diff --git a/SOURCES/0759-udev-rules-Add-rule-for-dev-kfd.patch b/SOURCES/0759-udev-rules-Add-rule-for-dev-kfd.patch
new file mode 100644
index 0000000..0947964
--- /dev/null
+++ b/SOURCES/0759-udev-rules-Add-rule-for-dev-kfd.patch
@@ -0,0 +1,24 @@
+From 302a74feba2dd946a2f046857b5e9b6a874a2c8b Mon Sep 17 00:00:00 2001
+From: Tom Stellard <tstellar@redhat.com>
+Date: Tue, 31 Oct 2017 08:56:19 -0700
+Subject: [PATCH] udev-rules: Add rule for /dev/kfd
+
+(cherry picked from commit f301622d840ae414e7f56c364fe9b035f3041539)
+
+Resolves: #1659516
+---
+ rules/50-udev-default.rules | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/rules/50-udev-default.rules b/rules/50-udev-default.rules
+index 2bf9c1ec7e..27681c8a8b 100644
+--- a/rules/50-udev-default.rules
++++ b/rules/50-udev-default.rules
+@@ -31,6 +31,7 @@ SUBSYSTEM=="misc", KERNEL=="agpgart", GROUP="video"
+ SUBSYSTEM=="graphics", GROUP="video"
+ SUBSYSTEM=="drm", GROUP="video"
+ SUBSYSTEM=="dvb", GROUP="video"
++SUBSYSTEM=="kfd", GROUP="video"
+
+ SUBSYSTEM=="sound", GROUP="audio", \
+ OPTIONS+="static_node=snd/seq", OPTIONS+="static_node=snd/timer"
diff --git a/SOURCES/0760-core-exclude-.slice-units-from-systemctl-isolate.patch b/SOURCES/0760-core-exclude-.slice-units-from-systemctl-isolate.patch
new file mode 100644
index 0000000..2528e3a
--- /dev/null
+++ b/SOURCES/0760-core-exclude-.slice-units-from-systemctl-isolate.patch
@@ -0,0 +1,39 @@
+From 0e6f66ae4853b0e7c99f415b14ecfefb752d51ca Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 18 Feb 2016 22:51:23 +0100
+Subject: [PATCH] core: exclude .slice units from "systemctl isolate"
+
+Fixes: #1969
+(cherry picked from commit 1b4cd0cf11feb7d41f2eff17f86fa55b31bb6841)
+
+Resolves: #1745199
+---
+ src/core/slice.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/core/slice.c b/src/core/slice.c
+index 0985a65286..b0769205f6 100644
+--- a/src/core/slice.c
++++ b/src/core/slice.c
+@@ -36,6 +36,13 @@ static const UnitActiveState state_translation_table[_SLICE_STATE_MAX] = {
+ [SLICE_ACTIVE] = UNIT_ACTIVE
+ };
+
++static void slice_init(Unit *u) {
++ assert(u);
++ assert(u->load_state == UNIT_STUB);
++
++ u->ignore_on_isolate = true;
++}
++
+ static void slice_set_state(Slice *t, SliceState state) {
+ SliceState old_state;
+ assert(t);
+@@ -274,6 +281,7 @@ const UnitVTable slice_vtable = {
+ .no_instances = true,
+ .can_transient = true,
+
++ .init = slice_init,
+ .load = slice_load,
+
+ .coldplug = slice_coldplug,
diff --git a/SOURCES/0761-udev-scsi_id-fix-incorrect-page-length-when-get-devi.patch b/SOURCES/0761-udev-scsi_id-fix-incorrect-page-length-when-get-devi.patch
new file mode 100644
index 0000000..e964b6b
--- /dev/null
+++ b/SOURCES/0761-udev-scsi_id-fix-incorrect-page-length-when-get-devi.patch
@@ -0,0 +1,30 @@
+From 0c25ad023d3864bf55ae7334cbc3da25b9227d18 Mon Sep 17 00:00:00 2001
+From: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
+Date: Mon, 13 May 2019 18:41:55 +0800
+Subject: [PATCH] udev/scsi_id: fix incorrect page length when get device
+ identification VPD page
+
+The length of device identification VPD page is filled with two bytes,
+but scsi_id only gets the low byte. Fix it.
+
+Signed-off-by: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
+(cherry picked from commit 1f7b6872dbe8ccae1f3bda9aa6aeb87c9b42e01e)
+
+Resolves: #1635945
+---
+ src/udev/scsi_id/scsi_serial.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udev/scsi_id/scsi_serial.c b/src/udev/scsi_id/scsi_serial.c
+index dcfff1d4ea..06fb4815b6 100644
+--- a/src/udev/scsi_id/scsi_serial.c
++++ b/src/udev/scsi_id/scsi_serial.c
+@@ -677,7 +677,7 @@ static int do_scsi_page83_inquiry(struct udev *udev,
+ * Examine each descriptor returned. There is normally only
+ * one or a small number of descriptors.
+ */
+- for (j = 4; j <= (unsigned int)page_83[3] + 3; j += page_83[j + 3] + 4) {
++ for (j = 4; j <= ((unsigned)page_83[2] << 8) + (unsigned)page_83[3] + 3; j += page_83[j + 3] + 4) {
+ retval = check_fill_0x83_id(udev,
+ dev_scsi, &page_83[j],
+ &id_search_list[id_ind],
diff --git a/SOURCES/0762-core-when-determining-whether-a-process-exit-status-.patch b/SOURCES/0762-core-when-determining-whether-a-process-exit-status-.patch
new file mode 100644
index 0000000..1cb4d27
--- /dev/null
+++ b/SOURCES/0762-core-when-determining-whether-a-process-exit-status-.patch
@@ -0,0 +1,164 @@
+From 8c9d6639a22d32734d950db37bfb852a1464c621 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 10 Oct 2016 22:07:30 +0200
+Subject: [PATCH] core: when determining whether a process exit status is
+ clean, consider whether it is a command or a daemon
+
+SIGTERM should be considered a clean exit code for daemons (i.e. long-running
+processes, as a daemon without SIGTERM handler may be shut down without issues
+via SIGTERM still) while it should not be considered a clean exit code for
+commands (i.e. short-running processes).
+
+Let's add two different clean checking modes for this, and use the right one at
+the appropriate places.
+
+Fixes: #4275
+(cherry picked from commit 1f0958f640b87175cd547c1e69084cfe54a22e9d)
+
+Resolves: #1560417
+---
+ src/core/busname.c | 2 +-
+ src/core/mount.c | 2 +-
+ src/core/service.c | 2 +-
+ src/core/socket.c | 2 +-
+ src/core/swap.c | 2 +-
+ src/remount-fs/remount-fs.c | 2 +-
+ src/shared/exit-status.c | 13 ++++---------
+ src/shared/exit-status.h | 7 ++++++-
+ 8 files changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/src/core/busname.c b/src/core/busname.c
+index 97886f1e05..f5553e5418 100644
+--- a/src/core/busname.c
++++ b/src/core/busname.c
+@@ -849,7 +849,7 @@ static void busname_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+
+ n->control_pid = 0;
+
+- if (is_clean_exit(code, status, NULL))
++ if (is_clean_exit(code, status, EXIT_CLEAN_COMMAND, NULL))
+ f = BUSNAME_SUCCESS;
+ else if (code == CLD_EXITED)
+ f = BUSNAME_FAILURE_EXIT_CODE;
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 8a25ebd163..bfbfc10731 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -1203,7 +1203,7 @@ static void mount_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+
+ m->control_pid = 0;
+
+- if (is_clean_exit(code, status, NULL))
++ if (is_clean_exit(code, status, EXIT_CLEAN_COMMAND, NULL))
+ f = MOUNT_SUCCESS;
+ else if (code == CLD_EXITED)
+ f = MOUNT_FAILURE_EXIT_CODE;
+diff --git a/src/core/service.c b/src/core/service.c
+index 6b61ccac18..f7b859d076 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -2632,7 +2632,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+ assert(s);
+ assert(pid >= 0);
+
+- if (UNIT(s)->fragment_path ? is_clean_exit(code, status, &s->success_status) :
++ if (UNIT(s)->fragment_path ? is_clean_exit(code, status, s->type == SERVICE_ONESHOT ? EXIT_CLEAN_COMMAND : EXIT_CLEAN_DAEMON, &s->success_status) :
+ is_clean_exit_lsb(code, status, &s->success_status))
+ f = SERVICE_SUCCESS;
+ else if (code == CLD_EXITED)
+diff --git a/src/core/socket.c b/src/core/socket.c
+index 8489575de6..1e8ae0a6e5 100644
+--- a/src/core/socket.c
++++ b/src/core/socket.c
+@@ -2344,7 +2344,7 @@ static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+
+ s->control_pid = 0;
+
+- if (is_clean_exit(code, status, NULL))
++ if (is_clean_exit(code, status, EXIT_CLEAN_COMMAND, NULL))
+ f = SOCKET_SUCCESS;
+ else if (code == CLD_EXITED)
+ f = SOCKET_FAILURE_EXIT_CODE;
+diff --git a/src/core/swap.c b/src/core/swap.c
+index 1f69736aa3..757a8d45c5 100644
+--- a/src/core/swap.c
++++ b/src/core/swap.c
+@@ -972,7 +972,7 @@ static void swap_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+
+ s->control_pid = 0;
+
+- if (is_clean_exit(code, status, NULL))
++ if (is_clean_exit(code, status, EXIT_CLEAN_COMMAND, NULL))
+ f = SWAP_SUCCESS;
+ else if (code == CLD_EXITED)
+ f = SWAP_FAILURE_EXIT_CODE;
+diff --git a/src/remount-fs/remount-fs.c b/src/remount-fs/remount-fs.c
+index 57b47021e4..db9ae391b8 100644
+--- a/src/remount-fs/remount-fs.c
++++ b/src/remount-fs/remount-fs.c
+@@ -142,7 +142,7 @@ int main(int argc, char *argv[]) {
+
+ s = hashmap_remove(pids, UINT_TO_PTR(si.si_pid));
+ if (s) {
+- if (!is_clean_exit(si.si_code, si.si_status, NULL)) {
++ if (!is_clean_exit(si.si_code, si.si_status, EXIT_CLEAN_COMMAND, NULL)) {
+ if (si.si_code == CLD_EXITED)
+ log_error("/bin/mount for %s exited with exit status %i.", s, si.si_status);
+ else
+diff --git a/src/shared/exit-status.c b/src/shared/exit-status.c
+index 90c83a47a8..ab09550d7a 100644
+--- a/src/shared/exit-status.c
++++ b/src/shared/exit-status.c
+@@ -180,22 +180,17 @@ const char* exit_status_to_string(ExitStatus status, ExitStatusLevel level) {
+ return NULL;
+ }
+
+-
+-bool is_clean_exit(int code, int status, ExitStatusSet *success_status) {
++bool is_clean_exit(int code, int status, ExitClean clean, ExitStatusSet *success_status) {
+
+ if (code == CLD_EXITED)
+ return status == 0 ||
+ (success_status &&
+ set_contains(success_status->status, INT_TO_PTR(status)));
+
+- /* If a daemon does not implement handlers for some of the
+- * signals that's not considered an unclean shutdown */
++ /* If a daemon does not implement handlers for some of the signals that's not considered an unclean shutdown */
+ if (code == CLD_KILLED)
+ return
+- status == SIGHUP ||
+- status == SIGINT ||
+- status == SIGTERM ||
+- status == SIGPIPE ||
++ (clean == EXIT_CLEAN_DAEMON && IN_SET(status, SIGHUP, SIGINT, SIGTERM, SIGPIPE)) ||
+ (success_status &&
+ set_contains(success_status->signal, INT_TO_PTR(status)));
+
+@@ -204,7 +199,7 @@ bool is_clean_exit(int code, int status, ExitStatusSet *success_status) {
+
+ bool is_clean_exit_lsb(int code, int status, ExitStatusSet *success_status) {
+
+- if (is_clean_exit(code, status, success_status))
++ if (is_clean_exit(code, status, EXIT_CLEAN_DAEMON, success_status))
+ return true;
+
+ return
+diff --git a/src/shared/exit-status.h b/src/shared/exit-status.h
+index 1d774f25dc..f7953aecb1 100644
+--- a/src/shared/exit-status.h
++++ b/src/shared/exit-status.h
+@@ -95,7 +95,12 @@ typedef struct ExitStatusSet {
+
+ const char* exit_status_to_string(ExitStatus status, ExitStatusLevel level) _const_;
+
+-bool is_clean_exit(int code, int status, ExitStatusSet *success_status);
++typedef enum ExitClean {
++ EXIT_CLEAN_DAEMON,
++ EXIT_CLEAN_COMMAND,
++} ExitClean;
++
++bool is_clean_exit(int code, int status, ExitClean clean, ExitStatusSet *success_status);
+ bool is_clean_exit_lsb(int code, int status, ExitStatusSet *success_status);
+
+ void exit_status_set_free(ExitStatusSet *x);
diff --git a/SOURCES/0763-units-add-Wants-initrd-cleanup.service-to-initrd-swi.patch b/SOURCES/0763-units-add-Wants-initrd-cleanup.service-to-initrd-swi.patch
new file mode 100644
index 0000000..7dfc02e
--- /dev/null
+++ b/SOURCES/0763-units-add-Wants-initrd-cleanup.service-to-initrd-swi.patch
@@ -0,0 +1,31 @@
+From 592fde970f4493b202ed0fc035e3f6785a850a55 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Tue, 11 Oct 2016 21:36:14 +0900
+Subject: [PATCH] units: add Wants=initrd-cleanup.service to
+ initrd-switch-root.target (#4345)
+
+`systemctl isolate initrd-switch-root.target` called by initrd-cleanup.service
+kills initrd-cleanup.service itself. Then, initrd-cleanup.service failed and
+system goes to emergency shell.
+To prevent this problem, this commit adds `Wants=initrd-cleanup.service` to
+initrd-switch-root.target.
+
+fixes: #4343.
+(cherry picked from commit a8cb1dc3e0fa81affd01c8ed3df35e4c4520a24e)
+
+Related: #1560417
+---
+ units/initrd-switch-root.target | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/units/initrd-switch-root.target b/units/initrd-switch-root.target
+index f34768790b..934d82f667 100644
+--- a/units/initrd-switch-root.target
++++ b/units/initrd-switch-root.target
+@@ -12,5 +12,5 @@ DefaultDependencies=no
+ Requires=initrd-switch-root.service
+ Before=initrd-switch-root.service
+ AllowIsolate=yes
+-Wants=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target systemd-journald.service
++Wants=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target systemd-journald.service initrd-cleanup.service
+ After=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target emergency.service emergency.target
diff --git a/SOURCES/0764-units-make-sure-initrd-cleanup.service-terminates-be.patch b/SOURCES/0764-units-make-sure-initrd-cleanup.service-terminates-be.patch
new file mode 100644
index 0000000..c6c275a
--- /dev/null
+++ b/SOURCES/0764-units-make-sure-initrd-cleanup.service-terminates-be.patch
@@ -0,0 +1,37 @@
+From d6f32f9063f5e7bb7864fb6be014a52e6036b111 Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Mon, 28 Jan 2019 12:07:37 +0100
+Subject: [PATCH] units: make sure initrd-cleanup.service terminates before
+ switching to rootfs
+
+A follow-up for commit a8cb1dc3e0fa81aff.
+
+Commit a8cb1dc3e0fa81aff made sure that initrd-cleanup.service won't be stopped
+when initrd-switch-root.target is isolated.
+
+However even with this change, it might happen that initrd-cleanup.service
+survives the switch to rootfs (since it has no ordering constraints against
+initrd-switch-root.target) and is stopped right after when default.target is
+isolated. This led to initrd-cleanup.service entering in failed state as it
+happens when oneshot services are stopped.
+
+This patch along with a8cb1dc3e0fa81aff should fix issue #4343.
+
+Fixes: #4343
+(cherry picked from commit e2c7c94ea35fe7e669afb51bfc2251158b522ea5)
+
+Related: #1560417
+---
+ units/initrd-switch-root.target | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/units/initrd-switch-root.target b/units/initrd-switch-root.target
+index 934d82f667..ada5b9e7fd 100644
+--- a/units/initrd-switch-root.target
++++ b/units/initrd-switch-root.target
+@@ -13,4 +13,4 @@ Requires=initrd-switch-root.service
+ Before=initrd-switch-root.service
+ AllowIsolate=yes
+ Wants=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target systemd-journald.service initrd-cleanup.service
+-After=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target emergency.service emergency.target
++After=initrd-udevadm-cleanup-db.service initrd-root-fs.target initrd-fs.target emergency.service emergency.target initrd-cleanup.service
diff --git a/SOURCES/0765-core-tiny-tweak-for-cgroup-trimming-during-manager_f.patch b/SOURCES/0765-core-tiny-tweak-for-cgroup-trimming-during-manager_f.patch
new file mode 100644
index 0000000..1101b8d
--- /dev/null
+++ b/SOURCES/0765-core-tiny-tweak-for-cgroup-trimming-during-manager_f.patch
@@ -0,0 +1,37 @@
+From 83c66e1d0c1bc6e7522719250e77fad40a147870 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 9 Oct 2018 15:56:27 +0200
+Subject: [PATCH] core: tiny tweak for cgroup trimming during manager_free()
+
+Instead of blacklisting when not to trim the cgroup tree, let's instead
+whitelist when to do it, as an excercise of being careful when being
+destructive.
+
+This should not change behaviour with exception that during switch roots
+we now won't attempt to trim the cgroup tree anymore. Which is more
+correct behaviour after all we serialize/deserialize during the
+transition and should be needlessly destructive.
+
+(cherry picked from commit 86036b26a1da4d90ca274d37e77c56980ab689fd)
+
+Resolves: #1630378
+---
+ src/core/manager.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index fdbb3c0fd9..afa4d2b8fa 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -998,9 +998,8 @@ Manager* manager_free(Manager *m) {
+ if (unit_vtable[c]->shutdown)
+ unit_vtable[c]->shutdown(m);
+
+- /* If we reexecute ourselves, we keep the root cgroup
+- * around */
+- manager_shutdown_cgroup(m, m->exit_code != MANAGER_REEXECUTE);
++ /* Keep the cgroup hierarchy in place except when we know we are going down for good */
++ manager_shutdown_cgroup(m, IN_SET(m->exit_code, MANAGER_EXIT, MANAGER_REBOOT, MANAGER_POWEROFF, MANAGER_HALT, MANAGER_KEXEC));
+
+ manager_undo_generators(m);
+
diff --git a/SOURCES/0766-process-an-empty-environment-block-should-be-returne.patch b/SOURCES/0766-process-an-empty-environment-block-should-be-returne.patch
new file mode 100644
index 0000000..5133a2a
--- /dev/null
+++ b/SOURCES/0766-process-an-empty-environment-block-should-be-returne.patch
@@ -0,0 +1,35 @@
+From c145af2a34a47f357711a2ae97c3d71db8df905f Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 23 Jul 2015 23:47:54 +0200
+Subject: [PATCH] process: an empty environment block should be returned as
+ such
+
+An empty env block is completely valid, hence return it as such, and
+don't turn it into an error.
+
+(cherry picked from commit 03c55bc0b980e2a6aaf6f166a9271ed8ecce2222)
+
+Resolves: #1685648
+---
+ src/shared/util.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/util.c b/src/shared/util.c
+index 07de902aaf..82c8e433dd 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -954,7 +954,13 @@ int get_process_environ(pid_t pid, char **env) {
+ sz += cescape_char(c, outcome + sz);
+ }
+
+- outcome[sz] = '\0';
++ if (!outcome) {
++ outcome = strdup("");
++ if (!outcome)
++ return -ENOMEM;
++ } else
++ outcome[sz] = '\0';
++
+ *env = outcome;
+ outcome = NULL;
+
diff --git a/SOURCES/0767-core-make-sure-initrd-switch-root-command-survives-P.patch b/SOURCES/0767-core-make-sure-initrd-switch-root-command-survives-P.patch
new file mode 100644
index 0000000..912e428
--- /dev/null
+++ b/SOURCES/0767-core-make-sure-initrd-switch-root-command-survives-P.patch
@@ -0,0 +1,59 @@
+From 5e68640c5b25b3b682ca8ce92a4a573e8dfba6ae Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Thu, 24 Nov 2016 18:52:04 +0100
+Subject: [PATCH] core: make sure initrd-switch-root command survives PID1's
+ killing spree (#4730)
+
+This is a different way to implement the fix proposed by commit
+a4021390fef27f4136497328f suggested by Lennart Poettering.
+
+In this patch we instruct PID1 to not kill "systemctl switch-root" command
+started by initrd-switch-root service using the "argv[0][0]='@'" trick.
+
+See: https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/ for
+more details.
+
+We had to backup argv[0] because argv is modified by dispatch_verb().
