import systemd-249-9.el9

SOURCES/0018-Really-don-t-enable-systemd-journald-audit.socket.patch

@@ -0,0 +1,25 @@
+From bdea01b16bedae5fdba3e9a12a864087cfb4b040 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Wed, 25 Aug 2021 16:03:04 +0200
+Subject: [PATCH] Really don't enable systemd-journald-audit.socket
+
+RHEL-only
+
+Resolves: #1973856
+---
+ units/systemd-journald.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
+index d981273b07..f190dff5fb 100644
+--- a/units/systemd-journald.service.in
++++ b/units/systemd-journald.service.in
+@@ -33,7 +33,7 @@ RestrictRealtime=yes
+ RestrictSUIDSGID=yes
+ RuntimeDirectory=systemd/journal
+ RuntimeDirectoryPreserve=yes
+-Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket
++Sockets=systemd-journald.socket systemd-journald-dev-log.socket
+ StandardOutput=null
+ SystemCallArchitectures=native
+ SystemCallErrorNumber=EPERM

SOURCES/0019-rules-add-elevator-kernel-command-line-parameter.patch

@@ -1,4 +1,4 @@
-From 7938e1e61c57441798d81124fd67b2e9bdd5e525 Mon Sep 17 00:00:00 2001
+From f583f3db3533bb2b3db1646d6afa74613fca46a6 Mon Sep 17 00:00:00 2001
 From: Lukas Nykryn <lnykryn@redhat.com>
 Date: Tue, 12 Feb 2019 16:58:16 +0100
 Subject: [PATCH] rules: add elevator= kernel command line parameter
@@ -8,7 +8,7 @@ it for rhel8 via udev rule.
 
 RHEL-only
 
-Resolves: #1998190
+Resolves: #2003002
 ---
  rules.d/40-elevator.rules | 20 ++++++++++++++++++++
  rules.d/meson.build       |  1 +

SOURCES/0020-boot-don-t-build-bootctl-when-Dgnu-efi-false-is-set.patch

@@ -1,11 +1,11 @@
-From 7cea77bd5712260277e451d34908f01f14c467c4 Mon Sep 17 00:00:00 2001
+From 9c67a1570d89ff462cb51f4b2a6d2ed0af8e2e9c Mon Sep 17 00:00:00 2001
 From: Michal Sekletar <msekleta@redhat.com>
 Date: Mon, 30 Aug 2021 18:38:09 +0200
 Subject: [PATCH] boot: don't build bootctl when -Dgnu-efi=false is set
 
 (cherry picked from commit fbe3a414e1d8f7b05dccf3d24d4fa475eb9c6bc9)
 
-Resolves: #1972223
+Resolves: #2003130
 ---
  meson.build                       | 8 +++++---
  shell-completion/bash/meson.build | 2 +-

SOURCES/0021-unit-install-the-systemd-bless-boot.service-only-if-.patch

@@ -1,4 +1,4 @@
-From aef14d77e157fd0748ef664c83e55fd3880ea787 Mon Sep 17 00:00:00 2001
+From 8f08b876d44d96b3f255ac5275a1daa3ccf9a801 Mon Sep 17 00:00:00 2001
 From: Frantisek Sumsal <frantisek@sumsal.cz>
 Date: Tue, 21 Sep 2021 22:47:42 +0200
 Subject: [PATCH] unit: install the systemd-bless-boot.service only if we have
@@ -8,7 +8,7 @@ Follow-up to #20591.
 
 (cherry picked from commit 220261ef940a126588b20a1765a2501811473839)
 
-Related: #1972223
+Related: #2003130
 ---
  units/meson.build | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

SOURCES/0022-units-don-t-enable-tmp.mount-statically-in-local-fs..patch

@@ -1,11 +1,11 @@
-From 532a10738745716620ef6af5813bc9c81c235f07 Mon Sep 17 00:00:00 2001
+From ab1ecca56e5a1cc5ad120958b1bb94c7854f3795 Mon Sep 17 00:00:00 2001
 From: Michal Sekletar <msekleta@redhat.com>
 Date: Wed, 22 Sep 2021 14:38:00 +0200
 Subject: [PATCH] units: don't enable tmp.mount statically in local-fs.target
 
 RHEL-only
 
-Related: #1959826
+Related: #2000927
 ---
  units/meson.build | 3 +--
  1 file changed, 1 insertion(+), 2 deletions(-)

SOURCES/0023-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch

@@ -1,4 +1,4 @@
-From 9ac22ee1e9d1ae32ff2d824e5a0e763a18b36d7e Mon Sep 17 00:00:00 2001
+From 50a744391dbb1130d38b44700ae7e6649fcc9ffb Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Wed, 1 Aug 2018 13:19:39 +0200
 Subject: [PATCH] pid1: bump DefaultTasksMax to 80% of the kernel pid.max value
@@ -7,7 +7,7 @@ This should be hopefully high enough even for the very big deployments.
 
 RHEL-only
 
-Resolves: #1997200
+Resolves: #2003031
 ---
  man/systemd-system.conf.xml | 4 ++--
  src/core/main.c             | 2 +-

SOURCES/0024-sd-device-introduce-device_has_devlink.patch

@@ -1,11 +1,11 @@
-From 76aebe6fec5894b05114fdf1e8aee54139bef69e Mon Sep 17 00:00:00 2001
+From 9c46b3e584fbb7be0a9e93471d30f2885bd194c9 Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Wed, 1 Sep 2021 09:22:15 +0900
 Subject: [PATCH] sd-device: introduce device_has_devlink()
 
 (cherry picked from commit b881ce16b9ccae4c3089c82e2ea1781cd9773a4f)
 
-Related: #1977994
+Related: #2005024
 ---
  src/libsystemd/sd-device/device-private.h | 1 +
  src/libsystemd/sd-device/sd-device.c      | 7 +++++++

SOURCES/0025-udev-node-split-out-permission-handling-from-udev_no.patch

@@ -1,4 +1,4 @@
-From acf81f97412be44d60be03a0a2e3ca62f4a5146b Mon Sep 17 00:00:00 2001
+From a4fba2d79634d660ed2014e18cb85eea090b6413 Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Wed, 1 Sep 2021 09:24:15 +0900
 Subject: [PATCH] udev-node: split out permission handling from udev_node_add()
@@ -7,7 +7,7 @@ And then merge udev_node_add() and udev_node_update_old_links().
 
