From 2d7f3c912a48769af92d994e34597dd4305ea033 Mon Sep 17 00:00:00 2001
From: wangyuhang <wangyuhang27@huawei.com>
Date: Fri, 13 Dec 2024 16:06:53 +0800
Subject: [PATCH] sync patch from systemd community

---
 ...ger-also-log-caller-of-daemon-reexec.patch |  65 ++++
 ...-treat-all-negative-errnos-as-synthe.patch |  78 +++++
 ...level-of-reexecute-request-to-notice.patch |  40 +++
 ...-scenarios-about-which-process-initi.patch |  71 +++++
 backport-core-fix-null-in-output.patch        |  30 ++
 ...vice-use-log_unit_-where-appropriate.patch |  49 +++
 ...rnalctl-erase-verify-key-before-free.patch |  40 +++
 ...ommon-helper-log_set_target_and_open.patch | 126 ++++++++
 ...dev-console-for-user-service-manager.patch |  30 ++
 ...message-about-Reload-Reexec-requests.patch |  40 +++
 ...-pid-of-sender-when-Reload-is-called.patch |  63 ++++
 ...or-messages-for-openssl-gnutls-conte.patch |  74 +++++
 ...the-pty-slave-fd-to-transient-servic.patch | 153 ++++++++++
 ...he-pty-slave-fd-to-transient-service.patch |  58 ++++
 ...t-creation-of-unit-creation-messages.patch | 281 ++++++++++++++++++
 ...d-event-change-error-code-EINVAL-EIO.patch |  36 +++
 ...vent-do-not-assert-on-invalid-signal.patch |  36 +++
 ...ssertion-triggered-when-an-ARP-recei.patch |  36 +++
 systemd.spec                                  |  40 ++-
 19 files changed, 1345 insertions(+), 1 deletion(-)
 create mode 100644 backport-Manager-also-log-caller-of-daemon-reexec.patch
 create mode 100644 backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch
 create mode 100644 backport-core-Bump-log-level-of-reexecute-request-to-notice.patch
 create mode 100644 backport-core-Log-in-more-scenarios-about-which-process-initi.patch
 create mode 100644 backport-core-fix-null-in-output.patch
 create mode 100644 backport-core-service-use-log_unit_-where-appropriate.patch
 create mode 100644 backport-journalctl-erase-verify-key-before-free.patch
 create mode 100644 backport-log-add-common-helper-log_set_target_and_open.patch
 create mode 100644 backport-main-reopen-dev-console-for-user-service-manager.patch
 create mode 100644 backport-manager-improve-message-about-Reload-Reexec-requests.patch
 create mode 100644 backport-manager-log-unit-pid-of-sender-when-Reload-is-called.patch
 create mode 100644 backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch
 create mode 100644 backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch
 create mode 100644 backport-run-pass-the-pty-slave-fd-to-transient-service.patch
 create mode 100644 backport-run-split-out-creation-of-unit-creation-messages.patch
 create mode 100644 backport-sd-event-change-error-code-EINVAL-EIO.patch
 create mode 100644 backport-sd-event-do-not-assert-on-invalid-signal.patch
 create mode 100644 backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch

diff --git a/backport-Manager-also-log-caller-of-daemon-reexec.patch b/backport-Manager-also-log-caller-of-daemon-reexec.patch
new file mode 100644
index 0000000..f291fb4
--- /dev/null
+++ b/backport-Manager-also-log-caller-of-daemon-reexec.patch
@@ -0,0 +1,65 @@
+From 4895bacccb1bf607ecfd341027399c6f924bdf07 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Thu, 15 Dec 2022 12:20:28 +0000
+Subject: [PATCH] Manager: also log caller of daemon-reexec
+
+Conflict:Conflict:code context adaptation
+Reference:https://github.com/systemd/systemd/commit/4895bacccb1bf607ecfd341027399c6f924bdf07
+---
+ src/core/dbus-manager.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 79e96f948c..f01c67ecf1 100644
+--- a/src/core/dbus-manager.c
++++ b/src/core/dbus-manager.c
+@@ -1451,7 +1451,7 @@ int verify_run_space_and_log(const char *message) {
+         return 0;
+ }
+ 
+-static void log_reload_caller(sd_bus_message *message, Manager *manager) {
++static void log_caller(sd_bus_message *message, Manager *manager, const char *method) {
+         _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
+         const char *comm = NULL;
+         Unit *caller;
+@@ -1459,6 +1459,7 @@ static void log_reload_caller(sd_bus_message *message, Manager *manager) {
+ 
+         assert(message);
+         assert(manager);
++        assert(method);
+ 
+         if (sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID|SD_BUS_CREDS_AUGMENT|SD_BUS_CREDS_COMM, &creds) < 0)
+                 return;
+@@ -1470,8 +1471,8 @@ static void log_reload_caller(sd_bus_message *message, Manager *manager) {
+         (void) sd_bus_creds_get_comm(creds, &comm);
+         caller = manager_get_unit_by_pid(manager, pid);
+ 
+-        log_info("Reloading requested from client PID " PID_FMT " ('%s') (from unit '%s')...",
+-                 pid, strna(comm), strna(caller ? caller->id : NULL));
++        log_info("%s requested from client PID " PID_FMT " ('%s') (from unit '%s')...",
++                 method, pid, strna(comm), strna(caller ? caller->id : NULL));
+ }
+ 
+ static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+@@ -1495,7 +1496,7 @@ static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *
+                 return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+ 
+         /* Write a log message noting the unit or process who requested the Reload() */
+-        log_reload_caller(message, m);
++        log_caller(message, m, "Reloading");
+ 
+         /* Instead of sending the reply back right away, we just
+          * remember that we need to and then send it after the reload
+@@ -1540,6 +1541,9 @@ static int method_reexecute(sd_bus_message *message, void *userdata, sd_bus_erro
+         if (r == 0)
+                 return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+ 
++        /* Write a log message noting the unit or process who requested the Reexecute() */
++        log_caller(message, m, "Reexecuting");
++
+         /* We don't send a reply back here, the client should
+          * just wait for us disconnecting. */
+ 
+-- 
+2.33.0
+
diff --git a/backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch b/backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch
new file mode 100644
index 0000000..86126da
--- /dev/null
+++ b/backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch
@@ -0,0 +1,78 @@
+From 9463b376bcbb1a177bf46d64845b52eae79af739 Mon Sep 17 00:00:00 2001
+From: Mike Yuan <me@yhndnzj.com>
+Date: Wed, 24 Jul 2024 16:28:48 +0200
+Subject: [PATCH] basic/log: do not treat all negative errnos as synthetic
+
+Currently, IS_SYNTHETIC_ERRNO() evaluates to true for all negative errnos,
+because of the two's-complement negative value representation.
+Subsequently, ERRNO= is not logged for most of our own code.
+Let's fix this, by formatting all synthetic errnos as positive.
+Then, treat all negative values as non-synthetic.
+
+While at it, mark the evaluation order explicitly, and remove
+unneeded comment.
