diff --git a/SOURCES/0057-mesg-use-only-stat-to-get-the-current-terminal-statu.patch b/SOURCES/0057-mesg-use-only-stat-to-get-the-current-terminal-statu.patch
new file mode 100644
index 0000000..62ff51f
--- /dev/null
+++ b/SOURCES/0057-mesg-use-only-stat-to-get-the-current-terminal-statu.patch
@@ -0,0 +1,52 @@
+From 7ad815523618c2a053d28061054a44ae9108ceb0 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Mon, 12 Apr 2021 09:39:59 +0200
+Subject: [PATCH 57/63] mesg: use only stat() to get the current terminal
+ status
+
+open()+stat() does not work for example after su(1) (from root to
+non-root). It seems better to use only stat() to get the current
+terminal status.
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1906157
+Upstream: http://github.com/karelzak/util-linux/commit/c0246ce059503bbc078122a50d564ca36a66f348
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ term-utils/mesg.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/term-utils/mesg.c b/term-utils/mesg.c
+index 8714ad1aa..21a4a8581 100644
+--- a/term-utils/mesg.c
++++ b/term-utils/mesg.c
+@@ -123,13 +123,10 @@ int main(int argc, char *argv[])
+
+ if ((tty = ttyname(STDERR_FILENO)) == NULL)
+ err(MESG_EXIT_FAILURE, _("ttyname failed"));
+- if ((fd = open(tty, O_RDONLY)) < 0)
+- err(MESG_EXIT_FAILURE, _("cannot open %s"), tty);
+- if (fstat(fd, &sb))
+- err(MESG_EXIT_FAILURE, _("stat of %s failed"), tty);
+
+ if (!*argv) {
+- close(fd);
++ if (stat(tty, &sb))
++ err(MESG_EXIT_FAILURE, _("stat of %s failed"), tty);
+ if (sb.st_mode & (S_IWGRP | S_IWOTH)) {
+ puts(_("is y"));
+ return IS_ALLOWED;
+@@ -138,6 +135,11 @@ int main(int argc, char *argv[])
+ return IS_NOT_ALLOWED;
+ }
+
++ if ((fd = open(tty, O_RDONLY)) < 0)
++ err(MESG_EXIT_FAILURE, _("cannot open %s"), tty);
++ if (fstat(fd, &sb))
++ err(MESG_EXIT_FAILURE, _("stat of %s failed"), tty);
++
+ switch (rpmatch(argv[0])) {
+ case RPMATCH_YES:
+ #ifdef USE_TTY_GROUP
+--
+2.31.1
+
diff --git a/SOURCES/0058-findmnt-add-option-to-list-all-fs-independent-flags.patch b/SOURCES/0058-findmnt-add-option-to-list-all-fs-independent-flags.patch
new file mode 100644
index 0000000..827ab0c
--- /dev/null
+++ b/SOURCES/0058-findmnt-add-option-to-list-all-fs-independent-flags.patch
@@ -0,0 +1,212 @@
+From 2f04609de018013a36396e6a10b317607fb0b625 Mon Sep 17 00:00:00 2001
+From: Roberto Bergantinos Corpas <rbergant@redhat.com>
+Date: Tue, 12 Jan 2021 11:58:53 +0100
+Subject: [PATCH 58/63] findmnt: add option to list all fs-independent flags
+
+It might be useful for security auditing purposes list all possible
+mount flags/options including default set which are normally not listed.
+
+This patch adds "--vfs-all" option to list all fs-independent flags
+on VFS-OPTIONS column, as well as libmount funcionality to accomplish
+it.
+
+i.e.:
+
+$ findmnt -o VFS-OPTIONS
+VFS-OPTIONS
+rw,relatime
+rw,nosuid,nodev,noexec,relatime
+rw,nosuid,nodev,noexec,relatime
+ro,nosuid,nodev,noexec
+...
+
+$ findmnt --vfs-all -o VFS-OPTIONS
+VFS-OPTIONS
+rw,exec,suid,dev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
+rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
+rw,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,relatime,nostrictatime,nolazytime,symfollow
+ro,noexec,nosuid,nodev,async,loud,nomand,atime,noiversion,diratime,norelatime,nostrictatime,nolazytime,symfollow
+...
+
+[kzak@redhat.com: - cleanup coding style and comments]
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1917852
+Upstream: http://github.com/karelzak/util-linux/commit/ff21f476f85ac9855452f4aac43a231c3c1e2ebc
+Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libmount/docs/libmount-sections.txt | 1 +
+ libmount/src/fs.c | 32 +++++++++++++++++++++++++++++
+ libmount/src/libmount.h.in | 1 +
+ libmount/src/libmount.sym | 4 ++++
+ misc-utils/findmnt.8 | 6 ++++++
+ misc-utils/findmnt.c | 15 +++++++++++---
+ misc-utils/findmnt.h | 2 ++
+ 7 files changed, 58 insertions(+), 3 deletions(-)
+
+diff --git a/libmount/docs/libmount-sections.txt b/libmount/docs/libmount-sections.txt
+index dea724b2f..f296c0611 100644
+--- a/libmount/docs/libmount-sections.txt
++++ b/libmount/docs/libmount-sections.txt
+@@ -224,6 +224,7 @@ mnt_fs_get_usedsize
+ mnt_fs_get_userdata
+ mnt_fs_get_user_options
+ mnt_fs_get_vfs_options
++mnt_fs_get_vfs_options_all
+ mnt_fs_is_kernel
+ mnt_fs_is_netfs
+ mnt_fs_is_pseudofs
+diff --git a/libmount/src/fs.c b/libmount/src/fs.c
+index aae4961c3..34c09d66b 100644
+--- a/libmount/src/fs.c
++++ b/libmount/src/fs.c
+@@ -924,6 +924,38 @@ const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs)
+ return fs ? fs->vfs_optstr : NULL;
+ }
+
++/**
++ * mnt_fs_get_vfs_options_all:
++ * @fs: fstab/mtab entry pointer
++ *
++ * Returns: pointer to newlly allocated string (can be freed by free(3)) or
++ * NULL in case of error. The string contains all (including defaults) mount
++ * options.
++ */
++char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs)
++{
++ const struct libmnt_optmap *map = mnt_get_builtin_optmap(MNT_LINUX_MAP);
++ const struct libmnt_optmap *ent;
++ const char *opts = mnt_fs_get_options(fs);
++ char *result = NULL;
++ unsigned long flags = 0;
++
++ if (!opts || mnt_optstr_get_flags(opts, &flags, map))
++ return NULL;
++
++ for (ent = map ; ent && ent->name ; ent++){
++ if (ent->id & flags) { /* non-default value */
++ if (!(ent->mask & MNT_INVERT))
++ mnt_optstr_append_option(&result, ent->name, NULL);
++ else
++ continue;
++ } else if (ent->mask & MNT_INVERT)
++ mnt_optstr_append_option(&result, ent->name, NULL);
++ }
++
++ return result;
++}
++
+ /**
+ * mnt_fs_get_user_options:
+ * @fs: fstab/mtab entry pointer
+diff --git a/libmount/src/libmount.h.in b/libmount/src/libmount.h.in
+index c61514b59..1d9a053e0 100644
+--- a/libmount/src/libmount.h.in
++++ b/libmount/src/libmount.h.in
+@@ -452,6 +452,7 @@ extern int mnt_fs_get_option(struct libmnt_fs *fs, const char *name,
+ extern const char *mnt_fs_get_fs_options(struct libmnt_fs *fs);
+ extern const char *mnt_fs_get_vfs_options(struct libmnt_fs *fs);
+ extern const char *mnt_fs_get_user_options(struct libmnt_fs *fs);
++extern char *mnt_fs_get_vfs_options_all(struct libmnt_fs *fs);
+
+ extern const char *mnt_fs_get_attributes(struct libmnt_fs *fs);
+ extern int mnt_fs_set_attributes(struct libmnt_fs *fs, const char *optstr);
+diff --git a/libmount/src/libmount.sym b/libmount/src/libmount.sym
+index ca16cafa1..636c564eb 100644
+--- a/libmount/src/libmount.sym
++++ b/libmount/src/libmount.sym
+@@ -322,3 +322,7 @@ MOUNT_2.30 {
+ mnt_context_enable_rwonly_mount;
+ mnt_context_get_excode;
+ } MOUNT_2.28;
++
++MOUNT_2_37 {
++ mnt_fs_get_vfs_options_all;
++} MOUNT_2.30;
+diff --git a/misc-utils/findmnt.8 b/misc-utils/findmnt.8
+index 58dd38625..41a37cb5f 100644
+--- a/misc-utils/findmnt.8
++++ b/misc-utils/findmnt.8
+@@ -249,6 +249,12 @@ It's possible to specify source (device) or target (mountpoint) to filter mount
+ .TP
+ .BR "\-\-verbose"
+ Force findmnt to print more information (\fB\-\-verify\fP only for now).
++.TP
++.B \-\-vfs-all
++When used with
++.BR VFS-OPTIONS
++column, print all VFS (fs-independent) flags. This option is designed for auditing purposes to
++list also default VFS kernel mount options which are normally not listed.
+ .SH EXAMPLES
+ .IP "\fBfindmnt \-\-fstab \-t nfs\fP"
+ Prints all NFS filesystems defined in
+diff --git a/misc-utils/findmnt.c b/misc-utils/findmnt.c
+index 184b6f7d7..a7b3af4f4 100644
+--- a/misc-utils/findmnt.c
++++ b/misc-utils/findmnt.c
+@@ -542,7 +542,10 @@ static char *get_data(struct libmnt_fs *fs, int num)
+ str = xstrdup(mnt_fs_get_options(fs));
+ break;
+ case COL_VFS_OPTIONS:
+- str = xstrdup(mnt_fs_get_vfs_options(fs));
++ if (flags & FL_VFS_ALL)
++ str = mnt_fs_get_vfs_options_all(fs);
++ else if (mnt_fs_get_vfs_options(fs))
++ str = xstrdup(mnt_fs_get_vfs_options(fs));
+ break;
+ case COL_FS_OPTIONS:
+ str = xstrdup(mnt_fs_get_fs_options(fs));
+@@ -1243,6 +1246,7 @@ static void __attribute__((__noreturn__)) usage(void)
+ fputc('\n', out);
+ fputs(_(" -x, --verify verify mount table content (default is fstab)\n"), out);
+ fputs(_(" --verbose print more details\n"), out);
++ fputs(_(" --vfs-all print all VFS options\n"), out);
+
+ fputs(USAGE_SEPARATOR, out);
+ printf(USAGE_HELP_OPTIONS(24));
+@@ -1271,8 +1275,9 @@ int main(int argc, char *argv[])
+ struct libscols_table *table = NULL;
+
+ enum {
+- FINDMNT_OPT_VERBOSE = CHAR_MAX + 1,
+- FINDMNT_OPT_TREE
++ FINDMNT_OPT_VERBOSE = CHAR_MAX + 1,
++ FINDMNT_OPT_TREE,
++ FINDMNT_OPT_VFS_ALL
+ };
+
+ static const struct option longopts[] = {
+@@ -1313,6 +1318,7 @@ int main(int argc, char *argv[])
+ { "version", no_argument, NULL, 'V' },
+ { "verbose", no_argument, NULL, FINDMNT_OPT_VERBOSE },
+ { "tree", no_argument, NULL, FINDMNT_OPT_TREE },
++ { "vfs-all", no_argument, NULL, FINDMNT_OPT_VFS_ALL },
+ { NULL, 0, NULL, 0 }
+ };
+
+@@ -1479,6 +1485,9 @@ int main(int argc, char *argv[])
+ case FINDMNT_OPT_TREE:
+ force_tree = 1;
+ break;
++ case FINDMNT_OPT_VFS_ALL:
++ flags |= FL_VFS_ALL;
++ break;
+ default:
+ errtryhelp(EXIT_FAILURE);
+ }
+diff --git a/misc-utils/findmnt.h b/misc-utils/findmnt.h
+index fbaa38e82..9a277b68a 100644
+--- a/misc-utils/findmnt.h
++++ b/misc-utils/findmnt.h
+@@ -19,6 +19,8 @@ enum {
+ FL_STRICTTARGET = (1 << 15),
+ FL_VERBOSE = (1 << 16),
+
++ FL_VFS_ALL = (1 << 19),
++
+ /* basic table settings */
+ FL_ASCII = (1 << 20),
+ FL_RAW = (1 << 21),
+--
+2.31.1
+
diff --git a/SOURCES/0059-nologin-Prevent-error-from-su-c.patch b/SOURCES/0059-nologin-Prevent-error-from-su-c.patch
new file mode 100644
index 0000000..9dd8b4a
--- /dev/null
+++ b/SOURCES/0059-nologin-Prevent-error-from-su-c.patch
@@ -0,0 +1,83 @@
+From ae227f0eb3500b49fb78623f51ec9bd4366346ef Mon Sep 17 00:00:00 2001
+From: Stanislav Brabec <sbrabec@suse.cz>
+Date: Thu, 10 Oct 2019 01:08:25 +0200
+Subject: [PATCH 59/63] nologin: Prevent error from su -c
+
+"su -c" can pass "-c" to nologin. It causes ugly error:
+
+su -c "echo OK" - man
+-nologin: invalid option -- 'c'
+Try '-nologin --help' for more information.
+
+Accept -c to prevent this error.
+
+Upstream: http://github.com/karelzak/util-linux/commit/a174eefb41a2ce8b467bb7e1546953c8bd1223dd
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1922299
+Signed-off-by: Josef Cejka <jcejka@suse.com>
+Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
+---
+ login-utils/nologin.8 | 11 +++++++++--
+ login-utils/nologin.c | 9 +++++++--
+ 2 files changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/login-utils/nologin.8 b/login-utils/nologin.8
+index ee5948443..9389a86c6 100644
+--- a/login-utils/nologin.8
++++ b/login-utils/nologin.8
+@@ -18,9 +18,16 @@ The exit code returned by
+ is always 1.
+ .PP
+ .SH OPTIONS
+-.IP "\fB\-h, \-\-help\fP"
++
++
++.TP
++.IP "\fB\-c\fR, \fB\-\-command\fR \fIcommand\fR"
++Ignored. For compatibility with
++.I su -c "command" - user
++that would cause error otherwise.
++.IP "\fB\-h\fR, \fB\-\-help\fR"
+ Display help text and exit.
+-.IP "\fB-V, \-\-version"
++.IP "\fB-V\fR, \fB\-\-version\fR"
+ Display version information and exit.
+ .SH NOTES
+ .B nologin
+diff --git a/login-utils/nologin.c b/login-utils/nologin.c
+index b0b6a721c..293f568c1 100644
+--- a/login-utils/nologin.c
++++ b/login-utils/nologin.c
+@@ -30,7 +30,8 @@ static void __attribute__((__noreturn__)) usage(void)
+ fputs(_("Politely refuse a login.\n"), out);
+
+ fputs(USAGE_OPTIONS, out);
+- printf(USAGE_HELP_OPTIONS(16));
++ fputs(_(" -c, --command <command> does nothing (for compatibility with su -c)\n"), out);
++ printf(USAGE_HELP_OPTIONS(26));
+
+ printf(USAGE_MAN_TAIL("nologin(8)"));
+ exit(EXIT_FAILURE);
+@@ -41,6 +42,7 @@ int main(int argc, char *argv[])
+ int c, fd = -1;
+ struct stat st;
+ static const struct option longopts[] = {
++ { "command", required_argument, NULL, 'c' },
+ { "help", 0, NULL, 'h' },
+ { "version", 0, NULL, 'V' },
+ { NULL, 0, NULL, 0 }
+@@ -50,8 +52,11 @@ int main(int argc, char *argv[])
+ bindtextdomain(PACKAGE, LOCALEDIR);
+ textdomain(PACKAGE);
+
+- while ((c = getopt_long(argc, argv, "hV", longopts, NULL)) != -1) {
++ while ((c = getopt_long(argc, argv, "c:hV", longopts, NULL)) != -1) {
+ switch (c) {
++ case 'c':
++ /* Ignore the command, just don't print unknown option error. */
++ break;
+ case 'h':
+ usage();
+ break;
+--
+2.31.1
+
diff --git a/SOURCES/0060-nologin-silently-ignore-well-known-shell-command-lin.patch b/SOURCES/0060-nologin-silently-ignore-well-known-shell-command-lin.patch
new file mode 100644
index 0000000..03983d6
--- /dev/null
+++ b/SOURCES/0060-nologin-silently-ignore-well-known-shell-command-lin.patch
@@ -0,0 +1,124 @@
+From bfa7d299f8a497a835bc250bd765094ee06b8a01 Mon Sep 17 00:00:00 2001
+From: Sami Kerola <kerolasa@iki.fi>
+Date: Sun, 17 Nov 2019 08:33:04 +0000
+Subject: [PATCH 60/63] nologin: silently ignore well known shell command-line
+ options
+
+nologin is typically used in /etc/passwd as a shell replacement. Hence it
+is reasonable to ignore well known command-line options silently to avoid
+unwanted ugly error messages.
