SOURCES/0026-Introduce-free_and_strndup-and-use-it-in-bus-message.patch

@@ -272,7 +272,7 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..52469650b5498a45d5d95bd9d933c989cfb47ca7
 GIT binary patch
 literal 32
-dcmd1#|DTBg0(2Mzp)7_%1_lO=#KJO70RUP<1jGOU
+ccmd1#|DTBg0(2Mzp)7_%AVVXuuuM|`09r!?!~g&Q
 
 literal 0
 HcmV?d00001

SOURCES/0046-sd-bus-unify-three-code-paths-which-free-struct-bus_.patch

@@ -154,12 +154,12 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..c371824ffb604708619fd0713e8fca609bac18f7
 GIT binary patch
 literal 534
-zcmZ{h&q~8U5Qo2QZE3}mh({^(l3ZG?FW}9quQ2JKSO_L$Rwany#n(16yNQ%S=d$~o
+zcmZ{h!A`?442GSJP20o?A&zJgm*%p<cmZx)c?GB2N~MZabq0zMhzqX`{7ze`LYk$&
-z*`1khrf|3~2l*xZ0M3;-U`e#0Q_g^={kAgCz$q8Nt}HXD7w=MRO7o9T_$MxBsVbVQ
+z_LnqH{-ic!J`GWMLG(>T#&`l!4rxq{&>8YmwQrOs;B(}I_m11m8`nFp<MR{a3sX`q
-zsLDt4_Sq!9Nt>kcX_KUxB&w-}_VOx;`c0Wyz6l^R_4WQGkDWxj0j5BV%;tATdc{;T
+z!cs!Q@A35`W+B>`#ek1>oQYVSs`!XH?7Y=}3y9Ye+UliL9^x9s66$8wH+TPdOG`n|
-zNxV;0?Z^1PSGWa+QHL{=ni0@L7-!XS+Pg}s5SN|b)(~pjJo+4FBd2|i(<}!R=Mf{!
+z5Uhx<nM2)KiEdF(J5Ct}Xa*iksL!VNssA<Hq<KDseGAsT^*)9kK$?O39;dyGT&#2v
-zc+vGEB0(FA<<7D!=vAlJ>vhog!1WQ+VgGi2mZGqQTmfy{w!dxLT1ngKpsQ^&>=~AJ
+zLhpD3X)k6@tX`CzbBVV-7e$fy9()CjJ&n(=^)uJCKFB5Xi}-<1ru7po5XlEJ?uByQ
-L>FxXRA@2SU8?;@l
+MaEPzRhwknF02{PjtN;K2
 
 literal 0
 HcmV?d00001

SOURCES/0149-tests-add-a-reproducer-for-an-infinite-loop-in-ndisc.patch

@@ -27,7 +27,7 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..410cf38c1ec2156680e80160825b883fb4f12aa9
 GIT binary patch
 literal 53
-zcmZo;U|{$U0h1UQ7#dg^8UFug{?7ygZ4BH@stjCQpUNT`SQ!}@7#LI;7(l839<dJW
+ucmZo;U|{$U0h55t23AHOm-#;v2(&S9GpRCgaeXR_WB`f-fhq$7NEHAcu@3A2
 
 literal 0
 HcmV?d00001

SOURCES/0150-tests-add-a-reproducer-for-another-infinite-loop-in-.patch

@@ -18,7 +18,7 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..04e871fbcbddfe0642bd6855228bf8da163ad6e3
 GIT binary patch
 literal 71
-vcmZo;U}$4tu#$oUW@d)JzyAOK|Nk!=6Z5a^r8k=xq8a~7VHJl7GBN-FkAWQ*
+ucmZo;U}$4tu#$oUW@d)Jzy1TkUp6M@U)f7<HZepq{+E)%CJqy1WB>q<fgKkB
 
 literal 0
 HcmV?d00001

SOURCES/0160-fuzz-bus-message-add-fuzzer-for-message-parsing.patch

@@ -90,12 +90,12 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..2df70fd7cb6f0e632c4d5c2358091309a5cd3edc
 GIT binary patch
 literal 534
-zcmZ{h&q@P9490)c+S-aI5sy;vvU_Q@zJNDRg0GP6pLJnzm(8jyqImJO9m&jAO2J$*
+zcmZ{h!A`?442GSJjTUi2h$EV`OM6*iyZ|>&NW6m6ZC#~`RCNGV2*icg27V{4hLEuI
-zUouI)FDV`F(?Na)-+*%!4p<Ov=#(SivDnlW893z>*j800&HPQub!GAKKk<pnS*VKU
+z*Z%6nv6IG-c{fDW8PO*Z8RG~@1*A4LLPziq^|n=>fKTCf&ROnOFWhXL{-6KzKQR>*
-zDys6{y?%5_+ofI7wP}~6nIx*Ir3!hGMB8<hTE7V(Gi{sVIgd=DT>?`eW@cA62YAU;
+zA}kdo{MtXi^_lPUKI=U`x#dhG*Hq0<i2cUpS}%ckA-=00E9KEH5u{MeESA@QculFG
-zGfCPuRke!oA6K{rh7kv!Ny7-(i7=gYuhah3Qir^3+f4&uw(Vor!))Yqug8R`C4plj
+zruVss?wLceSE4J#)5yVN0GffvA#~1mm{Zra+=e{w{I&z@*?J#i4Is_HhZ+f`nuHx|
-z2|PrH7;)gF$F}2n&qqW8HZ4}3Wm&+>9<NrbfNz0|15Nw<?foQWX$Lt6y!Zacdv7Cc
+zld${fh;=jUB)V|NE5y2-nFH%A%GTPz>w(L%415E=fPT+(I2*knx96tO2RVnnVP6o!
-U-k_gtRCXE`J>Oto_jmF3zffXT%>V!Z
+Yuz#WfEX)Cqd!b_JHzYppZsXhk08nC8%>V!Z
 
 literal 0
 HcmV?d00001

SOURCES/0162-bus-message-avoid-an-infinite-loop-on-empty-structur.patch

@@ -155,7 +155,7 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..f1bf3229effc982c8b129182fe60739efe3c5013
 GIT binary patch
 literal 157
-ncmd1#|DTC5gMmSSfq{X+#27@<0i?K?r!r_H;sF^M8JYqB1XvKp
+mcmd1#|DTC5gMmSS0SHWtK_neOii>$FgGM4Akdcw0DF6TjSP;el
 
 literal 0
 HcmV?d00001
@@ -165,11 +165,11 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..c975f906eef521a3cfac5627c8b371ee55aa0e6c
 GIT binary patch
 literal 534
-zcmcJL!AitH5JcY?cTL2TA0P`}W-hzxe+d3UhusZ<#R=(A8ANaXw{#{eB8VsZ(p1+>
+zcmcJL!Ab-%42J(Y?m8o$d;nSS(q4Ae_Yi!A47)oFEOwaGU5e<<_x8`!K@h}~fslMn
-zbyXi6?%hFm2_JxS5eIB2RXODpc<6V7O-`J00qkRJWn90=VH<6}{AFIdj*Y5lr=lva
+zn)c7Z!M!`6y9Pc0I2S?0hHh3l#W~|szZ;Ct$XAT}7+V?FCpm1RoiBemuU&_Ys%S@7
-z`S~sTltcD8i4ScKUNsoi%aeFb+Zar*24tma>>s=0q|_DA0EJmy-~PaNG}?+!DX7|y
+zdCkYS>{AZe=OjL~Ie67zrCwgdYud(O^J==RG>!dpXFS^tlZIX@tK0h@{D4MV@hJsW
-z<(F5u0jh$h-pa@VIEJvC!<^IJ4Khr;?9*<9X}8_usA08m`c0#zF%md4lfZpxh#3dY
+zyR)R1zXEs6tHM*H04&I}2-7)y>9oE<hN&+5v>VCxw(Vn{LBxXmJ)=frMcRdZlJ-~v
-VXKXiK&wfN?!j`4_|80LCm`{c%O;`W`
+b#4gh=OPF@NW^U~wGO=l?@b9nvy<mI-hA2%~
 
 literal 0
 HcmV?d00001

SOURCES/0163-bus-message-let-s-always-use-EBADMSG-when-the-messag.patch

@@ -34,7 +34,7 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..2ae1a8715a12c65fba27d8e60216112a99b0ace7
 GIT binary patch
 literal 93
-ycmd1FDP>|PH8L_fX@m*{@Bvh%Mn*<y-~Mfw-1Yb0f5rv|1_p*!1_ljAO#uK!niIVM
+wcmd1FDP>|PH8L_f3B<@i03SeB2xg~!`?q0o*WZ8t85<aYpp}6^gHcle07aS;y#N3J
 
 literal 0
 HcmV?d00001

SOURCES/0167-bus-message-fix-calculation-of-offsets-table.patch

@@ -119,7 +119,7 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..9d3fa0035fd360a37833e8b58cc4aea90df9de83
 GIT binary patch
 literal 28
-jcmd1#|DTDG;s1Xo1_lO(c?v8H3=HXv3>t|^Wtsv2fcytC
+fcmd1#|DTDG0Z1?a!8`>PAeqj{pplqVrYQgbfcytC
 
 literal 0
 HcmV?d00001

SOURCES/0169-bus-message-fix-calculation-of-offsets-table-for-arr.patch

@@ -80,7 +80,7 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..26262e1149825a114a89bf9cee5aeca0be463984
 GIT binary patch
 literal 41
-rcmd1#|DTC5gMmSSfq{X+#F&GD5yW6%U}R!o&`3;7%uED<3{3$5oTCSm
+rcmd1#|DTC5gMmSS0SHWtIT#p03<d^9CI$wL#Kgo*AWlro&=ddwoTCSm
 
 literal 0
 HcmV?d00001

SOURCES/0172-bus-message-fix-skipping-of-array-fields-in-gvariant.patch

@@ -50,9 +50,9 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..6a20265a39e1b4a318b50aee2b13727ddc4113bf
 GIT binary patch
 literal 534
-zcmchUu?oUK5JcZ{1TU6;fM{uB;eYrM3o%g$ImiX<?DEOhCwrI9%ED|jv+T0V%=Ci1
+zcmc~{WMHggWMD`aVqj=xU|>*W&P&W-;Q0Fg|9>Elfq|V9OfmRED27Bi2!jjC2Wn-|
-z1iBr}z|jqQ$G=lbSZ(SITnnK4LbgjUz!`8OU^6EX2ecvNl}aKN@YKEucxoH|au`t6
+z17hYPAOVtNW-Ml42GVKy`9P9^ffdMS1=8h-IVt%J91NTwNgyEFV4&K>#6$*=MMgl(
-m{ODr$(RRB1>)V?0R#5Vll9?G!=D#<3h|~BOx{^q#obLyFdn%^@
+r%#fH?l1eMv=;=K=_yi-CK!KUB2_%6r0c0u^mlS2@rGxk|0FGY(dwVLU
 
 literal 0
 HcmV?d00001

SOURCES/0174-fuzz-bus-message-add-two-test-cases-that-pass-now.patch

@@ -21,7 +21,7 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..aa0c6ff7f7b6d2e3fa4358716ee1d05ba74cefc0
 GIT binary patch
 literal 89
-scmc~<lEK8lpj%j2SeRL+$)KTG#-IVBK^P>65Y0yx#SOrwlxYe80GQ+)G5`Po
+scmc~<lEK8lpj!w8nPr*`8k%Jc8Xy{kL4pX;d}L9u6jlOkN|~kr0GQ+)G5`Po
 
 literal 0
 HcmV?d00001

SOURCES/0175-bus-message-return-EBADMSG-not-EINVAL-on-invalid-gva.patch

@@ -31,10 +31,10 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..5faf3308e7ac9c14d66422169e74ba8c05ad7319
 GIT binary patch
 literal 534
-zcmd6ku?oU46h+UoDhf`1fCw&jsp1#7Ik@->DcVvfrZh#J#KqBnmZV7$7gz6+mv?!&
+zcmd5(y$ZrW3{L#Rf|Cy*1sA)t;uE+zxcCZJw53qIqj#v2xH$UGez{(yI63-3NWO$5
-z_r8>Z+y(L}JOL4n04rKVV(0^h;#ApAPYe?v(>hgka#iI~+kPS!#wJzEriqR5!xnpp
+zU+!uqzB5rdCwdYQvnEi=V1glA8o?i`lMy}upTQSe=c-Assy=GTr+lHv=4$0!Vy$EX
-zfC|>MWu~=`Ej0qv+%$D@&clT5&44k`GV@p9{C%<cQW|!CK;1eKr<<yp0T7JZES1ml
+z_LzYX&1*Ob(W(=vPGKsxuBpzYaDn6&un5*x;uk`Xz?Yk^O%qgGJ(zd<Eb+@AlE$ca
-o;mdn=FS(o_oGt&+v-joBpD|VC)}XQ`b^8s&D_aCScH8#v-+dcTo&W#<
+sLgf|{Zt3X?n*AhyXRr3JnuD(2&Q!)fgDPC^-?wYdB<S$iZQH+p1AQA$o&W#<
 
 literal 0
 HcmV?d00001

SOURCES/0176-bus-message-avoid-wrap-around-when-using-length-read.patch

@@ -94,7 +94,7 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..b3fee9e07af4f925697a549bbc8ffc03a277fac0
 GIT binary patch
 literal 40
-pcmc~{Vqj!oU|>jp`TxHd0|Ns)V==>j2ng-#xmY$WCw2;m3ji$f6YT&1
+mcmc~{Vqjzdg7laF|BC@>cE)0c{}2$`*K@IKT2AZ~5ElR}@e}O;
 
 literal 0
 HcmV?d00001

SOURCES/0243-udev-Add-id-program-and-rule-for-FIDO-security-token.patch

@@ -487,8 +487,8 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..48757cba682ffddd5a1ddd8988bb8bcdc7db0a7a
 GIT binary patch
 literal 71
-zcmZQ&<YZgO$jUDHK=ZjMgDPVw<5Z4Drm2jj9F2@qSxXsNIV2f1Sto)-m?tt$Wh><n
+zcmZQ&<YZgO$jUDHK=ZjMgDPVw<5Z4Drm2jj9F2@qSxXsNIV2f1Sto)-m?tt$Wh><X
-ZWl&9JWtU{oOl@S~WG>~H%CV8@000zh4^IF9
+Xs!9c_XV6S-WZ+~j<(SH`k?8;c6l@Pq
 
 literal 0
 HcmV?d00001

SOURCES/0256-tests-add-a-reproducer-for-a-memory-leak-fixed-in-30.patch

@@ -18,7 +18,7 @@ index 0000000000000000000000000000000000000000..424ae5cb010aa519758e6af90cc98179
 GIT binary patch
 literal 1847
 zcmXps(lIeJ&@nVNGBPkSGqo_&(Y4M<t>jX0aSiiycD2<{NiEaQE6vG)izFLb8I!<a
-W7zLwX6yN|3IK)T6C>RBU7XSc|I~Vl;
+b7zLvtFd70lLcjrs_^9w`2#kin;0*x)kUJOk
 
 literal 0
 HcmV?d00001

SOURCES/0257-tests-add-a-reproducer-for-a-heap-buffer-overflow-fi.patch

@@ -17,8 +17,8 @@ new file mode 100644
 index 0000000000000000000000000000000000000000..19887a1fec9fc29b1f7da8a2d1c5ea5054f2bc02
 GIT binary patch
 literal 112
-zcmXpq)Zrxx80r}680lCOP-~&{)k?wIfGehgOM!tQroxI#A*RAAHHJ&UB*rAhgn<hH
+zcmXpq)Zrxx80r}680lCOP-~&{)k?wIfGehgOM!tQroxI#0Z63Aa4DF?03ibx03hxS
-DAnpwr
+A82|tP
 
 literal 0
 HcmV?d00001

SOURCES/1006-ci-add-configuration-for-regression-sniffer-GA.patch

@@ -1,20 +0,0 @@
-From ca150b92be2e0edf3bfafe88ee79a419e7e11aaa Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Mon, 4 Mar 2024 13:40:45 +0100
-Subject: [PATCH] ci: add configuration for regression sniffer GA
-
-rhel-only
-
-Related: RHEL-1087
----
- .github/regression-sniffer.yml | 1 +
- 1 file changed, 1 insertion(+)
- create mode 100644 .github/regression-sniffer.yml
-
-diff --git a/.github/regression-sniffer.yml b/.github/regression-sniffer.yml
-new file mode 100644
-index 0000000000..3824028e92
---- /dev/null
-+++ b/.github/regression-sniffer.yml
-@@ -0,0 +1 @@
-+upstream: systemd/systemd

SOURCES/1007-coredump-actually-store-parsed-unit-in-the-context.patch

@@ -1,35 +0,0 @@
-From ccaa361e04719efc6bcf7f3201cc9e6a869677d8 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Mon, 4 Mar 2024 14:40:32 +0100
-Subject: [PATCH] coredump: actually store parsed unit in the context
-
-RHEL-only
-
-Related: RHEL-18302
----
- src/coredump/coredump.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
-index d8acd2d3a7..7af8e97877 100644
---- a/src/coredump/coredump.c
-+++ b/src/coredump/coredump.c
-@@ -1262,6 +1262,8 @@ static int gather_pid_metadata(
-                 context->meta[CONTEXT_EXE] = t;
- 
-         if (cg_pid_get_unit(pid, &t) >= 0) {
-+                context->meta[CONTEXT_UNIT] = t;
-+
-                 if (!is_journald_crash(context)) {
-                         /* OK, now we know it's not the journal, hence we can make use of it now. */
-                         log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
-@@ -1275,8 +1277,7 @@ static int gather_pid_metadata(
-                 }
- 
-                 set_iovec_string_field(iovec, n_iovec, "COREDUMP_UNIT=", context->meta[CONTEXT_UNIT]);
--        } else
--                context->meta[CONTEXT_UNIT] = t;
-+        }
- 
-         if (cg_pid_get_user_unit(pid, &t) >= 0)
-                 set_iovec_field_free(iovec, n_iovec, "COREDUMP_USER_UNIT=", t);

SOURCES/1008-resolved-limit-the-number-of-signature-validations-i.patch

@@ -1,184 +0,0 @@
-From 899e3c43d6ac9d97c3cb9340b778427391def4ac Mon Sep 17 00:00:00 2001
-From: Jacek Migacz <jmigacz@redhat.com>
-Date: Mon, 26 Feb 2024 13:47:24 +0100
-Subject: [PATCH] resolved: limit the number of signature validations in a
- transaction
-
-It has been demonstrated that tolerating an unbounded number of dnssec
-signature validations is a bad idea. It is easy for a maliciously
-crafted DNS reply to contain as many keytag collisions as desired,
-causing us to iterate every dnskey and signature combination in vain.
-
-The solution is to impose a maximum number of validations we will
-tolerate. While collisions are not hard to craft, I still expect they
-are unlikely in the wild so it should be safe to pick fairly small
-values.
-
-Here two limits are imposed: one on the maximum number of invalid
-signatures encountered per rrset, and another on the total number of
-validations performed per transaction.
-
-(cherry picked from commit 67d0ce8843d612a2245d0966197d4f528b911b66)
-
-Resolves: RHEL-26644
----
- src/resolve/resolved-dns-dnssec.c      | 16 ++++++++++++++--
- src/resolve/resolved-dns-dnssec.h      |  9 ++++++++-
- src/resolve/resolved-dns-transaction.c | 19 ++++++++++++++++---
- 3 files changed, 38 insertions(+), 6 deletions(-)
-
-diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
-index 0a6f482cc1..5dbfbc94c7 100644
---- a/src/resolve/resolved-dns-dnssec.c
-+++ b/src/resolve/resolved-dns-dnssec.c
-@@ -996,6 +996,7 @@ int dnssec_verify_rrset_search(
-                 DnsResourceRecord **ret_rrsig) {
- 
-         bool found_rrsig = false, found_invalid = false, found_expired_rrsig = false, found_unsupported_algorithm = false;
-+        unsigned nvalidations = 0;
-         DnsResourceRecord *rrsig;
-         int r;
- 
-@@ -1041,6 +1042,14 @@ int dnssec_verify_rrset_search(
-                         if (realtime == USEC_INFINITY)
-                                 realtime = now(CLOCK_REALTIME);
- 
-+                        /* Have we seen an unreasonable number of invalid signaures? */
-+                        if (nvalidations > DNSSEC_INVALID_MAX) {
-+                                if (ret_rrsig)
-+                                        *ret_rrsig = NULL;
-+                                *result = DNSSEC_TOO_MANY_VALIDATIONS;
-+                                return (int) nvalidations;
-+                        }
-+
-                         /* Yay, we found a matching RRSIG with a matching
-                          * DNSKEY, awesome. Now let's verify all entries of
-                          * the RRSet against the RRSIG and DNSKEY
-@@ -1050,6 +1059,8 @@ int dnssec_verify_rrset_search(
-                         if (r < 0)
-                                 return r;
- 
-+                        nvalidations++;
-+
-                         switch (one_result) {
- 
-                         case DNSSEC_VALIDATED:
-@@ -1060,7 +1071,7 @@ int dnssec_verify_rrset_search(
-                                         *ret_rrsig = rrsig;
- 
-                                 *result = one_result;
--                                return 0;
-+                                return (int) nvalidations;
- 
-                         case DNSSEC_INVALID:
-                                 /* If the signature is invalid, let's try another
-@@ -1107,7 +1118,7 @@ int dnssec_verify_rrset_search(
-         if (ret_rrsig)
-                 *ret_rrsig = NULL;
- 
--        return 0;
-+        return (int) nvalidations;
- }
- 
- int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) {
-@@ -2301,6 +2312,7 @@ static const char* const dnssec_result_table[_DNSSEC_RESULT_MAX] = {
-         [DNSSEC_FAILED_AUXILIARY] = "failed-auxiliary",
-         [DNSSEC_NSEC_MISMATCH] = "nsec-mismatch",
-         [DNSSEC_INCOMPATIBLE_SERVER] = "incompatible-server",
-+        [DNSSEC_TOO_MANY_VALIDATIONS]  = "too-many-validations",
- };
- DEFINE_STRING_TABLE_LOOKUP(dnssec_result, DnssecResult);
- 
-diff --git a/src/resolve/resolved-dns-dnssec.h b/src/resolve/resolved-dns-dnssec.h
-index dfee7232c0..4d6abee084 100644
---- a/src/resolve/resolved-dns-dnssec.h
-+++ b/src/resolve/resolved-dns-dnssec.h
-@@ -9,12 +9,13 @@ typedef enum DnssecVerdict DnssecVerdict;
- #include "resolved-dns-rr.h"
- 
- enum DnssecResult {
--        /* These five are returned by dnssec_verify_rrset() */
-+        /* These six are returned by dnssec_verify_rrset() */
-         DNSSEC_VALIDATED,
-         DNSSEC_VALIDATED_WILDCARD, /* Validated via a wildcard RRSIG, further NSEC/NSEC3 checks necessary */
-         DNSSEC_INVALID,
-         DNSSEC_SIGNATURE_EXPIRED,
-         DNSSEC_UNSUPPORTED_ALGORITHM,
-+        DNSSEC_TOO_MANY_VALIDATIONS,
- 
-         /* These two are added by dnssec_verify_rrset_search() */
-         DNSSEC_NO_SIGNATURE,
-@@ -45,6 +46,12 @@ enum DnssecVerdict {
- /* The longest digest we'll ever generate, of all digest algorithms we support */
- #define DNSSEC_HASH_SIZE_MAX (MAX(20, 32))
- 
-+/* The most invalid signatures we will tolerate for a single rrset */
-+#define DNSSEC_INVALID_MAX 5
-+
-+/* The total number of signature validations we will tolerate for a single transaction */
-+#define DNSSEC_VALIDATION_MAX 64
-+
- int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok);
- int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig);
- 
-diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
-index 6f614d7493..1ca6c9abc8 100644
---- a/src/resolve/resolved-dns-transaction.c
-+++ b/src/resolve/resolved-dns-transaction.c
-@@ -2870,11 +2870,14 @@ static int dnssec_validate_records(
-                 DnsTransaction *t,
-                 Phase phase,
-                 bool *have_nsec,
-+                unsigned *nvalidations,
-                 DnsAnswer **validated) {
- 
-         DnsResourceRecord *rr;
-         int r;
- 
-+        assert(nvalidations);
-+
-         /* Returns negative on error, 0 if validation failed, 1 to restart validation, 2 when finished. */
- 
-         DNS_ANSWER_FOREACH(rr, t->answer) {
-@@ -2909,6 +2912,7 @@ static int dnssec_validate_records(
-                 r = dnssec_verify_rrset_search(t->answer, rr->key, t->validated_keys, USEC_INFINITY, &result, &rrsig);
-                 if (r < 0)
-                         return r;
-+                *nvalidations += r;
- 
-                 log_debug("Looking at %s: %s", strna(dns_resource_record_to_string(rr)), dnssec_result_to_string(result));
- 
-@@ -3086,7 +3090,8 @@ static int dnssec_validate_records(
-                                            DNSSEC_SIGNATURE_EXPIRED,
-                                            DNSSEC_NO_SIGNATURE))
-                                         manager_dnssec_verdict(t->scope->manager, DNSSEC_BOGUS, rr->key);
--                                else /* DNSSEC_MISSING_KEY or DNSSEC_UNSUPPORTED_ALGORITHM */
-+                                else /* DNSSEC_MISSING_KEY, DNSSEC_UNSUPPORTED_ALGORITHM,
-+                                        or DNSSEC_TOO_MANY_VALIDATIONS */
-                                         manager_dnssec_verdict(t->scope->manager, DNSSEC_INDETERMINATE, rr->key);
- 
-                                 /* This is a primary response to our question, and it failed validation.
-@@ -3180,13 +3185,21 @@ int dns_transaction_validate_dnssec(DnsTransaction *t) {
-                 return r;
- 
-         phase = DNSSEC_PHASE_DNSKEY;
--        for (;;) {
-+        for (unsigned nvalidations = 0;;) {
-                 bool have_nsec = false;
- 
--                r = dnssec_validate_records(t, phase, &have_nsec, &validated);
-+                r = dnssec_validate_records(t, phase, &have_nsec, &nvalidations, &validated);
-                 if (r <= 0)
-                         return r;
- 
-+                if (nvalidations > DNSSEC_VALIDATION_MAX) {
-+                        /* This reply requires an onerous number of signature validations to verify. Let's
-+                         * not waste our time trying, as this shouldn't happen for well-behaved domains
-+                         * anyway. */
-+                        t->answer_dnssec_result = DNSSEC_TOO_MANY_VALIDATIONS;
-+                        return 0;
-+                }
-+
-                 /* Try again as long as we managed to achieve something */
-                 if (r == 1)
-                         continue;

