poky: subtree update:7035b4b21e..a616ffebdc

Adrian Bunk (3):
      python3: Upgrade 3.7.4 -> 3.7.5
      lz4: Whitelist CVE-2014-4715
      iputils: Whitelist CVE-2000-1213 CVE-2000-1214

Alex Kube (1):
      go: Refactor patches for 1.13.3

Andreas Müller (2):
      vte: upgrade 0.56.3 -> 0.58.2
      webkitgtk: upgrade 2.26.1 -> 2.26.2

Andreas Oberritter (3):
      glibc: move ldconfig to its own package
      package.bbclass: Always include ldconfig fragment
      systemd: Add runtime dependency on new ldconfig package

André Draszik (1):
      libevent: update packaging (one package per shared library)

Anuj Mittal (1):
      libsdl2: fix race when building in parallel

Armin Kuster (13):
      oeqa/core: Add a check for MACHINE
      oeqa/core: Add qemu checks
      oeqa/manual/bsp-qemu: remove rpm tests already done in runtime
      oeqa/manual/bsp-qemu: remove KVM enabled which is already done in selftest runqemu
      oeqa/manual/bsp-qemu: drop xserver test done at runtime
      oeqa/manual/bsp-qemu: remove only_one_connmand_in_background test done at runtime
      oeqa/manual/bsp-qemu: remove postinit test done w/selftest runtime
      oeqa/manual/bsp-qemu: remove manual bash test
      oeqa/manual/bsp-qemu: remove manual useradd test
      oeqa/selftest/oescripts: move list-packageconfig-flags tests from manual to self
      oeqa/manua/oe-core: remove manual PACKAGECONFIG_FLAGS tests
      oeqa/selftest/runtime_test: add crosstab selftest
      oeqa/manual/oe-core: remove crosstab test from manual

Changhyeok Bae (1):
      iproute2: update 5.2.0 -> 5.3.0

Chee Yang Lee (1):
      wic: beautify 'wic help'

Chris Laplante via bitbake-devel (7):
      bitbake: contrib/vim: More Python indenting; move indent file to correct directory
      bitbake: contrib/vim: Special handling of bb.fatal
      bitbake: contrib/vim: don't redeclare indenter
      bitbake: contrib/vim: renaming & comments
      bitbake: contrib/vim: indenting for assignments; tweak Python indenting
      bitbake: contrib/vim: handle shell indenting
      bitbake: contrib/vim: Add copyright and license notice

Denys Dmytriyenko (1):
      buildhistory: fix "version went backwards" QA error message

Gavin Li (1):
      bitbake: prserv: fix ResourceWarning due to unclosed socket

Haris Okanovic (8):
      isoimage-isohybrid.py: Parameterize ESP label
      isoimage-isohybrid.py: Parameterize ESP partition size
      initscripts/sysfs.sh: Mount /sys/firmware/efi/efivars when possible
      gnupg: Split gpg and gpg-agent into a minimal gnupg-gpg package
      opkg: RDEPEND "gnupg-gpg" instead of "gnupg"
      gnupg/libksba/npth/pinentry: Add nativesdk to BBCLASSEXTEND
      meta/lib/oe/package_manager.py: Enable sha256 checksums in opkg indexer
      dhcp: Workaround busybox limitation in Linux dhclient-script

Ivan Efimov (1):
      bitbake: bitbake-worker child process create group before registering SIGTERM handler

Jacob Kroon (2):
      rm_work: Promote do_image_qa stamps to setscene versions
      rm_work: Simplify logic for setscene promotion

Jagadeesh Krishnanjanappa (1):
      tune-cortexa32: Fix libgcc-initial build issue for cortex-a32

Joshua Watt (4):
      oeqa: reproducible: Add option to capture bad packages
      icecc-create-env: Use OE patchelf in SDK
      mc: Fix build reproducibility
      wayland: Fix wayland-scanner build for MinGW

Khem Raj (4):
      libtirpc: Do not include bits/endian.h directly
      strace: Fix ptest build
      libnsl2: Update to latest master
      strace: Fix build found with 64bit time_t/musl

Liwei Song (1):
      buildtools-tarball: export OPENSSL_CONF for openssl

Mark Hatle (1):
      populate_sdk_ext.bbclass: Make integrated buildtools optional

Maxime Roussin-Bélanger (1):
      meta: add missing description for some recipes in graphics

Mikko Rapeli (1):
      harfbuzz: split libharfbuzz-subset.so to its own binary package

Oleksandr Kravchuk (1):
      git: update to 2.24.0

Paul Barker (1):
      scripts/native-intercept: Add chgrp intercept

Peter Kjellerstedt (3):
      sysstat: Correct our systemd unit file
      sysstat: Correct when to use the package provided systemd unit files
      bitbake: cooker: Remove a left-over comment about expanded_data

Richard Purdie (9):
      bitbake: fetch2: Ensure cached url data is matched to a datastore
      staging: Handle files moving between dependencies
      sstate: Add ability to hide summary output for sstate
      selftest/signing: Fix test_locked_signatures to use a temporary layer
      dhcp/ruby/ffpmeg: Use CFLAGS, not TARGET_CFLAGS
      bitbake: runqueue: Improve sstate rehashing output
      pseudo: Add statx support to fix fedora30 issues
      pseudo: Drop static linking to sqlite3
      sqlite3: Drop pic as we no longer need the sqlite3 static lib

Ross Burton (16):
      file: fix CVE-2019-18218
      file: remove redundant upstream check workaround
      file: run test suite when building natively
      patch: the CVE-2019-13638 fix also handles CVE-2018-20969
      libpng: whitelist CVE-2019-17371
      procps: whitelist CVE-2018-1121
      libsndfile1: whitelist CVE-2018-13419
      libpam: set CVE_PRODUCT
      libsoup: set CVE_PRODUCT
      libsoup-2.4: upgrade to 2.66.4
      insane: improve textrel warning message
      libsoup: update patch upstream status
      acpica: upgrade to 20191018
      ovmf: unify DEPENDS
      cve-check: we don't actually need to unpack to check
      cve-update-db-native: don't refresh more than once an hour

Samuli Piippo (1):
      linux-firmware: update packaging for brcm files

Scott Rifenbark (3):
      ref-manual: Completed the 3.0 migration section.
      mega-manual: Updated mega-manual Bitbake manual search path
      ref-manual: Removed blank lines from 3.0 migratrion section.

Stefan Agner (1):
      dbus: drop unused group netdev

Torbjörn Svensson (1):
      psplash: Do mount psplash tmpfs if not mounted

Trevor Gamblin (1):
      python3-misc: add python3-audio to RDEPENDS

Volker Vogelhuber (1):
      bitbake: fetch2/hg: Fix various runtime issues

Yeoh Ee Peng (4):
      scripts/resulttool/report: Enable report to use regression_map
      scripts/resulttool/report: Enable output raw test results
      scripts/resulttool/report: Add total statistic to test result.
      resulttool/store.py: Enable add extra test environment data

Yongxin Liu (2):
      systemd: Fix invalid argument of pstore log entry
      ltp: Add "udevadm trigger" before swap verification in mkswap01.sh

Zang Ruochen (8):
      ruby:upgrade 2.6.4 -> 2.6.5
      ethtool:upgrade 5.2 -> 5.3
      libdrm:upgrade 2.4.99 -> 2.4.100
      libcheck:upgrade 0.12.0 -> 0.13.0
      curl:upgrade 7.66.0 -> 7.67.0
      libinput:upgrade 1.14.1 -> 1.14.3
      python3-six:upgrade 1.12.0 -> 1.13.0
      libedit: upgrade 20190324 -> 20191025

Zhixiong Chi (1):
      libtirpc: create the symbol link for rpc header files

grygorii tertychnyi (1):
      archiver: avoid empty incfile in ar_recipe

Change-Id: Ice596e426e4533d7568a82bcbb21efdfc19e21e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/classes/archiver.bbclass b/poky/meta/classes/archiver.bbclass
index 093e2d9..7c46cff 100644
--- a/poky/meta/classes/archiver.bbclass
+++ b/poky/meta/classes/archiver.bbclass
@@ -441,9 +441,10 @@
             incfile = include_re.match(line).group(1)
         if incfile:
             incfile = d.expand(incfile)
+        if incfile:
             incfile = bb.utils.which(bbpath, incfile)
-            if incfile:
-                shutil.copy(incfile, outdir)
+        if incfile:
+            shutil.copy(incfile, outdir)
 
     create_tarball(d, outdir, 'recipe', d.getVar('ARCHIVER_OUTDIR'))
     bb.utils.remove(outdir, recurse=True)
diff --git a/poky/meta/classes/buildhistory.bbclass b/poky/meta/classes/buildhistory.bbclass
index f986f7c..affdf27 100644
--- a/poky/meta/classes/buildhistory.bbclass
+++ b/poky/meta/classes/buildhistory.bbclass
@@ -280,7 +280,7 @@
             last_pkgr = lastversion.pkgr
             r = bb.utils.vercmp((pkge, pkgv, pkgr), (last_pkge, last_pkgv, last_pkgr))
             if r < 0:
-                msg = "Package version for package %s went backwards which would break package feeds from (%s:%s-%s to %s:%s-%s)" % (pkg, last_pkge, last_pkgv, last_pkgr, pkge, pkgv, pkgr)
+                msg = "Package version for package %s went backwards which would break package feeds (from %s:%s-%s to %s:%s-%s)" % (pkg, last_pkge, last_pkgv, last_pkgr, pkge, pkgv, pkgr)
                 package_qa_handle_error("version-going-backwards", msg, d)
 
         pkginfo = PackageInfo(pkg)
diff --git a/poky/meta/classes/cve-check.bbclass b/poky/meta/classes/cve-check.bbclass
index 1c8b222..3326944 100644
--- a/poky/meta/classes/cve-check.bbclass
+++ b/poky/meta/classes/cve-check.bbclass
@@ -62,7 +62,7 @@
 
 }
 
-addtask cve_check after do_unpack before do_build
+addtask cve_check before do_build
 do_cve_check[depends] = "cve-update-db-native:do_populate_cve_db"
 do_cve_check[nostamp] = "1"
 
@@ -70,7 +70,6 @@
     """
     Delete the file used to gather all the CVE information.
     """
-
     bb.utils.remove(e.data.getVar("CVE_CHECK_TMP_FILE"))
 }
 
diff --git a/poky/meta/classes/insane.bbclass b/poky/meta/classes/insane.bbclass
index 9605ac2..f856cf6 100644
--- a/poky/meta/classes/insane.bbclass
+++ b/poky/meta/classes/insane.bbclass
@@ -340,9 +340,11 @@
     for line in phdrs.split("\n"):
         if textrel_re.match(line):
             sane = False
+            break
 
     if not sane:
-        package_qa_add_message(messages, "textrel", "ELF binary '%s' has relocations in .text" % path)
+        path = package_qa_clean_path(path, d, name)
+        package_qa_add_message(messages, "textrel", "%s: ELF binary %s has relocations in .text" % (name, path))
 
 QAPATHTEST[ldflags] = "package_qa_hash_style"
 def package_qa_hash_style(path, name, d, elf, messages):
diff --git a/poky/meta/classes/package.bbclass b/poky/meta/classes/package.bbclass
index f955df1..e0d6ff6 100644
--- a/poky/meta/classes/package.bbclass
+++ b/poky/meta/classes/package.bbclass
@@ -1731,8 +1731,6 @@
     else:
         snap_symlinks = False
 
-    use_ldconfig = bb.utils.contains('DISTRO_FEATURES', 'ldconfig', True, False, d)
-
     needed = {}
 
     shlib_provider = oe.package.read_shlib_providers(d)
@@ -1791,7 +1789,7 @@
                     if s[0] not in shlib_provider:
                         shlib_provider[s[0]] = {}
                     shlib_provider[s[0]][s[1]] = (pkg, pkgver)
-        if needs_ldconfig and use_ldconfig:
+        if needs_ldconfig:
             bb.debug(1, 'adding ldconfig call to postinst for %s' % pkg)
             postinst = d.getVar('pkg_postinst_%s' % pkg)
             if not postinst:
diff --git a/poky/meta/classes/populate_sdk_ext.bbclass b/poky/meta/classes/populate_sdk_ext.bbclass
index 9fda1c9..05cfc1c 100644
--- a/poky/meta/classes/populate_sdk_ext.bbclass
+++ b/poky/meta/classes/populate_sdk_ext.bbclass
@@ -21,6 +21,7 @@
 SDK_INCLUDE_PKGDATA ?= "0"
 SDK_INCLUDE_TOOLCHAIN ?= "${@'1' if d.getVar('SDK_EXT_TYPE') == 'full' else '0'}"
 SDK_INCLUDE_NATIVESDK ?= "0"
+SDK_INCLUDE_BUILDTOOLS ?= '1'
 
 SDK_RECRDEP_TASKS ?= ""
 
@@ -94,6 +95,7 @@
     real_target_multimach = d.getVar('REAL_MULTIMACH_TARGET_SYS')
 
     pkgs = {}
+    os.makedirs(os.path.dirname(d.getVar('SDK_EXT_TARGET_MANIFEST')), exist_ok=True)
     with open(d.getVar('SDK_EXT_TARGET_MANIFEST'), 'w') as f:
         for fn in extra_info['filesizes']:
             info = fn.split(':')
@@ -535,8 +537,12 @@
     sanity_required_utilities = (d.getVar('SANITY_REQUIRED_UTILITIES') or '').split()
     sanity_required_utilities.append(d.expand('${BUILD_PREFIX}gcc'))
     sanity_required_utilities.append(d.expand('${BUILD_PREFIX}g++'))
-    buildtools_installer = os.path.join(d.getVar('SDK_DEPLOY'), buildtools_fn)
-    filelist, _ = bb.process.run('%s -l' % buildtools_installer)
+    if buildtools_fn:
+        buildtools_installer = os.path.join(d.getVar('SDK_DEPLOY'), buildtools_fn)
+        filelist, _ = bb.process.run('%s -l' % buildtools_installer)
+    else:
+        buildtools_installer = None
+        filelist = ""
     localdata = bb.data.createCopy(d)
     localdata.setVar('SDKPATH', '.')
     sdkpathnative = localdata.getVar('SDKPATHNATIVE')
@@ -579,7 +585,9 @@
 	touch ${SDK_OUTPUT}/${SDKPATH}/.devtoolbase
 
 	# find latest buildtools-tarball and install it
-	install ${SDK_DEPLOY}/${SDK_BUILDTOOLS_INSTALLER} ${SDK_OUTPUT}/${SDKPATH}
+	if [ -n "${SDK_BUILDTOOLS_INSTALLER}" ]; then
+		install ${SDK_DEPLOY}/${SDK_BUILDTOOLS_INSTALLER} ${SDK_OUTPUT}/${SDKPATH}
+	fi
 
 	install -m 0644 ${COREBASE}/meta/files/ext-sdk-prepare.py ${SDK_OUTPUT}/${SDKPATH}
 }
@@ -629,16 +637,18 @@
 	printf "\nExtracting buildtools...\n"
 	cd $target_sdk_dir
 	env_setup_script="$target_sdk_dir/environment-setup-${REAL_MULTIMACH_TARGET_SYS}"
-	printf "buildtools\ny" | ./${SDK_BUILDTOOLS_INSTALLER} > buildtools.log || { printf 'ERROR: buildtools installation failed:\n' ; cat buildtools.log ; echo "printf 'ERROR: this SDK was not fully installed and needs reinstalling\n'" >> $env_setup_script ; exit 1 ; }
+        if [ -n "${SDK_BUILDTOOLS_INSTALLER}" ]; then
+		printf "buildtools\ny" | ./${SDK_BUILDTOOLS_INSTALLER} > buildtools.log || { printf 'ERROR: buildtools installation failed:\n' ; cat buildtools.log ; echo "printf 'ERROR: this SDK was not fully installed and needs reinstalling\n'" >> $env_setup_script ; exit 1 ; }
 
-	# Delete the buildtools tar file since it won't be used again
-	rm -f ./${SDK_BUILDTOOLS_INSTALLER}
-	# We don't need the log either since it succeeded
-	rm -f buildtools.log
+		# Delete the buildtools tar file since it won't be used again
+		rm -f ./${SDK_BUILDTOOLS_INSTALLER}
+		# We don't need the log either since it succeeded
+		rm -f buildtools.log
 
-	# Make sure when the user sets up the environment, they also get
-	# the buildtools-tarball tools in their path.
-	echo ". $target_sdk_dir/buildtools/environment-setup*" >> $env_setup_script
+		# Make sure when the user sets up the environment, they also get
+		# the buildtools-tarball tools in their path.
+		echo ". $target_sdk_dir/buildtools/environment-setup*" >> $env_setup_script
+	fi
 
 	# Allow bitbake environment setup to be ran as part of this sdk.
 	echo "export OE_SKIP_SDK_CHECK=1" >> $env_setup_script
@@ -654,7 +664,7 @@
 	# Warn if trying to use external bitbake and the ext SDK together
 	echo "(which bitbake > /dev/null 2>&1 && echo 'WARNING: attempting to use the extensible SDK in an environment set up to run bitbake - this may lead to unexpected results. Please source this script in a new shell session instead.') || true" >> $env_setup_script
 
-	if [ "$prepare_buildsystem" != "no" ]; then
+	if [ "$prepare_buildsystem" != "no" -a -n "${SDK_BUILDTOOLS_INSTALLER}" ]; then
 		printf "Preparing build system...\n"
 		# dash which is /bin/sh on Ubuntu will not preserve the
 		# current working directory when first ran, nor will it set $1 when
@@ -680,7 +690,10 @@
         bb.fatal('The extensible SDK can currently only be built for the same architecture as the machine being built on - SDK_ARCH is set to %s (likely via setting SDKMACHINE) which is different from the architecture of the build machine (%s). Unable to continue.' % (d.getVar('SDK_ARCH'), d.getVar('BUILD_ARCH')))
 
     d.setVar('SDK_INSTALL_TARGETS', get_sdk_install_targets(d))
-    buildtools_fn = get_current_buildtools(d)
+    if d.getVar('SDK_INCLUDE_BUILDTOOLS') == '1':
+        buildtools_fn = get_current_buildtools(d)
+    else:
+        buildtools_fn = None
     d.setVar('SDK_REQUIRED_UTILITIES', get_sdk_required_utilities(buildtools_fn, d))
     d.setVar('SDK_BUILDTOOLS_INSTALLER', buildtools_fn)
     d.setVar('SDKDEPLOYDIR', '${SDKEXTDEPLOYDIR}')
@@ -731,7 +744,7 @@
 do_populate_sdk_ext[dirs] = "${@d.getVarFlag('do_populate_sdk', 'dirs', False)}"
 
 do_populate_sdk_ext[depends] = "${@d.getVarFlag('do_populate_sdk', 'depends', False)} \
-                                buildtools-tarball:do_populate_sdk \
+                                ${@'buildtools-tarball:do_populate_sdk' if d.getVar('SDK_INCLUDE_BUILDTOOLS') == '1' else ''} \
                                 ${@'meta-world-pkgdata:do_collect_packagedata' if d.getVar('SDK_INCLUDE_PKGDATA') == '1' else ''} \
                                 ${@'meta-extsdk-toolchain:do_locked_sigs' if d.getVar('SDK_INCLUDE_TOOLCHAIN') == '1' else ''}"
 
diff --git a/poky/meta/classes/rm_work.bbclass b/poky/meta/classes/rm_work.bbclass
index a6bd3f7..01c2ab1 100644
--- a/poky/meta/classes/rm_work.bbclass
+++ b/poky/meta/classes/rm_work.bbclass
@@ -47,30 +47,26 @@
     cd `dirname ${STAMP}`
     for i in `basename ${STAMP}`*
     do
-        # By default we'll delete the stamp, unless $i is changed by the inner loop
-        # (i=dummy does this)
-
         case $i in
         *sigdata*|*sigbasedata*)
             # Save/skip anything that looks like a signature data file.
-            i=dummy
             ;;
-        *do_image_complete_setscene*)
-            # Ensure we don't 'stack' setscene extensions to this stamp with the section below
-            i=dummy
+        *do_image_complete_setscene*|*do_image_qa_setscene*)
+            # Ensure we don't 'stack' setscene extensions to these stamps with the sections below
             ;;
         *do_image_complete*)
             # Promote do_image_complete stamps to setscene versions (ahead of *do_image* below)
             mv $i `echo $i | sed -e "s#do_image_complete#do_image_complete_setscene#"`
-            i=dummy
+            ;;
+        *do_image_qa*)
+            # Promote do_image_qa stamps to setscene versions (ahead of *do_image* below)
+            mv $i `echo $i | sed -e "s#do_image_qa#do_image_qa_setscene#"`
             ;;
         *do_package_write*|*do_rootfs*|*do_image*|*do_bootimg*|*do_write_qemuboot_conf*|*do_build*)
-            i=dummy
             ;;
         *do_addto_recipe_sysroot*)
             # Preserve recipe-sysroot-native if do_addto_recipe_sysroot has been used
             excludes="$excludes recipe-sysroot-native"
-            i=dummy
             ;;
         *do_package|*do_package.*|*do_package_setscene.*)
             # We remove do_package entirely, including any
@@ -78,30 +74,24 @@
             # such as 'packages' and 'packages-split' and these can be large. No end
             # of chain tasks depend directly on do_package anymore.
             rm -f $i;
-            i=dummy
             ;;
         *_setscene*)
             # Skip stamps which are already setscene versions
-            i=dummy
             ;;
+        *)
+            # For everything else: if suitable, promote the stamp to a setscene
+            # version, otherwise remove it
+            for j in ${SSTATETASKS} do_shared_workdir
+            do
+                case $i in
+                *$j|*$j.*)
+                    mv $i `echo $i | sed -e "s#${j}#${j}_setscene#"`
+                    break
+                    ;;
+                esac
+            done
+            rm -f $i
         esac
-
-        for j in ${SSTATETASKS} do_shared_workdir
-        do
-            case $i in
-            dummy)
-                break
-                ;;
-            *$j|*$j.*)
-                # Promote the stamp to a setscene version
-                mv $i `echo $i | sed -e "s#${j}#${j}_setscene#"`
-                i=dummy
-                break
-                ;;
-            esac
-        done
-
-        rm -f $i
     done
 
     cd ${WORKDIR}
diff --git a/poky/meta/classes/sstate.bbclass b/poky/meta/classes/sstate.bbclass
index b47b9c2..64808f8 100644
--- a/poky/meta/classes/sstate.bbclass
+++ b/poky/meta/classes/sstate.bbclass
@@ -818,7 +818,7 @@
 
 BB_HASHCHECK_FUNCTION = "sstate_checkhashes"
 
-def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, **kwargs):
+def sstate_checkhashes(sq_data, d, siginfo=False, currentcount=0, summary=True, **kwargs):
     found = set()
     missed = set()
     extension = ".tgz"
@@ -951,16 +951,17 @@
             evdata['found'].append((bb.runqueue.fn_from_tid(tid), bb.runqueue.taskname_from_tid(tid), gethash(tid), sstatefile ) )
         bb.event.fire(bb.event.MetadataEvent("MissedSstate", evdata), d)
 
-    # Print some summary statistics about the current task completion and how much sstate
-    # reuse there was. Avoid divide by zero errors.
-    total = len(sq_data['hash'])
-    complete = 0
-    if currentcount:
-        complete = (len(found) + currentcount) / (total + currentcount) * 100
-    match = 0
-    if total:
-        match = len(found) / total * 100
-    bb.plain("Sstate summary: Wanted %d Found %d Missed %d Current %d (%d%% match, %d%% complete)" % (total, len(found), len(missed), currentcount, match, complete))
+    if summary:
+        # Print some summary statistics about the current task completion and how much sstate
+        # reuse there was. Avoid divide by zero errors.
+        total = len(sq_data['hash'])
+        complete = 0
+        if currentcount:
+            complete = (len(found) + currentcount) / (total + currentcount) * 100
+        match = 0
+        if total:
+            match = len(found) / total * 100
+        bb.plain("Sstate summary: Wanted %d Found %d Missed %d Current %d (%d%% match, %d%% complete)" % (total, len(found), len(missed), currentcount, match, complete))
 
     if hasattr(bb.parse.siggen, "checkhashes"):
         bb.parse.siggen.checkhashes(sq_data, missed, found, d)
diff --git a/poky/meta/classes/staging.bbclass b/poky/meta/classes/staging.bbclass
index 55a9b52..cca0b7e 100644
--- a/poky/meta/classes/staging.bbclass
+++ b/poky/meta/classes/staging.bbclass
@@ -449,6 +449,28 @@
     msg_exists = []
     msg_adding = []
 
+    # Handle all removals first since files may move between recipes
+    for dep in configuredeps:
+        c = setscenedeps[dep][0]
+        if c not in installed:
+            continue
+        taskhash = setscenedeps[dep][5]
+        taskmanifest = depdir + "/" + c + "." + taskhash
+
+        if os.path.exists(depdir + "/" + c):
+            lnk = os.readlink(depdir + "/" + c)
+            if lnk == c + "." + taskhash and os.path.exists(depdir + "/" + c + ".complete"):
+                continue
+            else:
+                bb.note("%s exists in sysroot, but is stale (%s vs. %s), removing." % (c, lnk, c + "." + taskhash))
+                sstate_clean_manifest(depdir + "/" + lnk, d, workdir)
+                os.unlink(depdir + "/" + c)
+                if os.path.lexists(depdir + "/" + c + ".complete"):
+                    os.unlink(depdir + "/" + c + ".complete")
+        elif os.path.lexists(depdir + "/" + c):
+            os.unlink(depdir + "/" + c)
+
+    # Now handle installs
     for dep in configuredeps:
         c = setscenedeps[dep][0]
         if c not in installed:
@@ -461,14 +483,6 @@
             if lnk == c + "." + taskhash and os.path.exists(depdir + "/" + c + ".complete"):
                 msg_exists.append(c)
                 continue
-            else:
-                bb.note("%s exists in sysroot, but is stale (%s vs. %s), removing." % (c, lnk, c + "." + taskhash))
-                sstate_clean_manifest(depdir + "/" + lnk, d, workdir)
-                os.unlink(depdir + "/" + c)
-                if os.path.lexists(depdir + "/" + c + ".complete"):
-                    os.unlink(depdir + "/" + c + ".complete")
-        elif os.path.lexists(depdir + "/" + c):
-            os.unlink(depdir + "/" + c)
 
         msg_adding.append(c)
 