+
+Fixes #33800
+
+(cherry picked from commit 268f58076f7e0258dce75f521d08199092279853)
+(cherry picked from commit 4ad6b2631d73a574859a62d33715a7bdef810bcf)
+(cherry picked from commit 1fc7e3473c2fec27bdc0b19753e4ea84cd39644f)
+
+Conflict:code context adaptation
+Reference:https://github.com/systemd/systemd/commit/268f58076f7e0258dce75f521d08199092279853
+---
+ src/basic/log.h     |  5 ++---
+ src/test/test-log.c | 14 +++++++++-----
+ 2 files changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/src/basic/log.h b/src/basic/log.h
+index 9008d47390..12b310575e 100644
+--- a/src/basic/log.h
++++ b/src/basic/log.h
+@@ -34,9 +34,8 @@ typedef enum LogTarget{
+         _LOG_TARGET_INVALID = -EINVAL,
+ } LogTarget;
+ 
+-/* Note to readers: << and >> have lower precedence (are evaluated earlier) than & and | */
+-#define SYNTHETIC_ERRNO(num)                (1 << 30 | (num))
+-#define IS_SYNTHETIC_ERRNO(val)             ((val) >> 30 & 1)
++#define SYNTHETIC_ERRNO(num)                (abs(num) | (1 << 30))
++#define IS_SYNTHETIC_ERRNO(val)             (((val) >> 30) == 1)
+ #define ERRNO_VALUE(val)                    (abs(val) & ~(1 << 30))
+ 
+ const char *log_target_to_string(LogTarget target) _const_;
+diff --git a/src/test/test-log.c b/src/test/test-log.c
+index e337a3c7df..e8c004681b 100644
+--- a/src/test/test-log.c
++++ b/src/test/test-log.c
+@@ -10,11 +10,6 @@
+ #include "string-util.h"
+ #include "util.h"
+ 
+-assert_cc(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(EINVAL)));
+-assert_cc(!IS_SYNTHETIC_ERRNO(EINVAL));
+-assert_cc(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(0)));
+-assert_cc(!IS_SYNTHETIC_ERRNO(0));
+-
+ #define X10(x) x x x x x x x x x x
+ #define X100(x) X10(X10(x))
+ #define X1000(x) X100(X10(x))
+@@ -68,6 +63,15 @@ static void test_log_syntax(void) {
+ int main(int argc, char* argv[]) {
+         int target;
+ 
++        assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(EINVAL)));
++        assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(-EINVAL)));
++        assert_cc(!IS_SYNTHETIC_ERRNO(EINVAL));
++        assert_cc(!IS_SYNTHETIC_ERRNO(-EINVAL));
++        assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(0)));
++        assert_cc(!IS_SYNTHETIC_ERRNO(0));
++        assert_se(ERRNO_VALUE(EINVAL) == EINVAL);
++        assert_se(ERRNO_VALUE(SYNTHETIC_ERRNO(-EINVAL)) == EINVAL);
++
+         test_file();
+ 
+         for (target = 0; target < _LOG_TARGET_MAX; target++) {
+-- 
+2.33.0
+
diff --git a/backport-core-Bump-log-level-of-reexecute-request-to-notice.patch b/backport-core-Bump-log-level-of-reexecute-request-to-notice.patch
new file mode 100644
index 0000000..6cc543e
--- /dev/null
+++ b/backport-core-Bump-log-level-of-reexecute-request-to-notice.patch
@@ -0,0 +1,40 @@
+From 50e3bc139fc750c7b15bda55807fcb9209787319 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Tue, 8 Oct 2024 16:25:52 +0200
+Subject: [PATCH] core: Bump log level of reexecute request to notice
+
+A daemon-reload is important enough to deserve logging at notice
+level.
+
+(cherry picked from commit 4ee41be82507348fbbc9d3ab28aae6330eb51663)
+(cherry picked from commit 31e38b55b2e4bb1aa42fe106ea14df8e82758303)
+(cherry picked from commit 79dc77a7ffed671a16c44369df2552cf733dbbef)
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/50e3bc139fc750c7b15bda55807fcb9209787319
+---
+ src/core/dbus-manager.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 33984f6f0e..90c1daf995 100644
+--- a/src/core/dbus-manager.c
++++ b/src/core/dbus-manager.c
+@@ -1614,10 +1614,10 @@ static void log_caller(sd_bus_message *message, Manager *manager, const char *me
+         (void) sd_bus_creds_get_comm(creds, &comm);
+         caller = manager_get_unit_by_pid(manager, pid);
+ 
+-        log_info("%s requested from client PID " PID_FMT "%s%s%s%s%s%s...",
+-                 method, pid,
+-                 comm ? " ('" : "", strempty(comm), comm ? "')" : "",
+-                 caller ? " (unit " : "", caller ? caller->id : "", caller ? ")" : "");
++        log_notice("%s requested from client PID " PID_FMT "%s%s%s%s%s%s...",
++                   method, pid,
++                   comm ? " ('" : "", strempty(comm), comm ? "')" : "",
++                   caller ? " (unit " : "", caller ? caller->id : "", caller ? ")" : "");
+ }
+ 
+ static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+-- 
+2.33.0
+
diff --git a/backport-core-Log-in-more-scenarios-about-which-process-initi.patch b/backport-core-Log-in-more-scenarios-about-which-process-initi.patch
new file mode 100644
index 0000000..c16b3fb
--- /dev/null
+++ b/backport-core-Log-in-more-scenarios-about-which-process-initi.patch
@@ -0,0 +1,71 @@
+From 4389fea50bbb0810ed9193522c487257ca0b5d2d Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Tue, 8 Oct 2024 16:28:25 +0200
+Subject: [PATCH] core: Log in more scenarios about which process initiated an
+ operation
+
+Exit/Reboot/Poweroff and similar operations are invasive enough that
+logging about who initiated them is very useful to debug issues.
+
+(cherry picked from commit acb0f501f4291efce82bcf89d4ad92b6a895f4fa)
+(cherry picked from commit 814be7116dda14074749253d94b83387ceff0ff1)
+(cherry picked from commit 4ce745446386bae450114c6fc2278577a7cf46f4)
+
+Conflict:the current code does not have the method_soft_reboot function, so the related code is not combined
+Reference:https://github.com/systemd/systemd/commit/acb0f501f4291efce82bcf89d4ad92b6a895f4fa
+---
+ src/core/dbus-manager.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 90c1daf995..856dd3b5dc 100644
+--- a/src/core/dbus-manager.c
++++ b/src/core/dbus-manager.c
+@@ -1706,6 +1706,8 @@ static int method_exit(sd_bus_message *message, void *userdata, sd_bus_error *er
+         if (r < 0)
+                 return r;
+ 
++        log_caller(message, m, "Exit");
++
+         /* Exit() (in contrast to SetExitCode()) is actually allowed even if
+          * we are running on the host. It will fall back on reboot() in
+          * systemd-shutdown if it cannot do the exit() because it isn't a
+@@ -1730,6 +1732,8 @@ static int method_reboot(sd_bus_message *message, void *userdata, sd_bus_error *
+                 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+                                          "Reboot is only supported for system managers.");
+ 
++        log_caller(message, m, "Reboot");
++
+         m->objective = MANAGER_REBOOT;
+ 
+         return sd_bus_reply_method_return(message, NULL);
+@@ -1792,6 +1798,8 @@ static int method_poweroff(sd_bus_message *message, void *userdata, sd_bus_error
+                 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+                                          "Powering off is only supported for system managers.");
+ 
++        log_caller(message, m, "Poweroff");
++
+         m->objective = MANAGER_POWEROFF;
+ 
+         return sd_bus_reply_method_return(message, NULL);
+@@ -1811,6 +1819,8 @@ static int method_halt(sd_bus_message *message, void *userdata, sd_bus_error *er
+                 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+                                          "Halt is only supported for system managers.");
+ 
++        log_caller(message, m, "Halt");
++
+         m->objective = MANAGER_HALT;
+ 
+         return sd_bus_reply_method_return(message, NULL);
+@@ -1830,6 +1840,8 @@ static int method_kexec(sd_bus_message *message, void *userdata, sd_bus_error *e
+                 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
+                                          "KExec is only supported for system managers.");
+ 
++        log_caller(message, m, "Kexec");
++
+         m->objective = MANAGER_KEXEC;
+ 
+         return sd_bus_reply_method_return(message, NULL);
+-- 
+2.33.0
+
diff --git a/backport-core-fix-null-in-output.patch b/backport-core-fix-null-in-output.patch
new file mode 100644
index 0000000..1d7bfcd
--- /dev/null
+++ b/backport-core-fix-null-in-output.patch
@@ -0,0 +1,30 @@
+From add74820b72be58f57722000a343ee3b63195eff Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 14 Mar 2023 22:56:42 +0100
+Subject: [PATCH] core: fix "(null)" in output
+
+We want an empty string, not NULL. I made some brainfart here.