SOURCES/1009-resolved-reduce-the-maximum-nsec3-iterations-to-100.patch

@@ -1,34 +0,0 @@
-From 92124e84be68005be92cce046c7c679b98199d66 Mon Sep 17 00:00:00 2001
-From: Jacek Migacz <jmigacz@redhat.com>
-Date: Mon, 26 Feb 2024 13:56:36 +0100
-Subject: [PATCH] resolved: reduce the maximum nsec3 iterations to 100
-
-According to RFC9267, the 2500 value is not helpful, and in fact it can
-be harmful to permit a large number of iterations. Combined with limits
-on the number of signature validations, I expect this will mitigate the
-impact of maliciously crafted domains designed to cause excessive
-cryptographic work.
-
-(cherry picked from commit eba291124bc11f03732d1fc468db3bfac069f9cb)
-
-Related: RHEL-26644
----
- src/resolve/resolved-dns-dnssec.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
-index 5dbfbc94c7..5a0540568c 100644
---- a/src/resolve/resolved-dns-dnssec.c
-+++ b/src/resolve/resolved-dns-dnssec.c
-@@ -22,8 +22,9 @@
- /* Permit a maximum clock skew of 1h 10min. This should be enough to deal with DST confusion */
- #define SKEW_MAX (1*USEC_PER_HOUR + 10*USEC_PER_MINUTE)
- 
--/* Maximum number of NSEC3 iterations we'll do. RFC5155 says 2500 shall be the maximum useful value */
--#define NSEC3_ITERATIONS_MAX 2500
-+/* Maximum number of NSEC3 iterations we'll do. RFC5155 says 2500 shall be the maximum useful value, but
-+ * RFC9276 § 3.2 says that we should reduce the acceptable iteration count */
-+#define NSEC3_ITERATIONS_MAX 100
- 
- /*
-  * The DNSSEC Chain of trust:

SOURCES/1010-pid1-by-default-make-user-units-inherit-their-umask-.patch

@@ -1,117 +0,0 @@
-From f896e672ec6101ccbb21108345946e834455a25f Mon Sep 17 00:00:00 2001
-From: Franck Bui <fbui@suse.com>
-Date: Fri, 3 Apr 2020 10:00:25 +0200
-Subject: [PATCH] pid1: by default make user units inherit their umask from the
- user manager
-
-This patch changes the way user managers set the default umask for the units it
-manages.
-
-Indeed one can expect that if user manager's umask is redefined through PAM
-(via /etc/login.defs or pam_umask), all its children including the units it
-spawns have their umask set to the new value.
-
-Hence make user units inherit their umask value from their parent instead of
-the hard coded value 0022 but allow them to override this value via their unit
-file.
-
-Note that reexecuting managers with 'systemctl daemon-reexec' after changing
-UMask= has no effect. To take effect managers need to be restarted with
-'systemct restart' instead. This behavior was already present before this
-patch.
-
-Fixes #6077.
-
-(cherry picked from commit 5e37d1930b41b24c077ce37c6db0e36c745106c7)
-
-Related: RHEL-28048
----
- man/systemd.exec.xml     |  9 +++++++--
- src/basic/process-util.c | 17 +++++++++++++++++
- src/basic/process-util.h |  1 +
- src/core/unit.c          | 12 ++++++++++--
- 4 files changed, 35 insertions(+), 4 deletions(-)
-
-diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
-index b04b4ba552..844c1ce94b 100644
---- a/man/systemd.exec.xml
-+++ b/man/systemd.exec.xml
-@@ -590,8 +590,13 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
-         <term><varname>UMask=</varname></term>
- 
-         <listitem><para>Controls the file mode creation mask. Takes an access mode in octal notation. See
--        <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry> for details. Defaults
--        to 0022.</para></listitem>
-+        <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry> for
-+        details. Defaults to 0022 for system units. For units of the user service manager the default value
-+        is inherited from the user instance (whose default is inherited from the system service manager, and
-+        thus also is 0022). Hence changing the default value of a user instance, either via
-+        <varname>UMask=</varname> or via a PAM module, will affect the user instance itself and all user
-+        units started by the user instance unless a user unit has specified its own
-+        <varname>UMask=</varname>.</para></listitem>
-       </varlistentry>
- 
-       <varlistentry>
-diff --git a/src/basic/process-util.c b/src/basic/process-util.c
-index 9e2237375d..af44bfab3e 100644
---- a/src/basic/process-util.c
-+++ b/src/basic/process-util.c
-@@ -657,6 +657,23 @@ int get_process_ppid(pid_t pid, pid_t *ret) {
-         return 0;
- }
- 
-+int get_process_umask(pid_t pid, mode_t *umask) {
-+        _cleanup_free_ char *m = NULL;
-+        const char *p;
-+        int r;
-+
-+        assert(umask);
-+        assert(pid >= 0);
-+
-+        p = procfs_file_alloca(pid, "status");
-+
-+        r = get_proc_field(p, "Umask", WHITESPACE, &m);
-+        if (r == -ENOENT)
-+                return -ESRCH;
-+
-+        return parse_mode(m, umask);
-+}
-+
- int wait_for_terminate(pid_t pid, siginfo_t *status) {
-         siginfo_t dummy;
- 
-diff --git a/src/basic/process-util.h b/src/basic/process-util.h
-index a3bd2851b4..9059aad4cc 100644
---- a/src/basic/process-util.h
-+++ b/src/basic/process-util.h
-@@ -41,6 +41,7 @@ int get_process_cwd(pid_t pid, char **cwd);
- int get_process_root(pid_t pid, char **root);
- int get_process_environ(pid_t pid, char **environ);
- int get_process_ppid(pid_t pid, pid_t *ppid);
-+int get_process_umask(pid_t pid, mode_t *umask);
- 
- int wait_for_terminate(pid_t pid, siginfo_t *status);
- 
-diff --git a/src/core/unit.c b/src/core/unit.c
-index 76fb9f8075..d3459dcdd0 100644
---- a/src/core/unit.c
-+++ b/src/core/unit.c
-@@ -167,8 +167,16 @@ static void unit_init(Unit *u) {
-         if (ec) {
-                 exec_context_init(ec);
- 
--                ec->keyring_mode = MANAGER_IS_SYSTEM(u->manager) ?
--                        EXEC_KEYRING_SHARED : EXEC_KEYRING_INHERIT;
-+                if (MANAGER_IS_SYSTEM(u->manager))
-+                        ec->keyring_mode = EXEC_KEYRING_SHARED;
-+                else {
-+                        ec->keyring_mode = EXEC_KEYRING_INHERIT;
-+
-+                        /* User manager might have its umask redefined by PAM or UMask=. In this
-+                         * case let the units it manages inherit this value by default. They can
-+                         * still tune this value through their own unit file */
-+                        (void) get_process_umask(getpid_cached(), &ec->umask);
-+                }
-         }
- 
-         kc = unit_get_kill_context(u);

SOURCES/1011-pam-add-call-to-pam_umask.patch

@@ -1,28 +0,0 @@
-From 49dbe60d4b3c6f111911c8217bc5e7da5a4ba0d0 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Wed, 31 May 2023 18:50:12 +0200
-Subject: [PATCH] pam: add call to pam_umask
-
-Setting umask for user sessions via UMASK setting in /etc/login.defs is
-a well-known feature. Let's make sure that user manager also runs with
-this umask value.
-
-Follow-up for 5e37d1930b41b24c077ce37c6db0e36c745106c7.
-
-(cherry picked from commit 159f1b78576ce91c3932f4867f07361a530875d3)
-
-Resolves: RHEL-28048
----
- src/login/systemd-user.m4 | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/login/systemd-user.m4 b/src/login/systemd-user.m4
-index eb291beaed..a194a636d6 100644
---- a/src/login/systemd-user.m4
-+++ b/src/login/systemd-user.m4
-@@ -10,4 +10,5 @@ session required pam_selinux.so nottys open
- session required pam_loginuid.so
- session optional pam_keyinit.so force revoke
- session required pam_namespace.so
-+session optional pam_umask.so silent
- session optional pam_systemd.so

SOURCES/1012-ci-deploy-systemd-man-to-GitHub-Pages.patch

@@ -1,81 +0,0 @@
-From 045ba12c6337760f0a7f8b0ceb9f998b309e025f Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Fri, 9 Feb 2024 14:48:02 +0100
-Subject: [PATCH] ci: deploy systemd man to GitHub Pages
-
-rhel-only
-
-Related: RHEL-32494
-
-Co-authored-by: Frantisek Sumsal <frantisek@sumsal.cz>
----
- .github/workflows/deploy-man-pages.yml | 60 ++++++++++++++++++++++++++
- 1 file changed, 60 insertions(+)
- create mode 100644 .github/workflows/deploy-man-pages.yml
-
-diff --git a/.github/workflows/deploy-man-pages.yml b/.github/workflows/deploy-man-pages.yml
-new file mode 100644
-index 0000000000..9da38a1687
---- /dev/null
-+++ b/.github/workflows/deploy-man-pages.yml
-@@ -0,0 +1,60 @@
-+name: Deploy systemd man to Pages
-+
-+on:
-+  push:
-+    branches: [ rhel-8.10.0 ]
-+    paths:
-+      - man/*
-+      - .github/workflows/deploy-man-pages.yml
-+  schedule:
-+    # Run every Monday at 4:00 AM UTC
-+    - cron: 0 4 * * 1
-+  workflow_dispatch:
-+
-+permissions:
-+  contents: read
-+
-+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
-+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
-+concurrency:
-+  group: pages
-+  cancel-in-progress: false
-+
-+jobs:
-+  # Single deploy job since we're just deploying
-+  deploy:
-+    environment:
-+      name: github-pages
-+      url: ${{ steps.deployment.outputs.page_url }}
-+    runs-on: ubuntu-latest
-+
-+    permissions:
-+      pages: write
-+      id-token: write
-+
-+    steps:
-+      - uses: actions/checkout@v4
-+
-+      - name: Install dependencies
-+        run: |
-+          RELEASE="$(lsb_release -cs)"
-+          sudo add-apt-repository -y --no-update --enable-source
-+          sudo apt-get -y update
-+          sudo apt-get -y build-dep systemd
-+
-+      - name: Build HTML man pages
-+        run: |
-+          meson setup build
-+          ninja -C build man/html
-+
-+      - name: Setup Pages
-+        uses: actions/configure-pages@v4
-+
-+      - name: Upload artifact
-+        uses: actions/upload-pages-artifact@v3
-+        with:
-+          path: ./build/man
-+
-+      - name: Deploy to GitHub Pages
-+        id: deployment
-+        uses: actions/deploy-pages@v4

SOURCES/1013-ci-src-git-update-list-of-supported-products.patch

@@ -1,24 +0,0 @@
-From 604d2f1c8b6ecb46be7f70c5be7ae6fc6be04cab Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Thu, 11 Apr 2024 10:14:51 +0200
-Subject: [PATCH] ci(src-git): update list of supported products
-
-rhel-only
-
-Related: RHEL-32494
----
- .github/tracker-validator.yml | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml
-index b09f702dd9..1bb684e722 100644
---- a/.github/tracker-validator.yml
-+++ b/.github/tracker-validator.yml
-@@ -16,5 +16,5 @@ products:
-   - rhel-8.8.0.z
-   - rhel-8.9.0
-   - rhel-8.9.0.z
--  - rhel-8.10.0
--  - rhel-8.10.0.z
-+  - rhel-8.10
-+  - rhel-8.10.z

SOURCES/1014-ci-update-actions-upload-artifact-to-v4.patch

@@ -1,29 +0,0 @@
-From 0e66d8f81574b13402b7356bf8261739c4b8b90e Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Thu, 25 Apr 2024 15:00:33 +0200
-Subject: [PATCH] ci: update actions/upload-artifact to `v4`
-
-`v3` will be deprecated soon, so update to `v4`.
-
-https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/
-
-rhel-only
-
-Related: RHEL-32494
----
- .github/workflows/gather-metadata.yml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/.github/workflows/gather-metadata.yml b/.github/workflows/gather-metadata.yml
-index f432f41811..08ad813971 100644
---- a/.github/workflows/gather-metadata.yml
-+++ b/.github/workflows/gather-metadata.yml
-@@ -22,7 +22,7 @@ jobs:
-         uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1
- 
-       - name: Upload artifact with gathered metadata
--        uses: actions/upload-artifact@v3
-+        uses: actions/upload-artifact@v4
-         with:
-           name: pr-metadata
-           path: ${{ steps.Metadata.outputs.metadata-file }}

SOURCES/1015-ci-drop-unused-variable.patch

@@ -1,24 +0,0 @@
-From 72040693da79d7ef3d1f210866ee1f651b720247 Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Thu, 25 Apr 2024 16:31:18 +0200
-Subject: [PATCH] ci: drop unused variable
-
-rhel-only
-
-Related: RHEL-32494
----
- .github/workflows/deploy-man-pages.yml | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/.github/workflows/deploy-man-pages.yml b/.github/workflows/deploy-man-pages.yml
-index 9da38a1687..c65c9b62ee 100644
---- a/.github/workflows/deploy-man-pages.yml
-+++ b/.github/workflows/deploy-man-pages.yml
-@@ -37,7 +37,6 @@ jobs:
- 
-       - name: Install dependencies
-         run: |
--          RELEASE="$(lsb_release -cs)"
-           sudo add-apt-repository -y --no-update --enable-source
-           sudo apt-get -y update
-           sudo apt-get -y build-dep systemd

SOURCES/1016-ci-reduce-ASLR-entropy.patch

@@ -1,30 +0,0 @@
-From df87420725157953268ed099c3c97989288db1fa Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <fsumsal@redhat.com>
-Date: Wed, 13 Mar 2024 12:13:23 +0100
-Subject: [PATCH] ci: reduce ASLR entropy
-
-The latest GH Action runners started using 32-bit entropy for ASLR,
-which makes it incompatible with llvm-14. This was fixed in later llvm
-releases, but these aren't available on Ubuntu Jammy (22.04). Let's
-reduce the ASLR entropy to 28-bit, which should make llvm happy again,
-until the issue is resolved.
-
-See: actions/runner-images#9491
----
- .github/workflows/unit_tests.yml | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
-index f397e8ed6e..814e17b6bf 100644
---- a/.github/workflows/unit_tests.yml
-+++ b/.github/workflows/unit_tests.yml
-@@ -18,6 +18,9 @@ jobs:
-     steps:
-       - name: Repository checkout
-         uses: actions/checkout@v1
-+      # FIXME: drop once https://github.com/actions/runner-images/issues/9491  is resolved
-+      - name: Reduce ASLR entropy
-+        run: sudo sysctl -w vm.mmap_rnd_bits=28
-       - name: Install build dependencies
-         run: sudo -E .github/workflows/unit_tests.sh SETUP
-       - name: Build & test (${{ env.CENTOS_RELEASE }} / ${{ matrix.phase }})

SOURCES/1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch

@@ -1,89 +0,0 @@
-From a4e0b7ab90c8bc6ecb7bd883f19e5a5834ae9058 Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <fsumsal@redhat.com>
-Date: Wed, 13 Mar 2024 12:41:17 +0100
-Subject: [PATCH] test: skip the symlink part of test_touch_file() in GH
- Actions
-
-Our (RHEL 8) touch_file() is not clever enough and does chmod() on a
-symlink, which fails with EOPNOTSUPP on newer kernels. This is not an
-issue on the RHEL 8 kernel, where doing chmod() on a symlink works
-(albeit only on tmpfs) but in GH Actions we run in a container, and with
-the underlying kernel doing chmod() on a symlink fails even on tmpfs:
-
-RHEL 8:
-~# mount -t tmpfs tmpfs /tmp
-~# (cd /tmp; ln -s symlink dangling; ln -s /etc/os-release symlink)
-~# (cd /var/tmp; ln -s symlink dangling; ln -s /etc/os-release symlink)
-~# gcc -o main main.c -D_GNU_SOURCE
-~# ./main /tmp/dangling
-chmod(/proc/self/fd/3)=0 (0)
-~# ./main /tmp/symlink
-chmod(/proc/self/fd/3)=0 (0)
-~# ./main /var/tmp/dangling
-chmod(/proc/self/fd/3)=-1 (95)
-~# ./main /var/tmp/symlink
-chmod(/proc/self/fd/3)=-1 (95)
-
-Newer kernel:
-~# uname -r
-6.7.4-200.fc39.x86_64
-~# ./main /tmp/dangling
-chmod(/proc/self/fd/3)=-1 (95)
-~# ./main /tmp/symlink
-chmod(/proc/self/fd/3)=-1 (95)
-~# ./main /var/tmp/dangling
-chmod(/proc/self/fd/3)=-1 (95)
-~# ./main /var/tmp/symlink
-chmod(/proc/self/fd/3)=-1 (95)
-
-Backporting the necessary patches would be way too risky so late in the
-RHEL 8 cycle, so let's just skip the offending test when running in GH
-Actions. To do that we have to jump through a couple of hoops, since
-RHEL 8 systemd can't detect docker. Oh well.
-
-See: #434
-
-RHEL-only
----
- src/test/test-fs-util.c | 21 ++++++++++++---------
- 1 file changed, 12 insertions(+), 9 deletions(-)
-
-diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
-index aa32629f62..a3428f8c0d 100644
---- a/src/test/test-fs-util.c
-+++ b/src/test/test-fs-util.c
-@@ -15,6 +15,7 @@
- #include "stdio-util.h"
- #include "string-util.h"
- #include "strv.h"
-+#include "tests.h"
- #include "user-util.h"
- #include "util.h"
- #include "virt.h"
-@@ -544,15 +545,17 @@ static void test_touch_file(void) {
-                 assert_se(timespec_load(&st.st_mtim) == test_mtime);
-         }
- 
--        a = strjoina(p, "/lnk");
--        assert_se(symlink("target", a) >= 0);
--        assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0);
--        assert_se(lstat(a, &st) >= 0);
--        assert_se(st.st_uid == test_uid);
--        assert_se(st.st_gid == test_gid);
--        assert_se(S_ISLNK(st.st_mode));
--        assert_se((st.st_mode & 0777) == 0640);
--        assert_se(timespec_load(&st.st_mtim) == test_mtime);
-+        if (!streq_ptr(ci_environment(), "github-actions")) {
-+                a = strjoina(p, "/lnk");
-+                assert_se(symlink("target", a) >= 0);
-+                assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0);
-+                assert_se(lstat(a, &st) >= 0);
-+                assert_se(st.st_uid == test_uid);
-+                assert_se(st.st_gid == test_gid);
-+                assert_se(S_ISLNK(st.st_mode));
-+                assert_se((st.st_mode & 0777) == 0640);
-+                assert_se(timespec_load(&st.st_mtim) == test_mtime);
-+        }
- }
- 
- static void test_unlinkat_deallocate(void) {

SOURCES/1018-core-add-possibility-to-not-track-certain-unit-types.patch

@@ -1,53 +0,0 @@
-From dd794489f97baf760d03b32e4e3188b5af799436 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Wed, 7 Sep 2022 17:37:34 +0200
-Subject: [PATCH] core: add possibility to not track certain unit types
-
-(cherry picked from commit 88e4bfa62bd2561e04a90dc009e7a3865e0878fb)
-
-Related: RHEL-5877
----
- src/core/unit.c | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/src/core/unit.c b/src/core/unit.c
-index d3459dcdd0..ac960ef0c8 100644
---- a/src/core/unit.c
-+++ b/src/core/unit.c
-@@ -18,6 +18,7 @@
- #include "dbus-unit.h"
- #include "dbus.h"
- #include "dropin.h"
-+#include "env-util.h"
- #include "escape.h"
- #include "execute.h"
- #include "fd-util.h"
-@@ -4786,11 +4787,28 @@ int unit_setup_dynamic_creds(Unit *u) {
- }
- 
- bool unit_type_supported(UnitType t) {
-+        static int8_t cache[_UNIT_TYPE_MAX] = {}; /* -1: disabled, 1: enabled: 0: don't know */
-+        int r;
-+
-         if (_unlikely_(t < 0))
-                 return false;
-         if (_unlikely_(t >= _UNIT_TYPE_MAX))
-                 return false;
- 
-+        if (cache[t] == 0) {
-+                char *e;
-+
-+                e = strjoina("SYSTEMD_SUPPORT_", unit_type_to_string(t));
-+
-+                r = getenv_bool(ascii_strupper(e));
-+                if (r < 0 && r != -ENXIO)
-+                        log_debug_errno(r, "Failed to parse $%s, ignoring: %m", e);
-+
-+                cache[t] = r == 0 ? -1 : 1;
-+        }
-+        if (cache[t] < 0)
-+                return false;
-+
-         if (!unit_vtable[t]->supported)
-                 return true;
- 

SOURCES/1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch

@@ -1,50 +0,0 @@
-From c87954f7ee7859524c60e6ca724c68b0a35e26ce Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Tue, 12 Dec 2023 19:03:39 +0100
-Subject: [PATCH] logind: don't setup idle session watch for lock-screen and
- greeter
-
-Reason to skip the idle session logic for these session classes is that
-they are idle by default.
-
-(cherry picked from commit 508b4786e8592e82eb4832549f74aaa54335d14c)
-
-Resolves: RHEL-19215
----
- man/logind.conf.xml        | 9 +++++----
- src/login/logind-session.c | 2 +-
- 2 files changed, 6 insertions(+), 5 deletions(-)
-
-diff --git a/man/logind.conf.xml b/man/logind.conf.xml
-index 56981c1837..6cb41b6955 100644
---- a/man/logind.conf.xml
-+++ b/man/logind.conf.xml
-@@ -343,10 +343,11 @@
-         <term><varname>StopIdleSessionSec=</varname></term>
- 
-         <listitem><para>Specifies a timeout in seconds, or a time span value after which
--        <filename>systemd-logind</filename> checks the idle state of all sessions. Every session that is idle for
--        longer then the timeout will be stopped. Defaults to <literal>infinity</literal>
--        (<filename>systemd-logind</filename> is not checking the idle state of sessions). For details about the syntax
--        of time spans, see
-+        <filename>systemd-logind</filename> checks the idle state of all sessions. Every session that is idle
-+        for longer than the timeout will be stopped. Note that this option doesn't apply to
-+        <literal>greeter</literal> or <literal>lock-screen</literal> sessions. Defaults to
-+        <literal>infinity</literal> (<filename>systemd-logind</filename> is not checking the idle state
-+        of sessions). For details about the syntax of time spans, see
-         <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
-         </para></listitem>
-       </varlistentry>
-diff --git a/src/login/logind-session.c b/src/login/logind-session.c
-index 4edc4b9b88..57b9696d1d 100644
---- a/src/login/logind-session.c
-+++ b/src/login/logind-session.c
-@@ -713,7 +713,7 @@ static int session_setup_stop_on_idle_timer(Session *s) {
- 
-         assert(s);
- 
--        if (s->manager->stop_idle_session_usec == USEC_INFINITY)
-+        if (s->manager->stop_idle_session_usec == USEC_INFINITY || IN_SET(s->class, SESSION_GREETER, SESSION_LOCK_SCREEN))
-                 return 0;
- 
-         r = sd_event_add_time_relative(

