Add missing BR

Fixes #1474529.

0020-Various-simplifications.patch

@@ -0,0 +1,70 @@
+From 2f38e2f3ceaf753979a63a7dcec601fc6c811b11 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 15 Nov 2016 15:01:40 -0500
+Subject: [PATCH] Various simplifications
+
+---
+ src/core/scope.c |  8 +++++---
+ src/core/unit.c  | 11 +++++------
+ 2 files changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/scope.c b/src/core/scope.c
+index b45e238974..caed476065 100644
+--- a/src/core/scope.c
++++ b/src/core/scope.c
+@@ -244,7 +244,9 @@ static void scope_enter_signal(Scope *s, ScopeState state, ScopeResult f) {
+         if (state == SCOPE_STOP_SIGTERM)
+                 skip_signal = bus_scope_send_request_stop(s) > 0;
+ 
+-        if (!skip_signal) {
++        if (skip_signal)
++                r = 1; /* wait */
++        else {
+                 r = unit_kill_context(
+                                 UNIT(s),
+                                 &s->kill_context,
+@@ -254,8 +256,8 @@ static void scope_enter_signal(Scope *s, ScopeState state, ScopeResult f) {
+                                 -1, -1, false);
+                 if (r < 0)
+                         goto fail;
+-        } else
+-                r = 1;
++        }
++        log_unit_debug(UNIT(s), "Killing unit %s: ret=%d", UNIT(s)->id, r);
+ 
+         if (r > 0) {
+                 r = scope_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_stop_usec));
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 4934a0e56f..6726ce0749 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -3558,14 +3558,14 @@ int unit_kill_context(
+                 bool main_pid_alien) {
+ 
+         bool wait_for_exit = false, send_sighup;
+-        cg_kill_log_func_t log_func;
++        cg_kill_log_func_t log_func = NULL;
+         int sig, r;
+ 
+         assert(u);
+         assert(c);
+ 
+-        /* Kill the processes belonging to this unit, in preparation for shutting the unit down. Returns > 0 if we
+-         * killed something worth waiting for, 0 otherwise. */
++        /* Kill the processes belonging to this unit, in preparation for shutting the unit down.
++         * Returns > 0 if we killed something worth waiting for, 0 otherwise. */
+ 
+         if (c->kill_mode == KILL_NONE)
+                 return 0;
+@@ -3577,9 +3577,8 @@ int unit_kill_context(
+                 IN_SET(k, KILL_TERMINATE, KILL_TERMINATE_AND_LOG) &&
+                 sig != SIGHUP;
+ 
+-        log_func =
+-                k != KILL_TERMINATE ||
+-                IN_SET(sig, SIGKILL, SIGABRT) ? log_kill : NULL;
++        if (k != KILL_TERMINATE || IN_SET(sig, SIGKILL, SIGABRT))
++                log_func = log_kill;
+ 
+         if (main_pid > 0) {
+                 if (log_func)

0021-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch

@@ -0,0 +1,42 @@
+From 2901e7ae25cb417d1e4902f71147a3de853c94b3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 23 Nov 2016 10:18:30 -0500
+Subject: [PATCH] build-sys: check for lz4 in the old and new numbering scheme
+ (#4717)
+
+lz4 upstream decided to switch to an incompatible numbering scheme
+(1.7.3 follows 131, to match the so version).
+PKG_CHECK_MODULES does not allow two version matches for the same package,
+so e.g. lz4 < 10 || lz4 >= 125 cannot be used. Check twice, once for
+"new" numbers (anything below 10 is assume to be new), once for the "old"
+numbers (anything above >= 125). This assumes that the "new" versioning
+will not get to 10 to quickly. I think that's a safe assumption, lz4 is a
+mature project.
+
+Fixed #4690.
+(cherry picked from commit 3d4cf7de48a74726694abbaa09f9804b845ff3ba)
+---
+ configure.ac | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index cf595e68c0..4a0b2691d6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -602,10 +602,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
+ have_lz4=no
+ AC_ARG_ENABLE(lz4, AS_HELP_STRING([--disable-lz4], [Disable optional LZ4 support]))
+ AS_IF([test "x$enable_lz4" != "xno"], [
+-        PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
+-               [AC_DEFINE(HAVE_LZ4, 1, [Define in LZ4 is available])
++        PKG_CHECK_MODULES(LZ4, [ liblz4 < 10 ],
++               [AC_DEFINE(HAVE_LZ4, 1, [Define if LZ4 is available])
+                 have_lz4=yes],
+-                have_lz4=no)
++                [PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
++                      [AC_DEFINE(HAVE_LZ4, 1, [Define if LZ4 is available])
++                      have_lz4=yes],
++                      have_lz4=no)])
+         AS_IF([test "x$have_lz4" = xno -a "x$enable_lz4" = xyes],
+               [AC_MSG_ERROR([*** LZ4 support requested but libraries not found])])
+ ])

0022-pid1-do-not-use-mtime-0-as-sign-of-masking-4388.patch

@@ -0,0 +1,71 @@
+From 48aab8bd94f75072a8d44f351a66cf74db450275 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 17 Oct 2016 01:15:03 -0400
+Subject: [PATCH] pid1: do not use mtime==0 as sign of masking (#4388)
+
+It is allowed for unit files to have an mtime==0, so instead of assuming that
+any file that had mtime==0 was masked, use the load_state to filter masked
+units.
+
+Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1384150.
+(cherry picked from commit ba25d39e449347952522162c3fa110b04308e28c)
+---
+ src/core/unit.c | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 6726ce0749..d94b3eb5ab 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -2950,7 +2950,7 @@ int unit_coldplug(Unit *u) {
+         return 0;
+ }
+ 
+-static bool fragment_mtime_newer(const char *path, usec_t mtime) {
++static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_masked) {
+         struct stat st;
+ 
+         if (!path)
+@@ -2960,12 +2960,12 @@ static bool fragment_mtime_newer(const char *path, usec_t mtime) {
+                 /* What, cannot access this anymore? */
+                 return true;
+ 
+-        if (mtime > 0)
++        if (path_masked)
++                /* For masked files check if they are still so */
++                return !null_or_empty(&st);
++        else
+                 /* For non-empty files check the mtime */
+                 return timespec_load(&st.st_mtim) > mtime;
+-        else if (!null_or_empty(&st))
+-                /* For masked files check if they are still so */
+-                return true;
+ 
+         return false;
+ }
+@@ -2976,18 +2976,22 @@ bool unit_need_daemon_reload(Unit *u) {
+ 
+         assert(u);
+ 
+-        if (fragment_mtime_newer(u->fragment_path, u->fragment_mtime))
++        /* For unit files, we allow masking… */
++        if (fragment_mtime_newer(u->fragment_path, u->fragment_mtime,
++                                 u->load_state == UNIT_MASKED))
+                 return true;
+ 
+-        if (fragment_mtime_newer(u->source_path, u->source_mtime))
++        /* Source paths should not be masked… */
++        if (fragment_mtime_newer(u->source_path, u->source_mtime, false))
+                 return true;
+ 
+         (void) unit_find_dropin_paths(u, &t);
+         if (!strv_equal(u->dropin_paths, t))
+                 return true;
+ 
++        /* … any drop-ins that are masked are simply omitted from the list. */
+         STRV_FOREACH(path, u->dropin_paths)
+-                if (fragment_mtime_newer(*path, u->dropin_mtime))
++                if (fragment_mtime_newer(*path, u->dropin_mtime, false))
+                         return true;
+ 
+         return false;

0023-resolved-bugfix-of-null-pointer-p-question-dereferen.patch

@@ -0,0 +1,27 @@
+From 2934d046b1f1d6e0cfc08b843066d10bea3e9109 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Wed, 24 May 2017 08:56:48 +0300
+Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing
+ (#6020)
+
+See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
+
+(cherry picked from commit a924f43f30f9c4acaf70618dd2a055f8b0f166be)
+---
+ src/resolve/resolved-dns-packet.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index a8ad8fe342..8b620cb6a8 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -2264,6 +2264,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
+         if (r < 0)
+                 return r;
+ 
++        if (!p->question)
++                return 0;
++
+         if (p->question->n_keys != 1)
+                 return 0;
+ 

