diff --git a/SOURCES/0408-If-the-notification-message-length-is-0-ignore-the-m.patch b/SOURCES/0408-If-the-notification-message-length-is-0-ignore-the-m.patch
new file mode 100644
index 0000000..5d58940
--- /dev/null
+++ b/SOURCES/0408-If-the-notification-message-length-is-0-ignore-the-m.patch
@@ -0,0 +1,31 @@
+From 3ee0d3abc55571bdc13f1897688443a1538db367 Mon Sep 17 00:00:00 2001
+From: Jorge Niedbalski <jorge.niedbalski@canonical.com>
+Date: Wed, 28 Sep 2016 18:25:50 -0300
+Subject: [PATCH] If the notification message length is 0, ignore the message
+ (#4237)
+
+Fixes #4234.
+
+Signed-off-by: Jorge Niedbalski <jnr@metaklass.org>
+
+Cherry-picked from: 531ac2b2349da02acc9c382849758e07eb92b020
+Resolves: #1381573
+---
+ src/core/manager.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 71dd70c..689b266 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1678,6 +1678,10 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+
+ return -errno;
+ }
++ if (n == 0) {
++ log_debug("Got zero-length notification message. Ignoring.");
++ return 0;
++ }
+
+ CMSG_FOREACH(cmsg, &msghdr) {
+ if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
diff --git a/SOURCES/0409-systemctl-suppress-errors-with-show-for-nonexistent-.patch b/SOURCES/0409-systemctl-suppress-errors-with-show-for-nonexistent-.patch
new file mode 100644
index 0000000..2cc6250
--- /dev/null
+++ b/SOURCES/0409-systemctl-suppress-errors-with-show-for-nonexistent-.patch
@@ -0,0 +1,61 @@
+From aa23eb11cab247e713a19957eaaa80f7b5454ddc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sat, 24 Sep 2016 20:58:04 -0400
+Subject: [PATCH] systemctl: suppress errors with "show" for nonexistent units
+ and properties
+
+Show is documented to be program-parseable, and printing the warning about
+about a non-existent unit, while useful for humans, broke a lot of scripts.
+Restore previous behaviour of returning success and printing empty or useless
+stuff for units which do not exist, and printing empty values for properties
+which do not exists.
+
+With SYSTEMD_LOG_LEVEL=debug, hints are printed, but the return value is
+still 0.
+
+This undoes parts of e33a06a and 3dced37b7 and fixes #3856.
+
+We might consider adding an explicit switch to fail on missing units/properties
+(e.g. --ensure-exists or similar), and make -P foobar equivalent to
+--ensure-exists --property=foobar.
+
+Cherry-picked from: bd5b9f0a12dd9c1947b11534e99c395ddf44caa9
+Resolves: #1380686
+---
+ src/systemctl/systemctl.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 0644784..a578897 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -4272,12 +4272,14 @@ static int show_one(
+ return log_error_errno(r, "Failed to map properties: %s", bus_error_message(&error, r));
+
+ if (streq_ptr(info.load_state, "not-found") && streq_ptr(info.active_state, "inactive")) {
+- log_error("Unit %s could not be found.", unit);
++ log_full(streq(verb, "status") ? LOG_ERR : LOG_DEBUG,
++ "Unit %s could not be found.", unit);
+
+ if (streq(verb, "status"))
+ return EXIT_PROGRAM_OR_SERVICES_STATUS_UNKNOWN;
+
+- return -ENOENT;
++ if (!streq(verb, "show"))
++ return -ENOENT;
+ }
+
+ r = sd_bus_message_rewind(reply, true);
+@@ -4343,10 +4345,11 @@ static int show_one(
+
+ if (show_properties) {
+ char **pp;
++ int not_found_level = streq(verb, "show") ? LOG_DEBUG : LOG_WARNING;
+
+ STRV_FOREACH(pp, arg_properties) {
+ if (!set_contains(found_properties, *pp)) {
+- log_warning("Property %s does not exist.", *pp);
++ log_full(not_found_level, "Property %s does not exist.", *pp);
+ r = -ENXIO;
+ }
+ }
diff --git a/SOURCES/0410-40-redhat.rules-disable-auto-online-of-hot-plugged-m.patch b/SOURCES/0410-40-redhat.rules-disable-auto-online-of-hot-plugged-m.patch
new file mode 100644
index 0000000..54f4ad7
