systemd-boot-efi-arm64-signed (259+3+furios0+git20260118014112.d050465.forky) forky; urgency=high

  * Sign EFI binaries from systemd-boot-efi 259-3+furios0+git20260118014112.d050465.forky

  [ Bardia Moshiri ]
  * Revert "core/exec-credential: fix credentials plain dir exchanging"
  * Revert "tree-wide: normalize comment style"
  * Revert "core/exec-credential: remove no longer needed per-cred atomic update logic"
  * Revert "core/exec-credential: work around tmpfs reconfigure bug"
  * Revert "core/exec-credential: port to new mount API, ensure atomicity for creds installation"
  * Revert "mount-util: introduce fsmount_credentials_fs()"
  * core/exec-credential: add back process-util.h
  * debian: disable tests
  * circleci: add configs

  [ Yu Watanabe ]
  * bash-completion: bootctl: add one missing option
  * bash-completion: bootctl: suggest argument for --path option
  * bash-completion: bootctl: support set-default and set-oneshot
  * bash-completion: machinectl: support import-fs
  * bash-completion: machinectl: suggest arguments for --verify and --format
  * bash-completion: loginctl: suggest argument for --output option
  * bash-completion: loginctl: suggest argument for --machine option
  * bash-completion: journalctl: drop deprecated --new-id128 option
  * bash-completion: journalctl: use --output=help to show suggestions
  * bash-completion: systemctl: use --output=help to show suggestions
  * bash-completion: run: support recently added options
  * bash-completion: nspawn: support recently added options
  * Revert "sd-device: do not call device_monitor_enable_receiving() for passed fd from pid1"
  * sd-device: do not modify socket option(s) if socket is passed by PID1
  * sd-device: do not change buffer size if the socket is already bound
  * sd-netlink: set destroy_callback only if asynchronous call succeeds
  * bash-completion: busctl: support --json and -j option
  * sd-resolve: add sd_resolve_get{addr,info}_with_destroy_callback() and typesafe macros
  * netdev: sort headers
  * netdev: use typesafe resolve_getaddrinfo() in wireguard.c
  * socket-proxyd: use typesafe resolve_getaddrinfo()
  * timesync: use typesafe resolve_getaddrinfo()
  * Merge pull request #11142 from ssahani/bond-dynamic-tlb
  * bash-completion: fix __get_interfaces()
  * bash-completion: udevadm: suggest argument for several options
  * bash-completion: also suggests device units
  * NEWS: mention DynamicTransmitLoadBalancing=
  * NEWS: mention DynamicUser= is disabled for networkd, resolved and timesyncd
  * udevadm: add two more assertions
  * network: decrease and fix indentation
  * dhcp: fix indentation
  * dhcp: use cast-to-bool for pointers
  * dhcp: drop unnecessary brackets
  * network: fix indentation
  * network: always check link is ready when address is updated
  * test: add a testcase for Address.Peer= in .network unit
  * switch-root: fix error message
  * udev-event: do not read stdout or stderr if the pipefd is not created
  * ask-password: make ask_password_keyring() static
  * ask-password-api: do not call ask_password_keyring() if keyname == NULL
  * sd-device: fix segfault when error occurs in device_new_from_{nulstr,strv}()
  * meson: check whether C.UTF-8 exists or not and use it if exists
  * Revert "sd-device: ignore bind/unbind events for now"
  * Revert "udevd: configure a child process name for worker processes"
  * test: add test for sending/receiving an invalid device
  * network: do not ignore errors on link_request_set_neighbors() and link_set_routing_policy()
  * network: rename link_set_routing_policy_rule() to link_request_set_routing_policy_rule()
  * network: set *_configured flags to false before requesting addresses or freinds
  * test: fix neighbor address
  * test-network: drop unused variable
  * test-network: disable DNS function of dnsmasq
  * Merge pull request #11274 from yuwata/fix-11272
  * man: update color of journal logs in DEBUG level
  * Merge pull request #11230 from keszybz/version-string-alt
  * sleep: install default sleep.conf
  * libudev-util: make util_replace_whitespace() read only len characters
  * login: do not use cast to bool for enum
  * ethtool: use kernel defined values for NET_DEV_PORT_*
  * ethtool: minimize the size of port_table
  * core/socket: use log_unit_*()
  * core/socket: use _cleanup_ attribute for closing fds on error
  * core/socket: logs address or path which fails to be initialized
  * Merge pull request #11232 from yuwata/fix-9130-alternative
  * Merge pull request #11351 from yuwata/ethtool-port-table
  * conf-parser: mention that unknown lvalue is ignored
  * conf-parser: accept whitespaces before comments
  * test: add testcases for the lines prefixed with whitespaces
  * NEWS: also mention that clock file for timesyncd may need to move
  * udevadm: refuse to run trigger, control, settle and monitor commands in chroot
  * login: adjust range of InhibitWhat in assertions
  * login: use free_and_strdup() at one more place
  * login: simplify the condtion in assertion and slightly decrease binary size
  * core/socket: use macro to define log_address_error_errno()
  * core/socket: drop unnecessary assignment to 'r'
  * udev-node: make link_find_prioritized() return negative value when nothing found
  * core/mount: make mount_setup_existing_unit() not drop MOUNT_PROC_JUST_MOUNTED flag from units
  * Merge pull request #11366 from keszybz/a-few-unrelated-cleanups
  * Merge pull request #11361 from yuwata/follow-up-11352
  * Merge pull request #11350 from yuwata/logind-inhibitwhat-cleanups
  * Merge pull request #11400 from ffontaine/master
  * sd-device-monitor: fix ordering of setting buffer size
  * udevd: use worker_free() on failure in worker_new()
  * udevd: use structured initializer at one more place
  * udevd: provide worker_hash_ops and drop manager_workers_free()
  * udevd: reject devices which do not have SEQNUM
  * udevd: make worker also log ACTION property
  * udevd: drop unnecessary brackets
  * udevd: refuse devices which do not have ACTION property
  * udevadm: improve error message when no option specified for 'control' command
  * udevadm: use SYNTHETIC_ERRNO() macro
  * udev: also update log level for LOG_REALM_SYSTEMD
  * udevadm: also set LOG_DEBUG to LOG_REAL_SYSTEMD when --debug is passed
  * udev: use usec_t for timeout in udev_ctrl_send_*()
  * NEWS: add more entries
  * README: mention that meson-0.49 is required to build PIEs
  * udev: use SYNTHETIC_ERRNO() macro in log_device_*_errno()
  * udev: use ENODATA when 'No entry found from hwdb'
  * man: fix reference
  * udevadm: fix segfault
  * netlink: set maximum size of WGDEVICE_A_IFNAME
  * network: wireguard: rename and split set_wireguard_interface()
  * test: add a testcase for 23 wirguard peers
  * test: add a testcase for Address.Peer= with ipv6
  * timedate: treat 'activating' or 'inactivating' NTP client status as 'active'
  * timedate: refuse to set time when previous request is not finished
  * network: make Link and NetDev always have the valid poiter to Manager
  * udev: 'val' may be NULL, use strempty()
  * network: update address when static address was already configured by DHCP
  * test: add a testcase for #11458
  * sd-event: introduce event_free_signal_data()
  * udevadm: add --ping option to 'control' command
  * udevadm: add --wait-daemon option to 'trigger' command
  * udevd: rename control command SYNC -> PING in log message
  * bash-completion: udevadm: support recently added options
  * man: mention that 'udevadm control --exit' restarts systemd-udevd.service
  * network: unset Network::manager when loading .network file fails
  * wait-online: do not fail if we receive invalid messages
  * sd-device: do not save e.g., DEVPATH or INTERFACE properties to udev database
  * core/device: fix log message
  * udevadm info: make --export-prefix imply --export
  * man: add more explanation about options for "udevadm test"
  * man: udevadm: clarify the behavior when multiple matching rules are specified
  * sd-device-monitor: use SO_DETACH_FILTER to remove BPF program
  * test: add test for sd_device_monitor_filter_remove()
  * sd-device-enumerator: support multiple parents
  * udevadm: trigger: support multiple arguments
  * network: make link_up() static
  * network: fix an error log
  * core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set
  * man: update DefaultDependency= in systemd.mount(5)
  * network/wireguard: fixes sending wireguard peer settings
  * test-network: add more checks in NetworkdNetDevTests.test_wireguard
  * sd-netlink: introduce sd_netlink_message_append_sockaddr_in{,6}()
  * network/wireguard: use sd_netlink_message_append_sockaddr_in{,6}()
  * util: add a new mode for in_addr_prefix_from_string_auto_internal() which refuses address without prefixlen
  * network: warn if Address= is specified without prefixlen
  * test-network: set missing prefixlen
  * udevd: trivial refactoring of is_device_busy()
  * udevd: always block follwoing events with same devpath
  * udevd: save the result of devnum or ifindex blocker
  * man: fix volume num of journalctl
  * man: clarify the source of DefaultTimeoutStartSec=
  * man: add referecne to systemd-system.conf
  * test-execute: unset $HOME before testing
  * test-network: fix test_dhcp_server() and test_ipv6_prefix_delegation()
  * test-network: add or drop whitespace
  * machinectl: fix argument index in error log
  * analyze security: fix recursive call of syscall_names_in_filter()
  * sd-device: fix device_copy_properties()
  * test: add a test case for issue #11652
  * test-network: check port range and ipproto attributes are supported by kernel and ip command
  * busctl: re-indent help message
  * busctl: introduce 'emit' command to emit a signal
  * busctl: shorten code a bit by using SYNTHETIC_ERRNO()
  * bash-completion: busctl: add 'emit' command support
  * test-network: ignore tunnel devices automatically added by kernel
  * pull: fix invalid error check
  * curl-util: fix use after free
  * core/load-fragment: empty assignment to PIDFile= resets the value
  * core/dbus-service: write PIDFile= setting to transient unit file
  * core/dbus-service: empty assignment to PIDFile= resets the value
  * sd-daemon: make sd_booted() return negative errno on unexpected error
  * test-network: add testcases for IgnoreCarrierLoss=
  * test-network: use dnsmasq with --dhcp-alternate-port option to test DHCP.ListenPort=
  * man: mention vlan devices inherit the MAC address of the physical interface
  * network: fix errno in log_syntax()
  * network: in_addr_is_null() may return negative errno
  * network: coding style fixes
  * network: shorten code by using SYNTHETIC_ERRNO()
  * sd-netlink: unify sd_netlink_message_append_in{,6}_addr() and _sockaddr_in{,6}()
  * network: use netlink_message_append_{in_addr,sockaddr}_union()
  * network/geneve: fix log message
  * network: unify netdev_vti{,6}_fill_message_create()
  * network: unify netdev_{ipip,sit}_fill_message_create()
  * network: refuse AF_UNSPEC for Tunnel devices
  * network/tunnel: fix log message
  * man: add missing netdev kind in Tunnel section
  * udev-rule: propagate error cause in add_token()
  * udev-rule: drop unnecessary assignments
  * udev-rule: make get_key() return negative errno
  * ethtool: make find_feature_index() return negative errno
  * udev-rule: drop unnecessary parentheses
  * udev-rule: make match_key() and match_attr() return boolean value
  * udev-rule: check function retun value is negative or not, instead of non-zero
  * test-network: add tests for LinkLocalAddressing=
  * udev-rule: make rule_add_key() return negative errno when too much tokens
  * test: add testcase for oss-fuzz#12980
  * udev: check whether systemd is running, and do not use cg_kill() if not
  * NEWS: fix release date
  * NEWS: add entry about 'udevadm trigger --wait-daemon'
  * network: minor coding style update
  * network: add more debugging logs when adding, removing, updateing and configuring route
  * network: introduce Network::ipv6_accept_ra_route_table_set flag
  * network: honor VRF table or explicitly specified route table
  * network: configure ipv4ll route after address is set
  * network: use _cleanup_ attribute at one more place
  * networkctl: accept wildcards to specify links
  * man: network: replace LINK -> PATTERN
  * test-network: add tests for wildcards in networkctl
  * login: add a missing error check for session_set_leader()
  * test-network: add test for BindCarrier=
  * network: add missing error check
  * network: disable addressing on bond slave interface
  * network: introduce specific netlink async handler for link_set_bond()
  * network: introduce new operational state 'enslaved'
  * udev-rules: update log messages about OWNER= or GROUP= settings on --resolve=names=never
  * Merge pull request #11727 from filbranden/minor1
  * test-network: increase sleep time in test_bind_carrier()
  * sd-device: also store properties read from udev database to sd_device::properties_db
  * test-network: add a tiny test for ID_NET_DRIVER= udev property
  * udev,network: drop unused parent_driver argument from net_match_config()
  * network: disable link local addressing on vrf
  * test-network: drop unused variable
  * test-network: add tests for DHCP.RouteTable=
  * test-network: add tests for VRF=
  * resolve: drop unnecessary %n fields from dns_resource_record_to_string()
  * network: always drop configs when corresponding network file does not exist
  * test-network: decrease sleep time in test_bind_carrier()
  * udev-rules: use GREEDY_REALLOC() macro where it applicable
  * udev-rules: use size_t for array index
  * fstab-generator: fix debug log
  * fstab-generator: also logs about x-systemd.growfs mount option
  * udev-rules: use read_line() and drop fgets()
  * test-udev: add a testcase of too long line
  * udev-rules: use new() macro instead of malloc_multiply()
  * udev-rules: use parse_uid() or parse_gid()
  * network: make bond master follow operstates of slaves
  * networkctl: make enslaved operstate green
  * man: mention new enslaved operational state
  * man: mention that bond master follows slave operstates
  * test-network: add tests for bonding
  * udev-event: make subst_format_var() always provide null-terminated string on success
  * meson: drop unused HAVE_STRUCT_FIB_RULE_{UID,PORT}_RANGE
  * test-udev: use proper semantics for too long line with continuation
  * test-udev: add more tests for line continuations and comments
  * test-network: update format used by networkctl status
  * test-network: disable test for Driver field in networkctl
  * Merge pull request #11763 from yuwata/disable-test-dropin-driver
  * Merge pull request #11754 from poettering/bus-path-limit
  * man: drop unnecessary parenthesis
  * network: do not log wrong error cause
  * test-network: check whether ethtool support driver field for dummy interfaces
  * Merge pull request #11757 from yuwata/test-udev-continuation
  * Merge pull request #11759 from yuwata/fix-test-dropin
  * network: update enum value assignments for AddressFamilyBoolean
  * network: warn about deprecated value in DHCP=
  * network: introduce network_verify()
  * test-network: add tests for meaningless settings which should be ignored by networkd
  * Merge pull request #11764 from yuwata/network-verify
  * util: make base64_append() add a whitespace before appending data
  * udev-ctrl: make udev_ctrl_new() return negative errno on failure
  * udev-ctrl: refactor udev_ctrl_enable_receiving()
  * udev: drop unused Manager::uevent_event
  * udev-ctrl: use sd_event and introduce udev_ctrl_start()
  * udev-ctrl: split out logic of waiting for reply to udev_ctrl_wait()
  * man: udevadm: mention that no control command can be specified after --exit
  * sysctl-util: introduce sysctl_write_ip_property() and friends
  * network: use sysctl_write_ip_property() and friends
  * sysctl-util: add sysctl_read_ip_property()
  * network: use sysctl_read_ip_property()
  * network: check whether ipv6 is enabled in sysctl
  * test-network: update cosmetic workaround
  * test-network: add testcases for handling disable_ipv6 sysctl property
  * resolve: fix null pointer dereferences
  * socket-util: re-implement socket_address_parse_netlink() by using extract_first_word()
  * udev-rules: do not ignore short lines
  * test-udev: add more tests for line continuation
  * test-udev: fix alignment and drop unnecessary white spaces
  * test-network: testing with two bond slaves
  * network: fix invalid memory access
  * network: do not disable dynamic addressing for bridge slaves
  * network: disable LinkLocalAddressing= and IPv6AcceptRA= on bridge slaves by default
  * network: extend 'enslaved' state to bridge slave interfaces
  * network: make bridge master also follow operstates of slave interfaces
  * test-network: add more tests for Bridge=
  * test-network: add more tests for IgnoreCarrierLoss=
  * man: mention that LinkLocalAddressing= is disabled by default when Bridge= is set
  * man: update explanation about operational state of network interfaces
  * udev: drop unused Ethernet section
  * udev/net: shorten load_link() a little bit
  * udev/net: ignore errors in loading .link files but warn about that
  * udev/net: use size_t for index at one more place
  * udev/net: use structured initializer at one more place
  * udev/net: drop .link files earlier when their conditions do not match system environment
  * udev: fix memleak in conditions for .link file
  * udev/ethtool: fix error detection of ethtool_link_mode_bit_from_string()
  * fuzz: use fflush() and drop unnecessary rewind()
  * fuzz: add fuzzer for parsing .link files
  * fuzz: add directives.link and 99-default.link for fuzz-link-parser
  * tools: update check-directives.sh to support fuzz-link-parser
  * tools: check all directives even if it detects non-updated files
  * network: add debug log when conditions do not match system environment
  * network: make resolving NetDev names delayed and moved to network_verify()
  * network: assign Network::manager when it is listed to the manager object.
  * sd-device: split device_read_db_internal() into two part
  * fuzz: add fuzzer for udev database
  * fuzz: add a sample for fuzz-udev-database
  * network: bump mtu if stacked vlan or macvlan requests larger size
  * test-network: add test for MTUBytes= in vlan or macvlan devices
  * network: remove routing policy rule from foreign rule database when it is removed
  * network: do not remove rule when it is requested by existing links
  * network: make ndisc_router_process_options() propagate error
  * network: merge conditions and use FLAGS_SET() macro
  * network: fix error code in log
  * test-network: drop relevant ip routing policy rules before testing
  * test-network: add testcase for issue #11280
  * network: rename GatewayOnlink= to GatewayOnLink=
  * network: relax the .network file check
  * network: save GatewayOnLink= value as tristate in Route
  * network: enable GatewayOnLink= if Gateway= without static address configured
  * test-network: add testcase for #1850
  * network: do not override previously specified family
  * network: cleanup logging in route related config parsers
  * network: avoid address section freed
  * network: simplify config_parse_lifetime()
  * network: wrap long lines
  * fuzz: do not assume the existence of /sys/class/net/lo
  * network: make address_pool_new() static
  * network: use fd00::/8 for ipv6 address pool
  * network: check prefixlen when null address is specified to Address=
  * man: mention limit about prefix length when null address is specified to Address=
  * man: mention Address= can be specified once in [Address] section
  * network: propagate error from in_addr_is_null()
  * util: introduce in_addr_random_prefix()
  * test: add tests for in_addr_random_prefix()
  * network: generate random prefix from address pool
  * network: generate addresses from pool with larger prefixlen
  * test-network: add tests for address pool
  * log: make log_syntax() assign correct errno and show valid error cause
  * test: add tests for log_syntax()
  * fuzz-dhcp6-client: avoid assertion failure on samples which dont fit in pipe
  * bus-util: drop unnecessary re-formatting
  * systemctl: do not show negative values in {Success,Failure}ActionExitStatus=
  * systemctl: use streq() if arguments must be non-NULL
  * systemctl: show SuccessExitStatus= and friends
  * core: fix received size of signal or status size
  * util: use _cleanup_ attributes
  * util: introduce in_addr_prefix_to_string()
  * test: move tests for in_addr_prefix_from_string()
  * test: add tests for test_in_addr_prefix_to_string()
  * systemctl: show IPAddressAllow= and IPAddressDeny= in 'show' command
  * systemctl: format IPIngressBytes= or friends nicely
  * systemctl: show nothing if no LoadError=
  * systemctl: print RestrictAddressFamilies= in 'show' command
  * systemctl: format BindPaths= or TemporaryFileSystems= in 'show' command
  * systemctl: format LogExtraFields= in 'show' command
  * netlink: check new interface name is valid or not before sending request
  * udev: drop unnecessary copy of new interface name
  * udev: do not read UdevEvent object before checking it is non-NULL
  * udev: set ID_RENAMING property when interface renaming is requested
  * network: always drop configs when interface is renamed
  * util: introduce device_is_renaming()
  * network: do not configure interfaces under renaming
  * dhcp: refuse to configure DHCP IAID if the interface is under renaming
  * udev: run programs in the specified order
  * core/device: make devices with ID_RENAMING= property be considered not ready
  * sd-device: move device_action_from_string() and friends to device-private.h
  * udevadm trigger: make --action option support all possible actions
  * man: mention possible actions supported by "udevadm trigger"
  * test: add test for ID_RENAMING= udev property handling by pid1
  * TODO: update
  * core: simplify and check validity of paths for RequiresMountsFor=
  * timedate: fix emitted value when ntp client is enabled/disabled (#11951)
  * network: update logs
  * import: do not try to set selinux related attributes if selinux is disabled
  * journal-remote: do not request Content-Length if Transfer-Encoding is chunked
  * machinectl: do not format size if freed disk space is "-1"
  * test-network: add tests for issue #11921
  * sd-device: store parsed ACTION= and SEQNUM= udev properties
  * util: introduce device_for_action()
  * udevd: use device_get_action() and device_get_seqnum()
  * udev: refuse to modify SEQNUM by udev rules
  * udevadm: use device_get_action()
  * udevadm-test: check action string earlier
  * core/device: use device_get_action()
  * network: use device_get_action()
  * login: use device_is_in_action()
  * libudev: use device_get_seqnum() and device_get_action()
  * test: wait for a while active state of .device is updated
  * udev: fix memleak in 'udevadm trigger --settle'
  * bash-completion: also suggest units in reloading or activating
  * core/namespace: introduce new mount mode READWRITE_IMPLICIT
  * core/namespace: logs mount mode when the entry is dropped
  * test: add a testcase for ProtectHome=tmpfs vs ProtectSystem=strict
  * network: use ltype to determine netdev kind in config_parse_stacked_netdev()
  * network: move NetworkConfigSection and related functions to networkd-util.[ch]
  * network: add IPv4LL route right after .network file is parsed
  * network: make all xxx_new_static() static
  * network: drop sections contain invalid settings in network_verify()
  * test: make network_verify() public and use it in test-networkd-conf
  * test-network: add tests for invalid Address sections
  * wireguard: use NetworkConfigSection to manage [WireGuardPeer] sections
  * wireguard: reuse sd_event_source object
  * wireguard: do not log wireguard key
  * wireguard: drop unused arguments and rename parse_wireguard_key()
  * wireguard: check whether PrivateKey= and PublicKey= are set
  * wireguard: add PrivateKeyFile= option
  * test-network: add test for WireGuard.PrivateKeyFile=
  * test-network: wait more and fix wrong operational state
  * network: move LinkOperationalState and relevant functions to network-util.[ch]
  * network: introduce 'degraded-carrier' operstate to order all states
  * hashmap: add hashmap_free_free_keyp and friend
  * network: make RequiredForOnline= also take operational state
  * sd-network: add sd_network_link_get_required_operstate_for_online()
  * wait-online: support $REQUIRED_OPER_STATE_FOR_ONLINE= in state file
  * man: update wait-online and RequiredForOnline= setting
  * network: move log_link_debug() or friends to log-link.h
  * wait-online: use log_link_debug() or friends
  * cryptsetup: add same-cpu-crypt and submit-from-crypt-cpus options
  * network: do not call link_joined() when not all netdevs are configured
  * network: introduce netdev_get_create_type() helper function
  * network: introduce new netdev create type NETDEV_CREATE_AFTER_CONFIGURED
  * network: automatically pick an address on link when L2TP.Local= is not specified
  * netlink: support NLMSG_ERROR message in genl
  * network: wait for L2TP tunnel to be created before creating sessions
  * test-network: add tests for L2TP
  * id128: no command accepts additional arguments
  * sd-id128: split the logic obtaining invocation ID from sd_id128_get_invocation()
  * bash-completion: add systemd-id128 support
  * core: use _cleanup_free_ attribute and free_and_replace() macro in method_switch_root()
  * core: use TAKE_PTR() at few more places
  * core: add Manager::honor_device_enumeration flag
  * test: add a testcase for device plugged -> dead -> plugged bug
  * network: clear previous assignment
  * fuzz: add a testcase for oss-fuzz#13719
  * nspawn: fix memleak
  * fuzz: add testcase for oss-fuzz#13691
  * network: clear previous assignment
  * log: expose log_object_internalv()
  * condition: introduce condition_test_list()
  * core/unit: use condition_test_list()
  * network: drop unnecessary strdup()
  * network,udev: split static condition tests from net_match_config()
  * man: use literal tag
  * man: mention that conditions in [Match] section support negation
  * network: fix netdev_tunnel_verify()
  * Merge pull request #11931 from yuwata/condition-test-list
  * test-network: add more tests for tunneling devices
  * man: do not wrap line in the table
  * man: mention that Tunnel.Local= and Tunnel.Remote= can take 'any'
  * Merge pull request #12066 from yuwata/fix-network-tunnel-12041
  * util: fix condition_free_list_type()
  * network,udev: explicitly declare 'conditions' is a list
  * fuzz: add testcases for the bug in condition_free_list_type()
  * test-network: add wait_online() helper function
  * test-network: merge tests about static addresses
  * test-network: move tests related to bonding
  * test-network: fix addr_gen_mode
  * test-network: use wait_online() in test_link_local_addressing()
  * test-network: use wait_online() in test_sysctl()
  * test-network: use wait_online() in test_sysctl_disable_ipv6()
  * test-network: merge tests for [Route] section
  * network: do not continue when appending data to netlink message fails
  * network: make erspan netdev can be specified in Network.Tunnel=
  * network: make GRE and GRETAP support Key=, InputKey=, OutputKey=, and SerializeTunneledPackets=
  * man: update Tunnel.Key= and friends
  * test-network: test stacked erspan tunnels
  * Merge pull request #12147 from yuwata/network-gre-key-12144
  * bootspec: add missing free() in boot_config_free()
  * bootspec: fix memleak caused by setting invalid cleanup function
  * test-network: add test for drop-in [WireGuardPeer] section
  * network: do not abort execution when NetDev.Name= conflicts
  * network: add '=' to config key names in log
  * udev: shorten code a bit
  * test-network: add test for NetDev.Name= conflict
  * po: update ja.po
  * udev: move udev_ctrl_cleanup() into manager_free()
  * test: set longer StartLimitIntervalSec= and fewer StartLimitBurst=
  * test-network: add more tests for SerializeTunneledPackets=, Key=, and friends
  * network: add FooOverUDP support for SIT and GRE tunnels
  * network: merge ipip_init() and sit_init()
  * network: do not ignore FooOverUDP.Encapsulation= setting
  * network: use asynchronous call for creating FOU tunnels
  * network: make FooOverUDP.Protocol= support name of ipproto
  * man: update FooOverUDP=
  * test-network: add tests for FooOverUDP tunnels
  * wait-online: add --any option
  * test-network: fix timeout argument for wait_online()
  * test-network: add tests for --any option of wait-online
  * Merge pull request #12167 from poettering/timer-parse-tweak
  * Merge pull request #12155 from yuwata/network-fix-and-extend-foo-over-udp-support
  * Merge pull request #12160 from yuwata/wait-online-allow-configuring
  * Merge pull request #12168 from poettering/man-fixes
  * Merge pull request #12030 from poettering/condition-memory
  * ipv4ll: do not reset seed generation counter on restart
  * Merge pull request #12188 from poettering/coccinelle-fixlets
  * udevadm: drop unused option
  * Merge pull request #12207 from poettering/portable-bus-policy-fix
  * Merge pull request #12208 from poettering/base-file-system-tweaks
  * bus-util: treat org.freedesktop.DBus.Error.ServiceUnknown nicely when polkit does not exist
  * ask-passwd: slightly optimize handling arguments
  * calendarspec: use structured initializers
  * calendarspec: rename free_chain() to chain_free()
  * calendarspec: use _cleanup_ attributes for CalendarComponent
  * calendarspec: fix possible integer overflow
  * network: re-indent conf parsers in wireguard.c
  * util: extend unbase64mem() to accept secure flag
  * util: introduce READ_FULL_FILE_SECURE flag for reading secure data
  * fileio: introduce warn_file_is_world_accessible()
  * fileio: read_full_file_full() also warns when file is world readable and secure flag is set
  * fileio: add READ_FULL_FILE_UNBASE64 flag for read_full_file_full()
  * network: make reading PrivateKeyFile= failure always fatal
  * network: clear wireguard keys on failure or on exit
  * network: add WireGuardPeer.PresharedKeyFile= setting
  * network: warn when wireguard keys are stored in world readable files
  * network: make wireguard_decode_key_and_warn() take uint8_t buf[static WG_KEY_LEN]
  * test-network: add tests for WireGuardPeer.PresharedKey= and PresharedKeyFile=
  * NEWS: mention PresharedKeyFile=
  * network: fix use-of-uninitialized-value or null dereference
  * test: set longer timeout for 'udevadm control'
  * test: set longer watchdog timeout for timedated
  * test: make directory for drop-in config
  * tree-wide: drop several missing_*.h and import relevant headers from kernel-5.0
  * util: extend unhexmem() to accept secure flag
  * fileio: add READ_FULL_FILE_UNHEX flag
  * linux: import if_macsec.h from kernel-5.0
  * network: support multiple security associations for macsec channels
  * network: explicitly clear security key for macsec
  * network: add MACsec*Association.KeyFile= setting
  * network: add MACsec*Association.Activate= setting
  * network: add MACsecTransmitAssociation.UseForEncoding= setting
  * network: warn when private key is stored in world readable files
  * network: re-indent gperf files
  * test-network: add tests for MACsec
  * resolve: rename Link.name -> Link.ifname
  * resolve: use log_link_*() macro
  * arp-util: use net/ethernet.h instead of netinet/if_ether.h
  * network: drop bond_mode_to_kernel() and bond_xmit_hash_policy_to_kernel()
  * network: drop allocation for Bond::ad_actor_system
  * ordered-set: add missing ordered_set_size()
  * network: use OrderedSet for bond ARP ip targets
  * network: re-indent conf parser and wrap long lines in bond.c
  * Merge pull request #12293 from poettering/tiny-journal-modernizations
  * Merge pull request #12290 from poettering/json-foreach-love
  * Merge pull request #12296 from poettering/coding-style-sections
  * Merge pull request #12288 from yuwata/resolve-bond-rafactoring
  * linux: move netdevice.h from shared/linux to basic/linux
  * linux: also import linux/in.h and in6.h from kernel-5.0
  * linux: also import l2tp.h from kernel-5.0
  * core: change type of Service::timeout_abort_set to bool
  * core: use BUS_DEFINE_PROPERTY_GET() macro at more places
  * core: add assertion in two inline functions
  * core: do not show TimeoutStopSec= in dump message if it is not set
  * linux: import if_ether.h from kernel-5.0
  * bootspec: fix build when EFI support is disabled
  * network: logs link state change
  * test-network: fix invalid assertions
  * network: fix ListenPort= in [WireGuard] section
  * udev,network: warn when .link or .network file has no [Match] section
  * network: prevent interfaces to be initialized multiple times
  * network: fix ref/unref logic for Link object
  * resolve: use bridge or bonding interfaces in degraded-carrier state
  * network: drop invalid assertion
  * udev: drop unnecessary brackets
  * network: fix assertion when link get carrier
  * test-network: add tests for BridgeFDB.Destination=
  * network: rewrite condition about DHCP in link_check_ready()
  * network: make link_check_ready() handle LinkLocalAddressing=fallback
  * network: use DEFINE_STRING_TABLE_LOOKUP() macro for AddressFamilyBoolean
  * network: disable fallback IPv4ll address assignment when DHCPv4 is disabled
  * network: warn about Network.IPv4LL= is deprecated
  * test-network: add a test for LinkLocalAddressing=fallback
  * Merge pull request #12429 from ssahani/link-local-fallback
  * network: rename WireGuard.FwMark -> FirewallMark
  * sd-dhcp: store number of trial in sd_dhcp_client::attempt
  * Merge pull request #12487 from mschiu77/acer-series-hwdb
  * Merge pull request #12478 from yuwata/wireguard-fwmark
  * network: introduce reference counter for Network object
  * network: make Link objects take references of Network objects
  * network: drop list fields in Network object
  * network: simplify link_free()
  * network: fix memleak and double free
  * network: fix use-after-free
  * sd-radv: fix memleak
  * network: fix conditional jump depends on uninitialised value(s)
  * network: use IN_ADDR_NULL and ETHER_ADDR_NULL
  * network: add error cause in the log
  * test-network: add one more test for LinkLocalAddressing=fallback
  * network: replace inet_ntop() with in_addr_to_string()
  * network: replace inet_pton() with in_addr_from_string()
  * sd-netlink: include glibc headers earlier to resolve conflict with kernel headers
  * network: drop arpa/inet.h from networkd-manager.h
  * network: include glibc headers before including kernel headers
  * Merge pull request #12513 from ssahani/vxlan
  * Merge pull request #12480 from ssahani/proxy-arp
  * Merge pull request #12520 from ssahani/geneve
  * network: move link_lldp_emit_enabled() to networkd-lldp-tx.c
  * network: move sd_lldp related functions to networkd-lldp-rx.c
  * network: make link_drop() can take custom handler
  * network: make BindCarrier= work with CAN devices
  * network: move CAN link related functions to networkd-can.c
  * network: move link_set_bridge to netdev/bridge.c
  * network: move link_set_bond() to netdev/bond.c
  * network: drop unnecessary initializations
  * network: move MulticastRouter to netdev/bridge.[ch]
  * network: do not send ipv6 token to kernel
  * test-network: add a tiny test for IPv6Token=
  * Merge pull request #12516 from yuwata/network-split-link
  * Merge pull request #12537 from yuwata/network-link-local-follow-ups
  * Merge pull request #12555 from ssahani/route-properties
  * network: add missing error check
  * network: add DefaultRouteOnDevice= setting in [Network] section
  * test-network: add tests for DefaultRouteOnDevice=
  * test-network: add a test for IPv4LLRoute=
  * analyze: fix help message
  * Merge pull request #12496 from yuwata/network-on-device-default-route
  * network: link_check_ready() returns earlier if routes are not configured yet
  * wait-online: ignore -ENODATA on updating link information
  * network: disable link local addressing on ipip, gre, sit, and vti netdevs
  * test-network: add a basic test for ipvtap
  * linux: update headers from current kernel master
  * test-network: check tunnel netdevs become operstate 'routable'
  * network: honor MTUBytes= setting
  * network: bump MTU bytes only when MTUByte= is not set
  * test-network: adjust mtu
  * Merge pull request #12578 from ssahani/ipvtap
  * Merge pull request #12576 from ssahani/fou
  * Merge pull request #12549 from yuwata/network-sittun-disable-link-local-addressing-12547
  * network: do not use ordered_set_printf() for DOMAINS= or ROUTE_DOMAINS=
  * Merge pull request #12574 from yuwata/network-mtu-issue-12552
  * varlink: initialize Varlink with 0
  * Merge pull request #12593 from AdrianBunk/master
  * Merge pull request #12586 from ssahani/route-properties
  * man: move Blacklist= in [DHCP] section
  * util: introduce in6_addr_hash_ops
  * network: use in6_addr_hash_ops
  * network: set_put() here does not returns -EEXIST
  * test-network: add get_operstate() and check_operstate() helper functions
  * test-network: use check_operstate() helper function where applicable
  * test-network: fix underlying device name
  * test-network: remove unnecessary links
  * test-network: enable universal_newline= flag for subprocess.check_output()
  * test-network: wait for bond interface to be no-carrier operational state
  * network: tighten the condition whether link has carrier
  * Merge pull request #12577 from yuwata/test-network-issue-12344
  * efivars: allow plus in the entry name
  * Merge pull request #12603 from ssahani/ndisc-blacklist
  * sysctl: bump pid range only on 64-bit systems
  * Merge pull request #12612 from keszybz/bootctl-column
  * Merge pull request #12519 from keszybz/man-on-demand
  * Merge pull request #12510 from keszybz/test-directives
  * Merge pull request #12629 from ssahani/networkctl
  * test-network: use splitlines() at one more place
  * test-network: use wait_online() more
  * test-network: introduce check_link_exists()
  * test-network: use wait_online() more
  * test-network: show interface status when wait_online() fails
  * test-network: convert jiffies to sec
  * test-network: add tests for Mode= setting in [MACVLAN] section
  * test-network: add tests for Mode= setting in [MACVTAP] section
  * test-network: add tests for Flags= in [IPVLAN]
  * test-network: add tests for Flags= in [IPVTAP]
  * network: disable IPv4LL for ipvlan with L3 or L3S mode
  * test-network: add tests for LinkLocalAddressing= on ipvlan or friends
  * network: Allow IFF_VNET_HDR to also be set for tun devices
  * network: extend warning messages
  * test-network: add tests for flags of tun or tap devices
  * network: deprecate OneQueue= for tun or tap devices
  * test-network: add basic tests for veth interfaces
  * network: make CAN devices go through LINK_STATE_CONFIGURING
  * test-network: add test that vcan device can be configured state
  * network: drop duplicated logs
  * test-network: drop unused variable
  * network: update master's ifindex in link_update()
  * network: drop unused variable
  * test-network: wait for bridge slave to be enslaved in test_bridge_ignore_carrier_loss_frequent_loss_and_gain()
  * network: unify link_ipv4ll_enabled() and link_ipv4ll_fallback_enabled()
  * test-network: drop wait_online() from test_ip6gre_tunnel()
  * Merge pull request #12618 from yuwata/test-network-improvements
  * test-network: drop redundant check_link_exists()
  * test-network: drop pure test for dummy device
  * test-network: add more tests for LinkLocalAddressing=yes on various netdevs
  * network: make VXCAN devices go through LINK_STATE_CONFIGURING
  * test-network: add basic tests for vxcan device
  * coredumpctl: fix --debugger option
  * bash-completion: update options for bootctl
  * udev: suppress warning when interface matches 99-default.link
  * udev: fix error message
  * journal: do not trigger assertion when journal_file_close() get NULL
  * journal: use cleanup attribute at one more place
  * network: set preferred source in removing route entry on address lost
  * network: reset Link::dhcp4_configured flag earlier
  * network: set dhcp4_configured flag false before configuring address
  * network: split dhcp_lease_lost() into small pieces
  * network: lower log level about critical connection
  * test-network: add tests for issue #12490
  * test-network: warn when firewalld.service is running
  * test-network: stop dnsmasq before removing links
  * test-network: remove fou ports on failure
  * test-network: use setUp() and tearDown() to delete routing policy rule tables
  * test-network: remove routes even on failure
  * test-network: rename link_remove() to remove_links()
  * test-network: drop unused link
  * test-network: use wait_online() instead of waiting for 10 seconds
  * test-network: rename needlessly long class names
  * test-network: move test_domain() to NetworkdNetworkTests class
  * test-network: use wait_online() in NetworkdDHCPServerTests or friends
  * network: do not send DHCPRELEASE when CriticalConnection= is enabled
  * network: add NetDevVTable::generate_mac flag
  * network: add nlmon support
  * test-network: add a basic test for nlmon
  * Merge pull request #12573 from yuwata/network-dhcp-issue-12490
  * Merge pull request #12635 from yuwata/nlmon-support
  * util: introduce parse_ifindex_or_ifname()
  * util: add assertions
  * resolvectl: use parse_ifindex_or_ifname()
  * networkctl: use parse_ifindex_or_ifname()
  * Merge pull request #12687 from yuwata/parse_ifindex_or_ifname
  * table: add teble_add_string_cell()
  * table: add more basic types
  * table: add TABLE_IFINDEX type
  * networkctl: use Table for 'list' command
  * networkctl: use Table for 'status' command
  * networkctl: use Table for 'label' command
  * networkctl: use Table for 'lldp' command
  * util: introduce format_ifname()
  * tree-wide: replace if_indextoname() with format_ifname()
  * test-network: drop 25-nlmon.network
  * man: re-indent systemd.netdev.xml
  * test-network: bump time limit for wait_address()
  * dhcp4: use memdup_suffix0() instead of strndup() for binary data
  * nspawn: also support ifindex when specifying network interface
  * test-network: make path to networkd or friends configurable
  * test-network: make the test take ASAN and UBSAN options
  * networkctl: fix memleak
  * util: introduce PTR_TO_MODE and MODE_TO_PTR macros
  * util: introduce strnpcpy() and strnscpy()
  * Merge pull request #12699 from yuwata/test-network-argparse
  * Merge pull request #12705 from keszybz/varlink-json-fix-and-two-cleanups
  * test-network: add --lsan-options option
  * test-network: stop service before editing unit file
  * test-network: show systemd-networkd.service
  * networkctl: do not show zero maximum MTU
  * netlink: set attribute size of IFLA_STATS and IFLA_STATS64
  * networkctl: optionally show link statistics
  * bash-completion: support --stats/-s option of networkctl
  * network: monitor link bit rates
  * networkctl: show link bit rates
  * udev: modernize udev-rules.c
  * udev: rename enum subst_type -> FormatSubstitutionType
  * udev: pass format type to udev_event_subst_format()
  * udev: comment that $tempnode and $sysfs formats are deprecated
  * udev: split udev_event_apply_format() into small pieces
  * udev: make parser for attribute of $result harder
  * udev: replace xsprintf() + strpcpy() by strpcpyf()
  * udev: use delete_trailing_chars() at one more place
  * udev: evaluate formatting in RUN= key earlier
  * udev: check formatting of attribute or value earlier
  * networkctl: drop unnecessary use of table_add_cell_full()
  * util: make argument "subsystem" in device_wait_for_initialization() optional
  * util: make device_wait_for_initialization() optionally takes timeout value
  * udevadm: add --wait-for-initialization option to "udevadm info"
  * test-network: move networkctl related tests to NetworkctlTests class
  * test-network: add tests for "networkctl delete"
  * test-network: add test for MTU field of 'networkctl status'
  * test-network: disable SystemCallFilter= when *SAN is enabled
  * Merge pull request #12708 from yuwata/test-network-networkctl-tests
  * networkctl: re-cast value stored in Set with INT_TO_PTR()
  * network: fix UBSAN issue
  * network: fix double free on error path
  * network: remove unused argument in routing_policy_rule_configure()
  * journalctl: fix error cause in log message
  * journalctl: mention --smart-relinquish-var in log message
  * bash-completion: support "networkctl delete"
  * journalctl: make 'journalctl --flush' or friends not fail with varlink timeout
  * Merge pull request #12661 from mrc0mmand/debug-journalctl-flush
  * Merge pull request #12737 from keszybz/meson-man-nspawn
  * Merge pull request #12741 from keszybz/bpf-firewall-warning
  * test-network: do not allow addresses in tentative state
  * udev: propagate errors in udev_event_execute_rules()
  * test-network: do not directly compare two results of "ip address"
  * network: check stored object is euivalent to what we want to remove
  * Merge pull request #12508 from keszybz/no-root-checks
  * Merge pull request #12748 from keszybz/modernize-networkd-tests-style
  * network: add KeepConfiguration=dhcp-on-stop
  * network: make KeepConfiguration=static drop DHCP addresses and routes
  * man: add documentation about KeepConfiguration
  * test-network: add tests for KeepConfiguration=
  * Merge pull request #12756 from cdown/uninit
  * network: make all failures in route configuration fatal
  * network: check earlier the existence of lifetime in lease
  * network: drop unnecessary link_enter_failed() calls
  * network: ignore callback calls when link is in failed state
  * network: assign new DHCP address before removing old lease address
  * network: ignore requested ipv6 addresses when ipv6 is disabled by sysctl
  * network: ignore requested ipv6 route when ipv6 is disabled by sysctl
  * network: ignore requested ipv6 routing policy rule when ipv6 is disabled by sysctl
  * network: ignore requested ipv6 fdb entry when ipv6 is disabled by sysctl
  * test-network: add more test cases when ipv6 is disabled
  * Merge pull request #12774 from yuwata/network-ignore-ipv6-settings-when-sysctl-disable-ipv6
  * libudev: drop unused variable
  * libudev: hide definition of struct udev_list from other libudev components
  * libudev: re-implement libudev-list with LIST and hashmap
  * libudev: rescan devices when filter is updated
  * libudev: hide definition of struct udev_device
  * Merge pull request #12777 from yuwata/libudev-enumerate-issue-12776
  * networkctl: fix use of uninitialized value
  * network: skip to check dynamic addresses when ConfigureWithoutCarrier=yes
  * test-network: add test for ConfigureWithoutCarrier=
  * test-network: suppress error message in cleanup process
  * test-network: explicitly set sleep time
  * test-network: replace check_link_exists() with wait_online()
  * test-network: drop redundant operstate checking
  * NEWS: add more hint about MACAddressPolicy= change
  * network: read link specific sysctl value
  * network: split out DBus related prototypes to networkd-link-bus.h
  * network: introduce link_send_changed_strv()
  * network: introduce manager_send_changed_strv()
  * network: split operational states into carrier and address states
  * network: expose carrier and address states over dbus
  * network: also introduce two new manager states
  * network: drop unused manager_send_changed()
  * sd-network: introduce functions for new link and manager states
  * timesync: judging if network is online by networkd's address state
  * Merge pull request #12802 from irtimmer/fix-openssl
  * meson: fix error message
  * test-network: remove all routing policy rules in specified table
  * test-network: rename l2tp_tunnel_remove -> remove_l2tp_tunnels
  * Merge pull request #12807 from keszybz/net-naming-scheme-yet-again
  * test-network: use setUp() and tearDown() to clear routing policy rule tables
  * test-network: use wait-online in NetworkdBondTests
  * network: make routing_policy_rule_get() require Manager
  * network: do not configure routing policy rule if it is already configured
  * test-network: use wait-online in NetworkdBridgeTests
  * test-network: change default sleep time of start_networkd()
  * dhcp: fix comparison with previous lease
  * ethtool-util: move from src/udev/net/ to src/shared/
  * Merge pull request #12822 from poettering/tmpfiles-is-mount-point
  * dhcp: use memdup_suffix0() instead of strndup()
  * sd-bus: use memdup_suffix0() instead of strndup()
  * util: introduce siphash24_compress_boolean()
  * network: add missing entries in routing_policy_rule_{hash,compare}_func()
  * ethtool-util: use structured initializers
  * ethtool-util: make ethtool_connect() warn on failure
  * ethtool-util: introduce ethtool_get_link_info()
  * util: introduce format_bytes_full()
  * util: make format_bytes() support e.g. 3.0E
  * test: add tests for format_bytes()
  * table: introduce FORMAT_BPS type
  * network: change type of BitRates= bus property
  * networkctl: show link speed, duplex, auto negotiation, and port
  * tree-wide: drop alloca() in loop
  * tree-wide: use htobe{32,16}() instead of hton{l,s}()
  * util: use extract_first_word() instead of strsep()
  * Merge pull request #12806 from yuwata/networkctl-ethtool-12657
  * tree-wide: replace strjoin() with path_join()
  * sd-path: use _cleanup_ attribute
  * Merge pull request #12846 from poettering/cap-last-cap-fix
  * sd-path: use _cleanup_strv_free_ attribute
  * tree-wide: use _cleanup_ attribute and strv_consume() + TAKE_PTR()
  * path-util: fix an issue when the path argument of prefix_roota() is not absolute
  * test: add more testcases for prefix_roota()
  * tree-wide: replace strjoin() with path_join()
  * tree-wide: replace strjoina() with prefix_roota()
  * linux: update kernel headers
  * linux: make UBSAN quiet
  * ethtool-util: fix returned value when ethtool_cmd_speed() is SPEED_UNKNOWN
  * ethtool: add missing link mode
  * ethtool: reindent link mode table
  * Merge pull request #12871 from keszybz/various-printing-fixes
  * network: further log message update
  * conf-parser: fix continuation handling
  * test: add testcase for issue #12883
  * util,test: rename variable non_iec -> si
  * test: fix argument type of test_format_bytes_one()
  * Merge pull request #12889 from keszybz/analyze-condition
  * bash-completion: support systemd-analyze condition
  * meson: drop unused debug option
  * meson: default to use libidn2 if both libidn2 and libidn are installed
  * NEWS: mention that the libidn2 is used by default
  * Merge pull request #12905 from keszybz/udev-warnings
  * sd-device: introduce dump_device_action_table()
  * udevadm: support special value 'help' for --action option
  * bash-completion: udevadm: list all possible values for --action option
  * udev: fix wrong event source to set description
  * test-execute: add test for ConditionKernelVersion= with quotation
  * Merge pull request #12903 from keszybz/condition-quoting
  * network: move conf parsers and function prototypes
  * network: move DHCP6 related code from networkd-manager.c to networkd-dhcp6.c
  * network: move DHCP server related functions to networkd-dhcp-server.c
  * Merge pull request #12910 from keszybz/udev-kvm
  * network: move prototypes related to network Network bus objects to networkd-network-bus.h
  * networkctl: do not show '(null)' in HW Address entry
  * network,udev: fix multiple invert matching lines
  * network,udev: make net_match_config() take sd_device
  * network,udev: add Property= setting in [Match] section
  * man: fix wrong udev property name
  * test: add tests for config_parse_match_{strv,ifnames}()
  * meson: drop duplicated source
  * test-network: add test for Property= in [Match] section
  * udev: accept lines which have only PROGRAM=
  * test-network: add udev related tests for networkctl
  * Merge pull request #12946 from poettering/blockdev-tweaks
  * sd-netlink: fix inverted log message
  * sd-netlink: introduce sd_netlink_message_enter_array()
  * sd-netlink: drop unnecessary 'else'
  * sd-netlink: add CTRL_ATTR_MCAST_GROUPS
  * test: add test for sd_netlink_message_enter_array()
  * sd-event: replace snprintf() with strpcpyf()
  * dhcp: replace strerror() with %m
  * tree-wide: introduce strerror_safe()
  * firewall-util: use fixed size array for chain name
  * test-network: show debug logs of networkd
  * network: minor coding-style update
  * network: re-implement parse_vid_range()
  * network: fix the initial value of the counter for brvlan
  * network: fix issue found by UBSan
  * test-network: add tests for BridgeVLAN
  * Merge pull request #12963 from keszybz/analyze-timestamp
  * test-network: add testcase for DHCP client with static address
  * test-network: add tests for DHCP.UseRoutes=no with custom route settings
  * Merge pull request #12970 from ddstreet/gh12969
  * util: fix sign-compare warning
  * network: read sysctl value only once (#12990)
  * network: rename [DHCP] section to [DHCPv4]
  * test-network: enable systemd-resolved.service
  * test-network: add tests for UseDNS= in [DHCP] section
  * network: fix memleak
  * Merge pull request #12863 from 1848/if_xfrm
  * network: support gre tunnel or friends with Local=any Remote=any
  * network: simplify the condition about xfrm
  * network: add AssignToLoopback= setting to [Tunnel] section
  * test-network: add test for AssignToLoopback= setting
  * test-network: add test for Xfrm netdev
  * Merge pull request #13013 from yuwata/network-xfrm-follow-ups
  * network: ip6tnl and vti6 does not support the case both Local= and Remote= are any
  * test-network: add testcases Tunnel.Remote=any and Local=any
  * Merge pull request #13010 from poettering/fsck-usr-wants
  * test-network: drop test_udev_driver as it is unstable
  * sd-netlink: make sd_netlink_message_read() returns size of read data
  * network: NDA_LLADDR attribute can also take struct in_addr
  * network: rename Neighbor.MACAddress= to Neighbor.LinkLayerAddress=
  * network: drop invalid [Neighbor] section earlier
  * network: fdb: do not allocate separated memory for lladdr
  * network: fdb: use ether_addr_from_string()
  * test-network: use Neighbor.LinkLayerAddress= instead of deprecated Neighbor.MACAddress=
  * test-network: add testcase that Neighbor.LinkLayerAddress= is IP address
  * network: route_configure() do nothing when it returns 0
  * util: introduce in4_addr_equal()
  * network: rework route_scope_from_address()
  * network: process address reply message
  * network: re-assign static routes when dynamic address is updated
  * test-network: add test for route reassignment
  * udevadm: ensure 'udevadm info -w' show updated result
  * Merge pull request #13024 from poettering/errno-or-else
  * Merge pull request #12971 from yuwata/network-reassign-static-routes
  * test-network: test more bridge properties
  * network: use string table to parse route type
  * network: make Route.Type= support local, broadcast, anycast, multicast, nat, and xresolve
  * network: update log message
  * network: show route scope, table, and type in debugging logs
  * network: use string table to parse route table or scope
  * network: use string table for route protocol
  * network: also show route protocol in debugging logs
  * test-network: add tests for route with type local, multicast, anycast, or broadcast
  * Merge pull request #13031 from yuwata/network-route-type-local-12975-2
  * Merge pull request #13043 from poettering/strip-tab-ansi-no-static-size
  * udev: make Match.OriginalName=* matches all interfaces
  * Merge pull request #13041 from poettering/firstboot-fixes
  * Merge pull request #13037 from poettering/shutdown-log-fixes
  * network-generator: introduce new tool systemd-network-generator
  * test: add simple tests for network-generator
  * test: add TEST-35-NETWORK-GENERATOR
  * network: do not change to configuring state needlessly
  * network:dhcp4: request domain search list if UseDomains=yes
  * network: honor IPv6AcceptRA.UseDomains= setting
  * test-network: add tests for DHCPv4.UseDomains=
  * network: show known route protocol name nicely in debugging logs
  * Merge pull request #13054 from yuwata/network-dhcp-use-domains-8174
  * network: make link enter failed state when a configuration fails
  * format-table: add TABLE_TIMESPAN_MSEC
  * analyze: format output of 'systemd-analyze blame' by using Table
  * format-table: add TABLE_TIMESTAMP_UTC and _RELATIVE
  * analyze: format output of 'systemd-analyze calendar' by using Table
  * analyze: format output of 'systemd-analyze timespan' by using Table
  * analyze: format output of 'systemd-analyze timestamp' by using Table
  * bash-completion: add missing 'systemd-analyze timestamp'
  * test-network: make wait_online() check setup state
  * tree-wide: drop duplicated blank lines
  * Merge pull request #13058 from yuwata/network-enter-failed
  * NEWS: update section name
  * doc: update explanation of IPv6AcceptRA=
  * wait-online: change log level
  * network: do not configure routes when dropping addresses
  * test-network: extend sleep time
  * Merge pull request #13069 from yuwata/network-do-not-set-routes-when-carrier-lost
  * network: move manager dbus prototypes to networkd-manager-bus.h
  * network: implement ListLinks DBus method
  * network: introduce GetLinkByName and GetLinkByIndex bus methods
  * resolve: expose dns_server_address_valid()
  * network: implement DBus methods to set DNS related properties
  * resolvectl: support networkd managed interfaces
  * timedatectl: add 'ntp-servers' and 'revert' commands to modify link NTP servers
  * bash-completion: support ntp-servers and revert command for timedatectl
  * resolve: fix memleak
  * test-network: add tests for link state file vs resolvectl or timedatectl
  * test-network: stop firewalld in setUpModule()
  * test-network: drop warn_about_firewalld() as it is not necessary any more
  * network: drop fallback mechanism to assign DHCPv6 addresses with IFA_F_NOPREFIXROUTE
  * network: drop unnecessary line breaks
  * network: fix use after free()
  * man: fix wrong section name
  * Revert "test-network: extend sleep time"
  * network: update state file after dhcp6 events
  * dhcp: fix minor coding style issue
  * dhcp: introduce sd_dhcp_client_send_renew()
  * network: introduce route_full_hash_ops
  * network: store routes provided by DHCPv4 in Set
  * network: set routes to dns servers provided by DHCPv4
  * network: add DHCPv4.RoutesToDNS= setting
  * test-network: add tests for routes to DNS servers provided by DHCPv4
  * sd-netlink: update comment
  * test-network: add test for neighbor with ipv6 lladdr
  * Merge pull request #13100 from 1848/neigh_ipv6
  * network: set field size for several flags
  * network: disable kernel creating prefix route when RouteTable= is set
  * network: add fallback logic for old kernels
  * meson: drop redundant line
  * pstore: drop unnecessary initializations
  * pstopre: fix return value of list_files()
  * pstore: drop commented out line
  * pstore: remove temporary file on failure
  * pstore: do not add FILE= journal entry if content_size == 0
  * pstore: use log_setup_service()
  * pstore: run only when /sys/fs/pstore is not empty
  * network: do not touch kernel-created multicast route
  * test-network: add tests for issue #6088
  * fuzzit: ignore library version
  * Merge pull request #13143 from poettering/logind-inhibit-restart
  * tree-wide: drop netinet/ether.h from socket-util.h and sd-netlink.h
  * network: support slcan
  * Merge pull request #13173 from kinvolk/iaguis/fix-norbind
  * Merge pull request #13166 from yuwata/network-slcan-support
  * test-network: add test for Bridge.IGMPVersion=
  * Merge pull request #13169 from ssahani/bridge-igmp-group-version
  * test-network: use [DHCPv4] and [DHCPv6] sections instead of deprecated [DHCP] section
  * network: drop recently added settings from deprecated [DHCP] section
  * Merge pull request #13179 from yuwata/network-drop-new-settings-from-dhcp-section
  * units: add initrd-network-generator.service
  * network: drop redundant Link::kind check
  * network: rename IGMPVersion= -> MulticastIGMPVersion=
  * network: slightly update log message
  * NEWS: mention Bridge.MulticastIGMPVersion=
  * NEWS: mention SpeedMeter=
  * po: include network1.policy in the list for generating .pot file
  * po: update ja.po
  * networkctl: merge multiple table_add_cell() by using table_add_many()
  * table: add TABLE_IN_ADDR and TABLE_IN6_ADDR
  * table: add TABLE_UINT8 or friends
  * table: add missing NULL initialization
  * time-util: introduce jiffies_to_usec()
  * test-network: add tests for new entries in "networkctl status"
  * network-generator: rename generated unit files
  * unit: rename initrd-network-generator.service -> systemd-network-generator.service
  * networkctl: TABLE_BPS requires uint64_t
  * bash-completion: support "systemd-analyze exit-status"
  * boot: fix build with gnu-efi older than 3.0.5
  * udev-event: log device name on spawning commands
  * udev-node: fix misleading log messages
  * unit: make logind can access ESP
  * login: drop space in empty line
  * Revert "logind: remove unused check"
  * Merge pull request #13256 from keszybz/minor-sd-network-cleanup
  * udev: do not try to import properties on commented out lines
  * unit: drop Before=sysinit.target from systemd-random-seed.service
  * Merge pull request #13265 from keszybz/timedated-ntp-logging
  * network: fix potential memleaks related to set_put()
  * network: add missing link_ref()
  * bootctl: clear arg_xbootldr_path when acquire_xbootldr() succeeds
  * bootctl: arg_dolloar_boot_path() may return NULL
  * network: refuse the case To= and From= are in different address family
  * network: serialize/deserialize address family
  * network: add missing entry in serialization/deserialization
  * network: rename AddressFamilyBoolean -> AddressFamily
  * network: split out copying logic from routing_policy_rule_add_internal()
  * network: add RoutingPolicyRule.Family= setting
  * test-network: add tests for RoutingPolicyRule.Family=ipv6 and both
  * network: do not check deprecated flag in address_is_ready()
  * test-network: update test for PreferredLifetime=0
  * Merge pull request #13344 from ddstreet/test-functions
  * core: introduce unit_destroy_runtime_directory()
  * core: make RuntimeDirectoryPreserve= works with non-service units
  * test: add tests for RuntimeDirectoryPreserve=yes
  * core: introduce exec_directory_is_private() helper function
  * network: drop redundant "else"
  * network: use DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN() macro at one more place
  * network: enable ipv6 when the network has static ipv6 configurations
  * network: add more warnings in network_verify()
  * Merge pull request #13382 from keszybz/network-ipv6-enable
  * Merge pull request #13412 from yuwata/network-check-and-warn-more
  * core: also remove private directories by systemctl clean
  * core: introduce unit_fork_and_watch_rm_rf()
  * core/socket: support "systemctl clean" for socket units
  * test: add tests for systemctl clean with DynamicUser=yes
  * core/mount: support "systemctl clean" for mount units
  * core: move timeout_clean_usec from Service to ExecContext
  * core/swap: support "systemctl clean" for swap units
  * Merge pull request #13244 from keszybz/allow-dots-in-usernames
  * Merge pull request #13436 from systemd/hidden-units-are-good-units
  * man: list possible action string and default value
  * test: add more tests for "systemctl clean"
  * network: adjust log level when DHCPv4 lease lost
  * shell-completion: do not truncate suggestions
  * login: fix use after free
  * po: update Japanese translation
  * udev: add missing flag for OPTIONS=static_node
  * udev: also logs file permission
  * Merge pull request #13511 from ssahani/networkctl-dhcp
  * udev: fix multi match
  * test: add test cases for empty string match
  * network: also check the permission of key file
  * fileio: update warning message
  * network: do not abort execution when a config file cannot be loaded
  * Merge pull request #13526 from yuwata/network-check-access-mode-of-key-file
  * Merge pull request #13538 from keszybz/doc-tweaks
  * man: move TimeoutCleanSec= entry from .service to .exec
  * network: do not create default route for ipv4 link local addressing
  * network: do not use implicit cast to boolean
  * network: drop redundant and invalid destination address
  * network: set scope and protocol for default route
  * network: add more debug messages
  * dhcp6: read OPTION_INFORMATION_REFRESH_TIME option
  * ndisc: make first solicit delayed randomly
  * Merge pull request #13354 from keszybz/two-refactoring-patches
  * network: drop IPv6LL address when LinkLocalAddressing=no|ipv4
  * test-network: add one more test case for LinkLocalAddressing=
  * network: add missing link->network checks
  * network: do not enter failed state if device's sysfs entry does not exist yet
  * Merge pull request #13567 from keszybz/logind-two-refactoring-patches
  * sd-netlink: fix invalid assertion
  * network: make route_get() or friends take Route object
  * network: take more route information into hash func
  * network: also take Route::initcwnd and ::initrwnd into hash func
  * Merge pull request #13559 from ssahani/ipv6ra-route
  * udevadm: missing initialization of descriptor
  * udevadm: use usec_add()
  * unit: add ExecReload= in systemd-udevd.service
  * dhcp6: add missing option length check
  * Merge pull request #13583 from keszybz/networkd-hash-compare-equality
  * Merge pull request #13582 from yuwata/udevadm-reload
  * dhcp6: use unaligned_read_be32()
  * po: update Japanese translations
  * network: add one more section validty check
  * network: introduce new bus method Renew() and RenewLink()
  * networkctl: add renew command
  * Merge pull request #13610 from yuwata/network-check-one-more-section
  * Merge pull request #11883 from yuwata/network-dhcp-renew
  * Merge pull request #13649 from keszybz/arphrd-minimization
  * network: drop noisy log message
  * udevadm trigger: do not propagate EACCES and ENODEV
  * Merge pull request #13753 from keszybz/change-man-ordering
  * Merge pull request #13727 from keszybz/pstore-greedy-realloc
  * Merge pull request #13749 from keszybz/pyparsing-2.4
  * udev: fix memleak caused by wrong cleanup function
  * systemctl: fix memleak caused by wrong cleanup func
  * Merge pull request #13765 from yuwata/udev-memleak-13764
  * Merge pull request #13761 from dtardon/program-name
  * network: ndisc: do not drop all prefixes when a prefix matches a blacklist
  * network: update comment as DHCP is deprecated now
  * test-network: add a test case for nexthop
  * Merge pull request #13735 from ssahani/ip-nexthop
  * Merge pull request #13760 from keszybz/unit-loading-unification
  * test-network: disable IPv6AcceptRA= to speed up tests
  * bus-util: make map_basic handle SD_BUS_TYPE_OBJECT_PATH type
  * sd-netlink: add missing license identifier
  * sd-netlink: drop unused variable
  * sd-netlink: use structured initializer
  * sd-netlink: introduce sd_netlink_message_read_string_strdup()
  * sd-netlink: drop unnecessarily exported variables
  * sd-netlink: save dynamic general netlink message type
  * sd-netlink: support NLMSG_DONE
  * sd-netlink: introduce sd_genl_message_get_family()
  * sd-netlink: add nl80211 type systems
  * network: split link_free() into two parts
  * network: introduce link_reconfigure()
  * network: support matching based on wifi SSID
  * network: also read BSSID
  * network: add support matching based on BSSID=
  * Merge pull request #13784 from keszybz/constify-unit-pointers
  * Merge pull request #13820 from keszybz/dead-code-removal
  * Merge pull request #13825 from keszybz/nspawn-console-help
  * Merge pull request #13807 from 1848/ip6gre_key_fix
  * Merge pull request #13828 from keszybz/networkctl-print-wlan
  * network: add Reload() dbus method
  * network: also reload .netdev files
  * networkctl: add reload command
  * test-network: add tests for "networkctl reload"
  * network: include netinet/in.h to fix build error
  * network: introduce Reconfigure() bus method
  * format-util: introduce format_ifname_full()
  * networkctl: fix error message
  * networkctl: use format_ifname_full()
  * networkctl: introduce reconfigure method
  * network: add tests for "networkctl reconfigure"
  * test: drop duplicated 's'
  * Merge pull request #13836 from systemd/assert-cleanups-and-constification
  * network: support matching based on wifi interfece type
  * network: add default configurations for wireless interfaces
  * Merge pull request #13844 from keszybz/resolved-proprties
  * network: wait for QDiscs to be configured
  * test-network: add tests for qdisc
  * Merge pull request #13867 from keszybz/man-condition
  * Merge pull request #13747 from ssahani/tc-qdisc
  * Merge pull request #13879 from keszybz/news-v244
  * NEWS: fix option name
  * network: cleanup header inclusion
  * test: move {test,fuzz}-fido-id-desc.c into src/udev/fido_id
  * tree-wide: drop missing.h
  * Merge pull request #13888 from ssahani/qdisc
  * NEWS: mention NetworkEmulatorDuplicateRate= setting
  * Merge pull request #13916 from ddstreet/test-network
  * Merge pull request #13909 from poettering/env-copy-pid
  * Merge pull request #13899 from poettering/in-gid-tweak
  * tree-wide: drop string.h when string-util.h or friends are included
  * tree-wide: drop alloca.h when alloc-util.h is included
  * tree-wide: drop dirent.h when dirent-util.h is included
  * tree-wide: drop glob.h when glob-util.h is included
  * tree-wide: drop locale.h when locale-util.h is included
  * tree-wide: drop gcrypt.h when gcrypt-util.h is included
  * tree-wide: drop sched.h when missing_sched.h is included
  * tree-wide: drop capability.h when capability-util.h is included
  * tree-wide: drop time.h when time-util.h is included
  * tree-wide: drop pwd.h and grp.h when user-util.h is included
  * tree-wide: drop acl.h when acl-util.h is included
  * tree-wide: drop blkid.h when blkid-util.h is included
  * tree-wide: drop libkmod.h when module-util.h is included
  * tree-wide: drop mntent.h when fstab-util.h is included
  * tree-wide: drop socket.h when socket-util.h is included
  * tree-wide: drop stat.h or statfs.h when stat-util.h is included
  * tree-wide: drop magic.h when missing_magic.h is included
  * tree-wide: drop mman.h when missing_mman.h is included
  * tree-wide: drop signal.h when signal-util.h is included
  * tree-wide: drop stdio.h when stdio-util.h is included
  * tree-wide: drop input.h when missing_input.h is included
  * tree-wide: drop double newline
  * util: drop unnecessary headers from util.c
  * network: use fix invalid free function
  * network: fix memleak
  * network: fix invalid cleanup function
  * network: fix typo
  * network: fix memleak in route_prefix_free()
  * test: add testcase for issue #13938
  * sd-radv: fix memleak
  * Merge pull request #13939 from yuwata/network-fix-memleak-and-13938
  * network: split struct Prefix into Prefix and RoutePrefix
  * sd-device-enumerator: do not return error when a device is removed
  * Merge pull request #13975 from keszybz/more-seccomp-syscalls
  * udev: ignore ENOENT when chmod_and_chown() device node
  * udev: fix error code in the log message
  * udev: ignore error caused by device disconnection
  * udev: do not append newline when write attributes
  * network: fix indentation
  * network: fix logged error value
  * network: rename DHCPRawOption to DHCPOptionDataType
  * network: make SendOption= also take type field
  * dhcp4: add debug logs
  * dhcp4: propagate error in restarting DHCPv4 client
  * dhcp6: add debug logs
  * Merge pull request #14056 from yuwata/dhcp-debug-logs
  * network: add more error logs
  * network: rename SendRawOption= to SendOption=
  * dhcp: remove struct sd_dhcp_raw_option
  * network: unify config_parse_dhcp_server_option_data() and config_parse_dhcp_send_option()
  * udevadm: ignore EROFS and return earlier
  * udev: silence warning about PROGRAM+= or IMPORT+= rules
  * man: add entry about SpeedMeter=
  * NEWS: SendRawOption= -> SendOption=
  * udev: do not propagate error in executing PROGRAM and IMPORT{program}
  * travis: add missing closing quote sign
  * Merge pull request #14134 from keszybz/variables-and-docs
  * network: also assume Table=local for ipv6 route if Type=local, broadcast, anycast or nat (#14148)
  * udev: tiny update for log messages
  * Merge pull request #14160 from mwilck/fix-shutdown-hang
  * Merge pull request #14166 from keszybz/transient-unit-settings
  * man: use literal tag at one more place
  * network: fix double free()
  * sd-netlink: support NLMSGERR_ATTR_MSG
  * network: include NLMSGERR_ATTR_MSG attribute in error message
  * networkctl: fix to show BSSID
  * network: do not return error but return UINT64_MAX if speed meter is disabled
  * network: ignore sections which have both NetworkEmulator and TokenBufferFilter settings
  * network: rename QDiscs to QDisc
  * network: make network_emulator_fill_message() take NetworkEmulator
  * network: drop unnecessary headers
  * test-network: add test case for TBF
  * network: SFQ cannot be configured with netem or TBF
  * test-network: add a test case for SFQ
  * nspawn: do not fail if udev is not running
  * network: if /sys is rw, then udev should be around
  * Merge pull request #14229 from yuwata/nspawn-network-interface-14223
  * network: do not drop foreign config if interface is in initialized state
  * test-network: add test case for IPv4 DAD
  * Merge pull request #14102 from ssahani/acd-duplicate-ip
  * test-network: add test case for IFB
  * network: fix copy and paste mistake
  * Merge pull request #14273 from ssahani/ifb
  * Merge pull request #14266 from topimiettinen/dont-resolve-user-if-not-root
  * test-network: make test_bind_carrier more stable
  * test: do not fail if new device is plugged during enumeration
  * network: fix segfault in parsing SendOption=
  * test-network: add a test case for SendOption=
  * network: tc: add more options for TBF
  * test-network: add tests for new TBF settings
  * Merge pull request #14295 from poettering/greedy-alloc-round-up
  * Merge pull request #14280 from yuwata/network-tbf-more
  * test-network: add a test case for fq-codel
  * Merge pull request #14297 from poettering/id128-size
  * Merge pull request #14278 from ssahani/tc
  * sd-netlink: make TCA_OPTIONS take NETLINK_TYPE_UNION
  * network: tc: use typesafe functions to append netlink attributes
  * Merge pull request #14303 from yuwata/tc-use-typesafe-functions
  * network: tc: drop unused functions
  * network: tc: drop unused element
  * network: tc: introduce QDiscVTable for future extendability
  * Merge pull request #14309 from yuwata/network-tc-vtable
  * sd-netlink: add attributes for FQ
  * Merge pull request #14308 from poettering/man-naming-scheme-typo
  * test-network: add a test case for FQ
  * network-generator: allow empty hostname
  * test: add a test case for network-generator
  * Merge pull request #14305 from ssahani/tc-fq
  * network: tc: support more attributes for FQ-CoDel
  * test-network: add a test case for the new settings of FQ-CoDel
  * Merge pull request #14320 from yuwata/network-tc-fq_codel-more
  * Merge pull request #13915 from ddstreet/ipv6_mtu
  * network: tc: add more settings for FQ
  * test-network: add a test case for new FQ settings
  * linux: update headers
  * sd-netlink: support IFLA_PROP_LIST and IFLA_ALT_IFNAME attributes
  * sd-netlink: introduce sd_netlink_message_read_strv()
  * sd-netlink: introduce sd_netlink_message_append_strv()
  * test: add a test for sd_netlink_message_{append,read}_strv()
  * util: introduce ifname_valid_full()
  * udev: support AlternativeName= setting in .link file
  * network: make Name= in [Match] support alternative names of interfaces
  * networkctl: show alternative names
  * test-network: add a test case for netdev altname
  * test-network: pass environment variables to networkctl
  * util: constify arguments of strv_xxx()
  * Merge pull request #14354 from poettering/link-fix
  * udev: extend the length of ID_NET_NAME_XXX= to ALTIFNAMSIZ
  * random-util: call initialize_srand() after fork()
  * Merge pull request #14339 from keszybz/invalid-enablement-logs
  * udev: do not fail if kernel does not support alternative names
  * udev: introduce AlternativeNamesPolicy= setting
  * network: set AlternativeNamesPolicy= in 99-default.link
  * sd-netlink: make netlink_container_parse() takes size_t for rt_len
  * sd-netlink: add a whitespce between cast operator and variable
  * Merge pull request #14208 from poettering/json-homed-prepare
  * Merge pull request #14352 from yuwata/sd-netlink-tiny-fixes
  * Merge pull request #14337 from yuwata/network-tc-fq-more
  * sd-netlink: introduce rtnl_resolve_link_alternative_names()
  * udev: sort alternative names
  * networkctl: support alternative name to specify interface
  * network: support alternative name to get bus path for the link
  * Merge pull request #14369 from poettering/pkcs11-cryptsetup-followup
  * Merge pull request #14370 from poettering/homed-preparation-misc
  * sd-netlink: introduce rtattr_append_attribute()
  * network: introduce multipath route
  * test-network: add test case for multipath routing
  * network: introduce AddPrefixRoute= and deprecate PrefixRoute=
  * network: update log message in message_rtnl_process_xyz()
  * network: fix typo
  * network: link should not become configured state during ACD probing
  * test-network: add a test case for DHCPv4.SendDecline=
  * Merge pull request #14407 from ssahani/dhcp-decline
  * bash-completion: move shell-completion for log-level or friends to systemctl
  * network: add one more log message
  * network: add more settings for CoDel
  * test-network: add a test case for CoDel
  * network: bump netlink receive buffer size to 128M
  * sd-netlink: use uint8_t* for non-character data
  * sd-netlink: fix copy and paste mistake
  * meson: drop unnecessary linking of libudev_core
  * network: lower the log-level of harmless message
  * virt: use string table to detect VM or container
  * virt: drop trailing white spaces
  * network: static routes via DHCP gateway
  * test-network: add test for Gateway=DHCP
  * man: drop unnecessary white space
  * networkctl: status command also shows logs of networkd
  * test-network: suppress logs in status command
  * network: append INTERFACE= attributes for logs corresponds to a netif
  * nspawn: set original ifname as alternative if it is truncated
  * udev: do not use exact match of file permission
  * ethtool: introduce ethtool_get_permanent_macaddr()
  * network, udev: introduce PermanentMACAddress= setting in [Match] section
  * networkctl: show permanent mac address if it is not used now
  * Merge pull request #14523 from keszybz/refactorings
  * format-table: introduce TABLE_PATH
  * systemd-mount: use format-table.[ch]
  * systemd-mount: add --no-legend command line option
  * timedatectl: use format-table.[ch]
  * bash-completion: networkctl: support --full and --lines
  * systemd-mount: add --full command line option
  * networkctl: set table width 0 when --full is specified
  * bash-completion: networkctl: do not show ellipsized link name
  * busctl: introduce --full command line option
  * bash-completion: busctrl: support --full command line option
  * machinectl: do not ellipsize table when --full is specified
  * bash-completion: do not ellipsize machine name
  * Merge pull request #13927 from ddstreet/ll_no
  * format-table: add table_log_add_error()
  * analyze: optimize table creation by using table_add_many()
  * machinectl: optimize table creation
  * portablectl: optimize table creation
  * tree-wide: use table_log_add_error()
  * machinectl: do not truncate addresses when --full is specified
  * man: XxxRate= are in bps
  * Merge pull request #14555 from poettering/table-multine
  * strv: introduce strv_compare()
  * format-table: introduce TABLE_STRV
  * networkctl: use TABLE_STRV
  * resolvectl: use format-table.[ch]
  * test-format-table: add tests for TABLE_STRV
  * Merge pull request #14547 from keszybz/networkctl-matching
  * virt: do not define vm_from_string() for non-x86 architecture
  * network,udev: use uint64_t for bit rate
  * network: set dirty flag when link is being reconfigured
  * network: synchronously save state file when link is being reconfigured
  * network: do nothing if link is in pending or linger state on reconfiguring
  * sd-boot: fix typo
  * bootspec: parse random-seed-mode line in loader.conf
  * escape: make cunescape() and cunescape_length() inline
  * escape: introduce UNESCAPE_ACCEPT_NUL flag
  * test: add tests for UNESCAPE_ACCEPT_NUL
  * network: accept NUL character in SendOption=
  * test: drop sector-size line from output of sfdisk
  * unit: add AF_ALG to systemd-networkd.service
  * test-network: fix test_qdisc2()
  * Merge pull request #14689 from poettering/portable-chase-symlink-fix
  * network: fix implicit type conversion warning by GCC-10
  * Merge pull request #14701 from keszybz/homed-fixups
  * dhcp6: do not use T1 and T2 longer than one provided by the lease
  * dhcp6: coding style fixes
  * man: do not install man pages for systemd-repart if it is disabled
  * sd-boot: fix warning about comparison is always true
  * sd-boot: fix -Wpointer-sign warning
  * home: add missing variable initialization
  * homework: fix errno in log_error_errno()
  * user-record-util: add missing error check
  * nspawn: voidify umount_verbose()
  * userdbd: fix memleak
  * user-util: fix use after free() on error path
  * test: also check the result of merge_gid_lists()
  * meson, man: do not install pam_systemd_home(8) when pam or homed is disabled
  * util: add parse_uid_range() helper function
  * network: support UID based routing policy
  * test-network: add test for UID based routing policy
  * Merge pull request #14672 from yuwata/network-routing-policy-uidrange
  * meson: fix feature list
  * util: uid_t, gid_t, and pid_t must be 32bit
  * po: update Japanese translation
  * udev: add {Receive,Transmit}ChecksumOffload= settings
  * journal: drop unreachable path
  * core: call dynamic_user_acquire() only when 'group' is non-null
  * network,radv: make DNS= in [IPv6PrefixDelegation] section take special value 'linklocal'
  * test-network: add a test case for IPv6PrefixDelegation.DNS=linklocal
  * Merge pull request #14761 from keszybz/link-network-no-match
  * network: split TrafficControlQueueingDiscipline section into small pieces
  * Merge pull request #14767 from yuwata/network-split-qdisc-section
  * Merge pull request #14778 from cgzones/split_selinux_logging
  * test-network: use udevd in build directory
  * test-network: add tests for IPv6Token=
  * NEWS: mention SuppressPrefixLength=
  * polkit: remove unused variable
  * sysctl: fix segfault
  * Merge pull request #14800 from keszybz/ask-password-echo
  * selinux: update log message to suppress warning by coverity
  * repart: quit earlier if no .conf file exists
  * Merge pull request #14813 from keszybz/renames-and-null-printf
  * network: rename eui64 to static
  * network: introduce new [QDisc] section to support Parent=ingress
  * network: drop redundant %m
  * network: append period if error message provided by kernel does not contain it
  * network: update log message
  * network: fix ABRT
  * test-network: add more tests for traffic control
  * network: tc: support teql
  * test-network: add test for teql
  * repart: do not quit earlier when --empty=force
  * journal: fix log message
  * network fix parser for IPv6Token=
  * test-network: tentatively stops .socket units for udevd
  * Merge pull request #14836 from yuwata/network-fix-ipv6-token-parser
  * network: fix indentation
  * test-network: add tests for qdisc Handle=
  * Merge pull request #14584 from ssahani/tc-handle
  * Merge pull request #14833 from kpfleming/multiple-ipv6token-addresses
  * network: use VRF's route table if VRF= is set
  * test-network: add one more test case for VRF=
  * userdb: make userdb_all() always set iterator when it returns >= 0
  * Merge pull request #14941 from yuwata/network-vrf-static
  * Merge pull request #14942 from keszybz/rename-homes
  * userdb: fix memleak
  * po: update Japanese translation of "home area"
  * userdb: drop unnecessary goto
  * userdb: make groupdb_all() always set iterator when it returns >= 0
  * Merge pull request #14953 from yuwata/userdb-fix-groupdb
  * network: remove redundant %m in error message
  * udevadm: show more error message during exporting database
  * conf-parser: fix line number in error message
  * network: assume Scope=host when Address= is loopback address
  * network: fix typo in comment
  * Merge pull request #14979 from keszybz/enable-pstore-by-default
  * homed: fix typo
  * test-network: add a test case for [IPv6Prefix] Assign=yes
  * Merge pull request #14966 from keszybz/journalctl-facilities
  * resolve: error handling improvements
  * test-network: add a test case for [DHCPv4] UseRoutes=no
  * Merge pull request #14983 from ssahani/dhcp-use-routes-14982
  * Merge pull request #14990 from keszybz/nss-homed-fix
  * test-network: remove unnecessary dummy interface
  * network: tc: make Parent= take class id
  * network: tc: support Hierarchy Token Bucket (HTB)
  * test-network: add a test case for HTB
  * network: introduce TrafficControlKind to prepare for supporting tc class
  * sd-netlink: introduce sd_rtnl_message_new_tclass() and friends
  * network: introduce struct TClass to prepare for supporting tc class
  * network: tc: support HTB class
  * test-network: add test case for HTB class
  * test-network: add a test case for PFIFO
  * test-network: add a test case for GRED
  * test-network: add a test case for sfb
  * test-network: add a test case for CAKE
  * network: make Type=ether match based on iftype
  * Merge pull request #14991 from yuwata/man-fix-typo
  * make namespace_flags_to_string() not return empty string
  * pid1, nspawn: voidify loopback_setup()
  * Merge pull request #15023 from keszybz/network-generator-man
  * Merge pull request #15013 from systemd/systemctl-list-dependencies
  * execute: Fix migration from DynamicUser=yes to no
  * test: add a test case for migrating DynamicUser=yes to no
  * Merge pull request #15022 from keszybz/make-units-remain-after-exit
  * network: add setting to support RA without DHCPv6 client
  * udev: support to update flow control parameter
  * Merge pull request #14890 from yuwata/network-tc-next
  * linux: add can/netlink.h
  * Merge pull request #15038 from lucaswerkmeister/docs
  * Merge pull request #15036 from yuwata/can-termination-mod
  * test-network: add test case for PIE
  * network: tc: introduce DRR class
  * test-network: add a test case for DRR
  * test-network: add a test case for BFIFO
  * test-network: add a test case for PFIFOHeadDrop
  * test-network: add a test case for PFIFOFast
  * test-network: add a test case for HHF
  * Merge pull request #15084 from yuwata/network-tc-next
  * network: rename type name to ProportionalIntegralControllerEnhanced
  * man: use include directive for Parent= or friends
  * linux: update headers from v5.6
  * Merge pull request #15095 from yuwata/tc-tiny-fixes
  * Merge pull request #15104 from ssahani/networkctl-qdisc
  * network: add a flag to ignore gateway provided by DHCP server
  * test-network: add a test case for DHCPv4.UseGateway=no
  * network: can: add support for listen-only mode
  * network: do not re-attach sd-event object
  * Merge pull request #15143 from ssahani/networkctl-tunnel-geneve
  * Merge pull request #15619 from ddstreet/ignore_carrier_loss_default
  * Merge pull request #15930 from poettering/udev-no-lock-warn
  * Merge pull request #15956 from poettering/news-v246
  * Merge pull request #15942 from poettering/pass-pktinfo
  * Merge pull request #15944 from poettering/sd-path-fixups
  * Merge pull request #15911 from poettering/unit-name-tighten
  * network: clean up doubled white space
  * network: fix memleaks
  * Merge pull request #15884 from ssahani/dhcpv6-vendor
  * Merge pull request #15982 from keszybz/shell-completion-and-help
  * network: wireguard: set ListenPort= when no peers are configured
  * test-network: add test for wireguard without peers
  * network: fix double free in macsec_receive_channel_free()
  * network: do not propagte error on stat()
  * network: also read mtime of drop-in configs
  * Merge pull request #15991 from keszybz/uids-gids-only-decimal
  * network: use uint32_t instead of unsigned for route priority
  * network: add DHCPv6.RouteMetric=
  * network: set both dhcp_route_metric and dhcp6_route_metric by DHCP.RouteMetric= for backward compatibility
  * network: move DHCPv6 related conf parsers to networkd-dhcp6.c
  * network: drop an unused function
  * Merge pull request #16048 from poettering/conf-parser-mtime
  * network: tc: introduce [QuickFairQueueingClass] section
  * test-network: add tests for QFQ
  * network: read driver name from ethtool
  * Merge pull request #15171 from ssahani/tc-qfq
  * Merge pull request #16057 from keszybz/resolvectl-sorted-no-nta
  * network: make link become configured state when at least one dynamic protocol provide an address
  * network: introduce IPv4AcceptLocal= setting
  * test-network: add test for IPv4AcceptLocal=
  * Merge pull request #16085 from ssahani/network-client-id
  * test-network: wait 2min for the bridge being in configured state
  * network: tc: add more settings for HTB
  * test-network: add tests for HTB settings
  * udev: fix error handling of sd_device_get_parent()
  * udev: udev_event_apply_format() always make buf NUL terminated
  * network: drop casting in memcpy()ing IPv6 address
  * network: do not fail to configure non-nl80211 wifi interfaces
  * sd-netlink: add netlink properties of Enhanced Transmission Selection (ETS)
  * network: tc: introduce Enhanced Transmission Selection (ETS)
  * test-network: add tests for ETS
  * network: drop unnecessary "&"
  * network: add missing break
  * libsystemd-network: move prototypes of dhcp_lese_save/load() to network-internal.h
  * networkctl: load DHCPv4 lease file and use timezone data from the lease file
  * networkctl: use lease file to get DHCPv4 address
  * networkctl: use lease file to get DHCPv4 client ID
  * sd-network: drop unused functions
  * network: drop duplicated information from link state file
  * dhcp: fix entry name in parsing lease file
  * network: check that received ifindex is valid
  * network: fix assertion in link_get()
  * network: do not update operstate when netdev is not ready
  * network: fix typo in comment
  * network: deprecate netdevsim support in .netdev config
  * test-network: remove unused config
  * util: add missing header guard
  * shell-completion: add missing verbs for networkctl
  * NEWS: add several entries about networkd
  * network: move IPv6LinkLocalAddressGenerationMode= to [Network] section
  * NEWS: minor fixes
  * backlight: use SYNTHETIC_ERRNO() macro
  * backlight: call log_setup_service() before logging
  * backlight: read current backlight brightness from 'actual_brightness' attribute
  * Merge pull request #16316 from yuwata/backlight-use-actual-brightness
  * network: add VLANProtocol= setting in [SR-IOV] section
  * network: add MACAddress= setting in [SR-IOV] section
  * test-network: add tests for SR-IOV
  * Merge pull request #16303 from poettering/dbus-util-split
  * doc: add recentry introduced transient settings
  * dhcp6, radv: only accept valid ifindex
  * libsystemd-network: rename index -> ifindex
  * util: use setsockopt_int() at one more place
  * resolve: use appropriate type
  * Merge pull request #16219 from ssahani/network-sr-iov
  * NEWS: update document about WithoutRA=
  * network: tc: rename several settings which take size in bytes
  * NEWS: WithoutRA= is not a boolean option anymore
  * NEWS: mention .network [SR-IOV] section
  * sd-device: make FOREACH_DEVICE_SYSATTR() list attributes in subdirectories
  * udevadm: sort entries in `udevadm info -a` by attribute name
  * Merge pull request #16287 from yuwata/udevadm-info-attribute-walk
  * Merge pull request #16374 from keszybz/docs-and-networkd
  * network: fix indentation
  * network: decrease indentation level
  * network: always update acquired prefix route
  * dhcp4: do not renew address if client is not running yet
  * dhcp4: do not try to renew address when client has no lease
  * Revert "network: Don't send RA with zero router lifetime when restarting radv"
  * network: fix indentation
  * network: do not restart radv engine when adding prefix
  * network: fix memleak
  * network: introduce own address handler for dhcp6 delegated prefix
  * network: make address_handler() static
  * Merge pull request #16379 from yuwata/network-dhcp6-delegated-prefix-address-handler
  * sd-device: use log_device_debug_errno()
  * Merge pull request #16411 from ddstreet/bridge_without_carrier_fails
  * NEWS: mention source mode for MACVLAN or MACVTAP
  * Merge pull request #16435 from gaoyi1988/master
  * network: set dhcp6_xxx_configured flag after routes/addresses are assigned
  * network: include error code in the log message
  * network: add a debugging log
  * network: make link_request_set_nexthop() static
  * test-network: set IPv6AcceptRA=no if no dynamic addresses are not required
  * test-network: check assigned address is not tentative state
  * network: add debugging log why link is not in configured state yet
  * test-network: wait for addresses are not in tentative state
  * network: ndisc: do not ignore remaining addresses
  * network: ndisc: split ndisc_configured flag into for addresses and routes
  * network: do not make link in configured state when no address is assigned
  * network: make link_request_set_nexthop() called from link_request_set_routes() or route_handler()
  * network: do not call link_check_ready() in link_request_set_routing_policy_rule()
  * network: dhcp4: do not assign new address before old one is not removed
  * network: free address when it is removed
  * network: drop doubled white space
  * network: dhcp4: also release old lease in dhcp_lease_lost()
  * network: dhcp4: fix another race with SendDecline=yes
  * network: dhcp4: add two warnings
  * dhcp4: only renewing lease when the client already has a lease
  * Merge pull request #16482 from poettering/coverity-246
  * network: downgrade log level in conf parsers
  * network: radv: clean up conf parsers
  * network: ndisc: any failures in processing event make the link in failed state
  * timedatectl: do not show (null) if the address of NTP server is not resolved
  * Merge pull request #16490 from yuwata/network-radv-ndisc-cleanups
  * netlink: introduce rtnl_get/delete_link_alternative_names()
  * netlink: do not fail when new interface name is already used as an alternative name
  * udev: do not try to reassign alternative names
  * network: do not enumerate routes if ManageForeignRoutes=no
  * network: update debug log when foreign routes are received with ManageForeignRoutes=no
  * network: introduce address_exists() helper function
  * network: replace NDISC -> NDisc in log messages
  * Merge pull request #16476 from keszybz/qemu-autosuspend-rules
  * Merge pull request #16512 from keszybz/offline-passwd-altfiles
  * sd-netlink: make timeout message sealed
  * networkctl: sort alternative names
  * networkctl: do not ignore -EOPNOTSUPP when reading netlink message
  * radv: introduce sd_radv_is_running()
  * network: stop already running engines before updating MAC address
  * Merge pull request #16518 from yuwata/network-fix-failure-in-updating-mac-address
  * resolve: propagate error in link_load_user()
  * util: introduce in_addr_port_ifindex_name_from_string_auto() and in_addr_port_ifindex_name_to_string()
  * util: introduce 'struct in_addr_full' and its helper functions
  * resolve: ignore empty server name
  * resolve: support port specifier in DNS= setting
  * resolve: also compare port and SNI in dns_server_find()
  * resolve: compare port and SNI in dns_server_hash_ops
  * resolve: read/save port number and SNI from/into link state file
  * network: support port number and SNI in [Network] DNS=
  * network: do not save DNS= entries not match link ifindex
  * network: save DNS servers specified by DBus interface
  * network: add DBus method to set DNS server with port number and SNI
  * resolve: add DBus method to set DNS server with port number and SNI
  * resolve: add DBus properties which support DNS SNI and port number
  * resolvectl: make DNS servers can be specified with port number and SNI
  * resolvectl: show DNS servers with port and SNI
  * test-network: add tests for DNS= with port number and SNI
  * util: drop duplicated inclusion of sd-bus.h
  * util: introduce helper functions to read in_addr from bus message
  * util: introduce bus_mesage_read_dns_servers()
  * util: introduce bus_message_read_ifindex()
  * network, resolve: use bus_message_read_ifindex() or friends
  * resolvectl: use bus_message_read_in_addr_auto()
  * man: update explanation about the format to specify DNS servers
  * network: update one log message
  * udev: save ID_RENAMING= property to database before renaming network interface
  * udev: drop unnecessary checks
  * util: make siphash24_compress_boolean() inline
  * util: introduce siphash24_compress_string()
  * tree-wide: use siphash24_compress_string() where it is applicable
  * network: introduce link_save_and_clean()
  * network: make bus methods sync link state file
  * test-network: drop unnecessary sleep() in NetworkdStateFileTests.test_state_file
  * util: use IN6_ARE_ADDR_EQUAL() macro
  * network: ndisc: do not store duplicated data in Set
  * network: ndisc: ignore duplicated IPv6Token=
  * test-network: add test for duplicated IPv6Token=
  * test: clarify that ordered_set_put() returns -EEXIST if entry is duplicated
  * network: compare with peer address if it is specified
  * Merge pull request #16567 from keszybz/more-news
  * Merge pull request #16566 from poettering/nspawn-osrelease-fixes
  * resolvectl: fix older resolved or networkd support to set DNS servers
  * network: add debug log for configuring address
  * test-network: add tests for prefix routes
  * network: introduce callback called when an address becomes ready
  * network: make link enter failed state if address_update() failed
  * network: ndisc: do not set configured flags when addresses or routes are not assigned yet
  * network: make link_check_ready() return earlier if the link is not in 'configuring' state
  * network: set key destructor in several hash_ops
  * network: make address/route_configure optionally return created Address/Route object
  * network: dhcp4: release old lease after the new address become ready
  * network: ndisc: remove old addresses and routes after at least one SLAAC address becomes ready
  * network: ndisc: also remove old DNSSL or RDNSS records after an SLAAC address is ready
  * network: rename ipv4ll_address -> ipv4ll_address_configured
  * network: dhcp6: drop addresses and delegated prefixes on client stop
  * network: check at least one dynamic address is assigned when DHCP is enabled
  * network: do not assume static addresses are configured
  * network: update address infomation even if link is in failed or linger state
  * network: make RADVPrefixDelegation enum bitfield
  * network: rename settings about DHCPv6 Prefix Delegation
  * NEWS: mention about [DHCPv6PrefixDelegation] section
  * network: fix use of uninitialized value
  * network: only process non-error message
  * network: drop unnecessary bracket
  * network: wait for previous address removal before configuring static addresses
  * network: do not fail if UseMTU=yes on DHCP lease lost
  * test-network: add a test case for reconfiguring routing policy rules
  * man: fix invalid tag place
  * networkctl: label command does not take any argument
  * man: clarify that several networkctl commands takes device names
  * core: clear bind mounts on error
  * journal: fix divide-by-zero warning
  * network: dhcp6: logs only new address
  * network: move routing_policy_rule_read_full_file()
  * network: downgrade error level when the error is ignored
  * network: add whitespace after family= and priority= in serialized routing policy rule
  * network: serialize InvertRule= in [RoutingPolicyRule]
  * network: do not reallocate buffer
  * network: honor already specified family when parsing from= or to= in serialized rule
  * network: logs about unknown key
  * network: voidify return value of sd_ipv4acd_stop()
  * sd-ipv4acd: do not call callback in sd_ipv4acd_stop() when it is already stopped
  * network: dhcp4: stop IPv4ACD before assigning new address
  * sd-ipv4acd: introduce sd_ipv4acd_get_address()
  * network: dhcp4: reset counter only when the lease address is new
  * network: configure DHCP routes after DHCP address is ready
  * man: mention that 'networkctl reconfigure' does not reload configs
  * resolvectl: add 'log-level' to help message
  * bash-completion: resolvectl: support 'log-level' command
  * network: fixes gateway assignment through DHCPv4
  * sd-bus: use _cleanup_free_ macro in sd_bus_error_set_errnofv()
  * test: add tests for sd_bus_error_set_errnof()
  * man: update DNSStubListenerExtra=
  * resolve: rename dns_stub_extra_event_source -> event_source
  * resolve: make DnsStubListenerMode bitfield
  * resolve: Manager::dns_stub_listener_mode is not relevant to extra stub listeners
  * resolve: set DNS_STUB_LISTENER_YES if no protocol is specified in DNSStubListenExtra=
  * resolve: stop extra stub listners before freeing information about them
  * util: introduce in_addr_port_from_string_auto()
  * util: make in_addr_ifindex_to_string() an alias of in_addr_port_ifindex_name_to_string()
  * util: introduce in_addr_port_to_string()
  * test: move several tests from test-socket-util.c
  * test: add tests for in_addr_port_from_string_auto()
  * util: introduce SOCKADDR_LEN() macro
  * resolve: fix indentation
  * resolve: use in_addr_union to store addresses for extra dns stub listeners
  * util: drop unused socket_addr_port_from_string_auto()
  * missing: add IPV6_FREEBIND
  * resolve: do not set IP_TTL for extra DNS stub listeners
  * resolve: do not set IPv4 specific options on IPv6 socket
  * resolve: adjust error messages
  * resolve: introduce dns_stub_listener_extra_free() and set it as a key destructor
  * resolve: use sd_event_source_set_io_fd_own() for stub listners
  * resolve: do not check sender and destination for packet received by extra DNS stub listner
  * resolve: use correct fd for UDP stub listner
  * util: constify the second argument of set_get()
  * util: expose in6_addr_{hash,compare}_func()
  * network: expose address_{hash,compare}_func()
  * network: expose route_{hash,compare}_func()
  * network: fix NDisc handling for the case when multiple routers exist
  * network: make prefixstable mode of IPv6Token= can be applied to any received prefixes
  * test-network: add test for IPv6Token=prefixstable
  * udev: make log_rule_error() or friends return void
  * udev: return negative errno for invalid EVDEV_ABS_XXX= property
  * udev: explicitly specify return value
  * sd-device: make log_device_error() or friends return void
  * udev: do not discard const qualifier
  * core/slice: explicitly specify return value
  * core: make log_unit_error() or friends return void
  * network: make log_link_error() or friends return void
  * network: ignore error on increasing netlink receive buffer size
  * util: refuse to set too large value for socket buffer size
  * util: try to set with SO_{RCV,SND}BUFFORCE when requested size is larger than the kernel limit
  * util: introduce fd_set_{snd,rcv}buf()
  * sd-device-monitor: use fd_set_rcvbuf()
  * core/socket: use fd_set_{rcv,snd}buf()
  * network: honor the buffer size specified in networkd.socket
  * network: do not start device monitor if /sys is read-only
  * network: increase receive buffer size for device monitor
  * udev: warn if failed to set buffer size for device monitor
  * udev: fix indentation
  * network: unify config_parse_wireguard_public_key() and config_parse_wireguard_preshared_key()
  * network: do not ignore OOM error in wireguard_decode_key_and_warn()
  * network: use _cleanup_ attribute at one more place
  * network do not ignore OOM error in config_parse_macsec_key_id()
  * network: slightly update log message
  * ethtool: downgrade log level when the error will be ignored
  * vlan: downgrade error level if the error will be ignored
  * xdg-autostart-generator: downgrade error level when the error will be ignored
  * timesync: downgrade error level when the error will be ignored
  * conf-parser: use SYNTHETIC_ERRNO() at one more place
  * conf-parser: logs about OOM error
  * resolve: check DNSSD service name template before assigning it
  * resolve: downgrade error level when the error will be ignored
  * repart: downgrade log level
  * nspawn: downgrade log level if the error will be ignored
  * login: downgrade log level if the error will be ignored
  * journal: downgrade log level
  * homed: downgrade log level
  * core: downgrade error level and ignore several non-critical errors
  * network: update log message for rtnl messages
  * network: also logs priority of routing policy rules
  * network: add debug log for removing routing policy rules
  * network: do not assign return value if the parse_fwmark_fwmask() fails
  * network: fix the default mask for FirewallMark=
  * network: also process RTM_NEWRULE or RTM_DELRULE message which does not contain src and dst addresses
  * network: replace FRA_IFNAME -> FRA_IIFNAME
  * test-network: update tests for issue #16784
  * sd-device: introduce sd_device_set_sysattr_valuef()
  * backlight: do not claim that ID_BACKLIGHT_CLAMP= property is not set
  * backlight: validate read sysattr value
  * test-network: add test for ENOBUFS issue #17012
  * network: do not add prefix to RA if radv is not configured
  * Merge pull request #17055 from keszybz/two-coverity-fixes
  * Merge pull request #16976 from keszybz/systemctl-service-log-levels
  * core/device: remove .device unit corresponding to DEVPATH_OLD
  * ethtool: constify arguments for ethtool_set_xxx()
  * udev: split link_config_apply() into small pieces
  * Revert "udev: import the full db on MOVE events for devices without dev_t"
  * udev: re-assign ID_NET_DRIVER=, ID_NET_LINK_FILE=, ID_NET_NAME= properties on non-'add' uevent
  * udev: allow to match OriginalName= with renamed interface name
  * udev: do not update return value on failure
  * udev: merge rules for bluetooth device
  * test: add test for device renaming issue #16967
  * Merge pull request #16998 from zonque/networkd/mdb
  * core: use strv_free_and_replace() at one more place
  * Merge pull request #17066 from keszybz/allow-loopback-addresses
  * network: move functions in networkd-mdb.c
  * network: drop unnecessary headers
  * in-addr-util: introduce in6_addr_is_link_local_all_nodes()
  * in-addr-util: introduce in4_addr_is_local_multicast()
  * network: check MulticastGroupAddress= is neither a local multicast address nor all nodes address
  * network: drop [BridgeMDB] entries if Bridge= is not set
  * network: configure bridge MDB entries after bridge has carrier
  * network: add debug message for configuring MDB entries
  * test-network: add test for [BridgeMDB] section
  * Merge pull request #17059 from yuwata/network-mdb-follow-ups
  * util: wireguard is merged into upstream kernel
  * util: update kernel headers (v5.9-rc5)
  * network: refuse to configure IPv4LL for bareudp netdev
  * test-network: add test for Independent= for vxlan
  * test-network: add tests for BareUDP netdev
  * network: tc: refuse to set 0 for FlowQueuePIE.PacketLimit=
  * test-network: add tests for FQ-PIE
  * network: allow to configure bridge MDB entries on bridge master
  * network: old kernel may not support to configure bridge MDB entries on bridge master
  * test-network: add test for bridge MDB entries on bridge master
  * Merge pull request #17073 from ssahani/vxlan
  * Merge pull request #16929 from ssahani/network-bare-udp
  * po: update Japanese translation
  * Merge pull request #15050 from ssahani/fq-pie
  * test: add test cases for RuntimeDirectoryPreserve=yes
  * shared/linux: update ethtool.h
  * ethtool: convert underscore to hyphen
  * ethtool: add several new link modes
  * network: limit InitialCongestionWindow= and InitialAdvertisedReceiveWindow= value
  * man: update InitialCongestionWindow= and InitialAdvertisedReceiveWindow=
  * udevadm: do not ignroe error caused by unpriviledged user invoking the command
  * network: move link_request_set_routing_policy()
  * network: make several functions static
  * network: drop routing_policy_rule_make_local()
  * network: reduce scope of variables
  * udevadm: ignore -ENODEV on trigger
  * network: add more logs on loading routing policy rules failure
  * network: make routing_policy_rule_free() returns NULL
  * network: do not duplicate rule if Family=both
  * network: drop list of static routing policy rules
  * network: move log_message_warning_errno() to networkd-util.h
  * sd-netlink: fix typo and make netlink_add_match() take description
  * network: use typesafe macro netlink_add_match()
  * network: move manager_rtnl_process_rule() to networkd-routing-policy-rule.[ch]
  * network: make routing_policy_rule_new() static
  * network: introduce network_verify_routing_policy_rules()
  * network: drop unused element
  * network: add missing "else"
  * network: specify all known attributes when removing routing policy rules
  * network: introduce helper function to enumerate information using netlink
  * network: move link_request_set_nexthop() to networkd-nexthop.c
  * network: move manager_rtnl_process_nexthop() to networkd-nexthop.c
  * network: make several functions static
  * network: drop unused nexthop_remove() and nexthop_equal()
  * network: drop list of static nexthops
  * network: cleanup headers included in networkd-nexthop.h
  * network: slightly shorten nexthop_compare_func()
  * network: drop NextHop::oif and always use link ifindex
  * network: use log_link_xxx() at more places
  * sd-netlink: introduce netlink_message_read_in_addr_union()
  * network: use netlink_message_read_in_addr_union()
  * network: introduce network_verify_nexthops()
  * network: move functions
  * network: move link_request_set_neighbors() to networkd-neighbor.c
  * network: move manager_rtnl_process_neighbor() to networkd-neighbor.c
  * network: drop list of static neighbors
  * network: make neighbor_{add,get}() takes Neighbor object
  * network: make several functions static
  * network: drop unused arguments
  * network: cleanup headers in networkd-neighbor.[ch]
  * network: introduce neighbor_drop_{,foreign_}neighbors()
  * network: introduce network_verify_neighbors()
  * network: make neighbor_free() return NULL
  * network: drop list of static address labels
  * network: make address_label_free() return NULL
  * network: introduce network_verify_address_labels()
  * network: introduce link_set_address_labels()
  * network: cleanup networkd-address-label.h
  * network: make fdb_entry_free() return NULL
  * network: drop list of bridge FDB entries
  * network: move link_set_bridge_fdb()
  * network: introduce network_verify_fdb_entries()
  * network: drop unused fdb_ntf_flags_to_string()
  * network: cleanup networkd-fdb.h
  * network: move mdb_entry_free() and friends
  * network: drop list of bridge MDB entries
  * network: introduce network_verify_mdb_entries()
  * network: cleanup networkd-mdb.h
  * network: move functions
  * network: drop struct IPv6ProxyNDPAddress
  * network: rename ipv6_proxy_ndp_addresses_configure() -> link_set_ipv6_proxy_ndp_addresses()
  * network: drop networkd-ipv6-proxy-ndp.h from networkd-network.h
  * network: propagate errors in ipv6_proxy_ndp_set()
  * network: warn if IPv6ProxyNDPAddress= is set and IPv6ProxyNDP= is disabled
  * network: make prefix_free() and route_prefix_free() return NULL
  * network: drop redundant list of prefixes and route prefixes
  * network: also check route prefixes are configured
  * network: introduce network_verify_prefix() and network_verify_route_prefix()
  * network: cleanup networkd-radv.h
  * network: fix indentation
  * network: make network_get_ipv6_dns() always set return value on success
  * network: move link_request_set_routes()
  * network: move manager_rtnl_process_route()
  * network: make route_free() return NULL
  * network: introduce link_drop_foreign_routes()
  * network: introduce link_drop_routes()
  * network: introduce link_deserialize_routes()
  * network: introduce link_serialize_routes()
  * network: introduce network_verify_routes()
  * network: make several functions static
  * network: introduce hashmap_find_free_section_line()
  * network: drop list of static routes
  * network: cleanup networkd-route.h
  * network: introduce link_set_addresses()
  * network: introduce link_drop_foreign_addresses()
  * network: introduce link_drop_addresses()
  * network: move manager_rtnl_process_address()
  * network: update log messages
  * network: introduce network_verify_addresses()
  * network: introduce link_serialize_addresses()
  * network: introduce link_deserialize_addresses()
  * network: move link_configure_ipv4_dad()
  * network: introduce link_stop_ipv4_dad()
  * network: make address_free() return NULL
  * network: drop list of static addresses
  * network: manage addresses from pool by Set
  * network: make several functions static
  * network: header cleanup
  * network: move functions related to address pool
  * network: drop unused argument
  * network: manage address pools by OrderedSet
  * network: move link_get_xxx_route_table()
  * network: unify link_dhcp{4,6}_enabled()
  * network: unify link_ipv{4,6}_forward_enabled()
  * network: move link_ipv6_accept_ra_enabled()
  * network: move link_dhcp4_server_enabled()
  * network: move link_radv_enabled()
  * network: move DUID related functions
  * network: merge link_set_bridge_vlan() and br_vlan_configure()
  * network: move link_configure_traffic_control()
  * network: introduce network_verify_traffic_control()
  * network: move link_configure_sr_iov()
  * network: introduce network_verify_sr_iov()
  * network: introduce link_deserialize_dhcp4()
  * network: introduce link_deserialize_ipv4ll()
  * network: introduce link_serialize_ipv4ll()
  * network: introduce link_serialize_dhcp6_client()
  * network: introduce ipv4ll_update_mac()
  * network: introduce dhcp4_update_mac()
  * network: introduce dhcp6_update_mac()
  * network: introduce radv_update_mac()
  * network: move sysctl related functions to networkd-sysctl.c
  * network: drop unused function
  * network: move link_enumerate_ipv6_tentative_addresses()
  * network: check feature is enabled in xxx_configure()
  * network: use sd_event stored in Manager
  * network: fix indentation
  * network: do not update Address::flags in address_configure()
  * network: introduce address_copy()
  * network: constify one argument
  * network: configure IPv4 DAD per link address
  * network: update MAC address in IPv4 ACD clients
  * network: always use RT_SCOPE_HOST for IPv4 loopback addresses
  * network: fix masquerade setting logic
  * network: rename network_verify_xxx() -> network_drop_invalid_xxx()
  * test-network: drop duplicated address
  * test-network: add missing file in the list
  * test-network: disable RA in test_sriov
  * test-network: add a missing netdev in the list
  * test-network: also remove IPv6 rules
  * Merge pull request #17240 from yuwata/network-cleanup
  * meson: add missing files
  * basic: import linux/ipv6_route.h
  * network: set default priority for IPv6 routes
  * test-network: drop meaningless Scope= settings in the config
  * network: ignore Scope= for IPv6 routes as it will not be used
  * network: also manage routes without RTA_OIF attribute
  * sd-netlink: fix type of RTA_VIA
  * network: support IPv4 route with IPv6 gateway
  * test-network: add a test case for IPv4 route with IPv6 gateway
  * network: constify arguments
  * network: free Route object when route_remove() fails
  * sd-netlink: introduce rtattr_read_nexthop()
  * sd-netlink: introduce sd_netlink_message_read_data()
  * network: manage multipath routes separately
  * util: make local_gateways() support RT_VIA and RT_MULTIPATH
  * test-network: do not fail when multiple ipv6 default gateways are configured
  * network: introduce Gateway=_dhcp4 and _dhcp6, and deprecate "_dhcp"
  * network: make Gateway= in [Route] section accept an empty string
  * network: introduce IPV4_ADDRESS_FMT_STR macro
  * Merge pull request #17271 from yuwata/network-route-improve-multipath-route-support
  * network: directly compare with in_addr element for IPv4 case
  * network: read peer address, label, broadcast from rtnl message
  * network: constify arguments
  * test-network: add test for issue #17304
  * hashmap: introduce {hashmap,set}_put_strdup_full()
  * util: introduce two trivial hash_ops
  * sd-device: use trivial_hash_ops_free_free for managing match sysattrs or properties
  * sd-dhcp-client: make sd_dhcp_client_set_request_option() not return -EEXIST
  * network: drop unused condition
  * network: voidify link_stop_clients() in link_enter_failed()
  * network: move IPv4ACD client for DHCPv4 from Network to Link object
  * network: stop IPv4ACD client for DHCPv4 when lease is exprired
  * network: also stop IPv4ACD client in link_stop_clients()
  * network: update MAC address in IPv4ACD client for DHCP4
  * network: start dynamic addressing clients like DHCP after setting netdevs
  * Merge pull request #17341 from yuwata/sd-dhcp-client-fix-eexist-issue-16964
  * Merge pull request #17342 from yuwata/network-dhcp-ipv4-acd-fixes
  * network: rename gateway_from_dhcp -> gateway_from_dhcp_or_ra
  * network: rename Gateway=_dhcp6 -> Gateway=_ipv6ra
  * network: when Gateway=_dhcp, assume gateway family based on other settings
  * network: determine a [Route] section will be used or not by gateway family instead of route family
  * network: when Gateway=_dhcp4, set several properties based on lease if they are not explicitly specified
  * network: introduce network_adjust_ipv6_accept_ra()
  * network: introduce network_adjust_dhcp()
  * network: warn if dynamic gateway is specified but corresponding protocol is disabled
  * test-network: do not use deprecated value
  * libsystemd-network: do not request each daemon exist in sd_xxx_stop()
  * network: drop conditions to check existence of each engine
  * network: voidify sd_ipv4acd_stop() at one place
  * network: drop unnecessary conditions
  * network: stop DHCPv4 server in link_stop_clients()
  * network: also stop LLDP client in link_stop_engines()
  * network: move link_lldp_emit_stop() to link_free_engines()
  * network: also unref IPv4 ACD clients in Address objects
  * Merge pull request #17317 from yuwata/network-gateway-dhcp4-ra
  * Merge pull request #17361 from keszybz/oomd-introspection-stub
  * Merge pull request #17363 from keszybz/oomd-meson-and-news
  * network: use string_hash_ops_free for search domains
  * network: clear DNS and domains for RA when an empty string is assigned
  * network: introduce network_adjust_radv()
  * network: sort and rename elements in Network object
  * network: drop static prefixes and static route prefixes earlier if IPv6PrefixDelegation=no or dhcpv6
  * network: introduce DHCPv6PrefixDelegation= setting
  * network: introduce Announce= in [DHCPv6PrefixDelegation]
  * network: rename IPv6PrefixDelegation= to IPv6SendRA=
  * fuzz: move DNSDefaultRoute= setting to [Network] section
  * man: update documents about IPv6 RA and DHCPv6-PD
  * test-network: use new IPv6SendRA= setting
  * Merge pull request #17390 from keszybz/logind-notifications-and-links
  * Merge pull request #17352 from msekletar/ens-names-fix
  * Merge pull request #16939 from Rahix/robust-first-boot-machine-id
  * network: make route_configure() return 0 on success
  * network: copy multipath route element earlier
  * network: also compare and hash weight of the gateway
  * network: call netlink in the last of route_configure()
  * udevadm: also support alias .device units to specify devices
  * Merge pull request #17357 from yuwata/network-dhcp6-pd-announce-17353
  * network: fix typo
  * network: ignore error in writing proxy_ndp
  * network: link may be NULL
  * network: specify route type in route_remove()
  * network: drop routes managed by Manager when link is removed
  * test-network: add tests for routes managed by Manager
  * Merge pull request #17429 from keszybz/revert-17188
  * Revert "sd-dhcp-client: use asynchronous_close()"
  * tree-wide: fix typos found by Fossies codespell report
  * test-network: add a test case for DNSSL in RA
  * network: set previous DHCP4 address in link->addresses_foreign
  * network: drop dhcp4_init()
  * network: mention that the error will be ignored
  * network: always enable sysctl property promote_secondaries
  * network: downgrade log level in dhcp4_configure()
  * sysctl-util: truncate newline in read value
  * network: use sysctl_read_ip_property() where applicable
  * network: do not serialize/deserialize ipv4ll address
  * network: do not serialize/deserialize addresses
  * network: do not serialize/deserialize routes
  * network: drop link_load()
  * libsystemd-network: downgrade log level in conf parsers
  * libsystemd-network: make conf parsers accept an empty string
  * network: move config_parse_bridge_port_priority()
  * udev: move config_parse_ifalias()
  * libsystemd-network: move config_parse_hwaddr() and config_parse_hwaddrs()
  * sd-network: move link_get_type_string()
  * net-condition: move net_match_config() and related conf parsers
  * conf-parser: fix indentation
  * sd-network: move net_get_unique_predictable_data() and net_get_name_persisten()
  * tree-wide: drop unnecessary inclusion of network-internal.h
  * meson: drop libsystemd_network from several binaries
  * net-condition: introduce struct NetMatch
  * journalctl: drop format_journal_url() if gcrypt is not used
  * Merge pull request #17399 from afq984/udev-escaped-string
  * license: LGPL-2.1+ -> LGPL-2.1-or-later
  * license: GPL-2.0+ -> GPL-2.0-or-later
  * home: fix copy-and-paste mistake
  * sd-bus: fix possible division by 0
  * core: reduce scope of variants
  * network: make default router lifetime to 30min
  * sd-radv: router lifetime is uint16_t
  * sd-radv: refuse to set preference except medium when router lifetime is zero
  * network: convert router lifetime from usec_t to uint16_t
  * ethtool: add several assertions
  * ethtool: make ethtool_get_driver() return -ENODATA if ioctl succeeds but driver name is empty
  * core: add missing oom check
  * sd-bus: drop redundant abs()
  * journal: refuse skip parameter for sd_journal_next_skip() larger than INT_MAX
  * Merge pull request #17567 from keszybz/various-small-cleanups
  * man: add missing period
  * man: mention that sd_bus_call() may return a negative errno mapped from D-Bus error reply
  * man: fix tag
  * man: append parentheses for function name
  * man: set constant tag to NUL or NULL
  * license: LGPL-2.1+ -> LGPL-2.1-or-later
  * Merge pull request #17583 from systemd/oomd-and-user-slices
  * tree-wide: fix "a the" or "the a"
  * man: fix typo
  * test: fix typo
  * meson: do not build fuzzers when fuzz-tests=false
  * ci: also set -Dfuzz-tests=true if -Dslow-tests=true
  * bpf: do not call log_oom() in library function
  * io-util: do not call log_oom() in library functions
  * systemctl: always show underline even if unit has no job ID
  * systemctl: use unsigned for job_count
  * systemctl: fix minor coding style issue
  * man: add missing <para> tag, and drop redundant ">"
  * man: fix prototpe of sd_bus_message_peek_type()
  * Merge pull request #17600 from yuwata/drop-log-oom
  * missing: define several syscall numbers for MIPS arch
  * network: honor M or O flag in RA even if IPv6AcceptRA.DHCPv6Cleint=always
  * sd-dhcp6-client: insert spaces around ternary operator
  * meson: use "_" as separator in test names
  * Merge pull request #17619 from yuwata/network-ndisc-dhcp6-client-always
  * udev: use FOREACH_DEVICE_TAG() macro at one more place
  * meson: fix build tests for c++14 and c++17
  * man: mention that FirewallMark= optionally takes firewall mask
  * NEWS: add several entries for networkd
  * man: DHCPv6PrefixDelegation= is disabled by dafault
  * NEWS: slightly fix explanation about oomd
  * resolve: wrap long line
  * resolve: add a short comment about difference between dnssd_render_instance_name() and config_parse_dnssd_service_name()
  * resolve: make config_parse_dnssd_service_name() accepts an empty string
  * resolve: ignore invalid service template name
  * sd-device: drop unwanted newline in netlink message
  * man,NEWS: fix "the the"
  * tree-wide: update "that that"
  * khash: fix structured initializer
  * coccinelle: add one more rule to use return value of log_xxx_errno()
  * tree-wide: use return value of log_xxx_errno()
  * coccinelle: always use SYNTHETIC_ERRNO() macro
  * pstore: use log_oom()
  * resolvectl: drop a condition which is always true
  * ask-passwd: drop a condition which is always false
  * tools: drop unnecessary "else" after for loop
  * systemctl: fix potential pointer overflow
  * link-config: make MACAddressPolicy= accept an empty string
  * link-config: warn when MACAddress= is set with MACAddressPolicy=persistent or random
  * man: to make MACAddress= take effect, MACAddressPolicy= must be "none"
  * core/mount: mount_start() may be called during the state is MOUNT_MOUNTING_DONE
  * curl-util: fix type CURL -> CURLM
  * meson: set CURL_NO_OLDIES in developer mode
  * timedate: use localtime_or_gmtime_r() and mktime_or_timegm()
  * logs-show: use localtime_or_gmtime_r()
  * backlight: add several debug logs and adjust log level of non critical error
  * unit: update comment about OOM score
  * man: bootctl set-default/oneshot accept an empty string
  * kernel-install: drop redundant "/"
  * seccomp: also move munmap into @default syscall filter set
  * man: add missing specifiers supported in [INSTALL] section
  * man: sort specifiers alphabetically
  * tree-wide: sort specifiers and move common comments to specifier.h
  * tree-wide: fix typo
  * test: skip several tests in test-seccomp when running on valgrind
  * test: skip several tests in test-seccomp when running on asan
  * core/mount: mount command may fail after adding the corresponding proc mountinfo entry
  * man: slightly update the man page of sd_bus_message_read_basic()
  * sd-device: make device_add_property_internal() inline
  * sd-device: introduce database version and save it in udev database V field
  * sd-device: make sd_device_has_current_tag() and friends compatible with database version 0
  * Merge pull request #17709 from yuwata/test-seccomp-skip
  * hwdb: enable diagnostic switches
  * hwdb: add missing Group()
  * Merge pull request #17478 from yuwata/split-network-internal
  * Merge pull request #17474 from yuwata/network-drop-link-deserialization-logic
  * core/timer: drop unnecessary brackets
  * core: use SYNTHETIC_ERRNO() macro
  * network: use SYNTHETIC_ERRNO() macro
  * network: fix return values
  * coccinelle: add rules for log_unit_error_errno() or friends
  * core: fix typo
  * oom: use CMP() macro
  * mount-util: use mfree()
  * core/scope: use set_ensure_put()
  * test: use for(;;) instead of while(true)
  * cryptsetup: drop unnecessary bracket
  * coccinelle: ignore specific cases to use SYNTHETIC_ERRNO() macro
  * Merge pull request #17761 from keszybz/documentation-followups
  * network: stop IPv4LL engine when DHCPv4 address is successfully acquired
  * network: shorten link_check_ready() a bit
  * network: simplify the condition about ipv4ll is enabled or not
  * network: treat IPv4LL is one of dynamic addressing protocol
  * network: use IN_SET() macro
  * sd-ipv4acd,sd-ipv4ll: introduce _get_ifindex() and _get_ifname()
  * log-link: introduce log_interface_full_errno() macro
  * sd-ipv4acd,sd-ipv4ll: include interface name in the debug logs
  * sd-ipv4acd: logs current state
  * test-network: confirm that IPv4ll address is dropped after DHCPv4 lease is acquired
  * network: add debug log about requesting DHCP address
  * tree-wide: fix typos
  * meson: use '_' as separator in fuzz test names
  * network: use bus_error_message()
  * network: stop to assign UUID when reconfiguring link
  * Merge pull request #17810 from systemd/meson-allows-fuzzer-building
  * Merge pull request #17807 from poettering/bindtodevice
  * network: do not set broadcast if prefixlen is 31 or 32
  * network: fix verification for broadcast address
  * network: ignore broadcast address for /31 or /32 addresses
  * basic/linux: update kernel headers
  * shared/kernel: update kernel headers
  * ethtool: add two new link modes
  * Merge pull request #17821 from poettering/local-address-fix
  * network: introduce route_type_is_reject() helper
  * network: make IPv6 routes with reject type managed by Manager
  * network: set protocol to route assigned through DHCP6 or DHCP6-PD
  * test-network: sleep 1s after reloading configs
  * test-network: add tests for IPv6 routes with reject type
  * socket-util: make several socket_set_xxx() functions inline
  * network: mtu is neither a boolean nor a pointer
  * nss-resolve: varlink_call() set error_id only when r >= 0
  * set: introduce set_strjoin()
  * sd-device: use set_strjoin()
  * sd-device: keep escaped strings in DEVLINK= property
  * test: add tests for device_new_from_nulstr()
  * network: revert previous changes to address_compare_func()
  * network: use address_get() in address_exists()
  * network: fix SIGABRT related to unreachable route with DHCP6
  * network: warn when NDISC and DHCPv6 provide the same address
  * missing: sort architectures in missing_syscall.h
  * missing: support 32bit powerpc
  * missing: drop redundant condition
  * missing: add missing syscalls for ia64, m68k, sparc, arc, and tilegx
  * missing: update warning messages
  * man: synthetize(d) -> synthesize(d)
  * mount-util: fix typo
  * unit: make systemd-networkd.service support reload command
  * log: merge conditions to reduce indentation
  * log: make show_color variable tristate
  * log: open journal when cli program run in a service unit
  * udev: drop meaningless size optimization
  * udev: introduce log_device_uevent() helper function
  * udev: introduce new OPTIONS="log_level=" udev rule
  * man: mention new OPTIONS=log_level= udev rule
  * Merge pull request #17877 from yuwata/missing-syscall-sort
  * network: do not reconfigure interface when the link gains carrier but udev not initialized it yet
  * network: drop assertions to check link state in netlink callback handlers
  * network: do not assume address ready callback is always set to static addresses
  * network: do not configure static configs more than once simultaneously
  * Merge pull request #17928 from keszybz/nss-logging
  * sd-device: make TAGS= property prefixed and suffixed with ":"
  * tree-wide: fix typo
  * core/namespace: ignore ENOENT for /proc/sys/kernel/domainname and hostname
  * network: use netlink_message_read_in_addr_union() where applicable
  * network: introduce log_route_debug()
  * network: merge manager_drop_routes() and manager_drop_foreign_routes()
  * network: introduce log_address_debug()
  * network: make address_drop() accept NULL
  * network: make routing_policy_rule_remove() take Manager instead of Link
  * network: introduce routing_policy_rule_equal()
  * network: introduce log_routing_policy_rule_debug()
  * network: use netlink_message_read_in_addr_union() where applicable
  * core/namespace: use existing /proc when not enough priviledge
  * time-util: fix typo
  * core/namespace: do not ignore non-EPERM mount error
  * Revert "core/namespace: ignore ENOENT for /proc/sys/kernel/domainname and hostname"
  * core: detect_container() may return negative errno
  * Merge pull request #17936 from keszybz/more-nss-logging
  * Merge pull request #17977 from yuwata/namespace-mount-procfs-follow-up
  * udev: move util_replace_whitespace() to udev-util.c
  * udev: move util_path_encode() and rename it to escape_path()
  * udev: move util_replace_chars() to udev-util.c
  * udev: move util_resolve_subsys_kernel() to udev-util.c
  * udev: rename UTIL_LINE_SIZE -> UDEV_LINE_SIZE and friends
  * udev: use encode_devnode_name() instead of udev_util_encode_string()
  * libudev: drop unnecessary headers from libudev-util.c
  * libudev: fix indentation
  * udev: introduce udev_queue_is_empty() and udev_queue_init()
  * udevadm: drop udev_queue
  * udev: drop unnecessary libudev-util.h inclusions
  * meson: do not link with libudev
  * rules: drop broken links
  * udev: drop license boilerplate
  * journal: move journal_field_valid() to journal_file.c
  * journal: refuse data which contain invalid fields
  * logs-show: refuse data which contain invalid fields
  * Merge pull request #17908 from ddstreet/dhcpv4_rfc2131_intervals
  * Merge pull request #17968 from yuwata/purge-libudev
  * Merge pull request #17859 from keszybz/hostnamed-export-hostname-origin-and-simplify-logic
  * tree-wide: fix typo
  * tree-wide: fix typo
  * chattr-util: introduce fallback mode to set file attributes one by one
  * tmpfiles: try to set file attributes one by one
  * tree-wide: fix typo
  * network: move variable declaration
  * meson: add missing headers
  * sd-netlink: replace *messages[] -> **messages
  * sd-netlink: add several assertions
  * netlink: use whitespace instead of tab
  * netlink: drop unnecessary error handling
  * netlink: fix indentation
  * nspawn: sort headers
  * meson: sort files
  * netlink: fix size of fib rule messages
  * Merge pull request #18009 from poettering/time-set-sync-target
  * Merge pull request #17693 from yuwata/tmpfiles-compress-nocow-on-btrfs
  * Merge pull request #18011 from yuwata/trivial-fixes
  * Merge pull request #18015 from keszybz/dmi-test-mesonification2
  * hostname: fix build failure
  * memory-id: fix never hit condition
  * man: update org.freedesktop.hostname1.xml
  * Merge pull request #18019 from yuwata/hostname-drop-libudev
  * tmpfiles: fix typo
  * Merge pull request #18029 from bluca/minor_fixes
  * Merge pull request #18040 from mrc0mmand/cryptenroll-unused-variable
  * journal-importer: ignore invalid field at one more place
  * udev: fix memleak
  * Merge pull request #18069 from flokli/ipv6-privacy-extensions-kernel
  * network: drop redundant TAKE_PTR()
  * sd-ndisc: fix indentation
  * network: fix condition for checking the provided gateway is assigned to link
  * network: make RouteDenyList= filter route prefix rather than gateway address
  * network: rename DenyList= -> PrefixDenyList=
  * network: introduce RouterAllowList= and RouterDenyList= in [IPv6AcceptRA]
  * test-network: add tests for [IPv6AcceptRA] PrefixDenyList= or friends
  * Merge pull request #18021 from ssahani/route-allow-list
  * network: set FRA_PROTOCOL to RTPROT_STATIC by default
  * network: adjust protocol of rules sent from kernel when kernel does not support FRA_PROTOCOL
  * network: treat rule which has l3mdev flag as created by kernel
  * network: drop unnecessary routing policy rules
  * network: do not serialize/deserialize routing policy rules
  * Merge pull request #17477 from yuwata/network-drop-serialization-routing-policy-rule
  * fuzzers: set maximum length for several fuzzers
  * resolve: fix typo
  * resolve: slightly shorten dns_resource_key_compare_func()
  * resolve: do not compare key twice
  * network: constify several arguments
  * network: fix possible memory leak
  * network: drop unnecessary checks
  * network: always re-configure rules even if already exist
  * network: set RoutingPolicyRule::family based on Family= setting
  * network: drop fib rules configured with Family=both
  * test-network: add tests for fib rules with Family=both vs networkctl reload or reconfigure
  * siphash: introduce siphash24_compress_safe()
  * resolve: field size in dns resource record may be zero
  * resolve: slightly optimize dns_answer_add()
  * Merge pull request #18105 from yuwata/fuzz-fix-timeout
  * udev/cdrom: split out parse_argv() and help()
  * udev/cdrom: use random_u64() and usleep()
  * udev/cdrom: introduce scsi_cmd_run_and_log()
  * udev/cdrom: make media_lock() return negative errno
  * udev/cdrom: make cd_profiles() return positive value if drive has media
  * udev/cdrom: introduce Context
  * udev/cdrom: introduce enum for media and drive feature
  * udev/cdrom: move media status to Context
  * udev/cdrom: introduce enum for media state
  * udev/cdrom: split cd_media_info() into small pieces
  * udev/cdrom: use unaligned_read_be32() or friends
  * udev/cdrom: tighten variable scope used in loop
  * udev/cdrom: void()ify several function calls
  * udev/cdrom: drop never hit condition
  * udev/cdrom: drop unnecessary headers
  * udev/cdrom: split main() into main() and run()
  * network: add missing TAKE_PTR()
  * network: read RTAX_ADVMSS in received route message
  * test-network: add tests for route advmss
  * network: refuse to set 0 for rx or tx queue
  * resolve: fix use after free in DnsAnswer
  * Merge pull request #18168 from yuwata/network-cleanups
  * Merge pull request #18169 from OnkelUlla/can_bus_error_reporting
  * Merge pull request #18137 from keszybz/deprecate-blanket-import-environment
  * Merge pull request #18178 from weblate/weblate-systemd-master
  * udev: drop doubled blank line
  * linux: move nl80211.h to basic/linux
  * wifi-util: cleanup header inclusion
  * wifi-util: do not ignore wifi iftype when SSID is not set
  * Merge pull request #18204 from yuwata/wifi-util-fix-18059
  * network: introduce new UseAddress= setting in [DHCPv6] section
  * Merge pull request #18209 from poettering/virt-fix
  * boot: at least one of os_name_pretty or os_name exists in this block
  * sd-bus: fix memleak
  * Merge pull request #18217 from ssahani/todo-network
  * dhcp: length of each user class field must be positive
  * network: refuse zero length dhcp user class
  * dhcp6: refuse zero length dhcp user class
  * dhcp: do not assign value twice
  * dhcp6: add an assert()
  * dhcp6: refuse zero length vendor class
  * network: merge config_parse_dhcp_user_class() and _vendor_class()
  * Merge pull request #18212 from yuwata/two-coverity-fixes
  * timedate: actually reset system time with new timezone
  * Merge pull request #17628 from ssahani/network-gso
  * Merge pull request #18157 from ssahani/vlan-qos
  * Merge pull request #18216 from yuwata/dhcp-user-class-length
  * network: reconfigure interface when wifi iftype is updated
  * Merge pull request #18225 from poettering/tmpfiles-argument
  * network: drop a function argument which is always constant
  * network: introduce ManageTemporaryAddress= setting in [DHCPv6PrefixDelegation] section
  * Merge pull request #18170 from OnkelUlla/udev_introduce_TxQueueLen=_setting
  * Merge pull request #9864 from ximion/master
  * udev: add missing short option name
  * Merge pull request #18261 from ssahani/net2
  * Merge pull request #18243 from ssahani/ensure-put-use
  * tree-wide: fix typo
  * Merge pull request #18230 from ssahani/macvlan-bcqueuelen
  * Merge pull request #18284 from ssahani/net-7
  * basic: drop unused module
  * Merge pull request #18286 from ssahani/net-1
  * core: do not fail when an invalid cpu affinity is specified
  * core: add missing log_oom()
  * core: make config_parse_documentation() explicitly return 0 on success
  * core: add logs when credential value is duplicated
  * network: address-pool: also check conflicts with foreign addresses
  * path-util: also check absolute path is a directory or not in find_executable()
  * analyze: resolve executable path if it is relative
  * sd-journal: move source files for sd-journal to src/libsystemd/sd-journal
  * tmpfiles: move offline-passwd.[ch] to src/tmpfiles
  * login: move src/login/logind-acl.[ch] -> src/shared/devnode-acl.[ch]
  * test: move test-systemd-tmpfiles.py from src/test to test
  * meson.build: drop unused variable
  * xdg: move tests for xdg-autostart-generator
  * time-wait-sync: move time-wait-sync.c -> src/timesync/wait-sync.c
  * test: move tests for libudev into src/libudev
  * test: rewrite test-sd-device-thread.c to depend only on libsystemd
  * core: move several source files to src/shared
  * test: move test-umount.c to src/shutdown
  * meson: make the second and third elements of tests or fuzzers optional
  * meson: fix indentation
  * fuzzers: move several fuzzers
  * util: move parse_syscall_and_errno() to seccomp-util.c
  * util: move unit-file.[ch] to src/basic
  * util: move several DNS related definitions to src/basic/dns-def.h
  * efi: create symbolic link to efi/loader-feature.h
  * test: drop bus-util.h from sd-bus
  * meson: drop unnecessary loop
  * meson: drop unnecessary variable declarations
  * meson: fix indentation
  * meson: enable several tests even if the relevant features are disabled
  * meson: introduce libtimesyncd_core library
  * meson: move definition of systemctl source files
  * meson: drop redundant directory specification in additional source files
  * meson: use condition argument in test definition
  * meson: show standalone-binaries setting in the summary
  * meson: move source file list for systemd-cryptsetup
  * meson: move source file list for systemd-cryptenroll
  * meson: move source file list for busctl
  * meson: move source file list for systemd-xdg-autostart-generator and its tests
  * meson: drop redundant source files in executable()
  * meson: move and gather find_program()
  * meson: move libudev related definitions to src/libudev/meson.build
  * meson: move libjournal_core definition to src/journal/meson.build
  * meson: sort inclusion of meson.build files in subdirectories
  * meson: slightly disentangle code dependencies
  * meson: drop unnecessary libraries from journal related tests
  * meson: drop unnecessary files from test definitions
  * meson: drop unused variable
  * meson: move test or fuzzer definitions to relevant meson.build in subdirectories
  * meson: add missing license header
  * meson: use static_libsystemd_pic
  * meson: move several definitions related libsystemd to src/libsystemd/meson.build
  * veritysetup-generator: drop unused struct and variable
  * TODO: fix typo
  * Merge pull request #18299 from ssahani/ensure-put
  * Merge pull request #18267 from lucaswerkmeister/truncate
  * Merge pull request #18038 from yuwata/meson-split
  * Merge pull request #18303 from yuwata/verity-cleanup
  * Merge pull request #18294 from ssahani/net-2
  * path-util: simplify check_x_access()
  * udev/cdrom_id: re-enable logging related functions
  * Merge pull request #18311 from poettering/sysext-fixups
  * Merge pull request #18329 from poettering/notify-chroot
  * Merge pull request #16228 from ddstreet/administrative_state
  * network: do not re-assign static routes when dynamic IPv6 addresses are updated
  * network: drop many unnecessary link_dirty() calls
  * fs-util: rename conservative_rename() -> conservative_renameat()
  * network: use conservative_rename() to reduce to trigger network events
  * dhcp: use conservative_rename()
  * hostname: accept an empty hostname to unset transient hostname
  * log: drop unused log_full_errno_realm() macro
  * selinux-util: do not use log_internal_realm() without setting log realm
  * udev: stop to use LOG_REALM_UDEV
  * log: drop unused LogRealm
  * log: use ansi_normal() instead of ANSI_NORMAL
  * terminal-util: use ansi_normal() or friends instead of ANSI_NORMAL
  * logs-show: simplify code
  * cgtop: use ansi_normal() or friends instead of ANSI_NORMAL
  * Merge pull request #18281 from yuwata/log-drop-log-realm
  * Merge pull request #18371 from yuwata/use-ansi-normal
  * sd-device: use string_hash_ops_free_free
  * sd-device: rename variables and use TAKE_PTR()
  * sd-device: add a short comment why we simply return negative errno here on failure
  * sd-device: use string_hash_ops_free_free
  * sd-device: use size_t for index in the loop
  * docs/ENVIRONMENT: move entry for systemd-udevd
  * sd-netlink: do not use downgrade-to-bool feature
  * sd-netlink: fix indentation
  * sd-device: do not use downgrade-to-bool feature
  * test-network: add tests for IPv6ProxyNDPAddress=
  * network: drop wrong flag for neighbor entry
  * network: drop unnecessary condition in error path
  * test-network: retry several times if expected LLDP info is not obtained
  * Merge pull request #18380 from yuwata/test-network-ipv6-proxy-ndp
  * Merge pull request #18417 from DaanDeMeyer/sd-boot-no-include
  * network: drop one more link_dirty()
  * log: make tools also read the kernel command line when run as a service
  * tree-wide: enable colorized logging for daemons when run in console
  * core: set $SYSTEMD_EXEC_PID= environment variable for executed commands
  * test: use test_setup_logging() in test-env-util
  * env-util: introduce env_update_systemd_exec_pid()
  * core: also set $SYSTEMD_EXEC_PID= for generators
  * import,home: update $SYSTEMD_EXEC_PID= if it is set
  * log: skip reading the kernel command line if the process is invoked by a script
  * udev: add debugging logs in spawn_wait()
  * udev: use strv_split_newlines() to parse result of spawned command
  * udev: ignore OOM error in on_spawn_io()
  * test: add test for udev_event_spawn()
  * sd-event: retrieve more events when epoll_wait() returns number equivalent to the buffer size
  * libudev: use hashmap_ensure_put()
  * libudev: set entry->list after the entry is stored in the list
  * libudev: also drop the entry from LIST even if unique flag is set
  * libudev: unset uptodate flag before free()ing entries
  * libudev: add one more assertion
  * network: make RouteTable= setting can take multiple name:number pairs in a line
  * network: use defined route table name in debug logs
  * test: add tests for RouteTable= setting
  * udev: rename TxQueueLength= -> TransmitQueueLength=
  * network,udev: move TransmitQueues=/ReceiveQueues= from .network to .link
  * Merge pull request #18423 from DaanDeMeyer/sd-boot-no-include
  * Merge pull request #18319 from yuwata/udev-move-tx-rx-queues
  * test-network: disable NDISC on veth-peer
  * Merge pull request #18459 from poettering/discover-image
  * Merge pull request #18462 from poettering/copy-time
  * man: fix typo
  * hostnamectl: improve log message on failure
  * bus-error: align error definitions
  * hostname: introduce two bus errors for updating file
  * hostnamectl: try to set transient hostname even if updating static or pretty hostname failed
  * hostnamectl: unset pretty hostname only when no target is specified
  * hostname: re-read file later when failed to update file
  * hostname: use free_and_strdup_and_warn()
  * hostnamectl: show hint when user try to set transient hostname but static hostname is already used
  * hostnamectl: use Table
  * fundamental: move several macros and functions into src/fundamental/
  * string-util: introduce strverscmp_improved()
  * tree-wide: replace strverscmp() and str_verscmp() with strverscmp_improved()
  * test-network: support protocol and linkdown flag for ff00::/8 route
  * log: do not use uninitialized value
  * Merge pull request #18506 from keszybz/fuzz-systemctl-parse-argv
  * bash-completion: coredumpctl: add --json and -n options
  * bash-completion: loginctl: add -P option
  * Merge pull request #11484 from keszybz/udevadm-error-logs
  * Merge pull request #18536 from poettering/uid-refs-simplify
  * network: use SD_BUS_METHOD_WITH_ARGS() macro
  * conf-parser: use return codes in xxx_from_string()
  * tree-wide: use error codes in xxx_from_string()
  * string-table: introduce DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN()
  * networkd: lldp: use string table
  * network: route: use _WITH_FALLBACK macros
  * string-table: introduce DEFINE_STRING_TABLE_LOOKUP_FROM_STRING()
  * network: dhcp: use string table
  * tree-wide: propagate error in xxx_from-string()
  * network: address: also logs preferred lifetime
  * network: automatically set NLM_F_REPLACE flag
  * tree-wide: use free_and_strdup_warn()
  * Merge pull request #18554 from yuwata/network-address-set-NLM_F_REPLACE-flag-automatically
  * network: make address_configure() or friends return 1 when the address is new
  * network: set return value at the end of the function
  * network: dhcp6: fix condtion check
  * network: ndisc: change link state into "configuring" only when a new address or route will be assigned
  * network: dhcp6: change link state into "configuring" only when a new address or route will be assigned
  * network: address: also set IFA_FLAGS on remove
  * network: address: do not set IFA_F_PERMANENT flag
  * test-network: merge test_address_static and test_address_preferred_lifetime_zero_ipv6
  * Merge pull request #18455 from yuwata/network-change-link-state-only-when-new-address-or-route-will-be-assigned
  * Merge pull request #18555 from yuwata/network-address-set-flag-on-remove
  * Merge pull request #18563 from poettering/nss-resolve-no-valid
  * Merge pull request #18587 from poettering/rr-count-workaround
  * Merge pull request #18588 from poettering/refuse-loops
  * tree-wide: fix typo
  * sd-netlink: add RTA_NH_ID attribute support
  * netlink: add nexthop related types
  * netlink: fix assertions
  * man: fix indentation
  * network: drop unnecessary family setting
  * netlink: drop sd_rtnl_message_{route,nexthop}_set_family()
  * Merge pull request #18629 from yuwata/sd-netlink-nexthop-types
  * netlink: introduce sd_netlink_message_has_flag()
  * network: nexthop: unset gateway when an empty string is assigned
  * network: allow to configure nexthop with null address
  * network: nexthop: introduce Family= setting in [NextHop] section
  * network: nexthop: refuse 0 id
  * man: update explanations of settings in [NextHop] section
  * test-network: add tests for Family= in [NextHop]
  * network: Route::gw_family may be AF_UNSPEC
  * network: refuse IPv4 multipath route for IPv6 route
  * in-addr-util: make in_addr_prefix_nth() returns 0 on success
  * in-addr-util: make in_addr_prefix_nth() refuse prefixlen larger than maximum size
  * in-addr-util: make in_addr_prefix_nth() always return valid prefix
  * in-addr-util: introduce in_addr_prefix_range()
  * firewall-util: replace nft_in6addr_to_range() with in_addr_prefix_range()
  * network: nexthop: first create nexthops with ID
  * network: enumerate nexthops before routes
  * in-addr-util: introduce in_addr_is_set() or friends
  * in-addr-util: introduce in6_addr_is_link_local()
  * in-addr-util: introduce in6_addr_equal()
  * network: assign values after all checks are passed
  * tree-wide: use in_addr_is_set() or friends
  * resolve: make manager_find_ifindex() or friends return earlier
  * resolve: use sockaddr_in_addr()
  * network: use in_addr_prefix_to_string()
  * network: use temporary buffer for safety
  * tree-wide: constify variables if possible
  * network: introduce log_nexthop_debug()
  * network: constify arguments
  * network: NHA_ID should be always set
  * network: rename UseFQDN= -> UseHostname=
  * table: drop trailing white spaces of the last cell in row
  * Merge pull request #18659 from poettering/permyriadification
  * network: address: reuse Address:ip_masquerade_done for IPv6 case
  * network: warn when any positive boolean string is specified for IPMasquerade=
  * tree-wide: fix typo
  * network: configure nexthop before routes that requires gateway
  * network: nexthop: update ID of nexthop created without specifiying ID
  * network: also manage nexthops by ID
  * network: add NextHop= setting in [Route] section
  * network: add nexthop ID in debugging logs
  * test-network: add tests for NextHop= setting in [Route]
  * Merge pull request #18695 from keszybz/xdg-generator-silence-warning
  * Merge pull request #18699 from yuwata/network-route-add-nexthop-setting
  * network: make Broadcast= accept boolean value
  * test-network: add tests for Broadcast= with boolean settings
  * Merge pull request #18689 from yuwata/network-address-broadcast-no
  * network: fix typo
  * sd-device: rename device_{add,get,remove}_sysattr_value()
  * sd-device: move comment about NULL value
  * sd-device: do not cache an empty string but clear cache on failre
  * sd-device: use delete_trailing_chars()
  * sd-device: the last argument of sd_device_get_sysattr_value() may be NULL
  * sd-device: ignore error in device_cache_sysattr_value() and propagate original error code
  * sd-device: add a brief comment in device_cache_sysattr_value()
  * sd-device: use appropriate error code
  * sd-device: make sd_device_get_xxx() accept NULL for storing result
  * sd-device: make devpath check stricter
  * test: add more tests for path_startswith()
  * sd-device: do not cache action string for uevent file written by sd_device_set_sysattr_value()
  * sd-device: introduce tiny wrapper sd_device_trigger()
  * udev: use sd_device_trigger() to trigger uevent
  * udevadm-trigger: use sd_device_trigger() for triggering uevent
  * udevadm-trigger: do not return immediately on EACCES
  * udevadm-trigger: introduce --quiet option
  * unit: ignore exit code of "udevadm trigger"
  * sd-device-enumerator: shorten code a bit
  * mount-tool: sd_device_get_sysattr_value() returns 0 on success
  * network: nexthop: add OnLink= setting
  * test-network: add a test for OnLink= in [NextHop] section
  * Merge pull request #18711 from yuwata/network-nexthop-onlink
  * man: fix typo
  * test-network: test wireguard peer in drop-in config
  * backlight: exit earlier when unknown verb is specified
  * backlight: same_device() may return negative errno
  * backlight: reduce indentation a bit
  * backlight: reindent comments
  * network: nexthop: add Blackhole= setting in [NextHop] section
  * network: route: shorten code a bit
  * test-network: add tests for Blackhole= setting in [NextHop] section
  * Merge pull request #18731 from yuwata/backlight-trivial-cleanups
  * Merge pull request #18734 from poettering/cryptsetup-description-escape
  * Merge pull request #18718 from yuwata/network-nexthop-blackhole
  * dhcp6: do not use input value before checking
  * dhcp6: make dhcp6_option_parse_{address,pdprefix}() return -EINVAL when received address or prefix is refused
  * dhcp6: do not set T1 and T2 by dhcp6_option_append_ia() in client
  * dhcp6: do not set T1 and T2 by dhcp6_option_append_pd() in client
  * Revert "meson: remove one more instance of install_dir:bindir"
  * sd-netlink: introduce sd_rtnl_message_nexthop_get_protocol()
  * network: nexthop: read protocol in received netlink message
  * network: nexthop: drop unnecessary nexthops
  * test-network: add tests for dropping unnecessary nexthops
  * core: fix stack-use-after-scope
  * Merge pull request #18589 from yuwata/network-nexthop-drop-unnecessary-nexthops
  * doc,man: fix-typo (hierachy -> hierarchy)
  * clock-util: rename function argument
  * network: use IPMasquerade=both instead of yes
  * timedate: do not ignore fix_system argument in SetLocalRTC method
  * Merge pull request #18832 from keszybz/resolved-stop-sources
  * tree-wide: fix typo
  * network: move state file related functions to networkd-state-file.[ch]
  * network: use unlink_and_freep() cleanup functions
  * network: minor style fixes
  * network: drop unnecessary {}
  * network: move manager_{rtnl,udev}_process_link() to networkd-link.[ch]
  * dhcp: use unlink_and_freep() in dhcp_lease_save()
  * network: remove DHCP lease and LLDP state file on link_free()
  * network: use conservative_rename() at one more place
  * network: do not remove LLDP state file on failure
  * libudev: shorten code a bit
  * io-util: introduce ppoll_usec() helper function
  * tree-wide: use ppoll_usec()
  * libsystemd-network: introduce sd_xxx_{set,get}_ifname()
  * libsystemd-network: make log_dhcp_client() or friends include interface name
  * dhcp6: tighten T1 and T2 value check
  * Merge pull request #18864 from poettering/fsync-tweaks
  * sd-device-monitor: use assert() in non-public functions
  * sd-device-monitor: use UINT64_C() macro
  * sd-device-monitor: use hashmap_put_strdup_full()
  * sd-device-enumerator: add comments why trivial_hash_ops_free_free is used
  * journal: make namespace invocation also support drop-in config
  * tree-wide: use usec_add() and usec_sub_unsigned()
  * table: drop last SIZE_MAX from table_set_sort() and table_set_display()
  * tree-wide: use UINT64_MAX or friends
  * efi: introduce UINT32_MAX and UINT64_MAX
  * udev/net: make .link files support drop-in config
  * udev/net: use null_or_empty_path()
  * network: use null_or_empty_path()
  * install: use null_or_empty_path()
  * strv: introduce strv_split_newlines_full()
  * udev: do not unescape command result
  * udev: also not unescape command result on debug log
  * dhcp-server: also append specified additional options and vendor specific option on DHCP_OFFER
  * Merge pull request #18873 from yuwata/use-config-parse-many-and-null-or-empty-path
  * test: merge udev tests
  * test: add test for IMPORT{program}= udev rule
  * Merge pull request #18896 from poettering/no-localhost-ipv6
  * fstab-generator: fix typo
  * format-table: fix potentail memleak and invalid-free
  * Merge pull request #18890 from keszybz/fuzz-bus-match
  * dissect: fix memleak
  * Merge pull request #18892 from poettering/cname-tweaks
  * socket-util: initialize variable with cleanup attribute
  * test: move test_parse_syscall_and_errno() to test-seccomp.c
  * test: parse_syscall_and_errno() accepts zero errno
  * seccomp: fix comment and change variable name
  * core: drop meaningless parse_syscall_and_errno() calls
  * core,seccomp: refuse to specify errno for allow-listed syscalls
  * seccomp: use FLAGS_SET() macro
  * seccomp: do not ignore deny-listed syscalls with errno when list is allow-list
  * test: add one more test for system call filter with errno
  * man: update document about NoNewPrivileges=
  * core/execute: sort conditions to make them match documentation
  * Merge pull request #18932 from poettering/filename-max
  * test: add log messages
  * sd-event: re-check new epoll events when a child event is queued
  * Merge pull request #18979 from keszybz/man-page-links
  * fstab-util: fix typo in comment
  * network: use userdata instead data in conf parsers
  * network: also introduce UseDomains= for [DHCPv6] section
  * ordered-set: make ordered_set_put_strdup() allocate OrderedSet object
  * network: use string_hash_ops_free
  * man: DNS/NTP servers received from DHCP server are concatenated with the statically configured ones
  * sd-event: re-check new epoll events when a child event is queued
  * dhcp6: fix wrong length for IA_PD dhcp6 option
  * udev: do not try to assign invalid ifname
  * meson: fix build error of test-dnssec-complex
  * meson: fix warning about comparison between different types
  * shell-completion: systemd-run: add missing options
  * firewall-util: logs which backend will be used
  * network: allocate FirewallContext lazily
  * firewall-util: probe firewall backend in fw_ctx_new()
  * firewall-util: add missing return value check
  * firewall-util: do not use goto for retrying
  * firewall-util: gracefully handle -EOVERFLOW returned from older kernel
  * firewall-util: refuse IPv6 firewall rules when kernel does not support IPv6
  * resolve: drop meaningless bitfield specifier
  * resolve: drop doubled white space
  * resolve: rename function argument in prototype to match its declaration
  * resolve: use dns_answer_size() and dns_answer_isempty()
  * resolve: dns_answer_contains() does not return negative errno
  * test-firewall-util: use assert_se() at most places
  * sd-device-monitor: split passes_filter() into two parts
  * sd-device-enumerator: move match_sysattr() to device-util.[ch]
  * sd-device-monitor: introduce sd_device_monitor_filter_add_match_sysattr()
  * sd-device-enumerator: also move match_parent() to device-util.[ch]
  * sd-device-monitor: introduce sd_device_monitor_filter_add_match_parent()
  * test: add tests for filters of sd-device-monitor
  * dissect-image: filter out enumerated or triggered devices without "partition" sysattr
  * dissect-image: also check devtype in device_is_partition()
  * dissect-image: move parent device check into device_is_partition()
  * udev: add missing initialization to fix freeing invalid address
  * udev: it is not necessary that the path is readable
  * udev: split out logic of parsing s390 PCI slots
  * udev: use uint32_t for hotplug_slot
  * udev: make dev_pci_slot() return earlier when PCI bridge is found
  * udev: fix potential infinite loop
  * udev: use snprintf_ok()
  * test: move check of nat table existence
  * network: do not emit changed properties when bus connection is not ready
  * network: do not require DHCPv6 addresses when UseAddress=no
  * network: drop unnecessary bitfield specifier
  * network: adjust log message
  * sd-dhcp6-client: do not use IN_SET() macro when only one target value
  * network: refuse to configure NDISC twice
  * Merge pull request #19164 from mmatsuya/main
  * networkctl: drop unused variables
  * sd-dhcp-client: constify argument in sd_dhcp_lease_get_xxx()
  * network: add missing default setting in networkd.conf
  * network: introduce ManageForeignRoutingPolicyRules= boolean setting in networkd.conf
  * man: update description for ManageForeignRoutes=
  * man: fix typo
  * tree-wide: update comment about unnecessary initialization
  * network: refuse to configure engines such as DHCP client more than once
  * network: lldp: update mac address
  * network: fix indentation
  * network: move and rename network_apply_anonymize_if_set()
  * network: dhcp4: do not request any additional options when Anonymize=yes
  * network: drop unnecessary explicit initializations
  * network: dhcp4: warn when Anonymize=yes and ClientIdentifier= is not mac
  * man: update explanation for Anonymize=
  * Merge pull request #19069 from LetzteInstanz/waiting_for_address_family
  * Merge pull request #19287 from yuwata/network-manage-foreign-routing-policy-rule-19106
  * util: shorten allow_listed_char_for_devnode()
  * network: shorten code a bit
  * wait-online: update debug log messages
  * fileio: introduce a new flag to make write_string_file() ignore trailing newline
  * udev: ignore additional newline in sysfs attribute on verify
  * sd-dhcp-client: introduce sd_dhcp_client_is_running()
  * core: make log_unit_xxx_errno() refuse zero errno
  * timedate: make log_unit_xxx_errno() refuse zero errno
  * network: make log_netdev_xxx_errno() refuse zero errno
  * network: update log message
  * Merge pull request #19325 from sainAk/patch-1
  * Merge pull request #19332 from yuwata/log_xxx_yyy_errno-follow-ups-19317
  * fileio: use take_fdopen_unlocked()
  * core: add RestrictAddressFamilies=none to deny all address families
  * wifi-util: do not set zero errno to log_debug_errno()
  * man: fix typo
  * sd-netlink: add missing address types
  * network: show route metric in debug log
  * network: add RouteMetric= setting in [Address] section
  * network: dhcp4: also apply RouteMetric= setting in [DHCPv4] to prefix route
  * network: move RouteMetric= from [DHCPv6] to [IPv6AcceptRA]
  * network: dhcp6-pd: add RouteMetric= setting in [DHCPv6PrefixDelegation]
  * network: radv: add RouteMetric= setting in [IPv6Prefix]
  * network: set metric for prefix route of IPv4 link-local address
  * man: update explanation about route metric
  * test-network: update test for RouteMetric=
  * in-addr-util: add assertions
  * in-addr-util: introduce 'struct in_addr_prefix' and hash ops for it
  * network: dhcp6: logs about delegated prefixes
  * network: dhcp6: logs about generated addresses in delegated prefix
  * doc: fix typo
  * Merge pull request #19344 from yuwata/network-route-metric-19028
  * network: move dhcp related conf parsers to networkd-dhcp-common.c
  * network: make IAID and DUID for DHCPv6 configurable explicitly
  * network: configure non-dhcp configs earlier even DUID-UUID is used by DHCP clients
  * network: dhcp: introduce duid_needs_product_uuid() helper function
  * network: dhcp: constify link_get_duid()
  * network: dhcp4: introduce link_set_dhcp_prefix_route()
  * network: dhcp4: introduce link_set_dhcp_static_routes()
  * network: dhcp4: introduce link_set_dhcp_gateway() and link_set_dhcp_route_to_gateway()
  * network: dhcp4: simplify link_set_dns_routes()
  * Merge pull request #19392 from yuwata/network-dhcp-split-link_set_dhcp_routes
  * network: dhcp4: also set route MTU to prefix route and DNS routes
  * network: dhcp4: ignore gateway in static routes if destination is link-local or in the same network
  * network: dhcp4: set gateway for route to DNS server if it is not in the same network
  * network: dhcp4: ignore null dns address
  * test-network: update tests for DHCP routes
  * network: fix typo
  * core/service: fix typo
  * network: add missing sections
  * network: update comment and log message
  * network: dhcp4: enable RoutesToDNS= by default
  * network: dhcp4: split and rename link_set_dns_routes()
  * network: dhcp4: introduce RoutesToNTP= boolean setting
  * test-network: add tests for RoutesToNTP=
  * bus-print-property: introduce BusPrintPropertyFlags
  * systemctl: fix build failure
  * network: dhcp4: downgrade log level
  * network: link: downgrade log level
  * network: neighbor: downgrade log level
  * network: ndisc: fix ipv6 route preference for routes with Gateway=_ipv6ra
  * Merge pull request #19449 from yuwata/network-downgrade-log-level
  * network: drop meaningless bitfield specifiers
  * network: dhcp4: downgrade log level when interface is removed
  * network: unify log_link_message_full_errno() and log_message_warning_errno()
  * network: do not set route type on specific route removal
  * network: do not remove reject type routes more than once
  * network: do not set nexthop ID, gateway, and multipath routes simultaneously
  * ether-addr-util: introduce ether_addr_to_string_alloc()
  * network: reduce indentation in log_address_debug() or friends
  * network: introduce log_neighbor_debug()
  * network: neighbor: use sd_netlink_message_read_data() at one more place
  * Merge pull request #19459 from yuwata/network-log-neighbor
  * kernel-insteall: do not remove the first slash in $ENTRY_DIR
  * test-network: set DNS= and NTP= for DHCP server
  * network: drop duplicated link_up_can()
  * network: can: do not warn if link does not exist anymore
  * network: can: shorten code a bit
  * network: do not try to configure address or etc on can device
  * network: introduce link_activate()
  * network: make CAN device follow activation policy
  * network: do not bring up CAN interface on configure
  * udev: do not store inotify fd in a global variable
  * sd-device: drop doubled empty lines
  * udev: drop unused variable
  * udev: shorten code a bit
  * udev: also propagate error in udev_rules_apply_to_event() on remove event
  * udev: refuse to enable inotify watch on remove event
  * sd-device: rename device_get_id_filename() -> device_get_device_id()
  * sd-device: check the validity of device id
  * sd-device: minor optimization for sd_device_new_from_device_id()
  * sd-device: drop sysname_set flag
  * sd-device: cleanup sd_device_get_subsystem()
  * udev: make udev_watch_end() noop when device does not have devname
  * udev,sd_device: also save map from device ID to watch handle in /run/udev/watch
  * test: run udev tests after currently queued events are finished
  * test: generate debugging logs for udev tests
  * test: add a simple test for udev watch
  * sd-bus: fix vtable named argument logic
  * Merge pull request #18904 from yuwata/udev-watch
  * Merge pull request #19476 from yuwata/network-can
  * Merge pull request #19487 from mrc0mmand/test-all-services-in-TEST-01
  * tree-wide: fix typo
  * hostnamectl: fix hyperlink in "Operating System" field
  * Merge pull request #19507 from nabijaczleweli/bootctlpsko-lite
  * Merge pull request #19513 from takaswie/topic/ieee1394-hwdb-entries-for-video
  * Merge pull request #19514 from keszybz/return-UnitNameFlags-more
  * Merge pull request #19515 from keszybz/config-parser-crash-fix
  * test: drop log_trace() in test-random-util
  * test: increase image size when static library or standalone binaries are installed
  * test: drop default ACL from $TESTDIR
  * string-util: fix build error on aarch64
  * local-addresses: wrap long comment
  * network: check that bus is ready at one more place
  * timesync: check that bus is ready before emitting property change
  * resolve: check that bus is ready before emitting signal or property change
  * string-util: explicitly cast character to unsigned
  * test: add one more assertion to make Coverty happy
  * userdb: shorten code a bit
  * tree-wide: fix typo
  * Merge pull request #19575 from poettering/hwdb-whitespace-fix-again
  * Merge pull request #19562 from keszybz/flag-manips
  * specifier: use SD_ID128_STRING_MAX
  * specifier: rename variable
  * test: move test_specifier_printf() to test-specifier.c
  * gpt: introduce GPT_LAVEL_MAX
  * fd-util: introduce FDNAME_MAX
  * creds-util: introduce CREDENTIAL_NAME_MAX
  * dns-domain: use DNS_LABEL_MAX at one more place
  * tree-wide: refuse too long strings earlier in specifier_printf()
  * network: make neighbor_configure() take callback
  * network: make nexthop_configure() take callback
  * network: rename routing_policy_rule_configure_internal() and make it take callback
  * network: use in6_addr_is_link_local() or friends
  * in-addr-util: introduce in6_addr_to_string() or friends
  * in-addr-util: move IPV4_ADDRESS_FMT_STR/VAL macros from networkd-address.h
  * network: use IPV4_ADDRESS_FMT_STR/VAL macros and in6_addr_to_string() or friends
  * hashmap,set: make hashmap_clear_with_destructor() or friends safer
  * ordered-set: introduce ordered_set_clear/free_with_destructor()
  * network: introduce manager_has_address()
  * network: delay resolving interface specifier in MultiPathRoute=
  * network: introduce link_has_route()
  * network: introduce manager_address_is_reachable()
  * sd-netlink: introduce multipath_route_dup()
  * network: introduce route_dup()
  * network: simplify and rename routing_policy_rule_copy()
  * network: change order of dropping network configs
  * network: split out common part of route or address handlers
  * network: nexthop: add NextHop object before sending netlink request
  * network: add skeleton of request queue
  * network: introduce link_is_ready_to_configure() helper function
  * network: use request queue to configure routing policy rules
  * network: use request queue to configure neighbors
  * network: use request queue to configure addresses, routes, and nexthops
  * network: make log_route_debug() show multipath routes and Gateway=_dhcp4 or _ipv6ra
  * network: make route_configure() return all created routes
  * test-network: wait for the intreface is configured if it is expected
  * test-network: wait for the interfaces are configured after reloading .network files
  * Merge pull request #19590 from keszybz/comments-and-service-modernization
  * network: move and rename network_get() -> link_get_network()
  * udev,network: make link_get_type_string() return negative errno on failure
  * network: introduce Describe() method for manager and links
  * networkctl: use table_set_empty_string()
  * json: make JSON_VARIANT_ARRAY/OBJECT_FOREACH() nestable
  * networkctl: introduce --json option for "status" and "list" commands
  * shell-completion: support --json option for hostnamectl
  * network: shorten code a bit and update log message
  * fix typo
  * conf-parser: introduce config_parse_in_addr_non_null()
  * network: use config_parse_in_addr_non_null()
  * network: introduce address_set_broadcast()
  * network: use UINT32_C() macro
  * network: address: introduce link_get_ipv4/ipv6_address()
  * network: dhcp-server: introduce ServerAddress= setting
  * test-network: add testcases for ServerAddress=
  * network: fix possible message counter double decrement
  * network: merge link_drop() and link_detach_from_manager()
  * network: also drop requests when link enters linger state
  * network: fix Link reference counter issue
  * Merge pull request #19630 from keszybz/jinja2
  * Merge pull request #19631 from yuwata/network-fix-reference-counting-issues
  * Merge pull request #19611 from yuwata/network-dhcp-server-introduce-server-address
  * network: dhcp4: re-request DHCP4 address and routes immediately
  * network: drop unused "callback" arguments in route_remove() and address_remove()
  * network: drop unnecessary call of manager_rtnl_process_address()
  * network: drop redundant condition
  * network: introduce link_get_by_name()
  * network: route: parse earlier if device specifier in MultiPathRoute= is ifindex
  * network: route: check validity of interface name in MultiPathRoute=
  * memory-util: make memcpy_safe() return pointer to destination
  * alloc-util: use memcpy_safe() in memdup() or friends
  * Merge pull request #19163 from sipraga/online-if-required
  * test: reduce debugging logs in test-event
  * nspawn: fix build failure
  * string-util: introduce strextendf_with_separator()
  * network: route: make log_route_debug() show weight for multipath route
  * env-util: use strextend()
  * pid1: use strextend_with_separator()
  * escape: use strextend()
  * sd-bus: use strextend()
  * networkctl: use strextend()
  * network: bridgeFDB: rename FdbEntry -> BridgeFDB
  * network: use queue to configure bridge FDB
  * test-network: add a testcase for OutgoingInterface= in [BridgeFDB]
  * nspawn: use strextendf_with_separator()
  * run: use strextend_with_separator()
  * systemctl: use strextend_with_separator()
  * sysv-generator: use strextend_with_separator()
  * man: mention that drop-in files are merged in alphanumeric order
  * network: fix an infinite loop
  * ethtool-util: downgrade log level
  * network: route: make stored multipath route weight equivalent to hop of nexthop
  * network: make nexthop_add(), nexthop_configure() and friends return 0 on success
  * network: nexthop: IFF_UP flag is required for nexthops which attached to a link
  * network: nexthop: add Group= setting to configure multipath route with group nexthop
  * test-network: add a test case for nexthop Group= setting
  * Merge pull request #19691 from poettering/read-virtual-file-tweaks
  * Merge pull request #19594 from yuwata/network-nexthop-group
  * ethtool-util: make ethtool_connect() open fd only when it is not opened
  * ethtool-util: move and rebreak comments
  * ethtool-util: disable autonegotiation when speed, duplex, or port is specified
  * ethtool-util: do not touch anything if nothing is requested
  * udev/net: drop fallback logic to set speed
  * udev/net: drop unnecessary conditions
  * ethtool-util: drop unused function
  * Merge pull request #19681 from yuwata/ethtool-util-log
  * ordered-set: introduce ordered_set_get()
  * network: make link_configure() static
  * network: IPv6LinkLocalAddressGenerationMode=none disables IPv6LL addressing
  * udev/net: rename link_config_ctx -> LinkConfigContext
  * udev/net: rename link_config -> LinkConfig
  * sd-netlink: rename rtnl_get_link_iftype() -> rtnl_get_link_info() and make it optionally return link flags
  * udev/net: do not manage loopback interfaces
  * Merge pull request #19704 from yuwata/network-small-fixes
  * network: allow to set Group=0 in [Link] section
  * network: add several assertions in conf parsers
  * sd-netlink: do not append prefixlen by default
  * sd-netlink: do not enable dump flag by default for RTM_GETADDR message
  * sd-netlink: do not set action for RTM_GETRULE message
  * sd-netlink: do not set route type and table by default for RTM_GETROUTE or friends
  * sd-netlink: set NETLINK_GET_STRICT_CHK socket option
  * network: set ifindex when dump addresses on an interface
  * local-addresses: set ifindex when dump addresses on an interface
  * test: add testcases of filtering on dumping addresses
  * Merge pull request #19713 from nabijaczleweli/bootctlpsko-liter
  * Merge pull request #19715 from yuwata/network-link-group
  * Merge pull request #19716 from yuwata/sd-netlink-NETLINK_GET_STRICT_CHK
  * dns-domain: fix build failure with libidn
  * core/service: do not set zero error to log_unit_debug_errno()
  * Merge pull request #19727 from poettering/pcr-comma
  * Merge pull request #19726 from poettering/path-event-symlink
  * test-network: wait for that the link is in configuring state at the beginning
  * test-network: refuse RA if not necessary
  * Merge pull request #19736 from poettering/udev-trigger-uuid
  * network: ndisc: always honor valid time
  * network: ndisc: update log message
  * Merge pull request #19743 from yuwata/dhcpv4-static-leases
  * Merge pull request #19703 from yuwata/network-ndisc-valid-time
  * Merge pull request #19749 from poettering/path-extend
  * path-util: fix off by one issue to detect slash at the end in path_extend()
  * path-util: introduce path_find_first_component()
  * path-util: use path_find_first_component() in path_is_valid()
  * path-util: introduce path_is_safe()
  * path-util: use path_is_safe() in path_is_normalized()
  * path-util: use path_find_first_component() in path_startswith()
  * path-util: use path_find_first_component() in path_make_relative()
  * path-util: make path_compare() and path_hash_func() ignore "."
  * fs-util: make chase_symlinks() use path_find_first_component()
  * path-util: use path_equal() in empty_or_root()
  * path-util: introduce path_find_last_component()
  * path-util: make path_extract_filename/directory() handle "." gracefully
  * tree-wide: always drop unnecessary dot in path
  * path-util: make path_simplify() use path_find_first_component()
  * path-util: add missing varargs cleanup
  * network,sd-hwdb: voidify fchmod()
  * basic/unit-file: fix use-after-free
  * tree-wide: fix typo
  * Merge pull request #19754 from yuwata/fix-coverity-issues-and-typo
  * Merge pull request #19759 from poettering/emoji-token-text
  * Merge pull request #19766 from keszybz/fuzz-fixes
  * string-util: trivial optimizations for strverscmp_improved()
  * efi: do not use _STRING_ARCH_unaligned macro
  * efi: include endian.h to handle endian correctly
  * efi: add const qualifier to string utils
  * efi: add const qualifier to EFI variable handling functions
  * efi: drop const qualifiers from arguments in uefi_call_wrapper()
  * efi: constify several arguments of functions which handle loader entries
  * meson: enable more warnings when building efi binary
  * meson: sort compiler flags
  * cryptsetup: fix typo
  * udev: ignore the case that the device is already removed
  * udev: explicitly mention that the error will be ignored
  * udev: check that passed symbolic link path starts with /dev
  * udev: upgrade log level about failure in updating devlinks
  * Merge pull request #19791 from yuwata/udev-node-logs
  * Merge pull request #19792 from keszybz/more-logging-stuff
  * Merge pull request #19798 from bluca/todo_landlock
  * sd-device: do not use ::subsystem member directly
  * efi: drop glibc header and use pre-defined macros
  * util: expose urlsafe_base64char()
  * udev: use hashed path as a filename to save devlink
  * test: add tests for udev_node_escape_path()
  * udev: refuse unsafe device symbolic link
  * udev: logs when failed to remove saved info about devlink
  * udev: use touch_file() and limit the number of trial
  * udev: do not try to remove /dev
  * udev: logs if failed to remove devlink
  * udev: slightly update log message and adjust log level
  * udev: make link_find_prioritized() return 0, 1, or negative errno
  * udev: refuse to create device symlink when a non-symlink file already exists
  * udev: use path_extract_directory() and path_equal()
  * udev: extract same logic of creating device symlink
  * udev: try to create device symlink directly only when the link does not exist yet
  * udev: warn and propagate error in creating device symlink
  * util: move device-node.[ch] to shared
  * util: drop DEV_NUM_PATH_MAX and xsprintf_dev_num_path()
  * fix typo
  * Merge pull request #19796 from yuwata/udev-node-cleanups
  * shell-completion: udevadm: support --uuid option
  * test: add a testcase that demonstrates a conflict of hashed filename
  * udev: always use last 11 chars for hash string
  * conf-parser: make config_parse_tristate() accept an empty string
  * sd-device: set driver subsystem if the sd_device object is generated from nulstr
  * sd-device: do not try to read uevent file multiple times
  * sd-device: make cloned sd_device object can read udev database without uevent file
  * network: show address flag in debugging logs
  * network: address: always read address flag from IFA_FLAGS attribute
  * Merge pull request #19815 from yuwata/sd-device-clone
  * Merge pull request #19837 from keszybz/disable-more-units
  * Merge pull request #19835 from keszybz/user-manager-bpf-errors
  * Merge pull request #19839 from yuwata/network-address-fix-flags-handling
  * network: use request queue to configure DHCP server
  * sd-dhcp-server: make sd_dhcp_server_start() no-op if it is already running
  * network: restart DHCP server on carrier gain
  * network: make manager_find_uplink() uses stored route information
  * network: introduce UplinkInterface= setting for DHCP server
  * test-network: add a testcase for UplinkInterface= for DHCP server
  * test-network: fix setting name
  * network: rename MdbEntry -> BridgeMDB
  * network: use request queue to configure bridge MDB
  * in-addr-util: introduce in6_addr_is_ipv4_mapped_address()
  * network: address label: refuse IPv4 mapped address with large prefix length
  * network: address label: use struct in6_addr instead
  * network: address label: use request queue to configure address labels
  * network: introduce network_adjust_ipv6_proxy_ndp()
  * network: move logic for setting proxy_ndp sysctl to networkd-sysctl.c
  * network: use request queue to configure IPv6 proxy NDP addresses
  * network: expose hash and compare functions
  * network: introduce request_hash_ops to dedup requests
  * network: request to configure static settings earlier
  * network: rename link_acquire_conf() -> link_acquire_dynamic_conf()
  * network: make link enter failed state on failure in link_update() and link_reset_carrier()
  * network: introduces link_drop_ipv6ll_addresses()
  * network: drop meaningless condition about setting MTU
  * network: merge link_configure() and link_configure_continue() again
  * network: use request queue to set MTU
  * network: use request queue to set link flags
  * network: use request queue to set MAC address
  * network: use request queue to set interface group
  * network: use request queue to set IPv6LL address generation mode
  * network: introduce link_request_to_set_master()
  * network: introduce link_request_to_create_stacked_netdev()
  * network: introduce link_request_to_set_bridge()
  * network: introduce link_request_to_set_bond()
  * network: rename networkd-brvlan.[ch] -> networkd-bridge-vlan.[ch]
  * network: rebreak arguments
  * network: introduce network_adjust_bridge_vlan()
  * network: expose bridge_vlan_append_info()
  * sd-netlink: add IFLA_BRIDGE_FLAGS and IFLA_BRIDGE_VLAN_INFO attributes
  * network: introduce link_request_to_set_bridge_vlan()
  * network: introduce link_get_master() and use it where applicable
  * network: move functions
  * network: make link enter failed state when link_initialized() is failed
  * network: update operational state or friends on reconfigure
  * network: shorten code a bit, and reduce indentation
  * network: split link_update() into small pieces
  * network: introduce link_call_getlink()
  * network: use link_call_getlink() where applicable
  * network: sync link information after set-link request is processed
  * network: set bridge or bond properties after master ifindex is set
  * network: it is not necessary to call RTM_GETLINK when carrier is gained
  * network: introduce link_request_to_activate()
  * network: use link_request_to_set_master() or friends
  * network: drop trivial aliases of link_set_state()
  * network: wait for all set-link requests are processed
  * Merge pull request #19639 from yuwata/network-next
  * meson: do not share compiler flags except for emitting warnings
  * core/socket: do not assign another fd to SocketPort which already has a fd on deserialization
  * udev: make WakeOnLan= take multiple features
  * dissect: try to find partition again on timeout
  * dissect: find partition more frequently
  * network: introduce IPv6StableSecretAddress= setting
  * test-network: add a test case for IPv6StableSecretAddress=
  * network: use request queue to configure CAN interfaces
  * network: read the minimum and maximum MTU of the interface, and adjust requested MTU based on these values
  * network: also adjust IPv6 MTU by the maximum MTU of the interface
  * network: route: update error message
  * network: do not drop requests on carrier lost
  * network: apply activation policy only when it is once activated
  * network: add brief comments about bound_to and bound_by list
  * network: handle bound_by list even if IgnoreCarrierLoss=yes
  * network: use request queue to handle bound_to list
  * network: use request queue to handle always-up or -down activation policy
  * network: make several link settings critical
  * network: do not process requests which conditionalized with link flags while the flags are updating
  * Merge pull request #19831 from yuwata/network-next2
  * Merge pull request #19852 from yuwata/network-stable-secret
  * tmpfile: several minor coding style fixes
  * ether-addr-util: drop redundant "addr" from struct hw_addr_data
  * ether-addr-util: introduce hw_addr_compare(), hw_addr_equal(), and hw_addr_is_null()
  * network: use hw_addr_equal() or friends
  * ether-addr-util, network: introduce ETHER_ADDR_TO_STR() macro and use it
  * man: merge several settings about netdev
  * network: sort settings about netdev
  * man: add missing settings
  * tmpfile: always get file descriptor of root or current directory
  * network: use link_get_by_name()
  * netlink: move resolve_ifname() or friends to netlink-util.[ch]
  * netlink: check input name is valid before calling netlink method
  * netlink: make rtnl_resolve_link_alternative_name() optionally return the main interface name
  * sd-device: introduce sd_device_new_from_ifname/ifindex()
  * tree-wide: use sd_device_new_from_ifindex/ifname()
  * nspawn: path_is_read_only_fs() may return negative errno
  * sd-dhcp: do not use detect_container() to guess udev is running or not
  * dhcp: do not use ifindex when generating iaid in tests
  * sd-dhcp: refuse to set iaid if we cannot find the interface
  * network: route: set link ifindex when multi-path routes specified without interface name
  * test-network: add a testcase for MultiPathRoute= without interface name
  * test-network: refuse routable state when no-carrier is expected
  * test-network: disable dynamic addressing protocols when ConfigureWithoutCarrier= is enabled
  * network: always check dynamic address assignments before entering configured state
  * network: check the size of hardware address before setting MAC address
  * network: try to bring down before setting MAC address
  * network: drop misleading debugging logs about MTU
  * sd-event: drop unnecessary "else"
  * sd-event: use CMP() macro
  * sd-event: use usec_add()
  * sd-event: make event_source_time_prioq_reshuffle() accept all event source type
  * sd-event: always reshuffle time prioq on changing online/offline state
  * core/service: fix assertion when Type=dbus but BusName= is not specified
  * test: add a test case for #19920
  * network: add missing increment of Link::set_flags_messages
  * network: do not partially update wlan information on failure
  * network: add brief comment about reconfiguring interfaces
  * network: update wlan information when IFF_LOWER_UP flag is gained
  * Merge pull request #19905 from yuwata/network-set-mac-try-again
  * Merge pull request #19913 from yuwata/network-fix-counter
  * Merge pull request #19924 from yuwata/sd-event-fix-assertion
  * tree-wide: add missing whitespace at the end of comments
  * fix typo
  * syscalls: update tables
  * syscalls: add riscv32
  * missing_syscall: add riscv32 support
  * man: add an example to configure default route on device with table
  * unit: use alias name of man page
  * Revert "journal-file: truncate archived journals"
  * Merge pull request #19928 from yuwata/riscv32
  * network: use void* to correctly store SetLinkOperation in Request
  * test: fix syscall existence check
  * NEWS: drop journal file truncation feature
  * NEWS: fix typo
  * network: IFA_F_NODAD flag is only for IPv6 addresses
  * man: fix RFC number and its title
  * network: always enable IPv4 ACD for statically configured IPv4LL address
  * Merge pull request #19981 from gablank/relative-time-unit-singular
  * virt: improve log message when we cannot read /sys/firmware/dmi/entries/0-0/raw
  * time-util: coding style fixes
  * nspawn: replace strextend_with_separator() -> strextendf_with_separator()
  * mount-util: make mount_flags_to_string() show flag name instead of number
  * extract-word: introduce EXTRACT_KEEP_QUOTE flag
  * test: add test cases for EXTRACT_KEEP_QUOTE and EXTRACT_UNQUOTE
  * mount-util: reduce scope of variable
  * mount-util: use EXTRACT_KEEP_QUOTE to handle mount options
  * mount-util: add one more assertion
  * Merge pull request #19991 from bluca/bash_compl_unbound_vars
  * Merge pull request #19990 from mrc0mmand/test-tweaks
  * socket-util: split out checking valid character for ifname into ifname_valid_char()
  * udev-util: introduce udev_replace_ifname()
  * udev: only network interface can be renamed
  * udev: introduce new netif naming scheme flag to strictly replace ifname
  * udev: refuse invalid ifname earlier
  * udev: fix key name in debug log
  * udev: replace unsafe characters on assigning ENV{key}="val" when OPTIONS="string_escape=replace" is set
  * man: update description of "string_escape=" udev option
  * udev: remove unsafe characters from ID_SERIAL for nvme
  * dirent-util: introduce readdir_ensure_type()
  * dirent-util: use readdir_ensure_type() in readdir_no_dot() and FOREACH_DIRENT()
  * sd-dhcp-client: check error earlier and reduce indentation
  * sd-dhcp-client: shorten code a bit
  * sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease
  * sd-dhcp-client: tentatively ignore FORCERENEW command
  * Revert "Revert "Mount all fs nosuid when NoNewPrivileges=yes""
  * core: do not set nosuid mount option when SELinux is enabled
  * udev/scsi: use the scsi device type number directly
  * man: document about NAMING_REPLACE_STRICTLY network interface naming policy
  * networkctl: drop unused member in struct VxLanInfo
  * sd-device: allow to read sysattr which contains embedded NUL
  * udev: update log messages
  * core/namespace: drop unnecessary initializations
  * udev: fix use of invalid pointer
  * udev: reduce scope of variables
  * udev-test: add a testcase for string_escape=replace
  * sd-netlink: shorten code a bit
  * sd-netlink: do not trigger assertion by calling socket_broadcast_group_unref() with an arbitrary group number
  * sd-netlink: rename variables and functions for generic netlink
  * sd-netlink: do not call lookup_nlmsg_type() for known generic netlink family
  * sd-netlink: shorten code a bit
  * sd-netlink: use usec_sub_unsigned() and USEC_INFINITY
  * man: fix typo
  * tree-wide: fix "the the" and "a a"
  * tree-wide: "a" -> "an"
  * sd-ipv4acd: use struct in_addr instead of be32_t
  * sd-ipv4acd: include announced address in log message
  * arp-util: align elements
  * arp-util: check sent message size
  * arp-util: check ifindex and mac address
  * arp-util: shorten code a bit
  * arp-util: make arp_send_{probe,announcement}() inline
  * arp-util: use struct in_addr
  * arp-util: split out logic of setting BPF code into a function
  * sd-ipv4acd: allow to change MAC address without restarting sd-ipv4acd
  * sd-ipv4acd: set defend window in timeout event and state is IPV4ACD_STATE_STARTED
  * sd-ipv4acd: allow to change requesting address without restarting sd-ipv4acd
  * sd-ipv4acd: update condition of address conflict
  * sd-ipv4ll: allow to set MAC address without stopping sd-ipv4ll engine
  * sd-ipv4ll: introduce sd_ipv4ll_set_check_mac_callback()
  * ether-addr-util: introduce hw_addr_hash_ops
  * network: rename Manager::links -> Manager::links_by_index
  * network: introduce link_get_by_hw_addr()
  * network: ipv4ll: make link enter failed state on failure of restarting ipv4ll engine
  * network: ipv4ll: refuse to configure IPv4LL address on interface where the length of the hardware address is not ETH_ALEN
  * network: ipv4ll: reset MAC address without stopping sd-ipv4ll engine
  * network: introduce address_dup() and replace address_copy() with it
  * network: introduce link_request_static_address()
  * network: address: do not send tentative flag
  * network: rename dhcp_lease_lost() -> dhcp4_lease_lost() and expose it
  * network: acquire address on request configure rather than on configure
  * network: make request_drop() accept NULL
  * network: ipv4acd: first probe address and then assign it
  * network: introduce callback fucntions to check the sender MAC address for IPv4ACD and IPv4LL
  * test-network: update tests for ipv4acd
  * network: ipv4acd: update log message
  * network: fix segfault in link_update_hardware_address()
  * parse-socket-bind-item: fix typo in comment
  * network: fix log message
  * network: drop old ndisc configurations after new ones are configured
  * network: drop old dhcp6 addresses or routes after new ones are configured
  * network: fix overflow issue in address lifetime calculation
  * test: enable debug logging of systemd-oomd
  * test: check memory pressure more frequently
  * test: also show the memory pressure of testchill.service
  * Merge pull request #20098 from milaq/hwdb_logitech_additions
  * wait-online: fix typo
  * Merge pull request #20167 from poettering/format-table-tweaks
  * Merge pull request #20168 from poettering/signal-util-tweak
  * Merge pull request #20166 from poettering/fsync-more
  * network: also check addresses when determine a gateway address is reachable or not
  * test-network: add a testcase for ManageForeignRoutes=no
  * network: check the received interface name is actually new
  * Merge pull request #20120 from yuwata/test-oomd-debug
  * network: update interface name stored in various network engines
  * Merge pull request #20109 from keszybz/timestamp-macros
  * network: further unification of MUD url parsers
  * network: dhcp4: also support semi-static routes with Gateway=_dhcp4 when UseGateway=no or UseRoutes=no
  * test-network: adjust testcases to follow the previous changes
  * test-network: add a testcase for semi-static route with Gateway=_dhcp4 when UseGateway=no
  * Merge pull request #20209 from yuwata/network-dhcp4-semi-static-route-with-use-gateway-no
  * network: introduce FORMAT_LIFETIME()
  * network: slightly simplify log_address_debug()
  * tree-wide: FORMAT_TIMESTAMP() or friends must be used as a function argument
  * network: configure address with requested lifetime
  * Merge pull request #20251 from keszybz/test-format-lifetime
  * Merge pull request #20346 from poettering/strlen-unsigned-fix
  * network: use address_equal()/route_equal() to compare addresses or routes configured by NDisc
  * sd-netlink: always append new bridge FDB entries
  * test-network: add a testcase for vxlan with IPv6 local address
  * network: update comment and man page
  * network: use request queue to configure IPv6 RA engine
  * network: introduce UplinkInterface= in [IPv6SendRA]
  * test-network: add a testcase for UplinkInterface= in [IPv6SendRA]
  * network: add comments
  * network: ignore errors on setting bridge config
  * test-network: add a test case for issue #20373
  * network: ignore errors on unsetting master ifindex
  * Merge pull request #20377 from yuwata/network-bridge-fdb-20305
  * core/cgroup: fix error handling of cg_remove_xattr()
  * core: wrap cgroup path with empty_to_root() in log messages
  * sd-dhcp6-client: do not ignore errors in client_receive_advertise()
  * network: use monotonic instead of boot time to handle address creation/update timestamp
  * network: reconfigure link after coming back from sleep
  * network: start/stop LLDP client on carrier gained/lost
  * network: do not drop foreign configs based on the previous .network file
  * network: do not drop foreign configs for loopback and critical interfaces on carrier lost
  * network: drop configurations in the previous .network file when entering unmanaged state
  * test-network: add a testcase to enter unmanaged state on reconfiguring
  * network: downgrade log level in dhcp4_configure()
  * network: downgrade log level in dhcp6_configure()
  * network: do not request UUID frequently on failure
  * network: use request queue to configure DHCP{4,6} clients
  * network: DHCP[46] -> DHCPv[46] in log messages
  * network: adjust log messages
  * network: ndisc: update a log message
  * network: make IPv6Token private, and ipv6token_new() static
  * network: use usec_add() at several more places
  * udev: rename type name e.g. struct worker -> Worker
  * udev: also rename struct udev_ctrl -> UdevCtrl
  * udev: move several functions
  * udev: update log message to clarify that the error is ignored
  * udev: make event_free() return NULL
  * udev: make event_queue_start() return negative errno on error
  * udev: add usec_add() at one more place
  * udev: propagate error on spawning a worker
  * udev: do not try to process events if there is no free worker
  * udev: rename is_device_busy() -> event_is_blocked()
  * list: introduce LIST_FOREACH_BACKWARDS() macro and drop LIST_FOREACH_AFTER/BEFORE()
  * udev: do not try to find blocker again when no blocker found previously
  * udev: skip event when its dependency cannot be checked
  * Merge pull request #19901 from yuwata/network-reconfigure-after-sleep
  * Merge pull request #19939 from yuwata/network-dhcp-client-use-request-queue
  * Merge pull request #20410 from yuwata/network-ndisc-cleanups
  * sd-dhcp6-client: fix copy-and-paste mistake
  * sd-dhcp6-client: cirtainly adjust T1 and T2
  * sd-dhcp6-client: use SYNTHETIC_ERRNO()
  * sd-dhcp-server: use hashmap_ensure_put()
  * sd-dhcp-server: fix possible double-free or use-after-free
  * sd-dhcp-server: support static lease outside of address pool
  * test-network: test static lease outside of pool
  * hostname: fix off-by-one issue in gethostname()
  * hostname: introduce gethostname_full() and use it in various gethostname() variants
  * network: introduce a helper function netdev_is_stacked_and_independent()
  * network: use netdev_enter_failed() instead of netdev_drop() on error
  * network: adjust log messages, function names, etc.
  * network: recreate stacked netdevs when underlying device is re-added
  * test-network: add a testcase for recreating stacked netdevs
  * network: fix configuring of CAN devices
  * Merge pull request #20432 from yuwata/network-recreate-stacked-netdevs
  * basic/linux: update linux uapi headers
  * network: can: move function
  * network: rebreak conf parser arguments
  * network: check validity before copying the input string
  * network: can: refuse too large restart sec earlier
  * network: can: introduce config_parse_can_control_mode()
  * network: can: add missing control modes
  * network: can: make Termination= optionally take a raw resistor value
  * network: SamplePoint= should be specified only when BitRate= is specified
  * network: can: allow to specify bit-timing with TimeQuantaNSec= and friends
  * man: address label can be set only for IPv4 addresses
  * ethtool: make the size of 'features' array static
  * ethtool: make ethtool_set_features() return earlier when nothing is requested
  * Merge pull request #20442 from yuwata/network-can-introduce-many-settings
  * Merge pull request #20443 from yuwata/network-conf-parser-cleanups
  * Merge pull request #20450 from yuwata/ethtool-cleanups
  * udevadm: introduce find_device_with_action() helper function
  * udevadm: introduce parse_device_action() helper function
  * shell-completion: add missing uevent actions for udevadm
  * udevadm: introduce -a|--action option for test-builtin command
  * network: do not assume the highest priority when Priority= is unspecified
  * Merge pull request #20456 from tomty89/man
  * Merge pull request #20460 from yuwata/udevadm-test-builtin-introduce-action
  * tree-wide: fix typo
  * udev: make RxChannels= or friends also accept "max"
  * creds-util: fix possible divide-by-zero
  * timesync: fix wrong type for receiving timestamp in nanoseconds
  * icmp6: drop unnecessary assertion
  * network: add UseMTU= in [IPv6AcceptRA]
  * Merge pull request #20484 from DaanDeMeyer/rx-gro-hw
  * Merge pull request #20494 from bluca/snprintf_voidify
  * Merge pull request #20499 from poettering/align-to-tweak
  * Merge pull request #20500 from poettering/import-tweaks
  * network: fix logic for checking gateway address is ready
  * test-network: add testcases that gateway address is IPv6 link local
  * Merge pull request #20303 from andir/sysconfig-example
  * tree-wide: fix typo
  * Merge pull request #20498 from yuwata/network-fix-gateway
  * network: dhcp4,ndisc: make addresses in Allow/DenyList= optionally take prefix length
  * test-network: add more testcases for *Allow/DenyList=
  * Merge pull request #20513 from yuwata/network-allow-deny-list-take-prefix-length
  * path-util: split out common part in find_executable_full()
  * path-util: make find_executable() work without /proc mounted
  * test-execute: logs can_share flag
  * Merge pull request #20524 from weblate/weblate-systemd-master
  * test-execute: add a testcase for MountAPIVFS=no
  * ethtool: move function
  * udev/net: initialize coalesce tristate variables
  * Merge pull request #20531 from DaanDeMeyer/fix-17433
  * Merge pull request #20515 from yuwata/pid1-mount-apivfs-no
  * Merge pull request #20541 from yuwata/udev-coalesce-follow-up
  * Merge pull request #20553 from weblate/weblate-systemd-master
  * sd-netlink: drop unused type
  * test: add usual log messages in test-netlink
  * sd-netlink: rename variables, arguments, and functions
  * sd-netlink: make message_seal() accept already sealed messages
  * sd-netlink: make type_get_type_system{,_union}() return value directly
  * sd-netlink: rename functions
  * sd-netlink: introduce two helper functions for type system union
  * sd-netlink: move type systems
  * sd-netlink: make several type systems static
  * sd-netlink: split netlink-types.[ch] into small files
  * sd-netlink: rename several type systems for generic netlink
  * sd-netlink: drop genl type system indexed by command
  * sd-netlink: unify two spurious type system root for genl
  * sd-netlink: introduce basic_type_system
  * basic: copy genetlink.h to repository
  * sd-netlink: add several missing attributes
  * sd-netlink: wrap long function declarations
  * sd-netlink: drop 'flags' argument from sd_nfnl_nft_message_new_table()
  * sd-netlink: split type system for nfnl
  * sd-netlink: drop redundant string table lookup functions to handle type system union
  * sd-netlink: introduce several macros to define type system
  * sd-netlink: split message_new() into two parts and introduces message_new_full()
  * sd-netlink: drop sd_genl_family_t and introduce GenericNetlinkFamily
  * sd-netlink: read protocol version of each genl family
  * sd-netlink: determine header size of genl message by using CTRL_ATTR_HDRSIZE attribute
  * sd-netlink: introduce sd_genl_message_get_command()
  * sd-netlink: split sd_netlink_add_match() into two parts
  * sd-netlink: introduce sd_genl_add_match()
  * sd-netlink: make type_system_get_*() and friends return value directly
  * Merge pull request #20057 from yuwata/sd-netlink-genl-cleanups
  * socket-util: introduce CMSG_SPACE_TIMEVAL/TIMESPEC macro to support additional 64bit timeval or timespec
  * timesync: check cmsg length
  * core: fix typo: they -> the
  * Merge pull request #20583 from poettering/pk-no-tty
  * Merge pull request #20567 from yuwata/socket-additional-cmsg-buffer
  * network/netdev: append IFLA_INFO_DATA attribute only when it is necessary
  * basic/linux: add more bridge headers
  * sd-netlink: support more rtnl attributes
  * sd-netlink: specify appropriate netlink attribute type
  * sd-netlink: introduce sd_netlink_message_get_max_attribute()
  * udev: fix potential memleak
  * udev: drop redundant chase_symlinks()
  * udev: simplify get_virtfn_info()
  * udev: pass rtnl to builtin commands
  * udev: use passed rtnl in net_setup_link builtin command
  * udev: rename struct netnames -> NetNames
  * udev: introduce link_info_get()
  * udev: use link information obtained through netlink
  * udev: do not remove control socket on exit
  * Merge pull request #20614 from poettering/efi-clean-ups
  * sd-device: introduce device_has_devlink()
  * udev-node: split out permission handling from udev_node_add()
  * udev-node: stack directory must exist when adding device node symlink
  * udev-node: save information about device node and priority in symlink
  * udev-node: always update timestamp of stack directory
  * udev-node: assume no new claim to a symlink if /run/udev/links is not updated
  * udev-node: always atomically create symlink to device node
  * udev-node: check stack directory change even if devlink is removed
  * udev-node: shorten code a bit and update log message
  * udev-node: add random delay on conflict in updating device node symlink
  * udev-node: drop redundant trial of devlink creation
  * fs-util: drop unnecessary initialization
  * fs-util: use futimens_opath() helper function
  * xattr-util: drop unused path_getcrtime()
  * Merge pull request #20603 from yuwata/udev-node-cleanups
  * man: drop unnecessary white space
  * network: use master ifindex to check if the interface is enslaved
  * network: assume enslaved when master ifindex is positive
  * network: introduce KeepMaster= setting
  * test-network: add tests for KeepMaster=
  * network: add 80-container-vb.network
  * tree-wide: fix typo
  * home: 'secret' argument of handle_generic_user_record_error may be null
  * tmpfiles: minor modernization
  * mkdir: rewrite mkdir_parents() with path_find_{first,last}_component()
  * fs-util: rewrite rmdir_parents() with path_find_last_component()
  * test: do not try to remove /dev
  * network: fix wrong flag: manage_foreign_routes -> manage_foreign_rules
  * Merge pull request #20693 from mcatanzaro/mcatanzaro/nss-buffers
  * network: use sd_netlink_message_read_string_strdup()
  * network: introduce ipv4acd_set_ifname()
  * network: introduce route_by_kernel() helper function
  * network: do not try to drop addresses or routes of unmanaged interfaces on carrier lost
  * network: drop unused "after_configure" feature for nexthops, neighbors, and routing policy rules
  * network: fix handling of network interface renaming
  * network: simplify code a bit
  * network: enable IP masquerade when address is assigned
  * network: store IPv6LL address even if link is in failed state
  * network: define Address earlier
  * network: always call address ready callback if address is ready
  * network: do not drop IPv6LL address in link_drop_addresses()
  * cgroup-util: use _cleanup_free_ attribute
  * cgroup-util: use string_hash_ops_free
  * oomd: refuse to start if cgroup memory controller is not available
  * test-oomd-util: skip tests if cgroup memory controller is not available
  * unit: systemd-oomd.service requires cgroup memory controller
  * udev-node: simplify the example of race
  * udev-node: do not ignore unexpected errors on removing symlink in stack directory
  * Merge pull request #20672 from mrc0mmand/more-storage-tests
  * Merge pull request #20715 from yuwata/udev-node-follow-ups
  * sd-device: do not recreate the same symlinks which store watch handle
  * udev-watch: retry to save watch handle with random delay
  * test-network: kernel treats the lowest IP address as unicast since 5.14
  * network: move common route settings to {dhcp4,ndisc}_request_route()
  * network: dhcp4: return earlier on failure
  * network: dhcp4: log server address
  * network: dhcp4: use free_and_strdup_warn()
  * network: use ltype to distinguish DHCPv4 and DHCPv6
  * network: do not use RouteTable= in [DHCPv4] section for DHCPv6 routes
  * Merge pull request #20700 from yuwata/network-dhcp-cleanups
  * in-addr-prefix-util: introduce several utilities for address prefix
  * test: slightly modernize test-in-addr-util.c
  * test: add tests for in-addr-prefix-util.c
  * core/cgroup: set bitfield to reduce struct size
  * core: replace IPAddressAccessItem with struct in_addr_prefix
  * network: replace config_parse_address_filter() with config_parse_in_addr_prefixes()
  * ethtool-util: use sizeof()
  * ethtool-util: shorten code a bit
  * ethtool: do not set unavailable or never_changed bits
  * ethtool-util: apply tx-checksum-* features at last
  * ethtool-util: add more network device features
  * network: introduce NetworkConfigSource and NetworkConfigState
  * network: use NetworkConfigSource/State to manage neighbors
  * network: use NetworkConfigSource/State to manage routing policy rules
  * network: use NetworkConfigSource/State to manage nexthops
  * Merge pull request #20742 from pdmorrow/startup_cpus
  * Merge pull request #20728 from yuwata/network-introduce-source-and-state-neighbor-rule-and-nexthops
  * Merge pull request #20729 from yuwata/ethtool-features-set
  * test: use --settle option for udevadm trigger
  * test: use /dev/null instead of the loop back network interface
  * test: use --settle option for udevadm trigger
  * test: use --settle option for udevadm trigger
  * test: drop unnecessary sleep and 'udevadm settle'
  * Merge pull request #20738 from mrc0mmand/ci-llvm-13
  * Merge pull request #20721 from mrc0mmand/test-storage-lvm
  * journal,network,timesync: fix segfault on 32bit timeval/timespec systems
  * Merge pull request #20652 from OnkelUlla/fix_systemd.netdev_manpage
  * Merge pull request #20800 from keszybz/smack-compilatio-fix
  * sd-dhcp6-client: ignore IAs whose IAID do not match client's IAID
  * network: disable event sources before unref them
  * libsystemd-network: disable event sources before unref them
  * network: use NetworkConfigSource/State to manage addresses and routes
  * network: address_equal() is not used anymore, hence move it to test-network.c
  * network: drop unused features in request queue
  * network: drop unnecessary link_drop_foreign_config()
  * meson: refuse implicit int <-> pointer conversion
  * meson: sort files
  * sd-lldp: rename sd-lldp.[ch] -> sd-lldp-rx.[ch]
  * test: also rename {test,fuzz}-lldp.c
  * sd-lldp-rx: rename sd_lldp -> sd_lldp_rx
  * sd-lldp-rx: split out enum definitions
  * sd-lldp: constify OUI
  * sd-lldp: introduce SD_LLDP_OUI_IANA_MUD macro
  * hostname-util: introduce get_pretty_hostname()
  * sd-lldp-tx: introduce sd-lldp-tx
  * network: use sd-lldp-tx
  * Merge pull request #20855 from dannf/update-net-name-schemes
  * Merge pull request #20846 from yuwata/sd-lldp-tx
  * sd-lldp-rx: ignore all errors in processing datagram
  * sd-lldp-rx: introduce sd_lldp_rx_is_running()
  * sd-lldp-rx: add comments about the three multicast addresses
  * sd-lldp-rx: ensure no event will be triggered after sd_lldp_rx_detach_event() is called
  * prioq: introduce prioq_ensure_put()
  * sd-lldp-rx: delay allocating hashmap and prioq to store neighbors
  * sd-lldp-rx: add missing assertions
  * sd-lldp-rx: wrap long line
  * sd-lldp-rx: use _cleanup_ attribute at one more place
  * sd-lldp-rx: do not enable timer event source in sd_lldp_rx_get_neighbors()
  * sd-lldp-rx: sd_event should be attached when lldp_rx_start_timer() is called
  * sd-lldp-rx: make lldp_rx_free() and lldp_neighbor_free() accept NULL
  * Merge pull request #20861 from yuwata/sd-lldp-rx-cleanups
  * tree-wide: make format_ifname() or friends return negative errno on failure
  * libsystemd-network: make sd_dhcp_client_get_ifname() or friends return negative errno on error
  * Merge pull request #20860 from yuwata/libsystemd-network-get-ifname-negative-errno
  * Merge pull request #20865 from keszybz/meson-net-naming-definitions
  * sd-dhcp6-client: constify one argument
  * sd-dhcp6-client: modernize dhcp6_option_parse()
  * test: add tests for reading unaligned data
  * sd-dhcp6-client: make dhcp6_option_parse_status() also parse error message
  * sd-dhcp6-client: modernize dhcp6_option_parse_ia()
  * sd-dhcp6-client: fix buffer size calculation in dhcp6_option_parse_ip6addrs()
  * sd-dhcp6-client: slightly modernize dhcp6_option_parse_domainname()/domainname_list()
  * sd-dhcp6-client: constify several arguments
  * sd-dhcp6-client: use dhcp6_option_parse() in client_parse_message()
  * sd-dhcp6-client: drop domains_count and ntp_fqdn_count
  * sd-dhcp6-client: make dhcp6_lease_free() accepts NULL
  * sd-dhcp6-client: support multiple domains
  * sd-dhcp6-client: support multiple NTP server options
  * sd-dhcp6-client: do not merge NTP and SNTP options
  * sd-dhcp6-client: rename dhcp6_lease_set_dns() -> dhcp6_lease_add_dns()
  * basic/linux: update nl80211.h
  * sd-netlink: minor coding style fixes
  * sd-netlink: add type safe macro for sd_genl_add_match()
  * sd-netlink: allow to set dump flag for genl or netfilter messages
  * sd-netlink: also check multicast group to find suitable match callback
  * sd-netlink: make sd_genl_message_new() or friends return -EOPNOTSUPP if a module is not supported by the kernel
  * sd-netlink: introduce sd_netlink_message_read_data_suffix0()
  * wifi-util: add "ret_" prefix for arguments which store results
  * sd-netlink, wifi-util: fix attribute type of NL80211_ATTR_SSID
  * sd-netlink: add several attributes for nl80211
  * wifi-util: move, rename, and expose wifi_iftype_to_string()
  * network: rename wifi_iftype -> wlan_iftype
  * wifi-util: introduce nl80211_cmd_to_string()
  * network: split manager_new() into two part
  * network: make manager_enumerate_internal() take sd_netlink object
  * network: move error handling of enumerating configs to caller side
  * network: receive genl multicast messages about wlan connections
  * Merge pull request #20802 from yuwata/network-receive-nl80211-multicast-messages
  * network: do not update state files when running in test mode
  * network: do not configure anything when running in test mode
  * Revert "CI: run unit tests in a network namespace"
  * Merge pull request #20823 from mrc0mmand/test-storage-iscsi
  * Merge pull request #20877 from yuwata/network-test-mode
  * Merge pull request #20871 from mrc0mmand/udevadm-property-value
  * Merge pull request #20226 from yuwata/network-introduce-source-and-status
  * Merge pull request #20824 from yuwata/sd-dhcp6-client-cleanups
  * core/mount: add implicit unit dependencies even if when mount unit is generated from /proc/self/mountinfo
  * Merge pull request #20876 from poettering/openssl3-creds
  * Merge pull request #20777 from benzea/benzea/fix-seccomp-filter
  * network: address: fix flags and lifetime in debugging logs
  * network: make several hash_ops static
  * network: rename address_hash_ops -> address_hash_ops_free
  * network: drop and warn duplicated Address= settings
  * network: downgrade log level for non-critical errors
  * network: do not ignore critical errors like OOM
  * test-network: add tests for duplicated address setting
  * Merge pull request #20937 from poettering/sync-split
  * sd-device: make device_get_cached_sysattr_value() distinguish if we have looked up the attribute
  * sd-device: expose device_cache_sysattr_value() and device_get_cached_sysattr_value()
  * ether-addr-util: make hw_addr_to_string() return valid string even if hardware address is null
  * udev: rename udev-builtin-net_id-netlink.[ch]
  * udev: introduce device_get_sysattr_value_maybe_from_netlink()
  * test: add tests for device_get_sysattr_value_maybe_from_netlink()
  * udev: cache obtained sysattr from netlink into sd_device object
  * udev: use LinkInfo::iftype at one more place
  * udev: replace sd_device_get_sysattr_value() with device_get_sysattr_value_maybe_from_netlink()
  * udev: read more attributes through netlink and cache them
  * core/service: also check path in exec commands
  * ethtool-util: make wol_options_to_string() not return all flag strings
  * ethtool-util: do not try to enable unsupported WoL options
  * ethtool-util: make ethtool_set_wol() take password
  * network: radv: reorder functions
  * in-addr-util: introduce in6_addr_hash_ops_free
  * in-addr-util: introduce in{4,6}_addr_mask()
  * in-addr-util: do not shift 8 or more for uint8_t
  * in-addr-util: introduce in{4,6}_addr_prefix_covers()
  * network: move address generation methods to network-address-generation.[ch]
  * network: fix prefixlen for reserved subnet anycast address
  * network: make generate_ipv6_eui_64_address() take prefix
  * network: radv: ignore Assign= if prefixlen is larger than 64
  * network: ndisc: ignore autonomous prefix with prefix length larger than 64
  * network: address-generation: always use the first 64 bits of the prefix
  * network: address-generation: always start DAD counter from zero
  * network: address-generation: mask prefix with prefixlen for safety
  * network: address-generation: modernize config_parse_address_generation_type()
  * network: address-generation: use in6_addr_hash_ops_free
  * network: address-genereation: introduce generate_addresses()
  * network: rename IPv6Token= in [Network] -> Token= in [IPv6AcceptRA]
  * network: introduce Token=eui64
  * network: extend Token= setting in [DHCPv6PrefixDelegation]
  * network: introduce Token= setting in [IPv6Prefix]
  * network: make generate_eui64_address() static
  * test-network: replace deprecated settings
  * test-network: add tests for Token= in [IPv6Prefix]
  * udev/net: introduce WakeOnLanPassword=
  * Merge pull request #20935 from unusual-thoughts/fix-empty-argv
  * Merge pull request #20778 from yuwata/network-ipv6-token
  * Merge pull request #20969 from poettering/cryptenroll-no-homed
  * busctl: use set_ensure_consume()
  * busctl: shorten code a bit
  * busctl: add missing header
  * test: add a test for parsing xml obtained by DBus Introspect method
  * Merge pull request #20973 from yuwata/busctl-trivial-cleanups
  * Merge pull request #20965 from poettering/getdents
  * Merge pull request #20981 from poettering/glibc-less-internal
  * test: add more node enumerator tests
  * sd-radv: rename sd_radv_prefix_set_route_prefix() -> sd_radv_route_prefix_set_prefix()
  * network: radv: make conf parsers not set values into sd_radv_prefix/sd_radv_route_prefix
  * network: radv: mask unnecessary part of specified addresses
  * network: radv: verify [IPv6Prefix] and [IPv6RoutePrefix] sections
  * network: radv: set non-zero lifetime for DNS servers and domains by default
  * network: radv: extends lifetime for DNS servers or domains propagated from uplink
  * test: shorten code a bit
  * test: use assert_se() instead of assert()
  * Merge pull request #20985 from yuwata/test-bus-node-enumerator
  * network: dhcp6-pd: also assign addresses in IA_PD prefixes on uplink interface
  * sd-dhcp6-client: typedef several enums
  * sd-dhcp6-client: name one more enum
  * sd-dhcp6-client: add missing message types
  * sd-dhcp6-client: add missing parenthesis
  * sd-dhcp6-client: add missing options
  * network: do not request RAPID_COMMIT option
  * sd-dhcp6-client: introduce dhcp6_option_can_request()
  * sd-dhcp6-client: max_retransmit_time must be positive
  * Merge pull request #20992 from keszybz/fix-two-outputs
  * sd-device-monitor: update log message to clarify the error will be ignored
  * test: show debug and verbose message
  * core/bpf-firewall: add missing oom check
  * Merge pull request #21006 from DaanDeMeyer/mkosi-ordering
  * Merge pull request #21001 from poettering/alloca-safe
  * unit: networkd does not require AF_ALG anymore
  * userdb: fix type to pass to connect()
  * Merge pull request #21023 from poettering/home-prepare-rename
  * network: add missing DHCPv6PD address check
  * network: dhcp6pd: check if address is ready only when Assign=yes
  * network: dhcp6: always assign prefix through dhcp6_pd_assign_prefix()
  * network: dhcp6: shorten code a bit
  * network: dhcp6: manage assigned downstream prefixes by using Hashmap
  * network: dhcp6: use IPv6 specific functions
  * network: route: fix possible overflow in conversion usec_t -> uint32_t
  * tree-wide: use AF_NETLINK instead of PF_NETLINK
  * network: neighbor: fix log message
  * network: route: drop kernel version check for route expiration
  * sd-netlink: introduce sd_netlink_attach_filter()
  * network: introduce BPF to reject netlink messages about non-static neighbor
  * Merge pull request #21035 from yuwata/network-route-fix-lifetime
  * sd-dhcp6-client: introduce sd_dhcp6_lease_get_timestamp()
  * network: dhcp6pd: set lifetime to routes for assigned prefixes
  * network: dhcp6: explicitly specify metric for unreachable route
  * network: dhcp6pd: set default metric 256 for delegated prefix
  * test-network: use constant variables in dnsmasq command
  * test-network: drop pid_file argument from stop_dnsmasq()
  * test-network: cleanup dnsmasq related file on setup
  * Merge pull request #21056 from yuwata/test-network-cleanups
  * Merge pull request #21041 from yuwata/network-bpf-neighbor
  * Merge pull request #21061 from poettering/direct-io-loopback-tweaks
  * Merge pull request #21051 from poettering/nspawn-no-sync
  * zsh-completion: nspawn: add --suppress-sync option
  * network: drop unnecessary header inclusion
  * network: route: rename lifetime -> lifetime_usec
  * network: ndisc: add missing lifetime check
  * network: ndisc: rename valid_until -> lifetime_usec
  * network: address: use usec_t for handling lifetime
  * arp-util: shorten BPF code a bit
  * lldp: shorten code a bit
  * dhcp: shorten code a bit
  * dhcp: fix assertions
  * dhcp: rebreak function arguments
  * dhcp: shorten BPF code a bit
  * icmp6: shorten code a bit
  * Merge pull request #21050 from yuwata/network-bpf-cleanups
  * Merge pull request #21072 from yuwata/network-address-lifetime
  * network: dhcp6pd: not necessary to drop routes when Assign=yes
  * Merge pull request #21081 from mrc0mmand/even-more-coverage-tweaks
  * network: dhcp6pd: also call dhcp6_pd_prepare() and dhcp6_pd_finalize() for upstream interface
  * network: dhcp6pd: check link state earlier before assigning prefixes to downstream
  * network: dhcp6pd: fix the default value of subnet ID
  * nspawn: ignore --suppress-sync=yes when seccomp is disabled
  * Merge pull request #21082 from yuwata/network-dhcp6-pd-trivial-cleanups
  * Merge pull request #21108 from mrc0mmand/here-comes-the-coverage
  * nspawn: fix build when SECCOMP is disabled
  * Merge pull request #21077 from poettering/mount-setattr
  * Merge pull request #21117 from mrc0mmand/last-coverage-related-tweaks
  * Merge pull request #21116 from poettering/test-cleaner
  * network: dhcp6pd: introduce a simplified and unified method to calculate subnet prefix
  * network: dhcp6pd: move logic of acquiring subnet prefix into dhcp6_pd_assign_prefix()
  * network: dhcp6: rename variables
  * network: rename function
  * udev: do not try to rename interface if it is already up
  * libsystemd-network: do not warn when log_dhcp_client() or friends with NULL
  * Merge pull request #21119 from yuwata/network-dhcp6-pd-cleanups
  * network: ndisc: fix behavior when DHCPv6Client=always
  * network: dhcp6pd: do not assign downstream prefix when RADV is requested but not configured yet
  * test: enable debug logging of systemd-udevd
  * Merge pull request #21097 from poettering/dir-is-empty-fix
  * network: delay dropping addresses or so on reloading .network files
  * test-network: reconfigure interface instead of restarting networkd
  * Merge pull request #21122 from yuwata/network-optimize-reload
  * network: dhcp6: introduce UseDelegatedPrefix= setting and enable by default
  * network: dhcp6: do not reconfigure/restart DHCPv6 clients when a new downstream appears
  * network: dhcp6pd: do not trigger prefix reassignment for all downstreams when a new downstream appears
  * network: move config_parse_uplink() to networkd-dhcp-common.[ch]
  * network: dhcp6: introduce UplinkInterface= for DHCP6 prefix delegation
  * test-network: add test cases for DHCPv6 prefix delegation
  * Merge pull request #21000 from yuwata/network-dhcp6-pd-introduce-uplink
  * network: deprecate ForceDHCPv6PDOtherInformation= setting
  * network: do not restart DHCPv6 client when WithoutRA= is set
  * network: dhcp6: make UplinkInterface=:self imply WithoutRA=solicit
  * man: adjust the explanations related to the DHCPv6 client starting mode
  * Merge pull request #21129 from yuwata/network-dhcp6-pd-vs-ndisc
  * sd-radv: make sd_radv_set_router_lifetime() take usec_t (uint64_t)
  * sd-radv: use assert_return()
  * sd-radv: use IPv6 specific functions
  * sd-radv: drop SD_ prefix for unexposed constants
  * sd-radv: make several constants not exposed
  * sd-radv: add several notes about constants
  * sd-radv: introduce RADV_DEFAULT_ROUTER_LIFETIME_USEC
  * sd-radv: router lifetime must be 0 or between 4 seconds and 9000 seconds
  * sd-radv: update how to calculate interval of sending advertisements
  * network: radv: refuse invalid router lifetime in conf parser
  * conf-parse: make config_parse_many() optionally save 'struct stat' for each file
  * Merge pull request #21144 from yuwata/sd-radv-trivial-cleanups
  * Merge pull request #21143 from yuwata/sd-radv-router-lifetime
  * network: address: use passed Address object if possible
  * network: route: update lifetime of existing route
  * sd-radv: make prefix/route prefix lifetime can be specified with independently with valid_until
  * sd-radv: shorten the default lifetime for prefix/route prefix
  * network: radv: shorten default lifetime of prefix, route prefix, DNS, and domains
  * test-network: add tests for invalid IPv6 token
  * network: verify [IPv6AddressLabel] section
  * test-network: add tests for invalid [IPv6AddressLabel] section
  * test-network: add more tests for [Address] section
  * test: do not use alloca() in function call
  * Merge pull request #21138 from bluca/show_extensions
  * doc: fix typo in command
  * Merge pull request #21136 from poettering/homed-uidmap-dir-only
  * Merge pull request #21150 from yuwata/sd-radv-shorten-default-lifetime-2
  * systemctl: drop redundant "else"
  * Merge pull request #21153 from yuwata/network-lifetime-fix
  * test: update comment
  * Merge pull request #21157 from yuwata/network-address-label-verify
  * Merge pull request #21163 from poettering/scope-no-pid
  * home: fix use of uninitialized value
  * sd-ndisc: drop unused functions
  * sd-radv: fix implicit conversion to boolean
  * libsystemd-network: drop _public_ attribute
  * Merge pull request #21180 from yuwata/libsystemd-network-cleanups
  * Merge pull request #21175 from tohojo/dhcp-server-expire
  * sd-dhcp6-client: always set suitable ARP type
  * sd-dhcp6-client: request IA_PD by default
  * core: ignore failure on setting smack process label when allowed
  * sd-dhcp6: drop unused functions
  * sd-lldp-tx: drop unused and useless function
  * sd-dhcp6-client: introduce sd_dhcp6_lease_get_server_address()
  * network: save server address to DHCPv6 addresses
  * Merge pull request #21199 from yuwata/sd-dhcp6-client-trivial-cleanups
  * Merge pull request #21200 from yuwata/sd-dhcp6-client-server-address
  * sd-dhcp6-client: update log messages
  * sd-dhcp6-client: prefix variables which store results with "ret_"
  * sd-dhcp6-client: shorten code a bit
  * sd-dhcp6-client: introduce dhcp6_lease_{get,set}_clientid()
  * sd-dhcp6-client: do not implicitly cast to boolean
  * sd-dhcp6-client: simplify code a bit
  * Merge pull request #21204 from yuwata/sd-dhcp6-client-cleanups
  * network/veth: also set MTU for peer interface
  * test-network: add test case for MTUBytes= for veth
  * network: dhcp-server: introduce Router= setting to specify router address
  * test-network: add a testcase for Router= setting
  * Merge pull request #21210 from yuwata/network-dhcp-server-introduce-router-setting
  * Merge pull request #21216 from poettering/take-fd-tweak
  * Merge pull request #21217 from keszybz/debug-test-process-util
  * network: ndisc: split out prefix option handling into ndsic_router_process_prefix()
  * network: ndisc: do not read DNSSL option when UseDomains=no
  * network: ndisc: introduce UseGateway= and UseRoutePrefix= settings
  * Merge pull request #21265 from poettering/userdb-fixes
  * ether-addr-util: introduce several helper functions
  * ether-addr-util: make hw_addr_is_null() return true also for all zero address
  * arphrd-util: rename arphrd-list.[ch] -> arphrd-util.[ch]
  * arphrd-util: introduce arphrd_to_hw_addr_len()
  * netif-util: move several functions from network-util.[ch] to shared/netif-util.[ch]
  * netif-util: rename link_get_type_string() -> net_get_type_string()
  * netif-util: rename net_get_name_persistent() -> net_get_persistent_name()
  * netif-util: split net_get_unique_predictable_data() into two
  * sd-netlink: add more attributes for CAKE
  * man: move Bandwidth= setting at the beginning of the [CAKE] section
  * man: use "…" for specifying ranges
  * network: tc/cake: introduce AutoRateIngress= setting
  * network: tc/cake: do not pass 0 if OverheadBytes= is not specified
  * network: tc/cake: introduce CompensationMode= setting
  * network: tc/cake: introduce FlowIsolationMode= setting
  * network: tc/cake: introduce NAT= setting
  * network: tc/cake: introduce MPUBytes= setting
  * network: tc/cake: introduce PriorityQueueingProfile= setting
  * network: tc/cake: introduce FirewallMark= setting
  * network: tc/cake: introduce Wash= setting
  * network: tc/cake: introduce SplitGSO= setting
  * network: tc/cake: introduce UseRawPacketSize= setting
  * test-network: add testcases for CAKE settings
  * Merge pull request #21268 from yuwata/network-ndisc-use-gateway
  * Merge pull request #21226 from yuwata/network-tc-cake
  * network/netdev: reduce indentation
  * network/netdev: update comment
  * network: geneve: use fill_message_create
  * network: bareudp: use fill_message_create
  * network/netdev: fix typo
  * network/bridge: drop if_bridge.h from bridge.h
  * network/netdev: sort netdev kinds
  * arp-util: drop redundant line
  * Merge pull request #21269 from yuwata/network-netdev-cleanups
  * ether-addr-util: introduce parse_hw_addr()
  * test: add tests for parse_hw_addr()
  * ether-addr-util: introduce parse_ether_addr()
  * ether-addr-util: replace ether_addr_from_string() with parse_ether_addr()
  * conf-parser: rename config_parse_hwaddr() -> config_parse_ether_addr()
  * ether-addr-util: introduce {hw,ether}_addr_hash_ops_free
  * conf-parser: introduce config_parse_hw_addr() and config_parse_hw_addrs()
  * Merge pull request #21281 from poettering/repart-align-fixes
  * Merge pull request #21276 from yuwata/ether-addr-util
  * man: add missing Firmware= setting
  * man: use include directive for [Match] section
  * network: cake: fix copy-and-paste error
  * hostnamed: use /proc/device-tree to get chassis type
  * condition: use /proc/device-tree/
  * sd-id128: use /proc/device-tree
  * core/cgroup: set bfq.weight first, and fixes blkio.weight value
  * netif-util: fix stack-use-after-scope
  * sd-netlink: fix type of NDA_LLADDR attribute
  * ether-addr-util: expose hw_addr_hash_func()
  * network: neighbor: use "struct hw_addr_data" to store link layer address
  * network: neighbor: accept an empty string assignment
  * ether-addr-util: introduce hw_addr_to_string_full()
  * udev: drop colon from ID_NET_NAME_MAC
  * test: use kbd-mode-map we ship in one more test case
  * ether-addr-util: fix ether_addr_is_local() and add one more helper
  * test: add tests for MAC address helper functions
  * sd-netlink: clear previous flags or state by _set_flags() or _set_state()
  * sd-netlink: introduce sd_rtnl_message_nexthop_get_flags()
  * network: mention that errors will be ignored
  * network: manage route and nexthop flags
  * networkctl: introduce dump_hw_address()
  * ethtool-util: introduce ethtool_get_permanent_hw_addr()
  * network: read permanent hardware address from netlink message
  * network: also logs iftype, kind, and permanent hardware address
  * networkctl: read permanent hardware address from netlink message
  * udev/net: read hardware address from netlink message
  * man: fix indentation
  * event-util: introduce event_reset_time_relative()
  * network: do not recall link_handle_bound_by_list() or so when the interface is reconfigured
  * network: make Token=prefixstable optionally take secret key
  * test-network: add testcases for Token=prefixstable with UUID
  * Merge pull request #21355 from bluca/coverity
  * network: split networkd-route.[ch]
  * network: introduce route_flags_to_string_alloc()
  * network: include route or nexthop flags in the debug logs
  * Merge pull request #21346 from yuwata/network-token-prefixstable
  * Merge pull request #21359 from yuwata/network-split-route
  * resolve: do not clear DNS servers or friends on link which is not managed by networkd
  * network: make IgnoreCarrierLoss= also take timespan
  * Merge pull request #21235 from bacher09/slava/supress_ifgroup
  * Merge pull request #21344 from yuwata/network-ignore-carrier-loss-timespan
  * Merge pull request #21377 from poettering/slow-math
  * network: address: use route_scope_from_string()
  * network: address: explicitly mention that the address is localhost
  * network: tuntap: drop unnecessary minus
  * network: accept all values provided by kernel
  * test-network: make udevd also generate debugging logs
  * test-network: check if actually alternative name is set
  * network: do not clear map from alternative names to link when IFLA_PROP_LIST attribute is not contained
  * network: skip re-generating map from alternative names to link
  * network: use BusObjectImplementation
  * network: support --bus-introspect option
  * man: add new man page org.freedesktop.network1
  * network: always try to reconfigure when carrier gained
  * Merge pull request #21435 from yuwata/network-cleanups-for-alternative-names
  * Merge pull request #21508 from poettering/conn-count-fix
  * Merge pull request #21506 from poettering/homed-uidmap-fixes
  * Merge pull request #21492 from andch-nn/add-micmute-dell-machine
  * Merge pull request #21503 from poettering/ioprio-fix
  * netif-util: introduce net_verify_hardware_address()
  * network: make MACAddress= takes hardware address with its length is INFINIBAND_ALEN
  * in-addr-util: introduce FAMILY_ADDRESS_SIZE_SAFE() macro
  * json: introduce several macros for building json object
  * network: address: expose address_flags_to_string_alloc()
  * network: json: use new building json macros
  * network: json: make {network,device}_build_json() accept NULL
  * network: json: split manager_build_json() into two
  * network: json: append address information
  * network: json: append route information
  * network: json: append nexthop information
  * network: json: append neighbor information
  * network: routing policy rule: introduce fr_act_type_full_to_string()
  * network: json: append routing policy rule information
  * network: introduce link_flags_to_string_alloc() and kernel_operstate_to_string()
  * network: json: add more link information
  * test-network: add basic tests of json output
  * homework: drop unnecessary initialization
  * homework: fix memleak
  * network,udev: make .network and .link file can match with hardware address longer or shorter than ETH_ALEN
  * network: json: add several entries for wait-online
  * dhcp: make sd_dhcp_lease_get_servers() accepts NULL
  * dhcp6: make sd_dhcp6_lease_get_dns() and friends accepts NULL
  * network: introduce NETWORK_CONFIG_SOURCE_RUNTIME
  * network: json: append DNS server information
  * network: json: append NTP server information
  * network: json: append SIP server information
  * network: make both search_domains and route_domains allocated on DBus call
  * network: json: append domains
  * network: json: append DNSSEC negative trust anchors
  * network: json: append DNS misc settings
  * netif-util: update log message
  * network: update comment
  * udev/net: rename variables
  * udev/net: introduce "struct Link" to store link attributes
  * udev/net: make MACAddress= takes hardware address for infiniband
  * network: veth: use SYNTHETIC_ERRNO() macro or use real error cause
  * network/netdev: introduce .iftype to netdev vtable
  * network/netdev: use "struct hw_addr_data" to store MAC address
  * network/netdev: verify specified MAC address
  * Merge pull request #21530 from keszybz/strv-cleanup
  * Merge pull request #21533 from yuwata/network-trivial-follow-ups
  * network: route: route->link may be NULL
  * network/netdev: move config_parse_netdev_kind() at the end
  * network/netdev: make MACAddress= take 'none' to suppress generating persistent hardware address
  * network/netdev: generate persistent MAC address for batadv and bridge
  * json: make JSON_BUILD_PAIR_IN_ADDR_NON_NULL or friends handle NULL gracefully
  * network: json: add missing initialization
  * test-network: add more basic tests for network json formats
  * man: fix copy-and-paste mistake
  * tree-wide: fix typo
  * Merge pull request #21559 from jcg190701/main
  * sd-dhcp6-client: fix error handling
  * ask-password: fix error handling
  * errno-util: introduce ERRNO_IS_TRANSIENT()
  * tree-wide: use ERRNO_IS_TRANSIENT()
  * libsystemd: ignore both EINTR and EAGAIN
  * network: address: drop deprecated temporary address
  * network: route: use typesafe function
  * network: route: read RTA_TABLE attribute to get route table
  * network/wireguard: drop unnecessary .in6 specifier
  * network: route: expose route_hash_ops
  * network: wireguard: automatically configure routes to addresses specified in AllowedIPs=
  * test-network: add tests for creating routes to wireguard's AllowedIPs=
  * Merge pull request #21288 from loongarch64/la64/main
  * Merge pull request #21536 from medhefgo/test
  * Merge pull request #21564 from yuwata/errno-eagain-eintr
  * Merge pull request #21581 from keszybz/really-random-fixlets
  * network: radv: use the uplink interface used in DHCPv6-PD
  * network: dhcp6: make UplinkInterface=:self take effect only when DHCPv6PrefixDelegation= is enabled
  * network: dhcp6-pd: introduce dhcp6_pd_is_uplink()
  * network: dhcp6-pd: exclude all explicitly specified subnet IDs when searching free IDs
  * test-network: add testcases for uplink interface detection for RADV with DHCPv6-PD
  * test-network: re-arrange DHCP6-PD subnet IDs to test searching free subnet ID
  * core/restrict-netif: make restrict_network_interfaces_supported() return negative errno only when critical error
  * core/cgroup: propagate errors on detecting supported features
  * core/bpf-firewall: make bpf_firewall_supported() always set unsupported reason when BPF_FIREWALL_UNSUPPORTED is returned
  * tree-wide: fix typo
  * Merge pull request #21583 from bluca/bpf_assert
  * Merge pull request #21585 from yuwata/network-radv-uplink-interface-auto-with-dhcp6-pd
  * parse-util: refuse leading white space in port number
  * network/wireguard: do not resolve Endpoint= if an IP address is specified
  * network/wireguard: cleanups for resolving endpoints
  * network/wireguard: search valid address of the endpoint from all struct addrinfo entries
  * Revert "network: address: drop deprecated temporary address"
  * Merge pull request #21584 from yuwata/network-wireguard-cleanups
  * network/netdev: generate persistent MAC address when creating netdev interface
  * sd-netlink: add support for IPoIB
  * network/netdev: add support to create IPoIB subinterface
  * network: add support to configure IPoIB interfaces
  * network: set MTU after IPoIB configs are applied
  * sd-netlink: fix implicit cast to boolean
  * Merge pull request #21563 from yuwata/network-IPoIB-support
  * udev/path_id: fix skip_subsystem()
  * udev/path-id: comment why USB host number is dropped from the PATH_ID
  * man: network: rebreak lines
  * man: network: fix default values for DNSSEC= and DNSOverTLS=
  * man: netdev: use <varname> tag
  * man: netdev: use … to specify range
  * man: netdev: merge and reword Egress/IngressQOSMAps=
  * dhcp6: drop unnecessary space
  * dhcp: fix indentation and alignment
  * network: route: logs null address with non-zero prefixlen correctly
  * network: route: handle null address with non-zero prefixlen correctly
  * network: dhcp6pd: fix copy-and-paste error
  * network: split networkd-dhcp6.c
  * test-network: make start_isc_dhcpd() take IP version
  * test-network: start dhcpd after address is assigned
  * network: eui64 address is supported only ethernet or infiniband
  * Merge pull request #21630 from yuwata/test-network-cleanups
  * Merge pull request #21632 from yuwata/network-dhcp6pd-fix-typo-and-split
  * network: dhcp6pd: also drop prefix assigned to upstream interface
  * network: route: make route_cancel_request() take Link*
  * network: dhcp6pd: drop unreachable routes when lease lost
  * network: dhcp6pd: also allow to only assign prefix route for delegated prefix to upstream interface
  * network: dhcp6pd: move dhcp6_pd_assign_prefixes()
  * network: dhcp6pd: skip to assign prefixes to a downstream link if it is not ready
  * network: dhcp6pd: shorten code a bit
  * network: dhcp6pd: first check prefixes, then calculate lifetime
  * network: dhcp6pd: make dhcp6_pd_assign_prefixes() used also by dhcp6_pd_prefix_acquired()
  * Merge pull request #21634 from yuwata/dhcp-header-cleanups
  * Merge pull request #21633 from yuwata/network-route-null-destination
  * Merge pull request #21620 from yuwata/udev-path-id
  * process-util: rename function arguments for storing results
  * process-util: handle double NUL as the end of command line
  * network: state-file: honor dhcp6_use_domains flag
  * Merge pull request #21638 from yuwata/network-dhcp6pd-prefix-lost
  * network: state-file: do not append dynamic entries when specified by DBus method
  * Merge pull request #21196 from yuwata/process-util-nulstr
  * Merge pull request #21642 from yuwata/network-state-file-ignore-dynamic-when-dbus-entry-exists
  * network,udev: do not adjust local assignment bit of specified MAC address
  * network: set MAC address before enslaving to bond or bridge interface
  * network: do not block configuring addresses by creating stacked netdevs
  * network/netdev: create stacked netdevs after all set-link operations are finished
  * network/netdev: drop spurious state from the condition to create stacked netdevs
  * network: dhcp6pd: gracefully handle delegated prefix whose prefixlen is larger than 64
  * network: dhcp6pd: set server address for unreachable route
  * network: dhcp6pd: always use main route table for unreachable route
  * network: dhcp6pd: use the kernel's default value for priority of unreachable route
  * network: dhcp6pd: drop link_has_preferred_subnet_id() and inline condition
  * network: fix memleak
  * network: dhcp6pd: do not check Announce= setting when the link does not support RADV
  * network: dhcp6pd: assign addresses in the delegated prefix instead of a subnet prefix /64 on upstream interface
  * Merge pull request #21655 from yuwata/network-creating-enslaving-netdev-cleanups
  * Merge pull request #21653 from yuwata/network-dhcp6pd-unreachable-route-cleanups
  * network: dhcp-pd: rename [DHCPv6PrefixDelegation] -> [DHCPPrefixDelegation]
  * network: introduce link_remove()
  * sd-dhcp-client: support 6rd option
  * network: dhcp-pd: add 6rd support
  * man: network: document Use6RD= setting
  * test-network: add test for 6rd
  * test-network: support the case that the default config files are not installed yet
  * network: tunnel: create tunnels with AssignToLoopback=yes independently of .network file
  * network: tunnel: introduce TUNNEL() helper function
  * network: tunnel: unify init functions for tunnels
  * sd-network: drop _public_ attribute
  * network: route: tighten variable scope
  * network: address: read flags from message header when IFA_FLAGS is not supported by kernel
  * dhcp: fix assertion failure
  * Merge pull request #21672 from yuwata/network-old-kernel-support
  * sd-network: drop unnecessary +1 for buffer size
  * sd-network: introduce sd_network_link_get_stat()
  * resolve: do not re-read settings from networkd if link state file is unmodified
  * network: call link_check_ready() when all stacked netdevs are created
  * network: wifi: ssid may be NULL
  * network: do not reconfigure wireless interface when previously not connected to any APs
  * Merge pull request #21678 from keszybz/sysusers-work
  * Merge pull request #21686 from yuwata/network-wlan-fix-reconfigure
  * network: route: show prefix length of the source in debugging logs
  * network: json: add src address when its prefix length is non-zero
  * network: route: mask lower bits of destination or source prefix
  * network: address: do not adjust user specified scope
  * network: address: also adjust scope when address is link local address
  * network: address: add scope in debugging logs
  * network: wireguard: allow to run NDisc and RADV when IPv6LL address is manually configured
  * doc: fix typo
  * network: refuse empty or numeric route table names
  * libsystemd-network: ignore -ENETDOWN or friends in recv()
  * NEWS: add more entries for v250
  * Merge pull request #21692 from yuwata/network-wireguard-allow-to-start-ndisc-or-radv
  * network: sd-ipv4ll and sd-ipv4acd only support ethernet interfaces
  * network: dhcp: make IPServiceType= accept "none" to disable tos in the outgoing packet
  * man: fix typo
  * meson: use subdir_done() to reduce indent
  * build: include BPF_FRAMEWORK tag in version string
  * test: skip TEST-62 if bpf-framework is not supported
  * test: addresses shell check warning
  * test: fix grepping fixed string starts from hyphen
  * test: add missing section for Description=
  * network: make activation error critical
  * network/netdev: introduce .is_ready_to_create() entry in netdev vtable
  * network/netdev: introduce link_get_local_address()
  * network: tunnel: support to set an address assigned on underlying interface as local address
  * test-network: add testcase for automatic tunnel local address selection
  * wait-online: also use address state even when operational state is below degraded
  * polkit: make bus_verify_polkit_async_registry_free() return Hashmap* with NULL
  * home: clear Manager::bus, ::event, ::homes_by_xxx and so on
  * home: fix heap-use-after-free
  * sd-device: make FOREACH_DEVICE_SYSATTR() also list write-only attributes
  * udevadm: also show write-only attributes
  * fstab-generator: do not remount /sys when running in a container
  * unit: run network-generator before starting udevd
  * meson: build network-generator unconditionally
  * network-generator: support MAC address longer or shorter than ETH_ALEN
  * udev: move NamePolicy to netif-naming-scheme.[ch]
  * network-generator: support to set NamePolicy= through kernel command line argument
  * test: add testcases for net.ifname-policy= kernel command line argument
  * NEWS: update networkd related entries
  * network: route: update comment
  * network: drop IPv6LL addresses manually configured in .network file
  * network: address: minor optimization for link_drop_foreign_addresses()
  * networkd: check the existence of the route
  * network: route: link_drop_foreign_routes() must be called only for managed interfaces
  * test-network: wait for veth99 being configured
  * network: wait until the DSA master interface becomes up
  * Merge pull request #21736 from yuwata/network-cleanups-for-drop-foreign-configs
  * Merge pull request #21786 from keszybz/dirent-work
  * boot: fix typo
  * NEWS: fix typo
  * network: dhcp: logs received 6rd option
  * Merge pull request #21800 from keszybz/net-id-debugging
  * network: dhcp4: pass IPServiceType=none to dhcp client
  * sd-radv: send RA when prefix is updated
  * network: dhcp-pd: fix condition in dhcp_pd_prefix_lost()
  * network: route: do not drop unreachable route on reconfiguring downstream interface
  * network: route: update expiration timer in link_request_route()
  * network: dhcp-pd: do not stack 6rd sit tunnel
  * sd-dhcp-client: add log message when a message is received
  * test-network: use --bind-interfaces option for dnsmasq
  * test-network: use dnsmasq for testing DHCP4-6RD
  * test-network: introduce dump_dnsmasq_log_file()
  * test-network: add tests for renewing/rebinding lease
  * udev-ctrl: make udev_ctrl_send() accept integer and string through a single argument
  * udev: do not kill "udevadm control" process in the same cgroup
  * Merge pull request #21814 from yuwata/network-dhcp-pd-fixes
  * sd-radv: do not use goto for non-error-handling cases
  * journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74
  * test: install losetup by default
  * test: add a test case for issue #21817
  * Merge pull request #21839 from yuwata/repart-issue-reproducer-21817
  * meson: fix cross compiling
  * Merge pull request #21857 from loongarch64/dev-pr1
  * errno-name: drop aliases defined for specific arch
  * test: add test for errno-list.[ch]
  * Merge pull request #21848 from yuwata/errno-name-drop-aliases
  * home: update log message
  * test: remove test-user2
  * test: wait for user inactive
  * meson: fix typo
  * man: reindent and rebreak systemd.network
  * hwdb: update hwdb for v250-final
  * NEWS: update contributors list and release date
  * sd-journal: free incomplete match on failure
  * sd-journal: fix segfault when match_new() fails
  * analyze: fix segfault when malloc() fails (#21874)
  * missing-syscall: define all MOUNT_ATTR_* if missing
  * man: also add anotations for methods
  * meson: fix build with -Dcryptolib=openssl -Ddns-over-tls=false
  * list: drop unnecessary line continuation
  * Merge pull request #21888 from mrc0mmand/ci-more-build-coverage
  * Merge pull request #21871 from keszybz/meson-sbat-report
  * Merge pull request #21648 from yuwata/network-tunnel-local-automatic-address-selection
  * Merge pull request #21737 from yuwata/network-wait-dsa-master-up
  * Merge pull request #21762 from yuwata/udev-ctrl-do-not-kill
  * Merge pull request #21868 from lucab/ups/factory-locale-conf
  * util: introduce strnpcpy_full() and friends to provide whether result is truncated or not
  * test: add tests for strnpcpy_full() and friends
  * udev: warn when result of string substitution is truncated
  * udev: warn about truncation of program result
  * udev: do not import property value from truncated line of program result
  * udev: refuse to process line when invalid program output is obtained
  * test: add test for truncation of program result invoked by udev
  * Merge pull request #20833 from pdmorrow/onfailure_env
  * network: vxlan: support to select an address assigned on underlying interface as local address
  * test-network: add testcase for vxlan local address auto selection
  * basic/linux: update linux headers from v5.16-rc6
  * shared/linux: update linux headers from v5.16-rc6
  * Merge pull request #21765 from yuwata/udev-warn-truncation
  * Merge pull request #21774 from keszybz/make-libcore-shared-and-add-lib-tag-option
  * tree-wide: fix typo
  * meson: move dbus-interfaces-dir
  * meson: show dbus interfaces directory in summary
  * meson: obtain dbus directories from pkg-config
  * unti-file: fix symlinked drop-in directory handling
  * test: add testcases of symlinked drop-in directories
  * network: ndisc: ignore route prefix to ::/0
  * manager: always close idle pipe when sending ready notification
  * network: wireguard: warn about invalid allowed IP addresses
  * test-network: add testcase for invalid AllowedIPs=
  * sysusers: use filename if /proc is not mounted
  * nss-systemd: fix required buffer size calculation
  * hostname-setup: gracefully handle kernel with empty CONFIG_DEFAULT_HOSTNAME
  * hostname-util: drop GET_HOSTNAME_ALLOW_NONE flag and always refuse "(none)"
  * nss-systemd: fix alignment of gr_mem
  * nss-myhostname: do not apply non-zero offset to null pointer
  * udev: fix ID_NET_NAME_MAC= udev property
  * Merge pull request #21928 from medhefgo/boot-meson
  * syscalls: update syscall definitions
  * missing-syscall: add __NR_openat2
  * Merge pull request #21944 from yuwata/nss-systemd-fix-pointer
  * seccomp-util: include missing_syscall_def.h to make __SNR_foo mapped to __NR_foo
  * elf-util: reduce variable scope and indentation
  * elf-util: reduce variable scope and indentation
  * elf-util: executable argument for parse_elf() may be NULL
  * elf-util: reduce variable scope
  * elf-util: add missing assertion
  * coredump: drop unnecessary parentheses
  * Merge pull request #21778 from evverx/test-cifuzz
  * test-repart: disable pager
  * test-repart: append /sbin and /usr/sbin to $PATH= to make sfdisk can be found
  * coredump: drop unnecessary initialization
  * resolve: add missing initialization of libgcrypt
  * watchdog: adjust comment
  * sd-boot: select newest kernel entry matching with the default glob pattern
  * backlight: ignore error if the backlight device is already removed
  * Merge pull request #22014 from keszybz/networkd-reduce-append-logging
  * Merge pull request #22012 from DaanDeMeyer/journal-full-message
  * Merge pull request #22016 from yuwata/small-cleanups
  * Merge pull request #22018 from keszybz/logind-survive-aborted-suspend
  * util: move on_ac_power() from util.c -> udev-util.c
  * udev-util: re-implement on_ac_power() with sd-device
  * udev-util: ignore USB-C ports in power source mode when detecting system is running on AC power
  * fstab-generator: skip root directory handling when nfsroot is requested
  * fstab-generator: also skip other network filesystems and live image
  * meson: install test-network-generator-conversion.sh even if networkd is not enabled
  * NEWS: sort entries
  * tree-wide: fix typo
  * test: add test cases for fstab-generator
  * Merge pull request #22031 from floppym/issue22001-1
  * watchdog: rebreak comments
  * pid1: voidify manager_override_watchdog()
  * network: dhcp6: do not request address if UseAddress=no
  * Merge pull request #22088 from medhefgo/meson
  * Merge pull request #22037 from fbuihuu/watchdog-minor-improvements
  * Merge pull request #21728 from Werkov/bfq-io-weight
  * Merge pull request #22100 from bluca/test_part
  * sd-dhcp6-client: ignore broken non-critical options
  * sd-dhcp6-client: expose client_parse_message()
  * test: voidify test functions
  * test: add testcase for broken NTP server option
  * boot: add missing error check
  * network: use scope link for direct unicast routes by default
  * meson: require bpftool version >= 5.6
  * meson: check if clang supports bpf
  * meson: use the compiler command array as is
  * Merge pull request #22096 from keszybz/networkctl-bus-once
  * Merge pull request #22098 from DaanDeMeyer/journal-corrupt-2
  * network: wireguard: do not add routes to AllowedIPs= by default
  * network: wireguard: also accept negative boolean values to disable adding routes
  * core: update log message
  * core: add missing dependency DBus properties
  * kernel-install: also remove modules.builtin.alias.bin
  * test: fix a copy-and-paste error
  * pid1,cgroup-show: ignore -EOPNOTSUPP in cg_read_pid()
  * Merge pull request #22161 from kreijack/ignore-boot-entries
  * network: sr-iov: fix section name in log messages
  * network: sr-iov: drop conflicting sections
  * network: sr-iov: add missing assertion
  * network: rename NetworkConfigSection -> ConfigSection
  * network: move SR-IOV related functions to src/shared/netif-sriov.[ch]
  * udev/net: also support [SR-IOV] section in .link files
  * udev/net: allow to set number of SR-IOV virtual functions
  * udev/net: check if the requested SR-IOV virtual function exists before configuring it
  * network: show driver in debug log
  * test-network: silence check for alternative names
  * test-network: split out SR-IOV test to new class
  * test-network: add testcases for configuring SR-IOV by .link file
  * test: wait for newly created btrfs triggered
  * meson: skip to search clang, llvm-string, and bpftool, if libbpf not found
  * sd-device: add more debugging logs in device_set_syspath()
  * udev-util: add event UUID to debugging logs
  * test: replace multiple echo with cat
  * resolve: fix assertion triggered when r == 0
  * upstream-ci: logind test: use drop-in config
  * upstream-ci: logind test: also show logs of systemd-suspend.service
  * upstream-ci: logind test: make sure the fake lid switch processed by udevd
  * resolve: add debuging log of interface name change
  * resolve: use log_link_warning_errno() or freinds more
  * resolve: drop redundant call of link_allocate_scopes() and link_add_rrs()
  * netif-util: introduce netif_has_carrier()
  * resolve: use netif_has_carrier()
  * resolve: use FLAGS_SET() macro
  * network-util: introduce network_link_get_operational_state()
  * wait-online: use network_link_get_operational_state()
  * resolve: reduce attempts of reading link file
  * upstream-ci: logind test: fix drop-in config
  * Merge pull request #22183 from anitazha/oomdkillfix
  * resolve: refuse to resolve empty hostname
  * Merge pull request #22199 from yuwata/resolve-reduce-attempts-reading-networkd-link-file
  * Merge pull request #22202 from mwilck/keep-links-02
  * udevadm: do not remove watch directory
  * udevadm: split assertions
  * udevadm: simplify the code of removing udev state files
  * udevadm: add more assertions
  * Merge pull request #22205 from yuwata/udevadm-info-cleanups
  * Merge pull request #22209 from systemd/wip/hadess/chassis-override
  * hostname: introduce context_get_chassis() and use it everywhere
  * hostname: allow to override hardware vendor and model
  * rule: make ID_SYSFS_ATTRIBUTE_MODEL also accept product_name
  * rule: fallback to use board information if product information is not set
  * Merge pull request #21908 from yonran/environmentfile-docs
  * sd-dhcp-server: drop unnecessary buffer duplication
  * sd-dhcp-server: shorten code a bit
  * sd-dhcp-server: use free_and_replace() at one more place
  * sd-dhcp-server: change the type of the client ID data
  * sd-dhcp-client: fix RFC number
  * sd-dhcp-client,sd-dhcp-client-server: set chaddr in dhcp_message_init()
  * sd-dhcp-server: support packet from non-Ethernet interface
  * Merge pull request #22222 from yuwata/dhcp-server-support-non-ethernet-packet
  * sd-dhcp-server: fix heap buffer overflow
  * fuzz: add testcases of heap-buffer-overflow for sd-dhcp-server
  * Revert "resolve: refuse to resolve empty hostname"
  * dns-domain: re-introduce dns_name_is_empty()
  * resolve: synthesize empty name
  * resolve: synthesize null address, IPv4 broadcast address, or invalid domain
  * Merge pull request #22227 from yuwata/dhcp-server-fix-heap-buffer-overflow
  * Merge pull request #22226 from yuwata/hostname-allow-to-override-hardware-vendor-and-model
  * fuzz-dhcp-server: also set new lease elements correctly
  * fuzz-dhcp-server: duplicate input data
  * fuzz-dhcp-server: attach sd_event to make dhcp_server_cleanup_expired_leases() works in the fuzzer
  * Merge pull request #22236 from yuwata/fuzz-dhcp-server
  * NEWS: mention about the regression in WireGuard
  * NEWS: update
  * hostname: expose hardware serial through dbus
  * wait-online: rename Manager elements
  * wait-online: make manager_link_is_online() return 0 when in unmanaged state
  * Merge pull request #22249 from yuwata/wait-online-fix-unmanaged-state
  * Merge pull request #22252 from medhefgo/boot-build
  * Merge pull request #22259 from bluca/exec_cond_restart
  * test: initialize buffer to make Coverity silent
  * Merge pull request #22262 from DaanDeMeyer/journal-fixes
  * Merge pull request #22132 from joanbm/main
  * tree-wide: fix typo
  * test-network: always cleanup the testing environment
  * test-network: wait for the link is activated
  * test-network: dummy interface is initially down when activation policy is manual
  * test-network: wait for a while if manual policy is always-{up,down}
  * resolve: make dns_stream_new() take on_packet and complete callbacks
  * resolve: call dns_stream_take_read_packet() in on_stream_io()
  * resolve: mention that dns_stream_update() needs to be called after dns_stream_take_read_packet()
  * resolve: llmnr: fix never hit condition
  * Revert "test: wait for newly created btrfs triggered"
  * Revert "test: wait for user inactive"
  * log: introduce log_trace_errno()
  * sd-device: suppress too many debugging log when enumerating devices
  * man: extend the DHCPv6-PD example and add a DHCPv4-6RD example
  * Merge pull request #22272 from bluca/state_dir_private_rootfs
  * Merge pull request #22277 from yuwata/test-network-activation-policy
  * test: frequency in mouse DPI is optional
  * network: fix log messages
  * sd-dhcp-server: refuse too large packet to send
  * unit: introduce wait-online@.service for specific interface
  * test: add missing oom check
  * network: use hashmap_remove_value() at two more places
  * bus-util: retrieve bus error from message
  * core/unit: use bus_error_message() at one more place
  * login: use bus_error_message() at one more place
  * Merge pull request #22301 from mrc0mmand/cocci-tweaks
  * core: check if argc > 0 and argv[0] is set
  * Merge pull request #22294 from evverx/fuzz-dhcp-client
  * network: configure DHCP clients after MAC address is assigned
  * network: configure NDisc after MAC address is assigned
  * network: disable NDisc for CAN interfaces
  * network: currently RADV requires MAC address whose length is ETH_ALEN
  * network: currently IPv4ACD requires MAC address whose length is ETH_ALEN
  * Merge pull request #21838 from lnussel/logind-refactor
  * network: remove only managed configs on reconfigure or carrier lost
  * network: move ndisc_flush() to link_stop_engines()
  * network: do not remove localhost address
  * network: do not free bound_by carrier map on reconfigure
  * network: drop tiny wrapper used only one place anymore
  * network: also use link_reconfigure_impl() to initially assign .network file
  * sd-dhcp-server: do not log "STOPPED" when already stopped
  * sd-dhcp-server: refuse zero length client ID
  * sd-dhcp-server: do not use implicit cast to boolean from integer
  * sd-dhcp-server: rename argument and add one missing assertion
  * sd-dhcp-server: fix indentation
  * sd-dhcp-server: set DHCPLease::server before hashmap_put()
  * sd-dhcp-server: rename server_send_nak() -> server_send_nak_or_ignore()
  * sd-dhcp-server: rename get_pool_offset() -> address_is_in_pool()
  * sd-dhcp-server: do not assign an address from pool when a static lease for the client ID exists
  * sd-dhcp-server: explicitly refuse when conflicting address is requested
  * sd-dhcp-server: do not assign address reserved for static leases to non-matching clients
  * sd-dhcp-server: split out logic to ACK request
  * test-dhcp-server: use log_tests_skipped_errno()
  * test-dhcp-server: move sd-event allocation
  * test-dhcp-server: run a test earlier which does not require privilege
  * test-dhcp-server: add usual headers
  * test-dhcp-server: add tests for setting static DHCP lease
  * test-dhcp-server: add tests for static lease
  * fuzz-dhcp-server: add static leases
  * sd-dhcp-lease: fix reading unaligned memory
  * sd-dhcp-lease: fix memleak
  * network: xfrm: refuse zero interface ID
  * test-network: set xfrm interface ID
  * Merge pull request #22319 from yuwata/network-use-reconfigure
  * Merge pull request #22254 from yuwata/dhcp-server-fix-segfault
  * network: drop outdated TODO comment
  * sd-dhcp-server: use free_and_replace() at one more place
  * sd-dhcp-server: convert null address for e.g. DNS to server address
  * network: use GREEDY_REALLOC() at one more place
  * network: dhcp-server: also refuse link local address to use as the server address
  * Merge pull request #22310 from yuwata/sd-dhcp-lease-fixes
  * network: dhcp-server: introduce special value DNS=_server_address
  * test-network: add tests for DNS=_server_address in [DHCPServer]
  * Merge pull request #22327 from joanbm/main_resolved_improvements
  * Merge pull request #22332 from yuwata/network-dhcp-server-dns-server-address
  * Merge pull request #22351 from mrc0mmand/TEST-56-cgroupsv1
  * sd-dhcp-lease: store static routes and classless static routes in different arrays
  * network: dhcp-server: make empty string to DNS= or friends clear previously specified servers
  * Merge pull request #22350 from poettering/journal-read-object-fix
  * core/mount: fail early if directory cannot be created
  * mkdir: CHASE_NONEXISTENT cannot used in chase_symlinks_and_stat()
  * mkdir: allow to create directory whose path contains symlink
  * test: add a test for mkdir_p()
  * test: allow to set NULL to intro or outro
  * udev: do not generate format dynamically
  * sd-device: move device_read_uevent_file() to device-private.h
  * sd-device: make device_set_action() take sd_device_action_t
  * udevadm: make test and test-builtin command accept /dev path or device unit
  * udevadm: trigger: drop unnecessary slash
  * sd-device: drop device_new_from_synthetic_event() from libsystemd
  * network: update operational state when we remove an address
  * test: use rm_rf_physical_and_freep cleanup function
  * network: tunnel: use "data" field to assign result
  * network: tunnel: reduce indentation in config_parse_ipv6_flowlabel()
  * network: tunnel: reduce indentation in config_parse_encap_limit()
  * network: tunnel: reorder setting ip6tnl attributes
  * network: tunnel: support external mode
  * test-network: add testcase for external tunnel
  * network-generator: rename DHCP_TYPE_DHCP -> DHCP_TYPE_DHCP4
  * stat-util: introduce path_is_network_fs()
  * Merge pull request #22416 from fbuihuu/misc
  * network: enable KeepConfiguration= when running on network filesystem
  * resolve: fix potential memleak and use-after-free
  * resolve: fix possible memleak
  * resolve: use _cleanup_ attribute for freeing DnsQuery
  * resolve: reuse timer event source for DnsQuery
  * udev/net: support to set MDI-X mode
  * Revert "packit: switch the remaining jobs to F35"
  * Revert "ci: switch to fedora-35 on i386 on Packit"
  * Merge pull request #22448 from poettering/coredump-raise-sizes
  * network: move ipv6ll related functions to networkd-ipv6ll.[ch]
  * network: tc: drop unused QDisc::family element
  * network: tc: drop unnecessary conditions
  * network: coding style fixes
  * sd-netlink: unify sd_rtnl_message_new_qdisc() and sd_rtnl_message_new_tclass()
  * sd-netlink: introduce sd_rtnl_message_traffic_control_get_{ifindex,parent,handle}()
  * sd-netlink: make traffic control related message can be monitored
  * sd-netlink: allow to dump qdisc and tclass
  * network: tc: monitor qdisc and tclass
  * network: tc/teql: set tca_kind in verify()
  * network: tc: use request queue to configure traffic control
  * network: tc: introduce order dependency of traffic control
  * network: tc: use hashmap to store traffic control settings in .network files
  * Merge pull request #22248 from yuwata/network-tc-use-request-queue
  * network: introduce two helper functions for setting IPv6LL address generation mode
  * network: monitor current IPv6LL address generation mode
  * network: use log_link_warning_errno() or friends where applicable
  * network: skip to set IPv6LL address generation mode if the requested mode is already set
  * network: move link_set_ipv6ll_stable_secret() to networkd-ipv6ll.c
  * test-network: add testcase for re-generating IPv6LL address
  * network: bridge: fix endian of vlan protocol
  * test-network: add missing tests for bridge properties
  * Merge pull request #22452 from yuwata/network-ipv6ll
  * Merge pull request #22471 from yuwata/network-bridge-vlan-protocol
  * sd-dhcp6-client: add missing address existence check
  * cgroup-util: refuse the case that both path and suffix are empty strings
  * network: drop redundant condition
  * network: drop managed configs on reconfigure when KeepConfiguration=yes
  * NEWS: clarify that ForceDHCPv6PDOtherInformation= is removed
  * sd-dhcp6-client: trigger assertion whn invalid IA type is provided
  * sd-dhcp6-client: introduce two helpers to create message
  * sd-dhcp6-client: fix typo ia_pd -> ia_na
  * sd-dhcp6-client: rename ia -> ia_na, pd -> ia_pd in sd_dhcp6_lease
  * sd-dhcp6-lease: convert assert_return() -> assert() in non-public functions
  * sd-dhcp6-lease: reset client or server ID when length is zero
  * sd-dhcp6-client: unify IA option header
  * sd-dhcp6-client: introduce dhcp6_ia_free()
  * sd-dhcp6-client: store PD prefix hint in ia_pd
  * sd-dhcp6-client: unify dhcp6_option_append_{ia,pd}()
  * sd-dhcp6-client: always use ENODATA when a lease does not have requested data
  * sd-dhcp6-lease: unify lease lifetime calculation
  * sd-dhcp6-client: use structured initializer
  * sd-dhcp6-client: introduce dhcp6_lease_new_from_message()
  * sd-dhcp6-client: voidify client_reset()
  * sd-dhcp6-client: fix possible unaligned read or write
  * sd-dhcp6-client: introduce client_process_*()
  * sd-dhcp6-client: rename client_start() -> client_set_state()
  * sd-dhcp6-client: add missing one more error handling
  * sd-dhcp6-client: stop client on error in client state transition
  * sd-dhcp6-client: use in6_addr_to_string()
  * sd-dhcp6-client: disable event source when client is stopped or freed
  * sd-dhcp6-client: fix overflow in calculating timeout value
  * sd-dhcp6-client: introduce client_enter_bound_state()
  * sd-dhcp6-client: use event_reset_time_relative()
  * sd-dhcp6-client: fix lifetime handling
  * sd-dhcp6-client: call client_notify() in client_enter_bound_state()
  * sd-dhcp6-client: disable T1 timer on T2
  * sd-dhcp6-client: prohibit spurious state transition
  * sd-dhcp6-client: make state transition stricter
  * sd-dhcp6-client: initialize IO event source in sd_dhcp6_client_start()
  * sd-dhcp6-client: drop unnecessary assignment
  * sd-dhcp6-client: set lease expiration timer in client_enter_bound_state()
  * sd-dhcp6-client: drop unnecessary event_source_disable()
  * sd-dhcp6-client: max_retransmit_count is only used when client is in DHCP6_STATE_REQUEST
  * sd-dhcp6-client: use event_reset_time_relative() at one more place
  * sd-dhcp6-client: merge client_start() and client_reset()
  * sd-dhcp6-client: move client_ensure_iaid()
  * sd-dhcp6-client: move client_timeout_resend() and client_set_state()
  * sd-dhcp6-client: log message is processed before state is changed
  * sd-dhcp6-client: voidify client_set_state()
  * sd-dhcp6-client: use proper type for string table lookup funcs
  * sd-dhcp6-client: rename client_set_state() -> client_start_transaction()
  * sd-dhcp6-client: log state transition
  * sd-dhcp6-client: adjust assertions
  * sd-dhcp6-client: stop IO event source when client entered bound state
  * sd-dhcp6-client: use struct hw_addr_data
  * ordered-set: introduce ordered_set_clear()
  * sd-dhcp6-client: use OrderedSet for vendor option
  * sd-dhcp6-client: do not expose set_transaction_id()
  * dhcp-identifier: introduce duid_type_to_string()
  * dhcp-identifier: introduce dhcp_identifier_set_duid()
  * dhcp-identifier: generate static and constant DUID-EN when the client is running in test mode
  * sd-dhcp6-client: use memcmp_nn() at one more place
  * sd-dhcp6-client: add log about Information Refresh Time
  * sd-dhcp6-client: reset Information Refresh Time on stop
  * network: do not restart DHCPv6 client when it is already running in managed mode
  * sd-dhcp6-client: split dhcp6-internal.h into two
  * sd-dhcp6-client: logs invalid NTP option
  * sd-dhcp6-client: append extra options before elapsed time option
  * fuzz-dhcp6-client: test multiple states
  * fuzz-dhcp6-client: merge with fuzz-dhcp6-client-send
  * fuzz-dhcp6-client: add prefix hint and vendor option to sent message
  * test-dhcp6-client: cleanups
  * test-dhcp6-client: add test for rapid commit
  * test: check if running in container earlier
  * Merge pull request #22507 from poettering/id128-compare-tweaks
  * Merge pull request #22508 from poettering/stat-ino-compare
  * Merge pull request #22487 from poettering/bootspec-source-flags
  * meson: sort listed files
  * network: rename REQUEST_TYPE_STACKED_NETDEV -> REQUEST_TYPE_NETDEV_STACKED
  * network: netdev: make netdev_is_ready_to_create() return negative errno on fatal error
  * network: netdev: increment reference counter on request
  * network: netdev: use request queue to create independent netdevs
  * network: netdev: add flag to skip kind check
  * network: manage WLAN phy
  * wifi-util: introduce nl80211_iftype_from_string()
  * network: add support to create wlan virtual interface
  * sd-dhcp6-client: add comment about ia_na and ia_pd
  * cgroup-util: introduce cg_is_threaded()
  * core/execute: warn when threaded mode is detected
  * Merge pull request #22523 from DaanDeMeyer/systemd-networkd-tests-fixes
  * dhcp-identifier: use offsetof()
  * memory-util: introdyce mempcpy_safe()
  * sd-dhcp6-client: use mempcpy() or mempcpy_safe()
  * Merge pull request #22271 from keszybz/manager-reexec-freeze
  * Merge pull request #22520 from yuwata/sd-dhcp6-client-cosmetic-follow-ups
  * Merge pull request #22502 from yuwata/udev-net-virtual-wlan-interface
  * timesync: add missing setting in template
  * Merge pull request #22543 from poettering/logind-fix-bus-bool-prop
  * sd-dhcp-server: do not offer server address
  * Merge pull request #22535 from poettering/dbusctl-range-display
  * udev-util: introduce udev_available() helper function
  * network: use udev_available() where applicable
  * network: call ethtool after link is initialized by udevd
  * networkctl: show netdev kind
  * resolve: refuse AF_UNSPEC when resolving address
  * Merge pull request #22540 from yuwata/network-call-ethtool-after-initialized
  * network,udev/net: add Kind= settings in [Match] section
  * Merge pull request #22545 from yuwata/network-match-kind
  * udev-util: add parentheses to make coverity silent
  * resolve: add reference of the original bus message to the aux queries
  * NEWS: fix typo
  * test-oomd-util: style fixlets
  * test-oomd-util: fix conditional jump on uninitialised value
  * network: dhcp-pd: fix prefix length of address assigned to upstream interface
  * network: dhcp-pd: allow to assign the same subnet prefix to multiple interfaces
  * test: fix file descriptor leak in test-catalog
  * test: drop timeout handlers
  * test: fix memory and fd leak in test-dhcp6-client
  * test: fix file descriptor leak in test-oomd-util
  * test: fix file descriptor leak in test-fs-util
  * test: fix file descriptor leak in test-tmpfiles.c
  * test: fix file descriptor leak in test-psi-util
  * Merge pull request #22596 from yuwata/test-fix-fd-leaks
  * unit: escape %
  * test-journal-send: close fd opend by syslog()
  * journal-send: close fd on exit when running with valgrind
  * resolve: drop never matched condition
  * resolve: make dns_scope_good_domain() take DnsQuery*
  * resolve: synthesize empty domain only when A and/or AAAA key is requested
  * network: compare addresses more strictly
  * network: set broadcast address on request
  * network: use address_set_broadcast() at one more place
  * network: also hash address label and broadcast address
  * test-network: add testcases for address property change
  * network: create stacked netdevs after the underlying link is activated
  * test-network: remove unused configs
  * test-network: check existence before calling networkctl or ip command
  * test-network: add test case for activation policy for stacked netdevs
  * sd-dhcp-server: add support to send next server and filename option for PXE boot systems
  * network: add NextServer= and Filename= setting to [DHCPServer] section
  * network: make link_down() independent of link_up_or_down()
  * network: drop detailed log messages
  * network: address: drop unnecessary call of address_get()
  * network: move functions
  * network: move more functions
  * network: bridge mdb: add missing assertion
  * network: dhcp-server: add two more log messages
  * network/netdev: do not assign value on failure
  * network/netdev: drop unused argument
  * network: assign corresponding NetDev object to Link
  * network: split netdev_create() into two
  * network: drop unused flag and counter
  * Merge pull request #22619 from yuwata/network-netdev-cleanups
  * network: traffic control: drop meta from QDisc and TClass
  * network: traffic control: drop detailed log messages
  * network: netdev: make link_get_local_address() refuse non-ready links and addresses
  * network: netdev: use netdev_is_stacked() at one more place
  * network: netdev: drop NETDEV_CREATE_MASTER
  * network: adjust assertions
  * Merge pull request #22626 from yuwata/network-assorted-cleanups
  * network: address: introduce manager_get_address()
  * network: merge gateway_is_ready() and link_address_is_reachable()
  * network: introduce {manager,link}_address_is_reachable()
  * network: l2tp: make Local= optionally take interface name
  * network: l2tp: change create type to independent
  * network: netdev: drop unused creation type NETDEV_CREATE_AFTER_CONFIGURED
  * tree-wide: fix typo
  * test: skip TEST-17 on ubuntu ppc64el
  * conf-parser: merge config_parse_string() and config_parse_safe_string()
  * conf-parser: introduce CONFIG_PARSE_STRING_ASCII flag
  * network: refuse string which contains non-safe or non-ascii characters for Filename=
  * conf-parser: introduce config_parse_dns_name() and config_parse_hostname()
  * dhcp: list all known DHCP options
  * sd-dhcp6-client: rename timezone options
  * dhcp: list all known message type
  * Merge pull request #22595 from poettering/logind-action-refact
  * network: dhcp: rename NextServer= and Filename= settings
  * alloc-util: introduce mfree_func_type_t
  * network: tc: assign netlink handlers into Request object
  * network: make address_configure() and friends take Request object
  * network: make request_process_address() and friends take Link and corresponding object
  * network: introduce reference counter for Request object
  * network: make Request object take Manager*
  * network: introduce request_call_netlink_async()
  * network: drop unnecessary link_enter_failed()
  * network: refuse to configure link properties when in initialized state
  * network: merge RequestType and SetLinkOperation
  * network: increment reference counters of Link and Request before processing requests
  * network: re-design request queue
  * meson: move to c_std=gnu11
  * glyph-util: use u8 literal specifier for special characters
  * hostnamectl: use u8 literal specifier
  * qrcode-util: use u8 literal specifier
  * lgtm: disable cpp/missing-return
  * Merge pull request #22711 from yuwata/c11
  * doc: fix error code
  * man: replace full stop with colon
  * Merge pull request #22721 from mrc0mmand/journalctl-tweaks
  * test: use /var/tmp for storing disk images
  * test: format disk image through loopback device
  * test: wait for loopback device being actually created
  * home: shorten code a bit and add missing assertions
  * Merge pull request #22739 from mrc0mmand/list-boot-followup
  * home: use open_image_file() helper at one more place
  * Merge pull request #22765 from medhefgo/test
  * sd-radv: voidify sd_radv_remove_prefix()
  * sd-radv: do not use iterater outside of the loop
  * sd-radv: fix indentation
  * Revert "udev: do not kill "udevadm control" process in the same cgroup"
  * timedate: use cleanup attribute at one more place
  * Merge pull request #22770 from yuwata/sd-radv-fixes
  * core: ExecContext::restrict_filesystems is set of string
  * repart: use assert() when no state is changed
  * udev: run the main process, workers, and spawned commands in /udev subcgroup
  * test: wait for loopback device being ready to manipulate
  * Merge pull request #22752 from yuwata/udev-ctrl-manage-sender-pids
  * sort-util: add missing parens
  * sd-device-enumerator: fix typo: contolC -> controlC
  * sd-device: shorten code a bit
  * strv: rewrite strv_copy() with cleanup attribute and STRV_FOREACH()
  * strv: use STRV_FOREACH() at two more places
  * list: declare iterator of LIST_FOREACH() in the loop
  * list: make LIST_FOREACH() and LIST_FOREACH_BACKWARDS() safer
  * strv: make iterator in STRV_FOREACH() declaread in the loop
  * Merge pull request #22789 from poettering/timesync-struct-log
  * sd-device-enumerator: introduce sound_device_compare() and devpath_is_late_block() helper functions
  * sd-device-enumerator: introduce device_enumerator_unref_devices() helper function
  * sd-device-enumerator: introduce device_enumerator_sort_devices()
  * sd-device-enumerator: introduce device_enumerator_add_prioritized_subsystem()
  * sd-device-enumerator: drop /sys/subsystem support
  * sd-device-enumerator: introduce device_enumerator_scan_devices_and_subsystems()
  * udevadm trigger: introduce --prioritized-subsystem option
  * udevadm trigger: introduce --type=all option
  * unit: make systemd-udev-trigger.service use --prioritized-subsystem
  * sd-device-enumerator: support to list only initialized or uninitialized devices
  * Merge pull request #22825 from keszybz/assorted-cleanups
  * boot: fix typo
  * NEWS: fix typo
  * sriov: introduce sr_iov_hash_func() and sr_iov_compare_func()
  * network: sriov: use request queue to configure SR-IOV virtual functions
  * sysupdate: fix error handling
  * Merge pull request #22835 from keszybz/foreach_string-inline-iterator
  * core/namespace: inline one more iterator variable
  * path-util: use PTR_SUB1() macro in path_find_last_component()
  * sd-device: use path_find_last_component() to set driver subsystem
  * test: add tests for device id
  * dns-domain: use PTR_SUB1() macro
  * network: do not enable IPv4 ACD for IPv4 link-local address if ACD is disabled explicitly
  * Merge pull request #22800 from poettering/safe-ptr-sub1
  * journal-remote: refuse to specify --trust option when gnutls is disabled
  * udev: update comment and log message
  * udev: use sd_event_source_disable_unref()
  * udev: remove /run/udev/queue in on_post()
  * udev: only ignore ENOENT or friends which suggest the block device is not exist
  * udev: assume there is no blocker when failed to check event dependencies
  * udev: try to reload selinux label database less frequently
  * inotify-util: declare iterator in FOREACH_INOTIFY_EVENT()
  * udev: drop unnecessary clone of received sd-device object
  * udev: introduce device_broadcast() helper function
  * udev: store action in struct Event
  * udev: requeue event when the corresponding block device is locked by another process
  * udev: split worker_lock_block_device() into two
  * udev: assume block device is not locked when a new event is queued
  * efi-loader: drop harmful assertion
  * Merge pull request #22861 from poettering/journald-sigterm
  * network: rename netdev kind virtual-wlan -> wlan
  * Update NEWS
  * fix typo
  * Merge pull request #22885 from poettering/kill-clock-boottime-or-monotonic
  * inotify-util: fix wrong warnings in FOREACH_INOTIFY_EVENT()
  * udev: do not call sd_event_source_disable_unref() in workers for event sources created by the main process
  * sd-device: introduce device_add_propertyf()
  * udev: append error code in broadcasted message
  * test: add tests for worker error code
  * fix typo
  * udev: do not append unknown errno or signal name
  * udev: do not use sd_event_source_disable_unref() at more places
  * sd-device: drop /sys/subsystem support
  * sd-device: try to get DISKSEQ from uevent file
  * sd-device: use path_extract_directory() at one more place
  * sd-device: do not ignore critical errors in device_new_from_child()
  * udev: ignore one more error in device_get_block_device()
  * udev: rename functions to emphasize whole disk is locked
  * Merge pull request #22913 from yuwata/sd-device-cleanups
  * network: automatically determine timeout of waiting for carrier regain
  * network: shorten code a bit
  * Merge pull request #22899 from yuwata/network-ignore-carrier-loss
  * sd-device: introduce sd_device_new_from_devname()
  * test: add more tests for sd_device_new_from_xxx()
  * udevadm: introduce new 'wait' command
  * test: replace helper_wait_for_dev() with 'udevadm wait'
  * basic/missing: move BLKGETDISKSEQ to missing_fs.h
  * fd-util: rename loop_get_diskseq() -> fd_get_diskseq()
  * sd-device: introduce sd_device_open()
  * test: add test for sd_device_open()
  * udev: use sd_device_open() where appropriate
  * Merge pull request #22872 from yuwata/udevadm-wait
  * test: add space between arguments
  * tree-wide: add a space after if, switch, for, and while
  * Merge pull request #22926 from bluca/analyze_offline_filter
  * tree-wide: fix typo
  * Merge pull request #22939 from yuwata/tree-wide-space
  * sd-dhcp6-client: rename req_opts_len -> n_req_opts
  * sd-dhcp6-client: sort requesting options
  * dhcp: make option names singular
  * network: dhcp6: request DNS servers or friends only when they will be used
  * sd-dhcp6-client: request several options
  * Merge pull request #22952 from poettering/rework-kvm-hyperv
  * Merge pull request #22943 from yuwata/dhcp6-client-requet-options
  * network: ignore all errors in loading .network files
  * network: always log error in network_load_one() and netdev_load_one()
  * udev/net: always log error in link_load_one()
  * Merge pull request #22867 from poettering/lockdev-util
  * Merge pull request #22963 from poettering/udevadm-diskseq-fix
  * fix typo
  * shell-completion: update for udevadm
  * test: use udevadm wait and lock
  * Merge pull request #22964 from yuwata/udevadm-lock-follow-ups
  * Merge pull request #22951 from keszybz/fix-entry-selection-bootctl-status
  * test-sd-device: log earlier which device is handled
  * test-sd-device: device ID requires subsystem
  * test-sd-device: allow several devices removed during running test
  * test-sd-device: ignore several errors when running on non-host network namespace
  * core: command argument can be longer than PATH_MAX
  * hwdb: fix parsing options
  * Merge pull request #22980 from keszybz/test-help-and-version-output
  * udev: drop unnecessary code
  * udev: split udev_node_apply_permissions() into two
  * udev: upgrade mode in udev_node_apply_permissions_impl()
  * udev: move apply_static_dev_perms() to udev-node.c
  * udevadm: lock: fix TOCTOU
  * test-network: rename one .netdev to make the file removed after the test
  * Merge pull request #22981 from yuwata/udev-node-cleanups
  * login: shorten code a bit
  * udev: add a brief comment about the origin of the filters
  * Merge pull request #22983 from yuwata/login-use-symlinks-under-static_node-tags
  * README: add rawhide SELinux build status (#22997)
  * README: rawhide -> Rawhide
  * Merge pull request #22993 from keszybz/refactor-manager_taint_string()
  * test: --initialized=yes is the default for udevadm wait
  * test: use udevadm lock when partitioning block devices
  * test: drop unnecessary use of loop device
  * sd-ipv4acd: actually drop the arp packet from one of the host interface
  * network: ignore errors when CONFIG_NET_SCHED is disabled
  * Merge pull request #22614 from zonque/timesync/runtime
  * udev: add parens for function names in the logs
  * test: always invoke systemd-repart with --no-pager
  * repart: use sd_device_open()
  * fix typo
  * fix typo
  * sd-device: validate input parameter after creating sd-device object
  * sd-device: minor may be NULL
  * sd-device: shorten code a bit
  * udev/net: cache parsed result of net.ifnames=
  * udev: suppress multiple log message about interface naming scheme from workers
  * udev: inline loop variable
  * Merge pull request #23037 from yuwata/sd-device-validate
  * Merge pull request #22992 from poettering/loop-dissect-tweaks
  * Merge pull request #23048 from keszybz/Add-more-tests-for-specifiers
  * Merge pull request #23051 from poettering/udev-tweaklets-2
  * Merge pull request #23057 from keszybz/various-doc-tweaks
  * sd-event: rebreak comments
  * sd-event: set pid to event source after all setup processes finished
  * sd-event: do not update signal fd after PID is changed
  * sd-event: do not kill a child process from another child
  * sd-event: make inotify event work after the process is forked
  * udev: use EventResult type
  * udev: use child event source to manage workers
  * core: use assert_se() which takes side-effect
  * udev: create disk/by-diskseq symlink only when the device has diskseq
  * sd-device: skip diskseq verification when ID_IGNORE_DISKSEQ property is set
  * udev: do not create disk/by-diskseq symlink when ID_IGNORE_DISKSEQ property is set
  * udev: set ID_IGNORE_DISKSEQ for md devices
  * Merge pull request #22969 from poettering/udevadm-tree
  * Merge pull request #23070 from poettering/devnum-split
  * Merge pull request #23073 from medhefgo/boot-fixes
  * Merge pull request #23081 from mrc0mmand/more-md-tests
  * sd-netlink: use correct type of iterator
  * firewall-util: inline iterator and add several missing assertions
  * Merge pull request #23090 from yuwata/firewall-util-cleanups
  * fs-util: use path_extract_filename() at one more place
  * sd-device: use path_extract_filename() at one more place
  * sd-device: shorten code a bit
  * test: add tests for sd_device_get_sysnum()
  * Merge pull request #23021 from fbuihuu/tmpfiles-fix-precedence-with-plus-sign
  * Merge pull request #23089 from yuwata/sd-device-use-path_extract_filename
  * network: tunnel: handle null address as "any"
  * network: l2tp: refuse null address
  * Merge pull request #23093 from mrc0mmand/test-md-partitions
  * udevadm: info: also show parent devices by --tree
  * man: recommend that .network or friends should have a numeric prefix
  * man: DHCPPrefixDelegation= needs to be enabled on downstream side for assigning delegated prefixes
  * sd-device: verify new syspath on renaming
  * sd-device: reduce indentation
  * sd-device: reset sysname and sysnum on renaming
  * sd-device: use path_extract_filename() at one more place
  * sd-device: shorten code a bit
  * sd-device: use correct type and parser for device node uid and gid
  * sd-device: rename function arguments for storing results
  * sd-device: use ERRNO_IS_DEVICE_ABSENT() at one more place
  * sd-device: fix possible use-of-uninitialized-value
  * sd-device: rename arguments and variables
  * resolve: fix typo in dns_class_is_pseudo()
  * Merge pull request #23101 from yuwata/sd-device-cleanups
  * Merge pull request #23107 from yuwata/man-network-numeric-prefix
  * resolve: drop unused argument
  * resolve: always request records to validate negative answer
  * json: use unsigned for refernce counter
  * macro: check over flow in reference counter
  * sd-bus: fix reference counter to be incremented
  * sd-bus: introduce ref/unref function for track_item
  * sd-bus: do not read unused value
  * sd-bus: do not return negative errno when unknown name is specified
  * sd-bus: use hashmap_contains() and drop unnecessary cast
  * test: shorten code a bit
  * test: add several tests for track item
  * path-util: make readlink_value() refuse O_DIRECTORY returned from path_extract_filename()
  * sd-device: refuse O_DIRECTORY returned from path_extract_filename()
  * string-util: introduce string_replace_char()
  * string-util: introduce strspn_from_end()
  * sd-device: use string_replace_char() and strspn_from_end()
  * efi-api: use string_replace_char()
  * firewall-util: emphasize that nfnl_netlink_sendv() takes at least one message
  * Merge pull request #23084 from poettering/creds-no-tpm2-fallback
  * nss-myhostname: do not return IPv6 local address if IPv6 is disabled
  * test: do not accept IPv6 local address if IPv6 is disabled
  * udevadm: wait: check if specified path not exist on --remove
  * tree-wide: Fix typo
  * set: introduce set_fnmatch()
  * sd-device-enumerator: use set_fnmatch()
  * sd-device-enumerator: introduce sd_device_enumerator_add_nomatch_sysname()
  * test: exclude "bdi" subsystem and loop block devices
  * meson: show default compression method in summary
  * meson: also use COMPRESSION_NONE for default compression
  * hwdb: add keyboard mapping for HP ProBook 11G2
  * login: make RuntimeDirectoryInodesMax= support K, G, M suffixes
  * login: drop non-default value for RuntimeDirectoryInodesMax=
  * core: drop non-default value for DefaultLimitMEMLOCK=
  * Merge pull request #23226 from keszybz/libsystemd-length-assert
  * core/device: use strv_consume()
  * core/device: unit_name_from_path() does not return -ENAMETOOLONG anymore
  * core/device: use _cleanup_ attribute at one more place
  * sd-device: introduce device_get_property_bool()
  * core/device: use device_get_property_bool()
  * core/device: use udev_available()
  * core/device: use sd_device_new_from_devname() to verify the device node
  * core/device: device_found_node() does not accept DEVICE_FOUND_UDEV
  * core/device: drop unused unit name generated from path
  * core/device: minor coding style updates
  * core/device: use DEVICE_FOUND_MASK
  * Merge pull request #23230 from yuwata/core-device-cleanups
  * fix typo
  * shared/install: use correct cleanup function
  * udev: check stats of .link files and their drop-in files
  * Merge pull request #23257 from evverx/install-valgrind
  * Merge pull request #23205 from DaanDeMeyer/tmpfiles-networkd
  * libsystemd-network: refuse too large raw_size
  * sd-ndisc: drop unused function
  * sd-lldp: use memcpy_safe() as the buffer size may be zero
  * udev: use device ID to find blockers
  * udev: make newer event also blocked by DEVPATH_OLD
  * udev: also make uevent blocked by events for the same device node
  * man/networkctl: mention initialized state
  * Merge pull request #23264 from keszybz/shorten-test-names
  * README: mention kernel requirement for ambient capabilities
  * udev: fix parent token handling
  * test: add testcase for #23288
  * Merge pull request #23272 from keszybz/logind-man-and-rules
  * Merge pull request #23290 from keszybz/three-fixes
  * Merge pull request #23291 from yuwata/udev-rule-fix-regression
  * Merge pull request #23292 from alexhenrie/dhcpv6
  * resolve: use dns_answer_isempty() at one more place
  * resolve: first increment the reference counter
  * ordered-set: introduce ordered_set_reserve()
  * resolve: manage DnsAnswerItem with OrderedSet
  * resolve: move the RRSIG after the all corresponding entries
  * resolve: fix false maybe-uninitialized warning
  * man: fix typo
  * bash-completion: resolvectl: add missing options and verb
  * core/unit: fix use-after-free
  * Merge pull request #23311 from keszybz/bootspec-fuzzer
  * Merge pull request #23310 from keszybz/suppress-fuzzer-timeouts-and-errors
  * network: set/unset enumerating flag before/after loop
  * core/slice: make slice_freezer_action() return 0 if freezing state is unchanged
  * Merge pull request #23321 from poettering/sockaddr-no-cast
  * Merge pull request #23300 from DaanDeMeyer/device-debug
  * resolve: reallocate DNS scope when DNSSEC and/or DNS-over-TLS settings are changed
  * core/timer: fix memleak
  * core/timer: fix potential use-after-free
  * Merge pull request #23336 from keszybz/fuzz-calendarspec-more-coverage
  * Merge pull request #23335 from keszybz/fuzz-json-more-coverage
  * meson: sort files
  * Merge pull request #23351 from keszybz/logind-message
  * sd-device-enumerator: fix inverted return value of match_initialized()
  * fuzzers: add input size limits, always configure limits in two ways
  * Merge pull request #23358 from keszybz/fuzzer-input-sizes
  * Merge pull request #23361 from keszybz/resolved-helpers
  * CI: use Fedora 36
  * sd-device: always translate sysname to sysfs filename
  * test-sd-device: skip gpio subsystem
  * core/device: drop unnecessary condition
  * core/device: ignore DEVICE_FOUND_UDEV bit on switching root
  * mkosi: test-acl-util requires getfacl
  * mkosi: drop libiptc from build for Fedora
  * Merge pull request #23218 from yuwata/core-device
  * Merge pull request #23365 from yuwata/ci-fedora-36
  * userdb: fix error handling
  * tree-wide: fix typo
  * Merge pull request #23369 from yuwata/error-handling-fixlets
  * Merge pull request #23370 from bluca/hwdb
  * tree-wide: replace AF_LOCAL with AF_UNIX
  * resolve: fix memleak
  * network: do not update interface group by default
  * resolve/dnssd: make dnssd_render_instance_name() take Manager
  * resolve: merge variable declaration with same type
  * git: ignore manifest
  * po: update Japanese translation
  * meson: use boolean for configuration_data.set10()
  * meson: disable bpf if skip-deps is enabled
  * meson: always use ExternalProgram.path()
  * meson: use fs.name() and fs.parent()
  * meson: always get libbpf include directory from pkgconfig
  * core: fix comment
  * fuzz: drop too large input
  * Merge pull request #23377 from nabijaczleweli/shopt
  * Merge pull request #23403 from keszybz/docs-update
  * test-execute: skip one more test when PID1 is not systemd
  * Merge pull request #23407 from keszybz/bpf-cleanup-warning
  * networkctl: fix units for bond parameters
  * test-network: add test for showing Bond parameters
  * test-boot-timestamp: use ERRNO_IS_PRIVILEGE() to also mask -EPERM
  * Merge pull request #23422 from keszybz/two-doc-tweaks
  * doc: fix typo
  * meson: install 70-power-switch.rules
  * shared/extension-release: drop unnecessary strna() wrapper
  * Merge pull request #23454 from keszybz/portable-introspect
  * Merge pull request #23451 from medhefgo/boot-static-assert
  * Merge pull request #23439 from keszybz/kernel-install-verbose
  * test: add test for bus introspection of portable1
  * sysext: refuse empty release ID to avoid triggering assertion
  * networkctl: show error message provided through dbus
  * network: drop support for old kernels which cannot set prefix route with non-main route table
  * Merge pull request #23464 from bnf/update-wiki-links
  * Merge pull request #23513 from keszybz/bootctl-version-print
  * core/device: do not downgrade device state if it is already enumerated
  * Merge pull request #23517 from mrc0mmand/cryptsetup-switchroot-transition
  * sd-bus: fix buffer overflow
  * Merge pull request #23542 from medhefgo/attributes
  * test: drop redundant log message
  * portable: try to remove unit files even in a spurious state
  * Merge pull request #23354 from DaanDeMeyer/mount-implicit-device-dep-trace
  * portable: remove drop-in configs even if the main unit file does not exist
  * doc: fix typo
  * esp: fix typo
  * Merge pull request #23562 from yuwata/fix-typo
  * core/unit: fix notification about unit dependency change
  * core: make unit_add_two_dependencies() or friends return 1 on changed
  * Merge pull request #23560 from mrc0mmand/coccinelle
  * Merge pull request #23564 from yuwata/core-unit-add-dep
  * Merge pull request #23558 from msekletar/issue-20329-followup
  * portable: fix command option in comment
  * tree-wide: use ALIGN_PTR()
  * macro: make ALIGN4() and ALIGN8() also return SIZE_MAX on overflow
  * boot: use ALIGN4()
  * sd-bus: use ALIGN8()
  * sd-bus: drop redundant condition
  * sd-bus: drop unnecessary cast
  * sd-bus: use UINT32_MAX
  * sd-bus: make several functions static
  * sd-bus: merge message_peek_fields() and buffer_peek()
  * sd-bus: drop D-Bus version 2 format support
  * sd-bus: drop constant argument for message_extend_fields()
  * network/erspan: support erspan version 0 and 2
  * test-network: add tests for erspan version 0 and 2
  * test-network: call networkctl only when specified interface exists
  * Merge pull request #23512 from medhefgo/efi-clang
  * Merge pull request #23531 from yuwata/sd-bus-drop-version-2
  * sha256: use memcpy() when result buffer is unaligned
  * test: add test for sha256
  * test: fix indentation
  * boot: fix typo
  * boot: make several functions inline
  * boot: use CMP() macro for safety
  * login: fix typo
  * Merge pull request #23583 from yuwata/boot-efi-string-follow-ups
  * test: add dlopen test for pam_systemd_home
  * Merge pull request #23675 from enr0n/udev-available-cleanup
  * Merge pull request #23616 from keszybz/in-addr-to-string-formatting
  * Merge pull request #23348 from medhefgo/log-shutdown-blockers
  * tree-wide: fix typo
  * Merge pull request #23589 from medhefgo/efi-clang
  * dns-domain: use dns_name_concat()
  * dns-domain: simplify code a bit
  * devnode-acl: use set_put_strdup_full() and set_ensure_consume()
  * boot/efi-string: check the end of haystack before testing remaining pattern
  * test: drop redundant IMAGE_NAME=
  * test: always exclude devices named loop*
  * test: import logind test from debian/ubuntu test suite
  * test: import timedated test from debian/ubuntu test suite
  * test: exclude network interfaces
  * Merge pull request #23688 from yuwata/boot-efi-string-efi_fnmatch-fix-over-flow
  * Merge pull request #23701 from medhefgo/boot-mem
  * Merge pull request #23691 from medhefgo/efi-clang
  * dns-domain: make each label nul-terminated
  * dns-domain: rename function arguments
  * dns-domain: reduce indentation in dns_service_split()
  * basic/linux: update kernel headers to 5.19-rc1
  * shared/linux: update kernel headers to 5.19-rc1
  * Merge pull request #23714 from mrc0mmand/networkd-testsuite-tweaks
  * test: introduce assert_not_in() helper function
  * test: drop unnecessary --no-pager option
  * test: support debian/ubuntu specific timezone config file
  * test: import hostnamed tests from debian/ubuntu test suite
  * locale-util: fix memleak on failure
  * locale-util: check if enumerated locales are valid
  * locale-util: align locale entries
  * locale-setup: merge locale handling in PID1 and localed
  * locale: rename keymap-util.[ch] -> localed-util.[ch]
  * localectl: use Table to show status
  * test: add one more path to search keymaps
  * test: introduce inst_recursive() helper function
  * test: install libxkbcommon and x11 keymaps
  * test: install C.UTF-8 and English locales
  * test: import localed tests from debian/ubuntu test suite
  * test: insert space in for loop
  * test: move "do" at the end of line
  * test: use trap RETURN
  * Merge pull request #23709 from yuwata/test-hostname-locale
  * Merge pull request #23733 from sshedi/cid-1469711
  * tree-wide: fix typo
  * nspawn: fix UID map string
  * Merge pull request #23741 from mrc0mmand/more-asan-tweaks
  * core/dbus-execute: do not append denied syscalls in allow-list
  * core/dbus-execute: drop unnecessary flag
  * set: introduce set_put_strndup()
  * analyze-security: always save syscall name
  * seccomp-util: make @known include @obsolete
  * test: add syscall filter tests for analyze security
  * Merge pull request #23771 from mrc0mmand/test-tweaks
  * locale: drop unnecessary allocation
  * core: drop unnecessary free
  * core: close watchdog device if watchdog device is unspecified now
  * Revert NFTSet feature
  * Revert "networkd: NetLabel integration"
  * Merge pull request #23774 from yuwata/netlabel-nftset-follow-ups
  * udev: allow to execute longer command line
  * nspawn: update help message for user namespacing
  * nspawn: support PrivateUsers=identity
  * meson: show default nspawn locale in summary
  * github: add more components to issue template
  * Merge pull request #23842 from medhefgo/boot-std
  * network: grouping elements in network_free()
  * sd-event: use LIST_IS_EMPTY()
  * sd-event: make sd_event_prepare() return positive when buffered inotify data exists
  * test: add another test for inotify event source
  * core/device: start units specified in SYSTEMD_WANTS if it is not running
  * core/unit: try to submit stop_when_unneeded queue on removing dependencies
  * test: disable echo earlier
  * test: add udev tests for SYSTEMD_WANTS
  * Merge pull request #23181 from thesamesam/parisc-seccomp
  * Merge pull request #23849 from mbiebl/more-https
  * Merge pull request #23821 from dtardon/ascii-logging
  * sd-journal: align table
  * sd-journal: shorten code a bit
  * sd-journal: drop unused argument from journal_file_check_object()
  * sd-journal: also check object header before verifying object data
  * sd-journal: data object may be invalid after data_object_in_hash_table()
  * virt: fix detection of Parallels virtualization
  * Merge pull request #23868 from keszybz/lib-resplit-2
  * journalctl: fix to show user slice
  * unit: prioritize module devices
  * core: do not filter out systemd.unit= and run-level specifier from kernel command line
  * Merge pull request #23883 from yuwata/pid1-do-not-filter-out-systemd-unit
  * debug-generator: shorten code a bit
  * Merge pull request #23886 from keszybz/https-links-kernel
  * Merge pull request #23104 from mrc0mmand/resolved-tests
  * Merge pull request #23916 from keszybz/assorted-patches
  * Revert "dissect: ID from os-release should be non-empty, not just non-NULL"
  * dissect: refuse empty release ID
  * Merge pull request #23396 from msekletar/fix-idle-action-lock
  * TODO: fix typo
  * test: fix typo
  * Merge pull request #23569 from msekletar/pam-systemd-no-user-systemd
  * systemctl: enable colorized logging by default
  * systemctl: drop color settings in log message
  * Merge pull request #23932 from medhefgo/boot-misc
  * test: several cleanups for TEST-35-LOGIN
  * Merge pull request #23939 from mrc0mmand/TEST-70-fix-cleanup
  * Merge pull request #23937 from mrc0mmand/test-tweaks
  * test: remove /failed and /testok before running test script
  * test: use timeout command to improve performance
  * resolve: fix heap-buffer-overflow reported by ASAN with strict_string_checks=1
  * test-network: merge DHCP client tests to improve performance
  * resolve: fix possible integer overflow
  * time-util: fix buffer-over-run
  * test: start test user session before idle action setting is changed
  * core/load-fragment: fix error value in log_syntax()
  * core: shorten code a bit
  * core/cgroup: drop unnecessary else
  * sd-device: change type of properties nulstr from uint8_t* to char*
  * sd-device: make device_get_properties_{nulstr,strv}() take NULL for result value
  * sd-device: send udev database version
  * resolve: mdns: fix use-after-free
  * Revert "resolve: mDNS transaction max attempts fix"
  * resolve: drop unnecessary else, and add short comment
  * resolve: fix misuse of accuracy parameter in sd_event_add_time()
  * resolve: introduce dns_transaction_setup_timeout()
  * resolve: shorten code a bit
  * resolve: mdns_packet_extract_matching_rrs() may return 0
  * resolve: do not trigger assertions on invalid query
  * resolve: mdns: calculate required packet size to store questions and authorities
  * network: drop redundant warning
  * test-network: introduce read_link_state_file() helper function
  * test-network: shorten sleep time a bit
  * test-network: introduce read_dnsmasq_log_file() helper function
  * test-network: drop meaningless test
  * test-network: drop 25-dhcp-v4-server-veth-peer.network
  * test-network: check DHCPv4 address in more detail
  * sd-dhcp-client: fix log message
  * test-network: drop test_dhcp_client_ipv4_ipv6
  * test-network: merge two IPv4LL tests
  * test-network: merge tests for UseDNS=
  * test-network: merge two more tests with test_dhcp_client_ipv4_only
  * test-network: replace sleep with wait_address() and wait_address_dropped()
  * test-network: merge two DHCPv6 client tests
  * test-network: disable debugging logs from networkctl, resolvectl, and so on
  * test-network: suppress periodic output in wait_operstate()
  * test-network: use wait_operstate() at one more place
  * resolve: introduce FORMAT_DNS_RCODE() macro
  * sd-device: make sd_device_get_is_initialized() not return -ENOENT
  * virt: align tables
  * unit-def: align string tables
  * sd-device: shorten code a bit
  * test-network: extend timeout for DHCP lease to be expired
  * test-network: various cleanups
  * test-network: merge stdout and stderr of invoked command by call()
  * test-network: support to remove routing policy rules with l3mdev flag
  * Merge pull request #23974 from yuwata/align-tables
  * Merge pull request #23972 from yuwata/sd-device
  * Merge pull request #23980 from yuwata/test-network
  * test-network: wait for L2TP tunnels being removed
  * Merge pull request #23881 from keszybz/kernel-install-strikes-yet-again
  * test-network: save and restore timezone
  * Revert "network: configure DHCP clients after MAC address is assigned"
  * network: dhcp4: disable DHCPv4 client on interfaces with non-supported types
  * network: NDisc does not require MAC address
  * network: do not set invalid MAC address for non-ethernet interface
  * Merge pull request #23882 from dtardon/logind-set-display-test
  * sd-dhcp6-client: add more debugging logs on parsing message
  * sd-dhcp6-client: allow NULL option value when length is zero
  * sd-dhcp6-client: fix off-by-one error in parsing dhcp6 options
  * sd-bus: do not pass NULL when received message with invalid type
  * network: use sd_event_now()
  * network: fix infinite lifetime handling
  * network: refuse to configure address or route with 0 valid lifetime
  * Merge pull request #23999 from msekletar/revert-background-session-no-user-instance
  * Merge pull request #23927 from AndreKalb/feature/ipv4-link-local-start-address
  * network: refuse 169.254.0.0/24 and 169.254.255.0/24 for IPv4LLStartAddress=
  * test-network: add a test case for IPv4LLStartAddress=
  * Merge pull request #24016 from poettering/sysctl-cred-extra
  * Merge pull request #24019 from yuwata/network-ipv4ll
  * Merge pull request #24021 from poettering/man-rlimit-comments
  * sd-event: drop redundant code
  * sd-event: introduce PROTECT_EVENT() macro
  * Merge pull request #24035 from yuwata/sd-event-cleanup
  * Merge pull request #24018 from keszybz/generator-cleanups
  * Merge pull request #24047 from dtardon/list-users-linger
  * tree-wide: fix typo
  * core/mount: adjust deserialized state based on /proc/self/mountinfo
  * test: use fabs() as the argument is double
  * math-util: introduce iszero_safe() and fp_equal()
  * json: use fpclassify() or its helper functions
  * meson: refuse -ffinite-math-only
  * test-network: do not stop/restart udevd and related socket units
  * test-network: drop unnecessary default argument
  * test-network: drop unnecessary call of systemctl
  * sd-dhcp6-client: introduce sd_dhcp6_client_set_rapid_commit()
  * network: dhcp6: re-introduce RapidCommit= setting
  * test-network: add tests for RapidCommit=
  * test: wait for user service or slice to be finished
  * Merge pull request #24074 from yuwata/network-dhcp6-rapid-commit
  * network: do not silently stop to process configuration on activation failure
  * sd-device: introduce device_get_sysattr_bool()
  * sd-device: introduce device_clear_sysattr_cache()
  * sd-device: introduce device_unref_and_replace()
  * network: use device_unref_and_replace()
  * udev: fix error check
  * udev: downgrade error level and mention that the error is ignored
  * udev: use event_reset_time_relative()
  * udev: delay to start queued events on `udevadm control --start-exec-queue`
  * conf-parser: add a boolean flag for config_get_stats_by_path() to control if drop-in configs are checked
  * udev: save stats of all udev rules file
  * udev: reload rules and builtins only when mtime of a config changed
  * udev-builtin: logs when needs reloading
  * test-network: reload udevd when .link file is copied/removed
  * network: rename Link.sd_device -> Link.dev
  * network: introduce a tiny wrapper for manager_udev_process_link()
  * network: unref sd-device object assigned to Link on remove uevent
  * network: add TODO about interface renaming
  * network: set wiphy name in wiphy_new()
  * network: assign corresponding sd-device object to Wiphy object
  * network: also assign rfkill device to Wiphy object
  * network: do not try to bring up wifi interface if rfkill is active
  * sd-netlink: move rtnl_message_type_is_*() to netlink-message-rtnl.c
  * tree-wide: drop unnecessary inclusion of netlink-util.h
  * firewall-util-nft: various cleanups
  * firewall-util: drop unnecessary string attribute
  * sd-netlink: several cleanups for netfilter
  * sd-netlink: introduce sd_netlink_message_append_container_data()
  * sd-netlink: drop unused sd_nfnl_nft_message_del_table()
  * sd-netlink: merge sd_nfnl_nft_message_{new,del}_setelems_begin()
  * firewall-util: introduce nfnl_close_expr_container() helper function
  * sd-netlink: do not compare pointer with 0
  * sd-netlink: introduce sd_nfnl_{send,call}_batch()
  * Merge pull request #23828 from yuwata/nfnl-cleanups
  * Merge pull request #24020 from yuwata/network-rfkill
  * unit-file: avoid (null) in debugging logs
  * homed: fix dbus node enumerator
  * home: drop conflicted headers
  * Revert "core/mount: fail early if directory cannot be created"
  * core/mount: downgrade log level about several mkdir failures
  * meson: use 0 for default uids, gids, and time epoch
  * test: terminate session and user on cleanup
  * test: do not restart getty@tty2 automatically
  * test: restart logind before cleaning up sessions
  * tree-wide: fix typo
  * network: drop doubled semicolon
  * network: split link_ipv4ll_enabled() into two
  * network: do not try to start ipv4acd on non-supported interfaces
  * network: fix possible NULL-pointer dereference
  * network: make link_may_have_ipv6ll() optionally check Multicast= setting
  * test-network: add test case for #23197
  * Merge pull request #24174 from yuwata/network-link-local-address
  * core/mount: use set_put_strdup_full()
  * core: unit_name_from_path() does not return -ENAMETOOLONG anymore
  * core/mount: set Mount.from_proc_self_mountinfo flag before adding default dependencies
  * core/mount: also remove default deps from /proc/self/mountinfo when it is updated
  * core/mount: make device deps from /proc/self/mountinfo and .mount unit file exclusive
  * test: add test case for mount unit dependencies
  * test-network: support the case that l2tp module is not supported
  * Merge pull request #23367 from yuwata/core-mount
  * sd-device: introduce sd_device_new_child()
  * udev: ignore empty SR-IOV VF suffix
  * network: wiphy: use ERRNO_IS_DEVICE_ABSENT()
  * network: unset master ifindex only when necessary
  * network: refuse to configure anything on pending or initialized state
  * network: drop carrier check for unmanaged interface from link_is_ready_to_configure()
  * network: check link state with link_is_ready_to_configure() before configuring DHCP client or friends
  * network: split out link_is_ready_to_create_stacked_netdev()
  * network: manage SR-IOV PF and VF ports
  * network: also check SR-IOV PF port and other VF ports before configuring
  * core/device: store the original path
  * core/device: move several functions
  * core/device: always accept syspath change
  * core/device: add comments for boolean arguments
  * Merge pull request #23508 from yuwata/core-device
  * Merge pull request #23340 from yuwata/network-check-sr-iov-pf-state
  * udev-util: align string table
  * udev-util: assume system is running on AC power when no battery found
  * sd-netlink: rename NLType and friends
  * dhcp4: stop client before updating MAC address
  * ether-addr-util: introduce hw_addr_set() helper function
  * sd-dhcp-client: use struct hw_addr_data to store MAC and broadcast address
  * sd-dhcp6-client: use hw_addr_set()
  * dhcp: make dhcp_identifier_set_iaid() take struct hw_addr_data
  * dhcp: make dhcp_identifier_set_duid() take struct hw_addr_data
  * dhcp: make dhcp_network_bind_raw_socket() take struct hw_addr_data
  * dhcp: fix potential buffer overflow
  * dhcp: add assertions about client state
  * hash-funcs: introduce string_hash_ops_free_strv_free
  * Merge pull request #24221 from yuwata/dhcp-client-cleanups
  * sd-device-enumerator,monitor: fix sysattr match
  * sd-device-enumerator: FOREACH_DEVICE_PROPERTY() does not provide NULL value
  * test: add tests for sd_device_enumerator_add_match_sysattr/property()
  * Merge pull request #24244 from yuwata/device-enumerator
  * backlight: accept embedded display port named e.g. card0-eDP-1
  * network/qdisc: introduce is_ready() in qdisc vtable
  * network/teql: wait for corresponding teql interface to be available
  * test-network: use timedatectl in build directory
  * test-network: also run timesyncd under sanitizer or valgrind
  * test-network: drop unused text= arguments
  * test-network: show stdout and stderr on failure in check_output()
  * test-network: rename tun99 and tap99
  * test-network: check qdisc feature by module existence
  * test-network: split test_qdisc() and test_qdisc2()
  * test-network: split out qdisc and wait-online tests from NetworkdNetworkTests
  * meson: use 'not in'
  * tree-wide: fix typo
  * oom: drop invalid %m in the log message
  * Merge pull request #24256 from systemd/wip/hadess/greaseweazle
  * test: add fake action and seqnum
  * test: do not fill up receiver buffer
  * sd-device-monitor: fix inversed condition
  * sd-device-monitor: actually refuse to send invalid devices
  * Merge pull request #24288 from yuwata/sd-device-monitor-fixlets
  * sd-device-enumerator: drop noisy log messages
  * Merge pull request #24286 from yuwata/test-sd-device-monitor
  * sd-device-monitor: introduce sd_device_monitor_{set,get}_description()
  * sd-device-monitor: logs description for device monitor
  * test: use sd_device_monitor_set_description()
  * udev: set description for device monitor
  * sd-device: allow to create sd-device object through a symlink outside of /sys
  * test: add more tests for sd_device_new_from_path()
  * udev: use sd_device_new_from_path() and _new_child()
  * Merge pull request #24289 from yuwata/sd-device-monitor-set-description
  * Merge pull request #24285 from yuwata/sd-device-new-from-path
  * Merge pull request #24138 from Keksgesicht/rfe/cryptenroll-keyfile
  * dhcp6: gracefully handle NoBinding error
  * dhcp6: do not append ORO option when no option requested
  * test-network: also set StartLimitIntervalSec=0 for systemd-networkd.socket
  * test-network: use "systemctl restart" to restart networkd
  * Merge pull request #24305 from yuwata/test-network
  * network/bridge: fix UseBPDU= and AllowPortToBeRoot=
  * udev/cdrom_id: check last track info
  * Merge pull request #24299 from yuwata/dhcp6-no-binding
  * Merge pull request #24294 from rphibel/add-support-for-list-of-definitions-directories
  * daemon-util: introduce several helper functions for fd store
  * login: use helper functions for fd store
  * network/tuntap: code cleanups
  * network/tuntap: introduce KeepCarrier= setting
  * network/tuntap: save tun or tap file descriptor in fd store
  * test-network: add tests for KeepCarrier= for tuntap interfaces
  * test-network: add tests for MTUBytes= for bridge master and ports
  * backlight: add/update several logs for validating backlight devices
  * backlight: filter out unnecessary backlight devices by device enumerator
  * backlight: fix issue on multiple graphics cards system
  * sysctl: use ordered_hashmap_ensure_put()
  * sysctl: drop /proc/sys/ in prefix
  * sysctl: split out code for applying glob option
  * path-util: introduce path_glob_can_match()
  * sysctl: apply prefix before calling glob()
  * test: do not use sysctl.d to store test conf
  * test: use assertions in sysctl tests
  * test: add tests for glob sysctl pattern
  * test-network: add/update module check
  * Merge pull request #24333 from yuwata/sysctl
  * udev: rename various validate() -> should_reload() for builtin commands
  * Merge pull request #24250 from yuwata/backlight-multiple-graphics-cards
  * network: fix DHCPv4 address renewal with IPv4ACD
  * network: update setting for IPv4ACD or IPv6DAD in existing Address objects
  * network: unref existing sd_ipv4acd object when not necessary
  * test-network: drop unused .network file
  * test-network: add tests for IPv4ACD and renewing DHCP address
  * Merge pull request #24348 from yuwata/network-ipv4acd-renew
  * Merge pull request #24353 from alpernebbi/hwdb-cros-ec-accel-base
  * test: wait for whole block device instead of partition
  * Merge pull request #24356 from keszybz/sd-netlink-api
  * test-network: add helper functions for reading logs of networkd
  * test-network: add test for issue #24377
  * Merge pull request #24378 from yuwata/test-network-issue-24377
  * hostname: make chassis type actually obtained from ACPI when nothing from DMI
  * test: add test case for chassis type
  * repart: drop doubled space
  * udev: fix inversed inequality for timeout of retrying event
  * gpt: fix native uuids for s390x
  * gpt: fix alignment
  * test: modernize TEST-58-REPART
  * test: merge test-repart.sh and TEST-58-REPART
  * test: make TEST-58-REPART support nspawn
  * udev: certainly restart event for previously locked device
  * udev: drop unnecessary calls of event_queue_start()
  * virt: fix alignment
  * core/mount: voidify unit_acquire_invocation_id()
  * Merge pull request #24454 from bluca/ci
  * sd-netlink: fix attribute type for RTAX_CC_ALGO
  * test-sd-device: run subsystem filter test several times
  * test: wait for loop device to be removed
  * network: introduce TCPCongestionControlAlgorithm=
  * test-network: add test for TCPCongestionControlAlgorithm=
  * Merge pull request #23764 from enr0n/oomd-allow-managed-oom-preference
  * test-58-repart: use udevadm control instead of creating service drop-in
  * test-50-dissect: generate debugging logs of udevd
  * Merge pull request #24468 from yuwata/test-udev-debug
  * loop-util: use filter provided by sd_device_enumerator
  * tree-wide: fix typo
  * test-64: extend timeout for slower env e.g. non-kvm
  * growfs,repart: fix misuse of sd_device_get_devpath()
  * sd-device: rename device-util.c -> device-filter.c
  * devnum-util: split-out device_path_make_inaccessible()
  * sd-device: introduce devpath_from_devnum()
  * sd-device: introduce device_open_from_devnum()
  * sd-device: skip to check diskseq if device is not initialized
  * tree-wide: use devpath_from_devnum() and device_open_from_devnum()
  * test-64: relax number of partitions used in testcase_simultaneous_events() to speed up non-KVM environment
  * udev/net: drop unused timestamp
  * udev: do not kill workers when requested to set the same log level currently assigned
  * test-network: add missing online check
  * udevadm: replace find_device_from_path() with sd_device_new_from_path()
  * shell-completion: drop unused $mode
  * test-64: run one more subtest on non-KVM environment with relaxed condition
  * network: drop unused timestamp
  * udev-util: minor cleanups for on_ac_power()
  * udevadm-settle: emit deprecated warning earlier
  * udevadm-settle: make failure in udev_ctrl_new() critical
  * udevadm-settle: check if udevd is running
  * udevadm-settle: rename arg_timeout -> arg_timeout_usec
  * udevadm-settle: use sd-event
  * udevadm-settle: check validity of specified path
  * Revert "test: wait for loop device to be removed"
  * udevadm-wait: introduce periodic timer for checking devices
  * test-50-dissect: wait for and lock loop block partition devices
  * Merge pull request #24495 from poettering/loopback-block-msg
  * Merge pull request #23888 from topimiettinen/networkd-netlabel-v2
  * Merge pull request #24471 from yuwata/udevadm-wait-periodic-timer
  * Merge pull request #24474 from yuwata/udevadm-settle-cleanups
  * Merge pull request #24499 from medhefgo/format-signedness
  * udev-util: replace device_new_from_dev_path() with sd_device_new_from_devname()
  * udev-util: make device_wait_for_initialization() take relative timeout
  * dissect-image: add environment variable to control timeout for waiting devlink to be configured
  * test-29-portable: extend timeout for slower environment
  * test-29-portable: enable debugging logs of udevd
  * udevadm-settle: improve logs when we cannot access /run/udev/control
  * Merge pull request #24531 from poettering/loop-resize-part-modernizations
  * github: update differential shellcheck to v3.0.1
  * sd-device: rename devpath_from_devnum() -> devname_from_devnum()
  * sd-device: introduce devname_from_stat_rdev()
  * core/swap: use devname_from_stat_rdev()
  * loop-util: rename loopdev -> node
  * loop-util: always set LoopDevice.node
  * dissect-image: introduce dissect_loop_device() which takes LoopDevice object
  * udevadm-wait: move comments and condition outside of setup_periodic_timer()
  * Merge pull request #24536 from yuwata/dissect-take-loop-device
  * udev: move udev_node_escape_path()
  * udev: split link_update() and introduce stack_directory_get_name()
  * udev: do not remove stack directory even if it is empty
  * path-util: introduce path_make_relative_parent()
  * udev: use readlinkat_malloc()
  * udev: rename link_find_prioritized() and variables
  * udev: use path_make_relative_parent()
  * udev: make node_symlink() accept NULL devname
  * udev: use flock() when updating device node symlinks
  * udev: cleanup stack directory /run/udev/links when all workers exited
  * tmpfile-util: truncate original filename if the result filename is too long
  * loop-util: fix memleak when fd is for a block device with non-zero offset or size
  * json: introduce json_append()
  * bootspec: do not build two many json object at once
  * fuzz: add a test case for fuzz-bootspec
  * bootspec: shorten code a bit
  * test: check returned values are always initialized on success
  * Merge pull request #24550 from yuwata/bootspec
  * mount-util: fix error code
  * loop-util: also set LoopDevice.diskseq when created with loop_device_open()
  * loop-util: fix LoopDevice.devno assigned by loop_device_open()
  * loop-util: introduce loop_device_open_full()
  * loop-util: use loop_device_open_full() when whole block device is passed to loop_device_make()
  * loop-util: drop unnecessary initializations
  * loop-util: lock_fd must be closed before calling LOOP_CLR_FD
  * udev/rules,hwdb: filter out mostly meaningless default strings
  * Merge pull request #24568 from poettering/atou16-atou-rework
  * Merge pull request #24467 from qdeslandes/nspawn_rootidmap
  * udevadm-wait: also listen kernel uevent stream if --initialized=no
  * udevadm-wait: wait for two periodic timer triggered before exit
  * udevadm-wait: shorten code a bit
  * Merge pull request #24520 from yuwata/udevadm-wait-listen-kernel-uevents
  * loop-util: store sd_device object for the loop device
  * loop-util: fix leak of file descriptor on failure
  * blockdev-util: make block_device_remove_all_partitions() take sd_device object
  * blockdev-util: check if provided sd_device is for a whole block device
  * loop-util: move device_has_block_children() to blockdev-util.c
  * loop-util: save backing file of loopback block device
  * dissect-image: use backing_file stored in LoopDevice object to generate image name
  * gpt-auto: use LoopDevice object to manage whole block disk
  * dissect-image: use loop backing file or device node as name of the image
  * dissect-image: drop currently unused code
  * dissect-image: drop currently unused arguments
  * dissect-image: reuse LoopDevice.node in dissect_image()
  * dissect-image: drop unnecessary duplication of partition device node
  * Merge pull request #24571 from yuwata/dissect-loop-image-use-backing-file
  * uid-range: move to src/basic/
  * sd-device-monitor: relax sender uid check when running in user namespace
  * Merge pull request #24587 from yuwata/sd-device-monitor-running-user-ns
  * sd-device-enumerator: use test_matches() more
  * sd-device-enumerator: do not fail when a directory vanishes on enumerate
  * sd-device-enumerator: rewrite child enumeration without recursion
  * test: add test for sd_device_enumerator_add_match_parent()
  * Merge pull request #24601 from yuwata/sd-device-enumerator-drop-recursion
  * loop-util: split out several functions fron loop_configure() and loop_device_make_internal()
  * loop-util: save the flag about if LOOP_CONFIGURE ioctl works or not in loop_configure()
  * loop-util: open loopback block device in loop_configure()
  * loop-util: always check if backing file is not attached yet
  * loop-util: do not try to enumerate partitions twice
  * repart: rename variables in config_parse_weight()
  * repart: constify partition_min_size()
  * repart: make partition_max_size() return UINT64_MAX if not specified
  * repart: ensure partition_max_size() >= partition_min_size()
  * repart: introduce partition_{min,max}_padding()
  * repart: split out context_grow_partition_one()
  * repart: make scale_by_weight() always succeed
  * repart: anyway run loop at the end even if the loop will be restarted later
  * repart: set new size for foreign partitions at first
  * repart: do not assign new size larger than acquired or the specified maximum
  * repart: reset assignments by previous context_allocate_partitions()
  * repart: split out free_area_{current,min}_end() from free_area_available_for_new_partitions()
  * repart: check if existing partitions can grow
  * repart: make existing partition can be also 'dropped'
  * test-58-repart: add test case for issue #24553
  * Merge pull request #24557 from yuwata/repart
  * sd-device-enumerator: check sysname earlier
  * sd-device-enumerator: always ignore ENOENT from opendir()
  * sd-device-enumerator: use _cleanup_free_ attribute for safety
  * blockdevi-util: also check sysname when enumerating partitions
  * Merge pull request #24611 from yuwata/loop-util-refactoring
  * Merge pull request #24609 from yuwata/sd-device-enumerator-check-sysname
  * udevd: use partition enumerator at one more place
  * blockdev-util: split out blockdev_reread_partition_table()
  * Merge pull request #24618 from yuwata/udev-split-synthesizing
  * udev: always open with O_NOCTTY
  * udev: use read_virtual_file() at one more place
  * test-29-portable: set timeout for 'portablectl reattach'
  * Merge pull request #24637 from mrc0mmand/TEST-75-tweaks
  * udev: not necessary to return 1 from on_inotify()
  * udev: ignore IN_IGNORED inotify event earlier
  * udev-watch: remove symlink for saving inotify watch handle only when it is owned by the processing device
  * udev: use rm_rf() to remove old watch directory
  * udev: drop unnecessary call of udev_watch_end()
  * udev: warn on udev_watch_{begin,end}() failure
  * sd-device: move device_new_from_watch_handle_at() to udev-watch.c
  * test: add testcase for udev-watch
  * test-mountpoint-util: use log_info()
  * test-mountpoint-util: support running on a mount namespace with another mount on /proc
  * Merge pull request #23043 from yuwata/udev-node-use-flock
  * Merge pull request #23087 from yuwata/udev-watch
  * openssl-util: drop meaningless assertion
  * openssl-util: use assert() if no side effect
  * creds-util: fix NULL pointer dereference
  * Merge pull request #24651 from yuwata/openssl-util
  * boot: fix missing initialization
  * Merge pull request #24272 from dtardon/asserts
  * Merge pull request #24662 from mrc0mmand/test-exec-deserialization-tweaks
  * Merge pull request #24663 from mrc0mmand/codeql-follow-up
  * fs-util: use path_make_relative_parent() at one more place
  * fs-util,label: introduce symlink_atomic_full() and symlink_atomic_full_label()
  * Merge pull request #24669 from dtardon/nested-asserts
  * pid1: introduce dbus properties WatchdogDevice and friends
  * tree-wide: fix typo
  * Merge pull request #24671 from mrc0mmand/even-more-codeql
  * test-seccomp: support systems that sched_setscheduler() is already limited
  * test-date: do not fail even on ~50 years later
  * unit: drop ProtectClock=yes from systemd-udevd.service
  * update TODO
  * sd-device-monitor: do not trigger assertion when uid_map is not empty
  * userdbctl: do not show meaningless boundaries when no uid range available
  * userdbctl: fix arrow direction
  * uid-range: use parse_uid_range()
  * uid-range: sort uid range entries in uid_range_coalesce()
  * uid-range: escape from loop earlier
  * uid-range: optimize to load uid_map file
  * uid-range: make uid_range_intersect() take two UidRange objects
  * uid-range: tie up number and array of uid range entries
  * test: add tests for uid_range_coalesce()
  * watchdog: explicitly initialize global variable
  * pid1: drop redundant DBus properties
  * watchdog: use /dev/watchdog0 only if it exists
  * udev-node: split out stack_directory_read_one()
  * udev-node: do not create symlink to a non-existing device node
  * dissect-image: fix memleak on failure
  * dissect-image: handle all non-negative return values as success
  * Merge pull request #24685 from yuwata/uid-range
  * Merge pull request #24688 from yuwata/watchdog-dbus-properties-follow-ups
  * Merge pull request #24664 from yuwata/watchdog
  * Merge pull request #24692 from yuwata/dissect-image-fix-memleak
  * sd-netlink: unexport sd-netlink
  * man: explicitly document that "reboot -f" is different from "systemctl reboot -f"
  * dissect-image: split out verity_timeout()
  * dissect-image: make verity_partition() actually fail when all attempts of activation failed
  * fd-util: rename CLOSE_AND_REPLACE() -> close_and_replace()
  * test-50-dissect: check mount destination instead of mount source
  * test-50-dissect: do not fail test on cleanup
  * cryptsetup-util: introduce crypt_free_and_replace()
  * dissect-image: lazily deactivate decrypted DM volumes
  * dissect-image: introduce reference counter for DecryptedImage
  * dissect-image: take reference of DecryptedImage into DissectedImage
  * loop-util: introduce reference counter for LoopDevice
  * dissect-image: take a reference of LoopDevice into DissectedImage
  * dissect-image: split out dissected_image_new()
  * dissect-image: introduce DISSECTED_PARTITION_NULL
  * udev: downgrade log level when device node is already removed
  * dissect-image: free crypt_device object before trying to activate with unique name
  * sd-device: refuse block device without subsystem
  * Merge pull request #24719 from yuwata/dissect-image-dissected-image-new
  * blockdev-util: split-out block_device_is_whole_disk()
  * blockdev-util: introduce block_device_get_whole_disk()
  * blockdev-util: change return value when a partition device is passed to partition_enumerator_new()
  * udev-node: use symlink_atomic_full_label() to create devlink
  * udev: use block_device_get_whole_disk()
  * udev: do not ignore -ENOENT from sd_device_get_devname() for block device
  * dissect-image: introduce dissected_image_relinquish()
  * tree-wide: use dissected_image_relinquish()
  * tree-wide: drop unused reference to DecryptedImage
  * path-util: add examples for path_make_relative() and path_make_relative_parent()
  * Merge pull request #24730 from yuwata/dissect-image-drop-reference-to-decrypted-image
  * Merge pull request #24725 from yuwata/blockdev-util-introduce-block_device_get_whole_disk
  * Merge pull request #24646 from yuwata/udev-node-symlink_atomic
  * test: add testcase for link priority
  * sd-device: use path_hash_ops to store sysattrs
  * sd-device: use fstatat()
  * sd-device: use faccessat()
  * sd-device: re-implement device_sysattrs_read_all() without recursion
  * udev: use faccessat()
  * udev: use sd_device_get_sysattr_value()
  * sd-device: introduce device_opendir()
  * sd-device: use device_opendir()
  * udev: use device_opendir()
  * Merge pull request #24742 from keszybz/hwdb-252
  * mkdir: chase_symlinks_and_stat() does not return 0
  * test: add more test cases for mkdir_p_safe() and mkdir_p_root()
  * Merge pull request #24744 from yuwata/mkdir-chase-symlinks
  * meson: make several tests run sequentially
  * sd-device: use fd_reopen() at one more place
  * udev: use block_device_is_whole_disk()
  * Merge pull request #24711 from poettering/verify_fsroot_dir-rework
  * core/device: use DEVICE_NOT_FOUND
  * core/device: removed devices are not ready
  * core/device: introduce device_by_path() helper function
  * core/device: introduce device_propagate_reload()
  * core/device: always update existing devlink or alias units on uevent
  * core/device: refuse alias with ".."
  * core/device: check that no unit is ready and not simultaneously
  * test-64-udev-storage: check device units
  * test-64-storage: add test for renaming lvm volume
  * test-17-udev: test that device units for nonexistent devlink are removed
  * sd-device: refuse to get a parent device by sd_device_new_child()
  * sd-device: introduce sd_device_get_child_first() and _next()
  * test-sd-device: add tests for sd_device_get_child_first() and _next()
  * udev-builtin-net_id: use FOREACH_DEVICE_CHILD_WITH_SUFFIX() macro
  * network: fix assertion triggered by passing wrong ifindex
  * network: use FOREACH_DEVICE_CHILD_WITH_SUFFIX() macro
  * Merge pull request #24790 from poettering/run-chdir
  * udev: support by-path devlink for multipath nvme block devices
  * networkctl: use "-" for empty LLDP entries
  * test-network: fix matching string
  * networkctl: re-order entries in status command
  * doc: drop remaining references to LGTM.com
  * README: drop graphs counting issues or PRs
  * tree-wide: fix typo
  * tmpfiles: fix wrong return value
  * meson: libfido2 requires openssl
  * tpm2-util: fix build with -Dopenssl=false
  * sd-device: introduce device_get_sysattr_int()
  * udev: drop workaround for slow read of phys_port_name sysattr
  * networkctl: handle all errors in sd_network_link_get_setup_state() as "unmanaged"
  * networkctl: use table_add_string_line() at one more place
  * sd-network: rename function arguments for storing return value
  * sd-network: propagate -ENOENT
  * sd-network: accept all space-like separators
  * sd-network: introduce network_link_get_boolean() helper function
  * sd-network: drop fallback values
  * sd-network: make sd_network_link_get_dns() or friends return -ENODATA
  * Merge pull request #24812 from yuwata/udev-drop-netlink
  * Merge pull request #24832 from mrc0mmand/more-TEST-64-tweaks
  * dissect-image: split-out dissected_image_probe_filesystem()
  * dissect-image: introduce dissect_image_file() which works for regular file
  * test: add test for dissect_image_file()
  * mkosi: install fdisk for test-loop-block
  * kernel-install: do not fail if $layout is not "bls"
  * kernel-install: do not fail if a plugin exits with 77
  * fuzz: tighten acceptable data size
  * blockdev-util: split-out fd_get_devnum()
  * blockdev-util: reopen file descriptor only when O_PATH is set
  * blockdev-util: re-implement block_get_originating() by using sd_device
  * blockdev-util: introduce block_device_new_from_fd() and block_device_new_from_path()
  * loop-util: rename loop_device_open() -> loop_device_open_from_path()
  * loop-util: re-introduce loop_device_open() which takes sd_device object
  * udevadm: do not try to find device unit when a path like string is provided
  * test-64-udev-storage: use wait command instead of hackish "udevadm lock true"
  * Merge pull request #24820 from keszybz/tmpfiles-warning
  * resolve: do not cache mDNS goodbye packet
  * sd-dhcp6-client: do not use implicit cast from integer to boolean
  * sd-dhcp6-client: use assert() in non-public functions
  * sd-dhcp6-client: make dhcp6_option_append_fqdn() or friends handle zero length value gracefully
  * sd-dhcp6-client: simplify dhcp6_option_append_ia()
  * sd-dhcp6-client: slightly shorten dhcp6_option_append_fqdn()
  * sd-dhcp6-client: use GREEDY_REALLOC()
  * sd-dhcp6-client: use GREEDY_REALLOC() in dhcp6_option_append_vendor_class()
  * sd-dhcp6-client: rename buf -> p
  * sd-dhcp6-client: allow to build large packet
  * Merge pull request #24897 from mrc0mmand/TEST-64-sanitiers-open-scsi
  * resolve: fix typo
  * core: make exec_directory_add() extends existing symlinks
  * core: do not create symlink to private directory if parent already exists
  * test: add more tests for StateDirectory= with DynamicUser=
  * resolve: drop remaining references for Monitor=
  * network: fix use-after-free
  * network: ndisc: read prefix earlier
  * network: ndisc: ignore prefix option with link-local prefix
  * network: introduce {address,route}_remove_and_drop()
  * network: ndisc: address_get() returns 0 on success
  * network: ndisc: drop outdated settings before processing RA message
  * network: ndisc: also introduce timer event source to drop outdated settings
  * network: make sec_to_usec() map 0sec -> 0usec
  * network: ndisc: drop addresses and friends when RA with zero lifetime is received
  * network: ndisc: do not accept too many DNS servers or domains
  * udev-builtin-net_id: reading phys_port_name may be refused with EOPNOTSUPP
  * network: drop unnecessary call of ndisc_vacuum()
  * network: free timer event source for NDisc when link is freed
  * Merge pull request #24931 from bluca/news
  * Merge pull request #24930 from yuwata/network-drop-ndisc-vacuum
  * NEWS: drop reverted feature for networkd
  * NEWS: fix typo
  * TODO: fix typo
  * udev: drop assertion which is always false
  * Merge pull request #24654 from fbuihuu/mount_followup_for_pr_19983
  * udev: add one more assertion
  * sd-ndisc: ignore failure in sending solicitation
  * sd-radv: mention that failures in sending RA are ignored
  * Revert "test-journal-flush: Don't fail on EADDRNOTAVAIL"
  * sd-journal: rename next_hash_offset() -> get_next_hash_offset()
  * sd-journal: several coding style updates
  * sd-journal: drop unused argument
  * sd-journal: re-read object from cache
  * sd-journal: re-read object on next try
  * sd-journal: add comments that journal_file_move_to() may break previous read data
  * Merge pull request #24973 from keszybz/simplify-variable-declarations
  * dissect-image: reduce indentation
  * dissect-image: fix error handling of @cancel_deferred_remove DM command
  * dissect-image: try to open device node before activating
  * dissect-image: open dissected or decrypted partitions and mount through the file descriptor
  * dissect-image: introduce probe_filesystem_full() which can take file descriptor of device node
  * Merge pull request #24625 from yuwata/dissect-image-open-and-lock-decrypted
  * TODO: fix typo
  * test: improve assertion message on failure
  * test: drop unused modules
  * test: introduce __eq__() and __ne__()
  * Merge pull request #24985 from yuwata/codeql
  * sd-journal: use new() instead of newa() if too many items will be added
  * udev-builtin-kmod: support to run without arguments
  * elf-util: drop assertion for metadata in report_module_metadata()
  * udev: drop unused source file
  * sd-device-monitor: dynamically allocate receive buffer
  * test: add test for large uevent message
  * udev: drop redundant description setting
  * tree-wide: set description for device manager
  * test: skip one test for iszero_safe() on i386 without SSE2
  * systemctl: fix potential memleak on failure in determine_default()
  * string-util: make free_and_strdup_warn() return 1 when new string is assigned
  * resolvectl: rely on invoked_as()
  * resolvconf-compat: first parse provided interface name as is
  * test: add tests for setting DNS servers by resolvectl or resolvconf
  * Merge pull request #25080 from keszybz/search-paths
  * Merge pull request #25052 from yuwata/resolvconf-compat
  * btrfs-util: move btrfs_defrag_fd() from fd-util.[ch]
  * test: rewrite tests for renaming network interface
  * core/device: update comment
  * core/device: also serialize/deserialize device syspath
  * Merge pull request #25131 from poettering/image-root-help-text-fix
  * tree-wide: fix typo
  * macro: fix indentation
  * Merge pull request #25133 from poettering/ddi-dissect
  * udev: drop ID_RENAMING from UdevEvent.dev_db_clone instead of UdevEvent.dev
  * udev: use ASSERT_PTR() at one more place
  * sd-device: drop unused device_copy_properties()
  * sd-device: make device_shallow_clone() static
  * sd-dhcp-client: introduce sd_dhcp_client_attach_device()
  * sd-dhcp6-client: introduce sd_dhcp6_client_attach_device()
  * network: attach device to DHCP clients
  * hwdb: drop model specifier from general entries
  * unit: also prioritize input devices when triggering devices
  * core/device: verify device syspath on switching root
  * test: add test for IN_SET() with bitfield specifier
  * dhcp: use the attached sd_device object when generating IAID
  * wait-online: ignore -ENODATA from sd_network_link_get_required_for_online()
  * network: drop redundant condition
  * network: allow to (automatically) reconfigure failed interface
  * Merge pull request #25163 from weblate/weblate-systemd-master
  * network: Table= also accepts table name
  * network: allow 0 for table number
  * network: make RouteTable= also accept route table name
  * test-network: show only IPv4 routes
  * network: adjust route priority based on preference
  * test-network: add testcase for router preference
  * network: drop duplicated period in log message
  * test-network: rewrite wait-online address family tests
  * install: process all Wants= symlinks even if some of them fail
  * test: support non-summer time
  * udev: fix for parsing MAC address
  * udev: always create device symlinks for USB disks
  * network: simplify the logic of reading driver and permanent HW address
  * network: try to reconfigure when some information is updated
  * test-network: add testcase for reconfiguring interface
  * Merge pull request #25190 from mrc0mmand/reenable-test_macsec
  * Merge pull request #25193 from takaswie/topic/udev/builtin/hwdb/ieee1394/support-legacy-layout-of-configuration-rom
  * udev: drop trivial wrapper for udev_watch_begin()
  * network: skip to reassign master ifindex if already set
  * wait-online: ignore one more error in callback function
  * wait-online: split out link_update_name()
  * parse_hwdb: allow negative value for EVDEV_ABS_ properties
  * Merge pull request #25206 from p-fpv/main
  * test-network: add a testcase that all bound interfaces removed
  * network: forcibly reconfigure all interfaces after sleep
  * wait-online: check received interface name
  * wait-online: support alternative names
  * network: update comment
  * test-network: make link_exists() support alternative names
  * test-network: fix use of undeclared variable
  * test-network: resolve interface name from alternative name
  * test-network: explicitly prepare default.link
  * test-network: wait for bound interface to be processed by udevd
  * Merge pull request #25229 from mrc0mmand/extend-coverage
  * core: fix memleak in GetUnitFileLinks method
  * udev: first set properties based on usb subsystem
  * udev: drop redundant call of usb_id and assignment of ID_USB_INTERFACE_NUM
  * udev: add safe guard for setting by-id symlink
  * meson: sort libraries
  * reboot-util: drop redundant headers
  * reboot-util: drop unnecessary cast
  * Merge pull request #25250 from mrc0mmand/coverage
  * resolve: enable per-link mDNS setting by default
  * Merge pull request #25277 from mrc0mmand/also-coverage
  * Merge pull request #25282 from keszybz/trivial-cleanups
  * Merge pull request #25297 from mrc0mmand/aux-test-fixes
  * Merge pull request #25291 from keszybz/util-cleanup
  * test-network: skip test_match if alternative name is not supported by kernel
  * resolve: drop redundant call of socket_ipv6_is_supported()
  * resolve: introduce link_get_llmnr_support() and link_get_mdns_support()
  * resolve: provide effective supporting levels of mDNS and LLMNR
  * resolvectl: warn if the global mDNS or LLMNR support level is lower than the requested one
  * test: create config under /run
  * test: add tests for mDNS and LLMNR settings
  * meson: install systemd-ac-power under /usr/bin
  * Merge pull request #25328 from poettering/vertical-tables
  * find-esp: downgrade and ignore error on retrieving PART_ENTRY_SCHEME when searching
  * find-esp: include device sysname in the log message
  * bootctl: make boot entry id logged in hex
  * bootctl: downgrade log message when firmware reports non-existent or invalid boot entry
  * ac-power: check battery existence and status
  * Merge pull request #25349 from poettering/table-header-rework-only
  * Merge pull request #25355 from poettering/chase-symlinks-no-symlink
  * Merge pull request #25360 from poettering/strv-fixes
  * Merge pull request #25339 from dtardon/vertical-tables