0024-udev-net_id-add-support-for-phys_port_name-attribute.patch

@@ -0,0 +1,102 @@
+From 59fab93ac7960c28bcd7f7646dff07f57073df7d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ji=C5=99=C3=AD=20P=C3=ADrko?= <jiri@resnulli.us>
+Date: Wed, 2 Nov 2016 03:46:01 +0100
+Subject: [PATCH] udev: net_id: add support for phys_port_name attribute
+ (#4506)
+
+Switch drivers uses phys_port_name attribute to pass front panel port
+name to user. Use it to generate netdev names.
+
+Signed-off-by: Jiri Pirko <jiri@mellanox.com>
+(cherry picked from commit 4887b656c22af059d4e833de7b56544f24951184)
+---
+ src/udev/udev-builtin-net_id.c | 30 ++++++++++++++++++++++--------
+ 1 file changed, 22 insertions(+), 8 deletions(-)
+
+diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
+index a7be2a4eed..0eb2500dd2 100644
+--- a/src/udev/udev-builtin-net_id.c
++++ b/src/udev/udev-builtin-net_id.c
+@@ -35,10 +35,12 @@
+  * Type of names:
+  *   b<number>                             — BCMA bus core number
+  *   c<bus_id>                             — CCW bus group name, without leading zeros [s390]
+- *   o<index>[d<dev_port>]                 — on-board device index number
+- *   s<slot>[f<function>][d<dev_port>]     — hotplug slot index number
++ *   o<index>[n<phys_port_name>|d<dev_port>]
++ *                                         — on-board device index number
++ *   s<slot>[f<function>][n<phys_port_name>|d<dev_port>]
++ *                                         — hotplug slot index number
+  *   x<MAC>                                — MAC address
+- *   [P<domain>]p<bus>s<slot>[f<function>][d<dev_port>]
++ *   [P<domain>]p<bus>s<slot>[f<function>][n<phys_port_name>|d<dev_port>]
+  *                                         — PCI geographical location
+  *   [P<domain>]p<bus>s<slot>[f<function>][u<port>][..][c<config>][i<interface>]
+  *                                         — USB port number chain
+@@ -137,7 +139,7 @@ static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) {
+         unsigned dev_port = 0;
+         size_t l;
+         char *s;
+-        const char *attr;
++        const char *attr, *port_name;
+         int idx;
+ 
+         /* ACPI _DSM  — device specific method for naming a PCI or PCI Express device */
+@@ -164,10 +166,15 @@ static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) {
+         if (attr)
+                 dev_port = strtol(attr, NULL, 10);
+ 
++        /* kernel provided front panel port name for multiple port PCI device */
++        port_name = udev_device_get_sysattr_value(dev, "phys_port_name");
++
+         s = names->pci_onboard;
+         l = sizeof(names->pci_onboard);
+         l = strpcpyf(&s, l, "o%d", idx);
+-        if (dev_port > 0)
++        if (port_name)
++                l = strpcpyf(&s, l, "n%s", port_name);
++        else if (dev_port > 0)
+                 l = strpcpyf(&s, l, "d%d", dev_port);
+         if (l == 0)
+                 names->pci_onboard[0] = '\0';
+@@ -202,7 +209,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
+         unsigned domain, bus, slot, func, dev_port = 0;
+         size_t l;
+         char *s;
+-        const char *attr;
++        const char *attr, *port_name;
+         struct udev_device *pci = NULL;
+         char slots[256], str[256];
+         _cleanup_closedir_ DIR *dir = NULL;
+@@ -217,6 +224,9 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
+         if (attr)
+                 dev_port = strtol(attr, NULL, 10);
+ 
++        /* kernel provided front panel port name for multiple port PCI device */
++        port_name = udev_device_get_sysattr_value(dev, "phys_port_name");
++
+         /* compose a name based on the raw kernel's PCI bus, slot numbers */
+         s = names->pci_path;
+         l = sizeof(names->pci_path);
+@@ -225,7 +235,9 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
+         l = strpcpyf(&s, l, "p%us%u", bus, slot);
+         if (func > 0 || is_pci_multifunction(names->pcidev))
+                 l = strpcpyf(&s, l, "f%u", func);
+-        if (dev_port > 0)
++        if (port_name)
++                l = strpcpyf(&s, l, "n%s", port_name);
++        else if (dev_port > 0)
+                 l = strpcpyf(&s, l, "d%u", dev_port);
+         if (l == 0)
+                 names->pci_path[0] = '\0';
+@@ -275,7 +287,9 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
+                 l = strpcpyf(&s, l, "s%d", hotplug_slot);
+                 if (func > 0 || is_pci_multifunction(names->pcidev))
+                         l = strpcpyf(&s, l, "f%d", func);
+-                if (dev_port > 0)
++                if (port_name)
++                        l = strpcpyf(&s, l, "n%s", port_name);
++                else if (dev_port > 0)
+                         l = strpcpyf(&s, l, "d%d", dev_port);
+                 if (l == 0)
+                         names->pci_slot[0] = '\0';

0025-logind-don-t-hit-assert-when-we-try-to-free-NULL-man.patch

@@ -0,0 +1,26 @@
+From a33057b3b58fba988b52da60fada0b25de589c78 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 20 Oct 2016 19:19:46 +0200
+Subject: [PATCH] logind: don't hit assert when we try to free NULL manager
+ object
+
+Fixes: #4431
+(cherry picked from commit 84a4e6608dbda38c724ab196a226db209a50b224)
+---
+ src/login/logind.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/login/logind.c b/src/login/logind.c
+index 5ce36d28c7..e5854db264 100644
+--- a/src/login/logind.c
++++ b/src/login/logind.c
+@@ -125,7 +125,8 @@ static void manager_free(Manager *m) {
+         Inhibitor *i;
+         Button *b;
+ 
+-        assert(m);
++        if (!m)
++                return;
+ 
+         while ((session = hashmap_first(m->sessions)))
+                 session_free(session);

0026-core-if-the-start-command-vanishes-during-runtime-do.patch

@@ -0,0 +1,36 @@
+From 4185055dfcc4eb549c66c116fd8a7e87e9931ae8 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 21 Oct 2016 12:27:46 +0200
+Subject: [PATCH] core: if the start command vanishes during runtime don't hit
+ an assert
+
+This can happen when the configuration is changed and reloaded while we are
+executing a service. Let's not hit an assert in this case.
+
+Fixes: #4444
+(cherry picked from commit 47fffb3530af3e3ad4048570611685635fde062e)
+---
+ src/core/service.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index afb198507b..537db62808 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -1706,7 +1706,15 @@ static void service_enter_start(Service *s) {
+         }
+ 
+         if (!c) {
+-                assert(s->type == SERVICE_ONESHOT);
++                if (s->type != SERVICE_ONESHOT) {
++                        /* There's no command line configured for the main command? Hmm, that is strange. This can only
++                         * happen if the configuration changes at runtime. In this case, let's enter a failure
++                         * state. */
++                        log_unit_error(UNIT(s), "There's no 'start' task anymore we could start: %m");
++                        r = -ENXIO;
++                        goto fail;
++                }
++
+                 service_enter_start_post(s);
+                 return;
+         }

0027-core-don-t-hit-an-assert-when-printing-status-messag.patch

@@ -0,0 +1,35 @@
+From 37c30b6829eabedf0e5c800aeffb16d4d1b3d2ec Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 2 Nov 2016 12:02:53 -0600
+Subject: [PATCH] core: don't hit an assert when printing status messages about
+ units with overly long description strings
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This essentially reverts one part of d054f0a4d451120c26494263fc4dc175bfd405b1.
+
+(We might also choose to use proper ellipsation here, but I wasn't sure the
+memory allocation this requires wouöld be a good idea here...)
+
+Fixes: #4534
+(cherry picked from commit 07ecca0dc9d2d8f3b3abd73ab32f254f339fd903)
+---
+ src/core/job.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/job.c b/src/core/job.c
+index 7557874d4d..4efcfb80f3 100644
+--- a/src/core/job.c
++++ b/src/core/job.c
+@@ -767,8 +767,9 @@ static void job_log_status_message(Unit *u, JobType t, JobResult result) {
+         if (!format)
+                 return;
+ 
++        /* The description might be longer than the buffer, but that's OK, we'll just truncate it here */
+         DISABLE_WARNING_FORMAT_NONLITERAL;
+-        xsprintf(buf, format, unit_description(u));
++        snprintf(buf, sizeof(buf), format, unit_description(u));
+         REENABLE_WARNING;
+ 
+         switch (t) {

0028-device-Avoid-calling-unit_free-NULL-in-device-setup-.patch

@@ -0,0 +1,34 @@
+From c29d24941d5cb3a7016647a4791c7812f2cb83ed Mon Sep 17 00:00:00 2001
+From: Dave Reisner <d@falconindy.com>
+Date: Sun, 27 Nov 2016 17:05:39 -0500
+Subject: [PATCH] device: Avoid calling unit_free(NULL) in device setup logic
+ (#4748)
+
+Since a581e45ae8f9bb5c, there's a few function calls to
+unit_new_for_name which will unit_free on failure. Prior to this commit,
+a failure would result in calling unit_free with a NULL unit, and hit an
+assertion failure, seen at least via device_setup_unit:
+
+Assertion 'u' failed at src/core/unit.c:519, function unit_free().  Aborting.
+
+Fixes #4747
+https://bugs.archlinux.org/task/51950
+
+(cherry picked from commit d112eae7da77899be245ab52aa1747d4675549f1)
+---
+ src/core/device.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/device.c b/src/core/device.c
+index 16e56efcc3..31724e4e55 100644
+--- a/src/core/device.c
++++ b/src/core/device.c
+@@ -369,7 +369,7 @@ static int device_setup_unit(Manager *m, struct udev_device *dev, const char *pa
+ fail:
+         log_unit_warning_errno(u, r, "Failed to set up device unit: %m");
+ 
+-        if (delete)
++        if (delete && u)
+                 unit_free(u);
+ 
+         return r;

