diff --git a/SOURCES/rear-bz1832394.patch b/SOURCES/rear-bz1832394.patch
new file mode 100644
index 0000000..3f4c260
--- /dev/null
+++ b/SOURCES/rear-bz1832394.patch
@@ -0,0 +1,248 @@
+diff -up rear-2.4/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh.orig rear-2.4/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh
+--- rear-2.4/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh.orig	2018-06-21 10:40:53.000000000 +0200
++++ rear-2.4/usr/share/rear/layout/prepare/GNU/Linux/160_include_luks_code.sh	2020-11-25 09:21:55.186716041 +0100
+@@ -1,35 +1,74 @@
+ # Code to recreate LUKS volumes.
+ 
+ create_crypt() {
++    # See the create_device() function in lib/layout-functions.sh what "device type" means:
++    local device_type="$1"
++    if ! grep -q "^crypt $device_type " "$LAYOUT_FILE" ; then
++        LogPrintError "Skip recreating LUKS volume $device_type (no 'crypt $device_type' entry in $LAYOUT_FILE)"
++        # FIXME: The return code is ignored in the create_device() function in lib/layout-functions.sh:
++        return 1
++    fi
++    
+     local crypt target_device source_device options
+-    read crypt target_device source_device options < <(grep "^crypt $1 " "$LAYOUT_FILE")
++    local mapping_name option key value
++    local cryptsetup_options="" keyfile="" password=""
+ 
+-    local target_name=${target_device#/dev/mapper/}
++    read crypt target_device source_device options < <( grep "^crypt $device_type " "$LAYOUT_FILE" )
++
++    # Careful! One cannot 'test -b $source_device' here at the time when this code is run
++    # because the source device is usually a disk partition block device like /dev/sda2
++    # but disk partition block devices usually do not yet exist (in particular not on a new clean disk)
++    # because partitions are actually created later when the diskrestore.sh script is run
++    # but not here when this code is run which only generates the diskrestore.sh script:
++    if ! test $source_device ; then
++        LogPrintError "Skip recreating LUKS volume $device_type: No source device (see the 'crypt $device_type' entry in $LAYOUT_FILE)"
++        # FIXME: The return code is ignored in the create_device() function in lib/layout-functions.sh:
++        return 1
++    fi
++
++    mapping_name=${target_device#/dev/mapper/}
++    if ! test $mapping_name ; then
++        LogPrintError "Skip recreating LUKS volume $device_type on $source_device: No /dev/mapper/... mapping name (see the 'crypt $device_type' entry in $LAYOUT_FILE)"
++        # FIXME: The return code is ignored in the create_device() function in lib/layout-functions.sh:
++        return 1
++    fi
+ 
+-    local cryptsetup_options="" keyfile="" password=""
+-    local option key value
+     for option in $options ; do
+-        key=${option%=*}
++        # $option is of the form keyword=value and
++        # we assume keyword has no '=' character but value could be anything that may have a '=' character
++        # so we split keyword=value at the leftmost '=' character so that
++        # e.g. keyword=foo=bar gets split into key="keyword" and value="foo=bar":
++        key=${option%%=*}
+         value=${option#*=}
+-
++        # The "cryptseup luksFormat" command does not require any of the type, cipher, key-size, hash, uuid option values
++        # because if omitted a cryptseup default value is used so we treat those values as optional.
++        # Using plain test to ensure the value is a single non empty and non blank word
++        # without quoting because test " " would return zero exit code
++        # cf. "Beware of the emptiness" in https://github.com/rear/rear/wiki/Coding-Style
+         case "$key" in
+-            cipher)
+-                cryptsetup_options+=" --cipher $value"
++            (type)
++                test $value && cryptsetup_options+=" --type $value"
++                ;;
++            (cipher)
++                test $value && cryptsetup_options+=" --cipher $value"
+                 ;;
+-            key_size)
+-                cryptsetup_options+=" --key-size $value"
++            (key_size)
++                test $value && cryptsetup_options+=" --key-size $value"
+                 ;;
+-            hash)
+-                cryptsetup_options+=" --hash $value"
++            (hash)
++                test $value && cryptsetup_options+=" --hash $value"
+                 ;;
+-            uuid)
+-                cryptsetup_options+=" --uuid $value"
++            (uuid)
++                test $value && cryptsetup_options+=" --uuid $value"
+                 ;;
+-            keyfile)
+-                keyfile=$value
++            (keyfile)
++                test $value && keyfile=$value
+                 ;;
+-            password)
+-                password=$value
++            (password)
++                test $value && password=$value
++                ;;
++            (*)
++                LogPrintError "Skipping unsupported LUKS cryptsetup option '$key' in 'crypt $target_device $source_device' entry in $LAYOUT_FILE"
+                 ;;
+         esac
+     done
+@@ -37,26 +76,25 @@ create_crypt() {
+     cryptsetup_options+=" $LUKS_CRYPTSETUP_OPTIONS"
+ 
+     (
+-    echo "Log \"Creating LUKS device $target_name on $source_device\""
++    echo "LogPrint \"Creating LUKS volume $mapping_name on $source_device\""
+     if [ -n "$keyfile" ] ; then
+         # Assign a temporary keyfile at this stage so that original keyfiles do not leak onto the rescue medium.