 (cherry picked from commit 2f48561e0db3cd63f65e9311b4d69282b4ac605d)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-event.c |   9 +-
  src/udev/udev-node.c  | 204 +++++++++++++++++++-----------------------

SOURCES/0026-udev-node-stack-directory-must-exist-when-adding-dev.patch

@@ -1,4 +1,4 @@
-From 18d2fb228bc155fc357262ec2dc5713318bab453 Mon Sep 17 00:00:00 2001
+From 506dc32b2428936d67e9cf1a034d6b63dbc1cbb0 Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Wed, 1 Sep 2021 04:14:42 +0900
 Subject: [PATCH] udev-node: stack directory must exist when adding device node
@@ -6,7 +6,7 @@ Subject: [PATCH] udev-node: stack directory must exist when adding device node
 
 (cherry picked from commit 46070dbf26435ba0def099121f46a6253f3f19b6)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-node.c | 11 ++++++-----
  1 file changed, 6 insertions(+), 5 deletions(-)

SOURCES/0027-udev-node-save-information-about-device-node-and-pri.patch

@@ -1,4 +1,4 @@
-From 9c68b5675ffd11f2a3f9123446b54c2d0eea4682 Mon Sep 17 00:00:00 2001
+From 065209fc7a53d6f296f7fffd261f0a92fddc4485 Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Wed, 1 Sep 2021 04:16:21 +0900
 Subject: [PATCH] udev-node: save information about device node and priority in
@@ -14,7 +14,7 @@ without parsing the files.
 
 (cherry picked from commit 377a83f0d80376456d9be203796f66f543a8b943)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-node.c | 172 ++++++++++++++++++++++++++++++-------------
  1 file changed, 121 insertions(+), 51 deletions(-)

SOURCES/0028-udev-node-always-update-timestamp-of-stack-directory.patch

@@ -1,4 +1,4 @@
-From 16a6007cc8881ef19cc97de676d3b2b36b2def82 Mon Sep 17 00:00:00 2001
+From a13bd62f6cb8332864ed3566fdf51eedfe240043 Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Wed, 1 Sep 2021 12:57:40 +0900
 Subject: [PATCH] udev-node: always update timestamp of stack directory
@@ -7,7 +7,7 @@ Please see the comments in the code.
 
 (cherry picked from commit 6df797f75fa08bb1a9e657001229bd47903e6174)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-node.c | 90 ++++++++++++++++++++++++++++++++++++++++++--
  1 file changed, 87 insertions(+), 3 deletions(-)

SOURCES/0029-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch

@@ -1,4 +1,4 @@
-From 18936c8ee21fabb2036b1849a4bb7f5b64bee897 Mon Sep 17 00:00:00 2001
+From cf49a46c165619a0480d361a0afebb89e998f61c Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Thu, 2 Sep 2021 06:58:59 +0900
 Subject: [PATCH] udev-node: assume no new claim to a symlink if
@@ -11,7 +11,7 @@ unconditionally.
 
 (cherry picked from commit 8f27311eb2aec2411d1fb7d62e6c9d75d21ae8df)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-node.c | 5 -----
  1 file changed, 5 deletions(-)

SOURCES/0030-udev-node-always-atomically-create-symlink-to-device.patch

@@ -1,4 +1,4 @@
-From 323f687e53737ccf7687482c31690374da90d8e7 Mon Sep 17 00:00:00 2001
+From 1561b9e2c9ea779ab611f52fd8b4eef616896e09 Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Wed, 1 Sep 2021 02:20:33 +0900
 Subject: [PATCH] udev-node: always atomically create symlink to device node
@@ -14,7 +14,7 @@ conflicts between the workers.
 
 (cherry picked from commit 242d39ebc1391f4734f6e63ff13764de92bc5f70)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-node.c | 42 +++++++++---------------------------------
  1 file changed, 9 insertions(+), 33 deletions(-)

SOURCES/0031-udev-node-check-stack-directory-change-even-if-devli.patch

@@ -1,4 +1,4 @@
-From 6ecd6fdcc27f374debcce47366c2862967f99463 Mon Sep 17 00:00:00 2001
+From a3389b23db9b9ab1ad11f181f036be35aade8c31 Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Wed, 1 Sep 2021 09:44:26 +0900
 Subject: [PATCH] udev-node: check stack directory change even if devlink is
@@ -11,7 +11,7 @@ Hopefully fixes #19946.
 
 (cherry picked from commit 1cd4e325693007b3628f1a27297f0ab7114b24b8)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-node.c | 15 ++++++---------
  1 file changed, 6 insertions(+), 9 deletions(-)

SOURCES/0032-udev-node-shorten-code-a-bit-and-update-log-message.patch

@@ -1,11 +1,11 @@
-From a075830244f699703a88a492413d931eaeb23a65 Mon Sep 17 00:00:00 2001
+From 52938c3ed27ebaadce97060ad8ebdcb351403d90 Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Thu, 2 Sep 2021 08:23:35 +0900
 Subject: [PATCH] udev-node: shorten code a bit and update log message
 
 (cherry picked from commit 8424da2de88ceeed7be8544fb69221f0b0ea84ea)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-node.c | 5 ++---
  1 file changed, 2 insertions(+), 3 deletions(-)

SOURCES/0033-udev-node-add-random-delay-on-conflict-in-updating-d.patch

@@ -1,4 +1,4 @@
-From c484f91a87679fb26342408f20e7bdddf316f5a0 Mon Sep 17 00:00:00 2001
+From 75275ae07233e213fe03a1a33870efe10dbb2b39 Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Wed, 1 Sep 2021 04:34:48 +0900
 Subject: [PATCH] udev-node: add random delay on conflict in updating device
@@ -9,7 +9,7 @@ simultaneously.
 
 (cherry picked from commit 0063fa23a1384dd4385d03b568dc629916b7e72a)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-node.c | 12 ++++++++++++
  1 file changed, 12 insertions(+)

SOURCES/0034-udev-node-drop-redundant-trial-of-devlink-creation.patch

@@ -1,4 +1,4 @@
-From 458a6cd748ee5555b6957888b69d475ac3f619c6 Mon Sep 17 00:00:00 2001
+From c715be5f677ab61704ffe358716cf700d662b82d Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Wed, 1 Sep 2021 09:29:42 +0900
 Subject: [PATCH] udev-node: drop redundant trial of devlink creation
@@ -12,7 +12,7 @@ directory. So, the double evaluation is not necessary anymore.
 
 (cherry picked from commit 7920d0a135fb6a08aa0bfc31e9d0a3f589fe7a1f)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-event.c |  5 +----
  src/udev/udev-node.c  | 12 ++++--------

SOURCES/0035-udev-node-simplify-the-example-of-race.patch

@@ -1,11 +1,11 @@
-From a5a14281160881fbb39d80a2572a18ecadbeedd5 Mon Sep 17 00:00:00 2001
+From 13293ddc7822025cb9f785262655f928634395f6 Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Sun, 12 Sep 2021 16:05:51 +0900
 Subject: [PATCH] udev-node: simplify the example of race
 
 (cherry picked from commit 3df566a66723490914ef3bae0ca8046044b70dce)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-node.c | 10 +++++-----
  1 file changed, 5 insertions(+), 5 deletions(-)

SOURCES/0036-udev-node-do-not-ignore-unexpected-errors-on-removin.patch

@@ -1,4 +1,4 @@
-From 735971d9bffeccc0c17311a29909bdf5d693f806 Mon Sep 17 00:00:00 2001
+From 969b05b3f1dc644e821756205450b06a30c79d7f Mon Sep 17 00:00:00 2001
 From: Yu Watanabe <watanabe.yu+github@gmail.com>
 Date: Sun, 12 Sep 2021 16:14:27 +0900
 Subject: [PATCH] udev-node: do not ignore unexpected errors on removing
@@ -8,7 +8,7 @@ Only acceptable error here is -ENOENT.
 