--- /dev/null
+++ b/SOURCES/0410-40-redhat.rules-disable-auto-online-of-hot-plugged-m.patch
@@ -0,0 +1,24 @@
+From 48e2af5667e67a7a7f58eb17aaf5349379b2484a Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Fri, 16 Sep 2016 14:45:01 +0200
+Subject: [PATCH] 40-redhat.rules: disable auto-online of hot-plugged memory on
+ IBM z Systems
+
+Resolves: #1381123
+---
+ rules/40-redhat.rules | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rules/40-redhat.rules b/rules/40-redhat.rules
+index 4c56950..0164dc9 100644
+--- a/rules/40-redhat.rules
++++ b/rules/40-redhat.rules
+@@ -4,7 +4,7 @@
+ SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1"
+
+ # Memory hotadd request
+-SUBSYSTEM=="memory", ACTION=="add", PROGRAM="/usr/bin/systemd-detect-virt", RESULT!="zvm", ATTR{state}=="offline", ATTR{state}="online"
++SUBSYSTEM=="memory", ACTION=="add", PROGRAM="/bin/uname -p", RESULT!="s390*", ATTR{state}=="offline", ATTR{state}="online"
+
+ # reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded
+ ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
diff --git a/SOURCES/0411-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch b/SOURCES/0411-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
new file mode 100644
index 0000000..4508403
--- /dev/null
+++ b/SOURCES/0411-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
@@ -0,0 +1,49 @@
+From 7b00eff77b5606ff5563e374020d554a40bca833 Mon Sep 17 00:00:00 2001
+From: Franck Bui <fbui@suse.com>
+Date: Thu, 29 Sep 2016 19:44:34 +0200
+Subject: [PATCH] pid1: don't return any error in manager_dispatch_notify_fd()
+ (#4240)
+
+If manager_dispatch_notify_fd() fails and returns an error then the handling of
+service notifications will be disabled entirely leading to a compromised system.
+
+For example pid1 won't be able to receive the WATCHDOG messages anymore and
+will kill all services supposed to send such messages.
+Cherry-picked from: 9987750e7a4c62e0eb8473603150596ba7c3a015
+Resolves: #1381573
+---
+ src/core/manager.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 689b266..ed81059 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1673,10 +1673,14 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+
+ n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
+ if (n < 0) {
+- if (errno == EAGAIN || errno == EINTR)
+- return 0;
++ if (!IN_SET(errno, EAGAIN, EINTR))
++ log_error("Failed to receive notification message: %m");
+
+- return -errno;
++ /* It's not an option to return an error here since it
++ * would disable the notification handler entirely. Services
++ * wouldn't be able to send the WATCHDOG message for
++ * example... */
++ return 0;
+ }
+ if (n == 0) {
+ log_debug("Got zero-length notification message. Ignoring.");
+@@ -1703,7 +1707,8 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+ r = fdset_new_array(&fds, fd_array, n_fds);
+ if (r < 0) {
+ close_many(fd_array, n_fds);
+- return log_oom();
++ log_oom();
++ return 0;
+ }
+ }
+
diff --git a/SOURCES/0412-pid1-process-zero-length-notification-messages-again.patch b/SOURCES/0412-pid1-process-zero-length-notification-messages-again.patch
new file mode 100644
index 0000000..663ca63
--- /dev/null
+++ b/SOURCES/0412-pid1-process-zero-length-notification-messages-again.patch
@@ -0,0 +1,78 @@
+From 79e0852a6a3f20cba92ac18aa6ac61d24d04d3c7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 29 Sep 2016 16:06:02 +0200
+Subject: [PATCH] pid1: process zero-length notification messages again
+
+This undoes 531ac2b234. I acked that patch without looking at the code
+carefully enough. There are two problems:
+- we want to process the fds anyway
+- in principle empty notification messages are valid, and we should
+ process them as usual, including logging using log_unit_debug().