diff --git a/poky/meta/conf/distro/include/no-static-libs.inc b/poky/meta/conf/distro/include/no-static-libs.inc
index 4141ecb..a3a865c 100644
--- a/poky/meta/conf/distro/include/no-static-libs.inc
+++ b/poky/meta/conf/distro/include/no-static-libs.inc
@@ -15,10 +15,6 @@
 DISABLE_STATIC_pn-libpcap = ""
 # needed by gdb
 DISABLE_STATIC_pn-readline = ""
-# needed by pseudo
-DISABLE_STATIC_pn-sqlite3 = ""
-DISABLE_STATIC_pn-sqlite3-native = ""
-DISABLE_STATIC_pn-nativesdk-sqlite3 = ""
 # openjade/sgml-common have build issues without static libs
 DISABLE_STATIC_pn-sgml-common-native = ""
 DISABLE_STATIC_pn-openjade-native = ""
diff --git a/poky/meta/conf/machine/include/tune-cortexa32.inc b/poky/meta/conf/machine/include/tune-cortexa32.inc
index 9c948f1..3ab1add 100644
--- a/poky/meta/conf/machine/include/tune-cortexa32.inc
+++ b/poky/meta/conf/machine/include/tune-cortexa32.inc
@@ -10,9 +10,9 @@
 AVAILTUNES += "cortexa32 cortexa32-crypto"
 ARMPKGARCH_tune-cortexa32             = "cortexa32"
 ARMPKGARCH_tune-cortexa32-crypto      = "cortexa32"
-TUNE_FEATURES_tune-cortexa32          = "aarch64 cortexa32 crc"
-TUNE_FEATURES_tune-cortexa32-crypto   = "aarch64 cortexa32 crc crypto"
+TUNE_FEATURES_tune-cortexa32          = "armv8a cortexa32 crc"
+TUNE_FEATURES_tune-cortexa32-crypto   = "armv8a cortexa32 crc crypto"
 PACKAGE_EXTRA_ARCHS_tune-cortexa32             = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc} cortexa32"
 PACKAGE_EXTRA_ARCHS_tune-cortexa32-crypto      = "${PACKAGE_EXTRA_ARCHS_tune-armv8a-crc-crypto} cortexa32 cortexa32-crypto"
-BASE_LIB_tune-cortexa32               = "lib64"
-BASE_LIB_tune-cortexa32-crypto        = "lib64"
+BASE_LIB_tune-cortexa32               = "lib"
+BASE_LIB_tune-cortexa32-crypto        = "lib"
diff --git a/poky/meta/files/common-licenses/Intel b/poky/meta/files/common-licenses/Intel
new file mode 100644
index 0000000..29ddf57
--- /dev/null
+++ b/poky/meta/files/common-licenses/Intel
@@ -0,0 +1,105 @@
+1. Copyright Notice
+
+Some or all of this work - Copyright (c) 1999 - 2017, Intel Corp.
+All rights reserved.
+
+2. License
+
+2.1. This is your license from Intel Corp. under its intellectual property
+rights. You may have additional license terms from the party that provided
+you this software, covering your right to use that party's intellectual
+property rights.
+
+2.2. Intel grants, free of charge, to any person ("Licensee") obtaining a
+copy of the source code appearing in this file ("Covered Code") an
+irrevocable, perpetual, worldwide license under Intel's copyrights in the
+base code distributed originally by Intel ("Original Intel Code") to copy,
+make derivatives, distribute, use and display any portion of the Covered
+Code in any form, with the right to sublicense such rights; and
+
+2.3. Intel grants Licensee a non-exclusive and non-transferable patent
+license (with the right to sublicense), under only those claims of Intel
+patents that are infringed by the Original Intel Code, to make, use, sell,
+offer to sell, and import the Covered Code and derivative works thereof
+solely to the minimum extent necessary to exercise the above copyright
+license, and in no event shall the patent license extend to any additions
+to or modifications of the Original Intel Code. No other license or right
+is granted directly or by implication, estoppel or otherwise;
+
+The above copyright and patent license is granted only if the following
+conditions are met:
+
+3. Conditions
+
+3.1. Redistribution of Source with Rights to Further Distribute Source.
+Redistribution of source code of any substantial portion of the Covered
+Code or modification with rights to further distribute source must include
+the above Copyright Notice, the above License, this list of Conditions,
+and the following Disclaimer and Export Compliance provision. In addition,
+Licensee must cause all Covered Code to which Licensee contributes to
+contain a file documenting the changes Licensee made to create that Covered
+Code and the date of any change. Licensee must include in that file the
+documentation of any changes made by any predecessor Licensee. Licensee
+must include a prominent statement that the modification is derived,
+directly or indirectly, from Original Intel Code.
+
+3.2. Redistribution of Source with no Rights to Further Distribute Source.
+Redistribution of source code of any substantial portion of the Covered
+Code or modification without rights to further distribute source must
+include the following Disclaimer and Export Compliance provision in the
+documentation and/or other materials provided with distribution. In
+addition, Licensee may not authorize further sublicense of source of any
+portion of the Covered Code, and must include terms to the effect that the
+license from Licensee to its licensee is limited to the intellectual
+property embodied in the software Licensee provides to its licensee, and
+not to intellectual property embodied in modifications its licensee may
+make.
+
+3.3. Redistribution of Executable. Redistribution in executable form of any
+substantial portion of the Covered Code or modification must reproduce the
+above Copyright Notice, and the following Disclaimer and Export Compliance
+provision in the documentation and/or other materials provided with the
+distribution.
+
+3.4. Intel retains all right, title, and interest in and to the Original
+Intel Code.
+
+3.5. Neither the name Intel nor any other trademark owned or controlled by
+Intel shall be used in advertising or otherwise to promote the sale, use or
+other dealings in products derived from or relating to the Covered Code
+without prior written authorization from Intel.
+
+4. Disclaimer and Export Compliance
+
+4.1. INTEL MAKES NO WARRANTY OF ANY KIND REGARDING ANY SOFTWARE PROVIDED
+HERE. ANY SOFTWARE ORIGINATING FROM INTEL OR DERIVED FROM INTEL SOFTWARE
+IS PROVIDED "AS IS," AND INTEL WILL NOT PROVIDE ANY SUPPORT, ASSISTANCE,
+INSTALLATION, TRAINING OR OTHER SERVICES. INTEL WILL NOT PROVIDE ANY
+UPDATES, ENHANCEMENTS OR EXTENSIONS. INTEL SPECIFICALLY DISCLAIMS ANY
+IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A
+PARTICULAR PURPOSE.
+
+4.2. IN NO EVENT SHALL INTEL HAVE ANY LIABILITY TO LICENSEE, ITS LICENSEES
+OR ANY OTHER THIRD PARTY, FOR ANY LOST PROFITS, LOST DATA, LOSS OF USE OR
+COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY INDIRECT,
+SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, UNDER ANY
+CAUSE OF ACTION OR THEORY OF LIABILITY, AND IRRESPECTIVE OF WHETHER INTEL
+HAS ADVANCE NOTICE OF THE POSSIBILITY OF SUCH DAMAGES. THESE LIMITATIONS
+SHALL APPLY NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY
+LIMITED REMEDY.
+
+4.3. Licensee shall not export, either directly or indirectly, any of this
+software or system incorporating such software without first obtaining any
+required license or other approval from the U. S. Department of Commerce or
+any other agency or department of the United States Government. In the
+event Licensee exports any such software from the United States or
+re-exports any such software from a foreign destination, Licensee shall
+ensure that the distribution and export/re-export of the software is in
+compliance with all laws, regulations, orders, or other restrictions of the
+U.S. Export Administration Regulations. Licensee agrees that neither it nor
+any of its subsidiaries will export/re-export any technical data, process,
+software, or service, directly or indirectly, to any country for which the
+United States government or any agency thereof requires an export license,
+other governmental approval, or letter of assurance, without first obtaining
+such license, approval or letter.
+
diff --git a/poky/meta/lib/oe/package_manager.py b/poky/meta/lib/oe/package_manager.py
index c7135ce..4ff19cf 100644
--- a/poky/meta/lib/oe/package_manager.py
+++ b/poky/meta/lib/oe/package_manager.py
@@ -217,7 +217,7 @@
                 if not os.path.exists(pkgs_file):
                     open(pkgs_file, "w").close()
 
-                index_cmds.add('%s -r %s -p %s -m %s' %
+                index_cmds.add('%s --checksum md5 --checksum sha256 -r %s -p %s -m %s' %
                                   (opkg_index_cmd, pkgs_file, pkgs_file, pkgs_dir))
 
                 index_sign_files.add(pkgs_file)
diff --git a/poky/meta/lib/oeqa/core/decorator/data.py b/poky/meta/lib/oeqa/core/decorator/data.py
index 12d462f..bc4939e 100644
--- a/poky/meta/lib/oeqa/core/decorator/data.py
+++ b/poky/meta/lib/oeqa/core/decorator/data.py
@@ -18,6 +18,26 @@
         return True
     return False
 
+def has_machine(td, machine):
+    """
+        Checks for MACHINE.
+    """
+
+    if (machine in td.get('MACHINE', '')):
+        return True
+    return False
+
+def is_qemu(td, qemu):
+    """
+        Checks if MACHINE is qemu.
+    """
+
+    machine = td.get('MACHINE', '')
+    if (qemu in td.get('MACHINE', '') or
+    machine.startswith('qemu')):
+        return True
+    return False
+
 @registerDecorator
 class skipIfDataVar(OETestDecorator):
     """
@@ -131,3 +151,72 @@
         self.logger.debug(msg)
         if has_feature(self.case.td, self.value):
             self.case.skipTest(self.msg)
+
+@registerDecorator
+class skipIfNotMachine(OETestDecorator):
+    """
+        Skip test based on MACHINE.
+
+        value must be match MACHINE or it will skip the test
+        with msg as the reason.
+    """
+
+    attrs = ('value', 'msg')
+
+    def setUpDecorator(self):
+        msg = ('Checking if %s is not this MACHINE' % self.value)
+        self.logger.debug(msg)
+        if not has_machine(self.case.td, self.value):
+            self.case.skipTest(self.msg)
+
+@registerDecorator
+class skipIfMachine(OETestDecorator):
+    """
+        Skip test based on Machine.
+
+        value must not be this machine or it will skip the test
+        with msg as the reason.
+    """
+
+    attrs = ('value', 'msg')
+
+    def setUpDecorator(self):
+        msg = ('Checking if %s is this MACHINE' % self.value)
+        self.logger.debug(msg)
+        if has_machine(self.case.td, self.value):
+            self.case.skipTest(self.msg)
+
+@registerDecorator
+class skipIfNotQemu(OETestDecorator):
+    """
+        Skip test based on MACHINE.
+
+        value must be a qemu MACHINE or it will skip the test
+        with msg as the reason.
+    """
+
+    attrs = ('value', 'msg')
+
+    def setUpDecorator(self):
+        msg = ('Checking if %s is not this MACHINE' % self.value)
+        self.logger.debug(msg)
+        if not is_qemu(self.case.td, self.value):
+            self.case.skipTest(self.msg)
+
+@registerDecorator
+class skipIfQemu(OETestDecorator):
+    """
+        Skip test based on Qemu Machine.
+
+        value must not be a qemu machine or it will skip the test
+        with msg as the reason.
+   """
+
+    attrs = ('value', 'msg')
+
+    def setUpDecorator(self):
+        msg = ('Checking if %s is this MACHINE' % self.value)
+        self.logger.debug(msg)
+        if is_qemu(self.case.td, self.value):
+             self.case.skipTest(self.msg)
+
diff --git a/poky/meta/lib/oeqa/manual/bsp-qemu.json b/poky/meta/lib/oeqa/manual/bsp-qemu.json
deleted file mode 100644
index cf51b6a..0000000
--- a/poky/meta/lib/oeqa/manual/bsp-qemu.json
+++ /dev/null
@@ -1,222 +0,0 @@
-[
-  {
-    "test": {
-      "@alias": "bsps-qemu.bsps-tools.qemu_can_be_started_with_KVM_enabled",
-      "author": [
-        {
-          "email": "alexandru.c.georgescu@intel.com",
-          "name": "alexandru.c.georgescu@intel.com"
-        }
-      ],
-      "execution": {
-        "1": {
-          "action": "Build a kernel with KVM enabled  \n\nIn Local.conf add  \n\nQEMU_USE_KVM = \"${@ '1' if os.access('/dev/kvm', os.R_OK|os.W_OK) else '0' }\"  \n\n ",
-          "expected_results": ""
-        },
-        "2": {
-          "action": "Start qemu with option \"kvm\" with runqemu \n    a. If you start qemu with kvm failed, maybe it is because host not install kvm and vhost_net module. Follow below link to install them. \n    b. vhost_test refer:  https://wiki.yoctoproject.org/wiki/Running_an_x86_Yocto_Linux_image_under_QEMU_KVM \n    c. kvm refer: https://wiki.yoctoproject.org/wiki/How_to_enable_KVM_for_Poky_qemu",
-          "expected_results": ""
-        },
-        "3": {
-          "action": "Check if qemu starts up and if kvm_intel module is used",
-          "expected_results": ""
-        },
-        "4": {
-          "action": "If kvm_intel module is not used when starting qemu, it will show 0 in \"Used by\" column when you run \"lsmod | grep kvm_intel\" ",
-          "expected_results": "KVM enabled with qemu \nExecute \"lsmod | grep kvm_intel\" from your host twice, before and after you \nstart the qemu with kvm option. Before start, the number should be 0, \nafter start, the number should bigger than 0."
-        }
-      },
-      "summary": "qemu_can_be_started_with_KVM_enabled"
-    }
-  },
-  {
-    "test": {
-      "@alias": "bsps-qemu.bsps-tools.Post-installation_logging",
-      "author": [
-        {
-          "email": "yi.zhao@windriver.com",
-          "name": "yi.zhao@windriver.com"
-        }
-      ],
-      "execution": {
-        "1": {
-          "action": "Download the poky source and set environment \n",
-          "expected_results": "The /var/log/postinstall.log should exist in the first boot. The content of this log is like below:  \n\nRunning postinst /etc/rpm-postinsts/man... \nList directory to check the output log \nbin \nboot \ndev \netc \nhome \nlib \nlost+found \nmedia \nmnt \nproc \nrun \nsbin \nsys \ntmp \nusr \nvar \nList nonexist directory to check the stderr redirection log \nls: /nonexist: No such file or directory "
-        },
-        "2": {
-          "action": "Add the following lines to a .bb file. For expample, meta/recipes-connectivity/openssh/openssh_6.2p2.bb:   \n\npkg_postinst_ontarget_${PN} () {  \n       #!/bin/sh -e  \n       if [ x\"$D\" = \"x\" ]; then  \n       echo \"List directory to check the output log\"  \n       ls /  \n       echo \"List nonexist directory to check the stderr redirection log\"  \n       ls /nonexist  \n       else  \n       exit 1  \n       fi  \n}  \n\nMake sure the feature \"debug-tweaks\" is added in conf/local.conf \n",
-          "expected_results": ""
-        },
-        "3": {
-          "action": "Add ssh-server-openssh to EXTRA_IMAGE_FEATURES in local.conf \n",
-          "expected_results": ""
-        },
-        "4": {
-          "action": "Build core-image-minimal \n",
-          "expected_results": ""
-        },
-        "5": {
-          "action": "Boot up the image and check the /var/log/postinstall.log  ",
-          "expected_results": ""
-        }
-      },
-      "summary": "Post-installation_logging"
-    }
-  },
-  {
-    "test": {
-      "@alias": "bsps-qemu.bsps-tools.Add_user_with_cleartext_type_password_during_filesystem_construction",
-      "author": [
-        {
-          "email": "ke.zou@windriver.com",
-          "name": "ke.zou@windriver.com"
-        }
-      ],
-      "execution": {
-        "1": {
-          "action": "Download the poky source and set the environment  \n\n",
-          "expected_results": "No error during image building procedure. \n"
-        },
-        "2": {
-          "action": "Add the following lines in conf/local.conf  \n\nINHERIT += \"extrausers\"  \n\nEXTRA_USERS_PARAMS = \"\\ \nuseradd -s /bin/sh -P 'tester3' tester3;\\ \n\"  \n\nThe above settings do the following things: \na. Add a user tester3 with cleartext password 'tester3' ",
-          "expected_results": "Image can boot up \n"
-        },
-        "3": {
-          "action": "Build the image\n ",
-          "expected_results": "Login with user name \"tester3\" and password \"tester3\" "
-        }
-      },
-      "summary": "Add_user_with_cleartext_type_password_during_filesystem_construction"
-    }
-  },
-  {
-    "test": {
-      "@alias": "bsps-qemu.bsps-tools.rpm_-__install_dependency_package",
-      "author": [
-        {
-          "email": "alexandru.c.georgescu@intel.com",
-          "name": "alexandru.c.georgescu@intel.com"
-        }
-      ],
-      "execution": {
-        "1": {
-          "action": "Get a not previously installed RPM package or build one on local machine, which should have run-time dependency.For example, \"mc\" (Midnight Commander, which is a visual file manager) should depend on \"ncurses-terminfo\".   \n\n$ bitbake mc  \n\n\n",
-          "expected_results": ""
-        },
-        "2": {
-          "action": "Copy the package into a system folder (for example /home/root/rpm_packages).  \n\n\n",
-          "expected_results": ""
-        },
-        "3": {
-          "action": "Run \"rpm -ivh package_name\" and check the output, for example \"rpm -ivh mc.rpm*\" should report the dependency on \"ncurses-terminfo\".\n\n\n\n",
-          "expected_results": "3 . rpm command should report message when some RPM installation depends on other packages."
-        }
-      },
-      "summary": "rpm_-__install_dependency_package"
-    }
-  },
-  {
-    "test": {
-      "@alias": "bsps-qemu.bsps-tools.Check_rpm_install/removal_log_file_size(auto)",
-      "author": [
-        {
-          "email": "alexandru.c.georgescu@intel.com",
-          "name": "alexandru.c.georgescu@intel.com"
-        }
-      ],
-      "execution": {
-        "1": {
-          "action": "Get some rpm or other kind of installation packages.  \n\n",
-          "expected_results": "Steps 1- 4 (more than 2.3) \nEach file will occupy around 10MB, and there should be some method to keep rpm log in a small size. (the size of the db of RPMs must not be taking so much space)  \nStep 5 (less than or equal to 2.3)\nThe size on /var/lib/rpm/ must keep around 30MB"
-        },
-        "2": {
-          "action": "After system is up, check the size of log file named as \"log.xxxxxx\" on  /var/lib/rpm/log  \n\n",
-          "expected_results": ""
-        },
-        "3": {
-          "action": "After several install/removal of packages, with either of the install/removal commands   (rpm/smart/zypper/dnf install/removal), check again the size of log file.  \n\n",
-          "expected_results": ""
-        },
-        "4": {
-          "action": "For packages installation, there will be some database files under /var/lib/rpm/, named as \"__db.xxx\" and there will be some log files   \nunder /var/lib/rpm/log, named as \"\"log.xxxxxx\"\".   \n\nNote: You will only see the log.xxxx on /var/lib/rpm/log mentioned above if the poky version is minor than 2.3.For poky 2.3 or major versions this has been modified and the package RPM4 does not show the logs.xxxx. if major, follow the next step.  \n\n",
-          "expected_results": ""
-        },
-        "5": {
-          "action": "Repeat steps (1 and 3)  and check the size of /var/lib/rpm/  \n\nMore info: https://bugzilla.yoctoproject.org/show_bug.cgi?id=9259",
-          "expected_results": ""
-        }
-      },
-      "summary": "Check_rpm_install/removal_log_file_size"
-    }
-  },
-  {
-    "test": {
-      "@alias": "bsps-qemu.bsps-runtime.only_one_connmand_in_background(auto)",
-      "author": [
-        {
-          "email": "alexandru.c.georgescu@intel.com",
-          "name": "alexandru.c.georgescu@intel.com"
-        }
-      ],
-      "execution": {
-        "1": {
-          "action": "Boot system",
-          "expected_results": ""
-        },
-        "2": {
-          "action": "Run \"ps aux |grep connmand\" or \"ps -ef | grep connmand\" or \"ps | grep connmand\"",
-          "expected_results": "Connmand (connection manager, used to manage internet connections)  should be shown as an active process \n\n"
-        },
-        "3": {
-          "action": "Run command \"connmand\" to try to launch to a second connmand process",
-          "expected_results": ""
-        },
-        "4": {
-          "action": "Check, with \"ps\" connmand  if a second connmand can be generated ",
-          "expected_results": "There should be only one connmand process instance in background ."
-        }
-      },
-      "summary": "only_one_connmand_in_background"
-    }
-  },
-  {
-    "test": {
-      "@alias": "bsps-qemu.bsps-runtime.X_server_can_start_up_with_runlevel_5_boot",
-      "author": [
-        {
-          "email": "alexandru.c.georgescu@intel.com",
-          "name": "alexandru.c.georgescu@intel.com"
-        }
-      ],
-      "execution": {
-        "1": {
-          "action": "boot up system with default runlevel  \n\n",
-          "expected_results": "X server can start up well and desktop display has no problem .  \n\n"
-        },
-        "2": {
-          "action": "type runlevel at command prompt",
-          "expected_results": "Output:N 5"
-        }
-      },
-      "summary": "X_server_can_start_up_with_runlevel_5_boot"
-    }
-  },
-  {
-    "test": {
-      "@alias": "bsps-qemu.bsps-runtime.check_bash_in_image",
-      "author": [
-        {
-          "email": "alexandru.c.georgescu@intel.com",
-          "name": "alexandru.c.georgescu@intel.com"
-        }
-      ],
-      "execution": {
-        "1": {
-          "action": "After system is up, check if bash command exists with command \"which bash\"",
-          "expected_results": "bash command should exist in image giving something as below  \"/bin/bash\""
-        }
-      },
-      "summary": "check_bash_in_image"
-    }
-  }
-]
diff --git a/poky/meta/lib/oeqa/manual/oe-core.json b/poky/meta/lib/oeqa/manual/oe-core.json
index 3ee0aa9..fb47c5e 100644
--- a/poky/meta/lib/oeqa/manual/oe-core.json
+++ b/poky/meta/lib/oeqa/manual/oe-core.json
@@ -1,82 +1,6 @@
 [
   {
     "test": {
-      "@alias": "oe-core.scripts.Crosstap_script_check",
-      "author": [
-        {
-          "email": "alexandru.c.georgescu@intel.com",
-          "name": "alexandru.c.georgescu@intel.com"
-        }
-      ],
-      "execution": {
-        "1": {
-          "action": "Create the trace_open.stp script as follows in the host machine:  \n\n\nprobe syscall.open     \n\n{  \n\n\n        printf (\"%s(%d) open (%s)\\n\", execname(), pid(), argstr)  \n\n}  \n\n\n\nif the above failed, then create the below instead.  \n\nprobe syscall.open \n{ \n  printf (\"%s(%d) open\\n\", execname(), pid()) \n\n}  \n \n",
-          "expected_results": ""
-        },
-        "2": {
-          "action": "Add 'tools-profile' and 'ssh-server-openssh' to EXTRA_IMAGE_FEATURES in local.conf \n\n\n",
-          "expected_results": ""
-        },
-        "3": {
-          "action": "Build a core-image-minimal image, build systemtap-native. Start the image under qemu. \n\n",
-          "expected_results": ""
-        },
-        "4": {
-          "action": "Make sure that the ssh service is started on the Qemu machine. \n\n",
-          "expected_results": ""
-        },
-        "5": {
-          "action": "From the host machine poky build_dir, run \"crosstap root@192.168.7.2 trace_open.stp\".",
-          "expected_results": ""
-        },
-        "6": {
-          "action": "In QEMU, try to open some applications, such as open a terminal, input some command,  \n\n",
-          "expected_results": ""
-        },
-        "7": {
-          "action": "Check the host machine, \"crosstap\" has related output. \n\n\n\nNOTE:  Do not build the kernel from shared state(sstate-cache) for this to work.",
-          "expected_results": "The script should successfully connect to the qemu machine and there \nshould be presented a list of services(pid, process name) which run on \nthe qemu machine. "
-        }
-      },
-      "summary": "Crosstap_script_check"
-    }
-  },
-  {
-    "test": {
-      "@alias": "oe-core.scripts.List_all_the_PACKAGECONFIG's_flags",
-      "author": [
-        {
-          "email": "yi.zhao@windriver.com",
-          "name": "yi.zhao@windriver.com"
-        }
-      ],
-      "execution": {
-        "1": {
-          "action": " Download the poky source and setup the environment. ",
-          "expected_results": ""
-        },
-        "2": {
-          "action": "Run \"../scripts/contrib/list-packageconfig-flags.py\" ",
-          "expected_results": "In step 2, will list available pkgs which have PACKAGECONFIG flags:  \nPACKAGE NAME (or RECIPE NAME)           PACKAGECONFIG FLAGS  \n==============================================================  \nalsa-tools-1.0.26.1                                         defaultval gtk+  \navahi-ui-0.6.31                                                defaultval python  \nbluez4-4.101                                                alsa defaultval pie  \n"
-        },
-        "3": {
-          "action": "Run \"../scripts/contrib/list-packageconfig-flags.py -f\" ",
-          "expected_results": "In step 3, will list available PACKAGECONFIG flags and all affected pkgs  \nPACKAGECONFIG FLAG       PACKAGE NAMES (or RECIPE NAMES)  \n====================================  \n3g                             connman-1.16  \n        \navahi                        cups-1.6.3  pulseaudio-4.0  \nbeecrypt                   rpm-5.4.9  rpm-native-5.4.9  \n"
-        },
-        "4": {
-          "action": "Run \"../scripts/contrib/list-packageconfig-flags.py -a\" ",
-          "expected_results": "In step 4, will list all pkgs and PACKAGECONFIG information:  \n==================================================  \ngtk+-2.24.18  \n/home/jiahongxu/yocto/poky/meta/recipes-gnome/gtk+/gtk+_2.24.18.bb  \nPACKAGECONFIG x11  \nPACKAGECONFIG[x11] --with-x=yes --with-gdktarget=x11,--with-x=no,${X11DEPENDS}  \nxf86-video-intel-2.21.9  \n/home/jiahongxu/yocto/poky/meta/recipes-graphics/xorg-driver/xf86-video-intel_2.21.9.bb  \nPACKAGECONFIG None  \nPACKAGECONFIG[xvmc] --enable-xvmc,--disable-xvmc,libxvmc  \nPACKAGECONFIG[sna] --enable-sna,--disable-sna  \n"
-        },
-        "5": {
-          "action": "Run \"../scripts/contrib/list-packageconfig-flags.py -p\"   ",
-          "expected_results": "In step 5, will list pkgs with preferred version:  \nPACKAGE NAME (or RECIPE NAME)              PACKAGECONFIG FLAGS  \n===================================================  \nalsa-tools-1.0.26.1                                           defaultval gtk+  \navahi-ui-0.6.31                                                   defaultval python  \nbluez4-4.101                                                       alsa defaultval pie  \nbluez5-5.7                                                            alsa defaultval obex-profiles  \n\n\n\n "
-        }
-      },
-      "summary": "List_all_the_PACKAGECONFIG's_flags"
-    }
-  },
-  {
-    "test": {
       "@alias": "oe-core.bitbake.Test_bitbake_menuconfig",
       "author": [
         {
@@ -231,4 +155,4 @@
       "summary": "test_bitbake_sane_error_for_invalid_layer"
     }
   }
-]
\ No newline at end of file
+]
diff --git a/poky/meta/lib/oeqa/selftest/cases/buildoptions.py b/poky/meta/lib/oeqa/selftest/cases/buildoptions.py
index 6a5378d..e91f0bd 100644
--- a/poky/meta/lib/oeqa/selftest/cases/buildoptions.py
+++ b/poky/meta/lib/oeqa/selftest/cases/buildoptions.py
@@ -143,7 +143,7 @@
 
     def test_buildhistory_buildtime_pr_backwards(self):
         target = 'xcursor-transparent-theme'
-        error = "ERROR:.*QA Issue: Package version for package %s went backwards which would break package feeds from (.*-r1.* to .*-r0.*)" % target
+        error = "ERROR:.*QA Issue: Package version for package %s went backwards which would break package feeds \(from .*-r1.* to .*-r0.*\)" % target
         self.run_buildhistory_operation(target, target_config="PR = \"r1\"", change_bh_location=True)
         self.run_buildhistory_operation(target, target_config="PR = \"r0\"", change_bh_location=False, expect_error=True, error_regex=error)
 
diff --git a/poky/meta/lib/oeqa/selftest/cases/oescripts.py b/poky/meta/lib/oeqa/selftest/cases/oescripts.py
index 80d8b2c..41cbe04 100644
--- a/poky/meta/lib/oeqa/selftest/cases/oescripts.py
+++ b/poky/meta/lib/oeqa/selftest/cases/oescripts.py
@@ -65,6 +65,7 @@
         runCmd('%s/pybootchartgui/pybootchartgui.py  %s -o %s/charts -f pdf' % (self.scripts_dir, self.buildstats, self.tmpdir))
         self.assertTrue(os.path.exists(self.tmpdir + "/charts.pdf"))
 
+
 class OEGitproxyTests(OESelftestTestCase):
 
     scripts_dir = os.path.join(get_bb_var('COREBASE'), 'scripts')
@@ -127,3 +128,61 @@
         bitbake("qemu-helper-native -c addto_recipe_sysroot")
         result = runCmd("oe-run-native qemu-helper-native tunctl -h")
         self.assertIn("Delete: tunctl -d device-name [-f tun-clone-device]", result.output)
+
+class OEListPackageconfigTests(OEScriptTests):
+    #oe-core.scripts.List_all_the_PACKAGECONFIG's_flags
+    def check_endlines(self, results,  expected_endlines): 
+        for line in results.output.splitlines():
+            for el in expected_endlines:
+                if line == el:
+                    expected_endlines.remove(el)
+                    break
+
+        if expected_endlines:
+            self.fail('Missing expected listings:\n  %s' % '\n  '.join(expected_endlines))
+
+
+    #oe-core.scripts.List_all_the_PACKAGECONFIG's_flags
+    def test_packageconfig_flags_help(self):
+        runCmd('%s/contrib/list-packageconfig-flags.py -h' % self.scripts_dir)
+
+    def test_packageconfig_flags_default(self):
+        results = runCmd('%s/contrib/list-packageconfig-flags.py' % self.scripts_dir)
+        expected_endlines = []
+        expected_endlines.append("RECIPE NAME                  PACKAGECONFIG FLAGS")
+        expected_endlines.append("pinentry                     gtk2 libcap ncurses qt secret")
+        expected_endlines.append("tar                          acl")
+
+        self.check_endlines(results, expected_endlines)
+
+
+    def test_packageconfig_flags_option_flags(self):
+        results = runCmd('%s/contrib/list-packageconfig-flags.py -f' % self.scripts_dir)
+        expected_endlines = []
+        expected_endlines.append("PACKAGECONFIG FLAG     RECIPE NAMES")
+        expected_endlines.append("qt                     nativesdk-pinentry  pinentry  pinentry-native")
+        expected_endlines.append("secret                 nativesdk-pinentry  pinentry  pinentry-native")
+
+        self.check_endlines(results, expected_endlines)
+
+    def test_packageconfig_flags_option_all(self):
+        results = runCmd('%s/contrib/list-packageconfig-flags.py -a' % self.scripts_dir)
+        expected_endlines = []
+        expected_endlines.append("pinentry-1.1.0")
+        expected_endlines.append("PACKAGECONFIG ncurses libcap")
+        expected_endlines.append("PACKAGECONFIG[qt] --enable-pinentry-qt, --disable-pinentry-qt, qtbase-native qtbase")
+        expected_endlines.append("PACKAGECONFIG[gtk2] --enable-pinentry-gtk2, --disable-pinentry-gtk2, gtk+ glib-2.0")
+        expected_endlines.append("PACKAGECONFIG[libcap] --with-libcap, --without-libcap, libcap")
+        expected_endlines.append("PACKAGECONFIG[ncurses] --enable-ncurses  --with-ncurses-include-dir=${STAGING_INCDIR}, --disable-ncurses, ncurses")
+        expected_endlines.append("PACKAGECONFIG[secret] --enable-libsecret, --disable-libsecret, libsecret")
+
+        self.check_endlines(results, expected_endlines)
+
+    def test_packageconfig_flags_optiins_preferred_only(self):
+        results = runCmd('%s/contrib/list-packageconfig-flags.py -p' % self.scripts_dir)
+        expected_endlines = []
+        expected_endlines.append("RECIPE NAME                  PACKAGECONFIG FLAGS")
+        expected_endlines.append("pinentry                     gtk2 libcap ncurses qt secret")
+
+        self.check_endlines(results, expected_endlines)
+
diff --git a/poky/meta/lib/oeqa/selftest/cases/reproducible.py b/poky/meta/lib/oeqa/selftest/cases/reproducible.py
index c235c13..a911056 100644
--- a/poky/meta/lib/oeqa/selftest/cases/reproducible.py
+++ b/poky/meta/lib/oeqa/selftest/cases/reproducible.py
@@ -5,11 +5,16 @@
 
 from oeqa.selftest.case import OESelftestTestCase
 from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars
+import bb.utils
 import functools
 import multiprocessing
 import textwrap
 import json
 import unittest
+import tempfile
+import shutil
+import stat
+import os
 
