Fix patch

The patch order is messed up, because I committed the patches to
systemd-stable in the wrong order. Sorry.

0020-test-compress-benchmark-skip-loop-iteration-if-size-.patch

@@ -1,9 +1,11 @@
-From 15b947fb798cd131355ba9935802d58e92bdba6e Mon Sep 17 00:00:00 2001
+From f4bb8c3a9aed5ddefb66380c818d04aa0b663693 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Fri, 4 Mar 2016 21:46:47 -0500
 Subject: [PATCH] test-compress-benchmark: skip loop iteration if size is 0
 
 Otherwise we would hit an assert in the compression code.
+
+(cherry picked from commit 15b947fb798cd131355ba9935802d58e92bdba6e)
 ---
  src/journal/test-compress-benchmark.c | 2 ++
  1 file changed, 2 insertions(+)

0021-time-util-fall-back-to-CLOCK_MONOTONIC-if-CLOCK_BOOT.patch

@@ -0,0 +1,38 @@
+From c411521802d5e89eeb5cdf39cdd7b9538a3a3a08 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Tue, 15 Mar 2016 12:43:33 +0100
+Subject: [PATCH] time-util: fall back to CLOCK_MONOTONIC if CLOCK_BOOTTIME
+ unsupported
+
+It was added in 2.6.39, and causes an assertion to fail when running in mock
+hosted on 2.6.23-based RHEL-6:
+
+Assertion 'clock_gettime(map_clock_id(clock_id), &ts) == 0' failed at systemd/src/basic/time-util.c:70, function now(). Aborting.
+
+(cherry picked from commit 2abd5b5a49ae368b258ffc7257ab703bccda67dd)
+---
+ src/basic/time-util.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/time-util.c b/src/basic/time-util.c
+index 510f018d9b..ec112e23e2 100644
+--- a/src/basic/time-util.c
++++ b/src/basic/time-util.c
+@@ -47,12 +47,15 @@ static clockid_t map_clock_id(clockid_t c) {
+         /* Some more exotic archs (s390, ppc, …) lack the "ALARM" flavour of the clocks. Thus, clock_gettime() will
+          * fail for them. Since they are essentially the same as their non-ALARM pendants (their only difference is
+          * when timers are set on them), let's just map them accordingly. This way, we can get the correct time even on
+-         * those archs. */
++         * those archs.
++         *
++         * Also, older kernels don't support CLOCK_BOOTTIME: fall back to CLOCK_MONOTONIC. */
+ 
+         switch (c) {
+ 
++        case CLOCK_BOOTTIME:
+         case CLOCK_BOOTTIME_ALARM:
+-                return CLOCK_BOOTTIME;
++                return clock_boottime_or_monotonic ();
+ 
+         case CLOCK_REALTIME_ALARM:
+                 return CLOCK_REALTIME;

0022-headers-use-__inline__-instead-of-inline.patch

@@ -0,0 +1,47 @@
+From b1ab67134c28ade32eab8fde37840efac789affc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 11 Mar 2016 13:41:49 -0500
+Subject: [PATCH] headers: use __inline__ instead of inline
+
+https://gcc.gnu.org/onlinedocs/gcc-5.3.0/gcc/Alternate-Keywords.html#Alternate-Keywords
+recommends __inline__ over inline in ANSI C compatible headers.
+Tested with gcc-5.3 and clang-3.7.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1316964
+(cherry picked from commit 0cb27225e9c658d80538ace7a267ba0a2d2f44f2)
+---
+ src/systemd/_sd-common.h | 2 +-
+ src/systemd/sd-id128.h   | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/systemd/_sd-common.h b/src/systemd/_sd-common.h
+index 2d4e1f26e1..3bb886be75 100644
+--- a/src/systemd/_sd-common.h
++++ b/src/systemd/_sd-common.h
+@@ -74,7 +74,7 @@
+ #endif
+ 
+ #define _SD_DEFINE_POINTER_CLEANUP_FUNC(type, func)             \
+-        static inline void func##p(type **p) {                  \
++        static __inline__ void func##p(type **p) {              \
+                 if (*p)                                         \
+                         func(*p);                               \
+         }                                                       \
+diff --git a/src/systemd/sd-id128.h b/src/systemd/sd-id128.h
+index a3bf5897b8..4dff0b9b81 100644
+--- a/src/systemd/sd-id128.h
++++ b/src/systemd/sd-id128.h
+@@ -100,11 +100,11 @@ int sd_id128_get_boot(sd_id128_t *ret);
+                 ((x).bytes[15] & 15) >= 10 ? 'a' + ((x).bytes[15] & 15) - 10 : '0' + ((x).bytes[15] & 15), \
+                 0 })
+ 
+-_sd_pure_ static inline int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
++_sd_pure_ static __inline__ int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
+         return memcmp(&a, &b, 16) == 0;
+ }
+ 
+-_sd_pure_ static inline int sd_id128_is_null(sd_id128_t a) {
++_sd_pure_ static __inline__ int sd_id128_is_null(sd_id128_t a) {
+         return a.qwords[0] == 0 && a.qwords[1] == 0;
+ }
+ 

0023-dev-console-must-be-labeled-with-SELinux-label.patch

@@ -0,0 +1,47 @@
+From 641a7f0c61ff42ea55ad7152e7f874ea5d680a2d Mon Sep 17 00:00:00 2001
+From: Dan Walsh <dwalsh@redhat.com>
+Date: Wed, 9 Mar 2016 09:29:25 -0500
+Subject: [PATCH] /dev/console must be labeled with SELinux label
+
+If the user specifies an selinux_apifs_context all content created in
+the container including /dev/console should use this label.
+
+Currently when this uses the default label it gets labeled user_devpts_t,
+which would require us to write a policy allowing container processes to
+manage user_devpts_t.  This means that an escaped process would be allowed
+to attack all users terminals as well as other container terminals.  Changing
+the label to match the apifs_context, means the processes would only be allowed
+to manage their specific tty.
+
+This change fixes a problem preventing RKT containers from working with systemd-nspawn.
+
+(cherry picked from commit 68b020494d1ff085281061413d9236b5865ef238)
+---
+ src/nspawn/nspawn.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index ef348c335b..8c06f6ef75 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -87,6 +87,7 @@
+ #ifdef HAVE_SECCOMP
+ #include "seccomp-util.h"
+ #endif
++#include "selinux-util.h"
+ #include "signal-util.h"
+ #include "socket-util.h"
+ #include "stat-util.h"
+@@ -3286,6 +3287,12 @@ int main(int argc, char *argv[]) {
+                 goto finish;
+         }
+ 
++        if (arg_selinux_apifs_context) {
++                r = mac_selinux_apply(console, arg_selinux_apifs_context);
++                if (r < 0)
++                        goto finish;
++        }
++
+         if (unlockpt(master) < 0) {
+                 r = log_error_errno(errno, "Failed to unlock tty: %m");
+                 goto finish;

0024-fstab-generator-fix-automount-option-and-don-t-start.patch

@@ -0,0 +1,90 @@
+From 1b8bdd05fcecd83cc8c8269f06a50ced055ab864 Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Tue, 1 Dec 2015 18:01:44 +0100
+Subject: [PATCH] fstab-generator: fix automount option and don't start
+ associated mount unit at boot
+
+Without this patch applied the mount unit with 'automount' option was still
+pulled by local-fs.target and thus was activated during the boot process which
+defeats the purpose of the 'automount' option:
+
+   $ grep /mnt /etc/fstab
+   /dev/vdb1 /mnt ext2 defaults,x-systemd.automount 0 0
+
+   $ reboot
+   ...
+
+   $ mount | grep mnt
+   systemd-1 on /mnt type autofs (rw,relatime,fd=34,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
+   /dev/vdb1 on /mnt type ext2 (rw,relatime)
+
+   $ systemctl status mnt.mount | grep Active
+      Active: active (mounted) since Thu 2016-03-03 21:36:22 CET; 42s ago
+
+With the patch applied:
+
+   $ reboot
+   ...
+
+   $ mount | grep mnt
+   systemd-1 on /mnt type autofs (rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
+
+   $ systemctl status mnt.mount | grep Active
+      Active: inactive (dead)
+
+   $ ls /mnt
+   lost+found
+
+   $ systemctl status mnt.mount | grep Active
+      Active: active (mounted) since Thu 2016-03-03 21:47:32 CET; 4s ago
+
+(cherry picked from commit 2b14df4a9ae92623b584e61db6b5b37accd832c1)
+---
+ src/core/mount.c                      | 11 ++++++++++-
+ src/fstab-generator/fstab-generator.c |  4 ++--
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index de1075d3a0..cfe4b0f517 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -104,6 +104,14 @@ static bool mount_is_auto(const MountParameters *p) {
+         return !fstab_test_option(p->options, "noauto\0");
+ }
+ 
++static bool mount_is_automount(const MountParameters *p) {
++        assert(p);
++
++        return fstab_test_option(p->options,
++                                 "comment=systemd.automount\0"
++                                 "x-systemd.automount\0");
++}
++
+ static bool needs_quota(const MountParameters *p) {
+         assert(p);
+ 
+@@ -328,7 +336,8 @@ static int mount_add_device_links(Mount *m) {
+         if (path_equal(m->where, "/"))
+                 return 0;
+ 
+-        if (mount_is_auto(p) && UNIT(m)->manager->running_as == MANAGER_SYSTEM)
++        if (mount_is_auto(p) && !mount_is_automount(p) &&
++            UNIT(m)->manager->running_as == MANAGER_SYSTEM)
+                 device_wants_mount = true;
+ 
+         r = unit_add_node_link(UNIT(m), p->what, device_wants_mount, m->from_fragment ? UNIT_BINDS_TO : UNIT_REQUIRES);
+diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
+index 97a48764ae..6f576b5ecf 100644
+--- a/src/fstab-generator/fstab-generator.c
++++ b/src/fstab-generator/fstab-generator.c
+@@ -336,8 +336,8 @@ static int add_mount(
+         if (r < 0)
+                 return log_error_errno(r, "Failed to write unit file %s: %m", unit);
+ 
+-        if (!noauto) {
+-                lnk = strjoin(arg_dest, "/", post, nofail || automount ? ".wants/" : ".requires/", name, NULL);
++        if (!noauto && !automount) {
++                lnk = strjoin(arg_dest, "/", post, nofail ? ".wants/" : ".requires/", name, NULL);
+                 if (!lnk)
+                         return log_oom();
+ 

0025-shared-add-a-temporary-work-around-for-kernel-header.patch

@@ -0,0 +1,41 @@
+From d5d78852bac634317639e87868647548c586b15a Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 5 Apr 2016 19:30:31 +0200
+Subject: [PATCH] shared: add a temporary work-around for kernel header
+ inclusion fuck-up
+
+See: #2864
+---
+ src/shared/firewall-util.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
+index 0d3da2e6d2..ade2de7727 100644
+--- a/src/shared/firewall-util.c
++++ b/src/shared/firewall-util.c
+@@ -17,14 +17,24 @@
+   along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+ 
++#warning "Temporary work-around for broken glibc vs. linux kernel header definitions"
++#warning "This really should be removed sooner rather than later, when this is fixed upstream"
++#define _NET_IF_H 1
++
+ #include <alloca.h>
+ #include <arpa/inet.h>
+ #include <endian.h>
+ #include <errno.h>
+-#include <net/if.h>
+ #include <stddef.h>
+ #include <string.h>
+ #include <sys/socket.h>
++#include <net/if.h>
++#include <linux/if.h>
++#ifndef IFNAMSIZ
++#undef _NET_IF_H
++/* Let's make sure to include this one, too, if IFNAMSIZ isn't defined yet, as it is for kernels <= 4.2 */
++#include <net/if.h>
++#endif
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter/nf_nat.h>
+ #include <linux/netfilter/xt_addrtype.h>