+Fixup for 1980a25dc03aa500d4ee2725d696f68d265cd4ca.
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/add74820b72be58f57722000a343ee3b63195eff
+---
+ src/core/dbus-manager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 242a662bca..6d2ed62f94 100644
+--- a/src/core/dbus-manager.c
++++ b/src/core/dbus-manager.c
+@@ -1530,7 +1530,7 @@ static void log_caller(sd_bus_message *message, Manager *manager, const char *me
+         log_info("%s requested from client PID " PID_FMT "%s%s%s%s%s%s...",
+                  method, pid,
+                  comm ? " ('" : "", strempty(comm), comm ? "')" : "",
+-                 caller ? " (unit " : "", caller ? caller->id : NULL, caller ? ")" : "");
++                 caller ? " (unit " : "", caller ? caller->id : "", caller ? ")" : "");
+ }
+ 
+ static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+-- 
+2.33.0
+
diff --git a/backport-core-service-use-log_unit_-where-appropriate.patch b/backport-core-service-use-log_unit_-where-appropriate.patch
new file mode 100644
index 0000000..8d61cd8
--- /dev/null
+++ b/backport-core-service-use-log_unit_-where-appropriate.patch
@@ -0,0 +1,49 @@
+From 12b7b9e50cc19081c328e31937f7ddd764e16b41 Mon Sep 17 00:00:00 2001
+From: Mike Yuan <me@yhndnzj.com>
+Date: Sat, 26 Oct 2024 17:38:06 +0200
+Subject: [PATCH] core/service: use log_unit_* where appropriate
+
+(cherry picked from commit 1e8f0beee4272ddc8b25dfa9af8e54bafc4c061a)
+(cherry picked from commit b9ff85ece7a6bd9eca158aa0a8af46055ffb6142)
+(cherry picked from commit e575661da99de81bf0f07d7efdcf8b4c5d9b779e)
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/1e8f0beee4272ddc8b25dfa9af8e54bafc4c061a
+---
+ src/core/service.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/service.c b/src/core/service.c
+index 5650550203..44e7ce5785 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -4654,7 +4654,7 @@ static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, s
+         e = sd_bus_message_get_error(reply);
+         if (e) {
+                 r = sd_bus_error_get_errno(e);
+-                log_warning_errno(r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r));
++                log_unit_warning_errno(UNIT(s), r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r));
+                 return 1;
+         }
+ 
+@@ -4665,7 +4665,7 @@ static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, s
+         }
+ 
+         if (!pid_is_valid(pid)) {
+-                log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "GetConnectionUnixProcessID() returned invalid PID");
++                log_unit_debug_errno(UNIT(s), SYNTHETIC_ERRNO(EINVAL), "GetConnectionUnixProcessID() returned invalid PID");
+                 return 1;
+         }
+ 
+@@ -4724,7 +4724,7 @@ static void service_bus_name_owner_change(Unit *u, const char *new_owner) {
+                                 "s",
+                                 s->bus_name);
+                 if (r < 0)
+-                        log_debug_errno(r, "Failed to request owner PID of service name, ignoring: %m");
++                        log_unit_debug_errno(u, r, "Failed to request owner PID of service name, ignoring: %m");
+         }
+ }
+ 
+-- 
+2.33.0
+
diff --git a/backport-journalctl-erase-verify-key-before-free.patch b/backport-journalctl-erase-verify-key-before-free.patch
new file mode 100644
index 0000000..035a4d4
--- /dev/null
+++ b/backport-journalctl-erase-verify-key-before-free.patch
@@ -0,0 +1,40 @@
+From b115781317b6a8c649ae2b92c7839ce8872fdffb Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 16 Oct 2024 19:27:36 +0900
+Subject: [PATCH] journalctl: erase verify key before free
+
+Even optarg is erased, copied string was not erased.
+Let's erase the copied key for safety.
+
+(cherry picked from commit d0ad4e88d4e6b5e312c359a6505125f7e088f3e3)
+(cherry picked from commit 28f7c958fb799887cb67528a85ca59f0ccd9261e)
+(cherry picked from commit 6b13398c220a01e2eff5bb25da7d457f445c82e9)
+
+Conflict:the current code does not use STATIC_DESTRUCTOR_REGISTER instead of free, so the related code is not combined
+Reference:https://github.com/systemd/systemd/commit/d0ad4e88d4e6b5e312c359a6505125f7e088f3e3
+---
+ src/journal/journalctl.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
+index decdf14..327e035 100644
+--- a/src/journal/journalctl.c
++++ b/src/journal/journalctl.c
+@@ -791,9 +791,11 @@ static int parse_argv(int argc, char *argv[]) {
+                         break;
+ 
+                 case ARG_VERIFY_KEY:
+-                        r = free_and_strdup(&arg_verify_key, optarg);
+-                        if (r < 0)
+-                                return r;
++                        erase_and_free(arg_verify_key);
++                        arg_verify_key = strdup(optarg);
++                        if (!arg_verify_key)
++                                return log_oom();
++
+                         /* Use memset not explicit_bzero() or similar so this doesn't look confusing
+                          * in ps or htop output. */
+                         memset(optarg, 'x', strlen(optarg));
+-- 
+2.33.0
+
diff --git a/backport-log-add-common-helper-log_set_target_and_open.patch b/backport-log-add-common-helper-log_set_target_and_open.patch
new file mode 100644
index 0000000..03be982
--- /dev/null
+++ b/backport-log-add-common-helper-log_set_target_and_open.patch
@@ -0,0 +1,126 @@
+From 1e344c1dc79d93976d019dfa0dbe6d24b28d64d7 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 14 Feb 2023 16:10:58 +0100
+Subject: [PATCH] log: add common helper log_set_target_and_open()
+
+quite often we want to set a log target and immediately open it. Add a
+common helper for that.
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/1e344c1dc79d93976d019dfa0dbe6d24b28d64d7
+
+---
+ src/basic/log.c                  | 5 +++++
+ src/basic/log.h                  | 1 +
+ src/core/main.c                  | 9 +++------
+ src/coredump/coredump.c          | 9 +++------
+ src/shared/bus-log-control-api.c | 3 +--
+ 5 files changed, 13 insertions(+), 14 deletions(-)
+
+diff --git a/src/basic/log.c b/src/basic/log.c
+index fc5793139..6a4373101 100644
+--- a/src/basic/log.c
++++ b/src/basic/log.c
+@@ -347,6 +347,11 @@ void log_set_target(LogTarget target) {
+         log_target = target;
+ }
+ 
++void log_set_target_and_open(LogTarget target) {
++        log_set_target(target);
++        log_open();
++}
++
+ void log_close(void) {
+         /* Do not call from library code. */
+ 
+diff --git a/src/basic/log.h b/src/basic/log.h
+index f73d4c415..0d4956e6b 100644
+--- a/src/basic/log.h
++++ b/src/basic/log.h
+@@ -51,6 +51,7 @@ static inline void clear_log_syntax_callback(dummy_t *dummy) {
+ const char *log_target_to_string(LogTarget target) _const_;
+ LogTarget log_target_from_string(const char *s) _pure_;
+ void log_set_target(LogTarget target);
++void log_set_target_and_open(LogTarget target);
+ int log_set_target_from_string(const char *e);
+ LogTarget log_get_target(void) _pure_;
+ 
+diff --git a/src/core/main.c b/src/core/main.c
+index c0b8126d9..f28448f9e 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -2787,8 +2787,7 @@ int main(int argc, char *argv[]) {
+                 if (detect_container() <= 0) {
+ 
+                         /* Running outside of a container as PID 1 */
+-                        log_set_target(LOG_TARGET_KMSG);
+-                        log_open();
++                        log_set_target_and_open(LOG_TARGET_KMSG);
+ 
+                         if (in_initrd())
+                                 initrd_timestamp = userspace_timestamp;
+@@ -2832,8 +2831,7 @@ int main(int argc, char *argv[]) {
+ 
+                 } else {
+                         /* Running inside a container, as PID 1 */
+-                        log_set_target(LOG_TARGET_CONSOLE);
+-                        log_open();
++                        log_set_target_and_open(LOG_TARGET_CONSOLE);
+ 
+                         /* For later on, see above... */
+                         log_set_target(LOG_TARGET_JOURNAL);
+@@ -2880,8 +2878,7 @@ int main(int argc, char *argv[]) {
+                 /* Running as user instance */
+                 arg_system = false;
+                 log_set_always_reopen_console(true);
+-                log_set_target(LOG_TARGET_AUTO);
+-                log_open();
++                log_set_target_and_open(LOG_TARGET_AUTO);
+ 
+                 /* clear the kernel timestamp, because we are not PID 1 */
+                 kernel_timestamp = DUAL_TIMESTAMP_NULL;
+diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
+index 013ebb4c2..d9db98bf3 100644
+--- a/src/coredump/coredump.c
++++ b/src/coredump/coredump.c
+@@ -1486,11 +1486,9 @@ static int process_kernel(int argc, char* argv[]) {
+         if (r < 0)
+                 goto finish;
+ 
+-        if (!context.is_journald) {
++        if (!context.is_journald)
+                 /* OK, now we know it's not the journal, hence we can make use of it now. */
+-                log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
+-                log_open();
+-        }
++                log_set_target_and_open(LOG_TARGET_JOURNAL_OR_KMSG);
+ 
+         /* If this is PID 1 disable coredump collection, we'll unlikely be able to process
+          * it later on.