 MISSING = 'MISSING'
 DIFFERENT = 'DIFFERENT'
@@ -74,6 +79,7 @@
 class ReproducibleTests(OESelftestTestCase):
     package_classes = ['deb', 'ipk']
     images = ['core-image-minimal']
+    save_results = False
 
     def setUpLocal(self):
         super().setUpLocal()
@@ -117,9 +123,18 @@
         self.extrasresults['reproducible']['files'].setdefault(package_class, {})[name] = [
                 {'reference': p.reference, 'test': p.test} for p in packages]
 
+    def copy_file(self, source, dest):
+        bb.utils.mkdirhier(os.path.dirname(dest))
+        shutil.copyfile(source, dest)
+
     def test_reproducible_builds(self):
         capture_vars = ['DEPLOY_DIR_' + c.upper() for c in self.package_classes]
 
+        if self.save_results:
+            save_dir = tempfile.mkdtemp(prefix='oe-reproducible-')
+            os.chmod(save_dir, stat.S_IRWXU | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH)
+            self.logger.info('Non-reproducible packages will be copied to %s', save_dir)
+
         # Build native utilities
         self.write_config('')
         bitbake("diffutils-native -c addto_recipe_sysroot")
@@ -176,6 +191,11 @@
                 self.write_package_list(package_class, 'different', result.different)
                 self.write_package_list(package_class, 'same', result.same)
 
+                if self.save_results:
+                    for d in result.different:
+                        self.copy_file(d.reference, '/'.join([save_dir, d.reference]))
+                        self.copy_file(d.test, '/'.join([save_dir, d.test]))
+
                 if result.missing or result.different:
                     self.fail("The following %s packages are missing or different: %s" %
                             (c, ' '.join(r.test for r in (result.missing + result.different))))
diff --git a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
index 7d3922c..4b56e5b 100644
--- a/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/poky/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -322,3 +322,80 @@
                 self.assertFalse(os.path.isfile(os.path.join(hosttestdir, "rootfs-after-failure")),
                                     "rootfs-after-failure file was created")
 
+class SystemTap(OESelftestTestCase):
+        """
+        Summary:        The purpose of this test case is to verify native crosstap
+                        works while talking to a target.
+        Expected:       The script should successfully connect to the qemu machine
+                        and run some systemtap examples on a qemu machine.
+        """
+
+        @classmethod
+        def setUpClass(cls):
+            super(SystemTap, cls).setUpClass()
+            cls.image = "core-image-minimal"
+
+        def default_config(self):
+            return """
+# These aren't the actual IP addresses but testexport class needs something defined
+TEST_SERVER_IP = "192.168.7.1"
+TEST_TARGET_IP = "192.168.7.2"
+
+EXTRA_IMAGE_FEATURES += "tools-profile dbg-pkgs"
+IMAGE_FEATURES_append = " ssh-server-dropbear"
+
+# enables kernel debug symbols
+KERNEL_EXTRA_FEATURES_append = " features/debug/debug-kernel.scc"
+KERNEL_EXTRA_FEATURES_append = " features/systemtap/systemtap.scc"
+
+# add systemtap run-time into target image if it is not there yet
+IMAGE_INSTALL_append = " systemtap"
+"""
+
+        def test_crosstap_helloworld(self):
+            self.write_config(self.default_config())
+            bitbake('systemtap-native')
+            systemtap_examples = os.path.join(get_bb_var("WORKDIR","systemtap-native"), "usr/share/systemtap/examples")
+            bitbake(self.image)
+
+            with runqemu(self.image) as qemu:
+                cmd = "crosstap -r root@192.168.7.2 -s %s/general/helloworld.stp " % systemtap_examples 
+                result = runCmd(cmd)
+                self.assertEqual(0, result.status, 'crosstap helloworld returned a non 0 status:%s' % result.output)
+
+        def test_crosstap_pstree(self):
+            self.write_config(self.default_config())
+
+            bitbake('systemtap-native')
+            systemtap_examples = os.path.join(get_bb_var("WORKDIR","systemtap-native"), "usr/share/systemtap/examples")
+            bitbake(self.image)
+
+            with runqemu(self.image) as qemu:
+                cmd = "crosstap -r root@192.168.7.2 -s %s/process/pstree.stp" % systemtap_examples
+                result = runCmd(cmd)
+                self.assertEqual(0, result.status, 'crosstap pstree returned a non 0 status:%s' % result.output)
+
+        def test_crosstap_syscalls_by_proc(self):
+            self.write_config(self.default_config())
+
+            bitbake('systemtap-native')
+            systemtap_examples = os.path.join(get_bb_var("WORKDIR","systemtap-native"), "usr/share/systemtap/examples")
+            bitbake(self.image)
+
+            with runqemu(self.image) as qemu:
+                cmd = "crosstap -r root@192.168.7.2 -s %s/process/ syscalls_by_proc.stp" % systemtap_examples
+                result = runCmd(cmd)
+                self.assertEqual(0, result.status, 'crosstap  syscalls_by_proc returned a non 0 status:%s' % result.output)
+
+        def test_crosstap_syscalls_by_pid(self):
+            self.write_config(self.default_config())
+
+            bitbake('systemtap-native')
+            systemtap_examples = os.path.join(get_bb_var("WORKDIR","systemtap-native"), "usr/share/systemtap/examples")
+            bitbake(self.image)
+
+            with runqemu(self.image) as qemu:
+                cmd = "crosstap -r root@192.168.7.2 -s %s/process/ syscalls_by_pid.stp" % systemtap_examples
+                result = runCmd(cmd)
+                self.assertEqual(0, result.status, 'crosstap  syscalls_by_pid returned a non 0 status:%s' % result.output)
+
diff --git a/poky/meta/lib/oeqa/selftest/cases/signing.py b/poky/meta/lib/oeqa/selftest/cases/signing.py
index 5c4e01b..93b15ae 100644
--- a/poky/meta/lib/oeqa/selftest/cases/signing.py
+++ b/poky/meta/lib/oeqa/selftest/cases/signing.py
@@ -3,7 +3,7 @@
 #
 
 from oeqa.selftest.case import OESelftestTestCase
-from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars
+from oeqa.utils.commands import runCmd, bitbake, get_bb_var, get_bb_vars, create_temp_layer
 import os
 import oe
 import glob
@@ -185,8 +185,6 @@
         test_recipe = 'ed'
         locked_sigs_file = 'locked-sigs.inc'
 
-        self.add_command_to_tearDown('rm -f %s' % os.path.join(self.builddir, locked_sigs_file))
-
         bitbake(test_recipe)
         # Generate locked sigs include file
         bitbake('-S none %s' % test_recipe)
@@ -198,16 +196,23 @@
         # Build a locked recipe
         bitbake(test_recipe)
 
+        templayerdir = tempfile.mkdtemp(prefix='signingqa')
+        create_temp_layer(templayerdir, 'selftestsigning')
+        runCmd('bitbake-layers add-layer %s' % templayerdir)
+
         # Make a change that should cause the locked task signature to change
         # Use uuid so hash equivalance server isn't triggered
         recipe_append_file = test_recipe + '_' + get_bb_var('PV', test_recipe) + '.bbappend'
-        recipe_append_path = os.path.join(self.testlayer_path, 'recipes-test', test_recipe, recipe_append_file)
+        recipe_append_path = os.path.join(templayerdir, 'recipes-test', test_recipe, recipe_append_file)
         feature = 'SUMMARY_${PN} = "test locked signature%s"\n' % uuid.uuid4()
 
-        os.mkdir(os.path.join(self.testlayer_path, 'recipes-test', test_recipe))
+        os.mkdir(os.path.join(templayerdir, 'recipes-test'))
+        os.mkdir(os.path.join(templayerdir, 'recipes-test', test_recipe))
         write_file(recipe_append_path, feature)
 
-        self.add_command_to_tearDown('rm -rf %s' % os.path.join(self.testlayer_path, 'recipes-test', test_recipe))
+        self.add_command_to_tearDown('bitbake-layers remove-layer %s' % templayerdir)
+        self.add_command_to_tearDown('rm -f %s' % os.path.join(self.builddir, locked_sigs_file))
+        self.add_command_to_tearDown('rm -rf %s' % templayerdir)
 
         # Build the recipe again
         ret = bitbake(test_recipe)
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp.inc b/poky/meta/recipes-connectivity/dhcp/dhcp.inc
index 18bbaf8..c4697be 100644
--- a/poky/meta/recipes-connectivity/dhcp/dhcp.inc
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp.inc
@@ -43,7 +43,7 @@
 INITSCRIPT_NAME_dhcp-server = "dhcp-server"
 INITSCRIPT_PARAMS_dhcp-server = "defaults"
 
-TARGET_CFLAGS += "-D_GNU_SOURCE"
+CFLAGS += "-D_GNU_SOURCE"
 EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \
                 --with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \
                 --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch
new file mode 100644
index 0000000..2359381
--- /dev/null
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch
@@ -0,0 +1,65 @@
+From eec0503cfc36f63d777f5cb3f2719cecedcb8468 Mon Sep 17 00:00:00 2001
+From: Haris Okanovic <haris.okanovic@ni.com>
+Date: Mon, 7 Jan 2019 13:22:09 -0600
+Subject: [PATCH] Workaround busybox limitation in Linux dhclient-script
+
+Busybox is a lightweight implementation of coreutils commonly used on
+space-constrained embedded Linux distributions. It's implementation of
+chown and chmod doesn't provide a "--reference" option added to
+client/scripts/linux as of commit 9261cb14. This change works around
+that limitation by using stat to read ownership and permissions flags
+and simple chown/chmod calls supported in both coreutils and busybox.
+
+    modified:   client/scripts/linux
+
+Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
+Upstream-Status: Pending [ISC-Bugs #48771]
+---
+ client/scripts/linux | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 0c429697..2435a44b 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -32,6 +32,17 @@
+ # if your system holds ip tool in a non-standard location.
+ ip=/sbin/ip
+ 
++chown_chmod_by_reference() {
++    local reference_file="$1"
++    local target_file="$2"
++
++    local owner=$(stat -c "%u:%g" "$reference_file")
++    local perm=$(stat -c "%a" "$reference_file")
++
++    chown "$owner" "$target_file"
++    chmod "$perm" "$target_file"
++}
++
+ # update /etc/resolv.conf based on received values
+ # This updated version mostly follows Debian script by Andrew Pollock et al.
+ make_resolv_conf() {
+@@ -74,8 +85,7 @@ make_resolv_conf() {
+         fi
+ 
+ 	if [ -f /etc/resolv.conf ]; then
+-	    chown --reference=/etc/resolv.conf $new_resolv_conf
+-	    chmod --reference=/etc/resolv.conf $new_resolv_conf
++	    chown_chmod_by_reference /etc/resolv.conf $new_resolv_conf
+ 	fi
+         mv -f $new_resolv_conf /etc/resolv.conf
+     # DHCPv6
+@@ -101,8 +111,7 @@ make_resolv_conf() {
+         fi
+ 
+ 	if [ -f /etc/resolv.conf ]; then
+-            chown --reference=/etc/resolv.conf $new_resolv_conf
+-            chmod --reference=/etc/resolv.conf $new_resolv_conf
++	    chown_chmod_by_reference /etc/resolv.conf $new_resolv_conf
+ 	fi
+         mv -f $new_resolv_conf /etc/resolv.conf
+     fi
+-- 
+2.20.0
+
diff --git a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
index 275961a..020777b 100644
--- a/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
+++ b/poky/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
@@ -11,6 +11,7 @@
             file://0013-fixup_use_libbind.patch \
             file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \
             file://0001-Fix-a-NSUPDATE-compiling-issue.patch \
+            file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \
 "
 
 SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede"
diff --git a/poky/meta/recipes-connectivity/iproute2/iproute2_5.2.0.bb b/poky/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb
similarity index 65%
rename from poky/meta/recipes-connectivity/iproute2/iproute2_5.2.0.bb
rename to poky/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb
index 1728cd6..8a86cbf 100644
--- a/poky/meta/recipes-connectivity/iproute2/iproute2_5.2.0.bb
+++ b/poky/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb
@@ -4,8 +4,8 @@
            file://0001-libc-compat.h-add-musl-workaround.patch \
           "
 
-SRC_URI[md5sum] = "0cb2736e7bc2f56254a363d3d23703b7"
-SRC_URI[sha256sum] = "a5b95dec26353fc71dba9bb403e9343fad2a06bd69fb154a22a2aa2914f74da8"
+SRC_URI[md5sum] = "227404413c8d6db649d6188ead1e5a6e"
+SRC_URI[sha256sum] = "cb1c1e45993a3bd2438543fd4332d70f1726a6e6ff97dc613a8258c993117b3f"
 
 # CFLAGS are computed in Makefile and reference CCOPTS
 #
diff --git a/poky/meta/recipes-core/dbus/dbus_1.12.16.bb b/poky/meta/recipes-core/dbus/dbus_1.12.16.bb
index f4fec23..96b5036 100644
--- a/poky/meta/recipes-core/dbus/dbus_1.12.16.bb
+++ b/poky/meta/recipes-core/dbus/dbus_1.12.16.bb
@@ -32,7 +32,6 @@
 }
 
 USERADD_PACKAGES = "${PN}"
-GROUPADD_PARAM_${PN} = "-r netdev"
 USERADD_PARAM_${PN} = "--system --home ${localstatedir}/lib/dbus \
                        --no-create-home --shell /bin/false \
                        --user-group messagebus"
diff --git a/poky/meta/recipes-core/glibc/glibc-package.inc b/poky/meta/recipes-core/glibc/glibc-package.inc
index d7037c5..9dd5a0d 100644
--- a/poky/meta/recipes-core/glibc/glibc-package.inc
+++ b/poky/meta/recipes-core/glibc/glibc-package.inc
@@ -1,6 +1,6 @@
 INHIBIT_SYSROOT_STRIP = "1"
 
-PACKAGES = "${PN}-dbg catchsegv sln nscd ldd tzcode glibc-thread-db ${PN}-pic libcidn libmemusage libnss-db libsegfault ${PN}-pcprofile libsotruss ${PN} ${PN}-utils glibc-extra-nss ${PN}-dev ${PN}-staticdev ${PN}-doc"
+PACKAGES = "${PN}-dbg catchsegv sln nscd ldd tzcode glibc-thread-db ${PN}-pic libcidn libmemusage libnss-db libsegfault ${PN}-pcprofile libsotruss ${PN} ${PN}-utils glibc-extra-nss ${PN}-dev ${PN}-staticdev ${PN}-doc ldconfig"
 
 # The ld.so in this glibc supports the GNU_HASH
 RPROVIDES_${PN} = "eglibc rtld(GNU_HASH)"
@@ -23,7 +23,9 @@
 libc_baselibs_append = " ${@oe.utils.conditional('ARCH_DYNAMIC_LOADER', '', '', '${root_prefix}/lib/${ARCH_DYNAMIC_LOADER}', d)}"
 INSANE_SKIP_${PN}_append_aarch64 = " libdir"
 
-FILES_${PN} = "${libc_baselibs} ${libexecdir}/* ${base_sbindir}/ldconfig ${sysconfdir}/ld.so.conf"
+FILES_${PN} = "${libc_baselibs} ${libexecdir}/*"
+RRECOMMENDS_${PN} = "${@bb.utils.filter('DISTRO_FEATURES', 'ldconfig', d)}"
+FILES_ldconfig = "${base_sbindir}/ldconfig ${sysconfdir}/ld.so.conf"
 FILES_ldd = "${bindir}/ldd"
 FILES_libsegfault = "${base_libdir}/libSegFault*"
 FILES_libcidn = "${base_libdir}/libcidn-*.so ${base_libdir}/libcidn.so.*"
@@ -107,11 +109,6 @@
 }
 
 do_install_append_class-target() {
-	if ! ${@bb.utils.contains('DISTRO_FEATURES', 'ldconfig', 'true', 'false', d)}; then
-		# The distro doesn't want these files so let's not install them
-		rm -f ${D}${sysconfdir}/ld.so.conf
-		rm -f ${D}${base_sbindir}/ldconfig
-	fi
 	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
 		install -d ${D}${sysconfdir}/tmpfiles.d
 		echo "d /run/nscd 755 root root -" \
diff --git a/poky/meta/recipes-core/initscripts/initscripts-1.0/sysfs.sh b/poky/meta/recipes-core/initscripts/initscripts-1.0/sysfs.sh
index f5b5b99..4871ee9 100644
--- a/poky/meta/recipes-core/initscripts/initscripts-1.0/sysfs.sh
+++ b/poky/meta/recipes-core/initscripts/initscripts-1.0/sysfs.sh
@@ -26,6 +26,10 @@
   mount -t configfs configfs /sys/kernel/config
 fi
 
+if [ -e /sys/firmware/efi/efivars ] && grep -q efivarfs /proc/filesystems; then
+  mount -t efivarfs efivarfs /sys/firmware/efi/efivars
+fi
+
 if ! [ -e /dev/zero ] && [ -e /dev ] && grep -q devtmpfs /proc/filesystems; then
   mount -n -t devtmpfs devtmpfs /dev
 fi
diff --git a/poky/meta/recipes-core/meta/buildtools-tarball.bb b/poky/meta/recipes-core/meta/buildtools-tarball.bb
index 91df6f1..9c5c2cc 100644
--- a/poky/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/poky/meta/recipes-core/meta/buildtools-tarball.bb
@@ -72,6 +72,7 @@
 	toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS}
 
 	echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+	echo 'export OPENSSL_CONF="${SDKPATHNATIVE}${sysconfdir}/ssl/openssl.cnf"' >>$script
 
 	if [ "${SDKMACHINE}" = "i686" ]; then
 		echo 'export NO32LIBS="0"' >>$script
diff --git a/poky/meta/recipes-core/meta/cve-update-db-native.bb b/poky/meta/recipes-core/meta/cve-update-db-native.bb
index 2c427a5..19875a4 100644
--- a/poky/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/poky/meta/recipes-core/meta/cve-update-db-native.bb
@@ -31,8 +31,16 @@
     db_dir = os.path.join(d.getVar("DL_DIR"), 'CVE_CHECK')
     db_file = os.path.join(db_dir, 'nvdcve_1.0.db')
     json_tmpfile = os.path.join(db_dir, 'nvd.json.gz')
-    proxy = d.getVar("https_proxy")
 
+    # Don't refresh the database more than once an hour
+    try:
+        import time
+        if time.time() - os.path.getmtime(db_file) < (60*60):
+            return
+    except OSError:
+        pass
+
+    proxy = d.getVar("https_proxy")
     if proxy:
         # instantiate an opener but do not install it as the global
         # opener unless if we're really sure it's applicable for all
diff --git a/poky/meta/recipes-core/ovmf/ovmf_git.bb b/poky/meta/recipes-core/ovmf/ovmf_git.bb
index 3b5a05e..ff2b2a5 100644
--- a/poky/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/poky/meta/recipes-core/ovmf/ovmf_git.bb
@@ -29,10 +29,7 @@
 
 S = "${WORKDIR}/git"
 
-DEPENDS_class-native="util-linux-native iasl-native"
-DEPENDS_class-target="ovmf-native bc-native"
-
-DEPENDS_append = " nasm-native"
+DEPENDS = "nasm-native acpica-native ovmf-native util-linux-native"
 
 EDK_TOOLS_DIR="edk2_basetools"
 
diff --git a/poky/meta/recipes-core/psplash/files/psplash-init b/poky/meta/recipes-core/psplash/files/psplash-init
index dcb7519..4bee866 100755
--- a/poky/meta/recipes-core/psplash/files/psplash-init
+++ b/poky/meta/recipes-core/psplash/files/psplash-init
@@ -25,7 +25,7 @@
 
 export TMPDIR=/mnt/.psplash
 [ -d $TMPDIR ] || mkdir -p $TMPDIR
-if [ ! mountpoint -q $TMPDIR ]; then
+if ! mountpoint -q $TMPDIR; then
 	mount tmpfs -t tmpfs $TMPDIR -o,size=40k
 fi
 
diff --git a/poky/meta/recipes-core/systemd/systemd/0001-pstore-fix-use-after-free.patch b/poky/meta/recipes-core/systemd/systemd/0001-pstore-fix-use-after-free.patch
new file mode 100644
index 0000000..fd147a1
--- /dev/null
+++ b/poky/meta/recipes-core/systemd/systemd/0001-pstore-fix-use-after-free.patch
@@ -0,0 +1,39 @@
+From 1b3156edd291e0882d80a695d035dd30521345d1 Mon Sep 17 00:00:00 2001
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Fri, 6 Sep 2019 15:04:01 +0200
+Subject: [PATCH] pstore: fix use after free
+
+The memory is still needed in the sd_journal_sendv() after the 'if' block.
+
+(cherry picked from commit 1e19f5ac0d680a63eccae7ef1fc6ce225dca0bbf)
+
+Upstream-Status: Backport
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ src/pstore/pstore.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pstore/pstore.c b/src/pstore/pstore.c
+index c760b3e899..8ffe523830 100644
+--- a/src/pstore/pstore.c
++++ b/src/pstore/pstore.c
+@@ -117,6 +117,7 @@ static int compare_pstore_entries(const void *_a, const void *_b) {
+ 
+ static int move_file(PStoreEntry *pe, const char *subdir) {
+         _cleanup_free_ char *ifd_path = NULL, *ofd_path = NULL;
++        _cleanup_free_ void *field = NULL;
+         const char *suffix, *message;
+         struct iovec iovec[2];
+         int n_iovec = 0, r;
+@@ -138,7 +139,6 @@ static int move_file(PStoreEntry *pe, const char *subdir) {
+         iovec[n_iovec++] = IOVEC_MAKE_STRING(message);
+ 
+         if (pe->content_size > 0) {
+-                _cleanup_free_ void *field = NULL;
+                 size_t field_size;
+ 
+                 field_size = strlen("FILE=") + pe->content_size;
+-- 
+2.14.4
+
diff --git a/poky/meta/recipes-core/systemd/systemd_243.bb b/poky/meta/recipes-core/systemd/systemd_243.bb
index 6e7f956..7935380 100644
--- a/poky/meta/recipes-core/systemd/systemd_243.bb
+++ b/poky/meta/recipes-core/systemd/systemd_243.bb
@@ -24,6 +24,7 @@
            file://0005-rules-watch-metadata-changes-in-ide-devices.patch \
            file://0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch \
            file://99-default.preset \
+           file://0001-pstore-fix-use-after-free.patch \
            "
 
 # patches needed by musl
@@ -139,7 +140,7 @@
 PACKAGECONFIG[iptc] = "-Dlibiptc=true,-Dlibiptc=false,iptables"
 PACKAGECONFIG[journal-upload] = "-Dlibcurl=true,-Dlibcurl=false,curl"
 PACKAGECONFIG[kmod] = "-Dkmod=true,-Dkmod=false,kmod"
-PACKAGECONFIG[ldconfig] = "-Dldconfig=true,-Dldconfig=false"
+PACKAGECONFIG[ldconfig] = "-Dldconfig=true,-Dldconfig=false,,ldconfig"
 PACKAGECONFIG[libidn] = "-Dlibidn=true,-Dlibidn=false,libidn"
 PACKAGECONFIG[localed] = "-Dlocaled=true,-Dlocaled=false"
 PACKAGECONFIG[logind] = "-Dlogind=true,-Dlogind=false"
diff --git a/poky/meta/recipes-devtools/file/file/CVE-2019-18218.patch b/poky/meta/recipes-devtools/file/file/CVE-2019-18218.patch
new file mode 100644
index 0000000..3d02c5a
--- /dev/null
+++ b/poky/meta/recipes-devtools/file/file/CVE-2019-18218.patch
@@ -0,0 +1,55 @@
+cdf_read_property_info in cdf.c in file through 5.37 does not restrict the
+number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte
+out-of-bounds write).
+
+CVE: CVE-2019-18218
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Mon, 26 Aug 2019 14:31:39 +0000
+Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
+
+---
+ src/cdf.c | 9 ++++-----
+ src/cdf.h | 1 +
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 9d6396742..bb81d6374 100644
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -1016,8 +1016,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 				goto out;
+ 			}
+ 			nelements = CDF_GETUINT32(q, 1);
+-			if (nelements == 0) {
+-				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++			if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
++				DPRINTF(("CDF_VECTOR with nelements == %"
++				    SIZE_T_FORMAT "u\n", nelements));
+ 				goto out;
+ 			}
+ 			slen = 2;
+@@ -1060,8 +1061,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 					goto out;
+ 				inp += nelem;
+ 			}
+-			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+-			    nelements));
+ 			for (j = 0; j < nelements && i < sh.sh_properties;
+ 			    j++, i++)
+ 			{
+diff --git a/src/cdf.h b/src/cdf.h
+index 2f7e554b7..05056668f 100644
+--- a/src/cdf.h
++++ b/src/cdf.h
+@@ -48,6 +48,7 @@
+ typedef int32_t cdf_secid_t;
+ 
+ #define CDF_LOOP_LIMIT					10000
++#define CDF_ELEMENT_LIMIT				100000
+ 
+ #define CDF_SECID_NULL					0
+ #define CDF_SECID_FREE					-1
diff --git a/poky/meta/recipes-devtools/file/file_5.37.bb b/poky/meta/recipes-devtools/file/file_5.37.bb
index c53a120..a96ccc0 100644
--- a/poky/meta/recipes-devtools/file/file_5.37.bb
+++ b/poky/meta/recipes-devtools/file/file_5.37.bb
@@ -11,10 +11,8 @@
 DEPENDS = "zlib file-replacement-native"
 DEPENDS_class-native = "zlib-native"
 
-# Blacklist a bogus tag in upstream check
-UPSTREAM_CHECK_GITTAGREGEX = "FILE(?P<pver>(?!6_23).+)"
-
-SRC_URI = "git://github.com/file/file.git"
+SRC_URI = "git://github.com/file/file.git \
+           file://CVE-2019-18218.patch"
 
 SRCREV = "a0d5b0e4e9f97d74a9911e95cedd579852e25398"
 S = "${WORKDIR}/git"
@@ -31,6 +29,10 @@
 
 FILES_${PN} += "${datadir}/misc/*.mgc"
 