+
+(cherry picked from commit acc28e2e3037d689d6481e4664925cf31d4d087b)
+
+Related: #1754053
+---
+ src/systemctl/systemctl.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index f31137787a..f84b92ccbe 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -128,6 +128,7 @@ static const char *arg_kill_who = NULL;
+ static int arg_signal = SIGTERM;
+ static const char *arg_root = NULL;
+ static usec_t arg_when = 0;
++static char *argv_cmdline = NULL;
+ static enum action {
+ _ACTION_INVALID,
+ ACTION_SYSTEMCTL,
+@@ -5060,6 +5061,13 @@ static int switch_root(sd_bus *bus, char **args) {
+ init = NULL;
+ }
+
++ /* Instruct PID1 to exclude us from its killing spree applied during
++ * the transition from the initrd to the main system otherwise we would
++ * exit with a failure status even though the switch to the new root
++ * has succeed. */
++ if (in_initrd())
++ argv_cmdline[0] = '@';
++
+ log_debug("Switching root - root: %s; init: %s", root, strna(init));
+
+ r = sd_bus_call_method(
+@@ -7626,6 +7634,8 @@ int main(int argc, char*argv[]) {
+ _cleanup_bus_close_unref_ sd_bus *bus = NULL;
+ int r;
+
++ argv_cmdline = argv[0];
++
+ setlocale(LC_ALL, "");
+ log_parse_environment();
+ log_open();
diff --git a/SOURCES/0768-systemctl-always-avoid-being-killed-when-doing-switc.patch b/SOURCES/0768-systemctl-always-avoid-being-killed-when-doing-switc.patch
new file mode 100644
index 0000000..cba44fc
--- /dev/null
+++ b/SOURCES/0768-systemctl-always-avoid-being-killed-when-doing-switc.patch
@@ -0,0 +1,34 @@
+From 1be885f0e0f7023d1adc09fb0b247935c1a0b3bd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sat, 28 Jan 2017 21:18:31 -0500
+Subject: [PATCH] systemctl: always avoid being killed when doing switch-root
+
+The same logic as described in acc28e2e3037d689d6481e applies to any time we are
+switching root, to just set the flag unconditionally.
+
+(cherry picked from commit b3ad0ff48c154ed056a6bded2adac609395a9439)
+
+Related: #1754053
+---
+ src/systemctl/systemctl.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index f84b92ccbe..0928e2972a 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -5062,11 +5062,9 @@ static int switch_root(sd_bus *bus, char **args) {
+ }
+
+ /* Instruct PID1 to exclude us from its killing spree applied during
+- * the transition from the initrd to the main system otherwise we would
+- * exit with a failure status even though the switch to the new root
+- * has succeed. */
+- if (in_initrd())
+- argv_cmdline[0] = '@';
++ * the transition. Otherwise we would exit with a failure status even
++ * though the switch to the new root has succeed. */
++ argv_cmdline[0] = '@';
+
+ log_debug("Switching root - root: %s; init: %s", root, strna(init));
+
diff --git a/SOURCES/0769-units-drop-KillMode-from-initrd-switch-root.service.patch b/SOURCES/0769-units-drop-KillMode-from-initrd-switch-root.service.patch
new file mode 100644
index 0000000..fe2896a
--- /dev/null
+++ b/SOURCES/0769-units-drop-KillMode-from-initrd-switch-root.service.patch
@@ -0,0 +1,27 @@
+From 7872e75d4be31e6ba295c8360e801fd133ee6d76 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 29 Jan 2017 12:45:51 -0500
+Subject: [PATCH] units: drop KillMode= from initrd-switch-root.service
+
+The service already has DefaultDeps disabled, so systemd should not try to stop
+it. And if it *does* get stopped, we don't want the zombie process around.
+KillMode=none does not change anything in the killall() phase, and we already
+use argv[0][0] = '@' to protect against that anyway. KillMode=none should not
+be useful in normal operation, so let's leave it out.
+
+(cherry picked from commit 0af9a194ca0243fcb206499116e28612f571bd91)
+
+Related: #1754053
+---
+ units/initrd-switch-root.service.in | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/units/initrd-switch-root.service.in b/units/initrd-switch-root.service.in
+index 82893dafb1..d8e35c79fe 100644
+--- a/units/initrd-switch-root.service.in
++++ b/units/initrd-switch-root.service.in
+@@ -17,4 +17,3 @@ AllowIsolate=yes
+ Type=oneshot
+ # we have to use "--force" here, otherwise systemd would umount /run
+ ExecStart=@rootbindir@/systemctl --no-block --force switch-root /sysroot
+-KillMode=none
diff --git a/SOURCES/0770-systemctl-ignore-SIGTERM-after-switch-root.patch b/SOURCES/0770-systemctl-ignore-SIGTERM-after-switch-root.patch
new file mode 100644
index 0000000..be66455
--- /dev/null
+++ b/SOURCES/0770-systemctl-ignore-SIGTERM-after-switch-root.patch
@@ -0,0 +1,41 @@
+From 928f72e2070685886c0266891a74ca266587755a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 30 Jan 2017 13:06:10 -0500
+Subject: [PATCH] systemctl: ignore SIGTERM after switch root
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1414904#c14 and #c15.
+(cherry picked from commit 8a7a9ceab204fb02fd5d93a765b36b31efeb9beb)
+
+Resolves: #1754053
+---
+ src/systemctl/systemctl.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 0928e2972a..398727cc7d 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -5066,6 +5066,14 @@ static int switch_root(sd_bus *bus, char **args) {
+ * though the switch to the new root has succeed. */
+ argv_cmdline[0] = '@';
+
++ /* If we are slow to exit after the root switch, the new systemd instance
++ * will send us a signal to terminate. Just ignore it and exit normally.
++ * This way the unit does not end up as failed.
++ */
++ r = ignore_signals(SIGTERM, -1);
++ if (r < 0)
++ log_warning_errno(r, "Failed to change disposition of SIGTERM to ignore: %m");
++
+ log_debug("Switching root - root: %s; init: %s", root, strna(init));
+
+ r = sd_bus_call_method(
+@@ -5078,6 +5086,8 @@ static int switch_root(sd_bus *bus, char **args) {
+ NULL,
+ "ss", root, init);
+ if (r < 0) {
++ (void) default_signals(SIGTERM, -1);
++
+ log_error("Failed to switch root: %s", bus_error_message(&error, r));
+ return r;
+ }
diff --git a/SOURCES/0771-units-restore-Before-dependencies-for-systemd-vconso.patch b/SOURCES/0771-units-restore-Before-dependencies-for-systemd-vconso.patch
new file mode 100644
index 0000000..9672d49
--- /dev/null
+++ b/SOURCES/0771-units-restore-Before-dependencies-for-systemd-vconso.patch
@@ -0,0 +1,37 @@
+From 9335b508002f0d10c64011a90d81b515b53f0ac3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 31 Jan 2017 00:34:33 -0500
+Subject: [PATCH] units: restore Before dependencies for
+ systemd-vconsole-setup.service
+
+When the service is run in the initramfs, it is possible for it to get started
+and not be fast enough to exit before the root switch happens. It is started
+multiple times (depending on the consoles being detected), and runs
+asynchronously, so this is quite likely. It'll then get killed by killall(),
+and systemd will consider the service failed. To avoid all this, just wait
+for the service to terminate on it's own.
+
+Before=initrd-switch-root.target should be good for the initramfs, and
+Before=shutdown.tuarget should be good for the real system, although it's
+unlikely to make any difference there.
+
+(cherry picked from commit 750e550eba362096d56a35104c6a32631aa67b8e)
+
+Related: #1754053
+---
+ units/systemd-vconsole-setup.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/units/systemd-vconsole-setup.service.in b/units/systemd-vconsole-setup.service.in
+index 18faa63f28..8aba67b393 100644
+--- a/units/systemd-vconsole-setup.service.in
++++ b/units/systemd-vconsole-setup.service.in
+@@ -11,7 +11,7 @@ Documentation=man:systemd-vconsole-setup.service(8) man:vconsole.conf(5)
+ DefaultDependencies=no
+ Conflicts=shutdown.target
+ After=systemd-readahead-collect.service systemd-readahead-replay.service
+-Before=sysinit.target shutdown.target
++Before=sysinit.target initrd-switch-root.target shutdown.target
+ ConditionPathExists=/dev/tty0
+
+ [Service]
diff --git a/SOURCES/0772-core-reduce-the-number-of-stalled-PIDs-from-the-watc.patch b/SOURCES/0772-core-reduce-the-number-of-stalled-PIDs-from-the-watc.patch
new file mode 100644
index 0000000..0021a1d
--- /dev/null
+++ b/SOURCES/0772-core-reduce-the-number-of-stalled-PIDs-from-the-watc.patch
@@ -0,0 +1,405 @@
+From 7aff4320eab8b12b19a8800a13f6573c0cdda946 Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Mon, 18 Mar 2019 20:59:36 +0100
+Subject: [PATCH] core: reduce the number of stalled PIDs from the watched
+ processes list when possible
+
+Some PIDs can remain in the watched list even though their processes have
+exited since a long time. It can easily happen if the main process of a forking
+service manages to spawn a child before the control process exits for example.
+
+However when a pid is about to be mapped to a unit by calling unit_watch_pid(),
+the caller usually knows if the pid should belong to this unit exclusively: if
+we just forked() off a child, then we can be sure that its PID is otherwise
+unused. In this case we take this opportunity to remove any stalled PIDs from
+the watched process list.
+
+If we learnt about a PID in any other form (for example via PID file, via
+searching, MAINPID= and so on), then we can't assume anything.
+
+(cherry picked from commit f75f613d259e9332be8e9657fa37e73f7aabcb8a)
+
+Resolves: #1501796
+---
+ src/core/busname.c | 4 ++--
+ src/core/cgroup.c | 8 +++-----
+ src/core/dbus-scope.c | 2 +-
+ src/core/mount.c | 4 ++--
+ src/core/service.c | 24 ++++++++++--------------
+ src/core/socket.c | 6 +++---
+ src/core/swap.c | 4 ++--
+ src/core/unit.c | 25 ++++++++++++++++++++++---
+ src/core/unit.h | 2 +-
+ src/shared/util.c | 14 ++++++++++++++
+ src/shared/util.h | 1 +
+ 11 files changed, 61 insertions(+), 33 deletions(-)
+
+diff --git a/src/core/busname.c b/src/core/busname.c
+index f5553e5418..8d149aae4e 100644
+--- a/src/core/busname.c
++++ b/src/core/busname.c
+@@ -350,7 +350,7 @@ static int busname_coldplug(Unit *u, Hashmap *deferred_work) {
+ if (n->control_pid <= 0)
+ return -EBADMSG;
+
+- r = unit_watch_pid(UNIT(n), n->control_pid);
++ r = unit_watch_pid(UNIT(n), n->control_pid, false);
+ if (r < 0)
+ return r;
+
+@@ -413,7 +413,7 @@ static int busname_make_starter(BusName *n, pid_t *_pid) {
+ _exit(ret);
+ }
+
+- r = unit_watch_pid(UNIT(n), pid);
++ r = unit_watch_pid(UNIT(n), pid, true);
+ if (r < 0)
+ goto fail;
+
+diff --git a/src/core/cgroup.c b/src/core/cgroup.c
+index 0779fa5552..0ce265dbf4 100644
+--- a/src/core/cgroup.c
++++ b/src/core/cgroup.c
+@@ -26,6 +26,7 @@
+ #include "special.h"
+ #include "cgroup-util.h"
+ #include "cgroup.h"
++#include "util.h"
+
+ #define CGROUP_CPU_QUOTA_PERIOD_USEC ((usec_t) 100 * USEC_PER_MSEC)
+
+@@ -881,7 +882,7 @@ void unit_destroy_cgroup_if_empty(Unit *u) {
+
+ pid_t unit_search_main_pid(Unit *u) {
+ _cleanup_fclose_ FILE *f = NULL;
+- pid_t pid = 0, npid, mypid;
++ pid_t pid = 0, npid;
+
+ assert(u);
+
+@@ -891,15 +892,12 @@ pid_t unit_search_main_pid(Unit *u) {
+ if (cg_enumerate_processes(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, &f) < 0)
+ return 0;
+
+- mypid = getpid();
+ while (cg_read_pid(f, &npid) > 0) {
+- pid_t ppid;
+-
+ if (npid == pid)
+ continue;
+
+ /* Ignore processes that aren't our kids */
+- if (get_parent_of_pid(npid, &ppid) >= 0 && ppid != mypid)
++ if (pid_is_my_child(npid) == 0)
+ continue;
+
+ if (pid != 0) {
+diff --git a/src/core/dbus-scope.c b/src/core/dbus-scope.c
+index 60215a1935..f31360ad56 100644
+--- a/src/core/dbus-scope.c
++++ b/src/core/dbus-scope.c
+@@ -93,7 +93,7 @@ static int bus_scope_set_transient_property(
+ return -EINVAL;
+
+ if (mode != UNIT_CHECK) {
+- r = unit_watch_pid(UNIT(s), pid);
++ r = unit_watch_pid(UNIT(s), pid, false);
+ if (r < 0 && r != -EEXIST)
+ return r;
+ }
+diff --git a/src/core/mount.c b/src/core/mount.c
+index bfbfc10731..3167bd6bb1 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -659,7 +659,7 @@ static int mount_coldplug(Unit *u, Hashmap *deferred_work) {
+ if (m->control_pid <= 0)
+ return -EBADMSG;
+
+- r = unit_watch_pid(UNIT(m), m->control_pid);
++ r = unit_watch_pid(UNIT(m), m->control_pid, false);
+ if (r < 0)
+ return r;
+
+@@ -751,7 +751,7 @@ static int mount_spawn(Mount *m, ExecCommand *c, pid_t *_pid) {
+ if (r < 0)
+ goto fail;
+
+- r = unit_watch_pid(UNIT(m), pid);
++ r = unit_watch_pid(UNIT(m), pid, true);
+ if (r < 0)
+ /* FIXME: we need to do something here */
+ goto fail;
+diff --git a/src/core/service.c b/src/core/service.c
+index f7b859d076..1ad154e41f 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -145,8 +145,6 @@ static void service_unwatch_pid_file(Service *s) {
+ }
+
+ static int service_set_main_pid(Service *s, pid_t pid) {
+- pid_t ppid;
+-
+ assert(s);
+
+ if (pid <= 1)
+@@ -165,12 +163,10 @@ static int service_set_main_pid(Service *s, pid_t pid) {
+
+ s->main_pid = pid;
+ s->main_pid_known = true;
++ s->main_pid_alien = pid_is_my_child(pid) == 0;
+
+- if (get_parent_of_pid(pid, &ppid) >= 0 && ppid != getpid()) {
++ if (s->main_pid_alien)
+ log_unit_warning(UNIT(s)->id, "%s: Supervising process "PID_FMT" which is not our child. We'll most likely not notice when it exits.", UNIT(s)->id, pid);
+- s->main_pid_alien = true;
+- } else
+- s->main_pid_alien = false;
+
+ return 0;
+ }
+@@ -809,7 +805,7 @@ static int service_load_pid_file(Service *s, bool may_warn) {
+ if (r < 0)
+ return r;
+
+- r = unit_watch_pid(UNIT(s), pid);
++ r = unit_watch_pid(UNIT(s), pid, false);
+ if (r < 0) {
+ /* FIXME: we need to do something here */
+ log_unit_warning(UNIT(s)->id, "Failed to watch PID "PID_FMT" from service %s", pid, UNIT(s)->id);
+@@ -844,7 +840,7 @@ static int service_search_main_pid(Service *s) {
+ if (r < 0)
+ return r;
+
+- r = unit_watch_pid(UNIT(s), pid);
++ r = unit_watch_pid(UNIT(s), pid, false);
+ if (r < 0) {
+ /* FIXME: we need to do something here */
+ log_unit_warning(UNIT(s)->id, "Failed to watch PID "PID_FMT" from service %s", pid, UNIT(s)->id);
+@@ -989,7 +985,7 @@ static int service_coldplug(Unit *u, Hashmap *deferred_work) {
+ SERVICE_STOP, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL,
+ SERVICE_STOP_SIGABRT, SERVICE_STOP_POST,
+ SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL))) {
+- r = unit_watch_pid(UNIT(s), s->main_pid);
++ r = unit_watch_pid(UNIT(s), s->main_pid, false);
+ if (r < 0)
+ return r;
+ }
+@@ -1001,7 +997,7 @@ static int service_coldplug(Unit *u, Hashmap *deferred_work) {
+ SERVICE_STOP, SERVICE_STOP_SIGTERM, SERVICE_STOP_SIGKILL,
+ SERVICE_STOP_SIGABRT, SERVICE_STOP_POST,
+ SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL)) {
+- r = unit_watch_pid(UNIT(s), s->control_pid);
++ r = unit_watch_pid(UNIT(s), s->control_pid, false);
+ if (r < 0)
+ return r;
+ }
+@@ -1271,7 +1267,7 @@ static int service_spawn(
+ if (r < 0)
+ goto fail;
+
+- r = unit_watch_pid(UNIT(s), pid);
++ r = unit_watch_pid(UNIT(s), pid, true);
+ if (r < 0)
+ /* FIXME: we need to do something here */
+ goto fail;
+@@ -2325,7 +2321,7 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
+ log_unit_debug(u->id, "Failed to parse main-pid value %s", value);
+ else {
+ service_set_main_pid(s, pid);
+- unit_watch_pid(UNIT(s), pid);
++ unit_watch_pid(UNIT(s), pid, false);
+ }
+ } else if (streq(key, "main-pid-known")) {
+ int b;
+@@ -3085,7 +3081,7 @@ static void service_notify_message(
+ }
+ if (r > 0) {
+ service_set_main_pid(s, new_main_pid);
+- unit_watch_pid(UNIT(s), new_main_pid);
++ unit_watch_pid(UNIT(s), new_main_pid, false);
+ notify_dbus = true;
+ }
+ }
+@@ -3265,7 +3261,7 @@ static void service_bus_name_owner_change(
+ log_unit_debug(u->id, "%s's D-Bus name %s is now owned by process %u", u->id, name, (unsigned) pid);
+
+ service_set_main_pid(s, pid);
+- unit_watch_pid(UNIT(s), pid);
++ unit_watch_pid(UNIT(s), pid, false);
+ }
+ }
+ }
+diff --git a/src/core/socket.c b/src/core/socket.c
+index 1e8ae0a6e5..a5f610cd77 100644
+--- a/src/core/socket.c
++++ b/src/core/socket.c
+@@ -1350,7 +1350,7 @@ static int socket_coldplug(Unit *u, Hashmap *deferred_work) {
+ if (s->control_pid <= 0)
+ return -EBADMSG;
+
+- r = unit_watch_pid(UNIT(s), s->control_pid);
++ r = unit_watch_pid(UNIT(s), s->control_pid, false);
+ if (r < 0)
+ return r;
+
+@@ -1427,7 +1427,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
+ if (r < 0)
+ goto fail;
+
+- r = unit_watch_pid(UNIT(s), pid);
++ r = unit_watch_pid(UNIT(s), pid, true);
+ if (r < 0)
+ /* FIXME: we need to do something here */
+ goto fail;
+@@ -1512,7 +1512,7 @@ static int socket_chown(Socket *s, pid_t *_pid) {
+ _exit(ret);
+ }
+
+- r = unit_watch_pid(UNIT(s), pid);
++ r = unit_watch_pid(UNIT(s), pid, true);
+ if (r < 0)
+ goto fail;
+
+diff --git a/src/core/swap.c b/src/core/swap.c
+index 757a8d45c5..4a5e882332 100644
+--- a/src/core/swap.c
++++ b/src/core/swap.c
+@@ -548,7 +548,7 @@ static int swap_coldplug(Unit *u, Hashmap *deferred_work) {
+ if (s->control_pid <= 0)
+ return -EBADMSG;
+
+- r = unit_watch_pid(UNIT(s), s->control_pid);
++ r = unit_watch_pid(UNIT(s), s->control_pid, false);
+ if (r < 0)
+ return r;
+
+@@ -645,7 +645,7 @@ static int swap_spawn(Swap *s, ExecCommand *c, pid_t *_pid) {
+ if (r < 0)
+ goto fail;
+
+- r = unit_watch_pid(UNIT(s), pid);
++ r = unit_watch_pid(UNIT(s), pid, true);
+ if (r < 0)
+ /* FIXME: we need to do something here */
+ goto fail;
+diff --git a/src/core/unit.c b/src/core/unit.c
+index def36a0930..cdac192eb6 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -52,6 +52,7 @@
+ #include "execute.h"
+ #include "virt.h"
+ #include "dropin.h"
++#include "util.h"
+
+ const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = {
+ [UNIT_SERVICE] = &service_vtable,
+@@ -1961,7 +1962,7 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su
+ unit_add_to_gc_queue(u);
+ }
+
+-int unit_watch_pid(Unit *u, pid_t pid) {
++int unit_watch_pid(Unit *u, pid_t pid, bool exclusive) {
+ int q, r;
+
+ assert(u);
+@@ -1970,6 +1971,15 @@ int unit_watch_pid(Unit *u, pid_t pid) {
+ /* Watch a specific PID. We only support one or two units
+ * watching each PID for now, not more. */
+
++ /* Caller might be sure that this PID belongs to this unit only. Let's take this
++ * opportunity to remove any stalled references to this PID as they can be created
++ * easily (when watching a process which is not our direct child). */
++ if (exclusive) {
++ log_unit_debug(u->id, "Cleaning "PID_FMT" from watches.", pid);
++ hashmap_remove2(u->manager->watch_pids1, LONG_TO_PTR(pid), NULL);
++ hashmap_remove2(u->manager->watch_pids2, LONG_TO_PTR(pid), NULL);
++ }
++
+ r = set_ensure_allocated(&u->pids, NULL);
+ if (r < 0)
+ return r;
+@@ -1985,7 +1995,12 @@ int unit_watch_pid(Unit *u, pid_t pid) {
+ return r;
+
+ r = hashmap_put(u->manager->watch_pids2, LONG_TO_PTR(pid), u);
+- }
++ if (r >= 0)
++ log_unit_debug(u->id, "Watching "PID_FMT" through watch_pids2.", pid);
++ else if (r == -EEXIST)
++ log_unit_warning(u->id, "Cannot watch "PID_FMT", PID is already watched twice.", pid);
++ } else if (r >= 0)
++ log_unit_debug(u->id, "Watching "PID_FMT" through watch_pids1.", pid);
+
+ q = set_put(u->pids, LONG_TO_PTR(pid));
+ if (q < 0)
+@@ -1998,6 +2013,8 @@ void unit_unwatch_pid(Unit *u, pid_t pid) {
+ assert(u);
+ assert(pid >= 1);
+
++ log_unit_debug(u->id, "Unwatching "PID_FMT".", pid);
++
+ hashmap_remove_value(u->manager->watch_pids1, LONG_TO_PTR(pid), u);
+ hashmap_remove_value(u->manager->watch_pids2, LONG_TO_PTR(pid), u);
+ set_remove(u->pids, LONG_TO_PTR(pid));
+@@ -2028,7 +2045,9 @@ static int unit_watch_pids_in_path(Unit *u, const char *path) {
+ pid_t pid;
+
+ while ((r = cg_read_pid(f, &pid)) > 0) {
+- r = unit_watch_pid(u, pid);
++ if (pid_is_my_child(pid) == 0)
++ log_unit_debug(u->id, "Watching non detached "PID_FMT".", pid);
++ r = unit_watch_pid(u, pid, false);
+ if (r < 0 && ret >= 0)
+ ret = r;
+ }
+diff --git a/src/core/unit.h b/src/core/unit.h
+index a6e21d60ce..4a8bd79052 100644
+--- a/src/core/unit.h
++++ b/src/core/unit.h
+@@ -537,7 +537,7 @@ int unit_kill_common(Unit *u, KillWho who, int signo, pid_t main_pid, pid_t cont
+
+ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_success);
+
+-int unit_watch_pid(Unit *u, pid_t pid);
++int unit_watch_pid(Unit *u, pid_t pid, bool exclusive);
+ void unit_unwatch_pid(Unit *u, pid_t pid);
+ int unit_watch_all_pids(Unit *u);
+ void unit_unwatch_all_pids(Unit *u);
+diff --git a/src/shared/util.c b/src/shared/util.c
+index 82c8e433dd..127a64c3c6 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -641,6 +641,20 @@ int get_parent_of_pid(pid_t pid, pid_t *_ppid) {
+ return 0;
+ }
+
++int pid_is_my_child(pid_t pid) {
++ pid_t ppid;
++ int r;
++
++ if (pid <= 1)
++ return false;
++
++ r = get_parent_of_pid(pid, &ppid);
++ if (r < 0)
++ return r;
++
++ return ppid == getpid();
++}
++
+ int fchmod_umask(int fd, mode_t m) {
+ mode_t u;
+ int r;
+diff --git a/src/shared/util.h b/src/shared/util.h
+index 538ca4be2d..6b885d7533 100644
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -279,6 +279,7 @@ const char* split(const char **state, size_t *l, const char *separator, bool quo
+ for ((state) = (s), (word) = split(&(state), &(length), (separator), (quoted)); (word); (word) = split(&(state), &(length), (separator), (quoted)))
+
+ pid_t get_parent_of_pid(pid_t pid, pid_t *ppid);
++int pid_is_my_child(pid_t pid);
+
+ char *strappend(const char *s, const char *suffix);
+ char *strnappend(const char *s, const char *suffix, size_t length);
diff --git a/SOURCES/0773-timedate-use-gmtime_r-and-localtime_r.patch b/SOURCES/0773-timedate-use-gmtime_r-and-localtime_r.patch
new file mode 100644
index 0000000..49f0faa
--- /dev/null
+++ b/SOURCES/0773-timedate-use-gmtime_r-and-localtime_r.patch
@@ -0,0 +1,78 @@
+From 52df8972d4005b23f7c2e52b0cf7210b8c594876 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 25 Jun 2018 14:29:25 +0200
+Subject: [PATCH] timedate: use gmtime_r() and localtime_r()
+
+gmtime() and localtime() operate on a static buffer. let's avoid this,
+as we never know whether some library might use these calls in some
+backrgound thread.