0026-Make-the-fix-for-net-if.h-fuckup-even-worse-3287.patch

@@ -0,0 +1,45 @@
+From 8becf310b0b72abe8e0bd9707fc8064636609e30 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 20 May 2016 09:12:42 -0400
+Subject: [PATCH] Make the fix for net/if.h fuckup even worse (#3287)
+
+The original conflict is fixed in the kernel in v4.6-rc7-40-g4a91cb61bb,
+but now our work-around causes a compilation failure.
+Keep the workaround to support 4.5 kernels for now, and layer
+more ugliness on top.
+
+Tested with:
+kernel-headers-4.6.0-1.fc25.x86_64
+glibc-devel-2.23.90-18.fc25.x86_64
+
+kernel-headers-4.5.4-300.fc24.x86_64
+glibc-devel-2.23.1-7.fc24.x86_64
+
+kernel-headers-4.4.9-300.fc23.x86_64
+glibc-devel-2.22-16.fc23.x86_64
+
+kernel-headers-4.1.13-100.fc21.x86_64
+glibc-devel-2.20-8.fc21.x86_64
+---
+ src/shared/firewall-util.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
+index ade2de7727..efcde9563d 100644
+--- a/src/shared/firewall-util.c
++++ b/src/shared/firewall-util.c
+@@ -29,12 +29,10 @@
+ #include <string.h>
+ #include <sys/socket.h>
+ #include <net/if.h>
+-#include <linux/if.h>
+ #ifndef IFNAMSIZ
+-#undef _NET_IF_H
+-/* Let's make sure to include this one, too, if IFNAMSIZ isn't defined yet, as it is for kernels <= 4.2 */
+-#include <net/if.h>
++#define IFNAMSIZ 16
+ #endif
++#include <linux/if.h>
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter/nf_nat.h>
+ #include <linux/netfilter/xt_addrtype.h>

0027-check-for-valid-resume-in-order-to-allow-a-hibernate.patch

@@ -0,0 +1,86 @@
+From 313f86d98c7232354d1d877f94f263dfcbcb7dd4 Mon Sep 17 00:00:00 2001
+From: James Hogarth <james.hogarth@gmail.com>
+Date: Tue, 17 May 2016 11:33:33 +0100
+Subject: [PATCH] check for valid resume= in order to allow a hibernate
+
+---
+ src/shared/sleep-config.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 53 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c
+index a0aef66bc8..c516a6dc8a 100644
+--- a/src/shared/sleep-config.c
++++ b/src/shared/sleep-config.c
+@@ -36,6 +36,10 @@
+ #include "sleep-config.h"
+ #include "string-util.h"
+ #include "strv.h"
++#include "proc-cmdline.h"
++#include "fstab-util.h"
++
++static char *arg_resume_dev = NULL;
+ 
+ #define USE(x, y) do{ (x) = (y); (y) = NULL; } while(0)
+ 
+@@ -255,6 +259,51 @@ static bool enough_memory_for_hibernation(void) {
+         return r;
+ }
+ 
++static int parse_proc_cmdline_item(const char *key, const char *value) {
++
++        assert(key);
++
++        if (streq(key, "resume") && value) {
++                free(arg_resume_dev);
++                arg_resume_dev = fstab_node_to_udev_node(value);
++                if (!arg_resume_dev)
++                        return log_oom();
++        }
++
++        return 0;
++
++}
++
++static bool resume_passed_to_kernel(void) {
++        int r = 0;
++        struct stat rd;
++
++        r = parse_proc_cmdline(parse_proc_cmdline_item);
++        if (r < 0) {
++                log_warning("Failed to parse kernel command line, disabling hibernation.");
++                return false;
++        }
++
++        if (arg_resume_dev == NULL) {
++                log_warning("No resume= argument specified in the kernel command line, disabling hibernation.");
++                return false;
++        }
++
++        if (stat(arg_resume_dev, &rd) < 0) {
++                log_warning("Could not stat device %s specified in resume=, disabling hibernation.",
++                            arg_resume_dev);
++                return false;
++        }
++
++        if (!S_ISBLK(rd.st_mode)) {
++                log_warning("Device %s specified in resume= is not a block device, disabling hibernation.",
++                            arg_resume_dev);
++                return false;
++        }
++
++        return true;
++}
++
+ int can_sleep(const char *verb) {
+         _cleanup_strv_free_ char **modes = NULL, **states = NULL;
+         int r;
+@@ -270,5 +319,8 @@ int can_sleep(const char *verb) {
+         if (!can_sleep_state(states) || !can_sleep_disk(modes))
+                 return false;
+ 
+-        return streq(verb, "suspend") || enough_memory_for_hibernation();
++        if (streq(verb, "suspend"))
++                return true;
++
++        return enough_memory_for_hibernation() && resume_passed_to_kernel();
+ }

0028-keymap-util-also-convert-ru-to-ru.patch

@@ -0,0 +1,59 @@
+From e8acb2eb8186d0c46059c0a18d328839886ccd36 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 29 May 2016 23:36:44 -0400
+Subject: [PATCH] keymap-util: also "convert" 'ru' to 'ru'
+
+As discovered by Adam Williamson in
+https://bugzilla.redhat.com/show_bug.cgi?id=1333998#c32, after the changes in
+81fd105a5f9 we would only match compound layouts, i.e. a comma would be
+required after 'ru' to match. This seems wrong, and we should match single
+layouts like too. So 'ru', 'ru,us' now both match.
+
+startswith_comma is changed to not require a comma, i.e. check that the prefix
+matches until a comma or the end of the string. Note that startswith_comma is
+called twice. At the first site, we check that strings are not equal
+beforehand, so this change to startswith_comma has no effect. At the second
+site, it does have an effect, as described above.
+
+(This commit is cherry-picked from
+https://github.com/systemd/systemd/pull/3384.)
+---
+ src/locale/localed.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/locale/localed.c b/src/locale/localed.c
+index a2fc6af4c9..62f8341cb9 100644
+--- a/src/locale/localed.c
++++ b/src/locale/localed.c
+@@ -101,9 +101,11 @@ static const char* nonempty(const char *s) {
+ }
+ 
+ static bool startswith_comma(const char *s, const char *prefix) {
+-        const char *t;
++        s = startswith(s, prefix);
++        if (!s)
++                return false;
+ 
+-        return s && (t = startswith(s, prefix)) && (*t == ',');
++        return *s == ',' || *s == '\0';
+ }
+ 
+ static void context_free_x11(Context *c) {
+@@ -681,6 +683,8 @@ static int find_legacy_keymap(Context *c, char **new_keymap) {
+         unsigned best_matching = 0;
+         int r;
+ 
++        assert(c->x11_layout);
++
+         f = fopen(SYSTEMD_KBD_MODEL_MAP, "re");
+         if (!f)
+                 return -errno;
+@@ -696,7 +700,7 @@ static int find_legacy_keymap(Context *c, char **new_keymap) {
+                         break;
+ 
+                 /* Determine how well matching this entry is */
+-                if (streq_ptr(c->x11_layout, a[1]))
++                if (streq(c->x11_layout, a[1]))
+                         /* If we got an exact match, this is best */
+                         matching = 10;
+                 else {

0029-resolved-don-t-stop-handle-messages-after-receiving-.patch

@@ -0,0 +1,54 @@
+From b9da815deb890443e80e11c73b5084dcfb75ad4f Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Mon, 23 May 2016 11:19:14 +0300
+Subject: [PATCH] resolved: don't stop handle messages after receiving a zero
+ length UDP packet (#3323)
+
+Fixes:
+
+-bash-4.3# ss --udp -l -p
+State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port
+UNCONN     0      0          *:5355                     *:* users:(("systemd-resolve",pid=601,fd=12))
+UNCONN     0      0         :::5355                    :::* users:(("systemd-resolve",pid=601,fd=14))
+
+-bash-4.3# nping --udp -p 5355 --data-length 0 -c 1 localhost
+
+-bash-4.3# journalctl -u systemd-resolved -b --no-hostname
+...
+May 21 14:59:22 systemd-resolved[601]: Event source llmnr-ipv4-udp (type io) returned error, disabling: Input/output error
+...
+
+-bash-4.3# nping --udp -p 5355 --data-length 1000 -c 1 localhost
+
+-bash-4.3# ss --udp -l
+State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port
+UNCONN     2304   0          *:5355                     *:*
+UNCONN     0      0         :::5355                    :::*
+(cherry picked from commit f134289ac59560946e6559d9487e60c7690396ba)
+---
+ src/resolve/resolved-manager.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
+index 7f9073448a..aeb2b78523 100644
+--- a/src/resolve/resolved-manager.c
++++ b/src/resolve/resolved-manager.c
+@@ -643,6 +643,8 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
+         mh.msg_controllen = sizeof(control);
+ 
+         l = recvmsg(fd, &mh, 0);
++        if (l == 0)
++                return 0;
+         if (l < 0) {
+                 if (errno == EAGAIN || errno == EINTR)
+                         return 0;
+@@ -650,9 +652,6 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
+                 return -errno;
+         }
+ 
+-        if (l <= 0)
+-                return -EIO;
+-
+         assert(!(mh.msg_flags & MSG_CTRUNC));
+         assert(!(mh.msg_flags & MSG_TRUNC));
+ 

0030-sd-device-udev-db-handle-properties-with-empty-value.patch

@@ -0,0 +1,31 @@
+From 17f18346b4158098adaaf7044660124418bca8c3 Mon Sep 17 00:00:00 2001
+From: Tom Gundersen <teg@jklm.no>
+Date: Tue, 24 May 2016 01:34:29 +0200
+Subject: [PATCH] sd-device: udev-db - handle properties with empty value
+ (#3330)
+
+The statemachine was unable to parse properties with empty values,
+reported in [0].
+
+When reaching the start of the KEY, we would unconditionally read
+one more character before starting to look for the end-of-line.
+Simply look for the end-of-line from the first character.
+
+[0]: <https://bugzilla.redhat.com/show_bug.cgi?id=1338823>
+(cherry picked from commit bee26651fc3ca2fe6bed00cb0d9c91c429e9bb57)
+---
+ src/libsystemd/sd-device/sd-device.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
+index 9633e46ce0..dfa1731b30 100644
+--- a/src/libsystemd/sd-device/sd-device.c
++++ b/src/libsystemd/sd-device/sd-device.c
+@@ -561,7 +561,6 @@ int device_read_uevent_file(sd_device *device) {
+ 
+                         state = VALUE;
+ 
+-                        break;
+                 case VALUE:
+                         if (strchr(NEWLINE, uevent[i])) {
+                                 uevent[i] = '\0';

0031-core-fix-the-reversed-sanity-check-when-setting-Star.patch

@@ -0,0 +1,27 @@
+From d43288b418d8dfc6f2e5ef7ac7048f0af593b70e Mon Sep 17 00:00:00 2001
+From: Tejun Heo <htejun@fb.com>
+Date: Mon, 23 May 2016 16:48:46 -0400
+Subject: [PATCH] core: fix the reversed sanity check when setting
+ StartupBlockIOWeight over dbus
+
+bus_cgroup_set_property() was rejecting if the input value was in range.
+Reverse it.
+
+(cherry picked from commit 6fb09269769634df1096663ce90fac47585eb63a)
+---
+ src/core/dbus-cgroup.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
+index 859d155ec1..0dbb355a8a 100644
+--- a/src/core/dbus-cgroup.c
++++ b/src/core/dbus-cgroup.c
+@@ -325,7 +325,7 @@ int bus_cgroup_set_property(
+                 if (r < 0)
+                         return r;
+ 
+-                if (CGROUP_BLKIO_WEIGHT_IS_OK(weight))
++                if (!CGROUP_BLKIO_WEIGHT_IS_OK(weight))
+                         return sd_bus_error_set_errnof(error, EINVAL, "StartupBlockIOWeight value out of range");
+ 
+                 if (mode != UNIT_CHECK) {

