Fix patch

The patch order is messed up, because I committed the patches to
systemd-stable in the wrong order. Sorry.

.gitignore

@@ -1,4 +1,3 @@
-*~
 /systemd-*/
 /.build-*.log
 /x86_64/

0001-test-path-util-do-not-fail-if-the-fd_is_mount_point-.patch

@@ -1,70 +0,0 @@
-From 2e9d763e7cbeb33954bbe3f96fd94de2cd62edf7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 12 Nov 2020 14:28:24 +0100
-Subject: [PATCH] test-path-util: do not fail if the fd_is_mount_point check
- fails
-
-This test fails on i686 and ppc64le in koji:
-/* test_path */
-Assertion 'fd_is_mount_point(fd, "/", 0) > 0' failed at src/test/test-path-util.c:85, function test_path(). Aborting.
-
-I guess some permission error is the most likely.
----
- src/test/test-path-util.c | 23 +++++++++++++++++------
- 1 file changed, 17 insertions(+), 6 deletions(-)
-
-diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
-index f4f8d0550b..be428334f3 100644
---- a/src/test/test-path-util.c
-+++ b/src/test/test-path-util.c
-@@ -40,8 +40,6 @@ static void test_path_simplify(const char *in, const char *out, const char *out_
- }
- 
- static void test_path(void) {
--        _cleanup_close_ int fd = -1;
--
-         log_info("/* %s */", __func__);
- 
-         test_path_compare("/goo", "/goo", 0);
-@@ -80,10 +78,6 @@ static void test_path(void) {
-         assert_se(streq(basename("/aa///file..."), "file..."));
-         assert_se(streq(basename("file.../"), ""));
- 
--        fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
--        assert_se(fd >= 0);
--        assert_se(fd_is_mount_point(fd, "/", 0) > 0);
--
-         test_path_simplify("aaa/bbb////ccc", "aaa/bbb/ccc", "aaa/bbb/ccc");
-         test_path_simplify("//aaa/.////ccc", "/aaa/./ccc", "/aaa/ccc");
-         test_path_simplify("///", "/", "/");
-@@ -120,6 +114,22 @@ static void test_path(void) {
-         assert_se(!path_equal_ptr(NULL, "/a"));
- }
- 
-+static void test_path_is_mountpoint(void) {
-+        _cleanup_close_ int fd = -1;
-+        int r;
-+
-+        log_info("/* %s */", __func__);
-+
-+        fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
-+        assert_se(fd >= 0);
-+
-+        r = fd_is_mount_point(fd, "/", 0);
-+        if (r < 0)
-+                log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
-+        else
-+                assert_se(r == 1);
-+}
-+
- static void test_path_equal_root(void) {
-         /* Nail down the details of how path_equal("/", ...) works. */
- 
-@@ -714,6 +724,7 @@ int main(int argc, char **argv) {
- 
-         test_print_paths();
-         test_path();
-+        test_path_is_mountpoint();
-         test_path_equal_root();
-         test_find_executable_full();
-         test_find_executable(argv[0]);

0001-test-path-util-ignore-test-failure.patch

@@ -1,33 +0,0 @@
-From e8bca4ba55f855260eda684a16e8feb5f20b1deb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Thu, 12 Nov 2020 15:06:12 +0100
-Subject: [PATCH] test-path-util: ignore test failure
-
----
- src/test/test-path-util.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/test/test-path-util.c b/src/test/test-path-util.c
-index be428334f3..207c659b8b 100644
---- a/src/test/test-path-util.c
-+++ b/src/test/test-path-util.c
-@@ -120,14 +120,17 @@ static void test_path_is_mountpoint(void) {
- 
-         log_info("/* %s */", __func__);
- 
-+        (void) system("uname -a");
-+        (void) system("mountpoint /");
-+
-         fd = open("/", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOCTTY);
-         assert_se(fd >= 0);
- 
-         r = fd_is_mount_point(fd, "/", 0);
-         if (r < 0)
-                 log_warning_errno(r, "Failed to check if / is a mount point, ignoring: %m");
--        else
--                assert_se(r == 1);
-+        else if (r == 0)
-+                log_warning("/ is not a mountpoint?");
- }
- 
- static void test_path_equal_root(void) {

0001-time-util-map-ALARM-clockids-to-non-ALARM-clockids-i.patch

@@ -0,0 +1,76 @@
+From d15dd311752fcafa92d2e6a00c582020dc0f6ac3 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 12 Feb 2016 21:29:01 +0100
+Subject: [PATCH] time-util: map ALARM clockids to non-ALARM clockids in now()
+
+Fixes: #2597
+(cherry picked from commit 32c1f5a57998f2a9e1992af006b83e39e3155830)
+---
+ src/basic/time-util.c              | 24 ++++++++++++++++++++++--
+ src/libsystemd/sd-event/sd-event.c |  6 +++++-
+ 2 files changed, 27 insertions(+), 3 deletions(-)
+
+diff --git a/src/basic/time-util.c b/src/basic/time-util.c
+index 3973850b44..510f018d9b 100644
+--- a/src/basic/time-util.c
++++ b/src/basic/time-util.c
+@@ -42,10 +42,30 @@
+ 
+ static nsec_t timespec_load_nsec(const struct timespec *ts);
+ 
++static clockid_t map_clock_id(clockid_t c) {
++
++        /* Some more exotic archs (s390, ppc, …) lack the "ALARM" flavour of the clocks. Thus, clock_gettime() will
++         * fail for them. Since they are essentially the same as their non-ALARM pendants (their only difference is
++         * when timers are set on them), let's just map them accordingly. This way, we can get the correct time even on
++         * those archs. */
++
++        switch (c) {
++
++        case CLOCK_BOOTTIME_ALARM:
++                return CLOCK_BOOTTIME;
++
++        case CLOCK_REALTIME_ALARM:
++                return CLOCK_REALTIME;
++
++        default:
++                return c;
++        }
++}
++
+ usec_t now(clockid_t clock_id) {
+         struct timespec ts;
+ 
+-        assert_se(clock_gettime(clock_id, &ts) == 0);
++        assert_se(clock_gettime(map_clock_id(clock_id), &ts) == 0);
+ 
+         return timespec_load(&ts);
+ }
+@@ -53,7 +73,7 @@ usec_t now(clockid_t clock_id) {
+ nsec_t now_nsec(clockid_t clock_id) {
+         struct timespec ts;
+ 
+-        assert_se(clock_gettime(clock_id, &ts) == 0);
++        assert_se(clock_gettime(map_clock_id(clock_id), &ts) == 0);
+ 
+         return timespec_load_nsec(&ts);
+ }
+diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
+index deef6ba9d3..2b46a1ff06 100644
+--- a/src/libsystemd/sd-event/sd-event.c
++++ b/src/libsystemd/sd-event/sd-event.c
+@@ -2780,9 +2780,13 @@ _public_ int sd_event_now(sd_event *e, clockid_t clock, uint64_t *usec) {
+                 *usec = e->timestamp.monotonic;
+                 break;
+ 
+-        default:
++        case CLOCK_BOOTTIME:
++        case CLOCK_BOOTTIME_ALARM:
+                 *usec = e->timestamp_boottime;
+                 break;
++
++        default:
++                assert_not_reached("Unknown clock?");
+         }
+ 
+         return 0;

0002-core-fix-indenting-in-dump-output.patch

@@ -0,0 +1,24 @@
+From 3e1d3577dd20a49d6eb5007c65b4efb7862df903 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 12 Feb 2016 21:33:39 +0100
+Subject: [PATCH] core: fix indenting in dump output
+
+Fixes: #2593
+(cherry picked from commit b895d15511526b7046c8c51e6689684144a63ae0)
+---
+ src/core/unit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index d39e3dcaeb..3c4f85e744 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -888,7 +888,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) {
+                 "%s\tInstance: %s\n"
+                 "%s\tUnit Load State: %s\n"
+                 "%s\tUnit Active State: %s\n"
+-                "%s\nState Change Timestamp: %s\n"
++                "%s\tState Change Timestamp: %s\n"
+                 "%s\tInactive Exit Timestamp: %s\n"
+                 "%s\tActive Enter Timestamp: %s\n"
+                 "%s\tActive Exit Timestamp: %s\n"

0003-networkd-FIONREAD-is-not-reliable-on-some-sockets.patch

@@ -0,0 +1,238 @@
+From 66a35872a2429a095f8cdfd5b00f94d0b28daa0f Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 15 Feb 2016 22:50:01 +0100
+Subject: [PATCH] networkd: FIONREAD is not reliable on some sockets
+
+Fixes: #2457
+(cherry picked from commit 4edc2c9b6b5b921873eb82e58719ed4d9e0d69bf)
+---
+ src/basic/socket-util.c                  | 34 ++++++++++++++++++++++++++++++++
+ src/basic/socket-util.h                  |  2 ++
+ src/libsystemd-network/sd-dhcp-client.c  | 23 +++++++++------------
+ src/libsystemd-network/sd-dhcp-server.c  |  9 ++++-----
+ src/libsystemd-network/sd-dhcp6-client.c | 13 ++++++------
+ src/libsystemd-network/sd-ndisc.c        | 13 +++++-------
+ src/resolve/resolved-manager.c           | 10 ++++------
+ 7 files changed, 64 insertions(+), 40 deletions(-)
+
+diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
+index 49e5f5b125..58512686e3 100644
+--- a/src/basic/socket-util.c
++++ b/src/basic/socket-util.c
+@@ -936,3 +936,37 @@ int receive_one_fd(int transport_fd, int flags) {
+ 
+         return *(int*) CMSG_DATA(found);
+ }
++
++ssize_t next_datagram_size_fd(int fd) {
++        ssize_t l;
++        int k;
++
++        /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will
++         * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD dosn't
++         * do. This difference is actually of major importance as we need to be sure that the size returned here
++         * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of
++         * the wrong size. */
++
++        l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC);
++        if (l < 0) {
++                if (errno == EOPNOTSUPP)
++                        goto fallback;
++
++                return -errno;
++        }
++        if (l == 0)
++                goto fallback;
++
++        return l;
++
++fallback:
++        k = 0;
++
++        /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD
++         * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */
++
++        if (ioctl(fd, FIONREAD, &k) < 0)
++                return -errno;
++
++        return (ssize_t) k;
++}
+diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h
+index 92edc1dc22..d17a2f35f8 100644
+--- a/src/basic/socket-util.h
++++ b/src/basic/socket-util.h
+@@ -133,5 +133,7 @@ int send_one_fd_sa(int transport_fd,
+ #define send_one_fd(transport_fd, fd, flags) send_one_fd_sa(transport_fd, fd, NULL, 0, flags)
+ int receive_one_fd(int transport_fd, int flags);
+ 
++ssize_t next_datagram_size_fd(int fd);
++
+ #define CMSG_FOREACH(cmsg, mh)                                          \
+         for ((cmsg) = CMSG_FIRSTHDR(mh); (cmsg); (cmsg) = CMSG_NXTHDR((mh), (cmsg)))
+diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
+index cad1a52c09..729ef880ce 100644
+--- a/src/libsystemd-network/sd-dhcp-client.c
++++ b/src/libsystemd-network/sd-dhcp-client.c
+@@ -1525,20 +1525,17 @@ static int client_receive_message_udp(sd_event_source *s, int fd,
+                                       uint32_t revents, void *userdata) {
+         sd_dhcp_client *client = userdata;
+         _cleanup_free_ DHCPMessage *message = NULL;
+-        int buflen = 0, len, r;
+         const struct ether_addr zero_mac = { { 0, 0, 0, 0, 0, 0 } };
+         const struct ether_addr *expected_chaddr = NULL;
+         uint8_t expected_hlen = 0;
++        ssize_t len, buflen;
+ 
+         assert(s);
+         assert(client);
+ 
+-        r = ioctl(fd, FIONREAD, &buflen);
+-        if (r < 0)
+-                return -errno;
+-        else if (buflen < 0)
+-                /* this can't be right */
+-                return -EIO;
++        buflen = next_datagram_size_fd(fd);
++        if (buflen < 0)
++                return buflen;
+ 
+         message = malloc0(buflen);
+         if (!message)
+@@ -1616,17 +1613,15 @@ static int client_receive_message_raw(sd_event_source *s, int fd,
+         };
+         struct cmsghdr *cmsg;
+         bool checksum = true;
+-        int buflen = 0, len, r;
++        ssize_t buflen, len;
++        int r;
+ 
+         assert(s);
+         assert(client);
+ 
+-        r = ioctl(fd, FIONREAD, &buflen);
+-        if (r < 0)
+-                return -errno;
+-        else if (buflen < 0)
+-                /* this can't be right */
+-                return -EIO;
++        buflen = next_datagram_size_fd(fd);
++        if (buflen < 0)
++                return buflen;
+ 
+         packet = malloc0(buflen);
+         if (!packet)
+diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c
+index ad3a37b722..54ff1a3f28 100644
+--- a/src/libsystemd-network/sd-dhcp-server.c
++++ b/src/libsystemd-network/sd-dhcp-server.c
+@@ -955,14 +955,13 @@ static int server_receive_message(sd_event_source *s, int fd,
+                 .msg_controllen = sizeof(cmsgbuf),
+         };
+         struct cmsghdr *cmsg;
+-        int buflen = 0, len;
++        ssize_t buflen, len;
+ 
+         assert(server);
+ 
+-        if (ioctl(fd, FIONREAD, &buflen) < 0)
+-                return -errno;
+-        else if (buflen < 0)
+-                return -EIO;
++        buflen = next_datagram_size_fd(fd);
++        if (buflen < 0)
++                return buflen;
+ 
+         message = malloc(buflen);
+         if (!message)
+diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c
+index 5b6b9cbcac..7d56d4cc60 100644
+--- a/src/libsystemd-network/sd-dhcp6-client.c
++++ b/src/libsystemd-network/sd-dhcp6-client.c
+@@ -33,6 +33,7 @@
+ #include "in-addr-util.h"
+ #include "network-internal.h"
+ #include "random-util.h"
++#include "socket-util.h"
+ #include "string-table.h"
+ #include "util.h"
+ 
+@@ -891,18 +892,16 @@ static int client_receive_message(sd_event_source *s, int fd, uint32_t revents,
+         sd_dhcp6_client *client = userdata;
+         DHCP6_CLIENT_DONT_DESTROY(client);
+         _cleanup_free_ DHCP6Message *message = NULL;
+-        int r, buflen, len;
++        ssize_t buflen, len;
++        int r = 0;
+ 
+         assert(s);
+         assert(client);
+         assert(client->event);
+ 
+-        r = ioctl(fd, FIONREAD, &buflen);
+-        if (r < 0)
+-                return -errno;
+-        else if (buflen < 0)
+-                /* This really should not happen */
+-                return -EIO;
++        buflen = next_datagram_size_fd(fd);
++        if (buflen < 0)
++                return buflen;
+ 
+         message = malloc(buflen);
+         if (!message)
+diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c
+index 519d2aa36b..bae6a49fe6 100644
+--- a/src/libsystemd-network/sd-ndisc.c
++++ b/src/libsystemd-network/sd-ndisc.c
+@@ -491,19 +491,16 @@ static int ndisc_router_advertisment_recv(sd_event_source *s, int fd, uint32_t r
+         struct cmsghdr *cmsg;
+         struct in6_addr *gw;
+         unsigned lifetime;
+-        ssize_t len;
+-        int r, pref, stateful, buflen = 0;
++        ssize_t len, buflen;
++        int r, pref, stateful;
+ 
+         assert(s);
+         assert(nd);
+         assert(nd->event);
+ 
+-        r = ioctl(fd, FIONREAD, &buflen);
+-        if (r < 0)
+-                return -errno;
+-        else if (buflen < 0)
+-                /* This really should not happen */
+-                return -EIO;
++        buflen = next_datagram_size_fd(fd);
++        if (buflen < 0)
++                return buflen;
+ 
+         iov.iov_len = buflen;
+ 
+diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
+index bf5efe4cfa..7f9073448a 100644
+--- a/src/resolve/resolved-manager.c
++++ b/src/resolve/resolved-manager.c
+@@ -617,18 +617,16 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
+         struct msghdr mh = {};
+         struct cmsghdr *cmsg;
+         struct iovec iov;
+-        int ms = 0, r;
+-        ssize_t l;
++        ssize_t ms, l;
++        int r;
+ 
+         assert(m);
+         assert(fd >= 0);
+         assert(ret);
+ 
+-        r = ioctl(fd, FIONREAD, &ms);
+-        if (r < 0)
+-                return -errno;
++        ms = next_datagram_size_fd(fd);
+         if (ms < 0)
+-                return -EIO;
++                return ms;
+ 
+         r = dns_packet_new(&p, protocol, ms);
+         if (r < 0)

0004-networkd-rework-idle-detection-logic-of-networkd.patch

@@ -0,0 +1,55 @@
+From 1b8cc9fb6cac9d5882ab33b79f880d03d1859efb Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 15 Feb 2016 19:11:18 +0100
+Subject: [PATCH] networkd: rework idle detection logic of networkd
+
+This patch makes networkd stay around as long as there is more than just a
+loopback interface around, or the loopback device isn't fully probed yet, or
+the loopback device has a .network file attached.
+
+In essence, this means networkd stays around now continously as it should,
+unless it is running in some (container?) environment that really has no
+interface except a loopback device.
+
+Fixes #2577.
+
+(cherry picked from commit 9dc907f9c93636cb63ca90300fa3b8c03812701f)
+---
+ src/network/networkd-manager.c | 19 ++++++++-----------
+ 1 file changed, 8 insertions(+), 11 deletions(-)
+
+diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
+index b527191a5a..b8cb7f875d 100644
+--- a/src/network/networkd-manager.c
++++ b/src/network/networkd-manager.c
+@@ -1091,22 +1091,19 @@ static bool manager_check_idle(void *userdata) {
+ 
+         assert(m);
+ 
++        /* Check whether we are idle now. The only case when we decide to be idle is when there's only a loopback
++         * device around, for which we have no configuration, and which already left the PENDING state. In all other
++         * cases we are not idle. */
++
+         HASHMAP_FOREACH(link, m->links, i) {
+-                /* we are not woken on udev activity, so let's just wait for the
+-                 * pending udev event */
++                /* We are not woken on udev activity, so let's just wait for the pending udev event */
+                 if (link->state == LINK_STATE_PENDING)
+                         return false;
+ 
+-                if (!link->network)
+-                        continue;
++                if ((link->flags & IFF_LOOPBACK) == 0)
++                        return false;
+ 
+-                /* we are not woken on netork activity, so let's stay around */
+-                if (link_lldp_enabled(link) ||
+-                    link_ipv4ll_enabled(link) ||
+-                    link_dhcp4_server_enabled(link) ||
+-                    link_dhcp4_enabled(link) ||
+-                    link_dhcp6_enabled(link) ||
+-                    link_ipv6_accept_ra_enabled(link))
++                if (link->network)
+                         return false;
+         }
+ 

0005-core-fix-assertion-check.patch

@@ -0,0 +1,24 @@
+From 84494c062524f39771cc9363597daa29d5d041b6 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 16 Feb 2016 13:18:36 +0100
+Subject: [PATCH] core: fix assertion check
+
+Fixes: #2632
+(cherry picked from commit 3f51aec8647fe13f4b1e46b2f75ff635403adf91)
+---
+ src/core/timer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/timer.c b/src/core/timer.c
+index 6f3e6a8db3..3d0bae16e5 100644
+--- a/src/core/timer.c
++++ b/src/core/timer.c
+@@ -334,7 +334,7 @@ static void add_random(Timer *t, usec_t *v) {
+         usec_t add;
+ 
+         assert(t);
+-        assert(*v);
++        assert(v);
+ 
+         if (t->random_usec == 0)
+                 return;

0006-udev-fix-cg_unified-return-code-checking.patch

@@ -0,0 +1,26 @@
+From 19bc96f7cdda48ca331d5cb0060d3a7eaad59a16 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 16 Feb 2016 14:03:47 +0100
+Subject: [PATCH] udev: fix cg_unified() return code checking
+
+Fixes fall-out from 8b3aa503c171acdb9ec63484a8c50e2680d31e79.
+
+Fixes: #2635
+(cherry picked from commit 6d2353394fc33e923d1ab464c8f88df2a5105ffb)
+---
+ src/udev/udevd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index 2c1c4a967b..bb92f16352 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -1715,7 +1715,7 @@ int main(int argc, char *argv[]) {
+                    by PID1. otherwise we are not guaranteed to have a dedicated cgroup */
+                 r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup);
+                 if (r < 0) {
+-                        if (r == -ENOENT || r == -ENOEXEC)
++                        if (r == -ENOENT || r == -ENOMEDIUM)
+                                 log_debug_errno(r, "did not find dedicated cgroup: %m");
+                         else
+                                 log_warning_errno(r, "failed to get cgroup: %m");

0007-core-revert-core-resolve-specifier-in-config_parse_e.patch

@@ -0,0 +1,54 @@
+From 31acc428d9bfa04582ca7c5ec3580ef2b7aed172 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Wed, 17 Feb 2016 22:32:36 +0000
+Subject: [PATCH] core: revert "core: resolve specifier in config_parse_exec()"
+
+This reverts commit cb48dfca6a8bc15d9081651001a16bf51e03838a.
+
+Exec*-settings resolve specifiers twice:
+%%U -> config_parse_exec [cb48dfca6a8] -> %U -> service_spawn -> 0
+
+Fixes #2637
+
+(cherry picked from commit bd1b973fb326e9b7587494fd6108e5ded46e9163)
+---
+ src/core/load-fragment.c | 11 +----------
+ 1 file changed, 1 insertion(+), 10 deletions(-)
+
+diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
+index b3dec7b8cc..8804b3ac41 100644
+--- a/src/core/load-fragment.c
++++ b/src/core/load-fragment.c
+@@ -574,9 +574,7 @@ int config_parse_exec(
+                 void *data,
+                 void *userdata) {
+ 
+-        _cleanup_free_ char *cmd = NULL;
+         ExecCommand **e = data;
+-        Unit *u = userdata;
+         const char *p;
+         bool semicolon;
+         int r;
+@@ -585,7 +583,6 @@ int config_parse_exec(
+         assert(lvalue);
+         assert(rvalue);
+         assert(e);
+-        assert(u);
+ 
+         e += ltype;
+         rvalue += strspn(rvalue, WHITESPACE);
+@@ -596,13 +593,7 @@ int config_parse_exec(
+                 return 0;
+         }
+ 
+-        r = unit_full_printf(u, rvalue, &cmd);
+-        if (r < 0) {
+-                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers on %s, ignoring: %m", rvalue);
+-                return 0;
+-        }
+-
+-        p = cmd;
++        p = rvalue;
+         do {
+                 _cleanup_free_ char *path = NULL, *firstword = NULL;
+                 bool separate_argv0 = false, ignore = false;