  * Merge pull request #25338 from DaanDeMeyer/at-fixes
  * dissect-image: do not try to close invalid fd
  * Merge pull request #25373 from medhefgo/boot-fixes
  * Merge pull request #25368 from yuwata/bootctl-ignore-invalid-boot-entries
  * systemctl: do not show unit properties with --all
  * network: tc-cake: add support to specify RTT
  * Merge pull request #25389 from fbuihuu/update-test-for-opensuse
  * network: tc-cake: add support to specify ACK filter
  * test-network: add tests for RTT and ACK filter for CAKE
  * Merge pull request #25423 from yuwata/network-tc-cake-rtt-and-ack-filter
  * Merge pull request #25438 from poettering/localhost-ifindex-tweak
  * Merge pull request #25395 from poettering/tpm2-dlsym-assert
  * Merge pull request #25470 from keszybz/strv-extendf-format
  * network: drop unnecessary prototype
  * network: wifi: try to reconfigure when connected
  * Merge pull request #25483 from poettering/ppoll-usec-eintr
  * mount: make acquire_mount_where_for_loop_dev() take sd-device object
  * mount: split umount_by_device() into two
  * mount: use device enumerator to find matching loopback block device
  * Merge pull request #25530 from poettering/resolved-stub-name
  * Merge pull request #25533 from keszybz/meson-fixups
  * sd-netlink: always initialize return variable on success
  * sd-netlink: drop redundant 'else'
  * sd-netlink: check received size in socket_recv_message()
  * sd-netlink: allocate read buffer when necessary
  * sd-netlink: return earlier when received invalid message
  * sd-netlink: fix possible use-after-free
  * sd-netlink: fix segfault
  * sd-netlink: introduce netlink_queue_received_message() and friend
  * sd-netlink: reimplement received message queue
  * sd-netlink: also manage received messages by serial
  * sd-netlink: do not use serials currently queued
  * sd-netlink: split out parse_message_one() from socket_read_message()
  * sd-netlink: do not link non-multipart messages
  * sd-netlink: append instead of prepend multipart message
  * network: fix indentation
  * network: drop invalid and unused flag
  * Merge pull request #25552 from yuwata/network-ndisc-trivial-fixes
  * Merge pull request #25536 from yuwata/sd-netlink-several-fixes
  * Merge pull request #25508 from enr0n/test-various-fixes
  * Merge pull request #25565 from poettering/dissect-optimizations
  * Merge pull request #25561 from poettering/btrfs-quota-opath-fix
  * network: add missing assertion
  * network: address: always update link state when an address is removed
  * network: address: use ASSERT_PTR()
  * mkfs-util: fix memleak
  * sd-netlink: fix assertion triggered by message_get_serial()
  * Merge pull request #25578 from mrc0mmand/test-shutdown-tweaks
  * dissect: use sd-device to find and open loopback block device
  * dissect: support to unmount image without root partition
  * network: unset Link.ndisc_configured only when a new address or route is requested
  * Merge pull request #25591 from poettering/dissect-probe-offset
  * tree-wide: fix typo
  * fuzz-systemctl: limit the size of input
  * bootspec: fix null-dereference-read
  * dissect-image: log expected UUID for /var
  * acl-util: several cleanups
  * escape: fix wrong octescape of bad character
  * test: add basic tests for octescape()
  * boot: cleanups for efivar_get() and friends
  * boot: fix false maybe-uninitialized warning
  * Merge pull request #25559 from intelfx/work/systemd-importd-quotas
  * core/unit: drop doubled empty line
  * core/unit: drop dependency to the unit being merged
  * core/unit: fix logic of dropping self-referencing dependencies
  * core/unit: merge two loops into one
  * test: add test case for sysv-generator and invalid dependency
  * core/unit: merge unit names after merging deps
  * network: drop REMOVING flag when a netlink message is sent to kernel
  * Merge pull request #25628 from zhangjian3032/dev/fix-set-bond-mac-failed
  * fuzz-systemctl: adjust size limit
  * core: use correct scope of looking up units
  * test-network: try to change MAC address more
  * network: manage addresses in the way the kernel does
  * Merge pull request #25666 from poettering/selinux-getconf-fixup
  * Merge pull request #25564 from poettering/dissect-discover
  * Merge pull request #25672 from jelly/FirwmwareName
  * man: mention that DefaultRouteOnDevice= create the IPv4 default route
  * fs-util: make chmod_and_chown_at() work with empty path and AT_FDCWD
  * hexdecoct: several cleanups for base64_append()
  * test: add tests for base64_append()
  * hexdecoct: add missing NULL check
  * hexdecoct: fix NULL pointer dereferences in hexmem()
  * resolve: optimize conversion of TXT fields to json
  * fuzz: shorten filename of testcase
  * resolve: drop recursion in TXT field handling
  * resolve: shorten code a bit
  * resolve: add missing assertion
  * sd-device: fix double-free
  * test: name_assign_type sysattr never exists for enumerated devices
  * string-util: introduce ascii_ishex()
  * sd-id128: several cleanups
  * sd-id128: make id128_read() or friends return -ENOPKG when the file contents is "uninitialized"
  * test: add tests for "uninitialized" string handling by id128_read_fd()
  * man: mention sd_id128_get_machine() or friend may return -ENOPKG
  * sd-id128: make sd_id128_get_boot() and friend return -ENOMEDIUM
  * sd-id128: make sd_id128_get_boot() and friend return -ENOSYS when /proc/ is not mounted
  * man: mention that sd_id128_get_boot() and friend may return -ENOSYS
  * sd-id128: fold do_sync flag into Id128FormatFlag
  * Merge pull request #25713 from keszybz/hwdb-matching
  * resolve: rename etc_hosts_free() -> etc_hosts_clear()
  * resolve: rename EtcHostsItem -> EtcHostsItemByAddress
  * resolve: make etc_hosts_item_by_{address,name}_free() accept NULL
  * resolve: introduce cleanup functions for EtcHostsItemBy{Address,Name}
  * resolve: merge two boolean variables
  * resolve: adjust warning
  * resolve: split manager_etc_hosts_lookup() into small parts
  * in-addr-util: introduce in_addr_data_hash_ops_free and expose its compare and hash functions
  * dns-domain: introduce dns_name_hash_ops_free
  * resolve: use dns_name_hash_ops_free
  * resolve: introduce more hash-ops and use them
  * resolve: dedup entries in /etc/hosts
  * Merge pull request #25658 from yuwata/fuzz-etc-hosts
  * hwdb: drop trailing space
  * hwdb: add comments about matching entries
  * hwdb: also add a generic entry for DualPoint Stick
  * resolve: fix NULL-pointer dereference
  * Merge pull request #25726 from dtardon/cleanups
  * env-file: several cleanups
  * env-file: introduce parse_env_file_fd()
  * localed: avoid TOCTOU in loading config
  * locale-setup: split locale_context_load() into small pieces
  * locale-setup: clear partially loaded context on failure
  * locale-setup: make failure in stat() critical
  * locale-setup: avoid TOCTOU in reading locale.conf
  * NEWS: fix typo
  * timesync: downgrade log message about unsupported address family
  * sd-id128: make sd_id128_get_machine() or friends return -EUCLEAN when an ID is in an invalid format
  * sd-id128: allow sd_id128_get_machine() and friend to be called with NULL
  * sd-id128: also refuse an empty invocation ID
  * man: update documents for sd_id128_get_invocation()
  * Merge pull request #25734 from yuwata/sd-id128
  * stat-util: introduce fd_is_read_only_fs()
  * binfmt-util: split out binfmt_mounted()
  * timesync: ignore IPv6 addresses when the kernel does not support IPv6
  * binfmt-util: also check if binfmt is mounted in read-write
  * binfmt: check if binfmt is mounted before applying rules
  * unit: check more specific path to be written by systemd-binfmt
  * Merge pull request #25693 from yuwata/binfmt
  * Merge pull request #25723 from keszybz/generators-tmp
  * Merge pull request #25732 from enr0n/unit-test-machine-id-initialized
  * Merge pull request #25743 from yuwata/timesync-ipv6
  * mount-util: drop unnecessary inline attributes
  * mount-util: mount flag is unsigned long
  * mountpoint-util: rename mount_propagation_flags_to_string() and friends as singular
  * mountpoint-util: introduce mount_propagation_flag_is_valid()
  * mount-util: make mount_switch_root() take a mount propagation flag
  * Merge pull request #25602 from fbuihuu/fix-TEST-73-LOCALE
  * Merge pull request #25735 from yuwata/switch-root-follow-ups
  * Merge pull request #25224 from poettering/measure-append
  * test: suppress echo in monitor_check_rr()
  * Revert "test: wait for the monitoring service to become active"
  * Merge pull request #24058 from qdeslandes/journald_regex_filtering
  * Merge pull request #25718 from yuwata/locale-cleanups
  * Merge pull request #25756 from yuwata/test-resolve-1
  * test: fix typo
  * core/unit: fix log message
  * test: show and check almost all journal entries since the relevant command being invoked
  * test: systemd-mount --list and systemd-umount requires the device is initialized by udevd
  * Merge pull request #25779 from bluca/journa_remote_vacuum
  * unit: use underbar for module name
  * Merge pull request #25787 from msekletar/rename-process-cap
  * Merge pull request #25786 from keszybz/ebadf
  * fuzz: sort headers
  * tree-wide: introduce PIPE_EBADF macro
  * tree-wide: use -EBADF more
  * rules: add missing line continuation
  * wait-online: exit with success when all interfaces are ready or unmanaged
  * Merge pull request #25829 from poettering/empty-to-null-const-fix
  * test-network: move one test case
  * test-network: split out wait-online related test case
  * test-network: add testcase for no managed interface
  * macro: check existence of cleanup function before call it
  * Merge pull request #25830 from yuwata/wait-online-unmanaged
  * tree-wide: have_effective_cap() may return negative errno
  * Merge pull request #25823 from poettering/dissect-diskseq
  * Merge pull request #25828 from poettering/no-more-basename
  * dissect: use assert() when no side effect
  * dissect: do not trigger assertion on error
  * dissect: reduce indent in mtree_print_item()
  * tmpfile: fix resource leak
  * tmpfile: make failure in path_extract_filename() non-critical
  * bootctl: fix indentation
  * bootctl: 'tmp' is always non-NULL
  * udev: align table
  * sd-device: make device_set_syspath() clear sysname and sysnum
  * sd-device: do not directly access entry in sd-device object
  * udev: move device_rename() from device-private.c
  * test: modernize test-netlink.c
  * udev: restore syspath and properties on failure
  * sd-device: introduce device_get_property_int()
  * core/device: downgrade log level for ignored errors
  * core/device: ignore failed uevents
  * test: add tests for failure in renaming network interface
  * shutdown: propagate the original errno
  * test-netlink: use dummy interface to test assigning new interface name
  * network/l2tp: fix error code in log message
  * network/l2tp: parse address or address type from correct string
  * systemctl: suppress warning about missing /proc/ when --no-warn
  * shell-completion: systemctl: add --no-warn
  * Merge pull request #26047 from yuwata/udev-node-cleanups
  * busctl: fix introspecting DBus properties
  * network: introduce QuickAck= for [DHCPv4] and [IPv6AcceptRA]
  * NEWS: move one entry to the correct section
  * NEWS: mention QuickAck=
  * network: fix memleak
  * sd-dhcp6: always append the default status message generated from status code
  * sd-dhcp-client: gracefully handle invalid ether type client ID
  * Merge pull request #26004 from poettering/cleanuo-erase-moar
  * test-udev: add a brief test for -= operator for SYMLINK
  * test-network: reprocess the loopback network interface
  * sd-id128: introduce id128_hash_ops_free
  * udevadm-trigger: allow to fallback without synthetic UUID only first time
  * udevadm-trigger: settle with synthetic UUID if the kernel support it
  * udevadm-trigger: also check with the original syspath if device is renamed
  * test: use 'udevadm trigger --settle' even if device is renamed
  * test-network: drop unused file
  * network: do not enter failed state when received an invalid RA
  * network: assume prefix length is full address size
  * in-addr-util: drop unused mode to parse prefix length
  * NEWS: mention that Address= assumes /32 or /128 prefix length if not specified
  * test-ndisc: fix memleak and fd leak
  * test-unit-name: fix fd leak
  * tree-wide: fix typo
  * test-load-fragment: fix memleak
  * test-load-fragment: shorten code a bit
  * systemctl,test: -EBADF instead of -EBADFD
  * locale: several coding style fixlets
  * locale: do not use alloca() for strings which can be potentially arbitrary
  * locale: rename context_free_vconsole() -> context_clear_vconsole()
  * locale: split out XKB settings to X11Context
  * locale: merge vconsole_convert_to_x11_and_emit() with method_set_vc_keyboard()
  * locale: make errors in writing files not critical
  * locale: also save XKB settings to vconsole.conf
  * bootctl-uki: several coding style fixlets
  * bootctl-uki: several follow-ups for inspect_osrel()
  * bootctl-status: several follow-ups for unlink command
  * sleep: rename hibernate_delay_sec -> _usec
  * sleep: fetch_batteries_capacity_by_name() does not return -ENOENT
  * sleep: drop unnecessary temporal vaiable and initialization
  * sleep: introduce SuspendEstimationSec=
  * sleep: coding style fixlets
  * sleep: simplify code a bit
  * sleep: introduce siphash24_compress_id128()
  * sleep: fix indentation
  * sleep: enumerate only existing and non-device batteries
  * locale: add missing logs
  * locale: introduce VCContext and several helper functions for the struct
  * locale: make vconsole_convert_to_x11() not update Context
  * locale: replace context_get_x11_context() with context_get_x11_context_safe()
  * locale: always check input keyboard layout and friends earlier
  * locale: sync two X11 contexts on update
  * locale: also check if converted keymap or friends is same as the current settings
  * locale: decouple vconsole_read_data() from x11_read_data()
  * locale: move logging from library-like functions to caller
  * locale: downgrade level of one more log message
  * test: add tests for localectl --no-convert
  * sd-dhcp-server: allow to send header only message
  * Merge pull request #23956 from mrc0mmand/resolved-ipv6
  * network: dhcp-server: do not create DHCPServer object when the DHCP server is running in relaying mode
  * test: make helper_check_device_units() log unit name
  * test: add a testcase for lvextend
  * locale: fix ENOENT handling for vconsole.conf or xorg.conf
  * locale: drop context_clear_x11()
  * udev: make get_virtfn_info() provide physical PCI device
  * test-time-util: skip test for TIMESTAMP_DATE if the timestamp is too old
  * NEWS: fix typo
  * NEWS: fix typo
  * test: use notice log level to make easily filter out logs from PID1
  * argv-util: also update program_invocation_short_name
  * Merge pull request #26320 from keszybz/operator-whitespace
  * Merge pull request #26321 from keszybz/flex-arrays
  * Merge pull request #26322 from keszybz/log-errno-fix
  * Merge pull request #26324 from yuwata/argv-util-update-short-name
  * udevd: configure a child process name for worker processes
  * tree-wide: set FORK_RLIMIT_NOFILE_SAFE flag
  * nss-myhostname: fix inverted condition in
  * nss-myhostname: do not return empty result with NSS_STATUS_SUCCESS
  * cryptenroll: drop deadcode
  * Merge pull request #26400 from ml-/fix-directory-and-typos
  * tree-wide: fix typo and comment style update
  * core/execute: fix comment
  * test-execute: drop capabilities when testing with user manager
  * test-execute: add basic tests for LoadCredential= and SetCredential=
  * sysusers: also add root group
  * test-sysusers: add test for basic.conf
  * NEWS: mention that the default mDNS mode is now "yes"
  * Merge pull request #26424 from ldv-alt/fix-typos
  * ukify: fix padding length
  * core/mount: fix default target for /sysusr/usr and its child
  * Merge pull request #26271 from d-hatayama/fix_sulogin_shell
  * fd-util: introduce a simple helper to check a file descriptor has O_PATH
  * xattr-util: check if fd has O_PATH and do not try setxattr() twice
  * journalctl: use DEFINE_MAIN_FUNCTION() macro
  * journalctl: fix fd leak
  * activate: use DEFINE_MAIN_FUNC() macro
  * activate: fix typo
  * activate: use log_set_open_when_needed()
  * activate: use _cleanup_close_ attribute
  * test: use mkdtemp_open()
  * test: add tests for xsetxattr()
  * cryptsetup: check the existence of salt by salt_size > 0
  * test-execute: also mount tmpfs on /dev/shm
  * hashmap: fix build with valgrind
  * loop-util: fix error condition and return value
  * process-util: show requested process name in the log
  * exec-util: propagate error in wait_for_terminate_and_check()
  * exec-util: use TAKE_FD()
  * udev-node: drop unnecessary initialization
  * udev-node: make stack_directory_read_one() accept NULL for devnode
  * Merge pull request #26499 from mrc0mmand/assorted-tweaks
  * Merge pull request #26506 from keszybz/tiny-cleanups
  * process-util: rename FORK_NULL_STDIO -> FORK_REARRANGE_STDIO
  * tree-wide: use FORK_REARRANGE_STDIO and FORK_CLOSE_ALL_FDS
  * core/manager: falling back to execute generators without sandboxing
  * Merge pull request #26527 from mrc0mmand/more-tests
  * Merge pull request #26491 from dtardon/list-paths
  * Merge pull request #26529 from medhefgo/boot-misc
  * Merge pull request #26203 from medhefgo/meson
  * tree-wide: fix typo
  * test: add another stress test for devlink creation
  * Merge pull request #26528 from keszybz/valgrind-simplification
  * systemctl: show "Until:" field only for service and scope units
  * sd-event: always initialize sd_event.perturb
  * Merge pull request #26542 from medhefgo/boot-device-path
  * Merge pull request #26557 from poettering/more-cap-utils
  * sd-event: fix use of uninitialized variable
  * sd-event: fix error handling
  * Merge pull request #26555 from poettering/cleanup-array
  * core/namespace: drop unused field in NamespaceInfo
  * core/execute: introduce exec_needs_network_namespace() helper function
  * core/execute: introduce exec_needs_ipc_namespace() helper function
  * bus-util: introduce bus_property_get_tristate()
  * core/dbus-util: introduce bus_set_transient_tristate()
  * core/execute: make PrivateMounts= tristate
  * mount-util: introduce remount_sysfs()
  * core/namespace: rename SYSFS -> BIND_SYSFS
  * core/namespace: introduce a new namespace mount mode PRIVATE_SYSFS
  * core/namespace: mount new sysfs when new network namespace is requested
  * test-execute: add test for PrivateNetwork= with/without mount namespacing
  * io-util: introduce IOVEC_NULL
  * io-util: drop double evaluation in IOVEC_INIT_STRING()
  * sd-journal: fix memleak and freeing invalid pointers
  * systemctl-list-units: fix memleak on error
  * systemctl-list-units: drop unused return value
  * sd-event: fix error handling
  * systemctl: cleanups for list-sockets
  * systemctl: cleanups for list-timers
  * systemctl: cleanups for list-automounts
  * systemctl: cleanups for list-paths
  * core/dbus-socket: check the socket path is absolute
  * Merge pull request #26560 from yuwata/journal-send-fix-memleak-and-cleanups
  * Merge pull request #26535 from yuwata/systemctl-list-cleanups
  * systemctl: use bus_message_hash_ops
  * man,catalog: fix typo
  * time-util: drop unused definition of FORMAT_TIMESTAMP_WIDTH
  * time-util: drop redundant space
  * time-util: use DEFINE_STRING_TABLE_LOOKUP_TO_STRING() macro
  * time-util: align string table
  * time-util: rename variables
  * time-util: add assertions
  * time-util: drop redundant else
  * time-util: do not use strdupa()
  * time-util: use result from startswith_no_case()
  * time-util: use usec_add() and usec_sub_unsigned()
  * time-util: shorten code a bit
  * time-util: rename variables
  * time-util: drop unnecessary assignment of timezone name
  * time-util: make parse_timestamp() use the RFC-822/ISO 8601 standard timezone spec
  * test: add tests for format_timestamp() and parse_timestamp() with various timezone
  * Merge pull request #26574 from YHNdnzj/sd-login-new-interface
  * Merge pull request #26578 from thkukuk/main
  * meson: add missing man rules for new sd-login functions
  * test: use get_timezones() to iterate all known timezones
  * test: clear tzname[] after timezone is changed
  * test: generate debugging logs for udevd after restart
  * tools: fix the file name that "meson setup" generates
  * meson: rename conflicting target names
  * tools: explicitly specify "setup" subcommand
  * meson: show options about tests in the summary
  * test: test parse_timestamp() in various timezone
  * meson: extend timeout for test-time-util
  * time-util: fix typo
  * time-util: rename len -> tz_offset
  * time-util: extend comment a bit
  * time-util: refuse non-zero gmtoff with non-UTC timezone
  * mkdir: fix error code on failure
  * test: add tests for error code propagation from mkdir_xyz()
  * man: fix doubled word
  * test: trigger new events after all currently queued events are processed
  * test-execute: simplify the tests for PrivateNetwork=
  * test-execute: add test for NetworkNamespacePath=
  * Merge pull request #26653 from poettering/tmpfile-linkable-replace
  * man: sync the default .link file in example
  * man: add an example to (re-)apply new settings to a network interface
  * Merge pull request #26668 from yuwata/man-link-rename
  * Revert "hwdb: fix swapped buttons for Logitech Lift left"
  * man: mention systemd-fsck-usr.service
  * man: mention systemd-growfs-root.service
  * sd-journal: wrap long line
  * tree-wide: replace IOVEC_INIT with IOVEC_MAKE
  * test: add header build tests for newer C and C++ standards
  * Merge pull request #26650 from yuwata/udev-trigger
  * time-util: drop redundant call of tzset()
  * Merge pull request #26669 from YHNdnzj/journalctl-lines-since-until
  * macro: introduce FOREACH_ARRAY() macro
  * systemctl: port FOREACH_ARRAY() to systemctl-list-units.c
  * conf-files: fix potential memleak in conf_files_list_strv_internal() on failure
  * Merge pull request #26713 from keszybz/man-getenv
  * Merge pull request #26698 from ldv-alt/udevadm-verify
  * macro: support the case that the number of elements has const qualifier
  * core: add missing MemoryPressureWatch= and MemoryPressureThresholdSec= setting
  * system.conf: add default for memory pressure settings
  * generator: fix comment
  * Merge pull request #26752 from Foxboron/morten/fix-manpage
  * Merge pull request #26739 from ldv-alt/udevadm-verify
  * Merge pull request #26303 from YHNdnzj/edit-util
  * Merge pull request #26641 from medhefgo/boot-elf2efi
  * systemctl-edit: shorten code a bit
  * systemctl-edit: invert one error check
  * edit-util: make EditFile take reference of EditFileContext
  * edit-util: make create_edit_temp_file() take EditFile as the argument
  * edit-util: fix potentical crash when no edit markers
  * edit-util: unlink temporary file on failure
  * sd-boot: fix incompatible type
  * Merge pull request #26776 from YHNdnzj/edit-util-more-cleanup
  * Merge pull request #26775 from DaanDeMeyer/ext-default
  * time-util: make USEC_TIMESTAMP_FORMATTABLE_MAX for 32bit system off by one day
  * test: add more testcases for formatting/parsing timestamp
  * time-util: add note about on DST change
  * test-time-util: do not fail on DST change
  * systemctl: refuse to acquire dbus connection with --global
  * udev-rule: rework logging about udev rules
  * udev-rules: introduce log_event_truncated() helper function
  * udev-rules: do not set 'issues' tag when applying rules to event device
  * udev-rules: modernize free functions
  * udev-rules: inline rule_line_append_token()
  * udevadm: enable colorized logging
  * udevadm-verify: fix indentation of help message
  * Merge pull request #26781 from mrc0mmand/tests-again
  * Merge pull request #26749 from DaanDeMeyer/more-cleanups
  * man: add missing tags in udevadm(8)
  * Merge pull request #26767 from yuwata/udev-rule-rework-logging
  * udev: mention that the kernel silently truncates lo_file_name if too long
  * test-50-dissect: add test for long reference name
  * Merge pull request #26831 from YHNdnzj/edit-util-followup
  * Merge pull request #26771 from YHNdnzj/machinectl-edit
  * github: update default and example in template
  * sd-journal: fix segfault
  * udevadm-verify: add a short summary
  * test: reindent testsuite-17.11.sh
  * test: add tests for summary output of udevadm verify
  * Merge pull request #26803 from yuwata/udevadm-verify-summary
  * test: add a testcase that dir_fd_is_root() is not confused by bind mount
  * exec-util: tighten variable scope a bit
  * exec-util: drop meaningless casts
  * exec-util: enumerate executables earlier
  * exec-util: extract the core logic of execute_directories() as execute_strv()
  * exec-util: introduce EXEC_DIR_SKIP_REMAINING flag
  * os-util: add missing headers
  * bootctl: move verb_kernel_identity()
  * bootctl: return 0 instead of EXIT_SUCCESS
  * bootctl: find matching section in read_pe_section()
  * bootctl: introduce uki_read_pretty_name()
  * bootctl: introduce inspect_kernel()
  * uki-util: move functions for inspecting kernel to uki-util.[ch]
  * Revert "kernel-install: also try to find $BOOT by partition GUID"
  * kernel-install: check all entry candidates first, then check existence of $pref/loader/entries only once
  * core/transaction: make merge_unit_ids() always return NUL-terminated string
  * core/transaction: make merge_unit_ids() return non-NULL on success
  * core/transaction: do not log "(null)"
  * Merge pull request #26855 from DaanDeMeyer/repart-fixes
  * Merge pull request #26861 from yuwata/exec-util
  * Merge pull request #26862 from yuwata/uki-util
  * Merge pull request #26759 from medhefgo/boot-stack-protector
  * fuzz-journal-remote: remove temporary files on exit
  * fuzz-journal-remote: fix potential fd-leak
  * man: explicitly list three command syntax at the beginning
  * tmpfiles: show file type in octal, instead of hex
  * test-systemd-tmpfiles.py: use test_content() at one more place
  * test-systemd-tmpfiles.py: create global temporary directory
  * Merge pull request #26879 from mrc0mmand/cocci
  * Merge pull request #26880 from yuwata/test-tmpfiles
  * Merge pull request #26884 from YHNdnzj/tmpfiles-unit-name-update
  * loop-util: add more debugging logs in loop_configure()
  * Merge pull request #26886 from ldv-alt/udevadm-verify
  * bootctl: fix wrong type comparison
  * strv: introduce strv_print_full()
  * Merge pull request #26875 from yuwata/core-transaction
  * uki-util: update log messages
  * uki-util: rename uki -> f
  * uki-util: rename KernelType -> KernelImageType
  * util: rename uki-util.[ch] -> kernel-image.[ch]
  * Merge pull request #26893 from yuwata/uki-util-update-log
  * Merge pull request #26928 from jamacku/update-shellcheck
  * coredump: use unaligned_read_ne{32,64}() to parse auxv
  * vconsole: introduce Context and its helper functions
  * vconsole: introduce context_get_config() helper function
  * core/main: fix maximum number of arguments for shutdown command
  * core/main: make positional arguments followed by '=', then by value
  * proc-cmdline: insert an empty line between variable declaration and assertion
  * proc-cmdline: rename variable
  * proc-cmdline: use proc_cmdline_key_string() when we search for key
  * proc-cmdline: make proc_cmdline_parse_given() static
  * test-proc-cmdline: test proc_cmdline_get_key() actually parses EFI options
  * nulstr-util: introduce strv_parse_nulstr_full() that optionally drop trailing empty strings
  * test: add tests from strv_parse_nulstr_full()
  * process-util: drop trailing NUls before parsing the nulstr
  * rm-rf: fix errno handling
  * rm-rf: mask file mode with 07777 when passed to chmod()
  * rm-rf: also chmod() directory if it cannot be opened
  * test: add more testcases for rm_rf()
  * bootctl: enable colored logging
  * Merge pull request #26977 from poettering/find-line-startswith
  * Merge pull request #26960 from poettering/syscall-catchup
  * locale: move x11_convert_to_vconsole() near the relevant functions
  * locale: split out checking existence of keymap
  * locale: split out xkbcommon related functions to xkbcommon-util.c
  * locale: introduce x11_context_verify()
  * locale: also verify keymaps loaded from config file and converted keymaps
  * test: add test for invalid keymap setting
  * Merge pull request #26983 from mrc0mmand/coredump-test-followup
  * Merge pull request #26973 from mrc0mmand/userdbctl-tests
  * hwdb: drop redundant entry
  * bootctl: split-out entry token related definitions into boot-entry.[ch]
  * sd-id128: make id128_read() optionally take root directory
  * journal-remote: make writer_new() return negative errno on failure
  * journal-remote: add missing log message for failure in journal_remote_get_writer()
  * journal-remote: make specified output file absolute
  * env-util: introduce strv_env_assign_many()
  * Merge pull request #26980 from ldv-alt/udevadm-verify
  * Merge pull request #26993 from mrc0mmand/TEST-46-tweaks
  * Merge pull request #27022 from yuwata/journal-remote-fix-relative-output-journal-file
  * Merge pull request #27013 from fbuihuu/test-fixlets
  * process-util: introduce get_process_cmdline_strv()
  * Merge pull request #27040 from keszybz/empty-path-skip-cleanup
  * proc-cmdline: split commandline earlier in proc_cmdline_parse() and friend
  * proc-cmdline: introduce proc_cmdline_strv()
  * condition: use proc_cmdline_strv()
  * tree-wide: reset optind to 0 when GNU extensions in optstring are used
  * proc-cmdline: filter PID1 arguments when we are running in a container
  * Merge pull request #27046 from bluca/shellcheck
  * test: add tests for fd_get_path()
  * fd-util: make fd_get_path() support AT_FDCWD
  * test: rename test-chase -> test-chase-manual
  * test: split-out tests for chase() and friends to test-chase.c
  * chase: fix comment
  * chase: fix indentation
  * man: drop trailing space and mention uki_generator at one more place
  * test-kernel-install: several cleanups
  * chase: drop CHASE_AT_RESOLVE_IN_ROOT when AT_FDCWD or root dir fd is specified
  * chase: add CHASE_AT_RESOLVE_IN_ROOT only when it is necessary
  * rm-rf: also chmod() directory if it cannot be opened
  * Revert "Revert "test: add more testcases for rm_rf()""
  * Merge pull request #27067 from DaanDeMeyer/find-esp-at
  * Revert "sd-id128: make id128_read() optionally take root directory"
  * sd-id128: rename argument and add missing assertion
  * sd-id128: rename Id128FormatFlag -> Id128Flag
  * sd-id128: introduce id128_read_at()
  * sd-id128: introduce id128_write_at()
  * test: add tests for id128_{read,write}_at()
  * chase: fix error handling
  * journald: fix log message
  * sd-journal: cache results of parsing environment variables
  * compress: introduce compression_supported() helper function
  * sd-journal: always use the compression algorithm specified in the header
  * sd-journal: allow to specify compression algorithm through env
  * sd-id128: introduce ID128_REFUSE_NULL flag
  * test: add tests for ID128_REFUSE_NULL
  * fd-util: introduce dir_fd_is_root_or_cwd()
  * sd-id128: introduce id128_get_machine() and id128_get_machine_at()
  * test: add tests for id128_get_machine() and _at()
  * repart: use id128_get_machine()
  * nspawn: ignore NULL machine ID in the container
  * specifier: always convert missing machine-id file to EUNATCH
  * discover-image: use id128_get_machine() at one more place
  * machine-id-setup: use id128_get_machine() at one more place
  * machine-id-setup: do not read host's machine ID when root directory is specified
  * man: mention -o option for systemd-journal-remote
  * Merge pull request #27137 from yuwata/id128-get-machine
  * test: add tests for dir_fd_is_root_or_cwd()
  * test: add test case that journal file is created with the requested compression algorithm
  * Merge pull request #27158 from mrc0mmand/more-tests
  * udev-rules: add missing paren
  * udev-rules: add/update comments
  * udev-rules: rename variable "filename" -> "path"
  * udev-rules: replace ingrowing word extractor with extract_first_word()
  * sd-device,udev: refuse invalid devlink and store in normalized form
  * test: handle one more error gracefully
  * sd-device,udev: tag must be a valid filename
  * sd-device: manage cached sysattr values with path_hash_ops
  * rules: drop doubled space
  * conf-files: drop redundant call of chase()
  * path-util: introduce path_compare_filename()
  * conf-files: use path_compare_filename()
  * conf-files: split out logic of copy and sort filenames from hashmap
  * conf-files: introduce _at() variants of conf_files_list() or friends
  * test: add tests for conf_files_list_at() and friends
  * test-64: add tests for compat devlinks for NVMe drive
  * Merge pull request #27174 from YHNdnzj/edit-util-fixlets
  * Merge pull request #27160 from yuwata/conf_files_list_at
  * fileio: use take_fdopen() and friends
  * fileio: introduce xfopenat_full()
  * fileio: introduce read_one_line_file_at()
  * kernel-image: make inspect_kernel() optionally take directory fd
  * analyze: make blame command work even the default target not reached
  * test: systemd-analyze blame should succeed now
  * test: add another regression test
  * chase: drop unnecessary conditions for buffer
  * chase: make struct stat always sync with the opened fd
  * chase: drop one redundant call of fstat()
  * chase: extend comment about CHASE_PARENT
  * path-util: make iterator for path_find_last_component() always finish with the beginning of the buffer
  * test: add tests about iterator position for path_find_{first,last}_component()
  * chase: use stat_inode_same() at one more place
  * chase: use dir_fd_is_root() to check if fd points to the root directory
  * fd-util: slightly optimize dir_fd_is_root()
  * copy: make copy_bytes() support O_PATH fds
  * portable: always reopen fd of release file
  * os-util: move declaration of string table lookup for image class
  * os-util: use _IMAGE_CLASS_INVALID
  * os-util: drop redundant declaration of load_os_release_pairs()
  * device-nodes: rename argument
  * udev/scsi_id: rename positional arguments
  * test: update description
  * path-util: introduce path_prefix_root_cwd()
  * find-esp: use path_prefix_root_cwd()
  * env-file: introduce parse_env_file_fdv()
  * Merge pull request #27202 from yuwata/os-release-tiny-cleanups
  * Merge pull request #27199 from yuwata/find-esp
  * Merge pull request #27201 from yuwata/o-path-support
  * Merge pull request #27207 from masatake/busctl--help-msg
  * chase: drop redundant call of delete_trailing_chars()
  * compress: replace compress_blob() with compress_blob_explicit()
  * os-util: drop fopen_extension_release()
  * os-util: make open_extension_release() return O_PATH fd
  * os-util: fix fd leak on failure
  * os-util: split-out open_os_release() from open_extension_release()
  * os-util: return earlier when extension release file is found
  * os-util: return earlier when unsupported image class is specified
  * os-util: do not use 'r' for storing loop status
  * os-util: log one more error cause
  * os-util: shorten temporal variable names
  * os-util: invert order of arguments in extension release parser
  * os-util: merge parse_{extension,os}_release()
  * os-util: make $SYSTEMD_OS_RELEASE prefixed with the root directory
  * os-util: introduce several _at() variants of os-release parsers
  * hwdb: fix ambiguous glob pattern for Lenovo machines
  * boot-entry: prioritize machine ID only when it is not randomly generated
  * sd-device: absolute devlink must start with /dev/
  * udev-test: add more testcases for SYMLINK
  * boot-entry: use chase_and_fopen_unlocked() to open /etc/kernel/entry-token
  * Merge pull request #27033 from dtardon/array-cleanup
  * Merge pull request #27223 from dtardon/install-changes
  * boot-entry: introduce boot_entry_token_ensure_at()
  * Merge pull request #27217 from yuwata/boot-entry-at
  * repart: always take BSD lock when whole block device is opened
  * image-policy: introduce parse_image_policy_argument() helper
  * test: add several assertions
  * Merge pull request #27254 from poettering/cmsg-align-check
  * timesync: drop unnecessary initialization
  * socket-util: add one missing paren
  * tree-wide: replace __alignof__() with alignof()
  * chase: use FLAGS_SET() macro
  * chase: CHASE_MKDIR_0755 requires CHASE_NONEXISTENT and/or CHASE_PARENT
  * socket-util: introduce CMSG_FIND_AND_COPY_DATA()
  * tree-wide: copy timestamp data from cmsg
  * sd-dhcp-server: use CMSG_FIND_DATA() at one more place
  * tree-wide: also use CMSG_TYPED_DATA() on writing message header
  * Merge pull request #27253 from yuwata/cmsg-find-and-copy-data
  * Merge pull request #27283 from mrc0mmand/assorted-test-tweaks
  * exec-util: make execute_strv() optionally take root directory
  * process-util: make safe_fork() unset $NOTIFY_SOCKET
  * gpt-auto: do not fail when no suitable partitions found
  * chase: make chaseat() provides absolute path also when dir_fd points to the root directory
  * chase: make the result absolute when a symlink is absolute
  * chase: update outdated comment about result path
  * chase: drop repeated call of empty_to_root()
  * chase: prefix with the root directory only when it is not "/"
  * mountpoint-util: check /proc is mounted on failure
  * fd-util: skip to check mount ID if kernel is too old and /proc is not mounted
  * chase: replace path_prefix_root_cwd() with chaseat_prefix_root()
  * test: add regression tests for find_esp() and friend
  * core: add one missing assertion for release_resource_queue
  * hwdb: disable entry for Logitech USB receiver used by G502 X
  * list: fix double evaluation
  * core/device: rewrite how device unit is removed from Manager.devices_by_sysfs
  * Merge pull request #27380 from poettering/bpf-meson-tweaks
  * Merge pull request #27409 from mrc0mmand/more-tests
  * udev-rules: fix negative match rule for SYMLINK and TAG
  * test: add test case of negative match for SYMLINK and TAG
  * udev/iocost: set default target in parse_config()
  * udev/iocost: arg_target_solution is always non-NULL
  * udev/iocost: drop unnecessary initializations
  * udev/iocost: merge get_known_solutions() and choose_solution()
  * udev: use version()
  * udev/iocost: call get_known_solutions() in apply_solution_for_path()
  * udev/iocost: query_named_solution() provides non-NULL model and qos on success
  * udev/iocost: fix log message
  * udev/iocost: use ID_MODEL_FROM_DATABASE if exists
  * udev/iocost: invert DEVTYPE match
  * sd-journal: tighten variable scope
  * sd-journal: copy boot ID
  * sd-journal: make journal_file_copy_entry() return earlier
  * core/transaction: use hashmap_remove_value() to make not remove job with same ID
  * core/job: add one more assertion
  * core/job: fix indentation
  * core/job: handle job ID overflow or conflict more sanely
  * core/job: use new job ID when we failed to deserialize job ID
  * core/service: make service_add_fd_store() always consume provided fd
  * Merge pull request #27413 from yuwata/core-job-cleanups
  * copy: rename reflink_full() -> reflink_range()
  * missing_fs: mention commit hash and version of ioctl commands introduced
  * Merge pull request #27424 from dtardon/auto-cleanup
  * network-generator: shorten code a bit
  * core/path: align table
  * core/path: do not enqueue new job in .trigger_notify callback
  * test: create temporary units under /run
  * test: add tests for "systemctl stop" vs triggering by path unit
  * missing_fs: also define struct file_clone_range
  * libsystemd: drop _public_ attribute for non-exported functions
  * libsystemd: add missing _public_ attributes
  * Merge pull request #27461 from bluca/coredumpctl_completion
  * sd-journal: fix use-after-free
  * sd-journal: unset prioq index on failure
  * sd-journal: check that the journal file is not stored in .newest_by_boot_id on free
  * sd-journal: align table
  * sd-journal: add _OBJECT_TYPE_INVALID as usual
  * sd-journal: check validity of object type more strictly
  * sd-journal: read entry array object again
  * sd-journal: tighten variable scope
  * test: also test all _public_ functions are listed in .sym files
  * sd-journal: introduce simple loop detection for entry array objects
  * Merge pull request #27458 from mrc0mmand/test-corrupted-journals
  * test-network: add workaround for bug in iproute2 v6.2.0
  * Merge pull request #27455 from yuwata/test-lib-sym
  * test: replace sleep with timeout
  * Merge pull request #27493 from poettering/generate-sym-test-tweaks
  * sd-journal: check .next_entry_array_offset earlier
  * Revert "sd-journal: introduce simple loop detection for entry array objects"
  * Merge pull request #27499 from yuwata/sd-journal-fix-loop
  * Merge pull request #27504 from mrc0mmand/fuzz-manager-serialize
  * core: fix use of uninitialized value
  * hwdb: do not include '#' in modalias
  * sd-journal: fix comment
  * sd-journal: rebreak comments
  * sd-journal: drop unnecessary initialization
  * sd-journal: re-read entry array object
  * sd-journal: split out generic_array_bisect_one() from generic_array_bisect()
  * parse-util: make parse_fd() return -EBADF
  * core/unit: check the validity of unit type with activation_details_vtable
  * nulstr-util: make ret_size in strv_make_nulstr() optional
  * sd-dhcp-client: drop redundant condition
  * sd-dhcp-client: make return arguments for sd_dhcp_client_get_client_id() optional
  * sd-dhcp-client: do not use implicit cast to boolean
  * core/service: fix error cause in the log
  * Merge pull request #27578 from yuwata/sd-dhcp-client-client-id-len
  * Merge pull request #27579 from YHNdnzj/refuse-dbus-activation
  * units: add/fix Documentation= about bus interface
  * bus-util: drop unnecessary continue
  * memory-util: make ArrayCleanup passed to array_cleanup() const
  * static-destruct: several cleanups
  * static-destruct: introduce STATIC_ARRAY_DESTRUCTOR_REGISTER()
  * Merge pull request #27534 from keszybz/deperlify
  * sd-dhcp-client: client ID always has non-zero data
  * Merge pull request #27597 from mrc0mmand/more-test-shenanigans
  * tree-wide: drop _pure_ attribute from non-pure functions
  * core: several cleanups for job_get_timeout()
  * core: drop unused argument
  * core: replace hashmap_get() with hashmap_contains() where appropriate
  * udev: do not set ID_PATH and by-path symlink for nvmf disks
  * Merge pull request #27603 from mrc0mmand/more-test-shenanigans
  * Merge pull request #27596 from yuwata/drop-pure
  * Revert "core/mount: replace invalid UTF-8 code points in "what" and "options""
  * core/mount: escape invalid UTF8 char in dbus reply
  * Merge pull request #27611 from yuwata/core-mount-escape-utf8
  * test-network: add tests for static lease matching with chaddr
  * Merge pull request #27618 from DaanDeMeyer/fstab-generator
  * sd-dhcp-server: also send DNS servers or friends on DHCPOFFER
  * meson: fix description for link-udev-shared option
  * udev: use SYNTHETIC_ERRNO() at one more place
  * udev: make udev_builtin_run() take UdevEvent*
  * udev/net: verify ID_NET_XYZ before trying to assign it as an alternative name
  * udev/net: generate new network interface name only on add uevent
  * sd-netlink: make rtnl_set_link_name() optionally append alternative names
  * udev/net: assign alternative names only on add uevent
  * test: add tests for renaming network interface
  * missing: add more F_SEAL_XYZ flags
  * memfd-util: memfd may also have F_SEAL_EXEC flag
  * memfd-util: set F_SEAL_EXEC flag if supported
  * test: add basic test for memfd_set_sealed() and memfd_get_sealed()
  * Merge pull request #27655 from yuwata/udev-net-assign-alternative-names-only-on-add-event
  * Merge pull request #27606 from YHNdnzj/loginctl-list-show-state
  * Merge pull request #27664 from mrc0mmand/test-merge
  * Merge pull request #27677 from mrc0mmand/test-followups
  * README: drop busybox requirement
  * Merge pull request #27673 from YHNdnzj/restartsteps-transient
  * Merge pull request #27684 from mrc0mmand/more-nspawn-tests
  * Merge pull request #27685 from keszybz/the-semiannual-excercise-in-output-narrowing
  * Merge pull request #27686 from keszybz/make-boot-output-nicer
  * unit: add conditions and deps to make oomd.socket and .service consistent
  * core/device: downgrade error when units specified in SYSTEMD_WANTS= not found
  * Merge pull request #27701 from poettering/switch-root-same-file
  * Merge pull request #27676 from ldv-alt/udevadm-verify
  * test: replace Makefile for several tests with symlink to the one for TEST-01-BASIC
  * Merge pull request #27707 from mrc0mmand/tests
  * cryptenroll: drop unmet condition
  * cryptenroll: update log messages
  * udev: check existence of property before use
  * udev-builtin-path_id: split out add_id_tag()
  * udev: add USB revision in ID_PATH
  * Merge pull request #27157 from YHNdnzj/networkctl-edit
  * test-journal-interleaving: extend tests to clarify the issue in sd_journal_next() or friends
  * sd-journal: save correct location specifier
  * test: install test specific modules in test_append_files()
  * network/wireguard: make AllowedIPs= cleared by specifying an empty string
  * man: AllowedIPs= can be specified multiple times
  * Merge pull request #27726 from yuwata/network-wireguard-doc
  * wait-online: downgrade log level of failure that interface is removed or unmanaged during processing it
  * Merge pull request #27733 from mrc0mmand/more-test-followups
  * sd-bus: refuse to send messages with an invalid string
  * Merge pull request #27754 from poettering/cloexec-fdset-madness
  * Merge pull request #27755 from keszybz/fix-root-resize-new
  * test-fstab-generator: also check file contents
  * test-fstab-generator: add tests for mount options
  * fstab-generator: split out several functions from parse_fstab()
  * fstab-generator: call add_swap() earlier
  * fstab-generator: refuse to add swap earlier if disabled
  * fstab-generator: refuse invalid mount point path in fstab earlier
  * fstab-generator: fix error code propagation in run_generator()
  * fstab-generator: support defining mount units through kernel command line
  * test: add test cases for defining mount and swap units from kernel cmdline
  * core/slice: shorten code a bit
  * network/vlan: drop unnecessary restriction for QoS mapping
  * network/vlan: paranoia about type safety
  * test-network: add tests for vlan QoS mapping
  * test: rotate journal before storing coredumps
  * Merge pull request #27757 from dtardon/bus-locator
  * Merge pull request #27740 from dtardon/list-sessions-idle
  * update-utmp: use verbs
  * update-utmp: rebreak comments
  * update-utmp: modernize get_startup_monotonic_time()
  * update-utmp: swap q <-> r
  * update-utmp: downgrade log level of ignored failure
  * update-utmp: update log message
  * update-utmp: reconnect after sleep when PID1 is reexecuting
  * test: drop a workaround
  * test: add test case for systemd-update-utmp vs daemon-reexec
  * Merge pull request #27774 from dtardon/free-cleanup
  * Merge pull request #27773 from dtardon/timestamp-cleanup
  * Merge pull request #27173 from yuwata/update-utmp
  * Merge pull request #27723 from YHNdnzj/service-restart-cleanup
  * Merge pull request #27769 from YHNdnzj/loginctl-followup
  * Merge pull request #27770 from mrc0mmand/more-nallocfuzz-shenanigans
  * test: add tests for JoinsNamespaceOf=
  * core/unit: drop doubled empty line
  * core/unit: make JoinsNamespaceOf= implies the inverse dependency
  * core/unit: search shared namespace in transitive relation of JoinsNamespaceOf=
  * core/unit: update bidirectional dependency simultaneously
  * udev: introduce .PART_SUFFIX internal property
  * Merge pull request #27803 from mrc0mmand/even-more-nalloc-shenanigans
  * Merge pull request #27786 from YHNdnzj/format-timestamp-monotonic
  * logs-show: introduce add_match_boot_id() helper function
  * journalctl: split get_boots() into three
  * Merge pull request #27721 from yuwata/journalctl-cleanup
  * journalctl: always initialize global variables
  * journalctl: use correct variable to check if --since is specified
  * journalctl: fix --no-tail handling
  * journalctl: split out action_list_fields()
  * journalctl: split out update_cursor()
  * journalctl: split out show()
  * journalctl: replace ppoll() loop with sd_event_loop()
  * journalctl: also update cursor with --follow
  * test: add testcase for 'journalctl --follow --cursor-file='
  * sd-journal: introduce sd_journal_step_one()
  * journalctl: fix --follow with non-matching filter
  * basic/syscall: update syscall list
  * network: rewrite dynamic addressing protocol checkers in link_check_ready()
  * network: require DHCP protocol to be finished when an address of delegated prefix is assigned
  * network: do not request dynamic addressing protocols finished when at least one static address is configured
  * wait-online: request that at least one managed online interface exists
  * Merge pull request #27826 from yuwata/network-link-ready-without-ndisc-when-has-static-address
  * core/cgroup: fix setting SocketBindAllow=/SocketBindDeny= through DBus
  * oomd: drop unused key
  * tree-wide: use _cleanup_set_free_ and friends
  * sd-bus: rename introspect_free() -> introspect_done
  * elf-util: rename stack_context_destroy() -> stack_context_done()
  * calendarspec: rename arguments
  * util: introduce memstream-util
  * tree-wide: use memstream-util
  * Merge pull request #27796 from yuwata/memstream-util
  * Merge pull request #27874 from keszybz/test-bus-server-shortening
  * sd-journal: fix assignment of tail entry offset
  * Merge pull request #27907 from mrc0mmand/quick-test-tweaks
  * udev-rules: terminate log messages with period
  * test: drop unnecessary copy of expected output
  * udev: downgrade log level about style issues
  * kernel-install: rewrite in C
  * kernel-install: make inspect command optionally take kernel image
  * kernel-install: also parse KERNEL_INSTALL_LAYOUT from /etc/machine-info
  * kernel-install: add --esp-path= and --boot-path= options
  * kernel-install: introduce --make-entry-directory= option
  * test-kernel-install: add tests for --make-entry-directory=
  * kernel-install: introduce --entry-token= option
  * test-kernel-install: add tests for --entry-token=
  * test: add more test cases about path_startswith()
  * test: move intro() near DEFINE_TEST_MAIN_WITH_INTRO()
  * chase: handle root path more carefully in chase_and_open()
  * chase: fix triggering assertion
  * Merge pull request #27912 from mrc0mmand/cryptsetup-tests
  * Merge pull request #27980 from bluca/tests
  * test: drop test for IFLA_NUM_RX_QUEUES
  * meson: bump required version to 0.54.0
  * meson: bump required version to 0.55.0
  * meson: bump required version to 0.56.0
  * udev-node: optimize device node symlink creation
  * kernel-install: skip to read /etc/machine-info in test
  * meson: drop redundant spaces
  * meson: drop non-existent test directories
  * mkosi: install HyperScale repository for CentOS 8
  * ci: bump debian release bullseye -> bookworm
  * meson: bump required version to 0.59.0
  * meson: bump required version to 0.60.0
  * networkd-test.py: show more debugging logs on failure
  * networkd-test.py: replace deprecated option IPv6AcceptRouterAdvertisements=
  * networkd-test.py: do not query IPv6 address
  * networkd-test.py: disable global DNS= setting
  * Merge pull request #28063 from bluca/test_oomd_fixlets
  * sd-journal: verify journal file header in more detail
  * meson: add dependency for udev runner to test
  * meson: also build symbol tests for static-libsystemd=no-pic
  * meson: drop wrong and redundant assignment
  * meson: shorten code a bit
  * meson: fix test dependency
  * meson: sort types
  * test: check size detections by meson
  * time-util: introduce usleep_safe()
  * meson: merge two similar loops for unit files
  * copy: add one more assertions about copy_flags
  * copy: fix fd leak
  * copy: propagate error in fd_copy_directory()
  * Merge pull request #28147 from mrc0mmand/drop-workarounds
  * test: skip if ldd command not found
  * meson: drop doubled empty line
  * meson: first try dependency(), then fallback to find_library()
  * battery-check: several follow-ups
  * network: introduce IPV6_PRIVACY_EXTENSIONS_KERNEL enum value
  * network: add global setting for IPv6PrivacyExtensions=
  * test-network: add test for global IPv6PrivacyExtensions= setting
  * test: add test for trailing invalid byte at the end
  * Merge pull request #28132 from rpigott/dhcp-captive-portal
  * network: constify several functions
  * network: delay to configure address until it is removed on reconfigure
  * test-network: check route more strictly
  * test-network: add test for static route with preferred source
  * repart: fix comment
  * Merge pull request #28232 from rpigott/ndisc-captive-portal-mfree
  * Merge pull request #28245 from rpigott/dhcp6-relax-assert
  * journal-upload: make --namespace=* work
  * hwdb: drop trailing white space
  * hwdb: merge multiple keyboard entries with same setting
  * hwdb: make matching modalias for Archos 101 Cesium Educ more strict
  * test: add reproducer for issue #28225
  * repart: fix free area calculation
  * test: update test for free area calculation in repart
  * unit: also condition out systemd-backlight in initrd
  * Merge pull request #28228 from yuwata/repart-free-area
  * sd-device: do not read uevent file in device_clone_with_db()
  * test: change partition label to test if the outdated devlinks are removed
  * sd-journal: introduce SD_JOURNAL_TAKE_DIRECTORY_FD flag for sd_journal_open_directory_fd()
  * journal-util: extract journal_open_machine() from journalctl
  * journal-upload: replace deprecated sd_journal_open_container()
  * journal-upload: add missing assertion
  * Merge pull request #28262 from YHNdnzj/transaction-followup
  * network: introduce link_get_captive_portal()
  * network: update comment
  * network: handle captive portal with multiple routers
  * network/ndisc: downgrade log level
  * test-network: drop ExecReload= in networkd.service and udevd.service
  * networkctl: urlify captive portal entry
  * core/service: make restart delay increase more smoothly
  * network/json: introduce PreferredLifetimeUSec and ValidLifetimeUSec
  * network,ndisc: use correct free function for captive portal
  * network/dhcp4: do not ignore the gateway even if the destination is in the same network
  * test-network: add one more testcase for DHCPv4 classless route
  * network,ndisc: use ndisc_captive_portal_free() at one more place
  * Merge pull request #28286 from yuwata/network-dhcp4-classless-static-routes
  * Merge pull request #28233 from mrc0mmand/append-to-corrupted-journals
  * network: split-out address_section_adjust_broadcast()
  * network: ignore Broadcast= setting when the address is null
  * network: log broadcast address and address label
  * network: also use address_kernel_{hash,compare}_func() for managing address requests
  * network: always copy input address for link_request_address()
  * network: make address_get() work for null address
  * test-network: add tests for null addresses
  * meson: allow to fallback to use libxcrypt.pc or glibc's libcrypt
  * Merge pull request #28296 from bluca/shell_compl
  * Merge pull request #28287 from yuwata/network-null-address
  * Merge pull request #28343 from poettering/daemon-reload-common
  * seccomp: add arm_fadvise64_64 to system-service group
  * man: move <varlistentry> in <variablelist>
  * tree-wide: fix typos reported by Fossies Codespell report
  * busctl: use json_variant_append_array()
  * tpm2-util: use json_variant_append_array()
  * logs-show: use json_variant_append_array()
  * hashmap: introduce hashmap_dump_sorted() and friends
  * network: use json_append() and json_variant_append_array()
  * Merge pull request #28385 from YHNdnzj/fstab-initrd-bind-mount
  * Merge pull request #27526 from mrc0mmand/journal-fss
  * test: add more test cases for proc_cmdline_filter_pid1_args()
  * proc-cmdline: re-implement proc_cmdline_filter_pid1_args() without using getopt_long()
  * sd-journal: fix 'the the'
  * network: check lifetime of address and route before configure
  * battery-check: allow to skip by passing systemd.battery-check=0
  * network: do not append table number in TableString field in json output
  * network: refuse to override predefined route table name
  * compare: fix typo
  * autopkgtest: create directory to make accounts-daemon.service not fail
  * po: update Japanese translation
  * Merge pull request #28424 from mrc0mmand/networkd-ra-captive-portals
  * kernel-install: silently ignore unexpected arguments for 'remove' command
  * test: fix a syntax error in test-ukify
  * test: use XDG_STATE_HOME for %S and %L
  * Merge pull request #28476 from bluca/revert_loop_links
  * tree-wide: drop references to /dev/loop/by-ref
  * udev: downgrade log level when running without cgroup
  * tree-wide: fix typo found by Fossies Codespell report
  * udev: decrease devlink priority for iso disks
  * test-ukify: use systemd-measure and bootctl in build directory
  * stat-util: fix error handling of statx()
  * mountpoint-util: statx() may return EINVAL if the kernel does not support the syscall
  * fd-util: make path_is_root_at() not fail even when /proc is mounted
  * fd-util: do not call statx() twice when it does not provide mount ID
  * Revert "network: delay to configure address until it is removed on reconfigure"
  * NEWS: fix typo
  * udev: set ID_PATH properties for all pci, usb, and platform devices
  * fstab-generator: rename 'initrd' flag to 'prefix_sysroot'
  * fstab-generator: fix target of /sysroot/usr
  * fstab-generator: add rd.systemd.mount-extra= and friends
  * fstab-generator: read both credentials in initrd
  * fstab-generator: add a flag to accept entry for "/" in initrd
  * test-fstab-generator: extract core part as a function
  * test-fstab-generator: also test with SYSTEMD_IN_INITRD=no
  * test-fstab-generator: add more tests for systemd.mount-extra= and friends
  * missing: include linux/types.h for __s64 and __u64
  * in-addr-util: introduce in_addr_prefix_covers_full() and friends
  * sd-dhcp: introduce sd_dhcp_lease_get_prefix()
  * network/dhcp4: use sd_dhcp_lease_get_prefix()
  * network/dhcp4: honor received broadcast address
  * network/dhcp4: use FOREACH_ARRAY() macro
  * network/dhcp4: drop unnecessary assignment
  * network/dhcp4: introduce dhcp4_get_classless_static_or_static_routes() helper
  * network/dhcp4: introduce dhcp4_get_router() helper function
  * network/dhcp4: introduce dhcp4_prefix_covers() helper function
  * network/dhcp4: always find suitable gateway for destination address
  * network/dhcp4: always honor specified gateway address
  * network/dhcp4: drop unused logic of finding default gateway
  * test: fix typo
  * fstab-generator: enable fsck for block device mounts specified in systemd.mount-extra=
  * meson: do not create dead systemd-confext symlink if sysext is disabled
  * Merge pull request #28558 from bluca/docs
  * ukify: check option length
  * network,dhcp: drop support of ClientIdentifier=duid-only
  * NEWS: mention about the removal of duid-only option
  * Merge pull request #28409 from yuwata/network-dhcp4-drop-duid-only
  * test-ukify: add tests for an empty argument
  * Merge pull request #28563 from keszybz/configure-meson
  * Merge pull request #28562 from yuwata/ukify-option-length
  * chase: reuse "done" to open fd of starting point
  * chase: fix CHASE_STEP with ".."
  * chase: drop CHASE_AT_RESOLVE_IN_ROOT earlier
  * chase: add two more assertions
  * chase: carefully handle result of extracting parent directory
  * chase: check root path in more detail
  * chase: propagate error in dir_fd_is_root()
  * udev-builtin-net_id: drop unused value from NetNameType
  * udev-builtin-net_id: swap arguments for streq() and friends
  * udev-builtin-net_id: split out get_ifname_prefix()
  * udev-builtin-net_id: make names_mac() self-contained
  * udev-builtin-net_id: make dev_devicetree_onboard() self-contained
  * udev-builtin-net_id: make names_ccw() self-contained
  * udev-builtin-net_id: make names_vio() self-contained
  * udev-builtin-net_id: do not assume the current interface name is ethX
  * udev-builtin-net_id: make names_platform() self-contained
  * udev-builtin-net_id: do not assume the current ifname is ethX
  * udev-builtin-net_id: make names_netdevsim() self-contained
  * udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
  * udev-builtin-net_id: make names_xen() self-contained
  * udev-builtin-net_id: make parse_hotplug_slot_from_function_id() always set return value on success
  * network/address: free Address object by caller that passed to link_request_address()
  * network: use address_remove_and_drop()
  * network: drop unnecessary conditions
  * network/address: split-out address_match_null()
  * network/queue: free assigned userdata only when a new request is queued
  * network/queue: detach request from queue when netlink reply received
  * tree-wide: fix typo
  * meson: drop short script to generate vcs tag
  * boot: always set SBAT_DISTRO_VERSION
  * tree-wide: drop unnecessary inclusion of version.h
  * meson: unconditionally add version dependency for all executables and libraries
  * meson: use kwargs to declare efi binaries
  * Merge pull request #28564 from YHNdnzj/gpt-auto-kill-more-duplicate
  * network: rename sd_netlink_message* req -> m
  * network/neighbor: drop IPv6 settings when the kernel does not support IPv6
  * network/address: merge address_needs_to_set_broadcast() with address_get_broadcast()
  * network/address: drop IPv6 settings when the kernel does not support IPv6
  * network/address: ignore address settings with unsupported flags
  * network/ipv4acd: use IN4_ADDR_TO_STRING()
  * network/ipv4acd: drop unused argument
  * sd-ipv4acd: introduce sd_ipv4acd_is_bound()
  * in-addr-util: introduce PTR_TO_IN4_ADDR() and IN4_ADDR_TO_PTR()
  * network/ipv4acd: split out sd_ipv4acd management from Address to Link
  * network/neighbor: skip to request neighbors with unmatching link layer address length
  * network/neighbor: follow the way how kernel distinguish neighbor settings
  * network/neighbor: do not add Neighbor object to Link on requesting
  * test-network: add tests for several invalid neighbor settings, and overriding settings
  * Merge pull request #28572 from yuwata/network-ipv4acd
  * Merge pull request #28575 from yuwata/network-address-next-part3
  * Merge pull request #28591 from yuwata/network-neighbor-next
  * network: fix typo
  * network/address: make Address object more consistent with assigned address
  * network/address: do not add Address object to Link on requesting
  * network/address: introduce address_get_harder() and use it where appropriate
  * network/address: also save/update priority of prefix route
  * test-network: add testcase for overriding Address.RouteMetric=
  * Merge pull request #28573 from yuwata/network-address-next-part2
  * network/address: do not set configuring flag when a request is canceled
  * network/address: add missing space in log message
  * network/address: make Label= accept an empty string
  * network/address: always set IFA_ADDRESS attribute for IPv6 address on configure
  * network/address: check if existing addresses can be updated in more detail
  * test-network: add more tests for address properties
  * network/address: drop unused functions
  * network/address: rename address_kernel_{compare,hash}_func() -> address_{compare,hash}_func()
  * resolve: initialize 'current' when SD_RESOLVED_NO_STALE is set
  * meson: move declarations of arrays
  * meson: introduce infra to build executables and shared libraries by using dictionary
  * meson: move declaration of cryptsetup token modules
  * meson: move declarations of nss modules
  * meson: move declaration of PID1
  * udev-util: drop udev_queue_init() from shared
  * meson: sort files
  * udev: move DEVICE_TRACE() to udev-trace.h
  * udev: split-out formatter and spawning commands from udev-event.c
  * udev: rename test-udev-event.c -> test-udev-spawn.c
  * udev: move several functions from udev-util.c to relevant udevd source files
  * udev: split-out worker code from udevd.c
  * udev: merge manager_clear_for_worker() with manager_free()
  * udev: drop mostly unused Manager.pid
  * udev: move arg_xyz into Manager
  * udev: split udevd.c into two
  * udev: rename test-udevd.c -> test-udev-manager.c
  * udev: move udev_parse_config_full() to udevd.c
  * udev: move declaration of ResolveNameTiming to udev-rules.c
  * test: update comment to make it consistent with the condition
  * Merge pull request #28577 from yuwata/udev-split-files
  * fstab-util: use pointer returned by startswith()
  * Merge pull request #28568 from yuwata/network-address-next
  * Merge pull request #28153 from yuwata/meson-use-template
  * meson: move declaration of systemd-analyze
  * meson: move declarations of journald and friends
  * meson: move declarations of several generators
  * meson: move declarations of hibernate-resume
  * meson: move declarations of dissect and friends
  * meson: move declarations of resolved and friends
  * meson: move declarations of logind and friends
  * meson: move declaration of user-sessions
  * meson: move declarations of bootctl and friends
  * meson: move declaration of socket-activate
  * udev: fix typo in comment
  * Merge pull request #28605 from yuwata/meson-use-template
  * Merge pull request #28606 from DaanDeMeyer/kernel-install
  * meson: move declaration of systemctl
  * meson: move declarations of portabled and friends
  * meson: move declaration of sysext
  * meson: move declarations of userdbd and friends
  * meson: move declarations of homed and friends
  * meson: move declarations of backlight, rfkill, and sysupdate-generator
  * meson: move declarations of cryptsetup and friends
  * meson: move declarations of several generators
  * meson: move declarations of localed and hostnamed
  * meson: move declarations of timedated and friends
  * udev-builtin-net_id: skip non-directory entry earlier
  * udev-builtin-net_id: return earlier when hotplug slot is not found
  * udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
  * udev-builtin-net_id: split out get_dev_port() and make its failure critical
  * udev-builtin-net_id: introduce get_port_specifier() helper function
  * udev-builtin-net_id: split-out get_pci_slot_specifiers()
  * udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
  * docs: fix typo
  * meson: move declarations of machined and friends
  * meson: move declarations of journal-remote and friends
  * meson: move declarations of coredumpd and friends
  * meson: move declarations of pstore, oomd, and binfmt
  * meson: move declarations of random-seed, vconsole, and sysupdate
  * meson: move declarations of fsck, firstboot, machine-id-setup, and remount-fs
  * meson: move declarations of repart and friends
  * meson: move declarations of ac-power, detect-virt, sysctl, and sleep
  * meson: move declarations of delta, escape, notify, creds, and battery-check
  * meson: move declarations of cgroups-agent, id128, volatile-root, and path
  * Merge pull request #28609 from yuwata/udev-builtin-net_id-cleanups-part2
  * Merge pull request #28611 from yuwata/meson-use-template
  * udev-builtin-net_id: drop unused arguments
  * udev-builtin-net_id: introduce device_is_stacked() helper function
  * udev-builtin-net_id: various coding style cleanups
  * udev-builtin-net_id: fix potential buffer overflow
  * meson: move declarations of ask-password and friends
  * meson: move declarations of cgls, cgtop, initctl, and systemd-mount
  * meson: move declarations of busctl, stdio-bridge, and run
  * meson: move declarations of hwdb, sysusers, and tmpfiles
  * meson: move declarations of socket-proxy, udevadm, quotacheck, and shutdown
  * meson: move declarations of modules-load, nspawn, update-done, and update-utmp
  * meson: move declarations of networkd and friends
  * meson: move declarations of kernel-install and sulogin-shell
  * Merge pull request #28619 from yuwata/udev-builtin-net_id-cleanups-part3
  * udeb-builtin-net_id: split out get_usb_specifier() from names_usb()
  * udev-builtin-net_id: drop redundant copy of USB identifier in names_usb()
  * udev-builtin-net_id: split out get_bcma_specifier() from names_bcma()
  * udev-builtin-net_id: drop redundant copy of BCMA identifier in names_bcma()
  * udev-builtin-net_id: split out names_pci_onboard_label() from dev_pci_onboard()
  * udev-builtin-net_id: first parse USB or BCMA identifier, then parse PCI properties
  * test: skip tests earlier when we do not have enough privileges
  * meson: fix name of test-network-generator
  * network-generator: make network file generated from ip=dhcp matches only physical interfaces
  * Merge pull request #28646 from yuwata/network-generator-ip-dhcp
  * udev: decrease devlink priority for encrypted partitions
  * journalctl: do not add io event source for stdout if it is a file
  * Merge pull request #28640 from medhefgo/boot-count
  * meson: move several test declarations
  * test: fix test executable name
  * meson: introduce HAVE_DMI flag
  * meson: use template to declare udev plugins
  * test: rename udev-rule-runner -> test-udev-rule-runner
  * meson: merge declarations of normal and test executables
  * meson: also merge declarations of fuzzers with other executables
  * meson: set suite for all tests, and adjust suite for some tests
  * Merge pull request #28628 from yuwata/meson-use-template-part6
  * shutdown: disable recursive mount of /run/ on switching root
  * shutdown: do not umount recursively before MS_MOVE
  * switch-root: reopen target directory after it is mounted
  * Revert "tmpfiles.d: adjust /dev/vfio/vfio access mode"
  * unit: make udev rules take precesence over tmpfiles
  * test: add short test for device node permission
  * test: shorten timeout for 'udevadm monitor'
  * Merge pull request #28681 from yuwata/udev-vs-tmpfiles
  * udev: split out manager_set_default_children_max()
  * udev: allow to set the maximum number of worker process to 0
  * man: update document about the maximum number of child processes
  * busctl: fix showing array of dictionary in JSON format
  * udev: set ID_NAME and ID_SERIAL to MMC/memstick devices again
  * resolve: ignore nameserver= and domain= kernel command line options without value
  * tree-wise: drop unnecessary use of proc_cmdline_key_streq()
  * dhcp: rename function argument
  * sd-dhcp-server: propagate error on parsing DHCP packet
  * meson: use install_emptydir() and drop meson-make-symlink.sh
  * Revert "unit: make udev rules take precesence over tmpfiles"
  * unit: make udev rules really take precedence over tmpfiles
  * Merge pull request #28731 from yuwata/sd-dhcp-server-cleanups
  * veritysetup-generator: fix ordering of generated units
  * Revert "Revert "tmpfiles.d: adjust /dev/vfio/vfio access mode""
  * test: also check the ordering between udevd and tmpfiles-setup
  * proc-cmdline: make proc_cmdline_get_bool() take flags
  * fstab-util: introduce fstab_enabled() helper function
  * fstab-generator: update cache in fstab_enabled_full() based on the parsed result of fstab=
  * remount-fs: split-out remount_by_fstab()
  * remount-fs: refuse to remount based on fstab when fstab=no kernel command line option specified
  * udev-builtin-net_id: fix potential invalid memory access
  * udev: re-introduce symlinks for loopback block device
  * Merge pull request #28741 from keszybz/minor-tweaks-for-recent-patches
  * Merge pull request #28732 from yuwata/udev-vs-tmpfiles-take-2
  * udev-builtin-net_id: introduce get_matching_parent() helper function
  * udev-builtin-net_id: introduce get_first_syspath_component() helper function
  * udev-builtin-net_id: add more debugging logs
  * udev-builtin-net_id: use strjoin() if possible
  * Merge pull request #28767 from poettering/epoll-eperm-journalctl
  * Merge pull request #28749 from yuwata/udev-net-id-fix-and-cleanup
  * Merge pull request #28760 from poettering/coredump-tweaks
  * io-util: introduce iovw_append() helper function
  * coredump: fix various invalid memory access
  * Merge pull request #28779 from yuwata/iovw-append
  * Revert "unit: make udev rules really take precedence over tmpfiles"
  * units: introduce systemd-tmpfiles-setup-dev-early.service
  * Merge pull request #28784 from yuwata/udev-vs-tmpfiles-take-3
  * Merge pull request #28801 from mrc0mmand/initrd-shutdown-test
  * meson: drop unnecessary dependency on libidn
  * test: fix expected result of systemd-repart
  * test: disable TEST-08-INITRD on ubuntu CI
  * Merge pull request #28809 from YHNdnzj/proc-cmdline-true-when-missing
  * Merge pull request #28744 from YHNdnzj/battery-check-minor-followup
  * core: drop redundant assignment of UNIT_MERGED in unit_load_fragment()
  * Revert "mount: check right before invoking /bin/umount if it makes sense"
  * core/mount: disable timer event source when USEC_INFINITY
  * core: split out functions and definitions from execute.[ch] to credential.[ch]
  * core/credential: split out unit_add_default_credential_dependencies()
  * core: set $CREDENTIALS_DIRECTORY only when we set up credentials
  * core/credential: make setup_credentials() return path to credentials directory
  * core: do not leak mount for credentials directory if mount namespace is enabled
  * test-execute: add tests for credentials directory with mount namespace
  * network/address-pool: split-out address_intersect()
  * inetwork/address-pool: also check queued addresses
  * network: fix log message and man page for HopLimit=
  * network: several follow-ups for TCP-RTO setting
  * man/rules: update man rules for systemd-tmpfiles-setup-dev-early.service
  * bsod: several cleanups
  * core/namespace: use ERRNO_IS_NEG_PRIVILEGE()
  * core/namespace: reimplement mount_private_sysfs() in the same logic to mount private procfs
  * mount-util: drop unused remount_and_move_sub_mounts()
  * core/namespace: add missing string table entries
  * core/namespace: do not return 1 unnecessarily
  * Merge pull request #28496 from ssahani/ndisc-28426
  * Merge pull request #28926 from yuwata/bsod-cleanups
  * Merge pull request #28764 from yuwata/core-namespace
  * Revert "network: DHCP6 client- Allow to send manual DUID"
  * network: introduce per DUID type setters
  * network/dhcp: fix maximal DUID data size
  * dhcp: DUID-EN identifier has variable length
  * network/dhcp: make DUIDType= take an arbitrary integer
  * network/ndisc: do not store too many captive portals provided through RA
  * network/ndisc: use the first captive portal in each RA
  * nspawn: check validity of the internal interface name only explicitly specified
  * sd-dhcp-client: make client initially in stopped state
  * sd-dhcp-client: ensure IAID and DUID being set on start
  * Revert "test-dhcp-client: add temporary workaround for assertion failure"
  * Merge pull request #24570 from topimiettinen/nft-sets-v2
  * man: mention version info for NFTSet= setting
  * Revert "network: ndisc - drop routes of lifetime 0"
  * network/ndisc: drop captive portals with zero lifetime earlier
  * sd-ndisc,sd-radv: fix use of uninitialized value
  * Merge pull request #28896 from pelaufer/dhcp_dbus_notify
  * icmp6-util: several cleanups for icmp6_receive()
  * icmp6-util: make icmp6_receive() accept the null source address
  * test: extract dummy icmp6 utils for tests
  * Merge pull request #29052 from yuwata/icmp6-util-cleanups
  * Merge pull request #29023 from pelaufer/dhcp-prefix-dbus
  * network/ndisc: drop outdated PREF64 prefixes
  * network/ndisc: refuse too many PREF64 prefixes
  * sd-dhcp-client: store lifetime and friends in usec_t
  * time-util: introduce triple_timestamp_from_boottime()
  * dhcp: introduce sd_dhcp_lease_get_timestamp()
  * sd-dhcp-client: introduce sd_dhcp_lease_has_6rd() helper function
  * network: reorder bus implementations
  * network/ndisc: split out ndisc_router_process_icmp6_ratelimit()
  * man: mention DBus interfaces for DHCP clients
  * meson: sort headers
  * sd-dhcp: split out sd-dhcp-protocol.h from sd-dhcp-client.h
  * sd-dhcp-server: fix typo in arguments
  * sd-dhcp6-client: split out sd-dhcp6-protocol.h
  * Merge pull request #29094 from yuwata/network-dbus-doc
  * Merge pull request #29088 from yuwata/libsystemd-network-headers
  * core: allow to run generators without sandboxing on qemu-user
  * Revert "core: do not leak mount for credentials directory if mount namespace is enabled"
  * core: rename credential.[ch] -> exec-credential.[ch]
  * core/exec-credential: introduce exec_context_get_credential_directory() helper function
  * test-execute: check credentials can be read on ExecStartPost= and friends
  * core/credential,mount: re-read /proc/self/mountinfo before invoking umount command
  * network: drop duplicated address_set_broadcast()
  * network: drop duplicated check
  * hashmap: introduce HASHMAP_BASE_FOREACH() and friend
  * conf-parser: modernize config_section_new()
  * conf-parser: check overflow in hashmap_find_free_section_line()
  * conf-parser: introduce ordered_hashmap_by_section_find_unused_line()
  * network: call network_adjust_dhcp_server() from network_drop_invalid_addresses()
  * network: find DHCP server address only on loading .network file
  * network: allow to set null address for [DHCPServer] ServerAddress=
  * man: update [DHCPServer] ServerAddress=
  * test-network: add testcase for [DHCPServer] ServerAddress= with null address
  * network/sr-iov: ignore -EINVAL in reading dev_port sysfs attribute
  * network/sr-iov: move common parts to link_set_sr_iov_ifindices()
  * Merge pull request #29197 from takaswie/topic/hwdb/ieee1394-unit-function
  * network: drop _fallthrough_ in address_{hash,compare}_func()
  * network: rename address_prefix() -> address_ipv4_prefix()
  * network: allow to configure multiple IPv6 null addresses with different prefix length
  * test-network: add test for multiple IPv6 null addresses
  * libsystemd-network: introduce several helper functions to handle time values
  * sd-dhcp-server: store lifetime and friends in usec_t
  * test: check return value of sd_journal_next() and friends
  * test: add more testcases for seeking journal entries
  * sd-journal: also clear saved direction on seek
  * sd-dhcp6-client: introduce sd_dhcp6_lease_has_pd_prefix() and friend
  * sd-dhcp6-client: rework IA_NA or IA_PD getters
  * sd-dhcp6-client: use be32_sec_to_usec() at more places
  * sd-dhcp6-client: introduce sd_dhcp6_lease_get_t1() and friends
  * sd-radv: make sd_radv always take timespan in usec
  * test-ndisc-ra: add tests for recently added functions
  * sd-device: include missing alloc-util.h
  * sd-dhcp-client: use unaligned_be32_sec_to_usec()
  * sd-event: drop unnecessary call of sd_event_now() when requested relative time is zero
  * network: split out link_get_address_states()
  * sd-ndisc: rename function arguments for storing results
  * sd-journal: refuse entry objects with an empty boot ID
  * sd-ndisc: make sd_ndisc return time values in usec
  * sd-dhcp-client: split out client_enter_bound()
  * sd-dhcp-client: split out client_enter_requesting()
  * sd-dhcp-client: do not set fallback subnet mask if it is already set
  * sd-dhcp-client: introduce dhcp_lease_unref_and_replace()
  * sd-dhcp-client: split out client_parse_message()
  * test: fix header verification
  * sd-journal: also verify tail_entry_boot_id and friends in journal_file_verify_header()
  * sd-journal: boot_id is always non-NULL
  * sd-journal: refuse to write entry without boot ID
  * journalctl: several cleanups for find_boot_by_offset()/_by_id()
  * logs-show: move journal_find_boot_by_offset() and friends from journalctl.c
  * logs-show: use sd_journal_step_one()
  * test: add tests for journal_find_boot_by_offset() and friends
  * sd-journal: always fallback to find entry by realtime
  * test: add test case that journal file with unreferenced _BOOT_ID data
  * sd-journal: drop redundant re-read of entry array object
  * sd-journal: make bump_entry_array() return positive when a valid offset found
  * sd-journal: merge two bump_entry_array() calls
  * sd-journal: fix calculation of number of 'total' entries in the chained arrays
  * sd-journal: add missing 'error' handling
  * sd-journal: add/update comments
  * sd-journal: merge journal_file_next_entry_for_data() with generic_array_get_plus_one()
  * mmap-cache: use structured initializer
  * mmap-cache: modernize mmap_cache_add_fd()
  * mmap-cache: check if mmap protection mode is consistent when fd is already managed
  * mmap-cache: modernize free functions
  * mmap-cache: rebreak lines
  * sd-netlink: make calc_elapse() return USEC_INFINITY when no timeout is requested
  * sd-netlink: make the default timeout configurable by environment variable
  * meson: drop unused home_includes
  * fileio: make read_full_file_full() usable with size and READ_FULL_FILE_UNBASE64
  * network: set maximum length to be read by read_full_file_full()
  * journald: do not close all files stored in Server.deferred_closes
  * journald: split-out closing journal files from managed_journal_file_open()
  * journald: drop ManagedJournalFile
  * journald: move and rename journal/managed-journal-file.[ch] -> shared/journal-file-util.[ch]
  * journal-remote: drop dependencies to journald
  * journal: move several tests to libsystemd/sd-journal
  * test: split test-tables into three
  * journalctl: find boot ID more gracefully in corrupted journal
  * fuzz: limit size for fuzz-manager-serialize
  * man: update the list of ignored options by Anonymize=yes
  * sd-journal: drop unnecessary re-read of object
  * tree-wide: fix typo
  * po: fix invalid printf format specifier
  * sd-netlink: use secure_getenv()
  * test-network: test SIP servers obtained by DHCP
  * sd-journal: drop unused argument for generic_array_bisect_plus_one()
  * mmap-cache: merge mmap_try_harder() with make_room()
  * mmap-cache: merge window_matches() and window_matches_fd()
  * mmap-cache: merge mmap_cache_fd_get() with try_context() and find_mmap()
  * mmap-cache: each Window is owned by MMapFileDescriptor
  * network: skip to set request address when anonymized
  * network: introduce [DHCPv4] RequestAddress= setting
  * test-network: add tests for [DHCPv4] RequestAddress= setting
  * test: modernize test-journal-flush
  * journal-file-util: do not fail when journal_file_set_offline() called more than once
  * test: add reproducer for SIGBUS issue caused by journal truncation
  * sd-journal: rewrite conditions for test result and direction
  * sd-journal: drop unnecessary re-read of data object
  * sd-journal: reduce number of calls generic_array_bisect_plus_one()
  * sd-journal: make journal_file_next_entry() always return the nearest entry object
  * Merge pull request #29417 from yuwata/sd-journal-cleanups-for-generic-array-bisect-plus-one
  * core: fix typo
  * man: fix typo
  * backlight: support to specify percentage of minimum brightness
  * libsystemd-network: introduce $SYSTEMD_NETWORK_TEST_MODE environment variable
  * fuzz: suppress log messages
  * test-network: move get_dbus_dhcp_client_state() and friends to global
  * Merge pull request #29325 from poettering/varlink-introspect
  * varlink: fix typo
  * varlink: drop unnecessary condition
  * tree-wide: use path_simplify_alloc() more
  * tree-wide: add missing sigbus handling
  * network/tc: align vtables
  * network/tc: drop child tree of traffic control nodes on remove
  * network/tc: fix enumeration logic of traffic control classes
  * network/tc: re-enumerate traffic control classes when a qdisc created
  * network/tc: allow to configure class or qdisc under foreign one
  * network/tc: support Parent=X:0 for qdiscs
  * test-network: extend testcase for tbf
  * Merge pull request #29482 from poettering/cgroup-func-rename
  * network: also save NTP servers and friends obtained by other protocols
  * test-network: test for NTP servers by DHCPv6 protocol
  * network/dhcp6: shorten dhcp6_handler()
  * network/dhcp6: keep lease when running in information request mode
  * test-network: add test for DHCPv6 information requesting mode
  * sd-dhcp-client: support IPv6 only mode
  * network/dhcp4: support IPv6 only mode (RFC 8925)
  * test-network: add tests for DHCP IPv6 only mode
  * core/execute: suppress logs if LogLevelMax= is specified
  * Merge pull request #29472 from yuwata/network-dhcp-ipv6-only-mode
  * network: restart dhcp4 client when renewing lease is requested but the client is stopped
  * test-network: add test case for renewing DHCP lease
  * test-network: drop unnecessary explicit stop of dnsmasq
  * sd-dhcp-server: make sd_dhcp_server_is_running() silently work with NULL
  * network: do not trigger assertion by forcerenew command
  * Merge pull request #29544 from yuwata/network-dhcp-bus-command
  * Merge pull request #29588 from keszybz/net-naming-scheme-255
  * tree-wide: fix typo
  * tree-wide: check if return value of lseek() and friends is negative
  * macro: paranoia about overflow
  * macro: introduce several helper functions for alignment
  * sd-journal: use PAGE_ALIGN_U64() and friends
  * macro: introduce u64_multiply_safe() to avoid overflow
  * mmap-cache: check offset and size more carefully
  * tree-wide: check results of PAGE_ALIGN()
  * core/namespace: split out create_temporary_mount_point()
  * cgroup-util: drop dead code block
  * netif-naming-scheme: disable NAMING_BRIDGE_MULTIFUNCTION_SLOT
  * fuzz: include library headers first
  * dhcp: move DHCPState to dhcp-client-internal.h
  * dhcp: split out dhcp-network.h from dhcp-internal.h
  * sd-dhcp-client: simplify the condition in sd_dhcp_client_get_lease()
  * sd-dhcp-client: only send RENEW message when the client is in bound state
  * sd-dhcp-client: add a short comment about IPv6 only mode
  * dhcp: move DHCP client specific definitions to dhcp-client-internal.h
  * sd-dhcp-client: always use sd_dhcp_client.timeout_ipv6_only_mode for delaying subsequent task
  * dhcp: split dhcp-internal.h into two
  * network,dhcp: restart client with 'networkctl renew' when delayed by IPv6 only mode
  * Merge pull request #29679 from keszybz/drop-iovec-null
  * network: do not try to save link state file twice on boot
  * network: make link_save() static
  * network: also synchronously update manager state file
  * test-network: wait for the state file being updated
  * dissect: insert missing space
  * network: update state file when DHCPv6 reply for INFORMATION-REQUEST is received
  * test-network: suppress too much outputs of state file
  * tree-wide: fix typo
  * inotify-util: drop to use pointer outside of the buffer
  * core/namespace: unify logic of mounting /proc and /sys
  * core/namespace: check if we have enough privilege to mount sysfs or procfs
  * test: add a simple test for PrivateNetwork=
  * Merge pull request #29693 from rpigott/dhcp-rapid-commit
  * Merge pull request #29767 from poettering/host-to-host
  * tree-wide: fix typo
  * tests: make log_tests_skipped() and friend accept format string
  * tests: use log_tests_skipped() and friend more
  * Merge pull request #29247 from naraghavan/naraghavan/dhcpv6-vendor-options
  * env-util: make write_env_file() optionally take headers
  * locale,firstboot: add headers to vconsole.conf
  * locale: drop implementation detail from comment in config file
  * dissect: reenable automatic removal before trying again
  * udevadm-trigger: mention --type=all in help
  * udev: fix device name shown in the log message on failure
  * Merge pull request #29786 from mrc0mmand/more-executor-stuff
  * Merge pull request #29770 from Werkov/doc-fixes
  * NEWS: fix typo
  * network: support ID_NET_MANAGED_BY udev property
  * man: fix typo
  * udev: update devlink with the newer device node even when priority is equivalent
  * udev: revert workarounds for issues caused by the devlink creation optimization
  * dhcp6: enterprise ID is 32bit
  * sd-netlink: res_id is 16bit but serial is 32bit
  * Merge pull request #29817 from YHNdnzj/fchmodat2
  * NEWS: several updates for networking
  * meson: install newly added example .network file
  * network: disable IPv6AcceptRA= in several default config
  * network: make generated configs have higher precedence over default configs
  * man: mention that network files should be prefixed with number smaller than 70
  * network: add meson option to rename .example files on install
  * meson: /etc/systemd/network is also used by udevd
  * Update NEWS
  * man: mention DHCPv4 Router option is ignored when Classless Static Routes option is received
  * Merge pull request #29836 from poettering/libiptc-dlopen
  * virt: also check if PID1 is in chroot
  * sd-journal: drop redundant re-reading of entry array object
  * sd-journal: rework generic_array_bisect()
  * mmap-cache: drop Context and boolean flags in Window
  * mmap-cache: introduce enum MMapCacheCategory
  * mmap-cache: introduce window_matches_by_addr()
  * sd-journal: introduce journal_file_pin_object()
  * sd-journal: make generic_array_bisect_plus_one() take data object
  * tree-wide: fix typo
  * udevadm-trigger: extend receive buffer size
  * Revert "ndisc: Also set link hoplimit"
  * network: fix indentation
  * network: do not try to set invalid value for IPv6 hop limit
  * sd-device-monitor: unconditionally increase buffer size by sd_device_monitor_new()
  * Merge pull request #29675 from DaanDeMeyer/kernel-install-json
  * test-network: test MultiPathRoute= via another interface
  * sd-dhcp-client: gracefully ignore OFFER with Rapid Commit option
  * sd-dhcp-client: unconditionally set sd_dhcp_client.request_sent when a packet is sent
  * sd-dhcp-server: support rapid commit (RFC4039)
  * network: add [DHCPServer] RapidCommit= setting
  * network-generator: relax requirement for peer address, route destination, and gateway
  * network-generator: drop unused family argument
  * network-generator: add missing assertions
  * network-generator: allow to specify both IPv4 and IPv6 DNS servers
  * network-generator: refuse unexpected trailing strings
  * Merge pull request #29910 from yuwata/rapid-commit
  * sd-dhcp-client: make client_handle_message() propagate critical error
  * tree-wide: fix typo
  * vmspawn: fix memleak
  * test: set working directory even if it is expected that the command fails
  * sd-dhcp-client: split out client_verify_message_header()
  * sd-dhcp-client: move packet size check to dhcp_packet_verify_headers()
  * sd-dhcp-client,-server: set timestamp based on the time when received a packet
  * resolve/mdns: do not append packets without records
  * resolve/mdns: split out mdns_make_dummy_packet()
  * meson: disable -Ddefault-network by default
  * meson: fix install path of example .network files
  * resolve: tweak logs about truncation
  * resolve/mdns: allow mDNS queries with truncation flag
  * resolve/mdns: silently ignore Known-Answers only packets
  * network: use Kind= instead of Driver=
  * network: make 89-ethernet.network match only physical interfaces
  * man: fix typo
  * network: fix json generation
  * test-network: verify json format about DHCPv6 client status
  * Merge pull request #29932 from yuwata/default-network-cleanups
  * meson: fix install path of example .network files
  * networkd-test.py: hide default .network files
  * networkd-test.py: prefix .network and .netdev files with digits
  * test: prefix network config files with digits
  * test: use wait-online
  * Merge pull request #29939 from YHNdnzj/fdopen-independent-mode
  * Merge pull request #29949 from mrc0mmand/even-more-ntp-followups
  * Merge pull request #29937 from yuwata/network-fix-json-format
  * network/dhcp-pd: use correct flag when DHCPv4 6rd is enabled
  * network/dhcp6: use link_check_address_ready() at one more place
  * network/dhcp6: skip to check existence of DHCPv6 address when UseAddress=no
  * test-network: add test case for issue #29979
  * Merge pull request #29958 from mrc0mmand/journal-line_max
  * Merge pull request #29929 from poettering/tty-reset-fixes
  * TODO: fix typo
  * conf-parser: inline variable declaration
  * conf-parser: fix argument type of ConfigPerfItemLookup
  * network/neighbor: suppress noisy debugging logs
  * network/brvlan: rework bridge vlan ID assignment
  * network/brvlan: parse_vlanid() accepts zero, hence PVID may be zero
  * network/brvlan: convert condtion to assertion
  * network/brvlan: make [BridgeVLAN] settings support an empty string
  * network/brvlan: read bridge vlan IDs through netlink and save them
  * network/brvlan: remove unnecessary bridge vlan IDs
  * test-network: extend tests for [BridgeVLAN] settings
  * Merge pull request #29968 from bluca/executor_selinux_lazy_load
  * Merge pull request #29976 from YHNdnzj/session-by-leader-pidref
  * core: rename MemoryZswapCurrent -> MemoryZSwapCurrent
  * Merge pull request #30003 from poettering/vendor-model-unify
  * Merge pull request #30010 from poettering/mount-tool-tweakles
  * Merge pull request #30015 from poettering/tpm2-slow-tests
  * Merge pull request #30005 from poettering/storagetm-plymout
  * storagetm: use path to device node instead of devpath
  * Merge pull request #30027 from bluca/news
  * dhcp: drop unused prototype
  * dhcp: fix maximum DUID size
  * sd-dhcp6-client: fix DUID data length passed to hexmem()
  * network: do not try to create netdev from tests
  * dhcp: do not trigger assertion by malformed messages
  * sd-device: do not trigger assertion by a bad udev rules
  * sd-bus: insert missing space
  * sd-bus: drop SD_BUS_CREDS_AUGMENT flag
  * test: several cleanups for test-bus-chat
  * test: sd_bus_process() may assign NULL even if it returns positive
  * Merge pull request #30044 from poettering/dissect-tool-tweaklets
  * Merge pull request #30045 from poettering/discover-image-tweaklets
  * Merge pull request #30043 from mrc0mmand/more-assert_return
  * log: rename variables to store function call results
  * test: always call test_setup_logging()
  * fuzz: always call fuzz_setup_logging()
  * network/dhcp: actually refuse to assign DHCP option when an invalid string is passed
  * Merge pull request #30070 from weblate/weblate-systemd-master
  * kernel-install: propagate failures in plugins
  * test: add test cases about plugin exit code
  * libsystemd-network: introduce triple_timestamp_from_cmsg()
  * in-addr: improve log message for e.g. [DHCPv4] AllowList=
  * kernel-install: do not resolve symlink in paths passed to plugins
  * systemctl: fix typo
  * man: [DHCPv4] RapidCommit= is disabled when Anonymize=yes
  * network/dhcp: disable RapidCommit= by default when AllowList=/DenyList= is specified
  * test-network: add tests for [DHCPv4] AllowList= and DenyList=
  * pid1: drop unnecessary space
  * pid1: terminate cylon string
  * pid1: move draw_cylong() to pretty-print.[ch]
  * test: add test for draw_cylon()
  * sd-journal: warn about seals may not be continuous only when the file is sealed
  * Merge pull request #30133 from yuwata/fix-draw-cylon
  * journal: sync immediately on shutting down journald
  * locale-util: do not call setlocale() when multi-threaded
  * locale-util: drop unused init_gettext()
  * io-util: actually retry on failure
  * analyze: drop duplicated :
  * analyze: shorten code a bit
  * analyze: set SYSTEMD_UNIT_PATH in verify_generate_path()
  * analyze: do not prepend the current working directory to SYSTEMD_UNIT_PATH needlessly
  * login: do not clear wall message before shutting down
  * ptyfwd: trivial format cleanups
  * run: escape command for description
  * Merge pull request #30188 from YHNdnzj/memory-accounting-followup
  * analyze: return earlier when there is no path to be prepended
  * Merge pull request #30119 from mrc0mmand/test-console
  * Merge pull request #30197 from keszybz/vconsole-restart-no-limit
  * Merge pull request #30196 from YHNdnzj/fchmodat2-no-symlink
  * Merge pull request #30200 from mrc0mmand/test-tweaks
  * resolve: fix varink message verification
  * varlink: fix key name in reply of org.varlink.service.GetInterfaceDescription
  * test: add simple coverity test for 'resolvectl show-cache'
  * test: drop remaining console output
  * test: show saved journal files after TEST-02-UNITTESTS
  * test: verify json format passed through varlink
  * capability-util: avoid false-positive use-of-uninitialized-value error
  * varlinkctl: add short comment
  * man: also SIGKILL is sent on soft-reboot
  * unit: make journald stopped on soft-reboot before broadcasting SIGKILL
  * test: check journal files are not corrupted after soft-reboot
  * core/cgroup: fix compile error
  * utmp-wtmp: fix wrong suffix assignment on putting dead process
  * sd-journal: fix typo in function name
  * contrib: include co-authors to the contributor list of NEWS
  * sd-journal: ignore failure in testing cached corrupted entry
  * sd-journal: fix corrupted journal handling of generic_array_bisect()
  * test: split out finalization task
  * test: make append_number() optionally return offset of the entry object
  * test: add tests for generic_array_bisect()
  * sd-netlink: change error code of the case that too many replies waiting
  * sd-netlink: introduce netlink_get_reply_callback_count()
  * firewall-util: introduce fw_ctx_get_reply_callback_count()
  * network: do not send too many netlink messages in a single event
  * seccomp-util: override default action only when the filter is allow-list
  * seccomp-util: also use ENOSYS for unknown syscalls in seccomp_load_syscall_filter_set()
  * Merge pull request #30305 from yuwata/seccomp-fix
  * journald: close runtime journals before their parent directory removed
  * journald: also remove runtime journal directories with a different machine ID
  * test: add test for seqnum and seqnum ID
  * tools/meson-vcs-tag: the third argument is optional
  * basic: fix typo
  * journal: split out server_new() from server_init()
  * journal: add short comment for boolean arguments
  * journal: use usec_add() and usec_sub_unsigned()
  * journal: use sd_event_now()
  * repart: fix coding style of error handling
  * hostnamectl: do not show local machine ID and boot ID when requested to show information about remote host
  * hostname: expose machine ID and boot ID through DBus
  * Merge pull request #30312 from yuwata/journal-cleanups
  * Merge pull request #30060 from poettering/analyze-archs
  * network: split out common checks
  * network: do not try to update IP sysctl settings for CAN devices
  * parse-util: accept arbitrary MTU size when AF_UNSPEC
  * network: update MTU after CAN specific configs applied
  * network: the maximum MTU size for CAN interface may be changed later
  * network: allow to configure interface MTU for CAN devices
  * test-network: add test for small MTU for vcan
  * Merge pull request #30362 from mrc0mmand/cat-highlight-directives
  * network/route: fix reachability check when peer address is specified
  * test-network: add test case for issue #30403
  * Merge pull request #30400 from bluca/coverity
  * Merge pull request #30399 from YHNdnzj/memory-accounting-always-peak
  * networkctl: fix typo
  * systemctl: fix typo
  * resolve: do not trigger assertion on exit
  * test: check if resolved exits cleanly
  * network/ipv4ll: do not start sd-ipv4ll on exit
  * test-network: check if networkd exits cleanly
  * resolve: fix wrong error cause assignment to log_debug_errno()
  * test: update log message and use SYNTHETIC_ERRNO()
  * network/neighbor: add missing OOM check
  * analyze: also find template unit when a template instance is specified
  * test: add test cases for issue #30357
  * network: adjust log message
  * network: drop unused Manager.routes_foreign
  * Merge pull request #30389 from keszybz/test-ukify-du
  * Merge pull request #30422 from yuwata/network-tiny-fixes
  * network: drop redundant 'struct'
  * Merge pull request #30426 from mrc0mmand/nft-shenanigans
  * Merge pull request #30156 from yuwata/network-mtu
  * Merge pull request #30437 from YHNdnzj/job-start-msg
  * Merge pull request #30441 from poettering/nspawn-fixlets
  * Merge pull request #30445 from mrc0mmand/networkd-test-skip
  * network/nexthop: introduce ManageForeignNextHops= boolean setting
  * test-network: drop redundant call of tearDown()
  * test-network: reduce indent for verification
  * test-network: add test for ManageForeignNextHops=no
  * Merge pull request #30453 from poettering/dissect-fixes
  * Merge pull request #30433 from yuwata/network-nexthop-cleanups
  * find-esp: do not fail when /boot on btrfs RAID on searching ESP or xbootldr
  * find-esp: introduce verify_esp_flags_init() helper function
  * find-esp: do not skip fstype check even when --root= or --image= is specified
  * test: split out host_has_{btrfs,mdadm}() from TEST-64-UDEV-STORAGE
  * test: make install_mdadm() also install relevant kernel modules
  * test: mask mdmonitor when building image
  * test: create ESP and xbootldr partitions
  * test: add basic coverity tests for bootctl
  * network: do not trigger assertion when link_get_by_index() called with an invalid ifindex
  * network/nexthop: split-out nexthop_update_group()
  * network/nexthop: do not assign invalid ID
  * network/nexthop: NextHop.id is always positive when nexthop_configure() is called
  * network/nexthop: rename nexthop_owned_by_link() -> nexthop_bound_to_link()
  * network/nexthop: rename manager_get_nexthop_by_id() -> nexthop_get_by_id()
  * network/nexthop: manage all nexthops by manager
  * network/nexthop: do not add NextHop object to Link on requesting
  * network/nexthop: check existing nexthop can be replaced with requested one
  * sd-netlink: the kernel ignores NLM_F_APPEND in RTM_NEWNEXTHOP message but uses NLM_F_REPLACE
  * Merge pull request #30440 from yuwata/network-nexthop-cleanups-2
  * Merge pull request #30494 from keszybz/trivial-cleanups
  * Merge pull request #30518 from mrc0mmand/assorted-tweaks
  * Merge pull request #30491 from fbuihuu/vconsole-handle-kd-grahpics-mode
  * find-esp: add debugging log about failure in parsing env variable
  * time-util: make usleep_safe() return earlier if 0 is passed
  * signal-util: align table
  * Merge pull request #30493 from teknoraver/main
  * man: environment value -> udev property
  * userdb: fix typo
  * Merge pull request #30534 from yuwata/man-page-update-and-fix-typo
  * man: fix indentation
  * man,NEWS: mention that all previously assigned VLAN IDs are cleared
  * network/bridge-vlan: add debugging logs about set or removed VLAN IDs
  * Merge pull request #30525 from YHNdnzj/networkctl-mask
  * Merge pull request #30536 from yuwata/network-bridge-vlan-debugging-logs
  * Merge pull request #30537 from poettering/run-arg-service-type-fix
  * TEST-65-ANALYZE: only mount /usr if necessary
  * analyze-verify: verify all executables
  * Merge pull request #30543 from YHNdnzj/execute-cleanup
  * Merge pull request #30538 from poettering/ptyfwd-reset-color
  * network/neighbor: fix log message and comment
  * Merge pull request #30548 from yuwata/analyze-check-all-executables
  * network: also log drop-in config files
  * network/address: make Address= in [Network] support an empty string
  * test-network: use the main .network file
  * test-network: add test case of an empty string assignment for Address=
  * network/nexthop: drop dead code
  * network/nexthop: add several assertions related to nexthop ID
  * network/nexthop: fix wrong verification
  * network/nexthop: check if on-link is not enabled for group or blackhole nexthop
  * network/nexthop: drop conflicting [NextHop] sections
  * network/nexthop: cache requested nexthop IDs
  * network/nexthop: check if nexthop is really configured without ID
  * network: split out manager_clean_all() from manager_dirty_handler()
  * network: merge two post event sources
  * tree-wide: use hashmap_isempty() and friends
  * sd-journal: use FOREACH_ARRAY() at one more place
  * Merge pull request #30563 from poettering/socket-tweaks
  * Merge pull request #30564 from poettering/varlink-log-tweaks
  * Merge pull request #30567 from yuwata/hashmap_isempty
  * Merge pull request #30566 from poettering/varlink-inval-param
  * Merge pull request #30568 from poettering/creds-varlink
  * Merge pull request #30541 from yuwata/network-address-empty
  * Merge pull request #30553 from yuwata/network-post-event-source
  * systemctl: swap cached_id_map and cached_name_map
  * Merge pull request #30585 from YHNdnzj/isatty-handling
  * device-util: introduce device_in_subsystem() and device_is_devtype() helper functions
  * tree-wide: use device_in_subsystem() and device_is_devtype()
  * backlight: move validity check of max_brightness to get_max_brightness()
  * backlight: split out build_save_file_path()
  * backlight: split out device_new_from_arg()
  * backlight: split out read_saved_brightness()
  * backlight: use WRITE_STRING_FILE_MKDIR_0755 flag on save
  * backlight: split out verb_load() and verb_save(), then use dispatch_verb()
  * dhcp: cleanup headers included by dhcp-identifier.h
  * dhcp: introduce sd_dhcp_duid and move relevant functions to sd_dhcp_duid.[ch]
  * sd-dhcp6-client: introduce direct getter and setter of DUID
  * dhcp: introduce sd_dhcp_duid_to_string()
  * udev-manager: use ASSERT_PTR()
  * udev: handle event_timeout=infinity correctly
  * udev: refuse too short timeout value
  * udev-spawn: slightly adjust logs about timed out commands
  * sd-device: modernize device_update_db() and friends
  * sd-device: introduce device_has_db() helper function
  * TODO: fix typo
  * udev: use SD_EVENT_SIGNAL_PROCMASK
  * Merge pull request #30600 from dtardon/see-also-simplelist
  * Merge pull request #30603 from mrc0mmand/openssl-shenanigans
  * log: introduce a knob to make assert_return() critical
  * test: make assert_return() critical by default on fuzzer and unit tests
  * log: make assert_return() critical when -Dmode=developer
  * network: use json_variant_append_arrayb()
  * Merge pull request #30049 from yuwata/assert-return-critical
  * Merge pull request #30587 from mrc0mmand/test-stuff
  * Merge pull request #30604 from mrc0mmand/test-journal-shenanigans
  * systemctl: swap cached_id_map and cached_name_map at one more place
  * core/executor: use log level specified in LogLevelMax=
  * Merge pull request #30609 from YHNdnzj/analyze-fdstore
  * udev: call udev_watch_end() before udev_event_execute_rules()
  * udev: make UdevEvent take reference to UdevWorker
  * Merge pull request #30615 from dtardon/docbook-valid-1
  * Merge pull request #30620 from mrc0mmand/more-test-tweaks
  * sd-device: shorten code a big
  * coccinelle: convert hashmap_size() == 0 or friends
  * tree-wide: insert space after for and switch
  * tree-wide: drop space between variable and an increment/decrement
  * tree-wide: drop several doubled space
  * github: bump version in template
  * Merge pull request #30621 from yuwata/coccinelle
  * siphash24: introduce siphash24_compress_typesafe() macro
  * Merge pull request #30607 from dtardon/docbook-improvements
  * Merge pull request #30616 from dtardon/docbook-valid-2
  * Merge pull request #30628 from YHNdnzj/format-table-improvement
  * network/address: also drop reference for DHCP server address
  * network/address: move post-processes on address removal to address_drop()
  * network: use RET_GATHER() macro
  * Merge pull request #30633 from mrc0mmand/cocci-shenanigans
  * coccinelle: fix typo
  * Merge pull request #30639 from mrc0mmand/more-cocci-shenanigans
  * Merge pull request #30634 from dtardon/docbook-valid-3
  * Merge pull request #30641 from YHNdnzj/hibernation-device
  * Merge pull request #30643 from bluca/completion
  * network/address: unconditionally check if address is ready
  * Merge pull request #30649 from YHNdnzj/close-nointr-unnecessary
  * coccinelle: fix typo
  * coccinelle: re-indent comments
  * sd-journal: check sd-event state before setting up post change timer
  * test: add simple coverage tests for 'udevadm lock'
  * Merge pull request #30658 from jnohlgard/udevadm-lock-return-code
  * resolve: add several comments for DNS type table
  * resolve: DnsTransaction.scope may be NULL when dns_transaction_close_connection() is called
  * Merge pull request #30656 from mrc0mmand/dfuzzer-shenanigans
  * sd-journal: introduce cleanup function and hash ops for Directory
  * Merge pull request #30689 from mrc0mmand/even-more-cocci-tweaks
  * resolve: do not listen to IPv6 when disabled by sysctl
  * unit: order systemd-resolved after systemd-sysctl
  * sd-netlink: move definitions of RTA_TYPE() and RTA_FLAGS() to netlink-util.h
  * sd-netlink: introduce sd_rtnl_message_route_set_tos()
  * udev-spawn: refuse to spawn commands if the event already takes too long
  * udev-spawn: skip executing RUN= if exec_delay= is too long
  * udev: wait for an extra time before the manager kills workers
  * test: update test case for failed udev event
  * network/address: make address_remove() take Link object that the address assigned to
  * network/address: not necessary to remmber address before remove
  * network/address: introduce address_remove_and_cancel()
  * storagetm: always hash stat.st_mode
  * storagetm: fix use of wrong stat element
  * dhcp: introduce sd_dhcp_client_id and relevant functions
  * dhcp: move sd_dhcp_client_id_to_string() to sd-dhcp-client-id.[ch]
  * sd-dhcp-lease: use sd_dhcp_client_id
  * Merge pull request #30691 from yuwata/resolve-ipv6
  * network/queue: fix potential double-free on oom
  * network/route: drop TTL propagate support for MPLS routes
  * Merge pull request #30700 from yuwata/storagetm-fixlets
  * udev/dmi-memory-id: update table with latest SMBIOS specification
  * backlight: supprt ID_LEDS_CLAMP udev property for leds subsystem devices
  * Merge pull request #30702 from yuwata/sd-dhcp-client-id
  * sd-dhcp-server: use sd_dhcp_client_id
  * sd-dhcp-server: rename DHCPLease -> sd_dhcp_server_lease
  * resolve/mdns: do not append goodby packet entries to known answers section
  * Merge pull request #28836 from msekletar/aux-scope
  * conf-parser: expose config_section_{hash,compare}_func()
  * network/address: introduce ref/unref functions for Address object
  * network/neighbor: introduce ref/unref function for Neighbor object
  * network/nexthop: introduce ref/unref functions for NextHop object
  * sd-dhcp-server: verify address of static lease before use
  * sd-dhcp-server: check address conflict more carefully
  * sd-dhcp-server: do not forget previously assigned addresses on pool change
  * Merge pull request #30532 from yuwata/udev-extend-timeout-kill-worker
  * Merge pull request #30710 from YHNdnzj/logind-ret-gather
  * Merge pull request #28797 from Werkov/eff_limits
  * network/netdev: call done() per netdev kind before freeing netdev name or so
  * network/route: make the route section invalid when an invalid MTUBytes= is specified
  * Merge pull request #30610 from YHNdnzj/logind-serialize-pidref
  * Merge pull request #30739 from poettering/pam-util-many
  * network/queue: do not check if a request is ready multiple times in a single event
  * network/queue: stop processing requests when a new request is queued
  * test-network: show monotonic timestamp and drop hopstname from logs
  * test-network: merge three tests for neighbor
  * test-network: add test case about replacing nexthop
  * network/nexthop: refuse id == 0 earlier
  * network/nexthop: wait for requests for group members being processed
  * network/route: use nexthop_is_ready()
  * network: do not make the implied default have the first priority
  * TODO: fix typo
  * string-util: fix typo
  * core/dbus-manager: fix typo
  * login: noone -> no one
  * vpick: fix typo
  * man: fix typo
  * test: fix typo
  * network/address: also remove address on cancelling request
  * network/neighbor: also remove neighbor on cancelling request
  * network/nexthop: also remove nexthop on cancelling request
  * test-network: add test for removal of nexthops that we do not receive reply from the kernel
  * test: wait for verbose-success.service finished
  * Merge pull request #30790 from poettering/null-creds-allow-with-tpm
  * Merge pull request #30775 from yuwata/network-nexthop-is-ready
  * Merge pull request #30796 from mrc0mmand/journalctl-namespaces
  * udevadm: allow to override the default log level by environment variable
  * Merge pull request #30794 from poettering/parse-vsock-better
  * test-network: sync journal before read
  * test-network: use read_networkd_log() at one more place
  * test-network: introduce networkctl() and friends
  * test-network: do not call networkctl if networkd is in failed state
  * network/route: do not invalidate [Route] section when an empty string is assigned to MultiPathRoute=
  * network/route: rename n -> route in conf parsers
  * network/route: move several conf parsers to networkd-route-metric.c and networkd-route-nexthop.c
  * network/route-metric: pass attribute type to conf parsers
  * network/route-metric: unify error messages
  * network/link: always join to the main interface when we receive IFLA_MASTER attribute
  * Merge pull request #30803 from yuwata/network-route-parser-trivial-cleanups
  * network/route-metric: introduce RouteMetric
  * network/route-metric: manage uint32_t RTAX_XYZ attributes in the same way
  * network/route-metric: introduce DEFINE_CONFIG_PARSE_ROUTE_METRIC() macro
  * network/route-metric: use DEFINE_CONFIG_PARSE_ROUTE_METRIC() macro more
  * network/route-metric: invalidate [Route] section if an invalid string is specified
  * resolve: NSCOUNT of DNS query may not be zero
  * Merge pull request #30815 from yuwata/resolve-ixfr
  * virt: fix detection of avx2 and friends
  * Merge pull request #30837 from poettering/varlink-over-ssh
  * man: drop unexpected dot
  * virt: add Google Compute Engine support
  * man: fix indentation
  * udev/builtin: introduce udev_builtin_import_property() helper function
  * udev-builtin-path_id: drop redundant debugging logs
  * udev/net: do not set unapplied .link file name to ID_NET_LINK_FILE
  * udev/net: split out udev property assignment logic
  * udev: split out check that udev property can be updated
  * udev/net: introduce [Link] Property=, ImportProperty=, and UnsetProperty= settings
  * test: add test for [Link] Property= and friends
  * TODO: drop implemented feature
  * resolve: update rcode table and align enum definitions
  * resolve: cleanup dns_packet_ede_rcode()
  * resolve: several follow-ups for ac6844460ca1c01eaf2cb209ffa21c200d21a8f8
  * resolve: drop DNS_TRANSACTION_UPSTREAM_DNSSEC_FAILURE
  * test-network: add test case for MACAddress=none in .netdev and MACAddressPolicy=none in .link
  * resolve: several follow-ups for 9ca133e97a0c8795b1f293ccea4965b4ad1accc4.
  * resolvectl: use JSON_ALLOW_EXTENSIONS
  * resolve: introduce DNSSEC_UPSTREAM_FAILURE
  * resolve: also read EDE code and message from cached packet
  * resolve: make manager_monitor_send() take DnsQuery*
  * resolve: notify DNSSEC failure, EDE code, and EDE message
  * test-resolved-dummy-server: several modernization
  * sd-dhcp-client-id/duid: do not trigger assertion when invalid size is passed
  * json: introduce json_dispatch_byte_array_iovec() and json_dispatch_in_addr()
  * sd-dhcp-client-id: introduce json_dispatch_client_id()
  * network: fix Name= -> OriginalName= in the default .link files
  * Merge pull request #30887 from poettering/id128-no-legend
  * json: add trailing NUL byte in json_dispatch_byte_array_iovec()
  * sd-netlink: add trailing NUL byte for safety in sd_netlink_message_read_data()
  * Merge pull request #30893 from yuwata/add-trailing-NUL
  * Merge pull request #30867 from dtardon/udev-conf-dropins
  * network/queue: introduce RemoveRequest and relevant functions
  * network/address: forget address even if we could not remove it
  * network/neighbor: drop Neighbor object even if we fail to remove the neighbor
  * network/nexthop: drop NextHop object even if we fail to remove the nexthop
  * network/route: move two more conf parsers to networkd-route-nexthop.[ch]
  * network/route-nexthop: make GatewayOnLink= support an empty string
  * network/route: use specified error message
  * network/route: unconditionally call route_setup_timer() for managed routes
  * network/route: save if the route expiration is managed by the kernel
  * network/route: update expiration timer only when we know the route exists
  * network/dhcp4: use route_configure_handler_internal() at one more place
  * network/route-nexthop: always reset gateway address when _dhcp or friends is specified to Gateway=
  * network/ndisc: do not try to set too large value for ICMP ratelimting
  * Merge pull request #30908 from poettering/nsid
  * Merge pull request #30895 from yuwata/network-drop-object-even-on-fail
  * network/route: relocate route_type_is_reject() and friends
  * network/route: split out route_section_verify_nexthops()
  * wireguard: verify routes configured in .netdev file
  * Merge pull request #30916 from yuwata/network-route-section-verify
  * varlink/network: OnlineState may not be set
  * network/route-nexthop: split out netlink message handling for route nexthops
  * network/route-nexthop: split out route_nexthops_to_string()
  * network/route-nexthop: split out route_nexthops_is_ready_to_configure()
  * network/route-nexthop: do not update MultipathRoute object
  * network/route-nexthop: make multipath_route_get_link() take fallback link
  * network/route-nexthop: introduce struct RouteNextHop and replace MultipathRoute with it
  * network/route: also use RouteNextHop for managing gateway
  * network/route-nexthop: store ifindex of the assigned interface in Route.nexthop.ifindex
  * network/route: do not read RTA_OIF twice
  * network/link: shorten code a bit
  * network/link: automatically reconfigure interface on failure
  * test-network: try to flip interface state frequently
  * resolve: on_transaction_stream_error() may free multiple transactions
  * test-network: add simple test case for DHCP relay on bridge interface
  * network/route: relocate route_new() and friends
  * network/route: reorder elements in Route object and add comments
  * network/route: reorder setter called in route_set_netlink_message()
  * network/route: reorder getters in manager_rtnl_process_route()
  * network/route: trivial cosmetic changes
  * network/nexthop: reorder elements in NextHop
  * network/nexthop: read netlink message in nexthop_update_group()
  * network/nexthop: introduce a reverse map of nexthop group members
  * network/nexthop: drop dependent nexthops on removal
  * test-network: add test case for removal of nexthop that is a member of a group nexthop
  * Merge pull request #30851 from lnussel/kernel-install
  * network/route: introduce route_get_link() and use it in log_route_debug()
  * network/queue: increase the reference counter of the request before processing it
  * network/queue: detach request from the queue only when the request is actually queued
  * network/route: find/distinguish routes in the same way that the kernel uses
  * sd-network: introduce three helper functions for LinkOperationalState
  * sd-network: modernize parse_operational_state_range()
  * network: drop unnecessary temporary variables
  * network: several cleanups for LinkOperationalState
  * wait-online: several cleanups for LinkOperationalState
  * network: make 'carrier' as the default required operational state for CAN device
  * test-network: test the default required operational state for CAN devices
  * Merge pull request #30967 from yuwata/network-can-required-operstate-for-online
  * sd-netlink: fix rtnl_resolve_link_alternative_name()
  * network/route-nexthop: use RTA_MULTIPATH when weight is not zero
  * network/route-nexthop: introduce route_nexthops_copy()
  * network/route-nexthop: introduce route_adjust_nexthops() and route_nexthops_needs_adjust()
  * network: adjust nexthops of dynamic routes before requesting
  * network/route: introduce route_get_request()
  * Merge pull request #30975 from yuwata/network-route-several-helper-functions
  * network: use strdup_or_null() where appropriate
  * namespace-util: rename arguments to prefix 'ret_'
  * tree-wide: add short comments for namespace_open() and namespace_enter()
  * namespace-util: downgrade log level in userns_acquire()
  * process-util: introduce FORK_NEW_NETNS for safe_fork()
  * namespace-util: introduce netns_acquire()
  * udev-util: introduce reset_cached_udev_availability()
  * sd-device: introduce device_get_sysattr_u32()
  * sd-netlink: introduce rtnl_rename_link()
  * sd-netlink: add policy for NL80211_ATTR_NETNS_FD
  * nspawn-network: split out move_back_network_interfaces()
  * nspawn-network: split out move_network_interface_one()
  * nspawn-network: also check alternative names
  * nspawn-network: support passing wireless interface to container
  * test-13-NSPAWN: add more test case for passing network interfaces
  * network/route-nexthop: fix route_nexthop_copy()
  * network/route: convert route before requesting
  * network/route-nexthop: drop unnecessary link arguments
  * network/route: drop unnecessary ownership transfer
  * network/route-nexthop: configure as a simple gateway when MultipathRoute= is specified only once
  * network: fix typo
  * test-local-addresses: several modernization
  * local-addresses: rename metric -> priority
  * local-addresses: check family more
  * local-addresses: ignore tentative addresses
  * local-addresses: always sort and dedup even if addresses are not requested
  * local-addresses: fix memleak of 'multipath_routes'
  * local-addresses: RTA_OIF and RTA_MULTIPATH are exclusive
  * local-addresses: introduce generic setter add_local_addresses_full()
  * local-addresses: also save weight of multipath routes
  * local-addresses: introduce own parser for RTA_MULTIPATH
  * sd-netlink: drop unused parser for RTA_MULTIPATH
  * local-addresses: introduce has_local_address() helper function
  * test-local-addresses: add more test cases
  * network/route: update MTU of IPv6 route even if the kernel returns -EEXIST
  * Merge pull request #31015 from yuwata/local-addresses
  * test: add basic tests for PidRef
  * pidref: split out pidref_copy() from pidref_dup()
  * core: constify PidRef arguments
  * core: introduce unit_main_pid_full() which optionally provides if the PID is alien or not
  * core: use helper functions like unit_main_pid() in unit_kill_context()
  * unit: modernize unit_pid_set()
  * core/service: declare 'int r' at the beginning
  * core/exec-invoke: drop unused pam_pid
  * Merge pull request #31070 from yuwata/core-cleanups
  * network/route: manage all routes by Manager object
  * network/route: introduce route_remove_and_cancel()
  * network/route: introduce ref/unref functions for Route object
  * network/route: drop Route object even if we fail to remove the route
  * network/route: also remove route on cancelling request
  * network/route: introduce reverse map for route with nexthop ID
  * network/nexthop: drop dependent routes on removal
  * test-network: check if networkd forgets routes silently removed by the kernel
  * core/unit: split out unit_kill_context_one()
  * core/unit: split out unit_kill_one()
  * core: introduce unit_unwatch_pidref_done() helper function
  * Merge pull request #31083 from yuwata/core-several-cleanups
  * core/unit: update outdated comment
  * core/socket: introduce SOCKET_STATE_WITH_PROCESS() helper function
  * core/service: introduce SERVICE_STATE_WITH_{MAIN,CONTROL}_PROCESS()
  * sd-netlink: unify network interface name getter and resolvers
  * sd-device: use new interface name resolvers
  * nspawn: resolve network interface names before moving to container network namespace
  * varlink: add short comment that the log message is checked in test
  * core/exec-invoke: call pam_setcred(PAM_DELETE_CRED) after pam_close_session()
  * exec-invoke: update log message a bit
  * pam: do not warn closing bus connection which is opened after the fork
  * test: check pam warning message
  * TODO: fix typo
  * user-util: fix typo
  * cgroup-util: fix typo
  * core/unit: fix typo
  * repart: fix typo
  * network/ndisc: fix typo
  * tpm2-util: fix typo
  * local-addresses: fix typo
  * creds: fix typo
  * sd-bus: fix typo
  * sd-bus: fix typo
  * man: fix typo
  * man/creds: fix typo
  * test: fix typo
  * test-network: fix typo
  * Merge pull request #31166 from mrc0mmand/vpick-tweaks
  * Merge pull request #31032 from yuwata/pam-session-close
  * man: fix default behavior of RequiredFamilyForOnline=
  * network: adjust default RequiredForOnline= and RequiredFamilyForOnline= setting
  * wait-online: by default not all interface need to be online
  * network/address: do not configure with IFA_F_TENTATIVE
  * network: set 'removing' flag to remembered object
  * Merge pull request #31176 from yuwata/network-required-for-online
  * sd-ndisc: make sd_ndisc_router_dnssl_get_domains() return -EBADMSG when received invalid domain name
  * test: add short comment for RA message
  * network/ndisc: slightly adjust log messages
  * network/ndisc: sd_ndisc_router_get_{icmp6_ratelimit,retransmission_time}() should never fail
  * test: add test case for invalid DNSSL option
  * network/dhcp4: disable IPv6OnlyMode= by default
  * Merge pull request #31171 from yuwata/sd-ndisc-invalid-dnssl
  * network/ndisc: fix use-of-uninitialized-value on failure path
  * network/ndisc: drop onlink prefix route when on-link flag is zero
  * test: fix typo
  * nspawn: fix typo
  * dissect-image: fix typo
  * wait-online: split out get_state_range()
  * Merge pull request #31245 from yuwata/network-ndisc-adjust-log-messages
  * copy: do not ignore chattr_flags and friends passed to copy_file_atomic_full()
  * Merge pull request #31177 from yuwata/network-ndisc-on-link-zero
  * network: fix typo
  * network: do not bring down a bonding port interface when it is already joined
  * test-network: add test case for issue #31165
  * network: make Reload bus method synchronous
  * test: drop unnecessary sleep
  * Merge pull request #31247 from yuwata/network-make-reload-bus-method-synchronous
  * Merge pull request #31172 from yuwata/network-bond-port
  * man: fix typo
  * README: update link to CentOS CI
  * man: add missing "=" after setting name
  * sd-journal: drop duplicated tests in generic_array_bisect()
  * sd-journal: always put verified object into the chain cache
  * sd-journal: do not read unnecessary object
  * test: add tests for journal_file_next_entry()
  * systemctl: fix typo
  * Merge pull request #30260 from yuwata/sd-journal-cleanups
  * udev: introduce ID_PROCESSING=1 boolean property
  * udev-util: use device_get_property_bool() at one more place
  * udev-util: introduce device_is_processing() helper function
  * network: do not enter initialized state when the interface is being processed by udevd
  * Revert "test: temporarily disable test_sysctl"
  * sd-journal: cache last entry offset and journal file state
  * sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added
  * main-func: make _DEFINE_MAIN_FUNC() take short function
  * journalctl: call all cleanup functions before raise()
  * sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag
  * tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate
  * sd-journal: drop to use Hashmap to manage journal files per boot ID
  * logs-show: get timestamp and boot ID only when necessary
  * repart: fix typo
  * test: show error messages to stderr
  * Merge pull request #30138 from yuwata/udev-processing-flag
  * Merge pull request #30209 from yuwata/sd-journal-reduce-fstat
  * tools: fix typo
  * cryptsetup: fix typo
  * test: fix typo
  * test: fix typo
  * network/address: drop requirement of Address.link and .network in address_can_update()
  * network/dhcp6: use address_can_update() at one more place
  * network/ndisc: drop unnecessary ownership transfer
  * network/ndisc: check if there exists a conflicting address
  * core: allow to specify /dev/rfkill for ListenSpecial=
  * sd-journal: drop unused function prototype
  * Merge pull request #31314 from yuwata/network-ndisc-check-conflicting-address
  * test-network: allow to specify multiple interfaces to wait_online() without square bracket
  * network/ndisc: also drop SLAAC addresses and routes on reconfiguring
  * network: rename link_drop_managed_xyz() -> link_drop_static_xyz()
  * network/route: remove existing route if some property conflict with requested ones
  * network/ndisc: remove conflicting routes on configuring routes based on newly received RA
  * test-network: drop unnecessary IPv6SendRA=yes setting
  * test-network: add test case for removing conflicting routes
  * test-network: add test for advertised hop limit
  * login: fix typo
  * Merge pull request #31173 from yuwata/network-route-check-conflict
  * test-network: show interface status again when wait-online failed
  * sd-journal: shorten code a bit
  * sd-journal: use -EBADF for journal_file_open()
  * journal-file-util: drop unused template argument for journal_file_open_reliably()
  * sd-journal: fix potential memory leak
  * copy: rebreak comment and fix typo
  * vmspawn: fix alignment of merged initrd
  * test: fix cleanup function
  * log: reorder arguments of internal macro
  * fs-util: readlinkat() supports an empty string
  * chase: do not wrap xopenat() with RET_NERRNO()
  * chattr-util: fix error code
  * loop-util: fix error handling
  * fs-util: rename xopenat() -> xopanat_full()
  * copy: use xopenat() to make 'from' argument optional
  * test: add test for copying symlink with copy_tree_at()
  * journal-file-util: use the file descriptor of journal file on copy
  * Merge pull request #31331 from yuwata/xopenat
  * bsod: fix -c/--continuous support
  * stat-util: rebreak comment
  * stat-util: introduce {stat,fd}_verify_linked()
  * sd-journal: use stat_verify_linked()
  * copy: introduce COPY_VERIFY_LINKED flag
  * journal-file-util: use COPY_VERIFY_LINKED
  * Merge pull request #31338 from ssahani/network-bond-missed
  * core/cgroup: drop duplicated free()s
  * core/unit: fix superficial NULL-pointer dereference
  * resolve: name field may be NULL
  * network/dhcp6: deem DHCPv6 configuration to be finished even if no IA_NA is provided
  * network: do not request DHCP addresses configured on checking prefix delegation
  * test-network: split test_dhcp6pd() into small pieces
  * test-network: add one more test case for DHCP prefix delegation
  * Merge pull request #31362 from yuwata/network-fix-dhcp-pd-ready
  * Merge pull request #31318 from mrc0mmand/test-switch-to-btrfs
  * TODO: fix typo
  * core/exec: do not crash with UtmpMode=user without User= setting
  * pam-util: include cache ID of bus connection in the log message
  * sd-radv: fix potential buffer overflow
  * resolve: several follow-ups for resolving service via varlink
  * vconsole-setup: fix typo
  * home: fix typo
  * sd-ndisc: split sd-ndisc.h into small pieces
  * sd-ndisc: introduce sd_ndisc_is_running()
  * sd-ndisc: allow to call sd_ndisc_router_get_lifetime() with NULL for 'ret'
  * network/ndisc: drop configurations when received RA with zero lifetime
  * network/ndisc: ignore most fields of RA header when lifetime is zero
  * sd-ndisc: introduce sd_ndisc_router_get_reachable_time()
  * network/ndisc: set IPv6 neighbor reachable time
  * analyze: skip to check ExecCommand for .mount and .swap units
  * Merge pull request #31408 from mrc0mmand/verify-unit-files-v2
  * pam-util: add one more debugging log about sd-bus connection
  * pam_systemd_home: open sd-bus session when necessary
  * pam_systemd_home: always close already opened bus connection in open_session()
  * Merge pull request #31405 from yuwata/network-ndisc-reachable-time
  * network/json: use DUID obtained by sd_dhcp6_client_get_duid()
  * basic/linux: update kernel headers from v6.8-rc5
  * Merge pull request #31403 from yuwata/pam-sd-bus-session
  * Merge pull request #31425 from YHNdnzj/fd-util-followup
  * Merge pull request #31429 from poettering/pcrlock-hash-order-fix
  * d/t/upstream: skip qemu-only tests on ppc64el with upstream profile
  * test-network: use assertIn()
  * Merge pull request #31409 from ssahani/macvlan
  * sd-ndisc: disable timer event source only when a valid RA received
  * sd-ndisc: actually refuse RA message from null address
  * network: introduce per-interface IP forwarding settings
  * sd-dhcp,sd-ndisc: drop mistakenly set copyright
  * docs: fix typo
  * icmp6-util: merge icmp6_bind_router_{solicitation,advertisement}() into icmp6_bind()
  * sd-ndisc: several trivial cleanups
  * sd-radv: several cleanups
  * test: split out {dump,verify}_ra_message()
  * network: use FOREACH_STRING()
  * network/ndisc: drop all configurations without lifetime on stop
  * sd-ndisc: make callback takes arbitrary type of message
  * icmp6-util: make icmp6_receive() refuse packets without IPv6 sender address
  * in-addr-util: introduce in{4,6}_addr_is_multicast()
  * format-table: replace "(size_t) -1" with SIZE_MAX
  * network/varlink: downgrade log level about failure in getting netns ID
  * varlink/network: reindent methods
  * Merge pull request #31490 from yuwata/network-varlink-cleanups
  * network/ndisc: rename Network.ipv6_accept_ra -> Network.ndisc
  * network: fix use-after-free in {address,route}_remove_and_cancel()
  * sysext: fix typo
  * icmp6-packet: introduce ICMP6Packet and several relevant functions
  * sd-ndisc: introduce ndisc_option_parse() helper function
  * sd-ndisc: use ICMP6Packet and ndisc_option_parse()
  * sd-ndisc: ignore Router Advertisement messages sent by the same interface
  * test-network: fix typo
  * TODO: fix typo
  * cgroup-setup: clarify '<=' is evaluated earlier
  * network/ndisc: drop redundant sd_ndisc_router_get_icmp6_ratelimit()
  * Merge pull request #31492 from yuwata/icmp6-packet
  * network/varlink: add varlink method to get LLDP neighbors
  * networkctl: rename check_netns_match() -> varlink_connect_networkd()
  * networkctl: use varlink method to dump LLDP neighbors
  * network/lldp: do not save LLDP neighbors under /run/systemd
  * sd-lldp-rx: drop unused functions
  * test-network: add more test cases for LLDP
  * icmp6-packet: check the alignment of struct nd_opt_hdr for safety
  * sd-ndisc: use _packed_ attribute
  * sd-ndisc: drop unused sd_ndisc_router_get_raw()
  * Merge pull request #31555 from yuwata/sd-ndisc-trivial-cleanups
  * Merge pull request #31502 from yuwata/network-lldp-json
  * Merge pull request #31498 from ssahani/bond
  * man: fix typo
  * sd-lldp: fix assignment of capabilities in JSON output
  * test-network: check enabled capabilities in LLDP neighbors
  * fuzz-lldp-rx: fuzz lldp_rx_build_neighbors_json()
  * udev/net: fix ReceivePacketSteeringCPUMask=disable assignment
  * test-network: introduce udevadm() and friends
  * test-network: wait for the interface being processed by udevd
  * Merge pull request #31583 from yuwata/sd-lldp-json-follow-up
  * Merge pull request #31586 from YHNdnzj/progress-bar-minor-followup
  * sd-netlink: allow to call rtnl_get_link_info() without iftype and flags
  * meson: add missing dependency to libdl
  * resolve: fix typo
  * mkosi: fix typo
  * mkosi: fix typo
  * test-network: drop unused options and variables
  * test-network: copy system unit files from build or source directory
  * network/varlink: introduce io.systemd.Network.SetPersistentStorage method
  * networkctl: introduce "persistent-storage" command
  * test-network: add support for systemd-networkd-persistent-storage.service
  * dhcp-option: refuse control and non-UTF8 characters in string option
  * sd-dhcp-server: refuse invalid hostname in request
  * sd-dhcp-server-lease: move functions to build json format
  * time-util: expose map_clock_usec_internal() as map_clock_usec_raw()
  * sd-dhcp-server: also expose lease expiration timestamp in realtime
  * sd-dhcp-server: introduce sd_dhcp_server_set_lease_file() and dhcp_server_{save,load}_leases().
  * fuzz-dhcp-server: also test saving and loading lease file
  * network/dhcp-server: save leases in state directory
  * test-network: add test case for DHCP server lease file
  * Merge pull request #30021 from yuwata/dhcp-client-id-cleanups
  * Merge pull request #31716 from evverx/fuzz-lease-save-load
  * unit: sort option
  * unit: do not trigger automount for /boot and/or /efi
  * sd-ndisc: rename ndisc-protocol.[ch] -> ndisc-option.[ch]
  * ndisc-option: introduce generic NDisc option parser
  * sd-ndisc-router: use ndisc_parse_options() and friends to parse Router Advertisement
  * ndisc-option: drop unused function
  * sd-ndisc-router: introduce sd_ndisc_router_get_sender_mac()
  * sd-ndisc-router: adjust function names and type of returned value
  * network/varlink: return StorageReadOnly error
  * stat-util: fix typo
  * TODO: fix typo
  * ptyfwd: fix typo
  * Merge pull request #31754 from YHNdnzj/journal-fd-namespace
  * stat-util: expose fd_is_read_only_fs()
  * json: introduce json_dispatch_int8() and json_dispatch_uint8()
  * network: use link_start_dhcp4_server() at one more place
  * network: introduce link_requeue_request()
  * locale: use O_PATH directory fd and faccessat() in find_converted_keymap()
  * kbd-util: allow to override the default keymap directories
  * ptyfwd: do not erase line after NL
  * ptyfwd: drop redundant brackets
  * docs: fix typo
  * sd-dhcp-server: make sd_dhcp_server_set_lease_file() optionally take directory fd
  * sd-dhcp-server: rearrange the parser of the leases file
  * sd-dhcp-server: also save the server address and netmask to the leases file
  * network/address: acquire address in address_process_request()
  * network: pin file descriptor of persistent storage
  * network/varlink: return earlier from SetPersistentStorage method if nothing changed
  * network/dhcp-server: use the pinned fd of persistent storge
  * Merge pull request #31808 from keszybz/sundry-cleanups
  * units: use relative path
  * network/address: acquire address from DHCP server lease file
  * test-network: extend test case for DHCP server with null server address
  * test: fix typo
  * test-ndisc-rs: send Router Solicit message before sending test packet
  * ndisc-option: add a way to specify invalid or unsupported options
  * ndisc-option: introduce ndisc_send()
  * sd-ndisc: use sd_ndisc_option and ndisc_send()
  * icmp6-util: drop unused icmp6_send_router_solicitation()
  * icmp6-packet: expose icmp6_packet_get_header()
  * fuzz: test NDisc packet with more low level functions
  * network/varlink: pass file descriptor of state directory with SetPersistentStorage method
  * unit/network: use ProtectSystem=strict again
  * Merge pull request #31772 from yuwata/network-persistent-storage-use-fd
  * Merge pull request #31841 from AdrianVovk/homed-trivial
  * terminal-util: fix underlying with SYSTEMD_COLORS=no
  * Revert "test: temporarily adjust the default mount rate limit"
  * resolve: fix typo
  * resolve: fix typo
  * test: fix typo
  * journalctl: make --until work again with --after-cursor and --lines
  * test: add test case for issue #31776
  * Merge pull request #31875 from ml-/docs-fix-socket-section
  * Merge pull request #31862 from keszybz/add-strdup_to-helper
  * networkctl: use varlink_flush_close_unrefp()
  * network: set varlink description
  * varlink: use varlink_server_description()
  * Merge pull request #31880 from yuwata/network-varlink-trivial-cleanups
  * Merge pull request #31890 from YHNdnzj/ASSERT_PTR
  * Merge pull request #31892 from YHNdnzj/machinectl-minor-cleanup
  * sd-journal: introduce two helper functions for adding filter
  * Merge pull request #31900 from DaanDeMeyer/dissect
  * coredumpctl: use journal_add_match_pair()
  * coredumpctl: use strv_skip()
  * journal-gateway: use journal_add_match_pair() and add_match_boot_id()
  * networkctl: use journal_add_matchf() and journal_add_match_pair()
  * logs-show: use journal_add_matchf() and journal_add_match_pair()
  * Merge pull request #31938 from YHNdnzj/journalctl-facility
  * Merge pull request #31807 from yuwata/sd-ndisc-send
  * Merge pull request #31899 from yuwata/sd-journal-add-match
  * Merge pull request #31932 from bluca/coverity
  * ndisc-option: rename ndisc_option_get() -> ndisc_option_get_by_type()
  * ndisc-option: introduce ndisc_option_remove()
  * test: add test cases for systemd-analyze --global
  * test: add test cases for journalctl --facility=/--output=help
  * Merge pull request #31947 from yuwata/test-recently-fixed-issues
  * journalctl: merge three if blocks for seeking to the initial position
  * journalctl: use correct type for flags
  * journalctl: split journalctl.c into small pieces
  * journalctl-show: split out seek_journal()
  * sd-ndisc-protocol: list up all known options
  * ndisc-option: sort options in sent message
  * Merge pull request #31879 from yuwata/journalctl-split
  * journalctl-filter: modernize add_units()
  * journalctl-filter: several trivial cleanups
  * journalctl-filter: add missing sd_journal_add_conjunction()
  * journalctl-filter: several cleanups for add_matches()
  * sd-id128: move get_boot_id_for_machine() to id128-util.c
  * logs-show: read the current boot ID if nothing specified for add_match_boot_id()
  * Merge pull request #31960 from YHNdnzj/capsule-followup
  * Merge pull request #31959 from YHNdnzj/execute-pass-fds
  * Merge pull request #31951 from bluca/resolve_reload
  * home: fix typo
  * Merge pull request #31789 from jsitnicki/socket-pass-fds-to-exec
  * ndisc-option: add HomeAgent option support
  * sd-ndisc-router: introduce sd_ndisc_router_set_sender_address()
  * network/dhcp-server: introduce PersistLeases= setting
  * journalctl-authenticate: use is_dir() and refuse symlink for /var/log/journal
  * journalctl-authenticate: drop unnecessary safe_close()
  * journalctl-authenticate: use open_tmpfile_linkable() and link_tmpfile()
  * journalctl-authenticate: return earlier if we are not on a TTY
  * timedate: fix typo
  * Merge pull request #31985 from DaanDeMeyer/mkosi
  * network: fix typo
  * network: make [DHCPServer] in networkd.conf work
  * test-network: add test cases for PersistLeases=no
  * Merge pull request #31963 from yuwata/journalctl-authenticate-cleanups
  * Merge pull request #31989 from mrc0mmand/test-loop-dev-check
  * network/ndisc: NDisc Route option with 0 prefixlength is valid
  * network/ndisc: remove routes if lifetime is zero
  * network/radv: allow to announce prefix and route information with zero lifetime
  * udev-event: split out update_clone()
  * journalctl-filter: use add_match_boot_id() instead of add_match_this_boot()
  * ndisc-option: allow to set valid time of options
  * test: disable IPv6AcceptRA= for test network interfaces with static address
  * Merge pull request #31986 from YHNdnzj/suspend-mem-mode
  * udev: make udevadm test and test-builtin not destructive
  * Merge pull request #31998 from yuwata/udev-event-mode
  * core: align table
  * unit-def: append trailing comma for the last entry
  * udevadm-test: prettify test results
  * Merge pull request #32059 from bluca/doc
  * git-contrib: use 'git shortlog' command
  * Merge pull request #32060 from YHNdnzj/timespec-minor-cleanup
  * man/example: fix build failure of hwdb-usb-device.c
  * man/examples: use strerror() instead of %m
  * man/examples: fix sd- header path
  * sd-bus-vtable: add dummy macro to support compile without GNU extension
  * man/meson: add simple build test for example code
  * man/examples: set _GNU_SOURCE in source, rather than by compile option
  * Merge pull request #32043 from YHNdnzj/resume-clear-efi
  * Merge pull request #32072 from YHNdnzj/no-ellipsize
  * man/example: also build example code with C90
  * vmspawn: fix error code
  * udev-util: rename device_is_processing() -> device_is_processed()
  * tree-wide: use device_is_processed() more
  * tree-wide: refuse enumerated device with ID_PROCESSING=1
  * sd-ndisc: add basic support of Neighbor Advertisement message
  * test-ndisc: add basic tests for Neighbor Advertisement handling
  * netowrk/ndisc: drop NDisc configurations when received NA without Router flag
  * udevadm-test: insert missing line break
  * udev: do not update sysattr and sysctl value on testing
  * backlight: fix detection of multiple graphic cards
  * udevadm-test: also show security labels if specified
  * Merge pull request #31373 from yuwata/network-neighbor-advertisement
  * network/ndisc: remember the latest RA from the default router
  * sd-ndisc: add basic support of Redirect message
  * network/ndisc: add basic support for Redirect message
  * test: introduce a test executable to send NDisc message
  * test-network: add test cases for Redirect and Neighbor Advertisement message handling
  * nspawn: fix typo
  * dissect: fix typo
  * nsresourced: fix typo
  * mountfsd: fix typo
  * tree-wide: drop several remaining license headers
  * Merge pull request #31997 from yuwata/network-ndisc-zero-lifetime
  * network/dhcp-pd: split out dhcp_pd_request_address_one()
  * network/ndisc: allow to call ndisc_request_address() without sd_ndisc_router object
  * network/address-generation: expose IPv6Token and introduce new/ref/unref functions for the type
  * network/address: make Address object optionally take reference to IPv6Token
  * network/address-generation: also provide used tokens when generating address
  * network/address-generation: make generate_stable_private_address() optionally take the previously generated address
  * network/dhcp6: return earlier if no lease acquired
  * network/address-generation: regenerate IPv6 prefix stable address on conflict
  * test-network: add test case for regenerating prefix stable address on conflict
  * network: open persistent directory without O_PATH
  * network/varlink: fix error cause
  * basic/linux: update linux headers
  * basic/linux: copy magic.h to our source code tree
  * home,resize-fs: replace XFS_SB_MAGIC -> XFS_SUPER_MAGIC
  * basic/missing_magic: drop unnecessary entries and update comments
  * meson: use headers in our code base when checking filesystem table
  * po: update Japanese translation
  * network/setlink: adjust requested MTU when it is ready to set
  * network: always set IPv6 MTU when we detect the device MTU is changed
  * network/sysctl: round IPv6 MTU with the current device MTU rather than the maximum MTU
  * network/ndisc: set IPv6 MTU through sysctl
  * test-network: add test case for ndisc MTU option
  * Merge pull request #32191 from yuwata/network-persistent-storage-follow-ups
  * Merge pull request #32189 from mrc0mmand/test-tweaks
  * libsystemd-network: do not trigger assertion by sd_*_is_running() with NULL
  * Merge pull request #32202 from DaanDeMeyer/assert
  * network/ndisc: set provider address in caller
  * network/ndisc: fix updating valid lifetime of configured address
  * test: PROJECT_FILE macro cannot be used in generated code
  * network/ndisc: do not set per-route MTU and hop limit
  * network/ndisc: introduce ndisc_request_router_route()
  * network/ndisc: redirect routes do not have lifetime
  * network/ndisc: drop ndisc_request_redirect_route()
  * network/ndisc: split out ndisc_redirect_verify_sender()
  * network/ndisc: fix verification of sender of Redirect message
  * sd-ndisc-redirect: fix verification of target address
  * Merge pull request #32213 from yuwata/network-ndisc-redirect-fix-sender-address-verification
  * network/ndisc: do nothing for existing routes if on-link flag is zero
  * network/ndisc: drop onlink prefix when valid lifetime is zero
  * ndisc-option: also ignore Prefix Information option with multicast address
  * Merge pull request #32256 from YHNdnzj/network-close-and-replace
  * Merge pull request #32255 from YHNdnzj/strextendf
  * core: fix typo
  * network/ndisc: fix typo
  * homectl: realign table
  * home: wrap long line
  * journal: drop thousands separator in comment
  * tree-wide: insert missing space after comma
  * Merge pull request #32257 from yuwata/tree-wide-trivial-style-fixes
  * network/tc: fix stack overflow when dropping tclass or qdisc
  * test-network: add test for stack overflow in qdisc_drop() and tclass_drop()
  * Merge pull request #32194 from henryli001/lihl/add-defaultUseDomains-config
  * Merge pull request #32272 from DaanDeMeyer/volatile
  * dhcp6-network: constify arguments
  * libsystemd-network: make constant addresses type-safe
  * sd-ndisc: make ndisc_send() and icmp6_send() take struct in6_addr
  * Merge pull request #32271 from YHNdnzj/arch-man
  * Merge pull request #32263 from YHNdnzj/cg-read-pid
  * ndisc-option: add missing case
  * Merge pull request #32266 from yuwata/libsystemd-network-trivial-cleanups
  * dissect: refuse to use diskseq if ID_IGNORE_DISKSEQ=1 is specified
  * network-generator: rename NETWORKD_UNIT_... -> NETWORK_UNIT_...
  * creds-util: move pick_up_credentials() from network-generator
  * udevadm-control: check if control command really specified
  * udevadm-control: split out send_control_commands()
  * udevadm-control: add --load-credentials option
  * units: introduce systemd-udev-load-credentials.service
  * sd-radv: introduce sd_ndisc_router_solicit
  * sd-radv: use ICMP6Packet and sd_ndisc_router_solicit
  * test: add test for systemd-udev-load-credentials.service
  * Merge pull request #32267 from yuwata/sd-ndisc-router-solicit
  * sd-radv: set only basic information on stop
  * sd-radv: drop unnecessary argument
  * Merge pull request #32103 from yuwata/udev-load-credentials
  * NEWS: fix typo
  * network-generator: also copy drop-ins for networkd.conf from credential
  * test: add test case for network.conf.* credential
  * man: add missing drop-in directory
  * networkctl: allow to call 'networkctl cat' without arguments
  * test: add test case for 'networkctl cat' without arguments
  * network: fix use of wrong flag
  * Merge pull request #32297 from yuwata/networkctl-cat-without-args
  * Merge pull request #32294 from yuwata/network-generator-creds
  * Merge pull request #32303 from CodethinkLabs/push_down_disk_partitioning
  * Merge pull request #32300 from mrc0mmand/assorted-tweaks
  * sd-ndisc: disable one more timer event source
  * sd-ndisc: improve debugging logs
  * test: fix typo
  * fuzz-ndisc-rs: also test packets with sd-radv
  * string-util: use special_glyph() at one more place
  * Merge pull request #32318 from YHNdnzj/skip-leading-char
  * Merge pull request #32308 from yuwata/sd-ndisc-disable-timer-on-recv
  * sd-radv: refuse packet from the same interface
  * network/ndisc: disable Neighbor discovery client if RADV is enabled
  * test-network: drop trailing spaces
  * test-network: introduce check_networkd_log() helper function
  * test-network: add test case of RS sent by the same interface
  * man: fix wrong version info (#31949)
  * sd-device: introduce device_get_sysattr_unsigned_full()
  * blockdev-util: also read 'ext_range' sysattr to check if the partscan is enabled
  * Merge pull request #32249 from CodethinkLabs/vmspawn/predicatable_tap_names
  * Merge pull request #32192 from yuwata/part-scan
  * blockdev-util: fix typo
  * udev: fix assignment of ret_truncated
  * network: rename DHCPUseDomains -> UseDomains
  * network: move DNS related conf parsers to networkd-dns.[ch]
  * network: introduce link_get_use_domains()
  * network: introduce link_get_use_dns()
  * network: move NTP related conf parsers to networkd-ntp.[ch]
  * network: introduce link_get_use_ntp()
  * nspawn: align tables
  * nspawn: rename config_parse_timezone() -> config_parse_timezone_mode()
  * conf-parser: move config_parse_timezone() to conf-parser.[ch]
  * sd-radv: allow to modify RA header elements without stopping sd-radv
  * sd-radv: set router preference gracefully
  * Merge pull request #32290 from yuwata/network-conf-parser-cleanups
  * sd-radv: expose sd_radv_send()
  * sd-radv: reset timer on sending unsolicited RA
  * Merge pull request #32340 from YHNdnzj/wait-for-unit-cleanup
  * sd-event: rename argument for storing result
  * man: drop spurious version info for error code
  * sd-event: introduce sd_event_source_get_inotify_path()
  * sd-event,sd-journal: fix error handling of inotify_add_watch_fd()
  * network: introduce network- and protocol-independent default for UseDomains=
  * test-network: add test for global UseDomains= setting
  * sd-radv: shorten enumerated type definition
  * sd-radv: use sd_radv_is_running()
  * network/radv: sd-radv allows to update MAC address without stopping
  * sd-event: fix sd_event_source_get_inotify_path()
  * test: add test case for sd_journal_{get,seek,test}_cursor()
  * sd-journal: downgrade log message "Unused data (entry_offset==0)"
  * sd-radv: allow to configure reachable time in RA header
  * network/radv: introduce ReachableTimeSec= setting
  * man: slightly rephrase RetransmitSec= setting
  * test-network: add test for [IPv6SendRA] ReachableTimeSec= and RetransmitSec=
  * man: fix typo
  * sd-event: fix fd leak when fd is owned by IO event source
  * man: fix typo
  * man: fix typo
  * network/radv: verify [IPv6Prefix] section or friends in network_adjust_radv()
  * network/radv: warn about non-zero preference with zero lifetime
  * network/radv: drop unnecessary conditions
  * ukify: swap the ordering of config search paths
  * journal: do not rotate unrelated journal files when full or corrupted
  * Merge pull request #32438 from YHNdnzj/taint-cleanup
  * sd-radv: send RA on update in caller side
  * sd-radv: allow to send multiple routes or prefix64 that have intersection with others
  * in-addr-util: introduce in{4,6}_addr_prefix_intersect()
  * sd-radv: use in6_addr_prefix_intersect()
  * network/radv: merge two boolean flags for prefix into one
  * Merge pull request #32424 from yuwata/network-radv-cleanups
  * Merge pull request #32464 from YHNdnzj/journal-object-invocation-id
  * network/route: use our definitions of route preference
  * network/radv: rename pref64Prefix -> Prefix64
  * network/radv: use sd_ndisc_prefix and friends to manage prefixes and so on
  * run/run: fix invocation ID handling
  * test-journal-flush: use archived journal if possible
  * tree-wise: several cleanups for logging
  * core/exec-credential: update comment
  * systemctl: fix log message when glob patterns passed to disable command and friends
  * Merge pull request #32611 from DaanDeMeyer/qdisc
  * journald: make several functions static
  * journald: wait for journal files fsync()ed on Synchronize() varlink method
  * journald-audit: set _SOURCE_REALTIME_TIMESTAMP= field in server_dispatch_message()
  * journal: use STRLEN() and xsprintf()
  * sd-journal: verify monotonic timestamp before assigning result
  * logs-show: make output_timestamp_realtime() only take realtime timestamp
  * logs-show: adjust source timestamp with header timestamp
  * journal: explicitly sync namespaced journals before stopping socket units
  * logs-show: drop uid argument from add_matches_for_user_units()
  * logs-show: add missing strempty()
  * journalctl: several cleanups for parse_boot_descriptor()
  * time-util: define TIMESPEC_OMIT
  * core/service: shorten code a bit
  * vmspawn: trivial cleanups for start_systemd_journal_remote()
  * vmspawn: fix finding systemd-journal-remote binary
  * journalctl: split out journal_acquire_boot() from add_boot()
  * journalctl: fix --boot=0 with --file=- (from stdin)
  * logs-show: flush matches before and after finding boots
  * journalctl: fix support of --boot=ID±offset format
  * logs-show: fix stored timestamp when advance_older is true
  * logs-show: use GREEDY_REALLOC_APPEND()
  * journalctl: fail and show error message when no boot ID found
  * journalctl: make --list-boots support -n/--lines= option
  * test: add basic tests for in_addr_prefix_covers_full()
  * network/dhcp4: do not set gateway if DNS server or friends is in the acquired prefix
  * test-network: do not fail if macvlan module is not available
  * test-network: do not fail test_macvlan() with old kernel or ip command
  * test-network: do not fail when /etc/protocols does not exist
  * test: wait for network interface reconfigured after updating config
  * core/unit: use FOREACH_ELEMENT() to add dependencies for journal namespace instances
  * test-network: introduce --no-journal option
  * test-network: check existence of kernel bug
  * libcrypt-util: fix wrong errno value assignment
  * test-network: make link_exists() take multiple arguments
  * test-network: simplify and unify waiting loop
  * tree-wide: use LOG_PRI() and LOG_FAC()
  * test: introduce test cases for journal_ratelimit_test()
  * journal-rate-limit: add trailing comma in table
  * journal-rate-limit: make journal_ratelimit_group_free() return NULL
  * journal-rate-limit: use FOREACH_ELEMENT() and usec_add()
  * journal-rate-limit: rename variables
  * journal-rate-limit: introduce cleanup function for JournalRateLimitGroup
  * journal-rate-limit: split out journal_ratelimit_group_acquire()
  * journal-rate-limit: replace in-house management of JournalRateLimitGroup with OrderedHashmap
  * man: add v257 tag
  * hwdb: ID_INPUT_XYZ allows an empty string
  * TODO: fix typo
  * dlfcn-util: fix typo
  * man: fix typo
  * home: fix ownership of files copied from skelton directory
  * test: add tests for "homectl --skel"
  * systemctl: fix "applying zero offset to null pointer" UBSan error
  * pe-binary: .initrd section is optional for UKI
  * network/route: fix unexpected removal of routes for wireguard
  * test-network: use different destination from gateway
  * units: drop dependencies of soft-reboot.target from systemd-journald@.service
  * units: do not soft-reboot before soft-reboot.target reached
  * test: do not fill journal with "wait"
  * test: do not fill journal with diff
  * test: wait for partition processed by udevd
  * test: sync journal before reading journal
  * test: wait for slice unit being (de)activated
  * test: wait for partition device being processed by udevd
  * test: wait for sessions being closed
  * test: dynamically generate list of test cases
  * test: wait for underlying .device unit being active before invoking systemd-mount
  * units: add JobTimeoutAction= to exit.target and friends
  * man: mention soft-reboot in bootup(7)
  * core: refuse invalid emergency actions for SuccessAction= and friends in user service manager
  * man: refer FailureAction= and SuccessAction= for explaining allowed values in JobTimeoutAction=
  * install-file: make fs_make_very_read_only() static
  * Merge pull request #32909 from arthurzam/bash-v256
  * Merge pull request #32902 from yuwata/emergency-action-fixes
  * test: install modinfo to test image
  * test: wipe filesystem before moving to the next test case
  * test: sync journal before read
  * discover-image: update Image.read_only flag in image_read_only()
  * discover-image: also update Image.limit in image_set_limit()
  * machine: split out manager_acquire_image() from image_object_find()
  * machine: also acquire Image object from cache when a dbus method in the main interface is called
  * machine: fix use-after-free in Rename() DBus method
  * machine-id-setup: use empty_or_root()
  * machine-id-setup: acquire machine ID from /run/machine-id if possible
  * test: sync journal before starting test
  * test-network: split out setup_netdevsim()
  * test-network: also set custom altternative name for netdevsim interface
  * test: install more kernel modules for Fedora image
  * test: wait for partition device rather than the whole disk
  * test: call journalctl --sync just before reading journals
  * test: sync journal before read
  * btrfs-util: check current offset before read
  * test: extend timeout for DHCP/NDisc tests
  * test: stop container when it is not necessary anymore
  * test: also run some basic test cases on nspawn
  * test: wait for unit generated from /proc/self/mountinfo to be unloaded
  * test: wait for loop/backing_file attribute being removed
  * test: collect information about loopback device on failure
  * test: wait a bit before stopping/killing service
  * Merge pull request #32962 from bluca/suse_mod
  * Revert "test: wipe filesystem before moving to the next test case"
  * test: lock device during running cryptsetup
  * Merge pull request #32963 from yuwata/test-64-btrfs
  * test: replace journal checkers with journalctl --follow + grep -m
  * test: also flush and rotate journal before read
  * Revert "units: do not soft-reboot before soft-reboot.target reached"
  * man: swap the order of soft-reboot.service and .target
  * units: stop systemd-journald before systemd-soft-reboot.service
  * sd-ndisc: do not print "(null)" in the log message
  * machine-id-setup: use isempty() instead of empty_or_root()
  * man: update machine-id-setup(1)
  * machine-id-setup: update comment
  * test: applying timezone is asynchronous
  * journald: close runtime journal earlier
  * journald: log removal of runtime journal directories
  * journald: always unset flushed flag when the runtime journal is opened
  * unit: also stop systemd-journal-flush.service on soft-reboot
  * test: enable persistent storage for journal in TEST-82-SOFTREBOOT
  * NEWS: mention backward incompatibility of IP forwarding
  * cryptsetup: use TPM2_FLAGS_USE_PCRLOCK at one more place
  * cryptenroll: do not pass an empty pcrlock policy
  * cryptenroll: upgrade log level of critical failure
  * test: use SYSLOG_IDENTIFIER= filter instead of "journalctl -u"
  * blockdev-util: also check newer value of GENHD_FL_NO_PART flag
  * blockdev-util: also check loop/partscan sysattr
  * Merge pull request #33016 from YHNdnzj/transient-working-dir
  * missing_loop: fix potential compile-time assertion
  * missing_loop.h: fix LOOP_SET_STATUS_SETTABLE_FLAGS
  * test: wait for the kernel finishes to attach backing file to loop device
  * test: suppress logs generated by journal tests
  * test: lock device when sfdisk or mkfs
  * test-network: tun/tap fd may be owned by tentative worker processes
  * test-network: update comment about status of kernel regression
  * man: mention that IPMasquerade= and IPv6SendRA= implies IPv4Forwarding=/IPv6Forwarding=
  * Merge pull request #33093 from YHNdnzj/freezer-util
  * test: lock device on sfdisk or mkfs, and extend timeout
  * test: make it sure that devices are processed by udevd before running subtests
  * test: optionally allow to disable user service manager, and disable it on TEST-64
  * networkd-test: first wait for interface being configured
  * man: fix typo
  * network: drop period from the message title
  * po: update systemd.pot and Japanese Translation
  * test-network: add missing sleep()
  * Merge pull request #33139 from weblate/weblate-systemd-main
  * test: sync journal in short-living services
  * test: reduce number of 'systemctl daemon-reload' a bit
  * test: exit earlier when cgroup user xattr is not supported
  * test-async: wait a while for fd to be closed
  * test-async: also check if the directory is removed
  * Merge pull request #33168 from weblate/weblate-systemd-main
  * test-network: generate debugging logs of networkd-persistent-storage.service
  * test-network: flush stream buffer and journals before/after running test
  * test-network: show PID and Invocation ID of networkd
  * test-network: introduce a .network file to protect existing interfaces
  * network/route: fix condition in route_can_update()
  * network/ndisc: use router lifetime as one for redirect route
  * login: re-used -> reused
  * homed: fix typo
  * shell-completion: update bash-completion for udevadm
  * shell-completion: update bash completion for networkctl
  * test-network: wait a while for addresses to be dropped
  * debian/extra/network: use NamePolicy=mac only when ID_NET_NAME_MAC is set
  * shared: fix typo: dito -> ditto
  * sd-dhcp-server: clear buffer before receive
  * udev: rewrite token_match_attr() to make it easier for Coverity to understand
  * strbuf: several cleanups for strbuf_add_string()
  * strbuf: make length for strbuf_add_string() optional
  * Merge pull request #32603 from YHNdnzj/install-basename
  * Merge pull request #32720 from poettering/hostnamed-no-varlink-exit-on-idle
  * Merge pull request #32847 from YHNdnzj/exitrd
  * core: invoke_main_loop() does not return MANAGER_RELOAD
  * Merge pull request #32933 from YHNdnzj/faccessat-empty-path
  * Merge pull request #32972 from keszybz/small-cleanups
  * Merge pull request #33071 from keszybz/sd_event_source-cleanup
  * Merge pull request #33074 from keszybz/bpf-fd-handling
  * Merge pull request #32805 from YHNdnzj/no-cred-mount-unit
  * Merge pull request #32961 from YHNdnzj/starttime-main
  * Reapply "network: add "mac" to alternatives name policy by default"
  * core/mount: suffix function name with paren
  * json: const char *func() -> const char* func()
  * test-network: mention that the captive portal option is supported since v2.20
  * strv: introduce strv_sort_uniq()
  * strbuf: use CMP() macro
  * strbuf: several cleanups
  * strbuf: use _cleanup_ attribute at one more place
  * tree-wide: replace strv_sort() + strv_uniq() -> strv_sort_uniq()
  * catalog: fix typo
  * varlink-idl: fix typo
  * logs-show: do not use _SOURCE_MONOTONIC_TIMESTAMP field
  * sd-journal: realign flags
  * journal: introduce _SOURCE_BOOTTIME_TIMESTAMP field
  * logs-show: use _SOURCE_MONOTONIC_TIMESTAMP when _SOURCE_BOOTTIME_TIMESTAMP field exists
  * strv: replace always-true condition with assertion
  * Merge pull request #33391 from YHNdnzj/runtime-dir-cleanup
  * varlink-idl: allow unbalanced quote and trailing backslash in comment
  * journal: drop mapping from CLOCK_BOOTTIME -> CLOCK_MONOTONIC
  * Revert "logs-show: use _SOURCE_MONOTONIC_TIMESTAMP when _SOURCE_BOOTTIME_TIMESTAMP field exists"
  * man: drop reference to _SOURCE_MONOTONIC_TIMESTAMP=
  * basic/linux: update kernel headers from v6.10-rc3
  * missing: drop BCACHEFS_SUPER_MAGIC as it is now defined in linux/magic.h
  * core: drop unnecessary auto_fs4.h inclusion
  * Merge pull request #32868 from keszybz/more-whomification
  * Merge pull request #33034 from yuwata/update-kernel-headers
  * Merge pull request #33410 from poettering/sd-json-log-level-clean-up
  * core/namespace: ensure private tmpfs is mounted earlier
  * Merge pull request #33419 from YHNdnzj/install-report-symlink
  * Merge pull request #33420 from poettering/build-with-object
  * Merge pull request #33426 from aafeijoo-suse/conf-parser-parse-size-log
  * Merge pull request #33424 from poettering/machined-gc-rework
  * Merge pull request #33408 from poettering/install-change-fix
  * Merge pull request #33439 from YHNdnzj/private-tmp-followup
  * terminal-util: use colon as separator for specifying color
  * terminal-util: merge COLOR_ON with COLOR_24BIT
  * terminal-util: several cleanups for ColorMode
  * network/ndisc: do not override conflicting static routes
  * network/ndisc: do not remove static routes when received RA with zero lifetime
  * test-network: check if static routes not overridden by NDisc routes
  * Merge pull request #33466 from YHNdnzj/open-file-graceful-log
  * seccomp-util: split out seccomp_filter_set_add_by_name()
  * core: use write() to send handoff timestamp
  * core: do not filter out write() if required in the very late stage
  * test-execute: add a test case for issue #33299
  * network/ndisc: fix spurious log messages
  * nspawn: remove macvlan interfaces before network namespace died
  * network: do not bring down bound interfaces immediately
  * network/ipv4acd: manage ACD engines with Address object
  * network: make link_get_address() provide matching address with peer
  * test-network: add test case for preferred source with peer
  * network: call link_handle_bound_by_list() before trying to reconfigure interface
  * network: shorten code a bit
  * Merge pull request #33875 from yuwata/network-link-get-address
  * Merge pull request #33878 from yuwata/network-bind-carrier
  * network: request non-NULL SSID when a wlan interface is configured as station
  * network: mention that IPv4 ACD is enabled by default for 169.254.0.0/16
  * NEWS: mention that udevadm test and test-builtin are now non-destructive
  * man: suggest to enable global IPv6Forwarding= setting to make IPv6 packets forwarded
  * logs-show: rename BootId -> LogId
  * journalctl: update log messages
  * journalctl: split out show_log_ids() from action_list_boots()
  * use int64_t for index in show_log_ids()
  * logs-show: introduce several helper functions
  * logs-show: extend journal_get_boots() and friends to find invocation IDs
  * journalctl: add --list-invocations command and -I/--invocation options
  * test: add test for journalctl --list-invocations and --invocation=
  * Merge pull request #32448 from yuwata/journalctl-current-invocation
  * Merge pull request #33888 from YHNdnzj/followups
  * journalctl: fix compile error on i386
  * test: resolve "Unchecked return value" coverity warning
  * test: resolve "Unchecked return value" coverity warning
  * vmspawn: check overflow earlier
  * test: resolve "Unchecked return value" coverity warning
  * test: use ASSERT_OK_ERRNO() for setenv() and unsetenv()
  * import: check overflow
  * socket-util: introduce netlink_socket_get_multicast_groups()
  * test: modernize test-sd-device-monitor.c
  * sd-device-monitor: replace -1 with -EBADF
  * sd-device-monitor: bind socket in device_monitor_new_full()
  * sd-device-monitor: introduce sd_device_monitor_is_running()
  * sd-device: allow to restart device monitor
  * sd-device-monitor: introduce device_monitor_get_address()
  * udev: manage only socket address of device monitor
  * sd-device-monitor: remove device_monitor_disconnect()
  * sd-device-monitor: make device_monitor_receive_device() always initialize ret on success
  * sd-device-monitor: expose low-level functions
  * sd-device-monitor: rename device_monitor_send_device() -> device_monitor_send()
  * test: add test case for restarting device monitor
  * Merge pull request #33876 from dbnicholson/firstboot-root-creds-only
  * Merge pull request #33032 from yuwata/sd-device-monitor-low-level-api
  * localectl: introduce -l/--full option
  * Merge pull request #33913 from berrange/cvm-s390x
  * man/net-naming-scheme: add missing period
  * man: fix typo
  * mkosi: fix typo
  * cgroup-util: fix typo
  * boot: fix typo
  * core/execute: fix typo
  * login: fix typo
  * import: fix typo
  * udevadm: fix typo
  * ukify: fix typo
  * vmspawn: fix typo
  * man: extend explanation for ConfigureWithoutCarrier= in systemd.network(5)
  * man/net-naming-scheme: mention that NAMING_BRIDGE_MULTIFUNCTION_SLOT is reverted
  * Merge pull request #33911 from YHNdnzj/cgroup-setup-cleanup
  * creds-util: fix typo
  * core: make ImportCredentialEx= DBus property support without renaming
  * test: a credential can be imported multiple times with different names
  * core: refuse credentials with invalid names matching with glob
  * Merge pull request #33925 from YHNdnzj/exec-serialize-path-escape
  * systemctl: refuse --capsule=foo with --system
  * syscall-list: update syscall tables
  * seccomp: list fstatat, newfstat, and llseek
  * basic/linux: update kernel headers from v6.11-rc1
  * sd-event: change error code -EINVAL -> -EIO
  * network: split out core logic route_type_is_reject()
  * resolve: voidify unused result of function call
  * resolve: refuse invalid service without type field
  * udevadm-info: trival cleanups
  * journal: do not rotate journal when MaxRetentionSec= is set
  * journal: comment the default value in journald.conf
  * journal: set flushed flag even if we fail to open runtime journals
  * udevadm-info: support json output for --attribute-walk
  * network/dhcp-pd: allow to customize route type for delegated prefix
  * test-network: add test case for UnassignedSubnetPolicy=
  * systemctl: gracefully adjust bus transport and runtime scope when --boot-loader-entry=help
  * Merge pull request #33941 from yuwata/network-dhcp-pd-route-type
  * Merge pull request #33933 from yuwata/systemctl-bus-transport-and-runtime-scope
  * meson: enable -Wunterminated-string-initialization
  * test: modernize test-network-generator
  * test: add one more test case without hostname
  * network-generator: vlan= can be specified multiple times
  * network-generator: allow to create bridge or friends without slave interfaces
  * network-generator: parse vlan ID from vlan interface name
  * network-generator: trivial cleanups
  * network-generator: introduce network_acquire() and netdev_acquire()
  * network-generator: use network_acquire() at more places
  * network-generator: use extract_first_word()
  * network-generator: ignore kernel command line without value
  * network-generator: drop wrong warning for rd.peerdns without value
  * run: drop unnecessary initializations
  * sd-json: add sd_json_variant_set_field_id128() and _uuid()
  * run: use sd_json_variant_set_field_id128()
  * test: add ASSERT_OK_POSITIVE() and ASSERT_OK_ZERO()
  * test: replace ASSERT_TRUE() for dns_cache_lookup() with ASSERT_OK_POSITIVE()
  * test: modernize test-journal-interleaving
  * sd-journal: fix sd_journal_seek_monotonic_usec()
  * test: add test cases for sd_journal_seek_realtime_usec() and sd_journal_seek_monotonic_usec()
  * sd-journal: add trailing comma
  * sd-journal: drop unnecessary temporal variable 'k'
  * sd-journal: swap condition to reduce indentation
  * sd-journal: rename offset -> ret_offset
  * Merge pull request #32067 from ssahani/bareudp1
  * Merge pull request #33955 from yuwata/sd-journal-fix-sd_journal_seek_monotonic_usec
  * test: remove temporary directory on success
  * test: remove temporary directory for test-ukify on success
  * test: sync journal after all invocations finished
  * Merge pull request #34000 from yuwata/test-remove-temporary-directories
  * test: fix typo
  * sd-lldp-tx: insert missing empty line
  * network/lldp-tx: introduce link_lldp_tx_update_capabilities()
  * network: make IPMasquerade= imply global IP forwarding settings again
  * test: allow to skip matrix_run_one() if $TEST_MATCH_TESTCASE is set
  * network/wireguard: introduce [WireGuardPeer] PublicKeyFile=
  * test: add test case that 'nspawn --network-veth' enables IP forwarding
  * network: refuse files under API VFS specified in PrivateKeyFile= and friends
  * analyze: introduce --instance= option to control instance name for template units
  * Merge pull request #34020 from YHNdnzj/cred-no-mountover
  * Merge pull request #34022 from YHNdnzj/unit-is-filtered
  * Merge pull request #34025 from YHNdnzj/edit-util-wrong-place
  * networkctl: enable interactive authentication for dbus method call
  * networkctl: introduce --no-ask-password option
  * resolvectl: enable interactive authentication for dbus method call
  * resolvectl: introduce --no-ask-password option
  * resolvectl: several coding style cleanups
  * resolvectl: acquire DBus connection only when necessary
  * sd-varlink: allow to dispatch method again on pending-method-more state
  * resolve: support polkit authentication for io.systemd.Resolve.Monitor
  * resolve: inherit server userdata
  * timedatectl: enable interactive authentication for DBus methods
  * tree-wide: voidify polkit_agent_open_if_enabled()
  * timedatectl: drop unnecessary temporal variables
  * mount: use sd_bus_set_allow_interactive_authorization()
  * run: use sd_bus_set_allow_interactive_authorization()
  * run: also enable interactive authentication on opening pty
  * network/routing-policy-rule: update hash and compare function for fib rule
  * network/routing-policy-rule: reorder elements of RoutingPolicyRule and add comments
  * network/routing-policy-rule: use int32_t for suppress_prefixlen
  * network/routing-policy-rule: manage all flags
  * network/routing-policy-rule: introduce ref and unref functions for RoutingPolicyRule
  * network/routing-policy-rule: drop unused argument
  * test-network: make kernel send NA with router flag
  * Merge pull request #34044 from poettering/isatty-fixes
  * network/routing-policy-rule: do not modify RountingPolicyRule objects managed by Manager or Network
  * network/routing-policy-rule: add trailing period to the log message
  * network/address-label: introduce custom hash_ops
  * network/address-label: several cleanups for conf parsers
  * network/address-label: split out address_label_fill_message()
  * network/queue: introduce manager_queue_request_full()
  * network/address-label: allow to configure IPv6 address label in networkd.conf
  * network/routing-policy-rule: skip requesting when rule is already requested
  * network/routing-policy-rule: do not save rule to Manager before it is configured
  * network/routing-policy-rule: anyway detach rule even when we fail to remove it
  * network/routing-policy-rule: remove rules that have conflicting flags
  * sd-netlink: introduce sd_netlink_message_read_u64()
  * network/routing-policy-rule: also manage remaining attributes
  * network/routing-policy-rule: support all known type of rule
  * test-network: do not pass '[detached]' to 'ip rule del'
  * test-network: add tests for Type=table, goto, and nop
  * test-network: add test for ManageForeignRoutingPolicyRules=
  * Merge pull request #34018 from yuwata/network-address-label
  * network: introduce reconfigure_data_free() and _freep()
  * network: enter initialized state when the interface will be reconfigured
  * network: log and enter failed state in link_reconfigure()
  * sd-dhcp-client: do not call callback with SD_DHCP_CLIENT_EVENT_STOP if already stopped
  * sd-dhcp-client: refuse to send RELEASE or friends gracefully when the daemon is stopped or so
  * sd-dhcp-client: stop client without calling notification after sending RELEASE
  * sd-dhcp-client: actually restart daemon after sending DECLINE message
  * network/ipv4acd: adjust comment and logging
  * networkctl: split networkctl.c into small pieces
  * Merge pull request #34054 from yuwata/network-failed-state
  * Merge pull request #34055 from whot/wip/eviocrevoke-warnings
  * network/routing-policy-rule: use address family of existing rule when judging if existing rule can be updated
  * test-network: find routing policy rule by priority
  * test-network: also test routing policy rules are configured as expected after reconfiguration
  * hwdb: rename hwdb_bin_paths -> HWDB_BIN_PATHS
  * Merge pull request #34053 from YHNdnzj/follow-ups
  * po: update Japanese translations
  * polkit: add missing period in messages
  * po: update Japanese translations
  * Merge pull request #34072 from yuwata/networkd-routing-policy-rule-follow-up
  * labeler: add more rules
  * Merge pull request #34079 from AdrianVovk/sysupdate-fixups
  * Merge pull request #34051 from rpigott/resolved-demote-fallback
  * Merge pull request #34097 from YHNdnzj/journal-browse-prepare
  * Merge pull request #34096 from YHNdnzj/logind-followup-256
  * Merge pull request #34092 from poettering/ambient-caps-fixup
  * Merge pull request #34087 from DaanDeMeyer/nspawn-init-revert
  * test: use ASSERT_EQ_ID128() and ASSERT_NE_ID128()
  * udev/net_id: move naming scheme check
  * udev/net_id: update log messages
  * udevadm/test,test-builtin: enable debugging logs by default again
  * Merge pull request #34102 from yuwata/udev-net_id
  * Merge pull request #34108 from mrc0mmand/update-translation-files
  * updatectl: fix typo and drop space in empty lines
  * labeler: support varlink tag
  * network/routing-policy-rule: sort conf-parser prototypes
  * network/routing-policy-rule: add more assertions
  * network/routing-policy-rule: read FRA_PROTOCOL afer reading other properties
  * test-network: check one more rule we configure
  * conf-parser: introduce log_section_full_errno() and friends
  * network/routing-policy-rule: use log_section_warning_errno()
  * Merge pull request #34110 from yuwata/network-routing-policy-cleanups
  * Merge pull request #34111 from yuwata/log_section_full_errno
  * Merge pull request #34115 from weblate/weblate-systemd-main
  * network/routing-policy-rule: rename n -> rule
  * network/routing-policy-rule: trivial cleanups for conf-parsers
  * network/routing-policy-rule: merge two conf parsers
  * parse-util: drop unused parse_ip_prefix_length()
  * conf-parser: return 1 on success
  * conf-parser: introduce config_parse_uint32_flag()
  * conf-parser: move config_parse_ip_protocol() from network/netdev/fou-tunnel.c
  * network/routing-policy-rule: introduce a generic conf-parser for [RoutingPolicyRule] sectin
  * network/routing-policy-rule: use config_parse_routing_policy_rule() more
  * Merge pull request #34120 from weblate/weblate-systemd-main
  * man: reword about default route for DNS traffic
  * resolvectl: make enum name consistent with the option name
  * resolvconf: clear domains if nothing specified
  * resolvconf: disable default route when -p is specified
  * test: add more test cases for resolvconf
  * NEWS: mention "resolvconf -p"
  * Merge pull request #34124 from YHNdnzj/socket-accept-name
  * sd-device: make sd_device_get_devtype() return 0 on success again
  * sd-device: refuse earlier when too long ifname is passed to sd_device_new_from_ifname()
  * sd-device: introduce sd_device_get_driver_subsystem()
  * sd-device: make device_get_device_id() public
  * sd-device: make sd_device_new_from_subsystem_sysname() stricter
  * udevadm/info: also show driver subsystem and device ID
  * sd-varlink: make the argument type consistent with header
  * test: use more suitable assertions
  * sd-device-monitor: introduce sd_device_monitor_get_events() and _get_timeout()
  * Merge pull request #34139 from yuwata/sd-device-monitor
  * Merge pull request #34123 from yuwata/sd-device
  * Merge pull request #34160 from weblate/weblate-systemd-main
  * test: add test for GetUnitByPID() D-Bus method
  * hwdb: add entry for Dell AlpsPS/2 ALPS DualPoint TouchPad
  * Merge pull request #34189 from poettering/cryptenroll-slot-fix
  * man: fix typo
  * Merge pull request #34198 from AdrianVovk/updatectl-bugfixes
  * labeler: set network label when tests for networkd or friends are updated
  * test-network: use the same MTU bytes for veth interfaces
  * network/route: also show weight of gateway in debugging logs
  * network/route: also update source, status, and so on EEXIST
  * network/route: fix adjustment of nexthop weight
  * network/route: fix typo
  * conf-parser: fix memleak in config_parse_calendar()
  * conf-parser: make config_parse_strv() stricter and optionally drop duplicated entries
  * test: modernize test-conf-parser.c
  * test: modernize test-networkd-conf
  * log: introduce log_syntax_parse_error()
  * log: protect errno from log_syntax_invalid_utf8_internal()
  * tree-wide: drop msg argument for DEFINE_CONFIG_PARSE() macro and friends
  * conf-parser: several cleanups for DEFINE_CONFIG_PARSE_ENUMV() macro
  * conf-parser: use log_syntax_parse_error() and friends more
  * network/qdisc: introduce qdisc_ref() and qdisc_unref()
  * network/tclass: introduce tclass_ref() and tclass_unref()
  * network/neighbor: skip requesting neighbor if it is already requested
  * network/qdisc: skip requesting qdisc if it is already requested
  * network/tclass: skip requesting tclass if it is already requested
  * network/qdisc: make qdisc_drop() static
  * network/tclass: make tclass_drop() static
  * network/qdisc: do not save qdisc to Link before it is configured
  * network/tclass: do not save tclass to Link before it is configured
  * Merge pull request #34140 from yuwata/conf-parser-log-message
  * pretty-print: rename {draw,clear}_progress_bar_unbuffered() -> {draw,clear}_progress_bar_impl()
  * pretty-print: introduce WITH_BUFFERED_STDERR macro to enable buffering
  * resolve: fix typo
  * Merge pull request #34212 from YHNdnzj/recvmsg-safe-trunc
  * test: add test cases of "systemctl cat" for nonexistent units
  * Merge pull request #34090 from DaanDeMeyer/cow-fix
  * man: ARP=no also disables IPv6 Neighbor Discovery Protocol
  * repart: initialize seed earlier
  * test: add test case for systemd-repart --seed=random
  * test: fix indentation
  * Merge pull request #34261 from yuwata/repart-seed-random
  * Merge pull request #34155 from poettering/gmtime-safe
  * timesync: downgrade log level about network configuration change
  * timesync: make manager_is_connected() static
  * conf-parser: introduce config section parser wrapper
  * network/address-label: introduce generic conf parser for [IPv6AddressLabel] section
  * network/address-label: use log_section_warning_errno()
  * network: align table in network-gperf
  * conf-parser: introduce config_parse_uint32_invert_flag()
  * firewall-util: several cleanups for config_parse_nft_set()
  * network/address: introduce generic config parser for [Address] section
  * network/address: use generic section parser more
  * network/address: use log_section_warning()
  * Merge pull request #34267 from DaanDeMeyer/script
  * Merge pull request #34203 from yuwata/network-conf-parser
  * mount-util: wrap long line
  * base-filesystem: use FOREACH_ELEMENT()
  * nspawn: fix indentation
  * test: fix copy-and-paste error in comment
  * nspawn: use strv_extend() and friends to build directories passed to remount_idmap()
  * nspawn: mount /var/ after remount_idmap() when --volatile=state
  * nspawn: only remount /usr/ with idmap when --volatile=yes
  * test: add test cases for --volatile= with -U
  * nspawn: refuse to bind mount device node from host when --private-users= is specified
  * sd-netlink: fix typo
  * ask-password: refuse empty password strv
  * tree-wide: check if non-empty password is acquired
  * network/route: ignore EEXIST reply when the corresponding request is already detached
  * Merge pull request #34295 from poettering/uki-with-many-ukify
  * network/route: fix typo
  * man/varlinkctl: fix typo
  * NEWS: fix typo
  * linux: import more network related headers from v6.11-rc6
  * arphrd-list: use imported linux/if_arp.h
  * missing_network: drop unnecessary definition
  * missing_socket: drop unnecessary definitions
  * Merge pull request #34067 from LukeShu/lukeshu/nspawn-fuse
  * Merge pull request #34307 from yuwata/linux-more-network-headers
  * nspawn: sync DeviceAllow= setting with systemd-nspawn@.service
  * nspawn: use ERRNO_IS_NEG_NOT_SUPPORTED() at one more place
  * Merge pull request #34336 from yuwata/nspawn-fuse-follow-ups
  * Merge pull request #34318 from YHNdnzj/networkctl-edit-if-netdev
  * network/netdev: also check ifindex, iftype, and kind when assigning NetDev to Link
  * network/route: use NetDev object assigned to Link
  * network/netdev: check family of received NEWLINK message
  * network/netdev: downgrade log level in netdev_set_ifindex()
  * network/netdev: use hashmap_remove_value() on detaching NetDev from manager
  * network/netdev: split out netdev_attach() and netdev_attach_name() from netdev_load_one()
  * network/netdev: split out netdev_set_ifindex_internal() and _impl()
  * network/netdev: allow to register the same NetDev object with multiple names
  * network/netdev: add attach(), detach(), set_ifindex(), and get_ifindex() to netdev vtable
  * network/veth: refuse when peer and the main interface names are equivalent
  * network/veth: also manage peer name by Manager
  * network/l2tp: downgrade log level of several messages
  * network/l2tp: refuse duplicated session name
  * network/l2tp: manage l2tp session name by Manager
  * network/vxcan: refuse when peer and the main interface names are equivalent
  * network/vxcan: also manage peer interface name by manager
  * network/state-file: save assigned .netdev file even if the interface is unmanaged
  * test-network: add test more cases for assigned units for each interface
  * Merge pull request #34331 from yuwata/network-netdev-cleanups
  * timesync: use BusObjectImplementation
  * timesync: add support of basic command line options
  * man: add basic documents for org.freedesktop.timesync1
  * creds: drop unnecessary include of build-path.h
  * creds: align table
  * creds: add short comment that has-tpm2 is moved
  * creds: move -h/--help and --version to correct section in the help message
  * Merge pull request #34405 from poettering/dns-domain-validate-fix
  * Merge pull request #34419 from yuwata/creds
  * udev-rules: embed UdevRuleToken.attr_match_remove_trailing_whitespace flag into UdevRuleMatchType
  * udev-rules: support case insensitive match
  * Merge pull request #34434 from poettering/bootctl-stub-paths
  * Merge pull request #34425 from yuwata/udev-rules-case-insensitive-match
  * Merge pull request #34393 from poettering/tmpfiles-ownership-flag
  * nspawn: fix typo
  * man: fix typo
  * NEWS: fix typo
  * network/sysctl-monitor: fix sanity check in cut_last()
  * network/sysctl: use wrapped free functions
  * bpf-link: introduce bpf_ring_buffer_free() and friends
  * network/sysctl: several cleanups for sysctl_add_monitor()
  * network/sysctl-monitor: fix use-after-free
  * network/sysctl-monitor: do not allocate sysctl_shadow when eBPF is not supported
  * network: drop unnecessary BPF related objects from Manager when disabled
  * test/repart: fix mkfs checker
  * docs: fix typo in filename: REATLIME -> REALTIME
  * Merge pull request #34443 from yuwata/network-sysctl-monitor-follow-ups
  * network: log when no matching .network file found
  * network: log loaded .network and .netdev files
  * log: introduce log_oom_full()
  * conf-parser: log errors in config_parse_many_files() and friends
  * conf-parser: use hashmap_ensure_put() at one more place
  * Merge pull request #34457 from poettering/uki-with-many-testcase
  * test: minor coding style fixlets
  * test: drop unused test.sh for TEST-86-MULTI-PROFILE-UKI
  * network/dhcp4: use device_get_property_bool() at link_needs_dhcp_broadcast()
  * Merge pull request #34040 from AdrianVovk/repart-dollar-boot
  * Merge pull request #34460 from yuwata/test-86-follow-ups
  * kernel-install: unquote plugin paths in KERNEL_INSTALL_PLUGINS
  * test: quote paths to executables
  * machine: make sd_json_dispatch_field table static
  * ssh-generator: make sd_json_dispatch_field table static
  * varlinkctl: make sd_json_dispatch_field table static
  * updatectl: make sd_json_dispatch_field table static
  * resolvectl: make sd_json_dispatch_field table static
  * resolve: make sd_json_dispatch_field table static
  * creds-util: make sd_json_dispatch_field table static
  * nsresource: make sd_json_dispatch_field table static
  * tree-wide: drop unnecessary 'struct'
  * conf-parser: introduce config_parse_in_addr_data()
  * conf-parser: drop unnecessary temporary variable
  * network/neighbor: use struct in_addr_data
  * network/neighbor: introduce generic Neighbor section parser
  * network/neighbor: use log_section_warning_errno()
  * efi: fix typo
  * man: fix typo
  * test: create .netdev file at last
  * network/nexthop: use log_section_warning() and friend
  * network/nexthop: make conf parsers for Family= and Gateway= independent of each other
  * network/nexthop: introduce generic conf parser for [NextHop] section
  * Merge pull request #34479 from yuwata/sd-json-dispatch-field-table-static
  * tpm2-util: introduce tpm2_is_fully_supported()
  * tpm2-util: do not load tpm2 libraries when not interested in the existence of the libraries
  * tpm2-util: update comment
  * shell-completion/analyze: add has-tpm2
  * tpm2-util: colorize output of 'systemd-analyze has-tpm2'
  * man/systemd-analyze: mention required libraries for TPM2 support
  * Merge pull request #34486 from DaanDeMeyer/test-process-util
  * seccomp-util: pass negative fds as is to fsync() and friends
  * test: add tests for seccomp_suppress_sync()
  * Merge pull request #34480 from yuwata/test-seccomp-suppress-sync
  * Merge pull request #34496 from YHNdnzj/tmpfiles-neg-errno
  * Merge pull request #34499 from YHNdnzj/sd-path-trivial-cleanup
  * sd-ipv4acd: fix assertion triggered when an ARP received in STARTED state
  * Merge pull request #34510 from keszybz/mkosi-version-checks
  * strv: introduce strv_find_closest()
  * verbs: use strv_find_closest()
  * machine: fix bus method argument name: who -> whom
  * Merge pull request #34515 from YHNdnzj/machined-machines-by
  * Merge pull request #34502 from yuwata/strv_find_closest
  * Merge pull request #34511 from YHNdnzj/strv-extend-strv-consume
  * Merge pull request #34549 from weblate/weblate-systemd-main
  * tpm2-util: show loaded libraries in 'systemd-analyze has-tpm2'
  * Merge pull request #34638 from YHNdnzj/laccess-error-check
  * Merge pull request #34432 from YHNdnzj/path-lookup-refactor
  * TODO: fix typo
  * udev-node: skip stack directory creation for diskseq
  * test: add test case for issue #34637
  * udev-node: rename node_symlink() -> node_create_symlink()
  * udev-node: introduce node_remove_symlink()
  * Merge pull request #34408 from Werkov/fix-device-limits
  * Merge pull request #34491 from AdrianVovk/sysupdate-fixups
  * homectl: drop unnecessary brackets
  * networkctl: sort ifindexes in status command
  * network: use Network.name for bus path
  * tree-wide: drop doubled empty lines
  * sd-json: use sd_json_dispatch_const_string() in sd_json_dispatch_string()
  * Merge pull request #34669 from bluca/semaphore
  * prioq: use GREEDY_REALLOC() and structured initializer
  * core: use memdup_suffix0() at one more place
  * time-util: fix parsing timestamp with NZ timezone
  * time-util: copy input string before fork()
  * test: add test cases for timestamp with time zone
  * analyze: use RET_GATHER()
  * sd-bus: introduce bus_process_cmsg()
  * tree-wide: replace reallocarray() with GREEDY_REALLOC()
  * core: suppress one debugging log
  * systemctl: separate memory usage with comma
  * oomd: drop unused usec_now
  * oomd: update system context when oomctl is invoked
  * oomd: separate entries with comma for readability
  * core: drop implicit support of PrivateUsers=off
  * core/dbus: move bus_verify_xyz() to dbus-util.c
  * core/dbus: introduce bus_verify_manage_units_async_impl()
  * core/dbus: add assertions
  * core: drop implicit support of PrivateTmp=off
  * Merge pull request #34691 from poettering/polkit-varlink-field-macro
  * Merge pull request #34636 from WilliButz/repart/verity-hash-max-data-size
  * login: allow to cancel delayed action by CancelScheduledShutdown()
  * login: provide delayed action in ScheduledShutdown property
  * login: use event_reset_time_relative() at one more place
  * logind: add comment why we save action in execute_shutdown_or_sleep()
  * Merge pull request #34641 from behrmann/ukifystyle
  * Merge pull request #34665 from poettering/fastopen-fallback
  * stub: reindent lines
  * Merge pull request #34687 from DaanDeMeyer/mkosi
  * core/mount: fix typo
  * repart: fix typo
  * ukify: fix return value type of resolve_at_path()
  * sd-event: rename output parameters to ret
  * Merge pull request #34684 from yuwata/login-scheduled-shutdown
  * sd-netlink: various cleanups
  * sd-netlink: shorten sd_netlink_message_read_string_strdup() a bit
  * sd-netlink: make size verifier in sd_netlink_message_read_xyz() stricter
  * sd-netlink: introduce macros to define sd_rtnl_message setters and getters
  * sd-netlink,network: rename functions and RoutingPolicyRule.type
  * sd-netlink: introduce two more _get_family()
  * Merge pull request #34699 from yuwata/netlink-cleanups
  * mkosi: fix sections for settings
  * in-addr-util: rename in_addr_prefix_from_string_auto_internal() -> _full()
  * conf-parser: introduce config_parse_in_addr_prefix()
  * network/routing-policy-rule: use in_addr_prefix for From= and To=
  * network/address: use log_section_warning() more
  * network/address: warn but ignore Broadcast= setting for an IPv6 address
  * network/address: several cleanups for config_parse_address()
  * network/route-metric: use log_syntax_parse_error()
  * network/route-metric: merge conf parsers for route metric
  * network/route-nexthop: use log_syntax_parse_error()
  * network/route-nexthop: use generic [Route] section parser more
  * network/route: use log_syntax_parse_error() more
  * network/route: use generic [Route] section parser more
  * network/route: use log_section_warning() more
  * Merge pull request #34720 from YHNdnzj/extra-fds-followup
  * Merge pull request #34700 from yuwata/network-conf-parser
  * udev-node: remove lockfile and stack directory when not necessary if possible
  * udev-node: drop workaround for by-diskseq symlinks
  * udev-node: drop unnecessary manager side cleaning up logic for stack directory
  * TEST-17-UDEV: also check if /run/udev/links.lock/ is empty on settle
  * Merge pull request #34722 from anonymix007/fundamental-sha1
  * Merge pull request #34698 from yuwata/udev-node-lock-file
  * Merge pull request #34591 from teknoraver/timer
  * mkosi: replace PackageManagerTrees= with SandboxTrees=
  * TEST-58-REPART: drop duplicated inclusion of util.sh
  * TEST-64-UDEV-STORAGE: insert udevadm settle more
  * analyze: fall back to simple method from dump_patterns() and friends
  * bus-message-util: introduce bus_message_dump_fd() and _string()
  * oomctl: sort contexts with cgroup path
  * boot/efi: trivial coding style cleanups
  * boot/efi/smbios: initialize output parameters if entries not found
  * boot/efi/log: always include filename, line, and function in log message
  * sha256: use memory-util-fundamental.h
  * local-addresses: use FOREACH_ARRAY() macro
  * local-addresses: honor RTA_PREFSRC field of gateway
  * test: add test for local outbounds with preferred source address
  * Merge pull request #34520 from vcaputo/mmap-cache-unused-min
  * Merge pull request #34555 from rpigott/busctl-wait
  * network/address: do not set family in config_parse_broadcast()
  * network/address: use config_parse_in_addr_non_null() at one more place
  * bash-completion/busctl: support wait command
  * Merge pull request #34745 from yuwata/local-outbounds-prefsrc
  * Merge pull request #34743 from yuwata/bus-message-dump-fd
  * TEST-13-NSPAWN: add test for 'machinectl terminate'
  * Merge pull request #34738 from behrmann/ukifyoption
  * sd-radv: drop sd_radv_prefix and friends, and use sd_ndisc_option to manage NDisc options
  * oomd-util: use FOREACH_ARRAY() more
  * udev: do not re-create database on remove event
  * sysctl-util: introduce sysctl_read_ip_property_int() and _uint32()
  * network/route: use sysctl_read_ip_property_int() for reading route/max_size
  * network/sysctl: make link_set_ipv6_mtu() log failures
  * network: wait for IPv6 MTU being synced to link MTU
  * Merge pull request #34755 from YHNdnzj/soft-reboot-generator-cmdline
  * udev: do not try to lock whole block device on remove event
  * TEST-17-UDEV: check if udev database file is removed on remove event
  * Merge pull request #34744 from yuwata/oom-cleanups
  * Merge pull request #34736 from yuwata/network-mtu
  * Merge pull request #34752 from yuwata/udev-remove-database-on-remove
  * machine: lookup_machine_by_name_or_pid() may return 1 on error and it is already replied
  * machine: fix memleak in vl_method_list_images()
  * machine: trivial coding style cleanups
  * TEST-13-NSPAWN: several cleanups
  * man: update documents of "_outbound" addresses
  * Merge pull request #34769 from yuwata/machine-by-name-or-pid
  * sd-dhcp6-lease: use free_and_replace_full()
  * network/dhcp6: set hostname even if UseAddress=no
  * sd-dhcp6-client: allow to request IA_PD on information requesting mode
  * sd-dhcp6-lease: adjust information refresh time with lifetime of IA_PD
  * network/dhcp6: process hostname and IA_PD on information requesting mode
  * man/network: update example for router upstream interface
  * network/radv: update comment
  * busctl: minor coding style cleanups
  * fs-util: make readlink_malloc() inline
  * sd-json: introduce json_variant_new_devnum() and friends
  * sd-json: introduce json_variant_new_fd_info()
  * busctl: show information of passed file descriptor
  * Merge pull request #34442 from yuwata/network-dhcp6-information-requesting-ia-pd
  * Merge pull request #34771 from ZLima12/run0-root-working-directory
  * machine: add MachineImage interface
  * Merge pull request #34719 from poettering/pidref-remote
  * Merge pull request #34781 from poettering/write-string-rename-full
  * Merge pull request #34482 from bgurney-rh/alt-nvme-multins-symlink-fix
  * core/cgroup: fix IPAddressAllow=/IPAddressDeny= set through DBus
  * TEST-19-CGROUP: add test cases for IPAddressAllow=/IPAddressDeny=
  * TEST-55-OOMD: set ManagedOOMMemoryPressure= and friends in a drop-in config
  * TEST-55-OOMD: check global config earlier
  * TEST-55-OOMD: split into small testcases
  * TEST-55-OOMD: check slice more in detail
  * TEST-55-OOMD: stop test units when unnecessary
  * TEST-55-OOMD: check slice property before stressing slice
  * test: fix TOCTOU in test-json
  * Merge pull request #34756 from yuwata/test-oomd-cleanups
  * journalctl: erase verify key before free
  * journalctl: do not directly use optarg, but copy optarg before use
  * Merge pull request #34381 from DaanDeMeyer/extension-submounts
  * ukify: fix typo
  * pidref: fix typo
  * machine: fix typo
  * doc: fix typo
  * Merge pull request #34793 from yuwata/journalctl-copy-arguments
  * TEST-60-MOUNT-RATELIMIT: wait for mount unit being started or stopped
  * TEST-60-MOUNT-RATEMINIT: split into small test cases
  * TEST-60-MOUNT-RATELIMIT: disable journal ratelimiting
  * Merge pull request #34797 from yuwata/test-mount
  * Merge pull request #34597 from ryantimwilson/oomd-pressure-duration
  * Merge pull request #34820 from poettering/dissect-image-uclean
  * TEST-55-OOMD: workaround for kernel regression in 6.12-rcX
  * network/dhcp6: do not request IA_PD when running in the other-information mode
  * man: suggest to use DHCPv6Client= when upstream provides RA with the Managed bit unset
  * test-execute: update permission of credstore
  * TEST-02-UNITTESTS: reuse $TEST_MATCH_SUBTEST to specify unit tests to be run
  * TEST-55-OOMD: fix typo
  * measure: fix typo
  * man/network: fix typo
  * core/namespace: honor MountEntry.read_only, .options, and so on in static entries
  * core/namespace: coding style cleanups
  * core/namespace: replace MOUNT_PRIVATE_TMP_READ_ONLY with MOUNT_PRIVATE_TMP with .read_only = true
  * Merge pull request #34834 from yuwata/protect-home-tmpfs-read-only
  * man/network: suggest to not request IA_NA when received RA with Managed bit unset
  * Revert "TEST-55-OOMD: workaround for kernel regression in 6.12-rcX"
  * Merge pull request #27916 from yuwata/test-execute-credstore
  * man: insert a comma before 'and'
  * Merge pull request #34881 from poettering/run0-ui-tweaks
  * Merge pull request #34884 from poettering/run0-disconnect-fix
  * basic/missing: add short comment about when CLONE_NEWCGROUP is added
  * man: fix typo
  * sd-event: fix memleak when built without assertion
  * core/cgroup: rename CGROUP_PRESSURE_WATCH_ON/OFF -> CGROUP_PRESSURE_WATCH_YES/NO
  * Merge pull request #34902 from ryantimwilson/root-dir-not-exists-error
  * Merge pull request #34806 from ryantimwilson/protect-control-groups
  * Merge pull request #34633 from keszybz/sd-json-enum-formatting
  * update-utmp: wait slightly longer for the private bus socket being active
  * network/netdev: split out netdev_attach_name_full()
  * network/netdev: skip processing netdev if it is already detached
  * network/tunnel: merge dhcp4_pd_create_6rd_tunnel_message() into dhcp4_pd_create_6rd_tunnel()
  * network/tunnel: reuse existing 6rd SIT tunnel
  * sd-netlink,network: do not set NLM_F_CREATE and NLM_F_EXCL flags if an interface index is specified
  * network/tunnel: allow Local=/Remote=any for all tunnel types
  * network: process queued remove requests before networkd is stopped
  * test-network: add test for DHCPv4 address removal on stop
  * github: drop workaround and use distro mold
  * network: swap asterisk and space
  * network/netdev: update state file when NetDev object assignment is changed
  * network: drop no-op cleanup
  * network: use newly loaded Network object if a referenced NetDev object is updated
  * network/netdev: introduce netdev_can_set_mac/mtu() helper functions
  * network/vxlan: do not try to update several parameters
  * network/macsec: IFLA_MACSEC_PORT attribute cannot be changed
  * network/ipvlan: do not try to update MAC address
  * test-network: add test case for reuse of existing 6rd SIT tunnel
  * mkosi: Update packaging specs to latest (#34951)
  * network: process queued remove requests on stop (#34871)
  * network: several cleanups for reloading .network files (#34933)
  * network/netdev: do not try to update several parameters if the interface already exists (#34937)
  * network/tunnel: reuse existing 6rd sit tunnel (#34938)
  * network/netdev: move calls of netdev_attach() and netdev_request_to_create() to netdev_load()
  * network/netdev: reconfigure netdev if possible
  * network/netdev: replace old NetDev object with newer one on reload
  * test-network: test for reload of .netdev file of stacked netdev
  * man: update documentation for 'networkctl reload'
  * network: support reconfiguring netdev (#34909)
  * firstboot: several cleanups (#34958)
  * sd-varlink: update comment
  * NEWS: fix typo
  * machine: use sd_json_variant_append_arraybo() and JSON_BUILD_PAIR_VARIANT_NON_NULL()
  * machined: ACQUIRE_METADATA_NO is zero
  * TEST-13-NSPAWN: fix race between container exit and varlink call
  * TEST-13-NSPAWN: check returned machine list
  * TEST-13-NSPAWN: trivially kill all processes in the container on termination
  * TEST-13-NSPAWN: add test cases for listing multiple machines
  * env-util: replace 'char **' with 'char**'
  * env-util: introduce strv_env_get_merged()
  * sd-json: use strv_env_get_merged()
  * sd-json: introduce JSON_BUILD_PAIR_STRV_ENV_PAIR_NON_EMPTY() macro
  * machine: use JSON_BUILD_PAIR_STRV_ENV_PAIR_NON_EMPTY()
  * machine: lookup_machine_by_name_or_pidref() returns negative errno on failure
  * network: update tunnel or vxlan interface if the local address is changed
  * test-network: add test case for tunnel Local=dhcp4
  * resolve: do not try to send varlink error more than once
  * sd-varlink: suppress one log message when callback already successfully enqueued an error response
  * network/dhcp4: do not restart IPv4LL client when KeepConfiguration=dhcp
  * network/ipv4ll: not necessary to set initial address on each start
  * network: refuse further requests when manager is in MANAGER_STOPPED
  * network: free DHCP client and friends in link_free()
  * network: realign string table
  * network/address: slightly optimize link_address_is_dynamic()
  * daemon-util: expose notify_push_fd()
  * network: remove unexpected netlink socket from service manager
  * network/json: add missing entries for route properties
  * network: introduce network_config_source_from_string()
  * network: check earlier if we are running in test mode
  * network: check if interface is initialized after enumeration completed
  * network: add more debugging logs
  * network: expose log_route_debug() and log_address_debug()
  * network/dhcp4: keep DHCP address and routes on stop even when SendDecline=yes
  * network: sevearal random trivial cleanups (#34994)
  * Translations update from Fedora Weblate (#35031)
  * network: split out link_enter_unmanaged() from link_reconfigure_impl()
  * network: several cleanups for link_reconfigure()
  * network: merge link_foreignize_config() and link_drop_foreign_config()
  * network: keep dynamic configurations as possible as we can on reconfigure
  * network: introduce LINK_RECONFIGURE_CLEANLY flag
  * mount-util: introduce path_is_network_fs_harder()
  * network: use path_is_network_fs_harder()
  * network: reconfigure interface more gracefully (#35035)
  * man/udev: fix typo
  * man/varlink: fix typo
  * core/manager: silence false-positive warning by coverity
  * NEWS: fix typo
  * Translations update from Fedora Weblate (#35060)
  * Split and rename src/boot (#35068)
  * mount-util: make path_get_mount_info() work arbitrary inode
  * Various multi-dt fixes and CHID test (#35056)
  * netwrok: call link_drop_unmanaged_config() earlier in link_configure()
  * network: drop unnecessary size specifier
  * network: reset 'configured' flags even if we keep DHCP lease and friends on reconfigure
  * test-network: reconfigure interface cleanly to drop previous DHCP lease and friends
  * network: reorder dropping dynamic configuration
  * network/dhcp-pd: do not remove unreachable route when reconfiguring non-upstream interface
  * network: drop static configs later
  * network: make 'networkctl reconfigure' work safely even when KeepConfiguration=dhcp or yes
  * Split src/partition (#35110)
  * network/route: update reference of the route from nexthop
  * network/nexthop: do not remove depending nexthops when a nexthop is removed
  * network/nexthop: forget dependent routes without trying to remove
  * network/route: forget IPv4 non-local routes when an interface went down
  * network/nexthop: also forget IPv4 nexthops when an interface went down
  * test-network: add test case for issue #35047
  * network: forget IPv4 non-local routes when an interface went down (#35099)
  * network/ndisc: introduce route_is_bound_to_link() helper function and use it where applicable
  * network/ndisc: several cleanups for ndisc_remove_route()
  * network/ndisc: introduce ndisc_route_prepare() and ndisc_router_route_prepare()
  * network/ndisc: restore the original preference and priority before checking if existing route can be updated
  * test-network: several cleanups
  * Fix man page links broken due to incorrect volume numbers (#35122)
  * audit-util: return -ENODATA from audit_{session|loginuid}_from_pid() if invoked in a container (#35072)
  * sd-boot/sd-stub: two log message fixes (#35143)
  * network/netdev: set interface name only when creating a new netdev
  * network/netdev: do not update MAC address if netdev is already running
  * network/netdev: enter ready state only when it is created by us
  * network/netdev: always queue request of creating netdev then process it later
  * network/netdev: fix counter handling if request is cancelled
  * network/netdev: do not try to update if not supported
  * network/bond: do not update several parameters if already up or has slaves
  * network/tuntap: manage tun/tap fds by manager
  * test-network: add tests for reloading .netdev files for independent netdevs
  * networkd-test.py: show current status when wait-online failed
  * network: introduce manager_serialize()/deserialize()
  * network: keep all dynamically acquired configurations when KeepConfiguration=dhcp-on-stop
  * network/ipv4ll: use a foreign IPv4LL address when KeepConfiguration=dhcp
  * network: rename KeepConfiguration=dhcp -> dynamic
  * man/network: update documentation for KeepConfiguration=
  * test-network: update KeepConfiguration=dhcp -> dynamic
  * network: serialize and deserialize current configuration (#34989)
  * network/nexthop: preparation for dynamically configuring nexthops
  * network/nexthop: serialize/deserialize nexthops
  * network/ndisc: dynamically configure nexthops when routes with gateway are requested
  * tmpfiles.d/meson.build: two minor tweaks (#35153)
  * logind-session: be more specific about session_kill() errors, plus minor fixes for sd_bus_error handling (#35150)
  * fetch-distro: use git log --first-parent and update debian commit (#35151)
  * nspawn: silence warning about failure in getting fuse version
  * nspawn: split out copy_devnode_one() and bind_mount_devnode() from copy_devnodes()
  * nspawn: ignore failure in creating /dev/net/tun when --private-network is unspecified
  * TEST-13-NSPAWN: add test case for /dev/net/tun
  * network/ndisc: fix coalescing of ndisc routes when multiple router exists (#35119)
  * nspawn: several follow-ups for recent changes (#35146)
  * network/nexthop: fix copy-and-paste error
  * network/netdev: fix typo
  * po: update Japanese translations
  * man: add several future version info tags
  * man: fix copy-and-paste error
  * ndisc-option: use memcpy_safe() at one more place
  * network/ndisc: sd_ndisc_router_route_get_preference() does not return -EOPNOTSUPP anymore
  * network/ndisc: first process options with zero lifetime
  * test-network: split out check_router_preference() from test_router_preference()
  * test-network: add test case for IPv6 Core Conformance test v6LC.2.2.23
  * core/exec-invoke: suppress placeholder home only in build_environment() (#35219)
  * network: update state files before replying bus method
  * test-network: actually check metric and preference
  * core/service: service_add_fd_store() consumes passed fd
  * namespace-util: handle -ENOSPC by userns_acquire() gracefully in is_idmapping_supported()
  * namespace-util: update log messages
  * basic/linux: update kernel headers from v6.12
  * shutdown: close DM block device before issuing DM_DEV_REMOVE ioctl
  * namespace-util: handle -ENOSPC by userns_acquire() gracefully in is_idmapping_supported() (#35313)
  * shutdown: propagate one more error from sync_making_progress()
  * networkd-test.py: fix interface state checker
  * man: asorted fixes
  * man: update documentation about basic .netdev file handling
  * curl-util: do not configure new io event source when the event loop is already dead
  * core/device: ignore ID_PROCESSING udev property on enumerate
  * TEST-17: add reproducer for issue #35329
  * networkd-test.py: disable IPv6AcceptRA= if not necessary
  * man: use MIT-0 license for example codes in daemon(7)
  * Revert "Revert "man: use MIT-0 license for example codes in daemon(7)""
  * man: several more assorted fixes
  * Minor follow-ups for recent PRs (#35381)
  * TEST-67-INTEGRITY: modernize test code
  * TEST-67-INTEGRITY: blkid should not provide the underlying loopback block device
  * network/queue: do not increase reference counter when remove request is not queued
  * sysupdate: add missing full stop to the polkit message
  * po: update Japanese translation
  * po: update translations
  * mkosi: extend DefaultTimeoutStopSec= when running on sanitizers
  * mkosi: move setting for journald to mkosi.extra
  * systemctl: skip checking inhibitors when dbus.service is not running
  * NEWS: metion changes for networkd
  * TEST-13-NSPAWN: enable debugging logs by nspawn run by systemd-run
  * Revert "mkosi: extend DefaultTimeoutStopSec= when running on sanitizers"
  * mkosi: disable Fedora specific drop-in config when running with sanitizers
  * journalctl: show coredumps again when --unit= is specified
  * test: tentatively disable SELinux tests
  * journalctl: show coredumps again when --unit= is specified
  * Revert "test: tentatively disable SELinux tests"
  * mkosi: move drop-in config for sanitizers
  * test: extract sanitizer reports from journal
  * mkosi/sanitizers: add more ASAN options
  * test-network: check status of networkd after everything cleared on tear down
  * test: use systemd-asan-env environment file at more places
  * basic: update syscall tables
  * seccomp-util: add getxattrat and friends
  * mkosi: several improvements for running with sanitizers (#35480)
  * TEST-07-PID: wait for sleep command being executed by sd-executor
  * copy: do not try to copy zero size data
  * journald: extend STDOUT_STREAMS_MAX to 64k
  * tree-wide: replace ANSI_XYZ with ansi_xyz()
  * core: Add ProtectHostname=private (#35447)
  * bus-creds/time-util: use first_word() and skip_leading_chars() more (#35421)
  * Revert "coredumpctl: Don't treat no coredumps as failure"
  * journalctl: honor --quiet with --setup-keys
  * journalctl: allow to dump generated key in json format
  * network: drop outdated comment
  * network/nexthop: do not share NextHop.nexthops and NextHop.routes with duplicated object
  * network/ndisc: constify several arguments and add several assertions
  * network/ndisc: unref Route objects that depend on the nexthop
  * network/nexthop: drop outdated comment and add one debugging log
  * network/nexthop: ignore foreign nexthops when ManageForeignNextHops=no
  * network: introduce address_forget() and friends and use it where applicable
  * network/nexthop: fix argument name
  * network/nexthop: replace unreachable condition with assertion
  * network: add missing template to networkd.conf
  * network: introduce link_up_now()
  * network: optionally bring up interface before joining bridge
  * systemctl: downgrade log level of ECONNREFUSED from system dbus.service
  * journalctl: do not override explicitly specified -b or -n with -e or -k
  * network: optionally bring up interface before joining bridge (#34438)
  * journalctl: make --invocation and --list-invocations accept unit name without suffix
  * journalctl: move get_possible_units() to journalctl-util.c
  * journalctl: make --invocation and --list-invocations accept unit name with glob
  * journalctl: also mangle unit name when --invocation= or --list-invocations is specified (#35542)
  * Add credential support for mount units (#34732)
  * libfido2-util: show also verity features when listing FIDO2 devices (#35295)
  * process-util: modernize is_main_thread(); make sure get_process_ppid() won't return ppid == 0 (#35561)
  * pretty-print: don't use OSC 8 for incompatible URLs (#35223)
  * format-table: trivial cleanups (#35572)
  * exec-util: allow to invoke polkit/ask-password agent even if STDIN is not a tty
  * polkit-agent: modernize code a bit
  * exec-util: split out common checks before fork_agent() to can_fork_agent()
  * exec-util: drop handling of ENXIO in opening /dev/tty
  * exec-util: use open_terminal() in fork_agent() for safety
  * exec-util: use strv_from_stdarg_alloca()
  * polkit-agent: allow to invoke polkit agent even if STDIN is not a tty (#35431)
  * README: drop CentOS CI badges
  * test: rename README.testsuite -> README.md
  * sd-json: properly export sd_json_variant_type_from_string() and _to_string()
  * test: modernize generate-sym-test.py
  * test: also generate list of symbols from header files
  * ci: enable linter for generate-sym-test.py
  * tpm2-util: allow to control if legend and/or footer shown by tpm2_list_devices()
  * string-table: make DUMP_STRING_TABLE() returns 0
  * creds: support --transcode=help and --with-key=help
  * bash-completion/creds: generate suggestions by systemd-creds itself
  * core/namespace: use ProtectHostname in NamespaceParameters
  * mkosi: wrap unshare command when running with sanitizers
  * sd-json,sd-varlink: drop unexported functions from public headers
  * test: modernize generate-sym-test.py
  * test: also generate list of symbols from header files
  * README: drop CentOS CI badges
  * sysctl-util: support AF_MPLS
  * network: introduce MPLSRouting= to enable MPLS routing
  * test-network: add test case for MPLSRouting=yes
  * network: add MPLSRouting= setting to enable MPLS routing (#35495)
  * log: raise log level to LOG_DEBUG if $DEBUG_INVOCATION=1 is set (#35606)
  * core: log disconnect on api and system busses, and dump list of subscribers (#35603)
  * Replace array with magic indices with normal variables in vconsole-setup (#35181)
  * udev-builtin: use FOREACH_ELEMENT() macro
  * udev-builtin: drop unnecessary 'initialized' flag
  * udev-builtin-kmod: log about unloading only when already loaded
  * test-udev-spawn: migrate to use ASSERT_XYZ()
  * udev: several coding style fixes
  * udev: move listen_fds() to udev-manager.c
  * udev: move enums to udev-def.h
  * mkosi: drop wrapper for unshare
  * TEST-07-PID1: skip test cases that invokes unshare when running with sanitizers
  * test-time-util: fix truncation of usec to sec
  * udev-builtin: make udev_builtin_add_property() and friends take UdevEvent*
  * udev: introduce reference counter for UdevEvent
  * udev/net: make Link object take reference to UdevEvent
  * TEST-35-LOGIN: check only tty session
  * test/README: Environment= setting for mkosi should be in [Build] section
  * ptyfwd: clean up logic of color state transition in pty_forward_ansi_process()
  * ptyfwd: fix logic of OSC sequence termination
  * TEST-50-DISSECT: add test case with systemd-notify
  * core/exec-invoke: fix ProtectHostname= value in log message
  * core: make ProtectHostname= optionally take a hostname
  * boot: introduce smbios_raw_info_get_cached() to cache populated SMBIOS raw info
  * meson: allow to customize the access mode for tty/pts devices
  * systemctl-edit: ignore ENOENT from unit_is_masked()
  * core: make ProtectHostname= optionally take a hostname (#35626)
  * test: Add CHID matching test (#35532)
  * TEST-07-PID1: fix typo
  * core: drop unnecessary header inclusion
  * ptyfwd: coding style fix
  * ptyfwd: do not forward partial escape sequence
  * ptyfwd: save the last character before the escape sequence
  * ptyfwd: always write additional line break on stop
  * ptyfwd: always flush buffer and disconnect before exit
  * machinectl: explicitly assign PTY forwarder to sd_bus_slot
  * data-fd-util: drop dead code
  * udev: make builtins take UdevEvent object (#35625)
  * TEST-50-DISSECT: notify message cannot be sent by ncat
  * update-utmp: do not give up if the first attempt at connecting bus failed
  * ptyfwd: several cleanups (#35663)
  * udev: move parsers for config file, kerenel command line, and positional arguments to udev-config.c
  * udev-config: introduce UdevConfig
  * udev: move config parsers and related things to udev-config.c (#35624)
  * journalctl: honor --quiet with --setup-keys
  * exec-util: allow to invoke polkit/ask-password agent even if STDIN is not a tty
  * udev: reload .rules files and builtins only when necessary
  * test-time-util: fix truncation of usec to sec
  * TEST-35-LOGIN: check only tty session
  * test/README: Environment= setting for mkosi should be in [Build] section
  * systemctl-edit: ignore ENOENT from unit_is_masked()
  * udev: also reload udev.conf when explicitly requested
  * TEST-17: use 'udevadm control --reload' or 'systemctl reload systemd-udevd.service' for reloading udev.conf
  * ptyfwd: reset writable/readable flag before shovel() on exit
  * udev: support reloading udev.conf (#35458)
  * core/device: rename output parameters of device_setup_units() to ret_xyz
  * core/device: use path_equal() to compare sysfs path
  * core/device: handle ID_PROCESSING udev property
  * TEST-17: add test case for ID_PROCESSING flag on add uevent
  * Small fixes to nspawn and other stuff (#35686)
  * analyze: add "chid" verb to display CHIDs of the local system (#35175)
  * capability-util: generalize helper to acquire local caps (#35403)
  * TEST-71-HOSTNAME: do not start user session
  * audit-util: rename output parameter
  * hwdb: comment out the entry for Logitech MX Keys for Mac
  * udev: split manager_init() and manager_main() into small pieces
  * udev: make worker event source take file descriptor
  * meson: sort source files
  * Drop legacy glibc version check and inclusion of linux/memfd.h (#35748)
  * ptyfwd: fix infinite loop
  * ptyfwd,run: process remaining outputs in IO event sources
  * ptyfwd: try to drain on exit only once
  * Grammar fixes to manpages (#35753)
  * logs-show: skip journal entry with an invalid timestamp
  * fuzz-journal-remote: use ASSERT_OK() and friends
  * string-util: modernize split_pair()
  * logs-show: skip journal entry with an invalid timestamp (#35774)
  * systemctl: also ignore ENOENT in checking inhibitors
  * TEST-74-AUX: add reproducer of issue #35746
  * machine: GC machine when no leader PID is set
  * locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged
  * core,sd-bus: drop empty lines between function call and error check
  * core: do not disconnect from bus when failed to install signal match
  * man/networkd.conf: update section explanation
  * network: introduce system wide default setting for DHCPv4 client ID
  * test-network: add test cases for global [DHCPv4] ClientIdentifier= setting
  * bash-completion/journalctl: list user units when --user is already specified
  * bash-completion/journalctl: also escape the current input of user unit
  * systemctl: certainly ignore ENOENT in checking inhibitors
  * libsystemd: drop duplicated symbol
  * tpm2: tweaks to PCR mask parsing (#35835)
  * sd-json: replace ASSERT_PTR() with assert_return() in public functions
  * sd-json,sd-varlink: trivial coding style fixlets
  * libsystemd: drop duplicated symbol
  * sd-json: introduce json_dispatch_log_level()
  * varlink: invert uid check to reduce call of getuid()
  * udev-config: split on_ctrl_msg() into small pieces
  * udev: introduce udev_property_name_is_valid() and friends
  * udev-ctrl: refuse ENV control message with invalid environment assignment
  * hostname: cache sd-device object for DMI
  * hostname: also read serial number from device tree
  * varlink: several cleanups for io.systemd.service interface (#35733)
  * udev: split on_ctrl_msg() into small pieces (#35736)
  * varlink: add comments for io.systemd.service interface
  * sd-varlink: introduce sd_varlink_get_current_method()
  * ptyfwd: fix typo
  * namespace-util: refuse remote pidref in pidref_namespace_open()
  * hostname: read hardware serial from device tree (#35797)
  * firewall-util: allow to override the table and map names through env var
  * sd-device: add missing debugging log
  * sd-device: fix validation for devices under /sys/firmware/ in sd_device_new_from_subsystem_sysname()
  * packit: Move fmf metadata into upstream (#35700)
  * machine: use json_dispatch_const_path() where applicable
  * machine: comment source and destination must be absolute
  * mkosi: replace deprecated settings and command with new ones
  * sd-varlink: add flag for sd_varlink_server for creating connections w… (#35841)
  * README: CentOS Stream 8 reached EOL
  * tools: drop workaround for CentOS 7
  * docs: replace link to RHEL7 document with RHEL9 documents
  * meson: drop workaround for CentOS 8
  * test-network: nowadays it runs not only on CentOS
  * test-network: drop workaround for old CentOS release
  * basic/linux: update kernel headers from v6.13-rc6
  * machine: update log message and comments
  * TEST-17-UDEV: wait for udevd being restarted after exit control command
  * udev-varlink: introduce io.systemd.Udev varlink interface
  * udevadm-control: use varlink to send commands
  * udevadm: use varlink connection to send ping
  * units: introduce systemd-udevd-varlink.socket
  * ask-password: req must be non-NULL
  * mkosi: replace deprecated settings and command with new ones
  * sd-device: add missing debugging log
  * sd-device: fix validation for devices under /sys/firmware/ in sd_device_new_from_subsystem_sysname()
  * locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged
  * machine: GC machine when no leader PID is set
  * hwdb: comment out the entry for Logitech MX Keys for Mac
  * systemctl: also ignore ENOENT in checking inhibitors
  * systemctl: certainly ignore ENOENT in checking inhibitors
  * journalctl: make --invocation and --list-invocations accept unit name without suffix
  * udev/net: add ReceiveFCS= and ReceiveAll= settings
  * udev/net: add PartialGenericSegmentationOffload= setting
  * sd-device: make sd_device_new_from_path() accept relative path to device node
  * hostname: use sd_device to acquire fallback chassis
  * fmf: Move meson logs and failed test journals to test artifacts dir (#35939)
  * udevadm-test: add missing oom check
  * udev-rules: replace 'type *func()' -> 'type* func()'
  * udev-rules: do not change maximum log level when running in test mode
  * Follow-ups for recent namespace PRs (#35923)
  * ptyfwd: fix wrong userdata passed to PTY forwarding
  * mkosi: disable multipathd by default
  * analyze: fix assignment of object_field
  * random-util: fix compilation error
  * fundamental-macro: conditionalize several gcc warning pragmas
  * README: update requirements
  * udevadm-test: introduce -v/--verbose option to show verbose log messages
  * udev-rules: show original token string in log_event_error() and friends
  * udev-rules: logs result of format substitution
  * udev-rules: add more trace logs for string match
  * udev-rules: introduce udev_replace_chars_and_log()
  * udev-rules: ignore whole command result if it is too long and does not contain newline
  * udev-rules: update log messages
  * udev-rules: add trace logs for GOTO and parent conditions
  * udev: add --verbose option for 'udevadm test' and add more verbose logs (#36021)
  * udev-dump: split out dump_event() from udevadm-test.c
  * udev-rules: introduce OPTIONS="dump" token
  * tree-wide: use _cleanup_hashmap_free_ and friends
  * capability-util: drop _cleanup_cap_free_charp_
  * selinux-util: drop _cleanup_context_free_
  * boot: introduce _cleanup_file_close_
  * boot: introduce _cleanup_strv_free_
  * login: fix typo
  * process-util: fix typo
  * TODO: fix typo
  * coccinelle: add .gitignore for cache files
  * tree-wide: coding style fixlets done by coccinelle
  * tree-wide: coding style fixlets done by coccinelle (#36074)
  * pid1,nspawn: enable usrquota on /tmp/ + /dev/shm/ (#36036)
  * Tweaks to generic "io.systemd.service" Varlink interface, and hook it up in all long-running Varlink daemons (#35914)
  * core: use usec_add() at one more place
  * capability-util: rename output argument of capability_gain_cap_setpcap()
  * udev: split out legacy control socket handling to udev-manager-ctrl.c
  * udev-ctrl: use -EBADF for invalid file descriptor
  * udev-manager: rework initialization of device monitor
  * udev,network: drop unnecessary check for result of sd_listen_fds_with_names()
  * tree-wide: rely on sd_varlink_dispatch() for validating zero-argument method calls, too
  * udev-varlink: add io.systemd.service.GetEnvironment
  * tree-wide: drop merely used _cleanup_ macros, and introduce several new ones (#36071)
  * cryptsetup: use mangle_none() at one more place
  * cryptsetup: drop doubled space
  * cryptsetup: use dispatch_verb()
  * veritysetup: use dispatch_verb()
  * integritysetup: use dispatch_verb()
  * udev-control: move setting of log level to manager_adjust_config()
  * udev-config: allow to enable trace logging through kernel command line
  * udev-varlink: allow to enable/disable trace logging through varlink
  * udevadm-control: allow to enable/disable trace logging in systemd-udevd
  * networkd-test.py: generate debugging logs of networkd
  * networkd-test: unconditionally stop previous invocation of networkd before starting new one
  * udev-dump: voidify one function call
  * udev-dump: also show written sysfs attributes and sysctl entries
  * core/device: do not drop backslashes in SYSTEMD_WANTS=/SYSTEMD_USER_WANTS=
  * test: add test cases for parsing SYSTEMD_WANTS=/SYSTEMD_USER_WANTS=
  * pretty-print: cleanups for cat_file()
  * pretty-print: fix handling of line continuation in cat_file()
  * pretty-print: make cat_file() also highlight the trailing backslash for line continuation
  * TEST-65-ANALYZE: add detailed test case for cat-config
  * rpm: mark udevd for reloading when an rules file is installed/updated
  * udevadm-test: allow to specify extra directories to load udev rules files
  * network/radv: modernize config_parse_router_preference()
  * network/radv: add [IPv6RoutePrefix] Preference= setting
  * test-network: add test case for [IPv6RoutePrefix] Preference=
  * network/ndisc: allow to configure route option preference (#35213)
  * pretty-print: fix handling of line continuation in cat_file() (#35886)
  * mkosi: Update to latest (#36114)
  * core/device: do not drop backslashes in SYSTEMD_WANTS=/SYSTEMD_USER_WANTS= (#35869)
  * run: add --job-mode= argument (#34708)
  * hash-funcs: introduce several basic hash_ops with value destructor
  * udevadm-monitor: use hash ops with destructor
  * udev: use hash ops with destructor
  * wait-online: use hash ops with destructor
  * catalog: modernize code
  * bootctl: use hash ops with destructor
  * delta: use hash ops with destructor
  * sd-bus: use hash ops with destructor
  * journal-file: use hash ops with destructor
  * sd-journal: use hash ops with destructor
  * network: use hash ops with destructor
  * exec-util: use hash ops with destructor
  * remount-fs: use hash ops with destructor
  * test: use hash ops with destructor
  * hashmap: drop hashmap_free_free() and friends
  * tree-wide: use hash ops with destructor (#36107)
  * shell-completion/udevadm: add net_driver
  * udev: sort builtins
  * udev-rules: log the first line number when continued
  * udevadm-verify: chase specified paths
  * bash-completion/udevadm-verify: suggest found udev rules files
  * udevadm: introduce cat command
  * fileio: fix verification on failure in write_string_file_full()
  * fileio: make write_string_file_at() accept O_PATH fd and an empty filename
  * fileio: make read_virtual_file_at() accept O_PATH file descriptor
  * sd-device: chase sysattr and refuse to read/write files outside of sysfs
  * sd-device: use sd_device_get_sysattr_value() to read special symlinks
  * sd-device: use sd_device_get_sysattr_value() to read uevent file
  * sd-device: use specific setters for read entries from uevent file
  * sd-device: use device_in_subsystem() at more places
  * udevadm: introduce cat command to show udev rules (#35893)
  * sd-device: chase sysattr and refuse to read/write outside of sysfs (#36004)
  * udev-rules: get_user_creds()/get_group_creds() return -ESRCH when user/group does not exist
  * udev-rules: ignore OWNER=/GROUP= with unknown user/group
  * udev-rules: ignore non-system user/group in OWNER=/GROUP=
  * test: add test cases for OWNER=/GROUP= with non-system user/group
  * NEWS: mention OWNER=/GROUP= in udev rules now refuses non-system user/group
  * udev-rules: check OWNER/GROUP= setting more strictly (#36123)
  * strv: fix typo
  * pam_systemd: fix typo
  * mntfsd: fix typo
  * sd-device: fix typo
  * delta: use r for storing error code
  * delta: add missing error check
  * sd-device: make device_get_cached_sysattr_value() static
  * sd-device: move the check if sysattr entry should be cached into device_cache_sysattr_value()
  * udev-rules: use sd_device_set_sysattr_value() to write sysfs attribute
  * tree-wide: insert a space at the end of comments
  * udev-rules: use sd_device_set_sysattr_value() to write sysfs attribute (#36142)
  * delta: cleanup coding style and add missing error check (#36146)
  * sd-json: silence false positive warning by coverity
  * mount-util: make path_get_mount_info_at() also read utab
  * libmount-util: introduce two helper functions
  * resolved: do not disable mdns/llmnr globally if it's enabled on any link
  * resolved: stop mdns/llmnr if no interface request it after bus method
  * Add loong64 as an option in a few more places (#36163)
  * network: fix offset of preference in backward compat option
  * systemctl: fix memleak
  * network/route: adjust configuration source based on Gateway= setting
  * network/dhcp4: make dhcp4_request_route_to_gateway() take Route object
  * network/dhcp4: rename link_prefixroute() -> prefixroute_by_kernel()
  * network/dhcp4: create prefix route and route to gateway in the specified table with Gateway=_dhcp4
  * network/dhcp4: Gateway=_dhcp4 also assign DHCP address as preferred source
  * test-network: add test case for Gateway=_dhcp4 with Table=
  * mount-util: make path_get_mount_info_at() also read utab (#36154)
  * strv: drop redundant string_strv_hash_ops
  * journal-remote: coding style fixlets
  * machine: revert type change of "leader" in io.systemd.Machine.Register method
  * core/dbus-manager: make output argument of transient_unit_from_message() optional
  * core/device: do not drop backslashes in SYSTEMD_WANTS=/SYSTEMD_USER_WANTS=
  * test: add test cases for parsing SYSTEMD_WANTS=/SYSTEMD_USER_WANTS=
  * mount-util: make path_get_mount_info_at() also read utab
  * machine: revert type change of "leader" in io.systemd.Machine.Register method
  * resolved: do not disable mdns/llmnr globally if it's enabled on any link
  * resolved: stop mdns/llmnr if no interface request it after bus method
  * systemctl: fix memleak
  * random-util: fix compilation error
  * network: bridge: add support for configuring locked ports (#36150)
  * strv: introduce string_strv_hashmap_remove()
  * unit-file: introduce unit_file_remove_from_name_map()
  * core/unit: remove path to transient unit file from unit name maps on stop
  * TEST-07-PID1: add reprudcer for issue #35190
  * man: update tags in systemd-stub(7)
  * boot: rename efifirmware.[ch] -> efi-firmware.[ch]
  * userdb: fix typo
  * udev: introduce UDEV_BUILTIN_DESTRUCTOR macro
  * udev-builtin: normalize load/unload log messages by builtins
  * udev-builtin-hwdb: explicitly initialize global variable
  * udev: replace '!= _UDEV_BUILTIN_INVALID' -> '>= 0'
  * po: sort languages
  * udevadm: several cleanups around parse_device_action()
  * udevadm: introduce parse_resolve_name_timing()
  * udevadm-verify: document '--resolve-names=late' and accept 'never' as is
  * Merge remote-tracking branch 'weblate/main' into HEAD
  * network: allow to configure routing policy rule even if requesting interface is not activated yet
  * test-network: add test case for requesting routing policy rules by multiple interfaces
  * network/routing-policy-rule: fix compare func
  * test-network: add test case for issue #35874
  * Two test readme improvements (#36265)
  * man/udevadm: list --version as a common option
  * man/udevadm: rebreak and reindent lines
  * udev-builtin: several trivial cleanups (#36239)
  * udevadm: several cleanups for command line option parsers (#36241)
  * boot: several follow-ups for .efifw section support (#36230)
  * basic/linux: update kernel headers from v6.14-rc1
  * firstboot: Populate XKBLAYOUT and friends as well in vconsole.conf (#36275)
  * udev/net: reorder elements in LinkConfig, and add short comments
  * udev/net: support to configure Energy Efficient Ethernet settings
  * core/exec-invoke: drop unnecessary casts
  * kernel-install: rename $ADDON_DIR -> $EXTRA_DIR
  * meson: also skip uid/gid check for nobody user/group when id command not found
  * man/kernel-install: update documents for plugins
  * kernel-install: addresses post-merge comments for #36218 (#36304)
  * sd-device: introduce device_get_sysnum_unsigned()
  * udev: use device_get_sysnum_unsigned() where applicable
  * udev: sd_device_get_sysnum() provides non-NULL result on success
  * udev-dump: fix gid check
  * udev-dump: show more information
  * udev-rules: always use log_info() to dump current event status
  * udevadm-test: show guiding messages in stderr
  * udevadm-test: allow to dump result in json format
  * man/udevadm: add examples to get predictable interface name and persistent device node symlinks
  * meson: fix suite of alignment check tests
  * udevadm-test: show result in json format (#36284)
  * meson: also skip uid/gid check for nobody user/group when id command not found
  * network/routing-policy-rule: fix compare func
  * test-network: add test case for issue #35874
  * network: allow to configure routing policy rule even if requesting interface is not activated yet
  * test-network: add test case for requesting routing policy rules by multiple interfaces
  * meson: allow to customize the access mode for tty/pts devices
  * meson: fix suite of alignment check tests
  * udevadm-test: fix gid check
  * journal-remote,journal-upload: added compression support (#34822)
  * xattr-util: try new *xattrat() family syscalls first (#36228)
  * core: remove path to transient unit file from unit name maps on stop (#36186)
  * tmpfiles: 3 trivial cleanups (#36332)
  * string-util: introduce strprepend(), drop effectively unused strnappend() (#36343)
  * Follow-ups for xattr-util (#36335)
  * udev-worker: add debugging log about success of flock() for whole block device
  * udev-watch: mention that the failure is ignored
  * udev-watch: do not try to remove invalid watch handle
  * update-utmp: do not give up if the first attempt at connecting bus failed
  * udev-worker: add debugging log about success of flock() for whole block device
  * udev-watch: mention that the failure is ignored
  * udev-watch: do not try to remove invalid watch handle
  * core/service: drop unneeded unit_add_to_gc_queue() (#36368)
  * core/mount: rework GracefulOptions= as x-systemd.graceful-option= (#36356)
  * README: mention fsopen() is since kernel v5.2
  * TODO: fix typo
  * journal-remote: fix typo
  * resolve: fix use-after-free
  * mkosi: wrap several more commands when running on sanitizers
  * TEST-75-RESOLVED: assume knot 3.0 or newer is installed
  * TEST-75-RESOLVED: keep IPv6 stack enabled
  * TEST-75-RESOLVED: skip a testcase when running on sanitizer
  * resolve: fix use-after-free (#36353)
  * journal-remote: trivial coding style fix
  * journal-remote: copy positional arguments
  * journal-remote: assume received data is not compressed when Content-Encoding header is not set
  * journal-remote: replace extract_first_word() with simple strchr()
  * journal-remote: several follow-ups for Compression= option handling
  * journal-upload: split-out update_content_encoding_header()
  * journal-upload: several follow-ups for Accept-Encoding header handling
  * macro-fundamental: add _nonnull_if_nonzero_ and use it in basic/ (#36395)
  * resolve: unify two validate_and_mangle_flags()
  * resolve: allow to specify SD_RESOLVED_NO_SEARCH flag in ResolveRecord
  * resolve: if both A and AAAA are refused, do not resolve address when resolving service
  * resolve: refuse ResolveService method if SRV is filtered
  * TEST-75-RESOLVED: drop unnecessary symlink creation
  * TEST-75-RESOLVED: revert changes done in each test case
  * TEST-75-RESOLVED: check TXT field
  * TEST-75-RESOLVED: add test cases for resolving service with record type filter
  * network: assume nexthop is supported by the kernel
  * network: add/update comments about required kernel configs
  * network/routing-policy-rule: assume FRA_PROTOCOL attribute is always set
  * network: mention IFLA_PERM_ADDRESS is since kernel v5.6
  * network/bridge-mdb: drop workaround for MDB entry on bridge
  * network/address: IFA_FLAGS is supported since kernel v3.14
  * network/address: update comment
  * network: update outdated comment
  * network/route: do not remove any foreign routes when KeepConfiguration=yes
  * test-network: add test case for KeepConfiguration=yes with RTPROT_BOOT
  * network: introduce link_should_mark_config()
  * nspawn: use FOREACH_ARRAY() where applicable
  * nspawn: enable FUSE unconditionally
  * nspawn: create /dev/net/tun only when it is accessible
  * nspawn: drop unused argument for copy_devnode_one()
  * nspawn: move the accessibility check for device nodes into copy_devnode_one()
  * journal-remote: modernize source_free()
  * journal-remote: fix memleak
  * network: fix KeepConfiguration=yes (#36414)
  * nspawn: unconditionally enable FUSE and use FOREACH_ARRAY() (#36407)
  * terminal-util: fix possible NULL pointer dereference
  * Journal-remote: modernize source_free() and fix memleak (#36430)
  * basic/linux: update kernel headers from v6.13-rc6
  * basic/linux: update kernel headers from v6.14-rc1
  * network/route: do not remove any foreign routes when KeepConfiguration=yes
  * test-network: add test case for KeepConfiguration=yes with RTPROT_BOOT
  * sd-event: always operate on child source via pidfd (#36480)
  * fuzz: decompress_startswith() may return zero
  * fuzz: tentatively disable fuzz-compress on oss-fuzz
  * fuzz: decompress_startswith() may return zero (#36490)
  * timesync: use event_reset_time_relative()
  * timesync: drop meaningless boolean flag
  * timesync: add short comment for boolean argument
  * sd-bus: sort enumerated child objects
  * test-bus-object: check if enumerated objects are sorted
  * udev-util: drop unnecessary inclusion of missing_threads.h
  * udev-builtin-uaccess: modernize code
  * udevadm-trigger: drop support of kernels order than 4.13
  * sd-device: always pass random UUID on triggering uevent
  * pam_systemd/pam_systemd_home: various fixes (#36505)
  * network: fix typo
  * journal-remote: fix typo
  * man: fix typo
  * docs: fix typo
  * test: fix typo
  * storagetm: fix typo
  * sbsign: trivial coding style cleanups
  * parse-util: extend the maximum length of nftable identifiers
  * osc-context: fix typo
  * test-network: extend test case for static routes
  * profile: return earlier if it is loaded from non-bash shell
  * recurse-dir: fix wrong assertion and error code in log
  * tmpfiles: fix output value assignment
  * basic/linux: update kernel headers from v6.14-rc4
  * README: bump supported minimum glibc version to 2.31
  * tree-wide: drop workarounds for statx()
  * test-stat-util: check if linux/stat.h is actually included from sys/stat.h
  * stat-util: drop statx_fallback()
  * mountpoint-util: make statx() failure critical
  * bump minimum required version of glibc to 2.31, and drop many fallback logic around statx() (#36558)
  * chattr-util: drop mostly unused 'previous' argument from chattr_path() and friends
  * missing_syscall: memfd_create() is supported by glibc since 2.27
  * missing_syscall: getrandom is supported by glibc since 2.25
  * missing_syscall: gettid is supported by glibc since 2.30
  * missing_syscall: name_to_handle_at is supported by glibc since 2.14
  * missing_syscall: setns is supported by glibc since 2.14
  * missing_syscall: renameat2 is supported by glibc since 2.28
  * missing_syscall: copy_file_range is supported by glibc since 2.27
  * missing_syscall: drop unused rt_sigqueueinfo wrapper
  * missing_syscall: drop unnecessary syscall number definitions
  * missing_syscall: drop unnecessary ifdefs for syscall number
  * missing_syscall: drop unnecessary definition of AT_EMPTY_PATH
  * memory-util: explicit_bzero() exists since glibc-2.25
  * alloc-util: reallocarray() exists since glibc-2.26
  * missing_stdlib: secure_getenv() exists since glibc-2.17
  * missing_type: char16_t and char32_t are always defined in uchar.h since C11
  * meson: cleanup glibc header checkers
  * missing_fcntl: drop definitions covered by glibc-2.31
  * missing_fs: drop unnecessary entries
  * basic/linux: import hidraw.h and hid.h from linux-6.14-rc4
  * missing_input: replace the header with genuine linux header
  * basic/linux: import ioprio.h from kernel 6.14-rc4
  * missing_keyctl: import keyctl.h from kernel 6.14-rc4
  * basic/linux: import loop.h from kernel 6.14-rc4, and drop missing_loop.h
  * missing_namespace: drop unnecessary entries
  * missing_network: drop unnecessary definitions
  * basic/linux: import prctl.h from linux 6.14-rc4
  * missing_resource.h: RLIMIT_RTTIME is defined since glibc-2.14
  * missing_securebits: remove unnecessary header
  * missing_socket: drop unnecessary definitions
  * missing_threads.h: threads.h exists since glibc-2.28
  * missing_timerfd: TFD_TIMER_CANCEL_ON_SET is defined since glibc-2.26
  * missing_wait: add short comment about P_PIDFD
  * basic/linux: import capability.h from kernel 6.14-rc4
  * missing_audit: AUDIT_NLGRP_READLOG is defined since kernel v3.16
  * basic: introduce our own sys/mount.h implementation
  * dirent-util: introduce simple wrapper of posix_getdents()
  * copy: slightly optimize around chattr_fd()
  * async: voidify call of fsync()
  * fileio: move call of label_ops_post() before error handling of creating files
  * generator: insert parentheses to make the code clearer
  * pe-binary: trivial coding style fixlets
  * pe-binary: fix array overrun
  * hwdb-util: drop unused value assignment
  * exec-invoke: modernize get_supplementary_groups()
  * exec-invoke: add missing assertions and drop unnecessary conditions
  * chattr-util: two trivial cleanups (#36593)
  * fuzz: decompress_startswith() may return zero
  * fuzz: tentatively disable fuzz-compress on oss-fuzz
  * recurse-dir: fix wrong assertion and error code in log
  * tmpfiles: fix output value assignment
  * async: voidify call of fsync()
  * generator: insert parentheses to make the code clearer
  * pe-binary: trivial coding style fixlets
  * pe-binary: fix array overrun
  * hwdb-util: drop unused value assignment
  * dirent-util: add several assertions in posix_getdents()
  * glibc bump followup (#36609)
  * test-network: drop deprecated ExecStart= modifier
  * TODO: fix typo
  * sd-varlink: fix typo
  * factory-reset: fix typo
  * tpm2-clear: fix typo
  * tree-wide: drop unnecessary break in default branch
  * core/main: several cleanups (#36669)
  * mount-setup: two trivial cleanups (#36668)
  * meson: bump required minimum version to 0.62.0
  * test-network: replace symlink to 99-default.link with a copy
  * meson: invert version check condition to magically suppress warning
  * meson: use install_symlink() where applicable
  * meson: use more features provided by newer meson
  * man: fix typo
  * po: update Japanese translations
  * meson: bump required minimum version to 0.62.0 (#36610)
  * vmspawn: fix typo
  * run: declare ARG_STDIO_XYZ like a flag
  * event-util: move event_source_hash_ops to event-util
  * nsresourced,vmspawn,mountfsd: various smaller fixes (#36689)
  * udev: split out synthesize_change_all() from synthesize_change()
  * udev: scan partitions and trigger synthetic change events in child process
  * udev: use ERRNO_IS_NEG_* where appropriate (#36690)
  * udev: reread partition table and trigger synthetic change events in child process (#36685)
  * tmpfiles: ignore ENOENT when file is removed during setting parmission and friends
  * TEST-23-UNIT-FILE: skip verifying masked unit
  * ci/mkosi: enable sanitizers on Fedora 41
  * TEST-74-AUX-UTILS: fail earlier when systemd-run fail to reconnect to bus
  * run: check if the start job is finished on PropertiesChanged signal and so on
  * mountfsd: add complete varlink introspection comments (#36703)
  * resolve question marks in /etc/hostname to characters hashed from machine ID (#36647)
  * hostname: fix typo
  * test: add test cases for hostname_substitute_wildcards()
  * hostname-setup: use strchr() to find wildcard character
  * meson: drop split-usr, rootlibdir, and rootprefix from meson_options.txt
  * hostname: several follow-ups for wildcard hostname support (#36707)
  * sd-device: protect more properties often set by kernel and internally used by udevd
  * sd-device: reorder elements in sd_device object
  * test-sd-device: use ASSERT_OK() and friends
  * test: do not pass return value to log_error_errno() on success
  * sd_device: introduce device_get_ifname()
  * udev-builtin-net_driver: use correct interface name
  * udev-event: set INTERFACE/INTERFACE_OLD property on rename only when the device is a network interface
  * udev-event: fix filtering logic of renaming network interface
  * udev/net: fix assignment of ID_NET_NAME=
  * udev/net: replace device_unsigned_attribute() with device_get_sysattr_unsigned()
  * tests: introduce ASSERT_PTR_EQ()
  * test-netlink: use ASSERT_OK() and friends
  * netlink-util: merge rtnl_get_link_info() and rtnl_get_ifname_full() into rtnl_get_link_info_full()
  * netlink-util: allow to call rtnl_set_link_name() and friends with NULL rtnl
  * netlink-util: move several function prototypes
  * boot: fix use of uninitialized value on error
  * boot: introduce string tables for RebootOnError and sucure_boot_enroll
  * udev: use INTERFACE property rather than sysname when processing network interface (#36627)
  * homectl: insert missing 'else'
  * homed: fix OOM check
  * test-netlink: fix use of ASSERT_OK()
  * test: wrap assignments in ASSERT_OK() and friends with parentheses
  * udev/net: enable new [EnergyEfficientEthernet] section
  * boot: several follow-ups for reboot-on-error feature (#36721)
  * nsresource: fix error handling
  * nsresource: fix GID check in io.systemd.UserDatabase.GetGroupRecord method
  * Fix several issues found by Coverity (#36726)
  * TEST-73-LOCALE: do not unnecessarily restart systemd-localed
  * test-localed-util: use ASSERT_OK() and friends
  * test-macro: CONST_MAX() and friends may return (void*)0 when built under coverity
  * tests: replace ASSERT_OK() and friends with coverity firendy function
  * test: fix wrong use of ASSERT_OK() and friends
  * meson: handle bool-compare warning as error
  * test: drop redundant parentheses in ASSERT_OK() and friends
  * network: do not remove static routes on other interfaces that are currently in the pending state
  * test-cgroup-util: allow ESRCH in cg_pidref_get_path() and friends
  * network: fix unexpected removal of routes on restart even when KeepConfiguration=yes (#36756)
  * Fix bootctl status to not print strange glyphs in logs (#36745)
  * macro: Introduce UTF8() macro to define UTF-8 string literal
  * meson: make pointer-sign warning critical
  * meson: update C standards table for building header tests
  * nspawn: introduce --cleanup option to clear propagation and unix-export directories
  * TEST-13-NSPAWN: re-enable KILL test
  * test-execute: use time event source rather than custom timeout check
  * nspawn: introduce --cleanup option (#34776)
  * run: trivial followups (#36765)
  * udev-builtin: align builtins table
  * udev-builtin: add missing UDEV_RELOAD_BUILTIN_FACTORY_RESET
  * udev-builtin: make btrfs builtin command only check arguments when run in test mode
  * udev-builtin-btrfs: refuse to call for irrelevant device node
  * shell-completion: add factory_reset udev builtin command
  * TEST-17-UDEV: add more test cases for udev builtins
  * nsresourced,vmspawn: allow unpriv "tap" based networking in vmspawn (#36688)
  * some user record fixes (#36776)
  * getty-generator: unify add_serial_getty() and add_container_getty()
  * analyze-condition: rewrite condition parser
  * condition: align string table
  * nsresourced: fix assignment of target_gid
  * initctl: fix error handling
  * sd-varlink: fix overwrite of loop count
  * vmspawn: do not use r for loop count
  * oomd: do not ignore failure in sd_lisen_fds()
  * tree-wide: check more log message format in log_struct() and friends
  * journal: use LOG_ITEM() macros in server_driver_message()
  * nspawn: make failure in sd_listen_fds() critical
  * bitfield: check if specified index is non-negative
  * boot: always pass an array of PeSectionVector to pe_locate_sections()
  * bus-unit-procs: add one more assertion for Coverity
  * journal: fix indentation
  * logind-action: use BIT_SET() and SET_BIT()
  * logs-show: comment out dead code
  * sd-dhcp-client: use event_reset_time_relative()
  * nspawn-oci: update overflow check
  * io-util: add one more assertion for Coverity
  * ptyfwd: use usec_add()
  * Introduce ConditionVersion (#36468)
  * core: Make DelegateNamespaces= work for user managers with CAP_SYS_ADMIN (#36771)
  * man: fix typo
  * edit-util: don't leave custom editor args around if we shall fall back (#36813)
  * analyze: propagate error code returned by _from_string()
  * udev: make udevadm and friends not warn about unknown settings
  * nsresource: fix GID check in io.systemd.UserDatabase.GetGroupRecord method
  * network: do not remove static routes on other interfaces that are currently in the pending state
  * initctl: fix error handling
  * sd-varlink: fix overwrite of loop count
  * udev: make udevadm and friends not warn about unknown settings
  * ci/mkosi: enable sanitizers on Fedora 41
  * TEST-73-LOCALE: do not unnecessarily restart systemd-localed
  * man/networkd.conf: revert unexpected replacement of PersistLeases= setting
  * man/timedatectl: add reference to systemd.time(7)
  * test-watch-pid: move required test conditions to intro()
  * test-watch-pid: use pidref_safe_fork() with FORK_FREEZE
  * core: drop unused wrappers of manager_get_unit_by_pidref() and friends
  * coredump: make sure pid1/journal coredumps are not lost when Storage=journal is selected (#36870)
  * core: drop manager_get_unit_by_pid() and friends (#36872)
  * homed: move things over to quotactl_fd() (#36902)
  * Log message improvements (#35237)
  * watchdog: fix typo
  * missing_socket: drop unnecessary definitions and update comments
  * README: fix version of SO_BINDTOIFINDEX
  * core/manager: update comment
  * tree-wide: extend the comment about the issue in __convert_scm_timestamps()
  * Several updates for socket option (#36905)
  * introduce systemd-validatefs@.service that ensures file systems can only be used in the way they were intended (#36714)
  * socket-util: introduce socket_autobind() helper (#36893)
  * ac-power: follow-up for recent change
  * notify-recv: introduce notify_socket_prepare()
  * udev-manager: use notify_start() and notify_on_cleanup()
  * udev-manager: coding style cleanups
  * homed: use notify_socket_prepare()
  * import: use notify_socket_prepare()
  * notify: use notify_socket_prepare()
  * sysupdate-transfer: fix potential memleak
  * sysupdate-transfer: use notify_socket_prepare()
  * sysupdated: use notify_socket_prepare()
  * udev: trivial cleanups (#36912)
  * validatefs: several follow-ups (#36910)
  * udev: disable timer event source for cleaning up idle workers when no worker exists
  * udev: update log messages
  * introduce notify_socket_prepare() and use it where applicable (#36911)
  * udev: trivial cleanups (#36916)
  * udev-spawn: manage spawned processes by PidRef
  * Revert "test: call nvme-cli with --hostnqn= instead of the deprecated --hostid="
  * test: replace deprecated --hostid= with --hostnqn=
  * d/rules: drop nscd meson option
  * notify-recv: several follow-ups for notify_socket_prepare()
  * user-runtime-dir: correct quota size calculation (#36884)
  * unit: don't bother determining unit install state for transient or perpetual units (#36504)
  * resolve: always use openssl as backend of DNS-over-TLS
  * resolve: rename resolved-dnstls-openssl.c -> resolved-dnstls.c
  * man/networkd.conf: revert unexpected replacement of PersistLeases= setting
  * man/timedatectl: add reference to systemd.time(7)
  * udev: update log messages
  * test: replace deprecated --hostid= with --hostnqn=
  * resolve,import: always use openssl
  * Update NEWS
  * test: drop unnecessary '>= 0' in ASSERT_OK()
  * udev-spawn: voidify pidref_kill_and_sigcont()
  * rm-rf: introduce rm_rf_safe() and rm_rf_safep()
  * udev-watch: modernize udev_watch_restore()
  * udev-manager: do not free device monitor when asked to terminate
  * udev-manager: broadcast event in event_requeue() on failure
  * udev: split out error code assignment and move them to udev-error.c
  * udev: use sd_notify to communicate between worker and manager processes
  * udev-manager: use PidRef for managing worker processes
  * process-util: make wait_for_terminate() as trivial wrapper of its PidRef version
  * udevadm-lock: use PidRef
  * core: delegate mountns implicitly when any of pidns/cgns/netns is in use, clean up private cgroupfs mount (#36892)
  * meson: disable rc-local-generator when an empty string is specified to rc-local= meson option
  * meson: rename RC_LOCAL_PATH -> SYSTEM_SYSVRCLOCAL_PATH
  * udev: introduce rm_rf_safep() and modernize udev_watch_restore() (#36923)
  * some selinux modernizations (#36955)
  * udev: use notify socket to send message from worker processes to manager process (#36922)
  * tree-wide: pass -EBADF to device_monitor_new_full()
  * udevdm: use PidRef at one more place (#36959)
  * logind: utmp fix (#36958)
  * Several cleanups for rc-local-generator (#36953)
  * prioq: minor tweaks (#36963)
  * sd_journal_get_cursor() tweaks (#36964)
  * journald: split out varlink code into .c/.h file and add varlink documentation to it (#36965)
  * journald: two minor tweaks (#36966)
  * memfd-util: make memfd_add/get_seals() static
  * tree-wide: replace unsigned int -> unsigned, long int -> long
  * Two trivial cleanups (#36980)
  * test: set timeout for udevadm settle/wait/lock
  * test: Use test.service template for all integration tests (#36979)
  * test: wait for the device node symlink being created
  * two udev blkid builtin tweaks (#36968)
  * generator: two minor tweaks to fsck code (#36970)
  * ci: enable linter for generate-sym-test.py
  * test: rename README.testsuite -> README.md
  * logs-show: skip journal entry with an invalid timestamp
  * fuzz-journal-remote: use ASSERT_OK() and friends
  * dhcp: split out DHCP_MESSAGE_HEADER_DEFINITION to allow building test-dhcp-server.c with -Werror=flex-array-member-not-at-end
  * boot: allow building sd-boot with -Werror=flex-array-member-not-at-end
  * sbsign: rename WIN_CERTIFICATE -> WIN_CERTIFICATE_HEADER and drop trailing flexible array
  * ethtool: do not embed struct with flexible array into another struct
  * meson: enable -Werror=flex-array-member-not-at-end
  * build-path: check if found path is executable binary
  * build-path: make pin_callout_binary() optionally provides the path to the found executable
  * udev-spawn: search executed command in build directory
  * udev-spawn: search executed command in build directory (#36985)
  * stat-util: drop unnecessary call of xopenat() in xstatfsat()
  * TEST-64-UDEV-STORAGE: enable debug logging and set timeout
  * udev: move inotify watch related functions to udev-watch.c
  * udev-watch: split-out manager_process_inotify() from on_inotify()
  * udev: push inotify fd to file descriptor store
  * udev-watch: dump installed inotify watches on start and stop
  * TEST-17-UDEV: rename subtests
  * TEST-17-UDEV: check journal about inotify watch
  * nspawn: drop cgv1 handling; core: drop cgroup agent (#36764)
  * udev-watch: push inotify fd to service manager's fdstore (#36977)
  * mkosi: update arch commit reference
  * mkosi/opensuse: drop default-hierarchy from systemd.spec
  * meson: remove more deprecated meson options
  * meson: remove more deprecated meson options (#36915)
  * build-path: port to find_executable() and friends, do not return resolved path (#37025)
  * udev: move extra_timeout_usec() to udev-config.c
  * udev: fix typo
  * terminal-util: fix typo
  * terminal-util: fix typo
  * network: fix typo
  * core/service: fix typo
  * network/netdev: fix typo
  * string-util: fix typo
  * machine: fix typo
  * pcre2-util: fix typo
  * fs-util: fix typo
  * NEWS,TODO: fix typo
  * man/nss-resolve: fix typo
  * man/gpt-auto: fix typo
  * man/tmpfile: fix typo
  * docs/ARCHITECTURE: fix typo
  * docs/NETWORK_ONLINE: fix typo
  * units: update comment
  * udev: split out two functions from on_post()
  * udev: unconditionally send signals to workers
  * udev: do not wait for event queue being empty on exit
  * udev: drop unnecessary discardment of queued events
  * test-notify-recv: fix message string
  * nspawn/oci: also set CPUQuotaPeriodUSec DBus property
  * nspawn/oci: replace use of deprecated CPUShares with CPUWeight
  * nspawn/oci: replace use of deprecated BlockIOWeight/BlockIODeviceWeight with IOWeight/IODeviceWeight
  * nspawn-oci: replace use of deprecated cgroup v1 properties with v2 ones (#37038)
  * TEST-17-UDEV: update rules filename
  * TEST-17-UDEV: fd may be >= 10
  * TEST-04-JOURNAL: include util.sh before calling cgroupfs_supports_user_xattrs()
  * TEST-04-JOURNAL: sync journal in test script, and find journal with invocation ID
  * TEST-17-UDEV: several follow-ups (#37042)
  * udev-watch: add inotify watch by manager process
  * udev: adjust event source priorities
  * udev-watch: add inotify watch by manager process (#37023)
  * shell-completion/udevadm: support dissect_image builtin
  * udev-config: restore log level set by systemd.log_level on reload
  * udev: merge manager_init() into manager_main()
  * udev-manager: move functions to place related functions closer together
  * test: drop unnecessary comparison and use correct assertion macros
  * core,run0: fixlets/tweaks around $SHELL handling (#37052)
  * JSON User/Group records: Add properties for UUIDs (#37024)
  * udev-varlink: introduce io.systemd.Udev.Revert method
  * udevadm: introduce --revert option to call io.systemd.service.Revert
  * daemon-util: expose notify_remove_fd_warn()
  * udev-config: serialize/deserialize dynamical configurations
  * TEST-17-UDEV: add test cases for reverting/serializing/deserializing config
  * udev: support reverting/serializing/deserializing configurations set by 'udevadm control' (#37067)
  * udev-rules: add more verbose messages for ATTR{} and ATTRS{}
  * core: drop cgroup v1 synthetic empty event logic (#37099)
  * test: also wait for all queued events being processed
  * network/netdev: remove support of netdevsim
  * busctl: set destructor to member_hash_ops
  * busctl: use strdup_to() and set_consume()
  * busctl: use set_dump_sorted() and FOREACH_ARRAY()
  * busctl: use table to format result of introspect command
  * libudev-list: use custom hash_ops with destructor for udev_list_entry
  * libudev-list: use hashmap_dump_sorted()
  * libudev-list: use strdup_to()
  * libudev: use 'type* func()' style rather than 'type *func()'
  * socket-proxy: use event_reset_time_relative()
  * socket-proxy: make connection_free() return NULL
  * socket-proxy: use hash_ops with destructor for managing Connection
  * event-util: use DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR() to define event_source_hash_ops
  * socket-proxy: use event_source_hash_ops for managing event sources
  * socket-proxy: reset connection only in callback functions
  * locale-util: fix argument for munmap()
  * locale-util: filter out non-UTF-8 locales even when failed to parse $SYSTEMD_LIST_NON_UTF8_LOCALES
  * locale-util: coding style cleanups
  * set: introduce set_to_strv()
  * strv: constify arguments for strv_equal_ignore_order()
  * locale-util: use string_hash_ops_free and set_to_strv()
  * kbd-util: use string_hash_ops_free and set_to_strv()
  * stdio-bridge: minor coding style cleanup (#37110)
  * socket-proxy: several cleanups (#37107)
  * locale-util,kbd-util: several cleanups (#37090)
  * install: use path_hash_ops_free
  * install: use hash_ops with destructor for InstallInfo
  * core: replace unnecessary use of set_free_free() with set_free()
  * core,systemctl: unit_file_find_fragment() provides names with string_hash_ops_free
  * core/unit: use string_hash_ops_free for Unit.aliases
  * unit-file: use set_free() to free paths
  * journal: replace unnecessary use of set_free_free() with set_free()
  * journal: use hash_ops with destructor that make JournalFile offline and close
  * sd-journal: use hash_ops with destructor that closes JournalFile
  * journal-remote: introduce custom hash_ops with destructor for MHDDaemonWrapper
  * resolve: use dns_name_hash_ops_free for dnssec negative trust anchor
  * resolved-dns-scope: use hash_ops with destructor for conflict_queue
  * resolved-dns-trust-anchor: use hash_ops with destructor for managing RRs
  * resolved-dns-trust-anchor: use hash_ops with destructor for managing DnsAnswer
  * analyze: replace set_free_free() with set_free()
  * coredump: replace custom cleanup function with specific hash_ops with destructor
  * sd-device: replace set_free_free() with set_free()
  * sd-device-enumerator: use custom hash_ops with destructor
  * sd-netlink: introduce custom hash_ops for GenericNetlinkFamily
  * sysusers: use trivial_hash_ops_free for storing user/group name
  * sysv-generator: introduce hash_ops for SysvStub
  * wait-online: use hash_ops with destructor for managing Link
  * wait-online: move manager_process_link() to link.c
  * network-generator: use hash_ops with destructor for Network, NetDev, and Link
  * test-networkd-conf: config_parse_ether_addrs() uses ether_addr_hash_ops_free
  * network: use dns_name_hash_ops_free in dnssec negative trust anchors
  * network: use in6_addr_hash_ops_free in Network.ipv6_proxy_ndp_addresses
  * network/ndisc: replace set_free_free() with set_free()
  * network,udev: use hash_ops with destructor to manage SR-IOV configs
  * network/radv: use hash_ops with destructor for managing prefixes
  * network/dhcp-server: use hash_ops with destructor for static lease
  * network/bridge-fdb,mdb: use hash_ops with destructor
  * network/network: use hash_ops with destructor for managing stacked netdevs
  * hashmap: introduce ordered_hashmap_free_and_replace()
  * network/network: use hash_ops with destructor for managing Network objects
  * network/link: use hash_ops with destructor for managing Link objects
  * network/wiphy: use hash_ops with destructor for managing Wiphy objects
  * socket-proxy: fix use-after-free
  * shared/condition: remove cgroup hierarchy check (#37101)
  * core: hash_ops related cleanups (#37114)
  * loop-util: drop workaround for kernel older than v5.0
  * resolve: drop code for supporting old kernels (<3.2)
  * test-condition: drop cgroup version check
  * udev-builtin-net_id: drop old kernels (<4.20) support
  * sd-netlink,sd-device: drop old kernels (<4.2) support
  * tree-wide: IFA_FLAGS is supported since kernel v3.14
  * test: drop error conditions for old kernels (<3.2)
  * journal: remove old kernels (<3.2) support in monitoring hostname
  * journal/kmsg: drop support old kernels (<3.5) without reading /dev/kmsg support
  * journal/kmsg: drop Server.dev_kmsg_readable flag and use Server.read_kmsg
  * journal/kmsg: modernize server_open_dev_kmsg()
  * journal/kmsg: drop old kernels (<3.6) support
  * journal: drop old kernels support (#37137)
  * network-tools: hash_ops related cleanups (#37118)
  * resolve: hash_ops related cleanups (#37116)
  * journal: hash_ops related cleanups (#37115)
  * test: replace deprecated CGroup v1 settings with v2 ones
  * core: remove deprecated CGroup v1 settings
  * core: deprecate CGroup v1 DBus properties
  * bus-unit-util: refuse setting CGroup v1 properties through DBus
  * core/cgroup: remove CGroup v1 settings in dump message
  * core/cgroup: remove unused legacy parameters in CGroupContext
  * core/cgroup: remove logic of CGroup v1 attribute assignment
  * core/cgroup: drop unnecessary _unified_ modifier from function names
  * core/cgroup: drop unnecessary cgroup version check in several getters
  * core/cgroup: drop cgroup v1 specific code in unit_update_cgroup()
  * core/bpf-devices: drop cgroup v1 support
  * core/bpf-foreign: drop unnecessary check for cgroup v1
  * core: drop several more cgroup version check
  * cgroup-setup: drop cgroup v1 support
  * cgroup-setup: drop unnecessary controller argument
  * cgroup-setup: use path_join() to get path to cgroup attribute
  * core: remove cgroup v1 properties (#37026)
  * resolve: fix memleak
  * resolve: use set_dump_sorted() at one more place
  * conf-files: use hashmap_dump_sorted() at one more place
  * docs: fix mkosi section for Environment= setting
  * use hashmap_dump_sorted() and friends at more several places (#37150)
  * network/l2tp: use hash_ops with destructor for managing sessions
  * network/wireguard: use hash_ops with destructor for managing WireguardPeer
  * network/macsec: replace security_association_init() with structured initializer
  * network/macsec: use hash_ops with destructor
  * network/netdev: hash_ops related cleanups (#37119)
  * sd-netlink: prepare buffer for dropping unexpected message
  * libudev: several trivial cleanups (#37106)
  * misc: hash_ops related cleanups (#37117)
  * network/network: hash_ops related cleanups (#37120)
  * network/manager: hash_ops related cleanups (#37121)
  * udev: re-add unintentionally dropped error log
  * daemon-util: remove existing fds with the same name from fdstore
  * test: use string_hash_ops_free
  * test: make the copied set not take the ownership of elements
  * set: drop unused set_free_free()
  * hashmap: drop unused free func arguments in hashmap_free() and hashmap_clear()
  * hashmap: drop hashmap_free_with_destructor() and friends
  * network: update comment as hashmap_free_with_destructor() does not exist anymore
  * NEWS: mention integration-tests meson option is deprecated
  * meson: build tests for nspawn even -Dnspawn= is disabled
  * hashmap: kill hashmap_free_with_destructor() and friends (#37111)
  * udev: serialize queued events on exit, and deserialize them in the next invocation
  * TEST-17-UDEV: add test case for queued events serialization/deserialization
  * bootctl: fix typo
  * NEWS: mention that F20 and friends has been replaced with micmute and so on
  * Add two new paragraphs to coding style about header files (#37188)
  * network/link: move logging
  * network/ipv4ll: introduce ipv4ll_start() helper function
  * network: enable ARP= when IPv4LL/IPv4ACD is enabled
  * ssh-proxy: use % as an alternative separator
  * cgroup-util: drop cg_freezer_supported() and cg_ns_supported() (#37201)
  * Revert "tests: add test for StartAuxiliaryScope()"
  * core: remove deprecated StartAuxiliaryScope() DBus method
  * NEWS: mention org.freedesktop.systemd1.StartAuxiliaryScope() has been removed
  * core: kill StartAuxiliaryScope() DBus method (#37184)
  * man/systemctl: list-sockets command sorts the result
  * unit-file: use STRV_FOREACH_PAIR() macro at one more place
  * man/systemd: fix mapping from SysV runlevel to actual target name
  * man/systemd: drop explanation about SysV compatibilities
  * test: drop nonexistent units from test-unit-name
  * test-specifier: replace /dev/initctl with /dev/fd
  * meson: use deprecated tag for dns-over-tls and cryptolib meson options
  * mkosi: Add extra packages to the tools tree (#37218)
  * sd-device: fix sysname check in sd_device_new_from_subsystem_sysname()
  * network: enable ARP when IPv4LL and/or IPv4ACD is enabled (#37190)
  * core/socket: do not enter failed state when we cannot start service due to conflicting transaction being queued
  * units: stop systemd-udevd before soft-reboot
  * TEST-82-SOFTREBOOT: add test case for uevents generated during soft-reboot
  * man,network: fix typo
  * udev: support soft-reboot (#37222)
  * resolvectl: make three booleans for read_dns_server_one() into one enum
  * resolvectl: skip reading remaining elements when an invalid address is specified
  * core/dbus-cgroup: use bus_message_read_in_addr_auto() at one more place
  * Remove unused code and fix one bug (#37225)
  * sd-json: fix conditions
  * Several cleanups for reading IP address from DBus message (#37230)
  * core/device: fix meaningless assertion
  * format-table: add _TABLE_ERSATZ_INVALID to follow our usual coding style
  * journal-file: fix meaning less assertion
  * networkd: reduce the default IPv4 DAD (ACD) timeout and make it configurable (#37138)
  * udev: try again to create /run/udev/queue when queueing the next event
  * udev: do not remove /run/udev/queue file when we are synthesizing events
  * udev: readjust priorities of event sources
  * tree-wide: fix typo
  * man/busctl: many other commands can take --json=/-j
  * basic/include/linux: update kernel headers from v6.15-rc4
  * tree-wide: drop unnecessary inclusion of tmpfile-util.h
  * linux: include sys/socket.h in linux/vm_sockets.h
  * network: ignore error in configuring SR-IOV VFs
  * network,udev: reword log messages in setting SR-IOV VFs
  * netif-sriov: align table
  * network,udev: configure SR-IOV VF attribute one-by-one
  * sd-bus: introduce sd_bus_message_dump_json()
  * busctl: split out bus_message_dump()
  * sd-bus/bus-dump: several coding style cleanups
  * sd-bus/bus-dump,busctl: downgrade log level in sd_bus_message_dump(), and log in the caller side
  * network/tuntap: verify User=/Group= settings earlier
  * network/tuntap: deny non-system users/groups from owning Tun/Tap interfaces
  * network/tuntap: verify User=/Group= earlier and refuse non-system users/groups (#37294)
  * network,udev: several fixlets for setting up SR-IOV VFs (#37269)
  * sd-bus,busctl: introduce sd_bus_message_dump_json() and use it (#37266)
  * network/ndisc: drop only default gateway via the host when a neighbor announcement without router flag is received
  * TEST-17: drop unnecessary $PATH setting
  * wait-online: handle varlink connection errors while waiting for DNS (#37283)
  * various: convert more readers of /proc/ to plain read_full_file() (#37299)
  * Vmspawn fixes (#37320)
  * network/route: split out route_to_string() from log_route_debug()
  * network/nexthop: split out nexthop_to_string()
  * network: make log_link_message_full_errno() take format string
  * network/sriov: mention which setting could not be applied in log message
  * udev/net: mention which SR-IOV setting could not be applied in log message
  * udev/net: update log message
  * prioq: coding style fixes
  * network,udev: several improvements for logging (#37337)
  * hibernate-resume: automatically decrypt dissected swap (#37335)
  * cleanup: bugprone argument issues (#37346)
  * Bugprone argument comments - round 3 (#37356)
  * core/service: minor cleanups (#37362)
  * Reword descriptions of RestrictAddressFamilies= and SystemCallFilter= (#37367)
  * Reduce the number of transitive includes (#37364)
  * units: enable IgnoreOnIsolate=yes on systemd-udevd-kernel.socket
  * boot: Add EDID (#36843)
  * man: fix typo
  * udev-worker: allocate UdevEvent object just before use
  * udev-worker: notify device node of whole disk to manager when the disk is locked
  * network: log_link_message_debug_errno() automatically append %m if necessary
  * set: rename _set_ensure_allocated() -> set_ensure_allocated()
  * core/unit: use the same hash_ops originally used on allocation
  * resolve: use set_put_strdup_full() to specify hash_ops
  * hashmap: check if identical hash_ops is specified if already allocated
  * prioq: check if identical compare func is specified if already allocated
  * prioq: make prioq_ensure_put() type safe
  * udev: enable kill workers timer when processing queued events stopped
  * TEST-17-UDEV: drop needless numbering
  * TEST-17-UDEV: extend test cases for udevadm control --start-exec-queue/--stop-exec-queue
  * udev: enable kill workers timer when processing events stopped (#37382)
  * udevadm-trigger: parse all arguments before doing anything (#37293)
  * user-util,user-record-nss: initialize buffer before calling getpwnam_r() and friends
  * userdb: introduce user/group_record_buildo() helper macros
  * user-record: introduce USERDB_MATCH_ROOT_AND_SYSTEM
  * network/tuntap: allow to specify root to User=/Group=
  * userdb: introduce USERDB_SYNTHESIZE_NUMERIC flag
  * udev: use userdb_by_name()/groupdb_by_name()
  * udevadm-info: parse all arguments before doing anything (#37292)
  * udev: replace get_user/group_creds() with userdb/groupdb_by_name() (#37304)
  * core: replace cgroup_bpf_supported() with dlopen_bpf_full()
  * core/bpf: drop unnecessary check for probing program type
  * bpf-compat: drop unused compat_libbpf_probe_bpf_prog_type()
  * bpf-program: introduce bpf_program_supported() helper function
  * core/cgroup: foreign bpf programs needs to pass bpf_program_supported()
  * core/bpf-firewall: replace bpf_firewall_supported() with bpf_program_supported()
  * core/bpf-devices: use bpf_program_supported()
  * test: allow to allocate test scope even running with unprivileged user
  * udev: introduce event_freep() and use it as cleanup attribute
  * udev: cache last queued event entry
  * udev: check earlier if there is a free room for processing an event
  * udev: list up all dependencies of an event when the first time it is examined
  * udev: move timeout event sources from struct Event to struct Worker
  * sd-device: rename arguments
  * udev: split out device_broadcast_on_error()
  * udev: move error handling in event_requeue() to caller
  * udev: several cleanups for managing events (#37384)
  * udev: refactoring for managing events for locked block devices
  * udev: drop event_is_blocked()
  * udev: sort queued events by their seqnum
  * core/bpf: drop old kernels support (#37151)
  * mount-tool: honor arg_canonicalize for ACTION_UMOUNT path_is_absolute() check too (#37398)
  * core/unit: suffix directory paths with slash
  * core/namespace: introduce should_propagate_to_submounts() helper function
  * core/namespace: split out append_private_tmp()
  * core/mount,swap: reload unit when manually mounted/started and we previously failed to load
  * core/mount: drop unnecessary dependency generations
  * core: disable mounting disconnected private tmpfs on /var/tmp/ when DefaultDependencies=no
  * test-execute: add test case for PrivateTmp=disconnected
  * man/systemd.exec: update documents for PrivateTmp=
  * udev: sort received events by their seqnum (#37314)
  * core/namespace: fix issue in PrivateTmp=disconnected vs var.mount (#37271)
  * meson: Various improvements (#37395)
  * core: assorted cleanups (#37410)
  * hwdb: add bladeRF SDR devices (#37413)
  * backlight: use device_get_sysattr_unsigned() at one more place
  * backlight: replace recursion with for loop
  * device-util: introduce several more helper functions
  * device-util: introduce device_get_seat() helper function
  * login: use FOREACH_STRING() at one more place
  * login: do not call manager_process_seat_device() more than once per event
  * login,udev: avoid race between systemd-logind and systemd-udevd in setting ACLs
  * udev: move devnoce_acl() to udev-builtin-uaccess.c
  * acl-util: make acl_find_uid() static
  * systemctl: make systemctl clean --what= values more discoverable (#37418)
  * TEST-21-DFUZZER: skip test when no sanitizer is enabled
  * github/mkosi: tentatively disable mkosi(opensuse) job
  * integration-tests: adjust priorities
  * TEST-73-LOCALE: drop unnecessary workaround
  * TEST-73-LOCALE: skip lv keymap and friends
  * meson: fix path to coverage.h
  * integration-tests: several cleanups (#37394)
  * man: fix typo
  * validatefs: drop unnecessary empty lines
  * validatefs: split out validating gpt label and type
  * Improve hwdb boilerplate texts (#37440)
  * Small fixups after review for stable (#37442)
  * Bugprone argument comment - round 4 (#37380)
  * validatefs: follow ups for recent change (#37447)
  * TEST-04-JOURNAL: include util.sh before calling cgroupfs_supports_user_xattrs()
  * TEST-04-JOURNAL: sync journal in test script, and find journal with invocation ID
  * locale-util: fix argument for munmap()
  * man/systemctl: list-sockets command sorts the result
  * man/systemd: fix mapping from SysV runlevel to actual target name
  * test-specifier: replace /dev/initctl with /dev/fd
  * core/socket: do not enter failed state when we cannot start service due to conflicting transaction being queued
  * units: stop systemd-udevd before soft-reboot
  * TEST-82-SOFTREBOOT: add test case for uevents generated during soft-reboot
  * sd-json: fix conditions
  * tree-wide: fix typo
  * man/busctl: many other commands can take --json=/-j
  * network/ndisc: drop only default gateway via the host when a neighbor announcement without router flag is received
  * sd-device: fix sysname check in sd_device_new_from_subsystem_sysname()
  * resolve: fix typo
  * network: do not drop duplicated entries in loop
  * hwdb: add PLUTO SDR (#37471)
  * man: fix path to version.h
  * journalctl: fix typo
  * varlink: fix typo
  * man/systemctl: fix typo
  * TEST-07-PID1: drop journal message flood test
  * Remove overzealous checks (#37493)
  * units: kill only udev services and keep udev sockets on switching root
  * meson: fix executable name in comment
  * Bugprone argument comment 6 (#37507)
  * Clean up more includes (#37527)
  * Various cleanups (#37531)
  * core/namespace: unapplicable -> inapplicable
  * README: update badges
  * logind: state serialization fixes (#37555)
  * test-vpick: use more strict check
  * unit-def: reindent comments
  * hostname: add hardware family, sku and version (#36956)
  * hostname: use proper type
  * hostname: use FOREACH_ARGUMENT() at one more place
  * path-util: add flavour of path_startswith() that leaves a leading slash in place (#37572)
  * hostname: two trivial cleanups (#37583)
  * hwdb: merge entries for Ettus Research B200
  * linux: update kernel headers from v6.15-rc7
  * Bugprone argument comment 7 (#37556)
  * Two follow ups for #37591 (#37594)
  * udevadm-info: update error messages (#37619)
  * cgroup-util: drop handcrafted cg_is_empty(), always check cgroup.events populated field (#37624)
  * bpf-program: check if a trivial BPF program can be created and loaded
  * cgroup-util: minor cleanups (#37630)
  * network/link: ENODATA from reading IFLA_MASTER when an interface has no master
  * network/link: update state file when master ifindex is changed
  * test-network: add test case for issue #37629
  * test-network: replace unnecessary assertRegex() with assertIn()
  * meson: check -ffinite-math-only in more detail
  * meson: also disable -Wmaybe-uninitialized when -Ofast is specified
  * core/exec-invoke: don't set $TMPDIR if sandboxing is disabled (#37637)
  * cgroup-util: drop CGROUP_MASK_EXTEND_JOINED; move CGROUP_CPU_SHARES/BLKIO* to nspawn-oci (#37639)
  * sd-bus: rename internal structs and enums
  * TEST-21-DFUZZER: skip test when no sanitizer is enabled
  * integration-tests: adjust priorities
  * TEST-73-LOCALE: drop unnecessary workaround
  * TEST-73-LOCALE: skip lv keymap and friends
  * network: do not drop duplicated entries in loop
  * NEWS: fix typo
  * man/udevadm: update command arguments
  * udevadm-info: use RET_GATHER() at one more place
  * udevadm: allow to specify device by device ID
  * NEWS: mention that udevadm can take device IDs to specify devices
  * core/transaction: rename ret -> job
  * core/transaction: fix comment
  * core/transaction: drop redundant call of bus_unit_validate_load_state()
  * core/transaction: do not override unit load state when unit_load() failed
  * core: introduce Unit.dependency_generation counter and restart loop when dependency is updated in the loop
  * test: add test case for issue #36031
  * login: add device monitor instance to receive events for devices with uaccess tag
  * login: add several debugging logs about synthetic events
  * TODO: drop entry about removal of unnecessary INTERFACE_OLD check in udevadm trigger
  * core/transaction: restart dependency loop when a new dependency is added (#37465)
  * core/cgroup: update comment
  * terminal-util: fix typo
  * bootctl: do not print slash more than once
  * udevadm: allow to specify device by device ID (#37636)
  * Bugprone argument comment 8 (#37678)
  * repart: if partition already exists, required size may not be multiple of grain size
  * bus-unit-util: warn and ignore assignment of deprecated properties
  * core/varlink: use forward.h at two more places
  * sd-journal: variable sized array cannot be used in ObjectHeader
  * sd-journal: replace sizeof(ObjectHeader) with offsetof(ObjectHeader, payload)
  * sd-journal: drop unnecessary use of dummy_t
  * sd-event: move flex array in struct inotify_data to the end
  * sd-dhcp: explicitly set buffer size of each type
  * man/pcrlock: fix typo
  * meson: enable -Wgnu-variable-sized-type-not-at-end again
  * userdb: fix definition of USERDB_SYNTHESIZE_NUMERIC
  * userdb: use RET_GATHER() at one more place and update comment
  * userdb: make ENOEXEC wins over ESRCH
  * udev-rules: skip loading /etc/shadow
  * network: skip loading /etc/shadow
  * TEST-17-UDEV: acquire SYS_UID_MAX/SYS_GID_MAX from userdbctl
  * Revert "github/mkosi: tentatively disable mkosi(opensuse) job"
  * Bugprone argument comment 9 (#37712)
  * doc: tweaks to root storage daemon docs (#37727)
  * Several follow-ups for userdb lookup from udevd and networkd (#37719)
  * test-network: extend comments how to run the test
  * ptyfwd: introduce pty_forward_set_window_title() helper function
  * Bugprone argument comment 10 (#37755)
  * core: adding CGroup for io.systemd.Unit.List (second PR) (#37646)
  * delta: rework how enumerate files
  * systemctl: replace basename() with path_extract_filename()
  * TODO: drop completed entry
  * sd-lldp-rx: add VLAN ID parsing (#37725)
  * tree-wide: introduce bus_error_is_connection() and use it where applicable
  * sd-device: replace '!' with '/' before calling sd_device_new_from_subsystem_sysname()
  * run: ignore bus connection error in acquiring invocation ID
  * tree-wide: allow building with -Wgnu-variable-sized-type-not-at-end option for clang (#37499)
  * run: ignore bus connection error in acquiring invocation ID (#37763)
  * test: extend timeout and enable generating debugging logs
  * meson: fix doubled # before include
  * libcrypt-util: include random-util.h
  * cryptsetup-util: move definition of crypt_token_max()
  * forward: also include paths.h
  * utmp-wtmp: replace _PATH_WTMPX -> WTMPX_FILE
  * tree-wide: drop unnecessary inclusion of sys/quota.h
  * selinux-setup.c: drop redundant inclusion of selinux/selinux.h
  * journal: use poll.h rather than sys/poll.h
  * include: net/if.h requires features.h
  * meson: update generating lists
  * Several follow-ups for recent header cleanups (#37785)
  * dirent-util: follow our coding style
  * sysusers: always initialize ret_xyz when write_temporary_xyz() succeed
  * Two coding style fixlets (#37799)
  * resolve: exit from loop for transactions when transactions has been regenerated
  * login: drop unnecessary dependency to libacl
  * test-network: read the current link flags of bond interface
  * test-network: add test case for issue #32186
  * man/machinectl: underscore is not allowed in machine name
  * machinectl: align table
  * machinectl: use _RUNNER_MAX rather than ELEMENTSOF()
  * discover-image: coding style fixlets
  * discover-image: make image_discover() allocate hashmap when necessary
  * network: use up_or_down() at several more places
  * test-network: improve bonding tests (#37808)
  * network: also check ID_NET_MANAGED_BY property on reconfigure
  * include/linux: update kernel headers from v6.16-rc1
  * sysext: drop unnecessary struct MethodListParameters
  * discover-image: several cleanups around image_discover() (#37813)
  * dhcp: several coding style cleanups
  * sd-dhcp-client: move comment to relevant place
  * network/dhcp4: release previously acquired DHCP lease when BOOTP will be enabled
  * network/dhcpv4: add ability to use BOOTP (#34888)
  * udev/rules.d: import hwdb before calling net_id builtin
  * network: use the same hash ops used when allocated
  * ordered-set: introduce ordered_set_put_strdup_full() and friends which take hash ops
  * network: use dns_name_hash_ops_free to manage domains
  * network: hash_ops related fixlets (#37832)
  * sd-dhcp-server: reopen fd only when it is valid
  * network/dhcp-server: save and load leases in runtime directory when PersistLeases=runtime
  * test-network: add test case for PersistLeases=runtime
  * network: use PersistLeases=runtime on container/VM/namespace network interfaces
  * NEWS: mention PersistLeases=runtime in [DHCPServer]
  * test-network: add test case for issue #37714
  * network/tunnel: rename Ip6TnlMode to TunnelMode
  * network/tunnel: make sit and ipip tunnel support Mode= setting
  * test-network: add tests for tunnel mode
  * network/tunnel: several cleanups for Mode= setting and make sit and ipip tunnel support it (#37853)
  * resolve: fix indentation
  * resolve: coding style fix
  * resolve: several cleanups for manager_new()
  * resolve: several cleanups for manager_dispatch_reload_signal()
  * manager: also restart stub listner on reload
  * TEST-75-RESOLVED: add test case for reloading DNSStubListenerExtra=
  * terminal-util: fix doubled 'to' in log messages
  * resolve: several further fixes for reloading config (#37856)
  * Update distro packaging commits (#37765)
  * sd-lldp-tx: do not expose machine ID by default
  * sd-lldp-tx: append capabilities before MUD URL
  * sd-lldp-tx: allow to emit VLAN ID
  * network/lldp-tx: also emit VLAN ID
  * sd-lldp-rx: also dump received MUD URL
  * boot: fix typo
  * sd-lldp-tx: introduce sd_lldp_tx_describe() to dump current settings
  * network: also include information about LLDP sender in reply for Describe() method
  * test-network: compare LLDP sender and receiver information
  * sd-bus: BusMessageContainer.begin is always zero in sd_bus_message_open_container()
  *  sd-bus: coding style cleanups
  * bus-util: coding style cleanups
  * sd-lldp: several improvements (#37845)
  * mallinfo-util: assume mallinfo() exists
  * dirent-util: use getdents64() as is
  * test-cpu-set-util: use ASSERT_XYZ() macros
  * port write_env_file() to label_os_pre() + teach firstboot a bit of relabelling (#37869)
  * sd-lldp: replace ETHERTYPE_LLDP with ETH_P_LLDP
  * missing_network: IPPROTO_MPTCP is already defined in linux/in.h
  * ioprio-util: move from basic/ to shared/
  * test-bpf-firewall: use ASSERT_XYZ() and bpf_program_pin()
  * Several assorted cleanups (#37888)
  * resolved: enforce RefuseRecordTypes= also in proxy mode (#37902)
  * logind inhibitor code fixes (#37907)
  * bootctl: honour architecture when updating boot loaders (#37913)
  * network/dhcp6: refactoring for verify_dhcp6_address()
  * network/dhcp6: consider the DHCPv6 protocol as finished when conflict addresses exist
  * test-glob-util: drop redundant test cases
  * glob-util: rework safe_glob()
  * test: use safe_glob() at one more place
  * glob-util: drop unused _cleanup_globfree_
  * cpu-set-util: make cpu_set_to_mask_string() work with an empty cpu set
  * cpu-set-util: several cleanups for cpu_set_to_string() and cpu_set_to_range_string()
  * exec-invoke: modernize exec_context_cpu_affinity_from_numa()
  * cpu-set-util: several cleanups for cpu_set_realloc(), cpu_set_add() and friends
  * cpu-set-util: several cleanups for cpu_set_{from,to}_dbus()
  * core,test: use parse_cpu_set()
  * cpu-set-util: rename cpu_set_add_all() and cpu_mask_add_all()
  * cpu-set-util: rename cpu_set_reset() -> cpu_set_done()
  * udev/net: several cleanups for config_parse_rps_cpu_mask()
  * cpu-set-util: drop unused cpu_set_free()
  * core/load-fragment: rename config_parse_allowed_cpuset() -> config_parse_unit_cpu_set()
  * cpu-set-util: introduce config_parse_cpu_set()
  * tree-wide: reindent arguments of conf parsers
  * sysupdate: use path_is_safe()
  * homed,userdbd: mark "secrets" section of user records always to "sensitive" (#37935)
  * glob-util: several cleanups for safe_glob() (#37933)
  * core: turn ordering cycle log message into a recognizable one + catalog entry (#37893)
  * docs: fix mkosi section for Environment= setting
  * test-cpu-set-util: fix check for CPUSet.allocated
  * include: make system headers self contained
  * include: add comment why our sys/mount.h does not include the one by glibc
  * tree-wide: include missing_fs.h only where necessary
  * meson: sort file list
  * namespace-util: include sched.h
  * include: import kernel headers for several struct and enum definitions
  * fs-util: include fcntl.h in fs-util.h
  * fs-util: use int for argument that takes F_OK and friends
  * include: update syscall list
  * man: fix @BUILD_ROOT@ insertion
  * Assorted header cleanups (#37958)
  * network/link: ENODATA from reading IFLA_MASTER when an interface has no master
  * network/link: update state file when master ifindex is changed
  * test-network: add test case for issue #37629
  * repart: if partition already exists, required size may not be multiple of grain size
  * test-network: extend comments how to run the test
  * sd-device: replace '!' with '/' before calling sd_device_new_from_subsystem_sysname()
  * test: extend timeout and enable generating debugging logs
  * resolve: exit from loop for transactions when transactions has been regenerated
  * udev/rules.d: import hwdb before calling net_id builtin
  * manager: also restart stub listner on reload
  * TEST-75-RESOLVED: add test case for reloading DNSStubListenerExtra=
  * terminal-util: fix doubled 'to' in log messages
  * core/transaction: rename ret -> job
  * core/transaction: fix comment
  * core/transaction: drop redundant call of bus_unit_validate_load_state()
  * core/transaction: do not override unit load state when unit_load() failed
  * core: introduce Unit.dependency_generation counter and restart loop when dependency is updated in the loop
  * test: add test case for issue #36031
  * network: also check ID_NET_MANAGED_BY property on reconfigure
  * network/dhcp6: refactoring for verify_dhcp6_address()
  * network/dhcp6: consider the DHCPv6 protocol as finished when conflict addresses exist
  * test-network: wait for all addresses and routes configured before start monitoring
  * stat-util: split null_or_empty() into two
  * conf-files: split CONF_FILES_FILTER_MASKED flag into two
  * userdb: fix enumeration of .membership files
  * conf-files: chase symlink files in conf directories
  * conf-files: introduce CONF_FILES_CHASE_BASENAME flag
  * conf-files: rework conf_files_list_with_replacement()
  * pretty-print: also chase symlinks in the last component
  * tree-wide: use CONF_FILES_CHASE_BASENAME where root directory is specified
  * test-conf-files: use ASSERT_OK() and friends
  * repart: fix typo
  * meson: drop custom_target names (#38003)
  * Revert "tree-wide: use CONF_FILES_CHASE_BASENAME where root directory is specified"
  * Revert "pretty-print: also chase symlinks in the last component"
  * conf-files: drop use of CONF_FILES_CHASE_BASENAME in conf_files_list_with_replacement()
  * Revert "conf-files: introduce CONF_FILES_CHASE_BASENAME flag"
  * conf-files: fstatat() sets errno on failure
  * path-util: move empty_or_root_to_null() from chase.c
  * conf-files: fix an empty root handling in conf_files_list_strv()
  * TEST-17-UDEV: check the exit code at last
  * conf-files: several follow-ups for #37972 (#37997)
  * tree-wide: include unistd.h where necessary
  * basic: move missing_random.h -> include/sys/random.h
  * basic: move missing_wait.h -> include/sys/wait.h
  * basic: move missing_mman.h -> include/sys/mman.h
  * basic: move missing_pidfd.h -> include/sys/pidfd.h
  * basic: move missing_socket.h -> include/sys/socket.h
  * basic: move missing_fcntl.h -> include/fcntl.h
  * basic: move missing_sched.h -> include/sched.h
  * core/socket: introduce DeferTrigger= (#37505)
  * NEWS: fix typo
  * test-dns-search-domain: several cleanups
  * test: improve printing of assertion errors, allow more failures (#38004)
  * meson: make -Wsequence-point warning critical
  * core/transaction: minor tweaks for cyclic dependency logging (#38014)
  * udev-builtin-uaccess: open device node with O_PATH
  * Fixes for vscode/intellisense parsing (#38040)
  * test-local-addresses: use ASSERT_OK() and friends
  * test-local-addresses: enable IPv6 on the test interface
  * test: assume RTA_VIA is supported
  * fuzz: avoid assertion for ExecContext.private_var_tmp triggered
  * openssl-util: allow to build with openssl without UI support
  * ci: add test case for building without OpenSSL UI support
  * Add systemd-analyze verb to list runtime unit properties (#37665)
  * udev: gracefully handle ENODEV or friends in opening device node
  * networkd-test: stop varlink socket before setting up runtime directories
  * core/socket: fix typo
  * TODO: fix typo
  * man/analyze: fix typo
  * analyze: fix typo
  * meson fixlets (#38086)
  * hwdb: fix typo in 70-maker-tools.hwdb, and add the file to meson.build (#38090)
  * cgroup-util: clean up skip_{slices,session,user_manager} (#38089)
  * tree-wide: several cleanups for reading/writing /proc/sys/fs/nr_open
  * namespace-util,nsresource: explicitly include sched.h
  * analyze: include unistd.h
  * core: rename ExecContext.ioprio_set -> .ioprio_is_set
  * basic/include: replace _Static_assert() with static_assert()
  * tree-wide: include sys/stat.h where necessary
  * timesync,test: explicitly include sys/timex.h when struct timex is used
  * core/cgroup: prepare for removal of tracking/bookkeeping logic specific to cgroup v1 (#38099)
  * bootspec: fix string table naming for BootEntryType/BootEntrySource (#38106)
  * core: add quota support for State, Cache, and Log exec directories (#35892)
  * minor fixes to nspawn, machined, vmspawn (#38110)
  * core: allow to use PIDFile= in user session services
  * man: mention relative PIDFile= in user service is prefixed with $XDG_RUNTIME_DIR
  * A few changes related to linking and bitfields (#38118)
  * core: fix owner check of PIDFile=, and update document (#38115)
  * Add support for BPF tokens (#36134)
  * recurse-dir: coding style cleanups; mount-util: teach open_tree_attr_fallback() our usual AT_EMPTY_PATH trick (#38130)
  * man/systemd.exec: update documentation for PrivateBPF= (#38142)
  * core: add 'DefaultRestrictSUIDSGID' config option (#38126)
  * errno-util: introduce ERRNO_IS_NEG_FS_WRITE_REFUSED()
  * binfmt-util: propagate failure in access_fd()
  * binfmt-util: rename binfmt_mounted() -> binfmt_mounted_and_writable()
  * man: fix typo
  * shutdown: voidify disable_binfmt()
  * ci: also set TEST_RUNNER environment variable in coverage test
  * Revert "resolve: query the parent zone for DS records"
  * journalctl: do not fail on SIGTERM/SIGINT, or when STDOUT is disconnected
  * main-func: drop unused DEFINE_MAIN_FUNCTION_WITH_POSITIVE_SIGNAL()
  * test: drop unnecessary disablement of pipefail
  * NEWS: mention about the exit code change in journalctl --follow
  * Plumbing to perform SELinux checks in varlink API (#38146)
  * io.systemd.Manager.Describe fix context/runtime split (#38135)
  * journalctl: do not fail on SIGTERM/SIGINT or STDOUT disconnect when running with --follow (#38116)
  * test-cgroup: Ignore ENOENT from cg_create(); test-cgroup-util: Ignore ENXIO in one more place (#38158)
  * chase: allow to request O_PATH fd even with CHASE_NONEXISTENT
  * conf-files: introduce struct ConfFile to store information of found conf file
  * conf-files: make conf_files_list() and friends internally use struct ConfFile
  * conf-files: introduce conf_files_list_full() and friends that provides results in ConfFile
  * pretty-print: several cleanups for cat_files()
  * pretty-print: make conf_files_cat() not show files outside of the specified root.
  * udevadm: do not read udev rules files outside of the specified root directory
  * TEST-17-UDEV: conditionalize test cases for testuser
  * udev-rules: do not read udev rules files outside of specified root directory
  * hwdb-util: coding style update
  * hwdb-util: do not read hwdb files outside of specified root directory
  * catalog: do not read catalog files outside of specified root directory
  * selinux-util: downgrade log level to LOG_DEBUG when error code is zero
  * core/selinux-access: insert an empty line after function arguments
  * sd-device: do not set errno needlessly
  * sd-device: replace 'type *func()' -> 'type* func()'
  * mkosi: various improvements (#38156)
  * include: move libc header wrappers to src/include/override/, and kernel headers to src/include/uapi/
  * tree-wide: several cleanups for generating symbol lists and gperf files
  * basic: move basic/missing_syscall_defs.h -> include/override/sys/syscall.h
  * libc-wrapper: introduce a tiny libc wrapper
  * include: move trivial kernel header wrappers to src/include/override/
  * include: use unit8_t for uuid
  * docs: mention src/include/ directories
  * reboot-util: merge with raw-reboot.h
  * raw-clone: move definition to .c file
  * conf-files: make conf-file enumerators provide more detailed information of enumerated files (#38006)
  * man: fix typo
  * journal: fix typo
  * Cleanups for missing_xyz.h headers (#37904)
  * network/bridge-vlan: allow to configure bridge vlan on stacked bridge master interface
  * quota-util: explicitly include linux/quota.h
  * tree-wide: include asm/sgidefs.h to make _MIPS_SIM_ABI32 and friends defined
  * kernel-install: do not mix || and &&
  * kernel-install: regroup options in help meesage
  * man/kernel-install: mention --entry-type= option in the man page
  * basic: rename cap-list.c -> capability-list.c
  * mkosi: Two fixlets for CentOS (#38165)
  * kernel-install: several follow-ups for --entry-type= (#38160)
  * Include more headers explicitly (#38169)
  * network: split link_may_have_ipv6ll() into two
  * network/radv: allow to send Router Advertisement from e.g. Tun interface
  * man: fix version info tag
  * udevadm: fix memleak
  * test: drop unnecessary line continuation
  * network: clean up link_may_have_ipv6ll() and allow to run RADV on Tun interface (#38175)
  * units: check if kmod command exists
  * pidref: propagate critical errors in pidref_acquire_pidfd_id()
  * meson: fix coverage build
  * test: skip one test case when running on coverage
  * systemctl: move functions in systemctl-sysv-compat.[ch]
  * systemctl/halt: drop support for calling in SysV init script
  * systemctl: kill SysV compat 'runlevel' command
  * core,initctl,systemctl: kill /dev/initctl support
  * utmp: drop setting runlevel entry in utmp
  * units: drop runlevel[0-6].target
  * NEWS: mention removal of several SysV compat features
  * mkosi: drop SysV compat files from packages
  * mkosi: update debian commit reference to a8ad8e30e70c0b82ecb8fe016f2dde3a084236f0
  * btrfs: use unpriv subvol info ioctl (#38230)
  * Add build/unit-tests CI jobs for s390x (#38232)
  * fsck,quotacheck: drop support for traditional /forcefsck, /fastboot, and /forcequotacheck files
  * fsck: introduce string tables for fsck.mode= and fsck.repair=
  * fsck: add fsck.mode and fsck.repair credentials support
  * man: fix reference to systemd-quotacheck@.service
  * man: fix service names
  * quotacheck: drop unnecessary use of global variable
  * quotacheck: introduce string table for quota check mode
  * quotacheck: add quotacheck.mode credential support
  * NEWS: mention changes in systemd-fsck and systemd-quotacheck
  * mkosi: patch filelists by opensuse
  * mkosi: update debian commit reference to 61144ff7a6747bd3cc6340fbac38a8e15e9a239b
  * test-network: stop varlink.socket before stopping networkd.service
  * fsck,quotacheck: add credentials support and drop support of /forcefsck and friends (#38197)
  * NEWS: fix typo
  * Revert "test: skip one test case when running on coverage"
  * analyze: add missing full stop in the log message
  * analyze-unit-shell: drop unnecessary error check
  * analyze: fix memleak and missing oom check
  * analyze: merge if branches on debugger
  * analyze-unit-gdb: append debugger arguments
  * bash-completion/analyze: show candidates for --debugger
  * journald: move several configuration related definitions to journald-config.[ch]
  * journald-manager: make manager_get_file_flags() return JournalFileFlags
  * journald-manager: use manager_get_file_flags() more
  * journald-audit: do not control kernel auditing by non-default namespace instances by default
  * journald-config: use char* for credential data
  * journald-config: make kernel command line parser take JournalConfig
  * journald-config: always clear threshold_bytes even when boolean value is specified
  * journald-config: modernize config_parse_line_max() and config_parse_forward_to_socket()
  * journald: move all config entries from Manager to JournalConfig
  * journald: do not read configs by journald fuzzers
  * journald: rename fuzz-journald.[ch] -> fuzz-journald-util.[ch]
  * journald-kmsg: shorten manager_flush_dev_kmsg() a bit
  * journald-kmsg: introduce manager_close_kernel_seqnum() helper function
  * journald: introduce manager_unlink_seqnum_file()
  * journald-kmsg: fix reopening /dev/kmsg
  * journald-kmsg: merge manager_kmsg_mode() into manager_open_dev_kmsg()
  * journald-audit: make enable_audit() take Manager object
  * journald-audit: apply new Audit= setting on reload
  * journald-socket: close previous socket when ForwardToSocket= is changed on reload
  * journald-config: ForwardToSocket= is not supported in non-default namespace instance
  * journald-context: update ratelimit interval and burst on reload
  * journal-file: introduce journal_metrics_equal()
  * journald-manager: rework reopening journal files on reload
  * journal-file: drop unused journal_file_reload()
  * journald: several follow-ups for reloading journald.conf (#38199)
  * core/exec-invoke: negative errno needs to be passed to report_errno_and_exit()
  * core: it is not necessary to send message after fsconfig() for bpffs
  * core/namespace: gracefully handle errors in mounting new bpffs instance
  * test-bpf-token: use test macros and functions
  * TEST-07-PID1: fix negative check
  * TEST-07-PID1: check if PrivateBPF=yes is gracefully ignored
  * vmspawn: use poll.h rather than sys/poll.h
  * test: add test case for getenv_for_pid()
  * sd-event: drop inotify event from buffer when no event source is triggered
  * test: add test case for issue #38265
  * bootctl: do not fail when the same file is updated multiple times
  * tree-wide: fix log messages: "Failed VERB" -> "Failed to VERB"
  * tree-wide: normalize usage of %m
  * tree-wide: do not use %m with SYNTHETIC_ERRNO()
  * tree-wide: add missing '=' in short comments for function argument
  * test-sd-device: also exclude dm block devices
  * test: missing -v option for command
  * ci/build-test: install libarchive-dev
  * varlink-idl: fix type of ProcessId.bootId
  * networkd/dhcp6: Add support for IPv6 SIP servers (#38269)
  * getty-generator: show original path in the log message
  * TEST-81-GENERATORS: add test cases for systemd.getty_auto=console and friends
  * meson: crypt.h must always exist
  * network/json: ignore -ENODATA and any failures from sd_dhcp_lease_get_sip()
  * network/state-file: ignore any errors in sd_dhcp6_lease_get_dnr()
  * network/state-file: coding style fixlet
  * po: update Japanese translations
  * Revert "po: update Japanese translations"
  * po: update Japanese translations
  * test: drop executable flag from prefix-shell.service
  * TEST-07-PID: journalctl -u may not work for short living processes
  * TEST-04-JOURNAL: use bash to make builtin echo command used
  * journal: clear cached journal storage space before vacuum journals
  * test: various cleanups for TEST-04-JOURNAL.journal-reload.sh
  * integration-test: show journalctl command for showing saved journal when TEST_SAVE_JOURNAL=1
  * integration-test: mention TEST_SAVE_JOURNAL in README
  * test: move testcase_dependencies() to TEST-10-MOUNT
  * TEST-60-MOUNT-RATELIMIT: use reload to make new config applied
  * TEST-10-MOUNT: make cleanup function run on error
  * TEST-10-MOUNT: wait for userspace mount options being loaded
  * test: several fixlets for journal related failures (#38308)
  * test: modernize test-oomd-util
  * test: modernize tests.c and tests.h
  * errno-list: fallback to use our errno name table
  * test: stop firewalld and friends to make them not disturb test-firewall-util
  * test-sd-device: filter out dm block devices at several more places
  * resolved: use usec_add() at one more place
  * core/exec-invoke: check size of read size
  * cpu-set-util: fix identical ternary expression
  * cpu-set-util: check if cpu set is already allocated
  * test: add explicit test cases for cpu_set_add() and cpu_set_add_range()
  * ordered-set: avoid overflow
  * delta: add missing error check
  * fuzz-efi-string: add missing OOM check
  * install: skip later first_word() calls if one of earlier calls passes
  * fs-util: avoid overflow in MODE_TO_PTR() with MODE_INVALID
  * TEST-64-UDEV-STORAGE: wait for partition devices being created before calling udevadm trigger
  * TEST-21-DFUZZER: update the list of destructive methods
  * TEST-21-DFUZZER: first test session bus, then service bus, finally system bus
  * TEST-21-DFUZZER: enable services to be tested
  * TEST-21-DFUZZER: suppress debugging logs from homed, nsresourced, and userdbd
  * man/repart: fix the required btrfs-progs version
  * locale: escape invalid keymap on logging
  * test: several cleanups for TEST-74-AUX-UTILS.socket-activate.sh
  * TEST-04-JOURNAL: add more test cases for LogFilterPatterns=
  * NEWS: announce legacy iptables/libiptc support will be dropped in v259
  * sd-bus: escape invalid characters in error message
  * test: skip verification for racy test cases
  * Rework file system group magic lookups (#38340)
  * include: update kernel headers from v6.16-rc7
  * journal: check filtering after parsing timestamp, identifier, pid, and so on
  * TEST-04-JOURNAL: several cleanups
  * TEST-04-JOURNAL: add test case for log filtering through syslog
  * TEST-87-AUX-UTILS-VM: make coredumps stored in archived journal file
  * TEST-23-UNIT-FILE: do not wait indefinitely but set a reasonable timeout
  * efi-api: cast before shift
  * chase: check the result is a directory or regular file only when the resolved path exists
  * conf-files: CHASE_MUST_BE_DIRECTORY can be set with CHASE_NONEXISTENT
  * TEST-04-JOURNAL: add one more missing journalctl --sync
  * ci: add test coverage for secure boot and addons, and shim integration (#38377)
  * TEST-46-HOMED: modernize test
  * TEST-46-HOMED: remove unnecessary users
  * TEST-64-UDEV-STORAGE: clear MD superblock on exit
  * TEST-03-JOBS: modernize test code and extend timeout
  * Print location of loader.conf in bootctl status and related updates (#38389)
  * ptyfwd: do not call pty_forward_done() in do_shovel()
  * ptyfwd: split-out shovel_force()
  * ptyfwd: replace pty_forward_set_ignore_vhangup() with pty_forward_honor_vhangup()
  * ptyfwd: do not try to read master if already disconnected
  * ptyfwd,run: make pty_forward_drain() trigger defer event to call shovel()
  * run: make PTY forwarder honor vhangup() after service finished
  * pam_systemd: never reset existing $XDG_RUNTIME_DIR for non-area logins (#38405)
  * Use ERRNO_NAME in most places to figure out errno names (#38409)
  * login: fix typo
  * test: several cleanups for DeferReactivation=
  * resolve: bump *_SEARCH_DOMAIN_MAX to 1024
  * Double journal field hash table size (#38416)
  * udev/node: split out link_search_and_update() and reduce indentation
  * udev/node: check the target device node of devlink on removal
  * TEST-64-UDEV-STORAGE: several fixlets for check_device_units()
  * TEST-64-UDEV-STORAGE: several cleanups
  * TEST-64-UDEV-STORAGE: add stress tests for creating/removing device node symlinks
  * hwdb: several cleanups
  * basic: do not use PROJECT_FILE in one more generated file
  * TEST-13-NSPAWN: wait for a few seconds after markers found
  * mkosi: update mkosi commit reference to 655baf24474a6f0732ec1b82a71c2f6fe4eeeb49
  * test-dns-answer: fix misuse of ASSERT_TRUE/FALSE()
  * man: fix typo
  * test: include unistd.h for _exit() used in ASSERT_SIGNAL()
  * test-dns-question: use ASSERT_OK_POSITIVE/ZERO() rather than ASSERT_TRUE/FALSE()
  * udev/spawn: continue to read stdout even if the result buffer is full
  * TEST-64-UDEV-STORAGE: mdadm --zero-superblock seems to not support symlink
  * NEWS: fix typo
  * user-runtime-dir: skip setting quota if not requested
  * user-runtime-dir: fix logged quota size
  * profile: replace default bash prompt with more informative one
  * Revert "hwdb: disable Asus ROG keyboards sending poweroff"
  * test-network: also save the current state of socket units for resolved and stop them
  * network/bridge-vlan: fix segfault
  * udev-rules: add missing device name prefix in log message
  * core/exec-invoke: fallback to set TTY specified by TTYPath= to PAM
  * include: update kernel headers from v6.17-rc1
  * pcrlock: make-policy should use path specified by --policy= rather than --pcrlock
  * tpm2-util: gracefully skip deserialization when no input
  * tpm2-util: copy serialized result in tpm2_serialize()
  * core/service: do not start watchdog on frozen unit when service manager is reloaded or reexecuted
  * core/cgroup: allow to set cgroup path for frozen unit
  * TEST-38-FREEZER: check if watchdog is not restarted by systemctl daemon-reload or daemon-reexec
  * TEST-38-FREEZER: use 'systemctl show' to get freezer state
  * TEST-17-UDEV: rotate journal before checking
  * machinectl: set TERM=dumb when running on a dumb terminal or with a pipe
  * profile: do not prompt OSC sequences when running on a dumb terminal
  * nspawn: always set TERM=dumb when running with a pipe
  * core: do not print OSC sequence on reverting TTY settings when running on a dumb terminal
  * core: make is_terminal_input() and friends inline
  * core: do not touch tty when StandardOutput=/StandardError=journal+console/kmsg+console
  * core/execute: add one more FIXME comment
  * pretty-print: show progress bar only when we are running on a TTY
  * import,sysupdate: make notify event processed before SIGCHLD of worker processes
  * import: align table
  * import: add a debugging log of importing blob
  * TEST-72-SYSUPDATE: make randomly generated image file not have compression header
  * TEST-72-SYSUPDATE: fix indentation and drop space in blank line
  * core: do not start watchdog for frozen service on daemon-reload/-reexec (#38553)
  * tree-wide: various terminal related fixlets (#38544)
  * condition: fix unexpected assertion triggered
  * man: add missing comma
  * mkosi: update mkosi ref and debian ref (#38597)
  * seccomp-util: use consistent argument names
  * hostname-setup: do not trigger assertion when uname() is prohibited by seccomp
  * assert-util: drop message argument of assert_log()
  * assert-util: introduce log_set_assert_return_is_critical_from_env()
  * nss: move definition of NSS_ENTRYPOINT_BEGIN to nss-util.h
  * signal-util: do not abort when sigprocmask() failed
  * test-nss-hosts: add test case for issue #38582
  * resolve: fix index of comments and rebreak comments
  * test: drop unnecessary service file
  * Avoid triggering assertions by nss modules when uname and/or sigprocmask are masked (#38586)
  * core/service: do not reset watchdong when unit is frozen
  * meson: compile nss-util.c only when at least one nss module is enabled
  * TEST-17-UDEV: rotate journal after pending journal entries in buffer before flushed
  * cryptsetup: HAVE_CRYPT_SET_KEYRING_TO_LINK is always defined
  * README: drop one FIXME comment
  * ptyfwd: do not try to read from PTYForward.input_fd when read-only mode
  * test: add test cases for path_is_root_at()
  * Revert "chase: invert CHASE_NO_AUTOFS and only set it where needed"
  * chase: introduce CHASE_NO_SHORTCUT_MASK
  * chase: trigger automount only when explicitly requested
  * NEWS: announce bump of required minimum version of several components in next release
  * test: fix typo
  * nspawn: fix --link-journal=host with --private-users=pick and friends
  * homed: do not print sensitive data when debug logging is enabled
  * TEST-46-HOMED: cleanup homedsshtest earlier
  * TEST-46-HOMED: homectl unregister and friends needs the target is inactive or absent
  * core/unit: use UNIT_FOREACH_DEPENDENCY_SAFE() at several more places
  * udev: fix typo
  * core: fix typo
  * udev: fix grammar
  * bootctl: do not fail on removing unfied kernel image
  * shell-completion: support -i option for journalctl
  * tree-wide: some trivial fixes around `table_*()` result check (#38753)
  * units: portabled requires /dev/loop-control
  * NEWS: mention ACLs by "uaccess" is always set by udevd
  * TEST-45-TIMEDATE: rotate journal before parsing log message
  * pcrlock: use WRITE_STRING_FILE_LABEL
  * TEST-58-REPART: make sector size test as a normal test case
  * TEST-58-REPART: add test case for btrfs specific options and MountPoint=
  * man/repart.d: mention each field of MountPoint= needs to be quoted when contains colon
  * core/transaction: first drop unmergable jobs for anchor jobs
  * test: add test case for issue #38765
  * repart: fix memleak
  * core/unit: do not load drop-in configs for masked unit files
  * TEST-07-PID1: add test cases for mask/unmask unit
  * test: add comment about custom autorelabel.service
  * test: move test units to their own directories
  * TEST-87-AUX-UTILS-VM: rotate journal at one more place
  * install: follow-up for initrd presets (#38790)
  * Cleanups for test/units directory (#38807)
  * bootctl: add missing varlink IDL entries
  * hostname: add missing varlink IDL fields
  * core/varlink: do not send unrealized cgroups to oomd
  * core/varlink: do not call io.systemd.oom.ReportManagedOOMCGroups() with empty "cgroups" parameter
  * test: do not call GetUserRecord without "service" argument
  * network: remove unnecessary fd saved in fd-store
  * test: re-enable journal checks for varlink-idl and so on
  * ethtool-util: fix setting advertising link modes
  * fd-util: split out fallback logic for close_all_fds()
  * fd-util: use heap only when nwea() does not work
  * TEST-64-UDEV-STORAGE: forcibly create new physical volume
  * dissect: include unistd.h
  * boot: add assertions
  * bootctl: drop unnecessary verb_unlink()
  * core/bpf-foreign: use RET_GATHER()
  * sysupdate: use conf_files_list_strv_full() to enumerate components
  * sysupdate: use conf_files_list_strv_full() to enumerate features
  * sysupdate: use conf_files_list_strv_full() to enumerate definitions
  * meson: realign summary
  * nspawn: realign gperf table
  * network: shorten conf parser names and realign gperf table
  * network/netdev: realign gperf table
  * resolve: shorten conf parser name and realign gperf table
  * core/transaction: do not call job_is_conflicted_by() twice for the same job
  * core/transaction: rebreak comments and append full-stop
  * core/transaction: coding style update
  * test-efi-string: migrate to use ASSERT_OK() and friends
  * test-parse-util: use newlocale() and freelocale() to set temporarl locale
  * test-seccomp-util: several cleanups
  * test-udev: pass test_env to make the test use systemd-detect-virt in build directory
  * test-sysusers: show diffs in stderr
  * test-mount-util: several cleanups
  * test: skip several test cases when running in chroot
  * test: reenable test for cg_get_keyed_attribute()
  * test: rearrange test-cgroup and test-cgroup-util
  * mkosi: drop man package from global config
  * mkosi: support the case /sbin/init is an absolute symbolic link
  * macro: flip ONCE macro to make log_once() and friend actually log once
  * udev-config: use secure_getenv() at one more place
  * creds-util: fix comment
  * sd-event: drop cgroupv1 support in memory pressure event source
  * udev-rules: add OPTIONS="dump-json" to dump current status in JSON format
  * Align meson summary and gperf tables (#38578)
  * journalctl: add -W as short for --no-hostname (#38704)
  * sysupdate: use conf_files_list_strv_full() where possible (#38198)
  * resolve/varlink: replace json_dispatch_address() with json_dispatch_byte_array_iovec()
  * resolve/varlink: use sd_json_dispatch_const_string() at more places
  * test: several random cleanups and fixlets (#38877)
  * Bump required minimum version of libfido2 to 1.5.0
  * vmspawn: fix error handling
  * systemd-repart: add encryption configs into repart.d/* (#38052)
  * resolve: two cleanups for varlink method (#38467)
  * basic/efivars: read EFI variables using one read(), not two (#38864)
  * sd-boot: allow configuration of log levels (#38701)
  * firewall-util: remove iptables backend
  * sd-netlink: make netlink_get_reply_callback_count() accept NULL
  * firewall-util: drop FirewallContext
  * firewall-util: rename firewall-util-nft.c to firewall-util.c
  * importd: some minor tweaks (#39008)
  * chattr-util/acl-util: add helpers that tells us if an inode type can do chattr/acl (#39003)
  * chase: tweaks to chase_open()/chase_openat() (#38984)
  * various tweaks for systemd-creds & related (#38979)
  * firewall-util: remove iptables/libiptc backend support (#38976)
  * varlink: flag -> flags
  * creds-util: fix typo
  * man/repart: fix typo
  * man/varlink: fix typo
  * Various smaller tweaks to bootctl (#38996)
  * libaudit-util: fix typo
  * run: include sys/stat.h again
  * machine: fix crash on update from older than v258
  * Follow-ups for recent changes to creds (#39040)
  * journal: add missing initialization
  * journal: make JournalConfig.set_audit as enum
  * journal: fix two recent regressions in config handling (#39069)
  * udev: move devnode_acl() back to libshared
  * login: update ACL on static device nodes again
  * test: use relative paths to executables
  * udev-builtin-net_id: Add DeviceTree-based names for WLAN devices (#39060)
  * measure: strip tpm 1.x remnants and make GetActivePcrBanks() work (#39089)
  * boot: use correct format specifier for timeout
  * boot: rename ENROLL_TIMEOUT_TYPE_MAX -> ENROLL_TIMEOUT_MAX
  * libacl → turn into dlopen() dependency (#39087)
  * boot: two trivial cleanups (#39093)
  * machine: fix wrong field name in varlink IDL
  * firstboot: some love (#39070)
  * find-esp: fix error handling
  * osc-context: fix typo: 8003 -> 3008
  * integration tests: do not adjust log level in the test script
  * man: fix typo
  * core/cgroup: make sure deserialized accounting data is not voided (#39130)
  * machined: introduce per-user instance (#39123)
  * core/unit: fail earlier before spawning executor when we failed to realize cgroup
  * core/bpf-firewall: make failures in loading custom BPF program not critical
  * core/bpf-firewall: replace unnecessary unit_setup_cgroup_runtime() with unit_get_cgroup_runtime()
  * timer: fix unexpected triggering of service immediately after restart of a timer (#38868)
  * core: assorted fixes and cleanups for cgroup (#39094)
  * mkosi: bump fedora from 42 to 43
  * ethtool-util: drop use of deprecated ETHTOOL_GSET and ETHTOOL_SSET
  * ethtool-util: rename functions and update log messages
  * ethtool-util: fix comment
  * ethtool-util: drop use of union ethtool_link_usettings
  * TEST-64-UDEV-STORAGE: do not use -f/--force option for wipefs
  * time-util: introduce SAVE_TIMEZONE macro
  * time-util: introduce parse_gmtoff() helper function
  * time-util: fix issues in parse_timestamp() and optimize performance
  * bash-completion: systemd-sysext/systemd-confext missing options (#38948)
  * time-util: fix using wrong timezone when parsing timestamp (#38876)
  * calendar-spec: use SAVE_TIMEZONE
  * timedatectl,test: use SAVE_TIMEZONE at more places
  * tree-wide: stop assigning colon prefixed timezone to $TZ
  * units: move FailureAction= to the correct section
  * units/systemd-battery-check.service: minor cleanup (#39178)
  * meson: add man and html targets (#39207)
  * man: fix typo
  * Use string tables to parse option arguments (#39173)
  * shared/bootspec: don't warn for new `loader.conf` options and correctly parse new `uki` and `profile` boot entry options (#39165)
  * core/cgroup: fix indentation
  * man: mention about UINT64_MAX value for OOMKills and ManagedOOMKills DBus properties
  * sysctl: add missing help entry for --strict
  * sysctl: prettify help message
  * sysctl: propagate failures in parsing credential files
  * sysctl: shorten code a bit
  * sysctl: assorted coding style cleanups
  * sysctl: port parse_file() over conf_file_read()
  * sysctl: add --inline option
  * test: merge TEST-76-SYSCTL into TEST-87-AUX-UTILS-VM
  * sd-bus: silence spurious debugging log message
  * timesync: drop redundant space
  * timesync: assume link NTP servers are unchanged on error and no servers registered yet
  * test: add test cases for sysctl reading configuration from stdin or positional arguments
  * mkosi: bump fedora from 42 to 43
  * macro: flip ONCE macro to make log_once() and friend actually log once
  * journal: add missing initialization
  * journal: make JournalConfig.set_audit as enum
  * machine: fix wrong field name in varlink IDL
  * osc-context: fix typo: 8003 -> 3008
  * TEST-64-UDEV-STORAGE: do not use -f/--force option for wipefs
  * sysctl: add missing help entry for --strict
  * pidfd-util: add missing trailing argument for ioctl(PIDFD_GET_*_NAMESPACE)
  * udev: move devnode_acl() back to libshared
  * login: update ACL on static device nodes again
  * include: update kernel headers from v6.17.1
  * mkosi: avoid infinite reboot on failure
  * test-kernel-install: support the case when custom default locale is specified
  * pidfd-util: add missing trailing argument for ioctl(PIDFD_GET_*_NAMESPACE)
  * core/bpf-firewall: replace unnecessary unit_setup_cgroup_runtime() with unit_get_cgroup_runtime()
  * machine: fix crash on update from older than v258
  * nsresource: fix varlink method dispatch table
  * ci: fix workaround about bpftool for codeql
  * coredump: split out conf parser to coredump-config.[ch]
  * coredump: split out metadata parsers to coredump-context.[ch]
  * coredump: split out process_backtrace() to coredump-backtrace.[ch]
  * coredump: split out acquire_pid_mount_tree_fd() and submit_coredump() to coredump-submit.[ch]
  * coredump: split out process_socket() to coredump-receive.[ch]
  * coredump: split out functions for sending coredump to coredump-send.[ch]
  * coredump: split out process_kernel() to coredump-kernel-helper.[ch]
  * coredump: drop unnecessary header inclusion
  * include: import linux/coredump.h from kernel v6.17.1
  * include: update struct pidfd_info and relevant constants
  * pidfd-util: expose pidfd_get_info()
  * iovec-wrapper: introduce iovw_replace_string_field()
  * iovec-wrapper: introduce iovw_put_string_fieldf()
  * hostname-setup: introduce pidref_gethostname_full()
  * man: fix typo
  * test: add unit test for dns_name_parent()
  * network/dhcp-server: several cleanups for setting domain to DHCP server
  * man: fix position of </para> tag
  * Don't tag i2c mice as pointing sticks (#39264)
  * sd-dhcp-server: fix conditions for checking if static address is assigned to another host
  * network/dhcp-server: several follow-ups for domain option (#39380)
  * coredumpctl: fix condition for checking coredump journal entry
  * Several preparations for supporting new coredump interface (#39350)
  * TEST-75-RESOLVED: stop socket units before stopping the main service
  * ci/oss-fuzz: switch to Ubuntu 24.04
  * Two minor id128-related cleanups (#39407)
  * rereadpt: always update kernel partition tables from userspace in an incremental fashion (#39390)
  * man/network: extend document about the default value of IPv6AcceptRA=
  * core: increment start limit counter only when we can start the unit
  * capability-list: make capability_list_length() return unsigned
  * capability-util: tighten requirement for CAP_LAST_CAP off by one
  * test: use CAP_LIMIT at one more place
  * capability-util: move several definitions
  * capability-util: introduce capability_quintet_equal() helper function
  * capability-util: several coding style updates
  * capability-util: introduce capability_get() and use it in have_effective_cap()
  * capability-util: introduce capability_apply() and use it in capability_ambient_set_apply()
  * test: replace cap_to_text() with capability_get() and capability_set_to_string()
  * test: use have_inheritable_cap() in test_apply_ambient_caps()
  * capability-util: rework capability_gain_cap_setpcap() and capability_bounding_set_drop()
  * capability-util: use capability_apply() in drop_privileges()
  * capability-util: use capability_get() and _apply() in change_capability()
  * capability-util: use capability_get() and _apply() in capability_quintet_enforce()
  * tree-wide: drop unused libcap dependencies
  * Drop libcap dependency (#39425)
  * mountfsd: allow privileged users to mount bare unprotected filesystems (#39411)
  * cleanup: introduce DEFINE_TRIVIAL_CLEANUP_FUNC_FULL_MACRO_RENAME() macro
  * openssl-util: drop unused functions
  * openssl-util: fix spurious indent
  * module-util: drop 'sym_' prefix from cleanup functions
  * pkcs11-util: drop 'sym_' prefix from cleanup functions
  * compress: drop 'sym_' prefix from cleanup functions
  * apparmor-util: drop 'sym_' prefix from cleanup functions
  * libarchive-util: drop 'sym_' prefix from cleanup functions
  * xkbcommon-util: drop 'sym_' prefix from cleanup functions
  * elf-util: drop 'sym_' prefix from cleanup function
  * pcre2-util: drop 'sym_' prefix from cleanup functions
  * pcre2-util: drop trivial pattern_free() wrapper
  * qrcode-util: drop 'sym_' prefix from cleanup function
  * passwdqc: drop 'sym_' prefix from cleanup function
  * pwquality: drop 'sym_' prefix from cleanup function
  * meson: add all 'cflags' dependencies to libshared
  * locale: use include directory for libxkbcommon
  * test: sort libraries in test-dlopen-so
  * test: extend start limit interval
  * core/exec-invoke: relax restriction for process name length
  * core/exec-invoke: use strnpcpy() where appropriate (#39446)
  * coredump-config: several modernizations
  * coredump: shortcut to start backtrace mode
  * coredump: allow to control log level and so on via command line
  * coredump-context: several cleanups
  * coredump-context: cache if the crashed process in the same PID namespace
  * coredump: enter mount namespace even when the crashed process is in the same PID namespace
  * coredump-send: do not forward when the service manager in container crashed
  * udev-watch: allow to log from child process
  * logind: support deserializing session leader through pidfdid (#39440)
  * man: handle leading/trailing/repeating whitespaces in anchor links (#39423)
  * TEST-07-PID1: wait for systemd-resolved being stopped
  * network/sysctl: logs when per-link IPMasquerade= setting changes the global IPv6Forwarding= setting
  * mount-setup: Add memory_hugetlb_accounting to cgroupfs mount (#39486)
  * network: propagate error in link_carrier_lost()
  * network: do not restart DHCPv4 client on stopping/restarting networkd
  * Various --bind-user= fixes (#39498)
  * strv: introduce strv_extendf_with_size()
  * string-util: introduce strextendv_with_separator()
  * strv: introduce strv_extend_joined() and strv_extend_joined_with_size()
  * core/exec-invoke: use heap allocation to build environment variables
  * dns-rr: use strv_extendf() at one more place
  * vmspawn: use strv_extendf() at one more place
  * vmspawn: replace strv_extendf() with strv_extend_joined() when concatenating strings
  * reread-partition-table: take exclusive lock when requested
  * analyze: add missing help entry
  * Several cleanups around strv_extendf() (#39508)
  * discover-image: introduce bus_property_get_image_is_read_only() with BUS_DEFINE_PROPERTY_GET() macro
  * Ignore --now when systemctl enable is called in a chroot (#39456)
  * libcryptsetup: drop several unnecessary checks for existences of functions by libcryptsetyp
  * cryptsetup-util: sort loaded function prototypes
  * cryptsetup-util: sym_crypt_free() and friends are unused when libcryptsetup is disabled
  * Several cleanups for libcryptsetup dependency (#39452)
  * coredump: several cleanups, modernizations, fixlets for corner cases (#39418)
  * resolvectl: return earlier from openpgp command when OpenSSL support is disabled
  * openssl-util: drop unused string_hashsum() and friends when OpenSSL is disabled
  * pe-binary: drop pe_hash() and friends when OpenSSL support is disabled
  * openssl-util: drop unused fake type definitions when OpenSSL is disabled
  * bootctl: move conditions into corresponding functions
  * bootctl: return earlier when secure boot auto-enrollment is requested but OpenSSL support is disabled
  * repart: load x509 certificate and private key after Context is allocated
  * repart: make sign_verity_roothash() take Context
  * repart: merge common conditions
  * repart: drop OpenSSL specific logics when OpenSSL support is disabled
  * openssl-util: sort cleanup functions
  * openssl-util: drop unnecessary functions when OpenSSL support is disabled
  * resolvectl: fix typo
  * repart: fix typo
  * Several OpenSSL related cleanups (#39455)
  * sd-json: accept NULL path in sd_json_parse_file_at() too, port one manual fdopen() to it (#39538)
  * sysext: Check for /etc/initrd-release in given --root= tree (#39473)
  * core/exec-invoke: gracefully handle lack of privilege for initgroups() in user mode (#39039)
  * core/service: reload fixlets (#39376)
  * tree-wide: add missing '#pragma once'
  * libsystemd: drop unused header
  * sd-dns-resolver: move header to src/systemd
  * TEST-64-UDEV-STORAGE: generate debugging logs
  * tar-util: fix typo
  * tpm2-setup: fix typo
  * core/manager: small cleanups (#39562)
  * test-network: read default values from environment variables
  * test-network: disable several more sandbox features when running with sanitizers
  * Two fixes for homectl (#39591)
  * logind: handle session leader termination during deserialization more gracefully (#39607)
  * reread-partition-table: trigger change events when we failed to lock device
  * tar-util: make sure we can unpack hardlinked symlinks (#39619)
  * core/exec-invoke: pass the correct pid (1) to processes in pidns (#39575)
  * network: fix typo
  * core: assign TTY to PAM context when TTYPath= is specified
  * meson: sysupdate requires systemd-pull and friends
  * README: memory_hugetlb_accounting is since kernel v6.7
  * README: align features after 'for'
  * meson: drop redundant HAVE_ZLIB check
  * meson: refuse to build when gcrypt support is enabled bu libgpg-error not found
  * meson: several cleanups (#39644)
  * libarchive-util: several cleanups
  * reread-partition-table: fix error code check
  * bpf-compat: coding style cleanups
  * repart: Correctly handle btrfs compression (#39597)
  * core/import-creds: trivial modernizations (#39652)
  * profile: skip setting PS0 when PROMPT_COMMAND= is cleared
  * tree-wide: add several missing includes
  * oss-fuzz: install libcrypt-dev in i386 image
  * core/namespace: hide the correct credentials tree when running in user scope (#39651)
  * resolve: use JSON_BUILD_PAIR_TRISTATE_NON_NULL for default_route
  * resolve: drop unnecessary preparation of empty arrays
  * resolve: use enum for several fields
  * resolve: do not dump cache entries when not necessary
  * resolvectl: rename STATUS_PRIVATE -> STATUS_DNS_OVER_TLS
  * resolvectl: use string table
  * resolvectl: drop an empty line between function call and error handling
  * dissect: getenv_fstype() is unused when LIBBLKID support is disabled
  * various: assorted cleanups for safe_fork (#39661)
  * test: avoid service name collision
  * test-ndisc-rs: drop unused verbose flag and log in the debug level
  * resolve: several follow-ups for json output (#39605)
  * sd-path: add new type SD_PATH_SEARCH_SYSCTL (#38680)
  * systemctl: fix edit and cat verbs with --global flag (#39606)
  * core/exec-credentials: port to new mount API, ensure atomicity for creds installation (#39637)
  * musl: locale-util: introduce musl specific locale enumerator
  * musl: locale-util: explicitly check existence of locale file
  * libc: drop unnecessary __THROW attribute
  * tree-wide: drop redundant inclusion of linux/prctl.h
  * test-bus-error: use STRERROR() at several more places
  * sd-journal: use -EBADF for invalidated file descriptor
  * sd-journal: resolve paths passed to sd_journal_open_files() and friends
  * musl: time-util: make parse_gmtoff() accept extended timezone offset format
  * musl: time-util: introduce get_tzname() helper function
  * musl: time-util: skip tm.tm_wday check
  * musl: test-time-util: skip parsing back when currently unused timezone is set
  * musl: meson: allow to choose libc implementation
  * musl: meson: explicitly link with libintl when necessary
  * musl: meson: explicitly set _LARGEFILE64_SOURCE
  * musl: meson: make musl not define wchar_t in their header
  * musl: meson: check existence of renameat2()
  * musl: meson: gracefully disable gshadow, nss, and idn support
  * meson: add musl support (#39686)
  * core/dbus-service: validate type of received ExecContext fds (#39680)
  * sd-journal: fix relative path handling (#38681)
  * time-util: several fixlets/workarounds for supporting musl (#39688)
  * musl: avoid conflict between fcntl.h and basic-forward.h
  * musl: hostname-util: introduce LINUX_HOST_NAME_MAX
  * musl: avoid multiple evaluations in CPU_ISSET_S() macro
  * musl: core: there is one less usable signal when built with musl
  * musl: build-path: fix reading DT_RUNPATH or DT_RPATH
  * musl: format-util: use %llu for formatting rlim_t
  * test-fileio: migrate to use new ASSER_OK() macro and friends
  * test: move several test cases to test-env-file.c
  * test: move several test cases to test-tmpfile-util.c
  * user-util: fix typo
  * tree-wide: assorted fixes/workarounds for supporting musl (#39687)
  * efivarfs readv() size fixes and more (#39715)
  * Make systemd stdio bridge quiet (#39718)
  * core: record transactions that have seen ordering cycles and expose them via IPC (#39210)
  * musl: test: several random fixlets for unit tests
  * musl: introduce dummy gshadow header file for userdb
  * musl: introduce dummy functions for mallinfo(), malloc_info(), and malloc_trim()
  * musl: introduce dummy function for gnu_get_libc_version()
  * musl: provide several missing definitions for prctl()
  * musl: replace netinet/if_ether.h with our own implementation
  * musl: add several missing statx macros
  * Three follow-ups for recent changes (#39724)
  * musl: add several missing symbols (#39701)
  * musl: introduce GNU specific version of strerror_r()
  * musl: test-bus-error: drop ._need_free flag checks
  * musl: make strtoll() accept strings start with dot
  * tree-wide: use SD_JSON_BUILD_PAIR_* macros if possible (#39732)
  * core: add varlink Reload/Reexecute methods (#39561)
  * musl: introduce two wrappers (#39700)
  * musl: stdio: check if stream is writable earlier in fputs() and friends
  * fd-util: do not block O_TMPFILE with -EISDIR (#39736)
  * path-util: add generic `ignore` extension to the hidden files (#39554)
  * Make new sd-path configuration search functionality generic (#39684)
  * nspawn: Prevent invalid UIDs propagating in bind mounts (#39729)
  * sd-event: do not ignore result of callbacks
  * test: add missing assertion
  * network: unify log messages
  * sd-dhcp-lease: drop ret_ prefixes from the parsers
  * sd-dhcp-lease: use the last hostname option when multiple hostname is specified
  * efivars: fix typo
  * resolve: fix typo
  * network-internal: do not save partially parsed values
  * test-network: migrate to use ASSERT_OK() and friends
  * tree-wide: swap arguments for streq()
  * resolve: voidify one function call
  * Revert "test-network: disable several more sandbox features when running with sanitizers"
  * test-network: set TimeoutStopFailureMode=abort when running with sanitizers
  * test-network: drop two overly verbose outputs
  * test-network: several tweaks (#39752)
  * musl: utmpx: add several missing definitions
  * musl: meson: add libutmps support
  * musl: glob-util: filter out . and .. even if GLOB_ALTDIRFUNC is not supported
  * musl: ci: add build test and unit tests
  * cgroup-util: introduce cg_is_available() and check it in tests
  * cgroup-show: drop 'controller' argument from show_cgroup() and show_cgroup_and_extra()
  * cgroup-util: drop 'controller' argument from cg_enumerate_processes()
  * cgroup-util: drop 'controller' argument from cg_enumerate_subgroups()
  * cgroup-util: drop 'controller' argument from cg_set_attribute(), cg_get_attribute() and friends
  * cgroup-util: drop 'controller' argument from cg_path_open()
  * cgroup-util: drop cgroup v1 support from cg_pid_get_path()
  * tree-wide: replace cg_get_path_and_check() with cg_get_path()
  * cgroup-util: drop cgroup v1 support from cg_mask_supported_subtree()
  * cgroup-util: use cg_is_available() in cg_kill_supported()
  * cgroup-util: drop cgroup v1 support in cg_get_path()
  * limits-util: drop cgroup v1 support from physical_memory()
  * cgls: drop cgroup v1 support and warn when cgroup v1 controller is specified
  * cgroup-util: drop unused cg_unified() and friends
  * cgroup-util: drop 'controller' argument from cg_get_keyed_attribute() and cg_is_empty()
  * cgroup-util: drop 'controller' argument from cg_get_path()
  * cgroup-show: drop unnecessary call of cg_mangle_path()
  * cgroup-util: do not check validity of controller in cg_split_spec()
  * cgroup-util: drop unused SYSTEMD_CGROUP_CONTROLLER_{LEGACY,HYBRID}
  * cgroup-util: drop outdated comments
  * shell-completion: drop deprecated cgroup controller suggestion
  * log: make each string generated in log_format_iovec() NUL terminated
  * log: replace format string in LOG_ITEM() to a dummy one when analyzed by Coverity
  * test-log: migrate to use ASSERT_OK() and friends
  * test-log: add test cases for log_format_iovec()
  * repart: fix typo
  * NEWS: insert hyphen
  * Drop remaining CGroup v1 specific code (#38969)
  * test: modernize test-log and add test cases for log_format_iovec() (#39750)
  * Split out script for musl builds (#39758)
  * NEWS: menton future removal of SysV support and requirement bump
  * Revert "musl: meson: add libutmps support"
  * musl: meson: gracefully disable utmp support
  * Revert "musl: utmpx: add several missing definitions"
  * musl: gracefully disable utmp support (#39775)
  * core/unit: unit_process_job() tweaks (#39753)
  * core/socket: do not log failure in setting socket option with number
  * core: Verify inherited FDs are writable for stdout/stderr (#39674)
  * test: fix tested function name
  * errno-util: avoid double evaluation in STRERROR_OR_EOF()
  * user-util: avoid double evaluation in STRERROR_USER/GROUP()
  * socket-label: move prototype of socket_address_listen() and string table for SocketAddressBindIPv6Only
  * NEWS: fix typo
  * Simplify source lists in meson config (#39811)
  * core: SMACK label to Unix socket path and FD (#39772)
  * meson: sort shell completions
  * meson: exit earlier from the subdirectory when bash/zshcompletiondir is 'no'
  * pam_systemd: fix OSC write failure message appearing in error logs (#39791)
  * apparmor: update log message
  * pam-util: use correct errno
  * pam-util: make pam_debug_syslog_errno() returns pam error
  * pam-systemd: various fixlets for logging
  * pam-systemd-loadkey: append full stop
  * pam-systemd-home: various logging cleanups
  * Use SD_JSON_BUILD_PAIR_* macros if possible in shared/core/home (#39845)
  * NEWS: drop one sentence
  * clang-tidy: Enable misc-include-cleaner check (#39835)
  * core/selinux-setup: actually skip setup gracefully when libselinux is not available (#39859)
  * firstboot: drop redundant and spurious errno check
  * oomd: move check if processes can be killed into oomd_cgroup_kill()
  * tree-wide: replace tab with space, adjust missing or duplicated space
  * test: use log_tests_skipped_errno() at one more place
  * openssl-util: introduce openssl_extract_public_key() helper function
  * factory: do not install nsswitch.conf when nss is disabled
  * process-util: fix typo
  * docs/MOUNT_REQUIREMENTS: fix typo
  * TEST-02-UNITTESTS: drop outdated comment
  * openssl-util: indentation fix
  * run0: two follow-ups (#39900)
  * core/mount: comprehensively disable mount unit support if no libmount (#39884)
  * SD_JSON_BUILD_PAIR() conversions with coccinelle script (#39858)
  * Pull in recent changes from Weblate (#39920)
  * meson: rework include_directories() and finding of tools (#39956)
  * include: fix typo
  * sd-netlink: introduce netlink_now() and move timespan_to_timestamp()
  * sd-netlink: introduce sd_netlink_ignore_serial()
  * sd-netlink: drop unused ret_messages argument
  * sd-netlink: also read the reply for NFNL_MSG_BATCH_BEGIN message
  * test-firewall-util: allow to run test-firewall-util
  * include: update kernel headers from v6.18
  * musl: introduce wrappers for getopt() and getopt_long()
  * Add 82-net-auto-link-local.{hwdb,rules} to build system and add BMC USB-to-USB links to hwdb (#40006)
  * ci: pass --no-stdsplit to meson test
  * test: always use bash
  * test-seccomp: do not fail when already MemoryDenyWriteExecute= is enabled
  * TEST-13-NSPAWN: the host kernel may not support /proc/kcore
  * TEST-35-LOGIN: show remaining sessions in cleanup_session()
  * TEST-35-LOGIN: fix bus path when the session does not have corresponding audit session
  * TEST-46-HOMED: split into small testcases
  * TEST-75-RESOLVED: move test cases for NFTSet= to TEST-07-PID1
  * test-network: also stop nftables.service
  * test-network: IPv4-mapped-IPv6 addresses may be shown as pure IPv6 address
  * test: support coreutils built with --enable-single-binary=symlinks
  * integration-test: skip several test cases on Alpine/postmarketOS
  * test: skip several test cases when built with musl
  * integration-test: skip several test cases when nss module is not supported
  * test-execute: support case that the games user in multiple groups
  * test: several fixlets/workarounds for supporting postmarketOS (#39905)
  * mkosi: update mkosi commit reference to 5a476a92deca8ad54869e5d416217aa1bb137b25
  * mkosi: RuntimeScratch=/--runtime-scratch= are deprecated
  * meson: a variety of build portability fixes (#40012)
  * acl-util: define minimal types and constants even when acl support is disabled
  * tar-util: allocate ACL entry only when necessary
  * tar-util: allow to build without libacl support
  * bus-wait-for-jobs: fix quiet argument for log_job_error_with_service_result()
  * bus-wait-for-jobs: use SYNTHETIC_ERRNO()
  * bus-wait-for-jobs: do not say "Unexpected job result" when job is simply failed
  * bus-wait-for-jobs: assign unique error code from service result
  * bus-wait-for-jobs: fix failed job logging (#40043)
  * TEST-85-NETWORK: enable NetworkdSysctlTest
  * tree-wide: normalize comment style
  * sysext: Fix config file section docs and --root= (#40063)
  * mount-util: fix typo
  * integration-test: check tools distribution rather than image distribution
  * TEST-70-TPM2: re-enable tpm2-setup test on Alpine/postmarketOS
  * core: fix extensions refreshing (dlopen() shenanigans) (#40112)
  * Drop use of deprecated options
  * Do not install rc-local generator in upstream build