SOURCES/1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch

@@ -1,47 +0,0 @@
-From 77a215ecaca4e927a3465ac5f502d5873ef942ef Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Thu, 4 Jan 2024 13:40:00 +0100
-Subject: [PATCH] logind: tighten for which classes of sessions we do
- stop-on-idle
-
-We only want to do this for fully set up, interactive sessions, i.e.
-user and user-early, but not for any others, hence restrict the rules a
-bit.
-
-Follow-up for: 508b4786e8592e82eb4832549f74aaa54335d14c
-
-(cherry picked from commit ad23439eae718ac3634f260be0d29e01445983a8)
-
-Related: RHEL-19215
----
- src/login/logind-session.c | 2 +-
- src/login/logind-session.h | 3 +++
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/login/logind-session.c b/src/login/logind-session.c
-index 57b9696d1d..9ec7bd3344 100644
---- a/src/login/logind-session.c
-+++ b/src/login/logind-session.c
-@@ -713,7 +713,7 @@ static int session_setup_stop_on_idle_timer(Session *s) {
- 
-         assert(s);
- 
--        if (s->manager->stop_idle_session_usec == USEC_INFINITY || IN_SET(s->class, SESSION_GREETER, SESSION_LOCK_SCREEN))
-+        if (s->manager->stop_idle_session_usec == USEC_INFINITY || !SESSION_CLASS_CAN_STOP_ON_IDLE(s->class))
-                 return 0;
- 
-         r = sd_event_add_time_relative(
-diff --git a/src/login/logind-session.h b/src/login/logind-session.h
-index 0557696761..955cd7de92 100644
---- a/src/login/logind-session.h
-+++ b/src/login/logind-session.h
-@@ -26,6 +26,9 @@ typedef enum SessionClass {
-         _SESSION_CLASS_INVALID = -1
- } SessionClass;
- 
-+/* Which sessions classes should be subject to stop-in-idle */
-+#define SESSION_CLASS_CAN_STOP_ON_IDLE(class) (IN_SET((class), SESSION_USER))
-+
- typedef enum SessionType {
-         SESSION_UNSPECIFIED,
-         SESSION_TTY,

SOURCES/1021-ci-point-C8S-containers-to-the-Vault.patch

@@ -1,27 +0,0 @@
-From 3aae10768d08007dc087306431da60f85087ae57 Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <frantisek@sumsal.cz>
-Date: Wed, 26 Jun 2024 13:16:27 +0200
-Subject: [PATCH] ci: point C8S containers to the Vault
-
-Temporarily point repos in C8S containers to the Vault (since C8S is
-EOL), until we figure out a _proper_ solution.
-
-Related: RHEL-1087
----
- .github/workflows/unit_tests.sh | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
-index 3859433720..7cc7da164c 100755
---- a/.github/workflows/unit_tests.sh
-+++ b/.github/workflows/unit_tests.sh
-@@ -138,6 +138,9 @@ for phase in "${PHASES[@]}"; do
- 
-             # Beautiful workaround for Fedora's version of Docker
-             sleep 1
-+            # FIXME?: Point C8S repos to the Vault, since C8S is EOL
-+            $DOCKER_EXEC bash -xec "sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*"
-+            $DOCKER_EXEC bash -xec "sed -i 's|#baseurl=http://mirror.centos.org|baseurl=https://vault.centos.org|g' /etc/yum.repos.d/CentOS-*"
-             $DOCKER_EXEC dnf makecache
-             # Install and enable EPEL
-             $DOCKER_EXEC dnf -q -y install epel-release dnf-utils "${ADDITIONAL_DEPS[@]}"

SOURCES/1022-core-fix-member-access-within-null-pointer.patch

@@ -1,30 +0,0 @@
-From 8c2ed0727cdde516d062e62e127d3dc46cddb895 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Fri, 12 Oct 2018 04:24:27 +0900
-Subject: [PATCH] core: fix member access within null pointer
-
-config_parse_tasks_max() is also used for parsing system.conf or
-user.conf. In that case, userdata is NULL.
-
-Fixes #10362.
-
-(cherry picked from commit 958b8c7bd7a3cf1e710faf8c19a528cc94c214fe)
-
-Resolves: RHEL-76308
----
- src/core/load-fragment.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
-index f6505cf83c..4bfa21a677 100644
---- a/src/core/load-fragment.c
-+++ b/src/core/load-fragment.c
-@@ -3123,7 +3123,7 @@ int config_parse_tasks_max(
-         int r;
- 
-         if (isempty(rvalue)) {
--                *tasks_max = u->manager->default_tasks_max;
-+                *tasks_max = u ? u->manager->default_tasks_max : UINT64_MAX;
-                 return 0;
-         }
- 

SOURCES/1023-man-be-even-clearer-that-tmpfiles-user-group-mode-ar.patch

@@ -1,44 +0,0 @@
-From 687f9b3e04a65d2f39f15e7e0090de940c08ff37 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Wed, 8 Nov 2023 10:56:07 +0100
-Subject: [PATCH] man: be even clearer that tmpfiles user/group/mode are
- applied on existing inodes
-
-I think it was clear already, but let's be even clearer.
-
-Fixes: #29774
-(cherry picked from commit 3cb938bd12b3603984b982e9b73e4cabd4a608e3)
-
-Resolves: RHEL-77145
----
- man/tmpfiles.d.xml | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
-index e2e2eac228..1c4b575c65 100644
---- a/man/tmpfiles.d.xml
-+++ b/man/tmpfiles.d.xml
-@@ -500,6 +500,11 @@ r! /tmp/.X[0-9]*-lock</programlisting>
-       sticky/SUID/SGID bit is removed unless applied to a
-       directory. This functionality is particularly useful in
-       conjunction with <varname>Z</varname>.</para>
-+
-+      <para>By default the access mode of listed inodes is set to the specified mode regardless if it is
-+      created anew, or already existed. Optionally, if prefixed with <literal>:</literal>, the configured
-+      access mode is only applied when creating new inodes, and if the inode the line refers to
-+      already exists, its access mode is left in place unmodified.</para>
-     </refsect2>
- 
-     <refsect2>
-@@ -515,6 +520,11 @@ r! /tmp/.X[0-9]*-lock</programlisting>
-       <varname>r</varname>, <varname>R</varname>,
-       <varname>L</varname>, <varname>t</varname>, and
-       <varname>a</varname> lines.</para>
-+
-+      <para>By default the ownership of listed inodes is set to the specified user/group regardless if it is
-+      created anew, or already existed. Optionally, if prefixed with <literal>:</literal>, the configured
-+      user/group information is only applied when creating new inodes, and if the inode the line refers to
-+      already exists, its user/group is left in place unmodified.</para>
-     </refsect2>
- 
-     <refsect2>

SOURCES/1024-Revert-man-fix-description-of-force-in-halt-8-7392.patch

@@ -1,34 +0,0 @@
-From f94b6151997df8a74b5931324be4d50c7c1bf912 Mon Sep 17 00:00:00 2001
-From: Ludwig Nussel <ludwig.nussel@suse.de>
-Date: Tue, 15 Feb 2022 11:49:26 +0100
-Subject: [PATCH] Revert "man: fix description of --force in halt(8) (#7392)"
-
-This reverts commit 5d9adb5b60b815b477ba9e6b19ef0fd7e1854a38.
-
-(cherry picked from commit 4e076fc8852614823789c75a0487bf24de3fe9ec)
-
-Resolves: RHEL-81056
----
- man/halt.xml | 9 ++-------
- 1 file changed, 2 insertions(+), 7 deletions(-)
-
-diff --git a/man/halt.xml b/man/halt.xml
-index 19857cea84..f82ab19f5f 100644
---- a/man/halt.xml
-+++ b/man/halt.xml
-@@ -88,13 +88,8 @@
-         <term><option>-f</option></term>
-         <term><option>--force</option></term>
- 
--        <listitem><para>Force immediate halt, power-off, or reboot. When
--        specified once, this results in an immediate but clean shutdown
--        by the system manager. When specified twice, this results in an
--        immediate shutdown without contacting the system manager. See the
--        description of <option>--force</option> in
--        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
--        for more details.</para></listitem>
-+        <listitem><para>Force immediate halt, power-off, reboot. Do
-+        not contact the init system.</para></listitem>
-       </varlistentry>
- 
-       <varlistentry>

SOURCES/1025-man-explicitly-document-that-reboot-f-is-different-f.patch

@@ -1,34 +0,0 @@
-From 559a9e5b910781b114684803bbc4ba021c113edd Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Sat, 17 Sep 2022 01:25:44 +0900
-Subject: [PATCH] man: explicitly document that "reboot -f" is different from
- "systemctl reboot -f"
-
-Closes #24696.
-
-(cherry picked from commit cb19517490104553907bb0b118cd2005d6e379cc)
-
-Resolves: RHEL-81056
----
- man/halt.xml | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/man/halt.xml b/man/halt.xml
-index f82ab19f5f..23bebb32b4 100644
---- a/man/halt.xml
-+++ b/man/halt.xml
-@@ -88,8 +88,12 @@
-         <term><option>-f</option></term>
-         <term><option>--force</option></term>
- 
--        <listitem><para>Force immediate halt, power-off, reboot. Do
--        not contact the init system.</para></listitem>
-+        <listitem>
-+          <para>Force immediate halt, power-off, reboot. If specified, the command does not contact the init
-+          system. In most cases, filesystems are not properly unmounted before shutdown. For example, the
-+          command <command>reboot -f</command> is mostly equivalent to <command>systemctl reboot -ff</command>,
-+          instead of <command>systemctl reboot -f</command>.</para>
-+        </listitem>
-       </varlistentry>
- 
-       <varlistentry>

SOURCES/1026-dbus-stash-the-subscriber-list-when-we-disconenct-fr.patch

@@ -1,171 +0,0 @@
-From dd01fc11f599dbfe0a1d5a42e60f9364ae991d31 Mon Sep 17 00:00:00 2001
-From: Ronan Pigott <ronan@rjp.ie>
-Date: Fri, 18 Jul 2025 15:10:03 +0200
-Subject: [PATCH] dbus: stash the subscriber list when we disconenct from the
- bus
-
-If we unexpectly disconnect from the bus, systemd would end up dropping
-the list of subscribers, which breaks the ability of clients like logind
-to monitor the state of units.
-
-Stash the list of subscribers into the deserialized state in the event
-of a disconnect so that when we recover we can renew the broken
-subscriptions.
-
-(cherry picked from commit 8402ca04d1a063c3d8a9e3d5c16df8bb8778ae98)
-
-Related: RHEL-75081
----
- src/core/dbus.c       | 23 ++++++++++++++++-------
- src/core/dbus.h       |  2 +-
- src/core/manager.c    |  5 ++++-
- src/shared/bus-util.c | 22 ++++++++++++++++++++++
- src/shared/bus-util.h |  1 +
- 5 files changed, 44 insertions(+), 9 deletions(-)
-
-diff --git a/src/core/dbus.c b/src/core/dbus.c
-index ec6c52cb85..1b8bb44eda 100644
---- a/src/core/dbus.c
-+++ b/src/core/dbus.c
-@@ -908,6 +908,8 @@ int bus_init_api(Manager *m) {
-         if (r < 0)
-                 return log_error_errno(r, "Failed to set up API bus: %m");
- 
-+        (void) bus_track_coldplug(bus, &m->subscribed, /* recursive= */ false, m->deserialized_subscribed);
-+        m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
-         m->api_bus = TAKE_PTR(bus);
- 
-         r = manager_enqueue_sync_bus_names(m);
-@@ -1070,8 +1072,17 @@ static void destroy_bus(Manager *m, sd_bus **bus) {
-         }
- 
-         /* Get rid of tracked clients on this bus */
--        if (m->subscribed && sd_bus_track_get_bus(m->subscribed) == *bus)
-+        if (m->subscribed && sd_bus_track_get_bus(m->subscribed) == *bus) {
-+                _cleanup_strv_free_ char **subscribed = NULL;
-+                int r;
-+
-+                r = bus_track_to_strv(m->subscribed, &subscribed);
-+                if (r < 0)
-+                        log_warning_errno(r, "Failed to serialize api subscribers, ignoring: %m");
-+                strv_free_and_replace(m->deserialized_subscribed, subscribed);
-+
-                 m->subscribed = sd_bus_track_unref(m->subscribed);
-+        }
- 
-         HASHMAP_FOREACH(j, m->jobs, i)
-                 if (j->bus_track && sd_bus_track_get_bus(j->bus_track) == *bus)
-@@ -1131,7 +1142,6 @@ void bus_done(Manager *m) {
- 
-         assert(!m->subscribed);
- 
--        m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
-         bus_verify_polkit_async_registry_free(m->polkit_registry);
- }
- 
-@@ -1229,20 +1239,19 @@ void bus_track_serialize(sd_bus_track *t, FILE *f, const char *prefix) {
-         }
- }
- 
--int bus_track_coldplug(Manager *m, sd_bus_track **t, bool recursive, char **l) {
--        int r = 0;
-+int bus_track_coldplug(sd_bus *bus, sd_bus_track **t, bool recursive, char **l) {
-+        int r;
- 
--        assert(m);
-         assert(t);
- 
-         if (strv_isempty(l))
-                 return 0;
- 
--        if (!m->api_bus)
-+        if (!bus)
-                 return 0;
- 
-         if (!*t) {
--                r = sd_bus_track_new(m->api_bus, t, NULL, NULL);
-+                r = sd_bus_track_new(bus, t, NULL, NULL);
-                 if (r < 0)
-                         return r;
-         }
-diff --git a/src/core/dbus.h b/src/core/dbus.h
-index f1c0fa86c0..402c970d74 100644
---- a/src/core/dbus.h
-+++ b/src/core/dbus.h
-@@ -19,7 +19,7 @@ void bus_done(Manager *m);
- int bus_fdset_add_all(Manager *m, FDSet *fds);
- 
- void bus_track_serialize(sd_bus_track *t, FILE *f, const char *prefix);
--int bus_track_coldplug(Manager *m, sd_bus_track **t, bool recursive, char **l);
-+int bus_track_coldplug(sd_bus *bus, sd_bus_track **t, bool recursive, char **l);
- 
- int manager_enqueue_sync_bus_names(Manager *m);
- 
-diff --git a/src/core/manager.c b/src/core/manager.c
-index e09227d5ac..c5d906e42e 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -1348,6 +1348,9 @@ Manager* manager_free(Manager *m) {
-         free(m->switch_root);
-         free(m->switch_root_init);
- 
-+        sd_bus_track_unref(m->subscribed);
-+        strv_free(m->deserialized_subscribed);
-+
-         rlimit_free_all(m->rlimit);
- 
-         assert(hashmap_isempty(m->units_requiring_mounts_for));
-@@ -1656,7 +1659,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
-         manager_setup_bus(m);
- 
-         /* Now that we are connected to all possible busses, let's deserialize who is tracking us. */
--        (void) bus_track_coldplug(m, &m->subscribed, false, m->deserialized_subscribed);
-+        (void) bus_track_coldplug(m->api_bus, &m->subscribed, false, m->deserialized_subscribed);
-         m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
- 
-         /* Third, fire things up! */
-diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
-index ff0e800347..5ce4613262 100644
---- a/src/shared/bus-util.c
-+++ b/src/shared/bus-util.c
-@@ -1694,6 +1694,28 @@ int bus_track_add_name_many(sd_bus_track *t, char **l) {
-         return r;
- }
- 
-+int bus_track_to_strv(sd_bus_track *t, char ***ret) {
-+        _cleanup_strv_free_ char **subscribed = NULL;
-+        int r = 0;
-+
-+        assert(ret);
-+
-+        for (const char *n = sd_bus_track_first(t); n; n = sd_bus_track_next(t)) {
-+                r = sd_bus_track_count_name(t, n);
-+                if (r < 0)
-+                        return r;
-+
-+                for (int j = 0; j < r; j++) {
-+                        r = strv_extend(&subscribed, n);
-+                        if (r < 0)
-+                                return r;
-+                }
-+        }
-+
-+        *ret = TAKE_PTR(subscribed);
-+        return r;
-+}
-+
- int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *description) {
-         _cleanup_(sd_bus_unrefp) sd_bus *bus = NULL;
-         const char *e;
-diff --git a/src/shared/bus-util.h b/src/shared/bus-util.h
-index b400eb81e2..b3aa62e6e5 100644
---- a/src/shared/bus-util.h
-+++ b/src/shared/bus-util.h
-@@ -171,6 +171,7 @@ int bus_path_decode_unique(const char *path, const char *prefix, char **ret_send
- int bus_property_get_rlimit(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error);
- 
- int bus_track_add_name_many(sd_bus_track *t, char **l);
-+int bus_track_to_strv(sd_bus_track *t, char ***ret);
- 
- int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *description);
- static inline int bus_open_system_watch_bind(sd_bus **ret) {

SOURCES/1027-manager-s-deserialized_subscribed-subscribed_as_strv.patch

@@ -1,87 +0,0 @@
-From 1cf170260b78e550ed0a0cd3b729527852de0991 Mon Sep 17 00:00:00 2001
-From: Ronan Pigott <ronan@rjp.ie>
-Date: Fri, 18 Jul 2025 15:12:31 +0200
-Subject: [PATCH] manager: s/deserialized_subscribed/subscribed_as_strv
-
-Now that this field may get populated at runtime, the deserialized name
-is misleading. Change the name to reflect its updated purpose.
-
-(cherry picked from commit e1315a621ae26473fcc9cd0d6013836f5f498d40)
-
-Related: RHEL-75081
----
- src/core/dbus.c    | 6 +++---
- src/core/manager.c | 8 ++++----
- src/core/manager.h | 2 +-
- 3 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/src/core/dbus.c b/src/core/dbus.c
-index 1b8bb44eda..9f439dcb23 100644
---- a/src/core/dbus.c
-+++ b/src/core/dbus.c
-@@ -908,8 +908,8 @@ int bus_init_api(Manager *m) {
-         if (r < 0)
-                 return log_error_errno(r, "Failed to set up API bus: %m");
- 
--        (void) bus_track_coldplug(bus, &m->subscribed, /* recursive= */ false, m->deserialized_subscribed);
--        m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
-+        (void) bus_track_coldplug(bus, &m->subscribed, /* recursive= */ false, m->subscribed_as_strv);
-+        m->subscribed_as_strv = strv_free(m->subscribed_as_strv);
-         m->api_bus = TAKE_PTR(bus);
- 
-         r = manager_enqueue_sync_bus_names(m);
-@@ -1079,7 +1079,7 @@ static void destroy_bus(Manager *m, sd_bus **bus) {
-                 r = bus_track_to_strv(m->subscribed, &subscribed);
-                 if (r < 0)
-                         log_warning_errno(r, "Failed to serialize api subscribers, ignoring: %m");
--                strv_free_and_replace(m->deserialized_subscribed, subscribed);
-+                strv_free_and_replace(m->subscribed_as_strv, subscribed);
- 
-                 m->subscribed = sd_bus_track_unref(m->subscribed);
-         }
-diff --git a/src/core/manager.c b/src/core/manager.c
-index c5d906e42e..37bdac8b1d 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -1349,7 +1349,7 @@ Manager* manager_free(Manager *m) {
-         free(m->switch_root_init);
- 
-         sd_bus_track_unref(m->subscribed);
--        strv_free(m->deserialized_subscribed);
-+        strv_free(m->subscribed_as_strv);
- 
-         rlimit_free_all(m->rlimit);
- 
-@@ -1659,8 +1659,8 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
-         manager_setup_bus(m);
- 
-         /* Now that we are connected to all possible busses, let's deserialize who is tracking us. */
--        (void) bus_track_coldplug(m->api_bus, &m->subscribed, false, m->deserialized_subscribed);
--        m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
-+        (void) bus_track_coldplug(m->api_bus, &m->subscribed, false, m->subscribed_as_strv);
-+        m->subscribed_as_strv = strv_free(m->subscribed_as_strv);
- 
-         /* Third, fire things up! */
-         manager_coldplug(m);
-@@ -3382,7 +3382,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) {
-                         exec_runtime_deserialize_one(m, val, fds);
-                 else if ((val = startswith(l, "subscribed="))) {
- 
--                        if (strv_extend(&m->deserialized_subscribed, val) < 0)
-+                        if (strv_extend(&m->subscribed_as_strv, val) < 0)
-                                 log_oom();
-                 } else {
-                         ManagerTimestamp q;
-diff --git a/src/core/manager.h b/src/core/manager.h
-index 98d381bc5b..e713250238 100644
---- a/src/core/manager.h
-+++ b/src/core/manager.h
-@@ -215,7 +215,7 @@ struct Manager {
-         considered subscribes, since they last for very short only,
-         and it is much simpler that way. */
-         sd_bus_track *subscribed;
--        char **deserialized_subscribed;
-+        char **subscribed_as_strv;
- 
-         /* This is used during reloading: before the reload we queue
-          * the reply message here, and afterwards we send it */

SOURCES/1028-bus-util-do-not-reset-the-count-returned-by-sd_bus_t.patch

@@ -1,55 +0,0 @@
-From 42126f36367c4bcb39e37ba251ffbc1f04c9092b Mon Sep 17 00:00:00 2001
-From: Mike Yuan <me@yhndnzj.com>
-Date: Fri, 18 Jul 2025 15:13:03 +0200
-Subject: [PATCH] bus-util: do not reset the count returned by
- sd_bus_track_count_name()
-
-Follow-up for 8402ca04d1a063c3d8a9e3d5c16df8bb8778ae98
-
-While at it, turn the retval check for sd_bus_track_count_name()
-into assertion, given we're working with already established tracks
-(service_name_is_valid() should never yield false in this case).
-
-Addresses https://github.com/systemd/systemd/pull/35406#discussion_r1912066774
-
-(cherry picked from commit 33eeea4128f31df7ab4bd8866b582062d70114ae)
-
-Related: RHEL-75081
----
- src/shared/bus-util.c | 11 +++++------
- 1 file changed, 5 insertions(+), 6 deletions(-)
-
-diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
-index 5ce4613262..ccce078902 100644
---- a/src/shared/bus-util.c
-+++ b/src/shared/bus-util.c
-@@ -1696,16 +1696,15 @@ int bus_track_add_name_many(sd_bus_track *t, char **l) {
- 
- int bus_track_to_strv(sd_bus_track *t, char ***ret) {
-         _cleanup_strv_free_ char **subscribed = NULL;
--        int r = 0;
-+        int r;
- 
-         assert(ret);
- 
-         for (const char *n = sd_bus_track_first(t); n; n = sd_bus_track_next(t)) {
--                r = sd_bus_track_count_name(t, n);
--                if (r < 0)
--                        return r;
-+                int c = sd_bus_track_count_name(t, n);
-+                assert(c >= 0);
- 
--                for (int j = 0; j < r; j++) {
-+                for (int j = 0; j < c; j++) {
-                         r = strv_extend(&subscribed, n);
-                         if (r < 0)
-                                 return r;
-@@ -1713,7 +1712,7 @@ int bus_track_to_strv(sd_bus_track *t, char ***ret) {
-         }
- 
-         *ret = TAKE_PTR(subscribed);
--        return r;
-+        return 0;
- }
- 
- int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *description) {

SOURCES/1029-core-do-not-disconnect-from-bus-when-failed-to-insta.patch

@@ -1,78 +0,0 @@
-From c322f6916c2a69d31d124b59a295297cd3ca492d Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Sun, 29 Dec 2024 15:50:43 +0900
-Subject: [PATCH] core: do not disconnect from bus when failed to install
- signal match
-
-If bus_add_match_full() is called without install callback and we failed
-to install the signal match e.g. by timeout, then add_match_callback()
-will disconnect from the bus.
-Let's use a custom install handler and handle failures gracefully.
-
-This does not *solve* the root cause of issue #30573, but should improve
-the situation when the issue is triggered.
-
-(cherry picked from commit db6b214f95aa42f9a9fa3d94a3c6492cc57b58fb)
-
-Related: RHEL-75081
----
- src/core/unit.c | 39 ++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 38 insertions(+), 1 deletion(-)
-
-diff --git a/src/core/unit.c b/src/core/unit.c
-index ac960ef0c8..aedc1d806f 100644
---- a/src/core/unit.c
-+++ b/src/core/unit.c
-@@ -3115,6 +3115,43 @@ int unit_load_related_unit(Unit *u, const char *type, Unit **_found) {
-         return r;
- }
- 
-+static int signal_name_owner_changed_install_handler(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-+        Unit *u = userdata;
-+        const sd_bus_error *e;
-+        int r;
-+
-+        assert(message);
-+        assert(u);
-+
-+        e = sd_bus_message_get_error(message);
-+        if (!e) {
-+                log_unit_debug(u, "Successfully installed NameOwnerChanged signal match.");
-+                return 0;
-+        }
-+
-+        r = sd_bus_error_get_errno(e);
-+        log_unit_error_errno(u, r,
-+                             "Unexpected error response on installing NameOwnerChanged signal match: %s",
-+                             bus_error_message(e, r));
-+
-+        /* If we failed to install NameOwnerChanged signal, also unref the bus slot of GetNameOwner(). */
-+        u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
-+
-+        if (UNIT_VTABLE(u)->bus_name_owner_change) {
-+                /* HACK: I'd like to avoid backporting fc67a943d9 so I have to deal with former
-+                   vtable->bus_name_owner_change() signature, i.e. provide either old_owner or new_owner and bus_name.
-+                   Also, vtable->bus_name_owner_change() is implemented only for services. */
-+                Service *s = SERVICE(u);
-+
-+                assert(u->type == UNIT_SERVICE);
-+
-+                if (s->bus_name_good)
-+                        UNIT_VTABLE(u)->bus_name_owner_change(u, s->bus_name, s->bus_name_owner, NULL);
-+        }
-+
-+        return 0;
-+}
-+
- static int signal_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
-         const char *name, *old_owner, *new_owner;
-         Unit *u = userdata;
-@@ -3155,7 +3192,7 @@ int unit_install_bus_match(Unit *u, sd_bus *bus, const char *name) {
-                          "member='NameOwnerChanged',"
-                          "arg0='", name, "'");
- 
--        return sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, NULL, u);
-+        return sd_bus_add_match_async(bus, &u->match_bus_slot, match, signal_name_owner_changed, signal_name_owner_changed_install_handler, u);
- }
- 
- int unit_watch_bus_name(Unit *u, const char *name) {

