diff --git a/SOURCES/0564-Revert-udev-run-link_update-with-increased-retry-cou.patch b/SOURCES/0564-Revert-udev-run-link_update-with-increased-retry-cou.patch
index cca9c5d..a6ad6a9 100644
--- a/SOURCES/0564-Revert-udev-run-link_update-with-increased-retry-cou.patch
+++ b/SOURCES/0564-Revert-udev-run-link_update-with-increased-retry-cou.patch
@@ -1,4 +1,4 @@
-From 43c0bcb8b24edb83bc265cdde264e6d2a36d1cea Mon Sep 17 00:00:00 2001
+From 1afb38f39a9b4508533cc1c7262e5fff418cb317 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 17 May 2021 15:49:08 +0200
Subject: [PATCH] Revert "udev: run link_update() with increased retry count in
@@ -6,7 +6,7 @@ Subject: [PATCH] Revert "udev: run link_update() with increased retry count in
This reverts commit 1f3165bda13c8572c8c31d23c998835c4e2ad8f3.
-Related: #1963980
+Related: #1942299
---
src/udev/udev-event.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/SOURCES/0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch b/SOURCES/0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch
index f9c38cf..3d5cc9c 100644
--- a/SOURCES/0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch
+++ b/SOURCES/0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch
@@ -1,4 +1,4 @@
-From 612773fa8b6333dcdac382849e81fa5a473dd1f9 Mon Sep 17 00:00:00 2001
+From 897b4d1e19c706d9198b9308125df57a5d469a6b Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 17 May 2021 15:50:31 +0200
Subject: [PATCH] Revert "udev: make algorithm that selects highest priority
@@ -6,7 +6,7 @@ Subject: [PATCH] Revert "udev: make algorithm that selects highest priority
This reverts commit 1d5f966c1758eb620755fcae54abd07a1ac36d3d.
-Related: #1963980
+Related: #1942299
---
src/udev/udev-event.c | 71 +++++-------
src/udev/udev-node.c | 244 ++++++++++++------------------------------
diff --git a/SOURCES/0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch b/SOURCES/0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch
index 4eb0e15..72eea13 100644
--- a/SOURCES/0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch
+++ b/SOURCES/0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch
@@ -1,4 +1,4 @@
-From bc21daeb780911d586de7ff0004ed2bc515b8826 Mon Sep 17 00:00:00 2001
+From 94ad224240140a7287f9e2be5905b9c506350193 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 17 May 2021 15:54:10 +0200
Subject: [PATCH] test/udev-test.pl: drop test cases that add mutliple devices
@@ -7,7 +7,7 @@ Subject: [PATCH] test/udev-test.pl: drop test cases that add mutliple devices
udev test fail. Once we reintroduce the fix for link_update()
we will revert this commit.]
-Related: #1963980
+Related: #1942299
---
test/udev-test.pl | 179 ----------------------------------------------
1 file changed, 179 deletions(-)
diff --git a/SOURCES/0567-cgroup-Also-set-io.bfq.weight.patch b/SOURCES/0567-cgroup-Also-set-io.bfq.weight.patch
new file mode 100644
index 0000000..f06d372
--- /dev/null
+++ b/SOURCES/0567-cgroup-Also-set-io.bfq.weight.patch
@@ -0,0 +1,41 @@
+From 4e589237979fdf90af38d466abd7fcd852356f02 Mon Sep 17 00:00:00 2001
+From: Kai Krakow <kai@kaishome.de>
+Date: Sat, 17 Aug 2019 02:33:43 +0200
+Subject: [PATCH] cgroup: Also set io.bfq.weight
+
+Current kernels with BFQ scheduler do not yet set their IO weight
+through "io.weight" but through "io.bfq.weight" (using a slightly
+different interface supporting only default weights, not per-device
+weights). This commit enables "IOWeight=" to just to that.
+
+This patch may be dropped at some time later.
+
+Github-Link: https://github.com/systemd/systemd/issues/7057
+Signed-off-by: Kai Krakow <kai@kaishome.de>
+
+(cherry picked from commit 21221ce1ce9a572e82d46d80692afd65c224fc50)
+
+Related: #1927290
+---
+ src/core/cgroup.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/core/cgroup.c b/src/core/cgroup.c
+index 71e30fd4db..f02cc31c6e 100644
+--- a/src/core/cgroup.c
++++ b/src/core/cgroup.c
+@@ -984,6 +984,14 @@ static void cgroup_context_apply(
+ log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
+ "Failed to set io.weight: %m");
+
++ /* FIXME: drop this when distro kernels properly support BFQ through "io.weight"
++ * See also: https://github.com/systemd/systemd/pull/13335 */
++ xsprintf(buf, "%" PRIu64 "\n", weight);
++ r = cg_set_attribute("io", path, "io.bfq.weight", buf);
++ if (r < 0)
++ log_unit_full(u, IN_SET(r, -ENOENT, -EROFS, -EACCES) ? LOG_DEBUG : LOG_WARNING, r,
++ "Failed to set io.bfq.weight: %m");
++
+ if (has_io) {
+ CGroupIODeviceWeight *w;
+
diff --git a/SOURCES/0568-seccomp-allow-turning-off-of-seccomp-filtering-via-e.patch b/SOURCES/0568-seccomp-allow-turning-off-of-seccomp-filtering-via-e.patch
new file mode 100644
index 0000000..58d8b14
--- /dev/null
+++ b/SOURCES/0568-seccomp-allow-turning-off-of-seccomp-filtering-via-e.patch
@@ -0,0 +1,82 @@
+From e706f5df66b7189a7df526aeeb45c86b8c4b057a Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 2 Nov 2020 14:51:10 +0100
+Subject: [PATCH] seccomp: allow turning off of seccomp filtering via env var
+
+Fixes: #17504
+
+(While we are it, also move $SYSTEMD_SECCOMP_LOG= env var description
+into the right document section)
+
+Also suggested in: https://github.com/systemd/systemd/issues/17245#issuecomment-704773603
+
+(cherry picked from commit ce8f6d478e3f6c6a313fb19615aa5029bb18f86d)
+
+Resolves: #1916835
+---
+ doc/ENVIRONMENT.md | 3 +++
+ src/nspawn/nspawn-seccomp.c | 2 +-
+ src/shared/seccomp-util.c | 19 +++++++++++++++----
+ 3 files changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/doc/ENVIRONMENT.md b/doc/ENVIRONMENT.md
+index 0e763b6302..36b649afe1 100644
+--- a/doc/ENVIRONMENT.md
++++ b/doc/ENVIRONMENT.md
+@@ -117,3 +117,6 @@ systemd-sulogin-shell:
+ * `$SYSTEMD_SULOGIN_FORCE=1` — This skips asking for the root password if the
+ root password is not available (such as when the root account is locked).
+ See `sulogin(8)` for more details.
++
++* `$SYSTEMD_SECCOMP=0` – if set, seccomp filters will not be enforced, even if
++ support for it is compiled in and available in the kernel.
+diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
+index b56c5b04a8..fba22644da 100644
+--- a/src/nspawn/nspawn-seccomp.c
++++ b/src/nspawn/nspawn-seccomp.c
+@@ -172,7 +172,7 @@ int setup_seccomp(uint64_t cap_list_retain, char **syscall_whitelist, char **sys
+ int r;
+
+ if (!is_seccomp_available()) {
+- log_debug("SECCOMP features not detected in the kernel, disabling SECCOMP filterering");
++ log_debug("SECCOMP features not detected in the kernel or disabled at runtime, disabling SECCOMP filtering");
+ return 0;
+ }
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index d91fb4e269..e903512d45 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -12,6 +12,7 @@
+
+ #include "af-list.h"
+ #include "alloc-util.h"
++#include "env-util.h"
+ #include "macro.h"
+ #include "nsflags.h"
+ #include "process-util.h"
+@@ -244,10 +245,20 @@ static bool is_seccomp_filter_available(void) {
+ bool is_seccomp_available(void) {
+ static int cached_enabled = -1;
+
+- if (cached_enabled < 0)
+- cached_enabled =
+- is_basic_seccomp_available() &&
+- is_seccomp_filter_available();
++ if (cached_enabled < 0) {
++ int b;
++
++ b = getenv_bool("SYSTEMD_SECCOMP");
++ if (b != 0) {
++ if (b < 0 && b != -ENXIO) /* ENXIO: env var unset */
++ log_debug_errno(b, "Failed to parse $SYSTEMD_SECCOMP value, ignoring.");
++
++ cached_enabled =
++ is_basic_seccomp_available() &&
++ is_seccomp_filter_available();
++ } else
++ cached_enabled = false;
++ }
+
+ return cached_enabled;
+ }
diff --git a/SOURCES/0569-meson-remove-strange-dep-that-causes-meson-to-enter-.patch b/SOURCES/0569-meson-remove-strange-dep-that-causes-meson-to-enter-.patch
new file mode 100644
index 0000000..9029c4b
--- /dev/null
+++ b/SOURCES/0569-meson-remove-strange-dep-that-causes-meson-to-enter-.patch
@@ -0,0 +1,36 @@
+From 7fb2d86b58201341a582b739a5445821bec66eea Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 6 Nov 2019 12:44:39 +0100
+Subject: [PATCH] meson: remove strange dep that causes meson to enter infinite
+ loop
+
+The value is obviously bogus, but didn't seem to cause problems so far.
+With meson-0.52.0, it causes a hang. The number of aliases is always rather
+small (usually just one or two, possibly up to a dozen in a few cases), so
+even if this causes some looping, it is strange that it has such a huge impact.
+But let's just remove it.
+
+Fixes #13742.
+
+Tested with meson-0.52.0-1.module_f31+6771+f5d842eb.noarch,
+meson-0.51.1-1.fc29.noarch.
+
+(cherry picked from commit af336643a01d0b210b18312c253a50594ba54b0a)
+
+Resolves: #1970860
+---
+ man/meson.build | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/man/meson.build b/man/meson.build
+index ec05d73bc6..a953d34098 100644
+--- a/man/meson.build
++++ b/man/meson.build
+@@ -68,7 +68,6 @@ foreach tuple : xsltproc.found() ? manpages : []
+ foreach htmlalias : htmlaliases
+ link = custom_target(
+ htmlalias,
+- input : p2,
+ output : htmlalias,
+ command : ['ln', '-fs', html, '@OUTPUT@'])
+ if want_html
diff --git a/SOURCES/0570-copy-handle-copy_file_range-weirdness-on-procfs-sysf.patch b/SOURCES/0570-copy-handle-copy_file_range-weirdness-on-procfs-sysf.patch
new file mode 100644
index 0000000..b14a3c7
--- /dev/null
+++ b/SOURCES/0570-copy-handle-copy_file_range-weirdness-on-procfs-sysf.patch
@@ -0,0 +1,182 @@
+From 8df650c7c5adc2bb24a0077d8332f5ee342e7fd8 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 26 Feb 2021 10:25:24 +0100
+Subject: [PATCH] copy: handle copy_file_range() weirdness on procfs/sysfs
+
+This addresses the issue described in https://lwn.net/Articles/846403/
+and makes sure we will be able to stream bytes from procfs/sysfs via
+copy_bytes() if people ask us to.
+
+Based on: ee1aa61c4710ae567a2b844e0f0bb8cb0456ab8c
+Related: #1970860
+---
+ src/basic/copy.c | 75 +++++++++++++++++++++++++++++---------------
+ src/test/test-copy.c | 17 ++++++++++
+ 2 files changed, 66 insertions(+), 26 deletions(-)
+
+diff --git a/src/basic/copy.c b/src/basic/copy.c
+index e06a503a29..a48c42c5c6 100644
+--- a/src/basic/copy.c
++++ b/src/basic/copy.c
+@@ -92,7 +92,7 @@ int copy_bytes_full(
+ void **ret_remains,
+ size_t *ret_remains_size) {
+
+- bool try_cfr = true, try_sendfile = true, try_splice = true;
++ bool try_cfr = true, try_sendfile = true, try_splice = true, copied_something = false;
+ int r, nonblock_pipe = -1;
+ size_t m = SSIZE_MAX; /* that is the maximum that sendfile and c_f_r accept */
+
+@@ -185,9 +185,20 @@ int copy_bytes_full(
+
+ try_cfr = false;
+ /* use fallback below */
+- } else if (n == 0) /* EOF */
+- break;
+- else
++ } else if (n == 0) { /* likely EOF */
++
++ if (copied_something)
++ break;
++
++ /* So, we hit EOF immediately, without having copied a single byte. This
++ * could indicate two things: the file is actually empty, or we are on some
++ * virtual file system such as procfs/sysfs where the syscall actually
++ * doesn't work but doesn't return an error. Try to handle that, by falling
++ * back to simple read()s in case we encounter empty files.
++ *
++ * See: https://lwn.net/Articles/846403/ */
++ try_cfr = try_sendfile = try_splice = false;
++ } else
+ /* Success! */
+ goto next;
+ }
+@@ -201,9 +212,14 @@ int copy_bytes_full(
+
+ try_sendfile = false;
+ /* use fallback below */
+- } else if (n == 0) /* EOF */
++ } else if (n == 0) { /* likely EOF */
++
++ if (copied_something)
++ break;
++
++ try_sendfile = try_splice = false; /* same logic as above for copy_file_range() */
+ break;
+- else
++ } else
+ /* Success! */
+ goto next;
+ }
+@@ -213,14 +229,14 @@ int copy_bytes_full(
+
+ /* splice()'s asynchronous I/O support is a bit weird. When it encounters a pipe file
+ * descriptor, then it will ignore its O_NONBLOCK flag and instead only honour the
+- * SPLICE_F_NONBLOCK flag specified in its flag parameter. Let's hide this behaviour here, and
+- * check if either of the specified fds are a pipe, and if so, let's pass the flag
+- * automatically, depending on O_NONBLOCK being set.
++ * SPLICE_F_NONBLOCK flag specified in its flag parameter. Let's hide this behaviour
++ * here, and check if either of the specified fds are a pipe, and if so, let's pass
++ * the flag automatically, depending on O_NONBLOCK being set.