0029-sd-network-fix-memleak-in-dhcp6_option_parse_domainn.patch

@@ -0,0 +1,85 @@
+From 975e64e62b5db27f3d65f9a7aeb6a0689a535436 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Tue, 24 Jan 2017 05:11:59 +0300
+Subject: [PATCH] sd-network: fix memleak in dhcp6_option_parse_domainname
+ (#5114)
+
+The simplest way to reproduce:
+```diff
+diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c
+index bd289fa..7b0a5ef 100644
+--- a/src/libsystemd-network/test-dhcp6-client.c
++++ b/src/libsystemd-network/test-dhcp6-client.c
+@@ -168,7 +168,7 @@ static uint8_t msg_advertise[198] = {
+         0x00, 0x17, 0x00, 0x10, 0x20, 0x01, 0x0d, 0xb8,
+         0xde, 0xad, 0xbe, 0xef, 0x00, 0x00, 0x00, 0x00,
+         0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x0b,
+-        0x03, 0x6c, 0x61, 0x62, 0x05, 0x69, 0x6e, 0x74,
++        0x01, 0x6c, 0x01, 0x62, 0x00, 0x0a, 0x6e, 0x74,
+         0x72, 0x61, 0x00, 0x00, 0x1f, 0x00, 0x10, 0x20,
+         0x01, 0x0d, 0xb8, 0xde, 0xad, 0xbe, 0xef, 0x00,
+         0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+@@ -338,9 +338,7 @@ static int test_advertise_option(sd_event *e) {
+         assert_se(!memcmp(addrs, &msg_advertise[124], r * 16));
+
+         r = sd_dhcp6_lease_get_domains(lease, &domains);
+-        assert_se(r == 1);
+-        assert_se(!strcmp("lab.intra", domains[0]));
+-        assert_se(domains[1] == NULL);
++        assert_se(r == -ENOENT);
+
+         r = sd_dhcp6_lease_get_ntp_addrs(lease, &addrs);
+         assert_se(r == 1);
+```
+
+Fixes:
+```
+=================================================================
+==15043==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 4 byte(s) in 1 object(s) allocated from:
+    #0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160)
+    #1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552
+    #2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399
+    #3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225
+    #4 0x55f775774b95 in test_advertise_option src/libsystemd-network/test-dhcp6-client.c:287
+    #5 0x55f77577883e in main src/libsystemd-network/test-dhcp6-client.c:759
+    #6 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400)
+
+Direct leak of 4 byte(s) in 1 object(s) allocated from:
+    #0 0x7f13c8564160 in strdup (/lib64/libasan.so.3+0x5a160)
+    #1 0x7f13c7caaf69 in strv_extend src/basic/strv.c:552
+    #2 0x55f775787230 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399
+    #3 0x55f775788b96 in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225
+    #4 0x55f775781348 in client_parse_message src/libsystemd-network/sd-dhcp6-client.c:807
+    #5 0x55f775781ba2 in client_receive_advertise src/libsystemd-network/sd-dhcp6-client.c:895
+    #6 0x55f775782453 in client_receive_message src/libsystemd-network/sd-dhcp6-client.c:994
+    #7 0x7f13c7e447f4 in source_dispatch src/libsystemd/sd-event/sd-event.c:2268
+    #8 0x7f13c7e471b0 in sd_event_dispatch src/libsystemd/sd-event/sd-event.c:2627
+    #9 0x7f13c7e47ab3 in sd_event_run src/libsystemd/sd-event/sd-event.c:2686
+    #10 0x7f13c7e47c21 in sd_event_loop src/libsystemd/sd-event/sd-event.c:2706
+    #11 0x55f77577863c in test_client_solicit src/libsystemd-network/test-dhcp6-client.c:737
+    #12 0x55f77577884b in main src/libsystemd-network/test-dhcp6-client.c:760
+    #13 0x7f13c7589400 in __libc_start_main (/lib64/libc.so.6+0x20400)
+
+SUMMARY: AddressSanitizer: 8 byte(s) leaked in 2 allocation(s).
+```
+
+(cherry picked from commit 419eaa8f8d2025bae98c23bdedb434d6dbb025b8)
+---
+ src/libsystemd-network/dhcp6-option.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
+index 5462e03476..f8056dbc4b 100644
+--- a/src/libsystemd-network/dhcp6-option.c
++++ b/src/libsystemd-network/dhcp6-option.c
+@@ -339,7 +339,7 @@ int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen,
+ 
+ int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char ***str_arr) {
+         size_t pos = 0, idx = 0;
+-        _cleanup_free_ char **names = NULL;
++        _cleanup_strv_free_ char **names = NULL;
+         int r;
+ 
+         assert_return(optlen > 1, -ENODATA);

0030-sd-network-fix-memleak-in-dhcp6_lease_set_domains-51.patch

@@ -0,0 +1,56 @@
+From e40c3001ab4ec57c78b0a0093c165cf850f5540a Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Tue, 24 Jan 2017 05:12:58 +0300
+Subject: [PATCH] sd-network: fix memleak in dhcp6_lease_set_domains (#5113)
+
+The simplest way to reproduce:
+```diff
+diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c
+index bd289fa..4e14d8f 100644
+--- a/src/libsystemd-network/test-dhcp6-client.c
++++ b/src/libsystemd-network/test-dhcp6-client.c
+@@ -286,6 +286,8 @@ static int test_advertise_option(sd_event *e) {
+                         assert_se(optlen == 11);
+                         assert_se(dhcp6_lease_set_domains(lease, optval,
+                                                           optlen) >= 0);
++                        assert_se(dhcp6_lease_set_domains(lease, optval,
++                                                          optlen) >= 0);
+                         break;
+
+                 case SD_DHCP6_OPTION_SNTP_SERVERS:
+```
+
+Fixes:
+```
+==27369==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 10 byte(s) in 1 object(s) allocated from:
+    #0 0x7f90e7d21160 in strdup (/lib64/libasan.so.3+0x5a160)
+    #1 0x7f90e7467f69 in strv_extend src/basic/strv.c:552
+    #2 0x5612fcc19379 in dhcp6_option_parse_domainname src/libsystemd-network/dhcp6-option.c:399
+    #3 0x5612fcc1acdf in dhcp6_lease_set_domains src/libsystemd-network/sd-dhcp6-lease.c:225
+    #4 0x5612fcc06b95 in test_advertise_option src/libsystemd-network/test-dhcp6-client.c:287
+    #5 0x5612fcc0a987 in main src/libsystemd-network/test-dhcp6-client.c:761
+    #6 0x7f90e6d46400 in __libc_start_main (/lib64/libc.so.6+0x20400)
+
+SUMMARY: AddressSanitizer: 10 byte(s) leaked in 1 allocation(s).
+```
+
+(cherry picked from commit 0b75a95ace6e1d82772f6b5f1809f4839b810628)
+---
+ src/libsystemd-network/sd-dhcp6-lease.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c
+index 5c10a6326a..681384b3ff 100644
+--- a/src/libsystemd-network/sd-dhcp6-lease.c
++++ b/src/libsystemd-network/sd-dhcp6-lease.c
+@@ -226,7 +226,7 @@ int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, uint8_t *optval,
+         if (r < 0)
+                 return 0;
+ 
+-        free(lease->domains);
++        strv_free(lease->domains);
+         lease->domains = domains;
+         lease->domains_count = r;
+ 