0032-core-make-sure-to-close-connection-fd-when-we-fail-t.patch

@@ -0,0 +1,58 @@
+From 17c17ff59518267077632906ac39b7c69bf47f96 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 28 Apr 2016 17:09:50 +0200
+Subject: [PATCH] core: make sure to close connection fd when we fail to
+ activate a per-connection service
+
+Fixes: #2993 #2691
+(cherry picked from commit 3e7a1f50e473a374e1657d2051237e2db04c4db2)
+Resolves: rhbug#1310608
+---
+ src/core/service.c | 2 +-
+ src/core/service.h | 1 +
+ src/core/socket.c  | 6 +++++-
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index ac7e41d777..01d6582aec 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -181,7 +181,7 @@ static int service_set_main_pid(Service *s, pid_t pid) {
+         return 0;
+ }
+ 
+-static void service_close_socket_fd(Service *s) {
++void service_close_socket_fd(Service *s) {
+         assert(s);
+ 
+         s->socket_fd = asynchronous_close(s->socket_fd);
+diff --git a/src/core/service.h b/src/core/service.h
+index d342e000bb..20bfd0662b 100644
+--- a/src/core/service.h
++++ b/src/core/service.h
+@@ -200,6 +200,7 @@ struct Service {
+ extern const UnitVTable service_vtable;
+ 
+ int service_set_socket_fd(Service *s, int fd, struct Socket *socket, bool selinux_context_net);
++void service_close_socket_fd(Service *s);
+ 
+ const char* service_restart_to_string(ServiceRestart i) _const_;
+ ServiceRestart service_restart_from_string(const char *s) _pure_;
+diff --git a/src/core/socket.c b/src/core/socket.c
+index 976687af41..60906b196c 100644
+--- a/src/core/socket.c
++++ b/src/core/socket.c
+@@ -1994,8 +1994,12 @@ static void socket_enter_running(Socket *s, int cfd) {
+                 s->n_connections ++;
+ 
+                 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
+-                if (r < 0)
++                if (r < 0) {
++                        /* We failed to activate the new service, but it still exists. Let's make sure the service
++                         * closes and forgets the connection fd again, immediately. */
++                        service_close_socket_fd(service);
+                         goto fail;
++                }
+ 
+                 /* Notify clients about changed counters */
+                 unit_add_to_dbus_queue(UNIT(s));

0033-device-Ensure-we-have-sysfs-path-before-comparing.patch

@@ -0,0 +1,33 @@
+From 53f2649652c3e0ec756e3a4545a88f6bda24cbce Mon Sep 17 00:00:00 2001
+From: Colin Guthrie <colin@mageia.org>
+Date: Mon, 14 Mar 2016 09:42:07 +0000
+Subject: [PATCH] device: Ensure we have sysfs path before comparing.
+
+In some cases we do not have a udev device when setting up a unit
+(certainly the code gracefully handles this). However, we do
+then go on to compare the path via path_equal which will assert
+if a null value is passed in.
+
+See https://bugs.mageia.org/show_bug.cgi?id=17766
+
+Not sure if this is the correct fix, but it avoids the crash
+
+(cherry picked from commit 5e1558f4a09e596561c9168384f2258e7c0718a1)
+Resolves: rhbug#1321392
+---
+ src/core/device.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/device.c b/src/core/device.c
+index d201dc5e4b..c64e01c2aa 100644
+--- a/src/core/device.c
++++ b/src/core/device.c
+@@ -318,7 +318,7 @@ static int device_setup_unit(Manager *m, struct udev_device *dev, const char *pa
+          * the GC to have garbaged it. That's desired since the device
+          * unit may have a dependency on the mount unit which was
+          * added during the loading of the later. */
+-        if (u && DEVICE(u)->state == DEVICE_PLUGGED) {
++        if (sysfs && u && DEVICE(u)->state == DEVICE_PLUGGED) {
+                 /* This unit is in plugged state: we're sure it's
+                  * attached to a device. */
+                 if (!path_equal(DEVICE(u)->sysfs, sysfs)) {

0034-networkctl-split-out-system-status-stuff-into-its-ow.patch

@@ -0,0 +1,103 @@
+From c910d4a516c002f68f9d30a6457cbad0f02fed16 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 19 Feb 2016 18:20:40 +0100
+Subject: [PATCH] networkctl: split out system status stuff into its own
+ function
+
+(cherry picked from commit 0070333f26543a319a17aee8b22bdde4071630c4)
+Resolves: rhbug#1325462
+---
+ src/network/networkctl.c | 67 ++++++++++++++++++++++++++----------------------
+ 1 file changed, 36 insertions(+), 31 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 60724fce80..9640e30499 100644
+--- a/src/network/networkctl.c
++++ b/src/network/networkctl.c
+@@ -660,12 +660,46 @@ static int link_status_one(
+         return 0;
+ }
+ 
++static int system_status(sd_netlink *rtnl, sd_hwdb *hwdb) {
++        _cleanup_free_ char *operational_state = NULL;
++        _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains = NULL;
++        const char *on_color_operational, *off_color_operational;
++
++        assert(rtnl);
++
++        sd_network_get_operational_state(&operational_state);
++        operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
++
++        printf("%s%s%s        State: %s%s%s\n",
++               on_color_operational, draw_special_char(DRAW_BLACK_CIRCLE), off_color_operational,
++               on_color_operational, strna(operational_state), off_color_operational);
++
++        dump_addresses(rtnl, "       Address: ", 0);
++        dump_gateways(rtnl, hwdb, "       Gateway: ", 0);
++
++        sd_network_get_dns(&dns);
++        dump_list("           DNS: ", dns);
++
++        sd_network_get_search_domains(&search_domains);
++        dump_list("Search Domains: ", search_domains);
++
++        sd_network_get_route_domains(&route_domains);
++        dump_list(" Route Domains: ", route_domains);
++
++        sd_network_get_ntp(&ntp);
++        dump_list("           NTP: ", ntp);
++
++        return 0;
++}
++
+ static int link_status(int argc, char *argv[], void *userdata) {
+         _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
+         _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+         char **name;
+         int r;
+ 
++        pager_open_if_enabled();
++
+         r = sd_netlink_open(&rtnl);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to connect to netlink: %m");
+@@ -674,37 +708,8 @@ static int link_status(int argc, char *argv[], void *userdata) {
+         if (r < 0)
+                 log_debug_errno(r, "Failed to open hardware database: %m");
+ 
+-        if (argc <= 1 && !arg_all) {
+-                _cleanup_free_ char *operational_state = NULL;
+-                _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains;
+-                const char *on_color_operational, *off_color_operational;
+-
+-                sd_network_get_operational_state(&operational_state);
+-                operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
+-
+-                printf("%s%s%s        State: %s%s%s\n",
+-                       on_color_operational, draw_special_char(DRAW_BLACK_CIRCLE), off_color_operational,
+-                       on_color_operational, strna(operational_state), off_color_operational);
+-
+-                dump_addresses(rtnl, "       Address: ", 0);
+-                dump_gateways(rtnl, hwdb, "       Gateway: ", 0);
+-
+-                sd_network_get_dns(&dns);
+-                dump_list("           DNS: ", dns);
+-
+-                sd_network_get_search_domains(&search_domains);
+-                dump_list("Search Domains: ", search_domains);
+-
+-                sd_network_get_route_domains(&route_domains);
+-                dump_list(" Route Domains: ", route_domains);
+-
+-                sd_network_get_ntp(&ntp);
+-                dump_list("           NTP: ", ntp);
+-
+-                return 0;
+-        }
+-
+-        pager_open_if_enabled();
++        if (argc <= 1 && !arg_all)
++                return system_status(rtnl, hwdb);
+ 
+         if (arg_all) {
+                 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;

0035-systemd-user-call-pam_loginuid-when-creating-user-.s.patch

@@ -0,0 +1,32 @@
+From fa53f32e949f6d8722b371480fea7d2258785309 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 26 Apr 2016 05:19:10 -0400
+Subject: [PATCH] systemd --user: call pam_loginuid when creating user@.service
+ (#3120)
+
+This way the user service will have a loginuid, and it will be inherited by
+child services. This shouldn't change anything as far as systemd itself is
+concerned, but is nice for various services spawned from by systemd --user
+that expect a loginuid.
+
+pam_loginuid(8) says that it should be enabled for "..., crond and atd".
+user@.service should behave similarly to those two as far as audit is
+concerned.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1328947#c28
+(cherry picked from commit 1000522a60ceade446773c67031b47a566d4a70d)
+Resolves: rhbug#1328947
+---
+ src/login/systemd-user.m4 | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/login/systemd-user.m4 b/src/login/systemd-user.m4
+index 7933508f2b..f188a8e548 100644
+--- a/src/login/systemd-user.m4
++++ b/src/login/systemd-user.m4
+@@ -8,4 +8,5 @@ m4_ifdef(`HAVE_SELINUX',
+ session  required pam_selinux.so close
+ session  required pam_selinux.so nottys open
+ )m4_dnl
++session  required pam_loginuid.so
+ session  include system-auth

0036-systemctl-suppress-no-Install-hint-when-quiet-is-use.patch

@@ -0,0 +1,26 @@
+From 599fc965a46c36b9be06bcfd026e2dadeefbbbf5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 19 May 2016 15:08:41 -0400
+Subject: [PATCH] systemctl: suppress no-[Install] hint when --quiet is used
+ (#3295)
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1336960
+(cherry picked from commit 35b132e8ad3c50614605e00cf8ff20988094d21c)
+Resolves: rhbug#1336960
+---
+ src/systemctl/systemctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 908ccabf8a..b4581fe542 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -5521,7 +5521,7 @@ static int enable_unit(int argc, char *argv[], void *userdata) {
+                         r = 0;
+         }
+ 
+-        if (carries_install_info == 0)
++        if (carries_install_info == 0 && !arg_quiet)
+                 log_warning("The unit files have no [Install] section. They are not meant to be enabled\n"
+                             "using systemctl.\n"
+                             "Possible reasons for having this kind of units are:\n"

