diff --git a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
index d8cd06f..4a99b5a 100644
--- a/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
+++ b/meta-security/recipes-security/ecryptfs-utils/ecryptfs-utils_111.bb
@@ -16,6 +16,7 @@
     file://ecryptfs-utils-CVE-2016-6224.patch \
     file://0001-avoid-race-condition.patch \
     file://ecryptfs.service \
+    file://define_musl_sword_type.patch \
     "
 
 SRC_URI[md5sum] = "83513228984f671930752c3518cac6fd"
diff --git a/meta-security/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch b/meta-security/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch
new file mode 100644
index 0000000..3b29be0
--- /dev/null
+++ b/meta-security/recipes-security/ecryptfs-utils/files/define_musl_sword_type.patch
@@ -0,0 +1,15 @@
+Index: ecryptfs-utils-111/src/utils/mount.ecryptfs_private.c
+===================================================================
+--- ecryptfs-utils-111.orig/src/utils/mount.ecryptfs_private.c
++++ ecryptfs-utils-111/src/utils/mount.ecryptfs_private.c
+@@ -45,6 +45,10 @@
+ #include <values.h>
+ #include "../include/ecryptfs.h"
+ 
++#ifndef __SWORD_TYPE
++typedef __typeof__( ((struct statfs *)0)->f_type )	__SWORD_TYPE;
++#endif
++
+ /* Perhaps a future version of this program will allow these to be configurable
+  * by the system administrator (or user?) at run time.  For now, these are set
+  * to reasonable values to reduce the burden of input validation.
diff --git a/meta-security/recipes-security/libest/libest_3.2.0.bb b/meta-security/recipes-security/libest/libest_3.2.0.bb
new file mode 100644
index 0000000..f993bd6
--- /dev/null
+++ b/meta-security/recipes-security/libest/libest_3.2.0.bb
@@ -0,0 +1,27 @@
+SUMMARY = "EST is used for secure certificate  \
+enrollment and is compatible with Suite B certs (as well as RSA \
+and DSA certificates)"
+
+LICENSE = "OpenSSL"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ecb78acde8e3b795de8ef6b61aed5885"
+
+SRCREV = "4ca02c6d7540f2b1bcea278a4fbe373daac7103b"
+SRC_URI = "git://github.com/cisco/libest"
+
+DEPENDS = "openssl"
+
+#fatal error: execinfo.h: No such file or directory
+DEPENDS_append_libc-musl = " libexecinfo"
+
+inherit autotools-brokensep
+
+EXTRA_OECONF = "--disable-pthreads --with-ssl-dir=${STAGING_LIBDIR}"
+
+CFLAGS += "-fcommon"
+LDFLAGS_append_libc-musl = " -lexecinfo"
+
+S = "${WORKDIR}/git"
+
+PACKAGES = "${PN} ${PN}-dbg ${PN}-dev"
+
+FILES_${PN} = "${bindir}/* ${libdir}/libest-3.2.0p.so"
diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
index 35365d5..0cf2d70 100644
--- a/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
+++ b/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
@@ -45,4 +45,4 @@
 FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
 FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
 
-RDEPENDS_${PN}-ptest = "bash"
+RDEPENDS_${PN}-ptest = "coreutils bash"
diff --git a/meta-security/recipes-security/opendnssec/files/fix_fprint.patch b/meta-security/recipes-security/opendnssec/files/fix_fprint.patch
new file mode 100644
index 0000000..da0bcfe
--- /dev/null
+++ b/meta-security/recipes-security/opendnssec/files/fix_fprint.patch
@@ -0,0 +1,25 @@
+format not a string literal and no format arguments
+
+missing module_str in call