  [ Luca Boccassi ]
  * Enable portabled and install related files in systemd-container
  * core: set shutdown watchdog on kexec too
  * core: add KExecWatchdogSec option
  * core: rename ShutdownWatchdogSec to RebootWatchdogSec
  * portabled: allow to detach an image with a unit in linked-runtime state
  * Clarify journald.conf MaxLevelStore documentation
  * portablectl: add --now and --enable to attach/detach
  * portablectl: block when stopping a unit on detach (--now)
  * man: explicitly note that ExecSt*Post does count for After/Before ordering
  * man: add missing varname around keywords in systemd.unit.xml
  * core: add log_get_max_level check optimization in log_unit_full
  * core: add debug log when a job in the activation queue is not runnable
  * Revert "detect-virt: also detect "microsoft" as WSL"
  * core: reload cache if it's dirty when starting a UNIT_NOT_FOUND unit
  * test: temporarily block test 48 on Ubuntu's autopkgtest
  * dissect-image: wait for udev for single filesystem images too
  * dissect: support single-filesystem verity images with external verity hash
  * efi: use stub for cache_efi_options_variable if !ENABLE_EFI
  * core: add RootHash and RootVerity service parameters
  * basic/mkdir: introduce safe recursive variants
  * nspawn: use mkdir_p_safe instead of homegrown version
  * Container interface: document exposing the host's os-release
  * nspawn: implement container host os-release interface
  * portabled: implement container host os-release interface
  * make-autosuspend-rules: restore compatibility with Python3 < 3.6
  * veritysetup: add support for dm-verity root hash signature
  * dissect/nspawn: add support for dm-verity root hash signature
  * core: add RootHashSignature service parameter
  * portabled: create temp file for unit, not directory
  * core: add device mapper to allow-list with DevicePolicy=closed and RootImage
  * efi: define cache functions inside EFI_ENABLE ifdef
  * core: store timestamps of unit load attempts
  * core: refresh unit cache when building a transaction if UNIT_NOT_FOUND
  * test: exercise systemd-dissect --mount in TEST-50-DISSECT
  * test: exercise systemd-dissect with GPT and verity in TEST-50-DISSECT
  * test: pre-assemble minimal image for TEST-50-DISSECT at build time
  * test: exercise RootImage, RootHash and RootVerity in TEST-50-DISSECT
  * basic/mkdir: use uid_is_valid instead of manual check
  * shared/os-util: fix comment style to follow guidelines
  * nspawn: use access/F_OK instead of stat to check for file existence
  * nspawn: mount os-release in two steps to make it read-only
  * nspawn: set container_host env vars before user arguments
  * test: run systemd-dissect and systemd-run with log level debug in TEST-50-DISSECT
  * dm-util: use CRYPT_DEACTIVATE_DEFERRED instead of ioctl
  * verity: re-use already open devices if the hashes match
  * NEWS: fix typo in path
  * doc: update os-release spec with new path for container host's file
  * portabled: update host's os-release path
  * basic/list: add LIST_JOIN helper
  * service: add new RootImageOptions feature
  * test: add another test case for extract_many_words
  * strv: add strv_split_colon_pairs function
  * core: new feature MountImages
  * udev-util: add device_wait_for_devlink
  * dissect: wait for udev event if verity device not yet available
  * dissect: account for EBUSY when verity device already exists
  * dissect: yield for 2ms when a verity device cannot be opened before retrying
  * tree-wide: enable/disable libcrypsetup debug output depending on our level
  * shared/udev-util: fix sd_device leak in device_wait_for_initialization
  * basic/time-util: add function to format timestamps with different styles
  * systemctl: add --timestamp to change timestamp print format
  * coding style: document how to break a function declaration
  * core: cleanup unused variables
  * core: use strv_split_colon_pairs when parsing RootImageOptions
  * core: change RootImageOptions to use names instead of partition numbers
  * core: add mount options support for MountImages
  * core: add [Enable|Disable]UnitFilesWithFlags DBUS methods
  * dissect-image: use correct path variable when reading verity signatures
  * dissect-image: do not refuse verity GPT without /usr partition
  * libcrypt-util: use build-time check for crypt_preferred_method
  * Block TEST-50-DISSECT on Ubuntu CI temporarily
  * Revert "Block TEST-50-DISSECT on Ubuntu CI temporarily"
  * test: fix TEST-50-DISSECT build on Ubuntu CI
  * test/README: notes about Ubuntu CI logs and dependencies
  * test: increase size of verity partition in TEST-50-DISSECT GPT image
  * test: account for non-x86-64 archs in TEST-50-DISSECT
  * systemd-container: install systemd-dissect binary
  * d/t/control: install squashfs-tools for upstream test
  * meson: check that cxx variable is set before using it
  * Merge pull request #17829 from anitazha/testoomdfix
  * Merge pull request #17787 from DaanDeMeyer/mkosi-boot-tests
  * Merge pull request #17760 from mrc0mmand/revert-semaphore-timedated
  * Merge pull request #17855 from poettering/more-socktops
  * test: pull in weak deps into tests
  * meson: specify correct libqrencode version in meson dep
  * Merge pull request #17882 from poettering/logind-async-close
  * Merge pull request #17911 from yuwata/log-cli-program-use-journal
  * Merge pull request #17921 from yuwata/network-drop-assertion-17920
  * Merge pull request #17958 from yuwata/network-route-log
  * Merge pull request #17959 from yuwata/network-log-address
  * Merge pull request #17960 from yuwata/network-log-routing-policy-rule
  * test: use deny-list in run-integration-tests.sh
  * test: fix regex in run-integration-tests.sh
  * False positives in GA labeler bot
  * Add more matching rules to GA labeler bot for subcomponents
  * basic: add make_mount_point_inode helper
  * shared/dns: fix dlopen_idn return code check
  * Merge pull request #18048 from poettering/timesync-man-more
  * Merge pull request #18109 from yuwata/network-routing-policy-rule-family-both-fixes
  * test: update test_create_image
  * test: use pkg-config to get user unit dir when installing dbus user socket
  * test: check for binariers in [usr/][s]bin
  * test: shortcut skip if both TEST_NO_QEMU and TEST_NO_NSPAWN are set
  * Do not run ninja in run-integration-tests.sh
  * tests: add TEST_QEMU_ONLY variable to run only tests where qemu is mandatory
  * tests: add TEST_PREFER_NSPAWN variable to run as many as possible under nspawn
  * cryptsetup: use crypt_token_max if available
  * systemctl: have is-enabled return success for aliases when calling into pid1 too
  * Merge pull request #18128 from mrc0mmand/coverity
  * Merge pull request #18172 from dmedri/master
  * bpf: zero bpf_attr before initialization
  * Merge pull request #18186 from DaanDeMeyer/translations-option
  * dissect: fix root hash signature autodiscovery
  * bpf: do not use structured initialization for bpf_attr
  * ci: do not build with --optimization=1 with Clang
  * Merge pull request #18174 from systemd/coverity-now-for-real
  * Merge pull request #18226 from mrc0mmand/actions-flake-workarounds
  * Merge pull request #18245 from poettering/unit-file-install-fixes
  * Merge pull request #18254 from keszybz/trivial-cleanups
  * Merge pull request #18268 from ssahani/net5
  * Merge pull request #18264 from ssahani/net3
  * machine/basic: factor out helper function to add airlocked mount to namespace
  * machine: adjust error message to use 'normalized' instead of ../
  * shared/mount-util: use namespace_fork utils
  * machine: enter target PID namespace when adding a live mount
  * machine: use file descriptor when chasing bind mount sources
  * MountAPIVFS: always mount a tmpfs on /run
  * core: add DBUS method to bind mount new nodes without service restart
  * test: skip missing optional libraries in image install
  * test: run strace with -f and copy log out
  * Merge pull request #17228 from bluca/bind_path_runtime
  * sysext: add verity boilerplate
  * os-release: add support for /usr/lib/extension-release.d/
  * sysext: use parse_extension_release and reject extension if not found
  * man: mention SYSEXT_LEVEL in os-release(5)
  * sysext: install in /usr/lib/systemd/ for now
  * sysext: install in rootbindir, remove template from unit
  * Merge pull request #18325 from ssahani/more-cleanup
  * core: split read_mount_options helper out for reuse
  * dissect: split verity_dissect_and_mount helper out for reuse
  * mount-util: add helper to mount image inside live namespace
  * pid1: add DBUS method to mount image inside a running service namespace
  * systemctl: add new option to mount image inside a running service namespace
  * Merge pull request #18338 from poettering/print-table-with-bells-and-whistles
  * Merge pull request #18302 from bluca/mount_image_runtime
  * Merge pull request #18349 from poettering/import-fixlets2
  * Merge pull request #18358 from jwrdegoede/hwdb-2-accel-quirks
  * test: note where the bionic-* CI tool/integration lives
  * tests: build the image once and then copy/extend it
  * Merge pull request #18384 from poettering/mangle-os-fix
  * tools: make update-dbus-docs compatible with Python 3.7
  * test: fix 'make clean' not removing shared image
  * Merge pull request #18435 from keszybz/oomd-readiness-and-other-tweaks
  * Merge pull request #18490 from keszybz/prettify-update-dbus-docs
  * Merge pull request #18470 from mrc0mmand/ci-clang-12
  * Fix coverity warning in test-string-util.c
  * test-50-dissect: move minimal image setup to common setup function
  * test: add empty /etc/resolv.conf in test image
  * test: setup var/tmp in the test image as well
  * portable: allow Detach to match images with different version suffixes
  * portable: add 'reattach' verb and DBUS interface
  * Merge pull request #18550 from keszybz/coverity-inspired-fixes
  * NEWS: mention new systemctl verb and fix typo
  * NEWS: add a note about no longer probind mmcblk*boot*
  * Merge pull request #18565 from poettering/randomize-answers
  * test: install binaries from local d/control file
  * Merge pull request #18593 from keszybz/fuzz-more-systemctl-paths
  * portabled: use service_parse_argv/bus_add_implementation
  * portabled: use SD_BUS_METHOD_WITH_ARGS
  * portabled: add DBUS documentation
  * MountImages: actually support optional paths
  * namespace: store and use original MountEntry paths when prefixing
  * stat-util: fix dir_is_empty_at without path
  * test: avoid leaking open loop devices
  * os-util: add path_is_extension_tree helper
  * os-util: add load_extension_release_pairs helper
  * env-util: add strv_env_pairs_get helper
  * dissect: store image name, following usual parsing rules
  * dissect: parse, store and show extension-release info
  * machine: parse and store extension-release
  * os-util: split extension_release_validate out of sysext
  * os-util: allow missing VERSION_ID on the host
  * env-util: refactor parsing helper for SYSTEMD_SYSEXT_HIERARCHIES out of sysext
  * Merge pull request #18625 from bluca/sysext_refactor
  * MountImages: fix exec_context_dump printf
  * MountImages: parse unit specifiers after permissive hyphen
  * sysext: split parsing SYSTEMD_SYSEXT_HIERARCHIES in a common helper
  * core/namespace: reafactor applying mounts in a separate function
  * Add ExtensionImages directive to form overlays
  * test: skip TEST-56-OOMD if systemd-oomd is not installed
  * NEWS: mention ExtensionImages
  * Merge pull request #18797 from keszybz/trivial-cleanups
  * Merge pull request #18806 from weblate/weblate-systemd-master
  * core: do not set noexec on sysfs/procfs
  * udev rules: add rule to create /dev/ptp_hyperv
  * Merge pull request #18831 from keszybz/a-bunch-of-man-page-updates
  * man: document usage of SD_BUS_CREDS_AUGMENT
  * Merge pull request #18834 from poettering/path-extract
  * Merge pull request #18875 from keszybz/localed-error
  * dissect: avoid overflow access by NULLSTR_FOREACH
  * Merge pull request #18911 from keszybz/coverity-inspired-fixes
  * Merge pull request #18918 from yuwata/man-no-new-priv-18914
  * Merge pull request #18927 from poettering/dissect-alloca-fix
  * Merge pull request #18930 from anitazha/oomdfixleak
  * Merge pull request #18978 from keszybz/man-rc.local
  * Merge pull request #18984 from poettering/event-test-timeout
  * man: specify that ProtectProc= does not work with root/cap_sys_ptrace
  * doc/RELEASE.md: document hwdb update step
  * resolved: simplify min_ttl check
  * Merge pull request #19036 from mrc0mmand/cocci-fixes
  * Merge pull request #19030 from dtardon/rhel9-covscan
  * Merge pull request #19081 from keszybz/three-comment-updates
  * Merge pull request #19079 from poettering/resolved-ipv6-cache-fix
  * Merge pull request #19076 from yuwata/firewall-util-modernizations
  * test-firewall-util: add more asserts on allocated variables
  * test-dhcp6-client: add one more assert on memory mapping
  * Merge pull request #19117 from bluca/coverity
  * test-dhcp6-client: add one more assert on memory mapping
  * Revert "fix wrong statement JOURNAL_FILE_FORMAT.md doc"
  * Merge pull request #19155 from keszybz/hwdb-contrib-v248
  * Merge pull request #19149 from anitazha/oomdlogging
  * compress: support streaming lz4 without full input mmap
  * gcrypt: do not ignore return values
  * portabled: add --extension parameter for layered images support
  * Merge pull request #19169 from keszybz/reenable-maybe-unitialized-warning
  * Merge pull request #19168 from keszybz/nss-resolve-unfoobar
  * resolved: use _cleanup_(gcry_md_closep) in one more place
  * Merge pull request #19175 from keszybz/maybe-unitialized-warning-2
  * Backport patch to fix assert with invalid LoadCredentials=
  * Merge pull request #19179 from anitazha/buildandtest
  * sysusers/firstboot: temporarily disable LoadCredential
  * Merge pull request #19215 from braewoods/main
  * coredump: parse build-id out of core file
  * coredump: parse .note.package ELF section
  * coredump: parse and append package metadata to journal message
  * coredumpctl: parse and print package metadata
  * Add markdown doc about coredump package metadata
  * Bump test-random-util timeout
  * coredump: fix typo
  * coredump: use set_put_strdup()
  * coredump: fix style nits
  * coredump: use JSON helpers instead of creating objects manually
  * coredump: rename COREDUMP_PKGMETA_ fields to COREDUMP_PACKAGE_
  * coredump: fetch JSON object by key instead of iterating
  * coredumpctl: fetch JSON object by key instead of iterating
  * basic: add path_equal_filename helper
  * coredump: use path_equal_filename helper
  * coredump: update and shorten package metadata keys
  * Merge pull request #19231 from bluca/coredump_decode
  * timedated: use format_timestamp instead of ctime
  * test-extract-word: add a couple more corner cases
  * scsi_id: modernize and use extract_many_words instead of strsep
  * errno-util: suppress LGTM warning about strerror
  * in-addr-util: suppress LGTM warning about htobe32
  * tests: allow for os-release quote variability in TEST-50-DISSECT
  * mkosi.arch: add rsync build dependency
  * scsi_id: use read_line instead of fgets
  * test-repart: use cryptsetup and losetup autoclose
  * Merge pull request #19303 from yuwata/fix-typo
  * rfkill: add some casts to silence -Werror=sign-compare
  * meson: build tests with -Wno-maybe-uninitialized if -O2/-flto are used
  * tree-wide: avoid uninitialized warning on _cleanup_ variables
  * Merge pull request #19315 from yuwata/network-wait-online-address-family-follow-ups
  * test: use systemd-run --wait in TEST-44-LOG-NAMESPACE
  * Merge pull request #19317 from keszybz/check-return-values-from-log_errno-functions
  * Merge pull request #19318 from yuwata/udev-ignore-additional-newline-on-verify-19314
  * Merge pull request #19326 from keszybz/reorder-meson-status-output
  * Merge pull request #19351 from keszybz/log-message-tweaks
  * Merge pull request #19356 from zxzax/sd-login-typos
  * Merge pull request #19390 from poettering/repart-copy-fixes
  * Merge pull request #19156 from dtardon/enable-warn
  * Merge pull request #19421 from yuwata/fix-typo
  * Revert "sysusers/firstboot: temporarily disable LoadCredential"
  * Merge pull request #19505 from jwrdegoede/hwdb-2-accel-quirks
  * Merge pull request #19498 from poettering/mallinfo2
  * docs/COREDUMP_PACKAGE_METADATA.md: add table with well-known keys and their definition
  * systemd.install: catch all files installed in usr/bin and bin
  * upstream suite: add build-dep on vim-tiny
  * cryptsetup: add 'headless' parameter to skip password/pin query
  * FIDO2: support pin-less LUKS enroll/unlock
  * FIDO2: ask and record whether user presence was used to lock the volume
  * FIDO2: ask and record whether user verification was used to lock the volume
  * FIDO2: if defined, check for FIDO_ERR_UV_BLOCKED
  * Merge pull request #19552 from yuwata/fix-typo-and-coverty-issues
  * Merge pull request #19298 from bluca/cryptsetup_nopass
  * Merge pull request #19659 from keszybz/mkosi-naming-adjustment
  * build tests: check that Github pages can be built successfully
  * Merge pull request #19669 from mrc0mmand/ci-mkosi-arch
  * journal: fix uninitialized variable use
  * resolved: check return value of gcrypt APIs
  * test-env-util: use streq_ptr when comparing directly the result of getenv
  * Merge pull request #19700 from keszybz/check-os-release-fixups
  * Merge pull request #19697 from jwrdegoede/hwdb-more-accel-quirks
  * meson: look for bpftool in /usr/sbin too
  * core: make libbpf a dlopen() dependency
  * Merge pull request #19722 from poettering/empty-string-loginctl-man
  * Merge pull request #19765 from keszybz/early-boot-logging-improvements
  * Merge pull request #19779 from poettering/unit-name-length-tweak
  * Merge pull request #19783 from yuwata/efi-build-options
  * TODO: remove some features that have been implemented
  * TODO: mention the new Landlock LSM as a way to implement sandboxing for systemd --user
  * docs: add ARCHITECTURE.md with code map
  * Merge pull request #19793 from keszybz/tmpfiles-autofs-and-globs
  * core: add MemoryAvailable unit property
  * compress: return uncompressed size to the caller
  * coredump: check cgroups memory limit if storing on tmpfs
  * NEWS: list more recent changes
  * Merge pull request #19864 from keszybz/serialization-cleanup
  * Merge pull request #19811 from anitazha/revert_mount_rl
  * Merge pull request #19866 from yuwata/sd-device-new-from-ifindex
  * Merge pull request #19894 from yuwata/network-fix-configure-without-carrier
  * Merge pull request #19898 from yuwata/network-multipath-route-without-interface-name
  * Merge pull request #19930 from yuwata/update-comments
  * Merge pull request #19921 from yuwata/service-verify-bus-type
  * Merge pull request #19947 from yuwata/network-dad-tiny-fixes
  * Merge pull request #19948 from keszybz/set-driver-refactoring
  * test: do not run 'meson configure' if NO_BUILD is set
  * autopkgtest: add dependency on dosfstools for upstream test
  * test: install nls modules, required by vfat
  * test: do not lose logs of late failures in TEST-02-UNITTESTS
  * test: do not fail TEST-02-UNITTESTS if they are all skipped
  * test: allow to call units/testsuite-02.sh from other scripts
  * test: move custom result checks from TEST-02-UNITTESTS to test-functions
  * test-loop-block: run in qemu
  * completion/hostnamectl: do not dereference non-existing OPTS[ARGUNKNOWN]
  * completion/systemd-delta,-resolve: autocomplete with parameters
  * completion: fix 'unbound variables' errors
  * Merge pull request #20002 from yuwata/sd-dhcp-client-ignore-forcerenew
  * basic/extract-word: add EXTRACT_RETAIN_SEPARATORS flag
  * core: add ConditionOSRelease= directive
  * Merge pull request #20000 from dtardon/replace-strtoul
  * ExtensionImages: log explicit error when extension-release metadata does not match
  * NEWS: mention MS_NOSUID for namespaced services by default
  * Merge pull request #20042 from yuwata/udev-rule-fix-cid-1457766
  * Merge pull request #20043 from yuwata/sd-netlink-cleanups
  * Merge pull request #20047 from keszybz/doc-fix
  * core: when recursively bind-remounting nested mounts, use options from top one
  * core: do not setup/teardown cgroup if MANAGER_TEST_RUN_MINIMAL is set as a flag
  * analyze: use MANAGER_TEST_RUN_MINIMAL instead of MANAGER_TEST_RUN_BASIC
  * TODO: mention the new core scheduling kernel feature
  * TODO: reorder entries by component
  * man: correct return value of sd_bus_open_with_description
  * hwdb: run ninja -C build update-hwdb update-hwdb-autosuspend
  * NEWS: update contributors list
  * NEWS: note new user-visible change, drop 'in spe'
  * man: fix systemd-sleep.conf.xml whitespace
  * NEWS: finalize for v249
  * Merge pull request #20157 from keszybz/numerical-uids-in--M
  * Merge pull request #20186 from keszybz/coverity-fixes
  * Merge pull request #20202 from yuwata/network-fix-manage-foreign-routes-no
  * TODO: note cgroup.kill and memfd_secret
  * Merge pull request #20228 from yuwata/follow-ups-20109
  * Merge pull request #20225 from mrc0mmand/selinux-nspawn-sanity
  * git-contrib: copypaste-friendly output
  * Merge pull request #20123 from keszybz/extended-job-status
  * Merge pull request #20273 from keszybz/extended-job-status
  * discover-image: mount as read-only when extracting metadata
  * TODO: homed + user session namespace
  * Merge pull request #20288 from keszybz/freeze-no-malloc
  * Merge pull request #20276 from keszybz/rpm-restart-wip
  * Merge pull request #20318 from poettering/seccomp-getrandom-fix
  * Merge pull request #20319 from keszybz/meson-0.53.2
  * Merge pull request #20311 from keszybz/manpage-l10n-report
  * Merge pull request #20326 from keszybz/meson-0.53.2
  * udev/sd: add support for DISKSEQ
  * loop: parse and store disk sequence number
  * dissect: use DISKSEQ when waiting for block devices
  * Merge pull request #20348 from poettering/free-and-replace-double-eval
  * Merge pull request #20352 from poettering/copy-tweaks
  * creds: assert that credential read from file fits in data struct
  * tree-wide: voidify unchecked close_nointr calls
  * Merge pull request #20371 from bluca/coverity
  * Merge pull request #20368 from keszybz/drop-assert-not-reached-text
  * Merge pull request #20372 from keszybz/veritysetup-help
  * Merge pull request #18567 from Werkov/mkosi-opensuse-v9+
  * Merge pull request #20381 from yuwata/cgroup-empty-to-root
  * Merge pull request #20375 from yuwata/network-bridge-vlan-issue-20373
  * Merge pull request #20384 from keszybz/udev-code-modernization
  * Merge pull request #20413 from poettering/mempmen
  * Merge pull request #20414 from yuwata/sd-dhcp6-client-trivial-fixes
  * Merge pull request #20423 from yuwata/dhcp-server-static-lease-outside-pool
  * xattr-util: add fgetxattrat_fake_malloc variant
  * extension-release: search for other files if expected name not found
  * man: further document extension-release
  * docs: document layered images in PORTABLE_SERVICES.md
  * docs: portable services are no longer in preview
  * Merge pull request #20471 from poettering/format-str-proc-fd
  * Merge pull request #20436 from fbuihuu/add-no-build-support-on-opensuse
  * Merge pull request #20486 from DaanDeMeyer/sd-bus-eproto
  * hwdb-usb-device: use xsprintf
  * format-util/sd-bus: do not ignore snprintf result
  * tree-wide: voidify unchecked snprintf calls
  * Merge pull request #20530 from keszybz/typos-and-meson
  * Merge pull request #20257 from bluca/seqno
  * Merge pull request #20525 from maanyagoenka/custom-security
  * Merge pull request #20626 from yuwata/network-keep-master
  * dissect-image: add extension-specific validation flag
  * portabled: error out if there are no units only after parsing all images
  * portabled: validate SYSEXT_LEVEL when attaching
  * portabled: refactor extraction/validation into a common helper
  * test: rename TEST-63-ANALYZE to solve conflict
  * Merge pull request #20667 from keszybz/portable-docs
  * analyze: ignore dependencies with security --offline
  * Merge pull request #20702 from yuwata/network-trivial-cleanups
  * Merge pull request #20699 from yuwata/network-drop-foreign
  * Merge pull request #20705 from yuwata/test-oomd-util
  * Merge pull request #20701 from yuwata/network-address-cleanups
  * docs: generic info about adding directives in ARCHITECTURE.md
  * test: document autopkgtest CI infrastructure
  * Merge pull request #20650 from fbuihuu/watchdog-rework
  * Merge pull request #20751 from poettering/watchdog-tweaklet
  * Merge pull request #20758 from yuwata/test-17-udev-cleanups
  * Merge pull request #20780 from mrc0mmand/test-storage-btrfs
  * socket-util: const-ify iov parameter in send_one_fd_iov_sa
  * selinux: add mac_selinux_create_file_prepare_label helper
  * portable: use send_one_fd_iov/receive_one_fd_iov instead of custom helpers
  * portable: copy SELinux label when extracting units from images
  * Merge pull request #20690 from DaanDeMeyer/oomd-user-services
  * Merge pull request #20756 from benzea/benzea/usb-persist
  * Merge pull request #20806 from fbuihuu/test-make-debug-tools-optional
  * Merge pull request #20736 from keszybz/ioprio-simplification
  * basic: delete loadavg.h copy
  * test: double test-hashmap timeout
  * CI: run unit tests in a network namespace
  * CI: add code coverage reports via lcov and coveralls.io
  * CI: do manpages build only on the clang unit test run
  * parse-util: prefix load average macros with LOAD_AVG_
  * CI: run GCC unit test job on push to main
  * headers: update bpf_insn.h to dual license
  * docs: mention that contributed code must be compatible with GPL-2.0-or-later explicitly
  * Merge pull request #20883 from bluca/bpf_header_license
  * Merge pull request #20884 from mrc0mmand/to-shellcheck-or-not-to-shellcheck
  * Merge pull request #20907 from keszybz/licensing-cleanup
  * tree-wide: fix SPDX short identifier for LGPL-2.1-or-later
  * man: add licenses to all files that lack one
  * add LICENSES/README.md explaining the license situation
  * Add all other applicable licenses under LICENSES/
  * Merge pull request #20886 from bluca/license
  * man/glib-event-glue example: relicense to CC0-1.0
  * test: create and merge code coverage reports in integration tests
  * Merge pull request #20893 from poettering/per-user-oom-score
  * Merge pull request #20926 from yuwata/udev-net-wol-sopass
  * test: make OpenSSL checks optional in TEST-50-DISSECT
  * network: assert on dereferenced pointer
  * fundamental: define size_t and memcpy for sd-boot
  * boot/sha256: sd-ify and move to src/fundamental
  * basic: add hmac_sha256 implementation
  * libsystemd/sd-id128: use only internal hmac, remove khash/OpenSSL support
  * basic: remove khash helpers
  * Merge pull request #20915 from bluca/libsystemd_openssl
  * LICENSES/README.md: fix typo
  * LICENSES/README.md: remove reference to non-existing files
  * docs: add guidelines w.r.t. compatibility to docs/CONTRIBUTING.md
  * Merge pull request #21002 from poettering/watchdog-off
  * Merge pull request #21026 from keszybz/licensing-info-for-generated-files
  * Merge pull request #21055 from yuwata/network-dhcp6-pd-route-lifetime-metric
  * CI: disable code coverage in GH Action
  * TODO: add note about chase_symlink flag
  * docs/COREDUMP_PACKAGE_METADATA: add architecture field
  * docs/COREDUMP_PACKAGE_METADATA: ELF section should be read-only and 4-bytes-aligned
  * docs/COREDUMP_PACKAGE_METADATA: ELF section should be allocated and 0-padded
  * systemctl: pretty-print ExtensionImages property
  * systemctl: small fixes for MountImages pretty printing
  * run: do not validate exe early if MountImages/ExtensionImages are used
  * core: make DynamicUser=1 and StateDirectory= work with TemporaryFileSystem=/var/lib
  * core: add [State|Runtime|Cache|Logs]Directory symlink as second parameter
  * Merge pull request #21167 from poettering/various-doc-tweaks
  * Merge pull request #21229 from keszybz/improve-m-hint
  * analyze: fix typos in test policy
  * basic/mountpoint-util: detect erofs as a read-only FS
  * Merge pull request #20138 from keszybz/coding-style-variable-decls
  * analyze: explain how the weight/range policy fields are used
  * analyze: allow a custom policy to skip a check with weight=0
  * Merge pull request #21237 from bluca/analyze_skip
  * Merge pull request #21293 from mrc0mmand/ci-cancel-old-jobs
  * Merge pull request #21290 from poettering/arch-me-harder
  * Merge pull request #21273 from yuwata/hostname-device-tree
  * Merge pull request #21301 from yuwata/network-neighbor-use-hw-addr-data
  * Merge pull request #21241 from wat-ze-hex/2021-11-04-fix-bpf-foreign-realization
  * depend on default-dbus-system-bus | dbus-system-bus
  * Merge pull request #21285 from poettering/boot-os-rel-fix
  * tree-wide: don't ignore return code from sd_event_source_set_enabled()
  * Merge pull request #21341 from yuwata/network-route-flags
  * journal-remote: more handling of sd_event_source_set_enabled failures
  * sd-event: one more assert when turning off an event source
  * test-strxcpyx: check result of snprintf
  * Merge pull request #21277 from yuwata/permanent-hw-addr
  * CONTAINER_INTERFACE: clarify that /proc/sys can be writable with namespacing
  * hwdb: voidify call to mkdir_parents_label
  * getty-generator: add kernel cmdline and env vars to disable it
  * Merge pull request #21424 from keszybz/json-double
  * man/kernel-command-line: add reference to getty_auto variable
  * Merge pull request #21431 from DaanDeMeyer/issue-19799
  * Merge pull request #21432 from DaanDeMeyer/journal-trivial-fixes
  * test runner: print time before/after tests
  * Merge pull request #21357 from mbd98/usr-verity-auto
  * Merge pull request #21253 from poettering/homed-auto-grow-shrink
  * portable: move profile search helper to path-lookup
  * shell-completion: add offline/root/image to systemd-analyze
  * analyze: add --profile switch to security verb
  * Merge pull request #21535 from yuwata/network-netdev-verify-mac
  * Merge pull request #21549 from yuwata/network-netdev-mac-address-none
  * coredump: fix parsing metadata without access to executable
  * Merge pull request #21568 from yuwata/network-fix-json-format
  * docs: clarify JSON terms in COREDUMP_PACKAGE_METADATA
  * docs: clarify ELF note usage in COREDUMP_PACKAGE_METADATA
  * Merge pull request #21573 from keszybz/one-more-table-sort
  * coredump: check return of dwarf_getscopes
  * coredump: flush accumulating buffer after parsing core file
  * coredump: use _cleanup_ pattern
  * coredump: analyze object with libdwelf in forked process
  * coredump: make the buffer optional when analyzing a core file
  * coredump: always log on failure in parse_core()
  * coredump: move elf parsing utilities to src/shared/elf-util
  * elf-util: split out helper to parse build-id
  * elf-util: add stub for builds without libdw
  * meson: remove libdw dependency from pstore
  * elf-util: switch libelf/libdw to dlopen()
  * TODO: update dlopen todo list
  * elf-util: add function to parse metadata out of ELF objects
  * analyze: add inspect-elf verb to parse package metadata
  * Merge pull request #21553 from yuwata/network-wireguard-add-routes-to-allowed-ips
  * core: add Condition[Memory/CPU/IO]Pressure
  * cgroup: don't emit BPF firewall warning when manager is in test mode
  * test: run commands with debug level logs in TEST-65-ANALYZE
  * elf-util: do not ignore prctl() errors
  * Merge pull request #21591 from yuwata/core-bpf-firewall-unsupported-reason
  * core: support user manager with Condition[Memory/CPU/IO]Pressure
  * Merge pull request #21582 from mrc0mmand/lgtm-uninitialized
  * Merge pull request #21607 from mrc0mmand/ci-install-libbpf
  * NEWS: add more entries for v250
  * meson: remove openssl dependency from repart
  * NEWS: add more entries for v250
  * NEWS: add more entries for v250
  * Merge pull request #21639 from yuwata/network-dhcp6pd-use-dhcp6_pd_prefix_acquired
  * Merge pull request #21646 from mrc0mmand/lgtm-followups
  * core: add StartUnitWithFlags DBUS method
  * Merge pull request #21667 from yuwata/resolve-do-not-re-read-settings-from-networkd-when-unmodified
  * meson: exclude .gitattributes when using install_subdir
  * Merge pull request #21731 from yuwata/test-62-bpf-framework
  * test: bump timeout for TEST-50-DISSECT and TEST-67-INTEGRITY
  * Merge pull request #21749 from nabijaczleweli/bashpsko
  * Merge pull request #21752 from keszybz/man-creds
  * Merge pull request #21769 from yuwata/home-fix-heap-use-after-free
  * Merge pull request #21784 from DaanDeMeyer/issue-21675
  * Merge pull request #21790 from keszybz/network-generator-always
  * logind: add a comment with a reminder why we don't use ProtrectProc=
  * Merge pull request #21808 from DaanDeMeyer/path-trigger-limit
  * man: fix typo in systemd.socket.5
  * path unit: add TriggerLimitBurst= and TriggerLimitIntervalSec=
  * Merge pull request #21831 from keszybz/man-dnssec-fixlets
  * NEWS: add note about path unit's TriggerLimitBurst= and TriggerLimitIntervalSec=
  * autopkgtest: install libdw and libelf for upstream test
  * Merge pull request #21858 from yuwata/fix-test-home
  * analyze: do not connect to DBUS with --offline
  * Merge pull request #21870 from keszybz/cleanup-and-comments
  * Merge pull request #21892 from yuwata/network-vxlan-automatic-local-address-selection
  * Merge pull request #21881 from yuwata/update-linux-headers
  * chrattr-util: return EOPNOTSUPP from chrattr_full if no other failure was observed
  * Merge pull request #21916 from medhefgo/boot-fix
  * core: do not touch /run/systemd/systemd-units-load from user session instances
  * Merge pull request #21925 from yuwata/unit-file-symlinked-drop-in-directory
  * Merge pull request #21898 from yuwata/meson-dbus-interfaces-dir
  * Merge pull request #21922 from medhefgo/boot-fix
  * dbus-wait-for-jobs: add extra_args to bus_wait_for_jobs_one()
  * systemd-run: ensure error logs suggest to use '--user' when appropriate
  * Merge pull request #21940 from yuwata/network-wireguard-mask-allowed-ips
  * Merge pull request #21985 from yuwata/elf-util-cleanups
  * Merge pull request #21990 from keszybz/indentation-and-comments
  * Merge pull request #21977 from systemd/wip/hadess/minipro-uaccess
  * Merge pull request #22044 from keszybz/minor-man-page-adjustments
  * Merge pull request #22028 from medhefgo/boot-cleanup
  * test: store empty files rather than symlinks for test-fstab-generator
  * Merge pull request #22070 from keszybz/rm-rf-wip
  * Merge pull request #22071 from keszybz/xdg-autostart-logs
  * Merge pull request #22082 from keszybz/no-update-if-nothing-to-update
  * Merge pull request #22086 from keszybz/nss-no-proc-cmdline
  * Merge pull request #22043 from medhefgo/boot-bitlocker
  * Merge pull request #22090 from mbiebl/units-oomd-alias
  * test: add partition IDs for s390x and ppc64el to TEST-50-DISSECT
  * test: do not assume x86-64 arch in TEST-58-REPART
  * Merge pull request #22106 from yuwata/dhcp6-broken-NTP
  * Merge pull request #22111 from medhefgo/boot-cleanup
  * Build with and suggest fido2 and tpm libraries
  * Disable libcryptsetup-plugins
  * Build-depend on libssl-dev
  * Merge pull request #22130 from keszybz/silence-gcc-warning-in-sd-device
  * Merge pull request #22136 from yuwata/network-wireguard-disable-adding-routes-to-allowed-ips-by-default
  * man: change 'allow[s] to' -> 'allow[s] one to'
  * systemd-stdio-bridge: add manpage
  * Update d/copyright listing for debian/*
  * d/copyright: remove unused GPL-2 stanza
  * d/watch: bump to version 4
  * d/control: drop redundant Section/Priority fields
  * d/control: extend descriptions of libudev and libsystemd
  * systemd-oomd: add dependency on adduser
  * systemd-oomd: fix description-synopsis-starts-with-article Lintian warning
  * systemd-standalone-*: copy manpages too
  * Lintian: ignore very-long-line-length-in-source-file
  * Lintian: ignore source-contains-data-from-ieee-data-oui-db
  * Merge pull request #22147 from keszybz/stdio-bridge-docs
  * Lintian: ignore systemd-service-file-missing-install-key
  * Lintian: ignore spare-manual-page
  * Lintian: ignore package-supports-alternative-init-but-no-init.d-script
  * Lintian: ignore package-contains-documentation-outside-usr-share-doc
  * Lintian: ignore current set of package-contains-empty-directory
  * Update Lintian override for systemd-service-file-refers-to-unusual-wantedby-target
  * Lintian: ignore systemd: shared-library-lacks-prerequisites false positive on EFI binary
  * Lintian: ignore maintainer-script-calls-systemctl in more packages
  * Lintian: ignore executable-not-elf-or-script false positives for EFI binaries
  * Lintian: ignore spellcheck false positives
  * Lintian: ignore hardening-no-fortify-functions for test binaries
  * Ignore blhc false positives
  * Merge pull request #22125 from DaanDeMeyer/copy-holes
  * Add d/gitlab-ci.yml
  * man: add more references for extensions to portablectl
  * Merge pull request #22153 from evverx/switch-to-bullseye
  * Merge pull request #22159 from medhefgo/boot-xbootldr
  * dissect-image: validate extension-release even if the host has only ID in os-release
  * core: refuse to mount ExtensionImages if the base layer doesn't at least have ID in os-release
  * sysext: use LO_FLAGS_PARTSCAN when opening image
  * Merge pull request #21865 from yuwata/network-sr-iov
  * Merge pull request #22195 from keszybz/more-specifiers
  * Add myself to Uploaders
  * core: add ExtensionDirectories= setting
  * portable: add support for ExtensionDirectories in --extension
  * Merge pull request #22231 from yuwata/resolve-synthesize
  * Merge pull request #22203 from brauner/2022-01-21.procsubset.pid
  * portable: add GetImageStateWithExtensions method
  * systemd-tests: ignore hardening-no-relro too
  * portable: add flag to return extension-releases in GetImageMetadataWithExtensions
  * core: do not restart a service with Restart=always when ExecCondition fails
  * NEWS: note breaking change w.r.t. Restart=always and ExecCondition=
  * Backport patches to fix build reproducibility
  * salsa-ci: enable repro builds
  * ci: enable dbgsym, as sometimes they are not reproducible and we want to catch it
  * Merge pull request #22251 from medhefgo/boot-cleanup
  * Update changelog for 250.3-2 release
  * test: rename service used in TEST-29-PORTABLE to avoid conflict
  * test: use mksquashfs -noappend
  * core: add clearer debug log when setting up ExecDirectories symlinks fails
  * core: do not attempt to add 'private' symlinks when RootImage/RootDirectory are used
  * Merge pull request #22276 from mrc0mmand/TEST-64-workaround
  * core: don't fail on EEXIST when creating mount point
  * Merge pull request #22274 from yuwata/resolve-comment
  * Merge pull request #22300 from yuwata/bus-fix-error-handling
  * Merge pull request #22316 from yuwata/network-mac-address-length
  * Merge pull request #22175 from keszybz/kernel-install-mkosi-initrd
  * Merge pull request #22331 from yuwata/network-xfrm-interface-id
  * Merge pull request #22341 from poettering/pam-end-fix
  * Merge pull request #22343 from poettering/assert-se-efi
  * core: warn on ExitType=cgroup with legacy cgroup setup
  * Merge pull request #22359 from yuwata/mkdir-fix
  * Merge pull request #22358 from yuwata/udevadm-test-support-dev-path-or-device-unit
  * core: use strextend instead of strextendf when possible
  * core: simply freeing list in job_free()
  * man: explicitly mention that Requires propagates restarts
  * Merge pull request #22408 from mrc0mmand/test-network-cleanup
  * portable: reopen socket with O_RDONLY
  * Merge pull request #22383 from yuwata/network-generator-keep-configuration
  * Merge pull request #22430 from yuwata/resolve-fix-memleak-and-use-after-free
  * meson: disable export-dbus-interfaces target when cross-compiling
  * Merge pull request #22458 from poettering/parse-safe-string
  * Merge pull request #22485 from poettering/cgroup-id-not-support
  * Merge pull request #22496 from yuwata/network-cleanups-keep-configuration
  * Merge pull request #22445 from lnussel/logind
  * Merge pull request #22506 from poettering/devnum-zero-btrfs-block-dev
  * Merge pull request #22498 from yuwata/cgroup-threaded-mode
  * Merge pull request #22546 from poettering/resolved-bus-error-reply-rework
  * mkosi CI: mask isc-dhcp-server units
  * watchdog: add setting to configure pretimeout governor
  * Merge pull request #19970 from curtistklein/watchdog-pretimeout-merge
  * Merge pull request #22582 from medhefgo/boot-input
  * Merge pull request #22615 from yuwata/network-dhcp-server-support-pxe-boot-systems
  * Merge pull request #22611 from yuwata/network-activation-policy-stacked-netdevs
  * Merge pull request #22389 from poettering/resolved-sysinit
  * Merge pull request #22625 from yuwata/network-tc-cleanups
  * Merge pull request #22627 from yuwata/network-l2tp-cleanups
  * Merge pull request #22522 from lnussel/fix_logind_restart
  * Build with dh_package_notes
  * NEWS: note GetMetadataWithExtensions backward incompatible change
  * TEST-29: do not pass -q to mk/unsquashfs, not supported on CentOS 8
  * TEST-29: do not pass -q to mk/unsquashfs, not supported on CentOS 8
  * core: create parent directory for mount point of ExtensionDirectories
  * test: set log level of user manager in TEST-43 to debug
  * core: support MountAPIVFS and RootDirectory in user manager
  * Merge pull request #22685 from bluca/user_root_dir
  * core: do not return 'skipped' when Condition*= fail with StartUnitWithFlags()
  * NEWS: note backward-incompatible change in StartUnitWithFlags()
  * core: split $MONITOR_METADATA and return it only if a single unit triggers OnFailure/OnSuccess
  * test: cover template OnFailure/OnSuccess handlers in TEST-68-PROPAGATE-EXIT-STATUS
  * NEWS: note backward-incompatible MONITOR_METADATA change
  * Merge pull request #22695 from poettering/crash-handle-refactor
  * Merge pull request #22682 from bluca/start_skip
  * core: support ExtensionDirectories in user manager
  * Merge pull request #22705 from mrc0mmand/pretty_hostname_specifier
  * Merge pull request #22701 from poettering/raise-memlock
  * Merge pull request #22631 from yuwata/network-redesign-request-queue
  * Merge pull request #22714 from mrc0mmand/codeql-docs
  * Merge pull request #22463 from poettering/kernel-install-propagate-machine-id
  * New upstream version 250.4
  * Update upstream source from tag 'upstream/250.4'
  * Drop patches merged upstream
  * Remove unneeded ${shlibs:Depends}
  * autopkgtest: add libdw-dev to unit-tests job
  * Update changelog for 250.4-1 release
  * Merge pull request #22727 from fbuihuu/journald-preserve-acl-when-rotating
  * Merge pull request #22730 from GeorgesStavracas/gbsneto/multimedia-stream-deck
  * Rebase patches on top of v250.4
  * Update changelog for 250.4-1 release
  * Merge pull request #22757 from DaanDeMeyer/bpf-error
  * Merge pull request #22746 from yuwata/home-cleanups
  * Merge pull request #22774 from poettering/nspawn-uidmap-fix
  * core: insist on sandboxing if ExtensionImages/Directories are configured
  * Add tests and documentation for all remaining sandboxing in user manager
  * Merge pull request #22799 from keszybz/man-spelling-and-crosslinks
  * Merge pull request #22798 from keszybz/test-output-narrow-and-timeouts
  * Merge pull request #22804 from mrc0mmand/test-tweaks
  * Merge pull request #22808 from poettering/openat-report-newly
  * Merge pull request #22821 from poettering/udev-tweaklets
  * NEWS: adjust MONITOR_ env vars paragraph
  * update NEWS
  * portable: clarify error when detach fails to match to existing unit
  * Merge pull request #22834 from yuwata/network-sriov-request-queue
  * docs: use native type instead of byte stream in COREDUMP_PACKAGE_METADATA
  * portable: allow reattaching when one image has a version and the other does not
  * NEWS: mention kernel requirement change 3.13 -> 3.15
  * NEWS: mention that C11 is now used
  * NEWS: specify that public headers are still C89
  * Merge pull request #22923 from poettering/userns-check-refactor
  * analyze: fix offline check for 'native' syscall architecture
  * analyze: fix offline check for syscal filter
  * Ignore libsystemd-core in dh_makeshlibs
  * Ignore libsystemd-core in dh_shlibdeps
  * Add libsystemd-core to shlibs.local.in
  * autopkgtest: update unit-config test for new relative symlinking
  * autopkgtest: install libnss packages for unit-tests suite
  * autopkgtest: install libnss packages for upstream suite
  * autopkgtest: install python3-pexpect and screen for upstream suite
  * autopkgtest: install swtpm and tpm2-tools for upstream suite
  * Merge pull request #22960 from mrc0mmand/use-udevadm-wait
  * Merge pull request #22953 from yuwata/test-sd-device
  * semaphoreci: check keys.opengpgp.org first
  * semaphoreci: run dhclient manually on setup
  * semaphoreci: speed up package installation
  * semaphoreci: move runner from Bionic to Focal
  * semaphoreci: skip boot-and-services test
  * core: taint if /usr is unmerged
  * semaphoreci: re-enable rebooting tests
  * core: fix dm-verity auto-discovery in MountImageUnit()
  * Merge pull request #23008 from poettering/loop-dissect-tweaks-safe
  * Merge pull request #22803 from medhefgo/boot-cflags
  * networkd-test: lazy umount tmp directories
  * Merge pull request #23100 from yuwata/network-fix-tunnel-address-parser
  * compression: add build-time option to select default
  * nspawn: fix locating config files with --ephemeral
  * nspawn: fix --ephemeral with --machine
  * compression: add separate pre-processor definitions
  * Merge pull request #23126 from keszybz/clone3-prohibit
  * Merge pull request #23206 from yuwata/meson-compression
  * meson: add install_tag to sd-boot, libsystemd and libudev
  * meson: add systemd-boot and systemd-stub build target aliases
  * stat-util: ignore hidden_or_backup_file when checking if dir is empty
  * analyze: fix crash with online security check
  * analyze security: print DeviceAllow list
  * mkosi: add shadow package to SUSE Tumbleweed
  * Update TODO
  * Merge pull request #23349 from eliasp/doc-typo
  * test: ignore LXC filesystem when checking for writable locations
  * man: improve VtableExample
  * Merge pull request #23337 from yuwata/sd-device-new-from-subsystem-sysname
  * NEWS: update contributors list
  * hwdb: run 'update-hwdb' for v251-rc3
  * New upstream version 251~rc3
  * autopkgtest: add allow-stderr to boot-and-services
  * autopkgtest: disable networkd in rebooting tests
  * autopkgtest: mark networkd-test.py as breaks-testbed
  * autopkgtest: ignore rng-tools-debian failure in boot-and-services
  * New upstream version 251~rc3
  * Drop sd-device-always-translate-sysname-to-sysfs-filename.patch, merged upstream
  * Rebase patches
  * Merge pull request #23382 from yuwata/resolve-fix-dnssd-assertion
  * Merge pull request #23378 from floppym/install-tags
  * Update lintian-overrides for false positives
  * Update changelog for 251~rc3-1 release
  * Backport removal of ndisc test case, breaks build on armhf/armel
  * Update changelog for 251~rc3-2 release
  * Merge pull request #23383 from yuwata/meson-suppress-warning
  * Merge pull request #23409 from keszybz/network-online-docs
  * Update TODO
  * Merge pull request #23412 from yuwata/network-bond-param
  * test: double timeout of TEST-50-DISSECT
  * dissect: ID from os-release should be non-empty, not just non-NULL
  * portable: reject root directories without an ID field in os-release
  * sd-bus: add comment and test in sd_bus_path_decode() for empty string
  * NEWS: update contributors list
  * hwdb: update via ninja -C build update-hwdb
  * NEWS: finalize
  * Merge pull request #23463 from bluca/hwdb
  * New upstream version 251
  * Update upstream source from tag 'upstream/251'
  * Merge pull request #23453 from keszybz/strv-parsing
  * Refresh patches
  * Revert manual removal of ndisc test case, merged upstream
  * Merge pull request #23342 from poettering/efi-monotonic-counter-random-seed
  * Merge pull request #23339 from poettering/sockaddr-size-limit
  * resolved: default to OpenSSL
  * Merge pull request #22550 from medhefgo/boot-mixed
  * Bump Standards-Version to 4.6.1, no changes
  * Update changelog for 251-1 release
  * Merge pull request #23465 from mrc0mmand/bump-actions-to-ubuntu-2204
  * Salsa CI: suppress lintian false positive on dbgsym
  * Update changelog for 251-2 release
  * Switch from gnutls to openssl
  * New upstream version 251.1
  * Update upstream source from tag 'upstream/251.1'
  * Add systemd-journal-remote.NEWS to inform about dropping --trust
  * Update changelog for 251.1-1 release
  * Merge pull request #23521 from keszybz/some-docs
  * Merge pull request #23527 from keszybz/esp-detect-xbootldr
  * Merge pull request #23536 from mrc0mmand/TEST-69-tweaks
  * Merge pull request #23504 from keszybz/bls-reordering
  * Merge pull request #23518 from enr0n/sd-hwdb-from-path
  * autopkgtest: add cryptsetup-initramfs for upstream suite
  * Add systemd-userdbd package
  * Add systemd-homed package
  * Merge pull request #23641 from keszybz/janitorials
  * Add systemd-boot-efi multiarch package
  * d/systemd.NEWS: fix typo
  * Update changelog for 251.2-3 release
  * Merge pull request #23680 from keszybz/boot-loader-counting
  * Merge pull request #23658 from keszybz/gcc-warnings-2
  * Merge pull request #23687 from yuwata/dns-domain-trivial-cleanups
  * Merge pull request #23708 from yuwata/update-kernel-headers
  * meson: add build targets for libudev, libsystemd and pkg-config
  * Merge pull request #23756 from yuwata/analyze-seccomp-filter
  * Remove unused Lintian overrides
  * Stop overriding the build directory name
  * Use execute_before_/after_ instead of override_
  * Add nodoc profile support
  * sd-boot: add kernel hooks scripts
  * Merge pull request #23918 from yuwata/dissect
  * bootctl: add --root and --image
  * bootctl: add --install-source=auto|image|host
  * Update TODO
  * Merge pull request #23731 from bluca/bootctl_image
  * Merge pull request #23940 from yuwata/core-extract-first-word
  * Merge pull request #23962 from keszybz/taint-flag-support-ended
  * mkosi: update to latest main
  * Merge pull request #23979 from DaanDeMeyer/nspawn-relative-paths
  * Merge pull request #23982 from medhefgo/boot-misc
  * Merge pull request #24002 from yuwata/network-hw-addr
  * libnss-systemd: also let userdbd manage passwords
  * homed: make PAM rules higher priority than unix users
  * Merge pull request #24001 from yuwata/network-lifetime-fix
  * Merge pull request #23640 from cerebro1/week1
  * Merge pull request #24014 from poettering/tmpfiles-extra-creds
  * Merge pull request #24084 from pothos/mask-sysext-docs
  * Merge pull request #24033 from dtardon/list-automounts
  * Merge pull request #24122 from yuwata/core-mount-bind-mount-on-nfs
  * portable: set PrivateTmp=yes in trusted profile too
  * Merge pull request #23875 from yuwata/resolve-mdns-fix-use-after-free
  * Merge pull request #24154 from yuwata/meson-fixups
  * Merge pull request #24146 from poettering/efi-stub-measure-payload
  * core: drop unused BUS_UNIT_QUEUE_RETURN_SKIP_ON_CONDITION_FAIL flag
  * integritysetup: do not use crypt_init_data_device after crypt_init
  * Merge pull request #24141 from DaanDeMeyer/dissect-umount
  * docs: add disabled PR template for code freeze
  * Split systemd-resolved into its own package which takes over /etc/resolv.conf
  * Update changelog for 251.3-2~exp1 release
  * Merge pull request #24216 from poettering/ispowerof2
  * Note in systemd.NEWS that resolved has moved to a new package
  * systemd-resolved: move conffile from systemd
  * Update changelog for 251.3-2~exp2 release
  * Merge pull request #24264 from DaanDeMeyer/mkosi-dirs
  * Merge pull request #24280 from mrc0mmand/fix-semaphore
  * Merge pull request #24301 from yuwata/network-tuntap
  * test: expect libdevmapper failure in TEST-50-DISSECT
  * bash-completion: autocomplete cgroup names in systemd-cgtop
  * Merge pull request #24350 from DaanDeMeyer/docs-pkexec
  * Merge pull request #24379 from mrc0mmand/llvm-15
  * resolved: use DPKG_ROOT and make postinst shellcheck-happy
  * Merge pull request #24385 from yuwata/hostname-chassis
  * Merge pull request #23893 from yuwata/core-mount-re-read-mountinfo
  * Merge pull request #24412 from keszybz/man-similarly
  * Merge pull request #24396 from poettering/no-more-dirname
  * Merge pull request #24254 from medhefgo/mold
  * test-63: convert to full shell script and generalize
  * glob: add glob_first(), returns first match
  * core: add basic infrastructure to record unit activation information
  * service: set TRIGGER_UNIT= and TRIGGER_PATH= on activation by path unit
  * service: set TRIGGER_UNIT= and TRIGGER_TIMER_REALTIME_USEC/MONOTONIC_USEC on activation by timer unit
  * Merge pull request #24370 from keszybz/sysusers-equivs
  * mkosi: use the just built systemd-sysusers instead of groupadd
  * mkosi: disable isc-dhcp-server again
  * mkosi: add back packages removed from OpenSUSE build
  * Merge pull request #24456 from yuwata/network-tcp-congctl
  * resolved: switch from .links to postinst/rm
  * Update Lintian overrides for new incompatible syntax
  * Update changelog for 251.4-2 release
  * resolv.conf: take backup as a fallback
  * Update changelog for 251.4-3 release
  * Merge pull request #24475 from yuwata/devpath
  * shellcheck/labeler: disable on systemd-security
  * Merge pull request #24530 from poettering/loop-with-more-lock
  * mkosi: update to latest commit
  * Merge pull request #24546 from mrc0mmand/test-exec-deserialization-tweaks
  * Merge pull request #24538 from mrc0mmand/TEST-13-tweaks
  * Merge pull request #15833 from AsamK/busctl_introspect_method_signature
  * man: add example with one-liner for ssh provisioning via tmpfiles.d + Creds
  * docs: mention tmpfiles.d in CREDENTIALS.md and add example
  * Merge pull request #24608 from bluca/example
  * TODO: drop support for unmerged-usr in H2 2023
  * Merge pull request #24620 from poettering/measure-tweaks
  * Merge pull request #24771 from poettering/destroy-pcr11
  * Merge pull request #24799 from poettering/initrd-ftw
  * Merge pull request #24811 from yuwata/build-without-openssl
  * Enable firstboot, disabled by default on Debian
  * resolved notifications: follow-up fixes
  * portablectl: add --force attach/detach
  * Merge pull request #24739 from keszybz/coredump-formatting
  * Merge pull request #24853 from poettering/resolved-monitor-fixes
  * Merge pull request #24749 from yuwata/dissect-image-file
  * Merge pull request #24829 from yuwata/blockdev-new-from-fd
  * Merge pull request #24878 from keszybz/condition-first-boot
  * Build and install libcryptsetup token plugins
  * repart: workaround spurious maybe-uninitialized warning
  * test-70: check if LUKS2 plugins are actually installed, not just supported
  * Merge pull request #23213 from bluca/jammy
  * TODO: tmpfiles.d m/M
  * Update NEWS
  * NEWS: typos
  * NEWS: more news
  * NEWS: even more news
  * Merge pull request #24877 from brauner/namespace_utils
  * NEWS: typos
  * NEWS: list contributors
  * Update hwdb
  * Merge pull request #22998 from DaanDeMeyer/journal-compact-split
  * Enable PR template for RC phase
  * meson: bump numbers for v252-rc1
  * Finalize changelog for v252-rc2
  * mkosi: update to latest commit
  * Merge pull request #24968 from poettering/logs-show-timestamp-fix
  * Merge pull request #24933 from keszybz/erradicate-strerror
  * Merge pull request #24957 from yuwata/network-ignore-failure-in-sending-solicitation
  * mount-util: do not pass 'x-*' options to mount syscall
  * os-util: split out extension-release xattr helper
  * portable: rename flag PORTABLE_FORCE -> PORTABLE_FORCE_ATTACH
  * portable: allow caller to override extension-release name check
  * Merge pull request #24934 from keszybz/remove-nss-lookup
  * Merge pull request #24883 from bluca/extrel_force
  * Merge pull request #25002 from poettering/install-type-fix
  * Merge pull request #25003 from DaanDeMeyer/mkosi-fixes
  * Merge pull request #24938 from msizanoen1/journald-harden-clock-jump
  * Merge pull request #25036 from keszybz/plurals
  * Merge pull request #25039 from mrc0mmand/test-tewaks
  * Merge pull request #25035 from keszybz/manager-method-names
  * Merge pull request #25004 from keszybz/transient-drop-ins
  * Merge pull request #25050 from keszybz/transient-drop-ins-2
  * Merge pull request #25056 from yuwata/sd-device-monitor-set-description
  * Merge pull request #25055 from keszybz/coredump-deadlock
  * Merge pull request #25068 from aafeijoo-suse/bash-completion-dissect
  * core: allow-list char-rtc with ProtectClock=yes only if needed
  * service: do fine-grained validation of CPUSchedulingPriority= at execution time
  * Revert "Fix issue with system time set back (#24131)"
  * Merge pull request #25077 from keszybz/completions-optional-components
  * Merge pull request #25081 from keszybz/test-local-addresses-fail
  * d/watch: switch to non-stable repo
  * gbp.conf: switch to d/experimental
  * New upstream version 252~rc2
  * Update upstream source from tag 'upstream/252_rc2'
  * Drop patches merged upstream
  * Refresh patches
  * Update symbols file
  * autopkgtest: update expected output of localectl
  * Update Lintian overrides
  * Update changelog for 252~rc2-1 release
  * mkosi: libbpf0 -> libbpf1
  * NEWS: update contributors list
  * Update hwdb
  * Update autosuspend hwdb
  * Merge pull request #25118 from bluca/rc2
  * New upstream version 252~rc3
  * Update upstream source from tag 'upstream/252_rc3'
  * Refresh patches
  * test-sd-device: check if /run/udev/ exists
  * test-condition: skip test if machine-id is missing
  * test-fs-util: do not fail if machine-id is missing
  * test-id128: do not fail if machine-id is missing
  * test-specifier: do not fail if machine-id is missing
  * test-unit-name: do not fail if machine-id is missing
  * test-execute: do not fail if machine-id is missing
  * test-load-fragment: do not fail if machine-id is missing
  * test/test-systemd-tmpfiles.py: do not fail if machine-id is missing
  * udev-test: use passwd instead of machine-id for checks
  * gh actions: run a unit test iteration without machine-id
  * Backport patches to fix tests without machine-id
  * Update changelog for 252~rc3-1 release
  * Revert "gbp.conf: switch to d/experimental"
  * Update changelog for 252~rc3-2 release
  * Merge pull request #25164 from yuwata/network-route-table-0
  * Use systemd-sysusers to setup systemd users and groups
  * tmpfiles: downgrade missing creds/source path log to debug
  * Revert "d/control: set minimum version for dh-package-notes"
  * Merge pull request #25197 from weblate/weblate-systemd-master
  * NEWS: update contributors list
  * Update NEWS with latest changes
  * Update hwdb
  * Merge pull request #25200 from bluca/news
  * Merge pull request #25202 from poettering/measure-phase-fix
  * Disable code freeze banner
  * Merge pull request #25166 from yuwata/network-router-preference
  * Merge pull request #25142 from yuwata/network-fix-race-in-device-renaming-vs-dhcp
  * Merge pull request #25136 from yuwata/udev-id-renaming
  * Merge pull request #25134 from medhefgo/macro
  * Merge pull request #24958 from Werkov/meson-generated-directives
  * New upstream version 252
  * Update upstream source from tag 'upstream/252'
  * Merge pull request #25092 from fbuihuu/random-seed-tweaks
  * Merge pull request #25143 from yuwata/network-reconfigure-interface-when-renamed
  * Drop patches merged upstream
  * libsystemd0: set symbols version to 252
  * man: fix typo found by Lintian
  * test: add +x to assert.sh
  * Drop unused lintian override
  * Update changelog for 252-1 release
  * Merge pull request #25207 from bluca/typo
  * Update changelog for 252-2 release
  * Merge pull request #25192 from yuwata/wait-online-altname
  * docs: DPS and BLS have moved to uapi-group.org
  * firstboot: fix segfault when --locale-messages= is passed without --locale=
  * Merge pull request #25246 from yuwata/udev-serial-by-id-symlinks
  * Merge pull request #25244 from yuwata/reboot-util-follow-ups
  * tmpfiles.d: do not fail if provision.conf fails
  * Backport patches to fix tmpfiles error and missing /dev/serial/by-id/usb-*
  * Drop :native suffix from python3-pyparsing build dependency
  * Merge pull request #25257 from fbuihuu/fix-test-execute-on-opensuse
  * Enable support for libqrencode
  * Update changelog for 252-3 release
  * Merge pull request #25107 from lucab/ups/sysusers-gid-check-username
  * Merge pull request #25286 from mrc0mmand/systemd-mount-test-fix
  * kernel-install: skip 50-depmod if depmod is not available
  * d/watch: switch back to stable repository
  * New upstream version 252.1
  * Update upstream source from tag 'upstream/252.1'
  * Drop patches merged upstream
  * Refresh patches
  * Suggest polkitd instead of policykit-1 (deprecated)
  * Update changelog for 252.1-1 release
  * Merge pull request #25300 from DaanDeMeyer/kernel-selftests
  * Merge pull request #25315 from poettering/dissect-mtree
  * Merge pull request #24813 from DaanDeMeyer/at-all-the-things
  * Merge pull request #25325 from yuwata/resolve-cap-per-link-setting-by-global
  * Merge pull request #25351 from crrodriguez/Wenum-int-mismatch
  * README: use https on one more link
  * Merge pull request #25268 from PeterCxy/fido2-preflight
  * tmpfiles: log at info level when some allowed failures occur
  * README: note Kconfig for verifying DDIs via MoK keys
  * Merge pull request #25361 from bluca/readme
  * Merge pull request #25319 from zx2c4-forks/krngseed
  * Merge pull request #25414 from zx2c4-forks/krngseed
  * Merge pull request #25379 from keszybz/update-doc-links
  * Merge pull request #25477 from yuwata/network-wifi-reconfigure-on-connect
  * repart: respect --discard=no also for block devices
  * portable: add a few more useful debug log messages
  * Merge pull request #25509 from enr0n/oomd-unpriv-container-fix
  * units: fix typo in Condition in systemd-boot-system-token
  * Merge pull request #25473 from yuwata/mount-tool-cleanups
  * Merge pull request #25498 from medhefgo/stub-splash
  * Merge pull request #25222 from medhefgo/stub-cmdline
  * Merge pull request #25496 from DaanDeMeyer/repart-optimize
  * Merge pull request #25532 from Werkov/fix-cgtop-args
  * Build depend on dh-package-notes, sequence was removed
  * New upstream version 252.2
  * Update upstream source from tag 'upstream/252.2'
  * Refresh patches
  * Update changelog for 252.2-1 release
  * GA: run development_freeze only on main repository
  * GA: do not run codeql on systemd-security
  * Merge pull request #25568 from yuwata/network-tiny-cleanups
  * Update TODO
  * test: double default image size
  * Merge pull request #25639 from jamacku/update-contributing
  * pid1: add env var to override default mount rate limit burst
  * Merge pull request #25633 from DaanDeMeyer/journald-another-ratelimit
  * Merge pull request #25513 from brauner/pivot_root.nspawn
  * Merge pull request #25638 from bluca/rate_limit_config
  * journald: fix build error
  * Merge pull request #25645 from yuwata/boot-fix-false-maybe-uninitialized
  * Merge pull request #25502 from keszybz/pam-namespace-add
  * Merge pull request #25651 from keszybz/man-halt
  * Merge pull request #25465 from DaanDeMeyer/repart-workspace
  * Merge pull request #25632 from keszybz/chroot-fix
  * Merge pull request #25707 from yuwata/sd-device-fix-double-free
  * Merge pull request #25692 from yuwata/resolve-rr-txt
  * Merge pull request #25615 from DaanDeMeyer/mkosi-kconfig
  * Merge pull request #25646 from yuwata/sd-id128-enomedium
  * Merge pull request #25375 from PeterCxy/fido2-fixups
  * manager: log unit/pid of sender when Reload() is called
  * manager: add option to rate limit daemon-reload
  * Merge pull request #25725 from keszybz/oom-policy-fixup
  * Merge pull request #25706 from yuwata/hwdb-pointing-stick
  * Merge pull request #25717 from bluca/reload
  * Manager: also log caller of daemon-reexec
  * Merge pull request #25387 from yuwata/core-fix-gc-logic
  * Merge pull request #25221 from enr0n/nic-rename-fallback
  * journal-remote: fix initialization of vacuum metrics
  * journal-remote: fix memory leak on initialization error
  * p11kit: switch to dlopen()
  * Update TODO
  * Enable p11kit
  * Merge pull request #25791 from keszybz/ukify-check-inputs
  * New upstream version 252.4
  * Update upstream source from tag 'upstream/252.4'
  * Refresh patches
  * Bump Standards-Version to 4.6.2, no changes
  * Update changelog for 252.4-1 release
  * Merge pull request #25814 from DaanDeMeyer/ukify
  * Merge pull request #25864 from yuwata/dissect-fix-mtree
  * Merge pull request #25910 from crrodriguez/wth_c2x
  * hwdb: remove spurious whitespace
  * man: note that DynamicUser=yes is incompatible with D-Bus
  * Merge pull request #25929 from poettering/resolvectl-loopback-fix
  * src/shared/: split AF_UNIX/AF_VSOCK address parsing into src/basic/
  * sd_notify: support AF_VSOCK
  * creds: import 'vmm.notify_socket' and use it to set
  * Update TODO
  * Merge pull request #25936 from poettering/emergaction-fix
  * Merge pull request #25915 from poettering/arm-timer-rel
  * Merge pull request #25986 from yuwata/test-netlink
  * Merge pull request #26014 from yuwata/network-l2tp-fixes
  * Merge pull request #26023 from keszybz/man-page-updates
  * docs/man: remove reference to default vsock CID
  * Merge pull request #26051 from YHNdnzj/systemctl-list-dependencies-type
  * Merge pull request #26054 from aplanas/fix_user_creds
  * Merge pull request #26071 from yuwata/network-dhcp-quick-ack
  * Merge pull request #26081 from yuwata/udev-symlink-remove
  * core: add GetUnitByPIDFD method and use it in systemctl
  * man: note that cgroup-based sandboxing is not bypassed by '+'
  * Merge pull request #23706 from medhefgo/efi-clang
  * Merge pull request #26103 from lnussel/bootctl
  * Merge pull request #26105 from yuwata/network-config-parse-address-make-prefix-length-full
  * Merge pull request #26115 from yuwata/test-fix-memleak-fdleak
  * process-util: add helper to verify a pid via its pidfd
  * sd-login: add sd_pidfd_* APIs
  * Merge pull request #23309 from DaanDeMeyer/log-context
  * Merge pull request #26146 from keszybz/two-man-page-tweaks
  * Merge pull request #26147 from keszybz/silence-gcc-13-warning
  * Merge pull request #25805 from yuwata/locale-xkb-save-vconsole
  * Merge pull request #26157 from medhefgo/meson
  * core: ensure init.scope is realized after drop-ins have been loaded
  * Merge pull request #26162 from YHNdnzj/machinectl-check-target-enabled
  * Merge pull request #26110 from medhefgo/boot-no-gnu-efi
  * NEWS: add list of contributors
  * Update hwdb
  * meson: bump numbers for v253-rc1
  * docs: drop manual rc PR warning step
  * docs: update instructions for translation strings
  * Update NEWS
  * locale: rename new XKB variables to match Debian/Ubuntu's
  * Merge pull request #26184 from keszybz/cleanups
  * NEWS: update date and location
  * autopkgtest: add netlabel-tools to networkd-test.py suite
  * autopkgtest: add bsdutils to upstream suite
  * autopkgtest: add knot, knot-dnsutils, bind9-dnsutils, bind9-host to upstream suite
  * autopkgtest: add jq to upstream suite
  * autopkgtest: add mtools to upstream suite
  * autopkgtest: add erofs-utils to upstream suite
  * Merge pull request #26193 from aafeijoo-suse/cryptenroll-unlock-fido2-device-man-and-bash-completion-fix
  * Merge pull request #26192 from mrc0mmand/fix-errno-check
  * Merge pull request #26195 from mrc0mmand/update-uapi
  * Merge pull request #26179 from medhefgo/boot-no-gnu-efi
  * New upstream version 252.5
  * Update upstream source from tag 'upstream/252.5'
  * Drop patches merged in v252.5
  * Refresh patches
  * Set default status format to 'combined'
  * Update changelog for 252.5-1 release
  * New upstream version 253~rc1
  * Fix boot-and-services autopkgtest
  * Update changelog for 252.5-2 release
  * Update upstream source from tag 'upstream/253_rc1'
  * Merge pull request #25374 from yuwata/sleep-fixlets
  * gbp.conf: set upstream-branch to upstream/252.x
  * Merge pull request #26287 from medhefgo/mkosi-auto-enroll
  * man: add page for systemd-ac-power
  * Merge pull request #26269 from keszybz/sysusers-empty-etc-and-improved-messages
  * Merge pull request #26180 from ddstreet/tpm2_cleanup
  * NEWS: update for v253-rc2
  * hwdb: update
  * hwdb: update autosuspend db
  * NEWS: update contributors list
  * NEWS: update date
  * NEWS: fix typo
  * Merge pull request #26302 from bluca/rc2
  * Merge pull request #26335 from keszybz/dns-not-found
  * Merge pull request #26336 from poettering/journal-etoomanyrefs
  * Merge pull request #26337 from poettering/journal-display-ts
  * cryptenroll: do not implicitly verify with default tpm policy signature
  * core: imply DeviceAllow=/dev/tpmrm0 with LoadCredentialEncrypted
  * NEWS: copy future incompatible changes notice from 252
  * Merge pull request #26350 from keszybz/reload-messages
  * NEWS: note about future implicit PrivateUsers= in user units
  * systemd: make /etc/default/locale a symlink to /etc/locale.conf
  * Update timedated autopkgtest
  * Drop patches merged upstream
  * Drop Don-t-enable-audit-by-default.patch
  * Drop Use-Debian-specific-config-files.patch, no longer needed
  * systemd-boot-system-token was renamed to systemd-boot-random-seed
  * Add new libsystemd symbols
  * Update Lintian override for new so bump
  * Remove systemd-localed drop-in, no longer needed
  * Drop udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch and use a drop-in
  * Drop Re-enable-journal-forwarding-to-syslog.patch and use a drop-in
  * Drop TuxOnIce out-of-tree patch
  * Drop autopkgtest denylist patches
  * Drop Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch, we now use the unified hierarchy
  * Drop Let-graphical-session-pre.target-be-manually-started.patch, not used anymore
  * Refresh patches
  * gbp.conf: set debian-branch to debian/experimental
  * Do not install repart/shutdown standalone binaries
  * Build with libxen-dev
  * Do not install ukify script for now
  * Merge pull request #26225 from qdeslandes/fix_delegate_cgroup_logs_filtering
  * Merge pull request #26354 from bluca/news
  * New upstream version 253~rc2
  * Merge pull request #26366 from yuwata/nss-myhostname
  * units: change assert to condition to skip running in initrd/os
  * Merge pull request #26377 from keszybz/doc-fixups-2
  * locale: disable keymap support
  * d/watch: use main repository
  * Update upstream source from tag 'upstream/253_rc2'
  * Refresh patches
  * Update NEWS file
  * Update changelog for 253~rc2-1 release
  * Update timedated autopkgtest
  * Stop supporting /etc/timezone
  * README: explicitly note that util-linux's mount/swap are required
  * NEWS: note that we require a swapon that supports --fixpgsz
  * Merge pull request #26387 from bluca/swapon_util_linux
  * NEWS: update contributors list
  * hwdb: update database
  * NEWS: update date
  * New upstream version 253~rc3
  * Update upstream source from tag 'upstream/253_rc3'
  * Refresh patches
  * Update changelog for 253~rc3-1 release
  * systemd-boot: update on package upgrade, if installed
  * Merge pull request #26417 from yuwata/sysusers-root-group
  * cryptsetup: do not assert when unsealing token without salt
  * NEWS: update contributors list
  * hwdb: update
  * Merge pull request #26427 from bluca/hwdb
  * NEWS: finalize
  * Merge pull request #26410 from DaanDeMeyer/xattr-symlink
  * Merge pull request #26213 from poettering/journal-rework-seqnum
  * Merge pull request #26307 from yuwata/test-execute-credentials
  * core: add support for Startup memory limits
  * New upstream version 253
  * Update upstream source from tag 'upstream/253'
  * d/watch: switch back to stable repository
  * Update symbols file
  * Update changelog for 253-1 release
  * Override Lintian warning in systemd-coredump
  * mkosi: configure multiarch libdir in debian/ubuntu builds
  * Merge pull request #26435 from poettering/pid1-seccomp-disable-fix
  * d/watch: restrict to v252.x for bookworm
  * New upstream version 252.6
  * Update upstream source from tag 'upstream/252.6'
  * Refresh patches
  * Update changelog for 252.6-1 release
  * Merge pull request #26341 from DaanDeMeyer/chase-fixes
  * Merge pull request #26463 from DaanDeMeyer/hacking
  * man: document DefaultStartupMemoryLow=
  * Merge pull request #26349 from yuwata/safe-fork-rearrange-stdio
  * manager: add GetMallocInfo() hidden/debug method
  * analyze: add 'malloc' verb to dump malloc_info()
  * Merge pull request #26217 from bluca/dump_mem
  * Merge pull request #26409 from yuwata/parse-timestamp
  * systemd-boot: enable on install
  * tests: temporarily disable time-util failing tests
  * Merge pull request #26605 from poettering/noxenix
  * Merge pull request #26608 from medhefgo/boot-arm
  * systemd-boot: hide bootctl output in postinst checks
  * Update changelog for 252.6-1 release
  * Merge pull request #26548 from poettering/user-record-ambient
  * Merge pull request #26393 from poettering/mempress
  * Merge pull request #26632 from poettering/dissect-arch-nspawn
  * Merge pull request #26627 from mrc0mmand/TEST-17-tweaks
  * Merge pull request #26628 from msizanoen1/utf8-quote-valid
  * kernel-install: use log_verbose everywhere
  * kernel-install: also try to find $BOOT by partition GUID
  * Merge pull request #26649 from yuwata/parse-timstamp
  * Merge pull request #26646 from poettering/nspawn-private
  * Merge pull request #26687 from yuwata/c2x
  * Merge pull request #26502 from DaanDeMeyer/chase-symlinks-additions
  * Merge pull request #26686 from yuwata/iovec
  * Merge pull request #26648 from bluca/kernel_install_guid
  * Merge pull request #26695 from poettering/dissect-mount-helper
  * Merge pull request #26706 from jengelh/master
  * core: log message when reloading finishes
  * Merge pull request #26716 from mrc0mmand/more-tests
  * Merge pull request #26711 from keszybz/man-page-stuff
  * Merge pull request #26656 from yuwata/mkdir-error-code
  * Merge pull request #26119 from kraxel/uki.install
  * Merge pull request #26731 from yuwata/mempressure-follow-ups
  * Merge pull request #26734 from mrc0mmand/test-followups
  * test: run script from /tmp, not /run
  * New upstream version 252.7
  * Update upstream source from tag 'upstream/252.7'
  * Refresh patches
  * Update changelog for 252.7-1 release
  * Merge pull request #26772 from yuwata/time-util-adjust-formattable-timestamp-max
  * log: add iov helpers for log_context
  * core: append LogExtraFields= values to log_unit* messages
  * Merge pull request #26683 from YHNdnzj/systemctl-shutdown-when
  * Merge pull request #26808 from keszybz/no-controllers-followup
  * Merge pull request #26815 from keszybz/cgls-no-xattrs-by-default
  * core: make the memory pressure cgroup path writable when ProtectControlGroups=yes
  * Merge pull request #26825 from keszybz/log-message-fix
  * Merge pull request #26804 from fbuihuu/fixes-for-test-58-repart
  * Merge pull request #26835 from poettering/userdb-modernizations
  * doc: update ELF_PACKAGE_METADATA to use linker flag instead of manual script
  * Merge pull request #26949 from DaanDeMeyer/xopenat-reopen
  * Merge pull request #26935 from keszybz/test-parse_aux
  * Merge pull request #26870 from fbuihuu/move-unit-tests-in-a-dedicated-subdir
  * env: add load_env_file_pairs_fd()
  * strv: add helper to find value in key/value pairs from list of keys
  * portable: use parse_env_file_fd to keep FD valid
  * portable: include base and extension images in log fields
  * portable: add PORTABLE_NAME_AND_VERSION= and other metadata to LogsExtraFields=
  * portablectl: display sysext-specific fields
  * os-release: add 'SYSEXT_' fields for version/id
  * Merge pull request #26941 from bluca/portable_version
  * Merge pull request #27030 from keszybz/bustctl-show-property-values-in-full
  * Merge pull request #27042 from fbuihuu/fixes-for-testsuite-74-mount
  * man: fix shellcheck warning for html.in
  * test: fix shellcheck warnings in test-sysusers.sh
  * test: do not remove state directory on failure
  * Merge pull request #27020 from 1awesomeJ/nit
  * rename extension-release.[c|h] -> extension-util.[c|h]
  * sysext: stop storing under /usr/lib[/local]/extensions/
  * sysext: validate that they do not contain os-release
  * Revert "test: add more testcases for rm_rf()"
  * Revert "rm-rf: also chmod() directory if it cannot be opened"
  * Merge pull request #27074 from bluca/revert_rm
  * man: further shorten print-unit-path example
  * man: add example for sd_bus_call_method
  * Merge pull request #27072 from bluca/man_example
  * Merge pull request #27075 from mrc0mmand/test-tweaks
  * Merge pull request #27096 from YHNdnzj/networkctl-modernize
  * Merge pull request #27114 from keszybz/trivial-cleanups
  * cryptsetup: fix build without TPM2
  * ci: do one build with no tpm/p11kit/fido2
  * Merge pull request #27154 from DaanDeMeyer/kconfig
  * Merge pull request #26013 from goenkam/maanya/syscfg-feature
  * Merge pull request #27182 from mrc0mmand/test-tweaks
  * Merge pull request #27165 from poettering/fdstore-envvar
  * Uphold/StopWhenUnneeded/BindsTo: add retry timer on rate limit
  * Uphold/StopWhenUnneeded/BindsTo: requeue when job finishes
  * systemd-confext: mount confexts as noexec and nosuid
  * Merge pull request #27244 from bluca/uphold_retry
  * user units: implicitly enable PrivateUsers= when sandboxing options are set
  * Merge pull request #27144 from enr0n/fix-scope-timer-on-coldplug
  * Merge pull request #27265 from dtardon/memleak
  * Merge pull request #27266 from dtardon/take-struct
  * Merge pull request #27269 from poettering/statx-dont-sync
  * Merge pull request #27273 from mrc0mmand/test-generators
  * Merge pull request #27298 from mrc0mmand/test-async-tweaks
  * creds: make available to all ExecStartPre= and ExecStart= processes
  * Merge pull request #27349 from mrc0mmand/codespell
  * mkosi: remove ?priority(required) from debian pkg list
  * man: add working example to LogControl1 manpage
  * man: clarify sd_bus_default
  * mkosi: delete /etc/resolv.conf to let tmpfiles handle it
  * mkosi: move debian/ubuntu common conf under common directory
  * mkosi: move debian/ubuntu ignore preset to config directory
  * mkosi: add tmpfiles to create debian/ubuntu /etc/default/locale link
  * stub: add comment on measurement of io.systemd.stub.kernel-cmdline-extra
  * pam_systemd_home: clean up sd-bus when called about something else's user
  * pam: cache sd-bus separately per module
  * man: fix LogControl1 manpage example
  * sd-bus: check for pid change before closing
  * Merge pull request #27386 from dtardon/test-cleanup
  * macro: add helper for module origin id
  * sd-bus: store and compare per-module static origin id
  * sd-journal: store and compare per-module static origin id
  * sd-event: store and compare per-module static origin id
  * pam: do not attempt to close sd-bus after fork in pam_end()
  * portablectl: add --extension to bash completion
  * coredump filter: fix stack overflow with =all
  * ukify: allow building PE addon
  * coredump filter: add mask for 'all' using UINT32_MAX, not UINT64_MAX
  * test: add coverage for CoredumpFilter=all
  * Merge pull request #27421 from bluca/coredump_filter
  * Merge pull request #27355 from fbuihuu/kbd-improve-vc2x11-conversion
  * Merge pull request #26877 from yuwata/fuzz-journal-remote
  * Merge pull request #27346 from poettering/pam-fixes
  * Merge pull request #27440 from yuwata/reflink-follow-ups
  * Merge pull request #27437 from mrc0mmand/pstore
  * Merge pull request #27451 from yuwata/core-path-trigger-notify
  * coredumpctl: fix bash completion matching
  * coredumpctl: add --file/--root/--image to bash completion
  * Merge pull request #27442 from DaanDeMeyer/presets
  * generators: skip private tmpfs if /tmp does not exist
  * Merge pull request #27529 from DaanDeMeyer/kernel-top
  * Merge pull request #27536 from dtardon/checked-fd-parsing
  * Merge pull request #27527 from mrc0mmand/fuzz-manager-serialize
  * Merge pull request #26357 from ddstreet/tpm2_policy_session
  * Merge pull request #27539 from esposem/ukify_pesign
  * Merge pull request #27633 from DaanDeMeyer/repart-dropin
  * Merge pull request #27634 from mrc0mmand/TEST-13-shenanigans
  * Merge pull request #27571 from DaanDeMeyer/mkosi
  * Merge pull request #27605 from YHNdnzj/dbus-activation-followup
  * Merge pull request #27640 from mrc0mmand/more-tests
  * Merge pull request #27644 from mrc0mmand/fuzz-nspawn
  * integration test: pass 'noresume' to qemu
  * ratelimit: add ratelimit_left helper
  * manager: restrict Dump*() to privileged callers or ratelimit
  * Merge pull request #27438 from bluca/dump_ratelimit
  * man: use setlogmask in LogControl1 example
  * Merge pull request #27739 from dtardon/test-session-properties
  * stub: measure SMBIOS kernel-cmdline-extra in PCR12
  * efi: move get_dropin_dir to util.c
  * efi: support passing empty cmdline to mangle_stub_cmdline()
  * Merge pull request #27761 from yuwata/network-vlan-qos-mapping
  * efi: set EFIVAR to stop Shim from uninstalling its protocol
  * stub/measure: document and measure .uname UKI section
  * elf2efi: add parameter to increase reserved space for headers
  * elf2efi: ensure minimum gap between .text and other sections
  * ukify: use empty stub for addons
  * ukify: add default .sbat section for addons
  * stub: allow loading and verifying cmdline addons
  * TODO: remove fixed item
  * nspawn: restore cross-architecture booting
  * gpt/DPS: alias amd64 to x86-64 and aarch64 to arm64
  * gpt/DPS: add more aliases for python's machine
  * Merge pull request #27835 from keszybz/test-58-repart-modernization
  * Merge pull request #27519 from yuwata/journalctl-fixes
  * Merge pull request #27840 from mrc0mmand/gcc-13
  * Merge pull request #27853 from keszybz/various-bits-and-pieces-included-to-reuse-the-ci-run
  * Merge pull request #27858 from mrc0mmand/followups
  * Merge pull request #27848 from keszybz/man-page-fixes
  * Merge pull request #27903 from mrc0mmand/test-followups
  * Merge pull request #27904 from DaanDeMeyer/lsm
  * Merge pull request #27926 from DaanDeMeyer/repart-offline
  * tests: fix shellcheck warnings
  * Merge pull request #27938 from keszybz/ukify-build-verb
  * Merge pull request #27958 from mrc0mmand/test-functions-tweaks
  * Merge pull request #27712 from ddstreet/tpm2_simplify_srk
  * Merge pull request #26848 from yuwata/kernel-install
  * Merge pull request #26059 from DaanDeMeyer/cred-glob
  * test-execute: add unit tests for *DirectorySymlink=
  * serialize: add deserialize_strv helper
  * man: 'flag' parameter in portable1 spec is now used
  * New upstream version 252.11
  * Update upstream source from tag 'upstream/252.11'
  * Refresh patches
  * Update changelog for 252.11-1 release
  * Add systemd-dev package for pkg-config files
  * Update changelog for 253-2 release
  * meson: add systemd.pc and udev.pc to 'devel' target/tag
  * portable: do not extract empty unit files
  * portable: make sure to fsync after extracting/copying
  * Merge pull request #27952 from mrc0mmand/drop-TEST-61
  * systemd-dev: add missing breaks/replaces with udev
  * Merge pull request #28036 from medhefgo/meson
  * Merge pull request #28038 from mrc0mmand/cleanups
  * core: fix post-fork memory leak
  * Merge pull request #28053 from mrc0mmand/assorted-fixes
  * Merge pull request #23391 from yuwata/meson-bump-required-version
  * portable: fix silly typo in D-Bus interface name
  * portablectl: fix using --force when no --extension is passed
  * Merge pull request #28049 from bluca/portablectl_flags
  * TEST-55-OOMD: use /run/ for configuration instead of /etc/
  * TEST-55-OOMD: improve ephemeral configuration readability
  * Merge pull request #28060 from mrc0mmand/remote-journal-tests
  * journal: avoid infinite recursion when closing bad journal FD
  * Merge pull request #28069 from medhefgo/boot-dp
  * Merge pull request #28074 from mrc0mmand/journal-gatewayd-followups
  * Merge branch 'debian/experimental' into debian/master
  * Update changelog for 253-3 release
  * Merge pull request #28082 from mrc0mmand/more-journal-remote-tests
  * Merge pull request #28109 from mrc0mmand/more-journal-shenanigans
  * Merge pull request #28127 from poettering/coredump-loop-read
  * Merge pull request #28123 from poettering/threads-no-more
  * Merge pull request #28140 from mrc0mmand/more-coverage
  * Stop localed from writing to /etc/default/keyboard and symlink it to /etc/vconsole.conf
  * TEST-55-OOMD: use 'stress' to create high pressure
  * TEST-55-OOMD: use swap file instead of partition
  * Update changelog for 253-4 release
  * Merge pull request #28149 from mrc0mmand/test-machinectl-bump-container-size
  * Merge pull request #28064 from bluca/test_oomd_swap
  * NEWS: fix typos
  * NEWS: copy deprecation notices for cgroup v1 and unmerged-usr/split-usr
  * NEWS: move PrivateUsers= change at the top, as it changes behaviour
  * NEWS: do not make specific promises about future development, keep it vague
  * NEWS: mention addon<efi>.efi.stub
  * NEWS: mention that sd_event_trim_memory can be overridden
  * NEWS: typos
  * Merge pull request #28164 from poettering/replace-env-var-fixes
  * Merge pull request #28178 from mrc0mmand/nss-tests
  * Merge pull request #28191 from yuwata/network-ipv6-privacy-extensions
  * Merge pull request #28138 from pkern/oci-dhcpv6
  * ukify: merge .sbat sections from stub and kernel
  * boot: measure .sbat section
  * Merge pull request #28187 from bluca/sbat
  * New upstream version 253.5
  * Update upstream source from tag 'upstream/253.5'
  * Refresh patches for 253.5
  * Update changelog for 253.5-1 release
  * Merge pull request #28226 from mrc0mmand/coverity-fixes
  * Merge pull request #28230 from yuwata/network-wait-address-configure
  * Merge pull request #28207 from poettering/initrd-creds
  * ukify: enable --sbat for UKIs too
  * ukify: measure sbat section too
  * Merge pull request #28255 from yuwata/sd-device-fix-clone
  * Merge pull request #28258 from poettering/boot-feature-catchup
  * Merge pull request #28274 from DaanDeMeyer/dissect-root
  * Merge pull request #28242 from berrange/cond-sec-cvm
  * Merge pull request #20425 from Blarse/passwdqc-pr
  * Merge pull request #27584 from rphibel/add-restartquick-option
  * NEWS: rearrange deprecation notices from more imminent to less imminent
  * Update NEWS for latest changes
  * NEWS: update contributors list
  * Update translation files
  * meson: bump versions for v254-rc1
  * NEWS: finalize for 254-rc1
  * d/watch: watch main repository
  * gbp: set branch to d/experimental
  * New upstream version 254~rc1
  * Update upstream source from tag 'upstream/254_rc1'
  * Refresh patches for v254-rc1
  * Drop build dependency on gnu-efi and add python3-pyelftools
  * Install new libsystemd.3 manpage
  * Install new mount.ddi alias for sd-dissect
  * Update symbols file for 254
  * Update Lintian overrides for systemd-tests
  * autopkgtest: find test-udev in new location
  * Update changelog for 254~rc1-1 release
  * NEWS: mention that gnu-efi is no longer required
  * NEWS: mention that meson 0.60 is now required
  * README: mention that meson 0.60 is now required
  * test: add +x to generator-utils.sh
  * typo: dont -> don't
  * test: remove +x from some units
  * Merge pull request #28295 from eworm-de/zsh-soft-reboot
  * shell-completion: add soft-reboot to bash
  * shell-completion: add whoami to bash
  * shell-completion: add show-cache to bash
  * Backport patch to fix fuzz test without cgroup access
  * Update changelog for 254~rc1-2 release
  * Restrict pyelftools to UEFI-enabled architectures and drop explicit meson settings
  * Update changelog for 254~rc1-3 release
  * fuzz: switch fuzz-manager-serialize to MANAGER_TEST_RUN_MINIMAL
  * Backport patches to fix FTBFS on mipsel, ia64, x32
  * d/rules: explicitly disable EFI on x32
  * Update changelog for 254~rc1-4 release
  * Merge pull request #28321 from YHNdnzj/hibernate-resume-compare-dev
  * efi: skip libefitest if 'bootloader' is explicitly set to false
  * Bump dependency on Meson to 0.60
  * test: mount_option_supported() returns EAGAIN when new mount API is not supported
  * Print ssize_t as %zd
  * Cast st_dev to dev_t when printing
  * process-util: use clone2 on ia64
  * sleep: fix unused variable warning
  * Merge pull request #28308 from bluca/casting
  * sd-gpt: add missing SD_GPT_*NATIVE* defines for mips/mips64/parisc
  * test-fstab-generator: use test_env
  * Merge pull request #28368 from mrc0mmand/test-fail-on-error
  * homed: make all pam_prompt strings translatable
  * po: add homed file and regenerate pot
  * Merge pull request #28380 from bluca/homed_translate
  * Merge pull request #26365 from dtardon/multiple-polkit-calls
  * Merge pull request #28355 from yuwata/unit-skip-battery-check-by-kernel-command-line
  * upstream-ci: install libdw and libelf for boot-and-services too
  * upstream-ci: add libssl-dev to autopkgtest upstream suite
  * upstream-ci: add nftables
  * upstream-ci: add 'stress' to the upstream testsuite dependency list
  * tests/upstream: install curl
  * tests/upstream: bump timeout by 10 minutes
  * Merge pull request #28301 from berrange/cvm-lockdown
  * Merge pull request #28370 from ldv-alt/cname
  * Merge pull request #28387 from yuwata/network-route-table-name
  * Merge pull request #28097 from goenkam/maanya/dissect-tool-support-for-confext
  * Merge pull request #28401 from keszybz/set-console-size
  * Merge pull request #27867 from keszybz/vconsole-reload-again
  * Update hwdb
  * NEWS: update contributors list
  * Update NEWS with latest changes
  * Merge pull request #28405 from bluca/rc2
  * Update NEWS for v254-rc2
  * New upstream version 254~rc2
  * Update upstream source from tag 'upstream/254_rc2'
  * Drop patches merged upstream
  * Refresh patches for v254-rc2
  * Update changelog for 254~rc2-1 release
  * gpt: it's __mips64, not __mips64__
  * sd-gpt: __mips__ is also defined when building __mips64
  * Backport two more mips64 fixes from upstream
  * Update changelog for 254~rc2-2 release
  * efi: add assert to silence coverity
  * glob-util: add assert to silence coverity
  * bus: add some minimal bounds check on signatures
  * gbp.conf: switch back to d/master
  * Update changelog for 254~rc2-3 release
  * Drop Suggests on transitional policykit-1 package
  * Merge pull request #28425 from weblate/weblate-systemd-master
  * test: exit early from TEST-70-TPM2 on ppc64el
  * core: copy the host's os-release for /run/host/os-release
  * man: explicitly note that units surviving soft-reboot should not pin resources
  * NEWS: note that /run/host/os-release is available more broadly
  * Merge pull request #28445 from bluca/run_host_release
  * Drop autopkgtest dependency on transitional policykit-1 package
  * run: disable --expand-environment by default for --scope
  * NEWS: note that sd-run --expand-environment will change
  * Revert "test: test new systemd-dissect --attach/--detach/--loop-ref= and /dev/loop/* symlinks"
  * Revert "udev: add /dev/loop/ symlinks"
  * core: add IgnoreOnSoftReboot= unit option
  * Merge pull request #26541 from DaanDeMeyer/xfs-whitespace-fix
  * Merge pull request #28487 from yuwata/statx-fixlets
  * Revert "core: add IgnoreOnSoftReboot= unit option"
  * Ship ukify in systemd package
  * switch-root: use MS_REC for /run, unless we are soft-rebooting
  * softreboot: ensure all processes are killed
  * Update NEWS
  * Merge pull request #28497 from bluca/run
  * Merge pull request #28498 from bluca/softreboot
  * hwdb: run update-hwdb
  * NEWS: update contributors list
  * NEWS: update for rc3
  * New upstream version 254~rc3
  * Update upstream source from tag 'upstream/254_rc3'
  * Drop patches merged upstream
  * Refresh patches
  * Update changelog for 254~rc3-1 release
  * vconsole-setup: don't fail with an empty keymap
  * mkosi: set default-keymap='' on Debian/Ubuntu
  * ukify: enable only on UEFI architectures
  * Update changelog for 254~rc3-2 release
  * Merge pull request #28505 from bluca/vconsole_debian
  * ukify: fix armv7 architecture mapping
  * Backport patch to fix FTBFS on armhf
  * Add workaround for Meson regression to fix FTBFS on mips64el
  * Update changelog for 254~rc3-3 release
  * pam: lower warning about closing sd-bus after fork
  * mkosi: add drop-in to make emergency.service shut down the system
  * efi: link with -z nopack-relative-relocs
  * mkosi: install sd-boot on opensuse in base image
  * Merge pull request #28518 from yuwata/fstab-generator-fixes
  * Merge pull request #28540 from DaanDeMeyer/getty-credentials
  * hwdb: run update-hwdb
  * NEWS: mention agetty/login credentials
  * Merge pull request #28543 from bluca/hwdb
  * NEWS: update contributors list
  * NEWS: mention that fsck will be ran for systemd.mount-extra=
  * NEWS: finalize for v254
  * Merge pull request #27621 from esposem/ukify_read
  * Merge pull request #28417 from bluca/coverity
  * Merge pull request #28430 from keszybz/cleanups
  * Merge pull request #28527 from medhefgo/boot-stack-guard
  * Merge pull request #28360 from keszybz/pointingstick-accel-drop
  * Merge pull request #28335 from ssahani/dhcp4-route-option
  * New upstream version 254
  * Update upstream source from tag 'upstream/254'
  * Drop patches merged upstream
  * d/watch: switch back to stable repository
  * Refresh patches
  * Update changelog for 254-1 release
  * Merge pull request #28551 from mrc0mmand/unit-cleanup-set
  * test-execute: measure and log time elapsed while running tests
  * Drop split-usr and unmerged-usr support
  * test-execute: count and log the number of individual tests actually executed
  * Merge pull request #28552 from bluca/test_execute
  * Merge pull request #28391 from ssahani/rp-filter
  * docs: note that Github Pages configuration has to be updated after a release
  * NEWS: open for v255 business
  * socket-util: add send/receive helpers for FD array
  * serialize: add serialize_bool_elide() helper
  * Merge pull request #28508 from yuwata/network-next-dhcp4
  * Merge pull request #28557 from bluca/utils
  * Merge pull request #28571 from yuwata/network-address-next-part1
  * Merge pull request #28574 from yuwata/network-queue-next
  * Merge pull request #28428 from ldv-alt/ERRNO_IS
  * Merge pull request #28567 from yuwata/meson-versiondep
  * Merge pull request #28269 from yuwata/udev-builtin-net_id-cleanups-part1
  * Merge pull request #28595 from medhefgo/elf2efi-fixes
  * Merge pull request #28596 from keszybz/doc-updates
  * Merge pull request #28599 from keszybz/two-compilation-fixes
  * Merge pull request #28423 from dvdhrm/pr/memfd
  * Merge pull request #28630 from fbuihuu/update-testsuite-for-opensuse
  * Merge pull request #28623 from yuwata/udev-builtin-net_id-cleanups
  * systemd-userdbd: depend on libnss-systemd
  * Merge pull request #28651 from kraj/kraj/include-fixes
  * Merge pull request #28673 from YHNdnzj/hibernate-resume-escape-node
  * portablectl: fix regression when using --force without extension parameters
  * Merge pull request #28679 from keszybz/two-new-news-tweaks
  * Merge pull request #28398 from ddstreet/tpm2_specify_pcr_value
  * Merge pull request #28710 from rpigott/zsh-non-template-cache
  * Merge pull request #28727 from yuwata/proc-cmdline-cleanups
  * New upstream version 254.1
  * Update upstream source from tag 'upstream/254.1'
  * Refresh patches for v254.1
  * Update changelog for 254.1-1 release
  * Merge pull request #28734 from loongarch64/dev-wu-main
  * Merge pull request #28743 from mrc0mmand/lint-python-scripts
  * systemd: do not ship empty .wants/ directories
  * Update changelog for 254.1-1 release
  * Build-depend on tzdata-legacy | tzdata
  * Update changelog for 254.1-2 release
  * core: copy os-release with COPY_TRUNCATE
  * core: allow to pass EINVAL to unit_add_two_dependencies()
  * core: split manager's process killing on shutdown to separate helper
  * man: systemd-repart can now create filesystems, update manpage
  * Merge pull request #28799 from bluca/fixlets
  * mkosi: disable key check on Fedora Rawhide for now
  * test: skip test-path on Salsa CI
  * Backport patch to fix test-path failure on Salsa CI
  * Salsa: re-enable build time tests
  * Salsa: disable reprotest
  * Merge pull request #28835 from mrc0mmand/more-tests
  * Merge pull request #28812 from DaanDeMeyer/sector-size
  * Merge pull request #28839 from DaanDeMeyer/repart-followups
  * Merge pull request #28733 from goenkam/maanya/systemd-scoped
  * hwdb: update autosuspend rules
  * Merge pull request #28854 from keszybz/mailmap-and-license-info
  * core: stage /run/host/os-release with a symlink to avoid possible race condition
  * Merge pull request #28758 from keszybz/negative-errno-macro
  * Merge pull request #28862 from DaanDeMeyer/swap
  * Merge pull request #28751 from yuwata/mount-revert
  * Merge pull request #28832 from dtardon/list-clear
  * Merge pull request #28697 from 1awesomeJ/new_bsod
  * Merge pull request #28846 from ssahani/custom-duid-dhcp4-26745
  * Merge pull request #28870 from ssahani/rto-min-network
  * Merge pull request #28871 from ssahani/route-hoplimit
  * sd-mount: allow creating tmpfs
  * Merge pull request #28977 from keszybz/drop-versiondep
  * test-dhcp-client: add temporary workaround for assertion failure
  * Merge pull request #28916 from ddstreet/tpm2_pcr_value_post_merge
  * Merge pull request #28948 from poettering/tpm2-duplicate-pcr-names
  * Merge pull request #28328 from yuwata/network-ndisc-limit-captive-portal
  * Merge pull request #28998 from YHNdnzj/logind-vt-handling
  * autopkgtest: add workaround for lxc+apparmor regression
  * Merge pull request #28999 from keszybz/two-man-ukify-fixe
  * Merge pull request #28955 from poettering/generic-pe
  * Merge pull request #29013 from yuwata/sd-dhcp-client-ensure-iaid-and-duid
  * mkosi: pin CentOS9 kernel to working version
  * busctl: do not print start/stop monitoring messages with --quiet/--json
  * Merge pull request #28963 from YHNdnzj/loginctl-table
  * Merge pull request #28976 from yuwata/network-ndisc-drop-on-zero-lifetime
  * Merge pull request #28988 from keszybz/sd128-arbitrary-values
  * mkosi: temporarily disable Arch
  * Merge pull request #29055 from mrc0mmand/bash-comp
  * Merge pull request #29059 from YHNdnzj/catalog-followup
  * Merge pull request #29070 from YHNdnzj/foolish-mistakes
  * Merge pull request #29080 from mrc0mmand/test-tweaks
  * dissect: add 'f2fs' to allow-listed filesystems
  * Merge pull request #29089 from yuwata/network-ndisc-pref64-follow-ups
  * Merge pull request #29091 from yuwata/sd-dhcp-client-use-usec
  * Merge pull request #29099 from medhefgo/ci
  * Merge pull request #29101 from DaanDeMeyer/kernel
  * Merge pull request #29098 from keszybz/man-page-postreview-fixup
  * New upstream version 254.2
  * Update upstream source from tag 'upstream/254.2'
  * Refresh patches for 254.2
  * Update changelog for 254.2-1 release
  * Merge pull request #29121 from yuwata/network-drop-duplicated
  * New upstream version 254.3
  * Update upstream source from tag 'upstream/254.3'
  * Update changelog for 254.3-1 release
  * Merge pull request #29116 from yuwata/network-sriov-debug
  * Merge pull request #29127 from YHNdnzj/wall-followup
  * Merge pull request #29143 from DaanDeMeyer/mkosi-presets
  * Merge pull request #29142 from poettering/pidref
  * Merge pull request #29130 from poettering/unit-defaults
  * core: use structured initialization in exec_context_init
  * Revert "autopkgtest: add workaround for lxc+apparmor regression"
  * Update changelog for 254.3-1 release
  * core: dump jobs list on sigrtmin+18 with 0x500
  * logind: add PrepareForShutdownWithMetadata signal
  * Merge pull request #29156 from bluca/signal_dump_jobs
  * upstream-ci: run unit tests from installed location
  * Merge pull request #29119 from yuwata/network-dhcp-server-allow-null-server-address
  * meson: add TODO to switch to new 'follow_symlinks' option in the future
  * Merge pull request #29204 from poettering/pe-section-fix
  * meson: fix TODO regarding next meson version
  * Merge pull request #29186 from keszybz/man-notifications-and-fd-store
  * Merge pull request #29152 from poettering/pidref-more
  * Merge pull request #29217 from behrmann/typofixes
  * boot: use separate SBAT project names for stub and boot
  * Merge pull request #29150 from abderrahim/version-info-dbus
  * boot: skip loading DTBs in type 1 when secure boot is enabled
  * New upstream version 254.4
  * Update upstream source from tag 'upstream/254.4'
  * Refresh patches
  * Open changelog for 254.4-1 release
  * Merge pull request #29235 from yuwata/sd-journal-reset-saved-direction-on-seek
  * Install factory-reset related units
  * Update changelog for 254.4-1 release
  * Merge pull request #29252 from yuwata/sd-dhcp6-client-use-usec_t
  * Merge pull request #29253 from yuwata/sd-radv-use-usec_t
  * meson: relax ukify requirements
  * Merge pull request #29282 from YHNdnzj/hibernate-resume-meson
  * Merge pull request #29258 from yuwata/sd-dhcp-client-split-out
  * Merge pull request #29254 from yuwata/sd-ndisc-use-usec_t
  * Merge pull request #29303 from abderrahim/syntax-fixes
  * Merge pull request #29308 from aafeijoo-suse/dissect-fix
  * Merge pull request #29314 from YHNdnzj/firstboot-fixup
  * man: document SystemState's possible values
  * Merge pull request #29296 from keszybz/make-cryptsetup-offical-and-add-docs
  * Merge pull request #29134 from nabijaczleweli/short-iso-timestamp
  * Merge pull request #29353 from YHNdnzj/nft-followup
  * pid1: add SurviveFinalKillSignal= to skip units on final sigterm/sigkill spree
  * docs: note root storage daemons can now also use SurviveFinalKillSignal=yes
  * Merge pull request #29359 from poettering/bootctl-uki-measured
  * Merge pull request #29295 from valentindavid/valentindavid/sysupdate-patterns-in-directory
  * core: improve error message when setting up service mounts
  * Merge pull request #28545 from bluca/softreboot_survive
  * Merge pull request #29361 from keszybz/kernel-install-work
  * Merge pull request #29249 from poettering/pid1-error-message
  * automount: fix unused value coverity warnings
  * Merge pull request #29374 from mrc0mmand/test-tweaks
  * Merge pull request #29363 from medhefgo/elf2efi
  * Merge pull request #29380 from medhefgo/ms-certs
  * New upstream version 254.5
  * Update upstream source from tag 'upstream/254.5'
  * Refresh patches for 254.5
  * Update changelog for 254.5-1 release
  * Merge pull request #29384 from yuwata/sd-journal-cleanups-for-generic-array-get
  * Merge pull request #29335 from abderrahim/version-info-check
  * test: fix check in test unit in TEST-50-DISSECT
  * mountpoint-util: add bool mount_new_api_supported() helper
  * mount-util: use new mount API for bind mount tunnel
  * dissect-image: support verity_dissect_and_mount() in two steps too
  * Merge pull request #29400 from yuwata/network-limit-read-size
  * docs: add document about UEFI security posture in src/boot/efi/
  * mount-util: use new mount API for image mount tunnel
  * Merge pull request #29339 from bluca/mount_namespace_new_api
  * Merge pull request #29407 from CM4all/test-kernel-acl-dummy
  * doc: add compiler hardening details to UEFI SECURITY.md
  * docs: rename src/boot/efi/SECURITY.md as UEFI_SECURITY.md
  * Merge pull request #29390 from yuwata/sd-netlink-make-default-timeout-configurable
  * docs: rephrase sentence about addons measuring in UEFI_SECURITY.md
  * docs: rephrase sentence about UKIs in UEFI_SECURITY.md
  * docs: fix spelling in UEFI_SECURITY.md
  * Merge pull request #29428 from mrc0mmand/soft-reboot
  * Merge pull request #29426 from ddstreet/tpm2_minor_changes
  * docs: fix typo in UEFI_SECURITY.md
  * Merge pull request #29391 from lf-/jade/analyze-plot-tooltips
  * Merge pull request #29450 from YHNdnzj/run-mandatory
  * Merge pull request #29442 from yuwata/network-dhcp4-preferred-address
  * Merge pull request #29438 from evelikov/document-rm-extra-uefi-vars
  * Merge pull request #29470 from yuwata/network-test-mode
  * core: improve debug logs when failing to create symlinks in namespaces
  * Merge pull request #29475 from keszybz/remove-wrapper-functions
  * Merge pull request #29490 from yuwata/network-tc-fixes
  * Merge pull request #29495 from yuwata/network-manager-state-file
  * dissect: avoid clobbering device-mapper error when activating verity
  * mkosi: use different configs for Debian kernel package list
  * efi: add EFI_TCG2_TAGGED_EVENT and helpers
  * efi: add xmemdup
  * Move CLEANUP_ARRAY to src/fundamental
  * stub: add support for dtb addons
  * stub: measure all cmdline addons together
  * boot: measure loader.conf in PCR5
  * Update TODO
  * Merge pull request #28699 from bluca/dtb_addon
  * Merge pull request #29507 from abderrahim/doc-sync-improvement
  * docs: clarify difference between kernel stub and sd-stub in UEFI doc
  * core: fix checking for extension-releases for ExtensionImages/Directories
  * test: add space-separated test for LogFilterPatterns
  * env-util: add helper to replace env block
  * process-util: add posix_spawn helper
  * core: add exec_params_dump helper
  * core: ensure execute/spawn functions can work without manager object
  * core: ensure execute/spawn functions can work without Unit object
  * serialize: add serialize_item_hexmem()
  * serialize: add serialize_item_base64mem()
  * serialize: add serialize_item_tristate()
  * serialize: add serialize_string_set()
  * serialize: add open_serialization_file()
  * serialize: add serialize_image_policy()
  * core: add cgroup_add_or_update_device_allow()
  * core: add serialization/deserialization for ExecContext
  * core: add serialization/deserialization for ExecCommand
  * core: add serialization/deserialization for ExecParameters
  * core: add serialization/deserialization for ExecRuntime
  * core: add serialization/deserialization for CGroupContext
  * core: add systemd-executor binary
  * core: move code from execute.c to exec-invoke.c
  * Merge pull request #29502 from keszybz/sd-boot-config-tweaks
  * Merge pull request #29551 from poettering/no-empty-structs-in-varlink
  * Merge pull request #27890 from bluca/executor
  * Merge pull request #29525 from poettering/confext-sysext-multimodal
  * Merge pull request #29569 from YHNdnzj/foreach-array
  * core: fix deserialization copypasta
  * mount-util: use mount beneath to replace previous namespace mount
  * Merge pull request #29586 from poettering/read-stripped-line
  * Merge pull request #29441 from evelikov/no-input-delay
  * Merge pull request #29583 from poettering/deserialize-fd-many
  * Merge pull request #29611 from mrc0mmand/execute-serialize-fuzz
  * Merge pull request #29595 from YHNdnzj/systemctl-failed-system
  * Merge pull request #29617 from keszybz/efi-no-xmalloc0
  * executor: fix double free of MountOptions
  * mount tunnel: use PidRef
  * Update TODO
  * Merge pull request #29623 from YHNdnzj/core-followup
  * Merge pull request #29629 from bluca/mount_tunnel_pidref
  * Merge pull request #29628 from mrc0mmand/systemd-executor-test
  * man: mention that inhibit blocks soft-reboot too
  * executor: return instead of assert on invalid command line arguments
  * Merge pull request #29618 from bonktree/fchmodat2
  * systemctl: automatically softreboot/kexec if set up on reboot
  * Merge pull request #29627 from poettering/io-split
  * Merge pull request #29626 from bluca/auto_soft_reboot
  * Merge pull request #29644 from poettering/json-iovec
  * Merge pull request #29650 from YHNdnzj/more-followup
  * Merge pull request #29652 from yuwata/dhcp-cleanup-headers
  * Merge pull request #29382 from YHNdnzj/sleep-round-two
  * Merge pull request #29674 from poettering/unexport-marshal-blob
  * Merge pull request #29633 from yuwata/dhcp-ipv6-only-mode-follow-ups
  * systemctl: fallback if logind doesn't support new flag
  * Merge pull request #29685 from poettering/cryptenroll-reduce-scope
  * Merge pull request #29601 from yuwata/mmap-check-overflow
  * Merge pull request #29677 from keszybz/rewinddir-alternative-fix
  * Merge pull request #29689 from mrc0mmand/test-shutdown
  * Merge pull request #29553 from keszybz/analyze-cat-config-tldr
  * Merge pull request #29698 from poettering/tpm2-no-best-pcr
  * Merge pull request #29695 from poettering/repart-reduce-global-vars
  * Merge pull request #29704 from mrc0mmand/cocci
  * Merge pull request #29710 from mrc0mmand/test-pcrextend
  * core: do not reset tty if there's no tty configured
  * Merge pull request #29529 from yuwata/core-namespace-check-priv
  * Merge pull request #29720 from poettering/cgls-fix-delegate
  * core: do not post-process skipped mounts
  * Merge pull request #29727 from aafeijoo-suse/default-tpm2-public-key-fix
  * Merge pull request #29711 from berrange/tests-silverblue
  * Merge pull request #29332 from esposem/ukify_simplify
  * resolved: fix build failure with gnutls
  * CI: add a build job with TPM but without OpenSSL
  * Merge pull request #29745 from mrc0mmand/more-tests
  * Merge pull request #29734 from YHNdnzj/fstab-filter-options
  * Merge pull request #29737 from glance-/tpm2-openssl
  * test: io.latency cgroup support might not be available, skip test
  * exec-invoke: don't double-close FDs on error
  * Update NEWS
  * core: rename and add comment to ExecParameters cleanup functions
  * Merge pull request #29803 from poettering/coredump-message-tweaks
  * NEWS: add contributors list
  * Update hwdb
  * Update hwdb autosuspend rules
  * tools: syscall tables moved to a subdirectory
  * Update syscalls table
  * meson: bump versions for v255-rc1
  * Merge pull request #29691 from yuwata/dissect
  * Merge pull request #29764 from dtardon/varlink-io.systemd.service
  * Merge pull request #29816 from bluca/rel
  * mkosi: explicitly disable KVM in GHA runs
  * mount-util: call CLEANUP_ARRAY after allocating array
  * Merge pull request #29748 from poettering/tgtmode
  * Merge pull request #29792 from poettering/resolved-monitor-packet
  * Merge pull request #29508 from CodethinkLabs/systemd-vmspawn-pr
  * Merge pull request #28891 from poettering/pcrlock
  * NEWS: fix typo and reword meson option entry
  * NEWS: add entry for vmspawn
  * strv: add strv_free_many() to be used with CLEANUP_ARRAY()
  * core: check that extensions have the hierarchies before overlaying
  * Merge pull request #29847 from dtardon/udevadm-control-arg-processing
  * Merge pull request #29839 from goenkam/maanya/portabled_support_for_confext
  * Update NEWS
  * Merge pull request #29848 from poettering/base64url-too
  * Merge pull request #29469 from yuwata/sd-journal-pin-object
  * Merge pull request #29402 from yuwata/sd-journal-cleanups-for-generic-array-bisect
  * NEWS: update for deprecated sleep configs
  * man: drop obsolete reference to SuspendMode=
  * Merge pull request #29858 from bluca/news
  * Merge pull request #29862 from mrc0mmand/udevadm-followups
  * Update NEWS
  * Merge pull request #29873 from yuwata/network-revert-hop-limit
  * NEWS: update contributors list
  * Update hwdb
  * NEWS: finalize
  * Merge pull request #29875 from bluca/news
  * gbp.conf: set branch to debian/experimental
  * New upstream version 255~rc1
  * Update upstream source from tag 'upstream/255_rc1'
  * Drop test-skip-test-path-on-Salsa-CI.patch, merged upstream
  * Drop Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch, no longer necessary
  * NEWS: fix typo
  * Refresh patches
  * Merge pull request #29872 from yuwata/udevadm-trigger-receive-buffer-size
  * udev: ressize -> result_size
  * man: fix typo
  * test: fix build without SBAT_DISTRO
  * Temporarily keep systemd.pc and udev.pc poin to legacy unmerged paths
  * systemd/udev: assert that the system is merged-usr
  * Drop deprecated split-usr and install files from /usr
  * Install new pam_systemd_loadkey module
  * Install the default pcrlock config files
  * Update libsystemd0.symbols
  * Merge pull request #29894 from bluca/typo
  * autopkgtest: add dependencies on python3-pefile and nvme-cli for upstream suite
  * Backport patch to fix arm64 cross-build
  * Update Lintian overrides
  * Update changelog for 255~rc1-1 release
  * Merge pull request #29882 from keszybz/documentation-cleanup
  * Build-depend on python3-pefile on all architectures
  * meson: use enabled/disabled instead of true/false for 'feature' options
  * meson: use canonical paths for configured tools too
  * Fix typo in d/changelog
  * Update changelog for 255~rc1-2 release
  * Do not ship repart.standalone and shutdown.standalone
  * Merge pull request #29888 from mrc0mmand/network-generator
  * /usr/lib/sysvinit/telinit was dropped long ago, use /usr/sbin/telinit
  * Add Suggests: libip4tc2 as it is now dlopen'ed
  * Drop rc/rcS masking, no longer necessary
  * Add Conflicts to avoid issues due to DEP17P3
  * Update changelog for 255~rc1-3 release
  * Merge pull request #29909 from keszybz/documentation-cleanup
  * Merge pull request #29914 from yuwata/network-generator
  * Merge pull request #6763 from kinvolk/iaguis/no-new-privs
  * Merge pull request #29915 from mrc0mmand/ntp-followups
  * Merge pull request #29913 from keszybz/vmspawn-ci
  * Merge pull request #29921 from yuwata/sd-dhcp-client-timestamp
  * core: call mac_init from sd-executor
  * core: fix build with -Dutmp=false
  * ci: add -Dutmp=false coverage
  * Merge pull request #29931 from dtardon/udev-remove-property
  * Merge pull request #29927 from yuwata/resolve-mdns-fixlets
  * Merge pull request #29942 from bluca/executor_no_utmp
  * Merge pull request #29783 from CodethinkLabs/vmspawn/notify-socket-forward-pr
  * Merge pull request #29954 from DaanDeMeyer/fix
  * portablectl: fix detaching when an extension image has been deleted
  * Merge pull request #29947 from poettering/srk-beefup
  * Merge pull request #29955 from poettering/repart-seal-key
  * Merge pull request #29981 from yuwata/network-dhcp6-pd-without-address
  * Merge pull request #29982 from poettering/repart-message-tweaks
  * Add version to Conflict with molly-guard
  * selinux: avoid probing memory status if debug logs are not enabled
  * selinux: support lazy initialization
  * executor: lazily load SELinux
  * selinux: change fd check into assertion
  * test: sort files in generate-sym-test.py
  * Merge pull request #29989 from yuwata/conf-parser-arg-type
  * Move systemd-hwdb-update.service to udev package
  * Merge pull request #29996 from keszybz/ukify-summary-and-sbom-sections
  * Update changelog for 255~rc1-4 release
  * Merge pull request #30016 from dtardon/udevadm-control-p-test
  * Merge pull request #30018 from mrc0mmand/TEST-70
  * Merge pull request #30007 from YHNdnzj/memory-attr-followup
  * selinux: fix loading policy at early boot
  * Merge pull request #30023 from mrc0mmand/selinux
  * NEWS: update for latest features
  * NEWS: update contributors list
  * Update syscalls list
  * docs/RELEASE.md: retain systemd.io in IRC topic update
  * hwdb: PNP/ACPI lists on uefi.org are now in CSV format
  * Update hwdb
  * Update po files
  * Merge pull request #30028 from yuwata/duid-fix-size
  * Merge pull request #30030 from poettering/gpt-growfs-root-fix
  * Merge pull request #30035 from keszybz/buid-sys-cleanups
  * Merge pull request #30033 from mrc0mmand/assert_return-tweaks
  * NEWS: finalize for v255-rc2
  * New upstream version 255~rc2
  * Update upstream source from tag 'upstream/255_rc2'
  * Drop fix-build-without-SBAT_DISTRO.patch, merged upstream
  * gbp.conf: move back to debian/master
  * Refresh patches
  * Update changelog for 255~rc2-1 release
  * sd-dhcp: use CMSG_FIND_AND_COPY_DATA to avoid build failures on x32 architectures
  * Merge pull request #30047 from yuwata/sd-bus-assert-return
  * Merge pull request #30052 from dtardon/udev-fixes
  * Merge pull request #30055 from YHNdnzj/logind-handle-action
  * loop-util: restart loop_configure and reopen FD when O_DIRECT fails
  * loop-util: use the right error variable in log_debug_errno after fd_reopen
  * test: minix fsck not found on alpha
  * test: avoid asserting on default user shell
  * Merge pull request #30066 from bluca/test
  * Merge pull request #30064 from bluca/unbork_direct_io
  * mkosi ci: enable jammy-proposed
  * Merge pull request #30078 from yuwata/test-setup-logging
  * test-condition: skip group test during Debian package build
  * test: add simple test case for invalid userspace log records
  * Merge pull request #30095 from yuwata/kernel-install-exit-code
  * Merge pull request #30104 from poettering/pcrlock-empty-object-fix
  * Merge pull request #30074 from YHNdnzj/hibernate-unsupported
  * Bump conflict with molly-guard to 0.8.2
  * Backport patches to fix FTBFS on hppa and x32
  * Update changelog for 255~rc2-3 release
  * Merge pull request #30108 from mrc0mmand/packit-testing-farm
  * man: correct version tags in systemd-vmspawn
  * d/systemd.install: mark pcrlock.d as !stage1
  * Merge pull request #30128 from yuwata/network-rapid-commit-follow-ups
  * Merge pull request #30024 from keszybz/one-doc-thingy
  * Merge pull request #30143 from poettering/machine-credential-fixes
  * Merge pull request #30149 from yuwata/setlocale
  * Merge pull request #30145 from poettering/reset-terminal-line-editing
  * hwdb: update
  * NEWS: update contributors list
  * NEWS: note about reexec on update, for sd-executor
  * Merge pull request #30153 from bluca/news
  * Finalize NEWS for v255-rc3
  * New upstream version 255~rc3
  * Update upstream source from tag 'upstream/255_rc3'
  * Drop patches merged upstream
  * Refresh patches
  * systemd: reexec user manager sessions on upgrade
  * autopkgtest: install dhcpcd-base for boot-and-services
  * Update changelog for 255~rc3-1 release
  * systemd: ignore _systemctl kill failures in postinst
  * Update changelog for 255~rc3-2 release
  * Merge pull request #30163 from keszybz/some-docs-updates
  * Merge pull request #30165 from YHNdnzj/executor-open-fix
  * core: pass bpf_outer_map_fd to sd-executor only if RestrictFileSystems was set
  * core: remove redundant check when serializing FDs
  * Merge pull request #30172 from yuwata/analyze-verify-unit-path
  * Merge pull request #30170 from bluca/exec_bpf_fd
  * Merge pull request #30220 from yuwata/journald-vs-soft-reboot
  * Merge pull request #30216 from poettering/loginctl-table-tweaks
  * Merge pull request #30203 from yuwata/resolve-dump-cache
  * d/rules: remove duplicated line
  * core: add WantsMountsFor=
  * core: add WantsMountsFor= on WorkingDirectory= if it's allowed to be missing
  * core: use new WantsMountsFor= for PrivateTmp=yes and tmp.mount
  * core: switch var-tmp.mount to WantsMountsFor for PrivateTmp=yes
  * cryptsetup: use WantsMountsFor= for key/header when nofail is set
  * Update TODO
  * Revert "mkosi ci: enable jammy-proposed"
  * systemd.pc: point unit install directory to /usr/lib/systemd/system/
  * Update changelog for 255~rc3-3 release
  * core: do not drop CAP_SETUID if it is in AmbientCapabilities=
  * NEWS: update contributors list
  * hwdb: update
  * Merge pull request #30291 from keszybz/seccomp-unknown-syscall
  * NEWS: finalize for v255-rc4
  * New upstream version 255~rc4
  * Update upstream source from tag 'upstream/255_rc4'
  * Update changelog for 255~rc4-1 release
  * Merge pull request #30297 from keszybz/fixups
  * executor: apply LogLevelMax earlier
  * Merge pull request #30314 from DaanDeMeyer/dmi
  * Backport patches to fix seccomp issues on armhf/armel/ppc64el
  * Update changelog for 255~rc4-2 release
  * Merge pull request #30313 from mrc0mmand/ubuntu-ci
  * basic: add fds_are_same_mount() helper
  * switch-root: also check that mount IDs are the same, not just inodes
  * selinux: downgrade log about state to trace
  * NEWS: update contributors list
  * NEWS: note that newly introduced tools are experimental
  * hwdb: update
  * Merge pull request #30341 from bluca/news
  * Merge pull request #30334 from DaanDeMeyer/repart-fixes
  * NEWS: finalize for v255
  * Merge pull request #30214 from bluca/wants_mounts_for
  * Merge pull request #30332 from bluca/softreboot_pivot_in_place
  * NEWS: open for v256
  * RELEASE: mark a few items for the final step
  * Merge pull request #30295 from yuwata/hostnamectl-machine-id
  * New upstream version 255
  * Update upstream source from tag 'upstream/255'
  * README.md: irc:// URLs are not rendered as links by markdown on Github
  * Drop seccomp patches, merged upstream
  * Update changelog for 255-1 release
  * core: do not make private /dev/ read-only too soon
  * core: relax dependency on RootImage= storage from Requires= to Wants=
  * core: create workdir/upperdir when mounting a Type=overlay mount unit
  * Merge pull request #30387 from mrc0mmand/TEST-17-tweaks
  * mount: check that MountParameters is valid before use
  * journal-remote: set upper length bound when parsing incoming headers
  * systemctl: fix copy/paste
  * logind: use ASSERT_PTR to validate result before use
  * test-login: remove dead code
  * Merge pull request #30407 from yuwata/network-clean-exit
  * Merge pull request #30404 from yuwata/network-peer
  * Merge pull request #30406 from yuwata/resolve-clean-exit
  * executor: don't duplicate FD array to avoid double closing
  * Merge pull request #30363 from yuwata/analyze-find-template
  * Drop pkgconfig-keep-unmerged-paths-for-udevdir.patch, no longer needed
  * Merge pull request #30450 from poettering/cgroups-delegate-attr-update
  * Merge pull request #30469 from poettering/userdbd-tweaks2
  * Merge pull request #30417 from YHNdnzj/unit-log-resource
  * Merge pull request #30484 from mrc0mmand/test-tweaks
  * Merge pull request #30492 from mrc0mmand/skip-TEST-08-without-systemd-in-initrd
  * Merge pull request #30464 from CodethinkLabs/misc-integration-test-fixes
  * New upstream version 255.1
  * Update upstream source from tag 'upstream/255.1'
  * Refresh patches
  * Merge pull request #30531 from yuwata/trivial-cleanups
  * Merge pull request #30575 from arthurzam/bash
  * Merge pull request #30550 from yuwata/network-nexthop-cleanups-3
  * test: fix check for device in test-execute
  * Merge pull request #30590 from yuwata/backlight-cleanups
  * man: conditionalize sd-pcrlock and sd-measure on the same variable as their binaries
  * meson: check for pefile dependency before enabling ukify
  * Merge pull request #30596 from yuwata/sd-device-db-cleanups
  * Merge pull request #30594 from yuwata/udev-timeout-cleanups
  * New upstream version 255.2
  * Update upstream source from tag 'upstream/255.2'
  * Drop resolved-actually-check-authenticated-flag-of-SOA-transac.patch, merged upstream
  * Update changelog for 255.2-1 release
  * udev: mips does not install dmi_memory_id and its rules
  * Update changelog for 255.2-2 release
  * Merge pull request #30631 from yuwata/network-address-free
  * bash completion: add systemctl service-log-level/target
  * bash completion: make systemctl mount-image/bind autocomplete on active services
  * analyze: allow --no-legend with architectures verb
  * bash completion: add systemd-analyze architectures
  * units: add ConditionSecurity=tpm2 to systemd-tpm2-setup units
  * Merge pull request #30674 from YHNdnzj/bus-wait-for-cleanup
  * Merge pull request #30614 from yuwata/udev-event-take-worker
  * Merge pull request #30593 from yuwata/sd-dhcp-duid
  * Merge pull request #30591 from yuwata/device-util
  * Merge pull request #30684 from systemd/update-labeler-configuration
  * json: add JSON_FORMAT_REFUSE_SENSITIVE to json_variant_format()
  * varlink: avoid logging content of message if it contains sensitive data
  * core: fix OOM check
  * core: fix cgroup copy
  * core: add an assert to guide static analysis
  * dissect: add assert to guide static analysis
  * udev: add upper bound of 5 hours to SYSTEMD_UDEV_EXTRA_TIMEOUT_SEC=
  * sd-dhcp-client: add assert_not_reached in switch case
  * tmpfiles: add --purge switch
  * Merge pull request #30759 from mrc0mmand/resolved-followup
  * Merge pull request #30774 from mrc0mmand/test-tweaks
  * Merge pull request #30743 from bluca/coverity
  * Merge pull request #30842 from aafeijoo-suse/analyze-q-man-help-fix
  * Merge pull request #30843 from keszybz/test-relative-paths
  * Merge pull request #30870 from aafeijoo-suse/firstboot-help-fix
  * Merge pull request #30809 from yuwata/resolve-fix-EDE-handling
  * Merge pull request #30811 from yuwata/network-route-metric
  * Merge pull request #30764 from yuwata/network-queue-fix-assertion
  * Merge pull request #30720 from yuwata/dhcp-server-address-verification
  * Merge pull request #30716 from yuwata/network-cancel-request
  * Merge pull request #30717 from yuwata/network-ref-unref
  * Merge pull request #30904 from YHNdnzj/no-selinux-reload
  * modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0
  * Merge pull request #30896 from yuwata/network-route-conf-parser
  * Merge pull request #30897 from yuwata/network-route-expiration
  * Merge pull request #30902 from YHNdnzj/run-accounting
  * Merge pull request #30927 from YHNdnzj/logind-action-job
  * Merge pull request #30932 from yuwata/network-route-split-out-more
  * test: create /run/sshd in TEST-74-AUX-UTILS
  * Merge pull request #30936 from yuwata/network-automatically-reconfigure-interface-on-failure
  * Merge pull request #30933 from YHNdnzj/sleep-trivial-cleanup
  * Merge pull request #30934 from yuwata/network-introduce-route-nexthop
  * Merge pull request #30953 from yuwata/network-nexthop-silently-removed-by-kernel
  * Merge pull request #30959 from poettering/varlink-debug-better
  * Merge pull request #30961 from poettering/varlink-bus-polkit-fixes
  * Merge pull request #30963 from poettering/creds-tweaks
  * Merge pull request #30949 from yuwata/network-route-cosmetic-cleanups
  * Merge pull request #30955 from yuwata/network-queue-request_detach
  * Merge pull request #30962 from poettering/varlink-json-sensitive-rework
  * Merge pull request #30972 from mrc0mmand/ci-unit-tests-ukify
  * user-util: remove dead code
  * Merge pull request #30661 from rpigott/resolved-https-record
  * Merge pull request #30990 from poettering/more-mime
  * man: add more suggestions on how to use StartUnit and JobRemoved
  * man: explicitly say that portable1's Attach/Detach are synchronous
  * Merge pull request #30988 from bluca/dbus_docs
  * Merge pull request #30956 from yuwata/nspawn-network-pass-wifi
  * Merge pull request #31009 from yuwata/network-route-convert-before-requesting
  * man: clarify description of Attach/Detach flags
  * portable: log structured message when attach/detach succeeds
  * Merge pull request #31022 from aafeijoo-suse/bash-completion-cryptenroll-2
  * cgtop: fix sscanf return code checks
  * Merge pull request #31044 from keszybz/uhttpd-alloca-print
  * Merge pull request #31053 from intelfx/work/machinectl-zsh
  * Merge pull request #30130 from poettering/pcrlock-root
  * mkosi: install libip4tc2 in debian/ubuntu
  * New upstream version 255.3
  * Update upstream source from tag 'upstream/255.3'
  * Drop patches merged upstream
  * Refresh patches
  * Update changelog for 255.3-1 release
  * Merge pull request #31090 from poettering/bpf-lsm-rename
  * test: unset TZ before timezone-sensitive unit tests are run
  * CI: set TZ= in a unit test run to ensure tests don't break
  * Backport patches to fix reproducibility issues
  * Salsa: re-enable reprotest
  * sd-bus: fix exiting event loop when sd_bus_set_exit_on_disconnect is used
  * core: add SYSTEMD_VERITY_SHARING env var for local development
  * man: add working example for sd_bus_set_watch_bind()
  * Merge pull request #31105 from mrc0mmand/test-nspawn
  * Update changelog for 255.3-2 release
  * Merge pull request #31106 from poettering/bus-creds-pidref
  * socket-util: check for sysconf() error before using value
  * core: use PidRef in exec_spawn
  * executor: really set POSIX_SPAWN_SETSIGDEF for posix_spawn
  * core: add support for pidfd_spawn
  * TODO: drop clone3 item
  * Merge pull request #31205 from YHNdnzj/path-is-mount-point
  * Merge pull request #31210 from poettering/chdir-hardening
  * Merge pull request #31202 from YHNdnzj/creds-reuse
  * portable: add --copy=mixed to copy images and link profiles
  * Merge pull request #31264 from poettering/sysext-help
  * Merge pull request #31224 from mrc0mmand/packit-bpftool-workaround
  * Merge pull request #31243 from YHNdnzj/systemctl-disable-now-template
  * openssl: add helper to load key from provider/engine
  * repart: support OpenSSL engines/providers for signing
  * Merge pull request #31268 from poettering/bpf-device-fixes
  * Merge pull request #31261 from bluca/repart_engine
  * Merge pull request #31273 from mrc0mmand/test-55-arch-gcc
  * Drop override for deprecated package-supports-alternative-init-but-no-init.d-script warning
  * Build-depend on pkgconf
  * Move kernel-install initrd script to slightly later prefix
  * Merge pull request #31162 from poettering/tint-tweaks
  * varlink: fix dead code
  * meson: do not attempt to install tests when they are disabled
  * Merge pull request #31283 from CodethinkLabs/vmspawn/start_from_template
  * Merge pull request #28761 from esposem/cmdline_manager
  * Merge pull request #31317 from fbuihuu/update-tests-for-suse
  * Merge pull request #31286 from poettering/bootctl-varlink
  * man: enchance sd_bus_set_watch_bind() example to handle one more failure
  * Merge pull request #30910 from YHNdnzj/logind-followup
  * Merge pull request #31311 from yuwata/journal-user-corruption
  * Merge pull request #31218 from CodethinkLabs/vmspawn/journal_forwarding
  * Merge pull request #31127 from poettering/cgroup-runtime2
  * Merge pull request #31367 from yuwata/cgroup-runtime-fix
  * man: create reusable snippet for 'vpick' entries
  * core: add support for vpick for ExtensionImages=
  * core: add support for vpick for ExtensionDirectories=
  * man: fix typo in uid0.xml
  * Mark python3-pefile build dependency as native
  * Skip python3-pefile build dependency only if both nocheck and noinsttests are set
  * Build with -Dtests=false if nocheck and noinsttest profiles are set
  * Merge pull request #31364 from bluca/vpick_ext
  * Merge pull request #30840 from AdrianVovk/homed-bulk-v2
  * Merge pull request #31357 from keszybz/cleanups-vmspawn
  * Merge pull request #31351 from YHNdnzj/exit-status-no-executable
  * Merge pull request #31388 from keszybz/bitfield-cleanup
  * Merge pull request #31400 from poettering/askpw-rework
  * Merge pull request #31426 from YHNdnzj/logind-minor-cleanup
  * Merge pull request #31326 from CodethinkLabs/vmspawn/extra_drives
  * systemd-binfmt: use restart instead of try-restart on upgrade
  * d/e/checkout-upstream: do not rebase when building on systemd-stable repo
  * d/e/checkout-upstream: build with default-timeout-sec=180
  * d/e/checkout-upstream: enable log-trace by default
  * d/e/checkout-upstream: do not install userdbd sshd config drop-in
  * d/t/upstream: add dependencies on openssh, gnutls-bin, opensc and softhsm2
  * d/t/upstream: fix shellcheck warning
  * Add dependency on libkmod2 on udev, and suggestion on systemd
  * Merge pull request #31432 from poettering/vmspawn-qemu-rename
  * Update tzdata build dependency constraint to 2024a-1
  * Merge pull request #31414 from poettering/bsod-tweaks
  * Merge pull request #31445 from keszybz/slow-tests
  * fsckd: mark as not needed for pkg.systemd.upstream profile
  * Merge pull request #31441 from yuwata/sd-ndisc-fix-timer
  * Merge pull request #31411 from poettering/build-path
  * Merge pull request #31465 from xypron/detect-virt
  * Merge pull request #31464 from poettering/vmspawn-limit-bank
  * efi: de-inline xmalloc to fix build failure with gcc 12.2 and -O2
  * Fallback from pidfd_open on permission errors too
  * Drop libarchive-dev build dependency
  * Merge pull request #31440 from yuwata/sd-ndisc-sd-radv-cleanups
  * Merge pull request #31480 from rpigott/dnssec-maxwork
  * Merge pull request #31458 from poettering/vmspawn-ptyfwd
  * Merge pull request #31000 from flatcar-hub/krnowak/mutable-overlays
  * upstream-ci: install ssh-generator files
  * upstream-ci: install new link files for generated interfaces
  * upstream-ci: install uid0 files
  * upstream-ci: install homed fallback shell
  * upstream-ci: install systemd-vpick
  * upstream-ci: install homed-firstboot unit
  * upstream-ci: install tpm2 generator
  * upstream-ci: install MIME io.systemd file
  * upstream-ci: install udev.conf.d manpage
  * upstream-ci: install new varlink services
  * New upstream version 255.4
  * Update upstream source from tag 'upstream/255.4'
  * Drop patches merged upstream
  * Update changelog for 255.4-1 release
  * Merge pull request #31442 from YHNdnzj/towards-cgroup-v1-deprecation
  * Merge pull request #31515 from keszybz/small-cleanups-after-review-of-stable-batch
  * install: fix compiler warning about empty directive argument
  * test/README: update ubuntu IRC channel for CI help
  * test/README: document how to add a new empty release to the PPA to migrate the CI to a new version
  * semaphore: enable backports to get new dependencies
  * semaphore: set upstream build profile and set default branch to debian/master
  * Merge pull request #31293 from ragazenta/netdev_rps
  * Merge pull request #31526 from poettering/proc-cmdline-underscorify
  * Merge pull request #31524 from poettering/secure-getenv-naming-fix
  * semaphore: speed up build
  * Merge pull request #31430 from CodethinkLabs/vmspawn/machinectl_vmspawn_support
  * Merge pull request #31544 from mrc0mmand/more-test-tweaks
  * Merge pull request #31551 from keszybz/rpm-macro-kernel-install
  * test: enable PAM debug logs in TEST-46-HOMED
  * autopkgtest: add dhcpcd5 as alternative dependency to dhcpcd-base
  * userdbd: install ssh integration config snippets
  * d/e/checkout-upstream: stop overriding sshconfdir
  * repart: add --private-key-source and drop --private-key-uri
  * measure: add support for --certificate and --private-key-source for engine/provider signing
  * ukify: add support for engine signing of PCR signatures
  * CI: free up diskspace before mkosi jobs
  * Merge pull request #31587 from yuwata/udev-rps-follow-ups
  * autopkgtest: install systemd-resolved for all suites
  * autopkgtest: add breaks-testbed to more tests
  * Merge pull request #31594 from YHNdnzj/logind-seat-basename
  * autopkgtest: restrict systemd-boot-efi to architectures where it's built
  * Install new importctl binary
  * d/rules: install pkla files when building for old upstream CI jobs
  * d/rules: fix check for upstream profile for pkla installation
  * Merge pull request #31607 from mrc0mmand/update-translation-strings
  * Merge pull request #31615 from poettering/hostname-method-missing
  * test: fix test-loopback failure when lacking privileges
  * test: fix test-resolved-stream unit test failure
  * Merge pull request #31582 from bluca/fix_hostnamed_ci
  * Merge pull request #31631 from mrc0mmand/mkosi-addons
  * ukify: convert certificate to public key before embedding in .pcrpkey
  * Merge pull request #31621 from poettering/resolved-proxy-do
  * Merge pull request #31580 from poettering/resolved-naptr
  * Merge pull request #31657 from mrc0mmand/test-execute-shenanigans
  * escape: fix operator precedence in overflow check
  * resolve: disambiguate return statement
  * Merge pull request #31616 from poettering/resolved-varlink-resolve-record
  * Merge pull request #31628 from YHNdnzj/tmpfiles-acl
  * Merge pull request #31590 from YHNdnzj/install-cleanup
  * Merge pull request #31659 from YHNdnzj/freezer-followup
  * Install new templated/root quotacheck/quotaon units
  * semaphore: move back to autopkgtest master branch
  * semaphore: drop some manual build deps, handled by package
  * Use wildcard for quotacheck/quotaon units
  * Enable libpwquality support
  * man: fix systemd-measure manpage conditional
  * Install systemd-measure.1 on all architectures
  * Merge pull request #31705 from YHNdnzj/quotacheck-followup
  * Merge pull request #31675 from rpigott/dns-refuse
  * Merge pull request #31706 from DaanDeMeyer/smbios
  * semaphore: remove workaround for adduser
  * Merge pull request #31711 from YHNdnzj/gpt-auto-has-node
  * polkit: update the rest of bus_verify_polkit_async_full() calls to new flags parameter
  * Merge pull request #31721 from aafeijoo-suse/service-util-help-fix
  * ukify: really add default .sbat for UKIs
  * Merge pull request #31735 from mrc0mmand/test-runner
  * Install networkd units with wildcard
  * Merge pull request #31729 from aafeijoo-suse/logind-cleanups
  * Merge pull request #31584 from yuwata/sd-ndisc-option-parser-cleanups
  * Merge pull request #31761 from CodethinkLabs/vmspawn/bug_fixes
  * NEWS: fix typo and reword a couple of entries
  * Merge pull request #31791 from yuwata/sd-dhcp-server-several-preparations
  * portable: when logging about attaching, include the used profile
  * shell completion: add --copy=mixed in portablectl
  * NEWS: mention portablectl --copy=mixed
  * Merge pull request #31821 from behrmann/news256
  * Merge pull request #31829 from keszybz/more-header-checks
  * Merge pull request #31811 from yuwata/network-pin-persistent-storage
  * Merge pull request #31778 from yuwata/kbd-util
  * Merge pull request #31747 from yuwata/ptyfwd
  * Rename uid0 to run0
  * Add build dependency on libarchive-dev
  * Merge pull request #31827 from rpigott/resolved-faster-dnssec
  * Merge pull request #31844 from keszybz/missing-extra-checks
  * test: delete private images on clean-again
  * test: run clean-again between tests, not at the end
  * Merge pull request #31868 from bluca/test_cleanup
  * Merge pull request #31902 from YHNdnzj/swap-followup
  * Merge pull request #31908 from DaanDeMeyer/mkosi
  * Merge pull request #31670 from CodethinkLabs/vmspawn/generate_ssh_keys
  * Merge pull request #31552 from AdrianVovk/homed-update-policy-v2-split
  * Merge pull request #31913 from YHNdnzj/dynamic-user-unref
  * Merge pull request #31917 from keszybz/path-equal-ptr-drop
  * Merge pull request #31916 from YHNdnzj/socket-load-service
  * Merge pull request #31919 from YHNdnzj/analyze-verify
  * test: explain how Ubuntu CI log URLs are created
  * d/e/checkout-upstream: do not initialize submodules
  * homework: add missing assert
  * test: add missing return value check in test-dirent-util
  * Merge pull request #31730 from yuwata/network-dhcp-server-lease-file-follow-ups
  * Merge pull request #31801 from flatcar-hub/krnowak/sysext-config
  * test: use /run/ instead of /etc/ in TEST-75-RESOLVE
  * resolved: support reloading configuration at runtime
  * Merge pull request #31943 from yuwata/sd-ndisc-option-getter-remover
  * Install new capsule units/manpages
  * Install ssh-access target
  * core: do not serialize timestamps that are re-measured on soft-reboot
  * core: add SoftRebootStartTimestamp
  * analyze: show only current times after soft-reboot
  * core: add counter for soft-reboot iterations
  * Merge pull request #31980 from bluca/soft_reboot_timestamps
  * Merge pull request #31964 from yuwata/journalctl-filter-cleanups
  * Merge pull request #31965 from yuwata/logs-show-cleanups
  * analyze: fix plot with soft-reboot
  * run: fix generated unit name clash after soft-reboot
  * Merge pull request #31994 from yuwata/network-dhcp-server-follow-ups
  * os-util: allow matching versioned image with extension-release file
  * Ensure that a portable is not detached when another portable that shares the same base is detached
  * portable: fix 'portablectl list' to show the actual state for extensions
  * portable: the 'flags' parameter is now used in DetachImageWithExtensions() and ReattachImageWithExtensions()
  * core: serialize reload rate limit
  * core: apply ReloadLimit to reexec too
  * Merge pull request #32010 from bluca/reexec_rate_limit
  * libsystemd0: recommend libgcrypt20
  * autopkgtest: install libgcrypt20-dev for unit-tests and upstream suites
  * Merge pull request #32042 from YHNdnzj/implicit-mounts-for
  * man: document that using sd_journal APIs might cause dlopen to happen
  * man: add self-contained example of notify protocol
  * Merge pull request #32004 from YHNdnzj/umount-new-cycle
  * Merge pull request #32030 from bluca/dlopen_document
  * resolve: avoid reusing 'r' for encoded packet size
  * Merge pull request #32052 from mrc0mmand/even-more-test-tweaks
  * Merge pull request #32055 from mrc0mmand/pre-rc-coccinelle
  * TODO: drop line about bzip2/gzip
  * docs: notify example was moved to sd_notify manpage
  * gcrypt: dlopenify for libsystemd
  * Merge pull request #32057 from yuwata/man-example
  * bpf: actually check for errors when loading symbols
  * dlopen: log debug message when a library is dlopened
  * Merge pull request #32019 from bluca/gcrypt_dlopen
  * Merge pull request #32065 from bluca/dlopen_debug
  * Autopkgtest: add dependency on libkmod-dev to upstream suite
  * Merge pull request #32097 from keszybz/sd-notify-cleanups
  * Merge pull request #32102 from YHNdnzj/efi-var-consistent
  * Switch build-depend form liblz4-tool to lz4
  * Install new hibernate-clear unit
  * Merge pull request #32085 from yuwata/udev-check-processing
  * meson: set -fno-ssa-phiopt when building bpf with gcc
  * Merge pull request #32125 from YHNdnzj/post-merge-stuff
  * Merge pull request #32123 from mrc0mmand/assorted-tweaks
  * initramfs hooks: pull in libkmod manually
  * Merge pull request #32115 from YHNdnzj/service-main-pid-take
  * Merge pull request #31131 from poettering/dlopen-kmod
  * run: query for SoftRebootsCount only for system scope runs
  * Install mountfds and nsresourced files
  * Enable BPF support
  * Merge pull request #32135 from keszybz/compiler-warning-cleanup
  * Merge pull request #26826 from poettering/mntfsd
  * d/rules: vmlinux.h is only available from Trixie
  * test-execute: check for s390x first and duplicate test
  * Merge pull request #32136 from YHNdnzj/nextroot-auto-mountpoint
  * nsresource: fix FD leak
  * Update pkg/debian/ to latest
  * Merge pull request #32140 from YHNdnzj/socket-per-peer-source
  * Merge pull request #32104 from yuwata/network-ndisc-redirect
  * Merge pull request #32154 from DaanDeMeyer/mkosi
  * Merge pull request #32205 from YHNdnzj/bless-boot
  * Merge pull request #32204 from DaanDeMeyer/post-rewrite
  * Merge pull request #32166 from yuwata/network-rfc7217-dad
  * Merge pull request #32195 from yuwata/network-ndisc-mtu
  * Merge pull request #32181 from YHNdnzj/open-file
  * README.md: link bug bounty program
  * Merge pull request #32215 from yuwata/network-ndisc-address-lifetime
  * Merge pull request #32258 from yuwata/network-tc-fix-stack-overflow
  * Merge pull request #32286 from YHNdnzj/vpick-null-result
  * test: initialize _cleanup_ variables
  * core: use usec_sub_unsigned() to subtract deltas
  * analyze: reset more timestamps when analyzing soft reboots
  * man: mention initial value of SoftRebootsCount
  * analyze: show soft-reboot counter next to time deltas
  * Merge pull request #32289 from bluca/counter
  * Install new systemd-udev-load-credentials.service
  * manager: serialize current objective
  * core: rename SoftRebootStartTimestamp -> ShutdownStartTimestamp and generalize
  * Merge pull request #32324 from mrc0mmand/more-website-fixes
  * NEWS: mention GNOME Foundation in contributors list
  * portablectl: add --clean parameter for detaching
  * bash completion: add missing parameters for portablectl
  * systemctl: add --clean= values to documentation and shell completion
  * Merge pull request #32326 from jonathan-conder/man_pam_loadkey
  * Merge pull request #32328 from YHNdnzj/deserialize-objective
  * Merge pull request #32144 from bluca/portable_clean
  * Merge pull request #32121 from CodethinkLabs/basic-mkosi-integration-tests
  * Merge pull request #32292 from yuwata/sd-radv-send-on-stop
  * Merge pull request #32299 from yuwata/network-radv-ignore-rs-from-the-same-interface
  * test: initialize _cleanup_ variables
  * Merge pull request #31978 from nolange/fix_openssl_deprecations
  * Merge pull request #32345 from yuwata/sd-radv-send
  * Merge pull request #32349 from yuwata/sd-event-source-get-inotify-path
  * vpick: add pick_filter_image_any filter that matches both dirs and images
  * portable: support vpick
  * Merge pull request #32251 from CodethinkLabs/vmspawn/docs_improvements
  * Merge pull request #32142 from bluca/portable_vpick
  * NEWS: note that portabled supports vpick too
  * Merge pull request #32346 from yuwata/sd-radv-handle-header-param-gracefully
  * Merge pull request #32276 from yuwata/network-global-use-domains-setting
  * Merge pull request #32359 from poettering/vmspawn-hyperv-enlight
  * NEWS: fix typo
  * Merge pull request #32372 from yuwata/sd-radv-trivial-cleanups
  * Merge pull request #32391 from DaanDeMeyer/optimization
  * Merge pull request #32389 from keszybz/bin-sbin-merge
  * Merge pull request #32347 from yuwata/sd-radv-reachable-time
  * core: add ExecMainHandoverTimestamp property recording time-of-execve
  * NEWS: mention ExecMainHandoverTimestamp
  * NEWS: update contributors list
  * Update hwdb
  * Update autosuspend hwdb
  * Update systemd.pot
  * nspawn: ensure single-process container running as --user can access credentials
  * Update translation files
  * Merge pull request #32396 from YHNdnzj/verb-required
  * Merge pull request #32401 from bluca/chores
  * Install new networkd config file for sd-nsresourced
  * Merge pull request #32413 from yuwata/network-radv-validator
  * mkosi: mask isc-dhcp-server
  * Merge pull request #32434 from poettering/cryptenroll-prefer-var
  * Merge pull request #32437 from keszybz/notify-fixups-split-out
  * man: document service types that record ExecMainHandoverTimestamp
  * New upstream version 255.5
  * Update upstream source from tag 'upstream/255.5'
  * Drop resolve-skip-IP_UNICAST_IF-for-local-sockets.patch, merged upstream
  * Refresh patches for v255.5
  * Bump Standards-Version to 4.7.0, no changes
  * Update changelog for 255.5-1 release
  * ci: remove packages.microsoft.com
  * Merge pull request #32458 from poettering/manager_get_units_for_pidref
  * test: use sd-analyze for kernel version check in TEST-62
  * test: skip testsuite-50.mountnfsd if kernel/polkit are too old
  * Merge pull request #32467 from yuwata/network-radv-cleanup
  * Merge pull request #32474 from poettering/varlink-no-pidfd
  * Merge pull request #32475 from bluca/skip
  * NEWS: update contributors list
  * Update hwdb
  * meson: update version numbers for 256~rc1
  * sd-radv: remove unnecessary check
  * Merge pull request #32488 from bluca/chores
  * NEWS: finalize for v256~rc1
  * d/watch: switch to main repository
  * New upstream version 256~rc1
  * Update upstream source from tag 'upstream/256_rc1'
  * Drop Downgrade-a-couple-of-warnings-to-debug.patch
  * Refresh patches for v256
  * Merge pull request #32494 from arthurzam/bash-importctl
  * NEWS: add back deprecation notices that have not been implemented yet
  * Build depend on libarchive-dev
  * Merge pull request #32498 from DaanDeMeyer/mkosi
  * Merge pull request #32499 from mrc0mmand/docs-fix-method-name
  * test: do not fail if mknod() fails in a build system
  * test: modernize test-dirent-util
  * Install new tools, units and manpages
  * Merge pull request #32505 from mrc0mmand/fix-build-without-importd
  * Merge pull request #32504 from bluca/test_failure
  * Enable bpf and new nsresourced/mountfsd services
  * Backport patch to fix unit test failure in build environment
  * Update libsystemd symbols file
  * Update Lintian overrides
  * Update changelog for 256~rc1-1~exp release
  * Merge pull request #32510 from arthurzam/bash-v256
  * units: add Before=shutdown.target to systemd-networkd-persistent-storage.service
  * Fix spelling errors found by Lintian
  * Merge pull request #32520 from YHNdnzj/sd-daemon-followup
  * Do not install bpftool for upstream CI jobs
  * Backport patch to fix test-build-path on RISC-V/MIPS
  * Backport patch to fix build reproducibility
  * Backport patch to fix BPF build on s390x
  * Update changelog for 256~rc1-1~exp2 release
  * Install new shell completion scripts
  * report-bug: add presubj template to recommend opening functionality bugs upstream first
  * report-bug: include runtime taints
  * meson: define 's390' for 's390x' when building BPF objects
  * meson: copy prefix mapping CFLAGS when building BPF objects
  * Recommend libzstd1 and suggest liblz4-1, liblzma5, libgcrypt20
  * meson: bump libbpf dependency to 1.4.0 when using gcc
  * Merge pull request #32523 from cgzones/inaccessible_label
  * build-path: fix SIGSEGV on RISC-V and MIPS
  * docs: drop outdated documents about os-release and cgroupsv1
  * docs: move information from AUTOPKGTEST.md to test/README.testsuite and delete it
  * Merge pull request #32610 from YHNdnzj/install-have-modification
  * Merge pull request #32613 from arthurzam/bash-v256
  * Merge pull request #32592 from yuwata/journal-timestamp
  * Install new journald-sync unit
  * autopkgtest: install polkitd in upstream suite
  * test: drop --tpm2-public-key= from TEST-70
  * Merge pull request #32588 from CodethinkLabs/mkosi-selinux
  * Build depend on rsync or meson >= 1.3.0 for follow-symlink workaround
  * Change links from freedesktop.org to systemd.io
  * Add dependency on python3-psutil to systemd-tests, needed by networkd test suite
  * doc: mention that units can be masked via credentials
  * Merge pull request #32673 from DaanDeMeyer/mkosi
  * Merge pull request #32635 from poettering/cryptenroll-no-pcrlock-conflict
  * Merge pull request #32677 from keszybz/wording-fixes
  * Merge pull request #32683 from dtardon/fix-error-vars
  * Merge pull request #32684 from YHNdnzj/pr-followups
  * docs: add specification for ELF dlopen metadata
  * Merge pull request #32234 from poettering/dlopen-name-elf-note
  * Merge pull request #32705 from YHNdnzj/hibernate-error
  * Merge pull request #32708 from DaanDeMeyer/fix-race
  * Merge pull request #32709 from bluca/machined_ssh
  * Merge pull request #32717 from keszybz/very-important-fixes
  * Merge pull request #32729 from DaanDeMeyer/kernel-command-line
  * Merge pull request #32694 from weblate/weblate-systemd-main
  * Merge pull request #32689 from YHNdnzj/cred-missing
  * d/t/boot-and-services: drop tmp check
  * Merge pull request #32743 from yuwata/test-network-for-mkosi
  * Merge pull request #32739 from yuwata/vmspawn-journal-forward
  * Merge pull request #32741 from yuwata/network-dhcp4-route-to-dns
  * Merge pull request #32491 from yuwata/journalctl-fix-boot
  * NEWS: update for latest changes
  * Merge pull request #32747 from YHNdnzj/tmpfiles-ret-gather
  * Merge pull request #32755 from yuwata/test-network-cleanups
  * Set SBAT distro URL to tracker.d.o as suggested by EFI team
  * Merge pull request #32758 from yuwata/journal-ratelimit
  * bootctl: fix crash when parsing addon without .cmdline section
  * Drop out-of-tree coredump patch and use config drop-ins instead
  * Drop out-of-tree fsckd daemon patch
  * Drop out-of-tree systemctl scheduled shutdown fallback
  * Drop out-of-tree fsck skip patch and use drop-in instead
  * NEWS: update contributors list
  * Update hwdb
  * Update syscalls table
  * Update translation files
  * tree-wide: 'allows to' -> 'allows one to'
  * d/t/control: explicitly depend on systemd-dev for tests that run pkg-config
  * systemd.postinst: use DPKG_ROOT in one more place
  * Merge pull request #32816 from bluca/chores
  * NEWS: note scheduled shutdown failure case changes
  * Merge pull request #32817 from YHNdnzj/core-varlink
  * Merge pull request #32830 from yuwata/home-skel
  * Finalize for v256~rc2
  * New upstream version 256~rc2
  * Update upstream source from tag 'upstream/256_rc2'
  * Drop patches merged upstream
  * Refresh patches for v256~rc2
  * Install new files from v256~rc2
  * Drop Lintian overrides for false positives that have been fixed
  * NEWS: adjust date to match changelog
  * man: fix typo 'ot' -> 'or'
  * Update changelog for 256~rc2-1 release
  * Merge pull request #32818 from keszybz/libsystemd-network-size-check
  * Merge pull request #32844 from YHNdnzj/mount-defaultdep-followup
  * Merge pull request #32784 from YHNdnzj/release-version
  * Build depend on dh-dlopenlibdeps and dynamically generate dlopen dependencies
  * Mark dh-sequence-dlopenlibdeps as !stage1 !pkg.systemd.upstream
  * Merge pull request #32857 from dtardon/drop-assert
  * Backport patches to fix journald asserts Compress=yes
  * test: add coverate for Compress=yes config option
  * d/systemd.install: use wildcard to pick up container host network files
  * Merge pull request #32863 from YHNdnzj/switch-root-followup
  * CI: add manual workflow to publish pages to fix submodule issue
  * Revert "CI: add manual workflow to publish pages to fix submodule issue"
  * Update changelog for 256~rc2-2 release
  * Explicitly enable systemd-boot only on supported architectures
  * Update changelog for 256~rc2-3 release
  * Bump Breaks on dracut
  * Merge pull request #32914 from yuwata/test-64-storage
  * Merge pull request #32917 from YHNdnzj/ptyfwd-cleanup
  * Merge pull request #32907 from yuwata/image-fix
  * Merge pull request #32915 from yuwata/machine-id-setup
  * semaphore: use variable for Salsa repo URL
  * logind: add one more debug log
  * logind: do not fail creating a session when request is not from a unit
  * Merge pull request #32927 from yuwata/test-network-netdevsim
  * autopkgtest: reboot before logind test
  * Disable D-Bus introspection XML generation with nodoc profile
  * Merge pull request #32934 from bluca/logind_regression_main
  * Merge pull request #32942 from yuwata/test-journal-sync-more
  * autopkgtest: install systemd-dev for upstream suite too
  * pkg/opensuse: switch to SHA1 fork
  * mkosi: explicitly install g++ in opensuse
  * Merge pull request #32954 from YHNdnzj/run-forwarder-exit
  * Merge pull request #32944 from yuwata/test-74
  * btrfs-util: add assert to fix Coverity warning
  * lock-util: do not expect EACCES when it cannot happen
  * test: do not fail network namespace test with permission issues
  * Merge pull request #32975 from yuwata/revert-soft-reboot-reordering
  * Merge pull request #32945 from bluca/lxc_network_test
  * NEWS: update contributors list
  * Update hwdb
  * Update autosuspend hwdb
  * meson: set version to 256~rc3
  * Merge pull request #32986 from bluca/chores
  * NEWS: finalize for v256~rc3
  * New upstream version 256~rc3
  * Update upstream source from tag 'upstream/256_rc3'
  * Drop patches merged upstream
  * Update changelog for 256~rc3-1 release
  * autopkgtest: do not install gdm3 on riscv64 tests
  * Update changelog for 256~rc3-2 release
  * man: mention that NFTSet is only available for system services
  * Merge pull request #32994 from keszybz/kernel-install-parsing
  * Merge pull request #33011 from yuwata/machine-id-setup-follow-ups
  * docs: add note about URL where to find recent Ubuntu CI logs
  * executor: check for all permission related errnos when setting up IPC namespace
  * Merge pull request #33028 from yuwata/blockdev-util
  * Drop /bin/systemd legacy symlink
  * initramfs: call udevadm settle before control --exit to ensure workers have stopped
  * Restore open files limit bump on boot
  * Set default core limit to 0 via PAM for users
  * Cleanup /var/tmp/ and /tmp/ on a timer by default
  * Make /tmp/ a tmpfs by default
  * Drop out-of-tree /run/lock patch and use a mount unit and tmpfiles.d instead.
  * homed: use standalone pam config file instead of pam-auth-config
  * NEWS: note recent changes
  * Update changelog for 256~rc3-3 release
  * Fix version in NEWS entry
  * autopkgtest: take into account compat tmp.conf in tmpfiles.d test
  * Backport patch to fix TEST-64-UDEV-STORAGE autopkgtest
  * Update changelog for 256~rc3-4 release
  * Merge pull request #33052 from yuwata/missing-loop
  * Merge pull request #33063 from keszybz/wiki-links
  * Merge pull request #33057 from poettering/partscan-no-part
  * Merge pull request #33066 from YHNdnzj/logind-linger
  * homed: fixup pam-auth-update file via trigger
  * Update changelog for 256~rc3-5 release
  * bpf: add helper to translate kernel error codes from libbpf
  * NEWS: clarify tmpfiles.d entry
  * Override false positive Lintian warning
  * Merge pull request #33072 from poettering/generator-fixes
  * Merge pull request #33079 from poettering/watchdog-no-disarm
  * Add workaround for links to legacy /usr/share/systemd/tmp.mount placeholder
  * Merge pull request #33101 from DaanDeMeyer/revert
  * Merge pull request #33081 from keszybz/networkctl-formatting
  * Update changelog for 256~rc3-6 release
  * NEWS: note that any leftover file in /tmp/ will be invisible due to the tmpfs
  * Merge pull request #33122 from weblate/weblate-systemd-main
  * NEWS: add note about tmp.mount journal log
  * Merge pull request #33123 from DaanDeMeyer/fix
  * NEWS: add note about custom fstab
  * Add pkg.systemd.noukify profile
  * d/rules: be more robust against non-existing dirs when deleting files
  * meson: add alias targets to group nss and pam modules
  * meson: add static libs to libudev/libsystemd target aliases
  * Install vmspawn shell completion with upstream profile
  * Allow setting GENSYMBOLS_LEVEL from the environment
  * Update changelog for 256~rc3-7 release
  * Merge pull request #33140 from yuwata/test-journal
  * Restart managers on libc-upgrade dpkg trigger
  * Revert "test: Run end.sh when running integration tests with mkosi"
  * journald: enable persistent FD Store to fix logging during soft-reboot
  * LimitCORE: restore default hard limit to infinity
  * test: disable TEST-21-DFUZZER in mkosi, as it is very flacky
  * Merge pull request #33173 from yuwata/test-network
  * Merge pull request #33192 from DaanDeMeyer/packaging
  * Merge pull request #33193 from DaanDeMeyer/fortify
  * Merge pull request #33199 from DaanDeMeyer/optimization
  * cryptsetup: check keyring cache passphrase at least once
  * Merge pull request #33197 from poettering/cryptsetup-fallback-tweak
  * Merge pull request #33198 from keszybz/update-distro-hash
  * util: add keyring_describe helper and move to basic
  * mkosi: do a sparse checkout of debian/ubuntu packaging repo
  * homed: flush fscrypt key on lock/deactivate
  * Merge pull request #33189 from bluca/fscrypt_flush
  * Update hwdb
  * Update syscalls tables
  * NEWS: update contributors
  * Merge pull request #33232 from bluca/chores
  * Update version and finalize NEWS for 256~rc4
  * New upstream version 256~rc4
  * Update upstream source from tag 'upstream/256_rc4'
  * Drop patches merged upstream
  * Build with dlopenlibdeps in the upstream CI too
  * Update changelog for 256~rc4-1 release
  * mkosi: enable noble-backports for ubuntu
  * mkosi: update debian packaging commit id
  * Merge pull request #33237 from bluca/dlopen_deps
  * man: note that templated surviving units need a drop-in for their slice
  * Merge pull request #33241 from DaanDeMeyer/noble
  * NEWS: fix typo
  * mkosi.prepare: do not install build dependencies with NO_BUILD
  * mkosi: update to latest
  * mkosi: install dlopen optional dependencies for debian/ubuntu builds
  * Merge pull request #33264 from bluca/mkosi_dlopen_install
  * Update hwdb
  * Finalize NEWS and version for v256
  * NEWS: add placeholder for 257
  * meson: update version to 257~devel
  * New upstream version 256
  * Update upstream source from tag 'upstream/256'
  * Update changelog for 256-1 release
  * Add templated packages for UEFI Secure Boot signing of systemd-boot
  * Add systemd-standalone-shutdown package for exitrds
  * Add systemd-repart package to reduce dependencies
  * Add systemd-cryptsetup package to reduce dependencies
  * Move sd-sysupdate to systemd-container
  * Move importd manpages to systemd-container, where the binaries are
  * Move systemd-boot/stub manpages to systemd-boot
  * Update changelog for 256-2 release
  * Merge pull request #33284 from yuwata/hwdb-optimize
  * docs: update RELEASE.md to use same repository for stable branches
  * NEWS: note that new stable releases will be in the main repo
  * Merge pull request #33287 from bluca/release_doc
  * Merge pull request #33257 from YHNdnzj/unit-notify-cleanup
  * Merge pull request #33046 from poettering/varlinkctl-quiet
  * Merge pull request #33330 from poettering/copy-tweaks
  * Merge pull request #33334 from poettering/machined-more-pidfd
  * Merge pull request #33325 from poettering/vsock-ret-optional
  * Merge pull request #33329 from poettering/varlink-idl-tweaks
  * Merge pull request #33352 from YHNdnzj/freeconp-void
  * Bump versioned breaks against dracut to 102-2
  * Merge pull request #33364 from YHNdnzj/utf8-modernization
  * Merge pull request #33363 from YHNdnzj/service-serialization-cleanup
  * Merge pull request #33355 from YHNdnzj/shutdown-cad
  * mkosi: enable unprivileged user ns for integration tests
  * mkosi: use ports.ubuntu.com for non-x86 backports
  * mkosi: install EFI packages only on EFI architectures
  * test: check the skip condition before installing additional files
  * test: drop unneeded firmware: uefi setting
  * test: drop obsolete comment
  * test: support TEST_NO_KVM
  * test: support TEST_NO_QEMU in mkosi integration wrapper
  * test: use 'auto' instead of 'uefi' for automated fallback
  * core: do not imply PrivateTmp with DynamicUser, create a private tmpfs instead
  * portable: drop explicit PrivateTmp=yes from profiles
  * CI: disable secure boot in mkosi GHA runs
  * mkosi: bump to latest
  * autopkgtest: switch upstream suite to mkosi-based builds
  * Merge pull request #32559 from poettering/varlink-comments
  * Merge pull request #33374 from YHNdnzj/coverity-fixes-1
  * Merge pull request #33375 from yuwata/trivial-follow-ups
  * Merge pull request #33377 from yuwata/strbuf-cleanups
  * Merge pull request #32724 from bluca/dynamic_user_no_private_tmp
  * Merge pull request #33359 from bluca/test_apparmor_unpriv
  * Merge pull request #33376 from yuwata/strv_sort_uniq
  * Add conflict against sysv-rc, insserv and startpar in systemd-sysv
  * install: allow removing symlinks even for units that are gone
  * Merge pull request #33383 from poettering/tmpfiles-limit-purge
  * mkosi: restrict noble-backports to noble builds
  * Merge pull request #33386 from yuwata/journal-timestamp
  * Merge branch 'debian/experimental' into debian/master
  * New upstream version 256.1
  * Update upstream source from tag 'upstream/256.1'
  * Drop section from binary packages where it matches the source package
  * Override Lintian false positives about spare manpages
  * Deduplicate template packages descriptions
  * Add Lintian override for template package false positives
  * Rename EFI architecture variable to avoid dpkg clash
  * Update changelog for 256.1-1 release
  * mkosi: install new split-out systemd packages
  * mkosi: bump Debian Salsa commit to latest
  * Bump breaks/replaces to conflicts for DEP17
  * Merge pull request #33452 from bluca/repart_pkg
  * autopkgtest: add dependency on libcryptsetup-dev in unit-tests suite
  * Update changelog for 256.1-2 release
  * Merge pull request #33000 from poettering/ssh-proxy-machine
  * Merge pull request #33042 from poettering/machined-unpriv
  * Merge pull request #33454 from YHNdnzj/user-service-working-dir-relax
  * mkosi: add support for TEST_SAVE_JOURNAL to integration test wrapper
  * Merge pull request #33450 from yuwata/network-ndisc-do-not-override-static-routes
  * Merge pull request #33451 from yuwata/core-exec-use-write
  * d/not-installed: fix shutdown.standalone path
  * mkosi: bump to latest commit
  * mkosi: use new standalone-shutdown package for debian's exitrd
  * mkosi: switch opensuse to devel branch
  * Merge pull request #33495 from bluca/mkosi_update
  * Merge pull request #33338 from ml-/specifiers
  * Merge pull request #33491 from keszybz/allow-interactive-auth-in-inhibit
  * Merge pull request #33502 from DaanDeMeyer/opensuse
  * docs: fix dead link to GNOME documentation
  * Install new systemd-import generator
  * Merge pull request #33516 from poettering/more-stub-tweaks
  * core: deduplicate identical dm-verity ExtensionImages=
  * TODO: add note about DDI deduplication
  * Merge pull request #33202 from bluca/extension_dedup
  * Merge pull request #33517 from keszybz/a-few-unrelated-cleanups
  * Merge pull request #33518 from DaanDeMeyer/aarch64
  * Merge pull request #33536 from teknoraver/hashmap_ensure_replace
  * Merge pull request #30360 from keszybz/nscd-drop
  * Merge pull request #33544 from DaanDeMeyer/sector-size
  * autopkgtest: skip qemu tests on arm64
  * core: try again bind mounting if the destination was already created
  * Add recommends on linux-sysctl-defaults
  * mkosi: update debian commit reference
  * Merge pull request #33523 from neighbourhoodie/fix/dns-opt-extended-rcode
  * Merge pull request #33560 from YHNdnzj/trivial-cleanup-2
  * Merge pull request #33496 from YHNdnzj/fd-is-mount-symlink
  * Merge pull request #33577 from fbuihuu/testsuite-tweaks-for-v256-on-SUSE
  * coredump: correctly take tmpfs size into account for compression
  * Merge pull request #33575 from YHNdnzj/soft-reboot-system-manager-only
  * mkosi: remove conflicting deb packages from builddir
  * initramfs-tools: copy network drop-ins too
  * Merge pull request #33608 from DaanDeMeyer/hacking
  * Install zsh completion for run0
  * test: skip TEST-69-SHUTDOWN on Debian
  * os-util: avoid matching on the wrong extension-release file
  * Merge pull request #33567 from poettering/boot-fixlets
  * sysusers: handle NSS errors gracefully
  * README: update requirements for signed dm-verity
  * Merge pull request #33629 from YHNdnzj/labeler-no-stable
  * d/e/checkout-upstream: fix shellcheck warnings
  * d/e/checkout-upstream: do not fail if rebase fails
  * d/e/checkout-upstream: switch packaging branch on upstream stable PRs
  * mkosi: use apt pinning for locally built debian/ubuntu packages
  * New upstream version 256.2
  * Update upstream source from tag 'upstream/256.2'
  * Install run0 zsh completion file
  * Update changelog for 256.2-1 release
  * mkosi: policykit-1 was renamed to polkitd
  * fsck: do not pull down mount units on soft-reboot
  * test: install split-out sshd-session binary if present
  * Drop /etc/sysctl.d/99-sysctl.conf symlink
  * Merge pull request #33711 from dtardon/masked-unit-NeedDaemonReload
  * gpt: add more architecture aliases
  * id128: add 'var-partition-uuid' verb
  * mkosi: update debian commit reference
  * polkit: map POLKIT_ALWAYS_QUERY to new polkit flag
  * polkit: fix typo in enum name
  * Merge pull request #33767 from keszybz/test-ukify-nicer
  * Merge pull request #33773 from kovalev0/fix_aquarius_cmp_ns483_keyb_and_sensor
  * Merge pull request #33770 from bluca/polkit-root
  * Merge pull request #33591 from teknoraver/o_path
  * Install valrinkctl zsh completion file
  * autopkgtest: add allow-stderr to timedated test
  * Merge pull request #33790 from YHNdnzj/run-exec-flags
  * autopkgtest: set Release= in mkosi.local.conf to distinguish testing vs unstable
  * Drop out-of-tree localed patch and use D-Bus policy instead
  * test: override blocking localed policy in TEST-73-LOCALE
  * Merge pull request #33443 from YHNdnzj/oneshot-destroy-cred
  * Merge pull request #33432 from gregorHerburger/add_IFLA_BR_FDB_MAX_LEARNED_support
  * Merge pull request #33597 from keszybz/fetch-distro
  * Merge pull request #33791 from YHNdnzj/sd-notify-pidref
  * Merge pull request #33804 from keszybz/assorted-cleanups
  * Merge pull request #33524 from neighbourhoodie/tests/dns-packet
  * Merge pull request #33525 from neighbourhoodie/tests/dns-rr
  * Merge pull request #33526 from neighbourhoodie/tests/dns-question
  * Merge pull request #33528 from neighbourhoodie/tests/dns-answer
  * Merge pull request #33529 from neighbourhoodie/tests/dns-link
  * Merge pull request #33530 from neighbourhoodie/tests/dns-search-domain
  * Merge pull request #33531 from neighbourhoodie/tests/dns-zone
  * Merge pull request #33533 from neighbourhoodie/tests/dns-synthesize
  * Merge pull request #33534 from neighbourhoodie/tests/dns-query
  * Merge pull request #33535 from neighbourhoodie/tests/dns-cache
  * Merge pull request #33809 from YHNdnzj/pidref-namespace
  * Merge pull request #33810 from YHNdnzj/find-executable-simplify
  * Configure default DNS servers for upstream CI builds
  * Merge pull request #33823 from YHNdnzj/varlink-deserialize-again
  * mkosi: update debian commit reference
  * New upstream version 256.4
  * Update upstream source from tag 'upstream/256.4'
  * Install varlinkctl zsh completion file
  * Drop last patch, all merged upstream
  * Fix D-Bus policy for locale1 blocking
  * Update changelog for 256.4-1 release
  * test: fix D-Bus policy override for TEST-73-LOCALE
  * autopkgtest: allow localectl in localed tests
  * mkosi: update debian commit reference
  * Merge pull request #33727 from intelfx/work/analyze-capability-masks
  * logind: always check for inhibitor locks
  * NEWS: mention logind inhibitors change
  * Update changelog for 256.4-2 release
  * Merge pull request #33840 from bluca/test_locale_dbus
  * shell completion: add support for sd-analyze capability --mask
  * Merge pull request #33825 from DaanDeMeyer/chattr
  * Merge pull request #33842 from DaanDeMeyer/test
  * Merge pull request #27855 from Werkov/test-delegate-useraddfixup
  * Merge pull request #33848 from weblate/weblate-systemd-main
  * Merge pull request #33853 from NickCao/l3mdev
  * stub: allocate and zero enough space in legacy x86 handover protocol
  * efi: fix link to legacy EFI handover protocol
  * Drop redundant pot build
  * Use debian/clean instead of override in d/rules
  * Merge pull request #32937 from steelman/github/drop-ambient-caps-executor
  * Stop shipping empty /etc/init.d directory
  * Use d/not-installed instead of manual removals
  * Stop installing legaly pkla file in upstream CI too
  * autopkgtest: run upstream test last
  * Merge pull request #32988 from AdrianVovk/os-release-prerelease
  * Merge pull request #33893 from yuwata/coverity
  * os-release: change RELEASE_TYPE value from 'pre-release' to 'development'
  * os-release: break RELEASE_TYPE into paragraphs and clarify about rolling stable releases
  * Merge pull request #33904 from bluca/os_release_type
  * base-filesystem: do not attempt to create a /lib64 -> /usr/lib/<tuple> symlink
  * Merge pull request #33930 from yuwata/update-syscall-tables-and-linux-headers
  * Merge pull request #33918 from YHNdnzj/exec-cred-cleanup
  * Merge pull request #33944 from yuwata/journal-max-retention-sec
  * Merge pull request #33939 from yuwata/resolve-varlink
  * logind: add PreparingForShutdownWithMetadata property
  * nspawn: fix settings leak for init parameter
  * busctl: add support for --timeout to monitor verb
  * test: note in README how to get full list of Ubuntu CI jobs
  * busctl: add --num-matches= for monitor verb
  * Merge pull request #33961 from bluca/busctl_exit
  * autopkgtest: use hint-testsuite-triggers to ensure other packages changes trigger our testsuite
  * Depend on new linux-bpf-dev package where available
  * Update changelog for 256.4-3 release
  * mkosi: update debian commit reference
  * Merge pull request #33979 from YHNdnzj/edit-util-no-duplicate-strip
  * Merge pull request #33957 from yuwata/network-generator-vlan
  * Merge pull request #33991 from DaanDeMeyer/manager-json-split
  * test: add TEST_SKIP to mkosi integration test wrapper
  * d/e/checkout-upstream: do not rebase on main when building stable branches
  * d/e/checkout-upstream: undo quilt patches before switching debian branch
  * New upstream version 256.5
  * Update upstream source from tag 'upstream/256.5'
  * Drop patch merged upstream
  * autopkgtest: skip TEST-64-UDEV-STORAGE due to qemu crash
  * Update changelog for 256.5-1 release
  * Merge pull request #34021 from yuwata/network-routing-policy-rule
  * Merge pull request #34014 from yuwata/network-ip-masquerade
  * Merge pull request #34009 from yuwata/network-resolve-polkit
  * Merge pull request #34049 from yuwata/network-routing-policy-rule
  * Merge pull request #34117 from yuwata/network-routing-policy-rule
  * Merge pull request #34114 from yuwata/resolvconf-p
  * service: add 'debug' option to RestartMode=
  * Install new sd-sysupdated files in systemd-container
  * mkosi: use util-linux's autologin
  * TODO: add note about live mounting via pinned namespace fd
  * Merge pull request #34142 from DaanDeMeyer/update-distributions
  * test: mount ld.so.cache in minimal nspawn container if present
  * core: do BindMount/MountImage operations in async control process
  * mkosi: update debian commit reference
  * Merge pull request #34213 from yuwata/network-route-fix-weight
  * d/t/upstream: do not pass /var/cache/apt/archives to PackageDirectories
  * Disable utmp support, replaced by wtmpdb
  * Update changelog for 256.5-2 release
  * portable: ensure PORTABLE_FORCE_ATTACH works even when there is a leftover unit
  * Re-enable utmp support, tmux's autopkgtests require it
  * New upstream version 256.6
  * Update upstream source from tag 'upstream/256.6'
  * Note systemd-cryptsetup package split in NEWS
  * Update changelog for 256.6-1 release
  * doc-sync: strip point release from version before uploading
  * test: fix TEST_SKIP for test cases with subtests
  * Install new shell credentials snippets
  * Merge pull request #34390 from poettering/bus-process-man-tweak
  * Install new org.freedesktop.timesync1 manpage
  * Install new sd-stub tmpfiles.d
  * Use dh-exec for d/systemd-timesyncd.manpages
  * mkosi: update debian commit reference
  * logind: drop new delay-weak inhibitor
  * systemctl: keep ignoring sessions on shutdown as root
  * Merge pull request #34402 from keszybz/notes-readme
  * core: do not fail if ignorable img.v/ vpick dir is empty
  * test: split TEST-29-PORTABLE in subtests
  * test: fix ASAN options in TEST-29-PORTABLE
  * autopkgtest: skip gdm3 on armel for smoke tests
  * core: load IPE policy on boot
  * Merge pull request #34600 from poettering/varlink-idl-add-flags-everywhere
  * Merge pull request #34590 from poettering/file-hier-removals
  * Merge pull request #34610 from poettering/exec-start-single-line
  * man: consolidate list of active unit states into a shared table
  * Merge pull request #34644 from yuwata/udev-node-diskseq
  * Semaphore: switch from /tmp to /var/tmp to avoid disk space issues
  * Install kernel-install uki.conf example
  * Upstream profile: skip dh_strip_nondeterminism
  * mkosi: update debian commit reference
  * semaphore: stop building and running extra unit tests
  * semaphore: do not build docs
  * mkosi: mark test as skipped when QEMU crashes
  * Merge pull request #34678 from kalrish/documentation-fixes
  * New upstream version 256.7
  * Update upstream source from tag 'upstream/256.7'
  * Mark dependencies on clang and bpftool as :native
  * Revert "autopkgtest: skip TEST-64-UDEV-STORAGE due to qemu crash"
  * Update changelog for 256.7-1 release
  * Merge pull request #34672 from yuwata/timestamp
  * Merge pull request #34674 from yuwata/reallocarray
  * Merge pull request #34675 from poettering/dupfd-query
  * systemd-boot: depend on systemd for kernel-install
  * Merge pull request #34749 from yuwata/network-address-parse-broadcast
  * core: do not fail if ignorable img.v/ vpick dir is missing
  * core: one more Mount -> LiveMount rename
  * Merge pull request #34791 from poettering/live-mount-tweak
  * Fix maybe-uninitialized warnings with gcc 14.2
  * Disable utmp support, not y2038 safe
  * mkosi: update opensuse commit reference and switch branch
  * test: customize /etc/os-release instead of /usr/lib/os-release
  * Backport fixes for upstream autopkgtest suite
  * Update changelog for 256.7-2 release
  * mkosi: update opensuse commit reference
  * test: CET/EET are deprecated, use Europe/Berlin and Kyiv
  * Backport patch to fix test failures with tzdata 2024b-1
  * Do not mask systemd-gpt-auto-generator in upstream CI builds
  * logind: allow read/write to char-hvc devices
  * mkosi: update debian commit reference
  * Install sysupdate.feature manpage
  * systemd-boot: provide integration with shim
  * busctl: various bugfixes + tweaks (#34928)
  * sysusers: optionally create fully locked accounts (#34876)
  * coredump: AccessContainer= bunch of followups (#34333)
  * logind: add BlockWeakInhibited property
  * Rework sysupdate meson options (#34832)
  * core: add read-only flag for exec directories
  * network: update tunnel or vxlan with Local=dhcp4 and friends (#34957)
  * Homed update policy: user changing own settings (#31153)
  * tweaks to ANSI sequence (OSC) handling (#34964)
  * util-lib/systemd-run: implement race-free PTY peer opening (#34953)
  * Update NEWS
  * coredump: lock down EnterNamespace= mount even more (#34975)
  * hwdb: update for v257 (#34976)
  * logind: respect SD_LOGIND_ROOT_CHECK_INHIBITORS with weak blockers
  * logind: ensure the stronger inhibitor currently in place is taken into account
  * resolve: remove always-true superflous check and rename label
  * Update changelog for 256.7-3 release
  * logind: respect SD_LOGIND_ROOT_CHECK_INHIBITORS with weak blockers (#34969)
  * Add support for id-mapped mounts to Exec directories (#34078)
  * machine: introduce io.systemd.MachineImage.{Clone, Remove} methods (#34853)
  * user-record: add missing comma to list of strings
  * network: cleanups for IPv4LL (#34995)
  * network: refuse new requests on stop (#35004)
  * test: fix tool name in comment
  * test: set nullglob to avoid failure when building without sd-boot
  * ci: add coverage for builds without sd-boot
  * ci: add coverage for builds without sd-boot (#35016)
  * sd-daemon: some tweaks (#35011)
  * Add PrivatePIDs= (continued) (#34940)
  * test: delete /swapfile after swapoff
  * machine: introduce io.systemd.Machine.Open method (#34867)
  * introduce report_errno_and_exit() helper (#35028)
  * Update hwdb
  * Update translations
  * Grammar and formatting for DeviceTree docs (#35050)
  * Update NEWS for recent PRs
  * Update hwdb and translations (#35048)
  * NEWS: add note about sd-sbsign
  * NEWS: update list of contributors
  * NEWS: finalize
  * meson: update version numbers for 257~rc1
  * gbp.conf: enable signing tags by default
  * gbp.conf: switch upstream branch to full upstream history
  * New upstream version 257~rc1
  * Update upstream source from tag 'upstream/257_rc1'
  * Drop all patches, merged upstream
  * man: fix syntax error in systemd-sbsign.xml
  * man: run update-man-rules
  * docs: remove 'v' prefix from meson.version
  * docs: add reminder to run update-man-rules before tagging a release
  * docs: fix sbsign manpage syntax and add to list, update release instructions (#35055)
  * Install new files
  * gbp.conf: use --first-parent for dch to avoid upstream commits
  * List new libsystemd0 symbols
  * Ignore Lintian warning dh-exec-script-without-dh-exec-features
  * d/copyright: remove pattern for directory that is no longer present
  * Update changelog for 257~rc1-1 release
  * Backport patch to fix unit test failure on buildd
  * Update changelog for 257~rc1-2 release
  * test: fix assertion on build system
  * man: fix typos flagged by Lintian
  * Backport another patch to fix test failure on buildd
  * Update changelog for 257~rc1-3 release
  * Backport patch to fix TEST-07-PID1 integration test
  * Update changelog for 257~rc1-4 release
  * sysupdate: Bug fixes for target enumeration (#35052)
  * network: further rework for reconfiguring interfaces (#35059)
  * network/ndisc: fix removal of unnecessary routes (#35128)
  * Install new sd-keyutil binary in sd-repart package
  * fetch-distro: use git log --first-parent
  * mkosi: update debian commit reference
  * network/netdev: follow-ups for reloading .netdev files (#34979)
  * d/t/control: add more packages to dummy hint-testsuite-triggers
  * ukify: Support building UKIs with .dtbauto and .hwids sections (#34158)
  * test: skip TEST-84-STORAGETM if running with bugged libnvme
  * Update hwdb
  * NEWS: systemd-keyutil, --certificate-source, --certificate-provider
  * NEWS: update contributors list
  * NEWS: update date
  * meson: update version
  * New upstream version 257~rc2
  * Update upstream source from tag 'upstream/257_rc2'
  * Drop all patches, merged upstream
  * Install new systemd-keyutil binary in the systemd-repart package
  * systemd-ukify: downgrade dependency on systemd, not mandatory
  * systemd-ukify: recommend systemd-repart
  * d/rules: adjust blhc override to account for source files being moved
  * Update lintian override to ignore false positive typos
  * Update changelog for 257~rc2-1 release
  * Backport patch to fix FTBFS due to failing unit test
  * Update changelog for 257~rc2-2 release
  * Backport patch to remove faulty unit test assertion
  * Update changelog for 257~rc2-3 release
  * mkosi: Update packaging specs (#35196)
  * systemd-ukfy: recommend systemd-boot-efi for the stub
  * Increase minimum sections in stub PE header on arm64/armhf/riscv64 to 500
  * network/ndisc: process zero lifetime options at first (#35212)
  * units: add initrd directory to list of conditions for systemd-confext
  * network: update state files before replying bus method (#35255)
  * cgroup-util: fix memory leak on error
  * man: split cryptenroll man page into sections (#35297)
  * detect-virt: check the inode number of the pid namespace
  * Various mkosi and integration test fixes (#35336)
  * test: mask tmpfiles.d file shipped by selinux policy package in containers
  * man: assorted fixes (#35326)
  * Revert "man: use MIT-0 license for example codes in daemon(7)"
  * cryptsetup: convert pkcs11/fido2 to iovec for key handling
  * machine: increase timeouts in attempt to fix #35115 (#35117)
  * bootspec fixups (#34959)
  * NEWS: update contributors list
  * hwdb: update
  * po: update translations
  * Bump version in tzdata dependency due to p-u upload
  * nsresourced: log about correct errno (#35386)
  * autopkgtest: fix one more tzdata dependency
  * Chores for RC3 (#35383)
  * TEST-67-INTEGRITY: several fixes (#35366)
  * NEWS: update date
  * meson: update version
  * New upstream version 257~rc3
  * Update upstream source from tag 'upstream/257_rc3'
  * Drop patches, merged upstream
  * Update symbols for 257~rc3
  * Update changelog for 257~rc3-1 release
  * sysupdate: add missing full stop in the polkit message (#35391)
  * Another tweak for the preparation of removal of sysvinit compat (#35414)
  * mkosi: extend DefaultTimeoutStopSec= when running on sanitizers (#35420)
  * kernel-install: remove .extra.d/ directory too
  * confext: add initrd-specific unit
  * sysext: add initrd-specific unit
  * pid1: assume user namespaces are unavailable if we get -EINVAL from clone (#35440)
  * More test coverage (#35451)
  * mkosi: disable Fedora specific drop-in config when running with sanitizers (#35460)
  * Use nicer syntax in two places in CI (#35455)
  * mkosi: update opensuse packaging commit due to force push
  * mkosi: install util-linux-script in F42 too
  * More assert macros (#35471)
  * test: use mkdir -p in TEST-25-IMPORT
  * Cryptenroll pager and tweaks (#35517)
  * test: add TEST_SKIP_SUBTESTS/TEST_SKIP_TESTCASES
  * test: skip TEST-13-NSPAWN.nspawn/machined, TEST-86-MULTI-PROFILE-UKI and TEST-07-PID1.private-pids.sh
  * Update hwdb
  * NEWS: update list of contributors
  * sd-varlink: add function to configure server object info (#35519)
  * Chores for v257 (#35525)
  * Finalize NEWS and meson.version for v257
  * meson: update version to 258~devel
  * NEWS: add placeholder for v258
  * Revert "test: skip TEST-13-NSPAWN.nspawn/machined, TEST-86-MULTI-PROFILE-UKI and TEST-07-PID1.private-pids.sh"
  * Create CNAME
  * New upstream version 257
  * Update upstream source from tag 'upstream/257'
  * Update symbols file for v257
  * Update changelog for 257-1 release
  * Define flags for manager_is_inhibited() (#35253)
  * test-capability: CAP_LINUX_IMMUTABLE is not available in unprivileged containers
  * test-fd-util: skip test when lacking privileges to create a new namespace
  * test-fd-util: compare FDs to /bin/sh instead of /dev/null
  * analyze: add --mask to --help text (#35548)
  * mkosi: use inetutils package instead of hostname for Archlinux
  * Fix unit tests in unprivileged docker container (#35556)
  * Backport patches to fix test failures
  * Update changelog for 257-2 release
  * semaphore: skip some tests
  * shell completion: add systemd-creds
  * core: fix loading verity settings for MountImages=
  * test: add more coverage for extensions and verity
  * test: fix flaky boot-and-services test
  * Export two more functions, and update symbol tests (#35578)
  * gpt-auto: take timeout opts in rootflags= into account; hibernate-resume: always respect user-defined timeout (#35518)
  * network: several cleanups (#35267)
  * core: fix loading verity settings for MountImages= (#35577)
  * test: fix flaky boot-and-services test
  * Install systemd-creds bash completion
  * Install 81-net-bridge.rules
  * test-capability: CAP_LINUX_IMMUTABLE is not available in unprivileged containers
  * test-fd-util: skip test when lacking privileges to create a new namespace
  * test-fd-util: compare FDs to /bin/sh instead of /dev/null
  * mkosi: use inetutils package instead of hostname for Archlinux
  * semaphore: skip some tests
  * shell completion: add systemd-creds
  * core: fix loading verity settings for MountImages=
  * test: add more coverage for extensions and verity
  * meson.version: change to 257.1
  * units: use PrivateTmp=disconnected instead of 'yes' if DefaultDependencies=no
  * battery-check: parse options before checking for kernel command line
  * test-loop-block: return -77 on skip in more places
  * mkosi: update debian commit reference
  * shell-completion: add smbios11 verb to systemd-analyze
  * core: Add PrivateUsers=full (#35183)
  * journalctl: make --setup-keys honor --output=json and --quiet (#35507)
  * semaphore: bump timeout
  * Revert "semaphore: skip some tests"
  * semaphore: bump timeout (#35610)
  * d/t/upstream: fix mkosi syntax warnings
  * TEST-07-PID1: fixlets for running with sanitizers (#35616)
  * mkosi: fix section for WithNetwork=
  * udev: move several definitions (#35613)
  * test: include MAINPID in notify message in TEST-50-DISSECT for notify socket
  * mkosi: temporarily disable panic_on_warn
  * d/t/control: move tests-in-lxd above upstream suite
  * units: use PrivateTmp=disconnected instead of 'yes' if DefaultDependencies=no
  * battery-check: parse options before checking for kernel command line
  * test-loop-block: return -77 on skip in more places
  * mkosi: update debian commit reference
  * shell-completion: add smbios11 verb to systemd-analyze
  * semaphore: bump timeout
  * Revert "semaphore: skip some tests"
  * mkosi: fix section for WithNetwork=
  * mkosi: temporarily disable panic_on_warn
  * mkosi: switch debian/ubuntu to ci/v257-stable branch
  * semaphore: switch debian/ubuntu to ci/v257-stable branch
  * Revert "terminal-util: unify code that resets /dev/console in common helper"
  * systemd-ukify: recommend python3-cryptography
  * Minor fixes in man pages, example scripts, error log (#35683)
  * d/watch: restrict to v257.x series
  * New upstream version 257.1
  * Update upstream source from tag 'upstream/257.1'
  * Drop patches, merged upstream
  * Install systemd-creds bash completion
  * Update changelog for 257.1-1 release
  * d/t/tests-in-lxd: workaround broken os-release in sid
  * d/t/tests-in-lxd: quote variables to fix shellcheck warning
  * d/t/tests-in-lxd: set -x to get more logs
  * d/t/tests-in-lxd: do not fail if /etc/apt/sources.list.d/autopkgtest.list does not exist
  * d/t/tests-in-lxd: prefer $AUTOPKGTEST_TMP to manual discovery
  * d/t/tests-in-lxd: use a single autopkgtest invocation
  * Update changelog for 257.1-2 release
  * d/t/upstream: disable ToolsTree= in mkosi config
  * autopkgtest: mark tests-in-lxd as flaky
  * Update changelog for 257.1-3 release
  * d/t/upstream: decrease parallelism to nproc - 1
  * d/t/upstream: do not use nspawn for tests
  * d/t/upstream: disable homed/userdbd in the test runner
  * d/t/upstream: mask systemd-machined
  * test: answer 2nd mdadm --create question for compat with new version
  * Backport patch to workaround issue in new mdadm
  * Update changelog for 257.1-4 release
  * d/t/tests-in-lxd: install auto-apt-proxy in the nested container
  * tree-wide: add missing header for glibc < 2.34 (#35756)
  * d/t/tests-in-lxd: auto-apt-proxy is in universe in Ubuntu
  * d/t/upstream: do not use --verbose with 'meson test'
  * mkosi: update opensuse spec repo commit
  * d/t/upstream: do not mask machined and instead use mkosi workaround
  * d/t/upstream: switch from btrfs to ext4 and use nspawn again
  * Update changelog for 257.1-5 release
  * d/t/tests-in-lxd: drop auto-apt-proxy.conf from container
  * d/t/upstream: update mkosi setting name
  * creds: fix use-after-free in varlink interface
  * Drop build dependency on libxen-dev on armhf, no longer available
  * mkosi: switch to github mirror of openSUSE sources from build.opensuse.org (#35789)
  * bash-completion/journalctl: list user units when --user is already specified (#35799)
  * Two doc updates (#35810)
  * test: update README's Ubuntu CI section for mkosi changes
  * resolved: stop mdns/lnrr when config changes to disabled on reload
  * Update changelog for 257.1-6 release
  * Install new files for upstream CI
  * Add missing d/copyright file to signed template packages
  * d/t/tests-in-lxd: more fixes for debci compatibility
  * Update changelog for 257.1-7 release
  * Install new files for upstream CI
  * mkosi: update debian commit reference
  * Install new files for upstream CI
  * d/rules: drop duplicated config flag
  * mkosi: update debian commit reference
  * sd-device: fix validation for devices under /sys/firmware/ in sd_device_new_from_subsystem_sysname() (#35863)
  * CI: add OBS workflow integration to build packages on push to main
  * d/rules: support building in OBS from git
  * Two fmf fixes (#35879)
  * tree-wide: drop references to CentoS/RHEL 7 and 8 (#35881)
  * core: fix assert when AddDependencyUnitFiles is called with invalid parameter
  * test: add test case for AddDependencyUnitFiles assert
  * obs: also trigger Fedora package builds
  * mkosi: update opensuse spec repo commit
  * test: update README's Ubuntu CI section for mkosi changes
  * core: fix assert when AddDependencyUnitFiles is called with invalid parameter
  * resolved: stop mdns/lnrr when config changes to disabled on reload
  * creds: fix use-after-free in varlink interface
  * test: answer 2nd mdadm --create question for compat with new version
  * CI: add OBS workflow integration to build packages on push to main
  * obs: also trigger Fedora package builds
  * meson: bump version to 257.2
  * New upstream version 257.2
  * Install new files for upstream CI
  * Update upstream source from tag 'upstream/257.2'
  * Drop all patches, merged upstream
  * Update changelog for 257.2-1 release
  * Stop installing some markdown docs/ files
  * Enable libseccomp on loong64 and hppa
  * Enable UEFI on loong64
  * Do not install sd-resolved and drop breaks-testbed from fast tests
  * d/t/control: remove 'flaky' from tests-in-lxd
  * meson: add install tags for udev and hwdb
  * stub: drop PE sections parsing cap
  * README: add OBS status icon and link to instructions to add bleeding edge repo
  * d/t/upstream: take into account autopkgtest pinning
  * Build template packages for pkg.systemd.upstream profile, for OBS builds
  * signing template: fix Lintian warnings and errors
  * Install jq for pkg.systemd.upstream too since the template packages are now built
  * Link systemctl against libsystemd-shared
  * udev: link to libsystemd-shared when building with noudeb profile
  * Set SBAT info for upstream build
  * meson: add udev/hwdb build aliases
  * OBS: build Fedora/Debian/Ubuntu x86_64 packages on PRs
  * Revert "OBS: build Fedora/Debian/Ubuntu x86_64 packages on PRs"
  * signing template: always set urgency to 'high'
  * test: add link to Ubuntu autopkgtest status page in README
  * Drop udeb packages
  * Update changelog for 257.2-2 release
  * tree-wide: switch various uses of mkdtemp() over to mkdtemp_malloc() (#36057)
  * linter: run ruff format --diff so that the needed changes are actually printed
  * ukify: pass through --json to systemd-measure
  * ukify: print debug/progress messages to stderr
  * signing template: add override for executable-not-elf-or-script
  * nspawn: downgrade log message about usrquota to debug
  * ukify: print debug/progress messages to stderr and pass through --json to systemd-measure (#36081)
  * measure: add policy-digest verb
  * ukify: add --policy-digest option
  * OBS: switch to new top-level namespace
  * docs: mention packages in HACKING.md
  * OBS: switch to new top-level namespace (#36121)
  * udev-dump: also show written sysfs attributes and sysctl entries (#36091)
  * libsystemd-dev/libudev-dev: depend on libcap-dev
  * mkosi: switch rootfs to ext4
  * systemd-boot: use boot entry argument instead of installing as grub.efi on ESP
  * systemd-boot: always check that the boot entry is set, even with Shim is already installed
  * pkg-config: add Requires.private: libcap
  * libudev1: add udeb back to shlibs
  * Update changelog for 257.2-3 release
  * test: split VM-only subtests from TEST-74-AUX-UTILS to new VM-only test
  * mkosi: update debian commit reference
  * man: fix reference to non-existing ukify parameter
  * ukify: add loongarch64 to --efi-arch
  * ukify: add riscv32 to --efi-arch
  * tools: add loongarch64 to debug-sd-boot script
  * resolved: do not disable mdns/llmnr globally if it's enabled on any link (#36158)
  * d/t/control: depend on debian-archive-keyring and ubuntu-keyring
  * stub: drop PE sections parsing cap
  * man: fix reference to non-existing ukify parameter
  * ukify: add loongarch64 to --efi-arch
  * ukify: add riscv32 to --efi-arch
  * tools: add loongarch64 to debug-sd-boot script
  * d/t/control: do not pull in gdm3 on loong64
  * mkosi: add loongarch64 to Debian's list of EFI arches
  * core: add trigger to path unit debug log
  * test: install stub package for test-ukify unit test
  * test: use local stub if available in test-ukify
  * test: support slow test-ukify on Debian/Ubuntu
  * wait-online: add initial support for waiting for DNS (#34640)
  * Minor fixes for ukify tests (#36197)
  * pe: do not warn about .initrd addons
  * cryptenroll/repart/creds: no longer default to binding against literal PCR 7 (#36200)
  * Install new udev rule for hidraw
  * kernel-install: install addons in 90-uki-copy.install if they are present
  * network/route: improve Gateway=_dhcp4 handling (#36183)
  * homectl: fix typos in help text (#36279)
  * mkosi: extend util-linux-script config drop-in to F43
  * systemd-boot: warn if efibootmgr is not installed
  * systemd-boot: fix creating bootvar on arm64
  * systemd-boot: check that bootvar really points to sd-boot
  * ukify: add --pcrsig and --join-pcrsig arguments to append offline signature
  * ukify: do not fail if pefile complains about hardcoded 256MB limit
  * ukify: add --pcrsig and --join-pcrsig arguments to append offline signature (#36181)
  * network: allow to configure routing policy rule even if requesting interface is not activated yet (#36257)
  * mkosi: add loongarch64 to Debian's list of EFI arches
  * core: add trigger to path unit debug log
  * test: install stub package for test-ukify unit test
  * test: use local stub if available in test-ukify
  * test: support slow test-ukify on Debian/Ubuntu
  * pe: do not warn about .initrd addons
  * mkosi: extend util-linux-script config drop-in to F43
  * hwdb: update to main@{2025-02-07}
  * repart: do not fail if no key/cert provided and verity-sig is deferred
  * ukify: add --pcr-certificate= parameter
  * Drop fallback for missing linux-bpf-dev package
  * d/rules: adjust vmlinux.h path for Ubuntu
  * ukify: do not fail if pefile complains about hardcoded 256MB limit
  * ukify: print debug/progress messages to stderr
  * ukify: depend on python3-zstandard and recommend python3-lz4
  * New upstream version 257.3
  * Update upstream source from tag 'upstream/257.3'
  * autopkgtest: fix mkosi config section
  * Update changelog for 257.3-1 release
  * varlink idl fixes (#36376)
  * ukify: switch from zstd to zstandard
  * ukify: fix zboot parsing with zstd
  * ukify: if the specified kernel is not a valid PE file try to decompress it
  * ukify: do not insist on a stub being available when joining pcrsigs
  * Set tty device node mode to 0600
  * mkosi: Fix mkosi.clangd (#36387)
  * README: fix broken link in OBS badge
  * journal-remote: several follow-ups for compression support, and trivial cleanups (#36334)
  * d/rules: ignore more blhc false positives
  * dissect: fix log_debug_errno assert due to r=0
  * mkosi: update debian commit reference
  * systemd-resolved: recommend libidn2-0
  * ukify: print all remaining log-like output to stderr
  * README: add note about out-of-tree patches being forbidden
  * dissect: add helper functions to use VeritySettings in hash/set
  * systemd-sysv: add Protected: yes
  * shell completion: add kernel-identify/inspect verbs for bootctl
  * network: drop old kernel support (#36402)
  * obs: trigger systemd-suse instead of systemd-fedora
  * repart: add parameter to attach offline verity signatures
  * repart: add parameter to attach offline verity signature (#36405)
  * tree-wide: tweaks to mount point inode creation (#36308)
  * tools/dbus_exporter: set LD_ORIGIN_PATH if procfs is not available
  * exec-invoke: Use FORK_DETACH when forking off pid namespace child (#36446)
  * Install new files for upstream
  * Coding style followups (#36476)
  * mkosi: add libapparmor1 to package list for opensuse
  * ukify: switch from zstd to zstandard
  * ukify: fix zboot parsing with zstd
  * ukify: if the specified kernel is not a valid PE file try to decompress it
  * dissect: fix log_debug_errno assert due to r=0
  * ukify: print all remaining log-like output to stderr
  * shell completion: add kernel-identify/inspect verbs for bootctl
  * tools/dbus_exporter: set LD_ORIGIN_PATH if procfs is not available
  * repart: when using erofs and log level is not debug, use --quiet
  * packit: Switch to meson.version for the current version (#36509)
  * Install new files for upstream profile
  * Install new files
  * Install new files
  * mkosi: update debian commit reference
  * test: split VM-only subtests from TEST-74-AUX-UTILS to new VM-only test
  * repart: when using erofs and log level is not debug, use --quiet
  * nspawn: add hotkey for rebooting/powering off container (#36583)
  * Ukify tweaks (#36389)
  * Install new files
  * test-async: Wait for asynchronous_sync() to finish (#36611)
  * Install new files
  * mkosi: update debian commit reference
  * meson: bump version to 257.4
  * New upstream version 257.4
  * Update upstream source from tag 'upstream/257.4'
  * Update changelog for 257.4-1 release
  * New upstream version 257.4
  * hostnamectl: show image info in hostnamectl (#36638)
  * load-fragment: Fix config_parse_namespace_flags() for DelegateNamespaces= (#36633)
  * keyutil: support adding content into PKCS#7 signature (#36663)
  * Split bootctl to new systemd-boot-tools package
  * Update changelog for 257.4-2 release
  * Fix versioned breaks/replaces for sd-boot-tools
  * Update changelog for 257.4-3 release
  * mkosi: update debian commit reference
  * several fixes for Coverity (#36753)
  * Update tzdata-legacy version constraint for new bookworm-p-u tzdata version
  * systemd-boot: do case-insensitive parsing of efibootmgr output
  * build: add C23 support (#35085)
  * d/rules: add TODO reminder to drop Ubuntu-specific workaround
  * Drop systemd-cgroups-agent with upstream profile
  * Install new files
  * userdbd: use wildcard to install units
  * systemd-container: use more wildcards to install files
  * userdb: fix wildcard matching
  * some dbus property fixes (#36830)
  * tree-wide: introduce LOG_ITEM() macro for verifying format string (#36780)
  * man: fix typo in org.freedesktop.systemd1.xml
  * Handle new tmp mount on upgrade in preinst rather than postinst
  * systemd.postinst: add markers for janitor removals
  * Trivial updates for docs and comments (#36854)
  * tools/check-version-history: avoid DeprecationWarning with newer lxml (#36860)
  * logind: inhibitor fixups (#36817)
  * autopkgtest: remove workaround for 'meson compiile mkosi' and use 'mkosi -f' instead to avoid slow rebuilds
  * test: update to use the new ASSERT_OK() macro and friends (#36838)
  * autopkgtest: drop versioning constraints on tzdata
  * Move leftover resolved files to its own package
  * mkosi: update fedora commit reference (#36875)
  * Drop systemd-resolved package
  * Drop systemd-nspawn on arm64
  * Update changelog for 257.4-4 release
  * Add missing dh-exec shbang to d/systemd-tests.install
  * meson: add feature flag for nspawn build
  * test: always install test-resolve subdir
  * autopkgtest: fix unit-tests for upstream CI
  * Update changelog for 257.4-5 release
  * mkosi: Use build image prepare scripts for tools tree as well (#36861)
  * meson: add feature flag for nspawn build (#36876)
  * systemd: conflict with dracut on arm64
  * d/control: fix systemd-boot and systemd-boot-tools descriptions
  * Add Lintian override for 'unknown-field Protected'
  * Update changelog for 257.4-6 release
  * autopkgtest: when nested tests-in-lxd skips don't fail outer run
  * Backport patches to fix integration tests skipping
  * autopkgtest: fix debugging leftover
  * autopkgtest: re-enable integration tests
  * Update changelog for 257.4-7 release
  * test: skip TEST-75-RESOLVED if resolved is disabled at build time
  * test: skip networkd tests if networkd/resolved are disabled at build time
  * systemd.preinst: do not use systemctl
  * systemd.preinst: fix shellcheck warnings
  * d/t/boot-and-services: skip gdm3 test in nested LXD run
  * README: note min kernerl version for SO_BINDTOIFINDEX
  * test: pass verbose option to nvme-cli
  * test: call nvme-cli with --hostnqn= instead of the deprecated --hostid=
  * Install new files for upstream CI
  * test: use 'exit 0' instead of 'return' in test scripts
  * man: add missing conditional
  * test and manpages follow-ups (#36924)
  * test: fix usage of --hostnqn= (#36927)
  * man: fix typo in org.freedesktop.systemd1.xml
  * test: pass verbose option to nvme-cli
  * reintroduce systemd-resolved, with conflict on avahi-daemon
  * Update changelog for 257.4-8 release
  * test: skip TEST-75-RESOLVED if resolved is disabled at build time
  * test: skip networkd tests if networkd/resolved are disabled at build time
  * resolved: break mDNS, remove conflict with avahi
  * Update changelog for 257.4-9 release
  * Add NEWS entry to warn about network connectivity loss due to mDNS, and workaround
  * test: skip TEST-06-SELINUX if not on fedora/centos
  * test: skip TEST-06-SELINUX if not on fedora/centos
  * d/t/upstream: do not fail if 10-root.conf is not present
  * d/t/upstream: write mkosi.local.conf in subdir if the rest of the configs are in subdir
  * Use Conflicts instead of Breaks/Replaces for file move
  * Install new files for upstream
  * d/t/upstream: run mkosi genkey before summary
  * linter: run ruff format --diff so that the needed changes are actually printed
  * mkosi: switch rootfs to ext4
  * meson: bump version to 257.5
  * New upstream version 257.5
  * Update upstream source from tag 'upstream/257.5'
  * Drop backports, included in 257.5
  * Update changelog for 257.5-1 release
  * tree-wide: allow building with -Werror=flex-array-member-not-at-end (#36993)
  * Remove conflicts with dracut:arm64 and build nspawn:arm64 again
  * Update changelog for 257.5-1 release
  * Backport new patch to workaround /lib64 symlink incompatibility
  * Update changelog for 257.5-2 release
  * base-filesystem: avoid creating /lib64 symlink on existing rootfs
  * test: switch to new config keyword for bind9 >= 9.21
  * udev: fix potential stuck on exit (#37022)
  * d/copyright: use GPL URL instead of old FSF postal address
  * Refresh patch for upstream review changes
  * TEST-04-JOURNAL: include util.sh before calling cgroupfs_supports_user_xattrs() (#37039)
  * udev: several trivial cleanups (#37059)
  * mkosi: drop os-release symlink for minimal-base image
  * Install etc.conf tmpfiles.d in upstream builds
  * d/t/upstream: copy mkosi key from mkosi/ subdir if it exists
  * Install /usr/share/factory for upstream profile
  * Some cleanups and a CI fix for test-sd-device (#37083)
  * Install new file for upstream profile
  * fido2: hook up with plymouth for notifications
  * mkosi: enable autologin also with --console=gui
  * mkosi: update debian commit reference to 91a4d114e0b5a01385477f8862caedc1056fa68b
  * fido2: hook up with plymouth for notifications (#37089)
  * busctl: several cleanups for introspect command (#37103)
  * TODO: drop getenv item, done where needed
  * fstab/gpt-auto: hook up validatefs to /sysroot/usr/ rather than /sysusr/usr/ (#37109)
  * coredump: verify pidfd after parsing data in usermode helper
  * import/export: add support for zstd
  * xattr: fix assert that breaks importctl (#37146)
  * Revert "mkosi: temporarily disable panic_on_warn"
  * test: use /run/ for test configuration, not /etc/
  * Update example to F42 and fix invocation with dnf5 (#37250)
  * udev: Make Storage Tests Stable Again ! (#37262)
  * busctl: validate argvs on get-property/set-property too
  * mkosi: update debian commit reference to 9c54c974f07038bf6737fa02d78f20d340107f5c
  * sd-stub: fix assertion failure when cleaning up initrd pages
  * d/signing-template/copyright: use GPL URL instead of old FSF postal address
  * d/control: bump Standards-Version to 4.7.2, no changes
  * Add version to systemd-boot-efi-signed virtual package
  * d/README.Debian: update some outdated paragraphs
  * boot: skip shim-specific logic when running with new shim
  * test: fix root check for test-bpf-foreign-programs
  * systemd-homed: add dependency on polkitd
  * mount-util: add helper to get source from mountinfo
  * Install new files for upstream build
  * Minor docs cleanups (#37439)
  * test: fix assertion failure with CONFIG_UNIX_DIAG disabled
  * base-filesystem: avoid creating /lib64 symlink on existing rootfs
  * test: switch to new config keyword for bind9 >= 9.21
  * coredump: verify pidfd after parsing data in usermode helper
  * busctl: validate argvs on get-property/set-property too
  * systemd-boot: fix manpages installation
  * core: use socket cookie for naming per-connection service instances + set $SO_COOKIE env var to it (#37469)
  * Update hwdb (#37470)
  * mkosi: update debian commit reference to b0bbe045f41789845ecf591fd29f50c564034104
  * core: Also refresh confext extensions when reloading notify-reload service (#33995)
  * repart: add --append-fstab parameter (#37238)
  * {pidfd,cgroup}-util: avoid alignment warning when accessing f_handle (#37520)
  * Install new files for upstream build
  * mkosi: update debian commit reference to 4ed8fd38c7b1579da6343c713adf0c33040cfc33
  * systemd-boot: fix BOOT.CSV usage
  * Revert "logind: always enclose list fields (that may contain spaces) in quotes"
  * boot: do not stop parsing profiles if .cmdline is missing
  * test: fix test_qdisc_tbf regex with iproute2 v6.15
  * network: fix handling of ENODATA when reading IFLA_MASTER attribute (#37633)
  * boot: do not stop parsing profiles if .cmdline is missing
  * test: fix test_qdisc_tbf regex with iproute2 v6.15
  * Man page fixes (#37645)
  * NEWS: fix typos and formatting
  * coredump: add support for new %F PIDFD specifier
  * test: fix TEST-84-STORAGETM with nvme-cli < 2.7
  * test: fix TEST-84-STORAGETM with nvme-cli < 2.7
  * sysupdate: change status once operation has completed
  * login: receive synthetic events for devices with 'uaccess' tag (#37654)
  * coredump: add support for new %F PIDFD specifier
  * New upstream version 257.6
  * Update upstream source from tag 'upstream/257.6'
  * Drop patches, merged upstream
  * Update changelog for 257.6-1 release
  * systemd-boot: always pull in systemd-boot-efi on amd64/arm64
  * sync-docs: fix syntax warning
  * sync-docs: fix selection menu when opening 'latest' man
  * sync-docs: add '(latest stable)' next to the latest version in the menu
  * docs: small improvements for html man pages menu selector (#37663)
  * Revert "systemd-boot: always pull in systemd-boot-efi on amd64/arm64"
  * test: wait for coredump to appear before parsing
  * test: send monotonic timestamp rather than unix seconds for MONOTONIC_USEC= argument
  * mkosi: install util-linux-systemd in SUSE
  * test: do not fail when lacking privs to create sysfs directory
  * socket: downgrade not-supported logging for SO_PASSSEC
  * add parameter to specify hash alg used for PKCS#1 signature in PKCS#7 creation (#37794)
  * Install new files for upstream build
  * mkosi: update debian commit reference to 01b5b96a2f85594c2c8caf5d10048a4ec41f9d89
  * fstab-generator: set mode=0755 with root=tmpfs
  * man: fix varname copypasta
  * udev: add 'clock' system group for PTP rules
  * tpm2: print clear log message in case of dictionary lockout mode (#37894)
  * systemd-container: pick up renamed keyring file
  * homed: do not log new password when debug logs are enabled
  * mkosi: drop os-release symlink for minimal-base image
  * mkosi: enable autologin also with --console=gui
  * Revert "mkosi: temporarily disable panic_on_warn"
  * mkosi: install util-linux-systemd in SUSE
  * network/dhcp6: handle conflict addresses gracefully (#37916)
  * import: rename keyring extension from .gpg to .pgp
  * import-pubring: add OBS key for system:systemd
  * mkosi: update debian commit reference to 84966b99cdfc7ea3ee35163ad224775d9be90055
  * mkosi: workaround for opensuse spec file to pick up new import-pubring filename
  * mkosi: drop suse spec workarounds that were merged upstream
  * NEWS: add not about vendor import-pubring renaming
  * systemd-boot: remove fb too on removal
  * systemd-boot: reduce harmless noise on cleanup
  * test: escape '+' from uname -r before using in regex via '=~'
  * sysupdate: change status once operation has completed
  * sync-docs: fix syntax warning
  * sync-docs: fix selection menu when opening 'latest' man
  * sync-docs: add '(latest stable)' next to the latest version in the menu
  * test: wait for coredump to appear before parsing
  * test: do not fail when lacking privs to create sysfs directory
  * socket: downgrade not-supported logging for SO_PASSSEC
  * fstab-generator: set mode=0755 with root=tmpfs
  * man: fix varname copypasta
  * homed: do not log new password when debug logs are enabled
  * test: escape '+' from uname -r before using in regex via '=~'
  * hwdb: update to main@{2025-06-24}
  * meson: bump version to 257.7
  * New upstream version 257.7
  * Update upstream source from tag 'upstream/257.7'
  * Update changelog for 257.7-1 release
  * socket-activate: normalize COMMAND notation in help text + man (#37967)
  * Small udpates to TPM2_PCR_MEASUREMENTS page (#37978)
  * mkosi: update mkosi commit reference to 0d1143150835b21c1bfe64428df5f45b558280b1 (#37977)
  * sd-common: do not fail preprocessor when intellisense is parsing the header
  * macro: EDG compiler frontends doesn't support enum types
  * test: allow to run test-local-addresses with IPv6 disabled by default, and assume RTA_VIA is always supported (#38039)
  * openssl-util: allow to build with openssl without UI support (#38041)
  * sd-event struct typedefs and comments (#37790)
  * mkosi: drop workaround for opensuse systemd-stub tmpfiles
  * mkosi: move efi packages to conditional drop-in
  * mkosi: libclang-rt-dev is not available on s390x
  * ci: install packages available only on x86_64/arm64 on those arches only
  * ci: also install llvm-<version>
  * ci: restrict x86-only packages to x86 configs (#38056)
  * ukify: when decompressing kernel before signing, call verify on decompressed file
  * ci: enable arm64 runner for build/unit jobs
  * ci: enable build/unit test jobs on ppc64le
  * Install new files for upstream build
  * Install new files for upstream build
  * test: do not fail if scsi_debug module not available
  * test: bump machinectl timeouts from 10s to 30s
  * test: /lib64 is not guaranteed to exist, do not try to copy it if not
  * mkosi: enable arm64 job
  * mkosi: update debian commit reference to cc380fbc8af2e17165623d16630b7fc3ab4291d0
  * Small cleanups for tests (#38063)
  * ci: use -p and -f when creating dirs/removing files in mkosi job btrfs setup
  * Revert installing systemd-networkd-varlink.socket
  * ukify: recommend sbsigntool | pesign for signing
  * Revert "Revert installing systemd-networkd-varlink.socket"
  * mkosi: enable arm64 job and test fixlets (#38066)
  * Move bootctl zsh completion file too to new package
  * systemd-boot-tools: change architecture to linux-any
  * Update changelog for 257.7-2 release
  * meson: do not reference variable unless feature that defines it is enabled
  * meson: call qemu with -machine virt on aarch64
  * ukify: fix parsing uname version with '+'
  * ci: add test timeout multiplier for ppc64le
  * Install new files for upstream build
  * Stop installing legacy sysv tools/units for upstream builds
  * ci: re-enable uefi secure boot
  * boot: add LoaderTpm2ActivePcrBanks runtime variable
  * Two fixlets for coverage test (#38183)
  * systemd-boot: fix initramfs post-update hook for uncompressed kernels
  * Kill several SysV compat functionalities (v258) (#38178)
  * shell-completion: prettify and discard error messages (#38210)
  * test: skip tpm2 test on s390x on GHA
  * ci: add build/unit-tests jobs for s390x
  * Install new quota manpages for upstream build
  * netdev-util: allow setting local address based on dhcp-pd addresses as well (#38211)
  * analyze: several follow-ups for recent changes (#38253)
  * Small comment fixes (#38252)
  * readme: update ubuntu autopkgtest infra support channels
  * core: gracefully ignore PrivateBPF=yes if the kernel does not support it (#38238)
  * docs: mention LoaderTpm2ActivePcrBanks in BLI
  * stub: restore compatibility for shim (< 16.0) -> UKI case
  * stub: check if security override is available before using it
  * NEWS: fix wrong path for sd-stub global extensions directory
  * NEWS: update contributors list
  * NEWS: add time/place
  * hwdb: update
  * po: update systemd-pot
  * meson: update version numbers for v258~rc1
  * Chores for RC1 (#38300)
  * salsa-ci: enable arm64 build
  * d/watch: remove restriction to v257.x series
  * New upstream version 258~rc1
  * Update upstream source from tag 'upstream/258_rc1'
  * Fix typos found by Lintian
  * Add and remove files for 258~rc1
  * Enable sd-vmspawn
  * NEWS: note cgroupv1 removal
  * Drop world-writable /run/lock debianism
  * Drop all workarounds that are obsolete after trixie
  * NEWS: note removal of telinit/runlevel
  * Update symbols file for 258~rc1
  * Update Lintian overrides
  * Fix Lintian warning debian-news-entry-uses-asterisk
  * Add a few more conflicts to packages providing the same files
  * d/copyright: update paths
  * Update changelog for 258~rc1-1 release
  * LICENSES/README: update file paths after moves
  * tpm2-clear: build only if bootloader/openssl are enabled
  * vmspawn: add machine types for m68k/sparc64 and default to 'none' if unknown
  * core/dbus-manager: validate unit type before calling into service-specific methods (#38323)
  * test: wait for userspace mount options applied (#38327)
  * test: modernize test-oomd-util (#38329)
  * Meson: clean up "finding" of helper scripts (#38335)
  * syscalls-table: add sh and regenerated table
  * syscalls table: add sh (#38338)
  * cgroup-util: enforce alignment of f_handle
  * bootctl: automatically set --graceful when running in chroot
  * Install usr/share/factory files and restore nsswitch.conf/pam.d/issue on factory reset
  * tree-wide: bunch of fixlets raised by coverity (#38341)
  * TEST-21-DFUZZER: improve stability of the test, and enable services to be tested (#37862)
  * d/rules: set debugoptimized for upstream builds
  * stub: fix passing kernel cmdline when loading via shim
  * journal: fix log filtering for syslog message (#38372)
  * mkosi: update mkosi commit reference to cb1a3c90490922441548d09b09c7b76426e4bc20
  * test: do not fail TEST-70-TPM2 when secure boot is enabled
  * test: preserve ESP when testing bootctl
  * mkosi: enable secure boot and autoenroll by default
  * test: add a secureboot test with an addon
  * Translations update from Fedora Weblate (#38387)
  * basic: follow-ups for CHASE_MUST_BE_DIRECTORY/REGULAR (#38390)
  * ci: test integration with shim in debian jobs
  * test: add workaround for unexpected VM restart (#38397)
  * Several fixlets for PTY forwarder and systemd-run (#38385)
  * test: set -x in TEST-50-DISSECT test unit
  * test: send trailing newlines in notify messages in TEST-50-DISSECT
  * ukify: fix hwids section reproducibility
  * test: run test-journal-append binary with info level logging
  * journald: add debug logs around offlining/archiving/rotating/varlink operations
  * udev/node: fix issue in removing device node symlink (#38419)
  * cg: get attribute for requested controller in cg_is_empty
  * systemd-boot: register interest in systemd-boot-signed trigger
  * NEWS: fix typo
  * systemd-boot: fix registering/removing uncompressed kernels
  * d/t/control: prefer systemd-boot-tools if available
  * systemd-boot: make efibootmgr a dependency
  * hwdb: update
  * hwdb: update autosuspend rules
  * NEWS: note new items since RC1
  * NEWS: update contributors list
  * NEWS: update date
  * Chores for RC2 (#38473)
  * stub: also pickup global .raw sysexts, like per-UKI ones
  * NEWS: update list of contributors
  * NEWS: update date
  * meson: update version numbers for v258~rc2
  * New upstream version 258~rc2
  * Update upstream source from tag 'upstream/258_rc2'
  * systemd-container: update lintian overrides for more false positives
  * Update changelog for 258~rc2-1 release
  * test: ensure printf builtin buffers and does a single write when piping into socat
  * meson: fix compatibility with Python 3.7
  * seccomp: fix build with glibc < 2.39
  * network: fix build with libbpf < 0.7
  * test-bpf-token: fix build with libbpf < 0.6
  * test: fix assert when running test-cgroup in container
  * test: fix repeated runs of test-oomd-util by clearing test cgroup
  * ci: add build job on Ubuntu Jammy with Python 3.7
  * user-runtime-dir: two fixlets for setting disk quota (#38496)
  * Fix build with older python/glibc/bpf and add CI job to cover it (#38500)
  * test: use Europe/Helsinki instead of Europe/Kyiv in test-calendarspec
  * Stop installing /var/lib/systemd in the package
  * nspawn: fix recursive bind mounts
  * network: fix segfault in setting bridge vlan (#38519)
  * ci: stop triggering suse-specific package build on OBS
  * NEWS: fixlets and adjustments
  * ci: add mkosi job for debian stable
  * service: stop/reset watchdog on freeze/thaw
  * test: add coverage for kernel keyring in TEST-50-DISSECT
  * More NEWS updates about sysv support
  * tpm2-util: fixlets for tpm2_serialize/_deserialize() (#38520)
  * Update changelog for 258~rc2-2 release
  * CI: run ruff format before ruff check
  * test-cgroup: cleanup test cgroup
  * ukify: drop NX bit from UKI if kernel doesn't have it
  * mkosi: install util-linux-script on F44
  * pidfd-util: force alignment of file_handle union to avoid assert on 32bit
  * systemd-boot: install kernel hooks to /usr/share/
  * test: fix typo in comment
  * mkosi: update debian commit reference to 8ba719208ff28f36bc240328725eb10008838c39
  * mkosi: update mkosi commit reference to 5598b7f5793b6f63db5afaa39504a763fbaeb5cb
  * core: fix crash on audit callback
  * vmspawn: fix --smbios
  * test: also edit /etc/os-release if it's not a symlink when patching /usr/lib/os-release (#38628)
  * chase: invert CHASE_NO_AUTOFS and only set it where needed
  * sd-stub: use memory proto if available and set kernel memory to RX with NX_COMPAT
  * Add padding to sbat section (#38621)
  * Revert "resolved: don't wait for TLS close_notify replies unnecessarily"
  * hwdb: update rules
  * hwdb: update autosuspend rules
  * Update syscalls tables
  * NEWS: update contributors list
  * NEWS: update date
  * Chores for RC3 (#38653)
  * meson: update version numbers for v258~rc3
  * New upstream version 258~rc3
  * Update upstream source from tag 'upstream/258_rc3'
  * systemd-boot: update version for rm_conffile
  * Update changelog for 258~rc3-1 release
  * TEST-46-HOMED: improve stability of the test (#38659)
  * boot: also remember auto-generated entries
  * import-generator: fix crash with no remote string in systemd.pull=
  * analyze: fix unit-shell/unit-gdb when target unit has exited
  * NEWS: add note about removal of /run/lock/ from our tmpfiles.d
  * mkosi: update mkosi commit reference to d45142e329550abc9c6fc63c1f1f86e5286d3d67
  * Clean up redirection ops in tests (#38827)
  * test: add more debug output
  * NEWS: note sd-stub incompatibility with older ukify
  * NEWS: update date
  * meson: update version numbers for v258~rc4
  * New upstream version 258~rc4
  * Update upstream source from tag 'upstream/258_rc4'
  * Update changelog for 258~rc4-1 release
  * machine: restrict register-machine action again
  * NEWS: update register-machine paragraph
  * machine: restrict register-machine action again (#38835)
  * autopkgtest: manually compress logs on failure
  * autopkgtest: set default_device_timeout_sec=240
  * bootctl: minor fixups (#38856)
  * salsa-ci: switch to recommended entry point yml
  * test: remove extension from /var/lib/extensions at the end of the test
  * autopkgtest: use -20 instead of -22 for zstd compression
  * salsa-ci: enable ppc64el builds
  * test: exit from test child processes
  * test: propagate log env vars in run-unit-tests.py wrapper
  * autopkgest: install dosfstools for test-loop-block
  * test: do not leave process hanging in test-namespace
  * test: PR_DEATHSIG is reset after changing id/gid
  * test-namespace: more fixes (#38875)
  * mkosi: pass through more toolchain flags
  * ansi-color: fix stack overflow with debug level and invalid SYSTEMD_COLORS env var
  * autopkgtest: enable debug logs for unit-tests job
  * autopkgtest: ensure /usr/sbin is in the PATH for unit-tests job
  * shell-completion: add missing arguments for journalctl
  * test: ensure journal dir is writable by container in TEST-13-NSPAWN
  * Revert "test: propagate log env vars in run-unit-tests.py wrapper"
  * meson: link with -Wl,-z,gcs-report-dynamic=none (#38901)
  * test: consolidate checks for unpriv nspawn support in TEST-13-NSPAWN
  * test: call mksquashfs with -noappend to be safe on reruns
  * Revert "TEST-55-OOMD: Verify that ExecStopPost= runs on oom-kill"
  * generators: fix parameters naming in symlink helper
  * machine: do not allow unprivileged users to register other users' processes as machines
  * machine: validate root directory over varlink
  * man: clarify that machined RootDirectory parameter is informational only
  * machine: add a comment to clarify that root_directory is informational only
  * mkosi conf opensuse: ukify from systemd-ukify (#38942)
  * machine: do not allow unprivileged users to register other users' processes as machines (#38911)
  * hwdb: update
  * Update syscall numbers
  * NEWS: update contributors list
  * NEWS: update time and place
  * Chores for release (#38958)
  * Finalize NEWS and meson.version for v258
  * meson: bump version to 259~devel for next cycle
  * sysext: do not attempt to unlock images interactively
  * New upstream version 258
  * Update upstream source from tag 'upstream/258'
  * repart: do not fail when CopyBlocks= is used in the initrd
  * Update changelog for 258-1 release
  * core: drop dead code
  * dissect: use blkid_probe filters to restrict probing to supported FSes and no raid
  * Create CNAME
  * meson: fix link-udev-shared option
  * vmspawn: two small tweaks (#38957)
  * mount-util: support 'atime' family of mount options for fsmount()
  * kernel-install: version sort listed kernels (#38983)
  * meson tweaklets (#38978)
  * Override Lintian warning for groff-message
  * Override Lintian warning for spare-manual-page
  * Override lintian warnings for conflicts-with-version
  * Drop versioned conflicts added for bullseye upgrades
  * Override Lintian warning for binaries-have-file-conflict
  * Override Lintian warning for appstream-metadata-missing-modalias-provide
  * units: add missing Documentation=
  * Override more Lintian warnings about appstream
  * Install new files for upstream build
  * docs: use '_' as separator for OSC page
  * docs: use '_' as separator for OSC page
  * Two follow-ups for dlopen()-ification (#39078)
  * d/rules: Ubuntu moved vmlinux.h too
  * mkosi: update debian commit reference to 49dd9371a0c0dd08c7847c5885722eab88ac279f
  * fs-util: prefer glibc's fchmodat() if possible
  * machined: add PIDFD D-Bus variants for registering/creating machines
  * systemd: recommend login package
  * mkosi: pull in bsdutils for script, used by various integration tests
  * machined: do not allow unprivileged users to shell into the root namespace
  * nspawn: free D-Bus error before fallback (#39131)
  * Explicitly disable bpf-framework for stage1 builds
  * Revert "Bump required minimum version of libfido2 to 1.5.0" and add missing def instead
  * vmspawn: try to set up swtpm state for 4K RSA keys support
  * autopkgest: install bsdutils and bsdextrautils for unit tests
  * vmspawn: enable qemu guest agent with --console=gui
  * mkosi: pull in new knot package for TEST-75-RESOLVED
  * Install new files for upstream build
  * Fix installation of new manpages
  * mkosi: update debian commit reference to e50fce1d4b2a9f1bb990027de8e86603f3b42301
  * docs: document uploading manpages for new dev version after release
  * docs: document creating new CI branch for the new stable branch after a release
  * mkosi: pull in bsdutils for script, used by various integration tests
  * mkosi: pull in new knot package for TEST-75-RESOLVED
  * semaphore: switch to ci/v258-stable branch
  * mkosi: switch deb packaging to ci/v258-stable
  * repart: do not fail when CopyBlocks= is used in the initrd
  * fs-util: prefer glibc's fchmodat() if possible
  * machined: do not allow unprivileged users to shell into the root namespace
  * meson: fix link-udev-shared option
  * sysext: do not attempt to unlock images interactively
  * New upstream version 258.1
  * Update upstream source from tag 'upstream/258.1'
  * Make /run/lock world writable by default
  * Update changelog for 258.1-1 release
  * mountfsd: json format unsigned types as unsigned
  * mountfsd: add boolean parameter to let callers enable verity sharing
  * dissect-image: pass through DISSECT_IMAGE_VERITY_SHARE to mountfsd via varlink if set
  * nspawn: enable verity sharing
  * Use verity sharing for user services and nspawn too (#39313)
  * Revert "machine: restrict register-machine action again"
  * test: move checks around in TEST-50-DISSECT so that they can be used from multiple subtests
  * test: also test verity signatures on debian testing/unstable
  * test: sign extension images used by TEST-50-DISSECT
  * test: install bsdextrautils in debian minimal img
  * test: call bash with -o pipefail when piping commands in TEST-50-DISSECT
  * test: add coverage for RootImage= in user units
  * Support ExtensionImages=/MountImages= in user services via mountfsd
  * core: also enable PrivateUsers= for user services when using images via mountfsd
  * Backport patch to fix autopkgtest with new util-linux due to file move
  * Support ExtensionImages=/MountImages= in user services via mountfsd and PrivateUsers=yes (#39341)
  * mkosi: provide detached verity signatures too for minimal images
  * dissect: fix image policy check for bare dm-verity filesystem
  * json: add json_dispatch_unhex_iovec helper
  * mountfsd: add support for verity-protected bare filesystems
  * dissect: add support for verity-protected bare filesystems via mountfsd
  * test: add coverage for image policy and bare filesystems with verity
  * dissect: add support for verity-protected bare filesystems via mountfsd (#39325)
  * ci: re-enable bpf-framework option for build and unit test jobs
  * dissect: drop leftover assert
  * blockdev-list: add overflow check assert
  * efivars: fix potential memory leak
  * bpf: do not leak dlopen object
  * test: avoid divide-by-zero coverity warning
  * ci: add bpftool workaround to codeql job too
  * log: add underflow assert guard
  * mkosi: install new knot-keymgr in Fedora rawhide
  * Assorted coverity fixes (#39355)
  * ci: add bpftool workaround to coverity too
  * getty-static: add missing Documentation=
  * systemd-tests: drop unused overrides
  * salsa: disable arm64/ppc64el again
  * Install new files for upstream build
  * mountfsd: allow privileged users to mount bare unprotected filesystems
  * man: RootImageOptions= is only supported for system services right now
  * mkosi: update debian commit reference to 5650452e6b0b430f44d3d48b7322c2b3c8b9477f
  * sd-varlink: when expecting a type and refusing due to mismatch say what was received
  * Update changelog for 258.1-2 release
  * test: add test case for verity deferred removal without sharing
  * Install new file for upstream build
  * Install new file for upstream build
  * Install new files for upstream build
  * test: stop piping post-test journalctl commands to /failed
  * test: rework dmsetup test to wait for device to disappear
  * test-network: fix issues when running with sanitizers (#39572)
  * test: wait until the nspawn process is completely dead  (#39576)
  * reread-part: fix error propagation
  * test: ensure test checking status runs first
  * NEWS: announce RootImageOptions= et al. incompatible changes
  * test: rotate journal before invocation test
  * systemd-analyze shell completion improvements (#39673)
  * Install new files for upstream build
  * dissect: check that roothash in signature matches before selecting partition
  * Install new file for upstream build
  * boot: coding style cleanups
  * mkosi: update debian commit reference to efdd7a6377c7251011ca2c1a59115d482d25fe61
  * core: prepare reload/reexec for varlink
  * core: add varlink Reload/Reexecute methods
  * integritysetup: Add support for hmac-sha512 and wrapped key HMAC algorithms phmac-sha256 and phmac-sha512 (#39719)
  * Try to make TEST-75-RESOLVED less flaky (#39733)
  * varlink: say which socket failed to bind in log message
  * test: always create networkd mock tmpfs for networkd-test.py
  * Install new files for upstream build
  * Update hwdb
  * NEWS: update contributors list
  * Update syscalls table
  * Translations: update systemd-pot
  * Translations: update systemd-po
  * man: regenerate man/rules/meson.build
  * Chores for RC1 (#39757)
  * test: skip TEST-64-UDEV-STORAGE-simultaneous_events on Debian
  * NEWS: more adjustments for v259~rc1
  * d/rules: disable sysv compat in upstream builds
  * d/t/unit-config: fix python decorator copypasta
  * repart: prefix LUKS superblock label with "luks-" by default, and add explicit VolumeLabel= setting to control it (#39713)
  * NEWS: copy yet again sysvinit scripts removal announcement
  * NEWS: update contributors list
  * NEWS: finalize time and place
  * meson: bump library sonames for v259~rc1
  * meson: bump version to v259~rc1
  * New upstream version 259~rc1
  * Update upstream source from tag 'upstream/259_rc1'
  * Drop patches, all merged upstream
  * Install new files for v259~rc1
  * Update symbols file for v259~rc1
  * Update changelog for 259~rc1-1 release
  * Improve systemd-analyze man page and bash completion (#39778)
  * docs: elf metadata specs have moved to uapi-group
  * d/t/control: ensure unit-tests autopkgtest pulls in dlopened libraries for test
  * shell-completion: add bash script for varlinkctl
  * virt: debug log when inode_same() fails
  * test: skip test-loop-block udev part in chroot too
  * test: check for all errors in test-reread-partition-table
  * boot: ensure profile IDs do not get leaked and overwritten when there are tries suffixes
  * man,doc: add uapi spec numbers to all links to uapi specs (#39867)
  * Update hwdb
  * syscalls: add 'pragma export' to script that generates header
  * Translations: update systemd-pot
  * Translations: update systemd-po
  * NEWS: update contributors list
  * Chores for RC2 (#39901)
  * NEWS: finalize date
  * meson: bump version to v259~rc2
  * New upstream version 259~rc2
  * Update upstream source from tag 'upstream/259_rc2'
  * Install new varlinkctl bash completion script
  * Update changelog for 259~rc2-1 release
  * d/t/control: pull in optional libs for boot-and-services too
  * cgroup-util: fix cg_pid_get_user_unit() to actually query user units
  * cryptsetup: downgrade dlopen not compiled message to debug
  * sysupdate: also mention patterns to match in error log on failure
  * Translations update from Fedora Weblate (#39998)
  * Reapply "pid1: pull in libmount unconditionally"
  * pid1: do not fail if dlopen of libmount fails because it is not compiled in
  * test-network: fix invalid captive portal URL with dnsmasq 2.92 (#40011)
  * tests: log when qemu crashed and the test is re-ran
  * tests: run qemu with cpu_reset,guest_errors debug messages
  * tests: some more logs to try and get info about VM spurious reboots (#40028)
  * test-network: drop unused variable
  * tests: also add qemu shutdown trace debug logs to integration script
  * portabled: list new methods in D-Bus policy
  * shell-completion: fix portablectl path completion with preceding params
  * test: use -force with unsquashfs for test reruns
  * Update hwdb
  * hwdb: update autosuspend rules
  * NEWS: update contributors list
  * NEWS: update date
  * meson: bump version to v259~rc3
  * New upstream version 259~rc3
  * Update upstream source from tag 'upstream/259_rc3'
  * Install new udev rule
  * Update changelog for 259~rc3-1 release
  * Revert "Update architecture match for 50-pid-max.conf"
  * core: gracefully skip unknown policy designators in RootImagePolicy et al (#40060)
  * Downgrade depends to recommends for IPC endpoint of respective libnss modules
  * Translations update from Fedora Weblate (#40097)
  * ci: remove --quiet from mkosi integration suite run
  * include: update kernel headers from v6.19~rc1
  * basic: add GUEST_MEMFD_MAGIC from 6.19
  * mkosi: update mkosi commit reference to 9e31235211d975bae25622d6205a8396d104335e
  * mkosi: drop gh from mkosi-tools debian/ubuntu
  * test: fix race condition in TEST-80-NOTIFYACCESS
  * Update hwdb
  * Update syscalls table
  * NEWS: update contributors list
  * NEWS: finalize
  * Chores for v259 (#40120)
  * Boot loader menu docs and tweaks (#39842)
  * Finalize meson.version for v259
  * New upstream version 259
  * Update upstream source from tag 'upstream/259'
  * Update changelog for 259-1 release
  * Install new files for upstream build
  * Do not install systemd-sysv-generator.8 in upstream build
  * Drop dependencies on libcap-dev, no longer used since v259
  * Install systemd-tpm2-generator.8 only for UEFI builds
  * Mark sd-userdbd as Multi-Arch: foreign