0008-activate-fix-E-option-parsing.patch

@@ -0,0 +1,25 @@
+From 3ea302d20b1c60f469ed7315611d002a0d88f57d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 18 Feb 2016 21:54:31 -0500
+Subject: [PATCH] activate: fix -E option parsing
+
+Fixes #2658.
+
+(cherry picked from commit b722348d050aa2754cd9f903e8c3ce810c616b06)
+---
+ src/activate/activate.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/activate/activate.c b/src/activate/activate.c
+index 0db4967edb..4b3d0e5371 100644
+--- a/src/activate/activate.c
++++ b/src/activate/activate.c
+@@ -379,7 +379,7 @@ static int parse_argv(int argc, char *argv[]) {
+         assert(argc >= 0);
+         assert(argv);
+ 
+-        while ((c = getopt_long(argc, argv, "+hl:aEd", options, NULL)) >= 0)
++        while ((c = getopt_long(argc, argv, "+hl:aE:d", options, NULL)) >= 0)
+                 switch(c) {
+                 case 'h':
+                         help();

0009-basic-strbuf-do-not-call-bsearch-with-a-null-argumen.patch

@@ -0,0 +1,30 @@
+From 328e8daf82c4e82ebcd06ae87bb825d5060cb94b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 18 Feb 2016 17:33:10 -0500
+Subject: [PATCH] basic/strbuf: do not call bsearch with a null argument
+
+Das ist verboten!
+
+src/basic/strbuf.c:162:23: runtime error: null pointer passed as argument 2,
+                           which is declared to never be null
+
+(cherry picked from commit 82501b3fc40dae2660a86ab07462f33fe26347ad)
+---
+ src/basic/strbuf.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c
+index 77220c0251..dac2881603 100644
+--- a/src/basic/strbuf.c
++++ b/src/basic/strbuf.c
+@@ -156,6 +156,10 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
+                         return off;
+                 }
+ 
++                /* bsearch is not allowed on a NULL sequence */
++                if (node->children_count == 0)
++                        break;
++
+                 /* lookup child node */
+                 c = s[len - 1 - depth];
+                 search.c = c;

0010-udev-path_id-correct-segmentation-fault-due-to-missi.patch

@@ -0,0 +1,30 @@
+From 28c6938992e05238fa077ff820015bb37e1ecae6 Mon Sep 17 00:00:00 2001
+From: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
+Date: Fri, 19 Feb 2016 15:21:18 +0100
+Subject: [PATCH] udev/path_id: correct segmentation fault due to missing NULL
+ check
+
+Running "udevadm test-builtin path_id /sys/devices/platform/" results
+in a segmentation fault.
+
+The problem is that udev_device_get_subsystem(dev) might return NULL
+in a streq() call.  Solve this problem by using streq_ptr() instead.
+
+(cherry picked from commit 5181ab917d6407cb57043e98955f0de1614366ea)
+---
+ src/udev/udev-builtin-path_id.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c
+index b6ed45d8ba..6e9adc6e96 100644
+--- a/src/udev/udev-builtin-path_id.c
++++ b/src/udev/udev-builtin-path_id.c
+@@ -712,7 +712,7 @@ static int builtin_path_id(struct udev_device *dev, int argc, char *argv[], bool
+          * devices do not expose their buses and do not provide a unique
+          * and predictable name that way.
+          */
+-        if (streq(udev_device_get_subsystem(dev), "block") && !supported_transport)
++        if (streq_ptr(udev_device_get_subsystem(dev), "block") && !supported_transport)
+                 path = mfree(path);
+ 
+         if (path != NULL) {

0011-networkd-make-sure-we-allocate-the-NTA-set-before-we.patch

@@ -0,0 +1,27 @@
+From 319dadd4b39ed03271848ca649e4d76de0fbf8ff Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Sun, 21 Feb 2016 22:27:01 +0100
+Subject: [PATCH] networkd: make sure we allocate the NTA set before we add
+ items to it
+
+See: #2683
+(cherry picked from commit cbbf38aefc7a3d18d68f0d8fffb6b59d77948690)
+---
+ src/network/networkd-network.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
+index 4315790093..54f76fe206 100644
+--- a/src/network/networkd-network.c
++++ b/src/network/networkd-network.c
+@@ -994,6 +994,10 @@ int config_parse_dnssec_negative_trust_anchors(
+                         continue;
+                 }
+ 
++                r = set_ensure_allocated(&n->dnssec_negative_trust_anchors, &dns_name_hash_ops);
++                if (r < 0)
++                        return log_oom();
++
+                 r = set_put(n->dnssec_negative_trust_anchors, w);
+                 if (r < 0)
+                         return log_oom();

0012-networkd-tunnel-fix-tunnel-address.patch

@@ -0,0 +1,70 @@
+From f432f7f9037833d77e6e0d16c275b950e1cd8e03 Mon Sep 17 00:00:00 2001
+From: Susant Sahani <ssahani@gmail.com>
+Date: Sat, 20 Feb 2016 18:03:31 +0530
+Subject: [PATCH] networkd: tunnel fix tunnel address
+
+this fixes 2655
+
+(cherry picked from commit 07dcb085893a2fe212b7e158028725876d2ab98f)
+---
+ src/network/networkd-netdev-tunnel.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/network/networkd-netdev-tunnel.c b/src/network/networkd-netdev-tunnel.c
+index 46ff2974f4..7aaa041ba3 100644
+--- a/src/network/networkd-netdev-tunnel.c
++++ b/src/network/networkd-netdev-tunnel.c
+@@ -54,7 +54,7 @@ static int netdev_ipip_fill_message_create(NetDev *netdev, Link *link, sd_netlin
+         assert(link);
+         assert(m);
+         assert(t);
+-        assert(t->family == AF_INET || t->family != -1);
++        assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
+ 
+         r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
+         if (r < 0)
+@@ -87,7 +87,7 @@ static int netdev_sit_fill_message_create(NetDev *netdev, Link *link, sd_netlink
+         assert(link);
+         assert(m);
+         assert(t);
+-        assert(t->family == AF_INET || t->family != -1);
++        assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
+ 
+         r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
+         if (r < 0)
+@@ -124,7 +124,7 @@ static int netdev_gre_fill_message_create(NetDev *netdev, Link *link, sd_netlink
+                 t = GRETAP(netdev);
+ 
+         assert(t);
+-        assert(t->family == AF_INET || t->family != -1);
++        assert(IN_SET(t->family, AF_INET, AF_UNSPEC));
+         assert(link);
+         assert(m);
+ 
+@@ -497,7 +497,7 @@ static void ipip_init(NetDev *n) {
+         assert(t);
+ 
+         t->pmtudisc = true;
+-        t->family = -1;
++        t->family = AF_UNSPEC;
+ }
+ 
+ static void sit_init(NetDev *n) {
+@@ -507,7 +507,7 @@ static void sit_init(NetDev *n) {
+         assert(t);
+ 
+         t->pmtudisc = true;
+-        t->family = -1;
++        t->family = AF_UNSPEC;
+ }
+ 
+ static void vti_init(NetDev *n) {
+@@ -538,7 +538,7 @@ static void gre_init(NetDev *n) {
+         assert(t);
+ 
+         t->pmtudisc = true;
+-        t->family = -1;
++        t->family = AF_UNSPEC;
+ }
+ 
+ static void ip6gre_init(NetDev *n) {

0013-calendarspec-fix-find_next-skipping-times.patch

@@ -0,0 +1,47 @@
+From 182b69ec5eade7b2accc09d58128b6d286067299 Mon Sep 17 00:00:00 2001
+From: Hristo Venev <hristo@venev.name>
+Date: Mon, 22 Feb 2016 08:02:48 -0500
+Subject: [PATCH] calendarspec: fix find_next skipping times
+
+reset usec when bumping hours/minutes
+
+(cherry picked from commit a022d76e6a7c711954be5535e6308d0a470e232a)
+---
+ src/basic/calendarspec.c     | 4 ++--
+ src/test/test-calendarspec.c | 1 +
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/calendarspec.c b/src/basic/calendarspec.c
+index 775879076d..ac7b7c4c87 100644
+--- a/src/basic/calendarspec.c
++++ b/src/basic/calendarspec.c
+@@ -1027,7 +1027,7 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) {
+ 
+                 r = find_matching_component(spec->hour, &c.tm_hour);
+                 if (r > 0)
+-                        c.tm_min = c.tm_sec = 0;
++                        c.tm_min = c.tm_sec = tm_usec = 0;
+                 if (r < 0 || tm_out_of_bounds(&c, spec->utc)) {
+                         c.tm_mday ++;
+                         c.tm_hour = c.tm_min = c.tm_sec = tm_usec = 0;
+@@ -1036,7 +1036,7 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) {
+ 
+                 r = find_matching_component(spec->minute, &c.tm_min);
+                 if (r > 0)
+-                        c.tm_sec = 0;
++                        c.tm_sec = tm_usec = 0;
+                 if (r < 0 || tm_out_of_bounds(&c, spec->utc)) {
+                         c.tm_hour ++;
+                         c.tm_min = c.tm_sec = tm_usec = 0;
+diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c
+index 8754cb3381..5a8c6cbfb6 100644
+--- a/src/test/test-calendarspec.c
++++ b/src/test/test-calendarspec.c
+@@ -137,6 +137,7 @@ int main(int argc, char* argv[]) {
+         test_next("2015-11-13 09:11:23.42", "EET", 12345, 1447398683420000);
+         test_next("2015-11-13 09:11:23.42/1.77", "EET", 1447398683420000, 1447398685190000);
+         test_next("2015-11-13 09:11:23.42/1.77", "EET", 1447398683419999, 1447398683420000);
++        test_next("Sun 16:00:00", "CET", 1456041600123456, 1456066800000000);
+ 
+         assert_se(calendar_spec_from_string("test", &c) < 0);
+         assert_se(calendar_spec_from_string("", &c) < 0);

0014-core-exclude-.slice-units-from-systemctl-isolate.patch

@@ -0,0 +1,52 @@
+From 3d08427e07af2419f542c3786db2e78f0ed7c282 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 18 Feb 2016 22:51:23 +0100
+Subject: [PATCH] core: exclude .slice units from "systemctl isolate"
+
+Fixes: #1969
+(cherry picked from commit 1b4cd0cf11feb7d41f2eff17f86fa55b31bb6841)
+---
+ src/core/scope.c | 3 +--
+ src/core/slice.c | 8 ++++++++
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/scope.c b/src/core/scope.c
+index c5d0ecef04..361695c3f9 100644
+--- a/src/core/scope.c
++++ b/src/core/scope.c
+@@ -50,8 +50,7 @@ static void scope_init(Unit *u) {
+         assert(u->load_state == UNIT_STUB);
+ 
+         s->timeout_stop_usec = u->manager->default_timeout_stop_usec;
+-
+-        UNIT(s)->ignore_on_isolate = true;
++        u->ignore_on_isolate = true;
+ }
+ 
+ static void scope_done(Unit *u) {
+diff --git a/src/core/slice.c b/src/core/slice.c
+index d65364c6f4..667f61bde5 100644
+--- a/src/core/slice.c
++++ b/src/core/slice.c
+@@ -34,6 +34,13 @@ static const UnitActiveState state_translation_table[_SLICE_STATE_MAX] = {
+         [SLICE_ACTIVE] = UNIT_ACTIVE
+ };
+ 
++static void slice_init(Unit *u) {
++        assert(u);
++        assert(u->load_state == UNIT_STUB);
++
++        u->ignore_on_isolate = true;
++}
++
+ static void slice_set_state(Slice *t, SliceState state) {
+         SliceState old_state;
+         assert(t);
+@@ -305,6 +312,7 @@ const UnitVTable slice_vtable = {
+         .no_instances = true,
+         .can_transient = true,
+ 
++        .init = slice_init,
+         .load = slice_load,
+ 
+         .coldplug = slice_coldplug,

0015-shorten-hostname-before-checking-for-trailing-dot.patch

@@ -0,0 +1,35 @@
+From 414c46af13efbb4b0eeb0c7d429e1941742f120e Mon Sep 17 00:00:00 2001
+From: Thomas Blume <Thomas.Blume@suse.com>
+Date: Mon, 29 Feb 2016 10:19:01 +0100
+Subject: [PATCH] shorten hostname before checking for trailing dot
+
+Shortening can lead to a hostname that has a trailing dot.
+Therefore it should be done before checking from trailing dots.
+
+(cherry picked from commit 46e1a2278116e2f5067c35127ccbd8589335f734)
+---
+ src/basic/hostname-util.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/hostname-util.c b/src/basic/hostname-util.c
+index 7bb23448ed..123cee3125 100644
+--- a/src/basic/hostname-util.c
++++ b/src/basic/hostname-util.c
+@@ -122,6 +122,8 @@ char* hostname_cleanup(char *s) {
+ 
+         assert(s);
+ 
++        strshorten(s, HOST_NAME_MAX);
++
+         for (p = s, d = s, dot = true; *p; p++) {
+                 if (*p == '.') {
+                         if (dot)
+@@ -141,8 +143,6 @@ char* hostname_cleanup(char *s) {
+         else
+                 *d = 0;
+ 
+-        strshorten(s, HOST_NAME_MAX);
+-
+         return s;
+ }
+ 

0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch

@@ -0,0 +1,81 @@
+From 270eaf14c4905a9635bd1d009cb1565cd4f3626f Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 22 Feb 2016 18:40:28 +0100
+Subject: [PATCH] hashmap: use void* and uint8_t* for generic pointers
+
+As suggested by CODING_STYLE we should use "void*" as type for generic memory,
+and uint8_t* for generic bytes. Hence use that instead of "char*", which should
+really be used only for strings these days.
+
+(cherry picked from commit 1a39bc8c650802630696c38e510a4a2a4c6bda92)
+---
+ src/basic/hashmap.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/basic/hashmap.c b/src/basic/hashmap.c
+index 6f1a049d47..85b8d812b3 100644
+--- a/src/basic/hashmap.c
++++ b/src/basic/hashmap.c
+@@ -176,7 +176,7 @@ enum HashmapType {
+ };
+ 
+ struct _packed_ indirect_storage {
+-        char    *storage;                  /* where buckets and DIBs are stored */
++        void *storage;                     /* where buckets and DIBs are stored */
+         uint8_t  hash_key[HASH_KEY_SIZE];  /* hash key; changes during resize */
+ 
+         unsigned n_entries;                /* number of stored entries */
+@@ -193,7 +193,7 @@ struct direct_storage {
+         /* This gives us 39 bytes on 64bit, or 35 bytes on 32bit.
+          * That's room for 4 set_entries + 4 DIB bytes + 3 unused bytes on 64bit,
+          *              or 7 set_entries + 7 DIB bytes + 0 unused bytes on 32bit. */
+-        char storage[sizeof(struct indirect_storage)];
++        uint8_t storage[sizeof(struct indirect_storage)];
+ };
+ 
+ #define DIRECT_BUCKETS(entry_t) \
+@@ -302,7 +302,7 @@ static void n_entries_dec(HashmapBase *h) {
+                 h->n_direct_entries--;
+ }
+ 
+-static char *storage_ptr(HashmapBase *h) {
++static void *storage_ptr(HashmapBase *h) {
+         return h->has_indirect ? h->indirect.storage
+                                : h->direct.storage;
+ }
+@@ -347,7 +347,7 @@ static void get_hash_key(uint8_t hash_key[HASH_KEY_SIZE], bool reuse_is_ok) {
+ 
+ static struct hashmap_base_entry *bucket_at(HashmapBase *h, unsigned idx) {
+         return (struct hashmap_base_entry*)
+-                (storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size);
++                ((uint8_t*) storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size);
+ }
+ 
+ static struct plain_hashmap_entry *plain_bucket_at(Hashmap *h, unsigned idx) {
+@@ -381,7 +381,7 @@ static struct hashmap_base_entry *bucket_at_virtual(HashmapBase *h, struct swap_
+ 
+ static dib_raw_t *dib_raw_ptr(HashmapBase *h) {
+         return (dib_raw_t*)
+-                (storage_ptr(h) + hashmap_type_info[h->type].entry_size * n_buckets(h));
++                ((uint8_t*) storage_ptr(h) + hashmap_type_info[h->type].entry_size * n_buckets(h));
+ }
+ 
+ static unsigned bucket_distance(HashmapBase *h, unsigned idx, unsigned from) {
+@@ -1028,7 +1028,7 @@ static int hashmap_base_put_boldly(HashmapBase *h, unsigned idx,
+  */
+ static int resize_buckets(HashmapBase *h, unsigned entries_add) {
+         struct swap_entries swap;
+-        char *new_storage;
++        void *new_storage;
+         dib_raw_t *old_dibs, *new_dibs;
+         const struct hashmap_type_info *hi;
+         unsigned idx, optimal_idx;
+@@ -1095,7 +1095,7 @@ static int resize_buckets(HashmapBase *h, unsigned entries_add) {
+         h->indirect.n_buckets = (1U << new_shift) /
+                                 (hi->entry_size + sizeof(dib_raw_t));
+ 
+-        old_dibs = (dib_raw_t*)(new_storage + hi->entry_size * old_n_buckets);
++        old_dibs = (dib_raw_t*)((uint8_t*) new_storage + hi->entry_size * old_n_buckets);
+         new_dibs = dib_raw_ptr(h);
+ 
+         /*