+@@ -1589,8 +1587,7 @@ static int run(int argc, char *argv[]) {
+         /* First, log to a safe place, since we don't know what crashed and it might
+          * be journald which we'd rather not log to then. */
+ 
+-        log_set_target(LOG_TARGET_KMSG);
+-        log_open();
++        log_set_target_and_open(LOG_TARGET_KMSG);
+ 
+         /* Make sure we never enter a loop */
+         (void) prctl(PR_SET_DUMPABLE, 0);
+diff --git a/src/shared/bus-log-control-api.c b/src/shared/bus-log-control-api.c
+index 06e6697a3..40f99ac2b 100644
+--- a/src/shared/bus-log-control-api.c
++++ b/src/shared/bus-log-control-api.c
+@@ -86,8 +86,7 @@ int bus_property_set_log_target(
+                 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid log target '%s'", t);
+ 
+         log_info("Setting log target to %s.", log_target_to_string(target));
+-        log_set_target(target);
+-        log_open();
++        log_set_target_and_open(target);
+ 
+         return 0;
+ }
+-- 
+2.33.0
+
diff --git a/backport-main-reopen-dev-console-for-user-service-manager.patch b/backport-main-reopen-dev-console-for-user-service-manager.patch
new file mode 100644
index 0000000..c605181
--- /dev/null
+++ b/backport-main-reopen-dev-console-for-user-service-manager.patch
@@ -0,0 +1,30 @@
+From 2a646b1d624e510a79785e1268b55a9c3a441db5 Mon Sep 17 00:00:00 2001
+From: Einsler Lee <shenxiaogll@163.com>
+Date: Tue, 2 Mar 2021 20:21:21 +0800
+Subject: [PATCH] main: reopen /dev/console for user service manager
+
+Now the console_fd of user service manager is 2. Even if LogTarget=console is set in /etc/systemd/user.conf,there is no log in the console.
+This reopen the /dev/console, so the log of user service can be output in the console.
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/2a646b1d624e510a79785e1268b55a9c3a441db5
+
+---
+ src/core/main.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/core/main.c b/src/core/main.c
+index 55f5481eb2..fbbfd71ac8 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -2819,6 +2819,7 @@ int main(int argc, char *argv[]) {
+         } else {
+                 /* Running as user instance */
+                 arg_system = false;
++                log_set_always_reopen_console(true);
+                 log_set_target(LOG_TARGET_AUTO);
+                 log_open();
+ 
+-- 
+2.33.0
+
diff --git a/backport-manager-improve-message-about-Reload-Reexec-requests.patch b/backport-manager-improve-message-about-Reload-Reexec-requests.patch
new file mode 100644
index 0000000..41744b0
--- /dev/null
+++ b/backport-manager-improve-message-about-Reload-Reexec-requests.patch
@@ -0,0 +1,40 @@
+From 1980a25dc03aa500d4ee2725d696f68d265cd4ca Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 8 Feb 2023 11:36:22 +0100
+Subject: [PATCH] manager: improve message about Reload/Reexec requests
+
+If we fail to get the necessary information, let's just not print that
+part of the message. 'n/a' looks pretty ugly.
+
+I used a bunch of ternary operators instead of seperate log lines because
+with two components that might or might not be there, we need four different
+combinations.
+
+Also, the unit name doesn't need to be quoted, it's always printable.
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/1980a25dc03aa500d4ee2725d696f68d265cd4ca
+---
+ src/core/dbus-manager.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 53121fa1a6..c4f205bc42 100644
+--- a/src/core/dbus-manager.c
++++ b/src/core/dbus-manager.c
+@@ -1527,8 +1527,10 @@ static void log_caller(sd_bus_message *message, Manager *manager, const char *me
+         (void) sd_bus_creds_get_comm(creds, &comm);
+         caller = manager_get_unit_by_pid(manager, pid);
+ 
+-        log_info("%s requested from client PID " PID_FMT " ('%s') (from unit '%s')...",
+-                 method, pid, strna(comm), strna(caller ? caller->id : NULL));
++        log_info("%s requested from client PID " PID_FMT "%s%s%s%s%s%s...",
++                 method, pid,
++                 comm ? " ('" : "", strempty(comm), comm ? "')" : "",
++                 caller ? " (unit " : "", caller ? caller->id : NULL, caller ? ")" : "");
+ }
+ 
+ static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+-- 
+2.33.0
+
diff --git a/backport-manager-log-unit-pid-of-sender-when-Reload-is-called.patch b/backport-manager-log-unit-pid-of-sender-when-Reload-is-called.patch
new file mode 100644
index 0000000..ca7d6b2
--- /dev/null
+++ b/backport-manager-log-unit-pid-of-sender-when-Reload-is-called.patch
@@ -0,0 +1,63 @@
+From 9524c2fd43aa3b76719cc21eb7093a5b90997fd9 Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <bluca@debian.org>
+Date: Mon, 12 Dec 2022 15:34:43 +0000
+Subject: [PATCH] manager: log unit/pid of sender when Reload() is called
+
+Reloading is a heavy-weight operation, and currently it is not
+possible to figure out who/what requested it, even at debug level
+logging.
+Check the sender of the D-Bus message and print it out at info level.
+
+Conflict:code context adaptation
+Reference:https://github.com/systemd/systemd/commit/9524c2fd43aa3b76719cc21eb7093a5b90997fd9
+---
+ src/core/dbus-manager.c | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 8d7b1f60da..5c8a7d410f 100644
+--- a/src/core/dbus-manager.c
++++ b/src/core/dbus-manager.c
+@@ -1451,6 +1451,29 @@ int verify_run_space_and_log(const char *message) {
+         return 0;
+ }
+ 
++static void log_reload_caller(sd_bus_message *message, Manager *manager) {
++        _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
++        const char *comm = NULL;
++        Unit *caller;
++        pid_t pid;
++
++        assert(message);
++        assert(manager);
++
++        if (sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID|SD_BUS_CREDS_AUGMENT|SD_BUS_CREDS_COMM, &creds) < 0)
++                return;
++
++        /* We need at least the PID, otherwise there's nothing to log, the rest is optional */
++        if (sd_bus_creds_get_pid(creds, &pid) < 0)
++                return;
++
++        (void) sd_bus_creds_get_comm(creds, &comm);
++        caller = manager_get_unit_by_pid(manager, pid);
++
++        log_info("Reloading requested from client PID " PID_FMT " ('%s') (from unit '%s')...",
++                 pid, strna(comm), strna(caller ? caller->id : NULL));
++}
++
+ static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+         Manager *m = userdata;
+         int r;
+@@ -1471,6 +1494,9 @@ static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *
+         if (r == 0)
+                 return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+ 
++        /* Write a log message noting the unit or process who requested the Reload() */
++        log_reload_caller(message, m);
++
+         /* Instead of sending the reply back right away, we just
+          * remember that we need to and then send it after the reload
+          * is finished. That way the caller knows when the reload
+-- 
+2.33.0
+
diff --git a/backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch b/backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch
new file mode 100644
index 0000000..662446b
--- /dev/null
+++ b/backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch
@@ -0,0 +1,74 @@
+From 17a3a8e91be80c93347458a1a6508bc19646607d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 3 Nov 2024 12:58:12 +0100
+Subject: [PATCH] resolved: log error messages for openssl/gnutls context
+ creation
+
+In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting
+an error message:
+Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory
+I expect that this actually comes from dnstls_manager_init(), the
+openssl version. But without real logs it's hard to know for sure.