SOURCES/1030-sd-bus-bus-track-use-install_callback-in-sd_bus_trac.patch

@@ -1,99 +0,0 @@
-From fd3ab2173da5a35660565c289675c9961be28c16 Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <msekleta@redhat.com>
-Date: Thu, 31 Jul 2025 18:26:09 +0200
-Subject: [PATCH] sd-bus/bus-track: use install_callback in
- sd_bus_track_add_name()
-
-Previously we didn't provide any install_callback to
-sd_bus_add_match_async() so in case AddMatch() method call timed out we
-destroyed the bus connection. This seems overly aggressive and simply
-updating the sd_bus_track object accordingly should be enough.
-
-Follow-up for 37ce3fd2b7dd8f81f6f4bca2003961a92b2963dc.
-
-Fixes #32381
-
-(cherry picked from commit dcf42d1ee21222ee698e5e0ab3ecf3411b63da40)
-
-Related: RHEL-75081
----
- src/libsystemd/sd-bus/bus-track.c | 30 ++++++++++++++++++++++++++----
- 1 file changed, 26 insertions(+), 4 deletions(-)
-
-diff --git a/src/libsystemd/sd-bus/bus-track.c b/src/libsystemd/sd-bus/bus-track.c
-index b818e93bec..7bb92a507b 100644
---- a/src/libsystemd/sd-bus/bus-track.c
-+++ b/src/libsystemd/sd-bus/bus-track.c
-@@ -5,6 +5,7 @@
- #include "sd-bus.h"
- 
- #include "alloc-util.h"
-+#include "bus-error.h"
- #include "bus-internal.h"
- #include "bus-track.h"
- #include "bus-util.h"
-@@ -13,6 +14,7 @@ struct track_item {
-         unsigned n_ref;
-         char *name;
-         sd_bus_slot *slot;
-+        sd_bus_track *track;
- };
- 
- struct sd_bus_track {
-@@ -181,18 +183,37 @@ _public_ sd_bus_track* sd_bus_track_unref(sd_bus_track *track) {
- }
- 
- static int on_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
--        sd_bus_track *track = userdata;
-+        struct track_item *item = userdata;
-         const char *name;
-         int r;
- 
-         assert(message);
--        assert(track);
-+        assert(item->track);
- 
-         r = sd_bus_message_read(message, "sss", &name, NULL, NULL);
-         if (r < 0)
-                 return 0;
- 
--        bus_track_remove_name_fully(track, name);
-+        bus_track_remove_name_fully(item->track, name);
-+        return 0;
-+}
-+
-+static int name_owner_changed_install_callback(sd_bus_message *message, void *userdata, sd_bus_error *reterr_error) {
-+        struct track_item *item = userdata;
-+        const sd_bus_error *e;
-+
-+        assert(userdata);
-+        assert(message);
-+        assert(item->track);
-+        assert(item->name);
-+
-+        e = sd_bus_message_get_error(message);
-+        if (!e)
-+                return 0;
-+
-+        log_debug_errno(sd_bus_error_get_errno(e), "Failed to install match for tracking name '%s': %s", item->name, e->message);
-+
-+        bus_track_remove_name_fully(item->track, item->name);
-         return 0;
- }
- 
-@@ -234,13 +255,14 @@ _public_ int sd_bus_track_add_name(sd_bus_track *track, const char *name) {
-         n->name = strdup(name);
-         if (!n->name)
-                 return -ENOMEM;
-+        n->track = track;
- 
-         /* First, subscribe to this name */
-         match = MATCH_FOR_NAME(name);
- 
-         bus_track_remove_from_queue(track); /* don't dispatch this while we work in it */
- 
--        r = sd_bus_add_match_async(track->bus, &n->slot, match, on_name_owner_changed, NULL, track);
-+        r = sd_bus_add_match_async(track->bus, &n->slot, match, on_name_owner_changed, name_owner_changed_install_callback, n);
-         if (r < 0) {
-                 bus_track_add_to_queue(track);
-                 return r;

SOURCES/1031-core-manager-restore-bus-track-deserialization-clean.patch

@@ -1,31 +0,0 @@
-From f51c9ff5bd879c5cd1a7872fbd97cc2c447c19a0 Mon Sep 17 00:00:00 2001
-From: Mike Yuan <me@yhndnzj.com>
-Date: Mon, 13 Jan 2025 17:30:51 +0100
-Subject: [PATCH] core/manager: restore bus track deserialization cleanup in
- manager_reload()
-
-There's zero explanation why it got (spuriously) removed in
-8402ca04d1a063c3d8a9e3d5c16df8bb8778ae98...
-
-(cherry picked from commit 34f4b817f67b002eae7e2c09b19bf4b66c4791b6)
-
-Related: RHEL-75081
----
- src/core/manager.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/core/manager.c b/src/core/manager.c
-index 37bdac8b1d..bee94fb80d 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -3542,6 +3542,10 @@ int manager_reload(Manager *m) {
-         if (q < 0 && r >= 0)
-                 r = q;
- 
-+        /* Clean up deserialized bus track information. They're never consumed during reload (as opposed to
-+         * reexec) since we do not disconnect from the bus. */
-+        m->subscribed_as_strv = strv_free(m->subscribed_as_strv);
-+
-         /* Third, fire things up! */
-         manager_coldplug(m);
- 

SOURCES/1032-core-manager-drop-duplicate-bus-track-deserializatio.patch

@@ -1,30 +0,0 @@
-From ba370cdb895ee952a795e4934ef0b51fbbffe720 Mon Sep 17 00:00:00 2001
-From: Mike Yuan <me@yhndnzj.com>
-Date: Sat, 11 Jan 2025 18:38:49 +0100
-Subject: [PATCH] core/manager: drop duplicate bus track deserialization
-
-bus_init_api() now does this internally
-(after 8402ca04d1a063c3d8a9e3d5c16df8bb8778ae98).
-
-(cherry picked from commit af0e10354e567bfd0b9521376b2aad55f12a4e3d)
-
-Related: RHEL-75081
----
- src/core/manager.c | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/src/core/manager.c b/src/core/manager.c
-index bee94fb80d..5212650fec 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -1658,10 +1658,6 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
-         /* Connect to the bus if we are good for it */
-         manager_setup_bus(m);
- 
--        /* Now that we are connected to all possible busses, let's deserialize who is tracking us. */
--        (void) bus_track_coldplug(m->api_bus, &m->subscribed, false, m->subscribed_as_strv);
--        m->subscribed_as_strv = strv_free(m->subscribed_as_strv);
--
-         /* Third, fire things up! */
-         manager_coldplug(m);
- 

SOURCES/1033-cgroup-util-add-mask-definitions-for-sets-of-control.patch

@@ -1,31 +0,0 @@
-From 0b05aee0750c68bfd18bda777a3860c26cf154fc Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Wed, 24 Oct 2018 17:30:46 +0200
-Subject: [PATCH] cgroup-util: add mask definitions for sets of controllers
- supported by cgroupsv1 vs. cgroupsv2
-
-(cherry picked from commit 4edd65e4cff40158dded65c010b8c3e0b5ff5519)
-
-Related: RHEL-9322
----
- src/basic/cgroup-util.h | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
-index 65d2dbd4b6..1b0f53e8b8 100644
---- a/src/basic/cgroup-util.h
-+++ b/src/basic/cgroup-util.h
-@@ -43,6 +43,13 @@ typedef enum CGroupMask {
-         CGROUP_MASK_MEMORY = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_MEMORY),
-         CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES),
-         CGROUP_MASK_PIDS = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_PIDS),
-+
-+        /* All real cgroupv1 controllers */
-+        CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS,
-+
-+        /* All real cgroupv2 controllers */
-+        CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS,
-+
-         _CGROUP_MASK_ALL = CGROUP_CONTROLLER_TO_MASK(_CGROUP_CONTROLLER_MAX) - 1
- } CGroupMask;
- 

SOURCES/1034-cgroup-dump-delegation-mask-too.patch

@@ -1,51 +0,0 @@
-From fb30cb6cb667dc97afeadb4e0ac6ad9134f2d30a Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Wed, 21 Nov 2018 17:48:41 +0100
-Subject: [PATCH] cgroup: dump delegation mask too
-
-(cherry picked from commit 0adf88b68ce71b49009d731ac6d96d9d59c4f2a9)
-
-Related: RHEL-9322
----
- src/core/unit.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/src/core/unit.c b/src/core/unit.c
-index aedc1d806f..15c5bdf2a2 100644
---- a/src/core/unit.c
-+++ b/src/core/unit.c
-@@ -1194,17 +1194,20 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) {
-                 (void) cg_mask_to_string(u->cgroup_realized_mask, &s);
-                 fprintf(f, "%s\tCGroup realized mask: %s\n", prefix, strnull(s));
-         }
-+
-         if (u->cgroup_enabled_mask != 0) {
-                 _cleanup_free_ char *s = NULL;
-                 (void) cg_mask_to_string(u->cgroup_enabled_mask, &s);
-                 fprintf(f, "%s\tCGroup enabled mask: %s\n", prefix, strnull(s));
-         }
-+
-         m = unit_get_own_mask(u);
-         if (m != 0) {
-                 _cleanup_free_ char *s = NULL;
-                 (void) cg_mask_to_string(m, &s);
-                 fprintf(f, "%s\tCGroup own mask: %s\n", prefix, strnull(s));
-         }
-+
-         m = unit_get_members_mask(u);
-         if (m != 0) {
-                 _cleanup_free_ char *s = NULL;
-@@ -1212,6 +1215,13 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) {
-                 fprintf(f, "%s\tCGroup members mask: %s\n", prefix, strnull(s));
-         }
- 
-+        m = unit_get_delegate_mask(u);
-+        if (m != 0) {
-+                _cleanup_free_ char *s = NULL;
-+                (void) cg_mask_to_string(m, &s);
-+                fprintf(f, "%s\tCGroup delegate mask: %s\n", prefix, strnull(s));
-+        }
-+
-         SET_FOREACH(t, u->names, i)
-                 fprintf(f, "%s\tName: %s\n", prefix, t);
- 

SOURCES/1035-cgroup-units-that-aren-t-loaded-properly-should-not-.patch

@@ -1,32 +0,0 @@
-From 3bd48135a82129199e99d212304cee4e0045302c Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Wed, 21 Nov 2018 18:25:37 +0100
-Subject: [PATCH] cgroup: units that aren't loaded properly should not result
- in cgroup controllers being pulled in
-
-This shouldn't make much difference in real life, but is a bit cleaner.
-
-(cherry picked from commit 442ce7759c668bf9857eff13a90b0cfa6be8d426)
-
-Related: RHEL-9322
----
- src/core/cgroup.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/core/cgroup.c b/src/core/cgroup.c
-index 0c8a66edd1..331c97d288 100644
---- a/src/core/cgroup.c
-+++ b/src/core/cgroup.c
-@@ -1308,7 +1308,11 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) {
- CGroupMask unit_get_own_mask(Unit *u) {
-         CGroupContext *c;
- 
--        /* Returns the mask of controllers the unit needs for itself */
-+        /* Returns the mask of controllers the unit needs for itself. If a unit is not properly loaded, return an empty
-+         * mask, as we shouldn't reflect it in the cgroup hierarchy then. */
-+
-+        if (u->load_state != UNIT_LOADED)
-+                return 0;
- 
-         c = unit_get_cgroup_context(u);
-         if (!c)

SOURCES/1036-cgroup-be-more-careful-with-which-controllers-we-can.patch

@@ -1,249 +0,0 @@
-From 38e4b2bb1bea9b727424ee9ba30b8e1e2988a0b8 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Thu, 22 Nov 2018 21:45:33 +0100
-Subject: [PATCH] cgroup: be more careful with which controllers we can
- enable/disable on a cgroup
-
-This changes cg_enable_everywhere() to return which controllers are
-enabled for the specified cgroup. This information is then used to
-correctly track the enablement mask currently in effect for a unit.
-Moreover, when we try to turn off a controller, and this works, then
-this is indicates that the parent unit might succesfully turn it off
-now, too as our unit might have kept it busy.
-
-So far, when realizing cgroups, i.e. when syncing up the kernel
-representation of relevant cgroups with our own idea we would strictly
-work from the root to the leaves. This is generally a good approach, as
-when controllers are enabled this has to happen in root-to-leaves order.
-However, when controllers are disabled this has to happen in the
-opposite order: in leaves-to-root order (this is because controllers can
-only be enabled in a child if it is already enabled in the parent, and
-if it shall be disabled in the parent then it has to be disabled in the
-child first, otherwise it is considered busy when it is attempted to
-remove it in the parent).
-
-To make things complicated when invalidating a unit's cgroup membershup
-systemd can actually turn off some controllers previously turned on at
-the very same time as it turns on other controllers previously turned
-off. In such a case we have to work up leaves-to-root *and*
-root-to-leaves right after each other. With this patch this is
-implemented: we still generally operate root-to-leaves, but as soon as
-we noticed we successfully turned off a controller previously turned on
-for a cgroup we'll re-enqueue the cgroup realization for all parents of
-a unit, thus implementing leaves-to-root where necessary.
-
-(cherry picked from commit 27adcc973771a998433635672e2eee0a4489b8a4)
-
-Related: RHEL-9322
----
- src/basic/cgroup-util.c    | 58 ++++++++++++++++++++++++++++++++++++--
- src/basic/cgroup-util.h    |  2 +-
- src/core/cgroup.c          | 31 ++++++++++++++++----
- src/core/cgroup.h          |  3 +-
- src/nspawn/nspawn-cgroup.c |  2 +-
- 5 files changed, 84 insertions(+), 12 deletions(-)
-
-diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
-index 14abe6e014..f0aca25a00 100644
---- a/src/basic/cgroup-util.c
-+++ b/src/basic/cgroup-util.c
-@@ -2573,22 +2573,45 @@ int cg_unified_flush(void) {
-         return cg_unified_update();
- }
- 
--int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p) {
-+int cg_enable_everywhere(
-+                CGroupMask supported,
-+                CGroupMask mask,
-+                const char *p,
-+                CGroupMask *ret_result_mask) {
-+
-         _cleanup_fclose_ FILE *f = NULL;
-         _cleanup_free_ char *fs = NULL;
-         CGroupController c;
-+        CGroupMask ret = 0;
-         int r;
- 
-         assert(p);
- 
--        if (supported == 0)
-+        if (supported == 0) {
-+                if (ret_result_mask)
-+                        *ret_result_mask = 0;
-                 return 0;
-+        }
- 
-         r = cg_all_unified();
-         if (r < 0)
-                 return r;
--        if (r == 0) /* on the legacy hiearchy there's no joining of controllers defined */
-+        if (r == 0) {
-+                /* On the legacy hiearchy there's no concept of "enabling" controllers in cgroups defined. Let's claim
-+                 * complete success right away. (If you wonder why we return the full mask here, rather than zero: the
-+                 * caller tends to use the returned mask later on to compare if all controllers where properly joined,
-+                 * and if not requeues realization. This use is the primary purpose of the return value, hence let's
-+                 * minimize surprises here and reduce triggers for re-realization by always saying we fully
-+                 * succeeded.) */
-+                if (ret_result_mask)
-+                        *ret_result_mask = mask & supported & CGROUP_MASK_V2; /* If you wonder why we mask this with
-+                                                                               * CGROUP_MASK_V2: The 'supported' mask
-+                                                                               * might contain pure-V1 or BPF
-+                                                                               * controllers, and we never want to
-+                                                                               * claim that we could enable those with
-+                                                                               * cgroup.subtree_control */
-                 return 0;
-+        }
- 
-         r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, p, "cgroup.subtree_control", &fs);
-         if (r < 0)
-@@ -2620,10 +2643,39 @@ int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p) {
-                         if (r < 0) {
-                                 log_debug_errno(r, "Failed to enable controller %s for %s (%s): %m", n, p, fs);
-                                 clearerr(f);
-+
-+                                /* If we can't turn off a controller, leave it on in the reported resulting mask. This
-+                                 * happens for example when we attempt to turn off a controller up in the tree that is
-+                                 * used down in the tree. */
-+                                if (!FLAGS_SET(mask, bit) && r == -EBUSY) /* You might wonder why we check for EBUSY
-+                                                                           * only here, and not follow the same logic
-+                                                                           * for other errors such as EINVAL or
-+                                                                           * EOPNOTSUPP or anything else. That's
-+                                                                           * because EBUSY indicates that the
-+                                                                           * controllers is currently enabled and
-+                                                                           * cannot be disabled because something down
-+                                                                           * the hierarchy is still using it. Any other
-+                                                                           * error most likely means something like "I
-+                                                                           * never heard of this controller" or
-+                                                                           * similar. In the former case it's hence
-+                                                                           * safe to assume the controller is still on
-+                                                                           * after the failed operation, while in the
-+                                                                           * latter case it's safer to assume the
-+                                                                           * controller is unknown and hence certainly
-+                                                                           * not enabled. */
-+                                        ret |= bit;
-+                        } else {
-+                                /* Otherwise, if we managed to turn on a controller, set the bit reflecting that. */
-+                                if (FLAGS_SET(mask, bit))
-+                                        ret |= bit;
-                         }
-                 }
-         }
- 
-+        /* Let's return the precise set of controllers now enabled for the cgroup. */
-+        if (ret_result_mask)
-+                *ret_result_mask = ret;
-+
-         return 0;
- }
- 
-diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
-index 1b0f53e8b8..0ce63f98e8 100644
---- a/src/basic/cgroup-util.h
-+++ b/src/basic/cgroup-util.h
-@@ -248,7 +248,7 @@ int cg_attach_everywhere(CGroupMask supported, const char *path, pid_t pid, cg_m
- int cg_attach_many_everywhere(CGroupMask supported, const char *path, Set* pids, cg_migrate_callback_t callback, void *userdata);
- int cg_migrate_everywhere(CGroupMask supported, const char *from, const char *to, cg_migrate_callback_t callback, void *userdata);
- int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root);
--int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p);
-+int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p, CGroupMask *ret_result_mask);
- 
- int cg_mask_supported(CGroupMask *ret);
- int cg_mask_from_string(const char *s, CGroupMask *ret);
-diff --git a/src/core/cgroup.c b/src/core/cgroup.c
-index 331c97d288..93c0920c54 100644
---- a/src/core/cgroup.c
-+++ b/src/core/cgroup.c
-@@ -1660,8 +1660,8 @@ static int unit_create_cgroup(
-                 bool needs_bpf) {
- 
-         CGroupContext *c;
--        int r;
-         bool created;
-+        int r;
- 
-         assert(u);
- 
-@@ -1685,18 +1685,37 @@ static int unit_create_cgroup(
- 
-         /* Preserve enabled controllers in delegated units, adjust others. */
-         if (created || !unit_cgroup_delegate(u)) {
-+                CGroupMask result_mask = 0;
- 
-                 /* Enable all controllers we need */
--                r = cg_enable_everywhere(u->manager->cgroup_supported, enable_mask, u->cgroup_path);
-+                r = cg_enable_everywhere(u->manager->cgroup_supported, enable_mask, u->cgroup_path, &result_mask);
-                 if (r < 0)
--                        log_unit_warning_errno(u, r, "Failed to enable controllers on cgroup %s, ignoring: %m",
--                                               u->cgroup_path);
-+                        log_unit_warning_errno(u, r, "Failed to enable/disable controllers on cgroup %s, ignoring: %m", u->cgroup_path);
-+
-+                /* If we just turned off a controller, this might release the controller for our parent too, let's
-+                 * enqueue the parent for re-realization in that case again. */
-+                if (UNIT_ISSET(u->slice)) {
-+                        CGroupMask turned_off;
-+
-+                        turned_off = (u->cgroup_realized ? u->cgroup_enabled_mask & ~result_mask : 0);
-+                        if (turned_off != 0) {
-+                                Unit *parent;
-+
-+                                /* Force the parent to propagate the enable mask to the kernel again, by invalidating
-+                                 * the controller we just turned off. */
-+
-+                                for (parent = UNIT_DEREF(u->slice); parent; parent = UNIT_DEREF(parent->slice))
-+                                        unit_invalidate_cgroup(parent, turned_off);
-+                        }
-+                }
-+
-+                /* Remember what's actually enabled now */
-+                u->cgroup_enabled_mask = result_mask;
-         }
- 
-         /* Keep track that this is now realized */
-         u->cgroup_realized = true;
-         u->cgroup_realized_mask = target_mask;
--        u->cgroup_enabled_mask = enable_mask;
-         u->cgroup_bpf_state = needs_bpf ? UNIT_CGROUP_BPF_ON : UNIT_CGROUP_BPF_OFF;
- 
-         if (u->type != UNIT_SLICE && !unit_cgroup_delegate(u)) {
-@@ -1885,7 +1904,7 @@ static bool unit_has_mask_realized(
-                  (!needs_bpf && u->cgroup_bpf_state == UNIT_CGROUP_BPF_OFF));
- }
- 
--static void unit_add_to_cgroup_realize_queue(Unit *u) {
-+void unit_add_to_cgroup_realize_queue(Unit *u) {
-         assert(u);
- 
-         if (u->in_cgroup_realize_queue)
-diff --git a/src/core/cgroup.h b/src/core/cgroup.h
-index 36ea77fdc5..535e328ab6 100644
---- a/src/core/cgroup.h
-+++ b/src/core/cgroup.h
-@@ -175,7 +175,6 @@ CGroupMask unit_get_delegate_mask(Unit *u);
- CGroupMask unit_get_members_mask(Unit *u);
- CGroupMask unit_get_siblings_mask(Unit *u);
- CGroupMask unit_get_subtree_mask(Unit *u);
--
- CGroupMask unit_get_target_mask(Unit *u);
- CGroupMask unit_get_enable_mask(Unit *u);
- 
-@@ -183,6 +182,8 @@ bool unit_get_needs_bpf(Unit *u);
- 
- void unit_update_cgroup_members_masks(Unit *u);
- 
-+void unit_add_to_cgroup_realize_queue(Unit *u);
-+
- const char *unit_get_realized_cgroup_path(Unit *u, CGroupMask mask);
- char *unit_default_cgroup_path(Unit *u);
- int unit_set_cgroup_path(Unit *u, const char *path);
-diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c
-index a231622e29..975427aa31 100644
---- a/src/nspawn/nspawn-cgroup.c
-+++ b/src/nspawn/nspawn-cgroup.c
-@@ -185,6 +185,6 @@ int create_subcgroup(pid_t pid, bool keep_unit, CGroupUnified unified_requested)
-         }
- 
-         /* Try to enable as many controllers as possible for the new payload. */
--        (void) cg_enable_everywhere(supported, supported, cgroup);
-+        (void) cg_enable_everywhere(supported, supported, cgroup, NULL);
-         return 0;
- }