0017-resolved-fix-notification-iteration-logic-when-trans.patch

@@ -0,0 +1,260 @@
+From 61596a9aac5f0d4cef3845b04d61f2dad4aa0814 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 22 Feb 2016 20:39:45 +0100
+Subject: [PATCH] resolved: fix notification iteration logic when transactions
+ are completed
+
+When a transaction is complete, and we notify its owners, make sure we deal
+correctly with the requesters removing themselves from the list of owners while
+we continue iterating.
+
+This was previously already dealt with with transactions that require other
+transactions for DNSSEC purposes, fix this for other possibly transaction
+owners too now.
+
+Since iterating through "Set" objects is not safe regarding removal of entries
+from it, rework the logic to use two Sets, and move each entry we notified from
+one set to the other set before we dispatch the notification. This move operation
+requires no additional memory, and enables us to ensure that we don't notify
+any object twice.
+
+Fixes: #2676
+(cherry picked from commit 35aa04e9edf422beac3493afa555d29575b3046c)
+---
+ src/basic/macro.h                      |  6 ++++
+ src/basic/set.h                        |  3 ++
+ src/resolve/resolved-dns-query.c       |  5 +++
+ src/resolve/resolved-dns-transaction.c | 62 ++++++++++++++++------------------
+ src/resolve/resolved-dns-transaction.h |  6 ++--
+ src/resolve/resolved-dns-zone.c        |  5 +++
+ 6 files changed, 52 insertions(+), 35 deletions(-)
+
+diff --git a/src/basic/macro.h b/src/basic/macro.h
+index 2695d0edb7..ab5cc97e17 100644
+--- a/src/basic/macro.h
++++ b/src/basic/macro.h
+@@ -361,6 +361,12 @@ static inline unsigned long ALIGN_POWER2(unsigned long u) {
+                 _found;                         \
+         })
+ 
++#define SWAP_TWO(x, y) do {                        \
++                typeof(x) _t = (x);                \
++                (x) = (y);                         \
++                (y) = (_t);                        \
++        } while (false)
++
+ /* Define C11 thread_local attribute even on older gcc compiler
+  * version */
+ #ifndef thread_local
+diff --git a/src/basic/set.h b/src/basic/set.h
+index 2bff5062da..e0d9dd001c 100644
+--- a/src/basic/set.h
++++ b/src/basic/set.h
+@@ -126,6 +126,9 @@ int set_put_strdupv(Set *s, char **l);
+ #define SET_FOREACH(e, s, i) \
+         for ((i) = ITERATOR_FIRST; set_iterate((s), &(i), (void**)&(e)); )
+ 
++#define SET_FOREACH_MOVE(e, d, s)                                       \
++        for (; ({ e = set_first(s); assert_se(!e || set_move_one(d, s, e) >= 0); e; }); )
++
+ DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free);
+ DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free_free);
+ 
+diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
+index a378b2b7f7..2a02544eb6 100644
+--- a/src/resolve/resolved-dns-query.c
++++ b/src/resolve/resolved-dns-query.c
+@@ -62,6 +62,7 @@ static void dns_query_candidate_stop(DnsQueryCandidate *c) {
+ 
+         while ((t = set_steal_first(c->transactions))) {
+                 set_remove(t->notify_query_candidates, c);
++                set_remove(t->notify_query_candidates_done, c);
+                 dns_transaction_gc(t);
+         }
+ }
+@@ -139,6 +140,10 @@ static int dns_query_candidate_add_transaction(DnsQueryCandidate *c, DnsResource
+         if (r < 0)
+                 goto gc;
+ 
++        r = set_ensure_allocated(&t->notify_query_candidates_done, NULL);
++        if (r < 0)
++                goto gc;
++
+         r = set_put(t->notify_query_candidates, c);
+         if (r < 0)
+                 goto gc;
+diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
+index d48fdd1281..4f5cbab702 100644
+--- a/src/resolve/resolved-dns-transaction.c
++++ b/src/resolve/resolved-dns-transaction.c
+@@ -52,6 +52,7 @@ static void dns_transaction_flush_dnssec_transactions(DnsTransaction *t) {
+ 
+         while ((z = set_steal_first(t->dnssec_transactions))) {
+                 set_remove(z->notify_transactions, t);
++                set_remove(z->notify_transactions_done, t);
+                 dns_transaction_gc(z);
+         }
+ }
+@@ -100,14 +101,26 @@ DnsTransaction* dns_transaction_free(DnsTransaction *t) {
+                 set_remove(c->transactions, t);
+         set_free(t->notify_query_candidates);
+ 
++        while ((c = set_steal_first(t->notify_query_candidates_done)))
++                set_remove(c->transactions, t);
++        set_free(t->notify_query_candidates_done);
++
+         while ((i = set_steal_first(t->notify_zone_items)))
+                 i->probe_transaction = NULL;
+         set_free(t->notify_zone_items);
+ 
++        while ((i = set_steal_first(t->notify_zone_items_done)))
++                i->probe_transaction = NULL;
++        set_free(t->notify_zone_items_done);
++
+         while ((z = set_steal_first(t->notify_transactions)))
+                 set_remove(z->dnssec_transactions, t);
+         set_free(t->notify_transactions);
+ 
++        while ((z = set_steal_first(t->notify_transactions_done)))
++                set_remove(z->dnssec_transactions, t);
++        set_free(t->notify_transactions_done);
++
+         dns_transaction_flush_dnssec_transactions(t);
+         set_free(t->dnssec_transactions);
+ 
+@@ -128,8 +141,11 @@ bool dns_transaction_gc(DnsTransaction *t) {
+                 return true;
+ 
+         if (set_isempty(t->notify_query_candidates) &&
++            set_isempty(t->notify_query_candidates_done) &&
+             set_isempty(t->notify_zone_items) &&
+-            set_isempty(t->notify_transactions)) {
++            set_isempty(t->notify_zone_items_done) &&
++            set_isempty(t->notify_transactions) &&
++            set_isempty(t->notify_transactions_done)) {
+                 dns_transaction_free(t);
+                 return false;
+         }
+@@ -266,6 +282,7 @@ static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) {
+         log_debug("We have the lexicographically larger IP address and thus lost in the conflict.");
+ 
+         t->block_gc++;
++
+         while ((z = set_first(t->notify_zone_items))) {
+                 /* First, make sure the zone item drops the reference
+                  * to us */
+@@ -284,7 +301,6 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
+         DnsQueryCandidate *c;
+         DnsZoneItem *z;
+         DnsTransaction *d;
+-        Iterator i;
+         const char *st;
+ 
+         assert(t);
+@@ -329,39 +345,17 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
+          * transaction isn't freed while we are still looking at it */
+         t->block_gc++;
+ 
+-        SET_FOREACH(c, t->notify_query_candidates, i)
++        SET_FOREACH_MOVE(c, t->notify_query_candidates_done, t->notify_query_candidates)
+                 dns_query_candidate_notify(c);
+-        SET_FOREACH(z, t->notify_zone_items, i)
+-                dns_zone_item_notify(z);
++        SWAP_TWO(t->notify_query_candidates, t->notify_query_candidates_done);
+ 
+-        if (!set_isempty(t->notify_transactions)) {
+-                DnsTransaction **nt;
+-                unsigned j, n = 0;
+-
+-                /* We need to be careful when notifying other
+-                 * transactions, as that might destroy other
+-                 * transactions in our list. Hence, in order to be
+-                 * able to safely iterate through the list of
+-                 * transactions, take a GC lock on all of them
+-                 * first. Then, in a second loop, notify them, but
+-                 * first unlock that specific transaction. */
+-
+-                nt = newa(DnsTransaction*, set_size(t->notify_transactions));
+-                SET_FOREACH(d, t->notify_transactions, i) {
+-                        nt[n++] = d;
+-                        d->block_gc++;
+-                }
+-
+-                assert(n == set_size(t->notify_transactions));
++        SET_FOREACH_MOVE(z, t->notify_zone_items_done, t->notify_zone_items)
++                dns_zone_item_notify(z);
++        SWAP_TWO(t->notify_zone_items, t->notify_zone_items_done);
+ 
+-                for (j = 0; j < n; j++) {
+-                        if (set_contains(t->notify_transactions, nt[j]))
+-                                dns_transaction_notify(nt[j], t);
+-
+-                        nt[j]->block_gc--;
+-                        dns_transaction_gc(nt[j]);
+-                }
+-        }
++        SET_FOREACH_MOVE(d, t->notify_transactions_done, t->notify_transactions)
++                dns_transaction_notify(d, t);
++        SWAP_TWO(t->notify_transactions, t->notify_transactions_done);
+ 
+         t->block_gc--;
+         dns_transaction_gc(t);
+@@ -1619,6 +1613,10 @@ static int dns_transaction_add_dnssec_transaction(DnsTransaction *t, DnsResource
+         if (r < 0)
+                 goto gc;
+ 
++        r = set_ensure_allocated(&aux->notify_transactions_done, NULL);
++        if (r < 0)
++                goto gc;
++
+         r = set_put(t->dnssec_transactions, aux);
+         if (r < 0)
+                 goto gc;
+diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h
+index 4617194711..fd0237d166 100644
+--- a/src/resolve/resolved-dns-transaction.h
++++ b/src/resolve/resolved-dns-transaction.h
+@@ -119,17 +119,17 @@ struct DnsTransaction {
+         /* Query candidates this transaction is referenced by and that
+          * shall be notified about this specific transaction
+          * completing. */
+-        Set *notify_query_candidates;
++        Set *notify_query_candidates, *notify_query_candidates_done;
+ 
+         /* Zone items this transaction is referenced by and that shall
+          * be notified about completion. */
+-        Set *notify_zone_items;
++        Set *notify_zone_items, *notify_zone_items_done;
+ 
+         /* Other transactions that this transactions is referenced by
+          * and that shall be notified about completion. This is used
+          * when transactions want to validate their RRsets, but need
+          * another DNSKEY or DS RR to do so. */
+-        Set *notify_transactions;
++        Set *notify_transactions, *notify_transactions_done;
+ 
+         /* The opposite direction: the transactions this transaction
+          * created in order to request DNSKEY or DS RRs. */
+diff --git a/src/resolve/resolved-dns-zone.c b/src/resolve/resolved-dns-zone.c
+index f52383cfd1..be535cff14 100644
+--- a/src/resolve/resolved-dns-zone.c
++++ b/src/resolve/resolved-dns-zone.c
+@@ -38,6 +38,7 @@ void dns_zone_item_probe_stop(DnsZoneItem *i) {
+         i->probe_transaction = NULL;
+ 
+         set_remove(t->notify_zone_items, i);
++        set_remove(t->notify_zone_items_done, i);
+         dns_transaction_gc(t);
+ }
+ 
+@@ -186,6 +187,10 @@ static int dns_zone_item_probe_start(DnsZoneItem *i)  {
+         if (r < 0)
+                 goto gc;
+ 
++        r = set_ensure_allocated(&t->notify_zone_items_done, NULL);
++        if (r < 0)
++                goto gc;
++
+         r = set_put(t->notify_zone_items, i);
+         if (r < 0)
+                 goto gc;

0018-selinux-always-try-to-load-the-full-selinux-db.patch

@@ -0,0 +1,249 @@
+From a4feb275ce859fb63e1153cb2eb16ed276f3a96f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 1 Mar 2016 20:35:55 -0500
+Subject: [PATCH] selinux: always try to load the full selinux db
+
+https://github.com/systemd/systemd/pull/2508#issuecomment-190901170
+Maybe fixes https://bugzilla.redhat.com/show_bug.cgi?id=1308771.
+
+(cherry picked from commit c3dacc8bbf2dc2f5d498072418289c3ba79160ac)
+---
+ src/basic/selinux-util.c          | 16 ++++------------
+ src/basic/selinux-util.h          |  2 +-
+ src/core/main.c                   |  2 +-
+ src/hostname/hostnamed.c          |  2 +-
+ src/locale/localed.c              |  2 +-
+ src/login/logind.c                |  2 +-
+ src/resolve/resolved.c            |  2 +-
+ src/sysusers/sysusers.c           |  2 +-
+ src/test/test-udev.c              |  2 +-
+ src/timedate/timedated.c          |  2 +-
+ src/tmpfiles/tmpfiles.c           |  2 +-
+ src/udev/udevadm.c                |  2 +-
+ src/udev/udevd.c                  |  2 +-
+ src/update-done/update-done.c     |  2 +-
+ src/user-sessions/user-sessions.c |  2 +-
+ 15 files changed, 18 insertions(+), 26 deletions(-)
+
+diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
+index 6c63b9d652..71ceac1bcd 100644
+--- a/src/basic/selinux-util.c
++++ b/src/basic/selinux-util.c
+@@ -80,31 +80,23 @@ void mac_selinux_retest(void) {
+ #endif
+ }
+ 
+-int mac_selinux_init(const char *prefix) {
++int mac_selinux_init(void) {
+         int r = 0;
+ 
+ #ifdef HAVE_SELINUX
+         usec_t before_timestamp, after_timestamp;
+         struct mallinfo before_mallinfo, after_mallinfo;
+ 
+-        if (!mac_selinux_use())
++        if (label_hnd)
+                 return 0;
+ 
+-        if (label_hnd)
++        if (!mac_selinux_use())
+                 return 0;
+ 
+         before_mallinfo = mallinfo();
+         before_timestamp = now(CLOCK_MONOTONIC);
+ 
+-        if (prefix) {
+-                struct selinux_opt options[] = {
+-                        { .type = SELABEL_OPT_SUBSET, .value = prefix },
+-                };
+-
+-                label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));
+-        } else
+-                label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+-
++        label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+         if (!label_hnd) {
+                 log_enforcing("Failed to initialize SELinux context: %m");
+                 r = security_getenforce() == 1 ? -errno : 0;
+diff --git a/src/basic/selinux-util.h b/src/basic/selinux-util.h
+index 27e8edb41b..ce6bc8e44c 100644
+--- a/src/basic/selinux-util.h
++++ b/src/basic/selinux-util.h
+@@ -29,7 +29,7 @@ bool mac_selinux_use(void);
+ bool mac_selinux_have(void);
+ void mac_selinux_retest(void);
+ 
+-int mac_selinux_init(const char *prefix);
++int mac_selinux_init(void);
+ void mac_selinux_finish(void);
+ 
+ int mac_selinux_fix(const char *path, bool ignore_enoent, bool ignore_erofs);
+diff --git a/src/core/main.c b/src/core/main.c
+index e2088574c0..d861960c6d 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -1382,7 +1382,7 @@ int main(int argc, char *argv[]) {
+                         dual_timestamp_get(&security_finish_timestamp);
+                 }
+ 
+-                if (mac_selinux_init(NULL) < 0) {
++                if (mac_selinux_init() < 0) {
+                         error_message = "Failed to initialize SELinux policy";
+                         goto finish;
+                 }
+diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
+index c37e32e96b..d11756e615 100644
+--- a/src/hostname/hostnamed.c
++++ b/src/hostname/hostnamed.c
+@@ -706,7 +706,7 @@ int main(int argc, char *argv[]) {
+         log_open();
+ 
+         umask(0022);
+-        mac_selinux_init("/etc");
++        mac_selinux_init();
+ 
+         if (argc != 1) {
+                 log_error("This program takes no arguments.");
+diff --git a/src/locale/localed.c b/src/locale/localed.c
+index f0fe59cc67..a2fc6af4c9 100644
+--- a/src/locale/localed.c
++++ b/src/locale/localed.c
+@@ -1296,7 +1296,7 @@ int main(int argc, char *argv[]) {
+         log_open();
+ 
+         umask(0022);
+-        mac_selinux_init("/etc");
++        mac_selinux_init();
+ 
+         if (argc != 1) {
+                 log_error("This program takes no arguments.");
+diff --git a/src/login/logind.c b/src/login/logind.c
+index 933602eb08..d5f6757bd3 100644
+--- a/src/login/logind.c
++++ b/src/login/logind.c
+@@ -1126,7 +1126,7 @@ int main(int argc, char *argv[]) {
+                 goto finish;
+         }
+ 
+-        r = mac_selinux_init("/run");
++        r = mac_selinux_init();
+         if (r < 0) {
+                 log_error_errno(r, "Could not initialize labelling: %m");
+                 goto finish;
+diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
+index c7e2ab14d6..161ea03412 100644
+--- a/src/resolve/resolved.c
++++ b/src/resolve/resolved.c
+@@ -48,7 +48,7 @@ int main(int argc, char *argv[]) {
+ 
+         umask(0022);
+ 
+-        r = mac_selinux_init(NULL);
++        r = mac_selinux_init();
+         if (r < 0) {
+                 log_error_errno(r, "SELinux setup failed: %m");
+                 goto finish;
+diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
+index 863c628323..4377f1b910 100644
+--- a/src/sysusers/sysusers.c
++++ b/src/sysusers/sysusers.c
+@@ -1820,7 +1820,7 @@ int main(int argc, char *argv[]) {
+ 
+         umask(0022);
+ 
+-        r = mac_selinux_init(NULL);
++        r = mac_selinux_init();
+         if (r < 0) {
+                 log_error_errno(r, "SELinux setup failed: %m");
+                 goto finish;
+diff --git a/src/test/test-udev.c b/src/test/test-udev.c
+index 9cc64f7c68..d01789fe08 100644
+--- a/src/test/test-udev.c
++++ b/src/test/test-udev.c
+@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) {
+                 return EXIT_FAILURE;
+ 
+         log_debug("version %s", VERSION);
+-        mac_selinux_init("/dev");
++        mac_selinux_init();
+ 
+         action = argv[1];
+         if (action == NULL) {
+diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
+index 2a10135fba..a522d0c5f9 100644
+--- a/src/timedate/timedated.c
++++ b/src/timedate/timedated.c
+@@ -159,7 +159,7 @@ static int context_write_data_local_rtc(Context *c) {
+                 }
+         }
+ 
+-        mac_selinux_init("/etc");
++        mac_selinux_init();
+         return write_string_file_atomic_label("/etc/adjtime", w);
+ }
+ 
+diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
+index 7b105a6bd4..f3487013cf 100644
+--- a/src/tmpfiles/tmpfiles.c
++++ b/src/tmpfiles/tmpfiles.c
+@@ -2288,7 +2288,7 @@ int main(int argc, char *argv[]) {
+ 
+         umask(0022);
+ 
+-        mac_selinux_init(NULL);
++        mac_selinux_init();
+ 
+         items = ordered_hashmap_new(&string_hash_ops);
+         globs = ordered_hashmap_new(&string_hash_ops);
+diff --git a/src/udev/udevadm.c b/src/udev/udevadm.c
+index 7bd2c1ea42..a6a873e5de 100644
+--- a/src/udev/udevadm.c
++++ b/src/udev/udevadm.c
+@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) {
+ 
+         log_parse_environment();
+         log_open();
+-        mac_selinux_init("/dev");
++        mac_selinux_init();
+ 
+         while ((c = getopt_long(argc, argv, "+dhV", options, NULL)) >= 0)
+                 switch (c) {
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index bb92f16352..243df7386f 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -1695,7 +1695,7 @@ int main(int argc, char *argv[]) {
+ 
+         umask(022);
+ 
+-        r = mac_selinux_init("/dev");
++        r = mac_selinux_init();
+         if (r < 0) {
+                 log_error_errno(r, "could not initialize labelling: %m");
+                 goto exit;
+diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c
+index 931e583785..da306a4444 100644
+--- a/src/update-done/update-done.c
++++ b/src/update-done/update-done.c
+@@ -101,7 +101,7 @@ int main(int argc, char *argv[]) {
+                 return EXIT_FAILURE;
+         }
+ 
+-        r = mac_selinux_init(NULL);
++        r = mac_selinux_init();
+         if (r < 0) {
+                 log_error_errno(r, "SELinux setup failed: %m");
+                 goto finish;
+diff --git a/src/user-sessions/user-sessions.c b/src/user-sessions/user-sessions.c
+index 8bf44e2100..9b29b5ba1d 100644
+--- a/src/user-sessions/user-sessions.c
++++ b/src/user-sessions/user-sessions.c
+@@ -40,7 +40,7 @@ int main(int argc, char*argv[]) {
+ 
+         umask(0022);
+ 
+-        mac_selinux_init(NULL);
++        mac_selinux_init();
+ 
+         if (streq(argv[1], "start")) {
+                 int r = 0;

0019-selinux-use-raw-variants-of-security_compute_create-.patch

@@ -0,0 +1,45 @@
+From 4f1ae61da9eda1115c1461e77a44101d96532700 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 2 Mar 2016 10:16:39 -0500
+Subject: [PATCH] selinux: use raw variants of security_compute_create and
+ setfscreatecon
+
+As suggested by Evgeny Vereshchagin as a follow up for
+https://github.com/systemd/systemd/pull/2781#issuecomment-191043402.
+
+(cherry picked from commit 5c5433ad32c3d911f0c66cc124d190d40a2b5f5b)
+---
+ src/basic/selinux-util.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
+index 71ceac1bcd..5e6181f662 100644
+--- a/src/basic/selinux-util.c
++++ b/src/basic/selinux-util.c
+@@ -217,7 +217,7 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
+                 return -errno;
+ 
+         sclass = string_to_security_class("process");
+-        r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label);
++        r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label);
+         if (r < 0)
+                 return -errno;
+ #endif
+@@ -296,7 +296,7 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
+                 return -ENOMEM;
+ 
+         sclass = string_to_security_class("process");
+-        r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label);
++        r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label);
+         if (r < 0)
+                 return -errno;
+ #endif
+@@ -350,7 +350,7 @@ int mac_selinux_create_file_prepare(const char *path, mode_t mode) {
+ 
+                 log_enforcing("Failed to determine SELinux security context for %s: %m", path);
+         } else {
+-                if (setfscreatecon(filecon) >= 0)
++                if (setfscreatecon_raw(filecon) >= 0)
+                         return 0; /* Success! */
+ 
+                 log_enforcing("Failed to set SELinux security context %s for %s: %m", filecon, path);

0020-test-compress-benchmark-skip-loop-iteration-if-size-.patch

@@ -0,0 +1,25 @@
+From f4bb8c3a9aed5ddefb66380c818d04aa0b663693 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 4 Mar 2016 21:46:47 -0500
+Subject: [PATCH] test-compress-benchmark: skip loop iteration if size is 0
+
+Otherwise we would hit an assert in the compression code.
+
+(cherry picked from commit 15b947fb798cd131355ba9935802d58e92bdba6e)
+---
+ src/journal/test-compress-benchmark.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/journal/test-compress-benchmark.c b/src/journal/test-compress-benchmark.c
+index 5b2d130cd6..0ef6d36a50 100644
+--- a/src/journal/test-compress-benchmark.c
++++ b/src/journal/test-compress-benchmark.c
+@@ -105,6 +105,8 @@ static void test_compress_decompress(const char* label, const char* type,
+                 int r;
+ 
+                 size = permute(i);
++                if (size == 0)
++                        continue;
+ 
+                 log_debug("%s %zu %zu", type, i, size);
+ 

0021-time-util-fall-back-to-CLOCK_MONOTONIC-if-CLOCK_BOOT.patch

@@ -0,0 +1,38 @@
+From c411521802d5e89eeb5cdf39cdd7b9538a3a3a08 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Tue, 15 Mar 2016 12:43:33 +0100
+Subject: [PATCH] time-util: fall back to CLOCK_MONOTONIC if CLOCK_BOOTTIME
+ unsupported
+
+It was added in 2.6.39, and causes an assertion to fail when running in mock
+hosted on 2.6.23-based RHEL-6:
+
+Assertion 'clock_gettime(map_clock_id(clock_id), &ts) == 0' failed at systemd/src/basic/time-util.c:70, function now(). Aborting.
+
+(cherry picked from commit 2abd5b5a49ae368b258ffc7257ab703bccda67dd)
+---
+ src/basic/time-util.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/time-util.c b/src/basic/time-util.c
+index 510f018d9b..ec112e23e2 100644
+--- a/src/basic/time-util.c
++++ b/src/basic/time-util.c
+@@ -47,12 +47,15 @@ static clockid_t map_clock_id(clockid_t c) {
+         /* Some more exotic archs (s390, ppc, …) lack the "ALARM" flavour of the clocks. Thus, clock_gettime() will
+          * fail for them. Since they are essentially the same as their non-ALARM pendants (their only difference is
+          * when timers are set on them), let's just map them accordingly. This way, we can get the correct time even on
+-         * those archs. */
++         * those archs.
++         *
++         * Also, older kernels don't support CLOCK_BOOTTIME: fall back to CLOCK_MONOTONIC. */
+ 
+         switch (c) {
+ 
++        case CLOCK_BOOTTIME:
+         case CLOCK_BOOTTIME_ALARM:
+-                return CLOCK_BOOTTIME;
++                return clock_boottime_or_monotonic ();
+ 
+         case CLOCK_REALTIME_ALARM:
+                 return CLOCK_REALTIME;

0022-headers-use-__inline__-instead-of-inline.patch

@@ -0,0 +1,47 @@
+From b1ab67134c28ade32eab8fde37840efac789affc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 11 Mar 2016 13:41:49 -0500
+Subject: [PATCH] headers: use __inline__ instead of inline
+
+https://gcc.gnu.org/onlinedocs/gcc-5.3.0/gcc/Alternate-Keywords.html#Alternate-Keywords
+recommends __inline__ over inline in ANSI C compatible headers.
+Tested with gcc-5.3 and clang-3.7.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1316964
+(cherry picked from commit 0cb27225e9c658d80538ace7a267ba0a2d2f44f2)
+---
+ src/systemd/_sd-common.h | 2 +-
+ src/systemd/sd-id128.h   | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/systemd/_sd-common.h b/src/systemd/_sd-common.h
+index 2d4e1f26e1..3bb886be75 100644
+--- a/src/systemd/_sd-common.h
++++ b/src/systemd/_sd-common.h
+@@ -74,7 +74,7 @@
+ #endif
+ 
+ #define _SD_DEFINE_POINTER_CLEANUP_FUNC(type, func)             \
+-        static inline void func##p(type **p) {                  \
++        static __inline__ void func##p(type **p) {              \
+                 if (*p)                                         \
+                         func(*p);                               \
+         }                                                       \
+diff --git a/src/systemd/sd-id128.h b/src/systemd/sd-id128.h
+index a3bf5897b8..4dff0b9b81 100644
+--- a/src/systemd/sd-id128.h
++++ b/src/systemd/sd-id128.h
+@@ -100,11 +100,11 @@ int sd_id128_get_boot(sd_id128_t *ret);
+                 ((x).bytes[15] & 15) >= 10 ? 'a' + ((x).bytes[15] & 15) - 10 : '0' + ((x).bytes[15] & 15), \
+                 0 })
+ 
+-_sd_pure_ static inline int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
++_sd_pure_ static __inline__ int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
+         return memcmp(&a, &b, 16) == 0;
+ }
+ 
+-_sd_pure_ static inline int sd_id128_is_null(sd_id128_t a) {
++_sd_pure_ static __inline__ int sd_id128_is_null(sd_id128_t a) {
+         return a.qwords[0] == 0 && a.qwords[1] == 0;
+ }
+ 