+do_compile_append_class-native() {
+	oe_runmake check
+}
+
 do_install_append_class-native() {
 	create_cmdline_wrapper ${D}/${bindir}/file \
 		--magic-file ${datadir}/misc/magic.mgc
diff --git a/poky/meta/recipes-devtools/git/git_2.23.0.bb b/poky/meta/recipes-devtools/git/git_2.23.0.bb
deleted file mode 100644
index 1539182..0000000
--- a/poky/meta/recipes-devtools/git/git_2.23.0.bb
+++ /dev/null
@@ -1,11 +0,0 @@
-require git.inc
-
-EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
-                 ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
-                 "
-EXTRA_OEMAKE += "NO_GETTEXT=1"
-
-SRC_URI[tarball.md5sum] = "203c238ffdcef76f9bd6c67cfbaf949f"
-SRC_URI[tarball.sha256sum] = "e3396c90888111a01bf607346db09b0fbf49a95bc83faf9506b61195936f0cfe"
-SRC_URI[manpages.md5sum] = "90a72e553de712d798d68b15b57bc928"
-SRC_URI[manpages.sha256sum] = "a5b0998f95c2290386d191d34780d145ea67e527fac98541e0350749bf76be75"
diff --git a/poky/meta/recipes-devtools/git/git_2.24.0.bb b/poky/meta/recipes-devtools/git/git_2.24.0.bb
new file mode 100644
index 0000000..e9cb382
--- /dev/null
+++ b/poky/meta/recipes-devtools/git/git_2.24.0.bb
@@ -0,0 +1,11 @@
+require git.inc
+
+EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
+                 ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \
+                 "
+EXTRA_OEMAKE += "NO_GETTEXT=1"
+
+SRC_URI[tarball.md5sum] = "ed39361a3ae362c8af852d1a06992bc2"
+SRC_URI[tarball.sha256sum] = "ad11030d2eac656ee9e8862f56d1610550f7867181beff814c7712a99192e99d"
+SRC_URI[manpages.md5sum] = "57465e83f13ba910a178b717d93958c0"
+SRC_URI[manpages.sha256sum] = "ce995f86f441b56ab1fd0788a94786904ae2e2989e7191fd68060003011366d7"
diff --git a/poky/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch b/poky/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
new file mode 100644
index 0000000..ddfd5e4
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.13/0001-allow-CC-and-CXX-to-have-multiple-words.patch
@@ -0,0 +1,38 @@
+From 9e3dc44cdfa58d96504d0a789dc82617dd5bef55 Mon Sep 17 00:00:00 2001
+From: Alex Kube <alexander.j.kube@gmail.com>
+Date: Wed, 23 Oct 2019 21:01:13 +0430
+Subject: [PATCH 1/9] cmd/go: Allow CC and CXX to have multiple words
+
+Upstream-Status: Inappropriate [OE specific]
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison <matt@madison.systems>.
+
+Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
+
+---
+ src/cmd/go/internal/envcmd/env.go | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go
+index 17852de..7b5ec5e 100644
+--- a/src/cmd/go/internal/envcmd/env.go
++++ b/src/cmd/go/internal/envcmd/env.go
+@@ -100,11 +100,11 @@ func MkEnv() []cfg.EnvVar {
+ 
+ 	cc := cfg.DefaultCC(cfg.Goos, cfg.Goarch)
+ 	if env := strings.Fields(cfg.Getenv("CC")); len(env) > 0 {
+-		cc = env[0]
++		cc = strings.Join(env, " ")
+ 	}
+ 	cxx := cfg.DefaultCXX(cfg.Goos, cfg.Goarch)
+ 	if env := strings.Fields(cfg.Getenv("CXX")); len(env) > 0 {
+-		cxx = env[0]
++		cxx = strings.Join(env, " ")
+ 	}
+ 	env = append(env, cfg.EnvVar{Name: "AR", Value: envOr("AR", "ar")})
+ 	env = append(env, cfg.EnvVar{Name: "CC", Value: cc})
+-- 
+2.17.1 (Apple Git-112)
+
diff --git a/poky/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch b/poky/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
new file mode 100644
index 0000000..4eddd39
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.13/0002-cmd-go-make-content-based-hash-generation-less-pedan.patch
@@ -0,0 +1,226 @@
+From a13ae484e41139094505d2834437e9262a5315f7 Mon Sep 17 00:00:00 2001
+From: Alex Kube <alexander.j.kube@gmail.com>
+Date: Wed, 23 Oct 2019 21:14:22 +0430
+Subject: [PATCH 2/9] cmd/go: make content-based hash generation less pedantic
+
+Upstream-Status: Inappropriate [OE specific]
+
+Go 1.10's build tool now uses content-based hashes to
+determine when something should be built or re-built.
+This same mechanism is used to maintain a built-artifact
+cache for speeding up builds.
+
+However, the hashes it generates include information that
+doesn't work well with OE, nor with using a shared runtime
+library.
+
+First, it embeds path names to source files, unless
+building within GOROOT.  This prevents the building
+of a package in GOPATH for later staging into GOROOT.
+
+This patch adds support for the environment variable
+GOPATH_OMIT_IN_ACTIONID.  If present, path name
+embedding is disabled.
+
+Second, if cgo is enabled, the build ID for cgo-related
+packages will include the current value of the environment
+variables for invoking the compiler (CC, CXX, FC) and
+any CGO_xxFLAGS variables.  Only if the settings used
+during a compilation exactly match, character for character,
+the values used for compiling runtime/cgo or any other
+cgo-enabled package being imported, will the tool
+decide that the imported package is up-to-date.
+
+This is done to help ensure correctness, but is overly
+simplistic and effectively prevents the reuse of built
+artifacts that use cgo (or shared runtime, which includes
+runtime/cgo).
+
+This patch filters out all compiler flags except those
+beginning with '-m'.  The default behavior can be restored
+by setting the CGO_PEDANTIC environment variable.
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison <matt@madison.systems>.
+
+Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
+---
+ src/cmd/go/internal/envcmd/env.go |  2 +-
+ src/cmd/go/internal/work/exec.go  | 66 ++++++++++++++++++++++---------
+ 2 files changed, 49 insertions(+), 19 deletions(-)
+
+diff --git a/src/cmd/go/internal/envcmd/env.go b/src/cmd/go/internal/envcmd/env.go
+index 7b5ec5e..292f117 100644
+--- a/src/cmd/go/internal/envcmd/env.go
++++ b/src/cmd/go/internal/envcmd/env.go
+@@ -154,7 +154,7 @@ func ExtraEnvVars() []cfg.EnvVar {
+ func ExtraEnvVarsCostly() []cfg.EnvVar {
+ 	var b work.Builder
+ 	b.Init()
+-	cppflags, cflags, cxxflags, fflags, ldflags, err := b.CFlags(&load.Package{})
++	cppflags, cflags, cxxflags, fflags, ldflags, err := b.CFlags(&load.Package{}, false)
+ 	if err != nil {
+ 		// Should not happen - b.CFlags was given an empty package.
+ 		fmt.Fprintf(os.Stderr, "go: invalid cflags: %v\n", err)
+diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go
+index 7dd9a90..ccebaf8 100644
+--- a/src/cmd/go/internal/work/exec.go
++++ b/src/cmd/go/internal/work/exec.go
+@@ -32,6 +32,8 @@ import (
+ 	"time"
+ )
+ 
++var omitGopath = os.Getenv("GOPATH_OMIT_IN_ACTIONID") != ""
++
+ // actionList returns the list of actions in the dag rooted at root
+ // as visited in a depth-first post-order traversal.
+ func actionList(root *Action) []*Action {
+@@ -205,7 +207,7 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID {
+ 	// The compiler hides the exact value of $GOROOT
+ 	// when building things in GOROOT.
+ 	// Assume b.WorkDir is being trimmed properly.
+-	if !p.Goroot && !cfg.BuildTrimpath && !strings.HasPrefix(p.Dir, b.WorkDir) {
++	if !p.Goroot && !omitGopath && !cfg.BuildTrimpath && !strings.HasPrefix(p.Dir, b.WorkDir) {
+ 		fmt.Fprintf(h, "dir %s\n", p.Dir)
+ 	}
+ 	fmt.Fprintf(h, "goos %s goarch %s\n", cfg.Goos, cfg.Goarch)
+@@ -219,13 +221,13 @@ func (b *Builder) buildActionID(a *Action) cache.ActionID {
+ 	}
+ 	if len(p.CgoFiles)+len(p.SwigFiles) > 0 {
+ 		fmt.Fprintf(h, "cgo %q\n", b.toolID("cgo"))
+-		cppflags, cflags, cxxflags, fflags, ldflags, _ := b.CFlags(p)
+-		fmt.Fprintf(h, "CC=%q %q %q %q\n", b.ccExe(), cppflags, cflags, ldflags)
++		cppflags, cflags, cxxflags, fflags, ldflags, _ := b.CFlags(p, true)
++		fmt.Fprintf(h, "CC=%q %q %q %q\n", b.ccExe(true), cppflags, cflags, ldflags)
+ 		if len(p.CXXFiles)+len(p.SwigFiles) > 0 {
+-			fmt.Fprintf(h, "CXX=%q %q\n", b.cxxExe(), cxxflags)
++			fmt.Fprintf(h, "CXX=%q %q\n", b.cxxExe(true), cxxflags)
+ 		}
+ 		if len(p.FFiles) > 0 {
+-			fmt.Fprintf(h, "FC=%q %q\n", b.fcExe(), fflags)
++			fmt.Fprintf(h, "FC=%q %q\n", b.fcExe(true), fflags)
+ 		}
+ 		// TODO(rsc): Should we include the SWIG version or Fortran/GCC/G++/Objective-C compiler versions?
+ 	}
+@@ -2229,33 +2231,48 @@ var (
+ // gccCmd returns a gcc command line prefix
+ // defaultCC is defined in zdefaultcc.go, written by cmd/dist.
+ func (b *Builder) GccCmd(incdir, workdir string) []string {
+-	return b.compilerCmd(b.ccExe(), incdir, workdir)
++	return b.compilerCmd(b.ccExe(false), incdir, workdir)
+ }
+ 
+ // gxxCmd returns a g++ command line prefix
+ // defaultCXX is defined in zdefaultcc.go, written by cmd/dist.
+ func (b *Builder) GxxCmd(incdir, workdir string) []string {
+-	return b.compilerCmd(b.cxxExe(), incdir, workdir)
++	return b.compilerCmd(b.cxxExe(false), incdir, workdir)
+ }
+ 
+ // gfortranCmd returns a gfortran command line prefix.
+ func (b *Builder) gfortranCmd(incdir, workdir string) []string {
+-	return b.compilerCmd(b.fcExe(), incdir, workdir)
++	return b.compilerCmd(b.fcExe(false), incdir, workdir)
+ }
+ 
+ // ccExe returns the CC compiler setting without all the extra flags we add implicitly.
+-func (b *Builder) ccExe() []string {
+-	return b.compilerExe(origCC, cfg.DefaultCC(cfg.Goos, cfg.Goarch))
++func (b *Builder) ccExe(filtered bool) []string {
++	return b.compilerExe(origCC, cfg.DefaultCC(cfg.Goos, cfg.Goarch), filtered)
+ }
+ 
+ // cxxExe returns the CXX compiler setting without all the extra flags we add implicitly.
+-func (b *Builder) cxxExe() []string {
+-	return b.compilerExe(origCXX, cfg.DefaultCXX(cfg.Goos, cfg.Goarch))
++func (b *Builder) cxxExe(filtered bool) []string {
++	return b.compilerExe(origCXX, cfg.DefaultCXX(cfg.Goos, cfg.Goarch), filtered)
+ }
+ 
+ // fcExe returns the FC compiler setting without all the extra flags we add implicitly.
+-func (b *Builder) fcExe() []string {
+-	return b.compilerExe(cfg.Getenv("FC"), "gfortran")
++func (b *Builder) fcExe(filtered bool) []string {
++	return b.compilerExe(os.Getenv("FC"), "gfortran", filtered)
++}
++
++var filterFlags = os.Getenv("CGO_PEDANTIC") == ""
++
++func filterCompilerFlags(flags []string) []string {
++	var newflags []string
++	if !filterFlags {
++		return flags
++	}
++	for _, flag := range flags {
++		if strings.HasPrefix(flag, "-m") {
++			newflags = append(newflags, flag)
++		}
++	}
++	return newflags
+ }
+ 
+ // compilerExe returns the compiler to use given an
+@@ -2264,11 +2281,16 @@ func (b *Builder) fcExe() []string {
+ // of the compiler but can have additional arguments if they
+ // were present in the environment value.
+ // For example if CC="gcc -DGOPHER" then the result is ["gcc", "-DGOPHER"].
+-func (b *Builder) compilerExe(envValue string, def string) []string {
++func (b *Builder) compilerExe(envValue string, def string, filtered bool) []string {
+ 	compiler := strings.Fields(envValue)
+ 	if len(compiler) == 0 {
+ 		compiler = []string{def}
+ 	}
++
++	if filtered {
++		return append(compiler[0:1], filterCompilerFlags(compiler[1:])...)
++	}
++
+ 	return compiler
+ }
+ 
+@@ -2429,7 +2451,7 @@ func envList(key, def string) []string {
+ }
+ 
+ // CFlags returns the flags to use when invoking the C, C++ or Fortran compilers, or cgo.
+-func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, ldflags []string, err error) {
++func (b *Builder) CFlags(p *load.Package, filtered bool) (cppflags, cflags, cxxflags, fflags, ldflags []string, err error) {
+ 	defaults := "-g -O2"
+ 
+ 	if cppflags, err = buildFlags("CPPFLAGS", "", p.CgoCPPFLAGS, checkCompilerFlags); err != nil {
+@@ -2448,6 +2470,14 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l
+ 		return
+ 	}
+ 
++	if filtered {
++		cppflags = filterCompilerFlags(cppflags)
++		cflags = filterCompilerFlags(cflags)
++		cxxflags = filterCompilerFlags(cxxflags)
++		fflags = filterCompilerFlags(fflags)
++		ldflags = filterCompilerFlags(ldflags)
++	}
++
+ 	return
+ }
+ 
+@@ -2462,7 +2492,7 @@ var cgoRe = lazyregexp.New(`[/\\:]`)
+ 
+ func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgofiles, gccfiles, gxxfiles, mfiles, ffiles []string) (outGo, outObj []string, err error) {
+ 	p := a.Package
+-	cgoCPPFLAGS, cgoCFLAGS, cgoCXXFLAGS, cgoFFLAGS, cgoLDFLAGS, err := b.CFlags(p)
++	cgoCPPFLAGS, cgoCFLAGS, cgoCXXFLAGS, cgoFFLAGS, cgoLDFLAGS, err := b.CFlags(p, false)
+ 	if err != nil {
+ 		return nil, nil, err
+ 	}
+@@ -2821,7 +2851,7 @@ func (b *Builder) swigIntSize(objdir string) (intsize string, err error) {
+ 
+ // Run SWIG on one SWIG input file.
+ func (b *Builder) swigOne(a *Action, p *load.Package, file, objdir string, pcCFLAGS []string, cxx bool, intgosize string) (outGo, outC string, err error) {
+-	cgoCPPFLAGS, cgoCFLAGS, cgoCXXFLAGS, _, _, err := b.CFlags(p)
++	cgoCPPFLAGS, cgoCFLAGS, cgoCXXFLAGS, _, _, err := b.CFlags(p, false)
+ 	if err != nil {
+ 		return "", "", err
+ 	}
+-- 
+2.17.1 (Apple Git-112)
+
diff --git a/poky/meta/recipes-devtools/go/go-1.13/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch b/poky/meta/recipes-devtools/go/go-1.13/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
new file mode 100644
index 0000000..9aa0119
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.13/0003-allow-GOTOOLDIR-to-be-overridden-in-the-environment.patch
@@ -0,0 +1,54 @@
+From 28ada8896b76d620240bafc22aa395071d601482 Mon Sep 17 00:00:00 2001
+From: Alex Kube <alexander.j.kube@gmail.com>
+Date: Wed, 23 Oct 2019 21:15:37 +0430
+Subject: [PATCH 3/9] cmd/go: Allow GOTOOLDIR to be overridden in the environment
+
+to allow for split host/target build roots
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison <matt@madison.systems>.
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
+---
+ src/cmd/dist/build.go          | 4 +++-
+ src/cmd/go/internal/cfg/cfg.go | 6 +++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go
+index 9e50311..683ca6f 100644
+--- a/src/cmd/dist/build.go
++++ b/src/cmd/dist/build.go
+@@ -244,7 +244,9 @@ func xinit() {
+ 	workdir = xworkdir()
+ 	xatexit(rmworkdir)
+ 
+-	tooldir = pathf("%s/pkg/tool/%s_%s", goroot, gohostos, gohostarch)
++	if tooldir = os.Getenv("GOTOOLDIR"); tooldir == "" {
++		tooldir = pathf("%s/pkg/tool/%s_%s", goroot, gohostos, gohostarch)
++	}
+ }
+ 
+ // compilerEnv returns a map from "goos/goarch" to the
+diff --git a/src/cmd/go/internal/cfg/cfg.go b/src/cmd/go/internal/cfg/cfg.go
+index a3277a6..db96350 100644
+--- a/src/cmd/go/internal/cfg/cfg.go
++++ b/src/cmd/go/internal/cfg/cfg.go
+@@ -60,7 +60,11 @@ func defaultContext() build.Context {
+ 		// variables. This matches the initialization of ToolDir in
+ 		// go/build, except for using ctxt.GOROOT rather than
+ 		// runtime.GOROOT.
+-		build.ToolDir = filepath.Join(ctxt.GOROOT, "pkg/tool/"+runtime.GOOS+"_"+runtime.GOARCH)
++		if s := os.Getenv("GOTOOLDIR"); s != "" {
++			build.ToolDir = filepath.Clean(s)
++		} else {
++			build.ToolDir = filepath.Join(ctxt.GOROOT, "pkg/tool/"+runtime.GOOS+"_"+runtime.GOARCH)
++		}
+ 	}
+ 
+ 	ctxt.GOPATH = envOr("GOPATH", ctxt.GOPATH)
+-- 
+2.17.1 (Apple Git-112)
+
diff --git a/poky/meta/recipes-devtools/go/go-1.13/0004-ld-add-soname-to-shareable-objects.patch b/poky/meta/recipes-devtools/go/go-1.13/0004-ld-add-soname-to-shareable-objects.patch
new file mode 100644
index 0000000..40763ad
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.13/0004-ld-add-soname-to-shareable-objects.patch
@@ -0,0 +1,50 @@
+From bf5cf5301ae5914498454c87293d1df2e1d8489f Mon Sep 17 00:00:00 2001
+From: Alex Kube <alexander.j.kube@gmail.com>
+Date: Wed, 23 Oct 2019 21:16:32 +0430
+Subject: [PATCH 4/9] ld: add soname to shareable objects
+
+so that OE's shared library dependency handling
+can find them.
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison <matt@madison.systems>.
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
+---
+ src/cmd/link/internal/ld/lib.go | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
+index 3fa258d..f96fb02 100644
+--- a/src/cmd/link/internal/ld/lib.go
++++ b/src/cmd/link/internal/ld/lib.go
+@@ -1215,6 +1215,7 @@ func (ctxt *Link) hostlink() {
+ 				argv = append(argv, "-Wl,-z,relro")
+ 			}
+ 			argv = append(argv, "-shared")
++			argv = append(argv, fmt.Sprintf("-Wl,-soname,%s", filepath.Base(*flagOutfile)))
+ 			if ctxt.HeadType != objabi.Hwindows {
+ 				// Pass -z nodelete to mark the shared library as
+ 				// non-closeable: a dlclose will do nothing.
+@@ -1226,6 +1227,7 @@ func (ctxt *Link) hostlink() {
+ 			argv = append(argv, "-Wl,-z,relro")
+ 		}
+ 		argv = append(argv, "-shared")
++		argv = append(argv, fmt.Sprintf("-Wl,-soname,%s", filepath.Base(*flagOutfile)))
+ 	case BuildModePlugin:
+ 		if ctxt.HeadType == objabi.Hdarwin {
+ 			argv = append(argv, "-dynamiclib")
+@@ -1234,6 +1236,7 @@ func (ctxt *Link) hostlink() {
+ 				argv = append(argv, "-Wl,-z,relro")
+ 			}
+ 			argv = append(argv, "-shared")
++			argv = append(argv, fmt.Sprintf("-Wl,-soname,%s", filepath.Base(*flagOutfile)))
+ 		}
+ 	}
+ 
+-- 
+2.17.1 (Apple Git-112)
+
diff --git a/poky/meta/recipes-devtools/go/go-1.13/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch b/poky/meta/recipes-devtools/go/go-1.13/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
new file mode 100644
index 0000000..4f2a46c
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.13/0005-make.bash-override-CC-when-building-dist-and-go_boot.patch
@@ -0,0 +1,44 @@
+From f05ef3ded52b98537c10efd0b15cd9612471524d Mon Sep 17 00:00:00 2001
+From: Alex Kube <alexander.j.kube@gmail.com>
+Date: Wed, 23 Oct 2019 21:17:16 +0430
+Subject: [PATCH 5/9] make.bash: override CC when building dist and
+ go_bootstrap
+
+for handling OE cross-canadian builds.
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison <matt@madison.systems>.
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
+---
+ src/make.bash | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/make.bash b/src/make.bash
+index 92d1481..0c2822f 100755
+--- a/src/make.bash
++++ b/src/make.bash
+@@ -177,7 +177,7 @@ if [ "$GOROOT_BOOTSTRAP" = "$GOROOT" ]; then
+ 	exit 1
+ fi
+ rm -f cmd/dist/dist
+-GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
++CC="${BUILD_CC:-${CC}}" GOROOT="$GOROOT_BOOTSTRAP" GOOS="" GOARCH="" GO111MODULE=off "$GOROOT_BOOTSTRAP/bin/go" build -o cmd/dist/dist ./cmd/dist
+ 
+ # -e doesn't propagate out of eval, so check success by hand.
+ eval $(./cmd/dist/dist env -p || echo FAIL=true)
+@@ -208,7 +208,7 @@ fi
+ # Run dist bootstrap to complete make.bash.
+ # Bootstrap installs a proper cmd/dist, built with the new toolchain.
+ # Throw ours, built with Go 1.4, away after bootstrap.
+-./cmd/dist/dist bootstrap $buildall $vflag $GO_DISTFLAGS "$@"
++CC="${BUILD_CC:-${CC}}" ./cmd/dist/dist bootstrap $buildall $vflag $GO_DISTFLAGS "$@"
+ rm -f ./cmd/dist/dist
+ 
+ # DO NOT ADD ANY NEW CODE HERE.
+-- 
+2.17.1 (Apple Git-112)
+
diff --git a/poky/meta/recipes-devtools/go/go-1.13/0006-cmd-dist-separate-host-and-target-builds.patch b/poky/meta/recipes-devtools/go/go-1.13/0006-cmd-dist-separate-host-and-target-builds.patch
new file mode 100644
index 0000000..354aaca
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.13/0006-cmd-dist-separate-host-and-target-builds.patch
@@ -0,0 +1,279 @@
+From 10735bb84df17ba657f76835f483cd8543a879c1 Mon Sep 17 00:00:00 2001
+From: Alex Kube <alexander.j.kube@gmail.com>
+Date: Wed, 23 Oct 2019 21:18:12 +0430
+Subject: [PATCH 6/9] cmd/dist: separate host and target builds
+
+Upstream-Status: Inappropriate [OE specific]
+
+Change the dist tool to allow for OE-style cross-
+and cross-canadian builds:
+
+ - command flags --host-only and --target only are added;
+   if one is present, the other changes mentioned below
+   take effect, and arguments may also be specified on
+   the command line to enumerate the package(s) to be
+   built.
+
+ - for OE cross builds, go_bootstrap is always built for
+   the current build host, and is moved, along with the supporting
+   toolchain (asm, compile, etc.) to a separate 'native_native'
+   directory under GOROOT/pkg/tool.
+
+ - go_bootstrap is not automatically removed after the build,
+   so it can be reused later (e.g., building both static and
+   shared runtime).
+
+Note that for --host-only builds, it would be nice to specify
+just the "cmd" package to build only the go commands/tools,
+the staleness checks in the dist tool will fail if the "std"
+library has not also been built.  So host-only builds have to
+build everything anyway.
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison <matt@madison.systems>.
+
+Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
+---
+ src/cmd/dist/build.go | 155 ++++++++++++++++++++++++++++++------------
+ 1 file changed, 112 insertions(+), 43 deletions(-)
+
+diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go
+index 683ca6f..0ad082b 100644
+--- a/src/cmd/dist/build.go
++++ b/src/cmd/dist/build.go
+@@ -41,6 +41,7 @@ var (
+ 	goldflags        string
+ 	workdir          string
+ 	tooldir          string
++	build_tooldir    string
+ 	oldgoos          string
+ 	oldgoarch        string
+ 	exe              string
+@@ -53,6 +54,7 @@ var (
+ 
+ 	rebuildall   bool
+ 	defaultclang bool
++	crossBuild   bool
+ 
+ 	vflag int // verbosity
+ )
+@@ -247,6 +249,8 @@ func xinit() {
+ 	if tooldir = os.Getenv("GOTOOLDIR"); tooldir == "" {
+ 		tooldir = pathf("%s/pkg/tool/%s_%s", goroot, gohostos, gohostarch)
+ 	}
++
++	build_tooldir = pathf("%s/pkg/tool/native_native", goroot)
+ }
+ 
+ // compilerEnv returns a map from "goos/goarch" to the
+@@ -478,8 +482,10 @@ func setup() {
+ 	p := pathf("%s/pkg/%s_%s", goroot, gohostos, gohostarch)
+ 	if rebuildall {
+ 		xremoveall(p)
++		xremoveall(build_tooldir)
+ 	}
+ 	xmkdirall(p)
++	xmkdirall(build_tooldir)
+ 
+ 	if goos != gohostos || goarch != gohostarch {
+ 		p := pathf("%s/pkg/%s_%s", goroot, goos, goarch)
+@@ -1207,12 +1213,29 @@ func cmdbootstrap() {
+ 
+ 	var noBanner bool
+ 	var debug bool
++	var hostOnly bool
++	var targetOnly bool
++	var toBuild = []string{"std", "cmd"}
++
+ 	flag.BoolVar(&rebuildall, "a", rebuildall, "rebuild all")
+ 	flag.BoolVar(&debug, "d", debug, "enable debugging of bootstrap process")
+ 	flag.BoolVar(&noBanner, "no-banner", noBanner, "do not print banner")
++	flag.BoolVar(&hostOnly, "host-only", hostOnly, "build only host binaries, not target")
++	flag.BoolVar(&targetOnly, "target-only", targetOnly, "build only target binaries, not host")
+ 
+-	xflagparse(0)
++	xflagparse(-1)
+ 
++	if hostOnly && targetOnly {
++		fatalf("specify only one of --host-only or --target-only\n")
++	}
++	crossBuild = hostOnly || targetOnly
++	if flag.NArg() > 0 {
++		if crossBuild {
++			toBuild = flag.Args()
++		} else {
++			fatalf("package names not permitted without --host-only or --target-only\n")
++		}
++	}
+ 	// Set GOPATH to an internal directory. We shouldn't actually
+ 	// need to store files here, since the toolchain won't
+ 	// depend on modules outside of vendor directories, but if
+@@ -1266,8 +1289,13 @@ func cmdbootstrap() {
+ 		xprintf("\n")
+ 	}
+ 
+-	gogcflags = os.Getenv("GO_GCFLAGS") // we were using $BOOT_GO_GCFLAGS until now
+-	goldflags = os.Getenv("GO_LDFLAGS") // we were using $BOOT_GO_LDFLAGS until now
++	// For split host/target cross/cross-canadian builds, we don't
++	// want to be setting these flags until after we have compiled
++	// the toolchain that runs on the build host.
++	if !crossBuild {
++		gogcflags = os.Getenv("GO_GCFLAGS") // we were using $BOOT_GO_GCFLAGS until now
++		goldflags = os.Getenv("GO_LDFLAGS") // we were using $BOOT_GO_LDFLAGS until now
++	}
+ 	goBootstrap := pathf("%s/go_bootstrap", tooldir)
+ 	cmdGo := pathf("%s/go", gobin)
+ 	if debug {
+@@ -1296,7 +1324,11 @@ func cmdbootstrap() {
+ 		xprintf("\n")
+ 	}
+ 	xprintf("Building Go toolchain2 using go_bootstrap and Go toolchain1.\n")
+-	os.Setenv("CC", compilerEnvLookup(defaultcc, goos, goarch))
++	if crossBuild {
++		os.Setenv("CC", defaultcc[""])
++	} else {
++		os.Setenv("CC", compilerEnvLookup(defaultcc, goos, goarch))
++	}
+ 	goInstall(goBootstrap, append([]string{"-i"}, toolchain...)...)
+ 	if debug {
+ 		run("", ShowOutput|CheckExit, pathf("%s/compile", tooldir), "-V=full")
+@@ -1333,50 +1365,84 @@ func cmdbootstrap() {
+ 	}
+ 	checkNotStale(goBootstrap, append(toolchain, "runtime/internal/sys")...)
+ 
+-	if goos == oldgoos && goarch == oldgoarch {
+-		// Common case - not setting up for cross-compilation.
+-		timelog("build", "toolchain")
+-		if vflag > 0 {
+-			xprintf("\n")
++	if crossBuild {
++		gogcflags = os.Getenv("GO_GCFLAGS")
++		goldflags = os.Getenv("GO_LDFLAGS")
++		tool_files, _ := filepath.Glob(pathf("%s/*", tooldir))
++		for _, f := range tool_files {
++			copyfile(pathf("%s/%s", build_tooldir, filepath.Base(f)), f, writeExec)
++			xremove(f)
++		}
++		os.Setenv("GOTOOLDIR", build_tooldir)
++		goBootstrap = pathf("%s/go_bootstrap", build_tooldir)
++		if hostOnly {
++			timelog("build", "host toolchain")
++			if vflag > 0 {
++				xprintf("\n")
++			}
++			xprintf("Building %s for host, %s/%s.\n", strings.Join(toBuild, ","), goos, goarch)
++			goInstall(goBootstrap, toBuild...)
++			checkNotStale(goBootstrap, toBuild...)
++			// Skip cmdGo staleness checks here, since we can't necessarily run the cmdGo binary
++
++			timelog("build", "target toolchain")
++			if vflag > 0 {
++				xprintf("\n")
++			}
++		} else if targetOnly {
++			goos = oldgoos
++			goarch = oldgoarch
++			os.Setenv("GOOS", goos)
++			os.Setenv("GOARCH", goarch)
++			os.Setenv("CC", compilerEnvLookup(defaultcc, goos, goarch))
++			xprintf("Building %s for target, %s/%s.\n", strings.Join(toBuild, ","), goos, goarch)
++			goInstall(goBootstrap, toBuild...)
++			checkNotStale(goBootstrap, toBuild...)
++			// Skip cmdGo staleness checks here, since we can't run the target's cmdGo binary
+ 		}
+-		xprintf("Building packages and commands for %s/%s.\n", goos, goarch)
+ 	} else {
+-		// GOOS/GOARCH does not match GOHOSTOS/GOHOSTARCH.
+-		// Finish GOHOSTOS/GOHOSTARCH installation and then
+-		// run GOOS/GOARCH installation.
+-		timelog("build", "host toolchain")
+-		if vflag > 0 {
+-			xprintf("\n")
+-		}
+-		xprintf("Building packages and commands for host, %s/%s.\n", goos, goarch)
++
++		if goos == oldgoos && goarch == oldgoarch {
++			// Common case - not setting up for cross-compilation.
++			timelog("build", "toolchain")
++			if vflag > 0 {
++				xprintf("\n")
++			}
++			xprintf("Building packages and commands for %s/%s.\n", goos, goarch)
++		} else {
++			// GOOS/GOARCH does not match GOHOSTOS/GOHOSTARCH.
++			// Finish GOHOSTOS/GOHOSTARCH installation and then
++			// run GOOS/GOARCH installation.
++			timelog("build", "host toolchain")
++			if vflag > 0 {
++				xprintf("\n")
++			}
++			xprintf("Building packages and commands for host, %s/%s.\n", goos, goarch)
++			goInstall(goBootstrap, "std", "cmd")
++			checkNotStale(goBootstrap, "std", "cmd")
++			checkNotStale(cmdGo, "std", "cmd")
++
++			timelog("build", "target toolchain")
++			if vflag > 0 {
++				xprintf("\n")
++			}
++			goos = oldgoos
++			goarch = oldgoarch
++			os.Setenv("GOOS", goos)
++			os.Setenv("GOARCH", goarch)
++			os.Setenv("CC", compilerEnvLookup(defaultcc, goos, goarch))
++			xprintf("Building packages and commands for target, %s/%s.\n", goos, goarch)
++		}
+ 		goInstall(goBootstrap, "std", "cmd")
+ 		checkNotStale(goBootstrap, "std", "cmd")
+ 		checkNotStale(cmdGo, "std", "cmd")
+ 
+-		timelog("build", "target toolchain")
+-		if vflag > 0 {
+-			xprintf("\n")
++		if debug {
++			run("", ShowOutput|CheckExit, pathf("%s/compile", tooldir), "-V=full")
++			run("", ShowOutput|CheckExit, pathf("%s/buildid", tooldir), pathf("%s/pkg/%s_%s/runtime/internal/sys.a", goroot, goos, goarch))
++			checkNotStale(goBootstrap, append(toolchain, "runtime/internal/sys")...)
++			copyfile(pathf("%s/compile4", tooldir), pathf("%s/compile", tooldir), writeExec)
+ 		}
+-		goos = oldgoos
+-		goarch = oldgoarch
+-		os.Setenv("GOOS", goos)
+-		os.Setenv("GOARCH", goarch)
+-		os.Setenv("CC", compilerEnvLookup(defaultcc, goos, goarch))
+-		xprintf("Building packages and commands for target, %s/%s.\n", goos, goarch)
+-	}
+-	targets := []string{"std", "cmd"}
+-	if goos == "js" && goarch == "wasm" {
+-		// Skip the cmd tools for js/wasm. They're not usable.
+-		targets = targets[:1]
+-	}
+-	goInstall(goBootstrap, targets...)
+-	checkNotStale(goBootstrap, targets...)
+-	checkNotStale(cmdGo, targets...)
+-	if debug {
+-		run("", ShowOutput|CheckExit, pathf("%s/compile", tooldir), "-V=full")
+-		run("", ShowOutput|CheckExit, pathf("%s/buildid", tooldir), pathf("%s/pkg/%s_%s/runtime/internal/sys.a", goroot, goos, goarch))
+-		checkNotStale(goBootstrap, append(toolchain, "runtime/internal/sys")...)
+-		copyfile(pathf("%s/compile4", tooldir), pathf("%s/compile", tooldir), writeExec)
+ 	}
+ 
+ 	// Check that there are no new files in $GOROOT/bin other than
+@@ -1393,8 +1459,11 @@ func cmdbootstrap() {
+ 		}
+ 	}
+ 
+-	// Remove go_bootstrap now that we're done.
+-	xremove(pathf("%s/go_bootstrap", tooldir))
++	// Except that for split host/target cross-builds, we need to
++	// keep it.
++	if !crossBuild {
++		xremove(pathf("%s/go_bootstrap", tooldir))
++	}
+ 
+ 	if goos == "android" {
+ 		// Make sure the exec wrapper will sync a fresh $GOROOT to the device.
+-- 
+2.17.1 (Apple Git-112)
+
diff --git a/poky/meta/recipes-devtools/go/go-1.13/0007-cmd-go-make-GOROOT-precious-by-default.patch b/poky/meta/recipes-devtools/go/go-1.13/0007-cmd-go-make-GOROOT-precious-by-default.patch
new file mode 100644
index 0000000..e232c79
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.13/0007-cmd-go-make-GOROOT-precious-by-default.patch
@@ -0,0 +1,113 @@
+From 9ba507e076c744f4d394418e4a849e68cd426a4a Mon Sep 17 00:00:00 2001
+From: Alex Kube <alexander.j.kube@gmail.com>
+Date: Wed, 23 Oct 2019 21:18:56 +0430
+Subject: [PATCH 7/9] cmd/go: make GOROOT precious by default
+
+Upstream-Status: Inappropriate [OE specific]
+
+The go build tool normally rebuilds whatever it detects is
+stale.  This can be a problem when GOROOT is intended to
+be read-only and the go runtime has been built as a shared
+library, since we don't want every application to be rebuilding
+the shared runtime - particularly in cross-build/packaging
+setups, since that would lead to 'abi mismatch' runtime errors.
+
+This patch prevents the install and linkshared actions from
+installing to GOROOT unless overridden with the GOROOT_OVERRIDE
+environment variable.
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison <matt@madison.systems>.
+
+Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
+---
+ src/cmd/go/internal/work/action.go |  3 +++
+ src/cmd/go/internal/work/build.go  |  6 ++++++
+ src/cmd/go/internal/work/exec.go   | 25 +++++++++++++++++++++++++
+ 3 files changed, 34 insertions(+)
+
+diff --git a/src/cmd/go/internal/work/action.go b/src/cmd/go/internal/work/action.go
+index 33b7818..7617b4c 100644
+--- a/src/cmd/go/internal/work/action.go
++++ b/src/cmd/go/internal/work/action.go
+@@ -662,6 +662,9 @@ func (b *Builder) addTransitiveLinkDeps(a, a1 *Action, shlib string) {
+ 			if p1 == nil || p1.Shlib == "" || haveShlib[filepath.Base(p1.Shlib)] {
+ 				continue
+ 			}
++			if goRootPrecious && (p1.Standard || p1.Goroot) {
++				continue
++			}
+ 			haveShlib[filepath.Base(p1.Shlib)] = true
+ 			// TODO(rsc): The use of ModeInstall here is suspect, but if we only do ModeBuild,
+ 			// we'll end up building an overall library or executable that depends at runtime
+diff --git a/src/cmd/go/internal/work/build.go b/src/cmd/go/internal/work/build.go
+index 9305b2d..6560317 100644
+--- a/src/cmd/go/internal/work/build.go
++++ b/src/cmd/go/internal/work/build.go
+@@ -155,6 +155,8 @@ See also: go install, go get, go clean.
+ 
+ const concurrentGCBackendCompilationEnabledByDefault = true
+ 
++var goRootPrecious bool = true
++
+ func init() {
+ 	// break init cycle
+ 	CmdBuild.Run = runBuild
+@@ -167,6 +169,10 @@ func init() {
+ 
+ 	AddBuildFlags(CmdBuild)
+ 	AddBuildFlags(CmdInstall)
++
++	if x := os.Getenv("GOROOT_OVERRIDE"); x != "" {
++		goRootPrecious = false
++	}
+ }
+ 
+ // Note that flags consulted by other parts of the code
+diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go
+index ccebaf8..59450d7 100644
+--- a/src/cmd/go/internal/work/exec.go
++++ b/src/cmd/go/internal/work/exec.go
+@@ -455,6 +455,23 @@ func (b *Builder) build(a *Action) (err error) {
+ 		return errors.New("binary-only packages are no longer supported")
+ 	}
+ 
++	if goRootPrecious && (a.Package.Standard || a.Package.Goroot) {
++		_, err := os.Stat(a.Package.Target)
++		if err == nil {
++			a.built = a.Package.Target
++			a.Target = a.Package.Target
++			a.buildID = b.fileHash(a.Package.Target)
++			a.Package.Stale = false
++			a.Package.StaleReason = "GOROOT-resident package"
++			return nil
++		}
++		a.Package.Stale = true
++		a.Package.StaleReason = "missing or invalid GOROOT-resident package"
++		if b.IsCmdList {
++			return nil
++		}
++	}
++
+ 	if err := b.Mkdir(a.Objdir); err != nil {
+ 		return err
+ 	}
+@@ -1499,6 +1516,14 @@ func BuildInstallFunc(b *Builder, a *Action) (err error) {
+ 		return nil
+ 	}
+ 
++	if goRootPrecious && a.Package != nil {
++		p := a.Package
++		if p.Standard || p.Goroot {
++			err := fmt.Errorf("attempting to install package %s into read-only GOROOT", p.ImportPath)
++			return err
++		}
++	}
++
+ 	if err := b.Mkdir(a.Objdir); err != nil {
+ 		return err
+ 	}
+-- 
+2.17.1 (Apple Git-112)
+
diff --git a/poky/meta/recipes-devtools/go/go-1.13/0008-use-GOBUILDMODE-to-set-buildmode.patch b/poky/meta/recipes-devtools/go/go-1.13/0008-use-GOBUILDMODE-to-set-buildmode.patch
new file mode 100644
index 0000000..68e132f
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.13/0008-use-GOBUILDMODE-to-set-buildmode.patch
@@ -0,0 +1,47 @@
+From 971b5626339ce0c4d57f9721c9a81af566c5a044 Mon Sep 17 00:00:00 2001
+From: Alex Kube <alexander.j.kube@gmail.com>
+Date: Wed, 23 Oct 2019 21:19:26 +0430
+Subject: [PATCH 8/9] cmd/go: Use GOBUILDMODE to set buildmode
+
+Upstream-Status: Denied [upstream choose antoher solution: `17a256b
+cmd/go: -buildmode=pie for android/arm']
+
+While building go itself, the go build system does not support
+to set `-buildmode=pie' from environment.
+
+Add GOBUILDMODE to support it which make PIE executables the default
+build mode, as PIE executables are required as of Yocto
+
+Refers: https://groups.google.com/forum/#!topic/golang-dev/gRCe5URKewI
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Hongxu Jia <hongxu.jia@windriver.com>
+
+Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
+---
+ src/cmd/go/internal/work/build.go | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/cmd/go/internal/work/build.go b/src/cmd/go/internal/work/build.go
+index 6560317..5f3a988 100644
+--- a/src/cmd/go/internal/work/build.go
++++ b/src/cmd/go/internal/work/build.go
+@@ -231,7 +231,13 @@ func AddBuildFlags(cmd *base.Command) {
+ 
+ 	cmd.Flag.Var(&load.BuildAsmflags, "asmflags", "")
+ 	cmd.Flag.Var(buildCompiler{}, "compiler", "")
+-	cmd.Flag.StringVar(&cfg.BuildBuildmode, "buildmode", "default", "")
++
++	if bm := os.Getenv("GOBUILDMODE"); bm != "" {
++		cmd.Flag.StringVar(&cfg.BuildBuildmode, "buildmode", bm, "")
++	} else {
++		cmd.Flag.StringVar(&cfg.BuildBuildmode, "buildmode", "default", "")
++	}
++
+ 	cmd.Flag.Var(&load.BuildGcflags, "gcflags", "")
+ 	cmd.Flag.Var(&load.BuildGccgoflags, "gccgoflags", "")
+ 	cmd.Flag.StringVar(&cfg.BuildMod, "mod", "", "")
+-- 
+2.17.1 (Apple Git-112)
+
diff --git a/poky/meta/recipes-devtools/go/go-1.13/0009-ld-replace-glibc-dynamic-linker-with-musl.patch b/poky/meta/recipes-devtools/go/go-1.13/0009-ld-replace-glibc-dynamic-linker-with-musl.patch
new file mode 100644
index 0000000..4bb1106
--- /dev/null
+++ b/poky/meta/recipes-devtools/go/go-1.13/0009-ld-replace-glibc-dynamic-linker-with-musl.patch
@@ -0,0 +1,134 @@
+From 973251ae0c69a35721f6115345d3f57b2847979f Mon Sep 17 00:00:00 2001
+From: Alex Kube <alexander.j.kube@gmail.com>
+Date: Wed, 23 Oct 2019 21:20:13 +0430
+Subject: [PATCH 9/9] ld: replace glibc dynamic linker with musl
+
+Rework of patch by Khem Raj <raj.khem@gmail.com>
+for go 1.10.  Should be applied conditionally on
+musl being the system C library.
+
+Adapted to Go 1.13 from patches originally submitted to
+the meta/recipes-devtools/go tree by
+Matt Madison <matt@madison.systems>.
+
+Upstream-Status: Inappropriate [Real fix should be portable across libcs]
+
+Signed-off-by: Alexander J Kube <alexander.j.kube@gmail.com>
+---
+ src/cmd/link/internal/amd64/obj.go  | 2 +-
+ src/cmd/link/internal/arm/obj.go    | 2 +-
+ src/cmd/link/internal/arm64/obj.go  | 2 +-
+ src/cmd/link/internal/mips/obj.go   | 2 +-
+ src/cmd/link/internal/mips64/obj.go | 2 +-
+ src/cmd/link/internal/ppc64/obj.go  | 2 +-
+ src/cmd/link/internal/s390x/obj.go  | 2 +-
+ src/cmd/link/internal/x86/obj.go    | 2 +-
+ 8 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/cmd/link/internal/amd64/obj.go b/src/cmd/link/internal/amd64/obj.go
+index 23741eb..8e74576 100644
+--- a/src/cmd/link/internal/amd64/obj.go
++++ b/src/cmd/link/internal/amd64/obj.go
+@@ -62,7 +62,7 @@ func Init() (*sys.Arch, ld.Arch) {
+ 		PEreloc1:         pereloc1,
+ 		TLSIEtoLE:        tlsIEtoLE,
+ 
+-		Linuxdynld:     "/lib64/ld-linux-x86-64.so.2",
++		Linuxdynld:     "/lib64/ld-musl-x86-64.so.1",
+ 		Freebsddynld:   "/libexec/ld-elf.so.1",
+ 		Openbsddynld:   "/usr/libexec/ld.so",
+ 		Netbsddynld:    "/libexec/ld.elf_so",
+diff --git a/src/cmd/link/internal/arm/obj.go b/src/cmd/link/internal/arm/obj.go
+index 45a406e..724d3e3 100644
+--- a/src/cmd/link/internal/arm/obj.go
++++ b/src/cmd/link/internal/arm/obj.go
+@@ -59,7 +59,7 @@ func Init() (*sys.Arch, ld.Arch) {
+ 		Machoreloc1:      machoreloc1,
+ 		PEreloc1:         pereloc1,
+ 
+-		Linuxdynld:     "/lib/ld-linux.so.3", // 2 for OABI, 3 for EABI
++		Linuxdynld:     "/lib/ld-musl-armhf.so.1",
+ 		Freebsddynld:   "/usr/libexec/ld-elf.so.1",
+ 		Openbsddynld:   "/usr/libexec/ld.so",
+ 		Netbsddynld:    "/libexec/ld.elf_so",
+diff --git a/src/cmd/link/internal/arm64/obj.go b/src/cmd/link/internal/arm64/obj.go
+index 7c66623..d8b1db1 100644
+--- a/src/cmd/link/internal/arm64/obj.go
++++ b/src/cmd/link/internal/arm64/obj.go
+@@ -57,7 +57,7 @@ func Init() (*sys.Arch, ld.Arch) {
+ 		Gentext:          gentext,
+ 		Machoreloc1:      machoreloc1,
+ 
+-		Linuxdynld: "/lib/ld-linux-aarch64.so.1",
++		Linuxdynld: "/lib/ld-musl-aarch64.so.1",
+ 
+ 		Freebsddynld:   "XXX",
+ 		Openbsddynld:   "/usr/libexec/ld.so",
+diff --git a/src/cmd/link/internal/mips/obj.go b/src/cmd/link/internal/mips/obj.go
+index 231e1ff..631dd7a 100644
+--- a/src/cmd/link/internal/mips/obj.go
++++ b/src/cmd/link/internal/mips/obj.go
+@@ -60,7 +60,7 @@ func Init() (*sys.Arch, ld.Arch) {
+ 		Gentext:          gentext,
+ 		Machoreloc1:      machoreloc1,
+ 
+-		Linuxdynld: "/lib/ld.so.1",
++		Linuxdynld: "/lib/ld-musl-mipsle.so.1",
+ 
+ 		Freebsddynld:   "XXX",
+ 		Openbsddynld:   "XXX",
+diff --git a/src/cmd/link/internal/mips64/obj.go b/src/cmd/link/internal/mips64/obj.go
+index 9604208..5ef3ffc 100644
+--- a/src/cmd/link/internal/mips64/obj.go
++++ b/src/cmd/link/internal/mips64/obj.go
+@@ -59,7 +59,7 @@ func Init() (*sys.Arch, ld.Arch) {
+ 		Gentext:          gentext,
+ 		Machoreloc1:      machoreloc1,
+ 
+-		Linuxdynld:     "/lib64/ld64.so.1",
++		Linuxdynld:     "/lib64/ld-musl-mips64le.so.1",
+ 		Freebsddynld:   "XXX",
+ 		Openbsddynld:   "XXX",
+ 		Netbsddynld:    "XXX",
+diff --git a/src/cmd/link/internal/ppc64/obj.go b/src/cmd/link/internal/ppc64/obj.go
+index 51d1791..b15da85 100644
+--- a/src/cmd/link/internal/ppc64/obj.go
++++ b/src/cmd/link/internal/ppc64/obj.go
+@@ -63,7 +63,7 @@ func Init() (*sys.Arch, ld.Arch) {
+ 		Xcoffreloc1:      xcoffreloc1,
+ 
+ 		// TODO(austin): ABI v1 uses /usr/lib/ld.so.1,
+-		Linuxdynld: "/lib64/ld64.so.1",
++		Linuxdynld: "/lib64/ld-musl-powerpc64le.so.1",
+ 
+ 		Freebsddynld:   "XXX",
+ 		Openbsddynld:   "XXX",
+diff --git a/src/cmd/link/internal/s390x/obj.go b/src/cmd/link/internal/s390x/obj.go
+index 3454476..42cc346 100644
+--- a/src/cmd/link/internal/s390x/obj.go
++++ b/src/cmd/link/internal/s390x/obj.go
+@@ -57,7 +57,7 @@ func Init() (*sys.Arch, ld.Arch) {
+ 		Gentext:          gentext,
+ 		Machoreloc1:      machoreloc1,
+ 
+-		Linuxdynld: "/lib64/ld64.so.1",
++		Linuxdynld: "/lib64/ld-musl-s390x.so.1",
+ 
+ 		// not relevant for s390x
+ 		Freebsddynld:   "XXX",
+diff --git a/src/cmd/link/internal/x86/obj.go b/src/cmd/link/internal/x86/obj.go
+index f1fad20..d2ca10c 100644
+--- a/src/cmd/link/internal/x86/obj.go
++++ b/src/cmd/link/internal/x86/obj.go
+@@ -58,7 +58,7 @@ func Init() (*sys.Arch, ld.Arch) {
+ 		Machoreloc1:      machoreloc1,
+ 		PEreloc1:         pereloc1,
+ 
+-		Linuxdynld:   "/lib/ld-linux.so.2",
++		Linuxdynld:   "/lib/ld-musl-i386.so.1",
+ 		Freebsddynld: "/usr/libexec/ld-elf.so.1",
+ 		Openbsddynld: "/usr/libexec/ld.so",
+ 		Netbsddynld:  "/usr/libexec/ld.elf_so",
+-- 
+2.17.1 (Apple Git-112)
+
diff --git a/poky/meta/recipes-devtools/icecc-create-env/icecc-create-env_0.1.bb b/poky/meta/recipes-devtools/icecc-create-env/icecc-create-env_0.1.bb
index 053945e..231c1c2 100644
--- a/poky/meta/recipes-devtools/icecc-create-env/icecc-create-env_0.1.bb
+++ b/poky/meta/recipes-devtools/icecc-create-env/icecc-create-env_0.1.bb
@@ -34,3 +34,5 @@
 }
 