0031-sd-event-when-exiting-no-signal-event-are-pending-is.patch

@@ -0,0 +1,55 @@
+From e72c338a9fe72a45e6687174fddf1a1725b5949b Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Wed, 8 Feb 2017 20:56:22 +0100
+Subject: [PATCH] sd-event: "when exiting no signal event are pending" is a
+ wrong assertion (#5271)
+
+The code make the following assertion: when freeing a event loop object
+(usually it's done after exiting from the main event loop), no signal events
+are still queued and are pending.
+
+This assertion can be found in event_unmask_signal_data() with
+"assert(!d->current);" assertion.
+
+It appears that this assertion can be wrong at least in a specific case
+described below.
+
+Consider the following example which is inspired from udev: a process defines 3
+source events: 2 are created by sd_event_add_signal() and 1 is created by
+sd_event_add_post().
+
+ 1. the process receives the 2 signals consecutively so that signal 'A' source
+     event is queued and pending. Consequently the post source event is also
+     queued and pending. This is done by sd_event_wait().
+
+ 2. The callback for signal 'A' is called by sd_event_dispatch().
+
+ 3. The next call to sd_event_wait() will queue signal 'B' source event.
+
+ 4. The callback for the post source event is called and calls sd_event_exit().
+
+ 5. the event loop is exited.
+
+ 6. freeing the event loop object will lead to the assertion failure in
+     event_unmask_signal_data().
+
+This patch simply removes this assertion as it doesn't seem to be a
+bug if the signal data still reference a signal source at this point.
+
+(cherry picked from commit 4470860388e12a5dda1d65773e411a349221a3e9)
+---
+ src/libsystemd/sd-event/sd-event.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
+index 9857f8b1fc..41ce91fa79 100644
+--- a/src/libsystemd/sd-event/sd-event.c
++++ b/src/libsystemd/sd-event/sd-event.c
+@@ -730,7 +730,6 @@ static void event_unmask_signal_data(sd_event *e, struct signal_data *d, int sig
+ 
+                 /* If all the mask is all-zero we can get rid of the structure */
+                 hashmap_remove(e->signal_data, &d->priority);
+-                assert(!d->current);
+                 safe_close(d->fd);
+                 free(d);
+                 return;

0032-journal-gatewayd-fix-segfault-with-certain-request-3.patch

@@ -0,0 +1,32 @@
+From 97248e26cdd728c025cc709496d4250350a4878a Mon Sep 17 00:00:00 2001
+From: Yi EungJun <semtlenori@gmail.com>
+Date: Sun, 7 Aug 2016 05:39:13 +0900
+Subject: [PATCH] journal-gatewayd: fix segfault with certain request (#3893)
+
+When client requests to get logs with `follow` and `KEY=match` that
+doesn't match any log entry, journal-gatewayd segfaulted.
+
+Make request_reader_entries to return zero in such case to wait for
+matching entries.
+
+This fixes https://github.com/systemd/systemd/issues/3873.
+
+(cherry picked from commit 3475fc5899db8c8c9198573912429b85213e4862)
+---
+ src/journal-remote/journal-gatewayd.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
+index 4ad9184993..e4a82871b5 100644
+--- a/src/journal-remote/journal-gatewayd.c
++++ b/src/journal-remote/journal-gatewayd.c
+@@ -239,6 +239,9 @@ static ssize_t request_reader_entries(
+                 m->size = (uint64_t) sz;
+         }
+ 
++        if (m->tmp == NULL && m->follow)
++                return 0;
++
+         if (fseeko(m->tmp, pos, SEEK_SET) < 0) {
+                 log_error_errno(errno, "Failed to seek to position: %m");
+                 return MHD_CONTENT_READER_END_WITH_ERROR;

0033-boot-fix-bootctl-install-segfault-4404.patch

@@ -0,0 +1,24 @@
+From abdafca5183be5593275033e0514f62fae579aba Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 19 Oct 2016 20:50:47 +0900
+Subject: [PATCH] boot: fix `bootctl install` segfault (#4404)
+
+(cherry picked from commit 9ee051b9c7623e148bf0d768cc2677aecf283fc8)
+---
+ src/boot/bootctl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
+index 37fa049ecf..115fe9338c 100644
+--- a/src/boot/bootctl.c
++++ b/src/boot/bootctl.c
+@@ -550,7 +550,8 @@ static const char *efi_subdirs[] = {
+         "EFI/systemd",
+         "EFI/BOOT",
+         "loader",
+-        "loader/entries"
++        "loader/entries",
++        NULL
+ };
+ 
+ static int create_dirs(const char *esp_path) {

0034-sysusers-fix-memleak-4430.patch

@@ -0,0 +1,36 @@
+From 18de263b7581d2b222027143e9f90e2ebcaefe72 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Thu, 20 Oct 2016 21:23:32 +0300
+Subject: [PATCH] sysusers: fix memleak (#4430)
+
+Fixes:
+```
+==28075== 64 bytes in 1 blocks are definitely lost in loss record 2 of 3
+==28075==    at 0x4C2BAEE: malloc (vg_replace_malloc.c:298)
+==28075==    by 0x4C2DCA1: realloc (vg_replace_malloc.c:785)
+==28075==    by 0x4ED40A2: greedy_realloc (alloc-util.c:57)
+==28075==    by 0x4E90F87: extract_first_word (extract-word.c:78)
+==28075==    by 0x4E91813: extract_many_words (extract-word.c:270)
+==28075==    by 0x10FE93: parse_line (sysusers.c:1325)
+==28075==    by 0x11198B: read_config_file (sysusers.c:1640)
+==28075==    by 0x111EB8: main (sysusers.c:1773)
+==28075==
+```
+
+(cherry picked from commit d9b8ea5448ba1e61d681a206d770a4eac39b9936)
+---
+ src/sysusers/sysusers.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
+index 787d68a009..a39a580e6a 100644
+--- a/src/sysusers/sysusers.c
++++ b/src/sysusers/sysusers.c
+@@ -1189,6 +1189,7 @@ static void item_free(Item *i) {
+         free(i->uid_path);
+         free(i->gid_path);
+         free(i->description);
++        free(i->home);
+         free(i);
+ }
+ 

0035-sysusers-fix-memleak-4443.patch

@@ -0,0 +1,36 @@
+From e67c65061dd9fc540ff9e40d0262641af73e1a4d Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Fri, 21 Oct 2016 13:30:45 +0300
+Subject: [PATCH] sysusers: fix memleak (#4443)
+
+Fixes:
+Oct 20 09:10:49 systemd-sysusers[144]: Direct leak of 20 byte(s) in 1 object(s) allocated from:
+Oct 20 09:10:49 systemd-sysusers[144]:     #0 0x7f3565a13e60 in malloc (/lib64/libasan.so.3+0xc6e60)
+Oct 20 09:10:49 systemd-sysusers[144]:     #1 0x7f3565526bd0 in malloc_multiply src/basic/alloc-util.h:70
+Oct 20 09:10:49 systemd-sysusers[144]:     #2 0x7f356552cb55 in tempfn_xxxxxx src/basic/fileio.c:1116
+Oct 20 09:10:49 systemd-sysusers[144]:     #3 0x7f356552c4f0 in fopen_temporary src/basic/fileio.c:1042
+Oct 20 09:10:49 systemd-sysusers[144]:     #4 0x7f356555e00e in fopen_temporary_label src/basic/fileio-label.c:63
+Oct 20 09:10:49 systemd-sysusers[144]:     #5 0x56197c4a1766 in make_backup src/sysusers/sysusers.c:209
+Oct 20 09:10:49 systemd-sysusers[144]:     #6 0x56197c4a6335 in write_files src/sysusers/sysusers.c:710
+Oct 20 09:10:49 systemd-sysusers[144]:     #7 0x56197c4ae571 in main src/sysusers/sysusers.c:1817
+Oct 20 09:10:49 systemd-sysusers[144]:     #8 0x7f3564dee730 in __libc_start_main (/lib64/libc.so.6+0x20730)
+
+(cherry picked from commit 0a12bb1eaa097dc83018aa034faef113a91e6014)
+---
+ src/sysusers/sysusers.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
+index a39a580e6a..dfb708c1b9 100644
+--- a/src/sysusers/sysusers.c
++++ b/src/sysusers/sysusers.c
+@@ -190,7 +190,8 @@ static int load_group_database(void) {
+ static int make_backup(const char *target, const char *x) {
+         _cleanup_close_ int src = -1;
+         _cleanup_fclose_ FILE *dst = NULL;
+-        char *backup, *temp;
++        _cleanup_free_ char *temp = NULL;
++        char *backup;
+         struct timespec ts[2];
+         struct stat st;
+         int r;

0036-journalctl-fix-memleak.patch

@@ -0,0 +1,40 @@
+From c36c799dafadcf5c5447698da97a8d7bd36c9ea4 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Thu, 3 Nov 2016 21:23:22 +0000
+Subject: [PATCH] journalctl: fix memleak
+
+bash-4.3# journalctl --no-hostname >/dev/null
+
+=================================================================
+==288==ERROR: LeakSanitizer: detected memory leaks
+
+Direct leak of 48492 byte(s) in 2694 object(s) allocated from:
+    #0 0x7fb4aba13e60 in malloc (/lib64/libasan.so.3+0xc6e60)
+    #1 0x7fb4ab5b2cc4 in malloc_multiply src/basic/alloc-util.h:70
+    #2 0x7fb4ab5b3194 in parse_field src/shared/logs-show.c:98
+    #3 0x7fb4ab5b4918 in output_short src/shared/logs-show.c:347
+    #4 0x7fb4ab5b7cb7 in output_journal src/shared/logs-show.c:977
+    #5 0x5650e29cd83d in main src/journal/journalctl.c:2581
+    #6 0x7fb4aabdb730 in __libc_start_main (/lib64/libc.so.6+0x20730)
+
+SUMMARY: AddressSanitizer: 48492 byte(s) leaked in 2694 allocation(s).
+
+Closes: #4568
+(cherry picked from commit 12104159ed88324fa95505a6a8b333dd92a80368)
+---
+ src/shared/logs-show.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c
+index d04728f505..f347ceed11 100644
+--- a/src/shared/logs-show.c
++++ b/src/shared/logs-show.c
+@@ -378,7 +378,7 @@ static int output_short(
+ 
+         if (hostname && (flags & OUTPUT_NO_HOSTNAME)) {
+                 /* Suppress display of the hostname if this is requested. */
+-                hostname = NULL;
++                hostname = mfree(hostname);
+                 hostname_len = 0;
+         }
+ 