0037-systemctl-make-sure-we-terminate-the-bus-connection-.patch

@@ -0,0 +1,156 @@
+From 95802bf0349e70d56eb00f7183a5dc4ff4655f09 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 16 Jun 2016 15:29:16 +0200
+Subject: [PATCH] systemctl: make sure we terminate the bus connection first,
+ and then close the pager (#3550)
+
+If "systemctl -H" is used, let's make sure we first terminate the bus
+connection, and only then close the pager. If done in this order ssh will get
+an EOF on stdin (as we speak D-Bus through ssh's stdin/stdout), and then
+terminate. This makes sure the standard error we were invoked on is released by
+ssh, and only that makes sure we don't deadlock on the pager which waits for
+all clients closing its input pipe.
+
+(Similar fixes for the various other xyzctl tools that support both pagers and
+-H)
+
+Fixes: #3543
+(cherry picked from commit cf647b69baee4c478d3909c327e3d917e1563f44)
+Resolves: rhbug#1341179
+---
+ src/libsystemd/sd-bus/busctl.c | 3 ++-
+ src/locale/localectl.c         | 3 ++-
+ src/login/loginctl.c           | 4 +++-
+ src/machine/machinectl.c       | 3 ++-
+ src/systemctl/systemctl.c      | 4 ++--
+ src/timedate/timedatectl.c     | 3 ++-
+ 6 files changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/src/libsystemd/sd-bus/busctl.c b/src/libsystemd/sd-bus/busctl.c
+index 35fabf038c..c806d6fe96 100644
+--- a/src/libsystemd/sd-bus/busctl.c
++++ b/src/libsystemd/sd-bus/busctl.c
+@@ -1974,7 +1974,7 @@ static int busctl_main(sd_bus *bus, int argc, char *argv[]) {
+ }
+ 
+ int main(int argc, char *argv[]) {
+-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
++        sd_bus *bus = NULL;
+         int r;
+ 
+         log_parse_environment();
+@@ -2065,6 +2065,7 @@ int main(int argc, char *argv[]) {
+         r = busctl_main(bus, argc, argv);
+ 
+ finish:
++        sd_bus_flush_close_unref(bus);
+         pager_close();
+ 
+         strv_free(arg_matches);
+diff --git a/src/locale/localectl.c b/src/locale/localectl.c
+index 365c79aa51..45404f1fa7 100644
+--- a/src/locale/localectl.c
++++ b/src/locale/localectl.c
+@@ -664,7 +664,7 @@ static int localectl_main(sd_bus *bus, int argc, char *argv[]) {
+ }
+ 
+ int main(int argc, char*argv[]) {
+-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
++        sd_bus *bus = NULL;
+         int r;
+ 
+         setlocale(LC_ALL, "");
+@@ -684,6 +684,7 @@ int main(int argc, char*argv[]) {
+         r = localectl_main(bus, argc, argv);
+ 
+ finish:
++        sd_bus_flush_close_unref(bus);
+         pager_close();
+ 
+         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+diff --git a/src/login/loginctl.c b/src/login/loginctl.c
+index 6ad3d089bd..601d18063e 100644
+--- a/src/login/loginctl.c
++++ b/src/login/loginctl.c
+@@ -1532,7 +1532,7 @@ static int loginctl_main(int argc, char *argv[], sd_bus *bus) {
+ }
+ 
+ int main(int argc, char *argv[]) {
+-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
++        sd_bus *bus = NULL;
+         int r;
+ 
+         setlocale(LC_ALL, "");
+@@ -1554,6 +1554,8 @@ int main(int argc, char *argv[]) {
+         r = loginctl_main(argc, argv, bus);
+ 
+ finish:
++        sd_bus_flush_close_unref(bus);
++
+         pager_close();
+         polkit_agent_close();
+ 
+diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c
+index 4853139321..479822880c 100644
+--- a/src/machine/machinectl.c
++++ b/src/machine/machinectl.c
+@@ -2646,7 +2646,7 @@ static int machinectl_main(int argc, char *argv[], sd_bus *bus) {
+ }
+ 
+ int main(int argc, char*argv[]) {
+-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
++        sd_bus *bus = NULL;
+         int r;
+ 
+         setlocale(LC_ALL, "");
+@@ -2668,6 +2668,7 @@ int main(int argc, char*argv[]) {
+         r = machinectl_main(argc, argv, bus);
+ 
+ finish:
++        sd_bus_flush_close_unref(bus);
+         pager_close();
+         polkit_agent_close();
+ 
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index b4581fe542..0996920241 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -7684,6 +7684,8 @@ int main(int argc, char*argv[]) {
+         }
+ 
+ finish:
++        release_busses();
++
+         pager_close();
+         ask_password_agent_close();
+         polkit_agent_close();
+@@ -7695,8 +7697,6 @@ finish:
+         strv_free(arg_wall);
+         free(arg_root);
+ 
+-        release_busses();
+-
+         /* Note that we return r here, not EXIT_SUCCESS, so that we can implement the LSB-like return codes */
+ 
+         return r < 0 ? EXIT_FAILURE : r;
+diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c
+index 097963b41b..7e88fd15c8 100644
+--- a/src/timedate/timedatectl.c
++++ b/src/timedate/timedatectl.c
+@@ -488,7 +488,7 @@ static int timedatectl_main(sd_bus *bus, int argc, char *argv[]) {
+ }
+ 
+ int main(int argc, char *argv[]) {
+-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
++        sd_bus *bus = NULL;
+         int r;
+ 
+         setlocale(LC_ALL, "");
+@@ -508,6 +508,7 @@ int main(int argc, char *argv[]) {
+         r = timedatectl_main(bus, argc, argv);
+ 
+ finish:
++        sd_bus_flush_close_unref(bus);
+         pager_close();
+ 
+         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;

0038-core-move-start-ratelimiting-check-after-condition-c.patch

@@ -0,0 +1,74 @@
+From 4322539b5cfe3f5b43d6377dcaa65221744bf4fb Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 26 Apr 2016 20:34:33 +0200
+Subject: [PATCH] core: move start ratelimiting check after condition checks
+
+With #2564 unit start rate limiting was moved from after the condition checks
+are to before they are made, in an attempt to fix #2467. This however resulted
+in #2684. However, with a previous commit a concept of per socket unit trigger
+rate limiting has been added, to fix #2467 more comprehensively, hence the
+start limit can be moved after the condition checks again, thus fixing #2684.
+
+Fixes: #2684
+(cherry picked from commit 7629ec4642b03517742d09b7303c204fddf82108)
+Resolves: rhbug#1350686
+---
+ man/systemd.unit.xml                  |  3 ++-
+ src/core/load-fragment-gperf.gperf.m4 |  1 +
+ src/core/unit.c                       | 10 +++++-----
+ 3 files changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
+index 5794681963..39cb5250f7 100644
+--- a/man/systemd.unit.xml
++++ b/man/systemd.unit.xml
+@@ -768,7 +768,8 @@
+         manually at a later point, from which point on, the restart logic is again activated. Note that
+         <command>systemctl reset-failed</command> will cause the restart rate counter for a service to be flushed,
+         which is useful if the administrator wants to manually start a unit and the start limit interferes with
+-        that.</para></listitem>
++        that. Note that this rate-limiting is enforced after any unit condition checks are executed, and hence unit
++        activations with failing conditions are not counted by this rate limiting.</para></listitem>
+       </varlistentry>
+ 
+       <varlistentry>
+diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
+index 5024fd19a5..479f5e30f3 100644
+--- a/src/core/load-fragment-gperf.gperf.m4
++++ b/src/core/load-fragment-gperf.gperf.m4
+@@ -220,6 +220,7 @@ Service.TimeoutStartSec,         config_parse_service_timeout,       0,
+ Service.TimeoutStopSec,          config_parse_service_timeout,       0,                             0
+ Service.RuntimeMaxSec,           config_parse_sec,                   0,                             offsetof(Service, runtime_max_usec)
+ Service.WatchdogSec,             config_parse_sec,                   0,                             offsetof(Service, watchdog_usec)
++m4_dnl The following three only exist for compatibility, they moved into Unit, see above
+ Service.StartLimitInterval,      config_parse_sec,                   0,                             offsetof(Unit, start_limit.interval)
+ Service.StartLimitBurst,         config_parse_unsigned,              0,                             offsetof(Unit, start_limit.burst)
+ Service.StartLimitAction,        config_parse_failure_action,        0,                             offsetof(Unit, start_limit_action)
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 3c4f85e744..d3d372029f 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -1472,11 +1472,6 @@ int unit_start(Unit *u) {
+         if (UNIT_IS_ACTIVE_OR_RELOADING(state))
+                 return -EALREADY;
+ 
+-        /* Make sure we don't enter a busy loop of some kind. */
+-        r = unit_start_limit_test(u);
+-        if (r < 0)
+-                return r;
+-
+         /* Units that aren't loaded cannot be started */
+         if (u->load_state != UNIT_LOADED)
+                 return -EINVAL;
+@@ -1518,6 +1513,11 @@ int unit_start(Unit *u) {
+         if (!UNIT_VTABLE(u)->start)
+                 return -EBADR;
+ 
++        /* Make sure we don't enter a busy loop of some kind. */
++        r = unit_start_limit_test(u);
++        if (r < 0)
++                return r;
++
+         /* We don't suppress calls to ->start() here when we are
+          * already starting, to allow this request to be used as a
+          * "hurry up" call, for example when the unit is in some "auto

0039-strbuf-set-the-proper-character-when-creating-new-no.patch

@@ -0,0 +1,61 @@
+From 43ea6d88a06f32dd714eacdcaf0a4656ffb02d30 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Tue, 3 May 2016 22:15:49 +0200
+Subject: [PATCH] strbuf: set the proper character when creating new nodes
+
+Commit 82501b3fc added an early break when a terminal node is found to
+incorrect place -- before setting c. This caused trie to be built that
+does not correspond to what it points to in buffer, causing incorrect
+deduplications:
+
+  # cat /etc/udev/rules.d/99-bug.rules
+  ENV{FOO}=="0"
+  ENV{xx0}=="BAR"
+  ENV{BAZ}=="00"
+
+  # udevadm test
+  * RULE /etc/udev/rules.d/99-bug.rules:1, token: 0, count: 2, label: ''
+  M ENV match 'FOO' '0'(plain)
+  * RULE /etc/udev/rules.d/99-bug.rules:2, token: 2, count: 2, label: ''
+  M ENV match 'xx0' 'BAR'(plain)
+  * RULE /etc/udev/rules.d/99-bug.rules:3, token: 4, count: 2, label: ''
+  M ENV match 'BAZ' 'x0'(plain)
+  * END
+
+The addition of "xx0" following "0" will cause a trie like this to be
+created:
+
+  c=\0
+    c=0 "0"
+      c=0 "xx0"  <-- note the c is incorrect here, causing "00" to be
+    c=O "FOO"        deduplicated to it
+    c=R "BAR"
+
+This in effect caused the usb_modeswitch rule for Huawei modems to never
+match and this never be switched to serial mode from mass storage.
+
+(cherry picked from commit c45606eb95a7171b0dc801e91d35034957ad5e9e)
+Resolves: rhbug#1357822
+---
+ src/basic/strbuf.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c
+index dac2881603..79eef6c05d 100644
+--- a/src/basic/strbuf.c
++++ b/src/basic/strbuf.c
+@@ -156,12 +156,13 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
+                         return off;
+                 }
+ 
++                c = s[len - 1 - depth];
++
+                 /* bsearch is not allowed on a NULL sequence */
+                 if (node->children_count == 0)
+                         break;
+ 
+                 /* lookup child node */
+-                c = s[len - 1 - depth];
+                 search.c = c;
+                 child = bsearch(&search, node->children, node->children_count,
+                                 sizeof(struct strbuf_child_entry),