+
+Discovered by lgtm:
+
+https://lgtm.com/projects/g/systemd/systemd/
+(cherry picked from commit e46acb7950a9f07ac60d772309de842c444ad2bd)
+
+Resolves: #1694605
+---
+ src/timedate/timedated.c | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
+index 09d0dbabcd..afd54a8936 100644
+--- a/src/timedate/timedated.c
++++ b/src/timedate/timedated.c
+@@ -542,9 +542,9 @@ static int method_set_local_rtc(sd_bus *bus, sd_bus_message *m, void *userdata,
+ * initialize the timezone fields of
+ * struct tm. */
+ if (c->local_rtc)
+- tm = *localtime(&ts.tv_sec);
++ localtime_r(&ts.tv_sec, &tm);
+ else
+- tm = *gmtime(&ts.tv_sec);
++ gmtime_r(&ts.tv_sec, &tm);
+
+ /* Override the main fields of
+ * struct tm, but not the timezone
+@@ -562,15 +562,15 @@ static int method_set_local_rtc(sd_bus *bus, sd_bus_message *m, void *userdata,
+ }
+
+ } else {
+- struct tm *tm;
++ struct tm tm;
+
+ /* Sync RTC from system clock */
+ if (c->local_rtc)
+- tm = localtime(&ts.tv_sec);
++ localtime_r(&ts.tv_sec, &tm);
+ else
+- tm = gmtime(&ts.tv_sec);
++ gmtime_r(&ts.tv_sec, &tm);
+
+- clock_set_hwclock(tm);
++ clock_set_hwclock(&tm);
+ }
+
+ log_info("RTC configured to %s time.", c->local_rtc ? "local" : "UTC");
+@@ -585,7 +585,7 @@ static int method_set_time(sd_bus *bus, sd_bus_message *m, void *userdata, sd_bu
+ Context *c = userdata;
+ int64_t utc;
+ struct timespec ts;
+- struct tm* tm;
++ struct tm tm;
+ int r;
+
+ assert(bus);
+@@ -633,10 +633,10 @@ static int method_set_time(sd_bus *bus, sd_bus_message *m, void *userdata, sd_bu
+
+ /* Sync down to RTC */
+ if (c->local_rtc)
+- tm = localtime(&ts.tv_sec);
++ localtime_r(&ts.tv_sec, &tm);
+ else
+- tm = gmtime(&ts.tv_sec);
+- clock_set_hwclock(tm);
++ gmtime_r(&ts.tv_sec, &tm);
++ clock_set_hwclock(&tm);
+
+ log_struct(LOG_INFO,
+ LOG_MESSAGE_ID(SD_MESSAGE_TIME_CHANGE),
diff --git a/SOURCES/0774-sd-bus-stop-using-the-result-of-an-assignment-as-an-.patch b/SOURCES/0774-sd-bus-stop-using-the-result-of-an-assignment-as-an-.patch
new file mode 100644
index 0000000..6100bdb
--- /dev/null
+++ b/SOURCES/0774-sd-bus-stop-using-the-result-of-an-assignment-as-an-.patch
@@ -0,0 +1,30 @@
+From b6f311503a6d8cbca75d1579045ec4bff2d2459a Mon Sep 17 00:00:00 2001
+From: Evegeny Vereshchagin <evvers@ya.ru>
+Date: Tue, 26 Jun 2018 02:32:44 +0000
+Subject: [PATCH] sd-bus: stop using the result of an assignment as an operand
+ of &&
+
+This makes OBJECT_PATH_FOREACH_PREFIX consistent with PATH_FOREACH_PREFIX
+and also fixes 7 alerts reported by LGTM at
+https://lgtm.com/projects/g/systemd/systemd/snapshot/ac0a08700344a5690803df8dd80e8bb5013184a5/files/src/libsystemd/sd-bus/bus-objects.c?sort=name&dir=ASC&mode=heatmap&showExcluded=true#V1383
+
+(cherry picked from commit 283c2653877f2b958045ad99493869fe1a88be95)
+
+Resolves: #1694605
+---
+ src/libsystemd/sd-bus/bus-internal.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h
+index 1c5fbeac2a..33a5569146 100644
+--- a/src/libsystemd/sd-bus/bus-internal.h
++++ b/src/libsystemd/sd-bus/bus-internal.h
+@@ -378,7 +378,7 @@ char *bus_address_escape(const char *v);
+
+ #define OBJECT_PATH_FOREACH_PREFIX(prefix, path) \
+ for (char *_slash = ({ strcpy((prefix), (path)); streq((prefix), "/") ? NULL : strrchr((prefix), '/'); }) ; \
+- _slash && !(_slash[(_slash) == (prefix)] = 0); \
++ _slash && ((_slash[(_slash) == (prefix)] = 0), true); \
+ _slash = streq((prefix), "/") ? NULL : strrchr((prefix), '/'))
+
+ /* If we are invoking callbacks of a bus object, ensure unreffing the
diff --git a/SOURCES/0775-journal-upload-add-asserts-that-snprintf-does-not-re.patch b/SOURCES/0775-journal-upload-add-asserts-that-snprintf-does-not-re.patch
new file mode 100644
index 0000000..8bbb420
--- /dev/null
+++ b/SOURCES/0775-journal-upload-add-asserts-that-snprintf-does-not-re.patch
@@ -0,0 +1,65 @@
+From c394463688c332199a8fcabe6f84818b57c730b3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 2 Oct 2018 12:46:31 +0200
+Subject: [PATCH] journal-upload: add asserts that snprintf does not return an
+ error
+
+LGMT complains:
+> The size argument of this snprintf call is derived from its return value,
+> which may exceed the size of the buffer and overflow.
+
+Let's make sure that r is non-negative. (This shouldn't occur unless the format
+string is borked, so let's just add an assert.)
+Then, let's reorder the comparison to avoid the potential overflow.
+
+(cherry picked from commit 91db8ed5b2e67abf738381a6ed6a05a8271498cd)
+
+Resolves: #1694605
+---
+ src/journal-remote/journal-upload-journal.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/journal-remote/journal-upload-journal.c b/src/journal-remote/journal-upload-journal.c
+index 5fd639a76a..c244a76932 100644
+--- a/src/journal-remote/journal-upload-journal.c
++++ b/src/journal-remote/journal-upload-journal.c
+@@ -30,7 +30,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
+
+ r = snprintf(buf + pos, size - pos,
+ "__CURSOR=%s\n", u->current_cursor);
+- if (pos + r > size)
++ assert(r >= 0);
++ if ((size_t) r > size - pos)
+ /* not enough space */
+ return pos;
+
+@@ -54,7 +55,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
+
+ r = snprintf(buf + pos, size - pos,
+ "__REALTIME_TIMESTAMP="USEC_FMT"\n", realtime);
+- if (r + pos > size)
++ assert(r >= 0);
++ if ((size_t) r > size - pos)
+ /* not enough space */
+ return pos;
+
+@@ -79,7 +81,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
+
+ r = snprintf(buf + pos, size - pos,
+ "__MONOTONIC_TIMESTAMP="USEC_FMT"\n", monotonic);
+- if (r + pos > size)
++ assert(r >= 0);
++ if ((size_t) r > size - pos)
+ /* not enough space */
+ return pos;
+
+@@ -104,7 +107,8 @@ static ssize_t write_entry(char *buf, size_t size, Uploader *u) {
+
+ r = snprintf(buf + pos, size - pos,
+ "_BOOT_ID=%s\n", sd_id128_to_string(boot_id, sid));
+- if (r + pos > size)
++ assert(r >= 0);
++ if ((size_t) r > size - pos)
+ /* not enough space */
+ return pos;
+
diff --git a/SOURCES/0776-analyze-actually-select-longest-activated-time-of-se.patch b/SOURCES/0776-analyze-actually-select-longest-activated-time-of-se.patch
new file mode 100644
index 0000000..487f7bd
--- /dev/null
+++ b/SOURCES/0776-analyze-actually-select-longest-activated-time-of-se.patch
@@ -0,0 +1,35 @@
+From 91b866591a2fb05a087a040a49a792a3d40a2a06 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 27 Jun 2018 13:32:05 +0900
+Subject: [PATCH] analyze: actually select longest activated-time of services
+
+Discovered by LGTM.
+
+(cherry picked from commit e68131526b7a2cfdb8e59bd2ed7a284dba095ac5)
+
+Resolves: #1694605
+---
+ src/analyze/analyze.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
+index 7116aaa88d..e9ca9ba818 100644
+--- a/src/analyze/analyze.c
++++ b/src/analyze/analyze.c
+@@ -788,14 +788,11 @@ static int list_dependencies_one(sd_bus *bus, const char *name, unsigned int lev
+ if (times
+ && times->activated
+ && times->activated <= boot->finish_time
+- && (times->activated >= service_longest
+- || service_longest == 0)) {
++ && times->activated >= service_longest)
+ service_longest = times->activated;
+- break;
+- }
+ }
+
+- if (service_longest == 0 )
++ if (service_longest == 0)
+ return r;
+
+ STRV_FOREACH(c, deps) {
diff --git a/SOURCES/0777-pid1-remove-unnecessary-error-reassignment.patch b/SOURCES/0777-pid1-remove-unnecessary-error-reassignment.patch
new file mode 100644
index 0000000..f08cb07
--- /dev/null
+++ b/SOURCES/0777-pid1-remove-unnecessary-error-reassignment.patch
@@ -0,0 +1,30 @@
+From f1851da2600d24191d90cfa2474574821c240969 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Wed, 27 Feb 2019 18:11:44 +0100
+Subject: [PATCH] pid1: remove unnecessary error reassignment
+
+r is always >= 0 so let's drop the unnecessary condition
+to make LGTM happy
+
+Based on commit 7c3733d5defb5428ddfeefae6d80fcbcc253e7ef
+
+Resolves: #1694605
+---
+ src/core/manager.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index afa4d2b8fa..88d156e8fb 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -2805,9 +2805,7 @@ int manager_reload(Manager *m) {
+ lookup_paths_free(&m->lookup_paths);
+
+ /* Find new unit paths */
+- q = manager_run_generators(m);
+- if (q < 0 && r >= 0)
+- r = q;
++ r = manager_run_generators(m);
+
+ q = lookup_paths_init(
+ &m->lookup_paths, m->running_as, true,
diff --git a/SOURCES/0778-core-drop-unnecessary-condition.patch b/SOURCES/0778-core-drop-unnecessary-condition.patch
new file mode 100644
index 0000000..4305839
--- /dev/null
+++ b/SOURCES/0778-core-drop-unnecessary-condition.patch
@@ -0,0 +1,28 @@
+From 443a7bc554b65f9b859db60474439c03b19c79c1 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Wed, 27 Feb 2019 18:35:15 +0100
+Subject: [PATCH] core: drop unnecessary condition
+
+In this case ret is always >= 0 as it still contains the initialization
+value (i.e. 0). Let's drop the unnecessary condition to make LGTM happy.
+
+Relevant commit: efdb02375beb0a940c3320865572913780b4d7de
+
+Resolves: #1694605
+---
+ src/core/unit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index cdac192eb6..4069a6f4c4 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -2054,7 +2054,7 @@ static int unit_watch_pids_in_path(Unit *u, const char *path) {
+ if (r < 0 && ret >= 0)
+ ret = r;
+
+- } else if (ret >= 0)
++ } else
+ ret = r;
+
+ r = cg_enumerate_subgroups(SYSTEMD_CGROUP_CONTROLLER, path, &d);
diff --git a/SOURCES/0779-import-drop-unnecessary-condition.patch b/SOURCES/0779-import-drop-unnecessary-condition.patch
new file mode 100644
index 0000000..9147197
--- /dev/null
+++ b/SOURCES/0779-import-drop-unnecessary-condition.patch
@@ -0,0 +1,26 @@
+From 8606f4b13ba677efad8bb6aae2d61c98e23a75f2 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Wed, 27 Feb 2019 18:53:19 +0100
+Subject: [PATCH] import: drop unnecessary condition
+
+Relevant commit: d61b34f1b22d1d7a641a1652ff23113d3e87ace7
+
+Resolves: #1694605
+---
+ src/import/import-common.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/import/import-common.c b/src/import/import-common.c
+index 243e657c56..713a218c67 100644
+--- a/src/import/import-common.c
++++ b/src/import/import-common.c
+@@ -455,8 +455,7 @@ int import_verify(
+ }
+
+ finish:
+- if (sig_file >= 0)
+- unlink(sig_file_path);
++ (void) unlink(sig_file_path);
+
+ if (gpg_home_created)
+ rm_rf_dangerous(gpg_home, false, true, false);
diff --git a/SOURCES/0780-journal-verify-add-comment-and-silence-LGTM-warning.patch b/SOURCES/0780-journal-verify-add-comment-and-silence-LGTM-warning.patch
new file mode 100644
index 0000000..b434cc4
--- /dev/null
+++ b/SOURCES/0780-journal-verify-add-comment-and-silence-LGTM-warning.patch
@@ -0,0 +1,31 @@
+From d58e871a424fedf286747816e9525fc2287bb72d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 2 Oct 2018 12:26:23 +0200
+Subject: [PATCH] journal-verify: add comment and silence LGTM warning
+
+(cherry picked from commit 0a587335d2a16a48479b10969491a7353d78c25b)
+
+Resolves: #1694605
+---
+ src/journal/journal-verify.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c
+index 250d4c7586..7c6d8ab780 100644
+--- a/src/journal/journal-verify.c
++++ b/src/journal/journal-verify.c
+@@ -70,10 +70,11 @@ static void draw_progress(uint64_t p, usec_t *last_usec) {
+ }
+
+ static uint64_t scale_progress(uint64_t scale, uint64_t p, uint64_t m) {
++ /* Calculates scale * p / m, but handles m == 0 safely, and saturates.
++ * Currently all callers use m >= 1, but we keep the check to be defensive.
++ */
+
+- /* Calculates scale * p / m, but handles m == 0 safely, and saturates */
+-
+- if (p >= m || m == 0)
++ if (p >= m || m == 0) // lgtm[cpp/constant-comparison]
+ return scale;
+
+ return scale * p / m;
diff --git a/SOURCES/0781-journal-drop-redundant-condition.patch b/SOURCES/0781-journal-drop-redundant-condition.patch
new file mode 100644
index 0000000..bb618c2
--- /dev/null
+++ b/SOURCES/0781-journal-drop-redundant-condition.patch
@@ -0,0 +1,25 @@
+From 5f71ed0c948653fd9037d751f48182cb0c5dfb99 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Wed, 27 Feb 2019 19:01:20 +0100
+Subject: [PATCH] journal: drop redundant condition
+
+Relevant commit: 29bfb683a8c9d03f10db58b4e61351fd9048f270
+
+Resolves: #1694605
+---
+ src/journal/journald-server.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 2e1e07eb0e..aaabb2f7ab 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -345,7 +345,7 @@ static int system_journal_open(Server *s, bool flush_requested) {
+ if (r >= 0) {
+ server_fix_perms(s, s->system_journal, 0);
+ available_space(s, true);
+- } else if (r < 0) {
++ } else {
+ if (r != -ENOENT && r != -EROFS)
+ log_warning_errno(r, "Failed to open system journal: %m");
+
diff --git a/SOURCES/0782-lldp-set-correct-state-for-processing.patch b/SOURCES/0782-lldp-set-correct-state-for-processing.patch
new file mode 100644
index 0000000..1755b02
--- /dev/null
+++ b/SOURCES/0782-lldp-set-correct-state-for-processing.patch
@@ -0,0 +1,28 @@
+From 9562c6da55b17beb54de3a4f2c3a0ef0592dc53f Mon Sep 17 00:00:00 2001
+From: Susant Sahani <susant@redhat.com>
+Date: Thu, 2 Jul 2015 09:00:02 +0530
+Subject: [PATCH] lldp: set correct state for processing
+
+ldp_receive_frame after correct processing of the packet the state
+should be LLDP_AGENT_RX_WAIT_FOR_FRAME not LLDP_AGENT_RX_UPDATE_INFO.