0037-acl-util-fix-memleak.patch

@@ -0,0 +1,56 @@
+From 33628598ef1af73f8f50f96b4ce18f8a95733913 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Thu, 3 Nov 2016 22:04:40 +0000
+Subject: [PATCH] acl-util: fix memleak
+
+Fixes:
+$ ./libtool --mode execute valgrind --leak-check=full ./journalctl >/dev/null
+==22309== Memcheck, a memory error detector
+==22309== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
+==22309== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
+==22309== Command: /home/vagrant/systemd/.libs/lt-journalctl
+==22309==
+Hint: You are currently not seeing messages from other users and the system.
+      Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
+      Pass -q to turn off this notice.
+==22309==
+==22309== HEAP SUMMARY:
+==22309==     in use at exit: 8,680 bytes in 4 blocks
+==22309==   total heap usage: 5,543 allocs, 5,539 frees, 9,045,618 bytes allocated
+==22309==
+==22309== 488 (56 direct, 432 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 4
+==22309==    at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
+==22309==    by 0x6F37A0A: __new_var_obj_p (__libobj.c:36)
+==22309==    by 0x6F362F7: __acl_init_obj (acl_init.c:28)
+==22309==    by 0x6F37731: __acl_from_xattr (__acl_from_xattr.c:54)
+==22309==    by 0x6F36087: acl_get_file (acl_get_file.c:69)
+==22309==    by 0x4F15752: acl_search_groups (acl-util.c:172)
+==22309==    by 0x113A1E: access_check_var_log_journal (journalctl.c:1836)
+==22309==    by 0x113D8D: access_check (journalctl.c:1889)
+==22309==    by 0x115681: main (journalctl.c:2236)
+==22309==
+==22309== LEAK SUMMARY:
+==22309==    definitely lost: 56 bytes in 1 blocks
+==22309==    indirectly lost: 432 bytes in 1 blocks
+==22309==      possibly lost: 0 bytes in 0 blocks
+==22309==    still reachable: 8,192 bytes in 2 blocks
+==22309==         suppressed: 0 bytes in 0 blocks
+
+(cherry picked from commit 29d87223d54fc13e16f444677f0a94ed0755bd88)
+---
+ src/shared/acl-util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c
+index 2aa951fce9..79a3b9591d 100644
+--- a/src/shared/acl-util.c
++++ b/src/shared/acl-util.c
+@@ -162,7 +162,7 @@ int add_base_acls_if_needed(acl_t *acl_p, const char *path) {
+ 
+ int acl_search_groups(const char *path, char ***ret_groups) {
+         _cleanup_strv_free_ char **g = NULL;
+-        _cleanup_(acl_free) acl_t acl = NULL;
++        _cleanup_(acl_freep) acl_t acl = NULL;
+         bool ret = false;
+         acl_entry_t entry;
+         int r;

0038-core-fix-memleak-in-bus_exec_context_set_transient_p.patch

@@ -0,0 +1,45 @@
+From 2b0fa6690d559b069612115764e6f80f27699534 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Wed, 25 Jan 2017 05:53:50 +0300
+Subject: [PATCH] core: fix memleak in bus_exec_context_set_transient_property
+ (#5143)
+
+Fixes:
+```sh
+systemd-run --property EnvironmentFile=/some/environment/file /bin/sleep 30
+```
+```
+ 23 bytes in 1 blocks are definitely lost in loss record 1 of 7
+    at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
+    by 0x4E85488: malloc_multiply (alloc-util.h:70)
+    by 0x4E85F19: strjoin_real (string-util.c:252)
+    by 0x1AF741: bus_exec_context_set_transient_property (dbus-execute.c:1418)
+    by 0x1A907C: bus_service_set_property (dbus-service.c:330)
+    by 0x1A66DD: bus_unit_set_properties (dbus-unit.c:1456)
+    by 0x19CF93: transient_unit_from_message (dbus-manager.c:892)
+    by 0x19D388: method_start_transient_unit (dbus-manager.c:980)
+    by 0x4F60544: method_callbacks_run (bus-objects.c:418)
+    by 0x4F62D9D: object_find_and_run (bus-objects.c:1255)
+    by 0x4F633CE: bus_process_object (bus-objects.c:1371)
+    by 0x4F2CE1D: process_message (sd-bus.c:2563)
+```
+Closes: #5142
+
+(cherry picked from commit 9b531f04fb16e072100b10b93613abe846140305)
+---
+ src/core/dbus-execute.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
+index 307c3d8e7a..a1d55236fc 100644
+--- a/src/core/dbus-execute.c
++++ b/src/core/dbus-execute.c
+@@ -1224,7 +1224,7 @@ int bus_exec_context_set_transient_property(
+ 
+                 _cleanup_free_ char *joined = NULL;
+                 _cleanup_fclose_ FILE *f = NULL;
+-                _cleanup_free_ char **l = NULL;
++                _cleanup_strv_free_ char **l = NULL;
+                 size_t size = 0;
+                 char **i;
+ 

0039-core-dbus-fix-two-strv-memleaks.patch

@@ -0,0 +1,35 @@
+From c9906ce0e0a74d5fe9c04bcb1bbc0de75402b8ea Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 24 Jan 2017 22:21:16 -0500
+Subject: [PATCH] core/dbus: fix two strv memleaks
+
+job_dbus_path and unit_dbus_path both allocate new strings, so we should use
+strv_free.
+
+(cherry picked from commit f0c03de85afa93d1df2bb533a46748e7f4264af6)
+---
+ src/core/dbus.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/dbus.c b/src/core/dbus.c
+index 3422a02d68..5d87bca8b1 100644
+--- a/src/core/dbus.c
++++ b/src/core/dbus.c
+@@ -477,7 +477,7 @@ static int bus_kill_context_find(sd_bus *bus, const char *path, const char *inte
+ }
+ 
+ static int bus_job_enumerate(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
+-        _cleanup_free_ char **l = NULL;
++        _cleanup_strv_free_ char **l = NULL;
+         Manager *m = userdata;
+         unsigned k = 0;
+         Iterator i;
+@@ -504,7 +504,7 @@ static int bus_job_enumerate(sd_bus *bus, const char *path, void *userdata, char
+ }
+ 
+ static int bus_unit_enumerate(sd_bus *bus, const char *path, void *userdata, char ***nodes, sd_bus_error *error) {
+-        _cleanup_free_ char **l = NULL;
++        _cleanup_strv_free_ char **l = NULL;
+         Manager *m = userdata;
+         unsigned k = 0;
+         Iterator i;

0040-resolve-fix-strv-memleak.patch

@@ -0,0 +1,25 @@
+From 47194e64843ea986a56864442cb9653a6b23219d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 24 Jan 2017 22:27:21 -0500
+Subject: [PATCH] resolve: fix strv memleak
+
+sd_bus_message_read_strv() returns a normal strv...
+
+(cherry picked from commit c6d92582205065e4924b9f0cb1428f4a5f210fd4)
+---
+ src/resolve/resolved-link-bus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c
+index 364812250f..59cd6cf1cb 100644
+--- a/src/resolve/resolved-link-bus.c
++++ b/src/resolve/resolved-link-bus.c
+@@ -462,7 +462,7 @@ int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_e
+ 
+ int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+         _cleanup_set_free_free_ Set *ns = NULL;
+-        _cleanup_free_ char **ntas = NULL;
++        _cleanup_strv_free_ char **ntas = NULL;
+         Link *l = userdata;
+         int r;
+         char **i;