+ *
+- * Here's a twist though: when we use it to move data between two pipes of which one has
+- * O_NONBLOCK set and the other has not, then we have no individual control over O_NONBLOCK
+- * behaviour. Hence in that case we can't use splice() and still guarantee systematic
+- * O_NONBLOCK behaviour, hence don't. */
++ * Here's a twist though: when we use it to move data between two pipes of which one
++ * has O_NONBLOCK set and the other has not, then we have no individual control over
++ * O_NONBLOCK behaviour. Hence in that case we can't use splice() and still guarantee
++ * systematic O_NONBLOCK behaviour, hence don't. */
+
+ if (nonblock_pipe < 0) {
+ int a, b;
+@@ -238,12 +254,13 @@ int copy_bytes_full(
+ (a == FD_IS_BLOCKING_PIPE && b == FD_IS_NONBLOCKING_PIPE) ||
+ (a == FD_IS_NONBLOCKING_PIPE && b == FD_IS_BLOCKING_PIPE))
+
+- /* splice() only works if one of the fds is a pipe. If neither is, let's skip
+- * this step right-away. As mentioned above, if one of the two fds refers to a
+- * blocking pipe and the other to a non-blocking pipe, we can't use splice()
+- * either, hence don't try either. This hence means we can only use splice() if
+- * either only one of the two fds is a pipe, or if both are pipes with the same
+- * nonblocking flag setting. */
++ /* splice() only works if one of the fds is a pipe. If neither is,
++ * let's skip this step right-away. As mentioned above, if one of the
++ * two fds refers to a blocking pipe and the other to a non-blocking
++ * pipe, we can't use splice() either, hence don't try either. This
++ * hence means we can only use splice() if either only one of the two
++ * fds is a pipe, or if both are pipes with the same nonblocking flag
++ * setting. */
+
+ try_splice = false;
+ else
+@@ -259,9 +276,13 @@ int copy_bytes_full(
+
+ try_splice = false;
+ /* use fallback below */
+- } else if (n == 0) /* EOF */
+- break;
+- else
++ } else if (n == 0) { /* likely EOF */
++
++ if (copied_something)
++ break;
++
++ try_splice = false; /* same logic as above for copy_file_range() + sendfile() */
++ } else
+ /* Success! */
+ goto next;
+ }
+@@ -312,11 +333,13 @@ int copy_bytes_full(
+ assert(max_bytes >= (uint64_t) n);
+ max_bytes -= n;
+ }
+- /* sendfile accepts at most SSIZE_MAX-offset bytes to copy,
+- * so reduce our maximum by the amount we already copied,
+- * but don't go below our copy buffer size, unless we are
+- * close the limit of bytes we are allowed to copy. */
++
++ /* sendfile accepts at most SSIZE_MAX-offset bytes to copy, so reduce our maximum by the
++ * amount we already copied, but don't go below our copy buffer size, unless we are close the
++ * limit of bytes we are allowed to copy. */
+ m = MAX(MIN(COPY_BUFFER_SIZE, max_bytes), m - n);
++
++ copied_something = true;
+ }
+
+ return 0; /* return 0 if we hit EOF earlier than the size limit */
+diff --git a/src/test/test-copy.c b/src/test/test-copy.c
+index 2e8d251ac1..29ac33e47a 100644
+--- a/src/test/test-copy.c
++++ b/src/test/test-copy.c
+@@ -253,6 +253,22 @@ static void test_copy_atomic(void) {
+ assert_se(copy_file_atomic("/etc/fstab", q, 0644, 0, COPY_REPLACE) >= 0);
+ }
+
++static void test_copy_proc(void) {
++ _cleanup_(rm_rf_physical_and_freep) char *p = NULL;
++ _cleanup_free_ char *f = NULL, *a = NULL, *b = NULL;
++
++ /* Check if copying data from /proc/ works correctly, i.e. let's see if https://lwn.net/Articles/846403/ is a problem for us */
++
++ assert_se(mkdtemp_malloc(NULL, &p) >= 0);
++ assert_se(f = path_join(NULL, p, "version"));
++ assert_se(copy_file("/proc/version", f, 0, (mode_t) -1, 0, 0) >= 0);
++
++ assert_se(read_one_line_file("/proc/version", &a) >= 0);
++ assert_se(read_one_line_file(f, &b) >= 0);
++ assert_se(streq(a, b));
++ assert_se(strlen(a) > 0);
++}
++
+ int main(int argc, char *argv[]) {
+ log_set_max_level(LOG_DEBUG);
+
+@@ -267,6 +283,7 @@ int main(int argc, char *argv[]) {
+ test_copy_bytes_regular_file(argv[0], false, 32000); /* larger than copy buffer size */
+ test_copy_bytes_regular_file(argv[0], true, 32000);
+ test_copy_atomic();
++ test_copy_proc();
+
+ return 0;
+ }
diff --git a/SOURCES/0571-core-Hide-Deactivated-successfully-message.patch b/SOURCES/0571-core-Hide-Deactivated-successfully-message.patch
new file mode 100644
index 0000000..1ec2d8a
--- /dev/null
+++ b/SOURCES/0571-core-Hide-Deactivated-successfully-message.patch
@@ -0,0 +1,33 @@
+From 4dc498258bd0cce1bc8ad2311c5f12de5678e0af Mon Sep 17 00:00:00 2001
+From: Jan Macku <jamacku@redhat.com>
+Date: Thu, 27 May 2021 12:25:51 +0200
+Subject: [PATCH] core: Hide "Deactivated successfully" message
+
+Show message "Deactivated successfully" in debug mode (when manager is
+user) rather than in info mode. This message has low information value
+for regular users and it might be a bit overwhelming on a system with
+a lot of devices.
+
+(cherry picked from commit edf2ee22f54005d76b2fb8fdcc9c60974feb88bc)
+
+Resolves: #1954802
+---
+ src/core/unit.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index cd3e7c806d..93c13e58d9 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -5525,7 +5525,10 @@ int unit_pid_attachable(Unit *u, pid_t pid, sd_bus_error *error) {
+ void unit_log_success(Unit *u) {
+ assert(u);
+
+- log_struct(LOG_INFO,
++ /* Let's show message "Deactivated successfully" in debug mode (when manager is user) rather than in info mode.
++ * This message has low information value for regular users and it might be a bit overwhelming on a system with
++ * a lot of devices. */
++ log_struct(MANAGER_IS_USER(u->manager) ? LOG_DEBUG : LOG_INFO,
+ "MESSAGE_ID=" SD_MESSAGE_UNIT_SUCCESS_STR,
+ LOG_UNIT_ID(u),
+ LOG_UNIT_INVOCATION_ID(u),
diff --git a/SOURCES/0572-util-rework-in_initrd-to-make-use-of-path_is_tempora.patch b/SOURCES/0572-util-rework-in_initrd-to-make-use-of-path_is_tempora.patch
new file mode 100644
index 0000000..bdc3418
--- /dev/null
+++ b/SOURCES/0572-util-rework-in_initrd-to-make-use-of-path_is_tempora.patch
@@ -0,0 +1,35 @@
+From 42f639d3689b7cbc9ce6b9578a2790c254508384 Mon Sep 17 00:00:00 2001
+From: Kairui Song <kasong@redhat.com>
+Date: Fri, 8 Jan 2021 14:52:26 +0800
+Subject: [PATCH] util: rework in_initrd() to make use of
+ path_is_temporary_fs()
+
+(cherry picked from commit 96cceb35e7985f5ee6c9b17e129a76259273cdde)
+
+Related: #1959339
+---
+ src/basic/util.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/basic/util.c b/src/basic/util.c
+index 82cb937314..b443e639f3 100644
+--- a/src/basic/util.c
++++ b/src/basic/util.c
+@@ -130,7 +130,6 @@ int prot_from_flags(int flags) {
+ }
+
+ bool in_initrd(void) {
+- struct statfs s;
+
+ if (saved_in_initrd >= 0)
+ return saved_in_initrd;
+@@ -146,8 +145,7 @@ bool in_initrd(void) {
+ */
+
+ saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0 &&
+- statfs("/", &s) >= 0 &&
+- is_temporary_fs(&s);
++ path_is_temporary_fs("/") > 0;
+
+ return saved_in_initrd;
+ }
diff --git a/SOURCES/0573-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non-ramfs-.patch b/SOURCES/0573-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non-ramfs-.patch
new file mode 100644
index 0000000..0b3202f
--- /dev/null
+++ b/SOURCES/0573-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non-ramfs-.patch
@@ -0,0 +1,99 @@
+From 99ca5b681fceedd010b2616b1248a483f4bfbd97 Mon Sep 17 00:00:00 2001
+From: Kairui Song <kasong@redhat.com>
+Date: Wed, 13 Jan 2021 00:04:53 +0800
+Subject: [PATCH] initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs
+
+Sometimes, non-ramfs initrd root are useful. Eg, for kdump, because
+initramfs is memory consuming, so mount a compressed image in earlier
+initrd, chroot into it then let systemd do the rest of job is a good
+solution.
+
+But systemd doesn't recognize the initrd environment if rootfs is not a
+temporary fs. This is a reasonable check, because switch-root in initrd
+will wipe the whole rootfs, will be a disaster if there are any
+misdetect.
+
+So extend SYSTEMD_IN_INITRD environment variable, now it accepts boolean
+value and two extra keyword, "auto" and "lenient". "auto" is same as
+before, and it's the default value. "lenient" will let systemd bypass
+the rootfs check.
+
+(cherry picked from commit db4c45cf4f10ca094b9e9570b758abd445d65381)
+
+Related: #1959339
+---
+ doc/ENVIRONMENT.md | 8 ++++++++
+ src/basic/util.c | 28 +++++++++++++++++++++++++---
+ 2 files changed, 33 insertions(+), 3 deletions(-)
+
+diff --git a/doc/ENVIRONMENT.md b/doc/ENVIRONMENT.md
+index 36b649afe1..8d7ce6ae2c 100644
+--- a/doc/ENVIRONMENT.md
++++ b/doc/ENVIRONMENT.md
+@@ -37,6 +37,14 @@ All tools:
+ useful for debugging, in order to test generators and other code against
+ specific kernel command lines.
+
++* `$SYSTEMD_IN_INITRD=[auto|lenient|0|1]` — if set, specifies initrd detection
++ method. Defaults to `auto`. Behavior is defined as follows:
++ `auto`: Checks if `/etc/initrd-release` exists, and a temporary fs is mounted
++ on `/`. If both conditions meet, then it's in initrd.
++ `lenient`: Similiar to `auto`, but the rootfs check is skipped.
++ `0|1`: Simply overrides initrd detection. This is useful for debugging and
++ testing initrd-only programs in the main system.
++
+ * `$SYSTEMD_EMOJI=0` — if set, tools such as "systemd-analyze security" will
+ not output graphical smiley emojis, but ASCII alternatives instead. Note that
+ this only controls use of Unicode emoji glyphs, and has no effect on other
+diff --git a/src/basic/util.c b/src/basic/util.c
+index b443e639f3..59bcf7b00c 100644
+--- a/src/basic/util.c
++++ b/src/basic/util.c
+@@ -130,11 +130,14 @@ int prot_from_flags(int flags) {
+ }
+
+ bool in_initrd(void) {
++ int r;
++ const char *e;
++ bool lenient = false;
+
+ if (saved_in_initrd >= 0)
+ return saved_in_initrd;
+
+- /* We make two checks here:
++ /* We have two checks here:
+ *
+ * 1. the flag file /etc/initrd-release must exist
+ * 2. the root file system must be a memory file system
+@@ -142,10 +145,29 @@ bool in_initrd(void) {
+ * The second check is extra paranoia, since misdetecting an
+ * initrd can have bad consequences due the initrd
+ * emptying when transititioning to the main systemd.
++ *
++ * If env var $SYSTEMD_IN_INITRD is not set or set to "auto",
++ * both checks are used. If it's set to "lenient", only check
++ * 1 is used. If set to a booleen value, then the boolean
++ * value is returned.
+ */
+
+- saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0 &&
+- path_is_temporary_fs("/") > 0;
++ e = secure_getenv("SYSTEMD_IN_INITRD");
++ if (e) {
++ if (streq(e, "lenient"))
++ lenient = true;
++ else if (!streq(e, "auto")) {
++ r = parse_boolean(e);
++ if (r >= 0) {
++ saved_in_initrd = r > 0;
++ return saved_in_initrd;
++ }
++ log_debug_errno(r, "Failed to parse $SYSTEMD_IN_INITRD, ignoring: %m");
++ }
++ }
++
++ saved_in_initrd = (lenient || path_is_temporary_fs("/") > 0) &&
++ access("/etc/initrd-release", F_OK) >= 0;
+
+ return saved_in_initrd;
+ }
diff --git a/SOURCES/0574-initrd-do-a-debug-log-if-failed-to-detect-rootfs-typ.patch b/SOURCES/0574-initrd-do-a-debug-log-if-failed-to-detect-rootfs-typ.patch
new file mode 100644
index 0000000..cda944e
--- /dev/null
+++ b/SOURCES/0574-initrd-do-a-debug-log-if-failed-to-detect-rootfs-typ.patch
@@ -0,0 +1,35 @@
+From 3299c855c6e65596ff9d8635dcbd45ff6818499a Mon Sep 17 00:00:00 2001
+From: Kairui Song <kasong@redhat.com>
+Date: Thu, 14 Jan 2021 00:39:10 +0800
+Subject: [PATCH] initrd: do a debug log if failed to detect rootfs type
+
+(cherry picked from commit 3377c740d9121f38385e70d6a380b5e4bd8c672a)
+
+Related: #1959339
+---
+ src/basic/util.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/util.c b/src/basic/util.c
+index 59bcf7b00c..fef52ad5ff 100644
+--- a/src/basic/util.c
++++ b/src/basic/util.c
+@@ -166,8 +166,16 @@ bool in_initrd(void) {
+ }
+ }
+
+- saved_in_initrd = (lenient || path_is_temporary_fs("/") > 0) &&
+- access("/etc/initrd-release", F_OK) >= 0;
++ if (!lenient) {
++ r = path_is_temporary_fs("/");
++ if (r < 0)
++ log_debug_errno(r, "Couldn't determine if / is a temporary file system: %m");
++
++ saved_in_initrd = r > 0;
++ }
++
++ if (saved_in_initrd != 0)
++ saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0;
+
+ return saved_in_initrd;
+ }
diff --git a/SOURCES/0575-initrd-do-a-debug-log-if-etc-initrd-release-doesn-t-.patch b/SOURCES/0575-initrd-do-a-debug-log-if-etc-initrd-release-doesn-t-.patch
new file mode 100644
index 0000000..f31ba4c
--- /dev/null
+++ b/SOURCES/0575-initrd-do-a-debug-log-if-etc-initrd-release-doesn-t-.patch
@@ -0,0 +1,39 @@
+From a1417c121d19272b1389098648132106a5ffc661 Mon Sep 17 00:00:00 2001
+From: Kairui Song <kasong@redhat.com>
+Date: Thu, 14 Jan 2021 01:25:20 +0800
+Subject: [PATCH] initrd: do a debug log if /etc/initrd-release doesn't take
+ effect
+
+Signed-off-by: Kairui Song <kasong@redhat.com>
+
+(cherry picked from commit 4a60d8cbcae574896a28f9f1f6204a1bddca8e99)
+
+Related: #1959339
+---
+ src/basic/util.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/util.c b/src/basic/util.c
+index fef52ad5ff..609f8c2f33 100644
+--- a/src/basic/util.c
++++ b/src/basic/util.c
+@@ -174,8 +174,17 @@ bool in_initrd(void) {
+ saved_in_initrd = r > 0;
+ }
+
+- if (saved_in_initrd != 0)
+- saved_in_initrd = access("/etc/initrd-release", F_OK) >= 0;
++ r = access("/etc/initrd-release", F_OK);
++ if (r >= 0) {
++ if (saved_in_initrd == 0)
++ log_debug("/etc/initrd-release exists, but it's not an initrd.");
++ else
++ saved_in_initrd = 1;
++ } else {
++ if (errno != ENOENT)
++ log_debug_errno(errno, "Failed to test if /etc/initrd-release exists: %m");
++ saved_in_initrd = 0;
++ }
+
+ return saved_in_initrd;
+ }
diff --git a/SOURCES/0576-units-assign-user-runtime-dir-.service-to-user-i.sli.patch b/SOURCES/0576-units-assign-user-runtime-dir-.service-to-user-i.sli.patch
new file mode 100644
index 0000000..ea2c0ce
--- /dev/null
+++ b/SOURCES/0576-units-assign-user-runtime-dir-.service-to-user-i.sli.patch
@@ -0,0 +1,25 @@
+From 64975b046d5a0877690aa6de9389b8234ee1cfab Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 3 Aug 2018 10:45:31 +0200
+Subject: [PATCH] units: assign user-runtime-dir@.service to user-%i.slice
+
+This service won't use much resources, but it's certainly nicer to see
+it attached th the user's slice along with user@.service, so that
+everything we run for a specific user is properly bound into one unit.