+         # The original keyfile will be restored from the backup and then re-assigned to the LUKS device in the
+         # 'finalize' stage.
+         # The scheme for generating a temporary keyfile path must be the same here and in the 'finalize' stage.
+-        keyfile="${TMPDIR:-/tmp}/LUKS-keyfile-$target_name"
++        keyfile="$TMP_DIR/LUKS-keyfile-$mapping_name"
+         dd bs=512 count=4 if=/dev/urandom of="$keyfile"
+         chmod u=rw,go=- "$keyfile"
+-
+         echo "cryptsetup luksFormat --batch-mode $cryptsetup_options $source_device $keyfile"
+-        echo "cryptsetup luksOpen --key-file $keyfile $source_device $target_name"
++        echo "cryptsetup luksOpen --key-file $keyfile $source_device $mapping_name"
+     elif [ -n "$password" ] ; then
+         echo "echo \"$password\" | cryptsetup luksFormat --batch-mode $cryptsetup_options $source_device"
+-        echo "echo \"$password\" | cryptsetup luksOpen $source_device $target_name"
++        echo "echo \"$password\" | cryptsetup luksOpen $source_device $mapping_name"
+     else
+-        echo "LogPrint \"Please enter the password for LUKS device $target_name ($source_device):\""
++        echo "LogUserOutput \"Set the password for LUKS volume $mapping_name (for 'cryptsetup luksFormat' on $source_device):\""
+         echo "cryptsetup luksFormat --batch-mode $cryptsetup_options $source_device"
+-        echo "LogPrint \"Please re-enter the password for LUKS device $target_name ($source_device):\""
+-        echo "cryptsetup luksOpen $source_device $target_name"
++        echo "LogUserOutput \"Enter the password for LUKS volume $mapping_name (for 'cryptsetup luksOpen' on $source_device):\""
++        echo "cryptsetup luksOpen $source_device $mapping_name"
+     fi
+     echo ""
+     ) >> "$LAYOUT_CODE"
+diff -up rear-2.4/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh.orig rear-2.4/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh
+--- rear-2.4/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh.orig	2018-06-21 10:40:53.000000000 +0200
++++ rear-2.4/usr/share/rear/layout/save/GNU/Linux/260_crypt_layout.sh	2020-11-25 09:19:31.406669210 +0100
+@@ -9,6 +9,8 @@ Log "Saving Encrypted volumes."
+ REQUIRED_PROGS=( "${REQUIRED_PROGS[@]}" cryptsetup dmsetup )
+ COPY_AS_IS=( "${COPY_AS_IS[@]}" /usr/share/cracklib/\* /etc/security/pwquality.conf )
+ 
++local invalid_cryptsetup_option_value="no"
++
+ while read target_name junk ; do
+     # find the target device we're mapping
+     if ! [ -e /dev/mapper/$target_name ] ; then
+@@ -30,17 +32,96 @@ while read target_name junk ; do
+         source_device="$(get_device_name ${slave##*/})"
+     done
+ 
+-    if ! cryptsetup isLuks $source_device >/dev/null 2>&1; then
++    if ! blkid -p -o export $source_device >$TMP_DIR/blkid.output ; then
++        LogPrintError "Error: Cannot get attributes for $target_name ('blkid -p -o export $source_device' failed)"
++        continue
++    fi
++
++    if ! grep -q "TYPE=crypto_LUKS" $TMP_DIR/blkid.output ; then
++        Log "Skipping $target_name (no 'TYPE=crypto_LUKS' in 'blkid -p -o export $source_device' output)"
++        continue
++    fi
++
++    # Detect LUKS version:
++    # Remove all non-digits in particular to avoid leading or trailing spaces in the version string
++    # cf. "Beware of the emptiness" in https://github.com/rear/rear/wiki/Coding-Style
++    # that could happen if the blkid output contains "VERSION = 2" so that 'cut -d= -f2' results " 2".