+
+Use EIO instead of ENOMEM, because the problem is unlikely to be actually
+related to memory.
+
+(cherry picked from commit ee95e86ae163e436384f1b782a77a7e18deba890)
+(cherry picked from commit abd1e408203d5d445b05f4dc0ac07e35114532d1)
+(cherry picked from commit 67954b455473b29f8a41be14f5b778044b7cfafa)
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/ee95e86ae163e436384f1b782a77a7e18deba890
+---
+ src/resolve/resolved-dnstls-gnutls.c  | 4 +++-
+ src/resolve/resolved-dnstls-openssl.c | 9 ++++++---
+ 2 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c
+index acdad6fa91..c086e2c198 100644
+--- a/src/resolve/resolved-dnstls-gnutls.c
++++ b/src/resolve/resolved-dnstls-gnutls.c
+@@ -236,7 +236,9 @@ int dnstls_manager_init(Manager *manager) {
+ 
+         r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
+         if (r < 0)
+-                return -ENOMEM;
++                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
++                                         "Failed to allocate SSL credentials: %s",
++                                         gnutls_strerror(r));
+ 
+         r = gnutls_certificate_set_x509_system_trust(manager->dnstls_data.cert_cred);
+         if (r < 0)
+diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c
+index 4a0132ad3d..74fb79e58d 100644
+--- a/src/resolve/resolved-dnstls-openssl.c
++++ b/src/resolve/resolved-dnstls-openssl.c
+@@ -397,11 +397,15 @@ int dnstls_manager_init(Manager *manager) {
+ 
+         manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
+         if (!manager->dnstls_data.ctx)
+-                return -ENOMEM;
++                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
++                                         "Failed to create SSL context: %s",
++                                         ERR_error_string(ERR_get_error(), NULL));
+ 
+         r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
+         if (r == 0)
+-                return -EIO;
++                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
++                                         "Failed to set protocol version on SSL context: %s",
++                                         ERR_error_string(ERR_get_error(), NULL));
+ 
+         (void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
+ 
+@@ -410,7 +414,6 @@ int dnstls_manager_init(Manager *manager) {
+                 return log_warning_errno(SYNTHETIC_ERRNO(EIO),
+                                          "Failed to load system trust store: %s",
+                                          ERR_error_string(ERR_get_error(), NULL));
+-
+         return 0;
+ }
+ 
+-- 
+2.33.0
+
diff --git a/backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch b/backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch
new file mode 100644
index 0000000..0a058bc
--- /dev/null
+++ b/backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch
@@ -0,0 +1,153 @@
+From e2d6762fa3fca4bf265d13b724476fa70b5c3a3e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 6 Jun 2024 13:30:09 +0200
+Subject: [PATCH] run: do not pass the pty slave fd to transient service in a
+ machine
+
+Follow-up for 28459ba1f4df824d5ef7f7d1a9acb6953ea24045
+
+The pty path returned by OpenMachinePTY() cannot be opened from outside
+the machine, hence let's use the plain Standard{Input,Output,Error}=tty
+in such a case. This means if --machine= is specified, #32916 would occur.
+A comprehensive fix requires a new dbus method in machined, which shall
+be material for v257.
+
+See also: https://github.com/systemd/systemd/pull/33216#discussion_r1628020429
+
+Replaces #33216
+
+Co-authored-by: Mike Yuan <me@yhndnzj.com>
+(cherry picked from commit ddef3ec87c1f63fed868f769d246b0b3d6877f88)
+(cherry picked from commit 639c922ede94852f83ccd930b28a382075f1da8f)
+
+Conflict:code context adaptation
+Reference:https://github.com/systemd/systemd/commit/ddef3ec87c1f63fed868f769d246b0b3d6877f88
+---
+ src/run/run.c | 48 +++++++++++++++++++++++++++++++-----------------
+ 1 file changed, 31 insertions(+), 17 deletions(-)
+
+diff --git a/src/run/run.c b/src/run/run.c
+index 9c175a9..807b22f 100644
+--- a/src/run/run.c
++++ b/src/run/run.c
+@@ -704,11 +704,12 @@ static int transient_kill_set_properties(sd_bus_message *m) {
+         return 0;
+ }
+ 
+-static int transient_service_set_properties(sd_bus_message *m, const char *pty_path) {
++static int transient_service_set_properties(sd_bus_message *m, const char *pty_path, int pty_fd) {
+         bool send_term = false;
+         int r;
+ 
+         assert(m);
++        assert(pty_path || pty_fd < 0);
+ 
+         r = transient_unit_set_properties(m, UNIT_SERVICE, arg_property);
+         if (r < 0)
+@@ -804,18 +805,22 @@ static int transient_service_set_properties(sd_bus_message *m, const char *pty_p
+         }
+ 
+         if (pty_path) {
+-                _cleanup_close_ int pty_slave = -EBADF;
+-
+-                pty_slave = open_terminal(pty_path, O_RDWR|O_NOCTTY|O_CLOEXEC);
+-                if (pty_slave < 0)
+-                        return pty_slave;
++                r = sd_bus_message_append(m, "(sv)", "TTYPath", "s", pty_path);
++                if (r < 0)
++                        return bus_log_create_error(r);
+ 
+-                r = sd_bus_message_append(m,
+-                                          "(sv)(sv)(sv)(sv)",
+-                                          "StandardInputFileDescriptor", "h", pty_slave,
+-                                          "StandardOutputFileDescriptor", "h", pty_slave,
+-                                          "StandardErrorFileDescriptor", "h", pty_slave,
+-                                          "TTYPath", "s", pty_path);
++                if (pty_fd >= 0)
++                        r = sd_bus_message_append(m,
++                                                  "(sv)(sv)(sv)",
++                                                  "StandardInputFileDescriptor", "h", pty_fd,
++                                                  "StandardOutputFileDescriptor", "h", pty_fd,
++                                                  "StandardErrorFileDescriptor", "h", pty_fd);
++                else
++                        r = sd_bus_message_append(m,
++                                                  "(sv)(sv)(sv)",
++                                                  "StandardInput", "s", "tty",
++                                                  "StandardOutput", "s", "tty",
++                                                  "StandardError", "s", "tty");
+                 if (r < 0)
+                         return bus_log_create_error(r);
+ 
+@@ -1166,7 +1171,8 @@ static int make_transient_service_unit(