 BBCLASSEXTEND = "native nativesdk"
+
+RDEPENDS_${PN}_class-nativesdk = "patchelf"
diff --git a/poky/meta/recipes-devtools/libedit/libedit/0001-readline.c-fix-cannot-get-history.patch b/poky/meta/recipes-devtools/libedit/libedit/0001-readline.c-fix-cannot-get-history.patch
deleted file mode 100644
index 7e54ac9..0000000
--- a/poky/meta/recipes-devtools/libedit/libedit/0001-readline.c-fix-cannot-get-history.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From ef1fa9bef497d9491a51017f3cad0135a23bb0b4 Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Tue, 20 Aug 2019 17:33:15 +0800
-Subject: [PATCH] readline.c: fix cannot get history
-
-if history_offset not increate when add history,
-it will make current history event not align with offset,
-and cannot get history correctly.
-
-Upstream-Status: Submitted [tech-userlevel@NetBSD.org] 
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- src/readline.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/readline.c b/src/readline.c
-index 43ac5bd..54b0548 100644
---- a/src/readline.c
-+++ b/src/readline.c
-@@ -1476,7 +1476,10 @@ add_history(const char *line)
- 	if (ev.num == history_length)
- 		history_base++;
- 	else
-+        {
-+                history_offset++;
- 		history_length = ev.num;
-+        }
- 	return 0;
- }
- 
--- 
-2.7.4
-
diff --git a/poky/meta/recipes-devtools/libedit/libedit_20190324-3.1.bb b/poky/meta/recipes-devtools/libedit/libedit_20191025-3.1.bb
similarity index 70%
rename from poky/meta/recipes-devtools/libedit/libedit_20190324-3.1.bb
rename to poky/meta/recipes-devtools/libedit/libedit_20191025-3.1.bb
index 25667cc..f810013 100644
--- a/poky/meta/recipes-devtools/libedit/libedit_20190324-3.1.bb
+++ b/poky/meta/recipes-devtools/libedit/libedit_20191025-3.1.bb
@@ -12,9 +12,8 @@
 
 SRC_URI = "http://www.thrysoee.dk/editline/${BP}.tar.gz \
            file://stdc-predef.patch \
-           file://0001-readline.c-fix-cannot-get-history.patch \
           "
-SRC_URI[md5sum] = "bec755c8044ad84b752dfe49a0b371d8"
-SRC_URI[sha256sum] = "ac8f0f51c1cf65492e4d1e3ed2be360bda41e54633444666422fbf393bba1bae"
+SRC_URI[md5sum] = "2d6568467080cfd75e715d045102b544"
+SRC_URI[sha256sum] = "6dff036660d478bfaa14e407fc5de26d22da1087118c897b1a3ad2e90cb7bf39"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-devtools/opkg/opkg_0.4.1.bb b/poky/meta/recipes-devtools/opkg/opkg_0.4.1.bb
index 104f07f..149ee3c 100644
--- a/poky/meta/recipes-devtools/opkg/opkg_0.4.1.bb
+++ b/poky/meta/recipes-devtools/opkg/opkg_0.4.1.bb
@@ -32,7 +32,10 @@
 
 PACKAGECONFIG ??= "libsolv"
 
-PACKAGECONFIG[gpg] = "--enable-gpg,--disable-gpg,gpgme libgpg-error,gnupg"
+PACKAGECONFIG[gpg] = "--enable-gpg,--disable-gpg,\
+    gnupg gpgme libgpg-error,\
+    ${@ "gnupg" if ("native" in d.getVar("PN")) else "gnupg-gpg"}\
+    "
 PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl"
 PACKAGECONFIG[ssl-curl] = "--enable-ssl-curl,--disable-ssl-curl,curl openssl"
 PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl"
diff --git a/poky/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch b/poky/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
index f60dfe8..d13d419 100644
--- a/poky/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
+++ b/poky/meta/recipes-devtools/patch/patch/0001-Invoke-ed-directly-instead-of-using-the-shell.patch
@@ -6,8 +6,8 @@
 * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
 command to avoid quoting vulnerabilities.
 
-CVE: CVE-2019-13638
-Upstream-Status: Backport[https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
+CVE: CVE-2019-13638 CVE-2018-20969
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0]
 Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
 
 ---
diff --git a/poky/meta/recipes-devtools/pseudo/files/0001-Add-statx.patch b/poky/meta/recipes-devtools/pseudo/files/0001-Add-statx.patch
new file mode 100644
index 0000000..f01e699
--- /dev/null
+++ b/poky/meta/recipes-devtools/pseudo/files/0001-Add-statx.patch
@@ -0,0 +1,106 @@
+From 4e41a05de1f34ba00a68ca4f20fb49c4d1cbd2d0 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Wed, 6 Nov 2019 12:17:46 +0000
+Subject: [PATCH] Add statx glibc/syscall support
+
+Modern distros (e.g. fedora30) are starting to use the new statx() syscall through
+the newly exposed glibc wrapper function in software like coreutils (e.g. the ls
+command). Add support to intercept this to pseudo.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream-Status: Submitted [Emailed to seebs]
+---
+ ports/linux/guts/statx.c | 48 ++++++++++++++++++++++++++++++++++++++++
+ ports/linux/portdefs.h   |  1 +
+ ports/linux/wrapfuncs.in |  1 +
+ 3 files changed, 50 insertions(+)
+ create mode 100644 ports/linux/guts/statx.c
+
+diff --git a/ports/linux/statx/guts/statx.c b/ports/linux/statx/guts/statx.c
+new file mode 100644
+index 0000000..a3259c4
+--- /dev/null
++++ b/ports/linux/statx/guts/statx.c
+@@ -0,0 +1,42 @@
++/*
++ * Copyright (c) 2019 Linux Foundation
++ * Author: Richard Purdie
++ *
++ * SPDX-License-Identifier: LGPL-2.1-only
++ *
++ * int
++ * statx(int dirfd, const char *pathname, int flags, unsigned int mask, struct statx *statxbuf) {
++ *	int rc = -1;
++ */
++	pseudo_msg_t *msg;
++	PSEUDO_STATBUF buf;
++	int save_errno;
++
++	rc = real_statx(dirfd, pathname, flags, mask, statxbuf);
++	save_errno = errno;
++	if (rc == -1) {
++		return rc;
++	}
++
++	buf.st_uid = statxbuf->stx_uid;
++	buf.st_gid = statxbuf->stx_gid;
++	buf.st_dev = makedev(statxbuf->stx_dev_major, statxbuf->stx_dev_minor);
++	buf.st_ino = statxbuf->stx_ino;
++	buf.st_mode = statxbuf->stx_mode;
++	buf.st_rdev = makedev(statxbuf->stx_rdev_major, statxbuf->stx_rdev_minor);
++	buf.st_nlink = statxbuf->stx_nlink;
++	msg = pseudo_client_op(OP_STAT, 0, -1, dirfd, pathname, &buf);
++	if (msg && msg->result == RESULT_SUCCEED) {
++		pseudo_debug(PDBGF_FILE, "statx(path %s), flags %o, stat rc %d, stat uid %o\n", pathname, flags, rc, statxbuf->stx_uid);
++		statxbuf->stx_uid = msg->uid;
++		statxbuf->stx_gid = msg->gid;
++		statxbuf->stx_mode = msg->mode;
++		statxbuf->stx_rdev_major = major(msg->rdev);
++		statxbuf->stx_rdev_minor = minor(msg->rdev);
++	} else {
++		pseudo_debug(PDBGF_FILE, "statx(path %s) failed, flags %o, stat rc %d, stat uid %o\n", pathname, flags, rc, statxbuf->stx_uid);
++	}
++	errno = save_errno;
++/*	return rc;
++ * }
++ */
+diff --git a/ports/linux/statx/portdefs.h b/ports/linux/statx/portdefs.h
+new file mode 100644
+index 0000000..bf934dc
+--- /dev/null
++++ b/ports/linux/statx/portdefs.h
+@@ -0,0 +1,6 @@
++/*
++ * SPDX-License-Identifier: LGPL-2.1-only
++ *
++ */
++#include <sys/stat.h>
++#include <sys/sysmacros.h>
+diff --git a/ports/linux/statx/wrapfuncs.in b/ports/linux/statx/wrapfuncs.in
+new file mode 100644
+index 0000000..c9cd4c3
+--- /dev/null
++++ b/ports/linux/statx/wrapfuncs.in
+@@ -0,0 +1 @@
++int statx(int dirfd, const char *pathname, int flags, unsigned int mask, struct statx *statxbuf);
+diff --git a/ports/linux/subports b/ports/linux/subports
+index a29044a..49081bf 100755
+--- a/ports/linux/subports
++++ b/ports/linux/subports
+@@ -54,3 +54,13 @@ else
+ fi
+ rm -f dummy.c dummy.o
+ 
++cat > dummy.c <<EOF
++#define _GNU_SOURCE
++#include <sys/stat.h>
++struct statx x;
++EOF
++if ${CC} -c -o dummy.o dummy.c >/dev/null 2>&1; then
++	echo "linux/statx"
++fi
++rm -f dummy.c dummy.o
++
+-- 
+2.17.1
+
diff --git a/poky/meta/recipes-devtools/pseudo/pseudo.inc b/poky/meta/recipes-devtools/pseudo/pseudo.inc
index 8b34909..7ff8e44 100644
--- a/poky/meta/recipes-devtools/pseudo/pseudo.inc
+++ b/poky/meta/recipes-devtools/pseudo/pseudo.inc
@@ -30,23 +30,10 @@
 
 # Compile for the local machine arch...
 do_compile () {
-        SQLITE_LDADD='$(SQLITE)/$(SQLITE_LIB)/libsqlite3.a'
-	for sqlite_link_opt in $(pkg-config sqlite3 --libs --static)
-	do
-	    case "$sqlite_link_opt" in
-	    -lsqlite3)
-		;;
-	    -l*)
-		SQLITE_LDADD="${SQLITE_LDADD} ${sqlite_link_opt}"
-		;;
-	    *)
-		;;
-	    esac
-	done
 	if [ "${SITEINFO_BITS}" = "64" ]; then
-	  ${S}/configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib${SITEINFO_BITS} --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --cflags="${CFLAGS}" --bits=${SITEINFO_BITS} --with-static-sqlite="$SQLITE_LDADD" --without-rpath
+	  ${S}/configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib${SITEINFO_BITS} --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --cflags="${CFLAGS}" --bits=${SITEINFO_BITS} --without-rpath
 	else
-	  ${S}/configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --cflags="${CFLAGS}" --bits=${SITEINFO_BITS} --with-static-sqlite="$SQLITE_LDADD" --without-rpath
+	  ${S}/configure ${PSEUDO_EXTRA_OPTS} --prefix=${prefix} --libdir=${prefix}/lib/pseudo/lib --with-sqlite-lib=${baselib} --with-sqlite=${STAGING_DIR_TARGET}${exec_prefix} --cflags="${CFLAGS}" --bits=${SITEINFO_BITS} --without-rpath
 	fi
 	oe_runmake ${MAKEOPTS}
 }
diff --git a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb
index 78500e1..1f2df4a 100644
--- a/poky/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/poky/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -7,6 +7,7 @@
            file://moreretries.patch \
            file://toomanyfiles.patch \
            file://0001-maketables-wrappers-use-Python-3.patch \
+           file://0001-Add-statx.patch \
            "
 
