_len--;
+ #endif /* CONFIG_WPS_STRICT */
+ 	}
++
++
++	if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
++	    (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
++		wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
++		wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
++				      cred->key, cred->key_len);
++		return -1;
++	}
++
+ 	return 0;
+ }
+ 
+--
+1.9.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch
new file mode 100644
index 0000000..cad7425
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch
@@ -0,0 +1,66 @@
+From b166cd84a77a6717be9600bf95378a0055d6f5a5 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Tue, 5 Apr 2016 23:33:10 +0300
+Subject: [PATCH 2/3] Reject SET_CRED commands with newline characters in the
+ string values
+
+Most of the cred block parameters are written as strings without
+filtering and if there is an embedded newline character in the value,
+unexpected configuration file data might be written.
+
+This fixes an issue where wpa_supplicant could have updated the
+configuration file cred parameter with arbitrary data from the control
+interface or D-Bus interface. While those interfaces are supposed to be
+accessible only for trusted users/applications, it may be possible that
+an untrusted user has access to a management software component that
+does not validate the credential value before passing it to
+wpa_supplicant.
+
+This could allow such an untrusted user to inject almost arbitrary data
+into the configuration file. Such configuration file could result in
+wpa_supplicant trying to load a library (e.g., opensc_engine_path,
+pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
+controlled location when starting again. This would allow code from that
+library to be executed under the wpa_supplicant process privileges.
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-4477
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
+---
+ wpa_supplicant/config.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index eb97cd5..69152ef 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -2896,6 +2896,8 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
+ 
+ 	if (os_strcmp(var, "password") == 0 &&
+ 	    os_strncmp(value, "ext:", 4) == 0) {
++		if (has_newline(value))
++			return -1;
+ 		str_clear_free(cred->password);
+ 		cred->password = os_strdup(value);
+ 		cred->ext_password = 1;
+@@ -2946,9 +2948,14 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
+ 	}
+ 
+ 	val = wpa_config_parse_string(value, &len);
+-	if (val == NULL) {
++	if (val == NULL ||
++	    (os_strcmp(var, "excluded_ssid") != 0 &&
++	     os_strcmp(var, "roaming_consortium") != 0 &&
++	     os_strcmp(var, "required_roaming_consortium") != 0 &&
++	     has_newline(val))) {
+ 		wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string "
+ 			   "value '%s'.", line, var, value);
++		os_free(val);
+ 		return -1;
+ 	}
+ 
+-- 
+1.9.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch
new file mode 100644
index 0000000..cc7b01a
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch
@@ -0,0 +1,86 @@
+From 0fe5a234240a108b294a87174ad197f6b5cb38e9 Mon Sep 17 00:00:00 2001
+From: Paul Stewart <pstew@google.com>
+Date: Thu, 3 Mar 2016 15:40:19 -0800
+Subject: [PATCH 2/2] Remove newlines from wpa_supplicant config network
+ output
+
+Spurious newlines output while writing the config file can corrupt the
+wpa_supplicant configuration. Avoid writing these for the network block
+parameters. This is a generic filter that cover cases that may not have
+been explicitly addressed with a more specific commit to avoid control
+characters in the psk parameter.