0040-networkd-bump-MTU-to-1280-for-interfaces-which-have-.patch

@@ -0,0 +1,173 @@
+From 715b55d9253c25bd6c463a2959eb33f12e9ecd1b Mon Sep 17 00:00:00 2001
+From: Susant Sahani <ssahani@users.noreply.github.com>
+Date: Thu, 21 Apr 2016 06:04:13 +0530
+Subject: [PATCH] networkd: bump MTU to 1280 for interfaces which have IPv6
+ enabled (#3077)
+
+IPv6 protocol requires a minimum MTU of 1280 bytes on the interface.
+This fixes #3046.
+
+Introduce helper link_ipv6_enabled() to figure out whether IPV6 is enabled.
+Introduce network_has_static_ipv6_addresses() to find out if any static
+ipv6 address configured.
+If IPv6 is not configured on any interface that is SLAAC, DHCPv6 and static
+IPv6 addresses not configured, then IPv6 will be automatically disabled for that
+interface, that is we write "1" to /proc/sys/net/ipv6/conf//disable_ipv6.
+(cherry picked from commit 439689c6ec48faba67565562d75701d5736567e7)
+Related: rhbug#1352378
+---
+ man/systemd.network.xml        |  2 ++
+ src/basic/missing.h            |  4 ++++
+ src/network/networkd-link.c    | 50 +++++++++++++++++++++++++++++++++++++++++-
+ src/network/networkd-network.c | 13 +++++++++++
+ src/network/networkd-network.h |  2 ++
+ 5 files changed, 70 insertions(+), 1 deletion(-)
+
+diff --git a/man/systemd.network.xml b/man/systemd.network.xml
+index f88751b672..e3df1b3d14 100644
+--- a/man/systemd.network.xml
++++ b/man/systemd.network.xml
+@@ -202,6 +202,8 @@
+           <para>The maximum transmission unit in bytes to set for the
+           device. The usual suffixes K, M, G, are supported and are
+           understood to the base of 1024.</para>
++          <para>Note that if IPv6 is enabled on the interface, and the MTU is chosen
++          below 1280 (the minimum MTU for IPv6) it will automatically be increased to this value.</para>
+         </listitem>
+       </varlistentry>
+     </variablelist>
+diff --git a/src/basic/missing.h b/src/basic/missing.h
+index 36b060496a..048b3fbc42 100644
+--- a/src/basic/missing.h
++++ b/src/basic/missing.h
+@@ -912,6 +912,10 @@ static inline int setns(int fd, int nstype) {
+ #define IPV6_UNICAST_IF 76
+ #endif
+ 
++#ifndef IPV6_MIN_MTU
++#define IPV6_MIN_MTU 1280
++#endif
++
+ #ifndef IFF_MULTI_QUEUE
+ #define IFF_MULTI_QUEUE 0x100
+ #endif
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 692c0bf63d..a6039dd3b2 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -88,6 +88,15 @@ bool link_ipv6ll_enabled(Link *link) {
+         return link->network->link_local & ADDRESS_FAMILY_IPV6;
+ }
+ 
++static bool link_ipv6_enabled(Link *link) {
++        assert(link);
++
++        if (!socket_ipv6_is_supported())
++                return false;
++
++        return link_dhcp6_enabled(link) || link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
++}
++
+ bool link_lldp_enabled(Link *link) {
+         if (link->flags & IFF_LOOPBACK)
+                 return false;
+@@ -167,6 +176,31 @@ static IPv6PrivacyExtensions link_ipv6_privacy_extensions(Link *link) {
+         return link->network->ipv6_privacy_extensions;
+ }
+ 
++static int link_enable_ipv6(Link *link) {
++        const char *p = NULL;
++        bool disabled;
++        int r;
++
++        if (link->flags & IFF_LOOPBACK)
++                return 0;
++
++        disabled = !link_ipv6_enabled(link);
++
++        p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/disable_ipv6");
++
++        r = write_string_file(p, one_zero(disabled), WRITE_STRING_FILE_VERIFY_ON_FAILURE);
++        if (r < 0)
++                log_link_warning_errno(link, r, "Cannot %s IPv6 for interface %s: %m", disabled ? "disable" : "enable", link->ifname);
++        else {
++                if (disabled)
++                        log_link_info(link, "IPv6 disabled for interface: %m");
++                else
++                        log_link_info(link, "IPv6 enabled for interface: %m");
++        }
++
++        return 0;
++}
++
+ void link_update_operstate(Link *link) {
+         LinkOperationalState operstate;
+         assert(link);
+@@ -1382,7 +1416,21 @@ static int link_up(Link *link) {
+                         return log_link_error_errno(link, r, "Could not set MAC address: %m");
+         }
+ 
++        /* If IPv6 not configured (no static IPv6 address and neither DHCPv6 nor IPv6LL is enabled)
++           for this interface then disable IPv6 else enable it. */
++        (void) link_enable_ipv6(link);
++
+         if (link->network->mtu) {
++                /* IPv6 protocol requires a minimum MTU of IPV6_MTU_MIN(1280) bytes
++                   on the interface. Bump up MTU bytes to IPV6_MTU_MIN. */
++                if (link_ipv6_enabled(link) && link->network->mtu < IPV6_MIN_MTU) {
++
++                        log_link_warning(link, "Bumping MTU to " STRINGIFY(IPV6_MIN_MTU) ", as "
++                                         "IPv6 is requested and requires a minimum MTU of " STRINGIFY(IPV6_MIN_MTU) " bytes: %m");
++
++                        link->network->mtu = IPV6_MIN_MTU;
++                }
++
+                 r = sd_netlink_message_append_u32(req, IFLA_MTU, link->network->mtu);
+                 if (r < 0)
+                         return log_link_error_errno(link, r, "Could not set MTU: %m");
+@@ -1392,7 +1440,7 @@ static int link_up(Link *link) {
+         if (r < 0)
+                 return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m");
+ 
+-        if (socket_ipv6_is_supported()) {
++        if (link_ipv6_enabled(link)) {
+                 /* if the kernel lacks ipv6 support setting IFF_UP fails if any ipv6 options are passed */
+                 r = sd_netlink_message_open_container(req, AF_INET6);
+                 if (r < 0)
+diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
+index 54f76fe206..9f2cbcec30 100644
+--- a/src/network/networkd-network.c
++++ b/src/network/networkd-network.c
+@@ -394,6 +394,19 @@ int network_apply(Manager *manager, Network *network, Link *link) {
+         return 0;
+ }
+ 
++bool network_has_static_ipv6_addresses(Network *network) {
++        Address *address;
++
++        assert(network);
++
++        LIST_FOREACH(addresses, address, network->static_addresses) {
++                if (address->family == AF_INET6)
++                        return true;
++        }
++
++        return false;
++}
++
+ int config_parse_netdev(const char *unit,
+                 const char *filename,
+                 unsigned line,
+diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
+index 03c3f206c3..16533a7ec2 100644
+--- a/src/network/networkd-network.h
++++ b/src/network/networkd-network.h
+@@ -168,6 +168,8 @@ int network_get_by_name(Manager *manager, const char *name, Network **ret);
+ int network_get(Manager *manager, struct udev_device *device, const char *ifname, const struct ether_addr *mac, Network **ret);
+ int network_apply(Manager *manager, Network *network, Link *link);
+ 
++bool network_has_static_ipv6_addresses(Network *network);
++
+ int config_parse_netdev(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_domains(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_tunnel(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);

0041-networkd-disable-IPv6-for-bridge-slave.patch

@@ -0,0 +1,41 @@
+From ba639500547a9bce37be494fcdeff5958a6ac5e0 Mon Sep 17 00:00:00 2001
+From: Tom Yan <tom.ty89@gmail.com>
+Date: Sat, 28 May 2016 13:35:01 +0800
+Subject: [PATCH] networkd: disable IPv6 for bridge slave
+
+If an interface is managed as a bridge slave, we don't want any IP configuration for it. Therefore, disable IPv6 in such case.
+
+(cherry picked from commit 2b00a4e03dc375465de7f60f3a6937cbe8ffdf31)
+Resolves: rhbug#1352378
+---
+ src/network/networkd-link.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index a6039dd3b2..13f9e895ab 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -94,7 +94,11 @@ static bool link_ipv6_enabled(Link *link) {
+         if (!socket_ipv6_is_supported())
+                 return false;
+ 
+-        return link_dhcp6_enabled(link) || link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
++        if (link->network->bridge)
++                return false;
++
++        /* DHCPv6 client will not be started if no IPv6 link-local address is configured. */
++        return link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
+ }
+ 
+ bool link_lldp_enabled(Link *link) {
+@@ -1416,8 +1420,8 @@ static int link_up(Link *link) {
+                         return log_link_error_errno(link, r, "Could not set MAC address: %m");
+         }
+ 
+-        /* If IPv6 not configured (no static IPv6 address and neither DHCPv6 nor IPv6LL is enabled)
+-           for this interface then disable IPv6 else enable it. */
++        /* If IPv6 not configured (no static IPv6 address and IPv6LL autoconfiguration is disabled)
++           for this interface, or if it is a bridge slave, then disable IPv6 else enable it. */
+         (void) link_enable_ipv6(link);
+ 
+         if (link->network->mtu) {

0042-udev-bump-TasksMax-to-inifinity-3593.patch

@@ -0,0 +1,29 @@
+From 8f01e7ac78e51c8fd2e2a285cb16cbec72006c3b Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Thu, 23 Jun 2016 22:31:01 +0200
+Subject: [PATCH] udev: bump TasksMax to inifinity (#3593)
+
+udevd already limits its number of workers/children: the max number is actually
+twice the number of CPUs the system is using.
+
+(The limit can also be raised with udev.children-max= kernel command line
+option BTW).
+
+On some servers, this limit can easily exceed the maximum number of tasks that
+systemd put on all services, which is 512 by default.
+
+Since udevd has already its limitation logic, simply disable the static
+limitation done by TasksMax.
+---
+ units/systemd-udevd.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
+index 79f28c87c6..67e4c5fcd7 100644
+--- a/units/systemd-udevd.service.in
++++ b/units/systemd-udevd.service.in
+@@ -24,3 +24,4 @@ ExecStart=@rootlibexecdir@/systemd-udevd
+ MountFlags=slave
+ KillMode=mixed
+ WatchdogSec=3min
++TasksMax=infinity

0043-networkd-disable-IPv6-for-bridge-slave.patch

@@ -0,0 +1,26 @@
+From c5fb55e7ae979d376d18b28d323905a4703e8cc3 Mon Sep 17 00:00:00 2001
+From: Tom Yan <tom.ty89@gmail.com>
+Date: Sat, 28 May 2016 13:35:01 +0800
+Subject: [PATCH] networkd: disable IPv6 for bridge slave
+
+If an interface is managed as a bridge slave, we don't want any IP configuration for it. Therefore, disable IPv6 in such case.
+
+(loosely based upon commit 2b00a4e03dc375465de7f60f3a6937cbe8ffdf31)
+---
+ src/network/networkd-link.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 13f9e895ab..2268d31374 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -45,6 +45,9 @@ bool link_dhcp6_enabled(Link *link) {
+         if (!link->network)
+                 return false;
+ 
++        if (link->network->bridge)
++                return false;
++
+         return link->network->dhcp & ADDRESS_FAMILY_IPV6;
+ }
+ 

0044-networkd-add-route-expiration-handler-3242.patch

@@ -0,0 +1,62 @@
+From 9582dba16dc4fa990b86a915b74a67566c9acf84 Mon Sep 17 00:00:00 2001
+From: Susant Sahani <ssahani@users.noreply.github.com>
+Date: Wed, 18 May 2016 07:06:43 +0530
+Subject: [PATCH] networkd: add route expiration handler (#3242)
+
+Fix for #3232.
+(cherry picked from commit fe7ca21acfb9fcef6cf8ce9f945377667a26a27c)
+---
+ src/network/networkd-route.c | 32 +++++++++++++++++++++++++++++++-
+ 1 file changed, 31 insertions(+), 1 deletion(-)
+
+diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
+index e065a5a5a9..aa9c71550f 100644
+--- a/src/network/networkd-route.c
++++ b/src/network/networkd-route.c
+@@ -411,15 +411,45 @@ int route_remove(Route *route, Link *link,
+         return 0;
+ }
+ 
++static int route_expire_callback(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
++        Link *link = userdata;
++        int r;
++
++        assert(rtnl);
++        assert(m);
++        assert(link);
++        assert(link->ifname);
++        assert(link->link_messages > 0);
++
++        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
++                return 1;
++
++        link->link_messages--;
++
++        r = sd_netlink_message_get_errno(m);
++        if (r < 0 && r != -EEXIST)
++                log_link_warning_errno(link, r, "could not remove route: %m");
++
++        if (link->link_messages == 0)
++                log_link_debug(link, "route removed");
++
++        return 1;
++}
++
+ int route_expire_handler(sd_event_source *s, uint64_t usec, void *userdata) {
+         Route *route = userdata;
+         int r;
+ 
+         assert(route);
+ 
+-        r = route_remove(route, route->link, NULL);
++        r = route_remove(route, route->link, route_expire_callback);
+         if (r < 0)
+                 log_warning_errno(r, "Could not remove route: %m");
++        else {
++                /* route may not be exist in kernel. If we fail still remove it */
++                route->link->link_messages++;
++                route_free(route);
++        }
+ 
+         return 1;
+ }