+
+(cherry picked from commit 1193c11a04b3ecc29925904fbeb5d64834bce73e)
+
+Related: #1946453
+---
+ units/user-runtime-dir@.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in
+index 8c02beda3b..13b3ed52f8 100644
+--- a/units/user-runtime-dir@.service.in
++++ b/units/user-runtime-dir@.service.in
+@@ -15,3 +15,4 @@ StopWhenUnneeded=yes
+ ExecStart=@rootlibexecdir@/systemd-user-runtime-dir start %i
+ ExecStop=@rootlibexecdir@/systemd-user-runtime-dir stop %i
+ RemainAfterExit=true
++Slice=user-%i.slice
diff --git a/SOURCES/0577-units-order-user-runtime-dir-.service-after-systemd-.patch b/SOURCES/0577-units-order-user-runtime-dir-.service-after-systemd-.patch
new file mode 100644
index 0000000..c852f8d
--- /dev/null
+++ b/SOURCES/0577-units-order-user-runtime-dir-.service-after-systemd-.patch
@@ -0,0 +1,30 @@
+From 1fa9a6bf51a1a1d0fa2ccc23283739d16e9179b4 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 3 Aug 2018 10:42:09 +0200
+Subject: [PATCH] units: order user-runtime-dir@.service after
+ systemd-user-sessions.service
+
+We use systemd-user-sessions.service as barrier when to allow login
+sessions. With this patch user@.service is ordered after that too, so
+that any login related code (which user-runtime-dir@.service is) is
+guaranteed to run after the barrier, and never before.
+
+(cherry picked from commit eb748aef4fbfd03b64938aa471bb8ceda1bc89a8)
+
+Related: #1946453
+---
+ units/user-runtime-dir@.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in
+index 13b3ed52f8..31354c9bf2 100644
+--- a/units/user-runtime-dir@.service.in
++++ b/units/user-runtime-dir@.service.in
+@@ -9,6 +9,7 @@
+
+ [Unit]
+ Description=/run/user/%i mount wrapper
++After=systemd-user-sessions.service
+ StopWhenUnneeded=yes
+
+ [Service]
diff --git a/SOURCES/0578-units-make-sure-user-runtime-dir-.service-is-Type-on.patch b/SOURCES/0578-units-make-sure-user-runtime-dir-.service-is-Type-on.patch
new file mode 100644
index 0000000..493f4c6
--- /dev/null
+++ b/SOURCES/0578-units-make-sure-user-runtime-dir-.service-is-Type-on.patch
@@ -0,0 +1,26 @@
+From 780d1d9fa7ccc036e6e237221ac51ed69453c8c6 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 2 Aug 2018 20:57:56 +0200
+Subject: [PATCH] units: make sure user-runtime-dir@.service is Type=oneshot
+
+We order user@.service after it, hence we need to properly know when it
+finished starting up.
+
+(cherry picked from commit d06e8fbce35c2b52ee1d09af4888876d5f2d7ae4)
+
+Related: #1946453
+---
+ units/user-runtime-dir@.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/units/user-runtime-dir@.service.in b/units/user-runtime-dir@.service.in
+index 31354c9bf2..bfd6488d61 100644
+--- a/units/user-runtime-dir@.service.in
++++ b/units/user-runtime-dir@.service.in
+@@ -15,5 +15,6 @@ StopWhenUnneeded=yes
+ [Service]
+ ExecStart=@rootlibexecdir@/systemd-user-runtime-dir start %i
+ ExecStop=@rootlibexecdir@/systemd-user-runtime-dir stop %i
++Type=oneshot
+ RemainAfterExit=true
+ Slice=user-%i.slice
diff --git a/SOURCES/0579-user-runtime-dir-downgrade-a-few-log-messages-to-LOG.patch b/SOURCES/0579-user-runtime-dir-downgrade-a-few-log-messages-to-LOG.patch
new file mode 100644
index 0000000..1a577ba
--- /dev/null
+++ b/SOURCES/0579-user-runtime-dir-downgrade-a-few-log-messages-to-LOG.patch
@@ -0,0 +1,52 @@
+From 354b894aa3e79f54ab75bf6fae76ce28ca80db38 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 2 Aug 2018 20:56:34 +0200
+Subject: [PATCH] user-runtime-dir: downgrade a few log messages to LOG_DEBUG
+ that we ignore
+
+As the comments already say it might be quite likely that
+$XDG_RUNTIME_DIR is not set up as mount, and we shouldn't complain about
+that.
+
+Moreover, let's make this idempotent, so that a runtime dir that is
+already gone and is removed again doesn't cause failure.
+
+(cherry picked from commit 3a13442bbf72e7ebdd0b4d60c2922ea7c5cc9496)
+
+Related: #1946453
+---
+ src/login/user-runtime-dir.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/src/login/user-runtime-dir.c b/src/login/user-runtime-dir.c
+index 1bb26c99e4..9693821990 100644
+--- a/src/login/user-runtime-dir.c
++++ b/src/login/user-runtime-dir.c
+@@ -95,20 +95,19 @@ static int user_remove_runtime_path(const char *runtime_path) {
+
+ r = rm_rf(runtime_path, 0);
+ if (r < 0)
+- log_error_errno(r, "Failed to remove runtime directory %s (before unmounting): %m", runtime_path);
++ log_debug_errno(r, "Failed to remove runtime directory %s (before unmounting), ignoring: %m", runtime_path);
+
+- /* Ignore cases where the directory isn't mounted, as that's
+- * quite possible, if we lacked the permissions to mount
+- * something */
++ /* Ignore cases where the directory isn't mounted, as that's quite possible, if we lacked the permissions to
++ * mount something */
+ r = umount2(runtime_path, MNT_DETACH);
+ if (r < 0 && !IN_SET(errno, EINVAL, ENOENT))
+- log_error_errno(errno, "Failed to unmount user runtime directory %s: %m", runtime_path);
++ log_debug_errno(errno, "Failed to unmount user runtime directory %s, ignoring: %m", runtime_path);
+
+ r = rm_rf(runtime_path, REMOVE_ROOT);
+- if (r < 0)
+- log_error_errno(r, "Failed to remove runtime directory %s (after unmounting): %m", runtime_path);
++ if (r < 0 && r != -ENOENT)
++ return log_error_errno(r, "Failed to remove runtime directory %s (after unmounting): %m", runtime_path);
+
+- return r;
++ return 0;
+ }
+
+ static int do_mount(const char *runtime_path, uid_t uid, gid_t gid) {
diff --git a/SOURCES/0580-shared-install-Preserve-escape-characters-for-escape.patch b/SOURCES/0580-shared-install-Preserve-escape-characters-for-escape.patch
new file mode 100644
index 0000000..beb7ac3
--- /dev/null
+++ b/SOURCES/0580-shared-install-Preserve-escape-characters-for-escape.patch
@@ -0,0 +1,33 @@
+From 91ed691ff73d4d71fae8f6896a1bba73e6a76bba Mon Sep 17 00:00:00 2001
+From: David Michael <dm0@redhat.com>
+Date: Wed, 20 Mar 2019 15:14:32 +0000
+Subject: [PATCH] shared/install: Preserve escape characters for escaped unit
+ names
+
+Since switching to extract_first_word with no flags for parsing
+unit names in 4c9565eea534cd233a913c8c21f7920dba229743, escape
+characters will be stripped from escaped unit names such as
+"mnt-persistent\x2dvolume.mount" resulting in the unit not being
+configured as defined. Preserve escape characters again for
+compatibility with existing preset definitions.
+
+(cherry picked from commit 82bd4da71e9cdd5a2e9266332f5a7399845e31f6)
+
+Resolves: #1952686
+---
+ src/shared/install.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index c2847df3f8..c9fef6bde2 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -2774,7 +2774,7 @@ static int split_pattern_into_name_and_instances(const char *pattern, char **out
+ assert(out_instances);
+ assert(out_unit_name);
+
+- r = extract_first_word(&pattern, &unit_name, NULL, 0);
++ r = extract_first_word(&pattern, &unit_name, NULL, EXTRACT_RETAIN_ESCAPE);
+ if (r < 0)
+ return r;
+
diff --git a/SOURCES/0581-basic-virt-Detect-PowerVM-hypervisor.patch b/SOURCES/0581-basic-virt-Detect-PowerVM-hypervisor.patch
new file mode 100644
index 0000000..38da2c0
--- /dev/null
+++ b/SOURCES/0581-basic-virt-Detect-PowerVM-hypervisor.patch
@@ -0,0 +1,80 @@
+From 48dacf8d30cd61b72939e9c3419acced4b2fde74 Mon Sep 17 00:00:00 2001
+From: Michal Suchanek <msuchanek@suse.de>
+Date: Fri, 2 Oct 2020 11:05:23 +0200
+Subject: [PATCH] basic/virt: Detect PowerVM hypervisor
+
+Currently systemd-detect-virt fails to detect running under PowerVM.
+
+Add code to detect PowerVM based on code in util-linux.
+
+Signed-off-by: Michal Suchanek <msuchanek@suse.de>
+(cherry picked from commit 3224e38bb6b3287ca253cbafb460a150544d5818)
+
+Resolves: #1937989
+---
+ man/systemd-detect-virt.xml | 7 ++++++-
+ src/basic/virt.c | 6 ++++++
+ src/basic/virt.h | 1 +
+ 3 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
+index c4763fd561..6beb2c2aa1 100644
+--- a/man/systemd-detect-virt.xml
++++ b/man/systemd-detect-virt.xml
+@@ -65,7 +65,7 @@
+ </thead>
+ <tbody>
+ <row>
+- <entry valign="top" morerows="11">VM</entry>
++ <entry valign="top" morerows="12">VM</entry>
+ <entry><varname>qemu</varname></entry>
+ <entry>QEMU software virtualization, without KVM</entry>
+ </row>
+@@ -95,6 +95,11 @@
+ <entry>Oracle VM VirtualBox (historically marketed by innotek and Sun Microsystems), for legacy and KVM hypervisor</entry>
+ </row>
+
++ <row>
++ <entry><varname>powervm</varname></entry>
++ <entry>IBM PowerVM hypervisor - comes as firmware with some IBM POWER servers</entry>
++ </row>
++
+ <row>
+ <entry><varname>xen</varname></entry>
+ <entry>Xen hypervisor (only domU, not dom0)</entry>
+diff --git a/src/basic/virt.c b/src/basic/virt.c
+index dfa1525219..0b88005ed6 100644
+--- a/src/basic/virt.c
++++ b/src/basic/virt.c
+@@ -92,6 +92,11 @@ static int detect_vm_device_tree(void) {
+ _cleanup_closedir_ DIR *dir = NULL;
+ struct dirent *dent;
+
++ if (access("/proc/device-tree/ibm,partition-name", F_OK) == 0 &&
++ access("/proc/device-tree/hmc-managed?", F_OK) == 0 &&
++ access("/proc/device-tree/chosen/qemu,graphic-width", F_OK) != 0)
++ return VIRTUALIZATION_POWERVM;
++
+ dir = opendir("/proc/device-tree");
+ if (!dir) {
+ if (errno == ENOENT) {
+@@ -635,6 +640,7 @@ static const char *const virtualization_table[_VIRTUALIZATION_MAX] = {
+ [VIRTUALIZATION_PARALLELS] = "parallels",
+ [VIRTUALIZATION_BHYVE] = "bhyve",
+ [VIRTUALIZATION_QNX] = "qnx",
++ [VIRTUALIZATION_POWERVM] = "powervm",
+ [VIRTUALIZATION_VM_OTHER] = "vm-other",
+
+ [VIRTUALIZATION_SYSTEMD_NSPAWN] = "systemd-nspawn",
+diff --git a/src/basic/virt.h b/src/basic/virt.h
+index c4cf4bfeab..640b3ed779 100644
+--- a/src/basic/virt.h
++++ b/src/basic/virt.h
+@@ -21,6 +21,7 @@ enum {
+ VIRTUALIZATION_PARALLELS,
+ VIRTUALIZATION_BHYVE,
+ VIRTUALIZATION_QNX,
++ VIRTUALIZATION_POWERVM,
+ VIRTUALIZATION_VM_OTHER,
+ VIRTUALIZATION_VM_LAST = VIRTUALIZATION_VM_OTHER,
+
diff --git a/SOURCES/0582-man-document-differences-in-clean-exit-status-for-Ty.patch b/SOURCES/0582-man-document-differences-in-clean-exit-status-for-Ty.patch
new file mode 100644
index 0000000..233523a
--- /dev/null
+++ b/SOURCES/0582-man-document-differences-in-clean-exit-status-for-Ty.patch
@@ -0,0 +1,57 @@
+From 102f4ff97a24c2ddaf6e569c678a0a713f972863 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Fri, 19 Mar 2021 10:05:47 +0100
+Subject: [PATCH] man: document differences in clean exit status for
+ Type=oneshot
+
+See commit 1f0958f640b87175cd547c1e69084cfe54a22e9d .
+
+(cherry picked from commit f055cf77862bc580f3afbfaac161d1c060f39411)
+
+Resolves: #1940078
+---
+ man/systemd.service.xml | 24 +++++++++++++++---------
+ 1 file changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/man/systemd.service.xml b/man/systemd.service.xml
+index 54586d1948..1e30a564df 100644
+--- a/man/systemd.service.xml
++++ b/man/systemd.service.xml
+@@ -669,14 +669,19 @@
+ If set to <option>no</option> (the default), the service will
+ not be restarted. If set to <option>on-success</option>, it
+ will be restarted only when the service process exits cleanly.