+
+(cherry picked from commit 9bb1bffe3018aef5e70c411f68863eafdc92fddf)
+
+Resolves: #1694605
+---
+ src/libsystemd-network/sd-lldp.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/libsystemd-network/sd-lldp.c b/src/libsystemd-network/sd-lldp.c
+index 19ef2ccdbd..d2f21fd10f 100644
+--- a/src/libsystemd-network/sd-lldp.c
++++ b/src/libsystemd-network/sd-lldp.c
+@@ -136,8 +136,6 @@ static int lldp_receive_frame(sd_lldp *lldp, tlv_packet *tlv) {
+
+ lldp->statistics.stats_frames_in_total ++;
+
+- return 0;
+-
+ out:
+ if (r < 0)
+ log_lldp("Receive frame failed: %s", strerror(-r));
diff --git a/SOURCES/0783-sd-bus-fix-implicit-downcast-of-bitfield-reported-by.patch b/SOURCES/0783-sd-bus-fix-implicit-downcast-of-bitfield-reported-by.patch
new file mode 100644
index 0000000..6a0327f
--- /dev/null
+++ b/SOURCES/0783-sd-bus-fix-implicit-downcast-of-bitfield-reported-by.patch
@@ -0,0 +1,25 @@
+From c8389c4a0b1e2587247824782230d4c132a639ee Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 27 Jun 2018 13:28:28 +0900
+Subject: [PATCH] sd-bus: fix implicit downcast of bitfield reported by LGTM
+
+(cherry picked from commit affaed1e55685e8e248db1afd50b3e0f466ce5cc)
+
+Resolves: #1694605
+---
+ src/libsystemd/sd-bus/bus-introspect.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-bus/bus-introspect.c b/src/libsystemd/sd-bus/bus-introspect.c
+index d528ab2a04..f77e6abec7 100644
+--- a/src/libsystemd/sd-bus/bus-introspect.c
++++ b/src/libsystemd/sd-bus/bus-introspect.c
+@@ -74,7 +74,7 @@ int introspect_write_child_nodes(struct introspect *i, Set *s, const char *prefi
+ return 0;
+ }
+
+-static void introspect_write_flags(struct introspect *i, int type, int flags) {
++static void introspect_write_flags(struct introspect *i, int type, uint64_t flags) {
+ if (flags & SD_BUS_VTABLE_DEPRECATED)
+ fputs(" <annotation name=\"org.freedesktop.DBus.Deprecated\" value=\"true\"/>\n", i->f);
+
diff --git a/SOURCES/0784-tree-wide-use-signed-int-instead-of-int-for-bit-fiel.patch b/SOURCES/0784-tree-wide-use-signed-int-instead-of-int-for-bit-fiel.patch
new file mode 100644
index 0000000..73bf4d3
--- /dev/null
+++ b/SOURCES/0784-tree-wide-use-signed-int-instead-of-int-for-bit-fiel.patch
@@ -0,0 +1,28 @@
+From 16c52e0a0efcdddc7809eca7fa6543f47e91ec9b Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Wed, 27 Feb 2019 19:45:59 +0100
+Subject: [PATCH] tree-wide: use 'signed int' instead of 'int' for bit field
+ variables
+
+Suggested by LGTM: https://lgtm.com/rules/1506024027114/
+
+(cherry picked from commit 845d247a3dbca437fd8a118a118328acb322e2c1)
+
+Resolves: #1694605
+---
+ src/libsystemd/sd-event/sd-event.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
+index 9d48e5a490..1cd2dfac84 100644
+--- a/src/libsystemd/sd-event/sd-event.c
++++ b/src/libsystemd/sd-event/sd-event.c
+@@ -68,7 +68,7 @@ struct sd_event_source {
+ char *description;
+
+ EventSourceType type:5;
+- int enabled:3;
++ signed int enabled:3;
+ bool pending:1;
+ bool dispatching:1;
+ bool floating:1;
diff --git a/SOURCES/0785-machinectl-check-correct-FD-for-a-return-value.patch b/SOURCES/0785-machinectl-check-correct-FD-for-a-return-value.patch
new file mode 100644
index 0000000..7f5a5cb
--- /dev/null
+++ b/SOURCES/0785-machinectl-check-correct-FD-for-a-return-value.patch
@@ -0,0 +1,25 @@
+From 2d1a6a5665492cc0a71554045b2293e1193c889b Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Wed, 27 Feb 2019 19:51:48 +0100
+Subject: [PATCH] machinectl: check correct FD for a return value
+
+Found by LGTM.
+
+Resolves: #1694605
+---
+ src/machine/machinectl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c
+index 1a58aeaf11..66b64e1feb 100644
+--- a/src/machine/machinectl.c
++++ b/src/machine/machinectl.c
+@@ -1086,7 +1086,7 @@ static int copy_files(int argc, char *argv[], void *userdata) {
+ return r;
+
+ hostfd = open(host_dirname, O_CLOEXEC|O_RDONLY|O_NOCTTY|O_DIRECTORY);
+- if (r < 0)
++ if (hostfd < 0)
+ return log_error_errno(errno, "Failed to open source directory: %m");
+
+ child = fork();
diff --git a/SOURCES/0786-shared-install-avoid-overwriting-r-counter-with-a-pa.patch b/SOURCES/0786-shared-install-avoid-overwriting-r-counter-with-a-pa.patch
new file mode 100644
index 0000000..4881d3c
--- /dev/null
+++ b/SOURCES/0786-shared-install-avoid-overwriting-r-counter-with-a-pa.patch
@@ -0,0 +1,37 @@
+From 3d359367291484097c0b496f6d83726e4070d036 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Thu, 28 Feb 2019 11:09:24 +0100
+Subject: [PATCH] shared/install: avoid overwriting 'r' counter with a partial
+ result
+
+We want to store either the first error or the total number of changes in 'r'.
+Instead, we were overwriting this with the return value from
+install_info_traverse().
+
+LGTM complained later in the loop that:
+> Comparison is always true because r >= 0.
+
+Relevant commit: 459500a32cf74edca93ec79ee4cdd9dfcd20eee0
+
+Resolves: #1694605
+---
+ src/shared/install.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index ea01e4dcc2..f2f968e329 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -1482,9 +1482,9 @@ static int install_context_apply(
+ if (q < 0)
+ return q;
+
+- r = install_info_traverse(scope, c, root_dir, paths, i, flags, NULL);
+- if (r < 0)
+- return r;
++ q = install_info_traverse(scope, c, root_dir, paths, i, flags, NULL);
++ if (q < 0)
++ return q;
+
+ if (i->type != UNIT_FILE_TYPE_REGULAR)
+ continue;
diff --git a/SOURCES/0787-systemctl-set_put-can-t-return-EEXIST.patch b/SOURCES/0787-systemctl-set_put-can-t-return-EEXIST.patch
new file mode 100644
index 0000000..8f79aef
--- /dev/null
+++ b/SOURCES/0787-systemctl-set_put-can-t-return-EEXIST.patch
@@ -0,0 +1,30 @@
+From 732efbce6725db08a527e14d34f4e10e51fae965 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Thu, 28 Feb 2019 11:35:53 +0100
+Subject: [PATCH] systemctl: set_put() can't return (-)EEXIST
+
+set_put() returns 0 if the key already exists, 1 if the entry
+was inserted successfully, and -ENOMEM otherwise.
+
+See: set_put(), hashmap_base_put_boldly()
+
+Found by LGTM.
+
+Resolves: #1694605
+---
+ src/systemctl/systemctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 398727cc7d..83c418f0b7 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -4310,7 +4310,7 @@ static int show_one(
+ return log_oom();
+
+ r = set_put(found_properties, name);
+- if (r < 0 && r != EEXIST)
++ if (r < 0)
+ return log_oom();
+
+ r = print_property(name, reply, contents);
diff --git a/SOURCES/0788-systemctl-remove-dead-check.patch b/SOURCES/0788-systemctl-remove-dead-check.patch
new file mode 100644
index 0000000..674e323
--- /dev/null
+++ b/SOURCES/0788-systemctl-remove-dead-check.patch
@@ -0,0 +1,38 @@
+From 9e1bc4f2d8c24ad1b257e3452212d945e1078a8f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sat, 7 Mar 2015 15:00:22 -0500
+Subject: [PATCH] systemctl: remove dead check
+
+r could never be less than zero.
+
+CID #1271350.
+
+(cherry picked from commit 2558691285b2f7b3078b43b26736fcadf3c6d194)
+
+Resolves: #1694605
+---
+ src/systemctl/systemctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 83c418f0b7..a55340f0a4 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -4652,7 +4652,7 @@ static int cat(sd_bus *bus, char **args) {
+ _cleanup_strv_free_ char **names = NULL;
+ char **name;
+ bool first = true, avoid_bus_cache;
+- int r = 0;
++ int r;
+
+ assert(args);
+
+@@ -4702,7 +4702,7 @@ static int cat(sd_bus *bus, char **args) {
+ }
+ }
+
+- return r < 0 ? r : 0;
++ return 0;
+ }
+
+ static int set_property(sd_bus *bus, char **args) {
diff --git a/SOURCES/0789-journal-gateway-explicitly-declare-local-variables.patch b/SOURCES/0789-journal-gateway-explicitly-declare-local-variables.patch
new file mode 100644
index 0000000..42d9a31
--- /dev/null
+++ b/SOURCES/0789-journal-gateway-explicitly-declare-local-variables.patch
@@ -0,0 +1,75 @@
+From c101d92274043d6d219b97fb356f8827407c3eeb Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 27 Jun 2018 14:22:24 +0900
+Subject: [PATCH] journal-gateway: explicitly declare local variables
+
+Suggested by LGTM.
+
+(cherry picked from commit c497e449f41774a36e01ae2cc2abade6133dffe1)
+
+Resolves: #1694605
+---
+ src/journal-remote/browse.html | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/journal-remote/browse.html b/src/journal-remote/browse.html
+index 3594f70c87..30615795b3 100644
+--- a/src/journal-remote/browse.html
++++ b/src/journal-remote/browse.html
+@@ -304,7 +304,6 @@
+ var buf = '';
+
+ for (i in l) {
+-
+ if (l[i] == '')
+ continue;
+
+@@ -322,6 +321,7 @@
+ else
+ priority = 6;
+
++ var clazz;
+ if (priority <= 3)
+ clazz = "message-error";
+ else if (priority <= 5)
+@@ -388,7 +388,7 @@
+ var d = JSON.parse(event.currentTarget.responseText);
+
+ document.getElementById("diventry").style.display = "block";
+- entry = document.getElementById("tableentry");
++ var entry = document.getElementById("tableentry");
+
+ var buf = "";
+ for (var key in d){
+@@ -455,7 +455,7 @@
+ (event.currentTarget.status != 200 && event.currentTarget.status != 0))
+ return;
+
+- f = document.getElementById("filter");
++ var f = document.getElementById("filter");
+
+ var l = event.currentTarget.responseText.split('\n');
+ var buf = '<option>No filter</option>';
+@@ -511,11 +511,12 @@
+ }
+
+ function initFilter() {
+- f = document.getElementById("filter");
++ var f = document.getElementById("filter");
+
+ var buf = '<option>No filter</option>';
+
+ var filter = localStorage["filter"];
++ var j;
+ if (filter != null && filter != "") {
+ buf += '<option value="' + escape(filter) + '">' + escapeHTML(filter) + '</option>';
+ j = 1;
+@@ -529,7 +530,7 @@
+ function installHandlers() {
+ document.onkeyup = onKeyUp;
+
+- logs = document.getElementById("divlogs");
++ var logs = document.getElementById("divlogs");
+ logs.addEventListener("mousewheel", onMouseWheel, false);
+ logs.addEventListener("DOMMouseScroll", onMouseWheel, false);
+ }
diff --git a/SOURCES/0790-journal-gateway-use-localStorage-cursor-only-when-it.patch b/SOURCES/0790-journal-gateway-use-localStorage-cursor-only-when-it.patch
new file mode 100644
index 0000000..d6069e4
--- /dev/null
+++ b/SOURCES/0790-journal-gateway-use-localStorage-cursor-only-when-it.patch
@@ -0,0 +1,36 @@
+From 0b53945e8b1db6255bf25017a7569b2545c8ed15 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 27 Jun 2018 14:50:19 +0900
+Subject: [PATCH] journal-gateway: use localStorage["cursor"] only when it has
+ valid value
+
+Discovered by LGTM.
+
+(cherry picked from commit 944072feddb73333023d0a98bf87fd2a17f894d3)
+
+Resolves: #1694605
+---
+ src/journal-remote/browse.html | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/journal-remote/browse.html b/src/journal-remote/browse.html
+index 30615795b3..be1ec5f235 100644
+--- a/src/journal-remote/browse.html
++++ b/src/journal-remote/browse.html
+@@ -236,10 +236,12 @@
+
+ function entriesLoad(range) {
+
+- if (range == null)
+- range = localStorage["cursor"] + ":0";
+- if (range == null)
+- range = "";
++ if (range == null) {
++ if (localStorage["cursor"] != null && localStorage["cursor"] != "")
++ range = localStorage["cursor"] + ":0";
++ else
++ range = "";
++ }
+
+ var url = "/entries";
+
diff --git a/SOURCES/0791-lgtm-ignore-files-dropped-in-upstream.patch b/SOURCES/0791-lgtm-ignore-files-dropped-in-upstream.patch
new file mode 100644
index 0000000..77daba6
--- /dev/null
+++ b/SOURCES/0791-lgtm-ignore-files-dropped-in-upstream.patch
@@ -0,0 +1,25 @@
+From a9c3cc27f21e3ec11ba47f6f5a2cf719098d366c Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Thu, 28 Feb 2019 14:20:31 +0100
+Subject: [PATCH] lgtm: ignore files dropped in upstream
+
+Resolves: #1694605
+---
+ .lgtm.yml | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/.lgtm.yml b/.lgtm.yml
+index 0c8304d689..070a13cd63 100644
+--- a/.lgtm.yml
++++ b/.lgtm.yml
+@@ -7,3 +7,10 @@ extraction:
+ --disable-gtk-doc --disable-manpages --disable-gtk-doc-html
+ --enable-compat-libs --disable-sysusers --disable-ldconfig
+ --enable-lz4 --disable-microhttpd
++path_classifiers:
++ # Any files which have a tag attached are filtered out from results & stats
++ ignored:
++ # Skip files dropped in upstream
++ - src/bootchart/
++ - src/gudev/
++ - src/libsystemd/sd-bus/bus-bloom.c
diff --git a/SOURCES/0792-lgtm-suppress-several-constant-comparisons.patch b/SOURCES/0792-lgtm-suppress-several-constant-comparisons.patch
new file mode 100644
index 0000000..1194e2b
--- /dev/null
+++ b/SOURCES/0792-lgtm-suppress-several-constant-comparisons.patch
@@ -0,0 +1,42 @@
+From 1499ff8f8ddd699a950729f5f3985975ef929c0a Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <fsumsal@redhat.com>
+Date: Thu, 28 Feb 2019 14:27:44 +0100
+Subject: [PATCH] lgtm: suppress several constant comparisons
+
+Even though LGTM is right is these cases, fixing it would require
+substantial refactoring in some cases, so it's better to leave them
+here (at least for RHEL 7).
+
+Resolves: #1694605
+rhel-only
+---
+ src/sysv-generator/sysv-generator.c | 2 +-
+ src/tty-ask-password-agent/tty-ask-password-agent.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c
+index fe6fae1510..232436a258 100644
+--- a/src/sysv-generator/sysv-generator.c
++++ b/src/sysv-generator/sysv-generator.c
+@@ -568,7 +568,7 @@ static int load_sysv(SysvStub *s) {
+ }
+ }
+
+- if (r < 0)
++ if (r < 0) // lgtm[cpp/constant-comparison]
+ log_unit_error(s->name,
+ "[%s:%u] Failed to add dependency on %s, ignoring: %s",
+ s->path, line, m, strerror(-r));
+diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
+index 47093b850d..1b7bbfa075 100644
+--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
++++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
+@@ -150,7 +150,7 @@ static int ask_password_plymouth(
+
+ p += k;
+
+- if (p < 1)
++ if (p < 1) // lgtm[cpp/constant-comparison]
+ continue;
+
+ if (buffer[0] == 5) {
diff --git a/SOURCES/0793-core-add-a-new-unit_needs_console-call.patch b/SOURCES/0793-core-add-a-new-unit_needs_console-call.patch
new file mode 100644
index 0000000..dd585de
--- /dev/null
+++ b/SOURCES/0793-core-add-a-new-unit_needs_console-call.patch
@@ -0,0 +1,121 @@
+From 94355e0146245c14012ac177461110d0a0c65f10 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 24 Jan 2018 19:54:26 +0100
+Subject: [PATCH] core: add a new unit_needs_console() call
+
+This call determines whether a specific unit currently needs access to
+the console. It's a fancy wrapper around
+exec_context_may_touch_console() ultimately, however for service units
+we'll explicitly exclude the SERVICE_EXITED state from when we report
+true.
+
+(cherry picked from commit bb2c7685454842549bc1fe47adc35cbca2a84190)
+
+Related: #1524359
+---
+ src/core/service.c | 27 +++++++++++++++++++++++++++
+ src/core/unit.c | 22 ++++++++++++++++++++++
+ src/core/unit.h | 5 +++++
+ 3 files changed, 54 insertions(+)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index 1ad154e41f..8a8f4be149 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -3368,6 +3368,32 @@ static int service_control_pid(Unit *u) {
+ return s->control_pid;
+ }
+
++static bool service_needs_console(Unit *u) {
++ Service *s = SERVICE(u);
++
++ assert(s);
++
++ /* We provide our own implementation of this here, instead of relying of the generic implementation
++ * unit_needs_console() provides, since we want to return false if we are in SERVICE_EXITED state. */
++
++ if (!exec_context_may_touch_console(&s->exec_context))
++ return false;
++
++ return IN_SET(s->state,
++ SERVICE_START_PRE,
++ SERVICE_START,
++ SERVICE_START_POST,
++ SERVICE_RUNNING,
++ SERVICE_RELOAD,
++ SERVICE_STOP,
++ SERVICE_STOP_SIGABRT,
++ SERVICE_STOP_SIGTERM,
++ SERVICE_STOP_SIGKILL,
++ SERVICE_STOP_POST,
++ SERVICE_FINAL_SIGTERM,
++ SERVICE_FINAL_SIGKILL);
++}
++
+ static const char* const service_restart_table[_SERVICE_RESTART_MAX] = {
+ [SERVICE_RESTART_NO] = "no",
+ [SERVICE_RESTART_ON_SUCCESS] = "on-success",
+@@ -3489,6 +3515,7 @@ const UnitVTable service_vtable = {
+ .bus_commit_properties = bus_service_commit_properties,
+
+ .get_timeout = service_get_timeout,
++ .needs_console = service_needs_console,
+ .can_transient = true,
+
+ .status_message_formats = {
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 4069a6f4c4..48358bc026 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -3699,6 +3699,28 @@ pid_t unit_main_pid(Unit *u) {
+ return 0;
+ }
+
++bool unit_needs_console(Unit *u) {
++ ExecContext *ec;
++ UnitActiveState state;
++
++ assert(u);
++
++ state = unit_active_state(u);
++
++ if (UNIT_IS_INACTIVE_OR_FAILED(state))
++ return false;
++
++ if (UNIT_VTABLE(u)->needs_console)
++ return UNIT_VTABLE(u)->needs_console(u);
++
++ /* If this unit type doesn't implement this call, let's use a generic fallback implementation: */
++ ec = unit_get_exec_context(u);
++ if (!ec)
++ return false;
++
++ return exec_context_may_touch_console(ec);
++}
++
+ static const char* const unit_active_state_table[_UNIT_ACTIVE_STATE_MAX] = {
+ [UNIT_ACTIVE] = "active",
+ [UNIT_RELOADING] = "reloading",
+diff --git a/src/core/unit.h b/src/core/unit.h
+index 4a8bd79052..fa7de11645 100644
+--- a/src/core/unit.h
++++ b/src/core/unit.h
+@@ -408,6 +408,9 @@ struct UnitVTable {
+ /* Returns the main PID if there is any defined, or 0. */
+ pid_t (*control_pid)(Unit *u);
+
++ /* Returns true if the unit currently needs access to the console */
++ bool (*needs_console)(Unit *u);
++
+ /* This is called for each unit type and should be used to
+ * enumerate existing devices and load them. However,
+ * everything that is loaded here should still stay in
+@@ -627,6 +630,8 @@ pid_t unit_main_pid(Unit *u);
+ const char *unit_active_state_to_string(UnitActiveState i) _const_;
+ UnitActiveState unit_active_state_from_string(const char *s) _pure_;
+
++bool unit_needs_console(Unit *u);
++
+ /* Macros which append UNIT= or USER_UNIT= to the message */
+
+ #define log_unit_full_errno(unit, level, error, ...) log_object_internal(level, error, __FILE__, __LINE__, __func__, getpid() == 1 ? "UNIT=" : "USER_UNIT=", unit, __VA_ARGS__)
diff --git a/SOURCES/0794-core-rework-how-we-count-the-n_on_console-counter.patch b/SOURCES/0794-core-rework-how-we-count-the-n_on_console-counter.patch
new file mode 100644
index 0000000..b6d788e
--- /dev/null
+++ b/SOURCES/0794-core-rework-how-we-count-the-n_on_console-counter.patch
@@ -0,0 +1,171 @@
+From 1ac6c613ef11a9ee9c36b25133cc302c4be1a858 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 24 Jan 2018 19:59:55 +0100
+Subject: [PATCH] core: rework how we count the n_on_console counter
+
+Let's add a per-unit boolean that tells us whether our unit is currently
+counted or not. This way it's unlikely we get out of sync again and
+things are generally more robust.
+
+This also allows us to remove the counting logic specific to service
+units (which was in fact mostly a copy from the generic implementation),
+in favour of fully generic code.