 (cherry picked from commit 0706cdf4ec92d6bd40391da0e81a30d9bf851663)
 
-Related: #1977994
+Related: #2005024
 ---
  src/udev/udev-node.c | 23 ++++++++++++++---------
  1 file changed, 14 insertions(+), 9 deletions(-)

SOURCES/0037-basic-time-util-introduce-FORMAT_TIMESPAN.patch

@@ -1,4 +1,4 @@
-From e1f53e60bdc368c81beba8b6173047ec8149f8e9 Mon Sep 17 00:00:00 2001
+From 1cbcfc6f69e50d309698b6aa16a48b7f282913f5 Mon Sep 17 00:00:00 2001
 From: Michal Sekletar <msekleta@redhat.com>
 Date: Tue, 21 Sep 2021 09:28:29 +0200
 Subject: [PATCH] basic/time-util: introduce FORMAT_TIMESPAN
@@ -6,7 +6,7 @@ Subject: [PATCH] basic/time-util: introduce FORMAT_TIMESPAN
 This is cherry-pick of the relevant part from the tree-wide change in
 5291f26d4a6.
 
-Related: #1977994
+Related: #2005024
 ---
  src/basic/time-util.h | 1 +
  1 file changed, 1 insertion(+)

SOURCES/0038-udev-net-setup-link-change-the-default-MACAddressPol.patch

@@ -1,4 +1,4 @@
-From ac965c0ae8c9ffa7d606bce9ffa3052fccbac0ce Mon Sep 17 00:00:00 2001
+From 59bad0f7db6d56c359816bc048341b38b824e460 Mon Sep 17 00:00:00 2001
 From: Michal Sekletar <msekleta@redhat.com>
 Date: Tue, 21 Sep 2021 15:01:19 +0200
 Subject: [PATCH] udev/net-setup-link: change the default MACAddressPolicy to
@@ -9,11 +9,12 @@ address provided by HW could be useful it also breaks LACP based bonds.
 Let's err on the side of caution and don't change the MAC address from
 udev.
 
-Resolves: #1921094
+Resolves: #2009237
 ---
  man/systemd.link.xml                       | 2 +-
+ network/99-default.link                    | 2 +-
  test/fuzz/fuzz-link-parser/99-default.link | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
+ 3 files changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/man/systemd.link.xml b/man/systemd.link.xml
 index 1093e2e0b8..095d8b4873 100644
@@ -28,6 +29,16 @@ index 1093e2e0b8..095d8b4873 100644
      </example>
  
      <example>
+diff --git a/network/99-default.link b/network/99-default.link
+index bca660ac28..31aee37e75 100644
+--- a/network/99-default.link
++++ b/network/99-default.link
+@@ -13,4 +13,4 @@ OriginalName=*
+ [Link]
+ NamePolicy=keep kernel database onboard slot path
+ AlternativeNamesPolicy=database onboard slot path
+-MACAddressPolicy=persistent
++MACAddressPolicy=none
 diff --git a/test/fuzz/fuzz-link-parser/99-default.link b/test/fuzz/fuzz-link-parser/99-default.link
 index feb5b1fbb0..3d755898b4 100644
 --- a/test/fuzz/fuzz-link-parser/99-default.link

SOURCES/0038-udev-net-setup-link-really-change-the-default-MACAdd.patch

@@ -1,24 +0,0 @@
-From 19ab86202b9c4366ea5bd5ac820301f0ab6d1f95 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Fri, 1 Oct 2021 11:46:23 +0200
-Subject: [PATCH] udev/net-setup-link: *really* change the default
- MACAddressPolicy to "none"
-
-Fix the oversight and change the policy in the link file, i.e. the
-place where it actually matters.
-
-Related: #1921094
----
- network/99-default.link | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/network/99-default.link b/network/99-default.link
-index bca660ac28..31aee37e75 100644
---- a/network/99-default.link
-+++ b/network/99-default.link
-@@ -13,4 +13,4 @@ OriginalName=*
- [Link]
- NamePolicy=keep kernel database onboard slot path
- AlternativeNamesPolicy=database onboard slot path
--MACAddressPolicy=persistent
-+MACAddressPolicy=none

SOURCES/0039-set-core-ulimit-to-0-like-on-RHEL-7.patch

@@ -0,0 +1,25 @@
+From 2edaafdfacc14088d7b6f04eec578bd048057103 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Mon, 25 Jan 2021 16:19:56 +0100
+Subject: [PATCH] set core ulimit to 0 like on RHEL-7
+
+RHEL-only
+
+Resolves: #1998509
+---
+ src/core/system.conf.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/system.conf.in b/src/core/system.conf.in
+index f2c75fcd32..c290b14b8b 100644
+--- a/src/core/system.conf.in
++++ b/src/core/system.conf.in
+@@ -59,7 +59,7 @@
+ #DefaultLimitFSIZE=
+ #DefaultLimitDATA=
+ #DefaultLimitSTACK=
+-#DefaultLimitCORE=
++DefaultLimitCORE=0:infinity
+ #DefaultLimitRSS=
+ #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}}
+ #DefaultLimitAS=

SOURCES/0040-test-don-t-install-test-network-generator-conversion.patch

@@ -0,0 +1,60 @@
+From 8efa0b5f989d977eca51617a314ec4fdc32fb3d1 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Wed, 20 Oct 2021 19:43:34 +0200
+Subject: [PATCH] test: don't install test-network-generator-conversion.sh w/o
+ networkd
+
+otherwise TEST-02 will fail:
+
+```
+=== Failed test log ===
+--- test-network-generator-conversion.sh begin ---
++ [[ -n '' ]]
++ [[ -x /usr/lib/systemd/systemd-network-generator ]]
++ [[ -x /lib/systemd/systemd-network-generator ]]
++ exit 1
+--- test-network-generator-conversion.sh end ---
+```
+
+Before:
+```
+$ meson build -Dnetworkd=false -Dinstall-tests=true
+$ ninja -C build
+$ DESTDIR=$PWD/test-install ninja -C build install
+$ find test-install/ -name test-network-generator-conversion.sh
+test-install/usr/lib/systemd/tests/test-network-generator-conversion.sh
+```
+
+After:
+```
+$ find test-install/ -name test-network-generator-conversion.sh
+<no output>
+```
+
+(cherry picked from commit 140557021ad1a3946319fff1a87831eb02d6a1a0)
+
+Related: #2017035
+---
+ test/meson.build | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/test/meson.build b/test/meson.build
+index 47c7f4d49a..27b37a9ae7 100644
+--- a/test/meson.build
++++ b/test/meson.build
+@@ -98,9 +98,12 @@ if install_tests
+         install_data('run-unit-tests.py',
+                      install_mode : 'rwxr-xr-x',
+                      install_dir : testsdir)
+-        install_data('test-network-generator-conversion.sh',
+-                     install_mode : 'rwxr-xr-x',
+-                     install_dir : testsdir)
++
++        if conf.get('ENABLE_NETWORKD') == 1
++                install_data('test-network-generator-conversion.sh',
++                             install_mode : 'rwxr-xr-x',
++                             install_dir : testsdir)
++        endif
+ endif
+ 
+ ############################################################