+                 sd_bus *bus,
+                 sd_bus_message **message,
+                 const char *service,
+-                const char *pty_path) {
++                const char *pty_path,
++                int pty_fd) {
+ 
+         _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+         int r;
+@@ -1193,7 +1199,7 @@ static int make_transient_service_unit(
+         if (r < 0)
+                 return bus_log_create_error(r);
+ 
+-        r = transient_service_set_properties(m, pty_path);
++        r = transient_service_set_properties(m, pty_path, pty_fd);
+         if (r < 0)
+                 return r;
+ 
+@@ -1238,7 +1244,7 @@ static int start_transient_service(sd_bus *bus) {
+         _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+         _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
+         _cleanup_free_ char *service = NULL, *pty_path = NULL;
+-        _cleanup_close_ int master = -1;
++        _cleanup_close_ int master = -EBADF, slave = -EBADF;
+         int r;
+ 
+         assert(bus);
+@@ -1257,6 +1263,10 @@ static int start_transient_service(sd_bus *bus) {
+                         if (unlockpt(master) < 0)
+                                 return log_error_errno(errno, "Failed to unlock tty: %m");
+ 
++                        slave = open_terminal(pty_path, O_RDWR|O_NOCTTY|O_CLOEXEC);
++                        if (slave < 0)
++                                return log_error_errno(slave, "Failed to open pty slave: %m");
++
+                 } else if (arg_transport == BUS_TRANSPORT_MACHINE) {
+                         _cleanup_(sd_bus_unrefp) sd_bus *system_bus = NULL;
+                         _cleanup_(sd_bus_message_unrefp) sd_bus_message *pty_reply = NULL;
+@@ -1286,6 +1296,9 @@ static int start_transient_service(sd_bus *bus) {
+                         pty_path = strdup(s);
+                         if (!pty_path)
+                                 return log_oom();
++
++                        // FIXME: Introduce OpenMachinePTYEx() that accepts ownership/permission as param
++                        // and additionally returns the pty fd, for #33216 and #32999
+                 } else
+                         assert_not_reached("Can't allocate tty via ssh");
+         }
+@@ -1312,9 +1325,10 @@ static int start_transient_service(sd_bus *bus) {
+                         return r;
+         }
+ 
+-        r = make_transient_service_unit(bus, &m, service, pty_path);
++        r = make_transient_service_unit(bus, &m, service, pty_path, slave);
+         if (r < 0)
+                 return r;
++        slave = safe_close(slave);
+ 
+         polkit_agent_open_if_enabled(arg_transport, arg_ask_password);
+ 
+@@ -1731,7 +1745,7 @@ static int make_transient_trigger_unit(
+                 if (r < 0)
+                         return bus_log_create_error(r);
+ 
+-                r = transient_service_set_properties(m, NULL);
++                r = transient_service_set_properties(m, /* pty_path = */ NULL, /* pty_fd = */ -EBADF);
+                 if (r < 0)
+                         return r;
+ 
+-- 
+2.33.0
+
diff --git a/backport-run-pass-the-pty-slave-fd-to-transient-service.patch b/backport-run-pass-the-pty-slave-fd-to-transient-service.patch
new file mode 100644
index 0000000..afdb7df
--- /dev/null
+++ b/backport-run-pass-the-pty-slave-fd-to-transient-service.patch
@@ -0,0 +1,58 @@
+From 903c71befc93c5443f70720c6e98ecca704da692 Mon Sep 17 00:00:00 2001
+From: Mike Yuan <me@yhndnzj.com>
+Date: Sun, 19 May 2024 09:07:21 +0800
+Subject: [PATCH] run: pass the pty slave fd to transient service
+
+The rationale is similar to 40e1f4ea7458a0a80eaf1ef356e52bfe0835412e.
+
+Currently, we only pass TTYPath=/dev/pts/... to
+the transient service spawned by systemd-run.
+This is a bit problematic though, when ExecStartPre=
+or ExecStopPost= is used. Since when these control
+processes get to run, the main process is not yet
+started/has already exited, hence the slave suffers
+from the same vhangup problem as the mentioned commit.
+
+By passing the slave fd in, the service manager will
+hold the fd open as long as the service is alive.
+
+Fixes #32916
+
+(cherry picked from commit 28459ba1f4df824d5ef7f7d1a9acb6953ea24045)
+(cherry picked from commit 182b80bede28ef6e9c0d0edd34c56a467d22dee5)
+(cherry picked from commit 369d7d4083a835e654ae02f92d559293bde66919)
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/28459ba1f4df824d5ef7f7d1a9acb6953ea24045
+---
+ src/run/run.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/run/run.c b/src/run/run.c
+index 645a1fee4c..8bb061e62c 100644
+--- a/src/run/run.c
++++ b/src/run/run.c
+@@ -773,11 +773,17 @@ static int transient_service_set_properties(sd_bus_message *m, const char *pty_p
+         }
+ 
+         if (pty_path) {
++                _cleanup_close_ int pty_slave = -EBADF;
++
++                pty_slave = open_terminal(pty_path, O_RDWR|O_NOCTTY|O_CLOEXEC);
++                if (pty_slave < 0)
++                        return pty_slave;
++
+                 r = sd_bus_message_append(m,
+                                           "(sv)(sv)(sv)(sv)",
+-                                          "StandardInput", "s", "tty",
+-                                          "StandardOutput", "s", "tty",
+-                                          "StandardError", "s", "tty",
++                                          "StandardInputFileDescriptor", "h", pty_slave,
++                                          "StandardOutputFileDescriptor", "h", pty_slave,
++                                          "StandardErrorFileDescriptor", "h", pty_slave,
+                                           "TTYPath", "s", pty_path);
+                 if (r < 0)
+                         return bus_log_create_error(r);
+-- 
+2.33.0
+
diff --git a/backport-run-split-out-creation-of-unit-creation-messages.patch b/backport-run-split-out-creation-of-unit-creation-messages.patch
new file mode 100644
index 0000000..dac1348
--- /dev/null
+++ b/backport-run-split-out-creation-of-unit-creation-messages.patch
@@ -0,0 +1,281 @@
+From b58026bddce8cc418c10e1c69f96de34b0dffcbf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 2 Apr 2023 22:27:58 +0200
+Subject: [PATCH] run: split out creation of unit creation messages
+
+Just refactoring, in preparation for future changes.
+(Though I think it'd be reasonable to do anyway, those functions were
+awfully long.)
+
+'git diff' displays this badly. The middle part of start_transient_service()
+is moved to make_transient_service_unit(), and the middle part of
+start_transient_trigger() is moved to make_transient_trigger_unit().