0045-coredump-ignore-RLIMIT_CORE.patch

@@ -0,0 +1,30 @@
+From 5f9856fbccf249fd13fbcbc180aff9ec0a871ca7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 9 Aug 2016 10:54:05 -0400
+Subject: [PATCH] coredump: ignore RLIMIT_CORE
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1309172#c21
+---
+ src/coredump/coredump.c | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
+index 085909c20c..aa07e68627 100644
+--- a/src/coredump/coredump.c
++++ b/src/coredump/coredump.c
+@@ -319,15 +319,6 @@ static int save_external_coredump(
+         if (r < 0)
+                 return log_error_errno(r, "Failed to parse UID: %m");
+ 
+-        r = safe_atou64(context[CONTEXT_RLIMIT], &rlimit);
+-        if (r < 0)
+-                return log_error_errno(r, "Failed to parse resource limit: %s", context[CONTEXT_RLIMIT]);
+-        if (rlimit <= 0) {
+-                /* Is coredumping disabled? Then don't bother saving/processing the coredump */
+-                log_info("Core Dumping has been disabled for process %s (%s).", context[CONTEXT_PID], context[CONTEXT_COMM]);
+-                return -EBADSLT;
+-        }
+-
+         /* Never store more than the process configured, or than we actually shall keep or process */
+         max_size = MIN(rlimit, MAX(arg_process_size_max, arg_external_size_max));
+ 

0046-networkd-link-fix-handler-typo-for-route_remove-3433.patch

@@ -0,0 +1,24 @@
+From f9832c283ba8e6e4089639646fb0249bb55f5e6e Mon Sep 17 00:00:00 2001
+From: tomty89 <tom.ty89@gmail.com>
+Date: Sat, 4 Jun 2016 18:31:07 +0800
+Subject: [PATCH] networkd-link: fix handler typo for route_remove() (#3433)
+
+Obviously we've been using the wrong handler here. Fixes #3352.
+(cherry picked from commit 3fb1ac5d57954bb0d881a68777e996b46ed44ce3)
+---
+ src/network/networkd-link.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 2268d31374..5545a5ada3 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -2077,7 +2077,7 @@ static int link_drop_foreign_config(Link *link) {
+                 if (route->protocol == RTPROT_KERNEL)
+                         continue;
+ 
+-                r = route_remove(route, link, link_address_remove_handler);
++                r = route_remove(route, link, link_route_remove_handler);
+                 if (r < 0)
+                         return r;
+         }

0047-macros.systemd.in-add-systemd_ordering-3776.patch

@@ -0,0 +1,34 @@
+From d485b5cd7153f146d7efd18c24ca09b5ddfe15e5 Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald@redhat.com>
+Date: Fri, 22 Jul 2016 15:33:13 +0200
+Subject: [PATCH] macros.systemd.in: add %systemd_ordering (#3776)
+
+To remove the hard dependency on systemd, for packages, which function
+without a running systemd the %systemd_ordering macro can be used to
+ensure ordering in the rpm transaction. %systemd_ordering makes sure,
+the systemd rpm is installed prior to the package, so the %pre/%post
+scripts can execute the systemd parts.
+
+Installing systemd afterwards though, does not result in the same outcome.
+(cherry picked from commit 2424b6bd716f0c1c3bf3406b1fd1a16ba1b6a556)
+---
+ src/core/macros.systemd.in | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
+index 2cace3d3ba..f3089cbcc9 100644
+--- a/src/core/macros.systemd.in
++++ b/src/core/macros.systemd.in
+@@ -36,6 +36,12 @@ Requires(preun): systemd \
+ Requires(postun): systemd \
+ %{nil}
+ 
++%systemd_ordering \
++OrderWithRequires(post): systemd \
++OrderWithRequires(preun): systemd \
++OrderWithRequires(postun): systemd \
++%{nil}
++
+ %systemd_post() \
+ if [ $1 -eq 1 ] ; then \
+         # Initial installation \

0048-If-the-notification-message-length-is-0-ignore-the-m.patch

@@ -0,0 +1,30 @@
+From 7148c9c26658cefc88e0c17841c2399be36b2361 Mon Sep 17 00:00:00 2001
+From: Jorge Niedbalski <jorge.niedbalski@canonical.com>
+Date: Wed, 28 Sep 2016 18:25:50 -0300
+Subject: [PATCH] If the notification message length is 0, ignore the message
+ (#4237)
+
+Fixes #4234.
+
+Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
+(cherry picked from commit 531ac2b2349da02acc9c382849758e07eb92b020)
+(cherry picked from commit 2e9b525caa9e3126e54f0d9506d0c36d7d533997)
+---
+ src/core/manager.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index f36cf5e320..6bd32ed920 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1557,6 +1557,10 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+ 
+                 return -errno;
+         }
++        if (n == 0) {
++                log_debug("Got zero-length notification message. Ignoring.");
++                return 0;
++        }
+ 
+         CMSG_FOREACH(cmsg, &msghdr) {
+                 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {

0049-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch

@@ -0,0 +1,50 @@
+From c7ba28481495df54477c54ee14bb6e7737ef772b Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Thu, 29 Sep 2016 19:44:34 +0200
+Subject: [PATCH] pid1: don't return any error in manager_dispatch_notify_fd()
+ (#4240)
+
+If manager_dispatch_notify_fd() fails and returns an error then the handling of
+service notifications will be disabled entirely leading to a compromised system.
+
+For example pid1 won't be able to receive the WATCHDOG messages anymore and
+will kill all services supposed to send such messages.
+(cherry picked from commit 9987750e7a4c62e0eb8473603150596ba7c3a015)
+
+(cherry picked from commit 39e5e97e68a9c1bca3bcfa6c9316a83dad0b072d)
+---
+ src/core/manager.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 6bd32ed920..5092b1c5f6 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1552,10 +1552,14 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+ 
+         n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+         if (n < 0) {
+-                if (errno == EAGAIN || errno == EINTR)
+-                        return 0;
++                if (!IN_SET(errno, EAGAIN, EINTR))
++                        log_error("Failed to receive notification message: %m");
+ 
+-                return -errno;
++                /* It's not an option to return an error here since it
++                 * would disable the notification handler entirely. Services
++                 * wouldn't be able to send the WATCHDOG message for
++                 * example... */
++                return 0;
+         }
+         if (n == 0) {
+                 log_debug("Got zero-length notification message. Ignoring.");
+@@ -1582,7 +1586,8 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+                 r = fdset_new_array(&fds, fd_array, n_fds);
+                 if (r < 0) {
+                         close_many(fd_array, n_fds);
+-                        return log_oom();
++                        log_oom();
++                        return 0;
+                 }
+         }
+ 

0050-pid1-process-zero-length-notification-messages-again.patch

@@ -0,0 +1,70 @@
+From 62a4a4bca549ee6020aec90e540ce393a34c5605 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 29 Sep 2016 16:06:02 +0200
+Subject: [PATCH] pid1: process zero-length notification messages again
+
+This undoes 531ac2b234. I acked that patch without looking at the code
+carefully enough. There are two problems:
+- we want to process the fds anyway
+- in principle empty notification messages are valid, and we should
+  process them as usual, including logging using log_unit_debug().
+
+(cherry picked from commit 8523bf7dd514a3a2c6114b7b8fb8f308b4f09fc4)
+(cherry picked from commit 9d77c48a80e1cc2ad016eba1756a5ca293d51f86)
+---
+ src/core/manager.c | 13 ++++---------
+ 1 file changed, 4 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 5092b1c5f6..369ed546b4 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1493,13 +1493,12 @@ static unsigned manager_dispatch_dbus_queue(Manager *m) {
+         return n;
+ }
+ 
+-static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, size_t n, FDSet *fds) {
++static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, FDSet *fds) {
+         _cleanup_strv_free_ char **tags = NULL;
+ 
+         assert(m);
+         assert(u);
+         assert(buf);
+-        assert(n > 0);
+ 
+         tags = strv_split(buf, "\n\r");
+         if (!tags) {
+@@ -1561,10 +1560,6 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+                  * example... */
+                 return 0;
+         }
+-        if (n == 0) {
+-                log_debug("Got zero-length notification message. Ignoring.");
+-                return 0;
+-        }
+ 
+         CMSG_FOREACH(cmsg, &msghdr) {
+                 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
+@@ -1607,19 +1602,19 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+          * to avoid notifying the same one multiple times. */
+         u1 = manager_get_unit_by_pid_cgroup(m, ucred->pid);
+         if (u1) {
+-                manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds);
++                manager_invoke_notify_message(m, u1, ucred->pid, buf, fds);
+                 found = true;
+         }
+ 
+         u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(ucred->pid));
+         if (u2 && u2 != u1) {
+-                manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds);
++                manager_invoke_notify_message(m, u2, ucred->pid, buf, fds);
+                 found = true;
+         }
+ 
+         u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(ucred->pid));
+         if (u3 && u3 != u2 && u3 != u1) {
+-                manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds);
++                manager_invoke_notify_message(m, u3, ucred->pid, buf, fds);
+                 found = true;
+         }
+ 

0051-logind-fix-crash-when-shutdown-is-not-issued-from-a-.patch

@@ -0,0 +1,30 @@
+From e6054d681031953ce7e7150efc441fd2f6f64ae3 Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Wed, 23 Mar 2016 08:46:58 +0100
+Subject: [PATCH] logind: fix crash when shutdown is not issued from a tty
+
+It's possible that sd_bus_creds_get_tty() fails and thus
+scheduled_shutdown_tty is NULL in method_schedule_shutdown().
+
+Fix logind_wall_tty_filter() to get along with that, by showing the message on
+all TTYs, instead of crashing in strcmp().
+
+https://launchpad.net/bugs/1553040
+(cherry picked from commit b4944d2df248fbd2f96a4b9b4fe02fe0c1af7499)
+---
+ src/login/logind-utmp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/login/logind-utmp.c b/src/login/logind-utmp.c
+index 11a91c3947..29ab00eb1f 100644
+--- a/src/login/logind-utmp.c
++++ b/src/login/logind-utmp.c
+@@ -65,7 +65,7 @@ bool logind_wall_tty_filter(const char *tty, void *userdata) {
+ 
+         assert(m);
+ 
+-        if (!startswith(tty, "/dev/"))
++        if (!startswith(tty, "/dev/") || !m->scheduled_shutdown_tty)
+                 return true;
+ 
+         return !streq(tty + 5, m->scheduled_shutdown_tty);