+- In this context, a clean exit means an exit code of 0, or one
+- of the signals
+- <constant>SIGHUP</constant>,
+- <constant>SIGINT</constant>,
+- <constant>SIGTERM</constant> or
+- <constant>SIGPIPE</constant>, and
+- additionally, exit statuses and signals specified in
+- <varname>SuccessExitStatus=</varname>. If set to
++ In this context, a clean exit means any of the following:
++ <itemizedlist>
++ <listitem><simpara>exit code of 0;</simpara></listitem>
++ <listitem><simpara>for types other than
++ <varname>Type=oneshot</varname>, one of the signals
++ <constant>SIGHUP</constant>,
++ <constant>SIGINT</constant>,
++ <constant>SIGTERM</constant>, or
++ <constant>SIGPIPE</constant>;</simpara></listitem>
++ <listitem><simpara>exit statuses and signals specified in
++ <varname>SuccessExitStatus=</varname>.</simpara></listitem>
++ </itemizedlist>
++ If set to
+ <option>on-failure</option>, the service will be restarted
+ when the process exits with a non-zero exit code, is
+ terminated by a signal (including on core dump, but excluding
+@@ -798,7 +803,8 @@
+ <listitem><para>Takes a list of exit status definitions that,
+ when returned by the main service process, will be considered
+ successful termination, in addition to the normal successful
+- exit code 0 and the signals <constant>SIGHUP</constant>,
++ exit code 0 and, except for <varname>Type=oneshot</varname>,
++ the signals <constant>SIGHUP</constant>,
+ <constant>SIGINT</constant>, <constant>SIGTERM</constant>, and
+ <constant>SIGPIPE</constant>. Exit status definitions can
+ either be numeric exit codes or termination signal names,
diff --git a/SOURCES/0583-busctl-add-a-timestamp-to-the-output-of-the-busctl-m.patch b/SOURCES/0583-busctl-add-a-timestamp-to-the-output-of-the-busctl-m.patch
new file mode 100644
index 0000000..c40d0fd
--- /dev/null
+++ b/SOURCES/0583-busctl-add-a-timestamp-to-the-output-of-the-busctl-m.patch
@@ -0,0 +1,42 @@
+From 53673326ea78039b27e1dbd5328a8fe9a1a17445 Mon Sep 17 00:00:00 2001
+From: d032747 <michael.trapp@sap.com>
+Date: Tue, 15 Dec 2020 10:40:06 +0100
+Subject: [PATCH] busctl: add a timestamp to the output of the busctl monitor
+ command
+
+(cherry picked from commit 6fe2a70b9160e35fdeed9d37bd31727c2d46a8b2)
+
+Resolves: #1909214
+---
+ src/libsystemd/sd-bus/bus-dump.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/libsystemd/sd-bus/bus-dump.c b/src/libsystemd/sd-bus/bus-dump.c
+index 2bd06053a6..36f592e0ba 100644
+--- a/src/libsystemd/sd-bus/bus-dump.c
++++ b/src/libsystemd/sd-bus/bus-dump.c
+@@ -55,6 +55,15 @@ int bus_message_dump(sd_bus_message *m, FILE *f, unsigned flags) {
+ f = stdout;
+
+ if (flags & BUS_MESSAGE_DUMP_WITH_HEADER) {
++ char buf[FORMAT_TIMESTAMP_MAX];
++ const char *p;
++ usec_t ts = m->realtime;
++
++ if (ts == 0)
++ ts = now(CLOCK_REALTIME);
++
++ p = format_timestamp_us_utc(buf, sizeof(buf), ts);
++
+ fprintf(f,
+ "%s%s%s Type=%s%s%s Endian=%c Flags=%u Version=%u Priority=%"PRIi64,
+ m->header->type == SD_BUS_MESSAGE_METHOD_ERROR ? ansi_highlight_red() :
+@@ -82,6 +91,8 @@ int bus_message_dump(sd_bus_message *m, FILE *f, unsigned flags) {
+ if (m->reply_cookie != 0)
+ fprintf(f, " ReplyCookie=%" PRIu64, m->reply_cookie);
+
++ fprintf(f, " Timestamp=\"%s\"", strna(p));
++
+ fputs("\n", f);
+
+ if (m->sender)
diff --git a/SOURCES/0584-basic-cap-list-parse-print-numerical-capabilities.patch b/SOURCES/0584-basic-cap-list-parse-print-numerical-capabilities.patch
new file mode 100644
index 0000000..2a0c9a6
--- /dev/null
+++ b/SOURCES/0584-basic-cap-list-parse-print-numerical-capabilities.patch
@@ -0,0 +1,90 @@
+From 240c55f1526300daac640ef2c1f4941de4579493 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 9 Jul 2020 23:15:47 +0200
+Subject: [PATCH] basic/cap-list: parse/print numerical capabilities
+
+We would refuse to print capabilities which were didn't have a name
+for. The kernel adds new capabilities from time to time, most recently
+cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with
+"Failed to parse bus message: Invalid argument" because
+capability_set_to_string_alloc() would fail with -EINVAL. So let's
+print such capabilities in hexadecimal:
+
+CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search
+ cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap
+ cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin
+ cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16
+ 0x17 0x18 0x19 0x1a ...
+
+For symmetry, also allow capabilities that we don't know to be specified.
+
+Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736.
+
+(cherry picked from commit 417770f3033c426ca848b158d0bf057cd8ad1329)
+
+Resolves: #1946943
+---
+ src/basic/cap-list.c | 10 +++++++---
+ src/test/test-cap-list.c | 4 +++-
+ 2 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
+index bfcda33520..56a81c7dfc 100644
+--- a/src/basic/cap-list.c
++++ b/src/basic/cap-list.c
+@@ -10,6 +10,7 @@
+ #include "macro.h"
+ #include "missing.h"
+ #include "parse-util.h"
++#include "stdio-util.h"
+ #include "util.h"
+
+ static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len);
+@@ -37,7 +38,7 @@ int capability_from_name(const char *name) {
+ /* Try to parse numeric capability */
+ r = safe_atoi(name, &i);
+ if (r >= 0) {
+- if (i >= 0 && i < (int) ELEMENTSOF(capability_names))
++ if (i >= 0 && i < 64)
+ return i;
+ else
+ return -EINVAL;
+@@ -65,11 +66,14 @@ int capability_set_to_string_alloc(uint64_t set, char **s) {
+ for (i = 0; i < cap_last_cap(); i++)
+ if (set & (UINT64_C(1) << i)) {
+ const char *p;
++ char buf[2 + 16 + 1];
+ size_t add;
+
+ p = capability_to_name(i);
+- if (!p)
+- return -EINVAL;
++ if (!p) {
++ xsprintf(buf, "0x%lx", i);
++ p = buf;
++ }
+
+ add = strlen(p);
+
+diff --git a/src/test/test-cap-list.c b/src/test/test-cap-list.c
+index de5fa729cc..84bbb7b7e7 100644
+--- a/src/test/test-cap-list.c
++++ b/src/test/test-cap-list.c
+@@ -30,6 +30,8 @@ static void test_cap_list(void) {
+ assert_se(capability_from_name("cAp_aUdIt_rEAd") == CAP_AUDIT_READ);
+ assert_se(capability_from_name("0") == 0);
+ assert_se(capability_from_name("15") == 15);
++ assert_se(capability_from_name("63") == 63);
++ assert_se(capability_from_name("64") == -EINVAL);
+ assert_se(capability_from_name("-1") == -EINVAL);
+
+ for (i = 0; i < capability_list_length(); i++) {
+@@ -64,7 +66,7 @@ static void test_capability_set_one(uint64_t c, const char *t) {
+
+ free(t1);
+ assert_se(t1 = strjoin("'cap_chown cap_dac_override' \"cap_setgid cap_setuid\"", t,
+- " hogehoge foobar 12345 3.14 -3 ", t));
++ " hogehoge foobar 18446744073709551616 3.14 -3 ", t));
+ assert_se(capability_set_from_string(t1, &c1) == 0);
+ assert_se(c1 == c_masked);
+ }
diff --git a/SOURCES/0585-shared-mount-util-convert-to-libmount.patch b/SOURCES/0585-shared-mount-util-convert-to-libmount.patch
new file mode 100644
index 0000000..0c3a221
--- /dev/null
+++ b/SOURCES/0585-shared-mount-util-convert-to-libmount.patch
@@ -0,0 +1,318 @@
+From ca634baa10e2249d4a706d59b67be764867e5f32 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 30 Nov 2020 10:37:06 +0100
+Subject: [PATCH] shared/mount-util: convert to libmount
+
+It seems better to use just a single parsing algorithm for /proc/self/mountinfo.
+
+Also, unify the naming of variables in all places that use mnt_table_next_fs().
+It makes it easier to compare the different call sites.
+
+(cherry picked from commit 13dcfe4661b467131c943620d0f44711798bfd54)
+
+Related: #1885143
+---
+ src/basic/mount-util.c | 133 ++++++++++++++++++-----------------------
+ src/core/mount.c | 22 +++----
+ src/core/umount.c | 14 ++---
+ 3 files changed, 76 insertions(+), 93 deletions(-)
+
+diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
+index 5b04e21f34..bac1a25cc8 100644
+--- a/src/basic/mount-util.c
++++ b/src/basic/mount-util.c
+@@ -13,7 +13,6 @@
+ #include <libmount.h>
+
+ #include "alloc-util.h"
+-#include "escape.h"
+ #include "extract-word.h"
+ #include "fd-util.h"
+ #include "fileio.h"
+@@ -27,6 +26,9 @@
+ #include "string-util.h"
+ #include "strv.h"
+
++DEFINE_TRIVIAL_CLEANUP_FUNC(struct libmnt_table*, mnt_free_table);
++DEFINE_TRIVIAL_CLEANUP_FUNC(struct libmnt_iter*, mnt_free_iter);
++
+ /* This is the original MAX_HANDLE_SZ definition from the kernel, when the API was introduced. We use that in place of
+ * any more currently defined value to future-proof things: if the size is increased in the API headers, and our code
+ * is recompiled then it would cease working on old kernels, as those refuse any sizes larger than this value with
+@@ -313,55 +315,43 @@ int umount_recursive(const char *prefix, int flags) {
+ * unmounting them until they are gone. */
+
+ do {
+- _cleanup_fclose_ FILE *proc_self_mountinfo = NULL;
++ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
++ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
+
+ again = false;
+- r = 0;
+
+- proc_self_mountinfo = fopen("/proc/self/mountinfo", "re");
+- if (!proc_self_mountinfo)
+- return -errno;
++ table = mnt_new_table();
++ iter = mnt_new_iter(MNT_ITER_FORWARD);
++ if (!table || !iter)
++ return -ENOMEM;
+
+- (void) __fsetlocking(proc_self_mountinfo, FSETLOCKING_BYCALLER);
++ r = mnt_table_parse_mtab(table, NULL);
++ if (r < 0)
++ return log_debug_errno(r, "Failed to parse /proc/self/mountinfo: %m");
+
+ for (;;) {
+- _cleanup_free_ char *path = NULL, *p = NULL;
+- int k;
+-
+- k = fscanf(proc_self_mountinfo,
+- "%*s " /* (1) mount id */
+- "%*s " /* (2) parent id */
+- "%*s " /* (3) major:minor */
+- "%*s " /* (4) root */
+- "%ms " /* (5) mount point */
+- "%*s" /* (6) mount options */
+- "%*[^-]" /* (7) optional fields */
+- "- " /* (8) separator */
+- "%*s " /* (9) file system type */
+- "%*s" /* (10) mount source */
+- "%*s" /* (11) mount options 2 */
+- "%*[^\n]", /* some rubbish at the end */
+- &path);
+- if (k != 1) {
+- if (k == EOF)
+- break;
++ struct libmnt_fs *fs;
++ const char *path;
+
+- continue;
+- }
+-
+- r = cunescape(path, UNESCAPE_RELAX, &p);
++ r = mnt_table_next_fs(table, iter, &fs);
++ if (r == 1)
++ break;
+ if (r < 0)
+- return r;
++ return log_debug_errno(r, "Failed to get next entry from /proc/self/mountinfo: %m");
+
+- if (!path_startswith(p, prefix))
++ path = mnt_fs_get_target(fs);
++ if (!path)
+ continue;
+
+- if (umount2(p, flags) < 0) {
+- r = log_debug_errno(errno, "Failed to umount %s: %m", p);
++ if (!path_startswith(path, prefix))
++ continue;
++
++ if (umount2(path, flags) < 0) {
++ r = log_debug_errno(errno, "Failed to umount %s: %m", path);
+ continue;
+ }
+
+- log_debug("Successfully unmounted %s", p);
++ log_debug("Successfully unmounted %s", path);
+
+ again = true;
+ n++;
+@@ -416,6 +406,8 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl
+
+ for (;;) {
+ _cleanup_set_free_free_ Set *todo = NULL;
++ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
++ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
+ bool top_autofs = false;
+ char *x;
+ unsigned long orig_flags;
+@@ -424,58 +416,52 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl
+ if (!todo)
+ return -ENOMEM;
+
++ table = mnt_new_table();
++ iter = mnt_new_iter(MNT_ITER_FORWARD);
++ if (!table || !iter)
++ return -ENOMEM;
++
+ rewind(proc_self_mountinfo);
+
+- for (;;) {
+- _cleanup_free_ char *path = NULL, *p = NULL, *type = NULL;
+- int k;
+-
+- k = fscanf(proc_self_mountinfo,
+- "%*s " /* (1) mount id */
+- "%*s " /* (2) parent id */
+- "%*s " /* (3) major:minor */
+- "%*s " /* (4) root */
+- "%ms " /* (5) mount point */
+- "%*s" /* (6) mount options (superblock) */
+- "%*[^-]" /* (7) optional fields */
+- "- " /* (8) separator */
+- "%ms " /* (9) file system type */
+- "%*s" /* (10) mount source */