++    version=$( grep "VERSION" $TMP_DIR/blkid.output | cut -d= -f2 | tr -c -d '[:digit:]' )
++    if ! test "$version" = "1" -o "$version" = "2" ; then
++        LogPrintError "Error: Unsupported LUKS version for $target_name ('blkid -p -o export $source_device' shows 'VERSION=$version')"
++        continue
++    fi
++    luks_type=luks$version
++
++    # Gather crypt information:
++    if ! cryptsetup luksDump $source_device >$TMP_DIR/cryptsetup.luksDump ; then
++        LogPrintError "Error: Cannot get LUKS$version values for $target_name ('cryptsetup luksDump $source_device' failed)"
+         continue
+     fi
++    uuid=$( grep "UUID" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
++    keyfile_option=$( [ -f /etc/crypttab ] && awk '$1 == "'"$target_name"'" && $3 != "none" && $3 != "-" && $3 != "" { print "keyfile=" $3; }' /etc/crypttab )
++    if test $luks_type = "luks1" ; then
++        cipher_name=$( grep "Cipher name" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
++        cipher_mode=$( grep "Cipher mode" $TMP_DIR/cryptsetup.luksDump | cut -d: -f2- | awk '{printf("%s",$1)};' )
++        cipher=$cipher_name-$cipher_mode
++        key_size=$( grep "MK bits" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
++        hash=$( grep "Hash spec" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
++    elif test $luks_type = "luks2" ; then
++        cipher=$( grep "cipher:" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
++        # More than one keyslot may be defined - use key_size from the first slot.
++        # Depending on the version the "cryptsetup luksDump" command outputs the key_size value
++        # as a line like
++        #         Key:        512 bits
++        # and/or as a line like
++        #         Cipher key: 512 bits
++        # cf. https://github.com/rear/rear/pull/2504#issuecomment-718729198 and subsequent comments
++        # so we grep for both lines but use only the first match from the first slot:
++        key_size=$( egrep -m 1 "Key:|Cipher key:" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+) bits$/\1/' )
++        hash=$( grep "Hash" $TMP_DIR/cryptsetup.luksDump | sed -r 's/^.+:\s*(.+)$/\1/' )
++    fi
+ 
+-    # gather crypt information
+-    cipher=$(cryptsetup luksDump $source_device | grep "Cipher name" | sed -r 's/^.+:\s*(.+)$/\1/')
+-    mode=$(cryptsetup luksDump $source_device | grep "Cipher mode" | cut -d: -f2- | awk '{printf("%s",$1)};')
+-    key_size=$(cryptsetup luksDump $source_device | grep "MK bits" | sed -r 's/^.+:\s*(.+)$/\1/')
+-    hash=$(cryptsetup luksDump $source_device | grep "Hash spec" | sed -r 's/^.+:\s*(.+)$/\1/')
+-    uuid=$(cryptsetup luksDump $source_device | grep "UUID" | sed -r 's/^.+:\s*(.+)$/\1/')
+-    keyfile_option=$([ -f /etc/crypttab ] && awk '$1 == "'"$target_name"'" && $3 != "none" && $3 != "-" { print "keyfile=" $3; }' /etc/crypttab)
++    # Basic checks that the cipher key_size hash uuid values exist
++    # cf. https://github.com/rear/rear/pull/2504#issuecomment-718729198
++    # because some values are needed during "rear recover"
++    # to set cryptsetup options in layout/prepare/GNU/Linux/160_include_luks_code.sh
++    # and it seems cryptsetup fails when options with empty values are specified
++    # cf. https://github.com/rear/rear/pull/2504#issuecomment-719479724
++    # For example a LUKS1 crypt entry in disklayout.conf looks like
++    # crypt /dev/mapper/luks1test /dev/sda7 type=luks1 cipher=aes-xts-plain64 key_size=256 hash=sha256 uuid=1b4198c9-d9b0-4c57-b9a3-3433e391e706 
++    # and a LUKS1 crypt entry in disklayout.conf looks like
++    # crypt /dev/mapper/luks2test /dev/sda8 type=luks2 cipher=aes-xts-plain64 key_size=256 hash=sha256 uuid=3e874a28-7415-4f8c-9757-b3f28a96c4d2 
++    # Only the keyfile_option value is optional and the luks_type value is already tested above.