  [ Zbigniew Jędrzejewski-Szmek ]
  * Rename to follow the convention
  * Merge branch 'predictable-interface-names'
  * Merge pull request #11084 from poettering/networkd-test-fix
  * Merge pull request #11083 from poettering/nspawn-settings-fixes
  * nspawn: check cg_ns_supported() just once
  * man: reword tmpfiles.d descriptions to refer less to previous descriptions
  * man: rewrite the general description of tmpfiles
  * core: fix typo in comment
  * man: add a note that /var/run should not be used in tmpfiles
  * meson: make net.naming-scheme= default configurable
  * generators: configure logging before the first use
  * Merge pull request #10892 from mbiebl/revert-systemctl-runtime-unmask-breakage
  * Mark *data and *userdata params to specifier_printf() as const
  * shared/install: mark UnitFileInstallInfo* as const where appropriate
  * generators: define custom main func definer and use it where applicable
  * system-update-generator: use the new main function definer
  * gpt-auto-generator: use the new main function definer
  * getty-generator: use the new main function definer
  * fstab-generator: fix check for /sys
  * shared/install: remove two conditionals which are always false
  * shared/install: add some more debugging info
  * shared/install: ignore symlinks which have lower priority than the unit file
  * NEWS: typos and wording adjustments
  * units: drop units/user/busnames.target
  * units: replace symlinks in units/user/ by real files
  * Merge pull request #11152 from keszybz/meson-user-unit-symlinks
  * Merge pull request #11145 from yuwata/bash-completion-bootctl
  * Merge pull request #11147 from yuwata/bash-completion-machinectl
  * udev: make udev_rules_new() return a proper error code
  * tree-wide: s/time-out/timeout/g
  * man: add note about systemd-vconsole-setup.service and tty as input/output
  * pid1: fix free of uninitialized pointer in unit_fail_if_noncanonical()
  * sd-device: attempt to read db again if it wasn't found
  * sd-device: reduce the number of implementations of device_read_db() we keep around
  * sd-device: pass timestamp internally as usec_t not char*
  * Merge pull request #11179 from kraj/kraj/pu
  * udev: use typedef for struct udev_rules
  * udev: use typedef for struct udev_event
  * Merge pull request #11086 from poettering/nscd-cache-flush
  * Merge pull request #11180 from yuwata/update-bash-completion
  * Merge pull request #11077 from yuwata/udev-issue-better-fix
  * sd-device: remove holes in struct sd_device
  * rfkill: move wait_for_initialized() to shared/
  * dissect-image: split out a chunk of dissect_image() out
  * dissect-image: wait for the root to appear
  * dissect-image: wait for the main device and all partitions to be known by udev
  * hashmap: use ternary op to shorten code
  * test-hashmap: use the usual function headers and print timing stats
  * test-hashmap: add test to compare hashmap_free performance
  * systemctl: add comment why whitespace in message is needed
  * meson: rename two more variables from _c to _sources
  * meson: print EFI CC configuration nicely
  * test-mountpoint-util: more debug info
  * Merge pull request #11200 from poettering/mailmap-updates-240
  * Revert "units: set NoNewPrivileges= for all long-running services"
  * Merge pull request #10221 from lucaswerkmeister/bash-completion
  * NEWS: add note about NNP=yes
  * NEWS: add a note about symlink following in .wants and .requires
  * test-fileio: test safe_fgetc directly
  * json: do not unescape slashes
  * Remove use of PACKAGE_STRING
  * Revert "mount: disable mount-storm protection while mount unit is starting."
  * Revert "core/mount: minimize impact on mount storm."
  * Merge pull request #11215 from poettering/gpt-auto-no-udev
  * tmpfiles: fix crash with NULL in arg_root and other fixes and tests
  * Merge pull request #10912 from poettering/gpt-root-rw
  * meson: define PROJECT_VERSION as the "bare" project version
  * hwdb: update database
  * udev: modernize ctrl_send and use PROJECT_VERSION
  * meson: generate version tag from git
  * meson-vcs-tag: add work-around for git bug
  * meson: allow setting the version string during configuration
  * meson: simplify handling of pkgconfigdatadir=no, pkgconfiglibdir=no
  * meson: declare version.h as dep for fuzzers
  * meson: use /bin/bash for script
  * analyze: add assert to verify we are not dividing by 0
  * tree-wide: make new/new0/malloc_multiply/reallocarray safe for size 0
  * Revert "sleep: offer hibernation only if the kernel image still exists"
  * Merge pull request #11206 from cdown/cgroup_no_v1
  * tree-wide: use assert_se() for signal operations with constants
  * Merge pull request #11239 from poettering/news-v240-final
  * NEWS: add one more name and adjust location
  * Merge pull request #11297 from yuwata/fix-11295
  * Merge pull request #11291 from yuwata/fix-11259
  * udevadm: add a workaround for dracut
  * test-json: check absolute and relative difference in floating point test
  * Merge pull request #11273 from pseyfert/zsh-debugger-completion
  * Merge pull request #11250 from yuwata/dhcp-coding-style-fixes
  * remount-fs: split out common pattern out to a function
  * fstab-generator: move debug lines to a better place
  * shared/generator: allow absolute symlink target in generator_add_symlink()
  * fstab-generator: use generator_add_symlink() in one more place
  * fstab-generator: simplify return code generation
  * Pull in systemd-remount-fs.service only when required
  * man: describe better when remount-fs.service and gpt-auto-generator are active
  * Define macro for systemd-volatile-root.service
  * Define macro for systemd-fsck-root.service
  * Merge pull request #11244 from yuwata/revert-udev-changes
  * Merge pull request #11317 from filbranden/docs1
  * Revert "pam_systemd: drop setting DBUS_SESSION_BUS_ADDRESS"
  * tree-wide: use c99 static for array size declarations
  * Use c99 static array size declarations in exported functions too
  * meson: declare version.h as dep for libbasic
  * Revert "meson: declare version.h as dep for fuzzers"
  * Print the systemd version in a format that dracut likes
  * pam_systemd: set $DBUS_SESSION_BUS_ADDRESS unconditionally
  * udev: rework how we handle the return value from spawned programs
  * Merge pull request #11344 from poettering/various-fixes
  * Merge pull request #11355 from yuwata/rfe-11343
  * sd-device: modernize code a bit
  * Fix a few comments
  * timesyncd,resolved,machinectl: drop calls to sd_event_get_exit_code()
  * coredump: remove duplicate MESSAGE= prefix from message
  * journald: remove unnecessary {}
  * journald: do not store the iovec entry for process commandline on stack
  * basic/process-util: limit command line lengths to _SC_ARG_MAX
  * coredump: fix message when we fail to save a journald coredump
  * journald: set a limit on the number of fields (1k)
  * journald: when processing a native message, bail more quickly on overbig messages
  * journald: lower the maximum entry size limit to ½ for non-sealed fds
  * µhttpd: use a cleanup function to call MHD_destroy_response
  * journal-remote: verify entry length from header
  * journal-remote: set a limit on the number of fields in a message
  * Merge pull request #11374 from keszybz/journal-fixes
  * udevd: drop redundant call to sd_event_get_exit_code
  * udev: open control and netlink sockets before daemonization
  * logind: do not pass negative number to strerror
  * Merge pull request #11376 from yuwata/11365-v2
  * pam_systemd: reword message about not creating a session
  * Revert "nss: prevent PROTECT_ERRNO from squashing changes to *errnop"
  * Merge pull request #11196 from yuwata/udevd-tiny-cleanups
  * NEWS: update for v241
  * NEWS: document deprecation of PermissionsStartOnly= in v240
  * Merge pull request #11409 from yuwata/udev-synthetic-errno
  * udev: do logging before setting variables to NULL
  * pam_systemd: do no allocate the path of fixed length
  * Revert "pam_systemd: set $DBUS_SESSION_BUS_ADDRESS unconditionally"
  * NEWS: typos
  * Merge pull request #11428 from yuwata/network-issue-9130-v2
  * Merge pull request #11345 from kirbyfan64/tmpfiles-c-empty
  * Merge pull request #11418 from yuwata/fix-11404
  * Revert "Always rename an interface to its name specified in config if no NamePolicy= is specified"
  * libsystemd-network: use xsprintf in one more place
  * Merge pull request #11441 from poettering/foreach-string-rework
  * Drop some unnecessary newlines
  * user-util: remove unsed NOLEGACY define
  * link-config: unentangle the renaming logic and add logging
  * link-config: add "keep" policy and use it by default
  * udev: move naming-scheme bits into their own file
  * link-config: default to "keep" policy if naming-scheme<=239 is used
  * NEWS: describe the naming scheme updates
  * man: use <varname> and <option> instead of <literal> in systemd.link(5)
  * NEWS: retroactively describe .include deprecation
  * core/mount: move static function earlier in file
  * Merge pull request #11349 from yuwata/udevadm-control-ping
  * Revert "hwdb: Fix secondary backslash on MSI GS65 laptop"
  * udev,networkd: use the interface name as fallback basis for MAC and IPv4LL seed
  * basic/missing: add more addr_assign_type values
  * udev: add debug logging about the choice of MAC
  * test-libudev: modernize and add more debugging info
  * Merge pull request #11519 from yuwata/udevadm-info-2476
  * Merge pull request #11448 from poettering/rlimit-pid1-fixo
  * hwdb: update
  * procfs-util: expose functionality to query total memory
  * basic/prioq: add prioq_peek_item()
  * journal: limit the number of entries in the cache based on available memory
  * journald: periodically drop cache for all dead PIDs
  * pid1: fix cleanup of stale implicit deps based on /proc/self/mountinfo
  * build-sys: bump package/library versions
  * Merge pull request #11513 from poettering/cryptsetup-msg
  * shared/dissect-image: make sure that we don't truncate device name
  * journal: avoid buffer overread when locale name is too long
  * libsystemd-network: remove _packed_ attribute to appease the compiler
  * test-util: drop _packed_ attribute
  * journal: drop _packed_ attribute in a few places
  * test-resolve: increase timeout to 120s
  * efivars: make sure that _packed_ structure members are actually aligned as expected
  * efivars: remove direct access to unaligned structure members
  * test-sizeof: print the alignments too
  * Merge pull request #11647 from thom311/hashmap-avoid-compiler-warning
  * test-json: do not pass ephemeral array as intializer to JSON_BUILD_STRV
  * man: move entries to the right section in systemd.directives
  * man: fix markup and grammar for FOU{Source,Destination}Port=
  * man: use <varname> for pam configuration options
  * man: use <constant> for SD_BUS_ERROR_* and SD_BUS_NAME_* constants
  * man: move os-release, machine-info, vconsole.conf vars to envvar section
  * man: move all config file options to one section
  * man: add a new directives section for .nspawn
  * man: add a new section for EFI variables
  * man: move sd-login(5) udev tags to the udev section
  * Merge pull request #11423 from ssahani/issue-9890
  * Merge pull request #11487 from poettering/unprotect-errno
  * Merge pull request #11704 from yuwata/fix-oss-fuzz-12980
  * Merge pull request #11714 from poettering/final-news-241
  * basic/hexdecoct: be more careful in overflow check
  * shared/calendarspec: do not allocate a big string on stack
  * shared/install: generate list of files in separate function
  * Introduce CONF_PATHS_USR_STRV to mirror CONF_PATHS_STRV
  * resolved: add missing spdx header
  * man: document paths under /usr/local in standard-conf.xml
  * man: add missing spdx header
  * man: fix section numbers
  * resolved: use standard paths for .dnssd files
  * udev,network: use standard paths for .network and .link files
  * environment-d-generator: do not include /lib/environment.d in the list
  * udev: use the usual set of load paths for udev rules
  * analyze: use SYNTHETIC_ERRNO
  * analyze: generalize cat-config to apply to tmpfiles, presets, hwdb.d, etc.
  * meson: drop unused "udevhomedir"
  * core: update comment
  * udevadm: print error if the commands fail
  * Merge pull request #11482 from poettering/tmpfiles-bsd-lock
  * Merge pull request #11725 from poettering/temp-dir
  * Merge pull request #11512 from poettering/resolved-stub-pipeline
  * networkd: wrap long log lines
  * test-ordered-set: add a copy of test-set adapted to OrderedSet
  * generator: rename systemd-mkfs@.service to systemd-makefs@.service
  * basic/ordered-set: add functions to operate on OrderedSets of strings
  * basic/ordered-set: export networkd function to print string sets
  * networkd: use OrderedSets instead of strvs to store lists of domains
  * shared/hashmap: trivial style updates
  * tests: shorten the fuzz test case
  * Add a work-around for memsan
  * analyze: split out loop innards into a separate function
  * analyze: add color highlighting when printing calendar elapses
  * Merge pull request #11781 from yuwata/udev-rule-continuation-fix
  * Merge pull request #11796 from yuwata/fuzz-link-parser
  * meson: make sure preprocesor warnings are not treated as errors
  * Add wrapper for __msan_unpoinson() to reduce #ifdeffery
  * test-mountpoint-util: unpoison string allocated by sscanf %ms
  * test-json: avoid deep stack recursion under msan
  * test-json: use standard test intro
  * meson: declare version.h as dep for various targets that include build.h
  * fuzz-unit-file: add some directives for stuff coverage reports as not covered
  * fuzz-unit-file: also run manager_dump()
  * Merge pull request #11780 from yuwata/fix-4211
  * basic/utf8: change type of function to emphasize that it only looks at one character
  * basic/utf8: do not read past end of string when looking for a multi-byte character
  * shared/ask-password-api: when echoing multi-byte characters, print the whole sequence
  * fuzz-journal-stream: avoid assertion failure on samples which don't fit in pipe
  * fuzz-lldp: avoid assertion failure on samples which dont fit in pipe
  * fuzz-ndisc-rs: avoid assertion failure on samples which dont fit in pipe
  * network: wrap some long lines
  * networkd: fix memleak when the same NetDev is specified twice
  * networkd: refuse more than 128 NTP servers
  * Merge pull request #11807 from yuwata/test-vlan-mtu
  * shared/install: do not use a temporary variable outside of its scope
  * udev-builtin-usb_id: use strjoina to simplify code
  * udev-builtin-usb_id: guard against overflow when reading descriptor data
  * meson: remove workaround for old meson bug with command quoting
  * man: create .so links for sd_bus_close_{unref,unrefp}
  * README: mention that we need tzdata >= 2014f
  * test-time-util: use standard intro and print timezones read from file
  * Merge pull request #11834 from martinpitt/network-test-fixes
  * Merge pull request #11243 from poettering/nspawn-root-overlay
  * Merge pull request #11863 from poettering/subvol-no-submount
  * Merge pull request #11472 from poettering/sd-bus-ref-tweak
  * tests: use the test helpers in more places
  * bus: make reference counting non-atomic
  * sd-hwdb: use non-atomic reference counters
  * sd-hwdb: some minor logging and style updates
  * sd-netlink: do not use atomic reference counters
  * Remove now-unused refcnt.h
  * sd-hwdb: fix off_t vs. size_t confusion in cast
  * resolved: use a temporary Set to speed up dns question parsing
  * resolve: split the RR comparison function in two
  * resolved: when adding RR to an answer, avoid comparing keys twice
  * fuzz-dns-packet: add test case with lots of labels
  * docs: add a note about compilation options
  * Merge pull request #11896 from poettering/shutdown-fixes
  * pkgconfig: avoid double slash with split-usr configuration
  * Merge pull request #10495 from poettering/login-boot-hookup
  * meson: use a convenience library for the sources shared between core/ and the outside
  * meson: drop "_la_" from variable name
  * shared/bootspec: minor simplification
  * shared/bootspec: treat empty EFI vars as missing
  * shared/bootspec: do not fail on errors when reading EFI vars
  * build-sys: disable -Wstring-plus-int
  * test-execute: avoid undefined variable warning when compiled w/o seccomp
  * systemd-analyze: support cat-config kernel/install.d
  * efi: wrap some long lines
  * nspawn: fix memleak uncovered by fuzzer
  * kernel-install/50-depmod: use standard header
  * kernel-install: add --verbose
  * kernel-install: rename $BOOT_DIR[_ABS] to $ENTRY_DIR[_ABS]
  * bootctl: create $BOOT/<machine-id> when installing sd-boot
  * kernel-install: create the entry directory only if $BOOT/$MACHINE_ID exists
  * man: say $BOOT not /boot in kernel-install(8)
  * Merge pull request #11897 from mrc0mmand/parallelize-TEST-24-UNIT-TESTS
  * Merge pull request #11943 from yuwata/device-action-seqnum-cleanups
  * boot: avoid 32-bit calculation for a 64-bit lvalue
  * shared/bootspec: avoid going through -1 when calculating array index
  * Merge pull request #11927 from poettering/network-namespace-path
  * Merge pull request #11964 from mrc0mmand/even-more-fuzzers
  * nspawn: fix memleak uncovered by fuzzer
  * fuzz: limit the maximum size of test inputs for a few parsers
  * tests: install "head" in the image
  * Merge pull request #11986 from poettering/util-split
  * bootctl: use path_join() to join paths
  * Merge pull request #11993 from poettering/resolved-stub-edns-size
  * Merge pull request #11985 from poettering/clean-dir
  * man: standarize on one-line license header
  * man: use same header for all files
  * Merge pull request #12000 from poettering/split-more-util
  * tests: install /usr/bin/dbus-broker when using dbus-broker
  * tree-wide: spell "lifecycle" without hyphen everywhere
  * fstab-generator: do not print double header
  * man: tell generator writers to provide authorship and source information
  * analyze: reword explanation in critical-chain header
  * Merge pull request #11658 from yuwata/systemd-id128
  * man,units: document what user "default.target" is a bit
  * man: reorder and add examples to systemd-analyze(1)
  * shared/bootspec: avoid signed-unsigned comparison
  * seccomp: shm{get,at,dt} now have their own numbers everywhere
  * seccomp: allow shmat to be a separate syscall on architectures which use a multiplexer
  * test-execute: allow filtering test cases by pattern
  * basic/fd-util: refuse "infinite" loop in close_all_fds()
  * test-execute: block /sys not /proc
  * Handle or voidify all calls to close_all_fds()
  * fuzz-calendarspec: actually run the second part of the fuzzer
  * bus: fix memleak on invalid message
  * Revert "Revert "units: lock down logind with fs namespacing options""
  * Merge pull request #12028 from poettering/start-limit-hit
  * util-lib: use a fixed buffer size for terminal path
  * Merge pull request #12005 from poettering/exec-dir-fixup
  * Merge pull request #12034 from poettering/stdio-bridge-fixes
  * Merge pull request #12024 from poettering/bindtoifindex
  * Merge pull request #12047 from poettering/cryptsetup-fixlets
  * Merge pull request #12033 from fbuihuu/watched-process-improvments
  * TODO: add some bootctl items
  * test-alloc-util: add a smoke test for greedy_realloc
  * sd-bus: avoid IN_SET() invocation with two identical values
  * sd-bus: reduce scope of variable
  * test-fileio: avoid warning about ineffective comparison
  * nspawn-oci: use SYNTHETIC_ERRNO
  * Merge pull request #9762 from poettering/nspawn-oci
  * nspawn-oci: add helper function for free_and_strdup with oom check
  * util-lib: get rid of a helper variable
  * sd-id128: look for invocation id in environment first, keyring second
  * man: document error values for sd_id128_get_*()
  * man: make separate "Errors" sections subsection of "Return value"
  * Merge pull request #12059 from poettering/nspawn-typos
  * Merge pull request #12057 from poettering/chown-tty
  * Merge pull request #12052 from poettering/systemctl-fixlets
  * Merge pull request #12014 from poettering/systemctl-exit-fix
  * nspawn: add --no-pager switch
  * Merge pull request #12020 from mrc0mmand/test-functions-interactive-debug
  * hwdb: make ids_parser.py compatible with pyparsing-2.3.0+
  * fuzz-nspawn-oci: add fuzzer for the oci bundle loader
  * nspawn-oci: use _cleanup_ in one more place
  * nspawn-oci: mount source is optional
  * NEWS: prepare for v242
  * man: update description of initrd in bootup(7)
  * man: clarify that ExecStop= is always called
  * NEWS: add missing word
  * Merge pull request #12072 from poettering/string-table-fixes
  * Merge pull request #12055 from poettering/save-argc-argv
  * udev/link-config: rename MACPolicy to MACAddressPolicy
  * nspawn-oci: fix double free
  * Merge pull request #12087 from yuwata/fix-condition-free-list
  * Merge pull request #12089 from mrc0mmand/journalctl-bash-comp-redirection
  * hwdb: update for v242
  * Merge pull request #12105 from poettering/api-vfs-mount-flags
  * logind: reword the polkit prompt for reboot parameter
  * Merge pull request #12106 from poettering/nosuidns
  * test-execute: provide custom failure message
  * test-execute: skip flaky test when we can't unshare namespaces
  * systemctl: define less stuff when !HAVE_SYSV_COMPAT
  * util-lib: fix sentence in comment
  * Merge pull request #12109 from poettering/sleep-minifixes
  * shared/install: try even harder to make sure variable is initalized
  * test-fileio: do not use variable before checking return value
  * headers: remove unneeded includes from util.h
  * Voidify more mkdir_p calls
  * journalctl: voidify mkdir_p() call and unify two similar code paths
  * man: clarify the role of OnBootSec= in containers
  * test-terminal-util: add function logging
  * Remove variable only used for an assert
  * test-terminal-util: fix sigsegv when compiled without asserts
  * core: avoid unnecessary cast
  * meson: disable warnings about unused variables for NDEBUG builds
  * Merge pull request #12115 from poettering/verbose-job-enqueue
  * headers: add missing includes
  * Merge pull request #12133 from poettering/rseq-whitelist
  * Merge pull request #12137 from poettering/socket-var-run
  * Merge pull request #12140 from poettering/copy-early
  * Merge pull request #12138 from poettering/doc-ip-allow-src-dst
  * Merge pull request #12146 from yuwata/test-network-wait-online
  * Merge pull request #12048 from jengelh/master
  * meson: indentation
  * meson: stop creating enablement symlinks in /etc during installation
  * NEWS: document the change to installation
  * Merge pull request #12183 from poettering/askpwargv
  * Merge pull request #12186 from poettering/lgtm-updates
  * Merge pull request #12185 from poettering/login-unstore-fd
  * Merge pull request #12013 from yuwata/fix-switchroot-11997
  * test: use newer verb to set log levels
  * core: use a temporary variable for calculation of seccomp flags
  * basic/log: log any available location information in log_syntax()
  * pid1: pass unit name to seccomp parser when we have no file location
  * Merge pull request #12121 from poettering/contrib
  * build-sys: bump package version
  * docs: update release steps for meson
  * kernel-install: add a check that the vmlinuz arg is sane
  * test-seccomp: fix compilation on arm64
  * seccomp: rework how the S[UG]ID filter is installed
  * docs: let's not close the milestone early
  * docs: also document updates to stable repo
  * Merge pull request #12205 from keszybz/update-release-docs
  * Merge pull request #12198 from keszybz/seccomp-parsing-logging
  * shared: add a single definition of libmount cleanup functions
  * sd-id128: expose ID128_UUID_FORMAT_STR
  * tree-wide: use SD_ID128_UUID_FORMAT_STR as appropriate
  * efivars: add helper to format efivarfs path
  * bootctl: replace "type" with "source" in output
  * bootspec: remove now-unused boot_entry_type_table
  * bootctl: check if files specified by boot entry exist, and warn if not
  * bootctl: emit extra warning if the default boot entry is broken
  * bootctl: urlify .conf files
  * logind: linewrap some long lines and remove unnecessary conditional
  * sysusers: add missing initalizer
  * sysusers: use return_error_errno() where possible
  * Merge pull request #12245 from poettering/empty-or-dash
  * man: say that .link NamePolicy= should be empty for Name= to take effect
  * man: add a lengthy example for NamePolicy= debugging
  * NEWS: add mention of time-set.target
  * Merge pull request #12241 from keszybz/two-man-link-additions
  * test-libmount: let's see how libmount parses stuff
  * pid1,shutdown: do not cunescape paths from libmount
  * Merge pull request #12223 from yuwata/network-wireguard-preshared-key-file
  * Merge pull request #12252 from keszybz/libmount-dont-unescape
  * man: add a page for systemd-udev-settle.service
  * systemd-udev-settle.service: emit deprecation notice
  * Merge pull request #12270 from yuwata/test-set-longer-timeout
  * bus-message: validate signature in gvariant messages
  * sd-bus: add define for the maximum signature length
  * sd-bus: add define for the maximum name length
  * NEWS: update contributors and date
  * test: filter out messages when stripping binaries
  * scripts: use 4 space indentation
  * shell-completion: use 4 space indentation too
  * shell-completion/zsh: add -*type*- headers
  * CODING_STYLE: adjust indentation rules, and add note about config loading
  * test-env-util: allow $PATH to be unset
  * test-exec-util: do not call setenv with NULL arg
  * core: vodify one more call to mkdir
  * Add fopen_unlocked() wrapper
  * Make fopen_temporary and fopen_temporary_label unlocked
  * Add fdopen_unlocked() wrapper
  * core/smack-setup: add helper function for openat+fdopen
  * Add open_memstream_unlocked() wrapper
  * Add fmemopen_unlocked() and use unlocked ops in fuzzers and some other tests
  * Merge pull request #12289 from poettering/news-pid-max
  * network: avoid warning about unaligned pointers
  * sd-netlink: align table
  * sd-bus: add symbol to tell linker that new vtable functions are used
  * sd-bus: allow vtable format structure to grow in the future
  * sd-bus: use _cleanup_ for struct introspect
  * sd-bus: split introspection into the content creation and reply creation parts
  * Merge pull request #12346 from poettering/accept-flush
  * basic/socket-util: fix typo and reword comment
  * basic/socket-util: put a limit on the loop to flush connections
  * Merge pull request #12320 from mrc0mmand/tweak-start-timeout-in-TEST-16-EXTEND-TIMEOUT
  * test-bus-{vtable,introspect}: share data and test introspect_path()
  * busctl: add introspect --xml-interface
  * sd-bus: when running user find function don't trust the value to be initialized
  * man: document sd_bus_add_{object,fallback}_vtable
  * meson: do not use f-strings
  * shared/mount-util: convert to libmount
  * mount-tool: use libmount to parse /proc/self/mountinfo
  * Add helper function for mnt_table_parse_{stream,mtab}
  * shared/mount-util: make sure utab is ignored in umount_recursive()
  * man: describe interaction with ProtectHome=/InaccessiblePaths= in BindMount=
  * Merge pull request #12376 from mrc0mmand/deal-with-backslashes-in-completion
  * Merge pull request #12316 from yuwata/network-prevent-multiple-initialization-12315
  * Merge pull request #12382 from yuwata/wireguard-12377
  * Merge pull request #12332 from cdown/default_min
  * core: adjust unit_get_ancestor_memory_{low,min}() to work with units which don't have a CGroupContext
  * network: drop "return 1" when the return value is ignored by all callers
  * Merge pull request #12074 from poettering/io-acct
  * Merge pull request #12394 from poettering/oncalendar-tweak
  * run: reword a comment
  * basic/virt: try the /proc/1/sched hack also for PID1
  * basic/virt: treat "podman" as separate container type
  * Merge pull request #12434 from poettering/rm-rf-children-take-ptr
  * udev/cdrom_id: drop unneeded parentheses
  * Merge pull request #12440 from poettering/realloc-again
  * network: remove redunant link name in message
  * shared/utmp-wtmp: avoid gcc warning about strncpy truncation
  * scsi_serial: replace &foo[n] by foo+n
  * Merge pull request #12481 from ssahani/dhcp-max-retry
  * Merge pull request #12475 from yuwata/network-fix-12452
  * shared/utmp-wtmp: silence gcc warning about strncpy truncation
  * scsi_serial: replace some crazy strncpy() calls by strnlen()
  * check-directives: use diff to show what the differences really are
  * fuzz: fix spelling of MACsec and MACAddress in the corpus
  * basic/log: use colors to highlight messages like journalctl
  * Enable log colors for most of tools in /usr/bin
  * journalctl,shared/log: use yellow for warnings
  * udevadm: drop pointless must_be_root() checks
  * bless-boot: drop must_be_root() checks
  * bootctl: drop must_be_root() checks
  * systemctl: drop one must_be_root_check()
  * shared/verbs: drop now-unused VERB_MUST_BE_ROOT
  * systemctl: show a hint if root privileges might yield more information
  * Merge pull request #12507 from poettering/random-fixlets
  * Merge pull request #12489 from ssahani/vxlan
  * Merge pull request #12445 from cdown/dmm_docs
  * man: merge items specified as separate lists into one list
  * meson: add build/man/man and build/man/html to build and display pages
  * meson: default to -Dman=false to make development quicker
  * Merge pull request #12230 from poettering/varlink-minimal
  * test-alloc-util: add "test" that cleanup functions are done in expected order
  * man: describe naming schemes in a new man page
  * udev: fix various comments
  * udev: drop "en" prefix from ID_NET_NAME_ONBOARD
  * sd-event: add sd_event_source_disable_unref() helper
  * sd-event: add sd_event_source_disable_unrefp() too
  * Use sd_event_source_disable_unref()
  * journalctl: improve error messages
  * Merge pull request #12535 from poettering/color-grey
  * Merge pull request #12515 from evverx/fix-fuzzers-in-local-mode
  * analyze: drop redundant call to calendar_spec_normalize()
  * analyze: add 'timestamp' verb
  * shared/calendarspec: make output arg optional
  * terminal-util: define yellow as "Khaki3"
  * shared/logs-show: show audit logs in blue
  * shared/varlink: add missing setting of output_buffer_allocated
  * man: add missing =
  * man: rework forward/reverse table in systemd.unit(5)
  * bootclt: add missing column
  * bootctl: add -x shortcut for --print-boot-path
  * bootctl: do not allow -x and -p to be used together
  * test: search $BOOT for kernel+initrd
  * test: rename TEST-31-OOMPOLICY to TEST-32-OOMPOLICY
  * TEST-32-OOMPOLICY: drop unneeded headers
  * test: run check-directives.sh as part of the test suite
  * tests: install perl for CI
  * travis: use variable to avoid one call
  * core/service: drop {}
  * core: do an extra check if oom was triggered when handling sigchild
  * core/dbus-execute: remove unnecessary initialization
  * shared/cpu-set-util: move the part to print cpu-set into a separate function
  * shared/cpu-set-util: remove now-unused CPU_SIZE_TO_NUM()
  * basic/time-util: make output argument optional
  * analyze: give a hint about calendar/timestamp/timespan use
  * analyze: also print unix time in "timestamp"
  * cgtop,test: use consistent capitalization for CGroup
  * Introduce sc_arg_max() helper
  * test-utf8: add function headers and rename tests after functions they test
  * shared/cgroup-show: fix off-by-one in column counting
  * util-lib: add truncation based on printable width to utf8_escape_non_printable()
  * Rework cmdline printing to use unicode
  * util-lib: do not truncate kernel comm names
  * TODO: update
  * basic/escape: add truncation to xescape too
  * basic/process-util: convert bool arg to flags
  * Add 8bit-version of get_process_cmdline() and use in cgroup-show.c
  * basic/utf8: reduce memory usage
  * login: use _cleanup_ to simplify error handling
  * man: add note which tmpfiles services read which files
  * sd-bus: improve error message for invalid org.freedesktop.DBus.Properties.Set signature
  * core: unset HOME=/ that the kernel gives us
  * man: add note that %h/%u/%U are mostly useless
  * man: tweak description of #12247 a bit
  * pid1: improve message when setting up namespace fails
  * man: reword systemd.socket(5) description to avoid "file" when talking about services
  * Merge pull request #12431 from poettering/tmpfiles-chmod-chown-order
  * Merge pull request #12645 from poettering/journal-mmap-einval
  * Merge pull request #12430 from poettering/seccomp-kill-process
  * Merge pull request #12653 from yuwata/test-network-improvements-2
  * rules: enable hardware-related targets also for user instances
  * Merge pull request #12679 from yuwata/journal-issue-12400
  * NEWS: add some entries
  * Merge pull request #12392 from poettering/firstboot-salt
  * Merge pull request #12390 from poettering/string-file-mkdir
  * Merge pull request #12437 from poettering/chmod-and-chown-rewrite
  * Rework cpu affinity parsing
  * Move cpus_in_affinity_mask() to cpu-set-util.[ch]
  * test-cpu-set-util: add simple test for cpus_in_affinity_mask()
  * test-cpu-set-util: add a smoke test for test_parse_cpu_set_extend()
  * pid1: parse CPUAffinity= in incremental fashion
  * pid1: don't reset setting from /proc/cmdline upon restart
  * pid1: when reloading configuration, forget old settings
  * test-execute: use CPUSet too
  * shared/cpu-set-util: drop now-unused cleanup function
  * Merge pull request #12690 from yuwata/test-network-and-man-netdev
  * test-cpu-set-util: add test for dbus conversions
  * shared/cpu-set-util: only force range printing one time
  * Merge pull request #12646 from yuwata/networkctl-use-table
  * Merge pull request #12636 from mbroz/master
  * test-user-util: add simple test for make_salt()
  * networkd: rewrite condition to make it easier to understand
  * shared/varlink: add missing terminator in json strings
  * Revert "varlink: initialize Varlink with 0"
  * shared/varlink: add missing va_end()
  * basic/memory-util: do not "return" anything from memzero() macro
  * networkd: shorter two error statements a bit
  * sd-journal: voidify call
  * Merge pull request #12707 from yuwata/test-network-lsan-options
  * networkctl: shorten Minimum/Maximum to min/max
  * Merge pull request #12700 from yuwata/udev-propagate-critical-errors
  * Merge pull request #12666 from yuwata/networkctl-show-stats
  * Merge pull request #12619 from zachsmith/refactor-parse-sleep-config
  * test-sleep: also print parsed modes and states
  * networkctl: log quietly if we fail to get bit rates
  * sd-bus: improve bus error message for uknown properties
  * busctl: always prefix bus error message with local string
  * shared/generator: voidify mkdir_parents() call
  * test-cpu-set-util: fix comparison for allocation size
  * test-cpu-set-util: fix allocation size check on i386
  * Merge pull request #12734 from keszybz/cpu-set-util-on-i386
  * Merge pull request #12733 from keszybz/sd-bus-error-reporting
  * meson: escape dots in man/man helper
  * Move warning about unsupported BPF firewall right before the firewall would be created
  * Silence warning about BPF firewall in containers
  * man/man: refer to the right build directory in the helpers
  * man: mention quoting in description of Parameters=
  * udevadm trigger: log errors and return first failure
  * Merge pull request #12744 from yuwata/test-network-stability-dhcp-tests
  * tmpfiles: also prefix C source paths with --root
  * man: add "quick reference" to tmpfiles.d(5)
  * networkd-tests.py: remove unused import
  * networkd-tests.py: add helpers to common subprocess call patterns
  * networkd-tests.py: use check_output() instead of unittests' assertEqual()
  * networkd-tests.py: remove some java-style boilerplate
  * networkd-tests.py: properly escape pluses in regexps
  * NEWS: add note about the CPUAffinity= changes
  * Merge pull request #12511 from ssahani/high-avilability-12050
  * Merge pull request #12738 from yuwata/network-routing-policy-cleanup
  * Merge pull request #12685 from yuwata/network-dhcp-assign-adn-remove-12676
  * Merge pull request #12779 from pwithnall/minor-fixes
  * Merge pull request #12424 from poettering/logind-brightness
  * system-update-generator: do not emit bogus warning if no /system-update symlink
  * zsh: add completion for systemctl preset-all
  * test-bus-marshall: add a hopefully helpful comment
  * journal: also disable memory tricks when hashing under msan
  * Merge pull request #12794 from yuwata/network-configure-without-carrier
  * Merge pull request #12796 from yuwata/test-network-use-wait-online
  * Merge pull request #12753 from jrouleau/fix/hibernate-resume-timeout
  * man: clean up naming scheme description a bit
  * libsystemd-network: rename net_get_name() to net_get_name_persistent()
  * udev: introduce NAMING_STABLE_VIRTUAL_MACS (retroactively)
  * Merge pull request #12805 from yuwata/test-network-cleanups
  * Merge pull request #12828 from yuwata/network-routing-policy-rule-add-missing-entries
  * Merge pull request #12868 from poettering/doc-243-fixes
  * logind: remove unused check
  * logind: log operation details when starting actions
  * networkd: rework warning and debug messages about address addition and removal
  * bootctl: fix display of options with embedeed newlines
  * core: move assert before actual use of the variable
  * man: move description of how conditions are combined to the beginning
  * core: do not enumerate units in MANAGER_TEST_RUN_MINIMAL mode
  * Merge pull request #12890 from yuwata/fix-conf-parser-12883
  * Merge pull request #12894 from stapelberg/patch-1
  * analyze: add 'condition' verb
  * shared/condition: fix printing of ConditionNull=
  * core: skip whitespace after "|" and "!" in the condition parser
  * Merge pull request #12760 from zachsmith/systemd-sleep_resume_offset
  * Reindent some things for readability
  * Rename EXTRACT_QUOTES to EXTRACT_UNQUOTE
  * udev: move rules logging functions into the .c file
  * udev: move rule structure definitions into the .c file
  * udev-event: use normal pointer ops where appropriate
  * udev-rules: add precise information to rule failure logs
  * udev-rules: add more info to errors about attr formats
  * Merge pull request #12887 from fbuihuu/coredump-cleanup-part-1
  * udev: tiny fix to debug message
  * udev: don't force device ownership and mode on every event
  * Merge pull request #12908 from yuwata/udevadm-completion-action
  * Merge pull request #12907 from yuwata/meson-default-libidn2
  * Treat kernel version condition as a list of quoted checks
  * test-condition: do not accidentally treat error as passing condition
  * basic/log: drop parens from around file location information
  * Merge pull request #12888 from yuwata/network-udev-property-support
  * basic/log: put location in a dark shade of yellow
  * shared/logs-show: indentation
  * Merge pull request #12912 from yuwata/network-move-functions
  * meson: create /var/log/journal/{,remote/} conditionally
  * meson: drop varlogdir variable
  * basic/log: add a define for path relative to source root
  * tree-wide: use PROJECT_FILE instead of __FILE__
  * udev: warn when we fail to parse udev.conf
  * basic/log: omit ":0" from message when line number is not specified
  * udevd: open log output early
  * basic/time-util: add helper function to check if timestamp is set
  * pid1: use monotonic timestamp in dump if realtime is not available
  * Merge pull request #12964 from yuwata/network-bridge-vlan-issue-12958
  * Create FUNDING.yml
  * FUNDING: this needs to be yaml
  * Merge pull request #12972 from intelfx/cryptsetup-enable-libcryptsetup-debug
  * nspawn: fix abort when we cannot execve
  * pid1: fix serialization/deserialization of commmands with spaces
  * shared/dm-util: use strncpy_exact() to silence gcc
  * networkd: silence bogus gcc warning about %s
  * test: add _cleanup_(erase_and_freep)
  * Use _cleanup(free_and_erasep) where appropriate
  * reply-password: define main through macro
  * systemctl: allow "cat" on units with bad settings
  * pid1: tiny simplification
  * Add config and kernel commandline option to use short identifiers
  * Use unit->id instead of description in messages
  * Remove string_free_erase
  * shared/logs-show: urlify CONFIG_FILE in short mode
  * shared/logs-show: urlify CONFIG_FILE in verbose mode
  * Remove string_erase
  * test-strv: test strv_free_erase() a little bit
  * boot,shared: share the definitions of EFI_LOADER_FEATURE macros
  * bootctl,sd-boot: define EFI_LOADER_FEATURE_XBOOTLDR
  * pid1: shorten dump output a bit by not repeating unit id twice
  * test-alloc-util: assert on the return value to appease coverity
  * test: minor modernization
  * udevd: add helper with error handling to synthesize "change" events
  * test-process-util: invert reporting to make sure that we're not dividing by 0
  * shared/ask-password-api: backspace all chars at once
  * Merge pull request #13036 from poettering/more-doc-fixes
  * systemctl: emit warning when we get an invalid process entry from pid1 and continue
  * pid1: fix GetUnitProcesses
  * Apply empty_to_root() in three more spots for safety
  * analyze: fix formatting of timestamps with 0 µs
  * Merge pull request #13062 from yuwata/analyze-use-table
  * systemctl: print non-elapsing timers as "n/a" not "(null)"
  * run: move comment to appropriate place
  * pid1: split out helper func for two similar code paths
  * pid1: split out another helper func for two similar code paths
  * tree-wide: use lowercase table headers
  * Merge pull request #13067 from yuwata/news-network-section
  * Merge pull request #13038 from poettering/pam-fixes
  * Merge pull request #13076 from keszybz/pr/13062
  * Merge pull request #13082 from ddstreet/minor
  * Merge pull request #12927 from fbuihuu/coredump-cleanup-part-2
  * shared: fix assert call
  * shared: voidify call to loop_write() and trim duplicate code
  * coredumpctl: use free_and_replace in one more place
  * coredumpctl: check return value
  * nspawn: fix memleak in argument parsing
  * nspawn: fix misplaced parenthesis and merge two error handling paths
  * shared/conf-parser,networkd: EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE → EXTRACT_UNQUOTE
  * test-networkd-conf: add missing assert
  * sd-bus: voidify two calls to hashmap_iterate()
  * sd-device: voidify and simplify calls to ordered_hashmap_iterate()
  * firstboot: use free_and_strdup, free_and_replace
  * firstboot: only list all options on demand
  * firstboot: fix hang waiting for second Enter on input
  * firstboot: actually accept empty input to mean skip
  * basic/macro: drop do {} while(0) from assert_not_reached
  * Drop trailing slash from assert_cc() definition
  * Rewrite IN_SET()
  * man: rework the description of Aliases and .wants/.requires directories
  * pid1: kill unit_file_find_dropin_paths() helper
  * systemctl: call the unit dbus path dbus_path everywhere
  * Merge pull request #13103 from anitazha/conditiondocs
  * shared/conf-parser: be nice and ignore lines without "="
  * shared/conf-parser: emit a nicer warning for something like "======"
  * shared/conf-parser: say "key name" not "lvalue", add dot
  * man: add note about systemctl stop return value
  * Merge pull request #13102 from mbiebl/nologin-path
  * Merge pull request #13097 from poettering/mount-state-fix
  * meson: update hint in man/rules/
  * pid1: order jobs that execute processes with lower priority
  * Merge pull request #13070 from yuwata/network-set-route-to-dhcp-dns
  * test-path-util: add function headers
  * path-util: add path_startswith_strv()
  * basic/unit-name: drop unused function
  * basic/unit-name: allow unit_name_to_instance() to be used to classify units
  * sysusers,strv: export the hash ops to map char* → strv
  * test-strv: add function headers
  * basic/hashmap: add hashops variant that does strdup/freeing on its own
  * test-hashmap: move tests which should also apply to ordered hashmaps and add comment
  * test-unit-file: move some tests to new test-env-file.c
  * Rename test-unit-file to test-load-fragment
  * pid1: simplify timestamp buffer declaration
  * pid1: do not say "(null)" if no disabled controllers
  * basic/set: constify operations which don't modify Set
  * pid1: get rid of unit_supported() helper
  * basic/path-util: move two path_simplify* functions to be adjacent
  * shared/dropin: use TAKE_PTR in one more place
  * shared/dropin: rename function for clarity
  * Create src/shared/unit-file.[ch] for unit-file related ops
  * fs-util: adjust punctuation in comments
  * test-fs-util: call test functions in order of declaration
  * journal: emit debug log about settings only once (or when changed)
  * Merge pull request #13096 from keszybz/unit-loading
  * man: describe $LESS options more fully
  * pid1: make sure we look at /proc/1/cmdline when parsing config
  * pstore: refuse to run if arguments are specified
  * Merge pull request #13131 from yuwata/pstore-follow-ups
  * meson: catch programs which ignore arguments
  * timedated: add back support for ntp-units.d/
  * timesyncd: add ntp-units.d/ entry for timesync
  * timesyncd: add Conflicts for ntpd and chronyd
  * Merge pull request #13145 from poettering/nss-gateway-fix
  * Merge pull request #13144 from poettering/nspawn-modprobe
  * tmpfiles: stop creating /etc/localtime symlink
  * tmpfiles: copy files to /etc only on boot
  * sd-boot: silence one warning about pointer cast
  * Merge pull request #13137 from poettering/efi-random
  * Merge pull request #13191 from poettering/sysctl-no-fail
  * man: reword description of "-" for sysctl.d
  * bootctl: log message tweaks
  * test-chase-symlinks: manual test to call chase_symlinks()
  * fs-util: CHASE_NOFOLLOW is not limited to CHASE_OPEN
  * journald: lower keep_free to 5% and raise min_use to 2%
  * Merge pull request #13120 from keszybz/journal-min-use
  * Merge pull request #13203 from yuwata/update-ja-po
  * shared/exit-status: turn status level into a bitmask, add "test"
  * shared/exit-status: add exit_status_from_string()
  * shared/bitmap: constify various operators which don't modify bitmap
  * shared/exit-status: use Bitmap instead of Sets
  * bus-util: convert bus_log_{parse,create}_error into defines
  * shared/bus-util: fix dbus serialization of {RestartPrevent,RestartForce,Success}ExitStatus
  * pid1,systemctl: allow symbolic exit code names
  * pid1: fix message about triggers missing services
  * systemctl: do print all statuses/signals received from pid1
  * units: use symbolic exit code names
  * analyze: add exit-codes verb
  * NEWS: add entry about exit status changes
  * Merge pull request #13212 from poettering/sleep-conf-default
  * pid1: use LOG_DEBUG/INFO/NOTICE for unit resource consumption message
  * shared/install: typo
  * Merge pull request #13219 from poettering/named-exit-codes-tweaks
  * test: use "ln -fs"
  * TEST-15-DROPIN: add test for details of unit aliasing
  * shared/unit-file: add a function to validate unit alias symlinks
  * pid1: use a cache for all unit aliases
  * analyze: add "unit-files" to dump the unit fragment map
  * pid1: drop unit caches only based on mtime
  * test-unit-file: allow printing of information about specific units
  * Merge pull request #13189 from yuwata/network-initrd-generator-unit
  * NEWS: more entries and some rewordings
  * Merge pull request #13239 from poettering/coverity-fixes
  * cryptsetup: use unabbrieviated variable names
  * cryptsetup: don't assert on variable which is optional
  * Merge pull request #13243 from keszybz/two-cryptsetup-quickfixes
  * Merge pull request #13253 from yuwata/udev-update-logs
  * libsystemd-network: make option_append() atomic and make the code a bit clearer
  * sd-hwdb: use return value from ordered_hashmap_iterate()
  * pid1: replace asprintf() with strjoin()
  * timedated: minor code simplifications
  * Merge pull request #13258 from yuwata/login-revert-handle-ignore-assertion
  * shared/exit-status: fix lookup
  * shared/exit-status: fix off-by-one in comment
  * meson: create (empty) /etc/systemd/system during installation
  * timedated: log about unit enablement actions and enhance logs in general
  * timedated: always enable&start the service with highest priority
  * shared/unit-file: fix systemctl cat user@.service
  * Merge pull request #13298 from RPigott/busctl
  * Merge pull request #13273 from RPigott/zshcomp
  * Merge pull request #13317 from ddstreet/werror
  * udev: assume all devices which have persistent links also need to be watched
  * udev: allow persistent storage rules work for ubi devices
  * Revert "shared/conf-parser,networkd: EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE → EXTRACT_UNQUOTE"
  * Merge pull request #13345 from yuwata/network-fix-preferred-lifetime-zero-13341
  * Merge pull request #13235 from yuwata/network-routing-policy-rule-family-13233
  * man: owned to → owned by
  * systemctl: use unicode in one more place
  * analyze: make cat-config work with relabel-extra.d
  * Rename tmpfiles.d/kmod.conf to static-nodes.conf
  * shared/seccomp: add sync_file_range2
  * tmpfiles: override permissions of static nodes that need this
  * core: remove one {}
  * shared/user-util: add compat forms of user name checking functions
  * shared/user-util: allow usernames with dots in specific fields
  * basic/build.h: fix typo
  * test-event: stop debugging spew
  * test-journal-flush: provide at least *some* logs
  * id128: actually support --pretty
  * Merge pull request #13367 from poettering/null-console-fixes
  * shared/watchdog: close watchdog device when done with it
  * pid1: after creating transient drop-ins, put file in path cache
  * pid1: always log successfull process termination quietly
  * Merge pull request #13365 from keszybz/fix-commits-from-pr-13246
  * hwdb: update for v243-rc2
  * NEWS: update contributors list
  * Merge pull request #13402 from jwrdegoede/accel-quirks
  * network: drop all checks of ipv6_disabled sysctl
  * core: stop removing non-existent and duplicate lookup paths
  * manager: put bin before sbin for user instances
  * kernel-install: do not require non-empty kernel cmdline
  * shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description()
  * test-bus-vtable: also print introspection for the fallback vtable
  * sd-bus: adjust indentation of comments
  * resolved: do not run loop twice
  * resolved: allow access to Set*Link and Revert methods through polkit
  * resolved: query polkit only after parsing the data
  * shared/user-util: emit a warning on names with dots
  * docs: new systemd-security mailing list
  * docs: create new SECURITY.md page
  * Merge pull request #13433 from keszybz/new-security-mailing-list
  * Merge pull request #13384 from yuwata/core-runtime-directory-preserve
  * environment-d-generator: output logs in debug mode
  * docs: describe valid unit names in systemd.unit(5)
  * shared/unit-files: we must not filter out names starting with a dot
  * shared/unit-files: only put valid unit paths and dropin dirs in the cache
  * shared/virt: update link to vmware article
  * Revert "core: check start limit on condition checks too"
  * Merge pull request #13385 from yuwata/core-remove-private-directories-13355
  * Merge pull request #13440 from keszybz/failing-condtion-check
  * Merge pull request #13457 from keszybz/resolved-issue
  * NEWS: update contributors list
  * Update NEWS for v243
  * docs: fix push recipe in RELEASE.md
  * Merge pull request #13484 from evverx/look-at-repo-slug
  * TODO: add stuff about timers
  * man: fix description of ARPIntervalSec= units
  * man: remove repeated words
  * Merge pull request #13500 from yuwata/udev-fix-static_node
  * polkit: change "revert settings" to "reset settings"
  * resolved: fix abort when recv() returns 0
  * Merge pull request #13519 from yuwata/udev-fix-multi-match
  * Merge pull request #13439 from yuwata/core-support-systemctl-clean-more
  * Merge pull request #13405 from yuwata/network-ipv6-privacy-extensions-cleanup
  * logind: use newer ret var naming style
  * logind: shorten code a bit
  * update-utmp: define main() through macro
  * core/mount-setup: use conf_files_list_strv() for relabel-extra.d/
  * basic/conf-files: make conf_files_list() take just a single directory
  * Merge pull request #13551 from keszybz/ll-no-default-route
  * basic/cgroup-util: let cgroup_unified_flush() return the detected hierarchy
  * util-lib: move yes_no() and friends to string-util.h
  * util-lib: move some functions from basic/cgroup-util to shared/cgroup-setup
  * util-lib: move runlevel_to_target() to shared/unit-file
  * util-lib: move shall_restore_state() to shared/reboot-util
  * util-lib: split shared/efivars into basic/efivars and shared/efi-loader
  * test-proc-cmdline: use test_setup_logging()
  * Add support for SystemdOptions EFI var to augment /proc/cmdline
  * man: document SystemdOptions variable
  * bootctl: add "system-options" verb
  * Merge pull request #13494 from yuwata/dhcp6-delay
  * Merge pull request #13565 from yuwata/network-drop-ipv6ll-address
  * Merge pull request #13300 from mrc0mmand/test-execreload
  * networkd: split out helper function for address extraction
  * networkd: use same order in _hash_func() and _compare_func()
  * networkd: make neighbor_hash_func() handle the same data as neighbor_compare_func()
  * Merge pull request #13508 from yuwata/network-route-fix-13506
  * networkd: unbreak routing_policy_rule_compare_func()
  * pid1: do not warn if /run/systemd/relabel-extra.d/ doesn't exist
  * Drop RATELIMIT macros
  * pid1: rename start_limit to start_ratelimit
  * tree-wide: say "ratelimit" not "rate_limit"
  * pid1: disable printk ratelimit in early boot
  * basic/log: put a ratelimit on our logging to /dev/kmsg
  * test-mountpoint-util: improve output a bit
  * test-arphdr-list: modernize and provide some useful output
  * basic: massively reduce the size of arphdr lookup functions
  * basic/arphrd: stop discriminating against NETROM and CISCO
  * units: make systemd-binfmt.service easier to work with no autofs
  * core: minor formatting adjustment
  * core: remove unused prototypes
  * core: add helper function to check job status
  * nspawn: default to unified hierarchy if --as-pid2 is used
  * nspawn: consistenly fail if parsing the environment fails
  * nspawn: rename UNIFIED_CGROUP_HIERARCHY to SYSTEMD_NSPAWN_UNIFIED_HIERARCHY
  * core: add support for RestartKillSignal= to override signal used for restart jobs
  * man: document the RestartKillSignal= setting
  * core: rework how logging level is calculated for kill operations
  * networkd: use SIGUSR2 to do a restart
  * networkd: drop DHCPv4 config on stop, keep on restart, by default
  * networkd: change SendRelease default to true
  * sd-dhcp-client: merge client_send_release() into sd_dhcp_client_send_release()
  * sd-dhcp-client: do not crash if sd_dhcp_client_send_release() is called with no lease
  * Merge pull request #13696 from keszybz/keep-dhcp-on-restart
  * Merge pull request #13246 from keszybz/add-SystemdOptions-efi-variable
  * Merge pull request #12818 from yuwata/network-issue-8726
  * Merge pull request #13645 from danielstuart14/master
  * networkd: split out repeated code to a helper function
  * Merge pull request #13690 from cdown/cgroup_rework
  * Merge pull request #13709 from zachsmith/systemd-tmpfiles-allow-append-to-file
  * pstore: allow specifying src and dst dirs are arguments
  * pstore: rework memory handling for dmesg
  * docs: fix inadvertent change in uid range
  * test: drop redirection to tty in integration tests
  * test: add function to reduce copied setup boilerplate
  * Merge pull request #13632 from fbuihuu/ask-password-some-reworks
  * test/TEST-31-DEVICE-ENUMERATION: do not use -x to avoid grep loop
  * Merge pull request #13746 from keszybz/tests-reduce-boilerplate
  * Move the Commands section above Options section
  * networkctl: add missing dots in --help
  * Highlight the synopsis and summary in --help
  * Merge pull request #13568 from ddstreet/ubuntu-ci-blacklists
  * Rename udev's rules/ to rules.d/
  * Rename udev's hwdb/ to hwdb.d/
  * parse_hwdb: bail with an error if no matches or groups are detected
  * parse_hwdb: process files in order
  * parse_hwdb: fix compatibility with pyparsing 2.4.*
  * core: turn unit_load_fragment_and_dropin_optional() into a flag
  * core/service: use common implementation of unit_load_fragment_and_dropin()
  * core: simplify unit_load() a bit
  * core: adjust load functions for other unit types to be more like service
  * shared/bus-unit-util: remove some empty lines
  * core: pass around pointer, not struct
  * Merge pull request #13663 from ssahani/dhcp-send-option-data
  * core: mark unit_*_printf() functions as taking a const Unit*
  * core/load-fragment: constify Unit* arguments where possible
  * core/load-fragment: remove unnecessary intialization
  * systemctl: emit warning if start is used with globs
  * udev: tag any display devices as master-of-seat when nomodeset is used
  * logind: drop {}
  * logind: fix emission of PropertiesChanged on seats
  * logind: fix emission of PropertiesChanged for users
  * mailmap: add entry to fix authorship of commit
  * journal-remote: reduce scope of variable
  * tty-ask-password: fix dead code path
  * update-utmp: remove dead conditional
  * Revert "sysusers: properly mark generated accounts as locked"
  * nspawn: fix handling of --console=help
  * man: reorder description of nspawn --console
  * networkctl: show carrier in green for loopback iface
  * networkctl: split out helper function
  * Merge pull request #13142 from yuwata/network-wifi-ssid-support-nl80211
  * network: split out functions to get ssid and bssid
  * networkctl: create the sd_device structure just once
  * networkctl: print ssid and bssid
  * Merge pull request #13452 from yuwata/network-reload
  * Remove unused plymouth_running() function
  * Move PLYMOUTH_SOCKET define to def.h and nuke plymouth-util.h
  * sd-device: allow sd_device_get_devtype to be called with NULL arg and do not assert
  * sd-netlink: constify object pointers passed to getters
  * sd-dhcp-client: remove unnecessary cleanup function
  * sd-dhcp-client: do not call assert in public functions
  * test-socket-util: avoid writing past the defined buffer
  * basic/fs-util: change CHASE_OPEN flag into a separate output parameter
  * various tools: be more explicit when a glob is passed when not supported
  * Merge pull request #13623 from yuwata/network-wifi-iftype
  * Merge pull request #13682 from zachsmith/systemd-sleep-prefer-resume-over-priority
  * resolved: avoid allocation
  * resolved: one less {}
  * resolved: make two functions static
  * resolved: send out notifications about DNS property
  * resolved: emit change for LLMNRHostname
  * resolved: emit change for CurrentDNSServer
  * shared/sleep-config: fix error handling for open
  * shared/sleep-config: two more error handling fixes, use structured initialization
  * meson: allow WatchdogSec= in services to be configured
  * Merge pull request #13635 from fbuihuu/no-aliases-with-enable
  * pid1: order .automount units after local-fs-pre.target
  * modules-load: do not fail service if modules are not present
  * Merge pull request #13423 from pwithnall/12035-session-time-limits
  * shared: small typo
  * pid1: log the reason why restart will or will not happen
  * machined: add UnregisterMachine method
  * nspawn: when stopping the machine, just deregister the machine
  * shared/logs-show: strip trailing carriage returns at EOL/EOF
  * machined: only Unref units that we AddRef'd
  * Merge pull request #13864 from fbuihuu/no-more-swap-autoactivation
  * man: split out description of Conditions and Assert to new section
  * man: reword description of triggering conditions
  * nspawn: wrap some long lines
  * network: rename SendOptions= to SendOption=
  * network: amend SendOption= to take a c-escaped string
  * NEWS: start preparations for v244
  * network: install wifi-adhoc.network by default, make wifi-{ap,station} examples
  * Merge pull request #13874 from keszybz/network-sendoption-cleanups
  * Merge pull request #13870 from irtimmer/check_ip_gnutls
  * NEWS: fix two typos
  * calendarspec: fix calculation of timespec iterations that fall onto a DST change
  * Merge pull request #13510 from medhefgo/boot
  * basic/signal-util: drop unnecessary parens
  * Merge pull request #13906 from yuwata/drop-missing-take2
  * shared/format-table: disable ellipsization when piped
  * run: propagate return code/status from the child
  * systemctl: simplify printing of Triggers/TriggeredBy
  * meson: remove strange dep that causes meson to enter infinite loop
  * man: put description of Wants= above Requires=
  * Merge pull request #13904 from keur/job_mode_triggering
  * man: describe ordering in case of Conflicts=
  * Merge pull request #13962 from keszybz/man-ordering
  * Merge pull request #13554 from keur/systemctl_status_timer
  * seccomp: add all *time64 syscalls
  * Add @pkey syscall group
  * shared/sleep-config: fix potential SEGV
  * core: constify bpf program arrays
  * bpf: refactor how we create device major:minor whitelists
  * bpf: do not bother adding device patterns after whitelisting the full class
  * bpf: return normally from whitelist_major()
  * test-bpf: rename to test-bpf-firewall
  * test-bpf-firewall: do not mlock() a large amount of memory
  * tests: move memlock helper to shared code
  * core: rename CGROUP_AUTO/STRICT/CLOSED to CGROUP_DEVICE_POLICY_…
  * core: move bpf devices implementation to bpf-devices.[ch] and rename
  * core: also split out helper to handle static device nodes
  * core: split out one more function
  * tests: make manager_skip_test() not a macro and move to tests.h
  * tests: make is_run_on_travis_ci() static
  * tests: get rid of test-helper.[ch] completely
  * tests: modify enter_cgroup_subroot() to return the new path
  * bpf: make bpf_devices_apply_policy() independent of any unit code
  * test-bpf-firewall: fix message
  * bpf: add trace logging
  * bpf: fix device type filter
  * bpf: fix off-by-one in class whitelisting
  * test-bpf-devices: new test for the devices bpf code
  * bpf: convert 'c'/'b' to bpf_type at the very end
  * bpf: optimize device type access away most of the time
  * bpf: make sure the kernel do not submit an invalid program if no pattern matched
  * test-bpf-devices: skip test on !unified
  * meson: avoid bogus meson warning
  * meson: use warning_level=2 by default
  * meson: apply our -Wno-* options also in c++ calls
  * Merge pull request #13862 from zachsmith/systemd-tmpfiles-deprecate-for-force
  * test-unit-name: add usual headers and add more verbose output
  * test-unit-name: check that unexpanded specifiers not valid unit name make
  * Merge pull request #13989 from keszybz/meson-warning
  * Merge pull request #13984 from yuwata/udev-fix-13976
  * Merge pull request #13961 from mwilck/udev-no-exit-timeout
  * nspawn: do not emit any warning when $UNIFIED_CGROUP_HIERARCHY is used
  * cryptsetup-generator: allow overriding crypttab path with $SYSTEMD_CRYPTAB
  * cryptsetup-generator: allow overriding /run/systemd/cryptsetup with $RUNTIME_DIRECTORY
  * cryptsetup-generator: guess whether the keyfile argument is two items or one
  * Allow overriding /etc/fstab with $SYSTEMD_FSTAB
  * man: mention $RUNTIME_DIRECTORY & friends in environment list
  * meson: make user $PATH configurable
  * meson: avoid ternary op in .format()
  * Merge pull request #14013 from keszybz/cryptsetup-keyfile-with-colons
  * Merge pull request #14003 from keszybz/user-path-configurable
  * core: make TasksMax a partially dynamic property
  * core/dbus-cgroup: drop unnecessary parens
  * core/dbus-cgroup: use %.*s instead of strndupa()
  * core: write cgroup limits as permilles
  * logind: drop unused user_tasks_max field
  * core: do not propagate polkit error to caller
  * meson: add target to update the chromiumos rules
  * hwdb: update
  * man: share description of $SYSTEMD_COLORS in other tools
  * man: significantly downgrade the Options section in systemd(1)
  * Remove path_compare_func() alias for path_compare()
  * NEWS: more items
  * Merge pull request #14055 from yuwata/network-send-option-takes-type-field
  * core/path: serialize the previous_exists state
  * core/path: fix spurious triggering of PathExists= on restart/reload
  * Merge pull request #14046 from poettering/id128-uuid
  * Merge pull request #14040 from poettering/root-mount-deps
  * systemctl: add log-level and log-target commands
  * analyze: adjust the description of the default verb
  * systemctl: add service-watchdogs command
  * analyze: deprecate the commands moved to systemctl
  * systemctl: whitespace optimization of --help
  * man: add entry for systemd-id128 --uuid
  * core/path: minor simplification
  * bootctl: update --help text
  * NEWS: fix antique typo
  * Rename "system-options" to "systemd-efi-options"
  * Merge pull request #14007 from keszybz/tasks-max-dynamic
  * Merge pull request #14030 from keszybz/path-no-trigger
  * Merge pull request #14064 from yuwata/network-unify-send-option-and-send-raw-option
  * Merge pull request #14080 from poettering/table-uid-pid
  * Merge pull request #14079 from poettering/pam-systemd-fixlets
  * Merge pull request #14078 from poettering/cryptsetup-fixlets
  * Merge pull request #14074 from keszybz/rename-system-options
  * Merge pull request #14036 from keszybz/systectl-add-logs-and-watchdogs
  * Merge pull request #14093 from poettering/cgroups-delegate-xattr
  * resolve: rename define fixing a typo
  * man: use <command> not <option> for commands in resolvectl(1)
  * man: change noindex="true" to index="false"
  * man: fix a few bogus entries in directives index
  * man: sort options without "=" in the directives index
  * Merge pull request #14105 from keszybz/man-directives-cleanup
  * Merge pull request #14081 from poettering/xattr-list-rework
  * mailmap: update
  * NEWS: add contributors for v244
  * nspawn: dump capability list with --capabilities=help
  * man: use <constant> for capability names in nspawn page
  * nspawn: log syscalls we cannot add at debug level
  * machine: make machine_start_scope() static
  * machine: simplify machine_start_scope()
  * machined: simplify reference handling for units
  * machine: fold machine_stop_scope() into machine_stop()
  * shared/conf-parser: turn CONFIG_PARSE_REFUSE_BOM flag into a local variable
  * shared/conf-parser: document what the flags do
  * core/service: downgrade "scheduling restart" message to debug
  * Merge pull request #14109 from poettering/varlink-tweaks
  * Merge pull request #14099 from keszybz/machine-ref-unref-fix
  * meson: bump version numbers for v244
  * shared/conf-parser: allow sections to be silently ignored with new -Section syntax
  * basic/terminal-util: add support for $NO_COLOR
  * man: document all pager variables for systemctl and systemd
  * pid1: fix the names of AllowedCPUs= and AllowedMemoryNodes=
  * fuzz-unit-file: add new items to the corpus
  * man: refer to systemd.syntax(7) from systemd.nspawn(5)
  * network: warn about unknown sections when parsing .netdev files
  * shared/install: warn about unkown sections in unit files
  * doc: drop rhs from transient settings list
  * shared/bus-unit-util: word wrap
  * shared/conf-parser: remove unnecessary whitespace skipping
  * pid1: fix setting of DefaultTimeoutAbortSec
  * pid1: make TimeoutAbortSec settable for transient units
  * doc: update list of transient units
  * Merge pull request #14145 from poettering/process-bypass
  * core: use SPECIAL_DEFAULT_TARGET more
  * tree-wide: normalize includes of public headers
  * gpt-auto-generator: move functions around
  * pid1: use initrd.target in the initramfs by default
  * man: document initrd.target
  * Merge pull request #14201 from poettering/v244-final
  * gpt-auto-generator: improve debug messages a bit
  * gpt-auto-generator: use write_drop_in_format() helper and downgrade failure
  * gpt-auto-generator: make it easier to notice if boot loader support is missing
  * bootlctl: show LoaderDevicePartUUID information in status
  * tree-wise: standarize on "auto-detection" spelling
  * gpt-auto-generator: rename function for clarity
  * initrd: fix systemd.debug-shell & friends
  * TODO: remove obsolete entries
  * systemctl: enhance message about kexec missing kernel
  * cryptsetup-generator: unconfuse writing of the device timeout
  * hibernate-resume-generator: wait "infinitely" for the resume device
  * Merge pull request #14211 from yuwata/support-nlmsgerr_attr_msg
  * Merge pull request #13953 from SpencerMichaels/systemd-boot-efistub-id-fix
  * growfs: define main function through macro
  * growfs: port over to resize_fs()
  * Merge pull request #14221 from poettering/homed-preparatory-resizefs
  * Merge pull request #14209 from poettering/sd-bus-sensitive
  * Fix use of unitialized variable in error path
  * TODO: remove obsolete entries
  * networkd: check return value
  * shared/loop-util: operate on the right fd
  * shared/loop-util: fix leak of fd in error path
  * shared/loop-util: drop inline function with one use
  * Merge pull request #14235 from fbuihuu/cryptsetup-fixes
  * shared/seccomp: avoid possibly writing bogus errno code in debug log
  * shared/install: remove duplicated check
  * shared/install: provide a nicer error message for invalid WantedBy=/Required= values
  * shared/loop-util: fix error handling in loop_device_make_full()
  * shared/loop-util: spin on LOOP_CTL_REMOVE
  * shared/efi-loader: add some debugging statements
  * basic/efivars: do not return EIO if an efivar read is shorten than fstat size
  * shared/loop-util: spin on open() returning ENOENT too
  * shared/install: log syntax error for invalid DefaultInstance=
  * TODO: drop entry
  * Merge pull request #14360 from yuwata/udev-alternative-names-policy
  * shared/loop-util: rename function
  * Restore silent handling of BUS_ERROR_SPEED_METER_INACTIVE
  * Make openssl dependency optional again
  * Merge pull request #14365 from yuwata/networkctl-altname
  * Revert "cryptsetup: umount encrypted devices before detaching it during shutdown"
  * hwdb: ignore keys added in kernel 5.5
  * man: add remote-*.targets to the bootup sequence
  * man: add section about user manager units
  * shared/install: split out alias verification function
  * basic/unit-name: make sure UnitNameFlags is signed
  * shared/install: drop creation of alias for DefaultInstance
  * Merge pull request #14409 from poettering/shutdown-modernization
  * shared/sleep: use stat() instead of open()+fstat() in one place
  * shared/sleep-config: make swap detection stricter again
  * shared/sleep-config: do not ignore resume_offset when resume not set
  * Merge pull request #14510 from poettering/net-naming-scheme-fixlets
  * Merge pull request #14494 from poettering/container-interface
  * doc: tweak grammar in CONTAINER_INTERFACE description
  * man: fix option name
  * Merge pull request #14488 from yuwata/networkctl-show-logs
  * Merge pull request #14465 from poettering/setprio-rework
  * man: use xi:include to avoid duplication
  * network: rename *fd to *ethtool_fd
  * network: do not require ethtool_get_permanent_macaddr() to get an fd
  * network: use automatic stack allocation and structured init
  * sd-event: use RAII for struct epoll_event
  * sd-event: use _cleanup_ in one more place
  * doc: link to html versions of cgroup docs
  * man: link to specific sections of cgroups-v2 document
  * hwdb: make comment more precise
  * shared/unit-file: expose function to check .wants/.requires symlink validity
  * shared/install: rework alias check and add test
  * core,install: allow one more case of "instance propagation"
  * man: document alias rules and aliases dropin loading
  * tree-wide: make parse_ifindex simply return the index
  * timedatectl: drop ifindex output parameter too
  * networkctl: define a helper for interface name resolution
  * sd-netlink: do not require rtnl pointer to be passed
  * basic/socket-util: indent for clarity
  * util-lib: move things that parse ifnames to shared/
  * docs: import stability chart from wiki
  * docs/stability: relax the stance on accepting patches a bit
  * util-lib: add function to resolve "alternative" names
  * Resolve alternative ifnames wherever we would resolve an interface name
  * resolvectl: minor optimizations to allocate less
  * machinectl: reduce scope of iterator variables
  * networkctl: break long line
  * docs: import "interface stability promise"
  * docs: say that all documented programs in $PATH are stable
  * docs: say that dbus api is stable (but list various caveats)
  * docs: say that various cli progs are independent of pid1
  * Merge pull request #14553 from poettering/man-mkdir
  * Merge pull request #14557 from poettering/root-storage-daemons-markdown
  * docs: say that journalctl --flush/--sync also require journald
  * docs: update link and more dots
  * networkctl: return error or warning when interfaces are not matched
  * basic/strv: drop flags argument from strv_fnmatch()
  * Merge pull request #14563 from poettering/less-the-markdown
  * Merge pull request #14505 from poettering/refuse-on-failure
  * Merge pull request #14390 from poettering/gpt-var-tmp
  * Merge pull request #14564 from poettering/cgroup-realize-fix
  * Merge pull request #14571 from poettering/assorted-fixlets
  * man: add commas and reword a sentence
  * docs: remove markup from title
  * docs: update old para with links to the blog stories
  * docs: add the systemd output example
  * docs: shift console log on index page to the left
  * docs: rename HACKING → Hacking
  * Merge pull request #14578 from keszybz/docs-index
  * Revert "docs: rename HACKING → Hacking"
  * docs: fix width of console example
  * Merge pull request #14562 from yuwata/table-strv
  * Merge pull request #14579 from keszybz/docs-index
  * Merge pull request #14581 from poettering/setcred-alternative-fix
  * man: rework section about configuration file precedence
  * sysctl: move hashmap allocation out of main function
  * sysctl: downgrade message when we have no permission
  * shared/sysctl-util: add missing header
  * shared/user-record-nss: shorten code a bit
  * shared/user-record-nss: use macro to avoid repeats
  * logind: use loop instead of repeated code
  * core: reduce indentation a bit
  * Merge pull request #14590 from poettering/doc-fixlets
  * Merge pull request #14596 from poettering/no-mask-perpetual
  * units: drop full paths for utilities in $PATH
  * Merge pull request #14368 from poettering/repart
  * shared/gpt: export gpt_partition_type_uuid_{to,from}_string functions
  * systemd-id128: add new verb to print GPT partitions UUIDs
  * sd-bus: make dump flags public
  * sd-bus: export sd_bus_message_dump
  * Merge pull request #14633 from poettering/logind-switch-polkit
  * Merge pull request #14611 from yuwata/network-fix-reconfigure
  * shared/sysctl-util: normalize repeated slashes or dots to a single value
  * man: document logging downgrade in systemctl
  * Revert "sysctl: always write net.ipv4.conf.all.xyz= in addition to net.ipv4.conf.default.xyz="
  * man: add syntax quickhelp to sysctl.d(5)
  * Merge pull request #14096 from poettering/homed
  * meson: fix type of homed option
  * polkit: tweak grammar
  * Various typo fixes and grammar corrections
  * man: document man/sd_bus_message_dump.xml
  * sysctl: add glob syntax to sysctl.d files
  * sysctl: set ipv4 settings in a race-free way
  * Merge pull request #14589 from keszybz/sysctl-downgrade-messages
  * presets: "disable" all passive targets by default
  * test-network: do not fail if lo has a .network file
  * network,udev: refuse .link and .network settings with no matches
  * meson: update efi path detection to gnu-efi-3.0.11
  * Merge pull request #14398 from poettering/mount-prep
  * man: tweak description of blockdev@.target
  * network: TokenBufferFilter→TokenBucketFilter
  * network: FairQueueTrafficPolicing→FairQueueing
  * Merge pull request #14717 from yuwata/network-radv-dns-link-local
  * man: add "quick-help" to sysusers.d synopsis
  * Fix typo in function name
  * network: change "Gateway=dhcp" to "Gateway=_dhcp" (#14774)
  * hwdb: update for v245-rc1
  * NEWS: reword and shorten a bunch of stuff
  * NEWS: mention empty .link and .network files
  * NEWS: mention the TrafficControlQueueingDiscipline rename
  * Merge pull request #14779 from keszybz/news-v245
  * Merge pull request #14536 from DaanDeMeyer/wait-online-max-operstate
  * Merge branch 'polkit-ref-count'
  * NEWS: mention the operational state changes
  * NEWS: add contributors for v245
  * meson: bump version numbers for v245
  * github: remove direct paypal link
  * Merge pull request #14415 from ssahani/prefixstable-rfc-7217-new
  * units: drop OnFailure= from .target units
  * firstboot: add missing check
  * Merge pull request #14156 from fbuihuu/deal-with-aliases-when-disabling
  * shared/ask-password-api: return "error" when dialogue is cancelled
  * shared/ask-password-api: show "(press TAB for no echo)"
  * network: also change fair_queue_traffic_policing→fair_queueing
  * core/selinux-access: do not use NULL for %s
  * basic/selinux-util: expose _cleanup_freecon_
  * core/selinux-access: use _cleanup_ and improve logging
  * Merge pull request #14784 from yuwata/network-rename-qdisc-follow-up
  * Merge pull request #14805 from yuwata/network-ipv6-token-follow-up
  * Revert "Support Plugable UD-PRO8 dock"
  * tree-wide: s/home/home area/g
  * po: update Polish translation of "home area"
  * tree-wide: replace present participle forms
  * tree-wide: replace "asked to inhibit it" with "is inhibiting this"
  * po: fix confusion about what "it" is in Polish translation
  * kernel-install: strip BOOT_IMAGE= from kernel options
  * systemctl: be more specific when emitting warning about rotated journal
  * basic/string-table: avoid crash when table is sparse
  * man: add explanation where environment.d are inherited
  * man: fix links to ssh(1) and sshd(8)
  * meson: explain GIT_VERSION and PROJECT_VERSION
  * docs: say XBOOTLDR instead of just giving the GPT identifier
  * docs: interlink the docs to make it easier to navigate
  * man: add missing refnames for two binary names
  * Merge pull request #14968 from keszybz/docs
  * man: tweak markup in systemd-pstore.service(8)
  * man: add .service suffix to systemd-pstore(8)
  * presets: enable systemd-pstore.service by default
  * pid1: do not fail if we get EPERM while setting up network name
  * journalctl: implement --facility=foo
  * core: fix message about show status state
  * pid1: when printing status message status, give reason
  * pid1: touch the /run/systemd/show-status just once
  * pid1: make cylon timeout significantly bigger when not showing any messages
  * pid1: when showing error status, do not switch to status=temporary
  * pid1: add new mode systemd.show-status=error and use it when 'quiet' is passed
  * Fix two typos
  * userdb: fix lookup of groups defined by homed
  * Merge pull request #14976 from keszybz/show-status-message
  * journald: fix forwarding to syslog
  * test-sizeof: print size socklen_t
  * tree-wide: use the return value from sockaddr_un_set_path()
  * homed,userdb: don't use sockaddr_un_set_path() on fixed addresses
  * core/execute: use return value from sockaddr_un_set_path(), remove duplicate check
  * ask-password-api: drop unneeded parentheses
  * Merge pull request #14992 from keszybz/syslog-address-length-fix
  * hwdb: update for v245-rc2
  * NEWS: update contributors list
  * NEWS: two minor entries
  * sysusers: many different errnos to express one condition
  * basic/fs-util: add a version of chmod_and_chown that doesn not use  /proc
  * sysusers: do not require /proc to be mounted
  * Merge pull request #14874 from bluca/portable_detach_now_block
  * man: bump fedora versions
  * man,mkosi: use glibc-minimal-langpack for Fedora
  * tree-wide: drop printk.devkmsg=on setting in various places
  * tree-wide: fix spelling of lookup and setup verbs
  * man: specify that Domains= is a space-separated list
  * man: document the default value for IPv6AcceptRA=
  * docs: add .link/.network/.netdev files to interface stability chart
  * man: document that .link/.network/.netdev files have the usual ini syntax
  * Merge pull request #15002 from keszybz/sysusers-no-proc
  * Merge pull request #15009 from keszybz/version-and-doc-updates
  * systemctl: do not print items twice in list-dependencies
  * units: do not ignore return value from systemd --user
  * pid1: remove unnecessary terminator
  * units: restore RemainAfterExit=yes in systemd-vconsole-setup.service
  * man: add systemd-network-generator.service(8)
  * man: mention networkctl in the networkd man page
  * systemctl: make list-dependencies take multiple arguments
  * units: make systemd-network-generator.service stay around
  * Use Finished instead of Started for Type=oneshot services (#14851)
  * units: skip modprobe@.service if the unit appears to be already loaded
  * hwdb: update for v245
  * NEWS: final contributor update for v245
  * Merge pull request #15034 from keszybz/hwdb-update
  * Merge pull request #15033 from yuwata/state-directory-migrate-issue
  * test-cgroup: split into functions as usual
  * basic/cgroup-util: modernize cg_split_spec()
  * test-cgroup: fix memleak
  * test-cgroup: do not require root to pass
  * meson: mark test-cgroup as standard
  * Merge pull request #15063 from topimiettinen/execute-dont-create-tmp-dirs-if-inaccessible
  * man: add a tiny bit of markup
  * homed: replace "home directory" with "home area" in a few places
  * core: shorten local variable names in do_queue_default_job()
  * core: log an info line about the default target
  * NEWS: add late note about job trimming issue
  * core: consistently emit oom warning when parsing args
  * systemctl: emit notice about some kernel commandline options
  * systemctl: print a notice when set-default is not effective
  * Merge pull request #15108 from keszybz/systemctl-set-default-notices
  * Merge pull request #15136 from yuwata/network-dhcp4-use-gateway
  * Merge pull request #14749 from msekletar/cpu-aff-numa-v3
  * man: add sd_bus_start(3)
  * sd-bus: make bus_set_address_user always go through sd_bus_set_address
  * man: add sd_bus_set_address(3)
  * man: describe sd_bus_default_flush_close()
  * bus: drop dead code for kdbus support
  * sd-bus: mark sd_bus_try_close() as deprecated
  * man: mention sd_bus_is_anonymous() and sd_bus_is_trusted()
  * man: say "is" not "has been"
  * Merge pull request #15153 from keszybz/man-bus-address
  * tests: move unit files to units/ subdirectory
  * sd-bus: make sure SD_BUS_DEFAULT* works everywhere
  * sd-bus: support SD_BUS_DEFAULT* and don't crash in functions where bus is optional
  * sd-bus: whitespace adjustments
  * test: replace symlinks with actual unit files
  * meson: use install_subdir() to install files
  * meson: report -Dinstall-tests in summary
  * test: allow overriding EFI_MOUNT like other variables
  * Merge pull request #15185 from ssahani/fix-sip-copy-paste
  * Merge pull request #15209 from anitazha/moar-cgroup-utils
  * Merge pull request #15170 from keszybz/sd-bus-resolve-magic
  * Merge pull request #15214 from ssahani/networkctl-br1
  * Merge pull request #15224 from ssahani/geneve
  * path: align columns
  * {systemd,udev}.pc: add names with underscores, deprecate the old ones
  * test-sd-path: basic test for the sd-path API
  * sd-path: rename the two functions
  * meson: run a no-op build to generate man rules
  * libsystemd: install sd-path.h and export sd_path_lookup{,_strv}
  * man: add sd_path_lookup(3)
  * sd-path,strv: add simple helper to wrap oom handling around strv_split_nulstr()
  * Split out generator directory setup to a src/core/generator-setup.c
  * Move path-lookup.c to src/basic
  * sd-path: simplify implementation of sd_path_lookup*()
  * path: show various systemd directories and search paths too
  * Rename _PATH variables to _DIR when they refer to a directory
  * network: move NETWORK_DIRS to path-lookup.h
  * sd-path: export "systemd-network-path"
  * man: fix typo
  * path: log at debug level when we can't query a variable
  * sd-path: handle case of missing runtime dir in test
  * Merge pull request #15195 from ssahani/dhcp-option-pop-server
  * Merge pull request #15237 from cgzones/improve
  * test: move TEST-01-BASIC setup to static files
  * test: move part of TEST-02-CRYPTSETUP setup to static files
  * test: move TEST-03-JOBS setup to static files
  * test: convert TEST-04-JOURNAL to generic image
  * test: move TEST-05-RLIMITS setup to static files
  * test: move most of TEST-06-* setup to static files
  * test/TEST-06: skip test if no selinux
  * test/TEST-06: make autorelabel.service a static file too
  * test: move TEST-07-ISSUE-1981 setup to static files
  * test: move TEST-08-ISSUE-2730 setup to static files and meson scripts
  * test: move TEST-09-ISSUE-2691 setup to static files
  * test: use shell arrays and remove duplicates
  * test: move TEST-10-ISSUE-2467 setup to static files
  * test: move TEST-11-ISSUE-3166 setup to static files
  * test: move TEST-12-ISSUE-3171 setup to static files
  * test: move most of TEST-13-NSPAWN-SMOKE setup to static files
  * test: move most of TEST-14-MACHINE-ID setup to static files
  * test: move TEST-15-DROPIN setup to static files
  * test/TEST-15: remove all created unit files
  * test/TEST-15: call daemon-reload in two more places
  * test: move TEST-16-EXTEND-TIMEOUT setup to static files
  * test/TEST-16: simplify how variables are set
  * test: move TEST-17-WANTS setup to static files
  * test: move TEST-18-FAILUREACTION setup to static files
  * test: move TEST-19-DELEGATE setup to static files
  * test: move TEST-20-MAINPIDGAMES setup to static files
  * test: move TEST-22-TMPFILES setup to static files
  * test: move TEST-23-TYPE-EXEC setup to static files
  * test-fileio: fix bogus error when /proc/cmdline contains newlines
  * test: move TEST-24-UNIT-TESTS setup to static files
  * test: move TEST-25-IMPORT setup to static files
  * test/TEST-25: remove all images at the end of the test
  * test: move TEST-26-SETENV setup to static files
  * test: move TEST-27-STDOUTFILE setup to static files
  * test: move TEST-28-PERCENTJ-WANTEDBY setup to static files
  * test: move TEST-29-UDEV-ID_RENAMING setup to static files
  * test: move TEST-30-ONCLOCKCHANGE setup to static files
  * test: move TEST-31-DEVICE-ENUMERATION setup to static files
  * test: move TEST-32-OOMPOLICY setup to static files
  * test: move TEST-33-CLEAN-UNIT setup to static files
  * test: move TEST-34-DYNAMICUSERMIGRATE setup to static files
  * test: convert TEST-35-NETWORK-GENERATOR into a unit test
  * test: move TEST-36-NUMAPOLICY setup to static files
  * test/TEST-36: move the config files to /run
  * test: move TEST-37-RUNTIMEDIRECTORYPRESERVE setup to static files
  * test: move TEST-39-EXECRELOAD setup to static files
  * test: move TEST-40-EXEC-COMMAND-EX setup to static files
  * test: move TEST-41-ONESHOT-RESTART setup to static files
  * test/TEST-41: use a file in /tmp and reset the contents
  * test: move TEST-42-EXECSTOPPOST setup to static files
  * test: move TEST-43-* setup to static files
  * test: move TEST-44-* to static files
  * test: convert TEST-45 to a normal meson test
  * test: move TEST-46-HOMED to static files
  * test: move TEST-47-* to static files
  * test: de-duplicate test_setup() functions
  * test: improve reporting a bit
  * test: drop cargo-cult line
  * test: mount root rw and drop /etc/fstab
  * test: make sure to reset state before starting integration tests
  * test/TEST-28: avoid race in handling of /testok
  * semaphoreci: trivial cleanup
  * test: rework how images are created
  * test/TEST-01: allow running w/o -Dinstall-tests=true
  * test: echo a message when the tests fails
  * test: wipe journal files after test
  * test: run tests directly from the loopback device
  * test: simplify the Makefiles
  * test: perform partial cleanup after each test is run
  * test: stop caching loopdev
  * test: run unittests with newlines in /proc/cmdline
  * meson: use find_program() for add-git-hook.sh
  * test: print test of name in output
  * test-strv: add missing oom check
  * nss-systemd: add missing jump to unlock mutex
  * basic: add _cleanup_ wrappers for pthread_mutex_{lock,unlock}
  * nss-systemd: use _cleanup_ for pthread_mutex_{lock,unlock}
  * Merge pull request #15233 from msekletar/device-dbus
  * Merge pull request #15217 from keszybz/beef-up-sd-path
  * test: use systemd.status-unit-format=name in all but one test
  * run-integration-tests: add support for blacklisting
  * test: use a helper function to move the journal files
  * test: use systemd-journal-remote for journal copying, support $ARTIFACT_DIRECTORY
  * test: optionally print the journal after tests
  * TEST-06-*: also try the installation path for Debian
  * TEST-13-*: remove containers created in test before running the test
  * run-integration-tests: print times
  * test: run loop device cleanup in more cases
  * run-integration-tests: only do the clean operation in the beginning
  * units: make systemd-repart.service installable
  * units: make systemd-homed.service installable
  * units: make systemd-userdbd.{socket,service} installable
  * test: print path to build directory on misconfiguration
  * Merge pull request #15268 from poettering/sigusr1-sigusr2
  * sd-bus: simplify bus_maybe_reply_error
  * journal-remote: fix description of option
  * Merge pull request #15229 from ssahani/mud
  * Merge pull request #15278 from vcaputo/more-trivial-cleanups
  * man: add note that --no-hostname has limited effect
  * Merge pull request #15253 from DaanDeMeyer/object-vtable-error-docs
  * Merge pull request #15109 from keszybz/units-make-installable
  * Merge pull request #15252 from ssahani/dhcpv6-mud
  * Merge pull request #15210 from ssahani/networkctl-up-down
  * Merge pull request #15310 from poettering/repart-no-enable
  * Merge pull request #15315 from DaanDeMeyer/deprecate-sd-bus-priority
  * systemctl: add -P as short for --value --property=
  * test: use show -P in places
  * detect-virt: also detect "microsoft" as WSL
  * man: drop apostophe from section title
  * Remove stray file
  * man: update rules
  * sysctl: enable coredump for suid binaries
  * Remove message->priority field
  * Merge pull request #15331 from vcaputo/busdpi
  * shared/escape: add new escape style with \n\t escaped
  * systemctl: show Environment entries with whitespace
  * Merge pull request #15368 from poettering/color-fix
  * basic/parse-util: add safe_atoux64()
  * Add parser and printer for coredump filter mask
  * manager: add CoredumpFilter= setting
  * manager: also log at debug level failure to read oom_score_adj
  * busctl: use the pager everywhere
  * busctl: wrap long lines
  * man: fix garbled paragraph in systemd.network(3)
  * Add yet another tiny helper to manipulate flags
  * sd-dhcp-lease: add a meta-getter to simplify querying of server lists
  * sd-dhcp-server: add a meta-setter to simplify setting of server lists
  * network: define string lookup table for the DHCP info bits
  * network: add helper to extract server lists
  * network: use a loop for repetitive operation
  * Merge pull request #15392 from keszybz/flag-helper
  * Merge pull request #15377 from poettering/userdb-no-shadow
  * Merge pull request #15376 from poettering/homed-btrfs-subvol-luks
  * Merge pull request #15399 from DaanDeMeyer/sd-bus-property-docs
  * Merge pull request #15405 from DaanDeMeyer/sd-bus-can-send-docs
  * Merge pull request #15365 from poettering/remount-fs-pstore-fix
  * Merge pull request #15406 from DaanDeMeyer/sd-bus-set-exec-docs
  * Merge pull request #15281 from keszybz/functional-test-rework
  * man: import org.freedesktop.login1(3) from the wiki
  * logind: add dbus parameter names
  * man: import org.freedesktop.machine1(3) from the wiki
  * machined: add dbus parameter names
  * man: import org.freedesktop.import1(3) from the wiki
  * importd: add dbus parameter names
  * man: import org.freedesktop.hostname1(3) from the wiki
  * hostnamed: add dbus parameter names
  * man: import org.freedesktop.timedate1(3) from the wiki
  * timedated: add dbus parameter names
  * man: import org.freedesktop.locale1(3) from the wiki
  * localed: add dbus parameter names
  * Remove unneded {}s
  * Merge pull request #15417 from poettering/fileno-can-fail
  * meson,resolved: make default LLMNR= and MulticastDNS= values configurable
  * man: move "files" after "resolve" in the suggested configuration
  * man: move "myhostname" right after "resolve"
  * loginctl: adjust indentation
  * logind: skip polkit query with --no-wall
  * network: fix static assertion on IPPROTO_MAX range
  * network: use "FooOverUDP" as one word
  * tree-wide: spellcheck using codespell
  * man: import org.freedesktop.resolve1(3) from the wiki
  * resolved: add dbus parameter names
  * man: import org.freedesktop.systemd1(3) from the wiki
  * manager: add dbus parameter names
  * Add updater for dbus introspection in man pages
  * update-dbus-docs: add support for settings printing just one selected interface
  * man: run dbus api docs through the updater
  * man: various tweaks to org.freedesktop.hostname1(5)
  * man: login1(5) — fix markup and fill in the missing descriptions
  * man: locale1(5) — adjust page structure and fill in the missing parts
  * shared/reboot-util: indentation update
  * man: update description of polkit rules for systemd1
  * resolved: fix typo in an unused function and add comment
  * network: fix typo
  * Merge pull request #15452 from keszybz/fix-ipproto-assert
  * Merge pull request #15347 from hakman/journald-upload-public-cloud
  * sd-login: get rid of seat_can_multi_session()
  * headers: get rid of pointless /* deprecated */ comment
  * test-resolve: add a bunch more packets for testing
  * resolvectl: fix indentation of hexdump'ed packets
  * man: add a note that resolvconf updates /etc/resolv.conf in specific circumstances
  * Merge pull request #15478 from DaanDeMeyer/dbus-api-docs-fixes
  * Merge pull request #15480 from DaanDeMeyer/sd-bus-add-node-enumerator-docs
  * man: reindent nss-resolve(8)
  * man: fix formatting in resolved.conf(5)
  * man: use manpages.ubuntu.com for resolvconf(8) link
  * resolved: fix minor confusion in comment
  * Merge pull request #15491 from keszybz/resolvconf-compat
  * Merge pull request #15439 from keszybz/man-resolve
  * resolve: allow setting the log level dynamically as in pid1
  * man: add forgotten <para> tags around a paragaph in resolve1(5)
  * TODO: add a hypothetical
  * resolved: return org.freedesktop.resolve1.DnsError.NXDOMAIN on LLMNR resolution failure
  * resolved: include actual path in error message
  * resolve: when writing of private resolv.confs fails, do not remove old copies
  * resolve: when the stub listener is disabled, symlink stub-resolv.conf to resolv.conf
  * man: document sd_journal_*_with_location
  * check-api-docs: sd_journal_open_container is deprecated
  * man: add sd_j_open_namespace as refname
  * Merge pull request #15503 from DaanDeMeyer/sd-bus-get-docs
  * Merge pull request #15502 from DaanDeMeyer/sd-bus-exit-on-disconnect-docs
  * Merge pull request #15476 from boucman/directive_dbus
  * man: run systemd1(5) through the updater
  * man: add markers to put all dbus entities in the directives index
  * man: add description of all the sd-hwdb funtions
  * man: add SD_HWDB_FOREACH_PROPERTY with an example
  * Merge pull request #15508 from keszybz/add-dbus-entities-to-index
  * man: reorder hostname1(5)
  * tree-wide: use "hostname" spelling everywhere
  * man: hostname(5) — add description of methods and properties
  * man: timedate1(5) — add missing descriptions
  * man: fix two typos
  * docs: use "polkit" to refer to PolicyKit
  * man: remove gendered pronoun and reindent a paragraph
  * Merge pull request #15443 from ddstreet/use_gateway_backwards_compatible
  * Merge pull request #15520 from mrc0mmand/various-codebase-improvements
  * Merge pull request #15519 from DaanDeMeyer/sd-bus-message-read-strv-docs
  * Merge pull request #15526 from bluca/start_stop_wait_debug
  * Merge pull request #15507 from poettering/bus-log-api
  * Merge pull request #15517 from DaanDeMeyer/sd-bus-monitor-docs
  * Merge pull request #15516 from poettering/nspawn-resolv-conf
  * Merge pull request #15546 from poettering/pid1-serialize-comand-fix
  * Merge pull request #15530 from ssahani/lpr-dhcpv4-option-9
  * Merge pull request #15527 from Werkov/mkosi-opensuse
  * core: fix unused variable warning when !HAVE_SECCOMP
  * shared: add NULL callback check in one more place
  * man: add a description of handling of single-label names
  * Merge pull request #15550 from DaanDeMeyer/sd-bus-open/close/enter/exit-container-docs
  * Merge pull request #15569 from DaanDeMeyer/sd-bus-message-peek-type-docs
  * Merge pull request #15570 from poettering/cmsg-find
  * Merge pull request #15564 from poettering/tmpfiles-no-proc
  * Merge pull request #15579 from DaanDeMeyer/sd-bus-get-name/owner-creds-docs
  * efivars: retry open and read operations
  * meson: modernize indentation
  * userdbctl: make --help fit in 80 columns
  * meson: test userdbctl and homectl --help
  * homectl: say "home area" in more places
  * Merge pull request #15618 from keszybz/help-output
  * docs: reorder the section about security reporting to emphasize the sekrit list
  * man: mention that ProtectSystem= also takes care of /efi
  * shared/unit-file: fix resolution of absoulute symlinks with --root
  * Merge pull request #13512 from msekletar/freezer
  * Merge pull request #15652 from MadMcCrow/master
  * bus-introspect: write <interface> from within introspect_write_interface()
  * bus-introspect: move xml string defines into the .c file
  * sd-bus: use STR_IN_SET() in one more place
  * importd: wrap long lines
  * util-lib: add stub parser for --help, --version
  * manager: add highlighting to --help
  * logind,importd,hostnamed,localed,timedated,machined,resolved: add option parsing stubs
  * Merge pull request #15701 from poettering/systemctl-json-table
  * Merge pull request #15648 from poettering/journalctl-cat-beefup
  * Merge pull request #15645 from poettering/calender-expression-doc-fix
  * systemctl: fix hint when 'systemctl help' is given
  * systemctl: mark log-level,log-target,service-watchdogs as online-only
  * shared/verbs: add a modicum of documentation
  * shared/verbs: split out helper to find verbs
  * systemctl: refuse online-only ops with --root
  * systemctl: fix --root support in querying presets
  * shared/install: optionally cache the preset list
  * shared/install: indent tables
  * shared/install: print name of offending file in error
  * shared/install: rename variable for clarity
  * systemctl: add new enablement state "alias"
  * systemctl: do not show preset state for "static"/"alias"/"generated"/"transient" units
  * sd-bus: add helper struct for interface definitions
  * importd: convert to the new scheme
  * logind: convert to the new scheme
  * bus-util: add wrapper for interface introspection
  * importd,logind: add --bus-introspect= option
  * units: change description of systemd-logind.service
  * timedated: convert to the new scheme and add --bus-introspect
  * resolved: convert to the new scheme
  * bus-introspect: list the interfaces with "list"
  * hostnamed: convert to the new scheme and add --bus-introspect
  * localed: convert to the new scheme and add --bus-introspect
  * machined: convert to the new scheme and add --bus-introspect
  * pid1: convert to the new scheme
  * pid1: add --bus-introspect
  * update-dbus-docs: use executables in build/
  * man: use --bus-introspect to autogenerate dbus api docs
  * man: drop CanMultiSession from documention
  * man: drop LogLevel from resolve1(5)
  * meson: add man/update-dbus-docs target
  * man: add description of org.freedesktop.LogControl1
  * homed: convert to the new scheme and add --bus-introspect
  * man: add stub for home1(5)
  * man: update login1(5) for SetType()
  * Merge pull request #15473 from keszybz/bus-introspection
  * resolve: fix type of parameter and update man page
  * basic/set: let set_put_strdup() create the set with string hash ops
  * test-set: make test-set not link to libshared and test test_set_put_strdup*()
  * sd-device: use string hash ops in device enumerator
  * basic/hashmap: allow NULL values in strdup hashmaps and add test
  * sd-device: use hashmap_put_strdup()
  * sd-device: optimize addition of already present matches
  * sd-device: get rid of device_enumerator_clear_match_parent
  * shared/logs-show: constify Set *fields
  * tree-wide: use _cleanup_set_free_ where appropriate
  * Merge pull request #15727 from poettering/systemctl-list-sockets-tweak
  * Merge pull request #15735 from poettering/pam-snippet-update
  * Merge pull request #15733 from benjarobin/fix_warn_ndebug
  * Revert "Add Kensington SlimBlade Trackball"
  * man: suffix pam options with "=" where arg is required too
  * meson: drop "meson-" prefix from various helper script filenames
  * meson: rename make-man-rules.py to update-man-rules.py
  * man: update rules
  * tools: move directive index template to separate file
  * man: add specifiers section to directives index
  * man: fix indentation in sysusers.d.xml
  * man: put all pages which mention a specifier in the index
  * Merge pull request #15635 from keszybz/set-put-strdup
  * Add a basic test that the configured fallback hostname is OK
  * Add %l as specifier for the hostname without any domain component
  * test-specifier: add a simple test which prints "global" specifiers
  * Merge pull request #15623 from poettering/cmsg-cleanup
  * Merge pull request #15718 from poettering/tmpfiles-offline
  * Merge pull request #15651 from poettering/newlocale-check
  * Merge pull request #15703 from poettering/homed-tweak-default-storage
  * core: fix compilation with gcc -O3
  * Merge pull request #15769 from poettering/man-tmpfiles-boot-override
  * Merge pull request #15768 from poettering/grnd-insecure
  * shared/ethtool-util: hush gcc warnings about array bounds
  * Merge pull request #15762 from keszybz/gcc-10-build
  * Merge pull request #15789 from poettering/homed-bus-api
  * Merge pull request #15795 from gdamjan/master
  * test-journal-send: send printing of long lines
  * Merge pull request #15812 from poettering/deprecate-stdout-syslog
  * Merge pull request #15052 from jaankit/journal-send
  * Merge pull request #15792 from poettering/repart-allocate
  * docs: policy for systemd-security subscriptions
  * Merge pull request #15165 from ssahani/bonding
  * Merge pull request #15494 from ssahani/dhcpv6-request-options
  * Merge pull request #15804 from poettering/hostnamed-instant-part1
  * man: fix dir name in sysctl.d(5)
  * Merge pull request #15838 from poettering/hostnamed-instant-part2
  * TODO: drop some networkd items
  * TODO: drop some external items
  * Merge pull request #15794 from poettering/pam-sudo-fixes-part2
  * Merge pull request #15836 from poettering/makefs-lock
  * NEWS: retroactively document Family=
  * Merge pull request #15843 from poettering/busctl-duplicate-tweaks
  * Merge pull request #15482 from ssahani/dhcpv6-userclass
  * bus-message: fix negative offset with ~empty message
  * bus-message: immediately reject messages with invalid type
  * Merge pull request #15535 from fbuihuu/update-runtime-watchdog-on-reload
  * Merge pull request #15661 from hundeboll/mount-read-write-only
  * Merge pull request #15860 from keszybz/bus-message-empty-fields
  * Merge pull request #15274 from ssahani/network-issue-9610
  * basic/efivars: fix errno propagation
  * tree-wide: fix bad errno checks
  * network: fix signed/unsigned confusion
  * network: reduce scope of variables, etc.
  * sd-path: fix systemd-system-generator-path lookup
  * Merge pull request #15870 from poettering/proc-cmdline-efi-fix
  * Merge pull request #15873 from evverx/pointer-overflow-oss-fuzz
  * Merge pull request #15433 from mrc0mmand/test-reintroduce-parallelization
  * Merge pull request #15869 from poettering/cant-auth
  * busctl: use set_put_strdup()
  * sd-bus: make name validation functions public
  * tree-wide: use public sd-bus functions in more places
  * man: add docs for the new functions
  * sd-bus: internalize setting of bus is_system/is_user
  * sd-network: fix inverted error message
  * network: use consistent type when parsing lifetimes
  * network: allow empty assignment to PreferredLifetime=
  * busctl: verify args early and always print results to stdout
  * busctl: drop unneeded param
  * sd-network: reduce scope of some variables
  * sd-dhcp6: constify output arguments in get_{ntp,nds}_addr
  * networkd: unfoobar serialization of links
  * network: simplify how initial space is handled
  * man: beef up $MAINPID examples
  * basic/process-util: create helper function
  * basic/process-util: only try PR_SET_MM once
  * userwork: fix typos in comment
  * tree-wide: s/time-out/timeout/g
  * man: reword description of IPAddressDeny/Allow a bit
  * core: update comment about sysv compat
  * core: add forgotten return in error path
  * userwork: remove trailing comma in message
  * core: minor simplification
  * shared/efi-loader: remove check that uses absolute tick value
  * basic/hashmap: make _ensure_allocated return 1 on actual allocations
  * core: make unit_set_invocation_id static
  * shared/unit-file: make sure the old hashmaps and sets are freed upon replacement
  * core: define UnitDependency iterators in loops
  * manager: free the jobs hashmap after we have no jobs
  * basic/hashmap: update comment
  * tools/gdb: decrese indentation to 4 spaces
  * hashmap: don't allow hashmap_type_info table to be optimized away
  * gdb: drop python2 support
  * gdb: update accessors for bucket counts and entry sizes
  * basic/hashmap: drop unneeded macro
  * gitignore: ignore mypy cache
  * gdb: make output a bit nicer
  * basic/hashmap,set: change "internal_" to "_" as the prefix
  * strv: propagate location info from the call site too
  * Merge pull request #15915 from poettering/journal-external-link
  * Merge pull request #15935 from poettering/cache-more-efi-vars
  * shell-completions: update bootctl
  * udevd: update snippet string
  * loginctl: define loop iterators in the loop header
  * basic/user-util: always use base 10 for user/group numbers
  * Merge pull request #15990 from jwrdegoede/hwdb-accel-quirks
  * Merge pull request #16029 from yuwata/network-wireguard-without-peers-15786
  * Merge pull request #16030 from yuwata/network-read-mtime-of-dropin-configs-15521
  * man,mkosi: bump Fedora version
  * units: uppercase the description
  * man: add note that emergency.target inherits mount state
  * basic/efivars: try re-reading efivars without delay first
  * core: set source_mtime after load dropins
  * resolvectl: do not show NTA lists in status
  * Introduce strcasecmp_ptr() and use it in a few places
  * resolvectl,systemctl: reduce scope of variables
  * resolvect: sort status output by link number
  * pstore: use typesafe_qsort
  * basic/sort-util: adorn qsort_safe with a prefix underscore
  * Merge pull request #15466 from elmarco/dhcp-leases
  * Merge pull request #15378 from msekletar/udev-kill-signal
  * kernel-install: extend --help
  * shell-completion: add homectl for bash
  * Merge pull request #16087 from mrc0mmand/travis-build-check
  * core: store unit aliases in a separate set
  * core: when adding names to unit, require matching instance strings
  * core: rework error messages in unit_add_name()
  * core: create socket service instances with the correct name from the start
  * core: do not touch instance from unit_choose_id()
  * Merge pull request #16120 from poettering/udevd-fixlets
  * Merge pull request #16118 from poettering/inaccessible-fixlets
  * Merge pull request #16111 from poettering/bitlck-fix
  * journal: simplify vsnprintf() ret value check
  * update-man-rules: properly filter out directives index again
  * man: drop obsolete HAVE_PYTHON conditional
  * man: really fix conditional in homed.conf
  * Merge pull request #16163 from DaanDeMeyer/resolved-edns-info
  * man: mention systemd-user-runtime-dir in user@.service too
  * Merge pull request #16170 from keszybz/man-user@
  * man: do not say that systemd-modules-load.service only uses static config
  * Merge pull request #16061 from filbranden/standalone1
  * udev: do not execute hwdb builtin import twice or thrice
  * man: rework description of Domains=
  * resolved: add dns_query_candidate_freep()
  * resolved: drop bit-field annotations for fields in Manager
  * resolved: optionally allow single-label A/AAAA queries
  * man: document the new option
  * Merge pull request #16235 from yuwata/network-fix-warning-16224
  * tools: rewrite make-autosuspend-rules.py and add udev rules
  * test: also verify the generated autosuspend hwdb file
  * hwdb: enable autosuspend for Wacom Pen and EMV Smartcard Reader
  * rules: remove 61-autosuspend-manual.rules
  * make-autosuspend-rules: remove one instance of "whitelist"
  * resolved: introduce dns_transaction_gcp()
  * sd-device: use set_put_strdup() in one more place
  * basic/set: add set_ensure_put()
  * tree-wide: use set_ensure_put()
  * netdev/wireguard: do not invalidate peer on invalid syntax
  * fuzz-netdev-parser: add test case for earlier version of preceding patches
  * udevadm-monitor: simplify creation of arg_tag_filter set
  * shared/bus-util: fix misleading error handling
  * Revert "bus-message: immediately reject messages with invalid type"
  * bus-message: avoid dereferencing a NULL pointer
  * bus-message: add macro for calculation of offset from the page
  * Merge pull request #16237 from keszybz/revert-message-type-check
  * Merge pull request #16216 from nabijaczleweli/make-a-fuss
  * Merge pull request #16196 from mrc0mmand/travis-simplification
  * Revert "cgroup: Allow empty assignments of Memory{Low,Min}="
  * udev: split rules object creation and loading
  * fuzz-udev-rules: rewrite to not require root privileges
  * Merge pull request #16213 from yuwata/network-cleanup-link-state-file
  * Merge pull request #16246 from benzea/benzea/xdg-autostart
  * basic/set: add set_ensure_consume()
  * basic/set,hashmap: pass through allocation info in more cases
  * resolved: simplify allocation failure handling in dns_stub_process_query()
  * resolved: fix memleak on duplicate host lines in /etc/hosts
  * portable: rework set handling in portable_detach()
  * logind: fix possible memleak of message if the message was already in the set
  * core/bpf-firewall: use the correct cleanup function
  * networkd: take ref immediately after storing item in set
  * tree-wide: use set_ensure_consume() in various places
  * basic/hashmap,set: propagate allocation location info in _copy()
  * socket-proxy: use structured initialization in one place
  * sysv-generator: reduce scope of variables
  * Merge pull request #16238 from keszybz/set-handling-more
  * journal: fix buffer overrun when urlifying
  * fuzz-udev-rules: -ENOBUFS should be accepted too
  * Merge pull request #16271 from yuwata/network-cleanups-around-link-get
  * Merge pull request #16265 from Werkov/fix-16248
  * man: fix links to various external man pages
  * man: fix various internal references
  * man: reword awkward sentence
  * Merge pull request #15697 from OhNoMoreGit/fix-path-units
  * Merge pull request #15624 from poettering/hostnamed-instant
  * Merge pull request #16278 from keszybz/fix-man-links
  * Merge pull request #16275 from yuwata/network-deprecate-netdevsim
  * hwdb: update for v246
  * Merge pull request #16096 from poettering/journal-hash-fix
  * NEWS: reorder entries with some minor additions
  * Merge pull request #16142 from poettering/random-seed-cmdline
  * test-repart: allow the test to pass on non-amd64 architectures
  * Merge pull request #16282 from poettering/repart-copy-blocks
  * Merge pull request #16313 from yuwata/network-move-ipv6ll-gen-mode
  * Fix build with µhttpd 0.9.71
  * tree: wide "the the" and other trivial grammar fixes
  * tree-wide: spell "lifecycle" without hyphen everywhere
  * tree-wide: "unparseable" → "unparsable"
  * Merge pull request #16336 from yuwata/ifindex-cleanups
  * Merge pull request #16338 from keszybz/spelling2
  * update-utmp,initctl: drop ppid check
  * initctl,update-utmp: define iterator variable in loop
  * initctl: use _cleanup_ and run()
  * various daemons: emit Stopping... notification before destructing the manager object
  * NEWS: tweak WithoutRA= description a bit more
  * Merge pull request #16348 from yuwata/news-sriov
  * Merge pull request #15442 from poettering/fido2
  * sd-device: be more defensive in FOREACH_DEVICE_SYSATTR
  * Define _cleanup_ helper for setutxent()+endutxent()
  * update-utmp: do not fail on EROFS
  * shared/install: do not require /dev/null to be present in chroots
  * tree-wide: fixes for assorted grammar and spelling issues
  * tree-wide: drop quotes from around [section]
  * Fix two typos found by codespell
  * Merge pull request #16370 from keszybz/tree-wide-spelling
  * man: one more typo
  * man: do not say that tasks are threads and processes
  * networkd: we should not loop when extract_first_word() fails
  * Merge pull request #16373 from JackFangXN/master
  * hwdb: update again for v246
  * Merge pull request #16383 from yuwata/network-dhcp6-radv-update-prefix
  * Merge pull request #16381 from yuwata/dhcp4-renewing
  * Merge pull request #16380 from yuwata/network-dhcp6-update-prefix-route
  * sleep: one spelling unification
  * fuzz: add test case that should already be resolved
  * journal/compress: drop "future" code in zstd compression
  * networkd: use capitalized "IP" and "TOS" in messages
  * tree-wide: more repeated words
  * journald: minor wording tweak in message
  * xdg-autostart: avoid quadratic behaviour in strv parsing
  * xdg-autostart: ignore all empty entries in multi-string entries
  * Merge pull request #16390 from keszybz/coverity-and-typos
  * Merge pull request #16388 from keszybz/xdg-desktop-fuzz-case
  * Merge pull request #16301 from poettering/firstboot-image
  * Merge pull request #16143 from fbuihuu/fstab-generator-fix
  * core: wrap some long lines and other formatting changes
  * git-contrib: simplify implementation a bit
  * NEWS: update contributors list for v246-rc
  * meson: bump version numbers for v246
  * Merge pull request #16404 from keszybz/release-246-prep
  * Merge pull request #15955 from anitazha/nullorempty
  * Merge pull request #16405 from sipraga/master
  * Merge pull request #15891 from bluca/host_os_release
  * NEWS: add blurb about os-release and $container_host_*
  * userdb: fix dlopen call
  * NEWS: add date
  * basic/cap-list: parse/print numerical capabilities
  * basic/capability-util: let cap_last_cap() return unsigned integer
  * basic/cap-list: reduce scope of variables
  * Merge pull request #16426 from cgzones/run_user_label
  * Merge pull request #16424 from keszybz/cap-bpf-compat
  * Merge pull request #16432 from cgzones/selinux_err_fix
  * repart: include more relevant information in the warning message, fix test
  * meson: do not install testdata when -Dinstall-tests=false
  * Merge pull request #16430 from mikhailnov/fix-rpm-create-package-macros
  * rpm: adjust various macros to print macro name in the error message
  * rpm: include macro name in errors for two args macros too
  * man: document F1 in sd-boot too
  * pid1: create ro private tmp dirs when /tmp or /var/tmp is read-only
  * Merge pull request #16340 from keszybz/var-tmp-readonly
  * test-fs-util: use log_info instead of printf
  * Merge pull request #16462 from keszybz/rpm-macro-warnings
  * Merge pull request #16398 from poettering/machined-varlink
  * Merge pull request #16468 from keszybz/two-unrelated-patches
  * Merge pull request #16396 from yuwata/network-configured-flag
  * Merge pull request #16480 from yuwata/network-fix-dhcp4-races
  * Merge pull request #16483 from poettering/man-env-d-no-session
  * hwdb/autosuspend: add missing parenthesis
  * udev: accept IMPORT{}= without any fuss
  * udev: accept OPTIONS+= without any fuss
  * man: add more details for IMPORT, PROGRAM and RUN keys
  * udev: tweak debug logs for udev rules
  * sd-device: use strjoin instead of asprintf
  * udevadm: use STR_IN_SET(), add comment
  * basic/string-table: reduce variable scope
  * udev: don't complain when udev_watch_end() is called without udev_watch_init()
  * udev: change the modalias string for usb devices to include the device name
  * Add autosuspend rules for emulated QEMU devices
  * sd-device: use LOG_PRI() in log_device_full()
  * tree-wide: use SYNTHETIC_ERRNO with log_device_* in more places
  * Merge pull request #16491 from keszybz/udev-logging
  * hwdb: allow spaces in usb: matches and similar patterns
  * hwdb: check that uppercase digits are used in modalias patterns
  * Move offline-password.[ch] to shared and add test-offline-passwd
  * shared/offline-passwd: look at /usr/lib/{passwd,group} too
  * Merge pull request #16505 from yuwata/network-manage-foreign-routes-cleanups
  * Merge pull request #16501 from yuwata/udev-fix-renaming
  * Merge pull request #16497 from DaanDeMeyer/mkosi
  * Merge pull request #16478 from bluca/dissect_tests
  * Merge pull request #16353 from yuwata/network-dns-sni
  * Merge pull request #16519 from yuwata/networkctl-altnames
  * sd-journal: when enumerating, continue even after an inaccessible field
  * journal: use -EPROTONOSUPPORT for unknown compression
  * journal/compress: fix zstd decompression with capped output size
  * journal/compress: remove loop in decompress_startswith_zstd()
  * TODO: add entry for XZ
  * homectl: fix warning about unused function
  * man: update docs with the new functions and other enhancements
  * Merge pull request #16540 from poettering/acl-fix
  * Merge pull request #16514 from keszybz/zstd-decompress-fix
  * Revert "man: add note about systemd-vconsole-setup.service and tty as input/output"
  * Merge pull request #16530 from yuwata/udev-fix-race-in-renaming-network-interface
  * test: increase timeout for test-path
  * test-path: decrease variable scope
  * Merge pull request #16536 from poettering/time-clock-map-fixes
  * core/job: adjust whitespace and comment
  * Revert "units: drop OnFailure= from .target units"
  * pid1: target units can fail through dependencies
  * semaphore: pull in tree explicitly
  * meson: do not choke on time epoch when there are no git tags
  * basic/terminal-util: define all foreground colors
  * Merge pull request #16557 from keszybz/two-ci-fixes
  * man: do not say that isolate is like switching runlevels
  * test-ordered-set: add a case where we get 0 for duplicate entries
  * Merge pull request #16532 from yuwata/network-sync-state-file
  * hwdb: update again for v246
  * NEWS: update contributors list for v246-pre
  * NEWS: reorder entries a bit and add a few items
  * test-fs-util: do not assume /dev is always real
  * test-path: increase timeout
  * test-ndisc-rs: increase timeouts
  * Bump /tmp size back to 50% of RAM
  * NEWS: mention new tmpfs limits
  * test-sleep: add more logging, show secure boot mode
  * test-terminal-util: print paragraphs of text in different colors
  * basic/terminal-util: rename our replacement highlight-yellow and test both the original and replacement
  * timesync: increase retry interval more slowly
  * repart: adjust --help and test output width
  * test-repart: also print json output
  * pid1: stop limiting size of /dev/shm
  * Merge pull request #16624 from keszybz/timesync-retry-interval
  * NEWS: last rites
  * NEWS: clarify two points
  * analyze-security: do not assign badness to filtered-out syscalls
  * Merge pull request #16609 from poettering/initrd-unit-fixes
  * Merge pull request #16308 from bluca/root_image_options
  * Merge pull request #16258 from hunger/master
  * man: describe that changing Storage= does not move existing data
  * docs: reword intro in DISCOVERABLE PARTITIONS
  * Merge pull request #16595 from bengal/bg/dhcpv6-fqdn
  * core: reset bus error before reuse
  * Merge pull request #16145 from poettering/qrcode-dlopen
  * Merge pull request #16260 from poettering/pcre2-dlopen
  * Merge pull request #16596 from  poettering/event-time-rel
  * Merge pull request #16652 from eliroca/adapt-tests-for-SUSE
  * journalctl: reshuffle console message about fss keys
  * test-nss: modernize a bit and print path to the loaded so file
  * test-seccomp: minor simpification
  * test-nss: do not assume all symbols are defined
  * bless-boot: add missing verb to --help
  * docs: rework awkward sentence in AUTOMATIC_BOOT_ASSESSMENT
  * man: fix typo
  * analyze: fix 'cat-config systemd/zram-generator.conf'
  * basic/extract-word: add EXTRACT_UNESCAPE_SEPARATORS mode
  * Merge pull request #16321 from bluca/mount_images
  * Merge pull request #16604 from poettering/tmpfiles-image
  * analyze-security: include an actual syscall name in the message
  * journal: adjust line about when the journal begins and ends
  * basic/string-util: reduce scope of variables
  * basic/utf8: rename parameter
  * shared/cgroup-setup: reduce scope of variables
  * missing_syscall: add forgotten check for __NR_get_mempolicy nonnegativity
  * missing_syscall: fix pidfd_{send_signal,open} numbers for alpha
  * missing_syscall: do not use function name that may conflict with glibc
  * Merge pull request #16761 from keszybz/missing-syscall-cleanup
  * Merge pull request #16687 from DaanDeMeyer/bootloader-machine-id
  * shared/seccomp: do not use ifdef guards around textual syscall names
  * shared/seccomp: use _cleanup_ in one more place
  * Merge pull request #16762 from poettering/homed-fixlets
  * meson: add syscall-names-update target
  * Revert "gitignore .pot file"
  * po: import the .pot file into version control
  * Merge pull request #16790 from poettering/core-if-block-merge
  * Merge pull request #16782 from keszybz/seccomp-use-cleanup
  * Merge pull request #16677 from poettering/statx-mntid
  * Merge pull request #16559 from benzea/benzea/memory-recursiveprot
  * test-acl-util: output more debug info
  * test-string-util: add a test for strjoin()
  * meson: fix build/man/{man,html} to support page redirects
  * meson: add ENABLE_ANALYZE conditional
  * man: add conditionals to more man pages
  * tree-wide: fix spelling of "fallback"
  * Merge pull request #16803 from poettering/analyze-condition-rework
  * Merge pull request #16686 from bluca/mount_images_opts
  * Merge pull request #16789 from keszybz/weblate
  * Merge pull request #16808 from yuwata/test-network-reconfigure-routing-policy-rules
  * shared/install: reduce scope of iterator variables
  * shared/install: fix preset operations for non-service instantiated units
  * man: import lxml formatting changes
  * man: update autogenerated dbus api lists
  * man: add RootImageOptions and associated bits to dbus api docs
  * docs: add man/update-dbus-docs step to release instructions
  * Merge pull request #16817 from keszybz/update-bus-api-docs
  * Merge pull request #16815 from weblate/weblate-systemd-master
  * missing_syscall: verify our fallback numbers when possible
  * basic/missing_syscall: add missing calls for s390x/ppc64el/arm64
  * basic/missing_syscall: fix syscall numbers for arm64 :(
  * sd-bus: add a variant of sd_bus_error_has_name() that takes multiple names
  * various: treat BUS_ERROR_NO_SUCH_UNIT the same as SD_BUS_ERROR_SERVICE_UNKNOWN
  * nss-resolve: treat BUS_ERROR_NO_SUCH_UNIT the same as SD_BUS_ERROR_SERVICE_UNKNOWN too
  * tree-wide: use sd_bus_error_has_names() in more places
  * shared: add @known syscall list
  * shared/seccomp: reduce scope of indexing variables
  * shared/syscall-list: filter out some obviously platform-specific syscalls
  * shared/seccomp-util: added functionality to make list of filtred syscalls
  * nspawn: return ENOSYS by default, EPERM for "known" calls
  * nspawn: turn on higher optimization level in seccomp
  * generate-syscall-list: require python3
  * Merge pull request #16824 from keszybz/no-such-unit-error
  * Merge pull request #16819 from keszybz/seccomp-enosys
  * Merge pull request #16816 from keszybz/install-templated-presets
  * Merge pull request #16767 from keszybz/missing-syscall-cleanup
  * Merge pull request #16777 from DaanDeMeyer/kernel-install-followup
  * Merge pull request #16676 from poettering/repart-mkfs
  * Merge pull request #16568 from poettering/creds-store
  * man: shorten description of recursive credential passing in nspawn
  * Merge pull request #16757 from poettering/nss-resolve-varlink
  * shared/acl-util: convert rd,wr,ex to a bitmask
  * Merge pull request #16847 from olivierlemoal/master
  * Merge pull request #16860 from poettering/tty-ask-pw-agent-list-fix
  * TEST-50: sfdisk is already installed by setup_basic_environment
  * tests/TEST-50: support the case when /etc/os-release is present
  * test/test-functions: do not execute strip_binaries twice
  * test-path: remove unnecessary check
  * meson: add "develop mode" config switch
  * basic/missing_capability: clean up our defines and check that our fallback is up-to-date
  * update-dbus-docs: print statistics at the end
  * update-dbus-docs: use argparse
  * update-dbus-docs: add test mode
  * Merge pull request #16863 from weblate/weblate-systemd-master
  * test: verify that dbus docs are fresh
  * update-dbus-docs: omit verbose output when in --test mode
  * update-dbus-docs: add hint
  * man: update dbus doc stubs
  * Merge pull request #16872 from keszybz/test-50
  * Merge pull request #16879 from keszybz/test-last-cap-and-dbus-docs
  * core: rename manager_unit_file_maybe_loadable_from_cache()
  * pid1: use the cache mtime not clock to "mark" load attempts
  * core: always try to reload not-found unit
  * Rework how we cache mtime to figure out if units changed
  * shared/{user,group}-record-nss: adjust filtering of "valid" passwords
  * basic/escape: use consistent location for "*" in function declarations
  * shared: merge {user,group}-record-show.[ch]
  * userdbctl: add forgotten --output mode in help
  * userdb: fix typo
  * man: add hint how to show password strings with userdbctl
  * varlink: do not parse invalid messages twice
  * json: split out string formatting to a separate function
  * basic: pass allocation info for ordered_set_new() and introduce ordered_set_ensure_put()
  * basic/hashmap,set: inline trivial set_iterate() wrapper
  * basic/hashmap,set: move pointer symbol adjactent to the returned value
  * Merge pull request #16877 from poettering/tmpfiles-statx
  * shared/utf8: add utf8_is_valid_n()
  * shared/json: reject non-utf-8 strings
  * test-json: add function headers
  * shared: merge {user,group}-record-nss.{c,h}
  * user-record-nss: check if strings from pwd/spwd/grp/sgrp are valid utf-8
  * TODO: add entry
  * Merge pull request #16922 from keszybz/ordered-set-ensure-allocated
  * Merge pull request #16925 from cgzones/selinux_create_label
  * Merge pull request #16853 from poettering/udev-current-tag2
  * Merge pull request #16882 from weblate/weblate-systemd-master
  * core/socket: we may get ENOTCONN from socket_instantiate_service()
  * core/socket: fold socket_instantiate_service() into socket_enter_running()
  * core/socket: use _cleanup_ to close the connection fd
  * Merge pull request #16044 from ssahani/resolved-interface
  * Merge pull request #16952 from yuwata/resolvectl-log-level-follow-ups
  * Merge pull request #16881 from yuwata/network-routing-policy-rule-cleanups
  * test-string-util,test-extract-word: add log headers
  * basic: add string_contains_word()
  * sd-login: use string_contains_word()
  * Add string_contains_word_strv()
  * shared/sleep-config: more logging and port to extract_first_word()
  * test-execute: simplify condition
  * test-execute/exec-dynamicuser-statedir.service: fix quoting
  * core/{execute, manager}: reduce scope of iterator variables a bit
  * core/manager: reindent table for readability
  * test-execute: check if private directories have bad permissions before running test_exec_dynamicuser()
  * udev-test: do not rely on "mail" group being defined
  * test-sizeof: print pointer sizes
  * Merge pull request #16957 from poettering/sd-bus-proto-def-move
  * Merge pull request #16854 from yuwata/sd-bus-error-set-errnofv
  * Merge pull request #16951 from yuwata/resolve-follow-ups-for-extra-dns-stub-listener
  * Merge pull request #16928 from poettering/statx-fallback
  * Merge pull request #16725 from yuwata/network-fix-ndisc-multiple-routers
  * core/unit: reduce scope of variables
  * tree-wide: define iterator inside of the macro
  * Merge pull request #16618 from yuwata/network-ipv6token-prefixstable
  * man: fix quickhelp listing in sysusers.d(5)
  * tree-wide: correct cases where return log_{error,warning} is used without value
  * basic/log: make log_{info,warning,...} return void
  * sleep: reword some debug messages
  * logind: use extract_first_word()
  * basic/cgroup-util: port over to string_contains_word()
  * sd-device: use extract_first_word()
  * Fix output value of sd_seat_get_sessions() and drop FOREACH_WORD use
  * Rewrite sd_machine_get_ifindices() to avoid FOREACH_WORD()
  * Let sd_machine_get_ifindices() omit the output param too
  * core/load-fragment: use extract_first_word()
  * cryptsetup: use extract_first_word()
  * delta: use extract_first_word()
  * sd-journal: use extract_first_word()
  * getty-generator: use extract_first_word()
  * nspawn: use extract_first_word()
  * Use extract_first_word() in generated conf parsers
  * shared/fstab-util: use free_and_str[n]dup()
  * shared/fstab-util: replace FOREACH_WORD_SEPARATOR() with open-coded loop
  * test-string-util: stop testing FOREACH_WORD
  * tree-wide: replace strv_split_full() with strv_split_extract() everywhere
  * Remove FOREACH_WORD and friends
  * Rename strv_split_extract() to strv_split_full()
  * systemctl: list unit introspection verbs first, modification second
  * Merge pull request #16997 from poettering/foreach-word-followup
  * Merge pull request #16985 from poettering/resolve-dns-stub-extra-fixlets
  * resolve: move handler functions higher
  * resolved: unify the two functions to create extra stubs
  * resolved: unify the two functions to create main stubs
  * test-in-addr-util: add log headers
  * test-socket-netlink: print the proper expected string
  * shared/socket-netlink: only allow ifindex if explicitly supported
  * basic: convert ifname_valid_full() to take flags and allow numeric interfaces
  * basic: show interface scope in sockaddr_pretty()
  * shared: check interface name validity in in_addr_port_ifindex_name_from_string_auto()
  * Get rid of in_addr_port_from_string_auto() again
  * shared: make socket_address_parse use the generic parser for IPv[46] addresses
  * shared: don't unconditionally set SOCK_STREAM as type in socket_address_parse()
  * resolved: drop duplicated check
  * Allow interface scopes to be specified in ListenStream=
  * shared/socket-netlink: set output in socket_address_parse_netlink() only on success
  * Use sockaddr_un_set_path() in socket_address_parse()
  * Minor simplification in sockaddr_un_set_path()
  * Merge pull request #17000 from poettering/network-fixlets
  * Merge pull request #17003 from yuwata/conf-parser-downgrade-log-level
  * Merge pull request #16933 from poettering/copy-hardlinks
  * Merge pull request #17009 from poettering/rootprefix-noslash
  * systemctl: add service-log-{level,target} verbs
  * systemctl: merge log_target(), log_level(), service_log_setting()
  * systemctl: immediately reject invalid log levels
  * Merge pull request #17039 from poettering/dbus-default-dep
  * Merge pull request #17031 from poettering/path-start-limit
  * systemctl: give a nice hint about org.freedesktop.LogControl1 when applicable
  * test: use pclose() for popen()
  * basic/copy: vodify unlinkat() call
  * Add a helper function that does make_salt+crypt_r
  * shared/libcrypt-util: use libcrypt_ra()
  * Move test_password_{one,many} to libcrypt-util.c
  * Add reciprocal test for password hashing and checking
  * Make test_password_{one,many} also use crypt_ra()
  * shared/libcrypt-util: include fewer headers
  * meson: test if we have libcrypt_ra
  * Check for crypt_gensalt_ra() instead of relying on libxcrypt presence
  * shared/libcrypt-util: add fallback for crypt_ra()
  * shared/libcrypt-util: do not refuse passwords if some other hash is unsupported
  * test-libcrypt-util: skip test on ppc64 with no xcrypt
  * test-libcrypt-util: before doing anything check what methods are available
  * sd-bus: allow localhost addresses
  * socket-proxy: allow localhost addresses
  * meson: RC_LOCAL_SCRIPT_PATH_START to RC_LOCAL_PATH
  * man: substitute path to rc.local in the man page
  * man: reorder autogenerated dbus api lists
  * Merge pull request #17067 from keszybz/rc-local-path
  * man: update autogenerated dbus docs
  * meson: make "developer" mode the default
  * mkosi: stop pulling in libtool
  * mkosi: update rules in mkosi.default.networkd-test boot
  * Merge pull request #17085 from yuwata/network-configure-mdb-entries-on-bridge-master
  * test-path-util: also check filename_is_valid() with paths with slashes
  * test-execute: include test location in error output
  * core/load-fragment: don't treat "; ;" as "/usr/bin/;"
  * core: use X_OK when looking for executables
  * Add CLOSE_AND_REPLACE helper
  * Rename find_binary to find_executable
  * basic/path-util: inline two trivial functions
  * basic/path-util: enhance find_executable() for the fixed path case
  * core: resolve binary names immediately before execution
  * core/execute: reduce indentation level a bit
  * update-dbus-docs: skip test lxml is not available
  * Merge pull request #17102 from weblate/weblate-systemd-master
  * Merge pull request #17100 from poettering/homed-fixes
  * update-dbus-docs: skip test if python is too old
  * core/namespace: drop bitfield annotations from boolean fields
  * activate: reduce scope of iterator variable
  * various: remove assignments of unread variables
  * test-bus-chat: add missing return value in check
  * sd-{login,netlink,network}: use TAKE_FD() in more places
  * logind: use _cleanup_ in one more place
  * shared/conf-parser: drop redundant cast to boolean
  * test/run-integration-tests: do not run the tests if only "clean" is passed
  * Merge pull request #17109 from fbuihuu/udev-opts-tweaks
  * Merge pull request #16938 from poettering/homed-rtc-wrong
  * core: don't try to load units from non-absolute paths
  * run: let systemd resolve the path with RootDirectory=/RootImage=
  * Merge pull request #17145 from poettering/kill-chmod-and-chown-unsafe
  * core: remember when we set ExecContext.mount_apivfs
  * core: turn on MountAPIVFS=true when RootImage or RootDirectory are specified
  * TEST-50-DISSECT: drop now-unneeded MountAPIVFS=yes and full paths to executables
  * tree-wide: drop assignments to r when we only need errno
  * nspawn: give better message when invoked as non-root without arguments
  * cryptsetup-generator: drop unused fstat()
  * cryptsetup: upgrade log line for option parsing error
  * test: switch TEST-02-CRYPTSETUP and TEST-24-UNITTESTS
  * test-seccomp: accept ENOSYS from sysctl(2) too
  * basic/strv: allow escaping the separator in strv_join()
  * core/execute: escape the separator in exported paths
  * fstab,crypttab: allow escaping of commas
  * man: describe comma escaping in crypttab(5)
  * Merge pull request #17132 from keszybz/test-suite-update
  * Move {uid,gid}_is_*() from basic to shared
  * coredump: use uid_is_system() when appropriate
  * Merge pull request #17190 from poettering/udev-opath
  * Merge pull request #17199 from poettering/log-tid
  * man,units: link to the new dbus-api man pages
  * man: adjustments in file-hierarchy(7)
  * man: explain why TZ=: is used
  * man: reword description of "-" in sysctl.d(5)
  * man: refer to the right man page for Environment=
  * man: do not index various /foobar/ paths
  * man: link to fork(2) more prominently
  * man: in systemd-nspawn(1), refer to systemd.exec(5) for the shared stuff
  * man/systemd.network(5): unify descriptions of MUDURL=
  * man: assorted small fixes
  * man/html: fix invocation for pages which are *not* symlinks
  * man: update rules
  * man: correct various links
  * Look at /etc/login.defs for the system_max_[ug]id values
  * Also parse the minimum uid/gid values
  * shared/uid-range: reduce scope of iterator variables
  * basic/fileio: add chase_symlinks_and_fopen_unlocked()
  * test/TEST-21-SYSUSERS: turn into a unit test
  * test-sysusers: sort examples
  * test-sysusers: fix how paths are calculated
  * sysusers: look at login.defs when setting the default range to allocate users
  * tests: when creating temp dirs, include test name in path
  * sysusers: emit warnings about login.defs overrides on first user or group creation
  * Merge pull request #17219 from poettering/exec-root-dir
  * Merge pull request #17230 from mrc0mmand/coccinelle_fixes
  * NEWS: shorten/reword some things
  * man: reword of fido2 key derivation
  * man: reword the descriptions of VXLAN DestinationPort= and PortRange=
  * man: reword description of KillOnlyUsers=/KillExcludeUsers=
  * man: use paragraphs in descriptions of /tmp and /var/tmp
  * man: add a note about flags on /tmp and /var/tmp
  * man: use trailing slash on directories in more places
  * man: add note that %T/%V don't have the trailing slash
  * Merge pull request #17251 from keszybz/two-man-pages-tweaks
  * Document some reasonable DNS servers in the example config file
  * systemctl: fix reversed arguments in function call
  * networkd: add assert to appease coverity
  * tmpfiles,sysusers: disable --image= support in standalone versions
  * logind: print what action is ignored
  * logind: fix taking of inhibitors
  * Merge pull request #17292 from poettering/idn-dlsym
  * basic/selinux: work around mallinfo deprecation
  * test-env-util: print function headers
  * basic/env-util: (mostly) follow POSIX for what variable names are allowed
  * systemctl: ignore invalid variables in import-environment
  * hwdb: update for v247
  * test-login: always test sd_pid_get_owner_uid(), modernize
  * pager: make pager secure when under euid is changed or explicitly requested
  * Merge pull request #17316 from yuwata/network-address-ipv4-peer-issue-17304
  * Merge pull request #17267 from yuwata/hashmap_put_strdup
  * sd-bus: add debug logs where we try to connect
  * sd-bus: add custom return code when $XDG_RUNTIME_DIR is not set
  * core/execute: refactor creation of array with fds to keep during execution
  * sd-bus: break the loop in bus_ensure_running() if the bus is not connecting
  * Merge pull request #17354 from dtardon/udev-cleanup
  * hwdb: update chromiumos autosuspend rules
  * hwdb: reindent commments and say that "*" should always be trailing
  * hwdb: add missinging ":*" suffix
  * Merge pull request #15206 from anitazha/systoomd-v0
  * oomd: check number of arguments, add --version, fix indentation
  * oomd: add names to dbus parameters and implement --bus-introspection
  * man: add org.freedesktop.oom1(5) stub
  * meson: enable oomd by default in developer mode
  * NEWS: add blurbs about -Dmode= and oomd/oomctl
  * hwdb: add trailing ":*" everywhere
  * parse_hwdb: enforce the ":*" suffix
  * man: describe wildcards and range matches in hwdb syntax
  * tree-wide: update web link to logind description
  * Merge pull request #17367 from bluca/fix_test_50_ubuntu
  * Merge pull request #17369 from poettering/kill-log
  * shared/daemon-util: fix notify_on_cleanup()
  * logind: use notify_start/notify_on_cleanup
  * logind: minor indentation adjustments
  * tree-wide: update web link to logind description
  * hwdb: drop quotes from XKB_FIXED_*= properties
  * sd-hwdb: allow empty properties
  * sd-hwdb: reduce variable scope, use periods
  * shared/clean-ipc: improve error message a bit
  * test-ipcrm: modernize, skip test on permission errors
  * resolvectl: break nta/domain/dns listings with newlines
  * man: add example of negative trust anchor file
  * resolvectl: add the usual typedef for struct link_info/global_info
  * resolvectl: sort domain/nta output
  * resolvectl: use compat status string instead of a field-by-field table
  * format-table: reduce scope of iterator variables
  * Merge pull request #17395 from keszybz/hwdb-drop-quotes
  * test-path: more debugging information
  * test-path: do not fail the test if we fail to start a service because of cgroup setup
  * test-path: use Type=exec
  * xdg-autostart-generator: use Type=exec
  * tests: replace the few remaining Type=simple with Type=exec
  * test-path: start infinite sleep instead of a short command
  * meson: convert developer_mode boolean to an enum
  * man/systemd-resolved: reword the description of query a bit
  * man/org.freedesktop.resolve1: briefly document a bunch of methods and properties
  * man: document differences between nss-resolve and nss-dns
  * resolved.conf: add empty DNSStubListenerExtra=
  * resolved: add trailing newlines in generated file
  * tests: add helper function to autodetect CI environments
  * test-path: relax test in "ci" and "release" modes
  * format-table: add TABLE_STRV_WRAPPED
  * resolvect: use wrapping for various lists
  * resolvectl: wrap the extended status string too
  * Merge pull request #17185 from yuwata/ethtool-update
  * Merge pull request #17417 from anitazha/more_systoomd
  * basic/env-util: make function shorter
  * Revert "basic/env-util: (mostly) follow POSIX for what variable names are allowed"
  * man: document what variables are allowed
  * meson: sort include dirs
  * shared/qrcode-util: reduce scope of iterator variables
  * Merge pull request #17430 from yuwata/network-drop-foreign-routes-managed-by-manager
  * NEWS: mention IPv6PrefixDelegation→IPv6SendRA renaming
  * NEWS: update contributors list for v247-rc1
  * NEWS: v247-rc1
  * syscall-names: add process_madvise which is planned for 5.10
  * meson: simplify with_runlevels ternany op usage
  * Revert "units: add initrd-cryptsetup.target"
  * man/machinectl: fix pull-raw example
  * man: update fedora version
  * journal,homectl: unify implementations of libqrencode loading and fss key printing
  * test: add a simple test for the qr printing code
  * meson: fix setting of ENABLE_OOMD
  * Merge pull request #17438 from anitazha/systoomd_quick
  * Merge pull request #17455 from poettering/packet-auxdata
  * Merge pull request #17467 from keszybz/unconditionally-pull-in-cryptsetup-remote
  * Merge pull request #17454 from keszybz/journal-dlopen-cleanup
  * Merge pull request #17435 from poettering/event-shuffle-refactor
  * tree-wide: use the usual SPDX header for our own files
  * time-wait-sync: drop gpl snail mail boilerplate
  * headers: add spdx tags to imported files with a known license
  * headers: use custom LicenseRef- spdx tag for various "public domain" files
  * Merge pull request #17476 from poettering/resolved-tweaks
  * Merge pull request #17472 from keszybz/spdx-license-headers
  * Merge pull request #17444 from BtbN/fix_ib_dhcp4
  * Partially revert "hwdb: add trailing ":*" everywhere"
  * Revert "parse_hwdb: enforce the ":*" suffix"
  * Partially revert "hwdb: reindent commments and say that "*" should always be trailing"
  * Merge pull request #17493 from Villemoes/va-arg-simplifications
  * Merge pull request #17517 from keszybz/revert-hwdb-trailing-colon
  * Merge pull request #17521 from poettering/resolved-more-fixes
  * sd-login: fix parsing in sd_uid_is_on_seat
  * selinux: also try the netlink-based fallback and continue on permission error
  * basic/path-util: let find_executable_full() optionally return an fd
  * core: use fexecve() to spawn children
  * core/execute: fall back to execve() for scripts
  * shared/exec-util: use our own execveat() wrapper instead of fexecve()
  * test-execute: make sure shell execs the child
  * shared/exec-util: fall back to execve() also on permission errors
  * meson: add option for fexecve use
  * Merge pull request #17548 from yuwata/license-update
  * Merge pull request #17551 from yuwata/radv-router-lifetime
  * udev: log when we fail to query ID_NET_DRIVER
  * Merge pull request #17431 from msekletar/udev-link-update-race
  * sd-event: update state at the end in event_source_enable
  * sd-event: increase n_enabled_child_sources just once
  * sd-event: minor modernization
  * pid1: expose "extrinsic" status of swaps and mounts
  * basic/env-util: add little helper to call setenv or unsetenv
  * tree-wide: unsetenv cannot fail
  * libsystemd-network: add comment explaining unusual memory access
  * basic/fileio: constify struct timespec arguments
  * Merge pull request #17566 from poettering/v247-rc2-prep
  * user: move "extrinsic" units to their root slice
  * NEWS,man: tweak the description of FixedRandomDelay=
  * meson: use "_" as separator in test names
  * Merge pull request #17561 from yuwata/man
  * meson: allow oomd to be enabled even in release mode
  * NEWS: describe the new user slices
  * Merge pull request #17614 from jwrdegoede/hwdb-logitech-kbd-fixes
  * Merge pull request #17612 from yuwata/fix-man-pages
  * Merge pull request #17603 from yuwata/systemctl-fix-underline
  * meson: use proper variable for libudev.h path
  * test: let's start getting ready for 2020
  * Merge pull request #17597 from yuwata/fix-typo
  * Merge pull request #17599 from yuwata/meson-fuzz-tests
  * man/systemd.netdev: don't say "ranges"
  * man/systemd.netdev: remove bogus markup
  * network: use the common "cannot" form
  * Merge pull request #17584 from yuwata/news-networkd
  * man: drop misplaced phrase
  * NEWS,man: improve descriptions of Independent=
  * Merge pull request #17643 from keszybz/man-news-independent
  * Merge pull request #17640 from keszybz/meson-test-c++20
  * hwdb/60-keyboard: untabify and move comments to the same column
  * test/udev-test: gracefully exit when imports fail
  * Merge pull request #17651 from yuwata/the-the
  * Merge pull request #17667 from fbuihuu/fix-module-loading-from-udev-rule
  * Merge pull request #17721 from poettering/more-strjoin-cryptsetup
  * Merge pull request #17715 from yuwata/specifier-follow-ups
  * Merge pull request #17622 from yuwata/udev-database-set-udev-version
  * docs/RELEASE: clarify which steps are done when
  * hwdb: update for v247
  * hwdb: update chromiumos autosuspend rules
  * NEWS: version 247
  * NEWS: fix kernel version number reference
  * shared/seccomp-util: address family filtering is broken on ppc
  * Merge pull request #17738 from keszybz/hwdb-news-update-v247
  * NEWS: really fix kernel version number reference
  * Merge pull request #17732 from yuwata/core-use-synthetic_errno
  * Merge pull request #17734 from yuwata/parse-hwdb
  * test-networkd-conf: add missing assert_se
  * man: adjust description of MaxAttempts
  * sd-dhcp-client: minor simplification
  * networkd: merge ll addressing fallback modes into normal "boolean" values
  * sd-dhcp-client: report transient DHCP failure to the caller
  * networkd: start ipv4ll when dhcp has trouble getting a lease
  * meson: add missing "S" to SYSTEMD_CGROUPS_AGENT_PATH
  * Merge pull request #17524 from poettering/fileio-offset
  * Merge pull request #17703 from poettering/event-ratelimit
  * Merge pull request #17692 from yuwata/ipv4ll
  * pager: stop disabling urlification under a pager
  * meson: allow fuzzers to be built even if fuzz testing is disabled
  * Merge pull request #17798 from yuwata/ipv4ll-follow-ups
  * Merge pull request #17707 from yuwata/network-fix-reconfigure
  * Merge pull request #17804 from poettering/write-resolve-conf-less
  * shared/build: make the version string definition less terrible
  * Merge pull request #17834 from yuwata/network-ipv6-reject-type-route
  * Merge pull request #17874 from DaanDeMeyer/mkosi-build-verbosity
  * Make support for nscd flushing optional
  * Merge pull request #17766 from weblate/weblate-systemd-master
  * Merge pull request #17871 from yuwata/sd-device-issue-17772
  * networkd-test: add final newlines in generated files, use .format()
  * json: log location also when there is no file
  * basic/static-destruct: fix grammar in comment
  * Drop compat "gateway" name
  * nss-resolve: initialize logging, log json errors
  * nss-systemd: initialize logging
  * nss-mymachines: initialize logging
  * basic/log: add debug-level log_oom() variant
  * network: adjust comments
  * Merge pull request #17935 from yuwata/network-fix-another-race-in-link-reconfigure-17929
  * pid1: stop making /dev noexec
  * varlink: add debug logging
  * man/hostnamectl,hostaned,hostname1: adjust the docs to match reality
  * hostnamed: expose the fallback-hostname setting as a const dbus property
  * hostnamed: fix return value
  * Move hostname setup logic to new shared/hostname-setup.[ch]
  * shared/hostname-setup: add mode where we check what would be set, without doing
  * shared/hostname-setup: leave the terminator byte alone
  * hostnamed: when hostname is set to existing value, suppress notifications
  * hostnamed: minor style cleanups
  * hostnamed: improve message about static hostname
  * hostnamed: stop discriminating against "localhost" in /etc/hostname
  * hostnamed,shared/hostname-setup: expose the origin of the current hostname
  * Merge pull request #17799 from yuwata/oss-fuzz-25353
  * test-login: skip consistency checks when logind is not active
  * Merge pull request #18001 from systemd/wip/hadess/unsupported-dmi
  * meson: make each dmidecode a separate test
  * test: add one more dmidecode dump
  * Merge pull request #18088 from bluca/test_force_nspawn
  * man: improve description of environment block creation
  * systemctl: deprecate blanket import-environment
  * shell-completion: fix systemctl set/unset/import-environment
  * meson: fix git ls-files invocations during rebase
  * man: s/dash/mdash/
  * sysctl.d: shorten comment
  * nspawn: minor modernization
  * basic/env-util: modernization
  * Merge pull request #18244 from anitazha/systemctledit
  * Merge pull request #18197 from weblate/weblate-systemd-master
  * systemctl: avoid warning about signed-unsigned compare on 32 bits
  * meson: download full syscall tables from hrw/syscalls-table
  * syscalls: update tables
  * tree-wide: use curl --fail
  * src/basic: generate missing syscall headers programatically
  * rpm: expose $systemd_util_dir also as rpm macro
  * Merge pull request #18263 from keszybz/syscalls-auto
  * Merge pull request #18289 from yuwata/core-load-fragment-cleanups
  * resolved: fix use-after-free with queries hitting the cache
  * Merge pull request #18300 from yuwata/analyze-verify-18252
  * systemctl: print a warning when trying to import a nonexistent variable
  * Allow control characters in environment variable values
  * systemctl: warn when importing environment variables with control characters
  * Revert "test-functions: make sure we test our own libudev instead of the host libudev"
  * Merge pull request #18327 from benzea/benzea/libfprint-autosuspend-hwdb
  * Merge pull request #18361 from anitazha/oomdconfigtime
  * Merge pull request #18363 from bluca/test_image_reuse
  * libsystemd: fix typo in symbol versioning
  * Merge pull request #18365 from DaanDeMeyer/update-man-rules-mkosi
  * Merge pull request #18340 from ddstreet/integration-tests-no-build
  * meson: rename target to update-dbus-docs
  * meson: rename target to update-man-rules
  * meson: rename target to update-hwdb
  * meson: rename target to update-hwdb-autosuspend
  * Drop obsolete vimrc file
  * generate-sys-test: modernize Python and C code
  * generate-dns_type-gperf: modernize python syntax
  * sysv-install.skeleton: use CC0 as the license
  * udev.pc: add license header
  * missing-syscalls: add license header in the version-controlled generated file
  * tree-wide: add spdx header on all scripts and helpers
  * tree-wide: add spdx header on source files
  * timesync: add header to distributed file
  * docs: expose GVARIANT-SERIALIZATION as markdown
  * Use .txt as the extension for syscall list file
  * Use .txt as the extension of arch syscall lists
  * tools: rename helper to match target name
  * kernel-install: add boilerplate on installed .install files
  * license: LGPL-2.1+ -> LGPL-2.1-or-later
  * networkd: add header to distributed "config" files
  * po: specify LGPL-2.1+ for all translation files
  * Merge pull request #18392 from keszybz/update-target-rename
  * meson: fix indentation in one spot
  * docs: add missing plural in title reference
  * man: rework description of --timestamp
  * man: various typos and other small issues
  * Merge pull request #18395 from bluca/make_docs_img_clean
  * man: use ellipses for ranges in range descriptions
  * resolved: minor cleanups
  * resolved: use reference counting for DnsQueryCandidate objects
  * Merge pull request #18320 from yuwata/network-reduce-trigger-network-events
  * meson: remove one more instance of install_dir:bindir
  * man: move content from the wiki to systemd.preset(5)
  * meson: take oomd out of the doghouse
  * meson: use ellipses for ranges
  * Deprecate builds with split-usr, prepare for removal
  * Merge pull request #18355 from DaanDeMeyer/resolved-discover
  * Merge pull request #18444 from anitazha/proprename
  * man: reword the description of "main conf file"
  * core: map io.bfq.weight to 1..1000
  * update-dbus-docs: say "MODIFIED" not "OUTDATED"
  * update-dbus-docs: use color in summary
  * core: drop references to Upstart
  * Merge pull request #18331 from yuwata/test-udev-event-spawn
  * Merge pull request #18375 from yuwata/cli-tools-also-read-kernel-command-line
  * systemctl: move telinit execcing out of parse_argv()
  * xdg-autostart-generator: sort header includes
  * Merge pull request #18346 from yuwata/hostnamectl-try-to-set-transient-hostname
  * fuzz-journal-remote: do not assert on resource conditions
  * Merge pull request #18416 from yuwata/strverscmp
  * fuzz-systemctl-parse-argv: a new fuzzer
  * systemctl: remove comment about --failed being deprecated
  * test-tables: fix warning about NULL used in printf
  * test-tables: make the assert more readable
  * core: do not initialize variable which is unconditionally set below
  * Add comma in structured initialization in a few places
  * core: drop bitfields in Manager object
  * sd-event: drop one bitfield from sd_event_source
  * shared/json: make JsonVariant.type field wider
  * sd-netlink: pahole optimization of sd_netlink_slot
  * sd-bus: drop some bitfields in sd_bus_slot
  * udev: make sure UdevBuiltinCommand is properly converted
  * tree-wide: use -EINVAL for enum invalid values
  * Return -EINVAL from _from_string() functions
  * tree-wide: propagate error code from _from_string() functions
  * machinectl: write arg_* only after verifying the value
  * resolved: rework a few functions to return early on error
  * test-string-util: add missing comma
  * Merge pull request #18542 from yuwata/bash-completion-update
  * Merge pull request #17823 from poettering/resolved-just-bypass
  * Merge pull request #18545 from poettering/netlink-seqno-fix
  * udev: add assert to make coverity happy
  * shared/generator: add missing initializer
  * sd-journal: add forgotten unmap in error path
  * fsck: make sure we don't read an unitialized variable
  * basic/locale-util: reduce variable scope
  * homework: reduce scope of iterator variables
  * homework: fix unitialized variable
  * Merge pull request #17902 from bugaevc/fix-container-detection
  * sd-bus: extend sd_bus_message_read_strv() to paths and signatures
  * sd-bus: standarize on NULL for empty signature in method calls
  * core: split out a few funcs into unit-serialize.[ch]
  * core: add helper macros for deserialization
  * manager: remove unnecessary conditional
  * core: pahole optimization of struct Unit
  * Merge pull request #18544 from yuwata/tree-wide-use-error-in-xxx_from_string
  * syscall-tables: add missing preposition and fix file name path
  * hwdb: update for v248
  * NEWS: start preparing for v248
  * Merge pull request #18401 from anitazha/oomdxattr
  * basic/string-table: inline the iterator declaration
  * systemctl: inline iterator declarations
  * basic/unit-file: when loading linked unit files, use link source as "fragment path"
  * TEST-15-DROPINS: add test for linked units
  * systemctl,loginctl,machinectl: use a shared helper for arg_signal
  * systemctl,loginctl,machinectl: add --signal=list
  * basic/signal-util: drop unneeded extra byte from buffer
  * Move and rename parse_path_argument() function
  * Move and rename parse_json_argument() function
  * test-parse-argument: add a test for the three parse_*_argument() functions
  * systemctl: use argv[0] not program_invocation_short_name for arg dispatch
  * fuzz-systemctl-parse-argv: add argv[0] values to corpus
  * basic/env-util: add variant of strv_env_replace() that does strdup internally
  * manager: fix memleak on repeated systemd.setenv keys
  * core: add Unit.Markers property
  * core/dbus-unit: reduce scope of iterator variables
  * core: allow Markers to be set using set-property
  * core: add EnqueueMarkedJobs method to reload/restart marked units
  * core: wrap long lines
  * systemctl: reduce scope of iterator variables
  * systemctl: add "reload-or-restart --marked"
  * Move rpm stuff into a separate src/rpm/ directory
  * rpm: pull in the alternative trigger implementation in sh
  * rpm: sync the shell version of triggers.systemd with the lua version
  * rpm: simplify daemon-reload trigger
  * rpm: order sysctl/sysusers/tmpfiles execution before package scriptlets
  * rpm: restart services in %posttrans
  * Merge pull request #18604 from poettering/resolved-minor-tweaks
  * Merge pull request #18481 from keszybz/rpm-restart-post-trans
  * Merge pull request #18571 from bluca/portable_dbus_doc
  * fuzz-systemctl-parse-argv: avoid "leak" of bus object
  * analyze: use typedefs for structs and inline iterator variable decls
  * basic/capability-util: add missing initialization
  * coredump: add typedef for struct
  * networkd-ndisc: drop confused freepp function
  * resolved: make dns_transaction_gc return a pointer
  * networkd: make network_config_section_free() inline
  * locale: inline iterator variable declarations
  * shared/user-record: inline iterator variable declarations
  * basic/env-util: add strv_env_assign() helper
  * basic/env-util: drop now-unused strv_env_set()
  * test-env-util: add tests for the two new functions
  * shared/exec-util: fix minor memleak
  * Refactor strv_env_replace() into strv_env_replace_consume()
  * tree-wide: return NULL from freeing functions
  * tree-wide: reset the cleaned-up variable in cleanup functions
  * systemctl: use free_and_replace on global variable
  * fuzz-systemctl-parse-argv: call static destuctors
  * Rename strbuf_cleanup to strbuf_free
  * Rename unit_times_free to unit_times_free_array
  * systemd: don't try to run as user manager when called without any arguments
  * Merge pull request #18641 from benjarobin/fix-enum-invalid-val
  * Merge pull request #18632 from yuwata/network-nexthop-add-family
  * tree-wide: add a helper to parse boolean optarg
  * tree-wide: use parse_boolean_argument() for variables with non-boolean type
  * journal-remote: convert to parse_boolean_argument() and fix type confusion
  * journal-remote: inline one more iterator variable declaration
  * systemctl: hide legends with --quiet, allow overriding
  * shell-completion: complete --legend=no for resolvectl and systemctl
  * sysctl: downgrade warning about excluded keys
  * rfkill: improve error logging
  * rfkill: use short writes and accept long reads
  * Merge pull request #18665 from poettering/resolved-fastopen
  * Merge pull request #18557 from poettering/enum-force-s64
  * Merge pull request #18679 from keszybz/rfkill-size-leniency
  * Recommend drop-ins over modifications to the main config file
  * docs/ENVIRONMENT: syntax highlighting and some rewordings
  * tree-wide: fix links to systemd.io pages
  * man: fix links to various pages
  * xdg-autostart-generator: reindent
  * xdg-autostart-generator: ignore DBusActivatable=true
  * Merge pull request #18646 from yuwata/network-ip-masquerade-follow-ups
  * basic/alloc-util: also reset the cleaned-up variable in freep()
  * Merge pull request #18702 from poettering/news-v248-more
  * Merge pull request #18703 from poettering/cgroupsv1-bad
  * sysctl.d: silence warning if net.core.default_qdisc cannot be set
  * shared/conf-parser: allow more than one location of the main config file
  * manager: read ~/.config/systemd/user.conf in user mode
  * Merge pull request #18684 from yuwata/sd-device-cleanups-and-udevadm-fix
  * fuzz-systemctl-parse-argv: add "telinit" to the argv[0] list
  * Merge pull request #18735 from poettering/some-doc-fixes
  * basic/env-util: add putenv_dup()
  * manager: add ManagerEnvironment configuration setting
  * man: use ~/.config instead of XDG_CONFIG_HOME
  * os-release: add the DEFAULT_HOSTNAME= setting
  * sysext: move extension_release_validate() out of os-util.c
  * Move os-util.[ch] to basic/
  * basic/os-util: make the sentinel implicit
  * Allow the fallback hostname to be overriden using an environment variable
  * Use the DEFAULT_HOSTNAME field from os-release
  * hostnamed: rename FallbackHostname to DefaultHostname
  * docs: align tables vertically to top
  * Stop using f-strings in generate-sym-test.py
  * Revert "generate-dns_type-gperf: modernize python syntax"
  * Merge pull request #18575 from bugaevc/aa
  * Merge pull request #18704 from keszybz/fallback-hostame-override
  * NEWS: a few more entries for v248-rc1
  * test-dns-packet: fix leak of DnsResourceRecord object
  * Merge pull request #18745 from keszybz/stop-using-fstrings
  * shared/condition: add ConditionControlGroupController=v1|v2
  * Merge pull request #18741 from poettering/stub-no-cname
  * NEWS: add contributors
  * meson: bump version numbers
  * resolved: add another explanatory message to stub resolv.conf files
  * Merge pull request #18751 from anitazha/oomdconditions
  * NEWS: add ConditionCGC=v12 and the hostname stuff
  * man: add a description of how manager env block is set
  * Merge pull request #18765 from keszybz/more-docs
  * Merge pull request #18763 from poettering/cov-fixes
  * Merge pull request #18730 from yuwata/dhcp6-client-do-not-set-t1-t2-18090
  * meson: refuse when prefix is not a child of rootprefix
  * Merge pull request #18018 from bluca/mount_images_overlay
  * resolved: inline trivial function
  * core/namespace: inline more iterator variable declarations
  * shared/dissect-image: inline iterator variables
  * libudev: fix typo in docstring
  * man: fix grammaro
  * man: use markup more in description of ManagedOOMPreference=
  * man: drop misplaced spaces and parenthesization
  * man: explain settings in timesyncd.conf(5)
  * timesync: rename variable to match config name
  * man: say that hostname must can be a fqdn or not
  * man: fix two issues in udev(7)
  * man: advertise shared drop-ins more
  * man: remove details of ManagedOOMPreference implementation
  * man: make systemd-coredump and coredumpctl descriptions more accessible
  * core: change confusing parameter name
  * NEWS: fix path
  * test-socket-util: fix test for address parsing w/o IPv6 support
  * man: describe coredump fields
  * coredump: indent comment
  * man: rename less-variables→common-variables
  * man: describe various logging configuration variables
  * basic/log: align tables
  * man: reuse common-variables in systemd(1)
  * man: move description of $SYSTEMD_SYSVINIT_PATH to the only user
  * man: describe the syntax for {Job,}{Running,}TimeoutSec=
  * man: move motivational explanation to footnote
  * man: add footnote explaining why "localhost" query is sent out to the network
  * man: reorder match types in udev rules
  * man: mention that != matches nonexistent keys too
  * man: explain how to invoke tmpfiles for debugging
  * man: move quoting description to systemd.syntax
  * man: describe quoting and specifiers in Environment=
  * man: tweak descriptions of how tmpfiles should be started
  * man: say that machine-info doesn't have to exist
  * Merge pull request #18828 from keszybz/three-fixes
  * Merge pull request #18827 from keszybz/a-bunch-of-man-page-updates
  * man: update link to systemd-coredump-python
  * man: clarify what is inside/outside the container in coredump info
  * man: move two sysv-specific variables to docs
  * man: document \u and \U, say that utf-8 is allowed
  * resolved: unref event object after the sources
  * resolved: disable event sources before unreffing them
  * man: add note about "SIG" prefix
  * man: reword sentence about lone coredumps
  * coredumpctl: show container hostame
  * core: fix mtime calculation of dropin files
  * Move basic/kbd-util to shared/
  * shared/kbd-util: fix return value confusion with nftw()
  * shared/kbd-util: return error on resource errors
  * localed: refuse to set a keymap which is not installed
  * shared/kbd-util: simplify suffix stripping
  * Merge pull request #18773 from yuwata/network-move-several-functions
  * Merge pull request #18852 from yuwata/tree-wide-use-UINT64_MAX
  * network-wait-online: use sd_event_add_time_relative()
  * Drop parens from around already-parenthesized defines
  * Drop some (size_t) casts
  * bus/bus-match: inline iterator variable declarations
  * bus/bus-match: use "ret_" prefix for output parameters
  * fuzz-bus-message: move sources to src/libsystemd/
  * sd-bus: fix memstream buffer extraction
  * sd-bus: let bus_match_dump() take an output file
  * sd-bus: avoid alloc and missing oom check in bus_match_dump()
  * test-bus-match: small modernization
  * fuzz-bus-match: new fuzzer
  * fuzz-bus-match: add example from bugzilla#1935084
  * sd-bus: fix memleak in failure path in bus_match_parse()
  * fuzz-main: allow the number of runs to be overridden
  * docs: document fuzzer variables
  * sd-bus: remove unnecessary variable
  * core: fix netns/ipcns socket confusion
  * journal-remote: check return value from MHD_add_response_header
  * basic/os-util: adjust indentation
  * basic/namespae-util: avoid one allocation
  * TEST-15-DROPINS: improve check
  * Merge pull request #18907 from mrc0mmand/test-dissect-sanitizers
  * Merge pull request #18908 from mrc0mmand/fix-packit
  * homed: wrap some very long lines
  * homed: disable event sources before unreffing them
  * homed: unref the sd_event object after the sources
  * syscalls: update tables
  * missing-syscalls: do not generate trailing empty line
  * NEWS: add items since -rc2
  * hwdb: update for v248
  * timedated: fix skipping of comments in config file
  * pid1: return varlink error on the right connection
  * varlink: avoid using dangling ref in varlink_close_unref()
  * oomd: "downgrade" level of message
  * logind: add …WithFlags methods to policy
  * sd-netlink: use structured initialization
  * sd-netlink: use setsockopt_int() also for NETLINK_ADD/DROP_MEMBERSHIP
  * sd-netlink: shorten things a bit
  * Merge pull request #18942 from keszybz/sd-netlink-prettification
  * Merge pull request #18553 from Werkov/cgroup-user-instance-controllers
  * Revert "udev: do not execute hwdb builtin import twice or thrice"
  * fstab-generator: do not propagate error if we fail to canonicalize
  * udev: add default group for sgx enclave access
  * generators: warn but ignore failure to write timeouts
  * shared/fstab-util: immediately drop empty options again
  * basic/extract_word: try to explain what the various options do
  * basic/extract-word: allow escape character to be escaped
  * basic/extract-word: rename flag
  * shared/fstab-util: pass through the escape character
  * shared/fstab-util: teach fstab_filter_options() a mode where all values are returned
  * fstab-generator: get rid of fstab_extract_values()
  * Merge pull request #18962 from poettering/dissect-fixes
  * docs: more markup
  * basic/group-util: optimize alloca use
  * Merge pull request #18955 from keszybz/fstab-escaping
  * Merge pull request #18915 from keszybz/reexec-bug
  * NEWS: update contributors list for v248-rc3
  * man: also refname rc-local.service to the generator man page
  * man: sd_bus_message_reply()→sd_bus_message_send()
  * man: fix html links to two external man pages
  * man: mention network-online.target in discussion of rc.local
  * Rename test-nss to test-nss-hosts
  * shared/calendarspec: abort calculation after 1000 iterations
  * shared/calendarspec: constify parameter and simplify assignments to variable
  * test-calendarspec: print offending line in output
  * test-calendarspec: do not convert timezone "" to ":"
  * Merge pull request #19058 from bugaevc/log-open-protect-errno
  * Partially revert "correct incorrect command in NEWS (#19048)"
  * Reword and reindent comment
  * man: say that .device units need udev
  * shared/calendarspec: when mktime() moves us backwards, jump forward
  * Merge pull request #19075 from keszybz/calendarspec-loop
  * sd-event: disable epoll_pwait2 for now
  * test-nss-users: add new nss test that resolves users and groups
  * test-nss-hosts: use _cleanup_, fix return value, assert on allocations
  * test-nss-hosts: make buffer size configurable too and document it
  * Merge pull request #19112 from poettering/more-stub-fixes
  * docs: link to stable releases in the bug template
  * config files: recommend systemd-analyze cat-config
  * Add READMEs in all .d directories
  * basic/log: fix log_trace()
  * resolvectl: reword note about "raw record types"
  * resolved: split out function to determine the local llmnr hostname
  * resolvectl: do not warn about single hostnames for names we synthesize
  * test-random-util: modernization
  * test-random-util: add stochastic test for random_u64_range()
  * basic/fileio: simplify calculation of buffer size in read_full_virtual_file()
  * basic/fileio: optimize buffer sizes in read_full_virtual_file()
  * basic/fileio: use malloc_usable_size() to use all allocated memory
  * tests: drop calls to unsetenv SYSTEMD_MEMPOOL
  * Merge pull request #19125 from keszybz/cat-config
  * Merge pull request #19129 from keszybz/test-random-range
  * resolvectl: suppress warning about --type for names with a dot
  * Merge pull request #19116 from keszybz/readvirtualfile-opt
  * mailmap: two more names
  * git-contrib: use non-breaking spaces in names
  * NEWS: update contributor list for v248 final
  * hwdb: update for v248
  * hwdb: update fingerprint autosuspend rules
  * selinux: do not crash if policy becomes unavailable after reload
  * oomd: fix iteration over candidates to kill
  * basic/fileio: fix reading of not-too-small virtual files
  * test-fileio: test for read_full_virtual_file()
  * Merge pull request #18777 from yuwata/network-set-ifname-to-engines
  * Merge pull request #18850 from yuwata/sd-device-monitor-cleanups
  * Merge pull request #18886 from anitazha/shutdownconsole
  * Merge pull request #18958 from poettering/dissect-no-root
  * Merge pull request #18982 from keszybz/test-nss-users
  * Merge pull request #18989 from yuwata/ordered-set-put-strdup
  * Merge pull request #18990 from yuwata/network-dhcpv6-use-domains
  * Merge pull request #19064 from yuwata/resolve-fix-cache-19049
  * Merge pull request #19109 from poettering/resolved-transaction-log-tweaks
  * rpm: when disabling a unit, do not complain if systemd is not running
  * nss-resolve: fix parsing of io.systemd.Resolve.ResolveAddress reply
  * nss-resolve: define variables in the body
  * resolved: drop unnecessary {}
  * basic/socket-util: add hint to silence gcc's maybe-unitialized warning
  * basic/fileio: silence gcc's maybe-unitialized warning
  * sd-bus: add assert to tell the compiler that the error code is positive
  * sd-bus: add asserts showing that sd_bus_error_setf() returns negative
  * man: split the description of sd_bus_error_set()
  * varlink: use two local flag variables to silence gcc warning
  * sd-event: silence gcc's maybe-unitialized warning
  * basic/cgroup-util: silence gcc warning about unitialized variable
  * test-capability: silence gcc warning
  * shared/conf-parser: fix unitialized variable
  * shared/bus-message-util: silence gcc warning
  * core: silence gcc warning
  * shared/pretty-print: silence gcc warning
  * systemctl: silence gcc maybe-unused warning
  * cryptsetup: silence gcc maybe-unused warning
  * basic/env-util: silence two gcc warnings
  * sd-device: header needs an include because it uses sd_device type
  * test-device-util: let's verify that we return proper error from log_device_*
  * backlight: refactor get_max_brightness() to appease gcc
  * sd-netlink: drop unnecessary forward declaration
  * shared/dissect-image: silence gcc warning
  * various: silence gcc warnings
  * resolved: avoid passing unitialized variable
  * test-process-util: getpid_cached() → 0
  * Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
  * libudev: fix return of udev_monitor_filter_add_match_subsystem_devtype()
  * Merge pull request #18717 from yuwata/sd-device-monitor-introduce-more-filters
  * Merge pull request #19126 from anitazha/oomdimprovements
  * Merge pull request #19135 from bluca/coredump_decode
  * shared/base-filesystem: modernization
  * sd-device: small modernization
  * tree-wide: use the same comment for work-around initializations
  * tree-wide: sd_bus_error_setf → set_bus_error_set
  * sd-bus: make sd_bus_error_set() more like sd_bus_error_setfv()
  * shared/format-table: rework loop
  * shared/format-table: use goto to make code flow clear
  * core: fix memleak of ipc_namespace_path
  * tmpfiles: rework condition check
  * man: fix quickhelp listing in tmpfiles.d(5)
  * TEST-22-TMPFILES: add reproducer for bug with X
  * tests: make inverted tests actually count
  * TEST-22-TMPFILES: fix broken test exposed by condition check fix
  * TEST-33-CLEAN-UNIT: fix broken test exposed by condition check fix
  * timedatectl: rework handling of conditions in print_status_info()
  * basic/strbuf: use _cleanup_
  * home: use goto to make it clear that variables are initialized
  * meson: re-enable -Wmaybe-uninitialized on -O[02] with recent gcc versions
  * Merge pull request #19237 from yuwata/udev-builtin-net-id-follow-ups-for-19017
  * sd-bus: make sd_bus_is_{ready,open} accept NULL
  * networkd: simplify sd_bus_is_ready() checks
  * tmpfiles: make handling of existing-but-different targets more consistent
  * TEST-42-EXECSTOPPOST: un-invert test
  * TEST-*: make failure tests actually fail on failure
  * TEST-*: use spacing before redirection operator, but not after
  * TEST-43: fix exit condition testing
  * TEST-44: fix test
  * homectl,TEST-46: fix test and fix homectl return value, update docs
  * TEST-46: simplify lossy diff invocation
  * TEST-17: make the test test
  * Merge pull request #19250 from keszybz/sd-bus-is-ready-simplification
  * Merge pull request #19226 from keszybz/reenable-maybe-unitialized-warning
  * Merge pull request #19248 from keszybz/make-tests-test
  * Merge pull request #19255 from poettering/glyph-love
  * Merge pull request #19254 from poettering/native-journal-proto-doc
  * docs: use new URL for package-notes
  * man: document system-systemd\x2dcryptsetup.slice
  * Merge pull request #19243 from bluca/lgtm
  * Merge pull request #13496 from wat-ze-hex/custom-bpf-progs-parameterized-3
  * meson: do not fail if rsync is not installed with meson 0.57.2
  * Merge pull request #19266 from mrc0mmand/testsuite-shellcheck
  * bpf-devices: update comment
  * meson: simplify the BUILD_MODE conditional
  * libsystemd-network: fix dhcp option buffer confusion
  * sd-device: improve log message and tweak style
  * partition, random-seed, logind: fix log messages with %m
  * basic/log: force log_*_errno() to return negative
  * basic/log: assert that %m is not used when error is not set
  * Merge pull request #19302 from bluca/uninit
  * basic/log: assert that 0 is not passed as errno, except in test code
  * shared/module-util: fix errno value passed to log function
  * Do not try to return 0 from log_debug()
  * journald: fix %m usage
  * Voidify log_link_debug
  * Check that errno passed log_{interface,link}_*_errno() is non-zero
  * libsystemd-network: use macro for definitions of log_{lldp,dhcp,…}_errno
  * libsystemd-network: check that errno==0 is not passed to log functions
  * libsystemd-network: fix dhcp option buffer confusion
  * udev/cdrom_id: do not pass ioctl return value to log_debug_errno()
  * udev/cdrom_id: drop unnecessary cleanup and simplify loop
  * meson: reindent
  * meson: fold static libsystemd and libudev into the generic status line
  * meson: reorder the "features" list
  * meson: output one "item" for DNS-over-TLS
  * core/selinux: fix wrong assertion when 0 is passed to log_debug
  * Voidify log_{device,token,rule}_debug()
  * Assert zero is not passed to log_{device,rule,token}_*_errno()
  * Merge pull request #19310 from yuwata/network-dhcp-anonymize
  * Merge pull request #19290 from yuwata/network-dhcp-do-not-configure-twice
  * udev/cdrom_id: use random_u64_range() and tweak log messages
  * logind: tweak log message
  * basic/log: change error for unset errno to ESTRPIPE
  * Merge pull request #19330 from mrc0mmand/shellcheck-pt2
  * udev/cdrom_id: add forgotten return and fix typo
  * man: dedent examples in sd-id128 to 2 columns
  * man: mention sd_id128_is_allf(), SD_ID128_ALLF
  * sd-id128: add convenience functions to compare multiple sd_id128_t
  * partition,shared/gpt: use sd_id128_in_set()
  * repart: reword log message
  * Merge pull request #19370 from mrc0mmand/shellcheck-pt4
  * Merge pull request #19362 from yuwata/network-dhcp6-pd-log-19354
  * Merge pull request #19387 from poettering/discoverable-part-fix
  * TEST-58: execute the right test
  * TEST-58: adjust whitespace and enable pipefail
  * tests: install mkfs.ext4, mkfs.vfat and modules into the test image
  * TEST-58: remove stale artifacts to not fail on repeated invocations
  * TODO: add some items for repart
  * core: fix typos in comment
  * various: print the image path when setting up of the loopback device fails
  * test: move the logic to support /skipped into shared logic
  * TEST-58: only run under qemu
  * TEST-58: exit immediately if systemd-repart is not available
  * core/service: fix deserialization of non-absolute commands
  * core/service: also reject deserialized commands with no argv[0]
  * tests: use setfacl to give $SUDO_USER read permissions on artifacts
  * Merge pull request #19286 from yuwata/network-dhcp-routes-to-dns-19077
  * test-unit-serialize: add a very basic test that command deserialization works
  * Merge pull request #19416 from mrc0mmand/test-id-detection
  * Merge pull request #17655 from wat-ze-hex/bpf-build-rule
  * mkosi,man: bump fedora version
  * hwdb-test: pass an explit path to systemd-hwdb
  * mkosi: do not pull in perl dependencies
  * basic/missing-syscalls: only emit one warning about missing numbers
  * basic/missing-syscall: add numbers for riscv (64-bit)
  * basic/missing-syscall: sort syscalls alphabetically and add numbers for mount_setattr, move_mount, open_tree
  * basic/missing-syscall: add regen instructions
  * basic/unit-file: ignore any hidden files immediately
  * test: properly catch tests error with no /testok or empty /failed
  * TEST-15: use ${:?} and shorten things a bit
  * manager: emit a message when we fail to create manager because /run is not set up
  * TEST-15: add forgotten file cleanup
  * test-unit-file: enable colors
  * meson: make one check shorter
  * core: minor simplification
  * core/cgroup: use assert_se() more
  * core: remove spurious % in dump string
  * basic/io-util: invert return value from IOVEC_INCREMENT()
  * resolved: directly initialize iovec array
  * basic/io-util: move iterator variable declarations into loop headers
  * basic/log: directly initialize iovec arrays
  * core/cgroup: remove some unnecessary variables
  * core/automount: drop unecessary cast
  * basic/unit-file: fix detection of instance aliases
  * TEST-15: add test for template aliases
  * tests: use "H" as the hostname
  * Merge pull request #19454 from keszybz/assorted-cleanups
  * Merge pull request #19453 from keszybz/consider-instance-aliases
  * basic/escape: add mode where empty arguments are still shown as ""
  * basic/escape: always escape newlines in shell_escape()
  * basic/string-util: split out helper function
  * basic/string-util: inline iterator variable declarations
  * basic/string-util: simplify how str_realloc() is used
  * basic/escape: escape control characters, but not utf-8, in shell quoting
  * basic/fileio: add a mode to read_full_virtual_file() where not the whole file is read
  * test-fileio: modernization
  * basic/escape: flagsify xescape_full()
  * basic/escape: allow truncation mode where "…" is always appended
  * test-utf8: hide most output by default
  * basic/process-util: allow quoting of commandlines
  * test-process-util: add more debug logging but hide most of it by default
  * test-process-util: run fewer getpid() tests
  * basic/process-util: add mode where posix shell escape is used for quoting
  * test-process-util: add test that prints all cmdlines
  * man: add an example of coredumpctl output
  * coredump: use "POSIX quotes" for cmdline
  * core,journald: use quoted commandlines
  * Make unit_name_to_instance() return UnitNameFlags
  * basic/time-util: use _cleanup_ in one more place
  * core: fix crash in parsing of SocketBind{Allow,Deny}=
  * core: fix potential crash in BPFProgram=
  * core: use the same pattern for extract_first_word() checks
  * basic/log: use SYNTHETIC_ERRNO in one more place
  * core: fix crash in BPFProgram parsing
  * fuzz-journald-kmsg: silence output as usual
  * sd-device: do no allocate strings of unknown length on the stack
  * sd-device: use memdupa_suffix0() where appropriate
  * sd-device: reject empty driver name
  * Let "upstream" test use upstream test runner
  * Merge pull request #19391 from poettering/dissect-grow
  * Merge pull request #19134 from poettering/outbound-special-hostname
  * Merge pull request #19556 from lucasrangit/network-wifi-interface-type-typos
  * Merge pull request #19542 from yuwata/unit-after-socket
  * cryptsetup: initialize variable
  * cryptsetup: fix flags check
  * meson: rework test-efi-disk.img creation to not require variables
  * test-efi-create-disk: shellcheckify
  * test-efi-create-disk: support /boot/efi
  * Merge pull request #19506 from xnox/ship-stub-elf
  * Merge pull request #18986 from poettering/oomd-varlink-fix
  * timedated: make ntp_synced() static
  * sd-event: tweak comments
  * docs/HACKING: wrap long lines
  * test-bpf-foreign-programs: fix message
  * core/service: modernization
  * core: disable event sources before unreffing them
  * Merge pull request #19533 from yuwata/network-queue
  * Merge pull request #19567 from poettering/ipv4-ipv6-lowercase
  * sd-event: add more asserts about event source integrity
  * core/service: rework management of exec_fd event source
  * tools/make-directive-index: parallelize
  * Merge pull request #19592 from yuwata/network-introduce-describe-bus-method
  * man: reorder items in [DHCPv4] and [DHCPv6] sections
  * man: reword descriptions of two DHCPv4 options
  * meson: call find_program() once and reuse the variable everywhere
  * meson: print autodetected sbat fields
  * resolved: indent tables for readability
  * resolved: make counter for n_auxiliary_queries smaller
  * resolved: make counter for redirects smaller
  * resolved: pahole optimization for DnsQuery
  * resolved: shorten dns_name_count_labels()
  * resolved: use narrower types for label counts in rr
  * resolved: rearrange DnsResourceRecord for better layout
  * resolved: optimize layout of DnsTransaction
  * resolved: optimize layout of DnsPacket
  * resolved: drop pointless bitfield on a lone bool
  * resolved: inline iterator variable declarations
  * meson: revert the change to unquote commands in add_install_script
  * Revert "tools/make-directive-index: parallelize"
  * resolved: fix braino with reference counting and linked lists
  * Merge pull request #19612 from keszybz/meson-0.58-quieting
  * mkosi: stop pulling in workaround packages
  * test/run-unit-tests: make script compatible with python3.6
  * modules-load: inline interator variable
  * meson, mkosi: pull in jinja2 as required
  * meson: replace some m4 templates with jinja2
  * meson: use jinja2 for unit templates
  * units: strip out the developer comment in .service unit again
  * meson: drop unnecessary listification
  * meson: use jinja2 for tmpfiles.d templates
  * meson: use jinja2 for src/login
  * meson: use jinja2 for the gperf template
  * meson: use jinja2 for README
  * Drop dependency on m4
  * meson: use custom configuration_data() object for man/man and man/html helpers
  * meson: use jinja2 for rules.d templates
  * meson: use conf configuration_data object to generate test-sysusers.sh
  * meson: use jinja2 in sysctl.d/
  * meson: use jinja2 in src/vconsole
  * meson: use jinja2 in src/udev
  * meson: use jinja2 in src/timesync/
  * rpm: use %_bindir not @bindir@
  * meson: use jinja2 for rpm templates
  * meson: use jinja2 for src/resolve/
  * meson: use jinja2 for src/libudev/
  * meson: use jinja2 for various files in src/core/
  * meson: use jinja2 in src/libsystemd/
  * meson: use jinja2 in src/journal-remote
  * efi: use meson object directly instead of going through 'substs'
  * meson: use jinja2 in shell-completion/
  * meson: drop "substs"
  * meson: use jinja2 also for custom-entities.ent
  * meson: drop "_YES_NO" variables
  * man: use readable names for entities
  * meson: sort conf paths alphabetically
  * units: generate ReadWritePaths= in the template
  * ci: drop py2 lxml, pull in jinja2
  * meson: add workaround for old meson
  * docs/HACKING: add note about template engines
  * mkosi/fedora: drop python3-devel req
  * mkosi/fedora: use pkgconfig virtual provides to refer to packages
  * mkosi: stop pulling in vi
  * docs: use {% raw %} to wrap jinja2 tags in documentation
  * docs: prettify two external links
  * test: enable fuzz regression tests by default
  * man: reorder fields in os-release
  * man: add an example how to correctly read os-release in shell
  * man: add example os-release mangling in python
  * man: reword description of BUILD_ID in os-release
  * units: skip some units in the initrd
  * man: say that initrd-release is like os-release
  * man/check-os-release.py: strip trailing whitespace
  * man/check-os-release.py: ignore comment and empty lines
  * man/check-os-release.*: allow ID_LIKE to have multiple values
  * Merge pull request #19701 from yuwata/network-udev-do-not-manage-loopback-interfaces
  * sysusers: reduce scope of variables and drop unnecessary initializations
  * sysusers: add debug lines to failing getent/putent operations
  * basic: allow copy_rights() to work without mounted /proc
  * sysusers: make sysusers work with dnf --installroot
  * systemctl: avoid crash when pattern expands to empty unit list
  * Merge pull request #19709 from keszybz/sysusers-no-proc
  * systemctl: put static destructor in the order of variables
  * tty-ask-password-agent: mention optional argument in help
  * tty-ask-password-agent: highlight summary in help
  * tty-ask-password-agent: log when starting a query on the console
  * pid1: remove dot from initial announcement
  * systemctl: unset const char* arguments in static destructors
  * journal-remote: downgrade messages about input data to warnings
  * fuzz-journal-remote: print some kinds of errors
  * pam: do not require a non-expired password for user@.service
  * varlink: say "varlink:" instead of "n/a:" when no description is available
  * varlink: remove duplicated "varlink:" prefix
  * TODO: add entry about alias logging
  * core: split out core/manager-dump.[ch]
  * core: show manager version in dump
  * various: don't say that the timestamp 'changed' on initial load
  * tmpfiles: stop complaining about autofs on not-found paths
  * NEWS: adjust grammar and other small changes
  * docs/ARCHITECTURE: more markup and unicode
  * core: update comment
  * tools/analyze-dump-sort: a helper to compare two 'systemd-analyze dump' outputs
  * basic/glob-util: add helper to strip the glob part from a glob
  * tmpfiles: do not check if unresolved globs are autofs paths
  * TODO: coalesce entries for tmpfiles
  * core: drop bitfields in VTable object
  * core/bpf: add forgotten %m
  * core: downgrade errors about BPF loading when called from socket_bind_supported()
  * units: stop automount unit when shutting down
  * core: disable "update" units in the initramfs
  * install: allow adding plain templates to .wants/ or .requires/
  * man: explain ConditionNeedsUpdate a bit more
  * core: do not serialize mounts and automounts for switch-root
  * resolved: fix strange function recursion
  * test-libcrypt-util: print out default for password settings, run make_salt() a few times
  * networkd: reorder conditional to handle errors first
  * core/serialization: call exec_runtime_deserialize_compat() independently of whether .serialize is defined
  * shared/install: ignore failures for auxiliary files
  * shared/install: remove custom error handling in unit_file_preset_all()
  * shared/install: improve message about template mismatch
  * networkd: drop one workaround initialization
  * test-capability: drop work-around initialization
  * cryptsetup: remove unitialized workaround
  * Merge pull request #19871 from yuwata/man-network-missing-settings
  * core/dbus: rename internal variable for clarity
  * shared/install: pass UnitFileFlags down into the call chain
  * shared/install: ignore enablement of template units w/o instance when presetting
  * test-stat-util: add standard test logging
  * test-stat-util: add a very basic test for test_path_is_read_only()
  * core/serialization: drop misleadingly-named unit_can_serialize()
  * core/serialization: shorten code, treat all oom error the same
  * core/serialize: drop bogus deserialization of ipcns sockets
  * Merge pull request #19870 from keszybz/install-foo-again
  * Merge pull request #18851 from yuwata/dissect-try-to-find-partition-on-timeout
  * test-stat-util: don't fail under chroot
  * man: clarify that global search domains apply to global servers, not all interfaces
  * Merge pull request #19882 from keszybz/test-stat-util-more
  * docs: update coding style a bit
  * test/TEST-17-UDEV: use default image
  * sd-id128: add SD_ID128_MAKE_UUID_STR
  * basic/efivars: replace dynanamic creation of efivar names with static strings
  * Inline some inerator variables
  * bootctl: print SystemdOptions from efivarfs if newer than our cache
  * Merge pull request #19945 from yuwata/news
  * sd-device: let device_set_subsystem() accept NULL
  * sd-device: let device_set_driver() accept NULL too
  * meson: allow "soft-static" allocations for uids and gids in the initrd
  * Merge pull request #19977 from yuwata/nspawn-fix-strextend
  * test-mount-util: add usual print headers
  * test-mount-util: add output test for mount_flags_to_string()
  * meson: sort file list
  * basic,shared: move make_mount_point_inode_*() to shared/
  * basic/unit-name: do not use strdupa() on a path
  * basic/unit-name: adjust comments
  * man/50-xdg-data-dirs: add quotes as suggested by shellcheck
  * TODO: elide initrd-parse-etc.service if possible
  * test-path-util: check that dot components are irrelevant for path comparisons
  * basic: drop one btrfs-related function and move another
  * basic,shared: move quota-util.[ch] to src/shared/
  * Move hwdb creation code to src/shared/
  * basic: move acquire_data_fd() and fd_duplicate_data_fd() to new data-fd-util.c
  * basic,shared: move dlopen helpers to shared/
  * basic,shared: move a bunch of files to src/shared/
  * meson: drop libseccomp and libselinux from libbasic linkage
  * dlfcn-util: invert function naming and add helper that does the whole job
  * various: convert to the new dlopen_or_warn() helper
  * shared/tpm2-util: simplify and convert to the new helper
  * shared/dlfcn-util: add sentinel helper or for dlsym_many_or_warn()
  * shared/selinux-util: rework switching of the getenforce() function
  * gitignore: add jekyll cache directory
  * test-hash-funcs: add new file to test that path set ignores dot components
  * core: avoid calling path_simplify() unnecessarilly for u.requires_mounts_for keys
  * Merge pull request #19997 from keszybz/selinux-opt
  * Merge pull request #20004 from yuwata/readdir-ensure-type
  * Merge pull request #19941 from bluca/condition_os_release
  * Merge pull request #19883 from ddstreet/activation-policy-down-required-for-online-no
  * Merge pull request #19312 from yuwata/udev-escape-slash-nvme
  * Merge pull request #20023 from yuwata/re-enable-nosuid-mount-flag
  * dbus-socket: fix check of Listen* arguments
  * hwdb: update
  * hwdb: update autosuspend
  * NEWS: update with net-naming scheme changes and ConditionOSRelease
  * NEWS: update contributor list for v249-rc2
  * Merge pull request #20028 from keszybz/hwdb-update-v249
  * man/dnssec-trust-anchors: update comment syntax description
  * man: add markup to dns resource record labels
  * man: add "DNS resource record types" section
  * core: rework unit printing and implement 'combined' format
  * core: add default descriptions for slices
  * logind, units: unit Descriptions should be capitalized
  * units: adjust Descriptions of various units
  * units: shorten description of kmod-static-nodes.service
  * core: supress description in status if same as id
  * units: adjust description of systemd-update-utmp.service
  * Merge pull request #20021 from wat-ze-hex/socket-bind-ip-proto-2021-06-23
  * core: emit nicer log message for exiting ConditionExec processes
  * core/cgroup: inline more iterator variable declarations
  * Merge pull request #20074 from yuwata/fix-typo
  * core/cgroup: upgrade log level when we fail to rescope a pid
  * Revert "Introduce ExitType"
  * Merge pull request #20020 from anitazha/oomd_with_mem
  * Merge pull request #19980 from yuwata/sd-ipv4acd-filter-all-hwaddr
  * Merge pull request #20076 from keszybz/improve-logs-for-exec-condition-and-rescoping
  * Merge pull request #20030 from keszybz/exec_fd-event-source
  * Merge pull request #20058 from keszybz/status-format
  * Merge pull request #20080 from bluca/core_flag
  * Merge pull request #20066 from ddstreet/get-timezones
  * NEWS: add news entry for status-unit-format=combined
  * NEWS: update contributor list for v249-rc3
  * NEWS: fix misplaces parenthesis
  * time-util: add variant of timezone_is_valid() that returns errno
  * test-time-util: skip missing timezones
  * test-time-util: log less verbosely
  * Merge pull request #20083 from yuwata/network-ipv4acd-follow-ups
  * core: add comment explaining event source deallocation
  * Merge pull request #20091 from keszybz/test-time-util-skip-missing-timezone
  * core: always set output arg in unit_status_string()
  * Merge pull request #20108 from yuwata/network-fix-ndisc-and-dhcp6-issue-20050
  * Merge pull request #20092 from fbuihuu/tag-xgi-z7z9-graphic-chip-as-master-of-seat-take2
  * tmpfiles: fix borked assert
  * NEWS: add old entry about Type=ether
  * basic/time-util: fix errno name
  * meson: install the right README file in modprobe.d
  * Merge pull request #20145 from bluca/prep
  * test-escape: add usual debug headers
  * test-ether-addr-util: add a simple test that HW_ADDR_TO_STR works with nesting
  * basic/time-util: add FORMAT_TIMESTAMP
  * tree-wide: use FORMAT_TIMESTAMP()
  * sd-journal: add FORMAT_TIMESTAMP_SAFE()
  * tree-wide: add FORMAT_TIMESPAN()
  * tree-wide: add FORMAT_TIMESTAMP_RELATIVE()
  * shared/format-table: allocate buffer of sufficient size
  * tree-wide: add FORMAT_TIMESTAMP_STYLE()
  * Inline some iterator variables
  * tree-wide: add FORMAT_BYTES()
  * import: use SYNTHETIC_ERRNO in one more place
  * basic/macro: make CONST_MAX(DECIMAL_STR_MAX(…), STRLEN(…)) possible
  * cgtop: use anonymous buffers for formatting of bytes and timespans
  * tree-wide: add FORMAT_BYTES_FULL()
  * Replace format_bytes_cgroup_protection with FORMAT_BYTES_CGROUP_PROTECTION
  * meson: re-enable -Wunused-result with clang
  * basic/{time,format}-util: warn when format result is unused
  * basic/time-util: indentation
  * tree-wide: do not use (void) asprintf
  * shared/killall: replace one trivial asprintf with xsprintf
  * networkd: replace one trivial asprintf with xsprintf
  * networkd: minor refactoring
  * basic/escape: add helper for quoting command lines
  * core: use the new quoting helper
  * sd-bus: print quoted commandline when in bus_socket_exec()
  * sd-bus: print debugging information if bus_container_connect_socket() fails
  * sd-bus: allow numerical uids in -M user@.host
  * shared/format-table: fix invalid free
  * basic/escape: use _cleanup_ in one more place
  * tree-wide: make cunescape*() functions return ssize_t
  * nspawn: inline one iterator variable declaration
  * xdg-autostart: minor refactoring
  * core: drop unnecessary initialization
  * creds: drop unnecessary initialization
  * networkd: add shared parser for mud urls
  * creds: fix leak of arg_tpm2_device
  * systemctl: show error when help for unknown unit is requested
  * core: split out manager-serialize.[ch]
  * core: modernize asprintf error handling
  * core: align string tables
  * core: add helper to retrieve service.status_text
  * manager: always log when starting a "special unit"
  * manager: rework sending of STATUS=
  * manager: print status text of the service when waiting for a job
  * core/main: wrap long comment lines
  * networkd: fix and simplify format_lifetime()
  * udev-event: drop unused assignments
  * basic/time-util: inline one more variable declaration
  * Merge pull request #20256 from keszybz/one-alloca-too-many
  * Merge pull request #20087 from xen0n/loongarch64-gpt
  * rpm: don't specify the full path for systemctl and other commands
  * pid1: propagate the original command line when reexecuting
  * Merge pull request #20103 from flokli/nsswitch-nss-myhostname
  * basic/fd-util: sort the 'except' array in place
  * Make oom_score_adjust_is_valid() static
  * basic/process-util: use xsprintf() in one more place
  * Move fork_agent() into shared/
  * Move freeze() into shared/
  * Add variant of close_all_fds() that does not allocate and use it in freeze()
  * rpm: use a helper script to actually invoke systemctl commands
  * rpm: call +needs-restart in parallel
  * rpm: restart user services at the end of the transaction
  * update-helper: also add "user-reexec" verb
  * udev: when setting up lo, do not return an error
  * man: fix assorted issues reported by the manpage-l10n project
  * man: use title of docs/ pages when referring to them
  * man/tmpfiles.d: rewrite the description of age-by
  * meson: require 0.53.2 and drop some workarounds for old meson
  * meson: use project_build_root
  * meson: adjust comment about find_program() usage
  * meson: use maps for udev program paths
  * meson: use a/b instead of join_paths(a,b)
  * meson: use alias_target in one place
  * meson: use alias_target for doc update commands
  * meson: use meson's summary()
  * man/systemctl: rework descriptions of bind and mount-image
  * systemctl: allow set-property to be called with a glob pattern
  * Drop the text argument from assert_not_reached()
  * basic/log: use appropriate glyph in log_assert_failed_unreachable()
  * veritysetup: print help for --help/-h/help
  * man: describe veritysetup command syntax
  * Merge pull request #19944 from yuwata/network-radv-introduce-uplink-interface
  * units: make sure systemd-tmpfiles-{setup,clean} don't survive switch-root
  * basic/log: use structured initialization, drop unused initialization
  * basic/log: invert loop to avoid repeated evaluation of condition
  * cryptsetup-tokens: inline one interator variable declaration
  * test-log: move logging call where we can still see it
  * udev-builtin-input_ic: simplify loop in test_key()
  * udev/builtins: inline iterator variables and other small modernizations
  * udev/builtins: make skip_subsystem() and skip_virtio() alike
  * Merge pull request #20399 from mrc0mmand/test-tweaks
  * Merge pull request #20395 from takaswie/topic/correct-ieee1394-hwdb-entries
  * fstab-generator: put What= before Where=
  * Add implicit sentinel to strv_env_merge()
  * test-env-util: extend the test for strv_env_merge() a bit
  * basic/env-util: add a mode where we pull in the variable value from environment
  * nspawn: allow --setenv=FOO as equivalent to --setenv=FOO=$FOO
  * homectl: allow --setenv=FOO
  * run: allow --setenv=FOO
  * machinectl: allow --setenv=FOO
  * activate: use global variable instead of passing char **envp around
  * activate: simplify/rework implementation of --setenv
  * man: fix minor grammar issue
  * docs: adjust sentece, fix minor typo
  * man: adjust the description of extension-release.*
  * meson: capitalize the last instance of "efi"
  * mkosi: drop the code to determine nobody user name
  * mkosi: make mkosi.build shellcheck-clean
  * gitignore: only ignore *local*.conf" under mkosi.default.d/
  * mkosi: move distro files to mkosi.default.d/
  * Merge pull request #20629 from keszybz/mkosi-host-distro-by-default
  * docs: portablectl is in bin/
  * docs: polish the text about Portable Services a bit
  * Merge pull request #20681 from weblate/weblate-systemd-master
  * Drop bundled copy of linux/if_arp.h
  * meson: fix creation of man pages indices
  * smack: move helper function to smack-util.c
  * meson: ignore -Dsmack-run-label= if -Dsmack=false
  * Merge pull request #20767 from bluca/portable_extract_selinux
  * variuos: add missing includes
  * Define ioprio_{get,set} the same as other compat syscalls
  * Get rid of ioprio.h and add a minimalistic reimplementation of the api
  * man: cross-reference DeviceAllow= and PrivateDevices=
  * docs: add spdx tags to all .md files
  * man: minor grammar fixups in systemd-cryptenroll
  * man: refresh description of sysvinit compat for services
  * man: mention pages with more settings at end of each option list
  * Merge pull request #20849 from keszybz/man-page-tags-and-links
  * netif-naming: inline one iterator variable
  * Merge pull request #20837 from bluca/coveralls
  * meson: drop the list of valid net naming schemes
  * meson: allow extra net naming schemes to be defined during configuration
  * Merge pull request #20894 from andir/editorconfig
  * licensing: say that our github docs are LGPLv2.1+
  * github: use the same headers on yaml files
  * ci: use LGPLv2+ for all our ci configuration
  * licensing: add missing license headers on translation files
  * licensing: add header to POTFILES.in
  * licensing: add spdx to our .cocci files
  * licensing: add spdx header to chromiumos helper, move license file
  * licensing: add missing header to one .network file
  * licensing: add forgotten spdx headers
  * xorg/50-systemd-user: add a full license header
  * man: add discussion of read-only filesystem support in daemons
  * test-id128: split into functions and add the usual headers
  * Add benchmark for sha256 calculations
  * Merge pull request #20744 from yuwata/udev-netlink
  * Merge pull request #20853 from yuwata/network-radv-set-default-timeouts
  * shared/dissect-image: reword debug message
  * coredumpctl: stop truncating information about coredump
  * Merge pull request #20987 from yuwata/sd-dhcp6-enum-cleanups
  * Merge pull request #20996 from yuwata/udevadm-trigger-debug
  * Merge pull request #20980 from bluca/compat_readme
  * gitattributes: mark fuzz inputs that are pure binary as such
  * licensing: add two missing spdx headers
  * bpf: fix SPDX short identifier for LGPL-2.1-or-later
  * tests: add spdx license header to test unit/link/network/conf files
  * tests: add spdx headers to scripts and Makefiles
  * tests: use !/usr/bin/env bash consistently
  * gitattributes: mark more files as "binary"
  * gitattributes: introduce and use "generated" attribute
  * TEST-06-SELINUX: add the usual spdx license header to policy files
  * fuzz-fido-id-desc: drop unused case file
  * licensing: add a license file for the fonts we carry
  * docs: mark spdx headers with the default license to website files
  * Merge pull request #21038 from yuwata/network-dhcp6-pd-fix-address-check
  * Merge pull request #21036 from yuwata/network-dhcp6-pd-manage-prefix-with-hashmap
  * Merge pull request #21037 from yuwata/network-dhcp6-pd-simplify-distribute
  * Merge pull request #20988 from DaanDeMeyer/rotate-reason
  * efi: drop two unused variables
  * efi: check input parameter
  * Merge pull request #21065 from keszybz/efi-warnings
  * Merge pull request #21126 from bluca/meta_arch
  * Merge pull request #21147 from DaanDeMeyer/hacking-docs
  * procfs-util: fix confusion wrt. quantity limit and maximum value
  * test-process-util: also add EROFS to the list of "good" errors
  * CODING_STYLE: allow joined variable declarations and function calls
  * tree-wide: warn when sd_notify fails with READY=1 or FDSTOREREMOVE=1
  * journald: modernize code to send notifications
  * tree-wide: drop "f" from sd_notify() calls with a static string
  * manager: fix confusion when to send READY=1
  * Make pager_open() return void
  * shared/bus-util: make bus_log_*_error() functions functions
  * busctl: do not print hint about -M if -M is already used
  * tree-wide: do not print hint about -M if -M is already used
  * update-helper: add missing loop over user units
  * Merge pull request #21225 from medhefgo/boot-cleanup
  * meson-render-jinja2: use ast.literal_eval()
  * Merge pull request #20056 from calestyo/split-up-sysusers.d-systemd.conf.in
  * Merge pull request #20813 from unusual-thoughts/exittype_v2
  * makefs: reindent mkfs calls to follow the same style
  * makefs: also set uuid/label for ext2/ext3
  * Merge pull request #21272 from yuwata/netif-util-split
  * Merge pull request #21271 from yuwata/ether-addr-util-helper-functions
  * Merge pull request #21287 from yuwata/man-network-condition
  * binfmt: fix exit value
  * binfmt: unparenthesize a bit
  * core/cgroup: use helper macro for bfq conversion
  * makefs: supress mkfs output, but print one line on success
  * basic/utf8: inline some iterator variables
  * Merge pull request #21321 from yuwata/ether-addr-fix-local
  * binfmt: add logging information
  * seccomp: move mprotect to @default
  * meson: drop mode setting on systemd-update-helper
  * basic/errno-util: adjust indentation
  * man: add markup
  * units: delay binfmt processing until after local-fs.target
  * analyze: fix memleak
  * Merge pull request #21373 from poettering/filesystems-more-groups
  * basic/generate-fs-switch-case: inline comments
  * analyze: add --quiet option
  * analyze: clarify return value
  * shell-completion: fix indentation
  * zsh: add hints for more systemd-analyze verbs and options
  * zsh: drop unused code
  * basic: cramfs is also a read-only fs
  * basic: f2fs can do discard
  * basic/utf8: add function to convert to ASCII
  * makefs: fix label for vfat filesystems
  * makefs: fix too-long ext2/3/4 labels
  * makefs: fix too-long swap labels
  * makefs: add "support" for f2fs
  * man: document fs types known to makefs
  * analyze: supress bogus compiler warning
  * tmpfiles: split out config for systemd-resolve
  * Merge pull request #21392 from keszybz/memleak-fix-and-assorted-fs-code-cleanups
  * shared/json: stop using long double
  * test-sizeof: add intmax types
  * shared/json: use int64_t instead of intmax_t
  * meson: add check:true/false to all run_command() invocations
  * Merge pull request #21436 from yuwata/network-bus-introspect
  * Merge pull request #21444 from poettering/gpt-test
  * shared/gpt: drop outdated comment
  * shared/base-filesystem: add (empty) iffdery for the table
  * shared/base-filesystem: add define for arm64
  * shared/base-filesystem: add define for ppc64el
  * shared/base-filesystem: add define for riscv64
  * shared/base-filesystem: add define for arm
  * shared/base-filesystem: m68k is 32-bit only
  * shared/base-filesystem: add define for s390x
  * docs: switch the first two columns in partition uuid list
  * shared/gpt: reorder arches alphabetically
  * shared/gpt: add a macro to make the definitions a bit less onerous
  * shared/gpt: add entries for a bunch of architectures
  * shared/gpt: ARM_64 → ARM64
  * docs: generate table from header using a script
  * shared/gpt: fix bit-flip in LoongArch root partition UUID
  * docs: document the partition UUID used by homed
  * Trivial style fixes
  * shared/base-filesystem: use LIB_ARCH_TUPLE instead of string
  * Add a trivial guard against using the same uuid twice
  * analyze: fix printing config when there is no main config file
  * udev/cdrom_id: use a macro to initialize context
  * resolved: move packet rewinder initalization inline
  * resolved: inline declarations of iterator variables
  * shared/format-table: add cosmetic initialization
  * resolved: add _unused_ annotations to appease clang
  * docs: remove comment that makes githubs renderer very angry
  * basic/architectures: sort by name and remove duplicates
  * shell-completion: add journalctl --facility
  * test-pretty-print: spelling nitpick
  * shared/format-table: drop unnecessary _cleanup_
  * dissect-image: reuse common exit path
  * dissect-image: do not enable "verification" when trying to acquire metadata
  * dissect-image: provide a more useful message when ENOMEDIUM is returned
  * Add debug logs of extension-release scanning
  * dissect-image: always say "file of image" when reporting about the image
  * Merge pull request #21517 from yuwata/network-long-hw-addr
  * Merge pull request #21522 from yuwata/home-fix-memleak
  * test-journal-flush: allow testing against specific files
  * test-journal-flush: do not croak on corrupted input files
  * Merge pull request #21360 from yuwata/network-json
  * Merge pull request #21501 from medhefgo/test
  * Merge pull request #21529 from keszybz/test-journal-flush-no-crash
  * basic/strv: inline variables and modernize style a bit
  * basic/strv: drop strv_free_free
  * basic/util: rename u64log2 to log2u64
  * basic/util: add macro variants of log2 functions
  * networkd: replace a table with log2 fields by a list
  * networkd: replace a table with log2 fields by a list
  * networkd: replace a table with log2 fields by a list
  * networkd: align table
  * networkd: replace a table with log2 fields by a list
  * meson: upgrade warning about bad init values to an error
  * Merge pull request #21537 from medhefgo/boot-sbat
  * Merge pull request #21531 from keszybz/log2-tables
  * Merge pull request #21534 from yuwata/udev-accept-longer-hw-address
  * Merge pull request #21541 from bluca/analyze_security_profile
  * Merge pull request #21532 from yuwata/network-json-more
  * man: add missing plural and reorder sentence
  * man: fix typo
  * basic/architecture: sort and reindent one more table
  * Merge pull request #21578 from bluca/json_spec
  * oomd: use type suffix instead of casting
  * Merge pull request #21580 from bluca/core_fork
  * test-sizeof: show stack and heap randomization
  * man: prettify line number handling in python example
  * tmpfiles: 'st' may have been used uninitialized
  * meson: add config setting to select between openssl and gcrypt
  * import: port importd from libgcrypt to openssl^gcrypt
  * resolved: split out function to generate signature
  * resolved: split out function to hash signature
  * port string_hashsum from libgcrypt to openssl^gcrypt
  * resolved: do not use BN_dup() unnecessarilly
  * ci: temporarily set -Wno-deprecated-declarations in Packit
  * ci: expand the test framework to cover openssl
  * meson: disallow the combination of cryptolib=openssl and dns-over-tls=gnutls
  * Merge pull request #21599 from loongarch64/dev-syscalls
  * Merge pull request #21170 from keszybz/delibgcryptify
  * Merge pull request #21628 from yuwata/man-network-dnssec
  * Merge pull request #21629 from yuwata/man-netdev-update
  * Merge pull request #21623 from nabijaczleweli/ekstrahuje
  * Merge pull request #21621 from mrc0mmand/lgtm-false-positive
  * Merge pull request #21454 from bluca/inspect_elf
  * Merge pull request #21372 from DaanDeMeyer/journal-truncate
  * Merge pull request #21598 from DaanDeMeyer/journald-file
  * Merge pull request #21307 from medhefgo/boot-alloc
  * Merge pull request #20522 from yuwata/cgroup-fix
  * Merge pull request #21264 from medhefgo/boot-lto
  * Merge pull request #21625 from yuwata/network-dhcp-6rd
  * Merge pull request #20476 from jamacku/new-feature-reloaded-stamp
  * meson: drop libgcrypt dep from resolved tests
  * gitignore: remove patterns for build files in source dir
  * test-dhcp-option: rename variable to avoid global/local name conflict
  * test-exec-util: rename variable to avoid global/local name conflict
  * test-dhcp-option: inline iterator variable declarations
  * sysusers: use uppercase UID/GID consistently in messages
  * sysusers: use ordered_hashmap_isempty()
  * sysusers: add --dry-run
  * sysusers: improve message about conflicting entries
  * sysusers: raise level of message about UID/GID being already used
  * Merge pull request #21691 from yuwata/network-route-prefix-length
  * Bump the max number of inodes for /dev to a million
  * openssl: supress warnings about functions deprecated by openssl 3.0
  * Revert "ci: temporarily set -Wno-deprecated-declarations in Packit"
  * hwdb: ninja -C build update-hwdb-autosuspend
  * hwdb: update for v250
  * Bump the max number of inodes for /tmp to a million too
  * NEWS: adjust wording and reorder by category
  * man: bump Fedora version to 35
  * meson: add missing final newline in jinja2 outputs
  * NEWS: fix crucial cultural misappropriation
  * Merge pull request #21696 from keszybz/openssl-suppress-warnings
  * NEWS: add contributors
  * meson: bump numbers for v250-rc1
  * Merge pull request #21697 from keszybz/run-more-inodes
  * Merge pull request #21700 from keszybz/v250-hwdb
  * Merge pull request #21704 from keszybz/news-250-2
  * NEWS: final update before -rc1
  * man: let's not say we link to raw .rst file
  * Merge pull request #21722 from yuwata/bpf-framework
  * Merge pull request #20598 from tomty89/order_noauto
  * Merge pull request #21727 from medhefgo/ld
  * Merge pull request #21570 from AdrianVovk/stub-global-creds
  * Merge pull request #21664 from yuwata/network-tunnel-cleanups
  * Merge pull request #21614 from medhefgo/boot-bcd
  * man: reorder item
  * shared/creds: print debugging information when something goes wrong
  * man: make systemd-creds man page a bit easier to read
  * hostnamectl: add a chassis symbol in status output
  * journactl: show info about journal range only at debug level (#21775)
  * resolved: return immediately if we already know what to return
  * resolved: filter out our own stub resolvers when parsing servers
  * Merge pull request #21763 from yuwata/udevadm-write-only-attributes
  * tree-wide: make FOREACH_DIRENT_ALL define the iterator variable
  * Define FOREACH_DIRENT through FOREACH_DIRENT_ALL
  * Merge pull request #21766 from yuwata/network-generator-name-policy
  * units: enable systemd-network-generator by default
  * man: split out a paragraph and shorten the text about sd-network-generator
  * meson: don't compile import sources four times
  * meson: stop building out convenience libraries by default
  * meson: drop convenience library that was only used in one place
  * meson: drop three more single-use convenience libraries
  * Merge pull request #20559 from tomty89/stub_check_in_get
  * Merge pull request #21757 from DaanDeMeyer/boot-id
  * NEWS: update again
  * man: fix two typos
  * man: use unicode superscripts to indicate the exponent
  * udev/net_id: fix signedness in format string
  * udev/net_id: use STRLEN() to make code clearer
  * bootctl: write KERNEL_INSTALL_LAYOUT=bls and KERNEL_INSTALL_MACHINE_ID=…
  * bootctl: deprecate --make-machine-id-directory=auto
  * udev/net_id: add debug logging for construction of device names
  * man: describe $SYSTEMD_NSS_RESOLVE_VALIDATE
  * man: describe flags for record resolving
  * man: correctly document default for DNSSEC= and DNSoverTLS=
  * NEWS: add the boot loader stuff
  * hwdb: update for -rc3
  * nss-resolve: expose various source-disablement settings as variables
  * NEWS: add missing noun
  * shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit
  * shared/rm_rf: refactor rm_rf() to shorten code a bit
  * shared/rm-rf: loop over nested directories instead of instead of recursing
  * Merge pull request #21866 from yuwata/update-hwdb-and-news-v250
  * hostname: use _cleanup_ in one more place
  * shared: re-wrap comment
  * src/basic: adjust grammar in comments
  * meson: move efi file lists closer to where they are used
  * meson: move efi summary() section to src/boot/efi
  * meson: report SBAT settings
  * Merge pull request #21869 from yuwata/sd-journal-fix-segfault
  * NEWS: finalize release
  * meson: create new libsystemd-core.so private shared library
  * meson: allow specifying a custom "tag" for the private shared libaries
  * test: ignore the error about our own libraries missing during image creation
  * meson: fix detection of libcryptsetup functions
  * Merge pull request #21970 from yuwata/seccomp-util-fix-build
  * core/bpf: avoid unnecessary initialization of variables, tighten scope
  * core/bpf: tighten handling of return values, improve messages
  * test-job-type: modernize code a bit
  * test-bpf-lsm: drop some parens
  * basic: adjust wording and wrapping of comments
  * Merge pull request #21941 from yuwata/hostname-handle-empty
  * docs: update branch names
  * various: fix three spelling issues found by fossies
  * po: drop Project-Id-Version from header template
  * coredump: do not crash if we failed to acquire exe path
  * basic/log: allow errno values higher than 255
  * meson: generate better arch defines for clang bpf compilation
  * hwdb: fix check for uppercasedness of match patterns
  * hwdb: make usb match patterns uppercase
  * Revert "udev: Import hwdb matches for USB devices"
  * fuzz-bcd: silence warning about always-true comparison
  * network: replace detailed netlink append messages with a single generic message
  * network: use SYNTHETIC_ERRNO in one more place
  * network: replace more detailed netlink append messages
  * network: split out netdev_create_message(), simplify logging
  * network: split out netdev_fill_fou_tunnel_message(), simplify logging
  * network: move logging from ipoib_set_netlink_message() to the caller
  * network: de-duplicate logging in bridge_vlan_append_info() and the caller
  * network: move logging from can_set_netlink_message() to the caller
  * network: split out link_configure_fill_message(), simplify logging
  * network: simplify logging in l2tp_create_session() and l2tp_create_tunnel()
  * network: simplify logging in macsec netdev code
  * network: adjust log message about MACsec associations
  * network: split out dhcp4_pd_create_6rd_tunnel_message(), simplify logging
  * network: split out neighbor_configure_message(), simplify logging
  * network: move logging from tc .fill_message to the callers
  * network: simplify logging in request_process_bridge_fdb()
  * network: move logging from qdisc_configure()/tclass_configure() to the caller
  * network: move logging from routing_policy_rule_set_netlink_message() to the callers
  * network: move logging from route_set_netlink_message() to the callers
  * tests: log_tests_skipped() already appends ", skipping tests"
  * Merge pull request #21981 from medhefgo/boot-cleanup
  * man: add better descriptions of what event handlers do
  * man: add example of sd_event_add_child()
  * logind: do not propagate error in delayed action
  * Merge pull request #22006 from yuwata/on-ac-power
  * Merge pull request #22013 from yuwata/fstab-generator-skip-nfsroot
  * seccomp: move arch_prctl to @default
  * man: add missing example title in systemd.network(5)
  * man: refer to os-release(5) for description of files in the same format
  * man: adjust chart in bootup(5)
  * bpf: actually skip RestrictFileSystems= when not supported
  * units: start systemd-resolved in basic.target
  * bpf: adjust comment about not calling sym_bpf_link__destroy
  * xdg-autostart-generator: make parameter const
  * Merge pull request #22019 from lnussel/shutdown
  * xdg-autostart-generator: rework debug logging
  * docs: fix typo in key name and adjust grammar a bit
  * Merge pull request #22050 from wat-ze-hex/bpf-lsm-check-for-link-error-2022-01-07
  * bootctl: split out the check whether sd-boot is installed
  * bootctl: do not update sd-boot if it wasn't installed in the first place
  * nss: drop dummy setup_logging() helpers
  * nss: only read logging config from environment variables
  * network: say that our example files are licensed as CC0
  * network: license all config files as CC0
  * network: add example file that enables DHCP on ethernet links
  * shutdown: adjust log message
  * NEWS: adjust links to moved pages
  * README: link to the new page
  * docs: use https:// for fd.o links
  * policy files: adjust landing page link
  * docs: import the Journal Export Format description from the wiki
  * docs: import the Journal JSON Format description as subsection
  * man+docs: adjust links to the new page
  * docs: promise stability for the journal json format too
  * Merge pull request #22092 from keszybz/docs-links
  * networkctl: open the bus just once
  * networkctl: use xsprintf a bit more
  * sd-device: silence gcc warning with newest gcc
  * sd-device: drop unnecessary parenthesis
  * man: enhance the description of systemd-stdio-bridge
  * stdio-bridge: make the error more straightforward
  * stdio-bridge: trim whitespace and braces
  * meson: drop unused SYSTEMD_STDIO_BRIDGE_BINARY_PATH
  * Merge pull request #22093 from yuwata/meson-bpftool-version
  * Merge pull request #21805 from наб
  * kernel-install: add new variable $KERNEL_INSTALL_INITRD_GENERATOR
  * Merge pull request #22163 from bluca/extension_images_validation
  * Merge pull request #22172 from yuwata/udev-sd-device-more-debugging-logs
  * Use ASSERT_PTR() in more places
  * shared/specifier: treat NULL the same as ""
  * core: add %y/%Y specifiers for the fragment path of the unit
  * test-load-fragment: add a basic test for config_parse_unit_env_file()
  * core/execute: use _cleanup_ in exec_context_load_environment()
  * test-env-file: add tests for quoting in env files
  * user-runtime-dir: error out immediately if mkdir fails
  * kernel-install: k-i already creates $ENTRY_DIR_ABS, no need to do it again
  * kernel-install: prefix errors with "Error:", exit immediately
  * kernel-install: add "$KERNEL_INSTALL_STAGING_AREA" directory
  * kernel-install: add missing log line
  * basic: do not warn in mkdir_p() when parent directory exists
  * docs: more internal links
  * systemctl: expand error message
  * NEWS: minor grammar adjustment
  * share/gpt: add stringified defines for GPT partition types
  * homework: avoid runtime formatting of a fixed string
  * manager: do not ignore the return value from the main loop
  * manager: if we are reexecuting, do not invoke any fallbacks
  * manager: add few ", ignoring" and adjust level in one message
  * manager: add {} around cpu sets, use range formatting
  * Merge pull request #22579 from ml-/fix-discoverable-partitions-table
  * Merge pull request #22585 from poettering/analyze-split-up
  * Merge pull request #22574 from yuwata/network-dhcp-pd-fixes
  * Merge pull request #22592 from yuwata/test-oomd-util-fixlets
  * man: adjust command for Fedora installations
  * man/systemd-analyze: split out example to a separate section
  * man/systemd-network: reword descriptions of DHCPPrefixDelegation= and dst-host
  * man: various issues reported in #22432
  * Merge pull request #22600 from poettering/timestamp_is_set-more
  * Merge pull request #22414 from yuwata/resolve-synthesize-empty-domain-follow-up
  * Merge pull request #22608 from keszybz/doc-cleanups
  * Merge pull request #22605 from yuwata/test-journal-send-fd-leaks
  * Merge pull request #22607 from yuwata/network-address-hash-func
  * Merge pull request #22620 from yuwata/network-drop-detailed-log-messages
  * man: recommend built-in platform.freedesktop_os_release() in our page
  * meson: do not use split() in file lists
  * meson: use files() for libudevd_core_sources too
  * meson: move files' closing brace to separate line
  * Merge pull request #22644 from keszybz/meson-no-split
  * man: drop outdated info about polkit in pid1
  * man: say that we ignore ignored options
  * man: fix formatting of macros in sd_bus_add_object
  * man: describe capability checks on the bus
  * man: tweak description of auto/noauto
  * man: describe UNIT=/USER_UNIT=
  * journalctl: advertise --header a bit more
  * Merge pull request #22663 from keszybz/various-man-page-bits
  * TEST-29: trim output a bit
  * portablectl: reorder if branches to match previous conditional in the same function
  * portable: inline one variable declaration
  * docs: add more links for portabled
  * portable: add return parameter to GetImageMetadataWithExtensions
  * Merge pull request #22656 from keszybz/portablectl-method2
  * core: manage SetShowStatus through polkit
  * TEST-68-PROPAGATE-EXIT-STATUS: deobfuscate shell code and fix typo
  * TEST-68: enhance testing of chained commands
  * various: align vertically for ease of reading
  * manager: adjust comment
  * manager: log how many OnSuccess/OnFailure jobs were started
  * manager/service: when we spawn, say why
  * manager/service: when we have multiple candidates to handle, warn
  * manager: prevent cleanup of triggering units before we start the handler
  * manager: pass monitor metadata in more cases
  * shared/install: consistently use 'lp' as the name for the LookupPaths instance
  * shared/install: drop unnecessary parentheses
  * shared/install: drop unnecessary casts
  * tree-wide: use strv_contains() in more places
  * shared/install: adjust comment formatting
  * man/systemd.exec: tweak markup a bit
  * systemctl: drop left-over parens
  * systemctl: remove unused parameter
  * basic/env-file: inline one variable declaration
  * shared/install: do not print aliases longer than UNIT_NAME_MAX
  * shared/install-printf: drop now-unused install_path_printf()
  * systemctl: fix operations on relative paths
  * shared/bootspec: reduce scope of variables
  * efi: use CMP() more
  * Merge pull request #22519 from poettering/boot-order-title-revert
  * sd-boot+bootctl: invert order of entries w/o sort-key
  * various: make parse_env_file error handling the same in various places
  * Merge pull request #22740 from yuwata/list
  * fuzz: rename the longest test samples
  * fuzz: rename fuzz-dhcp-server-relay-message to fuzz-dhcp-server-relay
  * test-nss-host: increase timeout
  * Merge pull request #20156 from poettering/sysupdate
  * spelling: weekday names are capitalized
  * man: cross-link to BLS in more places, use "Type #1", "Type #2" as appropriate
  * Drop unused variables to fix build
  * basic/strv: avoid potential UB with references to array[-1]
  * Merge pull request #22813 from poettering/sd-boot-man-fixes
  * Merge pull request #22778 from poettering/kernel-install-layout-rework
  * man: clarify that options set the message fields and are not derived from them
  * tools/dbus_exporter: deblackify and shorten code a bit
  * sd-bus: use _cleanup_ in one more place
  * errno-to-awk: simplify expression
  * homework: s/EWOULDBLOCK/EAGAIN/
  * NEWS: initial writeup for v251
  * meson: replace sh+find with an internal glob in the python helper
  * strv: declare iterator of FOREACH_STRING() in the loop
  * systemctl: use the right name in error message
  * Merge pull request #22836 from poettering/more-build-image-docs
  * various: inline some iterator variables
  * TEST-68: get rid of unnecessary descriptions
  * TEST-68: instead of calling daemon-reload, just use different cleanup units
  * NEWS: tweaks
  * basic/unit-file: split out the subroutine for symlink verification
  * basic/stat-util: add null_or_empty_path_with_root()
  * shared/install: reuse the standard symlink verification subroutine
  * shared/install: add a bit more quoting
  * test: add test for systemctl link & enable
  * tests: add helper for creating tempfiles with content
  * man: clarify the descriptions of aliases and linked unit files
  * basic: add new variable $SYSTEMD_OS_RELEASE to override location of os-release
  * test-os-util: add basic tests for os-release parsing
  * basic/env-file: make load-env-file deduplicate entries with the same key
  * man/os-release: add a note about repeating entries
  * shared/specifier: clarify and add test for missing data
  * shared/specifier: provide proper error messages when specifiers fail to read files
  * shared/install: provide proper error messages when invalid specifiers are used
  * shared/install: move scope into InstallContext
  * shared/specifier: fix %u/%U/%g/%G when called as unprivileged user
  * shared/install: simplify unit_file_dump_changes()
  * shared/install: propagate errors about invalid aliases and such too
  * shared/install: return failure when enablement fails, but process as much as possible
  * systemctl: fix silent failure when --root is not found
  * shared/install: also check for self-aliases during installation and ignore them
  * man: fix invalid description of template handling in WantedBy=
  * install: when linking a file, create the link first or abort
  * shared/install: split unit_file_{disable,enable}() so _reenable doesn't do setup twice
  * shared/install: fix reenable on linked unit files
  * test-systemctl-enable: extend the test for repeated WantedBy/RequiredBy
  * shared/install: when we fail to chase a symlink, show some logs
  * shared/install: do not try to resolve symlinks outside of root directory
  * test-systemctl-enable: enhance the test for unit file linking
  * shared/install: skip unnecessary chasing of symlinks in disable
  * shared/install: also remove symlinks like .wants/foo@one.service → ../foo@one.service
  * shared/install: create relative symlinks for enablement and aliasing
  * shared/install: when looking for symlinks in .wants/.requires, ignore symlink target
  * shared/install: stop passing duplicate root argument to install_name_printf()
  * basic/unit-file: reverse negative conditional
  * shared/install: split UNIT_FILE_SYMLINK into two states
  * shared/install: fix handling of a linked unit file
  * test-systemctl-enable: make shellcheck happy
  * shared/install: when creating symlinks, accept different but equivalent symlinks
  * test-systemctl-enable: use magic syntax to allow inverted tests
  * test-systemctl-enable: also use freshly-built systemd-id128
  * test-systemctl-enable: disable the test for %a for now
  * Rename UnitFileScope to LookupScope
  * Merge pull request #22843 from poettering/bootspec-json
  * cryptsetup: shorten message a bit
  * hwdb: fix parser to work with newer pyparsing
  * hwdb: update for v251
  * hwdb: update autosuspend entries
  * Merge pull request #22894 from keszybz/hwdb-update
  * NEWS: two more small features and some rewordings
  * tools/git-contrib: list contributions not only from Weblate
  * NEWS: update contributor list
  * meson: bump numbers for v251-rc1
  * Merge pull request #22871 from yuwata/udev-worker-error-code
  * Merge pull request #22649 from keszybz/symlink-enablement-yet-again-punish-me-harder
  * test-systemctl-enable: skip test for %v if kver is not a valid instance
  * NEWS: add entry for the unit enablement stuff
  * veritysetup: fix parsing of root-hash-signature= option
  * bootctl: do not call acquire_esp() twice
  * bootctl: unify boot entry loading for "status" and "list"
  * man: fix tag syntax
  * man: add annotated example for bootctl status & list
  * Merge pull request #22956 from yuwata/network-fix-permission-error
  * README: say kernel 4.15 is the minimum recommended
  * README: describe taint flags and how to check them
  * manager: fix typo
  * tests: add a smoke test for --version option in binaries
  * test/check-help: check that --help and -h are identical
  * pid1: make --help output fit in 80 columns
  * firstboot: make --help output fit in 80 columns
  * test: do --help/--version checks for systemd, firstboot, cryptenroll, s-n-w-o
  * meson: also allow setting GIT_VERSION via templates
  * meson: make kernel-install a template file, add --version, add to tests
  * manager: rework manager_taint_string()
  * Add new test-manager.c and "test" manager_taint_string()
  * basic/strv: fix typos and confusion whether we are escaping or unescaping
  * hwdb: drop boilerplate about match patterns being unstable
  * core: inline an iterator variable
  * README: add one more kernel-version line
  * Merge pull request #21795 from Werkov/bfq-io-weight-2
  * Move systemd_installation_has_version() to src/nspawn/
  * nspawn: fix comparisons of versions with non-numerical suffixes
  * test-nspawn-util: fix the test to actually find anything
  * Move path_simplify_and_warn() to new shared/parse-helpers.c
  * Merge parse-socket-bind-item.? into parse-helpers.?
  * various: add missing "#pragma once"
  * syscalls: update syscall definitions
  * Add comments about deprecated specifiers
  * shared/specifier: make sure we set the output variable even for void answers
  * Merge pull request #23038 from yuwata/udev-log-once
  * test-unit-name: add missing tests for specifiers, fix existing tests
  * tree-wide: host_name → hostname
  * Fix man page links
  * man: add landing page for sd-device
  * man: say libudev should not be used for new projects
  * man: add page for sd_device_{ref,unref,unrefp}
  * docs: stop recommending meson compile
  * README: recommend zstd over xz
  * docs/RELEASE: also mention syscall tables
  * man: add "internal" to "reference counter"
  * Merge pull request #23002 from yuwata/udev-use-child-event
  * shared/install: fix crash when reenable is called without --root
  * shared/seccomp: add note about clone2() being unimportant
  * manager: prohibit clone3() in seccomp filters
  * meson: simplify setting of default compression
  * meson: use a single constant for default compression setting
  * Merge pull request #23160 from keszybz/compress-defines
  * oomd: actually fail if configuration is bad
  * Merge pull request #23131 from poettering/shared-compress
  * Merge pull request #23119 from yuwata/test-sd-device-exclude-bdi
  * Merge pull request #23204 from bluca/install_tag
  * man: beef up the description of systemd-oomd.service
  * man: direct users to systemd-oomd if they read about OOMPolicy
  * oomd: "descendent" → "descendant"
  * man: cross-advertize bootctl and systemctl boot loader support
  * TODO: more entries for bootctl
  * Merge pull request #23200 from keszybz/oomd-docs
  * Merge pull request #23216 from poettering/hwdb-v251-rc2
  * libsystemd-network: do not split messages in half
  * libsystemd-network: add assert about packet length
  * meson: also check c_args to maybe add -Wno-maybe-uninitialized
  * systemctl: stop saying "vendor preset"
  * fuzz: rename test cases for brevity and meaning
  * fuzz-network-parser: drop ".network" and shorten names
  * docs: say that fuzzer input samples should have short names
  * docs: use lowercase "qemu" and other minor tweaks to test docs
  * Merge pull request #23260 from yuwata/libsystemd-network-raw-size
  * tree-wide: drop manually-crafted message for missing variables
  * man: beef up o.fd.login1 page a bit and recommend busctl too
  * man: deduplicate dbus versioning ref
  * TODO: add entry about boot entries on the bus
  * meson: move udev rules to rules.d/
  * meson: move vconsole rules to rules.d/
  * bootctl: support --graceful in is-installed
  * bootctl: add --quiet
  * NEWS: update with final changes
  * hwdb: run "update-hwdb"
  * Merge pull request #23273 from keszybz/bootctl-quiet
  * Revert "shared/install: create relative symlinks for enablement and aliasing"
  * Merge pull request #23277 from keszybz/news-and-hwdb-update
  * docs/RELEASE: typo in target name
  * shared/terminal-util: don't use $COLORTERM to force colors
  * basic/strv: fix splitting of strings with escape characters
  * shared/json: disentangle flag mixup
  * dissect: drop unnecessary {}
  * docs/ARCHITECTURE: describe fuzzer locations and use
  * meson: sort list of fuzzers
  * shared/bootspec: add one more assert
  * Move printing of boot entries from bootctl.c to shared/
  * shared/bootspec: expose more parts of the config parsing
  * shared/bootspec: also export boot_config_load_type1()
  * Add fuzzer for the bootspec parser
  * shared/bootspec: avoid crashing on config without a value
  * fuzz-bootspec: one more test case that was fixed in strv code
  * fuzz-bootspec: also add loader autoentries
  * shared/bootspec: add missing terminator to table
  * fuzz-systemctl-parse-argv: refuse commandlines above 1k entries
  * fuzz-journal-remote: allow -ENODATA too
  * tree-wide: drop de-constifying casts for strv iteration
  * libsystemd-network: constify casts
  * basic/virt: use STRV_FOREACH instead of iteration with ELEMENTSOF
  * shared/dissect-image: apply standard indentation
  * shared/calendarspec: reduce scope of variables
  * json: align table
  * fuzz-json: optionally allow logging and output
  * shared/json: reduce scope of variables
  * fuzz-json: also do sorting and normalizing and other easy calls
  * shared/json: wrap long comments
  * shared/json: fix memory leak on failed normalization
  * shared/calendarspec: make function static void
  * fuzz-calendarspec: add input sample with a list of weekdays and all syntax characters
  * fuzz-calendarspec: increase coverage by calculating occurences
  * shared/calendarspec: wrap long comments and reduce scope of one var
  * test-calendarspec: tighten tests and add more logging
  * shared/calendarspec: fix printing of second ranges which start with 0
  * Merge pull request #23329 from superm1/mlimonci/lg850-gl
  * shared/calendarspec: fix formatting of entries which collapse to a star
  * shared/json: add helper to ref first, unref second
  * basic/alloc-util: remove unnecessary parens
  * fuzz-json: also try self-merge operations
  * shared/json: fix another memleak in normalization
  * shared/json: fix memleak in sort
  * fuzz-bootspec: limit input size
  * Merge pull request #23331 from kmoriwak/tmpfiles-quickref
  * logind: fix crash in logind on user-specified message string
  * logind: rename "log_message" to "log_verb"
  * tree-wide: use LOG_MESSAGE() where possible
  * core: use LOG_UNIT_MESSAGE() where appropriate
  * Optionally call printf on LOG_MESSAGE() arguments
  * Do LOG_MESSAGE_VERIFICATION in coverity runs
  * meson: turn on log-message-verification by default in developer builds
  * fuzz-dhcp-server: remove limit on input size
  * fuzzers: ignore size limits when compiled standalone
  * Merge pull request #23289 from yuwata/resolve-answer-add-rrsig
  * Add saturate_add() that generalizes size_add()
  * resolved: use saturate_add()
  * resolved: add DNS_ANSWER_REPLACE
  * resolved: add DNS_RR_REPLACE
  * resolved: add DNS_RESOURCE_KEY_REPLACE
  * resolved: add DNS_PACKET_REPLACE
  * man,mkosi: fedora 36 has been released
  * man: fix typo
  * networkd: reword debug messages
  * README: add missing colons and wrap to ~80 columns
  * README: recommend --no-rebuild for sudo meson install
  * README: say that recent releases are supported
  * rpm: remove check if systemd is running in a few cases
  * core/bpf: lsm_bpf_supported() returns a boolean
  * manager: skip BPF cleanup if we never initialized
  * docs: copy the page about network-online.target from the wiki
  * docs: say how to delay network-online.target
  * Clean up the text in description of strverscmp_improved()
  * basic: make macro-fundamental.h self-contained
  * fundamental/string-util-fundamental: include appropriate headers
  * fundamental: make strverscmp_improved() return -1/0/+1 in all cases
  * Add a "test" that prints the SBAT table
  * Merge pull request #23114 from yuwata/resolve-dnssec
  * test-string-util: include a copy of rpm's version comparison tests
  * NEWS: reword description of credstore
  * README: fix typo
  * Merge pull request #23417 from bnf/docs-dark-mode
  * analyze: sort/fix header includes in one place
  * analyze: use automatic cleanup in one more place
  * analyze: allow verbs to return positive failure
  * Merge pull request #23432 from bnf/docs-relative-links
  * analyze: add compare-versions
  * test-compare-versions: basic test for systemd-analyze compare-versions
  * version comparisons: stop using locale-dependent isdigit()
  * kernel-install: actually export KERNEL_INSTALL_VERBOSE
  * kernel-install: bail if machine id generation fails
  * kernel-install: debug the configuration detection if --verbose
  * kernel-install: fix detection of entry-token if $BOOT_ROOT is configured
  * portabled: refuse queries for empty image name
  * portabled: wrap long lines and fix typo in error message
  * basic/strv: add optimizable version of strv_push/consume/extend
  * resolved: use strv_extend_with_size() to avoid slow parsing of /etc/hosts
  * kernel-install: restore priority of check for /boot/loader/entries
  * docs: rename COREDUMP_PACKAGE_METADATA → ELF_PACKAGE_METADATA
  * Merge pull request #23460 from keszybz/docs-redirect
  * Merge pull request #23414 from keszybz/analyze-vercmp
  * Merge pull request #23344 from medhefgo/boot-config-add
  * Minor wording fixes
  * docs: reworder/rewrite BLS to read more like a specification
  * docs: /etc/os-release → os-release(3)
  * docs/BLS: rework the description of directory layout
  * kernel-install: ignore extra args passed when invoked as installkernel
  * basic/string-util: tweak strverscmp_improved() for some corner cases
  * docs/BLS: describe version comparisons
  * analyze: use '' instead of the empty string when showing versions
  * basic: add helper function to print </==/>
  * bootctl: when comparing versions, show the result
  * systemctl: make show/status honour --state and --type
  * man: do not say "additional symlinks" for mount/automount aliases
  * TODO: drop entry
  * man/systemd.automount: move the main description up and clarify deps
  * man/automount: say that automounts should not be nested
  * man/shutdown: explain -h more
  * man/sd-bus: discuss negative-return values and add example
  * man/homectl: adjust man page to match code
  * Merge pull request #23523 from evverx/oss-fuzz-links
  * docs/BLS: clear up the confusion about what $BOOT means
  * kernel-install: if a plugin fails, return error immediately
  * shared/find-esp: fix inverted check for XBOOTLDR type
  * shared/find-esp: enhance logging
  * Use descriptive name for nobody
  * Merge pull request #23548 from tpgxyz/lua2
  * Merge pull request #23529 from nabijaczleweli/dollar-asterisk
  * Merge pull request #23565 from bnf/man-nspawn-wording
  * Merge pull request #23533 from yuwata/portable-remove-drop-in-configs
  * tty-ask-password-agent: drop unnecessary code for non-absolute paths
  * shared/utmp-wtmp: pass information if entry is local to filter function
  * logind: align tables
  * logind: use consistent casing in message
  * tests: add a helper that dumps /run/utmp in detail
  * logind: do not print wall messages to local pseudoterminals
  * logind: rework wall message about pending shutdown/halt/reboot/…
  * logind: reduce scope of a few variables
  * systemctl: make function static
  * systemctl: drop translation of method names to descriptions in error message
  * man/systemctl: improve grammar in description of --check-inhibitors
  * shared/pager: print the name of the pager we'll try next in debug message
  * Merge pull request #23574 from keszybz/logind-pty-wall
  * Merge pull request #23575 from keszybz/logind-wall-message-cleanup
  * Move basic/recovery-key.* to shared/
  * various: add %m in messages
  * userwork: use a better errno value
  * meson: use files() for libcore_sources too
  * shared/bpf: install log callback and suppress most messages from libbpf
  * tests: drop pointless checks for root
  * test-socket-bind: fix comment
  * core: define a helper function for basic bpf checks
  * core/bpf: prefix log messages from different bpf subsystems
  * Merge pull request #23582 from bnf/dns-proxy-stub-ifindex
  * Merge pull request #23579 from yuwata/sha256-unaligned
  * Merge pull request #23576 from yuwata/network-erspan-version
  * core: rework variable initialization to avoid gcc warning
  * Merge pull request #23596 from keszybz/bpf-messages-more
  * sha256: fix compilation on efi-ia32
  * Merge pull request #23297 from medhefgo/trivial-auto-var-init
  * core: suppress message about missing libbpf if in initrd()
  * shared/microhttp-util: silence gcc warning
  * Merge pull request #23626 from sshedi/retval-fixes
  * basic/in-addr-util: add IN_ADDR_TO_STRING
  * networkctl: assume that we can always print local networking addresses
  * resolved: use TAKE_PTR() in one more place
  * libsystemd-network: minor simplification
  * basic/in-addr-util: drop check for prefix length in formatting function
  * basic/in-addr-util: add IN_ADDR_PREFIX_TO_STRING
  * tree-wide: convert inet_ntop() calls to anonymous-buffer macros
  * CODING_STYLE: say that inet_ntop() is a no no
  * various: use CONST_MAX for array allocation
  * Merge pull request #23621 from evverx/clang-release
  * basic/unit-file: make sure we don't call streq() on NULL
  * sd-hwdb: fix NULL arg to %s in error messages
  * sd-journal: fix NULL arg to %s in error messages and hashmap lookup
  * bootctl: inline iterator variable
  * shared/condition: reduce scope of variables
  * core: wrap some long comments
  * activate: reduce scope of iterator variables
  * basic/socket-util: align tables
  * sd-journal: use _cleanup_
  * sd-journal: inline variable declarations
  * test-mountpoint-util: fix NULL arg to %s
  * test-bus-address: silence gcc warning about NULL arg to strcmp()
  * test-load-fragment: don't print NULLs
  * Resolve conflicts between #23616 and the recent NFT additions
  * Merge pull request #23678 from aafeijoo-suse/shell-completion-cryptenroll
  * Merge pull request #23654 from keszybz/gcc-warnings
  * docs/BLS: move "boot counting" into the main spec
  * docs/AUTOMATIC_BOOT_ASSESSMENT: describe how to integrate a DE viability check
  * various: indentation
  * test-fstab-util: one more "NULL in printf %s"
  * test-dns-domain: a few more "NULL in printf %s"s
  * test-process-util: do not pass NULL to printf, simplify tests
  * test-udev-util: do not pass NULL to printf, style fixes
  * shared/bus-util: simplification
  * shared/bus-util: rename variables to follow newer style
  * systemctl: simplify code a bit
  * meson: add status unit format to summary
  * meson: use status-unit-format-default=name in developer mode
  * Merge pull request #23689 from yuwata/test-timedate
  * Merge pull request #23683 from keszybz/status-format
  * docs/CONTRIBUTING: ask people to send a ping on stalled reviews
  * shared/condition: accept size suffixes for ConditionMemory
  * Merge pull request #23707 from yuwata/dns_service_split
  * pkgconfig,rpm: expose vars for user-tmpfiles.d location
  * udevadm info: implement --no-pager
  * udevadm info: use pager for all output types
  * Merge pull request #23806 from keszybz/udevadm-info-pager
  * Merge pull request #23802 from yuwata/core-watchdog-follow-ups
  * logind: simplify code
  * test-sd-hwdb: adjust the test to actually do anything
  * Merge pull request #23827 from yuwata/sd-event-process-buffered-inotify-data
  * sd-id128: avoid an unnecessary function call in inline helper
  * Turn mempool_enabled() into a weak symbol
  * sd-netlink: remove sd_ prefix from static function
  * sd-daemon: remove sd_ prefix from static function
  * test-lib*-sym: print symbols names in addition to addresses
  * libsystemd: export sd-netlink
  * libsystemd: drop unexported sd-utf8
  * sd-bus: drop unused prototype
  * sd-bus: export sd_bus_error_setfv()
  * meson: update man-generation rules for sd_hwdb_new_from_path
  * man: document sd_bus_error_setfv()
  * sd-id128: rename and export sd_id128_string_equal()
  * man: rework the text in sd-id128
  * man: document sd_id128_string_equal()
  * sd-bus: export sd_bus_message_read_strv_extend()
  * man: document sd_bus_message_read_strv_extend()
  * sd-netlink: allow sd_netlink_message_read() to be used for union types
  * sd-event: allow sd_event_source_is_enabled() to return false for NULL
  * sd-event: let sd_event_source_set_enabled accept NULL
  * sd-bus: use assert_return() in public function sd_bus_message_dump
  * sd-bus: indentation
  * sd-netlink: rename sd_netlink_inc_rcvbuf → sd_netlink_increase_rxbuf
  * basic/socket-util: rename fd_inc_rcvbuf → fd_increase_rxbuf
  * docs/ARCHITECTURE: mention src/fundamental/ and add more details
  * logind: log wall messages to the journal
  * units: add IgnoreOnIsolate=yes to systemd-journald too
  * sd-journal: silence bogus gcc warning
  * tree-wide: use html links for kernel docs
  * homework: silence gcc warning
  * basic/list: drop LIST_IS_EMPTY
  * resolved: rename field to indicate that it's a list
  * sd-event: align table
  * sd-event: rename field to indicate that it's a list
  * sd-event: rename field to indicate that it's a list
  * udev: rename field
  * systemctl: rename field for clarity
  * test-list: rename field to indicate that it's a list
  * Merge pull request #23835 from yuwata/nspawn-private-users-identity
  * man/network: fix wording and syntax
  * Merge pull request #23865 from keszybz/drop-memcpy-call
  * Merge pull request #23088 from yuwata/udev-event-blocker
  * user: delegate cpu controller, assign weights to user slices
  * fuzz: rename samples to avoid long test names
  * man: fix link to glob(3)
  * tree-wide: drop duplicated semicolons
  * kernel-install: fix invocation as installkernel
  * kernel-install: do not let config file override variables
  * man: rework documentation of kernel-install config
  * kernel-install: do not silently ignore files we can't read
  * kernel-install: allow overriding the path to config files
  * kernel-install/90-loaderentry: make ownership change optional
  * Merge pull request #15205 from jlebon/pr/preset-all-firstboot
  * os-release: define SUPPORT_END=
  * Merge pull request #23943 from poettering/tmpfiles-errno-fix
  * man: redefine SUPPORT_END= to mean one day earlier
  * man: update the description of taint flags
  * manager: add taint flag "support-ended"
  * kernel-install: allow overriding the plugin list too
  * kernel-install: mark the plugins as executable in git
  * test-kernel-install: add a simple test that kernel-install copies the files
  * kernel-install: raise fuss if plugins are called without the expected parameters
  * kernel-install: return 0 for unknown verbs in plugins
  * kernel-install: use set -e
  * kernel-install: suppress bogus shellcheck hint
  * Merge pull request #23817 from yuwata/sd-device-send-udev-database-version
  * man: lift pam_systemd_homed description to Summary
  * kernel-install: add helper for logging
  * core: wrap long comments and capitalize sentences
  * man: fix formatting of "BARRIER=1"
  * environment-d-generator: use DEFINE_MAIN_FUNCTION()
  * hibernate-resume-generator: use DEFINE_MAIN_GENERATOR_FUNCTION()
  * bless-boot-generator: use DEFINE_MAIN_GENERATOR_FUNCTION()
  * generators: accept one or three args, do not write to /tmp
  * basic/log: split out invoked_by_systemd() utility function
  * generators: only redirect logging when invoked by systemd
  * fstab-generator: use path_equal() to detect alternate spellings of /usr
  * fstab-generator: properly report the source of data
  * fstab-generator: allow overriding path to /sysroot/etc/fstab too
  * fstab-generator: tweak comments
  * fstab-generator: rename 'post' variable
  * fsck,sulogin: fix cargo-culted comment
  * fstab-generator: do not skip /sysroot prefix if the mount point is missing
  * booctl: do not say uuids differ if one of the uuids is unset
  * Merge pull request #24051 from yuwata/json-fpclassify
  * gpt-auto-generator: include device name in error
  * various: reword message
  * man: make bootup charts narrower
  * Use a common define for the reload timeout
  * tests: add a simple test that checks what fexecve_or_execve does
  * manager: limit access to private dbus socket
  * fstab-generator: add mode to check /sysroot/etc/fstab and maybe do daemon-reload
  * units/initrd-parse-etc.service: only start units that are required
  * NEWS: add entries for v252
  * manager: allow assignment of properties on target/swap/device units
  * run: simplification
  * sd-messages: make the table wider
  * sd-messages: rename newly added constants
  * initrd-parse-etc: override argv[0] to avoid dracut issue
  * sd-netlink: prefix output param names with 'ret'
  * sd-netlink: constify parameters in public api and adjust pointer formatting
  * sd-netlink: rename sd_netlink_message_request_dump to sd_netlink_message_set_request_dump
  * sd-netlink: delete sd_netlink_new_from_fd()
  * sd-netlink: simplify error code retention
  * sd-netlink: group message cons methods together
  * sysusers: rename output params with 'ret'
  * sd-netlink: use SD_EVENT_ONESHOT for a time-based callback
  * sysusers: use log_syntax (changes prefix from '[%s:%u]' to '%s:%u:')
  * sysusers: do not reject non-simplified paths for shell/home
  * man: fix description of the config file argument
  * man: add "History" sections for removed settings
  * pid1: shorten advice message
  * Merge pull request #24352 from DaanDeMeyer/mkosi-opensuse
  * man: similar → similarly
  * man/crypttab: rework formatting in "key acquisition section"
  * shared/udev-util: say "ignoring device", not "ignoring"
  * sd-device: add helper to read a unsigned int attribute
  * on-ac-power: rework logic
  * on-ac-power: ignore devices with scope==Device
  * man/run: we accept relative paths for run
  * core: escape ExecStart command-line received over d-bus
  * sysusers: do not warn about values that equivalent
  * various: try to use DEFAULT_USER_SHELL for root too
  * sysusers: report the original error when writing fails
  * basic/user-util: avoid filesystem access check
  * basic/user-util: rename output param to ret, shorten code
  * tree-wide: change --kill-who to --kill-whom
  * Merge pull request #24567 from poettering/homed-wait-timeout
  * TODO: various things about partitioning
  * units: reorder/split unit dependency blocks
  * units/systemd-network-generator.service: add forgotten ordering for shutdown
  * units: add ordering dependencies on initrd-switch-root.target
  * units: add dependency ordering for emergency.service conflicts
  * units: make sure that initrd-switch-root.service pulls in .target
  * units: drop path to executable in $PATH
  * various: use "-" instead of "n/a" in tables
  * man: add missing subject in sentence
  * coredumpctl: rename table entry
  * Merge pull request #24670 from keszybz/early-boot-ordering
  * Merge pull request #24708 from keszybz/not-available-in-tables
  * hwdb: run "update-hwdb"
  * hwdb: run "update-hwdb-autosuspend"
  * man: "the initial RAM disk" → "the initrd"
  * headers: export partition uuids and flags in new sd-gpt.h file
  * tools/list-discoverable-partitions: make the script work again
  * sd-gpt, docs: define s390 before s390x
  * man/systemd-gpt-auto-generator: export type flags by name, trim table
  * man/systemd-gpt-auto-generator: reword phrasing about partition location
  * Delete CNAME
  * hostnamectl,localectl: use "(unset)" in empty fields
  * networkctl: use "-" for empty fields
  * docs/DPS: use the SD_GPT_* constants here too
  * sd-gpt: adjust comments and use UINT64_C()
  * shared/format-table: use enum instead of Table.empty_string
  * shared/format-table: use empty_string instead of hardcoding "-" for invalid values
  * Merge pull request #24781 from DaanDeMeyer/link-remove-check
  * tmpfiles: fix detection of unitialized-/etc
  * tmpfiles: downgrade message about unitialized-/etc
  * coredump: when parsing json, optionally copy the string first
  * coredump: shorten output about package metadata to one line
  * coredump: print build-id only when package version is missing
  * docs/CONTRIBUTING: explain various labels and add link to "reviewable" PRs
  * firstboot: add debug logging
  * Merge pull request #24639 from yuwata/test-mountpoint-util
  * docs/CONTRIBUTING: strenghten language about ABI stability, fix links, other tweaks
  * manager: fix/change evaluation of ConditionFirstBoot
  * man: add cross-links about preset operations
  * hwdb: run "update-hwdb"
  * hwdb: run "update-hwdb-autosuspend"
  * Merge pull request #24511 from martinetd/bpf1
  * sd-bus: decrease indentation
  * pam_systemd_home: inline loop variable declaration
  * basic/log: include the log syntax callback in the errno protection block
  * fuzz: shorten name of fuzz test case
  * man: use a list for description of ConditionFirmware=
  * NEWS: fix typos and reword things
  * basic/errno-util: add helper to protect and set errno in one step
  * shared/pam-util: add pam_syslog_errno() wrapper that sets errno
  * pam_systemd_home: use pam_syslog_errno()
  * pam_systemd: use pam_syslog_errno()
  * shared/pam-util: add pam_syslog_pam_error() wrapper
  * pam_systemd_home: use pam_syslog_pam_error()
  * pam_systemd: use pam_syslog_pam_error()
  * analyze: use the same error variable name as everywhere else
  * basic/stdio-util: allow xsprintf() to be used without any arguments
  * core,logind,systemctl,journald: replace calls to strerror() with setting errno + %m
  * shared/journal-importer: use %m instead of strerror()
  * basic: add STRERROR() wrapper for strerror_r()
  * tree-wide: use STRERROR()
  * tree-wide: define and use STRERROR_OR_EOF()
  * tree-wide: get rid of lgtm annotations
  * analyze: add forgotten return statement
  * core: adjust log message
  * sd-bus: make bus_error_message() a thread-safe macro
  * Get rid of strerror_safe()
  * man: use external .c files for three examples
  * man: recommend %m over strerror()
  * man: recommend strerror_r() over strerror()
  * man: use man7.org for strerror_r
  * tree-wide: drop () around the first argument of a ternary op
  * logind: do not emit beep in wall messages
  * basic/chase-symlinks: add note that CHASE_WARN is not for PID 1
  * shared/condition: avoid nss lookup in PID1
  * Merge pull request #24867 from yuwata/sd-dhcp6-client-large-packet
  * libsystemd-network: trivial simplification
  * basic/user-util: simplify variable declarations in fget{pw,gr}ent_sane()
  * Merge pull request #24784 from yuwata/core-exec-directory
  * Merge pull request #24974 from yuwata/sd-journal
  * shared/install: rename 'files' param to 'names'
  * shared/install: rename UnitFileChange to InstallChange
  * shared/install: rename 'unit file type' to 'install mode'
  * shared/install: rename UnitFileInstallInfo.type to .install_mode
  * shared/install: rename 'unit_file_change_type' to 'install_change' + followups
  * shared/install: rename 'UnitFileInstallInfo' to 'InstallInfo'
  * shared/install: use cleanup func for InstallInfo*
  * shared/install: print warning when unmasking unit with cmdline mask
  * Merge pull request #24461 from keszybz/better-unmask-message
  * manager: reformat boolean expression in unit_is_pristine()
  * NEWS: rework the description of systemd-measure a bit again
  * man: reword some awkward sentences
  * manager: rename dbus method
  * manager: allow transient units to have drop-ins
  * TEST-15: allow helper functions to accept other unit types
  * TEST-15: also test hierarchical drop-ins for slices
  * TEST-15: add test for transient units with drop-ins
  * TEST-15: add one more test for drop-in precedence
  * Merge pull request #24986 from keszybz/news-systemd-measure
  * Merge pull request #24919 from anitazha/varlinkserialize
  * core: modernize style of return param naming
  * core: simplify the return convention in manager_load_unit()
  * man: fix method name
  * manager: add DumpUnitsMatchingPatternsByFileDescriptor()
  * tree-wide: replace "plural(s)" by "plurals"
  * meson: drop repeated output in error message
  * Merge pull request #24992 from yuwata/sd-device-monitor-receive-buffer
  * Merge pull request #24777 from medhefgo/stub
  * analyze: use DumpUnitsMatchingPatternsByFileDescriptor
  * Merge pull request #25007 from keszybz/rename-dbus-dump
  * TEST-15: add test that shows slice dropin issue
  * TODO: drop entry
  * NEWS: add entries after 252-rc1, update contrib list
  * shared/json: allow json_variant_dump() to return an error
  * shared/json: use different return code for empty input
  * coredump: avoid deadlock when passing processed backtrace data
  * resolved,test-fileio: use "re" when opening files
  * shared/tpm2-util: wrap comments
  * tree-wide: do not use "re" with fmemopen
  * TEST-15: add daemon-reload in one place
  * machinectl: allow --max-addresses=0
  * shell-completion/zsh: silence error when machinectl is not installed
  * shell-completion/zsh: rename helper for clarity
  * Merge pull request #25073 from mrc0mmand/parse-hwdb-tweaks
  * Make comment about coordinating offline and online installation symmetric
  * tree-wide: inline declarations of sd_netlink_message iterators
  * resolved: drop unnecessary empty lines
  * test-local-addresses: inline iterator variable
  * test-local-addresses: drop racy check
  * meson: always use libatomic if found
  * shared/install: make install_changes_add propagate passed-in errno value
  * shared/install: add forgotten calls to install_changes_add()
  * shared/install: check that install_changes_add() didn't fail on success
  * systemctl,manager: refuse linking unit files underneath the search paths
  * man: fix count mismatch
  * Report version string as in the Boot Loader Spec, fix boot loader upgrades
  * Merge pull request #25120 from bluca/test_machineid
  * licenses: add a copy of MIT-0
  * man: change license of examples to MIT-0
  * systemd-sysv-install: change license to MIT-0
  * network: change license of examples to MIT-0
  * Merge pull request #25137 from yuwata/sd-device-drop-device-copy-properties
  * Merge pull request #25146 from keszybz/relicese-to-mit-0
  * meson: systemd-repart.standalone
  * sd-event: adjust indentation
  * man: grammarro
  * udevadm: merge two log stmts
  * mkosi: use the new mkosi.conf suffix
  * man: add note that network-generator is not a generator
  * sd-journal: make prot_from_flags() static and rename
  * tests: create test-limits-util.c for limits-util funcs
  * tests: create test-raw-clone.c for raw-clone.h
  * tests: move tests for PROTECT_ERRNO to the right file
  * tests: move tests for eqzero() to a new file
  * basic: create new basic/initrd-util.[ch] for initrd-related functions
  * basic: move container_get_leader() to process-util.[ch]
  * basic,shared: move disable_coredumps() to coredump-util.[ch]
  * basic: move version() to build.h+c
  * meson: add version.h as dependency to more targets
  * basic: move a bunch of cmdline-related funcs to new argv-util.c+h
  * basic: rename util.h to logarithm.h
  * basic/filesystems: fs_in_group() returns a boolean
  * Rename def.h to constants.h
  * Revert "initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs"
  * shared/mount-util: fix comment
  * shared: make libmount_parse() non-inline
  * basic/virt: treat missing /proc as sign of being in a chroot
  * test-fd-util: fix typos and use log_tests_skipped()
  * pid1: skip cleanup if root is not tmpfs/ramfs
  * ci: skip running on docs-only changes
  * ci: use mkosi executable directly
  * mkosi: drop spaces after shell redirection operator
  * Merge pull request #24555 from medhefgo/bootctl
  * tree-wide: BLS and DPS are now on uapi-group website
  * docs/BOOT_LOADER_INTERFACE: reword sentence to apply to both entry types
  * manager: fix format strings for trigger metadata
  * basic/strv: check printf arguments to strv_extendf()
  * bootctl: use grey-and-slash prefix for source in list too
  * man/journalctl: mention systemd-cat, make the description more direct
  * kernel-install: make 90-loadentry.install templated
  * kernel-install: add header to generate entry files
  * TODO: add item about mnt_fstype_is_netfs()
  * pam: align second and third columns
  * meson: resort imports
  * meson: regenerate meson rules
  * pam: add a call to pam_namespace
  * bootctl: make --json output normal json
  * tests: add a simple test that bootctl output is valid json
  * shared/json: make it possible to specify source name for strings too, add tests
  * shared/json: optimize appending objects to arrays
  * bootctl: use output mode where "[]" is written instead for empty output
  * coredump: adjust whitespace
  * Merge pull request #25603 from DaanDeMeyer/mkosi
  * Merge pull request #25541 from medhefgo/boot-reconnect
  * manager: do not append '\n' when writing sysctl settings
  * manager: define a string constant for LONG_MAX and use that for sysctl
  * manager: write net/unix/max_dgram_qlen sysctl as fixed string
  * Merge pull request #25618 from keszybz/sysctl-simplify-writing
  * gpt-auto-generator: do not write "noauto" in unit options
  * Merge pull request #25437 from YHNdnzj/systemctl-disable-warn-statically-enabled-services
  * Merge pull request #25537 from evverx/fuzz-resource-records
  * test: do the --help/--version checks for repart.standalone too
  * meson: build a standalone version of systemd-shutdown
  * man: reword sentence
  * Merge pull request #25616 from poettering/chase-symlinks-opendir
  * man: deemphasize "halt"
  * TEST-65: check cat-config operation in chroot
  * TEST-65: use [[ -v ]] more
  * ukify: add helper to create UKIs
  * meson,ukify: hook up ukify, add --version option
  * tests: add pytest tests for ukify
  * ukify: try to find the uname string in the linux image if not specified
  * man: add man page for ukify
  * ci: install pefile
  * ukify: allow multiple initrds
  * coredump: do not allow user to access coredumps with changed uid/gid/capabilities
  * Merge pull request #25653 from yuwata/base64_append
  * Merge pull request #25636 from thom311/th/wcast-align-fixes
  * udev: rework 60-evdev.rules to be "additive"
  * udev-builtin-keyboard: update description
  * udevadm: emit deprecation notice in udevadm hwdb
  * nspawn: realign columns
  * treewide: drop "RUN_" from "RUN_WITH_UMASK"
  * core/namespace: indentation
  * man: rework description of OOMPolicy= a bit
  * core,man: add missing integration of OOMPolicy= in scopes
  * coredump: cescape invalid json data before logging
  * NEWS: add a bunch of entries for v253
  * Merge pull request #25689 from YHNdnzj/systemctl-exit-code
  * shared: add new safe_fork flag FORK_PRIVATE_TMP
  * manager: execute generators in a mount namespace "sandbox"
  * tree-wide: use mode=0nnn for mount option
  * fstab-generator: use log message that matches reality
  * pam: actually align the columns
  * basic: do not output emojis if not on a proper terminal
  * socket-proxyd: do not hardcode -1 in a check for fd validity
  * sd-event: never pass negative errnos as signalfd to signalfd
  * tree-wide: use -EBADF for fd initialization
  * tree-wide: change initialization to use EBADF instead of EBADFD
  * tree-wide: use -EBADF also in pipe initializers
  * basic/fd-util: rearrange variable declarations
  * shared/dns-domain: reduce scope of variable declarations
  * userdb: fix typo
  * efi: do not use 'r' as pointer name
  * basic/hashmap: add comment
  * ukify: catch error when loading foreign pe file
  * github: update version in bug templates
  * ukify: check early if inputs exist and are readable
  * Merge branch 'systemd-security/coredump-capabilities'
  * fundamental: fix compile check for explicit_bzero
  * meson: use 0|1 for SD_BOOT
  * man: restore example formatting in systemd-coredump(8)
  * github: use 'meson setup'
  * man: fix issues reported by the manpage-l10n project
  * man: reword "string is extended into PCR"
  * Merge pull request #25661 from yuwata/systemctl-suppress-warning
  * man: minor corrections
  * man/sd_notify: fix indentation in sample programs
  * shared/install: rework InstallChange to always have .path set
  * shared/install: rework an assert to appease gcc-13
  * Merge pull request #25145 from yuwata/udevadm-trigger
  * Merge pull request #26153 from DaanDeMeyer/repart-remove-userns
  * sleep: do not abort if we try to query capacity of missing battery
  * test-sleep: add a very simple test that prints battery suspend estimates
  * sleep: reduce double logging and improve messages and comments a bit
  * sleep: fix memleak
  * Merge pull request #26159 from keszybz/capacity-to-crash
  * Merge pull request #26167 from ldv-alt/docs-fixes
  * man/bootctl: add missing markup
  * udevadm: add todo to remind us to remove compat code
  * NEWS: update for v253-rc1
  * test-sleep: reduce timeout
  * shared/efi-loader: fix compilation with !ENABLE_EFI, improve messages
  * github/labeller: add more match patterns
  * github/labeller: fix yaml syntax
  * Merge pull request #26209 from PeterCxy/doc-fido2-changes
  * sysusers: drop counterproductive bitfield annotations
  * pid1,sysusers: drop unused SYNTHETIC_ERRNO
  * meson: fail build on implicit int warnings
  * sysusers: insist that root group is 0
  * Merge pull request #26236 from medhefgo/meson-fixes
  * sysusers: add helper to create new Item
  * sysusers: when comparing items, log debug the difference
  * basic: reword some comments
  * basic/user-util: convert prefix_roota→path_join and use _cleanup_ more
  * basic/user-util: create /etc from take_etc_passwd_lock
  * test-sysusers: check that sysusers creates /etc when missing
  * core: split system/user job timeouts and make them configurable
  * NEWS: extend entry for systemd-journald-audit.socket
  * man: strengthen language about generator output
  * Merge pull request #26286 from keszybz/two-doc-updates
  * Merge pull request #26219 from yuwata/localed-follow-ups
  * Merge pull request #26292 from yuwata/locale-fix-enoent-handling
  * NEWS: adjust commas, avoid double negative
  * test: drop whitespace after shell redirection operators
  * tools: replace multi-line echo by <<EOF
  * docs/CODING_STYLE: add sentence about redirection operators
  * shared/linux: update kernel headers
  * sd-network: stop using fake flexible array
  * shared/linux: fix fake flexible array in struct autofs_dev_ioctl
  * repart: fix invalid errno in log
  * repart: silence bogus gcc warning
  * sd-journal: avoid use of fake flex arrays
  * shared/json: avoid use of fake flex array
  * meson: enable -Warray-bounds and -fstrict-flex-arrays
  * meson: enable -Wzero-length-bounds
  * resolve: define normal macros for BUS_ERROR_DNS error codes
  * resolve: adjust message for NXDOMAIN lookup result
  * Merge pull request #26338 from jamacku/fix-labeling
  * Merge pull request #26328 from yuwata/udev-worker-set-process-name
  * core/service: constify ExecCommand* in two functions
  * test-parse-util: add tests with explicit plus character
  * manager: "downgrade" message about command vanishing from the unit file
  * manager: improve message about Reload/Reexec requests
  * sd-bus: adjust line breaks
  * ukify: add explanatory message when import fails
  * hwdb: add override for IdeaPad5 insert key
  * man: fix section number
  * man: fix links to man pages
  * various: boldify version output
  * Merge pull request #26392 from bluca/news
  * sleep: use shared constant for freeze timeout
  * measure: wrap long lines and avoid one cast
  * efi/measure: adjust formatting
  * shared/hwdb-util: drop "variable" with a single use
  * man/tmpfiles.d: adjust the table in synopsis, improve spelling
  * TODO: add entry for time-based glob cleanup
  * meson: adjust whitespace handling in jinja2 rendering
  * tmpfiles.d: drop misleading comment
  * efi: drop executable-stack bit from .elf file
  * Merge pull request #26446 from medhefgo/efi-headers
  * test-set: drop left-over valgrind check
  * meson: merge our two valgrind configuration conditions into one
  * sd-journal: use a dynamic check for valgrind
  * test-set: inline two iterator declarations
  * shared/format-table: optionally print timestamps without "left"
  * systemctl: make list-timers not say "left" in "LEFT" column
  * Merge pull request #26556 from keszybz/list-timers-optimize-left
  * Merge pull request #26563 from dtardon/fd-init
  * Merge pull request #26651 from yuwata/meson-cleanups
  * meson: adjust for removal of gnu-efi compat
  * man: explain route-only domains a bit more
  * man: describe how cgroup controllers are turned on
  * man: tweak details in descriptions of pids and cpu configuration
  * man: add a note about session autogrouping
  * man: adjust description of CPUAccounting=
  * Merge pull request #26685 from yuwata/man-missing-services
  * localed: skip verification when libxkbcommon is not installed
  * man: add mention that libsystemd uses getenv()
  * man: use more references
  * Merge pull request #26678 from yuwata/foreach_array
  * localed: print a custom message if libxkbcommon.so is unvailable
  * Merge pull request #26038 from lilyinstarlight/fix/fstab-generator-sysroot-without-cmdline
  * tests: merge test-tmpfiles.c into test-tmpfile-util.c
  * manager: in dump, show controllers in "Delegate:"
  * udev/v4l_id: convert to run() and add error messages
  * man: document "Delegate=" a bit more
  * manager: in dump, show no controllers as "(none)"
  * cgtop: split out the main loop into a separate function
  * cgtop: drop counterproductive bitfields
  * cgls: stop showing cgroup ids and xattrs by default
  * cgls: add -x and -c options
  * core: reduce scope of variable
  * core: fix "(null)" in output
  * udev/ata_id: split out parse_argv()
  * udev/ata_id: convert to run()
  * udev/ata_id: drop unused output parameter
  * udev/ata_id: stop using errno, fix logic
  * udev/fido_id: implement --help
  * udev/mtd_probe: implement --help
  * udev/mtd_probe: convert to run()
  * udev/cdrom_id: do not abort on unknown options
  * udev: implement --version in all builtins
  * meson: add udev builtins to dist-check
  * udev/v4l_id: use O_CLOEXEC|O_NOCTTY
  * udev/ata_id: use unliagned helpers
  * Merge pull request #26867 from dtardon/list-dependencies-circular
  * test-fileio: add test for return value of read_one_line_file()
  * coredump: split out parse_auxv() to src/shared/
  * test-coredump-util: add tests for parse_aux()
  * test-coredump-util: also test parse_auxv() with unaligned data
  * Merge pull request #26785 from keszybz/udev-distcheck
  * Merge pull request #26920 from medhefgo/ukify
  * hwdb: drop boilerplate about match patterns in two more cases
  * tools: add dump-auxv.py
  * core/main: fix setting of arguments for shutdown
  * xdg-autostart-generator: do not warn about unknown fields
  * core/main: restore the correct assert about array position
  * oomd: add inline comments with param names
  * Merge pull request #26294 from yuwata/locale-verify-conf
  * busctl: do not truncate property values when --full
  * busctl: use size_t for set size
  * busctl: also assume --full if not writing to terminal
  * Revert "udev_rules_parse_file: do not skip ENOENT"
  * basic/stat-util: remove unused null_or_empty_fd()
  * shared/exec-util: null_or_empty_path() does not return boolean
  * Merge pull request #26707 from DaanDeMeyer/firstboot-modernize
  * Merge pull request #26883 from yuwata/rm-rf
  * pid1: fully disable coredumping to $PWD
  * bootctl: clean up handling of files with no version information
  * core: skip deps on oomd if v2 or memory unavailable
  * man: restore description of ConditionControlGroupController=v1|v2
  * user-sessions: do not remove /etc/nologin
  * basic/mkdir: simplify error handling
  * man/systemd-sysext: minor grammar optimizations
  * basic/fs-util: typo fix
  * core/service: inline one variable
  * shared/exec-util: reduce scope of iterator variables
  * core: typos in comments
  * core: simplify unit_escape_setting()
  * core: unify two similar paths, avoid formatting of unused string
  * man: move description of command line substitution out of ExecStart=
  * man/systemd.service: add example for char prefixes
  * man/sd_bus_message_open_container: mention two common errors
  * core: a more informative error when SetProperties/StartTransientUnit fails
  * sd-bus: use macros for standard bus error names consistently
  * manager: remove transient unit directory during startup
  * Merge pull request #27128 from keszybz/sd-bus-docs-and-error-messages
  * meson: redo grouping of tests under src/test/
  * test-core-unit: add new test file for unit_escape_setting() and friends
  * various: simplify calls to parse_boolean_argument()
  * Merge pull request #27143 from bluca/no_tpm
  * Merge pull request #27126 from yuwata/journal-compress
  * Merge pull request #27161 from pothos/sysext-refresh
  * Merge pull request #26887 from yuwata/proc-cmdline-filter-arguments
  * udev: restore compat symlink for nvme devices
  * Merge pull request #27169 from yuwata/udev-rule-refuse-unsafe-path
  * Merge pull request #27209 from jamacku/patch-1
  * man: link to Fedora 37
  * man/systemd-cryptenroll: update list of PCRs, link to uapi docs
  * mkosi: default to Fedora 38
  * fstab-generator: add missing phrase in comment
  * gpt-auto-generator: "translate" errno codes into proper messages
  * detect-virt: add message at debug level
  * basic/logarithm: add popcount() wrapper
  * core/unit: fix shell-escaping of strings
  * core/unit: rename UNIT_ESCAPE_EXEC_SYNTAX → *_ENV
  * core/unit: add UNIT_ESCAPE_EXEC_SYNTAX
  * core: fix writing of ExecStartEx and friends
  * run: simplify returning of status
  * run: split out creation of unit creation messages
  * run: add --expand-environment=no to disable server-side envvar expansion
  * man/systemd-run: add examples explaining how variable expansion is performed
  * run: expand variables also with --scope
  * testsuite-04: remove redirection, drop whitespace after redirection op
  * testsuite-04: remove unnecessary conditional
  * Merge pull request #27357 from bluca/example_logcontrol
  * test: drop uses of "&& { echo 'unexpected success'; exit 1; }"
  * testsuite-70: drop unnecessary env
  * testsuite-54: drop unnecessary pipe
  * test: use idiomatic bash loop iteration
  * Merge pull request #27113 from keszybz/variable-expansion-rework
  * shared/creds-util: return 0 for missing creds in read_credential_strings_many
  * resolved: adjust message about credentials
  * Merge pull request #26944 from aafeijoo-suse/systemd-network-generator-initrd-fix
  * Merge pull request #27408 from keszybz/creds-missing-message
  * Merge pull request #27411 from yuwata/udev-iocost-follow-ups
  * Merge pull request #27398 from yuwata/udev-rule-negative-match
  * man: use ukify more in systemd-measure examples
  * 90-loaderentry: make sure that variables are set
  * ukify: use UPPERCASE for parameter names
  * ukify: add missing header
  * meson: avoid building executables that won't be installed
  * meson: allow building .standalone on demand
  * test_ukify: fix loop iteration
  * test_ukify: fix two failing tests
  * ukify: rework option parsing to support a config file
  * ukify: PeError → PEError
  * test_ukify: add tests for the new functionality
  * 60-ukify: kernel-install plugin that calls ukify to create a UKI
  * test-kernel-install: test 60-ukify.install and 90-uki-copy.install
  * test/60-ukify: override stub location in tests
  * TODO: remove two entries
  * ukify: appease mypy
  * test_ukify: propagate failure
  * test_ukify: rework how --flakes argument is appended
  * ci: install pytest-flakes
  * man: describe all the changes to ukify
  * test_ukify: add test for combining config and cmdline
  * Merge pull request #27262 from keszybz/ukify-install
  * mkosi.build: use bash, use array for configuration options, shellcheckify
  * mkosi/fedora: silence warning about sysusers config mismatch
  * mkosi.build: print important build commands
  * test-udev: add an optional timeout argument
  * test_ukify: print message when skipping whole test file
  * pid1: drop duplicate include
  * Rewrite check-includes.pl in python
  * meson: include .cc files in tags too
  * meson: add check-includes test to the test suite
  * meson: fix indentation
  * check-includes: print path relative to project root
  * test: rewrite udev-test.pl in Python
  * test: drop udev-test.pl
  * test: rework how udev-test is invoked
  * test/run-unit-tests, TEST-02: skip tests where the interpeter is not installed
  * tools/check-includes: compat with Python 3.7
  * README: require python >= 3.7, clean up module descriptions
  * test-udev: skip test on python3.6
  * test-execute: use bash instead of perl
  * tools/oss-fuzz: s/perl/awk/
  * test: use sed and grep instead of perl
  * mkosi,ci: do not install perl
  * meson: add sd_pid_notify_barrier link
  * man: add libsystemd(3)
  * README: describe how our libraries are linked
  * docs: list all public headers in stability promise
  * Merge pull request #27652 from keszybz/readme-more
  * man: say that ProtectClock= also affects reads
  * man: explain allowed values for /sys/power/{disk,state}
  * man/tmpfiles: fix off-by-one in example
  * man: fixes for assorted issues reported by the manpage-l10n project
  * Merge pull request #27671 from keszybz/manpage-fixes-254-2
  * Merge pull request #27669 from keszybz/man-fixes-254
  * mkosi: use wildcard to shorten things
  * fuzz: rename long samples
  * meson: rename "fuzzers" suite to "fuzz"
  * meson: rename "dist-check" suite to "dist"
  * sd-bus: do not assert if bus description is not set
  * sd-bus,sd-event: allow querying of description even after fork
  * oomd: shorten message
  * vconsole-setup: reduce variable scope, shorten things
  * units: order getty units after getty-pre.target unconditionally
  * pid1: order units using TTYVHangup= after vconsole setup
  * rules: start systemd-vconsole-setup via unit
  * units: order sysinit.target, debug-shell.service after systemd-vconsole-setup
  * Merge pull request #27703 from keszybz/systemd-vconsole-ordering
  * units: do more reordering of ordering config
  * shared/generator: apply similar config reordering of generated units
  * units/systemd-repart: stop pretending that root config is executed in the initrd
  * units: make sure proc-sys-binfmt_misc.automount is actually stopped
  * firstboot: clarify that machine-id options are only offline, add missing docs
  * tmpfiles: align table
  * basic/user-util: return -ESRCH if passwd/group are missing
  * tmpfiles: add --graceful
  * repart: do not require /var/tmp if not used
  * man: extend description of --boot
  * units: create /dev with --graceful first, allow sysusers to run later
  * sysusers: add usual "ret_" prefix, fix messages
  * sysusers: fix argument confusion in error message
  * shared/condition: add envvar override for the check for first-boot
  * firstboot: process the root account after sysusers created it
  * firstboot: do vconsole setup after configuring keymap
  * firstboot: reload manager after writing /etc/locale.conf
  * localed: simplify method call
  * sd-boot,sd-stub: also print version after the address
  * Merge pull request #27483 from yuwata/udev-id-path-usb-revision
  * firstboot: synchronously wait for systemd-vconsole-setup.service/restart job
  * units: order systemd-firstboot after systemd-tmpfiles-setup
  * various: fix error message for bus_wait_for_jobs_new()
  * Merge pull request #27554 from ElvishJerricco/tmpfiles-c-escapes
  * Merge pull request #27746 from yuwata/unit-bidirectional-dep
  * man/tmpfiles: add more man page citerefs
  * gpt-auto-generator: rework/simplify logic for picking /efi or /boot
  * dissect: implement the same logic as gpt-auto-generator
  * test/README: fix advice for testsuite debugging
  * TEST-58: create config files as root
  * TEST-58: add echo calls to print what is happening
  * TEST-58: remove whitespace between redirection operator and its argument
  * man/analyze: reword description of malloc and fix link
  * man/analyze: drop paths from output examples
  * shared/ethtool-util: autogenerate table of link mode names
  * man: generate link mode list dynamically
  * Merge pull request #27842 from keszybz/man-page-links
  * man/repart: document partition creation order
  * man/systemctl: say that kexec loads the kernel, mention --force
  * man/systemd-gpt-auto-generator: mention that swap may be on luks too
  * man: extend description of .target a bit
  * shared/loop-util: use longer delay when waiting for loop device
  * basic/user-util: attach pointer symbol to return type, not function
  * dissect: use pager for --help
  * tests: drop unnecessary redirection of stderr
  * shared/loop-util: add comment
  * test-dlopen: allow loading of multiple libraries
  * test-fstab-generator: fix test on systemd with systemd-boot
  * units: pull in local-fs-pre.target from systemd-tmpfiles-setup-dev.service
  * various: remove typo/unusual spelling
  * test-bus-server: simplify return value handling
  * Merge pull request #27856 from arianvp/fix-bootctl-status
  * Merge pull request #27924 from poettering/low-battery-tool
  * Merge pull request #27871 from yuwata/udevadm-verify-downgrade-style-issues
  * ukify: make code pylint clean
  * ukify: simplify creation of parser
  * test_ukify: no stinky root needed for signing
  * test_ukify: pass through path to addon stub
  * ukify: add 'build' verb
  * meson: use "cpp -E -dM" to process header file
  * Merge pull request #27885 from DaanDeMeyer/please-dont-make-me-write-more-openat-helpers
  * Merge pull request #27882 from DaanDeMeyer/repart-truncate
  * meson: stop using nested lists for sources
  * meson: define _GNU_SOURCE as '1'
  * ukify: use pager for --help
  * ukify: fix synopsis in --help
  * man,test: root or hardware is not needed for ukify
  * ukify: split out iteration over phase path groups and keys
  * ukify: move verb mangling to finalize_options()
  * ukify: add 'genkey' verb
  * test_ukify: cleanups suggested by pylint
  * man: add example how to configure automatic signing
  * test_ukify: skip test requiring cryptography
  * man/ukify: add structure to describe verbs, document genkey
  * ukify: make the certficate validity configurable
  * Merge pull request #27946 from keszybz/ukify-genkey-verb
  * man: missing/misplaced periods
  * docs/CREDENTIALS: fix confusion of i.e. and e.g.
  * man/systemd-nspawn: fix indentation and parenthesis location
  * shared: improve messages about switch root operations
  * machinectl: fix message
  * Merge pull request #27941 from cvlc12/early_cpio
  * Merge pull request #28079 from Geass-LL/comment
  * meson: update man rules
  * pam: add macro wrapper to make code shorter
  * journal-remote: fix syntax in error message
  * basic/utf8: make utf8_encoded_to_unichar() return length of the codepoint
  * test-gunicode: add new test to show that unichar_iswide() is borked
  * string-util: pass ANSI sequences through unchanged
  * NEWS: drop doubled space after period
  * NEWS: reword/fix/extend the entries for v254
  * tree-wide: "<n>bit" → "<n>-bit"
  * autopkgtest: drop 'udev' test
  * hwdb: drop POINTINGSTICK_CONST_ACCEL
  * units/systemd-vconsole-setup.service: improve title
  * units/systemd-firstboot: start the service after systemd-vconsole-setup.service
  * Revert "pid1: order units using TTYVHangup= after vconsole setup"
  * pid1,vconsole-setup: take a lock for the console device
  * core: adjust indentation
  * units/systemd-vconsole-setup: suppress error when service is restarted
  * sd-device: simplify code flow
  * sysusers: add comments and simplify how set with names is created
  * Introduce RET_GATHER and use it in src/shared/
  * various: use RET_GATHER
  * bootctl: use RET_GATHER, return first error
  * coredump: use RET_NERRNO and RET_GATHER
  * gpt-auto-generator: use RET_GATHER, return first error
  * modules-load: use RET_GATHER, update error handling
  * network: use RET_GATHER
  * Merge pull request #28384 from ldv-alt/ERRNO_IS
  * sysusers: reduce duplication in param list definition
  * TODO: put journal-related stuff together
  * sd-device, basic: align backslashes and drop unnecessary parens
  * network: warning message fixlet
  * Deprecate efivar SystemdOptions
  * man: clarify DNSSEC= again
  * Merge pull request #28460 from bluca/scope_run_env
  * Merge pull request #28436 from rpigott/zsh-fixups
  * Merge pull request #28503 from bluca/rc
  * Merge pull request #28511 from YHNdnzj/gpt-auto-no-duplicate
  * Merge pull request #28548 from yuwata/meson-confext
  * Merge pull request #28544 from yuwata/fstab-generator-fsck
  * configure: update meson invocation
  * labeller: add build-system label
  * NEWS: fix misstatement
  * systemd-battery-check: provide more debug logs
  * man/systemd.service: advise Type=exec instead of Type=simple
  * gpt-auto-generator: fix warnings about unused func when !ENABLE_EFI
  * tests: skip static asserts on old clang versions
  * NEWS: expand list of new Startup* settings
  * NEWS: adjust grammar
  * journalctl: fix loggging invocation
  * manager: fix reloading in reload-or-restart --marked
  * rpm: add %systemd_postun_with_reload and %systemd_user_postun_with_reload
  * rpm: use rpm.execute() in more cases
  * rpm: add %systemd_user_daemon_reexec
  * Merge pull request #28521 from keszybz/rpm-reload
  * test: use pytest.raises wrapper
  * 60-ukify.install: fix whitespace
  * mailmap: "reduce contributor count by 13"
  * bsod: fix license tag
  * Mark all base64 files as generated
  * basic/errno-util: add wrappers which only accept negative errno
  * tree-wide: use cocinnelle to apply _NEG_ macros
  * shared/cgroup-show: do not format path twice
  * sd-id128: introduce ERRNO_IS_NEG_MACHINE_ID_UNSET
  * errno-util: allow ERRNO_IS_* to accept types wider than int
  * manager: use _NEG_ macros to reduce indentation, reword comments, drop parens
  * libsystemd: use _NEG_ macros, adjust some comments
  * libsystemd-network: use _NEG_ macros to reduce indentation
  * various: use _NEG_ macros to reduce indentation
  * shared/kbd-util: simplify error handling in keymap_exists()
  * nspawn,shared: make ERRNO_IS_SECCOMP_FATAL an inline func with _NEG_ variant
  * shared/barrier: remove parens
  * manager: fix error handling after failure to set up child
  * mount-tool,man: reword comments and error messages
  * mount-tool: reduce scope of iterator variables
  * test-umask-util: add test for get_process_umask()
  * basic/umask-util: drop clearing of unused bits in call to umask(2)
  * mount-tool: override mode of --tmpfs mounts to (rwxrwxrwx & ~umask)
  * Merge pull request #28914 from poettering/boot-poweroff
  * Merge pull request #28787 from yuwata/credential-next
  * meson: use 'sh' variable everywhere
  * Merge pull request #24175 from medhefgo/meson-feature
  * Merge pull request #28918 from yuwata/network-dhcp-custom-duid
  * man/repart: use <filename> and add missing <para>
  * Merge pull request #28917 from yuwata/network-address-pool
  * Merge pull request #28913 from keszybz/tmpfs-top-level-dir-mode
  * meson: simplify version_tag handling
  * meson: drop "versiondep" object
  * Merge pull request #28968 from DaanDeMeyer/rlimit
  * man/gpt-auto-generator: avoid saying "negative" for boolean
  * meson: restore specifications of dependency on version_h
  * man/ukify: fix synopsis
  * ukify: move to /usr/bin and mark as non non-experimental
  * ukify: fail if the config file was not read
  * Merge pull request #28900 from abderrahim/version-info
  * id128: add option -P to only show value
  * shared/id128-print: fix indentation, reduce variable scope
  * sd-id128: avoid one memcpy
  * sd-id128: export sd_id128_get_app_specific()
  * man: document sd_id128_get_app_specific
  * systemd-id128: properly document the show verb
  * id128-util: add id128_from_string_not_null()
  * various: use id128_from_string_not_null()
  * id128: allow combining --app with show
  * sd-id128: do not allow null 'app_id' param
  * id128: rework conditional to reduce indentation
  * TODO: add entry about service and socket units
  * man: add version information
  * Merge pull request #28971 from YHNdnzj/soft-reboot-is-better-switch-root
  * Merge pull request #29017 from msizanoen1/fix-onboot-rotate
  * test: shorten sample names, drop numerical prefixes
  * meson: disallow fuzz test names above 60 characters
  * Merge pull request #29038 from keszybz/test-name-length-enforcement
  * man/systemd-id128: fix example
  * id128: add forgotten option to --help
  * test: use 'until' instead of 'while !'
  * Merge pull request #29036 from YHNdnzj/hibernate-resume-when-battery-low
  * export: use highlighting in --help
  * bootctl: use pager in help
  * path: modernize, return first error
  * path: rename functions
  * path: add --no-pager option, enable pager by default
  * man: add versioned version of --no-pager, use for systemd-path
  * man/kernel-install: add more paragraph breaks, fix indentation
  * man/sd_notify: split out variable descriptions to a separate section
  * man: make the description of fd storage a bit more accessible
  * man/sd_notify: change recommendations about unsupported notifications
  * man/daemon: recommend status notications, mention fd store
  * test-path-util: add simple test for is_path() and is_device_path()
  * basic/path-util: do not say that /dev and /sys are device paths
  * basic/path-util: change 'char *func' to 'char* func'
  * basic: indent prototypes of two functions with many arguments
  * meson: restore tools/meson-vcs-tag.sh
  * man/daemon: s/init system/service manager/
  * sd-network: modernize log error messages
  * basic/parse-util: add helper to parse bounded unsigned values
  * man: update Fedora release information
  * Merge pull request #29215 from AdamWill/kmm-layoutorder-variant
  * Merge pull request #29122 from yuwata/network-allow-multiple-ipv6-null-addresses
  * Merge pull request #28919 from fbuihuu/custom-config-file-install-path
  * Merge pull request #29092 from yuwata/sd-dhcp-server-use-usec
  * meson: do not explicitly specify ownership of /var/log/journal/
  * basic/path-util: make path_simplify() skip leading '/..'
  * delta: inline iterator variable
  * core/dbus-path: use structured initialization in one more place
  * systemctl: link to all non-man-page files in help
  * tree-wide: add path_simplify_alloc() and use it
  * network: use a common helper to parse bounded ranges
  * network/netdev: use ASSERT_PTR() more, adjust indentation
  * network/vxlan: avoid unneccesary temporary variables
  * shared/ip-procotol-list: generalize and rework parse_ip_protocol()
  * network/fou-tunnel: simplify parsing of protocol number
  * network: refusing parsing negative flow labels
  * network/netdev: fix resetting of 'inherit' field
  * network/netdev: align tables
  * network: make DEFINE_NETDEV_CAST() assert on input and output
  * netdev/wireguard: define iterator variable in the loop
  * Merge pull request #29224 from keszybz/netdev-config-parsing
  * docs/FDS: add missing article and reword sentence
  * man/cryptenroll: link to crypttab(5) for examples
  * man/crypttab: do not recommend using /dev/sdX symlinks in /etc/crypttab
  * man/crypttab: add a more comprehensive example of encrypted device setup
  * man/crypttab: fix indentation
  * cryptenroll: align tables
  * cryptsetup: add parse_argv() and implement --version
  * cryptsetup: fail with error if extraneous arguments are specified
  * meson: move systemd-cryptsetup to /usr/bin
  * meson: add comments to compat symlinks
  * TEST-70: use new cryptsetup path
  * man: rename systemd-cryptsetup@.service → systemd-cryptsetup
  * Merge pull request #29296 from yuwata/sd-journal-several-cleanups-for-boot-id
  * kernel-install: describe usage as installkernel
  * exec-util: print executed commands in do_execute()
  * Rework unit_name_mangle_with_suffix() to (very slightly) simplify the path
  * Merge pull request #29420 from bluca/uefi_doc
  * test-loopback: suppress warning about ignored unused result
  * nspawn: drop unnecessary wrapper functions
  * fuzz-bus-match: drop unnecessary wrapper function
  * basic/macro: add comment explaining DEFINE_TRIVIAL_DESTRUCTOR()
  * Merge pull request #29440 from evelikov/more-auto-entries
  * basic/macro.h: move a bunch of stuff to macro-fundamental.h
  * kernel-install/90-loaderentry: do not read dtbs from /boot
  * man/kernel-install: fix formatting and document /etc/kernel/devicetree
  * kernel-install/60-ukify: add helper function for locating input files
  * ukify: fix .dtb section name in 'inspect'
  * kernel-install/60-ukify: also support the convention with 'devicetree' file
  * efi/boot: use DEFINE_TRIVIAL_CLEANUP_FUNC() in one more place
  * man: use consistent label for "Reboot Into Firmware Interface"
  * sd-boot: when rebooting or powering off, save config state
  * efi/boot: split out helper to reduce duplicate formatting code
  * efi/boot: make timeout changes relative to current value
  * efi/boot: use "else if" instead of explicit "continue"
  * efi/boot: adjust grammar and punctuation in comments
  * efi/boot: rename ConfigEntry to BootEntry
  * hibernate-resume: remove kernel/image version comparison when resuming
  * shared/pretty-print: drop unused flag
  * NEWS, man: move description of SR-IOV-R net naming to v255
  * shared/netif-naming-scheme: align tables
  * test: make sure that the default naming scheme name maps back to itself
  * Merge pull request #29242 from fbuihuu/update-main-config-file-headers
  * efi: do not memzero fields before initializing them
  * efi: drop unused xmalloc0()
  * meson: generate proper version tag when git fails on permission errors
  * pid1,vconsole-setup: lock /dev/console instead of the tty device
  * test-recurse-dir: work around nftw() ignoring symlinks()
  * Revert "rm-rf: Make sure we rewinddir() before readdir()"
  * basic/iovec-util: always call the iovec "iovec"
  * basic/iovec-util: drop IOVEC_NULL
  * basic/iovec-util: drop TAKE_IOVEC
  * basic/iovec-util: use FOREACH_ARRAY in one more place
  * shared/copy: rewind dir fd before using it for cleanup
  * analyze/cat-config: add switch to print only "interesting" parts of config files
  * shared/pretty-print: add highlighting
  * tmpfiles: add --tldr
  * sysusers: add --tldr
  * sysctl: add --tldr
  * binfmt: add --tldr
  * shared/pretty-print: skip redundant section headers with --tldr
  * NEWS: reword things, change ordering, remove one duplicate
  * NEWS: mention new rpm macros
  * man: use meaningful titles for <ulink>s
  * docs: fix title levels, remove unneded words
  * tree-wide: s/life-cycle/lifecycle/g
  * man: more hyperlinks and other fixes
  * man: "Documentation" is not part of the title
  * man/networkctl,systemd-soft-reboot: capitalize and add periods
  * man/systemd-stub: split and simplify a wall'o'text paragraph
  * NEWS: fix strange line break
  * man: link to new btrfs website for btrfs man pages
  * vmspawn: shorted --help output to fit in 80 columns
  * xdg-autostart: downgrade warning for missing executables
  * man: many fixes systemd-vmspawn(1)
  * meson: enable vmspawn by default in developer mode
  * vmspawn: add missing include
  * ukify: print a more readable synopsis in --help
  * ukify: show .sbom sections as text
  * Rename {dual,triple}_timestamp_get to {dual,triple}_timestamp_now
  * core/unit: use assert for checking internal call sanity
  * tree-wide: use the usual spelling of "cannot"
  * meson: fix printing of first-boot-full-preset
  * ukify: show .sbom sections as binary
  * Merge pull request #29928 from yuwata/meson-default-network
  * Merge pull request #29930 from yuwata/meson-default-network-fix-install-path
  * meson: use ternary op for brevity
  * NEWS: adjust indentation
  * hwdb: rename .html=>.csv
  * hwdb/acpi-update.py: streamline python code
  * man: document StartLimitIntervalSec=infinity
  * core: split out the helper to serialize/deserialize ratelimits
  * core: serialize and deserialize unit start ratelimits
  * core: serialize and deserialize auto start/stop ratelimit
  * core: use uniform style for RateLimit initialization
  * core: serialize and deserialize trigger ratelimits for socket and path
  * meson: always install network example files
  * man/sd_bus_process: fix confusion about "synchronous"
  * man: drop recommendation to use absolute paths in ExecStart*=
  * man: reword the list of PE sections in systemd-stub
  * man/systemd-vconsole-setup: improve markup
  * units: disable start rate limit for systemd-vconsole-setup.service
  * test-time-util: suppress timestamp conversion failures for Africa/Khartoum timezone
  * shared/cryptsetup-util: build problematic code only in developer mode
  * man/ukify: link to competing tools
  * kernel-install/60-ukify: use exec() instead of runpy
  * ukify: simplify import
  * ukify: avoid deprecated datetime call
  * core: fix comment
  * Merge pull request #30268 from yuwata/network-fix-too-many-waiting-replies
  * Merge pull request #30294 from bluca/news
  * core: when applying syscall filters, use ENOSYS for unknown calls
  * shared/seccomp-util: use the same error message for the same condition
  * core: turn on higher optimization level in seccomp
  * test-macro: use capital test names for macro tests
  * run: adjust indentation
  * run: fix bad escaping and memory ownership confusion
  * stdio-bridge: return immediately if we can
  * shared/verb: indentation
  * man/systemctl: fix indentation of <xi:include>'s
  * tests: fix section mapping in test_ukify.py
  * shared/edit-util: split out function to populate temp file
  * systemctl: add message when edit is aborted
  * systemctl: add "edit --stdin"
  * TEST-26: add test for systemctl edit --stdin
  * variuos: fwrite() does not set errno
  * networkd: unvoidify fwrite()
  * sd-journal/catalog: modernize write_catalog()
  * ukify: add test for --secureboot-certificate-validity=
  * ukify: remove stray line
  * ukify: raise error if genkey is called with no output arguments
  * coredump: keep core files for two weeks
  * Merge pull request #30353 from bluca/news
  * Merge pull request #29853 from YHNdnzj/sleep-automated
  * Merge pull request #29987 from yuwata/network-bridge-vlan
  * Merge pull request #30085 from YHNdnzj/networkctl-edit-runtime
  * Merge pull request #30302 from keszybz/systemd-edit-stdin
  * Merge pull request #30316 from mrc0mmand/revert-journal-upload-user
  * Merge pull request #30322 from YHNdnzj/hibernate-improvements
  * test_ukify: use Path-based fixtures
  * test_ukify: explicitly remove big temporary directories
  * test_ukify: formatting
  * test_ukify: raise timeout
  * Revert "packit: don't take ownership of /etc/ssh/sshd_config.d/"
  * Merge pull request #30232 from keszybz/ukify-imports
  * man/tmpfiles: update summary
  * man: use <simplelist> for file lists in synopsis
  * man: use <simplelist> for two more lists
  * NEWS: fix version
  * test-systemctl-enable: fix typo
  * tests: use relative paths in ExecStart= and friends
  * src/basic: "UidRange" → "UIDRange"
  * src/basic: rename uid-alloc-range.[ch] to uid-classification.[ch]
  * TEST-07: minor simplification
  * journal-remote: use macro wrapper instead of alloca to extend string
  * docs/UID-GIDS: mention that ranges are actually configurable
  * docs/UID-GIDS: use the modern spellings of pkg-config variables
  * meson: use a single line for one-item file lists
  * meson: drop arch filtering in syscall list
  * Update syscalls lists
  * basic/alloc-util: drop unnecessary parens
  * bsod: do not use STRLEN
  * shared/pretty-print: use normal else-if cascade
  * shared/pretty-print: inline one more variable declaration
  * journald: inline one variable declaration
  * pstore: align table
  * man/networkd.conf: remove strange comment
  * units: drop userdbd from homed's Also=
  * NEWS: announce plan to drop support for nscd
  * man: mention that preset-all is performed during early boot
  * preset: enable homed sidecar services
  * sysusers,tmpfiles: clarify error message for --replace
  * tmpfiles: adjust vertical whitespace
  * tmpfiles: only populate uid and gid caches once
  * tmpfiles: split out helper to open and read a "config file"
  * sysusers: convert to conf_file_read()
  * tmpfiles,sysusers: rework path argument handling
  * tmpfiles: inline variable declarations, use FOREACH_ARRAY and RET_GATHER
  * tmpfiles: break long log invocations and comments
  * tree-wide: use normal spelling of "reopen"
  * tmpfiles: split out verbs in help
  * tmpfiles: drop unnecessary assignment
  * tmpfiles: split out helper to open a directory
  * tmpfiles: use dir_cleanup() for R and D
  * tmpfiles: simplify how a helper function is called
  * tmpfiles: implement --dry-run
  * systemd-tmpfiles: use statx_mount_same
  * TEST-22: add --dry-run calls
  * TODO: add --dry-run/-n
  * journald: shorten code a bit and return error where it's useful
  * test-journald-config: indentation
  * man: reword paragraph about --forward-journal= and adjust spacing
  * vmspawn: rework --help
  * journal: use the usual spelling of "serialize"
  * core/kmod-setup: drop another pointless bitfield annotation
  * sysupdate: drop pointless bitfields
  * systemctl: drop pointless bitfield
  * timesyncd: reorder structs instead of useless bitfields
  * logind: drop bitfield annotations
  * analyze: always recommend saving the output to a file
  * test-ukify: skip signing in tests when slow tests are disabled
  * test-nss-hosts: treat negative host lookup as slow
  * Merge pull request #31178 from neighbourhoodie/add-old-website-content
  * docs: fix typo in page name
  * Revert "docs: use collections to structure the data"
  * docs: drop .md suffixes again
  * Merge pull request #31352 from DaanDeMeyer/versioning
  * man/sd_bus_service_reconnect.c: normalize whitespace
  * virt: wrap comment, add missing punctuation
  * shared/pam-util: fix awkward tense in log message
  * Merge pull request #31511 from jamacku/prepare-for-diff-shellcheck
  * various: use modern strv helpers
  * rpm/macros: drop compat define with a typo
  * rpm/macros: add %_kernel_install_dir
  * docs/UEFI_SECURITY: minor tweaks to the text
  * timedatectl: add -P
  * machinectl: add -P
  * Merge pull request #31597 from keszybz/option-P-for-machinectl-and-timedatectl
  * meson/man: allow man pages to use multiple conditions
  * constants: drop duplicated CONF_PATHS defines
  * shared/conf-parser: collapse pkgdir and conf_file args into one
  * shared/pretty-print: rename output parameters
  * udev,backlight,kernel-install: reword sentences starting with "Skipping to"
  * udevd: inline iterator variable
  * strv: add helper to extend strv from both sides
  * shared/conf-parser: use chase() in config_parse_many_files()
  * shared/conf-parser: add function which implements the standard config file set
  * various: use new config loader instead of config_parse_config_file()
  * man: document all the new paths
  * kernel-install: support full set of config files and drop-ins
  * bootctl: use the full parser too
  * shared/conf-parser: add two more annotations
  * Merge pull request #30480 from keszybz/kernel-install-more-paths
  * meson: .git can also be a file
  * meson: always use vcs_tag
  * Merge pull request #31771 from keszybz/meson-make-partial-builds-great-again
  * units: retitle systemd-pcrextend.{service,socket}, change TPM2→TPM
  * units/systemd-machine-id-commit: retitle
  * tools/elf2efi: align columns in tables, unify formatting
  * tools/elf2efi: split out function to create parser
  * tools/elf2efi: rework exception messages
  * units: drop "(Varlink)"
  * units: retitle systemd-bootctl*.{service,socket}
  * src/partition: remove unnecessary uses of "make sure"
  * NEWS: add initial version of changes in v256
  * TODO: various things noticed while writing NEWS
  * Merge pull request #31777 from keszybz/unit-retitling-and-comments
  * journal: use empty_to_null() in one more place
  * portablectl: add forgotten value to --help
  * test/TEST-46: drop whitespace after redirection operators
  * meson: use loops to unify repeated checks
  * meson: gcc docs say that name "c2x" is deprecated
  * meson: test with c++26 too
  * units: add one more equivalency of '-' in '_' on kernel cmdline
  * Rename uid0 to run0
  * TODO: drop entry about renaming
  * basic/missing_ioprio: include the proper header file
  * basic/missing_*.h: add asserts that the values are as expected
  * basic/missing_*.h: indentation tweaks
  * basic/missing_audit: add explanatory comment
  * src/basic: add yet another strdup helper
  * hostnamed: use strdup_to_full()
  * basic/cgroup-util: use strdup_to() and strdup_to_full() as appropriate
  * test-cgroup-util: reduce scope of iterator variables
  * various: use strdup_to() in various obvious cases
  * various: use strdup_to() after getenv()
  * various: also use strdup_to() in cases where we don't return immediately
  * basic/fileio: use strdup_to_full() in read_stripped_line()
  * systemd-analyze: use strdup_to()
  * coredump: use free_and_strdup_warn() more
  * basic/socket-util: use strdup_to() in sockaddr_pretty()
  * basic/string-util: use strdup_to() in string_extract_line()
  * Replace strdup_or_null() by strdup_to()
  * shared: use strdup_to() in specifier functions
  * sd-device: use strdup_to() and rename output param
  * sd-journal/catalog: use strdup_to(), rename output param
  * basic/time-util: use strdup_to() and reformat a bit
  * machinectl: use strdup_to() and move cleanup out of the loop
  * shared/dissect-image: use strdup_to_full() in one more place
  * logind: use strdup_to()
  * basic/unit-name: use strdup_to() in slice_build_parent_slice()
  * oomd: use strdup_to() and RET_GATHER()
  * core: use strdup_to()
  * shared/password-quality: inline iterator variable
  * tools/elf2efi: skip empty .got section and its .relro_padding
  * tools/elf2efi: elif→if to make pylint happy
  * Merge pull request #31779 from keszybz/elf2efi-clang-18
  * Merge pull request #31907 from mrc0mmand/efi-shenanigans
  * Drop unnecessary path_equal_ptr() wrapper
  * shared/install: use PATH_IN_SET()
  * Merge pull request #29721 from poettering/systemd-project
  * shared/logs-show: restore infinite loop avoidance for corrupted journals
  * man: update fedora example to F40
  * man: regenerate rules
  * man/notify-selfcontained-example: check argument first
  * man: align strings in sd_notify() examples
  * TEST-50: add tests for riscv{32,64}
  * sd-notify: fix unsetting of environment variable on error
  * man: sd_notify() does not fail if var is unset
  * Merge pull request #31435 from bluca/portable_fix_versioned
  * core: silence gcc warning about unitialized variable
  * ask-password: minor shortening
  * sd-bus: rework assert to make the gcc happy
  * networkd: report error if lease file cannot be loaded and ignore
  * meson: do not fail build with newer kernel headers
  * Merge pull request #31648 from neighbourhoodie/review-content
  * man: mention that sd_journal_test_cursor() needs a positioning call
  * Merge pull request #32365 from poettering/gpt-auto-doc-fix
  * Try path without sbin even if compiled with split-bin=true
  * sd-path: rename output param
  * NEWS: reword a few sentences
  * Merge pull request #32428 from poettering/sd-notify-reboot-param
  * Merge pull request #32435 from YHNdnzj/followup
  * core: drop unused param, move taint calculation to separate file
  * core/taint: make short_uid_range() not take a path
  * Merge pull request #32447 from keszybz/test-taint
  * NEWS: add warnings about read-only fs and libkmod being dlopen'ed
  * man: reword text and fix tense in description of sd_event_source_set_io_fd
  * manager: resolve verb/noun mixup in log message
  * preset-all: continue on errors, report more errors
  * vmspawn: indentation
  * shared: fix comment
  * repart,measure: reword help descriptions
  * nspawn: whitespace
  * Merge pull request #32701 from bluca/vmspawn/machinectl-shell
  * libsystemd-network: remove double initialization
  * libsystemd-network: check size of icmpv6 packets
  * libsystemd-network: use normal style for error checking
  * test: rename file with stub functions
  * core/exec-credential: downgrade warning about missing cred to debug
  * sysusers: simplify meson config
  * mkosi: Restore job for F40
  * core,vconsole-setup: treat locking failure as non-fatal
  * Merge pull request #32800 from YHNdnzj/preserve-cred-mounts
  * repart: remove duplicate word in --help
  * man: add note about selinux to rc-local
  * analyze: do not print timestamps before "start of userspace"
  * logind: group policy entries by interface
  * logind: make ReleaseSession "unprivileged" and allow closing of own session
  * Merge pull request #32869 from keszybz/dbus-release-session
  * shared/mountpoint-util: for old kernels, assume "norecovery" is supported by btrfs
  * logind: use SD_BUS_ERROR_ACCESS_DENIED
  * Merge pull request #32957 from mrc0mmand/fix-coverage-builds
  * nspawn: use FOREACH_ARRAY() in one more place
  * core: simplify variable declaration
  * shared/btrfs-util: simplify return conditions
  * kernel-install,bootctl: unify the config parsing procedure
  * shared/conf-parser: do not print "(null)" as section name
  * tests/boot-and-services: don't wait for systemd-tmpfiles-clean.service to finish
  * test/boot-and-services: use pidof instead of ps -C
  * man: update links to catalog docs
  * man: update links to "New Control Group Interfaces"
  * man: update links to "Compatibility with SysV"
  * man: update links to "Inhibitor Locks"
  * various: update links to more wiki pages
  * man: update links to "API File Systems"
  * docs: drop link to obsolete multiseat page
  * various: update links to usr-merge
  * README: update link for backports
  * Merge pull request #33008 from fbuihuu/optionally-link-ssh-dropins
  * man: capsule support was added in v256
  * core/bpf-firewall: constify and reduce scope of variables
  * test-format-table: add test for TABLE_BPS formatting
  * shared/format-table: do not print '.0'
  * shared/format-table: print BPS with part after point
  * basic/fd-util: drop unnecessary {}
  * basic/fd-util: drop report from fd_cloexec_many
  * various: remove unnecessary check before sd_event_source_set_enabled()
  * sd-event: emit a debug line if disabling unreffed source fails
  * sd-event: use consistent style for '*' in signatures
  * Revert "mkosi: Disable add-determinism on Fedora"
  * meson: fix comment
  * man/systemd: reorder content a bit
  * timesync: make public defines for clock epoch files
  * tools/update-distro-hash: add a helper script to sync submodule
  * mkosi: set -o nounset for scripts
  * mkosi: update debian commit reference
  * mkosi: update fedora commit reference
  * Revert "network: add "mac" to alternatives name policy by default" (#33227)
  * run: do not pass the pty slave fd to transient service in a machine
  * man/systemd-soft-reboot.service: upgrade drop-in to unit file for slice
  * bus-unit-util: extend the bus call timeout for UnitFreezer
  * man: document that separate /usr/local/ must not be used for config
  * Move two functions only used in pid1 from libshared to the binary
  * basic/dlfcn-util: deobfuscate macro definitions
  * selinux: kill mac_selinux_free()
  * Move two functions only used in timesyncd from libshared to the binary
  * shared/clock-util: small modernization
  * manager: use max of: compile epoch, epoch file, timesyncd file
  * manager: apply clock epoch on updates too
  * timesyncd: simplify handling of timestamps
  * manager: add structured log message about clock bump
  * man: describe setting of the clock by systemd and systemd-timesyncd
  * Fix confusion between killer and prey
  * various: move const ptr indicator to return value
  * various: move ptr indicator to return value
  * Rename spawn-polkit-agent.c to just polkit-agent.c
  * Rename spawn-ask-password-agent.c to just ask-password-agent.c
  * inhibit: add --no-ask-password option and allow interactive polkit auth
  * polkit: allow non-local users to block sleep and shutdown
  * TEST-58-REPART: reverse order of diff args
  * mkosi: move variable to the right scope
  * sd-bus: simplify handling of 'types' in convenience methods
  * sd-bus: drop bytefield annontations
  * LICENSES/README: expand text to summarize state for binaries and libs
  * Merge pull request #33370 from grawity/run-title
  * Drop support for nscd
  * meson: use less verbose quoting
  * meson: rename libbasic to libbasic_static
  * meson: build libsystemd-core via an intermediate static library
  * meson: add option to build systemd-executor "statically"
  * Merge pull request #33599 from keszybz/link-executor-statically
  * test_ukify: do not use files from /boot
  * test_ukify: use sha384 in the signing tests
  * test_ukify: add instructions
  * tools/update-distro-hash: rename, fetch the repository if appropriate
  * tools/fetch-distro: only fetch the configured branch
  * tools/fetch-distro: switch to the target branch
  * selinux-util: add missing char in comment
  * repart: use new style for pointers in function signatures
  * shared/exec-util: add macro to autoinsert sentinel for fork_agent()
  * man/systemd-repart: extend description and reword some sentences
  * Merge pull request #30307 from bluca/enforce_inhibitors
  * docs/UIDS-GIDS: drop obsolete comment about Fedora
  * mkosi: add helper script to update mkosi hash
  * mkosi: update mkosi commit reference to v24.3-158-g2c9954fa51
  * NEWS: the first big batch for v257
  * docs/ELF_PACKAGE_METADATA: add detailed example
  * docs/ELF_DLOPEN_METADATA: add detailed example
  * mkosi: supress error messages from git
  * mkosi: bump mkosi MinimumVersion
  * man: slightly enhance docs about "exitrd" and remove TODO entry for it
  * man: reword some sentences with umbiguous subjects
  * man: say that SYSEXT_SCOPE=initrd also applies to exitrds
  * TODO: add one more systemctl rfe
  * man: fix formatting in file-hierarchy
  * systemctl: fix printing of RootImageOptions
  * shared: adjust whitespace and formatting
  * Merge pull request #34572 from keszybz/fix-printing-of-RootImageOptions
  * man/systemd-stub: reword descriptions of .dtb and .profile sections
  * homectl: fix inverted table footer condition
  * sd-json: reorder enum so that SD_JSON_FORMAT_OFF is first
  * man/systemd-nspawn: emphasise that user namespaces are strongly recommended
  * tree-wise: use "lightweight" spelling
  * Merge pull request #34783 from keszybz/man-nspawn-private-users
  * sd-common: add __const__
  * sd-id128: mark functions as const, not pure
  * sd-json,tree-wide: add sd_json_format_enabled() and use it everwhere
  * sysv-generator: break long message into lines
  * qrcode-util: add debug message to show why a qrcode wasn't printed
  * bsod: do not check for color support
  * test-terminal-util: print value of colors_enabled()
  * qrcode-util: avoid memleak in error path
  * Merge pull request #34245 from bluca/logind_drop_weak_delay_inhibitor
  * bsod: make message for qrcode more useful
  * cryptenroll,homectl,journalctl: adjust messages before qrcodes
  * NEWS: remove duplicated entry
  * test-sbat: separate the two sbat sections
  * boot: stop appending NUL to .sdmagic and .sbat sections
  * meson: add separate option for sysupdated, disable in release builds
  * resolved: log error messages for openssl/gnutls context creation
  * tree-wide: time-out → timeout
  * mount-util: introduce path_is_network_fs_harder() and use it in networkd (#35040)
  * man/systemd-measure: update to new ukify syntax, non-root operation
  * man/systemd-measure: add forgotten "="
  * man/systemd-stub: rework the description of sections
  * pid1: stop refusing to boot with cgroup v1
  * tree-wide: use Device*T*ree spelling
  * docs/TPM2_PCR_MEASUREMENTS: drop quotes from around section titles
  * Move bootctl to its own source subdirectory
  * Move bless-boot components to their own source subdirectory
  * Move systemd-measure to its own source subdirectory
  * Move systemd-sbsign to its own source subdirectory
  * Rename src/boot/efi to just src/boot
  * github: adjust version number in templates
  * NEWS: add specific versions in key codes entry
  * man: update Fedora links to F41
  * man: drop whitespace from final <programlisting> lines
  * News and f41 and formatting (#35078)
  * Move growfs+makefs to src/growfs/
  * Rename src/partition to src/repart
  * Chores for rc2 (#35186)
  * ukify: fix parsing of SignTool configuration option
  * test: fix generate-sym-test using the wrong array (#35185)
  * tmpfiles: narrow scope of HAVE_SYSV_COMPAT condition for legacy.conf
  * tmpfiles: add period at end of the sentence
  * Keep tmpfiles/legacy.conf even if SysVInit support is dropped (#35278)
  * Undeprecate commandline params forcequotacheck, fastboot, and forcefsck
  * Check inode number to see if we are in init namespace (#35306)
  * core/device: ignore ID_PROCESSING udev property on enumerate (#35332)
  * ukify: Switch to JSON HWID description format (#35208)
  * Revert "link README.logs from tmpfiles.d/legacy.conf only if available"
  * meson: install README.logs independently of HAVE_SYSV_COMPAT
  * NEWS: adjust grammar
  * pid1: assume user namespaces are unavailable if we get -EINVAL from clone()
  * basic/namespace-util: fix double logging after fork failure
  * ukify: ellipsize CN to not exceed maximum length
  * shared/tests: adjust error messages
  * test-format-table: convert to ASSERT_* macros
  * test-format-table: add smoke test for int/uint formatting
  * test-format-table: add test for unsetting table name
  * mkosi/ci: use a bash array to pass options
  * TEST-64: use more idiomatic loop syntax
  * mkosi: update fedora commit reference
  * docs/CONTRIBUTING: adjust grammar, info about tests and labels
  * test-acl-util: use ASSERT_* macros
  * test-bus-util: use ASSERT_* macros
  * test-cgroup: use ASSERT_* macros
  * meson: avoid error message if git is not installed
  * test-time-util: do more suppression of time zone checks
  * test-condition: use ASSERT_* macros
  * test-condition: use xsprintf and drop pointless cast
  * test-parse-util: use ASSERT_* macros
  * Revert "journalctl: show coredumps again when --unit= is specified"
  * boot: exclude the trailing padding from initrd size in initrd_prepare()
  * systemd-cryptenroll: use pager for --help, add --no-pager option
  * systemd-cryptenroll: drop unnecessary {}
  * cryptenroll: advertise device autodetection and listing
  * sd-varlink: add sd_varlink_server_set_info
  * various: set info on varlink server object
  * sd-varlink: modernize pointer style in function signatures
  * cryptenroll: show which devices support "hmac secret"
  * cryptsetup: add debug message
  * Update syscall tables (#35520)
  * logind: drop one duplicate param in manager_is_inhibited()
  * logind: define flags enum for manager_is_inhibited()
  * tmpfiles: reduce quoting in warning message
  * vconsole-setup: use normal variables instead of an array
  * vconsole-setup: drop impossible condition
  * docs/ELF_PACKAGE_NOTES: fix formatting
  * tmpfiles: reduce quoting in warning message
  * docs: rename COREDUMP_PACKAGE_METADATA → ELF_PACKAGE_METADATA
  * docs/package-notes: minor corrections
  * docs/package-notes: extend motivation and recommendations
  * docs/package-notes: extend description to support PE/COFF files
  * man: update package metadata link and details
  * Extend elf package metadata to pe/coff files (#35681)
  * sysusers: emit audit events for user and group creation
  * core: use shared audit-fd wrappers
  * sysusers: emit audit events for user and group creation (#35957)
  * docs/HACKING: use 'run0' to indicate which commands require privileges
  * README: add sgx to list of required groups
  * Several fixlets for GCC warnings (#36051)
  * mkosi: update fedora commit reference
  * docs/HACKING: use 'run0' to indicate which commands require privileges
  * firstboot: fix crash when hostname question is skipped
  * ukify: Calculate section size more correctly (#36215)
  * firstboot: fix crash when hostname question is skipped
  * core/condition: fix segfault when key not found in os-release
  * core/condition: fix segfault when key not found in os-release
  * meson: bump version to 257.3
  * ukify: fixes with kernel compression (#36381)
  * test/ukify: deduplicate path specification
  * mkosi: update fedora commit reference
  * ukify: drop dots from exception messages
  * ukify: avoid treating invalid option as an argument
  * bootctl: stop printing "Stub/Boot loader set partition information"
  * docs/ROOTFS_DISCOVERY: minor wording and syntactic improvements
  * docs/ROOTFS_DISCOVERY: removed doubled dot
  * bootctl: fix boolean logic in id128 comparisons
  * Restore docs/PAX_CONTROL_GROUPS
  * basic/glyph-util: rename "special glyph" to just "glyph"
  * basic/glyph-util: introduce optional_glyph() to wrap emoji_enabled()
  * bootctl: do not print special glyphs to the log
  * update-done: adjust comments
  * update-done: split out run()
  * update-done: add basic argument parsing and --help
  * update-done: add --root= arg
  * update-done: create /etc and /var if they didn't exist
  * core: drop duplicated check in manager_{set,override}_watchdog
  * core/watchdog: initialize variables only if they'll be used
  * test-watchdog: modernize
  * shared/watchdog: raise log levels for watchdog errors
  * pid1: log if we failed to find a watchdog device
  * shared/watchdog: ratelimit the number of attempts to open watchdog
  * shared/watchdog: add MESSAGE_IDs to logs about watchdog opening
  * shared/watchdog: give up after a few failed pings
  * core/manager: do not exclude watchdog logic from busy-loop protection
  * Ratelimit attempts to open watchdog, increase logging (#35708)
  * vconsole-setup: reword error messages
  * homectl: split out inspect_home() and authenticate_home()
  * remount-fs: adjust comment
  * man/varlinkctl: remove unneeded absolute path in example
  * man/systemd-remount-fs: fix grammar
  * man/systed.swap: update description of implicit deps
  * tools/check-version-history: avoid DeprecationWarning with newer lxml
  * gitignore: add .mkosi-private/ to the list again
  * basic/strv: return NULL from strv_skip
  * analyze: use STRV_FOREACH in consistent fashion
  * busctl: use STRV_FOREACH in the usual fashion
  * busctl: use RET_GATHER
  * various: handle the positive condition after strv_skip() first
  * test-execve: minor simplification
  * shared/exec-util: fix logging of the args of an executed program
  * gpt-auto-generator: improve log message
  * TEST-46-HOMED: write zeros instead of random bytes
  * hibernate-resume: restore full message if resume fails
  * shared/mount-setup: use '' to signify empty option string
  * test-display-quota: add a little helper binary to show quota on tmpfs
  * TEST-46-HOMED: check for support on /dev/shm and /tmp separately
  * TEST-46-HOMED: conditionally skip usrquota tests
  * bootctl: fix boolean logic in id128 comparisons
  * man/systemd-remount-fs: fix grammar
  * man/systed.swap: update description of implicit deps
  * tools/check-version-history: avoid DeprecationWarning with newer lxml
  * Tweak log messages around efivarsfs and hibernation (#36921)
  * man/pstore.conf: pstore.conf template is not always installed in /etc
  * gitignore: add .mkosi-private/ to the list again
  * test-sd-device: dedeplicate common setup fragment
  * test-sd-device: limit the number of iterations when testing device parent/child functions
  * test-sd-device: limit the number of iterations when testing device parent/child functions
  * sd-netlink: don't fail on netlink message truncation if we pass a zero sized buffer (#37165)
  * udev: several follow-ups for recent change about listening fds (#37162)
  * man/systemd-nspawn: call dnf with --use-host-config
  * man: update fedora release to F42
  * various: do not use assert_se as a workaround in non-test code
  * man/systemd.exec: reword description of SystemCallFilter=
  * man/systemd.exec: reword description of RestrictAddressFamilies=
  * test-sd-device: drop chunk added by mistake
  * test-sd-login: add a "test" that just calls all sd_pid_get_* functions
  * man: reword the description of "secure pager" handling
  * man: rework the description of $SYSTEMD_PAGER and $PAGER
  * pager: also check for $SUDO_UID
  * docs: punctuation and a typo
  * docs/BOOT_LOADER_INTERFACE: minor grammar fixes
  * hwdb.d: reword and simplify boilerplate texts
  * hwdb.d: update/expand boilerplate on various hwdb files
  * hwdb: say that settings can be also set to 0
  * elf2efi: make code more pythonic
  * systemd-journald: drop pointless bitfield annotations
  * fundamental: assume that intmax_t is the biggest integer
  * man/systemd-nspawn: call dnf with --use-host-config
  * man: update fedora release to F42
  * man/systemd.exec: reword description of SystemCallFilter=
  * man/systemd.exec: reword description of RestrictAddressFamilies=
  * man: reword the description of "secure pager" handling
  * man: rework the description of $SYSTEMD_PAGER and $PAGER
  * pager: also check for $SUDO_UID
  * hwdb: run "update-hwdb"
  * hwdb: run "update-hwdb-autosuspend"
  * hwdb: update to main@{2025-05-15}
  * src/boot: assume that intmax_t is the biggest integer
  * basic/terminal-util: drop 'U' suffix
  * basic/terminal-util: simplify output param handling
  * boot: fix ia32 build with clang
  * kernel-install/90-loaderentry.install: print message if quiting because of KERNEL_INSTALL_LAYOUT
  * kernel-install: print entry-token path that was not found
  * Revert "TEST-82-SOFTREBOOT: add test case for uevents generated during soft-reboot"
  * Revert "units: stop systemd-udevd before soft-reboot"
  * Revert "core/socket: do not enter failed state when we cannot start service due to conflicting transaction being queued"
  * bootctl: rework Boot Loader Entries section in status
  * bootctl: prefix all paths with the mountpoint prefix
  * kernel-install/90-loaderentry.install: print message if quiting (#37522)
  * coredump: restore compatibility with older patterns
  * coredump: wrap long lines, fix grammar in comments
  * Restore compatibility for coredump --backtrace (#37559)
  * coredump: get rid of _META_MANDATORY_MAX
  * repart: Copy fs-verity status for CopyFiles= (#35401)
  * coredump: restore compatibility with older patterns
  * coredump: wrap long lines, fix grammar in comments
  * man: introduce openssl as man page provider and use it for ukify.1
  * man/pam_systemd: use <constant> consistently
  * man/systemd-analyze: rewrite "Exit status" section
  * man/systemd-resolved: update description of routing
  * man: reword descriptions of numerical fields
  * man/systemd.timer: change to positive wording
  * man/systemd.network: reword description of MulticastIGMPVersion=
  * man: better tags, more links, minor grammar and formatting improvements
  * coredump: use %d in kernel core pattern
  * coredump: also stop forwarding non-dumpable processes
  * coredump: get rid of a bogus assertion
  * coredump: when %F/pidfd is used, again allow forwarding to containers
  * coredump: introduce an enum to wrap dumpable constants
  * Define helper to call PR_SET_DUMPABLE
  * coredump: get rid of _META_MANDATORY_MAX
  * coredump: use %d in kernel core pattern
  * coredump: also stop forwarding non-dumpable processes
  * coredump: get rid of a bogus assertion
  * coredump: when %F/pidfd is used, again allow forwarding to containers
  * coredump: introduce an enum to wrap dumpable constants
  * Define helper to call PR_SET_DUMPABLE
  * Merge remote-tracking branch 'systemd-security/coredump-d'
  * meson: bump version to 257.6
  * basic/terminal-util: query terminal name by DCS
  * test-terminal-util: print how long the asynchronous queries take
  * basic/terminal-util: add a heuristic check whether terminfo file exists
  * core: use terminal DCS sequence to set $TERM
  * basic/terminal-util: drop now-unused default_term_for_tty
  * core/exec-invoke: rework $TERM fallback logic (#37647)
  * random-seed: do not include file name directly in error messages
  * sleep: do not include file name directly in error messages
  * sd-device: do not include file name directly in error messages
  * core: do not include names directly in error messages
  * core/smack-setup: rework message to include full paths to files
  * core/smack-setup: use RET_NERRNO and RET_GATHER
  * various: do not include file names directly in error messages
  * Deduplicate error string patterns (#37676)
  * coredump: fix 0-passed-as-pointer warning
  * meson: drop -Wno-typedef-redefinition for clang
  * man: introduce openssl as man page provider and use it for ukify.1
  * man/pam_systemd: use <constant> consistently
  * man/systemd-analyze: rewrite "Exit status" section
  * man/systemd-resolved: update description of routing
  * man: reword descriptions of numerical fields
  * man/systemd.timer: change to positive wording
  * man/systemd.network: reword description of MulticastIGMPVersion=
  * man: better tags, more links, minor grammar and formatting improvements
  * coredump: fix 0-passed-as-pointer warning
  * docs/TPM2_PCR_MEASUREMENTS: link to the PCR registry page
  * docs/TPM2_PCR_MEASUREMENTS: fix typo
  * meson: quote paths in generated systemd-runtest.env
  * man: drop inadvertently added -x, make shellcheck clean
  * meson: drop explicit custom_target names
  * meson: adjust indentation
  * shared/tests: indent defines
  * test-tests: move assert tests to new file
  * tests: cast to intmax_t instead of printing to a temp buffer
  * tests: print numeric error value too on failure
  * tests: add new ASSERT_OK_OR macro
  * tests: use new ASSERT_OK_OR macro
  * test-cgroup-util: minor simplification
  * test-cgroup-util: ignore -ENXIO in more places
  * test-cgroup-util: print info about process before asserting
  * basic/errno-list: add helper to print errno names
  * tests: print errno name rather than the message
  * shared/bus-unit-util: drop spurious parentheses
  * Rename STRV_MAKE_EMPTY to just STRV_EMPTY
  * shared/bus-unit-util: use common helper in one more place
  * shared/bus-unit-util: fix appending of IODeviceLatencyTargetSec=
  * shared/bus-unit-util: define helper for ManagedOOMMemoryPressureLimit=
  * shared/bus-unit-util: define helper for StartupAllowedMemoryNodes= and friends
  * shared/bus-unit-util: define helper for Delegate=
  * shared/bus-unit-util: define helper function for resource limits
  * shared/bus-unit-util: define helper function for CPUQuota=
  * basic/cgroup-util: align tables
  * shared/bus-unit-util: define helper for DeviceAllow=
  * shared/bus-unit-util: add helper for group io limits
  * shared/bus-unit-util: define helper for IODeviceWeight=
  * shared/bus-unit-util: define helper for IODeviceLatencyTargetSec=
  * shared/bus-unit-util: define helper function for IPAddressAllow=/IPAddressDeny=
  * shared/bus-unit-util: add helper for IPIngressFilterPath=/IPEgressFilterPath=
  * shared/bus-unit-util: define helper for BPFProgram=
  * shared/bus-unit-util: add helper for SocketBindAllow=/SocketBindDeny=
  * shared/bus-unit-util: define helper function for EnvironmentFile=
  * shared/bus-unit-util: define helper for SetCredential=/SetCredentialEncrypted=
  * shared/bus-unit-util: define helper for LoadCredential=/LoadCredentialEncrypted=
  * shared/bus-unit-util: add helper for ImportCredentialEx= and fix naming confusion
  * TEST-54-CREDS: s/ImportCredentialEx/ImportCredential/ except for one place
  * shared/bus-unit-util: define helper for LogExtraFields=
  * shared/bus-unit-util: define helper for LogFilterPatterns=
  * shared/bus-unit-util: define helper functions for StandardInput/Output/Error=
  * shared/bus-unit-util: define helper for StandardInputText=
  * shared/bus-unit-util: define helper for StandardInputData=
  * shared/bus-unit-util: define helper function for rlimits
  * shared/bus-unit-util: define helper for CapabilityBoundingSet=/AmbientCapabilities=
  * resolve: add converters for sshfp key types and algs
  * sd-event: drop some bitfield specifiers from struct sd_event_source
  * sd-event: make some more bools non-bitfield
  * sd-event: typedef struct inode_data to InodeData
  * sd-event: typedef struct inotify_data to InotifyData
  * sd-event: extend comment about a flex member
  * shared/bus-unit-util: define helper for CPUAffinity=
  * shared/bus-unit-util: use common helper for NUMAPolicy=
  * shared/bus-unit-util: add helper for NUMAMask=
  * shared/bus-unit-util: add helper for filter lists
  * shared/bus-unit-util: define helper for RestrictNamespaces=/DelegateNamespaces=
  * shared/bus-unit-util: define helper for BindPaths=/BindReadOnlyPaths=
  * shared/bus-unit-util: define helper for TemporaryFileSystem=
  * shared/bus-unit-util: define helper for RootHash=
  * shared/bus-unit-util: define helper for RootHashSignature=
  * shared/bus-unit-util: define helper for RootImageOptions=
  * shared/bus-unit-util: define helper for MountImages=
  * shared/bus-unit-util: define helper for ExtensionImages=
  * shared/bus-unit-util: add a helper function for directory args
  * shared/bus-unit-util: add helper for ProtectHostnameEx and fix naming confusion
  * test: drop ProtectHostnameEx, add one test for ProtectHostnameEx
  * shared/bus-unit-util: define helper for Paths property
  * shared/bus-unit-util: define helper for SuccessExitStatus= and friends
  * shared/bus-unit-util: use common helper for various strv properties
  * shared/bus-unit-util: add helper for Listen property
  * shared/bus-unit-util: add helper for TimersMonotonic property
  * shared/bus-unit-util: add helper for TimersCalendar property
  * shared/bus-unit-util: define helper for SuccessActionExitStatus= and friend
  * shared/bus-unit-util: define helper for conditions and asserts
  * shared/bus-unit-util: add helper for unit deps
  * shared/bus-unit-util: add helper for CPUQuotaPeriodSec=ManagedOOMMemoryPressureDurationSec=
  * shared/bus-unit-util: add helper for AppArmorProfile=/SmackProcessLabel=
  * shared/bus-unit-util: add define to shorten common append pattern
  * shared/bus-unit-util: add helper for TimeoutSec=
  * shared/bus-unit-util: convert to a table
  * shared/bus-unit-util: add bus_dump_transient_settings() helper
  * analyze: add transient-settings verb
  * docs/TRANSIENT-SETTINGS: update lists
  * shell-completions: add systemd-analyze transient-settings
  * shared/bus-unit-util: stop unsing strndupa
  * test-utf8: drop explicit setting of colors
  * tests: use log_tests_skipped more, use shorter form
  * test-dirent-util: remove strange whitespace
  * basic/rlimit-util.c: align table
  * basic/rlimit-util.c: drop duplicate checks
  * shared/bus-unit-util: check errors before other conditions
  * test-bus-unit-util: add a test that attempts to serialize all know transient settings
  * shared/bus-unit-util: also send empty array for LogFilterPatterns=
  * shared/bus-unit-util: tweak error handling in bus_append_exec_command
  * shared/bus-unit-util: rework error messages
  * shared/bus-unit-util: rework error messages for NFTSet=
  * shared/bus-unit-util: tweak bus_append_exec_command to use Ex prop only if necessary
  * shared/bus-unit-util: fix PrivateTmp=/PrivateUsers=/ProtectControlGroups= and Ex variants
  * systemd-analyze: stop printing Ex transient settings
  * man: improve Description= documentation (#38101)
  * Adjust bitfields in struct Condition
  * shared/open-file: add line break
  * Merge shared/exec-directory-util.? into basic/unit-def.?
  * test-string-util: add a small test for xsprintf
  * basic/stdio-util: use a fixed message in xsprintf
  * meson: drop -ffunction-sections -fdata-sections
  * TEST-04-JOURNAL: drop unexpected whitespace
  * ukify: fix version detection for aarch64 zboot kernels with gzip or lzma compression
  * sd-device: trivial cleanups (#38162)
  * NEWS: adjust whitespace and texts for v258
  * NEWS: clean up uses of backticks
  * systemd-run: add --no-pager, use pager for --help
  * resolvectl: use pager for help output
  * boot: move/adjust comments
  * src/shared: grammar fixlet
  * basic/socket-util: reserve more space for timeval/timespec messages
  * resolved: Implement continuous mDNS querying as per RFC6762 5.2 (#22532)
  * getty-generator: fine-grained execution control (#38258)
  * tree-wide: several fixlets for log message and comment (#38263)
  * NEWS: adjust style
  * NEWS: add new entries
  * stub: check if security override is available before using it (#38295)
  * network: several follow-ups for recent changes (#38298)
  * NEWS: some typos and whitespace fixes
  * NEWS: add description for DHCPv6 SIP feature
  * core/socket: shorten/reword message about restarted sockets
  * udev: downgrade ENOMEDIUM warnings
  * Logging fixlets (#38313)
  * meson: inline output file names
  * man: consistently use #!/usr/bin/python
  * tools: consistently use #!/usr/bin/env python3
  * tools: make all .py program files executable
  * meson: use files() not find_program() for helper scripts
  * meson: indent find_program() calls for readability
  * getty-generator: improve debugging messages
  * meson: add instructions for adding new arch to syscall.h
  * basic/stat-util: avoid access syscall
  * meson: rework generation of file system lookup helpers
  * Rework file system group lookups
  * shell-completion: drop deprecated systemd-efi-options from suggestions
  * bootctl: print location/status of loader.conf
  * man: fix confusion in loader.conf
  * man/loader.conf: wrap some very wrong lines
  * man/systemd-boot: describe which keys use EFI variables
  * man/systemd-boot: recommend holding space by default
  * docs/ENVIRONMENT: fix typo and adjust grammar
  * Revert "errno-list: fallback to use our errno name table"
  * tree-wide: use ERRNO_NAME almost everywhere
  * sd-bus: drop unnecessary check
  * selinux fixes for varlink (#38404)
  * TEST-71-HOSTNAME: specify job mode for the stop job (#38413)
  * test-journal-dump: dump the headers of journal files
  * journal: store counts, not byte sizes, in table size constants
  * journal: treble field hash table size
  * man: add sd-path page
  * man: fix links
  * Missing man page and fixes for man page links (#38540)
  * fundamental/macro: adjust indentation of ifdefs
  * ukify: extend error message when section is too small
  * ukify: adjust comments
  * ukify: fix insertion of padding in merged sections
  * sd-boot: pad .sbat section to 1k bytes
  * ukify: stop appending NUL to merged .sbat section
  * NEWS: reword notice about planned req version bumps
  * chase: trigger autofs only when explicitly requested (#38641)
  * man: add note about extending machine-info to man page (#38652)
  * core: remove duplicate logging about mountpoints
  * various: add a fixed name to log about plugin execution
  * Translations update from Fedora Weblate (#38792)
  * Several fixlets for Varlink IDL (#38809)
  * TEST-75-RESOLVED: drop whitespace after shell redirection ops
  * tests: drop pointless redirection of stderr from 'command -v'
  * hwdb: run "update-hwdb"
  * NEWS: update contributor list
  * Revert "terminal-util: explicitly reset cursor"
  * generators: when creating symlinks, silently ignore existing links in one more place
  * basic/efivars: read EFI variables using one read(), not two
  * efivars: adjust location of variable attribute
  * efivars: drop unused "optimization"
  * mailmap: deduplicate Daan
  * fd-util: fix path_is_root_at() when dealing with detached mounts (#38636)
  * Some post unmerged-usr  cleanups (#38696)
  * journalctl: fix erroneuous mention of "local" hostnames
  * journalctl: add -W as short for --no-hostname
  * Two logging fixups (#38794)
  * sd-device: improve and downgrade error message
  * pam_systemd: fix error logs
  * fd-util: several cleanups for close_all_fds() (#38878)
  * systemd-sysext: introduce a global config (#38250)
  * Change symlinks params to target & linkpath
  * core/cgroup: drop useless wrapper
  * shared/generator: fix grammar in comment
  * core/varlink: drop duplicated check
  * ssh-generator: adjust formatting
  * man/udev_enumerate_new: fix style
  * meson: using f-strings in meson
  * Stop specifying license for generated file, instead mark as generated
  * meson: drop remaining target names
  * meson: add target aliases 'man' and 'html'
  * man: fix advice regarding thread safety of libsystemd
  * man/sd-login: minor grammar updates
  * licensing: update address of FSF
  * journalctl: fix erroneuous mention of "local" hostnames
  * sd-device: improve and downgrade error message
  * networkctl: list drop unused dbus connection
  * basic/efivars: read EFI variables using one read(), not two
  * man: fix advice regarding thread safety of libsystemd
  * man/sd-login: minor grammar updates
  * licensing: update address of FSF
  * hwdb: update to main@{2025-10-10}
  * hwdb: drop trailing whitespace
  * man/crypttab: avoid using jargon spelling
  * mkosi: install test dependencies for EnterNamespace= test (#39268)
  * hwdb: update to main@{2025-10-13}
  * meson: bump version to 258.1
  * meson: stop probing for paths of programs in /usr/sbin
  * Revert "meson: fail build when encountering unused variables"
  * core: allow split /usr/local/s?sbin with merged /usr/s?bin
  * man/systemd-systemd.conf: describe DefaultEnvironment= and ManagerEnvironment= better
  * core: Delete redundant log_parse_environment(), v2 (#39278)
  * test-tar-extract: add a binary wrapping tar_x() for manual testing
  * test: minor fixlets for TEST-50-DISSECT (#39328)
  * core/cgroup: two follow-ups for recent OOMKills PR (#39215)
  * test/parse_hwdb: wrap Or inside an And in a Group
  * basic/mempool: mark mempool_enabled as _pure_
  * Do not use "critical assert_return" in libsystemd or libudev
  * Disable abort in log_assert in libsystemd/libudev (#39307)
  * systemctl: convert return value of install_client_side() to enum
  * systemctl: downgrade or silence warnings for --now
  * man/sd-boot: add some meat to the direct kernel boot example
  * man/ukify: mention all functionality in intro, add example of direct boot
  * man: say "systemd-boot" instead of "sd-boot" consistently
  * Enhance docs for ukify and direct kernel boots (#39516)
  * mkosi: update fedora commit reference to 8e2833a5b64f7e2ce62ea0a2d0ec9e393e718dfa
  * basic/vsock: report result of IOCTL_VM_SOCKETS_GET_LOCAL_CID
  * ssh-generator: filter out bogus vsock addresses
  * profile/systemd-osc-context: fix overriding of PROMPT_COMMAND
  * Fix systemd-ssh-generator printing a bogus hint (#39578)
  * resolvectl: add --json support for status commands (#38960)
  * profile/osc-context: move and extend check for TERM=dumb
  * Fixes for the OSC prompt script (#39588)
  * locale-util: two fixlets for supporting musl (#39689)
  * docs/BACKPORTS: update
  * man: fedora 43 is the latest stable
  * meson: make journald.conf templated
  * man: stop inventing custom entity names for docbook
  * journald: allow default storage mode to be configured
  * meson: make persistent journal the default
  * journald: do not allow persistent journal storage in the initrd
  * Make journal persistent by default (#39624)
  * systemd-path: add 'system-search-configuration'
  * ssh-generator: tweak comments
  * TODO: add two entries
  * Add experimental musl support (#38825)
  * repart: adjust "partno" column
  * NEWS: cleanups and rewordings, extend the section about musl
  * core/namespace: tidy up comments and debug logs
  * tree-wide: drop space after shell redirection ops
  * Various comment and whitespace cleanups (#39740)
  * musl: drop unused temporary pkgonfig directory
  * musl: split out script to setup build
  * ci: whitespace fix
  * network: gracefully disable resolve hook when socket is disabled
  * tree-wide: fix log messages using %m without an errno
  * docs/MOUNT_REQUIREMENTS: describe nested mounts more carefully
  * man/file-hierarchy: refer to LFSH and MOUNT_REQUIREMENTS
  * docs/MOUNT_REQUIREMENTS: also link to LFHS
  * udev: define a generic helper to print messages about unknown users and groups
  * tmpfiles: improve error message for missing user/group
  * run: improve log message for unknown user/group
  * core: improve messages about unknown users and groups
  * creds: improve message about unknown user
  * login: use STREROR_USER helper
  * nspawn,vmspawn: improve errors for unknown users and groups
  * networkd: use STRERROR_{USER,GROUP}
  * User and group error messages (#39783)
  * ssh-generator: split out common helper function
  * ssh-generator: split out one more helper function
  * ssh-generator: suppress error message for vsock EADDRNOTAVAIL
  * Deduplicate and improve messages from ssh-generator (#39785)
  * meson: drop unnessary variable
  * test/TEST-74-AUX-UTILS: fix racy check
  * man: add 'testing' as one of the suggestions for DEPLOYMENT=
  * meson: automatically add 'extract' to 'sources'
  * Avoid multiple evaluations in STRERROR_XYZ() macros (#39794)
  * meson: sort shell completions and exit earlier when shell completion is disabled (#39816)
  * basic/terminal-util: operate on one fd in terminal_get_size_by_dsr()
  * apparmor: move dlopen() into mac_apparmor_use() check (#39826)
  * Various logging fixlets (#39837)
  * basic/terminal-util: operate on one fd in get_default_background_color()
  * basic/terminal-util: ignore failures in cleanup
  * Adjust code to query terminal size and other attributes (#39832)
  * tree-wide: Fix constness issues with newer glibc (#39896)
  * journal: send READY=1 also when --lines=0 is given
  * systemctl: stop showing last message from previous run
  * sd-notify: print a debug message when sd_notify() succeds
  * meson: reuse variable in one more place
  * meson: add source dir to include_directories automatically
  * meson: add tools/meson.build
  * Fix systemctl start --verbose off-by-one logs (#39927)
  * sd-netlink: read error message for NFNL_MSG_BATCH_BEGIN (#39967)
  * machined: add description to varlink server, unify error messages
  * tar-util: allow to build without acl support (#39965)
  * Chores for RC3 (#40058)
  * Sync kernel headers and add GUEST_MEMFD_MAGIC (#40104)
  * docs/BOOT_LOADER_INTERFACE: use full variable names once
  * man/systemd-boot: say that /EFI/systemd/drivers is for hardware
  * docs/BLI: add missing descriptions of feature bits
  * TODO: remove resolved entry
  * sd-boot: correct typos