+
+Conflict:code context adaptation
+Reference:https://github.com/systemd/systemd/commit/b58026bddce8cc418c10e1c69f96de34b0dffcbf
+---
+ src/run/run.c | 218 ++++++++++++++++++++++++++++++--------------------
+ 1 file changed, 132 insertions(+), 86 deletions(-)
+
+diff --git a/src/run/run.c b/src/run/run.c
+index ad8cd82d8f..409212cbfa 100644
+--- a/src/run/run.c
++++ b/src/run/run.c
+@@ -1109,6 +1109,54 @@ static int pty_forward_handler(PTYForward *f, int rcode, void *userdata) {
+         return 0;
+ }
+ 
++static int make_transient_service_unit(
++                sd_bus *bus,
++                sd_bus_message **message,
++                const char *service,
++                const char *pty_path) {
++
++        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
++        int r;
++
++        assert(bus);
++        assert(message);
++        assert(service);
++
++        r = bus_message_new_method_call(bus, &m, bus_systemd_mgr, "StartTransientUnit");
++        if (r < 0)
++                return bus_log_create_error(r);
++
++        r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
++        if (r < 0)
++                return bus_log_create_error(r);
++
++        /* Name and mode */
++        r = sd_bus_message_append(m, "ss", service, "fail");
++        if (r < 0)
++                return bus_log_create_error(r);
++
++        /* Properties */
++        r = sd_bus_message_open_container(m, 'a', "(sv)");
++        if (r < 0)
++                return bus_log_create_error(r);
++
++        r = transient_service_set_properties(m, pty_path);
++        if (r < 0)
++                return r;
++
++        r = sd_bus_message_close_container(m);
++        if (r < 0)
++                return bus_log_create_error(r);
++
++        /* Auxiliary units */
++        r = sd_bus_message_append(m, "a(sa(sv))", 0);
++        if (r < 0)
++                return bus_log_create_error(r);
++
++        *message = TAKE_PTR(m);
++        return 0;
++}
++
+ static int start_transient_service(
+                 sd_bus *bus,
+                 int *retval) {
+@@ -1190,37 +1238,10 @@ static int start_transient_service(sd_bus *bus) {
+                         return r;
+         }
+ 
+-        r = bus_message_new_method_call(bus, &m, bus_systemd_mgr, "StartTransientUnit");
+-        if (r < 0)
+-                return bus_log_create_error(r);
+-
+-        r = sd_bus_message_set_allow_interactive_authorization(m, arg_ask_password);
+-        if (r < 0)
+-                return bus_log_create_error(r);
+-
+-        /* Name and mode */
+-        r = sd_bus_message_append(m, "ss", service, "fail");
+-        if (r < 0)
+-                return bus_log_create_error(r);
+-
+-        /* Properties */
+-        r = sd_bus_message_open_container(m, 'a', "(sv)");
+-        if (r < 0)
+-                return bus_log_create_error(r);
+-
+-        r = transient_service_set_properties(m, pty_path);
++        r = make_transient_service_unit(bus, &m, service, pty_path);
+         if (r < 0)
+                 return r;
+ 
+-        r = sd_bus_message_close_container(m);
+-        if (r < 0)
+-                return bus_log_create_error(r);
+-
+-        /* Auxiliary units */
+-        r = sd_bus_message_append(m, "a(sa(sv))", 0);
+-        if (r < 0)
+-                return bus_log_create_error(r);
+-
+         polkit_agent_open_if_enabled(arg_transport, arg_ask_password);
+ 
+         r = sd_bus_call(bus, m, 0, &error, &reply);
+@@ -1550,70 +1571,21 @@ static int start_transient_scope(sd_bus *bus) {
+         return log_error_errno(errno, "Failed to execute: %m");
+ }
+ 
+-static int start_transient_trigger(
+-                sd_bus *bus,
+-                const char *suffix) {
+-
+-        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
+-        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
+-        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
+-        _cleanup_free_ char *trigger = NULL, *service = NULL;
+-        const char *object = NULL;
++static int make_transient_trigger_unit(
++                sd_bus *bus,
++                sd_bus_message **message,
++                const char *suffix,
++                const char *trigger,
++                const char *service) {
++
++        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
+         int r;
+ 
+         assert(bus);
+-
+-        r = bus_wait_for_jobs_new(bus, &w);
+-        if (r < 0)
+-                return log_oom();
+-
+-        if (arg_unit) {
+-                switch (unit_name_to_type(arg_unit)) {
+-
+-                case UNIT_SERVICE:
+-                        service = strdup(arg_unit);
+-                        if (!service)
+-                                return log_oom();
+-
+-                        r = unit_name_change_suffix(service, suffix, &trigger);
+-                        if (r < 0)
+-                                return log_error_errno(r, "Failed to change unit suffix: %m");
+-                        break;
+-
+-                case UNIT_TIMER:
+-                        trigger = strdup(arg_unit);
+-                        if (!trigger)
+-                                return log_oom();
+-
+-                        r = unit_name_change_suffix(trigger, ".service", &service);
+-                        if (r < 0)
+-                                return log_error_errno(r, "Failed to change unit suffix: %m");
+-                        break;
+-
+-                default:
+-                        r = unit_name_mangle_with_suffix(arg_unit, "as unit",
+-                                                         arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN,
+-                                                         ".service", &service);
+-                        if (r < 0)
+-                                return log_error_errno(r, "Failed to mangle unit name: %m");
+-
+-                        r = unit_name_mangle_with_suffix(arg_unit, "as trigger",
+-                                                         arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN,
+-                                                         suffix, &trigger);
+-                        if (r < 0)
+-                                return log_error_errno(r, "Failed to mangle unit name: %m");
+-
+-                        break;
+-                }
+-        } else {
+-                r = make_unit_name(bus, UNIT_SERVICE, &service);
+-                if (r < 0)
+-                        return r;
+-
+-                r = unit_name_change_suffix(service, suffix, &trigger);
+-                if (r < 0)
+-                        return log_error_errno(r, "Failed to change unit suffix: %m");
+-        }
++        assert(message);
++        assert(suffix);
++        assert(trigger);
++        assert(service);
+ 
+         r = bus_message_new_method_call(bus, &m, bus_systemd_mgr, "StartTransientUnit");
+         if (r < 0)
+@@ -1679,6 +1654,77 @@ static int start_transient_trigger(sd_bus *bus, const char *suffix) {
+         if (r < 0)
+                 return bus_log_create_error(r);
+ 
++        *message = TAKE_PTR(m);
++        return 0;
++}
++
++static int start_transient_trigger(sd_bus *bus, const char *suffix) {
++        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
++        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
++        _cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *w = NULL;
++        _cleanup_free_ char *trigger = NULL, *service = NULL;
++        const char *object = NULL;
++        int r;
++
++        assert(bus);
++        assert(suffix);
++
++        r = bus_wait_for_jobs_new(bus, &w);
++        if (r < 0)
++                return log_oom();
++
++        if (arg_unit) {
++                switch (unit_name_to_type(arg_unit)) {
++
++                case UNIT_SERVICE:
++                        service = strdup(arg_unit);
++                        if (!service)
++                                return log_oom();
++
++                        r = unit_name_change_suffix(service, suffix, &trigger);
++                        if (r < 0)
++                                return log_error_errno(r, "Failed to change unit suffix: %m");
++                        break;
++
++                case UNIT_TIMER:
++                        trigger = strdup(arg_unit);
++                        if (!trigger)
++                                return log_oom();
++
++                        r = unit_name_change_suffix(trigger, ".service", &service);
++                        if (r < 0)
++                                return log_error_errno(r, "Failed to change unit suffix: %m");
++                        break;
++
++                default:
++                        r = unit_name_mangle_with_suffix(arg_unit, "as unit",
++                                                         arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN,
++                                                         ".service", &service);
++                        if (r < 0)
++                                return log_error_errno(r, "Failed to mangle unit name: %m");
++
++                        r = unit_name_mangle_with_suffix(arg_unit, "as trigger",
++                                                         arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN,
++                                                         suffix, &trigger);
++                        if (r < 0)
++                                return log_error_errno(r, "Failed to mangle unit name: %m");
++
++                        break;
++                }
++        } else {
++                r = make_unit_name(bus, UNIT_SERVICE, &service);
++                if (r < 0)
++                        return r;
++
++                r = unit_name_change_suffix(service, suffix, &trigger);
++                if (r < 0)
++                        return log_error_errno(r, "Failed to change unit suffix: %m");
++        }
++
++        r = make_transient_trigger_unit(bus, &m, suffix, trigger, service);
++        if (r < 0)
++                return r;
++
+         polkit_agent_open_if_enabled(arg_transport, arg_ask_password);
+ 
+         r = sd_bus_call(bus, m, 0, &error, &reply);
+-- 
+2.33.0
+
diff --git a/backport-sd-event-change-error-code-EINVAL-EIO.patch b/backport-sd-event-change-error-code-EINVAL-EIO.patch
new file mode 100644
index 0000000..e60a006
--- /dev/null
+++ b/backport-sd-event-change-error-code-EINVAL-EIO.patch
@@ -0,0 +1,36 @@
+From 42885ab01726b5937390704f1d6ec33f0321fd53 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 4 Aug 2024 11:29:03 +0900
+Subject: [PATCH] sd-event: change error code -EINVAL -> -EIO
+
+EINVAL should be used when a function is called with an invalid
+argument. Here, the signal is not a function argument.
+
+Follow-up for 7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9.