 SRCREV = "060058bb29f70b244e685b3c704eb0641b736f73"
diff --git a/poky/meta/recipes-devtools/python/python-six.inc b/poky/meta/recipes-devtools/python/python-six.inc
index c706dca..c386090 100644
--- a/poky/meta/recipes-devtools/python/python-six.inc
+++ b/poky/meta/recipes-devtools/python/python-six.inc
@@ -2,10 +2,10 @@
 HOMEPAGE = "https://pypi.python.org/pypi/six/"
 SECTION = "devel/python"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=83e0f622bd5ac7d575dbd83d094d69b5"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f82eb3a1a7fade60bda5980935084b62"
 
-SRC_URI[md5sum] = "9ae5d1feed8c0215f4ae4adcd9207fcb"
-SRC_URI[sha256sum] = "d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73"
+SRC_URI[md5sum] = "e92c23c882c7d5564ce5773fe31b2771"
+SRC_URI[sha256sum] = "30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66"
 
 inherit pypi
 
diff --git a/poky/meta/recipes-devtools/python/python3-six_1.12.0.bb b/poky/meta/recipes-devtools/python/python3-six_1.13.0.bb
similarity index 100%
rename from poky/meta/recipes-devtools/python/python3-six_1.12.0.bb
rename to poky/meta/recipes-devtools/python/python3-six_1.13.0.bb
diff --git a/poky/meta/recipes-devtools/python/python3/0001-Do-not-hardcode-lib-as-location-for-site-packages-an.patch b/poky/meta/recipes-devtools/python/python3/0001-Do-not-hardcode-lib-as-location-for-site-packages-an.patch
index 661f52d..ea75262 100644
--- a/poky/meta/recipes-devtools/python/python3/0001-Do-not-hardcode-lib-as-location-for-site-packages-an.patch
+++ b/poky/meta/recipes-devtools/python/python3/0001-Do-not-hardcode-lib-as-location-for-site-packages-an.patch
@@ -70,7 +70,7 @@
  
  Programs/python.o: $(srcdir)/Programs/python.c
 @@ -856,7 +857,7 @@ regen-opcode:
- Python/compile.o Python/symtable.o Python/ast_unparse.o Python/ast.o: $(srcdir)/Include/graminit.h $(srcdir)/Include/Python-ast.h
+ Python/compile.o Python/symtable.o Python/ast_unparse.o Python/ast.o Python/future.o Parser/parsetok.o: $(srcdir)/Include/graminit.h $(srcdir)/Include/Python-ast.h
  
  Python/getplatform.o: $(srcdir)/Python/getplatform.c
 -		$(CC) -c $(PY_CORE_CFLAGS) -DPLATFORM='"$(MACHDEP)"' -o $@ $(srcdir)/Python/getplatform.c
diff --git a/poky/meta/recipes-devtools/python/python3/0001-bpo-34155-Dont-parse-domains-containing-GH-13079.patch b/poky/meta/recipes-devtools/python/python3/0001-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
deleted file mode 100644
index 319e7ed..0000000
--- a/poky/meta/recipes-devtools/python/python3/0001-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 90d56127ae15b1e452755e62c77dc475dedf7161 Mon Sep 17 00:00:00 2001
-From: jpic <jpic@users.noreply.github.com>
-Date: Wed, 17 Jul 2019 23:54:25 +0200
-Subject: [PATCH] bpo-34155: Dont parse domains containing @ (GH-13079)
-
-Before:
-
-        >>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses
-        (Address(display_name='', username='a', domain='malicious.org'),)
-
-        >>> parseaddr('a@malicious.org@important.com')
-        ('', 'a@malicious.org')
-
-    After:
-
-        >>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses
-        (Address(display_name='', username='', domain=''),)
-
-        >>> parseaddr('a@malicious.org@important.com')
-        ('', 'a@')
-
-https://bugs.python.org/issue34155
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9]
-
-CVE: CVE-2019-16056
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- Lib/email/_header_value_parser.py                  |  2 ++
- Lib/email/_parseaddr.py                            | 11 ++++++++++-
- Lib/test/test_email/test__header_value_parser.py   | 10 ++++++++++
- Lib/test/test_email/test_email.py                  | 14 ++++++++++++++
- .../2019-05-04-13-33-37.bpo-34155.MJll68.rst       |  1 +
- 5 files changed, 37 insertions(+), 1 deletion(-)
- create mode 100644 Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
-
-diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
-index fc00b4a098..bbc026ec71 100644
---- a/Lib/email/_header_value_parser.py
-+++ b/Lib/email/_header_value_parser.py
-@@ -1582,6 +1582,8 @@ def get_domain(value):
-         token, value = get_dot_atom(value)
-     except errors.HeaderParseError:
-         token, value = get_atom(value)
-+    if value and value[0] == '@':
-+        raise errors.HeaderParseError('Invalid Domain')
-     if leader is not None:
-         token[:0] = [leader]
-     domain.append(token)
-diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
-index cdfa3729ad..41ff6f8c00 100644
---- a/Lib/email/_parseaddr.py
-+++ b/Lib/email/_parseaddr.py
-@@ -379,7 +379,12 @@ class AddrlistClass:
-         aslist.append('@')
-         self.pos += 1
-         self.gotonext()
--        return EMPTYSTRING.join(aslist) + self.getdomain()
-+        domain = self.getdomain()
-+        if not domain:
-+            # Invalid domain, return an empty address instead of returning a
-+            # local part to denote failed parsing.
-+            return EMPTYSTRING
-+        return EMPTYSTRING.join(aslist) + domain
- 
-     def getdomain(self):
-         """Get the complete domain name from an address."""
-@@ -394,6 +399,10 @@ class AddrlistClass:
-             elif self.field[self.pos] == '.':
-                 self.pos += 1
-                 sdlist.append('.')
-+            elif self.field[self.pos] == '@':
-+                # bpo-34155: Don't parse domains with two `@` like
-+                # `a@malicious.org@important.com`.
-+                return EMPTYSTRING
-             elif self.field[self.pos] in self.atomends:
-                 break
-             else:
-diff --git a/Lib/test/test_email/test__header_value_parser.py b/Lib/test/test_email/test__header_value_parser.py
-index 693487bc96..7dc4de1b7b 100644
---- a/Lib/test/test_email/test__header_value_parser.py
-+++ b/Lib/test/test_email/test__header_value_parser.py
-@@ -1438,6 +1438,16 @@ class TestParser(TestParserMixin, TestEmailBase):
-         self.assertEqual(addr_spec.domain, 'example.com')
-         self.assertEqual(addr_spec.addr_spec, 'star.a.star@example.com')
- 
-+    def test_get_addr_spec_multiple_domains(self):
-+        with self.assertRaises(errors.HeaderParseError):
-+            parser.get_addr_spec('star@a.star@example.com')
-+
-+        with self.assertRaises(errors.HeaderParseError):
-+            parser.get_addr_spec('star@a@example.com')
-+
-+        with self.assertRaises(errors.HeaderParseError):
-+            parser.get_addr_spec('star@172.17.0.1@example.com')
-+
-     # get_obs_route
- 
-     def test_get_obs_route_simple(self):
-diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py
-index c29cc56203..aa775881c5 100644
---- a/Lib/test/test_email/test_email.py
-+++ b/Lib/test/test_email/test_email.py
-@@ -3041,6 +3041,20 @@ class TestMiscellaneous(TestEmailBase):
-         self.assertEqual(utils.parseaddr('<>'), ('', ''))
-         self.assertEqual(utils.formataddr(utils.parseaddr('<>')), '')
- 
-+    def test_parseaddr_multiple_domains(self):
-+        self.assertEqual(
-+            utils.parseaddr('a@b@c'),
-+            ('', '')
-+        )
-+        self.assertEqual(
-+            utils.parseaddr('a@b.c@c'),
-+            ('', '')
-+        )
-+        self.assertEqual(
-+            utils.parseaddr('a@172.17.0.1@c'),
-+            ('', '')
-+        )
-+
-     def test_noquote_dump(self):
-         self.assertEqual(
-             utils.formataddr(('A Silly Person', 'person@dom.ain')),
-diff --git a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
-new file mode 100644
-index 0000000000..50292e29ed
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
-@@ -0,0 +1 @@
-+Fix parsing of invalid email addresses with more than one ``@`` (e.g. a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. Patch by maxking & jpic.
diff --git a/poky/meta/recipes-devtools/python/python3/0001-bpo-38243-xmlrpc.server-Escape-the-server_title-GH-1.patch b/poky/meta/recipes-devtools/python/python3/0001-bpo-38243-xmlrpc.server-Escape-the-server_title-GH-1.patch
deleted file mode 100644
index 1a4c932..0000000
--- a/poky/meta/recipes-devtools/python/python3/0001-bpo-38243-xmlrpc.server-Escape-the-server_title-GH-1.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From c25abd43e8877b4a7098f79eaacb248710731c2b Mon Sep 17 00:00:00 2001
-From: Dong-hee Na <donghee.na92@gmail.com>
-Date: Sat, 28 Sep 2019 04:59:37 +0900
-Subject: [PATCH] bpo-38243, xmlrpc.server: Escape the server_title (GH-16373)
-
-Escape the server title of xmlrpc.server.DocXMLRPCServer
-when rendering the document page as HTML.
-
-CVE: CVE-2019-16935
-
-Upstream-Status: Backport [https://github.com/python/cpython/commit/e8650a4f8c7fb76f570d4ca9c1fbe44e91c8dfaa]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- Lib/test/test_docxmlrpc.py                       | 16 ++++++++++++++++
- Lib/xmlrpc/server.py                             |  3 ++-
- .../2019-09-25-13-21-09.bpo-38243.1pfz24.rst     |  3 +++
- 3 files changed, 21 insertions(+), 1 deletion(-)
- create mode 100644 Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
-
-diff --git a/Lib/test/test_docxmlrpc.py b/Lib/test/test_docxmlrpc.py
-index f077f05f5b..38215659b6 100644
---- a/Lib/test/test_docxmlrpc.py
-+++ b/Lib/test/test_docxmlrpc.py
-@@ -1,5 +1,6 @@
- from xmlrpc.server import DocXMLRPCServer
- import http.client
-+import re
- import sys
- import threading
- from test import support
-@@ -193,6 +194,21 @@ class DocXMLRPCHTTPGETServer(unittest.TestCase):
-              b'method_annotation</strong></a>(x: bytes)</dt></dl>'),
-             response.read())
- 
-+    def test_server_title_escape(self):
-+        # bpo-38243: Ensure that the server title and documentation
-+        # are escaped for HTML.
-+        self.serv.set_server_title('test_title<script>')
-+        self.serv.set_server_documentation('test_documentation<script>')
-+        self.assertEqual('test_title<script>', self.serv.server_title)
-+        self.assertEqual('test_documentation<script>',
-+                self.serv.server_documentation)
-+
-+        generated = self.serv.generate_html_documentation()
-+        title = re.search(r'<title>(.+?)</title>', generated).group()
-+        documentation = re.search(r'<p><tt>(.+?)</tt></p>', generated).group()
-+        self.assertEqual('<title>Python: test_title&lt;script&gt;</title>', title)
-+        self.assertEqual('<p><tt>test_documentation&lt;script&gt;</tt></p>', documentation)
-+
- 
- if __name__ == '__main__':
-     unittest.main()
-diff --git a/Lib/xmlrpc/server.py b/Lib/xmlrpc/server.py
-index f1c467eb1b..32aba4df4c 100644
---- a/Lib/xmlrpc/server.py
-+++ b/Lib/xmlrpc/server.py
-@@ -108,6 +108,7 @@ from xmlrpc.client import Fault, dumps, loads, gzip_encode, gzip_decode
- from http.server import BaseHTTPRequestHandler
- from functools import partial
- from inspect import signature
-+import html
- import http.server
- import socketserver
- import sys
-@@ -894,7 +895,7 @@ class XMLRPCDocGenerator:
-                                 methods
-                             )
- 
--        return documenter.page(self.server_title, documentation)
-+        return documenter.page(html.escape(self.server_title), documentation)
- 
- class DocXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
-     """XML-RPC and documentation request handler class.
-diff --git a/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst b/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
-new file mode 100644
-index 0000000000..98d7be1295
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2019-09-25-13-21-09.bpo-38243.1pfz24.rst
-@@ -0,0 +1,3 @@
-+Escape the server title of :class:`xmlrpc.server.DocXMLRPCServer`
-+when rendering the document page as HTML.
-+(Contributed by Dong-hee Na in :issue:`38243`.)
--- 
-2.17.1
-
diff --git a/poky/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch b/poky/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
index 5735954..a0ea897 100644
--- a/poky/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
+++ b/poky/meta/recipes-devtools/python/python3/0001-python3-use-cc_basename-to-replace-CC-for-checking-c.patch
@@ -63,7 +63,7 @@
 +  case $cc_basename in
      *clang*)
        AC_SUBST(LLVM_AR)
-       AC_PATH_TARGET_TOOL(LLVM_AR, llvm-ar, '', ${llvm_path})
+       AC_PATH_TOOL(LLVM_AR, llvm-ar, '', ${llvm_path})
 @@ -1426,7 +1427,7 @@ then
    fi
  fi
diff --git a/poky/meta/recipes-devtools/python/python3_3.7.4.bb b/poky/meta/recipes-devtools/python/python3_3.7.5.bb
similarity index 97%
rename from poky/meta/recipes-devtools/python/python3_3.7.4.bb
rename to poky/meta/recipes-devtools/python/python3_3.7.5.bb
index dd61c0a..90914f9 100644
--- a/poky/meta/recipes-devtools/python/python3_3.7.4.bb
+++ b/poky/meta/recipes-devtools/python/python3_3.7.5.bb
@@ -29,8 +29,6 @@
            file://0001-Use-FLAG_REF-always-for-interned-strings.patch \
            file://0001-test_locale.py-correct-the-test-output-format.patch \
            file://0017-setup.py-do-not-report-missing-dependencies-for-disa.patch \
-           file://0001-bpo-34155-Dont-parse-domains-containing-GH-13079.patch \
-           file://0001-bpo-38243-xmlrpc.server-Escape-the-server_title-GH-1.patch \
            "
 
 SRC_URI_append_class-native = " \
@@ -41,8 +39,8 @@
            file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \
            "
 
-SRC_URI[md5sum] = "d33e4aae66097051c2eca45ee3604803"
-SRC_URI[sha256sum] = "fb799134b868199930b75f26678f18932214042639cd52b16da7fd134cd9b13f"
+SRC_URI[md5sum] = "08ed8030b1183107c48f2092e79a87e2"
+SRC_URI[sha256sum] = "e85a76ea9f3d6c485ec1780fca4e500725a4a7bbc63c78ebc44170de9b619d94"
 
 # exclude pre-releases for both python 2.x and 3.x
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
@@ -326,7 +324,7 @@
 
 # catch all the rest (unsorted)
 PACKAGES += "${PN}-misc"
-RDEPENDS_${PN}-misc += "python3-core python3-email python3-codecs python3-pydoc python3-pickle"
+RDEPENDS_${PN}-misc += "python3-core python3-email python3-codecs python3-pydoc python3-pickle python3-audio"
 RDEPENDS_${PN}-modules_append_class-target = " python3-misc"
 RDEPENDS_${PN}-modules_append_class-nativesdk = " python3-misc"
 FILES_${PN}-misc = "${libdir}/python${PYTHON_MAJMIN} ${libdir}/python${PYTHON_MAJMIN}/lib-dynload"
diff --git a/poky/meta/recipes-devtools/ruby/ruby.inc b/poky/meta/recipes-devtools/ruby/ruby.inc
index c0ceb1c..ce1b02f 100644
--- a/poky/meta/recipes-devtools/ruby/ruby.inc
+++ b/poky/meta/recipes-devtools/ruby/ruby.inc
@@ -35,6 +35,6 @@
 # built.
 
 do_configure_prepend() {
-    sed -i "s#%%TARGET_CFLAGS%%#$TARGET_CFLAGS#; s#%%TARGET_LDFLAGS%%#$TARGET_LDFLAGS#" ${S}/common.mk
+    sed -i "s#%%TARGET_CFLAGS%%#$CFLAGS#; s#%%TARGET_LDFLAGS%%#$LDFLAGS#" ${S}/common.mk
     rm -rf ${S}/ruby/
 }
diff --git a/poky/meta/recipes-devtools/ruby/ruby_2.6.4.bb b/poky/meta/recipes-devtools/ruby/ruby_2.6.5.bb
similarity index 94%
rename from poky/meta/recipes-devtools/ruby/ruby_2.6.4.bb
rename to poky/meta/recipes-devtools/ruby/ruby_2.6.5.bb
index fb202b8..1828f65 100644
--- a/poky/meta/recipes-devtools/ruby/ruby_2.6.4.bb
+++ b/poky/meta/recipes-devtools/ruby/ruby_2.6.5.bb
@@ -5,8 +5,8 @@
            file://run-ptest \
            "
 
-SRC_URI[md5sum] = "49b628cdb21db967d8a3f6ca6e222583"
-SRC_URI[sha256sum] = "4fc1d8ba75505b3797020a6ffc85a8bcff6adc4dabae343b6572bf281ee17937"
+SRC_URI[md5sum] = "8754bfb36d52c2bf1fb3d3ddc7101606"
+SRC_URI[sha256sum] = "66976b716ecc1fd34f9b7c3c2b07bbd37631815377a2e3e85a5b194cfdcbed7d"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
diff --git a/poky/meta/recipes-devtools/strace/strace/sys_headers.patch b/poky/meta/recipes-devtools/strace/strace/sys_headers.patch
new file mode 100644
index 0000000..e46f2c3
--- /dev/null
+++ b/poky/meta/recipes-devtools/strace/strace/sys_headers.patch
@@ -0,0 +1,25 @@
+Remove configure checks for few sys/ headers
+
+sys/ipc.h, sys/sem.h, sys/shm.h, and sys/msg.h are actually wrappers
+for kernel headers in libc if available, here strace is trying to match
+traced process's APIs to syscalls kernel structures
+
+Removing the checks makes it default to right kernel UAPI headers under linux/
+
+Upstream-Status: Submitted [https://lists.strace.io/pipermail/strace-devel/2019-November/009222.html]
+Suggested-by: Rich Felker <dalias@aerifal.cx>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+--- a/configure.ac
++++ b/configure.ac
+@@ -439,11 +439,7 @@ AC_CHECK_HEADERS(m4_normalize([
+ 	sys/conf.h
+ 	sys/eventfd.h
+ 	sys/fanotify.h
+-	sys/ipc.h
+-	sys/msg.h
+ 	sys/quota.h
+-	sys/sem.h
+-	sys/shm.h
+ 	sys/signalfd.h
+ 	sys/xattr.h
+ 	ustat.h
diff --git a/poky/meta/recipes-devtools/strace/strace/uintptr_t.patch b/poky/meta/recipes-devtools/strace/strace/uintptr_t.patch
new file mode 100644
index 0000000..6d3dd6f
--- /dev/null
+++ b/poky/meta/recipes-devtools/strace/strace/uintptr_t.patch
@@ -0,0 +1,17 @@
+include stdint.h for getting uintptr_t definition
+
+fixes do_compile_ptest_base
+tests/fanotify_mark.c:191:23: error: 'uintptr_t' undeclared (first use in this function); did you mean 'intptr_t'?
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+--- a/tests/fanotify_mark.c
++++ b/tests/fanotify_mark.c
+@@ -18,6 +18,7 @@
+ 
+ # include <limits.h>
+ # include <stdio.h>
++# include <stdint.h>
+ # include <unistd.h>
+ # include <sys/fanotify.h>
+ 
diff --git a/poky/meta/recipes-devtools/strace/strace_5.3.bb b/poky/meta/recipes-devtools/strace/strace_5.3.bb
index 775a22f..b000afb 100644
--- a/poky/meta/recipes-devtools/strace/strace_5.3.bb
+++ b/poky/meta/recipes-devtools/strace/strace_5.3.bb
@@ -14,6 +14,8 @@
            file://0001-caps-abbrev.awk-fix-gawk-s-path.patch \
            file://0001-tests-sigaction-Check-for-mips-and-alpha-before-usin.patch \
            file://ptest-spacesave.patch \
+           file://uintptr_t.patch \
+           file://sys_headers.patch \
            "
 SRC_URI[md5sum] = "84f5e72de813c9b1bb6057ee8ab428d8"
 SRC_URI[sha256sum] = "6c131198749656401fe3efd6b4b16a07ea867e8f530867ceae8930bbc937a047"
diff --git a/poky/meta/recipes-extended/acpica/acpica_20190816.bb b/poky/meta/recipes-extended/acpica/acpica_20191018.bb
similarity index 75%
rename from poky/meta/recipes-extended/acpica/acpica_20190816.bb
rename to poky/meta/recipes-extended/acpica/acpica_20191018.bb
index 8f79974..4692275 100644
--- a/poky/meta/recipes-extended/acpica/acpica_20190816.bb
+++ b/poky/meta/recipes-extended/acpica/acpica_20191018.bb
@@ -9,19 +9,19 @@
 HOMEPAGE = "http://www.acpica.org/"
 SECTION = "console/tools"
 
-LICENSE = "BSD | GPLv2"
-LIC_FILES_CHKSUM = "file://generate/unix/readme.txt;md5=204407e197c1a01154a48f6c6280c3aa"
+LICENSE = "Intel | BSD | GPLv2"
+LIC_FILES_CHKSUM = "file://source/compiler/aslcompile.c;beginline=7;endline=150;md5=b5690d9ef8d54b2b1e1cc98aad64cd87"
 
 COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
 
 DEPENDS = "bison flex bison-native"
 
-SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix2-${PV}.tar.gz"
-SRC_URI[md5sum] = "6a73b1e34715916fa31132dbe11008b0"
-SRC_URI[sha256sum] = "888e80f3bb77381620a5ead208e1a1be06f3ea66ddc8cfdfa62811cae5f03752"
+SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz"
+SRC_URI[md5sum] = "539a0252bcb42c383ceeaeb12ae9a60d"
+SRC_URI[sha256sum] = "029db4014600e4b771b11a84276d2d76eb40fb26eabc85864852ef1f962be95f"
 UPSTREAM_CHECK_URI = "https://acpica.org/downloads"
 
-S = "${WORKDIR}/acpica-unix2-${PV}"
+S = "${WORKDIR}/acpica-unix-${PV}"
 
 inherit update-alternatives
 
diff --git a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch
index 7c5d4f9..153ea55 100644
--- a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch
+++ b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch
@@ -19,7 +19,7 @@
 --- a/configure.ac
 +++ b/configure.ac
 @@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script.
- AC_INIT(ethtool, 5.2, netdev@vger.kernel.org)
+ AC_INIT(ethtool, 5.3, netdev@vger.kernel.org)
  AC_PREREQ(2.52)
  AC_CONFIG_SRCDIR([ethtool.c])
 -AM_INIT_AUTOMAKE([gnu])
diff --git a/poky/meta/recipes-extended/ethtool/ethtool_5.2.bb b/poky/meta/recipes-extended/ethtool/ethtool_5.3.bb
similarity index 88%
rename from poky/meta/recipes-extended/ethtool/ethtool_5.2.bb
rename to poky/meta/recipes-extended/ethtool/ethtool_5.3.bb
index 67e7fad..401331b 100644
--- a/poky/meta/recipes-extended/ethtool/ethtool_5.2.bb
+++ b/poky/meta/recipes-extended/ethtool/ethtool_5.3.bb
@@ -11,8 +11,8 @@
            file://avoid_parallel_tests.patch \
            "
 
-SRC_URI[md5sum] = "79cff0d4af62b030ad28be90414b5c4a"
-SRC_URI[sha256sum] = "8ad6cb30f6e1767d9d23a5cb5f606f3b51f83e85ebf0153c1506194f6709e90b"
+SRC_URI[md5sum] = "63d1c835b861912ea0dfd52cf66a2da4"
+SRC_URI[sha256sum] = "cd2d8ea360431a2ea35ff61c276bcf2afee1ad901668a0b50ae9f1c5814756bd"
 
 UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/software/network/ethtool/"
 
diff --git a/poky/meta/recipes-extended/iputils/iputils_s20190709.bb b/poky/meta/recipes-extended/iputils/iputils_s20190709.bb
index d8f2470..3f9e991 100644
--- a/poky/meta/recipes-extended/iputils/iputils_s20190709.bb
+++ b/poky/meta/recipes-extended/iputils/iputils_s20190709.bb
@@ -17,6 +17,10 @@
 
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>s\d+)"
 
+# Fixed in 2000-10-10, but the versioning of iputils
+# breaks the version order.
+CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214"
+
 PACKAGECONFIG ??= "libcap libgcrypt rarpd traceroute6"
 PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap"
 PACKAGECONFIG[libgcrypt] = "-DUSE_CRYPTO=gcrypt, -DUSE_CRYPTO=none, libgcrypt"
diff --git a/poky/meta/recipes-extended/libnsl/libnsl2_git.bb b/poky/meta/recipes-extended/libnsl/libnsl2_git.bb
index c3a24fa..28c84af 100644
--- a/poky/meta/recipes-extended/libnsl/libnsl2_git.bb
+++ b/poky/meta/recipes-extended/libnsl/libnsl2_git.bb
@@ -12,7 +12,7 @@
 
 PV = "1.2.0+git${SRCPV}"
 
-SRCREV = "37c5ffe3038d42e9fa9ed232ad2cbca4d8f14681"
+SRCREV = "4a062cf4180d99371198951e4ea5b4550efd58a3"
 
 SRC_URI = "git://github.com/thkukuk/libnsl \
           "
diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc/musl.patch b/poky/meta/recipes-extended/libtirpc/libtirpc/musl.patch
index 0c3ce60..21cd9f9 100644
--- a/poky/meta/recipes-extended/libtirpc/libtirpc/musl.patch
+++ b/poky/meta/recipes-extended/libtirpc/libtirpc/musl.patch
@@ -1,13 +1,14 @@
 Consider musl provided built-in defines
 
 Helps compile libtirpc with musl
+bits/endian.h is not supposed to be included directly
 
 Upstream-Status: Pending
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 
---- ./tirpc/rpc/types.h.orig	2018-03-17 10:23:10.022055255 +0100
-+++ ./tirpc/rpc/types.h	2018-03-17 10:23:30.877751656 +0100
-@@ -66,7 +66,7 @@
+--- a/tirpc/rpc/types.h
++++ b/tirpc/rpc/types.h
+@@ -66,7 +66,7 @@ typedef   int32_t rpc_inline_t;
  #define mem_free(ptr, bsize)	free(ptr)
  
  
@@ -16,3 +17,14 @@
  # define __u_char_defined
  # define __daddr_t_defined
  #endif
+--- a/src/xdr_float.c
++++ b/src/xdr_float.c
+@@ -83,7 +83,7 @@ static struct sgl_limits {
+ };
+ #else
+ 
+-#include <bits/endian.h>
++#include <endian.h>
+ #define IEEEFP
+ 
+ #endif /* vax */
diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb
index e73ffe7..633cece 100644
--- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb
+++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb
@@ -23,6 +23,20 @@
 
 do_install_append() {
         chown root:root ${D}${sysconfdir}/netconfig
+        install -d ${D}${includedir}/rpc
+        install -d ${D}${includedir}/rpcsvc
+        for link_header in ${D}${includedir}/tirpc/rpc/*; do
+            if [ -f $link_header -a ! -e ${D}/${includedir}/rpc/$(basename $link_header) ]; then
+                ln -sf ../tirpc/rpc/$(basename $link_header) ${D}${includedir}/rpc/$(basename $link_header)
+            fi
+        done
+        for link_header in ${D}${includedir}/tirpc/rpcsvc/*; do
+            if [ -f $link_header -a ! -e ${D}/${includedir}/rpcsvc/$(basename $link_header) ]; then
+                ln -sf ../tirpc/rpc/$(basename $link_header) ${D}${includedir}/rpcsvc/$(basename $link_header)
+            fi
+        done
+        ln -sf  tirpc/netconfig.h ${D}/${includedir}/netconfig.h
+
 }
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-mkswap01.sh-Add-udevadm-trigger-before-swap-verifica.patch b/poky/meta/recipes-extended/ltp/ltp/0001-mkswap01.sh-Add-udevadm-trigger-before-swap-verifica.patch
new file mode 100644
index 0000000..1b433d3
--- /dev/null
+++ b/poky/meta/recipes-extended/ltp/ltp/0001-mkswap01.sh-Add-udevadm-trigger-before-swap-verifica.patch
@@ -0,0 +1,35 @@
+From fae8852a63d9fa6e56fb8b24eaf10560bd13757f Mon Sep 17 00:00:00 2001
+From: Yongxin Liu <yongxin.liu@windriver.com>
+Date: Tue, 12 Nov 2019 11:33:50 +0800
+Subject: [PATCH] mkswap01.sh: Add "udevadm trigger" before swap verification
+
+Fix: https://github.com/linux-test-project/ltp/issues/458
+
+Sometimes the swap device cannot show up in /dev/disk/by-uuid/
+or /dev/disk/by-lable/ due to the issue #458. When this issue
+happens, "blkid -c /dev/null" and "ls /dev/disk/by-uuid/" show
+different UUID of the device.
+
+Upstream-Status: Submitted [https://patchwork.ozlabs.org/patch/1193414]
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ testcases/commands/mkswap/mkswap01.sh | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/testcases/commands/mkswap/mkswap01.sh b/testcases/commands/mkswap/mkswap01.sh
+index 3a348c6e6..9437c4a4e 100755
+--- a/testcases/commands/mkswap/mkswap01.sh
++++ b/testcases/commands/mkswap/mkswap01.sh
+@@ -129,6 +129,8 @@ mkswap_test()
+ 		return
+ 	fi
+ 
++	udevadm trigger --name-match=$TST_DEVICE
++
+ 	if [ -n "$device" ]; then
+ 		mkswap_verify "$mkswap_op" "$op_arg" "$device" "$size" "$dev_file"
+ 		if [ $? -ne 0 ]; then
+-- 
+2.14.4
+
diff --git a/poky/meta/recipes-extended/ltp/ltp_20190517.bb b/poky/meta/recipes-extended/ltp/ltp_20190517.bb
index 5915b1c..47aa967 100644
--- a/poky/meta/recipes-extended/ltp/ltp_20190517.bb
+++ b/poky/meta/recipes-extended/ltp/ltp_20190517.bb
@@ -50,6 +50,7 @@
            file://0001-syscall-rt_sigtimedwait01-Fix-wrong-sigset-length-fo.patch \
            file://0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch \
            file://0001-overcommit_memory-update-for-mm-fix-false-positive-O.patch \
+           file://0001-mkswap01.sh-Add-udevadm-trigger-before-swap-verifica.patch \
            "
 