  [ QuickSwift315490 ]
  * hwdb: fix unstable button triggering on Mipad 2 under GNOME (#40071)

  [ Haiyue Wang ]
  * meson: fix BPF build warnings due to MS extensions

  [ Andrew Halaney ]
  * man/systemd.exec: Make EnvironmentFile error conditions more explicit

  [ Vivian Wang ]
  * stub: Use log_debug if addons has no applicable sections

  [ Priit Jõerüüt ]
  * po: Translated using Weblate (Estonian)
  * po: Translated using Weblate (Estonian)

  [ Mike Yuan ]
  * module-util: use the blacklist from module_blacklist= in cmdline
  * dbus-manager: add comments about booleans in function calls
  * systemctl: deprecate passing positional argument to reboot completely
  * systemctl: warn if trying to disable a unit with no install info
  * systemctl: allow suppress the warning of no install info using --no-warn
  * rpm/systemd-update-helper: use --no-warn when disabling units
  * systemctl: is-*: return correct code when no unit is found
  * TEST-26-SYSTEMCTL: test about systemctl return codes for is-* verbs
  * systemctl: is-enabled: document the return code change
  * systemctl: new option --drop-in for specifying drop-in filename
  * systemctl: edit: rephrase edit markers to avoid misunderstanding
  * systemctl: enable: overwrite broken alias symlinks
  * core/transaction: avoid unneeded gotos
  * core/transaction: modernize to use cleanup attribute
  * systemctl: list-dependencies: pass bool where appropriate
  * gpt-auto: harden ESP/XBOOTLDR mounts with "noexec,nosuid,nodev"
  * systemctl: list-dependencies: support --type= and --state=
  * core: propagate stop too if restart is issued
  * machinectl: also enable machines.target when enabling machines
  * machinectl: remove unnecessary initialization
  * machinectl: add --now to start/stop containers when enabling/disabling
  * journal: cat: set JOURNAL_STREAM before exec-ing
  * vconsole: allow setting default keymap through build option
  * journalctl: fix output when --lines is used with --grep
  * sleep: check if we're on AC power before checking battery capacity
  * systemctl: warn if units disabled in user scope are still enabled globally
  * sd-login: add sd_session_get_username
  * sd-login: add sd_session_get_start_time
  * journalctl: fix output when --until is used with --lines
  * journalctl: fix output when --since is used with --lines
  * journalctl: fix when --since, --until and --lines are used altogether
  * shared: extract edit-util from systemctl-edit
  * edit-util: several cleanups to create_edit_temp_file
  * edit-util: introduce EditFileContext
  * systemctl: edit: several cleanups
  * edit-util: several cleanups for run_editor
  * Merge pull request #26756 from yuwata/edit-util-cleanups
  * edit-util: minor cleanups
  * edit-util: always create temp file
  * edit-util: rename trim_edit_marker to strip_edit_temp_file
  * edit-util: include the correct header
  * test: testsuite-26: remove duplicate source
  * systemctl: logind: add missing asserts
  * systemctl: logind: make logind_schedule_shutdown accept action as param
  * systemctl: add option --when for scheduled shutdown
  * test-time-util: add test cases to invalidate "show" and "cancel"
  * edit-util: use path_equal
  * edit-util: log unexpected errors if we fail to remove the parent dir
  * machinectl: add verb edit and cat to operate on .nspawn files
  * test: add testsuite-74.machinectl
  * Merge pull request #26871 from weblate/weblate-systemd-master
  * sleep: fix default values unmatched with manual
  * Merge pull request #26863 from yuwata/kernel-install-cleanups
  * unit: sysext: update unit name for sd-tmpfiles-setup
  * docs: update unit name for sd-tmpfiles-setup
  * core: support overriding NOTIFYACCESS= through sd-notify during runtime
  * test: add tests for NOTIFYACCESS override through sd_notify
  * edit-util: alloc correct amount of memory
  * Merge pull request #26214 from YHNdnzj/sd-notify-change-notifyaccess
  * journalctl: fix when --grep is used with --follow
  * core: add RestartSteps= and RestartSecMax= for exponentially increasing
  * core/dbus-service: add RestartUSecCurrent property
  * Merge pull request #27053 from DaanDeMeyer/firstboot-followups
  * core: always calculate the next restart interval
  * networkctl: acquire bus only when necessary
  * networkctl: use FOREACH_ARRAY more
  * networkctl: style improvements
  * networkctl: use sd_bus_get_property
  * Merge pull request #27086 from keszybz/oomd-on-v1
  * core: do early setup check for arguments with '=' too
  * core/main: also check the argument terminator
  * edit-util: add DROPIN_MARKER_{START,END}
  * edit-util: make original_path and comment_paths work together
  * edit-util: introduce overwrite_with_origin switch
  * edit-util: improve log messages
  * Merge pull request #27193 from yuwata/analyze-blame
  * systemctl: suppress error for try-* if unit is masked
  * Merge pull request #27229 from poettering/dissect-policy-confext
  * Merge pull request #27212 from DaanDeMeyer/notify-exit
  * core/main: fix a typo for --log-target
  * Merge pull request #27320 from poettering/kmod-setup-tweaks
  * Merge pull request #27323 from keszybz/gpt-auto-generator-warning-cleanup
  * tmpfiles: add conditionalized execute bit (X) support
  * test: tmpfiles: add tests on conditionalized execute bit
  * Merge pull request #25622 from YHNdnzj/tmpfiles-X-bit-support
  * Merge pull request #27445 from poettering/reflink-fix
  * Merge pull request #27492 from poettering/base-filesystem-000
  * Merge pull request #27513 from mrc0mmand/journal-tests
  * core/manager: export manager_dbus_is_running
  * core: refuse dbus activation if dbus is not running
  * network/tc: rename settings in log messages too
  * core: only refuse Type=dbus service enqueuing if dbus has stop job
  * Revert "core/manager: export manager_dbus_is_running" and partially "core: refuse dbus activation if dbus is not running"
  * unit-file: support UpheldBy= in [Install] settings (adding Upholds= deps
  * test: add tests for UpheldBy= in [Install] section
  * loginctl: list-users: also show state
  * loginctl: list-sessions: minor modernization
  * loginctl: list-sessions: also show state
  * test: add test for state in loginctl list-{users,sessions}
  * Merge pull request #27638 from YHNdnzj/upheldby-unit-file
  * Merge pull request #27659 from yuwata/memfd-seal
  * core: rename RestartSecMax to RestartMaxDelaySec
  * bus-unit-util: add missing RestartSteps and RestartMaxDelaySec to bus_append_service_property
  * Revert (partially) "man: Clarify when OnFailure= activates after restarts (#7646)"
  * Merge pull request #27714 from yuwata/cryptenroll-password
  * Merge pull request #27719 from mrc0mmand/fuzz-tweaks
  * networkctl: check netns only if networkd is running
  * networkctl: add missing asserts
  * networkctl: fix a typo in log message
  * networkctl: mark some verbs as online only
  * conf-parser: move config_get_dropin_files to conf-files
  * networkctl: add verb edit and cat to operate on network configs
  * test: add tests for networkctl edit/cat
  * core: get rid of unused Service.will_auto_restart logic
  * core: drop UnitNotifyFlags
  * loginctl: some modernizations
  * loginctl: list-sessions: fix timestamp for idle hint
  * loginctl: list-users: use bus_map_all_properties
  * loginctl: also show idle hint in session-status
  * time-util,format-table: add relative_monotonic variant for timestamp
  * systemctl: list-units: use TABLE_TIMESTAMP_RELATIVE_MONOTONIC
  * loginctl: realign bus_properties_map
  * loginctl: use FORMAT_TIMESTAMP_RELATIVE_MONOTONIC
  * Merge pull request #27787 from keszybz/firstboot-synchronous-restart
  * Merge pull request #27687 from keszybz/boot-efi-choices
  * man: vconsole.conf: replace the hardcoded keymap with build-time default
  * Merge pull request #27961 from poettering/journalctl-user-unit-man-fix
  * ac-power: fix a typo
  * battery-util: debug log when we're unsure about the battery level
  * gpt-auto: expand the loader partition UUID check to include XBOOTLDR
  * sleep: always write resume_offset if possible
  * bootctl: log correct error about device_path_make_canonical()
  * hibernate-resume: rework to follow the logic of sleep.c and use
  * sleep: write hibernate location to efivar HibernateLocation
  * hibernate-resume: support resuming through efivar HibernateLocation
  * sleep: refuse hibernation if there's no possible way to resume
  * core/service: show correct restart usec for services in SERVICE_AUTO_RESTART_QUEUED
  * Merge pull request #28215 from poettering/start-as-restart
  * man/systemctl: document --job-mode=restart-dependencies
  * core/transaction: return early when appropriate to reduce nesting
  * core: introduce UNIT_ATOM_PROPAGATE_STOP_GRACEFUL for PropagatesStopTo=
  * test: add test cases for issue #26839 in TEST-03-JOBS
  * Merge pull request #28252 from yuwata/journal-open-machine
  * core/transaction: correctly skip unneeded operations for PropagatesStopTo=
  * TEST-03-JOBS: test indirect PropagatesStopTo=
  * Merge pull request #28309 from weblate/weblate-systemd-master
  * LICENSES/README.md: fix syntax
  * coccinelle/take-fd: match for -EBADF instead of -1
  * hibernate-resume: refuse resume if resume_offset= is set but not resume=
  * hibernate-resume: add missing newline to the generated unit
  * hibernate-resume: compare device nodes using path_equal_or_inode_same
  * shared/async: prefix process name with sd-
  * shared/async: don't use WEXITED for waitpid()
  * path-util: make path_equal_or_inode_same static inline
  * shared/device-nodes: add devnode_same
  * hibernate-resume: use devnode_same to compare device nodes
  * core: refuse late merge only for anchor job when JOB_RESTART_DEPENDENCIES
  * fstab-util: add fstab_is_bind
  * fstab-generator: resolve bind mount source when in initrd
  * fstab-util: add fstab_is_mount_point_full which takes a source path to compare
  * gpt-auto: skip mounting ESP if fstab for /boot/ uses the same device as discovered one
  * fstab-util: add fstab_has_node
  * gpt-auto: don't mount ESP if there's an fstab entry for it
  * vconsole: support KEYMAP=kernel for preserving kernel keymap
  * Merge pull request #28648 from yuwata/shutdown-skip-recursive-mount-run
  * man/systemd.unit: DefaultTimeoutStartSec= -> DefaultDeviceTimeoutSec=
  * hibernate-resume-generator: escape device path passed to hibernate-resume
  * man/systemd: avoid duplicate variable name
  * shared/fstab-util: use is_device_path instead of is_device_node
  * Merge pull request #28728 from yuwata/fstab-no
  * proc-cmdline: introduce PROC_CMDLINE_TRUE_WHEN_MISSING
  * proc-cmdline: do assert on flags earlier
  * fstab-util: make use of PROC_CMDLINE_TRUE_WHEN_MISSING
  * battery-check: use proc_cmdline_get_bool
  * reboot-util: cache the result of shall_restore_state
  * battery-util: don't log duplicate message
  * battery-util: log_notice when unsure about battery state
  * sleep: clear EFI HibernateLocation if writing kernel config fails
  * journalctl: support --lines=+N for showing the oldest N entries
  * journalctl: minor follow-up for --lines=
  * core/socket: don't consider service active when in SERVICE_AUTO_RESTART_QUEUED
  * Merge pull request #28884 from poettering/tpm2-pcr6-name
  * generators: use generator_open_unit_file where appropriate
  * mount/mount-tool: return correct errno
  * logind: rephrase log messages
  * logind: use hashmap value destructors
  * logind: add missing asserts
  * logind-session: generalize EIO handling for {restore,leave}_vt
  * Revert "Revert "test: add test case for systemd-update-utmp vs daemon-reexec""
  * Merge pull request #29007 from tormath1/tormath1/reload
  * core,systemctl: refuse switching root to current root properly
  * core,systemctl: refuse switching root if we're not in initrd
  * format-table: use format_timestamp_relative_monotonic
  * string-util: introduce strrepa
  * loginctl: use vertical table for {user,session,seat}-status
  * Merge pull request #28793 from poettering/switch-root-flags-tweak
  * sd-messages.h: correct alignment
  * core/crash-handler: correct indentation
  * catalog/systemd.catalog: rephrase a bunch of messages
  * journalctl: reset --lines= correctly if no argument
  * systemctl: drop unnecessary else
  * systemd.catalog: freezed -> froze
  * hibernate-resume: split out the logic of finding hibernate location
  * units: order battery-check before hibernate-resume
  * io-util: introduce loop_write_full that takes a timeout
  * shared/wall: use loop_write_full
  * Merge pull request #29123 from yuwata/conf-parser-cleanups-for-config-section
  * repart,bootspec: use set_ensure_consume
  * conf-parser: parse main config first only if not symlinked to/as drop-in
  * utmp-wtmp: remove unneeded include
  * shared/wall: several cleanups
  * shared/wall: fall back to logind if utmpx database doesn't exist
  * TODO: switch the default wall implementation to sd-login
  * Merge pull request #29117 from Werkov/memory_available
  * Merge pull request #29184 from keszybz/more-pager
  * Merge pull request #29206 from mrc0mmand/lsan-followup
  * tree-wide: explicitly compare return value of fd_is_fs_type with 0
  * btrfs-util: introduce btrfs_get_file_physical_offset_fd
  * test: introduce TEST-83-BTRFS
  * Merge pull request #29230 from poettering/scope-tweaks
  * Merge pull request #29231 from poettering/cgroup-utils-tweaklets
  * Merge pull request #29179 from YHNdnzj/resume-offset-btrfs
  * elf2efi: fix a typo
  * hibernate-resume: break lines in meson.build files()
  * hibernate-resume: add missing #pragma once
  * btrfs-util: fix one memory leak
  * core/main: log that we assume first boot if failed to read machine-id
  * man/systemd-firstboot: /etc/ empty -> unpopulated
  * core/service: log the next restart usec only when we're arming timer
  * units/blockdev@.target: conflict with umount.target
  * sleep-util: move check_wakeup_type to sleep/sleep
  * sleep: rebreak lines in check_wakeup_type
  * sleep-util: split battery-capacity into sleep/
  * sleep-util: split into sleep-config and hibernate-util
  * sleep/battery-capacity: don't report we have trip alarm if no battery is found
  * sleep/battery-capacity: drop unused error-handling
  * sleep/battery-capacity: rearrange functions
  * sleep-config: several cleanups
  * sleep-config: add explanatory comment on "modes"
  * core/unit: use RET_GATHER in one more function
  * man/org.freedesktop.systemd1: add version info for NFTSet
  * Merge pull request #29265 from YHNdnzj/sleep-util-refactor
  * systemctl: reflect that statically enabled units can be in .upholds/
  * systemctl: don't duplicate string needlessly
  * systemctl: make unit_is_masked always query manager
  * systemctl: clean up check_triggering_units
  * systemctl-start: suppress the triggering unit warning when --no-warn
  * systemctl-enable: warn if disabled/masked units has active triggering units
  * Merge pull request #29333 from YHNdnzj/systemctl-warn-half-masked
  * core: mark units as need daemon-reload if unit file operations are
  * man/systemd.exec: suffix one more directory with /
  * man/systemd.exec: document that API fs are required to setup namespacing
  * docs/HACKING: Arch has dropped asp in favor of pkgctl
  * systemctl-show: align "Cntrl PID" correctly
  * core/execute: use FOREACH_ARRAY in one more place
  * core/execute: modernize get_fixed_{user,group}
  * core/execute: always set $USER and introduce SetLoginEnvironment=
  * man/systemd.exec: document behavior of SetLoginEnvironment= when unset
  * networkctl: use proper vertical table for status
  * loginctl: *-status: set minimum table column width if extra info will be printed
  * Merge pull request #29530 from poettering/debug-log-tweaks
  * core/exec-credential: use rmdir_and_freep at one more place
  * Merge pull request #29537 from poettering/varlink-tweaks
  * core/varlink: make sure we setup non-serialized varlink sockets
  * core/execute-serialize: use FOREACH_ARRAY more
  * core/execute: use FOREACH_ARRAY more
  * core/execute: correct alignment
  * core: add MemoryKSM and SetLoginEnvironment to exec_context_dump
  * core/exec-invoke: rename parameters of get_fixed_{user,group}
  * core/mount: allow disabling stop propagation from backing device
  * docs/FILE_DESCRIPTOR_STORE: NotifyAccess=cgroup -> all
  * systemctl: minor modernization
  * systemctl: is-failed: check if system is degraded when no unit given
  * core/namespace: merge if blocks
  * core/exec-invoke: use correct exit status
  * cgroup-util: use RET_GATHER more, return first error
  * core/service: check error first and log about errno
  * test-btrfs-physical-offset: log correct errno
  * sleep-config: minor cleanup for can_sleep_{state,disk}
  * sleep-config: introduce sleep_supported_full that returns a reason
  * hibernate-util: read_fiemap: add missing asserts
  * hibernate-util: rework find_hibernate_location
  * hibernate-util: introduce hibernation_is_safe
  * core/execute: use FOREACH_ARRAY and free_many more
  * man,docs: suffix directories with /
  * shared/mount-util: log correct errno
  * hibernate-resume: add missing static for arg_info
  * hibernate-util: add missing assertion
  * sleep-config: remove HibernateState= & HybridSleepState=, restrict
  * sleep-config: check sleep mode only when hibernation
  * Merge pull request #29681 from YHNdnzj/sleep-round-three
  * sleep-config: make hybrid sleep always use 'suspend' disk mode
  * man/systemd.unit: add PropagatesStopTo= to reverse property table
  * fstab-generator: use RET_GATHER more
  * sleep: introduce sleep_operation_is_hibernation
  * sleep: drop unneeded includes
  * sleep: log about errno
  * sleep: update help text for suspend-then-hibernate
  * sleep: rework write_state and write_mode
  * sleep: minor modernization for lock_all_homes
  * fstab-generator: drop unapplicable mount options for / from mount unit Options=
  * sleep: make sure we clear HibernateLocation on all error paths
  * Merge pull request #29740 from YHNdnzj/sleep-round-four
  * sleep-config: allow setting empty HibernateMode= (use kernel default)
  * Merge pull request #29879 from Flowdalic/cgroup-memory-peak
  * fd-util: refuse O_CREAT in fd_reopen
  * basic/fileio: drop O_CREAT before passing flags to fd_reopen
  * cgroup-util: introduce cg_pidref_get_unit
  * pidref: introduce hash ops that doesn't come with destructor
  * core/unit: remove unneeded comparison for hashmap_remove_value
  * logind: switch sessions_by_leader to PidRef
  * Merge pull request #29941 from Flowdalic/cgroup-memory-swap-peak
  * conf-parser: pin seen config files
  * Merge pull request #29990 from Flowdalic/memory-zswap-current
  * conf-parser: remove unused condition
  * core: use FOREACH_ARRAY and RET_GATHER more
  * core/unit-serialize: realign table
  * core/unit-serialize: use private string table
  * core: generalize memory accounting attribute handling
  * core: add unit_reset_{memory,io}_accounting_last
  * man/systemd-creds: fix a typo
  * TODO: remove an already implemented entry
  * logind: return "no" if sleep operation is disabled
  * logind-action: split out logic for handle_action_sleep
  * logind-inhibit: introduce inhibit_what_is_valid
  * logind-action: check if inhibit_what is valid
  * hibernate-util: report no available swap as no enough swap space
  * hibernate-util: if asked to bypass space check, accept the case when we
  * conf-parser: only read the first found main config file
  * exec-util: don't say sd-executor to avoid ambiguity
  * core/manager: rename result parameter to ret
  * core/manager: correct and simplify errno handling
  * core/manager: open our parent dir with O_PATH
  * analyze: use FOREACH_ARRAY more
  * analyze: don't open systemd-executor needlessly
  * hibernate-resume: actually set HibernateInfo.offset
  * core/dbus-unit: don't log cgroup v1 property name
  * bus-print-properties: ignore CGROUP_LIMIT_MAX for Memory*{Current,Peak}
  * bus-print-properties: prettify more unset properties
  * core/cgroup: use the cached memory accounting value when cgroup is gone
  * Revert "nspawn-patch-uid: try fchmodat2() to restore mode of symlink"
  * nspawn-patch-uid: clarify that changing mode of symlink is unsupported
  * core/executor: avoid double closing serialization fd
  * core/execute-serialize: FOREACH_ARRAY at one more place
  * core/exec-invoke: rename flags_fds to flag_fds
  * fdset: set all collected fds to CLOEXEC in fdset_new_fill()
  * core/exec-invoke: remove redundant fd_cloexec() call
  * core/exec-invoke: prevent potential double-close of exec_fd
  * core/cgroup: for non-cached attrs, don't return ENODATA blindly
  * networkctl: use RET_GATHER more
  * networkctl: drop one assertion
  * networkctl: introduce --runtime for editing network config under /run/
  * hibernate-util: return 1 for hibernation_is_safe only when all checks pass
  * sleep: reduce the scope of hibernation_device
  * hibernate-resume: always clear HibernateLocation if system info matches
  * logind: take HandleAction instead of HandleActionData at several places
  * logind: put more struct members into designated initializer
  * logind: test: make sure string of HandleAction and SleepOperation match
  * logind: introduce Sleep() call and action that automatically choose a sleep operation
  * systemctl: add support for Sleep() logind call
  * repart: use correct errno
  * shared/killall: correctly warn about rootfs daemon's root
  * systemctl-whoami: use pidfd to refer to processes
  * various: don't log synthetic EIO for fwrite
  * tmpfiles.d/systemd-nologin.conf: use f+ instead of F (deprecated)
  * core/exec-invoke: voidify one rename_process call
  * core/executor: save argv for later use by rename_process()
  * Merge pull request #30384 from YHNdnzj/rename-process
  * core/cgroup: cache the last memory usage values before destroying cgroup
  * systemctl-show: always show memory peak if available
  * hibernate-util: de-duplicate clear_efi_hibernate_location
  * core/executor: do destruct static variables and selinux before exiting
  * core/exec-invoke: sigwait() returns positive errno and never EINTR
  * elf2efi: remove outdated comment mentioning linker script
  * man/systemd.mount: update implicit deps on device unit
  * fstab-generator: disable default deps if x-systemd.{wanted,required}-by= is used
  * man/systemd.mount: tmpfs automatically gains After=swap.target dep
  * core/device: add stopping job message
  * core/job: emit job start message if we're only waiting for unit state
  * hibernate-resume: don't wait forever if hibernate info is from EFI
  * iovec-util: add missing assertion
  * macro-fundamental: add U64_{K,M,G}B
  * core/unit: raise log level for unit_log_resources on certain memory thresholds
  * core/unit: clean up unit_log_resources
  * machine-credential: introduce MachineCredentialContext
  * fsck: use correct errno
  * cgroup-util: check ferror() first
  * basic/uid-range: add uid_map_read_one helper
  * machine: also clean up gid_map fscanf error handling
  * Merge pull request #30482 from YHNdnzj/ferror-handling
  * shared/install: use RET_GATHER more
  * networkctl: split out networkctl-config-file.[ch]
  * networkctl-cat: insert a newline between different config files
  * networkctl-config-file: split out reload_daemons
  * networkctl-config-file: check for masked config before editing/showing
  * networkctl: introduce verb mask and unmask
  * core/execute: remove unneeded brackets
  * core/execute: use assertion for _done function
  * systemctl: configure boot loader options only when going through firmware
  * terminal-util: use RET_GATHER more
  * terminal-util: introduce isatty_safe that rejects EBADF
  * various: clean up isatty() handling
  * analyze-fdstore: ignore table header when checking stored fd count
  * analyze-fdstore: don't log duplicate error
  * format-table: introduce table_isempty and use it where appropriate
  * core,format-table: use strna/ersatz for formatting fdstore dump
  * Merge pull request #30622 from yuwata/space
  * various: use FOREACH_ARRAY more
  * core/unit: don't log 0 values in unit_log_resources
  * sleep: connect to correct bus when locking homed-managed homes
  * hibernate-util: make sure we use blockdev path for HibernationDevice.path
  * hibernate-util: remove unused code
  * sleep: don't log duplicate error
  * fd-util: modernization
  * fdset: use FOREACH_ARRAY at one more place
  * shared/async: use safe_close where appropriate
  * logind-session-device: use _cleanup_close_
  * various: don't use close_nointr if retval is not checked anyway
  * fd-util: don't eat up errors in fd_cloexec_many
  * bus-wait-for-jobs: sort includes
  * bus-wait-for-jobs: reorganize functions
  * bus-wait-for-jobs: rephrase error message
  * bus-wait-for-jobs: a few modernizations
  * bus-wait-for-jobs: remove unneeded strna and refactor code a bit
  * bus-wait-for-units: use hashmap_remove_value where appropriate
  * bus-wait-for-units: rephrase error message
  * bus-wait-for-units: correctly report state if disconnected from bus
  * bus-wait-for-units: rearrange function
  * logind: use handle_action_to_string where appropriate
  * utmp-wtmp: check actual value of bool instead of pointer
  * various: unexport a few internal structs
  * Merge pull request #30686 from poettering/uki-measured-check-imply-tpm2
  * Merge pull request #30694 from yuwata/sd-netlink-move-macro-and-introduce-tos-getter
  * labeler: add matches for login and logind
  * logind-session-device: trivial modernizations
  * logind-session: use RET_GATHER more
  * logind: use RET_GATHER more, return first error
  * logind-session: be tolerant if we failed to remove leader from hashmap
  * logind-session: use one_zero where appropriate
  * process-util: ensure pidref_is_alive only return ESRCH if not set
  * logind: serialize session leader pidfd to fdstore
  * logind-session: watch pidfd in session_set_leader_consume
  * string-util-fundamental: postfix -> suffix, use streq
  * string-util: use strneq
  * string-util: move startswith_strv to strv
  * strv: rename strv_endswith to endswith_strv and dedup ENDSWITH_SET
  * TEST-35-LOGIN: enable FileDescriptorStorePreserve= for coldplug test
  * man/loginctl: use <literal> to quote possible values of --kill-whom=
  * man/loginctl: document "self" and "auto" special session IDs
  * tpm2-generator: sort includes
  * Merge pull request #30725 from YHNdnzj/string-util
  * vpick-tool: sort includes
  * shared/vpick: don't say "ptr" for TAKE_PICK_RESULT (struct)
  * core/cgroup: use designated initializer more, make dup source const
  * TODO: drop some implemented entries
  * logind: don't use assertion for deserialized_pid
  * hexdecoct: make unbase64mem and unhexmem always use SIZE_MAX
  * networkd/wireguard: support network.wireguard.* credentials
  * machined,portabled: remove unneeded NOTIFY_STOPPING
  * timedated: modernization
  * importd: use Type=notify
  * hostnamed: use Type=notify
  * localed: modernization
  * core/load-fragment: use unit_path_printf where appropriate
  * core: allow fstab-style nodes in mount/swap What=
  * creds-util: make read_credential_strings_many behave the same as comment
  * logind-action: query HandleActionData.sleep_operation where appropriate
  * run: show accounting data of same type in the same line
  * selinux-util: reorder functions
  * core/execute: don't reload selinux before spawning executor
  * run: don't show IP/IO accounting data if 0
  * logind-dbus: minor modernization
  * logind-dbus: refuse multiple jobs in method_do_shutdown_or_sleep too
  * battery-util: raise log level for battery_is_discharging_and_low
  * units: update Description= for systemd-sleep units
  * man/systemd-sleep.conf: document the operation of s2h more thoroughly
  * logind: allow Sleep() and CanSleep() dbus calls
  * labeler: add bsod, hibernate-resume, nspawn and vmspawn
  * man: don't use versioned standard-options
  * logind-dbus: introduce ListSessionsEx() call
  * loginctl: show more info in list-sessions (ListSessionsEx())
  * loginctl: add --json= and -j, decouple list-* from --output=
  * TEST-35-LOGIN: test changes to list-sessions
  * core/unit: check for correct function in vtable
  * logind-action: also check .target unit state when selecting sleep action
  * hibernate-util: log that we actually read /sys/power/resume* rather than cmdline
  * run: strjoina is used, not sprintf
  * pam_systemd: close pidfd after use
  * pam_systemd: always check if session is busy
  * logind-user: use RET_GATHER more
  * logind-dbus: use SESSION_IS_{SELF,AUTO} instead of SEAT_* for sessions
  * loginctl: add --json= and -j to help text
  * Merge pull request #31004 from AdrianVovk/misc-cleanups
  * id128-util: use FOREACH_STRING where appropriate
  * macro: rename VA_ARGS_FOREACH to FOREACH_ARGUMENT
  * tree-wide: replace FOREACH_POINTER with FOREACH_ARGUMENT
  * Merge pull request #31072 from YHNdnzj/va-arg-foreach
  * logind-user: don't say "user X logged out" in user_finalize
  * logind-dbus: modernize method_set_user_linger
  * logind-dbus: send session reply only for user start jobs
  * logind-user: don't clear individual fields if object is freed anyway
  * fileio: fputs_with_space → _with_separator and modernization
  * fstab-generator: drop assertions for mount opts
  * fstab-util: clean up fstab_filter_options
  * fstab-generator: drop unneeded initialization
  * fstab-generator: add missing assertions
  * fstab-generator: modernize write_extra_dependencies
  * fstab-generator: drop unapplicable options for /usr/ too
  * Merge pull request #31108 from yuwata/core-trivial-cleanups
  * notify: minor modernizations
  * notify: deduplicate ppid handling
  * notify: if execve() failed, always show original error
  * man/systemd-notify: don't say "the latter" if more than 2 options
  * notify: don't exit silently when --exec but no msg
  * notify: warn if notify msg specified along with --booted
  * env-util: don't use strlen_ptr if known non-NULL
  * env-util: drop _pure_ for strv_env_get_n
  * Merge pull request #31107 from yuwata/pam-setcred-vs-close-session
  * core/exec-credential: make param const where appropriate
  * core/exec-invoke: don't duplicate needs_sandboxing condition
  * core/unit: use ASSERT_PTR and strdup_or_null more
  * core/service: introduce service_exec_flags
  * core/service: don't give ExecStopPost= commands tty access
  * core/service: don't setup credentials for ExecCondition= and ExecReload=
  * core/service: allow ExecStartPost= cmds to access creds
  * Merge pull request #31197 from YHNdnzj/protect-system-cred
  * login/user-runtime-dir: properly check for mount point
  * mountpoint-util: introduce path_is_mount_point_full
  * Merge pull request #31209 from bluca/pidfd_spawn
  * process-util: minor follow-up for pidfd_spawn
  * core/exec-credential: add missing assertions
  * core/exec-credential: use FOREACH_ARRAY at one more place
  * TEST-54-CREDS: add test for ExecStartPost= (#31194)
  * core: introduce exec_params_need_credentials
  * core: reuse credential dir across start and start-post if populated,
  * basic/unit-name: include param name in function prototype
  * systemctl-util: some modernizations
  * basic/unit-name: introduce unit_name_replace_instance_full
  * systemctl: support disable/mask --now with unit template
  * systemctl: allow --now only if not install_client_side()
  * core/service: make error msg match with conditions
  * man/systemd.service: document that Restart=always/on-success are refused
  * core/service: allow RestartForceExitStatus= for oneshot services
  * Merge pull request #31181 from fbuihuu/gpt-auto-more-defensive
  * Merge pull request #31028 from yuwata/journalctl-raise
  * core/load-fragment: fix typo (sanety -> sanity)
  * core/load-fragment: modernize config_parse_socket_listen
  * systemctl: don't warn unit needs reload if --no-warn
  * login/logind-session-dbus: some follow-ups for 'user-incomplete' (#30226)
  * logind-user: track user started/stopping state through user-runtime-dir@.service
  * logind-session: use Requires= for user{,-runtime-dir}@.service
  * env-util: minor modernization
  * core/manager: don't propagate manager session env to children
  * core/exec-invoke: record correct exit status when failed to locate executable
  * core/exec-invoke: raise the log level of missing executable to notice
  * core/execute: clean up log_exec_full_errno and friends
  * core/mount: if umount(8) fails but mount disappeared, assume success
  * Merge pull request #31419 from AdrianVovk/fixup-largefile-define
  * logind-session-dbus: drop unneeded unref_and_replace
  * logind-dbus: rearrange functions
  * logind-dbus: clean up manager_{start,stop,kill}_unit
  * fd-util: introduce fd_verify_safe_flags
  * journal-native: ignore server_process_native_file error on caller's side
  * systemctl-util: use strv_free_and_replace at one more place
  * systemctl: generalize GetUnitByPIDFD handling
  * systemctl-show: use lookup_unit_by_pidref too
  * docs/CODING_STYLE: fix typo (CLONE_VORK -> VFORK)
  * Merge pull request #31472 from YHNdnzj/systemctl-pidref
  * docs: update link for Arch Linux bugtracker
  * core: mark JoinControllers= as DISABLED_LEGACY rather than _CONFIGURATION
  * core/cgroup: remove obsolete TODO
  * shared/mount-setup: minor modernization
  * shared/mount-setup: split out mount_cgroup_legacy_controllers
  * shared/cgroup-setup: introduce cg_is_legacy_force_enabled
  * core: refuse cgroupv1 unless SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE
  * meson: drop default-hierarchy= option, always use unified
  * NEWS: announce cgroup v1 deprecation
  * shared/userdb: remove unneeded cast for dlsym
  * dlfcn-util: use safe_dlclose for dlclosep
  * core/service: reorder two functions
  * core/service: rearrange variables, use ASSERT_PTR
  * core/service: remove unused function param and minor cleanup
  * shared/pretty-print: print color sequence only when needed
  * shared/pretty-print: use strrepa where appropriate
  * logind: place 'ret' param at last
  * logind-device: remove unneeded 'struct'
  * logind-{session,seat}: get rid of basename() in _new()
  * core/service: minor cleanup for service_add_fd_store
  * extract-word: modernize extract_many_words
  * core/service: use extract_many_words at one more place
  * man/sd_notify: be explicit that FDPOLL= is not a global setting
  * Merge pull request #31600 from YHNdnzj/fd-poll
  * man/systemd-debug-generator: be consistent on '=' for boolean options
  * stat-util: generalize is_* and verify_* handling
  * core/service: Type=notify/dbus services shouldn't be considered active
  * core/service: don't transition to start-post on cgroup empty event
  * basic: remove spuriously doubled newline and leftover separator
  * path-lookup: rename lookup_paths_free -> _done
  * shared/install: use RET_GATHER more
  * shared/install: use FOREACH_ARRAY at one more place
  * core,install: generalize install error handling
  * tmpfiles: remove one more use of goto and modernization
  * tmpfiles: do 'X' bit check in an ACL-aware manner
  * tmpfiles.d/systemd: use ACL 'X' bit where appropriate
  * Merge pull request #31664 from bluca/coverity
  * bus-unit-util: define FREEZE_BUS_CALL_TIMEOUT locally
  * bus-unit-util: trivial follow-up for UnitFreezer
  * sleep: fix typo (sysupend -> suspend)
  * logind-dbus: count user-early sessions in verify_shutdown_creds too
  * units: make quota services bind to corresponding mount units
  * quotacheck: minor modernization
  * quotacheck: store argv[*] in static var
  * man/systemd-hibernate-resume: generator now enables rather than creates the service
  * fstab-util: remove unreachable return
  * gpt-auto: ignore fstab_has_node failure
  * stat-util: introduce fd_inode_same
  * stat-util: struct stat could be initialized with (st_mode & S_IFMT == 0)
  * pidref: use fd_inode_same to compare pidfds
  * Merge pull request #31713 from YHNdnzj/pidref-equal
  * Merge pull request #31671 from AdrianVovk/homework-cifs-credentials
  * env-util: remove unneeded DISABLE_WARNING_FORMAT_NONLITERAL
  * fileio,data-fd-util: use U64_* more
  * data-fd-util: some modernization
  * data-fd-util: accept size == SIZE_MAX and translate that to strlen
  * homework-cifs: log correct errno
  * Merge pull request #31727 from YHNdnzj/homed-followup
  * Merge pull request #31746 from yuwata/network-unit-hide-boot-and-efi
  * networkd-manager: drop spurious return
  * core/cgroup: introduce MemoryZSwapWriteback setting
  * path-util: introduce skip_leading_slash and use it where appropriate
  * journal-send: introduce journal_stream_path helper
  * sd-journal: introduce sd_journal_stream_fd_with_namespace
  * units: make systemd-journald@.socket installable
  * journal/cat: allow connecting output to specific journal namespace
  * shell-completion: add systemd-cat --namespace=
  * NEWS: fix typo
  * Merge pull request #31861 from yuwata/journalctl-fix-until
  * core: use ASSERT_PTR(CAST(u)) everywhere
  * core: use RET_GATHER more
  * nulstr-util: minor cleanup
  * machinectl: minor modernization, use FOREACH_ARRAY
  * cgroup-util: use path_find_first_component where appropriate
  * core/swap: fix memory management in swap_setup_unit
  * core/mount: use ASSERT_PTR in mount_setup_new_unit
  * core/execute: use STR_IN_SET where appropriate
  * core/dynamic-user: trivial modernization
  * core/swap: another try on memory mgmt
  * core: introduce UNIT_IS_LOAD_ERROR helper
  * core/socket: validate service unit load state before continuing
  * core/socket: remove duplicate unit_add_two_dependencies
  * core/socket: clean up socket peer handling a bit
  * core/socket: use FOREACH_ARRAY at one more place
  * analyze-security: use FOREACH_ARRAY
  * analyze-dot: minor modernization
  * analyze-dot: also show BindsTo= in --require
  * analyze: refuse --global dot/verify
  * Merge pull request #31886 from DaanDeMeyer/logind
  * basic/string-table: remove unnecessary brackets
  * journalctl: explicitly check < 0 for error
  * home/homework: use FOREACH_ARRAY more
  * core/service: remove redundant Unit.type check
  * core/execute: check if EXEC_PASS_FDS is set if got exec_params.fds
  * daemon-util: introduce notify_reloading helper
  * units: sort lists in meson.build
  * systemctl,busctl: sort includes
  * bus-util: dedup bus_set_address_capsule
  * sleep-config: make sleep_operation_is_hibernation uppercase
  * man/systemd-sleep: reorder options
  * sleep-config: fix potential memory leak
  * string-util: modernize string_contains_word_strv a bit
  * sleep-config: make sleep_mode_supported take a path
  * sleep: make write_mode take a path
  * sleep: add SleepMemMode= setting for configuring /sys/power/mem_sleep
  * core/service: ensure we don't restart on SERVICE_SKIP_CONDITION
  * core/unit: use FOREACH_ARRAY at one more place
  * units: remove implicit RequiresMountsFor=
  * man/tmpfiles.d: drop doubled space
  * core/mount: if unmount retries exceeded max, record as failure
  * core/mount: if mount is gone eventually, consider it success
  * time-util: drop unneeded 'struct'
  * signal-util: make struct timespec const
  * efivars: minor modernization for efi_set_variable
  * hibernate-util: make clear_efi_hibernate_location_and_warn return 1 if
  * hibernate-resume: EINVAL -> ENOTBLK where appropriate
  * hibernate-resume-config: expose get_efi_hibernate_location
  * hibernate-resume: add options handling
  * hibernate-resume: introduce --clear for clearing hibernate storage var
  * units: introduce systemd-hibernate-clear.service that clears
  * man/kernel-command-line: be clear that resumeflags= is about timeout opts only
  * string-util: add missing assertion in cellescape
  * core/manager: use cellescape and don't be too aggressive
  * hibernate-util: say "HibernateLocation EFI variable" consistently
  * man/kernel-command-line: document resume_offset= too
  * os-util: use ENDSWITH_SET where appropriate
  * sleep: rename SleepMemMode= to MemorySleepMode=
  * core/service: make service_set_main_pidref consume pidref
  * core/service: complain louder if new MAINPID= is refused
  * core/service: add a FIXME to use pidfd to monitor foreign processes
  * core: use log_unit_debug in *_set_state
  * logind-dbus: use FLAGS_SET more
  * systemctl-logind: auto soft-reboot only if /run/nextroot/ is mountpoint
  * core/service: use GREEDY_REALLOC_APPEND
  * man/systemd.socket: be explicit that MaxConnectionsPerSource=0 means disabled
  * hibernate-util: check 'noresume' before reading resume setting
  * labeler: add mountfsd and nsresource
  * uid-range: use FOREACH_ARRAY at one more place
  * uid-range: place 'ret' param at last
  * userdbctl: avoid NULL pointer deref
  * userdbctl: use FOREACH_ARRAY more
  * userdbctl: correct uid_range_covers check
  * Merge pull request #32156 from YHNdnzj/mountfsd-followup
  * hibernate-resume-config: apply ENABLE_EFI ifdef correctly
  * pidref: 0 -> NULL for pointer
  * core/exec-invoke: modernize connect_unix_harder
  * core/exec-invoke: modernize get_open_file_fd a bit
  * shared/open-file: make open_file_free_many static inline
  * shared/open-file: use xescape to escape ':'
  * test: merge TEST-77-OPENFILE into TEST-23-UNIT-FILE
  * core: use FOREACH_ARRAY at 3 more places
  * bless-boot-generator: use generator_add_symlink
  * units/systemd-boot-check-no-failures.service: drop unneeded dep on shutdown.target
  * core/load-fragment: modernize config_parse_exec
  * core/dbus-execute: modernize a bit
  * core/execute: introduce exec_command_free
  * core/dbus-execute: fix potential memory leak
  * string-util: correct comment in strextendf_with_separator
  * shared/killall: minor modernization
  * sd-dhcp-server: check dir_fd with assert_return
  * sd-dhcp-server: use close_and_replace (avoid fd leak)
  * core/unit: use IN_SET at one more place
  * cgroup-setup: modernize cg_migrate
  * core/dbus-manager: add missing assertion
  * core/dbus-manager: rephrase the comment for method_get_unit_processes a bit
  * core/execute: also check cg_is_threaded for clone3()
  * man/custom-html: update link to Arch manual
  * man: switch wireguard man project to man7
  * man/sd-journal: correct project name for man7
  * NEWS: fix typo, rephrase para for systemd-hibernate-clear.service a bit
  * shared/vpick: align function args correctly, add missing assertion
  * shared/vpick: drop unneeded strempty()
  * shared/vpick: add missing condition on ret_result
  * NEWS: a few fixes, add systemd-cat --namespace=
  * shared/vpick: also align function params in header
  * string-util: use mempcpy where appropriate
  * core/show-status: use strlen where appropriate
  * journal-gatewayd: add missing assertions
  * journal-gatewayd: use skip_leading_chars where appropriate
  * NEWS: udev and networkd pick up more things from creds
  * core: switch j->unit->manager to j->manager
  * core/manager: also log soft-reboot count along with timespan
  * core/manager: introduce ManagerObjective string table lookup
  * core/manager-serialize: serialize objective string
  * core/manager: log about previous objective
  * Merge pull request #32336 from teknoraver/foreach_element
  * core/unit: use UNIT_IS_INACTIVE_OR_FAILED at one more place
  * core/dbus: modernize bus_foreach_bus
  * systemctl: use FOREACH_ARRAY and FOREACH_ELEMENT more
  * systemctl-start-unit: Subscribe() is unnecessary if we RefUnit explicitly
  * bus-wait-for-units: drop ready_callback
  * bus-wait-for-units: make callback type end with "_t"
  * bus-wait-for-units: check for existing unit first, use hashmap_ensure_put
  * bus-wait-for-units: drop 'current' field
  * bus-wait-for-units: simplify property_map_job_id
  * shared/vpick: use strdup_to where appropriate
  * shared/vpick: flatten errno check
  * shared/vpick: check deterministic suffix earlier
  * Merge pull request #32370 from YHNdnzj/vpick-check-early
  * shared/verbs: minor modernization
  * shared/verbs: show list of verbs when missing
  * nspawn: fix typo
  * kernel-install/60-ukify: also search in {/run,/usr/local/lib}/kernel/
  * core/service: also allow updating main pid when SERVICE_STOP
  * cryptenroll: sort includes
  * network: suggest using "networkctl edit" instead of copying manually
  * mount-setup: use mount_verbose_full where appropriate
  * core/manager: drop obsolete cgroup taint string
  * core/manager: rearrange taint tags
  * core/manager: add unmerged-bin taint
  * cryptenroll: fix typo (close parenthesis out of nowhere)
  * journald-server: drop spuriously doubled '=' for OBJECT_SYSTEMD_INVOCATION_ID
  * man/systemd.journal-fields: add missing OBJECT_SYSTEMD_INVOCATION_ID
  * mount-setup: fix typo
  * core/namespace: check error first, add missing assertion
  * core/exec-invoke: use FOREACH_ARRAY more, drop unnecessary initialization
  * core/load-fragment: add one missing assertion
  * man/systemd.exec: mount_switch_root uses pivot_root rather than chroot
  * core: use close_and_replace more when deserializing
  * core/manager-serialize: deserialize handoff-timestamp fds
  * core/execute: switch mount_apivfs to tristate
  * core/namespace: use FOREACH_ARRAY at one more place
  * core/namespace: modernize clone_device_node
  * core/namespace: modernize mount_private_dev
  * sd-daemon: minor modernization, use assert_return
  * sd-daemon: downgrade log level for library code, use correct errno
  * Merge pull request #32516 from YHNdnzj/core-cleanup
  * various: drop unnecessary DISABLE_WARNING_FORMAT_NONLITERAL
  * pam_systemd_loadkey: add missing PAM_EXTERN
  * efivars: drop unneeded UTIME_NOW
  * fs-util: try AT_EMPTY_PATH first for futimens_opath
  * fs-util: modernize touch_file a bit
  * labeler: add l10n 🌍
  * development-freeze: suppress warning for some labels
  * journalctl: also check arg_file_stdin with other journal location
  * Merge pull request #32547 from YHNdnzj/minor-cleanup
  * man/run0: fix typo (missing "by")
  * shared/install: reduce variable scope
  * shared/install: use FOREACH_ARRAY for install_changes_have_modification
  * core/dbus-manager: mark unit file state as outdated only if
  * Merge pull request #32595 from bluca/old_docs
  * core/selinux-access: use empty_to_na where appropriate
  * Merge pull request #32617 from yuwata/journal-sync
  * core/load-fragment: modernize config_parse_load_credential a bit
  * core/exec-credential: complain louder if inherited credential is missing
  * core/unit: use FOREACH_STRING where appropriate
  * core/execute: re-break function declaration of exec_spawn
  * core/service: use switch for service_enter_start
  * basic/mkdir: use timespec_store instead of _nsec for mkdir_p_root_full
  * repart: correct timespec_store usage too
  * hibernate-util,logind: emit a clear error if the specified resume dev is missing
  * hibernate-util,logind: also differentiate the case of misconfigured resume
  * systemctl: do not fall back to StartUnit automatically for sleep operations
  * man/run0: remove the --user example for --machine=
  * ssh-generator: fix pointer cast type
  * debug-generator: enclose function call in if statement when retval
  * debug-generator: use RET_GATHER where appropriate
  * debug-generator: drop unneeded empty_to_root
  * debug-generator: don't eat up error if we can't write drop-in
  * debug-generator: clean up logging and such for units passed from creds
  * firewall-util-iptables: update ELF note to mention "iptables"
  * systemctl-show: make show_memory_available cover memory_available itself
  * core/dbus-unit: correct argument alignment for SD_BUS_METHOD_WITH_ARGS
  * core/unit: cast unused retval to void
  * core/unit: use FOREACH_ARRAY at one more place
  * path-util: take char* const* for strv where appropriate
  * core/namespace: take char* const* for strv, use FOREACH_ARRAY
  * tmpfiles: clean up hardlinks_vulnerable a bit
  * tmpfiles: don't compare errno with negative value
  * tmpfiles: use RET_GATHER more, add missing assertions
  * Merge pull request #32738 from yuwata/trivial-cleanups
  * docs/RELEASE: use meson.version for tags
  * docs/RELEASE: meson.version doesn't contain "v" prefix
  * core/service: remove unnecessary reset of notify_access_override
  * shared/bootspec: add missing assertions
  * shared/bootspec: inline iterator var
  * shared/bootspec: use path_make_absolute where appropriate
  * shared/bootspec: use isempty where appropriate
  * shared/bootspec: use FOREACH_ARRAY more
  * Merge pull request #32804 from YHNdnzj/bootspec-modernization
  * core/varlink: use FOREACH_ELEMENT more
  * core/varlink: make manager_setup_varlink_server static
  * core/swap: rename variable 'new' -> 'new_unit'
  * core/mount: correctly set DefaultDependencies=no for mounts from mountinfo
  * switch-root: preserve the whole cred mount tree (/run/credentials/)
  * TEST-82-SOFTREBOOT: test that creds for surviving units are carried over
  * fd-util: check and log error properly for fd_reopen_propagate_append_and_position
  * switch-root: update comment regarding dropped mounts
  * Merge pull request #32880 from yuwata/unit-soft-reboot
  * core/execute: do not use format str for log_object_internal
  * man/soft-reboot: order surviving services before shutdown.target
  * ptyfwd: trivial coding style and log cleanups
  * vmspawn: use openpt_allocate where appropriate
  * run: do not log "Error on PTY forwarding logic" when disconnected due to user operation
  * run: pass the pty slave fd to transient service
  * shutdown: explicitly initialize static variables, make arg_verb const
  * shutdown: downgrade log level of ignored errors to warning
  * shutdown: use execl where appropriate
  * shutdown: don't freeze() if not executed by pid1
  * shutdown: rename initrd to exitrd
  * ptyfwd: add missing assertions for pty_forward_new
  * run: when disconnected from PTY forwarder, exit event loop if not --wait
  * man/systemd-run: beef up info regarding interaction between --pty, --pipe, and --wait
  * mountpoint-util: add missing assertions, make mount_fd static
  * fs-util: add missing assertions
  * fs-util: use RET_GATHER at one more place
  * fd-util: introduce proc_fd_enoent_errno helper
  * fs-util: if /proc/ is mounted, return -EBADF when appropriate for link_fd()
  * fs-util: try AT_EMPTY_PATH for access_fd() first
  * process-util: make pid*_get_start_time return usec_t
  * core/service: try to query for new main process's starttime
  * TODO: drop implemented entry
  * Merge pull request #33019 from yuwata/tpm2-unseal
  * core/load-fragment: also clear missing_ok when WorkingDirectory=""
  * core/dbus-execute: use correct char for representing WorkingDirectory=home
  * core/dbus-execute: don't trigger assertion if WorkingDirectory="" or "-"
  * core/exec-invoke: drop unused param for acquire_home, prefix out param with ret_
  * core/exec-invoke: add a comment that acquire_home uses result from get_fixed_user
  * core/unit: don't set missing_ok if WorkingDirectory=~ is explicitly requested
  * core: introduce unit_verify_contexts
  * blockdev-util: "partscan" sysattr now directly shows the enabled state
  * run: also show a pretty string for main exit status, if any
  * man/run0: remove -M alias for --machine=
  * man/run0: remove @ syntax for --machine=
  * socket-util: use GREEDY_REALLOC_APPEND where appropriate
  * logind-user: add missing assertion for user_check_linger_file
  * logind-user: check linger file in user_wants_service_manager too
  * blockdev-util: update comment for blockdev_partscan_enabled
  * core/dbus-manager: only allow Freeze/ThawUnit() if loaded
  * core/dbus-unit: modernize bus_unit_method_freezer_generic a bit
  * bus-unit-util: rework UnitFreezer, explicitly thaw unit
  * sleep,home: clean up logs for session freezer a bit
  * bus-unit-util: extend the bus call timeout for UnitFreezer
  * core/unit: refuse to spawn units under frozen cgroup
  * core/unit: add one assertion, reduce variable scope
  * core/unit: merge nested if statements, use else where appropriate
  * core/unit: place OnFailure= handling close to OnSuccess=
  * core: clean up OnFailure= and OnSuccess= handling a bit
  * shared/dropin: minor modernization
  * shared/install: return bool where appropriate
  * shared/install: modernize remove_marked_symlink_fd
  * shared/install: modernize find_symlinks and friends
  * shared/install: modernize install_info_add
  * install,dbus-manager: make unit_file_* take (char* const*) for strv
  * shared/install: modernize unit_file_link
  * shared/install: modernize unit_file_get_list, use key destructor
  * shared/install: use path_extract_filename in install_info_traverse
  * shared/install: replace streq + basename with path_equal_filename
  * shared/install: use FOREACH_ARRAY at one more place
  * unit-file,portable: replace streq + basename with path_equal_filename
  * core/manager: enclose debug info acquirement in 'if (DEBUG_LOGGING)'
  * core/mount: stop generating mount units for cred mounts
  * Revert "core/credential,mount: re-read /proc/self/mountinfo before invoking umount command"
  * core/exec-credential: drop unused unit_add_default_credential_dependencies
  * io-util: move fputs_with_newline to fileio
  * pidref: introduce pidfd_inode_ids_supported helper
  * pidref: record pidfd inode number in PidRef struct
  * Merge pull request #33037 from keszybz/dlopen-open-code-definitions
  * macro-fundamental: correct comment and remove trailing ';' for macro
  * missing_loop: add missing assertions for fallback values
  * selinux-util: make type of cleanup func void
  * man,units: drop "temporary" from description of systemd-tmpfiles
  * core/manager: correct alignment in manager_handle_ctrl_alt_del
  * string-util: modernize first_word a bit
  * shutdown: clean up sync_with_progress a bit
  * shutdown: re-enable CAD handling in kernel at start
  * Merge pull request #33214 from keszybz/system-clock-epoch
  * core/service: use serialize_usec where appropriate, drop redundant debug log
  * core/service: also serialize/dump status_errno
  * core/service: drop unused bus_name_owner
  * core/service: use r to store parsed int values
  * basic/utf8: modernize utf8_is_valid_n a bit
  * basic/utf8: modernize ascii_is_valid_n, make ascii_is_valid static inline
  * string-util: introduce string_is_safe_ascii helper
  * core/socket: use FOREACH_ARRAY at one more place
  * core: cast ignored retval of deserialize_* to void
  * core/service: fix accept-socket deserialization
  * Merge pull request #32872 from YHNdnzj/pidref-inode
  * login/user-runtime-dir: use STRLEN where appropriate
  * login/user-runtime-dir: free ignored sd_bus_error, avoid triggering assertion
  * man/systemd.journal-fields: document _SOURCE_{MONOTONIC,BOOTTIME}_TIMESTAMP
  * shared/install: drop unneeded initialization
  * shared/install: propagate all errors in install_info_apply()
  * shared/install: correctly report changes in install_info_symlink_alias()
  * test-install-root: introduce test case for #33411
  * sd-bus/bus-error: inline iterator var, use assert_return
  * core/service: store BUSERROR= & VARLINKERROR= received through notification
  * systemctl-show: show Status{Bus,Varlink}Error in status
  * TEST-80-NOTIFYACCESS: introduce test for ERRNO= + BUS/VARLINKERROR=
  * man/org.freedesktop.systemd1: Status{Bus,Varlink}Error belongs to Service, not Scope
  * core/dbus-execute: use FOREACH_ARRAY more, drop bus_ prefix for static funcs
  * core/dbus-util: move dbus setter/getter for PrivateTmp to dbus-execute
  * core/exec-invoke: respect needs_sandboxing for PrivateTmp
  * core/namespace: add assertion for PRIVATE_TMP_CONNECTED
  * core: expose PrivateTmp=disconnected
  * bus-unit-util: add PrivateTmpEx to bus_append_execute_property()
  * Merge pull request #33456 from yuwata/terminal-util
  * Merge pull request #33401 from yuwata/journal-revert-source-boottime-timestamp
  * core/load-fragment: use ASSERT_PTR where appropriate
  * core: verify WorkingDirectory= is outside of API VFS only under mount namespacing
  * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY
  * core/exec-invoke: clean up OpenFile= logging
  * import-generator: open up NotifyAccess for varlinkctl
  * man/capsule@.service: the capsule user is prefixed with "c-" rather than "p_"
  * mountpoint-util: do not assume symlinks are not mountpoints
  * test-mountpoint-util: add a test for bind mounted symlinks
  * core/cgroup: correct macro alignment
  * core/cgroup: use > 0 comparison rather than == 1
  * core/cgroup: check CGroupRuntime.cgroup_path rather than _realized for freezer
  * core/cgroup: make unit_has_host_root_cgroup take const Unit*
  * core/cgroup: call bpf_firewall_close in cgroup_runtime_free
  * core: unify reset_accounting handling
  * core/cgroup: check root cgroup earlier for unit_get_memory_accounting
  * core/cgroup: actually make use of the cached accounting values
  * core/cgroup: drop spurious ", ignoring" for unit_cgroup_is_empty
  * core: do not drop CGroupRuntime when unit stops, but only on GC
  * core: cast ignored retval of unit_realize_cgroup to void
  * core: do not set up cgroup runtime on coldplug
  * core/unit: follow merged units before updating SourcePath= timestamp too
  * Merge pull request #33258 from YHNdnzj/cg-runtime-accounting
  * NEWS: nscd has been dropped for good
  * NEWS: fix typo
  * shared/mount-util: return early if param is NULL
  * shared/condition: add missing space after 'if'
  * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type
  * core/dbus-manager: use PidRef for log_caller()
  * core/dbus-manager: use path_simplify_alloc() for root and init paths
  * core/dbus-manager: use sd_bus_error_set() rather than _setf() where appropriate
  * core/dbus-manager: check for runtime scope first for system-wide operations
  * core/dbus-manager: refuse SoftReboot() for user managers
  * core/manager: invoke special targets on signal only for system manager
  * core/main: add an assertion to ensure user managers won't initiate destructive/system-wide operation
  * man/systemctl: --no-reload is honored by mask/unmask/preset too
  * systemctl: skip triggering unit warning if unit vanished
  * systemctl: do not try to acquire triggering units for template units
  * labeler: remove matches for dropped files (Makefile)
  * labeler: match all mkosi files
  * workflows/labeler: do not set labels on stable backport PRs
  * Merge pull request #33627 from YHNdnzj/systemctl-triggering-warning
  * systemctl-enable: some cleanups
  * systemctl-enable: support reenable --now
  * Merge pull request #33559 from YHNdnzj/reenable-now
  * core/meson.build: move various -setup sources out of libcore
  * core/execute-serialize: drop duplicate serialization of _ignore flags
  * core/unit: ignore dropins for masked units completely when checking need_reload
  * logind-user: take gc_mode into account when reporting user state
  * core/execute-serialize: fix deserialization for apparmor_profile_ignore
  * basic/mkdir: merge two if blocks, return more accurate errno
  * core/import-creds: use FOREACH_ARRAY and RET_GATHER where appropriate
  * core/import-creds: use proc_cmdline_get_bool()
  * core/main: cast ignored retval of machine_id_setup() to void
  * core/main: modernize setup_os_release() a bit
  * core/main: merge second RUNTIME_SCOPE_SYSTEM block into switch above
  * core/main: respect skip_setup for RUNTIME_SCOPE_USER too
  * core/main: move capability_ambient_set_apply() to initialize_runtime()
  * core/main: refuse to run if /usr/ is not populated
  * id128: refuse --app-specific= if we're listing GPT types
  * core/dbus-unit: use UNIT_IS_LOAD_ERROR where appropriate
  * core/unit: drop pointless unit_freezer_state wrapper
  * core,unit-def: use our usual way of asserting enums
  * core: make unit_can_freeze take const Unit*
  * core/slice: simplify slice_freezer_action a bit
  * core/unit: rename freezer "target" to "objective"
  * core/unit: use switch for unit_next_freezer_state
  * core/unit: rename a few more vars for unit_next_freezer_state()
  * core/cgroup: replace hardcoded state set with freezer_state_finish()
  * core/cgroup: skip freezer action wholly if current == objective
  * core/unit: introduce unit_set_freezer_state, make logging consistent
  * core/unit: introduce unit_freezer_complete, correctly report end state
  * core/dbus-unit: add an explicit bus error when unit is frozen by parent
  * sleep: explicitly list valid sleep operations in switch
  * sleep: also log about errno when getenv_bool fails
  * sleep,home: always initialize UnitFreezer if used
  * Merge pull request #33092 from YHNdnzj/freezer-cleanup
  * exec-util: modernize exec_command_flags_{to,from}_strv
  * run: clean up ExecCommandFlags serialization
  * core/unit: add one assertion for u->manager
  * core/service: destroy runtime data when Type=oneshot services exit
  * test-execute: ExecStop= and friends should not get credentials
  * core/service: imply Type=exec if credentials are used
  * Merge pull request #32612 from YHNdnzj/creds-test
  * core/device: minor refactors
  * core/device: prefix DEVICE_FOUND_MASK with '_'
  * core/dbus: make two functions return void
  * core/dbus: use Manager.prefix where appropriate
  * pidref: move comments that doesn't belong in pidref_copy() to pidref_dup()
  * process-util: modernize pidfd_get_pid()
  * core/manager: modernize manager_setup_notify() a bit
  * core/manager: minor refactor for manager_dispatch_notify_fd()
  * core/service: use switch in service_notify_message_authorized()
  * missing_socket: add SCM_PASSPIDFD and SCM_PIDFD
  * core: pin notify sender through pidfd (potentially SCM_PIDFD)
  * core: clean up Set/LoadCredential= parsers
  * path-util: trivial cleanup for find_executable_full()
  * path-util: simplify final path for find_executable()
  * namespace-util: explicitly specify namespace_info[]'s size
  * namespace-util: introduce pidref_namespace_open()
  * machine-dbus: use pidref_namespace_open() where appropriate
  * mount-util: clean up mount_exchange_graceful a bit, don't duplicate move_mount when fallback
  * mount-util: do not unnecessarily acquire mountns fd twice
  * mount-util: reorder params for mount_in_userspace, clean up logging
  * core: reliably check if varlink socket has been deserialized
  * core-varlink: add missing runtime_scope check for manager_varlink_init_user()
  * core-varlink: do not log about ENOENT if oomd isn't available
  * core-varlink: switch to PidRef + manager_get_unit_by_pidref()
  * basic/log: do not treat all negative errnos as synthetic
  * core: clean up ambient capability logging
  * core/unit: merge use of LOG_CONTEXT_SET_LOG_LEVEL into LOG_CONTEXT_PUSH_UNIT
  * core/cgroup: use UNIT_IS_INACTIVE_OR_FAILED where appropriate
  * core/socket: stop hardcoding every service inactive state
  * cgroup-setup: drop unused cg_migrate_callback for cg_attach_everywhere()
  * cgroup-setup: group v1-specific functions
  * cgroup-setup: move cg_{,un}install_release_agent from cgroup-util
  * cgroup-setup: minor cleanups
  * cgroup-setup: use fchownat() + AT_EMPTY_PATH where appropriate
  * cgroup-setup: drop unneeded O_RDONLY when O_DIRECTORY
  * cgroup-setup: kernel threads can reside in arbitrary cgroups
  * cgroup-util: refactor cg_{ns,freezer,kill}_supported
  * cgroup-util: drop unused cg_rmdir()
  * core/unit: unexport cg_kill log funcs, rather take in bool
  * core/unit: modernize log_kill() too
  * cgroup-util: clean up cg_kill() and friends, completely split out cg_kill_kernel_sigkill()
  * core/unit: utilize cgroup.kill on client request + SIGKILL
  * advanced-issue-labeler: use correct label for env-generator
  * core/service: actually allow to "hurry up" auto restarts
  * core/execute-serialize: drop extraneous '=' in ip-{in,e}gress serialization
  * core/execute-serialize: use serialize_item_escaped() for external paths
  * core/service: drop redundant flush_n_restarts indicator
  * core/dbus-execute: normalize "rename" arg properly
  * core/exec-credential: trivial coding style cleanup
  * core/exec-credential: drop misleading comment regarding EEXIST
  * core/exec-credential: use maybe_decrypt_and_write_credential() for SetCred= too
  * core/exec-credential: use struct load_cred_args everywhere
  * core/exec-credential: emit correct error on invalid cred source
  * core/exec-credential: do not use unlink_and_free for relative path under dfd
  * terminal-util: do not query kernel cmdline for pty size
  * edit-util: clean up run_editor() a bit
  * edit-util: do not try to recreate temp file if missing
  * edit-util: several cleanups for --stdin handling
  * networkctl: support edit --stdin
  * core-varlink: merge two FLAGS_SET() where appropriate
  * Merge pull request #33990 from yuwata/run-json-follow-ups
  * core/dbus-service: some modernization for bus_service_method_mount()
  * core/dbus-service: refuse bind mounting over /run/credentials/
  * core/unit: rename set_unit_path() -> setenv_unit_path()
  * core/unit: unit_is_filtered() -> unit_passes_filter() and invert logic
  * basic/process-util: modernize setpriority_closest()
  * string-util: update ptr declaration to match our coding style
  * edit-util: catch and warn about edits outside of markers
  * man: use standard-options for --no-ask-password everywhere
  * process-util: check the flag instead of 'cgroup' param
  * process-util: always retry with pidfd_spawn() w/o cgroup first
  * logind: DesignatedMaintenanceTime is added in v257 and constant
  * logind-session: downgrade user@.service dep to Wants=
  * basic/sigbus: use FOREACH_ELEMENT where appropriate, assert >= 0 for success
  * shared/logs-show: introduce journal_browse_prepare()
  * core/socket: use UNIT_ISSET rather than _DEREF where suitable
  * core/socket: refuse MaxConnection=0 for Accept=no sockets too
  * core: move check for combination of PAMName= + KillMode= to unit_verify_contexts()
  * core: honor FileDescriptorName= too for Accept=yes sockets
  * core-varlink: add missing runtime scope check for manager_varlink_managed_oom_connect()
  * basic/raw-clone: refuse CLONE_PIDFD too
  * core: introduce BindJournalSockets=
  * core/namespace: create /dev/log only if journal socket is present
  * portable/profile: use BindJournalSockets=
  * test: drop unneeded journal socket bind mounts
  * TEST-50-DISSECT: add explicit coverage for BindJournalSockets=
  * Merge pull request #34205 from yuwata/pretty-print-buffering
  * fd-util: also close pidfd from SCM_PIDFD in cmsg_close_all()
  * sd-varlink: check correct errno
  * audit-util: check correct errno
  * udev-ctrl: add missing size check of received message
  * core/manager: close all cmsg fds where none is expected
  * udev-ctrl: drop unused next_datagram_size_fd() call
  * machine-dbus: use in_same_namespace() at one more place
  * socket-util: make recvmsg_safe() handle MSG_TRUNC too
  * core/service: minor coding style tweak
  * core/service: modernize service_load_pid_file() a bit
  * core: add missing serialization for Unit.debug_invocation
  * core/unit: introduce unit_set_debug_invocation()
  * core/namespace: use GREEDY_REALLOC at one more place
  * core/exec-invoke: use bind_mount_add() where appropriate
  * core/namespace: make bind mounted journal sockets nosuid + noexec + nodev
  * core/namespace: add comment to explain the non-obvious assumption on /run/systemd/journal/
  * core: rename BindJournalSockets= to BindLogSockets=
  * chattr-util: set O_NOCTTY when reopening O_PATH fd
  * chattr-util: use BIT_FOREACH where appropriate
  * varlinkctl: downgrade ignored error msg to LOG_WARNING
  * core/manager: rename NOTIFY_RCVBUF_SIZE to MANAGER_SOCKET_RCVBUF_SIZE
  * core/manager: do not re-init Manager.lookup_paths when manager_reload()
  * terminal-util: correct fd validity check
  * Merge pull request #33833 from YHNdnzj/manager-reload-assert
  * networkd-state-file: use ASSERT_PTR where appropriate
  * network: store netdev drop-in paths and dump into state file
  * sd-network: introduce sd_network_link_get_netdev_file{,_dropins}
  * networkctl-status-link: show netdev files associated with link
  * networkctl: support editing netdev files by link and cat ":all"
  * network/wireguard: refuse default key if all zero
  * NEWS: correct/complete some entries
  * Merge pull request #34401 from poettering/implicit-sigprocmask
  * man/bootup: rename initrd to exitrd at one more place
  * basic/build: also include BTF status
  * tmpfiles: use RET_GATHER more
  * tmpfiles: ERRNO_IS_NOINFO -> _IS_NEG_, correct negative errno checks
  * sd-path: modernize from_user_dir()
  * sd-path: trivial cleanups for sd_path_lookup{,_strv}()
  * boot: use INC_SAFE where appropriate
  * basic/memory-util: introduce mempcpy_typesafe
  * basic/macro: move DECIMAL_STR_FMT to shared/tests
  * basic: replace size_multiply_overflow() with MUL_ASSIGN_SAFE where applicable
  * basic/memory-util: make mempcpy_typesafe() take number of obj rather than raw size
  * shared/bus-map-properties: modernize map_basic() and bus_map_strv_sort()
  * basic/strv: make string_strv_hash_ops static, add missing assertions
  * machined: fix bogus error check for machine_link()
  * machined: rename machine_{units,leaders} to machines_by_*
  * machined-dbus: move manager_add_machine() and _get_machine_by_pid() to -core
  * basic/strv: introduce strv_extend_strv_consume()
  * tree-wide: use strv_extend_strv_consume() where appropriate
  * shared/bus-map-properties: move bus_map_job_id() from wait-for-units
  * systemctl: also show job id in status output
  * Merge pull request #34548 from SimonPilkington/fix-creds-cat
  * Merge pull request #34508 from intelfx/work/fix-io-reporting
  * Merge pull request #34564 from YHNdnzj/systemctl-status-job-id
  * Merge pull request #34534 from keszybz/man-exitrd
  * various: correct laccess() error check
  * fs-util: rename laccess to access_nofollow
  * basic/unit-file: move to shared/
  * unit-file: make unit_type_may_{alias_template} static inline
  * path-lookup: move NETWORK_DIRS to network-util.h
  * path-lookup: move find_portable_profile() to portable-util
  * path-lookup: move from basic/ to libsystemd/
  * path-lookup: deduplicate xdg_user_*() with sd_path_lookup()
  * path-lookup: modernize runtime_directory() too
  * path-lookup: clean up acquire_{generator,transient}_dirs() a bit
  * path-lookup: use path_strv_contains() rather than strv_contains()
  * path-lookup: unify acquire_{config,control,attached}_dir()
  * path-lookup: shortcut patch_root_prefix() if no root_dir
  * path-lookup: modernize get_paths_from_environ()
  * path-lookup: unify *_generator_binary_paths()
  * path-lookup: assert that LOOKUP_PATHS_{EXCLUDE,TEMPORARY}_GENERATED are not used in conjunction
  * path-lookup: introduce user_search_dirs() (shall replace xdg_user_dirs())
  * path-lookup: refactor lookup_paths_init() search paths handling
  * path-lookup: move xdg_user_dirs() to xdg-autostart-generator
  * core/manager: still send out STATUS=Ready for user manager
  * core/manager-serialize: drop serialization for Manager.ready_sent
  * units/{user,capsule}@.service: issue daemon-reexec when notify-reloading
  * shared/bus-util: re-break comment, insert missing newline before case
  * time-util: use saturate_add for usec_add()
  * core/service: use LIST_HEAD where appropriate
  * core/service: use array rather than list for extra fds, limit max number
  * core/service: add missing serialization for extra fds
  * basic/stat-util: use xopenat() where appropriate
  * shared/exec-util: minor rearrangement, drop unused EXEC_DIR_NONE
  * shared/exec-util: modernize execute_strv() and friends a bit
  * core/manager: minor cleanup for generator_path_any() and friends
  * core/manager: pass soft-reboot count to generators
  * gpt-auto: use RET_GATHER at one more place
  * hibernate-resume-generator: don't initiate resume if soft-rebooted
  * NEWS: rearrange incompatible changes, separate from Future Removals
  * Bump kernel recommended baseline to v5.4
  * man/org.freedesktop.systemd1: complete version info for ManagedOOMMemoryPressureDurationUSec
  * basic/fs-util: move unlink_tempfilep() to tmpfile-util
  * shared/bus-util: debug log when falling back to session bus
  * core/unit: put the reload job back to queue if unit is refreshing
  * core/service: place occurrences of SERVICE_MOUNTING closer to reload states
  * core/service: introduce service_live_mount_finish()
  * core/service: call service_enter_running() if live mount fails
  * core/service: add missing serialization for Service.live_mount_result
  * core/service: fix one wording
  * core: clean up errors for live mounting
  * Merge pull request #34860 from enr0n/varlinkctl-fixes
  * Merge pull request #34799 from YHNdnzj/service-followups
  * core/service: use log_unit_* where appropriate
  * core: drop effectively unused UNIT_ATOM_PROPAGATE_RESTART
  * core/job: trivial modernization
  * core/manager: introduce manager_add_job_full() which takes extra TransactionAddFlags
  * core: make refuse_late_merge a proper attr of Job and introduce TRANSACTION_REENQUEUE_ANCHOR
  * core/service: don't propagate stop jobs if RestartMode=direct
  * TEST-03-JOBS: add test case for #34758
  * NEWS: be less misleading since systemd-run does not support ExtraFileDescriptors= yet
  * shared/fdset: minor modernization
  * core/service: support sd_notify() MAINPIDFD=1 and MAINPIDFDID=
  * notify: send MAINPIDFDID= for --pid= too if available
  * TEST-80-NOTIFYACCESS: don't specify --pid= if MAINPID= is provided explicitly
  * systemctl: use the retval of must_be_root()
  * logind-dbus: return appropriate errno for unexpected errors
  * systemctl: don't fall back to immediate shutdown silently if we cannot schedule one
  * bus-common-errors: use more appropriate errno for BUS_ERROR_DESIGNATED_MAINTENANCE_TIME_NOT_SCHEDULED
  * meson.build: add a few features to summary
  * various: check meson feature flag early
  * sd-bus/bus-common-errors: reorder one pid1 error to group with others
  * portable: do not use SYNTHETIC_ERRNO for sd_bus_error_set_errno()
  * logind-session: be more specific about session_kill() errors
  * tmpfiles.d/meson: call subdir_done() early if tmpfiles is disabled
  * tmpfiles.d/meson: remove the need of specifying empty condition
  * async: block SIGTERM in asynchronous_rm_rf()
  * process-util: refuse FORK_DETACH + FORK_DEATHSIG_*
  * basic/user-util: introduce shell_is_placeholder() helper
  * basic/user-util: split out placeholder suppression from USER_CREDS_CLEAN into its own flag
  * core/exec-invoke: minor cleanup for apply_working_directory() error handling
  * core/exec-invoke: suppress placeholder home only in build_environment()
  * sd-varlink: mark sd_varlink_server_{ref,unref} as _public_ (#35241)
  * process-util: refuse to operate on remote PidRef
  * basic/fileio: minor coding style cleanup
  * shared/bootspec: move boot_entry_addons_done() up, drop separate prototype
  * shared/bootspec: use FOREACH_ELEMENT where appropriate, avoid unneeded memzero()
  * shared/bootspec: mark _to_string funcs as _const_
  * cgroup-util: use RET_NERRNO where appropriate
  * nsresourced: log about correct errno in userns_destroy_cgroup()
  * core/service: preserve RuntimeDirectory= even if oneshot service exits
  * shared/generator: trivial coding style cleanups
  * shared/generator: rename generator_write_device_deps() to _network_device_deps
  * shared/generator: clean up generator_write_device_timeout() a bit
  * hibernate-resume: always respect user-defined timeout
  * fstab-generator: move write_(mount_)timeout() to shared/generator
  * gpt-auto: define loader partition timeout as macro
  * gpt-auto: take timeout opts in rootflags= into account
  * units/initrd-parse-etc.service: replace systemctl start with OnSuccess=
  * sd-bus/bus-creds: use proper NULL instead of 0
  * sd-bus/bus-creds: use first_word() where appropriate
  * basic/time-util: modernize parse_time() a bit
  * basic/user-util: use FOREACH_ARRAY at one more place
  * basic/user-util: modernize getgroups_alloc() a bit
  * basic/user-util: modernize getgroups_alloc() a bit (#35226)
  * process-util: use our usual tristate semantics for is_main_thread()
  * process-util: make sure we don't report ppid == 0
  * basic/fileio: minor modernization for xopendirat()
  * basic/fileio: clean up executable_is_script() a bit
  * format-table: minor modernization
  * format-table: drop pointless table_data_rgap_color() func
  * userdbctl: use ansi_highlight_green_red() where appropriate
  * nsresourced: drop unneeded REMOVE_PHYSICAL flag for rm_rf()
  * cgroup-util: introduce cg_get_cgroupid_at()
  * Revert "run: disable --expand-environment by default for --scope"
  * core/mount: don't keep cred mounts around after mounted
  * Couple small cleanups (#35593)
  * networkd-sysctl: rename functions to match our typical prefixes
  * networkd-sysctl: tweak error handling and log level a bit
  * basic/missing_threads: drop glibc < 2.16 check
  * tree-wide: drop inclusion of linux/memfd.h
  * core/unit-serialize: fix serialization of markers
  * sd-varlink: add missing error check in sd_varlink_listen_auto()
  * capability-util: minor modernizations
  * capability-util: make CAPABILITY_QUINTET_NULL const, introduce capability_quintet_is_fully_set() helper
  * shared/condition: use BIT_SET where appropriate
  * tree-wide: replace FLAGS_SET(..., 1 << v) with BIT_SET(..., v)
  * Follow-ups for recent PRs plus modernizations prompted thereby (#35760)
  * sysusers.d/basic: fix alignment
  * core/socket: trivial coding style cleanups
  * core/socket: use correct kill operation for SOCKET_STOP_PRE_SIGTERM
  * core/socket: close fds also on SOCKET_CLEAN state
  * basic/recurse-dir: modernize readdir_all()
  * core/socket: clean up usbffs handling
  * core/socket: introduce intermediate SOCKET_START_OPEN state
  * test: move test for MaxConnectionsPerSource= to TEST-07-PID1
  * TEST-07-PID1: add test case for #35635
  * errno-list: prefer strerrorname_np() as errno_to_name() provider
  * shared/hibernate-util: don't attempt to fiemap fd if no backing dev available
  * shared/hibernate-util: handle the case where no swap has available backing dev
  * shared/blockdev-util: shorten the code a bit
  * README: document a bunch of new kernel APIs we utilize
  * shared/hibernate-util: drop support for kernels lacking /sys/power/resume_offset
  * shared/hibernate-util: handle the case where no swap has available backing dev (#35802)
  * README: document kernel version for GRND_INSECURE and close_range()
  * missing_syscall: mandate __NR_memfd_create
  * random-util: drop needless conditionalization of sys/auxv.h
  * random-util: our baseline includes getrandom() (v3.17) now
  * terminal-util: regroup some functions
  * terminal-util: introduce terminal_{new,detach}_session helpers
  * signal-util: generalize sigaction_nop_nocldstop
  * tree-wide: make sigactions static const
  * tty-ask-password-agent: coding style tweaks
  * tty-ask-password-agent: if we're spawning further agents, grant them notify access
  * process-util: extract pidfd-related funcs into pidfd-util.[ch]
  * basic: introduce missing_pidfd.h
  * pidref: move generic pidfd_get_inode_id() to pidfd-util
  * core/socket: include peer pidfd id in socket service instance if available
  * errno-util: add ERRNO_IS_IOCTL_NOT_SUPPORTED that checks EINVAL additionally
  * pidfd-util: introduce helper for obtaining ns fd using PIDFD_GET_*_NAMESPACE directly
  * namespace-util: modernize fd_is_namespace() and is_our_namespace()
  * namespace-util: correct assertion in namespace_is_init()
  * namespace-util: hook pidref_namespace_open() up with pidfd_get_namespace()
  * various: add missing include for namespace-util.h
  * process-util: move namespace_get_leader() to namespace-util
  * namespace-util: introduce pidref_in_same_namespace()
  * pidfd-util: try to translate pidfd -> pid through ioctl(PIDFD_GET_INFO)
  * pidfd-util: introduce pidfd_get_{ppid,uid,cgroupid} which goes via PIDFD_GET_INFO too
  * process-util: port pidref_get_uid() and pidref_is_my_child() to pidfd helpers
  * process-util: make pid_is_unwaited() wrapper around pidref version
  * cgroup-util: introduce generic cg_path_from_cgroupid() helper
  * cgroup-util: explain why cg_pidref_get_path() cannot be ported over to pidfd helpers (yet)
  * shared/hibernate-util: don't attempt to fiemap fd if no backing dev available
  * shared/hibernate-util: handle the case where no swap has available backing dev
  * core/unit-serialize: fix serialization of markers
  * Bump minimum kernel baseline to 5.4, recommended version to 5.7
  * two pidref tweaks (#35918)
  * process-util: drop duplicate assertions
  * basic: move nsfs ioctls from missing_fs to missing_namespace
  * README: document kernel version for idmapped mounts
  * namespace-util: group userns functions together
  * namespace-util: introduce userns_enter_and_pin() helper
  * uid-range: make uid_map_search_root() take UIDRangeUsernsMode
  * namespace-util: use pidref_namespace_open_by_type() where appropriate
  * missing_syscall: require a bunch of syscalls below baseline
  * sd-event: assign pid to event source at last also in sd_event_add_child_pidfd()
  * tree-wide: drop support for kernels without pidfd_open() and pidfd_send_signal()
  * process-util: depend on CLONE_PIDFD
  * shared/bus-util: move bus_message_read_id128() to bus-message-util
  * shared/bus-util: move bus_message_hash_ops to bus-message-util
  * shared/bus-util: move string set append/get funcs to bus-message-util and bus-get-properties, respectively
  * shared/serialize: make input params const
  * shared/serialize: introduce serialize_id128()
  * bus-util: do not reset the count returned by sd_bus_track_count_name()
  * core/manager: use FOREACH_ARRAY at one more place
  * core/manager: drop duplicate bus track deserialization
  * bus-util: introduce bus_get_instance_id()
  * core: serialize API bus id and validate before deserializing bus tracks
  * core/manager: restore bus track deserialization cleanup in manager_reload()
  * run: correct log level for pty_open_peer() error
  * run: with TIOCGPTPEER there's no longer need to acquire pty peer through IPC
  * terminal-util: drop unused open_terminal_in_namespace()
  * tree-wide: remove unnecessary gcc >= 7 version check
  * meson: enable -Wzero-as-null-pointer-constant
  * meson: bump C std to gnu17
  * pidfd: cache our own pidfd inode id, and use it at various places (#36060)
  * fs-util: introduce at_flags_normalize_nofollow() helper
  * mountpoint-util: update comment in is_name_to_handle_at_fatal_error()
  * mountpoint-util: check >= 0 for success
  * mountpoint-util: our baseline includes fdinfo and mnt_id now
  * mountpoint-util: some tweaks for fd_is_mount_point()
  * mountpoint-util: rename fd_is_mount_point() to is_mount_point_at()
  * mountpoint-util: port path_is_mount_point() to chase_and_open_parent()
  * machine-id-setup: actually unlink /run/machine-id if write/mount fails
  * machine-id-setup: fix typo
  * pidfd-util: preferably acquire pidfd inode id through name_to_handle_at()
  * core/job: never consider reload jobs redundant
  * core/job: fix typo
  * creds: permit interactive polkit auth when encrypting/decrypting through IPC
  * terminal-util: stop doing 0/upper bound check in tty_is_vc()
  * login/pam_systemd: drop redundant vtnr == 0 handling
  * terminal-util: make get_kernel_consoles() return > 0 if /dev/console is resolved
  * tty-ask-password-agent: do not needlessly spawn subprocesses if there's only one console
  * getty-generator: use generator_add_symlink() where appropriate
  * getty-generator: port to get_kernel_consoles()
  * core/job: never consider reload jobs redundant
  * tty-ask-password-agent: assert that ask_on_consoles() is called without arg_device
  * tty-ask-password-agent: use free_and_strdup_warn() for arg_device
  * Revert "Reduce priority of "cleared HibernateLocation" message"
  * compress: mark string table lookup funcs as _const_/_pure_
  * meson: glibc now provides wrapper for sched_setattr()
  * missing_ioprio: remove outdated comment now that linux/ioprio.h exists
  * missing_syscall: drop more defs below our kernel baseline
  * missing_syscall: add {set,remove}xattrat()
  * xattr-util: modernize getcrtime_at() and friends
  * xattr-util: try new *xattrat() family syscalls first
  * test-xattr-util: add test cases for symlinks
  * tmpfiles,chown-recursive: port to xsetxattr()/xremovexattr()
  * smack-util: several cleanups
  * tmpfiles: fix copypasta in create_symlink() (FIFO -> symlink)
  * tmpfiles: use prefix_roota() where appropriate
  * tmpfiles: drop redundant proc_mounted() check
  * string-util: introduce strprepend() helper
  * cryptsetup: port to strprepend()
  * env-util: use strextendn() instead of strnappend() where appropriate
  * string-util: drop now unused strnappend()
  * string-util: modernize strextendn() a bit
  * xattr-util: drop unnecessary nofollow normalization
  * test-xattr-util: relax listxattr() retval check
  * test-xattr-util: return early if not privileged enough to set trusted.*
  * core/dbus-service: fix alignment
  * core/mount: filter out "fail" option as well
  * core/mount: check parameters_fragment first in mount_enter_(re)mounting()
  * core/mount: report accurate can_start and can_reload
  * core/mount: trivial coding style cleanups
  * core/dbus-mount: add missing ReloadResult and CleanResult properties
  * bus-unit-util: add missing assertions
  * core/unit: use UNIT_IS_INACTIVE_OR_FAILED at one more place
  * core/service: drop unneeded unit_add_to_gc_queue()
  * core/mount: rework GracefulOptions= to be just x-systemd.graceful-option=
  * mountpoint-util: assume fsopen() works in mount_option_supported()
  * core/mount: log only once about fs not supporting new mount API
  * tmpfiles: fix copypasta in create_symlink() (FIFO -> symlink)
  * README: new mount API was introduced in v5.2
  * macro-fundamental: add _nonnull_if_nonzero_
  * basic/escape: octescape() doesn't really take 'bad' param
  * basic/escape: accept SIZE_MAX and perform overflow check in cescape_length() and decescape() too
  * basic/escape: swap 'bad' and 'len' params for decescape()
  * basic: use _nonnull_if_nonzero_ where appropriate
  * core: dlopen()'ify libapparmor
  * basic/strv: minor coding style follow-ups
  * basic/utf8: add missing assertion
  * udev-builtin-blkid: merge var definitions, fix grammar
  * process-util: introduce SIGINFO_CODE_IS_DEAD helper
  * sd-event: assert on hashmap_remove(child.pid)
  * sd-event: always operate on child source via pidfd
  * process-util: refuse FORK_WAIT + FORK_FREEZE combination
  * fstab-util: join 'filtered' only if requested by caller
  * libmount-util: introduce libmount_parse_fstab() wrapper
  * fstab-util: port use of setmntent() and friends to libmount
  * sd-event: pidfdize sd_event_source_send_child_signal()
  * notify-recv: several followups
  * shared/async: introduce asynchronous_close_many() helper
  * core/manager: port to notify_recv_with_fds()
  * Expose chassis asset tag in hostnamed (#36487)
  * core/service: do not propagate reload for combined RELOADING=1 + READY=1 when notify-reload
  * login/pam_systemd: use isatty_safe()
  * osc-context: drop unneeded temporary variable
  * run: log about osc_context_open_chpriv() failure
  * run: send out TERM= only if actually set
  * core/main: don't write shutdown OSC context outside of pid1
  * mount-tool: some modernizations and log message tweaks
  * mount-tool: accept fstab-style identifiers for remote what too
  * mount-tool: correct arg_bind_device check
  * mount-tool: never bind to device on explicit x-systemd.device-bound=no
  * core/service: do not propagate reload for combined RELOADING=1 + READY=1 when notify-reload
  * missing_fs: drop FS_KEY_DESCRIPTOR_SIZE
  * basic/sys/mount: sort includes
  * sd-journal/journal-send: use is_main_thread() where appropriate
  * locale-util: modernize is_locale_utf8() a bit
  * missing_syscall: drop raw_getpid()
  * units: refuse manual operations on factory-reset-now.target and friends
  * units/meson: remove unneeded linebreak
  * tpm2-clear: use plain DEFINE_MAIN_FUNCTION
  * tpm2-clear: make getenv() failure fatal, correct one log level
  * tpm2-clear: make it clear that we default to true for systemd.tpm2_allow_clear
  * factory-reset-tool: error out if we can't cancel pending reset
  * hibernate-resume-config: log louder on invalid kernel version/os-release id
  * mount-setup: drop outdated comment
  * mount-setup: tune down log level if usrquota is not supported, apply usrquota when smack is in use too
  * core/main: remove unused include
  * core/meson: move efi-random.c out of libcore
  * core: move CrashAction enum def to crash-handler.[ch]
  * core/main: port to log_syntax_parse_error()
  * core/main: log about save_env() error
  * core/main: assign mac_init() retval to r
  * core/main: preemptively check existence of init only if we're switching root
  * core/main: correct retval for reexec/switch-root/soft-reboot
  * docs: reference cgroup v1 as historical and unsupported
  * core/unit: disable unit debug invocation in generic unit_reset_failed()
  * core/service: introduce sd_notify() RESTART_RESET=1 for resetting restart counter
  * TODO: support RESTART_RESET=1 in journal-upload
  * core/main: fix logging of /sbin/init exec failure
  * mount-setup: generalize cgroupfs_recursiveprot_supported()
  * semaphore-runner: drop outdated comment
  * semaphore-runner: disable cgroup setup in lxc
  * mount-setup: remove cgroup v1 hierarchy mounting
  * cgroup-setup: drop hierarchy detection, always use v2
  * core/main: refuse bootup with legacy cgroup hierarchy
  * core/taint: we know we're always running on cgv2 now
  * cgroup-util: drop is_cgroup_fs()
  * man: remove libsystemd reference to legacy hierarchy
  * cgroup v1 preliminaries (#36622)
  * run: "trigger" consists of more than timer units
  * run: void'ify sd_event_exit() call
  * run: refuse --pty-late for Type=oneshot services
  * run: Ref() the unit again after reconnecting to the bus
  * memory-util: make mempcpy_typesafe nestable
  * edit-util: don't leave custom editor args around if we shall fall back
  * core/meson: libcore doesn't depend on PAM
  * core/main: log about save_env() error
  * core/main: assign mac_init() retval to r
  * core/main: preemptively check existence of init only if we're switching root
  * core/main: correct retval for reexec/switch-root/soft-reboot
  * memory-util: make mempcpy_typesafe nestable
  * edit-util: don't leave custom editor args around if we shall fall back
  * sd-bus/bus-common-errors: add missing error map entries
  * TEST-07-PID1: remove bogus test case for DelegateNamespaces=cgroup
  * core/execute: drop unused function param and cg unified check for cgns
  * core: delegate mountns implicitly when any of pidns/cgns/netns is in use
  * core/namespace: stop applying mount options on private cgroupfs mount
  * core/namespace: remove wonky fallback in mount_private_apivfs()
  * socket-util: drop SO_BINDTODEVICE fallback in socket_bind_to_ifindex()
  * socket-util: introduce socket_autobind() helper
  * xattr-util: add missing assertions
  * validatefs: insert empty line after short description in help() text
  * validatefs: do not use EXIT_* in run()
  * validatefs: use fgetxattr_malloc() where appropriate
  * man/systemd-validatefs@.service: fix typo
  * units/systemd-validatefs@.service: FailureAction= is a [Unit] knob
  * user-runtime-dir: correct quota size calculation
  * nspawn: drop cgroup v1 handling
  * nspawn/meson: drop duplicate condition on ENABLE_NSPAWN
  * nspawn: do not spuriously override cgroup2fs options on host
  * nspawn: reject existing cgroupfs mount if cgns is enabled
  * cgroup-util: remove now unused cg_kernel_controllers()
  * mkosi: update debian commit reference
  * core: remove cgroups-agent
  * core/cgroup: remove legacy hierarchy setup
  * procfs-util: use xsprintf() where appropriate
  * procfs-util: modernize convert_meminfo_value_to_uint64_bytes()
  * core/cgroup: fold unit_get_current_memory() into generic memory accounting helper
  * core/cgroup: drop extraneous CGRuntime check in unit_get_memory_available()
  * NEWS: remark cgroup v1 removal
  * NEWS: document kernel baseline bump
  * core: also stash executor path in Manager
  * path-util: generalize open_and_check_executable()
  * build-path: port to open_and_check_executable(), do not return resolved path
  * build-path: teach pin_callout_binary() to search $PATH too
  * core/manager: also assert on Manager.units_by_invocation_id being empty after cleanup
  * core: do not use pidref_hash_ops_free for Manager.watch_pids
  * run0: make sure we submit $SHELL to remote
  * core/exec-invoke: never override acquired user cred with fallback one
  * core/exec-invoke: consult NSS for root user creds if SetLoginEnvironment=/PAMName=
  * test: add test case for PAMName= $SHELL acquisition for root
  * mount-setup: swap MountMode and condition_fn in struct
  * core/cgroup: drop v1 handling in unit_attach_pids_to_cgroup()
  * core: drop cgroup v1 synthetic empty event logic
  * core: unit_watch_pidref() gracefully handles EEXIST
  * gpt-auto: do not add /sysusr/usr/ -> /sysroot/usr/ after switch-root
  * fstab/gpt-auto: hook up validatefs to /sysroot/usr/ rather than /sysusr/usr/
  * fstab-generator: honor x-systemd.validatefs from kernel cmdline too
  * stdio-bridge: minor modernization for parse_argv()
  * stdio-bridge: use DEFAULT_SYSTEM_BUS_ADDRESS
  * core/execute: set_get_strv() does not transfer ownership of strings
  * core/taint: decrease stage array size for "cgroupsv1" removal
  * shared/condition: remove cgroup hierarchy check
  * oomd: it's safe to assume cgv2 now
  * run0: make sure we submit $SHELL to remote
  * core/exec-invoke: never override acquired user cred with fallback one
  * core/exec-invoke: consult NSS for root user creds if SetLoginEnvironment=/PAMName=
  * test: add test case for PAMName= $SHELL acquisition for root
  * login: replace tabs with spaces in example polkit rule
  * logind: drop session fifo logic, rely solely on pidfd for exit notification
  * cgroup-util: drop cg_freezer_supported(), assume supported
  * namespace-util: generalize namespace_type_supported()
  * nspawn: use namespace_type_supported()
  * cgroup-util: drop now unused cg_ns_supported()
  * core/cgroup: actually apply BPF everywhere
  * core/manager: assume availability of all RT signals
  * Several Coverity fixes (#37253)
  * journald-server: use generic NOTIFY_READY message
  * socket-activate: drop arg_args
  * socket-activate: remove effectively unused 'name' param for exec_process()
  * socket-activate: clean up control flow a bit
  * socket-activate: signal READY=1 once sockets are open for --accept mode
  * socket-activate: set up SIGCHLD handler only in --accept mode
  * socket-activate: various modernizations (#37267)
  * units: unify deps between service and socket units
  * units: enable RemoveOnStop= for oomd and userdbd sockets
  * socket-activate: drop unused accept param for open_sockets()
  * fileio: modernize get_proc_field()
  * pidfd-util: use get_proc_field() for pidfd_get_pid_fdinfo()
  * mountpoint-util: use get_proc_field()
  * process-util: assert on pid in procfs_file_alloca(), use strjoina()
  * process-util: introduce procfs_file_get_field() wrapper
  * process-util: use procfs_file_get_field() where appropriate
  * sd-bus/bus-creds: use plain read_full_file() for process cmdline
  * rlimit-util: use read_full_file() for /proc/PID/limits
  * audit-util: use read_full_virtual_file()
  * core: rename core-varlink -> varlink
  * units: two tweaks for socket units (#37309)
  * core/cgroup: block_get_originating() doesn't return > 0
  * blockdev-util: don't use mixed style of retval in block_device_get_originating
  * sleep: record whether the hibernation device is auto swap (with "swap" designator)
  * hibernate-resume: automatically decrypt dissected swap if told so via autoSwap
  * core/service: drop duplicate ExecCommand check
  * core/service: correct comment in service_deserialize_exec_command()
  * macro: implement ABS via __builtin_imaxabs()
  * run0: disable IgnoreSIGPIPE= for transient unit
  * string-table: annotate _to_string and _from_string with _const_ and _pure_, respectively
  * man/systemd.service: drop dangling reference to "!!" prefix
  * env-util: add missing assertions
  * bus-unit-util: do not trigger assertion on "ExecStart=@"
  * path-util: introduce filename_or_absolute_path_is_valid() helper
  * core: accept "|" ExecStart= prefix to spawn target user's shell
  * run0: support --chdir='~' for switching to target user's home dir
  * run0: introduce --via-shell for invoking target user's shell, and -i shortcut
  * test: add test cases for ExecStart= via-shell prefix
  * hashmap,prioq: check hash_ops or compare_func is identical to one already set (#37379)
  * core/mount: remove unused temporary variable
  * mount-tool: honor arg_canonicalize for ACTION_UMOUNT path_is_absolute() check too
  * core/unit: clean up duplicate conditions
  * core: accept "|" ExecStart= prefix to spawn target user's shell; teach run0 about the new logic (#37071)
  * core/slice: remove redundant assertion
  * core/dbus-execute: always normalize argv[0] to "sh" on EXEC_COMMAND_VIA_SHELL
  * core/dbus-unit: remove unneeded else if
  * run0: drop -a short switch for --area=
  * journal: do not clear individual fields if the struct won't be reused
  * journalctl-show: check Context.has_cursor rather than arg_*
  * journalctl-show: report VARLINKERROR=
  * fork-journal: use char* const* for strv input param
  * fork-journal: drop unneeded cast
  * Update description and uid checks when invoking pager (#37419)
  * core/socket: trivial coding style cleanups
  * cgroup-util: drop cg_kill() cgroup.threads kludge
  * mountpoint-util: remove unused TMPFS_LIMITS_SYS_FS_CGROUP
  * cgtop: drop v1 support
  * core: drop Manager.blockio_accounting
  * systemctl-show: drop BlockIO* property formatter
  * man/systemd-run: --wait shows more than CPU accounting data
  * man: don't duplicate version in History section
  * core: always enable CPU accounting
  * core: always enable CPU accounting; cgtop: drop cgv1 handling (#37448)
  * terminal-util: restore terminal settings if fd_reopen() fails
  * core/manager: do not pop gc_unit_queue before unit_gc_sweep()
  * core/cgroup: also assume cgroup.events frozen attr is available
  * cgroup-util: modernize cg_get_keyed_attribute()
  * core/cgroup: also assume cgroup.events frozen attr is available (#37518)
  * Several minor follow-ups for #33995 (#37558)
  * core: renames in io.systemd.Manager (#37582)
  * fd-util: group close_fd_ptr() with fd funcs, not FILE/DIR stream ones
  * errno-list: errno_from_name() is pure but not const
  * shared/bitmap: minor modernizations
  * basic,shared: mark eligible functions with _pure_/_const_
  * sd-bus: mark two functions as pure
  * core/cgroup: CGRuntime.cgroup_path indicates whether the cg is still alive
  * cgroup-util: drop handcrafted cg_is_empty(), always check cgroup.events populated field
  * cgroup-util: remove now unused cg_read_event()
  * fs-util: prefer linkat(AT_EMPTY_PATH) over /proc/self/fd/ shenanigans
  * cgroup-util: rename cg_get_xattr_malloc -> cg_get_xattr
  * cgroup-util: make cg_get_attribute_as_bool() return 0/1 directly
  * cgroup-util: assert on attribute for cg_{get,set}_attribute()
  * core/exec-invoke: don't set $TMPDIR if sandboxing is disabled
  * test-execute: add test case for PrivateTmp=disconnected + DefaultDependencies=no + sandboxing disabled via '+' prefix
  * bus-print-properties: drop *CPUShares formatter
  * cgroup-util: move CGROUP_CPU_SHARES/BLKIO* to nspawn-oci
  * cgroup-util: drop CGROUP_MASK_EXTEND_JOINED
  * man/systemd-run: --wait shows more than CPU accounting data
  * core/manager: do not pop gc_unit_queue before unit_gc_sweep()
  * NEWS: fix typo, reorganize a few entries
  * ssh-generator: fix typo
  * ssh-generator: add missing newline before [Service] and trailing NL to generated service
  * meson: improve -ffinite-math-only option detection and silence warning when build with -Ofast (#37638)
  * ssh-generator: two cleanups (#37649)
  * Use DCS sequence to query terminal name and set $TERM automatically (#37538)
  * env-util: modernize *_is_valid()
  * env-util: add missing assertions
  * core: strv_env_clean() modifies in-place, no need to set buf to itself
  * core/exec-invoke: rework where to apply $TERM fallback logic
  * core/exec-invoke: propagate $COLORTERM and $NO_COLOR from pid1 as well
  * core/exec-invoke: skip query of /dev/console $TERM if we're child of pid1
  * core/varlink: use forward.h at two more places (#37716)
  * core/unit-serialize: drop deserialization compat for state_change_timestamp
  * core/cgroup: don't ever try to get SPECIAL_ROOT_SLICE from Manager.cgroup_unit
  * core: rework how we track cgroup realized state
  * core/unit-printf: port to unit_get_cgroup_path_with_fallback()
  * core/cgroup: make various functions static
  * sd-login: reject invalid pidfd with -EBADF consistently
  * man/sd_pid_get_owner_uid: don't limit -EBADF to socket fds
  * pidfd-util: open an internal pidfd if none is passed in pidfd_check_pidfs()
  * pidfd-util: extract pidfd_get_inode_id_impl() and make it thread safe
  * sd-daemon: add sd_pidfd_get_inode_id()
  * test-daemon: add test case for sd_pidfd_get_inode_id()
  * core: rework how we track cgroup realized state (#37733)
  * core/varlink: split out dynamic-user stuff into its own source files
  * basic/forward: replace tab with space
  * string-util: introduce strprepend_with_separator()
  * machinectl: several trivial cleanups and man page fix (#37812)
  * socket-activate: add a --now option to instantly start service (#37620)
  * socket-util: drop duplicate SCM_MAX_FD definition
  * meson: enable -Werror=missing-parameter-name
  * terminal-util: modernize ptsname_malloc a bit
  * hostname-util: do not allow empty machine spec
  * hostname-util: introduce machine_spec_valid()
  * sd-bus: port to machine_spec_valid()
  * tree-wide: check --machine= specification
  * fstab-generator: log about the fstype in effect
  * log: drop redundant forward decl
  * README: add more kernel APIs we now utilize
  * units/systemd-journald@.socket: enable SO_TIMESTAMP
  * udev-ctrl: enable SO_PASSCREDS on listening socket already rather than on accept()
  * core/socket: don't suggest PassFileDescriptorsToExec= is a socket option
  * core/socket: use universal format string for socket option warnings
  * core/socket: add PassPIDFD=
  * missing_socket: add SO_PASSRIGHTS
  * core/socket: introduce AcceptFileDescriptors=
  * notify-recv: disable SO_PASSRIGHTS by default in notify_socket_prepare()
  * logind: port one remaining varlink server allocation to varlink_server_new()
  * sd-varlink: remove unneeded strdup()
  * sd-varlink: unify AF_UNIX check in sd_varlink_set_allow_fd_passing_output()
  * sd-varlink: hook up fd passing control with SO_PASSRIGHTS
  * various: turn off SO_PASSRIGHTS where fds are not expected
  * man/systemd-run: consistently wrap external command + args in a single block
  * socket-activate: normalize COMMAND notation in help text + man
  * ssh-generator: fix typo
  * ssh-generator: add missing newline before [Service] and trailing NL to generated service
  * Revert "fs-util: include fcntl.h in fs-util.h"
  * Revert "namespace-util: include sched.h"
  * basic/include: trivial cleanups for libc header wrapper (#37937)
  * core/unit: correct indentation
  * core/socket: use ERROR_IS_NEG_* at one more place
  * units/initrd-cleanup.service: drop --job-mode=replace-irreversibly hack
  * core/transaction: add job mode "lenient" as an even weaker version of _FAIL
  * core/socket: introduce DeferTrigger= and DeferTriggerMaxSec=
  * units/systemd-{udevd,journald}*.socket: enable DeferTrigger=
  * TEST-07-PID1: add test cases for DeferTrigger=
  * core/transaction: do not attempt to log "n/a" as a journal field
  * core/transaction: inline one iterator var
  * core/transaction: use strextendf_with_separator() where appropriate
  * core/transaction: be explicit about cyclic ordering relationship
  * fd-util: Move RAW_O_LARGEFILE and O_ACCMODE_STRICT definitions to fd-util.h (#38051)
  * journal-file: const and _pure_'ify journal_file_writable()
  * chase: introduce openat_opath_with_automount() helper
  * string-table: drop unneeded initialization
  * cgroup-util: clean up skip_{slices,session,user_manager}
  * core/cgroup: drop outdated comment
  * man/supported-controllers: refresh list
  * core/cgroup: constify CGROUP_TASKS_MAX_UNSET
  * core/cgroup: drop dangling cgroup_context_copy() prototype
  * core/cgroup: introduce cgroup_context_has_device_policy() helper
  * core/cgroup: drop unneeded cast
  * core/cgroup: regroup functions
  * core/cgroup: remove any reference to cgv1 controllers
  * core/cgroup: workaround for kernel < 5.4 is now irrelevant
  * core/cgroup: dial down "controller" noise
  * core/cgroup: tweak unit_invalidate_cgroup_bpf() a bit
  * core/cgroup: make unit_get_ancestor_disable_mask() static
  * core/cgroup: unit_realize_cgroup_now_disable() is NOP for non-slice units
  * TODO: add future deprecation of DefaultMemoryMin/Low=
  * recurse-dir: use -EBADF as placeholder for invalid fd
  * recurse-dir: switch to FOREACH_ARRAY
  * mount-util: regroup functions
  * mount-util: teach open_tree_attr_fallback() our usual AT_EMPTY_PATH trick
  * units/machines.target: fix typo
  * core/scope: drop effectively unused unit_watch_pidref() calls
  * core/scope: serialize_item() is NOP on NULL
  * core/exec-invoke: pass "/" instead of "" for cgroup root
  * core/cgroup: remove deserialization for "cpuacct-usage-base"
  * core/cgroup: always submit unit to realize queue if all controllers are being invalidated
  * io.systemd.Unit.List fix context/runtime split (#38172)
  * journalctl: track more closely whether we're within --until= range
  * core/service: drop job done messages identical to generic ones
  * sd-event: fix infinite loop in inotify event handling (#38268)
  * units/ssh-access.target: enable StopWhenUnneeded=
  * networkctl-config-file: validate args are valid filenames
  * core/dbus-manager: don't ever try to dump fdstore for units not properly loaded
  * core/dbus-manager: validate unit type before calling into service-specific methods
  * TEST-07-PID1: add test case for #38320
  * pam_systemd: use update_environment() where appropriate
  * pam_systemd: never reset existing $XDG_RUNTIME_DIR for non-area logins
  * labeler: match src/bootctl/ for sd-boot/bootctl tag
  * bootctl: make sure install verb also honors implied --graceful
  * core/exec-credential: use CLEANUP_TMPFILE_AT
  * sd-json: two small tweaks (#38980)
  * systemd-boot-update.service & zsh: replace --no-variables with --variables= (#39011)
  * TEST-81-GENERATORS: libmount disallows omitting fstype
  * fstab-generator: port to libmount parser
  * cryptsetup: port from setmntent() to libmount parser
  * remount-fs: minor coding style cleanups
  * remount-fs: port to libmount parser
  * mount-util: drop now unused _cleanup_endmntent_
  * codeql: taint setmntent() and getmntent()
  * TODO: drop completed entry
  * userdb: suppress creation of empty userdb dirs
  * virt: revert to detect chroot by comparing with / rather than /proc/PID/root
  * core: console status fixes (#39029)
  * core/manager: honor show_status_overridden in manager_watch_jobs_next_time()
  * creds: uniformly use varlink error table
  * core/exec-credential: log about errno
  * core/exec-credential: don't enable graceful for load_credential()
  * pam-util: fix build without PAM
  * pam-util,libaudit-util: strip "lib" prefix from dlopen "feature" field
  * core/systemd.pc: do not add new non-underscored vars
  * core/cgroup: realign macro line continuation
  * core/cgroup: make sure deserialized accounting data is not voided
  * pam_systemd: correct alignment
  * Various small cleanups (#39155)
  * Several more timezone related cleanups (#39160)
  * units/systemd-battery-check.service: prettify Description=
  * units/systemd-battery-check.service: split [Unit] options into groups
  * unit-def: introduce freezer_state_objective()
  * core/service: drop "cgroup" part of service_cgroup_freezer_action()
  * core/service: properly handle freezer action -> watchdog propagation
  * timesync: several cleanups (#39220)
  * units: enable MaxConnectionsPerSource= for all our Accept=yes units (-ng)
  * system-systemd\x2dmute\x2dconsole.slice: do not disable default deps
  * mute-console: fix typo
  * mute-console: honor Context rather than arg_*
  * mute-console: if muting is disabled, suppress "not restoring" messages
  * mute-console: don't unmute twice when not running as varlink service
  * basic/log-context: mark global vars as static
  * kernel-install: drop unneeded empty_to_root()
  * json-util: use JSON_VARIANT_ARRAY_FOREACH where appropriate
  * mute-console: several follow-ups (#39229)
  * man/userdbctl: fixup version info
  * core/mount: remove one more unused temporary variable
  * core/mount: properly handle REMOUNTING_* states in mount_stop()
  * TEST-81-GENERATORS: libmount disallows omitting fstype
  * virt: revert to detect chroot by comparing with / rather than /proc/PID/root
  * core/cgroup: realign macro line continuation
  * core/cgroup: make sure deserialized accounting data is not voided
  * core/manager: honor show_status_overridden in manager_watch_jobs_next_time()
  * core/service: properly handle freezer action -> watchdog propagation (#39222)
  * core/mount: properly handle REMOUNTING_* states in mount_stop() (#39269)
  * libsystemd-network/sd-lldp-tx: use SD_JSON_BUILD_PAIR_ID128
  * shared/bus-get-properties: use sizeof instead of hardcoded size in bus_property_get_id128()
  * strxcpyx: do not access dest as an array
  * core/exec-invoke: use strnpcpy() where appropriate
  * logind: support deserializing session leader through pidfdid
  * TEST-35-LOGIN: test coldplug without fdstore on kernels with pidfd id
  * core/exec-invoke: gracefully handle lack of privilege for initgroups() in user mode
  * TEST-74-AUX-UTILS.run: add test case for #39038
  * core/execute: remove unused ExecParameters.cgroup_supported
  * core/execute: mark exec_context_fdname() as pure
  * core/exec-invoke: drop redundant stdio_fdname checks
  * core/exec-invoke: do not attempt to use fdstore/extra fds for stdio
  * core/exec-invoke: set exit_status on exec_context_named_iofds() failure
  * core/exec-invoke: rename process earlier
  * core/execute: reorder ExecParameters fields
  * core/execute: serialize fd_names only if there're fds to pass
  * core/execute: merge n_storage_fds and n_extra_fds into stashed_fds
  * core/service: only pass socket fds to control processes
  * core/service: also pass sockets to control processes when stdio is named fd
  * core/exec-invoke: do not discard stashed fds when stdio is connected to socket
  * core/exec-invoke: store all stashed fds in ExecParameters, incl. OpenFile= ones
  * core/exec-invoke: switch keep_fds to heap allocation
  * core/exec-invoke: correct fd array size for collect_open_file_fds()
  * rules.d/60-block.rules: fix typo
  * fileio: mask off O_NOFOLLOW in xfopenat_regular() for fd_reopen()
  * sd-json: accept NULL path in sd_json_parse_file_at() too
  * sysupdated: port to sd_json_parse_file_at()
  * core/job: mark job_type_lookup_merge() and _is_redundant() as const
  * core/job: drop pure qualifier for static inline functions
  * core/job: use UNIT_IS_* helpers
  * core/service: no need for STATUS_TEXT_MAX to reside in header
  * core/service: do not set reload_begin_usec when refreshing confexts
  * core/service: restore spuriously changed comment
  * core/service: merge service_enter_reload_mounting() into _refresh_extensions()
  * core: drop redundant pidref_done() calls
  * core/service: introduce SERVICE_STATE_WITH_WATCHDOG
  * core/service: avoid duplicate unit_add_to_dbus_queue() call
  * core/service: remove effectively unused NOTIFY_UNKNOWN state
  * core/service: add missing serialization for notify_state
  * core/service: split out service_notify_message_process_state()
  * core/service: forbid reverting STOPPING=1
  * core/service: consolidate where to initialize reload_result
  * core/service: reset all reload-related states once a cycle completes
  * core/service: fix missing error handling for refresh-extensions control process
  * man/org.freedesktop.systemd1: fix typo (ExecStop -> -Post)
  * macro: add 21st case for IN_SET
  * core/service: rework ExecReload= + Type=notify-reload interaction, add ExecReloadPost=
  * TEST-80-NOTIFYACCESS: add test case for #37515
  * core/manager: kill unused default_unit_job_id field
  * core/manager: drop unneeded "struct"
  * core/manager: rearrange several struct fields
  * core/socket: fix alignment, extract common conditions
  * core/service: do not pass $MANAGERPID and friends if pidns is employed
  * core/exec-invoke: pass the correct pid (1) to processes in pidns
  * logind: fix potential fd leak in deliver_session_leader_fd_consume()
  * logind: handle session leader termination during deserialization more gracefully
  * core/execute: morph exec_output_is_* to _forward_to_*
  * meson: drop dangling reference to gcrypt
  * core/import-creds: rename import_credentials_context_free() to _done()
  * core/import-creds: use FOREACH_ARRAY at one more place
  * core/import-creds: use RET_GATHER
  * labeler: be more specific when matching for "import"
  * labeler: match per-user machined units too
  * labaler: add "shell profile"
  * labeler: catch up with recent changes (#39653)
  * core/namespace: hide the correct credentials tree when running in user scope
  * run: make sure we send out READY=1 when --wait
  * TEST-54-CREDS: add test case for credential dir masking
  * process-util: prefix FORK_PID_ONLY with _ to signify it is internal
  * hostname-setup: prefix helper process name with "sd-"
  * notify: raise log level for safe_fork()
  * core/exec-credential: do not pass CGroupContext deep down the stack
  * creds-util: use U64_* macros where appropriate
  * mount-util: introduce fsmount_credentials_fs()
  * core/exec-credential: port to new mount API, ensure atomicity for creds installation
  * core/exec-credential: work around tmpfs reconfigure bug
  * core/exec-credential: remove no longer needed per-cred atomic update logic
  * acl-util: drop now unused fd_acl_make_writable()
  * acl-util: fall back to fchmod() if libacl is not around, too
  * core/exec-invoke: do not check array being non-NULL
  * Revert "sd_path_lookup*() add new type SD_PATH_SEARCH_SYSCTL"
  * fd-util: introduce fd_vet_accmode()
  * test-fd-util: add unit test for fd_vet_accmode()
  * logind-session-dbus: use fd_vet_accmode() where appropriate
  * core/dbus-service: validate type of received ExecContext fds
  * core/manager-serialize: minor coding style cleanups
  * core/transaction: assign unique ids to transactions and encode them in log
  * core: record transactions that have seen ordering cycles
  * core: expose transactions with ordering cycle
  * TEST-03-JOBS: add test for TransactionsWithOrderingCycle
  * time-util: do not carry musl-specific fallback logic on glibc systems
  * efivars: insert a newline below fstat() call
  * run: refuse --root-directory= in --scope mode
  * stdio-bridge: remove unreachable return
  * fs-util: simplify open_parent_at() a bit
  * fd-util: do not block O_TMPFILE with -EISDIR
  * core/unit: no need to handle intermediate job types in unit_process_job()
  * core/unit: mark running reload job as canceled if the unit deactivated
  * core/unit: always propagate reload_result as job result, even if state is unexpected
  * core/unit: modernize unit_process_job() a bit
  * labeler: match the whole tree of shell-completion/
  * user-record: use clzll() instead of clzl() for uint64_t
  * labeler: shell-completion -> "shell completion"
  * core/exec-invoke: deduplicate needs_setuid with needs_sandboxing
  * core/selinux-setup: actually skip setup gracefully when libselinux is not available
  * dlfcn-util: fix potential dl handle leak
  * run0: swap the order of setting default wd and user
  * run: merge privileged_execution() into become_root()
  * core/mount: comprehensively disable mount unit support if no libmount
  * Revert "pid1: pull in libmount unconditionally"
  * libmount-util: build .c only if libmount feature is enabled
  * smbios11: use size_add() where appropriate
  * analyze-dlopen-metadata: honor --no-legend and --no-pager
  * shared/image-policy: format ", ignoring" + value msg in our usual style
  * core/execute-serialize: do not gracefully skip unknown image policies in executor
  * core/execute-serialize: do not gracefully skip unknown image policies in executor (#40062)
  * bus-unit-util: ReloadSignal is a Service property
  * core/service: set unit log context in helper processes that bypass cgroup
  * core/service: do not honor SuccessExitStatus= for our own helpers
  * acl-util: treat pointer type as a whole
  * Revert "acl-util: drop now unused fd_acl_make_writable()"
  * acl-util: systematically fall back to fchmod() if acl is not available
  * process-util: add a flag for retaining dlopen()-ability
  * core/exec-credential: fix credentials plain dir exchanging
  * TEST-54-CREDS: add test case for #40108
  * core/unit: add unit_fork_helper_process_full() that takes ForkFlags
  * core/service: defer cryptsetup dlopen to helper process
  * core: dlopen() libcryptsetup in extensions refreshing
  * core/exec-credential: fix credentials plain dir exchanging (#40108)