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+../../../git/enforcer/src/keystate/keystate_ds.c:192:7: error: format not a string literal and no format arguments [-Werror=format-security]
+|   192 |       ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds);
+|       |       ^~~~~~~~~~~~~~~~~~~~~~~~
+
+
+Index: git/enforcer/src/keystate/keystate_ds.c
+===================================================================
+--- git.orig/enforcer/src/keystate/keystate_ds.c
++++ git/enforcer/src/keystate/keystate_ds.c
+@@ -189,7 +189,7 @@ exec_dnskey_by_id(int sockfd, struct dbw
+ 						status = 0;
+ 					}
+ 					else {
+-						ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds);
++						ods_log_error_and_printf(sockfd, module_str, "Failed to run %s", cp_ds);
+                                                 status = 7;
+ 					}
+ 				}
diff --git a/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch b/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch
new file mode 100644
index 0000000..126e197
--- /dev/null
+++ b/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch
@@ -0,0 +1,217 @@
+Configure does not work with OE pkg-config for the ldns option
+
+Upstream-Status: OE specific
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: opendnssec-2.1.6/m4/acx_ldns.m4
+===================================================================
+--- opendnssec-2.1.6.orig/m4/acx_ldns.m4
++++ opendnssec-2.1.6/m4/acx_ldns.m4
+@@ -1,128 +1,65 @@
+-AC_DEFUN([ACX_LDNS],[
+-	AC_ARG_WITH(ldns, 
+-		[AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
+-        	[
+-			LDNS_PATH="$withval"
+-			AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
+-		],[
+-			LDNS_PATH="/usr/local"
+-			AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $PATH)
+-		])
+-
+-	if test -x "$LDNS_CONFIG"
+-	then
+-		AC_MSG_CHECKING(what are the ldns includes)
+-		LDNS_INCLUDES="`$LDNS_CONFIG --cflags`"
+-		AC_MSG_RESULT($LDNS_INCLUDES)
+-
+-		AC_MSG_CHECKING(what are the ldns libs)
+-		LDNS_LIBS="`$LDNS_CONFIG --libs`"
+-		AC_MSG_RESULT($LDNS_LIBS)
+-	else
+-		AC_MSG_CHECKING(what are the ldns includes)
+-		LDNS_INCLUDES="-I$LDNS_PATH/include"
+-		AC_MSG_RESULT($LDNS_INCLUDES)
+-
+-		AC_MSG_CHECKING(what are the ldns libs)
+-		LDNS_LIBS="-L$LDNS_PATH/lib -lldns"
+-		AC_MSG_RESULT($LDNS_LIBS)
+-	fi
+-
+-	tmp_CPPFLAGS=$CPPFLAGS
+-	tmp_LIBS=$LIBS
+-
+-	CPPFLAGS="$CPPFLAGS $LDNS_INCLUDES"
+-	LIBS="$LIBS $LDNS_LIBS"
+-
+-	AC_CHECK_LIB(ldns, ldns_rr_new,,[AC_MSG_ERROR([Can't find ldns library])])
+-	LIBS=$tmp_LIBS
+-
+-	AC_MSG_CHECKING([for ldns version])
+-	CHECK_LDNS_VERSION=m4_format(0x%02x%02x%02x, $1, $2, $3)
+-	AC_LANG_PUSH([C])
+-	AC_RUN_IFELSE([
+-		AC_LANG_SOURCE([[
+-			#include <ldns/ldns.h>
+-			int main()
+-			{
+-			#ifdef LDNS_REVISION
+-				if (LDNS_REVISION >= $CHECK_LDNS_VERSION)
+-					return 0;
+-			#endif
+-				return 1;
+-			}
+-		]])
+-	],[
+-		AC_MSG_RESULT([>= $1.$2.$3])
+-	],[
+-		AC_MSG_RESULT([< $1.$2.$3])
+-		AC_MSG_ERROR([ldns library too old ($1.$2.$3 or later required)])
+-	],[])
+-	AC_LANG_POP([C])
++#serial 11
+ 
+-	CPPFLAGS=$tmp_CPPFLAGS
+-
+-	AC_SUBST(LDNS_INCLUDES)
+-	AC_SUBST(LDNS_LIBS)
+-])
+-
+-
+-AC_DEFUN([ACX_LDNS_NOT],[
+-	AC_ARG_WITH(ldns, 
+-		[AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