0023-dev-console-must-be-labeled-with-SELinux-label.patch

@@ -0,0 +1,47 @@
+From 641a7f0c61ff42ea55ad7152e7f874ea5d680a2d Mon Sep 17 00:00:00 2001
+From: Dan Walsh <dwalsh@redhat.com>
+Date: Wed, 9 Mar 2016 09:29:25 -0500
+Subject: [PATCH] /dev/console must be labeled with SELinux label
+
+If the user specifies an selinux_apifs_context all content created in
+the container including /dev/console should use this label.
+
+Currently when this uses the default label it gets labeled user_devpts_t,
+which would require us to write a policy allowing container processes to
+manage user_devpts_t.  This means that an escaped process would be allowed
+to attack all users terminals as well as other container terminals.  Changing
+the label to match the apifs_context, means the processes would only be allowed
+to manage their specific tty.
+
+This change fixes a problem preventing RKT containers from working with systemd-nspawn.
+
+(cherry picked from commit 68b020494d1ff085281061413d9236b5865ef238)
+---
+ src/nspawn/nspawn.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index ef348c335b..8c06f6ef75 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -87,6 +87,7 @@
+ #ifdef HAVE_SECCOMP
+ #include "seccomp-util.h"
+ #endif
++#include "selinux-util.h"
+ #include "signal-util.h"
+ #include "socket-util.h"
+ #include "stat-util.h"
+@@ -3286,6 +3287,12 @@ int main(int argc, char *argv[]) {
+                 goto finish;
+         }
+ 
++        if (arg_selinux_apifs_context) {
++                r = mac_selinux_apply(console, arg_selinux_apifs_context);
++                if (r < 0)
++                        goto finish;
++        }
++
+         if (unlockpt(master) < 0) {
+                 r = log_error_errno(errno, "Failed to unlock tty: %m");
+                 goto finish;

0024-fstab-generator-fix-automount-option-and-don-t-start.patch

@@ -0,0 +1,90 @@
+From 1b8bdd05fcecd83cc8c8269f06a50ced055ab864 Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Tue, 1 Dec 2015 18:01:44 +0100
+Subject: [PATCH] fstab-generator: fix automount option and don't start
+ associated mount unit at boot
+
+Without this patch applied the mount unit with 'automount' option was still
+pulled by local-fs.target and thus was activated during the boot process which
+defeats the purpose of the 'automount' option:
+
+   $ grep /mnt /etc/fstab
+   /dev/vdb1 /mnt ext2 defaults,x-systemd.automount 0 0
+
+   $ reboot
+   ...
+
+   $ mount | grep mnt
+   systemd-1 on /mnt type autofs (rw,relatime,fd=34,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
+   /dev/vdb1 on /mnt type ext2 (rw,relatime)
+
+   $ systemctl status mnt.mount | grep Active
+      Active: active (mounted) since Thu 2016-03-03 21:36:22 CET; 42s ago
+
+With the patch applied:
+
+   $ reboot
+   ...
+
+   $ mount | grep mnt
+   systemd-1 on /mnt type autofs (rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
+
+   $ systemctl status mnt.mount | grep Active
+      Active: inactive (dead)
+
+   $ ls /mnt
+   lost+found
+
+   $ systemctl status mnt.mount | grep Active
+      Active: active (mounted) since Thu 2016-03-03 21:47:32 CET; 4s ago
+
+(cherry picked from commit 2b14df4a9ae92623b584e61db6b5b37accd832c1)
+---
+ src/core/mount.c                      | 11 ++++++++++-
+ src/fstab-generator/fstab-generator.c |  4 ++--
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index de1075d3a0..cfe4b0f517 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -104,6 +104,14 @@ static bool mount_is_auto(const MountParameters *p) {
+         return !fstab_test_option(p->options, "noauto\0");
+ }
+ 
++static bool mount_is_automount(const MountParameters *p) {
++        assert(p);
++
++        return fstab_test_option(p->options,
++                                 "comment=systemd.automount\0"
++                                 "x-systemd.automount\0");
++}
++
+ static bool needs_quota(const MountParameters *p) {
+         assert(p);
+ 
+@@ -328,7 +336,8 @@ static int mount_add_device_links(Mount *m) {
+         if (path_equal(m->where, "/"))
+                 return 0;
+ 
+-        if (mount_is_auto(p) && UNIT(m)->manager->running_as == MANAGER_SYSTEM)
++        if (mount_is_auto(p) && !mount_is_automount(p) &&
++            UNIT(m)->manager->running_as == MANAGER_SYSTEM)
+                 device_wants_mount = true;
+ 
+         r = unit_add_node_link(UNIT(m), p->what, device_wants_mount, m->from_fragment ? UNIT_BINDS_TO : UNIT_REQUIRES);
+diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
+index 97a48764ae..6f576b5ecf 100644
+--- a/src/fstab-generator/fstab-generator.c
++++ b/src/fstab-generator/fstab-generator.c
+@@ -336,8 +336,8 @@ static int add_mount(
+         if (r < 0)
+                 return log_error_errno(r, "Failed to write unit file %s: %m", unit);
+ 
+-        if (!noauto) {
+-                lnk = strjoin(arg_dest, "/", post, nofail || automount ? ".wants/" : ".requires/", name, NULL);
++        if (!noauto && !automount) {
++                lnk = strjoin(arg_dest, "/", post, nofail ? ".wants/" : ".requires/", name, NULL);
+                 if (!lnk)
+                         return log_oom();
+ 

0025-shared-add-a-temporary-work-around-for-kernel-header.patch

@@ -0,0 +1,41 @@
+From d5d78852bac634317639e87868647548c586b15a Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 5 Apr 2016 19:30:31 +0200
+Subject: [PATCH] shared: add a temporary work-around for kernel header
+ inclusion fuck-up
+
+See: #2864
+---
+ src/shared/firewall-util.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
+index 0d3da2e6d2..ade2de7727 100644
+--- a/src/shared/firewall-util.c
++++ b/src/shared/firewall-util.c
+@@ -17,14 +17,24 @@
+   along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+ 
++#warning "Temporary work-around for broken glibc vs. linux kernel header definitions"
++#warning "This really should be removed sooner rather than later, when this is fixed upstream"
++#define _NET_IF_H 1
++
+ #include <alloca.h>
+ #include <arpa/inet.h>
+ #include <endian.h>
+ #include <errno.h>
+-#include <net/if.h>
+ #include <stddef.h>
+ #include <string.h>
+ #include <sys/socket.h>
++#include <net/if.h>
++#include <linux/if.h>
++#ifndef IFNAMSIZ
++#undef _NET_IF_H
++/* Let's make sure to include this one, too, if IFNAMSIZ isn't defined yet, as it is for kernels <= 4.2 */
++#include <net/if.h>
++#endif
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter/nf_nat.h>
+ #include <linux/netfilter/xt_addrtype.h>

0026-Make-the-fix-for-net-if.h-fuckup-even-worse-3287.patch

@@ -0,0 +1,45 @@
+From 8becf310b0b72abe8e0bd9707fc8064636609e30 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 20 May 2016 09:12:42 -0400
+Subject: [PATCH] Make the fix for net/if.h fuckup even worse (#3287)
+
+The original conflict is fixed in the kernel in v4.6-rc7-40-g4a91cb61bb,
+but now our work-around causes a compilation failure.
+Keep the workaround to support 4.5 kernels for now, and layer
+more ugliness on top.
+
+Tested with:
+kernel-headers-4.6.0-1.fc25.x86_64
+glibc-devel-2.23.90-18.fc25.x86_64
+
+kernel-headers-4.5.4-300.fc24.x86_64
+glibc-devel-2.23.1-7.fc24.x86_64
+
+kernel-headers-4.4.9-300.fc23.x86_64
+glibc-devel-2.22-16.fc23.x86_64
+
+kernel-headers-4.1.13-100.fc21.x86_64
+glibc-devel-2.20-8.fc21.x86_64
+---
+ src/shared/firewall-util.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c
+index ade2de7727..efcde9563d 100644
+--- a/src/shared/firewall-util.c
++++ b/src/shared/firewall-util.c
+@@ -29,12 +29,10 @@
+ #include <string.h>
+ #include <sys/socket.h>
+ #include <net/if.h>
+-#include <linux/if.h>
+ #ifndef IFNAMSIZ
+-#undef _NET_IF_H
+-/* Let's make sure to include this one, too, if IFNAMSIZ isn't defined yet, as it is for kernels <= 4.2 */
+-#include <net/if.h>
++#define IFNAMSIZ 16
+ #endif
++#include <linux/if.h>
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter/nf_nat.h>
+ #include <linux/netfilter/xt_addrtype.h>

0027-check-for-valid-resume-in-order-to-allow-a-hibernate.patch

@@ -0,0 +1,86 @@
+From 313f86d98c7232354d1d877f94f263dfcbcb7dd4 Mon Sep 17 00:00:00 2001
+From: James Hogarth <james.hogarth@gmail.com>
+Date: Tue, 17 May 2016 11:33:33 +0100
+Subject: [PATCH] check for valid resume= in order to allow a hibernate
+
+---
+ src/shared/sleep-config.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 53 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c
+index a0aef66bc8..c516a6dc8a 100644
+--- a/src/shared/sleep-config.c
++++ b/src/shared/sleep-config.c
+@@ -36,6 +36,10 @@
+ #include "sleep-config.h"
+ #include "string-util.h"
+ #include "strv.h"
++#include "proc-cmdline.h"
++#include "fstab-util.h"
++
++static char *arg_resume_dev = NULL;
+ 
+ #define USE(x, y) do{ (x) = (y); (y) = NULL; } while(0)
+ 
+@@ -255,6 +259,51 @@ static bool enough_memory_for_hibernation(void) {
+         return r;
+ }
+ 
++static int parse_proc_cmdline_item(const char *key, const char *value) {
++
++        assert(key);
++
++        if (streq(key, "resume") && value) {
++                free(arg_resume_dev);
++                arg_resume_dev = fstab_node_to_udev_node(value);
++                if (!arg_resume_dev)
++                        return log_oom();
++        }
++
++        return 0;
++
++}
++
++static bool resume_passed_to_kernel(void) {
++        int r = 0;
++        struct stat rd;
++
++        r = parse_proc_cmdline(parse_proc_cmdline_item);
++        if (r < 0) {
++                log_warning("Failed to parse kernel command line, disabling hibernation.");
++                return false;
++        }
++
++        if (arg_resume_dev == NULL) {
++                log_warning("No resume= argument specified in the kernel command line, disabling hibernation.");
++                return false;
++        }
++
++        if (stat(arg_resume_dev, &rd) < 0) {
++                log_warning("Could not stat device %s specified in resume=, disabling hibernation.",
++                            arg_resume_dev);
++                return false;
++        }
++
++        if (!S_ISBLK(rd.st_mode)) {
++                log_warning("Device %s specified in resume= is not a block device, disabling hibernation.",
++                            arg_resume_dev);
++                return false;
++        }
++
++        return true;
++}
++
+ int can_sleep(const char *verb) {
+         _cleanup_strv_free_ char **modes = NULL, **states = NULL;
+         int r;
+@@ -270,5 +319,8 @@ int can_sleep(const char *verb) {
+         if (!can_sleep_state(states) || !can_sleep_disk(modes))
+                 return false;
+ 
+-        return streq(verb, "suspend") || enough_memory_for_hibernation();
++        if (streq(verb, "suspend"))
++                return true;
++
++        return enough_memory_for_hibernation() && resume_passed_to_kernel();
+ }

0028-keymap-util-also-convert-ru-to-ru.patch

@@ -0,0 +1,59 @@
+From e8acb2eb8186d0c46059c0a18d328839886ccd36 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 29 May 2016 23:36:44 -0400
+Subject: [PATCH] keymap-util: also "convert" 'ru' to 'ru'
+
+As discovered by Adam Williamson in
+https://bugzilla.redhat.com/show_bug.cgi?id=1333998#c32, after the changes in
+81fd105a5f9 we would only match compound layouts, i.e. a comma would be
+required after 'ru' to match. This seems wrong, and we should match single
+layouts like too. So 'ru', 'ru,us' now both match.
+
+startswith_comma is changed to not require a comma, i.e. check that the prefix
+matches until a comma or the end of the string. Note that startswith_comma is
+called twice. At the first site, we check that strings are not equal
+beforehand, so this change to startswith_comma has no effect. At the second
+site, it does have an effect, as described above.
+
+(This commit is cherry-picked from
+https://github.com/systemd/systemd/pull/3384.)
+---
+ src/locale/localed.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/locale/localed.c b/src/locale/localed.c
+index a2fc6af4c9..62f8341cb9 100644
+--- a/src/locale/localed.c
++++ b/src/locale/localed.c
+@@ -101,9 +101,11 @@ static const char* nonempty(const char *s) {
+ }
+ 
+ static bool startswith_comma(const char *s, const char *prefix) {
+-        const char *t;
++        s = startswith(s, prefix);
++        if (!s)
++                return false;
+ 
+-        return s && (t = startswith(s, prefix)) && (*t == ',');
++        return *s == ',' || *s == '\0';
+ }
+ 
+ static void context_free_x11(Context *c) {
+@@ -681,6 +683,8 @@ static int find_legacy_keymap(Context *c, char **new_keymap) {
+         unsigned best_matching = 0;
+         int r;
+ 
++        assert(c->x11_layout);
++
+         f = fopen(SYSTEMD_KBD_MODEL_MAP, "re");
+         if (!f)
+                 return -errno;
+@@ -696,7 +700,7 @@ static int find_legacy_keymap(Context *c, char **new_keymap) {
+                         break;
+ 
+                 /* Determine how well matching this entry is */
+-                if (streq_ptr(c->x11_layout, a[1]))
++                if (streq(c->x11_layout, a[1]))
+                         /* If we got an exact match, this is best */
+                         matching = 10;
+                 else {

0029-resolved-don-t-stop-handle-messages-after-receiving-.patch

@@ -0,0 +1,54 @@
+From b9da815deb890443e80e11c73b5084dcfb75ad4f Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Mon, 23 May 2016 11:19:14 +0300
+Subject: [PATCH] resolved: don't stop handle messages after receiving a zero
+ length UDP packet (#3323)
+
+Fixes:
+
+-bash-4.3# ss --udp -l -p
+State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port
+UNCONN     0      0          *:5355                     *:* users:(("systemd-resolve",pid=601,fd=12))
+UNCONN     0      0         :::5355                    :::* users:(("systemd-resolve",pid=601,fd=14))
+
+-bash-4.3# nping --udp -p 5355 --data-length 0 -c 1 localhost
+
+-bash-4.3# journalctl -u systemd-resolved -b --no-hostname
+...
+May 21 14:59:22 systemd-resolved[601]: Event source llmnr-ipv4-udp (type io) returned error, disabling: Input/output error
+...
+
+-bash-4.3# nping --udp -p 5355 --data-length 1000 -c 1 localhost
+
+-bash-4.3# ss --udp -l
+State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port
+UNCONN     2304   0          *:5355                     *:*
+UNCONN     0      0         :::5355                    :::*
+(cherry picked from commit f134289ac59560946e6559d9487e60c7690396ba)
+---
+ src/resolve/resolved-manager.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
+index 7f9073448a..aeb2b78523 100644
+--- a/src/resolve/resolved-manager.c
++++ b/src/resolve/resolved-manager.c
+@@ -643,6 +643,8 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
+         mh.msg_controllen = sizeof(control);
+ 
+         l = recvmsg(fd, &mh, 0);
++        if (l == 0)
++                return 0;
+         if (l < 0) {
+                 if (errno == EAGAIN || errno == EINTR)
+                         return 0;
+@@ -650,9 +652,6 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) {
+                 return -errno;
+         }
+ 
+-        if (l <= 0)
+-                return -EIO;
+-
+         assert(!(mh.msg_flags & MSG_CTRUNC));
+         assert(!(mh.msg_flags & MSG_TRUNC));
+ 

0030-sd-device-udev-db-handle-properties-with-empty-value.patch

@@ -0,0 +1,31 @@
+From 17f18346b4158098adaaf7044660124418bca8c3 Mon Sep 17 00:00:00 2001
+From: Tom Gundersen <teg@jklm.no>
+Date: Tue, 24 May 2016 01:34:29 +0200
+Subject: [PATCH] sd-device: udev-db - handle properties with empty value
+ (#3330)
+
+The statemachine was unable to parse properties with empty values,
+reported in [0].
+
+When reaching the start of the KEY, we would unconditionally read
+one more character before starting to look for the end-of-line.
+Simply look for the end-of-line from the first character.
+
+[0]: <https://bugzilla.redhat.com/show_bug.cgi?id=1338823>
+(cherry picked from commit bee26651fc3ca2fe6bed00cb0d9c91c429e9bb57)
+---
+ src/libsystemd/sd-device/sd-device.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
+index 9633e46ce0..dfa1731b30 100644
+--- a/src/libsystemd/sd-device/sd-device.c
++++ b/src/libsystemd/sd-device/sd-device.c
+@@ -561,7 +561,6 @@ int device_read_uevent_file(sd_device *device) {
+ 
+                         state = VALUE;
+ 
+-                        break;
+                 case VALUE:
+                         if (strchr(NEWLINE, uevent[i])) {
+                                 uevent[i] = '\0';

0031-core-fix-the-reversed-sanity-check-when-setting-Star.patch

@@ -0,0 +1,27 @@
+From d43288b418d8dfc6f2e5ef7ac7048f0af593b70e Mon Sep 17 00:00:00 2001
+From: Tejun Heo <htejun@fb.com>
+Date: Mon, 23 May 2016 16:48:46 -0400
+Subject: [PATCH] core: fix the reversed sanity check when setting
+ StartupBlockIOWeight over dbus
+
+bus_cgroup_set_property() was rejecting if the input value was in range.
+Reverse it.
+
+(cherry picked from commit 6fb09269769634df1096663ce90fac47585eb63a)
+---
+ src/core/dbus-cgroup.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
+index 859d155ec1..0dbb355a8a 100644
+--- a/src/core/dbus-cgroup.c
++++ b/src/core/dbus-cgroup.c
+@@ -325,7 +325,7 @@ int bus_cgroup_set_property(
+                 if (r < 0)
+                         return r;
+ 
+-                if (CGROUP_BLKIO_WEIGHT_IS_OK(weight))
++                if (!CGROUP_BLKIO_WEIGHT_IS_OK(weight))
+                         return sd_bus_error_set_errnof(error, EINVAL, "StartupBlockIOWeight value out of range");
+ 
+                 if (mode != UNIT_CHECK) {

0032-core-make-sure-to-close-connection-fd-when-we-fail-t.patch

@@ -0,0 +1,58 @@
+From 17c17ff59518267077632906ac39b7c69bf47f96 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 28 Apr 2016 17:09:50 +0200
+Subject: [PATCH] core: make sure to close connection fd when we fail to
+ activate a per-connection service
+
+Fixes: #2993 #2691
+(cherry picked from commit 3e7a1f50e473a374e1657d2051237e2db04c4db2)
+Resolves: rhbug#1310608
+---
+ src/core/service.c | 2 +-
+ src/core/service.h | 1 +
+ src/core/socket.c  | 6 +++++-
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index ac7e41d777..01d6582aec 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -181,7 +181,7 @@ static int service_set_main_pid(Service *s, pid_t pid) {
+         return 0;
+ }
+ 
+-static void service_close_socket_fd(Service *s) {
++void service_close_socket_fd(Service *s) {
+         assert(s);
+ 
+         s->socket_fd = asynchronous_close(s->socket_fd);
+diff --git a/src/core/service.h b/src/core/service.h
+index d342e000bb..20bfd0662b 100644
+--- a/src/core/service.h
++++ b/src/core/service.h
+@@ -200,6 +200,7 @@ struct Service {
+ extern const UnitVTable service_vtable;
+ 
+ int service_set_socket_fd(Service *s, int fd, struct Socket *socket, bool selinux_context_net);
++void service_close_socket_fd(Service *s);
+ 
+ const char* service_restart_to_string(ServiceRestart i) _const_;
+ ServiceRestart service_restart_from_string(const char *s) _pure_;
+diff --git a/src/core/socket.c b/src/core/socket.c
+index 976687af41..60906b196c 100644
+--- a/src/core/socket.c
++++ b/src/core/socket.c
+@@ -1994,8 +1994,12 @@ static void socket_enter_running(Socket *s, int cfd) {
+                 s->n_connections ++;
+ 
+                 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
+-                if (r < 0)
++                if (r < 0) {
++                        /* We failed to activate the new service, but it still exists. Let's make sure the service
++                         * closes and forgets the connection fd again, immediately. */
++                        service_close_socket_fd(service);
+                         goto fail;
++                }
+ 
+                 /* Notify clients about changed counters */
+                 unit_add_to_dbus_queue(UNIT(s));

0033-device-Ensure-we-have-sysfs-path-before-comparing.patch

@@ -0,0 +1,33 @@
+From 53f2649652c3e0ec756e3a4545a88f6bda24cbce Mon Sep 17 00:00:00 2001
+From: Colin Guthrie <colin@mageia.org>
+Date: Mon, 14 Mar 2016 09:42:07 +0000
+Subject: [PATCH] device: Ensure we have sysfs path before comparing.
+
+In some cases we do not have a udev device when setting up a unit
+(certainly the code gracefully handles this). However, we do
+then go on to compare the path via path_equal which will assert
+if a null value is passed in.
+
+See https://bugs.mageia.org/show_bug.cgi?id=17766
+
+Not sure if this is the correct fix, but it avoids the crash
+
+(cherry picked from commit 5e1558f4a09e596561c9168384f2258e7c0718a1)
+Resolves: rhbug#1321392
+---
+ src/core/device.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/device.c b/src/core/device.c
+index d201dc5e4b..c64e01c2aa 100644
+--- a/src/core/device.c
++++ b/src/core/device.c
+@@ -318,7 +318,7 @@ static int device_setup_unit(Manager *m, struct udev_device *dev, const char *pa
+          * the GC to have garbaged it. That's desired since the device
+          * unit may have a dependency on the mount unit which was
+          * added during the loading of the later. */
+-        if (u && DEVICE(u)->state == DEVICE_PLUGGED) {
++        if (sysfs && u && DEVICE(u)->state == DEVICE_PLUGGED) {
+                 /* This unit is in plugged state: we're sure it's
+                  * attached to a device. */
+                 if (!path_equal(DEVICE(u)->sysfs, sysfs)) {