+- "%*s" /* (11) mount options (bind mount) */
+- "%*[^\n]", /* some rubbish at the end */
+- &path,
+- &type);
+- if (k != 2) {
+- if (k == EOF)
+- break;
++ r = mnt_table_parse_stream(table, proc_self_mountinfo, "/proc/self/mountinfo");
++ if (r < 0)
++ return log_debug_errno(r, "Failed to parse /proc/self/mountinfo: %m");
+
+- continue;
+- }
++ for (;;) {
++ struct libmnt_fs *fs;
++ const char *path, *type;
+
+- r = cunescape(path, UNESCAPE_RELAX, &p);
++ r = mnt_table_next_fs(table, iter, &fs);
++ if (r == 1)
++ break;
+ if (r < 0)
+- return r;
++ return log_debug_errno(r, "Failed to get next entry from /proc/self/mountinfo: %m");
++
++ path = mnt_fs_get_target(fs);
++ type = mnt_fs_get_fstype(fs);
++ if (!path || !type)
++ continue;
+
+- if (!path_startswith(p, cleaned))
++ if (!path_startswith(path, cleaned))
+ continue;
+
+- /* Ignore this mount if it is blacklisted, but only if it isn't the top-level mount we shall
+- * operate on. */
+- if (!path_equal(cleaned, p)) {
++ /* Ignore this mount if it is blacklisted, but only if it isn't the top-level mount
++ * we shall operate on. */
++ if (!path_equal(path, cleaned)) {
+ bool blacklisted = false;
+ char **i;
+
+ STRV_FOREACH(i, blacklist) {
+-
+ if (path_equal(*i, cleaned))
+ continue;
+
+ if (!path_startswith(*i, cleaned))
+ continue;
+
+- if (path_startswith(p, *i)) {
++ if (path_startswith(path, *i)) {
+ blacklisted = true;
+- log_debug("Not remounting %s, because blacklisted by %s, called for %s", p, *i, cleaned);
++ log_debug("Not remounting %s blacklisted by %s, called for %s",
++ path, *i, cleaned);
+ break;
+ }
+ }
+@@ -490,15 +476,12 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl
+ * already triggered, then we will find
+ * another entry for this. */
+ if (streq(type, "autofs")) {
+- top_autofs = top_autofs || path_equal(cleaned, p);
++ top_autofs = top_autofs || path_equal(path, cleaned);
+ continue;
+ }
+
+- if (!set_contains(done, p)) {
+- r = set_consume(todo, p);
+- p = NULL;
+- if (r == -EEXIST)
+- continue;
++ if (!set_contains(done, path)) {
++ r = set_put_strdup(todo, path);
+ if (r < 0)
+ return r;
+ }
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 076dfd06a3..7e80a0c974 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -1606,18 +1606,18 @@ fail:
+ }
+
+ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
+- _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL;
+- _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL;
+- int r = 0;
++ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
++ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
++ int r;
+
+ assert(m);
+
+- t = mnt_new_table();
+- i = mnt_new_iter(MNT_ITER_FORWARD);
+- if (!t || !i)
++ table = mnt_new_table();
++ iter = mnt_new_iter(MNT_ITER_FORWARD);
++ if (!table || !iter)
+ return log_oom();
+
+- r = mnt_table_parse_mtab(t, NULL);
++ r = mnt_table_parse_mtab(table, NULL);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse /proc/self/mountinfo: %m");
+
+@@ -1628,11 +1628,11 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
+ _cleanup_free_ char *d = NULL, *p = NULL;
+ int k;
+
+- k = mnt_table_next_fs(t, i, &fs);
+- if (k == 1)
++ r = mnt_table_next_fs(table, iter, &fs);
++ if (r == 1)
+ break;
+- if (k < 0)
+- return log_error_errno(k, "Failed to get next entry from /proc/self/mountinfo: %m");
++ if (r < 0)
++ return log_error_errno(r, "Failed to get next entry from /proc/self/mountinfo: %m");
+
+ device = mnt_fs_get_source(fs);
+ path = mnt_fs_get_target(fs);
+diff --git a/src/core/umount.c b/src/core/umount.c
+index 241fe6fc62..3f02bf141a 100644
+--- a/src/core/umount.c
++++ b/src/core/umount.c
+@@ -55,18 +55,18 @@ void mount_points_list_free(MountPoint **head) {
+ }
+
+ int mount_points_list_get(const char *mountinfo, MountPoint **head) {
+- _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL;
+- _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL;
++ _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
++ _cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
+ int r;
+
+ assert(head);
+
+- t = mnt_new_table();
+- i = mnt_new_iter(MNT_ITER_FORWARD);
+- if (!t || !i)
++ table = mnt_new_table();
++ iter = mnt_new_iter(MNT_ITER_FORWARD);
++ if (!table || !iter)
+ return log_oom();
+
+- r = mnt_table_parse_mtab(t, mountinfo);
++ r = mnt_table_parse_mtab(table, mountinfo);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse %s: %m", mountinfo);
+
+@@ -79,7 +79,7 @@ int mount_points_list_get(const char *mountinfo, MountPoint **head) {
+ bool try_remount_ro;
+ MountPoint *m;
+
+- r = mnt_table_next_fs(t, i, &fs);
++ r = mnt_table_next_fs(table, iter, &fs);
+ if (r == 1)
+ break;
+ if (r < 0)
diff --git a/SOURCES/0586-mount-util-bind_remount-avoid-calling-statvfs.patch b/SOURCES/0586-mount-util-bind_remount-avoid-calling-statvfs.patch
new file mode 100644
index 0000000..a212238
--- /dev/null
+++ b/SOURCES/0586-mount-util-bind_remount-avoid-calling-statvfs.patch
@@ -0,0 +1,92 @@
+From 996f88461c45e8620c5a8a0c958dc133bd02c50e Mon Sep 17 00:00:00 2001
+From: Jakob Unterwurzacher <jakobunt@gmail.com>
+Date: Mon, 30 Nov 2020 10:27:48 +0100
+Subject: [PATCH] mount-util: bind_remount: avoid calling statvfs
+
+The commit
+"util: Do not clear parent mount flags when setting up namespaces"
+introduced a statvfs call read the flags of the original mount
+and have them applied to the bind mount.
+
+This has two problems:
+
+(1) The mount flags returned by statvfs(2) do not match the flags
+accepted by mount(2). For example, the value 4096 means ST_RELATIME
+when returned by statvfs(2), but means MS_BIND when passed to mount(2).
+
+(2) A call to statvfs blocks indefinitely when ran against a disconnected
+network drive ( https://github.com/systemd/systemd/issues/12667 ).
+
+We already use libmount to parse `/proc/self/mountinfo` but did not use the
+mount flag information from there. This patch changes that to use the mount
+flags parsed by libmount instead of calling statvfs. Only if getting the
+flags through libmount fails we call statvfs.
+
+Fixes https://github.com/systemd/systemd/issues/12667
+
+(cherry picked from commit d34a40082db3ffca8de66bfa4df50951101bdae5)
+
+Resolves: #1885143
+---
+ src/basic/mount-util.c | 31 +++++++++++++++++++++++++++----
+ 1 file changed, 27 insertions(+), 4 deletions(-)
+
+diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
+index bac1a25cc8..2cf98eaa84 100644
+--- a/src/basic/mount-util.c
++++ b/src/basic/mount-util.c
+@@ -364,11 +364,34 @@ int umount_recursive(const char *prefix, int flags) {
+ return r ? r : n;
+ }
+
+-static int get_mount_flags(const char *path, unsigned long *flags) {
+- struct statvfs buf;
++/* Get the mount flags for the mountpoint at "path" from "table" */
++static int get_mount_flags(const char *path, unsigned long *flags, struct libmnt_table *table) {
++ struct statvfs buf = {};
++ struct libmnt_fs *fs = NULL;
++ const char *opts = NULL;
++ int r = 0;
++
++ fs = mnt_table_find_target(table, path, MNT_ITER_FORWARD);
++ if (fs == NULL) {
++ log_warning("Could not find '%s' in mount table", path);
++ goto fallback;
++ }
++
++ opts = mnt_fs_get_vfs_options(fs);
++ r = mnt_optstr_get_flags(opts, flags, mnt_get_builtin_optmap(MNT_LINUX_MAP));
++ if (r != 0) {
++ log_warning_errno(r, "Could not get flags for '%s': %m", path);
++ goto fallback;
++ }
+
++ /* relatime is default and trying to set it in an unprivileged container causes EPERM */
++ *flags &= ~MS_RELATIME;
++ return 0;
++
++fallback:
+ if (statvfs(path, &buf) < 0)
+ return -errno;
++
+ *flags = buf.f_flag;
+ return 0;
+ }
+@@ -501,7 +524,7 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl
+ return -errno;
+
+ orig_flags = 0;
+- (void) get_mount_flags(cleaned, &orig_flags);
++ (void) get_mount_flags(cleaned, &orig_flags, table);
+ orig_flags &= ~MS_RDONLY;
+
+ if (mount(NULL, prefix, NULL, orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0)
+@@ -535,7 +558,7 @@ int bind_remount_recursive_with_mountinfo(const char *prefix, bool ro, char **bl
+
+ /* Try to reuse the original flag set */
+ orig_flags = 0;
+- (void) get_mount_flags(x, &orig_flags);
++ (void) get_mount_flags(x, &orig_flags, table);
+ orig_flags &= ~MS_RDONLY;
+
+ if (mount(NULL, x, NULL, orig_flags|MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0)
diff --git a/SOURCES/0587-mount-util-use-UMOUNT_NOFOLLOW-in-recursive-umounter.patch b/SOURCES/0587-mount-util-use-UMOUNT_NOFOLLOW-in-recursive-umounter.patch
new file mode 100644
index 0000000..80fadef
--- /dev/null
+++ b/SOURCES/0587-mount-util-use-UMOUNT_NOFOLLOW-in-recursive-umounter.patch
@@ -0,0 +1,30 @@
+From b6ffe7ec63d86c5ac66171d6731068b87e3e7b50 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Sat, 27 Jun 2020 11:13:01 +0200
+Subject: [PATCH] mount-util: use UMOUNT_NOFOLLOW in recursive umounter
+
+When we only want to unmount mount points below some path then it is
+against our interest to follow symlinks. Hence don't.
+
+(cherry picked from commit 827ea5212507c3833b6ae14cdf65e446b36b5e05)
+
+Related: #1885143
+---
+ src/basic/mount-util.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
+index 2cf98eaa84..be26bb5ec1 100644
+--- a/src/basic/mount-util.c
++++ b/src/basic/mount-util.c
+@@ -346,8 +346,8 @@ int umount_recursive(const char *prefix, int flags) {
+ if (!path_startswith(path, prefix))
+ continue;
+
+- if (umount2(path, flags) < 0) {
+- r = log_debug_errno(errno, "Failed to umount %s: %m", path);
++ if (umount2(path, flags | UMOUNT_NOFOLLOW) < 0) {
++ log_debug_errno(errno, "Failed to umount %s: %m", path);
+ continue;
+ }
+
diff --git a/SOURCES/0588-test-install-root-create-referenced-targets.patch b/SOURCES/0588-test-install-root-create-referenced-targets.patch
new file mode 100644
index 0000000..7ac367e
--- /dev/null
+++ b/SOURCES/0588-test-install-root-create-referenced-targets.patch
@@ -0,0 +1,29 @@
+From 55cde82204724df756a198da691471f2f3f83d5a Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Wed, 31 Mar 2021 10:08:31 +0200
+Subject: [PATCH] test-install-root: create referenced targets
+
+(cherry picked from commit cd228002ccedb927b4531a4b7dd9ea7015fdb657)
+
+Related: #1835351
+---
+ src/test/test-install-root.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
+index fe1ca5b16f..f8b41b04db 100644
+--- a/src/test/test-install-root.c
++++ b/src/test/test-install-root.c
+@@ -1061,6 +1061,12 @@ int main(int argc, char *argv[]) {
+ p = strjoina(root, "/usr/lib/systemd/system-preset/");
+ assert_se(mkdir_p(p, 0755) >= 0);
+
++ p = strjoina(root, "/usr/lib/systemd/system/multi-user.target");
++ assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0);
++
++ p = strjoina(root, "/usr/lib/systemd/system/graphical.target");
++ assert_se(write_string_file(p, "# pretty much empty", WRITE_STRING_FILE_CREATE) >= 0);
++
+ test_basic_mask_and_enable(root);
+ test_linked_units(root);
+ test_default(root);
diff --git a/SOURCES/0589-install-warn-if-WantedBy-targets-don-t-exist.patch b/SOURCES/0589-install-warn-if-WantedBy-targets-don-t-exist.patch
new file mode 100644
index 0000000..88f445c
--- /dev/null
+++ b/SOURCES/0589-install-warn-if-WantedBy-targets-don-t-exist.patch
@@ -0,0 +1,113 @@
+From dfb4e03e0865d189a5c171072d6d7b31f49e1088 Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Wed, 3 Jun 2020 10:33:21 +0200
+Subject: [PATCH] install: warn if WantedBy targets don't exist
+
+Currently, if [Install] section contains WantedBy=target that doesn't exist,
+systemd creates the symlinks anyway. That is just user-unfriendly.
+Let's be nice and warn about installing non-existent targets.
+
+Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1835351.