+-        	[
+-			LDNS_PATH="$withval"
+-			AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
+-		],[
+-			LDNS_PATH="/usr/local"
+-			AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $PATH)
+-		])
+-
+-	if test -x "$LDNS_CONFIG"
+-	then
+-		AC_MSG_CHECKING(what are the ldns includes)
+-		LDNS_INCLUDES="`$LDNS_CONFIG --cflags`"
+-		AC_MSG_RESULT($LDNS_INCLUDES)
+-
+-		AC_MSG_CHECKING(what are the ldns libs)
+-		LDNS_LIBS="`$LDNS_CONFIG --libs`"
+-		AC_MSG_RESULT($LDNS_LIBS)
+-	else
+-		AC_MSG_CHECKING(what are the ldns includes)
+-		LDNS_INCLUDES="-I$LDNS_PATH/include"
+-		AC_MSG_RESULT($LDNS_INCLUDES)
+-
+-		AC_MSG_CHECKING(what are the ldns libs)
+-		LDNS_LIBS="-L$LDNS_PATH/lib -lldns"
+-		AC_MSG_RESULT($LDNS_LIBS)
+-	fi
+-
+-	tmp_CPPFLAGS=$CPPFLAGS
+-
+-	CPPFLAGS="$CPPFLAGS $LDNS_INCLUDES"
+-
+-	AC_MSG_CHECKING([for ldns version not $1.$2.$3])
+-	CHECK_LDNS_VERSION=m4_format(0x%02x%02x%02x, $1, $2, $3)
+-	AC_LANG_PUSH([C])
+-	AC_RUN_IFELSE([
+-	AC_LANG_SOURCE([[
+-		#include <ldns/ldns.h>
+-		int main()
+-		{
+-		#ifdef LDNS_REVISION
+-			if (LDNS_REVISION != $CHECK_LDNS_VERSION)
+-				return 0;
+-		#endif
+-			return 1;
+-		}
+-		]])
+-	],[
+-		AC_MSG_RESULT([ok])
+-	],[
+-		AC_MSG_RESULT([no])
+-		AC_MSG_ERROR([ldns version $1.$2.$3 is not compatible due to $4])
+-	],[])
+-	AC_LANG_POP([C])
+-
+-	CPPFLAGS=$tmp_CPPFLAGS
++AU_ALIAS([CHECK_LDNS], [ACX_LDNS])
++AC_DEFUN([ACX_LDNS], [
++    found=false
++    AC_ARG_WITH([ldns],
++        [AS_HELP_STRING([--with-ldns=DIR],
++            [root of the lnds directory])],
++        [
++            case "$withval" in
++            "" | y | ye | yes | n | no)
++            AC_MSG_ERROR([Invalid --with-lnds value])
++              ;;
++            *) ldnsdirs="$withval"
++              ;;
++            esac
++        ], [
++            # if pkg-config is installed and lnds has installed a .pc file,
++            # then use that information and don't search ldnsdirs
++            AC_CHECK_TOOL([PKG_CONFIG], [pkg-config])
++            if test x"$PKG_CONFIG" != x""; then
++                OPENSSL_LDFLAGS=`$PKG_CONFIG ldns --libs-only-L 2>/dev/null`
++                if test $? = 0; then
++                    LDNS_LIBS=`$PKG_CONFIG ldns --libs-only-l 2>/dev/null`
++                    LDNS_INCLUDES=`$PKG_CONFIG ldns --cflags-only-I 2>/dev/null`
++                    found=true
++                fi
++            fi
++
++            # no such luck; use some default ldnsdirs
++            if ! $found; then
++                ldnsdirs="/usr/local/ldns /usr/lib/ldns /usr/ldns  /usr/local /usr"
++            fi
++        ]
++        )
++
++
++    if ! $found; then
++        LDNS_INCLUDES=
++        for ldnsdir in $ldnsdirs; do
++            AC_MSG_CHECKING([for LDNS in $ldnsdir])
++            if test -f "$ldnsdir/include/ldns/dnssec.h"; then
++                LDNS_INCLUDES="-I$ldnsdir/include"
++                LDNS_LDFLAGS="-L$ldnsdir/lib"
++                LDNS_LIBS="-lldns"
++                found=true
++                AC_MSG_RESULT([yes])
++                break
++            else
++                AC_MSG_RESULT([no])
++            fi
++        done
++
++        # if the file wasn't found, well, go ahead and try the link anyway -- maybe
++        # it will just work!