0052-hwdb-add-axis-ranges-for-the-MacBook-4-1-4030.patch

@@ -0,0 +1,24 @@
+From e0801b90cd355b65ee42ebc916293465d7bef4fd Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 24 Aug 2016 20:11:48 +1000
+Subject: [PATCH] hwdb: add axis ranges for the MacBook 4,1 (#4030)
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1357990
+(cherry picked from commit 769c29d5d12532e81c983d9946961ce084609571)
+---
+ hwdb/60-evdev.hwdb | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/hwdb/60-evdev.hwdb b/hwdb/60-evdev.hwdb
+index d060d81f61..c672df2dc4 100644
+--- a/hwdb/60-evdev.hwdb
++++ b/hwdb/60-evdev.hwdb
+@@ -45,6 +45,8 @@
+ 
+ #  Macbook2,1 (late 2006), single-button touchpad
+ evdev:input:b0003v05ACp021B*
++# Macbook4,1
++evdev:input:b0003v05ACp0229*
+  EVDEV_ABS_00=256:1471:12
+  EVDEV_ABS_01=256:831:12
+ 

0053-resolved-bugfix-of-null-pointer-p-question-dereferen.patch

@@ -0,0 +1,27 @@
+From c89e4c375b197202434821c09a4ac7088b3dded4 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Wed, 24 May 2017 08:56:48 +0300
+Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing
+ (#6020)
+
+See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
+
+(cherry picked from commit a924f43f30f9c4acaf70618dd2a055f8b0f166be)
+---
+ src/resolve/resolved-dns-packet.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index c940dd8929..e57f157e00 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -2259,6 +2259,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
+         if (r < 0)
+                 return r;
+ 
++        if (!p->question)
++                return 0;
++
+         if (p->question->n_keys != 1)
+                 return 0;
+ 

0054-hwdb-selinuxify-a-bit-3460.patch

@@ -0,0 +1,54 @@
+From 2a97bf0e94be18d20d0ef671f50db1cc2d65c5e0 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Tue, 7 Jun 2016 20:47:41 +0300
+Subject: [PATCH] hwdb: selinuxify a bit (#3460)
+
+-bash-4.3# rm /etc/udev/hwdb.bin
+-bash-4.3# systemd-hwdb update
+-bash-4.3# ls -Z /etc/udev/hwdb.bin
+system_u:object_r:systemd_hwdb_etc_t:s0 /etc/udev/hwdb.bin
+
+Fixes: #3458
+(cherry picked from commit ea683512f9b82f2257770f0ed56d819eea230fc2)
+---
+ src/hwdb/hwdb.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c
+index 1160dacdf1..e12cd93d1c 100644
+--- a/src/hwdb/hwdb.c
++++ b/src/hwdb/hwdb.c
+@@ -29,7 +29,9 @@
+ #include "fs-util.h"
+ #include "hwdb-internal.h"
+ #include "hwdb-util.h"
++#include "label.h"
+ #include "mkdir.h"
++#include "selinux-util.h"
+ #include "strbuf.h"
+ #include "string-util.h"
+ #include "strv.h"
+@@ -643,12 +645,12 @@ static int hwdb_update(int argc, char *argv[], void *userdata) {
+         if (!hwdb_bin)
+                 return -ENOMEM;
+ 
+-        mkdir_parents(hwdb_bin, 0755);
++        mkdir_parents_label(hwdb_bin, 0755);
+         r = trie_store(trie, hwdb_bin);
+         if (r < 0)
+                 return log_error_errno(r, "Failure writing database %s: %m", hwdb_bin);
+ 
+-        return 0;
++        return label_fix(hwdb_bin, false, false);
+ }
+ 
+ static void help(void) {
+@@ -732,6 +734,8 @@ int main (int argc, char *argv[]) {
+         if (r <= 0)
+                 goto finish;
+ 
++        mac_selinux_init();
++
+         r = hwdb_main(argc, argv);
+ 
+ finish:

0055-udevadm-explicitly-relabel-etc-udev-hwdb.bin-after-r.patch

@@ -0,0 +1,44 @@
+From 1826d028938f0d4042a9704c74c1d6477043eb11 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekletar@users.noreply.github.com>
+Date: Fri, 8 Jul 2016 17:43:05 +0200
+Subject: [PATCH] udevadm: explicitly relabel /etc/udev/hwdb.bin after rename
+ (#3686)
+
+This is basically the same change as ea68351.
+
+(cherry picked from commit 905c37e60ef653557d0354c2afa94546c31efe50)
+---
+ src/udev/udevadm-hwdb.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/udev/udevadm-hwdb.c b/src/udev/udevadm-hwdb.c
+index 948ad0f5a5..1bffe8e8ab 100644
+--- a/src/udev/udevadm-hwdb.c
++++ b/src/udev/udevadm-hwdb.c
+@@ -28,6 +28,8 @@
+ #include "fs-util.h"
+ #include "hwdb-internal.h"
+ #include "hwdb-util.h"
++#include "label.h"
++#include "mkdir.h"
+ #include "strbuf.h"
+ #include "string-util.h"
+ #include "udev.h"
+@@ -656,12 +658,16 @@ static int adm_hwdb(struct udev *udev, int argc, char *argv[]) {
+                         rc = EXIT_FAILURE;
+                         goto out;
+                 }
+-                mkdir_parents(hwdb_bin, 0755);
++
++                mkdir_parents_label(hwdb_bin, 0755);
++
+                 err = trie_store(trie, hwdb_bin);
+                 if (err < 0) {
+                         log_error_errno(err, "Failure writing database %s: %m", hwdb_bin);
+                         rc = EXIT_FAILURE;
+                 }
++
++                label_fix(hwdb_bin, false, false);
+         }
+ 
+         if (test) {

0056-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch

@@ -0,0 +1,43 @@
+From 8785055303abd087f9d55bfdaee01ee197f9ed0c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 23 Nov 2016 10:18:30 -0500
+Subject: [PATCH] build-sys: check for lz4 in the old and new numbering scheme
+ (#4717)
+
+lz4 upstream decided to switch to an incompatible numbering scheme
+(1.7.3 follows 131, to match the so version).
+PKG_CHECK_MODULES does not allow two version matches for the same package,
+so e.g. lz4 < 10 || lz4 >= 125 cannot be used. Check twice, once for
+"new" numbers (anything below 10 is assume to be new), once for the "old"
+numbers (anything above >= 125). This assumes that the "new" versioning
+will not get to 10 to quickly. I think that's a safe assumption, lz4 is a
+mature project.
+
+Fixed #4690.
+
+(cherry picked from commit 3d4cf7de48a74726694abbaa09f9804b845ff3ba)
+---
+ configure.ac | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5fd73c59f1..1f95f9f5c9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -571,10 +571,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
+ have_lz4=no
+ AC_ARG_ENABLE(lz4, AS_HELP_STRING([--disable-lz4], [Disable optional LZ4 support]))
+ AS_IF([test "x$enable_lz4" != "xno"], [
+-        PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
+-               [AC_DEFINE(HAVE_LZ4, 1, [Define in LZ4 is available])
++        PKG_CHECK_MODULES(LZ4, [ liblz4 < 10 ],
++               [AC_DEFINE(HAVE_LZ4, 1, [Define if LZ4 is available])
+                 have_lz4=yes],
+-                have_lz4=no)
++                [PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
++                      [AC_DEFINE(HAVE_LZ4, 1, [Define if LZ4 is available])
++                      have_lz4=yes],
++                      have_lz4=no)])
+         AS_IF([test "x$have_lz4" = xno -a "x$enable_lz4" = xyes],
+               [AC_MSG_ERROR([*** LZ4 support requested but libraries not found])])
+ ])

0057-resolved-simplify-alloc-size-calculation.patch

@@ -0,0 +1,53 @@
+From 47c90e4cf813a0a38a1415936bf40b38ffdf4ce5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 18 Jun 2017 16:07:57 -0400
+Subject: [PATCH 57/58] resolved: simplify alloc size calculation
+
+The allocation size was calculated in a complicated way, and for values
+close to the page size we would actually allocate less than requested.
+
+Reported by Chris Coulson <chris.coulson@canonical.com>.
+
+CVE-2017-9445
+
+(cherry picked from commit e3abee3dee32ae7cd8e937e44ace94ab7f45ede9)
+---
+ src/resolve/resolved-dns-packet.c | 8 +-------
+ src/resolve/resolved-dns-packet.h | 2 --
+ 2 files changed, 1 insertion(+), 9 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index e57f157e00..c076003012 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -34,13 +34,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
+ 
+         assert(ret);
+ 
+-        if (mtu <= UDP_PACKET_HEADER_SIZE)
+-                a = DNS_PACKET_SIZE_START;
+-        else
+-                a = mtu - UDP_PACKET_HEADER_SIZE;
+-
+-        if (a < DNS_PACKET_HEADER_SIZE)
+-                a = DNS_PACKET_HEADER_SIZE;
++        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
+ 
+         /* round up to next page size */
+         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
+diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
+index 0bf34d270c..5c5440ee8c 100644
+--- a/src/resolve/resolved-dns-packet.h
++++ b/src/resolve/resolved-dns-packet.h
+@@ -66,8 +66,6 @@ struct DnsPacketHeader {
+ /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
+ #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
+ 
+-#define DNS_PACKET_SIZE_START 512
+-
+ struct DnsPacket {
+         int n_ref;
+         DnsProtocol protocol;
+-- 
+2.13.0
+

0058-resolved-do-not-allocate-packets-with-minimum-size.patch

@@ -0,0 +1,49 @@
+From 28a4da88f28f469db1a258a8ba932df6060f3086 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 27 Jun 2017 14:20:00 -0400
+Subject: [PATCH 58/58] resolved: do not allocate packets with minimum size
+
+dns_packet_new() is sometimes called with mtu == 0, and in that case we should
+allocate more than the absolute minimum (which is the dns packet header size),
+otherwise we have to resize immediately again after appending the first data to
+the packet.
+
+This partially reverts the previous commit.
+
+(cherry picked from commit 626e9ef495474c95e3143ddae1a498d391c2a008)
+---
+ src/resolve/resolved-dns-packet.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index c076003012..ace4a170c6 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -28,13 +28,23 @@
+ 
+ #define EDNS0_OPT_DO (1<<15)
+ 
++#define DNS_PACKET_SIZE_START 512
++assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
++
+ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
+         DnsPacket *p;
+         size_t a;
+ 
+         assert(ret);
+ 
+-        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
++        /* When dns_packet_new() is called with mtu == 0, allocate more than the
++         * absolute minimum (which is the dns packet header size), to avoid
++         * resizing immediately again after appending the first data to the packet.
++         */
++        if (mtu < UDP_PACKET_HEADER_SIZE)
++                a = DNS_PACKET_SIZE_START;
++        else
++                a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
+ 
+         /* round up to next page size */
+         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
+-- 
+2.13.0
+

0999-Add-a-workaround-for-linux-net-if.h-conflict.patch

@@ -1,37 +0,0 @@
-From d9e075d88e7d9d82464147d8283771d709c14ef8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 9 Feb 2016 15:13:33 -0500
-Subject: [PATCH] Add a workaround for {linux/net}/if.h conflict
-
-Include linux/if.h and make sure we don't include the other file.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1300256
----
- src/shared/firewall-util.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
-index 0d3da2e..c38f9cc 100644
---- a/src/shared/firewall-util.c
-+++ b/src/shared/firewall-util.c
-@@ -16,15 +16,16 @@
-   You should have received a copy of the GNU Lesser General Public License
-   along with systemd; If not, see <http://www.gnu.org/licenses/>.
- ***/
-+#define _NET_IF_H 1
- 
- #include <alloca.h>
- #include <arpa/inet.h>
- #include <endian.h>
- #include <errno.h>
--#include <net/if.h>
- #include <stddef.h>
- #include <string.h>
- #include <sys/socket.h>
-+#include <linux/if.h>
- #include <linux/netfilter_ipv4/ip_tables.h>
- #include <linux/netfilter/nf_nat.h>
- #include <linux/netfilter/xt_addrtype.h>
--- 
-2.5.0
-