++    # Using plain test to ensure a value is a single non empty and non blank word
++    # without quoting because test " " would return zero exit code
++    # cf. "Beware of the emptiness" in https://github.com/rear/rear/wiki/Coding-Style
++    # Do not error out instantly here but only report errors here so the user can see all messages
++    # and actually error out at the end of this script if there was one actually invalid value:
++    if ! test $cipher ; then
++        LogPrint "No 'cipher' value for LUKS$version volume $target_name in $source_device"
++    fi
++    if test $key_size ; then
++        if ! is_positive_integer $key_size ; then
++            LogPrintError "Error: 'key_size=$key_size' is no positive integer for LUKS$version volume $target_name in $source_device"
++            invalid_cryptsetup_option_value="yes"
++        fi
++    else
++        LogPrint "No 'key_size' value for LUKS$version volume $target_name in $source_device"
++    fi
++    if ! test $hash ; then
++        LogPrint "No 'hash' value for LUKS$version volume $target_name in $source_device"
++    fi
++    if ! test $uuid ; then
++        # Report a missig uuid value as an error to have the user informed
++        # but do not error out here because things can be fixed manually during "rear recover"
++        # cf. https://github.com/rear/rear/pull/2506#issuecomment-721757810
++        # and https://github.com/rear/rear/pull/2506#issuecomment-722315498
++        # and https://github.com/rear/rear/issues/2509
++        LogPrintError "Error: No 'uuid' value for LUKS$version volume $target_name in $source_device (mounting it or booting the recreated system may fail)"
++    fi
++
++    echo "crypt /dev/mapper/$target_name $source_device type=$luks_type cipher=$cipher key_size=$key_size hash=$hash uuid=$uuid $keyfile_option" >> $DISKLAYOUT_FILE
+ 
+-    echo "crypt /dev/mapper/$target_name $source_device cipher=$cipher-$mode key_size=$key_size hash=$hash uuid=$uuid $keyfile_option" >> $DISKLAYOUT_FILE
+ done < <( dmsetup ls --target crypt )
++
++# Let this script return successfully when invalid_cryptsetup_option_value is not true:
++is_true $invalid_cryptsetup_option_value && Error "Invalid or empty LUKS cryptsetup option value(s) in $DISKLAYOUT_FILE" || true
diff --git a/SOURCES/rear-bz1882060.patch b/SOURCES/rear-bz1882060.patch
new file mode 100644
index 0000000..2c15299
--- /dev/null
+++ b/SOURCES/rear-bz1882060.patch
@@ -0,0 +1,14 @@
+diff -up rear-2.4/usr/share/rear/conf/default.conf.orig rear-2.4/usr/share/rear/conf/default.conf
+--- rear-2.4/usr/share/rear/conf/default.conf.orig	2020-12-02 10:12:49.617305887 +0100
++++ rear-2.4/usr/share/rear/conf/default.conf	2020-12-02 10:12:49.628306023 +0100
+@@ -592,8 +592,8 @@ ISO_MAX_SIZE=
+ # ebiso (https://github.com/gozora/ebiso/) can be used as alternative
+ # for mkisofs/genisoimage on UEFI bootable systems
+ # to use ebiso, specify ISO_MKISOFS_BIN=<full_path_to_ebiso>/ebiso
+-# in /etc/rear/local.conf or /etc/rear/site.conv
+-# xorisofs is now used as the preferred method for generating the iso image
++# in /etc/rear/local.conf or /etc/rear/site.conf
++# xorrisofs is now used as the preferred method for generating the iso image
+ # with mkisofs and genisoimage as second and third option
+ ISO_MKISOFS_BIN="$( type -p xorrisofs || type -p mkisofs || type -p genisoimage )"
+ 
diff --git a/SOURCES/rear-sfdc02772301.patch b/SOURCES/rear-sfdc02772301.patch
new file mode 100644
index 0000000..67ce6b5
--- /dev/null
+++ b/SOURCES/rear-sfdc02772301.patch
@@ -0,0 +1,38 @@
+diff --git a/usr/share/rear/conf/default.conf b/usr/share/rear/conf/default.conf
+index 264f2217..313f4118 100644
+--- a/usr/share/rear/conf/default.conf
++++ b/usr/share/rear/conf/default.conf
+@@ -1489,7 +1489,7 @@ OBDR_BLOCKSIZE=2048