++    fi
++
++    LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
++    LIBS="$LDNS_LIBS $LIBS"
++    CPPFLAGS="$LDNS_INCLUDES $CPPFLAGS"
++
++    AC_SUBST([LDNS_INCLUDES])
++    AC_SUBST([LDNS_LIBS])
++    AC_SUBST([LDNS_LDFLAGS])
+ ])
+Index: opendnssec-2.1.6/configure.ac
+===================================================================
+--- opendnssec-2.1.6.orig/configure.ac
++++ opendnssec-2.1.6/configure.ac
+@@ -138,9 +138,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_
+ 
+ # common dependencies
+ ACX_LIBXML2
+-ACX_LDNS(1,6,17)
+-ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html])
+-ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html])
++ACX_LDNS(1.6.17)
+ ACX_PKCS11_MODULES
+ ACX_RT
+ ACX_LIBC
diff --git a/meta-security/recipes-security/opendnssec/files/libxml2_conf.patch b/meta-security/recipes-security/opendnssec/files/libxml2_conf.patch
new file mode 100644
index 0000000..b4ed430
--- /dev/null
+++ b/meta-security/recipes-security/opendnssec/files/libxml2_conf.patch
@@ -0,0 +1,112 @@
+configure does not work with OE pkg-config for the libxml2 option
+
+Upstream-Status: OE specific
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: opendnssec-2.1.6/m4/acx_libxml2.m4
+===================================================================
+--- opendnssec-2.1.6.orig/m4/acx_libxml2.m4
++++ opendnssec-2.1.6/m4/acx_libxml2.m4
+@@ -1,37 +1,67 @@
++#serial 11
++AU_ALIAS([CHECK_XML2], [ACX_LIBXML2])
+ AC_DEFUN([ACX_LIBXML2],[
+-	AC_ARG_WITH(libxml2,
+-		[AS_HELP_STRING([--with-libxml2=DIR],[look for libxml2 in this dir])],
+-        	[
+-			XML2_PATH="$withval"
+-			AC_PATH_PROGS(XML2_CONFIG, xml2-config, xml2-config, $XML2_PATH/bin)
+-		],[
+-			XML2_PATH="/usr/local"
+-			AC_PATH_PROGS(XML2_CONFIG, xml2-config, xml2-config, $PATH)
+-		])
+-	if test -x "$XML2_CONFIG"
+-	then
+-		AC_MSG_CHECKING(what are the xml2 includes)
+-		XML2_INCLUDES="`$XML2_CONFIG --cflags`"
+-		AC_MSG_RESULT($XML2_INCLUDES)
+-
+-		AC_MSG_CHECKING(what are the xml2 libs)
+-		XML2_LIBS="`$XML2_CONFIG --libs`"
+-		AC_MSG_RESULT($XML2_LIBS)
+-
+-		tmp_CPPFLAGS=$CPPFLAGS
+-		tmp_LIBS=$LIBS
+-
+-		CPPFLAGS="$CPPFLAGS $XML2_INCLUDES"
+-		LIBS="$LIBS $XML2_LIBS"
+-
+-		AC_CHECK_LIB(xml2, xmlDocGetRootElement,,[AC_MSG_ERROR([Can't find libxml2 library])])
+-		
+-		CPPFLAGS=$tmp_CPPFLAGS
+-		LIBS=$tmp_LIBS
+-	else
+-		AC_MSG_ERROR([libxml2 required, but not found.])
+-	fi
++    found=false
++    AC_ARG_WITH([libxml2],
++        [AS_HELP_STRING([--with-libxml2=DIR],
++            [root of the libxml directory])],
++        [
++            case "$withval" in
++            "" | y | ye | yes | n | no)
++            AC_MSG_ERROR([Invalid --with-libxml2 value])
++              ;;
++            *) xml2dirs="$withval"
++              ;;
++            esac
++        ], [
++            # if pkg-config is installed and openssl has installed a .pc file,
++            # then use that information and don't search ssldirs
++            AC_CHECK_TOOL([PKG_CONFIG], [pkg-config])
++            if test x"$PKG_CONFIG" != x""; then
++                XML2_LDFLAGS=`$PKG_CONFIG libxml-2.0 --libs-only-L 2>/dev/null`
++                if test $? = 0; then
++                    XML2_LIBS=`$PKG_CONFIG libxml-2.0 --libs-only-l 2>/dev/null`
++                    XML2_INCLUDES=`$PKG_CONFIG libxml-2.0 --cflags-only-I 2>/dev/null`
++                    found=true
++                fi
++            fi
+ 
+-	AC_SUBST(XML2_INCLUDES)
+-	AC_SUBST(XML2_LIBS)
++            # no such luck; use some default ssldirs
++            if ! $found; then
++                xml2dirs="/usr/local/libxml /usr/lib/libxml /usr/libxml /usr/pkg /usr/local /usr"
++            fi
++        ]
++        )
++
++
++    # note that we #include <libxml/tree.h>, so the libxml2 headers have to be in
++    # an 'libxml' subdirectory
++
++    if ! $found; then
++        XML2_INCLUDES=
++        for xml2dir in $xml2dirs; do
++            AC_MSG_CHECKING([for XML2 in $xml2dir])
++            if test -f "$xml2dir/include/libxml2/libxml/tree.h"; then
++                XML2_INCLUDES="-I$xml2dir/include/libxml2"
++                XML2_LDFLAGS="-L$xml2dir/lib"
++                XML2_LIBS="-lxml2"
++                found=true
++                AC_MSG_RESULT([yes])
++                break
++            else
++                AC_MSG_RESULT([no])
++            fi
++        done
++
++        # if the file wasn't found, well, go ahead and try the link anyway -- maybe
++        # it will just work!