  [ Lennart Poettering ]
  * Merge pull request #11116 from keszybz/predictable-interface-names
  * Merge pull request #11107 from keszybz/udevadm-info-args
  * Merge pull request #11119 from cdown/news
  * Merge pull request #11100 from abogdanenko/udev-test-check-perm
  * udev: introduce udev net_id "naming schemes"
  * Merge pull request #11122 from keszybz/tmpfiles-man
  * job: update job_free() to follow our usual return-NULL style
  * core: don't track jobs-finishing-during-reload explicitly
  * job: be more careful when removing job object from jobs hash table
  * core: rework how we deserialize jobs
  * core: split out all logic that updates a Job on a unit's unit_notify() invocation
  * core: when a unit state changes only propagate to jobs after reloading is complete
  * core: extend comments regarding coldplug() vs. catchup()
  * Merge pull request #11121 from poettering/daemon-reload-race-fix
  * mount-setup: optionally, relabel a configured set of files/dirs after loading policy
  * mount-setup: use FOREACH_STRING where appropriate
  * mount-setup: don't consider it reason to fail if we can't relabel cgroupfs
  * NEWS: initialy version of NEWS
  * man: substantially update the docs regarding hooking sd-bus objects up with external event loops
  * Merge pull request #11046 from keszybz/generator-mains
  * locale-util: prefix special glyph enum values with SPECIAL_GLYPH_
  * fileio: make read_line() handle various line endings correctly
  * fileio: fail early if we can't return the number of bytes we read anymore in an int
  * tests: add a test that checks read_line() properly handles line endings at EOF
  * fstab-generator: remove spurious newline
  * sd-128: base SD_ID128_MAKE() macro on existing SD_ID128_ARRAY() macro
  * sd-id128: slightly reorder function prototypes
  * sd-id128: add helpers to check fo all-0xFF ids
  * hostnamed: filter out all-zero and all-0xFF DMI ProductUUIDs
  * shared: add helper for flushing nscd caches
  * machined: fix memory corruption
  * machined: flush nscd caches whenever a machine comes/goes
  * hostnamed: always flush nscd cache when changing hostname
  * core: flush nscd's caches whenever we allocate/release a dynamic user
  * Merge pull request #11140 from filbranden/lldpcmp1
  * Merge pull request #11143 from keszybz/enable-symlink
  * fileio: when reading a full file into memory, refuse inner NUL bytes
  * resolve: bump max of dns servers/search domains
  * Merge pull request #11184 from poettering/resolved-search-domains-max
  * Merge pull request #11159 from keszybz/udev-typedef
  * Merge pull request #11167 from yuwata/sd-resolve-typesafe
  * Merge pull request #11144 from keszybz/dissect-image-fix
  * docs: add missing section to ENVIRONMENT.md
  * NEWS: add missing 'not'
  * NEWS: document the usern/mknod borkage in 4.18 a bit
  * timesync: fix serialization of IP address
  * resolved: only attempt non-answer SOA RRs if they are parents of our query
  * resolved: mention which RRs we query when requesting them to authenticate some other RR
  * hashmap: rework hashmap_clear() to be more defensive
  * sd-lldp: accept if a neighbor is already removed from the hashtable
  * update .mailmap a bit from v240 contributions
  * sort .mailmap alphabetically
  * NEWS: update contributors list, taking new .mailmap into account
  * NEWS: add one more item
  * Merge pull request #11194 from poettering/resolved-soa-parent
  * units: sort [Service] sections alphabetically
  * units: set NoNewPrivileges= for all long-running services
  * Merge pull request #11191 from poettering/hashmap-clear
  * Merge pull request #11197 from keszybz/various-fixups
  * gpt-auto: compare kernel cmdline args with proc_cmdline_key_streq()
  * remount-fs: use PATH_IN_SET() at one more place
  * remount-fs: split code for tracking PIDs in hashmap
  * remount-fs: optionally remount / writable, if we are told through an env var
  * gpt-auto: make arg_root_rw a tri-state
  * gpt-auto: propagate gpt partition ro/rw flag into root mount
  * update TODO
  * fileio: add new safe_fgetc() helper call
  * tree-wide: port some code over to safe_fgetc()
  * process-util: make get_process_environ() safer
  * fileio: replace read_nul_string() by read_line() with a special flag
  * fileio: let's minimize 'count' inc/dec calls
  * test: add test case for read_nul_string()
  * process-util: rework getenv_for_pid() to use read_nul_string()
  * update TODO
  * Merge pull request #11182 from poettering/fileio-more-paranoia
  * Merge pull request #11201 from keszybz/more-news
  * gpt-auto-generator: don't wait for udev
  * dissect: add some assert()s
  * fileio: fix read_one_line() when reading bytes > 0x7F
  * test-fileio: add explicit check for safe_fgetc() with 0xFF
  * Merge pull request #11222 from keszybz/tmpfiles-crash
  * Merge pull request #11223 from poettering/read-line-0x00-0xff
  * resolved: use structured initialization for DnsScope
  * resolved: check dns_over_tls_mode in link_needs_save()
  * resolved: rename_DNS_SCOPE_INVALID → _DNS_SCOPE_MATCH_INVALID
  * resolved: add comment, explaining when Scope variables are copied from Link
  * resolved: rework how we determine which scope to send a query to
  * resolved: bind .local domains to mDNS with DNS_SCOPE_YES, similar LLMNR
  * resolved: rework dns_server_limited_domains(), replace by dns_scope_has_route_only_domains()
  * resolved: add an explicit way to configure whether a link is useful as default route
  * resolved: add bus API to set per-link "default route" boolean
  * resolvectl: minor whitespace fix
  * resolvectl: add support for reading/writing per-link 'default-route' boolean
  * networkd: small simplification
  * networkd: permit DNS "DefaultRoute" configuration in .network files
  * sd-network: add new API sd_network_link_get_dns_default_route()
  * resolved: read DNS default route option from networkd
  * man: split long section in systemd-resolved.service man page into three
  * man: document new systemd-resolved.service(8) routing features in more detail
  * build-sys: bump package/library versions
  * NEWS: prepare for v240
  * Merge pull request #11210 from thom311/dhcp-set-client-id-no-inval
  * Merge pull request #11050 from poettering/resolved-domain-route
  * Merge pull request #11337 from keszybz/build-version-h
  * Merge pull request #11328 from keszybz/static-array-size-declarations
  * Merge pull request #11241 from bengal/lldp-802-3-subtypes
  * Merge pull request #11327 from keszybz/revert-dbus-address
  * env-util: normalize one more flags enum
  * stat-util: remove spurious newline
  * fsck: use symbolic names where we have them
  * loop-util: minor simplification
  * loop-util: tweak codepath when a loopback file is "created" from an existing block device
  * json: teach json_log() the new SYNTHETIC_ERRNO() logic
  * json: fix typo
  * json: handle NULL explicitly in json_variant_has_type()
  * tree-wide: always declare bitflag enums the same way
  * Merge pull request #11352 from yuwata/rfe-11348
  * test,systemctl,nspawn: use "const char*" instead of "char*" as iterator for FOREACH_STRING()
  * strv: rework FOREACH_STRING() macro
  * seccomp: drop mincore() from @system-service syscall filter group
  * sd-bus: add sd_bus_close_unref() helper
  * tree-wide: make sure to flush/close all bus connections when our daemons exit
  * initctl: shorten and update code a bit
  * tree-wide: whenever we allocate a new bus object, close it before dropping final ref
  * core: shorten code by using new helper
  * Merge pull request #11375 from daxtens/issue5882
  * Merge pull request #11378 from keszybz/export-dbus-address-conditionally
  * tree-wide: fix some trailing whitespace
  * Merge pull request #11449 from keszybz/udev-link-naming-again
  * Merge pull request #11465 from poettering/daemon-bus-flush
  * Merge pull request #11427 from kragniz/10659-env-file-quotes
  * Merge pull request #11450 from keszybz/drop-nolegacy
  * main: when bumping RLIMIT_MEMLOCK, save the previous value to pass to children
  * main: add commenting, clean up handling of saved resource limits
  * main: don't bump resource limits if they are higher than we need them anyway
  * main: when generating the resource limit to pass to children, take FD_SETSIZE into consideration
  * fd-util: rework how we determine highest possible fd
  * execute: make sure to call into PAM after initializing resource limits
  * Merge pull request #11424 from yuwata/fix-11420
  * resolved: preferably route single-label lookups to unicast DNS scopes with search domains (#11485)
  * Merge pull request #11501 from yuwata/fix-9426
  * Merge pull request #11536 from yuwata/fix-11529
  * cryptsetup: use free_and_replace() where appropriate
  * cryptsetup: modernize some log message invocations
  * cryptsetup: add some commenting about EAGAIN generation
  * cryptsetup: don't line-break so aggressively
  * cryptsetup: downgrade a log message we ignore
  * cryptsetup: add comment what EAGAIN means when activating
  * cryptsetup: rework how we log about activation failures
  * test-bpf: check if we can mlock() before trying bpf
  * Merge pull request #11547 from yuwata/network-cosmetic-fixes
  * nspawn: ignore SIGPIPE for nspawn itself
  * units: drop conditionalization of systemd-tmpfiles-setup-dev.service
  * Merge pull request #11545 from xnox/ppc64el
  * Merge pull request #11530 from keszybz/journal-cache-trimming
  * Merge pull request #11466 from keszybz/fix-loop-remounts
  * Merge pull request #11562 from yuwata/fix-11558
  * Merge pull request #11460 from yuwata/fix-11458
  * alloc-util: whenever any of our alloca() wrappers is used to allocate overly large memory blocks, hit an assert()
  * tree-wide: use newa() instead of alloca() wherever we can
  * Merge pull request #11566 from poettering/alloca-assert
  * Merge pull request #11580 from yuwata/fix-11579
  * Merge pull request #11569 from yuwata/first-step-11307
  * Merge pull request #11540 from taro-yamada/mytest
  * More NEWS prep for v241
  * pager: improve english a bit
  * Merge pull request #11621 from yuwata/man-ref-systemd-system-conf
  * Merge pull request #11641 from ffontaine/master
  * Merge pull request #11663 from yuwata/follow-up-10712
  * Merge pull request #11659 from yuwata/fix-11643
  * Merge pull request #11655 from yuwata/fix-11652
  * Merge pull request #11578 from keszybz/gcc-9-fixes
  * util.h: add new UNPROTECT_ERRNO macro
  * nss: unportect errno before writing to NSS' *errnop
  * Merge pull request #11707 from keszybz/man-directives-spring-cleaning
  * sd-bus: if we receive an invalid dbus message, ignore and proceeed
  * NEWS: update for final v241
  * update hwdb
  * Merge pull request #11718 from yuwata/news-v241
  * Merge pull request #11506 from bl33pbl0p/reload-fix
  * Merge pull request #11382 from keszybz/udev-predictable-macs
  * Merge pull request #11373 from tomty89/auto
  * core: export $PIDFILE env var for services, derived from PIDFile=
  * Merge pull request #11617 from topimiettinen/backlight-handle-zero-file-load
  * Merge pull request #9262 from ssahani/ignore-carrier-9111
  * Merge pull request #11594 from yuwata/udev-rule-cleanups
  * Merge pull request #11636 from yuwata/network-in-addr-is-null
  * Merge pull request #11719 from yuwata/networkctl-wildcards
  * Merge pull request #11634 from yuwata/rfe-11622
  * Merge pull request #9594 from filbranden/cpu_quota_period1
  * Merge pull request #11589 from yuwata/udevd-is-device-busy
  * Merge pull request #11716 from ssahani/drop-autoconf-address
  * stream: follow coding style, don't use degrade-to-bool for checking numeric value
  * stream: track type of DnsStream object
  * transaction: simplify handling if we get an unexpected DNS packet via TCP
  * llmnr: add comment why we install no complete() handler on stream
  * resolved: restart stream timeout whenever we managed to read or write something
  * resolved: only call complete() with zero argument in LLMNR client cases
  * resolved: add comment to dns_stream_complete() about its 'error' argument
  * resolved: keep stub stream connections up for as long as client wants
  * tmpfiles: clean up restoring of access times after aging a bit
  * tmpfiles: break comment blocks according to our current editor settings
  * tmpfiles: make some log messages a tiny bit less cryptic for mere mortals
  * tmpfiles: while aging, take a BSD file lock on each directory we descent into
  * man: document the new BSD file lock logic in tmpfiles
  * tmpfiles: let's bump RLIMIT_NOFILE for tmpfiles
  * Merge pull request #11743 from keszybz/two-memory-fixups
  * Merge pull request #11747 from yuwata/fstab-generator-log
  * Merge pull request #11226 from keszybz/enable-remount-fs-dynamically
  * Merge pull request #11698 from yuwata/fix-network-route-table
  * Merge pull request #11681 from yuwata/network-link-enslaved-operstate
  * Merge pull request #11746 from yuwata/udev-rules-cleanup
  * Merge pull request #11457 from grooverdan/sendsigkill_no
  * Merge pull request #11208 from thom311/dhcp-router-option-list
  * Merge pull request #11729 from yuwata/fix-11721
  * Merge pull request #10408 from keszybz/analyze-cat-presets
  * Merge pull request #11478 from yuwata/enumerate-match-parent
  * Merge pull request #11682 from topimiettinen/private-utsname
  * Merge pull request #11556 from yuwata/udev-ctrl-use-sd-event
  * docs: document semantics of /tmp and /var/tmp
  * man,units: link up new documentation about temporary directories
  * Merge pull request #11772 from c0d3z3r0/master
  * Merge pull request #11748 from yuwata/fix-11711
  * Merge pull request #11784 from martinpitt/networkd-tests
  * Merge pull request #11776 from keszybz/networkd-ordered-sets
  * Merge pull request #11608 from taro-yamada/add_persistent_randmized_delay
  * analyze: optionally, show more than one elapse time for calendar expressions
  * Merge pull request #11797 from keszybz/analyze-calendar-highlight
  * Merge pull request #11798 from keszybz/mem-sanitizer-fix
  * Merge pull request #11767 from yuwata/network-bridge-enslaved
  * Merge pull request #11822 from yuwata/fuzz-udev-database
  * Merge pull request #11823 from keszybz/more-fuzz-coverage
  * Merge pull request #11357 from GiacintoCifelli/dbus_labels
  * Merge pull request #11827 from keszybz/pkgconfig-variables
  * Merge pull request #11824 from keszybz/fuzzer-fixes
  * Merge pull request #11837 from yuwata/network-tiny-cleanups
  * Merge pull request #11844 from keszybz/networkd-fuzzer-fixes
  * Merge pull request #11795 from yuwata/fix-network-routing-policy-11280
  * Merge pull request #11840 from yuwata/network-route-onlink
  * sd-bus: deal with cookie overruns
  * Merge pull request #11853 from keszybz/man-rules-update
  * Merge pull request #11857 from rossburton/acrn
  * Merge pull request #11856 from xtopherwong/new-time-zone-list
  * Merge pull request #11852 from keszybz/coverity-memory-issues
  * json: don't call va_end() twice in json_build()
  * env-file: (void)ify an unlink() call
  * fs-util: add new helper syncfs_path()
  * bootspec: update log message, to indicate the error is ignored
  * bootspec: use SYNTHETIC_ERRNO() at one more place
  * dissect: use SYNTHETIC_ERRNO() where appropriate
  * bootctl: use SYNTHETIC_ERRNO() where appropriate
  * bootctl: safety check for regular file when reading EFI images
  * gpt: add definition for boot loader spec partition
  * dissect: automatically detect boot loader spec $BOOT partition
  * dissect: when mounting an image mount the XBOOTLDR partition to /boot
  * gpt-auto: also load the boot loader partition during regular boots
  * bootspec: add internal APIs to discover the XBOOTLDR partition
  * bootspec: store 'root' field in each bootspec entry we load
  * systemctl: drop arg_esp_path variable from systemctl
  * systemctl: use SYNTHETIC_ERRNO() where appropriate
  * systemctl: add missing OOM checks
  * bootspec: load entries from both the ESP and XBOOTLDR partitions
  * bootctl: teach bootctl the new partition type
  * bootctl: output where we found $BOOT
  * boot-bless: port over to new $BOOT discovery calls
  * bootspec: use SYNTHETIC_ERRNO() where appropriate
  * bootspec: add comment explaining verify_esp() return codes
  * bootspec: split out ESP blkid validation into function of its own
  * bootspec: also split out XBOOTLDR partition blkid code into its own function
  * bootspec: if unprivileged validate partition data with udev rather than blkid directly
  * bootspec: split out code that validates whether directory is top-level dir of fs
  * bootspec: also optoinally validate XBOOTLDR partition with udev insteado of blkid
  * bootspec: use verify_fsroot_dir() in verify_xbootldr() too
  * bootctl: let's make sure we always add empty line after EFI binary output
  * bootctl: properly handle readdir() errors
  * bootspec: also look for boot loader spec type 2 entries (i.e. unified kernel images)
  * bootspec: only sort entries list once
  * sd-boot: pass device handle to config_entry_add_linux()
  * sd-boot: don't dereference NULL ptr if loaded_image_path is NULL
  * sd-boot: also look for boot loader entries in the XBOOTLDR partition
  * sd-boot: don't print error string where there's no error code known
  * efi: beef up efivar_get_xyz() to accept NULL return values
  * stub: fix GUID to check EFI vars in
  * stub: don't ask for variable data we actually don't care about
  * stub: don't override LoaderDevicePartUUID EFI var
  * bootspec: stat() on an autofs mount point doesn't trigger it, let's hence do it explicitly
  * mkosi: let's update the boot loader also in /efi
  * meson: sort header list again
  * docs: enclose all uuids in ``
  * man: extend systemd-gpt-auto-generator with XBOOTLDR info
  * man: document XBOOTLDR search logic for sd-boot
  * man: document XBOOTLDR partition logic in bootctl's man page
  * update TODO
  * nspawn: explicitly refuse mounts over /
  * nspawn: add volatile mode multiplexer call setup_volatile_mode()
  * nspawn: fix an error path
  * nspawn: add --volatile=overlay support
  * nspawn: slightly reorder mount logic
  * nspawn: no need to make top-level directory a bind mount if we just dissected an image
  * nspawn: refactor how we determine whether it's OK to write to /etc
  * nspawn: rework how arg_read_only is initialized in --volatile= mode
  * volatile-util: tweak query_volatile_mode() a bit
  * volatile-root: add missing logging to volatile-root
  * volatile-root: fail if we can't parse specified parameter
  * volatile-root: add overlay mode for host boots, too
  * volatile-root: export original root
  * gpt-auto-generator: rename open_parent() → open_parent_devno() so that we can include fs-util.h later
  * gpt-auto-generator: use new /run/systemd/volatile-root symlink as fallback when we otherwise cannot determine root device node
  * copy: don't synthesize a 'user.crtime_usec' xattr on copy unless explicitly requested
  * man: document nspawn's new --volatile=overlay switch
  * man: document new systemd.volatile=overlay kernel command line option
  * Merge pull request #11701 from poettering/discover-bls
  * test: fix indenting off by one
  * sd-bus: initialize mutex after we allocated the wqueue
  * sd-bus: make rqueue/wqueue sizes of type size_t
  * sd-bus: reorder bus ref and bus message ref handling
  * sd-bus: make sure dispatch_rqueue() initializes return parameter on all types of success
  * sd-bus: drop two inappropriate empty lines
  * sd-bus: always go through sd_bus_unref() to free messages
  * bus-message: introduce two kinds of references to bus messages
  * sd-bus: use "queue" message references for managing r/w message queues in connection objects
  * test: add test for new sd-bus refcnt logic
  * btrfs: when falling back to plain copy when snapshoting exclude submounts
  * man: document that --ephemeral and --template= don't cover submounts
  * Merge pull request #11882 from yuwata/fix-log-syntax
  * Merge pull request #11770 from yuwata/fix-9955
  * Merge pull request #11820 from dm0-/chase
  * Merge pull request #11888 from keszybz/non-atomic
  * Merge pull request #11871 from yuwata/systemctl-show-format-unprintable
  * Merge pull request #11841 from keszybz/dns-packet-speedup
  * Merge pull request #11881 from yuwata/networkd-vs-interface-renaming
  * update TODO
  * shutdown: fix up return type of sync_making_progress()
  * shutdown: (void)ify more stuff
  * shutdown: rearrange shutdown sources in source tree
  * core: warn if people use the undocumented/depreacted ConditionNull=
  * efivars: extend character set that may be used in boot loader entry ids a bit
  * logind: optionally support non-EFI reboot-to-firmware
  * bootctl: tweak 'list' output a bit
  * bootspec: move log msg from systemctl.c to bootspec.c
  * systemctl: be careful with boot loader entries lacking a 'linux' line
  * systemctl: when something is not supported use EOPNOTSUPP
  * systemctl: let's FORK_WAIT where we can
  * bootspec: simplify find_default_boot_entry()
  * bootspec: move augmentation of loader-discovered entries into bootspec.c
  * bootspec: correct error code shown in log msg
  * bootspec: introduce new helper boot_entries_load_config_auto()
  * bootspec: rework find_default_boot_entry() to use boot_entries_load_config_auto()
  * bootspec: get rid of find_default_boot_entry() entirely
  * bootspec: validate bootpsec entry ids before we use them
  * logind: add support for booting into the boot menu or a specific boot menu entry
  * systemctl: add support for booting into boot menu/entry
  * logind: refactor logic of returning polkit challenge result into its own function
  * docs: document the new environment variables logind groks
  * update TODO
  * json: log about the right line number
  * Merge pull request #11898 from keszybz/meson-conv-lib
  * Merge pull request #11911 from keszybz/bootspec-handle-invalid-efi
  * nspawn: move payload to sub-cgroup first, then sync cgroup trees
  * Merge pull request #11918 from keszybz/clang-8
  * Merge pull request #11916 from yuwata/pid1-id-renaming-handling
  * catalog: don't make catalog_entry_lang() clobber output params on failure
  * catalog: be a bit less aggressive with line breaking. After all 109ch is what we going for
  * catalog: let's use mkdir_parents() and use same mode as tmpfiles.d for this dir
  * catalog: use structured initialization more
  * catalog: (void)ify all things
  * catalog: _cleanup_close_ is your friend
  * random-seed: don't use "label" version of mkdir_parents()
  * execute: use structured initialization
  * execute: make things a tiny bit shorter
  * execute: (void)ify more
  * execute: no need to check for NULL when function right after does anyway
  * core: add open_netns_path() helper
  * core: add new setting NetworkNamespacePath= for configuring a netns by path for a service
  * core: support netns joining also for sockets created by .socket unit
  * run: make sure NetworkNamespacePath= can be used on the systemd-run cmdline
  * man: document NetworkNamespacePath=
  * Merge pull request #11905 from poettering/catalog-fixes
  * man: document that ProtectHostname= disables hostname change notifications
  * units: turn of ProtectHostname= again for services hat need to know about system hostname changes
  * Merge pull request #11922 from poettering/hostname-protect-fix
  * execute: remove one aa profile output from context dump
  * Merge pull request #11960 from mrc0mmand/more-fuzzers
  * efivars: make sure efi_loader_entry_name_valid() is always compiled in
  * logind: normalize home path when creating user object
  * user-util: filter out invalid user record data a bit more thorougly
  * path-util: check validity before normalization in path_simplify_and_warn()
  * path-util: minimize variable scope
  * user-util: use SYNTHETIC_ERRNO() where we can
  * user-util: paranoia — add overflow check on ERANGE loop
  * user-util: be more strict when reading $HOME and $SHELL
  * user-util: simplify paths retrieved from $HOME and $SHELL
  * execute: simplify paths we set as HOME/SHELL for invoked programs
  * execute: no need to synthesize $HOME for uid==0 again, get_home_dir() already does that
  * user-util: extra paranoia, make sure $SHELL can't be fucked with in suid programs
  * login: drop redundant newline
  * update TODO
  * Merge pull request #11919 from poettering/login-simplify
  * Merge pull request #11933 from keszybz/coverity
  * Merge pull request #11283 from yuwata/fix-11276
  * Merge pull request #11893 from yuwata/wait-online-take-operstate
  * Merge pull request #11861 from yuwata/network-verify-2
  * util: split out namespace related stuff into a new namespace-util.[ch] pair
  * util: split out some stuff into a new file limits-util.[ch]
  * util: split out memcmp()/memset() related calls into memory-util.[ch]
  * util: split out sorting related calls to new sort-util.[ch]
  * man: clarify that sd_journal_seek_head() seeks *before* the first entry
  * bootspec: don't log in boot_entries_load_config_auto() about no ESP
  * tests: add tests for embedded newlines in /proc/cmdline
  * systemctl: refactor code to watch unit ActiveState a bit
  * bus-unit-util: use free_and_strdup() where we can
  * bus-unit-util: use structure initialization
  * bus-unit-util: move explanations array to inner scope
  * bus-unit-util: never call into log_job_error_with_service_result() if we are not a service
  * bus-unit-util: insist on full initialization
  * execute: use path_join() where appropriate
  * systemctl: minimize scope of 'p'
  * systemctl: use strv_consume() where appropriate
  * systemctl: drop unnecessary {}
  * shared: split out code to wait for jobs to complet into its own source file
  * bus-unit-util: split out code that shows a unit's process tree
  * bus-unit-procs: use empty_or_root() where appropriate
  * resolved: don't follow cnames if we already noticed truncation
  * resolved: don't let EDNS0 OPT dgram size affect TCP
  * resolved: if we can't append EDNS OPT RR, then indicate truncation to stub client
  * man: be even more explicit that RestartPreventExitStatus= does not affect ExecStartPre=
  * man: mention that DynamicUser= should not be mixed with ReadWriteDirectory= or AF_UNIX dir fd passing
  * Merge pull request #11968 from yuwata/network-l2tp
  * Merge pull request #11971 from keszybz/kernel-install-directory
  * man: provide an example how to plug systemd-mount into udev
  * util: split out plymouth related stuff
  * util: split out errno related stuff
  * util: move display_is_local() to pam_systemd.c, its only user
  * util: split out kbd related stuff
  * util: move dbus specific definition into bus-internal.h
  * util: don't include util.h from def.h
  * util: move some raw memory functions from string-util.h → memory-util.h
  * util: split out nulstr related stuff to nulstr-util.[ch]
  * main: use _exit() rather than exit() in code potentially caled from signal handler
  * docs: comprehensively document what a minimal portable service image needs to include
  * man: document that Anonymize=yes makes DHCP leases grow in size
  * man: document the network interface size limits --network-veth= enforces
  * docs: adjust the spec a bit with firmware authros in mind
  * man: mention O_NOCTTY and it's importance in daemon(7)
  * networkd: clarify that IPv6 RA uses our own stack, no the kernel's
  * man: document that if the main process exits after SIGTERM we go directly to SIGKILL
  * man: say explicitly which settings are not available in --user services
  * Merge pull request #11785 from dvdhrm/implicit-sasl
  * Merge pull request #11989 from poettering/minimal-portable-image
  * Merge pull request #12002 from keszybz/man-headers
  * Merge pull request #12009 from mrc0mmand/bump-partition-size-for-TEST-02-CRYPTSETUP
  * Merge pull request #11988 from keszybz/test-binaries-installation
  * Merge pull request #12012 from keszybz/generator-man-docs
  * capability: keep CAP_SETPCAP while dropping bounding caps
  * capability: add a way to get a uint64_t with all caps set
  * capability: deal with libcap being older than kernel
  * capability: let's protect against the kernel eventually doing more than 64 caps
  * nspawn: refactor setuid code a bit
  * nspawn: (void)ify more stuff
  * nspawn: add support for executing OCI runtime bundles with nspawn
  * nspawn: use right constant for shifting for uint64_t caps
  * man: document the various new options nspawn learnt
  * nspawn: mask out CAP_NET_ADMIN again if settings file turns off private networking
  * man: clarify that /run/media/system/ is where mounts are placed by default
  * Merge pull request #12015 from keszybz/fix-tests-in-rawhide
  * Merge pull request #12016 from yuwata/fix-two-memleaks-found-by-oss-fuzz
  * Merge pull request #11975 from keszybz/fuzzer-fixes-n
  * socket-util: add wrappers for binding socket to ifindex/ifname
  * tree-wide: port various users over to socket_bind_to_ifindex()
  * core: add comment explaining ECOMM return value of unit_start()
  * core: rename unit_{start_limit|condition|assert}_test() to unit_test_xyz()
  * core: unify code for checking whether unit to trigger is loaded
  * core: modernize unit_start() a bit
  * core: check start limit on condition checks too
  * core: change emergency_action() to return void
  * core: split error list in comment for unit_start() in two
  * hwdb: fix trailing newline issue
  * units: turn off keyring handling for user@.service
  * fd-util: beef up ERRNO_IS_xyz() macros a bit
  * util: move ERRNO_IS_xyz macros to errno-util.h
  * stdio-bridge: use ERRNO_IS_DISCONNECT() to detect disconnects
  * stdio-bridge: fix getopt() parameter list to match reality
  * stdio-bridge: tweak getopt() case statement a bit
  * stdio-bridge: use SYNTHETIC_ERRNO() where appropriate
  * stdio-bridge: slightly optimize formatting of structure
  * util: add one more disconnect errno code
  * tree-wide: use ERRNO_IS_DISCONNECT() at more places
  * condition: split out kernel version comparison steps
  * process-util: add new helper cpus_in_affinity_mask()
  * condition: use structured initialization
  * condition: for completenes sake at != comparator for ConditionKernelVersion=
  * condition: add ConditionMemory= and ConditionCPUs=
  * man: document ConditionMemory= + ConditionCPUs=
  * tests: add tests for ConditionMemory= + ConditionCPUs
  * fs-util: change chmod_and_chown() to not complain if stat data already matches
  * execute: use path_join() where appropriate
  * execute: also do the private/ symlink dance when runtime dir preservation is requested
  * execute: remove one redundant comparison check
  * core: change ownership/mode of the execution directories also for static users
  * execute: generalize uid/gid handling in two cases for any kind of uid/gid
  * cryptsetup: small refactoring
  * ask-password: erase character read with _cleanup_
  * alloc-util: extra paranoid overflow check
  * alloc-util: add extra overflow checks to GREEDY_REALLOC()
  * alloc-util: use malloc_usable_size() to determine allocated size
  * alloc-util: typo fix
  * ask-password: add extra paranoid overflow check
  * systemctl: port to static destructors
  * systemctl: use strv_consume() where we can
  * systemctl: start_unit() returns > 0 on error, let's catch that properly
  * Merge pull request #12049 from keszybz/assorted-fixups
  * execute: use path_equal() to compare tty names
  * execute: split check if we might touch a tty out of exec_context_may_touch_console()
  * core: rework how we reset the TTY after use by a service
  * update TODO
  * capability: add missing ')'
  * capability: minor coding style updates
  * capability: minimize scope of a few variables
  * capability: use UINT64_C() where appropriate
  * capability: typo fix
  * capability: also cap CAP_LAST_CAP at 63
  * capability: add a test that fails if we ever enter > 64bit capability territory
  * mount: when we fail to establish an inaccessible mount gracefully, undo the mount
  * nspawn: reorder --help text, and add section
  * man: adjust nspawn man page to follow same section/order as --help text
  * nspawn: add a few missing flags from --help text
  * Merge pull request #12058 from keszybz/oci-simplifications
  * nspawn: port to main-func.h logic
  * nspawn: port to static destructors
  * nspawn: voidify sd_notify() calls
  * Merge pull request #12062 from poettering/nspawn-main-func
  * util: introduce save_argc_argv() helper
  * main-func: implicitly save argc/argv in DEFINE_MAIN_FUNCTION() functions
  * systemctl: use saved_argv where we can
  * systemctl: document argv[] array
  * systemctl: add missing OOM check
  * systemctl: tiny optimization
  * main-func: make sure we destruct memory and stuff last
  * systemctl: make a copy of the "verb" from argv[] before forking off a child
  * Merge pull request #12046 from keszybz/simplify-invocation-id-check
  * nspawn: conditionalize libseccomp use
  * string-table: use string_table_lookup() in our own macros everywhere
  * udev: use string_table_lookup() where we can
  * dbus-execute: lets use exec_directory_type_from_string() to simplify things
  * dbus-execute: don't needlessly override error code
  * nspawn: don't free "fds" twice
  * Merge pull request #12075 from keszybz/two-docs
  * Merge pull request #12079 from keszybz/fuzz-nspawn-oci
  * Merge pull request #11602 from vesajaaskelainen/dbus-reboot-with-parameters
  * NEWS: various tweaks and updates for v242
  * core: remove unnecessary heap allocation
  * dbus-unit: remove redundant check
  * tree-wide: constify a few static string tables
  * systemctl: split out some SysV compat stuff into its own C file
  * systemctl: use SYNTHETIC_ERRNO everywhere
  * systemctl: use structured initialization
  * systemctl: underline sections in help text
  * systemctl: move --failed close to --state= in help text
  * Merge pull request #12081 from poettering/systemctl-love
  * namespace: replace one case of stack allocation with heap allocation
  * namespace: (void)ify a number of syscalls
  * namespace: get rid of local variable
  * namespace: get rid of {} around single-line if blocks
  * mount-util: don't clobber return value in umount_recursive()
  * mount-util: use set_put_strdup() where appropriate
  * mount-util: beef up bind_remount_recursive() to be able to toggle more than MS_RDONLY
  * units: set nodev,nosuid,noexec flags for various secondary API VFS
  * nspawn: mount mqueue with nodev,noexec,nosuid, too
  * namespace: when DynamicUser=1 is set, mount StateDirectory= bind mounts "nosuid"
  * man: rework timer docs to use a table for monotonic timers
  * nspawn: minor improvements to --help text
  * core: drop suid/sgid bit of files/dirs when doing recursive chown
  * tests: add simple testcase for getttyname_malloc()
  * Merge pull request #12044 from keszybz/ttyname-malloc-simplification
  * sleep: use negative_errno() where appropriate
  * sleep: (void)ify some call
  * update TODO
  * Merge pull request #12116 from keszybz/mock-compilation-fixes
  * Merge pull request #12110 from keszybz/sysv-compat-fix
  * core: add new API for enqueing a job with returning the transaction data
  * systemctl: replace switch statement by table of structures
  * systemctl: more SYNTHETIC_ERRNO() conversion
  * systemctl: reindent table
  * systemctl: split out extra args generation into helper function of its own
  * systemctl: add new --show-transaction switch
  * test: add some basic testing that "systemctl start -T" does something
  * man: document the new systemctl --show-transaction option
  * terminal-util: modernize things with TAKE_PTR a bit
  * terminal-util: add paranoid overflow check
  * Merge pull request #12113 from poettering/terminal-util-fixlets
  * Merge pull request #12119 from keszybz/voidify-mkdir-p
  * tree-wide: (void)ify a few unlink() and rmdir()
  * tree-wide: reorder various structures to make them smaller and use fewer cache lines
  * core: parse '@default' seccomp group permissively
  * core: break overly long line
  * seccomp: add rseq() to default list of syscalls to whitelist
  * update TODO
  * Merge pull request #12130 from keszybz/fix-ndebug-builds
  * load-fragment: use TAKE_PTR() where we can
  * core: complain and correct /var/run/ → /run/ for listening sockets
  * update TODO
  * missing: add FS_PROJINHERIT_FL
  * util-lib: when copying files make sure to apply some chattrs early, some late
  * tmpfiles: support the FS_PROJINHERIT_FL chattr flag
  * update TODO
  * update NEWS
  * tmpfiles: move full chattr flag set to chattr-util.h
  * sd-bus: change "int" → "signed int" on bitfield
  * fsck: copy out device argument from argv[] before forking
  * analyze: check both possible mount points of tracefs
  * man: clarify which addresses are affected by IPAddressAllow=/IPAddressDeny=
  * update TODO
  * Merge pull request #12156 from yuwata/fix-bootspec-memleaks
  * Merge pull request #12157 from yuwata/network-netdev-name-conflict
  * core: simply timer expression parsing by using ".ltype" field of conf-parser logic
  * core: pass parse error to log functions when parsing timer expressions
  * man: tweak XyzDirectory= table a bit
  * man: refer to innermost directory as innermost, not as "lowest"
  * man: be clearer that .timer time expressions need to be reset to override them
  * Merge pull request #12164 from keszybz/units-use-presets
  * sd-bus: add missing empty line
  * fs-util: suppress world-writable warnings if we read /dev/null
  * core: add a common function for bus calls that return unit dbus path
  * shared: add some minor comments
  * core: export ReloadResult value on the bus
  * rm-rf: refuse combining REMOVE_ONLY_DIRECTORIES and REMOVE_SUBVOLUME for now
  * systemctl: print a more accurate error message when we can
  * core: refactor transaction.c to use fewer gotos
  * core: use more structured initialization
  * run: rename with_timer → arg_with_timer
  * core: optionally, trigger .timer units on timezone and clock changes
  * test: add tests for new .timer units
  * man: document the two new .timer settings
  * update TODO
  * tty-ask-password: copy argv[] before forking child
  * tty-ask-password: drop redundant local variable
  * tty-ask-password: no need to initialize something already NUL initialized to NUL
  * tty-ask-password: simplify signal handler installation
  * tty-ask-password: re-break comment
  * Merge pull request #12007 from poettering/clock-change
  * logind: simplify removal of device fds
  * logind: when we cannot attach a passed fd to a device, close it
  * lgtm: beef up list of dangerous/questionnable API calls not to make
  * test: stop using dup() needlessly
  * analyze: use empty_or_root() where appropriate
  * util-lib: use FLAGS_SET() where appropriate
  * tree-wide: use reallocarray() where appropriate
  * boot: use TAKE_PTR() where appropriate
  * tree-wide: use SYNTHETIC_ERRNO() where appropriate
  * sd-device: use xsprintf() where appropriate
  * sd-event: use DIV_ROUND_UP where appropriate
  * json: use SYNTHETIC_ERRNO() where appropriate
  * udev: use strempty() where appropriate
  * core: add a generic helper that forwards per-unit method calls from Manager
  * seccomp: add debug messages to seccomp_protect_hostname()
  * seccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files
  * test: add test case for restrict_suid_sgid()
  * core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID=
  * analyze: check for RestrictSUIDSGID= in "systemd-analyze security"
  * man: document the new RestrictSUIDSGID= setting
  * units: turn on RestrictSUIDSGID= in most of our long-running daemons
  * core: imply NNP and SUID/SGID restriction for DynamicUser=yes service
  * update TODO
  * Merge pull request #12056 from poettering/seccomp-suid-sgid
  * update .mailmap
  * NEWS: add preliminary contributor list
  * meson: bump so versions
  * update NEWS
  * Revert "build: install /etc/systemd/{system,user}-generators"
  * docs: fix path to unit files
  * Merge pull request #12202 from keszybz/seccomp-arm64
  * portabled: fix dbus policy
  * portabled: reorder methods in vtable
  * portabled: fix method name
  * shared: no need to initialize variable
  * shared: path_join() is your friend
  * shared: be friendly to EROFS images
  * udev-util: allocate an event loop of our own for waiting
  * tty-ask-pw-agent: use right array
  * test-journal: move tests to /var/tmp/ and set FS_NOCOW_FL
  * meson: sort source files again
  * lgtm: warn about strerror() use
  * nspawn: create boot_id and kmsg files for overmounting in /run, not /tmp
  * Merge pull request #12234 from yuwata/calendarspec-fix-oss-fuzz-14108
  * pam-systemd: use secure_getenv() rather than getenv()
  * Merge pull request #12238 from keszybz/one-genuine-bugfix+lots-of-line-wrapping
  * update NEWS for 242 final
  * hwdb: update hwdb
  * tree-wide: introduce empty_or_dash() helper
  * basic: add new helper call empty_or_dash_to_null()
  * coccinelle: add coccinelle script for empty_or_dash() use
  * man: elaborate on fd ownership in sd_event_add_io(3)
  * man: add references from the .mount and .service man pages to systemd-{mount,run} pages
  * Merge pull request #12244 from poettering/242-news-final
  * inhibit: fix argv[] usage
  * core: rearrange cgroup empty events a bit
  * core: check for redundant operation before doing allocation
  * core: rename cgroup_inotify_wd → cgroup_control_inotify_wd
  * service: beautify debug log message a bit
  * core: implement OOMPolicy= and watch cgroups for OOM killings
  * catalog: add a new catalog entry explaining the new OOM killer event log msg
  * man: document new OOMPolicy= setting
  * test: add test case for new OOM logic
  * update TODO
  * sysctl: let's by default increase the numeric PID range from 2^16 to 2^22
  * lgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC]
  * tree-wide: voidify some socket calls
  * errno-util: add three more error codes to ERRNO_IS_DISCONNECT()
  * errno-util: rework ERRNO_IS_RESOURCE() from macro into static inline function
  * errno-util: add new ERRNO_IS_ACCEPT_AGAIN() test
  * tree-wide: port users over to use new ERRNO_IS_ACCEPT_AGAIN() call
  * Merge pull request #12271 from poettering/errno-accept-again
  * nss-resolve: drop unnecessary variable
  * nss-resolve: return error properly
  * nss-resolve: resue a jump target
  * nss-myhostname: unify code that handles NOT_FOUND case
  * nss-mymachines: return NO_RECOVERY instead of NO_DATA when we fail to do D-Bus and similar
  * nss-resolve: simplify condition
  * nss-resolve: list more errors as cause for fallback
  * Merge pull request #12274 from poettering/nss-fixlets
  * Merge pull request #12279 from keszybz/sd-bus-long-signatures
  * Merge pull request #12219 from keszybz/bootctl-check-entries
  * Merge pull request #12037 from poettering/oom-state
  * Merge pull request #12226 from poettering/22bit-pids
  * Merge pull request #12153 from benjarobin/killall-show-not-killed
  * Merge pull request #12267 from keszybz/udev-settle-warning
  * Merge pull request #12287 from keszybz/patches-for-coverity-warnings
  * Merge pull request #12221 from keszybz/test-cleanups
  * NEWS: fix typo
  * NEWS: document kernel.pid_max change
  * json: simplify JSON_VARIANT_OBJECT_FOREACH() macro a bit
  * json: be more careful when iterating through a JSON object/array
  * Merge pull request #12217 from keszybz/unlocked-operations
  * Merge pull request #12222 from yuwata/macsec
  * journald: use structure initialization
  * journald: no need to check ptr for non-NULL before _unref(), as function does that anyway
  * journald: rebreak a few comments
  * journald: modernize config_parse_compress() a bit
  * cgroup: get rid of a local variable
  * core: no need to initialize ip_accounting twice
  * core: add new call unit_reset_accounting()
  * core: use string_table_lookup() at more places
  * croup: expose IO accounting data per unit
  * core: include IO data in per-unit resource log msg
  * run: show IO stats in --wait resource output
  * systemctl: show IO stats in 'status' output
  * CODING_STYLE: add a section about functions not to use
  * CODING_STYLE: split out bits about Formatting into its own section
  * CODING_STYLE: add section about how to reference specific concepts
  * CODING_STYLE: move out section about Types
  * CODING_STYLE: split out section about memory allocations
  * CODING_STYLE: split out section about file descriptors
  * CODING_STYLE: split out section about commiting to git
  * CODING_STYLE: Split out section about error handling
  * CODING_STYLE: split out section about command line parsing
  * CODING_STYLE: split out section about destructors
  * CODING_STYLE: export section about exporting symbols
  * CODING_STYLE: split out section about logging
  * CODING_STYLE: split out section about deadlocks
  * CODING_STYLE: add section about C constructs use
  * CODING_STYLE: split out section about runtime behaviour
  * CODING_STYLE: rename "Others" section to "Code Organization and Semantics"
  * Merge pull request #12311 from yuwata/timeout_abort_set-change-bool
  * Merge pull request #12301 from keszybz/silence-alignment-warning
  * Merge pull request #12305 from yuwata/import-more-headers-from-kernel-5-0
  * socket-util: make sure flush_accept() doesn't hang on unexpected EOPNOTSUPP
  * test: add test for flush_accept()
  * udev: whitespace fix
  * Merge pull request #12367 from keszybz/accept-check
  * Merge pull request #12366 from lkundrak/lr/olpc-xo-175-keyboard
  * Merge pull request #12351 from keszybz/sd-bus-add-symbol
  * calendarspec: make return time value of calendar_spec_next_usec() optional
  * run: when we determine a timer cannot elapse anymore, really just warn, nothing else
  * json: make log message more focussed
  * json: let's not accept embedded NUL bytes when allocating JSON strings
  * chown-recursive: also check mode before we bypass
  * Merge pull request #12407 from keszybz/two-unrelated-cleanups
  * Merge pull request #12322 from ljmf00/hwdb-accel-location-patch
  * switch-root: modernize rm_rf_children() invocation a bit
  * rm-rf: simplify rm_rf_children() a bit by using _cleanup_close_
  * units: drop reference to sushell man page
  * Merge pull request #12414 from keszybz/detect-podman
  * user-util: add generic make_salt() API
  * firstboot: port to make_salt()
  * Merge pull request #12428 from jwrdegoede/hwdb-logitech-kbds
  * test-functions: follow fedora dbus-daemon/dbus-broker rearrangements
  * tmpfiles: split out ~ mode handling into a helper function
  * tmpfiles: be more careful when adjusting chmod() + chown()
  * tests: add test for suid/sgid handling in tmpfiles
  * umask-util: simplify RUN_WITH_UMASK()
  * tests: add test for umask-util.h
  * Merge pull request #12439 from poettering/simplify-umask-util
  * Merge pull request #12420 from mrc0mmand/coccinelle-tweaks
  * Merge pull request #12218 from keszybz/use-libmount-more
  * alloc-util: reintroduce malloc_usable_size() into greedy_realloc()
  * test-alloc-util: let's test a few more things around GREEDY_REALLOC()
  * random-util: rename RANDOM_DONT_DRAIN → RANDOM_MAY_FAIL
  * random-util: use gcc's bit_RDRND definition if it exists
  * random-util: hash AT_RANDOM getauxval() value before using it
  * random-util: rename "err" to "success"
  * Merge pull request #12501 from keszybz/silence-strncpy-warnings
  * format-table: correct prototype
  * machinectl/loginctl: show json output if requested even if zero entries
  * fileio: add new WRITE_STRING_FILE_MKDIR_0755 flag for mkdir'ing parent
  * tree-wide: voidify a few calls
  * tree-wide: make use of the new WRITE_STRING_FILE_MKDIR_0755 flag
  * Merge pull request #11887 from evverx/fuzzbuzz
  * Merge pull request #12509 from poettering/table-fixlets
  * Merge pull request #12411 from keszybz/pr/12394
  * shared: add minimal varlink implementation
  * tests: add varlink test
  * fuzzer: add varlink fuzzer
  * journald: also offer flush/rotate/sync as varlink method calls
  * journalctl: port --flush/--sync/--rotate to use varlink method calls
  * journald: add API to move logging from /var to /run again
  * journalctl: add new --relinquish and --smart-relinquish options
  * units: automatically revert to /run logging on shutdown if necessary
  * man: document the two new journalctl commands
  * update TODO
  * Merge pull request #12526 from keszybz/some-trivial-follow-ups-for-the-varlink-pr
  * terminal-util: define grey as 256color ANSI sequence
  * terminal-util: reduce colors we define a bit
  * terminal-util: add complete set of inline functions for all colors we define
  * test: add test that shows all colors we define
  * journalctl: don't output ANSI sequences if disabled
  * Merge pull request #12518 from keszybz/naming-scheme
  * random-util: eat up bad RDRAND values seen on AMD CPUs
  * Merge pull request #12546 from jwrdegoede/hwdb-logitech-s510
  * Merge pull request #12565 from zachsmith/fix-log-message-typos
  * Merge pull request #12378 from rbalint/vt-kbd-reset-check
  * random-util: add a longer comment explaining our RDRAND use
  * docs: add comment about high 32bit range and signed uids
  * Merge pull request #12602 from keszybz/two-man-page-tweaks
  * json: fix minor memory leak on error path
  * Merge pull request #12626 from keszybz/oompolicy-check
  * loop-util: invoke LOOP_CTL_GET_FREE in a loop
  * journald: output a proper error message when the journal is used on fs that doesn't do mmap() properly
  * Merge pull request #12631 from keszybz/doc-and-error-message-tweaks
  * Merge pull request #12590 from keszybz/unicode-cmdlines
  * Merge pull request #12601 from keszybz/two-log-color-adjustments
  * seccomp: add scmp_act_kill_process() helper that returns SCMP_ACT_KILL_PROCESS if supported
  * core: prefer SCMP_ACT_KILL_PROCESS for SystemCallFilter= behaviour
  * test: use the new action in our tests
  * nspawn: expose the new seccomp actions in the OCI logic
  * NEWS: document the new SystemCallFilter= behaviour
  * service: tweak capitalization of unit description
  * test-execute: check exit code before exit status
  * test-execute: let's ignore the difference between CLD_KILLED and CLD_DUMPED
  * test-execute: turn off coredump generation in test services
  * machine-image: openat() doesn't operate on the cwd if the first argument is specified
  * udev: tag "leds" and "backlight" devices for association to a seat
  * logind: small simplification
  * logind: add SetBrightness() bus call for setting brightness of leds/backlight devices associated with a seat
  * logind: make sure the service gets access to the linger directory
  * logind: consider "greeter" sessions suitable as "display" sessions of a user
  * logind: make a constant array static
  * logind: make "self" and "auto" magic strings when operating on seats + sessions
  * loginctl: drop $XDG_SESSION_ID env var magic
  * logind: prefer hashmap_contains() over hashmap_get()
  * logind: validate /sys fs path a bit more strictly
  * logind: support self/auto seats for AttachDevice(), too
  * logind: convert ENXIO into 0, to signal 'not found' cleanly
  * update TODO
  * logind: split out dbus header files into their own
  * fs-util: rewrite chmod_and_chown()
  * tests: add simple test case for chmod_and_chown()
  * tmpfile-util: simplify umask reset declaration
  * tree-wide: port various places over to use chmod_and_chown()
  * terminal-util: reset access mode in vt_restore(), too
  * test-fs-util: don't validate mode of symlinks
  * meson: let's make unified cgroupsv2 the default
  * capability-util: be more careful with types
  * Merge pull request #12682 from keszybz/pull-in-user-targets
  * Merge pull request #12597 from keszybz/analyze-timestamp
  * test: exit cleanly on success
  * seccomp: add new 5.1 syscall pidfd_send_signal() to filter set list
  * Merge pull request #12449 from ljmf00/hwdb-accel-location-patch
  * sleep: properly pass verb to sleep script
  * Merge pull request #12810 from evverx/nonnull-attribute
  * core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX
  * tmpfiles: use path_join() where we can
  * tmpfiles: merge two nested if checks into one
  * tmpfiles: use common fd_is_mount_point() implementation in tmpfiles.c
  * Merge pull request #12758 from fbuihuu/nspawn-console-tty
  * journald: use memdup_suffix0() when copying string from potentially binary data
  * Merge pull request #12829 from yuwata/dhcp-memdup_suffix0
  * Merge pull request #12815 from irtimmer/dot-strict
  * Merge pull request #12837 from yuwata/tree-wide-lgtm-fixes
  * Merge pull request #12762 from yuwata/network-introduce-carrier-and-network-state-12752
  * capability: fix loops for cap_last_cap()
  * bus-creds: fix size calculation for storing caps data
  * bpf: use more TAKE_FD()
  * path-util: get rid of prefix_root()
  * Merge pull request #12836 from yuwata/tree-wide-replace-strjoin
  * update TODO
  * update TODO
  * Merge pull request #12866 from yuwata/strv_consume_cleanups
  * man: document that DynamicUser=1 implied sandboxing cannot be turned off
  * man: correct that Sockets= may not be undone
  * doc: make clear that --system and --user only make sense with --test
  * man: drop references to "syslog" and "syslog+console" from man page
  * man: document that sd_bus_creds_get_exec() is not suitable for security decisions
  * core: add missing space to DynamicUser=1 directory comment
  * core: migrate service directories back from private if needed
  * man: beef up systemd.exec(5)
  * Merge pull request #12870 from yuwata/tree-wide-further-path-join-cleanups
  * Merge pull request #12874 from yuwata/ethtool-make-ubsan-quiet
  * Merge pull request #12869 from poettering/dynamic-user-re-migrate
  * core: log when we convert from DynamicUser=1 to =0 or vice versa
  * core: mention why we do migration for everything but ConfigurationDirectory=
  * test: add test for DynamicUser=0 → =1 migration (and back)
  * man: improve --test documentation
  * man: say D-Bus, not dbus
  * some CODING_STYLE additions
  * Merge pull request #12877 from poettering/dynamic-user-re-migrate2
  * man: document tmpfiles.d/ user/group resolvability needs
  * blockdev-util: propagate actual error
  * blockdev: filter out invalid block devices early
  * blockdev-util: let us know if block_get_whole_disk() did anything
  * logind: drop old-style header from .sym file in favour of SPDX
  * json: use JSON_VARIANT_ARRAY_FOREACH() where we can
  * varlink: allow using varlink_wait() even with a server
  * Merge pull request #12954 from keszybz/var-log-dir
  * Merge pull request #12949 from yuwata/sd-netlink-sd-netlink-message-enter-array
  * dissect: split out DM deferred remove into src/shared/dm-util.c
  * fsck: split out fsck return code definitions into a header file of its own
  * portabled: Make use of SYNTHETIC_ERRNO()
  * varlink: add varlink server to event loop only if there is one
  * login: move file definitions outside of the conditionalization
  * units: add SystemCallErrorNumber=EPERM to systemd-portabled.service
  * Merge pull request #12939 from yuwata/lgtm-fixes
  * core: spaces rock
  * generator: downgrade Requires= → Wants= of fsck from /usr mount unit
  * tmpfiles: use log_syntax() for complaining about configuration file errors
  * Merge pull request #13005 from keszybz/fix-gcc-warning
  * Merge pull request #12965 from keszybz/auto-erase
  * Merge pull request #13009 from keszybz/efi-feature-xbootldr
  * Merge pull request #12926 from keszybz/urlify-logs
  * Merge pull request #12755 from keszybz/short-identifiers
  * Merge pull request #13011 from keszybz/auto-erase
  * Merge pull request #13006 from yuwata/network-split-dhcp-12917
  * Merge pull request #13018 from yuwata/network-tunnel-follow-up-13016
  * sd-bus: maintain a counter for incoming msgs
  * sd-bus: destroy AddMatch() reply slot in failure case too
  * sd-bus: when installing a match make sure not to apply it to already queued messages
  * rm-rf: introduce new flag REMOVE_MISSING_OK
  * core: add generic "clean" operation to units
  * core: hook up service unit type with the new clean operation
  * core: hook up timer unit type with clean operation
  * core: add type of resource string table
  * core: expose new clean operation on the bus
  * core: expose per-service cleaning properties on the bus, too
  * shared: add generic logic for waiting for a unit to enter some state
  * systemctl: add new "clean" operation to systemctl
  * systemctl: port "systemctl start --wait" logic to new bus-wait-for-units.c API
  * test: add testcase for new CleanUnit logic
  * man: document new "systemctl clean…" operation
  * update TODO
  * json: always allocate at least sizeof(JsonVariant) bytes
  * Merge pull request #12176 from poettering/clean-dir2
  * Merge pull request #12461 from Werkov/fix-job-ordering
  * Merge pull request #12750 from keszybz/tmpfiles-c-copy
  * tmpfiles: fix build
  * tmpfiles: use path_join() where it makes sense
  * Merge pull request #13017 from yuwata/network-neighbor-lladdr-13015
  * errno-util: add new errno_or_else() helper
  * tree-wide: make use of errno_or_else() everywhere
  * tree-wide: get rid of strappend()
  * Merge pull request #13022 from keszybz/coverity-cleanups
  * alloc-util: drop _alloc_(2, 3) decorator from memdup_suffix0_multiply()
  * test: modernize test-alloc-util.c test a bit
  * util-lib: fix comment
  * Merge pull request #13034 from poettering/memdup-suffix0-multiply-fixo
  * man: document that the supplementary groups list is initialized from User='s database entry
  * man: be more explicit that Type=oneshot services are not "active" after starting
  * man: document that "systemd-analyze blame/critical-chain" is not useful to track down job latency
  * man: document that WakeSystem= requires privs
  * man: CPUShares= is so 2015
  * man: add example for setting multiple properties at once
  * util-lib: [static] array argument sizes are apparently not OK for NULL parameters
  * tree-wide: some more [static] related fixes
  * alloc-util: drop _alloc_ decorator from memdup_suffix0()
  * killall: bump log message about unkilled processes to LOG_WARNING
  * shutdown: use "int" for log level type
  * sysctl: add sysctl_writef() helper
  * shutdown: rework bump_sysctl_printk_log_level() to use sysctl_writef()
  * shutdown: bump kmsg log level to LOG_WARNING only
  * shutdown: merge variable declaration lines a bit
  * main: use sysctl_writef() where appropriate
  * factory: tighten PAM configuration
  * factory: add comment to PAM file, explaining that the defaults are not useful
  * factory: include pam_keyinit.so in PAM factory configuration
  * firstboot: suppress locale menu if there's nothing to choose from
  * firstboot: use color in welcome text
  * locale-util: normalize UTF-8 locale names
  * locale-util: suppress non-UTF-8 locales when enumerating them
  * Merge pull request #13042 from poettering/locale-utf8-fix
  * NEWS: add some notes for v243
  * Merge pull request #13063 from keszybz/cgroup-path-fixes
  * cryptsetup: no need to zero-initialize zero-initialized structures
  * tree-wide: use empty-to-root a bit more
  * shared: no need to check result of strndupa()
  * format-table: fix parameter name
  * test: make sure colors don't confuse our test
  * format-table: add ability to set cell attributes within table_add_many()
  * format-table: add some minimal testing for new table_add_many() features
  * analyze: port over one part of systemd-analyze to use new table_add_many() concepts
  * activate: move array allocation to heap
  * journal: properly read unaligned le64 integers
  * Merge pull request #13073 from poettering/variety-galore
  * Merge pull request #13074 from poettering/format-tree-many
  * Merge pull request #12925 from yuwata/network-generator
  * copy: optionally check for SIGINT regularly, and abort operation safely
  * btrfs-util: expose SIGINT behaviour in snapshot copy fallback, too
  * nspawn: make use of SIGINT handling when copying files
  * Merge pull request #12675 from yuwata/network-set-dns
  * Merge pull request #13091 from poettering/nspawn-copy
  * Merge pull request #13092 from keszybz/coverity-fixes
  * Merge pull request #13080 from keszybz/firstboot-fixes
  * Merge pull request #13086 from yuwata/network-dhcp6-cleanups
  * Merge pull request #13047 from niedbalski/fix-5552-pr
  * core: never propagate reload failure to service result
  * Merge pull request #13107 from keszybz/lvalue-rvalue
  * Revert "Add check to switch VTs only between K_XLATE or K_UNICODE"
  * Revert "Move verify_vc_kbmode() to terminal-util.c as vt_verify_kbmode()"
  * vconsole-setup: rename toggle_utf8() → toggle_utf8_vc()
  * Merge pull request #12639 from michaelolbrich/job-order
  * mount: simplify /proc/self/mountinfo handler
  * mount: rescan /proc/self/mountinfo before processing waitid() results
  * swap: scan /proc/swaps before processing waitid() results
  * mount: rename update_parameters_proc_self_mount_info() → update_parameters_proc_self_mountinfo()
  * Merge pull request #13133 from keszybz/pstore-return-value
  * nspawn: explicitly load units beforehand so that DeviceAllow= syntax works
  * units: make sure logind can properly reference drm char class
  * man: document the modprobe hack for DeviceAllow=
  * Merge pull request #13109 from poettering/revert-kbd-mode
  * Merge pull request #13136 from keszybz/readd-ntp-units.d
  * NEWS: more additions in preparation von v243
  * sd-daemon: don't mention strerror_safe() in examples in public headers
  * meson: bump version for package and .so
  * logind: add missing OOM check in client tool
  * logind: check return value of inhibitor_start()
  * logind: use gcc empty structure initialization
  * logind: don't claim we'd preallocate VTs when we shortcut it
  * logind: use log_warning_errno() return value where we can
  * logind: drop redundant session_id_valid() check
  * logind: cast to (void) when we ignore a syscall return value that is potentially dangerous
  * logind: unify inhibitor signal generation in a single function
  * logind: add logging to inhibitor_load()
  * logind: use free_and_replace() where that makes sense
  * logind: rework allocation/freeing of inhibitors
  * logind: un-export and voidify a few functions
  * logind: at start-up automatically clean up orphaned inhibitors
  * logind: make id const, since it points into another buffer
  * logind: don't unlink session fifo when exiting logind
  * Merge pull request #13148 from poettering/v243-news-more
  * Merge pull request #12977 from yuwata/network-route-type-local-12975
  * core: add spdx header to all-units.h
  * hwdb: run 'meson hwdb-update'
  * efi: remove trailing whitespace in string
  * efi: drop unused define
  * bootctl: show correct error code
  * update TODO
  * factory: add default /etc/issue file
  * netlink: move local-addresses.[ch] to src/shared
  * local-addresses: filter out any routing tables but the main one
  * meson: reorder alphabetically
  * Merge pull request #13118 from bluca/shutdown_watchdog_kexec
  * man: highlight the different concepts behind h/H and t/T
  * Merge pull request #13168 from ssahani/fix-dhcp-route-no-parsing
  * Revert "timesyncd: add Conflicts for ntpd and chronyd"
  * update NEWS with more recently commited stuff
  * core: try to reopen /dev/kmsg again right after mounting /dev
  * fs-util: add fsync_full() helper
  * xattr-util: document that we NUL suffix
  * efi: modernize file_read() a bit
  * efi: add log_oom() helper
  * efivars: modernize efi_get_variable() a bit
  * bootctl: use the fact that startswith() returns the suffix
  * bootctl: drop const from non-pointer function argument
  * bootctl: shortcut configuration file parsing
  * bootctl: add new feature flag for indicating random seed management support
  * efi: steal glibc sha256 implementation
  * sd-boot: read random seed from ESP and pass it to OS
  * core: take random seed from boot loader and credit it to kernel entropy pool
  * random-seed: move pool size determination to random-util.[ch]
  * bootctl: add new verb for initializing a random seed in the ESP
  * bootctl: show random seed state
  * units: automatically initialize the system token if that makes sense
  * random-seed: reduce scope of variable
  * random-seed: drop falling back to O_WRONLY if O_RDWR on /dev/urandom doesn't work
  * random-seed: rework systemd-random-seed.service substantially
  * docs: document new random seed EFI vars as part of the boot loader interface
  * man: document the systemd-random-seed rework
  * bootctl: add is-installed verb
  * man: extend on the --print-boot-path description a bit
  * docs: add longer document about systemd and random number seeds
  * TODO: remove apparently fixed issue from TODO
  * update TODO
  * update TODO
  * sysctl: switch to log_syntax()
  * sysctl: reset 'r' only where needed
  * sysctl: if options are prefixed with "-" ignore write errors
  * man: document the new sysctl.d/ - prefix
  * Revert "Revert "sysctl: Enable ping(8) inside rootless Podman containers""
  * sysctl: prefix ping port range setting with a dash
  * NEWS: mention the new sysctl.d/ - prefix
  * Merge pull request #13188 from yuwata/news-igmp-version
  * Merge pull request #13186 from keszybz/tmpfiles-postponement
  * Merge pull request #13195 from keszybz/minor-rewordings
  * Merge pull request #13194 from keszybz/chase-symlinks-testing
  * nspawn: allow --volatile=yes instances of -D /
  * nspawn: don't look for .nspawn file above the top-level directory, it makes no sense
  * nspawn: always take exclusive locks of ephemeral OS tree copies
  * shared: allow LOCK_SH locks on the host root in OS images
  * nspawn: when operating on the host image, let's move the root to a different directory first, via a bind mount
  * man: document the kernel command line options to use when logging to kmsg
  * more 243 news
  * nspawn: print an explanatory error when people try to use --volatile=yes on distros that are not /usr-merged
  * man: document that --volatile=yes is not supported for split /usr systems
  * update TODO
  * man: document default HibernateDelaySec= setting
  * Merge pull request #13184 from poettering/nspawn-usr-root
  * Merge pull request #13209 from poettering/nspawn-volatile-merged-usr
  * analyze: dot(1) man page link should be urlified
  * format-table: optionally show a specific string in empty cells
  * format-table: if NULL is spcified as data, let's patch to an empty cell
  * format-table: add table_fill_empty() to fill in empty cells until the specified column is reached
  * format-table: automatically show empty cells in grey
  * format-table: add TABLE_PID cell type
  * busctl: port "busctl list" to format_table.h
  * TODO: remove item implemented in f05e1ae6660
  * udev: warn on rules files with weird access modes
  * TODO: drop udev access mode item we just implemented
  * update TODO
  * Merge pull request #13207 from keszybz/symbolic-exit-code-names
  * exit-status: rename EXIT_STATUS_GLIBC → EXIT_STATUS_LIBC
  * analyze: always use "int" to display exit status values
  * analyze: rename "exit-codes" to "exit-status"
  * analyze: right-align exit status column
  * man: remove trailing space in link in HTML output
  * Merge pull request #13201 from yuwata/networkctl-merge-table_add_cell
  * analyze: clarify that 'exit-status' optionally takes arguments
  * Merge pull request #13004 from shinygold/master
  * Merge pull request #13217 from poettering/TODO-updates
  * Merge pull request #13216 from poettering/busctl-format-table
  * update TODO
  * Merge pull request #13119 from keszybz/unit-loading-2
  * cryptsetup-generator: fix coverity issue
  * unit-file: fix coverity issue
  * test-chase-symlinks: fix coverity issue
  * job: fix coverity issue
  * man: reword DeviceAllow= documentation
  * logind: set description for inhibitor event source
  * docs: fix env var name in random seed markdown documentation
  * firstboot: drop duplicate trailing whitespace from root pw question
  * TODO: add more, and drop implemented stuff
  * Merge pull request #13318 from ddstreet/s390_seccomp
  * Merge pull request #13302 from yuwata/network-set-put-fixes
  * sysusers: properly mark generated accounts as locked
  * networkctl: avoid outputting '(null)' for LLDP ports without description
  * unit-file: downgrade accidentaly high-prio debug log message
  * Merge pull request #13353 from keszybz/analyze-cat-config-relabel-extra.d
  * Merge pull request #13356 from keszybz/static-nodes-perms
  * Merge pull request #13360 from keszybz/udev-watch-more
  * update TODO
  * log: cast various log_open() calls to (void)
  * terminal-util: add fallback logic to make_console_stdio()
  * log: don't invalidate open console fd if we can't open a new one
  * load-fragment: use path_join() where appropriate
  * manager: simplify manager_get_confirm_spawn() a bit
  * fsck: add logging and fix error codes where appropriate
  * Merge pull request #13368 from keszybz/close-watchdog
  * journald: slightly bump OOM adjust for journald (#13366)
  * Merge pull request #13600 from keszybz/ratelimit
  * Merge pull request #13866 from keszybz/nspawn-restarts
  * seccomp: add new Linux 5.3 syscalls to syscall filter lists
  * analyze: sort list of unknown syscalls kernel implements
  * analyze: fix minor memleak
  * sd-event: don't invalidate source type on disconnect
  * meson: correct man page deps
  * user-util: tweak to in_gid()
  * test: add really basic in_gid() test
  * cgroup: add some basic OOM safety where it was missing
  * cpuset: fix indentation and log about OOM we otherwise ignore
  * cgroup: add missing OOM check, and shorten code a bit
  * pid1: rework environment block copy logic
  * static-destruct: add missing closing '(' in comment
  * update TODO
  * Merge pull request #13905 from poettering/cpuset-fixes
  * nspawn: mangle slice name
  * fs-util: let's avoid unnecessary strerror()
  * bootctl: create leading dirs when "bootctl random-seed" is called if needed
  * time-util: always accept UTC as valid timezone
  * time-util: uniquify timezone list, in case UTC is listed in timezone1970.tab, too
  * update TODO
  * meson: order list of dependencies of libshared alphabetically
  * time-util: treat /etc/localtime missing as UTC
  * timedated: handle UTC specially, when generating /etc/localtime
  * timedated: it might be that tzinfo files are just not installed
  * update TODO
  * tree-wide: fix how we set $TZ
  * analyze: add --base-time= to specify base time for 'calendar' verb
  * man: document --base-time= for systemd-analyze
  * update TODO
  * analyze: drop spurious newline
  * Merge pull request #13868 from keszybz/run-exit-code
  * Merge pull request #13994 from keszybz/bpf-refactor
  * Merge pull request #14010 from poettering/localtime-symlink
  * Merge pull request #14017 from poettering/analyze-calendar-tweaks
  * ask-password: don't hit assert() when we query pw which the user C-d and caching is enabled
  * seccomp: more comprehensive protection against libseccomp's __NR_xyz namespace invasion
  * polkit-agent: don't use an inline function
  * ask-password-agent: introduce ask_password_agent_open_if_enabled()
  * machinectl: spawn ask password agent on "start"
  * shutdown: make logging more useful if NULL swap/mount table files are specified
  * umount: be happy if /proc/swaps doesn't exist
  * umount: log on all errors
  * Merge pull request #13940 from keur/protect_kernel_logs
  * Merge pull request #14037 from poettering/machinectl-pw-agent
  * id128: add new "-u" switch for outputting Ids in UUID format
  * id128: drop "MESSAGE_" prefix of pretty output
  * sd-bus: invalidate connection when Hello() fails
  * Merge pull request #14039 from keszybz/systemd-man
  * Merge pull request #14043 from poettering/shutdown-noswap-fix
  * Merge pull request #14038 from keszybz/hwdb-update
  * mount: extend list of extrinsic mounts a bit
  * mount: do not update exec deps on mountinfo changes
  * tree-wide: clean up --help texts a bit
  * pam-systemd: include PAM error code in all our log messages where that makes sense
  * format-table: add UID/GID output support to format-table.h
  * login: port tables over to use TABLE_UID/TABLE_PID
  * pam-systemd: remove duplicate error logging
  * pam-systemd: voidify pam_get_item() calls
  * pam_systemd: don't use PAM_SYSTEM_ERR for something that isn't precisely a system error
  * pam_systemd: add one more assert
  * cryptsetup: minor coding style clean-ups
  * cryptsetup: use STR_IN_SET() where appropriate
  * update TODO
  * xattr-util: modernize getxattr_malloc() a bit
  * xattr-util: add flistxattr_malloc() that returns a NULSTR
  * copy: port over to flistxattr_malloc() and fgetxattr_malloc()
  * test-copy: test that xattrs are properly copied
  * errno: add new ERRNO_IS_NOT_SUPPORTED() helper
  * ask-password: skip kernel keyring logic if we see EPERM
  * pam_systemd: prolong method call timeout when allocating session
  * Merge pull request #14085 from poettering/ask-password-api
  * test: make sure our tests get exclusive TTY access
  * errno-util: add ERRNO_IS_PRIVILEGE() helper
  * core: be more lenient when checking whether sandboxing is necessary
  * core: don't insist on ProtectHostname= if unshare() is blocked
  * update NEWS
  * Merge pull request #14090 from poettering/clonenewns-fix
  * cgroup-util: add new cg_remove_xattr() for removing xattr from cgroup
  * core: set "trusted.delegate" xattr on cgroups that are delegation boundaries
  * cgls: show delegation boundaries by underlining the cgroup in the output
  * cgls: visually separate processes from cgroups
  * update TODO
  * bootctl: make 'random-seed' handle inability to write system token EFI variable gracefully
  * varlink: fix support for more/continues method calls
  * varlink: move connection fds > fd2
  * varlink: port varlink code over to use getdtablesize() for sizing number of concurrent connections
  * varlink: drop too much whitespace
  * varlink: fix enablement of varlink timeout event source
  * process-util: tweak get_process_cwd() when calling for own process
  * process-util: shortcut get_process_comm() for our own process
  * process-util: shortcut get_process_state() for our own process
  * test-fileio: cast EOF to (char) before comparing with char explicitly
  * core: write out correct field name when creating transient service units
  * core: prefer non-@ syntax for ExecStart=
  * Merge pull request #14164 from poettering/exec-start-transient-fix
  * systemctl: fix indentation of cgroup tree
  * test-functions: make sure we use the right library path for binaries without RPATH
  * nspawn: highlight description string in --help text
  * notify: add color to --help
  * man: drop reference to machined, add one for journald instead
  * Merge pull request #14179 from poettering/help-fixlets
  * man: apparently we lowercased STDOUT/STDERR everywhere else in docs, do so here too
  * man: add reference to journald man page from systemd.journal-fields(7)
  * man: don't claim journalctl would still use signals
  * journalctl: return EOPNOTSUPP if pcre is not enabled
  * journald: remove unused field
  * journalctl: pager_close() calls fflush(stdout) anyway as first thing
  * journald: don't ask for the machine ID if we don't need it
  * man: document sd_event_source_set_floating()
  * update TODO
  * README: use more appropriate logo format for README
  * README: move logo up, like on brand.systemd.io README
  * NEWS: update for final 244
  * hwdb: run another 'hwdb-update'
  * update TODO
  * fileio: add an openat() flavour for fopen()
  * fileio: add 'dir_fd' parameter to read_full_file_full()
  * fileio: add WRITE_STRING_FILE_MODE_0600 flag for writing files
  * json: beef up strv parser to also accept a single string instead of an array of strings
  * json: add new json_variant_is_blank_{object,array}() helpers
  * json: add new API json_variant_filter() for dropping fields from objects
  * json: add new json_variant_set_field() helper
  * json: add a new "sensitive" flags for JsonVariant objects
  * json: add json_parse_file_at() helper
  * json: add flags parameter to json_parse_file(), for parsing "sensitive" data
  * json: optionally, make string checks stricter when dispatching strings
  * json: add json_variant_strv() helper that converts a json variant to an strv
  * nspawn-oci: use new json_variant_strv() helper
  * json: add json_variant_set_field_string() and json_variant_set_field_unsigned()
  * json: add json_variant_merge() helper
  * json: add concept of normalization
  * json: add new helper json_variant_new_base64()
  * json: add new helper json_variant_append_array()
  * json: allow putting together base64 fields with json_build()
  * json: add ability to generate empty arrays/objects in json builder
  * json: permit 'null' as a way to reset tri-states to default
  * json: add explicit log call for ENOMEM
  * json: add new flag for forcing a flush after dumping json data to file
  * json: add json_variant_unbase64() helper
  * json: add json_variant_set_field_integer() and json_variant_set_field_boolean() helpers
  * json: add more dispatch helpers
  * json: teach json_build() to build arrays from C arrays of JsonVariant
  * json: add const string dispatcher
  * json: add new output flag JSON_PRETTY_AUTO
  * Merge pull request #14216 from jwrdegoede/hwdb-teclast-sensors
  * loop-util: accept loopback flags when creating loopback device
  * loop-util: add API to refresh loopback device size and opening existing loopback block devices
  * loop-util: allow creating loopback block devices with offset/length
  * loop-util: allow refreshing offset
  * loop-util: add api for locking the block device with flock()
  * loop-util: optionally also resize partitions
  * loop-util: fill in the loopback number, even a posteriori
  * loop-util: if we fail to fully set up a loop device, detach it again
  * valgrind: temporarily handle that valgrind still doesn't know LOOP_GET_STATUS64
  * pid1: add new kernel cmdline arg systemd.cpu_affinity=
  * Merge pull request #14189 from cgzones/selinux_tmpfiles
  * Merge pull request #14177 from keszybz/use-initrd.target
  * Merge pull request #14133 from keur/clear_ambient_inherited
  * sd-event: drop unnecessary local variable
  * sd-event: (void)ify some epoll_ctl() syscall invocations
  * missing: define new pidfd syscalls
  * missing: add rt_sigqueueinfo() syscall definition
  * process-util: add helper pidfd_get_pid()
  * sd-event: add pidfd support
  * signal-util: add new helper signal_is_blocked()
  * sd-event: make use of new signal_is_blocked() helper
  * sd-event: refuse sd_event_add_child() if SIGCHLD is not blocked
  * test: add test for pidfd support in sd-event
  * man: don't claim we'd unblock the specified signal in sd_event_add_signal()
  * man: mention that SIGCHLD has to be blocked before using sd_event_add_child()
  * man: document the new sd-event pidfd magic
  * sd-event: refuse running default event loops in any other thread than the one they are default for
  * parse-util: sometimes it is useful to check if a string is a valid integer, but not actually parse it
  * ordered-set: add ordered_set_first() helper
  * errno-util: add new ERRNO_IS_DISK_SPACE() helper
  * memory-util: introduce erase_and_free() helper
  * string-util: readd string_erase()
  * user-util: export is_nologin_shell() so that we can use it elsewhere
  * user-util: add uid_is_container() for checking whether UID is in container range
  * tmpfile-util: if no path is passed to fopen_temporary() make one up
  * tmpfile-util: modernize mkostemp_safe() a bit
  * process-util: add new safe_fork() flag for connecting stdout to stderr
  * main-func: send main exit code to parent via sd_notify() on exit
  * missing: add XFS magic
  * shared: add new wrapper for online fs resizing ioctls
  * Merge pull request #13886 from poettering/sd-event-pidfd
  * Merge pull request #14218 from poettering/homed-preparatory-small-stuff
  * sd-bus: add new call sd_bus_message_sensitive() and SD_BUS_VTABLE_SENSITIVE
  * sd-bus: don't include properties maked as "emit-invalidation" in InterfacesAdded signals
  * Merge pull request #14111 from keszybz/unknown-section-warning
  * Merge pull request #14167 from cpaelzer/fix-MemoryDenyWriteExecute-x86-s390-bug-1853852-UPSTREAM
  * Merge pull request #14253 from keszybz/cleanups
  * Merge pull request #14252 from keszybz/growfs-port-resizefs
  * macro: avoid subtraction overflow in ALIGN_POWER2()
  * macro: introduce new GREEDY_ALLOC_ROUND_UP() helper
  * test-util: add more tests for ALIGN_POWER2
  * strv: when growing strv arrays piecemeal actually allocate memory in exponential steps
  * shared: add openssl helpers
  * shared: add pkcs11-util.[ch]
  * udev: mark all ccid/security devices with a special tag
  * cryptsetup: add native pkcs#11 support to cryptsetup
  * man: document pkcs#11 hookup in /etc/crypttab
  * id128: introduce ID128_UUID_STRING_MAX for sizing UUID buffers
  * tree-wide: use SD_ID128_STRING_MAX where appropriate
  * docs: place all our markdown docs in rough categories
  * docs: beef up entrypoint documentation page
  * Merge pull request #14306 from poettering/markdown-category
  * man: fix typo in net-naming-scheme man page
  * docs: use `` quotes for marking identifiers of some form
  * docs: fix markdown links
  * docs: direct to systemd.io version of naming scheme docs
  * hwdb: trivial indentation fix
  * locale-util: drop weird invisible unicode codepoints accidentally inserted in comment
  * Merge pull request #14321 from yuwata/network-generator-14319
  * Merge pull request #14269 from DaanDeMeyer/enable-mounts-on-root
  * blockdev-util: rework get_block_device()
  * docs: make sure there's only one # markdown header in each file
  * nspawn: fix overlay with automatic temporary tree
  * Merge pull request #14350 from yuwata/network-udev-altnames-support
  * Merge pull request #14196 from keszybz/gpt-auto-generator-debugging
  * Merge pull request #14261 from keszybz/loop-utils-and-efivars
  * github: use systemd.io links in issue template
  * docs: CSS files should not be executable
  * efivars: properly NUL terminate EFI variables when reading
  * Merge pull request #14241 from keszybz/resume-timeout
  * Merge pull request #14267 from poettering/pkcs11-cryptsetup
  * time-util: deal with systems where userspace has 64bit time_t but kernel does not
  * man: we support growing xfs too these days
  * man: whitespace fix
  * man: tweaks to the crypttab(5) man page
  * cryptsetup-pkcs11: refuse keys above 16MiB size
  * cryptsetup-pkcs11: line break some overly long lines
  * cryptsetup-pkcs11: just return zero on success, no need to return anything else
  * basic: add quota-util.[ch] with some helpers for the Linux quotactl() API
  * chown-recursive: move src/core/chown-recursive.[ch] → src/shared/
  * chown-recursive: add fd based API
  * varlink: add varlink_close_unref() helper
  * man: add man page for sd_bus_message_sensitive()
  * sd-event: don't allocate event queue array on stack
  * update TODO
  * Merge pull request #14377 from keszybz/fixups
  * Merge pull request #14376 from poettering/sd-event-no-stack
  * Merge pull request #13823 from anitazha/unpriv_privateusers
  * Merge pull request #14388 from anitazha/man_uid_updates
  * time-util: also use 32bit hack on EOVERFLOW
  * Merge pull request #14378 from keszybz/unit-docs
  * Merge pull request #14329 from anitazha/user_invocation_id
  * Revert "Drop dbus activation stub service"
  * umount: line break comments again
  * umount: remove unneeded variable
  * umount: show correct error message
  * umount: detect root loopback device the same way as we detect root DM devices
  * umount: check LO_FLAGS_AUTOCLEAR after LOOP_CLR_FD claimed success
  * umount: when we fail to detach a loopback device, set the auto-clear flag
  * dissect: introduce new recognizable partition types for /var and /var/tmp
  * docs: import discoverable partitions spec
  * man: document /var/tmp/ and /var/ handling in systemd-gpt-auto-generator man page
  * update TODO
  * Merge pull request #14441 from GothAck/gothack_type.d_dropin_test_master
  * Merge pull request #14444 from yuwata/network-codel-more
  * Merge pull request #13748 from jwrdegoede/hwdb-updates2
  * udev: move naming-scheme.[ch] into src/shared/
  * test: add test case for setpriority_closest()
  * Merge pull request #14467 from poettering/nspawn-short-names-rework
  * Merge pull request #14401 from DaanDeMeyer/nspawn-move-veth-back-to-host
  * Merge pull request #14469 from aburch/man-tmpfiles.d-minor-improvements
  * Merge pull request #14194 from yuwata/network-multipath-routing-12541
  * test: use symlinks for Makefiles
  * test: hardcode shell to use
  * test: don't rely on "nobody" user for TEST-43
  * testsuite: drop "systemctl is-system-running --wait" invocation
  * test: hardcode shell to use
  * test: don't rely on "nobody" user for TEST-43
  * testsuite: drop "systemctl is-system-running --wait" invocation
  * core: don't check error parameter of get_name_owner_handler()
  * core: don't check potentially NULL error, it's not gonna work anyway
  * core: shorten code a bit
  * core: no need to eat up error
  * core: create/remove unit bus name slots always together
  * core: drop initial ListNames() bus call from PID 1
  * docs: move container interface docs from wiki to markdown
  * man: change links to container interface doc to https://systemd.io/
  * Merge pull request #14420 from DaanDeMeyer/nspawn-fix-read-only-overlay-rootfs
  * locale-util: extend comments on unicode glyph use, and drop mdash (that actually was an ndash)
  * Merge pull request #14481 from yuwata/virt-string-table
  * man: slightly extend documentation on difference between ID_NET_NAME_ONBOARD and ID_NET_LABEL_ONBOARD
  * man: fix documentation of IBM VIO device naming
  * udev: use dot_or_dot_dot() where appropriate
  * bpf-devices: line-break some overly long function signatures
  * unit: make sure to pull in modprobe@loop.service when RootImage= is used with DeviceAllow=
  * units: tweaks to modprobe@.service
  * man: stop recommending modprobe -abq in ExecStartPre=
  * Merge pull request #14499 from yuwata/network-gateway-dhcp
  * boot: fix osrel parser
  * gpt-auto: don't assume XBOOTLDR is vfat
  * Merge pull request #14512 from poettering/root-image-devices
  * Merge pull request #14511 from keszybz/sleep-check-rework
  * Merge pull request #14518 from keszybz/interface-text
  * Merge pull request #14448 from yuwata/network-permanent-mac-address
  * test: minor typo fix
  * core: clearly refuse OnFailure= deps on units that can't fail
  * man: document that scope units can fail, but not due to process exit statusses
  * man: small casing fix
  * path-util: introduce path_strv_contains() helper
  * path-util: express PATH_IN_SET() through path_strv_contains()
  * install: use path_strv_contains() where appropriate
  * namespace: tweak checks whether we can mount image read-only
  * core: when we cannot open an image file for write, try read-only
  * core: propagate service state to socket in more load states
  * mount-util: rename cleaned → simplified, because that's what we actually did here
  * mount-util: don't mask away MS_RDONLY twice
  * mount-util: clean up get_mount_flags()
  * mount-util: line break overly long function prototypes
  * core: make sure we use the correct mount flag when re-mounting bind mounts
  * core: be more restrictive on the dependency types we allow to be created transiently
  * Merge pull request #14525 from yuwata/mount-use-format-table
  * core: expose swap priority value via dbus only if it is set
  * core: no need to initialize swap structure fields if all zeroes anyway
  * core: initialize priority_set when parsing swap unit files
  * core: use unit-based logging instead of generic logging where appropriate
  * core: set error value correctly
  * core: fix re-realization of cgroup siblings
  * format-table: allow forcing arbitrary width tables
  * Merge pull request #14538 from yuwata/xyzctl-full
  * Merge pull request #14508 from poettering/namespace-ro-fix
  * Merge pull request #14533 from poettering/swap-prio-fixes
  * man: document that we mkdir() on What= in .mount units too
  * man: we support bind mounting regular files too
  * Merge pull request #14549 from keszybz/portability-and-stability
  * string-util: let's add helper for truncating string after a specified number of lines
  * string-util: add helper for extracting n'th line of a string
  * format-table: natively support multiline cells
  * machinectl: modernize address table handling
  * man: suffix parameter with = in our documentation, if it expects an argument
  * Merge pull request #14532 from poettering/namespace-dynamic-user-fix
  * Merge pull request #14293 from keur/systemctl_with_dependencies
  * Merge pull request #11199 from dargad/restore-pam-setcred
  * Merge pull request #14381 from keszybz/ifindex-cleanup
  * Merge pull request #14400 from keszybz/alias-check
  * docs: convert root storage daemon doc to markdown
  * killall: update reference to root storage daemon interface docs
  * docs: various small fixes to PORTABILITY_AND_STABILITY markdown
  * docs: import initrd interface documentation from fdo wiki
  * Merge pull request #14561 from keszybz/docs-deellipsisize
  * docs: drop "The" in categorization titles of Markdown documentation
  * docs: uppercase all markdown document titles
  * cgroup: use log_warning_errno() where possible
  * cgroup: no need to cast dev_t to dev_t
  * cgroup: drop unnecessary {}
  * cgroup: update only siblings that got realized once
  * cgroup: drop redundant if check
  * logind: refuse overriding idle hint on tty sessions
  * Merge pull request #14570 from keszybz/resource-docs
  * cgroup: minor comment improvement
  * docs: rework HTML into GitHub Markdown table
  * Merge pull request #14573 from keszybz/docs-index
  * Merge pull request #14424 from poettering/watch-bus-name-rework
  * nss-util: add macros for generating getpwent()/getgrent() prototypes
  * shared: split out crypt() specific helpers into its own .c/.h in src/shared/
  * libcrypt-util: add superficial validator for UNIX hashed password strings
  * shared: add generic user/group record structures and JSON parsers
  * shared: add helpers for converting NSS passwd/group structures to new JSON objects
  * shared: add internal API for querying JSON user records via varlink
  * shared: add helpers for displaying new-style user/group records to users
  * userdbd: add new service that can merge userdb queries from multiple clients
  * userdbd: add userdbctl tool as client for userdbd
  * core: make return parameter of dynamic_user_lookup_name() optional
  * core: add user/group resolution varlink interface to PID 1
  * nss: hook up nss-systemd with userdb varlink bits
  * logind: port to UserRecord object
  * logind: enforce user record resource settings when user logs in
  * logind: honour killProcesses field of user record
  * logind: honour per-user stopDelayUSec property
  * shared: add pam utility helpers
  * pam-systemd: port to pam_bus_log_{create|parse}_error() and pam_log_oom()
  * pam-systemd: share bus connection with pam_systemd_home if we can
  * pam-systemd: port over to use a UserRecord structure
  * pam-systemd: normalize return values of append_session_xyz()
  * pam-systemd: apply user record properties to session
  * man: document new pam_systemd features in man page
  * man: document userdbctl(1)
  * man: document systemd-userdbd.service
  * man: document the new nss-systemd behaviour
  * docs: add documentation for JSON user records
  * docs: add documentation for JSON group records, too
  * docs: add documentation for the varlink user/group APIs
  * execute: add const to array parameters, where possible
  * execute: allow pam_setcred() to fail, ignore errors
  * Merge pull request #14375 from poettering/userdb
  * core: on each iteration processing /proc/self/mountinfo merge all discovery flags for each path
  * Merge pull request #14585 from keszybz/sysctl-downgrade-messages
  * docs: clarify that we don't want to own $BOOT exclusively
  * man: document that program invocation will fail if the User= does not exist
  * man: document how error propagation to path units works
  * man: document the limits of the block device discovery for IO cgroup options
  * man: suggest SYSTEMD_WANTS usage instead of RUN for long running processes
  * man: mention that Before= doesn't work for device units
  * man: underline that AccuracySec= is about coalescing timer events, nothing else
  * man: document that rootflags= does not override /etc/fstab
  * man: extend on halt documentation
  * man: clarify that user rlimits cannot go beyond limits set for service mgr
  * docs: in PORTABILITY_AND_STABILITY only use one h1
  * docs: let's reduce our spurious whitespace a bit
  * docs: uppercase are headers
  * man: document that WakeSystem= affects clock choice
  * Merge pull request #14592 from keszybz/simplifications
  * core: never allow perpetual units to be masked
  * mount: make checks on perpetual mount units more lax
  * tree-wide: we forgot to destroy some bus errors
  * core: make sure StandardInput=file: doesn't get dup'ed to stdout/stderr by default
  * test: add test for https://github.com/systemd/systemd/issues/14560
  * makefs: simplify SPDX header
  * id128: move make_v4_uuid into id128-util.h to make it generally useful
  * format-table: add support for formatting uuids/id128 values
  * locale-util: add block drawing special glyphs
  * locale-util: add special glyph Σ
  * conf-parser: add parser for 32bit signed integers
  * repart: add new systemd-repart tool
  * mkosi: modernize
  * units: add unit file for systemd-repart to automatically run at boot
  * test: add repart test
  * man: document systemd-repart
  * ci: add dependencies for repart + cryptsetup's pkcs#11 support
  * update TODO
  * import: don't complain if FS_NOCOW_FL is not available
  * import: put a time-out on downloads
  * import: let's disable UNIX signal generation from curl
  * strv: get rid of strv_clear()
  * hwdb: use strv_extend() where we can
  * hwdb: fix error numbers passed to log_syntax()
  * Merge pull request #14595 from poettering/stdin-file-fix
  * generator: order growfs for the root fs after systemd-remount-fs
  * json: lower maximum allowed recursion to 2K
  * core: show the UID we cannot parse
  * core: make a number of functions not used externally static
  * hwdb: fix whitespace issue
  * hwdb: merge identical entries
  * hwbd: add Asus TP500LA
  * journal: don't use startswith() on something that is not a NUL-terminated string
  * resolved: drop DNSSEC root key that is not valid anymore
  * Merge pull request #14622 from poettering/uid-ref-fixlets
  * Merge pull request #14617 from poettering/no-strv-clear
  * timesyncd: log louder when we refuse a server due to root distance
  * Merge pull request #14605 from aerusso/pulls/x-systemd-wantedby-requiredby
  * update TODO
  * fstab-generator: line break a bit more systematically
  * cryptsetup-generator: break overly long line
  * cryptsetup-generator: order after cryptsetup-pre.target unconditionally
  * units: introduce blockdev@.target for properly ordering mounts/swaps against cryptsetup
  * core: drop _pure_ from static functions
  * core: let's be defensive, /dev/nfs is also a special mount source, filter it out
  * swap: generate automatic dependencies also for /proc/swaps devices
  * core: downgrade swap → device dep to Requires=
  * core: add implicit ordering dep on blockdev@.target from all mount units
  * man: document blockdev@.target
  * loginctl: use /org/freedesktop/login1/session/auto when "lock-session" is called without argument
  * shared: split out polkit stuff from bus-util.c → bus-polkit.c
  * logind: check PolicyKit before allowing VT switch
  * update TODO
  * update TODO
  * TODO: add various items as result from devconf.cz 2020 discussions
  * Merge pull request #14673 from keur/protect_clock
  * Merge pull request #14675 from yuwata/network-dhcp-accept-nul
  * Merge pull request #14667 from yuwata/boot-random-seed-mode
  * man: enclose C type names in <type></type>
  * man: describe types slightly more accurately
  * man: clarify that we decode D-Bus bools as "int", not as C99 "bool"
  * man: document that sd_bus_message_read_array() only supports trivial types
  * Merge pull request #14594 from keszybz/id128-show-gpt
  * Merge pull request #14685 from poettering/sd-bus-bool-as-int
  * mkosi: add fdisk-devel, openssl-devel, libpwquality-devel, p11kit-devel and efsck to build
  * home: add new systemd-homed service that can manage LUKS homes
  * home: add homectl client tool
  * home: add pam_systemd_home.so PAM hookup
  * test: add test case for homed
  * sleep: automatically lock all home directories when suspending
  * man: add homectl(1) man page
  * man: add systemd-homed man page
  * man: document pam_systemd_home
  * docs: document homed UID range
  * docs: document the home directory format
  * ci: add new dependencies to CI
  * update TODO
  * fs-util: when calling chase_symlinks() with root path, leave root part unresolved
  * test: add test for the non-resolving of chase_symlink() root prefix
  * fs-util: make sure we output normalized paths in chase_symlinks()
  * test: make sure chase_symlink() returns normalized paths
  * test: fix rename_noreplace() test
  * NEWS: start preparing v245
  * NEWS: more v245 preparation
  * id128: change table header from "uuid" to just "id"
  * update TODO
  * update TODO
  * dissect: complain if partition flags are set that we don't know
  * dissect: optionally, run fsck before mounting dissected images
  * dissect: add --fsck= option to systemd-dissect tool
  * nspawn: fsck all images when mounting things
  * core: fsck images specified as RootImage= too before using them
  * update TODO
  * update TODO
  * journald: why bitwise XOR when boolean != is easier to read?
  * journald: add missing logging for some errors
  * journald: use free_and_replace() where appropriate
  * journald: fix indentation
  * journald: don't bother with seqnum file if we don't read form /dev/kmsg anyway
  * journald: specifying _pure_ on static functions is unnecessary, compiler can figure that out on its own
  * journald: let's use unlink_and_free() where we can
  * journald: let's use TAKE_PTR() and TAKE_FD() where appropriate
  * journald: line break overly long function header
  * journald: use structured initialization
  * journald: hide current storage determination in helper call
  * journald: simplify find_journal() a bit
  * journald: let's simplify rotating of offline user journals
  * journald: minor coding style updates
  * journald: when create journal directories use calculated paths
  * journald: allow running multiple instances of journald
  * units: add unit files for instantiated journal daemons
  * string-util: add brief explanatory comment
  * core: add new LogNamespace= execution setting
  * journalctl: move pcre function code down
  * journalctl: use log_error_errno() wherever we can
  * journalctl: use automatic memory cleanup
  * journal: properly mark two definitions that are deprecated with GCC attributes for that
  * journalctl: use an anonymous array when an array is needed
  * journal: use structured initialization
  * journal: allow opening journal files specific to some namespace
  * journal: make constant argument actually 'const'
  * journalctl: add new --namespace= switch for showing logs for namespace
  * journalctl: drop misplaced empty line
  * systemctl: show logs for correct namespace of service
  * journald: add logging for one error we lacked logging for
  * journald: use structured initialization
  * varlink: add API for determining number of current connections
  * varlink: add ability to register callback for disconnections
  * journald: add exit on idle
  * journald: add ability to activate by varlink socket
  * test: add simple test for log namespaces
  * tmpfiles: merge lines for the same inodes
  * tmpfiles: apply ACLs to top-level journal directory in /run, too
  * units: sort settings in systemd-journald.service again
  * units: define RuntimeDirectory= in systemd-journald.service
  * journalctl: underline sections in --help
  * man: document journald namespaces
  * man: document journald@NAMESPACE.conf
  * man: document new _NAMESPACE= journal field
  * man: document LogNamespace= unit setting
  * man: document the new sd_journal_open_namespace() API
  * man: document --namespace= switch of journalctl
  * update TODO
  * Merge pull request #14178 from poettering/journal-namespace
  * Merge pull request #14719 from yuwata/sd-boot-fix-warnings
  * Merge pull request #14699 from yuwata/dhcp6-fix-t1-t2
  * Merge pull request #14645 from keszybz/sd-bus-message-dump
  * update NEWS
  * bus-polkit: rename return error parameter to ret_error
  * polkit: reuse some common bus message appending code
  * polkit: on async pk requests, re-validate action/details
  * polkit: use structured initialization
  * sd-bus: introduce API for re-enqueuing incoming messages
  * polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it
  * man: document the new sd_bus_enqueue_for_read() API call
  * userwork: fix signal worker sends to manager requesting more workers
  * Merge pull request #15251 from keszybz/coverity-fixes
  * Merge pull request #14853 from floppym/issue9806
  * Merge pull request #15194 from keur/import_pull_etag
  * Merge pull request #13084 from ddstreet/log_time
  * Merge pull request #15197 from ssahani/smtp-dhcp
  * user-util: switch order of checks in valid_user_group_name_or_id_full()
  * units: do not pull in home.mount from systemd-homed.service
  * man: mention that stdout logging works the same as stderr logging
  * homed: fall back to ftruncate() if fallocate() is not supported on backing fs
  * Merge pull request #15238 from rpls/canfd
  * update TODO
  * string-util: some minor coding style updates
  * string-util: make sure we eat even half complete words in split()
  * string-util: make clear that split() + FOREACH_WORD() should die
  * update TODO
  * Revert "units: make systemd-repart.service installable"
  * units: run systemd-repart only if there's configuration for it
  * capability: don't skip ambient caps setup if we actually have something to set
  * Merge pull request #15298 from keszybz/show-property-value
  * Merge pull request #15349 from keszybz/doc-work
  * Merge pull request #14930 from tomhughes/dnssec-canonicalise
  * preset: let's clean up preset list a bit
  * units: pull in systemd-pstore.service from sysinit.target
  * core: automatically add dependency on systemd-remount-fs.service if StateDirectory= is used
  * units: drop dependency on systemd-remount-fs.service from systemd-pstore.service
  * units: drop systemd-remount-fs.service dependency from more services
  * units: make sure systemd-pstore stops at shutdown
  * userdbctl: drop redundant user name validity check
  * user-util: rework how we validate user names
  * docs: add a longer document explaining our rules on user/group names
  * docs: hook up the new USER_NAMES document everywhere
  * catalog: add entry for SD_MESSAGE_UNSAFE_USER_NAME
  * terminal-util: fixate underlined yellow color too
  * test-terminal-util: fix typo
  * Merge pull request #15234 from ssahani/mud-lldp
  * man: correct the default slice for systemd-run units
  * sleep: improve log msg slightly
  * btrfs-util: define helper that creates a btrfs subvol if we can, and a directory as fallback
  * import: use our new btrfs_subvol_make_fallback() at two places
  * homed: when creating home directory as btrfs inside luks volume, place subvol inside it
  * Merge pull request #15345 from keszybz/systemctl-show-spaces
  * pam-systemd-home: drop redundant newline
  * userdb: when doing client-side NSS look-ups optionally avoid shadow look-ups
  * logind: avoid shadow lookups when doing userdb client side
  * man: reference pam_systemd_home man page from systemd-homed man page
  * Merge pull request #15332 from keszybz/coredump-filter
  * Merge pull request #15318 from fbuihuu/inherit-umask-for-user-units
  * Merge pull request #15352 from poettering/user-group-name-valdity-rework
  * docs: add missing dash
  * docs: fix typo now → not
  * bootctl: fix assert issue
  * docs: add brief document how to convert home directories to homed
  * man: extend documentation of the suspend= switch of pam_systemd_home
  * docs: add some documentation about hooking up userdb/homed to desktop environments
  * docs: introduce documentation category for user/group stuff
  * Merge pull request #15397 from ssahani/vxlan
  * Merge pull request #15411 from ssahani/systemd-issue-15375
  * fileio: fileno() can realistically return -1
  * fileio: optionally allow telling read_line_full() whether we are processing a tty or not
  * fileio: extend comment a bit
  * hwdb: optimize isatty()-per-line away
  * update TODO
  * core: make sure ProtectHostname= is handled gracefully in containers lacking seccomp
  * locale-util: add support for lock+key emoji
  * locale-util: export emoji_enable() for other code to use
  * ask-password: prefix password questions with lock and key emoji
  * ask-password-api: reword some debug messages
  * man: update os-release(5) to use 24bit ANSI color in example
  * Merge pull request #15431 from poettering/lock-and-key-emoji
  * Merge pull request #15441 from sartura/src/analyze
  * Merge pull request #15437 from keszybz/man-nss-resolve
  * units: use correct path to refer to plymouth
  * Merge pull request #15448 from keszybz/logind-avoid-polkit-query
  * resolved: tone down comment in /run/systemd/{stub-,}resolve.conf
  * Merge pull request #15454 from keszybz/codespell-fixes
  * journald: add configuration option for enabling/disabling audit during journald startup
  * errno-util: let's beef up ERRNO_IS_NOT_SUPPORTED() with socket not supported errors
  * Merge pull request #15459 from keszybz/remove-seat_can_multi_session
  * Merge pull request #15396 from keszybz/dbus-api-docs
  * Merge pull request #15444 from poettering/audit-enable
  * Merge pull request #15463 from keszybz/resolvectl-query-formatting
  * Merge pull request #15314 from keszybz/network-server-access-functions
  * Merge pull request #15495 from keszybz/resolve-debugging-and-stub-handling
  * man: document how to get the boot menu with zero time-out
  * Merge pull request #15505 from keszybz/man-sd-hwdb-sd-journal
  * core: automatically add udev dependency for units using RootImage=
  * log-control-api: add generic D-Bus interface for querying/setting log level/target
  * resolved: replace private log level control API with generic one
  * tree-wide: implement new log control API dbus interface in all our daemons
  * core: use generic implementations of log level/target bus propertier getters
  * core: implement generic log control API in PID1 too
  * update TODO
  * core: minor error code handling fixes
  * resolve: move resolv.conf path definitions to shared header
  * nspawn: beef up --resolve-conf= modes
  * man: document the new --resolv-conf= options
  * core: some minor clean-ups/modernizations
  * core: make sure to restore the control command id, too
  * man: document that VirtualEthernetExtra= has nothing to do with Bridge=
  * core: make sure we don't get confused when setting TERM for a tty fd
  * nspawn: some minor modernizations
  * sd-bus: work around ubsan warning
  * acpi-fpdt: mark structures as packed
  * nspawn: minor simplification
  * nspawn: refuse politely when we are run in the non-host netns in combination with --image=
  * sd-journal: don't check namespaces if we have no namespace to go by
  * socket-util: add recvmsg_safe() wrapper that handles MSG_CTRUNC
  * tree-wide: use recvmsg_safe() at various places
  * run: don't wait for start job to complete when running interactively anyway
  * Merge pull request #15538 from poettering/nspawn-no-netns
  * macro: add READ_NOW() macro for force reading of memory, making a copy
  * journal-file: avoid risky subtraction when validity checking object
  * journal: use a bitfield where appropriate
  * journal: use structured initialization for Location structure
  * memory-util: add missing () in macro evaulation
  * journal: don't assert on mmap'ed object type
  * journal: several minor coding style fixes/clean-ups
  * journal: make sure to explicitly copy out values of mmap before doing arithmetics on them
  * journal: no need to check offset twice, journal_file_move_to_object() does it again
  * Merge pull request #15544 from poettering/fix-journalctl-namespace
  * Merge pull request #15543 from poettering/fix-ubsan-sd-bus
  * udev: prepare memory for extra NUL termination for NULSTR
  * udev: use STR_IN_SET() wher eit makes sense
  * sysusers: add accidentally forgotten 'return'
  * sysusers,tmpfiles: always mention error when failing to replace specifiers
  * stat-util: no need to open a file to check fs type
  * stat-util: add simpler helper for checking if /proc/ is mounted
  * tmpfiles: if we get ENOENT when opening /proc/self/fd/, check if /proc is mounted
  * update TODO
  * Merge pull request #15472 from keszybz/dbus-api-docs
  * shared: add common helper for unregistering all binfmt entries
  * shutdown: unregister all binfmt_misc entries before entering shutdown loop
  * binfmt: modernize code a bit
  * binfmt: also unregister binfmt entries from unit
  * man: document binfmt's new --unregister switch
  * Merge pull request #15504 from poettering/cmsg-find-pure
  * tree-wide: use cmsg_find() helper at various places where appropriate
  * socket-util: introduce type-safe, dereferencing wrapper CMSG_FIND_DATA around cmsg_find()
  * Merge pull request #15561 from poettering/udev-memdup-fix
  * Merge pull request #15563 from keszybz/wait-callback-tweak
  * networkd: don't do lldp rx nor tx on bond devices
  * home: fix strv NUL termination
  * Merge pull request #15566 from poettering/destroy-binfmt
  * nss-systemd: don't synthesize root/nobody when iterating
  * dhcp-client: port to recvmsg_safe()
  * icmp6-util: port to recvmsg_safe()
  * dhcp-server: port to recvmsg_safe()
  * tree-wide: use structured initialization at various places
  * update TODO
  * nspawn: be more careful with creating/chowning directories to overmount
  * main: bump RLIMIT_MEMLOCK by physical RAM size
  * update TODO
  * tree-wide: support a bunch of additional specifiers
  * man: document new specifiers
  * update TODO
  * tmpfiles: use log_syntax() for all parse errors
  * tmpfiles: remove unnecessary assert
  * Merge pull request #15628 from poettering/tmpfiles-fuzz-fix
  * json: when making a copy of a json variant, propagate the sensitive bit
  * home: mark various bus messages we write user records to as sensitive
  * home: make sure whenever we touch the 'secret' part of a user record, we set the the sensitive flag on it
  * Merge pull request #15630 from nabijaczleweli/symmetric-buffers
  * efi: cache test results of boolean EFI state functions
  * efi: honour SYSTEMD_EFI_OPTIONS even if we wouldn't honour SystemdOptions EFI var due to SecureBoot
  * notify: beef up --pid= logic
  * Merge pull request #15592 from kennylevinsen/fdpoll-standalone
  * Merge pull request #15547 from kkdwivedi/notify-barrier
  * basic: add STRCASE_IN_SET() which is to STR_IN_SET() what strcaseeq() is to streq()
  * format-table: generate better JSON field names
  * systemctl: optionally output tables in JSON format
  * calendarspec: encode that it's OK to store µs in 'int's
  * calendarspec: pack our flags a bit
  * calendarspec: drop _pure_ from static function
  * calendarspec: minor simplification
  * calendarspec: be more graceful with two kinds of calendar expressions
  * man: expand on the star…end/repetition time expressions
  * journal: use set_contains() where appropriate
  * journalctl: optionally, show a different field than MESSAGE in -o cat mode
  * man: document the new -o cat feature
  * logs-show: declare [static 2] on all highlight parameters
  * shutdown: fix spacing in shutdown error message
  * man: migrate more specifier explanations to standard-specifiers.xml
  * Merge pull request #15692 from keszybz/preset-cleanup
  * sysusers: be extra careful when locking accounts
  * format-table: display an empty strv cell the same way as an empty cell
  * systemctl: show empty cells as '-'
  * systemctl: change column name in "list-sockets" out from "units" to "unit"
  * systemctl: let's tweak how we synthesize a cell for activating unit
  * systemctl: ensure underline for "list-unit-files" empty cells
  * format-table: support coloring the gap right of each cell individually
  * systemctl: underline whole rows, gapless
  * login: include pam_systemd_home.so in the default PAM snippet we ship for user@.service
  * man: highlight relevant lines in pam_systemd_home.so example PAM snippet
  * man: bring example PAM snippet of pam_systemd and pam_systemd_home back in sync
  * homed: open up home dir Acquire operation to unpriv clients
  * homectl: show disk free in percent in 'inspect'
  * tree-wide: use CMSG_SPACE() (and not CMSG_LEN()) to allocate control buffers
  * tree-wide: remove redundant assignments
  * tree-wide: make sure our control buffers are properly aligned
  * man: document homed key management
  * update TODO
  * homed: allow overriding homework path via env var
  * user-record: add new field for requesting LUKS discard on logout
  * homectl: add option for controlling new luksOfflineDiscard user record field
  * homework: run fitrim or fallocate on logout based on the new user record property
  * docs: document the new offline discard logic
  * update TODO
  * tmpfiles: optionally, read /etc/passwd + /etc/group without NSS
  * sysusers/tmpfiles: use --root=/ as way to force offline operation (i.e.  without NSS)
  * man: document the new tmpfiles --root= behaviour regarding users
  * Merge pull request #15714 from poettering/homed-key-mgmt-doc
  * locale-util: add new helper locale_is_installed()
  * test: add test case for locale_is_installed()
  * tree-wide: port various bits over to locale_is_installed()
  * meson: re-run ninja update-man-rules
  * Merge pull request #15713 from poettering/home-discard-when-offline
  * Merge pull request #15745 from keszybz/one-more-specifier
  * update TODO
  * fs-util: add helper path_is_encrypted() that checks if a file system is encrypted
  * user-record: split out code that generates automatic image path for records
  * home: when adding a binding for a user record, use common code for determining automatic image path
  * homed: tweak logic for picking a default storage and file system
  * homed: move supported_fstype() to home-util.c
  * homed: make default storage/file system type configurable in homed.conf
  * man: document homed.conf
  * update TODO
  * homectl: color disk free output if low on free space
  * update TODO
  * update TODO
  * fs-util: beef up path_is_encrypted() to deal with LVM block devices
  * update TODO
  * random-util: actually encode our expectations on RAND_MAX
  * random-util: use ERRNO_IS_NOT_SUPPORTED() macro
  * random-util: make use of GRND_INSECURE when it is defined
  * update TODO
  * man: mention the exclamation mark and minus sign literally, to make things searchable
  * tmpfiles: clarify that "!" lines are filtered before collisions are checked
  * seccomp-util: add new syscalls from kernel 5.6 to syscall filter table
  * man: clarify that exit status name mappings are unaffected by SuccessExitStatus=
  * Merge pull request #15460 from elmarco/network-dhcp-resolve1
  * netlink: port to recvmsg_safe()
  * man: run man/update-dbus-docs again
  * homed: fix parameter names on D-Bus methods
  * man: document homed D-Bus API
  * pam_systemd_home: use correct macro for converting ptr to fd
  * pam_systemd: drop unused uid argument from export_legacy_dbus_address()
  * pam_systemd: also print debug lines when ending a session
  * update TODO
  * Merge pull request #15785 from poettering/pam-sudo-fixes-part1
  * pam_systemd/pam_systemd_home: rework how we cache user records
  * pam_systemd_home: also store acquirement fd per user
  * core: don't bind varlink socket if running in test mode
  * update TODO
  * systemctl: fix indentation of 'Active:' field in status output
  * stat-util: add stat_inode_unmodified() helper that checks if an inode was modified
  * resolved: port to stat_inode_unmodified()
  * sd-bus: introduce new SD_BUS_VTABLE_ABSOLUTE_OFFSET vtable flag
  * man: complete vtable flag documentation
  * journald: use log_warning_errno() where appropriate
  * journald: rework end of line marker handling to use a field table
  * journald: use the fact that client_context_release() returns NULL
  * journald: rework pid change handling
  * man: document the new _LINE_BREAK= type
  * Merge pull request #15801 from poettering/journal-pid-change-fix
  * Merge pull request #15660 from benjarobin/perf_barrier_fd
  * Merge pull request #15765 from benjarobin/fix_kw
  * sd-dhcp-server: some function prototype fix-ups
  * man: document $LOG_NAMESPACE
  * sysctl: check correct error code
  * repart: explain when we exit early and don't do a thing
  * repart: suppress complaints about lack of BLKRRPART when operating on regular file
  * repart: add support for create/growing loopback files
  * test: update tests to use new repart features
  * man: document new --empty=create and --size= switches to repart
  * update TODO
  * man: drop some left-over mentions of StandardOutput=syslog
  * core: automatically update StandardOuput=syslog to =journal (and similar for StandardError=)
  * Merge pull request #15265 from fbuihuu/mount-fixes
  * condition: add ConditionPathIsEncrypted=
  * condition: introduce generic function type for condition_to_string()-like functions
  * condition: return (Condition*) NULL from condition_free()
  * limit-util: quieten a very common debug message that is misleading
  * condition: add ConditionEnvironment=
  * man: document the two new condition types
  * update TODO
  * udev: get rid of "Could not set flow control of" message on "lo" interface
  * Merge pull request #15817 from poettering/more-conditions
  * update TODO
  * blockdev: propagate one more unexpected error
  * makefs: log about OOM condition
  * dissect: use log_debug_errno() where appropriate
  * blockdev: add helper for locking whole block device
  * condition: check if path is absolute first
  * condition: add debug log messages on unexpected errors
  * condition: downgrade a few log messages to debug
  * condition: when reading /etc/ modification timestamp, let's actualy compare it as-is
  * proc-cmdline: add some explanatory comments
  * condition: allow overriding of ConditionNeedsUpdate= on the kernel command line
  * condition: reverse if check to lower indentation level
  * condition: debug log if F_OK check on /run/systemd/first-boot fails unexpectedly
  * condition: introduce systemd.condition-first-boot= kernel command line switch
  * main: add a kernel command line option for setting the system clock early during boot
  * core: allow overriding the system hostname with systemd.hostname= on the kernel command line
  * update TODO
  * makefs: lock device while we operate
  * makefs: normalize logging a bit
  * cryptsetup-generator: use systemd-makefs for implementation of "swap" and "tmp" options
  * hostnamed: don't cache uname() data
  * hostnamed: don't cache system UUID
  * hostnamed: call our destructor _destroy(), not _clear()
  * dhcp6: slightly improve log message
  * Merge pull request #15810 from poettering/override-first-boot
  * busctl: use structured initialization
  * busctl: improve error messages on duplicate members/interfaces
  * homed: use right config section in example config
  * Merge pull request #15166 from ssahani/networkctl-ipvlan
  * test-fs-util: don't fail on btrfs file systems in containers
  * btrfs-util: tweak error code a bit
  * repart: don't insist on coming up on partition label ourselves
  * journalctl,elsewhere: make sure --file=foo fails with sane error msg if foo is not readable
  * Merge pull request #15848 from keszybz/small-doc-tweaks
  * Merge pull request #15845 from poettering/btrfs-encrypted-fix
  * fs-util: teach unlinkat_deallocate() a simple scheme for overwriting for erasing
  * cryptsetup: catch up with debian crypttab options a bit
  * cryptsetup: optionally remove key file after use
  * cryptsetup: split out key loading from pkcs11 code and teach search path logic
  * cryptsetup: automatically load luks keys off disk
  * cryptsetup: make sure to return EAGAIN on wrong tcrypt password too
  * cryptsetup: also check for /dev/hwrng as random device node
  * cryptsetup: fix minor memory leak
  * cryptsetup: optionally, see if empty password works for unlocking the file system
  * cryptsetup: fix minor indentation issue
  * man: document the newly acquired cryptsetup features
  * Merge pull request #15637 from poettering/cryptsetup-literal
  * update TODO
  * man_systemd_home: intrdouce SYSTEMD_HOME_SUSPEND env var
  * pam_systemd: clean up success path
  * udev: when random MACs are requested, generate them with genuine randomness
  * man: include sd_bus_message_handler_t prototype in synopsys of all man pages that reference the type
  * man: let's document explicitly that method reply handlers won't get ret_error set to method error
  * Merge pull request #15490 from ssahani/dhcpv6-vendor-class
  * proc-cmdline: fix return value clobbering in proc_cmdline_get_key()
  * proc-cmdline: add checking of EFI options variable in proc_cmdline_get_key_many() too
  * proc-cmdline: make checking of EFI options variable optional
  * Merge pull request #15868 from keszybz/fix-failed-to-fix-up-pid1-environment
  * homed: fix return value mix-up
  * rules: automatically pull in smartcard.target from all CCID devices
  * homed: return a better error when a home has no authentication information defined
  * fileio: sync directory after rename, too
  * homed: when updating local copy of user record, sync to disk
  * homed: automatically clean up empty user record files
  * homed: make sure we log about invalid user records we load
  * homed: fix typo
  * homed: also fsync private/public key pair when storing it
  * bus-util: actually register the object manager
  * homed: include error string when in log message if quota doesn't work
  * homed: don't insist on authentication against host-copy user record
  * tmpfiles: downgrade log message when we can't write a file and failure is allowed
  * tmpfiles: don't complain if we can't enable pstore in containers
  * Merge pull request #15872 from keszybz/networkd-types
  * Merge pull request #15167 from ssahani/address-gen-mode
  * json: use our regular way to turn off compiler warnings
  * tree-wide: use DISABLE_WARNING_FORMAT_NONLITERAL where appropriate
  * macro: introduce DISABLE_WARNING_TYPE_LIMITS and make use of it everywhere
  * json: turn off ubsan for json_variant_has_type()
  * unit-name: tighten checks for building valid unit names
  * unit-name: use TAKE_PTR() where appropriate
  * core: improve log messages when we cannot process a mount point
  * journal: expand variables up to PATH_MAX in size in catalog output
  * update TODO
  * Merge pull request #15862 from hunger/master
  * Merge pull request #15840 from Werkov/mkosi-opensuse
  * Merge pull request #15909 from keszybz/sd-network-serialization
  * Merge pull request #15906 from keszybz/busctl-stdout-stderr
  * fstab-util: prefix return parameters with ret_
  * cryptsetup: support tmp= file system argument
  * Merge pull request #15920 from keszybz/userwork-proc-title
  * update TODO
  * Revert "presets: "disable" all passive targets by default"
  * tmpfiles: deal with kernel errno change if quota is not enabled
  * units: don't set PrivateNetwork= in systemd-homed.service
  * gpt: include homed GPT partition type in well-known partition table
  * core: warn if KillMode=none is used
  * man: document that KillMode=none is a bad idea
  * units: remove KillMode=process in our regular gettys
  * core: also log about left-over processes during unit stop
  * core: some more structured initialization
  * core: voidify one function return
  * sysv: use structured initialization
  * sysv: generate warning for every SysV service lacking a native systemd unit
  * update TODO
  * efivars: log whenever an EFI variable read access is slow
  * Merge pull request #15853 from poettering/tmp-argument
  * run: when waiting for unit, also check if no job is pending anymore
  * Merge pull request #15928 from poettering/kill-mode-warnings
  * Merge pull request #15934 from keszybz/docs-and-test-fix
  * udev: when the BSD lock on a block device is taken, don't complain
  * Merge pull request #15226 from benzea/benzea/xdg-autostart-generator
  * Merge pull request #15669 from andir/systemd-ipv6-pd-subnet-id
  * socket-util: add generic socket_pass_pktinfo() helper
  * core: add new PassPacketInfo= socket unit property
  * networkd: clean up NETLINK_PKTINFO vs. SO_PASSCRED confusion
  * resolved: tweak cmsg calculation
  * pam_systemd: be more thorough when validating runtime paths
  * pam_systemd: set legacy D-Bus path only if the runtime directory is validated
  * Merge pull request #15893 from DaanDeMeyer/firstboot-overwrite
  * Merge pull request #15882 from poettering/pam-sudo-fixes-part4
  * tree-wide: remove spurious whitespace
  * start NEWS file for v246
  * hwdb: whitespace fix
  * libsystemd: properly export new sd_notify_barrier() API call
  * udev: catch genuine_random_bytes() failures
  * homed: enable userdb too if homed is requested
  * xdg-autostart: fix two coverity found issues
  * path: use ROOTPREFIX properly
  * sd-path: drop "-dir" and "-path" suffixes from path enums
  * update TODO
  * sd-device: check netlink netns matches host netns before using monitor
  * catalog: normalize how we link to documentation
  * locale-util: add glyph for external links
  * pretty-print: export urlify_enabled()
  * journal: show documentation hyperlink if known in log output
  * logs: strndupa() cannot fail
  * man: briefly document the DOCUMENTATION= structure log field
  * update NEWS
  * efi: cache LoaderEntries EFI variable
  * efi: avoid weirdly double }} by indenting differently
  * efi: cache OsIndicationsSupported
  * efi: as extra paranoia NUL terminate UTF-16 strings with three NUL bytes
  * efi: explicitly update mtime of EFI variables when changing them
  * efi: cache OsIndications too
  * bootctl: show reboot-to-firmware info, too
  * bootctl: add simple, low-level reboot-to-firmware verb for controlling the flag
  * efi: add more logging for all EFI variable reads
  * Merge pull request #15954 from keszybz/unit-file-leak
  * update TODO
  * stat-util: trivial empty_or_null() tweaks
  * sd-dhcp: clean-up of DHCP lease server code
  * update TODO
  * fd-util: be more careful with fclose() errnos
  * Merge pull request #15996 from yuwata/network-dhcp6-route-metric-15295
  * fs-util: add stat_warn_permissions() that operates on struct stat instead of fd
  * conf-parse: fix pretty bad typo
  * conf-parser: return mtime in config_parse() and friends
  * core: remove support for ".include" stanza
  * seccomp: filter openat2() entirely in seccomp_restrict_sxid()
  * Merge pull request #16056 from keszybz/minor-doc-updates
  * parse-util: allow tweaking how to parse integers
  * parse-util: allow '-0' as alternative to '0' and '+0'
  * parse-util: make return parameter optional in safe_atou16_full()
  * parse-util: rewrite parse_mode() on top of safe_atou_full()
  * user-util: be stricter in parse_uid()
  * parse-util: rewrite parse_uid_range() on top of parse_uid()
  * parse-util: also parse integers prefixed with 0b and 0o
  * tests: beef up integer parsing tests
  * test: add test for parse_uid_range()
  * udev: optionally mark all block devices read-only as they pop up
  * units: tweak udev unit descriptions
  * man: single-char parameters take no '='
  * Merge pull request #16092 from yuwata/network-accept-local-16090
  * update TODO
  * Merge pull request #16047 from poettering/udev-ro-block
  * Merge pull request #15953 from keszybz/gdb-script
  * Merge pull request #16073 from keszybz/shell-completion
  * Merge pull request #16080 from YmrDtnJu/9p
  * cryptsetup: try to load bitlocker superblock only if requested
  * cryptsetup: pass selected mode to crypt_load() when doing LUKS
  * Merge pull request #16074 from msekletar/freezer-test-flakes
  * udevd: use cpus_in_affinity_mask()
  * udev: set fewer process properties
  * mkdir: use log_full_errno() where appropriate
  * login: use ERRNO_IS_PRIVILEGE() where appropriate
  * inaccessible: move inaccessible file nodes to /systemd/ subdir in runtime dir always
  * Merge pull request #16046 from bluca/dissect_squashfs_verity
  * Merge pull request #16058 from Werkov/fix-memory-protection-default
  * tree-wide: check POLLNVAL everywhere
  * docs: point contributors to list of most recent systemd releases
  * pager: set PR_DEATHSIG for pager to SIGINT rather than SIGTERM
  * update TODO
  * Merge pull request #15940 from keszybz/names-set-optimization
  * tree-wide: port to fd_wait_for_event()
  * sleep-config: add more debug logging
  * sleep-config: return correct error code
  * sleep: clean up debug/error logging
  * sleep-config: downgrade log level in can_s2h()
  * sleep-config: modernize destructors
  * sleep: pass error we see to log function
  * Merge pull request #16124 from ssahani/dhcpv6-duid
  * Merge pull request #16137 from poettering/sleep-fixlets
  * hwdb: generate a hwdb file instead of rules for autosuspend
  * update TODO
  * README: add reference to systemd.io
  * update TODO
  * repart: add simple specifier expansion in Label=
  * repart: if now minimal size is specified, default to 10M
  * USER_RECORD: fix typo
  * network: clean-up DHCP lease server data configuration
  * Merge pull request #16208 from yuwata/udev-fix-16207
  * Merge pull request #16191 from poettering/repart-spec
  * Merge pull request #16239 from keszybz/cleanups
  * Merge pull request #15926 from fbuihuu/rework-show-status
  * Merge pull request #16059 from keszybz/resolve-single-label-names
  * Merge pull request #16179 from keszybz/auto-suspend-hwdb
  * selinux-util: tweak log_enforcing_errno() to return the errno passed in or 0 when in non-enforcing mode
  * nspawn: mkdir selinux mount point once, but not twice
  * man: s/PROGRAMM/PROGRAM/
  * man: replace perl bug tracker link that went away with link to paper
  * util: add dlfcn-util.h
  * nss-systemd: skip /etc/gshadow look-ups when we just need the GID of a group
  * userdb: replace recursion lock
  * Merge pull request #16223 from cgzones/user_selinux
  * Merge pull request #16112 from poettering/nss-systemd-block-fix
  * random-seed: use ERRNO_IS_NOT_SUPPORTED() where appropriate
  * pid1: don't apply "systemd.clock_usec" kernel cmdline parameter outside of PID 1
  * random-util: add common helper random_write_entropy() for crediting entropy to the kernel's pool
  * core: add new systemd.random_seed= kernel command line option for seeding entropy pool
  * man: document systemd.random-seed=
  * update TODO
  * Merge pull request #16106 from yuwata/network-tc-ets
  * Merge pull request #16093 from yuwata/network-htb-add-settings-15213
  * tree-wide: avoid some loaded terms
  * dlfcn-util: add dlsym_many_and_warn() helper
  * qrcode: modernize code a bit
  * journalctl: don't print QR codes if we can't/shan't use colors
  * journalctl: set and log about all fss file flags individually
  * journalctl: make libqrencode a weak dependency
  * hostnamed: don't cache local hostname either
  * hostnamed: minimize caching of /etc/hostname, /etc/os-release and /etc/machine-info
  * Merge pull request #16249 from bluca/root_verity_sig
  * Merge pull request #16257 from keszybz/two-fuzzer-issues
  * macro: add CONST_MIN() similar to CONST_MAX()
  * journal: fix definition of _OBJECT_COMPRESSED_MAX
  * journal-file: use FLAGS_SET where appropriate
  * journal: store NE hash instead of LE hash in Match object
  * journal-file: simplify boot ID acquiring
  * journal-file: also show field hash table size in debug output
  * journal-file: rename return parameters to ret_xyz
  * journal: rename hash64() to jenkins_hash64()
  * journal: make signature arrays const
  * journal: use a different hash function for each journal file
  * journal-file: when individual hash chains grow too large, rotate
  * journal: support zstd compression for large objects in journal files
  * docs: import journal file format docs from fdo wiki
  * docs: document the new journal file format additions
  * tree-wide: add new HAVE_COMPRESSION compile time flag
  * coredump: use log_error_errno() where appropriate
  * compress: do something roughly reasonable when building without compressor
  * update TODO
  * repart: add new CopyBlocks= setting
  * update TODO
  * tmpfile-util: typo fixes
  * efi-loader: cache LoaderConfigTimeoutOneShot too
  * logind: also cache LoaderEntryOneShot EFI variable
  * NEWS: add more items for 246
  * JOURNAL_FILE_FORMAT: minor markdown fixes
  * Merge pull request #16281 from poettering/logind-cache-more-efi
  * update TODO
  * update TODO
  * pid1: warn if people use User=nobody (#16293)
  * shared: split out BusObjectImplementor APIs
  * shared: actually move all BusLocator related calls to bus-locator.c
  * shared: split out code that maps properties to local structs
  * shared: split out code for printing properties
  * shared: split out property get helpers
  * update TODO
  * locale-util: add support for touch emoji
  * macro: add new FOREACH_POINTER() macro magic
  * pkcs11-util: reduce scope of a variable
  * homectl: add missing log messages when json_variant_format() fails
  * user-record: securely erase pkcs#11 when assigned NULL too
  * user-record: rename JSON field "pkcs11Pin" to "tokenPin"
  * build-sys: add libfido2 as optional dependency
  * user-record: add fields for FIDO2 HMAC authentication options
  * homectl: add support for enrolling FIDO2 HMAC-SECRET tokens
  * homed: add support for authenticating with fido2 hmac-secret tokens
  * pam-systemd-home: print helpful message when token's PIN is locked
  * homectl: show touch emoji when asking for PKCS#11 protected auth path
  * homectl: do generic error handling/retry also when creating a home directory
  * homectl: rework how we log when doing a home directory update
  * homectl: split out pkcs#11 related code bits into own .c/.h file
  * homectl: add acquired fido2 PIN to user record
  * homectl: add --pkcs11-uri=auto and --pkcs-11-uri=list support
  * docs: document new FIDO2 user record fields
  * man: update homectl man page with documentation for new features
  * update TODO
  * Merge pull request #16344 from keszybz/update-utmp-erofs
  * namespace-util: introduce helper for combining unshare() + MS_SLAVE remount
  * mount-util: add destructor helper that umounts + rmdirs a path
  * mount-util: use UMOUNT_NOFOLLOW in recursive umounter
  * firstboot: add --image= switch
  * man: document the new --image= switch of systemd-firstboot
  * firstboot: add option to turn off welcome text display
  * TODO
  * update TODO
  * update NEWS
  * Merge pull request #16385 from JackFangXN/master
  * NEWS: drop duplicate entry, add --image= entry
  * udevadm: beef up deprecation log warning
  * update TODO
  * analyze: make testing ConditionPathExistsGlob= work
  * update TODO
  * docs: permit user/group services that do not support enumeration
  * process-util: make sure procfs_file_alloca() works for non-literal field names too
  * machined: refactor UID/GID machine translation
  * machined: implement user/group lookup varlink API in machined too
  * man: document new varlink service
  * nss-mymachines: drop support for UID/GID resolving
  * update TODO
  * logs: when embedding catalog info in log output use a dash of color and unicode
  * update TODO
  * core: fix invalid assertion
  * mountpoint-util: fix error handling
  * load-fragment: downgrade log messages we ignore to LOG_WARNING
  * execute: fix if check
  * machine: fix if check
  * Revert "selinux: cache enforced status and treat retrieve failure as enforced mode"
  * man: don't claim environment.d/ was about sessions
  * man: GNOME is usually capitalized
  * man: configuration files contain assignments, no directories
  * Merge pull request #16485 from bluca/nspawn_os_release_mounts
  * fileio: add explicit flag for generating world executable warning when reading file
  * fileio: add support for read_full_file() on AF_UNIX stream sockets
  * fileio: allow to read base64/hex data as strings
  * tree-wide: use READ_FULL_FILE_CONNECT_SOCKET at various places
  * fileio: add brief explanations for flags
  * dlfcn-util: add dlsym_many_and_warn() helper
  * journalctl: make pcre2 a dlopen() dependency
  * update TODO
  * import: always prefer GNU tar, to avoid cmdline incompatibilities
  * Merge pull request #16504 from poettering/read-file-ipc
  * update NEWS
  * time-util: rework clock conversion logic
  * test: add basic test for clock mapping
  * core: don't acquire dual timestamp needlessly if we don't need it in .timer handling
  * user-util: indentation fix
  * update TODO
  * offline-passwd: use chase_symlinks()
  * acl-util: fix error handling in add_acls_for_user()
  * coredump: port to use common add_acls_for_user()
  * Merge pull request #16407 from bluca/verity_reuse
  * execute: take ownership of more fields in ExecParameters
  * Merge pull request #16542 from keszybz/make-targets-fail-again
  * Merge pull request #16496 from DaanDeMeyer/firstboot-shell
  * update NEWS
  * nspawn: fix MS_SHARED mount propagation for userns containers
  * firstboot: don't create /etc/passwd with mode 000
  * core: clean more env vars from env block pid1 receives
  * Merge pull request #16561 from yuwata/test-ordered-set
  * nspawn: add missing spdx header
  * nspawn: rework how /run/host/ is set up
  * update TODO
  * sd-event: add relative timer calls
  * man: document new relative time APIs in sd-event
  * tree-wide: make use of new relative time events in sd-event.h
  * update TODO
  * Merge pull request #16576 from keszybz/bump-tmp-size
  * Merge pull request #16590 from keszybz/test-fs-util-relax
  * Merge pull request #16585 from yuwata/network-dhcp6-fixes
  * units: upgrade initrd check Conditions to Asserts
  * units: downgrade Requires= to Wants=
  * man: fix link markup
  * meson: run 'ninja man/update-man-rules' again
  * repart: log fixes
  * path-util: make use of TAKE_PTR() where we can
  * loop-device: implicitly sync device on detach
  * update TODO
  * home: use ID128_UUID_STRING_MAX where appropriate
  * update TODO
  * Merge pull request #16556 from keszybz/test-terminal-colors
  * tmpfiles: add new switch -E for quickly excluding /proc, /dev, /sys and /run
  * tmpfiles: we don't support the combination of --root and --user, hence refuse it
  * tmpfiles: properly prefix paths in debug outputs
  * firstboot: move --image= logic into common code
  * tmpfiles: support --image= similar to --root=
  * sysusers: add support for a --image= switch
  * journalctl: add --image= switch
  * man: document the new --image= switches in journalctl/sysusers/tmpfiles
  * update TODO
  * update TODO
  * man: clarify that LogNamespace= is for system services only
  * update TODO
  * userdb: add "description" field to group records
  * core,home,machined: generate description fields for all groups we synthesize
  * docs: document new description field
  * update TODO
  * units: order systemd-user-sessions.service after home.mount
  * journalctl: in "-o cat" mode show color
  * user-util: add mangle_gecos() call for turning strings into fields suitable as GECOS fields
  * user-record: deal with invalid GECOS fields gracefully
  * Merge pull request #16682 from poettering/userdb-gecos-fix
  * Merge pull request #16684 from keszybz/assorted-cleanups
  * Merge pull request #16697 from yuwata/network-fix-suspend-issue
  * units: order volatile-root after repart
  * blockdev-util: add correct API for detecting if block device has partition scanning enabled
  * dissect: use new blockdev_partscan_enabled() API where appropriate
  * loop-util: use new LOOP_CONFIGURE ioctl
  * update TODO
  * man: fix incorrectly placed full stop
  * Merge pull request #16678 from poettering/loop-configure
  * firstboot: move --image= logic into common code
  * dissect: support --discard=list
  * mkdir: handle mkdir_p() of simple filename gracefully
  * dissect: optionally mkdir directory to overmount
  * copy: add copy_access() helper for copying access mode
  * dissect: add support for copying files in/out of image
  * dissect: show more information in output
  * dissect: load verity metadata earlier
  * dissect: beef up dissection output
  * dissect: properly propagate some relevant dissection errors
  * dissect: immediately close pipes when we determined we have no data for them
  * dissect: use recognizable error if we are supposed to mount an encrypted fs
  * dissect: introduce new helper dissected_image_mount_and_warn() and use it everywhere
  * dissect: show proper error strings for more errors
  * meson: move systemd-dissect to /usr/bin
  * man: document systemd-dissect
  * json: add helpers for dealing with id128 + strv
  * dissect: add support for outputting JSON
  * test: update tests to use new JSON output instead of human readable output
  * update TODO
  * Merge pull request #16612 from poettering/dissect-copy
  * namespace: fix minor memory leak
  * Merge pull request #16705 from bluca/verity_udev_wait
  * update TODO
  * README: fix indentation
  * man: move 'files' module in NSS 'hosts:' line before myhostname
  * socket-netlink: make address argument const
  * test: accept that char device 0/0 can now be created witout privileges
  * homed: downgrade quota message in containers
  * homework: sync everything to disk before we rename LUKS loopback file into place
  * homework: correct error passed into log message
  * homework: explicitly close cryptsetup context, to not keep loopback device busy
  * homework: downgrade chattr failure log message
  * home: make libpwquality dep a runtime dlopen() one
  * firstboot: hook up with libpwquality
  * update TODO
  * mountpoint-util: minor modernizations
  * mountpoint-util: use new kernel 5.8 statx() API for determining mnt_id
  * mountpoint-util: use new kernel 5.8 statx() API for determining mount points
  * update TODO
  * Merge pull request #16640 from keszybz/various-patches
  * Merge pull request #16771 from poettering/dyn-pwq
  * homed: default to "btrfs" as fs type in the LUKS backend
  * core: merge a few if blocks
  * mount-setup: drop pointless zero initialization
  * machine-id-setup: don't use KVM or container manager supplied uuid if in chroot env
  * path-lookup: path_join() all the things!
  * nspawn/machine: move mount propagation dir to /run/host/incoming
  * nspawn: move $NOTIFY_SOCKET into /run/host/ too
  * nspawn,pid1: pass "inaccessible" nodes from cntr mgr to pid1 payload via /run/host
  * nspawn: provide $container and $container_uuid in /run/host too
  * doc: document what we now place in /run/host
  * core: create per-user inaccessible node from the service manager
  * user-runtime-dir: deal gracefully with missing logind properties
  * Merge pull request #16221 from bluca/show_microsec
  * man: fix xml tags
  * analyze: rework condition testing
  * core: add missing conditions/asserts to unit file parsing
  * core: remove support for ConditionNull=
  * sd-bus: fix error handling on readv()
  * Merge pull request #16543 from poettering/nspawn-run-host
  * mount-util: tweak how we find inaccessible device nodes
  * Merge pull request #16804 from keszybz/conditionals-and-spelling-fixes
  * man: drop reference to long gone .busname unit type
  * namespace: move protect_{home|system} into NamespaceInfo
  * namespace: assert() first, use second
  * core: introduce ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs mount options
  * analyze-security: check for ProtectProc=/ProcSubset=
  * units: turn on ProtectProc= wherever suitable
  * man: document ProtectProc= and ProcSubset=
  * repart: don't unload data we configured explicitly, and fully free all data we match to disk
  * mkdir: add new mkdir_p_root() helper
  * loop-util: define API for syncing loopback device
  * shared: introduce mkfs-util.c/.h
  * makefs: port to generic make_filesystem() call
  * repart: make error code when operating on non-existing file a bit more useful
  * repart: add support for formatting newly created partitions
  * mkfs-util: add support for making vfat partitions
  * repart: split out code that mangles part table entries into function of its own
  * repart: let's wipe the partition table ourselves
  * repart: talk about future partitions
  * repart: wipe partition first, then discard
  * dissect: create directories we want to mount on
  * repart: add new CopyFiles= setting, for copying files into freshly made file systems
  * repart: add support for optionally encrypting partitions we create
  * repart: if --size= is specified as "auto" determine minimal size for disk image
  * test: add test for new repart features
  * man: document new repart features
  * update TODO
  * loop-util: LOOP_CONFIGURE ignores lo_sizelimit
  * Merge pull request #16681 from poettering/hidepid
  * core: drop redundant comment
  * Merge pull request #16833 from JackFangXN/master
  * Merge pull request #15662 from Werkov/fix-cgroup-disable
  * user-record: add recovery key fields to user record
  * journal: move qrcode printing code to src/shared/
  * home: add helper to process/normalize modhex64 recovery keys
  * homed: support recovery keys
  * homectl: teach homectl to generate recovery keys
  * docs: document new recovery key user record fields
  * man: document new homectl --recovery-key= switch
  * homed: mark LUKS loopback file as "dirty" via xattr when in use
  * homed: report a home directory as "dirty" if image file has dirty flag
  * update TODO
  * rm-rf: add new flag REMOVE_CHMOD
  * acl-util: make sure acl_find_uid() initializes return parameters on success
  * acl-util: beef up add_acls_for_user()
  * core: add credentials logic
  * core: hide /run/credentials whenever namespacing is requested
  * nspawn: add --set-credential= and --load-credential=
  * man: document pid1's new credentials logic
  * man: document nspawn's new credential switches
  * man: document credentials passing in the container interface
  * test: add test suite for new credentials logic
  * update TODO
  * Merge pull request #16765 from poettering/homed-recovery
  * in-addr-util: add byte accessor array to union in_addr_union
  * varlink: add helper for generating errno errors
  * json: add support for byte arrays to json builder
  * json: also add explicit dispatchers for 'int' and 'unsigned'
  * resolved: drop suppress_unroutable_family field
  * resolved: rename request → bus_request
  * resolved: move query bus tracking to resolved-bus.c
  * resolved: minor clean-ups for resolved-bus.c
  * resolved: add minimal varlink api for resolving hostnames/addresses
  * nss-resolve: port over to new varlink interface
  * tty-ask-pw-agent: make sure "--list" works correctly
  * tty-ask-pw-agent: the message string might not be set
  * tty-ask-pw-agent: properly propagate error
  * udev: use path_startswith() instead of startswith() in two more cases
  * Merge pull request #16866 from yuwata/networkctl-tiny-cleanups
  * Merge pull request #16864 from yuwata/coverity-fixes
  * device: propagate reload events from devices on everything but "add", and "remove"
  * time-util: add timespec_store_nsec()
  * tmpfiles: use statx() when aging files
  * networkd: consider any uevent other than "remove" sufficient for the network device to be ready
  * man: extend on the usec/sec discrepancy
  * basic: make sure we include inttypes.h when we use its types
  * analyze: fix error handling in one case
  * analyze: add 'capability' verb for dumping all known and unknown caps
  * Merge pull request #16874 from poettering/analyze-cap
  * resolved: make sure we initialize t->answer_errno before completing the transaction
  * tree-wide: no need to negate argument to ERROR_IS_XYZ()
  * resolved: remove superfluous ;;
  * sym: fix bad symbol file addition
  * man: document fd ownership for sd-bus fd marshalling
  * Merge pull request #16841 from keszybz/acl-util-bitmask
  * dissect-image: generate nice error when we can't detect any file system
  * CONTRIBUTING: be clearer about versions and RFE process
  * doc: cross link sd_listen_fd() docs a bit
  * Merge pull request #16727 from wusto/core-fix-securebits
  * test-functions: make sure we test our own libudev instead of the host libudev
  * udev: make tags "sticky"
  * libudev: also expose API to check for current tags in libudev
  * test: add test for new "sticky" tags logic
  * core: make sure to recheck current udev tag "systemd" before considering a device ready
  * logind: only apply ACLs for device currently tagged with "uaccess"
  * logind: always check current tag list before using a device
  * NEWS: explain the "bind"/"unbind" situation a bit
  * man: document the new libudev APIs
  * Merge pull request #16911 from keszybz/userdb-json-invalid-utf8
  * coredump: don't convert s → µs twice
  * nspawn: let's make LinkJournal an extended boolean
  * import: make sure gnu tar complains on tar files with trailing garbage
  * shared: rename crypt-util.c → cryptsetup-util.c
  * shared: make libcryptsetup dep dlopen
  * update TODO
  * Merge pull request #16940 from keszybz/socket-enotconn-cleanup
  * Merge pull request #16821 from cgzones/selinux_status
  * Merge pull request #16915 from poettering/cryptsetup-dlopen
  * stat-util: add new macros for declaring statx variable
  * stat-util: provide single fallback implementation of statx()
  * udev-test: make sure we run udev tests with selinux assumed off
  * udev-test: use mount_verbose() instead of mount(), to make debugging easier
  * udev-test: use SYNTHETIC_ERRNO() where useful
  * udev-test: don't mix alloca() and regular C stack allocation in one expression
  * Merge pull request #16945 from poettering/udev-test-selinux
  * resolved: ttl/hopcount sockopt is not a boolean
  * Merge pull request #16880 from yuwata/network-dhcp4-cleanups
  * sd-bus: move SD_BUS_MAXIMUM_(SIGNATURE|NAME)_LENGTH to sd-bus-protocol.h
  * ptyfwd: don't set prio if event source that might not exist
  * varlink: properly allocate connection event source
  * Merge pull request #16978 from keszybz/two-variable-reduction-patches
  * btrfs: if BTRFS_IOC_DEV_INFO returns /dev/root generate a friendly error message
  * tree-wide: if get_block_device() returns zero devno, check for it in all cases
  * Merge pull request #16955 from keszybz/test-execute-cleanup
  * resolve: DNSStubListenerExtra → DnsStubListenerExtra
  * resolved: move dns stub definitions to resolved-dns-stub.[ch]
  * resolved: don't store udp/tcp fd in DnsPacket object
  * Merge pull request #16979 from keszybz/return-log-debug
  * Merge pull request #16973 from poettering/btrfs-dev-root
  * Merge pull request #16982 from yuwata/socket-buffer-size
  * Merge pull request #16984 from yuwata/make-log_xxx_error-void
  * Merge pull request #16972 from wusto/ambient-and-keep-caps-corrections
  * Merge pull request #16635 from keszybz/do-not-for-each-word
  * logind: fix merge issue
  * socket: fix copy/paste error
  * sd-login: fix memory leak
  * copy: optionally, reproduce hardlinks from source in destination
  * tree-wide: copy hardlinks wherever we deal with possibly large OS-style trees
  * man: document that sd_bus_message_close_container() may only be called at end of container
  * tree-wide: prefer AF_xyz over PF_xyz
  * network: don't fail on various config parse errors
  * ethtool-util: don't pass error value that isn't used to log_syntax
  * bootctl: don't accidentally propagate errors in "bootctl status"
  * systemd-user: move pam snippet default location to /usr/lib/pam.d
  * fs-util,tmpfiles: fix error handling of fchmod_opath()
  * Merge pull request #16986 from yuwata/network-fix-routing-policy-rule-issue-16784
  * Merge pull request #16947 from keszybz/socket-parsing-rework
  * timesyncd: don't attempt to call IP_TOS sockopt on IPv6 sockets
  * tree-wide: add helper for IPv4/IPv6 sockopts
  * man: always document both the ipv4 and the ipv6 sockopt
  * sd-path: use ROOTPREFIX without suffixed slash
  * pkg-config: prefix is not really configurable, don't pretend it was
  * Merge pull request #17005 from poettering/sockopt-ipv4-ipv6
  * hostnamed: add various debugging log messages when we determine chassis type
  * Merge pull request #17020 from yuwata/backlight
  * unit: declare BusName= in all our units that are on the bus, event if they don't use Type=dbus
  * logind: minor simplification
  * logind: clarify what the second argument of session_stop() means when calling it
  * logind: make sure when we are explicitly asked to terminate session/user/seat to use "replace" job mode
  * Merge pull request #17028 from poettering/logind-replace-job
  * mkosi: include libfido2 in fedora mkosi image
  * test-acl-util: skip test if /tmp doesn't do ACLs
  * socket: downgrade log warnings about inability to set socket buffer sizes
  * hashmap: make sure to initialize shared hash key atomically
  * man: document that RemainAfterElapse=no means that also the triggered unit needs to deactivate
  * core: don't warn if BusName= is used for non-Type=dbus services
  * service: add implicit dbus deps only for Type=dbus units
  * test-fileio: use test strings that are actually valid in shell
  * env-file: bring our decoding of double-quoted strings in env files in line with shell
  * test-env-file: add test that tests our env file read + writer + shell against each other
  * test-fileio: test test strings with shell, too
  * core: propagate triggered unit in more load states
  * core: propagate unit start limit hit state to triggering path unit
  * unit-def: drop pointless 0 initialization of first enum value
  * Merge pull request #17027 from poettering/env-escape-fix
  * bootctl: handle if LoaderSystemToken is invalid for some reason
  * tree-wide: don't needlessly negate error number passed to bus_error_message()
  * man: rework UMask= explanation
  * Merge pull request #17049 from mrc0mmand/code-and-spell-check
  * tests: try to allocate a delegated scope unit for our cgroup tests
  * test: remove test-dissect-image
  * dissect: rename mount_options_from_part() → mount_options_from_designator()
  * dissect: introduce PartitionDesignator as real type
  * gpt: move GPT_LINUX_GENERIC definition next to the user GPT partition types
  * Merge pull request #16675 from topimiettinen/exec-syscall-error-action
  * Merge pull request #17076 from poettering/dissect-cleanup
  * repart: don't mark image files generated with --empty=create executable
  * dissect: wrap verity settings in new VeritySettings structure
  * nspawn: check return of setsid()
  * nspawn: print log notice when we are invoked from a tty but in "pipe" mode
  * nspawn: fix fd leak on failure path
  * nspawn: don't become TTY controller just to undo it later again
  * nspawn: add --console=autopipe mode
  * dissect: three trivial fixes
  * dissect: always invalidate secondary arch partitions if we found primary arch
  * dissect: is_loop_device() returns negative on error, don't mistake that is true
  * dissect: use structured initialization, it's prettier
  * dissect: show partition output even if os-release is missing
  * Merge pull request #17093 from poettering/dissect-tweaks2
  * Merge pull request #17092 from keszybz/libtool-excorcism
  * Merge pull request #16981 from keszybz/use-crypt_ra
  * update TODO
  * homed-bus: add missing spdx header
  * homed: make it easier to run multiple instances of homed
  * homed: make sure our worker processes finish before we exit
  * homed: make clean that --storage=directory --image-path=/dev/some-block-device is not supported
  * units: pass CAP_SYS_RESOURCE to homed
  * mkosi: include libfido2 binary package in mkosi manually for now
  * gpt: add new GPT partition types of /usr partitions
  * dissect-image: process /usr/ GPT partition type
  * man: emphasize that part table shown by systemd-dissect is not complete
  * doc: document the new GPT partition type UUIDs
  * update TODO
  * Merge pull request #17101 from poettering/gpt-usr
  * homed: don't block logins into accounts with future change time
  * homed: ignore ratelimiting counters when timestamp is from future
  * user-record: don't refuse login when last pw change time is in the future
  * homed: show actual file system in messages about file systems
  * homed: in images that lack mkfs.btrfs automatically fall back to ext4
  * tree-wide: use ERRNO_IS_PRIVILEGE() whereever appropriate
  * ptyfwd: use ERRNO_IS_DISCONNECT() when checking for disconnection on foreign fds
  * Merge pull request #17086 from keszybz/developer-mode-default
  * Merge pull request #17127 from poettering/errno-fixup
  * Merge pull request #17124 from bluca/copypasta
  * Merge pull request #17130 from keszybz/static-analyzer-cleanups
  * machine: fix error code propagation in two cases
  * sd-radv: fix indentation
  * catalog: add missing @ to German catalog file
  * update TODO
  * sysusers: modernize file backup logic a bit
  * fs-util: drop chmod_and_chown_unsafe() which is unused now
  * basic: update fd_get_path() to use proc_mounted() helper
  * fs-util: use strna() on returned strings of fd_get_path() if we don't check its return value
  * fs-util: check for /proc mounted in access_fd()
  * shutdown: fsync() before detaching loopback devices
  * shutdown: don't compare pointers with 0
  * shutdown: also fsync() MD devices when going down
  * shutdown: also fsync() DM devices before going down
  * mount-util: add helpers for mount() without following symlinks
  * mount-util: make sure get_mount_flags() ever follows symlinks
  * mount-util: switch most mount_verbose() code over to not follow symlinks
  * mount-util: rework umount_verbose() to take log level and flags arg
  * tree-wide: switch remaining mount() invocations over to mount_nofollow_verbose()
  * tree-wide: port remaining umount() calls to umount_verbose()
  * update TODO
  * Merge pull request #17144 from poettering/mount-nofollow
  * Merge pull request #17118 from poettering/sync-shutdown-loop
  * Merge pull request #17143 from keszybz/late-exec-resolution-alt
  * Merge pull request #17148 from jlebon/pr/crypt-source
  * loop-util: use right flags field
  * loop-util: apparently opening a loop device sometimes results in ENXIO, handle this
  * Merge pull request #17166 from poettering/loop-mini-fixes
  * mount-util: show mount source in mount_verbose_full() debug output
  * repart: use proper API to check if block device can do partition scanning
  * man: fix reference to unit file
  * update TODO
  * udev-util: simplify device_is_renaming() error handling
  * selinux: add apis to set labels/fix labels per fd instead of path
  * fs-util: add new futimens_opath() helper
  * udev: apply access mode/ownership to device nodes with O_PATH
  * dns-domain: add helper that checks whether domain is dot suffixed
  * resolved: imply SD_RESOLVED_NO_SEARCH when looking up trailing dot domains
  * Merge pull request #17194 from poettering/dot-suffix
  * log: optionally display thread ID in log output to tty
  * log: include TID= field in structred log output
  * seccomp-util: add cacheflush() syscall to @default syscall set
  * resolved: expose a new bus property that informs about the /etc/resolv.conf mode
  * resolvectl: show resolv.conf mode in resolvectl output
  * resolved: turn off that a search domain is derived from the host's fqdn
  * Merge pull request #17087 from yuwata/man-initial-congestion-window
  * Merge pull request #17195 from keszybz/man-cleanups
  * Merge pull request #17203 from poettering/resolv-conf-mode
  * homed: explicitly deactivate all home directories on shutdown
  * man: mention that sd_bus_send() buffers locally, and sd_bus_process() is needed to flush it out
  * log: update comment
  * log: normalize log target condition check
  * generator: use kmsg in system-level generators, journal otherwise
  * bootspec: don't fail with EIO if searching for ESP and finding one without an enveloping partition table
  * Merge pull request #17213 from keszybz/man-cleanups
  * Merge pull request #17154 from keszybz/crypttab-commas
  * Merge pull request #17152 from keszybz/make-mountapivfs-default
  * execute: add helper for checking if root_directory/root_image are set in ExecContext
  * execute: use empty_to_root() a bit more
  * Merge pull request #17172 from keszybz/read-login-defs
  * ptyfwd: reopen stdin/sdout before setting O_NONBLOCK
  * nspawn: don't chown() stdin/stdout passed in when --console=pipe is used
  * github: ask for arch+kernel in bug report form
  * add stuff to NEWS for 247
  * update TODO
  * man: fix typo systmed → systemd
  * virt: reference correct file path in log message
  * man: fix table alignment
  * pager: set $LESSSECURE whenver we invoke a pager
  * sd-event: optionally, if an event source fails, exit the event loop
  * man: add docs for sd_event_source_set_exit_on_failure()
  * socket-proxy: close correct fd, log at right log level
  * socket-proxy: port to new sd_event_source_set_exit_on_failure() API
  * test: add test that validates that PTR_TO_INT(INT_TO_PTR()) covers whole int range
  * udev-util: make use of sd-event's NULL callback support
  * sd-event: support callback=NULL in IO/child/inotify/defer event sources, too
  * udev: make use of NULL callback in IO handlers
  * Merge pull request #17238 from keszybz/man-tmp-noexec
  * Merge pull request #17231 from poettering/event-source-exit-on-failure
  * update TODO
  * systemctl: drop unsused variable original_stdout_is_tty
  * basic: include stddef.h since we use NULL in header
  * pretty-print: don't abbreviate needlessly in user-facing string
  * systemctl: move compare_unit_info() to bus-unit-util.[ch]
  * systemctl: split up humungous systemctl.c file
  * Merge pull request #17279 from poettering/systemctl-split-up
  * missing-syscall: fix copypasta
  * sd-event: check return value of syscals directly, avoid redundant variable assignment
  * ratelimit: add ratelimit_configured() helper
  * Merge pull request #17289 from keszybz/two-coverity-fixes
  * udev-util: ignore remove events, we care about initialization after all
  * udev: make sure to install an inotify watch whenever we find a block device locked
  * shared: make libidn/libdidn2 dependency a dlopen() one
  * update TODO
  * Merge pull request #17286 from benzea/benzea/xdg-autostart-improvements
  * Merge pull request #17211 from poettering/udev-loop-fixes
  * docs: clarify that udev watches for IN_CLOSE_WRITE (and not IN_CLOSE)
  * resolved: don't append RFC6975 data to stub replies
  * Merge pull request #17273 from mrc0mmand/coccinelle-check-for-bad-errno
  * Merge pull request #17302 from keszybz/fix-inhibitors
  * update TODO
  * sysctl: set kernel.core_pipe_limit=16
  * analyze: show ungrouped syscalls separately (#17343)
  * alloc-util: avoid allocating zero size memory blocks
  * seccomp: allowlist close_range() by default in @basic-io
  * missing: add close_range() wrapper
  * fd-util: port close_all_fds() to close_range()
  * test-fd-util: add test case for close_all_fd()
  * update TODO
  * execute: fix single character typo
  * execute: make sure some more functions follow coding style
  * core: debug log about received fds
  * Merge pull request #17338 from poettering/close-range
  * sd-bus: initialize return values on success in sd_bus_message_read_array()
  * man: update sd_bus_message_read_array() docs to clarify return value 0 vs. 1
  * Merge pull request #16968 from yuwata/remove-old-device-on-move-event
  * Merge pull request #17188 from keszybz/envvars-posix
  * Merge pull request #17270 from keszybz/less-secure-mode
  * bootctl: separate boot loader specific commands in man and --help
  * Merge pull request #17350 from poettering/bus-read-array
  * Merge pull request #17351 from poettering/exec-rt-typo-fix
  * update NEWS
  * pager: lets check SYSTEMD_PAGERSECURE with secure_getenv()
  * systemctl: fix tabs indentations
  * Merge pull request #17359 from poettering/lesssecuresecure
  * pid1: ignore whole /run/host hierarchy
  * Merge pull request #17358 from keszybz/hwdb-add-stars
  * core: add comment explaining unit_kill_context() vs. unit_kill_common() a bit
  * core: correct handling of "systemctl kill --kill-who=main-fail"
  * core: log about "systemctl kill" requests
  * man: document that ConditionKernelCommandLine= looks at /proc/1/environ in containers
  * man: document that for Type=dbus services dropping bus name has consequences
  * doc: document charset to use for bootspec entry names
  * bootspec: tweak error message
  * tmpfiles: no need to specify a synthetic error code if we don't propagate it
  * docs: some coding style updates
  * Merge pull request #17389 from poettering/bootspec-clarifications
  * Merge pull request #17387 from anitazha/systoomd_fixups
  * Merge pull request #17344 from keszybz/bus-connect-more-logs
  * util: make size macros unsigned
  * update TODO
  * Merge pull request #17401 from mrc0mmand/sempahore-fixups
  * dhcp-server: make parameter const
  * Merge pull request #17407 from keszybz/test-ipcrm
  * test-mountpoint-util: run test in private mount namespace
  * Merge pull request #16444 from oniko/luks-detached-header
  * Merge pull request #17400 from yuwata/network-route-counter-17396
  * Merge pull request #17356 from yuwata/sd-xxx-stop
  * macro: introduce POINTER_MAX as define for (void*) -1
  * Merge pull request #17412 from mrc0mmand/ghworkflow-buildtest-improvements
  * Merge pull request #13589 from williamvds/systemctl-edit-copy
  * Merge pull request #17415 from keszybz/logind-resolved-docs
  * update NEWS
  * net_id: fix newly added naming scheme name
  * clock-util: trivial clean-ups
  * Merge pull request #16632 from keszybz/test-path-yet-again
  * Merge pull request #17324 from keszybz/resolvectl-compat-output
  * loop-util: handle EAGAIN on LOOP_SET_STATUS64
  * loop-util: LOOP_CLR_FD is async, don't retry to reuse a device right after issuing it
  * dissect-image: wait for udev device to be initialized early
  * dissect-image: rework how we wait for partitions
  * loop-util: if a loopback device we want to use still has partitions, do something about it
  * udev-util: use absolute rather than relative timeout when waiting for devices
  * dissect: retrigger devices if we missed uevents
  * loop-util: wait a random time before trying again
  * test: add heavy load loopback block device test
  * Merge pull request #17418 from poettering/news-247-more
  * Merge pull request #16859 from poettering/loop-eagain
  * update hwdb
  * build-sys: prepare 247-rc1
  * update TODO
  * Merge pull request #17427 from poettering/v247-bump
  * sd-event: split out enable and disable codepaths from sd_event_source_set_enabled()
  * tree-wide: cast result of get_process_comm() to (void) where we ignore it
  * man: add references to fifo(7) and mq_overview(7) man pages
  * socket-util: make socket_set_recvpktinfo control PACKET_AUXDATA sockopt on AF_PACKET
  * journald: remove pointless conditionalization
  * conf-parser: add a flavour of DEFINE_CONFIG_PARSE_ENUM() that allows specifiying the precie from_string() function to call
  * core: add Timestamping= option for socket units
  * man: document the new Timestamping= option
  * units: turn on timestamping for journald sockets
  * resolved: use structured initialization everywhere
  * resolved: remove redundant conditionalization
  * resolved: advertise smaller UDP datagram size on extra stubs
  * Merge pull request #17471 from keszybz/man-update-fedora-version
  * pid1: various minor watchdog modernizations
  * automount: make user unmounting for automount units more debuggable
  * update TODO
  * fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name
  * man: remove misplaced comma
  * resolved: check return value of memdup() correctly for OOM
  * resolved: put size limit in DnsAnswer size to UINT16_MAX
  * resolved: fix dumping of DnsAnswer objects
  * resolved: drop unused family argument from manager_routable()
  * resolved: handle RRs where we don't have a signer
  * update TODO
  * seccomp: allow turning off of seccomp filtering via env var
  * errno: ETIMEDOUT is also a connection error
  * resolved: suppress misleading debug message about ignored resolv.conf line
  * resolved: add minor optimization path to dns_answer_merge()
  * resolved: show all answer flags when dumping answer
  * resolved: add comments for various query flags
  * resolved: don't resolve "local." via LLMNR
  * resolved: slightly extend debug log output about outgoing messages
  * Merge pull request #17534 from poettering/resolved-more-tweaks
  * resolved: fix non-initialized memory access
  * Merge pull request #17549 from yuwata/tiny-fixes
  * Merge pull request #17555 from yuwata/ethtool-get-driver
  * Merge pull request #17497 from anitazha/randomizeonce
  * update NEWS
  * git-contrib: exclude -rc tags
  * hwdb: update
  * man: properly list relative time event source API in man page
  * Merge pull request #16603 from benzea/benzea/special-app-slice
  * man: add missing full stop
  * update TODO
  * man: suffix settings name with = and enclose in <varname>
  * seccomp: move brk+mmap+mmap2 into @default syscall filter set
  * Merge pull request #17658 from jwrdegoede/hwdb-accel-work
  * Merge pull request #17649 from yuwata/resolve-dnssd-template-name
  * Merge pull request #17687 from yuwata/use-localtime_or_gmtime_r
  * Merge pull request #17685 from yuwata/curl-no-oldies
  * Merge pull request #17676 from yuwata/lgtm-fixes
  * Merge pull request #17669 from yuwata/coccinelle-update
  * Merge pull request #17680 from yuwata/udev-link-mac-address
  * NEWS: mention that we intend to retrigger udev devices on package upgrade
  * specifiers: introduce common macros for generating specifier tables
  * cryptsetup: use strjoin() for concatenating strings
  * units: typo fix /proc/<pid>/exec → /proc/<pid>/exe
  * mkosi: make sure our mkosi files work with f33
  * cryptsetup: use log_warning_errno() where we can, instead of log_warning()
  * docs: document what VPNs should do to systemd-resolved.service
  * journal-remote: erase secret PEM key from memory after use
  * dissect-image: use simple version of read_full_file() where we can
  * repart: warn about world writable key files
  * journal-remote: use READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE when reading PEM secret key
  * man: mention that --key= is about *secret* keys
  * journal-remote: suffix cmdline option that expects arg with =
  * fileio: teach read_full_file_full() to read from offset/with maximum size
  * cryptsetup: port PKCS#11 code to read key file with read_full_file()
  * cryptsetup: port cryptsetup's main key file logic over to read_full_file_full()
  * cryptsetup: modify keyfile search logic to use read_file_full() too
  * man: document how cryptsetup keys may be acquired via AF_UNIX sockets
  * man: drop comment about ECC vs. RSA and Yubikey
  * update TODO
  * sd-event: mention that two debug logged events are ignored
  * sd-event: split clock data allocation out of sd_event_add_time()
  * sd-event: split out code to add/remove timer event sources to earliest/latest prioq
  * sd-event: let's suffix last_run/last_log with "_usec"
  * sd-event: ref event loop while in sd_event_prepare() ot sd_event_run()
  * sd-event: follow coding style with naming return parameter
  * sd-event: remove earliest_index/latest_index into common part of event source objects
  * sd-event: add ability to ratelimit event sources
  * man: document new ratelimiting APIs
  * copy: teach copy_file() that a mode=-1 call means "take mode from original file"
  * fs-util: add conservative_rename() that suppresses unnecessary renames
  * resolved: don't update resolv.conf snippets unnecessarily
  * socket-util: add sockaddr_in_addr() helper
  * resolved: bind socket to interface during connect()
  * resolved: properly check per-link NTA list
  * resolved: log when a bus client changes per-link DNS info
  * resolved: automatically flush caches on clock change
  * dns-domain: try IDN2003 rules if IDN2008 doesn't work
  * resolved: insert large dgram size into EDNS0 only when in LARGE UDP mode
  * resolved: lower SERVFAIL cache timeout from 30s to 10s
  * resolved: never allow _gateway lookups to go to the network
  * resolved: use stat_inode_unmodified() to detect /etc/hosts changes
  * resolved: beef up logic for suppressing "localhost" entry in /etc/hosts
  * stub: don't ever respond to datagrams coming in on non-localhost addreses, on the stub
  * Merge pull request #17830 from yuwata/update-kernel-headers
  * build.h: add a bunch of missing features strings
  * core: add ConditionSecurity=tpm2 support
  * update TODO
  * Merge pull request #17812 from poettering/systemctl-version-feature-update
  * Merge pull request #17079 from keszybz/late-exec-resolution
  * Merge pull request #17836 from poettering/tpm2-condition
  * random-util: open /dev/urandom implicitly in random_write_entropy() if needed
  * Merge pull request #17809 from yuwata/network-address-fixes-17803
  * resolved: improve log message when we use TCP a bit
  * local-addresses: make returning accumulated list optional
  * resolved: synthesize NODATA instead of NXDOMAIN if gateway exists, but of other protocol
  * dlfcn-util: add DLSYM_ARG() helper
  * tree-wide: make use of new DLSYM_ARG() macro everywhere
  * dns-domain: follow coding style, initialize ret params on success
  * dns-domain: initialize return param on success
  * Merge pull request #17843 from poettering/dlfcn-dlsym-arg
  * Merge pull request #17854 from poettering/dns-domain-ret-fix
  * cryptsetup: give command line parameters proper names
  * dissect: don't declare unused variables on archs that have no GPT discovery
  * socket-util: add sockopt helper for controlling IP_RECVFRAGSIZE
  * socket-util: add getsockopt_int() helper
  * socket-util: add common API for querying socket MTU
  * async: add trivial cleanup wrapper for asynchronous_close()
  * logind: fix closing of button input devices
  * logind: use free_and_strdup() where appropriate
  * qrcode-util: make dlopen() logic more like the other cases
  * test: add test that dlopen()'s all our weak library deps once
  * man: document that automount units are privileged
  * log: add helper set sets log level in all realms
  * virt: drop /proc/1/sched hack
  * Merge pull request #17884 from poettering/test-dlopen
  * Merge pull request #17869 from DaanDeMeyer/mkosi-gdb
  * Merge pull request #17851 from yuwata/network-address-compare-func
  * three spdx header fixes
  * veritysetup: also place udev socket dep
  * Merge pull request #17903 from yuwata/udev-options-log-level
  * Update TODO
  * sd-bus: use SOCK_CLOEXEC on one more socket
  * machine: drop really old kdbus left-over
  * logs-show: drop redundant validation of machine name
  * hostname-util: explain what 'LDH' is
  * hostname-util: flagsify hostname_is_valid(), drop machine_name_is_valid()
  * hostname-setup: clarify that failures reading /etc/hostname are ignored
  * firstboot: clean-up the copied hostname, not argv[] directly, as that's ugly
  * sd-bus: make credential acquisition more graceful
  * sd-bus: 'ret' parameter to sd_bus_query_sender_creds() is not optional, check for it
  * sd-bus: add API for connecting to a specific user's user bus of a specific container
  * man: document new ability to connect to user of container
  * stdio-bridge: add support for --system and --user
  * bus-util: improve logging when we can't connect to the bus
  * Merge pull request #17967 from poettering/connect-user-bus
  * resolved: always take a timestamp when first seeing a packet
  * Merge pull request #17026 from fw-strlen/nft_16
  * Merge pull request #17702 from rnhmjoj/master
  * terminal-util: use 256 color mode for PID 1 output, too
  * tree-wide: suggest meson command lines instead of ninja ones
  * test: fix fd_is_mount_point() check
  * homed: move homectl's recovery key generation/modhex code to src/shared/
  * homed: move helper calls for RSA encryption to shared code
  * homed: move pkcs11 LUKS glue into shared code
  * homed: split out code that determines suitable LUKS passphrase size from RSA key
  * homed: move code to list and resolve "auto" pkcs#11 URL into common code
  * cryptsetup-util: add helper call for extracting/parsing token JSON
  * cryptsetup-util: add helper for setting minimal PBKDF
  * cryptsetup: split code that allocates udev security device monitor into its own function
  * cryptsetup: be more careful with erasing key material from memory
  * cryptsetup: read PKCS#11 key and token info from LUKS2 metadata
  * cryptsetup: split up attach_luks_or_plain_or_bitlk() into smaller functions
  * homed: turn libfido2 into a dlopen() type dependency
  * homed: move fido2 device enumeration logic to shared code
  * homed: move fido2 setup code to src/shared/
  * homed: split out HMAC-HASH fido2 decode code into src/shared/
  * fido2: don't use up/uv/rk when device doesn't support it
  * cryptsetup: add fido2 support
  * cryptenroll: add new "systemd-cryptenroll" tool for enrolling FIDO2+PKCS#11 security tokens
  * sort-util: make cmp_int() generic, so that we can reuse it elsewhere
  * json: add APIs for quickly inserting hex blobs into as JSON strings
  * cryptenroll: add support for TPM2 enrolling
  * cryptenroll: support listing and wiping tokens
  * cryptsetup: add support for TPM2 unlocking of volumes
  * string-table: add private version of lookup macro with boolean fallback
  * repart: optionally lock encrypted partitions to TPM2
  * test: add tpm2 and fido2 libs to dlopen test
  * fido2: when listing fido2/hmac-secret devices, actually validate feature set
  * man: document new features
  * mkosi: add TPM2 packages to debian/ubuntu/fedora mkosi files
  * update TODO
  * units: don't pull in time-sync.target from systemd-timesyncd.service
  * core: order timer units after both time-sync.target and time-set.target
  * man: document that .timer units now have After= on both time-set.target + time-sync.target
  * Merge pull request #17741 from poettering/cryptsetup-fido2
  * Merge pull request #15531 from felipeborges/add-device-model-field-to-hostnamed
  * man: extend time-{set,sync}.target + systemd-timesyncd/wait-sync docs
  * man: apply @Minoru's suggestions from code review
  * man: use 'weak' and 'strong' for explaining difference between Wants= + Requires=
  * update TODO
  * doc: add missing comma in DISCOVERABLE_PARTITIONS.md
  * update TODO
  * string-util: imply NULL termination of strextend() argument list
  * string-util: use GREEDY_ALLOC_ROUND_UP() in strextend()
  * Merge pull request #18150 from poettering/strextend-tweak
  * Merge pull request #18044 from weblate/weblate-systemd-master
  * stat-util: don't try to open path on path_is_temporary_fs()
  * machine-image: use structured initialization
  * machine-image: pick up crtime of directory images, too
  * Merge pull request #18179 from poettering/machine-image-tweaks
  * json: add new json format flag for disabling JSON output
  * json: add generic cmdline parser for --json= switch
  * json: port various tools to the new JSON_FORMAT_OFF flag
  * busctl: port busctl to JSON_FORMAT_OFF too
  * test-xattr-util: don't insist that /usr supports xattrs
  * Merge pull request #18183 from poettering/arg-json-rework
  * virt: merge three variable declarations
  * virt: debug log on unexpected error conditions
  * virt: fix path mentioned in log message
  * update TODO
  * meson: catch up with 'update-man-rules'
  * tmpfiles: document that the "argument" field doesn't do quotes
  * extract-word: don't rely on C's downgrade-to-bool feature for chars
  * tmpfiles: add ANSI highlighting to our help text
  * test: add a test that ensures we don't regress on "argument" field handling in tmpfiles.d
  * import: mangle untarred OS images after pull-tar, too
  * Merge pull request #18227 from yuwata/network-dhcp6-pd-manage-temporary-address
  * update TODO
  * unit-file: fix indentation
  * unit-file: downgrade log message to debug
  * systemctl: properly initialize return params in all success cases
  * systemctl: explicitly comment two cases where we don't log on error cases, on purpose
  * systemctl: unit_file_find_fragment() doesn't log about errors, hence do it in the caller
  * Merge pull request #18124 from ryncsn/initrd
  * Merge pull request #18214 from elmarco/vsock
  * fs-util: make laccess() macro follow our usual error propagation
  * Merge pull request #17576 from gportay/veritysetup-add-support-for-dm-verity-flags
  * systemctl: use right type 'size_t' for counting memory
  * update TODO
  * sysext: new tool for managing "system extensions" for /usr/ + /opt/
  * units: add systemd-sysext.service unit for auto-activating extensions at boot
  * man: add man page for systemd-sysext
  * machine-image: properly support searching for images below some --root= path
  * update TODO
  * test: improve a log message while building test images
  * meson: bindir is the default install_dir, no need to mention it
  * Merge pull request #18129 from keszybz/envvars
  * Merge pull request #18181 from poettering/sysext
  * fs-util/rm-rf: improve remove+free destructors to take and return NULL
  * import: comment indent fix
  * import: make scope of variable smaller
  * import: use TAKE_PTR() where available
  * import: rework how verification works
  * import: reset PullJob properly
  * import: small memory management simplification
  * import: turn on HTTP logging in debug mode
  * import: ignore non-successful HTTP codes for collecing image metadata
  * import: optionally pull .verity + .roothash.p7s data when downloading
  * import: refactor how we do gpg validation
  * Merge pull request #18307 from poettering/import-verity-download
  * execute: for processes where creds logic is turned off, don't pass creds path to namespace logic
  * markdown: suggest backticks around uname -a output
  * markdown: fix comment
  * tree-wide: ignore messages with too long control data
  * sysext: use log_setup_cli()
  * sysext: split version validation logic into function of its own
  * sysext: rework command line interface to be verb-based
  * sysext: add --force swich for forcibly ignoring version incompatibilities
  * man: document recent systemd-sysext interface changes
  * core: make NotifyAccess= in combination with RootDirectory=/RootImage= work
  * man: document how get logging to work in a RootDirectory=/RootImage= environment
  * portabled: update profiles to current semantics
  * varlink: make 'userdata' pointer inheritance from varlink server to connection optional
  * format-table: add new helper table_print_with_pager()
  * busctl/homectl: port the obvious cases to table_print_with_pager()
  * repart: port to table_print_with_pager()
  * sysext: port to table_print_with_pager()
  * dissect: almost port systemd-dissect to table_print_with_pager()
  * busctl: show --help in pager
  * man: share a common explanation for --json=
  * portabled: add BindPaths=/run back into "trusted" policy
  * import: don't apply empty_or_dash_to_null() to stuff we know is NULL anyway
  * import: introduce ImportFlags flags field
  * import: drop redundant {}, as per coding style
  * import: set up btrfs qgroups on correct hierarchy
  * import: downgrade error messages we ignore to LOG_WARNING
  * repart: improve help text
  * import-common: fix log message string
  * import-common: when mangling OS trees, propagate ownership/mode from subdir to parent
  * Merge pull request #18382 from yuwata/fix-downgrade-to-bool
  * Merge pull request #18377 from yuwata/sd-device-cleanups
  * Merge pull request #18388 from keszybz/update-target-rename
  * import: fix typo in help text
  * import: use unlink_and_free() + rm_rf_subvolume_and_free() more
  * import: don't invoke compress callbacks with empty data
  * import: make sure we can import empty files
  * import: properly verify roothash_signature + verity download, too
  * Merge pull request #18408 from poettering/import-fixlets3
  * Merge pull request #18399 from keszybz/man-proofreading
  * Merge pull request #18432 from yuwata/libude-list-cleanups
  * path-util: tighten path_extract_filename()
  * logind: simplify flags handling a bit
  * shared: rename machine-image.[ch] → discover-image.[ch]
  * discover-image: don't mix two types of stack allocation in one line
  * copy: also attempt to copy atime/mtime when copying symlinks, device nodes, fifos
  * copy: simplify futimens() invocation
  * path-util: tighten path_is_valid() checks
  * import: fix etag detection support
  * import: use +i (immutable) chattr flag for marking OS images read-only
  * fs-util: make sure conservative_renameat() properly detects identity of longer files
  * test-fs-util: beef up test for conservative_renameat()
  * Merge pull request #18472 from poettering/conservative-rename-fix
  * Revert "resolvectl: Add show-multicast verb to show discovered LLMNR/mDNS hosts"
  * Merge pull request #18318 from yuwata/network-route-table-name
  * nss-resolve: accept zero ifindex when parsing resolved reply
  * nss-resolve: shortcut fixing of ifindex if it's zero anyway
  * Merge pull request #18482 from poettering/resolved-nss-varlink-ifindex-fix
  * resolved: suppress ifindex info in varlink JSON responses if zero
  * github: ask for systemd version in RFE form
  * copy: use stat_verify_directory() where appropriate
  * format-table: don't hit assert if column got less width than it asked for
  * inhibit: cut off overly long "who" fields
  * Merge pull request #18518 from poettering/inhibit-limit-columns
  * resolved: add helper dns_packet_dup() for duplicating packets
  * resolved: introduce dns_transaction_key() helper for getting RR key for transaction
  * resolved: add logic for patching OPT max udp size of existing packet
  * resolved: add logic for patching TTLs of full packets
  * resolved: add dns_answer_contains() helper
  * resolved: slight modernizations of resolved-dns-answer.c functions
  * resolved: replace DNS_ANSWER_FOREACH_FULL() iterator macro with DNS_ANSWER_FOREACH_ITEM()
  * resolved: add new DnsAnswerFlags indicating originating section when parsing
  * resolved: add RRSIG field to DnsAnswerItem
  * resolved: if dns_packet_append_answer() fails count how many RRs were successfully added
  * resolved: DNS_CLASS_ANY lookups are OK too
  * resolved: add support for answering DNSSEC questions on the stub
  * resolved: avoid NOTIMP error when looking up not supported requests
  * resolved: drop timestamp parameter to dns_cache_put() we don't ever pass
  * analyze: slightly reword PrivatTmp= message
  * format-table: make UID/GID/PID fields first class citizens + add signal cell type
  * format-table: when generating json, synthesize "null" for invalid ifindex
  * coredumpctl: modernize table output
  * man: document new coredumpctl features
  * coredumpctl: include coredump size in output
  * clock-util: modernize settimeofday() timezone calls
  * github: expressly ask for logs in github issue template
  * manager: simplify uid-ref/gid-ref a code a bit
  * core: fix manager_ref_gid() parameter name in header
  * Merge pull request #18521 from poettering/coredumpctl-table
  * Merge pull request #18440 from bluca/portable_upgrade
  * core: improve log message when unit deactivates cleanly
  * tmpfiles: explicitly say we need /proc/ to run
  * sd-netlink: revamp message serial handling
  * sd-netlink: use getsockopt_int() where appropriate
  * sd-netlink: reduce indentation levels a bit
  * sd-netlink: spread out sequence numbers a bit
  * efivars: debug log if we fail to detect whether /sys/firmware/efi/ exists
  * efi-loader: add efi_has_tpm2() helper
  * bootctl: show whether the firmware has TPM2 support
  * condition: if spelunking through /sys/class/tpmrm doesn't work ask EFI if TPM2 exists
  * Merge pull request #18558 from poettering/have-tpm2
  * resolved: never route DNSSEC traffic to LLMNR/mDNS
  * Merge pull request #18568 from keszybz/v248-prep
  * core: slightly improve error message on load errors
  * udev: make net_setup_link builtin quiet when link vanishes while we operate on it
  * random-util: add random_u64_range() that acquires a random number from a certain range, unbiased
  * answer: add helper for randomizing RR of answers
  * answer: minor refactor – move link local check into RR code
  * resolved: randomize RR order in answers each time we get something from the cache
  * nss-resolve: allow turning off validation via env var
  * units: turn off DNSSEC validation when timesyncd resolves hostnames
  * resolved: if request on stub has AD set, respond with valid AD even if DO is not set
  * resolved: gracefully handle with packets with too large RR count
  * resolved: gracefully handle trailing packet garbage
  * resolved: tweak answer reserve/clone logic a bit
  * resolved: rename manager_our_packet() → manager_packet_from_local_address()
  * resolved: refuse packets looped back to us
  * resolved: refuse sending packets to our own stub listeners
  * resolvectl: add support for various new flags
  * Merge pull request #18580 from keszybz/signal-list
  * resolved: move mdns event sources close to the fds
  * resolved: allow DNS_PACKET_DATA() argument to be const
  * resolved: allow DNS_PACKET_DATA() argument to be const
  * resolved: filter repeated stub queries
  * update TODO
  * resolved: reuse check for link-local IP address lookups
  * resolved: don't redundantly switch DNS servers because of transaction failures
  * socket-util: fix indentation
  * socket-util: tighten parsing of ifnames
  * Merge pull request #18605 from poettering/suppress-repeated-stub
  * resolved: instead of closing DNS UDP transaction fds right-away, add them to a socket "graveyard"
  * resolved: close UDP socket when we received a network error on it
  * Merge pull request #18579 from keszybz/fix-fragment-id-crash
  * journalctl: rotation is not a reason to warn, but certainly noteworthy
  * resolvectl: clarify IDNA and search path logic in combination with "resolvectl query --type="
  * Merge pull request #18603 from poettering/socket-graveyard
  * Merge pull request #18611 from poettering/ifname-validate-tighter
  * resolved: replace "answer_authenticated" bool by uint64_t query_flags field
  * resolved: add "confidential" flag for replies passed to clients
  * resolved: propagate source where an RR from back to client
  * Merge pull request #18617 from poettering/resolved-confidential
  * resolved: log process info of clients requesting resolution via D-Bus
  * resolved: let's preferably route reverse lookups for local subnets to matching interfaces
  * resolved: reduce indentation level a bit
  * resolved: paranoia — ensure DNS reply came over stream we sent it to
  * resolved: when we can't parse a packet, downgrade feature level
  * resolved: make feature level checks a bit more discriptive
  * resolved: never go below DNSSEC feature level in DNSSEC strict mode
  * resolved: improve log message when retrying a transaction with a different server
  * resolved: unify code for trying a different DNS server
  * Merge pull request #18624 from poettering/resolved-feature-level-tweak
  * Merge pull request #18616 from keszybz/argv-fuzzer-quick-fix
  * Merge pull request #18620 from bluca/mount_images_fixes
  * Merge pull request #18636 from poettering/resolved-different-server
  * test-tables: make sure we can test tables of either int or int64_t base type
  * sd-common: add new macro for forcing 64bit size for public enums
  * network: make use of SD_ENUM_FORCE_S64() for all public enums
  * man: make clear that sd-journal notifications always come with extra latency
  * Merge pull request #18631 from yuwata/sd-netlink-fix-assertions
  * Merge pull request #18601 from keszybz/env-assign-cleanup
  * Merge pull request #18007 from fw-strlen/ipv6_masq_and_dnat
  * resolved: include NSID support to DNS stub
  * resolved: address DVE-2018-0001
  * Merge pull request #18653 from yuwata/in-addr-prefix-nth
  * resolved: in DNSSEC permissive mode, check if DO bit wasn't copied from request to response
  * resolved: see if it's worth retrying a lookup on "failed-auxiliary" DNSSEC error
  * install: make UnitFileChangeType enum anonymous
  * portable: make PortableChangeType enum anonymous
  * Merge pull request #18640 from poettering/resolved-dnssec-retry-harder
  * resolved: enable TCP_FASTOPEN + TCP_NODELAY on stub TCP socket
  * resolved: also use TCP tweaks on LLMNR (plus unify setsockopt() code)
  * Merge pull request #18662 from yuwata/in-addr-is-set
  * hwdb: fix indentation
  * Merge pull request #18656 from yuwata/network-nexthop-tiny-cleanups
  * Merge pull request #18651 from poettering/einval-followup
  * Merge pull request #18596 from keszybz/systemctl-quiet-legend
  * networkd-test: reenable dnssec while testing
  * resolved: disable path MTU discovery for UDP traffic
  * resolved: collect incoming fragment size when receiving UDP datagrams
  * resolved: add udp_header_size() helper
  * resolved: tweak how we calculate MTU for sending packets
  * resolved: let's track fragment sizes of servers/retry on fragmenting
  * resolved: take fragment size into consideration when determining EDNS0 udp packet size
  * basic: add set_equal() helper
  * resolved: optimize change notification handling away if bus calls set the same values as were already set
  * network: suffix types with _t in public headers
  * network: tighten table alignment a bit
  * Merge pull request #18667 from poettering/resolved-change-notification
  * sd-device: don't compare pointers with numeric zero
  * Merge pull request #18664 from poettering/resolved-defrag
  * sd-device: add sd_device_get_action() + sd_device_get_seqnum() + sd_device_new_from_stat_rdev()
  * udevadm: after validating action, use our internal string instead of optarg
  * journald: when we fail to add a new entry to a journal, return the seqno
  * resolved: improve debug logging on incoming messages a bit
  * Merge pull request #18546 from poettering/sd-device-action
  * random-util: fix type of random_u64_range()
  * Merge pull request #18685 from poettering/network-type-tweaks
  * update TODO
  * limits-util: tweak overflow checks for (physical_memory|system_tasks)_max_scale()
  * tree-wide: parse permyriads wherever we can
  * main: let's use physical_memory_scale() where appropriate
  * util: move percent/permille/permyriad parser into percent-util.[ch]
  * percent-util: when parsing permyriads, permit percents too with 1 place after the dot
  * util: add some helpers for converting percent/permille/permyriad to parts of 2^32-1
  * tree-wide: port various pieces of code over to UINT32_SCALE_FROM_PERMYRIAD()
  * parse-util: add format string macro for outputting permyriad
  * core: use our usual UINT32_MAX scaling for OOMD limits
  * oomd: increase accuracy of SwapUsedLimit= to permyriads too
  * update NEWS
  * update NEWS
  * hwdb: whitespace fixes
  * Merge pull request #18694 from keszybz/links-and-syntax-highlighting
  * manager: taint systemd if cgroupsv1 is used
  * man: emphasize a bit more that PID files suck
  * fileio: extend comment about file sizes in virtual file systems
  * sd-bus: simplify sd_bus_reply()
  * systemctl: don't search in the full argv[0] for the invocation name
  * man: split out sd_bus_set_fd() man page from sd_bus_get_fd()
  * tree-wide: use sd_device_new_from_stat_rdev() whereever appropriate
  * cryptsetup: unescape ID_PART_ENTRY_NAME udev property before using it
  * man: correct documentaiton of StandardInput='s defaults in regards to "data"
  * docs: , → .
  * man: try to improve documentation of conditions/asserts
  * resolved: don't follow CNAMEs in the stub anymore
  * resolved: update comment in DNS stub code a bit
  * resolved: remove duplicate comment
  * resolved: add dns_resource_record_get_cname_target() helper
  * resolved: stick CNAME targets into main answer section in stub replies
  * resolved: actually use the specified rrsig argument
  * man: various improvements to systemd.generator(7)
  * resolved: fix minor memory leak
  * dissect-image: initially fds[] array fully
  * icmp6-util: add missing variable initialization
  * shared: fix memory leak in error path
  * resolved: don't dereference ->scope unless set
  * core: fix memory leak in error path
  * efi stub: accept it if our loaded image has no FilePath field set
  * bootspec: assume that the root dir is at the top of its file system
  * Merge pull request #18771 from yuwata/timedate-fix-set-local-rtc-18391
  * format-table: don't suppress trailing whitespace in first line
  * cgroup: don't generate BPF firewall unsupported warning on wrong unit
  * signal-util: make -1 termination of ignore_signals() argument list unnecessary
  * env-util: fix parameter handling of parse_env_extension_hierarchies() + getenv_path_list()
  * namespace: return correct error code
  * bus-unit-util: don't validate partition designator client side
  * bus-unit-util: generate proper log message when we fail to parse properties
  * update TODO
  * Merge pull request #18798 from poettering/getenv-list-fixes
  * missing_syscall: add epoll_pwait2() wrapper
  * sd-event: make use of epoll_pwait2() for greater time accuracy
  * update TODO
  * man: fix indentation of example
  * man: be more explicit about network-online.target and consuming services of other hosts
  * man: say explicitly that network.target should give the guarantee that synthetic network interfaces have been created
  * Merge pull request #18801 from keszybz/small-documentation-updates
  * Merge pull request #18800 from poettering/network-target-more-doc
  * Merge pull request #18804 from poettering/epoll-wait2
  * udev: when btrfs.ko is not available consider btrfs filesystems not ready
  * copy: handle copy_file_range() weirdness on procfs/sysfs
  * test-signal-util: add test for signal_is_blocked()
  * btrfs-util: add helper that abstracts "might be btrfs subvol?" check
  * fs-util: use ERRNO_IS_NOT_SUPPORTED() at two more places where we can't be sure of the backing implementation
  * Merge pull request #18841 from keszybz/a-bunch-of-man-page-updates
  * path-util: add path_extract_directory(), to match path_extract_filename()
  * path-util: return O_DIRECTORY from path_extract_filename() when path ends in slash
  * machinectl: make sure of path_extract_filename() returning O_DIRECTORY
  * tmpfile: port tempfn_*() to path_extract_*()
  * util: add helpers for generating colored check mark glyphs from bools
  * time-util: simplify overflow check
  * fstab-generator: add new root=tmpfs option
  * fs-util: allow fsync_directory_of_file() on directories too
  * fs-util: handle gracefully if fsync_full() is called on block devices and such
  * fs-util: port open_parent() to path_extract_directory()
  * gpt: generalize validator for GPT partition labels
  * fs-util: when opening arbitrary inodes, better use O_NONBLOCK
  * rm-rf: fstatat() might fail if containing dir has limited access mode, patch that too
  * install: include OS headers before our own definition
  * Merge pull request #18840 from yuwata/libudev-monitor-tiny-cleanup
  * Merge pull request #18615 from xry111/private-ipc-1
  * fileio: minor read_full_stream_full() optimization
  * man: document how to use --network-interface= during boot
  * rm-rf: fix up chmod in the _cleanup_ rm_rf() destructors
  * run: tweak algorithm for generating unit name from dbus unique name
  * copy: simplify error paths when creating temporary files
  * copy: move sync_rights() to copy.c and rename copy_rights()
  * sysctl-util: use read_full_virtual_file() for reading sysctls
  * basic: move shared/sysctl-util.[ch] → basic/
  * socket-util: cache result of socket_ipv6_is_supported()
  * socket-util: add helper for checking if IPv6 is enabled
  * resolved: never return ::1 when localhost or local hostname is resolved while IPv6 is off in the kernel
  * socket-util: refuse "all" and "default" as valid ifnames
  * dns-query: export CNAME_MAX, so that we can use it in other files, too
  * resolved: tighten checks in dns_resource_record_get_cname_target()
  * resolved: handle multiple CNAME redirects in a single reply from upstream
  * resolved: split out helper that checks whether we shall reply with EDNS0 DO
  * resolved: fully follow CNAMEs in the DNS stub after all
  * resolved: when synthesizing stub replies from multiple upstream packet, let's avoid RR duplicates
  * Merge pull request #18891 from keszybz/size_t-cast-removal
  * Merge pull request #18924 from keszybz/homed-inotify-crash
  * Merge pull request #18921 from yuwata/seccomp-syscallfilter-18916
  * Merge pull request #18925 from keszybz/hwdb-news-syscalls-update
  * dissect-image: remove unnecessary parens
  * dissect-image: don#t mix two forms of stack allocation in one expression
  * format-table: simplify table_set_display_all() and keep it private
  * basic: tighten two filename length checks
  * efi-loader: make efi_loader_entry_name_valid() check a bit stricter
  * docs: document not to use FILENAME_MAX in our codebase
  * docs: reference NAME_MAX where we talk about filenames
  * fs-util: replace use of FILENAME_MAX by PATH_MAX in readlinkat_malloc()
  * mountpoint-util: replace our last use of FILENAME_MAX by PATH_MAX
  * test: output FILENAME_MAX vs. PATH_MAX sizes
  * fs-util: port symlink_idempotent() to path_extract_directory()
  * update TODO
  * socket-util: refuse ifnames with embedded '%' as invalid
  * update TODO
  * coredumpctl: fflush() stdout before invoking gdb
  * dissect-image: clean up meaning of DISSECT_IMAGE_MKDIR
  * dissect-image: fix volatile images
  * dissect: fix trivial typo
  * man: shorten list of partition types a bit
  * Merge pull request #18922 from yuwata/sd-event-fix-issue-18190
  * sd-event: add a simple test for checking the timeout parameter of sd_event_wait()
  * sd-event: fix error handling
  * resolved: add new helper dns_answer_min_ttl()
  * resolved: rebreak a few comments
  * resolved: use dns_answer_isempty() where appropriate
  * resolved: fix indentation
  * resolved: drop unnecessary local variable
  * resolved: take shortest TTL of all of RRs in answer as cache lifetime
  * resolved: let's tweak how we calculate TTL left
  * resolved: use DNS_ANSWER_MASK_SECTIONS where appropriate
  * resolved: show TTLs in answer dump
  * resolved: add helper for dumping DnsQuestion, similar to what we have for DnsAnswer
  * resolved: match CNAME replies to right question
  * resolved: don't flush answer RRs on CNAME redirect too early
  * dissect-image: support images without rootfs but with /usr/
  * tree-wide: make use of DISSECT_IMAGE_USR_NO_ROOT in various tools
  * dissect-image: do an strverscmp() on the partition label of root/usr if multiple exist
  * dissect-image: extend comment on returned errors a bit
  * dissect-image: split DISSECT_IMAGE_REQUIRE_ROOT in two
  * execute: drop DissectImageFlags parameter from namespace_setup()
  * dissect: don't insist on a root/usr partition when just inspecting
  * dissect: show partition label in table
  * doc: mention that choosing root/usr partitions by strverscmp() on the partition label is OK
  * update TODO
  * journald: use log_warning_errno() where appropriate
  * journald: restore syslog priority *with* facility bits for stream connections when restarting journald
  * Merge pull request #19022 from poettering/journal-dont-lose-facility
  * Merge pull request #19009 from poettering/one-more-cname-fix
  * hwdb: ninja update-hwdb-autosuspend
  * hwdb: ninja update-hwdb
  * meson.build: bump version of libudev
  * mailmap: merge Weblate bot commiter into one
  * tools: exclude Weblate bot from "ninja git-contrib"
  * update NEWS for rc4
  * update TODO
  * tree-wide: use read_full_virtual_file() where appropriate
  * systemctl: pecify read_full_file() size argument as NULL
  * fileio: don't use realloc() in read_full_virtual_file()
  * fileio: add missing overflow checks to read_full_virtual_file()
  * Merge pull request #19031 from poettering/hwdb-248
  * Merge pull request #19034 from poettering/read-virtual-file-fix
  * Merge pull request #19011 from anitazha/pgscanrate
  * homepage: fix year in footer to 2021
  * repart: make sure to grow partition table after growing backing loopback file
  * blockdev-util: fix access to possibly invalidated dirent struct
  * resolved: propagate correct error variable
  * resolved: don't accept responses to query unless they completely answer our questions
  * update TODO
  * update TODO
  * update TODO
  * blockdev-util: actually specify an access mode on open()
  * repart: remove spurious empty double newlines
  * resolved: don't suppress OPT if we have no OPT
  * resolved: upgrade log level to LOG_NOTICE if we switch to fallback server (or back)
  * resolved: pass mDNS reply packets to each transaction exactly once
  * resolved: tweak sections we add answer RRs to
  * resolved: split dns_query_process_cname() into two separate functions
  * resolved: rework CNAME logic a bit more
  * resolved: don't mention confusing server switch on server-less protocols
  * resolved: use random_u64_range() for randomizing initial transaction jitter
  * resolved: mention transaction ID in jitter log message
  * resolved: reset initial_jitter_elapsed properly
  * resolved: use sd_event_add_time_relative() where appropriate
  * test-namespace: drop spurious double new line
  * mountpoint-util: a symlink is never a mount point
  * mountpoint-util: rebreak some comments
  * mount-until: make sure we'll exit bind_remount_recursive_with_mountinfo() loop eventually
  * path: drop simplification of path in bind_remount_recursive_with_mountinfo()
  * mount-util: reorder a few things
  * mount-util: shortcut things after generating top-level bind mount
  * mount-util: extend comment a bit, mention that we aren't atomic in behaviour
  * mount-util: store mount flags in "todo" list in + handle submounts gracefully
  * mount-util: fold what we need from get_mount_flags() bind_remount_one_with_mountinfo()
  * mount-util: handle remount failures gracefully if flags already match
  * mount-util: generate failure if bind_remount_one_with_mountinfo() is called on non-existing path
  * test: add test for bind_remount_recursive()
  * test: add explicit test for bind_remount_one_with_mountinfo()
  * util: add creds-util.[ch] with helpers for dealing with credentials
  * core: allow omitting second part of LoadCredentials= argument
  * core: when inheriting credentials from manager to service, make missing creds graceful
  * sysusers: read passwords from the credentials logic
  * units: make sure to query console settings before we apply them
  * firstboot: slightly reorder variable declaration
  * firstboot: allow provisioning of firstboot params via creds too
  * man: document in nspawn docs how to make use of the new firstboot/sysusers features
  * ask-password: when querying for a password, try to read from credential store first
  * update TODO
  * resolved: tweak how we signal authoritative answers
  * Merge pull request #19131 from keszybz/resolvectl-warn-less
  * NEWS: prep release date
  * Merge pull request #19157 from keszybz/read-medium-sized-virtual-file
  * Merge pull request #18971 from poettering/sysusers-creds
  * machine-id-setup: support --image= mode
  * repart: make sure CopyFiles= works with a / suffixed path
  * dissect: make the --image= switch of our various tools honour Verity data
  * Merge pull request #19101 from poettering/mount-util-fixes
  * shared: add new IMAGE_VERSION=/IMAGE_ID= field to /etc/os-release
  * update
  * recovery-key: add some extra asserts
  * tpm2-util: properly load tpm2 libraries befre unsealing
  * proc-cmdline: allow backslash escapes when parsing /proc/cmdline
  * mkosi: work-around to make systemd build in Fedora images that lack populated /etc
  * docs: document native journal protocol
  * man: link up new journal protocol docs
  * locale-util: make SpecialGlyph more like our usual enums
  * core: rework unit_active_state_to_glyph() to use a translation table
  * sd-device: fix error code returned by sd_device_get_sysattr_value() for non-existing attributes
  * openssl: make RSA struct const
  * resolved: add RFC 8375 "home.arpa" to list of default NTA
  * Merge pull request #18701 from bugaevc/mdns-unicast
  * update TODO
  * core: drop pointless assert()
  * core: use UNIT_TRIGGER at more places
  * repart: fix incorrect error code propagation
  * repart: port more code to generic path_simplify_and_warn()
  * dissect: split read-only flag into two
  * repart: move NOP destructors into shared code
  * repart: slightly improve error message if partition is not on dm-crypt/dm-verity
  * repart: add --image= switch
  * repart: when we can't fit in all partitions explain how large the image would have to be
  * repart: add one more overflow check
  * repart: handle DISCARD failing with EBUSY gracefully
  * repart: deal with empty partition label sensibly
  * repart: use free_and_strdup_warn() where appropriate
  * repart: add high-level setting for creating dirs in formatted file systems
  * loop-util: store device major/minor in LoopDevice object
  * gpt: add some simple helpers for categorizing GPT partition types
  * repart: add CopyBlocks=auto support
  * repart: add new ReadOnly= and Flags= settings for repart dropins
  * dissect: ext4 and loopback files are unimpressed by read-only access
  * test: add test for new repart features
  * update TODO
  * Merge pull request #19096 from poettering/repart-features
  * mount-util: make umount_and_rmdir_and_freep() cleanup handler deal with NULL
  * update TODO
  * sd-device: use right type for usec_initialized
  * sd-device: use right clock when comparing initialization usec
  * loop-util: make loop_device_make() return fd in all code paths
  * loop-util: port to random_u64_range()
  * loop-util: initialize .devno in loop_device_open() too
  * loop-util: read kernel's uevent seqnum right before attaching a loopback device
  * dissect: ignore old uevents when waiting for loopback partition scan
  * sd-device: add API to query from when a udev database entry is
  * loop-util: track CLOCK_MONOTONIC timestamp immediately before attaching a loopback device
  * dissect: ignore udev database entries from before the loopback attachment
  * ci: drop test/TEST-50-DISSECT/deny-list-ubuntu-ci
  * fstab-generator: if usr= is specified, mount it to /sysusr/usr/ first
  * fstab-generator: extend logging a bit
  * fstab-generator: properly order generated mount units before "post" target units
  * repart: try harder to find OS prefix
  * repart: use /sysusr/ as --root= default in initrd, if mounted
  * units: change order of settings to match order in other similar unit
  * man: document new initrd-usr-fs.target
  * Merge pull request #19368 from poettering/loop-seqnum
  * Merge pull request #19372 from poettering/repart-initrd-usr-begin
  * Merge pull request #19371 from poettering/repart-initrd-usr-only
  * units: fix repart conditions to run if definitions exist in /sysroot + /sysusr
  * generator: exit early when asked to generate fsck unit for / and /usr in initrd
  * generator: explain why systemd-root-fsck.service exists in a comment
  * generator: write out special systemd-fsck-usr.service
  * Merge pull request #19381 from poettering/generator-tweaks
  * update TODO
  * Merge pull request #19365 from keszybz/sd_id128_equals
  * Merge pull request #19271 from yuwata/dhcp-duid-uuid
  * man: --add was renamed --copy-to when it was merged, fix man page reference to it
  * doc: verity partitions may only contain Verity data (fix copypasta)
  * doc: slightly reorder/improve partition type table
  * repart: prefix the correct path with root dir in log output
  * repart: don't use basename() when we called path_extract_filename() anyway already
  * repart: don't try to extract directory of root dir when copying directories
  * gpt: we actually honour the ReadOnly= flag on XBOOTLDR partitions too
  * dissect-image: prefer PARTN= uevent property over "partition" sysfs attr
  * dissect: fix two minor typos in comments
  * Merge pull request #19336 from pdmorrow/reloading_restart
  * Merge pull request #19124 from takaswie/topic/fw-audio-entries
  * local-addresses: add helper for determining local "outbound" IP addresses
  * nss-myhostname: expose the "outbound" IP addresses under the synthetic "_outbound" hostname
  * resolved: synthesize _outbound magic hostname here too
  * man: document _outbound
  * fstab-generator: clean up mount point flags handling
  * dissect: look for new GPT partition flag marking partitions for growing
  * dissect: show growfs flag in systemd-dissect table output
  * dissect-image: optionally, grow file systems on mount
  * dissect: enable growfs by default, but make it configurable
  * tree-wide: enable automatic growing of file systems in images in various tools that deal with OS images
  * repart: add GrowFileSystem= setting to set new GPT partition flag for newly created partitions
  * man: document the new grow-file-system flag
  * gpt-auto-generator: pull in systemd-growfs@.service if new GPT growfs partition flag is set
  * update TODO
  * test: use systemd-run -P instead of -t in TEST-50
  * homectl: don't use cached passwords when re-requesting password because wrong
  * homectl: don't use password cache if we operate on other user
  * homectl: pick up cached/credential store/env var passwords *before* issuing first request
  * Merge pull request #19411 from poettering/homectl-fixes
  * logind: use new sd_device_trigger() API
  * dissect-image: use sd_device_trigger() API
  * Merge pull request #19446 from poettering/logind-trigger-new
  * Merge pull request #19316 from keszybz/mkosi-f34
  * missing: add syscall wrappers for new mount API
  * docs: document that one shouldn't pass the audit caps to containers
  * Merge pull request #19441 from keszybz/riscv-syscall-lists
  * Merge pull request #19374 from yuwata/network-dhcp-routes-to-ntp
  * id128-util: use common implementation of helper to get/validate product ID
  * hostnamed: retrieve product UUID after authentication, not before
  * hostnamed: use byte array when we need a byte array
  * hostnamed: refactor vendor/model querying a bit, reuse function
  * hostnamed: split out how we determine the hostname a bit
  * hostnamed: drop unused enums
  * hostnamed: add Describe() call to hostnamed, returning all props a JSON
  * hostnamectl: add --json= switch for JSON output
  * man: document new dbus method
  * Merge pull request #19451 from poettering/hostnamed-json
  * Merge pull request #19458 from yuwata/network-route-remove
  * Merge pull request #19403 from nmeyerhans/dmi-entries
  * selinux: use mallocinfo2() if it exists
  * update TODO
  * userdb: count NSS records too
  * userdb: remove unnecesary repeated if check
  * userdb: add missing 'else'
  * userdb: fix typo in comment
  * userdb: honour USERDB_AVOID_SHADOW flag also when iterating
  * Merge pull request #19527 from poettering/userdb-fixes
  * user-util: add generic definition for special password hash values in /etc/passwd + /etc/shadow
  * Merge pull request #19523 from bluca/coredump_meta_fixes
  * nss-systemd: reset the right field
  * nspawn: fix the sections .nspawn settings are placed in
  * string-util: add strextendf() helper, that allows extending some allocated string via a format string
  * nss-systemd: properly handle empty membership lists
  * Merge pull request #19531 from poettering/nss-systemd-fixes
  * fileio: optionally, return discovered path of file in search_and_fopen()
  * userdbd: reverse which path is a socket and which a symlink
  * nss-systemd: make llvm work-around for used _cleanup_ explicit
  * Merge pull request #18863 from keszybz/cmdline-escaping
  * userdb: rename userdb lookup flags a bit
  * userdb: add new flag for excluding varlink data in lookups
  * userdbd: simplify logic for generating NSS listings
  * nspawn: add high-level option for identity userns mapping
  * nspawn: replace boolean --private-user-chown by enum
  * mount-util: add helper that ensures something is a mount point
  * process-util: add option for cloning with CLONE_NEWUSER
  * nspawn: tighten userns UID shift/range checks
  * mount-util: add a helper that can add an idmap to an existing mount
  * dissect-image: add support for optionally mounting images with idmapping on
  * nspawn: drop an unnecessary local variable
  * nspawn: introduce --private-users-ownership=map|auto
  * man: document new nspawn ID mapping mounts features
  * bash: update shell completion for new nspawn option
  * update TODO
  * Merge pull request #19538 from poettering/userdbd-simplify-nss-listing
  * Merge pull request #19438 from poettering/nspawn-uidmap
  * nss-systemd: set USERDB_SUPPRESS_SHADOW flag when looking up user records
  * nss-systemd: synthesize NSS shadow/gshadow records from userdb, as well
  * Merge pull request #19545 from poettering/nss-systemd-shadow
  * userdb: optionally read user/group/membership "dropins", too
  * userdbd: also listen on a varlink socket io.systemd.DropIn
  * man: update nss-systemd documentation with new features
  * man: document new userdbd features
  * docs: link info about static user/group drop-in files from the relevant specs
  * Merge pull request #19548 from poettering/userdb-dropin
  * userdbctl: add two new switches --with-dropin=/--with-varlink=
  * man: document new userdbctl features
  * userdb: return ESRCH if we didn't find a single varlink service
  * userdb: initialize .synthesize_root/.synthesize_nobody in generic code
  * Merge pull request #19568 from poettering/userdbctl-dropin
  * Merge pull request #19570 from poettering/userdb-followup-fixlets
  * hwdb: remove trailing whitespace
  * man: remove some trailing whitespace
  * test-user-util: fix line break confusion
  * bootctl: extend --make-machine-id-directory= documentation a bit
  * unit-def: ensure UnitType enum fits any errno value
  * socket-bind: use lowercase "ipv4"/"ipv6" spelling
  * af-list: add helpers mapping AF_INET/AF_INET6 to "ipv4"/"ipv6"
  * tree-wide: use af_to_ipv4_ipv6() + af_from_ipv4_ipv6() helpers at various places
  * tree-wide: move variables to innermost scope
  * cgroup: drop explicit NULL comparisons
  * Revert "varlink: avoid using dangling ref in varlink_close_unref()"
  * core: don't accidentally unref a varlink connection twice
  * netlink,network: drop "const" from opaque object parameters in supposed-to-be-public APIs
  * Merge pull request #19581 from yuwata/specifier-refuse-too-long-results
  * pam: fix typo try_authtok → use_authtok
  * resolved: be more careful with weird links with low MTUs
  * Merge pull request #19609 from keszybz/networkd-dhcp-man
  * Merge pull request #19608 from keszybz/resolved-pahole
  * alloc-util: introduce MALLOC_SIZEOF_SAFE() helper
  * alloc-util: add MALLOC_ELEMENTSOF() helper
  * alloc-util: simplify GREEDY_REALLOC() logic by relying on malloc_usable_size()
  * terminal-util: add debug logging for when TTY ioctls fail
  * terminal-util: add extra validity checks that we operate on a TTY before doing so
  * terminal-util: use _cleanup_close_ where appropriate
  * core: use GID_INVALID instead of -1 where appropriate
  * execute: don't chown/chmod non-TTY inodes thinking they were TTYs
  * user-record: optionally, allow parsing empty user record JSON objects
  * nspawn: export userns_mkdir() + userns_lchown() so that it can be used elsewhere in nspawn
  * nspawn: add new --bind-user= option for binding a host user into the container
  * man: document new nspawn --bind-user= feature
  * terminal: don't hardcode major number of PTYs
  * systemctl: re-align colon in status output
  * Merge pull request #19656 from yuwata/network-trivial-cleanups
  * Merge pull request #19603 from yuwata/network-link-get-by-name
  * Merge pull request #19653 from poettering/greedy-realloc-more
  * Merge pull request #19662 from yuwata/memdup
  * Merge pull request #19591 from poettering/terminal-fixes
  * Merge pull request #19555 from poettering/nspawn-bind-user
  * Merge pull request #19605 from yuwata/network-fdb-outgoing-interface
  * Merge pull request #19551 from cgzones/fix_reload
  * fileio: make return parameters of read_virtual_file() optional
  * Merge pull request #19647 from ddstreet/test-oomd-failure
  * Merge pull request #19672 from yuwata/strextend
  * Merge pull request #19676 from bluca/coverity
  * sd-device: use strjoina() more again in sd_device_new_from_subsystem_sysname()
  * fileio: if we try to read a file larger than SIZE_MAX this is not a problem if a max_size is specified
  * fileio: read_virtual_file(): exit once the max_size limit is reached
  * fileio: fix typo in comment
  * fileio: read_virtual_file() don't tweak buffer for returning it when we aren't returning it
  * test-fileio: fix confusing log output
  * test-fileio: run read_virtual_file() for a couple of more interesting sizes
  * fileio: read_virtual_file(): on last attempt ignore file size
  * units: make sure importd has CAP_LINUX_IMMUTABLE flag
  * sleep: introduce high-level SleepOperation enum
  * sleep: use SleepOperation enum everywhere and drop sleep_settings()
  * sleep: can_sleep_state() + can_sleep_disk() don#t return plain booleans
  * sleep: don't check for EADV
  * sleep: remove duplicate logging
  * sleep: if hybrid sleep fails, do regular suspend
  * sleep: clarify that failure setting env var is not fatal
  * Merge pull request #19693 from poettering/sleep-tweaks
  * Merge pull request #19686 from keszybz/os-release-modernization-and-examples
  * hashmap: add helper to test if iterator is still at beginning
  * core: split dependency types into atoms
  * core: rebreak a few comments
  * test-engine: extend engine test
  * core: add UNIT_GET_SLICE() helper
  * core: convert Slice= into a proper dependency (and add a back dependency)
  * core: hide cgroup fields in unit_dump() for non-cgroup unit types
  * core: add a reverse dep for OnFailure=
  * core: add new PropagateStopTo= dependency (and inverse)
  * core: use StopPropagatedFrom= as default for .mount → .device unit dependencies
  * core: add new OnSuccess= dependency type
  * core: implement Uphold= dependency type
  * core: order reverse dep table in same way as enum
  * core: make unneeded check a bit tighter
  * core: change BoundBy= dependency handling to be processed by a deferred work queue
  * core: reorder where we add units to queues in unit_notify()
  * test-engine: ensure atom bits are properly packed
  * test: add test for OnSuccess= + Uphold= + PropagatesStopTo= + BindsTo=
  * Merge pull request #19705 from bluca/bpf_dlopen
  * loginctl: kill calling user when invoked with empty string
  * man: documet that loginctl {terminate|kill}-{session|user} take the empty string, optionally
  * Merge pull request #19322 from poettering/dep-split
  * core: align path inotify mask table a bit
  * core: log about all errors in path_spec_watch()
  * core: optimize loop in path_spec_fd_event()
  * core: watch paths with symlinks in .path units
  * tpm2: support "+" as separator for TPM PCR lists
  * tpm2-util: accept empty string for empty PCR list
  * test: add simple test for PCR list parsing
  * load-fragment: validate paths properly
  * README: drop reference to Kinvolk
  * networkd: add bus property exposing network namepace ID we run in
  * networkctl: politely refuse being called from a different netns than the networkd instance we talk to
  * man: explicit say for priority/weight values whether more is more or less
  * man: try to clarify that nss-mymachines does not provide name resolution outside its own scope
  * man: document udevadm info output prefixes
  * hexdecoct: make return parameters of unbase64mem() and unhexmem() optional
  * sysusers: add a generic specifier table for common cases
  * repart: resolve $TMP specifiers too
  * core: support specifier expansion in DefaultEnvironment= and ManagerEnvironment=
  * Merge pull request #19729 from poettering/networkctl-netns-check
  * man: fix list of escaped characters in unit names
  * Merge pull request #19737 from poettering/default-specifiers-env
  * update TODO
  * man: document that it is guaranteed that generated ID128 are never all-zero or all-one
  * sd-device: add API for triggering synthetic uevents with UUID
  * udevadm: make use of the new uuid-enabled triggering for "udevadm trigger"
  * hash-func: change value type of string_hash_ops_free_free to void*
  * path-util: add path_extend(), inspired by strextend(), but using path_join()
  * tree-wide: make use of path_extend() at many places
  * Merge pull request #19485 from yuwata/path-util
  * cryptenroll: handle FIDO2 tokens gracefully that lack requested features
  * fido2: make misadvertised clientPin feature fatal
  * fido2: properly handle case when no PINs are specified during auth
  * cryptsetup: revert to systemd 248 up/pin/uv FIDO2 settings when we don't have LUKS2 JSON data telling us the precise configuration
  * man: document that FIDO2 uv/up/clientPin feature support is now handled gracefully
  * Merge pull request #19756 from poettering/fido2-enroll-tweaks
  * fido2: add emoji to log message whenever "up" or "uv" is requested
  * cryptenroll: remove a tiny bit of whitespace
  * udevadm: output trigger UUID in UUID format, instead of ID128
  * Merge pull request #17096 from eworm-de/ask-password
  * homectl: store FIDO2 up/uv/clientPin fields in user records too
  * userdb: make most loading of JSON user record data "permissive"
  * homework: fix return codes when using fido2/pkcs11 cached passwords
  * homework: make libcryptsetup dep runtime optional
  * homework: only default to LUKS storage if libcryptsetup is installed
  * cryptsetup: implicitly set global log functions when loading libcryptsetup dynamically
  * cryptsetup: explicitl set default log functions wherever needed
  * dissect: the libcryptsetup code for Verity crypt_device objects too
  * Merge pull request #19768 from poettering/homectl-fido2-lock-with
  * cryptsetup: if TPM2 support is not compiled in, fallback to non-TPM2 mode gracefully
  * cryptsetup: don't bother waiting for TPM2 devices if we are on EFI and EFI says there is no TPM2 device
  * cryptsetup: add missing error branch
  * logind-dbus: correctly calculate when to create /etc/nologin file in all cases
  * Merge pull request #19774 from poettering/tpm2-tweaks
  * dissect: if dissecting without udev, don't look for usec timestamp on db record
  * unit-name: generate a clear error code when converting an overly long fs path to a unit name
  * core: when looping over mount/swap names, continue if we find one which doesn't translate to a valid unit name
  * mount: be more descriptive when logging about overly long mount point paths
  * ask-password: make password echo fully configurable
  * ask-password: default to a different prompt than "Password:" if the echo is on
  * ask-password: once we hit the message argument, don't process switches anymore
  * test-capability: skip tests that need CAP_NET_RAW if cap is not passed
  * test-seccomp: tighten privilege check before seccomp()
  * test: tweak privilege tests for two more tests
  * test: add a 'static' on a global variable we don't actually export
  * Merge pull request #19800 from poettering/podman-test
  * pid1: make device_process_new() return void
  * pid1: shorten code a bit
  * pid1: make return value of device_remove_old() void too
  * pid1: reduce log noise generated by devices with overly long sysfs paths
  * pid1: properly propagate errors from device_setup_unit()
  * pid1: eat up errors in device_update_found_by_name()
  * pid1: downgrade if we can't make sense of the old device on MOVE uevent
  * pid1: make swap_process_new() void
  * pid1: don't choke on overly long device paths
  * Merge pull request #19806 from poettering/ask-pw-asterisk
  * NEWS: start putting together NEWS for v249
  * Merge pull request #19801 from poettering/device-unit-name-length
  * NEWS: more preparation for v249
  * more 249 NEWS work
  * docs: use uppercase letters in title
  * test: don't expect that clone() always makes it to the kernel
  * Merge pull request #19820 from yuwata/udev-node-fix-hashed-path
  * udevadm: fix --tag-match help + description
  * Merge pull request #19817 from keszybz/switch-root-serialization
  * Merge pull request #19166 from bluca/coredump_compress_on_the_fly
  * bpf-firewall: move destruction of IP firewall objects to bpf-firewall.c
  * bpf: various coding style fixes
  * core: rename socket-bind.[ch] → bpf-socket-bind.[ch]
  * bpf-link: prefix function names with "bpf_"
  * bpf-program: use structured initialization when allocating BPFProgram objects
  * bpf-program: export hash_ops for BPFProgam objects
  * bpf-program: serialize attached BPF programs across daemon reexec/reload
  * bpf-program: document BPFProgram a bit
  * bpf-firewall: close gap when updating the firewall
  * journald: when journald namespace instances log, they can do so safely to the main journald instance
  * journal: add some careful overflow checking
  * journal: use free_and_strdup() where appropriate
  * journal: as per coding style don't clobber return parameters in sd_journal_get_cutoff_monotonic_usec() on failure
  * journal: make return parameters for sd_journal_enumerate_unique() optional
  * journal: remove an unnecessary 'else'
  * journal: don't try to reuse already calculated hash between files with keyed hash feature
  * Merge pull request #19851 from poettering/bpf-firewall-tweaks
  * update NEWS
  * syscalls: run ninja update-syscall-*
  * hwdb: run ninja update-hwdb-autosuspend
  * hwdb: run ninja hwdb-update
  * seccomp: add some recently added syscalls to filter groups
  * Merge pull request #19854 from poettering/journal-enum-uniq-fix
  * Merge pull request #19861 from poettering/hwdb-249
  * sd-event: change ordering of pending/ratelimited events
  * Merge pull request #19867 from yuwata/ether-addr-util
  * Merge pull request #19863 from keszybz/coverity-drop-unitialized-workarounds
  * Merge pull request #19857 from yuwata/tmpfile-fix
  * fileio: bump limit for read_full_file() and friends to 64M
  * cryptsetup: improve error message when key files to load are too large
  * Merge pull request #19878 from poettering/large-key-file-cryptsetup
  * update TODO
  * repart: align all sizes in table to the right
  * repart: show partitions we don't grow/create as "unchanged"
  * sd-id128: document everywhere that we treat all UUIDs as Variant 1
  * update TODO
  * seccomp: drop quotactl_path() again from filter sets
  * hwbd: run "ninja -C build update-hwdb" again
  * meson: bump version for 249-rc1 release
  * Merge pull request #19943 from poettering/v249rc1-rep
  * Merge pull request #19896 from keszybz/systemd-efi-options-hint
  * Merge pull request #19942 from wat-ze-hex/socket-bind-ip-proto-2021-06-10
  * update TODO
  * path-util: make path_equal() an inline wrapper around path_compare()
  * repart: make No-Auto GPT partition flag configurable too
  * cryptenroll: fix minor typo in --help (#19985)
  * Merge pull request #19986 from keszybz/test-mount-util-more
  * ask-password: add "-n" switch for disabling trailing newline
  * openssl-util: include the headers the file actually uses definitions from
  * sd-journal: add missing bracket in journal verify log message
  * Merge pull request #20001 from keszybz/test-path-simplify-less
  * tree-wide: make specifier expansion --root= aware
  * Revert "core: do not set noexec on sysfs/procfs"
  * Revert "login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set"
  * Revert "rules: ubi mtd - add link to named partitions"
  * NEWS: update for imminent v249-rc3 tag
  * wait-online: improve timeout log message
  * coredumpctl: show --help text if "coredumpctl help" is called
  * udev: when booting without root= specification, and searching a root partition actually do the version comparison magic
  * hashmap: make sure hashmap_get_strv()+set_get_strv() work with a NULL object
  * mkosi: initialize /usr/lib/os-release' IMAGE_ID + IMAGE_VERSION fields from build
  * update TODO
  * Revert "Add systemd-resolve backwards compatibility section to resolvectl docs"
  * process-util: explicitly handle processes lacking parents in get_process_ppid()
  * sd-id128: make sure sd_id128_get_machine_app_specific() logic also works without "khash"
  * blockdev-util: add fd-based flavour of get_block_device()
  * fs-util: add fd-based flavour of path_is_encrypted()
  * chattr-util: generalize chattr manipulation for files with secrets from journalctl
  * fileio: optionally allow interpreting file size as limit
  * hexdecoct: optionally, line break base64 encoded data
  * util: move src/basic/creds-util.[ch] → src/shared/
  * creds-util: add infra for encrypting/decrypting credentials
  * creds: add a new tool for listing/showing/encrypting/decrypting credentials
  * pid1: add support for encrypted credentials
  * test: extend credentials test to cover encrypted credentials
  * man: add man page for "systemd-creds"
  * man: document the new (Load|Set)CredentialEncrypted= settings
  * update TODO
  * repart: don't prefix /sysroot/ twice
  * repart: drop spurious whitespace
  * fs-util: make sure fsync_directory_of_file() does something useful on O_PATH fds
  * fs-util: add API for fsync()ing parent dir of path
  * fs-util: add fsync_path_and_parent_at()
  * fs-util: teach syncfs_path() handle with empty path argument
  * format-table: add cell type for "mode_t" values
  * format-table: add cell type for outputting 64bit values in hex
  * format-table: teach table_hide_column_from_display() to accept multiple arguments
  * signal-util: add helper pop_pending_signal()
  * copy: port over to pop_pending_signal()
  * repart: when we can't fit the partitions in, report needed disk size current disk size
  * Merge pull request #19995 from poettering/cred-tool
  * Merge pull request #20163 from poettering/repart-root-fix
  * conf-files: rename return parameters ret_xyz
  * path-util: make path_compare() accept NULL
  * blockdev-util: add fd-based APIs for getting backing block device for file
  * dirent-util: no need to bother with fstatat() for "." and ".." to figure out if these are dirs
  * seccomp: drop getrandom() from @system-service
  * seccomp: move sched_getaffinity() from @system-service to @default
  * update TODO
  * Revert "Make oom_score_adjust_is_valid() static"
  * parse-util: use oom_score_adjust_is_valid() at one more place
  * sd-bus: fix indentation in macros
  * sd-bus: add brief inline comment explaining the "reserved" field in the bus vtable structure
  * Merge pull request #20339 from poettering/bus-vtable-indent-fix
  * Merge pull request #20337 from poettering/oom-adj-fix
  * alloc-util: drop double eval from free_and_replace()
  * xdg-autostart-service: rely on the new double-eval-free free_and_replace()
  * main: fix type confusion in do_reexecute()
  * macro: relax CONST_MAX() type check a tiny bit
  * macro: sizeof() returns size_t, and that's good
  * macro: change DECIMAL_STR_WIDTH() return type to size_t, like strlen() and so on
  * rm-rf: refactor rm_rf_children(), split out body of directory iteration loop
  * glyph-util: add three more emojis to emoji list
  * util: add one more helper for generating colored check mark glyphs
  * import-util: tweak url patching helper
  * test: add simple test for import-util
  * bootctl: tweak "bootctl update" to be a NOP when boot loader is already current and --graceful is given
  * boot: optionally update sd-boot on boot
  * update TODO
  * tpm2-util: auto-detect supported PCR banks
  * Merge pull request #20170 from poettering/moar-glyphs
  * Merge pull request #20172 from poettering/import-util-tweaks
  * Merge pull request #20121 from poettering/bootctl-auto
  * signal-util: fix typo
  * cryptsetup: unbreak CI build
  * copy: move to single clean-up path
  * copy: tighten destination checks when copying files
  * copy: optionally fsync() files after copying them
  * copy: add COPY_SYNCFS flag
  * copy: add COPY_SIGTERM, matching the existing COPY_SIGINT
  * btrfs-util: expose COPY_SIGTERM for btrfs_snapshot() too
  * Merge pull request #19959 from yuwata/udev-reduce-loop
  * memory-util: add mempmem_safe()
  * tree-wide: use memmem_safe()
  * update TODO
  * core: don't go to disk for masked unit state if we know it anyway
  * alloc-util: make mfree() typesafe
  * Merge pull request #20079 from maanyagoenka/img-support
  * Merge pull request #20419 from keszybz/setenv-no-value
  * Merge pull request #20418 from yuwata/hostnamed-fix-20417
  * Merge pull request #20199 from ddstreet/unit_cgroup_catchup
  * Merge pull request #20350 from medhefgo/boot
  * Merge pull request #20233 from maanyagoenka/log-error
  * Merge pull request #20438 from medhefgo/boot
  * shared: add generic helper tools for installing files/dir trees
  * import: add new "--direct" mode + add controls for turning certain features on/off
  * pull: add --direct mode + make various eatures optional + explicit checksum verification
  * import-fs: make various options controllable via cmdline/env var
  * docs: document how to turn off btrfs quota support in importd
  * import: drop some now unused functions from import-common.c
  * Merge pull request #20420 from poettering/import-beef-up
  * env-util: add unsetenv_erase() helper
  * Merge pull request #20281 from bluca/ext_release_naming
  * Merge pull request #20448 from medhefgo/boot
  * discover-image: pass the right fd to fd_getcrtime()
  * stdio-util: give snprintf_ok() some love
  * fd-util: add macro for generating /proc/self/fd/ paths on the fly
  * test: add test for FORMAT_PROC_FD_PATH()
  * tree-wide: port things over to FORMAT_PROC_FD_PATH()
  * Merge pull request #19797 from oniko/systemd-fido2-pkcs11-plugins
  * Merge pull request #18385 from kinvolk/mauricio/restrict-network-interfaces
  * man: re-run ninja -C update-man-rules
  * man: document SD_ID128_ALLF
  * man: reference getrandom(2) instead of urandom from sd_id128_randomize() page
  * sd-id128: add compound literal love to sd_id128_to_string() + id128_to_uuid_string()
  * tree-wide: port everything over to new sd-id128 compund literal bliss
  * Merge pull request #20490 from poettering/id128-format-compound-literal
  * Merge pull request #20488 from yuwata/timesync-fix
  * Merge pull request #20421 from maanyagoenka/systemd-security
  * import: turn off weird protocols in curl
  * import: allow file:// in addition to HTTP(S)
  * import: when completed, say how many bytes we wrote/acquired
  * import: enable sparse file writing logic only for files we create
  * import: don't attempt full-file clones if we only are supposed to write a part of the file
  * import-fs: create paren dirs in --direct mode too
  * test: split out macro tests into own test-macro.c
  * macro: handle overflow in ALIGN_TO() somewhat reasonably
  * json: rework JSON_BUILD_XYZ() macros to use compound literals instead of compound statements
  * homed: always align home file systems to 4K boundaries
  * update TODO
  * Revert "core: Add information on which condition failed to job skipped format string"
  * Merge pull request #20547 from poettering/home-4k
  * core: Unit's condition_result field is a boolean
  * update TODO
  * run/mount/systemctl: don't fork off PolicyKit/ask-pw agent when in --user mode
  * exec-util: handle gracefully if we want to fork an agent but have no controlling tty
  * hwdb: remove double empty line in --help text
  * homed: add missing capabilities for SMB/CIFS backend
  * homed: make sure to use right asssesors for GID + access mode
  * homed: fix log message referring to fsck, when we actually mean mount
  * homed: add missing SYNTHETIC_ERRNO()
  * homed: remove misplaced assert()
  * Merge pull request #20592 from poettering/homed-fix-smb
  * update TODO
  * Merge pull request #20521 from DaanDeMeyer/analyze-condition-units
  * Merge pull request #20537 from yuwata/sd-netlink-more-attributes
  * Merge pull request #20575 from vcaputo/verify_field_object_hash
  * efi: make EFI_GUID generally constant
  * efi: drop spaces between function name and "("
  * nspawn: fix type to pass to connect()
  * format-table: allow to explicitly override JSON field names
  * Merge pull request #20527 from systemd/wip/hadess/usb-analysers-uaccess
  * Merge pull request #20465 from bluca/portable_validate_sysext
  * Merge pull request #20618 from yuwata/path-find-component
  * id128: clarify that the "well-known" IDs are about GPT partition types
  * dissect-image: rename verity flag booleans
  * dissect-image: rename dissected_image_has_verity()/_can_do_verity()
  * dissect-image: tighten assertion checks on verity data
  * dissect-image: also derive read-only mode from fstype in non-partitioned mode
  * dissect-image: refuse external verity data in partitioned mode
  * dissect-image: mangle discovered /usr/ partition data, even if we found a root partition
  * dissect-image: insist that the architecture matches if both root and /usr partitions are found
  * dissect-image: don't do generic root partition fallback if verity is requested for /usr
  * dissect-image: drop redundant check
  * dissect-image: tighten checks on root + /usr/ combinations
  * dissect-image: insist that if a verity partition designator is specified the partition exists
  * dissect-image: replace redundant if check by assert()
  * Merge pull request #20703 from poettering/gpt-dissect-tweaks
  * memory-util: replace memeqzero() by a more generic memeqbyte()
  * tpm2: support RSA primary keys as fallback if TPM2 devices don't support ECC
  * tpm2: check if PCR values make sense before using them
  * tpm2: log about invalid PCRs on each unsealing
  * update TODO
  * Merge pull request #20716 from poettering/tpm2-primary-rsa
  * escape: improve logging when escaping paths that are slightly non-conforming
  * Merge pull request #20713 from yuwata/udev-watch-retry
  * Merge pull request #20697 from yuwata/in-addr-prefix
  * man: extend documentation about TPM2 PCRs
  * watchdog: pass right error code to log function so that %m works
  * watchdog: add ", ignoring" to log messages about errors we ignore
  * fileio: lower maximum virtual file buffer size by one byte
  * fileio: set O_NOCTTY when reading virtual files
  * sysctl-util: rework sysctl_write() to wrap write_string_file()
  * sysctl-util: make sysctl_write_ip_property() a wrapper around sysctl_write()
  * sysctl-util: modernize sysctl_read() a bit
  * sysctl-util: make sysctl_read_ip_property() a wrapper around sysctl_read()
  * sysctl-util: per coding style, compare chars explicit against 0.
  * test: make array in test-sysctl fully read-only
  * test: add test case for sysctl-util.[ch]
  * Merge pull request #20746 from poettering/sysctl-rework
  * Merge pull request #20731 from a-wai/main
  * Merge pull request #20483 from medhefgo/boot
  * fileio: fix truncated read handling in read_virtual_file()
  * test-fileio: test read_virtual_file() with more files from /proc
  * Merge pull request #20763 from poettering/fileio-test
  * units: hookup systemd-boot-update.service
  * boot: invert if check, to reduce indentation level
  * boot: use cleanup-based file handle closing a bit more
  * boot: move TCG/TPM protocol definitions into missing_efi.h
  * boot: modernize measure.c
  * boot: ReallocatePool() supports NULL pointers as first argument
  * stub: use proper enums instead of hardcoded numeric indexes for identifying PE sections
  * stub: prepare section pointers in separate steps
  * Merge pull request #20790 from poettering/boot-fixes
  * mkosi: turn off qemu headless mode
  * update TODO
  * boot: add a way to indicate overflow in ALIGN_TO()
  * boot: add a bunch of new helper calls
  * boot: generalize sorting code
  * stub: when booting a kernel foo.efi then pack foo.efi.extra.d/*.{cred,raw} up as synthetic initrd
  * boot: stop making TPM PCR to measure kernel command line into configurable
  * boot: unify code that measures image options/kernel command line
  * stub: split out code that sets the various efi vars into function of its own
  * stub: show splash screen earlier
  * stub: make splash image payload const
  * boot: split out code that sets various EFI vars from main()
  * boot: split out code that loads the various menu entries into helper call
  * boot: automatically load drop-in EFI drivers off the ESP
  * boot: port more code to use open_directory() helper
  * boot: use _cleanup_freepool_ at more places
  * boot: port more code to readdir_harder()
  * boot: port more code over to get_file_info_harder()
  * boot: move TPM conditionalization into measure.h header
  * boot: add helper for converting EFI_PHYSICAL_ADDRESS to a pointer
  * stub: various modernizations to linux.c
  * boot: add get_os_indications_supported() helper
  * man: add man page for the systemd UEFI stub
  * man: the sd-boot menu is probably more "textual" then "graphical", hence don't lie
  * man: document the new systemd-boot drop-in driver dir logic
  * boot: prefer IMAGE_VERSION from os-release as version string
  * smack-util: tiny simplification
  * Merge pull request #20789 from poettering/initrd-cpio
  * Merge pull request #20826 from yuwata/network-sd-event-source-disable-unref
  * main: use strv_extendf() where appropriate
  * Revert "mkosi: turn off qemu headless mode"
  * Merge pull request #20768 from pdmorrow/shutdown_cgroup_ctrl
  * resolved: suppress writing DNS server info into /etc/resolv.conf for non-standard UDP ports
  * cryptsetup: handle more gracefully if "keyslots" LUKS2 JSON header field is invalid
  * gpt: add partition type for PKCS#7 signatures for root hashes
  * dissect-image: discover verity signature partitions
  * dissect-image: load embedded verity signature info from image
  * dissect-image: add env var for disabling "sidecar" loading of verity params
  * dissect-image: optionally, validate dm-verity signatures in userspace
  * docs: document the new Verity signature partition type, and its UUIDs
  * docs: document the three new env vars for tweaking GPT dissection/validation
  * tests: extend TEST-50-DISSECT to look for verity signatures
  * update TODO
  * Merge pull request #20691 from poettering/gpt-sig
  * Merge pull request #20870 from jwrdegoede/hwdb-2-accel-quirks
  * Merge pull request #20676 from gogsbread/sysctl-minimize-sideeffect
  * resolvconf-compat: make "-u" operation a NOP
  * core: drop "const" from NeedsDaemonReload unit dbus property
  * creds-util: switch to OpenSSL 3.0 APIs
  * openssl-util: use EVP API to get RSA bits
  * Revert "ci: temporarily set -Wno-deprecated-declarations in Packit"
  * Merge pull request #20219 from khfeng/use-intel-hid-rfkill
  * process-util: add helper for querying oom score adjustment value
  * test: add test case for {get,set}_oom_score_adjust()
  * core: add a new setting DefaultOOMScoreAdjust= and set it to 100 above service manager's by default
  * units: run user service managers at OOM score adjustment 100
  * man: document the new DefaultOOMScoreAdjust= setting
  * basic: split out sync() family of calls from fs-util.[ch] into new c/h file
  * basic: split out glyph/emoji related calls from locale-util.[ch] into glyph-util.[ch]
  * basic: split out inotify-related calls from fs-util.h → inotify-util.h
  * basic: spit out chase_symlinks() from fs-util.[ch] → chase-symlinks.[ch]
  * basic: move chase_symlinks_and_fopen_unlocked() → chase-symlinks.[ch]
  * repart: use right error variable
  * unit-file: tighten unit file discovery checks
  * user-record: disable two pbkdf fields that don't apply for pkbdf2
  * Merge pull request #18145 from kinvolk/iaguis/lsm-bpf
  * xattr-util: merge various getxattr()/listxattr() helpers into getxattr_at_malloc() + listxattr_at_malloc()
  * cgroup-util: add reusable union type for cgroupfs file_handle structs
  * cgroups-show: validate specified hostname before including it in fs path
  * cgroups-show: use path_join() when concatenating cgroup paths
  * cgroups-show: optionally show cgroup xattrs + cgroup id in cgroup tree output
  * cgls: enable cgroupid/xattr output by default (but make it configurable)
  * man: document the two new switches for systemd-cgls
  * bash-completion: add the two new switches to systemd-cgls
  * dirent-util: split out new function stat_mode_to_dirent_type()
  * fileio: add shortcut for xopendirat() when called in opendir() compatible mode
  * tree-wide: remove a few unnecessary inclusions of ftw.h
  * basic: add new recurse_dir() tool as replacement for nftw()
  * tests: add test for recurse_dir()
  * kmod-setup: port from nftw() to recurse_dir()
  * cgroup-util: port from nftw() to recurse_dir()
  * kbd-util: port from nftw() to recurse_dir()
  * mount-setup: port from nftw() to recurse_dir()
  * update TODO
  * Merge pull request #20948 from poettering/cgls-xattr
  * update TODO
  * homed: typo fix
  * Merge pull request #20910 from poettering/nftw-no-more
  * dissect: print more useful error messages for two more error cases
  * dirent-util: get rid of stat_mode_to_dirent_type()
  * dirent-util: use statx() in readdir_ensure_type()
  * dirent-util: tweak readdir_ensure_type() a bit
  * Merge pull request #20962 from poettering/dttoif
  * cryptsetup: also define crypt_token_max() as fallback locally, not just sym_crypt_token_max()
  * homed: use crypt_token_max() where appropriate
  * homed: don't forget to look at all enrolled tokens
  * cryptenroll: politely refuse enrolling keys into homed volumes
  * update TODO
  * fileio: add read_virtual_file_at() flavour that takes dir_fd/path pair
  * cryptsetup: don't repeat exact same code twice
  * cryptsetup: optionally turn off token module support in libcryptsetup
  * libfido2-util: add helper that checks whether a FIDO2 device is plugged in
  * cryptsetup: before querying user for a PIN, check if a FIDO2 device is actually plugged in
  * cryptsetup: add a configurable token waiting timeout
  * cryptsetup: minor modernizations
  * man: document new token-timeout= setting
  * docs: document $SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE
  * util: invert ac_power() source type check
  * Merge pull request #20979 from poettering/ac-power-tweak
  * signal-util: don't introduce symbols with double underscores
  * sort-util: use comparison_fn_t instead of __compar_fn_t
  * stub: also move magic string in stub into .sdmagic PE section
  * macro: also use trailing __ for alignof use in attributes
  * network: use official bswap_32() rather than inofficial __bswap_32()
  * tree-wide: use C99 __func__ rather than obsolete __FUNCTION__
  * ethtool-util: let's use userspace types in userspace code
  * localed: use PROJECT_FILE rather than __FILE__ for logging
  * missing: add getdents64() syscall wrapper
  * test-recurse-dir: output some simple timing info, comparing recurse_dir() and nftw()
  * recuse-dir: rework to use getdents64() instead of readdir()
  * sort-util: avoid using glibc's internal __compar_d_fn_t type
  * util: define initializer for 'struct ucred' that properly invalidates all fields
  * varlink: make one more parameter const
  * rm-rf: optionally fsync() after removing directory tree
  * homed: keep "pinning" fd open while home dir active
  * homed: retry deactivation every 15s until successful
  * homed: take BSD file lock on LUKS file while activated
  * homed: optionally, drop caches on logout
  * homed: allow overriding the root directory for home dirs via env var (i.e. use a different path than /home/)
  * update TODO
  * Merge pull request #20970 from poettering/token-timeout
  * Merge pull request #20776 from medhefgo/boot-timeout
  * Merge pull request #20968 from poettering/homed-pin
  * Merge pull request #20787 from fbuihuu/watchdog-more-rework
  * core: allow "off" as special watchdog time to be specified
  * man: document new "off" setting for systemd-system.conf watchdog settings
  * man: document new systemd.watchdog_sec= kernel cmdline option
  * alloc-util: introduce new helper alloca_safe()
  * alloca-util: drop two unnecessary casts
  * tree-wide: port all calls to alloca() to alloca_safe()
  * journal: drop unnecessary +1 in newa() expression
  * alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
  * doc: document that alloca_safe() and friends are the APIs to use
  * homework: fix incorrect error variable use
  * Merge pull request #20983 from mxre/feature/aarch64
  * homework: don't bother with BLKRRPART on images that aren't block devices
  * homework: only do image locks for regular image files
  * Merge pull request #20902 from tasleson/integritysetup-generator
  * homed,shutdown: call valgrind magic after LOOP_GET_STATUS64
  * homework: let's simply some code via erase_and_free()
  * homework: remove duplicate error logging when doing ext4 resizes
  * homework: reuse home_validate_update_luks() at one more place
  * homed: rename home_prepare*() → home_setup*()
  * homed: rename home_setup_undo() → home_setup_done()
  * Merge pull request #21013 from mxre/feature/stub-dtb
  * homed: replace "already_activated" boolean parameter by a flags value
  * watchdog: fix error code handling
  * watchdog: always prefer /dev/watchdog0 over /dev/watchdog
  * watchdog: drop unnecessary variable
  * watchdog: fix fd validity check
  * homework: make PasswordCache const wherever we can
  * homework: mae sure PasswordCache is really optional
  * homework: unify code that opens the backing image file in open_image_file()
  * homework: move allocation/destruction into outer/generic scope
  * Merge pull request #21028 from poettering/watchdog-fixlets
  * Merge pull request #21034 from poettering/homed-password-cache-tweaks
  * Merge pull request #20905 from medhefgo/boot-cleanup
  * loop-util: enable LO_FLAGS_DIRECT_IO by default on loopback devices
  * loop-util: work around cache invalidation bug in older kernels
  * Merge pull request #21044 from poettering/loopback-direct-io
  * loop-util: minor coding style updates
  * loop-util: add debug logging about O_RDWR vs. O_RDONLY + O_DIRECT mode
  * loop-util: call loop_device_make_internal() at the right place
  * nspawn: add --suppress-sync=yes mode for turning sync() and friends into NOPs via seccomp
  * test-networkd-address: fix clock type
  * fd-util: when re-opening a directory with fd_reopen() go via openat(…, ".", …)
  * fd-util: tweak error handling in fd_reopen()
  * test-fd-util: add test case for fd_reopen()
  * varlink: disconnect varlink link in one more case
  * homework: add macro for "/run/systemd/user-home-mount"
  * homework: use bit fields where we deal with lots of separate boolean flags
  * homework: split home_unshare_and_mount() in two
  * basic: move freeze() from shared/exec-util.h to basic/process-util.h
  * namespace-util: introduce userns_acquire() as helper for allocating new unbound userns
  * process-util: move sync() out of freeze()
  * Merge pull request #21079 from poettering/fd-reopen-directory-tweak
  * update TODO
  * Merge pull request #21093 from poettering/homework-trivial-tweaks
  * Merge pull request #21094 from poettering/userns-split
  * update TODO
  * nspawn: bump RLIMIT_NOFILE for nspawn payload similar to how host PID 1 does it for its payload
  * homed: don't drop caches on activation
  * mount-util: use modern mount_setattr() syscall for bind_remount_one_with_mountinfo()
  * mount-util: port over bind_remount_recursive_with_mountinfo() to mount_setattr()
  * mount-util: move opening of /proc/self/mountinfo into bind_remount_one_with_mountinfo()
  * cgroup: handle gracefully if we can't read oom_kill cgroup attribute
  * varlink: don't try to talk to oomd from unit tests
  * stat-util: specify O_DIRECTORY when reopening dir in dir_is_empty_at()
  * dirent-util: move getdents64() related definitions to common header
  * dirent-util: add FOREACH macro for iterating through getdents64() buffers
  * stat-util: optimize dir_is_empty_at() a bit, by using getdents64()
  * stat-util: make sure dir_is_empty_at() does something useful in all cases
  * test: add test for dir_is_empty_at()
  * tree-wide: explicitly unpoison getdents64() memory
  * homework: replace homegrown "dir-is-empty" check with dir_is_empty_at()
  * update TODO
  * json: do something remotely reasonable when we see NaN/infinity
  * Merge pull request #21130 from systemd/wip/hadess/webcams
  * bootctl: refuse parsing unknown special '@' entry ids
  * homed: move HOME_UID_{MIN,MAX} into a header we can reuse in homework.c
  * homework: port home_create_directory_or_subvolume() to use HomeSetup
  * homework: when activating a directory, include info about it in resulting record
  * homework: rework directory backend to set up mounts in /run/systemd/user-home-mount before moving them to /home
  * homework: add new helper call that can shift home dir UID/GID ranges
  * homework: support uidmapping in the "directory" backend
  * Revert "Add variant of close_all_fds() that does not allocate and use it in freeze()"
  * Revert "basic/fd-util: sort the 'except' array in place"
  * fd-util: split out inner fallback loop of close_all_fds() as close_all_fds_without_malloc()
  * fd-util: special case invocation of close_all_fds() with single exception fd
  * fd-util: always return 0 on success in close_all_fds()
  * fd-util: close_all() check d_type
  * fd-util: split out close_all_fds() special case handling and call it from close_all_fds_without_malloc(), too
  * exec-util: use close_all_fds_without_malloc() from freeze()
  * fd-util: export get_max_fd() so that we can use it in tests
  * test-fd-util: extend close_all_fds() test to trigger all fallback codepaths
  * Merge pull request #20344 from poettering/revert-close-all
  * homework: make sure fscrypt backend takes a HomeSetup object for all calls
  * homework: add new helper home_setup_undo_mount()
  * homework: support uidmaps in fscrypt backend
  * homework: pass header user record in home_activate_cifs()
  * homework: rework home_setup_cifs() to store "mounted" variable in HomeSetup
  * homework: move check for CIFS service field initialization to home_setup_cifs()
  * homework: apply mount flags also for CIFS mounts
  * fs-util: add helper that can split CIFS services names
  * homectl: validate CIFS service name before accepting it
  * homework: make home_move_mount() a bit more generic by renaming first parameter
  * homework: allow specifying a dir component in CIFS services
  * homework: actually try all supplied passwords
  * homework: allow specifying explicit additional mount options when using CIFS backend
  * core: normalize 'r' variable handling in unit_attach_pids_to_cgroup() a bit
  * scope: refuse activation of scopes if no PIDs to add are left
  * Merge pull request #21161 from poettering/homed-uidmap-fscrypt
  * Merge pull request #21162 from poettering/homed-cifs-improvements
  * homework: use HomeSetup in home_create_luks() too
  * homework: make use of .undo_mount field of HomeSetup for LUKS backend too
  * homework: teach home_lock() + home_unlock() + home_deactivate() to use HomeSetup, too
  * homework: move all DM detachment/freeing into HomeSetup
  * homework: move all LoopDevice handling into HomeSetup too
  * homework: unify similar code for opening existing LUKS DM devices
  * homework: replace homegrown syncfs_path() reimplementation by syncfs_path()
  * homework: always pass HomeSetup param first, PasswordCache second
  * homework: rework home_setup_luks() to store its root_fd also in HomeSetup
  * homework: move image_fd field in home_setup_luks() also into HomeSetup
  * homework: get rid of manual clean up path in home_setup_luks()
  * homework: move destruction of temporary image file into HomeSetup
  * homework: get rid of manual error path in home_create_luks()
  * homework: also move to using .image_fd field of HomeSetup in home_create_luks()
  * homework: teach luks backend uid mapping
  * update TODO
  * man: clarify the situation of unit templates regarding "systemctl list-units" + "systemctl list-unit-files"
  * docs: document $PASSWORD in ENVIRONMENT.md
  * man: document how nss-resolve and systemd-resolved communicate
  * man: document that daemons can close fds they receive via sd_listen_fds() if they like
  * docs: document what integer range we expect from JSON parsers
  * systemctl: suppress second argument of ternary op where we can
  * systemctl: use empty_to_root() where appropriate
  * systemctl: use LESS_BY where appropriate
  * systemctl: only fall back to local cgroup display if we talk to local systemd
  * systemctl: make sure "systemctl -M status" shows cgroup tree of container not host
  * systemctl: make dbus PID cgroup tree output look more like systemd-cgls
  * Merge pull request #21135 from poettering/homed-uidmap
  * Merge pull request #20609 from DaanDeMeyer/recursive-template
  * Merge pull request #20321 from bluca/state_dir_symlink
  * nspawn: make sure to chown() implicit source dirs for --bind= to container root UID
  * homework,repart: turn on cryptsetup logging before we have a context
  * Merge pull request #21172 from poettering/fix-systemctl-cgroup-tree
  * man: document cryptenroll limitations
  * missing: add missing header inclusions
  * percent-util: clamp percent range before converting to 2^32 scale
  * fd-util: make TAKE_FD free of double evaluation
  * test: add test that ensures TAKE_FD() works as it should
  * process-util: wait for processes we killed even if killing failed
  * process-util: rework TAKE_PID() to be side-effect free
  * tree-wide: port various places to use TAKE_PID()
  * tree-wide: port more code to sigkill_wait()
  * macro: make TAKE_PTR() side-effect free
  * tree-wide: always use TAKE_FD() when calling rearrange_stdio()
  * Merge pull request #21030 from DaanDeMeyer/path-skipped
  * Merge pull request #21070 from medhefgo/boot-save
  * loop-util: reopen device node if we shortcut loop device creation
  * homed: add env var to override dir where we fine stored user records
  * docs: document systemd-homed development env vars
  * user-record: show fs/luks/gpt UUIDs as proper UUIDs
  * user-record: fix display of access mode
  * Merge pull request #21252 from poettering/homed-record-dir-env-var
  * user-record: show CIFS extra mount options, in output too
  * Merge pull request #21171 from DaanDeMeyer/tty-dimensions
  * man: extend os-release docs a bit regarding quotes
  * userwork: properly handle ENOLINK error from lower-level userdb code
  * userdbctl: explicitly handle ESRCH/ENOLINK from userdb_all()
  * userdbctl: make JSON output mode details configurable like in the other tools
  * userdbctl: add a switch for explicitly enabling/disabling multiplexer-based lookups
  * userdbctl: always show summary after printing table (unless legend is off)
  * userwork: make sure to return correct errors when service is not specified correctly
  * man: document new --multipler= switch
  * man: document new --json= mode
  * inotify-util: improve reported error codes when inotify_add_watch() fails
  * tree-wide: use sd_event_source_disable_unref() where we can
  * logind: downgrade message about /run/utmp missing to LOG_DEBUG
  * sd-event: don't destroy inotify data structures from inotify event handler
  * sd-event: add sd_event_add_inotify_fd() call
  * test: add test case for self-destroy inotify handler
  * repart: use LESS_BY() more
  * repart: simplify stat machine we mostly go through linearly
  * repart: don't distribute space after unaligned partitions
  * repart: fix free area calculations for unaligned partitions
  * test: extend repart test suite to test for unaligned partitions
  * Merge pull request #21270 from poettering/event-mem-corruption
  * nspawn: drop two entirely redundant lines
  * nspawn: add helper settings_network_configured()
  * nspawn: use three boolean fields from settings file when actually set
  * nspawn: copy BindUser= setting from settings only if set
  * nspawn: only copy syscall filters from settings if actually configured
  * nspawn: don't muck with caps if no network setting is used in settings file
  * Merge pull request #21283 from poettering/nspawn-idempotent-empty-settings
  * architecture: drop __riscv__ checks, it's obsolete since 2018
  * shared: start pushing people gently to define GPT partition type UUIDs for missing archs
  * docs: invite people to define GPT partition types for all archs now
  * shared: nudge people into sending us patches to make /lib64/ symlink generation work on all archs that need it
  * doc: add some docs with a checklist of what to do for new architectures
  * escape: add flags argument to quote_command_line()
  * process-util: use quote_command_line() at one more place
  * escape: return unused memory in quote_command_line()
  * userdbctl: add support for chaining command lines in "authorized-keys" verb
  * man: document new --chain switch to userdbctl
  * Merge pull request #21304 from poettering/chain-ssh-auth-keys
  * Merge pull request #21302 from yuwata/udev-drop-colon-from-ID_NET_NAME_MAC
  * boot: add comments what closely related ConfigEntry fields are about
  * boot: ternary op is your friend
  * boot: const arguments should be const
  * bootspec: fix comment that says exactly the opposite of what is true
  * boot: clean up unified boot loader entry name/version extraction
  * boot: when we can't boot use the right boot loader entry display title in log message
  * bootspec: catch up with sd-boot's bootspec implementation
  * boot: line-break magic[] array to match osrel[] line breaks
  * fundamental: rename type.h → types-fundamental.h
  * types-fundamental: introduce sd_true + sd_false
  * update TODO
  * macro-fundamental: fix bool → sd_bool
  * Merge pull request #20953 from msekletar/mount-ratelimit-followup-20329
  * pid1: add a manager_trigger_run_queue() helper
  * umask-util: add helper that resets umask until end of current code block
  * namespace: rebreak a few comments
  * namespace: make whole namespace_setup() work regardless of configured umask
  * namespace: make tmp dir handling code independent of umask too
  * tests: add test case for UMask=+BindPaths= combination
  * homework: default to btrfs compression
  * homed: add env var for overriding default mount options
  * docs: document new mount option env var
  * Merge pull request #21320 from poettering/namespace-mkdir-umask
  * homework: turn off compression for files backing LUKS volumes
  * Merge pull request #21294 from keszybz/binfmt-misc
  * keyring-util: add new keyring-util.h helpers
  * homework: add a const where appropriate
  * man: run ninja -C build update-man-rules
  * homework: also add a way to configure additional mount options via a JSON user record field
  * homectl: make new LUKS extra mount option field settable
  * doc: document the new luksExtraMountOptions concept
  * homed: allow querying disk free status separetely from generating JSON from it
  * homed: include actual fs type + access mode as part of "status" section of user record
  * doc: document the two new accessMode/fileSystemType fields
  * update TODO
  * Merge pull request #21329 from poettering/homed-compress-default
  * homework: split out password cache logic into its own .c/.h file
  * Merge pull request #21331 from poettering/luks-extra-mount-options
  * Merge pull request #21333 from poettering/homed-report-fs-and-access-mode
  * homework: sync dir after moving file in, not before
  * shared: split out UID allocation range stuff from user-record.h
  * uid-alloc-range: maintain only a single default alloc range structure
  * test: rename test-user-record → test-uid-alloc-range
  * Merge pull request #21337 from poettering/uid-alloc-range-split
  * homework: rework how we disassemble a home dir in home_deactivate()
  * meson: drop -ffast-math
  * test-json: add test that makes sure floats are somewhat reasonably implemented
  * filesystems: add two new filesystem groups
  * filesystems: slightly update common block device groups
  * filesystems: add ceph to network file systems group
  * filesystems: add binfmt_misc to auxiliary API VFS group
  * filesystems: add group for "application" file system
  * mountpoint-util: sort list of read-only fs again
  * filesystems: add internal APIs to convert fs magic to name
  * analyze: show fs magic info in 'systemd-analyze filesystem'
  * filesystems: add three more file system types
  * homed: replace home-grown fs magic translation with fs_type_to_string()
  * analyze: don't list filesystems among ungrouped that are aliases
  * devtmpfs is a primary API fs
  * filesystems: list orangefs as network fs
  * filesystems: list rpc_pipefs as auxiliary kernel API VFS
  * filesystems: fix magic of "smb3" fs
  * filesystems: add comments to gperf file anomalies
  * filesystems: add ntfs/ntfs3 magic and add it current version to group
  * filesystems: apparently f2fs is als reasonably common
  * homed: reset HomeSetup.undo_dm field when deactivating home dir the official way
  * units: relax sandbox so that uidmap stuff can work
  * cgroup-util: laccess() returns negative errno already
  * macro: add new helper RET_NERRNO()
  * tree-wide: use new RET_NERRNO() helper at various places
  * docs: mention RET_NERRNO() in CODING_STYLE.md
  * homed: wait for luks devices to go away
  * test: make homed test run in qemu
  * umount: fix log message
  * Merge pull request #21380 from poettering/homed-test-qemu
  * Merge pull request #21383 from yuwata/network-address-scope
  * Merge pull request #21386 from keszybz/binfmt-later
  * Merge pull request #21275 from keszybz/makefs-quiet
  * mkdir: tighten permission check
  * mkdir: make sure mode is set
  * mkdir: use chase_symlinks_and_stat() where appropriate
  * smack make mac_smack_fix_at() useful when called with dir_fd=AT_FDCWD
  * selinux: make mac_selinux_create_file_prepare() at wrapper around _at()
  * sysext: fix tmpfs mount source
  * mkdir-label: make mkdir_label() a wrapper around mkdirat_label()
  * tree-wide: don't use mkdir_errno_wrapper() without reason
  * mkdir: drop mkdir_errno_wrapper(), use mkdirat_errno_wrapper() instead
  * shared: clean up mkdir.h/label.h situation
  * homework: make sync of identies when resizing homes optional
  * resize-fs: add helper that checks if the specified fs can do online grow/shrink
  * user-record: relax rules on diskSize user record field
  * homework: beef up luks resize logic to allow "minimizing" homes
  * test: add grow/shrink/minimize test for homed
  * tree-wide: use WRITE_STRING_FILE_MKDIR_0755 at more places
  * coredump: tweak which dir we create
  * Merge pull request #21391 from poettering/homed-minimize
  * Merge pull request #21326 from poettering/mkdir-tweaks
  * homectl: if homed asks for the recovery key to be supplied, query the user for it
  * pam_systemd_home: prompt user for recovery key if homed asks for it
  * fs-util: add new helper open_mkdir_at()
  * tree-wide: port various places over to open_mkdir_at()
  * Merge pull request #21421 from poettering/homed-recovery-pw
  * Merge pull request #21401 from poettering/open-mkdir-at
  * homework: make destroying of HomeSetup optional when resizing
  * homework: make it safe to invoke home_setup_luks() twice in a row
  * homework: also add logic for "maximizing" size of home
  * test: extend homed test to test home dir "maximization"
  * homectl: parse "min" and "max" as special disk size values
  * Merge pull request #21411 from poettering/homed-maximize
  * Merge pull request #21420 from DaanDeMeyer/journal-enumerate-skip
  * strv: make sure FOREACH_STRING() can be nested
  * gpt: make gpt_partition_type_uuid_from_string() return parameter optional
  * test-gpt: add test that shows for which archs we have GPT partition types
  * docs: clarify the assumption on numeric values of JSON parsers we make
  * doc: rebreak boot loader spec
  * update TODO
  * nspawn: use FOREACH_STRING() more
  * Merge pull request #21425 from keszybz/ppc64-fixes
  * resolved: use RET_NERRNO() where it makes sense
  * resolved: include IP address info in debug output for incoming datagrams
  * socket-util: add helper for generically initializing sockaddr_union from in_addr_union
  * resolved: add "proxy-only" stub on 127.0.0.54
  * nspawn: voidify expose_port_execute() calls
  * resolved: fix ResolveService() hostname handling
  * resolved: properly signal transient errors back to NSS stack
  * resolved: make sure we don't hit an assert when dealing with incomplete DNSSD service definitions
  * resolved: clean up manager_write_resolv_conf() a bit
  * resolved: lower connection timeout for DoT connections in opportunistic mode
  * man: fix type in sd_bus_error_add_map() prototype
  * Merge pull request #21470 from poettering/resolved-250-fixes
  * user-record: add auto-resize property
  * homectl: expose new autoResizeMode JSON user record property
  * homework: add auto-shrink/auto-grow
  * homework: upload home password into kernel keyring if needed
  * man/doc: document auto resize modes
  * homework: when creating home dir also treat specified size as hint
  * homework: correct initial minimal fs size calculations by LUKS2/GPT overhead
  * man: document min/max for --disk-space= too
  * test: update test to use --disk-size=min
  * Merge pull request #21443 from poettering/homed-grow-shrink-on-login-logout
  * Merge pull request #21440 from poettering/homed-initial-fs-size
  * process-util: add missing NULL initialization for _cleanup_ variable
  * Merge pull request #21479 from keszybz/cosmetic-initialization-adjustments
  * pretty-print: add helper for quickly outputting red/green cross/check marks
  * bootctl: use new red/green check/cross mark helpers at two places
  * dissect: add helper call for unifying three loops
  * dissect-image: when extracting metadata from image also check if it contains init system
  * extension-release.d/: add a new field SYSEXT_SCOPE= for clarifying what a system extension is for
  * os-release: add new PORTABLE_PREFIXES= field for declaring valid portable service match prefixes
  * dissect: show intended purpose of images in dissection output
  * test: test new SYSEXT_SCOPE=/PORTABLE_PREFIXES= fields in TEST-29
  * update TODO
  * recurse-dir: give callers of recurse_dir_at() control over path prefix
  * Merge pull request #21448 from poettering/disk-image-purpose
  * shared: split out ioprio related stuff into ioprio-util.[ch]
  * ioprio-util: add macro for default ioprio settings
  * ioprio: normalize io priority values in configuration
  * core: normalize ioprio values we acquire from kernel
  * test: add test for ioprio normalization
  * man: don't mention IOSchedulingClass=none anymore in the docs
  * test: make test-execute pass on Linux 5.15
  * homectl: also acquire "cheap" passwords for homectl update/passwd
  * homework: fix message typo
  * homework: don't try to shift uidmap for already activated home areas
  * homework: also apply uid shifting when changing passwords/resizing/updating home areas
  * homework: fix a bad error propagation
  * homework: add debug log message whenever we applied a uidmap to a mount
  * Merge pull request #21502 from keszybz/os-release-debugging
  * socket: always pass socket, fd and SocketPeer ownership to service together
  * socket: various modernizations
  * man: suggest usage of CollectMode= in Accept=yes services
  * man: "-j", not "-J" is the shortcut for JSON mode in homectl
  * list: add LIST_POP() helper that pops the first item off a linked list
  * repart,homed: split out disk cleanup macros into generic header
  * json: don't assert() if we add a NULL element via json_variant_set_field()
  * json: add new JSON_BUILD_CONST_STRING() macro
  * Merge pull request #21487 from DaanDeMeyer/dissect-image-other-arch
  * homed: support LogControl1 D-Bus API too, and make use of it
  * test: don't provide password to deactivation
  * user-record: add rebalanceWeight field
  * homectl: expose new rebalanceWeight JSON use record field
  * homed: add automatic grow/shrink ("rebalancing")
  * homed: add explicit API for requesting rebalancing too
  * homectl: add new "homectl rebalance" command
  * test: add test case for homed rebalancing logic
  * update TODO
  * NEWS: start with an entry for v250
  * update TODO
  * update TODO
  * update TODO
  * random-seed: add missing %m in error message
  * tree-wide: some additional checks to avoid CVE-2021-4034 style weaknesses
  * pid1: pass PAM_DATA_SILENT to pam_end() in child
  * execute: use _cleanup_ logic where appropriate
  * execute: line break comments a bit less aggressively
  * execute: document that the 'env' param is input *and* output
  * fundamental: support assert_se() in EFI mode too
  * macro: add ASSERT_SE_PTR() macro
  * efi: use assert_se() instead of assert() to guard for OOM issues in EFI code
  * util: another set of CVE-2021-4034 assert()s
  * NEWS: minor formatting tweaks
  * journal: various fixes to journal_file_read_object()
  * analyze: correctly mention that --json= is also understood by inspect-elf
  * units: we need systemd-journald.service from systemd-journal-flush.service
  * resolve: add missing OOM check
  * tests: rework test macros to not take code as parameters
  * journal-file: don't use pread() when determining where to append, use mmap as before
  * systemctl: strings returned by sd_bus_message_read_basic() are immutable
  * udevadm: don't claim a sysattr was write only just because we get EPERM on read
  * sd-boot: rename LOADER_STUB → LOADER_UNIFIED_LINUX
  * journal: when copying journal file to undo NOCOW flag, go via fd
  * boot: fix pretty nasty typo
  * resolved: maintain only a single list of "dont-resolve" domain names
  * systemctl: use STR_IN_SET() where appropriate
  * hostnamed: drop "iteractive" parameter from GetHardwareSerial()
  * hostnamed: trivial optimization
  * Merge pull request #22375 from michaelolbrich/watchdog
  * Merge pull request #22378 from bluca/on_fail_follow_ups
  * journal-file: fix error handling of pread() in journald_file_punch_holes()
  * journal-file: explicitly handle file systems that do not support hole punching
  * man: systemd-stdio-bridge doesn't connect "two busses"
  * watchdog: work around Coverity confusion
  * repart: fix sector size handling
  * tests: add repart tests for block devices with 1024, 2048, 4096 byte sector sizes
  * README: CONFIG_KCMP is the new kernel compile time option for kcmp()
  * coredump: raise the coredump save size on 64bit systems to 32G (and lower it to 1G on 32bit systems)
  * man: coredump.conf: document defaults limits
  * Revert "boot-timestamps: Discard firmware init time when running in a VM"
  * sd-boot: split out TSC/time API
  * sd-boot: add overflow check to TSC reads
  * sd-boot: don't export ticks_read() and ticks_freq()
  * sd-boot: encapsulate freq cache in ticks_freq()
  * sd-boot: return 0 (not 1) from ticks_read() in fallback implementation
  * sd-boot: don't use TSC in virtualized environments
  * Merge pull request #22442 from DaanDeMeyer/fix-entry-iteration
  * Merge pull request #22423 from poettering/repart-sector-size
  * Merge pull request #22446 from poettering/sd-boot-cpuid-vm-tscd
  * conf-parse: add generic config_parse_safe_string() helper
  * conf-parser: use _cleanup_free_ where appropriate
  * conf-parser: minor refactorings/modernizations
  * conf-parser: refuse section headers with control characters early, just in case
  * conf-parser: update config_item_*_lookup() to follow modern coding style
  * tree-wide: use config_parse_safe_string() at various places
  * conf-parser: add specific parser for PID values
  * cgroup: downgrade warning if we can't get ID off cgroup
  * cgroup-util: minor modernizations
  * pid1: export cgroup ID among per-unit cgroup information
  * sd-device: refuse opening device mit major/minor of zero early
  * gpt-auto: properly handle case where we can't determine devno of /usr/ fs
  * sd128: export sd_id128_to_uuid_string()
  * id128-util: add new helper id128_equal_string()
  * tree-wide: use id128_equal_string() at various places
  * homed: use SD_ID128_TO_UUID_STRING() at one more place
  * veritysetup: whitespace fix
  * Revert "bootctl: Ignore boot entries (continue #22041)"
  * bootspec: port one more use of basename() to path_extract_filename()
  * update TODO
  * bootspec: parse/show devicetree-overlay field too
  * bootspec: also parse new 'beep' loader.conf variable
  * bootspec: also collect/mark the "selected" boot entry (i.e. the one currently booted)
  * bootctl: show more information about boot entry state in list
  * bootspec: make sure all return values are initialized on return of find_esp_and_warn()
  * boot: suppress XBOOTLDR if same device as ESP when enumerating entries
  * bootspec: avoid zero size VLA
  * stat-util: add helper stat_inode_same() for comparing stat's st_dev/st_ino in one
  * tree-wide: port various places over to new stat_inode_same() helper
  * fd-util: use ERRNO_IS_XYZ() macros where appropriate
  * coredump: fix inode check
  * sd-daemon: use path_join() instead of manual path concat
  * docs: make clear that if you use threaded cgroups you need to do that two levels down from your delegated cgroup
  * Merge pull request #22412 from yuwata/sd-dhcp6-client-cleanups
  * Merge pull request #22516 from keszybz/bit-and-pieces
  * man: fix virtualization table
  * TODO
  * homed: when using id mapping on the home dirs, also do an identity mapping for the container UID ranges
  * docs: document homed's use of the container UID mapping
  * NEWS: update excerpt on container UID/GID mappings
  * Merge pull request #22526 from poettering/homed-container-uid-range
  * coccinelle: automatically switch some uses of memcpy() → mempcpy()
  * tree-wide: some coccinelle fixes
  * Revert "resolved: filter out our own stub resolvers when parsing servers"
  * Merge pull request #22531 from poettering/mempcpy-cocci
  * glyph-util: add new glyphs for up/down arrows
  * user-util: move homed/nspawn map UID_MIN/UID_MAX define into user-util.h
  * logind: fix internal types used for EnableWallMessages
  * logind: fix bool/int confusion for KillUserProcesses bus property
  * userdbctl: show min/max UID boundaries in userdbctl output
  * userdbctl: add a dash of color to users of different dispositions
  * pid1: watch bus name always when we have it
  * pid1: lookup owning PID of BusName= name of services asynchronously
  * docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it
  * pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon
  * Merge pull request #22552 from poettering/nss-by-pass-bus-rework
  * machined: sd-bus expects 'int', not 'bool' when returning unmarshalled booleans
  * machined: use one_zero() on one more occasion
  * Merge pull request #22562 from poettering/logind-bool-fix
  * resolved: rework how we reply to D-Bus messages for resolution requests
  * env-util: replace unsetenv_erase() by new getenv_steal_erase() helper
  * Merge pull request #22573 from mrc0mmand/epoch-timestamp
  * analyze: split out "timespan" verb into its own .c/.h file
  * analyze: split out "timestamp" verb into its own .c/.h files
  * analyze: split out calendar verb into own .c/.h file
  * analyze: split out "filesystems" verb into its own .c/.h file pair
  * analyze: split out "syscall-filter" verb
  * analyze: split out "dump" verb
  * analyze: split out "dot" verb
  * analyze: split out "service-watchdogs" verb
  * analyze: highlight the range of deprecated verbs in comments a bit better
  * analyze: split out "exit-status" verb
  * analyze: split out "capability" verb
  * analyze: split out "blame" verb + time helpers
  * analyze: split out "plot" verb
  * analyze: split out cat-config verb
  * analyze: split out log control verb
  * analyze: split out "unit-paths" verb
  * analyze: split out "unit-files" verb
  * analyze: split out critical chain
  * analyze: split out "time" verb
  * analyze: fully move "security" verb to analyze-security.[ch]
  * analyze: move inspect-elf verb entrypoint into analyze-elf.[ch], too
  * analyze: split out "verify" verb into own .c/.h file
  * analyze: move "condition" verb into analyze-condition.[ch]
  * analyze: systematically name verb entry point functions verb_xyz()
  * analyze: modernize pretty_boot_time() a bit
  * env-util: drop unsetenv_erase()
  * systemctl: systematically rename verb entrypoints verb_xyz()
  * systemctl: rework daemon_reload() functions
  * analyze: fix build on non-seccomp builds
  * Merge pull request #22584 from poettering/systemctl-verb-renamed
  * clang-format: we actually typically use 16ch continuation indentation
  * coccinelle: automatically look for timestamp_is_set candidates
  * tree-wide: use timestamp_is_set() more
  * units: drop After=systemd-networkd.service from systemd-resolved.service
  * units: move resolved to sysinit.target (from basic.target)
  * units: drop After=systemd-resolved.service from systemd-nspawn@.service
  * killall: show PID of processes killed in final killing spree
  * update TODO
  * logind: replace handle_action_valid() macro by inline function
  * logind: rename ActionTableItem → HandleActionData
  * logind: minor whitespace fix
  * logind: drop unused prototype
  * logind: rename manager_item_for_handle() → handle_action_lookup()
  * logind: rename scheduled_shutdown_type → scheduled_shutdown_action
  * pid1: add comment to crash handler about memory allocations
  * pid1: split out crash handler logic into its own .c/.h file
  * main: add 'const' on two function arguments
  * pid1,nspawn: raise default RLIMIT_MEMLOCK to 8M
  * Merge pull request #22460 from bluca/monitor_refactor
  * hostname-util: normalize get_pretty_hostname() call semantics
  * Merge pull request #22618 from yuwata/network-safe-string
  * kernel-install: don't try to persist used machine ID locally
  * kernel-install: add a new $ENTRY_TOKEN variable for naming boot entries
  * kernel-install: only generate systemd.boot_id= in kernel command line if used for naming the boot loader spec files/dirs
  * kernel-install: search harder for kernel image/initrd drop-in dir
  * kernel-install: add new "inspect" verb, showing paths and parameters we discovered
  * man: document recent changes
  * bootctl: update to new kernel-install semantics
  * NEWS: add NEWS entry highlighting what the "entry-token" logic means for "gold image" builders
  * random-util: drop left-over comment
  * test: change // comments to /* */
  * macro: DECIMAL_STR_WIDTH() is about *values* not *types*
  * test: add test for DECIMAL_STR_WIDTH()
  * macro: handle DECIMAL_STR_MAX() special cases more accurately
  * test: add test case for DECIMAL_STR_MAX()
  * docs: document we use C11 with GNU extensions now
  * hostnamed: update chassis table to SMBIOS 3.5
  * docs: document how we usually define enums
  * Merge pull request #22734 from poettering/decimal-str-width-test
  * import: improve error message
  * docs: s/straight-forward/straightforward/
  * update TODO
  * cgroup-show: split out delegation xattr check into its own function
  * cgroup: also indicate cgroup delegation state in user-accessible xattr
  * docs: document the user.delegate xattr
  * cgroup: also set user.invocation_id in addition to trusted.invocation_id
  * boot: drop const from EFI_PHYSICAL_ADDRESS parameter
  * boot: use UINT32 as type for PCR indexes
  * sd-boot: measure kernel cmdline into PCR 12 rather than 8
  * man: only document new PCR 12
  * NEWS: add entry announcing PCR change
  * Merge pull request #22563 from grigorig/cryptenroll-tpm2-pin
  * sd-boot: disable bitlocker reboot feature for now
  * Merge pull request #22761 from poettering/pcr-fix
  * update TODO
  * nspawn: rebreak all comments in outer_child()
  * nspawn: make more stuff const
  * nspawn: if we refuse to operate on some directory, explain why
  * base-filesystem: use uid_is_valid() at one more place
  * nspawn: make sure host root can write to the uidmapped mounts we prepare for the container payload
  * homed: permit inodes owned by UID_MAPPED_ROOT to be created in $HOME
  * Merge pull request #22754 from mrc0mmand/creds_dir_specifier
  * kernel-install: make clear which variables are supposed to be placed in install.conf in a comment
  * kernel-install: drop spurious double empty line
  * bootctl: fix typo
  * bootctl: use faccessat() more
  * bootctl: add comment, explaining when verb_install() is called
  * Merge pull request #22784 from poettering/bootctl-fixlets
  * doc: mention that setfsuid() is a reason why UIDs >= 2147483648 are icky
  * Revert "boot: Change boot entry sorting"
  * docs: add new "sort-key" field to boot loader spec
  * sd-boot: make use of new "sort-key" boot loader spec field
  * sd-boot: add comments highlighting type 1 vs. type 2
  * kernel-install: automatically generate "sort-key" field
  * test: add test that verifies correct order of boot entries
  * update TODO
  * shared: split out ESP/XBOOTLDR search stuff from bootspec.c
  * meson: sort shared source file list again
  * Merge pull request #22787 from poettering/bootspec-split
  * time-util: add macros around timespec_store() that operates on compund literal allocated timespec struct
  * timesyncd: use structured initialization more
  * timesyncd: get rid of unnecessary 'r' assignments
  * timesyncd: cast some function invocations to void
  * timesyncd: make a constant structure actually static/const
  * timesyncd: add comment what bool arg is
  * timesyncd: rebreak some comments
  * timesyncd: merge some variable declarations
  * timesyncd: use CMSG_FIND_DATA() macro where appropriate
  * timesyncd: move stuff that is not about setting the clock out of manager_adjust_clock()
  * sd-event: add a single implementation of an event source that runs on clock changes
  * timesyncd: don't abort packet handling if we can't save the timestamp to disk
  * timesyncd: rename bool 'good' → 'talking'
  * timesyncd: when updating timestamp file, use best time we know, instead of system clock
  * timesyncd: add debug logging in case we can't touch /run/systemd/timesync/synchronized
  * timesyncd: generate a structure log message the first time we set the clock correctly
  * timesyncd: improve log message whe getting a reply from server
  * sysupdate: add new component "sysupdate"
  * unit: add units for new "systemd-sysupdate" tool
  * man: add sysupdate documentation
  * test: add integration test for sysupdate
  * update TODO
  * update TODO
  * fs-util: add openat_report_new() wrapper around openat()
  * sd-journal: refuse invocation of journal_file_open() with O_RDONLY|O_CREAT
  * journal-file: port journal_file_open() to openat_report_new()
  * sd-event: fix creation of floating event_add_time_change() event sources
  * bootctl: $KERNEL_INSTALL_MACHINE_ID + $KERNEL_INSTALL_LAYOUT are deprecated
  * bootctl: load /etc/kernel/install.conf's $layout field, too
  * kernel-install: list fields we honour in /etc/kernel/install.conf
  * NEWS: try to fix old entry regarding KERNEL_INSTALL_LAYOUT
  * man: clarify the format used by sd-boot config files
  * man: clarify where the settings in type #1 entries are documented
  * man: also install systemd-stub man page as sd-stub
  * man: clarify that type #1 entries are also read from the XBOOTLDR partition
  * docs: add /loader/entries.srel to the boot loader spec
  * bootctl: generalize open_tmpfile_linkable() use a bit
  * bootctl: automatically write out $BOOT/entries/standard.srel
  * kernel-install: check for /loader/entries.srel file as explicit marker for standards compliant /loader/entries directory
  * Merge pull request #22662 from yuwata/udev-trigger-priority
  * sd-device: fix trivial typo
  * sd-device: use path_compare() rather than strcmp() for sorting paths
  * docs: add some docs about building OS images
  * fs-util: fix typos in comments
  * fs-util: make sure openat_report_new() initializes return param also on shortcut
  * Merge pull request #22629 from nishalkulkarni/oomd_service_result
  * Merge pull request #22791 from keszybz/bootctl-invert-order
  * docs: make man page links in markdown Links section use teletype font, as we usually do
  * docs: link up new image building docs a bit
  * docs: extend BUILDING_IMAGES with a section about IMAGE_ID=/IMAGE_VERSION=
  * update TODO
  * doc: add a bunch of missing <br>
  * macro: add macro that simplifies going backwards through an array via pointers
  * doc: two markdown markup fixes
  * tree-wide: use PTR_SUB1() at two places where appropriate
  * update TODO
  * bpf-firewall: invert test
  * efivars: cache ENOENT as no efi secure boot
  * efivars: tweak debug log message in efi_get_secure_boot_mode()
  * efivars: no need to convert ENOENT → ENODATA twice
  * efivars: downgrade log level in systemd_efi_options_efivarfs_if_newer()
  * efivarfs: rename a couple of return params to ret_xyz/ret
  * efivars: define efi variable flags less weirdly
  * efi-loader: split efi-api.[ch] from efi-loader.[ch]
  * errno-util: add ERRNO_IS_DEVICE_ABSENT() macro
  * NEWS: various tweaks
  * Merge pull request #22840 from poettering/efivars-tweaks
  * machine-info: rename VENDOR=/MODEL= → HARDWARE_VENDOR=/HARDWARE_MODEL=
  * hostnamed: properly reset hw model/vendor props before re-reading them
  * update NEWS
  * Merge pull request #22859 from poettering/hardware-rename
  * journal-remote: constify a few parameters
  * Merge pull request #22717 from yuwata/udev-lock-block-device-by-main-process
  * journal-file: merge compress/seal bool args into a single flags param
  * journal: don't talk about -1 in context of unsigned values
  * journald: make sure SIGTERM handling doesn't get starved out
  * journal-file: if we are going down, don't use event loop to schedule post
  * bootctl: optionally, output entries in JSON format
  * bootspec: don't use conf_files_list() for finding type #1 entries
  * bootspec: pass around BootConfig struct instead of entries/n_entries fields only
  * bootspec: try harder to suppress duplicate enumerated entries
  * bootspec: rename type1 parsers to say "type1" explicitly in the name
  * bootspec: normalize oom handling in boot_load_efi_entry_pointers()
  * bootspec: assess default/selected entries *after* we augmented entry list with entries from loader
  * bootctl: use boot_config_default_entry() where appropriate
  * bootspec: don't needlessly inline boot_config_find_entry()
  * bootspec: normalize function names/parameter lists
  * time-util: assume CLOCK_BOOTTIME always exists
  * update TODO
  * cryptsetup: rename functions that try to do FIDO2/TPM2/PKCS#11 via cryptsetup plugins to say so
  * cryptsetup: add helper for mangling "none" option strings
  * cryptsetup: adjust some log levels
  * veritysetup: give command line parameters proper names
  * veritysetup: mangle option strings like in cryptsetup
  * veritysetup: do some superficial checking on volume name
  * tree-wide: unify some code that looks for --help in the command line
  * integritysetup: rename action → verb, to match other code
  * integritysetup: log when attempted to detach already detached volume
  * integritysetup: also port to mangle_none()
  * integritysetup: also validate volume name
  * update TODO
  * virt: simplify userns_has_mapping() by using fscanf() instead of scanf()
  * virt: use read_virtual_file() for reading /proc/self/setgroups
  * Merge pull request #22919 from poettering/cryptsetup-tweaks
  * pid1: check for kernels older than baseline
  * systemctl: show tainted state
  * update TODO
  * tests: modernize load_testdata_env() a bit
  * test-resolved-stream: before entering user/network namespaces check if that's safe
  * uid-range: use size_t for array size
  * test: port test-uid-range to tests.h
  * uid-range: add new uid_range_load_userns() for loading /proc/self/uid_map
  * uid-range: add some overflow checks
  * uid-range: replace uid_range_contains() by more generalized uid_range_covers()
  * pid1: add taint flag if uid/gid userns range too small
  * update TODO
  * userdbctl: also show available UID range in current userns
  * process-util: refactor APIs for reading /proc/self/xyz symlinks
  * Merge pull request #22934 from poettering/tls-test-fix-root
  * notify: remove spurious whitespace
  * path-util: use STR_IN_SET() where appropriate
  * Merge pull request #22921 from poettering/uid-range-tweaks
  * udev: add /dev/disk/by-diskseq symlink for block devices
  * veritysetup: fix memory corruption
  * virt: rework kvm with hyperv enlightenment checks a bit
  * virt: make virtualization enum a named type
  * virt: move array iterators to smaller scope, and use right type
  * update TODO
  * gpt: introduce common implementation of type uuid search loop
  * TODO
  * hash-funcs: tweak odering in devt_compare_func()
  * udevadm: add new "lock" verb for locking block devices
  * man: document new udevadm lock tool
  * man: properly conditionalize kernel-install man page
  * sd-device: rename return parameter of sd_device_get_devpath() to ret
  * sd-device: actually read diskseq if told so
  * udevadm: show more fields of sd_device objects in "udevadm info"
  * udevadm: add a dash of color to "udevadm info"
  * udevadm: if invalid devices are specified on "info" verb, continue
  * man: document various sd_device_get_xyz() functions
  * tree-wide: use 'Architecture' type consistently across the tree
  * update TODO
  * update TODO
  * update TODO
  * fix TODO
  * update TODO
  * logind: expose long press actions on D-Bus
  * logind: also show long press settings in default logind.conf
  * man: split an overly long paragraph in two
  * Merge pull request #22975 from poettering/logind-longpress-followup
  * Merge pull request #22968 from keszybz/kernel-4.4
  * update TODO
  * loop-util: let's cut trailing whitespace, not trailing lines
  * loop-util: slightly rework device_has_block_children()
  * test-loop-block: don't spawn threads in case N_THREADS is 1
  * loop-util: take a LOCK_EX BSD file lock on control device while we acquire a loopback device
  * loop-util: use ERRNO_IS_DEVICE_ABSENT() macro where appropriate
  * loop-util: explicitly close loopback block device before sleeping
  * loop-util: add debug message with details about acquired loopback device
  * test: allow specifying test threads/iterations/timeouts via cmdline
  * test-loop-block: conditionalize things on HAVE_BLKID correctly
  * dissect: improve debug logging in probe_filesystem()
  * Merge pull request #23009 from keszybz/fix-detection-of-libsystemd-shared-with-suffix
  * update TODO
  * update TODO
  * update TODO
  * systemd-creds: fix name of env var
  * specifier: use %q for pretty hostname
  * update TODO
  * dissect: rework how we wait for partition block devices
  * update TODO
  * test-loop-block: reenable test on CI
  * tree-wide: take BSD lock on loopback devices we dissect/mount/operate on
  * sd-device: simplify device_enumerator_scan_devices_and_subsystems() a bit
  * sd-device: make device_set_syspath() more defensive
  * sd-device: validate devnum parameters in device_set_devnum()
  * chase-symlinks: use proper typedef for flags argument
  * chase-symlinks: avoid using stack allocation for potentially huge paths
  * chase-symlinks: use empty_to_root() where appropriate
  * chase-symlinks: add missing OOM check
  * chase-symlinks: add comment for opaque argument
  * chase-symlinks: prefer path_extract_directory() over dirname()
  * Merge pull request #23061 from poettering/chase-symlinks-tweaks,-new
  * pid1: pass useful env vars to generators
  * man: rebreak all paragraphs in systemd.generator(7)
  * man: document new generator env vars
  * update TODO
  * Merge pull request #23065 from poettering/env-var-generator
  * sd-device: use chase_symlinks() O_PATH fd
  * sd-device: don't accept non-sysfs paths
  * sd-device: generate e better error code when trying to allocate sd_device for non-dir
  * sd-device: split out checking of matches from enumerator_scan_dir_and_add_devices()
  * sd-device: filter regular files when enumerating
  * sd-device: add some comments
  * sd-device: properly support some corner case syspath
  * sd-device: include parent devices in enumeration
  * udevadm: add new --tree mode to "udevadm info"
  * udevadm: use xopendirat() where appropriate
  * update TODO
  * basic: split out dev_t related calls into new devno-util.[ch]
  * devnum-util: define helper macros for formatting devnum major/minor pairs
  * devnum-util: catch potential stack overruns early
  * Merge pull request #22759 from msekletar/issue-18077-long-sysfs-paths-hashing
  * Merge pull request #23011 from mrc0mmand/TEST-64-md
  * update TODO
  * update TODO
  * update TODO
  * update TODO
  * update TODO
  * tpm2-util: add helper that checks for the various facets of TPM2 support
  * condition: rework ConditionSecurity=tpm2 check on top of tpm2_support()
  * bootctl: use new tpm2_support() helper to show TPM2 info
  * creds-tool: add new "has-tpm2" verb
  * man: document new has-tpm2 verb
  * creds-util: refuse unexpected key types explicitly
  * creds-util: add an explicit 128bit ID for identifying "automatic" key determination
  * creds-util: permit credentials encrypted/signed by fixed zero length keys as fallback for systems lacking TPM2
  * update TODO
  * Merge pull request #23099 from yuwata/sd-bus-track-fixlets
  * man: update TPM2 PCR documentation
  * Merge pull request #23122 from poettering/creds-has-tpm2
  * update TODO
  * macro: upgrade ref counting overflow check assert() → assert_se()
  * sd-bus: switch to a manual overflow check in sd_bus_track_add_name()
  * main: voidify call to kmod_setup()
  * creds-util: also warn about unencrypted creds host key if we are creating it
  * creds-util: upgrade message about TPM2 not working
  * Merge pull request #23148 from poettering/creds-util-mini-tweaks
  * bus-unit-util: make sure we can set LoadCredentials= property with a single string
  * man: make clear that encrypted credentials are also authenticated
  * tpm2-util: if we run in a container, ignore /sys/class/tpmrm/* contents
  * update TODO
  * execute: use ASSERT_PTR where appropriate
  * execute: drop double empty line
  * execute: rework load_credential() not to take an ExecLoadCredential object we must synthesize
  * execute: debug log if a generated recursive cred name is too long
  * execute: passing NULL as second argument for recurse_dir() is equivalent to ""
  * execute: let recurse_dir() concate the cred name for us
  * execute: simplify 'load_creds_args' struct a bit
  * execute: drop 'seen_creds' set
  * execute: sort directory entries when loading credentials recursively
  * execute: correct comments
  * execute: share error path between reg file/dir credential loading
  * execute: restore ability to propagate creds from further up (i.e.  container manager and such)
  * execute: restore ability that SetCredential= can act as fallback for LoadCredential=
  * execute: add more debug logging
  * test: make sure that SetCredential=/LoadCredential fallback won#t regress
  * test: also test nspawn system→service inheritance of creds
  * Merge pull request #23157 from poettering/execute-refactor-fix
  * update TODO
  * docs: suggest to erase /var/lib/systemd/credential.secret when preparing golden images
  * loopback-setup: tweak message if loopback device is already set up
  * basic: move compress.[ch] → src/basic/
  * compress: make Compression a regular non-sparse enum
  * journal-verify: tighten check for compression of non-objects
  * Merge pull request #23161 from yuwata/nss-ipv6-disabled
  * NEWS: updates for 251-rc2
  * update TODO
  * hwdb: make sure "ninja update-hwdb" works on f35
  * hwbd: run "update-hwdb" for v251-rc2
  * hwdb: run "ninja update-hwdb-autosuspend" for v251-rc2
  * pid1: load 'qemu_fw_cfg' kmod super early, so that we can import credentials from it
  * pid1: import creds from sd-stub + qemu + kernel cmdline
  * pid1: search for creds in LoadCredential=/LoadCredentialEncrypted=
  * creds-tool: properly search for both encrypted + unencrypted creds
  * man: document the new credentials features
  * doc: add new markdown docs for credentials
  * test: test new credential features
  * update TODO
  * Merge pull request #23217 from keszybz/oomd-docs
  * Merge pull request #23203 from yuwata/login-runtime
  * Merge pull request #23170 from poettering/creds-copy
  * update TODO
  * man: correct a major missed opportunity
  * docs: typo fix
  * creds: trivial coding style fixes
  * man: document that systemd-fstab-generator actually cares about roothash=/usrhash= on the kernel cmdline
  * Merge pull request #23135 from DaanDeMeyer/journal-move
  * units: remove spurious empty line
  * update NEWS for 251-rc2
  * stat-util: fix dir_is_empty() with hidden/backup files
  * stat-util: drop dir_is_populated() which is apparently not used
  * Merge pull request #23261 from poettering/dir-is-empty
  * update TODO
  * update TODO
  * socket-util: don't reference field by macro parameter name
  * tests: avoid (struct sockaddr*) casts
  * test: JSON_BUILD_REAL nowadays expects 'double', not 'long double'
  * efi: include UEFI monotonic boot counter in random seed
  * update TODO
  * socket-util: change sockaddr_un_set_path() to return recognizable error on 108ch limit
  * fileio: propagate original error if we notice AF_UNIX connect() is not going to work
  * fileio: fix error propagation
  * update TODO
  * socket-util: add new connect_unix_path() helper
  * fileio: port read_file_full() to use connect_unix_path()
  * tree-wide: port various users over to connect_unix_path()
  * docs: move some stuff into "Networking" section
  * update TODO
  * sd-id128: don't allow chars > f in valid id128 values
  * tree-wide: add global ascii_isdigit() + ascii_isalpha()
  * Merge pull request #23906 from poettering/isdigitisalpha
  * Merge pull request #23855 from keszybz/drop-list-is-empty
  * docs: normalize uppercasing of titles of network doc
  * json: actually use numeric C locale we just allocated
  * update TODO
  * man: "enabled commands are started at boot" is rubbish
  * namespace: fix propagated error number
  * tmpfiles: correct error variable to use
  * update TODO
  * path-util: NULL strings are definitely not valid paths
  * tmpfiles: port from dirname/basename to path_extract_directory/filename()
  * tmpfiles: shorten code a bit
  * smack: catch more types of 'not supported' errors
  * mkdir-label: don't use mkdirat_errno_wrapper() without reason
  * Merge pull request #23946 from poettering/tmpfiles-extrat-dir-fn
  * tmpfiles: take error code from "errno" earlier
  * mac: rework labelling code to be simpler, and less racy
  * update TODO
  * tree-wide: trivial tweaks
  * update TODO
  * man: explain why pam_systemd_home wants to be in all four stacks
  * stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
  * tmpfiles: check the directory we were supposed to create, not its parent
  * update TODO
  * growfs: insist we open a directory when opening fs mount point
  * growfs: ensure that we operate on a block device before issuing a block ioctl
  * growfs: don't reopen fds unnecessarily
  * update TODO
  * update TODO
  * update TODO
  * import-ceds: use the right error variables at four places
  * update TODO
  * sysctl: also process sysctl requests via the "sysctl.extra" credential
  * man: drop misplaced ','
  * Merge pull request #24015 from poettering/growfs-fd-tweaks
  * Merge pull request #24008 from poettering/tmpfiles-is-dir-fix
  * base-filesystem: pick more conservative access mode for /root/
  * man: explain why various resource limits don't make sense and should not be used.
  * update TODO
  * update TODO
  * update TODO
  * pid1: import creds from SMBIOS too, not just qemu's fw_cfg
  * update TODO
  * Merge pull request #24005 from poettering/smbios-creds
  * pid1: add mechanism for conditionalizing units/network/netdev/link based on credentials passed in
  * update TODO
  * fuzz: add ConditionCredential= to fuzz files, and sort their sections
  * man: fix copy/paste typo
  * update TODO
  * tmpfiles: optionally, decode string to write to files with base64
  * tmpfiles: minor shortening of code
  * Merge pull request #24010 from poettering/tmpfiles-base64-data
  * cgroups-agent: connect stdin/stdout/stderr to /dev/null
  * Merge pull request #24011 from poettering/condition-cred
  * import: fix format strings
  * sysusers: allow defining additional sysusers lines via credentials
  * update TODO
  * core: cache unit file selinux label, and make decisions based on that
  * selinux: include precise low-level error string in returned D-Bus errors
  * tmpfiles: accept additional tmpfiles lines via credential
  * tmpfiles: add ^ line modifier for loading file contents from specific credential
  * man: split out "Type Modifiers" section from "Types" section in tmpfiles.d docs
  * tmpfiles: automatically provision /etc/issue.d/ + /etc/motd.d/ + /etc/hosts from credentials
  * Merge pull request #23963 from matoro/main
  * Merge pull request #23986 from poettering/cache-selinux-unit-labels
  * TODO/NEWS: write down that we intend to remove cgroupsv1 support by EOY 2023
  * Merge pull request #23991 from yuwata/udev-reload
  * systemctl: fix type used for array sizes to size_t
  * TODO: add new 'deprecations and removals' section
  * update TODO
  * update TODO
  * update TODO
  * localed: don't fail if we cannot copy an xattr
  * Merge pull request #23702 from igo95862/fix-object-manager-interface-in-wrong-places
  * update TODO
  * efi: update measure.h comments a bit
  * boot: introduce common shortcut exit path in pack_cpio()
  * stub: override StubInfo EFI variable unconditionally, since *we* own it
  * update TODO
  * update TODO
  * efi: optionally report when measuring to TPM whether we actually did
  * efi: tell userspace where the stub measured the kernel command line/credentials into
  * efi: from the stub measure the ELF kernel + built-in initrd and so on into PCR 11
  * stub: measure PE sections in a defined order, and include all sections
  * sd-stub: measure sysext images picked up by sd-stub into PCR 13
  * boot: split out TPM PCR defines into header file we can share between userspace and kernel space
  * boot: move unified kernel PE section definitions into 'fundamental' code
  * stub: introduce StubFeatures, similar to LoaderFeatures
  * stub: clean up kernel command line when converting to ASCII
  * bootctl: show stub feature set in status output
  * boot: add three new boot loader feature flags
  * boot: add hexdump helper call
  * bootctl: underline sections in status output
  * bootctl: prettify tree output of discovered boot loaders a bit
  * bootctl: suppress "Boot Loaders Listed in EFI Variables" section header if section empty
  * measure: add new tool to precalculate PCR values for a kernel image
  * test: add trivial test for systemd-measure
  * update TODO
  * update TODO
  * mountpoint-util: make fd_is_mountpoint() work reasonably with AT_EMPTYPATH
  * update TODO
  * repart: when keeping ref to backing inode/devnode, use fd_reopen() rathern than F_DUPFD
  * systemctl: clarify that "status" is about the most recent invocation of a service
  * man: fix docbook
  * Merge pull request #24189 from medhefgo/boot-secure
  * macro: add macro for checking if integer is power of 2
  * macro: use ISPOWEROF2() at various places
  * man,journalctl: introduce man/--help sections
  * update TODO
  * Merge pull request #24044 from dtardon/default-device-timeout
  * Merge pull request #24220 from yuwata/on-ac-power
  * Merge pull request #23511 from diabonas/tpm2-pin-systemd-gpt-auto-generator
  * Merge pull request #23848 from yuwata/core-device-systemd-wants
  * Merge pull request #24273 from lnussel/refactor_sysuser_creds
  * update TODO
  * cryptenroll: fix memory leak
  * tpm2-util: lower indentation level a tiny bit
  * tpm2-util: rename tpmKey → primary
  * tpm2-util: reduce unnecessary indentation
  * Merge pull request #24263 from pothos/sysext-for-static-binaries
  * tpm2: typo fix selecion → selection
  * creds-tool: don't declare variable in switch body
  * cryptenroll: drop unnecessary {}
  * shutdown: trivial modernizations
  * tpm-util: use trial session where appropriate
  * tpm2-util: credit TPM2 RNG entropy only once per boot
  * fs-util: make touch() an inline function
  * random-util: drop unnecessary header file
  * tpm2-util: more structure initialization simplifications
  * sha256: change digest buffer type to uint8_t[]
  * random-seed: use SHA256_DIGEST_SIZE
  * sha256: add sha256_direct()/SHA256_DIRECT() helpers
  * cryptsetup: use right internal helper when checking whether to use tokens
  * cryptsetup: make sure all token-based codepaths are effected by SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE env var
  * TEST-70-TPM2: actually enable systemd-measure test
  * Merge pull request #23653 from aafeijoo-suse/ask-for-recovery-key
  * tree-wide: pass proper values (not bools) to sd_event_source_set_enabled()
  * tpm2-util: split out helpers which format a PCR mask as a JSON array
  * tpm2-util: also add helper for parsing PCR arrays
  * Merge pull request #24362 from poettering/sha256-tweaks
  * TEST-70-TPM2: use "truncate" to generate disk image
  * tpm2-util: add TPM2_PCR_MASK_VALID() helper
  * tpm2-util: expose more hash algorithms
  * tpm2-util: introduce tpm2_parse_pcr_argument() helper
  * Merge pull request #24368 from poettering/tpm2-json-pcr-array-rework
  * measure: add json output
  * measure: store bank name in PcrState structure
  * chase-symlinks: honour CHASE_NOFOLLOW flag properly in some cases
  * chase-symlinks: fix shortcut condition
  * chase-symlinks: add chase_symlinks_and_access() helper
  * bootctl: port some more code over to chase_symlinks() from prefix_roota()
  * hwdb-test: don't rely on --root= quirk
  * conf-files: port conf_files_list() over to chase_symlinks() from prefix_roota()
  * Merge pull request #24392 from poettering/chase-symlinks-more-stuff
  * tree-wide: use path_join() instead of prefix_roota() in various cases
  * measure: add --current switch for "systemd-measure calculate"
  * chase-symlinks: refuse more chase_symlink() flags in the open/stat flavours
  * docs: remove documentation about cgroupsv1 settings
  * pid1: generate warnings if old obsolete cgroupsv1 settings are used
  * tree-wide: port things dirname_malloc() → path_extract_directory()
  * path-util: drop the now unused dirname_malloc()
  * docs: suggests people use path_extract_filename() + path_extract_directory()
  * bless-boot: remove a bunch of 'else'
  * mkdir: don't allow us to get confused by symlinks in mkdir_p_root()'s chowning logic
  * lgtm: dirname() is now icky
  * update TODO
  * measure: fix minor memory leak
  * Merge pull request #24071 from bluca/path_trigger_report
  * Merge pull request #24420 from keszybz/mouse-power
  * Merge pull request #24072 from poettering/remove-cgroupsv1-docs
  * selinux-util: modernizations
  * selinux-util: add safety size check before doing strdupa()
  * time-util: fix overflow condition in usec_sub_signed()
  * Merge pull request #24429 from poettering/selinux-code-improv
  * Merge pull request #24242 from msekletar/terminate-idle-sessions
  * Merge pull request #24408 from keszybz/execstart-escape
  * journal: rename special journal field _SYSTEM_CONTEXT= → _RUNTIME_SCOPE=
  * condition: check for last not first ')' in firmware test expressions
  * test: don't accept failure as succes
  * tmpfiles: in C lines, make missing source graceful error
  * tmpfiles: move validation/normalization of path before we use it
  * Merge pull request #24457 from poettering/smbios-condition-fix
  * cpio: split out cpio TPM measurement logic from pack_cpio()
  * cpio: don't claim we measured anything if we weren't even asked
  * Merge pull request #24460 from poettering/stub-measure-fix
  * Merge pull request #24459 from poettering/tmpfiles-graceful-copy
  * docs: use Title Case for section titles
  * loop: make 'Failed to configure loopback device' log message clearer
  * loopback: use ERRNO_IS_PRIVILEGE() where appropriate
  * strv: modernize strv_fnmatch() a bit
  * homed: don't use stat() data from an unrelated inode
  * hashmap: add comment explaining that set_fnmatch() handles fnmatch() errors as non-matches
  * path-util: return error if fnmatch() fails
  * condition: properly handle fnmatch() errors in ConditionHost
  * test: don't mistake error for success
  * update TODO
  * shutdown: rebreak all comments to coding style
  * umount: use structured initialization
  * umount: minor modernizations
  * umount: unmount profcs/sysfs/.. lazily
  * shutdown: rework log_umount_blockers() a bit
  * update TODO
  * loop-util: move resize partition ioctl call to blockdev-util.[ch]
  * loop-util: use DEVNUM_FORMAT_STR more
  * loop: convert impossibe EBADF cases into asserts
  * loop-util: when clearing a loopback device delete partitions first, and take BSD lock
  * dissect: don't remove partitions explicitly on umount anymore
  * dissect: drop partition removal code
  * loop-util: rework how we lock loopback block devices
  * loop-util: drop code to attach empty file
  * loop-util: close lock fd before trying LOOP_CLR_FD in failure path
  * loop-util: lock the control device around clearing the loopback device and deleting it
  * loop-util: make clearer how LoopDevice objects that do not encapsulate an actual loopback device are set up
  * condition: split out order operator enum
  * compare: move test_order() → compare-operator.[ch]
  * comapre: add generic implementation for comapring with verscmp+fnmatch
  * compare: drop use of FNM_EXTMATCH for now
  * compare: add a proper flags field for parse_compare_operator()
  * compare: add flag for parse_compare_operator() to do equality/inequality comparison via simple string compares
  * condition: allow fnmatch compares for ConditionOSRelease=
  * compare: rework table in parse_compare_operator() to be array of structs
  * compare: add two new operators "==" and "<>"
  * compare: support textual operators, and port analyze over to it
  * compare: propagate errors of fnmatch() as errors
  * compare: add macro for operator charset
  * condition: allow fnmatch() matches in ConditionKernelVersion=
  * condition: allow literal string compares in SMBIOS condition
  * condition: change ConditionKernelVersion= so that =/!= mean literal string comparison, and ==/<> version comparison
  * condition: change operator logic to use $= instead of =$ for glob comparisons
  * mention ConditionKernelVersion= compat break in NEWS
  * Merge pull request #24491 from poettering/compare-order
  * bootspec: simplify paths + insist they are normalized
  * bootspec: let's actually use the result of strstrip() for further parsing
  * bootspec: port type1 parser to log_syntax()
  * bootspec: complain about loader.conf lines without parameter
  * bootspec: rename "id" function parameters to "fname"
  * bootspec: properly parse tries done/tries left from bootspec file names
  * bootspec: clarify we knowingly ignore all errors but ENOMEM
  * update TODO
  * find-esp: call the right function
  * log: don't attempt to duplicate closed fd
  * Merge pull request #24541 from poettering/bootspec-tweaks
  * homed: don't wait indefinitely for workers on exit
  * units: prolong the stop timeout for homed
  * Merge pull request #24404 from thatguystone/socket-jobs
  * parse-util: make safe_atou16_full() just a wrapper around safe_atou_full()
  * parse-util: make safe_atou8() just a wrapper around safe_atou8_full()
  * Merge pull request #24425 from poettering/shutdown-lazily
  * README: clarify baseline situation a bit (add emojis!)
  * docs: Some CODING_STYLE additions
  * README: use right emoji UTF-8 sequences for stop/warning sign
  * Merge pull request #24592 from poettering/coding-style-more2
  * README: drop some spurious empty lines, we otherwise don't place after section titles
  * README: make section title less confusing
  * README: we don't use crypto API in kernel anymore
  * uid-range: error code tweak for uid_range_load_userns()
  * Merge pull request #24434 from medhefgo/boot-fixes
  * Merge pull request #24572 from DaanDeMeyer/repart-verity
  * update TODO
  * bootspec: use chase_symlinks() where appropriate
  * bootspec: don't follow symlinks when opening type1/type2 files
  * bootctl: don't start "bootctl list" output with a title line
  * CODING_STYLE: fix header level
  * tpm2-util: pick up 4 more symbols of tpm2-tss
  * tpm2-util: allow external code to create tpm2 contexts
  * openssl-util: add helper for calculating fingerprint of a DER public key
  * measure: add 'sign' verb
  * tpm2-util: extend TPM2 policies to optionally check PCR values against signed values
  * creds-util: hook up new signed PCR policies
  * creds-tool: expose new signed PCR policies in creds tool, too
  * cryptenroll: hook up new TPM2 signed policies with cryptenroll
  * repart: hook up new TPM2 signed policies with repart
  * cryptsetup: hook up signed PCR policies
  * tpm2-util: add common parser for the LUKS2 TPM2 JSON structure
  * tpm2-util: add helper for formatting PCR masks as string
  * cryptsetup: hook up TPM2 token code with policies based on PCR signatures, too
  * TEST-70-TPM2: add test for new signed TPM2 PCR policies
  * Merge pull request #24600 from poettering/bootspec-chase-symlinks
  * measure: print a helpful message if TPM2 PCR sysfs attributes are missing
  * cpio: add helper for packing cpios of literally specified data blobs
  * stub: add new special PE sections ".pcrsig" and ".pcrpkey" in unified kernels
  * stub: pass .pcrsig and .pcrpkey PE sections as cpio into invoked kernel
  * tmpfiles: copy PCR sig/pkey from initrd /.extra/ into /run/
  * man: document the new .pcrsig/.pcrpkey sections for unified kernel images
  * man: be more careful regarding TPM vs. TPM2
  * man: say early what a unified kernel image/UKI is
  * update TODO
  * Merge pull request #24458 from poettering/stub-embedd-sig
  * tpm2-util: avoid trial
  * update TODO
  * update TODO
  * update TODO
  * tmpfiles: drop redundant forward declarations
  * tmpfiles: let's suffix path to dirs with '/' also in log messages
  * update TODO
  * nspawn: fix two error strings
  * Merge pull request #24622 from yuwata/udev-open-with-noctty
  * measure: rename measure_pcr() to measure_kernel()
  * tpm2-util: make tpm2_pcr_bank_from_string() case-insensitive
  * test-blockdev-util: check if r is actually a failure before ERRNO_IS_PRIVILEGE
  * blockdev-util: make sure get_block_device_fd() works reliably for O_PATH, too
  * chase-symlinks: don't insist on absolute paths if CHASE_PREFIX_ROOT is set
  * stat-util: add statx_inode_same() helper to check if two statx structs refer to same inode
  * stat-util: add statx_mount_same() to check if two stax refer to the same mount
  * find-esp: rework verify_fsroot_dir() around statx()
  * find-esp: when searching, don't trip over inodes we expect to be dirs to be something else, just continue searching
  * recurse-dir: use fd_reopen() at one more place
  * stub: typo fix in comment
  * measure: separate out PE section options in --help text
  * boot-loader-spec: add comment about case sensitivity of file names
  * boot-loader-spec: fix typo
  * boot-loader-spec: undo redefinition of $BOOT
  * Merge pull request #24521 from poettering/boot-loader-spec-dollar-boot-fix
  * stub: fix conditionalization of initrd assembly
  * Merge pull request #24753 from DaanDeMeyer/repart-squashfs
  * Merge pull request #24709 from keszybz/partition-table-constants
  * Merge pull request #24768 from keszybz/table-not-available-2
  * Revert "systemd-run: refuse --working-directory option with --scope"
  * run: make --working-directory= work for --scope too
  * tpm2-util: pick up Esys_PCR_Extend() symbol too
  * tpm2-util: split out code that checks if bank has 24 pcrs into helper function of its own
  * tpm2-util: add helper for determining enabled/used PCR banks
  * boot: add new pcrphase tool to measure barrier strings into PCR 11
  * units: add pcrphase units
  * measure: allow pre-calculating PCR values for multiple boot phases
  * measure: make --public-key= optional if "sign" is called
  * measure: clarify we actually try to calculate for all four banks by default
  * update TODO
  * tmpfiles: rebreak some comments
  * tmpfiles: generalize CreationMode and pass it everywhere
  * tmpfiles: allow prefixing uid/gid/mode with ":" to only apply on creation
  * fs-util: replace symlink_atomic() by symlinkat_atomic()
  * fs-util: make mkfifo_atomic() just a shortcut for mkfifoat_atomic()
  * fs-util: add mknodat_atomic()
  * tmpfiles: whenever creating an inode, immediately O_PATH open it to pin it
  * tmpfiles: move symlink creation into its own function, and modernize
  * tmpfiles: rework empty_directory() to also use chase_symlinks()
  * tmpfiles: add lines for provisioning ssh keys for root by default
  * man: document new : modified for uid/gid/access mode in tmpfiles.d
  * test: add test case for new ':' uid/gid/access modifier in tmpfiles.d
  * man: add man page decribing well known system credentials
  * update TODO
  * update TODO
  * Merge pull request #24686 from d4nuu8/delta_output
  * tree-wide: use the term "initrd" at most places we so far used "initramfs"
  * tree-wide: also settle on "initrd" instead of "initial RAM disk"
  * Merge pull request #24794 from DaanDeMeyer/repart-follow-ups
  * Merge pull request #24796 from yuwata/doc-update
  * Merge pull request #24628 from medhefgo/boot-sections
  * Merge pull request #24700 from poettering/ssh-creds
  * TODO
  * update TODO
  * Merge pull request #24808 from medhefgo/fuzz
  * Merge pull request #24757 from yuwata/sd-device-get-child-first
  * man: document that setting Storage= in namespaces journald menas LogDirectory= in unit file needs setting too
  * Merge pull request #24805 from yuwata/sd-network
  * resolved: fix parameter reuse in DNS_ANSWER_FOREACH_ITEM() iterator macro
  * resolved: return regular varlink invalid parameter error if more is not specified on monitor call
  * resolved: don't access sshfp fields from tlsa printer
  * resolvectl: add line breaks for readability
  * resolved: paranoia: restrict socket mode as much as we can
  * man: document the Dump() calls of the PID 1 D-Bus interface, and what they are
  * manager: make clear internal Dump() logic is debugging only.
  * glyph-util: add left arrow special glyph entry
  * json: add dispatchers for 16bit integers
  * json: add helper for json builder for octescape/base32hex
  * json: explicitly support offsets relative to NULL when dispatching
  * sd-event: if signal nr has high bit set sd_event_add_signal() auto-block it via sigprocmask()
  * sd-event: add helper for exiting event loop on SIGTERM/SIGINT
  * resolved: rename 'notification' → 'monitor'
  * resolved: don't make monitoring optional
  * resolved: split out main server listening code from manager_varlink_init()
  * resolved: split out helper for allocating DnsResourceRecord object from raw data
  * resolved: add generic formatters for RRs into JSON
  * resolved: add dns_question_merge() helper
  * resolved: beef up monitor protocol, include full query info
  * resolvectl: add new "monitor" verb
  * test: rework resolved monitoring test
  * update TODO
  * update TODO
  * Merge pull request #24913 from keszybz/hwdb-252-2
  * Merge pull request #24900 from yuwata/network-ndisc-drop-outdated
  * update NEWS for v250-rc1
  * NEWS: make clear we talk about *system* credentials here
  * tree-wide: add ERRNO_IS_XATTR_ABSENT() helper
  * update TODO
  * sd-journal: exit loop once we got all fields we are interested in
  * logs-show: be more careful when initializing get_dual_timestamp() return parameters
  * Merge pull request #24970 from DaanDeMeyer/crypsetup-fix
  * update TODO with discussions from Image-based Linux summit
  * NEWS: expand on systemd-measure a bit
  * update NEWS
  * update TODO
  * update TODO
  * install: make InstallChange enum type a proper type
  * install: include full type name in special UnitFilePresetMode values
  * update TODO
  * seccomp: drop per arch conditionalization in filter groups
  * tpm2-util: fix parameter name
  * cryptsetup: use errno-flavoured logging where we have an errno
  * man: mention that pcrphase also measures into PCR 11
  * gpt-auto-generator: use our usual ret_xyz parameter naming
  * generator: modernize generator_open_unit_file()
  * gpt-auto: rename all functions that operate on a DissectedPartition object add_partition_xyz()
  * update TODO
  * pcrphase: add two additional phases
  * pcrphase: fix --help text
  * cryptsetup: drop redundant parens/drop ternary op
  * man: add missing reference to systemd-pcrphase-sysinit.service
  * update TODO
  * man: document restrictions on naming interfaces
  * update TODO
  * update TODO
  * homed: properly initialize all return params
  * update TODO
  * analyze: add --image= + --root= to --help text
  * coredumpctl: add --root= + --image= to --help text
  * dissect: mention DDI moniker in --help text
  * man: also use DDIs in systemd-dissect man page
  * update TODO
  * update TODO
  * man: make clear NNP has no effect on processes invoked through systemd-run/at/crontab and such things
  * resolved: fix copypasta in resolved varlink API
  * measure: banks and phases list are always non-empty
  * measure: honour phases when signing
  * fd-util: make fd_in_set() (and thus close_all_fds()) handle invalidated fds in the array
  * fd-util: add new fd_cloexec_many() helper
  * process-util: add new FORK_CLOEXEC_OFF flag for disabling O_CLOEXEC on remaining fds
  * dissect: fix fsck
  * dissect: get rid of basename() use
  * Merge pull request #25266 from poettering/dissect-fsck-fix
  * update TODO
  * dissect: grey out trailing slash in --list output
  * dissect: remove unused variable
  * dissect: simplify flags for recurse_dir()
  * dissect: open pager in --list mode, output might be long
  * Merge pull request #25314 from poettering/dissect-list-tweaks
  * dissect: officially support initrd DDIs (to implement 2nd stage initrds)
  * dissect: add new --with command
  * man: document the new --with switch of systemd-dissect
  * test: extend TEST-50-DISSECT for systemd-dissect --list and --with
  * acpi-fpdt: use our usual ret_xyz naming scheme
  * acpi-fpdt: don't accidentally drop signedness of pread() return
  * acpi-fpdt: make sure length/type fields are available in acpi_fpdt_header
  * Merge pull request #25302 from poettering/dissect-with
  * Merge pull request #25321 from poettering/acpi-timing-fix
  * recurse-dir: optionally, call callback when entering/leaving toplevel dir, too
  * dissect: add a new "--mtree" switch for generating a BSD mtree(5) compatible file manifest
  * man: document new systemd-dissect --mtree switch
  * test: add trivial test for systemd-dissect --mtree
  * update TODO
  * json: add build helpers to insert id128 in uuid formatting into json object
  * dissect: also parse out the top-level GPT table uuid and expose this as image UUID
  * dissect: make image name bold
  * locale: honour new env var $SYSTEMD_UTF8=
  * test: add quick test for ensuring image UUID is deterministic based on the seed passed to repart
  * update TODO
  * format-table: add an explicit "vertical" mode
  * resolvectl: fail properly if we can't append to table
  * Merge pull request #25261 from poettering/dissec-uuid
  * resolvectl: port to new 'vertical' table type
  * timedatectl: port to new 'vertical' table type
  * repart: fix build
  * format-table: introduce TABLE_HEADER cell type
  * format-table: teach table_add_cell_stringf_full() to generate TABLE_FIELD/TABLE_HEADER cells, too
  * strv: move nulstr utilities to nulstr-util.[ch]
  * nulstr-util: modernize strv_from_nulstr() a bit
  * nulstr-util: rebreak comments
  * nulstr-util: use _cleanup_strv_free_() where appropriate
  * nulstr-util: use memdup_suffix0() where appropriate
  * nulstr-util: don't use 'r' for anything but integer return values
  * nulstr-util: fix corner cases of strv_make_nulstr()
  * tests: add tests for various corner cases of nulstr
  * chase-symlinks: add new flag for prohibiting any following of symlinks
  * bootctl,bootspec: make use of CHASE_PROHIBIT_SYMLINKS whenever we access the ESP/XBOOTLDR
  * tpm2-util: force default TCTI to be "device" with parameter "/dev/tpmrm0"
  * tpm2: add some extra validation of device string before using it
  * localectl,analyze: some minor vertical table rework fixes
  * Merge pull request #25393 from poettering/tpm2-override
  * Merge pull request #24855 from kraxel/qemu
  * Merge pull request #25310 from jlinton/fpdt_dev_mem_alt
  * Merge pull request #25399 from DaanDeMeyer/siginfo-crash
  * pcrphase: add $SYSTEMD_PCRPHASE_STUB_VERIFY env var for overriding stub check
  * signal-util: add common implementation for propagating a signal
  * Merge pull request #25333 from yuwata/find-esp-part-entry-scheme
  * Merge pull request #25410 from DaanDeMeyer/mkfs-xfs-fixes
  * update TODO
  * resolved: use right conditionalization when setting unicast ifindex on UDP sockets
  * resolved: when configuring 127.0.0.1 as per-interface DNS server, contact it via "lo" always
  * bootctl: rework how we handle referenced but absent EFI boot entries
  * Merge pull request #25409 from medhefgo/boot-fixes
  * update TODO
  * dlfcn-util: add static asserts ensuring our sym_xyz() func ptrs match the types from the official headers
  * mkosi: pull in libbpf1 instead of legacy libbpf0 on debian
  * tree-wide: make constant ratelimit compound actually const
  * udev: make sure auto-root logic also works in UKIs booted from XBOOTLDR
  * tree-wide: modernizations with RET_NERRNO()
  * sd-bus: handle -EINTR return from bus_poll()
  * stdio-bridge: don't be bothered with EINTR
  * varlink: also handle EINTR gracefully when waiting for EIO via ppoll()
  * sd-netlink: handle EINTR from poll() gracefully, as success
  * resolved: handle -EINTR returned from fd_wait_for_event() better
  * homed: handle EINTR gracefully when waiting for device node
  * utmp-wtmp: fix error in case isatty() fails
  * utmp-wtmp: handle EINTR gracefully when waiting to write to tty
  * io-util: document EINTR situation a bit
  * sd-event: reenable epoll_pwait2()
  * Merge pull request #25486 from keszybz/kernel-install-header
  * resolved: remove inappropriate assert()
  * update TODO
  * resolved: in dns stub always report "lo" as interface for "localhost"
  * resolved: don't filter _gateway/_outbound twice
  * resolved: introduce the _localdnsstub and _localdnsproxy special hostnames for 127.0.0.54 + 127.0.0.53
  * resolved: introduce common macro for 127.0.0.2 IP address
  * dissect: don't pre-open swap devices, we are not going to use them
  * fdisk: introduce common fdisk_new_context_fd() helper
  * update TODO
  * fdisk-util: add fdisk_partition_get_uuid_as_id128() helper
  * fdisk-util: add fdisk_partition_get_type_as_id128() helper
  * Merge pull request #25385 from drvink/main
  * fd-util: add new helper fd_reopen_conditional()
  * btrfs-util: convert to fd_reopen_condition()
  * blockdev-util: move O_PATH fd conversion into btrfs_get_block_device_fd() to shorten things
  * btrfs-util: convert O_PATH if necessary, in btrfs quota call
  * blkid: add helpers that get gpt partition uuid as sd_id128_t
  * Merge pull request #25558 from poettering/fdisk-id128
  * units: change Requires=systemd-networkd.service → BindsTo= one more time
  * update TODO
  * dissect-image: don't probe swap partitions needlessly
  * dissect-image: merge handlers for 4 different partition designators into one
  * update TODO
  * dissect: rework DISSECT_IMAGE_ADD_PARTITION_DEVICES + DISSECT_IMAGE_OPEN_PARTITION_DEVICES
  * Merge pull request #25554 from enr0n/follow-on-25509
  * tree-wide: use errno_or_else() more, instead of homegrown checks
  * blkid-util: define enum for blkid_do_safeprobe() return values
  * update TODO
  * Merge pull request #25593 from poettering/blkid-safeprobe-enum
  * test-loop-block: tighten tests a bit - check fstype, too
  * test-loop-block: also test dissection without ADD/PIN of partition block devices
  * test-loop-block: let's explicitly flush buffer cache on whole block device
  * dissect-image: probe file system via main block device fd/image file fd
  * Revert "basic: add fallback in chase_symlinks_and_opendir() for cases when /proc is not mounted"
  * Merge pull request #25570 from yuwata/dissect-rootless-image
  * dissect: pick up gpt partition flags
  * glyph-util: add warning sign special glyph
  * chase-symlink: when converting directory O_PATH fd to real fd, don't bother with /proc/
  * systemctl: print a clear warning if people invoke systemctl without /proc/
  * dissect: add new helper verity_settings_data_covers()
  * Revert "update credentials when reloading a service"
  * dissect: show color in log output
  * gpt: add helpers for deriving data partition from verity or verity sig designator
  * Merge pull request #25648 from keszybz/exitrd
  * update TODO
  * selinux: accept the fact that getxyzcon() can return success and NULL
  * selinux-setup: minor modernizations
  * discover-image: add stringification helpers for ImageClass
  * discover-image: store image class in Image object too, if known
  * dissect: add simple --discover command
  * data-fd-util: add new memfd_clone_fd() helper
  * loop-util: add new loop_device_make_by_path_memory() helper
  * dissect: add a mode for operating on an in-memory copy of a DDI, instead of directly on it
  * man: add doc for new --in-memory switch of systemd-dissect
  * test: add simple test for new --in-memory switch for systemd-dissect
  * Merge pull request #25180 from keszybz/ukify
  * sha256: external headers should be included with <>
  * fundamental: split out unaligned_{read|write}_ne{16,32,64}() helpers into unaligned-fundamental.h
  * sha256: move to unaligned_write_ne32()
  * macro: add generic IS_ALIGNED32() anf friends
  * sha256: port to new generic IS_ALIGNED32() macro
  * Merge pull request #25665 from poettering/dissect-memory
  * Merge pull request #25667 from poettering/sha256-align-fix
  * Merge pull request #25662 from msizanoen1/s2h-nosuspend-user-proc
  * socket-util: add CMSG_TYPED_DATA() as type-safe wrapper around CMSG_DATA()
  * repart: support erofs
  * update TODO
  * update TODO
  * Merge pull request #25575 from brauner/nspawn.socket_surgery
  * efi: add efi_guid_equal() helper
  * efi: add common implementation for loop finding EFI configuration tables
  * Merge pull request #25350 from poettering/efi-guid-equal
  * json: add helper for adding variant to array suppressing duplicates
  * measure: add --append= switch for merging signatures
  * test: add integration test for systemd-measure --append=
  * update TODO
  * systemctl: simplify trim_edit_markers()
  * systemctl: minor modernizations/simplifications
  * systemctl: line break string where the newlines are
  * systemctl: stop using basename() at one more place
  * systemctl: if we edit a single file only, jump to the right line
  * systemctl: don't unlink non-existing temporary files
  * man: add two signature key example to systemd-measure
  * pcrphase: gracefully exit if TPM2 support is incomplete
  * Merge pull request #25487 from poettering/systemctl-edit-newline-fix
  * TODO
  * bootctl: let's start splitting up bootctl like we did for systemctl and others
  * bootctl: split out random seed verb, too
  * bootctl: also split out 'systemd-efi-options' verb
  * bootctl: split out "set-efivar" verbs, too
  * bootctl: split out "status" verb too
  * bootctl: split out "install" verb too
  * Merge pull request #25784 from poettering/bootctl-split
  * Merge pull request #25771 from bluca/pkcs11_dlopen
  * Merge pull request #25783 from keszybz/trivial-cleanups
  * Merge pull request #25789 from yuwata/EBADF
  * gpt-auto-generator: honour rootfstype= and rootflags= kernel cmdline option
  * string-util: rework empty_to_null() to not change "const" qualifier of input
  * creds: use empty_or_dash() where appropriate
  * dissect-image: let's lock down fstypes a bit
  * import-creds: don't try to import VM creds in a container
  * udev: also create partition /dev/disk/by-diskseq/ symlinks
  * dissect-image: simplify things by avoiding one string copy
  * dissect-image: optionally, reference dissected partition device nodes by diskseq
  * gpt-auto-generator: enable referencing partitions via diskseq symlinks
  * update TODO
  * Merge pull request #25777 from PeterCxy/enroll-fido2
  * homed: move away from basename()
  * tests: we don't actually use basename() anymore
  * core: move some basename() use → path_extract_filename()
  * dissect: remove one more use of basename()
  * journalctl: port COMM= matching to path_extract_filename()
  * mount-tool: port over basename() → path_extract_filename()
  * nspawn: port over basename() → path_extract_filename()
  * portable: port basename() → path_extract_filename()
  * repart/makefs: port over to path_extract_filename()
  * units: change modprobe@dm-mod.service → modprobe@dm_mod.service
  * units: pull in loop.ko and dm-mod.ko before repart
  * shared: port various shared helpers basename() → path_extract_filename()
  * sysv-generator: port basename() → path_extract_filename()
  * tmpfiles: port basename() → path_extract_filename()
  * format-table: add field type TABLE_PATH_BASENAME
  * analyze: basename() → path_extract_filename()
  * lock-file: various updates
  * core: tighten validation checks in SwitchRoot() dbus call
  * core: use chase_symlinks_and_access() where appropriate
  * systemctl: rework how we detect if init is systemd
  * docs: remove /dev/tty* confusion
  * Merge pull request #25849 from poettering/repart-loop
  * prioq: make prioq_reshuffle() void
  * Merge pull request #25850 from poettering/switch-root-tweaks-minor
  * core: rework operation_to_signal() to rename return parameter ret_xyz
  * fundamental: rework IN_SET() to require at least three arguments
  * resolved: downgrade inability to send varlink reply error message
  * efi: skip Read() calls with zero sizes
  * bootctl: fix errno logging
  * bootctl: rework random seed logic to use open_mkdir_at() and openat()
  * bootctl: properly sync fs before/after moving random seed file into place
  * bootctl: when updating EFI random seed file, hash old seed with new one
  * sha256: add helper than hashes a buffer *and* its size
  * random-seed: don't refresh EFI random seed from random-seed.c anymore
  * bootctl: downgrade graceful messages to LOG_NOTICE
  * units: rename/rework systemd-boot-system-token.service → systemd-boot-random-seed.service
  * bootctl: split out setting of system token into function of its own
  * resolvectl: fix type of ifindex D-Bus field, and make sure to initialize to zero in all code paths
  * resolved: add some line-breaks/comments
  * resolvectl: don't filter loopback DNS server from global DNS server list
  * Merge pull request #25802 from poettering/bootctl-reseed
  * update TODO
  * vconsole: permit configuration of vconsole settings via credentials
  * resolved: read DNS conf also from creds and kernel cmdline
  * update TODO
  * resolvectl: remove duplicate ':' from output
  * dns-domain: dns_name_is_empty() is redundant
  * units: condition systemd-networkd-wait-online.service like systemd-networkd.service
  * resolved: disable SO_BINDTOIFINDEX hack for localhost IP addresses
  * bootspec: show default/selected entry info in JSON output
  * sd-event: don't mistake USEC_INFINITY passed in for overflow
  * pid1: rework service_arm_timer() to optionally take a relative time value
  * gpt-auto-generator: improve log messages a bit
  * man: document explicitly that LogRateLimit= has no effect on StandardOutput=file:…
  * nspawn: guard acl_free() with a NULL check
  * Merge pull request #25918 from bluca/smbios_sd_notify
  * update TODO
  * update TODO
  * load-fragment: remove EmergencyAction compat we were supposed to remove back in v241
  * load-fragment: config_parse_emergency_action() doesn't ever get a Manager pointer passed in
  * man: improve docs about systemd-notify invocations and NotifyAccess= settings
  * Merge pull request #25979 from yuwata/coverity-fixes
  * man: make clearer that sd_bus_get_timeout() returns an absolute time-out
  * Merge pull request #25982 from mrc0mmand/curl-scheme
  * shutdown: propagate mount() failures from child to parent
  * Merge pull request #25980 from yuwata/udev-fail-to-rename-netif
  * shutdown: don't close pipe fds.
  * Merge pull request #26003 from keszybz/efi-ifdefs
  * manager: add one more assert()
  * pid1: add new Type=notify-reload service type
  * man: document Type=notify-reload
  * pid1: make sure we send our calling service manager RELOADING=1 when reloading
  * networkd: implement Type=notify-reload protocol
  * udevd: implement the full Type=notify-reload protocol
  * logind: implement Type=notify-reload protocol properly
  * notify: add --stopping + --reloading switches
  * test: add Type=notify-reload testcase
  * update TODO
  * Merge pull request #25916 from poettering/reload-notify
  * hexdecoct: modernize base64mem() variable naming a bit
  * tree-wide: fix return value handling of base64mem()
  * Merge pull request #26016 from poettering/base64mem-ret-fix
  * man: explain what kind of data is actually included in "systemd-analyze plot" output
  * update TODO
  * tree-wide: use CLEANUP_ERASE() at various places
  * memory-util: add CLEANUP_ERASE_PTR() macro and use it
  * busctl: simplify peeking the type
  * tpm2-util: split out code that derives "good" TPM2 banks into an strv from pcrphase and generalize it in tpm2-util.c
  * tpm2-util: split out code that extends a PCR from pcrphase
  * tpm2-util: optionally do HMAC in tpm2_extend_bytes() in case we process sensitive data
  * cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab options
  * man: document the new crypttab measurement options
  * gpt-auto-generator: automatically measure root/var volume keys into PCR 15
  * pcrphase: make tool more generic, reuse for measuring machine id/fs uuids
  * units: measure /etc/machine-id into PCR 15 during early boot
  * generator: teach generator_add_symlink() to instantiate specified unit
  * units: rework growfs units to be just a regular unit that is instantiated
  * generators: optionally, measure file systems at boot
  * tpm2: add common helper for checking if we are running on UKI with TPM measurements
  * man: document new machine-id/fs measurement options
  * test: add simple integration test for checking PCR extension works as it should
  * update TODO
  * Merge pull request #26005 from medhefgo/boot-hypervisor
  * Merge pull request #25006 from poettering/pcr15
  * doc: document how we expect empty lines to be used
  * blockdev-util: add simple wrapper around BLKSSZGET
  * loop-util: insist on setting the sector size correctly
  * dissect-image: add probe_sector_size() helper for detecting sector size of a GPT disk image
  * loop-util: always tell kernel explicitly about loopback sector size
  * dissect: show sector size in info output
  * homework: when creating/resizing GPT partitions, also set sector size explicitly
  * repart: auto-probe sector size when not specified
  * Merge pull request #26092 from poettering/dissect-sector-size
  * Merge pull request #26021 from fbuihuu/some-journald-improvements
  * Merge pull request #26082 from kraxel/uki
  * Merge pull request #25790 from joshua-zivkovic/JZ/plotjson-main
  * Merge pull request #25977 from YHNdnzj/PropagatesStopTo-fix-restart
  * string-util: add new strdupcspn()/strdupspn()
  * Merge pull request #26114 from bluca/sd_login_pidfd
  * time-util: use IN_SET() more
  * time-util: if a date is unrepresentable, honour style to generate XXX string
  * time-util: move buffer size check after handling of UNIX timestamp style
  * time-util: simplify formatting of UNIX timestamps
  * time-util: condition size check based on utc mode
  * time-util: add timestamp output style that shows dates only, no times
  * format-table: add cell type for showing date only timestamps
  * hostnamectl: show firmware date with date only, without time
  * bootctl: drop full stop at end of --help texts
  * bootctl: change section title for kernel image commands
  * bootctl: realign column in --help text
  * bootctl: split out boot loader spec + boot loader interface commands in --help text
  * bootctl: remove space that should not be there
  * Merge pull request #26126 from poettering/format-table-date
  * logs-show: use json_variant_unref_many() where appropriate
  * journalctl: don't convert between strv/Set for each log line
  * journal: modernize match_make_string()
  * journal: use compound initializors at one more place
  * Merge pull request #26131 from poettering/bootctl-help-text-fix
  * timesyncd: write structured log messages whenever we bump the clock based on disk timestamp
  * timesyncd: modernize load_clock_timestamp() a bit
  * timesyncd: make sure to update mtime of clock file on each boot
  * logs-show: move strlen() handling into update_json_data() so that we can use SD_ID128_TO_STRING()
  * string-util: add common implementation of function that converts sized character buffers to NUL terminated C strings
  * sd-journal: validate monotonic timestamp before returning it
  * logs-show: minor modernizations
  * logs-show: add a splash of colour to verbose output
  * Merge pull request #26137 from poettering/timesyncd-touch-file-tweaks
  * Merge pull request #26139 from yuwata/test-load-fragment-fix-memleak
  * Merge pull request #25168 from valentindavid/valentindavid/umount-move-recursive-list
  * build: add some coloring to --version output
  * Merge pull request #26176 from bluca/rc
  * tree-wide: unify how we pick OS pretty name to display
  * os-util: determine distro EOL in UTC, not local timezone
  * format-table: add new cell type TABLE_TIMESPAN_DAY
  * os-util: when determining support end, don't treat /etc/os-release file as error
  * os-util: accept SUPPORT_END= with empty string as explicit way to disable concept
  * os-util: optionally, return EOL time in os_release_support_ended()
  * hostnamed: expose support end timestamp as property on the bus
  * hostnamectl: show support and among output
  * update TODO
  * Revert "Resolves #26142 - Fix list of supported personalities"
  * man: extend Personality= docs a bit
  * path-util: rework file_in_same_dir() on top of path_extract_directory()
  * Merge pull request #26158 from poettering/hostnamed-end-of-support
  * Merge pull request #26152 from systemd/revert-26143-issue-26142
  * man: clarify that MESSAGE= should not appear more than once in the same journal entry
  * update TODO
  * journal-file: fix type of array counter
  * journal-file: cast file size to to fixed size type
  * dlfcn: add new safe_dclose() helper
  * journal-def: fix type of signature to match the actual field in the Header structure
  * journal: use compound initialization for journal file Header structure
  * Merge pull request #26197 from poettering/journal-file-size-t-fix
  * Merge pull request #26204 from poettering/journal-header-compoung-init
  * journal-file: make strict order optional
  * journal: add some line breaks/comments
  * journal: automatically pick up boot ID in journal_file_append_entry()
  * Merge pull request #26198 from poettering/journal-strict-mode
  * journald: minor modernizations in kmsg handling code
  * update TODO
  * journal-file: be a tiny bit more careful with generating seqnums
  * journal: prefix all functions with "server_" that operate on Server objects
  * journal: use TAKE_PTR() at one more place
  * journald: don't check for -EREMCHG on open, given that open doesn't generate it
  * Merge pull request #26228 from DaanDeMeyer/resolve-cap
  * tmpfiles: automatically create /etc/credstore/ and friends
  * Merge pull request #26245 from ldv-alt/tmpfiles-fixes
  * Merge pull request #26249 from DaanDeMeyer/nspawn-uid-fix
  * journal-file: refuse writing to journal files where the header size is different then expected
  * journal: generate a clean message when we try to write to a journal file from a different host
  * journald: some minor modernizations
  * id128: introduce ERRNO_IS_MACHINE_ID_UNSET() helper macro
  * test-journal-flush: minor modernizations
  * NEWS: various fixes
  * update NEWS
  * update TODO
  * journal: print a useful error message if we hit the journal file open limit
  * update TODO
  * logs-show: rename "ts" paramater/variable to "display_ts"
  * journal: minor modernizations
  * sd-journal: add high-level API for querying seqnum for journal entries, along with seqnum id
  * logs-show: show seqnum info in export+json output mode
  * journald: maintain entry seqnum counter in mmap()ed file in /run/
  * man: document the new sd_journal_get_seqnum() call
  * man: document __SEQNUM=/__SEQNUM_ID= journal pseudo fields
  * test: add basic seqnum test
  * journal: modernize sd_journal_get_realtime_usec() a bit
  * process-util: add missing error check
  * core: when isolating to a unit, also keep units running that are triggered by units we keep running
  * dissect-image: unknown/unsupported diskseq is indicated by 0, not by UINT64_MAX
  * pid1: generate compat warning for SystemCallArchitectures= if seccomp is off
  * execute: drop spurious empty line
  * update TODO
  * log: add common helper log_set_target_and_open()
  * Merge pull request #26452 from yuwata/journalctl-main-func
  * Merge pull request #26453 from yuwata/activate-main
  * pid1: add a new D-Bus method for enquing POSIX signals with values to unit processes
  * systemctl: add --kill-value= argument to systemctl
  * man: document new --kill-value= switch to systemctl
  * strv: add strv_copy_n() helper for copying part of a n strv
  * notify: add new --exec switch for chaining other commands to systemd-notify
  * man: document new --exec switch for systemd-notify
  * test: add test for new "systemctl --kill-value=" functionality
  * macro: add macro for determining size of struct with trailing union
  * sd-event: allocate event source objects with the actually needed size
  * Merge pull request #26450 from yuwata/fd-is-opath
  * Merge pull request #26343 from DaanDeMeyer/bus-debug
  * socket-util: make connect_unix_path() work with a NULL path
  * Merge pull request #26447 from poettering/sigqueue
  * Merge pull request #26438 from poettering/event-source-shorten
  * sync-util: port fsync_directory_of_file() to fd_is_opath()
  * process-util: add helper get_process_threads()
  * hashmap: expose helper for releasing memory pools independently of valgrind
  * mempool: use size_t for all memory object sizes and counts
  * mempool: rename local variable to match current coding style
  * mempool: introduce new helper pool_ptr()
  * mempool: make mempool_free_tile() return NULL
  * mempool: rework mempool_cleanup() to only release freed tiles
  * tests: add test for mempool logic
  * Merge pull request #26443 from poettering/mempool-fixes
  * util: move mallinfo compat glue from selinux code into generic code
  * shared: move psi-util.[ch] to basic/ so that we can use it in sd-event
  * Merge pull request #26479 from yuwata/exec-util-misc
  * cap-list: rename capability_set_to_string_alloc() → capability_set_to_string()
  * cap-list: modernize capability_set_from_string() a bit
  * cap-list: refuse parsing numeric capability 63
  * cap-list: add CAPABILITY_TO_STRING() macro using compound initialization to allocate fallback buffer
  * cap-list: rework capability_set_to_string()
  * cap-list: make sure never to accidentally return more than 63 caps
  * capability-util: add CAP_MASK_ALL + CAP_MASK_UNSET macros
  * capability-util: add macro for largest cap we're willing to accept
  * capability-util: use UINT32_MAX as shortcut where appropriatea
  * Merge pull request #26508 from poettering/cap-fixes
  * update TODO
  * journal-file: don't update boot_id in journal header on open
  * journal-file: write machine ID when create the file, not when we open it for writing
  * journal-file: lazily fill in machine ID into journal header, if needed
  * journal-file: allow opening journal files for write when machine ID is not initialized
  * journal-file: drop checking if files are from the future at time of open
  * docs: document the new HEADER_COMPATIBLE_TAIL_ENTRY_BOOT_ID flag
  * homectl: add missing break
  * Merge pull request #26265 from poettering/journal-refresh-fixes
  * bootctl: add new --print-root-device option
  * journal: move journal_file_compare_locations() from journal-file.c → sd-journal.c
  * pam-systemd: split up weight helper funcs
  * sd-event: add high-level sd_event_add_memory_pressure() event source
  * test: add test for new memory pressure logic
  * man: document the new sd_event_add_memory_pressure() API
  * Merge pull request #26448 from poettering/sd-event-mempress
  * systemctl: right-align left/passed columns in list-timers
  * systemctl: suppress timeout display if unset in list-automounts
  * systemctl: read 64bit integers into uint64_t
  * Merge pull request #26540 from poettering/systemctl-list-tweaks
  * cap-list: add capability_set_to_strv()
  * cap-list: add capability_set_to_string_negative()
  * capability-util: add new capability_get_ambient() helper
  * tree-wide: use unlink_and_freep() moreover
  * execute: modernizations
  * memory-util: add a concept for gcc cleanup attribute based array destruction
  * tree-wide: port various things over to CLEANUP_ARRAY()
  * io-util: introduce iovec_array_free()
  * Merge pull request #26559 from yuwata/sd-event-memory-pressure-follow-ups
  * Merge pull request #26458 from yuwata/core-network-namespace-remount-sysfs
  * execute: pass ambient caps from PAM through to invoked service
  * man: link up sd_event_add_memory_pressure() more
  * shared: move cg_set_access() declaration to right header file
  * manager: be more careful with env var clean-up
  * man: document REMOTE_ADDR/REMOTE_PORT along with the other env vars
  * libsystemd: sd_journal_get_seqnum() must be tagged with 254 symver, not 253
  * mempool: fix tile alignment check
  * Merge pull request #26579 from poettering/manager-env-clean-up
  * update TODO
  * man: add two missing commands to synopsys
  * tpm2-util: use compound initialization when allocating tpm2 objects
  * update TODO
  * Revert "dissect-image: don't probe swap partitions needlessly"
  * journald: make sure shall_try_append_again() logs about all return codes passed in, not just some
  * journald: start log message uppercase, like every other one around
  * journald: downgrade various log messages from LOG_WARNING to LOG_INFO
  * journald: upgrade log message about missing mmap() support to LOG_ERR
  * journald: always pass error code to logging function, even if we don't use it with %m
  * journald: remove triplicate logging about failure to write log lines
  * sd-event: handle kernels that set CONFIG_PSI_DEFAULT_DISABLED more gracefully
  * psi-util: fix error handling
  * mkosi: add some really basic tools to default mkosi image
  * user-record: extend user records with an ambient and bounding caps set field
  * homectl: make the new caps field configurable via homectl
  * pam_systemd: process the two new capabilities user records fields in pam_systemd
  * test: test setting ambient caps via pam_systemd.so
  * update NEWS
  * shared: add a common SIGRTMIN-18 handler
  * resolved: flush caches on memory pressure and support SIGRTMIN+18
  * journald: hook up journald with the memory pressure and SIGRTMIN+18 logic
  * machined: add support for memory pressure + SIGRTMIN+18
  * udevd: enable memory pressure/SIGRTMIN+18 logic
  * homed: hook up memory pressure/SIGRTMIN+18 handling
  * logind: hook up memory pressure + SIGRTMIN+18
  * timesyncd: hook up memory pressure + sigrtmin18
  * importd: hook up memory pressure, SIGRTMIN-18 (and in fact SIGINT + SIGTERM)
  * networkd: hook up SIGRTMIN+18 and memory pressure
  * portabled: hook up SIGRTMIN+18 and memory pressure
  * nspawn: hook up memory pressure + sigrtmin+18
  * userdbd: hook up memory pressure and sigrtmin18
  * pid1: also process memory pressure events (and SIGRTMIN+18)
  * pid1: add unit file settings to control memory pressure logic
  * units: let systemd --user manage its own memory pressure handling
  * test: add test for the new memory pressure unit file settings, and that they work
  * doc: add document explaining memory pressure handling
  * update TODO
  * dissect: show intended architecture of a disk image
  * nspawn: fix DDI arch → personality() propagation
  * tree-wide: error handling modernizations
  * journal-file: journal-file: extend journal header to always carry offset of most recent entry
  * sd-journal: track newest open journal file per boot ID
  * journal: use boot-id/timestamp info for odering entries
  * test: add test for journals without RTC
  * update TODO
  * nspawn: drop unused arg
  * nspawn: disconnect mounts propagation from host on our container dir
  * nspawn: disable propagation for selected host API bind mounts
  * Merge pull request #26355 from poettering/journal-no-rtc
  * tmpfile-util: teach link_tmpfile() to optionally replace files
  * hwdb: port to flink_tmpfile()
  * TODO
  * dissect: implement external helper plugin interface for /bin/mount
  * test: add test for new /sbin/mount.ddi helper
  * man: document /sbin/mount.ddi
  * missing: add fsmount() syscall fallback definition
  * missing: add more defines to fsopen() definitions
  * mountpoint-util: add helper that checks if MS_NOSYMFOLLOW is supported
  * dissect: add new helper dissected_partition_fstype()
  * udev: add new udev_builtin_add_propertyf() helper
  * udev-builtin-blkid: pick up info of backing file
  * loop-util: keep track of inode/devnum of backing file
  * loop-util: add call for setting the autoclear flag at arbitrary times
  * loop-util: add API for selecting "lo_file_name" field for a loopback device
  * dissect: add commands for attaching/detaching loopback devices
  * dissect: allow setting "lo_file_name" field of loopback block devices
  * dissect: shorten code a bit
  * udev: add /dev/loop/ symlinks
  * dissect-image: set MS_NOSYMFOLLOW for ESP/XBOOTLDR
  * gpt-auto-generator: port to partition_pick_mount_options() too
  * mountpoint-util: generalize mount_option_supported()
  * mountpoint-util: use mount_option_supported() to detect if 'discard' is support for an fs
  * mountpoint-util: move 'norecovery' detection into its own helper call
  * mountpoint-util: add new fstype_can_umask() helper
  * mountpoint-util: add comment explaining why fstype_can_discard() can't use mount_option_supported()
  * test: test new systemd-dissect --attach/--detach/--loop-ref= and /dev/loop/* symlinks
  * update TODO
  * mempress: change default PSI window duration to 2s
  * fd-util: move ACQUIRE_NO_XYZ flags to the header the function using them is in
  * data-fd-util: use fd_reopen() a bit more
  * Merge pull request #26741 from poettering/acquire-fd-fixes
  * Merge pull request #26704 from poettering/mnt-nosymlinks
  * Merge pull request #26693 from poettering/udev-loop-links
  * socket-util: fix socket_get_family()
  * basic: add RuntimeScope enum
  * runtime-scope: add helper that turns RuntimeScope enum into --system/--user string
  * Merge pull request #26331 from ddstreet/tpm2_pcr_read
  * dissect: share dissected_image_decrypt_interactively() invocation between actions
  * dissect: use a switch statements where appropriate
  * Merge pull request #26747 from poettering/dissect-common-decrypt
  * Merge pull request #26737 from poettering/runtime-scope
  * userbd: manager doesn't actually use varlink, only workers do
  * namespace: use ERRNO_IS_PRIVILEGE()/ERRNO_IS_NOT_SUPPORTED() where appropriate
  * core: rename "mount_flags" → "mount_propagation_flag" internally where appropriate
  * namespace-util: set mounts back to MS_SHARED in detach_mount_namespace()
  * test-process-util: port to detach_mount_namespace()
  * dissect: mark UID/GIDs that are surprising in DDIs with colors
  * core: fix mount flag help output, it only takes one argument
  * dissect: make all paths we operation on absolute
  * update TODO
  * Merge pull request #26794 from bluca/log_extra_fields
  * Merge pull request #26800 from t-8ch/memfd_create
  * userdbd: modernize signal handling
  * userdbd: make use of FORK_CLOSE_ALL_FDS + FORK_REOPEN_LOG where we can
  * userdbd: rework to use sd_event_add_child() instead of manual SIGCHLD
  * userdbd: make static const what we can make so
  * fd-util: make sure fd_reopen() works with AT_FDCWD systematically
  * core: move encrypted credential check to execute.c
  * pid1: allowlist all tpm devices for a unit when encrypted creds are needed
  * Merge pull request #26953 from poettering/encrypted-cred-mini-refactor
  * fileio: add new helper fdopen_independent()
  * seccomp-util: add new @sandbox syscall group with landlock/seccomp
  * seccomp-util: add some newer syscalls to existing groups
  * seccomp-util: enforce group ordering
  * analyze: don't claim "@known" was an unlisted syscall
  * man: update syscal filter group list
  * string-util: add new helper for finding line starting with specific string in a text buffer
  * tree-wide: port various places to find_line_startswith()
  * import: use truncate_nl() where appropriate
  * fd-util: cover some corner cases with fd_reopen() on symlinks
  * test-fd-util: use stat_inode_same() where appropriate
  * update TODO
  * Merge pull request #26932 from dtardon/journal-vacuum
  * update TODO
  * systemctl: dont's how memory limits that aren't available via D-Bus props
  * systemctl: show fd store info in status output
  * systemctl: show service status string in other color
  * man: correct/tweak text about unit name syntax
  * TEST-80: synchronize explicitly instead of by time
  * pid1: introduce new SERVICE_{DEAD|FAILED}_BEFORE_AUTO_RESTART service substates
  * pid1: add debug log about selected restart interval
  * stat-util: add inode_type_to_string() helper for showing mode_t inode type as string
  * devnum-util: add new devnum_is_zero() helper
  * fd-util: add helper for converting O_RDONLY/WRONLY/RDWR to strings
  * format-table: add inode type cell type
  * format-table: add new cell type for displaying major/minor devnums
  * pid1: add DumpFileDescriptorStore() bus call that returns fdstore content info
  * analyze: add new fdstore verb
  * fdset: minor modernizations
  * fdset: add new helper to convert an fdset to an array
  * fdset: add new fdset_consume() helper
  * notify: add support for sending fds with notification messages
  * test: add test case for fdstore dumping logic, and systemd-notify --fd=
  * update TODO
  * Merge pull request #26968 from DaanDeMeyer/exec-runtime
  * Merge pull request #26971 from poettering/autostart-dead-failed
  * units: let's establish the coredump socket before writting core_pattern sysctl
  * service: drop redundant unit_ref_unset() call
  * docs: add a document with an overview over systemd's coredump handling
  * man: link up new online coredump docs from man page
  * TODO: drop items regarding swap-for-hibernate-only-use
  * Merge pull request #27044 from bluca/sysext_recursive_dir
  * pid1: drop two spurious empty line
  * service: dump fdstore contents also in free-form debug dump
  * update TODO
  * service: minor modernizations
  * execute: add one more assert()
  * update TODO
  * update TODO
  * service: use newdup() where appropriate
  * dissect: add image dissection policy framework
  * tree-wide: hook up image dissection policy logic everywhere
  * dissect: actually enforce policy
  * dissect: add dissect_image_file_and_warn()
  * dissect: make returning of DissectedImage object optional
  * dissect: add new --validate command
  * dissect: disallow empty partition tables
  * dissect: update error code comment a bit
  * analyze: add 'image-policy' tool for analyzing image dissection policies
  * discover-image: automaticaly pick up sysext images from /.extra/sysext
  * sysext: default to a stricter image policy when reading /.extra/sysext/ DDIs
  * test: add integration test for image policy
  * man: document image policy syntax and semantics, and the hooks in the various components
  * update TODO
  * service: tell service processes that the fdstore is available via an env var
  * man: rebreak all of sd_notify(3)
  * Merge pull request #25608 from poettering/dissect-moar
  * discover-image: bring discover path list up-to-date.
  * sysext: define a default image dissection policy for confext images
  * varlink: add some comments explaining what by various errors are defined
  * varlink: get rid of "reply" field
  * varlink: add helper that clears the currently processed incoming message JSON object
  * varlink: implement file descriptor passing
  * test: add varlink fd passing test
  * varlink: honour "sensitive" flag of json variant objects all the way into the socket
  * Merge pull request #27153 from poettering/varlin-fd-pass
  * core: fix property getter method for NFileDescriptorStore bus property
  * service: release resources from a seperate queue, not unit_check_gc()
  * service: rework how we release resources
  * service: add ability to pin fd store
  * service: allow freeing the fdstore via cleaning
  * service: close fdstore asynchronously
  * core: move runtime directory removal into release_resource handler
  * service: rename service_close_socket_fd() → service_release_socket_fd()
  * pid1: add some debug logging when stashing ds into the fdstore
  * test: validate that fdstore pinning works
  * Merge pull request #27135 from poettering/pin-fdstore
  * Merge pull request #27027 from dtardon/unit-file-list-cleanup
  * socket-util: tighten aignment check for CMSG_TYPED_DATA()
  * tree-wide: port more code over to CMSG_TYPED_DATA()
  * udev,sd-device: use CMSG_FIND_DATA() more
  * Merge pull request #18789 from gportay/veritysetup-add-options-for-parity-with-cryptsetup-verity-utility
  * mountpoint-util: pass AT_STATX_DONT_SYNC to statx() when looking for mnt_id/mountpoints
  * mountpoint-util: fix hosed overflow check
  * mountpoint-util: use memcmp_nn() where appropriate
  * string-util: add strstrafter()
  * process-util: be more careful with pidfd_get_pid() special cases
  * lsm-util: move detection of support of LSMs into a new lsm-util.[ch] helper
  * Merge pull request #27256 from medhefgo/boot-rdtsc
  * Revert "getty-generator: Use device hotplug to instantiate virtualizer consoles"
  * kmod-setup: use STARTSWITH_SET() where appropriate
  * kmod-setup: bypass heavy virtio-rng check if we are not running in a VM anyway
  * dissect-image: issue BLKFLSBUF before probing an fs at block device offset != 0
  * man: try to make clearer that /var/ is generally not available in /usr/lib/systemd/system-shutdown/ callouts
  * ratelimit: handle counter overflows somewhat sanely
  * dissect: let's check for crypto_LUKS before fstype allowlist check
  * Merge pull request #27327 from DaanDeMeyer/hotplug
  * tree-wide: convert more cases do DEVNUM_FORMAT_STR()/DEVNUM_FORMAT_VAL()
  * tre-wide: use FORMAT_DEVNUM() a bit more
  * Merge pull request #27352 from poettering/devnum-more
  * meson: move bpf hookup into main meson build file
  * pid1: simplify bpf meson import
  * fd-util: add ASSERT_FD() that is similar to ASSERT_PTR() but for fds
  * loop-util: port some code over to ASSERT_FD()
  * parse-util: allow parse_pid() to work with NULL return parameter
  * homed: rename make_userns() to avoid name conflict with mount-util.[ch]
  * Merge pull request #27388 from poettering/assert-fd
  * fs-util: make sure open_mkdir_at() does something roughly sensible when invoked with '/'
  * mountpoint-util: make path_get_mnt_id_at() work with a NULL path
  * user-record-nss: make return values optional
  * doc: say in CODING_STYLE that AT_EMPTY_PATH should be implied on openat() style APIs (and NULL path is OK)
  * logind: always use 64bit session IDs
  * sd-daemon: add sd_pid_notifyf_with_fds()
  * mount-util: split remount_idmap() in two
  * Merge pull request #27347 from bluca/sd_bus_nonce
  * update TODO
  * image-policy: correct two comments
  * image-policy: split out code that "extends" underspecified partition policy flags
  * units: restrict hugepages fs a bit
  * cgroup: rework how we validate/escape cgroups
  * core: add DelegateSubgroup= setting
  * execute: don't apply journal + oomd xattrs to subcgroup
  * core: change ownership of subcgroup we create recursively, it shall be owned by the user delegated to
  * units: make system service manager create init.scope subcgroup for user service manager
  * udev: port to DelegateSubgroup=
  * nspawn: port over to /supervisor/ subcgroup being delegated to nspawn
  * test: extend test 19 to also verify DelegateSubgroup= works
  * Merge pull request #27376 from poettering/subcgroup
  * pam-util: include PID in PAM data field id
  * pam-systemd: disconnect bus connection when leaving session hook, even on error
  * shutdown: paranoia – close all fds we might get passed in
  * copy: don't call clone ioctls twice
  * copy: shortcut reflink_range() to reflink() in some cases
  * systemctl: rework 'if' to 'switch' statement
  * core/systemctl: when switching root default to /sysroot/
  * pid1: unify implemenation of /run/ disk space safety check a bit
  * generate-sym-test: search for missing symbols
  * generate-sym-test: only look in .c and .h files
  * base-filesystem: create /proc, /sys, /dev mount points as 0555
  * mount-setup: use size_t when iterating through array indexes
  * journal: handle EADDRNOTAVAIL in two more cases gracefully
  * manager: simplify manager_process_barrier_fd() a bit
  * manager: add debug logging about BARRIER=1 messages
  * switch-root: don't require /mnt/ when switching root into host OS
  * base-filesystem: add new helper base_filesystem_create_fd() that operates on an fd, instead of a path
  * base-filesystem: unify common parts of base_filesystem_create_fd() branches
  * update TODO
  * notify: don't send EXIT_STATUS= notify message from systemd-notify
  * Merge pull request #27510 from poettering/notify-barrier-pid-1-tweaks
  * sd-daemon: add sd_pid_notify_barrier() call and use it in systemd-notify
  * core: minor coding style modernization in mount.c
  * Merge pull request #27450 from poettering/switch-root-modernize
  * mount-util: simplify mount_switch_root() a bit
  * cryptsetup: downgrade a bunch of log messages that to LOG_WARNING
  * execute: suppress credentials mount if empty
  * execute: remove credentials dir again when empty
  * Merge pull request #27525 from poettering/creds-empty-gone
  * watchdog: always disarm watchdog properly before closing it
  * mount-util: add umount_and_free() helper
  * namespace: introduce a common dir in /run/ that we can use to see new root fs up on
  * pid1: port unit namespacing to new /run/systemd/mount-rootfs dir
  * dissect-image: port mount_image_privately_interactively() to use /run/systemd/mount-rootfs/ too
  * mount-setup: port to logging about mount attempts via mount_*follow_verbose()
  * mount-setup: minor log improvement
  * mount-setup: minor modernization
  * test-bus-chat: modernize a few things
  * test-bus-server: minor modernizations
  * sd-bus: bind outgoing AF_UNIX sockets to abstract addresses conveying client comm + bus description string
  * base-filesystem: also set up /run/ mount point if missing
  * base-filesystem: mention why we don't carry an entry for /tmp/ for now
  * sd-bus: use the new information in the client's sockaddr in the creds structure
  * test: add testcase for the new sockaddr metainfo logic
  * pid1: debug log client comm/description strings if available for incoming connections
  * busctl: set a description for the bus connection
  * man: indicate that the JOB parameter to "systemctl cancel" is optional
  * Merge pull request #27658 from poettering/base-fs-run
  * Merge pull request #27647 from poettering/mount-setup-tweaklets
  * Merge pull request #27648 from poettering/common-dissect-dir
  * Merge pull request #27573 from poettering/sd-bus-description
  * switch-root: add a comment regarding the safety limits of rm_rf_children()
  * mount-util: keep fd to /proc/self/mountinfo continously open in umount_recursive()
  * mount-util: extend umount_recursive() to optionally take list of dirs to exclude from the unmounting
  * mount-util: make "prefix" parameter optional for umount_recursive()
  * test: add test for umount_recursive()
  * switch-root: when switching root via MS_MOVE unmount all remaining mounts first
  * Merge pull request #27670 from poettering/switch-root-umount-all
  * update TODO
  * tree-wide: remove (void) cast around sync()
  * switch-root: sync() before MNT_DETACH unmounting all old mounts
  * Merge pull request #27700 from poettering/switch-root-sync
  * stat-util: add _at() variant for files_same()
  * switch-root: check if old and new root fs is same via files_same_at()
  * stat-util: rename files_same() → inode_same()
  * namespace-util: use inode_same_at() instead of FORMAT_PROC_FD_PATH()
  * update TODO
  * Merge pull request #27750 from keszybz/fix-root-resize-new
  * udevadm: improve debug logging when triggering/watching events
  * log: propagate max log level into glibc's setlogmask()
  * pid1: when taking possession of passed fds check O_CLOEXEC state first
  * fdset: minor modernizations
  * test: test O_CLOEXEC filtering of fdset fill logic
  * unit: add ordering dep relative to credentials dir
  * core: suppress various defaults deps for credentials mounts
  * core: split out default network dep generation into own function
  * sd-event: add an explicit API for leaving the ratelimit state
  * mount: check right before invoking /bin/umount if it makes sense
  * execute: add missing NULL handling
  * Merge pull request #26959 from poettering/creds-mount-dep-fix
  * Merge pull request #27358 from bluca/pe_mule
  * update TODO
  * Merge pull request #27563 from yuwata/fstab-generator
  * test-gpt: verify that alias entries are identical to the primary ones
  * tmpfiles: use same credstore perms everywhere
  * find-esp: change "unprivileged_mode" parameter to be tristate
  * find-esp: drop some redundant 'else'
  * loopback-setup: set IFA_F_NOPREFIXROUTE when configuring 'lo' ipv6 address
  * loopback-setup: clean up logging
  * test-loopback: run test in network + user namespace
  * Merge pull request #27860 from poettering/loopback-no-prefix-route
  * Merge pull request #27861 from poettering/find-esp-tweaks
  * test-sizeof: let's be a tiny bit more careful when using glibc internal types
  * fstab-util: drop redundant check
  * cryptsetup: fix whitespace issue
  * veritysetup-generator: use generic veritysetup writers at one more place
  * units: set DefaultDependencies=no for veritysetup slice
  * units: don't stop blockdev@.target unit at shutdown
  * cryptsetup-generator: imply x-initrd.attach for "usr" and "root" volumes
  * veritysetup-generator: imply x-initrd.attach for "usr" and "root" volumes
  * veritysetup-generator: only generate one set of deps on systemd-tmpfiles-setup-dev.service
  * {crypt|verity}setup: replace dep on systemd-tmpfiles-setup-dev.service by modprobe@loop.service
  * {crypt|verity}setup: mention volume name in some error messages
  * veritysetup: minor renaming of functions
  * veritysetup: remove double escaping of data device + hash device spec
  * Merge pull request #27889 from poettering/no-usr-verity-detach
  * fstab-generator: if we mount via roothash=/usrhash= let's imply "ro" mount option
  * dissect-image: fix partition label version compare
  * umount: split out MD detaching code from umount.c
  * umount: similar as previous commit, split out DM detaching
  * umount: split out loopback detach code
  * umount: split out swap detachment code too
  * detach-swap: decouple from umount.h
  * detach-dm: decouple from umount.[ch]
  * detach-md: also decouple structures from umount.h
  * detach-loopback: also decouple from umount.h
  * shutdown: don't attempt to detach DM volume backing /usr/
  * detach-md: similar to the DM case, also don't try to detach MD device backing /usr/
  * detach-loopback: also don't bother detaching loopback block device /usr/ is running off
  * shutdown: tone down failure messages a bit
  * test-macro: add ROUND_UP() macro for rounding up to next multiple
  * tree-wide: port various pieces of code over to ROUND_UP()
  * pid1: add "soft-reboot" reboot method
  * logind: add support for 'soft-reboot' reboots
  * systemctl: add "systemctl soft-reboot" command
  * switch-root: always use MS_BIND to move api vfs over
  * switch-root: introduce SwitchRootFlags flags parameter to switch_root()
  * switch-root: disable sync() again when we switch root during shutdown
  * mount-util: add fd_make_mount_point() helper
  * switch-root: automatically make target switch root dir a mount point
  * mount-setup: exclude /run/nextroot/ from relabelling
  * fstab-util: consider /run/nextroot/ among extrinsic mounts
  * man: document the soft reboot operation
  * test: disable SoftReboot() in dfuzzer test for now
  * test: add integration test for soft reboots incl. fdstore passing
  * update TODO
  * Merge pull request #27902 from poettering/round-up
  * Merge pull request #27896 from poettering/umount-detach-rework
  * Merge pull request #27435 from poettering/renew-reboot
  * umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not
  * battery-util: split out code that checks AC power state into its own .c/.h pair
  * battery-util: move battery_is_discharging_and_low() to battery-util.[ch]
  * battery-util: be more careful when determining whether we are in a low battery state
  * ac-power: add --low switch to systemd-ac-power tool
  * man: parition → partition typo fix
  * cgls/cgtop: spell field/column "CGroup" rather than "Control Group"
  * generators: change TimeoutSec=0 to TimeoutSec=infinity
  * units: change TimeoutSec=0 to TimeoutSec=infinity
  * man: document which IP ports resolved listens on, and what for
  * resolved: add comment clarifying why we decompress DNS names when parsing SRV
  * man: mention that OnCalendar= combines well with systemd-time-wait-sync.service
  * preset: enable systemd-networkd-wait-online.service by default
  * man: drop documentation of internal lookup flags
  * man: suffix --unit with an equal sign, since it expects an argument
  * shared: move uid-alloc-range.[ch] from src/shared/ → src/basic/
  * journald: move uid_for_system_journal() to uid-alloc-range.h
  * sd-journal: when SD_JOURNAL_CURRENT_USER is set, and called from system UID, imply SD_JOURNAL_SYSTEM
  * man: document that journalctl --user requires Storage=persistent
  * update TODO
  * man: document how calendar times catch up after system suspend/hibernation
  * unit: don't gc unit in oom queue
  * core: do not GC units/jobs that are in the D-Bus queue
  * Merge pull request #27968 from poettering/may-gc-tweaks
  * man: reference naming of triggered services of timer unit
  * man: document that "systemctl mask" doesn't work for units whose file is in /etc
  * xdg-autostart-generator: extend start timeout
  * execute: fix minor type confusion
  * bus-util: add bus_message_append_string_set() helper
  * bus-util: add bus_property_get_string_set() helper
  * Merge pull request #27989 from poettering/message-append-string-set
  * man: explain timesyncd epoch mtime touch files in a bit more detail
  * json: add json_dispatch_variant_noref() helper
  * resolved: add DumpCache varlink call for acquiring a complete dump of all of resolved's RR caches
  * resolved: add dns_resource_key_from_json() helper
  * resolved: add DNS_RESOURCE_KEY_TO_STRING() macro helper
  * resolvectl: add resolvectl command for dumping cache contents
  * update TODO
  * tmpfile-util: turn last parameter of link_tmpfile() into a proper flags
  * tmpfile-util: add new LINK_TMPFILE_SYNC flag for syncing properly before/after linking in the file
  * coredump: port over code to new LINK_TMPFILE_SYNC flag
  * tree-wide: start properly syncing at various places we so far didn't
  * Merge pull request #28017 from poettering/link-tmpfile-flags
  * Merge pull request #28014 from bluca/portable_fixes
  * socket: bump listen() backlog to INT_MAX everywhere
  * Merge pull request #28020 from DaanDeMeyer/followups
  * Merge pull request #27846 from keszybz/link-mode-generation
  * Merge pull request #26728 from keszybz/meson-update
  * time-util,socket: accept both kinds of unicode µ symbols
  * tree-wide: when in doubt use greek small letter mu rather than micro symbol
  * Merge pull request #28012 from poettering/resolvectl-dump-cache
  * bootctl: fix docs/--help to say that "bootctl random-seed" not just initializes but also refreshes ESP random seeds
  * Merge pull request #28032 from poettering/mumumµ
  * bootctl: warn if the ESP random seed is stored on a world-readable dir
  * resolvectl: fix double free issue
  * update TODO
  * systemctl: let's emphasize a bit that halt/poweroff/reboot/shutdown are compat commands
  * Merge pull request #27927 from Geass-LL/main
  * update TODO
  * man: place options in a some limited form of subsections
  * Merge pull request #28056 from dtardon/polkit-cleanup
  * transaction: turn four bool parameters into a proper flags parameters
  * transaction: use more verbose dbus error data in log message where available
  * transaction: rebreak comments to match current coding style
  * transaction: drop bus error arg from transaction_add_propagate_reload_jobs()
  * sleep-config: rename can_sleep_state() parameter
  * sleep-config: replace useless fstat() by useful fd_verify_regular()
  * sleep-config: check if we operate on regular file in swap_device_to_device_id() in swap file code path
  * sleep-config: replace SwapEntry's .type field with a proper enum
  * sleep-config: pin swap device while operating via O_PATH
  * sleep-config: don't use 'device_id' moniker for a dev_t entity
  * sleep-config: rename .device field to .path
  * sleep-config: reduce scope of DMI object path a bit
  * sleep: rename sleep-config.[ch] → sleep-util.[ch]
  * update TODO
  * rules: split out DMI related rules from udev-default.rules
  * hostnamed: don't read DMI data within a container
  * rules: drop weird spaces
  * hostnamed: when parsing day/month of firmware date, force decimal parsing
  * Merge pull request #28087 from poettering/transaction-flags
  * Merge pull request #28089 from poettering/sleep-cleanups
  * Merge pull request #28080 from poettering/dmi-fixes
  * hostnamectl: show age of firmware as time span, too
  * path-util: split filename_is_valid() in two
  * string-util: move version_is_valid() into generic code
  * analyze: also check for version string validity
  * stat-util: add missing S_IFLNK entry in inode_type_to_string()
  * Merge pull request #28095 from poettering/generic-valid-version
  * sleep-util: mention that offset is in memory pages
  * pid1: use FORK_DEATHSIG where appropriate
  * core: restrict ImportCredential= globbing
  * Merge pull request #28104 from DaanDeMeyer/emergency-kexec-halt
  * tests: teach tests boilerplate to run selected tests only
  * docs: describe $TESTFUNCS briefly
  * userdbd: drastically raise ratelimit we apply on requests for more worker processes
  * userdbd: prefix parameters with their names more
  * userdbd: when we hit a flood of requests to start more workers, don't exit
  * tree-wide: getpid() → getpid_cached()
  * tpm2-util: look for tpm2-pcr-signature.json directly in /.extra/
  * coredump: use loop_read() for reading coredump into memory
  * coredump: clamp JournalSizeMax= to maximum journald would accept
  * man: correct and extend JournalSizeMax=
  * Merge pull request #28129 from poettering/userdb-ratelimit
  * process-util: add helper that detects if we are a reaper process
  * process-util: add clone_with_nested_stack() helper
  * async: stop using threads for asynchronous_close()
  * basic: add comments about raw_clone() calls not supporting threads/malloc in child
  * automont: rework expiry to use subprocess rather than thread
  * process-util: add FORK_DETACH flag for forking of detached child
  * shared: move async.[ch] from src/basic/ → src/shared/
  * async: add generic implementation of asynchronous_rm_rf()
  * async: drop the now unused asynchronous_job()
  * async: add explanatory comment
  * async: use FORK_DETACH for asynchronous syncs
  * docs: document threading situation in coding style
  * process-util: add simple wrapper around PR_SET_CHILD_SUBREAPER
  * basic: drop unused include
  * resolved: if ipv6 is off patch hostname→address query with unspec family to ipv4
  * update TODO
  * tmpfile-util: drop spurious double newline
  * mount-util: don't claim maybe-uninitialized was false that is valid
  * mount-util: add helper that can bind mount submounts of one dir to another
  * namespace: when mounting new proc instance, bind mount submounts of source over
  * test: ensure ProtectProc=invisible retains host submounts
  * execute: don't honour PrivateNetwork() if we lack CAP_NET_ADMIN
  * Merge pull request #28144 from poettering/procfs-submounts-move
  * Merge pull request #27843 from yuwata/usleep_safe
  * Merge pull request #27330 from YHNdnzj/hibernate-resume-auto
  * bpf-foreign: remove duplicate various occasions of duplicate logging
  * bpf-foreign: if one program fails, still load the next
  * bpf-foreign: add an explicit, explanatory message when reference BPF program is not loaded yet
  * man: rework BPFForeign= documentation a bit
  * mount-util: use inode_type_to_string() in mode_to_inaccessible_inode()
  * Merge pull request #28159 from poettering/bpf-foreign-warnings
  * start updating NEWS for 254
  * string-util: add strextendn() helper
  * env-util: modernize env_name_is_valid_n() a bit
  * env-util: add explicit size check before strndupa() in strv_env_get_n()
  * env-util: introduce proper flags type ReplaceEnvFlags for replace_env()
  * env-util: make strv_env_get() a static inline wrapper around strv_env_get_n()
  * env-file: when resolving env vars in command lines, collect list of unset/invalid ones
  * tpm2: make PcrIndex an anonymous enum
  * journalctl: read env vars that override compiled catalog database and source files
  * sysv-generator: make sysv deprecation message a bit "louder"
  * NEWS: add comment about SysV script deprecation
  * Merge pull request #28179 from poettering/sysvgendeprecated
  * sysv-generator: deprecate even more
  * NEWS: more updates for future v254
  * analyze: add new "pcrs" verb
  * NEWS: add pcrs verb
  * update NEWS
  * Merge pull request #27830 from 1awesomeJ/initrd
  * Merge pull request #28146 from keszybz/ansi-seq-skip
  * update TODO
  * sd-path: add support for XDG_STATE_HOME
  * sd-path: bring spacing in sd-path.h and systemd-path tool in sync
  * path tool: add some basic ansi highlighing
  * execude: include RuntimeScope field in ExecParameters
  * execute: remove redundant assignment
  * execute: when recursively chowning StateDirectory= when spawning services, follow initial symlink
  * execute: add support for XDG_STATE_HOME for placing service state data in --user mode
  * execute: associate logs from setup_exec_directory() with the unit name
  * execute: shorten some code by using RET_NERRNO()
  * execute: shorten code by making use of laccess() return code properly
  * execute: don't bother with chowning StateDirectory= and friends in user mode
  * test: add test for new XDG_STATE_HOME handling
  * man: rebreak lines in file-hierarchy(7) a bit
  * man: properly close XML tags
  * tmpfiles: teach tmpfiles the new XDG_STATE_HOME variable too
  * Merge pull request #28168 from poettering/xdg-state-home
  * NEWS: various fixes/additions
  * update TODO
  * man: document vmm.notify_socket credential in systemd(1) man page
  * man: add brief smbios-type-11 man page
  * mount-util: tweak flags decoding in mount_verbose_full()
  * README: strenghten wording regarding static libs
  * battery-check: rework unit
  * unit: don't encode literally which unit types to generate audit events for
  * pid1: also encode whether to send plymouth notifications in UnitVTable
  * oom: don't encode whether unit types can do oomd hookup a second time
  * mount: make unit_start() mount ratelimiting check generic
  * Merge pull request #28211 from poettering/unit-abstract
  * update TODO
  * service: re-linebreak some comments matching current coding style
  * core: introduce a new job mode JOB_RESTART_DEPENDENCIES
  * test: add test case for recent OnSuccess=/OnFailure= state machine changes
  * units: skip systemd-battery-check in environments where it doesn't make sense
  * loginctl,machinectl: use same ansi formatting in --help texts as in systemctl
  * systemctl: implement a new "whoami" verb, that just returns unit of caller/PID
  * hibernate-resume-generator: downgrade 'noresume' log message
  * NEWS/--help: correct/be clearer on bootclt -R vs. -RR
  * man: make sure credentials properly show up in directives index
  * execute: fix credential dir handling for fs which support ACLs
  * import-creds: define a new dir where initrd configurators can pass credentials to host
  * creds-util: add new helper read_credential_with_decryption()
  * import-creds: pick up vmm.notify_socket also from encrypted credentials
  * core: consult credentials for machine ID to use for host
  * import-creds: show list of imported credentials during initialization of PID 1
  * execute: split out mounting of credentials fs
  * import-creds: unify acquire_credential_directory() + acquire_encrypted_credential_directory()
  * test: add test for initrd credentials
  * fstab-generator: optional read addtional fstab lines from credentials
  * fstab-generator: add more parameter name comments
  * test: add simple fstab credential test
  * getty-generator: allow configuring additional gettys via credentials
  * getty-generator: minor modernizations
  * test: verify that the getty generator with creds works
  * generator: run various generators only run on the host, not in initrd
  * doc: document inird credentials + and how to consume credentials in generators
  * man: document how credentials are passed into generators
  * man: document where PID 1 imports credentials from
  * import-creds: add support for binary credentials specified on the kernel cmdline
  * update TODO
  * units: condition out a few services in the initrd
  * Merge pull request #28253 from yuwata/hwdb-follow-up
  * Merge pull request #26844 from YHNdnzj/propagate-stop-fixup
  * efi: add a bunch of reported EFI loader/stub feature flags
  * boot: rename entry_count → n_entries
  * boot: make LoaderType enum less special
  * hostname-setup: don't pass "true" to a flags parameter
  * hwdb update for v246-rc1
  * meson: run forgotten 'update-man-rules'
  * update hwdb autosuspend data for v254
  * update syscall tables for upcoming v254
  * Merge pull request #28243 from bluca/sbat_initrd
  * Merge pull request #27713 from ddstreet/tpm2_replace_make_primary
  * NEWS: more preparation for 254-rc1
  * service: explicitly cast float to usec_t
  * Merge pull request #28265 from yuwata/network-captive-portal-follow-ups
  * dissect: add new verbs to brief version of cmline in --help
  * bus-unit-util: add common code for reloading PID 1
  * tree-wide: drop trailing newline from various log calls
  * Merge pull request #28348 from YHNdnzj/async-close-waitpid
  * import-creds: don't import creds from SMBIOS/qemu in confidential VMs
  * Merge pull request #28344 from YHNdnzj/compare-device-node
  * update TODO
  * loop-write: do strlen() implicitly if size is specified as SIZE_MAX
  * Merge pull request #28627 from yuwata/udev-default-children-max
  * update TODO
  * varlink: don't allocate fd control buffer on each read()
  * shutdown: handle gracefully if MD_LEVEL udev propery is not set
  * libfido2: pick up debug logging from libfido2, and funnel it through our log subsystem
  * vconsole-setup: port to main-func.h boilerplate
  * vconsole-setup: use FOREACH_ARRAY() at one more place
  * vconsole-setup: simplify path allocation
  * vconsole-setup: simplify error handling
  * polkit: use LIST_POP where appropriate
  * polkit: move asserts up, so that they cover all reply codepaths
  * bootctl: don't advertise systemd-efi-options in --help/man anymore
  * Merge pull request #28720 from poettering/vconsole-setup-tweaks
  * sysusers: move global variables into a Context object
  * tree-wide: drop _pure_ + _const_ from local, static functions
  * Merge pull request #28736 from poettering/polkit-tweaks
  * update TODO
  * main: drop redundant ()
  * coredump: explicitly document that in order to process a coredump we have to write it to disk first
  * coredump: use a cleanup handler for destroying iovw objects
  * coredump: add four assert()s
  * coredump: rename gather_pid_metadata() → gather_pid_metadata_from_procfs()
  * coredump: fix error path
  * coredump: let's use FOREACH_ARRAY() at once very obvious place
  * man: let's tone down the recommendation to use Type=exec a bit
  * journalcl: simplify handling of stdout being a regular file and epoll()
  * sd-event: explicit document what to do with epoll-incompatible fds
  * update TODO
  * networkd: add comment about order of IPReversePathFilter enum
  * tmpfiles: move static vars into Context object
  * file-io: let's use offsetof() rather than sizeof() for determining EFI_FILE_INFO prefix size
  * vconsole-setup: use "@kernel" rather than "kernel" as special string to leave keymap untouched
  * man: don't claim BindPaths= file systems would remain "in memory", they are just kept "mounted"
  * iovec-util: add iovw_isempty() helper
  * update TODO
  * update TODO
  * update TODO
  * btrfs: drop O_PATH from dir_fd passed to btrfs_subvol_make() if needed
  * btrfs: use ERRNO_IS_NOT_SUPPORTED() where appropriate
  * tpm2-util: give PCR 6 a name too
  * tpm2-util: add _const_/_pure_ to a couple of to_string()/from_string() functions
  * homed: reuse openssl-util.h cleanup helpers
  * update TODO
  * seccomp: move seccomp_parse_errno_or_action() into common definitions
  * tree-wide: don't ifdef seccomp-util.h, drop seccomp.h inclusion everywhere
  * tree-wide: drop "static inline" use in .c files
  * Merge pull request #28907 from poettering/have-seccomp-tweaks
  * man: mention two more things logind does
  * efi: add comment clarifying we should not use EV_IPL anymore
  * string-util: add a function to determine levenshtein distance of two strings
  * verbs: make a helpful suggestion when user types unrecognized verb
  * Merge pull request #28903 from poettering/verbs-levenshtein
  * boot: explain why we refuse to edit kernel cmdline when we do so
  * boot: modernize mangle_stub_cmdline() a bit + drop leading whitespace
  * boot: add hotkeys for rebooting/powering off the system from the boot menu
  * boot: add control-less alias for Ctrl-l hotkey
  * update TODO
  * core: simplify get_process_umask() invocation
  * utf8: automatically determine length of string if SIZE_MAX is specified
  * json: add json_variant_append_arrayb() helper
  * tree-wide: use json_variant_append_arrayb() at many places
  * json: rename json_append() → json_variant_merge_objectb()
  * json: add json_variant_set_fieldb() helper
  * Merge pull request #28946 from poettering/json-variant-append-arrayb
  * tpm2: unify symbolic name infra for PCRs
  * fundemental: split out UKI defines into its own header
  * fundamental: rename tpm-pcr.h → tpm2-pcr.h
  * alloc-util: add free_many() helper
  * gpt: move basic header/partition structure of GPT into common code
  * boot: don't pass kernel cmdline option to UKIs which have the very same line built-in
  * shared: add common implementation of PE parser
  * shared: port bootspec.c over to new common PE parser
  * shared: port kernel-image.c over to new common PE parser
  * shared: remove now unused pe-header.h
  * tpm2: whenever we measure, also write a tpm log record
  * test: add test for new measurement log
  * Merge pull request #29004 from poettering/measure-log
  * glyph-util: bring glyphs into same order everywhere
  * switch-root: rework SWITCH_ROOT_SKIP_RECURSIVE_RUN flag
  * switch-root: when pivot_root() fails, but old root shall be mounted, do so
  * Revert "shutdown: do not umount recursively before MS_MOVE"
  * uki: document section name size limit
  * logind: give better error messages when failing to attach devices to seats
  * update TODO
  * openssl-util: add common implementation of digest+sign
  * Merge pull request #28957 from yuwata/core-mount-set-dirty-on-umount
  * tpm2-util: drop support for creating TPM2 trial sessions
  * Merge pull request #29071 from YHNdnzj/loop-write-full
  * manager: move various fields that declare unit defaults into a new structure UnitDefaults
  * manager: add manager_set_unit_defaults() call that sets all unit defaults in one go
  * core: introduce unit_defaults_init() common initialization helper
  * serialize: add common deserialize_read_line() helper and use it everywhere
  * Revert "tree-wide: Mount file descriptors via /proc/<pid>/fd"
  * pidref: add structure that can reference a pid via both pidfd and pid_t
  * core: reference main/control pid of .service units via PidRef
  * core: convert Socket logic to PidRef too
  * core: also port mount units to PidRef
  * core: also port swap units to PidRef
  * core: don't manually destroy timer when we can't spawn a child
  * logind: also port session leader tracking over to PidRef
  * machined: port over to PidRef too
  * update TODO
  * serialize: don#t allocate 1M on the stack just like that
  * update TODO
  * man: drop duplicate .uname documentation, add .sbat documentation
  * man: link UKI spec from sd-stub
  * man: fix counting of resource types
  * doc: add a markdown doc giving an overview over the fdstore
  * logind: slightly tweak error message about not enough swap for hibernation
  * update TODO
  * core: add new "PollLimit" settings to .socket units
  * man: document the new PollLimitIntervalSec=/PollLimitBurst= settings
  * ci: add test for poll limit
  * core: port service_set_main_pid() to PidRef
  * core: port over unit_kill_context() to PidRef
  * pidref: add sigqueue() helper
  * core: port unit_main_pid() + unit_control_pid() to PidRef and drop unit_kill_common()
  * core: port unit_fork_helper_process() and unit_fork_and_watch_rm_rf() to PidRef
  * path: make arg_pager_flags static
  * Merge pull request #29159 from poettering/socket-pause
  * update TODO
  * scope: add trailing comma to array initialization
  * scope: only stop watching processes when we go down
  * cgroup-util: rename return param to 'ret', as per coding style
  * cgroup-util: initialize return param on all success returns
  * cgroup-util: tighten range check before casting to pid_t
  * scope: slightly simplify scope_enter_running() error handling
  * pidref: add pidref_equal() helper
  * docs: various updates to the fdstore docs
  * time-util: use clock_nanosleep() rather than nanosleep()
  * service: use empty_to_na() where appropriate
  * scsi_serial: convert from nanosleep() to usleep_safe()
  * docs: excorcise NIS from nsswitch.conf
  * Merge pull request #29239 from poettering/clock-nanosleep
  * update TODO
  * pcrphase: rename binary to pcrextend
  * pcrextend: make PCR index configurable
  * man: briefly document that we are now keeping an event log in userspace for out measurements
  * Merge pull request #29301 from poettering/pcr-extend-rename
  * resolved: also expose interface index in server JSON data
  * resolved: rename varlink function to match exposed method name
  * alloc-util: remove duplicate empty line
  * string-util: make strgrowpad0() a bit safer
  * repart: add extra safety check that the verity signature fits in the partition we want to write
  * Merge pull request #29315 from poettering/strgrowpad0
  * varlink: move O_NONBLOCK setting to varlink_server_listen_fd(), and set O_CLOEXEC too
  * oomd: correct listening sockets
  * Merge pull request #29309 from poettering/resolved-varlink-tweaks
  * varlink: remove duplicate varlink_clear_current()
  * udev: raise RLIMIT_NOFILE as high as we can
  * Revert "man: Add /usr/local/lib path to Synopsis section for modules-load"
  * Revert "userdbd: Order systemd-userdbd.service after systemd-remount-fs.service"
  * efi-loader: rename efi_stub_measured() → efi_measured_uki()
  * condition: add ConditionSecurity=measured-uki
  * units: move units over to ConditionSecurity=measured-uki
  * efi-loader: add caching to efi_measured_uki()
  * update TODO
  * Merge pull request #29345 from poettering/measured-uki-condition
  * service: clean up logging a bit
  * service: add error handling for all service_arm_timer() invocations
  * socket: drop redundant TAKE_FD(cfd) line
  * socket: modernize socket_acquire_peer() a bit
  * socket: clean up error message generation/fail paths also for the socket state engine
  * mount: also rework log message generation
  * swap: also modernize state engine log message generation
  * automount: also modernize log logic
  * timer: also modernize timer state machine error logging
  * path: also modernize path state machine logging
  * scope: also modernize state machine logging
  * core: generalize service_arm_timer() for all unit types
  * update TODO
  * bootctl: report if have been booted with a measured UKI
  * bootctl: if we can't access the ESP, show this in regular status output
  * bootctl: highlight SecureBoot enabled state in green
  * update TODO
  * cgroup-util: add cg_read_pidref() helper
  * pidref: add PIDREF_MAKE_FROM_PID()
  * pidref: add helpers for managing PidRef on the heap
  * pidref: add pidref_hash_ops
  * pidref: add pidref_verify() helper
  * test-watch-pid: use a real PID, not a made up one
  * core: move pid watch/unwatch logic of the service manager to pidfd
  * update TODO
  * tpm2: move measurement log to /run/log/ (from /var/log/)
  * Merge pull request #29234 from ddstreet/tpm2_marshal_serialize_handle_index
  * tpm2-setup: add new early boot tool for initializing the SRK
  * update TODO
  * pe-binary: actually check if PE binary is UEFI binary when determining if UKI
  * sysext: validate against the right API level
  * Merge pull request #29344 from poettering/tpm2-setup
  * logind: add HANDLE_ACTION_IS_SLEEP() and HANDLE_ACTION_IS_SHUTDOWN() helpers
  * memory-util: move memzero() to src/fundamental/ to share with UEFI
  * util: add xmalloc0() helper
  * mount-util: add make_fsmount()
  * dissect-image: optionally allow mounting via new kernel mount API in two steps
  * Merge pull request #29405 from poettering/boot-xmalloc0
  * markdown: add document listing TPM2 PCR measurements we make comprehensively
  * stub: drop empty line
  * cgroup-util: drop "controller" argument from various cgroup helper calls
  * cgroup-util: make sure cg_get_owner() only works for cgroups, not cgroup attribute files
  * pid1: serialize pidrefs as pidfds if possible
  * update TODO
  * cgroup-util: add cg_pidref_get_path() helper and use it
  * update TODO
  * Merge pull request #29453 from poettering/cgroup-no-controller
  * Merge pull request #29458 from poettering/serialize-pidref
  * Merge pull request #29454 from poettering/cg-pidref-get-path
  * pid1: allow creating scope units based in pidfds instead of plain pids
  * pidref: add trivial helper pidref_set_self() to set pidref to our handle to our own process
  * tree-wide: prefer sending pifds over pids when creating scope units
  * update TODO
  * Merge pull request #29455 from poettering/scope-pidref
  * fileio: revamp search_and_fopen()
  * repart: don't wipe the disk image if we just created it fresh
  * repart: disable pager in --dry-run=no mode
  * repart: rework --empty= handling a bit
  * repart: get rid of redundant variable 'dry_run'
  * repart: drop redundant ()
  * repart: add new --copy-source= switch
  * repart: make it easy to generate DDIs
  * discover-image: nicely support .sysext.raw + .confext.raw suffix for DDIs
  * sysext: fix some sysextisms in confext mode
  * repart: say image file instead of loopback file
  * repart: relax rules on CopyFiles= a bit
  * repart: add simple mechanism to override fstype choices
  * test: test the new --make-ddi= logic
  * repart: make arg_empty a proper enum with a string table
  * Merge pull request #29364 from poettering/make-ddi-easy
  * image-discover: skip properly over files that cannot be recognized as image files
  * machinectl: align UID shift status field properly
  * alloc-util: add realloc0() helper than is like realloc() but zero-initializes appended space
  * varlink: add new helper that reports whether connection is idle
  * varlink: add IDL/introspection logic
  * varlink: allow associating Varlink IDL information with a VarlinkServer
  * varlink: add introspection data for the org.varlink.service and io.systemd interfaces
  * varlink: implement the org.varlink.service introspection interface by default + hook up validator
  * varlink: add varlink_connect_url() and varlink_connect_exec() calls
  * tree-wide: make all our Varlink APIs introspectable
  * oomd: move SubscriptionTaken Varlink error out of generic Varlink code
  * test: add test for varlink introspection logic
  * varlink: add exit-on-idle logic for Varlink server
  * varlink: add varlink_server_listen_auto() helper
  * varlink: add new call varlink_server_loop_auto()
  * varlink: add varlink_invocation() call
  * varlinkctl: add new varlinkctl tool
  * pcrextend: make pcrextend tool acccessible via varlink
  * test: extend some existing tests with varlinkctl lines, to test varlinkctl + new PCRExtend service
  * update TODO
  * cgroup: rename TasksMax structure to CGroupTasksMax
  * cgroup: rename cgroup_add_* to cgroup_context_*
  * cgroup: drop cgroup path parameter from xattr calls
  * cgroup: refactor cgroup_xattr_apply()
  * cgroup: un-export two functions
  * cgroup: rename cgroup_modify_nft_set() → unit_modify_nft_set()
  * core: refactor compare_job_priority()
  * Merge pull request #29493 from YHNdnzj/unit-always-set-user-home
  * dissect: don't show non-JSON arch + sector size in JSON mode
  * docs: document that in future we'll do EV_EVENT_TAG only, no EV_IPL
  * namespace: make setup_namespace() less crazy
  * Merge pull request #29427 from ddstreet/cryptenroll_specify_handle_index
  * limits-util: suppress noisy debug message when reading tasks in top-level cgroup
  * fdset: improve debug logging for left-over fds
  * bpf-lsm: suppress noisy debug log message if we remove a unit from the bpf-lsm table where it was never added
  * killall: suppress debug log if some cgroup doesn't have survive_final_kill_signal xattr set
  * doc: readd vanished ```
  * json: add json_build() support for env block serialization
  * dissect: port to new JSON_BUILD_STRV_ENV_PAIR()
  * dissect: show architecture in JSON output too
  * dissect: image size can be unset, suppres in JSON output then
  * dissect: allow confext/sysext to be in the same image
  * dissect: move helpers for categorizing DDIs into generic code
  * varlink: automatically send ExpectedMore error message back when we were called without more=true set, but need it
  * varlink: don't bother replying about validation errors on method calls with 'oneway' set
  * varlink: didn't generate a varlink error reply if a failed method call handler already did
  * varlink: use the right validator for error replies
  * update TODO
  * Merge pull request #29523 from keszybz/kernel-install-dtb-files
  * update TODO
  * varlink: refuse empty () structs/enums
  * varlink: don't generate %m error message if we are synthesizing the error
  * test: add simple test for two common kind of errors
  * varlinkctl: generate slightly more useful error messages
  * update TODO
  * run: support --scope on old service managers that lack native PIDFD support
  * sysext: make some calls available via varlink
  * update TODO
  * namespace: normalize memory management of mount list
  * namespace: convert ProtectHostname= logic to a static table
  * namespace: downgrade log message of error we ignore to LOG_WARNING
  * namespace: don't retry to a mount if we didn't actually manage to create an inode
  *  namespace: downgrade log messages to LOG_DEBUG
  * namespace: add // FIXME comments on some suplicate logging
  * run: output invocation ID when starting service and scope units
  * run: pin the unit we invoke continously while we are running
  * update TODO
  * Merge pull request #29562 from poettering/namespace-fuckup-fix
  * Merge pull request #29548 from poettering/sysext-varlink
  * Merge pull request #29272 from enr0n/coredump-container
  * Merge pull request #29546 from poettering/run-invoc-id
  * fileio: add read_stripped_line() as trivial read_line() + strstrip() combo
  * tree-wide: port various parsers over to read_stripped_line()
  * cgroup: turn device cgroup controller "rwm" strings into proper flags
  * cgroup-util: rename all return parameters in cgroup-util to ret_xyz
  * pidref: make pidref_verify() parameter const
  * serialize: add new helper deserialize_fd()
  * serialize: modernize deserialize_{usec|dual_timestamp}() a bit
  * serialize: change order of deserialize_strv() parameters
  * serialize: add serialize_fd_many() helper
  * execute: use close_many_and_free() more
  * fd-util: add new helper close_many_unset()
  * fd-util: use close_many() where appropriate
  * pidref: make signal sending calls take const PidRef
  * cgroup-util: make cg_pidref_get_path() PidRef parameter const
  * pidref: we never have to verify PID 1
  * cgroup-show: use size_t for array sizes
  * process-util: add pidref_get_cmdline()
  * process-util: add pidref_is_kernel_thread()
  * dbus-unit: make sure GetProcesses() D-Bus call internally uses pidfd
  * process-util: add pidref_get_comm() and rename get_process_comm() to pid_get_comm()
  * pidref: add new pidref_is_self() helper
  * core: port unit/process kill logic to pidref
  * process-util: add pidref_get_uid() and rename get_process_uid() → pidref_get_uid()
  * process-util: change pid_is_alive() to not eat up errors, and add pidref_is_alive()
  * process-util: add pidref_is_my_child()
  * process-util: add pidref_is_unwaited() and make pid_is_unwaited() return errors
  * process-util: add API for enumerating processes in /proc/ and pinning them via PidRef
  * test: port tests over to new /proc/ enumeration API
  * killall: port killing spree loop over to PidRef
  * test-cgroup: make test case a bit more robust towards previous aborted runs
  * update TODO
  * manager: move idle_pipe allocation to manager.c and make it atomic
  * Merge pull request #29594 from poettering/cgroup-rename-ret-params
  * pidref: make PIDREF_NULL const
  * io-util: split out "struct iovec" related calls into their own .c/.h files
  * iovec-util: make IOVEC_TOTAL_SIZE() a regular function
  * iovec-util: make IOVEC_NULL const
  * iovec-util: make IOVEC_MAKE_STRING() safer
  * iovec-util: make IOVEC_INCREMENT a regular function too
  * io-util: split out iovw_xyz into iovec-wrapper.h
  * man: document the order in which we talk to DNS servers
  * tpm2-util: add a bunch of line breaks for an overly long bitmask
  * tpm2-util: add line break where appropriate
  * iovec-util: add some useful helpers for dealing with iovecs that refer to dynamic memory
  * json: add helpers for dispatching/building JSON with base64 struct iovecs
  * repart: port to new "struct iovec" JSON + primitive helpers
  * format-table: add new uint32_t hex field type
  * format-table: add new table_get_current_column() helper
  * sort-utils: add generic uint16_t comparison call
  * tpm2: move event tag sd-boot/sd-stub to make measurements with into src/fundamental/
  * tpm2-util: rename tpm2_calculate_name() → tpm2_calculate_pubkey_name()
  * tpm2-util: make tpm2_marshal_blob()/tpm2_unmarshal_blob() static
  * tpm2-util: make tpm2_read_public() static, as we use it only internally in tpm2-util.c
  * efi-api: export UUID converter calls
  * pcrextend: split out word to measure code into shared helper file
  * glyph-util: add 'full block' glyph
  * cryptenroll: reduce scope of two global variables
  * cryptenroll: merge two if checks with same condition
  * update TODO
  * mount-util: add one more const
  * execute: log about failures when opening a terminal to reset
  * tpm2-util: dont't find best PCR bank if no PCRs are selected whatsoever
  * tpm2-util: add line breaks in compound struct init, like we usually do
  * repart: reduce scope of two variables
  * cryptenroll: add addition asserts
  * cryptenroll: add section headers to --help text
  * cryptenroll: validate positional arguments before looking at detail parameters
  * tpm2-util: add line breaks in compound struct init, like we usually do
  * cryptsetup: remove redundant check
  * xattr-util: add new getxattr_at_bool() helper
  * tree-wide: port various users over to the new getxattr_at_bool() call
  * cgroup-util: add cg_is_delegated_fd() helper
  * cgroup-show: rework cgroup tree display to operate by fd only
  * varlink: make sure 'incomplete' bool is nullable
  * fd-uitl: rename PIPE_EBADF → EBADF_PAIR, and add EBADF_TRIPLET
  * namespace: normalize MountMode type a bit
  * update TODO
  * doc: document explicitly when we require specific top-level mounts to be established
  * Update TODO
  * hwdb,rules: mark host-to-host network devices as only requiring link local addressing
  * network: add default .network file matching ID_NET_AUTO_LINK_LOCAL_ONLY=1
  * update TODO
  * network-generator: name enum for "ip=dhcp" case same as literal string
  * network-generator: add support for ip=link-local
  * man: document the new ip=link-local kernel cmdline option
  * NEWS: mention that ip=off now means ip=off
  * update TODO
  * Merge pull request #29778 from yuwata/log-tests-skipped
  * Merge pull request #29776 from jinliu/pam_kernel_keyring
  * Merge pull request #29769 from poettering/network-generator-ll
  * Merge pull request #29763 from yuwata/vconsole-conf
  * nspawn: fix barriers when wiping fully visible procfs/sysfs
  * barrier: use EBADF where appropriate
  * nspawn: make sure idmapped logic works if DDI contains only /usr/ tree
  * coredump: tweak coredump log message
  * coredump: let's always drop privileges
  * man: explicitly mention that environment.d/ cannot be used to set the service manager's own env block
  * cryptenroll: use erase_and_free() at two more places
  * Merge pull request #29788 from poettering/nspawn-barrier-fix
  * proc-cmdline: use read_virtual_file() for /proc/cmdline
  * bsod,loop-util: fix fd validity check
  * chase: fix corner case when using CHASE_PARENT with a path ending in ".."
  * man: run ninja update-man-rules again
  * sort-util: make bsearch_safe() actually typesafe, by returning the right type
  * parse-util: add parse_tristate() and use it everywhere
  * resolved: make sure "resolvectl monitor" can properly deal with stub queries
  * varlink,json: introduce new varlink_dispatch() helper
  * fd-util: add new FORMAT_PROC_PID_FD_PATH() helper
  * process-util: add new FORK_DEATHSIG_SIGKILL flag, rename FORK_DEATHSIG → FORK_DEATHSIG_SIGTERM
  * lock-util: add a new lock_generic_with_timeout() helper
  * udevadm-lock: switch things over to lock_generic_with_timeout()
  * blockdev-util: export block_device_get_originating()
  * sd-netlink: add call to query sd_event object an sd_netlink object is attached to
  * glyph-util: add computer disk + world emoji
  * storagetm: add new systemd-storagetm component
  * man: add docs for new storagetm service
  * test: add integration test for systemd-storagetm
  * update NEWS
  * update TODO
  * tree-wide: never link directly against p11kit
  * meson: make sure we never actually link to libxenctrl
  * crytsetup: allow overriding the token .so library path via an env var
  * cryptsetup: rename usrptr to userdata
  * cryptsetup: honour configured ask password flags also when activating via token
  * cryptsetup: disable activation via token plugin if we shall measure the volume key
  * dlfcn-util: add two new macros for making it easier to create "sym_xyz" indirect function call variables
  * firewall: make libiptc dependency a dlopen() one
  * firewall: make sure firewall-util-private.h includes everythin it needs
  * firewall: allow selecting firewall backend via env var
  * update TODO
  * cryptsetup: pass AskPasswordFlags down into pkcs11 module
  * efivars: add UEFI 'database' variable uuid
  * tpm2-util: add various uefi event log definitions
  * tpm2-util: add helper for returning path to EFI event log blob
  * tpm2-util: pick up a few new symbols from tpm2-tss
  * tpm2-util: export a couple of functions we'd like to use for pcrlock
  * tpm2-util: add helpers for marshalling public/private keys
  * tpm2-util: add helpers for marshalling NV index public areas
  * tpm2-util: add helper for setting TPM2B_AUTH in binary
  * tpm2-util: add helper that calculates name of NV index
  * tpm2-util: add calls for calculating/submitting PolicyAuthorizeNV + PolicyOR TPM2 policies
  * tpm2-util: add helper for creating/removing/updating NV index with stored policy
  * tpm2-util: add generic helpers for sealing/unsealing data
  * tpm2-util: make various marshalling/unmarshalling calls static, as we only use them internally in tpm2-util.c
  * tpm2-util: add common array for TPM2 hash algorithms
  * pcrlock: add new pcrlock tool
  * tree-wide: hook everything up with pcrlock policy
  * pcrlock: add pre-defined pcrlock files
  * units: add units that put together and install a TPM2 PCR policy at boot
  * man: document pcrlock
  * test: add pcrlock integration test
  * update TODO
  * Merge pull request #29827 from yuwata/network-install-default-configs
  * update TODO
  * nspawn: fix two failure paths
  * Merge pull request #29840 from poettering/cryptsetup-tweaks-nore
  * more additions to NEWS
  * namespace: fix whitespace mixup
  * update NEWS
  * hexdecoct: implicitly parse URL-safe base64 format, too
  * test: add test for the combined base64/base64url decoder
  * NEWS: drop left-over .md suffix
  * pcrlock: show emojis for each PCR line
  * update TODO
  * string-util: add strdup_or_null() helper
  * json: teach dispatch logic to also take numbers formatted as strings
  * tree-wide: take in all *our* JSON structures also decimal strings
  * kernel-install: add command to list installed kernels
  * kernel-install: make version/kernel image parameters optional for "add"
  * kernel-install: add add-all verb
  * kernel-install: make "inspect" work more like "add" regarding omission of parameters
  * man: document /usr/lib/modules/ paths as recommend copy source for kernel-install
  * update TODO
  * update CI
  * Merge pull request #29907 from poettering/dispatch-uint64_t-as-string
  * Merge pull request #29876 from poettering/kernel-install-all
  * systemctl: grey out legend
  * Merge pull request #28519 from ddstreet/tpm2_external_seal
  * man: add missing unit file section name to example
  * man: update COREDUMP_xyz journal fields docs
  * man: be even clearer that tmpfiles user/group/mode are applied on existing inodes
  * man,doc: document some aspects of user record management/homed a bit better
  * man: explicitly document compat guarantees of cryptenroll vs. cryptsetup
  * service: say explicitly that people should not use different NonBlocking= settings if they share socket units between multiple service units
  * man: document that Domains=local bind the domain to unicast DNS, not mDNS
  * man: document that changing --uid= doesn't work
  * update TODO
  * Merge pull request #29926 from poettering/man-fixes
  * update TODO
  * man: document explicitly tha ReadWritePaths= cannot undo superblock read-only settings
  * repart,cryptenroll: bring tpm2 switches/--help/handling in a single, canonical order
  * tpm2-util: move loading of TPM2B_PUBLIC from disk into tpm2-util.c
  * cryptenroll: slightly reorder things
  * repart: add --tpm2-device-key= to repart, too
  * test: make sure --tpm2-device-key= works correctly in repart, too
  * update TODO
  * repart: add missing --tpm2-pcrlock= in --help text
  * tpm2-setup: also save the SRK to the file system in TPM2_PUBLIC format
  * analyze: add "srk" verb to extract current srk from TPM2 chip
  * man: update --tpm2-device-key= docs to reference the new ways to get the SRK
  * test: test the new srk extraction functionality
  * update TODO
  * execute: add new helper exec_context_apply_tty_size()
  * exec-invoke: only reset tty if we are told to
  * execute: make clear what reset_terminal_fd()'s 2nd param is about
  * execute: use right fd to fix tty size
  * execute: add comment explaining what stdio_as_fds does
  * repart: mention how long it took to copy in data blocks
  * repart: when we copy in blocks, indicate we are doing from an offset
  * repart: say on which device we apply things
  * repart: downgrade pcrlock pickup log message
  * Merge pull request #29995 from keszybz/voidify-timestamp-getters
  * util-lib: share plymouth client code
  * storagetm: show connection data also via plymouth
  * units: pull in plymouth when booting into storagetm mode
  * mount-tool: reduce scope of enum
  * mount-tool: rely on format-table.c's ersatz logic
  * mount-tool: make internal and external column name match
  * ci: work around mold/clang incompat
  * udev-util: add generic device_get_{vendor,model}_string() helpers
  * tests: add macro for generating function enter log message
  * test-tpm2: skip RSA generating TPM2 tests on physical hw
  * test-tpm2: raise timeout, as RSA is slow
  * id128: add id128_digest() helper
  * storagetm: expose more useful metadata for nvme block devices
  * NEWS fixes
  * gpt-auto-generator: drop in_initrd() check in add_partition_root_rw()
  * gpt-auto-generator: add comment + assert() explaining mode of invocation
  * gpt-auto-generator: don't eat up errors of generator_enable_remount_fs_service()
  * gpt-auto-generator: hook in "growfs" for the root fs if the GPT flag 59 says so
  * boot: measure config first, only then parse
  * dissect: right-align size column in --discover table
  * dissect: set dash as ersatz string
  * discover-image: reindent string table
  * discover-image: use TAKE_PTR() where appropriate
  * update TODO
  * update TODO
  * terminal-util: add macro for adding underline to existing formats
  * format-table: add a proper "underline" concept to cells
  * systemctl: port to the new underline cell attribute
  * systemctl: also grey out useful hints in output, since no primary contents shown here
  * pcrlock: make sure we don't choke on empty records
  * pcrlock: check for embedded NUL bytes
  * TODO: register more mime types
  * tpm2-util: rename json field "tpm2-pcrlock" → "tpm2_pcrlock"
  * test: make sure pcrlock tests run headless
  * update TODO
  * terminal-util: trivial modernizations for reset_terminal_fd()
  * terminal-util: drop ECHOPRT flag from TTY settings when resetting
  * firstboot: reset terminal settings right before asking a question
  * machine-credential: fix error logging
  * machine-credential: fix GREEDY_REALLOC error handling
  * machine-credential: use word 'Credential' rather than 'MachineCredential'
  * machine-credential: simplify code a bit
  * machine-credential: tweak --load-credential= use a bit
  * fs-util: add comment explaining what xopenat() is for
  * recurse-dir: correct comment
  * pcrextend: fix minor memory leak
  * stat-util: make file name arguments optional in inode_same_at()
  * ptyfwd: don't reset TTY twice if stdin/stdout point to same TTY
  * log: when writing a log message to a TTY always end line in CRNL
  * update TODO
  * rules: don't condition usb-gadget.target target on 'add' action
  * logind: align columns of a table
  * loginctl: set appropriate ersatz strings for all tables
  * loginctl: show null fields for unset seat/tty fields of sessions
  * gpt-auto-generator: enable TPM2 unlocking in gpt-auto-generator
  * pam-util: fix pam_syslog_pam_error() format string
  * boot: suffix SecureBoot message with newline
  * homed: properly handle operation exit statusses
  * stub: get_extra_dir() can return NULL
  * stdio-bridge: properly handle org.freedesktop.DBus.Local.Disconnected signal
  * man: add '=' suffix to journalctl switches that take parameter
  * journalctl: add short option "-i" for "--file="
  * README: mention Matrix channel
  * pid1: add ProtectSystem= as system-wide configuration, and default it to true in the initrd
  * userdbctl: enable ssh-authorized-keys logic by default
  * mime: register confext/sysext images in shared-mime-info
  * user-util: add new helper fully_set_uid_gid()
  * show-status: suffix output ith CRNL rather than just NL
  * Merge pull request #30183 from poettering/nlcr
  * recurse-dir: add new readdir_all_at() helper
  * Merge pull request #30101 from poettering/underline-rework
  * analyze: add "architectures" verb that lists all known architectures
  * analyze: teach "capability" verb JSON output too
  * analyze: teach "exit-status" verb json output too
  * Merge pull request #30338 from keszybz/fwrite-error-handling
  * Merge pull request #30271 from YHNdnzj/executor-cloexec
  * nspawn: suffix some paths in log messages with /, as per coding style
  * nspawn: drop redundant assignments
  * execute: handle gracefully if we cannot lock /dev/console when resetting tty due to perms
  * execute: improve log message about TTY ownership reset failures
  * dissect-image: path[] is now defined for all metadata fields
  * dissect-image: handle 'continue' event in metadata acquisition uniformly
  * dissect-image: don't try to validate an extension release file with no image name
  * dissect-image: fix fd leak in dissected_image_acquire_metadata()
  * dissect-image: move comment to right place
  * dissect-tool: right-align the partition number
  * varlink: improve compat with varlink C reference implementation
  * cgroup: bring list of delegated cgroup attributes up-to-date with current kernels
  * test: test that delegation of some newer attrs that shall be delegated work
  * blockdev-util: add new helper blockdev_get_device_size()
  * loop-util: also store the device size in LoopDevice
  * loop-util: remember if we created the LoopDevice
  * dissect-image: also store the image size in DissectedImage
  * dissect-tool: show sector/image size from DissectedImage object
  * dissect-tool: hide device column if it's a short-lived loopback device
  * pidref: add pidref_set_parent() for race-freely getting pidref on ppid
  * userwork: port to pidref_set_parent()
  * update TODO
  * userdbd: properly close the listener fd on exit
  * userdbd: drop redundant empty line
  * userdbd: realign table
  * userbd: modernize process_connection() fd possession logic
  * userdbd: split out function to find listener fd
  * mount-util: make sure mount_switch_root() works as clean NOP when '/' is specified as target
  * rlimit-util: add pid_getrlimit() helper
  * resolved: increase most label buffers to fit a trailing NUL byte
  * specifier: use mempcpy() where we can
  * Merge pull request #30479 from keszybz/man-pages-synopsis-layout
  * creds-util: add helper for opening the credentials directory
  * homectl: when taking a JSON user record as input, strip secttions we don't want rather than complain about them
  * firstboot: adjust what systemd.firstboot=no on the kernel cmdline does
  * homectl: add "firstboot" command
  * mkosi: use systemd.firstboot=no to turn of interactivity at boot
  * update TODO
  * 64bit mount id
  * Merge pull request #30150 from poettering/homectl-interactive
  * Merge pull request #30321 from yuwata/find-esp
  * Merge pull request #30515 from poettering/dnslabelmax
  * update TODO
  * ether-addr-util: split out logic to mark MAC addresses as random
  * siphash: make sure siphash24_compress_usec_t() works the same on LE/BE archs
  * varlink: these two errors where added to the spec, we aren't squatting the namespace anymore
  * run: arg_service_type is not supposed to be allocated from heap
  * run: underline section titles in --help as we usually do
  * ptyfwd: reset colors when we exit the pty forwarding logic
  * ptyfwd: make sure pty_forward_free() follows our usual semantics regarding NULL
  * core: imply SetLoginEnvironment= if PAMName= is set
  * dbus-execute: use new exec_context_get_set_login_environment() helper also as backing for dbus property
  * socket-util: make sure SO_PEERSEC returned string is always NUL terminated
  * socket-util: remove unnecessary variable
  * varlink: switch various log calls to the local log helpers
  * varlink: never turn method call handler errors into connection errors
  * varlink: add an extra assert encoding our assumption that ucred is valid here
  * varlink: check state rather than flags to determine whether it makes sense to reply
  * env-util: add strv_env_assignf() helper
  * run: when invoked as "uid0", expose some sudo-like behaviour
  * run: optionally set the "ignore-failure" flag for ExecStart= lines
  * mkosi: don't turn off installation of our PAM snippets
  * terminal-util: add helper for disabling terminal echo in termios struct
  * terminal-util: add helper that determines terminal default bg color
  * ptyfwd: optionally, change ANSI background color of forwarded terminals
  * color-util: split out HSV color conversion into color-util.[ch]
  * color-util: add helper to convert RGB → HSV
  * run/uid0: tint the terminal background color (and add new --background= switch)
  * man: try to improve wording on --slice-inherit docs
  * test: add minimal integration test coverage for uid0 tool
  * update TODO
  * varlink: add helper varlink_error_invalid_parameter_name()
  * creds: add varlink API for encrypting/decrypting credentials
  * test: add simple creds/varlink integration test
  * varlink: add helper varlink_error_invalid_parameter_name()
  * varlink: make use of varlink_error_invalid_parameter() helper where appropriate
  * polkit: simplify bus_verify_polkit_async() + drop auth-by-cap dbus feature
  * Merge pull request #30547 from poettering/uid0
  * Merge pull request #28658 from H5117/enroll_with_ec
  * Merge pull request #30284 from YHNdnzj/fstab-wantedby-defaultdeps
  * service: don't try to determine selinux label for socket activation if RootImage= is used
  * networkd: add basic Varlink interface
  * efi-loader: when detecting if we are booted in UKI measured boot mode, imply a check for TPM2
  * Revert "units: add ConditionSecurity=tpm2 to systemd-tpm2-setup units"
  * pidref: add helpers for waiting for pidref processes
  * process-util: add pidref_safe_fork() helper
  * process-util: add new pid{ref,}_get_start_time() helper
  * socket-util: add helper for getting peer pidfd
  * varlink: add new helper varlink_get_peer_pidref() for getting PidRef of peer
  * varlink: add two helpers for delayed processing of method calls
  * stub: pick up confexts from the ESP as well
  * confext: make sure we pick up configuration extensions passed to us from the stub
  * bus-polkit: add support for authenticating varlink peers via polkit
  * bus-polkit: port polkit_registry to use value destructors in hash_ops
  * creds: open up access to clients via Polkit
  * test-64: only look at plugged devices, not all of them
  * units: add a tpm2.target synchronization point and small generator that pulls in
  * update TODO
  * tpm2-util: handle TPMs gracefully that do not support ECC and return TPM2_RC_VALUES
  * Merge pull request #30697 from yuwata/network-address-remove-and-cancel
  * Merge pull request #30704 from yuwata/sd-dhcp-server-lease
  * Merge pull request #30194 from poettering/tpm-target
  * Merge pull request #29940 from poettering/stub-confext-pickup
  * strv: add new strv_endswith() helper
  * string-util: add strrstr() helper
  * stat-util: add inode_type_from_string() helper
  * shared: add new "vpick" concept for ".v/" directories that contain versioned resources
  * vpick: add new tool "systemd-vpick" which exposes vpick on the command line
  * nspawn: hook up --image=/--directory=/--template= with vpick logic
  * dissect: port to vpick for selecting image
  * execute: teach RootDirectory= and RootImage= the new vpick logic
  * discover-image: add support for vpick
  * man: document the new vpick concept
  * tests: add integration tests for vpick logic
  * update TODO
  * Merge pull request #26663 from poettering/vpick
  * Merge pull request #30513 from rpigott/resolved-ede
  * pam-util: add pam_get_item_many() helper that gets many PAM items at once
  * pam_systemd: move over to pam_get_item_many()
  * pam_systemd_home: port over to pam_get_item_many()
  * logind: cast various calls that return errors we ignore to (void)
  * homed: add some function parameter assert()s
  * pam_systemd_home: minor coding style adjustment
  * logind: use FOREACH_ARRAY() where appropriate
  * execute: make sure Type=exec and PAMName= work together
  * tmpfiles: always list tmpfiles line types in same order
  * tmpfiles: 'x' takes globs, hence clean it with globbing
  * pam_systemd: drop unnecessary strempty() of 'tty' variable
  * homed: add missing bus call to homed access policy
  * Merge pull request #30736 from YHNdnzj/loginctl-self
  * Merge pull request #30578 from bluca/polkit-varlink
  * homed: tone down log message about bad passwords a bit
  * homed: fix home_count_bad_authentication() counting
  * homed: when empty username is passed to bus calls, operate on client's UID
  * logind: don't make idle action timer accuracy more coarse than timeout
  * update TODO
  * logind: do TTY idle logic only for sessions marked as "tty"
  * Merge pull request #30744 from poettering/logind-trivial-tweaks
  * logind: explain session class types a bit
  * logind: rework the special casing we give root's sessions
  * Merge pull request #30758 from YHNdnzj/vpick-not-ptr
  * Merge pull request #30749 from poettering/tmpfiles-verb-fix
  * json: drop redundant check
  * logind: use unlink_and_free() at once more place
  * find-esp: adjust parameter indentating to our usual coding style
  * creds: rename "tpm2-absent" encryption to "null" encryption
  * creds-util: automatically append NUL byte to decrypted creds
  * Merge pull request #30769 from AdrianVovk/statx-timestamp
  * Merge pull request #30753 from aafeijoo-suse/special-refactor
  * Merge pull request #30731 from poettering/logind-user-early
  * Merge pull request #30728 from polarina/noda
  * update TODO
  * json: add more iovec helpers for serializing/deserializing binary data
  * iovec-util: rework IOVEC_MAKE_STRING() to work with compound initialized input
  * iovec-util: add iovec_is_valid() helper
  * iovec-util: add new iovec_memcmp() helper
  * iovec-util: add new iovec_memdup() helper
  * iovec-util: add CONST_IOVEC_MAKE_STRING()
  * test: add unit tests for the new iovec helpers
  * tpm2-util: more iovec'ification
  * json: add macro for automatically defining a dispatcher for an enum
  * test: add unit test for JSON_DISPATCH_ENUM_DEFINE()
  * user-record: port over to JSON_DISPATCH_ENUM_DEFINE()
  * oomd: make use of new JSON_DISPATCH_ENUM_DEFINE() macro
  * Merge pull request #29692 from H5117/fix_pkcs11_uri
  * json: add new dispatch flag JSON_ALLOW_EXTENSIONS
  * tree-wide: use JSON_ALLOW_EXTENSIONS when disptching at various places
  * Merge pull request #30785 from poettering/json-allow-extensions
  * Merge pull request #30784 from poettering/json-dispatch-enum
  * Merge pull request #30754 from poettering/iovecification
  * creds-util: optionally, allow NULL credentials even with TPM
  * test: add credential encryption/decryption test
  * fileio: add new flag WRITE_STRING_FILE_MODE_0444
  * nspawn: set read-only access mode on two /run/host/ files
  * missing: add a bunch of vsock related defines
  * socket-util: add more careful parsers for AF_VSOCK cid/port
  * nspawn: add new common make_run_host() helper
  * Merge pull request #30791 from poettering/nspawn-restrict-run-host
  * dev-setup: rework make_inaccessible_nodes() around openat() and friends
  * nspawn: lock down access to notify socket a bit
  * socket-util: add helper for querying the local AF_VSOCK CID
  * hostnamed: expose local AF_VSOCK CID among other host info
  * network-generator: pick up .netdev/.link/.network configuration via credentials
  * Merge pull request #30787 from poettering/hostnamed-cid
  * Merge pull request #30827 from poettering/network-generator-creds
  * bus-polkit: fix memory leak
  * env-util: add new setenvf() helper
  * process-util: turn off O_NONBLOCK on stdio fds when rearranging fds
  * varlink: turn off O_NONBLOCK in exec: transport
  * varlink: add "ssh:" transport
  * sd-bus: also intrepret $SYSTEMD_SSH env var
  * discover-image: don't accidentally set /run/systemd/nspawn/ access mode too strict
  * socket-util: modernize socknameinfo_pretty() a bit
  * hostnamed: port to sd_event_set_signal_exit()
  * hostnamed: move bus and event loop object into Context object
  * id128-util: do not expose product UUID when running in a container
  * testsuite-71: reset startlimit counter manually
  * hostnamed: add simple Varlink API, too
  * hostnamed: always include VSockCID property in describe JSON
  * Merge pull request #30826 from YHNdnzj/networkd-wireguard-credential
  * update TODO
  * Merge pull request #30833 from poettering/hostnamed-varlink
  * nspawn: drop empty #if/#endif section
  * Merge pull request #30844 from keszybz/rename-uid-alloc-range
  * Merge pull request #30853 from YHNdnzj/mount-accept-fstab-node
  * Merge pull request #30849 from YHNdnzj/daemon-modernization
  * Merge pull request #30839 from yuwata/detect-virt-google
  * Merge pull request #30860 from aafeijoo-suse/kernel-install-leak-fix
  * Merge pull request #30786 from yuwata/udev-net-link-property
  * pam_systemd_home: move two bool flags into a proper flags parameter
  * pam-util: implement our own pam_prompt() replacement, that doesn't log loudly
  * network: take explicit ownership of our own interfaces
  * Merge pull request #30879 from yuwata/dhcp-client-id-json
  * man: fix references to systemd.exec(5)
  * mkosi: also add ssh client, to make it easier to test ssh logins via AF_UNIX/AF_VSOCK
  * generator: optionally return resulting unit file path in generator_open_unit_file_full()
  * generator: teach generator_add_symlink_full() to optionally make alias symlinks rather than just .wants/ style symlinks
  * install: optionally return discovered unit file path in unit_file_exists()
  * iovec-util: add helper for a single NUL byte iovec
  * ssh-generator: add simple new generator
  * ssh-proxy: add ssh ProxyCommand tool that can connect to AF_UNIX + AF_VSOCK sockets
  * nspawn: expose a dir in the container where it can bind AF_UNIX sockets that will appear on the host
  * doc: document new /run/host/ inodes in container interface doc
  * test: add testcase for ssh generator
  * update TODO
  * logind: track user service managers as 'manager' session class
  * pam_systemd: register systemd user service manager as class='manager'
  * logind: add "background-light" session class
  * logind: rework logic to decide whether lock + idle + display applies to a session
  * logind: rework GC logic
  * logind: tighten for which classes of sessions we do stop-on-idle
  * test: add integration test for new 'background-light' session class
  * man: document the expanded catalogue of session classes
  * id128: add --no-pager, --no-legend, --json=/-j switches to systemd-id128 tool
  * logind: allow taking control of devices only in some session types
  * logind: also restrict on which session classes one cange the session type
  * Merge pull request #30884 from poettering/logind-background-light
  * Merge pull request #30777 from poettering/ssh-generator
  * update TODO
  * homed: add helpers for checking reference status of homes
  * man: fix typo AV_VSOCK → AF_VSOCK
  * json: downgrade extension log message to LOG_DEBUG
  * vmspawn: make sure are fine with ovmf metadata extensions
  * vmspawn: fix empty lines before section titles in --help text
  * vmspawn: use our generic vsock CID parser, instead of a howngrown one
  * vmspawn: use SD_EVENT_SIGNAL_PROCMASK flag where possible
  * vmspawn: suppress unnecessary '-'
  * Merge pull request #30911 from poettering/vmspawn-tweaks
  * sd-netlink: hook up nsid APIs
  * socket-util: add netns_get_nsid() helper to show nsid of netns
  * networkd: expose nsid via dbus
  * networkd: expose the nsid in the GetNamespaceId() varlink call
  * varlink-idl: prefix all varlink IDL debug lines wit "Varlink-IDL:"
  * varlink: also honour new env var $SYSTEMD_VARLINK_LISTEN in varlink_server_listen_auto()
  * bus-polkit: treat various well-known PK errors as denied
  * bus-polkit: explicitly cast away return value we ignore
  * bus-polkit: don't return positive in varlink_verify_polkit_async() just because we already sent an error reply
  * creds-util: simplify offset calculation a bit
  * creds-util: drop unnecessary include
  * user-util: modernize get_user_creds() + get_group_creds()
  * user-util: honour PREFER_NSS flag in get_group_creds() the same way as we already do in get_user_creds()
  * Merge pull request #30960 from poettering/get-user-creds-modernization
  * varlink: optionally, mark all incoming message's "parameters" field as sensitive
  * json: export json_variant_is_sensitive_recursive()
  * json: replace JSON_FORMAT_REFUSE_SENSITIVE with JSON_FORMAT_CENSOR_SENSITIVE
  * varlink: restore debug output on incoming messages
  * Merge pull request #30944 from CodethinkLabs/vmspawn/fix_fedora_issues
  * Merge pull request #30958 from YHNdnzj/loginctl-list-session-more-info
  * strv: modernize strv_insert()
  * strv: remove strv_extend_front()
  * strv: add strv_extend_many() helper
  * tree-wide: port over various pieces of code to strv_extend_many()
  * dbus-unit: don't eat up error codes needlessly
  * tree-wide: propagate the error we got from strv_extend_xyz() to the caller
  * exec-credential: strv_extend() handles NULL strings gracefully
  * ssh-generator: correct log level of one function
  * Merge pull request #30974 from poettering/strv-extend-many
  * Merge pull request #30971 from ddstreet/tpm2_key_conversion
  * varlink: add helper that turns varlink errors back to errnos, client-side
  * varlink: in varlink_observe() correctly collect error parameters
  * varlink: if varlink_call() is called with ret_error_id=NULL propagate error via return value
  * varlink: drop "ret_flags" parameter from varlink_call()
  * varlink: introduce varlink_call_and_log() which calls and then logs an error
  * Merge pull request #30980 from poettering/varlink-call-full
  * vmspawn: include qemu cmdline in debug output
  * mime: expose a mime type for encrypted credentials
  * mime: also add magic-based mime type rules for our other binary files
  * man: don't suggest using pam_unix.so's use_authtok switch
  * dissect-image: introduce new get_common_dissect_directory() helper
  * Merge pull request #30973 from mrc0mmand/gcc14
  * Merge pull request #31013 from YHNdnzj/logind-modernization-split
  * Merge pull request #31012 from YHNdnzj/pam-systemd-session-busy
  * core: maintain a single table with event source priorities
  * manager: process exec_fd (i.e. Type=exec) events before SIGCHLD events
  * manager: renumber priorities
  * manager: order idle jobs
  * test: add integration test for Type=exec robustness
  * Merge pull request #31016 from poettering/pid1-priority-rework
  * run: the --background= switch expects an argument
  * ptyfwd: when leaving a session with tinted background, clear to end of screen
  * event-util: add helper for adding pidref child to event loop
  * vmspawn: rework how we spawn qemu off
  * vmspawn: modernize setup_notify_parent() a bit
  * vmspawn: use execv() rather than execve() if we just want to pass 'environ' as env block
  * vmspawn: close host vsock fd once we passed it to the child
  * vmspawn: ENODEV is not the only error the kernel returns if a device is not there
  * hostnamed: expose /etc/os-release and /etc/machine-info data in full
  * hostnamectl: add -j switch for quick json output
  * pcrlock: also write pcrlock policy as unencrypted credential to XBOOTLDR/ESP
  * pcrlock: when unlocking try to pick up pcrlock policy from system credentials
  * test: add new credential-based pcrlock policy unlock
  * man: document new rootfs support for pcrlock policies
  * vmspawn: rework firmware selection logic
  * vmspawn: make sure to pass the right firmware image type to qemu
  * vmspawn: print a helpful message when we start the VM
  * vmspawn: make "-m" value formatting independent of locale
  * nspawn,vmspawn: let's add some terminal magic to the welcome text
  * Merge pull request #31023 from poettering/vmspawn-work
  * user-util: validate the right field
  * user-util: add get{pw,gr}{uid,gid,name}_malloc() helpers
  * Merge pull request #31011 from poettering/getpwnam-tweaks
  * Merge pull request #31019 from poettering/hostnamed-full-os-release
  * varlink: make sure varlink_server_detach_event() doesn't leave invalid pointer around
  * Merge pull request #31057 from aafeijoo-suse/bootctl-print-fix
  * Merge pull request #31061 from yuwata/pidref_copy
  * nspawn: optionally tint the background color of a container
  * color-util: make return values of rgb_to_hsv() optional
  * pretty-print: split out color tinting into a helper of its own
  * nspawn: tint the terminal bg blue if we are in a container
  * unit: systemd-creds.socket is statically enabled, hence drop [Install]
  * dissect: show image name separately from filename
  * preset: add some alphabetical sorting
  * repart: don't try to determine sector size from a disk image we should consider empty
  * Merge pull request #31026 from poettering/nspawn-tint
  * nspawn: fix separating empty lines in --help text
  * Merge pull request #31067 from RA-Kooi/xen-uuid
  * Merge pull request #31003 from enr0n/skip-test-when-apparmor-restricts-userns
  * user-util: add comments explaining what the user name size limits effectively mean
  * cgroup: don't enable bpf pseudo-controllers when doing a wildcard delegation
  * core: rename "bpf-lsm.[ch]" → "bpf-restrict-fs.[ch]"
  * Merge pull request #31087 from YHNdnzj/logind-cleanup
  * bpf-restrict-fs: also rename functions to bpf_restrict_fs_xyz()
  * core: rename restrict-ifaces.[ch] → bpf-restrict-ifaces.[ch]
  * bpf-socket-bind: rename bpf_serialize_socket_bind() → bpf_socket_bind_serialize()
  * update TODO
  * Merge pull request #31082 from yuwata/network-cleanups-for-removing-routes
  * Merge pull request #31089 from keszybz/drop-syscall-filtering-and-new-syscalls
  * dissect: add --make-archive option to convert DDI to tarball
  * update TODO
  * socket-util: start SO_PEERGROUP loop with sysconf(_SC_NGROUPS_MAX), too
  * sd-bus: add pidfd to the sd_bus_creds structure
  * sd-bus: also read supplementary gids from bus driver
  * sd-bus: tighten rules on sd_bus_query_sender_creds() a bit
  * bus-util: add helper for getting PidRef structs from bus
  * tree-wide: port various things over to new pidref helpers
  * man: document the new APIs
  * update TODO
  * sleep: add mising error message
  * sleep: remove redundant debug log message
  * sleep: upgrade some unexpected errors to LOG_WARNING log messages
  * sleep: upgrade fatal log message to LOG_ERR
  * Merge pull request #31126 from poettering/sleep-error-msg
  * Merge pull request #31121 from YHNdnzj/notify-man
  * creds-util: add a concept of "user-scoped" credentials
  * creds-tool: add --user/--uid= to operate with scoped credentials
  * creds: allow Varlink clients to encrypt/decrypt their own credentials without polkit authentication
  * creds-util: add IPC client wrapper for new varlink apis
  * creds: go via IPC service when unprivileged and trying to access services
  * test: add integration test for per-user creds
  * man: document new user-scoped credentials
  * update TODO
  * Merge pull request #31124 from keszybz/various-small-tweaks
  * Merge pull request #31120 from YHNdnzj/strv-env-non-pure
  * Merge pull request #31109 from yuwata/nspawn-resolve-network-interface-before-move
  * Merge pull request #30968 from poettering/per-user-creds
  * Merge pull request #31039 from AdrianVovk/slice-freeze-thaw
  * update TODO
  * Merge pull request #30847 from keszybz/some-docs-updates
  * namespace: don't invoke loopback_setup() unless we allocate a CLONE_NEWNET namespace
  * test-namespace: SOCK_CLOEXEC'ify all the things
  * Merge pull request #31144 from poettering/less-loopback
  * resolvectl: add JSON output support for "resolvectl query"
  * resolvectl: add basic ANSI markup to --help text
  * Merge pull request #31141 from poettering/resolvectl-more-json
  * parse-helpers: indent according to coding style
  * exec-invoke: rework apply_working_directory() around chase()
  * mountpoint-util: add small helper that checks if a path is below the API VFS hierarchies
  * parse-helpers: add new PATH_CHECK_NON_API_VFS flag
  * exec-invoke: extend comment on placement of apply_working_directory() call
  * dbus: make dbus property parsing of WorkingDirectory= equally strict as loading it from the unit files
  * parse-helpers: adjust log level when we say we ignore to LOG_WARNING
  * load-fragment: set PATH_CHECK_NON_API_VFS flag at various other places
  * nspawn: also refuse paths below API VFS in nspawn's --chdir= field
  * nspawn: and also add comment, making clear chdir() should come late
  * Merge pull request #30766 from polarina/cryptenroll-tpm2-unlock
  * sysext: fix --help indenting/line breaking
  * sysext: rename "directory_name" field to "full_identifier"
  * sysext: point to the right man page for the mode we are invoked in
  * sysext: output an appropriate blurb for the mode we are executed in
  * dev-setup: normalize logging around lock_dev_console()
  * pid1,vconsole-setup: gracefully handle if /dev/vconsole is not accessible due to ENODEV
  * bpf-devices: normalize how we pass around major/minor values
  * bpf-devices: normalize the return handling of functions that put together policy
  * bpf-devices: if a device node is referenced which doesn't exist, downgrade log message
  * Merge pull request #31269 from poettering/vconsole-enodev
  * ptyfwd: tweaks to background tinting logic
  * ptyfwd: optionally update window title if we are running a ptyfwd session
  * glyph-util: add colored circle glyphs
  * nspawn: set window title from container name
  * run: set window title
  * ptyfwd: simplify error handling in shovel()
  * ptyfwd: automatically turn off tinting/window title logic on dumb terminals
  * pid1: make MaxConnectionsPerSource= also work for AF_UNIX sockets
  * units: enable MaxConnectionsPerSocket= for all our Accept=yes units
  * test: add a simple test for MaxConnectionsPerSocket=
  * pcrlock: use log_setup()
  * pcrlock: split out generation of CEL objects into helper func
  * pcrlock: add basic Varlink interface
  * varlink: enforce a maximum size limit on replies collected via varlink_collect()
  * varlink: properly return reply flags to callers
  * varlink: rework varlink_collect()
  * varlinkctl: add new --collect switch
  * varlinkctl: if "call" verb is used, imply "-j"
  * test: add brief test for prclock varlink interfaces and varlinkctl --collect
  * update TODO
  * Merge pull request #31076 from CodethinkLabs/vmspawn/directory_image_support
  * missing: change our close_range() syscall wrapper to map glibc's
  * Merge pull request #31242 from poettering/socket-uid-account
  * btrfs-util: rework btrfs_is_nocow_fd() around fd_is_fs_type() + read_attr_fd()
  * btrfs-util: use memdup_suffix0() instead of strndup() at one more place
  * btrfs-util: apparently btrfs ioctls return unaligned data. deal with it.
  * Merge pull request #31233 from poettering/pcrlock-varlink
  * Merge pull request #31284 from poettering/btrfs-alignment
  * update TODO
  * Merge pull request #30380 from keszybz/tmpfiles-dry-run
  * Merge pull request #31297 from AdrianVovk/sha256-util-lib
  * Merge pull request #31206 from AdrianVovk/user-record-fields
  * update TODO
  * journald: when getting journal data via memfd, check flags are valid
  * journald: rebreak some comments
  * Merge pull request #31319 from poettering/journal-tighten-memfd-flags
  * logind: add new 'user-incomplete' session class
  * pam-systemd: automatically enable "incomplete" user session if XDG_SESSION_INCOMPLETE env var is set
  * logind: add ability to upgrade session class from 'user-incomplete' to 'user'
  * user-record: add fields for a fallback home dir + shell
  * user-record-show: show if fallback data is used
  * homed: add bus call that allows referencing a home without activating it
  * homed: add a ActivateHomeIfReferenced() bus call
  * homectl: implement fallback shell stub
  * pam_systemd_home: in ssh logins and similar, ask via fallback shall for home password
  * homed: generate fallback data in user record, for inactive homes
  * man: update D-Bus docs with new calls
  * pam_systemd_home: make sure we handle RefUnit() returning HomeBusy properly
  * test: add test that ensures homed logins via SSH work
  * update TODO
  * efi-loader: make efi_loader_get_entries() handling missing NUL termination gracefully
  * bootspec: split out helper that turns BootEntry into a JSON object
  * bootctl: add a Varlink interface
  * Merge pull request #30226 from poettering/homed-fallback-shell
  * cgroup: normalize parameter order in format_cgroup_memory_comparison()
  * core: split out cgroup specific state fields from Unit → CGroupRuntime
  * update TODO
  * Merge pull request #30263 from msizanoen1/fix-onboot-rotate-2
  * cgroup: typo fix initial_restric_ifaces_link_fds → initial_restrict_ifaces_link_fds
  * ask-password: rework how we pass request meta info when asking passwords
  * cryptenroll: fix type confusion on acquire_tpm2_key() parameter
  * dissect-image: use strv_free_erase() at one more place
  * cryptenroll: use correct askpw id for pw request
  * pcrlock: normalize credential name for TPM2 PIN
  * libfido2: tweak credential to read fido2 PIN from
  * cryptenroll: use a different credential for new new PIN
  * pkcs11-util: clean up credential handling for PKCS11 PIN
  * cryptenroll,cryptsetup: clean up unlock credential for TPM2 + FIDO2
  * cryptsetup-pkcs11: also plug credential name to use to credential plugin
  * man: now that the crdentials used by systemd-cryptenroll are in order, document them
  * man: tweak cryptsetup credentials docs a bit
  * cryptsetup: drop "headless" bool, make it a flag in AskPasswordFlags instead
  * basic: add "build path" logic
  * build-path: allow overriding of all callout binary paths via an env var
  * homed: port to use new invoke_callout_binary() API
  * importd: port importd over to new invoke_callout_binary() API
  * userdbd: port userdbd over to invoke_callout_binary()
  * sysupdate: port over to new invoke_callout_binary() call
  * pid1: port executor binary pinning to new build path logic
  * process-util: use proc_mounted() check at one more place
  * pcrlock: document the env vars we honour to find measurement logs
  * pcrlock: handle measurement logs where hash algs in header are announced in different order than in records
  * bsod: adjust --help text to match our usual output
  * bsod: add new option --tty= to specify TTY to output on
  * bsod: remove some duplicate logging
  * bsod: make sure "Press Any Key" has a blue background too
  * bsod: correct log level on some messages
  * bsod: normalize VT indexes
  * bsod: remove one redundant variable
  * bsod: don't fail in an error path
  * update TODO
  * vspawn: prefer "VSOCK" spelling over "vsock" and "VSock"
  * vmspawn: rename "qemu" specific switches to not carry the "qemu" prefix
  * tree-wide: be more careful when passing literal integers to "t" bus message fields
  * sd-stub: drop any support for TPM 1.2
  * update TODO
  * update TODO
  * update TODO
  * Merge pull request #31456 from poettering/tpm1.2-no-more
  * Merge pull request #31455 from keszybz/restore-docs-urls
  * vmspawn: drop "const" from string we free
  * vmspawn: disable all PCR banks but SHA256
  * update TODO
  * signal-util: use RET_NERRNO() + RET_GATHER() more
  * signal-util: imply sentinel -1 in sigprocmask_many() + sigset_add_many() args list
  * ptyfwd: optionally prefix window title with colored dot
  * run: use sd_event_set_signal_exit() at one more place
  * pretty-print: make tinting a bit less aggressive
  * vmspawn: use our own ptyfwd code for the console of a VM
  * nspawn: hide ^] hint unless we are interactive mode
  * update TODO
  * bootspec: don't complain about valid loader.conf settings
  * nspawn: minor coding style tweaks to nspawn-register.c
  * userbdb: pass log level from main daemon to worker
  * resolved: exit function if varlink_dispatch() returns > 0
  * tree-wide: use "_" rather than "-" as separator in kernel cmdline options
  * man: add a few missing entries to kernel-command-line man page
  * env-util: rename getenv_bool_secure() → secure_getenv_bool()
  * env-util: also rename getenv_uint64_secure() → secure_getenv_uint64()
  * dissect-image: add flag for explicitly enabling userspace verity signature checking
  * dissect: condition usespace verity keyring via kernel cmdline option + env var
  * Merge pull request #31514 from CodethinkLabs/ptyfwd_issues
  * Merge pull request #31531 from poettering/verity-userspace-optional
  * dissect-image: fix build
  * ssh-generator: handle gracefully if AF_VSOCK works, but /dev/vsock doesn't
  * ssh-generator: don't do AF_VSOCK stuff if we run in a container
  * tree-wide: switch dlopen hooks over to DLSYM_PROTOTYPE()/DLSYM_FUNCTION()
  * vmspawn: actually pass UUID down to qemu
  * busctl: don't hit an assert if we call invalid bus method names
  * machinectl: mention -V in --help text
  * test74: create ssh empty dir all at the same place
  * fd-util: O_DIRECTORY is fine in fd_verify_safe_flags() too
  * sd-event: make return code of sd_event_get_exit_code() optional
  * curl-util: fix downloads from file:// URLs
  * importd: switch to pidref
  * importd: trivial modernizations
  * importd: modernize signal handling a bit
  * importctl: add standalone client to importd
  * importctl: modernize signal handling
  * importctl: port tabular output for format-table.h APIs
  * import: merge PullFlags enum into ImportFlags
  * importd: add support for downloading sysext/confext/portable images too
  * importd: tighten checks in fds passed to us
  * importctl: add support for selecting image class to download
  * importlisttransfersxclient
  * importd: validate local image names with the right helper
  * importd: make keeping pristine copy of downloaded images optional
  * importd: log the import callout that is going to be called
  * machinectl: chainload importctl for relevant verbs
  * importctl: draw a pretty progress bar while downloading
  * import: downgrade HTTP error code log message levels
  * import: mention explicitly which image directory we operate on
  * importd: pass log level to invoked child
  * importd: add command to list downloaded images
  * man: document new importctl/importd functionality
  * test: add integration test for importctl
  * update TODO
  * bus-util: add generic parser for extracting id128 values from bus messages
  * hostnamed: our base indentation is 8 spaces, not 9 spaces
  * hostnamed: in get_hardware_firmware_data() don't dup a string if we shan't return it
  * hostnamed: do some validation of the hw serial before we return it
  * hostnamed: add explicit BUS_ERROR_NO_HARDWARE_SERIAL error
  * hostnamectl: display product uuid + hardware serial in regular status output
  * Merge pull request #31565 from YHNdnzj/safe_dlclose
  * Merge pull request #31567 from YHNdnzj/service-unused-param
  * Merge pull request #31274 from bluca/measure_engine
  * Merge pull request #31571 from poettering/hostnamed-show-more
  * Merge pull request #31507 from poettering/import-modernize
  * hashmap: reorder fields to pack structure better
  * resolved: explicitly disconnect all left-over TCP connections when coming back from suspend
  * hostnamed: use sd_bus_reply_method_return() to shorten code a bit
  * hostnamectl: properly initialize the two timestamp fields before doing bus call
  * hostnamectl: gracefully handle old hostnamed replies to GetHardwareSerial()
  * update TODO
  * varlink: allow strings for integer varlink IDL fields
  * resolvectl: output nice error message if we can't JSONify RR
  * resolved: mention the Varlink interface of resolved
  * resolved,pcrlock: make a bunch of varlink introspection structures static
  * resolved: add new SD_RESOLVED_RELAX_SINGLE_LABEL resolver flag
  * resolvectl: expose new SD_RESOLVED_RELAX_SINGLE_LABEL flag in resolvectl
  * resolved: use relaxed single label rules when proxying DNS queries
  * resolved: enable DNS proxy mode if client wants DNSSEC
  * ci: disable test that is now answered by knot
  * resolved: do DNS RR type based routing
  * resolved: rename variable found_{a|aaaa} → question_for_{a|aaaa}
  * resolved: make outselves authoritative for /etc/hosts entries in full
  * resolved: make resolved authoritative in resolveing our local host name
  * escape: teach octescape() to work with NUL terminated strings
  * resolved: properly decode NAPTR RRs
  * udev: use strndupa_safe() rather than strndupa()
  * string-util: allow taking SIZE_MAX as size to shorten to
  * Merge pull request #31592 from YHNdnzj/exit-cgroup-notify
  * Merge pull request #30612 from AdrianVovk/sleep-freeze-user-seesions
  * resolved: move ResourceKey/ResourceRecord varlink types to generic Resolve interface
  * resolved: expose raw RR resolver via Varlink too
  * polkit: trivial simplification
  * polkit: turn "interactive" flag to polkit APIs into a proper flags field (#31715)
  * fd-util: beef up fd_verify_safe_flags() features
  * stat-util: add explicit helpers for checking if stat/statx is initialized
  * stat-util: make sure inode_type_to_string() handles anonymous inodes in a reasonable way
  * update TODO
  * Merge pull request #31731 from poettering/stat-is-set
  * polkit: allow checking if we already acquired some action
  * polkit: add new POLKIT_ALWAYS_QUERY flag
  * polkit: add another flag that controls how to treat the PK absent case
  * update TODO
  * update TODO
  * Merge pull request #31733 from poettering/polkit-more-flags
  * path-util: add helper that checks if a path definitely refers to a dir
  * fs-util: move link_fd() from tmpfile-util.c into generic fs-util.c
  * fs-util: add new helper linkat_replace()
  * tmpfile-util: port link_tmpfile_at() over to linkat_replace()
  * creds-util: port make_credential_host_secret() over to link_tmpfile_at()
  * Merge pull request #31770 from poettering/linkat-replace
  * man: shorten unnecessarily long example
  * sd-bus: add ability to connect to bus as a specific user
  * units: add systemd-capsule@.service
  * util: add capsule-util.[ch] with helpers for capsules
  * bus-util: add ability to connect directly to capsule instances of systemd --user
  * systemctl: allow connecting to capsule instances with --capsule=/-C
  * run: allow connecting to capsule instances with --capsule=/-C
  * busctl: teach busctl a --capsule=/-C switch too
  * man: document the new concepts
  * test: add integration test for capsules
  * update TODO
  * core: normalize how we issue sd_notify() from PID 1
  * manager: make manager_send_ready() more symmetric regarding per-user/per-service scope
  * hostname-setup: various modernizations
  * hostname-setup: send chosen hostname to supervisor via sd_notify()
  * machine-id-setup: inform supervisor about chosen machine ID
  * manager: clean up audit/plymouth code a bit
  * core: notify supervisor over targets we reach, as we reach them
  * ssh-generator: introduce ssh-access.target
  * manager: modernize code that enables special signal delivery to PID 1
  * manager: send an sd_notify() message informing the container manager when systemd's special UNIX signals become available
  * nspawn: add some debug logging for sd_notify() messages received by the container manager
  * docs: document new sd_notify() extensions
  * docs: properly line break WRITING_VM_AND_CONTAINER_MANAGERS.md
  * docs: update various links
  * docs: add a new document describing the VM interface of systemd
  * Merge pull request #31739 from poettering/pid1-sd-notify-tweaks
  * update TODO
  * notify-example: also send STOPPING=1 at exit
  * ssh-generator: create privsep dir via tmpfiles.d/ if we are told to
  * resolved: return ExpectedMore error if we require "more" varlink flag on method call
  * Revert "kernel-install: Add kernel version to title (#31581)"
  * sysupdate: use log_syntax() when logging about a configuration file
  * watchdog: clarify that we set the *watchdog* timeout
  * libkmod: turn into dlopen() dependency
  * update TODO
  * varlink: add varlink_get_peer_gid() helper
  * varlink: add varlink_peek_dup_fd() helper
  * image-policy: add a new image_policy_intersect() call
  * uid-range: add uid_range_overlaps() helper
  * uid-range: optionally load outside view of UID range from uid_map procfs file
  * uid-range: add new uid_range_load_userns_by_fd() helper
  * uid-range: add some basic operations on UidRange objects
  * namespace-util: add detach_mount_namespace_harder()
  * namespace-util: add helper for allocating an empty userns fd
  * namespace-util: add detach_mount_namespace_userns()
  * namespace-util: add namespace_open_by_type() helper
  * namespace-util: add new helper is_our_namespace()
  * bpf-dlopen: pick up more symbols from libbpf
  * lock-util: make global lock return parameter to image_path_lock() optional
  * cgroup-util: add helpers for opening cgroup by id
  * cgroup-setup: add fd-based version of cg_attach()
  * discover-image: export search paths array
  * dissect-image: add dissected_image_close() that closes all references to resources
  * dissect-image: add a new helper that checks if VeritySettings has anything set at all
  * dissect-image: make dissected_image_acquire_metadata() operate within a userns if possible
  * dissect-image: document one more dissected_image_decrypt() error code
  * build-sys: pick up vmlinux.h from running kernel BTF or user
  * nsresourced: add new daemon for granting clients user namespaces and assigning resources to them
  * nsresourced: add client-side helpers around nsresourced APIs
  * mountfsd: add new systemd-mountfsd component
  * dissect-image: add a generic varlink client side for mountfsd
  * dissect-tool: allow systemd-dissect to talk to mountfsd
  * core: implement RootImage= via mountfsd in unprivileged environments
  * nspawn: make nspawn work without privileges
  * test: add integration test for unpriv mountfsd/nsresourced
  * update TODO
  * service: explicitly add comment about donated reference on parameter
  * sd-journal: make sure sd_journal_add_match() also accepts SIZE_MAX as size
  * ndisc: use memzero() where appropriate
  * resolved: dns_name_equal() can fail, handle that reasonably
  * boot: re-align table
  * secure-boot: tighten enrollment logic a bit regarding file sizes
  * update TODO
  * update NEWS
  * creds: update --help text regarding tpm2-absent → null rename
  * units: order repart after systemd-tpm2-setup-early.service
  * journalctl: add missing --help line for --list-namespaces
  * journalctl: show human readable text if no namespace is found
  * journalctl: tighten rules on parsing namespace journal dir suffixes
  * Merge pull request #32236 from poettering/journalctl-list-namespace-followup
  * Merge pull request #32311 from YHNdnzj/write-ellipsis
  * hwdb: update for v256
  * autosuspend: update for v256
  * NEWS: prepare -rc1
  * Merge pull request #32143 from yuwata/magic
  * Merge pull request #32315 from poettering/hwdb-256
  * Merge pull request #32320 from bluca/softreboot_serialize
  * doc: fix .ssh credential examples
  * systemctl: show invocation ID in unit status output
  * Merge pull request #32330 from poettering/status-invocation
  * tpm2-util: import two more symbols from tpm2-tss libraries
  * tpm2: export tpm2_get_name()
  * tpm2-util: rename tpm2_get_pin_auth() → tpm2_auth_value_from_pin()
  * tpm2-util: load external key into NULL hierarchy if private key is provided
  * tpm2-util: add comment explaining what tpm2_define_policy_nv_index() actually does
  * pcrlock: switch access policy for nvindex to store policy in from PolicyAuthValue to PolicySigned (with an HMAC-SHA256 key)
  * tpm2-util: now that we don't use PolicyAuthValue anymore, let's not set an authValue anymore for the policy nvindex
  * pcrlock: generate recovery PINs via make_recovery_key()
  * pcrlock: rework --recovery-pin= to take three different arguments
  * update NEWS
  * ci: update tests to showcase new option a bit
  * Merge pull request #31790 from poettering/pcrlock-policy-fix
  * update TODO
  * man: document the last remaining bits of the hostnamed D-Bus interface
  * man: add separate column for flag value to table
  * man: add explicit column for gpt guid value in table
  * man: correct where we look for auxiliary partitions
  * Merge pull request #31889 from aplanas/fix_pcrlock_stdin
  * Merge pull request #31872 from tfg13/main
  * timedate: handle gracefully if RTC lost time because of power loss
  * detect-virt: detect hyperv-enlightened qemu as qemu, not as hyperv
  * vmspawn: enable hyperv enlightenments
  * vmspawn: add env var that can extend the qemu cmdline
  * sd-id128: add an app-specific flavour of the invocation ID too
  * vmspawn: enable vmgenid for all VMs
  * update TODO
  * update NEWS
  * Merge pull request #31987 from flatcar-hub/krnowak/usr-perm-check
  * tpm2-util: add generic wrapper tpm2_context_new_or_warn() that wrpas tpm2_context_new and logs about errors
  * tpm2-setup-early: order against pcrphase-initrd
  * units: merge two After= lines
  * man: run update-man-rules again
  * man: explicitly say that BindPaths=/BindReadOnlyPaths= opens a new mount
  * journald: bring order of MaxLevelXYZ= setting explanations in sync with listed names
  * man: explicitly document the various systemd.journald.max_level_*= kernel cmdline options
  * man: document explicitly that bind restrictions cannot be escaped by opening a new netns
  * man: document explicitly that LogExtraFields= and LogFilterPatterns= are for system service only for now
  * man: document that StateDirectory= trumps ProtectSystem=strict explicitly
  * man: document missing resolved D-Bus APIs
  * resolved: rename DnssdService.filename field to .path
  * resolved: rename DnssdService "name" field to "id"
  * resolved: tighten the rules a bit on valid DNS-SD service identifiers
  * man: say explicitly that $LESS + $LESSCHARSET have no effect on less invocations by systemd tools
  * man: document that "systemctl set-environment" cannot be used to unset env vars configured via config file
  * man: document that ReadOnlyPaths= doesn't affect ability to connect to AF_UNIX
  * man: be explicit that we don't proxy SO_PEER*, SCM_RIGHTS and co.
  * man: document that IPAccounting= works for system services only
  * update TODO
  * Merge pull request #32399 from poettering/doc-fixes-256
  * Merge pull request #32402 from poettering/tpm2-setup-pcrextend-order
  * Merge pull request #32369 from DaanDeMeyer/serial
  * test: ensure all architecture ids we define definitely fit into .v/ patterns
  * network: add "mac" to alternatives name policy by default
  * network: add .link file to match 80-namespace.network
  * systemctl: add forgotten --message= to --help text
  * systemctl: add forgotten --reboot-argument= to --help text
  * systemctl: add forgotten --after/--before to --help text
  * shutdown: send an sd_notify() message on shutdown with the shutdown reason and boot param
  * systemctl: set reboot argument for most forms of shutdown, not just plain reboots
  * update TODO
  * Merge pull request #32427 from poettering/systemctl-help-missing
  * cryptenroll: default to block device backing /var/ rather than /
  * cryptenroll: use [] in --help text to indicate block device argument is now optional
  * update NEWS
  * exec-invoke: correct dont_close[] size
  * manager: use proper unicode arrow in dump
  * manager: use startswith() return value
  * capability-util: avoid thread_local
  * manager: comprehensively mark manager_dispatch_user_lookup_fd() as static
  * manager: port user lookup fd serialization to serialize_fd_many()
  * manager: split out helper that gets Unit objects with interest in given PidRef
  * manager: also port manager_dispatch_sigchld() to manager_get_units_for_pidref()
  * mount,swap: include ExecStatus output in dump
  * errno-util: consider ENOPROTOOPT another "not supported"
  * varlink: fix varlink_get_peer_pidref() fallback
  * core: fix assertions in manager_dispatch_user_lookup_fd()
  * manager: add socket for receiving handoff timestamps from forked children
  * execute: send handoff timestamps from executor to service manager
  * manager: switch service unit type over to using new handoff timestamping logic
  * socket: hookup handoff timestamps with processes forked off by socket units
  * mount: hook up with handoff timestamps
  * swap: hook up with handoff timestamps
  * execute: make ExecStatus dump more useful by showing passed time
  * update TODO
  * update NEWS
  * Merge pull request #32441 from poettering/rework-handoff-timestamp
  * varlink: make errors returned by verify_unix_socket() systematic
  * update TODO
  * tree-wide: fix type confusion around parsing JSON booleans
  * nspawn, vmspawn, run0: add env var for turning off background tinting
  * cryptenroll: do not combine pcrlock and signed PCR policies in TPM mode
  * cryptenroll: determine TPM enrollment parmaeters only if we actually do TPM enrollments
  * tpm2-util: tweak JSON condition check
  * dlfcn: add macro for exporting dlopen() module names in ELF sections
  * tree-wide: add dlopen ELF notes to all dlopen() deps of ours
  * pidfd: properly detect if libc offers pidfd syscalls and make use of them then
  * varlink: rename vsockCid → vSockCid field
  * machined: return recognizable error when we try to register the same machine name twice
  * curl-glue: catch libcurl attempting to change timeout handler when we destroy a curl context on exit
  * update TODO
  * varlinkctl: when operating in --more mode, fail correcly on Varlink method error
  * cryptenroll: explicitly pick PCR bank if literal PCR binding is off, but signed PCR binding is on
  * tpm2-util: do not serialize tpm2 bank if none is specified
  * tpm2-util: improve compat with older unlocking tools
  * update TODO
  * Merge pull request #32993 from poettering/cryptenroll-no-pcr
  * update TODO
  * blockdev-util: partition block devices never have partition scanning enabled
  * test: add superficial test for partscan test
  * machined: downgrade warning if we cannot drop ref to systemd unit if disconnected from bus
  * generator-setup: use RET_GATHER()
  * exec-util: use the stdio array of safe_fork_full() where appropriate
  * exec-util: make sure to close all fds for invoked generators
  * watchdog: normalize how we name watchdog related calls
  * watchdog: reset last ping timestamp when opening watchdog
  * shutdown: explicitly close watchdog with disarm=false before we destroy watchdog resources
  * main: add comment explaining parameter to watchdog_close
  * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too
  * pcrlock: tweak error messages when we are not looking at a TPM2 event log
  * homed: drop caches harder
  * cryptsetup: unset an unlock path on each unlock retry
  * tpm2-util: tighten rules on the nvindex handle range we allocate from
  * hostnamed: don't allow hostnamed to exit on idle if varlink connections are still ongoing
  * tree-wide: never consider service idle if polkit authentication is still pending
  * sd-bus: add new sd_bus_pending_method_calls() call
  * bus-util: check sd_bus_pending_method_calls() when determining whether a service is idle
  * core: split out smbios type 11 reader into src/shared/smbios11.[ch]
  * analyze: add verb for dumping SMBIOS Type #11 data
  * update TODO
  * bus-util: add env var for disabling exit-on-idle
  * bus-util: add log message when exiting because of idle
  * Merge pull request #32810 from poettering/smbios11-analyze
  * creds-util: fix "weak" vs. "secure" display for tmpfs/noswap backed credentials
  * Merge pull request #33045 from poettering/exit-on-idle-tweaks
  * Merge pull request #33100 from dtardon/crypttab-parse-all
  * json: merge json_dispatch_path() + json_dispatch_absolute_path()
  * libsystemd: turn json.[ch] into a public API
  * man: add brief intro page to new sd-json APIs
  * test: extend JSON test coverage
  * sd-json: rename SD_JSON_SAFE → SD_JSON_STRICT
  * Merge pull request #32628 from poettering/json-public
  * io-util: add new helper fputs_with_newline()
  * pretty-print: make separator line grey
  * varlinkctl: be friendly to later extensions of GetInfo Varlink call
  * varlinkctl: make interface argument to "introspect" optional, and allow more than one
  * varlinkctl: add new list-methods verb
  * test: add test for new varlinkctl features
  * CODING_STYLE: document "reterr_" return parameters
  * Merge pull request #33012 from poettering/varlinkctl-list-methods
  * json: move empty string check from json_parse_file_at() to json_parse_with_source()
  * varlinkctl: add "-q" switch for suppressing varlinkctl output
  * varlinkctl: tell user we are expecting method call parameters on STDIN
  * ci: add superficial --quiet testcase
  * varlinkctl: as convencience to users, accept empty string in place of {} for empty parameter list
  * namespace: rename 'n' to 'n_mount_images'
  * sd-json: make static analyzers shut up
  * cryptsetup: merge two mostly equivalent functions
  * cryptsetup: downgrade log message to warning, when we ignore it
  * socket-util: make return parameter for socket_address_parse_vsock() optional
  * machined: initialize CID of '.host' pseudo-machine to 1 (i.e. the loopback vsock address)
  * varlink-idl: align continuation line character \
  * varlink-idl: include line/column in a parse log msg
  * tpm2-util: make one sd_json_dispatch_field[] table static const
  * Merge pull request #33312 from poettering/cryptsetup-merge-no-token
  * machined: modernize method_create_or_register_machine() return parameter naming
  * machined: prefer pinning clients via pidfd when creating machine, rather than PID
  * machined: use pidref instead of just pid when determining unit of pid when registering machine
  * analyze: show pcrs also in sha384 bank
  * iovec-util: add exported constant empty but valid (i.e. non-NULL) iovec
  * copy: rework how we determine the number of bytes to copy in copy_bytes_full()
  * copy: when a progress callback is provided, never copy more than 1M per iteration
  * copy: increase copy buffer from 16K to 64K
  * utf8: assume tabs are 8 characters wide when written to console
  * nspawn: use parse_boolean_argument() at two places
  * vmspawn: report "systemd-vmspawn" as "service" to machined
  * fileio: add new helper write_base64_file_at() which encodes a binary object into base64 and writes it to a file
  * pcrlock: don't override conf_root parameter for boot_entry_token_ensure()
  * pcrlock: move event_log_reduce_to_safe_pcrs() down a bit
  * string-util: make sure strrepa() doesn't doubly evaluate expressions
  * fs-util: add simple open_mkdir() wrapper
  * creds-util: add common helper for determinign global boot credentials path
  * json: add sd_json_dispatch_double() helper
  * utf8: let utf8_console_width() handle NULL strings somewhat reasonably
  * pretty-print: enable stdio buffering while outputting progress bar
  * machined: use bus_message_read_id128() at one more place
  * varlink: handle NULL varlink server object gracefully in varlink_server_current_connections()
  * json: extend JsonDispatch flags with nullable and refuse-null flags
  * importd: unify setup of bus connectivity in one place
  * random-util: add crypto_random_bytes_allocate_iovec()
  * utf8: export utf8_char_console_width()
  * strv: add new helper strv_rebreak_lines() with a simple line breaking algorithm
  * varlink: add concept for embedding comments into IDL structures
  * varlink: parse comments too
  * creds: add comments to credential encryption/decryption method calls
  * update TODO
  * pretty-print: take console glyph width into account when drawing progress bar
  * logind: tweaklets
  * update TODO
  * tmpfiles: sort needs_purge line list in same order as enum defines them
  * tmpfiles: honour --dry-run when removing directories
  * tmpfiles: insist on at least one configuration file being specified on --purge
  * tmpfiles: move --purge to command section in --help text where it belongs
  * tmpfiles: remove pointless empty line
  * tmpfiles: improve debug logging around O_NOATIME fallback
  * tmpfiles: make --tldr help text symmetric to --cat-config
  * tmpfiles: suffix --replace= properly with = in comment
  * tmpfiles: mention that --create also adjusts files/directories in --help text
  * man: suffix tmpfiles.d with /, as per coding style
  * update TODO
  * sd-json.h: reword SD_JSON_WARNING/SD_JSON_DEBUG comments
  * sd-json: add comment clarifying that _SD_JSON_BUILD* enums are not to be used directly
  * update TODO
  * sd-json: add sd_json_build() wrapper macro that implies SD_JSON_BUILD_OBJECT()
  * tree-wide: port over to new builder apis
  * update TODO
  * varlink: correctly format comments for enums too
  * bootctl: normalize how we report no boot entries found
  * bootctl: add comments to Varlink interface
  * Merge pull request #33407 from poettering/varlink-idl-comment-fix
  * varlink: add helper that validates a qualified Varlink symbol name
  * varlinkctl: add --graceful= option for optionally marking some errors as successes
  * ci: test new --graceful= switch of varlinkctl
  * json: make it easy to serialize our enums to json
  * json: make it easy to dispatch our enums
  * busctl: send BUSERROR= to caller via sd_notify() protocol
  * machined: GC machines during runtime too
  * machined: watch leader PID's lifetime via pidfd
  * Merge pull request #33428 from poettering/graceful-varlinkctl
  * Merge pull request #33425 from poettering/json-enum-easier
  * Merge pull request #33430 from YHNdnzj/buserror-notify
  * cryptsetup: minor coding style tweaks
  * install: collect more install_changes_add() errors
  * install: shorten code a bit
  * varlink: yet another fix around handling of IDL comments
  * json: teach json_build() to serialize dual_timestamp structures reasonably
  * machined: add simple varlink API for listing machines
  * ssh-proxy: add support for connecting to VMs by AF_VSOCK via "machine/…" host specs
  * test: add some superficial integration tests
  * machined: allow unprivileged registration of VMs/containers
  * machined: support allocating a scope for machines if needed via varlink
  * nspawn: machine registration is now available unpriv
  * vmspawn: by default, let machined register a cgroup for VMs
  * units: register vmspawn VMs started via systemd-vmspawn@.service by default with machined
  * update TODO
  * varlink: yet another fix around handling of IDL comments
  * tree-wide: fix type of read() return variable at a couple of places
  * uefi: emphasize a bit that EV_IPL event logs is the past, EV_EVENT_TAG the future
  * uefi: drop ill-placed empty line
  * uefi: drop redundant local variable
  * stub: unify how we combine 'measured' flags
  * stub: fix reporting of dtb measurement
  * Merge pull request #33461 from poettering/boot-measured-flag-rework
  * varlink: add varlink_many_*() helpers that send messages to a set of connections at once
  * import: add generic enum for choosing between tar + raw downloads
  * importd: add simple varlink API
  * importd: allow activation in early boot, and make it socket activatable
  * import: add generator that synthesizes download jobs from kernel cmdline
  * ci: add test for importd varlink interface + import generator
  * update TODO
  * repart: make prefix argument to clear_progress_bar() optional
  * repart: allow reading from char device for CopyBlocks=
  * repart: show progress bar when initializing partition via CopyBlocks=
  * ci: add small test case for /dev/urandom as source for CopyBlocks=
  * Merge pull request #33078 from poettering/import-generator
  * Merge pull request #33003 from poettering/repart-progress
  * macro: move sizeof_field() macro into src/fundamental/
  * macro: also move FOREACH_ARRAY()/FOREACH_ELEMENT() to fundamental
  * macro: move PTR_TO_SIZE() macros to fundamental
  * iovec-util: make "struct iovec" and some helpers also available in EFI mode
  * util: make file_read() 64bit offset safe
  * pe: be more careful when loading PE section list into memory
  * pe: tighten validity checks of DOS and PE headers
  * pe: use more correct section name comparison function
  * efi: introduce PeSectionVector structure, and use it for referencing PE sections
  * stub: split out random seed part out of run()
  * stub: split out code that measures our own PE sections
  * stub: split out code that appends smbios command line
  * stub: split out code that finds the uname among PE sections
  * stub: rework initrd handling around "struct iovec"
  * stub: split out calls that generate sidecar initrds
  * stub: split out code that generates embedded initrds
  * stub: split out code that finds embedded initrds
  * stub: move initialization of kernel iovec to the end, where it's used
  * stub: split out code that sets EFI vars indicating measured PCRs
  * stub: split out call that loads embedded device tree
  * stub: add DevicetreeAddon structure
  * stub: don't make up errors
  * stub: merge separate lists for addon cmdlines/devicetrees into one
  * stub: split out code that loads all addons from disk into function of its own
  * stub: split out code that displays boot splash
  * stub: slightly reorder things
  * stub: normalize error handling when looking for PE sections
  * stub: split out function that determines main cmdline
  * stub: uniformly process "measured" flags
  * stub: reorder things a bit, so that initrds are generated/looked up together
  * stub: reorder variables
  * stub: add helper that turns PE section into char16_t* string
  * stub: turn lookup_name() into shorter and more generic function that turns sectin into char* string
  * stub: rework linux handover to take "struct iovec"
  * measure: normalize error paths
  * efi: share setting of generic efivars between sd-stub/sd-boot
  * Merge pull request #33493 from poettering/stub-refactor
  * varlink: support varlink communication via distinct input/output fds
  * varlink: add new call varlink_connect_fd_pair() helper for two-fd clients
  * varlink: add new call varlink_server_add_connection_pair() for two-fd servers
  * varlink: add helper that adds a connection via stdio to a varlink server
  * hostnamed: if polkit authentication fails for Varlink Describe() call, don't reply to client with an error
  * hostnamed: make sure we can actually properly parse 'allowInteractiveAuthentication' varlink parameter
  * varlink: if $SYSTEMD_VARLINK_LISTEN is set to "-", listen on stdio
  * varlink: add ability to invoke and talk to remote service binary via SSH
  * ci: add simple test for the new "ssh-exec:" varlink logic
  * update TODO
  * update TODO
  * Merge pull request #32560 from poettering/varlink-double-fd
  * Merge pull request #33503 from poettering/hostnamed-polkit-fixes
  * stub: make sure we always mangle the cmdlines we read
  * stub: don't mangle command line if we got it as array
  * stub: move safety check for LoadOptions into if block where we actually use it
  * update TODO
  * update TODO
  * mountpoint-util: make is_name_to_handle_at_fatal_error() an exported API
  * mountpoint-util: add public helper for comparing file handles
  * mountpoint-util: use ERRNO_IS_xyz() at more places
  * mountpoint-util: add new helper name_to_handle_at_try_fid()
  * mountpoint-util: use the FID stuff for detecting the root of mounts
  * mountpoint-util: clarify that EOVERFLOW is visible on nfs4/autofs mounts
  * stat-util: port inode_same_at() to use FID file handle data to determine inode identity
  * test: beef up test case for fid-based equality checks
  * repart: add sections to --help text
  * blockdev-util: add partscan check function that takes an sd_device*
  * util: add generic block device listener helper
  * cryptenroll: add --list-devices switch that shows candidate block devices
  * repart: add --list-devices switch for listing candidate block devices
  * storagetm: add --list-devices command
  * Merge pull request #33553 from poettering/list-devices
  * units: add dep on systemd-logind.service by user@.service
  * Merge pull request #33475 from poettering/name-to-handle-at-fid
  * update TODO
  * efi: split out efivars.[ch] from util.[ch]
  * efivars: change return parameter of efivar_get_raw() to be void**
  * efivars: use appropropriate uint8_t type when dealing with "raw" bytes
  * efi: rename efivar_(set|get)() → efivar_(set|get)_str16()
  * efivars: rename efivar_get_uint_string() → efivar_get_uint64_str16()
  * Merge pull request #33574 from poettering/get-efi-var-raw
  * update TODO
  * efi: add limit on how large files can be we load into memory at once
  * efi: fix mangle_stub_cmdline() for empty strings
  * efi: drop "ret_" prefix from "ret_sections[]" parameter
  * efi: don't non-chalantly drop const from memory buffer
  * boot: indent error code path, but leave main code path unindented
  * boot: split out inner part of config_load_type2_entries()
  * boot: compare auto- prefix case-insensitively
  * measure: drop incomplete support for PCRs != 11
  * ukify: suffix switches that take parameters with = in log output
  * boot: don't set OsIndications field if already set correctly
  * ukify: bring order of EFI sections in man + --help into same order as spec
  * man: drop version info from file hiearchy man page
  * man: mention that distinction between /usr/lib/ and /usr/share/ is really about shared *ownership*
  * man: fully adopt ~/.local/state/
  * Merge pull request #33589 from poettering/file-hiearchy-no-version
  * vmm: make sure we can handle smbios objects without variable part
  * mount-tool: use lowercase table column names
  * mount-tool: add support for a --json= output mode
  * mount-tool: use the usual coloring in --help text
  * mount-tool: show diskseq in --list output
  * update TODO
  * man: some fixes
  * Merge pull request #33660 from poettering/mount-tool-tweaks
  * import-creds: when we hit ENOENT on SMBIOS 11 do not even debug log
  * manager: move is-system check into manager_enable_special_signals()
  * vmspawn: rework how AF_VSOCK/SOCK_STREAM notifications are read
  * vmspawn: get rid of an unnecessary local variable
  * boot: compare filename suffixes without case
  * bootspec: implement sorting by tries left/done, to match what sd-boot does
  * bootspec: correct log level for fatal errors
  * signal-util: use common definitions for ignore + default "struct sigaction"
  * stub: const'ify a few parameters
  * update TODO
  * Merge pull request #33520 from tomcoldrick-ct/coldtom/sysupdate-improvements
  * Merge pull request #33718 from YHNdnzj/machine-id-followup
  * sd-varlink: make our internal Varlink API public as sd-varlink.[ch]
  * libsystemd: use C23 explicit enum types where available
  * sd-json/sd-varlink: downgrade assert() → assert_ret()
  * update TODO
  * Merge pull request #33609 from AdrianVovk/table-json
  * varlink-util: minor tweak
  * main: show different welcome msg in initrd than on the host
  * sd-device: remove debug log message when dirs are missing
  * update TODO
  * ptyfwd: reset color after two tty reset sequences, too
  * vmspawn: make "-n" just work
  * env-util: suppress unnecessary setenv() in setenvf()
  * terminal-util: trivial white space fix
  * terminal-util: refuse a few more unexpected open flags in open_terminal()
  * terminal-util: return correct error in chvt()
  * terminal-util: don't process the same data twice when reading back bg color info
  * terminal-util: turn off echo on stdin, not stdout
  * terminal-util: remember error code from tcsetattr()
  * terminal-util: when querying bg color, ensure input fd and output fd refer to same tty
  * terminal-util: rename set_terminal_cursor_position() → terminal_set_cursor_position()
  * terminal-util: add helper that queries terminal sizes via ANSI sequence
  * terminal-util: add helper that adjust terminal width/height from data acquired via ANSI sequences
  * terminal-util: try to initialize rows/cols via ansi sequence in make_console_stdio()
  * terminal-util: reset /dev/console via ansi seq also in make_console_stdio()
  * terminal-util: unify code that resets /dev/console in common helper
  * terminal-util: add terminal_is_pty_fd() helper
  * terminal-util: add new helper terminal_reset_defensive() that combines reset-by-ioctl and reset-by-sequence reasonably
  * terminal-util: don't issue "ESC c" sequence on reset, but only when erasing the screen
  * terminal-util: remove reset_terminal() as it is unused
  * terminal-util: rename reset_terminal_fd() → terminal_reset_ioctl()
  * terminal-util: don't export terminal_reset_ioctl()/terminal_reset_ansi_seq() anymore
  * terminal-util: modernize terminal_reset_ansi_seq() a bit
  * terminal-util: don't export vt_reset_keyboard() + vt_default_utf8()
  * terminal-util: modernize vt_reset_keyboard() a bit
  * terminal-util: rename return parameters ret_xyz
  * terminal-util: remove terminal_vhangup() because apparently unused
  * terminal-util: split out color macros/helpers into its own header
  * terminal-util: simplify terminal_set_size_fd() a tiny bit
  * terminal-util: move acquire_terminal() and AcquireTerminalFlags back together in header file
  * terminal-util: refactor vt_disallocate()
  * tree-wide: reset stdout not stdin
  * execute: also hook up ansi-seq-based terminal size determination with exec_context_determine_size()
  * exec-invoke: save original stdin/stdout with O_CLOEXEC set
  * exec-invoke: handle errno log message writing in write_confirm_error_fd() like we usually do
  * execute: reorder "destructive" tty reset operations
  * exec-invoke: move terminal initialization a bit
  * units: bring agetty command lines back into sync
  * man: clarify what TTYReset= and TTYVTDisallocate= do and do not do regarding screen clearing
  * terminal-util: move lock_dev_console() here
  * terminal-util: teach resolve_dev_console() to deal correctly with /dev/console being a symlink
  * tree-wide: acquire /dev/console lock around any attempts to reset TTY
  * exec-invoke: user EBADF where appropriate
  * terminal-util: try to avoid reading more from terminal than we need in get_default_background_color()
  * terminal-util: extend timeout on background color request
  * terminal-util: add recognizable error if cols/rows of tty are initially not initialized
  * main: set $COLUMNS/$ROWS for PID 1 based on /dev/console data
  * pid1: use $COLUMNS info in status_vprintf()
  * Merge pull request #33707 from poettering/terminal-size-by-ansi-seq
  * execute: add FIXME comment
  * upate TODO
  * terminal-util: fix isatty_safe() on hung-up TTYs
  * terminal-util: don't assume errno is correctly set when using isatty_safe()
  * tree-wide: use isatty_safe() more
  * man: fix ID_NET_LABEL_ONBOARD= documentation
  * shared: invoke agents only when we have a controlling TTY
  * Merge pull request #34076 from yuwata/polkit-message
  * man: document .membership files that nss-systemd processes
  * core: rename original_ambient_set → saved_ambient_set
  * main: generate warning when we cannot reset caps
  * main: make sure the ambient caps set is valid in case we fail to read it
  * boot: use MAX() where appropriate
  * varlinkctl: output an expressive error message in case invalid method/interface names are specified
  * units: don't set LISTEN_FDNAMES for varlink services explicitly
  * update TODO
  * exec-invoke: remove redundant empty lines
  * vmspawn: fix duplicate logging on oom
  * nspawn: propagate SSH authorized keys when binding user into contaier via --bind-user=
  * user-record: add helper that checks if a user record is root or the nobody user
  * update TODO
  * treewide: use sd_json_variant_un{hex|base64}() pervasively
  * cryptenroll: iovec'ify a few more things
  * cryptenroll: don't return slot 0 when we have no policy to search for
  * crypenroll: make slot wiping on pin change a bit more explicit
  * test: when refusing to run slow tests, mention how to run them
  * efi: return pointer to processed string in strtolower8()/strtolower16()
  * efi: add file_handle_read() helper that reads from a file handle
  * resolved: include Varlink error on inconsistent DNS-SD services in introspection data
  * Merge pull request #34228 from poettering/uki-with-many-prep1
  * Merge pull request #34235 from yuwata/firstboot-systemctl-trivial-cleanups
  * update TODO
  * Merge pull request #34256 from YHNdnzj/pid1-followup
  * hwclock-util: the struct tm parameter is not a pure return parameter, it's also an input parameter
  * time-util: rework localtime_or_gmtime() into localtime_or_gmtime_usec()
  * uki: add new ".profile" PE section type
  * measure: introduce support for a new ".profile" section
  * Merge pull request #34285 from poettering/boot-measure-profile
  * Merge pull request #34279 from yuwata/ask-password
  * user-util: switch from utmp to utmpx
  * tree-wide: drop unnecessary utmp includes
  * test-utmp: replace UT_LINESIZE/UT_NAMESIZE/UT_HOSTSIZE with sizeof_field()
  * tree-wide: use UTMPX_FILE rather than _PATH_UTMPX
  * man: document that sd_bus_message_read_strv() happily spits out empty arrays as NULL
  * Merge pull request #34291 from poettering/utmpx-all-the-way
  * iovec-util: add iovec_append() for appending to an existing iovec
  * cryptenroll/cryptsetup: allow combined signed TPM2 PCR policy + pcrlock policy
  * tpm2-util: introduce tpm2b_sensitive_data_erase_and_esys_freep() destructor
  * NEWS: extend the userdb sshd_config NEWS entry a bit
  * journald: mention the access mode we tried to open /dev/kmsg in
  * ukify: add basic .profile support
  * ukify: add new --extend= switch for importing an existing UKI's sections to later extend
  * ukify: introduce new --measure-base= switch
  * Merge pull request #34177 from poettering/pcrlock-and-signed
  * pcrlock: be more careful when preparing credential name for pcrlock policy
  * Merge pull request #34298 from poettering/pcrlock-cred-fix
  * dm-util: get rid of flex array in middle of structure
  * varlinkctl: add --timeout= switch to tweak time-out behaviour
  * analyze: add section underlining to --help text
  * analyze: add some roughly useful subsections to --help text
  * Merge pull request #34258 from yuwata/nspawn-volatile-u
  * machinectl: suppress redirection notice if --quiet is specified
  * shell: define three system credentials we can propagate into shell prompts and welcome messages
  * meson: tweak meson conditionalization for ssh{d,}_config drop-ins
  * shutdown: teach sync_with_progress() to optionally sync a specific fd only
  * shutdown: replace unbounded fsync() with bounded sync_with_progress()
  * Merge pull request #34330 from poettering/shutdown-async-sync
  * Merge pull request #34328 from poettering/analyze-help-text
  * Merge pull request #34297 from poettering/shell-prompt-extra
  * efi: add free_and_xstrdup16() helper modelled after free_and_strdup() in userspace
  * efi: teach PE parsing support for ".profile" sections
  * stub: add ability to place multiple alternative PE sections of a specific type in the same UKI ("Multi-Profile UKIs")
  * Merge pull request #34294 from poettering/uki-with-many-core
  * boot: only open type2 ukis once when parsing
  * boot: synthesize a separate menu entry from each .profile section
  * boot: don't hardcode drop-in paths at multiple places
  * hwdb: death to tabs!
  * Merge pull request #34339 from poettering/uki-with-many-boot
  * homectl: when chainloading a shell, prefix "-" rather than overriding first char
  * cryptsetup: use the new crypt_token_set_external_path() API if available
  * meson: increase default number of available sections for the stub
  * tmpfiles: add separate fragment for stuff we copy from .extra/ into /run/systemd
  * bootctl: show new sd-boot/sd-stub feature flags
  * man: fix LoaderDevicePathUUID + LoaderImageIdentifier descriptions
  * man: fix documentation for LoaderDevicePathUUID + LoaderImageIdentifier, in systemd-stub man page too
  * stub: tweak setting of common Loader* EFI vars
  * stub: add StubDevicePartUUID/StubImageIdentifier
  * Merge pull request #34348 from poettering/stub-efivar-tweaks
  * Merge pull request #34353 from yuwata/timesync-bus-document
  * tpm2-util: fix whitespace
  * pcrlock: log if we generate an "empty" policy
  * man: fix help text for systemd-creds tool's "list" verb
  * resolved: move resolved_dnssd_gperf_lookup() prototype definition to resolved-dnssd.h
  * resolved: move dnssd parsers to resolved-dnssd.c
  * cryptenroll: don't try to get PCR bank if we know the device key
  * pcrlock: correct --help text regarding recovery pin
  * resolvectl: show DefaultRoute state in per-link DNS staus info too
  * resolved: use unlinkat() where appropriate
  * pcrlock: remove empty components from our list
  * resolved: simplify initialization of DnsScope
  * resolved: use dns_scope_ifindex() at more places
  * resolved: simplify dns_scope_get_n_dns_servers(), don't count each time
  * resolvectl: rename shallow destructors …_done()
  * resolvectl: rework StatusMode handling into a switch/case statement
  * update TODO
  * man: systemd-stub places PCR public key in file 'tpm2-pcr-public-key.pem', stick to that name across the board
  * man: fix advertised filename of the PCR public key
  * pe-binary: add helper pe_is_addon() for detecting whether we are looking at PE EFI add-on
  * pe-binary: split pe_read_section_data() into two
  * pe-binary: split pe_header_find_section() in two
  * pe-binary: add pe_is_native() for checking if PE is native
  * bootspec: process multi-profile UKIs
  * bootspec: automatically filter non-native UKIs and add-ons when enumerating
  * analyze: move "has-tpm2" from systemd-creds to systemd-analyze
  * syscalls: run "ninja update-syscalls-*"
  * seccomp-util: add recently added new syscalls to various seccomp groups, as appropriate
  * Merge pull request #34385 from poettering/man-unify-pcr-key-name
  * Merge pull request #34388 from poettering/syscall-update
  * update TODO
  * man: document that sd_bus_process() only returns otherwise unhandled messages in *ret_message
  * update TODO
  * Merge pull request #32212 from teknoraver/networkd-sysctl
  * basic: split ifname related calls from format-util.h into format-ifname.h
  * networkd: move sysctl code to use PID_FMT
  * catalog: rebreak catalog entry
  * catalog: beef up new sysctl message
  * tree-wide: make sigprocmask() changes more automatic
  * update TODO
  * dns-domain: follow our current variable naming style
  * dns-domain: validate dns domain name max size based on unescaped, not escaped size
  * dns-domain: add test case from #34399
  * Merge pull request #34347 from poettering/uki-with-many-bootctl
  * bootctl: show stub partition data too in "status" too
  * efivars: add helper that reads an fs path from an efi var
  * bootctl: add --print-loader-path + --print-stub-path
  * bootctl: also show current/default/oneshot entry literally in output
  * tmpfiles: introduce an explicit line flag $ for enabling purge logic for a line
  * tmpfiles.d: add $ flag to all lines which are clearly private to our packages, and should be removed on package removal
  * bootctl: show whether a PE file is an addon in 'booctl kernel-identify'
  * coredump: use _cleanup_(iovec_done) where appropriate
  * ci: add testcase for multi-profile UKIs
  * update TODO
  * update TODO
  * man: drop mention of /usr/include/ from file-hierarchy(7) man page
  * man: drop /var/spool/ mention from file-hierarchy(7) man page
  * man: clarify that the defined file hiearchy is just a skeleton
  * man: add a comment that inode type policy might be enforces via an LSM or similar
  * json: add json_dispatch_const_user_group_name()
  * update TODO
  * Revert "Preset user units on first boot as well"
  * linux: import input.h and friends
  * hwdb: make key map match comment for one laptop
  * hwdb: there's KEY_BRIGHTNESS_AUTO these days, hence hook it up where a FIXME suggests that
  * hwdb: use KEY_ROTATE_DISPLAY for various cases of display rotation keys
  * hwbd: use newer KEY_PICKUP_PHONE, KEY_HANGUP_PHONE, KEY_SELECTIVE_SCREENSHOT, KEY_NOTIFICATION_CENTER keycodes where appropriate
  * Merge pull request #34612 from poettering/hwdb-micmutify-subset
  * tree-wide: always do dlopen() with RTLD_NOW + RTLD_NODELETE
  * test: add --more flag when enumerating via List varlink method
  * sd-varlink-idl: add some room for flags everywhere
  * sd-varlink: mark functions that can take 'more' flag in IDL structures with an explicit flag
  * update TODO
  * man: soft deprecate use of ";" for separating multiple command lines in ExecStart=
  * man: drop reference to /bin/ from docs regarding binary search path
  * Merge pull request #34447 from DaanDeMeyer/homectl-firstboot-groups
  * resolved: fix fastopen fallback
  * resolved: use SOCKADDR_LEN() where appropriate
  * fd-util: introduce fd_validate() helper
  * fd-util: use F_DUPFD_QUERY for same_fd()
  * Merge pull request #34556 from ryantimwilson/extra-fds
  * update TODO
  * NEWS: announce the F20/F21/F22/F23 key mangling removal scheduled for v258
  * Merge pull request #34671 from yuwata/memory
  * Merge pull request #34593 from Werkov/deprecate-aux-scopes
  * hwdb: move key 66/65 handling from specific to generic HP laptop coverage
  * Merge pull request #34651 from yuwata/polkit-transient-unit
  * Merge pull request #34656 from yuwata/private-users
  * polkit: introduce common macro for generating polkit allowInteractiveAuth varlink method call IDL field
  * update TODO
  * namespace: rename drop_unused_mounts() → sort_and_drop_unused_mounts()
  * machined: use sd_json_dispatch_uint() when parsing CID
  * man: reword comment a bit regarding ExecStartPre= multiple commands
  * docs: don't mention split-usr path anymore
  * meson: sort includes
  * test: also dump varlink IDL for Machine interface in the test
  * macro: add voffsetof() helper, that operates like offsetof() but on variables
  * varlink-idl: introduce c/.h file for common varlink IDL structures
  * json: add builder/dispatcher for PidRef → JSON and back
  * machined: make List() varlink method return a full pidref JSON object for leader
  * machined: also take new ProcessId structure when registering processes
  * smbios: move validation of SMBIOS table sizes fully into get_smbios_table()
  * smbios: make code more readable by introducing a "limit" pointer
  * seccomp: allowlist uretprobe() syscall
  * Merge pull request #34681 from ikruglov/ikruglov/io-systemd-Machine-post-merge-review
  * Merge pull request #34703 from poettering/pidref-varlink
  * Merge pull request #34718 from poettering/efi-smbios-tweak
  * Merge pull request #34717 from anonymix007/fundamental-boot-changes
  * Merge pull request #34730 from yuwata/boot-efi-follow-ups
  * Merge pull request #34716 from dvdhrm/pr/derand
  * pidref: hookup PID_AUTOMATIC special pid_t value with PidRef
  * machined: port all varlink APIs over to new PidRef serialization
  * sd-json: drop sd_json_dispatch_pid() again, as we prefer json_dispatch_pidref() now
  * Merge pull request #34623 from ikruglov/ikruglov/io-systemd-Machine-Image
  * man: document preference for secure_getenv() in coding style
  * Merge pull request #34723 from poettering/machined-pidref-more
  * network: add AF_TO_ADDRESS_FAMILY() helper
  * sd-varlink: add new sd_varlink_error_is_invalid_parameter() helper
  * userdb: return ESRCH if userdb service refuses a user/group name as invalid
  * Merge pull request #34747 from yuwata/busctl-json-fd
  * Merge pull request #34778 from poettering/userdb-error-tweak
  * fileio: clean up write_string_file() naming
  * shared: modernize drop_in_file() a bit
  * dropin: use WRITE_STRING_FILE_MKDIR_0755 to create drop-in prefix path
  * debug-generator: create prefix dir of generate unit file
  * pidref: add explicit concept of "remote" PidRef
  * json-util: initialize "remote" flag for PidRef when parsing JSON pidref serializations
  * core: move debug logging from _can_live_mount() functions to caller
  * fdset: optionally, close remaining fds asynchronously
  * pid1: close fds we receive via sd_notify() and cannot make use of asynchronously
  * udev: consider serial ports as unconfigured only if both port and iomem_base sysattr is zero
  * Merge pull request #34795 from YHNdnzj/bump-kernel-baseline-5.4
  * Merge pull request #34801 from poettering/async-sd-notify-close
  * update TODO
  * update TODO
  * networkd: raise limits on number of address 8x
  * resolved: add some more comments to varlink interface
  * resolved: refresh resolv.conf files when link goes away
  * dissect-image: uppercase first char of dissect error message systematically
  * dissect-image: generate better log message for EUCLEAN dissect error
  * Merge pull request #34667 from rpigott/resolved-bypass
  * Merge pull request #33398 from AdrianVovk/sysupdate-optional
  * core: modernize askpw handling a bit
  * tty-ask-password-agent: minor modernizations
  * tty-ask-password-agent: support for watching both system-wide and per-user askpw dir
  * ask-password-api: minor modernizations
  * ask-password-api: add support for querying pws from unpriv agents
  * ask-password-tool: add --user/--system flag to systemd-ask-password tool
  * man: update PASSWORD_AGENTS spec, and introduce unpriv pw queries
  * ask-password-api: don't accidentally create a dir, when we don't want one
  * tty-askpw-agent: modernize wall_tty_match() a bit
  * varlinkctl: respect $COLUMNS when rebreaking lines and we are not connected to a TTY
  * Merge pull request #34787 from yuwata/core-ip-address-allow-deny
  * Merge pull request #34403 from poettering/askpw-per-user
  * Merge pull request #30952 from rpigott/resolved-dnr
  * Merge pull request #34761 from ikruglov/ikruglov/io-systemd-Machine-GetAddresses
  * fs-util: remove misplaced RET_NERRNO()
  * fs-util: always go through the unlink cleanup paths in xopenat_full()
  * label: tweak LabelOps post() hook to take "created" boolean
  * fs-util: don't second guess openat_report_new() return values
  * fs-util: always call label post ops in xopenat_full(), in both success and error path
  * fs-util: tweak how openat_report_new() operates when O_CREAT is used on a dangling symlink
  * fileio: port write_string_file() to LabelOps, and thus add WRITE_STRING_FILE_LABEL flag
  * fileio: port write_string_file_full() to openat_report_new()
  * shared: get rid of fileio-label.[ch]
  * label: add missing assert() to label_ops_set()
  * label: move label_ops_reset() up a bit
  * fs-util: move attempts counter in openat_report_new() into loop
  * Merge pull request #34848 from yuwata/network-dhcpv6-do-not-request-ia-pd-on-info-req
  * logind: add CanIdle + CanLock dbus properties to session object
  * logind: use RET_GATHER() at one more place
  * logind: also check session class in session_get_idle_hint()
  * dns-packet: refuse reading overlong DNS names from packets
  * dns-domain: tweak hash table comparison function for DNS names
  * resolved: when adding names to packet fails, remove them from label compression hash table again
  * resolved: explicitly refuse adding invalid DNS names to DNS packets
  * resolved: add test case from #33671
  * Merge pull request #34861 from poettering/can-idle
  * Merge pull request #34850 from poettering/openat-report-new-tweaks
  * update TODO
  * userdbctl: add some basic client-side filtering
  * userdbctl: optionally hide UID range boundaries in output
  * userdbctl: grey out nologin shell in tabular output
  * userdbctl: set shell/home cell type to TABLE_PATH
  * user-record: fix indentation
  * ci: give new userdbctl some CI exposure
  * user-util: tighten shell validation a tiny bit
  * Merge pull request #34875 from poettering/userdbctl-filter
  * core: make sure that if PAMName= is set we always do the full user changing even if no user is specified explicitly
  * test: add quick test to verify the PAM stack really ran in all run0 modes of operation
  * Merge pull request #34880 from poettering/change-user-on-pam-always
  * Merge pull request #34877 from aafeijoo-suse/veritysetup-fixes
  * update TODO
  * tree-wide: use isatty_safe() everywhere
  * run0: add options to force allocation of PTY or of pipe use
  * ci: add some basic testing of the new --pty and --pipe switches
  * Merge pull request #34891 from poettering/run0-pty
  * run0: optionally show superhero emoji on each shell prompt
  * run: tweak how we name our transient units
  * run: prefix unit description with our own process name
  * run: drop "-" prefix from command line when generating unit description
  * update TODO
  * run: reconnect if our dbus connection is terminated
  * test: add brief testcase for systemd-run disconnect handling
  * update NEWS for v257
  * man: fix return parameter type of sd_device_get_device_id()
  * Merge pull request #34391 from poettering/dns-long-label-fix
  * sysusers: add new ! line flag for creating fully locked accounts
  * sysusers.d: lock all system users defined by us
  * test: test new 'u' sysusers.d lines
  * udevadm: automatically anable JSON-SEQ in case JSON is used for "udevadm info -a"
  * progress-bar: issue Windows Terminal progress indicating ANSI sequences
  * meson.build: do not mark test-progress-bar as manual
  * busctl: fix timeout calculation for "busctl monitor"
  * busctl: rename --num-matches= → --limit-messages=
  * busctl: if --timeout= or --limit-messages= are specified with no argument, reset to defaults.
  * busctl: add a testcase that definitely causes the timeout to trigger
  * busctl: add the usual section highlighting to our --help texts
  * mkosi: update fedora commit reference
  * progress-bar: issue Windows Terminal progress indicating ANSI sequences (#34929)
  * busctl: minor tweak to help text for --limit-messages=
  * pretty-print: rename draw_progress_bar_impl()→draw_progress_bar_unbuffered()
  * pretty-print: add format-string version of draw_progress_bar()
  * network: add missing else in dhcp_lease_load (#34927)
  * core/service: support sd_notify() MAINPIDFD=1 and MAINPIDFDID= (#34932)
  * update TODO
  * update NEWS
  * docs: Update instructions for building distribution packages in HACKING.md (#34941)
  * core: add EXEC_DIRECTORY_TYPE_SHALL_CHOWN() helper
  * Fix display of qrcodes by bsod and other related cleanups (#34914)
  * terminal-util: various minor modernizations
  * terminal-util: add pty_open_peer() helper
  * run: port over to new pty_open_peer() call
  * machined: port to pty_open_peer_racefree()
  * sd-json: don't use C99 bool in public headers
  * sd-varlink: if we reply to errors without passing to callback, go through regular error path
  * sd-varlink: don't show error code we already decoded as part of the log message
  * sd-varlink: add helper VARLINK_STATE_WANTS_REPLY()
  * sd-varlink: change sd_varlink_error() to always return an error
  * string-util: it's called OSC sequence, not CSO sequence
  * tree-wide: prefer generating 0x1B 0x5C as ANSI sequence "ST"
  * ptyfwd: document why we only honour two of the three kinds of ST
  * terminal-util: define ANSI_OSC as macro for the OSC terminal sequence prefix
  * string-util: also check for 0x1b 0x5c ST when stripping ANSI from strings
  * sd-json: don't accidentally convert between unsigned/signed when parsing signal
  * machine: several follow-ups for recent change (#34882)
  * logind/systemctl: one follow-up for DesignatedMaintenanceWindow (#34966)
  * Drop trailing NUL in .sbat/.sdmagic sections (#34950)
  * update TODO
  * coredump: rename pid → leader_pid
  * coredump: minor modernizations
  * coredump: correct debug log message
  * coredump: rework protocol between coredump pattern handler and processing service
  * coredump: acquire some process fields via pidref
  * coredump: rename save_context() → context_parse_iovw()
  * coredump: parse signal number at the same time as parsing other fields
  * coredump: parse rlimit field at same place as other fields
  * coredump: move to _cleanup_ for destroying iovw object
  * iovw: add simpler iovw_done() destructor
  * iovw: normalize destructors
  * coredump: use memory_startswith() when looking at a data blob
  * coredump: make check that all argv[] meta data fields are passed strict
  * coredump: rework protocol between coredump pattern handler and processing service (#34970)
  * coredump: lock down EnterNamespace= mount even more
  * coredump: rename gather_pid_mount_tree_fd() → acquire_pid_mount_tree_fd()
  * update NEWS
  * man: <strong> is not a valid docbook tag, but <emphasis> is
  * hwdb: import newest autosuspend rules from chromeos
  * update hwdb
  * core/service: don't propagate stop jobs if RestartMode=direct (#34768)
  * update TODO
  * sd-daemon: clean up env var unsetting
  * sd-daemon: drop some redundant 'else'
  * sd-daemon: count array elements in size_t
  * json-util: generalize json_dispatch_ifindex()
  * tree-wide: port things over to new json_dispatch_ifindex()
  * sd-daemon: add fd array size safety check to sd_notify_with_fds()
  * update NEWS
  * json: add json_dispatch_ifindex() helper (#34982)
  * run: handle gracefully if we can't find binary client-side due to perms
  * man: document the timeout applied to /usr/lib/systemd/system-shutdown/ drop-in binaries
  * man: don't claim SELinuxContext= only worked in the system service manager
  * man: highlight the privilege issues around the LogControl1 more
  * man: document that PrivateTmp= is unaffected by ProtectSystem=strict
  * man: document that .path units don't care for hidden files
  * man: tone down claims on processes having exited already in ExecStop=
  * man: add brief entrypoint man page for sd-varlink
  * man: point people from sd-bus man page to busctl
  * man: link up D-Bus API docs from daemon man pages
  * man: convert multiple left-over "See Also" sections to <simplelist>
  * Various man page updates (#35032)
  * UKI: Introduce `.dtbauto` sections (#34855)
  * NEWS: various cleanups
  * NEWS: various cleanups
  * update TODO
  * sd-varlink: allow that method handles call sd_varlink_close()
  * fs-util: add comment about XO_NOCOW
  * update TODO
  * uid-classification: properly classify *all* container UIDs
  * Introduce systemd-keyutil to do various key/certificate operations (#35095)
  * mountfsd: drop unused variable
  * dissect-image: remove dead code
  * mntwork: shorten code
  * nspawn: fix indentation of run_container() parameter list
  * audit-util: return -ENODATA from audit_{session|loginuid}_from_pid() if invoked in a container
  * audit-util: modernize use_audit() a bit
  * process-util: more gracefully handle oom adjust parsing/setting
  * tree-wide: remove some dead code (#35137)
  * dbus-manager: add missing word 'unit' to PK message
  * run0: when changing privileges to non-root, do not show superhero emoji
  * efi: don't log if EFI RNG isn't ready
  * pe: remove unnecessary log message about DT/HWID
  * pe: use PE_SECTION_VECTOR_IS_SET() macro where appropriate
  * ptyfwd: ellipsize overly long window titles
  * namespace-util: pin pid via pidfd during namespace_open()
  * boot: explain the 4G quirks we apply to initrd memory allocations
  * pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else
  * nspawn: --private-users-ownership= value is called 'chown', not 'own'
  * boot: make .hwids PE section more flexible to cover more than DT one day
  * update TODO
  * systemctl: grey out tasks limit the same way we grey out the fd store limit in the output
  * vmspawn: enable memory pressure logic for vmspawn
  * user-record: only synthesize default list of self-modifiable fields for *regular* users
  * user-record: distinguish explicit and implicit empty modifiable lists case
  * update TODO
  * user-record: don't synthesize default list of self-modfiable fields for non-regular users. (#35133)
  * killall: gracefully handle processes inserted into containers via nsenter -a
  * man: add enrollment type sections to cryptenroll man page
  * cryptenroll: it's called PKCS#11, not PKCS11
  * userbdctl: show 'mapped' user range only inside of userns
  * userdbctl: fix counting
  * userdbctl: respect selected disposition also when showing gid boundaries
  * userdbctl: two trivial fixlets (#35296)
  * varlink: apparently on old kernels SO_PEERPIDFD returns EINVAL
  * namespace-util: add generic namespace_is_init() call
  * virt: make use of ns inode check in running_in_userns() and running_in_cgroupns() too
  * test-namespace: tweak log message a bit
  * nspawn: fix userns_mkdir() invocation
  * nspawn: improve log message on bad incoming sd_notify() message
  * sd-varlink: fix bug when enqueuing messages with fds asynchronously
  * Update TODO
  * man: split systemd.conf(5) into multiple sections
  * nspawn: don't try to unregister a machine we never registered
  * tests: fix access mode of root inode of throw-away container images
  * nspawn: improve error message when we cannot look into a container tree due to perms
  * service: don't second guess invocation mode again
  * sysext: coding style fixes & fix a memory leak
  * nspawn: make sure --private-users-ownership=no and =off work the same way
  * systemctl: use correct runtime scope
  * tree-wide: fd_get_path() already understands AT_FDCWD natively
  * discover-image: extend r/o check on images via path
  * analyze: tab fix
  * analyze: add missing --mask option to --help text
  * string-util: split out EOT check in strip_tab_ansi()
  * pretty-print: don't use OSC 8 for incompatible URLs
  * net_id: depending on new udev prop, include/exclude PCI domain from netif names
  * hwdb: disable inclusion of the PCI domain in MANA network interface naming
  * virt: dont check for cgroupns anymore
  * virt: drop userns detection heuristic
  * condition: add new ConditionKernelModuleLoaded=
  * sd-varlink: properly export sd_varlink_reset_fds()
  * analyze: tab fix
  * analyze: add missing --mask option to --help text
  * log: raise log level to LOG_DEBUG if $DEBUG_INVOCATION=1 is set
  * update TODO
  * ptyfwd: fix OSC sequence termination handling (#35640)
  * terminal-util: temporarily turn on nonblocking mode when waiting for ANSI seq responses
  * networkd: show wireguard private key read error number
  * update TODO
  * chattr-util: move O_PATH conversion from read_attr_at() to read_attr_fd()
  * btrfs-util: make sure btrfs_subvol_get_info_fd() works on O_PATH fds
  * discover-image: make sure quota logic works on O_PATH fds
  * discover-image: modernize image discovery around O_PATH
  * tree-wide: remove support for kernels lacking ambient caps
  * discover-image: modernize image discovery around O_PATH (#35513)
  * pam_systemd: normalize parsing of XDG_VTNR
  * pam_systemd: drop "pid" field from SessionContext
  * pam_systemd: drop "uid" field from SessionContext
  * pam_systemd: split out setting of shell env vars from credentials and move it later
  * pam_systemd: split pam_sm_open_session() into more digestable blocks
  * pam_systemd: fix error code confusion when prepping D-Bus message
  * pam_systemd: introduce pam_get_data_many() helper and make use of it
  * tree-wide: drop acquire_data_fd_full() helper
  * memfd-util: simplify memfd_new_and_seal()
  * memfd-util: short memfd_clone_fd()
  * serialize: drop memfd fallback when serializing
  * sd-journal: drop memfd fallback
  * memfd-util: use TASK_COMM_LEN at one more place
  * memfd-util: explain what memfd_create_wrapper() is for in a comment
  * memfd-util: introduce memfd_new_full() helper
  * serialize: add explicit calls for finishing serialization
  * memfd-util: trivial modernizations
  * pid1: drop check that ensures /run/ has plenty space before reexec/reload
  * fuzz-journal-remote: use memfd_new_and_seal() where appropriate
  * doc: document new baseline requires memfd_create()
  * update TODO
  * capability-util: generalize helper to acquire local caps
  * capability-util: introduce capability_is_set() helper
  * journald: get rid of get_process_capeff(), use pidref_get_capability() instead
  * remove fallbacks for memfd-less kernels (#35605)
  * pam_systemd: some refactorings and bugfixes (#35178)
  * confext/sysext: add initrd-specific units (#35426)
  * tree-wide: use pidref_is_self() at more places
  * analyze: add verb for showing system's CHIDs
  * analyze: drop conditioning of --no-legend and --json= on specific verbs
  * networkd-sysctl: tweak error handling and log level a bit (#35673)
  * networkd: show wireguard private key read error number
  * nspawn: use DEVNUM_FORMAT_STR/DEVNUM_FORMAT_VAL more
  * nspawn: rename 'fd' variable to something more descriptive
  * nspawn: make unexpected mkdir() failures fatal
  * nspawn: add some additional useful debug logging
  * nspawn: rename pin_fully_visible_fs() → pin_fully_visible_api_fs()
  * nspawn: trivial improvements
  * mount-util: add debug output when we switched root
  * mount-util: add debug message to make_userns() failure
  * nsresource: print nicer error message when trying to acquire an unpriv user ns range where this isn't possible
  * nspawn: switch to read_virtual_file() for reading audit loginuid
  * [RFC] better naming for Azure MANA network devices (#34255)
  * core/device: handle ID_PROCESSING udev property (#35351)
  * pid1: normalize oom error handling a bit
  * sd-path: don't chop off trailing slash in sd_path apis, when user provided them
  * systemd-path: order all listed paths by their ID alphabetically
  * systemd-path: guarantee that tool exit status is zero on success
  * systemd-path: add the usual ANSI sequences to --help text
  * sd-path: expose credential store in sd-path
  * execute: introduce a user-scoped credstore
  * pid1: add support for decrypting per-user credentials
  * test: add integration test that makes sure unpriv creds work correctly
  * man: document the new per-use credstore paths
  * update TODO
  * discover-image: introduce per-user image directories
  * update TODO
  * chid-fundamental: not all SMBIOS fields are available on all systems
  * chid-fundamental: make namespace GUID static, too
  * chid-fundamental: use right type to iterate through smbios fields
  * chid-fundamental: rework bit checking to use FLAGS_SET()
  * analyze: not all smbios fields are always defined, deal with that
  * analyze-chid: show friendly smbios field names
  * chid: add missing CHID type definitions
  * analyze: C escape weird chars in SMBIOS fields
  * analyze-chid: split out code that reads smbios into helper
  * analyze-chid: fully support all CHID types
  * analyze: extend CHID support to more types (#35699)
  * pid1: complete per-user credentials support (#35536)
  * image-discovery: add per-user scope (#35510)
  * sd-varlink: expose api to get input/output fd separately
  * pcrextend: split out varlink server setup into its own function
  * ask-password-agent: optionally read pw to reply from env var
  * ask-password-agent: send READY=1 when we established inotify watch
  * ask-password-api: move 'flag_file' from function parameter into AskPasswordRequest structure
  * ask-password-api: move tty_fd into AskPasswordRequest structure, too
  * ask-password-api: move timeout into AskPasswordRequest structure too
  * ask-password-api: add new "hup_fd" field to AskPasswordReq
  * ask-password: add Varlink API for querying passwords from the user
  * ask-password: add comment with well-known errors from ask_password_auto()
  * test: add CI test validating the new varlink interface and more
  * core/socket: several fixlets (#35637)
  * ask-password: add varlink IPC interface and various other additions and fixes (#35074)
  * debug-generator: rework from post-merge review #35410 (#35696)
  * dissect: show all kinds of images in --discover
  * dissect: add a bit of color to --discover table
  * dissect: employ vpick also if we operate on a directory-based image
  * nspawn: drop some redundant {}
  * nspawn: improve log messages a bit
  * tpm2-util: drop ret_x prefix from two arguments that are not just return but also input params
  * tpm2-util: optionally do wildcard hash check in tpm2_pcr_values_to_mask()
  * tpm2-util: refuse hash algorithm/value specification when we only parse a mask
  * update TODO
  * update TODO
  * hwdb: f20 → micmute
  * hwdb: f21 → touchpad_toggle
  * hwdb: f22 → touchpad_on
  * hwdb: f23 → touchpad_off
  * hwdb: drop some now redundant mappings
  * udev: split udev_manager_init() and udev_manager_main() into small pieces (#35735)
  * nspawn: rework userns_mkdir() around chase()
  * fs-util: teach xopenat_full() to pick automatically if given as MODE_INVALID
  * hwdb: replace f20 by micmute in mm kbd database (#34325)
  * sd-json: add json_dispatch_const_path() helper
  * dissect: minor simplifications
  * dissect-image: rename ReplyParameters → MountImageReplyParameters
  * terminal-util: modernize vtnr_from_tty() a bit
  * nspawn: move uid shift/chown() code into shared/
  * sd-varlink: add flag for sd_varlink_server for creating connections with fd passing enabled
  * socket-util: introduce getpeerpidref()
  * cgroup-util: add pidref counterparts for cg_pid_get_session() + cg_pid_get_owner_uid()
  * sd-login: make use of getpeerpidref() and cg_pidref_get_*()
  * cgroup-util: add remoteness checks to all cg_pidref_get_xyz() calls
  * mountfsd,networkd,nsresourced: port over to new fd passing varlink server flags
  * more pidref'ification (#35839)
  * basic: port various pidfd/pidref helpers to PIDFD_GET_INFO and PIDFD_GET_*_NAMESPACE (#35242)
  * fs-util: add XO_REGULAR flag for xopenat()
  * machine: transition back to host mount ns before copying files from/to container
  * machine: switch to using cleanup handling for child process cleanup
  * copy: port things over to XO_REGULAR
  * update TODO
  * process-util: a process from a foreign pidns is definitely not our child
  * pretty-print: drop extra ';' from progress reporting end sequence
  * xopenat(): introduce new XO_REGULAR flag (#35834)
  * udev: introduce io.systemd.Udev varlink interface (#35721)
  * namespace-util: return recognizable error if namespace_open_by_type() fails because ns type not supported
  * namespace-util: slightly tweak proc_mounted() handling in namespace_is_init()
  * namespace-util: add helper to get base UID from userns
  * namespace-util: add process_is_owned_by_uid() helper
  * namespace-util: two new operations (#35833)
  * logind: normalize parameter to create_session()
  * logind: split out logic that finds free session ID into helper call
  * logind: indicate that 'error' parameter is input by making it const
  * logind: also potentially GC the session if we cannot send reply
  * pidref: copy fd id in pidref_copy() too
  * pidref: drop support for kernels lacking waitid(P_PIDFD, …)
  * Simple pam_systemd clean-ups (#35919)
  * userns: refuse empty userns names
  * nsresourced: add ability to mangle specified name if necessary
  * test: make sure the userns long name mangling codepaths are tested
  * pid1: allow moving processes in a userns owned by the user, too
  * pid1: add D-Bus API for removing delegated subcgroups
  * cgroup: when we fail to clean up a cgroup, let's ask PID 1 for help
  * test: add testcase that verifies we can safely delete subcgroups owned by other users if we own the parent
  * pid1: allow removal of foreign-owned subcgroups of cgroups owned by some user (#35922)
  * nsresource: optionally mangle userns names passed to nsresourced (#35900)
  * udev/net: add three settings for ethtool features (#35906)
  * user-classification: add new "foreign" UID range
  * userdb: synthesize stub user records for the foreign UID
  * dissect: add new --shift command
  * update TODO
  * hwids: add a new efi firmware type of device entry (#35747)
  * pam: add session class "none" to disable logind sessions (#35171)
  * Stash the subscriber list when we disconenct from the bus (#35406)
  * update TODO
  * update TODO
  * repart: modernize set_gpt_flags()
  * process-util: do not unblock unrelated signals while forking
  * userdb: define new 64K "foreign UID" range (#35932)
  * logind: rework session creation logic, to be more reusable for varlink codepaths
  * logind: split create session reply handling in two
  * sd-json: make it safe to call sd_json_dispatch_full() with a NULL table
  * varlink: tweak what we include in "system error" messages
  * test-varlink: add superficial test that validates varlink/errno translation both ways
  * terminal-util: pidref'ify two terminal related calls
  * tree-wide: port more code to namespace_open_by_type()
  * process-util: add new helper pidref_get_ppid_as_pidref()
  * coredump: acquire further attributes via pidref rather than pid
  * coredump: port to pidref_namespace_open()
  * process-util: make pidref_safe_fork_full() work with FORK_WAIT
  * namespace-util: port namespace_get_leader() to PidRef
  * pam_systemd: two refactorings (#35924)
  * varlink: send linux errno name along with errno number in generic system error replies (#35912)
  * machine: follow ups for varlink PRs recently merged (#35940)
  * convert more code to PidRef (#35895)
  * sysusers: rework --help to do sections, and ANSI highlighting
  * sysusers: modernize loading of user/group databases
  * sysusers: add missing assert()
  * sysusers: use chase_and_stat() where appropriate
  * tmpfiles: move two commands to the right --help sections
  * lsm: improve logging about absence of lsm-bpf
  * update TODO
  * sysusers: some tweaks, mostly around chase() use (#35976)
  * core: serialize API bus id and validate before deserializing bus tracks, plus several other bus util cleanups (#35970)
  * NEWS: mention mesg y/n
  * update TODO
  * update TODO
  * terminal-util: drop support for pre-TIOCGPTPEER kernels
  * bus-wait-for-jobs: fix service result table
  * man: also fix documentation of start-limit-hit
  * string-util: make strjoin() just a special case of strextend()
  * string-util: add a mechanism for strextend_with_separator() for specifying "ignore" arguments
  * logind: add basic Varlink API
  * pam-systemd: talk to logind via varlink
  * bus-wait-for-jobs: fix table of service result codes (#35992)
  * missing: add quotactl_fd() wrapper
  * user-record-show: use word 'show' not 'dump' for helper call
  * string-util: make strjoin() just a special case of strextend() (#36011)
  * nspawn: trivial scope reduction
  * machine: introduce io.systemd.MachineImage.SetPoolLimit (#35953)
  * logind: register PAM sessions via Varlink instead of D-Bus (#35264)
  * pam-systemd: downgrade log message we handle gracefully to LOG_WARNING as per coding style
  * logind: introduce macro for the last session class condition check
  * logind: introduce "user-light" session class
  * run: fire sd_notify("READY=1") when in service mode and the unit is properly started
  * run0: allow explicit control of service manager activation for run0 sessions
  * logind: improve log message we generate when a user logs in
  * userdb: optionally parse numeric UIDs/GIDs where a username is expected
  * pam-systemd: introduce "user-light" session type, and make "background-light" the default for system users (#35987)
  * pid1: add GracefulOptions= setting to .mount units
  * pty_open_peer() follow-up (#36027)
  * pid1: add GracefulOptions= setting to .mount units (#36023)
  * meson: enable -Wzero-as-null-pointer-constant (#36028)
  * namespace-util: don't reset UID/GIDs in namespace_enter() unless we enter a userns
  * tree-wide: drop support for kernels without pidfd_open() and pidfd_send_signal() (#35971)
  * pidref: various shortcuts to pidref_equal()
  * process-util: introduce new FORK_FREEZE flag for safe_fork()
  * test-process-util: don't run rest of test suite in forked off child
  * process-util: port pid_from_same_root_fs() to pidref, and port three places over to it
  * process-util: slightly update comment in freeze()
  * process-util: port pid_from_same_root_fs() to pidref + more (#35975)
  * fundamental: unify gcc warning pragmas at one place
  * nss-systemd: work around -Werror=zero-as-null-pointer-constant issue with PTHREAD_MUTEX_INITIALIZER
  * update TODO
  * Two readme tweaks (#36053)
  * tree-wide: switch various uses of mkdtemp() over to mkdtemp_malloc()
  * nspawn: assorted coding style fixes
  * hexdump: if size is SIZE_MAX, use strlen()
  * escape: make 'bad' parameter optional
  * pid1: when a password is requested during PAMName= processing, query it via the ask-password logic
  * pid1: enable usrquota support on /dev/shm
  * units: enable usrquota support on /tmp/
  * nspawn: enable usrquota support on /tmp/ and /dev/shm/
  * json-util: fine tune json_dispatch_log_level()
  * varlink: rely on sd_varlink_dispatch() for validating zero-argument method calls, too
  * varlink: drop redundant check
  * varlink: tweak introspection description for Reload()
  * varlink: add generic GetEnvironment() call to the Varlink "service" interface
  * tree-wide: implement generic io.systemd.service Varlink interface in all long-running services
  * test: add superficial test for generic per-service varlink API
  * tree-wide: use log_level_is_valid() more
  * mount-util: introduce umountat_detach_verbose()
  * chase: allow using chase() as mkdir_p() replacement
  * chase: use streq() not path_equal() to compare filenames
  * machine-id-setup: rearrange --help to match how we do them these days
  * machine-id-setup: do sync() stuff only when operating on the real rootfs
  * machine-id-setup: rework --commit based on chase()
  * machine-id-setup: remove unnecessary 'else'
  * machine-id-setup: rework writing of /etc/machine-id around chase()
  * chase: introduce flags that verify that chased inode is regular file or dir
  * chase: move appending of trailing slash out of loop
  * update TODO
  * udev-rules: introduce OPTIONS="dump" (#36069)
  * tree-wide: several follow-ups for varlink methods (#36080)
  * udev: cleanups around sd_listen_fds() (#36030)
  * cryptsetup and friends: use dispatch_verb() (#36072)
  * machine-id-setup: move code to use chase() (#35979)
  * build: fail the build if we accidentally drop a "const" qualifier on a parameter
  * pidfd-util: dont open a new pidfd unnecessarily in pidfd_check_pidfs()
  * pidfd-util: add helper for getting our own pidfdid
  * pidref: now that we have the cached pidfdid of our own process, use it
  * random-util: include pidfdid in fallback RNG buffer
  * pid1: pass pidfdids to invoked services in $MAINPIDFDID and $MANAGERPIDFDID
  * notify: add support for MANAGERPIDFDID
  * update TODO
  * udev: allow to enable trace logging in systemd-udevd (#36070)
  * strv: add strv_equal_ignore_order() helper
  * pam: minor coding style tweaks
  * user-record: add helper that checks if a provided user name matches a record
  * user-record: add support for alias user names to user record
  * pam_systemd_home: use right field name in error message
  * pam_systemd_home: support login with alias names + user names with realms
  * homed: support user record aliases
  * homectl: add support for creating users with alias names
  * test: add test for homed alias and realm user resolution
  * update TODO
  * user-record/home: add concept of alias names for accounts (#36041)
  * tree-wide: always include our own headers with "" rather than <>
  * varlink: fix error name
  * update TODO
  * mountpoint-util: several tweaks for fd_is_mount_point(), drop support for kernels without /proc/pid/fdinfo/ (#36093)
  * userdbctl: don't expect argument to --fuzzy
  * userdb: reset errno before getpwent()
  * xattr-util: use at_flags_normalize_nofollow() at one more place
  * fs-util: also add an at_flags_normalize_follow() helper
  * fs-util: at_flags_normalize_nofollow() follow-up (#36116)
  * userdb: two small fixes (#36115)
  * machine-id-setup: actually unlink /run/machine-id if write/mount fails (#36105)
  * userdb: add comments to userdb varlink IDL
  * units: add a longer comment to modprobe@.service explaining when to use it
  * units: mountfsd needs to pull DM and loop kmods
  * units: don't load squasfs/erofs kmods explicitly
  * units: modprobe@.service tweaks (#36132)
  * docs: mention the two other userdb services we ship these days
  * sd-json: add new sd_json_variant_unset_field() call
  * sd-varlink: add sd_varlink_get_description() call
  * userdbd: separate parameter structure of GetMemberships() varlink call from the GetUserRecord() one
  * userdb: move setting of 'service' varlink parameter into userdb_connect()
  * user-record: make a NULL UserDBMatch be equivalent to no filtering
  * mntfsd: add api to mount dirs for containers
  * dissect-image: add client side API wrapper for MountDirectory() varlink call
  * nspawn: allow to run unpriv from dir
  * nspawn: support foreign mappings also when nspawn doing the mapping itself
  * nspawn: add support for 'managed' userns mode even when we run privileged
  * man: document new nspawn functionality around unpriv support
  * test: test comprehensive tests for new (and old) nspawn userns modes
  * update TODO
  * devnum-util: add macros to safely convert dev_t to pointers and back
  * user-record: add fields for setting limits on /tmp/ and /dev/shm/
  * user-runtime-dir: some smaller modernizations/refactorings
  * user-runtime-dir: enforce /tmp/ and /dev/shm/ quota
  * homectl: add support for configuring tmpfs limits
  * test: add test case for tmpfs quota logic + PAMName= ask-password logic
  * update TODO
  * sd-varlink/sd-json: add two new API calls (#36137)
  * Three minor refactorings for userdb code (#36141)
  * nspawn: support unpriv directory-tree containers (#35685)
  * Enforce per-user quota on /tmp/ and /dev/shm/ as user logs in (#36010)
  * man: add some sections to homectl man page
  * homectl: move --umask=/--access-mode= help/man sections
  * homectl: minor man page improvements (#36148)
  * homed: when setting up an idmapping map foreign UID range on itself
  * process-util: do not unblock unrelated signals while forking
  * bus-wait-for-jobs: fix service result table
  * man: also fix documentation of start-limit-hit
  * varlink: fix error name
  * user-record: add helper for dispatching a disposition mask
  * user-record: rename USER_DISPOSITION_MASK_MAX → USER_DISPOSITION_MASK_ALL
  * user-record: add some helpers for working with UserDBMatch
  * varlink: add new calls for server-side user record filtering to varlink IDL + to spec
  * userdb: move UserDBMatch handling from userdbctl into generic userdb code to allow it to be done server side
  * userdbd: implement server side filtering in the Multiplexer API
  * homectl: port has_regular_user() + acquire_group_list() to use server-side filtering
  * update TODO
  * tty-ask-password-agent: use free_and_strdup_warn() for arg_device (#36198)
  * bootctl: move print block device path calls to command section of its own
  * update TODO
  * userdb: move filter of user/group records to the varlink server side (#36133)
  * docs: fix plural form
  * cryptenroll/repart/creds: no longer default to binding against literal PCR 7
  * cryptenroll,repart: print a log message if no access restrictions are applied to TPM-based encryption
  * update TODO
  * update TODO
  * update TODO
  * exec-invoke: respect $HOME set via PAM
  * json-util: add generic json_dispatch_filename() dispatch helper
  * user-record: add new 'default_area' field, but don't hook it up yet
  * pam: introduce multiple per-user "areas", i.e. "sub-home-directories" of sorts
  * run0: add explicit support for opening sessions in specific areas
  * homectl: make default area configurable
  * docs: document the new area functionality
  * test: add some basic area tests
  * homed: introduce "area" concept (i.e. secondary home directories stored below the primary one, of which one can pick one at login) (#36149)
  * udev/net: add support for configuring EEE feature (#36302)
  * import: update to current fedora keyring
  * userdbctl: don't expect argument to --fuzzy
  * userdb: reset errno before getpwent()
  * update TODO
  * import-generator: fix copy/paste issue
  * bootctl: improve output regarding random seed if we cannot access ESP
  * network: mark container/VM/namespace networks as not required for online + disable DHCP lease persistency
  * bootctl: fix potential uninitialized memory access
  * bootctl: also shown whether stub loader partition data was passed
  * bootctl: suppress output of empty partition info if we also have no idea about EFI binary path
  * bootctl: minor reordering of fields in output
  * update TODO
  * bootctl,kernel-install: suffix some paths referring to dirs in log messages with /
  * update TODO
  * escape: apply the minimal ansi highlighting on --help we usually do (#36339)
  * bootctl: fix potential uninitialized memory access (#36329)
  * update TODO
  * update TODO
  * login: Queue session for garbage collection on leader death (#36364)
  * bootctl: fix potential uninitialized memory access
  * bootctl: also shown whether stub loader partition data was passed
  * bootctl: suppress output of empty partition info if we also have no idea about EFI binary path
  * bootctl: minor reordering of fields in output
  * import: update to current fedora keyring
  * update TODO
  * update TODO
  * varlink: fix IDL for errno error
  * logind: map enum strings to underscores in logind
  * update TODO
  * string-util: add str_common_prefix() helper that determines length of common prefix of two strings
  * strv-util: add strv_filter_prefix() helper
  * utf8: add helper that determines length in bytes of last UTF-8 character in string
  * ask-password-api: refuse control characters in passwords
  * terminal-util: tweak any_key_to_proceed() a bit
  * terminal-util: beef up show_menu()
  * firstboot: add auto-completion to various fields
  * homectl: clarify that we pick the default shell if the prompt is skipped
  * homectl: optionally force interactive firstboot query
  * homectl: show full list of selected groups as they are added
  * firstboot: add tab completion for interactive questions (#36271)
  * update TODO
  * homectl: don't show --enforce-password-policy= recommendation in first-boot invocation
  * homectl: when asking for a user pw for an initial homed account at boot, don't insist on strong password
  * terminal-util: output newline at end of "Press any key to proceed" message
  * Firstboot tweaklets (#36424)
  * timedated: rework clock change overflow check
  * tree-wide: pass EBADF to fd params of namespace_fork()
  * mount-util: refactor make_mount_point_inode_from_xyz()
  * core: port mount unit inode creation to make_mount_point_inode_from_mode() too
  * catalog: assign a proper message ID for mounts on symlinked paths
  * mount-tool: modernize umount and make sure it works for bind mounted files
  * mount-tool: add explicitly control of path canonicalization
  * ci: test new logic
  * update TODO
  * update TODO
  * issue: add trailing empty line
  * update TODO
  * homed: make "register" call more friendly
  * user-runtime-dir: use right accessor got get GID of account
  * resolve: cleanups for validating query flags and fix resolving service with record type filter (#36398)
  * homed: return the correct error if an image file is not present when we try to activate it
  * tree-wide: initialize row/column explicitly before calling sd_json_parse_file()
  * homed: explicitly set access mode of private/public signing key pair
  * sd-varlink: add new sd_varlink_get_n_fds() helper
  * notify-recv: add generic implementation of sd_notify() server side dgram recv code
  * importd: port to notify_recv()
  * sysupdate: port to notify_recv()
  * sysupdated: port to notify_recv()
  * nspawn: port to notify_recv()
  * notify: introduce arg_action enum
  * notify: add a new --fork verb that implements a minimal receiver side for sd_notify() messages
  * varlinkctl: introduce new --exec switch
  * test: fix racy machined test
  * ptyfwd-tool: don't segfault if called without arguments
  * homework: unify common error handling
  * core: also check boot ID and product UUID in ConditionHost=
  * Some minor improvements to D-Bus docs (#36467)
  * mkosi: include networkd + import-generator in initrd
  * mkosi: add kernel-bootcfg to all images
  * dissect: optionally derive loop-ref from image filename
  * dissect: add --quiet mode
  * units: add generic service for attaching a file to a loopback device
  * man: mention 'rd.' prefix for import-generator kernel cmdline options
  * import-generator: optionally create loopback devices after download
  * sd-stub: if we are http booted, query source URL and write to EFI variable
  * import-generator: add new option 'bootorigin' to derive URL from efi boot url
  * importd: optionally allow clients to specify alternative image root
  * import-generator: optionally import images into /run/ hierarchy rather than /var/
  * fstab-generator: support creating bind mounts via root= kernel cmdline switches
  * fstab-generator: validate root= and mount.usr= the same way
  * import-generator: give import services better names
  * udev-builtin-blkid: use loopback block device 'ref' field fo determining gpt-auto whole block device
  * gpt-auto-generator: if root=gpt-auto is specified on kernel cmdline, always wait for /dev/gpt-auto-root symlink
  * efi: modernize reconnect_all_drivers() a bit
  * efi-string: add new xstr16_to_ascii() helper
  * efi: add strcspn16()/strspn16() to efi libs too
  * boot: bls type #1 with 'efi' stanza are bls type #1 too
  * boot: be stricter when filtering out invalid bls #1 entries
  * boot: move behaviour checks into per-entry-type helpers
  * boot: add new bls type #1 stanza "uki"
  * boot: add new 'uki-url' bls type #1 menu items for booting remote UKIs
  * vmspawn: split out code that appends kernel command line into its own helper
  * vmspawn: add --smbios11= switch for passing arbitrary smbios type #11 strings to vm
  * vmspawn: simplify cmdline_add_vsock() a tiny bit
  * sd-boot: also read type #1 entries from SMBIOS Type #11
  * boot: when we detect that sd-boot is called as NBP, print friendly message
  * update TODO
  * Support booting from rootfs acquired via HTTP (#36314)
  * update TODO
  * meson: add more space for sections
  * boot: split out line editor
  * boot: make .call() method of BootEntry more complete
  * boot: only do boot counting management for some menu entries
  * boot: only do random seed management for some entry types
  * boot: only save entry for some entry types
  * boot: make regular entries less special
  * boot: move check if secure boot enrollment applies to a single place
  * boot: make secure boot enrollment less special
  * boot: split out call that adds reboot/poweroff/firmware entries
  * preset: enable remote verity targets too
  * integritysetup: add remote-integritysetup.target to match remote-{crypt|verity}setup.target
  * systemd-boot: some refactorings (#36510)
  * make integritysetup/veritysetup more alike cryptsetup when it comes to remote operation (#36501)
  * sd-bus: sort enumerated child objects (#36507)
  * timesync: several trivial cleanups (#36506)
  * tpm2-setup: add missing O_CLOEXEC at two places
  * tpm2-setup: remove redundant fflush_and_check()
  * doc: add document explaining the 3 key components of the boot and how we find the rootfs
  * tpm2-setup: two fixes for tmpfile handling (#36521)
  * udev,sd-device: always use synthetic UUID when triggering uevent (#36514)
  * notify-recv: several followups, port pid1 over too (#36492)
  * udev: modernize udev-builtin-btrfs a bit
  * udev: make gcc static check shut up, regarding strncpy()
  * efivars: kill SystemdOptions efi var support
  * fs-util: add some assert()s
  * pam_systemd_home: update comment
  * pam_systemd_home: tweak order in authentication stack
  * pam-systemd: modernize export_legacy_dbus_address() a bit
  * pam-systemd: rework update_environment()
  * pam_systemd: complement per-area $HOME management with per-area $XDG_RUNTIME_DIRECTORY mgmt
  * test: extend test case to validate per-area $XDG_RUNTIME_DIR
  * update TODO
  * man: follow our certificate/public-key/private-key PEM file naming rules
  * man: follow our own naming rules more closely
  * units: measure the fact we enter storage target mode into TPM
  * units: measure "factory-reset" into PCR 11 when we request factory reset
  * man: clean up how we name our PEM files in examples (#36541)
  * doc: add OSC 3008 spec
  * osc-util: add helpers for writing OSC context events
  * pid1: issue boot context issue at boot
  * nspawn: output context OSC
  * vmspawn: generate vm context OSC
  * machinectl: add OSC context support to login/shell commands
  * run: generate OSC context sequence in run0/system-run
  * pam_systemd: issue context OSC sequences when allocating new TTY session
  * profile: generate shell + command OSC events
  * run: tweak logic how we set $TERM for activated services
  * nspawn: set TERM to "dumb" if we are invoked outside of TTY context
  * terminal-util: change 2nd parameter of terminal_reset_defensive() to flags
  * terminal-util: change conditioning in terminal_reset_defensive()
  * core: also issue OSC 3008 from service context
  * units: measure additional phases into PCR 11 when entering storage target mode or factory reset (#36543)
  * sbsign: Add support for offline signing (#36485)
  * Issue OSC ANSI sequence whenever we change "context" of a TTY, i.e. acquire privs, enter container or VM or similar (#35224)
  * notify-recv: add notify_recv() flavour that returns a split up strv instead of he message text as string
  * homed: port to notify_recv_with_fds()
  * pidref: export hash funcs
  * pidref: take more fields into account in pidref_compare_func()
  * homed: port worker management to PidRef
  * homed: port to notify_recv() + convert to PidRef (#36557)
  * Revert "sd-json: add new sd_json_variant_unset_field() call"
  * osc-context: several follow-ups (#36579)
  * sd-id128: gracefully handle systems where kernel keyring access is blocked
  * tty-askpw-agent: react to SIGTERM while waiting for console
  * units: don't block on terminating agents
  * io-util: fix ppoll_usec() bypass
  * tty-askpw-agent: react to SIGTERM while waiting for console (#36568)
  * mount-tool: various tweaks (#36584)
  * Coverity fixups (#36503)
  * tree-wide: several cleanups and fixlets prompted by Coverity (#36431)
  * resolved: pick up new DNSSEC KSC from 2024
  * dns-stream: only read DNS packet data if we identified the peer properly
  * tpm2-setup: add missing O_CLOEXEC at two places
  * log: explicitly size log_target_max_level()
  * varlink: optionally create leading dirs when binding AF_UNIX socket
  * pam-systemd: default to "lightweight" sessions if area is selected
  * sd-id128: gracefully handle systems where kernel keyring access is blocked
  * resolved: pick up new DNSSEC KSC from 2024
  * dns-stream: only read DNS packet data if we identified the peer properly
  * ptyfwd: rename handler to hangup_handler
  * ptyfwd: add support for additional out-of-band hotkeys in ptyfwd
  * nspawn: add ability to poweroff container cleanly with ^]^]p
  * update TODO
  * shared: add generic factory reset state apis
  * repart: port to new factory reset state apis
  * factory-reset: revamp infrastructure
  * units: also require /dev/tpm0 to be around before tpm2.target can be reached
  * tpm2-clear: optionally reset TPM during a factory reset
  * udev: add builtin that reports current factory reset state
  * gpt-auto symlinks: take factory reset mode into consideration
  * gpt-auto-generator: if root=gpt-auto-force is specified ignore factory reset state
  * docs: document factory reset logic
  * gpt-auto: add common parse_gpt_auto_root() parser
  * update TODO
  * run0: run agents during setup, until pty forwarder takes over
  * factory-reset: rework infrastructure, make it work with gpt-auto, and add support for resetting TPM as part of factory reset (#36512)
  * dissect: show basic image data even when can't enter the file systems
  * image-policy: add image_policy_ignore_designators() helper
  * gpt-auto-generator: move around in_initrd() tests
  * gpt-auto-generator: do not apply image policy on the root fs and /usr/ fs
  * sysext: execute merge even if no extensions are installed as long as --mutable= is on
  * sysext: export backing devnum in metadata dir
  * sysupdate: don't get confused by sysext on /usr/
  * gpt-auto: image policy fixes (#36629)
  * update TODO
  * udev-builtin-blkid: ignore root partitions with name "_empty"
  * sysext,sysupdate: resolve incompatibilities (#36617)
  * hostnamectl: show image info in hostnamectl
  * hostnamectl: add usual ansi underlining to --help text
  * docs: mention when /var/ has to be writable
  * Factory reset followup (#36621)
  * update TODO
  * update TODO
  * terminal-util: during terminal reset clear from beginning of line to end of screen
  * dissect: accept --usr-hash=… too, similar to --root-hash=…
  * pid1: lower log level if BPF LSM is not available
  * update TODO
  * virt: some modernizations
  * virt: detect "linux,dummy-virt" devicetree VMs
  * rules: tag /dev/tpm0 with "systemd" too
  * mime: use 'addon' icon for sysext ddis
  * mime: add mimetype for luks home dir
  * hostnamectl: show transient hostname before static hostname
  * openssl-util: add helper for converting EVP_PKEY to PEM string
  * userdbctl: optionally show user/group data from JSON filerather than from system
  * homed: add apis for managing home signing keys
  * homectl: add signing key management verbs
  * homectl: also import signing keys at firstboot time
  * homectl: add a 'dry-run' mode for registering/creating users
  * user-record: add a concept of inverting per-host matching sections in user record
  * homed: add concept for "adopting" an existing homedir locally
  * homectl: expose "register" verb to register a user record locally
  * homectl: also support registering (rather than creating) home directories via system credentials
  * homectl: making stripping of signatures from user records optional
  * homed: rescan /home/ in more occasions automatically
  * homed: suppress warning if quota is not on on /var/ and elsewhere
  * homed: re-establish inotify watches on SIGUSR1
  * homectl: add interface for controlling storage for negative machine ID matches
  * homectl: rearrange --help text with sections
  * test: add integration test for the functionality added in this PR
  * update TODO
  * add a mime type for *.home LUKS home dir files too (#36662)
  * virt: detect "linux,dummy-virt" devicetree VMs (#36655)
  * homed: add key management toolchain (#36513)
  * vmspawn: optionally grow image
  * nsresourced: fix offset
  * nsresourced: permit numeric uid/gid also be specified as strings
  * nsresourced: clear up some type confusion
  * nsresourced: fix initialization of netns_fd_idx
  * vmspawn: properly exit in vmspawn child on failure
  * nsresourced,mountfsd: set userdata pointer via varlink_server_new()
  * update TODO
  * core/service: introduce sd_notify() RESTART_RESET=1 for resetting restart counter (#36698)
  * cgroup-util: Handle capsule@ paths like user@ paths  (#36664)
  * update TODO
  * basic: move gethostname_full() from basic/hostname-util.c → shared/hostname-setup.c
  * hostname: support that /etc/hostname contains ??? as wildcards to be replaced by hash value from /etc/machine-id
  * test: add test checking if pattern based hostnames work
  * update TODO
  * update TODO
  * mountfsd: complete varlink introspection comments
  * mountfsd: also return suggested mount point paths for the returned partitions
  * update TODO
  * update TODO
  * update TODO
  * Fixes several recent CI issues (#36691)
  * test-cgroup-util: Check return values (#36024)
  * boot: fallback to unrestricted allocation if initrd allocation doesn't fit below 4g (#36715)
  * units: order oomd after swap.target
  * man: document how Restart= reacts to oom kill
  * update TODO
  * update TODO
  * bootctl: make sure bootctl --image= works on image with /usr/ but without /
  * bootctl: tweak status output when operating on --image= files
  * bootctl: make sure bootctl --image= works on image with /usr/ but without / (#36727)
  * coredump,analyze: use read_full_file() for reading various top-level /proc/ files
  * manager: explicitly create our private runtime directory
  * analyze: don't connect to bus from analyze test run
  * pid1: don't connect to oomd in test runs
  * execute: add some minor debug logging
  * test-execute: prominently show which test we are about to enter
  * emergency-action: sleep 5s before rebooting in various cases
  * analyze: don't connect to bus from analyze test run (#36719)
  * firstboot: welcome user with emoji in firstboot wizard 🧙
  * udevadm: check number of passed arguments
  * exec: when we have no $TERM configuration, and we default to vt220, also set $COLORTERM
  * main: explicitly pick up $COLORTERM + $NO_COLOR from kernel cmdline where we pick up $TERM
  * nspawn,run,machinectl,socket-activate: propagate $COLORTERM + $NO_COLOR
  * udev: several follow-ups and cleanups for builtin commands (#36768)
  * better support for $COLORTERM (#36770)
  * namespace-util: make "setgroups" users property writable via userns_acquire()
  * namespace-util: introduce userns_acquire_self_root()
  * namespace: simplify apply_one_mount() a bit
  * nsresourced: permit differing uid/gid
  * nsresourced: add ability to delegate tap device
  * network: also manage namespace tap links
  * nsresource: add client-side wrapper for creating tap links
  * vmspawn: support unpriv tap networking
  * nsresourced: explicitly remove network interfaces when their userns goes away
  * nsresourced: put a limit on delegated network interfaces too
  * nsresourced: check polkit before executing our operations
  * varlink: add full introspection comments for io.systemd.NamespaceResource
  * nsresource: turn feature absence error into EOPNOTSUPP
  * test: add test for nsresourced
  * update TODO
  * tree-wide: go via user_record_gid() accessor for UserRecord's .gid field
  * nspawn: go via user_record_home_directory() accessor for .home_directory UserRecord field
  * tree-wide: refuse user/group records lacking UID or GID
  * xattr-util: rework getxattr_at_malloc()
  * cgroup-util: remove cg_get_xattr(), it's apparently unused
  * xattr-util: refuse embedded NUL bytes in getxattr_at_malloc() (#36713)
  * update TODO
  * TODO
  * man: base64 is not hex
  * update TODO
  * veritysetup: automatically generate unit name, instead of hardcoding it
  * veritysetup-generator: exit on first error
  * veritysetup-generator: specify source for generator_open_unit_file()
  * veritysetup-generator: repeat format string arguments a bit less
  * sd-event: make pidfd copy in event_add_child_pidref()
  * generator: skip fsck early for non-blockdev file systems, or file systems that are always read-only
  * tpm2-util: return better errors if we try to unlock a tpm key on the wrong tpm
  * cgroup: whenever we migrate a PID to a unit, explicitly drop unit from empty notification queue
  * Several fixlets for Coverity (#36791)
  * namespace: use EBADF where appropriate
  * vmspawn: allow TPM state to be persistent + rework runtime dir logic
  * Add --root for systemd-update-done and other small fixups (#36803)
  * core: fix C type handler for ExitCode property
  * core: not sure why but TTYRows/TTYColumns property is 16bit towards outside, 32bit inside, handle that properly
  * boot: fallback to unrestricted allocation if initrd allocation doesn't fit below 4g (#36715)
  * manager: explicitly create our private runtime directory
  * analyze: don't connect to bus from analyze test run
  * pid1: don't connect to oomd in test runs
  * execute: add some minor debug logging
  * test-execute: prominently show which test we are about to enter
  * udevadm: check number of passed arguments
  * cgroup: whenever we migrate a PID to a unit, explicitly drop unit from empty notification queue
  * coredump: rename fix_permissions() → fix_permissions_and_link()
  * coredump: do not remove PID1/journal coredumps if Storage=journal is used
  * coredump: make sure we initialize all return parameters on success of save_external_coredump()
  * coredump: do not disable removal of temporary coredump file
  * homed: always use quotactl_fd() if its available
  * homed: don't log error we don't have
  * pcrextend: whenever we fail to extend PCRs, reboot immediately
  * xattr-util: add trivial getxattr_at_strv() helper
  * xattr-util: add trivial xsetxattr_strv() wrapper
  * validatefs: add new tool that enforces mount constraints
  * generators: hook in validatefs on gpt-auto and fstab generator mounts
  * repart: automatically generate validatefs xattrs
  * ci: add -no-xattrs to unsquashfs cmdline
  * ci: add test for new validatefs work
  * update TODO
  * man: run 'update-man-rules' again
  * unit: don't bother determining unit install state for transient or perpetual units
  * unit: initialize unit_file_preset field to valid value
  * unit: return a better error state for unit_get_unit_file_preset() if we have no fragment path
  * core: fix C type handler for ExitCode property
  * core: not sure why but TTYRows/TTYColumns property is 16bit towards outside, 32bit inside, handle that properly
  * homed: don't log error we don't have
  * selinux-util: rename return parameter to ret_xyz
  * selinux-setup: modernizations
  * process-util: add pidref-based version of wait_for_terminate_and_check()
  * logind: split utmp related code into logind-utmp.[ch]
  * logind: save logind session information to disk once we acquired it via utmp
  * prioq: invalidate index pointers on removal
  * prioq: add some minor overflow checking assert()s
  * sd-journal: make return parameter to sd_journal_get_cursor() optional
  * sd-journal: document relevant sd_journal_get_cursor() error codes
  * journald: split out varlink code into a separate .c file
  * journald: document Varlink interface
  * journald: rename stdout_stream_destroy() → stdout_stream_terminate()
  * journald: do not schedule idle timer if our event loop is dying
  * varlink: add common helper that refuse method calls from unpriv clients
  * sd-event: don't consider no pending IO event a programming error in sd_event_source_get_io_revents()
  * rules: split out gpt-root rules from 99-systemd.rules
  * dissect-image: after probing file systems, we still have the chance to not use a partition
  * udev-builtin-blkid: look for ESP/XBOOTLDR only in initrd; afterwards just look at /
  * udev-builtin-blkid: skip GPT dissection unless we actually have partition support
  * generator: also suppress fsck early if we are adding a bind mount
  * generator: downgrade complaint about trying to fsck a non-block device
  * udev-builtin-blkid: look for ESP/XBOOTLDR only in initrd; afterwards just look at /
  * udev-builtin-blkid: skip GPT dissection unless we actually have partition support
  * udev: add dissect_image builtin
  * dissect-image: rework how we determine that we are ready to do verity/verity-sig
  * dissect-image: guess verity root hash from the resources we found
  * dissect-image: relax image policy logic a bit
  * gpt-auto-generator: optionally, set up root fs via dissection logic
  * generator: add root=off to explicitly turn search for rootfs off
  * gpt-auto-generator: add support for mount.usr=dissect
  * gpt-auto-generator: add support for setting up verity partitions automatically
  * veritysetup: optionally pick up roothash/roothashsig from udev device db entry
  * dissect-image: add a concept for "filtering" partitions we dissect
  * dissect-tool: expose image filtering via new --image-filter= parameter
  * builtin-dissect_image: add support for image filters
  * gpt-auto-generator: parse systemd.image_filter= from kernel cmdline
  * man: document image filters
  * dissect-image: move extension release arguments of verity_dissect_and_mount() into a structure
  * veritysetup: when we fail to unlock a disk with the root hash signature logic, retry without
  * gpt-auto-generator: write fsck override unit to "middle" generator dir
  * man: document new gpt-auto-generator features
  * update TODO
  * build-path: make invoke_callout_binary() honour $PATH as last resort
  * udev: new "image_dissect" builtin that can be used to generate symlinks based on partition designators (#36631)
  * update TODO
  * bootctl: replace --no-variables by --variables=BOOL
  * Revert "sd-netlink: prepare buffer for dropping unexpected message"
  * netlink-socket: ignore ECHRNG/EXFULL errors from recvmsg_safe() if we expect truncation
  * netlink-socket: extend comments a bit
  * shutdown: handle gracefully if a device disappears while we detach it
  * netlink-socket: ignore ECHRNG/EXFULL errors from recvmsg_safe() if we expect truncation
  * man: explain coredump handling in context of containers better
  * pid1: add a concurrency limit to slice units
  * test: add integration test for concurrency limits
  * update TODO
  * core: add concurrency limits to slice units (#36831)
  * docs: add more markdown markup to UIDS_GIDS.md
  * sd-varlink: refuse accepting more than 253 fds to send along with a Varlink message
  * man: document sd_varlink_push_fd()
  * sd-varlink: put a limit on queued outgoing messages
  * man: document sd_varlink_send()
  * man: fix include line in sd_varlink_set_description() man page
  * TODO
  * sd-varlink: enforce some queuing limits + document associated api functions (#37289)
  * boot: make console_key_read() return param optional
  * exec-util: make missing agents a gracefull handled issues
  * README: mention explicitly that dmi-sysfs must be built-in, cannot be loaded as kmod
  * bless-boot: switch from last_path_component() to path_find_last_component()
  * bless-boot: in "status" output report bad state from prev boot as "dirty"
  * bless-boot: never try to rename an entry file onto itself
  * bless-boot: some fixes (#37375)
  * sd-boot: add support for a sysfail entry (#34856)
  * notify-recv: optionally return event source from notify_socket_prepare()
  * socket-util: make return parameter to socket_autobind() optional
  * sd-netlink: allow configuration of flags parameter when creating message object
  * sd-netlink: add minimal support for sock_diag netlink sockets
  * socket-util: add af_unix_get_qlen() helper to determine number of queued connections on AF_UNIX listener socket
  * journald: use log_warning_errno() where appropriate
  * test: add sync request until all logging about the test unit is done
  * journalctl: if there's not a single matching log entry, seek to head
  * journalctl: send READY=1
  * fork-journal: add helpers for spawning off journalctl from 'systemctl start' or 'systemd-run'
  * journalctl: make arg_image_policy non-static, just like all other arg_xyz variables
  * journalctl: optionally delay --follow exit for a journal synchronization
  * run: add --verbose mode
  * systemctl: add --verbose mode
  * journald: downgrade event source priority of kmsg to same as native/syslog inputs
  * journald: rework the Synchronize() varlink logic
  * journalctl: make Synchronize() call more lighweight, by not asking for offlining
  * journald: make journal Varlink IPC accessible to unpriv clients
  * run: split out result display code into separate helper call
  * run: rework final status output to be based on format-table.h APIs
  * test: add test for "systemd-run -v"
  * journal-remote: destroy event sources before MHD context
  * journal-upload-journal: reduce indentation a bit
  * journal-upload-journal: handle partially written fields gracefully
  * logs-show: drop unused function parameter
  * logs-show: handle bad messages like EOF
  * logs-show: use memory_startswith() rather than startswith()
  * compress: deal with zstd decoder issues gracefully
  * update TODO
  * bash: add shell completion
  * systemctl: add "systemctl start -v" mode, which shows unit's logs while starting the unit (#36858)
  * update TODO
  * journald: rename primary object from "Server" to "Manager"
  * fork-journal: some follow-ups (#37423)
  * Address post-merge issues in the sysfail entry functionality (#37426)
  * avoid race between systemd-logind and systemd-udevd in setting ACLs (#36444)
  * validatefs: split out validate_fields_check() into three functions
  * validatefs: properly authenticate all subordinate devices of DM devices
  * repart: initialize validatefs xattrs to list *all* verity subordinate partitions
  * man: document that gpt-label/gpt-type uuid xattrs are now lists
  * ci: extend validatefs testcase to validate verity partitions
  * test: attempt to fix resolved wait-online testcase
  * validatefs: fix checks on file systems backed by multiple devices (i.e. verity) (#37434)
  * shutdown: handle gracefully if a device disappears while we detach it
  * man: explain coredump handling in context of containers better
  * sd-varlink: refuse accepting more than 253 fds to send along with a Varlink message
  * core: always handle method call params via sd_varlink_dispatch(), even if we accept none
  * bus-polkit: add a generic vtable for methods with no params, but with polkit
  * man: don't claim REMOTE_PORT= was initialized to the protocol for AF_RAW sockets
  * man: correct version information when $REMOTE_ADDR/$REMOTE_PORT where added
  * socket-util: add trivial socket_get_cookie() helper
  * core: pass the socket cookie to invoked per-connection service instances as $SO_COOKIE env var
  * core: name socket unit instances after the socket cookie
  * update TODO
  * varlink: two tweaks for method call handling (#37466)
  * man: document how to hook stuff into system wakeup
  * tree-wide: fix use of flink_tmpfile()
  * Clean up includes (#37467)
  * terminal-util: explicitly reset cursor
  * catalog: add more entries
  * man: reword recommendations around Accept=
  * sd-bus: drop a bunch of 'else'
  * update TODO
  * resolved: add a new DnsScopeOrigin enum, to delcare the "origin" of a DnsScope explicitly
  * resolved: add concept of delegating lookups below certain domains to specific DNS servers
  * resolvectl: rework parsing of dns server + search domain bus properties
  * resolvectl: show delegate information, too
  * man: document dns-delegate files
  * test: add simple integration test for delegation feature
  * resolved: add new "DNS Delegate" concepts (#34368)
  * Prettify bootctl status (#37524)
  * update TODO
  * env-file: add helper for printing a properly escaped env var file assignment
  * logind: port logind state files to fopen_tmpfile_linkable()
  * logind: fix escaping of various fields in state files
  * logind: always enclose list fields (that may contain spaces) in quotes
  * logind: save/restore inhibitor process pidfdid
  * logind: also save pidfdid as part of session state, even if we don't parse it
  * machined: call pidref_verify() in some cases this was missing
  * logind: rename EnableWallMessages= configuration knob to WallMessages= (#37553)
  * env-file: rework write_env_file() to make use of O_TMPFILE
  * logind: fix serialization of display user field
  * path-util: add flavour of path_startswith() that leaves a leading slash in place
  * cgroup: port some code over to path_startswith_full()
  * path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag
  * loginctl,machinectl: use LESS_BY() where appropriate
  * units: enable watchdog notifications for vmspawn
  * update TODO
  * machinectl: fix indentation of status output field
  * varlinkctl: if returned error is an errno, print it as one in log message
  * polkit: reword 'Interactive authentication required' error
  * homed: generate proper error if we cannot create mountpoint for homedir
  * logind,machined: expose bus properties for leader PID fd ids, too
  * machine: insist in a valid root directory
  * machine: port machined state files to fopen_tmpfile_linkable()
  * machine: properly remove unit name symlink on removal
  * machine: use the correct escaping calls for machine metadata
  * machine: save/restore machine leader pidfdid
  * machine: modernizations of serializing/deserializing netif data
  * machine: also save/restore vsock CID properly
  * machine: as safety precaution also check parsed machine name
  * machine: shorten code
  * machine: rework machine_gc()
  * machine: fix log message, doesn't have to be scope unit, can by any
  * sd-json: add json_dispatch_const_filename()
  * mountfsd: add call for creating a foreign UID owned dir in dir owned by caller
  * varlinkctl: optionally push fds to server
  * ci: add test case for io.systemd.MountFileSystem.MakeDirectory() and varlinkctl --push-fd=
  * Assorted systemd-machined fixes (#37622)
  * mountfsd: add ability to create dir owned by foreign UID range in unpriv $HOME (#37616)
  * man: don't claim REMOTE_PORT= was initialized to the protocol for AF_RAW sockets
  * man: correct version information when $REMOTE_ADDR/$REMOTE_PORT where added
  * machined: call pidref_verify() in some cases this was missing
  * homed: generate proper error if we cannot create mountpoint for homedir
  * update NEWS in preparation for v258
  * update TODO
  * update NEWS
  * tree-wide: only use .si_pid field in siginfo_t, if .si_code indicates that's safe
  * mount-util: avoid unnecessary mount_setattr() call in make_fsmount()
  * repart: make use of blkid_partition_get_type_id128() more
  * repart: make CopyBlock=auto work for verity sig partitions
  * Update TODO
  * repart: fix generation of UUID= line for vfat in fstab entries
  * repart: set a useful access mode file for generated fstab files
  * repart: fix generation of UUID= line for vfat in fstab entries (#37689)
  * man: mention systemd-userdb-load-credentials.service when discussing /run/userdb/ drop-ins
  * man: add reference from userdbctl man page to nss-systemd regarding user record drop-ins
  * man: emphasize that systemd-userdb-load-credentials.service doesn't do UID/GID allocation
  * nss-systemd/userdb drop-ins: various doc updates (#37693)
  * tpm2-util: correct copy/pasted error message
  * pcrlock: add "is-supported" verb that checks if the local TPM supports the commands we need for pcrlock
  * measure: generate a more useful error in case SHA1 support is disabled by distro
  * pcrlock: make error messages more useful if PCR state doesn't match policy during PolicyOR
  * pcrlock: also refuse lacking SHA-256 support early when creating policy
  * tpm2-util: also generate recognizable error if PolicyAuthorizeNV fails
  * tpm2-util: add a brief summary of tpm2_unseal() return values in a comment
  * tpm2: add a clear error message for all errors that suggest a PCR violation
  * tpm2-util: use BIT_FOREACH() more
  * tpm2-util: guarantee that verb_has_tpm2_generic() returns usable exit status
  * tpm2: various smaller fixes, mostly about better error messages and support checking (#37690)
  * compress: avoid a bunch of div-by-zeroes
  * resolved: honour SD_RESOLVED_NO_CNAME flag when processing cache
  * doc: mention 'exitrd' term
  * doc: clarify that root storage daemons need unit files
  * update TODO
  * sd-login: modernize return parameter handling
  * sd-login: place inner part of sd_login_monitor_new() by a table
  * sd-login: port sd_peer_get_cgroup() to SO_PEERPIDFD
  * compress: get rid of a bunch of 'else'
  * journal-file: let's make journal_file_copy_entry() robust against concurrent writing of the source
  * journal: make journal_file_copy_entry() robust towards copying invalid/half-written source journal files (#37732)
  * io-util: protect against INT_MAX overflow in flush_fd()
  * sd-login: various modernizations (#37728)
  * sd-daemon: add sd_pidfd_get_inode_id() (#37679)
  * resolvectl: output slightly more data when --raw=payload is used
  * man: reword --raw= explanation a bit
  * resolvectl: improve error message if we do not support dumping payload of RR
  * hostname-util: add new helper split_user_at_host()
  * machined: open up OpenMachinePTY() for unpriv clients
  * run: chop off username from --machine= argument before calling OpenMachinePTY()
  * journalctl: politely refuse if non-root usernames are specified for --machine=
  * sd-bus: port to split_user_at_host()
  * sd-bus: treat '@' as equivalent to '@.host'
  * resolvectl: --raw improvements (#37743)
  * fixes for --machine= handling in run0 and journalctl (#37741)
  * varlink-util: format system errors via %m in varlink_call_and_log()
  * dissect-image: port to varlink_callbo_and_log()
  * mountfsd: slightly relax check on image fds
  * add CITATION.cff file
  * man: suggest using --unlock-tpm2-device=auto in cryptenroll example
  * mountfsd: support processing block devices with MountImage() (#37746)
  * journal: use EBADMSG for invalid data in file mmap
  * journal: determine compression once, not twice
  * journal: add 'const' at one more place
  * journal: replace a bunch of assert() with friendlier checks
  * journal: concurrent update fixes (#37757)
  * conf-files: use proper enum for flags parameters
  * core: break lines in some overly long function calls
  * generator: check $SYSTEMD_SCOPE rather than cgroup membership
  * generator: improve scope check (#37761)
  * update TODO
  * gpt: add partition_designator_is_verity() helper
  * udev: add udev properties that point to verity/verity sig metadata partitions from data partitions
  * repart: try harder to find verity-sig partitions for CopyBlocks=auto
  * repart: use partition_designator_is_verity_sig() + partition_designator_is_verity() more
  * tree-wide: basename -> path_extract_filename (#34906)
  * repart: fix CopyBlocks=auto for verity-sig partitions, even harder (#37704)
  * codeql: taint basename()
  * nspawn: start polkit agent while we do polkit operations
  * machined: properly open up all missing method calls via D-Bus to unpriv clients
  * machined: open up machine registration for unpriv clients also via D-Bus
  * nspawn: do basic port to PidRef
  * tree-wide: say in log message that we ignore error conditions of certain sockopts
  * resolved: ignore mDNS replies from legacy mDNS ports
  * vmspawn: add extra drives *after* the primary drive, not before
  * update TODO
  * nsresourced: make sure "tun" driver is properly loaded and accessible
  * units: make sure the network tap driver is actually loaded
  * networkd: actually install 80-namespace-ns-tun.*
  * hostname-util: introduce machine_spec_valid() and check --machine= value everywhere (#37851)
  * network/dhcp-server: improvements for saving/loading leases (#37835)
  * stub: call inner kernel directly (#37372)
  * various: turn off SO_PASSRIGHTS where fds are not expected (#37759)
  * core/timer: Introduce RandomOffsetSec= knob (#36437)
  * fs-util: replace symlink_atomic_full_label() by a flag to symlinkat_atomic_full()
  * env-file: port write_env_file() to label_ops_pre()
  * firstboot: use WRITE_STRING_FILE_LABEL more
  * tmpfiles: fix symlink creation when replacing
  * firstboot: make sure labelling is enabled
  * update TODO
  * sd-bus: several coding style cleanups (#37867)
  * fd-util: move cmsg_close_all() to socket-util.[ch]
  * tpm2-util: recognize DA lockout mode and PIN failures properly
  * cryptsetup: handle DA lockout/bad PIN properly
  * resolved: split out helper that determines on RefuseRecordTypes= match
  * resolved: use dns_question_isempty() where appropriate
  * resolved: honour RefuseRecordTypes= also in proxy mode
  * resolved: make bypass tests work
  * nspawn: --network-veth also works with unpriv nspawn
  * logind: fix minor coding style issues
  * logind: fix boolean comparison
  * bootctl: be more careful when opening arbitrary files from ESP
  * bootctl: when updating everything check PE machine type
  * copy: when looking for file holes, consider empty data segments
  * core: escape UTF-8 in mount unit Where field before sending to clients
  * update TODO
  * update TODO
  * homed: set "secrets" section to 'sensitive' in more places
  * userdb: when loading a user record from JSON, mark 'secret' section in JSON variant as sensitive as side effect
  * core: output log cycle path in one log message, not many
  * core: make log cycle messages recognizable via message IDs
  * core: change ordering cycle log message log levels
  * core: cast log_oom() got void
  * core: when removing a job from a transaction, include in structured log message which
  * catalog: add entries for the order cycle log messages
  * console: when switching console modes and one doesn't work, always go for the next
  * bootspec: ensure memory free in one error path
  * user-record: also support "aliases" in the "status" section of user records
  * import: rename keyring extension from .gpg to .pgp and add OBS key for system:systemd (#37927)
  * udev: reset loopback block device ownership and mode on detach
  * tree-wide: use sd_bus_message_send() instead of sd_bus_send() wherever possible
  * core: when PrivateDevices= is enabled and we need to decrypt TPM2 credentials, go via IPC
  * logind: save position only if we have a seat
  * mount-util: avoid unnecessary mount_setattr() call in make_fsmount()
  * repart: fix generation of UUID= line for vfat in fstab entries
  * compress: avoid a bunch of div-by-zeroes
  * resolved: honour SD_RESOLVED_NO_CNAME flag when processing cache
  * doc: mention 'exitrd' term
  * doc: clarify that root storage daemons need unit files
  * io-util: protect against INT_MAX overflow in flush_fd()
  * resolvectl: output slightly more data when --raw=payload is used
  * man: reword --raw= explanation a bit
  * resolvectl: improve error message if we do not support dumping payload of RR
  * man: suggest using --unlock-tpm2-device=auto in cryptenroll example
  * resolved: ignore mDNS replies from legacy mDNS ports
  * units: make sure the network tap driver is actually loaded
  * resolved: make bypass tests work
  * homed: set "secrets" section to 'sensitive' in more places
  * console: when switching console modes and one doesn't work, always go for the next
  * bootspec: ensure memory free in one error path
  * core: escape UTF-8 in mount unit Where field before sending to clients
  * bootctl: be more careful when opening arbitrary files from ESP
  * bootctl: when updating everything check PE machine type
  * terminal-util: switch from TCSADRAIN to TCSANOW for all tcsetattr() calls
  * boot: downgrade log messages about invalid timeouts
  * repart: make file system sector size configurable
  * repart: trivial modernizations
  * repart: respect minimum sector size for ESP/VFAT partitions
  * docs: properly document inhibitor locks
  * logind: introduce a proper error if op is blocked by inhibitor lock
  * fix docs for inhibitor logic (#37975)
  * repart: enforce minimum size on ESP based on sector size (#37899)
  * man: add proper version info for RandomizedOffsetUSec
  * shared: make sure RandomizedOffsetUSec can be set as transient prop
  * core: fixes for RandomizedOffsetSec= feature (#37981)
  * cpu-set-util: fix null pointer dereference and several cleanups (#37900)
  * resolved: when determining error to return, prefer "conclusive" over "inconclusive" errors
  * resolved: don't wait for TLS close_notify replies unnecessarily
  * logind: use memdup_suffix0() where appropiate
  * logind: pick up tty info from utmp only for tty sessions
  * update NEWS with even more features for v258
  * logind: pick up tty info from utmp only for tty sessions (#38034)
  * pcrlock: include pcrlock features in exit status
  * logind: Don't match non-leader processes for utmp TTY determination (#38027)
  * getty: support /run/issue.d/
  * ssh-generator: generate /etc/issue.d/ with VSOCK ssh info data
  * conf-files: if CONF_FILES_REGULAR|CONF_FILES_DIRECTORY is used together allow either file or dir
  * tree-wide: Add more socket units (#37991)
  * chase: when chasing paths, trigger automounts
  * pcrlock: process components outside of location window properly
  * ssh-generator: generate /etc/issue.d/ with VSOCK ssh info data (#37819)
  * seccomp-util: allowlist open_tree() as part of @file-system
  * Two follow-ups for recent PRs (#38062)
  * Unify error messages for transient settings, fix handling of Ex variants (#38083)
  * tree-wide: "human readable" → "human-readable"
  * man: improve Description= documentation
  * bootspec: rename boot_entry_type_to_string() to boot_entry_type_description_to_string()
  * bootspec: include 'UKI' in descriptive name for type #2
  * bootspec: rename BootEntryType values
  * bootspec: rename boot_entry_source_to_string() to boot_entry_source_description_to_string()
  * bootspec: boot_entry_source_to_json_string() to boot_entry_source_to_string()
  * man: also use title case in systemd.service(5)
  * pid1: properly report if we managed to kill a process by cgroup
  * pid1: add ability to kill processes in a subgroup of a unit
  * systemctl: add --kill-subgroup= switch for killing subcgroup
  * test: add testcase for subcgroup killing
  * tree-wide: switch a bunch of sd_bus_error_setf() to sd_bus_error_set()
  * add api to kill subcgroups of units (#38102)
  * machinectl: fix status output indentation
  * nspawn: don't use strjoina() for user controlled strings
  * nspawn: add argument comments to various calls
  * nspawn: fix parser of --notify-ready=
  * vmspawn: tighten parser of EXIT_STATUS=
  * nspawn: Support idmapped mounts on homed managed home directories (#38069)
  * test: invoke systemd-nspawn properly from a session
  * update TODO
  * update TODO
  * cgroup: handle ENODEV on cg_read_pid() gracefully
  * update TODO
  * core: followups for the recent subgroup killing commits
  * Introduce ERRNO_IS_FS_WRITE_REFUSED(), and use it in binfmt_mounted() (#38117)
  * pidref: add pidref_set_pid_and_pidfd_id()
  * cgroup-util: add cg_path_get_unit_full() helper and related calls
  * machined: optionally track machines in cgroup subgroups
  * machined: track UID owner of machines
  * machined: use different polkit actions for registering and creating a machine
  * machined: also track 'supervisor' process of a machine
  * machined: explicitly watch machine cgroup for getting empty
  * machined: add a bit more debug logging
  * machinectl: output supervisor info in status output
  * nspawn: reorganize scope allocation/registration logic
  * nspawn: slightly beef up READY= logic in nspawn
  * nspawn: tweak logging/notifications when processing exit requests
  * nspawn: properly order include of constants.h
  * vmspawn: use VM leader PID not vmspawn PID to register machine
  * vmspawn: spawn polkit during registration phase
  * vmspawn: substantially beef up cgroup logic, to match more closely what nspawn does
  * vmspawn: introduce --notify-ready= switch
  * vmspawn: do not set vt220
  * units: add units for vmspawn/nspawn in --user mode too
  * units: systems might take a while to boot
  * test: add testcase for unpriv machined nspawns reg + killing
  * update TODO
  * machined: make registration of unpriv user's VMs/containers work (#37855)
  * Support global sysext/confext in systemd-stub/systemd-sysext (#38113)
  * update TODO
  * core/scope: drop effectively unused unit_watch_pidref() calls (#38186)
  * tree-wide: the env var is called $XDG_RUNTIME_DIR, not $XDG_RUNTIME_DIRECTORY
  * machined: align string table
  * machined: use RET_GATHER() more
  * machined mini tweaks (#38226)
  * repart: do not enforce 10M min size for immutable file systems by default
  * btrfs-util: use BTRFS_IOC_GET_SUBVOL_INFO ioctl()
  * discover-image: pick up subvol ctime, too
  * Enable KEY_PERFORMANCE key present on Linux 6.17 (#38533)
  * update TODO
  * cryptsetup: reference right variable
  * tree-wide: don't play games with alignment around file_handle
  * dissect-image: fix two log messages in mountfsd_mount_directory_fd()
  * mountfsd: include polkit allowInteractiveAuthorization field in IDL
  * importd: accept a single space as SHA256SUMS separator
  * fd-util: fix path_is_root_at() when dealing with detached mounts
  * update TODO
  * nspawn: the second time on_orderly_shutdown() is called userdata is NULL (#38709)
  * import-generator: disable timeout for downloaded images
  * nsresourced: use a hashed rather than a mangled name as fallback
  * update TODO
  * todo - main
  * vmspawn: initialize block device "serials" from backing file name
  * vmspawn: support specfiying relative paths to tpm state dir, by prefixing with ./
  * pull: fix SHA256SUMS fallback for file:// URLs
  * sd-boot: rename "path" field to "directory"
  * pcrextend: add documentation for varlink api
  * copy: calculate bytes per second while copying, and pass to progress info
  * varlink: add IDL comments to basic Varlink service interface
  * tmpfile-util: introduce new CLEANUP_TMPFILE_AT() API
  * meson: fail build when encountering unused variables
  * meson: sort components
  * sd-json: make sure JSON_BUILD_STRING_UNDERSCORIFY() maps + to _, too
  * sd-json: allow sd_json_dispatch() accept NULL pointers and treat them like empty objects
  * format-table: add TABLE_VERSION cell type
  * kernel-install: when listing kernels sort them by version
  * chase: mask away CHASE_MUST_BE_REGULAR in chase_openat()
  * chase: honour CHASE_MUST_BE_DIRECTORY/CHASE_MUST_BE_REGULAR properly in chase_and_openat() and related calls
  * sd-id128: tighten rules on chasing machine-id files
  * pull-job: fix include order
  * export-tar: refuse to write tar to a TTY
  * import: always use the same buffer size
  * meson: downgrade dep on libgcrypt
  * sd-varlink: add api for resetting timeout to default
  * sd-varlink: optionally handle SIGTERM/SIGINT explicitly in simple varlink event loop
  * man: run update-man-rules
  * btrfs-util: try unlinkat(AT_REMOVEDIR) before resorting to btrfs ioctls
  * Bump required minimum version of libfido2 to 1.5.0 (#38975)
  * units: explicitly reset TTY before running stuff on console
  * mountfsd: uncomment CapabilityBoundingSet= line
  * mountfsd: add recognizable error if we pass an fd with unexpected flags
  * sd-varlink: two small additions (#38994)
  * chattr-util: add inode_type_can_chattr() helper
  * acl-util: add new inode_type_can_acl() helper
  * creds: modernize varlink server setup a bit
  * creds-util: tweak error code generation in decrypt_credential_and_warn() a bit, and add a comment listing it
  * creds: expose more errors as explicit varlink errors
  * core: if we cannot decode a TPM credential skip over it for ImportCredential=
  * creds-util: don't reference superblocks when decrypting creds
  * fileio: modernize xopendirat() a bit
  * importd: port to PidRef
  * various: port remaining users of setmntent() to libmount (#38929)
  * build: make libaudit dep dlopen()
  * audit: shortcut some audit syscalls if we are compiled without audit support anyway
  * openssl-util: make openssl_load_private_key()'s ret_ui parameter optional
  * repart: never use a grain size below sector size
  * repart: add some line breaks
  * repart: tweak byte value output
  * machine-credential: include the high-level not the low-level string-util.h
  * machine-credential: replace machine_credentials_contains() by machine_credential_find()
  * machine-credential: add low-level machine_credential_add() as common back-end for machine_credential_set() + machine_credential_load()
  * job: shorten code
  * unit: line-break overly long parameter list + add assert()
  * core: fix status output suppression
  * dlopen() libaudit (#38998)
  * repart: some smaller tweaks (#38995)
  * bootctl: switch a few getenv() calls to secure_getenv()
  * bootctl: use RET_GATHER() all over the place
  * bootctl: normalize some enum definitions
  * bootctl: split out varlink setup into a helper call of its own
  * bootctl: downgrade messages about foreign EFI files
  * bootctl: don't update $ESP/EFI/BOOTX64.EFI twice
  * bootctl: output a more precise log message when updating existing EFI vars
  * bootctl: split out auto-enroll cert load code into function of its own
  * small refactorings of the machine-credential code (#38982)
  * pam: make libpam a dlopen() based dependency
  * meson: fix type in comment
  * dissect-image: simplification
  * glyph-util: add missing ascii represenations of some emojis
  * ptyfwd: reset tty when exiting
  * sd-device: add device_get_sysattr_u64() helper
  * blockdev-list: optionally return finds as list instead of writing it to stdout
  * blockdev-list: also pick up block device size
  * repart: add basic Varlink support, for now only with a ListCandidateDevices() call
  * blockdev-list,repart: optionally, filter list of candidate block device and remove OS root disk
  * blockdev-list,repart: optionally hide zero-size block devices
  * test: add simple testcase for io.systemd.Repart.ListCandidateDevices
  * repart: add a very basic varlink interface (#39072)
  * udev,login: update ACL on static device nodes (#39071)
  * docs: add a governance document
  * measure: strip tpm 1.x remnants
  * boot: check protocol version before assuming GetActiveBanks() exists
  * cleanup: add cleanup func macro that renames the function
  * tree-wide: drop deps on libacl
  * acl: turn libacl dep into a dlopen() one
  * boot: work around ansi color issues between sd-boot, uefi and terminals
  * boot: return to beginning of line when enrolling
  * boot: let's make the one space we output early on invisible
  * sd-boot: terminal handling tweaks (#39026)
  * glyph-util: add more emojis
  * prompt-util: add generic prompt loop implementation
  * terminal-util: add terminal_get_cursor_position() helper
  * pretty-print: add WITH_BUFFERED_STDOUT() helper
  * macro: add simple DEFER_VOID_CALL() helper
  * prompt-util: add helpers that paint some "chrome" on top/bottom of screen
  * firstboot: show blue "chrome" bar at top
  * firstboot: modernize --help output
  * firstboot: don't call this thing a "wizard"
  * meson: drop libblkid dep from components not using it directly
  * libblkid: turn into dlopen() based dep
  * blkid-util: add blkid_probe_lookup_value_id128() helper
  * libblkid → turn into dlopen() dependency (#39084)
  * loop-util: fully suppress unnecessary size changes
  * mountfsd: slightly relax restrictions on dir fds to mount
  * tmpfile: minor modernizations
  * cgroup-util: add pidref+full counter parts for cg_pid_get_user_unit()
  * libseccomp: turn into dlopen() dependency
  * runtime-scope: add runtime_scope_to_socket_mode() helper
  * path-lookup: add runtime_directory_generic() helper
  * service-util: add generic parser for runtime scope
  * discover-image: support runtime scope also for .nspawn settings files and the pool dir
  * machined: allow running in --user mode
  * machinectl: add support for user-scoped operation
  * machined: make image locking runtime scope aware, too
  * libmount: make dlopen() dependency
  * shutdown: move printk changing code int generic code
  * mute-console: add simple varlink service that can disable log/status spew to kernel console
  * prompt-util: add client helper for muting the console
  * firstboot: mute console while running on the console at boot
  * varlinkctl: send READY=1 for --more calls once we received first reply
  * test: add simple test case for mute-console service
  * firstboot: get rid of pointless strjoina()
  * update TODO
  * libselinux: turn into dlopen() dep
  * mute console kernel log/pid1 status output while firstboot is running (#39101)
  * pam_systemd: downgrade OSC sequence writing at close to LOG_DEBUG
  * man: document --prompt-new-user which was added back in v256
  * homectl: make querying for shell+aux groups optional in firstboot mode
  * homectl: show blue 'chrome' bar in first boot mode
  * homectl: mute console while running firstboot prompts
  * homectl: port to prompt_loop()
  * firstboot: drop waiting for key when starting
  * firstboot: optionally, don't query for keymap unless connected to a real VT
  * firstboot: don't talk about any 'new' installation
  * homectl firstboot tweaks (#39137)
  * sysctl: support reading configuration from stdin and command line arguments (#39219)
  * bootspec: also process uki-url boot loader spec field
  * nspawn: support .nspawn files in per-user mode
  * nspawn: register containers with both the system-wide and the per-user machined instance
  * json: add new json_dispatch_strv_path() helper
  * json: add generic dispatchers for version strings
  * json-util: don't use assert_return()
  * add two new json dispatchers (#39237)
  * creds: define a proper varlink type for the credential scope
  * creds: allow varlink clients to choose --with-key= like on the command line
  * test: add testcase for withKey varlink option
  * creds: add explicit control on whether to allow null key decryption
  * creds: normalize definition of "tpm2-absent" legacy key type
  * systemd-creds: varlink null key handling (#39239)
  * test-varlink-idl: add all missing IDL fragments
  * userdb: add support for looking up users or groups by uuid. (#37097)
  * update TODO
  * man: fix description of .membership files
  * docs: two clarifications for release process (#39246)
  * hwdb.d/70-mouse.hwdb: Add Nulea M501 trackball flags for USB Dongle + Bluetooth (#39241)
  * varlink: add IDL comments to basic Varlink service interface
  * pull: fix SHA256SUMS fallback for file:// URLs
  * core: if we cannot decode a TPM credential skip over it for ImportCredential=
  * creds-util: don't reference superblocks when decrypting creds
  * measure: strip tpm 1.x remnants
  * boot: check protocol version before assuming GetActiveBanks() exists
  * pam_systemd: downgrade OSC sequence writing at close to LOG_DEBUG
  * man: document --prompt-new-user which was added back in v256
  * job: shorten code
  * unit: line-break overly long parameter list + add assert()
  * core: fix status output suppression
  * mountfsd: uncomment CapabilityBoundingSet= line
  * dissect-image: turn verity device sharing into opt-in
  * dissect-image: take policy into consideration when unlocking verity, too
  * test: make sure TEST-50-DISSECT.mountfsd.sh can run standalone
  * dissect image policy tweaks (#39168)
  * xattr: add helper that detect special purpose xattrs
  * stat-util: add helper inode_type_can_hardlink()
  * stat-util: add fd_verify_symlink() helper
  * importd: port untarring logic over to libarchive
  * nspawn: register containers in both user and system machined if applicable (#39145)
  * libsystemd: drop "const" decorators on public inline functions
  * timer: rebase the next elapse timestamp only if timer didn't already run (#39296)
  * dissect-image: when autoprobing insist on vfat for XBOOTLDR
  * mountfsd: make MountDirectory() work with systemd-homed
  * importd: change untar logic to be based on libarchive rather than shelling out to gnu tar (#39143)
  * sd-varlink: add sd_varlink_is_connected()
  * varlink: move definition of varlink_hash_ops into common code
  * kmod-setup: don't load unix.ko as a module anymore
  * two small varlink additions (#39323)
  * resolved: move DNS RR/key/answer/question/packet tools to shared/
  * dns-rr: when decoding an RR from json, make class optional
  * dns-domain: make dns_name_change_suffix() work with an empty/null suffix
  * loop-util: explain why we propagate discard_max_bytes from backing block device to loopback block device
  * networkd: call networkd a "network management" rather "network configuration" tool
  * units: use Title Case for network generator description string
  * networkd: minor units to unit file Description= strings (#39386)
  * dissect-image: explain one more error
  * nsresource: add constants for the only supported UID range size allocations
  * copy: optionally apply source inode's stat() when doing a merge copy
  * copy: make copy_tree_at_full()'s 'to' parameter optional
  * install-file: add flags to handle RO and syncing failures graceful
  * importd: teach all backends --system/--user mode
  * importd: properly support operation in per-user mode
  * importctl: add --user/--system switches
  * importd: clean up how we determine image root in importd backends
  * importd: support unpacking tarballs to foreign UID range
  * importd: downgrade log message about bound capability set dropping + netns
  * tree-wide: use setenvf() more, where appropriate
  * coredump: split coredump.c into small pieces (#39351)
  * sd-device: add device_get_property_uint() helper
  * blockdev-util: rename BlockDeviceLookupFlag to plural
  * blockdev-util: in blockdev_partscan_enabled() check if we are operating on block device first
  * blockdev-util: split out partition device node generation from dissect-util.c
  * rereadpt: implement userspace-based BLKRRPART re-implementation
  * homed: switch from raw BLKRRPART to rereadpt_fd()
  * udev: switch over to rereadpt() rather than raw BLKRRPART
  * repart: split out that disarms automatic artifact removal
  * repart: switch things over to our own partition reread logic
  * tree-wide: open block device locks in writable mode
  * rm-rf: make sure we can safely remove dirs we have no access to via rm_rf_at()
  * discover-image: imply that hidden images are read-only
  * discover-image: support clone + rm operation also unpriv
  * rules: apply loopback block device rule only onto loopback block devices
  * machined: support image clone/rm operations unpriv, and make hidden images always read-only (#39408)
  * dissect: move tar make code into tar-util.[ch] and make it generic
  * export-tar: port to common libarchive tar generation code
  * main: switch explicitly to tty1 on soft-reboot
  * pull: add pretty progress bar to systemd-pull too
  * homed: always report that registered users are members of their own groups
  * pcrlock: don't lock PCR 12 by default
  * importd: port export-tar code to use the one systemd-dissect already uses (#39405)
  * os-util: add fd_is_os_tree() which is like path_is_os_tree() but operates on an fd
  * import-common: rework import_mangle_os_tree() to operate based on fd to tree
  * import: make sure image mangling works unpriv too
  * importd: support OS tree "mangling" unpriv too (#39406)
  * resolvectl: do not use strjoina() on user provided strings
  * sd-json: make sure all dispatch helpers do something sensible in case of "null" JSON value
  * sd-json: parse uid_t/gid_t as uint32_t first
  * sd-json: parse signals also in string format
  * man: add documentation for the various sd_json_dispatch_xyz() calls
  * sd-varlink: fix sd_varlink_collect() with empty replies
  * repart: use SD_JSON_BUILD_UNSIGNED for disk sizes, as we should
  * repart: move definitions + dry_run + empty fields into Context
  * repart: split out main function that ponders about placement of partitions
  * repart: if device node is specified as "-", calculate needed disk space
  * repart: add Varlink call that runs repart's engine
  * repart: send out progress information via varlink (if more flag is given)
  * repart: add knobs for automatically deferring all partitions marked as empty or for factory reset
  * repart: sort input before output parameters in varlink IDL
  * udev: introduce ID_BLOCK_SUBSYSTEM property
  * blockdev-list: switch to log_device_xyz() style logging
  * repart: report vendor/model/subsystem fields in ListCandidateDevices
  * ci: add testcases for recently added stuff
  * repart: varlink support (#39421)
  * docs: add comment about requiring the mount hierarchy to be mounted MS_SHARED
  * fileio: make filename/path argument optional in xfopenat_full(), read_full_file_full()
  * fileio: add new flag READ_FULL_FILE_VERIFY_REGULAR() that checks if file we operate on is regular
  * format-table: add field type that outputs hex values prefixed with 0x
  * conf-files: optionally truncate suffix from discovered files
  * creds-util: add automatic mode for tpm2 based creds
  * creds-util: add helper for querying system credential dirs
  * creds-util: initialize default PCR mask in encrypt_credential_and_warn()
  * pcrlock: make sure we can parse nv_index measurement records in TCG CEL
  * tpm2-util: rename tpm2_extend_bytes()→tpm2_pcr_extend_bytes() and make it take struct iovec
  * tpm2-util: make tpm2_undefine_policy_nv_index() generic
  * tpm2-util: move parse for tpm2 hash algorithms up
  * tpm2-util: add infra for allocating nvindex-based PCRs (aka "NvPCRs")
  * catalog: improve PCR extended catalog entry
  * pcrextend: make use new nvindex-based PCRs
  * pcrextend: automatically measure SMBIOS product ID at boot
  * tpm2-setup: split out SRK setup into a function of its own
  * tpm2-setup: measure "anchor" extension early at boot into nvpcrs
  * cryptsetup: automatically measure used keyslot and mechanism (i.e. fido2, tpm2, pkcs11) to an NvPCR
  * analyze: add new verb for determining NvPCR values
  * ci: never go to raw tpm device, always go via resource manager
  * ci: add some test for the new nvpcr infra
  * doc: document NvPCRs briefly
  * Add support for nvindex-based additional PCRs for TPM2, aka "NvPCRs"  (#39463)
  * kernel-install: move staging area to /var/tmp/
  * varlink-idl: add infra to test our enum parsers against varlink IDL enums
  * acl-util: add new acl_set_perm() helper
  * tar-util: include xattrs in generated tarballs
  * tar-util: recognize hardlinks when generating tarballs
  * tar-util: properly deal with sparse files
  * tar-util: add support for file flags
  * tar-util: add support for acls
  * tar-util: squash high UIDs in user mode
  * test: add test case
  * update TODO
  * chase: fix typo in log message
  * tar-util: make sure we can unpack hardlinked symlinks
  * pull-job: always implicitly NUL terminate downloaded payload stored in memory
  * pull-job: optionally take expected content length and compare it with what we are downloading
  * import: rework pull logic to store download digests in binary form rather than string
  * pull-job: optionally store an expected checksum in PullJob object
  * pull: now that PullJob can verify expected digests, let's rely on it for tar/raw pulling
  * pull: use ASSERT_PTR() to shorten code a tiny bit
  * pull: there's no need to keep the downloaded image in memory, except for the sha256sums/gpg file
  * pull-job: use http_status_etag_exists() at a second place
  * pull-job: port .payload field to struct iovec
  * import: various smaller tweaks and fixes, preparation for OCI download support in importd (#39620)
  * nsresource: allow multiple userns from the same process in parallel
  * efivars: don't bother with realloc() if we have no interest in the old data
  * efivars: fix size checks in efi_get_variable()
  * efivars: validate we are actually talking about a regular file
  * efivars: seek back to beginning in each efi_get_variable() loop
  * tree-wide: fix lseek() parameter order
  * tpm2-util: add missing entry in string table
  * tpm2-setup: measure information about NvPCR initialization to PCR 9
  * pcrextend: allow setting the event type for the event log on the command line
  * units: measure a separator event into PCR 9 after completing NvPCR initialization
  * tpm2-util: use LoaderTpm2ActivePcrBanks efi var when figuring out best+good banks to use
  * boot: report missing GetActivePcrBanks() call in formware as UINT32_MAX PCR bank mask
  * man: document that ConditionSecurity=tpm2 means full UEFI/PC Client profile support
  * units: systemd-pcrproduct.service measures into an NvPCR, fix that in Description=
  * man: add pcrproduct to man page header, too
  * update TODO
  * 5 TPM tweaks (#39712)
  * resolved: add hook api
  * machine: minor refactoring, making machine_send_signal() invocations more readable
  * machined: implement resolve hook in machined
  * sd-dhcp-server: add api to get address from hostname, based on lease data
  * networkd: add support for resolved hook for DHCP server
  * networkd: rename manager_connect_varlink() → manager_varlink_init()
  * network: make use of LocalLeaseDomain= by default
  * units: let's set a socket name for networkd rtnl socket
  * update TODO
  * test: add workaround for networkd downgrade issue
  * resolved: add ability for external programs to hook into name resolution (for machined+networkd to synthesize records) (#39293)
  * dissect-image,execute: switch root hash/root hash sig storage to struct iovec
  * iovec-util: drop redundant ()
  * update TODO
  * NEWS: first prep for v259
  * coredumpctl: remove unnecessary line break
  * repart: avoid label string clashes between LUKS superblocks and the filesystems on them
  * NEWS: mention the LUKS superblock default labelling change.
  * discover-image: support reading metadata from verity enabled DDI images, too
  * nspawn: fix flags type for chase()
  * dissect-tool: accept encryption password via $PASSWORD
  * test: add testcase for VolumeLabel=
  * nspawn: move oci code to use json_dispatch_strv_environment()
  * tmpfile-util: make sure errno is left untouched by CLEANUP_TMPFILE_AT()
  * fs-util: enable automatic access mode logic in xopenat()
  * apparmor: move dlopen() into mac_apparmor_use() check
  * apparmor-util: shortcut mac_apparmor_use() if compile-time disabled
  * docs: reference UAPI specs by their number when linked
  * man: always prefix links to uapi specs with their UAPI.XY spec number
  * dlfcn-util: let's make our dlopen() code fail if we enter a container namespace
  * nspawn: load three libraries we'll need later before we fork() a child
  * execute: load a bunch of libs before we disable dlopen()
  * pid1: pull in libmount unconditionally
  * portabled: load a bunch of libs before we fork off a dissector child processes
  * dissect-image: load library before we fork off metadata extractor child process
  * udev: load a bunch of libs before we fork off worker processes
  * repart: load libraries before forking off child
  * sysext: load libraries before forking off worker child
  * core: load libcryptsetup before forking off child that might need it
  * process-util: also disable dlopen() in safe_fork()
  * crash-handler: also disable dlopen(), just in case
  * block dlopen() once we transition into some foreign namespace (#39824)
  * nspawn: fix CI
  * Revert "nspawn: Fix broken host links for container journals"
  * dissect-image: make verity params for mountfsd_mount_image() optional
  * discover-image: use _SD_PATH_INVALID where appropriate
  * ci: split out nvpcr test, so that it runs before rest of pcrextend (#39915)
  * man: remove notes about limitations of unpriv containers that don't apply anymore
  * exec-invoke: fix type for gid
  * machined: in --user mode, restrict register access to our own UID, and that's it
  * hostname: explain a bit why hostnames should be single DNS labels, not fqdns
  * test: prefer tests with PCR 16 over PCR 11
  * tpm2-util: create leading dirs for anchor secret