+
+Replaces: #15834
+(cherry picked from commit 8ae27441c2dcf585f58242991302b09778d4d710)
+
+Resolves: #1835351
+---
+ src/shared/install.c | 25 ++++++++++++++++++-------
+ src/shared/install.h | 1 +
+ 2 files changed, 19 insertions(+), 7 deletions(-)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index c9fef6bde2..055b09f98c 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -362,6 +362,11 @@ void unit_file_dump_changes(int r, const char *verb, const UnitFileChange *chang
+ log_info("Unit %s is an alias to a unit that is not present, ignoring.",
+ changes[i].path);
+ break;
++ case UNIT_FILE_DESTINATION_NOT_PRESENT:
++ if (!quiet)
++ log_warning("Unit %s is added as a dependency to a non-existent unit %s.",
++ changes[i].source, changes[i].path);
++ break;
+ case -EEXIST:
+ if (changes[i].source)
+ log_error_errno(changes[i].type,
+@@ -1730,6 +1735,7 @@ static int install_info_symlink_alias(
+ }
+
+ static int install_info_symlink_wants(
++ UnitFileScope scope,
+ UnitFileInstallInfo *i,
+ const LookupPaths *paths,
+ const char *config_path,
+@@ -1795,6 +1801,9 @@ static int install_info_symlink_wants(
+ q = create_symlink(paths, i->path, path, true, changes, n_changes);
+ if (r == 0)
+ r = q;
++
++ if (unit_file_exists(scope, paths, dst) == 0)
++ unit_file_changes_add(changes, n_changes, UNIT_FILE_DESTINATION_NOT_PRESENT, dst, i->path);
+ }
+
+ return r;
+@@ -1830,6 +1839,7 @@ static int install_info_symlink_link(
+ }
+
+ static int install_info_apply(
++ UnitFileScope scope,
+ UnitFileInstallInfo *i,
+ const LookupPaths *paths,
+ const char *config_path,
+@@ -1848,11 +1858,11 @@ static int install_info_apply(
+
+ r = install_info_symlink_alias(i, paths, config_path, force, changes, n_changes);
+
+- q = install_info_symlink_wants(i, paths, config_path, i->wanted_by, ".wants/", changes, n_changes);
++ q = install_info_symlink_wants(scope, i, paths, config_path, i->wanted_by, ".wants/", changes, n_changes);
+ if (r == 0)
+ r = q;
+
+- q = install_info_symlink_wants(i, paths, config_path, i->required_by, ".requires/", changes, n_changes);
++ q = install_info_symlink_wants(scope, i, paths, config_path, i->required_by, ".requires/", changes, n_changes);
+ if (r == 0)
+ r = q;
+
+@@ -1916,7 +1926,7 @@ static int install_context_apply(
+ if (i->type != UNIT_FILE_TYPE_REGULAR)
+ continue;
+
+- q = install_info_apply(i, paths, config_path, force, changes, n_changes);
++ q = install_info_apply(scope, i, paths, config_path, force, changes, n_changes);
+ if (r >= 0) {
+ if (q < 0)
+ r = q;
+@@ -3324,10 +3334,11 @@ static const char* const unit_file_state_table[_UNIT_FILE_STATE_MAX] = {
+ DEFINE_STRING_TABLE_LOOKUP(unit_file_state, UnitFileState);
+
+ static const char* const unit_file_change_type_table[_UNIT_FILE_CHANGE_TYPE_MAX] = {
+- [UNIT_FILE_SYMLINK] = "symlink",
+- [UNIT_FILE_UNLINK] = "unlink",
+- [UNIT_FILE_IS_MASKED] = "masked",
+- [UNIT_FILE_IS_DANGLING] = "dangling",
++ [UNIT_FILE_SYMLINK] = "symlink",
++ [UNIT_FILE_UNLINK] = "unlink",
++ [UNIT_FILE_IS_MASKED] = "masked",
++ [UNIT_FILE_IS_DANGLING] = "dangling",
++ [UNIT_FILE_DESTINATION_NOT_PRESENT] = "destination not present",
+ };
+
+ DEFINE_STRING_TABLE_LOOKUP(unit_file_change_type, UnitFileChangeType);
+diff --git a/src/shared/install.h b/src/shared/install.h
+index e452940991..f07bebb415 100644
+--- a/src/shared/install.h
++++ b/src/shared/install.h
+@@ -57,6 +57,7 @@ enum UnitFileChangeType {
+ UNIT_FILE_UNLINK,
+ UNIT_FILE_IS_MASKED,
+ UNIT_FILE_IS_DANGLING,
++ UNIT_FILE_DESTINATION_NOT_PRESENT,
+ _UNIT_FILE_CHANGE_TYPE_MAX,
+ _UNIT_FILE_CHANGE_TYPE_INVALID = INT_MIN
+ };
diff --git a/SOURCES/0590-test-install-root-add-test-for-unknown-WantedBy-targ.patch b/SOURCES/0590-test-install-root-add-test-for-unknown-WantedBy-targ.patch
new file mode 100644
index 0000000..10b11cc
--- /dev/null
+++ b/SOURCES/0590-test-install-root-add-test-for-unknown-WantedBy-targ.patch
@@ -0,0 +1,56 @@
+From 430445a936cdb4c32c55affdfdd94b7eb910d5e6 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Wed, 31 Mar 2021 10:38:00 +0200
+Subject: [PATCH] test-install-root: add test for unknown WantedBy= target
+
+(cherry picked from commit 8adbad370f522831dd9246fe272caf37ce748d4a)
+
+Related: #1835351
+---
+ src/test/test-install-root.c | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/src/test/test-install-root.c b/src/test/test-install-root.c
+index f8b41b04db..73e1e0ae03 100644
+--- a/src/test/test-install-root.c
++++ b/src/test/test-install-root.c
+@@ -20,6 +20,7 @@ static void test_basic_mask_and_enable(const char *root) {
+ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "b.service", NULL) == -ENOENT);
+ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "c.service", NULL) == -ENOENT);
+ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "d.service", NULL) == -ENOENT);
++ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", NULL) == -ENOENT);
+
+ p = strjoina(root, "/usr/lib/systemd/system/a.service");
+ assert_se(write_string_file(p,
+@@ -147,6 +148,31 @@ static void test_basic_mask_and_enable(const char *root) {
+ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "b.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
+ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "c.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
+ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "d.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
++
++ /* Test enabling with unknown dependency target */
++
++ p = strjoina(root, "/usr/lib/systemd/system/f.service");
++ assert_se(write_string_file(p,
++ "[Install]\n"
++ "WantedBy=x.target\n", WRITE_STRING_FILE_CREATE) >= 0);
++
++ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", NULL) >= 0);
++ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", &state) >= 0 && state == UNIT_FILE_DISABLED);
++
++ assert_se(unit_file_enable(UNIT_FILE_SYSTEM, 0, root, STRV_MAKE("f.service"), &changes, &n_changes) == 1);
++ assert_se(n_changes == 2);
++ assert_se(changes[0].type == UNIT_FILE_SYMLINK);
++ assert_se(streq(changes[0].source, "/usr/lib/systemd/system/f.service"));
++ p = strjoina(root, SYSTEM_CONFIG_UNIT_PATH"/x.target.wants/f.service");
++ assert_se(streq(changes[0].path, p));
++ assert_se(changes[1].type == UNIT_FILE_DESTINATION_NOT_PRESENT);
++ p = strjoina(root, "/usr/lib/systemd/system/f.service");
++ assert_se(streq(changes[1].source, p));
++ assert_se(streq(changes[1].path, "x.target"));
++ unit_file_changes_free(changes, n_changes);
++ changes = NULL; n_changes = 0;
++
++ assert_se(unit_file_get_state(UNIT_FILE_SYSTEM, root, "f.service", &state) >= 0 && state == UNIT_FILE_ENABLED);
+ }
+
+ static void test_linked_units(const char *root) {
diff --git a/SOURCES/0591-ceph-is-a-network-filesystem.patch b/SOURCES/0591-ceph-is-a-network-filesystem.patch
new file mode 100644
index 0000000..78f408c
--- /dev/null
+++ b/SOURCES/0591-ceph-is-a-network-filesystem.patch
@@ -0,0 +1,24 @@
+From d284fd2b036ed874f9f38da63f1ab4e9fd9e96a3 Mon Sep 17 00:00:00 2001
+From: Jonas Jelten <jj@sft.mx>
+Date: Thu, 17 Oct 2019 12:10:13 +0200
+Subject: [PATCH] ceph is a network filesystem
+
+(cherry picked from commit c4742de6d801b125abf3c4d1c710280f51d7c701)
+
+Resolves: #1952013
+---
+ src/basic/mount-util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
+index be26bb5ec1..45348bf878 100644
+--- a/src/basic/mount-util.c
++++ b/src/basic/mount-util.c
+@@ -608,6 +608,7 @@ bool fstype_is_network(const char *fstype) {
+
+ return STR_IN_SET(fstype,
+ "afs",
++ "ceph",
+ "cifs",
+ "smb3",
+ "smbfs",
diff --git a/SOURCES/0592-sysctl-set-kernel.core_pipe_limit-16.patch b/SOURCES/0592-sysctl-set-kernel.core_pipe_limit-16.patch
new file mode 100644
index 0000000..a3b7073
--- /dev/null
+++ b/SOURCES/0592-sysctl-set-kernel.core_pipe_limit-16.patch
@@ -0,0 +1,49 @@
+From 8bdc512d2651b4600f7e744b06633a7524b64346 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 12 Oct 2020 16:31:42 +0200
+Subject: [PATCH] sysctl: set kernel.core_pipe_limit=16
+
+We need to make sure that our coredump pattern handler manages to read
+process metadata from /proc/$PID/ before the kernel reaps the crashed
+process. By default the kernel will reap the process as soon as it can.
+By setting kernel.core_pipe_limit to a non-zero the kernel will wait for
+userspace to finish before reaping.
+
+We'll set the value to 16, which allows 16 crashes to be
+processed in parallel. This matches the MaxConnections= setting in
+systemd-coredump.socket.
+
+See: #17301
+
+(This doesn't close 17301, since we probably should also gracefully
+handle if /proc/$PID/ vanished already while our coredump handler runs,
+just in case people loclly set the sysctl back to zero. i.e. we should
+collect what we can and rather issue an incomplete log record than
+none.)
+
+(cherry picked from commit 2a9b9323cd844baae3229e9dba67e478bee70654)
+
+Resolves: #1949729
+---
+ sysctl.d/50-coredump.conf.in | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in
+index ccd5c2cc56..8d6fbb718c 100644
+--- a/sysctl.d/50-coredump.conf.in
++++ b/sysctl.d/50-coredump.conf.in
+@@ -10,3 +10,14 @@
+ # setting below.
+
+ kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h %e
++
++# Allow that 16 coredumps are dispatched in parallel by the kernel. We want to
++# be able to collect process metadata from /proc/%P/ while processing
++# coredumps, and thus need to make sure the crashed processes are not reaped
++# until we finished collecting what we need. The kernel default for this sysctl
++# is "0" which means the kernel doesn't wait for userspace processes to finish
++# processing before reaping the crashed processes — by setting this higher the
++# kernel will delay reaping until we are done, but only for the specified
++# number of crashes in parallel. The value of 16 is chosen to match
++# systemd-coredump.socket's MaxConnections= value.
++kernel.core_pipe_limit=16
diff --git a/SOURCES/0593-core-don-t-drop-timer-expired-but-not-yet-processed-.patch b/SOURCES/0593-core-don-t-drop-timer-expired-but-not-yet-processed-.patch
new file mode 100644
index 0000000..d9774a8
--- /dev/null
+++ b/SOURCES/0593-core-don-t-drop-timer-expired-but-not-yet-processed-.patch
@@ -0,0 +1,116 @@
+From 73bf41a783edbff1b367e645956ed602de1889e2 Mon Sep 17 00:00:00 2001
+From: Insun <iplayinsun@gmail.com>
+Date: Sun, 28 Oct 2018 21:26:13 +0900
+Subject: [PATCH] core: don't drop timer expired but not yet processed when
+ system date is changed
+
+There is difference between time set by the user and real elapsed time because of accuracy feature.
+If you change the system date(or time) between these times, the timer drops.
+
+You can easily reproduce it with the following command.
+-----------------------------------------------------------
+$ systemd-run --on-active=3s ls; sleep 3; date -s "`date`"
+-----------------------------------------------------------
+
+In the following command, the problem is rarely reproduced. But it exists.
+---------------------------------------------------------------------------------------------
+$ systemd-run --on-active=3s --timer-property=AccuracySec=1us ls ; sleep 1; date -s "`date`"
+---------------------------------------------------------------------------------------------
+
+Note : Global AccuracySec value.
+----------------------------------------------------------------------
+$ cat /etc/systemd/system.conf
+DefaultTimerAccuracySec=1min
+----------------------------------------------------------------------
+
+(cherry picked from commit fee04d7f3ab810e99b97535ca5fda2f9517acda9)
+
+Related: #1899402
+---
+ src/core/timer.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/timer.c b/src/core/timer.c
+index 281ac7f97f..ef240a6f19 100644
+--- a/src/core/timer.c
++++ b/src/core/timer.c
+@@ -262,7 +262,7 @@ static void timer_set_state(Timer *t, TimerState state) {
+ unit_notify(UNIT(t), state_translation_table[old_state], state_translation_table[state], 0);
+ }
+
+-static void timer_enter_waiting(Timer *t, bool initial);
++static void timer_enter_waiting(Timer *t, bool initial, bool time_change);
+
+ static int timer_coldplug(Unit *u) {
+ Timer *t = TIMER(u);
+@@ -274,7 +274,7 @@ static int timer_coldplug(Unit *u) {
+ return 0;
+
+ if (t->deserialized_state == TIMER_WAITING)
+- timer_enter_waiting(t, false);
++ timer_enter_waiting(t, false, false);
+ else
+ timer_set_state(t, t->deserialized_state);
+
+@@ -334,7 +334,7 @@ static void add_random(Timer *t, usec_t *v) {
+ log_unit_debug(UNIT(t), "Adding %s random time.", format_timespan(s, sizeof(s), add, 0));
+ }
+
+-static void timer_enter_waiting(Timer *t, bool initial) {
++static void timer_enter_waiting(Timer *t, bool initial, bool time_change) {
+ bool found_monotonic = false, found_realtime = false;
+ bool leave_around = false;
+ triple_timestamp ts;
+@@ -444,7 +444,7 @@ static void timer_enter_waiting(Timer *t, bool initial) {
+
+ v->next_elapse = usec_add(usec_shift_clock(base, CLOCK_MONOTONIC, TIMER_MONOTONIC_CLOCK(t)), v->value);
+
+- if (!initial &&
++ if (!initial && !time_change &&
+ v->next_elapse < triple_timestamp_by_clock(&ts, TIMER_MONOTONIC_CLOCK(t)) &&
+ IN_SET(v->base, TIMER_ACTIVE, TIMER_BOOT, TIMER_STARTUP)) {
+ /* This is a one time trigger, disable it now */
+@@ -642,7 +642,7 @@ static int timer_start(Unit *u) {
+ }
+
+ t->result = TIMER_SUCCESS;
+- timer_enter_waiting(t, true);
++ timer_enter_waiting(t, true, false);
+ return 1;
+ }
+
+@@ -764,14 +764,14 @@ static void timer_trigger_notify(Unit *u, Unit *other) {
+ case TIMER_ELAPSED:
+
+ /* Recalculate sleep time */
+- timer_enter_waiting(t, false);
++ timer_enter_waiting(t, false, false);
+ break;
+
+ case TIMER_RUNNING:
+
+ if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) {
+ log_unit_debug(UNIT(t), "Got notified about unit deactivation.");
+- timer_enter_waiting(t, false);
++ timer_enter_waiting(t, false, false);
+ }
+ break;
+
+@@ -813,7 +813,7 @@ static void timer_time_change(Unit *u) {
+ t->last_trigger.realtime = ts;
+
+ log_unit_debug(u, "Time change, recalculating next elapse.");
+- timer_enter_waiting(t, false);
++ timer_enter_waiting(t, false, true);
+ }
+
+ static void timer_timezone_change(Unit *u) {
+@@ -825,7 +825,7 @@ static void timer_timezone_change(Unit *u) {
+ return;
+
+ log_unit_debug(u, "Timezone change, recalculating next elapse.");
+- timer_enter_waiting(t, false);
++ timer_enter_waiting(t, false, false);
+ }
+
+ static const char* const timer_base_table[_TIMER_BASE_MAX] = {
diff --git a/SOURCES/0594-core-Detect-initial-timer-state-from-serialized-data.patch b/SOURCES/0594-core-Detect-initial-timer-state-from-serialized-data.patch
new file mode 100644
index 0000000..4334cb5
--- /dev/null
+++ b/SOURCES/0594-core-Detect-initial-timer-state-from-serialized-data.patch
@@ -0,0 +1,152 @@
+From 3d4280d0a487109f8f648147083baf573e4418a3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
+Date: Fri, 2 Nov 2018 20:56:08 +0100
+Subject: [PATCH] core: Detect initial timer state from serialized data
+
+We keep a mark whether a single-shot timer was triggered in the caller's
+variable initial. When such a timer elapses while we are
+serializing/deserializing the inner state, we consider the timer
+incorrectly as elapsed and don't trigger it later.
+
+This patch exploits last_trigger timestamp that we already serialize,
+hence we can eliminate the argument initial completely.