If-the-notification-message-length-is-0-ignore-the-m.patch

@@ -0,0 +1,31 @@
+From 1f74d99193e7d2b0546e641aba25259d9a646e5d Mon Sep 17 00:00:00 2001
+From: Jorge Niedbalski <jorge.niedbalski@canonical.com>
+Date: Wed, 28 Sep 2016 18:25:50 -0300
+Subject: [PATCH] If the notification message length is 0, ignore the message
+ (#4237)
+
+Fixes #4234.
+
+Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
+---
+ src/core/manager.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index f36cf5e320..6bd32ed920 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1557,6 +1557,10 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+ 
+                 return -errno;
+         }
++        if (n == 0) {
++                log_debug("Got zero-length notification message. Ignoring.");
++                return 0;
++        }
+ 
+         CMSG_FOREACH(cmsg, &msghdr) {
+                 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
+-- 
+2.9.0
+

systemd.spec

@@ -1,6 +1,5 @@
 #global gitcommit e35a7876b4ab1d53a7539a905613e31dc6ae50fd
 %global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})
-%global _hardened_build 1
 
 # We ship a .pc file but don't want to have a dep on pkg-config. We
 # strip the automatically generated dep here and instead co-own the
@@ -13,7 +12,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        229
-Release:        6%{?gitcommit:.git%{gitcommitshort}}%{?dist}
+Release:        22%{?gitcommit:.git%{gitcommitshort}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        A System and Service Manager
@@ -53,10 +52,47 @@ Patch0016:      0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch
 Patch0017:      0017-resolved-fix-notification-iteration-logic-when-trans.patch
 Patch0018:      0018-selinux-always-try-to-load-the-full-selinux-db.patch
 Patch0019:      0019-selinux-use-raw-variants-of-security_compute_create-.patch
-Patch0020:      0020-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
-Patch0021:      0021-test-compress-benchmark-skip-loop-iteration-if-size-.patch
+Patch0020:      0020-test-compress-benchmark-skip-loop-iteration-if-size-.patch
+Patch0021:      0021-time-util-fall-back-to-CLOCK_MONOTONIC-if-CLOCK_BOOT.patch
+Patch0022:      0022-headers-use-__inline__-instead-of-inline.patch
+Patch0023:      0023-dev-console-must-be-labeled-with-SELinux-label.patch
+Patch0024:      0024-fstab-generator-fix-automount-option-and-don-t-start.patch
+Patch0025:      0025-shared-add-a-temporary-work-around-for-kernel-header.patch
+Patch0026:      0026-Make-the-fix-for-net-if.h-fuckup-even-worse-3287.patch
+Patch0027:      0027-check-for-valid-resume-in-order-to-allow-a-hibernate.patch
+Patch0028:      0028-keymap-util-also-convert-ru-to-ru.patch
+Patch0029:      0029-resolved-don-t-stop-handle-messages-after-receiving-.patch
+Patch0030:      0030-sd-device-udev-db-handle-properties-with-empty-value.patch
+Patch0031:      0031-core-fix-the-reversed-sanity-check-when-setting-Star.patch
+Patch0032:      0032-core-make-sure-to-close-connection-fd-when-we-fail-t.patch
+Patch0033:      0033-device-Ensure-we-have-sysfs-path-before-comparing.patch
+Patch0034:      0034-networkctl-split-out-system-status-stuff-into-its-ow.patch
+Patch0035:      0035-systemd-user-call-pam_loginuid-when-creating-user-.s.patch
+Patch0036:      0036-systemctl-suppress-no-Install-hint-when-quiet-is-use.patch
+Patch0037:      0037-systemctl-make-sure-we-terminate-the-bus-connection-.patch
+Patch0038:      0038-core-move-start-ratelimiting-check-after-condition-c.patch
+Patch0039:      0039-strbuf-set-the-proper-character-when-creating-new-no.patch
+Patch0040:      0040-networkd-bump-MTU-to-1280-for-interfaces-which-have-.patch
+Patch0041:      0041-networkd-disable-IPv6-for-bridge-slave.patch
+Patch0042:      0042-udev-bump-TasksMax-to-inifinity-3593.patch
+Patch0043:      0043-networkd-disable-IPv6-for-bridge-slave.patch
+Patch0044:      0044-networkd-add-route-expiration-handler-3242.patch
+Patch0045:      0045-coredump-ignore-RLIMIT_CORE.patch
+Patch0046:      0046-networkd-link-fix-handler-typo-for-route_remove-3433.patch
+Patch0047:      0047-macros.systemd.in-add-systemd_ordering-3776.patch
+Patch0048:      0048-If-the-notification-message-length-is-0-ignore-the-m.patch
+Patch0049:      0049-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
+Patch0050:      0050-pid1-process-zero-length-notification-messages-again.patch
+Patch0051:      0051-logind-fix-crash-when-shutdown-is-not-issued-from-a-.patch
+Patch0052:      0052-hwdb-add-axis-ranges-for-the-MacBook-4-1-4030.patch
+Patch0053:      0053-resolved-bugfix-of-null-pointer-p-question-dereferen.patch
+Patch0054:      0054-hwdb-selinuxify-a-bit-3460.patch
+Patch0055:      0055-udevadm-explicitly-relabel-etc-udev-hwdb.bin-after-r.patch
+Patch0056:      0056-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
+Patch0057:      0057-resolved-simplify-alloc-size-calculation.patch
+Patch0058:      0058-resolved-do-not-allocate-packets-with-minimum-size.patch
 
-Patch0999:      0999-Add-a-workaround-for-linux-net-if.h-conflict.patch
+Patch0999:      0999-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
 
 # kernel-install patch for grubby, drop if grubby is obsolete
 Patch1000:      kernel-install-grubby.patch
@@ -299,6 +335,10 @@ CONFIGURE_OPTS=(
         --with-ntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org'
         --disable-kdbus
         --disable-terminal
+        --enable-lz4
+        --enable-xz
+        --enable-zlib
+        --enable-bzip
 )
 
 %configure \
@@ -515,11 +555,19 @@ if [ $1 -eq 1 ] ; then
                 >/dev/null 2>&1 || :
 fi
 
-# sed-fu to remove mymachines from passwd and group lines of /etc/nsswitch.conf
+# sed-fu to add myhostanme to hosts line and remove mymachines
+# from passwd and group lines of /etc/nsswitch.conf
 # https://bugzilla.redhat.com/show_bug.cgi?id=1284325
 # https://meetbot.fedoraproject.org/fedora-meeting/2015-11-25/fesco.2015-11-25-18.00.html
 # To avoid the removal, e.g. add a space at the end of the line.
 if [ -f /etc/nsswitch.conf ] ; then
+        grep -v -E -q '^hosts:.* myhostname' /etc/nsswitch.conf &&
+        sed -i.bak -e '
+                /^hosts:/ !b
+                /\<myhostname\>/ b
+                s/[[:blank:]]*$/ myhostname/
+                ' /etc/nsswitch.conf >/dev/null 2>&1 || :
+
         grep -E -q '^(passwd|group):.* mymachines$' /etc/nsswitch.conf &&
         sed -i.bak -r -e '
                 s/^(passwd:.*) mymachines$/\1/;
@@ -576,7 +624,9 @@ udevadm hwdb --update >/dev/null 2>&1 || :
 %systemd_preun systemd-udev-{settle,trigger}.service systemd-udevd-{control,kernel}.socket systemd-udevd.service
 
 %postun udev
-%systemd_postun_with_restart systemd-udev-{settle,trigger}.service systemd-udevd-{control,kernel}.socket systemd-udevd.service
+# Only restart systemd-udev, to run the upgraded dameon.
+# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974)
+%systemd_postun_with_restart systemd-udevd.service
 
 %pre journal-remote
 getent group systemd-journal-gateway >/dev/null 2>&1 || groupadd -r -g 191 systemd-journal-gateway 2>&1 || :
@@ -908,6 +958,9 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
 %{_datadir}/polkit-1/actions/org.freedesktop.machine1.policy
 %{_datadir}/bash-completion/completions/machinectl
 %{_datadir}/zsh/site-functions/_machinectl
+%{_mandir}/man1/machinectl.*
+%{_mandir}/man8/systemd-machined.*
+%{_mandir}/man8/*mymachines.*
 
 %files journal-remote
 %config(noreplace) %{_sysconfdir}/systemd/journal-remote.conf
@@ -928,10 +981,72 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
 /usr/lib/firewalld/services/*
 
 %changelog
-* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-6
+* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-22
+- Tweak the patches a bit
+
+* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-21
+- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445)
+
+* Thu May 25 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-20
+- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493)
+
+* Tue Feb 07 2017 Susant Sahani <susant@redhat.com> - 229-19
+- Make sure we have our compressions libs ready (#1404406)
+
+* Tue Feb 07 2017 Michal Sekletar <msekleta@redhat.com> - 229-18
+- fix buildsystem to check for lz4 correctly (#1419912)
+
+* Mon Jan 16 2017 Michal Sekletar <msekleta@redhat.com> - 229-17
+- explicitly relabel hwdb.bin after writing the database (#1395211)
+
+* Tue Oct  4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-16
+- Fixes for #1357990, #1371596, #1378974
+
+* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-15
+- Better fix for #1380286
+
+* Thu Sep 29 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-14
+- Denial-of-service bug against pid1 (#1380286)
+
+* Wed Aug 17 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-13
+- Add %%systemd_ordering macro
+
+* Wed Aug 10 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-12
+- Fixup for the networkd route fix (#1365915)
+
+* Tue Aug  9 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-11
+- Ignore RLIMIT_CORE temporarily for F24 (#1309172, see comment 24)
+- Two networkd fixes (#1344661, #1350219)
+
+* Thu Jul 28 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-10
+- Backport patch which prevents udevd from choking on task limits
+
+* Wed Jul 20 2016 Jan Synáček <jsynacek@redhat.com> - 229-9
+- core: make sure to close connection fd when we fail to activate a per-connection service (#1310608)
+- device: Ensure we have sysfs path before comparing. (#1321392)
+- networkctl: split out system status stuff into its own function (#1325462)
+- systemd --user: call pam_loginuid when creating user@.service (#3120) (#1328947)
+- systemctl: suppress no-[Install] hint when --quiet is used (#3295) (#1336960)
+- systemctl: make sure we terminate the bus connection first, and then close the pager (#3550) (#1341179)
+- core: move start ratelimiting check after condition checks (#1350686)
+- strbuf: set the proper character when creating new nodes (#1357822)
+- fix: networkctl status: abort, munmap_chunk(): invalid pointer (#1339131)
+- networkd: bump MTU to 1280 for interfaces which have IPv6 enabled (#3077) (#1352378)
+- networkd: disable IPv6 for bridge slave (#1352378)
+- machinectl man page is packaged (#1351572)
+
+* Mon May 30 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-8
+- Patches for #1316964, #1317928, #1338823
+- Make localed convert X11 'ru' layout to 'ru' console keymap (#1333998)
+- Don't advertise hibernation if resume= is not specified (#1206936)
+
+* Tue Mar 22 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-7
+- Add myhostname to /etc/nsswitch.conf (#1318303)
+
+* Fri Mar 11 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-6
 - Create /etc/resolv.conf symlink from systemd-resolved (#1313085)
 
-* Fri Mar  4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@bupkis> - 229-5
+* Fri Mar  4 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-5
 - Split out systemd-container subpackage (#1163412)
 - Split out system-udev subpackage
 - Add various bugfix patches, incl. a tentative fix for #1308771