 S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch b/poky/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch
new file mode 100644
index 0000000..e76aac8
--- /dev/null
+++ b/poky/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch
@@ -0,0 +1,99 @@
+From a54501d3c9541bc8600225aa2d42531f93c6def7 Mon Sep 17 00:00:00 2001
+From: Joshua Watt <JPEWhacker@gmail.com>
+Date: Sat, 9 Nov 2019 20:01:48 -0600
+Subject: [PATCH] Add option to control configure args
+
+Embedding the configure time options into the executable can lead to
+non-reproducible builds, since configure options often have embedded
+paths. Add a configure time option to control if the configure args are
+embedded so this can be disabled.
+
+Upstream-Status: Submitted [https://midnight-commander.org/ticket/4031]
+Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
+---
+ configure.ac   | 6 ++++++
+ src/args.c     | 6 ++++++
+ src/textconf.c | 2 ++
+ 3 files changed, 14 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 19d1a76be..a1948f6b9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -544,6 +544,12 @@ dnl Clarify do we really need GModule
+ AM_CONDITIONAL([HAVE_GMODULE], [test -n "$g_module_supported" && \
+                                 test x"$textmode_x11_support" = x"yes" -o x"$enable_aspell" = x"yes"])
+ 
++AC_ARG_ENABLE([configure-args],
++    AS_HELP_STRING([--enable-configure-args], [Handle all compiler warnings as errors]))
++if test "x$enable_configure_args" != xno; then
++    AC_DEFINE([ENABLE_CONFIGURE_ARGS], 1, [Define to enable showing configure arguments in help])
++fi
++
+ AC_DEFINE_UNQUOTED([MC_CONFIGURE_ARGS], ["$ac_configure_args"], [MC configure arguments])
+ 
+ AC_CONFIG_FILES(
+diff --git a/src/args.c b/src/args.c
+index baef1a1c8..f8dc24020 100644
+--- a/src/args.c
++++ b/src/args.c
+@@ -95,7 +95,9 @@ static gboolean mc_args__nouse_subshell = FALSE;
+ #endif /* ENABLE_SUBSHELL */
+ static gboolean mc_args__show_datadirs = FALSE;
+ static gboolean mc_args__show_datadirs_extended = FALSE;
++#ifdef ENABLE_CONFIGURE_ARGS
+ static gboolean mc_args__show_configure_opts = FALSE;
++#endif
+ 
+ static GOptionGroup *main_group;
+ 
+@@ -125,6 +127,7 @@ static const GOptionEntry argument_main_table[] = {
+      NULL
+     },
+ 
++#ifdef ENABLE_CONFIGURE_ARGS
+     /* show configure options */
+     {
+      "configure-options", '\0', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE,
+@@ -132,6 +135,7 @@ static const GOptionEntry argument_main_table[] = {
+      N_("Print configure options"),
+      NULL
+     },
++#endif
+ 
+     {
+      "printwd", 'P', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING,
+@@ -758,11 +762,13 @@ mc_args_show_info (void)
+         return FALSE;
+     }
+ 
++#ifdef ENABLE_CONFIGURE_ARGS
+     if (mc_args__show_configure_opts)
+     {
+         show_configure_options ();
+         return FALSE;
+     }
++#endif
+ 
+     return TRUE;
+ }
+diff --git a/src/textconf.c b/src/textconf.c
+index 1e0613e58..f39b9e028 100644
+--- a/src/textconf.c
++++ b/src/textconf.c
+@@ -232,10 +232,12 @@ show_datadirs_extended (void)
+ 
+ /* --------------------------------------------------------------------------------------------- */
+ 
++#ifdef ENABLE_CONFIGURE_ARGS
+ void
+ show_configure_options (void)
+ {
+     (void) printf ("%s\n", MC_CONFIGURE_ARGS);
+ }
++#endif
+ 
+ /* --------------------------------------------------------------------------------------------- */
+-- 
+2.23.0
+
diff --git a/poky/meta/recipes-extended/mc/mc_4.8.23.bb b/poky/meta/recipes-extended/mc/mc_4.8.23.bb
index 83de8db..71f61b4 100644
--- a/poky/meta/recipes-extended/mc/mc_4.8.23.bb
+++ b/poky/meta/recipes-extended/mc/mc_4.8.23.bb
@@ -8,6 +8,7 @@
 
 SRC_URI = "http://www.midnight-commander.org/downloads/${BPN}-${PV}.tar.bz2 \
            file://0001-mc-replace-perl-w-with-use-warnings.patch \
+           file://0001-Add-option-to-control-configure-args.patch \
            "
 SRC_URI[md5sum] = "152927ac29cf0e61d7d019f261bb7d89"
 SRC_URI[sha256sum] = "238c4552545dcf3065359bd50753abbb150c1b22ec5a36eaa02c82808293267d"
@@ -21,9 +22,11 @@
 PACKAGECONFIG[smb] = "--enable-vfs-smb,--disable-vfs-smb,samba,"
 PACKAGECONFIG[sftp] = "--enable-vfs-sftp,--disable-vfs-sftp,libssh2,"
 
-EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x"
+EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x --disable-configure-args"
 
 CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'"
+CACHED_CONFIGUREVARS += "ac_cv_path_PYTHON='/usr/bin/env python'"
+CACHED_CONFIGUREVARS += "ac_cv_path_GREP='/usr/bin/env grep'"
 
 do_install_append () {
 	sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${libexecdir}/mc/extfs.d/*
diff --git a/poky/meta/recipes-extended/pam/libpam_1.3.1.bb b/poky/meta/recipes-extended/pam/libpam_1.3.1.bb
index 6b73f0a..a2aa1ec 100644
--- a/poky/meta/recipes-extended/pam/libpam_1.3.1.bb
+++ b/poky/meta/recipes-extended/pam/libpam_1.3.1.bb
@@ -163,3 +163,5 @@
 CONFFILES_${PN}-runtime += "${sysconfdir}/security/limits.conf"
 
 UPSTREAM_CHECK_URI = "https://github.com/linux-pam/linux-pam/releases"
+
+CVE_PRODUCT = "linux-pam"
diff --git a/poky/meta/recipes-extended/procps/procps_3.3.15.bb b/poky/meta/recipes-extended/procps/procps_3.3.15.bb
index 9756db0..f240e54 100644
--- a/poky/meta/recipes-extended/procps/procps_3.3.15.bb
+++ b/poky/meta/recipes-extended/procps/procps_3.3.15.bb
@@ -4,9 +4,9 @@
 HOMEPAGE = "https://gitlab.com/procps-ng/procps"
 SECTION = "base"
 LICENSE = "GPLv2+ & LGPLv2+"
-LIC_FILES_CHKSUM="file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                  file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \
-                 "
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+                    file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \
+                    "
 
 DEPENDS = "ncurses"
 
@@ -64,3 +64,6 @@
         d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog))
 }
 
+# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
+CVE_CHECK_WHITELIST += "CVE-2018-1121"
diff --git a/poky/meta/recipes-extended/sysstat/sysstat.inc b/poky/meta/recipes-extended/sysstat/sysstat.inc
index 5a7d211..62de36b 100644
--- a/poky/meta/recipes-extended/sysstat/sysstat.inc
+++ b/poky/meta/recipes-extended/sysstat/sysstat.inc
@@ -17,7 +17,7 @@
 # autotools-brokensep as this package doesn't use automake
 inherit autotools-brokensep gettext systemd upstream-version-is-even
 
-PACKAGECONFIG ??= ""
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
 PACKAGECONFIG[lm-sensors] = "--enable-sensors,--disable-sensors,lmsensors,lmsensors-libsensors"
 PACKAGECONFIG[cron] = "--enable-install-cron --enable-copy-only,--disable-install-cron --disable-copy-only"
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}"
@@ -46,10 +46,12 @@
 	        echo "d ${localstatedir}/log/sa - - - -" \
 		     > ${D}${sysconfdir}/tmpfiles.d/sysstat.conf
 
-	        if ${@bb.utils.contains('PACKAGECONFIG', 'cron', 'false', 'true', d)}; then
+		# Unless both cron and systemd are enabled, install our own
+		# systemd unit file. Otherwise the package will install one.
+	        if ${@bb.utils.contains('PACKAGECONFIG', 'cron systemd', 'false', 'true', d)}; then
 			install -d ${D}${systemd_unitdir}/system
 			install -m 0644 ${WORKDIR}/sysstat.service ${D}${systemd_unitdir}/system
-			sed -i -e 's#@LIBDIR@#${libdir}#g' ${D}${systemd_unitdir}/system/sysstat.service
+			sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}${systemd_unitdir}/system/sysstat.service
 	        fi
 	fi
 }
@@ -62,6 +64,6 @@
 	fi
 }
 
-FILES_${PN} += "${libdir}/sa ${systemd_system_unitdir}"
+FILES_${PN} += "${systemd_system_unitdir}"
 
 TARGET_CC_ARCH += "${LDFLAGS}"
diff --git a/poky/meta/recipes-extended/sysstat/sysstat/sysstat.service b/poky/meta/recipes-extended/sysstat/sysstat/sysstat.service
index aff0710..ca46bef 100644
--- a/poky/meta/recipes-extended/sysstat/sysstat/sysstat.service
+++ b/poky/meta/recipes-extended/sysstat/sysstat/sysstat.service
@@ -5,7 +5,7 @@
 Type=oneshot
 RemainAfterExit=yes
 User=root
-ExecStart=@LIBDIR@/sa/sa1 --boot
+ExecStart=@LIBEXECDIR@/sa/sa1 --boot
 
 [Install]
 WantedBy=multi-user.target
diff --git a/poky/meta/recipes-graphics/clutter/clutter-1.0.inc b/poky/meta/recipes-graphics/clutter/clutter-1.0.inc
index 6dbbf4d..9ecdfd0 100644
--- a/poky/meta/recipes-graphics/clutter/clutter-1.0.inc
+++ b/poky/meta/recipes-graphics/clutter/clutter-1.0.inc
@@ -1,4 +1,7 @@
 SUMMARY = "Graphics library for creating hardware-accelerated user interfaces"
+DESCRIPTION = "Clutter is an Open GL based interactive canvas library, \
+designed for creating fast, mainly 2D single window applications such as media \
+box UIs, presentations, kiosk style applications and so on."
 HOMEPAGE = "http://www.clutter-project.org/"
 LICENSE = "LGPLv2.1+"
 
diff --git a/poky/meta/recipes-graphics/cogl/cogl-1.0.inc b/poky/meta/recipes-graphics/cogl/cogl-1.0.inc
index 4436163..23661d9 100644
--- a/poky/meta/recipes-graphics/cogl/cogl-1.0.inc
+++ b/poky/meta/recipes-graphics/cogl/cogl-1.0.inc
@@ -1,4 +1,8 @@
 SUMMARY = "Modern 3D graphics API with associated utility APIs"
+DESCRIPTION = "Cogl is a small open source library for using 3D graphics \
+hardware for rendering. The API departs from the flat state machine style of \
+OpenGL and is designed to make it easy to write orthogonal components that \
+can render without stepping on each others toes."
 HOMEPAGE = "http://wiki.clutter-project.org/wiki/Cogl"
 LICENSE = "MIT"
 
diff --git a/poky/meta/recipes-graphics/drm/libdrm_2.4.99.bb b/poky/meta/recipes-graphics/drm/libdrm_2.4.100.bb
similarity index 94%
rename from poky/meta/recipes-graphics/drm/libdrm_2.4.99.bb
rename to poky/meta/recipes-graphics/drm/libdrm_2.4.100.bb
index fa3eb08..4859425 100644
--- a/poky/meta/recipes-graphics/drm/libdrm_2.4.99.bb
+++ b/poky/meta/recipes-graphics/drm/libdrm_2.4.100.bb
@@ -12,8 +12,8 @@
 
 SRC_URI = "http://dri.freedesktop.org/libdrm/${BP}.tar.bz2 \
            file://musl-ioctl.patch"
-SRC_URI[md5sum] = "72539626815b35159a63d45bc4c14ee6"
-SRC_URI[sha256sum] = "4dbf539c7ed25dbb2055090b77ab87508fc46be39a9379d15fed4b5517e1da5e"
+SRC_URI[md5sum] = "f47bc87e28198ba527e6b44ffdd62f65"
+SRC_URI[sha256sum] = "c77cc828186c9ceec3e56ae202b43ee99eb932b4a87255038a80e8a1060d0a5d"
 
 inherit meson pkgconfig manpages
 
diff --git a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_2.6.1.bb b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_2.6.1.bb
index 99cd4cd..80ab545 100644
--- a/poky/meta/recipes-graphics/harfbuzz/harfbuzz_2.6.1.bb
+++ b/poky/meta/recipes-graphics/harfbuzz/harfbuzz_2.6.1.bb
@@ -21,7 +21,7 @@
 PACKAGECONFIG[graphite] = "--with-graphite2,--without-graphite2,graphite2"
 PACKAGECONFIG[icu] = "--with-icu,--without-icu,icu"
 
-PACKAGES =+ "${PN}-icu ${PN}-icu-dev"
+PACKAGES =+ "${PN}-icu ${PN}-icu-dev ${PN}-subset"
 
 LEAD_SONAME = "libharfbuzz.so"
 
@@ -36,5 +36,6 @@
                        ${libdir}/libharfbuzz-icu.so \
                        ${libdir}/pkgconfig/harfbuzz-icu.pc \
 "
+FILES_${PN}-subset = "${libdir}/libharfbuzz-subset.so.*"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.3.bb b/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.3.bb
index 825453a..834d815 100644
--- a/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.3.bb
+++ b/poky/meta/recipes-graphics/libepoxy/libepoxy_1.5.3.bb
@@ -1,4 +1,8 @@
 SUMMARY = "OpenGL function pointer management library"
+DESCRIPTION = "It hides the complexity of dlopen(), dlsym(), \
+glXGetProcAddress(), eglGetProcAddress(), etc. from the app developer, with \
+very little knowledge needed on their part. They get to read GL specs and \
+write code using undecorated function names like glCompileShader()."
 HOMEPAGE = "https://github.com/anholt/libepoxy/"
 SECTION = "libs"
 
diff --git a/poky/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb b/poky/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb
index ce45e48..cca2d48 100644
--- a/poky/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb
+++ b/poky/meta/recipes-graphics/libmatchbox/libmatchbox_1.12.bb
@@ -1,4 +1,8 @@
 SUMMARY = "Matchbox window manager core library"
+DESCRIPTION = "Matchbox is an Open Source base environment for the X Window \
+System running on non-desktop embedded platforms such as handhelds, set-top \
+boxes, kiosks and anything else for which screen space, input mechanisms or \
+system resources are limited."
 SECTION = "x11/libs"
 HOMEPAGE = "http://matchbox-project.org/"
 BUGTRACKER = "http://bugzilla.yoctoproject.com/"
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-configure-check-for-build-dir-when-building-version-.patch b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-configure-check-for-build-dir-when-building-version-.patch
new file mode 100644
index 0000000..b383bd6
--- /dev/null
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2/0001-configure-check-for-build-dir-when-building-version-.patch
@@ -0,0 +1,53 @@
+# HG changeset patch
+# User Anuj Mittal <am.devel@gmail.com>
+# Date 1573631462 -10800
+# Node ID 1fb1880d5edfc7c5a370846e13f90b260263627c
+# Parent  007002587d5d34d781c2b628c05e992e0ac5f52d
+configure: check for build dir when building version res (fix bug #4858)
+Fixes a race where we try to build version res file in build directory
+before it has even been created. Prevents errors like:
+
+/bin/bash ../SDL2-2.0.10/build-scripts/updaterev.sh
+/bin/bash ../SDL2-2.0.10/build-scripts/mkinstalldirs build
+mkdir -p -- build
+x86_64-pokysdk-mingw32-windres --include-dir=/home/pokybuild/yocto-worker/meta-mingw/build/build/tmp/work/x86_64-nativesdk-mingw32-pokysdk-mingw32/nativesdk-libsdl2/2.0.10-r0/recipe-sysroot/opt/poky/3.0/sysroots/x86_64-pokysdk-mingw32/usr/include ../SDL2-2.0.10/src/main/windows/version.rc build/version.o
+x86_64-pokysdk-mingw32-windres: build/version.o: No such file or directory
+Makefile:692: recipe for target 'build/version.o' failed
+make: *** [build/version.o] Error 1
+make: *** Waiting for unfinished jobs....
+touch build/.created
+WARNING: exit code 1 from a shell command.
+
+Extension of fix:
+https://hg.libsdl.org/SDL/rev/99d8b18acf8a
+
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <am.devel@gmail.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff -r 007002587d5d -r 1fb1880d5edf configure
+--- a/configure	Tue Nov 12 17:24:37 2019 -0500
++++ b/configure	Wed Nov 13 10:51:02 2019 +0300
+@@ -25493,7 +25493,7 @@
+ VERSION_DEPENDS=`echo $VERSION_SOURCES`
+ VERSION_OBJECTS=`echo "$VERSION_OBJECTS" | sed 's,[^ ]*/\([^ ]*\)\.rc,$(objects)/\1.o,g'`
+ VERSION_DEPENDS=`echo "$VERSION_DEPENDS" | sed "s,\\([^ ]*\\)/\\([^ ]*\\)\\.rc,\\\\
+-\\$(objects)/\\2.o: \\1/\\2.rc\\\\
++\\$(objects)/\\2.o: \\1/\\2.rc \\$(objects)/.created\\\\
+ 	\\$(WINDRES) \\$< \\$@,g"`
+ 
+ SDLMAIN_OBJECTS=`echo $SDLMAIN_SOURCES`
+diff -r 007002587d5d -r 1fb1880d5edf configure.ac
+--- a/configure.ac	Tue Nov 12 17:24:37 2019 -0500
++++ b/configure.ac	Wed Nov 13 10:51:02 2019 +0300
+@@ -4177,7 +4177,7 @@
+ VERSION_DEPENDS=`echo $VERSION_SOURCES`
+ VERSION_OBJECTS=`echo "$VERSION_OBJECTS" | sed 's,[[^ ]]*/\([[^ ]]*\)\.rc,$(objects)/\1.o,g'`
+ VERSION_DEPENDS=`echo "$VERSION_DEPENDS" | sed "s,\\([[^ ]]*\\)/\\([[^ ]]*\\)\\.rc,\\\\
+-\\$(objects)/\\2.o: \\1/\\2.rc\\\\
++\\$(objects)/\\2.o: \\1/\\2.rc \\$(objects)/.created\\\\
+ 	\\$(WINDRES) \\$< \\$@,g"`
+ 
+ SDLMAIN_OBJECTS=`echo $SDLMAIN_SOURCES`
diff --git a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
index 862abe1..ac4a356 100644
--- a/poky/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
+++ b/poky/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
@@ -16,6 +16,7 @@
            file://more-gen-depends.patch \
            file://0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch \
            file://0002-Fixed-bug-4797-SDL-fails-to-compile-with-Mesa-Master.patch \
+           file://0001-configure-check-for-build-dir-when-building-version-.patch \
 "
 
 S = "${WORKDIR}/SDL2-${PV}"
diff --git a/poky/meta/recipes-graphics/matchbox-session/matchbox-session_0.1.bb b/poky/meta/recipes-graphics/matchbox-session/matchbox-session_0.1.bb
index cbaf054..57a3024 100644
--- a/poky/meta/recipes-graphics/matchbox-session/matchbox-session_0.1.bb
+++ b/poky/meta/recipes-graphics/matchbox-session/matchbox-session_0.1.bb
@@ -1,4 +1,5 @@
 SUMMARY = "Custom Matchbox session files"
+DESCRIPTION = "Very simple session manager for matchbox tools"
 HOMEPAGE = "http://www.matchbox-project.org/"
 BUGTRACKER = "http://bugzilla.yoctoproject.org/"
 
diff --git a/poky/meta/recipes-graphics/piglit/piglit_git.bb b/poky/meta/recipes-graphics/piglit/piglit_git.bb
index d489f82..28a52cf 100644
--- a/poky/meta/recipes-graphics/piglit/piglit_git.bb
+++ b/poky/meta/recipes-graphics/piglit/piglit_git.bb
@@ -1,4 +1,6 @@
 SUMMARY = "OpenGL driver testing framework"
+DESCRIPTION = "Piglit is an open-source test suite for OpenGL and OpenCL \
+implementations."
 LICENSE = "MIT & LGPLv2+ & GPLv3 & GPLv2+ & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b2beded7103a3d8a442a2a0391d607b0"
 
diff --git a/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb b/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb
index d2b11c1..4ac4412 100644
--- a/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb
+++ b/poky/meta/recipes-graphics/virglrenderer/virglrenderer_0.8.0.bb
@@ -1,4 +1,8 @@
 SUMMARY = "VirGL virtual OpenGL renderer"
+DESCRIPTION = "Virgil is a research project to investigate the possibility of \
+creating a virtual 3D GPU for use inside qemu virtual machines, that allows \
+the guest operating system to use the capabilities of the host GPU to \
+accelerate 3D rendering."
 HOMEPAGE = "https://virgil3d.github.io/"
 
 LICENSE = "MIT"
diff --git a/poky/meta/recipes-graphics/wayland/libinput_1.14.1.bb b/poky/meta/recipes-graphics/wayland/libinput_1.14.3.bb
similarity index 66%
rename from poky/meta/recipes-graphics/wayland/libinput_1.14.1.bb
rename to poky/meta/recipes-graphics/wayland/libinput_1.14.3.bb
index 38bc8d2..f06a8d2 100644
--- a/poky/meta/recipes-graphics/wayland/libinput_1.14.1.bb
+++ b/poky/meta/recipes-graphics/wayland/libinput_1.14.3.bb
@@ -1,4 +1,9 @@
 SUMMARY = "Library to handle input devices in Wayland compositors"
+DESCRIPTION = "libinput is a library to handle input devices in Wayland \
+compositors and to provide a generic X.Org input driver. It provides \
+device detection, device handling, input device event processing and \
+abstraction so minimize the amount of custom input code compositors need to \
+provide the common set of functionality that users expect."
 HOMEPAGE = "http://www.freedesktop.org/wiki/Software/libinput/"
 SECTION = "libs"
 
@@ -8,8 +13,8 @@
 DEPENDS = "libevdev udev mtdev"
 
 SRC_URI = "http://www.freedesktop.org/software/${BPN}/${BP}.tar.xz"
-SRC_URI[md5sum] = "da29a704dc6f7ea2d5aac754db046340"
-SRC_URI[sha256sum] = "e333a3242835c019ca37d2cef8b51a87d3138eb47444119c0153dc7a8656ee70"
+SRC_URI[md5sum] = "d052faa64eb6d2e649e582cc0fcf6e32"
+SRC_URI[sha256sum] = "0feb3a0589709cc1032893bfaf4c49150d5360bd9782bec888f9e4dd9044c5b7"
 
 UPSTREAM_CHECK_REGEX = "libinput-(?P<pver>\d+\.\d+\.(?!9\d+)\d+)"
 
diff --git a/poky/meta/recipes-graphics/wayland/wayland/0001-scanner-Add-configure-check-for-strndup.patch b/poky/meta/recipes-graphics/wayland/wayland/0001-scanner-Add-configure-check-for-strndup.patch
new file mode 100644
index 0000000..c443587
--- /dev/null
+++ b/poky/meta/recipes-graphics/wayland/wayland/0001-scanner-Add-configure-check-for-strndup.patch
@@ -0,0 +1,50 @@
+From 3c8b4467a1ca229e72fb5223787ed400a19c65c0 Mon Sep 17 00:00:00 2001
+From: Joshua Watt <JPEWhacker@gmail.com>
+Date: Fri, 25 Oct 2019 21:03:23 -0500
+Subject: [PATCH] scanner: Add configure check for strndup
+
+Some platforms may not have strndup() (e.g. MinGW), so provide a
+equivalent implementation if it's not found.
+
+Upstream-Status: Accepted [4a1f348c20157db7bd7c759fdeb23fbe8729c571]
+Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
+---
+ configure.ac  |  2 +-
+ src/scanner.c | 11 +++++++++++
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 8d56f2b..1c99e21 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -63,7 +63,7 @@ fi
+ AC_SUBST(GCC_CFLAGS)
+ 
+ AC_CHECK_HEADERS([sys/prctl.h])
+-AC_CHECK_FUNCS([accept4 mkostemp posix_fallocate prctl])
++AC_CHECK_FUNCS([accept4 mkostemp posix_fallocate prctl strndup])
+ 
+ AC_ARG_ENABLE([libraries],
+ 	      [AC_HELP_STRING([--disable-libraries],
+diff --git a/src/scanner.c b/src/scanner.c
+index a94be5d..27004bc 100644
+--- a/src/scanner.c
++++ b/src/scanner.c
+@@ -916,6 +916,17 @@ verify_arguments(struct parse_context *ctx,
+ 
+ }
+ 
++#ifndef HAVE_STRNDUP
++char *
++strndup(const char *s, size_t size)
++{
++	char *r = malloc(size + 1);
++	strncpy(r, s, size);
++	r[size] = '\0';
++	return r;
++}
++#endif
++
+ static void
+ end_element(void *data, const XML_Char *name)
+ {
diff --git a/poky/meta/recipes-graphics/wayland/wayland/0002-Move-wl_priv_signal-to-wayland-server-private.h.patch b/poky/meta/recipes-graphics/wayland/wayland/0002-Move-wl_priv_signal-to-wayland-server-private.h.patch
new file mode 100644
index 0000000..b05b875
--- /dev/null
+++ b/poky/meta/recipes-graphics/wayland/wayland/0002-Move-wl_priv_signal-to-wayland-server-private.h.patch
@@ -0,0 +1,166 @@
+From e746f3bf7c8bb2f5dcf9e93edffc23b56eff12d0 Mon Sep 17 00:00:00 2001
+From: Joshua Watt <JPEWhacker@gmail.com>
+Date: Tue, 5 Nov 2019 09:09:50 -0600
+Subject: [PATCH] Move wl_priv_signal to wayland-server-private.h
+
+Including wayland-server-core.h in wayland-private.h is problematic
+because wayland-private.h is included by wayland-scanner which should be
+able to build against non-POSIX platforms (e.g. MinGW). The only reason
+that wayland-server-core.h was included in wayland-private.h was for the
+wl_private_signal definitions, so move those to a
+wayland-server-private.h file that can be included by both
+wayland-server.c and the tests.
+
+Upstream-Status: Accepted [e7d88f35eb89cf0cc77cbddd834cacc63683a9cc]
+Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
+---
+ Makefile.am                  |  3 +-
+ src/wayland-private.h        | 22 +--------------
+ src/wayland-server-private.h | 53 ++++++++++++++++++++++++++++++++++++
+ src/wayland-server.c         |  1 +
+ tests/newsignal-test.c       |  2 +-
+ 5 files changed, 58 insertions(+), 23 deletions(-)
+ create mode 100644 src/wayland-server-private.h
+
+diff --git a/Makefile.am b/Makefile.am
+index f47d055..026d981 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -56,7 +56,8 @@ libwayland_private_la_SOURCES =			\
+ 	src/connection.c			\
+ 	src/wayland-os.c			\
+ 	src/wayland-os.h			\
+-	src/wayland-private.h
++	src/wayland-private.h			\
++	src/wayland-server-private.h
+ 
+ include_HEADERS =				\
+ 	src/wayland-util.h			\
+diff --git a/src/wayland-private.h b/src/wayland-private.h
+index 29516ec..dc7d12f 100644
+--- a/src/wayland-private.h
++++ b/src/wayland-private.h
+@@ -31,11 +31,11 @@
+ #include <stdarg.h>
+ #include <stdlib.h>
+ #include <stdint.h>
++#include <stdbool.h>
+ 
+ #define WL_HIDE_DEPRECATED 1
+ 
+ #include "wayland-util.h"
+-#include "wayland-server-core.h"
+ 
+ /* Invalid memory address */
+ #define WL_ARRAY_POISON_PTR (void *) 4
+@@ -236,26 +236,6 @@ zalloc(size_t s)
+ 	return calloc(1, s);
+ }
+ 
+-struct wl_priv_signal {
+-	struct wl_list listener_list;
+-	struct wl_list emit_list;
+-};
+-
+-void
+-wl_priv_signal_init(struct wl_priv_signal *signal);
+-
+-void
+-wl_priv_signal_add(struct wl_priv_signal *signal, struct wl_listener *listener);
+-
+-struct wl_listener *
+-wl_priv_signal_get(struct wl_priv_signal *signal, wl_notify_func_t notify);
+-
+-void
+-wl_priv_signal_emit(struct wl_priv_signal *signal, void *data);
+-
+-void
+-wl_priv_signal_final_emit(struct wl_priv_signal *signal, void *data);
+-
+ void
+ wl_connection_close_fds_in(struct wl_connection *connection, int max);
+ 
+diff --git a/src/wayland-server-private.h b/src/wayland-server-private.h
+new file mode 100644
+index 0000000..23fa458
+--- /dev/null
++++ b/src/wayland-server-private.h
+@@ -0,0 +1,53 @@
++/*
++ * Copyright © 2008-2011 Kristian Høgsberg
++ * Copyright © 2011 Intel Corporation
++ * Copyright © 2013 Jason Ekstrand
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining
++ * a copy of this software and associated documentation files (the
++ * "Software"), to deal in the Software without restriction, including
++ * without limitation the rights to use, copy, modify, merge, publish,
++ * distribute, sublicense, and/or sell copies of the Software, and to
++ * permit persons to whom the Software is furnished to do so, subject to
++ * the following conditions:
++ *
++ * The above copyright notice and this permission notice (including the
++ * next paragraph) shall be included in all copies or substantial
++ * portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
++ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
++ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
++ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
++ * SOFTWARE.
++ */
++
++#ifndef WAYLAND_SERVER_PRIVATE_H
++#define WAYLAND_SERVER_PRIVATE_H
++
++#include "wayland-server-core.h"
++
++struct wl_priv_signal {
++	struct wl_list listener_list;
++	struct wl_list emit_list;
++};
++
++void
++wl_priv_signal_init(struct wl_priv_signal *signal);
++
++void
++wl_priv_signal_add(struct wl_priv_signal *signal, struct wl_listener *listener);
++
++struct wl_listener *
++wl_priv_signal_get(struct wl_priv_signal *signal, wl_notify_func_t notify);
++
++void
++wl_priv_signal_emit(struct wl_priv_signal *signal, void *data);
++
++void
++wl_priv_signal_final_emit(struct wl_priv_signal *signal, void *data);
++
++#endif
+diff --git a/src/wayland-server.c b/src/wayland-server.c
+index 19f6a76..d6f0206 100644
+--- a/src/wayland-server.c
++++ b/src/wayland-server.c
+@@ -45,6 +45,7 @@
+ 
+ #include "wayland-util.h"
+ #include "wayland-private.h"
++#include "wayland-server-private.h"
+ #include "wayland-server.h"
+ #include "wayland-os.h"
+ 
+diff --git a/tests/newsignal-test.c b/tests/newsignal-test.c
+index 47c429b..f3a7bd9 100644
+--- a/tests/newsignal-test.c
++++ b/tests/newsignal-test.c
+@@ -26,7 +26,7 @@
+ #include <assert.h>
+ 
+ #include "test-runner.h"
+-#include "wayland-private.h"
++#include "wayland-server-private.h"
+ 
+ static void
+ signal_notify(struct wl_listener *listener, void *data)
diff --git a/poky/meta/recipes-graphics/wayland/wayland_1.17.0.bb b/poky/meta/recipes-graphics/wayland/wayland_1.17.0.bb
index d34bb39..2b5a8f9 100644
--- a/poky/meta/recipes-graphics/wayland/wayland_1.17.0.bb
+++ b/poky/meta/recipes-graphics/wayland/wayland_1.17.0.bb
@@ -14,6 +14,8 @@
 