+
+Cherry-picked from: a86b767
+Resolves: #1381573
+---
+ src/core/manager.c | 15 ++++++---------
+ 1 file changed, 6 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index ed81059..0376c4d 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1614,13 +1614,12 @@ static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, ui
+ return 0;
+ }
+
+-static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, char *buf, size_t n, FDSet *fds) {
++static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const char *buf, FDSet *fds) {
+ _cleanup_strv_free_ char **tags = NULL;
+
+ assert(m);
+ assert(u);
+ assert(buf);
+- assert(n > 0);
+
+ tags = strv_split(buf, "\n\r");
+ if (!tags) {
+@@ -1682,10 +1681,6 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+ * example... */
+ return 0;
+ }
+- if (n == 0) {
+- log_debug("Got zero-length notification message. Ignoring.");
+- return 0;
+- }
+
+ CMSG_FOREACH(cmsg, &msghdr) {
+ if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
+@@ -1722,25 +1717,27 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+ return 0;
+ }
+
++ /* The message should be a string. Here we make sure it's NUL-terminated,
++ * but only the part until first NUL will be used anyway. */
+ buf[n] = 0;
+
+ /* Notify every unit that might be interested, but try
+ * to avoid notifying the same one multiple times. */
+ u1 = manager_get_unit_by_pid(m, ucred->pid);
+ if (u1) {
+- manager_invoke_notify_message(m, u1, ucred->pid, buf, n, fds);
++ manager_invoke_notify_message(m, u1, ucred->pid, buf, fds);
+ found = true;
+ }
+
+ u2 = hashmap_get(m->watch_pids1, LONG_TO_PTR(ucred->pid));
+ if (u2 && u2 != u1) {
+- manager_invoke_notify_message(m, u2, ucred->pid, buf, n, fds);
++ manager_invoke_notify_message(m, u2, ucred->pid, buf, fds);
+ found = true;
+ }
+
+ u3 = hashmap_get(m->watch_pids2, LONG_TO_PTR(ucred->pid));
+ if (u3 && u3 != u2 && u3 != u1) {
+- manager_invoke_notify_message(m, u3, ucred->pid, buf, n, fds);
++ manager_invoke_notify_message(m, u3, ucred->pid, buf, fds);
+ found = true;
+ }
+
diff --git a/SOURCES/0413-pid1-more-informative-error-message-for-ignored-noti.patch b/SOURCES/0413-pid1-more-informative-error-message-for-ignored-noti.patch
new file mode 100644
index 0000000..f273805
--- /dev/null
+++ b/SOURCES/0413-pid1-more-informative-error-message-for-ignored-noti.patch
@@ -0,0 +1,37 @@
+From 339ce6209591d0c6b240f6d94c1d2997405352a2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 29 Sep 2016 16:07:41 +0200
+Subject: [PATCH] pid1: more informative error message for ignored
+ notifications
+
+It's probably easier to diagnose a bad notification message if the
+contents are printed. But still, do anything only if debugging is on.
+
+ Conflicts:
+ src/core/manager.c
+
+Cherry-picked from: a86b76753d7868c2d05f046f601bc7dc89fc2203
+Resolves: #1381573
+---
+ src/core/manager.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 0376c4d..27f032b 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1631,6 +1631,14 @@ static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const
+
+ if (UNIT_VTABLE(u)->notify_message)
+ UNIT_VTABLE(u)->notify_message(u, pid, tags, fds);
++ else if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
++ _cleanup_free_ char *x = NULL, *y = NULL;
++
++ x = cescape(buf);
++ if (x)
++ y = ellipsize(x, 20, 90);
++ log_unit_debug(u, "Got notification message \"%s\", ignoring.", strnull(y));
++ }
+ }
+
+ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
diff --git a/SOURCES/0414-manager-219-needs-u-id-in-log_unit_debug.patch b/SOURCES/0414-manager-219-needs-u-id-in-log_unit_debug.patch
new file mode 100644
index 0000000..21c7e48
--- /dev/null
+++ b/SOURCES/0414-manager-219-needs-u-id-in-log_unit_debug.patch
@@ -0,0 +1,24 @@
+From f5bf6f4c0d1857ce3c8a68e862e29ab7fb6684ee Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Fri, 7 Oct 2016 14:05:40 +0200
+Subject: [PATCH] manager: 219 needs u->id in log_unit_debug
+
+RHEL-only
+Related: #1381573
+---