0034-networkctl-split-out-system-status-stuff-into-its-ow.patch

@@ -0,0 +1,103 @@
+From c910d4a516c002f68f9d30a6457cbad0f02fed16 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 19 Feb 2016 18:20:40 +0100
+Subject: [PATCH] networkctl: split out system status stuff into its own
+ function
+
+(cherry picked from commit 0070333f26543a319a17aee8b22bdde4071630c4)
+Resolves: rhbug#1325462
+---
+ src/network/networkctl.c | 67 ++++++++++++++++++++++++++----------------------
+ 1 file changed, 36 insertions(+), 31 deletions(-)
+
+diff --git a/src/network/networkctl.c b/src/network/networkctl.c
+index 60724fce80..9640e30499 100644
+--- a/src/network/networkctl.c
++++ b/src/network/networkctl.c
+@@ -660,12 +660,46 @@ static int link_status_one(
+         return 0;
+ }
+ 
++static int system_status(sd_netlink *rtnl, sd_hwdb *hwdb) {
++        _cleanup_free_ char *operational_state = NULL;
++        _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains = NULL;
++        const char *on_color_operational, *off_color_operational;
++
++        assert(rtnl);
++
++        sd_network_get_operational_state(&operational_state);
++        operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
++
++        printf("%s%s%s        State: %s%s%s\n",
++               on_color_operational, draw_special_char(DRAW_BLACK_CIRCLE), off_color_operational,
++               on_color_operational, strna(operational_state), off_color_operational);
++
++        dump_addresses(rtnl, "       Address: ", 0);
++        dump_gateways(rtnl, hwdb, "       Gateway: ", 0);
++
++        sd_network_get_dns(&dns);
++        dump_list("           DNS: ", dns);
++
++        sd_network_get_search_domains(&search_domains);
++        dump_list("Search Domains: ", search_domains);
++
++        sd_network_get_route_domains(&route_domains);
++        dump_list(" Route Domains: ", route_domains);
++
++        sd_network_get_ntp(&ntp);
++        dump_list("           NTP: ", ntp);
++
++        return 0;
++}
++
+ static int link_status(int argc, char *argv[], void *userdata) {
+         _cleanup_(sd_hwdb_unrefp) sd_hwdb *hwdb = NULL;
+         _cleanup_(sd_netlink_unrefp) sd_netlink *rtnl = NULL;
+         char **name;
+         int r;
+ 
++        pager_open_if_enabled();
++
+         r = sd_netlink_open(&rtnl);
+         if (r < 0)
+                 return log_error_errno(r, "Failed to connect to netlink: %m");
+@@ -674,37 +708,8 @@ static int link_status(int argc, char *argv[], void *userdata) {
+         if (r < 0)
+                 log_debug_errno(r, "Failed to open hardware database: %m");
+ 
+-        if (argc <= 1 && !arg_all) {
+-                _cleanup_free_ char *operational_state = NULL;
+-                _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains;
+-                const char *on_color_operational, *off_color_operational;
+-
+-                sd_network_get_operational_state(&operational_state);
+-                operational_state_to_color(operational_state, &on_color_operational, &off_color_operational);
+-
+-                printf("%s%s%s        State: %s%s%s\n",
+-                       on_color_operational, draw_special_char(DRAW_BLACK_CIRCLE), off_color_operational,
+-                       on_color_operational, strna(operational_state), off_color_operational);
+-
+-                dump_addresses(rtnl, "       Address: ", 0);
+-                dump_gateways(rtnl, hwdb, "       Gateway: ", 0);
+-
+-                sd_network_get_dns(&dns);
+-                dump_list("           DNS: ", dns);
+-
+-                sd_network_get_search_domains(&search_domains);
+-                dump_list("Search Domains: ", search_domains);
+-
+-                sd_network_get_route_domains(&route_domains);
+-                dump_list(" Route Domains: ", route_domains);
+-
+-                sd_network_get_ntp(&ntp);
+-                dump_list("           NTP: ", ntp);
+-
+-                return 0;
+-        }
+-
+-        pager_open_if_enabled();
++        if (argc <= 1 && !arg_all)
++                return system_status(rtnl, hwdb);
+ 
+         if (arg_all) {
+                 _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL, *reply = NULL;

0035-systemd-user-call-pam_loginuid-when-creating-user-.s.patch

@@ -0,0 +1,32 @@
+From fa53f32e949f6d8722b371480fea7d2258785309 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 26 Apr 2016 05:19:10 -0400
+Subject: [PATCH] systemd --user: call pam_loginuid when creating user@.service
+ (#3120)
+
+This way the user service will have a loginuid, and it will be inherited by
+child services. This shouldn't change anything as far as systemd itself is
+concerned, but is nice for various services spawned from by systemd --user
+that expect a loginuid.
+
+pam_loginuid(8) says that it should be enabled for "..., crond and atd".
+user@.service should behave similarly to those two as far as audit is
+concerned.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1328947#c28
+(cherry picked from commit 1000522a60ceade446773c67031b47a566d4a70d)
+Resolves: rhbug#1328947
+---
+ src/login/systemd-user.m4 | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/login/systemd-user.m4 b/src/login/systemd-user.m4
+index 7933508f2b..f188a8e548 100644
+--- a/src/login/systemd-user.m4
++++ b/src/login/systemd-user.m4
+@@ -8,4 +8,5 @@ m4_ifdef(`HAVE_SELINUX',
+ session  required pam_selinux.so close
+ session  required pam_selinux.so nottys open
+ )m4_dnl
++session  required pam_loginuid.so
+ session  include system-auth

0036-systemctl-suppress-no-Install-hint-when-quiet-is-use.patch

@@ -0,0 +1,26 @@
+From 599fc965a46c36b9be06bcfd026e2dadeefbbbf5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 19 May 2016 15:08:41 -0400
+Subject: [PATCH] systemctl: suppress no-[Install] hint when --quiet is used
+ (#3295)
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1336960
+(cherry picked from commit 35b132e8ad3c50614605e00cf8ff20988094d21c)
+Resolves: rhbug#1336960
+---
+ src/systemctl/systemctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 908ccabf8a..b4581fe542 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -5521,7 +5521,7 @@ static int enable_unit(int argc, char *argv[], void *userdata) {
+                         r = 0;
+         }
+ 
+-        if (carries_install_info == 0)
++        if (carries_install_info == 0 && !arg_quiet)
+                 log_warning("The unit files have no [Install] section. They are not meant to be enabled\n"
+                             "using systemctl.\n"
+                             "Possible reasons for having this kind of units are:\n"

0037-systemctl-make-sure-we-terminate-the-bus-connection-.patch

@@ -0,0 +1,156 @@
+From 95802bf0349e70d56eb00f7183a5dc4ff4655f09 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 16 Jun 2016 15:29:16 +0200
+Subject: [PATCH] systemctl: make sure we terminate the bus connection first,
+ and then close the pager (#3550)
+
+If "systemctl -H" is used, let's make sure we first terminate the bus
+connection, and only then close the pager. If done in this order ssh will get
+an EOF on stdin (as we speak D-Bus through ssh's stdin/stdout), and then
+terminate. This makes sure the standard error we were invoked on is released by
+ssh, and only that makes sure we don't deadlock on the pager which waits for
+all clients closing its input pipe.
+
+(Similar fixes for the various other xyzctl tools that support both pagers and
+-H)
+
+Fixes: #3543
+(cherry picked from commit cf647b69baee4c478d3909c327e3d917e1563f44)
+Resolves: rhbug#1341179
+---
+ src/libsystemd/sd-bus/busctl.c | 3 ++-
+ src/locale/localectl.c         | 3 ++-
+ src/login/loginctl.c           | 4 +++-
+ src/machine/machinectl.c       | 3 ++-
+ src/systemctl/systemctl.c      | 4 ++--
+ src/timedate/timedatectl.c     | 3 ++-
+ 6 files changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/src/libsystemd/sd-bus/busctl.c b/src/libsystemd/sd-bus/busctl.c
+index 35fabf038c..c806d6fe96 100644
+--- a/src/libsystemd/sd-bus/busctl.c
++++ b/src/libsystemd/sd-bus/busctl.c
+@@ -1974,7 +1974,7 @@ static int busctl_main(sd_bus *bus, int argc, char *argv[]) {
+ }
+ 
+ int main(int argc, char *argv[]) {
+-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
++        sd_bus *bus = NULL;
+         int r;
+ 
+         log_parse_environment();
+@@ -2065,6 +2065,7 @@ int main(int argc, char *argv[]) {
+         r = busctl_main(bus, argc, argv);
+ 
+ finish:
++        sd_bus_flush_close_unref(bus);
+         pager_close();
+ 
+         strv_free(arg_matches);
+diff --git a/src/locale/localectl.c b/src/locale/localectl.c
+index 365c79aa51..45404f1fa7 100644
+--- a/src/locale/localectl.c
++++ b/src/locale/localectl.c
+@@ -664,7 +664,7 @@ static int localectl_main(sd_bus *bus, int argc, char *argv[]) {
+ }
+ 
+ int main(int argc, char*argv[]) {
+-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
++        sd_bus *bus = NULL;
+         int r;
+ 
+         setlocale(LC_ALL, "");
+@@ -684,6 +684,7 @@ int main(int argc, char*argv[]) {
+         r = localectl_main(bus, argc, argv);
+ 
+ finish:
++        sd_bus_flush_close_unref(bus);
+         pager_close();
+ 
+         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+diff --git a/src/login/loginctl.c b/src/login/loginctl.c
+index 6ad3d089bd..601d18063e 100644
+--- a/src/login/loginctl.c
++++ b/src/login/loginctl.c
+@@ -1532,7 +1532,7 @@ static int loginctl_main(int argc, char *argv[], sd_bus *bus) {
+ }
+ 
+ int main(int argc, char *argv[]) {
+-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
++        sd_bus *bus = NULL;
+         int r;
+ 
+         setlocale(LC_ALL, "");
+@@ -1554,6 +1554,8 @@ int main(int argc, char *argv[]) {
+         r = loginctl_main(argc, argv, bus);
+ 
+ finish:
++        sd_bus_flush_close_unref(bus);
++
+         pager_close();
+         polkit_agent_close();
+ 
+diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c
+index 4853139321..479822880c 100644
+--- a/src/machine/machinectl.c
++++ b/src/machine/machinectl.c
+@@ -2646,7 +2646,7 @@ static int machinectl_main(int argc, char *argv[], sd_bus *bus) {
+ }
+ 
+ int main(int argc, char*argv[]) {
+-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
++        sd_bus *bus = NULL;
+         int r;
+ 
+         setlocale(LC_ALL, "");
+@@ -2668,6 +2668,7 @@ int main(int argc, char*argv[]) {
+         r = machinectl_main(argc, argv, bus);
+ 
+ finish:
++        sd_bus_flush_close_unref(bus);
+         pager_close();
+         polkit_agent_close();
+ 
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index b4581fe542..0996920241 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -7684,6 +7684,8 @@ int main(int argc, char*argv[]) {
+         }
+ 
+ finish:
++        release_busses();
++
+         pager_close();
+         ask_password_agent_close();
+         polkit_agent_close();
+@@ -7695,8 +7697,6 @@ finish:
+         strv_free(arg_wall);
+         free(arg_root);
+ 
+-        release_busses();
+-
+         /* Note that we return r here, not EXIT_SUCCESS, so that we can implement the LSB-like return codes */
+ 
+         return r < 0 ? EXIT_FAILURE : r;
+diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c
+index 097963b41b..7e88fd15c8 100644
+--- a/src/timedate/timedatectl.c
++++ b/src/timedate/timedatectl.c
+@@ -488,7 +488,7 @@ static int timedatectl_main(sd_bus *bus, int argc, char *argv[]) {
+ }
+ 
+ int main(int argc, char *argv[]) {
+-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
++        sd_bus *bus = NULL;
+         int r;
+ 
+         setlocale(LC_ALL, "");
+@@ -508,6 +508,7 @@ int main(int argc, char *argv[]) {
+         r = timedatectl_main(bus, argc, argv);
+ 
+ finish:
++        sd_bus_flush_close_unref(bus);
+         pager_close();
+ 
+         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;

0038-core-move-start-ratelimiting-check-after-condition-c.patch

@@ -0,0 +1,74 @@
+From 4322539b5cfe3f5b43d6377dcaa65221744bf4fb Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 26 Apr 2016 20:34:33 +0200
+Subject: [PATCH] core: move start ratelimiting check after condition checks
+
+With #2564 unit start rate limiting was moved from after the condition checks
+are to before they are made, in an attempt to fix #2467. This however resulted
+in #2684. However, with a previous commit a concept of per socket unit trigger
+rate limiting has been added, to fix #2467 more comprehensively, hence the
+start limit can be moved after the condition checks again, thus fixing #2684.
+
+Fixes: #2684
+(cherry picked from commit 7629ec4642b03517742d09b7303c204fddf82108)
+Resolves: rhbug#1350686
+---
+ man/systemd.unit.xml                  |  3 ++-
+ src/core/load-fragment-gperf.gperf.m4 |  1 +
+ src/core/unit.c                       | 10 +++++-----
+ 3 files changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
+index 5794681963..39cb5250f7 100644
+--- a/man/systemd.unit.xml
++++ b/man/systemd.unit.xml
+@@ -768,7 +768,8 @@
+         manually at a later point, from which point on, the restart logic is again activated. Note that
+         <command>systemctl reset-failed</command> will cause the restart rate counter for a service to be flushed,
+         which is useful if the administrator wants to manually start a unit and the start limit interferes with
+-        that.</para></listitem>
++        that. Note that this rate-limiting is enforced after any unit condition checks are executed, and hence unit
++        activations with failing conditions are not counted by this rate limiting.</para></listitem>
+       </varlistentry>
+ 
+       <varlistentry>
+diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
+index 5024fd19a5..479f5e30f3 100644
+--- a/src/core/load-fragment-gperf.gperf.m4
++++ b/src/core/load-fragment-gperf.gperf.m4
+@@ -220,6 +220,7 @@ Service.TimeoutStartSec,         config_parse_service_timeout,       0,
+ Service.TimeoutStopSec,          config_parse_service_timeout,       0,                             0
+ Service.RuntimeMaxSec,           config_parse_sec,                   0,                             offsetof(Service, runtime_max_usec)
+ Service.WatchdogSec,             config_parse_sec,                   0,                             offsetof(Service, watchdog_usec)
++m4_dnl The following three only exist for compatibility, they moved into Unit, see above
+ Service.StartLimitInterval,      config_parse_sec,                   0,                             offsetof(Unit, start_limit.interval)
+ Service.StartLimitBurst,         config_parse_unsigned,              0,                             offsetof(Unit, start_limit.burst)
+ Service.StartLimitAction,        config_parse_failure_action,        0,                             offsetof(Unit, start_limit_action)
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 3c4f85e744..d3d372029f 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -1472,11 +1472,6 @@ int unit_start(Unit *u) {
+         if (UNIT_IS_ACTIVE_OR_RELOADING(state))
+                 return -EALREADY;
+ 
+-        /* Make sure we don't enter a busy loop of some kind. */
+-        r = unit_start_limit_test(u);
+-        if (r < 0)
+-                return r;
+-
+         /* Units that aren't loaded cannot be started */
+         if (u->load_state != UNIT_LOADED)
+                 return -EINVAL;
+@@ -1518,6 +1513,11 @@ int unit_start(Unit *u) {
+         if (!UNIT_VTABLE(u)->start)
+                 return -EBADR;
+ 
++        /* Make sure we don't enter a busy loop of some kind. */
++        r = unit_start_limit_test(u);
++        if (r < 0)
++                return r;
++
+         /* We don't suppress calls to ->start() here when we are
+          * already starting, to allow this request to be used as a
+          * "hurry up" call, for example when the unit is in some "auto

0039-strbuf-set-the-proper-character-when-creating-new-no.patch

@@ -0,0 +1,61 @@
+From 43ea6d88a06f32dd714eacdcaf0a4656ffb02d30 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Tue, 3 May 2016 22:15:49 +0200
+Subject: [PATCH] strbuf: set the proper character when creating new nodes
+
+Commit 82501b3fc added an early break when a terminal node is found to
+incorrect place -- before setting c. This caused trie to be built that
+does not correspond to what it points to in buffer, causing incorrect
+deduplications:
+
+  # cat /etc/udev/rules.d/99-bug.rules
+  ENV{FOO}=="0"
+  ENV{xx0}=="BAR"
+  ENV{BAZ}=="00"
+
+  # udevadm test
+  * RULE /etc/udev/rules.d/99-bug.rules:1, token: 0, count: 2, label: ''
+  M ENV match 'FOO' '0'(plain)
+  * RULE /etc/udev/rules.d/99-bug.rules:2, token: 2, count: 2, label: ''
+  M ENV match 'xx0' 'BAR'(plain)
+  * RULE /etc/udev/rules.d/99-bug.rules:3, token: 4, count: 2, label: ''
+  M ENV match 'BAZ' 'x0'(plain)
+  * END
+
+The addition of "xx0" following "0" will cause a trie like this to be
+created:
+
+  c=\0
+    c=0 "0"
+      c=0 "xx0"  <-- note the c is incorrect here, causing "00" to be
+    c=O "FOO"        deduplicated to it
+    c=R "BAR"
+
+This in effect caused the usb_modeswitch rule for Huawei modems to never
+match and this never be switched to serial mode from mass storage.
+
+(cherry picked from commit c45606eb95a7171b0dc801e91d35034957ad5e9e)
+Resolves: rhbug#1357822
+---
+ src/basic/strbuf.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c
+index dac2881603..79eef6c05d 100644
+--- a/src/basic/strbuf.c
++++ b/src/basic/strbuf.c
+@@ -156,12 +156,13 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) {
+                         return off;
+                 }
+ 
++                c = s[len - 1 - depth];
++
+                 /* bsearch is not allowed on a NULL sequence */
+                 if (node->children_count == 0)
+                         break;
+ 
+                 /* lookup child node */
+-                c = s[len - 1 - depth];
+                 search.c = c;
+                 child = bsearch(&search, node->children, node->children_count,
+                                 sizeof(struct strbuf_child_entry),