0041-sd-device-replace-lstat-open-with-open-O_NOFOLLOW.patch

@@ -0,0 +1,106 @@
+From a7c2ac892ad0c6e9d270bf9adf071f0aab456282 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 19 Feb 2017 14:17:19 -0500
+Subject: [PATCH] sd-device: replace lstat() + open() with open(O_NOFOLLOW)
+
+Coverity was complaining about TOCTOU (CID #745806). Indeed, it seems better
+to open the file and avoid the stat altogether:
+
+- O_NOFOLLOW means we'll get ELOOP, which we can translate to EINVAL as before,
+- similarly, open(O_WRONLY) on a directory will fail with EISDIR,
+- and finally, it makes no sense to check access mode ourselves: just let
+  the kernel do it and propagate the error.
+
+v2:
+- fix memleak, don't clober input arg
+
+(cherry picked from commit 2fa4861ad5a203bff604cac660136834e3b70108)
+---
+ src/libsystemd/sd-device/sd-device.c | 43 ++++++++++++++----------------------
+ 1 file changed, 16 insertions(+), 27 deletions(-)
+
+diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
+index 0c4ad966bd..1d68fe07ae 100644
+--- a/src/libsystemd/sd-device/sd-device.c
++++ b/src/libsystemd/sd-device/sd-device.c
+@@ -1857,8 +1857,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
+         _cleanup_free_ char *value = NULL;
+         const char *syspath;
+         char *path;
+-        struct stat statbuf;
+-        size_t value_len = 0;
++        size_t len = 0;
+         ssize_t size;
+         int r;
+ 
+@@ -1876,8 +1875,14 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
+                 return r;
+ 
+         path = strjoina(syspath, "/", sysattr);
+-        r = lstat(path, &statbuf);
+-        if (r < 0) {
++
++        fd = open(path, O_WRONLY | O_CLOEXEC | O_NOFOLLOW);
++        if (fd < 0) {
++                if (errno == ELOOP)
++                        return -EINVAL;
++                if (errno == EISDIR)
++                        return -EISDIR;
++
+                 value = strdup("");
+                 if (!value)
+                         return -ENOMEM;
+@@ -1889,46 +1894,30 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr,
+                 return -ENXIO;
+         }
+ 
+-        if (S_ISLNK(statbuf.st_mode))
+-                return -EINVAL;
+-
+-        /* skip directories */
+-        if (S_ISDIR(statbuf.st_mode))
+-                return -EISDIR;
+-
+-        /* skip non-readable files */
+-        if ((statbuf.st_mode & S_IRUSR) == 0)
+-                return -EACCES;
+-
+-        value_len = strlen(_value);
++        len = strlen(_value);
+ 
+         /* drop trailing newlines */
+-        while (value_len > 0 && _value[value_len - 1] == '\n')
+-                _value[--value_len] = '\0';
++        while (len > 0 && _value[len - 1] == '\n')
++                len --;
+ 
+         /* value length is limited to 4k */
+-        if (value_len > 4096)
++        if (len > 4096)
+                 return -EINVAL;
+ 
+-        fd = open(path, O_WRONLY | O_CLOEXEC);
+-        if (fd < 0)
+-                return -errno;
+-
+-        value = strdup(_value);
++        value = strndup(_value, len);
+         if (!value)
+                 return -ENOMEM;
+ 
+-        size = write(fd, value, value_len);
++        size = write(fd, value, len);
+         if (size < 0)
+                 return -errno;
+ 
+-        if ((size_t)size != value_len)
++        if ((size_t)size != len)
+                 return -EIO;
+ 
+         r = device_add_sysattr_value(device, sysattr, value);
+         if (r < 0)
+                 return r;
+-
+         value = NULL;
+ 
+         return 0;

0042-test-resolved-packet-add-a-simple-test-for-our-alloc.patch

@@ -0,0 +1,108 @@
+From 976d4b21b85aad15bf359089dd84b39c48347fb2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 18 Jun 2017 15:53:15 -0400
+Subject: [PATCH] test-resolved-packet: add a simple test for our allocation
+ functions
+
+---
+ .gitignore                         |  1 +
+ Makefile.am                        | 14 ++++++++++++
+ src/resolve/test-resolved-packet.c | 45 ++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 60 insertions(+)
+ create mode 100644 src/resolve/test-resolved-packet.c
+
+diff --git a/.gitignore b/.gitignore
+index f7db68b4a6..814a1c8861 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -255,6 +255,7 @@
+ /test-replace-var
+ /test-resolve
+ /test-resolve-tables
++/test-resolved-packet
+ /test-ring
+ /test-rlimit-util
+ /test-sched-prio
+diff --git a/Makefile.am b/Makefile.am
+index 0c27f81986..e8d72a8129 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -5451,6 +5451,7 @@ dist_zshcompletion_data += \
+ tests += \
+ 	test-dns-packet \
+ 	test-resolve-tables \
++	test-resolved-packet \
+ 	test-dnssec
+ 
+ manual_tests += \
+@@ -5472,6 +5473,19 @@ test_resolve_tables_LDADD = \
+ 	$(GCRYPT_LIBS) \
+ 	-lm
+ 
++test_resolved_packet_SOURCES = \
++	src/resolve/test-resolved-packet.c \
++	$(basic_dns_sources)
++
++test_resolved_packet_CFLAGS = \
++	$(AM_CFLAGS) \
++	$(GCRYPT_CFLAGS)
++
++test_resolved_packet_LDADD = \
++	libsystemd-shared.la \
++	$(GCRYPT_LIBS) \
++	-lm
++
+ test_dns_packet_SOURCES = \
+ 	src/resolve/test-dns-packet.c \
+ 	$(basic_dns_sources)
+diff --git a/src/resolve/test-resolved-packet.c b/src/resolve/test-resolved-packet.c
+new file mode 100644
+index 0000000000..8b7da1408d
+--- /dev/null
++++ b/src/resolve/test-resolved-packet.c
+@@ -0,0 +1,45 @@
++/***
++  This file is part of systemd
++
++  Copyright 2017 Zbigniew Jędrzejewski-Szmek
++
++  systemd is free software; you can redistribute it and/or modify it
++  under the terms of the GNU Lesser General Public License as published by
++  the Free Software Foundation; either version 2.1 of the License, or
++  (at your option) any later version.
++
++  systemd is distributed in the hope that it will be useful, but
++  WITHOUT ANY WARRANTY; without even the implied warranty of
++  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++  Lesser General Public License for more details.
++
++  You should have received a copy of the GNU Lesser General Public License
++  along with systemd; If not, see <http://www.gnu.org/licenses/>.
++***/
++
++#include "log.h"
++#include "resolved-dns-packet.h"
++
++static void test_dns_packet_new(void) {
++        size_t i;
++
++        for (i = 0; i < DNS_PACKET_SIZE_MAX + 2; i++) {
++                _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
++
++                assert_se(dns_packet_new(&p, DNS_PROTOCOL_DNS, i) == 0);
++
++                log_debug("dns_packet_new: %zu → %zu", i, p->allocated);
++                assert_se(p->allocated >= MIN(DNS_PACKET_SIZE_MAX, i));
++        }
++}
++
++int main(int argc, char **argv) {
++
++        log_set_max_level(LOG_DEBUG);
++        log_parse_environment();
++        log_open();
++
++        test_dns_packet_new();
++
++        return 0;
++}

0043-resolved-simplify-alloc-size-calculation.patch

@@ -0,0 +1,48 @@
+From e3abee3dee32ae7cd8e937e44ace94ab7f45ede9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 18 Jun 2017 16:07:57 -0400
+Subject: [PATCH] resolved: simplify alloc size calculation
+
+The allocation size was calculated in a complicated way, and for values
+close to the page size we would actually allocate less than requested.
+
+Reported by Chris Coulson <chris.coulson@canonical.com>.
+
+CVE-2017-9445
+---
+ src/resolve/resolved-dns-packet.c | 8 +-------
+ src/resolve/resolved-dns-packet.h | 2 --
+ 2 files changed, 1 insertion(+), 9 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index 8b620cb6a8..7262a50eee 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
+ 
+         assert(ret);
+ 
+-        if (mtu <= UDP_PACKET_HEADER_SIZE)
+-                a = DNS_PACKET_SIZE_START;
+-        else
+-                a = mtu - UDP_PACKET_HEADER_SIZE;
+-
+-        if (a < DNS_PACKET_HEADER_SIZE)
+-                a = DNS_PACKET_HEADER_SIZE;
++        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
+ 
+         /* round up to next page size */
+         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
+diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
+index 7b7d4e14c9..05a7a844e4 100644
+--- a/src/resolve/resolved-dns-packet.h
++++ b/src/resolve/resolved-dns-packet.h
+@@ -66,8 +66,6 @@ struct DnsPacketHeader {
+ /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
+ #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
+ 
+-#define DNS_PACKET_SIZE_START 512
+-
+ struct DnsPacket {
+         int n_ref;
+         DnsProtocol protocol;