+ src/core/manager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 27f032b..6d045fd 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1637,7 +1637,7 @@ static void manager_invoke_notify_message(Manager *m, Unit *u, pid_t pid, const
+ x = cescape(buf);
+ if (x)
+ y = ellipsize(x, 20, 90);
+- log_unit_debug(u, "Got notification message \"%s\", ignoring.", strnull(y));
++ log_unit_debug(u->id, "Got notification message \"%s\", ignoring.", strnull(y));
+ }
+ }
+
diff --git a/SOURCES/0415-mtd_probe-add-include-for-stdint.patch b/SOURCES/0415-mtd_probe-add-include-for-stdint.patch
new file mode 100644
index 0000000..e9e2d0b
--- /dev/null
+++ b/SOURCES/0415-mtd_probe-add-include-for-stdint.patch
@@ -0,0 +1,25 @@
+From 7d78e4a96b47b16330b2d28ff0cc5a51936e9fe9 Mon Sep 17 00:00:00 2001
+From: Lukas Nykryn <lnykryn@redhat.com>
+Date: Fri, 7 Oct 2016 15:17:12 +0200
+Subject: [PATCH] mtd_probe: add include for stdint
+
+The missing include is causing troubles on arm
+
+RHEL-only
+Related: #1381573
+---
+ src/udev/mtd_probe/mtd_probe.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/udev/mtd_probe/mtd_probe.h b/src/udev/mtd_probe/mtd_probe.h
+index d99be9a..cead374 100644
+--- a/src/udev/mtd_probe/mtd_probe.h
++++ b/src/udev/mtd_probe/mtd_probe.h
+@@ -20,6 +20,7 @@
+ #pragma once
+
+ #include <mtd/mtd-user.h>
++#include <stdint.h>
+
+ /* Full oob structure as written on the flash */
+ struct sm_oob {
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index 95d164a..22e000b 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -7,7 +7,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 219
-Release: 30%{?dist}
+Release: 30%{?dist}.3
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: A System and Service Manager
@@ -442,6 +442,14 @@ Patch0404: 0404-systemctl-core-ignore-masked-units-in-preset-all.patch
Patch0405: 0405-shared-install-handle-dangling-aliases-as-an-explici.patch
Patch0406: 0406-shared-install-ignore-unit-symlinks-when-doing-prese.patch
Patch0407: 0407-40-redhat.rules-don-t-hoplug-memory-on-s390x.patch
+Patch0408: 0408-If-the-notification-message-length-is-0-ignore-the-m.patch
+Patch0409: 0409-systemctl-suppress-errors-with-show-for-nonexistent-.patch
+Patch0410: 0410-40-redhat.rules-disable-auto-online-of-hot-plugged-m.patch
+Patch0411: 0411-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
+Patch0412: 0412-pid1-process-zero-length-notification-messages-again.patch
+Patch0413: 0413-pid1-more-informative-error-message-for-ignored-noti.patch
+Patch0414: 0414-manager-219-needs-u-id-in-log_unit_debug.patch
+Patch0415: 0415-mtd_probe-add-include-for-stdint.patch
%global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
@@ -700,6 +708,9 @@ CONFIGURE_OPTS=(
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0"
+RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0"
+RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0"
+RPM_OPT_FLAGS="$RPM_OPT_FLAGS -O0"
%configure "${CONFIGURE_OPTS[@]}"
make %{?_smp_mflags} GCC_COLORS="" V=1
@@ -1420,6 +1431,20 @@ getent passwd systemd-resolve >/dev/null 2>&1 || useradd -r -u 193 -l -g systemd
%{_mandir}/man8/systemd-resolved.*
%changelog
+* Fri Oct 07 2016 Lukas Nykryn <lnykryn@redhat.com> - 219-30.3
+- mtd_probe: add include for stdint (#1381573)
+
+* Fri Oct 07 2016 Lukas Nykryn <lnykryn@redhat.com> - 219-30.2
+- manager: 219 needs u->id in log_unit_debug (#1381573)
+
+* Wed Oct 05 2016 Lukas Nykryn <lnykryn@redhat.com> - 219-30.1
+- If the notification message length is 0, ignore the message (#4237) (#1381573)
+- systemctl: suppress errors with "show" for nonexistent units and properties (#1380686)
+- 40-redhat.rules: disable auto-online of hot-plugged memory on IBM z Systems (#1381123)
+- pid1: don't return any error in manager_dispatch_notify_fd() (#4240) (#1381573)
+- pid1: process zero-length notification messages again (#1381573)
+- pid1: more informative error message for ignored notifications (#1381573)
+
* Tue Sep 13 2016 Lukas Nykryn <lnykryn@redhat.com> - 219-30
- systemctl,pid1: do not warn about missing install info with "preset" (#1373950)
- systemctl/core: ignore masked units in preset-all (#1375097)