+
+Addresses: https://github.com/karelzak/util-linux/issues/895
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1922299
+Upstream: http://github.com/karelzak/util-linux/commit/beb61b07c20ab902fec883a4bd087c45d2742dea
+Requested-by: Lennart Poettering <lennart@poettering.net>
+Signed-off-by: Sami Kerola <kerolasa@iki.fi>
+---
+ login-utils/nologin.8 | 32 ++++++++++++++++++++++++--------
+ login-utils/nologin.c | 33 ++++++++++++++++++++++++++++-----
+ 2 files changed, 52 insertions(+), 13 deletions(-)
+
+diff --git a/login-utils/nologin.8 b/login-utils/nologin.8
+index 9389a86c6..d3882e2b1 100644
+--- a/login-utils/nologin.8
++++ b/login-utils/nologin.8
+@@ -1,4 +1,4 @@
+-.TH NOLOGIN 8 "September 2013" "util-linux" "System Administration"
++.TH NOLOGIN 8 "November 2019" "util-linux" "System Administration"
+ .SH NAME
+ nologin \- politely refuse a login
+ .SH SYNOPSIS
+@@ -18,13 +18,29 @@ The exit code returned by
+ is always 1.
+ .PP
+ .SH OPTIONS
+-
+-
+-.TP
+-.IP "\fB\-c\fR, \fB\-\-command\fR \fIcommand\fR"
+-Ignored. For compatibility with
+-.I su -c "command" - user
+-that would cause error otherwise.
++\fB\-c\fR, \fB\-\-command\fR \fIcommand\fR
++.br
++\fB\-\-init-file\fR
++.br
++\fB\-i\fR \fB\-\-interactive\fR
++.br
++\fB\-\-init-file\fR \fIfile\fR
++.br
++\fB\-i\fR, \fB\-\-interactive\fR
++.br
++\fB\-l\fR, \fB\-\-login\fR
++.br
++\fB\-\-noprofile\fR
++.br
++\fB\-\-norc\fR
++.br
++\fB\-\-posix\fR
++.br
++\fB\-\-rcfile\fR \fIfile\fR
++.br
++\fB\-r\fR, \fB\-\-restricted\fR
++.IP
++These shell command-line options are ignored to avoid nologin error.
+ .IP "\fB\-h\fR, \fB\-\-help\fR"
+ Display help text and exit.
+ .IP "\fB-V\fR, \fB\-\-version\fR"
+diff --git a/login-utils/nologin.c b/login-utils/nologin.c
+index 293f568c1..567a9a2ca 100644
+--- a/login-utils/nologin.c
++++ b/login-utils/nologin.c
+@@ -41,10 +41,25 @@ int main(int argc, char *argv[])
+ {
+ int c, fd = -1;
+ struct stat st;
++ enum {
++ OPT_INIT_FILE = CHAR_MAX + 1,
++ OPT_NOPROFILE,
++ OPT_NORC,
++ OPT_POSIX,
++ OPT_RCFILE
++ };
+ static const struct option longopts[] = {
+- { "command", required_argument, NULL, 'c' },
+- { "help", 0, NULL, 'h' },
+- { "version", 0, NULL, 'V' },
++ { "command", required_argument, NULL, 'c' },
++ { "init-file", required_argument, NULL, OPT_INIT_FILE },
++ { "interactive", no_argument, NULL, 'i' },
++ { "login", no_argument, NULL, 'l' },
++ { "noprofile", no_argument, NULL, OPT_NOPROFILE },
++ { "norc", no_argument, NULL, OPT_NORC },
++ { "posix", no_argument, NULL, OPT_POSIX },
++ { "rcfile", required_argument, NULL, OPT_RCFILE },
++ { "restricted", no_argument, NULL, 'r' },
++ { "help", no_argument, NULL, 'h' },
++ { "version", no_argument, NULL, 'V' },
+ { NULL, 0, NULL, 0 }
+ };
+
+@@ -52,10 +67,18 @@ int main(int argc, char *argv[])
+ bindtextdomain(PACKAGE, LOCALEDIR);
+ textdomain(PACKAGE);
+
+- while ((c = getopt_long(argc, argv, "c:hV", longopts, NULL)) != -1) {
++ while ((c = getopt_long(argc, argv, "c:ilrhV", longopts, NULL)) != -1) {
+ switch (c) {
+ case 'c':
+- /* Ignore the command, just don't print unknown option error. */
++ case OPT_INIT_FILE:
++ case 'i':
++ case 'l':
++ case OPT_NOPROFILE:
++ case OPT_NORC:
++ case OPT_POSIX:
++ case OPT_RCFILE:
++ case 'r':
++ /* Ignore well known shell command-line options */
+ break;
+ case 'h':
+ usage();
+--
+2.31.1
+
diff --git a/SOURCES/0061-libsmartcols-introduce-default-sort-column.patch b/SOURCES/0061-libsmartcols-introduce-default-sort-column.patch
new file mode 100644
index 0000000..861d5b6
--- /dev/null
+++ b/SOURCES/0061-libsmartcols-introduce-default-sort-column.patch
@@ -0,0 +1,213 @@
+From 543e87865c5b9b7cb08ce8d55da1ef414154d213 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Wed, 24 Mar 2021 12:43:17 +0100
+Subject: [PATCH 61/63] libsmartcols: introduce default sort column
+
+* add default sort column, set by scols_sort_table()
+
+* sort tree according to default sort column also in scols_sort_table_by_tree()
+
+The function scols_sort_table() does not sort tree branches if tree
+is not enabled. The function scols_sort_table_by_tree() does not care
+if tree is enabled and it always follows parent->child relations. For
+scols_sort_table_by_tree() we need to follow order in branches if
+previously scols_sort_table() has been called.
+
+For example lsblk calls
+
+ scols_sort_table(tb, cl);
+ scols_sort_table_by_tree(tb);
+
+for list-like output (for example lsblk -P) and users assume the
+same order as for tree (lsblk --tree).
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1940607
+Upstream: http://github.com/karelzak/util-linux/commit/529b51706ef06611a8165023f14e6593e06901de
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libsmartcols/src/smartcolsP.h | 3 ++
+ libsmartcols/src/table.c | 60 ++++++++++++++++++++++++----------
+ libsmartcols/src/table_print.c | 6 ++--
+ misc-utils/lsblk.c | 6 ++--
+ 4 files changed, 52 insertions(+), 23 deletions(-)
+
+diff --git a/libsmartcols/src/smartcolsP.h b/libsmartcols/src/smartcolsP.h
+index 510e7a980..8037fb9f5 100644
+--- a/libsmartcols/src/smartcolsP.h
++++ b/libsmartcols/src/smartcolsP.h
+@@ -160,6 +160,9 @@ struct libscols_table {
+
+ struct list_head tb_columns;
+ struct list_head tb_lines;
++
++ struct libscols_column *dflt_sort_column; /* default sort column, set by scols_sort_table() */
++
+ struct libscols_symbols *symbols;
+ struct libscols_cell title; /* optional table title (for humans) */
+
+diff --git a/libsmartcols/src/table.c b/libsmartcols/src/table.c
+index 979a09a39..bbabc0817 100644
+--- a/libsmartcols/src/table.c
++++ b/libsmartcols/src/table.c
+@@ -224,6 +224,8 @@ int scols_table_remove_column(struct libscols_table *tb,
+
+ if (cl->flags & SCOLS_FL_TREE)
+ tb->ntreecols--;
++ if (tb->dflt_sort_column == cl)
++ tb->dflt_sort_column = NULL;
+
+ DBG(TAB, ul_debugobj(tb, "remove column"));
+ list_del_init(&cl->cl_columns);
+@@ -1362,41 +1364,63 @@ static int sort_line_children(struct libscols_line *ln, struct libscols_column *
+ return 0;
+ }
+
++static int __scols_sort_tree(struct libscols_table *tb, struct libscols_column *cl)
++{
++ struct libscols_line *ln;
++ struct libscols_iter itr;
++
++ if (!tb || !cl || !cl->cmpfunc)
++ return -EINVAL;
++
++ scols_reset_iter(&itr, SCOLS_ITER_FORWARD);
++ while (scols_table_next_line(tb, &itr, &ln) == 0)
++ sort_line_children(ln, cl);
++ return 0;
++}
++
+ /**
+ * scols_sort_table:
+ * @tb: table
+- * @cl: order by this column
++ * @cl: order by this column or NULL
+ *
+ * Orders the table by the column. See also scols_column_set_cmpfunc(). If the
+ * tree output is enabled then children in the tree are recursively sorted too.
+ *
++ * The column @cl is saved as the default sort column to the @tb and the next time
++ * is possible to call scols_sort_table(tb, NULL). The saved column is also used by
++ * scols_sort_table_by_tree().
++ *
+ * Returns: 0, a negative value in case of an error.
+ */
+ int scols_sort_table(struct libscols_table *tb, struct libscols_column *cl)
+ {
+- if (!tb || !cl || !cl->cmpfunc)
++ if (!tb)
++ return -EINVAL;
++ if (!cl)
++ cl = tb->dflt_sort_column;
++ if (!cl || !cl->cmpfunc)
+ return -EINVAL;
+
+- DBG(TAB, ul_debugobj(tb, "sorting table"));
++ DBG(TAB, ul_debugobj(tb, "sorting table by %zu column", cl->seqnum));
+ list_sort(&tb->tb_lines, cells_cmp_wrapper_lines, cl);
+
+- if (scols_table_is_tree(tb)) {
+- struct libscols_line *ln;
+- struct libscols_iter itr;
++ if (scols_table_is_tree(tb))
++ __scols_sort_tree(tb, cl);
+
+- scols_reset_iter(&itr, SCOLS_ITER_FORWARD);
+- while (scols_table_next_line(tb, &itr, &ln) == 0)
+- sort_line_children(ln, cl);
+- }
++ if (cl && cl != tb->dflt_sort_column)
++ tb->dflt_sort_column = cl;
+
+ return 0;
+ }
+
++/*
++ * Move all @ln's children after @ln in the table.
++ */
+ static struct libscols_line *move_line_and_children(struct libscols_line *ln, struct libscols_line *pre)
+ {
+ if (pre) {
+ list_del_init(&ln->ln_lines); /* remove from old position */
+- list_add(&ln->ln_lines, &pre->ln_lines); /* add to the new place (behind @pre) */
++ list_add(&ln->ln_lines, &pre->ln_lines); /* add to the new place (after @pre) */
+ }
+ pre = ln;
+
+@@ -1418,7 +1442,10 @@ static struct libscols_line *move_line_and_children(struct libscols_line *ln, st
+ * @tb: table
+ *
+ * Reorders lines in the table by parent->child relation. Note that order of
+- * the lines in the table is independent on the tree hierarchy.
++ * the lines in the table is independent on the tree hierarchy by default.
++ *
++ * The children of the lines are sorted according to the default sort column
++ * if scols_sort_table() has been previously called.
+ *
+ * Since: 2.30
+ *
+@@ -1434,13 +1461,12 @@ int scols_sort_table_by_tree(struct libscols_table *tb)
+
+ DBG(TAB, ul_debugobj(tb, "sorting table by tree"));
+
+- scols_reset_iter(&itr, SCOLS_ITER_FORWARD);
+- while (scols_table_next_line(tb, &itr, &ln) == 0) {
+- if (ln->parent)
+- continue;
++ if (tb->dflt_sort_column)
++ __scols_sort_tree(tb, tb->dflt_sort_column);
+
++ scols_reset_iter(&itr, SCOLS_ITER_FORWARD);
++ while (scols_table_next_line(tb, &itr, &ln) == 0)
+ move_line_and_children(ln, NULL);
+- }
+
+ return 0;
+ }
+diff --git a/libsmartcols/src/table_print.c b/libsmartcols/src/table_print.c
+index 8ecfc30e2..337dbbd84 100644
+--- a/libsmartcols/src/table_print.c
++++ b/libsmartcols/src/table_print.c
+@@ -585,11 +585,9 @@ static int cell_to_buffer(struct libscols_table *tb,
+
+ ce = scols_line_get_cell(ln, cl->seqnum);
+ data = ce ? scols_cell_get_data(ce) : NULL;
+- if (!data)
+- return 0;
+
+ if (!scols_column_is_tree(cl))
+- return buffer_set_data(buf, data);
++ return data ? buffer_set_data(buf, data) : 0;
+
+ /*
+ * Tree stuff
+@@ -605,7 +603,7 @@ static int cell_to_buffer(struct libscols_table *tb,
+ buffer_set_art_index(buf);
+ }
+
+- if (!rc)
++ if (!rc && data)
+ rc = buffer_append_data(buf, data);
+ return rc;
+ }
+diff --git a/misc-utils/lsblk.c b/misc-utils/lsblk.c
+index d0369d3e7..cc7894ecf 100644
+--- a/misc-utils/lsblk.c
++++ b/misc-utils/lsblk.c
+@@ -1894,10 +1894,12 @@ int main(int argc, char *argv[])
+ * /sys is no more sorted */
+ lsblk->sort_id = COL_MAJMIN;
+
+- /* For --inverse --list we still follow parent->child relation */
+- if (lsblk->inverse && !(lsblk->flags & LSBLK_TREE))
++ /* For --{inverse,raw,pairs} --list we still follow parent->child relation */
++ if (!(lsblk->flags & LSBLK_TREE)
++ && (lsblk->inverse || lsblk->flags & LSBLK_EXPORT || lsblk->flags & LSBLK_RAW))
+ lsblk->force_tree_order = 1;
+
++
+ if (lsblk->sort_id >= 0 && column_id_to_number(lsblk->sort_id) < 0) {
+ /* the sort column is not between output columns -- add as hidden */
+ add_column(lsblk->sort_id);
+--
+2.31.1
+
diff --git a/SOURCES/0062-libmount-accept-another-flags-on-MS_REMOUNT-MS_BIND.patch b/SOURCES/0062-libmount-accept-another-flags-on-MS_REMOUNT-MS_BIND.patch
new file mode 100644
index 0000000..5a02957
--- /dev/null
+++ b/SOURCES/0062-libmount-accept-another-flags-on-MS_REMOUNT-MS_BIND.patch
@@ -0,0 +1,120 @@
+From 8681757ee08361d78e4c74da8abae9d6df8623e7 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Mon, 28 May 2018 15:46:28 +0200
+Subject: [PATCH 62/63] libmount: accept another flags on MS_REMOUNT|MS_BIND
+
+The current libmount MS_REMOUNT|MS_BIND support is restricted to
+MS_RDONLY (read-only bind mount). This is too restrictive as Linux
+kernel supports bind-remount for arbitrary VFS flags.
+
+After this update you can use
+
+ # mount /dev/sdc1 /mnt/A
+ # mount --bind -onosuid,noexec /mnt/A /mnt/B
+
+ # findmnt /dev/sdc1 -oTARGET,SOURCE,FS-OPTIONS,VFS-OPTIONS
+ TARGET SOURCE FS-OPTIONS VFS-OPTIONS
+ /mnt/A /dev/sdc1 rw,stripe=512,data=ordered rw,relatime
+ /mnt/B /dev/sdc1 rw,stripe=512,data=ordered rw,nosuid,noexec,relatime
+
+The "mount --bind" is composed from two syscalls of course (1st is
+bind, 2nd is bind,remount,nosuid,noexec).
+
+Addresses: https://github.com/karelzak/util-linux/issues/637
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1919529
+Upstream: http://github.com/karelzak/util-linux/commit/e82b77e9696a6dada96a7f3ea3ec20a63e8e7b9e
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libmount/src/context_mount.c | 22 ++++++++--------------
+ libmount/src/mountP.h | 3 +++
+ sys-utils/mount.8 | 5 +++--
+ 3 files changed, 14 insertions(+), 16 deletions(-)
+
+diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c
+index a6de36178..b88e60507 100644
+--- a/libmount/src/context_mount.c
++++ b/libmount/src/context_mount.c
+@@ -107,22 +107,16 @@ static int init_propagation(struct libmnt_context *cxt)
+ }
+
+ /*
+- * add additional mount(2) syscall request to implement "ro,bind", the first regular
+- * mount(2) is the "bind" operation, the second is "remount,ro,bind" call.
+- *
+- * Note that we don't remove "ro" from the first syscall (kernel silently
+- * ignores this flags for bind operation) -- maybe one day kernel will support
+- * read-only binds in one step and then all will be done by the first mount(2) and the
+- * second remount will be noop...
++ * add additional mount(2) syscall request to implement "bind,<flags>", the first regular
++ * mount(2) is the "bind" operation, the second is "remount,bind,<flags>" call.