0044-resolved-do-not-allocate-packets-with-minimum-size.patch

@@ -0,0 +1,45 @@
+From 626e9ef495474c95e3143ddae1a498d391c2a008 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 27 Jun 2017 14:20:00 -0400
+Subject: [PATCH] resolved: do not allocate packets with minimum size
+
+dns_packet_new() is sometimes called with mtu == 0, and in that case we should
+allocate more than the absolute minimum (which is the dns packet header size),
+otherwise we have to resize immediately again after appending the first data to
+the packet.
+
+This partially reverts the previous commit.
+---
+ src/resolve/resolved-dns-packet.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index 7262a50eee..c1ee755d9f 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -28,6 +28,9 @@
+ 
+ #define EDNS0_OPT_DO (1<<15)
+ 
++#define DNS_PACKET_SIZE_START 512
++assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
++
+ typedef struct DnsPacketRewinder {
+         DnsPacket *packet;
+         size_t saved_rindex;
+@@ -47,7 +50,14 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
+ 
+         assert(ret);
+ 
+-        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
++        /* When dns_packet_new() is called with mtu == 0, allocate more than the
++         * absolute minimum (which is the dns packet header size), to avoid
++         * resizing immediately again after appending the first data to the packet.
++         */
++        if (mtu < UDP_PACKET_HEADER_SIZE)
++                a = DNS_PACKET_SIZE_START;
++        else
++                a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
+ 
+         /* round up to next page size */
+         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));

0045-resolved-define-various-packet-sizes-as-unsigned.patch

@@ -0,0 +1,46 @@
+From 46ee71cfab1eebcd57109c5ee402d13a7b9d2468 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 27 Jun 2017 16:59:06 -0400
+Subject: [PATCH] resolved: define various packet sizes as unsigned
+
+This seems like the right thing to do, and apparently at least some compilers
+warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX.
+---
+ src/resolve/resolved-dns-packet.c | 2 +-
+ src/resolve/resolved-dns-packet.h | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index c1ee755d9f..fd37363ece 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -28,7 +28,7 @@
+ 
+ #define EDNS0_OPT_DO (1<<15)
+ 
+-#define DNS_PACKET_SIZE_START 512
++#define DNS_PACKET_SIZE_START 512u
+ assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
+ 
+ typedef struct DnsPacketRewinder {
+diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
+index 05a7a844e4..1020db0221 100644
+--- a/src/resolve/resolved-dns-packet.h
++++ b/src/resolve/resolved-dns-packet.h
+@@ -58,13 +58,13 @@ struct DnsPacketHeader {
+ /* The various DNS protocols deviate in how large a packet can grow,
+    but the TCP transport has a 16bit size field, hence that appears to
+    be the absolute maximum. */
+-#define DNS_PACKET_SIZE_MAX 0xFFFF
++#define DNS_PACKET_SIZE_MAX 0xFFFFu
+ 
+ /* RFC 1035 say 512 is the maximum, for classic unicast DNS */
+-#define DNS_PACKET_UNICAST_SIZE_MAX 512
++#define DNS_PACKET_UNICAST_SIZE_MAX 512u
+ 
+ /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
+-#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
++#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096u
+ 
+ struct DnsPacket {
+         int n_ref;

0046-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch

@@ -0,0 +1,33 @@
+From 7cf20aa8c7f9dd5d7e907b0f96b14f4c09bc8c6d Mon Sep 17 00:00:00 2001
+From: Daniel Berrange <berrange@redhat.com>
+Date: Wed, 19 Jul 2017 10:06:07 +0100
+Subject: [PATCH] virt: enable detecting QEMU (TCG) via CPUID (#6399)
+
+QEMU >= 2.10 will include a CPUID leaf with value "TCGTCGTCGTCG"
+on x86 when running with the TCG CPU emulator:
+
+  https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05231.html
+
+Existing methods of detecting QEMU are left unchanged for sake of
+backcompatibility.
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+(cherry picked from commit 5588612e9e8828691f13141e3fcebe08a59201fe)
+(cherry picked from commit ce0609bc26d33e47b23fbbe1aa7465283a10fb10)
+(cherry picked from commit c21be74a657c56bfc4091428b54189682c354640)
+---
+ src/basic/virt.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/basic/virt.c b/src/basic/virt.c
+index dace1f4328..f1c49105ee 100644
+--- a/src/basic/virt.c
++++ b/src/basic/virt.c
+@@ -45,6 +45,7 @@ static int detect_vm_cpuid(void) {
+         } cpuid_vendor_table[] = {
+                 { "XenVMMXenVMM", VIRTUALIZATION_XEN       },
+                 { "KVMKVMKVM",    VIRTUALIZATION_KVM       },
++                { "TCGTCGTCGTCG", VIRTUALIZATION_QEMU      },
+                 /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */
+                 { "VMwareVMware", VIRTUALIZATION_VMWARE    },
+                 /* http://msdn.microsoft.com/en-us/library/ff542428.aspx */

0047-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch

@@ -0,0 +1,47 @@
+From 9b7e22950873b1637b286bb540d9884ce1bec19f Mon Sep 17 00:00:00 2001
+From: "S. Fan" <sfanxiang@gmail.com>
+Date: Mon, 31 Jul 2017 05:10:10 -0500
+Subject: [PATCH] rfkill: fix erroneous behavior when polling the udev monitor
+ (#6489)
+
+Comparing udev_device_get_sysname(device) and sysname will always return
+true. We need to check the device received from udev monitor instead.
+
+Also, fd_wait_for_event() sometimes never exits. Better set a timeout
+here.
+
+(cherry picked from commit 8ec1a07998758f6a85f3ea5bf2ed14d87609398f)
+(cherry picked from commit cd8a9ccb7c06394a64bfe0cd2a88fad7be8e3f9f)
+(cherry picked from commit 638c0dbabd348a664c85cbaf0ab10f317468b576)
+---
+ src/rfkill/rfkill.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c
+index 0acdf229ed..3c2460b5af 100644
+--- a/src/rfkill/rfkill.c
++++ b/src/rfkill/rfkill.c
+@@ -138,17 +138,21 @@ static int wait_for_initialized(
+         for (;;) {
+                 _cleanup_udev_device_unref_ struct udev_device *t = NULL;
+ 
+-                r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
++                r = fd_wait_for_event(watch_fd, POLLIN, EXIT_USEC);
+                 if (r == -EINTR)
+                         continue;
+                 if (r < 0)
+                         return log_error_errno(r, "Failed to watch udev monitor: %m");
++                if (r == 0) {
++                        log_error("Timed out wating for udev monitor.");
++                        return -ETIMEDOUT;
++                }
+ 
+                 t = udev_monitor_receive_device(monitor);
+                 if (!t)
+                         continue;
+ 
+-                if (streq_ptr(udev_device_get_sysname(device), sysname)) {
++                if (streq_ptr(udev_device_get_sysname(t), sysname)) {
+                         *ret = udev_device_ref(t);
+                         return 0;
+                 }

0048-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch

@@ -0,0 +1,40 @@
+From 7e85bcd660d4124c4115b493f80624430216249d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 25 Oct 2017 11:19:19 +0200
+Subject: [PATCH] resolved: fix loop on packets with pseudo dns types
+
+Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D.
+
+https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
+(cherry picked from commit 9f939335a07085aa9a9663efd1dca06ef6405d62)
+(cherry picked from commit 743b771c559c6101544f7358a42c8c519fe4b0db)
+(cherry picked from commit 1e20ca63e06337b95f4b0deedc062511d2ff31cc)
+(cherry picked from commit 655ae23e5b73816fb7ebdc5dc61271cf8ffa0007)
+---
+ src/resolve/resolved-dns-packet.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index fd37363ece..8260e45769 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -1490,7 +1490,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
+ 
+                 found = true;
+ 
+-                while (bitmask) {
++                for (; bitmask; bit++, bitmask >>= 1)
+                         if (bitmap[i] & bitmask) {
+                                 uint16_t n;
+ 
+@@ -1504,10 +1504,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta
+                                 if (r < 0)
+                                         return r;
+                         }
+-
+-                        bit++;
+-                        bitmask >>= 1;
+-                }
+         }
+ 
+         if (!found)

systemd.spec

@@ -12,7 +12,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        231
-Release:        10%{?gitcommit:.git%{gitcommitshort}}%{?dist}
+Release:        19%{?gitcommit:.git%{gitcommitshort}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        A System and Service Manager
@@ -37,25 +37,54 @@ Source8:        systemd-journal-gatewayd.xml
 Source9:        20-yama-ptrace.conf
 Source10:       systemd-udev-trigger-no-reload.conf
 