SOURCES/0041-meson.build-change-operator-combining-bools-from-to-.patch

@@ -0,0 +1,32 @@
+From 7d7562db194f6b521d93ef370176922d0ac68331 Mon Sep 17 00:00:00 2001
+From: Dan Streetman <ddstreet@canonical.com>
+Date: Fri, 3 Sep 2021 12:43:33 -0400
+Subject: [PATCH] meson.build: change operator combining bools from + to and
+
+upstream meson stopped allowing combining boolean with the plus
+operator, and now requires using the logical and operator
+
+reference:
+https://github.com/mesonbuild/meson/commit/43302d3296baff6aeaf8e03f5d701b0402e37a6c
+
+Fixes: #20632
+(cherry picked from commit c29537f39e4f413a6cbfe9669fa121bdd6d8b36f)
+
+Related: #2017035
+---
+ meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index d28f04607a..f21ec5bb94 100644
+--- a/meson.build
++++ b/meson.build
+@@ -35,7 +35,7 @@ conf.set10('BUILD_MODE_DEVELOPER', get_option('mode') == 'developer',
+ 
+ want_ossfuzz = get_option('oss-fuzz')
+ want_libfuzzer = get_option('llvm-fuzz')
+-if want_ossfuzz + want_libfuzzer > 1
++if want_ossfuzz and want_libfuzzer
+         error('only one of oss-fuzz or llvm-fuzz can be specified')
+ endif
+ 

SOURCES/0042-openssl-util-use-EVP-API-to-get-RSA-bits.patch

@@ -0,0 +1,37 @@
+From 387ba3f36092f2072ee6a05abeac27deaca177bd Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 29 Sep 2021 15:03:44 +0200
+Subject: [PATCH] openssl-util: use EVP API to get RSA bits
+
+(cherry picked from commit 7f12adc3000c08a370f74bd16c654506c8a99e92)
+
+Resolves: #2016042
+---
+ src/shared/openssl-util.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c
+index bb47ae5e87..bd728e6c7c 100644
+--- a/src/shared/openssl-util.c
++++ b/src/shared/openssl-util.c
+@@ -46,7 +46,6 @@ int rsa_pkey_to_suitable_key_size(
+                 size_t *ret_suitable_key_size) {
+ 
+         size_t suitable_key_size;
+-        const RSA *rsa;
+         int bits;
+ 
+         assert_se(pkey);
+@@ -58,11 +57,7 @@ int rsa_pkey_to_suitable_key_size(
+         if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
+                 return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "X.509 certificate does not refer to RSA key.");
+ 
+-        rsa = EVP_PKEY_get0_RSA(pkey);
+-        if (!rsa)
+-                return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to acquire RSA public key from X.509 certificate.");
+-
+-        bits = RSA_bits(rsa);
++        bits = EVP_PKEY_bits(pkey);
+         log_debug("Bits in RSA key: %i", bits);
+ 
+         /* We use PKCS#1 padding for the RSA cleartext, hence let's leave some extra space for it, hence only