SOURCES/1037-cgroup-extend-reasons-when-we-realize-the-enable-mas.patch

@@ -1,35 +0,0 @@
-From 70d03cffc01a77df5441e8c62e07c010e16882b2 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Fri, 23 Nov 2018 01:03:18 +0100
-Subject: [PATCH] cgroup: extend reasons when we realize the enable mask
-
-After creating a cgroup we need to initialize its
-"cgroup.subtree_control" file with the controllers its children want to
-use. Currently we do so whenever the mkdir() on the cgroup succeeded,
-i.e. when we know the cgroup is "fresh". Let's update the condition
-slightly that we also do so when internally we assume a cgroup doesn't
-exist yet, even if it already does (maybe left-over from a previous
-run).
-
-This shouldn't change anything IRL but make things a bit more robust.
-
-(cherry picked from commit 1fd3a10c38a0be4fc42ae94cf9f8401003187b80)
-
-Related: RHEL-9322
----
- src/core/cgroup.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/core/cgroup.c b/src/core/cgroup.c
-index 93c0920c54..bf829407b8 100644
---- a/src/core/cgroup.c
-+++ b/src/core/cgroup.c
-@@ -1684,7 +1684,7 @@ static int unit_create_cgroup(
-         (void) unit_watch_cgroup(u);
- 
-         /* Preserve enabled controllers in delegated units, adjust others. */
--        if (created || !unit_cgroup_delegate(u)) {
-+        if (created || !u->cgroup_realized || !unit_cgroup_delegate(u)) {
-                 CGroupMask result_mask = 0;
- 
-                 /* Enable all controllers we need */

SOURCES/1038-cgroup-drastically-simplify-caching-of-cgroups-membe.patch

@@ -1,228 +0,0 @@
-From 18d667eb7895b47dad3b4144b69e6e9e3afe4994 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Fri, 23 Nov 2018 01:07:34 +0100
-Subject: [PATCH] cgroup: drastically simplify caching of cgroups members mask
-
-Previously we tried to be smart: when a new unit appeared and it only
-added controllers to the cgroup mask we'd update the cached members mask
-in all parents by ORing in the controller flags in their cached values.
-Unfortunately this was quite broken, as we missed some conditions when
-this cache had to be reset (for example, when a unit got unloaded),
-moreover the optimization doesn't work when a controller is removed
-anyway (as in that case there's no other way for the parent to iterate
-though all children if any other, remaining child unit still needs it).
-Hence, let's simplify the logic substantially: instead of updating the
-cache on the right events (which we didn't get right), let's simply
-invalidate the cache, and generate it lazily when we encounter it later.
-This should actually result in better behaviour as we don't have to
-calculate the new members mask for a whole subtree whever we have the
-suspicion something changed, but can delay it to the point where we
-actually need the members mask.
-
-This allows us to simplify things quite a bit, which is good, since
-validating this cache for correctness is hard enough.
-
-Fixes: #9512
-(cherry picked from commit 5af8805872809e6de4cc4d9495cb1a904772ab4e)
-
-Resolves: RHEL-9322
----
- src/core/cgroup.c       | 49 +++++------------------------------------
- src/core/cgroup.h       |  1 +
- src/core/dbus-mount.c   |  2 +-
- src/core/dbus-scope.c   |  2 +-
- src/core/dbus-service.c |  2 +-
- src/core/dbus-slice.c   |  2 +-
- src/core/dbus-socket.c  |  2 +-
- src/core/dbus-swap.c    |  2 +-
- src/core/unit.c         |  3 ++-
- src/core/unit.h         |  2 --
- 10 files changed, 14 insertions(+), 53 deletions(-)
-
-diff --git a/src/core/cgroup.c b/src/core/cgroup.c
-index bf829407b8..3276c876ec 100644
---- a/src/core/cgroup.c
-+++ b/src/core/cgroup.c
-@@ -1454,53 +1454,14 @@ bool unit_get_needs_bpf(Unit *u) {
-         return false;
- }
- 
--/* Recurse from a unit up through its containing slices, propagating
-- * mask bits upward. A unit is also member of itself. */
--void unit_update_cgroup_members_masks(Unit *u) {
--        CGroupMask m;
--        bool more;
--
-+void unit_invalidate_cgroup_members_masks(Unit *u) {
-         assert(u);
- 
--        /* Calculate subtree mask */
--        m = unit_get_subtree_mask(u);
--
--        /* See if anything changed from the previous invocation. If
--         * not, we're done. */
--        if (u->cgroup_subtree_mask_valid && m == u->cgroup_subtree_mask)
--                return;
--
--        more =
--                u->cgroup_subtree_mask_valid &&
--                ((m & ~u->cgroup_subtree_mask) != 0) &&
--                ((~m & u->cgroup_subtree_mask) == 0);
--
--        u->cgroup_subtree_mask = m;
--        u->cgroup_subtree_mask_valid = true;
--
--        if (UNIT_ISSET(u->slice)) {
--                Unit *s = UNIT_DEREF(u->slice);
--
--                if (more)
--                        /* There's more set now than before. We
--                         * propagate the new mask to the parent's mask
--                         * (not caring if it actually was valid or
--                         * not). */
--
--                        s->cgroup_members_mask |= m;
--
--                else
--                        /* There's less set now than before (or we
--                         * don't know), we need to recalculate
--                         * everything, so let's invalidate the
--                         * parent's members mask */
-+        /* Recurse invalidate the member masks cache all the way up the tree */
-+        u->cgroup_members_mask_valid = false;
- 
--                        s->cgroup_members_mask_valid = false;
--
--                /* And now make sure that this change also hits our
--                 * grandparents */
--                unit_update_cgroup_members_masks(s);
--        }
-+        if (UNIT_ISSET(u->slice))
-+                unit_invalidate_cgroup_members_masks(UNIT_DEREF(u->slice));
- }
- 
- const char *unit_get_realized_cgroup_path(Unit *u, CGroupMask mask) {
-diff --git a/src/core/cgroup.h b/src/core/cgroup.h
-index 535e328ab6..2ec8dd8fba 100644
---- a/src/core/cgroup.h
-+++ b/src/core/cgroup.h
-@@ -180,6 +180,7 @@ CGroupMask unit_get_enable_mask(Unit *u);
- 
- bool unit_get_needs_bpf(Unit *u);
- 
-+void unit_invalidate_cgroup_members_masks(Unit *u);
- void unit_update_cgroup_members_masks(Unit *u);
- 
- void unit_add_to_cgroup_realize_queue(Unit *u);
-diff --git a/src/core/dbus-mount.c b/src/core/dbus-mount.c
-index a089b37e04..345494fd64 100644
---- a/src/core/dbus-mount.c
-+++ b/src/core/dbus-mount.c
-@@ -190,7 +190,7 @@ int bus_mount_set_property(
- int bus_mount_commit_properties(Unit *u) {
-         assert(u);
- 
--        unit_update_cgroup_members_masks(u);
-+        unit_invalidate_cgroup_members_masks(u);
-         unit_realize_cgroup(u);
- 
-         return 0;
-diff --git a/src/core/dbus-scope.c b/src/core/dbus-scope.c
-index 534302d188..8504352cbf 100644
---- a/src/core/dbus-scope.c
-+++ b/src/core/dbus-scope.c
-@@ -192,7 +192,7 @@ int bus_scope_set_property(
- int bus_scope_commit_properties(Unit *u) {
-         assert(u);
- 
--        unit_update_cgroup_members_masks(u);
-+        unit_invalidate_cgroup_members_masks(u);
-         unit_realize_cgroup(u);
- 
-         return 0;
-diff --git a/src/core/dbus-service.c b/src/core/dbus-service.c
-index 5f768a77c8..6db583492b 100644
---- a/src/core/dbus-service.c
-+++ b/src/core/dbus-service.c
-@@ -393,7 +393,7 @@ int bus_service_set_property(
- int bus_service_commit_properties(Unit *u) {
-         assert(u);
- 
--        unit_update_cgroup_members_masks(u);
-+        unit_invalidate_cgroup_members_masks(u);
-         unit_realize_cgroup(u);
- 
-         return 0;
-diff --git a/src/core/dbus-slice.c b/src/core/dbus-slice.c
-index 722a5688a5..effd5fa5d7 100644
---- a/src/core/dbus-slice.c
-+++ b/src/core/dbus-slice.c
-@@ -28,7 +28,7 @@ int bus_slice_set_property(
- int bus_slice_commit_properties(Unit *u) {
-         assert(u);
- 
--        unit_update_cgroup_members_masks(u);
-+        unit_invalidate_cgroup_members_masks(u);
-         unit_realize_cgroup(u);
- 
-         return 0;
-diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
-index 17494b80c8..dc74c82714 100644
---- a/src/core/dbus-socket.c
-+++ b/src/core/dbus-socket.c
-@@ -469,7 +469,7 @@ int bus_socket_set_property(
- int bus_socket_commit_properties(Unit *u) {
-         assert(u);
- 
--        unit_update_cgroup_members_masks(u);
-+        unit_invalidate_cgroup_members_masks(u);
-         unit_realize_cgroup(u);
- 
-         return 0;
-diff --git a/src/core/dbus-swap.c b/src/core/dbus-swap.c
-index b272d10113..353fa20132 100644
---- a/src/core/dbus-swap.c
-+++ b/src/core/dbus-swap.c
-@@ -63,7 +63,7 @@ int bus_swap_set_property(
- int bus_swap_commit_properties(Unit *u) {
-         assert(u);
- 
--        unit_update_cgroup_members_masks(u);
-+        unit_invalidate_cgroup_members_masks(u);
-         unit_realize_cgroup(u);
- 
-         return 0;
-diff --git a/src/core/unit.c b/src/core/unit.c
-index 15c5bdf2a2..a7f610eca8 100644
---- a/src/core/unit.c
-+++ b/src/core/unit.c
-@@ -1583,7 +1583,8 @@ int unit_load(Unit *u) {
-                 if (u->job_running_timeout != USEC_INFINITY && u->job_running_timeout > u->job_timeout)
-                         log_unit_warning(u, "JobRunningTimeoutSec= is greater than JobTimeoutSec=, it has no effect.");
- 
--                unit_update_cgroup_members_masks(u);
-+                /* We finished loading, let's ensure our parents recalculate the members mask */
-+                unit_invalidate_cgroup_members_masks(u);
-         }
- 
-         assert((u->load_state != UNIT_MERGED) == !u->merged_into);
-diff --git a/src/core/unit.h b/src/core/unit.h
-index b8b914711f..e2dd7949e5 100644
---- a/src/core/unit.h
-+++ b/src/core/unit.h
-@@ -265,7 +265,6 @@ typedef struct Unit {
-         char *cgroup_path;
-         CGroupMask cgroup_realized_mask;
-         CGroupMask cgroup_enabled_mask;
--        CGroupMask cgroup_subtree_mask;
-         CGroupMask cgroup_members_mask;
-         int cgroup_inotify_wd;
- 
-@@ -341,7 +340,6 @@ typedef struct Unit {
- 
-         bool cgroup_realized:1;
-         bool cgroup_members_mask_valid:1;
--        bool cgroup_subtree_mask_valid:1;
- 
-         UnitCGroupBPFState cgroup_bpf_state:2;
- 

SOURCES/1039-cgroup-when-we-unload-a-unit-also-update-all-its-par.patch

@@ -1,36 +0,0 @@
-From 8b64f8944a9e48ca07c2fb086457675031814b46 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Fri, 23 Nov 2018 01:13:47 +0100
-Subject: [PATCH] cgroup: when we unload a unit, also update all its parent's
- members mask
-
-This way we can corectly ensure that when a unit that requires some
-controller goes away, we propagate the removal of it all the way up, so
-that the controller is turned off in all the parents too.
-
-(cherry picked from commit b8b6f321044ab085358de91a1f72a7d86593dfda)
-
-Related: RHEL-9322
----
- src/core/unit.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/core/unit.c b/src/core/unit.c
-index a7f610eca8..70e1d68ea4 100644
---- a/src/core/unit.c
-+++ b/src/core/unit.c
-@@ -578,6 +578,14 @@ void unit_free(Unit *u) {
-         if (!u)
-                 return;
- 
-+        if (UNIT_ISSET(u->slice)) {
-+                /* A unit is being dropped from the tree, make sure our parent slice recalculates the member mask */
-+                unit_invalidate_cgroup_members_masks(UNIT_DEREF(u->slice));
-+
-+                /* And make sure the parent is realized again, updating cgroup memberships */
-+                unit_add_to_cgroup_realize_queue(UNIT_DEREF(u->slice));
-+        }
-+
-         u->transient_file = safe_fclose(u->transient_file);
- 
-         if (!MANAGER_IS_RELOADING(u->manager))

SOURCES/1040-test-extend-testcase-to-ensure-controller-membership.patch

@@ -1,47 +0,0 @@
-From a3ce5bf1ff531f29c329b3298f3ef69d99e3cbed Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Fri, 23 Nov 2018 01:15:19 +0100
-Subject: [PATCH] test: extend testcase to ensure controller membership doesn't
- regress
-
-(cherry picked from commit 43738e001e64ba0ec6522e0c35b67a006abf10e9)
-
-Related: RHEL-9322
----
- test/TEST-19-DELEGATE/testsuite.sh | 21 +++++++++++++++++++--
- 1 file changed, 19 insertions(+), 2 deletions(-)
-
-diff --git a/test/TEST-19-DELEGATE/testsuite.sh b/test/TEST-19-DELEGATE/testsuite.sh
-index c4c948cc11..8a3e9eb5fb 100755
---- a/test/TEST-19-DELEGATE/testsuite.sh
-+++ b/test/TEST-19-DELEGATE/testsuite.sh
-@@ -21,10 +21,27 @@ if grep -q cgroup2 /proc/filesystems ; then
-                     -w /sys/fs/cgroup/system.slice/test0.service/cgroup.subtree_control
- 
-         systemd-run --wait --unit=test1.service -p "DynamicUser=1" -p "Delegate=memory pids" \
--                    grep memory /sys/fs/cgroup/system.slice/test1.service/cgroup.controllers
-+                    grep -q memory /sys/fs/cgroup/system.slice/test1.service/cgroup.controllers
- 
-         systemd-run --wait --unit=test2.service -p "DynamicUser=1" -p "Delegate=memory pids" \
--                    grep pids /sys/fs/cgroup/system.slice/test2.service/cgroup.controllers
-+                    grep -q pids /sys/fs/cgroup/system.slice/test2.service/cgroup.controllers
-+
-+        # "io" is not among the controllers enabled by default for all units, verify that
-+        grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
-+
-+        # Run a service with "io" enabled, and verify it works
-+        systemd-run --wait --unit=test3.service -p "IOAccounting=yes" -p "Slice=system-foo-bar-baz.slice"  \
-+                    grep -q io /sys/fs/cgroup/system.slice/system-foo.slice/system-foo-bar.slice/system-foo-bar-baz.slice/test3.service/cgroup.controllers
-+
-+        # We want to check if "io" is removed again from the controllers
-+        # list. However, PID 1 (rightfully) does this asynchronously. In order
-+        # to force synchronization on this, let's start a short-lived service
-+        # which requires PID 1 to refresh the cgroup tree, so that we can
-+        # verify that this all works.
-+        systemd-run --wait --unit=test4.service true
-+
-+        # And now check again, "io" should have vanished
-+        grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
- 
-         # Check that unprivileged delegation works for scopes
-         test_scope_unpriv_delegation

SOURCES/1041-test-execute-let-s-ignore-the-difference-between-CLD.patch

@@ -1,41 +0,0 @@
-From edc3ca8a481a918f61404a7d41aa328c247721cd Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <fsumsal@redhat.com>
-Date: Tue, 2 Sep 2025 13:41:07 +0200
-Subject: [PATCH] test-execute: let's ignore the difference between CLD_KILLED
- and CLD_DUMPED
-
-Depending on system configuration and whether SCMP_ACT_KILL_PROCESS or SCMP_ACT_KILL_THREAD is available/used processes might coredump on specific coredumps or are just plain killed. For our test case the difference doesn't really matter, hence let's hide it away.
-
-(cherry picked from commit c3ab2c389ee60d92fb8d7fe779ae9c4e3c092e4c)
-
-Related: RHEL-108744
----
- src/test/test-execute.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/src/test/test-execute.c b/src/test/test-execute.c
-index 7581d5ed68..97649ee5ec 100644
---- a/src/test/test-execute.c
-+++ b/src/test/test-execute.c
-@@ -30,6 +30,12 @@
- 
- typedef void (*test_function_t)(Manager *m);
- 
-+static int cld_dumped_to_killed(int code) {
-+        /* Depending on the system, seccomp version, … some signals might result in dumping, others in plain
-+         * killing. Let's ignore the difference here, and map both cases to CLD_KILLED */
-+        return code == CLD_DUMPED ? CLD_KILLED : code;
-+}
-+
- static void wait_for_service_finish(Manager *m, Unit *unit) {
-         Service *service = NULL;
-         usec_t ts;
-@@ -73,7 +79,7 @@ static void check_main_result(const char *func, Manager *m, Unit *unit, int stat
-                           service->main_exec_status.status, status_expected);
-                 abort();
-         }
--        if (service->main_exec_status.code != code_expected) {
-+        if (cld_dumped_to_killed(service->main_exec_status.code) != cld_dumped_to_killed(code_expected)) {
-                 log_error("%s: %s: exit code %d, expected %d",
-                           func, unit->id,
-                           service->main_exec_status.code, code_expected);

SOURCES/1042-test-execute-turn-off-coredump-generation-in-test-se.patch

@@ -1,37 +0,0 @@
-From bbec8198d56f141ab3e97dca3607744e2497bf9a Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <fsumsal@redhat.com>
-Date: Tue, 2 Sep 2025 13:41:22 +0200
-Subject: [PATCH] test-execute: turn off coredump generation in test services
-
-These services are likely to coredump, and we expect that but aren't interested in the coredump. Hence let's turn off processing by setting RLIMIT_CORE to 0/0.
-
-(cherry picked from commit a429223d1767a9d6cb0a95fd2fa3b0d64ce3d4e7)
-
-Related: RHEL-108744
----
- test/test-execute/exec-systemcallfilter-failing.service  | 1 +
- test/test-execute/exec-systemcallfilter-failing2.service | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/test/test-execute/exec-systemcallfilter-failing.service b/test/test-execute/exec-systemcallfilter-failing.service
-index bcebc99507..996f859217 100644
---- a/test/test-execute/exec-systemcallfilter-failing.service
-+++ b/test/test-execute/exec-systemcallfilter-failing.service
-@@ -4,6 +4,7 @@ Description=Test for SystemCallFilter
- [Service]
- ExecStart=/bin/sh -c 'echo "This should not be seen"'
- Type=oneshot
-+LimitCORE=0
- SystemCallFilter=ioperm
- SystemCallFilter=~ioperm
- SystemCallFilter=ioperm
-diff --git a/test/test-execute/exec-systemcallfilter-failing2.service b/test/test-execute/exec-systemcallfilter-failing2.service
-index 2fdc0ed772..c74f42248b 100644
---- a/test/test-execute/exec-systemcallfilter-failing2.service
-+++ b/test/test-execute/exec-systemcallfilter-failing2.service
-@@ -4,4 +4,5 @@ Description=Test for SystemCallFilter
- [Service]
- ExecStart=/bin/sh -c 'echo "This should not be seen"'
- Type=oneshot
-+LimitCORE=0
- SystemCallFilter=~write open execve exit_group close mmap munmap fstat DONOTEXIST

SOURCES/1043-test-introduce-TEST-53-TIMER.patch

@@ -1,106 +0,0 @@
-From 7097abc3e9a0b76942b6844d43152e37f22158cf Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <fsumsal@redhat.com>
-Date: Mon, 29 Sep 2025 13:37:02 +0200
-Subject: [PATCH] test: introduce TEST-53-TIMER
-
-This tries to mirror upstream's
-953c347fb6f293acbd6da009646bfc071b68ddd7, but we don't have
-TEST-53-ISSUE-16347 in RHEL 8 at all, so just introduce a new empty test
-instead.
-
-rhel-only
-Related: RHEL-108744
----
- test/TEST-53-TIMER/Makefile     |  1 +
- test/TEST-53-TIMER/test.sh      | 51 +++++++++++++++++++++++++++++++++
- test/TEST-53-TIMER/testsuite.sh | 14 +++++++++
- 3 files changed, 66 insertions(+)
- create mode 120000 test/TEST-53-TIMER/Makefile
- create mode 100755 test/TEST-53-TIMER/test.sh
- create mode 100755 test/TEST-53-TIMER/testsuite.sh
-
-diff --git a/test/TEST-53-TIMER/Makefile b/test/TEST-53-TIMER/Makefile
-new file mode 120000
-index 0000000000..e9f93b1104
---- /dev/null
-+++ b/test/TEST-53-TIMER/Makefile
-@@ -0,0 +1 @@
-+../TEST-01-BASIC/Makefile
-\ No newline at end of file
-diff --git a/test/TEST-53-TIMER/test.sh b/test/TEST-53-TIMER/test.sh
-new file mode 100755
-index 0000000000..3619ff92b4
---- /dev/null
-+++ b/test/TEST-53-TIMER/test.sh
-@@ -0,0 +1,51 @@
-+#!/usr/bin/env bash
-+set -e
-+TEST_DESCRIPTION="Tests for systemd timers"
-+TEST_NO_NSPAWN=1
-+
-+# shellcheck source=test/test-functions
-+. "$TEST_BASE_DIR/test-functions"
-+
-+test_setup() {
-+    create_empty_image
-+    mkdir -p "${TESTDIR:?}/root"
-+    mount "${LOOPDEV:?}p1" "$TESTDIR/root"
-+
-+    (
-+        LOG_LEVEL=5
-+        # shellcheck disable=SC2046
-+        eval $(udevadm info --export --query=env --name="${LOOPDEV}p2")
-+
-+        setup_basic_environment
-+
-+        # mask some services that we do not want to run in these tests
-+        ln -fs /dev/null "$initdir/etc/systemd/system/systemd-hwdb-update.service"
-+        ln -fs /dev/null "$initdir/etc/systemd/system/systemd-journal-catalog-update.service"
-+        ln -fs /dev/null "$initdir/etc/systemd/system/systemd-networkd.service"
-+        ln -fs /dev/null "$initdir/etc/systemd/system/systemd-networkd.socket"
-+        ln -fs /dev/null "$initdir/etc/systemd/system/systemd-resolved.service"
-+        ln -fs /dev/null "$initdir/etc/systemd/system/systemd-machined.service"
-+
-+        # setup the testsuite service
-+        cat >"$initdir/etc/systemd/system/testsuite.service" <<EOF
-+[Unit]
-+Description=Testsuite service
-+
-+[Service]
-+ExecStart=/bin/bash -x /testsuite.sh
-+Type=oneshot
-+StandardOutput=tty
-+StandardError=tty
-+NotifyAccess=all
-+EOF
-+        cp testsuite*.sh "$initdir/"
-+
-+        setup_testsuite
-+    ) || return 1
-+    setup_nspawn_root
-+
-+    ddebug "umount $TESTDIR/root"
-+    umount "$TESTDIR/root"
-+}
-+
-+do_test "$@"
-diff --git a/test/TEST-53-TIMER/testsuite.sh b/test/TEST-53-TIMER/testsuite.sh
-new file mode 100755
-index 0000000000..13c767e490
---- /dev/null
-+++ b/test/TEST-53-TIMER/testsuite.sh
-@@ -0,0 +1,14 @@
-+#!/usr/bin/env bash
-+# SPDX-License-Identifier: LGPL-2.1-or-later
-+set -eux
-+set -o pipefail
-+
-+: >/failed
-+
-+for script in "${0%.sh}".*.sh; do
-+    echo "Running $script"
-+    "./$script"
-+done
-+
-+touch /testok
-+rm /failed