+
+Replaces: #7824
+(cherry picked from commit adefcf2821a386184991054ed2bb6dacc90d7419)
+
+Resolves: #1524359
+---
+ src/core/manager.c | 15 +++++++++++++++
+ src/core/manager.h | 3 +++
+ src/core/service.c | 20 --------------------
+ src/core/unit.c | 39 +++++++++++++++++++++------------------
+ src/core/unit.h | 1 +
+ 5 files changed, 40 insertions(+), 38 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 88d156e8fb..4c87ad8a2f 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -3379,6 +3379,21 @@ ManagerState manager_state(Manager *m) {
+ return MANAGER_RUNNING;
+ }
+
++void manager_ref_console(Manager *m) {
++ assert(m);
++
++ m->n_on_console++;
++}
++
++void manager_unref_console(Manager *m) {
++
++ assert(m->n_on_console > 0);
++ m->n_on_console--;
++
++ if (m->n_on_console == 0)
++ m->no_console_output = false; /* unset no_console_output flag, since the console is definitely free now */
++}
++
+ static const char *const manager_state_table[_MANAGER_STATE_MAX] = {
+ [MANAGER_INITIALIZING] = "initializing",
+ [MANAGER_STARTING] = "starting",
+diff --git a/src/core/manager.h b/src/core/manager.h
+index b0e4cad1fc..cfc564dfb6 100644
+--- a/src/core/manager.h
++++ b/src/core/manager.h
+@@ -379,5 +379,8 @@ const char *manager_get_runtime_prefix(Manager *m);
+
+ ManagerState manager_state(Manager *m);
+
++void manager_ref_console(Manager *m);
++void manager_unref_console(Manager *m);
++
+ const char *manager_state_to_string(ManagerState m) _const_;
+ ManagerState manager_state_from_string(const char *s) _pure_;
+diff --git a/src/core/service.c b/src/core/service.c
+index 8a8f4be149..ea71c9e237 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -914,26 +914,6 @@ static void service_set_state(Service *s, ServiceState state) {
+ if (state == SERVICE_EXITED && UNIT(s)->manager->n_reloading <= 0)
+ unit_destroy_cgroup_if_empty(UNIT(s));
+
+- /* For remain_after_exit services, let's see if we can "release" the
+- * hold on the console, since unit_notify() only does that in case of
+- * change of state */
+- if (state == SERVICE_EXITED &&
+- s->remain_after_exit &&
+- UNIT(s)->manager->n_on_console > 0) {
+-
+- ExecContext *ec;
+-
+- ec = unit_get_exec_context(UNIT(s));
+- if (ec && exec_context_may_touch_console(ec)) {
+- Manager *m = UNIT(s)->manager;
+-
+- m->n_on_console --;
+- if (m->n_on_console == 0)
+- /* unset no_console_output flag, since the console is free */
+- m->no_console_output = false;
+- }
+- }
+-
+ if (old_state != state)
+ log_unit_debug(UNIT(s)->id, "%s changed %s -> %s", UNIT(s)->id, service_state_to_string(old_state), service_state_to_string(state));
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 48358bc026..294c9eb70f 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -544,6 +544,9 @@ void unit_free(Unit *u) {
+ u->manager->n_in_gc_queue--;
+ }
+
++ if (u->on_console)
++ manager_unref_console(u->manager);
++
+ condition_free_list(u->conditions);
+ condition_free_list(u->asserts);
+
+@@ -1741,6 +1744,23 @@ void unit_trigger_notify(Unit *u) {
+ UNIT_VTABLE(other)->trigger_notify(other, u);
+ }
+
++static void unit_update_on_console(Unit *u) {
++ bool b;
++
++ assert(u);
++
++ b = unit_needs_console(u);
++ if (u->on_console == b)
++ return;
++
++ u->on_console = b;
++ if (b)
++ manager_ref_console(u->manager);
++ else
++ manager_unref_console(u->manager);
++
++}
++
+ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_success) {
+ Manager *m;
+ bool unexpected;
+@@ -1784,24 +1804,7 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su
+ if (UNIT_IS_INACTIVE_OR_FAILED(ns))
+ unit_destroy_cgroup_if_empty(u);
+
+- /* Note that this doesn't apply to RemainAfterExit services exiting
+- * successfully, since there's no change of state in that case. Which is
+- * why it is handled in service_set_state() */
+- if (UNIT_IS_INACTIVE_OR_FAILED(os) != UNIT_IS_INACTIVE_OR_FAILED(ns)) {
+- ExecContext *ec;
+-
+- ec = unit_get_exec_context(u);
+- if (ec && exec_context_may_touch_console(ec)) {
+- if (UNIT_IS_INACTIVE_OR_FAILED(ns)) {
+- m->n_on_console --;
+-
+- if (m->n_on_console == 0)
+- /* unset no_console_output flag, since the console is free */
+- m->no_console_output = false;
+- } else
+- m->n_on_console ++;
+- }
+- }
++ unit_update_on_console(u);
+
+ if (u->job) {
+ unexpected = false;
+diff --git a/src/core/unit.h b/src/core/unit.h
+index fa7de11645..719fc95260 100644
+--- a/src/core/unit.h
++++ b/src/core/unit.h
+@@ -238,6 +238,7 @@ struct Unit {
+ bool no_gc:1;
+
+ bool in_audit:1;
++ bool on_console:1;
+
+ bool cgroup_realized:1;
+ bool cgroup_members_mask_valid:1;
diff --git a/SOURCES/0795-service-introduce-protocol-error-type.patch b/SOURCES/0795-service-introduce-protocol-error-type.patch
new file mode 100644
index 0000000..13024bd
--- /dev/null
+++ b/SOURCES/0795-service-introduce-protocol-error-type.patch
@@ -0,0 +1,71 @@
+From c460203ad5165dfb095fcfaa6646708e39d2080e Mon Sep 17 00:00:00 2001
+From: Jouke Witteveen <j.witteveen@gmail.com>
+Date: Tue, 22 Nov 2016 17:39:56 +0100
+Subject: [PATCH] service: introduce protocol error type
+
+Introduce a SERVICE_FAILURE_PROTOCOL error type for when a service does
+not follow the protocol.
+This error type is used when a pid file is expected, but not delivered.
+
+(cherry picked from commit c35755fb878af58b80ac62a501a75f79c90a3763)
+
+Related: #1733998
+---
+ src/core/service.c | 9 +++++----
+ src/core/service.h | 1 +
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index ea71c9e237..84a5aeb072 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -2568,9 +2568,9 @@ static void service_notify_cgroup_empty_event(Unit *u) {
+
+ service_unwatch_pid_file(s);
+ if (s->state == SERVICE_START)
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_RESOURCES);
++ service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_PROTOCOL);
+ else
+- service_enter_stop(s, SERVICE_FAILURE_RESOURCES);
++ service_enter_stop(s, SERVICE_FAILURE_PROTOCOL);
+ }
+ break;
+
+@@ -2804,7 +2804,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+ if (!has_start_post && r < 0) {
+ r = service_demand_pid_file(s);
+ if (r < 0 || !cgroup_good(s))
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_RESOURCES);
++ service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_PROTOCOL);
+ break;
+ }
+ } else
+@@ -2826,7 +2826,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+ if (r < 0) {
+ r = service_demand_pid_file(s);
+ if (r < 0 || !cgroup_good(s))
+- service_enter_stop(s, SERVICE_FAILURE_RESOURCES);
++ service_enter_stop(s, SERVICE_FAILURE_PROTOCOL);
+ break;
+ }
+ } else
+@@ -3428,6 +3428,7 @@ DEFINE_STRING_TABLE_LOOKUP(notify_state, NotifyState);
+ static const char* const service_result_table[_SERVICE_RESULT_MAX] = {
+ [SERVICE_SUCCESS] = "success",
+ [SERVICE_FAILURE_RESOURCES] = "resources",
++ [SERVICE_FAILURE_PROTOCOL] = "protocol",
+ [SERVICE_FAILURE_TIMEOUT] = "timeout",
+ [SERVICE_FAILURE_EXIT_CODE] = "exit-code",
+ [SERVICE_FAILURE_SIGNAL] = "signal",
+diff --git a/src/core/service.h b/src/core/service.h
+index e0547a464e..82938a1fc4 100644
+--- a/src/core/service.h
++++ b/src/core/service.h
+@@ -108,6 +108,7 @@ typedef enum NotifyState {
+ typedef enum ServiceResult {
+ SERVICE_SUCCESS,
+ SERVICE_FAILURE_RESOURCES,
++ SERVICE_FAILURE_PROTOCOL,
+ SERVICE_FAILURE_TIMEOUT,
+ SERVICE_FAILURE_EXIT_CODE,
+ SERVICE_FAILURE_SIGNAL,
diff --git a/SOURCES/0796-service-fix-main-processes-exit-behavior-for-type-no.patch b/SOURCES/0796-service-fix-main-processes-exit-behavior-for-type-no.patch
new file mode 100644
index 0000000..845065a
--- /dev/null
+++ b/SOURCES/0796-service-fix-main-processes-exit-behavior-for-type-no.patch
@@ -0,0 +1,76 @@
+From 273d69011bf2a8abfcef71e33e6b6ae3323dfc34 Mon Sep 17 00:00:00 2001
+From: Jouke Witteveen <j.witteveen@gmail.com>
+Date: Sat, 1 Oct 2016 14:06:48 +0200
+Subject: [PATCH] service: fix main processes exit behavior for type notify
+ services
+
+Before this commit, when the main process of a Type=notify service exits the
+service would enter a running state without passing through the startup post
+state. This meant ExecStartPost= from being executed and allowed follow-up
+units to start too early (before the ready notification).
+Additionally, when RemainAfterExit=yes is used on a Type=notify service, the
+exit status of the main process would be disregarded.
+
+After this commit, an unsuccessful exit of the main process of a Type=notify
+service puts the unit in a failed state. A successful exit is inconsequential
+in case RemainAfterExit=yes. Otherwise, when no ready notification has been
+received, the unit is put in a failed state because it has never been active.
+When all processes in the cgroup of a Type=notify service are gone and no ready
+notification has been received yet, the unit is also put in a failed state.
+
+(cherry picked from commit 3d474ef7a687e2052aa303e0f95893b2fc610475)
+
+Related: #1733998
+---
+ src/core/service.c | 24 +++++++++++++++++++-----
+ 1 file changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index 84a5aeb072..b6f302ec33 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -1531,7 +1531,9 @@ static void service_enter_running(Service *s, ServiceResult f) {
+ else
+ service_set_state(s, SERVICE_RUNNING);
+
+- } else if (s->remain_after_exit)
++ } else if (f != SERVICE_SUCCESS)
++ service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
++ else if (s->remain_after_exit)
+ service_set_state(s, SERVICE_EXITED);
+ else
+ service_enter_stop(s, SERVICE_SUCCESS);
+@@ -2561,10 +2563,12 @@ static void service_notify_cgroup_empty_event(Unit *u) {
+
+ case SERVICE_START:
+ case SERVICE_START_POST:
+- /* If we were hoping for the daemon to write its PID file,
+- * we can give up now. */
+- if (s->pid_file_pathspec) {
+- log_unit_warning(u->id, "%s never wrote its PID file. Failing.", UNIT(s)->id);
++ if (s->type == SERVICE_NOTIFY)
++ /* No chance of getting a ready notification anymore */
++ service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_PROTOCOL);
++ else if (s->pid_file_pathspec) {
++ /* Give up hoping for the daemon to write its PID file */
++ log_unit_warning(u->id, "Daemon never wrote its PID file. Failing.");
+
+ service_unwatch_pid_file(s);
+ if (s->state == SERVICE_START)
+@@ -2699,6 +2703,16 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+ else
+ service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
+ break;
++ } else if (s->type == SERVICE_NOTIFY) {
++ /* Only enter running through a notification, so that the
++ * SERVICE_START state signifies that no ready notification
++ * has been received */
++ if (f != SERVICE_SUCCESS)
++ service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
++ else if (!s->remain_after_exit)
++ /* The service has never been active */
++ service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_PROTOCOL);
++ break;
+ }
+
+ /* Fall through */
diff --git a/SOURCES/0797-service-go-through-stop_post-on-failure-4770.patch b/SOURCES/0797-service-go-through-stop_post-on-failure-4770.patch
new file mode 100644
index 0000000..a7095a6
--- /dev/null
+++ b/SOURCES/0797-service-go-through-stop_post-on-failure-4770.patch
@@ -0,0 +1,111 @@
+From 5f0bb278dfe913bd2c7dcbc9f457892f5e8aca9d Mon Sep 17 00:00:00 2001
+From: Jouke Witteveen <j.witteveen@gmail.com>
+Date: Tue, 6 Dec 2016 13:30:28 +0100
+Subject: [PATCH] service: go through stop_post on failure (#4770)
+
+(cherry picked from commit c3fda31da36706b045f5de800d6a77e65e7a8ec9)
+
+Resolves: #1733998
+---
+ src/core/service.c | 24 +++++++++++-------------
+ 1 file changed, 11 insertions(+), 13 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index b6f302ec33..e538280bad 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -1532,7 +1532,7 @@ static void service_enter_running(Service *s, ServiceResult f) {
+ service_set_state(s, SERVICE_RUNNING);
+
+ } else if (f != SERVICE_SUCCESS)
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
++ service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
+ else if (s->remain_after_exit)
+ service_set_state(s, SERVICE_EXITED);
+ else
+@@ -1671,7 +1671,7 @@ static void service_enter_start(Service *s) {
+
+ fail:
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start' task: %m", UNIT(s)->id);
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_RESOURCES);
++ service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
+ }
+
+ static void service_enter_start_pre(Service *s) {
+@@ -1823,9 +1823,7 @@ static void service_run_next_control(Service *s) {
+ fail:
+ log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run next control task: %m", UNIT(s)->id);
+
+- if (s->state == SERVICE_START_PRE)
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_RESOURCES);
+- else if (s->state == SERVICE_STOP)
++ if (IN_SET(s->state, SERVICE_START_PRE, SERVICE_STOP))
+ service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_RESOURCES);
+ else if (s->state == SERVICE_STOP_POST)
+ service_enter_dead(s, SERVICE_FAILURE_RESOURCES, true);
+@@ -2572,7 +2570,7 @@ static void service_notify_cgroup_empty_event(Unit *u) {
+
+ service_unwatch_pid_file(s);
+ if (s->state == SERVICE_START)
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_PROTOCOL);
++ service_enter_stop_post(s, SERVICE_FAILURE_PROTOCOL);
+ else
+ service_enter_stop(s, SERVICE_FAILURE_PROTOCOL);
+ }
+@@ -2701,17 +2699,17 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+ if (f == SERVICE_SUCCESS)
+ service_enter_start_post(s);
+ else
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
++ service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
+ break;
+ } else if (s->type == SERVICE_NOTIFY) {
+ /* Only enter running through a notification, so that the
+ * SERVICE_START state signifies that no ready notification
+ * has been received */
+ if (f != SERVICE_SUCCESS)
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
++ service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
+ else if (!s->remain_after_exit)
+ /* The service has never been active */
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_PROTOCOL);
++ service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_PROTOCOL);
+ break;
+ }
+
+@@ -2792,7 +2790,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+ if (f == SERVICE_SUCCESS)
+ service_enter_start(s);
+ else
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
++ service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
+ break;
+
+ case SERVICE_START:
+@@ -2801,7 +2799,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+ break;
+
+ if (f != SERVICE_SUCCESS) {
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, f);
++ service_enter_signal(s, SERVICE_STOP_SIGTERM, f);
+ break;
+ }
+
+@@ -2818,7 +2816,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
+ if (!has_start_post && r < 0) {
+ r = service_demand_pid_file(s);
+ if (r < 0 || !cgroup_good(s))
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_PROTOCOL);
++ service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_PROTOCOL);
+ break;
+ }
+ } else
+@@ -2914,7 +2912,7 @@ static int service_dispatch_timer(sd_event_source *source, usec_t usec, void *us
+ case SERVICE_START_PRE:
+ case SERVICE_START:
+ log_unit_warning(UNIT(s)->id, "%s %s operation timed out. Terminating.", UNIT(s)->id, s->state == SERVICE_START ? "start" : "start-pre");
+- service_enter_signal(s, SERVICE_FINAL_SIGTERM, SERVICE_FAILURE_TIMEOUT);
++ service_enter_signal(s, SERVICE_STOP_SIGTERM, SERVICE_FAILURE_TIMEOUT);
+ break;
+
+ case SERVICE_START_POST:
diff --git a/SOURCES/0798-Call-getgroups-to-know-size-of-supplementary-groups-.patch b/SOURCES/0798-Call-getgroups-to-know-size-of-supplementary-groups-.patch
new file mode 100644
index 0000000..b2718cc
--- /dev/null
+++ b/SOURCES/0798-Call-getgroups-to-know-size-of-supplementary-groups-.patch
@@ -0,0 +1,44 @@
+From 0d0ba7ee44d652c23e6027fe3b1c1ee8e2f65a25 Mon Sep 17 00:00:00 2001
+From: systemd team <systemd-maint@redhat.com>
+Date: Mon, 19 Aug 2019 13:51:48 +0200
+Subject: [PATCH] Call getgroups() to know size of supplementary groups array
+ to allocate
+
+Resolves RHBZ #1743230 - journalctl dumps core when stack limit is reduced to 256 KB
+---
+ src/shared/util.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/shared/util.c b/src/shared/util.c
+index 127a64c3c6..ce6678eb38 100644
+--- a/src/shared/util.c
++++ b/src/shared/util.c
+@@ -5097,7 +5097,7 @@ int get_group_creds(const char **groupname, gid_t *gid) {
+
+ int in_gid(gid_t gid) {
+ gid_t *gids;
+- int ngroups_max, r, i;
++ int ngroups, r, i;
+
+ if (getgid() == gid)
+ return 1;
+@@ -5105,12 +5105,15 @@ int in_gid(gid_t gid) {
+ if (getegid() == gid)
+ return 1;
+
+- ngroups_max = sysconf(_SC_NGROUPS_MAX);
+- assert(ngroups_max > 0);
++ ngroups = getgroups(0, NULL);
++ if (ngroups < 0)
++ return -errno;
++ if (ngroups == 0)
++ return 0;
+
+- gids = alloca(sizeof(gid_t) * ngroups_max);
++ gids = alloca(sizeof(gid_t) * ngroups);
+
+- r = getgroups(ngroups_max, gids);
++ r = getgroups(ngroups, gids);
+ if (r < 0)
+ return -errno;
+
diff --git a/SOURCES/0799-udev-introduce-CONST-key-name.patch b/SOURCES/0799-udev-introduce-CONST-key-name.patch
new file mode 100644
index 0000000..4f54b9d
--- /dev/null
+++ b/SOURCES/0799-udev-introduce-CONST-key-name.patch
@@ -0,0 +1,190 @@
+From be88b819ecec075187ac313b8ab15d8ed8004b54 Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Wed, 11 Sep 2019 12:35:18 +0200
+Subject: [PATCH] udev: introduce CONST key name
+
+Currently, there is no way to match against system-wide constants, such
+as architecture or virtualization type, without forking helper binaries.
+That potentially results in a huge number of spawned processes which
+output always the same answer.
+
+This patch introduces a special CONST keyword which takes a hard-coded
+string as its key and returns a value assigned to that key. Currently
+implemented are CONST{arch} and CONST{virt}, which can be used to match
+against the system's architecture and virtualization type.