0040-networkd-bump-MTU-to-1280-for-interfaces-which-have-.patch

@@ -0,0 +1,173 @@
+From 715b55d9253c25bd6c463a2959eb33f12e9ecd1b Mon Sep 17 00:00:00 2001
+From: Susant Sahani <ssahani@users.noreply.github.com>
+Date: Thu, 21 Apr 2016 06:04:13 +0530
+Subject: [PATCH] networkd: bump MTU to 1280 for interfaces which have IPv6
+ enabled (#3077)
+
+IPv6 protocol requires a minimum MTU of 1280 bytes on the interface.
+This fixes #3046.
+
+Introduce helper link_ipv6_enabled() to figure out whether IPV6 is enabled.
+Introduce network_has_static_ipv6_addresses() to find out if any static
+ipv6 address configured.
+If IPv6 is not configured on any interface that is SLAAC, DHCPv6 and static
+IPv6 addresses not configured, then IPv6 will be automatically disabled for that
+interface, that is we write "1" to /proc/sys/net/ipv6/conf//disable_ipv6.
+(cherry picked from commit 439689c6ec48faba67565562d75701d5736567e7)
+Related: rhbug#1352378
+---
+ man/systemd.network.xml        |  2 ++
+ src/basic/missing.h            |  4 ++++
+ src/network/networkd-link.c    | 50 +++++++++++++++++++++++++++++++++++++++++-
+ src/network/networkd-network.c | 13 +++++++++++
+ src/network/networkd-network.h |  2 ++
+ 5 files changed, 70 insertions(+), 1 deletion(-)
+
+diff --git a/man/systemd.network.xml b/man/systemd.network.xml
+index f88751b672..e3df1b3d14 100644
+--- a/man/systemd.network.xml
++++ b/man/systemd.network.xml
+@@ -202,6 +202,8 @@
+           <para>The maximum transmission unit in bytes to set for the
+           device. The usual suffixes K, M, G, are supported and are
+           understood to the base of 1024.</para>
++          <para>Note that if IPv6 is enabled on the interface, and the MTU is chosen
++          below 1280 (the minimum MTU for IPv6) it will automatically be increased to this value.</para>
+         </listitem>
+       </varlistentry>
+     </variablelist>
+diff --git a/src/basic/missing.h b/src/basic/missing.h
+index 36b060496a..048b3fbc42 100644
+--- a/src/basic/missing.h
++++ b/src/basic/missing.h
+@@ -912,6 +912,10 @@ static inline int setns(int fd, int nstype) {
+ #define IPV6_UNICAST_IF 76
+ #endif
+ 
++#ifndef IPV6_MIN_MTU
++#define IPV6_MIN_MTU 1280
++#endif
++
+ #ifndef IFF_MULTI_QUEUE
+ #define IFF_MULTI_QUEUE 0x100
+ #endif
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 692c0bf63d..a6039dd3b2 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -88,6 +88,15 @@ bool link_ipv6ll_enabled(Link *link) {
+         return link->network->link_local & ADDRESS_FAMILY_IPV6;
+ }
+ 
++static bool link_ipv6_enabled(Link *link) {
++        assert(link);
++
++        if (!socket_ipv6_is_supported())
++                return false;
++
++        return link_dhcp6_enabled(link) || link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
++}
++
+ bool link_lldp_enabled(Link *link) {
+         if (link->flags & IFF_LOOPBACK)
+                 return false;
+@@ -167,6 +176,31 @@ static IPv6PrivacyExtensions link_ipv6_privacy_extensions(Link *link) {
+         return link->network->ipv6_privacy_extensions;
+ }
+ 
++static int link_enable_ipv6(Link *link) {
++        const char *p = NULL;
++        bool disabled;
++        int r;
++
++        if (link->flags & IFF_LOOPBACK)
++                return 0;
++
++        disabled = !link_ipv6_enabled(link);
++
++        p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/disable_ipv6");
++
++        r = write_string_file(p, one_zero(disabled), WRITE_STRING_FILE_VERIFY_ON_FAILURE);
++        if (r < 0)
++                log_link_warning_errno(link, r, "Cannot %s IPv6 for interface %s: %m", disabled ? "disable" : "enable", link->ifname);
++        else {
++                if (disabled)
++                        log_link_info(link, "IPv6 disabled for interface: %m");
++                else
++                        log_link_info(link, "IPv6 enabled for interface: %m");
++        }
++
++        return 0;
++}
++
+ void link_update_operstate(Link *link) {
+         LinkOperationalState operstate;
+         assert(link);
+@@ -1382,7 +1416,21 @@ static int link_up(Link *link) {
+                         return log_link_error_errno(link, r, "Could not set MAC address: %m");
+         }
+ 
++        /* If IPv6 not configured (no static IPv6 address and neither DHCPv6 nor IPv6LL is enabled)
++           for this interface then disable IPv6 else enable it. */
++        (void) link_enable_ipv6(link);
++
+         if (link->network->mtu) {
++                /* IPv6 protocol requires a minimum MTU of IPV6_MTU_MIN(1280) bytes
++                   on the interface. Bump up MTU bytes to IPV6_MTU_MIN. */
++                if (link_ipv6_enabled(link) && link->network->mtu < IPV6_MIN_MTU) {
++
++                        log_link_warning(link, "Bumping MTU to " STRINGIFY(IPV6_MIN_MTU) ", as "
++                                         "IPv6 is requested and requires a minimum MTU of " STRINGIFY(IPV6_MIN_MTU) " bytes: %m");
++
++                        link->network->mtu = IPV6_MIN_MTU;
++                }
++
+                 r = sd_netlink_message_append_u32(req, IFLA_MTU, link->network->mtu);
+                 if (r < 0)
+                         return log_link_error_errno(link, r, "Could not set MTU: %m");
+@@ -1392,7 +1440,7 @@ static int link_up(Link *link) {
+         if (r < 0)
+                 return log_link_error_errno(link, r, "Could not open IFLA_AF_SPEC container: %m");
+ 
+-        if (socket_ipv6_is_supported()) {
++        if (link_ipv6_enabled(link)) {
+                 /* if the kernel lacks ipv6 support setting IFF_UP fails if any ipv6 options are passed */
+                 r = sd_netlink_message_open_container(req, AF_INET6);
+                 if (r < 0)
+diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
+index 54f76fe206..9f2cbcec30 100644
+--- a/src/network/networkd-network.c
++++ b/src/network/networkd-network.c
+@@ -394,6 +394,19 @@ int network_apply(Manager *manager, Network *network, Link *link) {
+         return 0;
+ }
+ 
++bool network_has_static_ipv6_addresses(Network *network) {
++        Address *address;
++
++        assert(network);
++
++        LIST_FOREACH(addresses, address, network->static_addresses) {
++                if (address->family == AF_INET6)
++                        return true;
++        }
++
++        return false;
++}
++
+ int config_parse_netdev(const char *unit,
+                 const char *filename,
+                 unsigned line,
+diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h
+index 03c3f206c3..16533a7ec2 100644
+--- a/src/network/networkd-network.h
++++ b/src/network/networkd-network.h
+@@ -168,6 +168,8 @@ int network_get_by_name(Manager *manager, const char *name, Network **ret);
+ int network_get(Manager *manager, struct udev_device *device, const char *ifname, const struct ether_addr *mac, Network **ret);
+ int network_apply(Manager *manager, Network *network, Link *link);
+ 
++bool network_has_static_ipv6_addresses(Network *network);
++
+ int config_parse_netdev(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_domains(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+ int config_parse_tunnel(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);

0041-networkd-disable-IPv6-for-bridge-slave.patch

@@ -0,0 +1,41 @@
+From ba639500547a9bce37be494fcdeff5958a6ac5e0 Mon Sep 17 00:00:00 2001
+From: Tom Yan <tom.ty89@gmail.com>
+Date: Sat, 28 May 2016 13:35:01 +0800
+Subject: [PATCH] networkd: disable IPv6 for bridge slave
+
+If an interface is managed as a bridge slave, we don't want any IP configuration for it. Therefore, disable IPv6 in such case.
+
+(cherry picked from commit 2b00a4e03dc375465de7f60f3a6937cbe8ffdf31)
+Resolves: rhbug#1352378
+---
+ src/network/networkd-link.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index a6039dd3b2..13f9e895ab 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -94,7 +94,11 @@ static bool link_ipv6_enabled(Link *link) {
+         if (!socket_ipv6_is_supported())
+                 return false;
+ 
+-        return link_dhcp6_enabled(link) || link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
++        if (link->network->bridge)
++                return false;
++
++        /* DHCPv6 client will not be started if no IPv6 link-local address is configured. */
++        return link_ipv6ll_enabled(link) || network_has_static_ipv6_addresses(link->network);
+ }
+ 
+ bool link_lldp_enabled(Link *link) {
+@@ -1416,8 +1420,8 @@ static int link_up(Link *link) {
+                         return log_link_error_errno(link, r, "Could not set MAC address: %m");
+         }
+ 
+-        /* If IPv6 not configured (no static IPv6 address and neither DHCPv6 nor IPv6LL is enabled)
+-           for this interface then disable IPv6 else enable it. */
++        /* If IPv6 not configured (no static IPv6 address and IPv6LL autoconfiguration is disabled)
++           for this interface, or if it is a bridge slave, then disable IPv6 else enable it. */
+         (void) link_enable_ipv6(link);
+ 
+         if (link->network->mtu) {

0042-udev-bump-TasksMax-to-inifinity-3593.patch

@@ -0,0 +1,29 @@
+From 8f01e7ac78e51c8fd2e2a285cb16cbec72006c3b Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Thu, 23 Jun 2016 22:31:01 +0200
+Subject: [PATCH] udev: bump TasksMax to inifinity (#3593)
+
+udevd already limits its number of workers/children: the max number is actually
+twice the number of CPUs the system is using.
+
+(The limit can also be raised with udev.children-max= kernel command line
+option BTW).
+
+On some servers, this limit can easily exceed the maximum number of tasks that
+systemd put on all services, which is 512 by default.
+
+Since udevd has already its limitation logic, simply disable the static
+limitation done by TasksMax.
+---
+ units/systemd-udevd.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
+index 79f28c87c6..67e4c5fcd7 100644
+--- a/units/systemd-udevd.service.in
++++ b/units/systemd-udevd.service.in
+@@ -24,3 +24,4 @@ ExecStart=@rootlibexecdir@/systemd-udevd
+ MountFlags=slave
+ KillMode=mixed
+ WatchdogSec=3min
++TasksMax=infinity

0043-networkd-disable-IPv6-for-bridge-slave.patch

@@ -0,0 +1,26 @@
+From c5fb55e7ae979d376d18b28d323905a4703e8cc3 Mon Sep 17 00:00:00 2001
+From: Tom Yan <tom.ty89@gmail.com>
+Date: Sat, 28 May 2016 13:35:01 +0800
+Subject: [PATCH] networkd: disable IPv6 for bridge slave
+
+If an interface is managed as a bridge slave, we don't want any IP configuration for it. Therefore, disable IPv6 in such case.
+
+(loosely based upon commit 2b00a4e03dc375465de7f60f3a6937cbe8ffdf31)
+---
+ src/network/networkd-link.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 13f9e895ab..2268d31374 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -45,6 +45,9 @@ bool link_dhcp6_enabled(Link *link) {
+         if (!link->network)
+                 return false;
+ 
++        if (link->network->bridge)
++                return false;
++
+         return link->network->dhcp & ADDRESS_FAMILY_IPV6;
+ }
+ 

0044-networkd-add-route-expiration-handler-3242.patch

@@ -0,0 +1,62 @@
+From 9582dba16dc4fa990b86a915b74a67566c9acf84 Mon Sep 17 00:00:00 2001
+From: Susant Sahani <ssahani@users.noreply.github.com>
+Date: Wed, 18 May 2016 07:06:43 +0530
+Subject: [PATCH] networkd: add route expiration handler (#3242)
+
+Fix for #3232.
+(cherry picked from commit fe7ca21acfb9fcef6cf8ce9f945377667a26a27c)
+---
+ src/network/networkd-route.c | 32 +++++++++++++++++++++++++++++++-
+ 1 file changed, 31 insertions(+), 1 deletion(-)
+
+diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c
+index e065a5a5a9..aa9c71550f 100644
+--- a/src/network/networkd-route.c
++++ b/src/network/networkd-route.c
+@@ -411,15 +411,45 @@ int route_remove(Route *route, Link *link,
+         return 0;
+ }
+ 
++static int route_expire_callback(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
++        Link *link = userdata;
++        int r;
++
++        assert(rtnl);
++        assert(m);
++        assert(link);
++        assert(link->ifname);
++        assert(link->link_messages > 0);
++
++        if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
++                return 1;
++
++        link->link_messages--;
++
++        r = sd_netlink_message_get_errno(m);
++        if (r < 0 && r != -EEXIST)
++                log_link_warning_errno(link, r, "could not remove route: %m");
++
++        if (link->link_messages == 0)
++                log_link_debug(link, "route removed");
++
++        return 1;
++}
++
+ int route_expire_handler(sd_event_source *s, uint64_t usec, void *userdata) {
+         Route *route = userdata;
+         int r;
+ 
+         assert(route);
+ 
+-        r = route_remove(route, route->link, NULL);
++        r = route_remove(route, route->link, route_expire_callback);
+         if (r < 0)
+                 log_warning_errno(r, "Could not remove route: %m");
++        else {
++                /* route may not be exist in kernel. If we fail still remove it */
++                route->link->link_messages++;
++                route_free(route);
++        }
+ 
+         return 1;
+ }

0045-coredump-ignore-RLIMIT_CORE.patch

@@ -0,0 +1,30 @@
+From 5f9856fbccf249fd13fbcbc180aff9ec0a871ca7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 9 Aug 2016 10:54:05 -0400
+Subject: [PATCH] coredump: ignore RLIMIT_CORE
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1309172#c21
+---
+ src/coredump/coredump.c | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
+index 085909c20c..aa07e68627 100644
+--- a/src/coredump/coredump.c
++++ b/src/coredump/coredump.c
+@@ -319,15 +319,6 @@ static int save_external_coredump(
+         if (r < 0)
+                 return log_error_errno(r, "Failed to parse UID: %m");
+ 
+-        r = safe_atou64(context[CONTEXT_RLIMIT], &rlimit);
+-        if (r < 0)
+-                return log_error_errno(r, "Failed to parse resource limit: %s", context[CONTEXT_RLIMIT]);
+-        if (rlimit <= 0) {
+-                /* Is coredumping disabled? Then don't bother saving/processing the coredump */
+-                log_info("Core Dumping has been disabled for process %s (%s).", context[CONTEXT_PID], context[CONTEXT_COMM]);
+-                return -EBADSLT;
+-        }
+-
+         /* Never store more than the process configured, or than we actually shall keep or process */
+         max_size = MIN(rlimit, MAX(arg_process_size_max, arg_external_size_max));
+ 

0046-networkd-link-fix-handler-typo-for-route_remove-3433.patch

@@ -0,0 +1,24 @@
+From f9832c283ba8e6e4089639646fb0249bb55f5e6e Mon Sep 17 00:00:00 2001
+From: tomty89 <tom.ty89@gmail.com>
+Date: Sat, 4 Jun 2016 18:31:07 +0800
+Subject: [PATCH] networkd-link: fix handler typo for route_remove() (#3433)
+
+Obviously we've been using the wrong handler here. Fixes #3352.
+(cherry picked from commit 3fb1ac5d57954bb0d881a68777e996b46ed44ce3)
+---
+ src/network/networkd-link.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 2268d31374..5545a5ada3 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -2077,7 +2077,7 @@ static int link_drop_foreign_config(Link *link) {
+                 if (route->protocol == RTPROT_KERNEL)
+                         continue;
+ 
+-                r = route_remove(route, link, link_address_remove_handler);
++                r = route_remove(route, link, link_route_remove_handler);
+                 if (r < 0)
+                         return r;
+         }

0047-macros.systemd.in-add-systemd_ordering-3776.patch

@@ -0,0 +1,34 @@
+From d485b5cd7153f146d7efd18c24ca09b5ddfe15e5 Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald@redhat.com>
+Date: Fri, 22 Jul 2016 15:33:13 +0200
+Subject: [PATCH] macros.systemd.in: add %systemd_ordering (#3776)
+
+To remove the hard dependency on systemd, for packages, which function
+without a running systemd the %systemd_ordering macro can be used to
+ensure ordering in the rpm transaction. %systemd_ordering makes sure,
+the systemd rpm is installed prior to the package, so the %pre/%post
+scripts can execute the systemd parts.
+
+Installing systemd afterwards though, does not result in the same outcome.
+(cherry picked from commit 2424b6bd716f0c1c3bf3406b1fd1a16ba1b6a556)
+---
+ src/core/macros.systemd.in | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
+index 2cace3d3ba..f3089cbcc9 100644
+--- a/src/core/macros.systemd.in
++++ b/src/core/macros.systemd.in
+@@ -36,6 +36,12 @@ Requires(preun): systemd \
+ Requires(postun): systemd \
+ %{nil}
+ 
++%systemd_ordering \
++OrderWithRequires(post): systemd \
++OrderWithRequires(preun): systemd \
++OrderWithRequires(postun): systemd \
++%{nil}
++
+ %systemd_post() \
+ if [ $1 -eq 1 ] ; then \
+         # Initial installation \

0048-If-the-notification-message-length-is-0-ignore-the-m.patch

@@ -0,0 +1,30 @@
+From 7148c9c26658cefc88e0c17841c2399be36b2361 Mon Sep 17 00:00:00 2001
+From: Jorge Niedbalski <jorge.niedbalski@canonical.com>
+Date: Wed, 28 Sep 2016 18:25:50 -0300
+Subject: [PATCH] If the notification message length is 0, ignore the message
+ (#4237)
+
+Fixes #4234.
+
+Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
+(cherry picked from commit 531ac2b2349da02acc9c382849758e07eb92b020)
+(cherry picked from commit 2e9b525caa9e3126e54f0d9506d0c36d7d533997)
+---
+ src/core/manager.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index f36cf5e320..6bd32ed920 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1557,6 +1557,10 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+ 
+                 return -errno;
+         }
++        if (n == 0) {
++                log_debug("Got zero-length notification message. Ignoring.");
++                return 0;
++        }
+ 
+         CMSG_FOREACH(cmsg, &msghdr) {
+                 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {

0049-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch

@@ -0,0 +1,50 @@
+From c7ba28481495df54477c54ee14bb6e7737ef772b Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Thu, 29 Sep 2016 19:44:34 +0200
+Subject: [PATCH] pid1: don't return any error in manager_dispatch_notify_fd()
+ (#4240)
+
+If manager_dispatch_notify_fd() fails and returns an error then the handling of
+service notifications will be disabled entirely leading to a compromised system.
+
+For example pid1 won't be able to receive the WATCHDOG messages anymore and
+will kill all services supposed to send such messages.
+(cherry picked from commit 9987750e7a4c62e0eb8473603150596ba7c3a015)
+
+(cherry picked from commit 39e5e97e68a9c1bca3bcfa6c9316a83dad0b072d)
+---
+ src/core/manager.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 6bd32ed920..5092b1c5f6 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1552,10 +1552,14 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+ 
+         n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+         if (n < 0) {
+-                if (errno == EAGAIN || errno == EINTR)
+-                        return 0;
++                if (!IN_SET(errno, EAGAIN, EINTR))
++                        log_error("Failed to receive notification message: %m");
+ 
+-                return -errno;
++                /* It's not an option to return an error here since it
++                 * would disable the notification handler entirely. Services
++                 * wouldn't be able to send the WATCHDOG message for
++                 * example... */
++                return 0;
+         }
+         if (n == 0) {
+                 log_debug("Got zero-length notification message. Ignoring.");
+@@ -1582,7 +1586,8 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+                 r = fdset_new_array(&fds, fd_array, n_fds);
+                 if (r < 0) {
+                         close_many(fd_array, n_fds);
+-                        return log_oom();
++                        log_oom();
++                        return 0;
+                 }
+         }
+ 

0050-pid1-process-zero-length-notification-messages-again.patch

@@ -0,0 +1,70 @@
+From 62a4a4bca549ee6020aec90e540ce393a34c5605 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 29 Sep 2016 16:06:02 +0200
+Subject: [PATCH] pid1: process zero-length notification messages again
+
+This undoes 531ac2b234. I acked that patch without looking at the code
+carefully enough. There are two problems:
+- we want to process the fds anyway
+- in principle empty notification messages are valid, and we should
+  process them as usual, including logging using log_unit_debug().
+
+(cherry picked from commit 8523bf7dd514a3a2c6114b7b8fb8f308b4f09fc4)
+(cherry picked from commit 9d77c48a80e1cc2ad016eba1756a5ca293d51f86)
+---
+ src/core/manager.c | 13 ++++---------
+ 1 file changed, 4 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 5092b1c5f6..369ed546b4 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1493,13 +1493,12 @@ static unsigned manager_dispatch_dbus_queue(Manager *m) {
+         return n;
+ }
+ 
+-static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, size_t n, FDSet *fds) {
++static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, FDSet *fds) {
+         _cleanup_strv_free_ char **tags = NULL;
+ 
+         assert(m);
+         assert(u);
+         assert(buf);
+-        assert(n > 0);
+ 
+         tags = strv_split(buf, "\n\r");
+         if (!tags) {
+@@ -1561,10 +1560,6 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+                  * example... */
+                 return 0;
+         }
+-        if (n == 0) {
+-                log_debug("Got zero-length notification message. Ignoring.");
+-                return 0;
+-        }
+ 
+         CMSG_FOREACH(cmsg, &msghdr) {
+                 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
+@@ -1607,19 +1602,19 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+          * to avoid notifying the same one multiple times. */
+         u1 = manager_get_unit_by_pid_cgroup(m, ucred->pid);
+         if (u1) {
+-                manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds);
++                manager_invoke_notify_message(m, u1, ucred->pid, buf, fds);
+                 found = true;
+         }
+ 
+         u2 = hashmap_get(m->watch_pids1, PID_TO_PTR(ucred->pid));
+         if (u2 && u2 != u1) {
+-                manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds);
++                manager_invoke_notify_message(m, u2, ucred->pid, buf, fds);
+                 found = true;
+         }
+ 
+         u3 = hashmap_get(m->watch_pids2, PID_TO_PTR(ucred->pid));
+         if (u3 && u3 != u2 && u3 != u1) {
+-                manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds);
++                manager_invoke_notify_message(m, u3, ucred->pid, buf, fds);
+                 found = true;
+         }
+ 

0051-logind-fix-crash-when-shutdown-is-not-issued-from-a-.patch

@@ -0,0 +1,30 @@
+From e6054d681031953ce7e7150efc441fd2f6f64ae3 Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Wed, 23 Mar 2016 08:46:58 +0100
+Subject: [PATCH] logind: fix crash when shutdown is not issued from a tty
+
+It's possible that sd_bus_creds_get_tty() fails and thus
+scheduled_shutdown_tty is NULL in method_schedule_shutdown().
+
+Fix logind_wall_tty_filter() to get along with that, by showing the message on
+all TTYs, instead of crashing in strcmp().
+
+https://launchpad.net/bugs/1553040
+(cherry picked from commit b4944d2df248fbd2f96a4b9b4fe02fe0c1af7499)
+---
+ src/login/logind-utmp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/login/logind-utmp.c b/src/login/logind-utmp.c
+index 11a91c3947..29ab00eb1f 100644
+--- a/src/login/logind-utmp.c
++++ b/src/login/logind-utmp.c
+@@ -65,7 +65,7 @@ bool logind_wall_tty_filter(const char *tty, void *userdata) {
+ 
+         assert(m);
+ 
+-        if (!startswith(tty, "/dev/"))
++        if (!startswith(tty, "/dev/") || !m->scheduled_shutdown_tty)
+                 return true;
+ 
+         return !streq(tty + 5, m->scheduled_shutdown_tty);

0052-hwdb-add-axis-ranges-for-the-MacBook-4-1-4030.patch

@@ -0,0 +1,24 @@
+From e0801b90cd355b65ee42ebc916293465d7bef4fd Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Wed, 24 Aug 2016 20:11:48 +1000
+Subject: [PATCH] hwdb: add axis ranges for the MacBook 4,1 (#4030)
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1357990
+(cherry picked from commit 769c29d5d12532e81c983d9946961ce084609571)
+---
+ hwdb/60-evdev.hwdb | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/hwdb/60-evdev.hwdb b/hwdb/60-evdev.hwdb
+index d060d81f61..c672df2dc4 100644
+--- a/hwdb/60-evdev.hwdb
++++ b/hwdb/60-evdev.hwdb
+@@ -45,6 +45,8 @@
+ 
+ #  Macbook2,1 (late 2006), single-button touchpad
+ evdev:input:b0003v05ACp021B*
++# Macbook4,1
++evdev:input:b0003v05ACp0229*
+  EVDEV_ABS_00=256:1471:12
+  EVDEV_ABS_01=256:831:12
+ 

0053-resolved-bugfix-of-null-pointer-p-question-dereferen.patch

@@ -0,0 +1,27 @@
+From c89e4c375b197202434821c09a4ac7088b3dded4 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Wed, 24 May 2017 08:56:48 +0300
+Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing
+ (#6020)
+
+See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
+
+(cherry picked from commit a924f43f30f9c4acaf70618dd2a055f8b0f166be)
+---
+ src/resolve/resolved-dns-packet.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index c940dd8929..e57f157e00 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -2259,6 +2259,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
+         if (r < 0)
+                 return r;
+ 
++        if (!p->question)
++                return 0;
++
+         if (p->question->n_keys != 1)
+                 return 0;
+ 