SOURCES/1044-test-restarting-elapsed-timer-shouldn-t-trigger-the-.patch

@@ -1,98 +0,0 @@
-From 9cb832f3c26c292d31109cb54d142277f8751e52 Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <frantisek@sumsal.cz>
-Date: Tue, 23 Sep 2025 17:42:01 +0200
-Subject: [PATCH] test: restarting elapsed timer shouldn't trigger the
- corresponding service
-
-Provides coverage for:
-  - https://github.com/systemd/systemd/issues/31231
-  - https://github.com/systemd/systemd/issues/35805
-
-(cherry picked from commit 5730a400fd5ee82566fe03eb832121a0d4bc26b6)
-
-Related: RHEL-108744
----
- .../testsuite.restart-trigger.sh              | 74 +++++++++++++++++++
- 1 file changed, 74 insertions(+)
- create mode 100755 test/TEST-53-TIMER/testsuite.restart-trigger.sh
-
-diff --git a/test/TEST-53-TIMER/testsuite.restart-trigger.sh b/test/TEST-53-TIMER/testsuite.restart-trigger.sh
-new file mode 100755
-index 0000000000..313b5a7fd8
---- /dev/null
-+++ b/test/TEST-53-TIMER/testsuite.restart-trigger.sh
-@@ -0,0 +1,74 @@
-+#!/usr/bin/env bash
-+# SPDX-License-Identifier: LGPL-2.1-or-later
-+#
-+# Restarting an already elapsed timer shouldn't immediately trigger the corresponding service unit.
-+#
-+# Provides coverage for:
-+#   - https://github.com/systemd/systemd/issues/31231
-+#   - https://github.com/systemd/systemd/issues/35805
-+set -eux
-+set -o pipefail
-+
-+UNIT_NAME="timer-restart-$RANDOM"
-+TEST_MESSAGE="Hello from timer $RANDOM"
-+
-+# Setup
-+cat >"/run/systemd/system/$UNIT_NAME.timer" <<EOF
-+[Timer]
-+OnCalendar=$(date --date="+1 hour" "+%Y-%m-%d %H:%M:%S")
-+AccuracySec=1s
-+EOF
-+
-+cat >"/run/systemd/system/$UNIT_NAME.service" <<EOF
-+[Service]
-+ExecStart=echo "$TEST_MESSAGE"
-+EOF
-+
-+systemctl daemon-reload
-+
-+JOURNAL_TS="$(date "+%s")"
-+# Paranoia check that the test message is not already in the logs
-+[[ "$(journalctl -q -p info --since="@$JOURNAL_TS" --unit="$UNIT_NAME" --grep="$TEST_MESSAGE" | wc -l)" -eq 0 ]]
-+
-+# Restart time timer and move time forward by 2 hours to trigger the timer
-+systemctl restart "$UNIT_NAME.timer"
-+systemctl status --no-pager "$UNIT_NAME.timer"
-+
-+date -s '+2 hours'
-+trap 'date -s "-2 hours"' EXIT
-+sleep 1
-+systemctl status --no-pager "$UNIT_NAME.timer"
-+[[ "$(journalctl -q -p info --since="@$JOURNAL_TS" --unit="$UNIT_NAME" --grep="$TEST_MESSAGE" | wc -l)" -eq 1 ]]
-+
-+# Restarting the timer unit shouldn't trigger neither the timer nor the service, so these
-+# fields should remain constant through the following tests
-+SERVICE_INV_ID="$(systemctl show --property=InvocationID "$UNIT_NAME.service")"
-+TIMER_LAST_TRIGGER="$(systemctl show --property=LastTriggerUSec "$UNIT_NAME.timer")"
-+
-+# Now restart the timer and check if the timer and the service weren't triggered again
-+systemctl restart "$UNIT_NAME.timer"
-+sleep 5
-+[[ "$(journalctl -q -p info --since="@$JOURNAL_TS" --unit="$UNIT_NAME" --grep="$TEST_MESSAGE" | wc -l)" -eq 1 ]]
-+[[ "$SERVICE_INV_ID" == "$(systemctl show --property=InvocationID "$UNIT_NAME.service")" ]]
-+[[ "$TIMER_LAST_TRIGGER" == "$(systemctl show --property=LastTriggerUSec "$UNIT_NAME.timer")" ]]
-+
-+# Set the timer into the past, restart it, and again check if it wasn't triggered
-+TIMER_TS="$(date --date="-1 day" "+%Y-%m-%d %H:%M:%S")"
-+mkdir "/run/systemd/system/$UNIT_NAME.timer.d/"
-+cat >"/run/systemd/system/$UNIT_NAME.timer.d/99-override.conf" <<EOF
-+[Timer]
-+OnCalendar=$TIMER_TS
-+EOF
-+systemctl daemon-reload
-+systemctl status --no-pager "$UNIT_NAME.timer"
-+[[ "$(systemctl show -p TimersCalendar "$UNIT_NAME".timer)" == *"OnCalendar=$TIMER_TS"* ]]
-+systemctl restart "$UNIT_NAME.timer"
-+sleep 5
-+[[ "$(journalctl -q -p info --since="@$JOURNAL_TS" --unit="$UNIT_NAME" --grep="$TEST_MESSAGE" | wc -l)" -eq 1 ]]
-+[[ "$SERVICE_INV_ID" == "$(systemctl show --property=InvocationID "$UNIT_NAME.service")" ]]
-+[[ "$TIMER_LAST_TRIGGER" == "$(systemctl show --property=LastTriggerUSec "$UNIT_NAME.timer")" ]]
-+
-+# Cleanup
-+systemctl stop "$UNIT_NAME".{timer,service}
-+rm -f "/run/systemd/system/$UNIT_NAME".{timer,service}
-+systemctl daemon-reload

SOURCES/1045-test-check-the-next-elapse-timer-timestamp-after-des.patch

@@ -1,137 +0,0 @@
-From fdd763b42d864b4f7777fe9394a29c520c613d78 Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <frantisek@sumsal.cz>
-Date: Tue, 23 Sep 2025 21:04:12 +0200
-Subject: [PATCH] test: check the next elapse timer timestamp after
- deserialization
-
-When deserializing a serialized timer unit with RandomizedDelaySec= set,
-systemd should use the last inactive exit timestamp instead of current
-realtime to calculate the new next elapse, so the timer unit actually
-runs in the given calendar window.
-
-Provides coverage for:
-  - https://github.com/systemd/systemd/issues/18678
-  - https://github.com/systemd/systemd/pull/27752
-
-(cherry picked from commit f4c3c107d9be4e922a080fc292ed3889c4e0f4a5)
-
-Related: RHEL-108744
----
- .../testsuite.RandomizedDelaySec-reload.sh    | 94 +++++++++++++++++++
- test/test-functions                           |  2 +-
- 2 files changed, 95 insertions(+), 1 deletion(-)
- create mode 100755 test/TEST-53-TIMER/testsuite.RandomizedDelaySec-reload.sh
-
-diff --git a/test/TEST-53-TIMER/testsuite.RandomizedDelaySec-reload.sh b/test/TEST-53-TIMER/testsuite.RandomizedDelaySec-reload.sh
-new file mode 100755
-index 0000000000..54b90d3dd1
---- /dev/null
-+++ b/test/TEST-53-TIMER/testsuite.RandomizedDelaySec-reload.sh
-@@ -0,0 +1,94 @@
-+#!/usr/bin/env bash
-+# SPDX-License-Identifier: LGPL-2.1-or-later
-+#
-+# When deserializing a serialized timer unit with RandomizedDelaySec= set, systemd should use the last
-+# inactive exit timestamp instead of current realtime to calculate the new next elapse, so the timer unit
-+# actually runs in the given calendar window.
-+#
-+# Provides coverage for:
-+#   - https://github.com/systemd/systemd/issues/18678
-+#   - https://github.com/systemd/systemd/pull/27752
-+set -eux
-+set -o pipefail
-+
-+UNIT_NAME="timer-RandomizedDelaySec-$RANDOM"
-+TARGET_TS="$(date --date="tomorrow 00:10")"
-+TARGET_TS_S="$(date --date="$TARGET_TS" "+%s")"
-+# Maximum possible next elapse timestamp: $TARGET_TS (OnCalendar=) + 22 hours (RandomizedDelaySec=)
-+MAX_NEXT_ELAPSE_REALTIME_S="$((TARGET_TS_S + 22 * 60 * 60))"
-+MAX_NEXT_ELAPSE_REALTIME="$(date --date="@$MAX_NEXT_ELAPSE_REALTIME_S")"
-+
-+# Let's make sure to return the date & time back to the original state once we're done with our time
-+# shenigans. One way to do this would be to use hwclock, but the RTC in VMs can be unreliable or slow to
-+# respond, causing unexpected test fails/timeouts.
-+#
-+# Instead, let's save the realtime timestamp before we start with the test together with a current monotonic
-+# timestamp, after the test ends take the difference between the current monotonic timestamp and the "start"
-+# one, add it to the originally saved realtime timestamp, and finally use that timestamp to set the system
-+# time. This should advance the system time by the amount of time the test actually ran, and hence restore it
-+# to some sane state after the time jumps performed by the test. It won't be perfect, but it should be close
-+# enough for our needs.
-+START_REALTIME="$(date "+%s")"
-+START_MONOTONIC="$(cut -d . -f 1 /proc/uptime)"
-+at_exit() {
-+    : "Restore the system date to a sane state"
-+    END_MONOTONIC="$(cut -d . -f 1 /proc/uptime)"
-+    date --set="@$((START_REALTIME + END_MONOTONIC - START_MONOTONIC))"
-+}
-+trap at_exit EXIT
-+
-+# Set some predictable time so we can schedule the first timer elapse in a deterministic-ish way
-+date --set="23:00"
-+
-+# Setup
-+cat >"/run/systemd/system/$UNIT_NAME.timer" <<EOF
-+[Timer]
-+# Run this timer daily, ten minutes after midnight
-+OnCalendar=*-*-* 00:10:00
-+RandomizedDelaySec=22h
-+AccuracySec=1ms
-+EOF
-+
-+cat >"/run/systemd/system/$UNIT_NAME.service" <<EOF
-+[Service]
-+ExecStart=echo "Hello world"
-+EOF
-+
-+systemctl daemon-reload
-+
-+check_elapse_timestamp() {
-+    systemctl status --no-pager "$UNIT_NAME.timer"
-+    systemctl show -p InactiveExitTimestamp --no-pager "$UNIT_NAME.timer"
-+
-+    NEXT_ELAPSE_REALTIME="$(systemctl show -p NextElapseUSecRealtime "$UNIT_NAME.timer" | cut -d = -f 2)"
-+    NEXT_ELAPSE_REALTIME_S="$(date --date="$NEXT_ELAPSE_REALTIME" "+%s")"
-+    : "Next elapse timestamp should be $TARGET_TS <= $NEXT_ELAPSE_REALTIME <= $MAX_NEXT_ELAPSE_REALTIME"
-+    [[ "$NEXT_ELAPSE_REALTIME_S" -ge "$TARGET_TS_S" ]]
-+    [[ "$NEXT_ELAPSE_REALTIME_S" -le "$MAX_NEXT_ELAPSE_REALTIME_S" ]]
-+}
-+
-+# Restart the timer unit and check the initial next elapse timestamp
-+: "Initial next elapse timestamp"
-+systemctl restart "$UNIT_NAME.timer"
-+check_elapse_timestamp
-+
-+# Bump the system date to 1 minute after the original calendar timer would've expired (without any random
-+# delay!) - systemd should recalculate the next elapse timestamp with a new randomized delay, but it should
-+# use the original inactive exit timestamp as a "base", so the final timestamp should not end up beyond the
-+# original calendar timestamp + randomized delay range.
-+#
-+# Similarly, do the same check after doing daemon-reload, as that also forces systemd to recalculate the next
-+# elapse timestamp (this goes through a slightly different codepath that actually contained the original
-+# issue).
-+: "Next elapse timestamp after time jump"
-+date -s "tomorrow 00:11"
-+check_elapse_timestamp
-+
-+: "Next elapse timestamp after daemon-reload"
-+systemctl daemon-reload
-+check_elapse_timestamp
-+
-+# Cleanup
-+systemctl stop "$UNIT_NAME".{timer,service}
-+rm -f "/run/systemd/system/$UNIT_NAME".{timer,service}
-+systemctl daemon-reload
-diff --git a/test/test-functions b/test/test-functions
-index 2345ab6e8a..f367994fe5 100644
---- a/test/test-functions
-+++ b/test/test-functions
-@@ -23,7 +23,7 @@ fi
- 
- PATH_TO_INIT=$ROOTLIBDIR/systemd
- 
--BASICTOOLS="test sh bash setsid loadkeys setfont login sulogin gzip sleep echo mount umount cryptsetup date dmsetup modprobe sed cmp tee rm true false chmod chown ln xargs env mktemp mountpoint useradd userdel timeout jq wc awk diff dirname readlink"
-+BASICTOOLS="test sh bash setsid loadkeys setfont login sulogin gzip sleep echo mount umount cryptsetup date dmsetup modprobe sed cmp tee rm true false chmod chown ln xargs env mktemp mountpoint useradd userdel timeout jq wc awk diff dirname readlink cut"
- DEBUGTOOLS="df free ls stty cat ps ln ip route dmesg dhclient mkdir cp ping dhclient strace less grep id tty touch du sort hostname find"
- 
- STATEDIR="${BUILD_DIR:-.}/test/$(basename $(dirname $(realpath $0)))"

SOURCES/1046-timer-don-t-run-service-immediately-after-restart-of.patch

@@ -1,29 +0,0 @@
-From 0c0bcf0d2d812fe2fe755a30c32421e8d8c6993a Mon Sep 17 00:00:00 2001
-From: Lukas Nykryn <lnykryn@redhat.com>
-Date: Tue, 9 Sep 2025 15:24:22 +0200
-Subject: [PATCH] timer: don't run service immediately after restart of a timer
-
-When a timer is restarted, don't reset the last_trigger field.
-This prevents the timer from triggering immediately.
-
-Fixes: #31231
-(cherry picked from commit 3fc44a0f68412b649e16f12ff2f97a36c615457d)
-
-Resolves: RHEL-108744
----
- src/core/timer.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/src/core/timer.c b/src/core/timer.c
-index 81468d4ca6..ef48a62781 100644
---- a/src/core/timer.c
-+++ b/src/core/timer.c
-@@ -601,8 +601,6 @@ static int timer_start(Unit *u) {
-         if (r < 0)
-                 return r;
- 
--        t->last_trigger = DUAL_TIMESTAMP_NULL;
--
-         /* Reenable all timers that depend on unit activation time */
-         LIST_FOREACH(value, v, t->values)
-                 if (v->base == TIMER_ACTIVE)

SOURCES/1047-Revert-test-extend-testcase-to-ensure-controller-mem.patch

@@ -1,47 +0,0 @@
-From 3aa7f6e335b388a38ef756ecd2acdf545894d3fb Mon Sep 17 00:00:00 2001
-From: David Tardon <dtardon@redhat.com>
-Date: Thu, 2 Oct 2025 10:06:01 +0200
-Subject: [PATCH] Revert "test: extend testcase to ensure controller membership
- doesn't regress"
-
-This reverts commit a3ce5bf1ff531f29c329b3298f3ef69d99e3cbed.
-
-Related: RHEL-9322
----
- test/TEST-19-DELEGATE/testsuite.sh | 21 ++-------------------
- 1 file changed, 2 insertions(+), 19 deletions(-)
-
-diff --git a/test/TEST-19-DELEGATE/testsuite.sh b/test/TEST-19-DELEGATE/testsuite.sh
-index 8a3e9eb5fb..c4c948cc11 100755
---- a/test/TEST-19-DELEGATE/testsuite.sh
-+++ b/test/TEST-19-DELEGATE/testsuite.sh
-@@ -21,27 +21,10 @@ if grep -q cgroup2 /proc/filesystems ; then
-                     -w /sys/fs/cgroup/system.slice/test0.service/cgroup.subtree_control
- 
-         systemd-run --wait --unit=test1.service -p "DynamicUser=1" -p "Delegate=memory pids" \
--                    grep -q memory /sys/fs/cgroup/system.slice/test1.service/cgroup.controllers
-+                    grep memory /sys/fs/cgroup/system.slice/test1.service/cgroup.controllers
- 
-         systemd-run --wait --unit=test2.service -p "DynamicUser=1" -p "Delegate=memory pids" \
--                    grep -q pids /sys/fs/cgroup/system.slice/test2.service/cgroup.controllers
--
--        # "io" is not among the controllers enabled by default for all units, verify that
--        grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
--
--        # Run a service with "io" enabled, and verify it works
--        systemd-run --wait --unit=test3.service -p "IOAccounting=yes" -p "Slice=system-foo-bar-baz.slice"  \
--                    grep -q io /sys/fs/cgroup/system.slice/system-foo.slice/system-foo-bar.slice/system-foo-bar-baz.slice/test3.service/cgroup.controllers
--
--        # We want to check if "io" is removed again from the controllers
--        # list. However, PID 1 (rightfully) does this asynchronously. In order
--        # to force synchronization on this, let's start a short-lived service
--        # which requires PID 1 to refresh the cgroup tree, so that we can
--        # verify that this all works.
--        systemd-run --wait --unit=test4.service true
--
--        # And now check again, "io" should have vanished
--        grep -qv io /sys/fs/cgroup/system.slice/cgroup.controllers
-+                    grep pids /sys/fs/cgroup/system.slice/test2.service/cgroup.controllers
- 
-         # Check that unprivileged delegation works for scopes
-         test_scope_unpriv_delegation

SOURCES/1048-cryptsetup-generator-refactor-add_crypttab_devices.patch

@@ -1,110 +0,0 @@
-From d2cd65067fc614367a4efe460de5006ad3cfdb91 Mon Sep 17 00:00:00 2001
-From: David Tardon <dtardon@redhat.com>
-Date: Thu, 30 May 2024 10:44:36 +0200
-Subject: [PATCH] cryptsetup-generator: refactor add_crypttab_devices()
-
-Move the processing of a crypttab entry to a separate function.
-
-No functional changes, just refactoring.
-
-(cherry picked from commit a07cb7d404582f9c0bfaedb9dd07f93848aa91c6)
-
-Related: RHEL-38859
----
- src/cryptsetup/cryptsetup-generator.c | 63 ++++++++++++++++-----------
- 1 file changed, 38 insertions(+), 25 deletions(-)
-
-diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
-index 4117930925..50c2a5093a 100644
---- a/src/cryptsetup/cryptsetup-generator.c
-+++ b/src/cryptsetup/cryptsetup-generator.c
-@@ -525,10 +525,44 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
-         return 0;
- }
- 
-+static int add_crypttab_device(const char *name, const char *device,  const char *keyspec, const char *options) {
-+        _cleanup_free_ char *keyfile = NULL, *keydev = NULL;
-+        crypto_device *d = NULL;
-+        char *uuid;
-+        int r;
-+
-+        uuid = startswith(device, "UUID=");
-+        if (!uuid)
-+                uuid = path_startswith(device, "/dev/disk/by-uuid/");
-+        if (!uuid)
-+                uuid = startswith(name, "luks-");
-+        if (uuid)
-+                d = hashmap_get(arg_disks, uuid);
-+
-+        if (arg_whitelist && !d) {
-+                log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
-+                return 0;
-+        }
-+
-+        r = split_keyspec(keyspec, &keyfile, &keydev);
-+        if (r < 0)
-+                return r;
-+
-+        r = create_disk(name, device, keyfile, keydev, (d && d->options) ? d->options : options);
-+        if (r < 0)
-+                return r;
-+
-+        if (d)
-+                d->create = false;
-+
-+        return 0;
-+}
-+
- static int add_crypttab_devices(void) {
-         struct stat st;
-         unsigned crypttab_line = 0;
-         _cleanup_fclose_ FILE *f = NULL;
-+        int r;
- 
-         if (!arg_read_crypttab)
-                 return 0;
-@@ -548,10 +582,9 @@ static int add_crypttab_devices(void) {
-         }
- 
-         for (;;) {
--                int r, k;
--                char line[LINE_MAX], *l, *uuid;
--                crypto_device *d = NULL;
--                _cleanup_free_ char *name = NULL, *device = NULL, *keydev = NULL, *keyfile = NULL, *keyspec = NULL, *options = NULL;
-+                char line[LINE_MAX], *l;
-+                _cleanup_free_ char *name = NULL, *device = NULL, *keyspec = NULL, *options = NULL;
-+                int k;
- 
-                 if (!fgets(line, sizeof(line), f))
-                         break;
-@@ -568,29 +601,9 @@ static int add_crypttab_devices(void) {
-                         continue;
-                 }
- 
--                uuid = startswith(device, "UUID=");
--                if (!uuid)
--                        uuid = path_startswith(device, "/dev/disk/by-uuid/");
--                if (!uuid)
--                        uuid = startswith(name, "luks-");
--                if (uuid)
--                        d = hashmap_get(arg_disks, uuid);
--
--                if (arg_whitelist && !d) {
--                        log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
--                        continue;
--                }
--
--                r = split_keyspec(keyspec, &keyfile, &keydev);
-+                r = add_crypttab_device(name, device, keyspec, options);
-                 if (r < 0)
-                         return r;
--
--                r = create_disk(name, device, keyfile, keydev, (d && d->options) ? d->options : options);
--                if (r < 0)
--                        return r;
--
--                if (d)
--                        d->create = false;
-         }
- 
-         return 0;

SOURCES/1049-cryptsetup-generator-continue-parsing-after-error.patch

@@ -1,43 +0,0 @@
-From 19a8582024046a483f1631fd6be43126ea30b67c Mon Sep 17 00:00:00 2001
-From: David Tardon <dtardon@redhat.com>
-Date: Thu, 30 May 2024 10:46:13 +0200
-Subject: [PATCH] cryptsetup-generator: continue parsing after error
-
-Let's make the crypttab parser more robust and continue even if parsing
-of a line failed.
-
-(cherry picked from commit 83813bae7ae471862ff84b038b5e4eaefae41c98)
-
-Resolves: RHEL-38859
----
- src/cryptsetup/cryptsetup-generator.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
-index 50c2a5093a..ae3e2282fd 100644
---- a/src/cryptsetup/cryptsetup-generator.c
-+++ b/src/cryptsetup/cryptsetup-generator.c
-@@ -562,7 +562,7 @@ static int add_crypttab_devices(void) {
-         struct stat st;
-         unsigned crypttab_line = 0;
-         _cleanup_fclose_ FILE *f = NULL;
--        int r;
-+        int r, ret = 0;
- 
-         if (!arg_read_crypttab)
-                 return 0;
-@@ -602,11 +602,11 @@ static int add_crypttab_devices(void) {
-                 }
- 
-                 r = add_crypttab_device(name, device, keyspec, options);
--                if (r < 0)
--                        return r;
-+                if (r < 0 && ret >= 0)
-+                        ret = r;
-         }
- 
--        return 0;
-+        return ret;
- }
- 
- static int add_proc_cmdline_devices(void) {

SOURCES/1050-hwdb-add-ACCEL_LOCATION-property-to-parse_hwdb.py.patch

@@ -1,48 +0,0 @@
-From fea96208a7fbe748e2aefbf0c52dafcbf691f05f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Lu=C3=ADs=20Ferreira?= <contact@lsferreira.net>
-Date: Sat, 13 Apr 2019 19:12:51 +0100
-Subject: [PATCH] hwdb: add ACCEL_LOCATION property to parse_hwdb.py
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Luís Ferreira <contact@lsferreira.net>
-(cherry picked from commit ccf478417455ab1191571923fa640363d4c4b7a6)
-
-Related: RHEL-130979
----
- hwdb/parse_hwdb.py | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/hwdb/parse_hwdb.py b/hwdb/parse_hwdb.py
-index 4900a25778..6943c688eb 100755
---- a/hwdb/parse_hwdb.py
-+++ b/hwdb/parse_hwdb.py
-@@ -128,6 +128,7 @@ def property_grammar():
-              ('KEYBOARD_LED_NUMLOCK', Literal('0')),
-              ('KEYBOARD_LED_CAPSLOCK', Literal('0')),
-              ('ACCEL_MOUNT_MATRIX', mount_matrix),
-+             ('ACCEL_LOCATION', STRING),
-             )
-     fixed_props = [Literal(name)('NAME') - Suppress('=') - val('VALUE')
-                    for name, val in props]
-@@ -179,6 +180,10 @@ def check_one_default(prop, settings):
-     if len(defaults) > 1:
-         error('More than one star entry: {!r}', prop)
- 
-+def check_one_accel_location(prop, value):
-+    if value not in ['base', 'display']:
-+        error('Wrong accel location: {!r}', prop)
-+
- def check_one_mount_matrix(prop, value):
-     numbers = [s for s in value if s not in {';', ','}]
-     if len(numbers) != 9:
-@@ -221,6 +226,8 @@ def check_properties(groups):
-                 check_one_default(prop, parsed.VALUE.SETTINGS)
-             elif parsed.NAME == 'ACCEL_MOUNT_MATRIX':
-                 check_one_mount_matrix(prop, parsed.VALUE)
-+            elif parsed.NAME == 'ACCEL_LOCATION':
-+                check_one_accel_location(prop, parsed.VALUE)
-             elif parsed.NAME.startswith('KEYBOARD_KEY_'):
-                 check_one_keycode(prop, parsed.VALUE)
- 

SOURCES/1051-hwdb-update-ACCEL_LOCATION-property-to-use-Or-instea.patch

@@ -1,46 +0,0 @@
-From 36167a7b6617b0c8e1e15a91eccf5cdb19f0ee1b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Lu=C3=ADs=20Ferreira?= <contact@lsferreira.net>
-Date: Sun, 19 May 2019 19:22:41 +0100
-Subject: [PATCH] hwdb: update ACCEL_LOCATION property to use Or instead of
- QuotedString
-
-(cherry picked from commit 331e34fe1db427127aefa3b5ca6d5b568ecf86d2)
-
-Related: RHEL-130979
----
- hwdb/parse_hwdb.py | 8 +-------
- 1 file changed, 1 insertion(+), 7 deletions(-)
-
-diff --git a/hwdb/parse_hwdb.py b/hwdb/parse_hwdb.py
-index 6943c688eb..99fb5b1438 100755
---- a/hwdb/parse_hwdb.py
-+++ b/hwdb/parse_hwdb.py
-@@ -128,7 +128,7 @@ def property_grammar():
-              ('KEYBOARD_LED_NUMLOCK', Literal('0')),
-              ('KEYBOARD_LED_CAPSLOCK', Literal('0')),
-              ('ACCEL_MOUNT_MATRIX', mount_matrix),
--             ('ACCEL_LOCATION', STRING),
-+             ('ACCEL_LOCATION', Or(('display', 'base'))),
-             )
-     fixed_props = [Literal(name)('NAME') - Suppress('=') - val('VALUE')
-                    for name, val in props]
-@@ -180,10 +180,6 @@ def check_one_default(prop, settings):
-     if len(defaults) > 1:
-         error('More than one star entry: {!r}', prop)
- 
--def check_one_accel_location(prop, value):
--    if value not in ['base', 'display']:
--        error('Wrong accel location: {!r}', prop)
--
- def check_one_mount_matrix(prop, value):
-     numbers = [s for s in value if s not in {';', ','}]
-     if len(numbers) != 9:
-@@ -226,8 +222,6 @@ def check_properties(groups):
-                 check_one_default(prop, parsed.VALUE.SETTINGS)
-             elif parsed.NAME == 'ACCEL_MOUNT_MATRIX':
-                 check_one_mount_matrix(prop, parsed.VALUE)
--            elif parsed.NAME == 'ACCEL_LOCATION':
--                check_one_accel_location(prop, parsed.VALUE)
-             elif parsed.NAME.startswith('KEYBOARD_KEY_'):
-                 check_one_keycode(prop, parsed.VALUE)
- 