SOURCES/0043-procfs-util-fix-confusion-wrt.-quantity-limit-and-ma.patch

@@ -0,0 +1,315 @@
+From 862ded47343a782d70f7d4421a6a2e4e33684e5e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 2 Nov 2021 18:18:21 +0100
+Subject: [PATCH] procfs-util: fix confusion wrt. quantity limit and maximum
+ value
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From packit/rawhide-arm64 logs:
+Assertion 'limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH' failed at src/test/test-process-util.c:855, function test_get_process_ppid(). Aborting.
+――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
+
+The kernel has a few different limits. In particular kernel.threads-max can be
+set to some lower value, and kernel.pid_max can be set to a higher value. This
+is nice because it reduces PID reuse, even if the number of threads that is
+allowed is limited. But the tests assumed that we cannot have a thread with
+PID above MIN(kernel.threads-max, kernel.pid_max-1), which is not valid.
+
+So let's rework the whole thing: let's expose the helpers to read
+kernel.threads-max and kernel.pid_max, and print what they return in tests.
+procfs_tasks_get_limit() was something that is only used in tests, and wasn't
+very well defined, so let's drop it.
+
+Fixes #21193.
+
+(cherry picked from commit c3dead53d50e334f2d072a2248256983d6dc9f8c)
+
+Related: #2017035
+---
+ src/basic/limits-util.c      | 50 ++++++++++++++++++++++++----------
+ src/basic/procfs-util.c      | 53 +++++++++---------------------------
+ src/basic/procfs-util.h      |  4 ++-
+ src/test/test-process-util.c | 10 +++++--
+ src/test/test-procfs-util.c  | 34 ++++++++++++++++-------
+ 5 files changed, 84 insertions(+), 67 deletions(-)
+
+diff --git a/src/basic/limits-util.c b/src/basic/limits-util.c
+index 9f8e26d46a..435a2a0efe 100644
+--- a/src/basic/limits-util.c
++++ b/src/basic/limits-util.c
+@@ -109,35 +109,57 @@ uint64_t physical_memory_scale(uint64_t v, uint64_t max) {
+ }
+ 
+ uint64_t system_tasks_max(void) {
+-        uint64_t a = TASKS_MAX, b = TASKS_MAX;
++        uint64_t a = TASKS_MAX, b = TASKS_MAX, c = TASKS_MAX;
+         _cleanup_free_ char *root = NULL;
+         int r;
+ 
+-        /* Determine the maximum number of tasks that may run on this system. We check three sources to determine this
+-         * limit:
++        /* Determine the maximum number of tasks that may run on this system. We check three sources to
++         * determine this limit:
+          *
+-         * a) the maximum tasks value the kernel allows on this architecture
+-         * b) the cgroups pids_max attribute for the system
+-         * c) the kernel's configured maximum PID value
++         * a) kernel.threads-max sysctl: the maximum number of tasks (threads) the kernel allows.
+          *
+-         * And then pick the smallest of the three */
++         *    This puts a direct limit on the number of concurrent tasks.
++         *
++         * b) kernel.pid_max sysctl: the maximum PID value.
++         *
++         *    This limits the numeric range PIDs can take, and thus indirectly also limits the number of
++         *    concurrent threads. It's primarily a compatibility concept: some crappy old code used a signed
++         *    16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond
++         *    INT16_MAX by default.
++         *
++         *    Also note the weird definition: PIDs assigned will be kept below this value, which means
++         *    the number of tasks that can be created is one lower, as PID 0 is not a valid process ID.
++         *
++         * c) pids.max on the root cgroup: the kernel's configured maximum number of tasks.
++         *
++         * and then pick the smallest of the three.
++         *
++         * By default pid_max is set to much lower values than threads-max, hence the limit people come into
++         * contact with first, as it's the lowest boundary they need to bump when they want higher number of
++         * processes.
++         */
++
++        r = procfs_get_threads_max(&a);
++        if (r < 0)
++                log_debug_errno(r, "Failed to read kernel.threads-max, ignoring: %m");
+ 
+-        r = procfs_tasks_get_limit(&a);
++        r = procfs_get_pid_max(&b);
+         if (r < 0)
+-                log_debug_errno(r, "Failed to read maximum number of tasks from /proc, ignoring: %m");
++                log_debug_errno(r, "Failed to read kernel.pid_max, ignoring: %m");
++        else if (b > 0)
++                /* Subtract one from pid_max, since PID 0 is not a valid PID */
++                b--;
+ 
+         r = cg_get_root_path(&root);
+         if (r < 0)
+                 log_debug_errno(r, "Failed to determine cgroup root path, ignoring: %m");
+         else {
+-                r = cg_get_attribute_as_uint64("pids", root, "pids.max", &b);
++                r = cg_get_attribute_as_uint64("pids", root, "pids.max", &c);
+                 if (r < 0)
+-                        log_debug_errno(r, "Failed to read pids.max attribute of cgroup root, ignoring: %m");
++                        log_debug_errno(r, "Failed to read pids.max attribute of root cgroup, ignoring: %m");
+         }
+ 
+-        return MIN3(TASKS_MAX,
+-                    a <= 0 ? TASKS_MAX : a,
+-                    b <= 0 ? TASKS_MAX : b);
++        return MIN3(a, b, c);
+ }
+ 
+ uint64_t system_tasks_max_scale(uint64_t v, uint64_t max) {
+diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c
+index 9234ccaf85..a29e776a3a 100644
+--- a/src/basic/procfs-util.c
++++ b/src/basic/procfs-util.c
+@@ -12,54 +12,34 @@
+ #include "stdio-util.h"
+ #include "string-util.h"
+ 
+-int procfs_tasks_get_limit(uint64_t *ret) {
++int procfs_get_pid_max(uint64_t *ret) {
+         _cleanup_free_ char *value = NULL;
+-        uint64_t pid_max, threads_max;
+         int r;
+ 
+         assert(ret);
+ 
+-        /* So there are two sysctl files that control the system limit of processes:
+-         *
+-         * 1. kernel.threads-max: this is probably the sysctl that makes more sense, as it directly puts a limit on
+-         *    concurrent tasks.
+-         *
+-         * 2. kernel.pid_max: this limits the numeric range PIDs can take, and thus indirectly also limits the number
+-         *    of concurrent threads. AFAICS it's primarily a compatibility concept: some crappy old code used a signed
+-         *    16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond INT16_MAX by
+-         *    default.
+-         *
+-         * By default #2 is set to much lower values than #1, hence the limit people come into contact with first, as
+-         * it's the lowest boundary they need to bump when they want higher number of processes.
+-         *
+-         * Also note the weird definition of #2: PIDs assigned will be kept below this value, which means the number of
+-         * tasks that can be created is one lower, as PID 0 is not a valid process ID. */
+-
+         r = read_one_line_file("/proc/sys/kernel/pid_max", &value);
+         if (r < 0)
+                 return r;
+ 
+-        r = safe_atou64(value, &pid_max);
+-        if (r < 0)
+-                return r;
++        return safe_atou64(value, ret);
++}
+ 
+-        value = mfree(value);
+-        r = read_one_line_file("/proc/sys/kernel/threads-max", &value);
+-        if (r < 0)
+-                return r;
++int procfs_get_threads_max(uint64_t *ret) {
++        _cleanup_free_ char *value = NULL;
++        int r;
+ 
+-        r = safe_atou64(value, &threads_max);
++        assert(ret);
++
++        r = read_one_line_file("/proc/sys/kernel/threads-max", &value);
+         if (r < 0)
+                 return r;
+ 
+-        /* Subtract one from pid_max, since PID 0 is not a valid PID */
+-        *ret = MIN(pid_max-1, threads_max);
+-        return 0;
++        return safe_atou64(value, ret);
+ }
+ 
+ int procfs_tasks_set_limit(uint64_t limit) {
+         char buffer[DECIMAL_STR_MAX(uint64_t)+1];
+-        _cleanup_free_ char *value = NULL;
+         uint64_t pid_max;
+         int r;
+ 
+@@ -74,10 +54,7 @@ int procfs_tasks_set_limit(uint64_t limit) {
+          * set it to the maximum. */
+         limit = CLAMP(limit, 20U, TASKS_MAX);
+ 
+-        r = read_one_line_file("/proc/sys/kernel/pid_max", &value);
+-        if (r < 0)
+-                return r;
+-        r = safe_atou64(value, &pid_max);
++        r = procfs_get_pid_max(&pid_max);
+         if (r < 0)
+                 return r;
+ 
+@@ -98,14 +75,10 @@ int procfs_tasks_set_limit(uint64_t limit) {
+                 /* Hmm, we couldn't write this? If so, maybe it was already set properly? In that case let's not
+                  * generate an error */
+ 
+-                value = mfree(value);
+-                if (read_one_line_file("/proc/sys/kernel/threads-max", &value) < 0)
+-                        return r; /* return original error */
+-
+-                if (safe_atou64(value, &threads_max) < 0)
++                if (procfs_get_threads_max(&threads_max) < 0)
+                         return r; /* return original error */
+ 
+-                if (MIN(pid_max-1, threads_max) != limit)
++                if (MIN(pid_max - 1, threads_max) != limit)
+                         return r; /* return original error */
+ 
+                 /* Yay! Value set already matches what we were trying to set, hence consider this a success. */
+diff --git a/src/basic/procfs-util.h b/src/basic/procfs-util.h
+index 61fa71d479..eb8c7738b1 100644
+--- a/src/basic/procfs-util.h
++++ b/src/basic/procfs-util.h
+@@ -5,7 +5,9 @@
+ 
+ #include "time-util.h"
+ 
+-int procfs_tasks_get_limit(uint64_t *ret);
++int procfs_get_pid_max(uint64_t *ret);
++int procfs_get_threads_max(uint64_t *ret);
++
+ int procfs_tasks_set_limit(uint64_t limit);
+ int procfs_tasks_get_current(uint64_t *ret);
+ 
+diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
+index 8c76392ae9..d89ce6e2db 100644
+--- a/src/test/test-process-util.c
++++ b/src/test/test-process-util.c
+@@ -850,8 +850,14 @@ static void test_get_process_ppid(void) {
+         assert_se(get_process_ppid(1, NULL) == -EADDRNOTAVAIL);
+ 
+         /* the process with the PID above the global limit definitely doesn't exist. Verify that */
+-        assert_se(procfs_tasks_get_limit(&limit) >= 0);
+-        assert_se(limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH);
++        assert_se(procfs_get_pid_max(&limit) >= 0);
++        log_debug("kernel.pid_max = %"PRIu64, limit);
++
++        if (limit < INT_MAX) {
++                r = get_process_ppid(limit + 1, NULL);
++                log_debug_errno(r, "get_process_limit(%"PRIu64") → %d/%m", limit + 1, r);
++                assert(r == -ESRCH);
++        }
+ 
+         for (pid_t pid = 0;;) {
+                 _cleanup_free_ char *c1 = NULL, *c2 = NULL;
+diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
+index b2679e30fb..876ef40dfd 100644
+--- a/src/test/test-procfs-util.c
++++ b/src/test/test-procfs-util.c
+@@ -6,12 +6,13 @@
+ #include "format-util.h"
+ #include "log.h"
+ #include "procfs-util.h"
++#include "process-util.h"
+ #include "tests.h"
+ 
+ int main(int argc, char *argv[]) {
+         char buf[CONST_MAX(FORMAT_TIMESPAN_MAX, FORMAT_BYTES_MAX)];
+         nsec_t nsec;
+-        uint64_t v;
++        uint64_t v, w;
+         int r;
+ 
+         log_parse_environment();
+@@ -26,26 +27,39 @@ int main(int argc, char *argv[]) {
+         assert_se(procfs_tasks_get_current(&v) >= 0);
+         log_info("Current number of tasks: %" PRIu64, v);
+ 
+-        r = procfs_tasks_get_limit(&v);
+-        if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
+-                return log_tests_skipped("can't read /proc/sys/kernel/pid_max");
++        v = TASKS_MAX;
++        r = procfs_get_pid_max(&v);
++        assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r));
++        log_info("kernel.pid_max: %"PRIu64, v);
++
++        w = TASKS_MAX;
++        r = procfs_get_threads_max(&w);
++        assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r));
++        log_info("kernel.threads-max: %"PRIu64, w);
++
++        v = MIN(v - (v > 0), w);
+ 
+         assert_se(r >= 0);
+         log_info("Limit of tasks: %" PRIu64, v);
+         assert_se(v > 0);
+-        assert_se(procfs_tasks_set_limit(v) >= 0);
++        r = procfs_tasks_set_limit(v);
++        if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r))
++                return log_tests_skipped("can't set task limits");
++        assert(r >= 0);
+ 
+         if (v > 100) {
+-                uint64_t w;
++                log_info("Reducing limit by one to %"PRIu64"…", v-1);
++
+                 r = procfs_tasks_set_limit(v-1);
+-                assert_se(IN_SET(r, 0, -EPERM, -EACCES, -EROFS));
++                log_info_errno(r, "procfs_tasks_set_limit: %m");
++                assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r));
+ 
+-                assert_se(procfs_tasks_get_limit(&w) >= 0);
+-                assert_se((r == 0 && w == v - 1) || (r < 0 && w == v));
++                assert_se(procfs_get_threads_max(&w) >= 0);
++                assert_se(r >= 0 ? w == v - 1 : w == v);
+ 
+                 assert_se(procfs_tasks_set_limit(v) >= 0);
+ 
+-                assert_se(procfs_tasks_get_limit(&w) >= 0);
++                assert_se(procfs_get_threads_max(&w) >= 0);
+                 assert_se(v == w);
+         }
+ 