-Patch0001: 0001-systemctl-be-sure-to-be-quiet-with-systemctl-is-enab.patch
-Patch0002: 0002-logind-0-and-100-should-be-valid-for-UserTasksMax-38.patch
-Patch0003: 0003-systemd-ask-password-make-sure-directory-watch-is-st.patch
-Patch0004: 0004-Revert-logind-really-handle-KeyIgnoreInhibited-optio.patch
-Patch0005: 0005-man-explain-that-KeyIgnoreInhibited-only-apply-to-a-.patch
-Patch0006: 0006-systemctl-fix-preset-all-with-missing-etc-systemd-sy.patch
-Patch0007: 0007-shared-install-remove-unused-paramater-and-add-more-.patch
-Patch0008: 0008-shared-install-ignore-unit-symlinks-when-doing-prese.patch
-Patch0009: 0009-man-describe-what-symlinks-to-unit-do-and-specify-th.patch
-Patch0010: 0010-shared-install-move-root-skipping-into-create_symlin.patch
-Patch0011: 0011-shared-install-when-creating-symlinks-keep-existing-.patch
-Patch0012: 0012-shared-install-properly-report-masked-units-listed-i.patch
-Patch0013: 0013-Revert-pid1-reconnect-to-the-console-before-being-re.patch
-Patch0014: 0014-systemd-ignore-lack-of-tty-when-checking-whether-col.patch
-Patch0015: 0015-shared-install-do-not-enable-masked-instances-4005.patch
-Patch0016: 0016-If-the-notification-message-length-is-0-ignore-the-m.patch
-Patch0017: 0017-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
-Patch0018: 0018-pid1-process-zero-length-notification-messages-again.patch
-Patch0019: 0019-shared-install-fix-set-default-with-empty-root-4118.patch
+Patch0001:      0001-systemctl-be-sure-to-be-quiet-with-systemctl-is-enab.patch
+Patch0002:      0002-logind-0-and-100-should-be-valid-for-UserTasksMax-38.patch
+Patch0003:      0003-systemd-ask-password-make-sure-directory-watch-is-st.patch
+Patch0004:      0004-Revert-logind-really-handle-KeyIgnoreInhibited-optio.patch
+Patch0005:      0005-man-explain-that-KeyIgnoreInhibited-only-apply-to-a-.patch
+Patch0006:      0006-systemctl-fix-preset-all-with-missing-etc-systemd-sy.patch
+Patch0007:      0007-shared-install-remove-unused-paramater-and-add-more-.patch
+Patch0008:      0008-shared-install-ignore-unit-symlinks-when-doing-prese.patch
+Patch0009:      0009-man-describe-what-symlinks-to-unit-do-and-specify-th.patch
+Patch0010:      0010-shared-install-move-root-skipping-into-create_symlin.patch
+Patch0011:      0011-shared-install-when-creating-symlinks-keep-existing-.patch
+Patch0012:      0012-shared-install-properly-report-masked-units-listed-i.patch
+Patch0013:      0013-Revert-pid1-reconnect-to-the-console-before-being-re.patch
+Patch0014:      0014-systemd-ignore-lack-of-tty-when-checking-whether-col.patch
+Patch0015:      0015-shared-install-do-not-enable-masked-instances-4005.patch
+Patch0016:      0016-If-the-notification-message-length-is-0-ignore-the-m.patch
+Patch0017:      0017-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
+Patch0018:      0018-pid1-process-zero-length-notification-messages-again.patch
+Patch0019:      0019-shared-install-fix-set-default-with-empty-root-4118.patch
+Patch0020:      0020-Various-simplifications.patch
+Patch0021:      0021-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
+Patch0022:      0022-pid1-do-not-use-mtime-0-as-sign-of-masking-4388.patch
+Patch0023:      0023-resolved-bugfix-of-null-pointer-p-question-dereferen.patch
+Patch0024:      0024-udev-net_id-add-support-for-phys_port_name-attribute.patch
+Patch0025:      0025-logind-don-t-hit-assert-when-we-try-to-free-NULL-man.patch
+Patch0026:      0026-core-if-the-start-command-vanishes-during-runtime-do.patch
+Patch0027:      0027-core-don-t-hit-an-assert-when-printing-status-messag.patch
+Patch0028:      0028-device-Avoid-calling-unit_free-NULL-in-device-setup-.patch
+Patch0029:      0029-sd-network-fix-memleak-in-dhcp6_option_parse_domainn.patch
+Patch0030:      0030-sd-network-fix-memleak-in-dhcp6_lease_set_domains-51.patch
+Patch0031:      0031-sd-event-when-exiting-no-signal-event-are-pending-is.patch
+Patch0032:      0032-journal-gatewayd-fix-segfault-with-certain-request-3.patch
+Patch0033:      0033-boot-fix-bootctl-install-segfault-4404.patch
+Patch0034:      0034-sysusers-fix-memleak-4430.patch
+Patch0035:      0035-sysusers-fix-memleak-4443.patch
+Patch0036:      0036-journalctl-fix-memleak.patch
+Patch0037:      0037-acl-util-fix-memleak.patch
+Patch0038:      0038-core-fix-memleak-in-bus_exec_context_set_transient_p.patch
+Patch0039:      0039-core-dbus-fix-two-strv-memleaks.patch
+Patch0040:      0040-resolve-fix-strv-memleak.patch
+Patch0041:      0041-sd-device-replace-lstat-open-with-open-O_NOFOLLOW.patch
+Patch0042:      0042-test-resolved-packet-add-a-simple-test-for-our-alloc.patch
+Patch0043:      0043-resolved-simplify-alloc-size-calculation.patch
+Patch0044:      0044-resolved-do-not-allocate-packets-with-minimum-size.patch
+Patch0045:      0045-resolved-define-various-packet-sizes-as-unsigned.patch
+Patch0046:      0046-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch
+Patch0047:      0047-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch
+Patch0048:      0048-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch
 
 Patch0998:      0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
 
@@ -76,6 +105,7 @@ BuildRequires:  gobject-introspection-devel
 BuildRequires:  libblkid-devel
 BuildRequires:  xz-devel
 BuildRequires:  lz4-devel
+BuildRequires:  lz4
 BuildRequires:  bzip2-devel
 BuildRequires:  libidn-devel
 BuildRequires:  libcurl-devel
@@ -149,6 +179,7 @@ elaborate transactional dependency-based service control logic.
 %package libs
 Summary:        systemd libraries
 License:        LGPLv2+ and MIT
+Requires(post): grep
 Obsoletes:      libudev < 183
 Obsoletes:      systemd < 185-4
 Conflicts:      systemd < 185-4
@@ -169,10 +200,11 @@ Systemd PAM module registers the session with systemd-logind.
 %package devel
 Summary:        Development headers for systemd
 License:        LGPLv2+ and MIT
-# We need both libsystemd and libsystemd-<compat> libraries
 Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 Provides:       libudev-devel = %{version}
 Obsoletes:      libudev-devel < 183
+# Fake dependency to make sure systemd-pam is pulled into multilib (#1414153)
+Requires:       %{name}-pam = %{version}-%{release}
 
 %description devel
 Development headers and auxiliary files for developing applications linking
@@ -263,6 +295,10 @@ CONFIGURE_OPTS=(
         --with-rc-local-script-path-start=/etc/rc.d/rc.local
         --with-ntp-servers='0.%{ntpvendor}.pool.ntp.org 1.%{ntpvendor}.pool.ntp.org 2.%{ntpvendor}.pool.ntp.org 3.%{ntpvendor}.pool.ntp.org'
         --without-kill-user-processes
+        --enable-lz4
+        --enable-xz
+        --enable-zlib
+        --enable-bzip2
 )
 
 %configure \
@@ -925,6 +961,7 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
 %{_datadir}/zsh/site-functions/_machinectl
 %{_datadir}/zsh/site-functions/_systemd-nspawn
 %{_mandir}/man1/machinectl.*
+%{_mandir}/man1/systemd-nspawn.*
 %{_mandir}/man8/systemd-machined.*
 %{_mandir}/man8/*mymachines.*
 
@@ -948,6 +985,38 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
 %{_mandir}/man[1578]/systemd-nspawn.*
 
 %changelog
+* Thu Oct 26 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-19
+- systemd-detect-virt QEMU CPUID logic update
+- Fix rfkill on some thinkpads
+- Fix systemd-resolved DOS with crafted NSEC packets (LP#1725351)
+
+* Tue Jul 25 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-18
+- Add Requires: grep for libs subpackage (#1474529)
+
+* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-17
+- Tweak the patches a bit
+
+* Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-16
+- Fix an out-of-bounds write in systemd-resolved (CVE-2017-9445)
+
+* Thu May 25 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-15
+- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493)
+
+* Wed Feb 22 2017 Michal Sekletar <msekleta@redhat.com> - 231-14
+- Backport support for phys_port_name to net_id (#1425737)
+- Backport bunch of bugfixes (asserts, segv, memleaks) from upstream
+
+* Tue Jan 17 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-13
+- Backport mtime==0 fix (#1384150)
+- Add fake dependency on systemd-pam to systemd-devel to ensure systemd-pam
+  is available as multilib (#1414153)
+
+* Mon Jan 16 2017 Jan Synáček <jsynacek@redhat.com> - 231-12
+- Fix buildsystem to check for lz4 correctly (#1404406)
+
+* Wed Jan 11 2017 Jan Synáček <jsynacek@redhat.com> - 231-11
+- Fix: the systemd-nspawn manpage is not installed (#1411269)
+
 * Sun Oct  9 2016 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 231-10
 - Do not recreate /var/log/journal on upgrades (#1383066)
 - Move nss-myhostname provides to systemd-libs (#1383271)