++    fi
++
++    LDFLAGS="$LDFLAGS $XML2_LDFLAGS"
++    LIBS="$XML2_LIBS $LIBS"
++    CPPFLAGS="$XML2_INCLUDES $CPPFLAGS"
++
++    AC_SUBST(XML2_INCLUDES)
++    AC_SUBST(XML2_LIBS)
++    AC_SUBST(XML2_LDFLAGS)
+ ])
diff --git a/meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb b/meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb
new file mode 100644
index 0000000..5e42ca8
--- /dev/null
+++ b/meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb
@@ -0,0 +1,37 @@
+SUMMARY = "OpenDNSSEC is a policy-based zone signer that automates the process of keeping track of DNSSEC keys and the signing of zones"
+
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b041dbe2da80d4efd951393fbba90937"
+
+DEPENDS = "libxml2 openssl ldns libmicrohttpd jansson libyaml "
+
+SRC_URI = "git://github.com/opendnssec/opendnssec;branch=develop \
+           file://libxml2_conf.patch \
+           file://libdns_conf_fix.patch \
+           file://fix_fprint.patch \
+           "
+
+SRCREV = "5876bccb38428790e2e9afc806ca68b029879874"
+
+inherit autotools pkgconfig perlnative
+
+S = "${WORKDIR}/git"
+
+EXTRA_OECONF = " --with-libxml2=${STAGING_DIR_HOST}/usr --with-ldns=${STAGING_DIR_HOST}/usr \
+                 --with-ssl=${STAGING_DIR_HOST}/usr  "
+
+CFLAGS += "-fcommon"
+
+PACKAGECONFIG ?= "sqlite3"
+
+PACKAGECONFIG[cunit] = "--with-cunit=${STAGING_DIR_HOST}/usr, --without-cunit,"
+PACKAGECONFIG[sqlite3] = "--with-sqlite3=${STAGING_DIR_HOST}/usr, ,sqlite3, sqlite3"
+PACKAGECONFIG[mysql] = "--with-mysql=yes, , mariadb, mariadb"
+PACKAGECONFIG[readline]  = "--with-readline, --without-readline, readline"
+PACKAGECONFIG[unwind] = "--with-libunwind, --without-libunwind"
+
+do_install_append () {
+    rm -rf ${D}${localstatedir}/run
+}
+
+RDEPENDS_${PN} = "softhsm"
diff --git a/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb b/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb
new file mode 100644
index 0000000..74e837a
--- /dev/null
+++ b/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb
@@ -0,0 +1,30 @@
+SUMMARY = "SoftHSM is an implementation of a cryptographic store accessible through a PKCS #11 interface."