+
+(based on commit 4801d8afe2ff1c1c075c9f0bc5631612172e0bb7)
+
+Resolves: #1748051
+---
+ man/udev.xml | 26 ++++++++++++++++++++++++++
+ rules/40-redhat.rules | 4 ++--
+ src/udev/udev-rules.c | 39 +++++++++++++++++++++++++++++++++++++++
+ test/rule-syntax-check.py | 2 +-
+ 4 files changed, 68 insertions(+), 3 deletions(-)
+
+diff --git a/man/udev.xml b/man/udev.xml
+index a948ea79a9..fc02edd214 100644
+--- a/man/udev.xml
++++ b/man/udev.xml
+@@ -240,6 +240,32 @@
+ </listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term><varname>CONST{<replaceable>key</replaceable>}</varname></term>
++ <listitem>
++ <para>Match against a system-wide constant. Supported keys are:</para>
++ <variablelist>
++ <varlistentry>
++ <term><literal>arch</literal></term>
++ <listitem>
++ <para>System's architecture. See <option>ConditionArchitecture=</option> in
++ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
++ for possible values.</para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term><literal>virt</literal></term>
++ <listitem>
++ <para>System's virtualization environment. See
++ <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
++ for possible values.</para>
++ </listitem>
++ </varlistentry>
++ </variablelist>
++ <para>Unknown keys will never match.</para>
++ </listitem>
++ </varlistentry>
++
+ <varlistentry>
+ <term><varname>TAG</varname></term>
+ <listitem>
+diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
+index 2c690e522e..83d823e172 100644
+--- a/rules/40-redhat.rules
++++ b/rules/40-redhat.rules
+@@ -6,10 +6,10 @@ SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}
+ # Memory hotadd request
+ SUBSYSTEM!="memory", GOTO="memory_hotplug_end"
+ ACTION!="add", GOTO="memory_hotplug_end"
+-PROGRAM="/bin/uname -p", RESULT=="s390*", GOTO="memory_hotplug_end"
++CONST{arch}=="s390*", GOTO="memory_hotplug_end"
+
+ ENV{.state}="online"
+-PROGRAM="/bin/systemd-detect-virt", RESULT=="none", ENV{.state}="online_movable"
++CONST{virt}=="none", ENV{.state}="online_movable"
+ ATTR{state}=="offline", ATTR{state}="$env{.state}"
+
+ LABEL="memory_hotplug_end"
+diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
+index c9a0197534..9211f563b1 100644
+--- a/src/udev/udev-rules.c
++++ b/src/udev/udev-rules.c
+@@ -29,12 +29,14 @@
+ #include <fnmatch.h>
+ #include <time.h>
+
++#include "architecture.h"
+ #include "udev.h"
+ #include "path-util.h"
+ #include "conf-files.h"
+ #include "strbuf.h"
+ #include "strv.h"
+ #include "util.h"
++#include "virt.h"
+
+ #define PREALLOC_TOKEN 2048
+
+@@ -123,6 +125,7 @@ enum token_type {
+ TK_M_DEVLINK, /* val */
+ TK_M_NAME, /* val */
+ TK_M_ENV, /* val, attr */
++ TK_M_CONST, /* val, attr */
+ TK_M_TAG, /* val */
+ TK_M_SUBSYSTEM, /* val */
+ TK_M_DRIVER, /* val */
+@@ -257,6 +260,7 @@ static const char *token_str(enum token_type type) {
+ [TK_M_DEVLINK] = "M DEVLINK",
+ [TK_M_NAME] = "M NAME",
+ [TK_M_ENV] = "M ENV",
++ [TK_M_CONST] = "M CONST",
+ [TK_M_TAG] = "M TAG",
+ [TK_M_SUBSYSTEM] = "M SUBSYSTEM",
+ [TK_M_DRIVER] = "M DRIVER",
+@@ -365,6 +369,7 @@ static void dump_token(struct udev_rules *rules, struct token *token) {
+ case TK_M_ATTR:
+ case TK_M_ATTRS:
+ case TK_M_ENV:
++ case TK_M_CONST:
+ case TK_A_ATTR:
+ case TK_A_ENV:
+ log_debug("%s %s '%s' '%s'(%s)",
+@@ -905,6 +910,7 @@ static int rule_add_key(struct rule_tmp *rule_tmp, enum token_type type,
+ token->key.builtin_cmd = *(enum udev_builtin_cmd *)data;
+ break;
+ case TK_M_ENV:
++ case TK_M_CONST:
+ case TK_M_ATTR:
+ case TK_M_ATTRS:
+ case TK_A_ATTR:
+@@ -1264,6 +1270,22 @@ static int add_rule(struct udev_rules *rules, char *line,
+ continue;
+ }
+
++ if (startswith(key, "CONST{")) {
++ attr = get_key_attribute(rules->udev, key + STRLEN("CONST"));
++ if (attr == NULL || !STR_IN_SET(attr, "arch", "virt")) {
++ log_error("error parsing CONST attribute");
++ goto invalid;
++ }
++ if (op == OP_REMOVE) {
++ log_error("invalid CONST operation");
++ goto invalid;
++ }
++ if (op < OP_MATCH_MAX) {
++ if (rule_add_key(&rule_tmp, TK_M_CONST, op, value, attr) != 0)
++ goto invalid;
++ }
++ continue;
++ }
+ if (streq(key, "TAG")) {
+ if (op < OP_MATCH_MAX)
+ rule_add_key(&rule_tmp, TK_M_TAG, op, value, NULL);
+@@ -1959,6 +1981,23 @@ int udev_rules_apply_to_event(struct udev_rules *rules,
+ goto nomatch;
+ break;
+ }
++ case TK_M_CONST: {
++ const char *key_name = rules_str(rules, cur->key.attr_off);
++ const char *value = NULL;
++ int q;
++
++ if (streq(key_name, "arch")) {
++ q = uname_architecture();
++ value = architecture_to_string(q);
++ } else if (streq(key_name, "virt")) {
++ q = detect_virtualization(&value);
++ } else
++ assert_not_reached("Invalid CONST key");
++
++ if (match_key(rules, cur, value))
++ goto nomatch;
++ break;
++ }
+ case TK_M_TAG: {
+ struct udev_list_entry *list_entry;
+ bool match = false;
+diff --git a/test/rule-syntax-check.py b/test/rule-syntax-check.py
+index 80bbe65bea..c6d003b167 100644
+--- a/test/rule-syntax-check.py
++++ b/test/rule-syntax-check.py
+@@ -34,7 +34,7 @@ else:
+ rules_files = glob(os.path.join(rules_dir, '*.rules'))
+
+ no_args_tests = re.compile('(ACTION|DEVPATH|KERNELS?|NAME|SYMLINK|SUBSYSTEMS?|DRIVERS?|TAG|RESULT|TEST)\s*(?:=|!)=\s*"([^"]*)"$')
+-args_tests = re.compile('(ATTRS?|ENV|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*"([^"]*)"$')
++args_tests = re.compile('(ATTRS?|ENV|CONST|TEST){([a-zA-Z0-9/_.*%-]+)}\s*(?:=|!)=\s*"([^"]*)"$')
+ no_args_assign = re.compile('(NAME|SYMLINK|OWNER|GROUP|MODE|TAG|PROGRAM|RUN|LABEL|GOTO|WAIT_FOR|OPTIONS|IMPORT)\s*(?:\+=|:=|=)\s*"([^"]*)"$')
+ args_assign = re.compile('(ATTR|ENV|IMPORT|RUN){([a-zA-Z0-9/_.*%-]+)}\s*(=|\+=)\s*"([^"]*)"$')
+
diff --git a/SOURCES/0800-path-stop-watching-path-specs-once-we-triggered-the-.patch b/SOURCES/0800-path-stop-watching-path-specs-once-we-triggered-the-.patch
new file mode 100644
index 0000000..8a4c807
--- /dev/null
+++ b/SOURCES/0800-path-stop-watching-path-specs-once-we-triggered-the-.patch
@@ -0,0 +1,35 @@
+From 6a0d21a508e43ca7a89b700e98fd86a08eff4fee Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Mon, 9 Sep 2019 14:38:35 +0200
+Subject: [PATCH] path: stop watching path specs once we triggered the target
+ unit
+
+We start watching them again once we get a notification that triggered
+unit entered inactive or failed state.
+
+Fixes: #10503
+(cherry picked from commit 8fca6944c2ee20c63d62154c8badddc77170b176)
+
+Resolves: #1641777
+---
+ src/core/path.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/path.c b/src/core/path.c
+index 0533bb4e21..a74cbf2372 100644
+--- a/src/core/path.c
++++ b/src/core/path.c
+@@ -497,11 +497,9 @@ static void path_enter_running(Path *p) {
+
+ p->inotify_triggered = false;
+
+- r = path_watch(p);
+- if (r < 0)
+- goto fail;
+-
+ path_set_state(p, PATH_RUNNING);
++ path_unwatch(p);
++
+ return;
+
+ fail:
diff --git a/SOURCES/0801-unit-fix-potential-use-of-cgroup_path-after-free-whe.patch b/SOURCES/0801-unit-fix-potential-use-of-cgroup_path-after-free-whe.patch
new file mode 100644
index 0000000..f41540a
--- /dev/null
+++ b/SOURCES/0801-unit-fix-potential-use-of-cgroup_path-after-free-whe.patch
@@ -0,0 +1,39 @@
+From 98234ad6e16e868bd1fa3e4622c43a182fdee75c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
+Date: Sat, 23 Nov 2019 13:37:02 +0100
+Subject: [PATCH] unit: fix potential use of cgroup_path after free() when
+ freeing unit
+
+Resolves: #1760149
+---
+ src/core/cgroup.c | 3 +--
+ src/core/unit.c | 2 +-
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/cgroup.c b/src/core/cgroup.c
+index 0ce265dbf4..9af8126957 100644
+--- a/src/core/cgroup.c
++++ b/src/core/cgroup.c
+@@ -874,8 +874,7 @@ void unit_destroy_cgroup_if_empty(Unit *u) {
+
+ hashmap_remove(u->manager->cgroup_unit, u->cgroup_path);
+
+- free(u->cgroup_path);
+- u->cgroup_path = NULL;
++ u->cgroup_path = mfree(u->cgroup_path);
+ u->cgroup_realized = false;
+ u->cgroup_realized_mask = 0;
+ }
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 294c9eb70f..0dc66203a4 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -515,7 +515,7 @@ void unit_free(Unit *u) {
+
+ if (u->cgroup_path) {
+ hashmap_remove(u->manager->cgroup_unit, u->cgroup_path);
+- free(u->cgroup_path);
++ u->cgroup_path = mfree(u->cgroup_path);
+ }
+
+ set_remove(u->manager->failed_units, u);
diff --git a/SOURCES/0802-core-when-restarting-services-don-t-close-fds.patch b/SOURCES/0802-core-when-restarting-services-don-t-close-fds.patch
new file mode 100644
index 0000000..91ef314
--- /dev/null
+++ b/SOURCES/0802-core-when-restarting-services-don-t-close-fds.patch
@@ -0,0 +1,112 @@
+From 017d1bc2a34946336dbafcc1c9c390ea45a2a3bd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sat, 22 Oct 2016 22:16:02 -0400
+Subject: [PATCH] core: when restarting services, don't close fds
+
+We would close all the stored fds in service_release_resources(), which of
+course broke the whole concept of storing fds over service restart.
+
+Fixes #4408.
+
+(cherry picked from commit f0bfbfac43b7faa68ef1bb2ad659c191b9ec85d2)
+(cherry picked from commit 4c271437cd695c31e76adb191013009689a7797c)
+Resolves: #1803802
+---
+ src/core/service.c | 22 +++++++++++++++-------
+ src/core/unit.c | 6 ++++--
+ src/core/unit.h | 2 +-
+ 3 files changed, 20 insertions(+), 10 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index e538280bad..3c2f69a003 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -258,7 +258,17 @@ static void service_fd_store_unlink(ServiceFDStore *fs) {
+ free(fs);
+ }
+
+-static void service_release_resources(Unit *u) {
++static void service_release_fd_store(Service *s) {
++ assert(s);
++
++ log_unit_debug(UNIT(s)->id, "Releasing all stored fds");
++ while (s->fd_store)
++ service_fd_store_unlink(s->fd_store);
++
++ assert(s->n_fd_store == 0);
++}
++
++static void service_release_resources(Unit *u, bool inactive) {
+ Service *s = SERVICE(u);
+
+ assert(s);
+@@ -266,12 +276,10 @@ static void service_release_resources(Unit *u) {
+ if (!s->fd_store)
+ return;
+
+- log_debug("Releasing all resources for %s", u->id);
+-
+- while (s->fd_store)
+- service_fd_store_unlink(s->fd_store);
++ log_unit_debug(u->id, "Releasing resources.");
+
+- assert(s->n_fd_store == 0);
++ if (inactive)
++ service_release_fd_store(s);
+ }
+
+ static void service_done(Unit *u) {
+@@ -319,7 +327,7 @@ static void service_done(Unit *u) {
+
+ s->timer_event_source = sd_event_source_unref(s->timer_event_source);
+
+- service_release_resources(u);
++ service_release_resources(u, true);
+ }
+
+ static int on_fd_store_io(sd_event_source *e, int fd, uint32_t revents, void *userdata) {
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 0dc66203a4..22e31a76b3 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -285,6 +285,7 @@ int unit_set_description(Unit *u, const char *description) {
+
+ bool unit_may_gc(Unit *u) {
+ UnitActiveState state;
++ bool inactive;
+ assert(u);
+
+ /* Checks whether the unit is ready to be unloaded for garbage collection.
+@@ -302,16 +303,17 @@ bool unit_may_gc(Unit *u) {
+ return false;
+
+ state = unit_active_state(u);
++ inactive = state == UNIT_INACTIVE;
+
+ /* If the unit is inactive and failed and no job is queued for
+ * it, then release its runtime resources */
+ if (UNIT_IS_INACTIVE_OR_FAILED(state) &&
+ UNIT_VTABLE(u)->release_resources)
+- UNIT_VTABLE(u)->release_resources(u);
++ UNIT_VTABLE(u)->release_resources(u, inactive);
+
+ /* But we keep the unit object around for longer when it is
+ * referenced or configured to not be gc'ed */
+- if (state != UNIT_INACTIVE)
++ if (!inactive)
+ return false;
+
+ if (UNIT_VTABLE(u)->no_gc)
+diff --git a/src/core/unit.h b/src/core/unit.h
+index 719fc95260..232be8164f 100644
+--- a/src/core/unit.h
++++ b/src/core/unit.h
+@@ -360,7 +360,7 @@ struct UnitVTable {
+
+ /* When the unit is not running and no job for it queued we
+ * shall release its runtime resources */
+- void (*release_resources)(Unit *u);
++ void (*release_resources)(Unit *u, bool inactive);
+
+ /* Return true when this unit is suitable for snapshotting */
+ bool (*check_snapshot)(Unit *u);
diff --git a/SOURCES/0803-unit-rework-a-bit-how-we-keep-the-service-fdstore-fr.patch b/SOURCES/0803-unit-rework-a-bit-how-we-keep-the-service-fdstore-fr.patch
new file mode 100644
index 0000000..3dc70e2
--- /dev/null
+++ b/SOURCES/0803-unit-rework-a-bit-how-we-keep-the-service-fdstore-fr.patch
@@ -0,0 +1,170 @@
+From 9684908410868cb590ad74f4747bdbf9b5790abb Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 13 Nov 2017 15:08:49 +0100
+Subject: [PATCH] unit: rework a bit how we keep the service fdstore from being
+ destroyed during service restart
+
+When preparing for a restart we quickly go through the DEAD/INACTIVE
+service state before entering AUTO_RESTART. When doing this, we need to
+make sure we don't destroy the FD store. Previously this was done by
+checking the failure state of the unit, and keeping the FD store around
+when the unit failed, under the assumption that the restart logic will
+then get into action.
+
+This is not entirely correct howver, as there might be failure states
+that will no result in restarts.
+
+With this commit we slightly alter the logic: a ref counter for the fd
+store is added, that is increased right before we handle the restart
+logic, and decreased again right-after.
+
+This should ensure that the fdstore lives exactly as long as it needs.
+
+Follow-up for f0bfbfac43b7faa68ef1bb2ad659c191b9ec85d2.
+
+(cherry picked from commit 7eb2a8a1259043e107ebec94e30ed160a93f40a7)
+(cherry picked from commit e2636bde0f07319d0d35262dac6ff2638ba4e598)
+Resolves: #1803802
+---
+ src/core/service.c | 23 ++++++++++++++++++-----
+ src/core/service.h | 1 +
+ src/core/unit.c | 12 ++++--------
+ src/core/unit.h | 5 ++---
+ 4 files changed, 25 insertions(+), 16 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index 3c2f69a003..e32cdf4594 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -261,6 +261,9 @@ static void service_fd_store_unlink(ServiceFDStore *fs) {
+ static void service_release_fd_store(Service *s) {
+ assert(s);
+
++ if (s->n_keep_fd_store > 0)
++ return;
++
+ log_unit_debug(UNIT(s)->id, "Releasing all stored fds");
+ while (s->fd_store)
+ service_fd_store_unlink(s->fd_store);
+@@ -268,7 +271,7 @@ static void service_release_fd_store(Service *s) {
+ assert(s->n_fd_store == 0);
+ }
+
+-static void service_release_resources(Unit *u, bool inactive) {
++static void service_release_resources(Unit *u) {
+ Service *s = SERVICE(u);
+
+ assert(s);
+@@ -278,8 +281,7 @@ static void service_release_resources(Unit *u, bool inactive) {
+
+ log_unit_debug(u->id, "Releasing resources.");
+
+- if (inactive)
+- service_release_fd_store(s);
++ service_release_fd_store(s);
+ }
+
+ static void service_done(Unit *u) {
+@@ -327,7 +329,7 @@ static void service_done(Unit *u) {
+
+ s->timer_event_source = sd_event_source_unref(s->timer_event_source);
+
+- service_release_resources(u, true);
++ service_release_resources(u);
+ }
+
+ static int on_fd_store_io(sd_event_source *e, int fd, uint32_t revents, void *userdata) {
+@@ -1330,6 +1332,10 @@ static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart)
+ if (f != SERVICE_SUCCESS)
+ s->result = f;
+
++ /* Make sure service_release_resources() doesn't destroy our FD store, while we are changing through
++ * SERVICE_FAILED/SERVICE_DEAD before entering into SERVICE_AUTO_RESTART. */
++ s->n_keep_fd_store++;
++
+ service_set_state(s, s->result != SERVICE_SUCCESS ? SERVICE_FAILED : SERVICE_DEAD);
+
+ if (s->result != SERVICE_SUCCESS) {
+@@ -1351,12 +1357,19 @@ static void service_enter_dead(Service *s, ServiceResult f, bool allow_restart)
+ (!IN_SET(s->main_exec_status.code, CLD_KILLED, CLD_DUMPED) || !set_contains(s->restart_prevent_status.signal, INT_TO_PTR(s->main_exec_status.status)))) {
+
+ r = service_arm_timer(s, s->restart_usec);
+- if (r < 0)
++ if (r < 0) {
++ s->n_keep_fd_store--;
+ goto fail;
++ }
+
+ service_set_state(s, SERVICE_AUTO_RESTART);
+ }
+
++ /* The new state is in effect, let's decrease the fd store ref counter again. Let's also readd us to the GC
++ * queue, so that the fd store is possibly gc'ed again */
++ s->n_keep_fd_store--;
++ unit_add_to_gc_queue(UNIT(s));
++
+ s->forbid_restart = false;
+
+ /* We want fresh tmpdirs in case service is started again immediately */
+diff --git a/src/core/service.h b/src/core/service.h
+index 82938a1fc4..e5753f1f4c 100644
+--- a/src/core/service.h
++++ b/src/core/service.h
+@@ -215,6 +215,7 @@ struct Service {
+ ServiceFDStore *fd_store;
+ unsigned n_fd_store;
+ unsigned n_fd_store_max;
++ unsigned n_keep_fd_store;
+ };
+
+ extern const UnitVTable service_vtable;
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 22e31a76b3..eff9fdbe70 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -285,7 +285,6 @@ int unit_set_description(Unit *u, const char *description) {
+
+ bool unit_may_gc(Unit *u) {
+ UnitActiveState state;
+- bool inactive;
+ assert(u);
+
+ /* Checks whether the unit is ready to be unloaded for garbage collection.