0054-hwdb-selinuxify-a-bit-3460.patch

@@ -0,0 +1,54 @@
+From 2a97bf0e94be18d20d0ef671f50db1cc2d65c5e0 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Tue, 7 Jun 2016 20:47:41 +0300
+Subject: [PATCH] hwdb: selinuxify a bit (#3460)
+
+-bash-4.3# rm /etc/udev/hwdb.bin
+-bash-4.3# systemd-hwdb update
+-bash-4.3# ls -Z /etc/udev/hwdb.bin
+system_u:object_r:systemd_hwdb_etc_t:s0 /etc/udev/hwdb.bin
+
+Fixes: #3458
+(cherry picked from commit ea683512f9b82f2257770f0ed56d819eea230fc2)
+---
+ src/hwdb/hwdb.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c
+index 1160dacdf1..e12cd93d1c 100644
+--- a/src/hwdb/hwdb.c
++++ b/src/hwdb/hwdb.c
+@@ -29,7 +29,9 @@
+ #include "fs-util.h"
+ #include "hwdb-internal.h"
+ #include "hwdb-util.h"
++#include "label.h"
+ #include "mkdir.h"
++#include "selinux-util.h"
+ #include "strbuf.h"
+ #include "string-util.h"
+ #include "strv.h"
+@@ -643,12 +645,12 @@ static int hwdb_update(int argc, char *argv[], void *userdata) {
+         if (!hwdb_bin)
+                 return -ENOMEM;
+ 
+-        mkdir_parents(hwdb_bin, 0755);
++        mkdir_parents_label(hwdb_bin, 0755);
+         r = trie_store(trie, hwdb_bin);
+         if (r < 0)
+                 return log_error_errno(r, "Failure writing database %s: %m", hwdb_bin);
+ 
+-        return 0;
++        return label_fix(hwdb_bin, false, false);
+ }
+ 
+ static void help(void) {
+@@ -732,6 +734,8 @@ int main (int argc, char *argv[]) {
+         if (r <= 0)
+                 goto finish;
+ 
++        mac_selinux_init();
++
+         r = hwdb_main(argc, argv);
+ 
+ finish:

0055-udevadm-explicitly-relabel-etc-udev-hwdb.bin-after-r.patch

@@ -0,0 +1,44 @@
+From 1826d028938f0d4042a9704c74c1d6477043eb11 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekletar@users.noreply.github.com>
+Date: Fri, 8 Jul 2016 17:43:05 +0200
+Subject: [PATCH] udevadm: explicitly relabel /etc/udev/hwdb.bin after rename
+ (#3686)
+
+This is basically the same change as ea68351.
+
+(cherry picked from commit 905c37e60ef653557d0354c2afa94546c31efe50)
+---
+ src/udev/udevadm-hwdb.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/udev/udevadm-hwdb.c b/src/udev/udevadm-hwdb.c
+index 948ad0f5a5..1bffe8e8ab 100644
+--- a/src/udev/udevadm-hwdb.c
++++ b/src/udev/udevadm-hwdb.c
+@@ -28,6 +28,8 @@
+ #include "fs-util.h"
+ #include "hwdb-internal.h"
+ #include "hwdb-util.h"
++#include "label.h"
++#include "mkdir.h"
+ #include "strbuf.h"
+ #include "string-util.h"
+ #include "udev.h"
+@@ -656,12 +658,16 @@ static int adm_hwdb(struct udev *udev, int argc, char *argv[]) {
+                         rc = EXIT_FAILURE;
+                         goto out;
+                 }
+-                mkdir_parents(hwdb_bin, 0755);
++
++                mkdir_parents_label(hwdb_bin, 0755);
++
+                 err = trie_store(trie, hwdb_bin);
+                 if (err < 0) {
+                         log_error_errno(err, "Failure writing database %s: %m", hwdb_bin);
+                         rc = EXIT_FAILURE;
+                 }
++
++                label_fix(hwdb_bin, false, false);
+         }
+ 
+         if (test) {

0056-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch

@@ -0,0 +1,43 @@
+From 8785055303abd087f9d55bfdaee01ee197f9ed0c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 23 Nov 2016 10:18:30 -0500
+Subject: [PATCH] build-sys: check for lz4 in the old and new numbering scheme
+ (#4717)
+
+lz4 upstream decided to switch to an incompatible numbering scheme
+(1.7.3 follows 131, to match the so version).
+PKG_CHECK_MODULES does not allow two version matches for the same package,
+so e.g. lz4 < 10 || lz4 >= 125 cannot be used. Check twice, once for
+"new" numbers (anything below 10 is assume to be new), once for the "old"
+numbers (anything above >= 125). This assumes that the "new" versioning
+will not get to 10 to quickly. I think that's a safe assumption, lz4 is a
+mature project.
+
+Fixed #4690.
+
+(cherry picked from commit 3d4cf7de48a74726694abbaa09f9804b845ff3ba)
+---
+ configure.ac | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5fd73c59f1..1f95f9f5c9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -571,10 +571,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
+ have_lz4=no
+ AC_ARG_ENABLE(lz4, AS_HELP_STRING([--disable-lz4], [Disable optional LZ4 support]))
+ AS_IF([test "x$enable_lz4" != "xno"], [
+-        PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
+-               [AC_DEFINE(HAVE_LZ4, 1, [Define in LZ4 is available])
++        PKG_CHECK_MODULES(LZ4, [ liblz4 < 10 ],
++               [AC_DEFINE(HAVE_LZ4, 1, [Define if LZ4 is available])
+                 have_lz4=yes],
+-                have_lz4=no)
++                [PKG_CHECK_MODULES(LZ4, [ liblz4 >= 125 ],
++                      [AC_DEFINE(HAVE_LZ4, 1, [Define if LZ4 is available])
++                      have_lz4=yes],
++                      have_lz4=no)])
+         AS_IF([test "x$have_lz4" = xno -a "x$enable_lz4" = xyes],
+               [AC_MSG_ERROR([*** LZ4 support requested but libraries not found])])
+ ])

0057-resolved-simplify-alloc-size-calculation.patch

@@ -0,0 +1,53 @@
+From 47c90e4cf813a0a38a1415936bf40b38ffdf4ce5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 18 Jun 2017 16:07:57 -0400
+Subject: [PATCH 57/58] resolved: simplify alloc size calculation
+
+The allocation size was calculated in a complicated way, and for values
+close to the page size we would actually allocate less than requested.
+
+Reported by Chris Coulson <chris.coulson@canonical.com>.
+
+CVE-2017-9445
+
+(cherry picked from commit e3abee3dee32ae7cd8e937e44ace94ab7f45ede9)
+---
+ src/resolve/resolved-dns-packet.c | 8 +-------
+ src/resolve/resolved-dns-packet.h | 2 --
+ 2 files changed, 1 insertion(+), 9 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index e57f157e00..c076003012 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -34,13 +34,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
+ 
+         assert(ret);
+ 
+-        if (mtu <= UDP_PACKET_HEADER_SIZE)
+-                a = DNS_PACKET_SIZE_START;
+-        else
+-                a = mtu - UDP_PACKET_HEADER_SIZE;
+-
+-        if (a < DNS_PACKET_HEADER_SIZE)
+-                a = DNS_PACKET_HEADER_SIZE;
++        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
+ 
+         /* round up to next page size */
+         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
+diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
+index 0bf34d270c..5c5440ee8c 100644
+--- a/src/resolve/resolved-dns-packet.h
++++ b/src/resolve/resolved-dns-packet.h
+@@ -66,8 +66,6 @@ struct DnsPacketHeader {
+ /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */
+ #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096
+ 
+-#define DNS_PACKET_SIZE_START 512
+-
+ struct DnsPacket {
+         int n_ref;
+         DnsProtocol protocol;
+-- 
+2.13.0
+

0058-resolved-do-not-allocate-packets-with-minimum-size.patch

@@ -0,0 +1,49 @@
+From 28a4da88f28f469db1a258a8ba932df6060f3086 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 27 Jun 2017 14:20:00 -0400
+Subject: [PATCH 58/58] resolved: do not allocate packets with minimum size
+
+dns_packet_new() is sometimes called with mtu == 0, and in that case we should
+allocate more than the absolute minimum (which is the dns packet header size),
+otherwise we have to resize immediately again after appending the first data to
+the packet.
+
+This partially reverts the previous commit.
+
+(cherry picked from commit 626e9ef495474c95e3143ddae1a498d391c2a008)
+---
+ src/resolve/resolved-dns-packet.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
+index c076003012..ace4a170c6 100644
+--- a/src/resolve/resolved-dns-packet.c
++++ b/src/resolve/resolved-dns-packet.c
+@@ -28,13 +28,23 @@
+ 
+ #define EDNS0_OPT_DO (1<<15)
+ 
++#define DNS_PACKET_SIZE_START 512
++assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE)
++
+ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) {
+         DnsPacket *p;
+         size_t a;
+ 
+         assert(ret);
+ 
+-        a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
++        /* When dns_packet_new() is called with mtu == 0, allocate more than the
++         * absolute minimum (which is the dns packet header size), to avoid
++         * resizing immediately again after appending the first data to the packet.
++         */
++        if (mtu < UDP_PACKET_HEADER_SIZE)
++                a = DNS_PACKET_SIZE_START;
++        else
++                a = MAX(mtu, DNS_PACKET_HEADER_SIZE);
+ 
+         /* round up to next page size */
+         a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket));
+-- 
+2.13.0
+

0999-resolved-create-etc-resolv.conf-symlink-at-runtime.patch

@@ -0,0 +1,51 @@
+From 4e14900fe25c53275c7d7d0c094ddf1fd477e5ed Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 11 Mar 2016 17:06:17 -0500
+Subject: [PATCH 1/2] resolved: create /etc/resolv.conf symlink at runtime
+
+If the symlink doesn't exists, and we are being started, let's
+create it to provie name resolution.
+
+If it exists, do nothing. In particular, if it is a broken symlink,
+we cannot really know if the administator configured it to point to
+a location used by some service that hasn't started yet, so we
+don't touch it in that case either.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1313085
+---
+ src/resolve/resolved.c | 4 ++++
+ tmpfiles.d/etc.conf.m4 | 3 ---
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c
+index 161ea03412..ea6750e949 100644
+--- a/src/resolve/resolved.c
++++ b/src/resolve/resolved.c
+@@ -67,6 +67,10 @@ int main(int argc, char *argv[]) {
+                 goto finish;
+         }
+ 
++        r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf");
++        if (r < 0 && errno != EEXIST)
++                log_warning_errno(errno, "Could not create /etc/resolv.conf symlink: %m");
++
+         r = drop_privileges(uid, gid, 0);
+         if (r < 0)
+                 goto finish;
+diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
+index ef7b9b9541..928105ea8d 100644
+--- a/tmpfiles.d/etc.conf.m4
++++ b/tmpfiles.d/etc.conf.m4
+@@ -13,9 +13,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts
+ m4_ifdef(`HAVE_SMACK_RUN_LABEL',
+ t /etc/mtab - - - - security.SMACK64=_
+ )m4_dnl
+-m4_ifdef(`ENABLE_RESOLVED',
+-L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
+-)m4_dnl
+ C /etc/nsswitch.conf - - - -
+ m4_ifdef(`HAVE_PAM',
+ C /etc/pam.d - - - -
+-- 
+2.7.2
+

20-grubby.install

@@ -1,51 +0,0 @@
-#!/bin/bash
-
-if [[ ! -x /sbin/new-kernel-pkg ]]; then
-    exit 0
-fi
-
-COMMAND="$1"
-KERNEL_VERSION="$2"
-BOOT_DIR_ABS="$3"
-KERNEL_IMAGE="$4"
-
-KERNEL_DIR="${KERNEL_IMAGE%/*}"
-[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
-case "$COMMAND" in
-    add)
-        if [[ "${KERNEL_DIR}" != "/boot" ]]; then
-            for i in \
-                "$KERNEL_IMAGE" \
-                    "$KERNEL_DIR"/System.map \
-                    "$KERNEL_DIR"/config \
-                    "$KERNEL_DIR"/zImage.stub \
-                    "$KERNEL_DIR"/dtb \
-                ; do
-                [[ -e "$i" ]] || continue
-                cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
-                command -v restorecon &>/dev/null && \
-                    restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}"
-            done
-            # hmac is .vmlinuz-<version>.hmac so needs a special treatment
-            i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
-            if [[ -e "$i" ]]; then
-                cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
-                command -v restorecon &>/dev/null && \
-                    restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
-            fi
-        fi
-        /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
-        /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
-        /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
-        ;;
-    remove)
-        /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
-        ;;
-    *)
-        ;;
-esac
-
-# skip other installation plugins, if we can't find a boot loader spec conforming setup
-if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
-    exit 77
-fi

85-display-manager.preset

@@ -0,0 +1,11 @@
+# We enable all display managers by default. Since only one can
+# actually be enabled at the same time the one which is installed
+# first wins
+
+enable gdm.service
+enable lightdm.service
+enable slim.service
+enable lxdm.service
+enable sddm.service
+enable kdm.service
+enable xdm.service

90-default.preset

@@ -0,0 +1,126 @@
+# Also see:
+# https://fedoraproject.org/wiki/Starting_services_by_default
+
+# On Fedora we deviate from some upstream defaults
+disable systemd-timesyncd.service
+disable systemd-networkd.service
+disable systemd-resolved.service
+
+# System stuff
+enable sshd.service
+enable atd.*
+enable crond.*
+enable chronyd.service
+enable NetworkManager.service
+enable NetworkManager-dispatcher.service
+enable ModemManager.service
+enable auditd.service
+enable restorecond.service
+enable bluetooth.*
+enable avahi-daemon.*
+enable cups.*
+
+# The various syslog implementations
+enable rsyslog.*
+enable syslog-ng.*
+enable sysklogd.*
+
+# Network facing
+enable firewalld.service
+enable libvirtd.service
+enable xinetd.service
+enable ladvd.service
+
+# Storage
+enable multipathd.service
+enable libstoragemgmt.service
+enable lvm2-monitor.*
+enable lvm2-lvmetad.*
+enable dm-event.*
+enable dmraid-activation.service
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=855372
+enable mdmonitor.service
+enable mdmonitor-takeover.service
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=876237
+enable spice-vdagentd.service
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=885406
+enable qemu-guest-agent.service
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=928726
+enable dnf-makecache.timer
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=929403
+enable initial-setup-graphical.service
+enable initial-setup-text.service
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=957135
+enable vmtoolsd.service
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=976315
+enable dkms.service
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=961878
+enable ipmi.service
+enable ipmievd.service
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1039351
+enable x509watch.timer
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1060754
+enable dnssec-triggerd.service
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1095353
+enable uuidd.socket
+
+# Hardware
+enable gpm.*
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1066421
+enable gpsd.socket
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1141607
+enable x2gocleansessions.service
+
+# https://fedoraproject.org/wiki/Changes/UEFISecureBootBlacklistUpdates
+#
+enable dbxtool.service
+
+enable irqbalance.service
+enable lm_sensors.service
+enable mcelog.*
+enable acpid.*
+enable smartd.service
+enable pcscd.socket
+enable rngd.service
+
+# Other stuff
+enable abrtd.service
+enable abrt-ccpp.service
+enable abrt-oops.service
+enable abrt-xorg.service
+enable abrt-vmcore.service
+enable lttng-sessiond.service
+enable ksm.service
+enable ksmtuned.service
+enable rootfs-resize.service
+enable sysstat.service
+enable sysstat-collect.timer
+enable sysstat-summary.timer
+enable uuidd.service
+enable xendomains.service
+enable xenstored.service
+enable xenconsoled.service
+
+# Desktop stuff
+enable accounts-daemon.service
+enable rtkit-daemon.service
+enable upower.service
+enable udisks2.service
+enable polkit.service
+enable packagekit-offline-update.service
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1187072
+enable timedatex.service

99-default-disable.preset

@@ -0,0 +1 @@
+disable *

If-the-notification-message-length-is-0-ignore-the-m.patch

@@ -0,0 +1,31 @@
+From 1f74d99193e7d2b0546e641aba25259d9a646e5d Mon Sep 17 00:00:00 2001
+From: Jorge Niedbalski <jorge.niedbalski@canonical.com>
+Date: Wed, 28 Sep 2016 18:25:50 -0300
+Subject: [PATCH] If the notification message length is 0, ignore the message
+ (#4237)
+
+Fixes #4234.
+
+Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
+---
+ src/core/manager.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index f36cf5e320..6bd32ed920 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1557,6 +1557,10 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+ 
+                 return -errno;
+         }
++        if (n == 0) {
++                log_debug("Got zero-length notification message. Ignoring.");
++                return 0;
++        }
+ 
+         CMSG_FOREACH(cmsg, &msghdr) {
+                 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
+-- 
+2.9.0
+

f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch

@@ -1,129 +0,0 @@
-From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Mon, 14 Sep 2020 17:58:03 +0200
-Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1803070
-
-I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
-than the one we get from /proc/self/fdinfo/. This only matters when both statx and
-name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
-
-(gdb) !uname -r
-5.6.19-200.fc31.ppc64le
-
-(gdb) !cat /proc/self/mountinfo
-697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
-698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
-699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
-700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
-701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
-702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
-703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
-704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
-705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
-706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
-720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
-721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
-722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
-725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
-603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
-604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
-605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
-606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
-607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
-608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
-609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
-610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
-611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
-612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
-613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
-614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
-615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
-616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
-617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
-
-The test process does
-name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
-openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
-read(open("/proc/self/fdinfo/4", ...)) which gives
-"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
-
-and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
-
-We could either drop the fallback path (and fail name_to_handle_at() is not
-avaliable) or ignore the error in the test. Not sure what is better. I think
-this issue only occurs sometimes and with older kernels, so probably continuing
-with the current flaky implementation is better than ripping out the fallback.
-
-Another strace:
-writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
-) = 28
-name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
-writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
-) = 20
-name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
-writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
-) = 30
-name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
-writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
-) = 23
-name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
-openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
-openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
-fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
-fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
-read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
-read(5</proc/20/fdinfo/4>, "", 1024)    = 0
-close(5</proc/20/fdinfo/4>)             = 0
-close(4</proc/filesystems>)             = 0
-writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
-) = 42
-writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
-) = 39
-writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
-) = 109
-rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
-rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
-getpid()                                = 20
-gettid()                                = 20
-tgkill(20, 20, SIGABRT)                 = 0
-rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
---- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
-+++ killed by SIGABRT (core dumped) +++
----
- src/test/test-mountpoint-util.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
-index 30b00ae4d8b..ffe5144b04a 100644
---- a/src/test/test-mountpoint-util.c
-+++ b/src/test/test-mountpoint-util.c
-@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
-                 /* The ids don't match? If so, then there are two mounts on the same path, let's check if
-                  * that's really the case */
-                 char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
--                log_debug("the other path for mnt id %i is %s\n", mnt_id2, t);
--                assert_se(path_equal(p, t));
-+                log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
-+
-+                if (!path_equal(p, t))
-+                        /* Apparent kernel bug in /proc/self/fdinfo */
-+                        log_warning("Bad mount id given for %s: %d, should be %d",
-+                                    p, mnt_id2, mnt_id);
-         }
- }
- 

kernel-install-grubby.patch

@@ -0,0 +1,71 @@
+From 860be9427dff48efc5e486b039be932094572047 Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald@redhat.com>
+Date: Tue, 14 Jan 2014 17:48:08 -0500
+Subject: [PATCH] kernel-install: add fedora specific callouts to
+ new-kernel-pkg
+
+---
+ src/kernel-install/kernel-install | 44 +++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 44 insertions(+)
+ mode change 100644 => 100755 src/kernel-install/kernel-install
+
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+old mode 100644
+new mode 100755
+index 3ae1d77..5c1e4fc
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -71,6 +71,50 @@ fi
+ KERNEL_VERSION="$1"
+ KERNEL_IMAGE="$2"
+ 
++if [[ -x /sbin/new-kernel-pkg ]]; then
++    KERNEL_DIR="${KERNEL_IMAGE%/*}"
++    if [[ "${KERNEL_DIR}" != "/boot" ]]; then
++        for i in \
++            "$KERNEL_IMAGE" \
++            "$KERNEL_DIR"/System.map \
++            "$KERNEL_DIR"/config \
++            "$KERNEL_DIR"/zImage.stub \
++            "$KERNEL_DIR"/dtb \
++            ; do
++            [[ -e "$i" ]] || continue
++            cp -a "$i" "/boot/${i##*/}-${KERNEL_VERSION}"
++            command -v restorecon &>/dev/null && \
++                restorecon "/boot/${i##*/}-${KERNEL_VERSION}"
++        done
++        # hmac is .vmlinuz-<version>.hmac so needs a special treatment
++        i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac"
++        if [[ -e "$i" ]]; then
++            cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
++            command -v restorecon &>/dev/null && \
++                restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac"
++        fi
++    fi
++
++    [[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}"
++    case "$COMMAND" in
++        add)
++            /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $?
++            /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $?
++            /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $?
++            ;;
++        remove)
++            /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $?
++            ;;
++        *)
++            ;;
++    esac
++
++    # exit, if we can't find a boot loader spec conforming setup
++    if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then
++        exit 0
++    fi
++fi
++
+ if [[ -f /etc/machine-id ]]; then
+     read MACHINE_ID < /etc/machine-id
+ fi
+-- 
+2.6.0
+

libsystemd-shared.abignore

@@ -1,3 +0,0 @@
-[suppress_file]
-# This shared object is private to systemd
-file_name_regexp=libsystemd-shared-.*.so

macros.sysusers

@@ -1,10 +0,0 @@
-# RPM macros for packages creating system accounts
-#
-# Turn a sysusers.d file into macros specified by
-# https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
-
-%sysusers_requires_compat Requires(pre): shadow-utils
-
-%sysusers_create_compat() \
-%(%{_rpmconfigdir}/sysusers.generate-pre.sh %{?*}) \
-%{nil}