  [ Henri Aunin ]
  * po: Translated using Weblate (Estonian)
  * po: Translated using Weblate (Estonian)

  [ Nick Rosbrook ]
  * oomd: calculate 'used' memory with MemAvailable instead of MemFree
  * sd-hwdb: include sys/stat.h in hwdb-internal.h
  * sd-hwdb: add sd_hwdb_new_from_path
  * hwdb: implement --root option for systemd-hwdb query
  * libsystemd-network: use udev_available()
  * nspawn: use udev_available()
  * test: copy libgcc_s.so.1 to TPM2 test image on Debian-like systems
  * core/cgroup: allow setting oomd xattrs from user manager
  * oomd: loosen the restriction on ManagedOOMPreference
  * oomd: add tests for oomd_fetch_cgroup_oom_preference
  * man: update ManagedOOMPreference entry to reflect new behavior
  * oomd: fix off-by-one when dumping kill candidates
  * pstore: do not try to load all known pstore modules
  * man: document reboot --poweroff exception
  * Add handling for /etc/default/locale to firstboot
  * oomd: always allow root-owned cgroups to set ManagedOOMPreference
  * oomd: fix unreachable test case in test-oomd-util
  * test: make sure mount point exists in testsuite-64.sh
  * test: handle Debian's /etc/default/locale in testsuite-74.firstboot.sh
  * oomd: only check prefix_uid when uid != 0
  * man: clarify ManagedOOMPreference documentation
  * oomd: fix doc comment for oomd_fetch_cgroup_oom_preference
  * test-id128: simplify machine-id check
  * test-fs-util: skip part of test_chase_symlinks if machine-id is not initialized
  * test-unit-name: simplify machine-id check
  * test-load-fragment: simplify machine-id check
  * journal: skip part of test-journal-interleaving if no machine-id exists
  * udev/net: allow new link name as an altname before renaming happens
  * sd-netlink: do not swap old name and alternative name
  * sd-netlink: restore altname on error in rtnl_set_link_name
  * udev: attempt device rename even if interface is up
  * sd-netlink: add a test for rtnl_set_link_name()
  * test-network: add a test for renaming device to current altname
  * debian/tests: remove systemd-fsckd autopkgtest
  * scope: do not disable timer event source when state is SCOPE_RUNNING
  * test: add some tests for RuntimeMaxSec
  * basic/audit-util: make a test request before enabling use of audit
  * tree-wide: fix typos of "boottime"/"BOOTTIME"
  * debian: ship libsystemd.a in libsystemd-dev
  * autopkgtest: add build test for static libsystemd
  * debian/rules: build with -ffat-lto-objects
  * cgroup-util: add cg_is_delegated helper
  * core: add CoredumpReceive= setting
  * coredump: store crashing process UID and GID in Context
  * process-util: introduce namespace_get_leader helper
  * coredump: add support for forwarding coredump to containers
  * test: add a test for container support in coredump
  * man: move NFTSec= entry to "Network Accouting and Control" section
  * man: document CoredumpReceive= setting
  * nspawn: set CoredumpReceive=yes on container's scope when --boot is set
  * nspawn: check if we can set CoredumpReceive= before doing so
  * firstboot: remove /etc/localtime on --reset
  * debian/tests/control: add Depends: mdadm lvm2 for TEST-64-UDEV-STORAGE
  * debian/tests/upstream: drop blacklist support
  * test: skip test_exec_networknamespacepath if netns setup fails
  * test: skip TEST-43-PRIVATEUSER-UNPRIV if unprivileged userns is restricted
  * test: skip a systemd-run test if unprivileged userns is restricted
  * test-execute: skip tests that are broken without unprivileged userns
  * test: check for kernel.apparmor_restrict_unprivileged_userns
  * shared/install: correctly install alias for units outside search path
  * copy: ignore -EOPNOTSUPP from copy_file_range()
  * debian/extra: set ManagedOOMSwap=auto on -.slice
  * debian/extra: use a drop-in resolved.conf to configure Cache=no-negative
  * debian/extra: use a dropin to configure Nice=-1 on systemd-journald.service
  * debian/rules: use CONFFLAGS_DISTRO to set Ubuntu-specific build options
  * debian/rules: fix installation of resolved.conf.d/cache-no-negative.conf
  * man: add a bit of a warning to systemd-tmpfiles --purge
  * test: skip test-cgroup-id on ENOSYS from cg_cgroupid_open
  * Move systemd-time-wait-sync to systemd-timesyncd package
  * update changelog
  * d/t/boot-and-services: skip test_tmp_cleanup if tmp.mount is overridden
  * d/t/boot-and-services: fix a couple python sytax warnings
  * d/t/upstream: ensure correct ubuntu codename is used
  * d/t/control: add Depends: lib{systemd,udev}-dev for upstream
  * sysusers: check if requested group name matches user name in queue
  * core/unit: do not use unit path cache in unit_need_daemon_reload()
  * initramfs-tools: ensure rules file exists before invoking chzdev
  * d/t/upstream: honor /etc/apt configured by autopkgtest
  * d/rules: mask systemd-gpt-auto-generator on Ubuntu
  * d/systemd.postinst: do not restart systemd-binfmt.service if masked
  * varlinkctl: do not clobber format flags in verb_call
  * varlinkctl: set SD_JSON_FORMAT_FLUSH when --more is set
  * test: set nsec3-salt-length=8 in knot.conf
  * test: set nsec3-salt-length=8 in knot.conf
  * d/t/tests-in-lxd: run some tests under LXD
  * debian/tests/boot-and-services: drop test_no_failed
  * debian/control: add Breaks: systemd (<< ${binary:Version}) for udev
  * d/control: make systemd-sysv Depends: on matching version of systemd
  * d/systemd-resolved.postinst: copy existing /etc/resolv.conf on new installs
  * test: skip TEST-69-SHUTDOWN on ubuntu too
  * test: skip TEST-69-SHUTDOWN on ubuntu too
  * d/t/tests-in-lxd: fix autopkgtest source dir
  * d/t/tests-in-lxd: use correct lxc image for debian
  * udev: add systemd tag to devices tagged with security-device
  * resolve: rename varlink_subscription -> varlink_query_results_subscription
  * varlink-util: add varlink_many_notify
  * resolved: add a helper to check if DNS server is accessible
  * resolved: add link_get_default_route helper
  * udev: add input/by-{id,path} symlinks for hidraw devices
  * resolved: add SubscribeDNSConfiguration to varlink API
  * wait-online: add support for waiting for DNS configuration
  * test: cleanup after testcase_12_resolvectl2
  * test: add test for resolved SubscribeDNSConfiguration API
  * networkd-test: add basic tests for systemd-networkd-wait-online --dns
  * tree-wide: remove some spurious newlines
  * test: cleanup after testcase_12_resolvectl2
  * d/rules: fix bpftool path discovery on ubuntu
  * initramfs-tools: copy hwdb.bin to initramfs
  * d/t/tests-in-lxd: skip test on any setup error
  * Add myself to Uploaders
  * polkit: fix the ordering of a log message
  * login: handle -EALREADY from bus_verify_polkit_async_full()
  * login: add polkit example rules for allowing root to ignore inhibitors
  * polkit: use -EBUSY to indicate shortcut after error or denial
  * polkit: fix the ordering of a log message
  * resolved: support socket activation via varlink sockets
  * wait-online: attempt to re-connect after varlink disconnects
  * test: add a test for resolved and wait-online interactions
  * d/systemd-resolved.install: install new socket units for upstream profile
  * networkd-test: stop resolved socket units in setUpModule()
  * shared: add optional error parameter in bus_print_all_properties()
  * timedate: print better errors when systemd-timesyncd.service unavailable
  * resolve: include DNSSEC and DNSOverTLS modes in dumps
  * resolve: re-create link unicast scopes on reload
  * test: use numeric prefixes in resolved.conf.d overrides
  * test: ensure that reload updates DNSSEC and DNSOverTLS on link scopes
  * basic: validate timezones in get_timezones()
  * kernel-install: skip 55-initrd.install when an initrd generator is configured
  * resolve: add {global,link}_dns_configuration_json_append() helpers
  * resolve: add delegate info to DNSConfiguration
  * resolve: add negative trust anchors to DNSConfiguration
  * resolve: add DNS scope info to DNSConfiguration
  * resolve: add all protocol modes to DNSConfiguration
  * resolve: add resolv.conf mode to DNSConfiguration
  * resolve: add fallback servers list to DNSConfiguration
  * resolve: add formatted address string to DNSServer
  * wait-online: dispatch DNSConfiguration with SD_JSON_ALLOW_EXTENSIONS
  * wait-online: ignore unused DNSConfiguration fields when dispatching JSON
  * resolve: add DumpDNSConfiguration to varlink API
  * resolvectl: implement --json flag for resolvectl status
  * test: expand testcases to include resolvectl --json usage
  * d/t/boot-and-services: tweak test_rsyslog regex
  * d/t/boot-and-services: run transient unit to check syslog messages
  * d/t/boot-and-services: skip apparmor test on armhf
  * d/rules: enable 10-systemd-logind-root-ignore-inhibitors.rules.example on Ubuntu
  * test: wait for interface to come online before checking DNS scopes
  * test: increase timeout waiting for zone DS records setup
  * test: adjust timeouts for testcase_15_wait_online_dns
  * kernel-install: skip 55-initrd.install when an initrd is already staged
  * test: skip test-reread-partition-table if missing privileges
  * d/extra/dbus-1: rename systemd-localed-read-only.conf
  * d/t/tests-in-lxd: re-construct --pin-packages arguments for autopkgtest
  * mkosi: use qemu from noble-proposed instead of ppa

  [ 0x06 ]
  * hwdb: Add ACCEL_MOUNT_MATRIX for variant of TERRA PAD 1061
  * hwdb: Fix ACCEL_MOUNT_MATRIX for Lenovo Ideapad MIIX 310-ICR (#40067)

  [ David Santamaría Rogado ]
  * hwdb: keyboard: D330 FnLk toggle
  * hwdb: sensor: Remove Lenovo IdeaPad D330 accel mount matrix
  * hwdb: sensor: Add HP OmniBook Ultra Flip 14 accel mount matrix (#40076)
  * hwdb: sensor: Remove Lenovo IdeaPad Duet 3 accel mount matrix (#40075)

  [ Daan De Meyer ]
  * nspawn: Enable specifying root as the mount target directory.
  * nspawn-mount: Remove unused parameters
  * nspawn: Only bind-mount directory when necessary.
  * nspawn-mount: Use FLAGS_SET to check flags.
  * nspawn-network: Split off udev checking from parse_interface.
  * nspawn: Move --network-interface interfaces back to the host.
  * nspawn: Don't mount read-only if we have a custom mount on root.
  * nspawn: Make a custom mount on root imply --read-only.
  * wait-online: Add maximum operational state option
  * wait-online: Support waiting for interfaces to disappear
  * sd-bus: Add sd_bus_set_fd documentation along with some cleanups.
  * sd-bus: Remove unused man cite of `sd_bus_slot_new_signal`.
  * sd-bus: Add sd_bus_method_call/sd_bus_method_call_async docs + cleanups.
  * sd-bus: sd_bus_call/sd_bus_call_async_docs + cleanups.
  * sd-bus: sd_bus_set/get_method_call_timeout docs + cleanups.
  * sd-bus: add sd_bus_message_seal docs + cleanups
  * sd-bus: Add sd_bus_reply_method_return docs + cleanups
  * Silence Wstring-plus-int warning when using clangd with GCC.
  * sd-bus: Add sd_bus_send docs + cleanups.
  * sd-bus: Add sd_bus_slot_get_current_* docs
  * sd-bus: Fix pointer alignment
  * sd-bus: Wrap add_object_vtable docs at 100 columns
  * sd-bus: Fix typos in sd_bus_add_object_vtable docs
  * sd-bus: Add sd_bus_add_object and callback docs
  * sd-bus: Add note about sd_bus_reply_method_return to SD_BUS_METHOD docs
  * sd-bus: Add sd_bus_get/set_priority docs + fixes
  * sd-bus: sd_bus_call docs improvements
  * sd-bus: Deprecate priority functions
  * sd-bus: remove unused priority logic
  * sd-bus: sd_bus_message_append fixes
  * sd-bus: Add sd_bus_get/set_property docs
  * meson: Exclude more deprecated functions from check-api-docs
  * sd-bus: Fix sd_bus_close.xml line wrapping
  * sd-bus: Add sd_bus_can_send docs
  * sd-bus: Use pointer syntax for sd_bus_set_exec argv parameter
  * sd-bus: Add sd_bus_set_exec docs
  * man: review of import1(5)
  * man: fixes from online review
  * D-Bus docs: Use method instead of call
  * sd-bus: Add sd_bus_add_filter docs
  * sd-bus: Add sd_bus_add_object_manager docs
  * D-Bus docs: systemd1 fixes
  * sd-bus: Add sd_bus_set_server, sd_bus_get_bus_id docs
  * sd-bus: sd_bus_add_object docs fixes
  * sd-bus: Add sd_bus_add_node_enumerator docs
  * sd-bus: Small sd_bus_add_object_manager docs fix
  * sd-bus: Add sd_bus_emit_* docs
  * sd-bus: Add sd_bus_get_current_* docs
  * sd-bus: sd_bus_get_current_* docs fixes
  * sd-bus: Add sd_bus_is_server + sd_bus_set/is_bus_client docs
  * sd-bus: Add sd_bus_get/set_exit_on_disconnect docs
  * sd-bus: Small sd_bus_set_server doc fix
  * sd-bus: Rewrap sd_bus_get_fd docs
  * sd-bus: sd_bus_get_fd docs typo fix
  * sd-bus: Rewrap sd_bus_set_description docs
  * sd-bus: Add sd_bus_get_scope/tid/unique_name docs
  * sd-bus: Rewrap sd_bus_set_close_on_exit + small fixes
  * sd-bus: Rewrap sd_bus_set_server docs at 109 columns
  * sd-bus: Add sd_bus_set/is_monitor docs
  * sd-bus: Add sd_bus_list_names docs
  * sd-bus: Add sd_bus_message_read_strv docs
  * sd-bus: Clarify sd_bus_list_names results ownership
  * sd-bus: Add sd_bus_message_at_end docs
  * sd-bus: Add sd_bus_get/set_allow_interactive_authorization docs
  * sd-bus: Add sd_bus_message_get_error/errno docs
  * sd-bus: Fix typo in sd_bus_message_append_array docs
  * sd-bus: Add sd_bus_message_open/close/enter/exit_container docs
  * sd-bus: Add sd_bus_message_peek_type docs
  * sd-bus: Add sd_bus_send_to docs
  * sd-bus: Add sd_bus_get_name_machine_id docs
  * sd-bus: Add sd_bus_message_get_creds docs
  * sd-bus: Add sd_bus_get_name/owner_creds docs
  * sd-bus: Cite sd_bus_creds_unref in sd_bus_get_name_creds docs
  * sd-bus: Add sd_bus_get_creds_mask docs
  * sd-bus: Add sd_bus_query_sender_creds/privilege docs
  * sd-bus: Add a nicer way of specifying sd-bus vtable method arguments
  * resolved: Break include cycles
  * resolved: Fix build error due to missing include.
  * Merge pull request #15910 from poettering/tmpfiles-pstore-tweak
  * firstboot: Don't check twice if /etc/shadow exists
  * sysusers: Move sync_rights and rename_and_apply_smack to basic
  * fileio: Refactor sync_rights to take fds as arguments
  * fileio: Rename rename_and_apply_smack to rename_and_apply_smack_floor_label.
  * firstboot: Add --force option
  * firstboot: Add --delete-root-password option
  * Remove systemd-firstboot --force entry from TODO
  * firstboot: Add --root-password-hashed option
  * firstboot: Add --kernel-command-line option
  * Merge pull request #15975 from mgub/patch-1
  * Merge pull request #15958 from layderv/master
  * update NEWS
  * Merge pull request #15993 from mrc0mmand/news-update
  * Merge pull request #16033 from poettering/parse-int-fixlets
  * Merge pull request #16104 from ssahani/dhcpv6-iaid
  * resolved: Don't complain too much when downgrading from EDNS
  * resolved: Log the feature level we're downgrading from as well
  * networkd: Add missing match_wlan_iftype check to network_verify
  * log: Prefer logging to CLI unless JOURNAL_STREAM is set
  * mkosi: Keep mkosi.default out of the repository.
  * mkosi: Update help comment in settings files
  * firstboot: Tighten up passwd/shadow handling
  * firstboot: Add --root-shell option
  * Get SOURCE_EPOCH from the latest git tag instead of NEWS
  * firstboot: Check if the given shell exists
  * firstboot: Update help string with --root-shell options
  * nspawn: Fix incorrect usage of putenv
  * bootctl: Remove dependency on machine-id.
  * kernel-install: Add fallback to "Linux" if no machine-id is found
  * kernel-install: Use "Default" as fallback instead of "Linux"
  * kernel-install: Reuse $BOOT/Default if it already exists
  * Don't run test-repart when loop devices are not available
  * Merge pull request #16898 from poettering/resolved-errno
  * Merge pull request #17233 from poettering/nspawn-reopen-fix
  * Merge pull request #17239 from ferivoz/typos
  * clang-format: set SpaceBeforeParens to ControlStatementsExceptForEachMacros
  * mkosi: Replace iptables-dev with libiptc-dev in debian config
  * mkosi: Add rpm to Fedora BuildPackages as it's needed by pkg-config
  * mkosi: Add findutils to Fedora config
  * CI: Add mkosi boot tests
  * Don't assume /run/systemd exists when creating unit-root
  * mkosi: Use meson install instead of ninja install in build script
  * mkosi: Remove bash -x option from mkosi.build
  * mkosi: Add --quiet and --no-rebuild options to meson install in mkosi.build
  * mkosi: Remove explicit default_hierarchy=unified option from mkosi.build
  * mkosi: Silence locale checking in mkosi.build
  * meson: Respect MESON_INSTALL_QUIET
  * mkosi: Enable --qemu-headless option for all distros
  * Silence cgroups v1 read-only filesystem warning
  * mkosi: Add gdb to final images
  * mkosi: Add strace to final images
  * mkosi: Use --only-changed meson option when installing
  * mkosi: Add basic editors to final images
  * CI: Update to mkosi github action to v9
  * Enable more mkosi options
  * mkosi: Enable HostonlyInitrd option
  * Move shared mkosi settings to a single file in mkosi.default.d/
  * networkd: Enable IPv6SendRA on builtin network files
  * mkosi: Enable InstallDirectory and SourceFileTransferFinal options
  * mkosi.build: Silence "Entering directory" message from ninja
  * mkosi.build: Only create groups if they don't exist yet
  * Merge pull request #18182 from DaanDeMeyer/mkosi-build-pushd
  * meson: Optimize add-wants targets
  * meson: Add option to disable translations
  * mkosi: Disable translations
  * Merge pull request #18198 from yuwata/trivial-cleanups
  * mkosi: Only reset file permissions when $SRCDIR is not a mountpoint
  * meson: Use configure_file when version-tag is specified
  * mkosi: Allow setting version-tag option via VERSION_TAG env variable
  * docs: Add a section to HACKING.md on using mkosi and clangd together
  * docs: Update HACKING.md with the mkosi boot/qemu commands + options
  * mkosi: Pass build script arguments to ninja
  * meson: Fix update-man-rules when the build dir is not a subdir of the project dir
  * sd-bus: Add sd_bus_reply()
  * Merge pull request #18407 from keszybz/resolved-reference-counting-again
  * mkosi: Add a postinstall script to setup .gdbinit.
  * resolve: Add GetMulticastHosts() D-Bus method
  * tree-wide: Drop custom formatting for print() help messages
  * resolve: Add show-multicast verb
  * sd-boot: Make internal functions static
  * sd-boot: Add missing includes
  * boot: Move Secure Boot logic to new file
  * boot: Enable C99
  * boot: Turn all guid constants into C99 compound initializers
  * boot: Make all efivar util functions take the guid as an argument
  * boot: Add efivar_get_boolean_u8()
  * boot: Tighten scope of variables used in loops
  * boot: Rename efivar_get/set_int() to efivar_get/set_uint_string()
  * boot: Add  efivar_get/set_uint64_le() functions
  * boot: Replace raw efivar gets with typed variants
  * boot: Fix void pointer arithmetic warning
  * boot: Drop unnecessary braces
  * boot: Add startswith() and endswith() functions with no_case variants
  * boot: Replace efivar_set() persistent argument with flags argument
  * Merge pull request #18516 from systemd/revert-18515-temporarily-pin-arch-repos
  * boot: Move console declarations to missing_efi.h
  * udev: Support "max" string for BufferSize options (#20458)
  * sd-bus: Return detailed (sd-buscntr) error from bus_container_connect_socket()
  * sd-bus: Improve (sd-buscntr) error logging
  * udev: Add support for configuring nic coalescing settings
  * link: Stop prefixing features with "the"
  * link: Add support for rx-gro-hw nic feature
  * docs: Add documentation on how to use VSCode to debug systemd via mkosi
  * core: Remove circular include
  * core: Check unit start rate limiting earlier
  * core: Add information on which condition failed to job skipped format string
  * core: Add information on which condition failed to the job done message
  * mkosi: Add man-db to arch packages
  * mkosi: Install bash-completion in Arch image
  * mkosi: Add zsh to Arch packages
  * shared: Extract common LogControl CLI code to verb-log-control.h
  * core: Parse log environment settings again after applying manager environment
  * sd-journal: Don't compare hashes from different journal files
  * sd-journal: Ignore data threshold if set to zero in sd_journal_enumerate_fields()
  * oom: Add missing sd-bus.h include
  * oom: Introduce process_managed_oom_message()
  * core: Introduce build_managed_oom_cgroups_json()
  * oom: Add support for user unit ManagedOOM property updates
  * mkosi: Fix CI
  * mkosi: Remove build script umask workaround
  * coredump: Don't log an error if D-Bus isn't running
  * coredump: Add --all option
  * mkosi: Add number prefixes to per-distro files for easier overriding
  * Ignore local files in subdirectories of mkosi.default.d/ as well
  * journal: Add log level argument to journal_file_rotate_suggested()
  * docs: Fix value for "processId" in HACKING doc
  * journal: Add two more log messages to journal_file_rotate_suggested()
  * journal: Expand rotate log messages in journald
  * CI: disable opensuse mkosi CI
  * docs: Clean up links in HACKING.md
  * docs: Simplify git instructions in HACKING slightly
  * docs: Remove mkosi symlink instruction from HACKING
  * docs: Extend builddep instructions to include more distros
  * docs: Make mkosi install instructions generic
  * docs: Specify code block language for mkosi boot instructions
  * basic: Make ret_names param to unit_file_find_fragment() optional
  * core: Try to prevent infinite recursive template instantiation
  * mkosi: Install less in the mkosi Fedora image
  * core: Move 'r' variable declaration to start of unit_start()
  * core: Delay start rate limit check when starting a unit
  * mkosi: Add netcat to fedora image
  * Merge pull request #21209 from yuwata/veth-peer-mtu
  * core: Propagate condition failed state to triggering units.
  * getty: Pass tty to use by agetty via stdin
  * exec: Add TTYRows and TTYColumns properties to set TTY dimensions
  * meson: Downgrade unused function from error to warning in local builds
  * journal: Use consistent naming for iovec in audit logic
  * journal: Use mf as variable name for MapField
  * journal: Don't discard kmsg messages coming from journald itself
  * journal: Skip over corrupt entry items in enumerate_data()
  * journal: Use separate variable for Data object in sd_journal_get_data()
  * journal: Skip corrupt Data objects in sd_journal_get_data()
  * journal: Use size_t instead of unsigned for array sizes
  * journal: Use more structured initialization
  * journal: Simplify definition of HEADER_INCOMPATIBLE_SUPPORTED
  * journal: Add journal_file_object_to_string()
  * journal: Add verify_hash_table()
  * journal: Limit the number of audit fields per log message
  * Merge pull request #21452 from vcaputo/mmap-cache-fd
  * basic: Give architecure enum a name
  * gpt: Rename PPC64LE TO PPC64_LE
  * basic: Rename SECONDARY_ARCHITECTURE to ARCHITECTURE_SECONDARY
  * gpt: Store the architecture in GptPartitionType
  * gpt: Store the partition type in GptPartitionType
  * shared: Add support for non-native architectures to dissect_image()
  * journal: Don't allow creating invalid objects
  * mkosi: Install sd-boot using postinst script instead of in build script
  * journal: Add more information to --verify error messages
  * journal: Remove entry seqnum revert logic
  * journal: Deduplicate entry items before they are stored in the entry object
  * journal: Add journal_file_read_object()
  * journal: truncate archived journals
  * journal: punch holes in unused parts of entry arrays when archiving
  * journal: Introduce journald-file.c for journal file write related logic
  * journal: Move offlining logic to journald-file.c
  * mkosi: Add e2fsprogs to installed packages for Fedora
  * mkosi: Add compsize to list of installed packages on Fedora
  * journal: Update the JournalFile path when archiving
  * basic: Make sure we're extra paranoid in chattr_full
  * journal: Fix disabling NO_COW on btrfs filesystems
  * Merge pull request #21527 from vcaputo/journal-file-mfd-centric
  * docs: Clarify that the fd store is discarded when a service is stopped
  * Merge pull request #21637 from nabijaczleweli/EBA
  * NEWS file additions
  * mkosi: Build Fedora 35 images
  * process-util: Fix memory leak
  * kernel-install: Remove "Default" from list of suffixes checked
  * journal: Add a minimum hole size for hole punching
  * journal: Correctly advance offset when iterating hash table entries
  * journal: Use 16kb buffer during hole punching
  * journal: Stop reading in increments of block size during hole punching
  * kernel-install: Introduce KERNEL_INSTALL_MACHINE_ID in /etc/machine-info
  * Revert "core: Propagate condition failed state to triggering units."
  * core: Add trigger limit for path units
  * Merge pull request #21818 from bluca/path_trigger_limit
  * Merge pull request #21807 from keszybz/bootcls-no-autodetect
  * journal: Handle partially read HashItem's when punching holes
  * shared: Remove remaining usages of GPT_ROOT_NATIVE, GPT_USR_NATIVE from dissect-image.c
  * journal: Log a better message when we're rotating because a file is full
  * journal: Log filename when we fail to write an entry
  * journal: Remove unused arguments from journal_file_next_entry_for_data()
  * journal: Skip data objects with invalid offsets
  * journal: Don't discard -b arg when followed by -e
  * journal: Fix entry array iteration corruption checks
  * shared: Copy holes in sparse files in copy_bytes_full()
  * journal: Copy holes when archiving BTRFS journal files
  * meson: Add missing test dependencies
  * shared: Ensure COPY_HOLES copies trailing holes
  * journal: Use offsetof(Object, ...) to retrieve object field offsets
  * journal: Log error when keyed hash env variable cannot be parsed
  * journal: Pass data objects to journal_file_move_to_entry_..._for_data() functions
  * journal: Only move to objects when necessary
  * journal: Use ret_offset everywhere in journal-file.h
  * journal: Fail gracefully when linking a new entry
  * journal: Invert verify entry <=> data consistency checks
  * journal: Inline loop variable
  * journal: Stop comparing hash values from entry items against data objects
  * journal: stat journal file after truncating
  * journal: Truncate file instead of punching hole in final object
  * Merge pull request #22283 from yuwata/sd-device-suppress-log
  * shared: Handle filesystems that don't support hole punching in COPY_HOLES
  * boot: Don't require a machine ID to be available
  * journal: Rename JournaldFile to ManagedJournalFile
  * journal: Fix upwards iteration of entry items in case of corruption
  * journal: Improve handling of corruption during upwards entry iteration
  * Merge pull request #22366 from poettering/journal-file-punch-fix
  * test: Stop using TextTestRunner in systemd-networkd-tests.py
  * mkosi: Support running systemd-networkd-tests.py in QEMU
  * test: Skip test_macsec() until kernel panic is fixed
  * test: Prefix all network/netdev config files used by systemd-networkd-tests.py
  * mkosi: Add more packages required to run systemd-networkd-tests.py
  * systemctl: Show how long a service ran for after it exited in status output
  * meson: Drop required libfdisk version to 2.32
  * mkosi: Remove Arch nspawn workaround
  * mkosi: Add centos_epel config
  * shared: Add more dlopen() tests
  * mkosi: Add CentOS Stream 9
  * bpf: Log at debug when checking if restricting ifaces is supported
  * bpf: Fix error handling
  * Merge pull request #22857 from poettering/journal-file-flags
  * analyze: Fix verify exit status regression
  * namespace-util: Fix typo
  * Merge pull request #23124 from yuwata/fixes-for-post-merge-review
  * journal: Only move to object if requested
  * journal: Document generic_array_bisect()
  * mkosi: Update to latest commit
  * kernel-install: Skip execution if $KERNEL_INSTALL_BYPASS=1
  * docs: Clarify where options are read from
  * nspawn: Set LANG to C.UTF-8
  * journal: Use header macros everywhere instead of JournalFile fields
  * tmpfiles: Split networkd entries into a separate file
  * meson: Sort lines in tmpfiles.d/meson.build
  * sd-network: Keep inotify watch if watch descriptor didn't change
  * basic: Add some missing headers to compress.h
  * journal: Make journal_default_metrics() static
  * core/device: Use DEVICE_NOT_FOUND instead of 0.
  * core/device: Add sysfs argument to device_process_new()
  * core/device: Log on every event received from udev
  * core/device: Log if we fail to open a device
  * core/device: Log when we skip device unit creation for symlink
  * core/device: Log when we can't retrieve SYSTEMD_ALIAS property
  * core/device: Improve device_dispatch_io() logging messages
  * core/device: Add logging to device_is_ready()
  * shared: Fix memory leak in bus_append_execute_property()
  * core: Return 1 from unit_add_dependency() on success
  * core: Add trace logging to mount_add_device_dependencies()
  * portable: Remove unnecessary assert()
  * sd-bus: Fix introspect memory leak
  * coredump: Fix format string type mismatch
  * dissect-image: Explicitly remove partitions when done with image
  * portable: Fix memory leak in maybe_enable_disable()
  * meson: Switch default-locale default to C.UTF-8
  * shared: Rename pcre2-dlopen.h/c to pcre2-util.h/c
  * journalctl: Use STATIC_DESTRUCTOR_REGISTER()
  * Merge pull request #23645 from DaanDeMeyer/journalctl-static-destructor
  * basic: Propagate SIGBUS signal info when re-raising signals
  * meson: Add nspawn-locale meson option
  * meson: Build with frame pointers in developer mode
  * mkosi: Update CI to mkosi 13
  * mkosi: Pull in fix that solves action mirror issue
  * Merge pull request #23836 from yuwata/journal-file-check-object-header
  * journal: Fix missing parenthesis
  * meson: Assign tests a suite based on their directory
  * firstboot: Don't skip passwd/shadow logic if only one of the files exists
  * journal: Make sd_journal_previous/next() return 0 at HEAD/TAIL
  * mkosi: Update to latest release
  * nspawn: Drop unnecessary intermediate variable
  * nspawn: Rewrap --overlay docs
  * nspawn: Support relative source paths for --bind and --overlay
  * Add coredump daemons to bug/RFE template component options
  * Add systemd-hwdb to bug/RFE templates
  * coredump: Connect stdout/stderr to /dev/null before doing anything
  * coredump: Try to write journald coredump metadata to the journal
  * mkosi: Install xxd in images
  * mkosi: Don't try to install systemd-boot in non-efi images
  * mkosi: Enable meson developer mode
  * mkosi: Fix build script indentation
  * mkosi: Update Ubuntu config to 22.04
  * mkosi: Changes to allow booting with sanitizers in mkosi
  * mkosi: Remove usage of deprecated option names/sections
  * mkosi: Silence gdb debuginfo messages/prompts
  * tree-wide: Introduce free_and_replace_full()
  * journal: Move more pattern matching logic into pcre2-util
  * mkosi: Build against Fedora rawhide as well
  * mkosi: Update to latest commit
  * Merge pull request #24080 from rdtscp/feature/machinectl/copy-force-flag
  * units: Simplify container getty handling
  * mkosi: Update to latest commit
  * mkosi: Update to latest
  * repart: Remove unnecessary newlines from JSON output
  * blockdev-util: Introduce fd_get_whole_disk()
  * blockdev-util: Introduce block_device_add/remove_partition()
  * loop-util: Add loop_device_unrelinquish()
  * blockdev-util: Add block_device_remove_all_partitions()
  * dissect: Add systemd-dissect --umount
  * man: Clarify that tools should prefer mount units over editing fstab
  * repart: Only lock block device once
  * mkosi: Use mkosi.output/ as output directory by default
  * mkosi: Don't use InstallDirectory by default
  * mkosi: Update to latest commit
  * docs: Recommend pkexec over using an askpass program with sudo
  * docs: Add guide to debug binaries in vscode that need to run as root
  * mkosi: Update to latest commit
  * mkosi: Drop workarounds
  * mkosi: Install tests in final image
  * mkosi: Ensure we build all features/components in mkosi
  * journal: Add new _INITRD field
  * Merge pull request #24561 from yuwata/loop-util-follow-ups
  * repart: Add support for setting a partition's UUID to zero
  * repart: Extract context dump into a separate function
  * repart: Invert no_dropin_files boolean
  * repart: Add support for formatting verity partitions
  * update TODO
  * Merge pull request #24703 from yuwata/dissect-image-verity-partition-make-fail
  * Merge pull request #24710 from yuwata/test-50-dissect-cleanups
  * Merge pull request #24691 from yuwata/udev-node-check-existence
  * Merge pull request #24720 from yuwata/dissect-image-take-reference
  * Merge pull request #24731 from yuwata/sd-device-opendir
  * repart: Rename fs to root in do_copy_files() and do_make_directories()
  * mkosi: Set ExtraSearchPaths=build/ by default
  * Merge pull request #24522 from yuwata/core-device-drop-nonexistent-devlink-unit
  * shared: Add squashfs support to make_filesystem()
  * Merge pull request #24751 from medhefgo/stub-x86
  * repart: Add squashfs support
  * systemctl: Improve link directory separator error message
  * shared: Add specifier_id128() and specifier_uuid()
  * systemctl: Fix style nit
  * shared: Add specifier_uint64()
  * shared: Add GPT_PARTITION_TYPE_UUID_TO_STRING_HARDER()
  * repart: Add --split option to generate split artifacts
  * Merge pull request #24746 from DaanDeMeyer/repart-split
  * Merge pull request #24797 from yuwata/networkctl
  * repart: Extend squashfs logic to all read-only filesystems
  * shared: Don't try to generate read-only filesystem that we don't support
  * repart: Rename context_verity() to context_verity_hash()
  * repart: Improve missing libcryptsetup error message
  * repart: Rename verity integration test definition files
  * dissect: Log when we fail to load the verity signature partition
  * test: Install openssl 3 extra library dependencies
  * dissect: Process verity sig partitions if a root hash is specified
  * basic: Add strgrowpad0()
  * docs: Mention that "certificateFingerprint" source should be in DER
  * openssl-util: Allow declaring openssl struct pointers without openssl
  * openssl-util: Add x509_fingerprint()
  * repart: Add support for generating verity sig partitions
  * Merge pull request #24635 from DaanDeMeyer/repart-verity-sig
  * Merge pull request #24837 from yuwata/kernel-install
  * mkosi: Drop kernel-modules-extra from Fedora config
  * mkosi: Use SourceFileTransfer=mount
  * mkosi: Optionally build a kernel image from mkosi.kernel/
  * repart: Don't fail on missing verity sig partition
  * repart: Take --root into account in read only filesystems shortcut
  * repart: Use chase_symlinks() instead of path_join()
  * repart: Drop usage of CHASE_WARN
  * Bump libbpf version to 0.7
  * libbpf: Remove use of deprecated APIs
  * Try to load libbpf.so.1 as well
  * journal: Add compact mode
  * journal: Enable compact mode
  * journal: Run unit tests with and without compact mode enabled
  * journal: Don't allocate objects above UINT32_MAX in compact mode
  * journal: Use 32-bit entry array offsets in compact mode
  * journal: Use 32-bit entry item object offsets in compact mode
  * journal: Introduce journal_file_data_payload()
  * journal: Store offsets to tail entry array objects in chain
  * journal: Add --convert= command to journalctl
  * Revert "journal: Add --convert= command to journalctl"
  * Merge pull request #24595 from rphibel/support-image-option-in-systemctl-and-coredumpctl
  * Merge pull request #24629 from DaanDeMeyer/mkosi-kernel
  * logs-show: Always retrieve the boot ID from the entry
  * meson: Fix pcrphase unit conditions
  * test-journal-flush: Don't fail on EADDRNOTAVAIL
  * cryptsetup-util: Always define dlopen_cryptsetup()
  * repart: Always define VerityMode from/to string functions
  * qrcode-util: Add support for libqrencode 3.0
  * mkosi: Reenable bpf-framework
  * README: Fix libbpf minimum version
  * mkosi: Make sure bpf-framework works on CentOS Stream 8 as well
  * mkosi: Add Centos Stream 8 back to CI
  * mkosi: Switch to Fedora 37
  * Update TODO
  * man: Mention that journal file size is capped to 4G in compact mode
  * condition: Check that subsystem is enabled in ConditionSecurity=tpm2
  * namespace: Add hidepid/subset support check
  * mkosi: Add back libasan/libubsan libraries
  * mkosi: Build and install kernel selftests
  * tmpfile-util: Introduce mkdtemp_open()
  * tmpfile-util: Add fopen_temporary_at()
  * path-util: Add path_make_relative_cwd()
  * chase-symlinks: Add chase_symlinks_at()
  * fs-util: Add chown_and_chmod_at()
  * mkdir: Add mkdirat_safe()
  * mkdir: Add mkdirat_parents()
  * fileio: Add openat() like helpers
  * rm-rf: Add rm_rf_physical_and_close()
  * test-copy: Rework test_copy_tree_replace_dirs() to use new openat() helpers
  * stat-util: Move inode_hash_ops to stat-util
  * copy: Support passing a deny list of files/directories to not copy
  * gpt: Replace bitfields with designator field in GptPartitionType
  * gpt: Add gpt_partition_type_mountpoint_nulstr()
  * repart: Don't descend into directories assigned to other partitions
  * repart: Add integration test for #24678
  * log: Use ##__VA_ARGS__ in ratelimit log macros
  * log: Add log_ratelimit_full()
  * log: Add ratelimit argument to ratelimit log macros
  * log: Add shorthands for log_ratelimit_full()
  * journal: Ratelimit more journald log messages
  * tmpfile-util: Add missing assert
  * path-util: Drop path_make_relative_cwd()
  * chase-symlinks: Drop unnecessary if
  * fs-util: Add missing assert to chmod_and_chown_at()
  * test-copy: Stop using rm_rf_physical_and_close
  * Revert "rm-rf: Add rm_rf_physical_and_close()"
  * Merge pull request #24803 from DaanDeMeyer/repart-copy-deny-list
  * repart: Use copy_bytes() instead of copy_bytes_full()
  * repart: Use COPY_REFLINK in context_copy_blocks()
  * repart: Use COPY_HOLES more
  * repart: Calculate filesystem UUID earlier
  * resize-fs: Bump xfs minimum partition size to 16MB
  * repart: Move fstype_is_ro() checks out of the populate functions
  * repart: Create loop device when populating filesystems if needed
  * repart: Don't log partition number when populating filesystem
  * repart: Allow custom root directory per copy blocks source
  * repart: Use ULL for all size constants
  * repart: Take into account minimal filesystem size
  * sd-bus: Use goto finish instead of return in bus_add_match_full
  * strv: Make sure strv_make_nulstr() always returns a valid nulstr
  * nulstr-util: Declare NULSTR_FOREACH() iterator inline
  * repart: Add Minimize= integration test
  * Merge pull request #24908 from DaanDeMeyer/repart-minimize
  * gpt: Expose GptPartitionType and get rid of SECONDARY/OTHER
  * repart: Use first unused partition number for new partitions
  * repart: Add --include/--exclude-partitions
  * repart: Add integration test for --include/--exclude-partitions
  * Merge pull request #25001 from DaanDeMeyer/repart-filter
  * btrfs-util: Remove bogus assert()
  * mkfs-util: Make argument handling for mkfs binaries more flexible
  * mkfs-util: Add root support for ext and btrfs
  * mkosi: Add mkfs tools to mkosi image
  * mkfs-util: Add support to populate vfat without mounting using mcopy
  * repart: Let libcryptsetup calculate the volume key
  * repart: Do offline encryption instead of online
  * repart: Move verity hash formatting into data partition functions
  * repart: Move verity sig formatting into data partition functions
  * repart: Fix copy failure error message
  * repart: Ensure files end up owned by root in generated filesystems
  * repart: Fail early if we're missing privileges to populate a filesystem
  * repart: Skip partition_populate_directory() if no sources are provided
  * repart: Fail early if no sources are provided for a read-only filesystem
  * repart: Change mode of temporary root to 755
  * repart: Don't use loop devices when we're not operating on a block device
  * repart: Run most repart integration tests without root privileges
  * Revert "journal: Make sd_journal_previous/next() return 0 at HEAD/TAIL"
  * Merge pull request #24944 from DaanDeMeyer/repart-rootless
  * log: Disable log rate limiting if debug logging is enabled
  * missing_syscall: Add rt_tgsigqueueinfo()
  * sigbus: Make sure the signal is delivered to the same thread
  * mkfs-util: Add support for rootless xfs population
  * sigbus: Add fallback in case rt_tgsiqqueueinfo() fails
  * crash-handler: Make sure we propagate the original siginfo
  * Merge pull request #25096 from DaanDeMeyer/journald-log-fixes
  * tmpfile-util: Introduce fopen_temporary_child()
  * Followups for aa6aa81c1e2fa0d35f91545d440ce5a31e1a43df
  * repart: Write temporary LUKS header to /var/tmp instead of /tmp
  * log: Remove log_ratelimit_debug() macros
  * kmod-setup: Make sure the tpm module is available early
  * repart: Use IN_SET() in one more place
  * repart: Rework unused partition number algorithm
  * repart: Fix FilterPartitionsType enum name
  * repart: Fix parse_filter_partitions() log messages
  * repart: Use ftruncate() instead of posix_allocate()
  * repart: Use ASSERT_PTR() in partition_encrypt()
  * mkfs-util: Use GID_FMT
  * mkfs-util: Prefer fd based stat() where possible
  * mkfs-util: Use FORK_CLOSE_ALL_FDS
  * repart: Remove redundant parentheses in partition_populate_directory()
  * repart: Use fd based operations in partition_populate_directory()
  * repart: Rework PartitionTarget initialization
  * Merge pull request #25461 from DaanDeMeyer/repart-followups
  * gpt: Specify designator array sizes explicitly
  * gpt: Drop PARTITION_LINUX_GENERIC and PARTITION_USER_HOME
  * Merge pull request #25485 from DaanDeMeyer/gpt-fix
  * find-esp: Relax filesystem root directory check
  * repart: Rename arg_filter_partitions_size to arg_n_filter_partitions
  * repart: Make parse_filter_partitions() more generic
  * Revert "find-esp: Relax filesystem root directory check"
  * mkfs-util: Check if mcopy is installed
  * dirent-util: Expose dirent_ensure_type()
  * recurse-dir: Handle RECURSE_DIR_ENSURE_TYPE in readdir_all()
  * mkfs-util: Skip non files/directories when calling mcopy
  * Merge pull request #25500 from DaanDeMeyer/mcopy-skip-symlinks
  * repart: Add --skip-partitions=
  * Merge pull request #25482 from DaanDeMeyer/repart-skip-partitions
  * mkfs-util: Drop batch (b) and n flags from mcopy
  * units: Use BindsTo=systemd-networkd in systemd-networkd-wait-online.service
  * repart: Remove bogus check
  * repart: Move comment
  * repart: Make sure all files in the image are owned by root
  * repart: Prefer using loop devices to populate filesystems when available
  * repart: Make sure we clean up temporary files created in context_minimize()
  * repart: Refactor split names
  * repart: Make sure split partition files are cleaned up on failure
  * repart: Move backing_fd, node and from_scratch variables into Context
  * repart: Remove leftover debug statement
  * repart: Inline Partition and Context typedefs
  * repart: Make sure we cleanup image file on failure if we create it
  * repart: Add split path to table output
  * Merge pull request #25132 from yuwata/core-device-inactivate-removed-device-on-switching-root
  * Merge pull request #25574 from bluca/gh_wf
  * copy: Add COPY_GRACEFUL_WARN
  * repart: Ignore copy failures for unsupported file types
  * Merge pull request #25579 from DaanDeMeyer/copy-graceful-symlinks
  * mkosi: Drop explicit Format=
  * mkosi: Drop HostonlyInitrd=yes
  * chase-symlinks: Fix regression from 5bc244aaa90211ccd8370535274c266cdff6a1cb
  * mkosi: Rework kconfig handling
  * mkosi: Make sure selftests bpftool is accessible from $PATH
  * journal: Use shared log ratelimit constant
  * journal: Ratelimit more log messages
  * test-fs-util: Add relative path chase_symlinks() tests
  * ci: Add/Drop labels on pull request activity and comment
  * ci: Labeler improvements
  * mkosi: Drop i686 packages
  * execute: Pass AT_FDCWD instead of -1
  * mkosi: Enable CONFIG_ZBOOT
  * repart: Rename --skip-partitions to --defer-partitions
  * repart: Rework Minimize= option settings
  * repart: Fix integration test
  * repart: Use "defer" in docs instead of "skip"
  * repart: Always derive fs/luks UUIDs from generated partition UUID
  * ukify: Allow passing multiple directories to --tools
  * ukify: Prefer using llvm-objcopy instead of objcopy
  * ukify: Validate that there are no overlapping sections
  * ukify: Handle directories in path_is_readable()
  * ukify: Require specifying --tools for each tools directory
  * Merge pull request #25912 from DaanDeMeyer/ukify
  * Merge pull request #25947 from poettering/resolved-dns-creds
  * basic: Make snprintf_ok() a static inline function
  * basic: Drop memory-util.h include from stdio-util.h
  * basic: Use statement expressions more in list.h
  * basic: Add strv_extend_assignment()
  * basic: Add log context
  * sd-bus: Log extra fields when processing bus message
  * device-monitor: Add extra fields to the log context before callback
  * Merge pull request #24939 from msizanoen1/journal-realtime-enforce-consistency
  * ci: Remove a bunch of labels when a PR is merged
  * network: Show network and link file dropins in networkctl status
  * ci: Fix PR labeling
  * dissect-image: Notify btrfs when we're done using a loop device
  * open-file: Fix user-after-free
  * ci: Update mkosi action to latest commit
  * boot: Remove -O1 workaround
  * mkosi: Use meson setup
  * ukify: Fix version string
  * Merge pull request #25999 from DaanDeMeyer/mkosi
  * mkfs-util: Shorten strv operations error handling
  * repart: Allow configuring sector size
  * Merge pull request #26044 from DaanDeMeyer/repart-sector-size
  * testsuite-77: Fix race condition
  * mkosi: Rename the configuration files to use ".conf" as extension
  * ukify: Downgrade required python version to 3.9
  * Revert "repart: Make sure all files in the image are owned by root"
  * Revert "repart: Ensure files end up owned by root in generated filesystems"
  * repart: Add note about UIDs/GIDs of copied files and directories
  * repart: Mention broken XFS protofile format
  * docs: Update HACKING.md to mention latest mkosi is needed
  * test-execute: Skip when /sys is read-only
  * repart: Add roothash to output of all verity siblings
  * nspawn: Drop CAP_NET_BIND_SERVICE when in userns but not in netns
  * resolve: Skip creating stubs if missing CAP_NET_BIND_SERVICE
  * mkosi: Update and enable ukify in mkosi builds
  * ukify: python 3.9 compat followup
  * mkdir-label: Add mkdir_parents_safe_label()
  * nspawn: Make sure we create bind mount points as the correct UID/GID
  * mkosi: Drop epel-testing repository from centos config
  * mkosi: Fix shellcheck warnings
  * mkosi: Don't modify rootfs in build script
  * mkosi: Drop focal workaround in build script
  * mkosi: Add back CentOS Stream 8 to CI
  * mkosi: Disable auditd when running with nspawn in CI
  * test-systemd-tmpfiles: Fix execution when user is not in /etc/passwd
  * Merge pull request #26252 from DaanDeMeyer/mkosi-drop-workaround
  * chase-symlinks: chase_symlinks_at() AT_FDCWD fixes
  * chase-symlinks: Always open a dirfd to the root directory
  * bus-util: Add bus_log_parse_error_debug()
  * bus-map-properties: Use bus_log_parse_error_debug()
  * bootctl: Add missing %m
  * boot: Make sure we take --root into account everywhere.
  * mkosi: Update to latest
  * mkosi: Use globs instead of prepare script to install extra packages
  * mkosi: Stop installing kernel headers to /usr
  * test-boot-timestamp: Handle ERANGE error
  * xattr-util: Add xsetxattr()
  * copy: Make copy_xattr() more generic
  * copy: Copy symlink xattrs
  * repart: Create temporary root directory using var_tmp_dir()
  * repart: Initialize root directory metadata correctly
  * mount-setup: Fix typo
  * repart: Remove outdated comment
  * mkosi: Enable debug logging in CI
  * repart: Make config_parse_copy_files() more generic
  * Update HACKING for latest mkosi
  * Drop mkosi + clang section from HACKING
  * dissect-image: Return mount point fd if requested
  * env-file: Add write_env_file_at()
  * copy: Add copy_file_at()
  * tmpfile-util-label: Add fopen_temporary_at_label()
  * smack-util: Add renameat_and_apply_smack_floor_label()
  * repart: Add ExcludeFiles= option
  * Merge pull request #26465 from DaanDeMeyer/openat-helpers
  * Merge pull request #26437 from DaanDeMeyer/repart-exclude
  * ukify: Set fast_load option when parsing PE files
  * mkosi: Update to latest
  * mkosi: Drop ld workaround
  * mkosi: Drop locale workaround
  * mkosi: Drop bootctl workaround in postinst script
  * mkosi: Drop opensuse workaround
  * mkosi: Use 4 space indentation for scripts
  * mkosi: Add more debugging
  * mkosi: Remove preset workaround
  * mkosi: Move more logic to the postinst script
  * mkosi: Simplify BUILDDIR/SRCDIR handling a bit
  * mkosi: Reduce postinst script indentation
  * Merge pull request #26518 from DaanDeMeyer/mkosi-stuff
  * repart: Refactor make_copy_files_denylist() a bit
  * copy: Support both inode exclusion and contents exclusion
  * repart: Exclude APIVFS mountpoint directories
  * Merge pull request #26500 from DaanDeMeyer/repart-mountpoints
  * efi-string: Fix strchr() null byte handling
  * efi-string: Add startswith8()
  * smack-util: Fix compilation error when smack is disabled
  * efi-string: Add efi_memchr()
  * vmm: Add more const
  * vmm: Add smbios_find_oem_string()
  * stub: Read extra kernel command line items from SMBIOS
  * vmm: Modernize get_smbios_table()
  * Merge pull request #26258 from DaanDeMeyer/boot-smbios
  * journal-file: Fix return value in bump_entry_array()
  * journal-file: Improve debug messages
  * mkosi: Install dnf on centos and fedora
  * chase-symlinks: Skip shortcuts if CHASE_PROHIBIT_SYMLINKS is set
  * chase-symlinks: Return "." as path from chase_symlinks_at() instead of NULL
  * chase-symlinks: Add CHASE_PARENT
  * chase-symlinks: Add CHASE_MKDIR_0755
  * chase-symlinks: Add chase_symlinks_at_and_open()
  * mkosi: Update to latest
  * mkosi: Update to latest
  * mkosi: Drop kernel command line masking in CI
  * mkosi: Drop debug logging
  * mkosi: Fix locations of mkosi-check-and-shutdown files
  * Merge pull request #26709 from DaanDeMeyer/mkosi-drop-debug
  * memfd-util: Add memfd_new_and_seal()
  * repart: Add support for reading mkfs options from environment
  * lockfile-util: Drop flock() fallback
  * lockfile-util: Rename to lock-util
  * lock-util: Add unposix_lock()
  * lock-util: Add CLEANUP_UNPOSIX_UNLOCK()
  * lock-util: Move to src/basic
  * user-util: Use unposix_lock() in take_etc_passwd_lock()
  * lock-util: Use unposix_lock() in make_lock_file() and release_lock_file()
  * Merge pull request #26726 from DaanDeMeyer/cleanups
  * mkosi: Update to latest
  * mkfs-util: Always use "default" usage type for ext filesystems
  * mkfs-util: Don't explicitly enable has_journal for ext3/ext4
  * mkfs-util: Redirect mkfs.vfat stdout to /dev/null
  * execute: Use log_unit_error_errno() instead of log_error_errno()
  * lock-util: Add posix_lock()
  * dynamic-user: Revert back to using POSIX locks
  * namespace: Modernize shareable namespace functions
  * man: Fix user generator output paths
  * fs-util: Add xopenat()
  * chase-symlinks: Fix memory leak
  * Merge pull request #26662 from yuwata/test-execute-network-namespace-path
  * chase-symlinks: Remove unused ret_fd arguments
  * mkfs-util: Redirect mksquashfs output to /dev/null
  * mountpoint-util: Add path_get_mnt_id_at()
  * fd-util: Add dir_fd_is_root()
  * chase-symlinks: Rework open() functions and some chase flags
  * chase-symlinks: Add more assertions
  * Merge pull request #26820 from DaanDeMeyer/dir-fd-is-root
  * fs-util: Drop unlink_noerrno()
  * Merge pull request #26784 from DaanDeMeyer/chase-fix
  * terminal-util: Don't assume terminal is dumb if connected to /dev/null
  * journald-console: Add colors when forwarding to console
  * mkosi: Use default timeout of 10s
  * repart: Make sure we seek to beginning of partition target before copy
  * repart: Zero full verity signature partition size
  * repart: Report better errors if partition sizes are too small
  * mkosi: Enable some debugging options by default
  * Merge pull request #26783 from yuwata/loop-ref-follow-up
  * Merge pull request #26849 from DaanDeMeyer/fwd-colors
  * units: Order user@.service after systemd-oomd.service
  * mkosi: Default to debug log level for udev as well
  * log: Avoid pushing the same fields more than once on the log context
  * log: Add key/value support to the log context
  * unit: Add LOG_CONTEXT_PUSH_UNIT()
  * lock-util: Add make_lock_file_at()
  * fs-util: Add open_parent_at()
  * tmpfile-util: Add open_tmpfile_linkable_at() and link_tmpfile_at()
  * chase-symlinks: Add CHASE_EXTRACT_FILENAME flag
  * chase-symlinks: Return zero from access() and stat() helpers
  * chase-symlinks: Add more chase_symlinks_at() helpers
  * docs: Fix vscode debugging section in HACKING.md
  * execute: Add kernel cmdline arguments for tty term, rows and columns
  * Merge pull request #26866 from DaanDeMeyer/chase-fix
  * Merge pull request #26828 from DaanDeMeyer/tmpfile-at
  * copy: Move chattr arguments to full function signatures
  * copy: Add more at() helpers
  * Merge pull request #26829 from DaanDeMeyer/copy-at
  * stat-util: Add verify_regular_at()
  * core: Settle log target if we're going to be closing all fds
  * fs-util: Add xopenat_lock()
  * Merge pull request #26916 from DaanDeMeyer/log-context-ref
  * Merge pull request #26936 from DaanDeMeyer/xopenat-lock
  * docs: Explicitly tell developers to enable mkosi required meson options
  * fs-util: Allow xopenat() to reopen existing file descriptors
  * loop-util: Add loop_device_make_by_path_at()
  * chase-symlinks: Use xopenat() instead of open_mkdir_at()
  * Merge pull request #26956 from yuwata/core-main-arguments-followed-by-equal
  * Merge pull request #26948 from yuwata/vconsole-fix-memleak
  * Merge pull request #26957 from yuwata/proc-cmdline-cleanups
  * Merge pull request #26958 from yuwata/nulstr-optionally-drop-trailing-nulstr
  * chase-symlinks: Rename chase_symlinks() to chase()
  * chase-symlinks: Allow optional path with CHASE_EXTRACT_FILENAME
  * chase-symlinks: Add chase_and_open_parent() + at() variant
  * Merge pull request #26961 from DaanDeMeyer/chase-and-pin
  * mkosi: Narrow glob used to install python packages
  * execute: Rename ExecRuntime to ExecSharedRuntime
  * execute: Do not pass destroy as a boolean argument to unref()
  * core: Introduce unit private exec runtime
  * core: Move DynamicCreds into ExecRuntime
  * locale: Add missing libxkbcommon dependency to tests
  * Merge pull request #26902 from YHNdnzj/restart-sec-step
  * Merge pull request #27005 from poettering/fd-reopen-symlink
  * ukify: Weaken file alignment assertions
  * Revert "ukify: Weaken file alignment assertions"
  * ukify: Add workarounds for older stubs
  * Merge pull request #27035 from DaanDeMeyer/ukify-align
  * log: Add LOG_SET_PREFIX() macro
  * user-util: Add ETC_PASSWD_LOCK_NAME
  * firstboot: Modernize path handling
  * mkosi: Update to latest
  * test: Install systemd-networkd-tests.py when install_tests is enabled
  * mkosi: Update to latest
  * Merge pull request #27049 from DaanDeMeyer/update-mkosi
  * mkosi: Drop python-docutils
  * user-util: Rename ETC_PASSWD_LOCK_NAME to ETC_PASSWD_LOCK_FILENAME
  * firstboot: Check for errors returned by dir_fd_is_root()
  * firstboot: Refactor should_configure()
  * Merge pull request #27061 from yuwata/test-chase
  * Merge pull request #27060 from yuwata/fd-get-path
  * Merge pull request #27062 from yuwata/chase-trivial
  * chase: Fix formatting
  * chase: Fix error code check
  * fs-util: Strip O_NOFOLLOW in xopenat() when calling fd_reopen()
  * chase: Simplify chase_and_open() and chase_and_openat()
  * Merge pull request #27041 from poettering/fdstore-dump
  * Merge pull request #27063 from yuwata/chase-graceful
  * Merge pull request #27064 from DaanDeMeyer/chase-fixes
  * tmpfiles: Try to take a BSD lock on files as well
  * Merge pull request #27080 from yuwata/rm-rf
  * Trim TODO a bit
  * firstboot: Do not dereference symlinks
  * firstboot: Add --reset option
  * btrfs-util: Add btrfs_get_block_device_at()
  * find-esp: Drop explicit automount trigger
  * stat-util: Add xstatfsat()
  * find-esp: Add openat() like helpers that operate on fds
  * Merge pull request #25836 from DaanDeMeyer/reset
  * Merge pull request #27122 from yuwata/id128-at
  * Revert "mkosi: Drop python-docutils"
  * mkosi: Make sure we always boot our built from source kernel
  * mkosi: Update bundled kconfig
  * repart: Add more logging
  * mkosi: Update to latest
  * bootctl: Gracefully handle missing bootloader directory
  * mkosi: Update to latest
  * Merge pull request #27194 from yuwata/chase-cleanups
  * Merge pull request #27184 from yuwata/xfopenat-full
  * Merge pull request #27206 from yuwata/udev-rename
  * Merge pull request #27186 from yuwata/os-release
  * user-util: Add default_root_shell_at()
  * firstboot: Use root directory file descriptor for everything
  * Merge pull request #27214 from DaanDeMeyer/firstboot
  * Merge pull request #27220 from yuwata/sd-device-follow-ups-for-devlink
  * Fix compilation error
  * notify: Add EXIT_STATUS field
  * core: Propagate exit status via notify socket when running in VM
  * core: Send ERRNO= via notify socket on exit
  * mkosi: Update to latest
  * Merge pull request #27252 from yuwata/chase-mkdir
  * preset: Add ignore directive
  * mkosi: Update to latest
  * mkosi: Always disable sshd, dnsmasq and isc-dhcp-server
  * mkosi: Use kernel-core for Fedora and CentOS images
  * getty-generator: Use device hotplug to instantiate virtualizer consoles
  * mkosi: Update to latest
  * Merge pull request #27299 from yuwata/chase-absolute
  * log: Add knob to disable kmsg ratelimiting
  * log: Log when kmsg is being ratelimited
  * mkosi: Disable kmsg ratelimiting
  * string-util: Add startswith_strv()
  * kmod-setup: Introduce match_modalias_recurse_dir_cb()
  * core: Parse logging environment earlier
  * kmod-setup: Add early loading for virtio_console
  * mkosi: Use authselect minimal if authselect is installed
  * sulogin-shell: Start initrd.target on exit in the initrd
  * mkosi: Update to latest
  * Merge pull request #27367 from bluca/mkosi_resolve
  * nspawn: Don't follow /etc/resolv.conf symlinks
  * mkosi: Update to latest
  * Drop log level of header limits log message
  * mkosi: Update fedora to release 38
  * repart: Turn condition into assert
  * repart: Move partition_defer() out of format_verity_hash/sig()
  * repart: Allow passing target to format_verity_hash()
  * journal: Don't try to write garbage if journal entry is corrupted
  * repart: Extend error logging for format_verity_hash/sig()
  * repart: Add Minimize= support for verity hash partitions
  * Merge pull request #27419 from yuwata/sd-journal-entry-item
  * Merge pull request #27415 from DaanDeMeyer/verity-minimize
  * copy: Introduce reflink() and reflink_full()
  * libsystemd: Add missing memory pressure functions to public symbols
  * meson: Search for diff program
  * meson: Search for find program
  * mkosi: Switch to use mkosi presets with prebuilt initrds
  * tree-wide: Handle EADDRNOTAVAIL as journal corruption
  * mkosi: Use kernel-kvmsmall package on opensuse
  * mkosi: Look for mkosi.kernel/ in the top level directory
  * mkosi: Disable a bunch of useless configs when building a kernel
  * Merge pull request #27569 from keszybz/mkosi-nicer-output
  * test-specifier: Ignore -ENOPKG from specifier_printf()
  * Merge pull request #27553 from yuwata/sd-journal-generic-array-bisect
  * test-journal-verify: Use a more thorough machine ID check
  * units: Add CAP_NET_ADMIN condition to systemd-networkd-wait-online@.service as well
  * repart: Fix deny list logic
  * tmpfiles: Add merge support for copy files action
  * mkosi: Don't run slow tests by default
  * mkosi: Stop creating test users in prepare scripts
  * mkosi: Disable create-log-dirs option
  * mkosi: Replace root password setting with a credential
  * mkosi: Make sure we use systemd-networkd-wait-online
  * mkosi: Disable dnf-makecache.service by default
  * mkosi: Disable auditd in the preset instead of masking it
  * mkosi: Enable systemd-timesyncd by default
  * mkosi: Add back accidentally removed .gdbinit file
  * mkosi: Disable pamconfdir
  * mkosi: Run in debug mode
  * mkosi: Install apt in Debian/Ubuntu images
  * Merge pull request #27610 from DaanDeMeyer/mkosi-trivial
  * fstab-generator: Take systemd.verity= into account
  * fstab-generator: Unset kernel cmdline options if empty value is given
  * fstab-generator: Fix log message
  * core: Make sure systemctl exit <X> works outside of a container
  * core: Check if any init exists before switching root
  * mkfs-util: Add quiet argument to make_filesystem()
  * Merge pull request #27565 from yuwata/static-destruct
  * core: Try to initialize TERM from systemd.tty.term.console as well
  * mkosi: Update to latest
  * mkosi: Use initrd symlink without format/compression
  * mkosi: Only build initrd if Bootable= is enabled or set to "auto"
  * mkosi: Update .gitignore to account for changed output locations
  * mkosi: Use zstd compression on non-centos distros
  * repart: Read arguments directly instead of passing them in
  * repart: Make sure r is declared last
  * conf-parser: Add root argument to config_parse_many()
  * repart: Make sure we look up dropin files in the root directory
  * units: Add missing dependencies on initrd-switch-root.target
  * sulogin: Read SYSTEMD_SULOGIN_FORCE from kernel cmdline
  * mkosi: Do not enable ACL usage by default
  * mkosi: Store /etc under /usr/share/factory/mkosi
  * mkosi: Package a erofs usr partition with signed verity
  * machine-id-setup: Do not overwrite if /etc/machine-id contains uninitialized
  * mkosi: Install tmux in the final image
  * mkosi: Drop squashfs dropin
  * mkosi: Always pull in network-online.target
  * Revert "units: Add missing dependencies on initrd-switch-root.target"
  * Merge pull request #26577 from ChenQi1989/revert-revert-journal
  * repart: Default to vfat for ESP/XBOOTLDR partitions
  * mkosi: Make sure persistent journal storage is enabled
  * tree-wide: Fix false positives on newer gcc
  * mkfs-util: Silence noisy warning from mkfs.btrfs
  * core/timer: Always use inactive_exit_timestamp if it is set
  * timer: Use dual_timestamp_is_set() in one more place
  * Merge pull request #27752 from DaanDeMeyer/timer-oncalendar-fix
  * mkosi: Bump default timeout to 180s
  * mount-util: Downgrade log message to trace
  * meson: Create credstore directories
  * units: Shut down networkd and resolved on switch-root
  * mount-util: Downgrade another noisy debug log to trace level
  * Merge pull request #27517 from ddstreet/tpm2_calculate_policy
  * tree-wide: Downgrade a few more noisy log messages to trace
  * repart: Allow target directory excludes
  * gpt: Fix copy paste error
  * kmod-setup: Load virtio-vsock kernel module early
  * oom: Make sure temporary test file is in /tmp
  * test-udev: Skip running in container
  * label: Rename to label-util.h
  * label: Introduce LabelOps to do pre/post labelling operations
  * fs-util: Add XOpenFlags with XO_LABEL flag to have xopenat() MAC label files/dirs
  * gpt: Use FOREACH_ARRAY
  * gpt: Add gpt_partition_type_override_architecture()
  * repart: Add --architecture option
  * sysv-generator-test: Bump log level to info
  * sd-daemon: Introduce pid_notify_with_fds_internal()
  * sd-daemon: Add debug logging
  * mkosi: Update to latest
  * mkosi: Enforce usage of vsock with qemu in CI
  * mkosi: Blacklist vmw_vmci to avoid issues with vsock in Github Actions
  * mkosi: Use proper check to detect whether we're in a VM
  * mkosi: Disable cmdline addon test for now
  * mkosi: Don't fail on systemd-vconsole-setup.service failure for now
  * mkosi: Check for failures by mounting again
  * Merge pull request #26969 from DaanDeMeyer/xopenat-label
  * Merge pull request #27766 from rphibel/cleanup-cgroups-before-cleaning-units
  * Merge pull request #27806 from DaanDeMeyer/fix-mkosi-check
  * Merge pull request #27844 from DaanDeMeyer/repart-arch
  * Merge pull request #27628 from ddstreet/tpm2_header_cleanup
  * copy: Add COPY_TRUNCATE
  * repart: Use COPY_TRUNCATE
  * mkosi: Update to latest
  * meson: Add missing tss2-tcti-device dependency
  * mkosi: Add missing tss2 dependencies
  * mkosi: Move python3-pytest-flakes to build packages on opensuse
  * mkosi: Enable set -e in postinst script
  * mkosi: Remove file blacklisting erofs module in opensuse initrd
  * mkosi: Sign expected PCRs
  * core: Add systemd.default_device_timeout_sec= cmdline option
  * mkosi: Only lower device timeout instead of all timeouts
  * Merge pull request #27849 from DaanDeMeyer/sign-pcr
  * mkosi: Enable more options
  * repart: Add --offline argument
  * test: Test --offline= in TEST-58-REPART
  * copy: Merge copy_directory() and copy_directory_fd() into copy_directory_at()
  * fs-util: Allow passing NULL path to xopenat()
  * stat-util: Follow coding style in xstatfsat()
  * stat-util: Add is_fs_type_at()
  * btrfs-util: Add btrfs_is_subvol_at()
  * fd-util: Add path_is_root_at()
  * test-chase: Fix comment
  * chase: Allow passing NULL as the empty path to chaseat()
  * test-chase: Add one more test for chase_and_openat()
  * btrfs-util: Add btrfs_subvol_remove_at()
  * rm-rf: Add rm_rf_at()
  * btrfs-util: Add btrfs_subvol_set_read_only_at()
  * chattr-util: Make chattr_full() an openat() style function
  * btrfs-util: Add btrfs_subvol_snapshot_at()
  * Merge pull request #27918 from yuwata/chase-filename
  * repart: Do online encryption when loop devices are available
  * Merge pull request #27925 from DaanDeMeyer/repart-encrypt
  * Merge pull request #27629 from ddstreet/tpm2_verify_sym_params
  * mkosi: Update to latest
  * Merge pull request #27960 from DaanDeMeyer/update-mkosi
  * execute: Make credential_search_path() more flexible
  * creds: Add ImportCredential=
  * units: Use ImportCredential= where applicable
  * socket-util: Allow specifying socket type in vsock address
  * sd-daemon: Use socket type from vsock address if set
  * sd-daemon: Add vsock fallback to SOCK_STREAM
  * Merge pull request #28010 from DaanDeMeyer/vsock-type
  * mkosi: Add socat to the final image
  * mkosi: Add bpftool to final image
  * mkosi: Make sure we build custom kernels with EROFS support
  * mkosi: Update to latest
  * mkosi: Remove explicit /testok check
  * repart: Store dm_name in DecryptedPartitionTarget
  * btrfs-util: Drop redundant parentheses
  * fd-util: Add extra shortcut to path_is_root_at()
  * rm-rf: Fix assertion
  * Merge pull request #27977 from DaanDeMeyer/update-mkosi
  * mkfs-util: Hide /proc/self/mounts before running mkfs
  * lock-util: Add LOCK_NONE
  * copy: Add COPY_LOCK_BSD
  * mkosi: Update to latest
  * btrfs-util: Add BTRFS_SNAPSHOT_LOCK_BSD
  * Merge pull request #27863 from DaanDeMeyer/copy-lock
  * namespace: Load sidecar verity settings in apply_mount_namespace()
  * dissect-image: Log if verity signature partition is too large
  * tmpfiles: Fix BSD lock logging messages
  * tmpfiles: Don't log about harmless errors when trying to lock file
  * tmpfiles: Add note to man page about guaranteed cleanup for files/directories
  * core: Add RootEphemeral= setting
  * test: Add touch into minimal verity test image
  * test: Add RootEphemeral= integration test
  * Merge pull request #27942 from DaanDeMeyer/root-ephemeral
  * core: Add halt and kexec emergency actions
  * units: Use built-in halt and kexec features instead of systemctl
  * Merge pull request #28115 from yuwata/meson-tiny-fixes
  * hwdb: Don't generate hwdb if no hwdb files are found
  * Merge pull request #28117 from yuwata/copy-follow-ups
  * mkosi: Update to latest
  * repart: Fix HAVE_LIBCRYPTSETUP check
  * mkosi: Enable Incremental= mode by default
  * stat-util: Make sure we trigger automounts when looking for ESP/XBOOTLDR
  * dbus-cgroup: Make sure we overwrite cpuset properties in drop-in
  * dissect: Allow a few verbs to operate on directories as well as image files
  * dissect: Add --mtree-hash= option
  * network-generator: Add missing log_setup()
  * network-generator: Add missing umask(0022)
  * tpm2-util: Check for dlopen() when calculating tpm2 support
  * analyze-pcrs: Fix typo
  * Merge pull request #28334 from DaanDeMeyer/network-generator
  * mkosi: Add tpm2-tools to the initrd
  * Merge pull request #28333 from DaanDeMeyer/tpm-support-dlopen
  * mkosi: Make sure we build kernel headers
  * device-util: Declare iterator variables inline
  * basic: Fix color + underline functions/macros
  * json: free array in json_variant_unref_many()
  * logs-show: Rename json_data to JsonData and add typedef
  * Merge pull request #28365 from DaanDeMeyer/udevadm-query
  * ukify: Derive public key from private key if not specified
  * tree-wide: Set /dev/console size when we reset it
  * terminal-util: Document boolean parameter in one more place
  * mkosi: Set systemd.early_core_pattern=/core
  * Merge pull request #28376 from yuwata/json_append
  * kernel-install: Avoid reopening file descriptor via /proc
  * elf2efi: Make compatible with python 3.6 again
  * mkosi: Update to latest
  * mkosi: Drop kernel command line arguments that are set by mkosi
  * mkosi: Stop using python3.9 on CentOS 8
  * mkosi: Move settings to right sections
  * Merge pull request #28397 from DaanDeMeyer/python-stuff
  * Merge pull request #28416 from bluca/gpt_mips
  * units: Add --graceful flag to pcrphase units
  * test-resolved-stream: Use a random port number
  * repart: Always take --offline into account
  * Merge pull request #28447 from mrc0mmand/test-network
  * xfs: Bump minimal size to 300M
  * mkfs-util: Escape spaces with slashes in protofile format
  * units: Load agetty credentials in all getty units
  * Merge pull request #28359 from keszybz/ret-gather
  * Merge pull request #28474 from yuwata/chase-fix
  * kernel-install: Only bypass "add" and "remove"
  * kernel-install: Make sure KERNEL_INSTALL_BYPASS is disabled in tests
  * repart: Open files in context_minimize()
  * repart: Allow combining CopyBlocks= and CopyFiles=
  * creds-util: Add read_credential_bool()
  * repart: Add --oem and OEM=
  * units: Import all repart credentials in systemd-repart.service
  * Merge pull request #28608 from yuwata/meson-use-template
  * Merge pull request #28556 from DaanDeMeyer/repart
  * Revert "units: Import all repart credentials in systemd-repart.service"
  * Revert "repart: Add --oem and OEM="
  * Revert "repart: Allow combining CopyBlocks= and CopyFiles="
  * Merge pull request #28621 from DaanDeMeyer/repart-fix
  * Merge pull request #28620 from yuwata/meson-use-template-part5
  * ukify: Only run systemd-measure after adding all sections
  * repart: Rename partition_exclude/defer() to partition_type_exclude/defer()
  * sysupdate: Move fdisk partition flags helpers to fdisk-util.c
  * repart: Add --copy-from option
  * Merge pull request #28632 from DaanDeMeyer/repart-synthesize
  * mkosi: Update to latest
  * tree-wide: Fix -Wmaybe-uninitialized compilation warnings
  * debug-generator: Use generator_add_symlink()
  * test-user-util: Drop tty check in gid_to_name() test
  * mkosi: Update to latest
  * mkosi: Make sure our systemd build always overrides the distros
  * mkosi: Use SuccessActionExitStatus= in mkosi-check-and-shutdown.service
  * tmpfiles: Consider ENOPKG as information not available
  * Merge pull request #28669 from DaanDeMeyer/mkosi-fix
  * repart: Stat temporary file again after mkfs
  * repart: Extend check for read-only verity partitions
  * mkosi: Unmount /etc/resolv.conf if it's a mountpoint
  * mkosi: Update to latest
  * repart: Pass GptPartitionType *
  * repart: Reword --copy-from docs
  * Merge pull request #28756 from DaanDeMeyer/repart-fix
  * execute: Chown credentials files and directories to service group
  * mkosi: Move python3dist(pytest-flakes) to base preset build packages
  * ukify: Use length= instead of ignore_padding= in inspect
  * repart: Allow acquire shared lock on --copy-from files/devices
  * repart: Allow specifying --copy-from more than once
  * Merge pull request #28766 from DaanDeMeyer/repart-copy-from
  * mkfs-util: Set sector size environment variables when invoking mkfs.ext4
  * mkfs-util: Pass sector size to mkfs.f2fs
  * Merge pull request #28827 from gioele/docs-fix-network-online-example-unit
  * fdisk-util: Make fdisk_new_context_fd() more generic
  * tree-wide: Use fdisk_new_context_at() more
  * repart: Use 4096 as the fallback sector size for verity/luks/filesystems
  * tree-wide: Always include <net/if.h> before related linux headers
  * dissect-image: Fix mount_point_is_available()
  * Merge pull request #28828 from DaanDeMeyer/sysupdate-fdisk
  * path-util: Make ret argument optional for path_extract_directory()
  * btrfs-util: Move subvolume creation to basic/btrfs.h
  * fs-util: Add XO_SUBVOLUME flag for xopenat()
  * copy: Add support for creating subvolumes to copy_tree_at()
  * mkdir: Add support for creating subvolumes to mkdir_p_root()
  * repart: Add Subvolumes= setting
  * fd-util: Use /proc/pid/fd instead of /proc/self/fd
  * Merge pull request #28829 from DaanDeMeyer/mount-fd
  * Merge pull request #28833 from DaanDeMeyer/copy-subvolume
  * repart: Put function call closer to its error handling
  * mkfs-util: Don't set MKE2FS_DEVICE_PHYS_SECTSIZE
  * repart: Allow using Subvolumes= with automatic --offline
  * repart: Rework read-only logic
  * mkosi: Create a few subvolumes in the root partition
  * mkosi: Update to v15.1 release
  * repart: Massage the minimize for XFS a bit
  * Merge pull request #28838 from DaanDeMeyer/repart-subvolume
  * Merge pull request #28859 from poettering/btrfs-subvol-fix
  * repart: Default to swap format for swap partitions
  * mkosi: Add a swap partition
  * path-util: Add path_simplify_full()
  * parse-helpers: Add PATH_KEEP_TRAILING_SLASH
  * repart: Make sure we keep trailing slashes in ExcludeFiles=
  * meson: Use rsync to copy test data directories
  * Merge pull request #28869 from DaanDeMeyer/repart-trailing
  * dissect: Set SYSTEMD_DISSECT_DEVICE to path of loop device
  * install: Drop install_info_may_process() from unit_file_get_default()
  * mkosi: Drop fedora workaround
  * repart: Add partno to output
  * repart: Make verity example more useful
  * hostname: Make sure we pass error to bus_verify_polkit_async()
  * mkfs-util: Set FORK_REOPEN_LOG
  * Limit rlim_max in rlimit_nofile_safe() to nr_open
  * mkosi: Re-enable arch but disable keyring checking
  * mkosi: Update to latest
  * mkosi: Make sure gzip is installed in initrd/system image
  * Merge pull request #29035 from DaanDeMeyer/update-mkosi
  * mkosi: Enable two more kernel configs
  * mkosi: Don't build hid selftests
  * mkosi: Don't disable CONFIG_USB
  * mkosi: Drop arch workaround
  * mkosi: Allow configuring whether to do secure boot and pcrs from CLI
  * mkosi: Make sure custom installkernel scripts are not used
  * mkosi: Update to latest
  * mkosi: Move to Fedora 39
  * mkosi: Only build system preset by default
  * mkosi: Conditionally use tools tree
  * man: Mention that JSON user record files should have the .user extension
  * mkosi: Bump Fedora CI to Fedora 39
  * mkosi: Stop installing kernel-modules on Fedora
  * Merge pull request #29218 from DaanDeMeyer/kernel-modules
  * Merge pull request #29221 from keszybz/fedora-cloud-latest
  * mkfs-util: Only unshare mount namespace if needed
  * mkosi: Don't skip initrd dependency when building a directory image
  * repart: Don't fail on boot if we can't find the root block device
  * mkosi: Run meson and ninja as the user invoking mkosi
  * journal: Stop trying to open runtime journal once flushed
  * network: Rename json_append_one() and move to json.h
  * kmod-setup: Load virtiofs and virtio_pci early
  * Remove json_variant_merge_pair() in favor of json_variant_set_field_non_null()
  * Merge pull request #29183 from ddstreet/tpm2_openssl_functions
  * core: Make private /dev read-only after populating it
  * Merge pull request #29241 from poettering/pidref-watch
  * Merge pull request #29193 from keszybz/path-util-adjustment
  * mount: Log when we can't create the mount point
  * core: Use a subdirectory of /run/ for PrivateDevices=
  * Merge pull request #29343 from DaanDeMeyer/tmp
  * Merge pull request #29403 from yuwata/journal-decouple-journald-and-journal-remote
  * Merge pull request #29386 from yuwata/mmap-cache-cleanups-part1
  * journal-file-util: Prefer punching holes instead of truncating
  * repart: Mention that xattrs are not copied when populating XFS with protofile
  * Merge pull request #29439 from yuwata/mmap-cache-cleanups-part2
  * mountpoint-util: Check hardcoded list before asking kernel if option is supported
  * mkosi: Update to latest
  * Update HACKING instructions
  * Merge pull request #29456 from yuwata/journal-replace-truncating-with-punching-holes
  * Merge pull request #29491 from yuwata/varlink-follow-ups
  * sd-device: Support matching all properties
  * Merge pull request #29558 from mrc0mmand/varlinkctl-tests
  * Add --json switch to udevadm info
  * udev: Enable filtering the output of udevadm info --export-db
  * Merge pull request #28373 from DaanDeMeyer/udevadm-query
  * mkosi: Use RuntimeTrees= to mount sources
  * rm-rf: Make sure we rewinddir() before readdir()
  * Add unit_type_to_capitalized_string()
  * core: Add two more to_string() functions
  * execute: Add more helper functions
  * mount: Add more helpers
  * socket: Add one more helper
  * swap: Move two functions to swap.h
  * timer: Add two more helper functions
  * unit: Move three helpers to unit.h
  * manager: Introduce manager_get_progress() helper
  * hashmap: Add extra uncounted entry to returned array from hashmap_dump_sorted()
  * json: Introduce JSON_BUILD_STRING_SET
  * json: Introduce JSON_BUILD_CALLBACK
  * Merge pull request #29630 from DaanDeMeyer/manager-json
  * meson: Always build bootctl
  * meson: Always build systemd-measure
  * Merge pull request #29708 from DaanDeMeyer/bootctl-always
  * mkfs-util: Use actual UID/GID in protofile instead of root
  * mkosi: Use cache and build subdirectories
  * kernel-install: Log location that uki is installed in
  * kernel-install: Fix doc whitespace
  * boot-entry: Add boot_entry_token_type_to_string()
  * kernel-install: Add --json option for inspect verb
  * Revert "mkosi: Use cache and build subdirectories"
  * kernel-install: Add --root, --image and --image-policy
  * Set default value for tools tree
  * repart: Fix size round up/round down
  * Update to mkosi v19
  * mkosi: pin CentOS8 kernel to working version
  * Merge pull request #30236 from DaanDeMeyer/mkosi
  * mkosi: Install integritysetup on CentOS/Fedora
  * mkosi: Drop building custom kernel logic
  * network: Add missing comma
  * core: Always call log_open() in systemd-executor
  * Make sure we close bpf outer map fd in systemd-executor
  * Merge pull request #30211 from yuwata/sd-journal-generic-array-bisect-fix
  * Document kernel configs required for reading credentials from SMBIOS
  * mkosi: Update comment why we can't use linux-kvm yet
  * repart: Fix sysext definitions for --make-ddi=
  * repart: Add Minimize=best to --make-ddi= partition definitions
  * test: Add test case for --make-ddi=sysext
  * Merge pull request #30343 from keszybz/ukify-genkey
  * Merge pull request #30340 from yuwata/repart-error-handling-ftruncate
  * Merge pull request #30241 from poettering/journalctl-short-file-switch
  * gpt-auto-generator: Pass cryptsetup credentials to cryptsetup
  * nspawn: Check later whether to keep/drop CAP_NET_BIND_SERVICE
  * repart: Re-open file descriptor to partition target after mkfs
  * repart: Don't look for --make-ddi= definitions inside --root=
  * mkosi: Copy /boot into the ESP as well
  * kernel-install: Look for uki.conf in /usr/lib/kernel as well
  * kernel-install: Fix inspect with --root= when no version is specified
  * Merge pull request #30467 from poettering/loop-block-tweaks
  * Add $SYSTEMD_HWDB_UPDATE_BYPASS (#30463)
  * shutdown: Send EXIT_STATUS before final sync
  * mkosi: Add strace and gdb to base image build packages
  * test: Make sure SYSTEMD_HWDB_UPDATE_BYPASS is disabled in the hwdb test
  * test: Skip various tests when /sys is not mounted
  * Merge pull request #30527 from DaanDeMeyer/sys
  * bootctl: update/list/remove all instances of systemd-boot in /EFI/BOOT
  * Drop /dev test in test-mountpoint-util
  * mkosi: Update to latest
  * Add --root= support for list and prepare add-all for --root= support
  * mkosi: Build a directory image by default
  * bus-socket: Clarify that inotify is supposed to watch all components
  * tree-wide: Load entry-token and layout.conf from /usr/lib/kernel/ as well
  * mkosi: Use authselect local profile if it exists
  * Remove a few references to dracut
  * man: Document ranges for distributions config files and local config files
  * mkosi: Fix formatting in build script
  * mkosi: Use --auto-features=enabled for meson
  * Merge pull request #31092 from DaanDeMeyer/auto-features
  * Merge pull request #31048 from YHNdnzj/fstab-modernization
  * Merge pull request #31095 from bluca/test_time_tz
  * units: Order pcrlock services after systemd-remounts-fs.service
  * mkosi: Stop using file provides with CentOS/Fedora
  * Add systemd.default_debug_tty=
  * Install pacman in Arch Linux image
  * Merge pull request #29960 from CodethinkLabs/vmspawn/mkosi-features
  * repart: Add --generate-fstab= and --generate-crypttab= options
  * Fix libtss2-mu dependency
  * Add Suggests for libtss2-tcti-device
  * Use tilde for rc tag versioning
  * Make sure awk only matches PROJECT|PACKAGE_VERSION
  * docs: Use v255~rc1 instead of v255-rc1
  * meson: Start adding devel and rc suffixes to the project version
  * meson-vcs-tag: Say version format specification
  * Merge pull request #31330 from yuwata/sd-journal-trivial-cleanups
  * Merge pull request #31320 from DaanDeMeyer/versioning
  * Set SYSTEMD_LOG_LEVEL=info explicitly in test-sysusers
  * pkcs11-util: Explicitly initiaiize variable to avoid warning
  * Use DEB_BUILD_MAINT_OPTIONS instead of meson options
  * Replace TEST_UPSTREAM with "pkg.systemd.upstream" profile
  * Add libarchive-dev dependency when building for upstream
  * Don't put debian revision in version tag when building for upstream
  * Allow users to configure DH_MISSING
  * meson: Decouple the version tag from the vcs tag
  * ukify: Use VERSION_TAG instead of GIT_VERSION
  * mkosi: Set minimum version
  * mkosi: Allow users to configure the build and cache directory
  * mkosi: Use specifier to refer to the output directory
  * Merge pull request #31640 from DaanDeMeyer/mkosi
  * Merge pull request #31550 from teknoraver/dlopen_compress
  * Use VERSION_TAG instead of GIT_VERSION in kernel-install scripts
  * meson: Remove version_h dependency from jinja2_cmdline
  * Build in developer mode when building for upstream
  * Merge pull request #31656 from DaanDeMeyer/meson
  * mkosi: Update to v21
  * Build distribution packages in mkosi
  * Merge pull request #31345 from DaanDeMeyer/mkosi-packages
  * mkosi: Add BuildSourcesEphemeral=yes
  * systemd-boot: Add support for reading extra kernel cmdline from SMBIOS
  * man: Mention that SMBIOS type 11 strings are ignored inside CVM
  * mkosi: Use same pkg/ subdirectory for debian and ubuntu
  * mkosi: Remove some leftover shell debugging
  * mkosi: Introduce packaging sources as submodules
  * mkosi: Drop leftover mkosi.kernel.config
  * units: Bump various oneshot unit timeouts to 90s
  * Merge pull request #31673 from DaanDeMeyer/mkosi
  * boot: Only use io.systemd.boot.kernel-cmdline-extra for type 1 images
  * mkosi: Allow booting without secure boot
  * mkosi: Enable KVM
  * Merge pull request #31758 from DaanDeMeyer/kvm
  * docs: Update HACKING guide with recommended git config
  * meson: Rename add-git-hook.sh to git-setup.sh and configure git in it
  * mkosi: Do disk space cleanup asynchronously
  * units: Accept modules_load and rd.modules_load in systemd-modules-load.service
  * tpm2-setup: Add --graceful
  * Switch opensuse packaging specs source url to src.opensuse.org
  * Update arch/debian packaging source URLs
  * Merge pull request #31831 from DaanDeMeyer/opensuse
  * mkosi: Install python3-pefile in OpenSUSE image
  * mkosi: Install systemd-experimental in OpenSUSE initrd
  * Merge pull request #31838 from DaanDeMeyer/opensuse
  * Document new vsock literals
  * mkosi: Update debian to latest
  * log: Make warning messages more consistent
  * logind: Add fallback for when the PIDFDs= property is not available
  * dbus-exporter: Set explicit mode on output directory
  * docs: Add one more git submodule setting to configure
  * dissect-image: Improve error messages
  * nspawn: Use dissect_image_mount_and_warn()
  * log: Add per target log levels
  * Merge pull request #31839 from DaanDeMeyer/log
  * test: Install test journals
  * mkosi: Make sure man and man-db are installed everywhere
  * mkosi: Enable log context
  * mkosi: Disable debug package generation on Arch Linux
  * mkosi: Switch to Arch Linux packaging sources main branch
  * tree-wide: Add allow_pidfd argument to bus_append_scope_pidref()
  * mkosi: Use new environment variables for Arch
  * Use .git suffix for all submodule urls
  * Merge pull request #31870 from CodethinkLabs/base-image-tweaks
  * mkosi: Update to latest
  * mkosi: Re-enable OpenSUSE build
  * mkosi: Merge base and system images
  * Update pkg/fedora to latest
  * mkosi: Specify --without docs if needed for fedora/centos
  * Merge pull request #31954 from DaanDeMeyer/mkosi
  * mkosi: Update to latest
  * mkosi: Copy built packages to output directory
  * login: Fix fallback error handling
  * Merge pull request #32013 from yuwata/align-table
  * mkosi: Switch to linux-virtual on Ubuntu
  * repart: Add DefaultSubvolume= setting
  * mkosi: Update centos to latest
  * Fix assertion in socknameinfo_pretty()
  * mkosi: Use '-' instead of '.' to separate upstream version and debian revision
  * debug-generator: Use arg_dest instead of argument
  * debug-generator: Drop unnecessary include
  * test: Always exit with 77 if we skip a test
  * mkosi: Install git-core where possible
  * mkosi: Install selinux tools in main image instead of initramfs
  * mkosi: More package updates
  * network-generator: Add logging
  * debug-generator: Add unit and drop-in credentials
  * Merge pull request #32033 from DaanDeMeyer/unit-creds
  * core: Serialize both pid and pidfd to keep downgrades working
  * mkosi: Install dnf5 in Fedora image
  * Install build dependencies into final image
  * mkosi: Fix environment variable in arch prepare script
  * mkosi: Update submodules to latest
  * Merge pull request #32141 from DaanDeMeyer/mkosi
  * docs: Add note on RuntimeBuildSources= to hacking guide
  * mkosi: Fix debian submodule commit
  * docs: Suggest soft-reboot to restart pid1 and all daemons in mkosi VM
  * test: Various build environment fixes
  * mkosi: Update pkg/arch to latest and install systemd-tests
  * mkosi: Update to latest
  * mkosi: Make scripts more generic
  * mkosi: Install openSUSE-release instead of distribution-release
  * mkosi: Unify initrd post-install scripts
  * mkosi: Drop out-of-date comment
  * mkosi; Fix permissions of mkosi.postinst script
  * core: Serialize both pid and pidfd
  * Update submodules
  * git: Add post-rewrite hook that invokes git submodule update
  * tests: Improve assertion error messages
  * Introduce ASSERT_OK_ERRNO()
  * docs: Add Tests section to coding style doc
  * Merge pull request #32210 from YHNdnzj/execcommand-done
  * journal-remote: Use sd_event_set_signal_exit()
  * journal-remote: Use "event" instead of "events"
  * Merge pull request #32216 from DaanDeMeyer/fix
  * Merge pull request #32240 from yuwata/network-ndisc-fix-on-link-prefix
  * mkosi: Update to latest
  * mkosi: Use new volatile package settings
  * mkosi: Don't log debug logs to console
  * mkosi: Remove outdated comment
  * mkosi: Update to latest
  * Update debugging with vscode section
  * mkosi: Install which in image
  * mkosi: Add --noclean when running rpmbuild
  * mkosi: Add support for building debug packages
  * Merge pull request #32302 from DaanDeMeyer/mkosi
  * mkosi: Set up -ffile-prefix-map= correctly when building debuginfo packages
  * mkosi: Override build_cflags instead of _distro_extra_cflags
  * mkosi: Disable DWARF debug info optimization
  * mkosi: Switch to O0 and disable FORTIFY_SOURCE
  * mkosi: Drop workarounds
  * Merge pull request #32317 from DaanDeMeyer/mkosi
  * docs: Add note on packages produced by mkosi builds
  * mkosi: Update to latest
  * mkosi: Drop systemd-repart from package lists
  * mkosi: Install more packages
  * mkosi: Undefine FORTIFY_SOURCE before setting it again
  * mkosi: Setup --ffile-prefix-map= for opensuse as well
  * mkosi: Install debug packages when WITH_DEBUG=1 is enabled
  * Merge pull request #32333 from DaanDeMeyer/mkosi
  * mkosi: Disable bash debugging in Arch build script
  * mkosi: undefine FORTIFY_SOURCE instead of setting it zero
  * Merge pull request #32335 from DaanDeMeyer/fix
  * mkosi: Fix FORTIFY_SOURCE (again)
  * mkosi: Build command line into the image
  * vmspawn: Fix shared memory check
  * mkosi: Update to latest
  * mkosi: Make sure serial console line wrapping is re-enabled
  * mkosi: Disable rpm package notes
  * mkosi: Make sure ping is installed
  * mkosi: Make sure systemd-libs is updated on Arch
  * mkosi: Install procps-ng in all images
  * mkosi: Backport Fedora basic users/groups sysusers files to CentOS
  * mkosi: Install various system users/groups in opensuse images
  * Merge pull request #32386 from DaanDeMeyer/mkosi
  * test-bpf-firewall: Skip if ping is not available
  * test-bpf-restrict-fs: Add @application to allowed filesystems as well
  * test: Make sure test_fdset_close_others does not affect logging fds
  * test: Add ASSERT_ERROR() and ASSERT_ERROR_ERRNO()
  * test-execute: Use new assertion macros
  * test: Use log_setup()
  * test: Don't allocate scope if already running in unit with delegated cgroup
  * mkosi: Add environment variable to set the optimization level
  * mkosi: Use awk to avoid dpkg-buildpackage warning
  * mkosi: Explicitly disable fortify for debian/ubuntu
  * Merge pull request #32387 from DaanDeMeyer/unit-test-fixes
  * core: Check for TERM=dumb in show_status()
  * fd-util: Return 1 from fd_nonblock() if we actually change the mode
  * terminal-util: Enable line wrapping in reset_terminal_fd()
  * mkosi: Drop workaround to re-enable serial console line wrapping
  * core: Set a sensible systemd-executor log level in test runs
  * mount-util: Silence noisy trace log message
  * Merge pull request #32392 from DaanDeMeyer/executor-log-level
  * test: Rework TEST-02-UNITTESTS
  * mkosi: Update to latest
  * mkosi: Use -fdebug-prefix-map= instead of -ffile-prefix-map=
  * mkosi: Deal with ubuntu's special debug packages
  * test: Various mkosi integration test improvements
  * mkosi: Run integration tests in CI
  * Merge pull request #32352 from DaanDeMeyer/test
  * mkosi: Fix Arch Linux package glob
  * mkosi: Configure lower retention limit for package artifacts
  * Merge pull request #32433 from DaanDeMeyer/fix
  * core: Limit terminal reset using ANSI sequences to /dev/console
  * mkosi: Add nvme-cli
  * mkosi: Add attr
  * Merge pull request #32449 from DaanDeMeyer/mkosi
  * TEST-50-DISSECT: Skip mountfsd test if the user namespace interface is not supported
  * TEST-50-DISSECT: Use --apparent-size when calling du
  * TEST-50-DISSECT: Skip mutable sysext tests on virtiofs
  * Merge pull request #32461 from DaanDeMeyer/test-fixes
  * Merge pull request #32465 from CodethinkLabs/mkosi-debug
  * Merge pull request #32476 from CodethinkLabs/meson-logs-ci
  * mkosi: Add squashfs-tools
  * meson: Properly check dependencies of mkosi target
  * test: Skip meson integration tests if SYSTEMD_INTEGRATION_TESTS != 1
  * portable: Don't fail if /etc/resolv.conf doesn't exist
  * mkosi: Make sure systemd-resolved is started on boot
  * tree-wide: Use log_setup() everywhere
  * Merge pull request #32477 from DaanDeMeyer/fixes
  * TEST-50-DISSECT: Make sure logging sockets are mounted into images
  * mkosi: Only archive outputs in systemd and systemd-stable repositories
  * mkosi: Only keep failed test journals and other logs for 7 days
  * mkosi: Build minimal images and enable related integration tests
  * Merge pull request #32484 from DaanDeMeyer/mkosi-ci
  * sd-daemon: Set SO_LINGER on AF_VSOCK notify socket fds
  * Merge pull request #32445 from DaanDeMeyer/mkosi-images
  * Merge pull request #32490 from YHNdnzj/namespace-cleanup
  * mkosi: Update to latest
  * mkosi: Set CleanPackageMetadata=yes for minimal-base
  * TEST-50-DISSECT: Don't log image contents to console
  * sd-daemon: Replace SO_LINGER with shutdown() + recv()
  * Merge pull request #32439 from CodethinkLabs/simple-mkosi-integration-tests
  * mkosi: Ignore version from versioned dependencies in .SRCINFO
  * pam: Setup logging to syslog
  * core: Pass NULL error in dump_impl()
  * core: Add systemd.crash_action= kernel command line argument
  * machine: Add PIDFDs= fallback
  * TEST-81-GENERATORS: Use SYSTEMD_PROC_CMDLINE more
  * mkosi: Introduce particle profile
  * Merge pull request #32567 from DaanDeMeyer/profile
  * mkosi: Simplify rpm build scripts
  * mkosi: Make sure we create an image without /var/log/journal
  * Merge pull request #32575 from DaanDeMeyer/fix
  * journal: Add journal.storage credential
  * test: Don't persist journal in mkosi image if we're not debugging tests
  * mkosi: Remove more files from Arch minimal image
  * mkosi: Install minimal-base to /usr/share/testsuite-13-container-template
  * mkosi: Use symlinks instead of bind mounts for Arch
  * mkosi: Simply remove all the debian patches instead of mounting over them
  * mkosi: Make sure our extra kernel command line overrides the config one
  * mkosi: Install locales on debian/ubuntu
  * mkosi: Disable --runtime-scratch=no for tests
  * mkosi: Mask systemd-networkd-wait-online when --runtime-network=none
  * mkosi: Use systemd.crash_action=poweroff in integration tests
  * mkosi: Override /sbin/init in minimal-base
  * mkosi: Install tpm2-tools in system image
  * mkosi: Install more locales on CentOS/Fedora
  * mkosi: Fix %__check_files eval in opensuse build script
  * TEST-83-BTRFS: Skip if root filesystem is not btrfs
  * TEST-04-JOURNAL: Make LogFilterPatterns= tests more robust
  * TEST-13-NSPAWN: Skip on virtiofs
  * TEST-09-REBOOT: Make journalctl grep pattern more specific
  * TEST-18-FAILUREACTION: Exit with 123 on success
  * TEST-35-LOGIN: Exclude manager entry in testcase_sanity_check()
  * TEST-82-SOFTREBOOT: Exit with exit status 123
  * TEST-46-HOMED: Check for sshd pam snippet in /usr/lib/pam.d as well
  * TEST-71-HOSTNAME: Ignore error from reset-failed
  * Revert "TEST-25-IMPORT: Skip if importctl not installed"
  * test: Drop /usr overlay workaround
  * test: Make journal storage configurable per test and make persistent for TEST-09-JOURNAL
  * test: Bump mkosi integration test timeout to 1800 seconds
  * test: Add disabled mkosi tests to meson.build
  * core: Fix file descriptor leak
  * Merge pull request #32540 from DaanDeMeyer/mkosi
  * systemctl: Implement --wait for kill command
  * test: Follow symlinks when copying with rsync
  * test-network: Make source directory optional
  * network/tc: Avoid concurrent set modification in tclass_drop()/qdisc_drop()
  * reboot-util: Add some basic validation on reboot arguments
  * journal: Serialize __MONOTONIC_TIMESTAMP metadata field as well
  * core: Record ExecMainStartTimestamp before forking
  * meson: Remove --debug from mkosi arguments
  * meson: Set up git submodule update on post checkout as well
  * meson: Test installation fixes
  * meson: Add missing spdx line
  * test: Formatting fixes
  * mkosi: Update to latest
  * mkosi: Insist on KVM, VSOCK and TPM by default
  * mkosi: Install dfuzzer on CentOS/Fedora images
  * mkosi: Drop glibc-langpack-en from Fedora specific packages
  * mkosi: Move sbsigntools to CentOS/Fedora shared configuration
  * mkosi: Enable udev debug logging in CI
  * mkosi: Disable ext4's orphan_file feature for centos images
  * mkosi: Use /etc/nsswitch.conf from repo in mkosi image
  * mkosi: Install knot
  * mkosi: Install dig
  * mkosi: Install veritysetup
  * mkosi: Install stress
  * mkosi: Make sure tmp.mount is not messed with on Debian/Ubuntu
  * mkosi: Remove /etc/default/keyboard if it exists
  * mkosi: Install dbus policy required by TEST-23-UNIT-FILE
  * mkosi: Add dependency to system image on minimal-base
  * test: Only set environment variable if integration tests are enabled.
  * test: Pass through test matching environment variables to the mkosi VM
  * test: Use MESON_TEST_ITERATION if available
  * test: Always shutdown on test success in mkosi
  * test: Remove flaky test comments
  * test: Add missing TEST-69-SHUTDOWN to list
  * test: Fix udev storage test name
  * TEST-21-DFUZZER: Bump timeout to 1h
  * TEST-21-DFUZZER: Give higher priority
  * TEST-75-RESOLVED: Move knot configuration to /usr/lib/systemd/tests/testdata
  * TEST-75-RESOLVED: Restart systemd-networkd
  * TEST-75-RESOLVED: Add missing sleep after knotc reload
  * TEST-75-RESOLVED: Ignore resource record ifindex field
  * TEST-74-AUX-UTILS: Make sure at least two locales exist
  * TEST-74-AUX-UTILS: Skip run0 test if pam snippet is not installed
  * TEST-74-AUX-UTILS: Drop usage of loop module
  * TEST-74-AUX-UTILS: Use persistent journal
  * TEST-70-TPM2: Add dependency on tpm2.target
  * TEST-70-TPM2: Call udevadm wait after attaching disk image
  * TEST-07-PID1: Lower TriggerLimitIntervalSec= unconditionally
  * TEST-07-PID1: Schedule exit on successful execution
  * TEST-04-JOURNAL: Make more robust
  * TEST-04-JOURNAL: Run with persistent journal
  * TEST-04-JOURNAL: Skip bsod test if systemd-bsod is not installed
  * TEST-55-OOMD: Skip on opensuse
  * TEST-55-OOMD: Configure init.scope credential in mkosi image
  * TEST-53-ISSUE-16347: Add rtc configuration for qemu
  * TEST-46-HOMED: Only run resize tests on btrfs
  * TEST-46-HOMED: Skip barely fits test on ext4
  * test: Default to linux qemu firmware
  * ci: Reduce the number of integration tests we run concurrently
  * mkosi: Enable more integration tests
  * Merge pull request #32606 from DaanDeMeyer/mkosi
  * mkosi: Skip build if NO_BUILD is set
  * mkosi: Only look for services in /usr and /etc
  * mkosi: Add missing SPDX line
  * mkosi: Configure coredump to store coredumps in the journal.
  * Merge pull request #32664 from DaanDeMeyer/no-build
  * mkosi: Install radvd
  * mkosi: Install python3-psutil
  * meson: Fix formatting
  * mkosi: Install dhcp-server on OpenSUSE
  * ci: Disable RuntimeBuildSources=
  * mkosi: Switch to fedora 40
  * mkosi: Update centos submodule to latest
  * test: Don't keep journals for skipped tests
  * ci: Optimize pull request labeler
  * ci: Print a helpful link to download and view a failed test's journal
  * test: Add infra to mark integration tests as slow
  * test: Mark TEST-21-DFUZZER as slow and skip it by default
  * Merge pull request #32681 from DaanDeMeyer/skipped-no-journal
  * TEST-07-PID1: Fix race in aux-scope subtest
  * TEST-74-AUX-UTILS: Make more robust
  * tmpfiles: Don't fail if file does not exist in item_do()
  * TEST-81-GENERATORS: Do a lazy unmounts
  * TEST-04-JOURNAL: Sleep more in delegated cgroup filtering script
  * Merge pull request #32710 from YHNdnzj/debug-generator-cleanup
  * mkosi: Add raid=noautodetect to kernel command line
  * mkosi: Make sure the kernel fails loudly on oops/panic/softlockup
  * TEST-46-HOMED: Ignore "Disk Usage" field as well
  * mkosi: Drop usage of updates-testing for Fedora 40
  * Merge pull request #32733 from YHNdnzj/core-some-cleanup
  * network: Add missing IPv6AcceptRA to list of config sections
  * mkosi: Update centos submodule to latest
  * Merge pull request #32748 from yuwata/test-network-improvements
  * debug-generator: Allow specifying name of unit-dropin credential
  * TEST-38-FREEZER: Relax regex a little
  * core: Imply DefaultDependencies=no for credential mounts
  * mkosi: Update to latest
  * TEST-01-BASIC: Drop logic to run test without install-tests=true
  * test: Rework integration test definitions
  * test: Rename testsuite-XX units to match test name
  * test: Simplify argument/variable names
  * test: Disable tests via 'enabled' field
  * test: Rename mkosi_args to mkosi-args
  * TEST-06-SELINUX: Simplify auto-relabeling
  * TEST-46-HOMED: Simplify service unit
  * test: Generate basic testsuite services with meson
  * test: Add cmdline field to configure extra kernel command line args
  * test: Ignore configure scripts in minimal images
  * TEST-64-UDEV-STORAGE: Use ID based paths
  * TEST-64-UDEV-STORAGE: Use virtio-scsi-pci instead of ahci
  * TEST-64-UDEV-STORAGE: Add missing udevadm settle
  * TEST-64-UDEV-STORAGE: Check for tgt and tgtd services
  * TEST-64-UDEV-STORAGE: Skip btrfs_basic if btrfs module is not available
  * TEST-64-UDEV-STORAGE: Bump timeout for testcase_simultaneous_events_1
  * TEST-64-UDEV-STORAGE: Skip LVM subtests on Ubuntu
  * mkosi: Mask mdmonitor and isc-dhcp-server services
  * test: Run TEST-64-UDEV-STORAGE with mkosi
  * Merge pull request #32766 from DaanDeMeyer/test
  * test: Only add tpm2.target dependency to TEST-70-TPM2.service
  * TEST-64-UDEV-STORAGE: Fix drive ID
  * mkosi: Update fedora to latest
  * Merge pull request #32812 from DaanDeMeyer/test
  * test: Enable TEST-82-SOFTREBOOT on mkosi
  * mkosi: Disable journald rate-limiting
  * test: Allow using TEST_MATCH_TESTCASE with systemd-networkd-tests.py
  * test: Add TEST-85-NETWORK to run systemd-networkd-tests.py
  * test: Enable TEST-54-CREDS on mkosi
  * TEST-21-DFUZZER: Fix script name
  * Merge pull request #32666 from DaanDeMeyer/mkosi-network
  * TEST-21-DFUZZER: Fix priority
  * TEST-85-NETWORK: Give higher priority
  * TEST-64-UDEV-STORAGE: Give higher priority
  * test: Rename "shutdown initrd" to "exitrd"
  * test: Enable TEST-08-INITRD on mkosi
  * Merge pull request #32835 from DaanDeMeyer/test
  * TEST-08-INITRD: Fix result check
  * core: Fix assertion in parse_smbios_strings()
  * core: Skip private /tmp for generators in manager test runs
  * repart: Improve error message
  * TEST-24-CRYPTSETUP: Store tokens in /usr
  * journal-importer: Consider ECONNRESET as EOF
  * mkosi: Update centos to latest
  * test: Enable TEST-24-CRYPTSETUP for mkosi
  * Merge pull request #32842 from DaanDeMeyer/cryptsetup
  * test: Enable TEST-69-SHUTDOWN for mkosi
  * Merge pull request #32885 from yuwata/test-do-not-fill-journal
  * Merge pull request #32875 from yuwata/network-route-wireguard
  * mountpoint-util: Deal with kernel API breakage in "norecovery" mount option
  * Merge pull request #33013 from yuwata/journal-flush
  * meson: Look up mkosi once
  * meson: Add genkey target
  * Rewrite testsuite README in markdown
  * test: Extend meson + mkosi integration test docs
  * Merge pull request #33038 from DaanDeMeyer/mkosi
  * meson: Run genkey command with --force
  * Merge pull request #32562 from Werkov/test-cgroup-opensuse
  * mkosi: Set EXTRA_CFLAGS on opensuse
  * mkosi: update to latest
  * mkosi: Switch from btrfs to ext4
  * mkosi: Disable iscsi service and socket
  * test: Run tests that don't need a vm in systemd-nspawn
  * mkosi: Run integration tests as root
  * Merge pull request #33065 from DaanDeMeyer/nspawn
  * TEST-64-UDEV-STORAGE: Replace megasas2 controller with virtio scsi controller
  * test: Use virtio-scsi for keydev drive
  * mkosi: Switch back to cloud/KVM kernel packages
  * Merge pull request #33062 from DaanDeMeyer/virtio-scsi
  * cgroup-util: Add debug logging for cg_kill_recursive()
  * basic: Add debug logging for pidref_set_pid()
  * mkosi: Install bpftrace
  * mkosi: Stop installing dbus-broker on OpenSUSE
  * TEST-05-RLIMITS: Bump memory limits
  * TEST-02-UNITTESTS: Fix exit code checks
  * cgroup-util: Don't try to open pidfd for pids from cgroup.threads
  * TEST-36-NUMAPOLICY: Skip when running with sanitizers
  * TEST-79-MEMPRESS: Load systemd-asan-env if available
  * TEST-02-UNITTESTS: Pass asan environment to units if it is available
  * test-execute: Skip test_exec_mount_apivfs() when running with sanitizers
  * test-execute: Skip system call filter tests when sanitizers are used
  * test-execute: Load systemd-asan-env environment file if available
  * test-network: Add dirs_exist_ok=True to cp_r()
  * mkosi: Sanitizer improvements
  * ci: Build with sanitizers in mkosi
  * Merge pull request #33084 from DaanDeMeyer/cgroup-log
  * Merge pull request #33090 from poettering/tpm12-efi-check
  * mkosi: Preserve environment when running integration tests with sudo
  * Merge pull request #32866 from DaanDeMeyer/sanitizers
  * Revert "ci: Build with sanitizers in mkosi"
  * Revert "mkosi: Sanitizer improvements"
  * mkosi: Replace submodules with our own thing
  * mkosi: Don't install wireguard-tools on Debian
  * mkosi: Skip debuginfo workaround on newer rpm
  * mkosi: Disable add-determinism on Fedora
  * mkosi: Override rpm's _fixperms script to be a noop
  * Merge pull request #33106 from DaanDeMeyer/submodule
  * Add pkg/ to .gitignore folder
  * gitignore: Ignore /pkg/ instead of pkg/ (#33119)
  * mkosi: Drop two unnecessary settings in CI config
  * mkosi: Unify device timeout for CI and local runs
  * cryptsetup-generator: Fix memory leak
  * mkosi: Drop kernel command line to enable log context
  * Merge pull request #33121 from yuwata/test-integration-tests-mkosi
  * Merge pull request #33126 from keszybz/revert-ci-workaround
  * mkosi: Add note about kernel command line limit
  * mkosi: Sanitizer improvements
  * TEST-69-SHUTDOWN: Order after systemd-user-sessions.service
  * TEST-21-DFUZZER: Stop marking as slow
  * ci: Build Fedora rawhide with sanitizers in mkosi
  * Merge pull request #33105 from DaanDeMeyer/sanitizers
  * mkosi: Filter out sdubby and grubby from fedora rpm dependencies
  * Always pass --reconfigure when running meson setup
  * Revert "Always pass --reconfigure when running meson setup"
  * Merge pull request #33154 from yuwata/test-async
  * pcrlock: Fix ReadEventLog() interface definition
  * hostnamed: Add missing VSockCID varlink introspection data
  * resolved: Add missing nullable annotation for ifindex in ResolvedRecord
  * TEST-16-EXTEND-TIMEOUT: Convert to oneshot service
  * test: Run end.sh when running integration tests with mkosi
  * Merge pull request #33157 from DaanDeMeyer/end
  * repart: Fix unused variable warning
  * importctl: Fix 0 flags argument in sd_bus_message_append()
  * mkosi: Make system dependencies conditional on format
  * mkosi: Add missing [Content] section
  * mkosi: drop Debian /tmp hack
  * meson: Pass -Wno-deprecated-declarations when detecting libcryptsetup functions
  * mkosi: Use env where appropriate
  * mkosi: Disable iscsiuio.socket as well
  * mkosi: Update debian packaging to latest
  * mkosi: Make sure initrd coredumps are also stored in the journal
  * mkosi: Add support for building with LLVM
  * mkosi: Fix comment
  * mkosi: Allow setting custom CFLAGS and LDFLAGS
  * mkosi: Allow clearing meson cache with WIPE=1
  * mkosi: Build with --werror in CI
  * mkosi: Build Fedora Rawhide sanitizers job with LLVM
  * mkosi: Allow using $MESON_VERBOSE to enable verbose meson output
  * Merge pull request #33146 from DaanDeMeyer/clang
  * mkosi: Update opensuse commit to latest
  * mkosi: Use meson_extra_configure_options for opensuse
  * mkosi: Use __meson_verbose in opensuse build script
  * mkosi: Drop $OPTIMIZATION variable
  * mkosi: Build Arch Linux image with -D_FORTIFY_SOURCE=3
  * mkosi: Build with -O0 by default
  * mkosi: Stop sourcing /etc/makepkg.conf
  * core: Fix CPUQuotaPerSecUSec unit file serialization
  * mkosi: Disable scratch device by default
  * Revert "mkosi: Don't install wireguard-tools on Debian"
  * mkosi: Update to latest
  * mkosi: Include fewer modules in the initramfs
  * Merge pull request #33218 from DaanDeMeyer/initrd-modules
  * mkosi: Stop skipping pkcs11 test on opensuse
  * dev-setup: Follow /dev/console symlinks when locking /dev/console
  * presets: Don't enable systemd-homed-firstboot.service by default
  * mkosi: Update to latest
  * ci: Switch to Ubuntu 24.04
  * mkosi: Replace sysusers.d with useradd for test user
  * mkosi: Stop using tools tree
  * chase: Tighten "." and "./" check
  * rules: Limit the number of device units generated for serial ttys
  * tpm2-setup: Don't fail if we can't access the TPM due to authorization failure
  * repart: Use crypt_reencrypt_run() if available
  * repart: Use CRYPT_ACTIVATE_PRIVATE
  * mkosi: update debian commit reference
  * mkosi: update fedora commit reference
  * docs: Add section to HACKING.md on distribution packages
  * mkosi: Drop s390x console patch from opensuse spec
  * mkosi: Drop leftover systemd-coredump-debuginfo package for opensuse
  * mkosi: Enable hyperscale-packages-experimental for CentOS
  * mkosi: Install btrfs-progs on CentOS as well
  * mkosi: Switch back to btrfs
  * Merge pull request #33506 from DaanDeMeyer/mkosi-btrfs
  * meson: Drop genkey target
  * TEST-64-UDEV-STORAGE: Use bus pci slot 1 instead of 0
  * TEST-64-UDEV-STORAGE: Fix python 3.9 compatibility
  * test: pull in multi-user.target explicitly
  * mkosi: Install pciutils
  * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic
  * TEST-45-TIMEDATE: Use syslog identifier journalctl match
  * TEST-70-TPM2: Use UEFI firmware if available
  * TEST-06-SELINUX: Explicitly pull in autorelabel.service
  * TEST-09-REBOOT: Set auto firmware
  * TEST-18-FAILUREACTION: Set auto firmware
  * TEST-54-CREDS: Use UEFI firmware if available
  * repart: Log more about filesystem sector size
  * repart: Don't set filesystem sector size to 512
  * mkfs-util: Set sector size for btrfs as well
  * Use read_full_file_full() in read_smbios11_field()
  * mkfs-util: Simplify logic
  * mkosi: Install perf
  * meson: Define __TARGET_ARCH macros required by bpf
  * mkosi: Don't touch the packaging checkout if work is being done
  * mkosi: update fedora commit reference
  * mkosi: Make sure we don't hide errors from git merge-base
  * mkosi: Copy packages to the build directory as well
  * repart: Allow overriding fstype per partition designator
  * load-fragment: Remove faulty assertion
  * mkosi: Clean up old packages from the build directory
  * mkosi: update arch commit reference
  * mkosi: Fix sync script git command
  * mkosi: Install zypper in opensuse images
  * docs: Update HACKING
  * meson: Deal with potential stable versions
  * mkosi: Build a disk image by default again
  * meson: Fix various versions
  * test: Add missing --no-rebuild to doc
  * mkosi: Update to latest
  * mkosi: Make .autorelabel file empty
  * TEST-06-SELINUX: Disable RuntimeBuildSources=
  * Merge pull request #33644 from DaanDeMeyer/selinux
  * test: Set priority for TEST-73-LOCALE
  * mkosi: Use the "default" root filesystem for each distribution
  * Merge pull request #33640 from DaanDeMeyer/ext4-split
  * mkosi: Adapt configuration to take into account configuration rework
  * mkosi: Fix git commit
  * mkosi: Install erofs-utils
  * mkosi: Check for configured build directory if WIPE=1
  * mkosi: Build a sysext if SYSEXT=1 is specified
  * Merge pull request #33683 from DaanDeMeyer/sysext
  * mkosi: Update to latest
  * docs: Simplify update commands in HACKING.md
  * TEST-55-OOMD: Switch to stress-ng
  * test: Switch to ncat instead of nc
  * mkosi: Don't fail if /var/log/journal does not exist
  * TEST-06-SELINUX: Various fixes
  * tools/update-distro-hash: Fix path
  * mkosi: update opensuse commit reference
  * Merge pull request #33636 from DaanDeMeyer/ext4
  * mkosi: Switch back to code.opensuse.org for opensuse
  * Merge pull request #33697 from poettering/vmspawn-stream-fix
  * Merge pull request #33686 from poettering/boot-tweaklets
  * mkosi: Update to latest
  * mkosi: update fedora commit reference
  * mkosi: Introduce build image
  * mkosi: Make epel repositories optional for CentOS Stream 9
  * mkosi: Use squashfs for sysext if mkfs.erofs is not available
  * mkosi: Add CI for CentOS Stream 10
  * test: do not attempt to set xattr on tmpfs
  * mkosi: Extend arch build script comment about symlinks
  * mkosi: Use clang --print-runtime-dir
  * TEST-64-UDEV-STORAGE: Use max_ioqpairs instead of num_queues
  * mkosi: Install binutils
  * TEST-55-OOMD: Remove the opensuse user@ dropin
  * systemd-networkd-tests: Skip tests requiring dhcpd if it is not available
  * mkosi: Disable unique debug source names
  * TEST-13-NSPAWN: make sure we don't load libnss_systemd
  * Merge pull request #33695 from DaanDeMeyer/epel
  * mkosi: Drop CacheOnly=always from two subimages
  * mkosi: Build initrd as a subimage
  * mkosi: List library packages explicitly in VolatilePackages=
  * Merge pull request #33714 from poettering/make-varlink-public
  * mkosi: Stop setting apparmor=0
  * mkosi: Remove enforcing=0 from default kernel command line
  * Merge pull request #33752 from DaanDeMeyer/lsm
  * mkosi: Skip sync script if NO_BUILD is enabled
  * mkosi: Streamline running the integration tests without building systemd
  * mkosi: Build CentOS Stream 10 images by default
  * Merge pull request #33761 from DaanDeMeyer/mkosi
  * mkosi: Fix formatting
  * mkosi: Drop udev from Packages= list
  * mkosi: Drop util-linux from centos/fedora packages
  * mkosi: Fix typo
  * mkosi: Fix indentation
  * Merge pull request #33763 from DaanDeMeyer/mkosi
  * mkosi: Bump default device timeout a little
  * docs: Document how to do stable releases
  * mkosi: Switch back to PKG_SUBDIR instead of symlinks
  * mkosi: Use the Fedora Rawhide spec for CentOS
  * mkosi: update fedora commit reference
  * mkosi: update arch commit reference
  * Merge pull request #33802 from DaanDeMeyer/packages
  * Make vcs-tag do something useful for non-developer mode as well
  * Merge pull request #33814 from AnoukCeyssens/daemon
  * mkosi: Bump device timeout even more
  * mkosi: Update to latest
  * test: Add ASSERT_FAIL()
  * test: Add ASSERT_EQ_ID128() and ASSERT_NE_ID128()
  * test-id128: Use new assertion macros
  * test-fs-util: Modernize openat_report_new() test
  * fs-util: Handle dangling symlinks in openat_report_new()
  * fs-util: Clean up properly in xopenat_full() on labelling error
  * fs-util: Add XO_NOCOW flag
  * repart: Make partition files NOCOW if the disk image is NOCOW
  * repart: Create disk image file with copy-on-write disabled on btrfs
  * Make read_attr_path() more generic
  * copy: Copy file attributes as well
  * tree-wide: Don't explicity disable copy-on-write when copying images
  * TEST-54-CREDS: Specify SMBIOS creds via corresponding mkosi option
  * resize-fs: Put minimal ext4 size in the same ballpark as the other filesystems
  * test: Don't mount build sources into image when running non-interactively
  * docs: Simplify hacking instructions a bit
  * Merge pull request #33857 from DaanDeMeyer/mkosi
  * kernel-install: Only read cmdline from /proc/cmdline when not in container
  * kernel-install: Try some more initrd variants in 90-loaderentry.install
  * cgroup-util: Ignore kernel threads in cg_kill_items()
  * execute: Drop log level to unit log level in exec_spawn()
  * log: Fix size calculation for number of iovecs
  * Merge pull request #33882 from bluca/efi_proto_fallback_memory
  * cgroup-util: Don't try to open pidfd for kernel threads
  * Merge pull request #33884 from DaanDeMeyer/log-context
  * Drop EEXIST handling in load_credential_glob()
  * exec-credential: Log if we skip duplicate credential
  * exec-credential: Skip duplicate credentials in load_credential_glob()
  * core: Add support for renaming credentials with ImportCredential=
  * units: Import tty specific credentials for each getty unit
  * Merge pull request #33873 from DaanDeMeyer/rename-creds
  * mkosi: Switch to autologin via credentials
  * mkosi: Beef up testuser a bit
  * Merge pull request #33885 from DaanDeMeyer/pidref-kthread
  * Merge pull request #33886 from DaanDeMeyer/autologin
  * Merge pull request #33916 from yuwata/import-creds-follow-ups
  * meson: Use -fstrict-flex-arrays=3
  * mkosi: Drop locale tmpfiles snippet
  * docs: Update upgrade commands in HACKING.md
  * test: Rename INTERACTIVE_DEBUG to TEST_SHELL
  * test: Implement TEST_SHELL for mkosi based test runner
  * mkosi: Enable Autologin= again on Debian
  * mkosi: Switch back to btrfs
  * test: Add a way to quickly iterate on an integration test
  * mkosi: Prevent busybox from getting pulled into opensuse images
  * Merge pull request #33912 from DaanDeMeyer/mkosi
  * Merge pull request #33942 from yuwata/udevadm-info-attribute-walk-json
  * nspawn: Drop unused includes
  * nspawn: Allow specifying custom init program
  * Merge pull request #33951 from DaanDeMeyer/nspawn
  * mkosi: Disable debuginfod
  * crash-handler: Call vhangup on /dev/console before spawning crash shell
  * crash-handler: Drop 10s sleep before we spawn the crash shell
  * Merge pull request #33959 from DaanDeMeyer/crash
  * docs: Mention the new mount API in the container interface doc
  * nspawn: Assume unified cgroup hierarchy if there's no systemd in the image
  * mkosi: Disable pagination in gdb
  * mkosi: Install llvm
  * test: Fix section of StateDirectory=
  * test: Use usual setup in integration-test-setup script
  * basic: Various cleanups for ratelimit functions
  * core: Use RateLimit struct to store ratelimits
  * core: Introduce unit_is_filtered()
  * core: Clean up includes a little
  * taint: Add taint_strv() to get taints as an array
  * sd-json: Use goto finish instead of return
  * core-varlink: Introduce manager_varlink_managed_oom_connect()
  * mkosi: Fix debian/not-installed build logic
  * Add $SYSTEMD_IN_CHROOT to override chroot detection
  * test-netlink: Gracefully handle the loopback interface being down
  * test: Gracefully handle running within user namespace with single user
  * Merge pull request #34026 from DaanDeMeyer/tests
  * test-dhcp-server: Gracefully handle the network being down
  * tests: Don't override QemuKvm= value if TEST_NO_KVM=0
  * repart: Use loop_device_error_is_fatal() in one more place
  * repart: Constify partition_needs_populate()
  * repart: Don't add same dir to MakeDirectories= or Subvolumes= twice
  * repart: Allow Subvolumes= and DefaultSubvolume= when running offline
  * Revert "cgroup-util: Don't try to open pidfd for kernel threads"
  * Merge pull request #33498 from DaanDeMeyer/btrfs
  * mkosi: Improve formatting
  * mkosi: Update to latest
  * Merge pull request #34033 from DaanDeMeyer/mkosi-cage
  * mkosi: Update to latest
  * Revert "nspawn: fix settings leak for init parameter"
  * Revert "nspawn: Allow specifying custom init program"
  * mkosi: Stop using git commit timestamps for package releases
  * crash-handler: Add back notice log message
  * repart: Use streq_ptr() in one more place
  * tests: Remove some unnecessary quotes
  * tests: Add ASSERT_OK_EQ()
  * test-dhcp-server: Migrate to new assertion macros
  * Merge pull request #34143 from DaanDeMeyer/tests
  * mkosi: Update to latest
  * mkosi: Don't apply distribution specific patches
  * mkosi: Always specify _sourcedir as an absolute path
  * mkosi: Include noarch in dnf repoquery architectures
  * mkosi: update arch commit reference
  * mkosi: update opensuse commit reference
  * mkosi: update fedora commit reference
  * mkosi: update debian commit reference
  * test: Set show_status=error
  * mkosi: Switch back to src.opensuse.org for opensuse spec
  * ukify: Skip test on architectures without UEFI
  * mkosi: update fedora commit reference
  * core: Fix log message typo
  * mkosi: Don't fetch remote if the commit to check out already exists
  * image-policy: Fix strv size calculation
  * image-policy: Fix size assertion
  * repart: Fix memory leak
  * repart: Remove unused Context argument from make_subvolumes_set()
  * repart: Switch to new mkfs.btrfs subvolume API
  * repart: Keep existing directory timestamps intact when copying
  * networkd: Replace existing objects instead of doing nothing if they exist
  * Merge pull request #34149 from DaanDeMeyer/btrfs
  * mkosi: Don't create sanitizer wrappers for every mkfs binary
  * TEST-58-REPART: Always run TEST-58-REPART in virtual machine
  * TEST-58-REPART: Only skip part of testcase_minimize() that requires root
  * repart: Add compression support
  * Merge pull request #34190 from DaanDeMeyer/repart-compress
  * json-util: Add JSON_BUILD_STRING_ORDERED_SET()
  * json-util: Add JSON_BUILD_RATELIMIT()
  * json-util: Add JSON_BUILD_PAIR_DUAL_TIMESTAMP()
  * json-util: Add JSON_BUILD_PAIR_DUAL_TIMESTAMP_NON_NULL()
  * json-util: Add JSON_BUILD_PAIR_CALLBACK_NON_NULL()
  * json-util: Add JSON_BUILD_PAIR_INTEGER_NON_ZERO()
  * json-util: Add JSON_BUILD_PAIR_INTEGER_NON_NEGATIVE()
  * json-util: Add JSON_BUILD_PAIR_BYTE_ARRAY_NON_EMPTY()
  * json-util: Add JSON_BUILD_PAIR_BASE64_NON_EMPTY() and friends
  * json-util: Add JSON_BUILD_TRISTATE() and friends
  * json-util: Add JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL()
  * Merge pull request #34236 from DaanDeMeyer/manager-split
  * mkosi: Make systemd package filtering more robust
  * mkosi: Use apt patterns to install dependencies on Debian/Ubuntu
  * Merge pull request #34240 from DaanDeMeyer/mkosi
  * Merge pull request #32487 from YHNdnzj/bind-journal-sockets
  * Merge pull request #34224 from yuwata/network-make-qdisc-reconfigurable
  * network: Add support for multiq qdisc
  * network: Add support for mq qdisc
  * Merge pull request #34251 from DaanDeMeyer/multiq
  * Revert "tree-wide: Don't explicity disable copy-on-write when copying images"
  * Revert "copy: Copy file attributes as well"
  * chattr-util: Optimize read_attr_at()
  * copy: Copy nocow flag by default
  * copy: Introduce COPY_NOCOW_AFTER and use it when copying images
  * mkfs-util: Fix error handling
  * mkfs-util: Make sure we pass non option arguments last
  * Merge pull request #34266 from DaanDeMeyer/fix
  * mkosi: Install util-linux-script on Rawhide
  * mkosi: Remove rpm workaround
  * Merge pull request #34280 from yuwata/cleanups
  * Merge pull request #34278 from yuwata/timesync-log
  * mkosi: Drop _fixperms workaround
  * repart: Initialize split_name_format in copy_from_one()
  * sysupdate: Add --transfer-source=
  * core: Add support for PrivateUsers=identity
  * repart: Reuse partition_needs_populate() more
  * repart: Fix memory corruption
  * repart: Add missing parameter comment
  * repart: Add MakeSymlinks=
  * Merge pull request #34377 from DaanDeMeyer/symlinks
  * Merge pull request #34373 from poettering/resolved-dnssd-move-out
  * Merge pull request #34386 from keszybz/mkosi-update-helper
  * units: Order ldconfig.service after systemd-confext.service
  * mkosi: Stop applying device groups patch on Arch
  * Merge pull request #34392 from poettering/format-util-split
  * boot: Use TAKE_STRUCT() in one more place
  * boot: Make initrd_prepare() semantically equivalent to combine_initrds()
  * Merge pull request #34409 from DaanDeMeyer/boot-fix
  * mkosi: Disable makepkg PKGBUILD linting using the newly added environment variable
  * repart: Fix log messages in partition_populate_directory()
  * Fix generator logging
  * Merge pull request #34440 from yuwata/network-log-no-matching-network
  * ukify: Remove debug log
  * tmpfiles.d: Remove purge flag from lines that don't support it
  * Merge pull request #34464 from yuwata/test-space-in-path
  * repart: Support specifying multiple directories to ExcludeFiles=
  * repart: Drop unprivileged subvolumes logic for btrfs
  * ci: Don't add testuser to wheel and systemd-journal groups
  * test: Run TEST-74-AUX-UTILS in virtual machine
  * Merge pull request #34474 from DaanDeMeyer/user-group
  * Add ASSERT_OK_ZERO_ERRNO() and ASSERT_OK_EQ_ERRNO()
  * test-process-util: Migrate to new assertion macros
  * test-process-util: Use FORK_REOPEN_LOG everywhere we close all fds
  * test-process-util: Ignore EINVAL from setresuid() and setresgid()
  * Merge pull request #34483 from yuwata/network-conf-parser-neighbor-nexthop
  * Merge pull request #34481 from yuwata/has-tpm2
  * firstboot: Prompt for keymap
  * Add an extra debug log to dissect_image()
  * Preset user units on first boot as well
  * mkosi: Add back support for running clangd within mkosi
  * mkosi: Add missing SPDX line
  * Merge pull request #34517 from DaanDeMeyer/clangd
  * repart: Add a log message when we're about to fsync().
  * repart: Use swap format for swap partition even if encrypted
  * repart: Determine verity sig size based on partition designator
  * units: Order ldconfig after systemd-tmpfiles-setup.service
  * mkosi: update arch commit reference
  * repart: Shortcut copy if source or target starts with exclude path
  * repart: Apply denylist to individual files as well
  * ukify: Drop unused size() method
  * ukify: Use SizeOfImage from linux image as virtual size of .linux section
  * ukify: Remove special casing for .linux section
  * Merge pull request #34583 from DaanDeMeyer/ukify
  * Merge pull request #34582 from DaanDeMeyer/repart
  * Add %posttrans versions of the systemd %postun scriptlets
  * Merge pull request #34546 from ikruglov/ikruglov/refactor-GetMachineAddresses
  * tree-wide: Fix Wformat warnings
  * mkosi: Don't sync if the packaging specs repo is dirty
  * mkosi: Pass ASAN_OPTIONS to subimages
  * mkosi: Stop installing bpftrace
  * Merge pull request #34616 from DaanDeMeyer/mkosi
  * Move show_menu() to terminal-util.h
  * home: Prompt for auxiliary groups in homectl firstboot
  * home: Prompt for shell in homectl firstboot
  * homectl: Acquire bus connection after querying for user input
  * nsresourced: Fix declaration of bpf_rdonly_cast()
  * Revert "ukify: introduce new --measure-base= switch"
  * Revert "ukify: add new --extend= switch for importing an existing UKI's sections to later extend"
  * ukify: Introduce pe_strip_section_name()
  * ukify: Fix Profile config setting
  * ukify: Rework multi-profile UKIs
  * repart: Handle empty arg_copy_source in file_is_denylisted()
  * Merge pull request #34608 from DaanDeMeyer/ukify
  * repart: Don't copy root directory mode from source file
  * chase: Fix shortcut
  * Merge pull request #34639 from DaanDeMeyer/repart-fix
  * mkosi: Switch to Fedora 41
  * Merge pull request #34472 from ikruglov/ikruglov/io-systemd-Machine
  * bus-util: Log more information when connecting to a bus socket fails
  * core: Bump log level of reexecute request to notice
  * core: Log in more scenarios about which process initiated an operation
  * Merge pull request #34679 from DaanDeMeyer/bus-log
  * ukify: Fix off by one error
  * ukify: Introduce resolve_at_path()
  * ukify: Read .profile from path starting with @
  * boot: Rename pe section size to memory_size
  * boot: Introduce file_size and use it when we're working with file_offset
  * efi-loader: Add @ to valid characters
  * mkosi: Remove particle profile
  * mkosi: Update to latest
  * mkosi: Fix sections for settings
  * rpm/systemd-update-helper: Use systemctl reload to reexec/reload user managers
  * Merge pull request #34707 from YHNdnzj/user-manager-reexec
  * mkosi: Fix up ownership of testuser home directory on first boot
  * update-utmp: Make reconnect logic more robust
  * bus-util: Drop fallback to system/user bus if manager bus doesn't work
  * bus-util: Move geteuid() check out of bus_connect_system_systemd()
  * stdio-bridge: Use bus_log_connect_error()
  * stdio-bridge: Use customized log message for forwarding bus
  * Merge pull request #34686 from DaanDeMeyer/bus-fallback
  * systemd-update-helper: Show executed commands if debug logging is enabled
  * mount-util: Make get_submounts() a public function
  * sysext: Run unmerge in a subprocess
  * sysext: Deal with nested mounts properly
  * measure: Take SizeOfImage into account as well for .linux section
  * pcrlock: Take VirtualSize > SizeOfRawData into account
  * cryptenroll: Remove faulty assert()
  * TEST-70-TPM2: Disable public key enrollment explicitly
  * Rework TEST-86-MULTI-PROFILE-UKI
  * Merge pull request #34628 from DaanDeMeyer/measure
  * bus-util: Return ENOMEDIUM if XDG_RUNTIME_DIR is unset
  * bus-util: Special case when DBUS_SESSION_BUS_ADDRESS is set and XDG_RUNTIME_DIR isn't
  * bus-util: Fix bus_log_connect_error()
  * Merge pull request #34851 from DaanDeMeyer/medium
  * docs: Mention that a local build might be required to use mkosi
  * mkosi: Move copying packages to the output directory to the postinst script
  * import: Draw progress bars
  * pretty-print: add format-string version of draw_progress_bar() (#34939)
  * network: skip processing netdev if it is already detached (#34935)
  * docs: Align some comments in HACKING.md
  * docs: Update instructions for building distribution packages in HACKING.md
  * mkosi: update arch commit reference
  * mkosi: update debian commit reference
  * ask-password: Allow configuring the keyring timeout via an environment variable
  * mkosi: Ensure we build with debuginfo
  * mkosi: Install gdb in centos/fedora build image
  * mkosi: Set BuildSourcesEphemeral=no in mkosi.clangd
  * TEST-17-UDEV: Don't hardcode root device name
  * TEST-64-UDEV-STORAGE: Don't hardcode device name in long-sysfs-path test
  * Two integration test fixes (#34984)
  * mkosi: Add extra tools tree packages required to run integration tests
  * ask-password: Use default timeout if SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC is unset
  * ask-password: Drop "default" for SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC
  * ask-password: Add $SYSTEMD_ASK_PASSWORD_KEYRING_TYPE
  * efivars: Remove STRINGIFY() helper macros
  * openssl-util: Query engine/provider pin via ask-password
  * bootctl: Add --secure-boot-auto-enroll
  * openssl-util: Query engine/provider pin via ask-password (#34948)
  * pcrlock: Pad pe hash to a multiple of 8 bytes
  * exec-invoke: Add debug logging for setup_private_users()
  * tmpfiles: Implement L? to only create symlinks if source exists
  * mkosi: Add ruff and mypy to tools tree packages
  * pcrlock: Move pe_hash() and uki_hash() to pe-binary.h
  * core: Introduce PrivatePIDs=
  * openssl-util: Set default UI method instead of setting engine method
  * Introduce systemd-sbsign to do secure boot signing
  * sbsign: Add validate-key verb
  * ukify: Add support for systemd-sbsign
  * ukify: Add --signing-provider= option
  * Introduce systemd-sbsign to do secure boot signing (#35021)
  * mkosi: Add pytest to tools
  * bootctl: Validate private key path
  * openssl-util: Set expected object type to private keys
  * tree-wide: Introduce --certificate-source= option
  * measure: Add pcrpkey verb
  * ukify: Introduce --certificate-provider= option
  * tree-wide: Introduce --certificate-source= option (#35057)
  * Introduce systemd-keyutil to do various key/certificate operations
  * Add proper dependencies to ukify target
  * bootctl: Only create loader/keys/auto if required
  * mkosi: update arch commit reference
  * mkosi: update fedora commit reference
  * mkosi: update debian commit reference
  * mkosi: Enable clangd execution for all distributions
  * test-audit-util: Migrate to new assertion macros
  * mkosi: update to latest
  * mkosi: Add shellcheck to tools
  * mkosi: Use bash to execute command -v
  * mkosi: Install clangd everywhere
  * mkosi: Add dnf and dnf5 to sanitizer workaround list
  * mkosi: Add github CLI to tools
  * integration-test-wrapper: Remove unneeded format strings
  * Move mypy.ini and ruff.toml to top level
  * ukify: Fix typing error
  * test: Format integration-test-wrapper.py
  * test: Fix typing errors in integration-test-wrapper.py
  * test: Lint integration-test-wrapper.py
  * mkosi: Make sure mkosi.clangd always runs on the host
  * mkosi: Use shared extra tree between initrd and main image
  * test: Dump coredumps from journal in the integration test wrapper
  * test: Use env in testsuite readme
  * mkosi: Simplify sanitizer setup
  * mkosi: update to latest
  * test-creds: Migrate to new assertion macros
  * creds-util: Improve one log message
  * test: Skip TEST-38-FREEZER if coverage is enabled
  * test-execute: Don't make rootfs read-only if we're collecting coverage
  * test-execute: Make /coverage writable in DynamicUser= tests
  * ci: Implement coverage on top of mkosi
  * ci: Implement coverage on top of mkosi  (#35407)
  * test: Implement TEST_PREFER_QEMU and use it in one of the mkosi jobs
  * mkosi: Make sure the /coverage directory exists
  * test: Remove old bash test runner
  * mkosi: Update to latest
  * mkosi: Reduce kernel command line size
  * mkosi: Move leak sanitizer supressions file to sanitizers extra tree
  * test: Set kernel loglevel to INFO when running tests unattended
  * mkosi: Use mkosi sandbox in CI with Fedora tools tree
  * mkosi: Set meson --max-lines= to 300 in CI
  * mkosi: various improvements (#35491)
  * mkosi: Use rawhide tools tree in CI
  * coredumpctl: Don't treat no coredumps as failure
  * namespace: Rename notify_socket to host_notify_socket
  * test-bpf-restrict-fs: Migrate to new assertion macros
  * creds: introduce --transcode=help and friends and use them in shell completion (#35579)
  * mkosi: Fix opensuse build
  * test-bpf-restrict-fs: Migrate to new assertion macros
  * basic/fileio: two modernizations (#35559)
  * core/namespace: several fixes for recently merged PRs (#35580)
  * core: Bind mount notify socket to /run/host/notify in sandboxed units
  * core: Bind mount notify socket to /run/host/notify in sandboxed units (#35573)
  * Revert "repart: Drop unprivileged subvolumes logic for btrfs"
  * repart: Take configured minimum and maximum size into account for Minimize=
  * udev: several trivial cleanups for builtins (#35612)
  * machine: introduce io.systemd.Machine.{MapFrom, MapTo} methods (#35064)
  * test-firewall-util: Migrate to new assertion macros
  * man: Document generator sandbox environment
  * mkosi: Fix opensuse build
  * man: Document generator sandbox environment
  * debug-generator: add a kernel cmdline option to pause the boot process (#35410)
  * mkosi: Update to latest
  * coverage: Run on pull request in a few cases
  * docs: Move fuzzers documentation to test README.md
  * mkosi: Add gdb to tools tree
  * mkosi: Add libz1 to opensuse tools tree
  * mkosi: Enable EPEL for CentOS Stream tools tree
  * mkosi: Use tools tree by default
  * mkosi: Use build/ as extra search path by default
  * mkosi.clangd: Don't pass --host if we're not using flatpak-spawn
  * mkosi.clangd: Fail on command errors
  * docs: Simplify hacking documentation
  * Various mkosi improvements (#35684)
  * units: Order systemd-oomd after systemd-sysusers
  * systemd-homed: Give access to /dev/btrfs-control
  * mkosi: Fix authselect systemd-homed feature name
  * Remove leftover .gitmodules file
  * docs: Use meson compile instead of ninja
  * docs: Explicitly mention ~/.local/bin in section on installing mkosi
  * ptyfwd: fix draining on exit (#35752)
  * mkosi: Allow disabling vcs-tag via environment variable
  * docs: Use mkosi sandbox in test documentation as well
  * docs: Update code coverage documentation
  * network/dhcp: introduce global setting for DHCPv4 client identifier (#35783)
  * terminal-util: introduce terminal_{new,detach}_session helpers (#35811)
  * random-util: our baseline includes getrandom() (v3.17) now (#35816)
  * tree-wide: Rename ret_slave to ret_peer
  * mkosi: Add docbook tools
  * vmspawn: Use vmspawn in drive ID name instead of mkosi
  * vmspawn: Switch to virtconsole for headless console
  * mkosi: Handle directories in debian/not-installed correctly
  * machine: introduce io.systemd.Machine.BindMount method (#35066)
  * vmspawn: Switch to virtconsole for headless console (#35836)
  * nspawn: trivial tweaklets (#35831)
  * dissect: minor additions to the systemd-dissect tool (#35829)
  * core: do not disconnect from bus when failed to install signal match (#35779)
  * Introduce systemd-pty-forward
  * TEST-74-AUX-UTILS: Use tee
  * mkosi: Warn on unpackaged files in the debian package build
  * Introduce systemd-pty-forward (#35761)
  * mkosi: Handle directories in debian/not-installed correctly (#35832)
  * ptyfwd: Add --read-only option
  * sd-json: replace ASSERT_PTR() with assert_return() (#35849)
  * mkosi: Update to latest
  * mkosi: Make path exclude more generic
  * packit: Move fmf metadata into upstream
  * tty-ask-password-agent: if we're spawning further agents, grant them notify access (#35855)
  * machine: several follow-ups for #35066 (#35868)
  * mkosi: Migrate more deprecated options
  * ci: Rename qemu variable to vm
  *  mkosi: Migrate more deprecated options  (#35873)
  * fmf: Insist on mkosi sha being available
  * fmf: Support being used downstream in dist-git tests
  * machine: introduce io.systemd.Machine.{CopyFrom, CopyTo} methods (#34913)
  * repart: Use streq_ptr()
  * docs: Remove VIRTUALIZED_TESTING.md
  * mkosi: Install which in build image
  * packit: Simplify configuration
  * fmf: Check out target branch in packit
  * mkosi: Bump device timeout back to default value
  * mkosi: Update to latest
  * mkosi: Add gdb to tools tree
  * mkosi: Add libz1 to opensuse tools tree
  * mkosi: Enable EPEL for CentOS Stream tools tree
  * mkosi: Use tools tree by default
  * mkosi: Use build/ as extra search path by default
  * mkosi.clangd: Don't pass --host if we're not using flatpak-spawn
  * mkosi.clangd: Fail on command errors
  * docs: Simplify hacking documentation
  * mkosi: Fix authselect systemd-homed feature name
  * docs: Use meson compile instead of ninja
  * docs: Explicitly mention ~/.local/bin in section on installing mkosi
  * mkosi: Allow disabling vcs-tag via environment variable
  * docs: Use mkosi sandbox in test documentation as well
  * mkosi: Add docbook tools
  * mkosi: Handle directories in debian/not-installed correctly
  * mkosi: Warn on unpackaged files in the debian package build
  * mkosi: Update to latest
  * mkosi: Make path exclude more generic
  * packit: Move fmf metadata into upstream
  * mkosi: Migrate more deprecated options
  * ci: Rename qemu variable to vm
  * fmf: Insist on mkosi sha being available
  * fmf: Support being used downstream in dist-git tests
  * repart: Use streq_ptr()
  * mkosi: Install which in build image
  * packit: Simplify configuration
  * fmf: Check out target branch in packit
  * Revert "mkosi: Fix opensuse build"
  * fmf: Don't fail if we can't put selinux in permissive mode
  * fmf: Fix dist-git example
  * fmf: Fix glob
  * Three fmf fixes (#35917)
  * fmf: Only mess with /etc/yum.repos.d when running within testing farm
  * fmf: Dump CPU and memory information
  * fmf: Use different heuristic for number of process with many CPUs
  * test: Drop set -x from integration-test-setup.sh
  * test: Only plug in integration-test-setup.sh in interactive mode
  * TEST-06-SELINUX: Add knob to allow checking for AVCs
  * fmf: Force SELinux relabel when running within testing farm
  * TEST-06-SELINUX: Add knob to allow checking for AVCs (#35921)
  * Two integration test fixes (#35937)
  * mkosi: Re-enable TEST-21-DFUZZER when running with sanitizers
  * machine: introduce io.systemd.Machine.OpenRootDirectory method (#35880)
  * fmf: Move meson logs and failed test journals to test artifacts dir
  * fmf: Log clock source
  * fmf: Use one fewer than number of available CPUs again
  * tree-wide: Fix python formatting
  * test: Add option to save in progress test journals to /tmp
  * test: Don't register machines with machined unless we're in interactive mode
  * test: Move StateDirectory= directive into dropin
  * fmf: Bump inotify limits to avoid systemd-nspawn failures
  * fmf: Use different heuristic on beefy systems
  * fmf: Skip TEST-21-DFUZZER
  * Test improvements (#35955)
  * test: Fix bug in integration test wrapper
  * test: Only move journal file if we didn't just unlink it
  * ci: Skip coverage workflow on forks
  * mkosi: update arch commit reference
  * mkosi: update fedora commit reference
  * dissect: Use COPY_MERGE
  * fmf: Only move logs if corresponding directory exists
  * Update packaging specs (#35980)
  * mkosi: Install libxslt on CentOS/Fedora instead of xsltproc
  * man: Clarify systemd-notify and sd_notify() PID documentation
  * mkosi: Update to latest
  * test: Drop sandbox() from integration test wrapper
  * udev: several trivial fixlets (#36005)
  * fmf: Don't fail if we can't put selinux in permissive mode
  * fmf: Fix dist-git example
  * fmf: Fix glob
  * fmf: Only mess with /etc/yum.repos.d when running within testing farm
  * fmf: Dump CPU and memory information
  * TEST-06-SELINUX: Add knob to allow checking for AVCs
  * fmf: Force SELinux relabel when running within testing farm
  * test: Drop set -x from integration-test-setup.sh
  * test: Only plug in integration-test-setup.sh in interactive mode
  * mkosi: Re-enable TEST-21-DFUZZER when running with sanitizers
  * fmf: Move meson logs and failed test journals to test artifacts dir
  * fmf: Log clock source
  * tree-wide: Fix python formatting
  * test: Add option to save in progress test journals to /tmp
  * test: Don't register machines with machined unless we're in interactive mode
  * test: Move StateDirectory= directive into dropin
  * fmf: Bump inotify limits to avoid systemd-nspawn failures
  * fmf: Use different heuristic on beefy systems
  * fmf: Skip TEST-21-DFUZZER
  * test: Fix bug in integration test wrapper
  * test: Only move journal file if we didn't just unlink it
  * fmf: Only move logs if corresponding directory exists
  * test: Drop sandbox() from integration test wrapper (#36009)
  * ci: Stop archiving packages
  * sbsign: Make two debug logs into error logs
  * sbsign: Make sure output file mode respects umask
  * sbsign: Make sure output file respects umask (#36083)
  * mkosi: Don't set ToolsTreeRepositories= for CentOS Stream tools
  * mkosi: Update to latest
  * mkosi: Use a bigger variety of tools tree distributions
  * mkosi: lcov and shellcheck are not in EPEL 10
  * mkosi: Don't set -O ^orphan_file in centos stream 9 tools tree
  * mkosi: Run more commands as root
  * test: Look for qemu in /usr/libexec/qemu-kvm as well
  * TEST-74-AUX-UTILS: Move run0 pcrlock test to TEST-70-TPM
  * mkosi: Various tools tree fixes (#36059)
  * test: Make sure we run lcov from the meson source directory
  * mkosi: Run two more mkosi commands with sudo
  * mkosi: Update to latest
  * mkosi: Add back --preserve-env when running integrationt tests
  * mkosi: Drop usage of _systemd_QUIET in arch build script
  * HACKING: Move OBS section further down
  * HACKING: Drop run0 from mkosi boot invocation
  * Two HACKING.md improvements (#36152)
  * boot: Improve log message
  * mkosi: Update to latest
  * mkosi: Bump minimum version to 25
  * mkosi: Add VCS_TAG to PassEnvironment=
  * mkosi: Update to latest  (#36190)
  * Cleanups around tty_is_vc() and get_kernel_consoles() (#36171)
  * mkosi: Install libxslt on CentOS/Fedora instead of xsltproc
  * man: Clarify systemd-notify and sd_notify() PID documentation
  * mkosi: Update to latest
  * test: Drop sandbox() from integration test wrapper
  * ci: Stop archiving packages
  * sbsign: Make two debug logs into error logs
  * sbsign: Make sure output file mode respects umask
  * mkosi: Don't set ToolsTreeRepositories= for CentOS Stream tools
  * mkosi: Update to latest
  * mkosi: Use a bigger variety of tools tree distributions
  * mkosi: lcov and shellcheck are not in EPEL 10
  * mkosi: Don't set -O ^orphan_file in centos stream 9 tools tree
  * mkosi: Run more commands as root
  * test: Look for qemu in /usr/libexec/qemu-kvm as well
  * TEST-74-AUX-UTILS: Move run0 pcrlock test to TEST-70-TPM
  * test: Make sure we run lcov from the meson source directory
  * mkosi: Run two more mkosi commands with sudo
  * mkosi: Update to latest
  * mkosi: Add back --preserve-env when running integrationt tests
  * mkosi: Drop usage of _systemd_QUIET in arch build script
  * HACKING: Move OBS section further down
  * HACKING: Drop run0 from mkosi boot invocation
  * boot: Improve log message
  * mkosi: Update to latest
  * mkosi: Bump minimum version to 25
  * mkosi: Add VCS_TAG to PassEnvironment=
  * ukify: Add --sign-profile
  * ukify: Fix two typing issues
  * ukify: Calculate section size more correctly
  * user-runtime-dir: Log the quota limit in the warning message on failure
  * Update TODO
  * homectl: Fix empty checks
  * sysupdate: Update example mode to 644 instead of 444
  * ukify/measure: Revert changes to use SizeOfImage from Linux PE binary
  * machine: introduce io.systemd.MachineImage.CleanPool (#35928)
  * test: Drop -Dremote=enabled instructions from readme
  * test: Move NO_BUILD instructions to a separate section
  * test: Move external packages section down and reword a little
  * stub: Mention that VirtualSize should be <= SizeOfRawData
  * network/routing-policy-rule: fix compare function (#36268)
  * man/udevadm: several minor cleanups (#36267)
  * repart: Don't fail when we're unable to read file attributes
  * mkosi: Only make build sources ephemeral if NO_BUILD is not enabled
  * locale: Move vconsole specific logic to shared/vconsole-util.h
  * vconsole-util: Introduce vconsole_serialize()
  * firstboot: Populate XKBLAYOUT and friends as well in vconsole.conf
  * mkosi: Install strace in build image
  * mkosi: Work around regression in opensuse rpm 4.20 release
  * mkosi: Fix section for BuildSourcesEphemeral=
  * ukify: Fix two typing issues
  * homectl: Fix empty checks
  * ukify/measure: Revert changes to use SizeOfImage from Linux PE binary
  * sysupdate: Update example mode to 644 instead of 444
  * test: Drop -Dremote=enabled instructions from readme
  * test: Move NO_BUILD instructions to a separate section
  * test: Move external packages section down and reword a little
  * repart: Don't fail when we're unable to read file attributes
  * mkosi: Only make build sources ephemeral if NO_BUILD is not enabled
  * mkosi: Install strace in build image
  * mkosi: Fix section for BuildSourcesEphemeral=
  * mkosi: Work around regression in opensuse rpm 4.20 release
  * storagetm: Check if /sys/kernel/config is a mountpoint
  * udev: several improvements for debugging logs (#36357)
  * mkosi: Update to latest
  * ptyfwd: Forward various signals to forked process
  * Update TODO
  * ptyfwd: Forward various signals to forked process (#36345)
  * sysupdate: Don't use compression extension for UKIs in manpage
  * stub: Mention that VirtualSize should be <= SizeOfRawData
  * ukify: Calculate section size more correctly
  * mkosi: Update to latest
  * fmf: Don't fail if we can't modify sysctl values
  * mkosi: Update to latest
  * mkosi: Update to latest
  * mkosi: Fix mkosi.clangd
  * mkosi: Install systemd in Fedora build image
  * repart: Delay private key and certificate check until actual use
  * ukify: Fix --sign-profile= check for main profile
  * mkfs-util: Add support for btrfs compression
  * mkosi: update arch commit reference
  * mkosi: update opensuse commit reference
  * mkosi: update fedora commit reference
  * mkosi: Update distribution packaging specs for arch, opensuse and fedora (#36428)
  * docs: Document how to run the unit tests in HACKING.md
  * mkosi: Do not run unit tests during build by default
  * mkosi: Do not run unit tests during build by default  (#36450)
  * mkosi: Install systemd-boot in opensuse initrd
  * mkosi: Enable userdb tmpfiles dropin on Fedora/CentOS
  * Fix race in io.systemd.Machine.Open() test case (#36410)
  * test-async: Specify FORK_REOPEN_LOG in one more place
  * test-async: Use ASSERT_OK_ERRNO() instead of ASSERT_OK() where applicable
  * process-util: Implement safe_fork_full() on top of pidref_safe_fork_full()
  * process-util: Allow setting ret_pid with FORK_DETACH in safe_fork()
  * exec-invoke: Use FORK_DETACH when forking off pid namespace child
  * fmf: Don't fail if we can't modify sysctl values
  * mkosi: Update to latest
  * mkosi: Update to latest
  * mkosi: Fix mkosi.clangd
  * mkosi: Install systemd in Fedora build image
  * mkosi: update arch commit reference
  * mkosi: update arch commit reference
  * mkosi: update fedora commit reference
  * mkosi: update fedora commit reference
  * sbsign: Don't set bit in SpcPeImageData->flags
  * sysupdate: Don't use compression extension for UKIs in manpage
  * sbsign: Don't set bit in SpcPeImageData->flags
  * fstab-util: port use of setmntent() and friends to libmount (#36489)
  * mkosi: Update to latest
  * TEST-53-ISSUE-16347: Implement rtc via custom argument
  * TEST-64-UDEV-STORAGE: Stop using mkosi configure scripts
  * bootctl-install: Use i2d_PKCS7() instead of i2d_PKCS7_SIGNED()
  * test: Do not add integration tests if want_tests == 'false'
  * mkosi: Enable History= option
  * mkosi: Enable History= option (#36500)
  * mkosi: update fedora commit reference
  * packit: Switch to meson.version for the current version
  * mkosi: Update to latest
  * docs: Use mkosi -R instead of mkosi -t none
  * docs: Use mkosi -R instead of mkosi -t none (#36528)
  * meson: Add missing dbus_programs dependency on update-dbus-docs
  * exec-invoke: Fix unshare() error handling
  * exec-invoke: Fix invalid use of error variable
  * exec-invoke: Fix unshare() error handling (#36537)
  * exec-invoke: Move KSM logic up
  * exec-invoke: Simplify logic
  * sbsign: Fix wrong variable being passed to log_error_errno()
  * openssl-util: Introduce pkcs7_new()
  * keyutil: Reword pkcs7 documentation string a little
  * keyutil: Use fopen_tmpfile_linkable()
  * sbsign: Copy source to dest later
  * exec-invoke: Introduce setup_delegated_namespaces()
  * sbsign: Split out functions and switch to lower level APIs
  * sbsign: Add support for offline signing
  * Update TODO
  * dissect: Skip partitions with _empty label
  * core: Add DelegateNamespaces=
  * core: Add DelegateNamespaces= (#36532)
  * Add a few more bypass environment variables
  * test: Check stdin for interactivity, not stderr
  * test: Move getty-pre.target logic into integration-test-wrapper.py
  * test: Disable status messages when we start running a test
  * test: Connect test unit to console when running interactively
  * network: Use RTNH_COMPARE_MASK in route_can_update() (#36585)
  * basic: remove unnecessary definition in missing_xyz.h (#36565)
  * mkosi: Update to latest
  * TEST-53-ISSUE-16347: Implement rtc via custom argument
  * TEST-64-UDEV-STORAGE: Stop using mkosi configure scripts
  * mkosi: Enable History= option
  * mkosi: update fedora commit reference
  * packit: Switch to meson.version for the current version
  * mkosi: Update to latest
  * docs: Use mkosi -R instead of mkosi -t none
  * meson: Add missing dbus_programs dependency on update-dbus-docs
  * exec-invoke: Fix unshare() error handling
  * exec-invoke: Fix invalid use of error variable
  * sbsign: Fix wrong variable being passed to log_error_errno()
  * test: Do not add integration tests if want_tests == 'false'
  * test: Connect test unit to console when running interactively (#36586)
  * network: Use RTNH_COMPARE_MASK in route_can_update() (#36585)
  * test: Check stdin for interactivity, not stderr
  * test: Move getty-pre.target logic into integration-test-wrapper.py
  * test: Disable status messages when we start running a test
  * test: Connect test unit to console when running interactively
  * async: Port to PidRef
  * test-async: Wait for asynchronous_sync() to finish
  * mkosi: Don't install dnf anymore on Fedora
  * mkosi: update fedora commit reference
  * load-fragment: Fix config_parse_namespace_flags() for DelegateNamespaces=
  * portable: Set DelegateNamespaces=no for all portable profiles
  * TEST-13-NSPAWN: Set TERM=dumb when calling machinectl shell
  * core: Debug log if we cannot change the controlling terminal
  * mkosi: update fedora commit reference
  * opensuse: Drop workarounds
  * mkosi: Disable BuildSourcesEphemeral=
  * mkosi: Disable BuildSourcesEphemeral= (#36646)
  * mkosi: Switch to --rerun-build-scripts in mkosi.clangd
  * mkosi: Skip other build scripts if we're running clangd
  * copy: Bubble up ENOSPC immediately in fd_copy_directory()
  * copy: Fix error handling in fd_copy_directory()
  * Several fixes and cleanups around sd_listen_fds() (#36788)
  * mkosi: Bump to Fedora 42
  * mkosi: Add unix_chkpwd to sanitizer wrapped binaries
  * mkosi: Make sure systemd-userdbd.socket is enabled
  * userdb: Add userdb.user.* and userdb.group.* credentials
  * mkosi: Create testuser at runtime
  * Update TODO
  * units: Add systemd-machined.socket
  * exec-invoke: Rename various variables from has_ to have_
  * bus-unit-util: Fix DelegateNamespaces= parser
  * TEST-07-PID1.delegate-namespaces: Fix testcase_network()
  * core: Also check if we can mount /proc if pid namespace is delegated
  * TEST-07-PID1.delegate-namespaces: Make sure fully visible procfs is available
  * TEST-07-PID1.delegate-namespaces: Fix testcase_pid()
  * TEST-07-PID1.delegate-namespaces: Actually run the testcases
  * TEST-07-PID1.private-pids: Use --machine=testuser@.host instead of runas
  * capability-util: Ignore unknown capabilities instead of aborting
  * sd_bus_open_user_machine(): Don't shortcut without necessary env
  * run: Stop agents before we drop privileges
  * test: Fix formatting
  * core: Make DelegateNamespaces= work for user managers with CAP_SYS_ADMIN
  * userdb: Add userdb.user.* and userdb.group.* credentials (#36740)
  * packit: Enable use_target_repo_for_fmf_url option
  * packit: Use same specfile revision as mkosi uses
  * fmf: Drop btrfs workaround
  * fmf: Stop creating /etc/pacman.d/gnupg mountpoint
  * fmf: Drop support for dist-git-source: true
  * various verity generator tweaks (#36802)
  * fmf: Download rpms manually instead of going via repositories
  * fmf: Allow overriding the mkosi distribution and release used
  * fmf: Drop -f from subsequent mkosi sandbox calls
  * fmf: Use mkosi -f together with ToolsTreePackageDirectories=
  * packit: Enable use_target_repo_for_fmf_url option (#36794)
  * bootctl: adjust feature message (#36372)
  * packit: Remove --depth=1 from git clone
  * test: Check that the journal file was actually created
  * test: Check that the journal file was actually created (#36821)
  * mkosi: Log in mkosi.sync when we don't check out commit
  * mkosi: update fedora commit reference
  * packit: Load fmf metadata from rpm spec repository
  * packit: Load fmf metadata from rpm spec repository (#36825)
  * fetch-distro: Fetch before we switch branches
  * mkosi: Hide patches on debian instead of removing them
  * sd_bus_open_user_machine(): Don't shortcut without necessary env
  * mkosi: Don't install dnf anymore on Fedora
  * mkosi: update fedora commit reference
  * mkosi: update fedora commit reference
  * mkosi: Disable BuildSourcesEphemeral=
  * mkosi: Switch to --rerun-build-scripts in mkosi.clangd
  * mkosi: Skip other build scripts if we're running clangd
  * mkosi: Bump to Fedora 42
  * mkosi: Add unix_chkpwd to sanitizer wrapped binaries
  * test: Check that the journal file was actually created
  * mkosi: Log in mkosi.sync when we don't check out commit
  * mkosi: update fedora commit reference
  * packit: Enable use_target_repo_for_fmf_url option
  * packit: Use same specfile revision as mkosi uses
  * fmf: Drop btrfs workaround
  * fmf: Stop creating /etc/pacman.d/gnupg mountpoint
  * fmf: Drop support for dist-git-source: true
  * fmf: Download rpms manually instead of going via repositories
  * fmf: Allow overriding the mkosi distribution and release used
  * fmf: Drop -f from subsequent mkosi sandbox calls
  * fmf: Use mkosi -f together with ToolsTreePackageDirectories=
  * packit: Load fmf metadata from rpm spec repository
  * opensuse: Drop workarounds
  * mkosi: update debian commit reference
  * fetch-distro: Fetch before we switch branches
  * mkosi: Hide patches on debian instead of removing them
  * packit: Remove --depth=1 from git clone
  * user-record: Allow/strip status for mask/extract privileged helpers
  * test: Disable pager in integration test units
  * mkosi: update fedora commit reference
  * mkosi: Add two more mkosi entries to .gitignore
  * mkosi: Add back .mkosi-private/ to .gitignore
  * test: Make sure serial is always set explicitly for scsi-hd qemu devices
  * README: Drop test packages
  * Revert "test: dynamically generate list of test cases"
  * tree-wide: Update outdated docs on removed old integration test stuff
  * meson: Drop project_source_root and project_build_root variables
  * test: Make it possible to run the integration tests standalone
  * test: Make it possible to run the integration tests standalone (#36868)
  * test: Fix symlink location of standalone tests
  * mkosi: update fedora commit reference
  * mkosi: Update to latest
  * mkosi: Remove debian/ubuntu pinning
  * mkosi: Disable various extra things in the default preset
  * mkosi: Mark /etc /var as updated in a finalize script
  * mkosi: Bump minimum version to 25~devel
  * test: Boot integration test VMs without an initrd if possible
  * TEST-06-SELINUX: Only enable if meson was invoked as root
  * test: Mark tests as skipped if requirements were not satisfied
  * test: Use /dev/shm for TEST_JOURNAL_USE_TMP if /tmp isn't tmpfs
  * mkosi: Use build image prepare scripts for tools tree as well
  * test: Drop --no-rebuild from meson test invocations
  * meson: Set PYTHONDONTWRITEBYTECODE=1 in test environment
  * mkosi: Update to latest
  * mkosi: Drop orphan_file workaround
  * mkosi: Drop number prefixes from configuration files
  * mkosi: Use mkosi.tools.conf for tools tree configuration
  * mkosi: Stop passing package environment variables to tools image
  * mkosi: Various improvements and fixes (#36931)
  * mkosi: Make sure we set DEB_BUILD_PROFILES when cleaning up with dpkg
  * test: Unset JOURNAL_STREAM for integration test units
  * test: Use test.service template for all integration tests
  * mkosi: Update to latest
  * mkosi: update fedora commit reference
  * mkosi: Move all mkosi configuration into mkosi/ subdirectory
  * test: Be smarter about detecting the mkosi configuration directory
  * mkosi: Move all mkosi configuration into mkosi/ subdirectory (#36954)
  * mkosi: Fix ExtraSearchPaths= for build directory
  * mkosi: Point ssh key and certificate to top level dir as well
  * mkosi: Pass through NO_SYNC to tools and subimages as well
  * mkosi: Switch to KernelInitrdModules=
  * mkosi: Point ssh key and certificate to top level dir as well (#36989)
  * timedate: Use timestamp_is_set() more
  * docs: Make sure we run mkosi genkey before everything else
  * mkosi: update fedora commit reference
  * Two more mkosi updates (#36992)
  * test: Disable pager in integration test units
  * mkosi: update fedora commit reference
  * mkosi: Add two more mkosi entries to .gitignore
  * mkosi: Add back .mkosi-private/ to .gitignore
  * test: Make sure serial is always set explicitly for scsi-hd qemu devices
  * README: Drop test packages
  * Revert "test: dynamically generate list of test cases"
  * tree-wide: Update outdated docs on removed old integration test stuff
  * meson: Drop project_source_root and project_build_root variables
  * coverage: Run on pull request in a few cases
  * test: Make it possible to run the integration tests standalone
  * test: Fix symlink location of standalone tests
  * mkosi: update fedora commit reference
  * mkosi: Update to latest
  * mkosi: Remove debian/ubuntu pinning
  * mkosi: Disable various extra things in the default preset
  * mkosi: Mark /etc /var as updated in a finalize script
  * mkosi: Bump minimum version to 25~devel
  * test: Boot integration test VMs without an initrd if possible
  * TEST-06-SELINUX: Only enable if meson was invoked as root
  * test: Mark tests as skipped if requirements were not satisfied
  * test: Use /dev/shm for TEST_JOURNAL_USE_TMP if /tmp isn't tmpfs
  * mkosi: Use build image prepare scripts for tools tree as well
  * test: Drop --no-rebuild from meson test invocations
  * meson: Set PYTHONDONTWRITEBYTECODE=1 in test environment
  * mkosi: Update to latest
  * mkosi: Drop orphan_file workaround
  * mkosi: Drop number prefixes from configuration files
  * mkosi: Use mkosi.tools.conf for tools tree configuration
  * mkosi: Stop passing package environment variables to tools image
  * mkosi: Make sure we set DEB_BUILD_PROFILES when cleaning up with dpkg
  * test: Unset JOURNAL_STREAM for integration test units
  * test: Use test.service template for all integration tests
  * mkosi: Update to latest
  * mkosi: update fedora commit reference
  * mkosi: Move all mkosi configuration into mkosi/ subdirectory
  * test: Be smarter about detecting the mkosi configuration directory
  * mkosi: Fix ExtraSearchPaths= for build directory
  * mkosi: Point ssh key and certificate to top level dir as well
  * mkosi: Pass through NO_SYNC to tools and subimages as well
  * mkosi: Switch to KernelInitrdModules=
  * timedate: Use timestamp_is_set() more
  * docs: Make sure we run mkosi genkey before everything else
  * mkosi: update fedora commit reference
  * mkosi: Fix arch build script version sed expression
  * mkosi: Fix arch build script version sed expression
  * terminal-util: Make sure resolve_dev_console() always returns a full path
  * core: Resolve /dev/console if it's connected to stdin
  * exec-invoke: Always go via stdin fd in setup_pam() to get tty
  * core: Resolve /dev/console if it's connected to stdin (#36666)
  * mkosi: Update to latest
  * test: Install files required to run integration tests standalone
  * mkosi: Make MinimumVersion= a git commit
  * mkosi: Set mitigations=off
  * exec-invoke: Fix two log messages
  * meson: Use custom_target() instead of vcs_tag()
  * elf2efi: Deal properly with empty $SOURCE_DATE_EPOCH
  * mkosi: Set time-epoch= to fixed value
  * Two fixes to reduce the number of unnecessary rebuilds (#37069)
  * mkosi: update mkosi commit reference to 7e4ec15aee6b98300b2ee14265bc647a716a9f8a
  * test: Drop version from standalone meson file
  * test: Make sure symlinks in integration-tests are properly installed
  * test: Two fixes for running the integration tests standalone (#37073)
  * mkosi: update debian commit reference to 11efce9445f987f1e588719c182a93794eba2565
  * mkosi: Rely on tmpfiles to put nsswitch.conf in place
  * mkosi: Move TEST-24-CRYPTSETUP files to mkosi/ directory
  * mkosi: Make sure the mkosi image can be built without the source tree available (#37068)
  * test: Fix typing error in integration-test-wrapper.py
  * integration-tests: Don't enable tpm for every single test
  * meson: Fix installation directory for integration-tests when using rsync
  * test: Work around bug in meson when installing directory symlinks
  * mkosi: update fedora commit reference to 6646d13acae64665f63354cd60ecf963ee563b96
  * mkosi: update fedora commit reference to 6646d13acae64665f63354cd60ecf963ee563b96 (#37065)
  * elf2efi: Add back python 3.7 compat
  * mkosi: Make sure coreutils is installed in initrd/exitrd
  * mkosi: Reuse main image prepare scripts in subimages
  * mkosi: Two improvements (#37155)
  * mkosi: Rename mkosi.prepare scripts for systemd deps to systemd.prepare
  * mkosi: update mkosi commit reference to dbb4020beee2cdf250f93a425794f1cf8b0fe693
  * test: Use meson add_test_setup() instead of environment variables
  * basic: Move ratelimit logging functions to ratelimit.h
  * basic: Move log context functions to log-context.h
  * basic: Move trivial cleanup/ref/unref macros from macro.h to memory-util.h
  * basic: Remove list.h include from log.h
  * basic: Remove stdio-util.h include from log.h
  * macro: Move definition of dummy_t to macro-fundamental.h
  * fundamental: Move alignment logic to memory-util-fundamental.h
  * basic: Move assertion specific functions to assert-util.h
  * fundamental: Always use _Static_assert for assert_cc()
  * basic: Stop including log.h in macro.h
  * basic: Move macro.h include in list.h to the top of the file
  * basic: Remove circular dep between alloc-util.h and memory-util.h
  * basic: Remove circular dependency between process-util.h and pidref.h
  * tree-wide: Remove references to src/shared/linux
  * tree-wide: Mark linux and sys includes as system includes
  * Various changes made as part of trying to run include-what-you-use on the systemd repository (#37112)
  * resolve,import: always use openssl (#36937)
  * mkosi: Replace base-devel with base in arch tools packages
  * mkosi: Add clang tools and iwyu to tools tree
  * docs: Add paragraph about circular includes to CODING_STYLE.md
  * docs: Add note to keep header files as lean as possible to CODING_STYLE.md
  * Several preparation for killing SysV compat (#37207)
  * udev: serialize queued events on exit (#37047)
  * sd-bus: Get rid of circular dependency between sd-bus.h and sd-bus-vtable.h
  * shared: Remove circular dependency between image-policy.h and dissect-image.h
  * core: Turn manager unit log fields into unit functions
  * core: Remove circular dependencies between headers
  * home: Remove circular header dependencies
  * import: Remove circular header dependencies
  * journal: Remove circular header dependencies
  * login: Remove circular header dependencies
  * machine: Remove circular header dependencies
  * network: Move networkd-manager.h include to implementation file
  * network: Remove circular header dependencies in network/tc
  * network: Remove circular header dependencies in network/netdev
  * portable: Remove circular header dependencies
  * resolve: Move two functions from resolved-conf.h to resolved-dns-server.h
  * resolve: Move implementations of some functions to resolved-dns-packet.c
  * resolved: Remove circular header dependencies
  * sysupdate: Remove circular header includes
  * timesync: Remove circular header dependencies
  * basic: Use _Static_assert() in missing_audit.h instead of assert_cc()
  * tree-wide: Make sure all headers are standalone
  * Remove more circular header dependencies (#37185)
  * boot: Make free() a non inline function
  * libsystemd: Skip _sd-common.h include check when __clang_analyzer__ is defined
  * journal: Always compile journal authentication related files
  * tree-wide: Use assert_se() instead of assert() in various places
  * basic: Move various macros from assert-util.h to assert-fundamental.h
  * core: Drop unused forward declaration
  * core: Merge forward declaration and definition of DynamicUser
  * Various fixes to streamline running code analysis tools such as clang-tidy (#37224)
  * log: Make sure LOG_CONTEXT_SET_LOG_LEVEL() can be nested
  * unit: Make sure individual unit maximum log level always takes priority
  * timedate: Drop custom logging macros in favor of log context
  * execute: Get rid of custom logging macros
  * Add .clangd configuration file that disables the unused include check
  * ci: Use mkosi in linter workflow
  * Various logging improvements and cleanups (#37040)
  * ci: Add basic clang-tidy check to linter workflow
  * Add clang-tidy check in CI (#37226)
  * mkosi: Run clangd within the tools tree instead of the build container
  * bus-message-util: use bus_message_read_family() at one more place
  * network: Fix wrong config parser for Bridge.MulticastIGMPVersion
  * core: Use parse_syscall_archs() in bus_exec_context_set_transient_property()
  * tree-wide: Remove dead code
  * meson: Define our own clang-tidy target
  * network: Remove duplicate include
  * meson: Implement duplicate includes check with clang-tidy
  * Various clang-tidy improvements (#37237)
  * test: Add custom signal handlers to integration test wrapper script
  * selinux: Disable selinux logging in mac_init() as well
  * docs: Document manual cgroup controller management for Delegate=yes
  * cleanup: update bug prone argument comments (#37281)
  * udev: Enable delegation without delegating any controllers
  * basic: Add our own <netinet/in.h> and <net/if.h> headers
  * basic: Add macro.h include to missing_syscall_def.h
  * basic: Remove assertions from missing_fs.h
  * resolve: Remove unnecessary ENABLE_DNS_OVER_TLS check
  * clang-format: Add include sorting directives
  * clang-format: Disable for src/basic/include/linux
  * tree-wide: Sort includes
  * Add our own <netinet/in.h> and <net/if.h> headers and sort includes tree-wide with clang-format (#37278)
  * resolve: Simplify and optimize meson file
  * fundamental: Insert some missing conditional includes
  * sd-id128: Use static instead of _SD_ARRAY_STATIC in source files
  * daemon-util: Rename starting/stopping message constants
  * basic: Add our own net/if_arp.h header
  * shared: Add blkid-util.c
  * shared: Make sure ip-protocol-xxx.h headers include <netinet/in.h>
  * networkd-network-gperf.gperf: Add various missing includes
  * socket-util: Replace sockaddr length macros with functions
  * test: Remove unused sources from tests
  * Various changes to prepare for running IWYU on the repository (#37319)
  * meson: Make sure check-filesystems.sh runs from the build directory
  * main-func: Reduce transitive includes
  * string-table: Move more implementation logic into functions
  * macro: Introduce ABS() macro and use it in header files
  * hashmap: Drop debug params
  * Various preparatory changes from #37344 (#37348)
  * string-util: Remove utf8.h and alloc-util.h includes
  * alloc-util: Move strdupa_safe() and strndupa_safe() to string-util.h
  * Add missing alloc-util.h to string-util.h
  * tree-wide: Remove strv_from_stdarg_alloca()
  * tree-wide: Get rid of prefix_roota() in favor of path_join()
  * af-list: Remove transitive includes
  * fs-util: Reduce transitive includes
  * path-util: Reduce transitive includes
  * strv: Reduce transitive includes
  * device-util: Reduce transitive includes
  * conf-parser: Reduce transitive includes
  * rm-rf: Reduce transitive includes
  * iovec-util: Reduce transitive includes
  * static-destruct: Reduce transitive includes
  * udev-worker: send path to device node of whole disk when it is locked, and one cleanup (#37385)
  * basic: Override glibc's sys/param.h header with an empty file
  * macro: Reduce transitive includes
  * basic: Move parts of audit-util.{c,h} to libaudit-util.{c,h} in shared/
  * terminal-util: Move various functions to ansi-color.c
  * compress: Drop lz4 includes from compress.h
  * alloc-util: Remove unneeded stdlib.h include
  * strv: Move STRV_FOREACH() to strv-fundamental.h
  * More header cleanups (#37381)
  * meson: Stop doing nested build when fuzzers are enabled
  * meson: Extract objects instead of creating intermediate static libraries
  * meson: Remove unneeded include directories
  * meson: Don't create static library target unless option is enabled
  * core: introduce io.systemd.Manager.Describe method (#35098)
  * tests.h: Move some implementation details into tests.c.
  * tests.h: Get rid of TEST_REQ_RUNNING_SYSTEMD()
  * meson: Add missing conditions
  * Prepare for reducing transitive includes in tests.h (#37414)
  * Introduce forward.h header with forward declarations
  * boot: Use DEFINE_TRIVIAL_CLEANUP_FUNC() to define strv_freep()
  * Introduce forward.h header with forward declarations (#37428)
  * blockdev-util: Remove dependency on string-util.h
  * static-destruct: Move static_destruct() logic to implementation file
  * hashmap: Make sure Iterator struct is named
  * sd-bus: Make sure sd_bus_error and sd_bus_error_map structs are named
  * xdg-autostart-generator: Clean up includes
  * vmspawn: Clean up includes
  * forward: Add forward declaration for LockFile
  * Cleanup up includes #1 (#37438)
  * forward: Add forward declaration for LockFile (#37445)
  * discover-image: Move some logic to the implementation file
  * capability-util: Ignore unknown capabilities instead of aborting
  * serialize: Move some logic to the implementation file
  * networkd-util: Avoid call to endswith()
  * tpm2-util: Make sure structs/enums are named and add to forward.h
  * tree-wide: Clean up includes
  * tree-wide: Clean up includes (#37457)
  * user-record: Make sure UserStorage enum has the same name as its typedef
  * userdb: Clean up includes
  * timedate: Clean up includes
  * path: Clean up includes
  * busctl: Clean up includes
  * hashmap: Split out iterator.h
  * shutdown: Clean up includes
  * nss: Clean up includes
  * mountfsd: Clean up includes
  * userns-restrict: Move HAVE_VMLINUX check into functions
  * nsresourced: Clean up includes
  * locale: Clean up includes
  * integritysetup: Clean up includes
  * hibernate-resume: Clean up includes
  * coredump: Clean up includes
  * portable: Clean up includes
  * Bugprone argument comment - round 5 (#37481)
  * bpf-link: Add HAVE_LIBBPF check
  * sd-varlink: Fix argument names of sd_varlink_idl_parse()
  * sd-varlink: Expose sd_varlink_idl_parse()
  * sd-varlink: Expose sd_varlink_idl_parse() (#37513)
  * journal-remote: Allow building without microhttpd support
  * meson: Extract more objects instead of compiling multiple times
  * meson: Make sure fuzz-journal-remote is built in oss-fuzz
  * oss-fuzz: Add comment on why we build with --auto-features=disabled
  * meson: Build fuzz executables by default if fuzz-tests option is enabled
  * tree-wide: Ensure source file names are unique
  * meson: Rework clang-tidy integration to be done via unit tests
  * meson: Use hyphens everywhere in gperf.c filenames
  * Various meson improvements (#37510)
  * forward.h: Add forward declaration of BusObjectImplementation
  * pcre2-util: Make sure PatternCompileCase enum is named
  * icmp6-packet: Fix typo
  * macro-fundamental: Introduce typeof_field()
  * basic: Include time-util.h in constants.h
  * tree-wide: Clean up includes
  * test: Clean up includes
  * fuzz: Clean up includes
  * shared: Introduce conf-parser-forward.h
  * oom: Clean up includes
  * timesync: Clean up includes
  * stat-util: Use typeof_field() in one more place
  * test-tables: Pass enum type to test_table() as well
  * tests: Move implementation of DEFINE_HEX_PTR() into source file
  * tree-wide: Include <libaudit.h> via libaudit-util.h
  * meson: Don't define targets for standalone binaries if option is not enabled
  * home: Clean up includes
  * resolve: Clean up includes
  * nspawn: Clean up includes
  * pretty-print: Add missing fileio.h include
  * sysupdate: Clean up includes
  * udev: Clean up includes
  * systemctl: Clean up includes
  * portable: Fix comment
  * machine: Clean up includes
  * login: Clean up includes
  * import: Clean up headers
  * journal-remote: Clean up includes
  * journal: Clean up includes
  * cryptsetup: Clean up includes
  * cryptenroll: Clean up includes
  * bootctl: Clean up includes
  * network: Clean up includes
  * core: Make various ActivationDetails functions take a const argument
  * analyze: Clean up includes
  * logind: Add missing include
  * core: Clean up includes
  * machine: Fix comment
  * test: Remove unused includes
  * core: Clean up includes
  * Various cleanups (#37564)
  * boot: Clean up includes
  * meson: Use .inc for generated code meant to be included in other files
  * meson: Run clang-tidy on libsystemd headers as well
  * Clang tidy headers (#37566)
  * forward: Add more forward declarations
  * basic: Add missing process-util.h include to origin-id.h
  * meson: Make sure <sys/socket.h> is included in af-from-name.gperf
  * tree-wide: Clean up includes
  * More header cleanups (#37571)
  * shared: Clean up includes
  * libudev: Clean up includes
  * shared: Followups for #37575
  * basic: Move ratelimit logging functions to log-ratelimit.h
  * libsystemd: Clean up includes
  * forward: Move ChaseFlags forward declaration to forward.h
  * netlink-internal: Make message_get_serial() static inline again
  * generate-sym-test: Only include required headers
  * fundamental: Move declaration of free() to macro-fundamental.h
  * core: Add missing bpf-dlopen.h includes to bpf skeleton headers
  * ci: Setup clang-tidy meson env with extra options
  * clang-tidy: Skip public headers
  * clangd: Enable UnusedIncludes feature again
  * Various cleanups (#37597)
  * basic: Move LogRatelimit struct to log-ratelimit.h as well
  * strv: Drop unnecessary macros
  * basic: Move userns_supported() to namespace-util.h
  * login-util: Mark session_id_valid() as pure
  * basic + fundamental: Clean up includes
  * basic + fundamental: Clean up includes (#37595)
  * tree-wide: Clean up more includes
  * socket-util: Move getsockopt_int() to implementation file
  * tree-wide: Handle EINVAL as not supported for chattr_xxx()
  * core: introduce io.systemd.Unit.List (first PR) (#37432)
  * basic,shared: mark eligible functions with _pure_/_const_ (#37623)
  * mkosi: update mkosi commit reference to 5e739ef1ed02a4f3b6ae64e50a8ee186cbcb21c2 (#37632)
  * repart: Apply verity-sig max size based on partition type
  * repart: CopyBlocks=auto fix for verity-sig partitions (#37688)
  * repart: Improve logging in resolve_copy_blocks_auto()
  * repart: Add ratelimitting for progress updates
  * meson: Remove unnecessary deps from libsystemd-static build
  * core: Disable pid namespacing for control processes
  *  core: Make sure we handle DelegateSubgroup= in combo with cgroupns
  * meson: Add libmount feature
  * meson: Don't fail install script if file doesn't exist
  * core: Various fixes for cgroup and pid namespaces (#36815)
  * forward: Drop socklen_t forward declaration
  * mkosi: update arch commit reference to 15cb472aeb4d93d7fae9c7b7bc2cd6723bc8ec85
  * mkosi: update opensuse commit reference to 2dc224ae5d446e928519315f4d46f76d1e34b8a8
  * mkosi: update fedora commit reference to 7de88c66bdc26920db570e67ef74e579f8461d9c
  * cgroup-util: Always open cgroupv2 attribute files in O_NONBLOCK mode
  * home: Make sure we resolve /etc/skel symlink
  * mkosi: Update to latest
  * mkosi: Make MinimumVersion= a git commit
  * mkosi: Set mitigations=off
  * mkosi: Set time-epoch= to fixed value
  * mkosi: update mkosi commit reference to 7e4ec15aee6b98300b2ee14265bc647a716a9f8a
  * mkosi: Move TEST-24-CRYPTSETUP files to mkosi/ directory
  * mkosi: Make sure coreutils is installed in initrd/exitrd
  * mkosi: Reuse main image prepare scripts in subimages
  * mkosi: Rename mkosi.prepare scripts for systemd deps to systemd.prepare
  * mkosi: update mkosi commit reference to dbb4020beee2cdf250f93a425794f1cf8b0fe693
  * mkosi: Replace base-devel with base in arch tools packages
  * mkosi: Add clang tools and iwyu to tools tree
  * ci: Use mkosi in linter workflow
  * mkosi: Run clangd within the tools tree instead of the build container
  * mkosi: update mkosi commit reference to 5e739ef1ed02a4f3b6ae64e50a8ee186cbcb21c2 (#37632)
  * meson: Stop doing nested build when fuzzers are enabled
  * meson: Don't fail install script if file doesn't exist
  * home: Make sure we resolve /etc/skel symlink
  * nspawn: Allow bpf() syscall if CAP_BPF is retained
  * tools: Fix fetch-mkosi changelog generation
  * mkosi: update mkosi commit reference to 0d1143150835b21c1bfe64428df5f45b558280b1
  * test-xml: Use ASSERT_OK() instead of ASSERT_GE()
  * network: Add varlink socket unit
  * login: Add missing newline between headers
  * login: Add varlink socket unit
  * udev: Fix initializing varlink server from listen fd
  * test: Add tests for various varlink socket units
  * Move missing_xyz.h for glibc headers to src/basic/include/ (#37960)
  * Explicitly include more headers (#38100)
  * Two trivial nspawn fixes (#38152)
  * Several follow-ups for recent SELinux changes (#38161)
  * Replace underscores in filenames with hyphens (#38203)
  * core/cgroup: always submit unit to realize queue if all controllers are being invalidated (#38194)
  * vmspawn: Run auxiliary daemons inside scope instead of separate service (#38047)
  * mkosi: Relax separate branch check in mkosi.sync
  * core: fix segfault by drop-in config for masked unit (#38810)
  * install: Coding style fixlet
  * install: Fall back to system presets if there are no initrd presets
  * core/transaction: fix issue in dropping unmergeable jobs (#38776)
  * repart: add test case for btrfs specific options and MountPoint=, and update man page (#38756)
  * gpt-auto-generator: Pass verity settings to dissect_loop_device()
  * mkosi: Install libcap-progs in main and minimal image
  * TEST-13-NSPAWN: Fix typo
  * test: Add test for nspawn's handling of cap_net_bind_service
  * nspawn: Drop CAP_NET_BIND_SERVICE if in userns with identity mapping (#38723)
  * Update hwdb and contributor list for v258-rc4 (#38828)
  * TEST-55-OOMD: Verify that ExecStopPost= runs on oom-kill
  * Extend test-dlopen-so to also cover cases when built without support
  * mkosi: several cleanups (#38924)
  * core/transaction: several cleanups (#38778)
  * tree-wide: Fix two curl warnings
  * include: Add missing IWYU pragmas
  * mkosi: Add stress-ng to sanitizer wrapper programs
  * core: Use oom_group_kill attribute if OOMPolicy=kill
  * core: Expose oom kills and managed oom kills as properties
  * test: Add tests for systemd's kernel oom kill handling
  * tree-wide: Remove unused includes
  * tree-wide: Remove unused includes (#39023)
  * core: Expose oom kills and managed oom kills as properties (#38906)
  * man: Add missing parentheses
  * dissect: Add more debug logging
  * gpt: Introduce function to convert verity hash or sig to data partition
  * dissect: Add full stop to debug log messages in dissect_image()
  * ssh-proxy: Add support for per user machined
  * dissect: Add more debug logging
  * dissect: Add more debug logging (#39125)
  * ethtool-util: several cleanups for applying link settings (#38879)
  * Add copilot instructions
  * docs: Mention newline requirement for multi-line function decl
  * copilot: Tell the AI to be thorough
  * mkosi: Add stress-ng to sanitizer wrapper programs
  * tree-wide: Fix two curl warnings
  * man: Add missing parentheses
  * sd-id128: Drop _sd_const_ from sd_id128_in_setv()
  * sd-id128: Drop _sd_const_ from sd_id128_in_setv()
  * varlink: Always link to documentation for current version
  * test: fixes for debian unstable and TEST-50-DISSECT (#39331)
  * core: Make sure we don't clobber return argument on failure
  * core: Don't use TTYPath= for PAM unless StandardInput=tty
  * tree-wide: Introduce sd-forward.h and shared-forward.h headers
  * implement ExecContext for io.systemd.Unit.List (#38212)
  * ci: Disable bpf-framework option for build and unit test jobs
  * tree-wide: Various forward header cleanups
  * resolved: move DNS RR/key/naswer/question/packet code to shared/ + other tweaks (#39324)
  * ptyfwd: Always prioritize $SYSTEMD_TINT_BACKGROUND
  * core: adding cgroup/invocationid lookups to io.systemd.Unit.List (#38032)
  * import: support in --user mode (#39322)
  * nspawn: Add --bind-user-shell= to --help
  * vmspawn: Use machine_credential_add()
  * vmspawn: Add --bind-user= and --bind-user-shell= (#38410)
  * rpm: Make sure we only match files in the directories in triggers
  * mkosi: Stop installing devel packages
  * Several cleanups for dlopen() (#39441)
  * basic: Use xopenat_full() in mkdir_p_root_full()
  * core: Don't setup mount propagation tunnel if not required
  * mount-util: Iterate mountinfo backwards when unmounting
  * elf-util: Add support for parsing dlopen metadata
  * TEST-65-ANALYZE: Add missing --no-pager
  * analyze: Add dlopen-metadata verb
  * test-namespace: Migrate to new assertion macros
  * analyze: Add dlopen-metadata verb (#39457)
  * mkosi: Disable lto feature of systemd spec
  * mkosi: update fedora commit reference to ea1d871ecd6c2fe063523840c1e4cf9bcf200e32
  * analyze: Add shell completion for dlopen-metadata
  * run0: Add --empower
  * mkosi: update fedora commit reference to ea1d871ecd6c2fe063523840c1e4cf9bcf200e32 (#39483)
  * core: several cleanups/fixes for fd passing (#39491)
  * mount-setup: Reformat table
  * mount-setup: Add optional function which provides extra mount options
  * mount-setup: Add memory_hugetlb_accounting to cgroupfs mount
  * core: Rename bus_set_transient_std_fd() and remove unused name argument
  * nspawn: Fix docs
  * userdb: Add missing .membership extension to membership files
  * TEST-87-AUX-UTILS-VM: Propagate SYSTEMD_PAGER at one more place
  * userdbctl: Write empty JSON object into membership files
  * nspawn-bind-user: Write membership records
  * nspawn/vmspawn: Add --bind-user-group= option
  * core: Add RootDirectoryFileDescriptor=
  * core: Add RootDirectoryFileDescriptor= (#39480)
  * test: migrate test-load-fragment to use ASSERT_* macros
  * parse-util: Add parse_capability_set()
  * machined/import: allow running in per-user mode (#38728)
  * tree-wide: cleanup headers (#39559)
  * tests: Return result from some ASSERT() macros
  * test-event: Migrate to new assertion macros
  * test-bus-objects: Migrate to new assertion macros
  * test-bus-peersockaddr: Migrate to new assertion macros
  * test-bus-server: Migrate to new assertion macros
  * test-bus-watch-bind: Migrate to new assertion macros
  * test-bus-chat: Migrate to TEST() and new assertion macros
  * test-rm-rf: Migrate to new assertion macros
  * Migrate various tests to new assertion macros (#39691)
  * run0: Never ask --empower sessions for polkit auth
  * test-varlink: Migrate to new assertion macros
  * test: use new macros and move several test cases (#39708)
  * shared: Forward declare InstallChange in shared-forward.h
  * bus-wait-for-jobs: Make sure we always debug log
  * stdio-bridge: Add --quiet option
  * stdio-bridge: Fix --user
  * sd-bus: Pass --user and --quiet to systemd-stdio-bridge if local
  * test-id128: Check capability instead of uid
  * test-rm-rf: Check capabilities
  * test-cgroup-util: Skip test on ESTALE
  * sd-event: Mark post sources as pending after dispatching
  * sd-event: Only register memory presure if write buffer size is zero
  * sd-event: Drop faulty shortcut
  * sd-event: Allow passing WNOWAIT to sd_event_add_child()
  * run0: Make --same-root-dir available for run0
  * sd-event: Add exit-on-idle support
  * sd-event: Make sure iterations of defer and exit sources are updated
  * basic-forward: Add WaitFlags forward decl
  * log-context: Don't add log context if value is NULL
  * Three new sd-event features + various fixes (#39608)
  * sd-event: Add comment in event_source_offline() for memory pressure
  * sd-event: Move SOURCE_POST check into mark_post_sources_pending()
  * sd-event: several follow-ups for recent change (#39743)
  * Various documentation updates
  * mkosi: Add sanitizer libraries to the CentOS/Fedora tools tree
  * libudev: Don't pull in libshared_static
  * tools: Add script to detect unused symbols in libshared
  * Make file-hierarchy.7 link to two online docs and drop most of the contents (#39412)
  * mkosi: Install valgrind in tools tree
  * mkosi: update fedora commit reference to 12f95f807fef5075a8842dd107f83b4c41d5ac26
  * mkosi: Drop IWYU
  * sd-bus: Exit event loop with error code instead of EXIT_FAILURE
  * run0: Add note about processes having privileges over --empower sessions
  * test-journald-config: Modernize test
  * clang-tidy: Fix all remaining misc-include-cleaner violations
  * clang-tidy: Enable misc-include-cleaner check
  * docs: Document cast formatting rules
  * tests: Assume we're running in a chroot if check fails
  * test-reread-partition-table: Only check for CAP_SYS_ADMIN
  * test-reread-partition-table: Don't keep open fds around
  * meson: Still build libshared even if libmount is disabled
  * meson: Still build libshared even if libmount is disabled (#39871)
  * run0: Stay in cwd if --empower is specified without a user
  * test: Skip protect_kernel_logs test if libmount is missing
  * core: Make libmount optional
  * core: Make libmount optional (#39878)
  * mkosi: update mkosi commit reference to 10544812b35a668d4aac9834c78ee8166e99bc78
  * mkosi: Rework how the pkgenv environment variables are set
  * mkosi: Add hyperscale profile
  * mkosi: Add fixed qemu ppa for Noble temporarily
  * TEST-88-UPGRADE: Stop resolved hook socket before downgrading
  * mkosi: Add hyperscale profile (#39329)
  * boot: Fix warning
  * run0: Give --empower its own color, title and emoji
  * tree-wide: sizeof() fixes
  * tree-wide: Fix constness issues with newer glibc
  * run: Don't make executable absolute when --root-directory= is used
  * tree-wide: Small fixes for various clang-tidy warnings
  * fsprg: Drop const from gcry_mpi_t arguments
  * core: Rename error sd_bus_error parameters to reterr_error
  * import: Make naming consistent
  * tree-wide: Fix declaration/definition parameter name mismatches
  * dissect: Stop refusing external verity settings for mountfsd
  * Update mkosi reference and drop use of deprecated RuntimeScratch=/--runtime-scratch= (#40016)
  * machine: Fix hardcoded /var/lib/machines paths
  * test: Stop using grep -q in integration test
  * tree-wide: Use meson test -q
  * discover-image: Rework image_make()
  * mount-util: Add mount_fd_clone() helper
  * namespace: Clone root dir descriptor before use
  * TEST-50-DISSECT: Make sure RootDirectoryFileDescriptor= can be reused
  * namespace: Clone root dir descriptor before use (#39939)