+ # BACKUP=NBU stuff (Symantec/Veritas NetBackup)
+ ##
+ #
+-COPY_AS_IS_NBU=( /usr/openv/bin/vnetd /usr/openv/bin/vopied /usr/openv/lib /usr/openv/netbackup /usr/openv/var/auth/[mn]*.txt )
++COPY_AS_IS_NBU=( /usr/openv/bin/vnetd /usr/openv/bin/vopied /usr/openv/lib /usr/openv/netbackup /usr/openv/var/auth/[mn]*.txt /opt/VRTSpbx /etc/vx/VxICS /etc/vx/vrtslog.conf )
+ COPY_AS_IS_EXCLUDE_NBU=( "/usr/openv/netbackup/logs/*" "/usr/openv/netbackup/bin/bpjava*" /usr/openv/netbackup/bin/xbp /usr/openv/netbackup/bin/private /usr/openv/lib/java /usr/openv/lib/shared/vddk /usr/openv/netbackup/baremetal )
+ NBU_LD_LIBRARY_PATH="/usr/openv/lib:/usr/openv/netbackup/sec/at/lib/"
+ PROGS_NBU=( )
+diff --git a/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh b/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh
+index cd48b8d9..ae5a3ccc 100644
+--- a/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh
++++ b/usr/share/rear/rescue/NBU/default/450_prepare_netbackup.sh
+@@ -7,6 +7,12 @@
+ 
+ [[ $NBU_version -lt 7 ]] && return	# NBU is using xinetd when version <7.x
+ 
++if [ -e "/etc/init.d/vxpbx_exchanged" ]; then
++	cp $v /etc/init.d/vxpbx_exchanged $ROOTFS_DIR/etc/scripts/system-setup.d/vxpbx_exchanged.real
++	chmod $v +x $ROOTFS_DIR/etc/scripts/system-setup.d/vxpbx_exchanged.real
++	echo "( /etc/scripts/system-setup.d/vxpbx_exchanged.real start )" > $ROOTFS_DIR/etc/scripts/system-setup.d/89-vxpbx_exchanged.sh
++fi
++
+ if [ -e "/etc/init.d/netbackup" ]; then
+ 	cp $v /etc/init.d/netbackup $ROOTFS_DIR/etc/scripts/system-setup.d/netbackup.real
+ 	chmod $v +x $ROOTFS_DIR/etc/scripts/system-setup.d/netbackup.real
+diff --git a/usr/share/rear/skel/NBU/usr/openv/tmp/.gitignore b/usr/share/rear/skel/NBU/usr/openv/tmp/.gitignore
+new file mode 100644
+index 00000000..d6b7ef32
+--- /dev/null
++++ b/usr/share/rear/skel/NBU/usr/openv/tmp/.gitignore
+@@ -0,0 +1,2 @@
++*
++!.gitignore
diff --git a/SPECS/rear.spec b/SPECS/rear.spec
index 521b8b6..11c10e1 100644
--- a/SPECS/rear.spec
+++ b/SPECS/rear.spec
@@ -3,7 +3,7 @@
 Summary:    Relax-and-Recover is a Linux disaster recovery and system migration tool
 Name:       rear
 Version:    2.4
-Release:    17%{?dist}
+Release:    18%{?dist}
 License:    GPLv3
 Group:      Applications/File
 URL:        http://relax-and-recover.org/
@@ -32,6 +32,9 @@ Patch24: rear-bz1737042.patch
 Patch25: rear-bz1743303-rubrik.patch
 Patch26: rear-bz1729502-ppc64-iso-level.patch
 Patch27: rear-bz1843809-skip-longhorn.patch
+Patch28: rear-bz1882060.patch
+Patch29: rear-bz1832394.patch
+Patch30: rear-sfdc02772301.patch
 
 ExcludeArch: s390x
 ExcludeArch: s390
@@ -140,8 +143,11 @@ fi
 %patch25 -p1
 %patch26 -p1
 %patch27 -p1
+%patch28 -p1
+%patch29 -p1
+%patch30 -p1
 
-echo "30 1 * * * root /usr/sbin/rear checklayout || /usr/sbin/rear mkrescue" >rear.cron
+echo "30 1 * * * root test -f /var/lib/rear/layout/disklayout.conf && /usr/sbin/rear checklayout || /usr/sbin/rear mkrescue" >rear.cron
 
 ### Add a specific os.conf so we do not depend on LSB dependencies
 %{?fedora:echo -e "OS_VENDOR=Fedora\nOS_VERSION=%{?fedora}" >etc/rear/os.conf}
@@ -173,6 +179,18 @@ TZ=UTC %{__make} -C doc
 %{_sbindir}/rear
 
 %changelog
+* Mon Jan 11 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4-18
+- Fix typo in default.conf
+  Resolves: #1882060
+- Modify the cron command to avoid an e-mail with error message after
+  ReaR is installed but not properly configured when the cron command
+  is triggered for the first time
+  Resolves: #1729499
+- Backport upstream code related to LUKS2 support
+  Resolves: #1832394
+- Changes for NetBackup (NBU) support, upstream PR2544
+  Resolves: #1898080
+
 * Mon Aug 10 2020 Pavel Cahyna <pcahyna@redhat.com> - 2.4-17
 - Update the Rubrik patch to include complete PR2445
   Resolves: rhbz1867696