+@@ -303,17 +302,14 @@ bool unit_may_gc(Unit *u) {
+ return false;
+
+ state = unit_active_state(u);
+- inactive = state == UNIT_INACTIVE;
+
+- /* If the unit is inactive and failed and no job is queued for
+- * it, then release its runtime resources */
++ /* If the unit is inactive and failed and no job is queued for it, then release its runtime resources */
+ if (UNIT_IS_INACTIVE_OR_FAILED(state) &&
+ UNIT_VTABLE(u)->release_resources)
+- UNIT_VTABLE(u)->release_resources(u, inactive);
++ UNIT_VTABLE(u)->release_resources(u);
+
+- /* But we keep the unit object around for longer when it is
+- * referenced or configured to not be gc'ed */
+- if (!inactive)
++ /* But we keep the unit object around for longer when it is referenced or configured to not be gc'ed */
++ if (state != UNIT_INACTIVE)
+ return false;
+
+ if (UNIT_VTABLE(u)->no_gc)
+diff --git a/src/core/unit.h b/src/core/unit.h
+index 232be8164f..3b0fd8d9df 100644
+--- a/src/core/unit.h
++++ b/src/core/unit.h
+@@ -358,9 +358,8 @@ struct UnitVTable {
+ * even though nothing references it and it isn't active in any way. */
+ bool (*may_gc)(Unit *u);
+
+- /* When the unit is not running and no job for it queued we
+- * shall release its runtime resources */
+- void (*release_resources)(Unit *u, bool inactive);
++ /* When the unit is not running and no job for it queued we shall release its runtime resources */
++ void (*release_resources)(Unit *u);
+
+ /* Return true when this unit is suitable for snapshotting */
+ bool (*check_snapshot)(Unit *u);
diff --git a/SOURCES/0804-tests-add-basic-journal-test.patch b/SOURCES/0804-tests-add-basic-journal-test.patch
new file mode 100644
index 0000000..1455a61
--- /dev/null
+++ b/SOURCES/0804-tests-add-basic-journal-test.patch
@@ -0,0 +1,145 @@
+From c53791854050661d34417f12755837abd74d213a Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Tue, 17 Nov 2015 11:21:23 +0000
+Subject: [PATCH] tests: add basic journal test
+
+(cherry picked from commit 1c36b4a73b876258fbe01fbe9bc9b750b7dcc9ce)
+(cherry picked from commit e974b9915ccc7bf56d23fd6fc67631990d893c89)
+Resolves: #1803802
+---
+ test/TEST-04-JOURNAL/Makefile | 1 +
+ test/TEST-04-JOURNAL/test-journal.sh | 18 +++++++
+ test/TEST-04-JOURNAL/test.sh | 76 ++++++++++++++++++++++++++++
+ test/test-functions | 2 +-
+ 4 files changed, 96 insertions(+), 1 deletion(-)
+ create mode 120000 test/TEST-04-JOURNAL/Makefile
+ create mode 100755 test/TEST-04-JOURNAL/test-journal.sh
+ create mode 100755 test/TEST-04-JOURNAL/test.sh
+
+diff --git a/test/TEST-04-JOURNAL/Makefile b/test/TEST-04-JOURNAL/Makefile
+new file mode 120000
+index 0000000000..e9f93b1104
+--- /dev/null
++++ b/test/TEST-04-JOURNAL/Makefile
+@@ -0,0 +1 @@
++../TEST-01-BASIC/Makefile
+\ No newline at end of file
+diff --git a/test/TEST-04-JOURNAL/test-journal.sh b/test/TEST-04-JOURNAL/test-journal.sh
+new file mode 100755
+index 0000000000..c75f396ceb
+--- /dev/null
++++ b/test/TEST-04-JOURNAL/test-journal.sh
+@@ -0,0 +1,18 @@
++#!/bin/bash
++
++set -x
++set -e
++set -o pipefail
++
++# Test stdout stream
++
++# Skip empty lines
++ID=$(journalctl --new-id128 | sed -n 2p)
++>/expected
++printf $'\n\n\n' | systemd-cat -t "$ID" --level-prefix false
++journalctl --flush
++journalctl -b -o cat -t "$ID" >/output
++cmp /expected /output
++
++touch /testok
++exit 0
+diff --git a/test/TEST-04-JOURNAL/test.sh b/test/TEST-04-JOURNAL/test.sh
+new file mode 100755
+index 0000000000..e37cb7d412
+--- /dev/null
++++ b/test/TEST-04-JOURNAL/test.sh
+@@ -0,0 +1,76 @@
++#!/bin/bash
++# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
++# ex: ts=8 sw=4 sts=4 et filetype=sh
++TEST_DESCRIPTION="Journal-related tests"
++
++. $TEST_BASE_DIR/test-functions
++
++check_result_qemu() {
++ ret=1
++ mkdir -p $TESTDIR/root
++ mount ${LOOPDEV}p1 $TESTDIR/root
++ [[ -e $TESTDIR/root/testok ]] && ret=0
++ [[ -f $TESTDIR/root/failed ]] && cp -a $TESTDIR/root/failed $TESTDIR
++ cp -a $TESTDIR/root/var/log/journal $TESTDIR
++ umount $TESTDIR/root
++ [[ -f $TESTDIR/failed ]] && cat $TESTDIR/failed
++ ls -l $TESTDIR/journal/*/*.journal
++ test -s $TESTDIR/failed && ret=$(($ret+1))
++ return $ret
++}
++
++test_run() {
++ if run_qemu; then
++ check_result_qemu || return 1
++ else
++ dwarn "can't run QEMU, skipping"
++ fi
++ if check_nspawn; then
++ run_nspawn
++ check_result_nspawn || return 1
++ else
++ dwarn "can't run systemd-nspawn, skipping"
++ fi
++ return 0
++}
++
++test_setup() {
++ create_empty_image
++ mkdir -p $TESTDIR/root
++ mount ${LOOPDEV}p1 $TESTDIR/root
++
++ # Create what will eventually be our root filesystem onto an overlay
++ (
++ LOG_LEVEL=5
++ eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
++
++ setup_basic_environment
++
++ # setup the testsuite service
++ cat >$initdir/etc/systemd/system/testsuite.service <<EOF
++[Unit]
++Description=Testsuite service
++After=multi-user.target
++
++[Service]
++ExecStart=/test-journal.sh
++Type=oneshot
++EOF
++
++ cp test-journal.sh $initdir/
++
++ setup_testsuite
++ )
++ setup_nspawn_root
++
++ ddebug "umount $TESTDIR/root"
++ umount $TESTDIR/root
++}
++
++test_cleanup() {
++ umount $TESTDIR/root 2>/dev/null
++ [[ $LOOPDEV ]] && losetup -d $LOOPDEV
++ return 0
++}
++
++do_test "$@"
+diff --git a/test/test-functions b/test/test-functions
+index e50ce556fd..d5e9650903 100644
+--- a/test/test-functions
++++ b/test/test-functions
+@@ -12,7 +12,7 @@ if ! ROOTLIBDIR=$(pkg-config --variable=systemdutildir systemd); then
+ ROOTLIBDIR=/usr/lib/systemd
+ fi
+
+-BASICTOOLS="test sh bash setsid loadkeys setfont login sulogin gzip sleep echo mount umount cryptsetup date dmsetup modprobe chmod chown ln"
++BASICTOOLS="test sh bash setsid loadkeys setfont login sulogin gzip sleep echo mount umount cryptsetup date dmsetup modprobe chmod chown ln sed cmp tee"
+ DEBUGTOOLS="df free ls stty cat ps ln ip route dmesg dhclient mkdir cp ping dhclient strace less grep id tty touch du sort hostname"
+
+ function find_qemu_bin() {
diff --git a/SOURCES/0805-tests-add-regression-test-for-systemctl-restart-syst.patch b/SOURCES/0805-tests-add-regression-test-for-systemctl-restart-syst.patch
new file mode 100644
index 0000000..725665c
--- /dev/null
+++ b/SOURCES/0805-tests-add-regression-test-for-systemctl-restart-syst.patch
@@ -0,0 +1,54 @@
+From e3468af46bd16e3550c25a0770f47f0bf21780f3 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Wed, 30 Dec 2015 03:33:43 +0000
+Subject: [PATCH] tests: add regression test for `systemctl restart
+ systemd-journald`
+
+See https://github.com/systemd/systemd/issues/2236
+
+(cherry picked from commit 3889613ec6bc54b9e02955f62b9d5c5b571c3d4b)
+(cherry picked from commit 4dc893c03fe9c56a3d3070fb8583f5584014aa49)
+Resolves: #1803802
+---
+ test/TEST-04-JOURNAL/test-journal.sh | 8 ++++++++
+ test/TEST-04-JOURNAL/test.sh | 9 +++++++++
+ 2 files changed, 17 insertions(+)
+
+diff --git a/test/TEST-04-JOURNAL/test-journal.sh b/test/TEST-04-JOURNAL/test-journal.sh
+index c75f396ceb..701b0cf724 100755
+--- a/test/TEST-04-JOURNAL/test-journal.sh
++++ b/test/TEST-04-JOURNAL/test-journal.sh
+@@ -14,5 +14,13 @@ journalctl --flush
+ journalctl -b -o cat -t "$ID" >/output
+ cmp /expected /output
+
++# Don't lose streams on restart
++systemctl start forever-print-hola
++sleep 3
++systemctl restart systemd-journald
++sleep 3
++systemctl stop forever-print-hola
++[[ ! -f "/i-lose-my-logs" ]]
++
+ touch /testok
+ exit 0
+diff --git a/test/TEST-04-JOURNAL/test.sh b/test/TEST-04-JOURNAL/test.sh
+index e37cb7d412..6aea67ba4e 100755
+--- a/test/TEST-04-JOURNAL/test.sh
++++ b/test/TEST-04-JOURNAL/test.sh
+@@ -55,6 +55,15 @@ After=multi-user.target
+ [Service]
+ ExecStart=/test-journal.sh
+ Type=oneshot
++EOF
++
++ cat >$initdir/etc/systemd/system/forever-print-hola.service <<EOF
++[Unit]
++Description=ForeverPrintHola service
++
++[Service]
++Type=simple
++ExecStart=/bin/sh -x -c 'while :; do printf "Hola\n" || touch /i-lose-my-logs; sleep 1; done'
+ EOF
+
+ cp test-journal.sh $initdir/
diff --git a/SOURCES/0806-tests-add-test-that-journald-keeps-fds-over-terminat.patch b/SOURCES/0806-tests-add-test-that-journald-keeps-fds-over-terminat.patch
new file mode 100644
index 0000000..a19853b
--- /dev/null
+++ b/SOURCES/0806-tests-add-test-that-journald-keeps-fds-over-terminat.patch
@@ -0,0 +1,33 @@
+From 39ab4de70c6f2b35ec735195803f4bd1eb5892c1 Mon Sep 17 00:00:00 2001
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Thu, 20 Oct 2016 13:18:12 +0000
+Subject: [PATCH] tests: add test that journald keeps fds over termination by
+ signal
+
+This test fails before previous commit, and passes with it.
+
+(cherry picked from commit bff653e3970bb79832568ae86b095ee530b62302)
+(cherry picked from commit ee8f69ae5ddac6f05c56ea7dbcb76fbbb2e355ee)
+Resolves: #1803802
+---
+ test/TEST-04-JOURNAL/test-journal.sh | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/test/TEST-04-JOURNAL/test-journal.sh b/test/TEST-04-JOURNAL/test-journal.sh
+index 701b0cf724..d0b05c46d6 100755
+--- a/test/TEST-04-JOURNAL/test-journal.sh
++++ b/test/TEST-04-JOURNAL/test-journal.sh
+@@ -22,5 +22,13 @@ sleep 3
+ systemctl stop forever-print-hola
+ [[ ! -f "/i-lose-my-logs" ]]
+
++# https://github.com/systemd/systemd/issues/4408
++rm -f /i-lose-my-logs
++systemctl start forever-print-hola
++sleep 3
++systemctl kill --signal=SIGKILL systemd-journald
++sleep 3
++[[ ! -f "/i-lose-my-logs" ]]
++
+ touch /testok
+ exit 0
diff --git a/SOURCES/0807-journal-do-not-trigger-assertion-when-journal_file_c.patch b/SOURCES/0807-journal-do-not-trigger-assertion-when-journal_file_c.patch
new file mode 100644
index 0000000..0910c9f
--- /dev/null
+++ b/SOURCES/0807-journal-do-not-trigger-assertion-when-journal_file_c.patch
@@ -0,0 +1,50 @@
+From d8c33d7a4e0d9b4375159776913f5c3fd2905c21 Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Tue, 7 Jan 2020 11:22:26 +0100
+Subject: [PATCH] journal: do not trigger assertion when journal_file_close()
+ get NULL
+
+We generally expect destructors to not complain if a NULL argument is passed.
+
+Closes #12400.
+
+(cherry picked from commit c377a6f3ad3d9bed4ce7e873e8e9ec6b1650c57d)
+(cherry picked from commit 248925c68092bab7ce0231449176db153f55d818)
+Resolves: #1807798
+---
+ src/journal/journal-file.c | 3 ++-
+ src/journal/journald-server.c | 7 ++-----
+ 2 files changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
+index 586f620e21..cf8dad3fcd 100644
+--- a/src/journal/journal-file.c
++++ b/src/journal/journal-file.c
+@@ -129,7 +129,8 @@ int journal_file_set_offline(JournalFile *f) {
+ }
+
+ void journal_file_close(JournalFile *f) {
+- assert(f);
++ if (!f)
++ return;
+
+ #ifdef HAVE_GCRYPT
+ /* Write the final tag */
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index aaabb2f7ab..ffe2daa7be 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -1933,11 +1933,8 @@ void server_done(Server *s) {
+ while (s->stdout_streams)
+ stdout_stream_free(s->stdout_streams);
+
+- if (s->system_journal)
+- journal_file_close(s->system_journal);
+-
+- if (s->runtime_journal)
+- journal_file_close(s->runtime_journal);
++ (void) journal_file_close(s->system_journal);
++ (void) journal_file_close(s->runtime_journal);
+
+ while ((f = ordered_hashmap_steal_first(s->user_journals)))
+ journal_file_close(f);
diff --git a/SOURCES/0808-mount-don-t-propagate-errors-from-mount_setup_unit-f.patch b/SOURCES/0808-mount-don-t-propagate-errors-from-mount_setup_unit-f.patch
new file mode 100644
index 0000000..a8de335
--- /dev/null
+++ b/SOURCES/0808-mount-don-t-propagate-errors-from-mount_setup_unit-f.patch
@@ -0,0 +1,53 @@
+From 5b7b538fcd268288cea8d8b7f16f839afbf74f39 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 28 Nov 2018 12:41:44 +0100
+Subject: [PATCH] mount: don't propagate errors from mount_setup_unit() further
+ up
+
+If we can't process a specific line in /proc/self/mountinfo we should
+log about it (which we do), but this should not affect other lines, nor
+further processing of mount units. Let's keep these failures local.
+
+Fixes: #10874
+(cherry picked from commit ba0d56f55f2073164799be714b5bd1aad94d059a)
+Resolves: #1809159
+---
+ src/core/mount.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 3167bd6bb1..126038c27f 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -1571,7 +1571,7 @@ fail:
+ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
+ _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL;
+ _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL;
+- int r = 0;
++ int r;
+
+ assert(m);
+
+@@ -1587,7 +1587,6 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse /proc/self/mountinfo: %m");
+
+- r = 0;
+ for (;;) {
+ const char *device, *path, *options, *fstype;
+ _cleanup_free_ const char *d = NULL, *p = NULL;
+@@ -1615,12 +1614,10 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
+
+ (void) device_found_node(m, d, true, DEVICE_FOUND_MOUNT, set_flags);
+
+- k = mount_setup_unit(m, d, p, options, fstype, set_flags);
+- if (r == 0 && k < 0)
+- r = k;
++ (void) mount_setup_unit(m, d, p, options, fstype, set_flags);
+ }
+
+- return r;
++ return 0;
+ }
+
+ static void mount_shutdown(Manager *m) {
diff --git a/SOURCES/0809-mount-when-allocating-a-Mount-object-based-on-proc-s.patch b/SOURCES/0809-mount-when-allocating-a-Mount-object-based-on-proc-s.patch
new file mode 100644
index 0000000..d689d1a
--- /dev/null
+++ b/SOURCES/0809-mount-when-allocating-a-Mount-object-based-on-proc-s.patch
@@ -0,0 +1,35 @@
+From 58407f55ccfc83eef2bd14e672d13213ef93069d Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 28 Nov 2018 14:51:04 +0100
+Subject: [PATCH] mount: when allocating a Mount object based on
+ /proc/self/mountinfo mark it so
+
+Let's set 'from_proc_self_mountinfo' right away, since we know its from
+there. This is important so that when the load queue is dispatched (and
+thus mount_load() called) this
+fact is already known.
+
+(cherry picked from commit 6d7e89b07065b8c49af47aaf1ccc336d017fc3a2)
+Related: #1809159
+---
+ src/core/mount.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 126038c27f..34c4b548ad 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -1480,6 +1480,13 @@ static int mount_setup_unit(
+ }
+ }
+
++ /* This unit was generated because /proc/self/mountinfo reported it. Remember this, so that by the time we load
++ * the unit file for it (and thus add in extra deps right after) we know what source to attributes the deps
++ * to.*/
++ MOUNT(u)->from_proc_self_mountinfo = true;
++
++ /* We have only allocated the stub now, let's enqueue this unit for loading now, so that everything else is
++ * loaded in now. */
+ unit_add_to_load_queue(u);
+ changed = true;
+ } else {
diff --git a/SOURCES/0810-core-enforce-a-ratelimiter-when-stopping-units-due-t.patch b/SOURCES/0810-core-enforce-a-ratelimiter-when-stopping-units-due-t.patch
new file mode 100644
index 0000000..3d94ec4
--- /dev/null
+++ b/SOURCES/0810-core-enforce-a-ratelimiter-when-stopping-units-due-t.patch
@@ -0,0 +1,60 @@
+From f57ee0c7862260f3c7054b224f360cdef5140685 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 19 May 2015 16:00:24 +0200
+Subject: [PATCH] core: enforce a ratelimiter when stopping units due to
+ StopWhenUnneeded=1
+
+Otherwise we might end up in an endless stop loop.
+
+http://lists.freedesktop.org/archives/systemd-devel/2015-April/030224.html
+(cherry picked from commit bea355dac94e82697aa98e25d80ee4248263bf92)
+(cherry picked from commit 6c72a575c7c61e17c8e96b23042f7b4a5ac39339)
+
+Related: #1810576
+---
+ src/core/unit.c | 10 ++++++++++
+ src/core/unit.h | 3 +++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index eff9fdbe70..583b9fae28 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -97,6 +97,8 @@ Unit *unit_new(Manager *m, size_t size) {
+ u->on_failure_job_mode = JOB_REPLACE;
+ u->sigchldgen = 0;
+
++ RATELIMIT_INIT(u->check_unneeded_ratelimit, 10 * USEC_PER_SEC, 16);
++
+ return u;
+ }
+
+@@ -1594,6 +1596,14 @@ static void unit_check_unneeded(Unit *u) {
+ if (unit_active_or_pending(other))
+ return;
+
++ /* If stopping a unit fails continously we might enter a stop
++ * loop here, hence stop acting on the service being
++ * unnecessary after a while. */
++ if (!ratelimit_test(&u->check_unneeded_ratelimit)) {
++ log_unit_warning(u->id, "Unit not needed anymore, but not stopping since we tried this too often recently.");
++ return;
++ }
++
+ log_unit_info(u->id, "Unit %s is not needed anymore. Stopping.", u->id);
+
+ /* Ok, nobody needs us anymore. Sniff. Then let's commit suicide */
+diff --git a/src/core/unit.h b/src/core/unit.h
+index 3b0fd8d9df..29353ea81c 100644
+--- a/src/core/unit.h
++++ b/src/core/unit.h
+@@ -185,6 +185,9 @@ struct Unit {
+ /* Error code when we didn't manage to load the unit (negative) */
+ int load_error;
+
++ /* Make sure we never enter endless loops with the check unneeded logic */
++ RateLimit check_unneeded_ratelimit;
++
+ /* Cached unit file state and preset */
+ UnitFileState unit_file_state;
+ int unit_file_preset;
diff --git a/SOURCES/0811-core-rework-StopWhenUnneeded-logic.patch b/SOURCES/0811-core-rework-StopWhenUnneeded-logic.patch
new file mode 100644
index 0000000..cc78e66
--- /dev/null
+++ b/SOURCES/0811-core-rework-StopWhenUnneeded-logic.patch
@@ -0,0 +1,343 @@
+From c7c8a7648623a25c00dc585bd42b9037a20396c8 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 9 Aug 2018 16:26:27 +0200
+Subject: [PATCH] core: rework StopWhenUnneeded= logic
+
+Previously, we'd act immediately on StopWhenUnneeded= when a unit state
+changes. With this rework we'll maintain a queue instead: whenever
+there's the chance that StopWhenUneeded= might have an effect we enqueue
+the unit, and process it later when we have nothing better to do.
+
+This should make the implementation a bit more reliable, as the unit notify event
+cannot immediately enqueue tons of side-effect jobs that might
+contradict each other, but we do so only in a strictly ordered fashion,
+from the main event loop.
+
+This slightly changes the check when to consider a unit "unneeded".
+Previously, we'd assume that a unit in "deactivating" state could also
+be cleaned up. With this new logic we'll only consider units unneeded
+that are fully up and have no job queued. This means that whenever
+there's something pending for a unit we won't clean it up.