+ */
+-static int init_robind(struct libmnt_context *cxt)
++static int init_bind_remount(struct libmnt_context *cxt)
+ {
+ struct libmnt_addmount *ad;
+ int rc;
+
+ assert(cxt);
+ assert(cxt->mountflags & MS_BIND);
+- assert(cxt->mountflags & MS_RDONLY);
+ assert(!(cxt->mountflags & MS_REMOUNT));
+
+ DBG(CXT, ul_debugobj(cxt, "mount: initialize additional ro,bind mount"));
+@@ -131,9 +125,9 @@ static int init_robind(struct libmnt_context *cxt)
+ if (!ad)
+ return -ENOMEM;
+
+- ad->mountflags = MS_REMOUNT | MS_BIND | MS_RDONLY;
+- if (cxt->mountflags & MS_REC)
+- ad->mountflags |= MS_REC;
++ ad->mountflags = cxt->mountflags;
++ ad->mountflags |= (MS_REMOUNT | MS_BIND);
++
+ rc = mnt_context_append_additional_mount(cxt, ad);
+ if (rc)
+ return rc;
+@@ -254,9 +248,9 @@ static int fix_optstr(struct libmnt_context *cxt)
+ return rc;
+ }
+ if ((cxt->mountflags & MS_BIND)
+- && (cxt->mountflags & MS_RDONLY)
++ && (cxt->mountflags & MNT_BIND_SETTABLE)
+ && !(cxt->mountflags & MS_REMOUNT)) {
+- rc = init_robind(cxt);
++ rc = init_bind_remount(cxt);
+ if (rc)
+ return rc;
+ }
+diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h
+index 52a238ef3..64a507e61 100644
+--- a/libmount/src/mountP.h
++++ b/libmount/src/mountP.h
+@@ -363,6 +363,9 @@ struct libmnt_context
+ /* default flags */
+ #define MNT_FL_DEFAULT 0
+
++/* Flags usable with MS_BIND|MS_REMOUNT */
++#define MNT_BIND_SETTABLE (MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_NOATIME|MS_NODIRATIME|MS_RELATIME|MS_RDONLY)
++
+ /* lock.c */
+ extern int mnt_lock_use_simplelock(struct libmnt_lock *ml, int enable);
+
+diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
+index a4d7de2c0..291e65cb1 100644
+--- a/sys-utils/mount.8
++++ b/sys-utils/mount.8
+@@ -410,8 +410,9 @@ will be writable, but the
+ will be read-only.
+
+ It's also possible to change nosuid, nodev, noexec, noatime, nodiratime and
+-relatime VFS entry flags by "remount,bind" operation. It's impossible to change
+-mount options recursively (for example with \fB-o rbind,ro\fR).
++relatime VFS entry flags by "remount,bind" operation. The another (for example
++filesystem specific flags) are silently ignored. It's impossible to change mount
++options recursively (for example with \fB-o rbind,ro\fR).
+
+ .BR mount (8)
+ since v2.31 ignores the \fBbind\fR flag from
+--
+2.31.1
+
diff --git a/SOURCES/0063-libmount-improve-MS_REC-usage.patch b/SOURCES/0063-libmount-improve-MS_REC-usage.patch
new file mode 100644
index 0000000..467f70b
--- /dev/null
+++ b/SOURCES/0063-libmount-improve-MS_REC-usage.patch
@@ -0,0 +1,135 @@
+From 9f7fe1b83fcc508dc3e05815d03dbbb752a1cfba Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Fri, 1 Jun 2018 12:16:19 +0200
+Subject: [PATCH 63/63] libmount: improve MS_REC usage
+
+libmount allows to split one library (mount(8)) call to multiple mount(2)
+syscalls, for example
+
+ --rbind --make-rslave
+
+in this case we have to be careful with MS_REC because the flag is
+applied to multiple operations.
+
+ # strace -e mount mount --rbind --make-rslave /mnt/A /mnt/B
+
+Old version:
+
+ mount("/mnt/A", "/mnt/B", 0x13ecac0, MS_MGC_VAL|MS_BIND, NULL) = 0
+ mount("none", "/mnt/B", NULL, MS_REC|MS_SLAVE, NULL) = 0
+
+Fixed version:
+
+ mount("/mnt/A", "/mnt/B", 0x1f22ac0, MS_MGC_VAL|MS_BIND|MS_REC, NULL) = 0
+ mount("none", "/mnt/B", NULL, MS_REC|MS_SLAVE, NULL) = 0
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1946921
+Upstream: http://github.com/karelzak/util-linux/commit/816773b475900909d42c2c8282a6ac50252cac22
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libmount/src/context.c | 5 +++++
+ libmount/src/context_mount.c | 25 ++++++++++++++++++++++---
+ libmount/src/optstr.c | 9 ++++++---
+ 3 files changed, 33 insertions(+), 6 deletions(-)
+
+diff --git a/libmount/src/context.c b/libmount/src/context.c
+index e7f1ee934..8e00b75a9 100644
+--- a/libmount/src/context.c
++++ b/libmount/src/context.c
+@@ -1375,6 +1375,11 @@ struct libmnt_lock *mnt_context_get_lock(struct libmnt_context *cxt)
+ *
+ * both of these calls have the same effect.
+ *
++ * Be careful if you want to use MS_REC flag -- in this case the bit is applied
++ * to all bind/slave/etc. options. If you want to mix more propadation flags
++ * and/or bind, move operations than it's better to specify mount options by
++ * strings.
++ *
+ * Returns: 0 on success, negative number in case of error.
+ */
+ int mnt_context_set_mflags(struct libmnt_context *cxt, unsigned long flags)
+diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c
+index b88e60507..a8e84127c 100644
+--- a/libmount/src/context_mount.c
++++ b/libmount/src/context_mount.c
+@@ -73,6 +73,7 @@ static int init_propagation(struct libmnt_context *cxt)
+ char *opts = (char *) mnt_fs_get_vfs_options(cxt->fs);
+ size_t namesz;
+ struct libmnt_optmap const *maps[1];
++ int rec_count = 0;
+
+ if (!opts)
+ return 0;
+@@ -86,9 +87,19 @@ static int init_propagation(struct libmnt_context *cxt)
+ struct libmnt_addmount *ad;
+ int rc;
+
+- if (!mnt_optmap_get_entry(maps, 1, name, namesz, &ent)
+- || !ent
+- || !(ent->id & MS_PROPAGATION))
++ if (!mnt_optmap_get_entry(maps, 1, name, namesz, &ent) || !ent)
++ continue;
++
++ DBG(CXT, ul_debugobj(cxt, " checking %s", ent->name));
++
++ /* Note that MS_REC may be used for more flags, so we have to keep
++ * track about number of recursive options to keep the MS_REC in the
++ * mountflags if necessary.
++ */
++ if (ent->id & MS_REC)
++ rec_count++;
++
++ if (!(ent->id & MS_PROPAGATION))
+ continue;
+
+ ad = mnt_new_addmount();
+@@ -96,13 +107,21 @@ static int init_propagation(struct libmnt_context *cxt)
+ return -ENOMEM;
+
+ ad->mountflags = ent->id;
++ DBG(CXT, ul_debugobj(cxt, " adding extra mount(2) call for %s", ent->name));
+ rc = mnt_context_append_additional_mount(cxt, ad);
+ if (rc)
+ return rc;
+
++ DBG(CXT, ul_debugobj(cxt, " removing %s from primary mount(2) call", ent->name));
+ cxt->mountflags &= ~ent->id;
++
++ if (ent->id & MS_REC)
++ rec_count--;
+ }
+
++ if (rec_count)
++ cxt->mountflags |= MS_REC;
++
+ return 0;
+ }
+
+diff --git a/libmount/src/optstr.c b/libmount/src/optstr.c
+index 8248f0dee..cc077ffd9 100644
+--- a/libmount/src/optstr.c
++++ b/libmount/src/optstr.c
+@@ -800,14 +800,17 @@ int mnt_optstr_apply_flags(char **optstr, unsigned long flags,
+ if (rc)
+ goto err;
+ }
+- if (!(ent->mask & MNT_INVERT))
++ if (!(ent->mask & MNT_INVERT)) {
+ fl &= ~ent->id;
++ if (ent->id & MS_REC)
++ fl |= MS_REC;
++ }
+ }
+ }
+ }
+
+- /* add missing options */
+- if (fl) {
++ /* add missing options (but ignore fl if contains MS_REC only) */
++ if (fl && fl != MS_REC) {
+ const struct libmnt_optmap *ent;
+ char *p;
+
+--
+2.31.1
+
diff --git a/SOURCES/0064-script-be-sensitive-to-another-SIGCHLD-ssi_codes.patch b/SOURCES/0064-script-be-sensitive-to-another-SIGCHLD-ssi_codes.patch
new file mode 100644
index 0000000..943384e
--- /dev/null
+++ b/SOURCES/0064-script-be-sensitive-to-another-SIGCHLD-ssi_codes.patch
@@ -0,0 +1,49 @@
+From 84009d2236c73efe7dc4b74372734d5b3306670b Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Wed, 5 Sep 2018 11:51:22 +0200
+Subject: [PATCH 64/72] script: be sensitive to another SIGCHLD ssi_codes
+
+The current signalfd handler cares on CLD_EXITED only. It's pretty
+insufficient as there is more situations (and codes) when child no
+more running.
+
+Addresses: https://github.com/karelzak/util-linux/issues/686
+Upstream: http://github.com/util-linux/util-linux/commit/27afe5016842c22d256ea9f88b598d637ca0df84
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ term-utils/script.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/term-utils/script.c b/term-utils/script.c
+index d5ffa27f1..ff5f808de 100644
+--- a/term-utils/script.c
++++ b/term-utils/script.c
+@@ -402,10 +402,15 @@ static void handle_signal(struct script_control *ctl, int fd)
+
+ switch (info.ssi_signo) {
+ case SIGCHLD:
+- DBG(SIGNAL, ul_debug(" get signal SIGCHLD"));
+- if (info.ssi_code == CLD_EXITED) {
++ DBG(SIGNAL, ul_debug(" get signal SIGCHLD [ssi_code=%d, ssi_status=%d]",
++ info.ssi_code, info.ssi_status));
++ if (info.ssi_code == CLD_EXITED
++ || info.ssi_code == CLD_KILLED
++ || info.ssi_code == CLD_DUMPED) {
+ wait_for_child(ctl, 0);
+ ctl->poll_timeout = 10;
++
++ /* In case of ssi_code is CLD_TRAPPED, CLD_STOPPED, or CLD_CONTINUED */
+ } else if (info.ssi_status == SIGSTOP && ctl->child) {
+ DBG(SIGNAL, ul_debug(" child stop by SIGSTOP -- stop parent too"));
+ kill(getpid(), SIGSTOP);
+@@ -433,6 +438,7 @@ static void handle_signal(struct script_control *ctl, int fd)
+ default:
+ abort();
+ }
++ DBG(SIGNAL, ul_debug("signal handle on FD %d done", fd));
+ }
+
+ static void do_io(struct script_control *ctl)
+--
+2.31.1
+
diff --git a/SOURCES/0065-libfdisk-fix-partition-calculation-for-BLKPG_-ioctls.patch b/SOURCES/0065-libfdisk-fix-partition-calculation-for-BLKPG_-ioctls.patch
new file mode 100644
index 0000000..bcf806c
--- /dev/null
+++ b/SOURCES/0065-libfdisk-fix-partition-calculation-for-BLKPG_-ioctls.patch
@@ -0,0 +1,60 @@
+From be29de8b5dfe15972455d25e15068dc31d4376ac Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Wed, 6 May 2020 13:32:46 +0200
+Subject: [PATCH 65/72] libfdisk: fix partition calculation for BLKPG_* ioctls
+
+The include/partx.h interface we use in util-linux uses 512-byte
+sectors, but libfdisk uses real sector sizes.
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2016229
+Upstream: http://github.com/util-linux/util-linux/commit/6a4d53ce6466fc97c0ee13846cd1bf7bdd7bfef0
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libfdisk/src/context.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/libfdisk/src/context.c b/libfdisk/src/context.c
+index 779a9a889..fe7eb9e7e 100644
+--- a/libfdisk/src/context.c
++++ b/libfdisk/src/context.c
+@@ -813,6 +813,7 @@ int fdisk_reread_changes(struct fdisk_context *cxt, struct fdisk_table *org)
+ struct fdisk_partition **rem = NULL, **add = NULL, **upd = NULL;
+ int change, rc = 0, err = 0;
+ size_t nparts, i, nadds = 0, nupds = 0, nrems = 0;
++ unsigned int ssf;
+
+ DBG(CXT, ul_debugobj(cxt, "rereading changes"));
+
+@@ -845,6 +846,9 @@ int fdisk_reread_changes(struct fdisk_context *cxt, struct fdisk_table *org)
+ goto done;
+ }
+
++ /* sector size factor -- used to recount from real to 512-byte sectors */
++ ssf = cxt->sector_size / 512;
++
+ for (i = 0; i < nrems; i++) {
+ pa = rem[i];
+ DBG(PART, ul_debugobj(pa, "#%zu calling BLKPG_DEL_PARTITION", pa->partno));
+@@ -856,7 +860,8 @@ int fdisk_reread_changes(struct fdisk_context *cxt, struct fdisk_table *org)
+ for (i = 0; i < nupds; i++) {
+ pa = upd[i];
+ DBG(PART, ul_debugobj(pa, "#%zu calling BLKPG_RESIZE_PARTITION", pa->partno));
+- if (partx_resize_partition(cxt->dev_fd, pa->partno + 1, pa->start, pa->size) != 0) {
++ if (partx_resize_partition(cxt->dev_fd, pa->partno + 1,
++ pa->start * ssf, pa->size * ssf) != 0) {
+ fdisk_warn(cxt, _("Failed to update system information about partition %zu"), pa->partno + 1);
+ err++;
+ }
+@@ -864,7 +869,8 @@ int fdisk_reread_changes(struct fdisk_context *cxt, struct fdisk_table *org)
+ for (i = 0; i < nadds; i++) {
+ pa = add[i];
+ DBG(PART, ul_debugobj(pa, "#%zu calling BLKPG_ADD_PARTITION", pa->partno));
+- if (partx_add_partition(cxt->dev_fd, pa->partno + 1, pa->start, pa->size) != 0) {
++ if (partx_add_partition(cxt->dev_fd, pa->partno + 1,
++ pa->start * ssf, pa->size * ssf) != 0) {
+ fdisk_warn(cxt, _("Failed to add partition %zu to system"), pa->partno + 1);
+ err++;
+ }
+--
+2.31.1
+
diff --git a/SOURCES/0066-libfdisk-fix-fdisk_reread_changes-for-extended-parti.patch b/SOURCES/0066-libfdisk-fix-fdisk_reread_changes-for-extended-parti.patch
new file mode 100644
index 0000000..da0b864
--- /dev/null
+++ b/SOURCES/0066-libfdisk-fix-fdisk_reread_changes-for-extended-parti.patch
@@ -0,0 +1,48 @@
+From aecaffc55dd763c34f61937b2047f0aaaeb4e6fc Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 6 Aug 2020 11:32:33 +0200
+Subject: [PATCH 66/74] libfdisk: fix fdisk_reread_changes() for extended
+ partitions
+
+Linux kernel assumes only 1KiB extended partition to avoid overlapping
+with nested logical partitions. We need to follow this rule for
+BLKPG_ADD_PARTITION.
+
+Addresses: https://github.com/karelzak/util-linux/issues/1112
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2041498
+Upstream: http://github.com/util-linux/util-linux/commit/33f50706fd7c1c5e53f8f355f12b685c6935f5a4
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libfdisk/src/context.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/libfdisk/src/context.c b/libfdisk/src/context.c
+index fe7eb9e7e..114101980 100644
+--- a/libfdisk/src/context.c
++++ b/libfdisk/src/context.c
+@@ -867,10 +867,21 @@ int fdisk_reread_changes(struct fdisk_context *cxt, struct fdisk_table *org)
+ }
+ }
+ for (i = 0; i < nadds; i++) {
++ uint64_t sz;
++
+ pa = add[i];
++ sz = pa->size * ssf;
++
+ DBG(PART, ul_debugobj(pa, "#%zu calling BLKPG_ADD_PARTITION", pa->partno));
++
++ if (fdisk_is_label(cxt, DOS) && fdisk_partition_is_container(pa))
++ /* Let's follow the Linux kernel and reduce
++ * DOS extended partition to 1 or 2 sectors.
++ */
++ sz = min(sz, (uint64_t) 2);
++
+ if (partx_add_partition(cxt->dev_fd, pa->partno + 1,
+- pa->start * ssf, pa->size * ssf) != 0) {
++ pa->start * ssf, sz) != 0) {
+ fdisk_warn(cxt, _("Failed to add partition %zu to system"), pa->partno + 1);
+ err++;
+ }
+--
+2.31.1
+
diff --git a/SOURCES/0067-logger-fix-size-use-for-stdin.patch b/SOURCES/0067-logger-fix-size-use-for-stdin.patch
new file mode 100644
index 0000000..987a4f9
--- /dev/null
+++ b/SOURCES/0067-logger-fix-size-use-for-stdin.patch
@@ -0,0 +1,76 @@
+From 7cc5bcfcb2340266a6b42370c9c4c02d8a325d5f Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 21 Oct 2021 18:47:40 +0200
+Subject: [PATCH 67/74] logger: fix --size use for stdin
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The stdin version counts log header into the message size, but
+for example when it reads message from argv[] it counts only message
+itself.
+
+ $ logger --stderr --size 3 "abcd"
+ <13>Oct 21 18:48:29 kzak: abc
+
+ $ echo "abcd" | logger --stderr --size 3
+ logger: cannot allocate 18446744073709551597 bytes: Cannot allocate memory
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2011602
+Upstream: http://github.com/util-linux/util-linux/commit/58e4ee082bca100034791a4a74481f263bb30a25
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ misc-utils/logger.c | 16 ++++------------
+ 1 file changed, 4 insertions(+), 12 deletions(-)
+
+diff --git a/misc-utils/logger.c b/misc-utils/logger.c
+index ebdc56ec2..c20ef05f1 100644
+--- a/misc-utils/logger.c
++++ b/misc-utils/logger.c
+@@ -957,11 +957,9 @@ static void logger_stdin(struct logger_ctl *ctl)
+ * update header timestamps and to reflect possible priority changes.