 SRC_URI = "https://wayland.freedesktop.org/releases/${BPN}-${PV}.tar.xz \
 	   file://fixpathinpcfiles.patch \
+           file://0001-scanner-Add-configure-check-for-strndup.patch \
+           file://0002-Move-wl_priv_signal-to-wayland-server-private.h.patch \
            "
 SRC_URI[md5sum] = "d91f970aea11fd549eae023d06f91af3"
 SRC_URI[sha256sum] = "72aa11b8ac6e22f4777302c9251e8fec7655dc22f9d94ee676c6b276f95f91a4"
diff --git a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20190815.bb b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20190815.bb
index 5186388..d83000b 100644
--- a/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20190815.bb
+++ b/poky/meta/recipes-kernel/linux-firmware/linux-firmware_20190815.bb
@@ -273,6 +273,7 @@
              ${PN}-bcm4358 \
              ${PN}-bcm43602 \
              ${PN}-bcm4366b \
+             ${PN}-bcm4366c \
              ${PN}-bcm4371 \
              ${PN}-bcm4373 \
              ${PN}-bcm43xx \
@@ -571,7 +572,7 @@
 FILES_${PN}-bcm4329-fullmac = "${nonarch_base_libdir}/firmware/brcm/bcm4329-fullmac-4.bin"
 FILES_${PN}-bcm43236b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43236b.bin"
 FILES_${PN}-bcm4329 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4329-sdio.bin"
-FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.bin"
+FILES_${PN}-bcm4330 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4330-sdio.*"
 FILES_${PN}-bcm4334 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4334-sdio.bin"
 FILES_${PN}-bcm4335 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4335-sdio.bin"
 FILES_${PN}-bcm4339 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4339-sdio.bin"
@@ -582,8 +583,8 @@
 FILES_${PN}-bcm43143 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43143.bin \
   ${nonarch_base_libdir}/firmware/brcm/brcmfmac43143-sdio.bin \
 "
-FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.bin"
-FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.bin"
+FILES_${PN}-bcm43430a0 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430a0-sdio.*"
+FILES_${PN}-bcm43455 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43455-sdio.*"
 FILES_${PN}-bcm4350c2 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350c2-pcie.bin"
 FILES_${PN}-bcm4350 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4350-pcie.bin"
 FILES_${PN}-bcm4356 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-sdio.bin"
@@ -594,6 +595,7 @@
   ${nonarch_base_libdir}/firmware/brcm/brcmfmac43602-pcie.ap.bin \
 "
 FILES_${PN}-bcm4366b = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366b-pcie.bin"
+FILES_${PN}-bcm4366c = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4366c-pcie.bin"
 FILES_${PN}-bcm4371 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4371-pcie.bin"
 
 # for i in `grep brcm WHENCE  | grep ^File | sed 's/File: brcm.//g'`; do pkg=`echo $i | sed 's/-[sp40].*//g; s/\.bin//g; s/brcmfmac/bcm/g; s/_hdr/-hdr/g; s/BCM/bcm-0bb4-0306/g'`; echo -e "LICENSE_\${PN}-$pkg = \"Firmware-broadcom_bcm43xx\"\nRDEPENDS_\${PN}-$pkg += \"\${PN}-broadcom-license\""; done
@@ -647,6 +649,8 @@
 RDEPENDS_${PN}-bcm43602 += "${PN}-broadcom-license"
 LICENSE_${PN}-bcm4366b = "Firmware-broadcom_bcm43xx"
 RDEPENDS_${PN}-bcm4366b += "${PN}-broadcom-license"
+LICENSE_${PN}-bcm4366c = "Firmware-broadcom_bcm43xx"
+RDEPENDS_${PN}-bcm4366c += "${PN}-broadcom-license"
 LICENSE_${PN}-bcm4371 = "Firmware-broadcom_bcm43xx"
 RDEPENDS_${PN}-bcm4371 += "${PN}-broadcom-license"
 
@@ -656,11 +660,11 @@
 FILES_${PN}-cypress-license = "${nonarch_base_libdir}/firmware/LICENCE.cypress"
 
 FILES_${PN}-bcm-0bb4-0306 = "${nonarch_base_libdir}/firmware/brcm/BCM-0bb4-0306.hcd"
-FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.bin"
-FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.bin"
-FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.bin"
+FILES_${PN}-bcm43340 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43340-sdio.*"
+FILES_${PN}-bcm43362 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43362-sdio.*"
+FILES_${PN}-bcm43430 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac43430-sdio.*"
 FILES_${PN}-bcm4354 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4354-sdio.bin"
-FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.bin"
+FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pcie.*"
 FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \
   ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \
 "
diff --git a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.1.bb b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.1.bb
index ec306af..5ac18ba 100644
--- a/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.1.bb
+++ b/poky/meta/recipes-multimedia/ffmpeg/ffmpeg_4.2.1.bb
@@ -102,8 +102,8 @@
     --arch=${TARGET_ARCH} \
     --target-os="linux" \
     --enable-cross-compile \
-    --extra-cflags="${TARGET_CFLAGS} ${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}" \
-    --extra-ldflags="${TARGET_LDFLAGS}" \
+    --extra-cflags="${CFLAGS} ${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS}" \
+    --extra-ldflags="${LDFLAGS}" \
     --sysroot="${STAGING_DIR_TARGET}" \
     ${EXTRA_FFCONF} \
     --libdir=${libdir} \
diff --git a/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb b/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
index 66af2f3..2ed87a8 100644
--- a/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
+++ b/poky/meta/recipes-multimedia/libpng/libpng_1.6.37.bb
@@ -29,3 +29,6 @@
 FILES_${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp"
 
 BBCLASSEXTEND = "native nativesdk"
+
+# CVE-2019-17371 is actually a memory leak in gif2png 2.x
+CVE_CHECK_WHITELIST += "CVE-2019-17371"
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index ffb4585..7855008 100644
--- a/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -33,3 +33,7 @@
 PACKAGECONFIG[regtest] = "--enable-sqlite,--disable-sqlite,sqlite3"
 
 inherit autotools lib_package pkgconfig
+
+# This can't be replicated and is just a memory leak.
+# https://github.com/erikd/libsndfile/issues/398
+CVE_CHECK_WHITELIST += "CVE-2018-13419"
diff --git a/poky/meta/recipes-sato/webkit/webkitgtk_2.26.1.bb b/poky/meta/recipes-sato/webkit/webkitgtk_2.26.2.bb
similarity index 97%
rename from poky/meta/recipes-sato/webkit/webkitgtk_2.26.1.bb
rename to poky/meta/recipes-sato/webkit/webkitgtk_2.26.2.bb
index 77e51e7..c3560e8 100644
--- a/poky/meta/recipes-sato/webkit/webkitgtk_2.26.1.bb
+++ b/poky/meta/recipes-sato/webkit/webkitgtk_2.26.2.bb
@@ -21,8 +21,8 @@
            file://include_array.patch \
            "
 
-SRC_URI[md5sum] = "08145bd6c1587230f135921c142bc150"
-SRC_URI[sha256sum] = "6b4b21801d2b1008422a1075dbd6fb4ae8b5127503faf657cf9671289d9cd155"
+SRC_URI[md5sum] = "65e06fe73ee166447894aaea95038e3b"
+SRC_URI[sha256sum] = "6b80f0637a80818559ac8fd50db3b394f41cb61904fb9b3ed65fa51635806512"
 
 inherit cmake pkgconfig gobject-introspection perlnative distro_features_check upstream-version-is-even gtk-doc
 
diff --git a/poky/meta/recipes-support/curl/curl_7.66.0.bb b/poky/meta/recipes-support/curl/curl_7.67.0.bb
similarity index 95%
rename from poky/meta/recipes-support/curl/curl_7.66.0.bb
rename to poky/meta/recipes-support/curl/curl_7.67.0.bb
index d1975f2..e08e08e 100644
--- a/poky/meta/recipes-support/curl/curl_7.66.0.bb
+++ b/poky/meta/recipes-support/curl/curl_7.67.0.bb
@@ -9,8 +9,8 @@
            file://0001-replace-krb5-config-with-pkg-config.patch \
 "
 
-SRC_URI[md5sum] = "c238aa394e3aa47ca4fcb0491774149f"
-SRC_URI[sha256sum] = "6618234e0235c420a21f4cb4c2dd0badde76e6139668739085a70c4e2fe7a141"
+SRC_URI[md5sum] = "7be288f6fd5b7b5e402ef3b36a461a24"
+SRC_URI[sha256sum] = "dd5f6956821a548bf4b44f067a530ce9445cc8094fd3e7e3fc7854815858586c"
 
 CVE_PRODUCT = "curl libcurl"
 inherit autotools pkgconfig binconfig multilib_header
diff --git a/poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb b/poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb
index 689cf8a..bb8885f 100644
--- a/poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb
+++ b/poky/meta/recipes-support/gnupg/gnupg_2.2.17.bb
@@ -29,6 +29,21 @@
 		--with-readline=${STAGING_LIBDIR}/.. \
 		--enable-gpg-is-gpg2 \
                "
+
+# A minimal package containing just enough to run gpg+gpgagent (E.g. use gpgme in opkg)
+PACKAGES =+ "${PN}-gpg"
+FILES_${PN}-gpg = " \
+	${bindir}/gpg \
+	${bindir}/gpg2 \
+	${bindir}/gpg-agent \
+"
+
+# Normal package (gnupg) should depend on minimal package (gnupg-gpg)
+# to ensure all tools are included. This is done only in non-native
+# builds. Native builds don't have sub-packages, so appending RDEPENDS
+# in this case breaks recipe parsing.
+RDEPENDS_${PN} += "${@ "" if ("native" in d.getVar("PN")) else (d.getVar("PN") + "-gpg")}"
+
 RRECOMMENDS_${PN} = "pinentry"
 
 do_configure_prepend () {
@@ -55,4 +70,4 @@
 PACKAGECONFIG[gnutls] = "--enable-gnutls, --disable-gnutls, gnutls"
 PACKAGECONFIG[sqlite3] = "--enable-sqlite, --disable-sqlite, sqlite3"
 
-BBCLASSEXTEND = "native"
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/libcheck/libcheck_0.12.0.bb b/poky/meta/recipes-support/libcheck/libcheck_0.13.0.bb
similarity index 83%
rename from poky/meta/recipes-support/libcheck/libcheck_0.12.0.bb
rename to poky/meta/recipes-support/libcheck/libcheck_0.13.0.bb
index 25ac2c4..226417f 100644
--- a/poky/meta/recipes-support/libcheck/libcheck_0.12.0.bb
+++ b/poky/meta/recipes-support/libcheck/libcheck_0.13.0.bb
@@ -7,8 +7,8 @@
 
 SRC_URI = "https://github.com/${BPN}/check/releases/download/${PV}/check-${PV}.tar.gz \
            file://not-echo-compiler-info-to-check_stdint.h.patch"
-SRC_URI[md5sum] = "31b17c6075820a434119592941186f70"
-SRC_URI[sha256sum] = "464201098bee00e90f5c4bdfa94a5d3ead8d641f9025b560a27755a83b824234"
+SRC_URI[md5sum] = "2c730c40b08482eaeb10132517970593"
+SRC_URI[sha256sum] = "c4336b31447acc7e3266854f73ec188cdb15554d0edd44739631da174a569909"
 UPSTREAM_CHECK_URI = "https://github.com/libcheck/check/releases/"
 
 S = "${WORKDIR}/check-${PV}"
diff --git a/poky/meta/recipes-support/libevent/libevent_2.1.11.bb b/poky/meta/recipes-support/libevent/libevent_2.1.11.bb
index f005ab8..8c7c49e 100644
--- a/poky/meta/recipes-support/libevent/libevent_2.1.11.bb
+++ b/poky/meta/recipes-support/libevent/libevent_2.1.11.bb
@@ -31,9 +31,17 @@
 
 DEPENDS = "zlib"
 
+PACKAGES_DYNAMIC = "^${PN}-.*$"
+python split_libevent_libs () {
+    do_split_packages(d, '${libdir}', r'^libevent_([a-z]*)-.*\.so\..*', '${PN}-%s', '${SUMMARY} (%s)', prepend=True, allow_links=True)
+}
+PACKAGESPLITFUNCS_prepend = "split_libevent_libs "
+
 BBCLASSEXTEND = "native nativesdk"
 
 do_install_append() {
+	rm ${D}${bindir}/event_rpcgen.py
+	rmdir ${D}${bindir}
         oe_multilib_header event2/event-config.h
 }
 
diff --git a/poky/meta/recipes-support/libksba/libksba_1.3.5.bb b/poky/meta/recipes-support/libksba/libksba_1.3.5.bb
index 4deda18..336d7f8 100644
--- a/poky/meta/recipes-support/libksba/libksba_1.3.5.bb
+++ b/poky/meta/recipes-support/libksba/libksba_1.3.5.bb
@@ -27,4 +27,4 @@
 	rm -f ${S}/m4/gpg-error.m4
 }
 
-BBCLASSEXTEND = "native"
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/libsoup/libsoup-2.4/0001-Do-not-enforce-no-introspection-when-cross-building.patch b/poky/meta/recipes-support/libsoup/libsoup-2.4/0001-Do-not-enforce-no-introspection-when-cross-building.patch
index cd6de85..d534457 100644
--- a/poky/meta/recipes-support/libsoup/libsoup-2.4/0001-Do-not-enforce-no-introspection-when-cross-building.patch
+++ b/poky/meta/recipes-support/libsoup/libsoup-2.4/0001-Do-not-enforce-no-introspection-when-cross-building.patch
@@ -3,7 +3,7 @@
 Date: Fri, 15 Feb 2019 14:21:06 +0100
 Subject: [PATCH] Do not enforce no-introspection when cross-building
 
-Upstream-Status: Pending
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/commit/7ef5ec60c33e254bcd915936bea3f04ba0fe2273]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
 Signed-off-by: Alistair Francis <alistair@alistair23.me>
 ---
diff --git a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.66.4.bb
similarity index 87%
rename from poky/meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb
rename to poky/meta/recipes-support/libsoup/libsoup-2.4_2.66.4.bb
index 357f2fd..7f5f910 100644
--- a/poky/meta/recipes-support/libsoup/libsoup-2.4_2.66.2.bb
+++ b/poky/meta/recipes-support/libsoup/libsoup-2.4_2.66.4.bb
@@ -12,8 +12,10 @@
 SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \
            file://0001-Do-not-enforce-no-introspection-when-cross-building.patch \
            "
-SRC_URI[md5sum] = "66c2ae89d6031b01337d78a2c57c75d5"
-SRC_URI[sha256sum] = "bd2ea602eba642509672812f3c99b77cbec2f3de02ba1cc8cb7206bf7de0ae2a"
+SRC_URI[md5sum] = "42016d80ecae4cf8eb416631049a273a"
+SRC_URI[sha256sum] = "8308984f1eee1c4f8c113a9c1763b2b22d981bd811b0cc82a9f3f1aa63228779"
+
+CVE_PRODUCT = "libsoup"
 
 S = "${WORKDIR}/libsoup-${PV}"
 
@@ -26,7 +28,7 @@
 
 EXTRA_OEMESON_append = " -Dvapi=false"
 
-GTKDOC_MESON_OPTION = "doc"
+GTKDOC_MESON_OPTION = "gtk_doc"
 
 # When built without gnome support, libsoup-2.4 will contain only one shared lib
 # and will therefore become subject to renaming by debian.bbclass. Prevent
diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.2.bb b/poky/meta/recipes-support/lz4/lz4_1.9.2.bb
index f0a8416..ed4452c 100644
--- a/poky/meta/recipes-support/lz4/lz4_1.9.2.bb
+++ b/poky/meta/recipes-support/lz4/lz4_1.9.2.bb
@@ -18,6 +18,9 @@
 
 S = "${WORKDIR}/git"
 
+# Fixed in r118, which is larger than the current version.
+CVE_CHECK_WHITELIST += "CVE-2014-4715"
+
 EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}"
 
 do_install() {
diff --git a/poky/meta/recipes-support/npth/npth_1.6.bb b/poky/meta/recipes-support/npth/npth_1.6.bb
index 8310efb..233e0dc 100644
--- a/poky/meta/recipes-support/npth/npth_1.6.bb
+++ b/poky/meta/recipes-support/npth/npth_1.6.bb
@@ -24,4 +24,4 @@
     oe_multilib_header npth.h
 }
 
-BBCLASSEXTEND = "native"
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/pinentry/pinentry_1.1.0.bb b/poky/meta/recipes-support/pinentry/pinentry_1.1.0.bb
index fb529d2..8c500dc 100644
--- a/poky/meta/recipes-support/pinentry/pinentry_1.1.0.bb
+++ b/poky/meta/recipes-support/pinentry/pinentry_1.1.0.bb
@@ -35,4 +35,4 @@
     --disable-rpath \
 "
 
-BBCLASSEXTEND = "native"
+BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-support/sqlite/sqlite3.inc b/poky/meta/recipes-support/sqlite/sqlite3.inc
index 4af1e09..07614bd 100644
--- a/poky/meta/recipes-support/sqlite/sqlite3.inc
+++ b/poky/meta/recipes-support/sqlite/sqlite3.inc
@@ -44,8 +44,6 @@
     --disable-static-shell \
 "
 
-CFLAGS_append = " -fPIC"
-
 # pread() is in POSIX.1-2001 so any reasonable system must surely support it
 CFLAGS_append = " -DUSE_PREAD"
 
diff --git a/poky/meta/recipes-support/vte/vte/0001-Add-m4-vapigen.m4.patch b/poky/meta/recipes-support/vte/vte/0001-Add-m4-vapigen.m4.patch
deleted file mode 100644
index 1c5630e..0000000
--- a/poky/meta/recipes-support/vte/vte/0001-Add-m4-vapigen.m4.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 08ca1c48b25c332b75bba2a6b5d757da006e955b Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Fri, 7 Oct 2016 16:27:57 +0300
-Subject: [PATCH] Add m4/vapigen.m4
-
-Building without vala will fail if we don't have a vapigen.m4.
-
-Upstream-Status: Pending
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
----
- m4/vapigen.m4 | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 96 insertions(+)
- create mode 100644 m4/vapigen.m4
-
-diff --git a/m4/vapigen.m4 b/m4/vapigen.m4
-new file mode 100644
-index 0000000..f2df12f
---- /dev/null
-+++ b/m4/vapigen.m4
-@@ -0,0 +1,96 @@
-+dnl vapigen.m4
-+dnl
-+dnl Copyright 2012 Evan Nemerson
-+dnl
-+dnl This library is free software; you can redistribute it and/or
-+dnl modify it under the terms of the GNU Lesser General Public
-+dnl License as published by the Free Software Foundation; either
-+dnl version 2.1 of the License, or (at your option) any later version.
-+dnl
-+dnl This library is distributed in the hope that it will be useful,
-+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
-+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+dnl Lesser General Public License for more details.
-+dnl
-+dnl You should have received a copy of the GNU Lesser General Public
-+dnl License along with this library; if not, write to the Free Software
-+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA
-+
-+# VAPIGEN_CHECK([VERSION], [API_VERSION], [FOUND-INTROSPECTION], [DEFAULT])
-+# --------------------------------------
-+# Check vapigen existence and version
-+#
-+# See http://live.gnome.org/Vala/UpstreamGuide for detailed documentation
-+AC_DEFUN([VAPIGEN_CHECK],
-+[
-+  AC_BEFORE([GOBJECT_INTROSPECTION_CHECK],[$0])
-+  AC_BEFORE([GOBJECT_INTROSPECTION_REQUIRE],[$0])
-+
-+  AC_ARG_ENABLE([vala],
-+    [AS_HELP_STRING([--enable-vala[=@<:@no/auto/yes@:>@]],[build Vala bindings @<:@default=]ifelse($4,,auto,$4)[@:>@])],,[
-+      AS_IF([test "x$4" = "x"], [
-+          enable_vala=auto
-+        ], [
-+          enable_vala=$4
-+        ])
-+    ])
-+
-+  AS_CASE([$enable_vala], [no], [enable_vala=no],
-+      [yes], [
-+        AS_IF([test "x$3" != "xyes" -a "x$found_introspection" != "xyes"], [
-+            AC_MSG_ERROR([Vala bindings require GObject Introspection])
-+          ])
-+      ], [auto], [
-+        AS_IF([test "x$3" != "xyes" -a "x$found_introspection" != "xyes"], [
-+            enable_vala=no
-+          ])
-+      ], [
-+        AC_MSG_ERROR([Invalid argument passed to --enable-vala, should be one of @<:@no/auto/yes@:>@])
-+      ])
-+
-+  AS_IF([test "x$2" = "x"], [
-+      vapigen_pkg_name=vapigen
-+    ], [
-+      vapigen_pkg_name=vapigen-$2
-+    ])
-+  AS_IF([test "x$1" = "x"], [
-+      vapigen_pkg="$vapigen_pkg_name"
-+    ], [
-+      vapigen_pkg="$vapigen_pkg_name >= $1"
-+    ])
-+
-+  PKG_PROG_PKG_CONFIG
-+
-+  PKG_CHECK_EXISTS([$vapigen_pkg], [
-+      AS_IF([test "$enable_vala" = "auto"], [
-+          enable_vala=yes
-+        ])
-+    ], [
-+      AS_CASE([$enable_vala], [yes], [
-+          AC_MSG_ERROR([$vapigen_pkg not found])
-+        ], [auto], [
-+          enable_vala=no
-+        ])
-+    ])
-+
-+  AC_MSG_CHECKING([for vala])
-+
-+  AS_CASE([$enable_vala],
-+    [yes], [
-+      VAPIGEN=`$PKG_CONFIG --variable=vapigen vapigen`
-+      VAPIGEN_MAKEFILE=`$PKG_CONFIG --variable=datadir vapigen`/vala/Makefile.vapigen
-+      AS_IF([test "x$2" = "x"], [
-+          VAPIGEN_VAPIDIR=`$PKG_CONFIG --variable=vapidir vapigen`
-+        ], [
-+          VAPIGEN_VAPIDIR=`$PKG_CONFIG --variable=vapidir_versioned vapigen`
-+        ])
-+    ])
-+
-+  AC_MSG_RESULT([$enable_vala])
-+
-+  AC_SUBST([VAPIGEN])
-+  AC_SUBST([VAPIGEN_VAPIDIR])
-+  AC_SUBST([VAPIGEN_MAKEFILE])
-+
-+  AM_CONDITIONAL(ENABLE_VAPIGEN, test "x$enable_vala" = "xyes")
-+])
--- 
-2.1.4
-
diff --git a/poky/meta/recipes-support/vte/vte/0001-Don-t-enable-stack-protection-by-default.patch b/poky/meta/recipes-support/vte/vte/0001-Don-t-enable-stack-protection-by-default.patch
deleted file mode 100644
index fcfc559..0000000
--- a/poky/meta/recipes-support/vte/vte/0001-Don-t-enable-stack-protection-by-default.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From b0a579d83e355545b64742c997fe8b1d58bf4207 Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Mon, 13 Jun 2016 11:05:00 +0300
-Subject: [PATCH] Don't enable stack-protection by default
-
-These are set by security_flags.inc.
-
-Upstream-Status: Inappropriate [configuration]
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
----
- configure.ac | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 068d072..d580f84 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -138,8 +138,6 @@ m4_define([compiler_flags_common],[ dnl
-   -fno-common dnl
-   -fdiagnostics-show-option dnl
-   -fno-strict-aliasing dnl
--  -fstack-protector dnl
--  -fstack-protector-strong dnl
-   -fno-semantic-interposition dnl
-   -Wno-deprecated-declarations dnl
- ])
--- 
-2.1.4
-
diff --git a/poky/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch b/poky/meta/recipes-support/vte/vte/0002-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
similarity index 100%
rename from poky/meta/recipes-support/vte/vte/0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
rename to poky/meta/recipes-support/vte/vte/0002-Add-W_EXITCODE-macro-for-non-glibc-systems.patch
diff --git a/poky/meta/recipes-support/vte/vte_0.56.3.bb b/poky/meta/recipes-support/vte/vte_0.58.2.bb
similarity index 60%
rename from poky/meta/recipes-support/vte/vte_0.56.3.bb
rename to poky/meta/recipes-support/vte/vte_0.58.2.bb
index 0deee17..9e27f69 100644
--- a/poky/meta/recipes-support/vte/vte_0.56.3.bb
+++ b/poky/meta/recipes-support/vte/vte_0.58.2.bb
@@ -9,18 +9,19 @@
     file://COPYING.LGPL3;md5=b52f2d57d10c4f7ee67a7eb9615d5d24 \
 "
 
-DEPENDS = "glib-2.0 gtk+3 libpcre2 intltool-native libxml2-native gperf-native"
+DEPENDS = "glib-2.0 gtk+3 libpcre2 libxml2-native gperf-native"
+
+GNOMEBASEBUILDCLASS = "meson"
+GIR_MESON_OPTION = 'gir'
 
 inherit gnomebase gtk-doc distro_features_check upstream-version-is-even gobject-introspection
 
 # vapigen.m4 is required when vala is not present (but the one from vala should be used normally)
-SRC_URI += "file://0001-Don-t-enable-stack-protection-by-default.patch \
-           ${@bb.utils.contains('PACKAGECONFIG', 'vala', '', 'file://0001-Add-m4-vapigen.m4.patch', d) } \
-           file://0001-app.cc-use-old-school-asignment-to-avoid-gcc-4.8-err.patch \
-           file://0001-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \
+SRC_URI += "file://0001-app.cc-use-old-school-asignment-to-avoid-gcc-4.8-err.patch \
+            file://0002-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \
            "
-SRC_URI[archive.md5sum] = "adf341807861a5dad9f98e5c701c0769"
-SRC_URI[archive.sha256sum] = "17a1d4bc8848f1d2acfa4c20aaa24b9bac49f057b8909c56d3dafec2e2332648"
+SRC_URI[archive.md5sum] = "dadbf2c1d9864d3ea185738f97ab63af"
+SRC_URI[archive.sha256sum] = "33c966d2b1f2c3b0f9416dbca883fd746159b5bd040350e3b78f8104b2a42bc0"
 
 ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
@@ -41,15 +42,13 @@
 FILES_${PN}-dev += "${datadir}/vala/vapi/*"
 
 PACKAGECONFIG ??= "gnutls"
-PACKAGECONFIG[vala] = "--enable-vala,--disable-vala,vala-native vala"
-PACKAGECONFIG[gnutls] = "--with-gnutls,--without-gnutls,gnutls"
+PACKAGECONFIG[vala] = "-Dvapi=true,-Dvapi=false,vala-native vala"
+PACKAGECONFIG[gnutls] = "-Dgnutls=true,-Dgnutls=false,gnutls"
+# vala requires gir
+PACKAGECONFIG_remove_class-native = "vala"
 
 CFLAGS += "-D_GNU_SOURCE"
 
-# libtool adds "-nostdlib" when g++ is used. This breaks PIE builds.
-# Use libtool-cross (which has a hack to prevent that) instead.
-EXTRA_OEMAKE_class-target = "LIBTOOL=${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool"
-
 PACKAGES =+ "libvte ${PN}-prompt"
 FILES_libvte = "${libdir}/*.so.* ${libdir}/girepository-1.0/*"
 FILES_${PN}-prompt = "${sysconfdir}/profile.d"