+
+(cherry picked from commit a3c1168ac293f16d9343d248795bb4c246aaff4a)
+(cherry picked from commit 65ebf5e453846e29ab5894670a83b5d8b942c858)
+
+Resolves: #1810576
+---
+ src/core/manager.c | 43 +++++++++++++++
+ src/core/manager.h | 3 ++
+ src/core/unit.c | 132 ++++++++++++++++++++++++---------------------
+ src/core/unit.h | 7 +++
+ 4 files changed, 124 insertions(+), 61 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 4c87ad8a2f..f0553b4df9 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -961,6 +961,45 @@ static unsigned manager_dispatch_gc_queue(Manager *m) {
+ return n;
+ }
+
++static unsigned manager_dispatch_stop_when_unneeded_queue(Manager *m) {
++ unsigned n = 0;
++ Unit *u;
++ int r;
++
++ assert(m);
++
++ while ((u = m->stop_when_unneeded_queue)) {
++ _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
++ assert(m->stop_when_unneeded_queue);
++
++ assert(u->in_stop_when_unneeded_queue);
++ LIST_REMOVE(stop_when_unneeded_queue, m->stop_when_unneeded_queue, u);
++ u->in_stop_when_unneeded_queue = false;
++
++ n++;
++
++ if (!unit_is_unneeded(u))
++ continue;
++
++ log_unit_debug(u->id, "Unit is not needed anymore.");
++
++ /* If stopping a unit fails continuously we might enter a stop loop here, hence stop acting on the
++ * service being unnecessary after a while. */
++
++ if (!ratelimit_test(&u->check_unneeded_ratelimit)) {
++ log_unit_warning(u->id, "Unit not needed anymore, but not stopping since we tried this too often recently.");
++ continue;
++ }
++
++ /* Ok, nobody needs us anymore. Sniff. Then let's commit suicide */
++ r = manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, true, &error, NULL);
++ if (r < 0)
++ log_unit_warning_errno(u->id, r, "Failed to enqueue stop job, ignoring: %s", bus_error_message(&error, r));
++ }
++
++ return n;
++}
++
+ static void manager_clear_jobs_and_units(Manager *m) {
+ Unit *u;
+
+@@ -977,6 +1016,7 @@ static void manager_clear_jobs_and_units(Manager *m) {
+ assert(!m->dbus_job_queue);
+ assert(!m->cleanup_queue);
+ assert(!m->gc_queue);
++ assert(!m->stop_when_unneeded_queue);
+
+ assert(hashmap_isempty(m->jobs));
+ assert(hashmap_isempty(m->units));
+@@ -2259,6 +2299,9 @@ int manager_loop(Manager *m) {
+ if (manager_dispatch_cgroup_queue(m) > 0)
+ continue;
+
++ if (manager_dispatch_stop_when_unneeded_queue(m) > 0)
++ continue;
++
+ if (manager_dispatch_dbus_queue(m) > 0)
+ continue;
+
+diff --git a/src/core/manager.h b/src/core/manager.h
+index cfc564dfb6..f9280956e9 100644
+--- a/src/core/manager.h
++++ b/src/core/manager.h
+@@ -117,6 +117,9 @@ struct Manager {
+ /* Target units whose default target dependencies haven't been set yet */
+ LIST_HEAD(Unit, target_deps_queue);
+
++ /* Units that might be subject to StopWhenUnneeded= clean-up */
++ LIST_HEAD(Unit, stop_when_unneeded_queue);
++
+ sd_event *event;
+
+ /* We use two hash tables here, since the same PID might be
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 583b9fae28..dc2df4c89c 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -380,6 +380,22 @@ void unit_add_to_dbus_queue(Unit *u) {
+ u->in_dbus_queue = true;
+ }
+
++void unit_add_to_stop_when_unneeded_queue(Unit *u) {
++ assert(u);
++
++ if (u->in_stop_when_unneeded_queue)
++ return;
++
++ if (!u->stop_when_unneeded)
++ return;
++
++ if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
++ return;
++
++ LIST_PREPEND(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
++ u->in_stop_when_unneeded_queue = true;
++}
++
+ static void bidi_set_free(Unit *u, Set *s) {
+ Iterator i;
+ Unit *other;
+@@ -544,6 +560,9 @@ void unit_free(Unit *u) {
+ u->manager->n_in_gc_queue--;
+ }
+
++ if (u->in_stop_when_unneeded_queue)
++ LIST_REMOVE(stop_when_unneeded_queue, u->manager->stop_when_unneeded_queue, u);
++
+ if (u->on_console)
+ manager_unref_console(u->manager);
+
+@@ -1565,49 +1584,68 @@ bool unit_can_reload(Unit *u) {
+ return UNIT_VTABLE(u)->can_reload(u);
+ }
+
+-static void unit_check_unneeded(Unit *u) {
+- Iterator i;
+- Unit *other;
++bool unit_is_unneeded(Unit *u) {
++ static const UnitDependency deps[] = {
++ UNIT_REQUIRED_BY,
++ UNIT_REQUIRED_BY_OVERRIDABLE,
++ UNIT_WANTED_BY,
++ UNIT_BOUND_BY,
++ };
++ size_t j;
+
+ assert(u);
+
+- /* If this service shall be shut down when unneeded then do
+- * so. */
+-
+ if (!u->stop_when_unneeded)
+- return;
++ return false;
+
+- if (!UNIT_IS_ACTIVE_OR_ACTIVATING(unit_active_state(u)))
+- return;
++ /* Don't clean up while the unit is transitioning or is even inactive. */
++ if (!UNIT_IS_ACTIVE_OR_RELOADING(unit_active_state(u)))
++ return false;
++ if (u->job)
++ return false;
+
+- SET_FOREACH(other, u->dependencies[UNIT_REQUIRED_BY], i)
+- if (unit_active_or_pending(other))
+- return;
++ for (j = 0; j < ELEMENTSOF(deps); j++) {
++ Unit *other;
++ Iterator i;
+
+- SET_FOREACH(other, u->dependencies[UNIT_REQUIRED_BY_OVERRIDABLE], i)
+- if (unit_active_or_pending(other))
+- return;
++ /* If a dependending unit has a job queued, or is active (or in transitioning), or is marked for
++ * restart, then don't clean this one up. */
+
+- SET_FOREACH(other, u->dependencies[UNIT_WANTED_BY], i)
+- if (unit_active_or_pending(other))
+- return;
++ SET_FOREACH(other, u->dependencies[deps[j]], i) {
++ if (u->job)
++ return false;
+
+- SET_FOREACH(other, u->dependencies[UNIT_BOUND_BY], i)
+- if (unit_active_or_pending(other))
+- return;
+-
+- /* If stopping a unit fails continously we might enter a stop
+- * loop here, hence stop acting on the service being
+- * unnecessary after a while. */
+- if (!ratelimit_test(&u->check_unneeded_ratelimit)) {
+- log_unit_warning(u->id, "Unit not needed anymore, but not stopping since we tried this too often recently.");
+- return;
++ if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))
++ return false;
++ }
+ }
+
+- log_unit_info(u->id, "Unit %s is not needed anymore. Stopping.", u->id);
++ return true;
++}
+
+- /* Ok, nobody needs us anymore. Sniff. Then let's commit suicide */
+- manager_add_job(u->manager, JOB_STOP, u, JOB_FAIL, true, NULL, NULL);
++static void check_unneeded_dependencies(Unit *u) {
++
++ static const UnitDependency deps[] = {
++ UNIT_REQUIRES,
++ UNIT_REQUIRES_OVERRIDABLE,
++ UNIT_REQUISITE,
++ UNIT_REQUISITE_OVERRIDABLE,
++ UNIT_WANTS,
++ UNIT_BINDS_TO,
++ };
++ size_t j;
++
++ assert(u);
++
++ /* Add all units this unit depends on to the queue that processes StopWhenUnneeded= behaviour. */
++
++ for (j = 0; j < ELEMENTSOF(deps); j++) {
++ Unit *other;
++ Iterator i;
++
++ SET_FOREACH(other, u->dependencies[deps[j]], i)
++ unit_add_to_stop_when_unneeded_queue(other);
++ }
+ }
+
+ static void unit_check_binds_to(Unit *u) {
+@@ -1693,34 +1731,6 @@ static void retroactively_stop_dependencies(Unit *u) {
+ manager_add_job(u->manager, JOB_STOP, other, JOB_REPLACE, true, NULL, NULL);
+ }
+
+-static void check_unneeded_dependencies(Unit *u) {
+- Iterator i;
+- Unit *other;
+-
+- assert(u);
+- assert(UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(u)));
+-
+- /* Garbage collect services that might not be needed anymore, if enabled */
+- SET_FOREACH(other, u->dependencies[UNIT_REQUIRES], i)
+- if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+- unit_check_unneeded(other);
+- SET_FOREACH(other, u->dependencies[UNIT_REQUIRES_OVERRIDABLE], i)
+- if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+- unit_check_unneeded(other);
+- SET_FOREACH(other, u->dependencies[UNIT_WANTS], i)
+- if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+- unit_check_unneeded(other);
+- SET_FOREACH(other, u->dependencies[UNIT_REQUISITE], i)
+- if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+- unit_check_unneeded(other);
+- SET_FOREACH(other, u->dependencies[UNIT_REQUISITE_OVERRIDABLE], i)
+- if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+- unit_check_unneeded(other);
+- SET_FOREACH(other, u->dependencies[UNIT_BINDS_TO], i)
+- if (!UNIT_IS_INACTIVE_OR_DEACTIVATING(unit_active_state(other)))
+- unit_check_unneeded(other);
+-}
+-
+ void unit_start_on_failure(Unit *u) {
+ Unit *other;
+ Iterator i;
+@@ -1898,7 +1908,7 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su
+ }
+
+ /* stop unneeded units regardless if going down was expected or not */
+- if (UNIT_IS_INACTIVE_OR_DEACTIVATING(ns))
++ if (UNIT_IS_INACTIVE_OR_FAILED(ns))
+ check_unneeded_dependencies(u);
+
+ if (ns != os && ns == UNIT_FAILED) {
+@@ -1959,7 +1969,7 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su
+ if (u->manager->n_reloading <= 0) {
+ /* Maybe we finished startup and are now ready for
+ * being stopped because unneeded? */
+- unit_check_unneeded(u);
++ unit_add_to_stop_when_unneeded_queue(u);
+
+ /* Maybe we finished startup, but something we needed
+ * has vanished? Let's die then. (This happens when
+diff --git a/src/core/unit.h b/src/core/unit.h
+index 29353ea81c..38c97397ee 100644
+--- a/src/core/unit.h
++++ b/src/core/unit.h
+@@ -165,6 +165,9 @@ struct Unit {
+ /* Target dependencies queue */
+ LIST_FIELDS(Unit, target_deps_queue);
+
++ /* Queue of units with StopWhenUnneeded set that shell be checked for clean-up. */
++ LIST_FIELDS(Unit, stop_when_unneeded_queue);
++
+ /* PIDs we keep an eye on. Note that a unit might have many
+ * more, but these are the ones we care enough about to
+ * process SIGCHLD for */
+@@ -235,6 +238,7 @@ struct Unit {
+ bool in_gc_queue:1;
+ bool in_cgroup_queue:1;
+ bool in_target_deps_queue:1;
++ bool in_stop_when_unneeded_queue:1;
+
+ bool sent_dbus_new_signal:1;
+
+@@ -508,6 +512,7 @@ void unit_add_to_dbus_queue(Unit *u);
+ void unit_add_to_cleanup_queue(Unit *u);
+ void unit_add_to_gc_queue(Unit *u);
+ void unit_add_to_target_deps_queue(Unit *u);
++void unit_add_to_stop_when_unneeded_queue(Unit *u);
+
+ int unit_merge(Unit *u, Unit *other);
+ int unit_merge_by_name(Unit *u, const char *other);
+@@ -627,6 +632,8 @@ int unit_make_transient(Unit *u);
+
+ int unit_require_mounts_for(Unit *u, const char *path);
+
++bool unit_is_unneeded(Unit *u);
++
+ pid_t unit_control_pid(Unit *u);
+ pid_t unit_main_pid(Unit *u);
+
diff --git a/SOURCES/0812-fix-the-fix-for-1691511.patch b/SOURCES/0812-fix-the-fix-for-1691511.patch
new file mode 100644
index 0000000..95f38e7
--- /dev/null
+++ b/SOURCES/0812-fix-the-fix-for-1691511.patch
@@ -0,0 +1,53 @@
+From 659b97b93d93ad05732831f6f097cf6f2a9c6410 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Mon, 16 Mar 2020 09:37:22 +0100
+Subject: [PATCH] fix the fix for #1691511
+
+The fix for #1691511 should have been used only for existing mounts
+(mount_setup_existing_unit() in current master).
+
+(cherry picked from commit 4584818bea998d257a166c238b829025b6138e55)
+
+Related: #1809159
+---
+ src/core/mount.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 34c4b548ad..56fda1b73f 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -1416,6 +1416,7 @@ static int mount_setup_unit(
+ bool load_extras = false;
+ MountParameters *p;
+ bool delete, changed = false;
++ bool just_mounted;
+ Unit *u;
+ int r;
+
+@@ -1489,6 +1490,7 @@ static int mount_setup_unit(
+ * loaded in now. */
+ unit_add_to_load_queue(u);
+ changed = true;
++ just_mounted = true;
+ } else {
+ delete = false;
+
+@@ -1518,6 +1520,8 @@ static int mount_setup_unit(
+ load_extras = true;
+ changed = true;
+ }
++
++ just_mounted = !MOUNT(u)->from_proc_self_mountinfo || MOUNT(u)->just_mounted;
+ }
+
+ w = strdup(what);
+@@ -1537,7 +1541,7 @@ static int mount_setup_unit(
+
+ if (set_flags) {
+ MOUNT(u)->is_mounted = true;
+- MOUNT(u)->just_mounted = !MOUNT(u)->from_proc_self_mountinfo || MOUNT(u)->just_mounted;
++ MOUNT(u)->just_mounted = just_mounted;
+ MOUNT(u)->just_changed = changed;
+ }
+
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index 5457686..46894de 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -7,7 +7,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 219
-Release: 69%{?dist}
+Release: 73%{?dist}.5
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: A System and Service Manager
@@ -797,6 +797,60 @@ Patch0755: 0755-pid1-free-basic-unit-information-at-the-very-end-bef.patch
Patch0756: 0756-pid1-properly-remove-references-to-the-unit-from-gc-.patch
Patch0757: 0757-core-timer-Prevent-timer-looping-when-unit-cannot-st.patch
Patch0758: 0758-service-relax-PID-file-symlink-chain-checks-a-bit-81.patch
+Patch0759: 0759-udev-rules-Add-rule-for-dev-kfd.patch
+Patch0760: 0760-core-exclude-.slice-units-from-systemctl-isolate.patch
+Patch0761: 0761-udev-scsi_id-fix-incorrect-page-length-when-get-devi.patch
+Patch0762: 0762-core-when-determining-whether-a-process-exit-status-.patch
+Patch0763: 0763-units-add-Wants-initrd-cleanup.service-to-initrd-swi.patch
+Patch0764: 0764-units-make-sure-initrd-cleanup.service-terminates-be.patch
+Patch0765: 0765-core-tiny-tweak-for-cgroup-trimming-during-manager_f.patch
+Patch0766: 0766-process-an-empty-environment-block-should-be-returne.patch
+Patch0767: 0767-core-make-sure-initrd-switch-root-command-survives-P.patch
+Patch0768: 0768-systemctl-always-avoid-being-killed-when-doing-switc.patch
+Patch0769: 0769-units-drop-KillMode-from-initrd-switch-root.service.patch
+Patch0770: 0770-systemctl-ignore-SIGTERM-after-switch-root.patch
+Patch0771: 0771-units-restore-Before-dependencies-for-systemd-vconso.patch
+Patch0772: 0772-core-reduce-the-number-of-stalled-PIDs-from-the-watc.patch
+Patch0773: 0773-timedate-use-gmtime_r-and-localtime_r.patch
+Patch0774: 0774-sd-bus-stop-using-the-result-of-an-assignment-as-an-.patch
+Patch0775: 0775-journal-upload-add-asserts-that-snprintf-does-not-re.patch
+Patch0776: 0776-analyze-actually-select-longest-activated-time-of-se.patch
+Patch0777: 0777-pid1-remove-unnecessary-error-reassignment.patch
+Patch0778: 0778-core-drop-unnecessary-condition.patch
+Patch0779: 0779-import-drop-unnecessary-condition.patch
+Patch0780: 0780-journal-verify-add-comment-and-silence-LGTM-warning.patch
+Patch0781: 0781-journal-drop-redundant-condition.patch
+Patch0782: 0782-lldp-set-correct-state-for-processing.patch
+Patch0783: 0783-sd-bus-fix-implicit-downcast-of-bitfield-reported-by.patch
+Patch0784: 0784-tree-wide-use-signed-int-instead-of-int-for-bit-fiel.patch
+Patch0785: 0785-machinectl-check-correct-FD-for-a-return-value.patch
+Patch0786: 0786-shared-install-avoid-overwriting-r-counter-with-a-pa.patch
+Patch0787: 0787-systemctl-set_put-can-t-return-EEXIST.patch
+Patch0788: 0788-systemctl-remove-dead-check.patch
+Patch0789: 0789-journal-gateway-explicitly-declare-local-variables.patch
+Patch0790: 0790-journal-gateway-use-localStorage-cursor-only-when-it.patch
+Patch0791: 0791-lgtm-ignore-files-dropped-in-upstream.patch
+Patch0792: 0792-lgtm-suppress-several-constant-comparisons.patch
+Patch0793: 0793-core-add-a-new-unit_needs_console-call.patch
+Patch0794: 0794-core-rework-how-we-count-the-n_on_console-counter.patch
+Patch0795: 0795-service-introduce-protocol-error-type.patch
+Patch0796: 0796-service-fix-main-processes-exit-behavior-for-type-no.patch
+Patch0797: 0797-service-go-through-stop_post-on-failure-4770.patch
+Patch0798: 0798-Call-getgroups-to-know-size-of-supplementary-groups-.patch
+Patch0799: 0799-udev-introduce-CONST-key-name.patch
+Patch0800: 0800-path-stop-watching-path-specs-once-we-triggered-the-.patch
+Patch0801: 0801-unit-fix-potential-use-of-cgroup_path-after-free-whe.patch
+Patch0802: 0802-core-when-restarting-services-don-t-close-fds.patch
+Patch0803: 0803-unit-rework-a-bit-how-we-keep-the-service-fdstore-fr.patch
+Patch0804: 0804-tests-add-basic-journal-test.patch
+Patch0805: 0805-tests-add-regression-test-for-systemctl-restart-syst.patch
+Patch0806: 0806-tests-add-test-that-journald-keeps-fds-over-terminat.patch
+Patch0807: 0807-journal-do-not-trigger-assertion-when-journal_file_c.patch
+Patch0808: 0808-mount-don-t-propagate-errors-from-mount_setup_unit-f.patch
+Patch0809: 0809-mount-when-allocating-a-Mount-object-based-on-proc-s.patch
+Patch0810: 0810-core-enforce-a-ratelimiter-when-stopping-units-due-t.patch
+Patch0811: 0811-core-rework-StopWhenUnneeded-logic.patch
+Patch0812: 0812-fix-the-fix-for-1691511.patch
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
@@ -986,6 +1040,7 @@ git init
git config user.email "systemd-maint@redhat.com"
git config user.name "systemd team"
git add .
+git add -f src/journal-remote/browse.html
git commit -a -q -m "%{version} baseline."
# Apply all the patches.
@@ -1773,6 +1828,81 @@ fi
%{_mandir}/man8/systemd-resolved.*
%changelog
+* Tue Mar 17 2020 systemd maintenance team <systemd-maint@redhat.com> - 219-73.5
+- core: enforce a ratelimiter when stopping units due to StopWhenUnneeded=1 (#1810576)
+- core: rework StopWhenUnneeded= logic (#1810576)
+- fix the fix for #1691511 (#1809159)
+
+* Thu Mar 12 2020 systemd maintenance team <systemd-maint@redhat.com> - 219-73.4
+- mount: don't propagate errors from mount_setup_unit() further up (#1809159)
+- mount: when allocating a Mount object based on /proc/self/mountinfo mark it so (#1809159)
+
+* Thu Mar 05 2020 systemd maintenance team <systemd-maint@redhat.com> - 219-73.3
+- journal: do not trigger assertion when journal_file_close() get NULL (#1807798)
+
+* Tue Feb 18 2020 systemd maintenance team <systemd-maint@redhat.com> - 219-73.2
+- core: when restarting services, don't close fds (#1803802)
+- unit: rework a bit how we keep the service fdstore from being destroyed during service restart (#1803802)
+- tests: add basic journal test (#1803802)
+- tests: add regression test for `systemctl restart systemd-journald` (#1803802)
+- tests: add test that journald keeps fds over termination by signal (#1803802)
+
+* Fri Nov 29 2019 Lukas Nykryn <lnykryn@redhat.com> - 219-73.1
+- unit: fix potential use of cgroup_path after free() when freeing unit (#1760149)
+
+* Fri Oct 25 2019 Lukas Nykryn <lnykryn@redhat.com> - 219-73
+- path: stop watching path specs once we triggered the target unit (#1641777)
+
+* Thu Oct 24 2019 Lukas Nykryn <lnykryn@redhat.com> - 219-72
+- service: introduce protocol error type (#1733998)
+- service: fix main processes exit behavior for type notify services (#1733998)
+- service: go through stop_post on failure (#4770) (#1733998)
+- Call getgroups() to know size of supplementary groups array to allocate (#1743230256 KB)
+- udev: introduce CONST key name (#1748051)
+
+* Thu Oct 10 2019 Lukas Nykryn <lnykryn@redhat.com> - 219-71
+- core: add a new unit_needs_console() call (#1524359)
+- core: rework how we count the n_on_console counter (#1524359)
+
+* Fri Sep 27 2019 Lukas Nykryn <lnykryn@redhat.com> - 219-70
+- add src/journal-remote/browse.html to index
+
+* Fri Sep 27 2019 Lukas Nykryn <lnykryn@redhat.com> - 219-70
+- udev-rules: Add rule for /dev/kfd (#1659516)
+- core: exclude .slice units from "systemctl isolate" (#1745199)
+- udev/scsi_id: fix incorrect page length when get device identification VPD page (#1635945)
+- core: when determining whether a process exit status is clean, consider whether it is a command or a daemon (#1560417)
+- units: add Wants=initrd-cleanup.service to initrd-switch-root.target (#4345) (#1560417)
+- units: make sure initrd-cleanup.service terminates before switching to rootfs (#1560417)
+- core: tiny tweak for cgroup trimming during manager_free() (#1630378)
+- process: an empty environment block should be returned as such (#1685648)
+- core: make sure initrd-switch-root command survives PID1's killing spree (#4730) (#1754053)
+- systemctl: always avoid being killed when doing switch-root (#1754053)
+- units: drop KillMode= from initrd-switch-root.service (#1754053)
+- systemctl: ignore SIGTERM after switch root (#1754053)
+- units: restore Before dependencies for systemd-vconsole-setup.service (#1754053)
+- core: reduce the number of stalled PIDs from the watched processes list when possible (#1501796)
+- timedate: use gmtime_r() and localtime_r() (#1694605)
+- sd-bus: stop using the result of an assignment as an operand of && (#1694605)
+- journal-upload: add asserts that snprintf does not return an error (#1694605)
+- analyze: actually select longest activated-time of services (#1694605)
+- pid1: remove unnecessary error reassignment (#1694605)
+- core: drop unnecessary condition (#1694605)
+- import: drop unnecessary condition (#1694605)
+- journal-verify: add comment and silence LGTM warning (#1694605)
+- journal: drop redundant condition (#1694605)
+- lldp: set correct state for processing (#1694605)
+- sd-bus: fix implicit downcast of bitfield reported by LGTM (#1694605)
+- tree-wide: use 'signed int' instead of 'int' for bit field variables (#1694605)
+- machinectl: check correct FD for a return value (#1694605)
+- shared/install: avoid overwriting 'r' counter with a partial result (#1694605)
+- systemctl: set_put() can't return (-)EEXIST (#1694605)
+- systemctl: remove dead check (#1694605)
+- journal-gateway: explicitly declare local variables (#1694605)
+- journal-gateway: use localStorage["cursor"] only when it has valid value (#1694605)
+- lgtm: ignore files dropped in upstream (#1694605)
+- lgtm: suppress several constant comparisons (#1694605)
+
* Thu Aug 22 2019 Lukas Nykryn <lnykryn@redhat.com> - 219-69
- revert local changes made during backport of the test (#1726785)
- core: add a "Requires=" dependency between units and the slices they are located in (#1718953)