+ * The initial header is generated by logger_open().
+ */
+- int has_header = 1;
+ int default_priority = ctl->pri;
+ int last_pri = default_priority;
+- size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr);
+- char *const buf = xmalloc(max_usrmsg_size + 2 + 2);
++ char *buf = xmalloc(ctl->max_message_size + 2 + 2);
+ int pri;
+ int c;
+ size_t i;
+@@ -988,27 +986,21 @@ static void logger_stdin(struct logger_ctl *ctl)
+ ctl->pri = default_priority;
+
+ if (ctl->pri != last_pri) {
+- has_header = 0;
+- max_usrmsg_size =
+- ctl->max_message_size - strlen(ctl->hdr);
++ generate_syslog_header(ctl);
+ last_pri = ctl->pri;
+ }
+ if (c != EOF && c != '\n')
+ c = getchar();
+ }
+
+- while (c != EOF && c != '\n' && i < max_usrmsg_size) {
++ while (c != EOF && c != '\n' && i < ctl->max_message_size) {
+ buf[i++] = c;
+ c = getchar();
+ }
+ buf[i] = '\0';
+
+- if (i > 0 || !ctl->skip_empty_lines) {
+- if (!has_header)
+- generate_syslog_header(ctl);
++ if (i > 0 || !ctl->skip_empty_lines)
+ write_output(ctl, buf);
+- has_header = 0;
+- }
+
+ if (c == '\n') /* discard line terminator */
+ c = getchar();
+--
+2.31.1
+
diff --git a/SOURCES/0068-fstrim-improve-timer-setting.patch b/SOURCES/0068-fstrim-improve-timer-setting.patch
new file mode 100644
index 0000000..0c4e534
--- /dev/null
+++ b/SOURCES/0068-fstrim-improve-timer-setting.patch
@@ -0,0 +1,32 @@
+From ebb628f8b6e9564c036fce152f67512e5755dcfc Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Mon, 6 Dec 2021 13:20:37 +0100
+Subject: [PATCH 68/74] fstrim: improve timer setting
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1916151
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ sys-utils/fstrim.timer | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sys-utils/fstrim.timer b/sys-utils/fstrim.timer
+index 3a3762d5c..54b3c18f5 100644
+--- a/sys-utils/fstrim.timer
++++ b/sys-utils/fstrim.timer
+@@ -1,11 +1,13 @@
+ [Unit]
+ Description=Discard unused blocks once a week
+ Documentation=man:fstrim
++ConditionVirtualization=!container
+
+ [Timer]
+ OnCalendar=weekly
+ AccuracySec=1h
+ Persistent=true
++RandomizedDelaySec=6000
+
+ [Install]
+ WantedBy=timers.target
+--
+2.31.1
+
diff --git a/SOURCES/0069-setpriv-implement-option-to-set-parent-death-signal.patch b/SOURCES/0069-setpriv-implement-option-to-set-parent-death-signal.patch
new file mode 100644
index 0000000..a4806c2
--- /dev/null
+++ b/SOURCES/0069-setpriv-implement-option-to-set-parent-death-signal.patch
@@ -0,0 +1,185 @@
+From 0b421290e05862e1abbb5a82654bd2de9829dd58 Mon Sep 17 00:00:00 2001
+From: Patrick Steinhardt <ps@pks.im>
+Date: Tue, 10 Apr 2018 12:08:21 +0100
+Subject: [PATCH 69/74] setpriv: implement option to set parent death signal
+
+When a process uses the syscall `prctl(PR_SET_PDEATHSIG, ...)`, it will
+get notified with a process-defined signal as soon as its parent process
+dies. This is for example being used by unshare(1)'s recently added
+"--kill-child" option, causing the forked child to be killed as soon as
+unshare itself dies.
+
+Unfortunately, some LSMs will cause the parent death signal to be reset
+when a process changes credentials, with the most important ones being
+SELinux and AppArmor. The following command will thus not work as
+expected:
+
+ unshare --fork --kill-child setpriv --reuid user <executable>
+
+As soon as setpriv changes UID, the parent death signal is cleared and
+the child will never get signalled when unshare gets killed.
+
+Add a new option "--pdeathsig keep|clear|<signal>". Setting this flag
+will cause us to either
+
+- restore the previously active parent death signal as soon as the
+ setpriv has applied all credential changes
+- clear the parent death signal
+- set the parent death signal to "<signal>"
+
+Furthermore, print out the currently set signal when dumping process
+state.
+
+[kzak@redhat.com: - small changes in codding style]
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1894192
+Signed-off-by: Patrick Steinhardt <ps@pks.im>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ sys-utils/setpriv.1 | 6 ++++++
+ sys-utils/setpriv.c | 49 +++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 55 insertions(+)
+
+diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1
+index b900f6e08..f989bf33c 100644
+--- a/sys-utils/setpriv.1
++++ b/sys-utils/setpriv.1
+@@ -139,6 +139,12 @@ is cleared by
+ .BR execve (2)
+ and is therefore not allowed.
+ .TP
++.BR "\-\-pdeathsig keep" | clear | <signal>
++Keep, clear or set the parent death signal. Some LSMs, most notably SELinux and
++AppArmor, clear the signal when the process' credentials change. Using
++\fB--pdeathsig keep\fR will restore the parent death signal after changing
++credentials to remedy that situation.
++.TP
+ .BI \-\-selinux\-label " label"
+ Request a particular SELinux transition (using a transition on exec, not
+ dyntrans). This will fail and cause
+diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
+index 4147978cc..0d3a3b3c9 100644
+--- a/sys-utils/setpriv.c
++++ b/sys-utils/setpriv.c
+@@ -38,6 +38,7 @@
+ #include "strutils.h"
+ #include "xalloc.h"
+ #include "pathnames.h"
++#include "signames.h"
+
+ #ifndef PR_SET_NO_NEW_PRIVS
+ # define PR_SET_NO_NEW_PRIVS 38
+@@ -102,6 +103,8 @@ struct privctx {
+
+ /* securebits */
+ int securebits;
++ /* parent death signal (<0 clear, 0 nothing, >0 signal) */
++ int pdeathsig;
+
+ /* LSMs */
+ const char *selinux_label;
+@@ -135,6 +138,8 @@ static void __attribute__((__noreturn__)) usage(void)
+ fputs(_(" --init-groups initialize supplementary groups\n"), out);
+ fputs(_(" --groups <group,...> set supplementary groups\n"), out);
+ fputs(_(" --securebits <bits> set securebits\n"), out);
++ fputs(_(" --pdeathsig keep|clear|<signame>\n"
++ " set or clear parent death signal\n"), out);
+ fputs(_(" --selinux-label <label> set SELinux label\n"), out);
+ fputs(_(" --apparmor-profile <pr> set AppArmor profile\n"), out);
+
+@@ -329,6 +334,24 @@ static void dump_groups(void)
+ free(groups);
+ }
+
++static void dump_pdeathsig(void)
++{
++ int pdeathsig;
++
++ if (prctl(PR_GET_PDEATHSIG, &pdeathsig) != 0) {
++ warn(_("get pdeathsig failed"));
++ return;
++ }
++
++ printf("Parent death signal: ");
++ if (pdeathsig && signum_to_signame(pdeathsig) != NULL)
++ printf("%s\n", signum_to_signame(pdeathsig));
++ else if (pdeathsig)
++ printf("%d\n", pdeathsig);
++ else
++ printf("[none]\n");
++}
++
+ static void dump(int dumplevel)
+ {
+ int x;
+@@ -392,6 +415,7 @@ static void dump(int dumplevel)
+ printf("\n");
+
+ dump_securebits();
++ dump_pdeathsig();
+
+ if (access(_PATH_SYS_SELINUX, F_OK) == 0)
+ dump_label(_("SELinux label"));
+@@ -438,6 +462,19 @@ static void parse_groups(struct privctx *opts, const char *str)
+ free(groups);
+ }
+
++static void parse_pdeathsig(struct privctx *opts, const char *str)
++{
++ if (!strcmp(str, "keep")) {
++ if (prctl(PR_GET_PDEATHSIG, &opts->pdeathsig) != 0)
++ errx(SETPRIV_EXIT_PRIVERR,
++ _("failed to get parent death signal"));
++ } else if (!strcmp(str, "clear")) {
++ opts->pdeathsig = -1;
++ } else if ((opts->pdeathsig = signame_to_signum(str)) < 0) {
++ errx(EXIT_FAILURE, _("unknown signal: %s"), str);
++ }
++}
++
+ static void do_setresuid(const struct privctx *opts)
+ {
+ uid_t ruid, euid, suid;
+@@ -711,6 +748,7 @@ int main(int argc, char **argv)
+ LISTCAPS,
+ CAPBSET,
+ SECUREBITS,
++ PDEATHSIG,
+ SELINUX_LABEL,
+ APPARMOR_PROFILE
+ };
+@@ -734,6 +772,7 @@ int main(int argc, char **argv)
+ { "groups", required_argument, NULL, GROUPS },
+ { "bounding-set", required_argument, NULL, CAPBSET },
+ { "securebits", required_argument, NULL, SECUREBITS },
++ { "pdeathsig", required_argument, NULL, PDEATHSIG, },
+ { "selinux-label", required_argument, NULL, SELINUX_LABEL },
+ { "apparmor-profile", required_argument, NULL, APPARMOR_PROFILE },
+ { "help", no_argument, NULL, 'h' },
+@@ -844,6 +883,12 @@ int main(int argc, char **argv)
+ _("duplicate --groups option"));
+ parse_groups(&opts, optarg);
+ break;
++ case PDEATHSIG:
++ if (opts.pdeathsig)
++ errx(EXIT_FAILURE,
++ _("duplicate --keep-pdeathsig option"));
++ parse_pdeathsig(&opts, optarg);
++ break;
+ case LISTCAPS:
+ list_caps = 1;
+ break;
+@@ -989,6 +1034,10 @@ int main(int argc, char **argv)
+ do_caps(CAP_TYPE_AMBIENT, opts.ambient_caps);
+ }
+
++ /* Clear or set parent death signal */
++ if (opts.pdeathsig && prctl(PR_SET_PDEATHSIG, opts.pdeathsig < 0 ? 0 : opts.pdeathsig) != 0)
++ err(SETPRIV_EXIT_PRIVERR, _("set parent death signal failed"));
++
+ execvp(argv[optind], argv + optind);
+ errexec(argv[optind]);
+ }
+--
+2.31.1
+
diff --git a/SOURCES/0070-lib-sys-add-sysfs_chrdev_devno_to_devname.patch b/SOURCES/0070-lib-sys-add-sysfs_chrdev_devno_to_devname.patch
new file mode 100644
index 0000000..24b5192
--- /dev/null
+++ b/SOURCES/0070-lib-sys-add-sysfs_chrdev_devno_to_devname.patch
@@ -0,0 +1,86 @@
+From 0db1f9965e6791c651d0bccd095cbe3a87c6579c Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 25 Nov 2021 11:52:46 +0100
+Subject: [PATCH 70/74] lib/sys: add sysfs_chrdev_devno_to_devname()
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2026511
+Upstream: http://github.com/util-linux/util-linux/commit/ab5304a7a34bfa45d9bee205ca4e26f03db6e79d
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ include/pathnames.h | 1 +
+ include/sysfs.h | 2 ++
+ lib/sysfs.c | 33 +++++++++++++++++++++++++++++++++
+ 3 files changed, 36 insertions(+)
+
+diff --git a/include/pathnames.h b/include/pathnames.h
+index 59cc66736..77f8b6e85 100644
+--- a/include/pathnames.h
++++ b/include/pathnames.h
+@@ -102,6 +102,7 @@
+
+ #define _PATH_SYS_BLOCK "/sys/block"
+ #define _PATH_SYS_DEVBLOCK "/sys/dev/block"
++#define _PATH_SYS_DEVCHAR "/sys/dev/char"
+ #define _PATH_SYS_CLASS "/sys/class"
+ #define _PATH_SYS_SCSI "/sys/bus/scsi"
+
+diff --git a/include/sysfs.h b/include/sysfs.h
+index 9a72a2009..e2fd0c1ba 100644
+--- a/include/sysfs.h
++++ b/include/sysfs.h
+@@ -92,6 +92,8 @@ extern int sysfs_scsi_host_is(struct sysfs_cxt *cxt, const char *type);
+ extern int sysfs_scsi_has_attribute(struct sysfs_cxt *cxt, const char *attr);
+ extern int sysfs_scsi_path_contains(struct sysfs_cxt *cxt, const char *pattern);
+
++extern char *sysfs_chrdev_devno_to_devname(dev_t devno, char *buf, size_t bufsiz);
++
+ /**
+ * sysfs_devname_sys_to_dev:
+ * @name: devname to be converted in place
+diff --git a/lib/sysfs.c b/lib/sysfs.c
+index e5437f43a..ceec41d10 100644
+--- a/lib/sysfs.c
++++ b/lib/sysfs.c
+@@ -1036,6 +1036,39 @@ int sysfs_scsi_path_contains(struct sysfs_cxt *cxt, const char *pattern)
+ return strstr(linkc, pattern) != NULL;
+ }
+
++char *sysfs_chrdev_devno_to_devname(dev_t devno, char *buf, size_t bufsiz)
++{
++ char link[PATH_MAX];
++ char path[PATH_MAX];
++ char *name;
++ ssize_t sz;
++
++ sz = snprintf(path, sizeof(path),
++ _PATH_SYS_DEVCHAR "/%u:%u", major(devno), minor(devno));
++ if (sz <= 0)
++ return NULL;
++
++ /* read /sys/dev/char/<maj:min> link */
++ sz = readlink(path, link, sizeof(link) - 1);
++ if (sz < 0)
++ return NULL;
++ link[sz] = '\0';
++
++ name = strrchr(link, '/');
++ if (!name)
++ return NULL;
++
++ name++;
++ sz = strlen(name);
++ if ((size_t) sz + 1 > bufsiz)
++ return NULL;
++
++ memcpy(buf, name, sz + 1);
++ sysfs_devname_sys_to_dev(buf);
++ return buf;
++
++}
++
+ #ifdef TEST_PROGRAM_SYSFS
+ #include <errno.h>
+ #include <err.h>
+--
+2.31.1
+
diff --git a/SOURCES/0071-libblkid-check-UBI-char-device-name.patch b/SOURCES/0071-libblkid-check-UBI-char-device-name.patch
new file mode 100644
index 0000000..35f11b6
--- /dev/null
+++ b/SOURCES/0071-libblkid-check-UBI-char-device-name.patch
@@ -0,0 +1,39 @@
+From 7ce318610afcbb793e438332687c2f09844a86c2 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 25 Nov 2021 11:54:11 +0100
+Subject: [PATCH 71/74] libblkid: check UBI char device name
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2026511
+Upstream: http://github.com/util-linux/util-linux/commit/7eb6d9ce4526b968e30f7e538cbbbdf9938e5891
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libblkid/src/probe.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/libblkid/src/probe.c b/libblkid/src/probe.c
+index a6dc8416a..49a62c47f 100644
+--- a/libblkid/src/probe.c
++++ b/libblkid/src/probe.c
+@@ -915,9 +915,17 @@ int blkid_probe_set_device(blkid_probe pr, int fd,
+ DBG(LOWPROBE, ul_debug("failed to get device size"));
+ goto err;
+ }
+- } else if (S_ISCHR(sb.st_mode))
++ } else if (S_ISCHR(sb.st_mode)) {
++ char buf[PATH_MAX];
++
++ if (!sysfs_chrdev_devno_to_devname(sb.st_rdev, buf, sizeof(buf))
++ || strncmp(buf, "ubi", 3) != 0) {
++ DBG(LOWPROBE, ul_debug("no UBI char device"));
++ errno = EINVAL;
++ goto err;
++ }
+ devsiz = 1; /* UBI devices are char... */
+- else if (S_ISREG(sb.st_mode))
++ } else if (S_ISREG(sb.st_mode))
+ devsiz = sb.st_size; /* regular file */
+
+ pr->size = size ? (uint64_t)size : devsiz;
+--
+2.31.1
+
diff --git a/SOURCES/0072-blkid-check-device-type-and-name-before-probe.patch b/SOURCES/0072-blkid-check-device-type-and-name-before-probe.patch
new file mode 100644
index 0000000..89ccee6
--- /dev/null
+++ b/SOURCES/0072-blkid-check-device-type-and-name-before-probe.patch
@@ -0,0 +1,63 @@
+From 90783d6294351229efdee5469dd8cd08d0057731 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 25 Nov 2021 11:54:26 +0100
+Subject: [PATCH 72/74] blkid: check device type and name before probe
+
+For calls "blkid /dev/*", it seems better to check the
+device type and name before we open the device in libblkid.