+
+A reproducer for OnBootSec= timers:
+ cat >repro.c <<EOD
+ /*
+ * Compile: gcc repro.c -o repro
+ * Run: ./repro
+ */
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <time.h>
+ #include <unistd.h>
+
+ int main(int argc, char *argv[]) {
+ char command[1024];
+ int pause;
+
+ struct timespec now;
+
+ while (1) {
+ usleep(rand() % 200000); // prevent periodic repeats
+ clock_gettime(CLOCK_MONOTONIC, &now);
+ printf("%i\n", now.tv_sec);
+
+ system("rm -f $PWD/mark");
+ snprintf(command, 1024, "systemd-run --user --on-boot=%i --timer-property=AccuracySec=100ms "
+ "touch $PWD/mark", now.tv_sec + 1);
+ system(command);
+ system("systemctl --user list-timers");
+ pause = (1000000000 - now.tv_nsec)/1000 - 70000; // fiddle to hit the middle of reloading
+ usleep(pause > 0 ? pause : 0);
+ system("systemctl --user daemon-reload");
+ sync();
+ sleep(2);
+ if (open("./mark", 0) < 0)
+ if (errno == ENOENT) {
+ printf("mark file does not exist\n");
+ break;
+ }
+ }
+
+ return 0;
+ }
+ EOD
+
+(cherry picked from commit aa1f95d2647197eca84c33a0f10adaeada08467d)
+
+Resolves: #1899402
+---
+ src/core/timer.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/timer.c b/src/core/timer.c
+index ef240a6f19..1718ffc5a5 100644
+--- a/src/core/timer.c
++++ b/src/core/timer.c
+@@ -262,7 +262,7 @@ static void timer_set_state(Timer *t, TimerState state) {
+ unit_notify(UNIT(t), state_translation_table[old_state], state_translation_table[state], 0);
+ }
+
+-static void timer_enter_waiting(Timer *t, bool initial, bool time_change);
++static void timer_enter_waiting(Timer *t, bool time_change);
+
+ static int timer_coldplug(Unit *u) {
+ Timer *t = TIMER(u);
+@@ -274,7 +274,7 @@ static int timer_coldplug(Unit *u) {
+ return 0;
+
+ if (t->deserialized_state == TIMER_WAITING)
+- timer_enter_waiting(t, false, false);
++ timer_enter_waiting(t, false);
+ else
+ timer_set_state(t, t->deserialized_state);
+
+@@ -334,7 +334,7 @@ static void add_random(Timer *t, usec_t *v) {
+ log_unit_debug(UNIT(t), "Adding %s random time.", format_timespan(s, sizeof(s), add, 0));
+ }
+
+-static void timer_enter_waiting(Timer *t, bool initial, bool time_change) {
++static void timer_enter_waiting(Timer *t, bool time_change) {
+ bool found_monotonic = false, found_realtime = false;
+ bool leave_around = false;
+ triple_timestamp ts;
+@@ -444,7 +444,8 @@ static void timer_enter_waiting(Timer *t, bool initial, bool time_change) {
+
+ v->next_elapse = usec_add(usec_shift_clock(base, CLOCK_MONOTONIC, TIMER_MONOTONIC_CLOCK(t)), v->value);
+
+- if (!initial && !time_change &&
++ if (dual_timestamp_is_set(&t->last_trigger) &&
++ !time_change &&
+ v->next_elapse < triple_timestamp_by_clock(&ts, TIMER_MONOTONIC_CLOCK(t)) &&
+ IN_SET(v->base, TIMER_ACTIVE, TIMER_BOOT, TIMER_STARTUP)) {
+ /* This is a one time trigger, disable it now */
+@@ -642,7 +643,7 @@ static int timer_start(Unit *u) {
+ }
+
+ t->result = TIMER_SUCCESS;
+- timer_enter_waiting(t, true, false);
++ timer_enter_waiting(t, false);
+ return 1;
+ }
+
+@@ -764,14 +765,14 @@ static void timer_trigger_notify(Unit *u, Unit *other) {
+ case TIMER_ELAPSED:
+
+ /* Recalculate sleep time */
+- timer_enter_waiting(t, false, false);
++ timer_enter_waiting(t, false);
+ break;
+
+ case TIMER_RUNNING:
+
+ if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) {
+ log_unit_debug(UNIT(t), "Got notified about unit deactivation.");
+- timer_enter_waiting(t, false, false);
++ timer_enter_waiting(t, false);
+ }
+ break;
+
+@@ -813,7 +814,7 @@ static void timer_time_change(Unit *u) {
+ t->last_trigger.realtime = ts;
+
+ log_unit_debug(u, "Time change, recalculating next elapse.");
+- timer_enter_waiting(t, false, true);
++ timer_enter_waiting(t, true);
+ }
+
+ static void timer_timezone_change(Unit *u) {
+@@ -825,7 +826,7 @@ static void timer_timezone_change(Unit *u) {
+ return;
+
+ log_unit_debug(u, "Timezone change, recalculating next elapse.");
+- timer_enter_waiting(t, false, false);
++ timer_enter_waiting(t, false);
+ }
+
+ static const char* const timer_base_table[_TIMER_BASE_MAX] = {
diff --git a/SOURCES/0595-rc-local-order-after-network-online.target.patch b/SOURCES/0595-rc-local-order-after-network-online.target.patch
new file mode 100644
index 0000000..438bb50
--- /dev/null
+++ b/SOURCES/0595-rc-local-order-after-network-online.target.patch
@@ -0,0 +1,29 @@
+From 8cd99937562cde7533519303a7a0ad1df749e075 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Thu, 11 Mar 2021 15:48:23 +0100
+Subject: [PATCH] rc-local: order after network-online.target
+
+I think this was the intent of commit 91b684c7300879a8d2006038f7d9185d92c3c3bf,
+just network-online.target didn't exist back then.
+
+RHEL-only
+
+Resolves: #1934028
+---
+ units/rc-local.service.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/units/rc-local.service.in b/units/rc-local.service.in
+index 78ce69e0ae..74e83d8c07 100644
+--- a/units/rc-local.service.in
++++ b/units/rc-local.service.in
+@@ -13,7 +13,8 @@
+ Description=@RC_LOCAL_SCRIPT_PATH_START@ Compatibility
+ Documentation=man:systemd-rc-local-generator(8)
+ ConditionFileIsExecutable=@RC_LOCAL_SCRIPT_PATH_START@
+-After=network.target
++After=network-online.target
++Wants=network-online.target
+
+ [Service]
+ Type=forking
diff --git a/SOURCES/0596-set-core-ulimit-to-0-like-on-RHEL-7.patch b/SOURCES/0596-set-core-ulimit-to-0-like-on-RHEL-7.patch
new file mode 100644
index 0000000..147d4eb
--- /dev/null
+++ b/SOURCES/0596-set-core-ulimit-to-0-like-on-RHEL-7.patch
@@ -0,0 +1,25 @@
+From 830bd662276ee117e65a4b3d541f77e8b172eafd Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Mon, 25 Jan 2021 16:19:56 +0100
+Subject: [PATCH] set core ulimit to 0 like on RHEL-7
+
+RHEL-only
+
+Resolves: #1905582
+---
+ src/core/system.conf.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/system.conf.in b/src/core/system.conf.in
+index 0d93fbf147..b4d6dfa15a 100644
+--- a/src/core/system.conf.in
++++ b/src/core/system.conf.in
+@@ -52,7 +52,7 @@
+ #DefaultLimitFSIZE=
+ #DefaultLimitDATA=
+ #DefaultLimitSTACK=
+-#DefaultLimitCORE=
++DefaultLimitCORE=0
+ #DefaultLimitRSS=
+ #DefaultLimitNOFILE=
+ #DefaultLimitAS=
diff --git a/SOURCES/0597-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch b/SOURCES/0597-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
new file mode 100644
index 0000000..216c7d1
--- /dev/null
+++ b/SOURCES/0597-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
@@ -0,0 +1,129 @@
+From 4ad39b0531f550cde6e01df0801f177c08514c8b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 14 Sep 2020 17:58:03 +0200
+Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1803070
+
+I *think* this a kernel bug: the mnt_id as listed in /proc/self/mountinfo is different
+than the one we get from /proc/self/fdinfo/. This only matters when both statx and
+name_to_handle_at are unavailable and we hit the fallback path that goes through fdinfo:
+
+(gdb) !uname -r
+5.6.19-200.fc31.ppc64le
+
+(gdb) !cat /proc/self/mountinfo
+697 664 253:0 /var/lib/mock/fedora-31-ppc64le/root / rw,relatime shared:298 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+698 697 253:0 /var/cache/mock/fedora-31-ppc64le/yum_cache /var/cache/yum rw,relatime shared:299 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+699 697 253:0 /var/cache/mock/fedora-31-ppc64le/dnf_cache /var/cache/dnf rw,relatime shared:300 master:1 - xfs /dev/mapper/fedora_rh--power--vm14-root rw,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
+700 697 0:32 /mock-selinux-plugin.7me9bfpi /proc/filesystems rw,nosuid,nodev shared:301 master:18 - tmpfs tmpfs rw,seclabel <==========================================================
+701 697 0:41 / /sys ro,nosuid,nodev,noexec,relatime shared:302 - sysfs sysfs ro,seclabel
+702 701 0:21 / /sys/fs/selinux ro,nosuid,nodev,noexec,relatime shared:306 master:8 - selinuxfs selinuxfs rw
+703 697 0:42 / /dev rw,nosuid shared:303 - tmpfs tmpfs rw,seclabel,mode=755
+704 703 0:43 / /dev/shm rw,nosuid,nodev shared:304 - tmpfs tmpfs rw,seclabel
+705 703 0:45 / /dev/pts rw,nosuid,noexec,relatime shared:307 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=666
+706 703 0:6 /btrfs-control /dev/btrfs-control rw,nosuid shared:308 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+707 703 0:6 /loop-control /dev/loop-control rw,nosuid shared:309 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+708 703 0:6 /loop0 /dev/loop0 rw,nosuid shared:310 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+709 703 0:6 /loop1 /dev/loop1 rw,nosuid shared:311 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+710 703 0:6 /loop10 /dev/loop10 rw,nosuid shared:312 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+711 703 0:6 /loop11 /dev/loop11 rw,nosuid shared:313 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+712 703 0:6 /loop2 /dev/loop2 rw,nosuid shared:314 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+713 703 0:6 /loop3 /dev/loop3 rw,nosuid shared:315 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+714 703 0:6 /loop4 /dev/loop4 rw,nosuid shared:316 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+715 703 0:6 /loop5 /dev/loop5 rw,nosuid shared:317 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+716 703 0:6 /loop6 /dev/loop6 rw,nosuid shared:318 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+717 703 0:6 /loop7 /dev/loop7 rw,nosuid shared:319 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+718 703 0:6 /loop8 /dev/loop8 rw,nosuid shared:320 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+719 703 0:6 /loop9 /dev/loop9 rw,nosuid shared:321 master:9 - devtmpfs devtmpfs rw,seclabel,size=4107840k,nr_inodes=64185,mode=755
+720 697 0:44 / /run rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+721 720 0:25 /systemd/nspawn/propagate/9cc8a155d0244558b273f773d2b92142 /run/systemd/nspawn/incoming ro master:12 - tmpfs tmpfs rw,seclabel,mode=755
+722 697 0:32 /mock-resolv.dvml91hp /etc/resolv.conf rw,nosuid,nodev shared:322 master:18 - tmpfs tmpfs rw,seclabel
+725 697 0:47 / /proc rw,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+603 725 0:47 /sys /proc/sys ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+604 725 0:44 /systemd/inaccessible/reg /proc/kallsyms ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+605 725 0:44 /systemd/inaccessible/reg /proc/kcore ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+606 725 0:44 /systemd/inaccessible/reg /proc/keys ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+607 725 0:44 /systemd/inaccessible/reg /proc/sysrq-trigger ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+608 725 0:44 /systemd/inaccessible/reg /proc/timer_list ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+609 725 0:47 /bus /proc/bus ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+610 725 0:47 /fs /proc/fs ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+611 725 0:47 /irq /proc/irq ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+612 725 0:47 /scsi /proc/scsi ro,nosuid,nodev,noexec,relatime shared:323 - proc proc rw
+613 703 0:46 / /dev/mqueue rw,nosuid,nodev,noexec,relatime shared:324 - mqueue mqueue rw,seclabel
+614 701 0:26 / /sys/fs/cgroup rw,nosuid,nodev,noexec,relatime shared:325 - cgroup2 cgroup rw,seclabel,nsdelegate
+615 603 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id ro,nosuid,nodev,noexec shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+616 725 0:44 /.#proc-sys-kernel-random-boot-id4fbdce67af46d1c2//deleted /proc/sys/kernel/random/boot_id rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+617 725 0:44 /.#proc-kmsg5b7a8bcfe6717139//deleted /proc/kmsg rw,nosuid,nodev shared:305 - tmpfs tmpfs rw,seclabel,mode=755
+
+The test process does
+name_to_handle_at("/proc/filesystems") which returns -EOPNOTSUPP, and then
+openat(AT_FDCWD, "/proc/filesystems") which returns 4, and then
+read(open("/proc/self/fdinfo/4", ...)) which gives
+"pos:\t0\nflags:\t012100000\nmnt_id:\t725\n"
+
+and the "725" is clearly inconsistent with "700" in /proc/self/mountinfo.
+
+We could either drop the fallback path (and fail name_to_handle_at() is not
+avaliable) or ignore the error in the test. Not sure what is better. I think
+this issue only occurs sometimes and with older kernels, so probably continuing
+with the current flaky implementation is better than ripping out the fallback.
+
+Another strace:
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/sys is 603", iov_len=27}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/sys is 603
+) = 28
+name_to_handle_at(AT_FDCWD, "/", {handle_bytes=128 => 12, handle_type=129, f_handle=0x52748401000000008b93e20d}, [697], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of / is 697", iov_len=19}, {iov_base="\n", iov_len=1}], 2mnt ids of / is 697
+) = 20
+name_to_handle_at(AT_FDCWD, "/proc/kcore", {handle_bytes=128 => 12, handle_type=1, f_handle=0x92ddcfcd2e802d0100000000}, [605], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/kcore is 605", iov_len=29}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/kcore is 605
+) = 30
+name_to_handle_at(AT_FDCWD, "/dev", {handle_bytes=128 => 12, handle_type=1, f_handle=0x8ae269160c802d0100000000}, [703], 0) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /dev is 703", iov_len=22}, {iov_base="\n", iov_len=1}], 2mnt ids of /dev is 703
+) = 23
+name_to_handle_at(AT_FDCWD, "/proc/filesystems", {handle_bytes=128}, 0x7fffe36ddb84, 0) = -1 EOPNOTSUPP (Operation not supported)
+openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH) = 4</proc/filesystems>
+openat(AT_FDCWD, "/proc/self/fdinfo/4", O_RDONLY|O_CLOEXEC) = 5</proc/20/fdinfo/4>
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+fstat(5</proc/20/fdinfo/4>, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
+read(5</proc/20/fdinfo/4>, "pos:\t0\nflags:\t012100000\nmnt_id:\t725\n", 2048) = 36
+read(5</proc/20/fdinfo/4>, "", 1024) = 0
+close(5</proc/20/fdinfo/4>) = 0
+close(4</proc/filesystems>) = 0
+writev(2</dev/pts/0>, [{iov_base="mnt ids of /proc/filesystems are 700, 725", iov_len=41}, {iov_base="\n", iov_len=1}], 2mnt ids of /proc/filesystems are 700, 725
+) = 42
+writev(2</dev/pts/0>, [{iov_base="the other path for mnt id 725 is /proc", iov_len=38}, {iov_base="\n", iov_len=1}], 2the other path for mnt id 725 is /proc
+) = 39
+writev(2</dev/pts/0>, [{iov_base="Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.", iov_len=108}, {iov_base="\n", iov_len=1}], 2Assertion 'path_equal(p, t)' failed at src/test/test-mountpoint-util.c:94, function test_mnt_id(). Aborting.