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-4476
+
+Signed-off-by: Paul Stewart <pstew@google.com>
+Signed-off-by: Zhixiong Chi <Zhixiong.Chi.wrs.com>
+---
+ src/utils/common.c      | 11 +++++++++++
+ src/utils/common.h      |  1 +
+ wpa_supplicant/config.c | 15 +++++++++++++--
+ 3 files changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/src/utils/common.c b/src/utils/common.c
+index 27b7c02..9856463 100644
+--- a/src/utils/common.c
++++ b/src/utils/common.c
+@@ -709,6 +709,17 @@ int has_ctrl_char(const u8 *data, size_t len)
+ }
+ 
+ 
++int has_newline(const char *str)
++{
++	while (*str) {
++		if (*str == '\n' || *str == '\r')
++			return 1;
++		str++;
++	}
++	return 0;
++}
++
++
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ 			 const u8 *src1, size_t src1_len,
+ 			 const u8 *src2, size_t src2_len)
+diff --git a/src/utils/common.h b/src/utils/common.h
+index a972240..d19927b 100644
+--- a/src/utils/common.h
++++ b/src/utils/common.h
+@@ -489,6 +489,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
+ char * wpa_config_parse_string(const char *value, size_t *len);
+ int is_hex(const u8 *data, size_t len);
+ int has_ctrl_char(const u8 *data, size_t len);
++int has_newline(const char *str);
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ 			 const u8 *src1, size_t src1_len,
+ 			 const u8 *src2, size_t src2_len);
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index fdd9643..eb97cd5 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -2699,8 +2699,19 @@ char * wpa_config_get(struct wpa_ssid *ssid, const char *var)
+ 
+ 	for (i = 0; i < NUM_SSID_FIELDS; i++) {
+ 		const struct parse_data *field = &ssid_fields[i];
+-		if (os_strcmp(var, field->name) == 0)
+-			return field->writer(field, ssid);
++		if (os_strcmp(var, field->name) == 0) {
++			char *ret = field->writer(field, ssid);
++
++			if (ret && has_newline(ret)) {
++				wpa_printf(MSG_ERROR,
++					   "Found newline in value for %s; not returning it",
++					   var);
++				os_free(ret);
++				ret = NULL;
++			}
++
++			return ret;
++		}
+ 	}
+ 
+ 	return NULL;
+--
+1.9.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch
new file mode 100644
index 0000000..5375db7
--- /dev/null
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch
@@ -0,0 +1,54 @@
+From 2a3f56502b52375c3bf113cf92adfa99bad6b488 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Tue, 5 Apr 2016 23:55:48 +0300
+Subject: [PATCH 3/3] Reject SET commands with newline characters in the
+ string values
+
+Many of the global configuration parameters are written as strings
+without filtering and if there is an embedded newline character in the
+value, unexpected configuration file data might be written.
+
+This fixes an issue where wpa_supplicant could have updated the
+configuration file global parameter with arbitrary data from the control
+interface or D-Bus interface. While those interfaces are supposed to be
+accessible only for trusted users/applications, it may be possible that
+an untrusted user has access to a management software component that
+does not validate the value of a parameter before passing it to
+wpa_supplicant.
+
+This could allow such an untrusted user to inject almost arbitrary data
+into the configuration file. Such configuration file could result in
+wpa_supplicant trying to load a library (e.g., opensc_engine_path,
+pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
+controlled location when starting again. This would allow code from that
+library to be executed under the wpa_supplicant process privileges.
+
+Upstream-Status: Backport
+
+CVE: CVE-2016-4477
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
+---
+ wpa_supplicant/config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index 69152ef..d9a1603 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -3764,6 +3764,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data,
+ 		return -1;
+ 	}
+ 
++	if (has_newline(pos)) {
++		wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline",
++			   line, data->name);
++		return -1;
++	}
++
+ 	tmp = os_strdup(pos);
+ 	if (tmp == NULL)
+ 		return -1;
+-- 
+1.9.1
diff --git a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.5.bb b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.5.bb
index 935c8af..a4160e1 100644
--- a/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.5.bb
+++ b/import-layers/yocto-poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.5.bb
@@ -24,6 +24,11 @@
            file://wpa_supplicant.conf \
            file://wpa_supplicant.conf-sane \
            file://99_wpa_supplicant \
+           file://0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch \
+           file://0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch \
+           file://0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch \
+           file://0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch \
+           file://0003-Reject-SET-commands-with-newline-characters-in-the-s.patch \
           "
 SRC_URI[md5sum] = "96ff75c3a514f1f324560a2376f13110"
 SRC_URI[sha256sum] = "cce55bae483b364eae55c35ba567c279be442ed8bab5b80a3c7fb0d057b9b316"