+
+Upstream: http://github.com/util-linux/util-linux/commit/64cfe6ac37631a6347bd4005c72dd2d37e737f5e
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2026511
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ misc-utils/blkid.c | 27 +++++++++++++++++++++++++--
+ 1 file changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/misc-utils/blkid.c b/misc-utils/blkid.c
+index 61a6994c2..bd4ce4a39 100644
+--- a/misc-utils/blkid.c
++++ b/misc-utils/blkid.c
+@@ -46,6 +46,8 @@
+ #define XALLOC_EXIT_CODE BLKID_EXIT_OTHER /* x.*alloc(), xstrndup() */
+ #include "xalloc.h"
+
++#include "sysfs.h"
++
+ struct blkid_control {
+ int output;
+ uintmax_t offset;
+@@ -813,8 +815,29 @@ int main(int argc, char **argv)
+ /* The rest of the args are device names */
+ if (optind < argc) {
+ devices = xcalloc(argc - optind, sizeof(char *));
+- while (optind < argc)
+- devices[numdev++] = argv[optind++];
++ while (optind < argc) {
++ char *dev = argv[optind++];
++ struct stat sb;
++
++ if (stat(dev, &sb) != 0)
++ continue;
++ else if (S_ISBLK(sb.st_mode))
++ ;
++ else if (S_ISREG(sb.st_mode))
++ ;
++ else if (S_ISCHR(sb.st_mode)) {
++ char buf[PATH_MAX];
++
++ if (!sysfs_chrdev_devno_to_devname(
++ sb.st_rdev, buf, sizeof(buf)))
++ continue;
++ if (strncmp(buf, "ubi", 3) != 0)
++ continue;
++ } else
++ continue;
++
++ devices[numdev++] = dev;
++ }
+ }
+
+ /* convert LABEL/UUID lookup to evaluate request */
+--
+2.31.1
+
diff --git a/SOURCES/0073-blkid-don-t-print-all-devices-if-only-garbage-specif.patch b/SOURCES/0073-blkid-don-t-print-all-devices-if-only-garbage-specif.patch
new file mode 100644
index 0000000..1bce104
--- /dev/null
+++ b/SOURCES/0073-blkid-don-t-print-all-devices-if-only-garbage-specif.patch
@@ -0,0 +1,40 @@
+From aa57abc10273f250a7ab6525bd45dc2bdc5e4b41 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Mon, 10 Jan 2022 16:32:44 +0100
+Subject: [PATCH 73/74] blkid: don't print all devices if only garbage
+ specified
+
+There is small regression. The old version (before
+64cfe6ac37631a6347bd4005c72dd2d37e737f5e) returns nothing when
+
+ # blkid /dontexist
+
+specified on command line.
+
+Upstream: http://github.com/util-linux/util-linux/commit/9e882685a3db3fd5e0870e7b94a4ea25ddc199c7
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2026511
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ misc-utils/blkid.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/misc-utils/blkid.c b/misc-utils/blkid.c
+index bd4ce4a39..bc0d3465d 100644
+--- a/misc-utils/blkid.c
++++ b/misc-utils/blkid.c
+@@ -838,6 +838,12 @@ int main(int argc, char **argv)
+
+ devices[numdev++] = dev;
+ }
++
++ if (!numdev) {
++ /* only unsupported devices specified */
++ err = BLKID_EXIT_NOTFOUND;
++ goto exit;
++ }
+ }
+
+ /* convert LABEL/UUID lookup to evaluate request */
+--
+2.31.1
+
diff --git a/SOURCES/0074-Complete-Linux-PAM-compliance-for-forked-child-in-su.patch b/SOURCES/0074-Complete-Linux-PAM-compliance-for-forked-child-in-su.patch
new file mode 100644
index 0000000..3423a4c
--- /dev/null
+++ b/SOURCES/0074-Complete-Linux-PAM-compliance-for-forked-child-in-su.patch
@@ -0,0 +1,54 @@
+From 9e7cedda86e5356d1723e6bd0bab5e38c4fe4a34 Mon Sep 17 00:00:00 2001
+From: "Andrew G. Morgan" <morgan@kernel.org>
+Date: Sat, 27 Nov 2021 21:00:22 -0800
+Subject: [PATCH 74/74] Complete Linux-PAM compliance for forked child in su
+ and login.
+
+As documented here:
+
+http://www.linux-pam.org/Linux-PAM-html/adg-interface-by-app-expected.html#adg-pam_end
+
+The child that is about to exec*() the user shell is supposed to pam_end()
+with PAM_DATA_SILENT. This gives the modules a last chance to do a minor
+cleanup of the module state before the user's shell is launched.
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1950187
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2033566
+Upstream: http://github.com/util-linux/util-linux/commit/4660286e9cdff6d95b49295674b96f83af10ea36
+Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
+---
+ login-utils/login.c | 3 +++
+ login-utils/su-common.c | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/login-utils/login.c b/login-utils/login.c
+index 8c9e43292..9f50fe03b 100644
+--- a/login-utils/login.c
++++ b/login-utils/login.c
+@@ -1370,6 +1370,9 @@ int main(int argc, char **argv)
+
+ childArgv[childArgc++] = NULL;
+
++ /* http://www.linux-pam.org/Linux-PAM-html/adg-interface-by-app-expected.html#adg-pam_end */
++ (void) pam_end(cxt.pamh, PAM_SUCCESS|PAM_DATA_SILENT);
++
+ execvp(childArgv[0], childArgv + 1);
+
+ if (!strcmp(childArgv[0], "/bin/sh"))
+diff --git a/login-utils/su-common.c b/login-utils/su-common.c
+index c1b1a04e4..825ff1d5a 100644
+--- a/login-utils/su-common.c
++++ b/login-utils/su-common.c
+@@ -1428,6 +1428,9 @@ int su_main(int argc, char **argv, int mode)
+ if (su->simulate_login && chdir(su->pwd->pw_dir) != 0)
+ warn(_("warning: cannot change directory to %s"), su->pwd->pw_dir);
+
++ /* http://www.linux-pam.org/Linux-PAM-html/adg-interface-by-app-expected.html#adg-pam_end */
++ (void) pam_end(su->pamh, PAM_SUCCESS|PAM_DATA_SILENT);
++
+ if (shell)
+ run_shell(su, shell, command, argv + optind, max(0, argc - optind));
+
+--
+2.31.1
+
diff --git a/SOURCES/0075-lib-loopdev-retry-LOOP_SET_STATUS64-and-LOOP_SET_BLO.patch b/SOURCES/0075-lib-loopdev-retry-LOOP_SET_STATUS64-and-LOOP_SET_BLO.patch
new file mode 100644
index 0000000..a6e1ea1
--- /dev/null
+++ b/SOURCES/0075-lib-loopdev-retry-LOOP_SET_STATUS64-and-LOOP_SET_BLO.patch
@@ -0,0 +1,109 @@
+From 97a5abd36eeab4e07a31b27f6a2c2078d42e2e33 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 8 Mar 2022 11:40:58 +0100
+Subject: lib/loopdev: retry LOOP_SET_STATUS64 and LOOP_SET_BLOCK_SIZE on
+ EAGAIN
+
+Upstream: http://github.com/util-linux/util-linux/commit/0ae7bb11c29aa11c8ef25b1ef2f82ee4701b856d
+Upstream: http://github.com/util-linux/util-linux/commit/eab90ef8d4f66394285e0cff1dfc0a27242c05aa
+Addresses: http://bugzilla.redhat.com/show_bug.cgi?id=2058176
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ lib/loopdev.c | 42 +++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 37 insertions(+), 5 deletions(-)
+
+diff --git a/lib/loopdev.c b/lib/loopdev.c
+index 54d337ea3..48af82aef 100644
+--- a/lib/loopdev.c
++++ b/lib/loopdev.c
+@@ -42,6 +42,8 @@
+ #include "blkdev.h"
+ #include "debug.h"
+
++#define LOOPDEV_MAX_TRIES 10
++
+ /*
+ * Debug stuff (based on include/debug.h)
+ */
+@@ -1260,6 +1262,7 @@ int loopcxt_setup_device(struct loopdev_cxt *lc)
+ {
+ int file_fd, dev_fd, mode = O_RDWR, rc = -1, cnt = 0;
+ int errsv = 0;
++ int err, again;
+
+ if (!lc || !*lc->device || !lc->filename)
+ return -EINVAL;
+@@ -1331,7 +1334,17 @@ int loopcxt_setup_device(struct loopdev_cxt *lc)
+
+ DBG(SETUP, ul_debugobj(lc, "LOOP_SET_FD: OK"));
+
+- if (ioctl(dev_fd, LOOP_SET_STATUS64, &lc->info)) {
++ cnt = 0;
++ do {
++ err = ioctl(dev_fd, LOOP_SET_STATUS64, &lc->info);
++ again = err && errno == EAGAIN;
++ if (again) {
++ xusleep(250000);
++ cnt++;
++ }
++ } while (again && cnt <= LOOPDEV_MAX_TRIES);
++
++ if (err) {
+ rc = -errno;
+ errsv = errno;
+ DBG(SETUP, ul_debugobj(lc, "LOOP_SET_STATUS64 failed: %m"));
+@@ -1376,7 +1389,7 @@ err:
+ */
+ int loopcxt_set_status(struct loopdev_cxt *lc)
+ {
+- int dev_fd, rc = -1;
++ int dev_fd, rc = -1, err, again, tries = 0;
+
+ errno = 0;
+ dev_fd = loopcxt_get_fd(lc);
+@@ -1387,7 +1400,16 @@ int loopcxt_set_status(struct loopdev_cxt *lc)
+ }
+ DBG(SETUP, ul_debugobj(lc, "device open: OK"));
+
+- if (ioctl(dev_fd, LOOP_SET_STATUS64, &lc->info)) {
++ do {
++ err = ioctl(dev_fd, LOOP_SET_STATUS64, &lc->info);
++ again = err && errno == EAGAIN;
++ if (again) {
++ xusleep(250000);
++ tries++;
++ }
++ } while (again && tries <= LOOPDEV_MAX_TRIES);
++
++ if (err) {
+ rc = -errno;
+ DBG(SETUP, ul_debugobj(lc, "LOOP_SET_STATUS64 failed: %m"));
+ return rc;
+@@ -1440,12 +1462,22 @@ int loopcxt_set_dio(struct loopdev_cxt *lc, unsigned long use_dio)
+ int loopcxt_set_blocksize(struct loopdev_cxt *lc, uint64_t blocksize)
+ {
+ int fd = loopcxt_get_fd(lc);
++ int err, again, tries = 0;
+
+ if (fd < 0)
+ return -EINVAL;
+
+- /* Kernels prior to v4.14 don't support this ioctl */
+- if (ioctl(fd, LOOP_SET_BLOCK_SIZE, (unsigned long) blocksize) < 0) {
++ do {
++ /* Kernels prior to v4.14 don't support this ioctl */
++ err = ioctl(fd, LOOP_SET_BLOCK_SIZE, (unsigned long) blocksize);
++ again = err && errno == EAGAIN;
++ if (again) {
++ xusleep(250000);
++ tries++;
++ }
++ } while (again && tries <= LOOPDEV_MAX_TRIES);
++
++ if (err) {
+ int rc = -errno;
+ DBG(CXT, ul_debugobj(lc, "LOOP_SET_BLOCK_SIZE failed: %m"));
+ return rc;
+--
+2.34.1
+
diff --git a/SOURCES/0076-libblkid-fix-Atari-prober-logic.patch b/SOURCES/0076-libblkid-fix-Atari-prober-logic.patch
new file mode 100644
index 0000000..98a492c
--- /dev/null
+++ b/SOURCES/0076-libblkid-fix-Atari-prober-logic.patch
@@ -0,0 +1,47 @@
+From 214eaa70d8431161de03ea7903f814c102e87919 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Fri, 9 Oct 2020 13:06:08 +0200
+Subject: libblkid: fix Atari prober logic
+
+Addresses: https://github.com/karelzak/util-linux/issues/1159
+Addresses: https://github.com/karelzak/util-linux/issues/1116
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2060030
+Upstream: http://github.com/util-linux/util-linux/commit/282ceadc3a72fc07dd0388b8880fd751490bb87f
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libblkid/src/partitions/atari.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/libblkid/src/partitions/atari.c b/libblkid/src/partitions/atari.c
+index 1224a577c..b469ef5a1 100644
+--- a/libblkid/src/partitions/atari.c
++++ b/libblkid/src/partitions/atari.c
+@@ -199,11 +199,10 @@ static int probe_atari_pt(blkid_probe pr,
+
+ hdsize = blkid_probe_get_size(pr) / 512;
+
+- /* Look for validly looking primary partition */
+- for (i = 0; ; i++) {
+- if (i >= ARRAY_SIZE(rs->part))
+- goto nothing;
+-
++ /*
++ * At least one valid partition required
++ */
++ for (i = 0; i < 4; i++) {
+ if (IS_PARTDEF_VALID(rs->part[i], hdsize)) {
+ blkid_probe_set_magic(pr,
+ offsetof(struct atari_rootsector, part[i]),
+@@ -213,6 +212,9 @@ static int probe_atari_pt(blkid_probe pr,
+ }
+ }
+
++ if (i == 4)
++ goto nothing;
++
+ if (blkid_partitions_need_typeonly(pr))
+ /* caller does not ask for details about partitions */
+ return BLKID_PROBE_OK;
+--
+2.36.1
+
diff --git a/SOURCES/0077-libblkid-make-Atari-more-robust.patch b/SOURCES/0077-libblkid-make-Atari-more-robust.patch
new file mode 100644
index 0000000..9f19c48
--- /dev/null
+++ b/SOURCES/0077-libblkid-make-Atari-more-robust.patch
@@ -0,0 +1,129 @@
+From e7f0f5d3a80324e1430e979b0a170ded77b380e2 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 13 Oct 2020 16:19:20 +0200
+Subject: libblkid: make Atari more robust
+
+* ignore large disks
+* check in-table stored device size
+* check bad sectors list
+* check partition dimensions against in-table device size
+
+Addresses: https://github.com/karelzak/util-linux/issues/1159
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2060030
+Upstream: http://github.com/util-linux/util-linux/commit/282ceadc3a72fc07dd0388b8880fd751490bb87f
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libblkid/src/partitions/atari.c | 66 ++++++++++++++++++++++++---------
+ 1 file changed, 48 insertions(+), 18 deletions(-)
+
+diff --git a/libblkid/src/partitions/atari.c b/libblkid/src/partitions/atari.c
+index b469ef5a1..c3f77117a 100644
+--- a/libblkid/src/partitions/atari.c
++++ b/libblkid/src/partitions/atari.c
+@@ -74,16 +74,27 @@ static int linux_isalnum(unsigned char c) {
+
+ #define IS_ACTIVE(partdef) ((partdef).flags & 1)
+
+-#define IS_PARTDEF_VALID(partdef, hdsize) \
+- ( \
+- (partdef).flags & 1 && \
+- isalnum((partdef).id[0]) && \
+- isalnum((partdef).id[1]) && \
+- isalnum((partdef).id[2]) && \
+- be32_to_cpu((partdef).start) <= (hdsize) && \
+- be32_to_cpu((partdef).start) + \
+- be32_to_cpu((partdef).size) <= (hdsize) \
+- )
++static int is_valid_dimension(uint32_t start, uint32_t size, uint32_t maxoff)
++{
++ uint64_t end = start + size;
++
++ return end >= start
++ && 0 < start && start <= maxoff
++ && 0 < size && size <= maxoff
++ && 0 < end && end <= maxoff;
++}
++
++static int is_valid_partition(struct atari_part_def *part, uint32_t maxoff)
++{
++ uint32_t start = be32_to_cpu(part->start),
++ size = be32_to_cpu(part->size);
++
++ return (part->flags & 1)
++ && isalnum(part->id[0])
++ && isalnum(part->id[1])
++ && isalnum(part->id[2])
++ && is_valid_dimension(start, size, maxoff);
++}
+
+ static int is_id_common(char *id)
+ {
+@@ -184,12 +195,20 @@ static int probe_atari_pt(blkid_probe pr,
+ unsigned i;
+ int has_xgm = 0;
+ int rc = 0;
+- off_t hdsize;
++ uint32_t rssize; /* size in sectors from root sector */
++ uint64_t size; /* size in sectors from system */
+
+ /* Atari partition is not defined for other sector sizes */
+ if (blkid_probe_get_sectorsize(pr) != 512)
+ goto nothing;
+
++ size = blkid_probe_get_size(pr) / 512;
++
++ /* Atari is not well defined to support large disks */
++ if (size > INT32_MAX)
++ goto nothing;
++
++ /* read root sector */
+ rs = (struct atari_rootsector *) blkid_probe_get_sector(pr, 0);
+ if (!rs) {
+ if (errno)
+@@ -197,17 +216,29 @@ static int probe_atari_pt(blkid_probe pr,
+ goto nothing;
+ }
+
+- hdsize = blkid_probe_get_size(pr) / 512;
++ rssize = be32_to_cpu(rs->hd_size);
++
++ /* check number of sectors stored in the root sector */
++ if (rssize < 2 || rssize > size)
++ goto nothing;
++
++ /* check list of bad blocks */
++ if ((rs->bsl_start || rs->bsl_len)
++ && !is_valid_dimension(be32_to_cpu(rs->bsl_start),
++ be32_to_cpu(rs->bsl_len),
++ rssize))
++ goto nothing;
+
+ /*
+ * At least one valid partition required
+ */
+ for (i = 0; i < 4; i++) {
+- if (IS_PARTDEF_VALID(rs->part[i], hdsize)) {
+- blkid_probe_set_magic(pr,
+- offsetof(struct atari_rootsector, part[i]),
+- sizeof(rs->part[i].flags) + sizeof(rs->part[i].id),
+- (unsigned char *) &rs->part[i]);
++ if (is_valid_partition(&rs->part[i], rssize)) {
++ if (blkid_probe_set_magic(pr,
++ offsetof(struct atari_rootsector, part[i]),
++ sizeof(rs->part[i].flags) + sizeof(rs->part[i].id),
++ (unsigned char *) &rs->part[i]))
++ goto err;
+ break;
+ }
+ }
+@@ -234,7 +265,6 @@ static int probe_atari_pt(blkid_probe pr,
+ blkid_partlist_increment_partno(ls);
+ continue;
+ }
+-
+ if (!memcmp(p->id, "XGM", 3)) {
+ has_xgm = 1;
+ rc = parse_extended(pr, ls, tab, p);
+--
+2.36.1
+
diff --git a/SOURCES/0078-libblkid-allow-a-lot-of-mac-partitions.patch b/SOURCES/0078-libblkid-allow-a-lot-of-mac-partitions.patch
new file mode 100644
index 0000000..9cf4dc9
--- /dev/null
+++ b/SOURCES/0078-libblkid-allow-a-lot-of-mac-partitions.patch
@@ -0,0 +1,53 @@
+From 2348779e225dd581c32c00108e017f5c1924e706 Mon Sep 17 00:00:00 2001
+From: Samanta Navarro <ferivoz@riseup.net>
+Date: Sun, 8 Nov 2020 11:45:18 +0000
+Subject: libblkid: allow a lot of mac partitions
+
+If the map count is set to INT_MAX then the for loop does not stop
+because its check is never false.