+HOMEPAGE = "www.opendnssec.org"
+
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210"
+
+DEPENDS = "sqlite3"
+
+SRC_URI = "https://dist.opendnssec.org/source/softhsm-2.6.1.tar.gz"
+SRC_URI[sha256sum] = "61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2"
+
+inherit autotools pkgconfig siteinfo
+
+EXTRA_OECONF += " --with-sqlite3=${STAGING_DIR_HOST}/usr"
+EXTRA_OECONF += "${@oe.utils.conditional('SITEINFO_BITS', '64', ' --enable-64bit', '', d)}"
+
+PACKAGECONFIG ?= "pk11 openssl"
+
+PACKAGECONFIG[npm] = ",--disable-non-paged-memory"
+PACKAGECONFIG[ecc] = "--enable-ecc,--disable-ecc"
+PACKAGECONFIG[gost] = "--enable-gost,--disable-gost"
+PACKAGECONFIG[eddsa] = "--enable-eddsa, --disable-eddsa"
+PACKAGECONFIG[fips] = "--enable-fips, --disable-fips"
+PACKAGECONFIG[notvisable] = "--disable-visibility"
+PACKAGECONFIG[openssl] = "--with-openssl=${STAGING_DIR_HOST}/usr --with-crypto-backend=openssl, --without-openssl, openssl, openssl"
+PACKAGECONFIG[botan] = "--with-botan=${STAGING_DIR_HOST}/usr --with-crypto-backend=botan, --without-botan, botan"
+PACKAGECONFIG[migrate] = "--with-migrate"
+PACKAGECONFIG[pk11] = "--enable-p11-kit --with-p11-kit==${STAGING_DIR_HOST}/usr, --without-p11-kit, p11-kit, p11-kit"
+
+RDEPENDS_${PN} = "sqlite3"
diff --git a/meta-security/recipes-security/sssd/files/0002-Provide-missing-defines-which-otherwise-are-availabl.patch b/meta-security/recipes-security/sssd/files/0002-Provide-missing-defines-which-otherwise-are-availabl.patch
new file mode 100644
index 0000000..1a22332
--- /dev/null
+++ b/meta-security/recipes-security/sssd/files/0002-Provide-missing-defines-which-otherwise-are-availabl.patch
@@ -0,0 +1,32 @@
+From 37a0999e5a9f54e1c61a02a7fbab6fcd04738b3c Mon Sep 17 00:00:00 2001
+From: Armin Kuster <akuster808@gmail.com>
+Date: Thu, 8 Oct 2020 05:54:13 -0700
+Subject: [PATCH] Provide missing defines which otherwise are available on
+ glibc system headers
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Upsteam-Status: Pending
+
+---
+ src/util/util.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/util/util.h b/src/util/util.h
+index 8a754dbfd..6e55b4bdc 100644
+--- a/src/util/util.h
++++ b/src/util/util.h
+@@ -76,6 +76,10 @@
+ #define MAX(a, b)  (((a) > (b)) ? (a) : (b))
+ #endif
+ 
++#ifndef ALLPERMS
++# define ALLPERMS (S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO)/* 07777 */
++#endif
++
+ #define SSSD_MAIN_OPTS SSSD_DEBUG_OPTS
+ 
+ #define SSSD_SERVER_OPTS(uid, gid) \
+-- 
+2.17.1
+
diff --git a/meta-security/recipes-security/sssd/sssd_1.16.4.bb b/meta-security/recipes-security/sssd/sssd_1.16.5.bb
similarity index 94%
rename from meta-security/recipes-security/sssd/sssd_1.16.4.bb
rename to meta-security/recipes-security/sssd/sssd_1.16.5.bb
index e54fa98..9784ec7 100644
--- a/meta-security/recipes-security/sssd/sssd_1.16.4.bb
+++ b/meta-security/recipes-security/sssd/sssd_1.16.5.bb
@@ -6,7 +6,9 @@
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
 DEPENDS = "openldap cyrus-sasl libtdb ding-libs libpam c-ares krb5 autoconf-archive"
-DEPENDS += "libldb dbus libtalloc libpcre glib-2.0 popt e2fsprogs libtevent"
+DEPENDS_append = " libldb dbus libtalloc libpcre glib-2.0 popt e2fsprogs libtevent"
+
+DEPENDS_append_libc-musl = " musl-nscd"
 
 # If no crypto has been selected, default to DEPEND on nss, since that's what
 # sssd will pick if no active choice is made during configure
@@ -19,10 +21,10 @@
            file://fix-ldblibdir.patch \
            file://0001-build-Don-t-use-AC_CHECK_FILE-when-building-manpages.patch \
            file://0001-nss-Collision-with-external-nss-symbol.patch \
+           file://0002-Provide-missing-defines-which-otherwise-are-availabl.patch \
            "
 
-SRC_URI[md5sum] = "757bbb6f15409d8d075f4f06cb678d50"
-SRC_URI[sha256sum] = "6bb212cd6b75b918e945c24e7c3f95a486fb54d7f7d489a9334cfa1a1f3bf959"
+SRC_URI[sha256sum] = "2e1a7bf036b583f686d35164f2d79bdf4857b98f51fe8b0d17aa0fa756e4d0c0"
 
 inherit autotools pkgconfig gettext python3-dir features_check systemd