SOURCES/0044-test-process-util-also-add-EROFS-to-the-list-of-good.patch

@@ -0,0 +1,31 @@
+From e43e8caf2f2699de7da1f072bcc7c25e125313e4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 3 Nov 2021 09:39:16 +0100
+Subject: [PATCH] test-process-util: also add EROFS to the list of "good"
+ errors
+
+It is only added in the one place where we actually try to set the
+setting to a new value. Before we were testing if we can set to it the
+existing value, which was a noop. We could still get a permission error,
+but this is the first place where we would propagate EROFS.
+
+(cherry picked from commit 6434a83d01d96e9f9a17ed9ce1f04a7d64859950)
+
+Related: #2017035
+---
+ src/test/test-procfs-util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
+index 876ef40dfd..f19a41475d 100644
+--- a/src/test/test-procfs-util.c
++++ b/src/test/test-procfs-util.c
+@@ -52,7 +52,7 @@ int main(int argc, char *argv[]) {
+ 
+                 r = procfs_tasks_set_limit(v-1);
+                 log_info_errno(r, "procfs_tasks_set_limit: %m");
+-                assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r));
++                assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r) || r == -EROFS);
+ 
+                 assert_se(procfs_get_threads_max(&w) >= 0);
+                 assert_se(r >= 0 ? w == v - 1 : w == v);

SOURCES/0045-ci-use-C9S-chroots-in-Packit.patch

@@ -0,0 +1,27 @@
+From 5c8d698f3905c860eff17b84a32bb7acfb98d931 Mon Sep 17 00:00:00 2001
+From: Frantisek Sumsal <frantisek@sumsal.cz>
+Date: Thu, 4 Nov 2021 12:31:32 +0100
+Subject: [PATCH] ci: use C9S chroots in Packit
+
+rhel-only
+Related: #2017035
+---
+ .packit.yml | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/.packit.yml b/.packit.yml
+index 3461bccbc5..ce8782aae2 100644
+--- a/.packit.yml
++++ b/.packit.yml
+@@ -37,9 +37,8 @@ jobs:
+   trigger: pull_request
+   metadata:
+     targets:
+-      # FIXME: change to CentOS 9 once it's available
+-      - fedora-34-x86_64
+-      - fedora-34-aarch64
++      - centos-stream-9-x86_64
++      - centos-stream-9-aarch64
+ 
+ # TODO: can't use TFT yet due to https://pagure.io/fedora-ci/general/issue/184
+ # Run tests (via testing farm)

SOURCES/0046-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch

@@ -1,4 +1,4 @@
-From f58b96d3e8d1cb0dd3666bc74fa673918b586612 Mon Sep 17 00:00:00 2001
+From 5a86b79c5f79215a17f6617ae925dc76b25396a6 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Mon, 14 Sep 2020 17:58:03 +0200
 Subject: [PATCH] test-mountpointutil-util: do not assert in test_mnt_id()
@@ -102,17 +102,24 @@ getpid()                                = 20
 gettid()                                = 20
 tgkill(20, 20, SIGABRT)                 = 0
 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
---- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=20, si_uid=0} ---
+
-+++ killed by SIGABRT (core dumped) +++
+RHEL notes: af918c4 should mitigate this issue, but in some build
+systems (Copr, brew, etc.) we don't have enough privileges to create a
+new mount namespace
+
+Cherry-picked manually from https://github.com/systemd/systemd/pull/17050.
+
+rhel-only
+Related: #2017035
 ---
  src/test/test-mountpoint-util.c | 8 ++++++--
  1 file changed, 6 insertions(+), 2 deletions(-)
 
 diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
-index 30b00ae4d8b..ffe5144b04a 100644
+index 983e1842d6..66d476d06d 100644
 --- a/src/test/test-mountpoint-util.c
 +++ b/src/test/test-mountpoint-util.c
-@@ -89,8 +89,12 @@ static void test_mnt_id(void) {
+@@ -91,8 +91,12 @@ static void test_mnt_id(void) {
                  /* The ids don't match? If so, then there are two mounts on the same path, let's check if
                   * that's really the case */
                  char *t = hashmap_get(h, INT_TO_PTR(mnt_id2));