+
+I have not found a correct upper limit. The other partition logics have
+a maximum amount (exception is atari.c).
+
+The loop itself wouldn't be endless. If the iteration reaches block 0
+then the signature will be wrong. This means that map count = INT_MAX
+case would fail even if such a setup would be correct on disk.
+
+Upstream: http://github.com/util-linux/util-linux/commit/8f22adaaf30e9fd3bf83da0213b4a6525c9305cd
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2060030
+Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
+---
+ libblkid/src/partitions/mac.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/libblkid/src/partitions/mac.c b/libblkid/src/partitions/mac.c
+index 4713d6042..2be91a620 100644
+--- a/libblkid/src/partitions/mac.c
++++ b/libblkid/src/partitions/mac.c
+@@ -123,12 +123,12 @@ static int probe_mac_pt(blkid_probe pr,
+ ssf = block_size / 512;
+ nblks = be32_to_cpu(p->map_count);
+
+- for (i = 1; i <= nblks; ++i) {
++ for (i = 0; i < nblks; ++i) {
+ blkid_partition par;
+ uint32_t start;
+ uint32_t size;
+
+- p = (struct mac_partition *) get_mac_block(pr, block_size, i);
++ p = (struct mac_partition *) get_mac_block(pr, block_size, i + 1);
+ if (!p) {
+ if (errno)
+ return -errno;
+@@ -141,7 +141,7 @@ static int probe_mac_pt(blkid_probe pr,
+ DBG(LOWPROBE, ul_debug(
+ "mac: inconsistent map_count in partition map, "
+ "entry[0]: %d, entry[%d]: %d",
+- nblks, i - 1,
++ nblks, i,
+ be32_to_cpu(p->map_count)));
+ }
+
+--
+2.36.1
+
diff --git a/SOURCES/0079-libblkid-limit-amount-of-parsed-partitions.patch b/SOURCES/0079-libblkid-limit-amount-of-parsed-partitions.patch
new file mode 100644
index 0000000..e202558
--- /dev/null
+++ b/SOURCES/0079-libblkid-limit-amount-of-parsed-partitions.patch
@@ -0,0 +1,85 @@
+From 24f5385f4a54b90f4b7674e23f30567591962bcb Mon Sep 17 00:00:00 2001
+From: Samanta Navarro <ferivoz@riseup.net>
+Date: Tue, 10 Nov 2020 11:48:04 +0100
+Subject: libblkid: limit amount of parsed partitions
+
+The linux kernel does not support more than 256 partitions
+(DISK_MAX_PARTS). The atari and mac block devices have no such limits.
+
+Use dos logical partition limit for atari as well (100).
+Use the kernel limit for mac (256).
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2060030
+Upstream: http://github.com/util-linux/util-linux/commit/c70b4f2a5b99876d230b8f4f413c3bb3ee6647f1
+Signed-off-by: Karel Zak <kzak@redhat.com>
+Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
+---
+ libblkid/src/partitions/atari.c | 6 +++++-
+ libblkid/src/partitions/mac.c | 15 +++++++++++----
+ 2 files changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/libblkid/src/partitions/atari.c b/libblkid/src/partitions/atari.c
+index c3f77117a..fdd5498b5 100644
+--- a/libblkid/src/partitions/atari.c
++++ b/libblkid/src/partitions/atari.c
+@@ -141,12 +141,16 @@ static int parse_extended(blkid_probe pr, blkid_partlist ls,
+ blkid_parttable tab, struct atari_part_def *part)
+ {
+ uint32_t x0start, xstart;
+- unsigned i = 0;
++ unsigned ct = 0, i = 0;
+ int rc;
+
+ x0start = xstart = be32_to_cpu(part->start);
+ while (1) {
+ struct atari_rootsector *xrs;
++
++ if (++ct > 100)
++ break;
++
+ xrs = (struct atari_rootsector *) blkid_probe_get_sector(pr, xstart);
+ if (!xrs) {
+ if (errno)
+diff --git a/libblkid/src/partitions/mac.c b/libblkid/src/partitions/mac.c
+index 2be91a620..092d31d32 100644
+--- a/libblkid/src/partitions/mac.c
++++ b/libblkid/src/partitions/mac.c
+@@ -79,7 +79,7 @@ static int probe_mac_pt(blkid_probe pr,
+ blkid_partlist ls;
+ uint16_t block_size;
+ uint16_t ssf; /* sector size fragment */
+- uint32_t nblks, i;
++ uint32_t nblks, nprts, i;
+
+
+ /* The driver descriptor record is always located at physical block 0,
+@@ -122,8 +122,15 @@ static int probe_mac_pt(blkid_probe pr,
+
+ ssf = block_size / 512;
+ nblks = be32_to_cpu(p->map_count);
+-
+- for (i = 0; i < nblks; ++i) {
++ if (nblks > 256) {
++ nprts = 256;
++ DBG(LOWPROBE, ul_debug(
++ "mac: map_count too large, entry[0]: %u, "
++ "enforcing limit of %u", nblks, nprts));
++ } else
++ nprts = nblks;
++
++ for (i = 0; i < nprts; ++i) {
+ blkid_partition par;
+ uint32_t start;
+ uint32_t size;
+@@ -140,7 +147,7 @@ static int probe_mac_pt(blkid_probe pr,
+ if (be32_to_cpu(p->map_count) != nblks) {
+ DBG(LOWPROBE, ul_debug(
+ "mac: inconsistent map_count in partition map, "
+- "entry[0]: %d, entry[%d]: %d",
++ "entry[0]: %u, entry[%u]: %u",
+ nblks, i,
+ be32_to_cpu(p->map_count)));
+ }
+--
+2.36.1
+
diff --git a/SOURCES/0080-libblkid-mac-make-sure-block-size-is-large-enough-fu.patch b/SOURCES/0080-libblkid-mac-make-sure-block-size-is-large-enough-fu.patch
new file mode 100644
index 0000000..2eafd83
--- /dev/null
+++ b/SOURCES/0080-libblkid-mac-make-sure-block-size-is-large-enough-fu.patch
@@ -0,0 +1,29 @@
+From 7180c1ad36a1f419e20e90ddfad0b2f77d8c018f Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 2 Jun 2022 16:02:54 +0200
+Subject: libblkid: (mac) make sure block size is large enough [fuzzing]
+
+Upstream: http://github.com/util-linux/util-linux/commit/4e12fbca62be10b09503cecc7507757874043474
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2060030
+Reported-by: Thibault Guittet <tguittet@redhat.com>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libblkid/src/partitions/mac.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libblkid/src/partitions/mac.c b/libblkid/src/partitions/mac.c
+index 092d31d32..75a558b0a 100644
+--- a/libblkid/src/partitions/mac.c
++++ b/libblkid/src/partitions/mac.c
+@@ -93,6 +93,8 @@ static int probe_mac_pt(blkid_probe pr,
+ }
+
+ block_size = be16_to_cpu(md->block_size);
++ if (block_size < sizeof(struct mac_partition))
++ goto nothing;
+
+ /* The partition map always begins at physical block 1,
+ * the second block on the disk.
+--
+2.36.1
+
diff --git a/SOURCES/0081-lscpu-don-t-read-from-HW-when-use-sys-snapshot.patch b/SOURCES/0081-lscpu-don-t-read-from-HW-when-use-sys-snapshot.patch
new file mode 100644
index 0000000..0f12cee
--- /dev/null
+++ b/SOURCES/0081-lscpu-don-t-read-from-HW-when-use-sys-snapshot.patch
@@ -0,0 +1,40 @@
+From c223ad8f05d2d20a80e21dbb4b6240f11909f92c Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 14 Jul 2022 13:10:16 +0200
+Subject: lscpu: don;t read from HW when use /sys snapshot
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2069187
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ sys-utils/lscpu.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/sys-utils/lscpu.c b/sys-utils/lscpu.c
+index 70a797dd6..01f8fba35 100644
+--- a/sys-utils/lscpu.c
++++ b/sys-utils/lscpu.c
+@@ -1850,7 +1850,10 @@ print_summary(struct lscpu_desc *desc, struct lscpu_modifier *mod)
+ }
+ } else {
+ if (desc->is_cluster) {
+- int sockets = get_number_of_physical_sockets_from_dmi();
++ int sockets = 0;
++
++ if (mod->system == SYSTEM_LIVE)
++ sockets = get_number_of_physical_sockets_from_dmi();
+
+ if (sockets > 0)
+ add_summary_n(tb, _("Socket(s):"), sockets);
+@@ -2109,7 +2112,8 @@ int main(int argc, char *argv[])
+ qsort(desc->ecaches, desc->necaches,
+ sizeof(struct cpu_cache), cachecmp);
+
+- desc->is_cluster = is_fallback_to_cluster(desc);
++ if (mod->system == SYSTEM_LIVE)
++ desc->is_cluster = is_fallback_to_cluster(desc);
+
+ read_nodes(desc);
+ read_hypervisor(desc, mod);
+--
+2.36.1
+
diff --git a/SOURCES/0082-lslogins-improve-prefixes-interpretation.patch b/SOURCES/0082-lslogins-improve-prefixes-interpretation.patch
new file mode 100644
index 0000000..e41d75c
--- /dev/null
+++ b/SOURCES/0082-lslogins-improve-prefixes-interpretation.patch
@@ -0,0 +1,84 @@
+From 818cd2018ca66e804ea30066c44572ca128a24a7 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 7 Jun 2022 09:11:56 +0200
+Subject: lslogins: improve prefixes interpretation
+
+It seems that for example 'passwd --lock' uses two exclamation marks
+in password field. It seems better to assume arbitrary number of '!'
+and '*' prefixes.
+
+The patch also makes description of the PWD-EMPTY output field more
+explicit.
+
+Upstream: http://github.com/util-linux/util-linux/commit/c51cba1e838ae7e36a843ec785543492bb8737cd
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2093166
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ login-utils/lslogins.c | 31 +++++++++++++++++++++++++------
+ 1 file changed, 25 insertions(+), 6 deletions(-)
+
+diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c
+index 6f804aa35..b81afc6c7 100644
+--- a/login-utils/lslogins.c
++++ b/login-utils/lslogins.c
+@@ -216,7 +216,7 @@ static const struct lslogins_coldesc coldescs[] =
+ {
+ [COL_USER] = { "USER", N_("user name"), N_("Username"), 0.1, SCOLS_FL_NOEXTREMES },
+ [COL_UID] = { "UID", N_("user ID"), "UID", 1, SCOLS_FL_RIGHT},
+- [COL_PWDEMPTY] = { "PWD-EMPTY", N_("password not required"), N_("Password not required"), 1, SCOLS_FL_RIGHT },
++ [COL_PWDEMPTY] = { "PWD-EMPTY", N_("password not defined"), N_("Password not required (empty)"), 1, SCOLS_FL_RIGHT },
+ [COL_PWDDENY] = { "PWD-DENY", N_("login by password disabled"), N_("Login by password disabled"), 1, SCOLS_FL_RIGHT },
+ [COL_PWDLOCK] = { "PWD-LOCK", N_("password defined, but locked"), N_("Password is locked"), 1, SCOLS_FL_RIGHT },
+ [COL_NOLOGIN] = { "NOLOGIN", N_("log in disabled by nologin(8) or pam_nologin(8)"), N_("No login"), 1, SCOLS_FL_RIGHT },
+@@ -755,16 +755,24 @@ static struct lslogins_user *get_user_info(struct lslogins_control *ctl, const c
+ break;
+ case COL_PWDEMPTY:
+ if (shadow) {
+- if (!*shadow->sp_pwdp) /* '\0' */
++ const char *p = shadow->sp_pwdp;
++
++ while (p && (*p == '!' || *p == '*'))
++ p++;
++
++ if (!p || !*p)
+ user->pwd_empty = STATUS_TRUE;
+ } else
+ user->pwd_empty = STATUS_UNKNOWN;
+ break;
+ case COL_PWDDENY:
+ if (shadow) {
+- if ((*shadow->sp_pwdp == '!' ||
+- *shadow->sp_pwdp == '*') &&
+- !valid_pwd(shadow->sp_pwdp + 1))
++ const char *p = shadow->sp_pwdp;
++
++ while (p && (*p == '!' || *p == '*'))
++ p++;
++
++ if (p && *p && p != shadow->sp_pwdp && !valid_pwd(p))
+ user->pwd_deny = STATUS_TRUE;
+ } else
+ user->pwd_deny = STATUS_UNKNOWN;
+@@ -772,7 +780,18 @@ static struct lslogins_user *get_user_info(struct lslogins_control *ctl, const c
+
+ case COL_PWDLOCK:
+ if (shadow) {
+- if (*shadow->sp_pwdp == '!' && valid_pwd(shadow->sp_pwdp + 1))
++ const char *p = shadow->sp_pwdp;
++ int i = 0;
++
++ /* 'passwd --lock' uses two exclamation marks,
++ * shadow(5) describes the lock as "field which
++ * starts with an exclamation mark". Let's
++ * support more '!' ...
++ */
++ while (p && *p == '!')
++ p++, i++;
++
++ if (i != 0 && (!*p || valid_pwd(p)))
+ user->pwd_lock = STATUS_TRUE;
+ } else
+ user->pwd_lock = STATUS_UNKNOWN;
+--
+2.36.1
+
diff --git a/SOURCES/0083-tests-update-atari-blkid-tests.patch b/SOURCES/0083-tests-update-atari-blkid-tests.patch
new file mode 100644
index 0000000..6bd93f0
--- /dev/null
+++ b/SOURCES/0083-tests-update-atari-blkid-tests.patch
@@ -0,0 +1,149 @@
+From 78be9c320883e77c2b5fdc676277a51efc98c723 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 13 Oct 2020 16:29:19 +0200
+Subject: tests: update atari blkid tests
+
+The old images of the atari label are truncated and in-table stored
+sizes do not match with real images sizes -- libblkid checks it now.
+
+I have no idea how to generate ICD format, let's ignore it in tests
+for now.