+
+(cherry picked from commit ab9af70edb23f2a66e93e2e16f87cd98873885b7)
+(cherry picked from commit 84f0eda3781f49ff7f3035861b02fe247b89d65e)
+(cherry picked from commit da81ee2f78526f78b3c57661a59de681d208e35e)
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/ab9af70edb23f2a66e93e2e16f87cd98873885b7
+---
+ src/libsystemd/sd-event/sd-event.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
+index 97678a4b5e..cd78d39eb4 100644
+--- a/src/libsystemd/sd-event/sd-event.c
++++ b/src/libsystemd/sd-event/sd-event.c
+@@ -3831,7 +3831,7 @@ static int process_signal(sd_event *e, struct signal_data *d, uint32_t events, i
+                         return -EIO;
+ 
+                 if (_unlikely_(!SIGNAL_VALID(si.ssi_signo)))
+-                        return -EINVAL;
++                        return -EIO;
+ 
+                 if (e->signal_sources)
+                         s = e->signal_sources[si.ssi_signo];
+-- 
+2.33.0
+
diff --git a/backport-sd-event-do-not-assert-on-invalid-signal.patch b/backport-sd-event-do-not-assert-on-invalid-signal.patch
new file mode 100644
index 0000000..f34510e
--- /dev/null
+++ b/backport-sd-event-do-not-assert-on-invalid-signal.patch
@@ -0,0 +1,36 @@
+From 74fa56ebc3d323bd6cd2315eb8b1057f0ea359a8 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Thu, 25 Jul 2024 10:06:34 +0200
+Subject: [PATCH] sd-event: do not assert on invalid signal
+
+The signalfd_siginfo struct is received from outside via a FD, hence
+assert() is not appropriate way to check it. Just do a normal runtime
+check.
+
+(cherry picked from commit 7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9)
+(cherry picked from commit 7a48ea958bf146a45cb4a3b7ff7aeb5885469196)
+(cherry picked from commit 5fa8b5d74aa81e884613ba68c6f765834e6dd02c)
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9
+---
+ src/libsystemd/sd-event/sd-event.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
+index 3cc37371b6..97678a4b5e 100644
+--- a/src/libsystemd/sd-event/sd-event.c
++++ b/src/libsystemd/sd-event/sd-event.c
+@@ -3830,7 +3830,8 @@ static int process_signal(sd_event *e, struct signal_data *d, uint32_t events, i
+                 if (_unlikely_(n != sizeof(si)))
+                         return -EIO;
+ 
+-                assert(SIGNAL_VALID(si.ssi_signo));
++                if (_unlikely_(!SIGNAL_VALID(si.ssi_signo)))
++                        return -EINVAL;
+ 
+                 if (e->signal_sources)
+                         s = e->signal_sources[si.ssi_signo];
+-- 
+2.33.0
+
diff --git a/backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch b/backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch
new file mode 100644
index 0000000..5326bf4
--- /dev/null
+++ b/backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch
@@ -0,0 +1,36 @@
+From 8ed0c0bc4899f73934f3fc1c55c5cbb58b789a4d Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Fri, 20 Sep 2024 09:58:12 +0900
+Subject: [PATCH] sd-ipv4acd: fix assertion triggered when an ARP received in
+ STARTED state
+
+When a network is busy, an ARP may be received before the timer event
+source triggered first time.
+
+Fixes #34489.
+
+(cherry picked from commit 146b44d0a0001712ced2f22ca76d242eedac26ad)
+(cherry picked from commit 06eb9b14829f3a5819f6daefb09fdb855cd868f4)
+(cherry picked from commit b054898f12f1987d5c6fae91e664cd7f57f7fdaa)
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/146b44d0a0001712ced2f22ca76d242eedac26ad
+---
+ src/libsystemd-network/sd-ipv4acd.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/libsystemd-network/sd-ipv4acd.c b/src/libsystemd-network/sd-ipv4acd.c
+index d34c63e854..c7102cc4f6 100644
+--- a/src/libsystemd-network/sd-ipv4acd.c
++++ b/src/libsystemd-network/sd-ipv4acd.c
+@@ -396,6 +396,7 @@ static int ipv4acd_on_packet(
+                 }
+                 break;
+ 
++        case IPV4ACD_STATE_STARTED:
+         case IPV4ACD_STATE_WAITING_PROBE:
+         case IPV4ACD_STATE_PROBING:
+         case IPV4ACD_STATE_WAITING_ANNOUNCE:
+-- 
+2.33.0
+
diff --git a/systemd.spec b/systemd.spec
index 40c348b..c0a2d2e 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -25,7 +25,7 @@
 Name:           systemd
 Url:            https://systemd.io/
 Version:        249
-Release:        97
+Release:        98
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager
 
@@ -713,6 +713,24 @@ Patch6660:      backport-resolved-correct-parsing-of-OPT-extended-RCODEs.patch
 Patch6661:      backport-coredump-correctly-take-tmpfs-size-into-account-for-.patch
 Patch6662:      backport-sysusers-handle-NSS-errors-gracefully.patch
 Patch6663:      backport-shared-log-error-when-execve-fail.patch
+Patch6664:      backport-run-split-out-creation-of-unit-creation-messages.patch
+Patch6665:      backport-run-pass-the-pty-slave-fd-to-transient-service.patch
+Patch6666:      backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch
+Patch6667:      backport-sd-event-do-not-assert-on-invalid-signal.patch
+Patch6668:      backport-sd-event-change-error-code-EINVAL-EIO.patch
+Patch6669:      backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch
+Patch6670:      backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch
+Patch6671:      backport-main-reopen-dev-console-for-user-service-manager.patch
+Patch6672:      backport-log-add-common-helper-log_set_target_and_open.patch
+Patch6673:      backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch
+Patch6674:      backport-journalctl-erase-verify-key-before-free.patch
+Patch6675:      backport-core-service-use-log_unit_-where-appropriate.patch
+Patch6676:      backport-manager-log-unit-pid-of-sender-when-Reload-is-called.patch
+Patch6677:      backport-Manager-also-log-caller-of-daemon-reexec.patch
+Patch6678:      backport-manager-improve-message-about-Reload-Reexec-requests.patch
+Patch6679:      backport-core-fix-null-in-output.patch
+Patch6680:      backport-core-Bump-log-level-of-reexecute-request-to-notice.patch
+Patch6681:      backport-core-Log-in-more-scenarios-about-which-process-initi.patch
 
 Patch9001:      update-rtc-with-system-clock-when-shutdown.patch
 Patch9002:      udev-add-actions-while-rename-netif-failed.patch
@@ -2227,6 +2245,26 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null &&
 /usr/bin/systemd-cryptenroll
 
 %changelog
+* Fri Dec 13 2024 wangyuhang <wangyuhang27@huawei.com> - 249-98
+- add backport-run-split-out-creation-of-unit-creation-messages.patch
+      backport-run-pass-the-pty-slave-fd-to-transient-service.patch
+      backport-run-do-not-pass-the-pty-slave-fd-to-transient-servic.patch
+      backport-sd-event-do-not-assert-on-invalid-signal.patch
+      backport-sd-event-change-error-code-EINVAL-EIO.patch
+      backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch
+      backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch
+      backport-main-reopen-dev-console-for-user-service-manager.patch
+      backport-log-add-common-helper-log_set_target_and_open.patch
+      backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch
+      backport-journalctl-erase-verify-key-before-free.patch
+      backport-core-service-use-log_unit_-where-appropriate.patch
+      backport-manager-log-unit-pid-of-sender-when-Reload-is-called.patch
+      backport-Manager-also-log-caller-of-daemon-reexec.patch
+      backport-manager-improve-message-about-Reload-Reexec-requests.patch
+      backport-core-fix-null-in-output.patch
+      backport-core-Bump-log-level-of-reexecute-request-to-notice.patch
+      backport-core-Log-in-more-scenarios-about-which-process-initi.patch
+
 * Wed Dec 11 2024 zhangyao <zhangyao108@huawei.com> - 249-97
 - add backport-logind-give-better-error-messages-when-failing-to-at.patch
       backport-sd-journal-refuse-entry-objects-with-an-empty-boot-I.patch
-- 
Gitee