SOURCES/0047-core-mount-add-implicit-unit-dependencies-even-if-wh.patch

@@ -0,0 +1,30 @@
+From ea4ebf86d25fb9c489d1cf1ca42371b7e2e782aa Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 29 Aug 2021 21:20:43 +0900
+Subject: [PATCH] core/mount: add implicit unit dependencies even if when mount
+ unit is generated from /proc/self/mountinfo
+
+Hopefully fixes #20566.
+
+(cherry picked from commit aebff2e7ce209fc2d75b894a3ae8b80f6f36ec11)
+
+Resolves: #2019468
+---
+ src/core/mount.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 1fd3102ad3..f2c85e0e5d 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -1582,6 +1582,10 @@ static int mount_setup_new_unit(
+         if (r < 0)
+                 return r;
+ 
++        r = mount_add_non_exec_dependencies(MOUNT(u));
++        if (r < 0)
++                return r;
++
+         /* This unit was generated because /proc/self/mountinfo reported it. Remember this, so that by the time we load
+          * the unit file for it (and thus add in extra deps right after) we know what source to attributes the deps
+          * to. */

SOURCES/rc.local

@@ -0,0 +1,14 @@
+#!/bin/bash
+# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
+#
+# It is highly advisable to create own systemd services or udev rules
+# to run scripts during boot instead of using this file.
+#
+# In contrast to previous versions due to parallel execution during boot
+# this script will NOT be run after all other services.
+#
+# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
+# that this script will be executed during boot.
+
+touch /var/lock/subsys/local
+

SPECS/systemd.spec

@@ -21,7 +21,7 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        249
-Release:        7%{?dist}
+Release:        9%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -63,6 +63,7 @@ Source21:       macros.sysusers
 Source22:       sysusers.attr
 Source23:       sysusers.prov
 Source24:       sysusers.generate-pre.sh
+Source25:       rc.local
 
 %if 0
 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable
@@ -94,31 +95,38 @@ Patch0014: 0014-random-util-increase-random-seed-size-to-1024.patch
 Patch0015: 0015-journal-don-t-enable-systemd-journald-audit.socket-b.patch
 Patch0016: 0016-journald.conf-don-t-touch-current-audit-settings.patch
 Patch0017: 0017-Revert-udev-remove-WAIT_FOR-key.patch
-Patch0018: 0018-boot-don-t-build-bootctl-when-Dgnu-efi-false-is-set.patch
+Patch0018: 0018-Really-don-t-enable-systemd-journald-audit.socket.patch
 Patch0019: 0019-rules-add-elevator-kernel-command-line-parameter.patch
-Patch0020: 0020-sd-device-introduce-device_has_devlink.patch
+Patch0020: 0020-boot-don-t-build-bootctl-when-Dgnu-efi-false-is-set.patch
-Patch0021: 0021-udev-node-split-out-permission-handling-from-udev_no.patch
+Patch0021: 0021-unit-install-the-systemd-bless-boot.service-only-if-.patch
-Patch0022: 0022-udev-node-stack-directory-must-exist-when-adding-dev.patch
+Patch0022: 0022-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
-Patch0023: 0023-udev-node-save-information-about-device-node-and-pri.patch
+Patch0023: 0023-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
-Patch0024: 0024-udev-node-always-update-timestamp-of-stack-directory.patch
+Patch0024: 0024-sd-device-introduce-device_has_devlink.patch
-Patch0025: 0025-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch
+Patch0025: 0025-udev-node-split-out-permission-handling-from-udev_no.patch
-Patch0026: 0026-udev-node-always-atomically-create-symlink-to-device.patch
+Patch0026: 0026-udev-node-stack-directory-must-exist-when-adding-dev.patch
-Patch0027: 0027-udev-node-check-stack-directory-change-even-if-devli.patch
+Patch0027: 0027-udev-node-save-information-about-device-node-and-pri.patch
-Patch0028: 0028-udev-node-shorten-code-a-bit-and-update-log-message.patch
+Patch0028: 0028-udev-node-always-update-timestamp-of-stack-directory.patch
-Patch0029: 0029-udev-node-add-random-delay-on-conflict-in-updating-d.patch
+Patch0029: 0029-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch
-Patch0030: 0030-udev-node-drop-redundant-trial-of-devlink-creation.patch
+Patch0030: 0030-udev-node-always-atomically-create-symlink-to-device.patch
-Patch0031: 0031-udev-node-simplify-the-example-of-race.patch
+Patch0031: 0031-udev-node-check-stack-directory-change-even-if-devli.patch
-Patch0032: 0032-udev-node-do-not-ignore-unexpected-errors-on-removin.patch
+Patch0032: 0032-udev-node-shorten-code-a-bit-and-update-log-message.patch
-Patch0033: 0033-basic-time-util-introduce-FORMAT_TIMESPAN.patch
+Patch0033: 0033-udev-node-add-random-delay-on-conflict-in-updating-d.patch
-Patch0034: 0034-unit-install-the-systemd-bless-boot.service-only-if-.patch
+Patch0034: 0034-udev-node-drop-redundant-trial-of-devlink-creation.patch
-Patch0035: 0035-units-don-t-enable-tmp.mount-statically-in-local-fs..patch
+Patch0035: 0035-udev-node-simplify-the-example-of-race.patch
-Patch0036: 0036-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
+Patch0036: 0036-udev-node-do-not-ignore-unexpected-errors-on-removin.patch
-Patch0037: 0037-udev-net-setup-link-change-the-default-MACAddressPol.patch
+Patch0037: 0037-basic-time-util-introduce-FORMAT_TIMESPAN.patch
-Patch0038: 0038-udev-net-setup-link-really-change-the-default-MACAdd.patch
+Patch0038: 0038-udev-net-setup-link-change-the-default-MACAddressPol.patch
+Patch0039: 0039-set-core-ulimit-to-0-like-on-RHEL-7.patch
+Patch0040: 0040-test-don-t-install-test-network-generator-conversion.patch
+Patch0041: 0041-meson.build-change-operator-combining-bools-from-to-.patch
+Patch0042: 0042-openssl-util-use-EVP-API-to-get-RSA-bits.patch
+Patch0043: 0043-procfs-util-fix-confusion-wrt.-quantity-limit-and-ma.patch
+Patch0044: 0044-test-process-util-also-add-EROFS-to-the-list-of-good.patch
+Patch0045: 0045-ci-use-C9S-chroots-in-Packit.patch
+Patch0046: 0046-test-mountpointutil-util-do-not-assert-in-test_mnt_i.patch
+Patch0047: 0047-core-mount-add-implicit-unit-dependencies-even-if-wh.patch
 