+
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2060030
+Upstream: http://github.com/util-linux/util-linux/commit/0d061b6e68bc74ce7d61524097b5d0f3becee437
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ tests/expected/blkid/lowprobe-pt-atari-icd | 8 --------
+ tests/expected/blkid/lowprobe-pt-atari-primary | 3 +++
+ tests/expected/blkid/lowprobe-pt-atari-xgm | 10 +++-------
+ tests/ts/blkid/images-pt/atari-icd.img.xz | Bin 1920 -> 0 bytes
+ tests/ts/blkid/images-pt/atari-primary.img.xz | Bin 0 -> 932 bytes
+ tests/ts/blkid/images-pt/atari-xgm.img.xz | Bin 1920 -> 956 bytes
+ 6 files changed, 6 insertions(+), 15 deletions(-)
+ delete mode 100644 tests/expected/blkid/lowprobe-pt-atari-icd
+ create mode 100644 tests/expected/blkid/lowprobe-pt-atari-primary
+ delete mode 100644 tests/ts/blkid/images-pt/atari-icd.img.xz
+ create mode 100644 tests/ts/blkid/images-pt/atari-primary.img.xz
+
+diff --git a/tests/expected/blkid/lowprobe-pt-atari-icd b/tests/expected/blkid/lowprobe-pt-atari-icd
+deleted file mode 100644
+index 29942b123..000000000
+--- a/tests/expected/blkid/lowprobe-pt-atari-icd
++++ /dev/null
+@@ -1,8 +0,0 @@
+-size: 8388608, sector size: 512, PT: atari, offset: 0, id=(null)
+----
+-#1: 65 4032 0x0 type='FAT'
+-#2: 4097 904 0x0 type='FOO'
+-#4: 12289 4096 0x0 type='BAR'
+-#5: 5002 1999 0x0 type='GEM'
+-#6: 7003 3238 0x0 type='RAW'
+-#7: 10241 2048 0x0 type='RAW'
+diff --git a/tests/expected/blkid/lowprobe-pt-atari-primary b/tests/expected/blkid/lowprobe-pt-atari-primary
+new file mode 100644
+index 000000000..472821e47
+--- /dev/null
++++ b/tests/expected/blkid/lowprobe-pt-atari-primary
+@@ -0,0 +1,3 @@
++size: 5242880, sector size: 512, PT: atari, offset: 0, id=(null)
++---
++#1: 2 10238 0x0 type='RAW'
+diff --git a/tests/expected/blkid/lowprobe-pt-atari-xgm b/tests/expected/blkid/lowprobe-pt-atari-xgm
+index 4b7756655..a7dae6995 100644
+--- a/tests/expected/blkid/lowprobe-pt-atari-xgm
++++ b/tests/expected/blkid/lowprobe-pt-atari-xgm
+@@ -1,8 +1,4 @@
+-size: 8388608, sector size: 512, PT: atari, offset: 0, id=(null)
++size: 5242880, sector size: 512, PT: atari, offset: 0, id=(null)
+ ---
+-#1: 65 4032 0x0 type='FAT'
+-#2: 4097 904 0x0 type='FOO'
+-#3: 5002 1999 0x0 type='GEM'
+-#4: 7003 3238 0x0 type='RAW'
+-#5: 10241 2048 0x0 type='RAW'
+-#6: 12289 4096 0x0 type='BAR'
++#1: 2 9 0x0 type='RAW'
++#2: 14 10226 0x0 type='RAW'
+diff --git a/tests/ts/blkid/images-pt/atari-icd.img.xz b/tests/ts/blkid/images-pt/atari-icd.img.xz
+deleted file mode 100644
+index 00a2aba49a8f940c35b788fd693f966a31cd1aaf..0000000000000000000000000000000000000000
+GIT binary patch
+literal 0
+HcmV?d00001
+
+literal 1920
+zcmexsUKJ6=z`*kC+7>q^21Q0O1_p)_{ilon|NqLI8OvZIducK^<D#q<ONrmzr7PMy
+z=Re+dD(FN^i0Z8=QGYU3)3SOsKNYUE<teKW$h*z@Da6KG##!?D_SzK}=ewS=QwkRf
+zxzbX}@_f!Z)%e<woF9|fYR|0lp0G0f`-gY``AxPJey<QwNW16%FSdP&)8+C%F~2I4
+z{_B6tP6!P7a!FyfvS6dFJIf=9>Ecg5@jkusTr=nRy9*!Bn(bM`eR*oT<-}u76EuU~
+zr&{jenxVc;S-qm~ZIsPAhf|HgcYYYo_5QBSWhxk^uDJZlk@ka|=4h`oy~sXG;MryA
+zIO|(4yiWFOUJ0<66IC1R`kF;$<I9dcO@CDFABkD|MgDka?b)(bopIG?ZiRV5-5
+z&wrJCJMneM`)PcKG6n8Gn6muo+=$TV!;Z6dyb-VXef4neVW0EN5;oQihkrbEc=K@o
+zx0jV2|I?>O2rLg_J2GWu-_F>bn|D|)EpJ!*v${KQj{VzR>(-u`|K~x`ZzH*T0p2&o
+zI-4YzQ@78Q>MqMUn_j_J&?R}Ab%JX4g_GgC#kn_Er2N@;{G{oT!>g3%?{7LTl&~r1
+z*sPkJ_H4EL-ks8A5cG>Zb+_(`db`H=OHtd`KiM;({>U6}*_GC3*O{IFD%<~0_S{B}
+zIAt^L!kb^-#2H7;7G8c(H`jXWaenqoR^eP0x0jjMz0;S=ntyt=$t<^43C^Wa`_>-0
+zn)7LCqnV7@rul}KIZjS|we9MTwfEKjD!a`sVqAVcbjH02iV_QaLoQ$Lm6>2)J5?)m
+z+4ZM<_KLr<4xZ|{k^g93P-0R3!R;b!3l;9v+iG1rUa|31OFLJ<z4Fz~B8qtzuU37w
+z6A4Z#TNC-@X*4Ux&*Qh&{`noGU2;|~TEXe(-C)}vnkk&t4X3qo?r*jJaAdDu{3?Ds
+z?=+_g!hHV)CjTg`i2T8Q_Wx83H~y7>YVQ4>WuO;!puhEVbK`;3BdWnazD_hVWL>)9
+zUH-uWUw59169reTO_1GnZlk(HOk~^3w4jK6F9(a&E)Q>o&j0_BF`3~_aq#lL`_|PM
+zO3mNiYnWFsZ@F^(8;#Sg7pKnXs?(bINxk&D<N>xBzBB&bSbuc_Kc+u-9hd96{dU62
+zdy9&v9!&J;nWpuKafAQ2KRiy8H+G)6azfr>>9!ZUEsJ{hn{EH;vMu55vVwblapfAb
+zxMqapUGF~CVIOb!`-J}sVcYGG8+IwL_`%kF^K1PzUTOPUszzJx7yZuII0hq?niBJy
+ztHO<bZHoEeb??p39f4v$CnZ^ZH?w&9HG2Bb3&qh5R7@FV8>i*X|1ZF(LqR~lKc93~
+zM{UwbNSDCeSh)377bwKEDG0HlkOiq$@C5SPZ)#xt%D~Ft{N&Fs28N&OuDBU3?>)l6
+bc!#f{p@D_bU0QSFk@Vk8z<QQ}B{B*CjfKee
+
+diff --git a/tests/ts/blkid/images-pt/atari-primary.img.xz b/tests/ts/blkid/images-pt/atari-primary.img.xz
+new file mode 100644
+index 0000000000000000000000000000000000000000..6f915fa8ad96578f32b0daeeb92d438046482478
+GIT binary patch
+literal 932
+zcmexsUKJ6=z`*kC+7>q^21Q0O1_p)_{ilon|NG21IhKJT|L>o5D`zuK%~gJC<+=Ii
+zjxFDrre11~o8UX~^*sr`-ND)CA`-a`g{vlPsQ4ms_SS~eoI5Q;loOk08+!D2evoWh
+za^cV`_b30BuKD=6`BwT2=4;0@BCk29bN`)lS>&4=``*}-hYFe|Np9+Tq~OEO|Ip}x
+zJ4;5zolM)LTaTWs>#-B)sg`FET(veqcGtO$>Jl-LZ7<V;BKEy3TNC-@X*4Ux&*Qh&
+z{`noGU2;|~TEXe(-C)}vnkk&t4X3qo?r*jJaAdDu{3?Ds?=+_g!hHV)CjTg`i2T8Q
+z_Wx83H~y7>YVQ4>WuO;!puhEVbK`;3BdWnazD_hVWL>)9UH-uWUw59169<{qE8fUY
+zo&R5eQJdjSaq#lL`_|PMO3mNiYnWFsZ@F^(8;#Sg7pKnXs?(bINxk&D<N>xBzBB&b
+zSbuc_{}AvSO=2{V-+t2s#$OCG2V;Pp`LJObFuO6V(c5<Fu|Ufz2FCwv4GjmFGA4R9
+PZak9yn+YVz5*Y;mtR2mT
+
+literal 0
+HcmV?d00001
+
+diff --git a/tests/ts/blkid/images-pt/atari-xgm.img.xz b/tests/ts/blkid/images-pt/atari-xgm.img.xz
+index bc2b8f94a77f5015ef7f91bb8acdc9950c8be7ad..a98c02de943eb1f70c5d09b7812fd237b0facb1b 100644
+GIT binary patch
+delta 254
+zcmV<a00IAi54;DE8h=*-t6cy9Z~gqPsha_nZ6oD6NwupI8`mp<%bF(xLvD5Rc8W7`
+zX)WzPD$MTS!%B(|Y-}5#$Apx#1e(KC*{Pqmx)SsG9Xw0f%eaQXL!_kre&U)tNOpTG
+z*`SUYP}mJ59xhhp;RT@IihuacmkuJPZKAP=s%k;MCh}UW4>G(m3T!1071TaDPc176
+z%r3#|+u3QZtfaEW{3%z$%QU-cGO>PfMsWxu0c{gkG*2F%lPd=M1Y0KMdb1z~F#!dT
+z0hR!nlZ*pGlY9kID9q|Q?7#p305pfRGwmY1>Hq<k2Y`UU0`E1BSh2)s`vL#}000D8
+ET8n^h+5i9m
+
+delta 911
+zcmV;A191Gj2Y?Td8h`ZzXk7p_9nzBv0itSzIT-tkb*P7lpX0X5Qpj9XCEAo){And-
+zYK<xKajiWJc6bnO+XeDeJWCuy8RxfssL`KA%041j5>(WLc?9R2t|ec6RBZT@27Sz`
+zOOUBo_werj4>Y!M_jnW_X5LT!U5BJX(|7z_`gvmiFY#+&QGZnQ(jc275rI8N1mYN%
+z7v%B{<<#dXY{%}<@y#~8tP9hXhdGhPLXas^?`1i>3YaIhBPV!{?OHspK+1tr-1sq_
+zOZO`ZH4#=PA*a;DhrzO(E3P%s2bvJ((;Hqp+UQEjk15npIGkF2Q$_0pB(dp;yn_5C
+zKjIcSPFeWwJAX-pwI>0p^9vxJ5{vOrh0paF?UCzL@0Je2X%OGwl&9sLSXEoYL7KSi
+z7kK;C!)?P%&jT1dJAlLZ<v{G=zxL^Qi2rAoSP-XF2E>%9j=5dAv$#2>cZVkYtBX;b
+zKkd4%t<0bN;Bxyi9^Oz(*%pa{7z1UunHr0BY|UqQ4u5cp8OsHbC2P>hSGyMrvv_3u
+zzQ@Tm#KWp1pTB~~5@51y#+rP&KL&li?#e9y5l&so-G1aJhbZ^bTDPy{ypVsyoJ$?4
+zJI$^(&-ERT{vFP-2wo#L3vt=>>|Qfkn-izOEp0os#}5b6I#&uf+o6-(AknAKCP^m+
+zEB^#2tYI)UL`(v`beQMaSJV*sS*EXE2$I<^GcOj!0Hii26j3aN*&gGTU5Zv+1i&@u
+zjId2o5C}?3I%5GFBrU@lP*l(vtk2>ZTe5<OTkisoMjv{FPqwYL0GjR*a@n;|`0^i<
+zKLLl6&;loud;(qxcU-f=pa1azVUhzvSGva@irejwsotqou2fu#X_{6NcY&beo68>f
+z$zE{PRc+w5GMeW^E4f@oa+%ryKCLFeKmd=m8Cq32;k}|hR%L!j^w4xxgPa6z%)Qy@
+zimjI||1RsAlMMk+M<v-$($uIxLJsc(-~zF}Sj>(8o4AFk??@Qc3})r~lth`4dR`1>
+z^;L1tHfbGi`%8!rY(mS3KU@Hh&`z%=D3oy@J&z>elMn+h2}%2(tDpZ60W6XOI|uL2
+zV$Ccjl9Rv!H<Nq<dy{+uH3@OG>WZKL5CJQa1C*2A0vVHh0)H=n0rda{07K;b`Tzg`
+l001+77wRp|PznG6*$#k!fCRGE)_JkSXZr#G00004Sz1dOv2XwY
+
+--
+2.36.1
+
diff --git a/SOURCES/0084-tests-update-atari-partx-tests.patch b/SOURCES/0084-tests-update-atari-partx-tests.patch
new file mode 100644
index 0000000..2d004cd
--- /dev/null
+++ b/SOURCES/0084-tests-update-atari-partx-tests.patch
@@ -0,0 +1,55 @@
+From cf74ece6486dabfd4b84c90435348c04ff72ef54 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 13 Oct 2020 18:34:39 +0200
+Subject: tests: update atari partx tests
+
+Upstream: http://github.com/util-linux/util-linux/commit/017c0308c7d3b0d84bfc11e5863220bc32d640ba
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2060030
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ tests/expected/partx/partx-image-atari-icd | 7 -------
+ tests/expected/partx/partx-image-atari-primary | 2 ++
+ tests/expected/partx/partx-image-atari-xgm | 10 +++-------
+ 3 files changed, 5 insertions(+), 14 deletions(-)
+ delete mode 100644 tests/expected/partx/partx-image-atari-icd
+ create mode 100644 tests/expected/partx/partx-image-atari-primary
+
+diff --git a/tests/expected/partx/partx-image-atari-icd b/tests/expected/partx/partx-image-atari-icd
+deleted file mode 100644
+index 8677dff03..000000000
+--- a/tests/expected/partx/partx-image-atari-icd
++++ /dev/null
+@@ -1,7 +0,0 @@
+-NR START END SECTORS SIZE NAME UUID
+- 1 65 4096 4032 2M
+- 2 4097 5000 904 452K
+- 4 12289 16384 4096 2M
+- 5 5002 7000 1999 999.5K
+- 6 7003 10240 3238 1.6M
+- 7 10241 12288 2048 1M
+diff --git a/tests/expected/partx/partx-image-atari-primary b/tests/expected/partx/partx-image-atari-primary
+new file mode 100644
+index 000000000..044d319be
+--- /dev/null
++++ b/tests/expected/partx/partx-image-atari-primary
+@@ -0,0 +1,2 @@
++NR START END SECTORS SIZE NAME UUID
++ 1 2 10239 10238 5M
+diff --git a/tests/expected/partx/partx-image-atari-xgm b/tests/expected/partx/partx-image-atari-xgm
+index 248d6a56a..557327c04 100644
+--- a/tests/expected/partx/partx-image-atari-xgm
++++ b/tests/expected/partx/partx-image-atari-xgm
+@@ -1,7 +1,3 @@
+-NR START END SECTORS SIZE NAME UUID
+- 1 65 4096 4032 2M
+- 2 4097 5000 904 452K
+- 3 5002 7000 1999 999.5K
+- 4 7003 10240 3238 1.6M
+- 5 10241 12288 2048 1M
+- 6 12289 16384 4096 2M
++NR START END SECTORS SIZE NAME UUID
++ 1 2 10 9 4.5K
++ 2 14 10239 10226 5M
+--
+2.36.1
+
diff --git a/SOURCES/1000-setpriv-add-reset-env.patch b/SOURCES/1000-setpriv-add-reset-env.patch
index a8b97c6..0abfca9 100644
--- a/SOURCES/1000-setpriv-add-reset-env.patch
+++ b/SOURCES/1000-setpriv-add-reset-env.patch
@@ -1,7 +1,7 @@
-From 0150f21be9739ad3fc8d5ce7cee2a2ff4a09326f Mon Sep 17 00:00:00 2001
+From 29d625a085497be8babec7d2adfb3eeaa7114736 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 22 Aug 2018 11:43:32 +0200
-Subject: [PATCH] setpriv: add --reset-env
+Subject: [PATCH 1/2] setpriv: add --reset-env
Clear environment in way like su(1), but PATH is set to hard-coded
defaults and /etc/login.defs is not used at all (I guess we want to
@@ -12,15 +12,15 @@ If you need anything more advanced than use env(1).
Addresses: https://github.com/karelzak/util-linux/issues/325
Signed-off-by: Karel Zak <kzak@redhat.com>
---
- sys-utils/setpriv.1 | 9 ++++++++
- sys-utils/setpriv.c | 54 ++++++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 62 insertions(+), 1 deletion(-)
+ sys-utils/setpriv.1 | 9 +++++++
+ sys-utils/setpriv.c | 57 ++++++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 65 insertions(+), 1 deletion(-)
diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1
-index b900f6e08..45bc5a23b 100644
+index f989bf33c..e915316a9 100644
--- a/sys-utils/setpriv.1
+++ b/sys-utils/setpriv.1
-@@ -159,6 +159,15 @@ to abort if AppArmor is not in use, and the transition may be ignored or cause
+@@ -165,6 +165,15 @@ to abort if AppArmor is not in use, and the transition may be ignored or cause
.BR execve (2)
to fail at AppArmor's whim.
.TP
@@ -37,28 +37,30 @@ index b900f6e08..45bc5a23b 100644
Display version information and exit.