+) = 109
+rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
+rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
+getpid() = 20
+gettid() = 20
+tgkill(20, 20, SIGABRT) = 0
+rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
+
+Resolves: #1910425
+---
+ src/test/test-mount-util.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/test/test-mount-util.c b/src/test/test-mount-util.c
+index c10e1681fb..991d165fc3 100644
+--- a/src/test/test-mount-util.c
++++ b/src/test/test-mount-util.c
+@@ -74,7 +74,13 @@ static void test_mnt_id(void) {
+
+ /* The ids don't match? If so, then there are two mounts on the same path, let's check if that's really
+ * the case */
+- assert_se(path_equal_ptr(hashmap_get(h, INT_TO_PTR(mnt_id2)), p));
++ char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));
++ log_debug("Path for mnt id %i from /proc/self/mountinfo is %s\n", mnt_id2, t);
++
++ if (!path_equal(p, t))
++ /* Apparent kernel bug in /proc/self/fdinfo */
++ log_warning("Bad mount id given for %s: %d, should be %d",
++ p, mnt_id2, mnt_id);
+ }
+
+ hashmap_free_free(h);
diff --git a/SOURCES/triggers.systemd b/SOURCES/triggers.systemd
index 04abfd1..90906e3 100644
--- a/SOURCES/triggers.systemd
+++ b/SOURCES/triggers.systemd
@@ -105,5 +105,7 @@ fi
# This script will automatically apply binfmt rules if files have been
# installed or updated in /usr/lib/binfmt.d.
if test -d /run/systemd/system; then
- /usr/lib/systemd/systemd-binfmt
+ # systemd-binfmt might fail if binfmt_misc kernel module is not loaded
+ # during install
+ /usr/lib/systemd/systemd-binfmt || :
fi
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index b9879ee..44ae8e9 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -13,7 +13,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 239
-Release: 45%{?dist}.1
+Release: 48%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@@ -616,6 +616,37 @@ Patch0563: 0563-pam-systemd-use-secure_getenv-rather-than-getenv.patch
Patch0564: 0564-Revert-udev-run-link_update-with-increased-retry-cou.patch
Patch0565: 0565-Revert-udev-make-algorithm-that-selects-highest-prio.patch
Patch0566: 0566-test-udev-test.pl-drop-test-cases-that-add-mutliple-.patch
+Patch0567: 0567-cgroup-Also-set-io.bfq.weight.patch
+Patch0568: 0568-seccomp-allow-turning-off-of-seccomp-filtering-via-e.patch
+Patch0569: 0569-meson-remove-strange-dep-that-causes-meson-to-enter-.patch
+Patch0570: 0570-copy-handle-copy_file_range-weirdness-on-procfs-sysf.patch
+Patch0571: 0571-core-Hide-Deactivated-successfully-message.patch
+Patch0572: 0572-util-rework-in_initrd-to-make-use-of-path_is_tempora.patch
+Patch0573: 0573-initrd-extend-SYSTEMD_IN_INITRD-to-accept-non-ramfs-.patch
+Patch0574: 0574-initrd-do-a-debug-log-if-failed-to-detect-rootfs-typ.patch
+Patch0575: 0575-initrd-do-a-debug-log-if-etc-initrd-release-doesn-t-.patch
+Patch0576: 0576-units-assign-user-runtime-dir-.service-to-user-i.sli.patch
+Patch0577: 0577-units-order-user-runtime-dir-.service-after-systemd-.patch
+Patch0578: 0578-units-make-sure-user-runtime-dir-.service-is-Type-on.patch
+Patch0579: 0579-user-runtime-dir-downgrade-a-few-log-messages-to-LOG.patch
+Patch0580: 0580-shared-install-Preserve-escape-characters-for-escape.patch
+Patch0581: 0581-basic-virt-Detect-PowerVM-hypervisor.patch
+Patch0582: 0582-man-document-differences-in-clean-exit-status-for-Ty.patch
+Patch0583: 0583-busctl-add-a-timestamp-to-the-output-of-the-busctl-m.patch
+Patch0584: 0584-basic-cap-list-parse-print-numerical-capabilities.patch
+Patch0585: 0585-shared-mount-util-convert-to-libmount.patch
+Patch0586: 0586-mount-util-bind_remount-avoid-calling-statvfs.patch
+Patch0587: 0587-mount-util-use-UMOUNT_NOFOLLOW-in-recursive-umounter.patch
+Patch0588: 0588-test-install-root-create-referenced-targets.patch
+Patch0589: 0589-install-warn-if-WantedBy-targets-don-t-exist.patch
+Patch0590: 0590-test-install-root-add-test-for-unknown-WantedBy-targ.patch
+Patch0591: 0591-ceph-is-a-network-filesystem.patch
+Patch0592: 0592-sysctl-set-kernel.core_pipe_limit-16.patch
+Patch0593: 0593-core-don-t-drop-timer-expired-but-not-yet-processed-.patch
+Patch0594: 0594-core-Detect-initial-timer-state-from-serialized-data.patch
+Patch0595: 0595-rc-local-order-after-network-online.target.patch
+Patch0596: 0596-set-core-ulimit-to-0-like-on-RHEL-7.patch
+Patch0597: 0597-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
%ifarch %{ix86} x86_64 aarch64
@@ -648,7 +679,6 @@ BuildRequires: libgpg-error-devel
BuildRequires: gnutls-devel
BuildRequires: libmicrohttpd-devel
BuildRequires: libxkbcommon-devel
-BuildRequires: iptables-devel
BuildRequires: libxslt
BuildRequires: docbook-style-xsl
BuildRequires: pkgconfig
@@ -670,6 +700,8 @@ Requires(post): coreutils
Requires(post): sed
Requires(post): acl
Requires(post): grep
+# systemd-machine-id-setup requires libssl
+Requires(post): openssl-libs
Requires(pre): coreutils
Requires(pre): /usr/bin/getent
Requires(pre): /usr/sbin/groupadd
@@ -856,7 +888,7 @@ CONFIGURE_OPTS=(
-Dgnutls=true
-Dmicrohttpd=true
-Dlibidn2=true
- -Dlibiptc=true
+ -Dlibiptc=false
-Dlibcurl=true
-Defi=true
-Dgnu-efi=%{?have_gnu_efi:true}%{?!have_gnu_efi:false}
@@ -1076,16 +1108,14 @@ if [ -e /etc/fstab ]; then
sed -i.rpm.bak -r '/^devpts\s+\/dev\/pts\s+devpts\s+defaults\s+/d; /^tmpfs\s+\/dev\/shm\s+tmpfs\s+defaults\s+/d; /^sysfs\s+\/sys\s+sysfs\s+defaults\s+/d; /^proc\s+\/proc\s+proc\s+defaults\s+/d' /etc/fstab || :
fi
-# Services we install by default, and which are controlled by presets.
+# We reset the enablement of all services upon initial installation
+# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23
+# This will fix up enablement of any preset services that got installed
+# before systemd due to rpm ordering problems:
+# Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1647172
+# RHEL: https://bugzilla.redhat.com/show_bug.cgi?id=1783263
if [ $1 -eq 1 ] ; then
- systemctl preset --quiet \
- remote-fs.target \
- getty@.service \
- serial-getty@.service \
- console-getty.service \
- debug-shell.service \
- systemd-resolved.service \
- >/dev/null || :
+ systemctl preset-all &>/dev/null || :
fi
# remove obsolete systemd-readahead file
@@ -1244,32 +1274,71 @@ fi
%files tests -f .file-list-tests
%changelog
-* Tue May 25 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-45.1
-- Revert "udev: run link_update() with increased retry count in second invocation" (#1963980)
-- Revert "udev: make algorithm that selects highest priority devlink less susceptible to race conditions" (#1963980)
-- test/udev-test.pl: drop test cases that add mutliple devices (#1963980)
+* Thu Jun 24 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-48
+- cgroup: Also set io.bfq.weight (#1927290)
+- seccomp: allow turning off of seccomp filtering via env var (#1916835)
+- meson: remove strange dep that causes meson to enter infinite loop (#1970860)
+- copy: handle copy_file_range() weirdness on procfs/sysfs (#1970860)
+- core: Hide "Deactivated successfully" message (#1954802)
+- util: rework in_initrd() to make use of path_is_temporary_fs() (#1959339)
+- initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs (#1959339)
+- initrd: do a debug log if failed to detect rootfs type (#1959339)
+- initrd: do a debug log if /etc/initrd-release doesn't take effect (#1959339)
+- units: assign user-runtime-dir@.service to user-%i.slice (#1946453)
+- units: order user-runtime-dir@.service after systemd-user-sessions.service (#1946453)
+- units: make sure user-runtime-dir@.service is Type=oneshot (#1946453)
+- user-runtime-dir: downgrade a few log messages to LOG_DEBUG that we ignore (#1946453)
+- shared/install: Preserve escape characters for escaped unit names (#1952686)
+- basic/virt: Detect PowerVM hypervisor (#1937989)
+- man: document differences in clean exit status for Type=oneshot (#1940078)
+- busctl: add a timestamp to the output of the busctl monitor command (#1909214)
+- basic/cap-list: parse/print numerical capabilities (#1946943)
+- shared/mount-util: convert to libmount (#1885143)
+- mount-util: bind_remount: avoid calling statvfs (#1885143)
+- mount-util: use UMOUNT_NOFOLLOW in recursive umounter (#1885143)
+- test-install-root: create referenced targets (#1835351)
+- install: warn if WantedBy targets don't exist (#1835351)
+- test-install-root: add test for unknown WantedBy= target (#1835351)
+- ceph is a network filesystem (#1952013)
+- sysctl: set kernel.core_pipe_limit=16 (#1949729)
+- core: don't drop timer expired but not yet processed when system date is changed (#1899402)
+- core: Detect initial timer state from serialized data (#1899402)
+- rc-local: order after network-online.target (#1934028)
+- set core ulimit to 0 like on RHEL-7 (#1905582)
+- test-mountpointutil-util: do not assert in test_mnt_id() (#1910425)
+
+* Fri Jun 04 2021 Jan Macku <jamacku@redhat.com> - 239-47
+- systemd-binfmt: Add safeguard in triggers (#1787144)
+- spec: Requires(post) openssl-libs to fix missing /etc/machine-id (#1947438)
+- spec: Go back to using systemctl preset-all in post (#1783263, #1647172, #1118740)
+- spec: Disable libiptc support (#1817265)
+
+* Wed May 19 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-46
+- Revert "udev: run link_update() with increased retry count in second invocation" (#1942299)
+- Revert "udev: make algorithm that selects highest priority devlink less susceptible to race conditions" (#1942299)
+- test/udev-test.pl: drop test cases that add mutliple devices (#1942299)
* Thu Mar 11 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-45
-- Revert "test: add test cases for empty string match" and "test: add test case for multi matches when use ||" (#1931947)
-- test/sys-script.py: add missing DEVNAME entries to uevents (#1931947)
-- sd-event: split out helper functions for reshuffling prioqs (#1819868)
-- sd-event: split out enable and disable codepaths from sd_event_source_set_enabled() (#1819868)
-- sd-event: mention that two debug logged events are ignored (#1819868)
-- sd-event: split clock data allocation out of sd_event_add_time() (#1819868)
-- sd-event: split out code to add/remove timer event sources to earliest/latest prioq (#1819868)
-- sd-event: fix delays assert brain-o (#17790) (#1819868)
-- sd-event: let's suffix last_run/last_log with "_usec" (#1819868)
-- sd-event: refuse running default event loops in any other thread than the one they are default for (#1819868)
-- sd-event: ref event loop while in sd_event_prepare() ot sd_event_run() (#1819868)
-- sd-event: follow coding style with naming return parameter (#1819868)
-- sd-event: remove earliest_index/latest_index into common part of event source objects (#1819868)
-- sd-event: update state at the end in event_source_enable (#1819868)
-- sd-event: increase n_enabled_child_sources just once (#1819868)
-- sd-event: add ability to ratelimit event sources (#1819868)
-- test: add ratelimiting test (#1819868)
-- core: prevent excessive /proc/self/mountinfo parsing (#1819868)
-- udev: run link_update() with increased retry count in second invocation (#1931947)
-- pam-systemd: use secure_getenv() rather than getenv() (#1687514)
+- Revert "test: add test cases for empty string match" and "test: add test case for multi matches when use ||" (#1935124)
+- test/sys-script.py: add missing DEVNAME entries to uevents (#1935124)
+- sd-event: split out helper functions for reshuffling prioqs (#1937315)
+- sd-event: split out enable and disable codepaths from sd_event_source_set_enabled() (#1937315)
+- sd-event: mention that two debug logged events are ignored (#1937315)
+- sd-event: split clock data allocation out of sd_event_add_time() (#1937315)
+- sd-event: split out code to add/remove timer event sources to earliest/latest prioq (#1937315)
+- sd-event: fix delays assert brain-o (#17790) (#1937315)
+- sd-event: let's suffix last_run/last_log with "_usec" (#1937315)
+- sd-event: refuse running default event loops in any other thread than the one they are default for (#1937315)
+- sd-event: ref event loop while in sd_event_prepare() ot sd_event_run() (#1937315)
+- sd-event: follow coding style with naming return parameter (#1937315)
+- sd-event: remove earliest_index/latest_index into common part of event source objects (#1937315)
+- sd-event: update state at the end in event_source_enable (#1937315)
+- sd-event: increase n_enabled_child_sources just once (#1937315)
+- sd-event: add ability to ratelimit event sources (#1937315)
+- test: add ratelimiting test (#1937315)
+- core: prevent excessive /proc/self/mountinfo parsing (#1937315)
+- udev: run link_update() with increased retry count in second invocation (#1935124)
+- pam-systemd: use secure_getenv() rather than getenv() (#1936866)
* Thu Jan 28 2021 systemd maintenance team <systemd-maint@redhat.com> - 239-44
- ci: PowerTools repo was renamed to powertools in RHEL 8.3 (#1871827)