SOURCES/1052-test-support-general-properties-in-hwdb-files.patch

@@ -1,55 +0,0 @@
-From 1c772da6f3e7a588e8a73af4e26947d25c3053a8 Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <fsumsal@redhat.com>
-Date: Tue, 25 Nov 2025 17:45:27 +0100
-Subject: [PATCH] test: support general properties in hwdb files
-
-Loosely cherry-picked from aa549ff3972b067c4225db0a845f5c638842fba3.
-
-rhel-only
-Related: RHEL-130979
----
- hwdb/parse_hwdb.py | 18 +++++++++++++++++-
- 1 file changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/hwdb/parse_hwdb.py b/hwdb/parse_hwdb.py
-index 99fb5b1438..c94ad9bea6 100755
---- a/hwdb/parse_hwdb.py
-+++ b/hwdb/parse_hwdb.py
-@@ -70,13 +70,28 @@ TYPES = {'mouse':    ('usb', 'bluetooth', 'ps2', '*'),
-          'sensor':   ('modalias', ),
-         }
- 
-+# Patterns that are used to set general properties on a device
-+GENERAL_MATCHES = {'acpi',
-+                   'bluetooth',
-+                   'usb',
-+                   'pci',
-+                   'sdio',
-+                   'vmbus',
-+                   'OUI',
-+                   }
-+
-+
- @lru_cache()
- def hwdb_grammar():
-     ParserElement.setDefaultWhitespaceChars('')
- 
-     prefix = Or(category + ':' + Or(conn) + ':'
-                 for category, conn in TYPES.items())
--    matchline = Combine(prefix + Word(printables + ' ' + '®')) + EOL
-+
-+    matchline_typed = Combine(prefix + Word(printables + ' ' + '®'))
-+    matchline_general = Combine(Or(GENERAL_MATCHES) + ':' + Word(printables))
-+    matchline = (matchline_typed | matchline_general) + EOL
-+
-     propertyline = (White(' ', exact=1).suppress() +
-                     Combine(UDEV_TAG - '=' - Word(alphanums + '_=:@*.!-;, "') - Optional(pythonStyleComment)) +
-                     EOL)
-@@ -104,6 +119,7 @@ def property_grammar():
-              ('MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL', INTEGER),
-              ('MOUSE_WHEEL_CLICK_COUNT', INTEGER),
-              ('MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL', INTEGER),
-+             ('ID_AUTOSUSPEND', Literal('1')),
-              ('ID_INPUT', Literal('1')),
-              ('ID_INPUT_ACCELEROMETER', Literal('1')),
-              ('ID_INPUT_JOYSTICK', Literal('1')),

SOURCES/1053-hwdb-Relax-parsing-script-to-allow-0-and-1-for-all-I.patch

@@ -1,56 +0,0 @@
-From 77fec6b9de7ae11fe69d0ff48cfd4406345be3f9 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Bj=C3=B6rn=20Daase?= <bjoern@daase.net>
-Date: Fri, 8 Jan 2021 10:32:36 +0100
-Subject: [PATCH] hwdb: Relax parsing script to allow 0 and 1 for all ID_*
- properties
-
-(cherry picked from commit ad0d9c0109d45c12c6517684d84ea033cf8d54a7)
-
-Related: RHEL-130979
----
- hwdb/parse_hwdb.py | 32 ++++++++++++++++----------------
- 1 file changed, 16 insertions(+), 16 deletions(-)
-
-diff --git a/hwdb/parse_hwdb.py b/hwdb/parse_hwdb.py
-index c94ad9bea6..d15ae0470c 100755
---- a/hwdb/parse_hwdb.py
-+++ b/hwdb/parse_hwdb.py
-@@ -119,22 +119,22 @@ def property_grammar():
-              ('MOUSE_WHEEL_CLICK_ANGLE_HORIZONTAL', INTEGER),
-              ('MOUSE_WHEEL_CLICK_COUNT', INTEGER),
-              ('MOUSE_WHEEL_CLICK_COUNT_HORIZONTAL', INTEGER),
--             ('ID_AUTOSUSPEND', Literal('1')),
--             ('ID_INPUT', Literal('1')),
--             ('ID_INPUT_ACCELEROMETER', Literal('1')),
--             ('ID_INPUT_JOYSTICK', Literal('1')),
--             ('ID_INPUT_KEY', Literal('1')),
--             ('ID_INPUT_KEYBOARD', Literal('1')),
--             ('ID_INPUT_MOUSE', Literal('1')),
--             ('ID_INPUT_POINTINGSTICK', Literal('1')),
--             ('ID_INPUT_SWITCH', Literal('1')),
--             ('ID_INPUT_TABLET', Literal('1')),
--             ('ID_INPUT_TABLET_PAD', Literal('1')),
--             ('ID_INPUT_TOUCHPAD', Literal('1')),
--             ('ID_INPUT_TOUCHSCREEN', Literal('1')),
--             ('ID_INPUT_TRACKBALL', Literal('1')),
--             ('MOUSE_WHEEL_TILT_HORIZONTAL', Literal('1')),
--             ('MOUSE_WHEEL_TILT_VERTICAL', Literal('1')),
-+             ('ID_AUTOSUSPEND', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_ACCELEROMETER', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_JOYSTICK', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_KEY', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_KEYBOARD', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_MOUSE', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_POINTINGSTICK', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_SWITCH', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_TABLET', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_TABLET_PAD', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_TOUCHPAD', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_TOUCHSCREEN', Or((Literal('0'), Literal('1')))),
-+             ('ID_INPUT_TRACKBALL', Or((Literal('0'), Literal('1')))),
-+             ('MOUSE_WHEEL_TILT_HORIZONTAL', Or((Literal('0'), Literal('1')))),
-+             ('MOUSE_WHEEL_TILT_VERTICAL', Or((Literal('0'), Literal('1')))),
-              ('POINTINGSTICK_SENSITIVITY', INTEGER),
-              ('POINTINGSTICK_CONST_ACCEL', REAL),
-              ('ID_INPUT_JOYSTICK_INTEGRATION', Or(('internal', 'external'))),

SOURCES/1054-hwdb-allow-spaces-in-usb-matches-and-similar-pattern.patch

@@ -1,28 +0,0 @@
-From 6c95b29117469a5ecb22655fb561dceee04106e8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Fri, 17 Jul 2020 07:44:10 +0200
-Subject: [PATCH] hwdb: allow spaces in usb: matches and similar patterns
-
-In the past we didn't have any matches like that, so the parser was stricter
-than necessary, but now we have, so allow that.
-
-(cherry picked from commit 457763aa0393a9f11e30071bb3794caf1a4f2f64)
-
-Related: RHEL-130979
----
- hwdb/parse_hwdb.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hwdb/parse_hwdb.py b/hwdb/parse_hwdb.py
-index d15ae0470c..db26a5e4d4 100755
---- a/hwdb/parse_hwdb.py
-+++ b/hwdb/parse_hwdb.py
-@@ -89,7 +89,7 @@ def hwdb_grammar():
-                 for category, conn in TYPES.items())
- 
-     matchline_typed = Combine(prefix + Word(printables + ' ' + '®'))
--    matchline_general = Combine(Or(GENERAL_MATCHES) + ':' + Word(printables))
-+    matchline_general = Combine(Or(GENERAL_MATCHES) + ':' + Word(printables + ' ' + '®'))
-     matchline = (matchline_typed | matchline_general) + EOL
- 
-     propertyline = (White(' ', exact=1).suppress() +

SOURCES/1055-test-fix-parsing-of-60-seat.hwdb-and-60-keyboard.hwd.patch

@@ -1,83 +0,0 @@
-From aa5ed0d813964222dfe337c0733d4586d7a4f647 Mon Sep 17 00:00:00 2001
-From: Frantisek Sumsal <fsumsal@redhat.com>
-Date: Tue, 25 Nov 2025 17:56:16 +0100
-Subject: [PATCH] test: fix parsing of 60-seat.hwdb and 60-keyboard.hwdb
-
-This includes changes for hwdb/parse_hwdb.py from commits:
-  - c0b2e69f8815881d51b68b4f73e6c7f8cc2417a1
-  - d7d31692bf7cde5dce7f4ed3cae429a5b302a9f0
-  - a136c2cdd84c93c2fa5e1cedb20f5acac80df5be
-  - and possibly others
-
-The hwdb changes from these commits were backported as part of
-793dc4d9e32baba27eac1f37283a7485b0889803.
-
-rhel-only
-Related: RHEL-130979
----
- hwdb/parse_hwdb.py | 14 +++++++++-----
- 1 file changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/hwdb/parse_hwdb.py b/hwdb/parse_hwdb.py
-index db26a5e4d4..956b206b00 100755
---- a/hwdb/parse_hwdb.py
-+++ b/hwdb/parse_hwdb.py
-@@ -34,7 +34,7 @@ try:
-                            LineStart, LineEnd,
-                            OneOrMore, Combine, Or, Optional, Suppress, Group,
-                            nums, alphanums, printables,
--                           stringEnd, pythonStyleComment, QuotedString,
-+                           stringEnd, pythonStyleComment,
-                            ParseBaseException)
- except ImportError:
-     print('pyparsing is not available')
-@@ -56,13 +56,13 @@ EOL = LineEnd().suppress()
- EMPTYLINE = LineEnd()
- COMMENTLINE = pythonStyleComment + EOL
- INTEGER = Word(nums)
--STRING =  QuotedString('"')
- REAL = Combine((INTEGER + Optional('.' + Optional(INTEGER))) ^ ('.' + INTEGER))
- SIGNED_REAL = Combine(Optional(Word('-+')) + REAL)
- UDEV_TAG = Word(string.ascii_uppercase, alphanums + '_')
- 
- TYPES = {'mouse':    ('usb', 'bluetooth', 'ps2', '*'),
-          'evdev':    ('name', 'atkbd', 'input'),
-+         'fb':       ('pci'),
-          'id-input': ('modalias'),
-          'touchpad': ('i8042', 'rmi', 'bluetooth', 'usb'),
-          'joystick': ('i8042', 'rmi', 'bluetooth', 'usb'),
-@@ -93,7 +93,8 @@ def hwdb_grammar():
-     matchline = (matchline_typed | matchline_general) + EOL
- 
-     propertyline = (White(' ', exact=1).suppress() +
--                    Combine(UDEV_TAG - '=' - Word(alphanums + '_=:@*.!-;, "') - Optional(pythonStyleComment)) +
-+                    Combine(UDEV_TAG - '=' - Optional(Word(alphanums + '_=:@*.!-;, "'))
-+                            - Optional(pythonStyleComment)) +
-                     EOL)
-     propertycomment = White(' ', exact=1) + pythonStyleComment + EOL
- 
-@@ -113,6 +114,7 @@ def property_grammar():
-     dpi_setting = (Optional('*')('DEFAULT') + INTEGER('DPI') + Suppress('@') + INTEGER('HZ'))('SETTINGS*')
-     mount_matrix_row = SIGNED_REAL + ',' + SIGNED_REAL + ',' + SIGNED_REAL
-     mount_matrix = (mount_matrix_row + ';' + mount_matrix_row + ';' + mount_matrix_row)('MOUNT_MATRIX')
-+    xkb_setting = Optional(Word(alphanums + '+-/@._'))
- 
-     props = (('MOUSE_DPI', Group(OneOrMore(dpi_setting))),
-              ('MOUSE_WHEEL_CLICK_ANGLE', INTEGER),
-@@ -139,12 +141,14 @@ def property_grammar():
-              ('POINTINGSTICK_CONST_ACCEL', REAL),
-              ('ID_INPUT_JOYSTICK_INTEGRATION', Or(('internal', 'external'))),
-              ('ID_INPUT_TOUCHPAD_INTEGRATION', Or(('internal', 'external'))),
--             ('XKB_FIXED_LAYOUT', STRING),
--             ('XKB_FIXED_VARIANT', STRING),
-+             ('XKB_FIXED_LAYOUT', xkb_setting),
-+             ('XKB_FIXED_VARIANT', xkb_setting),
-+             ('XKB_FIXED_MODEL', xkb_setting),
-              ('KEYBOARD_LED_NUMLOCK', Literal('0')),
-              ('KEYBOARD_LED_CAPSLOCK', Literal('0')),
-              ('ACCEL_MOUNT_MATRIX', mount_matrix),
-              ('ACCEL_LOCATION', Or(('display', 'base'))),
-+             ('ID_TAG_MASTER_OF_SEAT', Literal('1')),
-             )
-     fixed_props = [Literal(name)('NAME') - Suppress('=') - val('VALUE')
-                    for name, val in props]

SOURCES/1056-parse_hwdb-fix-compatibility-with-pyparsing-2.4.patch

@@ -1,54 +0,0 @@
-From c85ce044e87038724cc1095d86ebd15b2da4564f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Tue, 8 Oct 2019 14:44:35 +0200
-Subject: [PATCH] parse_hwdb: fix compatibility with pyparsing 2.4.*
-
-pyparsing 2.3.1/2.4.0 had some changes to grouping of And matches, and as a
-result we'd report 0 properties and 0 matches, and not really do any checks.
-
-With this change we get identical behaviour for pyparsing 2.3.1, 2.4.0, 2.4.2:
-
-$ hwdb/parse_hwdb.py
-hwdb/60-evdev.hwdb: 72 match groups, 94 matches, 262 properties
-hwdb/60-input-id.hwdb: 3 match groups, 3 matches, 4 properties
-hwdb/60-keyboard.hwdb: 173 match groups, 256 matches, 872 properties
-Keycode KBD_LCD_MENU1 unknown
-Keycode KBD_LCD_MENU4 unknown
-Keycode KBD_LCD_MENU2 unknown
-Keycode KBD_LCD_MENU3 unknown
-hwdb/60-sensor.hwdb: 101 match groups, 120 matches, 105 properties
-hwdb/70-joystick.hwdb: 2 match groups, 3 matches, 2 properties
-hwdb/70-mouse.hwdb: 104 match groups, 119 matches, 123 properties
-hwdb/70-pointingstick.hwdb: 8 match groups, 30 matches, 11 properties
-hwdb/70-touchpad.hwdb: 6 match groups, 9 matches, 6 properties
-
-(cherry picked from commit 2382a2e32b6076fa4603c958f84b46d5a5b13dfa)
-
-Related: RHEL-130979
----
- hwdb/parse_hwdb.py | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/hwdb/parse_hwdb.py b/hwdb/parse_hwdb.py
-index 956b206b00..8118ad4e3a 100755
---- a/hwdb/parse_hwdb.py
-+++ b/hwdb/parse_hwdb.py
-@@ -103,7 +103,7 @@ def hwdb_grammar():
-              (EMPTYLINE ^ stringEnd()).suppress())
-     commentgroup = OneOrMore(COMMENTLINE).suppress() - EMPTYLINE.suppress()
- 
--    grammar = OneOrMore(group('GROUPS*') ^ commentgroup) + stringEnd()
-+    grammar = OneOrMore(Group(group)('GROUPS*') ^ commentgroup) + stringEnd()
- 
-     return grammar
- 
-@@ -243,7 +243,8 @@ def check_properties(groups):
-             elif parsed.NAME == 'ACCEL_MOUNT_MATRIX':
-                 check_one_mount_matrix(prop, parsed.VALUE)
-             elif parsed.NAME.startswith('KEYBOARD_KEY_'):
--                check_one_keycode(prop, parsed.VALUE)
-+                val = parsed.VALUE if isinstance(parsed.VALUE, str) else parsed.VALUE[0]
-+                check_one_keycode(prop, val)
- 
- def print_summary(fname, groups):
-     print('{}: {} match groups, {} matches, {} properties'

SOURCES/1057-login-use-parse_uid-when-unmounting-user-runtime-dir.patch

@@ -1,109 +0,0 @@
-From 3d7dd494cd2c6cfe51f76de4fd0c8d2c6a80f0e4 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Mon, 9 Jul 2018 14:05:20 +0900
-Subject: [PATCH] login: use parse_uid() when unmounting user runtime directory
-
-When unmounting user runtime directory, only UID is necessary,
-and the corresponding user may not exist anymore.
-This makes first try to parse the input by parse_uid(), and only if it
-fails, prase the input by get_user_creds().
-
-Fixes #9541.
-
-(cherry picked from commit 86d18f3b09ec984ef3732567af992adb2dc77a8a)
-
-Resolves: RHEL-132175
----
- src/login/user-runtime-dir.c | 57 +++++++++++++++++++++++-------------
- 1 file changed, 36 insertions(+), 21 deletions(-)
-
-diff --git a/src/login/user-runtime-dir.c b/src/login/user-runtime-dir.c
-index 9693821990..51b864c9f8 100644
---- a/src/login/user-runtime-dir.c
-+++ b/src/login/user-runtime-dir.c
-@@ -110,8 +110,22 @@ static int user_remove_runtime_path(const char *runtime_path) {
-         return 0;
- }
- 
--static int do_mount(const char *runtime_path, uid_t uid, gid_t gid) {
-+static int do_mount(const char *user) {
-+        char runtime_path[sizeof("/run/user") + DECIMAL_STR_MAX(uid_t)];
-         size_t runtime_dir_size;
-+        uid_t uid;
-+        gid_t gid;
-+        int r;
-+
-+        r = get_user_creds(&user, &uid, &gid, NULL, NULL);
-+        if (r < 0)
-+                return log_error_errno(r,
-+                                       r == -ESRCH ? "No such user \"%s\"" :
-+                                       r == -ENOMSG ? "UID \"%s\" is invalid or has an invalid main group"
-+                                                    : "Failed to look up user \"%s\": %m",
-+                                       user);
-+
-+        xsprintf(runtime_path, "/run/user/" UID_FMT, uid);
- 
-         assert_se(gather_configuration(&runtime_dir_size) == 0);
- 
-@@ -119,16 +133,30 @@ static int do_mount(const char *runtime_path, uid_t uid, gid_t gid) {
-         return user_mkdir_runtime_path(runtime_path, uid, gid, runtime_dir_size);
- }
- 
--static int do_umount(const char *runtime_path) {
-+static int do_umount(const char *user) {
-+        char runtime_path[sizeof("/run/user") + DECIMAL_STR_MAX(uid_t)];
-+        uid_t uid;
-+        int r;
-+
-+        /* The user may be already removed. So, first try to parse the string by parse_uid(),
-+         * and if it fails, fallback to get_user_creds().*/
-+        if (parse_uid(user, &uid) < 0) {
-+                r = get_user_creds(&user, &uid, NULL, NULL, NULL);
-+                if (r < 0)
-+                        return log_error_errno(r,
-+                                               r == -ESRCH ? "No such user \"%s\"" :
-+                                               r == -ENOMSG ? "UID \"%s\" is invalid or has an invalid main group"
-+                                                            : "Failed to look up user \"%s\": %m",
-+                                               user);
-+        }
-+
-+        xsprintf(runtime_path, "/run/user/" UID_FMT, uid);
-+
-         log_debug("Will remove %s", runtime_path);
-         return user_remove_runtime_path(runtime_path);
- }
- 
- int main(int argc, char *argv[]) {
--        const char *user;
--        uid_t uid;
--        gid_t gid;
--        char runtime_path[sizeof("/run/user") + DECIMAL_STR_MAX(uid_t)];
-         int r;
- 
-         log_parse_environment();
-@@ -145,23 +173,10 @@ int main(int argc, char *argv[]) {
- 
-         umask(0022);
- 
--        user = argv[2];
--        r = get_user_creds(&user, &uid, &gid, NULL, NULL);
--        if (r < 0) {
--                log_error_errno(r,
--                                r == -ESRCH ? "No such user \"%s\"" :
--                                r == -ENOMSG ? "UID \"%s\" is invalid or has an invalid main group"
--                                             : "Failed to look up user \"%s\": %m",
--                                user);
--                return EXIT_FAILURE;
--        }
--
--        xsprintf(runtime_path, "/run/user/" UID_FMT, uid);
--
-         if (streq(argv[1], "start"))
--                r = do_mount(runtime_path, uid, gid);
-+                r = do_mount(argv[2]);
-         else if (streq(argv[1], "stop"))
--                r = do_umount(runtime_path);
-+                r = do_umount(argv[2]);
-         else
-                 assert_not_reached("Unknown verb!");
- 

SOURCES/1058-pid1-do-not-use-generated-strings-as-format-strings-.patch

@@ -1,49 +0,0 @@
-From 2b0d33678cbd86d87691d044a5c11aa981a2316e Mon Sep 17 00:00:00 2001
-From: Lincoln Ramsay <a1291762@gmail.com>
-Date: Wed, 24 Mar 2021 17:37:25 +1000
-Subject: [PATCH] pid1: do not use generated strings as format strings (#19098)
-
-The generated string may include %, which will confuse both the
-xprintf call, and the VA_FORMAT_ADVANCE macro.
-
-Pass the generated string as an argument to a "%s" format string
-instead.
-
-(cherry picked from commit 7325a2b2d15af09a9389723d6153050130c0bd36)
-
-Resolves: RHEL-132317
----
- src/core/transaction.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/core/transaction.c b/src/core/transaction.c
-index 8196aba927..4d6cb01fa4 100644
---- a/src/core/transaction.c
-+++ b/src/core/transaction.c
-@@ -395,7 +395,7 @@ static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsi
-                                    j->unit->id,
-                                    unit_id == array ? "ordering cycle" : "dependency",
-                                    *unit_id, *job_type,
--                                   unit_ids);
-+                                   "%s", unit_ids);
- 
-                 if (delete) {
-                         const char *status;
-@@ -404,7 +404,7 @@ static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsi
-                                    "MESSAGE=%s: Job %s/%s deleted to break ordering cycle starting with %s/%s",
-                                    j->unit->id, delete->unit->id, job_type_to_string(delete->type),
-                                    j->unit->id, job_type_to_string(j->type),
--                                   unit_ids);
-+                                   "%s", unit_ids);
- 
-                         if (log_get_show_color())
-                                 status = ANSI_HIGHLIGHT_RED " SKIP " ANSI_NORMAL;
-@@ -420,7 +420,7 @@ static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsi
-                 log_struct(LOG_ERR,
-                            "MESSAGE=%s: Unable to break cycle starting with %s/%s",
-                            j->unit->id, j->unit->id, job_type_to_string(j->type),
--                           unit_ids);
-+                           "%s", unit_ids);
- 
-                 return sd_bus_error_setf(e, BUS_ERROR_TRANSACTION_ORDER_IS_CYCLIC,
-                                          "Transaction order is cyclic. See system logs for details.");

SOURCES/1059-core-transaction-make-merge_unit_ids-always-return-N.patch

@@ -1,57 +0,0 @@
-From 1f6175b1b397293fe363f2c192dd2f994cbfe43d Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Sat, 18 Mar 2023 12:12:01 +0900
-Subject: [PATCH] core/transaction: make merge_unit_ids() always return
- NUL-terminated string
-
-Follow-up for 924775e8ce49817f96df19c2b06356c12ecfc754.
-
-The loop run with `STRV_FOREACH_PAIR()`, hence `if (*(unit_id+1))` is
-not a good way to detect if there exist a next entry.
-
-Fixes #26872.
-
-(cherry picked from commit 366eced4c81a15a25b9225347fa203aa67798b02)
-
-Resolves: RHEL-132317
----
- src/core/transaction.c | 16 ++++++++++------
- 1 file changed, 10 insertions(+), 6 deletions(-)
-
-diff --git a/src/core/transaction.c b/src/core/transaction.c
-index 4d6cb01fa4..89cc1d0a4c 100644
---- a/src/core/transaction.c
-+++ b/src/core/transaction.c
-@@ -322,22 +322,26 @@ _pure_ static bool unit_matters_to_anchor(Unit *u, Job *j) {
- }
- 
- static char* merge_unit_ids(const char* unit_log_field, char **pairs) {
--        char **unit_id, **job_type, *ans = NULL;
--        size_t alloc = 0, size = 0, next;
-+        _cleanup_free_ char *ans = NULL;
-+        char **unit_id, **job_type;
-+        size_t alloc = 0, size = 0;
- 
-         STRV_FOREACH_PAIR(unit_id, job_type, pairs) {
-+                size_t next;
-+
-+                if (size > 0)
-+                        ans[size - 1] = '\n';
-+
-                 next = strlen(unit_log_field) + strlen(*unit_id);
-                 if (!GREEDY_REALLOC(ans, alloc, size + next + 1)) {
--                        return mfree(ans);
-+                        return NULL;
-                 }
- 
-                 sprintf(ans + size, "%s%s", unit_log_field, *unit_id);
--                if (*(unit_id+1))
--                        ans[size + next] =  '\n';
-                 size += next + 1;
-         }
- 
--        return ans;
-+        return TAKE_PTR(ans);
- }
- 
- static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsigned generation, sd_bus_error *e) {