.TP
diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
-index 4147978cc..30f8f9b15 100644
+index 0d3a3b3c9..402b1cf1a 100644
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
-@@ -38,6 +38,7 @@
- #include "strutils.h"
+@@ -39,6 +39,7 @@
#include "xalloc.h"
#include "pathnames.h"
+ #include "signames.h"
+#include "env.h"
#ifndef PR_SET_NO_NEW_PRIVS
# define PR_SET_NO_NEW_PRIVS 38
-@@ -55,6 +56,9 @@
+@@ -56,6 +57,11 @@
#define SETPRIV_EXIT_PRIVERR 127 /* how we exit when we fail to set privs */
+/* The shell to set SHELL env.variable if none is given in the user's passwd entry. */
+#define DEFAULT_SHELL "/bin/sh"
+
++static gid_t get_group(const char *s, const char *err);
++
enum cap_type {
CAP_TYPE_EFFECTIVE = CAPNG_EFFECTIVE,
CAP_TYPE_PERMITTED = CAPNG_PERMITTED,
-@@ -82,6 +86,7 @@ struct privctx {
+@@ -83,6 +89,7 @@ struct privctx {
keep_groups:1, /* keep groups */
clear_groups:1, /* remove groups */
init_groups:1, /* initialize groups */
@@ -66,8 +68,13 @@ index 4147978cc..30f8f9b15 100644
have_securebits:1; /* remove groups */
/* uids and gids */
-@@ -137,6 +142,8 @@ static void __attribute__((__noreturn__)) usage(void)
+@@ -138,10 +145,13 @@ static void __attribute__((__noreturn__)) usage(void)
+ fputs(_(" --init-groups initialize supplementary groups\n"), out);
+ fputs(_(" --groups <group,...> set supplementary groups\n"), out);
fputs(_(" --securebits <bits> set securebits\n"), out);
++ fputs(_(" --reset-env reset environment variables\n"), out);
+ fputs(_(" --pdeathsig keep|clear|<signame>\n"
+ " set or clear parent death signal\n"), out);
fputs(_(" --selinux-label <label> set SELinux label\n"), out);
fputs(_(" --apparmor-profile <pr> set AppArmor profile\n"), out);
+ fputs(_(" --reset-env clear all environment and initialize\n"
@@ -75,7 +82,7 @@ index 4147978cc..30f8f9b15 100644
fputs(USAGE_SEPARATOR, out);
printf(USAGE_HELP_OPTIONS(29));
-@@ -643,6 +650,36 @@ static void do_apparmor_profile(const char *label)
+@@ -680,6 +690,36 @@ static void do_apparmor_profile(const char *label)
_("write failed: %s"), _PATH_PROC_ATTR_EXEC);
}
@@ -112,9 +119,9 @@ index 4147978cc..30f8f9b15 100644
static uid_t get_user(const char *s, const char *err)
{
struct passwd *pw;
-@@ -712,7 +749,8 @@ int main(int argc, char **argv)
- CAPBSET,
+@@ -750,7 +790,8 @@ int main(int argc, char **argv)
SECUREBITS,
+ PDEATHSIG,
SELINUX_LABEL,
- APPARMOR_PROFILE
+ APPARMOR_PROFILE,
@@ -122,7 +129,7 @@ index 4147978cc..30f8f9b15 100644
};
static const struct option longopts[] = {
-@@ -737,6 +775,7 @@ int main(int argc, char **argv)
+@@ -776,6 +817,7 @@ int main(int argc, char **argv)
{ "selinux-label", required_argument, NULL, SELINUX_LABEL },
{ "apparmor-profile", required_argument, NULL, APPARMOR_PROFILE },
{ "help", no_argument, NULL, 'h' },
@@ -130,7 +137,7 @@ index 4147978cc..30f8f9b15 100644
{ "version", no_argument, NULL, 'V' },
{ NULL, 0, NULL, 0 }
};
-@@ -883,6 +922,9 @@ int main(int argc, char **argv)
+@@ -928,6 +970,9 @@ int main(int argc, char **argv)
_("duplicate --apparmor-profile option"));
opts.apparmor_profile = optarg;
break;
@@ -140,7 +147,7 @@ index 4147978cc..30f8f9b15 100644
case 'h':
usage();
case 'V':
-@@ -928,6 +970,16 @@ int main(int argc, char **argv)
+@@ -973,6 +1018,16 @@ int main(int argc, char **argv)
"can be found on the system"),
(long) opts.ruid);
@@ -158,5 +165,31 @@ index 4147978cc..30f8f9b15 100644
err(EXIT_FAILURE, _("disallow granting new privileges failed"));
--
-2.30.2
+2.38.1
+
+
+From 7f2c086340c755b3044f1786d4647c40c20200e3 Mon Sep 17 00:00:00 2001
+From: John W Higgins <wishdev@gmail.com>
+Date: Mon, 17 Dec 2018 17:11:44 -0800
+Subject: [PATCH 2/2] Remove duplicate entry for reset-env from usage
+
+I assume the second entry was not desired in the original commit. Line 153-154 would appear to be a duplicate
+---
+ sys-utils/setpriv.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
+index 402b1cf1a..f4344bd52 100644
+--- a/sys-utils/setpriv.c
++++ b/sys-utils/setpriv.c
+@@ -145,7 +145,6 @@ static void __attribute__((__noreturn__)) usage(void)
+ fputs(_(" --init-groups initialize supplementary groups\n"), out);
+ fputs(_(" --groups <group,...> set supplementary groups\n"), out);
+ fputs(_(" --securebits <bits> set securebits\n"), out);
+- fputs(_(" --reset-env reset environment variables\n"), out);
+ fputs(_(" --pdeathsig keep|clear|<signame>\n"
+ " set or clear parent death signal\n"), out);
+ fputs(_(" --selinux-label <label> set SELinux label\n"), out);
+--
+2.38.1
diff --git a/SOURCES/uuidd-tmpfiles.conf b/SOURCES/uuidd-tmpfiles.conf
new file mode 100644
index 0000000..4158c7d
--- /dev/null
+++ b/SOURCES/uuidd-tmpfiles.conf
@@ -0,0 +1 @@
+d /run/uuidd 2775 uuidd uuidd
diff --git a/SPECS/util-linux.spec b/SPECS/util-linux.spec
index 239e628..8a4c731 100644
--- a/SPECS/util-linux.spec
+++ b/SPECS/util-linux.spec
@@ -2,7 +2,7 @@
Summary: A collection of basic system utilities
Name: util-linux
Version: 2.32.1
-Release: 27.4%{?dist}
+Release: 38.1%{?dist}
License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
Group: System Environment/Base
URL: http://en.wikipedia.org/wiki/Util-linux
@@ -53,6 +53,7 @@ Source2: util-linux-remote.pamd
Source3: util-linux-chsh-chfn.pamd
Source4: util-linux-60-raw.rules
Source5: adjtime
+Source6: uuidd-tmpfiles.conf
Source12: util-linux-su.pamd
Source13: util-linux-su-l.pamd
Source14: util-linux-runuser.pamd
@@ -205,6 +206,61 @@ Patch55: 0055-lscpu-arm-read-vendor-and-model-from-BIOS.patch
# 1900498 - libfdisk/libmount: backport two patches for upstream systemd
Patch56: 0056-tests-update-sfdisk-resize.patch
+### RHEL-8.5
+###
+# 1906157 - after su from root to a normal user mesg is unable to show current status
+Patch57: 0057-mesg-use-only-stat-to-get-the-current-terminal-statu.patch
+# 1917852 - findmnt: add option to list all fs-independent flags
+Patch58: 0058-findmnt-add-option-to-list-all-fs-independent-flags.patch
+# 1922299 - throws error using /sbin/nologin: invalid option -- 'c'
+Patch59: 0059-nologin-Prevent-error-from-su-c.patch
+Patch60: 0060-nologin-silently-ignore-well-known-shell-command-lin.patch
+# 1940607 - lsblk sometimes returns block devices in wrong order with --pairs
+Patch61: 0061-libsmartcols-introduce-default-sort-column.patch
+# 1919529 - [RFE] RHEL-8: Support option flags with mount(8) --bind
+Patch62: 0062-libmount-accept-another-flags-on-MS_REMOUNT-MS_BIND.patch
+# 1946921 - RHEL8: mount --rbind -o rprivate doesn't do recursive bind mount
+Patch63: 0063-libmount-improve-MS_REC-usage.patch
+
+### RHEL-8.6
+###
+# 1988955 - script command continues without stopping.
+Patch64: 0064-script-be-sensitive-to-another-SIGCHLD-ssi_codes.patch
+# 2041498 - incorrect partition size calculation for BLKPG_* ioctls
+Patch65: 0065-libfdisk-fix-partition-calculation-for-BLKPG_-ioctls.patch
+Patch66: 0066-libfdisk-fix-fdisk_reread_changes-for-extended-parti.patch
+# 2011602 - logger from util-linux incorrectly handles long messages
+Patch67: 0067-logger-fix-size-use-for-stdin.patch
+# 1916151 - [RFE] spread fstrim.timer across time
+Patch68: 0068-fstrim-improve-timer-setting.patch
+# 1894192 - Update or backport setpriv --pdeathsig
+Patch69: 0069-setpriv-implement-option-to-set-parent-death-signal.patch
+# 2026511 - blkid fails to complete when targeting non-block devices
+Patch70: 0070-lib-sys-add-sysfs_chrdev_devno_to_devname.patch
+Patch71: 0071-libblkid-check-UBI-char-device-name.patch
+Patch72: 0072-blkid-check-device-type-and-name-before-probe.patch
+Patch73: 0073-blkid-don-t-print-all-devices-if-only-garbage-specif.patch
+# 1950187 - Ambient capabilities failed to applied to non-root user even when correct rules are in /etc/security/capability.conf
+Patch74: 0074-Complete-Linux-PAM-compliance-for-forked-child-in-su.patch
+# 2058176 - losetup Retry LOOP_SET_STATUS64 on EAGAIN
+Patch75: 0075-lib-loopdev-retry-LOOP_SET_STATUS64-and-LOOP_SET_BLO.patch
+
+### RHEL-8.7
+###
+# 2060030 - Please backport patches for atari partition detection to RHEL 8
+Patch76: 0076-libblkid-fix-Atari-prober-logic.patch
+Patch77: 0077-libblkid-make-Atari-more-robust.patch
+Patch78: 0078-libblkid-allow-a-lot-of-mac-partitions.patch
+Patch79: 0079-libblkid-limit-amount-of-parsed-partitions.patch
+Patch80: 0080-libblkid-mac-make-sure-block-size-is-large-enough-fu.patch
+# 2069187 - Internal testsuite for lscpu failed on aarch64
+Patch81: 0081-lscpu-don-t-read-from-HW-when-use-sys-snapshot.patch
+# 2093166 - lslogins reports incorrect "Password is locked" status
+Patch82: 0082-lslogins-improve-prefixes-interpretation.patch
+# 2060030 - Please backport patches for atari partition detection to RHEL 8
+Patch83: 0083-tests-update-atari-blkid-tests.patch
+Patch84: 0084-tests-update-atari-partx-tests.patch
+
### Hyperscale (1000-9999)
###
Patch1000: 1000-setpriv-add-reset-env.patch
@@ -453,9 +509,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{1,6,8,5}
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{pam.d,security/console.apps}
-mkdir -p ${RPM_BUILD_ROOT}/var/log
-touch ${RPM_BUILD_ROOT}/var/log/lastlog
-chmod 0664 ${RPM_BUILD_ROOT}/var/log/lastlog
+mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
# install util-linux
make install DESTDIR=${RPM_BUILD_ROOT}
@@ -474,6 +528,7 @@ echo '.so man8/raw.8' > $RPM_BUILD_ROOT%{_mandir}/man8/rawdevices.8
mv ${RPM_BUILD_ROOT}%{_sbindir}/raw ${RPM_BUILD_ROOT}%{_bindir}/raw
# And a dirs uuidd needs that the makefiles don't create
+install -m 644 %{SOURCE6} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/uuidd.conf
install -d ${RPM_BUILD_ROOT}/run/uuidd
install -d ${RPM_BUILD_ROOT}/var/lib/libuuid
@@ -561,22 +616,6 @@ find $RPM_BUILD_ROOT%{_mandir}/man8 -regextype posix-egrep \
-printf "%{_mandir}/man8/%f*\n" >> %{name}.files
%post
-# only for minimal buildroots without /var/log
-[ -d /var/log ] || mkdir -p /var/log
-touch /var/log/lastlog
-chown root:utmp /var/log/lastlog
-chmod 0664 /var/log/lastlog
-# Fix the file context, do not use restorecon
-if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
- SECXT=$( /usr/sbin/matchpathcon -n /var/log/lastlog 2> /dev/null )
- if [ -n "$SECXT" ]; then
- # Selinux enabled, but without policy? It's true for buildroots
- # without selinux stuff on host machine with enabled selinux.
- # We don't want to use any RPM dependence on selinux policy for
- # matchpathcon(2). SELinux policy should be optional.
- /usr/bin/chcon "$SECXT" /var/log/lastlog >/dev/null 2>&1 || :
- fi
-fi
if [ ! -L /etc/mtab ]; then
ln -sf ../proc/self/mounts /etc/mtab || :
fi
@@ -654,7 +693,6 @@ fi
%attr(755,root,root) %{_bindir}/login
%attr(2755,root,tty) %{_bindir}/write
-%ghost %attr(0664,root,utmp) %verify(not md5 size mtime) /var/log/lastlog
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/mtab
%{_unitdir}/fstrim.*
@@ -997,6 +1035,7 @@ fi
%dir %attr(2775, uuidd, uuidd) /var/lib/libuuid
%dir %attr(2775, uuidd, uuidd) /run/uuidd
%{compldir}/uuidd
+%{_tmpfilesdir}/uuidd.conf
%files -n libfdisk
@@ -1083,6 +1122,47 @@ fi
%{_libdir}/python*/site-packages/libmount/
%changelog
+* Wed Nov 02 2022 Anita Zhang <anitazha@fb.com> 2.32.1-38.1
+- Merge C8s upstream changes
+- Fix 1000-setpriv-add-reset-env.patch merge conflicts
+
+* Mon Aug 22 2022 Karel Zak <kzak@redhat.com> 2.32.1-38
+- improve tmpfiles.d use in spec file (related to #2059241)
+
+* Fri Jul 15 2022 Karel Zak <kzak@redhat.com> 2.32.1-37
+- update atari partition tests (related to #2060030)
+
+* Thu Jul 14 2022 Karel Zak <kzak@redhat.com> 2.32.1-36
+- fix #2060030 - Please backport patches for atari partition detection to RHEL 8
+- fix #2069187 - Internal testsuite for lscpu failed on aarch64
+- fix #2093166 - lslogins reports incorrect "Password is locked" status
+- fix #2059241 - rpm -V / --verify reports bad user/group/mtime for /run/uuidd
+- fix #2044592 - Move /var/log/lastlog ownership to systemd
+
+* Tue Mar 08 2022 Karel Zak <kzak@redhat.com> 2.32.1-35
+- fix #2058176 - losetup Retry LOOP_SET_STATUS64 on EAGAIN
+
+* Mon Jan 17 2022 Karel Zak <kzak@redhat.com> 2.32.1-34
+- rebuild after revert
+
+* Mon Jan 17 2022 Karel Zak <kzak@redhat.com> 2.32.1-32
+- change bug number (#2016229 to #2041498)
+
+* Tue Jan 11 2022 Karel Zak <kzak@redhat.com> 2.32.1-31
+- improve #2026511 fix - blkid fails to complete when targeting non-block devices
+- fix #1950187 - Ambient capabilities failed to applied to non-root user
+
+* Mon Jan 03 2022 Karel Zak <kzak@redhat.com> 2.32.1-30
+- update lib-sys-add-sysfs_chrdev_devno_to_devname.patch (#2026511)
+
+* Tue Dec 07 2021 Karel Zak <kzak@redhat.com> 2.32.1-29
+- fix #1988955 - script command continues without stopping.
+- fix #2041498 - incorrect partition size calculation for BLKPG_* ioctls
+- fix #2011602 - logger from util-linux incorrectly handles long messages
+- fix #1916151 - [RFE] spread fstrim.timer across time
+- fix #1894192 - Update or backport setpriv --pdeathsig
+- fix #2026511 - blkid fails to complete when targeting non-block devices
+
* Wed Oct 20 2021 Davide Cavalca <dcavalca@centosproject.org> 2.32.1-27.4
- Backport three losetup upstream fixes:
https://github.com/karelzak/util-linux/commit/3ff6fb802de1efafbd90af228f91461691ac190c
@@ -1092,6 +1172,14 @@ fi
* Thu Jul 08 2021 Davide Cavalca <dcavalca@centosproject.org> 2.32.1-27.3
- Rebuild against stock libuser and openldap packages
+* Mon Jun 07 2021 Karel Zak <kzak@redhat.com> 2.32.1-28
+- fix #1906157 - after su from root to a normal user mesg is unable to show current status
+- fix #1917852 - findmnt: add option to list all fs-independent flags
+- fix #1922299 - throws error using /sbin/nologin: invalid option -- 'c'
+- fix #1940607 - lsblk sometimes returns block devices in wrong order with --pairs
+- fix #1919529 - [RFE] RHEL-8: Support option flags with mount(8) --bind
+- fix #1946921 - RHEL8: mount --rbind -o rprivate doesn't do recursive bind mount
+
* Fri May 14 2021 Davide Cavalca <dcavalca@fb.com> 2.32.1-27.2
- Add CAP_CHECKPOINT_RESTORE to capability.h for setpriv (#1960708)