 # Downstream-only patches (9000–9999)
-# https://github.com/systemd/systemd/pull/17050
-Patch9001:      https://github.com/systemd/systemd/pull/17050/commits/f58b96d3e8d1cb0dd3666bc74fa673918b586612.patch
 
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
@@ -363,6 +371,7 @@ MulticastDNS resolver and responder.
 Summary:        A userspace out-of-memory (OOM) killer
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 License:        LGPLv2+
+Provides:       %{name}-oomd-defaults = %{version}-%{release}
 
 %description oomd
 systemd-oomd is a system service that uses cgroups-v2 and pressure stall
@@ -461,7 +470,7 @@ CONFIGURE_OPTS=(
 %endif
         -Db_ndebug=false
         -Dman=true
-        -Dversion-tag=%{version}-%{release}
+        -Dversion-tag=v%{version}-%{release}
 %if 0%{?fedora}
         -Dfallback-hostname=fedora
 %else
@@ -558,6 +567,11 @@ touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin
 touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed
 touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state
 
+# Install rc.local
+mkdir -p %{buildroot}%{_sysconfdir}/rc.d/
+install -m 0644 %{SOURCE25} %{buildroot}%{_sysconfdir}/rc.d/rc.local
+ln -s rc.d/rc.local %{buildroot}%{_sysconfdir}/rc.local
+
 # Install yum protection fragment
 install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf
 
@@ -616,6 +630,8 @@ python3 %{SOURCE2} %buildroot <<EOF
 %ghost %config(noreplace) /etc/locale.conf
 %ghost %config(noreplace) /etc/machine-id
 %ghost %config(noreplace) /etc/machine-info
+%config(noreplace) %{_sysconfdir}/rc.d/rc.local
+%{_sysconfdir}/rc.local
 %ghost %attr(0700,root,root) %dir /var/cache/private
 %ghost %attr(0700,root,root) %dir /var/lib/private
 %ghost %dir /var/lib/private/systemd
@@ -633,6 +649,10 @@ python3 %{SOURCE2} %buildroot <<EOF
 %ghost %attr(0700,root,root) %dir /var/log/private
 EOF
 
+%check
+%if %{with tests}
+meson test -C %{_vpath_builddir} -t 6 --print-errorlogs
+%endif
 
 #############################################################################################
 
@@ -873,34 +893,40 @@ getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /s
 %files standalone-sysusers -f .file-list-standalone-sysusers
 
 %changelog
-* Fri Oct 01 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-7
+* Thu Nov 18 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-9
-- spec: make sure version string starts with version number (#1921094)
+- test: don't install test-network-generator-conversion.sh w/o networkd (#2017035)
+- meson.build: change operator combining bools from + to and (#2017035)
+- openssl-util: use EVP API to get RSA bits (#2016042)
+- procfs-util: fix confusion wrt. quantity limit and maximum value (#2017035)
+- test-process-util: also add EROFS to the list of "good" errors (#2017035)
+- ci: use C9S chroots in Packit (#2017035)
+- test-mountpointutil-util: do not assert in test_mnt_id() (#2017035)
+- core/mount: add implicit unit dependencies even if when mount unit is generated from /proc/self/mountinfo (#2019468)
+- Drop Patch9001 - https://github.com/systemd/systemd/pull/17050 - Replaced by Patch0046
 
-* Fri Oct 01 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-6
+* Tue Oct 12 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-8
-- udev/net-setup-link: *really* change the default MACAddressPolicy to "none" (#1921094)
+- Really don't enable systemd-journald-audit.socket (#1973856)
-- spec: Use -Dgnu-efi=false instead of -Defi=false (#1972223)
+- rules: add elevator= kernel command line parameter (#2003002)
-
+- boot: don't build bootctl when -Dgnu-efi=false is set (#2003130)
-* Thu Sep 30 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-5
+- unit: install the systemd-bless-boot.service only if we have gnu-efi (#2003130)
-- boot: don't build bootctl when -Dgnu-efi=false is set (#1972223)
+- units: don't enable tmp.mount statically in local-fs.target (#2000927)
-- rules: add elevator= kernel command line parameter (#1998190)
+- pid1: bump DefaultTasksMax to 80% of the kernel pid.max value (#2003031)
-- sd-device: introduce device_has_devlink() (#1977994)
+- sd-device: introduce device_has_devlink() (#2005024)
-- udev-node: split out permission handling from udev_node_add() (#1977994)
+- udev-node: split out permission handling from udev_node_add() (#2005024)
-- udev-node: stack directory must exist when adding device node symlink (#1977994)
+- udev-node: stack directory must exist when adding device node symlink (#2005024)
-- udev-node: save information about device node and priority in symlink (#1977994)
+- udev-node: save information about device node and priority in symlink (#2005024)
-- udev-node: always update timestamp of stack directory (#1977994)
+- udev-node: always update timestamp of stack directory (#2005024)
-- udev-node: assume no new claim to a symlink if /run/udev/links is not updated (#1977994)
+- udev-node: assume no new claim to a symlink if /run/udev/links is not updated (#2005024)
-- udev-node: always atomically create symlink to device node (#1977994)
+- udev-node: always atomically create symlink to device node (#2005024)
-- udev-node: check stack directory change even if devlink is removed (#1977994)
+- udev-node: check stack directory change even if devlink is removed (#2005024)
-- udev-node: shorten code a bit and update log message (#1977994)
+- udev-node: shorten code a bit and update log message (#2005024)
-- udev-node: add random delay on conflict in updating device node symlink (#1977994)
+- udev-node: add random delay on conflict in updating device node symlink (#2005024)
-- udev-node: drop redundant trial of devlink creation (#1977994)
+- udev-node: drop redundant trial of devlink creation (#2005024)
-- udev-node: simplify the example of race (#1977994)
+- udev-node: simplify the example of race (#2005024)
-- udev-node: do not ignore unexpected errors on removing symlink in stack directory (#1977994)
+- udev-node: do not ignore unexpected errors on removing symlink in stack directory (#2005024)
-- basic/time-util: introduce FORMAT_TIMESPAN (#1977994)
+- basic/time-util: introduce FORMAT_TIMESPAN (#2005024)
-- unit: install the systemd-bless-boot.service only if we have gnu-efi (#1972223)
+- udev/net-setup-link: change the default MACAddressPolicy to "none" (#2009237)
-- units: don't enable tmp.mount statically in local-fs.target (#1959826)
+- set core ulimit to 0 like on RHEL-7 (#1998509)
-- pid1: bump DefaultTasksMax to 80% of the kernel pid.max value (#1997200)
-- udev/net-setup-link: change the default MACAddressPolicy to "none" (#1921094)
 
 * Fri Aug 20 2021 systemd maintenance team <systemd-maint@redhat.com> - 249-4
 - Revert "udev: remove WAIT_FOR key" (#1982666)