purge-nobody-user

@@ -1,101 +0,0 @@
-#!/bin/bash -eu
-
-if [ $UID -ne 0 ]; then
-    echo "WARNING: This script needs to run as root to be effective"
-    exit 1
-fi
-
-export SYSTEMD_NSS_BYPASS_SYNTHETIC=1
-
-if [ "${1:-}" = "--ignore-journal" ]; then
-    shift
-    ignore_journal=1
-else
-    ignore_journal=0
-fi
-
-echo "Checking processes..."
-if ps h -u 99 | grep .; then
-    echo "ERROR: ps reports processes with UID 99!"
-    exit 2
-fi
-echo "... not found"
-
-echo "Checking UTMP..."
-if w -h 199 | grep . ; then
-    echo "ERROR: w reports UID 99 as active!"
-    exit 2
-fi
-if w -h nobody | grep . ; then
-    echo "ERROR: w reports user nobody as active!"
-    exit 2
-fi
-echo "... not found"
-
-echo "Checking the journal..."
-if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then
-    echo "ERROR: journalctl reports messages from UID 99 in current boot!"
-    exit 2
-fi
-echo "... not found"
-
-echo "Looking for files in /etc, /run, /tmp, and /var..."
-if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then
-    echo "ERROR: found files belonging to UID 99"
-    exit 2
-fi
-echo "... not found"
-
-echo "Checking if nobody is defined correctly..."
-if getent passwd nobody |
-	grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin';
-then
-    echo "OK, nothing to do."
-    exit 0
-else
-    echo "NOTICE: User nobody is not defined correctly"
-fi
-
-echo "Checking if nfsnobody or something else is using the uid..."
-if getent passwd 65534 | grep . ; then
-    echo "NOTICE: will have to remove this user"
-else
-    echo "... not found"
-fi
-
-if [ "${1:-}" = "-x" ]; then
-    if getent passwd nobody >/dev/null; then
-	# this will remove both the user and the group.
-	( set -x
-   	  userdel nobody
-	)
-    fi
-
-    if getent passwd 65534 >/dev/null; then
-	# Make sure the uid is unused. This should free gid too.
-	name="$(getent passwd 65534 | cut -d: -f1)"
-	( set -x
-	  userdel "$name"
-	)
-    fi
-
-    if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then
-	echo "Sleeping, so sss can catch up"
-	sleep 3
-    fi
-
-    if getent group 65534; then
-	# Make sure the gid is unused, even if uid wasn't.
-	name="$(getent group 65534 | cut -d: -f1)"
-	( set -x
-	  groupdel "$name"
-	)
-    fi
-
-    # systemd-sysusers uses the same gid and uid
-    ( set -x
-      systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin'
-    )
-else
-    echo "Pass '-x' to perform changes"
-fi

sources

@@ -1 +1 @@
-SHA512 (systemd-247.1.tar.gz) = 2a737afcee4409c2be073d8cb650c3465a25c101b3c3072ea6e6a0614d06e3ed7ae55c84f9ae60555915ad1480b3a13aa72fef4b9210139afe6b0d7a7629385a
+5d696f65381b2608da70544df07c2b3c  systemd-229.tar.gz

split-files.py

@@ -1,143 +0,0 @@
-import re, sys, os, collections
-
-buildroot = sys.argv[1]
-known_files = sys.stdin.read().splitlines()
-known_files = {line.split()[-1]:line for line in known_files}
-
-def files(root):
-    os.chdir(root)
-    todo = collections.deque(['.'])
-    while todo:
-        n = todo.pop()
-        files = os.scandir(n)
-        for file in files:
-            yield file
-            if file.is_dir() and not file.is_symlink():
-                todo.append(file)
-
-o_libs = open('.file-list-libs', 'w')
-o_udev = open('.file-list-udev', 'w')
-o_pam = open('.file-list-pam', 'w')
-o_rpm_macros = open('.file-list-rpm-macros', 'w')
-o_devel = open('.file-list-devel', 'w')
-o_container = open('.file-list-container', 'w')
-o_networkd = open('.file-list-networkd', 'w')
-o_remote = open('.file-list-remote', 'w')
-o_tests = open('.file-list-tests', 'w')
-o_standalone_tmpfiles = open('.file-list-standalone-tmpfiles', 'w')
-o_standalone_sysusers = open('.file-list-standalone-sysusers', 'w')
-o_rest = open('.file-list-rest', 'w')
-for file in files(buildroot):
-    n = file.path[1:]
-    if re.match(r'''/usr/(share|include)$|
-                    /usr/share/man(/man.|)$|
-                    /usr/share/zsh(/site-functions|)$|
-                    /usr/share/dbus-1$|
-                    /usr/share/dbus-1/system.d$|
-                    /usr/share/dbus-1/(system-|)services$|
-                    /usr/share/polkit-1(/actions|/rules.d|)$|
-                    /usr/share/pkgconfig$|
-                    /usr/share/bash-completion(/completions|)$|
-                    /usr(/lib|/lib64|/bin|/sbin|)$|
-                    /usr/lib.*/(security|pkgconfig)$|
-                    /usr/lib/rpm(/macros.d|)$|
-                    /usr/lib/firewalld(/services|)$|
-                    /usr/share/(locale|licenses|doc)|             # no $
-                    /etc(/pam\.d|/xdg|/X11|/X11/xinit|/X11.*\.d|)$|
-                    /etc/(dnf|dnf/protected.d)$|
-                    /usr/(src|lib/debug)|                         # no $
-                    /run$|
-                    /var(/cache|/log|/lib|/run|)$
-    ''', n, re.X):
-        continue
-    if '/security/pam_' in n or '/man8/pam_' in n:
-        o = o_pam
-    elif '/rpm/' in n:
-        o = o_rpm_macros
-    elif '/usr/lib/systemd/tests' in n:
-        o = o_tests
-    elif re.search(r'/lib.*\.pc|/man3/|/usr/include|(?<!/libsystemd-shared-...).so$', n):
-        o = o_devel
-    elif re.search(r'''journal-(remote|gateway|upload)|
-                       systemd-remote\.conf|
-                       /usr/share/systemd/gatewayd|
-                       /var/log/journal/remote
-    ''', n, re.X):
-        o = o_remote
-    elif re.search(r'''mymachines|
-                       machinectl|
-                       systemd-nspawn|
-                       import-pubring.gpg|
-                       systemd-(machined|import|pull)|
-                       /machine.slice|
-                       /machines.target|
-                       var-lib-machines.mount|
-                       org.freedesktop.(import|machine)1
-    ''', n, re.X):
-        o = o_container
-    elif re.search(r'''/usr/lib/systemd/network/80-|
-                       networkd|
-                       networkctl|
-                       org.freedesktop.network1
-    ''', n, re.X):
-        o = o_networkd
-    elif '.so.' in n:
-        o = o_libs
-    elif re.search(r'''udev(?!\.pc)|
-                       hwdb|
-                       bootctl|
-                       sd-boot|systemd-boot\.|loader.conf|
-                       bless-boot|
-                       boot-system-token|
-                       kernel-install|
-                       vconsole|
-                       backlight|
-                       rfkill|
-                       random-seed|
-                       modules-load|
-                       timesync|
-                       cryptsetup|
-                       kmod|
-                       quota|
-                       pstore|
-                       sleep|suspend|hibernate|
-                       systemd-tmpfiles-setup-dev|
-                       network/99-default.link|
-                       growfs|makefs|makeswap|mkswap|
-                       fsck|
-                       repart|
-                       gpt-auto|
-                       volatile-root|
-                       verity-setup|
-                       remount-fs|
-                       /boot$|
-                       /boot/efi|
-                       /kernel/|
-                       /kernel$|
-                       /modprobe.d
-    ''', n, re.X):
-        o = o_udev
-    elif n.endswith('.standalone'):
-        if 'tmpfiles' in n:
-            o = o_standalone_tmpfiles
-        elif 'sysusers' in n:
-            o = o_standalone_sysusers
-        else:
-            assert False, 'Found .standalone not belonging to known packages'
-    else:
-        o = o_rest
-
-    if n in known_files:
-        prefix = ' '.join(known_files[n].split()[:-1])
-        if prefix:
-            prefix += ' '
-    elif file.is_dir() and not file.is_symlink():
-        prefix = '%dir '
-    elif n.startswith('/etc'):
-        prefix = '%config(noreplace) '
-    else:
-        prefix = ''
-
-    suffix = '*' if '/man/' in n else ''
-
-    print(f'{prefix}{n}{suffix}', file=o)

systemd-udev-trigger-no-reload.conf

@@ -1,3 +0,0 @@
-[Unit]
-# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17
-RefuseManualStop=true

systemd-user

@@ -1,10 +0,0 @@
-# This file is part of systemd.
-#
-# Used by systemd --user instances.
-
-account  include system-auth
-
-session  required pam_selinux.so close
-session  required pam_selinux.so nottys open
-session  required pam_loginuid.so
-session  include system-auth

systemd.rpmlintrc

@@ -1,50 +0,0 @@
-# Just kill all warnings about README being wrong in every possible way
-addFilter(r'README')
-
-addFilter(r'missing-call-to-(chdir-with-chroot|setgroups-before-setuid)')
-
-addFilter(r'executable-marked-as-config-file /etc/X11/xinit/xinitrc.d/50-systemd-user.sh')
-
-addFilter(r'non-readable /etc/crypttab')
-
-addFilter(r'non-conffile-in-etc /etc/inittab')
-
-addFilter(r'systemd-unit-in-etc /etc/systemd/.*\.wants')
-
-addFilter(r'dangling-relative-symlink /usr/lib/environment.d/99-environment.conf ../../../etc/environment')
-
-addFilter(r'devel-file-in-non-devel-package /usr/share/pkgconfig/(systemd|udev).pc')
-
-addFilter(r'non-standard-dir-perm /var/cache/private 700')
-
-addFilter(r'non-root-group-log-file /var/log/btmp utmp')
-
-addFilter(r'non-standard-dir-perm /var/log/private 700')
-
-addFilter(r'non-root-group-log-file /var/log/wtmp utmp')
-
-addFilter(r'dangerous-command-in-')
-
-addFilter(r'summary-not-capitalized C systemd')
-
-addFilter(r'obsolete-not-provided')
-
-addFilter(r'postin-without-ldconfig')
-
-addFilter(r'systemd-rpm-macros.noarch: W: only-non-binary-in-usr-lib')
-
-addFilter(r'systemd-rpm-macros.noarch: W: no-documentation')
-
-addFilter(r'systemd-tests\..*: W: no-documentation')
-
-addFilter(r'systemd-tests.*: E: zero-length /usr/lib/systemd/tests/testdata/test-umount/empty.mountinfo')
-
-addFilter(r'hardcoded-library-path in.*(firewalld|install.d|lib/systemd)')
-
-# everybody does it this way: systemd, syslog-ng, rsyslog
-addFilter(r'unversioned-explicit-provides syslog')
-
-# systemd-machine-id-setup requires libssl
-addFilter(r'explicit-lib-dependency openssl-libs')
-
-addFilter(r'systemd.src:.*strange-permission')

sysusers.attr

@@ -1,2 +0,0 @@
-%__sysusers_provides	%{_rpmconfigdir}/sysusers.prov
-%__sysusers_path	^%{_sysusersdir}/.*\\.conf$

sysusers.generate-pre.sh

@@ -1,79 +0,0 @@
-#!/bin/bash
-
-# This script turns sysuser.d files into scriptlets mandated by Fedora
-# packaging guidelines. The general idea is to define users using the
-# declarative syntax but to turn this into traditional scriptlets.
-
-user() {
-    user="$1"
-    uid="$2"
-    desc="$3"
-    group="$4"
-    home="$5"
-    shell="$6"
-
-[ "$desc" = '-' ] && desc=
-[ "$home" = '-' -o "$home" = '' ] && home=/
-[ "$shell" = '-' -o "$shell" = '' ] && shell=/sbin/nologin
-
-if [ "$uid" = '-' -o "$uid" = '' ]; then
-    cat <<EOF
-getent passwd '$user' >/dev/null || \\
-    useradd -r -g '$group' -d '$home' -s '$shell' -c '$desc' '$user'
-EOF
-else
-    cat <<EOF
-if ! getent passwd '$user' >/dev/null ; then
-    if ! getent passwd '$uid' >/dev/null ; then
-        useradd -r -u '$uid' -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
-    else
-        useradd -r -g '$group' -d '$home' -s /sbin/nologin -c '$desc' '$user'
-    fi
-fi
-
-EOF
-fi
-}
-
-group() {
-    group="$1"
-    gid="$2"
-if [ "$gid" = '-' ]; then
-    cat <<EOF
-getent group '$group' >/dev/null || groupadd -r '$group'
-EOF
-else
-    cat <<EOF
-getent group '$group' >/dev/null || groupadd -f -g '$gid' -r '$group'
-EOF
-fi
-}
-
-parse() {
-    while read line || [ "$line" ]; do
-        [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
-        line="${line## *}"
-        [ -z "$line" ] && continue
-        eval arr=( $line )
-        case "${arr[0]}" in
-            ('u')
-                group "${arr[1]}" "${arr[2]}"
-                user "${arr[1]}" "${arr[2]}" "${arr[3]}" "${arr[1]}" "${arr[4]}" "${arr[5]}"
-                # TODO: user:group support
-                ;;
-            ('g')
-                group "${arr[1]}" "${arr[2]}"
-                ;;
-            ('m')
-                group "${arr[2]}" "-"
-                user "${arr[1]}" "-" "" "${arr[2]}"
-                ;;
-        esac
-    done
-}
-
-for fn in "$@"; do
-    [ -e "$fn" ] || continue
-    echo "# generated from $(basename $fn)"
-    parse < "$fn"
-done

sysusers.prov

@@ -1,28 +0,0 @@
-#!/bin/bash
-
-parse() {
-    while read line; do
-        [ "${line:0:1}" = '#' -o "${line:0:1}" = ';' ] && continue
-        line="${line## *}"
-        [ -z "$line" ] && continue
-        set -- $line
-        case "$1" in
-            ('u')
-                echo "user($2)"
-                echo "group($2)"
-                # TODO: user:group support
-                ;;
-            ('g')
-                echo "group($2)"
-                ;;
-            ('m')
-                echo "user($2)"
-                echo "group($3)"
-                ;;
-        esac
-    done
-}
-
-while read fn; do
-    parse < "$fn"
-done

tests/tests-reboot.yml

@@ -1,50 +0,0 @@
----
-- hosts: localhost
-  vars:
-  - artifacts: "{{ lookup('env', 'TEST_ARTIFACTS')|default('./artifacts', true) }}"
-  tags:
-  - classic
-  tasks:
-  # switch SELinux to permissive mode
-  - name: Get default kernel
-    command: "grubby --default-kernel"
-    register: default_kernel
-  - debug: msg="{{ default_kernel.stdout }}"
-  - name: Set permissive mode
-    command: "grubby --args=enforcing=0 --update-kernel {{ default_kernel.stdout }}"
-
-  - name: reboot
-    block:
-      - name: restart host
-        shell: sleep 2 && shutdown -r now "Ansible updates triggered"
-        async: 1
-        poll: 0
-        ignore_errors: true
-
-      - name: wait for host to come back
-        wait_for_connection:
-          delay: 10
-          timeout: 300
-
-      - name: Re-create /tmp/artifacts
-        command: mkdir /tmp/artifacts
-
-      - name: Gather SELinux denials since boot
-        shell: |
-            result=pass
-            dmesg | grep -i -e type=1300 -e type=1400 > /tmp/avc.log && result=fail
-            ausearch -m avc -m selinux_err -m user_avc -ts boot &>> /tmp/avc.log
-            grep -q '<no matches>' /tmp/avc.log || result=fail
-            echo -e "\nresults:\n- test: reboot and collect AVC\n  result: $result\n  logs:\n  - avc.log\n\n" > /tmp/results.yml
-            ( [ $result = "pass" ] && echo PASS test-reboot || echo FAIL test-reboot ) > /tmp/test.log
-
-    always:
-      - name: Pull out the artifacts
-        fetch:
-          dest: "{{ artifacts }}/"
-          src: "{{ item }}"
-          flat: yes
-        with_items:
-          - /tmp/test.log
-          - /tmp/avc.log
-          - /tmp/results.yml

triggers.systemd

@@ -1,111 +0,0 @@
-#  -*- Mode: rpm-spec; indent-tabs-mode: nil -*- */
-#  SPDX-License-Identifier: LGPL-2.1+
-#
-#  This file is part of systemd.
-#
-#  Copyright 2015 Zbigniew Jędrzejewski-Szmek
-#  Copyright 2018 Neal Gompa
-#
-#  systemd is free software; you can redistribute it and/or modify it
-#  under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
-#
-#  systemd is distributed in the hope that it will be useful, but
-#  WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-#  Lesser General Public License for more details.
-#
-#  You should have received a copy of the GNU Lesser General Public License
-#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-
-# The contents of this are an example to be copied into systemd.spec.
-#
-# Minimum rpm version supported: 4.13.0
-
-%transfiletriggerin -P 900900 -- /usr/lib/systemd/system /etc/systemd/system
-# This script will run after any package is initially installed or
-# upgraded. We care about the case where a package is initially
-# installed, because other cases are covered by the *un scriptlets,
-# so sometimes we will reload needlessly.
-if test -d /run/systemd/system; then
-  %{_bindir}/systemctl daemon-reload
-fi
-
-%transfiletriggerun -- /usr/lib/systemd/system /etc/systemd/system
-# On removal, we need to run daemon-reload after any units have been
-# removed. %transfiletriggerpostun would be ideal, but it does not get
-# executed for some reason.
-# On upgrade, we need to run daemon-reload after any new unit files
-# have been installed, but before %postun scripts in packages get
-# executed. %transfiletriggerun gets the right list of files
-# but it is invoked too early (before changes happen).
-# %filetriggerpostun happens at the right time, but it fires for
-# every package.
-# To execute the reload at the right time, we create a state
-# file in %transfiletriggerun and execute the daemon-reload in
-# the first %filetriggerpostun.
-
-if test -d "/run/systemd/system"; then
-    mkdir -p "%{_localstatedir}/lib/rpm-state/systemd"
-    touch "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"
-fi
-
-%filetriggerpostun -P 1000100 -- /usr/lib/systemd/system /etc/systemd/system
-if test -f "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"; then
-    rm -rf "%{_localstatedir}/lib/rpm-state/systemd"
-    %{_bindir}/systemctl daemon-reload
-fi
-
-%transfiletriggerin -P 100700 -- /usr/lib/sysusers.d
-# This script will process files installed in /usr/lib/sysusers.d to create
-# specified users automatically. The priority is set such that it
-# will run before the tmpfiles file trigger.
-if test -d /run/systemd/system; then
-  %{_bindir}/systemd-sysusers || :
-fi
-
-%transfiletriggerin -P 100500 -- /usr/lib/tmpfiles.d
-# This script will process files installed in /usr/lib/tmpfiles.d to create
-# tmpfiles automatically. The priority is set such that it will run
-# after the sysusers file trigger, but before any other triggers.
-if test -d /run/systemd/system; then
-  %{_bindir}/systemd-tmpfiles --create || :
-fi
-
-%transfiletriggerin udev -- /usr/lib/udev/hwdb.d
-# This script will automatically invoke hwdb update if files have been
-# installed or updated in /usr/lib/udev/hwdb.d.
-if test -d /run/systemd/system; then
-  %{_bindir}/systemd-hwdb update || :
-fi
-
-%transfiletriggerin -- /usr/lib/systemd/catalog
-# This script will automatically invoke journal catalog update if files
-# have been installed or updated in /usr/lib/systemd/catalog.
-if test -d /run/systemd/system; then
-  %{_bindir}/journalctl --update-catalog || :
-fi
-
-%transfiletriggerin udev -- /usr/lib/udev/rules.d
-# This script will automatically update udev with new rules if files
-# have been installed or updated in /usr/lib/udev/rules.d.
-if test -e /run/udev/control; then
-  %{_bindir}/udevadm control --reload || :
-fi
-
-%transfiletriggerin -- /usr/lib/sysctl.d
-# This script will automatically apply sysctl rules if files have been
-# installed or updated in /usr/lib/sysctl.d.
-if test -d /run/systemd/system; then
-  /usr/lib/systemd/systemd-sysctl || :
-fi
-
-%transfiletriggerin -- /usr/lib/binfmt.d
-# This script will automatically apply binfmt rules if files have been
-# installed or updated in /usr/lib/binfmt.d.
-if test -d /run/systemd/system; then
-  # systemd-binfmt might fail if binfmt_misc kernel module is not loaded
-  # during install
-  /usr/lib/systemd/systemd-binfmt || :
-fi

use-bfq-scheduler.patch

@@ -1,40 +0,0 @@
-From 223ea50950f97ed4e67311dfcffed7ffc27a7cd3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 14 Aug 2019 15:57:42 +0200
-Subject: [PATCH] udev: use bfq as the default scheduler
-
-As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828.
-Test results are that bfq seems to behave better and more consistently on
-typical hardware. The kernel does not have a configuration option to set
-the default scheduler, and it currently needs to be set by userspace.
-
-See the bug for more discussion and links.
----
- rules.d/60-block-scheduler.rules | 5 +++++
- rules.d/meson.build              | 1 +
- 2 files changed, 6 insertions(+)
- create mode 100644 rules.d/60-block-scheduler.rules
-
-diff --git a/rules.d/60-block-scheduler.rules b/rules.d/60-block-scheduler.rules
-new file mode 100644
-index 0000000000..480b941761
---- /dev/null
-+++ b/rules.d/60-block-scheduler.rules
-@@ -0,0 +1,5 @@
-+# do not edit this file, it will be overwritten on update
-+
-+ACTION=="add", SUBSYSTEM=="block", \
-+  KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \
-+  ATTR{queue/scheduler}="bfq"
-diff --git a/rules.d/meson.build b/rules.d/meson.build
-index ca4445d774..38d6aa6970 100644
---- a/rules.d/meson.build
-+++ b/rules.d/meson.build
-@@ -3,6 +3,7 @@
- rules = files('''
-         60-autosuspend.rules
-         60-block.rules
-+        60-block-scheduler.rules
-         60-cdrom_id.rules
-         60-drm.rules
-         60-evdev.rules

yum-protect-systemd.conf

@@ -1,2 +1 @@
 systemd
-systemd-udev