SOURCES/1060-core-transaction-make-merge_unit_ids-return-non-NULL.patch

@@ -1,27 +0,0 @@
-From dc0b680699ec67ace0825724087487c3f5f82886 Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Sat, 18 Mar 2023 12:17:54 +0900
-Subject: [PATCH] core/transaction: make merge_unit_ids() return non-NULL on
- success
-
-(cherry picked from commit 999f16514367224cbc50cb3ccc1e4392e43f6811)
-
-Related: RHEL-132317
----
- src/core/transaction.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/core/transaction.c b/src/core/transaction.c
-index 89cc1d0a4c..cd80e7e111 100644
---- a/src/core/transaction.c
-+++ b/src/core/transaction.c
-@@ -341,6 +341,9 @@ static char* merge_unit_ids(const char* unit_log_field, char **pairs) {
-                 size += next + 1;
-         }
- 
-+        if (!ans)
-+                return strdup("");
-+
-         return TAKE_PTR(ans);
- }
- 

SOURCES/1061-core-transaction-do-not-log-null.patch

@@ -1,53 +0,0 @@
-From 231be769332d2b699b9add3f8add7b8941c3a7aa Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Sat, 18 Mar 2023 12:15:10 +0900
-Subject: [PATCH] core/transaction: do not log "(null)"
-
-As we ignores the failure in merge_unit_ids(), so unit_ids may be NULL.
-
-(cherry picked from commit 5803c24da5cf543a55c4fce9009a9c5f2b18519a)
-
-Related: RHEL-132317
----
- src/core/transaction.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/core/transaction.c b/src/core/transaction.c
-index cd80e7e111..159c10c7c8 100644
---- a/src/core/transaction.c
-+++ b/src/core/transaction.c
-@@ -6,6 +6,7 @@
- #include "alloc-util.h"
- #include "bus-common-errors.h"
- #include "bus-error.h"
-+#include "string-util.h"
- #include "terminal-util.h"
- #include "transaction.h"
- #include "dbus-unit.h"
-@@ -402,7 +403,7 @@ static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsi
-                                    j->unit->id,
-                                    unit_id == array ? "ordering cycle" : "dependency",
-                                    *unit_id, *job_type,
--                                   "%s", unit_ids);
-+                                   "%s", strna(unit_ids));
- 
-                 if (delete) {
-                         const char *status;
-@@ -411,7 +412,7 @@ static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsi
-                                    "MESSAGE=%s: Job %s/%s deleted to break ordering cycle starting with %s/%s",
-                                    j->unit->id, delete->unit->id, job_type_to_string(delete->type),
-                                    j->unit->id, job_type_to_string(j->type),
--                                   "%s", unit_ids);
-+                                   "%s", strna(unit_ids));
- 
-                         if (log_get_show_color())
-                                 status = ANSI_HIGHLIGHT_RED " SKIP " ANSI_NORMAL;
-@@ -427,7 +428,7 @@ static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsi
-                 log_struct(LOG_ERR,
-                            "MESSAGE=%s: Unable to break cycle starting with %s/%s",
-                            j->unit->id, j->unit->id, job_type_to_string(j->type),
--                           "%s", unit_ids);
-+                           "%s", strna(unit_ids));
- 
-                 return sd_bus_error_setf(e, BUS_ERROR_TRANSACTION_ORDER_IS_CYCLIC,
-                                          "Transaction order is cyclic. See system logs for details.");

SOURCES/1062-run-update-checks-to-allow-running-with-a-user-s-bus.patch

@@ -1,47 +0,0 @@
-From b3d8c010014f19b8c563d3e13819620d2d068332 Mon Sep 17 00:00:00 2001
-From: Anita Zhang <the.anitazha@gmail.com>
-Date: Thu, 13 May 2021 01:17:51 -0700
-Subject: [PATCH] run: update checks to allow running with a user's bus
-
-systemd-run is documented to as being able to connect and run on a
-specific user bus with "--user --machine=lennart@.host" arguments.
-This PR updates some logic that prevented this from working.
-
-(cherry picked from commit cbdc29492097e24ef3320280bc2a8dedbce02d9a)
-
-Resolves: RHEL-118835
----
- src/run/run.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/src/run/run.c b/src/run/run.c
-index 9ad44e7b57..b1d2d6fa4a 100644
---- a/src/run/run.c
-+++ b/src/run/run.c
-@@ -415,13 +415,13 @@ static int parse_argv(int argc, char *argv[]) {
-                 return -EINVAL;
-         }
- 
--        if (arg_user && arg_transport != BUS_TRANSPORT_LOCAL) {
--                log_error("Execution in user context is not supported on non-local systems.");
-+        if (arg_user && arg_transport == BUS_TRANSPORT_REMOTE) {
-+                log_error("Execution in user context is not supported on remote systems.");
-                 return -EINVAL;
-         }
- 
--        if (arg_scope && arg_transport != BUS_TRANSPORT_LOCAL) {
--                log_error("Scope execution is not supported on non-local systems.");
-+        if (arg_scope && arg_transport == BUS_TRANSPORT_REMOTE) {
-+                log_error("Scope execution is not supported on remote systems.");
-                 return -EINVAL;
-         }
- 
-@@ -1495,7 +1495,7 @@ int main(int argc, char* argv[]) {
- 
-         /* If --wait is used connect via the bus, unconditionally, as ref/unref is not supported via the limited direct
-          * connection */
--        if (arg_wait || arg_stdio != ARG_STDIO_NONE)
-+        if (arg_wait || arg_stdio != ARG_STDIO_NONE || (arg_user && arg_transport != BUS_TRANSPORT_LOCAL))
-                 r = bus_connect_transport(arg_transport, arg_host, arg_user, &bus);
-         else
-                 r = bus_connect_transport_systemd(arg_transport, arg_host, arg_user, &bus);

SOURCES/1063-Revert-run-update-checks-to-allow-running-with-a-use.patch

@@ -1,44 +0,0 @@
-From c3767a4460b41af817e01160e4bc201871f3bedd Mon Sep 17 00:00:00 2001
-From: Jan Macku <jamacku@redhat.com>
-Date: Thu, 4 Dec 2025 15:18:22 +0100
-Subject: [PATCH] Revert "run: update checks to allow running with a user's
- bus"
-
-This reverts commit b3d8c010014f19b8c563d3e13819620d2d068332.
-
-Related: RHEL-118835
----
- src/run/run.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/src/run/run.c b/src/run/run.c
-index b1d2d6fa4a..9ad44e7b57 100644
---- a/src/run/run.c
-+++ b/src/run/run.c
-@@ -415,13 +415,13 @@ static int parse_argv(int argc, char *argv[]) {
-                 return -EINVAL;
-         }
- 
--        if (arg_user && arg_transport == BUS_TRANSPORT_REMOTE) {
--                log_error("Execution in user context is not supported on remote systems.");
-+        if (arg_user && arg_transport != BUS_TRANSPORT_LOCAL) {
-+                log_error("Execution in user context is not supported on non-local systems.");
-                 return -EINVAL;
-         }
- 
--        if (arg_scope && arg_transport == BUS_TRANSPORT_REMOTE) {
--                log_error("Scope execution is not supported on remote systems.");
-+        if (arg_scope && arg_transport != BUS_TRANSPORT_LOCAL) {
-+                log_error("Scope execution is not supported on non-local systems.");
-                 return -EINVAL;
-         }
- 
-@@ -1495,7 +1495,7 @@ int main(int argc, char* argv[]) {
- 
-         /* If --wait is used connect via the bus, unconditionally, as ref/unref is not supported via the limited direct
-          * connection */
--        if (arg_wait || arg_stdio != ARG_STDIO_NONE || (arg_user && arg_transport != BUS_TRANSPORT_LOCAL))
-+        if (arg_wait || arg_stdio != ARG_STDIO_NONE)
-                 r = bus_connect_transport(arg_transport, arg_host, arg_user, &bus);
-         else
-                 r = bus_connect_transport_systemd(arg_transport, arg_host, arg_user, &bus);

SOURCES/1064-logind-fix-crash-in-logind-on-user-specified-message.patch

@@ -1,74 +0,0 @@
-From ed784c6dccf4e7b7d4628e02cf28b0d5725bab34 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sun, 8 May 2022 17:21:09 +0200
-Subject: [PATCH] logind: fix crash in logind on user-specified message string
-
-This is trivially exploitable (in the sense of causing a crash from SEGV) e.g.
-by 'shutdown now "Message %s %s %n"'. The message is settable through polkit,
-but is limited to auth_admin:
-
-<action id="org.freedesktop.login1.set-wall-message">
-         <description gettext-domain="systemd">Set a wall message</description>
-         <message gettext-domain="systemd">Authentication is required to set a wall message</message>
-         <defaults>
-                <allow_any>auth_admin_keep</allow_any>
-                <allow_inactive>auth_admin_keep</allow_inactive>
-                <allow_active>auth_admin_keep</allow_active>
-        </defaults>
-</action>
-
-Bug introduced in 9ef15026c0e7e6600372056c43442c99ec53746e
-('logind/systemctl: introduce SetWallMessage and --message', 2015-09-15).
-
-(cherry picked from commit 0cb09bcb825ab86ba4ca70be4e6322eaf9baee95)
-
-Related: RHEL-132317
----
- src/login/logind-dbus.c | 21 ++++++++++-----------
- 1 file changed, 10 insertions(+), 11 deletions(-)
-
-diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
-index 61fd47999d..ffa6af8d49 100644
---- a/src/login/logind-dbus.c
-+++ b/src/login/logind-dbus.c
-@@ -1414,30 +1414,29 @@ static int bus_manager_log_shutdown(
-         assert(unit_name);
- 
-         if (streq(unit_name, SPECIAL_POWEROFF_TARGET)) {
--                p = "MESSAGE=System is powering down";
-+                p = "System is powering down";
-                 q = "SHUTDOWN=power-off";
-         } else if (streq(unit_name, SPECIAL_REBOOT_TARGET)) {
--                p = "MESSAGE=System is rebooting";
-+                p = "System is rebooting";
-                 q = "SHUTDOWN=reboot";
-         } else if (streq(unit_name, SPECIAL_HALT_TARGET)) {
--                p = "MESSAGE=System is halting";
-+                p = "System is halting";
-                 q = "SHUTDOWN=halt";
-         } else if (streq(unit_name, SPECIAL_KEXEC_TARGET)) {
--                p = "MESSAGE=System is rebooting with kexec";
-+                p = "System is rebooting with kexec";
-                 q = "SHUTDOWN=kexec";
-         } else {
--                p = "MESSAGE=System is shutting down";
-+                p = "System is shutting down";
-                 q = NULL;
-         }
- 
--        if (isempty(m->wall_message))
--                p = strjoina(p, ".");
--        else
--                p = strjoina(p, " (", m->wall_message, ").");
--
-         return log_struct(LOG_NOTICE,
-                           "MESSAGE_ID=" SD_MESSAGE_SHUTDOWN_STR,
--                          p,
-+                          LOG_MESSAGE("%s%s%s%s.",
-+                                      p,
-+                                      m->wall_message ? " (" : "",
-+                                      strempty(m->wall_message),
-+                                      m->wall_message ? ")" : ""),
-                           q);
- }
- 

SOURCES/systemd-user

@@ -9,5 +9,4 @@ session  required pam_selinux.so close
 session  required pam_selinux.so nottys open
 session  required pam_loginuid.so
 session  required pam_namespace.so
-session  optional pam_umask.so silent
 session  include system-auth

SPECS/systemd.spec

@@ -13,7 +13,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        239
-Release:        82%{?dist}.13
+Release:        81%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -1055,65 +1055,6 @@ Patch1002: 1002-udev-net_id-introduce-naming-scheme-for-RHEL-8.10.patch
 Patch1003: 1003-doc-add-missing-listitem-to-systemd.net-naming-schem.patch
 Patch1004: 1004-service-schedule-cleanup-of-PID-hashmaps-when-we-now.patch
 Patch1005: 1005-man-update-link-to-RHEL-documentation.patch
-Patch1006: 1006-ci-add-configuration-for-regression-sniffer-GA.patch
-Patch1007: 1007-coredump-actually-store-parsed-unit-in-the-context.patch
-Patch1008: 1008-resolved-limit-the-number-of-signature-validations-i.patch
-Patch1009: 1009-resolved-reduce-the-maximum-nsec3-iterations-to-100.patch
-Patch1010: 1010-pid1-by-default-make-user-units-inherit-their-umask-.patch
-Patch1011: 1011-pam-add-call-to-pam_umask.patch
-Patch1012: 1012-ci-deploy-systemd-man-to-GitHub-Pages.patch
-Patch1013: 1013-ci-src-git-update-list-of-supported-products.patch
-Patch1014: 1014-ci-update-actions-upload-artifact-to-v4.patch
-Patch1015: 1015-ci-drop-unused-variable.patch
-Patch1016: 1016-ci-reduce-ASLR-entropy.patch
-Patch1017: 1017-test-skip-the-symlink-part-of-test_touch_file-in-GH-.patch
-Patch1018: 1018-core-add-possibility-to-not-track-certain-unit-types.patch
-Patch1019: 1019-logind-don-t-setup-idle-session-watch-for-lock-scree.patch
-Patch1020: 1020-logind-tighten-for-which-classes-of-sessions-we-do-s.patch
-Patch1021: 1021-ci-point-C8S-containers-to-the-Vault.patch
-Patch1022: 1022-core-fix-member-access-within-null-pointer.patch
-Patch1023: 1023-man-be-even-clearer-that-tmpfiles-user-group-mode-ar.patch
-Patch1024: 1024-Revert-man-fix-description-of-force-in-halt-8-7392.patch
-Patch1025: 1025-man-explicitly-document-that-reboot-f-is-different-f.patch
-Patch1026: 1026-dbus-stash-the-subscriber-list-when-we-disconenct-fr.patch
-Patch1027: 1027-manager-s-deserialized_subscribed-subscribed_as_strv.patch
-Patch1028: 1028-bus-util-do-not-reset-the-count-returned-by-sd_bus_t.patch
-Patch1029: 1029-core-do-not-disconnect-from-bus-when-failed-to-insta.patch
-Patch1030: 1030-sd-bus-bus-track-use-install_callback-in-sd_bus_trac.patch
-Patch1031: 1031-core-manager-restore-bus-track-deserialization-clean.patch
-Patch1032: 1032-core-manager-drop-duplicate-bus-track-deserializatio.patch
-Patch1033: 1033-cgroup-util-add-mask-definitions-for-sets-of-control.patch
-Patch1034: 1034-cgroup-dump-delegation-mask-too.patch
-Patch1035: 1035-cgroup-units-that-aren-t-loaded-properly-should-not-.patch
-Patch1036: 1036-cgroup-be-more-careful-with-which-controllers-we-can.patch
-Patch1037: 1037-cgroup-extend-reasons-when-we-realize-the-enable-mas.patch
-Patch1038: 1038-cgroup-drastically-simplify-caching-of-cgroups-membe.patch
-Patch1039: 1039-cgroup-when-we-unload-a-unit-also-update-all-its-par.patch
-Patch1040: 1040-test-extend-testcase-to-ensure-controller-membership.patch
-Patch1041: 1041-test-execute-let-s-ignore-the-difference-between-CLD.patch
-Patch1042: 1042-test-execute-turn-off-coredump-generation-in-test-se.patch
-Patch1043: 1043-test-introduce-TEST-53-TIMER.patch
-Patch1044: 1044-test-restarting-elapsed-timer-shouldn-t-trigger-the-.patch
-Patch1045: 1045-test-check-the-next-elapse-timer-timestamp-after-des.patch
-Patch1046: 1046-timer-don-t-run-service-immediately-after-restart-of.patch
-Patch1047: 1047-Revert-test-extend-testcase-to-ensure-controller-mem.patch
-Patch1048: 1048-cryptsetup-generator-refactor-add_crypttab_devices.patch
-Patch1049: 1049-cryptsetup-generator-continue-parsing-after-error.patch
-Patch1050: 1050-hwdb-add-ACCEL_LOCATION-property-to-parse_hwdb.py.patch
-Patch1051: 1051-hwdb-update-ACCEL_LOCATION-property-to-use-Or-instea.patch
-Patch1052: 1052-test-support-general-properties-in-hwdb-files.patch
-Patch1053: 1053-hwdb-Relax-parsing-script-to-allow-0-and-1-for-all-I.patch
-Patch1054: 1054-hwdb-allow-spaces-in-usb-matches-and-similar-pattern.patch
-Patch1055: 1055-test-fix-parsing-of-60-seat.hwdb-and-60-keyboard.hwd.patch
-Patch1056: 1056-parse_hwdb-fix-compatibility-with-pyparsing-2.4.patch
-Patch1057: 1057-login-use-parse_uid-when-unmounting-user-runtime-dir.patch
-Patch1058: 1058-pid1-do-not-use-generated-strings-as-format-strings-.patch
-Patch1059: 1059-core-transaction-make-merge_unit_ids-always-return-N.patch
-Patch1060: 1060-core-transaction-make-merge_unit_ids-return-non-NULL.patch
-Patch1061: 1061-core-transaction-do-not-log-null.patch
-Patch1062: 1062-run-update-checks-to-allow-running-with-a-user-s-bus.patch
-Patch1063: 1063-Revert-run-update-checks-to-allow-running-with-a-use.patch
-Patch1064: 1064-logind-fix-crash-in-logind-on-user-specified-message.patch
 
 %ifarch %{ix86} x86_64 aarch64
 %global have_gnu_efi 1
@@ -1567,6 +1508,10 @@ chmod g+s /run/log/journal/ /run/log/journal/`cat /etc/machine-id 2>/dev/null` /
 # Apply ACL to the journal directory
 setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ &>/dev/null || :
 
+# Stop-gap until rsyslog.rpm does this on its own. (This is supposed
+# to fail when the link already exists)
+ln -s /usr/lib/systemd/system/rsyslog.service /etc/systemd/system/syslog.service &>/dev/null || :
+
 # Remove spurious /etc/fstab entries from very old installations
 # https://bugzilla.redhat.com/show_bug.cgi?id=1009023
 if [ -e /etc/fstab ]; then
@@ -1740,92 +1685,6 @@ fi
 %files tests -f .file-list-tests
 
 %changelog
-* Mon Dec 08 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.13
-- logind: fix crash in logind on user-specified message string (RHEL-132317)
-
-* Fri Dec 05 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.12
-- Revert "run: update checks to allow running with a user's bus" (RHEL-118835)
-
-* Tue Dec 02 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.11
-- run: update checks to allow running with a user's bus (RHEL-118835)
-
-* Tue Dec 02 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.10
-- hwdb: add ACCEL_LOCATION property to parse_hwdb.py (RHEL-130979)
-- hwdb: update ACCEL_LOCATION property to use Or instead of QuotedString (RHEL-130979)
-- test: support general properties in hwdb files (RHEL-130979)
-- hwdb: Relax parsing script to allow 0 and 1 for all ID_* properties (RHEL-130979)
-- hwdb: allow spaces in usb: matches and similar patterns (RHEL-130979)
-- test: fix parsing of 60-seat.hwdb and 60-keyboard.hwdb (RHEL-130979)
-- parse_hwdb: fix compatibility with pyparsing 2.4.* (RHEL-130979)
-- login: use parse_uid() when unmounting user runtime directory (RHEL-132175)
-- pid1: do not use generated strings as format strings (#19098) (RHEL-132317)
-- core/transaction: make merge_unit_ids() always return NUL-terminated string (RHEL-132317)
-- core/transaction: make merge_unit_ids() return non-NULL on success (RHEL-132317)
-- core/transaction: do not log "(null)" (RHEL-132317)
-
-* Wed Nov 05 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.9
-- cryptsetup-generator: refactor add_crypttab_devices() (RHEL-38859)
-- cryptsetup-generator: continue parsing after error (RHEL-38859)
-
-* Thu Oct 02 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.8
-- test-execute: let's ignore the difference between CLD_KILLED and CLD_DUMPED (RHEL-108744)
-- test-execute: turn off coredump generation in test services (RHEL-108744)
-- test: introduce TEST-53-TIMER (RHEL-108744)
-- test: restarting elapsed timer shouldn't trigger the corresponding service (RHEL-108744)
-- test: check the next elapse timer timestamp after deserialization (RHEL-108744)
-- timer: don't run service immediately after restart of a timer (RHEL-108744)
-- Revert "test: extend testcase to ensure controller membership doesn't regress" (RHEL-9322)
-
-* Fri Aug 29 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.7
-- cgroup-util: add mask definitions for sets of controllers supported by cgroupsv1 vs. cgroupsv2 (RHEL-9322)
-- cgroup: dump delegation mask too (RHEL-9322)
-- cgroup: units that aren't loaded properly should not result in cgroup controllers being pulled in (RHEL-9322)
-- cgroup: be more careful with which controllers we can enable/disable on a cgroup (RHEL-9322)
-- cgroup: extend reasons when we realize the enable mask (RHEL-9322)
-- cgroup: drastically simplify caching of cgroups members mask (RHEL-9322)
-- cgroup: when we unload a unit, also update all its parent's members mask (RHEL-9322)
-- test: extend testcase to ensure controller membership doesn't regress (RHEL-9322)
-
-* Mon Aug 25 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.6
-- dbus: stash the subscriber list when we disconenct from the bus (RHEL-75081)
-- manager: s/deserialized_subscribed/subscribed_as_strv (RHEL-75081)
-- bus-util: do not reset the count returned by sd_bus_track_count_name() (RHEL-75081)
-- core: do not disconnect from bus when failed to install signal match (RHEL-75081)
-- sd-bus/bus-track: use install_callback in sd_bus_track_add_name() (RHEL-75081)
-- core/manager: restore bus track deserialization cleanup in manager_reload() (RHEL-75081)
-- core/manager: drop duplicate bus track deserialization (RHEL-75081)
-
-* Wed Mar 05 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.5
-- man: be even clearer that tmpfiles user/group/mode are applied on existing inodes (RHEL-77145)
-- Revert "man: fix description of --force in halt(8) (#7392)" (RHEL-81056)
-- man: explicitly document that "reboot -f" is different from "systemctl reboot -f" (RHEL-81056)
-
-* Tue Jan 28 2025 systemd maintenance team <systemd-maint@redhat.com> - 239-82.4
-- core: fix member access within null pointer (RHEL-76308)
-
-* Thu Nov 07 2024 systemd maintenance team <systemd-maint@redhat.com> - 239-82.3
-- ci: update actions/upload-artifact to `v4` (RHEL-32494)
-- ci: drop unused variable (RHEL-32494)
-- core: add possibility to not track certain unit types (RHEL-5877)
-- logind: don't setup idle session watch for lock-screen and greeter (RHEL-19215)
-- logind: tighten for which classes of sessions we do stop-on-idle (RHEL-19215)
-- ci: point C8S containers to the Vault (RHEL-1087)
-
-* Tue Jul 23 2024 systemd maintenance team <systemd-maint@redhat.com> - 239-82.2
-- spec: do not create symlink /etc/systemd/system/syslog.service (RHEL-13179)
-
-* Thu Apr 11 2024 systemd maintenance team <systemd-maint@redhat.com> - 239-82.1
-- pid1: by default make user units inherit their umask from the user manager (RHEL-28048)
-- pam: add call to pam_umask (RHEL-28048)
-- ci: deploy systemd man to GitHub Pages (RHEL-32494)
-- ci(src-git): update list of supported products (RHEL-32494)
-
-* Thu Mar 07 2024 systemd maintenance team <systemd-maint@redhat.com> - 239-82
-- ci: add configuration for regression sniffer GA (RHEL-1087)
-- coredump: actually store parsed unit in the context (RHEL-18302)
-- resolved: limit the number of signature validations in a transaction (RHEL-26644)
-- resolved: reduce the maximum nsec3 iterations to 100 (RHEL-26644)
-
 * Mon Feb 26 2024 systemd maintenance team <systemd-maint@redhat.com> - 239-81
 - man: update link to RHEL documentation (RHEL-26355)