  [ Helmut Grohne ]
  * Add basic support for the noinsttest build profile
  * Annotate dbus build dependency with <!noinsttest>
  * Fix FTCBFS: Annotate python3-jinja2 dependency with :native
  * Mark systemd-userdbd and systemd-homed as !stage1
  * Conditionalize installation of cryptsetup plugins in stage1 using dh-exec
  * Explicitly B-D on libcrypt-dev
  * duplicate udev trigger interest for /usr-merge
  * Also delete lib/systemd/system/local-fs.target.wants
  * Restore diverted symlinks in systemd-sysv.postinst that may have been lost due to /usr-merge
  * network: configure a tun host0 interface in a container
  * Fix stage1 build
  * salsa-ci: test the stage1 build profile
  * bpf: fix cross build failure on Debian
  * Mirror dmi_arches from meson.build into debian/udev.install
  * Update architecture match for 50-pid-max.conf
  * Update architecture match for 50-pid-max.conf (v3)

  [ Alexis-Emmanuel Haeringer ]
  * conf-files: include the expected suffix in the 'unexpected suffix' debug message.

  [ Kai Lueke ]
  * man: Do not recommend to overlay files with sysext even if possible
  * man: Document mask workaround for sysext images
  * man: Use correct target type for sysupdate entry
  * sysext: support distribution-independent extensions using ID=_any
  * sysext: introduce ARCHITECTURE field to match host architecture
  * man: Correct information on sysext masking
  * Use original filename for extension name check
  * man/systemd-dissect.xml: Remove old sysext path, add confext path
  * systemd-sysext/confext.service: Refresh on start/reload
  * man: Remove OSConfig project mentioning for systemd-confext
  * test: Add missing test cleanup for the last sysext test
  * sysext: Check for /etc/initrd-release in given --root= tree
  * sysext: Fix config file support with --root=
  * man/sysext.conf: Fix section name to match code

  [ Fletcher Woodruff ]
  * resolve: use strcmp when comparing DnsServer names

  [ Antonio Alvarez Feijoo ]
  * meson: add missing include directory when using xkbcommon
  * cryptsetup: fix typo
  * cryptsetup: fall back to traditional unlocking if any TPM2 operation fails
  * man: add missing arguments to systemd-creds synopsis
  * cryptenroll: fix typo
  * bash-completion: fix typos in comments
  * bash-completion: add systemd-cryptenroll support
  * cryptsetup: improve password prompt text
  * update TODO
  * sysext: add missing COMMAND to the help output and man synopsis
  * bash-completion: add systemd-sysext support
  * man: remove reference to mkinitrd
  * bash-completion: add missing options to systemd-cryptenroll
  * man/portablectl: fix references to options
  * dissect: add missing --umount to the help output
  * bash-completion: add systemd-dissect support
  * dissect: add --list option
  * kernel-install/90-loaderentry: do not add multiple systemd.machine_id options
  * kernel-install/90-loaderentry: do not override an existing systemd.machine_id
  * cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGED
  * systemctl: fix typo
  * bash-completion: add missing --unlock-fido2-device to systemd-cryptenroll
  * man: add missing --unlock-fido2-device to systemd-cryptenroll
  * man: fix typo in systemd.generator
  * gpt-auto-generator: fix typo
  * man/network-generator: replace dracut.kernel reference with dracut.cmdline
  * fs-util: fix typo in comment
  * generator: add generator_open_unit_file_full to allow creating temporary units
  * network-generator: rewrite unit if it already exists and its content changed
  * man/systemd-sysext: correct explanation of confexts directories
  * man: fix references to gethostname/sethostname
  * firstboot: fix typo
  * tpm2-util: remove unnecessary semicolon
  * man/systemd-fsck@.service: clarify passno and noauto combination in /etc/fstab
  * man/kernel-install: document missing $KERNEL_INSTALL_IMAGE_TYPE
  * man/systemd-dissect: various fixes
  * bash-completion: add missing commands and options to systemd-dissect
  * net_id: add missing naming scheme name for v254
  * timedatectl: add missing commands to the help output
  * cryptenroll: fix bind default TPM2 signed policy to PCR 11
  * repart: do not ignore `tpm2-pcr-public-key.pem`
  * cryptsetup: do not print (null) if pkcs11 uri not set
  * man/measure: document --uname
  * man/bootctl: fix --dry-run entry
  * bootctl: fix -q option
  * bootspec: fix typo
  * bootctl: fix code comment
  * tree-wide: use SPECIAL_BASIC_TARGET
  * run: use SPECIAL_USER_SLICE
  * tmpfiles: fix memory leak in arg_exclude_prefixes
  * analyze: fix -q option
  * analyze: man and --help fixes
  * kernel-install: fix memory leak
  * coredumpctl: fix memory leak
  * kernel-install: clarify what is currently supported with --root and --image
  * firstboot: fix typo and add missing option to help text
  * firstboot: fix memory leak
  * repart: fix memory leak
  * Revert "initrd-parse-etc: override argv[0] to avoid dracut issue"
  * analyze: clarify that `security --offline=true` requires an argument
  * systemctl-is-system-running: display "offline" with --image
  * Revert "man: add missing <cmdsynopsis> wrapper"
  * bash-completion: add missing options to systemd-cryptenroll
  * bash-completion: add missing options to systemd-dissect
  * dissect: fix typo
  * bootctl: return earlier with `--print-esp-path`
  * man/bootctl: typo in `--print-boot-path` description
  * conf-parser: fix OOM check
  * man/systemd-bsod: fix command path
  * creds: fix typo
  * gpt-auto-generator: fix argument passed to `parse_image_policy_argument`
  * cryptsetup-tokens: fix typo in comments
  * core: remove duplicate serialization of `cpu_sched_reset_on_fork`
  * extract-word: update remaining calls to `extract_many_words`
  * man/kernel-install: add `add-all` command to synopsis
  * tree-wide: drop custom formatting for print() help messages
  * shared/service-util: actually use the `bus_introspect` argument in `help()`
  * logind: place 'ret' param at last
  * logind-inhibit: get rid of basename() in inhibitor_new()
  * homed: fix typo
  * efi: skip check-alignment-* tests if pefile is not installed
  * dissect: fix memory leak
  * journalctl-show/util: add missing header
  * cryptsetup-tokens: fix argument order mismatch in function
  * sd-journal: fix check in `journal_file_verify_header()`
  * core: fix typo
  * vmspawn: fix `sd_bus_message_append()` arguments and add missing error check
  * test-date: add missing header
  * test: add missing header to test.h
  * tools/check-version-history: skip test if lxml is not installed
  * journal-remote: fix two minor memory leaks
  * bus-polkit: fix return value for `varlink_allow_interactive_authentication()`
  * journal-gatewayd: remove duplicate call to `startswith()`
  * boot: fix assignment of ret_* variables in `initrd_prepare()`
  * man/systemd-stub: fix typo
  * stub: get uname from image before loading addons
  * cpio: fix assert
  * sysext: do not return 0 if `unmerge()` fails in the `refresh()` function.
  * cryptsetup-tokens: fix pin asserts
  * NEWS: fix minimum dracut version required for systemd v256
  * boot: fix argument name mismatch in two functions
  * network-generator: add missing return on error after the logging refactor
  * importctl: fix flag checking against wrong variable
  * test-ip-protocol-list: include missing_network.h instead of netinet/in.h
  * repart: fix memory leak
  * udev-spawn: fix typo and simplify code
  * kernel-install: correct the place where it works in man and help text
  * conf-parser: set standard pointer alignment
  * conf-parser: print why config_parse_iec_uint64() fails
  * man/varlinkctl: add `list-methods` command to synopsis and fix typo
  * man/repart: use <varname> instead of <variable>
  * nsresourced: fix build without libbpf
  * core: fix copy/paste error
  * updatectl: remove unimplemented option
  * man: fix links to veritysetup(8)
  * man/veritysetup-generator: document veritytab kernel command line option
  * veritysetup-generator: remove unused code
  * sbsign: remove unimplemented options
  * man/systemd-keyutil: fix rendering typo
  * sbsign: remove unused --no-pager option
  * cryptenroll: show better log message if slot to wipe does not exist
  * man/kernel-command-line: fix typo
  * cryptenroll: fix typo
  * bash-completion: add --list-devices to systemd-cryptenroll
  * tpm2-util: fix parameter name
  * man: remove references to invalid rd.systemd.image_policy option
  * man/systemd-cryptenroll: sort --fido2-credential-algorithm after --fido2-device
  * libfido2-util: reorder dl symbols alphabetically
  * libfido2-util: show also verity features when listing FIDO2 devices
  * man/systemd-cryptenroll: sort --fido2-credential-algorithm after --fido2-device
  * boot: do not build test-hwids-section.c if ukify is disabled
  * man/debug-generator: add a section for kernel command line options
  * debug-generator: add a kernel cmdline option to pause the boot process
  * vmspawn-register: add missing header for glibc < 2.34
  * udevd: add missing header for glibc < 2.34
  * ukify: fix typos
  * mkosi: update openSUSE commit reference
  * mkosi: add libopenssl devel package to openSUSE tools tree
  * mkosi: switch to github mirror of openSUSE sources from build.opensuse.org
  * man/debug-generator: replace "main system" with "host"
  * units/breakpoint-pre-basic.service: explicitly order it before sysroot.mount
  * debug-generator: use helper to check breakpoint validity
  * units: some improvements in breakpoint-* units.
  * mkosi: update openSUSE commit reference
  * mkosi: add libopenssl devel package to openSUSE tools tree
  * mkosi: switch to github mirror of openSUSE sources from build.opensuse.org
  * tools/fetch-distro: support the case where the sources are in a subdirectory
  * import/pull-tar: fix flag set
  * import/pull-tar: fix flag set
  * umount: do not move busy network mounts
  * umount: do not move busy network mounts
  * gpt-auto-generator: fix memory leak
  * log: fix declaration of log_dispatch_internal()
  * log: fix declaration of log_dispatch_internal()
  * ptyfwd: use hostname argument in pty_forward_set_window_title() if set
  * generate-bpf-delegate-configs: fix compatibility with Python 3.7
  * systemctl: remove unnecessary assignment
  * bootctl: specify that kernel image commands require a kernel image argument
  * test-nss-hosts: do not call seccomp functions if HAVE_SECCOMP is not set
  * resolvectl: add missing error check
  * tree-wide: avoid logging 2 error messages if table_print_with_pager() fails
  * bootctl: fix reference to non-existent option in error log
  * bootctl: clarify that --secure-boot-auto-enroll requires a boolean value
  * man/bootctl: replace reference to --no-variables with --variables=no
  * bash-completion/bootctl: add missing options and verb
  * libaudit-util: fix build with audit disabled
  * libblkid: fix build with blkid disabled
  * mute-console: remove unimplemented option
  * man/factory-reset: fix typo in EFI variable name
  * creds: fix return type from normalize_separator()
  * man/factory-reset: fix typo in EFI variable name
  * test: enable TEST-06-SELINUX in openSUSE
  * meson: fix HAVE_LIBARCHIVE_* conditions
  * gpt-auto-generator: fix typo in crypttab option name
  * run: fix two minor memory leaks
  * man/inhibit: mention handle-reboot-key operation
  * run-generator: use generator_add_symlink()
  * vmspawn: fix typo in log specifier

  [ Temuri Doghonadze ]
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)
  * po: Translated using Weblate (Georgian)

  [ David Tardon ]
  * timer: simplify computation of unit activation time
  * udev/fido_id: fix program name in usage output
  * udev: do not hardcode program name
  * add test for ExecStopPost
  * run: add -u as a synonym for --unit
  * udev-ctrl: drop workaround for old kernel bug
  * udev-rules: drop pointless cast
  * journal-gatewayd: use automatic cleanup
  * journal-upload: cleanup CURL* on error
  * journal-upload: make the curl_slist cleanup actually work
  * journal-upload: use _cleanup_ for curl_slist
  * systemctl-edit: don't leak the old value of contents
  * resolved-dns-rr: don't leak s if base64_append fails
  * resolved-dns-rr: avoid unnecessary reassignment
  * resolved-dns-rr: use already existing variable
  * resolved-dns-rr: drop unneeded braces
  * man: document differences in clean exit status for Type=oneshot
  * local-addresses: fix use of uninitialized value
  * use the right member to define property
  * test-install-root: create referenced targets
  * test-install-root: add test for unknown WantedBy= target
  * udev: replace strtoul by safe_ato*
  * udev-builtin-keyboard: drop unnecessary {}
  * remove a left-over break
  * machined-varlink: fix double free
  * devnode-acl: use _cleanup_ to free acl_t
  * logind-user: log about the right unit
  * logind-session-dbus: allow to set display name via dbus
  * tree-wide: allow ASCII fallback for → in logs
  * tree-wide: allow ASCII fallback for … in logs
  * test: ensure cleanup functions return success
  * test: add test for org.freedesktop.login1.Session SetType
  * test: add test for org.freedesktop.login1.Session SetDisplay
  * loginctl: add linger status to list-users output
  * test: add a simple test for list-users
  * test: merge grep | awk calls
  * systemctl: include upheld units in dependencies
  * systemctl: reduce var. scope and shorten the code a bit
  * systemctl: drop unneeded condition
  * systemctl: extract output of legend to a function
  * systemctl: simplify var. definition a bit
  * systemctl: add list-automounts verb
  * man: document systemctl list-automounts
  * shell-completion: add systemctl list-automounts
  * core: allow to set default timeout for devices
  * man: document DefaultDeviceTimeoutSec=
  * man: update dbus docs
  * tree-wide: use ASSERT_PTR more
  * tree-wide: check parameter before dereferencing
  * dbus-execute: inline variable definition
  * macro-fundamental: allow to nest ASSERT_PTR
  * tree-wide: use nested ASSERT_PTR
  * analyze-calendar: avoid unnecessary abbreviation
  * analyze-calendar: port to vertical table
  * analyze-timestamp: port to vertical table
  * analyze-timespan: port to vertical table
  * analyze-inspect-elf: port to vertical table
  * hostnamectl: port to vertical table
  * localectl: port to vertical table
  * mountpoint-util: reduce variable scope
  * ratelimit: drop use of goto
  * busctl-introspect: use _cleanup_
  * localed-util: use _cleanup_ harder
  * machine: use _cleanup_ in machine_new
  * machine: propagate error from machine_new
  * btrfs-util: shorten a bit
  * swap: tell swapon to reinitialize swap if needed
  * mount: handle bind mount of file with non-existing target
  * sd-path: export env. generators paths
  * systemctl: extract code to a helper function
  * systemctl: use table_add_triggered
  * systemctl: extract common code to a function
  * systemctl: prepend machine ID to unit ID in list-sockets
  * systemctl: add list-paths verb
  * man: document systemctl list-paths
  * shell-completion: add systemctl list-paths
  * test: add a minimal test for list-paths
  * install: fail early if specifier expansion failed
  * logind-session: make stopping of idle session visible to admins
  * tree-wide: initialize fds with -EBADF
  * bootctl: drop unneeded initialization
  * test: add coverage test for udevadm
  * systemctl: print better message if default target is masked
  * systemctl: fix indentation of circular deps
  * systemctl: fix formatting of circular dep.
  * systemctl: always print circular deps. at the end
  * systemctl: drop stray empty line
  * systemctl: move printing of state to the printing func.
  * labeler: add journal label also for sd-journal stuff
  * journal-vacuum: count size of all journal files
  * journal-vacuum: rename function to match struct name
  * journal-vacuum: use CLEANUP_ARRAY
  * install: define hash_ops for UnitFileList
  * dbus-manager: use _cleanup_ for UnitFileList hash
  * dbus-manager: use CLEANUP_ARRAY
  * dbus-manager: use CLEANUP_ARRAY
  * machinectl: use CLEANUP_ARRAY
  * machinectl: drop unneeded else
  * machinectl: do not repeat the same comparison
  * portablectl: use CLEANUP_ARRAY
  * systemctl-add-dependency: use CLEANUP_ARRAY
  * systemctl-add-dependency: shorten code a tiny bit
  * systemctl-enable: use CLEANUP_ARRAY
  * systemctl-preset-all: use CLEANUP_ARRAY
  * systemctl-preset-all: shorten code a tiny bit
  * systemctl-set-default: use CLEANUP_ARRAY
  * execute: use CLEANUP_ARRAY
  * execute: use more automatic cleanup
  * execute: use CLEANUP_ARRAY
  * sd-bus: use CLEANUP_ARRAY
  * sd-bus: use _cleanup_
  * portabled-bus: use CLEANUP_ARRAY
  * portabled-image-bus: use CLEANUP_ARRAY
  * portabled-image-bus: use CLEANUP_ARRAY
  * portabled-image-bus: use CLEANUP_ARRAY
  * tree-wide: drop unneeded output params
  * systemctl: reduce variable scope
  * systemctl: use _cleanup_ for UnitFileList hash
  * systemctl: drop stray assignment
  * systemctl-list-unit-files: drop workaround for Coverity
  * test: use _cleanup_ for UnitFileList hash
  * install: drop unused function
  * install: rename function
  * systemctl: fix a memory leak
  * test: also test client-side operation if applicable
  * tree-wide: use TAKE_STRUCT
  * tree-wide: add some asserts
  * install: fix memory leak if GREEDY_REALLOC() fails
  * tree-wide: rename cleanup function
  * install: use FOREACH_ARRAY
  * test: shorten a bit
  * test-fdset: use _cleanup_
  * test: use _cleanup_ for temp. files
  * test-calendarspec: use _cleanup_
  * test-set: use _cleanup_
  * test-hashmap-plain: use _cleanup_
  * env-util: use _cleanup_ in strv_env_delete()
  * env-util: rename variable
  * env-util: use _cleanup_ in replace_env_argv()
  * env-util: use more _cleanup_ in replace_env_argv()
  * logind-core: modernize button_free()
  * logind-core: drop unneeded check for NULL
  * logind: rename function to avoid confusion
  * path-util: use _cleanup_
  * specifier: use _cleanup_
  * initctl: add assert
  * initctl: use _cleanup_
  * transaction: modernize transaction_free()
  * transaction: introduce transaction_abort_and_free()
  * manager: use _cleanup_ in manager_add_job()
  * manager: use _cleanup_ in manager_propagate_reload()
  * transaction: make transaction_free() static
  * homed-manager-bus: use _cleanup_
  * logind-session-device: modernize session_device_free()
  * logind-session-dbus: use _cleanup_
  * main: add missing return
  * fd-util: introduce parse_fd()
  * test: add a test for parse_fd()
  * tree-wide: use parse_fd()
  * main: improve log message
  * login: do not hardcode tty used in TEST-35-LOGIN
  * login: add test for SetIdleHint
  * test: extend test for loginctl list-*
  * loginctl: shorten variable name
  * loginctl: use bus_map_all_properties
  * tree-wide: convert more system1.Manager calls to BusLocator
  * tree-wide: convert more login1.Manager calls to BusLocator
  * login: use NULL to denote arg-less method call
  * sleep: convert a home1.Manager call to BusLocator
  * journalctl: convert a machine1.Manager call to BusLocator
  * tree-wide: convert more resolve1.Manager calls to BusLocator
  * hostnamectl: convert more hostname1 calls to BusLocator
  * bus-locator: declare bus locator for oom1 and timesync1
  * bus-locator: sort the list
  * oomctl: convert a oom1.Manager call to BusLocator
  * loginctl: show session idle status in list-sessions
  * tree-wide: use free_and_replace() more
  * tree-wide: use free_and_str*dup() more
  * journal-upload: use mfree()
  * tree-wide: use timestamp_is_set() at more places
  * timer: use dual_timestamp_is_set() at one more place
  * system-update-generator: drop pointless goto
  * resolved-dns-rr: use automatic cleanup
  * man: add trailing =
  * gpt-auto-generator: also honor systemd.swap=no
  * resolvectl: drop extra colon
  * pam_systemd_home: suppress LOG_DEBUG msgs if debugging is off
  * udevadm-control: fix error message
  * bus-polkit: add an assert
  * bus-polkit: return NULL from _free function
  * bus-polkit: move verification to a separate function
  * bus-polkit: extract creation of polkit call to a function
  * bus-polkit: decrease indentation
  * bus-polkit: merge variable declarations
  * bus-polkit: drop unnecessary else
  * bus-polkit: put function params to a single line
  * docs: fix order
  * bus-polkit: use automatic cleanup
  * bus-polkit: drop unused argument
  * bus-polkit: refactor a bit to avoid goto
  * bus-polkit: describe async. polkit verification
  * bus-polkit: extract action into a separate struct
  * bus-polkit: parse reply from polkit on receive
  * bus-polkit: allow to auth. a bus call for multiple actions
  * bus-polkit: avoid extra variable
  * core: free the strings in the set in other places too
  * list: add LIST_CLEAR() helper that empties the list
  * tree-wide: use LIST_CLEAR()
  * tree-wide: use LIST_POP()
  * systemctl-show: rename cleanup function
  * open-file: add missing assert
  * bus-polkit: don't propagate error from polkit
  * varlink: define interface io.systemd.service
  * varlink: add generic impl. of io.systemd.varlink.Ping()
  * varlink: add generic impl. of io.systemd.service.SetLogLevel()
  * udevadm-control: parse all args in advance
  * udevadm-control: return early if --exit is used
  * udev-ctrl: drop the unused maybe_disconnected stuff
  * udev-manager: actually remove the property
  * udev-manager: mark old_key as unused too
  * udev-util: add wrapper for sd_device_get_property_value()
  * udev-rules: use udev_get_property_value()
  * udev: allow global properties in assignments
  * tests: add test for udevadm control -p
  * test: read from the right device
  * udev-manager: fix log message
  * openssl-util: avoid freeing invalid pointer
  * man: use <simplelist> for 'See also' sections
  * man: capitalize "also" for consistency
  * man: match doctype and root element
  * man: add required <title>
  * man: add missing <cmdsynopsis> wrapper
  * man: add missing <listitem>
  * man: move </listitem> to the right position
  * man: move misplaced </varlistentry>
  * man: wrap the whole description in <listitem>
  * man: use just one <listitem> for the description
  * man: wrap sentinel in <parameter>
  * man: drop stray empty paragraph
  * man: fix markup
  * man: fix option value
  * man: fix markup
  * man: use the right element for untitled example
  * man: adjust indentation
  * man: fix plural
  * man: use <simplelist> at one more place
  * man: use better-fitting markup
  * man: sprinkle some more markup around
  * man: add a missing space
  * man: use <warning> for warnings
  * man: fix xpointer expression
  * man: drop output redir. from cmd. synopsis
  * man: add an extra <refsect2>
  * man: make ID valid
  * man: fix markup
  * man: fix markup
  * man: fix markup
  * man: move macro decls. out of <funcsynopsis>
  * man: drop an extra <member>
  * man: use <refsect1> instead of <refsection>
  * man: use same version in public and system ident.
  * man: match doctype and root element
  * man: add required <title>
  * man: fix indentation
  * man: fix markup
  * man: move macro decls. out of <funcsynopsis>
  * man: restrict <command> to the actual command
  * man: fix markup
  * man: fix <cmdsynopsis> content
  * man: move </variablelist> to the right place
  * man: fix markup
  * man: rewrite as <group>
  * conf-parser: generalize config_parse_config_file()
  * udevd: use config. parser to parse udev.conf
  * udev-util: use config. parser to parse udev.conf
  * udev-util: drop unused function
  * udev: factor out config parser call into function
  * man: update udev.conf man page
  * test: use dropin dir
  * test: add a test for #31384
  * discover-image: pass the right error variable
  * journal-remote-main: pass the right error variable
  * bless-boot: pass the right error variable
  * main: pass the right error variable
  * exec-invoke: pass the right error variable
  * resolved-dns-stream: pass the right error variable
  * manager: pass the right error variable
  * cgroup-show: pass the right error variable
  * userns-restrict: pass the right error variable
  * nspawn: pass the right error variable
  * test-socket-bind: pass the right error variable
  * test-bpf-restrict-fs: pass the right error variable
  * test-bpf-foreign-programs: pass the right error variable
  * homed-manager: pass the right error variable
  * homework-fscrypt: pass the right error variable
  * homework-blob: pass the right error variable
  * homework-quota: pass the right error variable
  * udev-rules: pass the right error variable
  * clean-ipc: pass the right error variable
  * journald-server: drop invalid assert()
  * journald-server: drop another invalid assert()
  * cryptsetup-generator: refactor add_crypttab_devices()
  * cryptsetup-generator: continue parsing after error
  * cryptsetup-generator: parse all cmdline devices too
  * cryptsetup-generator: always process cmdline devices
  * shell-completion: only offer devices for completion
  * varlink: fix license
  * test: add a reproducer for #33672
  * logind-dbus: check auth. for all inhibitor operations
  * sd-event: do not assert on invalid signal
  * logind-dbus: really cancel scheduled shutdown
  * execute: free syscall_log hashmap when done
  * bus-polkit: shortcut auth. after first denial
  * udevadm-trigger: add vertical space to separate cases
  * udevadm-trigger: split arg. parsing into a separate function
  * udevadm: move key/value parsing func. to udevadm-util.c
  * udevadm: allow key without a value
  * test: extend udevadm coverage test a bit
  * udevadm-trigger: replace home-made key/value splitting function
  * udevadm-trigger: add prefix to enumeration values
  * udevadm-trigger: use string table to parse scan type
  * udevadm-info: move static dtor closer to args
  * udevadm-info: make arg_pager_flags static
  * udevadm-info: drop superfluous pager_open() call
  * udevadm-info: split arg. parsing into a separate function
  * udevadm-info: reject devices passed via opts too
  * udevadm-info: shorten the code a bit
  * udevadm-info: drop args of stat_device()
  * udevadm-info: use string table to parse query type
  * export: use table to parse --format=
  * cgtop: use table to parse --order=
  * cgtop: use table to parse --cpu=
  * cgtop: rename enum value to match its string repr.
  * homectl: use table to parse --export-format=
  * vpick-tool: use table to parse --print=
  * userdbctl: require value for --output=
  * userdbctl: use table to parse --output=
  * main: extract common code to a function
  * nspawn: use table to parse --console=
  * nspawn: postpone selection of console mode
  * nspawn: set arguments directly
  * nspawn: inline handle_arg_console() to its only call place
  * tree-wide: combine DUMP_STRING_TABLE() and return
  * homectl: fix memory leak
  * ask-password-api: return if read_credential() failed
  * logind-dbus: avoid assertion on HandlePowerKey=factory-reset
  * udev-rules: use the right variable
  * find-esp: replace assert by a runtime check
  * find-esp: consistently quote paths in log messages
  * tree-wide: flatten nested error checks
  * manager-serialize: add logging for ENOMEM

  [ Pasquale van Heumen ]
  * resolve: always read /etc/resolv.conf on reload systemd-resolved

  [ Ricardo Salveti ]
  * boot: handle empty initrd files (#40040)

  [ Martin Srebotnjak ]
  * po: Translated using Weblate (Slovenian)
  * po: Translated using Weblate (Slovenian)
  * po: Translated using Weblate (Slovenian)
  * po: Translated using Weblate (Slovenian)
  * po: Translated using Weblate (Slovenian)
  * po: Translated using Weblate (Slovenian)
  * po: Translated using Weblate (Slovenian)
  * po: Translated using Weblate (Slovenian)
  * po: Translated using Weblate (Slovenian)
  * po: Translated using Weblate (Slovenian)

  [ Jeremy Kerr ]
  * udev-builtin-net_id: fix construction of USB specifier-based names

  [ Lukáš Zaoral ]
  * ukify: prefer compression.zstd when available

  [ q66 ]
  * strbuf: use GREEDY_REALLOC to grow the buffer
  * import: include unistd.h for pipe2
  * meson: drop ln --relative check
  * meson: try BSD-style stat(1) syntax when failing mtime check
  * meson: try BSD-style date(1) for alt_time_epoch as a fallback
  * vcs-tag.sh: use portable sed argument order

  [ Stephanie Wilde-Hobbs ]
  * hwdb: add Magic Trackpad v2 USB-C (2024) to quirks (#40032)

  [ Morgan ]
  * logind: fix initial button state is not fetched when device is registered late (#39978)

  [ Rebecca Cran ]
  * hwdb,rules: add 82-net-auto-link-local.{hwdb,rules} to build
  * hwdb: Add BMC USB-to-USB link devices to 82-net-auto-link-local.hwdb

  [ Daniel Rusek ]
  * po: Translated using Weblate (Czech)
  * po: Translated using Weblate (Czech)
  * po: Translated using Weblate (Czech)
  * test: split the resolved test suite into separate test cases
  * po: Translated using Weblate (Czech)
  * po: Translated using Weblate (Czech)

  [ Pavel Borecki ]
  * po: Translated using Weblate (Czech)
  * po: Translated using Weblate (Czech)
  * po: Translated using Weblate (Czech)
  * po: Translated using Weblate (Czech)

  [ Colin Walters ]
  * tree-wide: Use "unmet" for condition checks, not "failed"
  * tree-wide: A few more uses of "unmet" for conditions
  * docs/CREDENTIALS: Don't write authorized_keys with executable bits
  * man: Clarify secure-boot-enroll defaults

  [ Alexandru Tocar ]
  * man: drop --import-credential mention from systemd-nspawn(1)

  [ Antonio Álvarez Feijoo ]
  * kernel-install: exit with option --json=help (#39974)

  [ dependabot[bot] ]
  * build(deps): bump actions/checkout from 2 to 2.4.0
  * build(deps): bump github/super-linter from 4.8.1 to 4.8.3
  * build(deps): bump github/super-linter from 4.8.3 to 4.8.4
  * build(deps): bump github/codeql-action from 1.0.22 to 1.0.23
  * build(deps): bump github/codeql-action from 1.0.23 to 1.0.24
  * build(deps): bump github/codeql-action from 1.0.24 to 1.0.25
  * build(deps): bump github/codeql-action from 1.0.25 to 1.0.26
  * build(deps): bump actions/upload-artifact from 2.2.4 to 2.3.0
  * build(deps): bump actions/upload-artifact from 2.3.0 to 2.3.1
  * build(deps): bump github/super-linter from 4.8.4 to 4.8.5
  * build(deps): bump meson from 0.60.2 to 0.60.3 in /.github/workflows
  * build(deps): bump github/codeql-action from 1.0.26 to 1.0.27
  * build(deps): bump github/codeql-action from 1.0.27 to 1.0.29
  * build(deps): bump actions/labeler from 3.0.2 to 3.1.0
  * build(deps): bump github/codeql-action from 1.0.29 to 1.1.3
  * build(deps): bump meson from 0.60.3 to 0.61.2 in /.github/workflows
  * build(deps): bump github/super-linter from 4.8.5 to 4.9.1
  * build(deps): bump github/codeql-action from 1.1.3 to 2.1.6
  * build(deps): bump actions/checkout from 2.4.0 to 3
  * build(deps): bump actions/labeler from 3.1.0 to 4
  * build(deps): bump meson from 0.61.2 to 0.62.0 in /.github/workflows
  * build(deps): bump actions/checkout from 3.0.0 to 3.0.2
  * build(deps): bump github/super-linter from 4.9.1 to 4.9.2
  * build(deps): bump github/super-linter from 4.9.3 to 4.9.4
  * build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0
  * build(deps): bump github/codeql-action from 2.1.6 to 2.1.15
  * build(deps): bump meson from 0.62.0 to 0.62.2 in /.github/workflows
  * build(deps): bump actions/setup-node from 3.3.0 to 3.4.1
  * build(deps): bump github/super-linter from 4.9.4 to 4.9.5
  * build(deps): bump github/codeql-action from 2.1.15 to 2.1.17
  * build(deps): bump meson from 0.62.2 to 0.63.0 in /.github/workflows
  * build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
  * build(deps): bump github/super-linter from 4.9.5 to 4.9.6
  * build(deps): bump meson from 0.63.0 to 0.63.1 in /.github/workflows
  * build(deps): bump meson from 0.63.1 to 0.63.2 in /.github/workflows
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump actions/labeler from 4.0.0 to 4.0.1
  * build(deps): bump ninja from 1.10.2.3 to 1.10.2.4 in /.github/workflows
  * build(deps): bump ossf/scorecard-action from 2.0.4 to 2.0.6
  * build(deps): bump systemd/mkosi
  * build(deps): bump meson from 0.63.2 to 0.63.3 in /.github/workflows
  * build(deps): bump github/codeql-action from 2.1.17 to 2.1.29
  * build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
  * build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump meson from 0.63.3 to 0.64.1 in /.github/workflows
  * build(deps): bump ninja from 1.10.2.4 to 1.11.1 in /.github/workflows
  * build(deps): bump meson from 0.64.1 to 1.0.0 in /.github/workflows
  * build(deps): bump actions/checkout from 3.0.2 to 3.2.0
  * build(deps): bump github/super-linter from 4.9.6 to 4.9.7
  * build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.2
  * build(deps): bump stefanbuck/github-issue-parser from 2.0.4 to 3.0.1
  * build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
  * build(deps): bump actions/github-script from 6.3.3 to 6.4.0
  * build(deps): bump systemd/mkosi
  * build(deps): bump actions/checkout from 3.2.0 to 3.3.0
  * build(deps): bump meson from 1.0.0 to 1.0.1 in /.github/workflows
  * build(deps): bump actions/labeler from 4.0.1 to 4.0.2
  * build(deps): bump github/codeql-action from 2.1.29 to 2.2.5
  * build(deps): bump systemd/mkosi
  * build(deps): bump github/super-linter from 4.9.7 to 4.10.1
  * build(deps): bump actions/labeler from 4.0.2 to 4.0.3
  * build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
  * build(deps): bump github/codeql-action from 2.2.5 to 2.2.9
  * build(deps): bump actions/github-script from 6.4.0 to 6.4.1
  * build(deps): bump github/super-linter from 4.10.1 to 5.0.0
  * build(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2
  * build(deps): bump meson from 1.0.1 to 1.1.0 in /.github/workflows
  * build(deps): bump actions/checkout from 3.3.0 to 3.5.2
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump actions/labeler from 4.0.3 to 4.0.4
  * build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
  * build(deps): bump meson from 1.1.0 to 1.1.1 in /.github/workflows
  * build(deps): bump github/codeql-action from 2.2.9 to 2.3.5
  * build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0
  * build(deps): bump actions/checkout from 3.5.2 to 3.5.3
  * build(deps): bump actions/labeler from 4.0.4 to 4.2.0
  * build(deps): bump github/codeql-action from 2.3.5 to 2.20.1
  * build(deps): bump github/codeql-action from 2.20.1 to 2.21.2
  * build(deps): bump meson from 1.1.1 to 1.2.0 in /.github/workflows
  * build(deps): bump actions/labeler from 4.2.0 to 4.3.0
  * build(deps): bump systemd/mkosi
  * build(deps): bump github/codeql-action from 2.21.2 to 2.21.5
  * build(deps): bump meson from 1.2.0 to 1.2.1 in /.github/workflows
  * build(deps): bump actions/checkout from 3.5.3 to 3.6.0
  * build(deps): bump github/codeql-action from 2.21.5 to 2.21.9
  * build(deps): bump actions/checkout from 3.6.0 to 4.1.0
  * build(deps): bump meson from 1.2.1 to 1.2.2 in /.github/workflows
  * build(deps): bump systemd/mkosi
  * build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump actions/checkout from 4.1.0 to 4.1.1
  * build(deps): bump ninja from 1.11.1 to 1.11.1.1 in /.github/workflows
  * build(deps): bump meson from 1.2.2 to 1.2.3 in /.github/workflows
  * build(deps): bump github/codeql-action from 2.21.9 to 2.22.8
  * build(deps): bump actions/github-script from 6.4.1 to 7.0.1
  * build(deps): bump redhat-plumbers-in-action/devel-freezer
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump meson from 1.2.3 to 1.3.0 in /.github/workflows
  * build(deps): bump meson from 1.3.0 to 1.3.1 in /.github/workflows
  * build(deps): bump actions/upload-artifact from 3.1.2 to 4.0.0
  * build(deps): bump actions/labeler from 4.3.0 to 5.0.0
  * build(deps): bump github/codeql-action from 2.22.8 to 3.22.12
  * build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
  * build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0
  * build(deps): bump systemd/mkosi
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump github/codeql-action from 3.22.12 to 3.24.6
  * build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1
  * build(deps): bump meson from 1.3.1 to 1.3.2 in /.github/workflows
  * build(deps): bump softprops/action-gh-release from 1 to 2
  * build(deps): bump meson from 1.3.2 to 1.4.0 in /.github/workflows
  * build(deps): bump actions/checkout from 4.1.1 to 4.1.2
  * build(deps): bump pkg/debian from `49132a8` to `5451923`
  * build(deps): bump github/codeql-action from 3.24.6 to 3.24.7
  * build(deps): bump pkg/arch from `733045c` to `b33762d`
  * build(deps): bump pkg/debian from `86cd356` to `3b47281`
  * build(deps): bump pkg/fedora from `2822a03` to `2e32a33`
  * build(deps): bump pkg/debian from `3b47281` to `1932e19`
  * build(deps): bump pkg/fedora from `2e32a33` to `f1d3866`
  * build(deps): bump pkg/arch from `4d1ecb0` to `3b86b91`
  * build(deps): bump pkg/opensuse from `af49127` to `acdb1cd`
  * build(deps): bump pkg/debian from `1932e19` to `44fe1d4`
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump pkg/debian from `44fe1d4` to `e780b50`
  * build(deps): bump systemd/mkosi
  * build(deps): bump pkg/fedora from `2822a03` to `3f8c38e`
  * build(deps): bump pkg/fedora from `2822a03` to `3f8c38e`
  * build(deps): bump pkg/fedora from `3f8c38e` to `a379236`
  * build(deps): bump pkg/debian from `e477254` to `30c77a7`
  * build(deps): bump pkg/arch from `ccc32ea` to `124b1da`
  * build(deps): bump pkg/debian from `30c77a7` to `733ac7c`
  * build(deps): bump pkg/debian from `733ac7c` to `4b1f868`
  * build(deps): bump pkg/debian from `4b1f868` to `640ff73`
  * build(deps): bump pkg/debian from `640ff73` to `9a5adf2`
  * build(deps): bump github/super-linter from 5.0.0 to 6
  * build(deps): bump pkg/arch from `6a2bc57` to `dd7aff4`
  * build(deps): bump redhat-plumbers-in-action/gather-pull-request-metadata
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump pkg/arch from `dd7aff4` to `b13e94a`
  * build(deps): bump pkg/debian from `9a5adf2` to `f550017`
  * build(deps): bump pkg/debian from `f550017` to `50b20e2`
  * build(deps): bump pkg/debian from `50b20e2` to `7cc898c`
  * build(deps): bump pkg/debian from `7cc898c` to `824c52f`
  * build(deps): bump pkg/arch from `b13e94a` to `b578e90`
  * build(deps): bump meson from 1.4.0 to 1.4.1 in /.github/workflows
  * build(deps): bump redhat-plumbers-in-action/devel-freezer
  * build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
  * build(deps): bump actions/checkout from 4.1.2 to 4.1.6
  * build(deps): bump softprops/action-gh-release from 2.0.4 to 2.0.5
  * build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump actions/checkout from 4.1.6 to 4.1.7
  * build(deps): bump github/codeql-action from 3.24.7 to 3.25.11
  * build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump systemd/mkosi
  * build(deps): bump meson from 1.4.1 to 1.5.1 in /.github/workflows
  * build(deps): bump github/codeql-action from 3.25.11 to 3.25.15
  * build(deps): bump systemd/mkosi
  * build(deps): bump super-linter/super-linter from 6.6.0 to 7.1.0
  * build(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.8
  * build(deps): bump meson from 1.5.1 to 1.5.2 in /.github/workflows
  * build(deps): bump github/codeql-action from 3.25.15 to 3.26.10
  * build(deps): bump actions/checkout from 4.1.7 to 4.2.0
  * build(deps): bump systemd/mkosi
  * build(deps): bump actions/checkout from 4.2.0 to 4.2.2
  * build(deps): bump meson from 1.5.2 to 1.6.0 in /.github/workflows
  * build(deps): bump systemd/mkosi
  * build(deps): bump ninja from 1.11.1.1 to 1.11.1.2 in /.github/workflows
  * build(deps): bump github/codeql-action from 3.26.10 to 3.27.5
  * build(deps): bump softprops/action-gh-release from 2.0.8 to 2.1.0
  * build(deps): bump coverallsapp/github-action from 2.3.4 to 2.3.6
  * build(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.1
  * build(deps): bump super-linter/super-linter from 7.1.0 to 7.2.1
  * build(deps): bump coverallsapp/github-action from 2.3.4 to 2.3.6
  * build(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.1
  * build(deps): bump super-linter/super-linter from 7.1.0 to 7.2.1
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1
  * build(deps): bump github/codeql-action from 3.27.5 to 3.28.10
  * build(deps): bump redhat-plumbers-in-action/differential-shellcheck
  * build(deps): bump github/codeql-action from 3.27.5 to 3.28.10
  * build(deps): bump meson from 1.6.0 to 1.6.1 in /.github/workflows
  * build(deps): bump super-linter/super-linter from 7.2.1 to 7.3.0
  * build(deps): bump redhat-plumbers-in-action/download-artifact
  * build(deps): bump ninja from 1.11.1.2 to 1.11.1.4 in /.github/workflows
  * build(deps): bump redhat-plumbers-in-action/gather-pull-request-metadata
  * build(deps): bump softprops/action-gh-release from 2.2.1 to 2.2.2
  * build(deps): bump super-linter/super-linter from 7.3.0 to 7.4.0
  * build(deps): bump meson from 1.6.1 to 1.8.1 in /.github/workflows
  * build(deps): bump github/codeql-action from 3.28.10 to 3.28.18
  * build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
  * build(deps): bump meson from 1.8.1 to 1.8.2 in /.github/workflows
  * build(deps): bump github/codeql-action from 3.28.18 to 3.29.2
  * build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2
  * build(deps): bump meson from 1.8.2 to 1.8.3 in /.github/workflows
  * build(deps): bump github/codeql-action from 3.29.2 to 3.29.5
  * build(deps): bump meson from 1.8.3 to 1.9.1 in /.github/workflows
  * build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3
  * build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
  * build(deps): bump softprops/action-gh-release from 2.2.2 to 2.4.1
  * build(deps): bump super-linter/super-linter from 7.4.0 to 8.3.0
  * build(deps): bump softprops/action-gh-release from 2.4.1 to 2.5.0

  [ Mike Gilbert ]
  * test-process-util: do not assume PID 1 has UID=0
  * basic/mountpoint-util: whitelist 'exfat' in fstype_can_uid_gid
  * shared/machine-image: avoid passing NULL to log_debug_errno
  * analyze: declare dump_exit_status outside of HAVE_SECCOMP block
  * test-proc-cmdline: disable EFI-dependent tests when EFI is disabled
  * seccomp: real syscall numbers are >= 0
  * network: remove unnecessary link->ifname from debug log statements
  * userdb: allow dots in username
  * safe_fork: unblock most signals before waiting for child
  * safe_fork: use a cleanup function to restore signal mask in parent
  * seccomp_restrict_sxid: return ENOSYS for openat2()
  * cg_unified_cached: return ENOMEDIUM if we cannot find a known hierarchy
  * libudev: add "Libs.private: -lrt -pthread" to libudev.pc
  * shared: avoid x86_64-specific size assertion on x32
  * basic: add a size check to format timex members properly
  * random-util: use ssize_t for getrandom return value
  * test-watchdog: mark as unsafe
  * test-watchdog: use watchdog_runtime_wait() to determine sleep interval
  * test-watchdog: set timeout to 2 seconds by default
  * Add test support for  systemd-tmpfiles.standalone
  * meson: add 'nss' install_tag to nss modules
  * meson: add 'devel' install_tag to libsystemd.pc and libudev.pc
  * meson: add 'pam' install_tag to pam modules
  * meson: adjust rootlibdir default for multiarch
  * bootctl: avoid using __WORDSIZE macro
  * storagetm: ensure we pass dev_t* to sd_device_get_devnum
  * user-util: fix fgetxxent_sane on musl
  * posix_spawn_wrapper: do not set POSIX_SPAWN_SETSIGDEF flag
  * test-kernel-install: respect TMPDIR in expected output

  [ Abílio Costa ]
  * hwdb: add ProtoArc EM01 NL mouse configuration

  [ Fco. Javier F. Serrador ]
  * po: Translated using Weblate (Spanish)
  * po: Translated using Weblate (Spanish)

  [ João Rodrigues ]
  * Symlink for the /dev/ptp0 in vmware (#39917)

  [ lumingzh ]
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))

  [ Jesse Guo ]
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))

  [ Frantisek Sumsal ]
  * tests: explicitly enable user namespaces for TEST-13-NSPAWN-SMOKE
  * Merge pull request #11252 from evverx/use-asan-wrapper-on-travis-ci
  * test: drop service masking in TEST-01-BASIC
  * test: introduce QEMU_MEM
  * test: bump QEMU memory to 1536M when running under ASan/UBSan
  * test: bump QEMU_SMP to 4 when running under ASan/UBSan
  * test: limit environments for systemd-hwdb-update under ASan
  * meson: bump timeout for test-udev to 180s
  * test: mark plymouth as optional dependency
  * test-barrier: skip the test in virtualized/containerized environments
  * Merge pull request #11637 from yuwata/fix-test-network
  * Merge pull request #11656 from yuwata/test-network-routing-policy-rule-check-kernel
  * test: replace echo with socat
  * Merge pull request #11808 from yuwata/fix-11806
  * test: parallelize tasks in TEST-24-UNIT-TESTS
  * test: try to determine QEMU_SMP dynamically
  * fuzz: add bus-label fuzzer
  * fuzz: add env-file fuzzer
  * fuzz: add hostname-util fuzzer
  * fuzz: add nspawn-settings fuzzer
  * fuzz: add a memleak reproducer for fuzz-nspawn-settings
  * fuzz: add a fuzzer for calendarspec
  * fuzz: add a fuzzer for time utils
  * test: don't overwrite TESTDIR if already set
  * test: avoid double-fsck'ing of the rootfs on Arch
  * test: bump the second partition size to 50MB
  * test: use PBKDF2 instead of Argon2 in cryptsetup...
  * test: unify indentation
  * test: introduce INTERACTIVE_DEBUG
  * test: allow overriding of the KVM detection using TEST_NO_KVM
  * test: improve testsuite configuration documentation
  * bash-completion: use default completion for redirect operators
  * bash-completion: unify indentation
  * journal: LGTM doesn't recognize suppressions in /* */
  * test: don't timeout while waiting for other test units
  * semaphore: merge semaphore scripts to avoid code duplication (#12365)
  * bash-completion: properly autocomplete escaped unit names
  * bash-completion: unify indentation
  * run: check if the specified calendar event is not in the past
  * bash-completion: don't sort syslog priorities
  * bash-completion: process only non-template units for systemctl isolate
  * bash-completion: accept files for --bind/--bind-ro options
  * coccinelle: add explicit statement isomorphisms
  * coccinelle: avoid matching 'errno' as a file descriptor
  * tree-wide: replace explicit NULL checks with their shorter variants
  * tree-wide: drop !! casts to booleans
  * coccinelle: ignore macro transformations in the macros themselves
  * coccinelle: ignore function transformations causing recursion
  * coccinelle: exclude certain paths from the transformations
  * tree-wide: code improvements suggested by Coccinelle
  * coccinelle: exclude JsonVariant* from the IN_SET transformation
  * coccinelle: further restrict certain transformations
  * test: return a non-zero return code when 'nobody' user doesn't exist
  * test: don't preload libasan for systemd-remount-fs.service
  * test: allow SKIP_INITRD override
  * travis: move the Xenial phase to Azure Pipelines
  * Merge pull request #12562 from evverx/timeouts
  * journalctl: return a non-zero EC when --grep returns no matches
  * travis: set the `container` env variable explicitly
  * test: improve handling of ASan under clang
  * docs: add documentation for sanitizers
  * test: correctly fail when system is borked
  * bash-completion: correctly react to an unescaped unit name
  * systemctl: process all units matched by a glob in the cat verb by default
  * Merge pull request #12783 from keszybz/a-few-unrelated-fixes
  * hashmap: avoid using TLS in a destructor
  * sd-resolve: suppress false positive MSan warnings
  * core: move config_parse_* functions to a shared module
  * test: make ASAN/UBSAN_OPTIONS overridable from the outside
  * test: correctly handle installation of newly introduced binaries
  * test: be a little bit more verbose when installing service binaries
  * test: drop || return 1 expression which is incompatible with set -e
  * test: install missing dependencies for CIs
  * Merge pull request #13025 from poettering/tmpfiles-fixo
  * Merge pull request #13077 from poettering/activate-n-fds
  * Merge pull request #12851 from evverx/test-01-basic-asan
  * Merge pull request #13093 from keszybz/two-assert-cc-cleanups
  * test: use `useradd` instead of `adduser`
  * test-execute: skip test_exec_systemcallfilter_system under ASan
  * test: print an error when networkctl returns an unexpected EC
  * Merge pull request #13225 from mrc0mmand/networkd-test-replace-adduser-with-useradd
  * test: allow overriding QEMU_OPTIONS from the outside
  * test: introduce TEST-36-NUMAPOLICY
  * test: replace `tail -f` with journal cursor which should be...
  * test: support MPOL_LOCAL matching in unpatched strace versions
  * test: make sure the strace process is indeed dead
  * test: skip the test on systems without NUMA support
  * test: give strace some time to initialize
  * test: add a simple sanity check for systems without NUMA support
  * Merge pull request #12884 from mrc0mmand/numapolicy-test
  * test: introduce TEST-37-EXECRELOAD
  * test: drop the missed || exit 1 expression
  * Merge pull request #13303 from yuwata/bootctl-segfaults
  * test: store coredumps in journal
  * Merge pull request #13573 from fbuihuu/ask-password-small-fixes
  * test: rename TEST-EXECRELOAD to avoid name conflict
  * Merge pull request #13577 from yuwata/network-fix-ci-failure
  * tree-wide: various code-formatting improvements
  * shared: fix a copy-paste error in ethtool-util
  * test: allow use of nested KVM
  * sd-event: explicitly ignore waitipid()'s return value
  * execute: explicitly ignore fd_wait_for_event()'s return value
  * basic: fix ASSERT_SIDE_EFFECT Coverity report in assert_se()
  * travis: wait for the container to fully boot up
  * tree-wide: yet another batch of coccinelle recommendations
  * systemctl: skip non-existent units in the 'cat' verb
  * systemctl: show 'VENDOR PRESET' column in 'list-unit-files'
  * pkcs11-util: don't mask return value of the first asprintf()
  * test: pin meson to 0.52.1 for fuzzit/fuzzbuzz
  * systemctl: use format-table.[ch] for tables
  * test: unpin meson from v0.52.1
  * test: don't install /etc/securetty
  * test: adapt to the new capsh format
  * test: give systemd chance to actually start the unit
  * lgtm: set TMPDIR to /var/tmp
  * lgtm: use the system version of meson
  * lgtm: drop the TMPDIR/meson workaround
  * test: ignore IAB capabilities in `test-execute`
  * format-table: allow hiding a specific column
  * systemctl: hide the 'glyph' column when --no-legend is requested
  * test: wait a bit after starting the test service
  * Merge pull request #14338 from keszybz/functional-test-rework
  * test: wait a bit after stopping the test service
  * coredumpctl: support --file=PATH
  * test: drop Disk (Size|Free|Floor|Ceiling) fields prior comparing
  * tree-wide: formatting tweaks reported by Coccinelle
  * tree-wide: fix spelling errors
  * test: correctly clean up test artifacts
  * fuzzit: make the submit phase a bit more robust
  * ci: introduce CIFuzz
  * Merge pull request #15626 from poettering/more-specifiers
  * man: fix few spelling errors
  * test: fix potential use-after-free
  * Revert "logs-show: declare [static 2] on all highlight parameters"
  * cifuzz: run only for relevant PRs
  * cifuzz: fuzz the master branch on push
  * hwdb: fix microphone shortcut on HP EliteBook 840 G1
  * shared: fix integer overflow in calendarspec
  * test: unify quotation around image names
  * test: fix public/private image detection and prefer the latter one
  * test: introduce TEST_PARALLELIZE to support running tests in parallel
  * Merge pull request #15842 from evverx/cifuzz
  * meson: add fuzz-tests= option
  * travis: enable fuzzer regression tests under sanitizers
  * meson: pass the optimization level to the fuzzer build
  * tree-wide: codespell fixes
  * test: make the systemd-run calls synchronous
  * test: create public images by default
  * meson: support building fuzzers with meson <0.48.0
  * NEWS: fix several typos
  * test: avoid failing due to unexpected precision
  * travis: check build with various compiler options
  * tree-wide: mark assert()-only variables as unused
  * test: make TEST-02-CRYPTSETUP a bit more robust
  * travis: replace set (+|-)e with travis_terminate
  * journal: drop the assert-only variable completely
  * travis: bump Ubuntu release to Bionic
  * github: rename CIFuzz workflow file to cifuzz.yml
  * github: move the clang/gcc build check to GH Actions
  * ci: add homed/zstd dependencies
  * ci: do the compiler-detection magic in the test script
  * ci: move the build check script to workflows directory
  * ci: tweak the compilation options
  * ci: tweak the dependency installation
  * travis: use a matrix for similar jobs
  * travis: drop stuff moved to GH Actions
  * travis: sort dependencies
  * tree-wide: spellcheck fixes
  * test: bump the timeout for systemd-hwdb-update.service under ASan
  * test: use KILL instead of SIGKILL in TEST-52-HONORFIRSTSHUTDOWN
  * travis: install missing deps for the Coverity run
  * unit-name: fix a potential memory leak
  * test: bump the TEST-47 sleeps once again
  * travis: compile with -O1 with clang
  * tree-wide: fix typos found by codespell
  * core: consolidate alloc & put operations into one statement
  * basic: drop a redundant if statement
  * home: return SYNTHETIC_ERRNO() when appropriate
  * libsystemd: drop a redundant if statement
  * shared: drop a redundant if statement
  * coccinelle: drop the custom isomorphisms
  * coccinelle: fix the equals-null transformation
  * coccinelle: disable flags-set where it doesn't make sense
  * coccinelle: skip the xsprintf transformation on man pages
  * coccinelle: limit the # of expressions in in_set/not_in_set
  * coccinelle: skip strjoin transformation in test_strjoin()
  * tree-wide: coccinelle fixes
  * README.md: update CentOS CI badges
  * coccinelle: correctly resolve our own macros
  * coccinelle: check for invalid errno comparisons
  * coccinelle: introduce drop-braces transformation
  * tree-wide: assorted coccinelle fixes
  * tree-wide: drop if braces around single line expressions as well
  * semaphore: try to use different keyservers
  * semaphore: temporarily explicitly use the US image mirror
  * ci: bump the 'build test' image to Ubuntu Focal
  * ci: build with clang-11 as well
  * ci: add the libfido2 dependency for better coverage
  * Revert "semaphore: temporarily explicitly use the US image mirror"
  * semaphore: temporarily disable the timedated test suite
  * Revert "semaphore: temporarily disable the timedated test suite"
  * test: drop the trailing whitespace from the QEMU version check
  * test: s/MUMA/NUMA/
  * Merge pull request #17998 from mrc0mmand/qemu-drop-trailing-whitespace
  * cryptenroll: drop an unused variable
  * travis: add missing optional build dependencies
  * github: add the missing tpm2 optional dependency
  * ci: move Travis CI unit test jobs to GH Actions
  * test: temporarily skip failing tests on GH Actions
  * ci: drop a forgotten empty line
  * ci: move the Coverity job to GitHub Actions
  * ci: remove remaining Travis CI artifacts
  * ci: drop the `unbuffer` workaround
  * ci: optimize the sanitized build under gcc as well
  * ci: skip test-execute on GH Actions under ASan
  * ci: introduce a watchdog for the sanitized unit test run
  * ci: migrate to Semaphore CI 2.0
  * ci: bump the Semaphore CI badge to the v2 instance
  * ci: change the Semaphore CI badge branch to 'main'
  * ci: make the script names a bit more consistent
  * ci: drop an unnecessary sudo
  * ci: use the recommended meson syntax
  * Merge pull request #18374 from mrc0mmand/assorted-ci-tweaks
  * ci: enable Packit integration
  * ci: build the Fedora RPMs with -Werror
  * ci: build with -Werror on Fedora
  * ci: run build test with clang-12 as well
  * test: clean the module build dir before compiling it
  * test: add a custom SELinux file context
  * tree-wide: fix the string concatenation warning with clang-12
  * Merge pull request #18478 from mrc0mmand/fix-TEST-06
  * ci: temporarily pin Arch repositories to glibc 2.32-5
  * ci: build on Fedora ELN as well
  * test: count call instructions as well
  * Revert "ci: build on Fedora ELN as well"
  * ci: enable DNS over TLS using OpenSSL in the build test
  * Translated using Weblate (Slovak)
  * Translated using Weblate (Serbian)
  * Revert "ci: temporarily pin Arch repositories to glibc 2.32-5"
  * ci: build an upstream version of systemd-nspawn
  * Merge pull request #18885 from yuwata/udev-fix-import-program-rhbz-1935062
  * test: disable at_exit LSan check for dbus.service
  * test: tidy up the ASan-related stuff
  * test: fix TEST-50-DISSECT under sanitizers
  * ci: correctly drop patches with non four digit indexes
  * ci: revert back to --werror instead of -Dc_args=-Werror
  * test: fix the last subtest of TEST-50-DISSECT under sanitizers
  * test: disable nss-systemd for TEST-22 under ASan
  * test: fix permissions of the ASan udev workaround
  * coredump: omit coredump info when -q is used with the `debug` verb
  * repart: fix the loop dev support check
  * Revert "sd-event: re-check new epoll events when a child event is queued"
  * tree-wide: coccinelle fixes
  * coccinelle: filter out a couple of 'false-positive' transformations
  * fuzzer: add a test case for #19178
  * test: check if the unit file fuzzer corpora is up to date
  * packit: drop the 'sources' file after cloning the Fedora repo
  * test: use set -eux and set -o pipefail everywhere
  * test: use quotes where necessary
  * test: tidy up arithmetic expressions
  * test: use an explicit no-op for file truncation
  * test: replace the obsolete `` syntax with $()
  * test: use arrays to make things a bit cleaner
  * test: bunch of assorted tweaks to make shellcheck happy
  * test: shell code cleanup
  * test: use set -o pipefail
  * test: avoid using pipes in certain cases
  * test: use arrays when applicable
  * test: rewrite kernel module handling
  * test: make the test entrypoint scripts shellcheck-compliant
  * src: shellcheck-ify shell scripts
  * tools: shellcheck-ify most of the tool scripts
  * test: configure swap for TEST-55-OOMD
  * Merge pull request #19383 from keszybz/test58-fixes
  * test: "detect" the test number automagically
  * test: add a couple of hooks for the check_result_*() functions
  * test: reorganize the TEST-52 a bit
  * systemctl: hide some empty properties without --all
  * test: don't mask "supporting" services in TEST-01-BASIC
  * test: explicitly pull resolved/networkd in TEST-01-BASIC
  * test: fix a yet another pipefail + pipe race
  * ci: cover standalone/static binaries in build test
  * upstream-ci: fix test_no_failed() check
  * test: fix partition check in TEST-58-REPART
  * ci: build with gcc-11 as well
  * test: reintroduce m4 dependency for TEST-06-SELINUX
  * Merge pull request #19661 from keszybz/restore-liquid-compatibility
  * ci: work around #19442 to make CI happy again
  * ci: show image summary
  * ci: skip root tty login
  * test: correctly configure the NUMA node memory pool
  * test: add a testcase for issue #19895
  * test: drop the mawk-incompatible expression
  * test: wait until the unit leaves the 'inactive' state as well
  * Revert "ci: work around #19442 to make CI happy again"
  * test: ignore the "freezing" & "thawing" intermediate states
  * test: correctly mask supporting services in tests
  * Merge pull request #19969 from bluca/test_02_qemu
  * test: correctly mask supporting services in tests, take #2
  * test: unify handling of boolean values
  * test: bump the test timeout to give ldconfig.service enough time to finish
  * test: strip binaries by default
  * test: make the strace check a bit more clever
  * Merge pull request #20185 from mrc0mmand/ci-tweaks
  * tree-wide: coccinelle fixes
  * test: don't explicitly disable SELinux
  * test: add a sanity test for systemd/systemd#19976
  * ci: add ppc64le Rawhide chroot to the Packit chroot set
  * test: make sure we don't access an unbound variable
  * meson: add a missing versiondep to libcryptsetup-plugins target
  * ci: bump meson version in LGTM
  * meson: add the versiondep to the static lib deplist as well
  * test: correctly detect ASan on s390x
  * test: attempt to install only kernel modules for each subsystem
  * test: yet another fix for ASan detection
  * test: make busybox TEST-13-only dependency
  * test: skip a harmless ldd error when installing test libs
  * test: use a correct kernel binary on ppc64le machines
  * test: make sure test timeout has a higher priority than a pass
  * cryptsetup: drop an unused variable
  * test: udev storage tests
  * test: rename `dracut_install` to `image_install`
  * test: use one call to install necessary modules
  * test: add a multipath helper
  * test: add a basic multipath test + failover
  * test: make sure all symlinks under /dev/disk/ are valid
  * test: coverage for #19946
  * ci: build with clang-13
  * test: specify the rootfs by label
  * test: install dmevent service and socket
  * test: add an LVM helper
  * test: handle arbitrary paths in helper_check_device_symlinks()
  * test: make helper_check_device_symlinks() less verbose
  * test: check if all paths passed to helper_check_device_symlinks() are valid
  * tree-wide: mark set-but-not-used variables as unused to make LLVM happy
  * repart: mark an assert()-only variable as unused
  * test: basic LVM tests
  * Merge pull request #20769 from weblate/weblate-systemd-master
  * ci: temporarily set -Wno-deprecated-declarations in Packit
  * test: unify handling of supported "features"
  * test: lower the number of iterations in LVM tests
  * test: add a btrfs helper
  * test: tidy up the feature handling
  * test: cleanup the intermediate disk images
  * test: use subshells a bit more
  * test: check symlinks under /dev/mapper by default as well
  * test: btrfs-related udev tests
  * test: fix error handling with `set -e`
  * test: regenerate module dependencies after installing all modules
  * test: dump the test output to console as well for easier debugging
  * unit: install the systemd-bless-boot.service only if we have gnu-efi
  * core: fix the return type for xxx_running_timeout() functions
  * test: sort the features alphabetically
  * test: add an iSCSI helper
  * test: explicitly report if we fail to install a file into the image
  * test: save journals of only failing test cases in TEST-64
  * test: iSCSI-related udev tests
  * udev: sort the options alphabetically
  * basic: introduce test_strv_split_and_extend()
  * udev: teach udevadm --property=NAME and --value options
  * ci: shellcheck-ify CI scripts
  * test: drop an unused file
  * test: shellcheck-ify test scripts
  * tools: shellcheck-ify tool scripts
  * ci: introduce Super-Linter for shell scripts
  * test: use a less restrictive portable profile when running w/ sanitizers
  * Merge pull request #20924 from weblate/weblate-systemd-master
  * test: test udev with a _very_ long device name
  * tree-wide: assorted Coccinelle fixes
  * ci: use the system llvm-11 package on Focal
  * test: collect coverage in a couple more codepaths
  * test: don't install test-network-generator-conversion.sh w/o networkd
  * test: wait a bit for the given PID to die if it's still alive
  * test: loosen certain sandbox restrictions when collecting coverage
  * test: loosen sandbox restrictions for integration tests as well
  * test: collect the coverage _before_ unmounting the rootfs
  * test: make the coverage check safer for non-compiled builds
  * test: disable ProtectHome= when collecting coverage as well
  * README: fix CentOS CI badge
  * test: rename the global service override file for coverage runs
  * test: tweak TriggerLimitIntervalSec= when built with coverage
  * test: merge coverage reports from previous test runs
  * test: add a missing `udevadm settle` to the multipath test case
  * test: support the new lvm udev autoactivation
  * test: support both lvm vgroup activation methods
  * Merge pull request #21207 from mrc0mmand/test-tweak-lvm-installation
  * test: wait until `lvm-activate-$vgroup.service` finishes
  * Revert "CI: run GCC unit test job on push to main"
  * ci: fix indentation
  * ci: cancel previous jobs on ref update
  * ci: take CIFuzz's matrix into consideration
  * Merge pull request #21316 from evverx/pin-labeler
  * ci: run the unit_tests and mkosi jobs on stable branches as well
  * Merge pull request #21342 from evverx/dependabot-error
  * Merge pull request #21406 from yuwata/test-network-debug-udev
  * test: make the diff regex BRE-compatible
  * test: fix a couple of "new" shellcheck-related issues
  * test: suppress certain leaks reported by LSan
  * test: drop the `su` wrapper and use `systemctl` directly
  * Merge pull request #21472 from mrc0mmand/sanitizer_suppressions
  * test: create a dummy LSan suppression file in the minimal image
  * lgtm: detect uninitialized variables using the __cleanup__ attribute
  * lgtm: don't treat the custom note as a list of tags
  * lgtm: enable more (and potentially useful) queries
  * meson: correctly display enabled features
  * meson: support versioned llvm binaries in BPF detection
  * analyze: fix build with -Db_ndebug=true
  * ci: install libbpf
  * ci: consider `cryptolib` in the group identifier
  * lgtm: ignore certain cleanup functions
  * lgtm: detect more possible problematic scenarios
  * tree-wide: check for NULLs in more places
  * core: check for NULL in one more place
  * analyze,resolve: suppress a couple of false-positive alerts
  * ci: add a missing SPDX header
  * ci: sync the list of CodeQL queries with LGTM
  * ci: run the CodeQL action also when its configuration changes
  * ci: pack-ify our custom CodeQL queries and enable them in Actions
  * Merge pull request #21657 from mrc0mmand/codeql-shenanigans
  * github: mention the systemd-devel ML in the new issue tab
  * ci: ignore FIXME alerts in the CodeQL Action
  * Merge pull request #21676 from keszybz/rename-variables-to-make-codeql-happy
  * ci: check for failed services after boot
  * ci: run mkosi in a wrapper
  * Merge pull request #21708 from mrc0mmand/mkosi-ci-improvements
  * test: settle before checking logs
  * test: bump the timeout when collecting test coverage
  * Merge pull request #21791 from mrc0mmand/TEST-64-tweaks
  * man: fix machine-id(5) man page reference
  * network: a couple of tweaks suggested by Coccinelle
  * test: tweak the path trigger limit a bit when collecting coverage
  * test: tweak TriggerLimitIntervalSec= if we're running w/o KVM as well
  * ci: drop build test with -O2, since it's covered by -O3 tests
  * ci: test build with supported cryptolibs to some degree
  * Merge pull request #21915 from evverx/fuzz-bcd
  * ci: bump mkosi to v12 with libsolv workaround
  * test: build fuzzers with --werror if set
  * Merge pull request #21974 from yuwata/test-repart-find-sfdisk
  * test: use full date & time when checking for coredumps
  * test: explicitly configure oomd stuff via dropins
  * packit: switch the remaining jobs to F35
  * github: point to "tags" instead of "releases" in systemd-stable
  * test: don't leak local variable to outer scopes
  * test: temporary workaround for #21819
  * Merge pull request #22282 from yuwata/test-revert-workaronds
  * fstab-generator: use str(n)dupa_safe() instead of plain str(n)dupa()
  * test: make use of strv_isempty()
  * shared: be extra paranoid and check if argc > 0
  * Merge pull request #22302 from evverx/merge-oss-fuzz-corpora
  * basic: update CIFS magic
  * core: check argc/argv uncoditionally
  * test: make the code less error-prone
  * test: use ~/.bashrc instead of /etc/bash.bashrc
  * test: copy portable profiles into the image if they don't exist there
  * Merge pull request #22323 from mrc0mmand/fix-TEST-69-on-C8S
  * network: s/confiured/configured/
  * test: introduce `get_cgroup_hierarchy() helper
  * test: require unified cgroup hierarchy for TEST-56
  * test-network: drop superfluous parens
  * test-network: drop unnecessary semicolons
  * test-network: drop unnecessary else statements
  * test-network: drop unused variables
  * test-network: convert certain multiline strings to comments
  * test-network: explicitly set check=False for subprocess.run()
  * test-network: use raw strings for regexes with backslashes
  * test-network: disable 'no-member' warning for the Utilities class
  * test-network: avoid name clashing/redefinition
  * test-network: use specific exceptions instead of the Exception class
  * test-network: disable irrelevant or one-time pylint checks
  * test: lvm 2.03.15 dropped the static autoactivation
  * test: accept GC'ed units in newer LVM
  * test: document how to manually run Ubuntu CI stuff
  * tree-wide: move `unsigned` to the start of type declaration
  * ci: use the 'slim' version of Super-Linter
  * ci: explicitly disable multi-status for Super-Linter
  * ci: re-enable s390x Packit builds
  * test: set ACLs for the build dir when built with coverage
  * test: check for (possibly) missing test coverage
  * Merge pull request #22505 from mrc0mmand/more-coverage-tweaks
  * test: set `ReadWritePaths=$BUILD_DIR` when running w/ coverage
  * test: set `ReadWritePaths=` only for units from TEST-20
  * packit: drop unnumbered patches as well
  * systemctl: make `--timestamp=` affect the `show` verb as well
  * time-util: introduce TIMESTAMP_UNIX
  * systemctl,man: update docs for `--timestamp=`
  * ci: fix clang-13 installation
  * Merge pull request #22591 from evverx/no-deps
  * test: accept both unpadded and padded partition sizes
  * test: check systemd RPM macros
  * ci: make the concurrency group identifier unique once again
  * core: be a bit more defensive when resolving specifiers
  * core: introduce %R specifier for pretty hostname
  * cgls: mangle user-provided unit names
  * test: document how to run CodeQL/LGTM stuff manually
  * resolve: update the referenced RFC & section for mDNS
  * time-util: support parsing OUTPUT_SHORT and OUTPUT_SHORT_PRECISE timestamps
  * macro: account for negative values in DECIMAL_STR_WIDTH()
  * journal: convert --list-boots to a table
  * test: extend format-table tests with negative numbers
  * journal: reset previously set JSON flags
  * journal: use table_set_json_field_name() to override a column name
  * journal: make --reverse affect --list-boots
  * Merge pull request #22745 from yuwata/test-repart-fixes
  * core: drop an unnecessary initialization
  * core: add %d specifier for the $CREDENTIALS_DIRECTORY
  * test: don't try to execute a non-existing script
  * test: run test-shutdown.py in verbose mode
  * test: use a dropin to override the end.service unit
  * Revert "lgtm: disable cpp/missing-return"
  * lgtm: disable cpp/missing-return (again)
  * Merge pull request #22855 from keszybz/test-68-reload-reload
  * Revert "test: temporary workaround for #21819"
  * test: use flock when calling mkfs.btrfs
  * ci: drop clang 11 & add clang 14
  * test: use the new `udevadm wait` verb to wait for the loop device
  * partition: use `udevadm wait`
  * Merge pull request #22985 from bluca/semaphore
  * Merge pull request #22996 from yuwata/test-sfdisk-lock
  * macro: call __gcov_dump() before _exit() w/ coverage enabled
  * test: ignore missing coverage in TEST-02
  * Merge pull request #23000 from mrc0mmand/coverage__exit
  * meson: explicitly include coverage tweaks when built w/ --coverage
  * test: add MD-related tests to TEST-64
  * test: extend testcase_mdadm_basic() with RAID 5 and 10
  * test: add a test case for MD + LVM + ext4
  * Revert "lgtm: disable cpp/missing-return (again)"
  * test: cleanup after the MD + LVM test case as well
  * test: partition the MD device
  * test: extend the "hashed" unit names coverage a bit
  * core: annotate Reexecute() as NoReply
  * ci: bump GH Actions to Ubuntu Jammy where applicable
  * ci: prefer the distro llvm version if available
  * cryptsetup: fix build with -Db_ndebug=true
  * ci: temporarily disable validation of GH Action files
  * Merge pull request #23475 from nabijaczleweli/certified-lint.1-moment
  * ci: reenable validation of GH Actions files
  * test: cover initrd->sysroot transition in TEST-24
  * test: generate a custom initrd for TEST-24 if $INITRD is unset
  * test: store the key on a separate device
  * test: bump the post-reboot expect() timeout
  * test: fix a couple of pylint warnings
  * Merge pull request #23550 from evverx/fuzz-i386
  * test: add coverage for #23481
  * analyze: use IN_SET() in one more place
  * journal: return & log in one statement
  * coccinelle: don't try to use IN_SET() in assert_cc()
  * seccomp: fix a typo in error message
  * test: set $ASAN_RT_PATH along with $LD_PRELOAD to the ASan runtime DSO
  * test: fix TEST-70 under sanitizers
  * Merge pull request #23643 from mrc0mmand/asan-tweaks
  * test: account for ADDR_NO_RANDOMIZE if it's set
  * Merge pull request #23690 from yuwata/test-sd-device
  * Merge pull request #23584 from yuwata/test-login
  * test-network: override networkctl bin w/ valgrind/sanitizers
  * test-network: make use of f-strings in couple more places
  * test-network: explicitly set encoding when open()ing text files
  * test-network: drop unnecessary `global`
  * Revert "test: fix TEST-70 under sanitizers"
  * test: wrap binaries using systemd DSOs when running w/ ASan
  * test: drop all LD_PRELOAD-related ASan workarounds
  * test: don't wrap binaries built with ASan
  * test: send stdout/stderr of testsuite units to journal & console
  * test: make the busy loop in TEST-02 less verbose
  * test: always wrap useradd/userdel when running w/ ASan
  * test: don't flush debug logs to the console
  * test: fix a couple of issues found by shellcheck
  * test: pass the initdir to check_result_{qemu,nspawn} hooks
  * test: run the custom check hooks before common checks
  * test: check journal directly instead of capturing console output
  * test: make masking of supplementary services configurable
  * test: fuzz our dbus interfaces with dfuzzer
  * test: skip TEST-21-DFUZZER without ASan
  * test: use saved process PID instead of %%
  * test: always force a new image for dfuzzer
  * test: make dfuzzer less verbose
  * test: drop the at_exit() coredump check
  * test: make the shutdown routine a bit more "robust"
  * test: allow overriding $QEMU_MEM when running w/ ASan
  * test: make TEST-21-DFUZZER work in containers
  * test: run TEST-21 in nspawn only if $TEST_PREFER_NSPAWN is set
  * test: drop unnecessary `|| :`
  * test: add a simple test for daemon-reexec
  * test: install /usr/libexec/vi as well
  * test: resize the terminal automagically with INTERACTIVE_DEBUG=yes
  * test: Introduce systemd-resolved test suite
  * Merge pull request #23931 from yuwata/systemctl-color-log
  * test: create an ASan wrapper for `getent` and `su`
  * test: bump the data partition size if we don't strip binaries
  * test: allow multiple handlers for the EXIT signal
  * test: avoid overriding an already existing EXIT handler
  * test: make TEST-64 a bit more ASan friendly
  * test: use PBKDF2 with capped iterations instead of Argon2
  * Merge pull request #23941 from yuwata/test-60-improve-performance
  * Merge pull request #23959 from yuwata/test-network
  * Merge pull request #23969 from yuwata/test-network
  * ci: limit which env variables we pass through `sudo`
  * core: drop a stray %m specifier from a warning message
  * Merge pull request #24073 from yuwata/test-network
  * boot: a couple of tweaks recommended by Coccinelle
  * Merge pull request #24090 from yuwata/test-login
  * test: install libgcc_s.so.1 explicitly if available
  * test: be a bit more verbose about shared library symlinks
  * Merge pull request #24178 from mrc0mmand/libgcc_s
  * test: optionally wait a bit when checking the mount unit
  * test: skip the relevant test case if systemd-measure is not present
  * ci: set a timeout for each mkosi stage
  * Merge pull request #24222 from yuwata/test-network-units
  * ci: simplify the Coverity script a bit
  * ci: lint the Coverity script
  * semaphore: drop the --keyserver= parameter for the download template
  * semaphore: run autopkgtest with sudo
  * Merge pull request #24054 from keszybz/initrd-no-reload
  * test: correctly process multiline strings in $KERNEL_APPEND
  * ci: build with clang-15; drop clang-12
  * sd-journal: drop an unused variable
  * machine: drop an unused variable
  * network: drop an unused variable
  * coredump: drop an unused variable
  * hashmap: use assert_se() to make clang happy
  * test: install /etc/default/knot if available as well
  * test: wait for the lodev to get properly initialized
  * test: make TEST-63 more reliable on slower machines
  * Merge pull request #24442 from yuwata/udev-retry-event
  * test: lower the # of mpath devices to 16
  * test: check for other hypervisors as well
  * test: require KVM only for specific sub-tests
  * test: lower the # of iterations with plain QEMU
  * test: bump the base VM memory to 768M
  * test: temporarily (?) disable TEST-64 in Ubuntu CI
  * Merge pull request #24440 from mrc0mmand/TEST-64-tweaks
  * test: bump the reboot timeout to 60 seconds
  * test: use a unique machine name for each nspawn test
  * test: respect the global $QEMU_TIMEOUT
  * test: set the default QEMU and nspawn timeouts to 30 minutes
  * test: make the virt detection quiet
  * Merge pull request #24463 from mrc0mmand/ubuntu-ci-tweaks
  * test: drop old DS records if present
  * test: fix typo
  * test: fix delv trust anchors location on Ubuntu
  * test: reload knotd after committing all zone changes
  * Merge pull request #24466 from mrc0mmand/TEST-75-tweaks
  * Merge pull request #24515 from yuwata/dissect-timeout
  * test: check for the output file in a loop
  * test: make pylint happy
  * test: forward nspawn logs to journal
  * test: suppress not-found errors for `selinuxenabled`
  * test: actually set SYSTEMD_DISSECT_VERITY_TIMEOUT_SEC=30
  * test: mark knot.conf tmpfiles config as optional
  * test: zone-set requires TTL for the first record in the rrset
  * Merge pull request #24566 from mrc0mmand/TEST-75-fix
  * test: kill plymouthd after initrd transition if it's still running
  * test: don't fail if we don't need any external nss libs
  * test: check the numa-test.service status directly
  * Merge pull request #24351 from poettering/pcr-sign
  * Merge pull request #24593 from jamacku/main
  * test: install jq into all images
  * test: make the resolved notifications check a bit more robust
  * ci: run CodeQL on every PR
  * test: drop forgotten format()
  * test: drop the use of `tempfile.mktemp()`
  * ci: run CodeQL on push to main/stable branches as well
  * ci: drop LGTM stuff and move remaining bits into a new location
  * ci: limit scope for the CodeQL scan
  * ci: rename codeql-analysis.yml to codeql.yml
  * ci: enable a couple more possibly useful CodeQL queries
  * ci: fix a couple of typos
  * oom: include a header file instead of a source file
  * test: don't overwrite existing $QEMU_OPTIONS
  * README: drop the LGTM badge
  * test: support open-iscsi >= 2.1.2
  * test: lower the # of iterations when running with plain QEMU
  * test: ignore tty* devices when checking device units
  * test: make the symlink helpers a bit more quiet
  * test: use fewer partitions/LVs when running with plain QEMU
  * test: fix a copy-paste error
  * test: wrap `ls` and `stat` to make it work w/ sanitizers in specific cases
  * test: bump the `reattach` timeout when running w/ plain QEMU
  * Merge pull request #24865 from yuwata/udevadm-tweaks
  * test: kill the machine on oops/panic/soft_lockup
  * test: wait until the unit finishes before checking the log
  * ci: pin stefanbuck/github-issue-parser to a tagged release
  * test: drop the explicit bus assignment for the pci-bridge
  * test: expand the expression in `cleanup_initdir()`
  * test: introduce a simple environment file for test service
  * test: pre-load ASan's DSO for iscsi-init.service
  * test: configure ldconfig's cache in the minimal verity images
  * test: add coverage for the nvme-subsystem
  * test: disable LSan in the ASan env wrapper
  * test: ignore gcov errors in TEST-34
  * test: drop one layer of escaping
  * test: use SIGKILL to kill the container if necessary
  * test: call sync() before checking the test logs
  * README.md: add a missing line break
  * Merge pull request #25059 from keszybz/fopen-re
  * test: make parse-hwdb compatible with older pyparsing versions
  * test: make pylint happy
  * po: regenerate the translation files
  * docs: update translation strings before new release
  * Merge pull request #25078 from mrc0mmand/update-pot
  * ci: add a missing SPDX line
  * ci: run the Scorecards action in PRs only on config update
  * Merge pull request #25084 from mrc0mmand/scorecard-tweaks
  * Merge pull request #25100 from weblate/weblate-systemd-master
  * udev: fix the errno check if a couple of places
  * test-network: re-enable test_macsec
  * test-network: use raw strings where appropriate
  * test-network: drop a couple of useless f-strings
  * test-network: sort standard imports before "third-party" ones
  * test-network: suppress a couple of minor pylint complaints
  * test: add a couple of sanity tests for journalctl
  * test: add a couple of sanity tests for loginctl
  * test: rename TEST-26-SETENV to TEST-26-SYSTEMCTL
  * test: add a couple of sanity tests for systemctl
  * man: use the correct 'Markers' property name for marking units
  * test: further extend systemctl's sanity coverage
  * test: add a sanity coverage for systemd-analyze verbs
  * test: cover legacy/deprecated systemd-analyze verbs
  * test: cover a couple of previously missed analyze code paths
  * test: introduce sanity coverage for auxiliary utils
  * test: re-enable skipped systemd-firstboot --locale-messages= test
  * mountpoint-util: tmpfs supports uid=/gid= mount options
  * test: add coverage for systemd-mount
  * test: don't ignore non-existent paths in inst_recursive()
  * test: fix locale installation when locale-gen is used
  * test: fix keymaps installation on Arch
  * test: cover some interactive/error paths in firstboot
  * Revert "mountpoint-util: tmpfs supports uid=/gid= mount options"
  * test: replace tmpfs with vfat when testing --owner=
  * semaphore: remove the Semaphore repositories recursively
  * Merge pull request #25279 from mrc0mmand/firstboot-test-fixes
  * test: fix a race in the systemd-mount test
  * test: install realpath into the test images
  * test: adjust systemd-mount's tests based on recent coverage reports
  * meson: add version.h dependency to more components
  * Merge pull request #25280 from keszybz/initrd-with-overlayfs
  * Merge pull request #25327 from keszybz/mkosi-less-work
  * test: give the container time to properly shut down on exception
  * test: a couple of pylint-related tweaks
  * test: check if we can use SHA1 MD for signing before using it
  * Merge pull request #25644 from yuwata/escape-fix-octescape
  * packit: ignore unpackaged files
  * test: wait for the monitoring service to become active
  * packit: drop/replace deprecated directives
  * mkosi: work around a file conflict between systemd and systemd-boot
  * oss-fuzz: include generated corpora in the final zip file
  * import: use CURLINFO_SCHEME instead of CURLINFO_PROTOCOL
  * import: use CURLOPT_PROTOCOLS_STR with libcurl >= 7.85.0
  * test: explicitly create the /etc/init.d directory
  * test: support a non-default SysV directory
  * units: don't install pcrphase-related units without gnu-efi
  * test: bump D-Bus service start timeout if we run without accel
  * test: update Ubuntu CI docs
  * test: bump the client-side timeout in sd-bus as well
  * test: bump the container spawn timeout to 60s
  * Merge pull request #26164 from mrc0mmand/test-bus-timeout
  * sysupdate: fix errno check
  * coccinelle: skip the empty-to-null transformation on the macro itself
  * basic/linux: update linux uapi headers
  * partition: fix build with newer linux/btrfs.h uapi header
  * test: cover IPv6 in the resolved test suite
  * test: add a couple of SRV records to check service resolution
  * test: add a test for the OPENPGPKEY RR
  * test: don't hang indefinitely on no match
  * test: wrap delv & dig when running with sanitizers
  * ukify: don't install ukify man page if ukify is not enabled
  * Merge pull request #26285 from yuwata/test-lvextend
  * journalctl: actually run the static destructors
  * test: avoid matching other fields than __SEQNUM=
  * test: disable pipefail when testing interactive firstboot
  * test: ignore missing coverage in TEST-78
  * test: add coverage for #26467
  * test: add coverage for #26483
  * test: add coverage for #24177
  * sd-journal: fix build with older glibc
  * virt: correctly detect QEMU emulated pSeries guests
  * test: skip the hwdb update related tests w/ sanitizers and w/o accel
  * test: a couple of format-related tweaks
  * systemctl: explicitly cast the constants to uint64_t
  * README: update CentOS CI URLs to the new instance
  * test: add a couple of tests for busctl
  * random-seed: drop extraneous "we"
  * test: add a couple of tests for systemd-escape
  * test: add a couple of tests for systemd-id128
  * test: ignore `busctl tree` fails
  * test: bump the D-Bus related timeouts to 120s
  * test: don't fail if we can't remove the scsi_debug module
  * test: force mkfs.btrfs to overwrite any existing file systems
  * test: fall back to /sys/fs/cgroup/systemd if necessary
  * test: exercise JSON transformations in busctl
  * test: add a couple of tests for systemd-path
  * test: wrap mkfs.*/mksquashfs/mkswap binaries when running w/ ASan
  * coccinelle: respect spacing from the semantic patch
  * coccinelle: add a transformation for GNU conditionals
  * tree-wide: simplify x ? x : y to x ?: y where applicable
  * ci: drop clang-13, add clang-16
  * test: add a couple of tests for systemd-coredump
  * userdbctl: don't show legend when dumping JSON with services
  * man: s/io.systemd.Dropin/io.systemd.DropIn/
  * docs: s/authorized_key/authorized_keys/
  * userdbctl: flush stdout before running the chain command
  * test: don't expand the subshell expression prematurely
  * test: don't touch the /failed marker in the subtest scripts
  * test: drop unnecessary return
  * test: do an initial coverage capture
  * test: add a couple of tests for userdbctl
  * test: filter the merged coverage report instead
  * test: verify the journal with and without a sealing key
  * test: explicitly pull in systemd-userdbd.socket
  * userdb: fix a memory leak
  * userdb: rename the destructor to follow our coding style
  * cryptenroll: fix a memory leak
  * test: don't go through all time zones if slow tests are disabled
  * coverage: add a wrapper for execveat()
  * test: make make_addresses() actually return the addresses
  * test: set ReadWritePaths= for test-.services when built w/ coverage
  * test: shed some light into the whole coverage situation
  * Merge pull request #27087 from mrc0mmand/missing-coverage
  * fstab-generator: don't propagate ignored errno
  * test: add a couple of tests for systemd-modules-load
  * test: introduce TEST-81-GENERATORS
  * test: check if we skip the full setup on daemon-reexec
  * test: enable the systemd-resolved unit in TEST-75
  * test: bump the timeout for non-qemu runs to 90s
  * test: check if we skip the full setup on daemon-reexec (again)
  * test: drop binary stripping stuff
  * test: run the generators with debug log level
  * test: check if x-systemd.automount is ignored for rootfs
  * test: add a couple of test for fstab-related kernel cmdline args
  * test: allow overriding PID1's environment for test purposes
  * test: add a couple of tests for getty-generator
  * test: properly distinguish between generator phases
  * test: add a couple of tests for system-update-generator
  * test: add a couple of tests for run-generator
  * test: check the colored --version output
  * test: stop the test unit when it's not needed anymore
  * docs: a couple of typo fixes & formatting tweaks
  * test: add a test case for table_dup_cell()
  * test: add tests for uuid/uint64 specifiers
  * shared: add a missing include
  * test: add a simple test for secure-bits stuff
  * test: add a couple of basic sanity tests for timedatectl
  * test: add a couple of basic sanity tests for the security verb
  * test: add a simple test for getenv_path_list()
  * test: add a couple of tests with invalid UTF-8 characters
  * test: modernize test-async a bit
  * docs: add a missing $ sign
  * test: prefix the transient unit with test- to make coverage runs happy
  * tree-wide: code spelling fixes
  * README: add a Weblate badge
  * Merge pull request #27261 from keszybz/test-cleanup
  * test: cover missed stuff from securebits-util.h
  * creds: make --pretty behave in a slightly more expected manner
  * test: add a couple of sanity tests for systemd-creds
  * test: tell dfuzzer to skip Reexecute()
  * pstore: explicitly set the base when converting record ID
  * pstore: avoid opening the dmesg.txt file if not requested
  * test: add a couple of tests for systemd-pstore
  * test: match all messages with the FILE field
  * test: make sure the test units have a `test-` prefix
  * test: clean up the test script a bit
  * test: test journalctl with corrupted journals
  * test: add a simple fuzzer for manager serialization
  * core: fix NULL pointer dereference during deserialization
  * shared: ignore invalid valink socket fd when deserializing
  * shared: reject empty attachment path
  * test: further extend our collection of corrupted journals
  * test: slightly extend checks on corrupted journals
  * test: vacuum the journal after the "stress test"
  * test: clean up the test script even further
  * core: use extract_first_word() instead of sscanf()
  * shared: refuse fd == INT_MAX
  * core: check the unit type more thoroughly when deserializing
  * test: add a test case for #27521
  * test: merge unit file related tests into TEST-23-UNIT-FILE
  * test: discard kill's output
  * test: add coverage for #27533
  * test: TEST-70-TPM2 cleanup
  * cryptenroll: fix an assertion with weak passwords
  * test: slightly extend systemd-cryptenroll coverage
  * test: rename TEST-07-ISSUE-1981 to TEST-07-PID1
  * test: merge TEST-08-ISSUE-2730 into TEST-07-PID1
  * test: merge TEST-09-ISSUE-2691 into TEST-07-PID1
  * test: merge TEST-10-ISSUE-2467 with TEST-07-PID1
  * test: merge TEST-11-ISSUE-3166 into TEST-07-PID1
  * test: merge TEST-12-ISSUE-3171 into TEST-07-PID1
  * test: move TEST-23's units into a dedicated subfolder
  * test: merge TEST-47-ISSUE-14566 into TEST-07-PID1
  * test: merge TEST-51-ISSUE-16115 into TEST-07-PID1
  * test: merge TEST-20-MAINPIDGAMES into TEST-07-PID1
  * test: abstract the common test parts into a utility script
  * cryptenroll: actually allow using multiple "special" strings when wiping
  * core: fix memory leak during deserialization
  * test: clean up the nspawn tests a bit
  * machine: fix a memory leak when showing multiple images
  * machine: fix a memory leak when showing multiple machines
  * test: add a couple of tests for machinectl
  * test: always install the script utility
  * test: merge machinectl edit/cat tests into TEST-13
  * machine,portable: fix a typo in an info message
  * vimrc: use 109ch text width for shell scripts as well
  * test: use dropins to override system configuration
  * test: bind mount the $BUILD_DIR into nspawn containers
  * test: create merged-usr containers
  * test: install the overlayfs/loop modules unconditionally
  * nspawn: simplify error handling
  * test: wait after sending a signal if necessary
  * test: slightly extend the systemd-nspawn tests
  * test: rename TEST-13-NSPAWN-SMOKE to TEST-13-NSPAWN
  * test: update nspawn's basic config file used for fuzzing
  * test: pass $BUILD_DIR as $COVERAGE_BUILD_DIR to the system manager
  * test: make $BUILD_DIR writable when rootfs is mounted read-only
  * nspawn: fix a typo in an error message
  * nspawn: file system namespace -> mount namespace
  * nspawn: avoid NULL pointer dereference
  * nspawn: modernize the cleanup functions a bit
  * nspawn: disableOOMKiller should be boolean, not int
  * nspawn: use the just returned errno in the log message
  * nspawn: all hooks should be arrays of objects, not just objects
  * nspawn: call json_dispatch() with a correct pointer
  * nspawn: fix inverted condition
  * nspawn: fix a global-buffer-overflow
  * test: add a couple of tests for nspawn's OCI stuff
  * fuzz: update the base JSON for fuzz-nspawn-oci
  * nspawn: make sure the device type survives when setting device mode
  * Merge pull request #27651 from mrc0mmand/more-nspawn-tests
  * test: merge TEST-14-MACHINE-ID into TEST-74-AUX-UTILS
  * test: merge TEST-27-STDOUTFILE into TEST-23-UNIT-FILE
  * test: merge TEST-33-CLEAN-UNIT into TEST-23-UNIT-FILE
  * test: rename assert.sh to util.sh
  * test: introduce get_cgroup_hierarchy()
  * test: rename TEST-19-DELEGATE to TEST-19-CGROUP
  * test: merge TEST-56-EXIT-TYPE into TEST-19-CGROUP
  * test: merge TEST-28-PERCENTJ-WANTEDBY into TEST-23-UNIT-FILE
  * test: clean up test artifacts
  * test: merge TEST-49-RUNTIME-BIND-PATHS into TEST-23-UNIT-FILE
  * test: merge TEST-48-START-STOP-NO-RELOAD into TEST-23-UNIT-FILE
  * test: make shellcheck happy again
  * test: move runas() to the shared utility library
  * test: mangle the machine ID only for the QEMU test part
  * test: get rid of the busybox stuff
  * test: explicitly use bash
  * nspawn: use ASSERT_PTR() more
  * nspawn: clean up & unify cleanup handlers
  * test: exercise a couple of error paths in nspawn's OCI code as well
  * test: drop "check" from test case names
  * test: add a couple of sanity tests for --port=
  * test: cover --bind-user=
  * test: create nspawn config files when collecting coverage
  * nspawn: correctly parse a list of interfaces
  * test: add a couple of tests for nspawn config files
  * nspawn: make the error message less confusing
  * test: don't mount /sys & /proc if already mounted
  * test: wrap setfacl when running with ASan
  * test: make the stress test slightly less stressful on slower machines
  * test: drop generated stuff from the final coverage report
  * test: build the SELinux test module on the host
  * Merge pull request #27698 from mrc0mmand/test-tweaks
  * journalctl: make --follow work with --merge again
  * test: check if we can use --merge with --follow
  * test: assorted TEST-13-NSPAWN tweaks
  * test: check if we correctly handle invalid UTF-8 in mount stuff
  * tests: run all functions with testcase_ prefix automagically
  * test: check if we correctly handle locales with leading spaces
  * README: drop the CentOS CI SELinux job
  * fuzz: avoid a couple of NULL pointer dereferences
  * sd-event: check the allocation before calling expand_to_usable()
  * shared: correctly propagate possible allocation errors
  * test: avoid memleak when allocation fails
  * test: fix a typo in the cleanup stuff
  * test: abstract the test case logic into a shared function
  * test: prefix "internal" stuff with an underscore
  * test: add a missing session activation
  * test: use run_testcases() in a few more places
  * networkctl: fix a potential memory leak
  * json: correctly handle magic strings when parsing variant strv
  * sd-journal: avoid double-free
  * sd-journal: use TAKE_PTR() a bit more
  * resolve: avoid memory leak from a partially processed RR
  * specifier: avoid leaking memory on allocation error
  * env-file: use free_and_replace()
  * sd-journal: propagate errors from ordered_hashmap_*()
  * tree-wide: check memstream buffer after closing the handle
  * test: split the ASan wrapper into smaller blocks and tidy it up a bit
  * fstab-generator: use correct swap name var
  * journal-remote: bump the refcount right after creating the writer object
  * sd-journal: log about errors from ordered_hashmap_*()
  * sd-network: avoid leaking DHCPLease
  * Revert "test: add test case for systemd-update-utmp vs daemon-reexec"
  * home: move the assert back to the intended place
  * boot: make Event a standard-conforming flexible array
  * meson: use -Werror=strict-flex-arrays
  * ci: add gcc-13, drop gcc-12
  * core,shared: add a couple of asserts
  * journal-remote: use structured initialization
  * sd-network: use structured initialization
  * test: skip the test early if we're built without systemd-homed
  * test: make TEST-04 stable once again
  * test: make the multiple-file test more thorough
  * dbus-util: let's take it down a notch when converting file mode to string
  * socket: avoid memory leak on incomplete SocketPort object
  * test: add a couple of tests for systemd-run
  * Merge pull request #27891 from mrc0mmand/more-tests-again
  * test: clean up our mess after the pstore test
  * test: sync with the fake binary before killing it
  * coverage: add a wrapper for execvpe()
  * test: probe a couple more paths in systemd-run
  * test: ignore missing coverage in TEST-82-SOFTREBOOT
  * test: drop the --recursive=no test
  * Merge pull request #27908 from weblate/weblate-systemd-master
  * test: allow running only specified subtests/testcases
  * test: move TPM2-related setup stuff into test-functions
  * test: fix indentation
  * test: introduce test_require_bin() and use it
  * test: make the root/data partition size configurable per test
  * test: make the data partition larger for the cryptsetup test
  * test: minor cleanup
  * test: clean up the test cleanup a bit
  * cryptsetup: avoid calling strv_find() on a NULL pointer
  * test: use check_result_common()
  * test: make check_result_*() `set -e` friendly
  * test: add a couple more tests for systemd-cryptsetup
  * test: make sure we unmount /var late during shutdown
  * test: add a reasoning why we don't use the SELinux-provided units
  * test: load the SELinux module outside of the VM
  * test: a couple of assorted cleanups
  * man: document OnSuccessJobMode=
  * Merge pull request #27933 from mrc0mmand/selinux
  * test: rebuild the ldconfig cache after changing its configuration
  * test: drop $SKIP_INITRD
  * test: wrap agetty & getfacl when running with sanitizers
  * test: make coverage runs happy again
  * proc-cmdline: parse the whole /proc/cmdline
  * test: merge TEST-61-UNITTESTS-QEMU with TEST-02-UNITTESTS
  * test: copy file xattrs (if any) as well
  * test: make sure ping works for unprivileged users
  * test: re-enable TEST-02 on ppc64le
  * coverage: fix build with g++
  * test: exit on first failing subtest
  * test: split TEST-04 into smaller chunks
  * activate: rename to socket-activate
  * test: set $PATH to something predictable in the ASan wrapper
  * tree-wide: fix a couple of typos
  * audit-util,varlink: use IOVEC_MAKE() in a couple more places
  * udev: use timestamp_is_set() in one more place
  * test: clean up the new test case a bit
  * journal-gatewayd: make MHD_OPTION_EXTERNAL_LOGGER the first option
  * test: add a couple of tests for systemd-journal-gatewayd
  * socket-activate: make a copy of the command name and arguments
  * test: extend the DynamicUser=yes coverage workaround to a couple more services
  * journal-gatewayd: handle SIGTERM
  * test: wrap curl when running with ASan
  * Merge pull request #28078 from keszybz/trivial-syntax-and-wording-fixes
  * test: cover systemd-journal-remote --url=...
  * journal-remote: simplify error handling a bit
  * journal-remote: minor cleanups
  * journal-remote: make MHD_OPTION_EXTERNAL_LOGGER the first option
  * journal-remote: sync TrustedCertificateFile= parsing with journal-upload
  * journal-remote: capitalize all error messages
  * journal-upload: capitalize all error messages
  * sysusers.d: create the user for systemd-journal-upload.service
  * test: add a couple of tests for systemd-journal-{remote,upload}
  * journal-remote: fix typo in an error message
  * test: cover a couple of missed code paths in journalctl/journald
  * test: make sure we get PID1's stack trace on ASan/UBSan errors
  * test: test transactions with cycles
  * tree-wide: use https for the 0pointer.de doc links
  * test: test the /boot endpoint under nspawn as well
  * test: drop timeout when running portablectl
  * test: show the subtest name together with the failing code
  * test: bump the test container size to 64 MiB
  * test: fix test service unit description
  * test: add a couple of tests for nss-myhostname
  * test: add a couple of tests for nss-mymachines
  * test: enable LSan for certain wrapped binaries
  * test: use correct path for systemd-battery-check
  * core: reorder systemd arguments on reexec
  * test: fix test_vxlan with the latest iproute2
  * test: drop an unused assignment
  * virt: drop an unused assignment
  * unit: drop an unused assignment
  * tree-wide: explicitly ignore return value in a couple more places
  * test: wait for the interface to become routable after reconfiguring
  * test: measure subtest runtime
  * test: replace readfp() with read_file()
  * test: append to corrupted journals
  * test: reorder the machinectl signal tests
  * test: actually mount / read-only
  * test: copy out the necessary test data before we start overmounting stuff
  * test: drop spurious whitespaces
  * test: drop redundant 'function' keyword
  * test: fail if we find units/tests in failed state
  * test: unify /testok & /failed handling
  * journal: clean up the FSS handling code a bit
  * test: add a couple of tests for FSS journals
  * packit: temporarily use older Rawhide spec
  * tree-wide: a bunch of Coccinelle-suggested tweaks
  * test-network: correctly support running systemd-udevd from the build dir
  * ci: drop super-linter's shellcheck
  * test-network: check for captive portals received via NDISC
  * Revert "packit: temporarily use older Rawhide spec"
  * test-network: validate JSON where applicable
  * test-network: probe a couple of uncovered networkctl codepaths
  * network: fix fetching link properties
  * test: check if we correctly propagate /run mounts during switch root
  * shell-completion: include units in 'verify' completions
  * network: don't log non-negative errno
  * ci: explicitly install python3-lldb-$COMPILER_VERSION
  * core: free the strings in the set as well during unit cleanup
  * analyze: fix pcrs verb output without TPM support
  * tmpfiles.d: adjust /dev/vfio/vfio access mode
  * resolvectl: initialize the server state
  * varlink: allocate the buffer for varlink FDs on the heap
  * test: ignore missing libudev when creating the test image
  * ukify: don't panic when prepending to an undefined list
  * tools: pylint analyze-dump-sort.py
  * tools: pylint catalog-report.py
  * tools: pylint check-includes.py
  * tools: pylint dbus_exporter.py
  * tools: pylint generate-gperfs.py
  * tools: pylint make-autosuspend-rules.py
  * tools: pylint make-directive-index.py
  * tools: pylint make-man-index.py
  * tools: pylint update-dbus-docs.py
  * tools: pylint update-man-rules.py
  * tools: pylint xml_helper.py
  * tools: pylint list-discoverable-partitions.py
  * tools: pylint gdb-sd_dump_hashmaps.py
  * tools: pylint dump-auxv.py
  * tools: pylint analyze-dump-sort.py
  * tools: pylint meson-render-jinja2.py
  * Add .pylintrc to globally suppress warnings we don't really care about
  * test: save the console log to a file
  * test: correctly propagate return code from check_result hooks
  * test: introduce TEST-08-INITRD
  * test: drop unnecessary log level setup
  * test: add coverage for #27953
  * test: explicitly specify a UTF-8 locale for UTF-8 shenanigans
  * Merge pull request #28911 from weblate/weblate-systemd-master
  * sysext: fix a memory leak
  * test: use the correct file name when restoring the original fstab
  * test: fix debugging of nspawn tests
  * shell-completions: code cleanup
  * shell-completions: add missing systemctl verbs/options
  * network: make the build happy on i*86 again
  * test: bump the trigger limit interval when running w/o KVM
  * test: set ncat's idle timeout as well
  * test: create the "global" dropins in /run
  * ci: temporarily disable Packit's i386
  * Revert "mkosi: pin CentOS9 kernel to working version"
  * core: redirect LSan's report to /dev/console during manager exit
  * Revert "ci: temporarily disable Packit's i386"
  * core: limit the LSan shenanigans to PID 1
  * vimrc: explicitly set shiftwidth for the C file type
  * test: don't panic on soft lockups
  * test: wait for the swtpm socket to appear
  * test: enable debug logs for the user instances as well
  * test: introduce TEST-09-REBOOT
  * test: check soft-reboot behavior wrt argv[0][0] == '@'
  * test: use "test-" prefix for units
  * test: use /run/ for test configuration
  * test: shutdown the machine on fail after soft-reboot
  * test: use Type=exec for the auxiliary services
  * test: don't pipe the whole journal through jq
  * Merge pull request #29378 from mrc0mmand/more-test-tweaks
  * test: use --service-type= instead of -p Type=
  * test: spawn the to-be-killed-on-soft-reboot units with --collect
  * test: make the DDI tests work with older openssl
  * test: add a couple of tests for varlinkctl
  * test: add a fuzzer for the varlink IDL stuff
  * varlink: don't panic on malformed method definition
  * varlink: use int for log level
  * varlink: drop dead code
  * test: update Ubuntu CI instructions
  * docs: update fuzzers docs
  * core: don't downgrade multi-state settings to boolean
  * test: don't restart journal-upload on an expected fail
  * test: use Type=exec for the test unit
  * test: add a fuzzer for exec_{serialize,deserialize}_invocation()
  * core: don't assert when serializing malformed state
  * fuzz: unify logging setup
  * test: add a real-world state to the corpus
  * test: add coverage for #29610
  * core: properly cleanup ExecParameter's prefix array
  * test: unify checking for user xattrs support in cgroupfs
  * test: skip Protect{Home,System}= tests with coverage builds
  * test: introduce $TEST_SKIP_SHUTDOWN
  * test: shorten service stop/abort timeouts for TEST-69-SHUTDOWN
  * Merge pull request #29687 from yuwata/network-state-file-sync
  * coccinelle: don't run iovec-make on iovec_done{,_erase}
  * core,journal: drop unnecessary !! casts
  * network: ENOTSUP → EOPNOTSUPP
  * network: use timestamp_is_set() in one more place
  * udev: strdupa() → strdupa_safe()
  * test: split TEST-70-TPM2 into subtests
  * test: make the TPM event log checking a bit more robust
  * test: add a couple more tests for systemd-pcrextend
  * tpm2-setup: terminate the option array
  * tpm2-setup: drop the COMMAND placeholder from the help
  * test: slightly extend systemd-tpm2-setup's coverage
  * random-seed: terminate the option array
  * Merge pull request #29718 from yuwata/networkd-update-state-file-after-dhcp6-information-request
  * core: actually set the CPU scheduling policy when deserializing it
  * core: don't insert an extra space before each SocketBind{Allow,Deny}= item
  * test: cover more sd-executor related stuff
  * tmpfiles: ignore EINVAL with --graceful
  * test: add one missing cleanup
  * test-network: copy rules from source & build trees if needed
  * core: check if we got a valid personality during deserialization
  * test: skip SocketBind*= tests when built without a bpf framework
  * test: exercise more systemd-executor related stuff
  * core: fix a couple of typos
  * NEWS: fix a couple of typos and inconsistencies
  * fuzz: limit the size of the input
  * test: check that `resolvectl monitor --json` generates valid JSON
  * varlink: limit the maximum nesting depth
  * nspawn: allow disabling os-release check
  * bsod: restore vt on SIGTERM/SIGINT
  * Revert "test: don't panic on soft lockups"
  * test: add a couple of tests for systemd-bsod
  * fuzz: limit the interface definition input size to 64K
  * test: wait for the nvme device to appear
  * udevadm: make sure we don't reset max children on each invocation
  * udevadm: actually set the log level
  * test: make the test happy with coverage builds
  * test: add test case for issue #29863
  * network-generator: correctly handle IPv6 DNS servers in ip=
  * network-generator: allow specifying MAC address without MTU
  * test: add a couple of tests for systemd-network-generator
  * test: wait for the "latest" systemd-bsod message
  * coredumpctl: propagate SIGTERM to the debugger process
  * test: "prettify" the test a bit
  * timesync: fix PropertiesChanges signals for NTP properties
  * test: retry the property check a couple of times
  * test: drop some unnecessary quotes
  * busctl: send READY=1 when we become a monitor
  * test: use Type=notify together with `busctl monitor`
  * test: add one missing assertion
  * journal: recalculate line_max when stdout stream state changes
  * test: drop the workaround for unexpected newlines
  * test: don't pre-process $KERNEL_APPEND
  * fuzz: pass -Dc_args=/-Dcpp_args= to fuzzer targets
  * test: skip --tpm2-device-key= tests with older OpenSSL
  * tree-wide: unify OpenSSL spelling in log messages
  * test: switch SELinux to permissive in the config file
  * test: make TEST-06-SELINUX work with the refpolicy and beef it up a bit
  * fuzz: don't panic without a C++ compiler
  * sd-journal: don't treat invalid match as a programming error
  * mount: don't call sd_device_get_property_value() with a NULL pointer
  * sd-bus: don't treat invalid user/machine as a programming error
  * test: update Ubuntu CI instructions
  * Merge pull request #30040 from yuwata/assert-return-fixes
  * sd-journal: don't assert on invalid field
  * login: mark the Display property as "emits change"
  * login: mark the TTY property as "emits change"
  * test: make the LOOKS_LIKE_* variables proper booleans
  * test: support NO_BUILD=yes on Fedora
  * test: move a couple of binaries to the BASICTOOLS array
  * test: don't use ddebug() before it's defined
  * packit: run tests on Fedora Rawhide via Testing Farm
  * bsod: install the signal handler only just before we need it
  * test: clean up the save_journal() stuff a bit
  * test: don't make the final vacuum multiple of 8M
  * test: add a couple of tests for RestrictFileSystems=
  * test: don't redirect stdout/stderr to console
  * test: remove the reboot counter just before spawning container/VM
  * import: append % to X_IMPORT_PROGRESS=
  * systemctl: include unit ID in the property map
  * test: drop invalid LogTarget= assignment
  * test: drop 'noearly' from crypttab
  * test: ignore gcov errors with RestrictFileSystems=
  * test: reenable TEST-25-IMPORT in Ubuntu CI
  * test: check if 'btrfs filesystem' supports 'mkswapfile'
  * test: skip TEST-36 on s390x and powerpc
  * test: reenable TEST-30 on i*86
  * Revert "sysusers.d: create the user for systemd-journal-upload.service"
  * test: set correct group for systemd-journal-upload tests
  * test: load the io controller before checking if io.latency exists
  * loginctl: show a nicer error message when no session/seat is available
  * journalctl: don't skip over messages not matching the cursor
  * packit: don't take ownership of /etc/ssh/sshd_config.d/
  * shared: highlight directives when dumping configs
  * analyze: dump system config files with highlighted sections/directives
  * install: don't translate unit instances to paths when reenabling them
  * test: reset systemd-udevd.service restart counter
  * test: backup /etc/udev/udev.conf only if it exists
  * network: add a missing space
  * network: show the reason why NFT operation failed
  * network: actually show the unexpected flags
  * test: temporarily disable test_sysctl
  * test: temporarily skip checking NFT sets in test_address_static
  * test: "never" is not a valid value for Restart=
  * test: mask the mdmonitor.service
  * test: install all necessary units & generators for LVM on Debian
  * test: forward journal messages to console during sd-bsod tests
  * test: update comment style & drop one extraneous newline
  * test: install empty directories with NO_BUILD=1
  * test: don't check for -Dinstall-tests=true with NO_BUILD=1
  * test: tell delv to load anchors from /etc/bind.keys explicitly
  * test: skip TEST-08-INITRD if systemd didn't run in the initrd
  * Revert "test: disable TEST-08-INITRD on ubuntu CI"
  * Merge pull request #30508 from topimiettinen/fix-flaky-test-address-static
  * journalctl: also refuse --cursor-file= with --since=
  * man: avoid potential shell expansion in systemctl's example
  * analyze: use strempty()
  * pcrlock: use empty_or_dash() more
  * test: add missing operators
  * Revert "mkosi: pin CentOS8 kernel to working version"
  * test: reset systemd-resolved.service's restart counter
  * test: trigger /boot mount if it's an automount
  * ukify: make the test happy with the latest OpenSSL
  * test: make sure the dummy CA certificate is marked as such
  * test: don't truncate the final journal
  * test: redirect stdout/stderr of TEST-04-JOURNAL to console as well
  * test: make the test actually test
  * test: slightly extend uid0's coverage
  * test: make the variable names slightly more descriptive
  * test: flush the socket once the triggered unit exits
  * busctl: avoid asserting on NULL message
  * resolve: don't add sockets to the graveyard on shutdown
  * coccinelle: rework how we run the Coccinelle transformations
  * coccinelle: fix the log-json rule
  * coccinelle: properly drop braces around single-statement if()s
  * tree-wide: drop !! casts to booleans
  * tree-wide: shorten a couple of ternary expressions
  * network: ENOTSUP -> EOPNOTSUPP
  * killall: fix errno check
  * test: use ERRNO_IS_NEG_NOT_SUPPORTED() in one more place
  * test: use FLAGS_SET() in one more place
  * tree-wide: use IOVEC_MAKE() in a couple more places
  * nspawn: log & return in a single statement
  * tree-wide: use strndupa_safe() in a couple more cases
  * network: use timestamp_is_set() in one more place
  * sd-bus: drop unnecessary braces
  * modules-load: simplify OOM check
  * systemctl: use SYNTHETIC_ERRNO()
  * coccinelle: explicitly undefine SD_BOOT
  * coccinelle: search the system include path for header files as well
  * coccinelle: help Coccinelle with some more complex macros
  * coccinelle: dial back warnings about performance
  * tree-wide: use IN_SET() more
  * test: use IN_SET()/ERRNO_IS_NEG_*() more
  * test: use set_isempty() in one more place
  * test: use timestamp_is_set()
  * bootctl: add a missing space
  * tpm2-util: declare the cleanup attribute first
  * test: wrap adding a suppression in a method
  * test: avoid starting/stopping unwanted units during fuzzing
  * test: show journal entries matching the test's syslog identifier as well
  * ci: migrate labeler configuration to the new format
  * ci: use a boolean value for the boolean field
  * ci: allow testing changes made to labeler configuration
  * coccinelle: drop a couple of FIXMEs
  * coccinelle: add a rule for in_addr_hash_func()
  * test: rewrite test-exec-deserialization.py
  * test: install correct kpartx udev rules on Debian
  * test: temporarily adjust the default mount rate limit
  * update-man-rules: skip over standard-conf.xml
  * test: install correct kpartx udev rules on Ubuntu
  * test: allow sanitized binaries to dump a core
  * resolve: initialize `r` during OOM
  * shared: initialize a couple of values explicitly
  * ci: build with -O2 and -Wmaybe-uninitialized
  * Merge pull request #30772 from yuwata/test-network-improvements
  * journalctl: implement --list-namespaces
  * shell-completion: fix mixed indent
  * shell-completion: provide completion for journalctl --namespace=
  * core: escape spaces in paths during serialization
  * Merge pull request #30801 from yuwata/test-network-cleanups
  * test: reinitialize arg_transport before parsing arguments
  * repart: don't crash when looping over dropped partitions
  * test: sync the "foobaz" namespace as well
  * test: zone-check with --force to fail on warnings
  * test: merge config sections
  * test: check how systemd-resolved deals with zone transfers
  * resolve: export sendmsg_loop()
  * test: introduce a dummy DNS test server
  * test: fix dbus installation on Arch
  * shell-completion: add new systemd-id128 options
  * test: use correct type for the root partition
  * test: use systemd-id128 from the build dir
  * network: fix 6rd tunnel link section name
  * test: cover a couple of error scenarios
  * ci: install python3-pytest for ukify tests
  * ukify: use datetime.timezone.utc instead of datetime.UTC
  * Reorder arguments for calloc()-like functions, part #2
  * meson: disable -Wnonnull-compare
  * macro: terminate the temporary VA_ARGS_FOREACH() array with a sentinel
  * journalctl: consider shut down namespaced sd-journald instance synced
  * core: raise the log priority if sd-executor is missing
  * meson: correctly handle "no" value for sshd?confdir options
  * man: suffix signals with ()
  * packit: use the closest matching tag for the checked out revision
  * test: use the default nsec3-iterations value
  * test: set -ex separately
  * test: fix the container ID check
  * packit: add a libarchive runtime dependency too
  * test: clean up the code a bit
  * test: use lstat() instead of stat(follow_symlinks=False)
  * test: explicitly set nsec3-iterations to 0
  * meson: don't install broken tmpfiles config with sshd?confdir == 'no'
  * test: use a dropin for the journald snippet
  * vpick: make a working copy of the current dname
  * vpick: use prefix_roota() to avoid double slash in log messages
  * test: wait until the test binary starts the test aux scope
  * test_ukify: use raw string for the regex
  * README: bump the gcc baseline to 8.4
  * process-util: use only the least significant byte from personality()
  * process-util: unify the hex value format a bit
  * Merge pull request #31230 from mrc0mmand/test-seccomp
  * semaphore: temporarily pin autopkgtest to v5.32
  * packit: temporarily build systemd without BPF stuff
  * test: adjust test-path to fail gracefully with the new pidfd_spawn stuff
  * test: make the MemoryHigh= limit a bit more generous with sanitizers
  * test: clean up the code a bit
  * Revert "packit: temporarily build systemd without BPF stuff"
  * Merge pull request #31149 from YHNdnzj/restart-force-oneshot
  * Merge pull request #31271 from fbuihuu/test-69-debugging-improvements
  * core: escape spaces when serializing as well
  * d/t/storage: ignore credential mounts when checking /proc/mounts
  * test: add test cases for journal corruption on btrfs
  * test: properly preserve journal from sd-bsod tests
  * test: use btrfs by default on Arch as well
  * test: always try to install the ext4 module
  * test: make TEST-08-INITRD slightly less annoying to debug
  * test: use btrfs' mkswapfile on btrfs
  * test: don't abbreviate log messages when dumping the test journal
  * test: "modernize" TEST-55-OOMD's init
  * test: make testcase_owneridmap() compatible with coverage runs
  * Revert "test: use btrfs by default on Arch as well"
  * test: temporarily enable session lingering for the test user
  * Merge pull request #31386 from mrc0mmand/test-tweaks
  * test: support TEST_MATCH_* stuff in TEST-23-UNIT-FILE as well
  * test: fix mixed indent
  * test: verify our own units (where applicable)
  * homectl: make sure we sent the full 8 bytes as flags
  * test: temporarily enable session lingering for the test user #2
  * test: use socat in unidirectional mode
  * Merge pull request #31444 from bluca/semaphore
  * test: shell & cleanup cleanup
  * test: use ECDSA keys for ssh-related tests
  * test: avoid SIGPIPE from ssh | tail -n 1
  * test: create sshd's runtime directory (Debian variant)
  * test: explicitly set TERM=linux for TEST-69-SHUTDOWN
  * po: update translation strings
  * docs: update translation-related instructions
  * Merge pull request #31619 from weblate/weblate-systemd-main
  * mkosi: fix UKI addons test
  * Revert "mkosi: Disable cmdline addon test for now"
  * Revert "mkosi: Don't fail on systemd-vconsole-setup.service failure for now"
  * mkosi: make shellcheck happy
  * test: bump the timeout for test-execute subtests if running w/ QEMU
  * test: use 'ahost' instead of 'hosts' where applicable
  * Merge pull request #31642 from weblate/weblate-systemd-main
  * ci: make the build dir accessible when running w/o privileges
  * ci: explicitly change oom-{score}-adj before running tests
  * Merge pull request #31692 from bluca/semaphore_autopkgtest_fixes
  * ci: reduce ASLR entropy
  * test: clean up the integration test runner a bit
  * test: split logs from each test into separate files if requested
  * Merge pull request #31867 from jamacku/update-freezer
  * efi: fix mixed indent
  * efi: check if all sections of our EFI binaries are properly aligned
  * ci: build with clang-18
  * test: check for /dev/loop-control when checking lodev availability
  * test: cleanup the test script a bit
  * test: make coverage runs happy with capsule@.service
  * Use IN_SET() more
  * Simplify a couple of conditions
  * sysext: use mfree() in one more place
  * test: use free() instead of mfree()
  * ci: fix commit SHA for stefanbuck/github-issue-parser
  * test: bump the container boot timeout when running w/o acceleration
  * test: check if sd-executor doesn't complain during (de)serializing
  * core: correctly deserialize credentials with empty payload
  * test: don't hide exit code of the systemd-run process
  * log: fix comment
  * test: make test-fd-util more lenient when using fd_move_above_stdio()
  * test: account for build dir being under one of the tmpfs-ed directories
  * base-filesystem: check for __s390x__ first
  * test: improve debug-ability of test-execute
  * tree-wide: make sure net/if.h is included before any linux/ header
  * test: handle NULL correctly when passed to ASSERT_EQ()
  * test: add a couple of sanity tests for ASSERT_*() macros
  * test: forward journal to console in TEST-24-CRYPTSETUP
  * test: let curl show a potential error in silent mode
  * test: give sd-resolved enough time to timeout
  * test: set pexpect's logfile early
  * test: disable background color for nspawn containers
  * test: wait until the test container is fully booted up
  * Merge pull request #32201 from aafeijoo-suse/test-minor-fixes
  * test: make the output of TEST-69 less painful to read
  * test: make sd-journal-gatewayd tests even more debug-able
  * Merge pull request #32228 from mrc0mmand/more-test-tweaks
  * test: add instructions on how to run Coverity locally
  * docs: don't suffix page permalink with a slash
  * man: slightly reword LogFilterPatterns= description
  * test: split TEST-50-DISSECT into smaller parts
  * test: split some overly long lines
  * test: simplify unit check
  * test: rework systemd-sysext test
  * Revert "docs: don't suffix page permalink with a slash"
  * docs: use absolute links for our pages
  * labeler: merge "logind" label into "login"
  * ci: fix systemd-machined component name
  * Merge pull request #32412 from weblate/weblate-systemd-main
  * Merge pull request #32443 from weblate/weblate-systemd-main
  * docs: drop invalid links
  * docs: PrepareForSuspend() is not a valid signal name
  * test: mountnfsd -> mountfsd
  * mountfsd: drop explicit dependencies for systemd-mountwork
  * import: skip the whole subdir when building with -Dimportd=false
  * Merge pull request #32556 from YHNdnzj/development-freeze
  * test: exclude gperf files from captured coverage
  * ci: explicitly disable multi status for Super-Linter
  * ci: point Super-Linter to the new upstream
  * Merge pull request #32609 from systemd/dependabot/github_actions/github/super-linter-6
  * test: replace Europe/Kiev with Europe/Kyiv
  * test: make TEST-65-ANALYZE happy when built with gcov
  * test: add a brief comment for the chattr check
  * test: dump a simple summary at the end of TEST-02-UNITTEST
  * test: attempt to install sshd-session from multiple places
  * test: don't use /skipped for subtests
  * po: update translation files
  * po: drop placeholders and re-add SPDX line
  * test: don't install Python scripts from systemd-test RPM
  * test: drop removed SCSI passthrough feature
  * Merge pull request #34742 from yuwata/test-storage
  * test: ignore inconsistent coverage errors
  * udevadm-info: print the original input on error
  * udevadm-info: make the error messages slightly more consistent
  * test: rename TEST-53-ISSUE-16347 to TEST-53-TIMER
  * test: restarting elapsed timer shouldn't trigger the corresponding service
  * test: check the next elapse timer timestamp after deserialization
  * test: store and compare just the property value
  * man: fix a missing word
  * man: fix a missing word
  * test: build the crashing test binary outside of the test
  * test: exclude test-stacktrace(-not)?-symbolized from the coredump check
  * mkosi: install test dependencies for EnterNamespace= test
  * test: temporarily skip the EnterNamespace= test w/o embedded debuginfo
  * test: rename TEST-53-ISSUE-16347 to TEST-53-TIMER
  * test: restarting elapsed timer shouldn't trigger the corresponding service
  * test: check the next elapse timer timestamp after deserialization
  * test: format the min/max timestamps in "systemd" style
  * timer: rebase the next elapse timestamp only if timer didn't already run
  * mkosi: explicitly pull in libz1 on OpenSUSE
  * test: wait for signed.test's zone DS records to get pushed to the parent zone
  * test: let kernel OOM-kill a child process instead of the main one
  * test: properly wait for the forked process
  * man: handle leading/trailing/repeating whitespaces in anchor links
  * Revert "Update systemctl.xml"
  * test: terminate the test containers cleanly on SIGTERM
  * test: wait until the nspawn process is completely dead
  * test: wait for the backgrounded socat job
  * test: sync journal after the test unit finishes
  * test: move the system time to exactly the timer's elapse time
  * test: don't register short-living containers with machined
  * test: ignore EC from the second `systemctl status -a` as well
  * test: wait for a process ID instead of job ID
  * timer: rebase last_trigger timestamp if needed
  * sd-journal: fix a copy-paste error

  [ Jelle van der Waa ]
  * hostnamed: expose FirmwareVendor as dbus property
  * hostnamed: expose FirmwareDate dbus property
  * hostnamed: expose FirmwareDate as timestamp in dbus
  * test: assert that product_serial is preferred over board_serial
  * hostnamed: expose ChassisAssetTag in dbus/varlink
  * hostnamed: prefer using SD_JSON_BUILD_PAIR_STRING
  * network: update argument comments
  * ssh-generator: update argument comments
  * resolve: update argument comments
  * shared: fix typo in read_etc_hostname definition
  * treewide: correct argument comments for sd_notifyf
  * libsystemd-network: fix typo in argument comment
  * network: correct argument comments
  * shared: rename type to fstype
  * shared: fix leftover bool value from flags conversion
  * sd-varlink: sd_varlink_dispatch rename table to dispatch_table
  * core: correct argument comments
  * treewide: correct argument comments for sd_notify
  * shared: use implementation argument naming for dissect_loop_device
  * treewide: correct argument comments for event_reset_time_relative
  * test: correct argument comment expected
  * treewide: correct argument comments for show_boot_entry
  * libsystemd-network: correct argument comment
  * core: prefer American spelling of canceled
  * udev: fix argument comments for test_udev_rule_parse_value_one
  * vmspawn: correct argument comment
  * shared: bootspec: use argument comment name auto_only
  * shared: dissect-image: use argument comment name label
  * test: correct argument comment simplified
  * network: correct argument comment may_keep_dhcp
  * hostname: use argument comment name transient_hostname
  * basic: fix argument naming for vt_release
  * treewide: fix argument comment for getxattr_at_bool
  * ask-password-api: use flags consistently as argument name
  * shared/cred-util: fix argument comment for copy_file_at
  * basic: fix consistency of flags argument for chase and chaseat
  * sd-device: fix argument comment chase_flags
  * tpm2-util: rename tpm2_unseal arguments
  * sd-varlink: fix argument comment
  * tpm2-util: correct argument comments
  * terminal-util: rename openpt_allocate_* ret_peer argument
  * test: correct argument comments
  * discover-image: correct argument comments
  * treewide: correct argument comments
  * core: rename p -> parameters
  * treewide: fix header file definitions
  * pretty-print: correct argument comment
  * dbus-manager: correct argument comment
  * efivars: rename ret -> ret_data
  * journal-sync: rename ss to stream
  * sd-event: rename 's' -> 'ret'
  * sd-bus: rename cookie to ret_cookie
  * sd-login: rename sd_seat_get_active arguments
  * bpf-socket-bind: rename 'u' to 'unit'
  * fuzz: correct argument comment
  * sd-bus: prefix return arguments with 'ret_' for sd_bus_message_peek_type
  * dissect-image: rename 'dest' -> 'where'
  * machine-id-setup: correct argument comments
  * cgroup-util: rename 's' -> 'killed_pids'
  * cgroup-util: rename 'kill_log' -> 'log_kill'
  * pcrlock: correct argument comment
  * creds-util: correct argument comment
  * tpm2-util: rename 'policy' -> 'pcrlock_policy'
  * sd-bus: rename 'add_callback' -> 'install_callback'
  * validatefs: correct argument comments
  * killall: correct argument comment
  * treewide: correct argument name to user_icon / askpw_icon
  * env-util: rename 'n' -> 'length'
  * nspawn: correct argument comments
  * mount-util: correct argument comment
  * sd-journal: rename sd_journal_get_monotonic_usec ret argument
  * sd-varlink: fix argument naming
  * uid-range: correct argument comment
  * io-util: rename 'nfds' -> 'n_fds'
  * shared/install.h: rename 'flags' -> 'file_flags'
  * cgroup-util: rename 'fsfd' -> 'cgroups_fd'
  * generator: rename 'password' -> 'key_file'
  * homectl: rename 'emphasize_current' -> 'emphasize_current_password'
  * sd-varlink: correct argument comment
  * nsresourced: correct argument comments
  * repart: correct argument comment
  * ask-password-api: correct argument comment
  * treewide: correct argument comment to 'ret' where applicable
  * treewide: correct argument comments for sd_netlink_call
  * treewide: correct argument comments for sd_event_add_time
  * homectl: correct argument comments
  * importctl: correct argument comment
  * nsresourcework: correct argument comments for inode_same_at
  * nsresourcework: correct argument comment for userns_registry_*
  * resolved-manager: rename 's' -> 'source'
  * clang-tidy: enable bugprone-argument-comment check
  * varlinkctl: add detailed error message when `--more` is needed
  * logind: cast various calls that return errors we ignore to (void)
  * logind: emit PropertiesChanged when lingering is enabled/disabled
  * shell-completion: zsh: add systemd-analyze architectures completion
  * shell-completion: zsh: add missing completions for systemd-analyze
  * shell-completion: bash: add systemd-analyze image-policy completion
  * shell-completion: zsh: add completion for systemd-analyze inspect-elf
  * sd-json: prefer using SD_JSON_BUILD_PAIR_UNSIGNED
  * userdb: prefer using SD_JSON_BUILD_PAIR_* over SD_JSON_BUILD_PAIR(
  * ssh-generator: prefer using SD_JSON_BUILD_PAIR_STRING
  * elf-util: prefer using SD_JSON_BUILD_PAIR_* macros
  * shared: prefer using SD_JSON_BUILD_PAIR_* over SD_JSON_BUILD_PAIR()
  * home: prefer using SD_JSON_BUILD_PAIR_* over SD_JSON_BUILD_PAIR()
  * resolve: prefer using SD_JSON_BUILD_PAIR_* over SD_JSON_BUILD_PAIR()
  * core: prefer using SD_JSON_BUILD_PAIR_* over SD_JSON_BUILD_PAIR()
  * cryptenroll: prefer using SD_JSON_BUILD_PAIR_* over SD_JSON_BUILD_PAIR()
  * home: prefer using SD_JSON_BUILD_PAIR_* over SD_JSON_BUILD_PAIR()
  * shared: prefer using SD_JSON_BUILD_PAIR_* over SD_JSON_BUILD_PAIR()
  * treewide: prefer using SD_JSON_BUILD_PAIR_* over SD_JSON_BUILD_PAIR()
  * coccinelle: error out when spatch is not installed

  [ Chris Down ]
  * NEWS: Add that CPUAccounting=yes may not enable CPU controller in v240
  * NEWS: Add DisableControllers= to v240
  * Always explicitly discard popped stream type from __fsetlocking
  * tree-wide: Remove O_CLOEXEC from fdopen
  * cgroup: Don't explicitly check for member in UNIT_BEFORE
  * Merge pull request #11131 from poettering/make-lucab-happy
  * Merge pull request #11160 from poettering/read-line-more-tests
  * Merge pull request #11203 from keszybz/json-no-slash-escaping
  * Merge pull request #11212 from keszybz/mount-storm-revert
  * cgroup: Imply systemd.unified_cgroup_hierarchy=1 on cgroup_no_v1=all
  * cgroup: Add NEWS entry for cgroup_no_v1=all implying unified usage
  * cgroup: s/cgroups? ?v?([0-9])/cgroup v\1/gI
  * cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow
  * cgroup: Create UNIT_DEFINE_ANCESTOR_MEMORY_LOOKUP
  * unit: Add DefaultMemoryMin
  * Merge pull request #12336 from anitazha/disablecontroller
  * Merge pull request #12441 from ssahani/bridge-fdb
  * Merge pull request #12466 from yuwata/network-fix-issue-12452
  * cgroup: Polish hierarchically aware protection docs a bit
  * cgroup: Readd some plumbing for DefaultMemoryMin
  * cgroup: Support 0-value for memory protection directives
  * cgroup: Test that it's possible to set memory protection to 0 again
  * test: Remove superfluous error check
  * Merge pull request #12647 from cdown/dup
  * Merge pull request #11778 from anitazha/rfe_11654_dbus
  * systemctl: Prevent state_missing from being used uninit
  * cgroup: Prevent theoretical nullptr deref in unit mask calculation
  * NEWS: Remove DisableControllers from v243
  * dhcp: Log SIP server information correctly
  * networkd: Fix SIP double-free
  * Merge pull request #13605 from cdown/ono
  * Merge pull request #13481 from Antique/cgroupv2
  * Merge pull request #13641 from pwithnall/machinectl-docs-typo
  * Merge pull request #13636 from traylenator/manpage
  * Merge pull request #13648 from evverx/unbreak-semaphore
  * util-lib: Don't propagate EACCES from find_binary PATH lookup to caller
  * cgroup: docs: Mention unbounded protection for memory.{low,min}
  * cgroup: docs: memory.high doc fixups
  * cgroup: Check ancestor memory min for unified memory config
  * cgroup: Respect DefaultMemoryMin when setting memory.min
  * cgroup: Mark memory protections as explicitly set in transient units
  * Merge pull request #13689 from cdown/default_memory_min
  * Merge pull request #13691 from mrc0mmand/coverity-fixes
  * memory-util: Add PAGE_ALIGN_DOWN
  * cgroup: Allow checking systemd-internal limits against the kernel
  * cgroup: analyze: Match standard dump format
  * cgroup: analyze: Report memory configurations that deviate from systemd
  * Merge pull request #13743 from anitazha/dropin_all_the_things
  * Merge pull request #14423 from danielshahaf/zsh-add-missing-completions
  * cgroup: systemctl: Don't display NULL if protection was set to max
  * Merge pull request #15010 from cgzones/selinux_reload_cache_enforce
  * Merge pull request #14956 from ssahani/delegated-prefix-14474
  * Merge pull request #14904 from ssahani/dhcp-server-force-renew
  * Merge pull request #14893 from benzea/benzea/generator-path-environment-variables
  * Merge pull request #14901 from w-simon/fix-tests
  * virt: Detect proot virtualisation by ptrace metadata
  * virt: Use cache for VIRTUALIZATION_PROOT
  * man: systemd.service: systemd-analyze exit-codes -> exit-status
  * service: Display updated WatchdogUSec from sd_notify
  * doc: Try to clarify automount dependency confusion
  * doc: Put proot under "container" section
  * path: Skip directories when finalising $PATH search
  * path: Improve $PATH search directory case
  * systemctl: Fix shutdown time parsing across DST changes
  * core: Only apply unprivileged userns logic to user managers
  * systemctl: Support --timestamp for otherwise named properties
  * mkfs-util: Ignore btrfs compression when there is no dir to copy
  * repart: Force --rootdir population for btrfs with compression
  * test: Add integration test for btrfs compression in repart
  * sd-dhcp-server: Add Hostname= option to static leases
  * nspawn: Prevent invalid UIDs propagating in bind mounts
  * test: Add nspawn regression test for --link-journal --volatile
  * network/dhcp: several follow-ups for recent change (#39744)
  * tree-wide: several cleanups (#39746)
  * tests: Avoid variable shadowing in ASSERT_SIGNAL
  * fd-util: Add fd_is_writable() to check if FD is opened for writing
  * core: Verify inherited FDs are writable for stdout/stderr
  * tests: ASSERT_SIGNAL: Stop exit codes from masquerading as signals
  * tests: ASSERT_SIGNAL: Ensure sanitisers do not mask expected signals
  * tests: ASSERT_SIGNAL: Do not allow parent to hallucinate it is the child
  * tests: ASSERT_SIGNAL: Prevent hallucinating parent as child and confusing exit codes with signals (#39807)
  * nspawn: Fix broken host links for container journals
  * nspawn: Add integration test for --link-journal
  * nspawn: Fix broken host links for container journals (#39727)
  * Revert "nspawn: Fix broken host links for container journals" (#39879)

  [ Craig McLure ]
  * hwdb: Added Beacn and TC-Helicon Audio controllers (#37798)
  * hwdb: Add alternative mode for Beacn Mic (#39868)

  [ Matteo Croce ]
  * dbus-wait-for-jobs: change 'quiet' flag to enum
  * systemctl: show success messages when showing transaction
  * move dlfcn-util into basic
  * dynamically load compression libraries
  * Update TODO file
  * introduce FOREACH_ELEMENT
  * use FOREACH_ELEMENT
  * introduce hashmap_ensure_replace()
  * Use hashmap_ensure_replace()
  * use O_PATH when getting cgroup fd
  * use O_PATH to obtain cgroupfs fd
  * use O_PATH to get the root fds
  * homed: use O_PATH for FDs
  * homed: open blob dir with O_PATH
  * extend sysctl functions to shadow values
  * store the sysctls set by networkd
  * emit a warning in networkd if managed sysctls are changed
  * test-network: add test for sysctl watch
  * minor fixups for #32212
  * network/sysctl-monitor: change variable type to avoid preverifier denial
  * report bpf_current_task_under_cgroup() errors to userspace
  * timer: add unit tests for DeferReactivation
  * mkosi: install correct package for mypy
  * mkosi: move config options
  * mkosi: move config options
  * network: remove useless loop (#36648)
  * network: add log messages when a route can't be updated
  * test-network: check that network configuration is stable with KeepConfiguration=yes
  * condition: introduce ConditionVersion=/AssertVersion=
  * match glibc in ConditionVersion
  * test-network: check that network configuration is stable with KeepConfiguration=yes
  * test logind restart
  * test logind restart with different classes
  * use grep whole-word search
  * networkd: add test to ensure that untracked addresses are kept
  * networkd: ensure that unmanaged interfaces aren't touched
  * networkd: print a meaningful error on failure
  * test: add test for systemd upgrade
  * nspawn: create mountpoint for bpffs
  * tests: run test with CAP_BPF
  * core: split out setup_private_users_child()
  * core: Introduce PrivateBPF= to mount a private BPFFS
  * core: add options to delegate BPFFS token creation
  * man/systemd.exec: use constant instead of literal
  * man/systemd.exec: update documentation for PrivateBPF=
  * man/systemd.exec: explain how BPF token works
  * tests: avoid apt-get asking for user input
  * test: add basic test for timer serialization
  * NEWS: document BPF delegate options
  * core: suppress warning
  * libseccomp: fix build error
  * core: fix build error due to merge conflict in varlink-execute.h
  * oomd: check if a cgroup can be killed before attempting to kill it

  [ Christoph Anton Mitterer ]
  * sysusers: split up systemd.conf
  * meson: minor cleanup
  * sleep-config: add comment about security
  * man: fix typos
  * man: clarify quoting of `$` in command lines (#39494)
  * doc: indicate Type=oneshot also detects invocation failures
  * path-util: add generic `ignore` extension to the hidden/backup files
  * test-path-util: add test for the generic `ignore` hidden/backup extension
  * man: document some filename patterns that are generally ignored
  * man: clarify what “failed” means
  * man: use prefix number that matches the general suggestion
  * man: improve BindsTo= documentation
  * man: fix typo

  [ val4oss ]
  * mkosi conf opensuse: add systemd-journal-remote
  * mkosi conf opensuse: add libtss2-tcti-device0 dep
  * mkosi: update opensuse commit reference to 7d9cf5c934705c175766eaa688baa503da84e06a
  * mkosi conf opensuse: ukify from systemd-ukify
  * TEST-74-AUX-UTILS: use sshd_config.d
  * pam-util: fix pam_syslog_errno() ignoring the level parameter
  * pam_systemd: fix OSC write failure message appearing in error logs

  [ Marc-Antoine Riou ]
  * socket-label: apply SMACK label to socket and its file descriptor

  [ Quentin Deslandes ]
  * machine: switch to BusLocator-oriented helpers
  * sysctl: add --strict option to fail if sysctl does not exists
  * journal: remove unnecessary HAVE_PCRE2 check
  * nspawn: rename RemountIdmapFlags enum to RemountIdmapping
  * nspawn: add support for rootidmap bind option
  * tests: add nspawn's rootidmap integration test
  * set: add set_make_nulstr
  * journal: log filtering options support in PID1
  * systemctl: add support for LogFilterPatterns for show command
  * Create hash_ops structure to free keys of type pcre2_code
  * journal: filter log based on LogFilterPatterns
  * journal: add integration tests for log filtering
  * journald: fix followup comments on regex feature
  * core: add cg_path_get_unit_path()
  * journald: fix ignored filtering patterns for delegated cgroups
  * core: Add UserNamespacePath=
  * core: use proper service type of TEST-07-PID.user-namespace-path.sh
  * network: clear existing routes if Gateway= is empty in [Network]

  [ Martin Hundebøll ]
  * mount: add ReadWriteOnly property to fail on read-only mounts
  * man: document ReadWriteOnly property for mount units
  * fstab-generator: add x-systemd.rw-only option support
  * man: document x-systemd.rw-only fstab option
  * vmspawn: ignore failure from sshd-vsock@ unit
  * vmspawn: ignore failure from sshd-vsock@ unit
  * cryptsetup: fix wrong argument order for mechanism vs. name

  [ Simon Barth ]
  * man: Fix systemd-analyze exit-status example output
  * shell-completion: bash: Add systemd-analyze filesystems
  * shell-completion: bash: Add systemd-analyze calendar options

  [ Armin Brauns ]
  * NEWS: fix typo

  [ Philip Withnall ]
  * man: Fix a typo in systemd.exec.xml
  * man: Fix typo in sd_notify man page
  * man: Add missing <literal> tags in various man pages
  * pam_systemd: Fix some option names in error messages
  * service: Fix typo in warning message
  * man: Add some notes about variable $prefix for StateDirectory=
  * dbus-scope: Factor out common UNIT(s) cast
  * shared: Factor out bus_append_scope_property() for scopes
  * scope: Refactor timer handling on coldplug
  * man: Add a missing space in machinectl(1)
  * scope: Support RuntimeMaxSec= directive in scope units
  * pam_systemd: Forward systemd.runtime_max_sec setting to session scope
  * man/os-release: Add VENDOR_NAME= and VENDOR_URL= keys to os-release
  * man: Fix a minor typo in the org.freedesktop.login1 man page
  * docs: Fix some confusing wording in various D-Bus docs
  * docs: Clarify that login1 signals are not emitted for convenience objects
  * docs: Fix some confusing wording in various D-Bus docs
  * docs: Clarify that login1 signals are not emitted for convenience objects
  * docs: Update MEMORY_PRESSURE to mention recent improvements in GLib

  [ Pranay Pawar ]
  * hwdb: Fix keyboard backlight keys on Acer Nitro 5 AN515-58 (#39769)

  [ Charlie Le ]
  * hwdb: Add Elecom IST Pro trackball (#39762)

  [ Jörg Behrmann ]
  * NEWS: fix typos
  * man: add missing "and" to importctl description
  * NEWS: style fixes and a few reformulations
  * NEWS: typo fixes
  * man: document /usr/local/lib in search paths
  * kernel-install: Remove existing loader entries and UKIs
  * NEWS: fix typos and remove backticks
  * man: Use proper conjunction and remove superfluous or
  * ukify: Format with ruff
  * ukify: Import Path directly
  * ukify: Sort imports
  * ukify: Use non-deprecated import for Sequence
  * ukify: Use OSError insteead of IOError
  * ukify: Make it lint clean
  * ukify: Type-annotate ukify
  * ukify: Move summary option handling out of finalize_options
  * ukify: Ensure that find_tool always returns a tool or throws an error
  * ci: Check ukify types and formatting.
  * ukify: Factor out sbat into constants
  * ukify: Fix systemd-measure detection in tests
  * ukify: Add missing typing for iterator
  * ukify: Require both key and cert be set in generate_keys
  * ukify: Fix type of UKI.executable
  * ukify: Add a unified interface for signing tools
  * ukify: Add UkifyConfig
  * ukify: Add more mypy options
  * vmspawn: switch from -drive to -blockdev option
  * tests: remove cache=unsafe from TEST-64-UDEV-STORAGE
  * vmspawn: switch from -drive to -blockdev option
  * tests: remove cache=unsafe from TEST-64-UDEV-STORAGE
  * man: add missing fdstore in systemctl clean --what documentation
  * man, systemctl: document --what=help
  * man: note for systemctl clean --what that commas separate values
  * systemct: show all in output of systemctl clean --what=help
  * man: add missing fdstore in systemctl clean --what documentation
  * man, systemctl: document --what=help
  * man: note for systemctl clean --what that commas separate values
  * systemct: show all in output of systemctl clean --what=help
  * NEWS: fix typos
  * news: fix typo
  * man: add note about extending machine-info to man page
  * tools: ignore root element explicitly in check-version-history
  * man: unify spelling of OS-specific
  * man: change lexical to lexicographic
  * NEWS: fix typos

  [ Armin Wolf ]
  * keymap: Ignore brightness keys on Dell Inspiron 3505 to avoid double events

  [ Emil Renner Berthing ]
  * boot/efi: compile on riscv64
  * sd-boot: Support installing new devicetree
  * 90-loaderentry: support installing device trees
  * musl: add fallback parse_printf_format() implementation

  [ Ivan Kruglov ]
  * ASSERT_NULL/ASSERT_NOT_NULL
  * ASSERT_STREQ for simple cases
  * machine: resolve race condition in TEST-13-NSPAWN.machinectl.sh
  * machine: generalise logic GetMachineAddresses to later use it in varlink interface
  * machine: generalise logic GetOSRelease to later use it in varlink interface
  * machine: io.systemd.Machine.List supports 'pid' filter
  * machine: introduce io.systemd.Machine.Unregister varlink method
  * machine: introduce io.systemd.Machine.Terminate varlink method
  * machine: introduce io.systemd.Machine.Kill varlink method
  * machine: use JSON_BUILD_PAIR_STRING_NON_EMPTY() in io.systemd.Machine.List output
  * machine: extend io.systemd.Machine.List output with sshPrivateKeyPath field
  * machine: tests for varlink interfaces
  * machine: complete description of io.systemd.Machine.{List, Terminate, Kill, Unregister} methods
  * machine: remove redundant else if lookup_machine_by_name_or_pid()
  * sd-json: add sd_json_dispatch_signal()
  * machine: use sd_json_dispatch_signal() in varlink code
  * machine: switch to use PidRef when lookup machine by pid in dbus and varlink interfaces
  * sd-json: add sd_json_dispatch_pid()
  * machine: use sd_json_dispatch_pid() in varlink code
  * machine: fix misnamed params in src/shared/discover-image.h
  * machine: move manager_acquire_image to src/machine/machined-core.c
  * machine: generalize rename_image_and_update_cache() logic
  * machine: introduce io.systemd.MachineImage.List varlink method
  * machine: introduce io.systemd.MachineImage.Update varlink method
  * machine: listen on io.systemd.MachineImage socket
  * machine: tests for varlink interfaces
  * machine: rework Operation logic to reuse in varlink interface
  * machine: enum AcquireMetadata
  * machine: add OSRelease and UIDShift fields in varlink io.systemd.Machine.List output
  * machine: add Addresses field in varlink io.systemd.Machine.List output
  * machine: use AcquireMetadata in io.systemd.MachineImage.List method
  * machine: add tests for Addresses/OSRelease/UIDShift fields in io.systemd.Machine.List output
  * machine: operation should not send a response when 'done' callback set
  * machine: align polkit verb of io.systemd.MachineImage.Update with the rest of the code
  * machine: introduce report_errno_and_exit()
  * machine: use report_errno_and_exit() in dbus code
  * machine: introduce io.systemd.MachineImage.Clone method
  * machine: introduce io.systemd.MachineImage.Remove method
  * machine: reuse VARLINK_DEFINE_IMAGE_LOOKUP_AND_POLKIT_FIELDS in io.systemd.MachineImage.Update declaration
  * machine: use ImageUpdateParameters in io.systemd.MachineImage.Update
  * machine: tests for io.systemd.MachineImage.{Clone, Remove} methods
  * machine: remove redundant --more in TEST-13-NSPAWN.machined
  * process-util: introduce report_errno_and_exit() as part of src/basic/process-util.{h,c}
  * use report_errno_and_exit() in src/shutdown/umount.c
  * use report_errno_and_exit() in src/shared/mount-util.c
  * use report_errno_and_exit() in src/shared/dissect-image.c
  * use report_errno_and_exit() in src/shared/elf-util.c
  * use report_errno_and_exit() in src/core/exec-invoke.c
  * machine: introduce machine_start_getty() and machine_start_shell() helpers
  * machine: machine_default_shell_path() & machine_default_shell_args() helper functions
  * json: introduce json_dispatch_strv_environment()
  * machine: introduce io.systemd.Machine.Open method
  * machine: tests for io.systemd.Machine.Open
  * machine: increase timeouts in attempt to fix #35115
  * machine: add debug for systemd-nspawn@.service
  * machine: introduce io.systemd.Machine.{MapFrom, MapTo} methods
  * machine: tests for io.systemd.Machine.{MapFrom, MapTo} methods
  * machine: make TEST-13-NSPAWN wqlong-running code more verbose
  * machine: add debugging info to trace #35115
  * machine: introduce io.systemd.Machine.BindMount method
  * machine: tests for io.systemd.Machine.BindMount
  * machine: adjust operation callback logic for varlink
  * machine: split operation initialization into two steps
  * machine: introduce machine_copy_from_to() helper
  * machine: use machine_copy_from_to() in dbus implementation
  * machine: introduce io.system.Machine.{CopyFrom, CopyTo} methods
  * machine: tests for io.systemd.Machine.{CopyFrom, CopyTo} methods
  * machine: move io.systemd.Machine.Map* tests into right position
  * process-util: read_errno()
  * machine: machine_open_root_directory()
  * machine: use machine_open_root_directory() in dbus
  * machine: introduce io.systemd.Machine.OpenRootDirectory
  * machine: tests for io.systemd.Machine.OpenRootDirectory
  * machine: set SD_VARLINK_SERVER_ALLOW_FD_PASSING_OUTPUT for varlink server
  * basic: fixes in read_errno()
  * machine: fix logging of errno in machine_open_root_directory()
  * machine: VARLINK_ERROR_MACHINE_* defines
  * machine: VARLINK_ERROR_MACHINE_IMAGE_* defines
  * shared: image_set_pool_limit()
  * machine: use image_set_pool_limit() in dbus
  * machine: introduce io.systemd.MachineImage.SetPoolLimit
  * machine: tests for io.systemd.MachineImage.SetPoolLimit
  * machine: rename machine_copy_from_to() -> machine_copy_from_to_operation()
  * machine: image_clean_pool_operation()
  * machine: use image_clean_pool_operation() in dbus
  * machine: introduce io.systemd.MachineImage.CleanPool
  * machine: tests for io.systemd.MachineImage.CleanPool
  * docs: clarify userns mapping when /proc/sys is rw
  * meson: introduce PROJECT_VERSION_STR and use it in udev
  * log: log_get_target_max_level()
  * core: common rlimits code and structures
  * socket-util: socket_address_equal_unix()
  * shared: varlink_server_contains_socket()
  * shared: watchdog_get_last_ping_as_dual_timestamp()
  * core: introduce io.systemd.Manager.Describe method
  * tests: tests for io.systemd.manager.Describe
  * tests: fix TEST-74-AUX-UTILS.varlinkctl.sh (#37562)
  * core: manager-varlink.{c,h} -> varlink-manager.{c,h}
  * core: lowercase Context/Runtime
  * core: skeleton for io.system.Unit interface and io.systemd.Unit.List method
  * core: Unit Runtime in io.systemd.Unit.List method
  * json: json_dispatch_const_unit_name()
  * json: add unit tests for json_dispatch_const_unit_name()
  * core: add basic lookup by name/pidref in io.systemd.Unit.List
  * test: quote entire path to socket in io.systemd.Manager tests
  * test: simple tests for io.systemd.Unit varlink interface
  * core: break line after sd_json_buildo( in varlink-manager.c
  * core: *ret = NULL for early return in unit_mounts_for_build_json()
  * core: adding CGroup context for io.systemd.Unit.List
  * core: adding CGroup runtime for io.systemd.Unit.List
  * selinux-util: mac_selinux_get_peer_label()
  * selinux-utils: rename and expose log_selinux_enforcing_errno()
  * selinux: rename mac_selinux_access_check_internal() -> mac_selinux_access_check_bus_internal()
  * selinux: get_our_contexts()
  * core: move Version/Arch/Features/Taints/UnitPath from context to runtime
  * core: fix double Environment present in both context and runtime
  * core: move RuntimeWatchdog* + RebootWatchdog + KExecWatchdog from runtime to spec
  * core: move WatchdogDevice from runtime to context
  * core: move ShowStatus/Log* from runtime to context
  * core: move ConfirmSpawn from runtime to context
  * core: move ControlGroup move runtime to context
  * core: leave a comment about context/runtime split
  * selinux: check_access()
  * selinux: mac_selinux_access_check_varlink_internal()
  * selinux: mac_selinux_unit_access_check_varlink macros
  * core: move DebugInvocation from runtime to context in io.systemd.Unit.List
  * core: move Slice from runtime to context in io.systemd.Unit.List
  * core: leave comments in varlink-unit.c and varlink-cgroup.c about runtime/context split
  * core: fix mac_selinux_unit_access_check_varlink() macro
  * core: more use of log_selinux_enforcing_errno() in selinux-access.c
  * core: merging errno usage in access_init()
  * json: helper macros JSON_BUILD_PAIR_CONDITION_*()
  * json: helper macro JSON_BUILD_PAIR_YES_NO()
  * nsflags: namespace_flags_to_strv()
  * basic: secure_bits_to_strv()
  * core: move cpuset_build_json() to varlink-common
  * core: exec_log_level_max_with_exec_params()
  * core: ExecContext for io.systemd.Unit.List method
  * core: add comments in varlink-io.systemd.Unit.c
  * basic: pidref_is_set_or_automatic()
  * core: make name/pid lookup params use AND logic in io.systemd.Unit.List
  * core: io.systemd.Unit.List can lookup unit by CGroup
  * core: io.systemd.Unit.List can lookup by InvocationID
  * test: lookup a unit by cgroup and invocationID in TEST-74-AUX-UTILS.varlinkctl
  * core: enable SELinux checks in io.systemd.Unit.List
  * docs: initial version of varlink guideline

  [ Chen Qi ]
  * socket-util.h: include string.h
  * machine-id-setup: avoid unexpected aborting
  * Revert "Revert "journal: Make sd_journal_previous/next() return 0 at HEAD/TAIL""
  * src/boot/efi/meson.build: ensure VERSION_TAG exists in case of cross build
  * musl: add missing FTW_CONTINUE macro

  [ Bastian Almendras ]
  * hwdb: add entry for Acer Switch One 10 (SW1-011) (#39716)

  [ Ingo Franzki ]
  * integritysetup: Add support for hmac-sha512
  * integritysetup: Add PHMAC algorithm to list of known algorithms

  [ Frank Heimes ]
  * initramfs-tools: only skip chzdev rules if zdev_early=0

  [ Goffredo Baroncelli ]
  * bootctl: ignore the bootloader boot entries
  * bootctl: removed unused parameter only_auto
  * Allow uneven length BootXXXX variables
  * libsystemd: add new type SD_PATH_SEARCH_SYSCTL for sd_path_lookup*
  * systemd-path: add new type SD_PATH_SEARCH_SYSCTL
  * systemd-sysctl: add SD_PATH_SEARCH_SYSCTL

  [ Dimitri John Ledkov ]
  * test/test-functions: on PP64 use vmlinux
  * test/test-functions: on PPC64 use hvc0 console
  * debian/tests/storage: improve cleanups.
  * debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey.
  * debian/tests/control: add socat to upstream tests for pull #11591
  * Blacklist TEST-10-ISSUE-2467 #11706
  * debian/tests/storage: fix for LUKS2 and avoid interactive password prompts.
  * Build manpages in .deb variant.
  * Build manpages in .deb variant.
  * Generate stable machine-id and DHCP client ID on POWER KVM.
  * boot: Load LoadOptions cmdline, if none is available.
  * boot: Add ARM64 support to the EFI stub
  * initrd: make udev cleanup service confict trigger and settle too
  * Add libfdisk-dev build-depends for upstream CI for repart tool.
  * Add build-depends libssl-dev, libp11-kit-dev, libpwquality-dev for upstream CI of homed.
  * When doing upstream ci, install any missing files into the systemd package.
  * Install missing files, prior to deduplication.
  * core: in execute, Never fail setting Nice priority
  * meson: initialize time-epoch to reproducible builds compatible value
  * Enable EFI/bootctl on armhf.
  * resolve: lift limits on search domains count or length
  * gpt: add RISC-V GPT partition typecode uuid
  * Merge pull request #19346 from mihajlov/dhcp_broadcast_l3
  * boot/efi: add ARM (THUMB) and RISCV64 machine types
  * boot: add optional EFI SBAT support
  * Merge pull request #19436 from xnox/sbat
  * boot/efi: install ELF linux.elf.stub in addition to PE linux.efi.stub
  * boot/efi: add --build-id=sha1 to ELF efi objects
  * test: set 5 minute timeout on TEST-11-ISSUE-3166 and TEST-50-DISSECT
  * udev-udeb: ship modprobe.d snippet to force scsi_mod.scan=sync in d-i
  * Revert "resolved: address DVE-2018-0001"
  * docs: Update CPE fields in package metadata spec
  * Symlink NVD CPE search
  * docs: Update CPE fields in package metadata spec (#36251)
  * TODO: add that libmicrohttpd2 has openssl support (#39433)
  * bootctl: calculate secureboot state taking MokSBStateRT into account (#39298)

  [ Masanari Iida ]
  * systemd-logind: Add signal section in man systemd-logind

  [ gvenugo3 ]
  * core: Add wall clock duration to CPU usage logging
  * systemctl: drop unnecessary unit_is_masked() check in edit
  * systemctl: check if unit is masked in unit_find_paths()
  * systemctl: support --global and --root in edit and cat

  [ Marcel Leismann ]
  * po: Translated using Weblate (German)

  [ Weblate Translation Memory ]
  * po: Translated using Weblate (Slovenian)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (Swedish)
  * po: Translated using Weblate (German)
  * po: Translated using Weblate (German)
  * po: Translated using Weblate (German)
  * po: Translated using Weblate (German)

  [ Gero Schwäricke ]
  * rules: add rule to generate unique symlinks for gpio devices

  [ Hosted Weblate ]
  * po: Update translation files

  [ Dr. David Alan Gilbert ]
  * nspawn: Fix help typo
  * network: Typo fix configur*a*d

  [ Maximilian Bosch ]
  * service: setup credentials for ExecCondition

  [ Anton Tiurin ]
  * test: use assertion macroses
  * networkctl: list drop unused dbus connection
  * networkctl: change bitrate format from 'bps' to 'Bps'
  * networkd: fia xRequiredOperationalStateForOnline serializtion
  * networkctl: change bitrate format from 'bps' to 'Bps'
  * networkd: fia xRequiredOperationalStateForOnline serializtion
  * network: expose Describe Varlink, use for networkctl list & status

  [ Francesco Valla ]
  * modules-load: implement parallel module loading

  [ jouyouyun ]
  * gitignore: add aider
  * bootctl: fix typo
  * backlight: fix typo
  * nss-myhostname: use FAMILY_ADDRESS_SIZE instead of the integer 16 when copying ip addr
  * cgls: print error messages when --unit and --user-unit are used together
  * nss-resolve: fix the ip addr family validity check method
  * nss-systemd: fix memory leak
  * pcrextend: fix wrong format in log

  [ cvlc12 ]
  * Define 'microcode' type of initrd for the kernel-install staging area.
  * Add docs, improve log comments.
  * Fix quoting
  * Make ukify the default ifUKI_GENERATOR is unset
  * Update kernel-install man page, Ukify is the default UKI_GENERATOR
  * man: update PCR and Secure Boot key names and paths
  * kernel-install: add uki.conf example
  * man: update example in systemd-measure.xml (#35506)
  * man: update example in systemd-measure.xml (#35506)
  * man: change "secureboot-private-key.pem" filename for consistency
  * homectl: Use 'user_subvol_rm_allowed' for btrfs by default.
  * man: systemd-measure. Remove 'tpm2-pcrs=' from cryptenroll command (#39590)

  [ Managor ]
  * Update systemctl.xml
  * Update systemctl.xml
  * systemctl.xml: fix line breaks in documentation anchor links
  * systemctl.xml: unify ellipsis (#39586)

  [ Nils K ]
  * Fix references to ReadOnly=
  * Fix reference to FileDescriptorStoreMax= directive
  * core: improve finding OnSuccess=/OnFailure= dependent (#35468)
  * man: fix username prefix mentioned in manual for capsule users (#39573)

  [ Alberto Planas ]
  * creds-util: check for CAP_DAC_READ_SEARCH
  * creds-util: do not try TPM2 if there is not support
  * creds-util: merge the TPM2 detection for initrd
  * Fix typo in verb_make_policy explanation
  * Use .d path for PCRLOCK_KERNEL_*_PATH
  * Measure empty PK and KEK EFI vars
  * pcrlock: add make_pcrlock_record_from_stream
  * string-util: add find_line[_after] functions
  * repart: add --append-fstab parameter
  * repart: support "nodatacow" in btrfs subvolumes

  [ Florian ]
  * man: fix outdated link to freedesktop.org documentation (#39511)

  [ dgengtek ]
  * man: clarify requirements for BridgeVLAN to work

  [ Marcos Alano ]
  * hwdb: add G-Mode key support (#37175)
  * Add emulated release to G-Mode key
  * Enable KEY_PERFORMANCE key present on Linux 6.17
  * hwdb: add support for the Logitech MX Master 4 (#39490)

  [ Moisticules ]
  * hwdb: gpd micropc2 sensor (#39493)

  [ Rafael Fontenelle ]
  * Update Brazilian Portuguese translation
  * po: update Brazilian Portuguese translation
  * po: update Brazilian Portuguese translation
  * po: Translated using Weblate (Portuguese (Brazil))

  [ Allison Karlitskaya ]
  * man: document "web" session type
  * test/README.md: mention `mkosi genkey`
  * copy: add support for copying fs-verity status
  * test: add a testcase for copy_tree() and fs-verity
  * mkfs-util: rename a local variable
  * mkfs-util: turn quiet/discard to a flags field
  * mkfs-util: add fsverity option to make_filesystem()
  * repart: Collect CopyFiles= lines into structs
  * repart: add 'fsverity' flag for CopyFiles= lines
  * NEWS: fix description of CopyFiles==::fsverity=copy
  * copy: return immediately on fs-verity failures
  * getty-generator: add support for fine-grained control of execution modes
  * man: add docs for ssh.ephemeral-authorized_keys-all
  * udevadm: flush output after each monitor event

  [ Ronan Pigott ]
  * man: fix typo in resolvectl(1) man page
  * systemctl: Add unit file states to state help message
  * shell-completion: enable resolvectl zsh completion
  * shell-completion: add resolvectl commands to zsh completion
  * zsh: add busctl completions
  * shell-completion: complete --match argument for busctl
  * zsh: update journalctl completions
  * zsh: udpate bootctl completions
  * shell-completion/zsh: update systemd-analyze completions
  * docs: fix gpt-auto-generator manpage link
  * zsh: correct journalctl command completion parsing
  * zsh: add systemd-path completions
  * sd-path: include 'search' in search pathnames
  * zsh: loginctl: complete alias 'self'
  * loginctl: add -P as short for --value --property=
  * journalctl: show boot id in the reboot context separator
  * systemctl: edit: fix double free of instanced name
  * core: permit sending augmented enable/disable methods
  * load-fragment: add user credential specifiers to user.conf
  * resolve: refuse mdns scope for ipv4 broadcast addresses
  * zsh: remove usage of PREFIX in _systemctl
  * zsh: add service-log-{level,target} completions for systemctl
  * zsh: amend completion for networkctl edit
  * systemd-analyze: allow --quiet for condition checks
  * dhcp-client: parse RFC8910 captive portal dhcp option
  * dhcp6-client: parse RFC8910 captive portal dhcp6 option
  * ndisc: parse RFC8910 captive portal ipv6ra option
  * network: Introduce UseCaptivePortal DHCPv4 option
  * network: Introduce UseCaptivePortal DHCPv6 option
  * network: Introduce UseCaptivePortal IPv6RA option
  * networkd: include captive portal information in link json description
  * networkctl: show captive portal configuration in link status
  * test-network: add tests for captive portal dhcp options
  * ndisc: clear ndisc captive portal value on bogus zero-len option
  * ndisc: reject malformed captive portal URI with EBADMSG
  * dhcp6: relax data assert in dhcp6_option_parse_string
  * test-network: add test for an invalid captive portal uri
  * zsh: typo in systemctl completions
  * zsh: suppress aliases and shell functions when calling systemctl
  * zsh: default to system manager when not specified
  * zsh: stop forcing unit file cache rebuilds
  * zsh: update default caching policy for units
  * zsh: remove unit property caching
  * zsh: use glob matching for template names
  * zsh: use sys_really_all_units for non-template names
  * zsh: reintroduce pattern argument to uncached verbs
  * zsh: busctl: fix flags parsing for properties
  * network: include SSID in ipv6 stable prefix address generation
  * editorconfig: add NEWS whitespace configuration
  * network: cleanup unreachable condition in dhcp client path
  * network: implement RFC4039 DHCP Rapid Commit
  * test-network: add dhcp rapid commit test
  * network: introduce SendHostname/Hostname DHCPv6 options
  * network: free dhcp6_hostname
  * resolvectl: do not sort domain output
  * resolved-util: NUL-terminate host label
  * typo: transer -> transfer
  * dns: update record type enum to match iana
  * dns: introduce more EDNS codes from IANA
  * dns: remove some magic numbers
  * resolved: delay server feature detection
  * resolved: support RFC 8914 EDE error codes
  * resolved: add transaction result for upstream failures
  * dns: add svcparam iana enum constants
  * resolved: enable RFC9460 SVCB and HTTPS records
  * escape: introduce decescape
  * resolvectl: implement SVCB and HTTPS presentation format
  * resolvectl: add SVCB and HTTPS json format
  * test-resolve: add basic test for SVCB/HTTPS RRs
  * resolved: limit the number of signature validations in a transaction
  * resolved: reduce the maximum nsec3 iterations to 100
  * resolve: skip IP_UNICAST_IF for local sockets
  * resolved: decrease mdns/llmnr priority for the reverse mapping domains
  * man/resolve: update DNSSEC description
  * resolved: refuse queries with no suitable scope
  * resolved: don't cache NXDOMAIN for SUDN resolver.arpa
  * resolved: also reply NOTIMP when refusing a query based on RR type
  * resolved: wait to gc transactions if they might still give an answer
  * dnssd: support service subtypes
  * resolved: don't request the SOA for every dns label
  * resolved: request DS with DNSKEY
  * dnssd: don't advertise subtype PTRs to the browsing domain
  * resolved: minor dnssec fixups
  * resolved: always return the validated answers when validating
  * network: save the real rdnss address
  * resolve: really always initialize aux
  * resolved: use NULL to represent an empty answer
  * resolved: always progress DS queries
  * resolved: probe for dnssec support in allow-downgrade mode
  * resolved: validate authentic insecure delegation to CNAME
  * resolved: permit dnssec rrtype questions when we aren't validating
  * zsh: add run0 completions
  * path: drop IN_ATTRIB from parent directory watches
  * zsh: add varlinkctl completions
  * zsh: update varlinkctl completions
  * resolved: report svc params as a json object
  * resolved: Don't retry queries that indicate net error
  * resolved: don't treat conn reset as packet loss
  * units: drop "-p" flag from agetty's login options
  * resolved: demote the global unicast scope
  * Revert "resolved: demote the global unicast scope"
  * resolved: introduce dns_server_is_fallback
  * resolved: introduce link_set_default_route
  * resolved: use the fallback servers when no default dns is configured
  * resolved: demote the fallback dns servers
  * resolved: clear the AD bit for bypass packets
  * dns: introduce dns_name_from_wire_format
  * network: Introduce sd_dns_resolver
  * network: parse RFC9463 DHCPv4 DNR option
  * load-fragment: terminate the specifier table (#34421)
  * busctl: add wait verb to wait for signals
  * busctl: add a test for busctl wait
  * resolved: authenticate bypass queries
  * resolved: enable CD bit without DO set
  * resolved: update condition for caching full packets
  * test: exercise bypass mode on the sd-resolved stub
  * network: Introduce UseDNR DHCPv4 option
  * network: Add serialization for DoT resolvers
  * network: Serialize DNR servers
  * test-network: add test for DHCPv4 DNR
  * test-dhcp6: terminate fqdn option
  * dhcp6: use dns_name_from_wire_format
  * network: Parse RFC9463 DHCPv6 DNR option
  * network: Introduce UseDNR DHCPv6 option
  * network: Serialize DHCPv6 DNR servers
  * test-network: add DHCPv6 DNR test
  * ndisc: Parse RFC9463 encrypted DNS (DNR) option
  * network: Introduce IPv6RA UseDNR= option
  * network: Serialize ipv6ra DNR
  * test/fuzz: add dnr packets
  * network: add dnr resolvers to networkctl status json output
  * ndisc: implement ndisc_option_build_encrypted_dns
  * resolve: move sd-* api into libsystemd-network
  * resolved: validate noerror response for CNAMEs
  * network: adjust log message about DNR
  * network: add missing else in dhcp_lease_load
  * network: Restrict the valid charset of DNR names
  * pam: quiet a spurious debug message
  * network: limit the total number of Encrypted DNS options processed
  * network: handle ENODATA better with DNR
  * dbus: log disconnect on api and system busses
  * manager: add list of subscribers to dump info
  * network: don't warn with no NSID assigned
  * dbus: log disconnect on api and system busses
  * manager: add list of subscribers to dump info
  * network: don't warn with no NSID assigned
  * pam: add session class "none" to disable logind sessions
  * test: add session class "none" login test
  * dbus: stash the subscriber list when we disconenct from the bus
  * manager: s/deserialized_subscribed/subscribed_as_strv
  * zsh: complete positional devpath in udevadm info/trigger
  * zsh: complete positional devpath in udevadm info/trigger
  * zsh: add completion for dbus bus address

  [ Jim Spentzos ]
  * po: Translated using Weblate (Greek)
  * po: Translated using Weblate (Greek)
  * po: Translated using Weblate (Greek)
  * po: Translated using Weblate (Greek)

  [ Daniel Hast ]
  * tree-wide: add basic validation of --background argument

  [ Michal Sekletar ]
  * journald: correctly attribute log messages also with cgroupsv1
  * core: do cgroup migration first and only then connect to journald
  * man: document db_persist udev rules OPTION
  * process-util: don't use overly large buffer to store process command line
  * logind: don't print warning when user@.service template is masked
  * selinux: don't log SELINUX_INFO and SELINUX_WARNING messages to audit
  * cryptsetup-generator: set high OOM score for systemd-cryptsetup instances
  * shared/cpu-set-util: make transfer of cpu_set_t over bus endian safe
  * shared/cpu-set-util: introduce cpu_set_to_range()
  * systemctl: present CPUAffinity mask as a list of CPU index ranges
  * Merge pull request #12628 from keszybz/dbus-execute
  * dbus-execute: make transfer of CPUAffinity endian safe (#12711)
  * execute: dump CPUAffinity as a range string instead of a list of CPUs
  * cpu-set-util: use %d-%d format in  cpu_set_to_range_string() only for actual ranges
  * core: introduce NUMAPolicy and NUMAMask options
  * execute: drop SYNTHETIC_ERRNO because error code was received from the apply_numa_policy()
  * path: stop watching path specs once we triggered the target unit
  * core/cgroup: fix return value of unit_cgorup_freezer_action()
  * udev: run link_update() with increased retry count in second invocation
  * install: refactor find_symlinks() and don't search for symlinks recursively
  * selinux: support infering SELinux label also from socket not connected to stdin
  * sd-event: take ref on event loop object before dispatching event sources
  * boot: don't build bootctl when -Dgnu-efi=false is set
  * sd-event: introduce callback invoked when event source ratelimit expires
  * core: rename/generalize UNIT(u)->test_start_limit() hook
  * mount: make mount units start jobs not runnable if /p/s/mountinfo ratelimit is in effect
  * mount: retrigger run queue after ratelimit expired to run delayed mount start jobs
  * unit: add jobs that were skipped because of ratelimit back to run_queue
  * udev/net_id: avoid slot based names only for single function devices
  * core: shorten long unit names that are based on paths and append path hash at the end
  * tests: add test case for long unit names
  * tests: reflect that we can now handle devices with very long sysfs paths
  * unit: check for mount rate limiting before checking active state
  * tests: make sure we delay running mount start jobs when /p/s/mountinfo is rate limited
  * logind: remember our idle state and use it to detect idle level transitions
  * tests: verify that Lock D-Bus signal is sent when IdleAction=lock
  * logind: don't start user@UID.service instance for background sessions
  * tests: add test for handling of background sessions
  * NEWS: mention change in default behavior of background sessions
  * Revert "NEWS: mention change in default behavior of background sessions"
  * Revert "tests: add test for handling of background sessions"
  * Revert "logind: don't start user@UID.service instance for background sessions"
  * scope: allow unprivileged delegation on scopes
  * rules: import previous SYSTEMD_READY state for suspended DM devices and skip other rules
  * core/load-fragment: move config_parse_sec_fix_0 to src/shared
  * logind: add option to stop idle sessions after specified timeout
  * tests: add test for StopIdleSessionSec= option
  * logind: schedule idle check full interval from now if we couldn't figure out atime timestamp
  * core: add possibility to not track certain unit types
  * basic: add fallback in chase_symlinks_and_opendir() for cases when /proc is not mounted
  * argv-util: do proper permission check while when changing process name
  * units: allow systemd-userdbd to change process name
  * man: add util-linux to the package list for Fedora container
  * core/mount: replace invalid UTF-8 code points in "what" and "options"
  * core/service: when resetting PID also reset known flag
  * core/transaction: drop job that has unfulfilled required (Requires, BindsTo) dependencies
  * pam: add call to pam_umask
  * dns-domain: fix the RFC reference
  * logind: introduce CreateSessionWithPIDFD()
  * fstab-generator: drop nofail and noauto options for critical mounts
  * man: change title of the section to better reflect actual content
  * man: document nameserver= option
  * resolved: actually check authenticated flag of SOA transaction
  * core/manager: add dbus API to create auxiliary scope from running service
  * tests: add test for StartAuxiliaryScope()
  * logind: don't setup idle session watch for lock-screen and greeter
  * service: allow MainPID= updates during stop of the service
  * libsystemd: link with '-z nodelete'
  * socket: fix socket activation of stopped services with pinned FD store
  * coredump: generate properly symbolized stacktrace for containerized processes
  * docs: use actual docs/HACKING.md URL
  * analyze: modernize opening ELF binary a bit
  * analyze: don't use Yoda conditions
  * coredump: rework attaching container mount trees
  * coredump: merge variable definitions
  * coredump: fix line spacing
  * coredump: check for and close unexpected FDs
  * coredump: use more appropriate return code
  * coredump: get rid of redundant double space
  * coredump: fix coding style
  * coredump: use FORK_LOG to get more precise logging
  * coredump: store actual fd in appropriate variable
  * coredump: use FORK_WAIT
  * coredump: rework gather_pid_mount_tree_fd()
  * coredump: rename AccessContainer= to EnterNamespace=
  * test: add test coverage for EnterNamespace=
  * coredump: allow only empty messages after first "sentinel"
  * man: adjust description of PrivateUsers= so it is in line with reality
  * core/namespace: relabel bind mount source based on the target path
  * core/namespace: relabel bind mount source based on the target path
  * basic/namespace-util: obtain uid and gid before unsharing user namespace
  * basic/namespace-util: obtain uid and gid before unsharing user namespace
  * Revert "coredump: lock down EnterNamespace= mount even more"
  * sd-bus/bus-track: use install_callback in sd_bus_track_add_name()
  * coredump: drop RestrictSUIDSGID= option (#38640)
  * pam_systemd: honor session class provided via PAM environment
  * coredump: handle ENOBUFS and EMSGSIZE the same way

  [ Simon McVittie ]
  * d/libnss-systemd.postinst: Ensure module is enabled for all four databases

  [ Thomas Blume ]
  * systemd-coredump: allow setting external core size to infinity
  * basic/mountpoint-util:  skip dependency on quota services for some filesystems
  * udev-rules: fix nvme symlink creation on namespace changes
  * test: use setpriv instead of su for user switch from root
  * test/test-functions: fix typo in install_suse_systemd()
  * units: make templates for quotaon and systemd-quotacheck service
  * test: set TEST_NESTED_KVM as default
  * test: add policy packages for TEST-06-SELINUX in openSUSE

  [ DaanDeMeyer ]
  * userdbctl: Fix error handling
  * fd-util: Move RAW_O_LARGEFILE definition to fd-util.h
  * fd-util: Move O_ACCMODE_STRICT to fd-util.h
  * tree-wide: Add initrd presets
  * presets: Disable by default for initrd presets
  * man: Fix typo
  * ask-password-api: Add more debug logging
  * basic: Use Static_assert() in missing_syscall_def.h
  * basic: Add open_tree_attr() syscall wrapper
  * forward: Add struct mount_attr forward declaration
  * nspawn: Support idmapped mounts on homed managed home directories
  * nspawn: Improve log message
  * nspawn: Use in_child_chown() in one more place
  * vmspawn: Disable hpet for vmspawn x86 virtual machines
  * escape: Make quote_command_line() argument const
  * vmspawn: Use virtio-blk-pci for image instead of virtio-scsi-pci
  * socket-activate: Always send NOTIFY=ready
  * mkosi: update mkosi commit reference to 184472f0f1f831ca29953546ec01fd941ff763a6
  * mkosi: Simplify centos/fedora configuration
  * mkosi: Drop unnecessary [Match] sections
  * tree-wide: Use "mkosi box" instead of "mkosi sandbox"
  * ruff: Default to python 3.7 version
  * userdb: Add userdb.transient credentials
  * mkosi: Drop epel-next repository for CentOS
  * mkosi: Fix installation conditions for rpmautospec-rpm-macros
  * test: Fix --capability=CAP_BPF condition
  * journal: Fix socket max level initialization
  * core: Fix scope SIGTERM logging
  * workflows: Use hyphens in filenames instead of underscores
  * basic: Use hyphens in missing header names instead of underscores
  * boot: Use hypen in efi-config.h instead of underscore
  * bpf: Use hyphens in directory names instead of underscores
  * nspawn: Don't clear idmapping if we're not doing an idmapped mount
  * meson: Fix missing test dependencies
  * mkosi: Disable systemd-timesyncd by default
  * vmspawn: Pass credentials via files
  * fork-journal: Don't log if process is already gone in journal_terminate()
  * fork-journal: Generalize to fork-notify
  * vmspawn: Run auxiliary daemons inside scope instead of separate service
  * nspawn: Prepare --bind-user= logic for reuse in systemd-vmspawn
  * nspawn: Generalize parse_bind_user_shell()
  * vmspawn: Drop unused arg_settings_mask
  * docs: Add policy on AI generated code to contributing doc
  * nspawn: Drop CAP_NET_BIND_SERVICE if in userns with identity mapping
  * machine-bind-user: Use machine in log messages instead of container
  * machine-bind-user: Make home mount directory configurable
  * vmspawn: Add --bind-user= and --bind-user-shell=

  [ theSillywhat ]
  * Missing policies for polkit as mentioned in freedesktop.org/software/systemd/man

  [ Ryan Brue ]
  * doc: document /run/host/root/ as an optional bind mount for the host fs
  * man: Clarify usage of /usr/share/factory/ in programs

  [ Daniel Foster ]
  * socket-activate: validate more argument combinations earlier in runtime
  * socket-activate: add --now option
  * test: add simple tests for systemd-socket-activate tool
  * tree-wide: extend $LISTEN_FDS protocol with $LISTEN_PIDFDID

  [ Septatrix ]
  * man: clarify wording regarding MONITOR_* envs
  * Add .venv to gitignore
  * Remove dns0.eu from default DNS servers

  [ Hans de Goede ]
  * hwdb: Add accelerometer orientation quirk for the PoV TAB-P1006W-232-3G
  * hwdb: Add key-mapping for GPIO-keys on HP stream 7 tablet (#11631)
  * hwdb: Add accelerometer orientation quirk for the Medion Akoya E2212T
  * hwdb: Add generic key mapping for Logitech 27 MHz keyboards
  * hwdb: Add key mappings for Logitech 27 MHz "Cordless Access Keyboard"
  * hwdb: Add key mappings for Logitech 27 MHz "Cordless Rechargeable Desktop" keyboard
  * hwdb: Add key mappings for Logitech 27 MHz MX3000 keyboard
  * hwdb: Add key mappings for Logitech 27 MHz MX3200 keyboard
  * hwdb: Add key mappings for Logitech 27 MHz EX100 keyboard
  * hwdb: Add key mappings for Logitech 27 MHz S520 keyboard
  * hwdb: Add key mappings for Logitech MX5000 keyboard
  * hwdb: Add key mappings for Logitech MX5500 keyboard
  * hwdb: Fix F12 mapping on the Logitech Internet Navigator
  * hwdb: Update generic Logitech 27 MHz keyboard key mappings
  * hwdb: Add key mappings for Logitech S510 keyboard and remote control
  * hwdb: add sensor location for HP ProBook4535s
  * hwdb: Add accel location quirk for the GPD win
  * hwdb: Add accel. mount matrix and location for the Trekstor Primebook C11B
  * hwdb: Add HP laptop accelerometer location quirk
  * hwdb: Mark lis3lv02d sensors in HP laptops as being in the base
  * hwdb: Update Primebook C11B sensor entry to also work with older BIOS versions
  * hwdb: Add Medion Akoya E2215T MD60198 sensor orientation quirk
  * hwdb: Add accel orientation quirk for Wortmann Terra Pad 1061
  * hwdb: Sort 60-sensor.hwdb Teclast entries alphabetically
  * hwdb: Add accel orientation quirk for Teclast X89 tablet
  * hwdb: Add accel orientation quirk for Thundersoft TST168 tablet
  * hwdb: Add LCD menu key mappings for the Logitech MX5000 and MX5500 keyboards
  * hwdb: Add Medion Akoya E1239T MD60568 to 60-sensor.hwdb
  * hwdb: Add accel orientation quirk for MPMAN MPWIN895CL tablet
  * hwdb: Fix accel orientation quirk for Medion Akoya E2215T MD60198
  * hwdb: Add accel orientation quirk for Toshiba Encore WT10A tablet
  * hwdb: Add accel orientation quirk for Trekstor Surftab Twin 10.1 ST10432-8
  * logind: Fix org.freedesktop.login1.set-reboot-to-boot-loader-menu saving to the wrong file in the non EFI case
  * Add Lenovo USB touchscreens to 60-autosuspend.hwdb
  * hwdb: Add accel orientation quirk for MPMAN Converter 9 2-in-1
  * hwdb: Add accel orientation quirk for Predia Basic tablet
  * hwdb: 60-keyboard: Add Fn key mapping for Logitech wireless keyboards
  * hwdb: 60-keyboard: Add Logitech Dinovo Edge special key key-mappings
  * hwdb: 60-keyboard: Update Logitech MX5000 key mappings
  * hwdb: Document how to properly set the mount-matrix for the base-accelerometer in 360 degree hinges style 2-in-1s with 2 accelerometers
  * hwdb: Add base accelerometer orientation quirk for base sensor of Medion Akoya E* series
  * hwdb: Fix accel orientation quirk Z-axis for Lenovo ThinkPad Yoga 11e 3th gen
  * hwdb: Add accel orientation quirk for Lenovo ThinkPad Yoga 11e 4th gen
  * hwdb: Add accel orientation quirk for Voyo Winpad A15 tablet
  * hwdb: Add accel orientation quirk for Acer Aspire Switch 10 SW3-016 2-in-1
  * hwdb: Add accel orientation quirk for the Estar Beauty HD tablet
  * hwdb: Add accel orientation quirk for the Jumper Ezpad 7 tablet
  * hwdb: Add accel orientation quirk for the Trekstor Surftab Wintron 10.1 ST10432-3 tablet
  * 60-autosuspend.hwdb: Add Sierra Wireless EM7345-LTE modem to autosuspend list
  * hwdb: Add accel orientation quirk for the Teclast Tbook 11 tablet
  * hwdb: Add accel orientation quirk for the Glavey TM800A550L tablet
  * hwdb: Add accel orientation quirk for the Toshiba WT8-B tablet
  * hwdb: Add accel orientation quirk for the KD Kurio Smart C15200 tablet
  * hwdb: Add accel orientation quirk for the Lenovo Yoga 300-11IBR 2-in-1
  * hwdb: keyboard: Ignore duplicate atkbd keypresses on touchpad on/off toggle
  * hwdb: Add accel orientation quirk for the Chuwi Hi13 (CWI534) with BMA250 sensor
  * hwdb: Add accel orientation quirk for the Chuwi Hi10 Plus (CWI527)
  * hwdb: Add accel orientation quirk for the Cyberbook T116 tablet
  * hwdb: sensors: Fix some modalias matches no longer working with newer kernels
  * hwdb: 60-keyboard: Fix volume-button mapping on Asus TF103C
  * hwdb: 60-keyboard: Add Acer Aspire One AO532h keymappings
  * hwdb: Fix Acer Aspire One AOD270/Packard Bell Dot keymappings
  * hwdb: Add accel orientation quirk for the Acer Switch V 10 SW5-017 2-in-1
  * hwdb: Add mic-mute, control-center and screen-rotation mappings for MSI laptops
  * hwdb: Move MSI touchpad-toggle mapping to generic MSI section
  * hwdb: add accelerometer mount matrix for Lenovo Yoga Tablet 2 851F/L
  * hwdb: Add mapping for ACPI quickstart keys on Toshiba Z830
  * hwdb: Add mapping for Xiaomi Mipad 2 bottom bezel capacitive buttons
  * rules: Add uaccess tag to /dev/udmabuf
  * hwdb: Add V64x_V65xAU to list of Clevo models where scancode f7+f8 get mapped to touchpad-toggle

  [ nkraetzschmar ]
  * boot: add reboot-on-error config option
  * loop-util: mirror discard limits from backing device

  [ Thomas Mühlbacher ]
  * man: Don't leak memory in path-documents example
  * stub: check load options a little more carefully

  [ Nick Labich ]
  * vmspawn: fix --extra-drive= option
  * repart: mkfs.btrfs --subvol option format change
  * repart: Allow devices as sources for --copy-from
  * sysext: Include index=off in overlay mount options
  * vmspawn: Use host_device driver for --extra-drive block devices
  * nspawn: Add --bind-user-shell= to control shells for --bind-user
  * sysupdate: Prevent unnecessary failure when a transfer Path is not present
  * vmspawn: Use virtio-blk-pci for extra drives
  * sysext: Configure overlayfs mount options via envvar

  [ Peter Hutterer ]
  * sd-hwdb: fix matching for characters with an ord > 127
  * hwdb.d: actually install the 60-input-id.hwdb
  * udev-builtin-input_id: any i2c mouse is a pointing stick
  * rules.d: import the keyboard builtin instead of running it
  * hwdb: remove support for MOUSE_WHEEL_TILT_*
  * udev: if a tablet has BTN_0, label it as ID_INPUT_TABLET_PAD
  * hwdb: check for the right set of MOUSE_WHEEL_CLICK_ properties
  * shell-completion: use base.lst, not xorg.lst
  * tmpfiles.d: remove .Test-unix, it's obsolete
  * hwdb: remove the tablet pad entry for the UC-Logic 1060N
  * udev-builtin-input_id: don't label absolute mice as pointing sticks
  * udev-builtin-input_id: use heuristics to detect joysticks
  * analyze: handle CAP_BPF support
  * login: switch an if condition to a switch statement
  * logind: if EVIOCREVOKE fails, don't try it again
  * logind: warn about EVIOCREVOKE errors other than EINVAL too
  * logind: add support for hidraw devices
  * rules: extend 60-input-id.rules to allow for bus/vid/pid/name matches
  * hwdb: don't tag a named Mouse device as pointingstick

  [ Marien Zwart ]
  * docs: fix conversion / calculation errors

  [ Govind Venugopal ]
  * Feature/homectl recovery key update (#38702)
  * network: add DHCP server domain name option support (#39260)
  * varlink: omit empty parameters field in JSON messages (#38922)

  [ huyubiao ]
  * systemd-hwdb: fix unsigned and signed comparison problem
  * udevadm: exiting udevadm monitor normally under SIGTERM or SIGINT
  * fix: The example2 in hwdb.xml is unreasonable
  * core: delete redundant log_parse_environment()

  [ Miroslav Lichvar ]
  * time-util: improve detection of synchronized clock
  * udev: set clock group for PTP and RTC devices
  * udev: create symlinks for s390 PTP devices

  [ Lukas Nykryn ]
  * docs: update information where to file bugs against RHEL/CentOS versions of systemd
  * udev: add new builtin net_driver
  * udev: allow/denylist for reading sysfs attributes when composing a NIC name
  * systemd-run: add unit and invocation_id JSON output
  * man: using WantedBy=default.target is not a good idea
  * core: warn if a generator is world-writable
  * man: encourage the creation of empty machine-id instead of deleting it
  * man: encourage the creation of empty machine-id instead of deleting it
  * timer: don't run service immediately after restart of a timer
  * timer: don't run service immediately after restart of a timer

  [ Kai Wohlfahrt ]
  * Respect install_sysconfdir
  * Fix path in docs for local pcrlock.d directory
  * Fix path in docs for local pcrlock.d directory

  [ n0099 ]
  * nspawn: correct the option name `--private-users-ownership=` when it's not expected value
  * nspawn: correct the option name `--private-users-ownership=` when it's not expected value

  [ Felix Pehla ]
  * systemd-boot: don't always log NX_COMPAT info
  * man: loader.conf(5): document auto-reboot/auto-poweroff
  * sd-boot: efi-log: use log levels internally
  * sd-boot: allow setting the maximum log level
  * sd-boot: allow setting the log level through SMBIOS 11
  * sd-boot: allow setting the log level through loader.conf
  * sd-boot: fix indentation of status output
  * shared/bootspec: parse 'uki' boot entry option
  * shared/bootspec: parse 'profile' boot entry option
  * shared/bootspec: parse loader.conf options added in v258
  * shared/bootspec: update valid loader.conf options
  * shared/bootspec: parse 'uki' boot entry option
  * shared/bootspec: parse loader.conf options added in v258

  [ Duy Nguyen Van ]
  * Fix build fail when add option "-fstack-protector-all"

  [ Daniel Brackenbury ]
  * Add Nulea M501 trackball to hwdb
  * add comment to 70-mouse.hwdb regarding generic name for Nulea M501 USB dongle
  * remove extra space from new hwdb.d/70-mouse.hwdb entries to fix failing test
  * remove Nulea M501 usb entry from hwdb

  [ Christian Hesse ]
  * NEWS fix boolean value for meson options
  * shared/ask-password-api: do not show hint on echo
  * home: fix homed.conf install location
  * oom: fix oomd.conf install location
  * man: rate limited services can be restartet from timer or socket
  * units: make locale directory writable for systemd-localed
  * man: fix tag type
  * ask-password: allow to control lock and key emoji
  * ask-password: use FLAGS_SET()
  * shared/utmp-wtmp: fix build without utmp
  * systemctl: color ignored exit status in yellow, not red
  * man/systemd.unit: document restart behavior on Upholds=
  * shell-completion/zsh/systemctl: add soft-reboot
  * shell-completion/zsh/systemctl: add whoami
  * shell-completion/zsh/resolvectl: add show-cache
  * test-proc-cmdline: run tests only with efi
  * fix typo in NEWS
  * NEWS: drop duplicate 'of'
  * systemctl: distinguish reload and reexec
  * link README.logs from tmpfiles.d/legacy.conf only if available
  * man: mention special functionality for reload-or-restart with --marked (#37076)
  * man: mention special functionality for reload-or-restart with --marked (#37076)
  * man: clean up list of literals
  * bpf-dlopen: degrade log_level to LOG_DEBUG in initrd
  * man/loader.conf: specify that default entry is id...
  * man/systemd-notify: add a note on return value
  * measure: silence warning on TCG protocol

  [ Aleksandr Mezin ]
  * nspawn: don't try to connect to D-Bus when it's not necessary (#39045)
  * nspawn: don't try to connect to D-Bus when it's not necessary (#39045)

  [ Taylan Kammer ]
  * man/systemd.service: Improve OOMPolicy documentation (#39212)

  [ Guido Günther ]
  * hwdb: 60-sensor.hwdb: Add proximity sensor udev property (#14845)
  * NEWS: Document new uaccess udev rule priority requirement
  * NEWS: Document new uaccess udev rule priority requirement

  [ jsks ]
  * mam: add sd_bus_track_handler_t signature to manpage (#39204)
  * mam: add sd_bus_track_handler_t signature to manpage (#39204)

  [ Pascal Bachor ]
  * sysext: support --mutable=help
  * bash-completion: update systemd-sysext, systemd-confext
  * bash-completion: update systemd-sysext, systemd-confext

  [ Le_Futuriste ]
  * docs(boot): fix typo in code block
  * docs(boot): fix typo in code block

  [ Sebastian Gross ]
  * hostnamectl: respect SYSTEMD_COLORS
  * network-generator: ip: do not fail on ntp value
  * network-generator: ip: do not fail on ntp value

  [ Mantas Mikulėnas ]
  * udevadm info: "-a" should enumerate sysfs attributes, not envs (#11642)
  * README: point at IRC channel on the new network
  * run: add environment variable to prevent the setting of terminal title
  * nspawn, vmspawn: honor the new window title switch
  * run: move condition inside set_window_title()
  * ssh-generator: silence "Binding to socket" messages
  * resolve: undo change to return code of next_search_domain() (#39119)
  * resolve: undo change to return code of next_search_domain() (#39119)

  [ Joshua Krusell ]
  * Fix sd_bus_can_send signature in manpage
  * Fix sd_bus_can_send signature in manpage

  [ Andreas Schneider ]
  * docs: Add an examples for command line access
  * docs: Add an examples for command line access
  * docs/user_record: Put timeZone and resourceLimits in their own paragraph
  * man: Update systemd-userdbd.service about .group extension
  * man: Point to the nss-systemd manpage for more details.
  * man: Point to the nss-systemd manpage for more details.

  [ Tobias Heider ]
  * chid: don't hardcode magic numbers for non-official CHIDs
  * stub: fix file path handling for loaded kernel
  * stub: fix file path handling for loaded kernel

  [ Danilo Spinella ]
  * boot: Strip boot counter from entry id
  * boot: Strip boot counter from entry id

  [ Justin Kromlinger ]
  * Drop `machine-id` OSC event field if /etc/machine-id doesn't exist

  [ helpvisa ]
  * remove bonus line

  [ Oğuz Ersen ]
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * Translated using Weblate (Turkish)
  * po: Translated using Weblate (Turkish)
  * po: Translated using Weblate (Turkish)
  * po: Translated using Weblate (Turkish)
  * po: Translated using Weblate (Turkish)
  * po: Translated using Weblate (Turkish)
  * po: Translated using Weblate (Turkish)
  * po: Translated using Weblate (Turkish)
  * po: Translated using Weblate (Turkish)
  * po: Translated using Weblate (Turkish)
  * po: Translated using Weblate (Turkish)

  [ Lucas Adriano Salles ]
  * Fix Positivo N14EP6 key toggle touchpad and programmable keys (#29448)
  * hwdb: fix key toggle touchpad and programmable buttom for Positivo V142N (#34725)
  * hwdb: fix key toggle touchpad for VAIO VJFH52 (#35645)
  * hwdb: fix calibrate rotation sensor for Positivo K116J (#39189)

  [ kanitha chim ]
  * po: Translated using Weblate (Khmer (Central))
  * po: Translated using Weblate (Khmer (Central))
  * po: Translated using Weblate (Khmer (Central))
  * po: Translated using Weblate (Khmer (Central))
  * po: Translated using Weblate (Khmer (Central))

  [ Xarblu ]
  * shared: add missing alloc-util.h include

  [ Osama Abdelkader ]
  * man: add missing description for udev_enumerate_new functions

  [ Itxaka ]
  * boot: add an option to control action after SecureBoot enrollment (#36684)
  * Parse a new profile key in Type 1 boot entries

  [ dramforever ]
  * udev-builtin-net_id: Refactor names_devicetree() to avoid hardcoding
  * udev-builtin-net_id: Add DeviceTree-based names for WLAN devices

  [ Igor Opaniuk ]
  * sd-boot: add support for a sysfail entry
  * bootctl: configure a sysfail entry
  * sd-boot: use sysfail entry for UEFI firmware update failure
  * man: fix systemd-boot-clear-sysfail description
  * units: fix systemd-boot-clear-sysfail description
  * man: run update-man-rules
  * boot: add support for overriding key enrollement timeout

  [ Markus Boehme ]
  * pkgconf: expose variables for system-alloc-{uid,gid}-min

  [ 雪叶 ]
  * zsh-completion: add completion for `freeze`, `thaw`, `condstop`

  [ anthisfan ]
  * systemd-path: return accumulated error instead of last result
  * sd-device: use RET_GATHER() in device_tag_index() (#39053)

  [ ners ]
  * localectl: use XKB path specified from environment variable

  [ nl6720 ]
  * docs: update old documentation links
  * sysusers: use "!*" instead of "!!" as an invalid group password
  * kbd-model-map: add Latvian keyboard layout mapping
  * docs: improve wording when mentioning the acronym "ESP"
  * user-record: switch the default LUKS PBKDF to argon2id to match cryptsetup
  * tree-wide: link to docs.kernel.org for kernel documentation
  * tree-wide: link to docs.kernel.org for kernel documentation
  * docs/DEBUGGING.md: use an underscore in the kernel command line option
  * dissect-image: mount the ESP with fmask=0177 (#35871)
  * man: replace "-" with "none" in cryptsetup commands and crypttab
  * systemd-boot-update.service: replace --no-variables with --variables=no
  * zsh: replace bootctl --no-variables with --variables=

  [ Franck Bui ]
  * vconsole-setup: fonts copy will fail if the current terminal is in graphical mode
  * Revert "logind: become the controlling terminal process before restoring VT"
  * units: make sure initrd-cleanup.service terminates before switching to rootfs
  * namespace: make MountFlags=shared work again
  * udev: restore debug level when logging a failure in the external prog called by IMPORT{program}
  * process-util: introduce pid_is_my_child() helper
  * core: reduce the number of stalled PIDs from the watched processes list when possible
  * core: only watch processes when it's really necessary
  * scope: tiny cleanup: UNIT(s) -> u
  * meson: add libseccomp as a nspawn dep (#12067)
  * tmpfiles: split tmp.conf out
  * udevd: notify when max number value of children is reached only once per batch of events
  * sd-bus: bump message queue size again
  * meson: make source files including nspawn-settings.h depend on libseccomp
  * udevd: change the default value of udev.children-max (again)
  * fs-util: no need for fchmod_and_chown() to access /proc/self/fd directly
  * namespace-util: make use of TAKE_FD()
  * nspawn: use correct error variable when logging errors returned by send_one_fd()
  * nspawn: allocate the pty used for /dev/console within the container
  * terminal-util: introduce openpt_allocate()
  * nspawn: make use of openpt_allocate()
  * coredump: make use of STRINGIFY
  * coredump: fix one memleak in backtrace mode
  * coredump: rely on /proc exclusively to get the name of the crashing process
  * coredump: rename set_iovec_field_free() into set_iovec_string_field_free()
  * coredump: gather_pid_metadata() doesn't return 1 anymore
  * coredump: fix the check on the number of passed args in backtrace mode
  * coredump: slighlty simplify stack trace generation logic
  * coredump: drop 2 useless assertions
  * journal-import: extract helpers for handling arrays of iovec and make them available for others
  * io-util: introduce iovw_put_string_field() helper
  * coredump: make use of the iovec-array helpers
  * coredump: use 'input_fd' name for the pipe fd passed by the kernel everywhere
  * coredump: gather all process metadata in iovecs first and then cache them
  * coredump: (void)ify all calls of iovw_put_string_field() where we ignore failure on purpose
  * pid1: make sure to restore correct default values for some rlimits
  * core: restore initialization of u->source_mtime
  * tty-ask-pwd-agent: fix message forwarded to wall(1)
  * tty-ask-pwd-agent: simplify handling of --wall a bit
  * man: alias names can't be used with enable command
  * shared/install: fix error codes returned by install_context_apply()
  * shared/install: failing with -ELOOP can be due to the use of an alias in install_error()
  * pid1: fix DefaultTasksMax initialization
  * pid1: restore the original environment passed by the kernel when switching to a new system manager
  * tty-ask-pwd-agent: rename watch_passwords() and show_passwords()
  * fs-util: introduce inotify_add_watch_and_warn() helper
  * tty-ask-pwd-agent: minor simplification by using FOREACH_DIRENT instead of FOREACH_DIRENT_ALL
  * tty-ask-pwd-agent: give the possiblity to skip a password prompt
  * tty-ask-pwd-agent: treat SIGINT as a request to exit immediately
  * tty-ask-pwd-agent: share the same init code for --query and --watch
  * tty-ask-pwd-agent: add a FIXME
  * tty-ask-pwd-agent: small cleanup in process_one_password_file()
  * tty-ask-pwd-agent: move ask_password_plymouth() in ask-password-api.c
  * logind: make session_prepare_vt() static
  * fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs
  * swap: do not make swap units wanted by its device unit anymore
  * core: drop 'wants' parameter from unit_add_node_dependency()
  * logind: fix (again) the race that might happen when logind restores VT
  * crypsetup: introduce x-initrd.attach option
  * cryptsetup: umount encrypted devices before detaching it during shutdown
  * core: explicit mention of unit ID is redundant with log_unit_*()
  * shared/install: try harder to find enablement symlinks when disabling a unit
  * shared/install: drop an unused variable in config_parse_also()
  * udev: assume that the recv buffer size of the netlink socket is already configured when the socket is passed in
  * logind: log a more accurate error when we failed at session creation
  * systemd-network-generator.service: network-pre.target is a passive target unit
  * device: drop refuse_after
  * fstab-util: introduce fstab_is_extrinsic()
  * generator: don't generate device dependencies for extrinsic mounts
  * mount: mount unit activated by automount unit should be only ordered against the automount unit
  * pid1: by default make user units inherit their umask from the user manager
  * mount: let pid1 alone handle the default dependencies for mount units
  * automount: fix handling of default dependencies for automount units
  * mount: introduce mount_add_default_ordering_dependencies()
  * mount: default startup dependencies and default network ones are orthogonal
  * mount: introduce mount_is_nofail() helper
  * pid1: update manager settings on reload too
  * pid1: fold load_configuration() into main()
  * pid1: make manager_flip_auto_status() static
  * pid1: make manager_vacuum_{uid,gid}_refs() static
  * pid1: make manager_serialize_{uid,gid}_refs() static
  * pid1: make manager_deserialize_{uid,gid}_refs() static
  * pid1: make more use of show_status_on()
  * pid1: rename manager_get_show_status() to manager_should_show_status()
  * pid1: rework handling of m->show_status
  * pid1: introduce an helper to handle the show-status marker
  * pid1: add a new SetShowStatus() bus call to override/restore show status mode
  * pid1: rename manager_set_{show_status,watchdog}_overridden() into manager_override_(show_status,watchdog}
  * fstab-generator: extra dependencies specified in fstab should be applied to the mount unit
  * fstab-generator: introduce an helper to write extra dependencies specified via the mount options
  * vconsole-setup: downgrade log message when setting font fails on dummy console
  * log: don't explicitly re-open log for failed assertions
  * logind.conf: document UserStopDelaySec in logind.conf
  * fstab-generator: add 'nofail' when  NFS 'bg' option is used
  * udev: rename kernel option 'log_priority' into 'log_level'
  * udevadm: rename option '--log-priority' into '--log-level'
  * Merge pull request #17214 from poettering/log-generator-fix
  * Revert "units: skip modprobe@.service if the unit appears to be already loaded"
  * units: wait until some fs modules are entirely loaded before mounting their corresponding filesystem
  * core: serialize u->pids until the processes have been moved to the scope cgroup
  * units: restore sysfs conditions in sys-fs-fuse-connections.mount and sys-kernel-config.mount
  * units: document why CAP_SYS_PTRACE is needed by journald
  * scope: on unified, make sure to unwatch all PIDs once they've been moved to the cgroup scope
  * udev: link_update() should fail if the entry in symlink dir couldn't have been created
  * journal: send journald logs to kmsg again
  * sysusers: flush nscd's caches whenever /etc/{passwd,group} are modified
  * meson.build: make xinitrcdir configurable
  * system-conf: drop reference to ShutdownWatchdogUsec=
  * kbd-model-map: add mapping 'es-dvorak'
  * pid1: only add a Wants= type dependency on /tmp when PrivateTmp=yes
  * Merge pull request #20039 from yuwata/sd-device-get-sysattr-value-embedded-nul
  * login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set
  * login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set
  * login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag
  * login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag
  * logind: action* parameters can't be NULL in verify_shutdown_creds()
  * manager: reexecute on SIGRTMIN+25, user instances only
  * test: add support for NO_BUILD=1 on openSUSE
  * test: don't try to find BUILD_DIR when NO_BUILD is set
  * TEST-13-*: in busybox container sleep(1) takes a delay in seconds only
  * test: on openSUSE the static linked version of busybox is named "busybox-static"
  * Revert "test: adapt TEST-13-NSPAWN-SMOKE for SUSE"
  * test: adapt install_pam() for openSUSE
  * test: if haveged is part of initrd it needs to be installed in the image too
  * test: make sure to include all haveged unit files
  * main: use timestamp_is_set() in become_shutdown()
  * core: watchdog_runtimeout_wait() already returns USEC_INFINITY when the watchdog is disabled or closed
  * watchdog: make watchdog_ping() a NOP when the watchdog is disabled or closed
  * core: call watchdog_ping() unconditionally
  * core: watchdog_set_timeout() doesn't need to return the timeout value used by the HW
  * watchdog: update watchdog_timeout with the closest timeout found by the driver
  * watchdog: no need to ping the device twice in watchdog_ping() if the device has just been opened
  * watchdog: minor simplification of watchdog_runtime_wait()
  * watchdog: rename watchdog_set_timeout() into watchdog_setup()
  * watchdog: constify watchdog_set_device() parameter
  * shutdown: introduce init_watchdog()
  * watchdog: use MIN() in update_timeout()
  * journalctl: never fail at flushing when the flushed flag is set
  * test: make the installation of the debug tools optional in the image
  * test: wc is needed by test/units/testsuite-50.sh
  * mount-util: fix fd_is_mount_point() when both the parent and directory are network fs
  * watchdog: cleanup: create an helper for each ioctl
  * watchdog: minor optimization in watchdog_setup()
  * watchdog: configuring a timeout value might not be supported by the HW
  * watchdog: pass USEC_INFINITY to watchdog_setup() to reuse the programmed timeout value
  * watchdog: passing 0 to watchdog_setup now closes the watchdog
  * watchdog: update the documentation
  * core: introduce systemd.watchdog_sec=<sec> option
  * watchdog: handle timeout programming errors more safely
  * watchdog: rename special string "infinity" taken by the watchdog timeout options to "default"
  * test-keymap-util: always use kbd-model-map we ship
  * TEST-08: don't force ext4 for /
  * TEST-12: make sure 'adm' group exist
  * Bump the max number of inodes for /dev to 128k
  * journal: don't remove the flushed flag when journald is stopped
  * TEST-10: don't attempt to write a byte to the socket
  * watchdog: shorten watchdog_set_device()
  * core: make use of VALID_CHARS_WITH_AT in unit_name_is_valid()
  * udev/net_id: show the correct identifier in the debug output of dev_pci_onboard()
  * core: really skip automatic restart when a JOB_STOP job is pending
  * copy: fix wrong argument passed to S_ISREG() in copy_file_fd_full()
  * journal: preserve acls when rotating user journals with NOCOW attribute set
  * copy: use FLAGS_SET() in copy_xattr()
  * build: include status of TPM2 in the feature string show by --version
  * meson: build kernel-install man page when necessary
  * journald: make sure journal_file_open() doesn't leave a corrupted file around after failing
  * journald: make use of CLAMP() in cache_space_refresh()
  * tmpfiles.d: only 'w+' can have multiple lines for the same path
  * test tmpfiles: add a test for 'w+'
  * test: add test checking tmpfiles conf file precedence
  * test: adapt install_pam() for openSUSE
  * tmpfiles: constify item_compatible() parameters
  * test: enable virtio-rng device for QEMU guests
  * logind: don't delay login for root even if systemd-user-sessions.service is not activated yet
  * core: introduce MANAGER_IS_SWITCHING_ROOT() helper function
  * core: replace m->honor_device_enumeration with MANAGER_IS_SWITCHING_ROOT()
  * Drop the limit on number of inodes for /dev
  * core: allow disabling system time correction if rtc returns time far in the future
  * Merge pull request #24831 from poettering/dbus-dump-doc
  * mount: always use UNIT_DEPENDENCY_FILE in mount_add_quota_dependencies()
  * mount: drop UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT and UNIT_DEPENDENCY_MOUNTINFO_DEFAULT
  * mount: replace UNIT_DEPENDENCY_MOUNTINFO_OR_FILE with UNIT_DEPENDENCY_MOUNTINFO/UNIT_DEPENDENCY_MOUNT_FILE
  * analyze: extend the dump command to accept patterns
  * random-seed: shorten a bit may_credit()
  * random-seed: make one more use of random_write_entropy()
  * random-seed: use getopt()
  * random-seed: make the logic to calculate the number of bytes read from the random seed file clearer
  * random-seed: no need to pass 'mode' argument when opening /dev/urandom
  * random-seed: split out run()
  * random_seed: minor improvement in run()
  * random-seed: downgrade some messages
  * random-seed: clarify one comment
  * tests: make test-execute pass on openSUSE
  * tests: minor simplification in test-execute
  * random-seed: make sure to load machine id even if the seed file is missing
  * tests: install systemd-resolved on openSUSE
  * tests: install dmi-sysfs module on openSUSE
  * tests: update install_suse_systemd()
  * meson: install test-kernel-install only when -Dkernel-install=true
  * test: fix the default timeout values described in README.testsuite
  * test: update TEST-73-LOCALE to define several locale settings in initial PID1 environment
  * localed: reload PID1 configuration after modifying /etc/locale.conf
  * journal: give the ability to enable/disable systemd-journald-audit.socket
  * udev: merge link_directory_lock() into link_directory_open()
  * udev: let stack_directory_open() convert a slink into a dirname itself
  * udev: return ENODEV if link_directory_read_one() can't find the devnode
  * udev: simplify a bit stack_directory_find_prioritized_devnode()
  * journald: rename vacuum_offline_user_journals()
  * journald: introduce journal_file_parse_uid_from_filename() helper
  * journald: split find_journal() up
  * udev: support '-=' operator for SYMLINK
  * conf: replace config_parse_many_nulstr() with config_parse_config_file()
  * tests: fix inverted condition in testsuite-58.sh
  * tests: don't use absolute paths when installing binaries in TEST-58-REPART
  * test: assume run-unit-tests.py and unit tests are installed in the same directory
  * test: install unit tests in a dedicated subdirectory below '$testsdir'
  * meson: define testdata_dir globally
  * meson: make sure the unit test scripts find testdata/ even if they are not installed in the same directory
  * test: on openSUSE install the collection of unit test binaries in the target only for TEST-02-UNITTESTS
  * test: install symlinks with valid targets on SUSE and Debian
  * test: $STATEDIR should not point to /usr/lib/systemd/tests when NO_BUILD=1
  * test: clean up $STATEDIR too
  * test: don't export $TOOLS_DIR
  * test: drop extraneous bracket in testsuite-74.mount.sh
  * test: fix regexp in testsuite-74.mount.sh
  * test: use kbd-mode-map we ship in TEST-73-LOCALE
  * localed-util: make use of strdupcspn()
  * locale: convert generated vconsole keymap to x11 layout automatically
  * locale: when no xvariant match select the entry with an empty xvariant
  * test: dont use anchor char '$' to match a part of a string
  * rpm: fix lua trigger priority for sysusers
  * sleep: don't init /sys/power/resume if 'resume=' option is missing and EFI is disabled
  * test: console fonts are located in /usr/share on openSUSE
  * test: install systemd-homed for openSUSE
  * test: testsuite-35.sh needs manual/test-session-properties to be installed on SUSE
  * test-mountpoint-util: /root might be mounted
  * config files: more recommendations of `systemd-analyze cat-config`
  * Reflect the fact that main config files can be installed in /usr
  * config files: update their header to reflect that they can be installed in /usr
  * man/standard-conf: directory paths should end with '/'
  * meson: add build option for install path of main config files
  * test: install af_packet kernel module on openSUSE
  * vconsole-setup: use a consistent log level when setfont fails with EX_OSERR
  * vconsole-setup: handle the case where the vc is in KD_GRAPHICS mode more gracefully
  * vconsole-setup: remember the correct error value when open_terminal() fails
  * rules: set up tty permissions and group for /dev/hvc* nodes
  * loop-util: drop unused .uevent_seqnum_not_before and .timestamp_not_before fields
  * meson: fix installation of html doc aliases
  * man: always install bootctl
  * test: systemd-update-utmp is optional
  * test-69: send SIGTERM to ask systemd-nspawn to properly stop the container
  * gpt-auto-generator: be more defensive when checking the presence of ESP in fstab
  * NEWS: gpt-auto-generator will become more defensive with ESP and XBOOTLDR
  * test/test-shutdown.py: optionally display the test I/Os in a dedicated log file
  * test: install systemd-boot in openSUSE test images
  * test: make sure that sd-boot is installed before testing bootctl
  * test: make sure to install the filesystem package in the test image on SUSE
  * vconsole-setup: don't fail if the only found vc is already used by plymouth
  * meson: don't put a symlink pointing to '20-systemd-ssh-proxy.conf' in /etc in all cases
  * meson: don't put a symlink pointing to '20-systemd-userdb.conf' in /etc in all cases
  * test: install /etc/hosts
  * test: fix TEST-24-CRYPTSETUP on SUSE
  * test: preserve symlink in inst_recursive()
  * test: fix TEST-74-AUX-UTILS.ssh.sh on SUSE
  * core: when switching root remove /run/systemd before executing the binary specified by init=
  * efi-loader: add missing stub for efi_stub_get_device_part_uuid()
  * test: install integration-test-setup.sh in testdata/
  * getty-generator: don't use "3270!tty1" when instantiating serial-getty@.service on s390x
  * getty-generator: don't use "3270!tty1" when instantiating serial-getty@.service on s390x
  * mkosi: include ip in the main image
  * units: don't force the loading of the loop and dm_mod modules in systemd-repart.service

  [ Alan Brady ]
  * nspawn: add NamespacePath support for nspawn files

  [ AsciiWolf ]
  * polkit: fix typo
  * l10n: update Czech Translation
  * l10n: update Czech Translation
  * l10n: update Czech Translation
  * l10n: update Czech Translation
  * l10n: update Czech Translation
  * po: remove basic fedora.zanata.org configuration
  * hwdb: add missing PLUTO SDR vendor name
  * hwdb: add Ettus Research SDR devices
  * hwdb: add RTL-SDR devices
  * hwdb: add 70-maker-tools.hwdb to meson.build
  * hwdb: fix typo in 70-maker-tools.hwdb
  * hwdb: sort SDR devices by vendor name
  * hwdb: add Airspy devices
  * hwdb: add more devices
  * hwdb: add MiriSDR MSi2500 devices
  * hwdb: add missing Ettus Research B200 rule
  * hwdb: add LimeSDR XTRX devices
  * hwdb: add HydraSDR RFOne
  * hwdb: add SDRplay devices

  [ Christopher Head ]
  * Add Razer Cobra mouse to hwdb
  * ukify: fix backend/option applicability docs

  [ DeKoile ]
  * Update 60-sensor.hwdb - Add support for Lenovo Legion Go

  [ Martin Homuth-Rosemann ]
  * Add Hantek DSO-6022 oscilloscopes and compatible devices

  [ Raura ]
  * Remove mention of inactive Tanglu distro from systemd-nspawn man page (#38873)

  [ Piotr Drąg ]
  * po: update Polish translation
  * po: update Polish translation
  * catalog: update Polish translation
  * po: update Polish translation
  * catalog: update Polish translation
  * po: update Polish translation
  * po: update Polish translation
  * po: update Polish translation
  * po: update Polish translation
  * po: update Polish translation
  * po: update Polish translation
  * po: add src/home/org.freedesktop.home1.policy to POTFILES.in
  * po: update Polish translation
  * po: update Polish translation
  * po: update Polish translation
  * catalog,po: update Polish translation
  * catalog: update Polish translation
  * catalog: update Polish translation
  * po: update Polish translation
  * po: add units/systemd-journald.service.in to POTFILES.skip
  * po: add false positives to POTFILES.skip
  * po: add a false positive to POTFILES.skip
  * catalog,po: update Polish translation
  * po: add a false positive to POTFILES.skip
  * po: add a false positive to POTFILES.skip
  * catalog,po: update Polish translation
  * catalog: update Polish translation
  * po: Translated using Weblate (Polish)
  * po: add a false positive to POTFILES.skip
  * po: add false positives to POTFILES.skip
  * po: Translated using Weblate (Polish)
  * catalog: update Polish translation
  * po: add pkg/debian to POTFILES.skip
  * po: Translated using Weblate (Polish)
  * po: add a false positive to POTFILES.skip
  * catalog: update Polish translation
  * po: Translated using Weblate (Polish)
  * po: Translated using Weblate (Polish)
  * po: Translated using Weblate (Polish)
  * po: Translated using Weblate (Polish)
  * catalog: update Polish translation
  * po: add false positives to POTFILES.skip
  * po: Translated using Weblate (Polish)
  * catalog: update Polish translation

  [ наб ]
  * networkctl: use uint64_t for link speed throughout
  * man/sd-makefs: also mention /sbin/mkswap
  * man/sd-makefs: link to btrfs.wiki.kernel.org for btrfs-man5, since the man-pages link is dead
  * debian/extra/kernel-install.d/85-initrd.install: Don't install initrd when an explicit path was passed
  * debian/extra/kernel-install.d/85-initrd.install: match initrd installation messages and uninstallation to 90-loaderentry.install
  * meson: don't fail if latest tag's commit is signed
  * bootctl: take --make-machine-id-directory=yes|no|auto and make/remove \$MACHINE_ID accordingly
  * man: we is OK too -> which is OK too (#19708)
  * kernel-install/90-loaderentry: use install(1) instead of cp/chown/chmod chains
  * kernel-install: don't erase previous errors if a hook returns 77
  * systemd-machine-id-setup(1): "machine[d] ID" typo
  * kernel-install: note that 90-loaderentry will also use /usr/lib/k/cmdline
  * kernel-install: note the default $PRETTY_NAME if os-release wasn't found and that only 90-loaderentry uses it
  * kernel-install: fix MACHINE_ID extraction behaviour description
  * kernel-install: respect $MACHINE_ID and ignore /etc/machine-id if on tmpfs
  * kernel-install: export $BOOT_ROOT and use it in downstreams
  * kernel-install: note $KERNEL_INSTALL_{MACHINE_ID,BOOT_ROOT}= ABI
  * journal: succes[s]fully typo
  * journalctl: have -f and -e imply no-value -b
  * Change all fixed-path bash shebangs to /u/b/env bash outside test/
  * man/sd-notify: /bin/bash -> /bin/sh, read -> read -r in example
  * man/sd-run: /bin/bash -> bash in -t example
  * kernel-install: replace 00-entry-directory with K_I_LAYOUT in k-i
  * kernel-install: 50-depmod: port to /bin/sh
  * kernel-install: 90-loaderentry: port to /bin/sh
  * kernel-install: fix shellcheck
  * kernel-install: port to /bin/sh
  * kernel-install: 90-loaderentry: error out on nonexistent initrds instead of swallowing them quietly
  * kernel-install: don't pull out KERNEL_IMAGE
  * Use new default-user-shell option instead of hard-coding bash in nspawn and user-record
  * Fix typos in user-util.c and dbus-unit.c
  * test-copy: use non-0 data block in copy_holes
  * kernel-install: 90-loaderentry: remove shopt
  * kernel-install: respect $TMPDIR
  * Don't not lint kernel-install
  * Don't ignore kernel-install for shellcheck
  * Fix which(1) in meson-build.sh
  * shellcheck-clean kernel-install again
  * kernel-install: actually ignore the last two arguments
  * kernel-install: don't log each initrd on its own line in verbose mode
  * debian/extra/kernel/postinst.d/systemd-boot: prefix with zz-
  * kernel-install/90-loaderentry: fix chown
  * kernel-install.8: fix -h/-v ordering in SYNOPSIS
  * debian/extra/kernel-install.d/85-initrd.install: install default initrd with versioned basename
  * debian/extra/kernel-install.d/85-initrd.install: explicitly ignore unknown verbs
  * debian/extra/kernel/postrm.d/systemd-boot: prefix with zz-
  * systemd-sysv.postinst: which -> command -v
  * systemctl: edit: write override files as text files
  * Add basic systemctl edit test
  * man: fix typo (#26655)
  * find-esp: don't silently error bootctl install if presumed XBOOTLDR part is stx_dev_major=0 but not btrfs
  * find-esp: fix XBOOTLDR stx_dev_major=0 and not btrfs fix
  * parse_timestamp: accept RFC3339-style timezone and %FT%R[:%S[.%N]]
  * systemd.time.7: rewrite Parsing Timestamps section
  * journalctl.1: move --truncate-newline to the options instead of the -o values list
  * journalctl -o short-iso[-precise]: timezone as +02:00 instead of +0200
  * show-logs: add assert and fix local variable type
  * sd_bus_message_read.1: fix x/t being [iu]32 instead of [iu]64

  [ Ricky Tigg ]
  * po: Translated using Weblate (Finnish)
  * po: Translated using Weblate (Finnish)
  * po: Translated using Weblate (Finnish)
  * po: Translated using Weblate (Finnish)

  [ Sergey A ]
  * po: Translated using Weblate (Russian)
  * po: Translated using Weblate (Russian)
  * po: Translated using Weblate (Russian)
  * po: Translated using Weblate (Russian)
  * po: Translated using Weblate (Russian)
  * po: Translated using Weblate (Russian)
  * po: Translated using Weblate (Russian)
  * po: Translated using Weblate (Russian)
  * po: Translated using Weblate (Russian)
  * po: Translated using Weblate (Russian)

  [ Jasmine Andrever-Wright ]
  * po: Added translation using Weblate (Cornish)

  [ Josh Triplett ]
  * Add install-sysconfdir=no-samples option for (non-)installation of sample configs
  * file-hierarchy: Document /sys/fs/cgroup
  * NEWS: Extend note on /run/lock to recommend locking devices directly

  [ Matthias Gerstner ]
  * homed: AddSigningKey: only feed data to OpenSSL _after_ Polkit auth

  [ Emanuele Giuseppe Esposito ]
  * ukify: typo in doc and print when package is missing
  * ukify: support pesign as alternative to sbsign
  * src/ukify/test/test_ukify: add pesign unit test
  * src/ukify/test/test_ukify: fix skipped tests
  * ukify: refactor signing code
  * ukify: add a verb to inspect the PE sections
  * ukify/test_ukify: test display verb
  * man/ukify: describe 'inspect'
  * systemd-stub: ignore EFI shell unauthenticated kernel command line if we are in confidential vms
  * ukify: automatically infer --signtool from the parameters given
  * ukify: override default option value with config file
  * bootspec: refactor find_sections
  * bootctl: discover local UKI PE addons
  * bootctl: discover and pring global UKI PE addons
  * bootctl: additional fixes for local/global UKI PE addons
  * sysext: introduce global config file
  * man/sysext.conf: add systemd-sysext config files
  * sysext: support ImagePolicy global config option
  * repart: use iovec structure for --key-file
  * repart: make --tpm2-pcrs also configurable in repart.d/*
  * repart: make --key-file also configurable in repart.d/*

  [ Kamil Páral ]
  * 70-mouse.hwdb: Add Razer Basilisk V3, Asus Cerberus, +2 more

  [ Jan Fooken ]
  * tmpfiles: don't relabel files in dry run mode

  [ Arian van Putten ]
  * Document that gpt-auto-generator supports decrypting rootfs
  * journalctl:  Make journalctl --user-unit= match on _SYSTEMD_USER_SLICE
  * Fix typo in sd_event_set_watchdog manpage (#13393)
  * Disable reading SystemdOptions EFI Var when in SecureBoot mode
  * cgtop: Display cpu time in microseonds with --raw
  * nspawn: make rootfs relative to oci bundle path
  * bootctl: Print version number of detected binaries
  * bootctl: also print efi files not owned by systemd in status
  * systemd.pc: Keep support for rootprefix and root_prefix (#30115)
  * docs/DAEMON_SOCKET_ACTIVATION
  * document how TimeoutStartSec=  affects notify-reload (#33653)
  * CONTROL_GROUP_INTERFACE: fix link to systemd-run code
  * vmspawn: don't use vmgenid on aarch64 as it's not supported
  * vmspawn: fix grow_image: Assertion `path' failed.
  * vmspawn: don't use vmgenid on aarch64 as it's not supported
  * vmspawn: do not preserve access permissions and xattrs of template OVMF vars
  * vmspawn: do not preserve access permissions and xattrs of template OVMF vars
  * core/swap: /sbin -> /usr/sbin
  * units/*getty*: use /usr/sbin/agetty

  [ Jack Wu ]
  * hwdb: enable autosuspend for Dell DW5826e WWAN modem

  [ Alexander Bruy ]
  * hwdb: map FN key on TongFang X4SP4NAL laptops

  [ Américo Monteiro ]
  * po: Translated using Weblate (Portuguese)
  * po: Translated using Weblate (Portuguese)
  * po: Translated using Weblate (Portuguese)
  * po: Translated using Weblate (Portuguese)

  [ Li Tian ]
  * Add --entry-type=type1|type2 option to kernel-install.
  * 90-uki-copy.install: Skip removing UKI related when BOOT_ENTRY_TYPE=type1
  * ukify: rstrip and escape binary null characters from 'inspect' output (#38607)

  [ Salim B ]
  * docs: fix typos
  * docs: fix typo

  [ Rostislav Lastochkin ]
  * hwdb: Add Accelerometer mount matrix for Irbis TW43

  [ Mate Kukri ]
  * Reuse the parent_image handle and parent_loaded_image

  [ keentux ]
  * detect-virt: bare-metal GCE only for x86 and i386

  [ Vasiliy Kovalev ]
  * hwdb: Add touchpad toggle mapping for Kvadra LE14U/LE15U
  * hwdb: fix accelerometer mount matrix for Aquarius Cmp NS483
  * hwdb: add backslash and touchpad toggle mapping for Aquarius Cmp NS483
  * hwdb: fix MXC6655 accelerometer mount matrix for Aquarius Cmp NS483
  * hwdb: Add launch emoji keyboard mapping for Asus M1607KA

  [ Kevin P. Fleming ]
  * network: Add test for explicit 'static' IPv6Token
  * network: Improve variable name for address generation
  * network: Correct typo and naming in error message
  * network: Rewrite IPv6Token documentation for new modes
  * network: Document the lack of actual DAD usage in prefixstable algorithm
  * network: Make address_hash_ops available outside of networkd-address.c
  * network: Allow multiple IPv6Token 'static' items to generate addresses
  * RequireMountsFor in systemd-nspawn should wait for machine mount
  * network: correct name of parameter in function prototype
  * network: Delay addition of IPv6 Proxy NDP addresses
  * bootctl: 'graceful' should ignore EFI variable failures
  * logging: Improve logging messages related to NFTSet.

  [ Nathan ]
  * po: Translated using Weblate (Italian)

  [ novenary ]
  * hwdb: set touchpad resolution for ThinkPad T14 Gen2a

  [ Abderrahim Kitouni ]
  * man: Add xinclude namespace
  * man: add version info
  * man: add version information for functions
  * man: update version information
  * man: condense version information for functions
  * man: add version information for dbus interfaces
  * update-dbus-docs: don't consider mentions in the History
  * man/kernel-command-line: don't refer early_core_pattern to systemd
  * man: fix docbook syntax for function docs
  * man: add version information for udev functions
  * update-dbus-docs: Test that items are documented in the History section
  * man: add checks for missing version information
  * man: add a couple missing version annotations
  * man: re-add some version info for sd_pid_get_owner_uid.xml
  * man: add version info for newly added systemd-tpm2-setup.service
  * man: support multiple versions of the documentation on the website
  * doc-sync: add man/ to the passed directory
  * doc-sync: automatically detect whether we're updating the latest version
  * doc-sync: add support for uploading the documentation for main
  * sysupdate: fix size_t specifier
  * sysupdate: fix return types according to style guide
  * updatectl: fix DBus method signature for SetFeatureEnabled
  * sysupdate: fix typo in DBus config
  * updatectl: allow interactive authorization

  [ ButterflyOfFire ]
  * po: Translated using Weblate (Kabyle)
  * po: Translated using Weblate (Kabyle)

  [ Graham Clinch ]
  * Correct order for implied time & date specifications.

  [ Fabian Vogt ]
  * units/initrd-parse-etc.service: Conflict with emergency.target
  * firstboot: Make the option list fit 80 columns
  * tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED
  * tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED
  * units/initrd-cleanup.service: Conflict with emergency.target
  * virt: Actually use DMI detection on RISC-V as well

  [ RocketDev ]
  * hwdb: disable Asus ROG keyboards sending poweroff

  [ Jan Čermák ]
  * journal-gatewayd: add /boots endpoint (#37574)
  * journal-gatewayd: make num_entries in Range header optional again
  * journal-gatewayd: fix handling of num_skip pointing beyond the last entry
  * journal-gatewayd: fix busy loop when following way beyond journal end

  [ ssoss ]
  * network: add new DHCPv6 message types and options

  [ SoloSaravanan ]
  * hwdb: Acer Nitro ANV15-51 Mic Toggle
  * hwdb: Acer Nitro ANV15-51 Nitro Sense Toggle

  [ Emir SARI ]
  * po: Translated using Weblate (Turkish)

  [ Luna Jernberg ]
  * Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)

  [ Andika Triwidada ]
  * po: Translated using Weblate (Indonesian)
  * po: Translated using Weblate (Indonesian)
  * po: Translated using Weblate (Indonesian)
  * po: Translated using Weblate (Indonesian)
  * po: Translated using Weblate (Indonesian)
  * po: Translated using Weblate (Indonesian)
  * po: Translated using Weblate (Indonesian)
  * po: Translated using Weblate (Indonesian)
  * po: Translated using Weblate (Indonesian)
  * po: Translated using Weblate (Indonesian)

  [ naly zzwd ]
  * po: Translated using Weblate (Catalan)
  * po: Translated using Weblate (Catalan)

  [ Brett Holman ]
  * Identify kvm + hv_passthrough as "kvm"
  * network: ipv4acd: update MAC address on change (#26753)
  * man: correct the number of active unit states

  [ Valentin David ]
  * shutdown: Drop bit fields in boolean declarations
  * shutdown: Move busy mounts to not block parent mounts
  * shutdown: Make all mounts private
  * repart: Fix a check for CopyBlocks on data partition
  * dissect: Accept signature for usr+usr-verity+usr-verity-sig images
  * sysupdate: Allow patterns to match path with directories
  * sysupdate: Add documentation for new MatchPattern behavior
  * stub: Ignore the boot counter when looking for .extra.d directory
  * ukify: Fix broken assert when building a signed addon
  * stub: call inner kernel directly
  * stub: call LoadImage/StartImage from boot services when provided by shim
  * Use paths specified from environment variables for /etc configuration files
  * pcrlock: Return positive exit status

  [ 김인수 ]
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)

  [ joo es ]
  * po: Added translation using Weblate (Arabic)
  * po: Translated using Weblate (Arabic)
  * po: Translated using Weblate (Arabic)
  * po: Translated using Weblate (Arabic)
  * po: Translated using Weblate (Arabic)

  [ Léane GRASSER ]
  * po: Translated using Weblate (French)
  * l10n: fix credits for the French translation
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)

  [ Yaping Li ]
  * test-xml: migrate to new assertion macros (#37990)
  * test-xattr-util.c: migrate to new assertion macros (#38025)
  * test-web-util.c: Migrate to new assertion MACROs
  * test-web-util.c: Use ASSERT_FALSE() instead of ASSERT_TRUE() where appropriate
  * test-user-record.c: Migrate to new assertion MACROs
  * test-unit-serialize.c: Migrate to new assertion macros
  * test-memstream-util.c: Migrate to new assertion macros

  [ Cosima Neidahl ]
  * meson: Detect ELF ABI version for bpf build on ppc64 (#38307)

  [ Weblate ]
  * Update translation files
  * Update translation files
  * Update translation files
  * Update translation files
  * po: Update translation files
  * po: Update translation files
  * po: Update translation files
  * po: Update translation files
  * po: Update translation files
  * po: Update translation files
  * po: Update translation files
  * po: Update translation files
  * po: Update translation files
  * po: Update translation files
  * po: Update translation files

  [ luc-salles ]
  * Fix Positivo K116J search key and www shortcut

  [ James Hilliard ]
  * meson: use cross compilation compatible c++ check
  * Disable tools/choose-default-locale.sh when cross compiling
  * Disable non-explicit sbatvars autodetection for cross builds.
  * Add meson option to disable urlify.
  * bpf: refactor skeleton generation
  * meson: don't try to guess versioned clang/llvm-strip bins for cross compile
  * meson: set minimum clang/llvm versions for bpf support
  * meson: use bpftool based strip when available
  * meson: use full argument names for bpftool gen commands
  * bpf: use __always_inline macro in restrict-ifaces.bpf.c
  * meson: add experimental bpf-gcc compiler support
  * journalctl: allow statically linked build
  * bpf: set gcc std and compile flags
  * bpf: fix is_allow_list section
  * meson: set minimum libbpf/bpftool versions for bpf-gcc
  * Revert "bpf: fix is_allow_list section"
  * bpf: stabilize GCC BPF support
  * bpf: test with GCC BPF compiler on opensuse
  * README: add missing CONFIG_MEMCG kernel config option for oomd
  * meson: prepend sys_root to bpf isystem

  [ Nick Owens ]
  * docs: fix SurviveFinalKillSignal typo

  [ Philip Freeman ]
  * Update USER_RECORD.md (#38283)

  [ haxibami ]
  * sd-dhcp6-client: add SIP server address support
  * sd-dhcp6-client: add SIP server domain support
  * network/dhcp6: add SIP server support
  * test-network: add test cases for SIP servers

  [ Erin Shepherd ]
  * JSON User/Group records: Add properties for UUIDs
  * userdb: add support for printing the UUID from user and group records
  * userdb: add support for looking up users or groups by uuid.
  * userdbctl: add --uuid filtering option

  [ Beniamino Galvani ]
  * lldp: fix references to IEEE standard
  * lldp: add 802.3 OUI subtype definitions
  * dhcp: don't stop receiving packets when the link goes down
  * dhcp6: remove assertions in dhcp6_option_parse_domainname()
  * dhcp6: parse the FQDN option
  * dns-domain: accept encoded domain names without terminating zero label
  * network: add support for HSR netdev
  * network: fix handling of routing policy rule fwmask
  * networkd: make the ACD timeout configurable
  * networkd: reduce the IPv4 DAD timeout to 200ms
  * network: fix handling of routing policy rule fwmask
  * sd-dhcp6-lease: fix calculation of t2

  [ Vishal Chillara Srinivas ]
  * varlink_error_invalid_parameter(...) always returns EINVAL
  * resolve: mark mDNS RRs in the Additional Records section as cacheable
  * RFC 6762 section 7.1: a Multicast DNS querier SHOULD NOT include records in the
  * resolve: mDNS transaction max attempts fix
  * resolve: fix no mDNS announcement after probing
  * resolve: provide service resolve over varlink
  * resolved: remove entry from cache when goodbye packet received
  * resolve: Rename 'DnssdService', update all dependent code components
  * reslove: Refactor DNS Answer to support 'until' in DnsAnswerItem
  * resolve: Refactor mDNS transaction max attempts
  * resolve: Implement continuous mDNS querying as per RFC6762 5.2
  * test: resolve: add integration tests for browsing services

  [ ZIHCO ]
  * test: update to use the new ASSERT_OK() macro and friends
  * test: update to use DEFINE_TEST_MAIN_WITH_INTRO() macro
  * ac-power: update the help output to use the ansi-color functions
  * test: add a new unit test, src/test/test-binfmt-util.c
  * test: extend the unit test test-notify-recv.c
  * nspawn: replace prefix_roota() with chase()
  * systemd-analyze: added the verb unit-shell to spawn and attach shell
  * systemd-analyze: added the verb unit-gdb to spawn and attach gdb

  [ Linus Heckemann ]
  * vcs-tag.sh: use more compatible shebang
  * netdev-util: don't repeat AF check for each address type
  * netdev-util: allow finding addresses from dhcp-pd

  [ Sam James ]
  * basic/missing-syscalls: add PARISC (HPPA support)
  * seccomp: add PARISC (HPPA support)
  * gpt: add PARISC UUIDs
  * nspawn: allow sched_rr_get_interval_time64 through seccomp filter
  * CODING_STYLE: fix 'better' typo
  * tmpfiles: avoid null free() for acl attributes
  * bpf: disable -fstack-protector in meson
  * dirent: conditionalize dirent assert based on dirent64 existence
  * basic: add comment for LFS assert in dirent-util.h
  * meson: search for 'bpf-unknown-none' too
  * elf2efi: ignore .sframe

  [ Eisuke Kawashima ]
  * doc(tmpfiles.d): remove deprecated `F` type
  * improve zsh completion (#32098)
  * shell-completion: fix completion of `systemctl --user unset-environment` (#37409)
  * shell-completion: fix completion of `systemctl --user unset-environment` (#37409)
  * shell-completion: improve completion of systemd-tmpfiles
  * zsh-completion: improve systemd-run
  * shell-completion: improve completion of systemd-tmpfiles
  * chore: fix editorconfig pattern and add setting for zsh
  * zsh-completion: generate completion for systemd-run from systemd-analyze
  * shell-completion: update systemd-run
  * fix(shell-completion): fix help string
  * style(shell-completion): expand hard tabs and fix indentation
  * style(shell-completion): add missing semicolons
  * style(shell-completion): remove trailing semicolons
  * style(shell-completion): remove unnecessary backslashes
  * fix(shell-completion): correct conditional
  * fix(SC2162): add `-r` to `read`
  * fix(SC2164): robust `cd` conditional
  * fix(shell-completion): strictly parse env output
  * fix(shell-completion): discard error messages

  [ vlefebvre ]
  * detect-virt: add bare-metal support for GCE
  * uki.conf is used by the ukify tool to create an Unified Kernel Image. It

  [ Vitaly Kuznetsov ]
  * measure: fix section names in 'objcopy' example in systemd-measure man
  * shared/tpm2-util: Fix "Error: Esys invalid ESAPI handle (40000001)" warning
  * man: /usr/lib/systemd/random-seed -> /usr/lib/systemd/systemd-random-seed
  * man: fix UKI filename suffix in 'tries' description
  * kernel-install/60-ukify: do not rebuild existing UKIs
  * stub: restore random seed update logic
  * man: mention "overlay" as a possible option for systemd.volatile
  * man: mention "overlay" as a possible option for systemd.volatile
  * man/systemd-sysext: list ephemeral/ephemeral-import in the list of options
  * stub: Support global sysext/confext
  * sysext: Support global sysext/confext

  [ Solar Designer ]
  * test-cgroup: Ignore ENOENT from cg_create()
  * test-cgroup-util: Ignore ENXIO in one more place

  [ Ubuntu ]
  * journald: support reloading configuration at runtime

  [ Grimmauld ]
  * units/systemd-tmpfiles-setup.service: explicitly set RestrictSUIDSGID=no
  * core: add 'DefaultRestrictSUIDSGID' config option
  * core/dbus-manager: Support 'DefaultRestrictSUIDSGID' option
  * core/varlink-manager: Support 'DefaultRestrictSUIDSGID' option
  * core: document 'DefaultRestrictSUIDSGID'

  [ Andres Beltran ]
  * Restart the DHCPv4 client when max REQUEST attempts is reached
  * namespace-util: add util function to check if id-mapped mounts are supported for a given path
  * core: add id-mapped mount support for Exec directories
  * namespace-util: make idmapping not supported if syscalls return EPERM
  * chattr-util: add helpers to read and set project IDs
  * quota-util: add methods to read and set project IDs
  * shared: add exec-directory-util.ch
  * core: add quota support for State, Cache, and Log exec directories
  * Add quota support for DBus
  * Add quota support for systemctl
  * test: add test for quotas on Exec directories

  [ Gabríel Arthúr Pétursson ]
  * pcrlock: Print correct NV index when writing new policy
  * Assign noDA attribute to TPM2 objects not dependant on a PIN
  * shared: Move cryptsetup-tpm2.[ch] from systemd-cryptsetup
  * cryptsetup: Fix memory leak when iterating over systemd-tpm2 tokens
  * cryptenroll: Lock memory pages before operating on the device
  * cryptenroll: Add support for unlocking through TPM2 enrollments
  * cryptenroll: Support rotating PIN on an existing TPM2 enrollment
  * shared: Fix TPM2 unsealing when PCR values change
  * man: Fix typo in name of sd_id128_to_uuid_string

  [ Frede Braendstrup ]
  * fix: UnsetProperty example in systemd.link.xml

  [ Myrrh Periwinkle ]
  * logind: Don't match non-leader processes for utmp TTY determination
  * logind: use manager_get_session_by_leader in manager_get_session_by_pidref

  [ peelz ]
  * zsh: remove _files prefixes

  [ Michael Ferrari ]
  * firstboot: add newline before key wait
  * firstboot: reduce empty input log level
  * firstboot: reduce log level of timezone validation
  * homed: wait for user input during firstboot
  * firstboot: add similar input suggestion
  * repart: open target devices before UUID creation
  * gpt-auto: remove directory check for ESP mount
  * firstboot: order non-interactive options last
  * firstboot: clean up welcome message
  * firstboot: use consistent wording for prompts
  * firstboot: generalize prompt_loop more
  * repart: add support for `Format=empty`

  [ Fleuria ]
  * timer: Do not recalculate monotonic elapse time on clock change

  [ Andy Shevchenko ]
  * hwdb: Add accel orientation quirk for the Microtech e-tab Pro

  [ George Tsiamasiotis ]
  * resolved: Tweak link-local addresses relevancy
  * resolved: Tweak link-local addresses relevancy

  [ Sam Leonard ]
  * nspawn: moved nspawn-creds.[ch] to shared/machine-credential.[ch]
  * string-util: add on_off
  * vmspawn: added initial code for vmspawn
  * vmspawn: created man page
  * vmspawn: extend kernel cmdline with extra args
  * vmspawn: added vsock functionality
  * vmspawn: update man page to include vsock options
  * vmspawn: ignore firmwares with enrolled-keys by default
  * vmspawn: supply a serial TTY to the kernel by default
  * vmspawn: document -q/--quiet
  * vmspawn: fix incorrect mention of container
  * vmspawn: fix incorrect handling of -M in getopt_long
  * vmspawn: remove extraneous log_info
  * nspawn: add missing OOM check on gethostname_malloc()
  * path-lookup: add runtime_directory for resolving $RUNTIME_DIRECTORY
  * vmspawn: add swtpm feature
  * vmspawn: add kernel configuration options
  * vmspawn: synthesise root= argument for direct kernel boot
  * vmspawn: add initrd configuration option
  * vmspawn: add nic configuration
  * vmspawn: accept kvm/vhost-vsock device fds through sd_listen
  * vmspawn: add support for -D/--directory
  * basic/namespace-util: add parse_userns_uid_range
  * nspawn: use parse_userns_uid_range
  * vmspawn: add support for --private-users
  * vmspawn: document --directory and --private-users
  * vmspawn: add support for --bind(-ro)=
  * vmspawn: support multiple initrds via merging
  * vmspawn: discover bootloader for directory type images
  * vmspawn: search for machines when only passed -M/--machine=
  * vmspawn: add template unit to start systemd-vmspawn -M
  * journald: Add assertions to config_parse_compress
  * journald: implement socket forwarding
  * journal-remote: allow AF_VSOCK and AF_UNIX for --listen-raw
  * vmspawn: add --forward-journal=
  * vmspawn: fix possible NULL dereference in discover_boot_entry
  * vmspawn: correctly escape ',' in certain values passed to qemu
  * vmspawn: add --extra-drive=
  * ssh-generator: add mention of ssh.authorized_keys.root to man page
  * basic/terminal-util: add check for poll timeout in get_default_background_color
  * basic/terminal-util: accept ST or BEL to end escape sequence queries
  * shared/ptyfwd: allow window title but not background color as a valid state
  * shared/ptyfwd: detect String Terminator or BEL when parsing an OSC sequence
  * vmspawn: support machined registration
  * machinectl: support vmspawn as a backend
  * vmspawn: only add to cmdline if tpm was started
  * vmspawn: prefix extra kernel-cmdline-extra with -smbios
  * vmspawn: fix FD passing logic
  * vmspawn: generate ephemeral SSH keys for the VM
  * ssh-generator: support ssh.ephemeral-key.all-users
  * vmspawn: enabled free page reporting in qemu by default
  * vmspawn: update parse_boolean to parse_boolean_argument
  * vmspawn: add --discard-disk= to control handling of disk discard requests
  * vmspawn: check firmware target architecture
  * man: fix incorrect XML in man page
  * vmspawn: sort headers
  * vmspawn: insert missing empty line
  * nspawn,shared/netif-util: move generate_mac and shorten_ifname to shared/netif-util
  * vmspawn: generate predicatable TAP device names and MAC addresses
  * test-64-udev-storage: partition disk inside testcase - testcase_long_sysfs_path
  * test-64-udev-storage: partition disk inside testcase - testcase_virtio_scsi_identically_named_partitions
  * test-64-udev-storage: partition disk inside testcase - testcase_multipath_basic_failover
  * man: add machinectl import-raw example for vmspawn
  * man: add example --forward-journal= example for vmspawn
  * man: add ssh example for vmspawn
  * man: fix entry for vmspawn's --ssh-key-type
  * man: clarify behaviour when omitting both -i/-D in vmspawn
  * man: vmspawn - reference later example to show use of --private-users
  * man: removely overly verbose wording from the vmspawn man page
  * man: vmspawn - clarify behaviour of omitting --vsock-cid=
  * man: vmspawn - clarify behaviour of omitting --linux=/--initrd=
  * machined: fix invalid edge case in machine_new
  * cryptenroll: disable loading public key if --tpm2-public-key= is empty
  * news: refer to ForwardToSocket instead of ForwardAddress
  * vmspawn,man: move the varlistentry for -D into a variablelist
  * shared/json: add json_dispatch_absolute_path
  * machined: expose machine_freep in machine.h
  * machined: split manager linking out of machine_new into machine_link
  * machined: add GetMachineSSHInfo method
  * machined: add varlink interface for registering machines
  * vmspawn: add a dropin override to sshd-vsock@.service
  * vmspawn: register with io.systemd.Machine.Register
  * vmspawn: forward signals to VM PID 1 via D-BUS when available
  * vmspawn: fix call to GetUnitByPID
  * vmspawn: fix call to GetUnitByPID

  [ Alex ]
  * network: fix a potential divide-by-zero (#37705)
  * compress: prevent divide-by-zero when no data is read (#37706)
  * network: fix a potential divide-by-zero (#37705)
  * compress: prevent divide-by-zero when no data is read (#37706)

  [ Joaquim Monteiro ]
  * bootctl: fix unclosed quote in debug log
  * bootctl: fix unclosed quote in debug log

  [ Adrian Vovk ]
  * tmpfiles: v/q/Q: Add env var to skip check for rootfs in subvolume
  * stub: Properly null-terminate filenames in pack_cpio_one
  * stub: Load credentials from \loader\credentials\*.cred
  * gpt-auto: Check for /boot before putting ESP there
  * base-filesystem: Support Arch-style multilib
  * sysupdate.d: Add way to drop binaries into $BOOT
  * stat-util: Add statx version of timespec_load
  * tmpfiles: Use statx_timestamp_load
  * core: Add %D specifier for $XDG_DATA_HOME
  * homework: Cleanup home_store_embedded_identity
  * user-record: Add method to match whole perMachine entry
  * fd-util: Close function for FD_TO_PTR
  * docs: Fix typo in USER_RECORD
  * core: path: Re-enter waiting if target is deactivating
  * core: Rework recursive freeze/thaw
  * core: Fail to start/stop/reload unit if frozen
  * homed: Add InhibitSuspend() method
  * fundamental: Add overflow-safe math helpers
  * basic: Add some sha256 helper functions
  * pam_systemd: Let user record override env vars
  * locale-util: Restrict valid locales
  * user-record: Add languages field
  * homed: Add some missing asserts
  * format-utils: Expose FORMAT_UID and FORMAT_GID
  * env-util: Add helper to store current log level
  * hashmap: Add helper to dump sorted keys
  * homed: Pass in username and uid as Polkit details
  * keyring-util: Use reported key size to resize buf
  * fd-util: Expose helper to pack fds into 3,4,5,...
  * Document blob directory behavior
  * user-record: Add blobDirectory and blobManifest
  * homed: Create & advertise blob directory
  * homework: Reconcile blob directories
  * homework: Handle Update & Create w/ blob dir
  * homectl: Add flags to edit blob directories
  * TEST-46-HOMED: Add tests for blob directories
  * update TODO
  * missing_fcntl: Fix RAW_O_LARGEFILE
  * fd-util: Add helpers to check if FD flags are safe
  * user-record: Add preferredSession{Type,Launcher}
  * bus-unit-util: Add utility to freeze/thaw units
  * sleep: Always freeze user.slice
  * homework: Lock/Unlock: Freeze/Thaw user session
  * NEWS: Add note about freezing user session changes
  * data-fd-util: Fixup header
  * homework-cifs: Pass password via fd
  * Revert "homed: Add InhibitSuspend() method"
  * homed: Minor function name cleanup
  * homed: Minor man page improvements
  * homed: Ensure closed FD is handled before bus req
  * homework: Always upload volume key to keyring
  * homework: Accept volume key from keyring
  * homework: Implement offline updates
  * update TODO
  * TEST-46-HOMED: Disable auth rate-limiting
  * homed: Release(): fix assertion failure
  * manager: Freeze/Thaw: Don't fail units w/o cgroup
  * manager: Improve freeze/thaw for unrealized cgroup
  * sysupdate: Report download progress via sd_notify
  * sysupdate: Add --offline mode
  * sysupdate: Implement JSON output
  * sysupdate: Support changelogs & appstream metadata
  * sysupdate: Split UpdateSetFlags out from UpdateSet
  * sysupdate: Split reboot_now into utils
  * table: Add TABLE_SET_JSON_FIELD_NAME
  * table: Improve mangling of JSON field names
  * table: Fix JSON name mangling breaking changes
  * os-release: Add RELEASE_TYPE=
  * os-release: Introduce experiment RELEASE_TYPE
  * sysupdate: Implement systemd-sysupdated dbus service
  * sysupdate: Implement updatectl
  * Merge pull request #32363 from CodethinkLabs/sysupdate-dbus
  * sysupdated: Fixup minor formatting issues
  * sysupdated: Fixup redundant constant name
  * sysupdated: Verify inputs more rigorously
  * sysupdate: Simplify sysupdate_run_simple callsite
  * sysupdate: man: Cleanup sections about flags
  * sysupdate: Fix resource_find_instance
  * sysupdate: Check that --instances-max is in bounds
  * sysupdate: Track incompletely-installed versions
  * sysupdate: Repair incomplete versions in-place
  * sysupdate: Add tests for incomplete versions
  * Merge pull request #33570 from AdrianVovk/sysupdate-incomplete
  * progress-bar: Put a space after the prefix
  * sysupdated: Register known error types
  * updatectl: Ensure we clear the progress bar
  * updatectl: Improve behavior of progress logging
  * progress-bar: Add unbuffered variant
  * sysupdate: Don't ignore callout binary failure
  * sysupdated: Cleanup handling of notifications
  * sysupdated: Improve logging about jobs
  * Merge pull request #34202 from AdrianVovk/sysupdated-fixups
  * strv: Fixup STRV_FOREACH_PAIR macro
  * repart: Consider existing partitions when placing
  * repart: Add SupplementFor= logic
  * repart: Add tests for supplement partitions
  * updatectl: check: Don't print an empty table
  * sysupdated: Rearrange error logging a little bit
  * sysupdated: Vacuum: Fixup dbus type
  * GREEDY_REALLOC_APPEND: Make more type safe
  * fs-util: Introduce symlinkat_idempotent
  * sysupdate: Introduce optional features
  * sysupdate: Add tests for optional features
  * sysupdate: Add verb to inspect features
  * sysupdated: Plumb through optional features
  * updatectl: Introduce optional feature verbs
  * sysupdate: Use camelCase for JSON field names
  * man: warn that sysupdate's API is unstable
  * user-record: Introduce selfModifiable fields
  * homed: Allow user to change parts of their record
  * test: Test user record selfModifiable behavior
  * sysupdated: Make sure targets we skip are skipped
  * sysupdated: Permit mount namespaces
  * sd-stub: Fixup typo & measurement order
  * bootspec: Fixup memory leak
  * bootspec: Fixup loading of local addons for UKIs
  * bootspec: Look at /loader/addons in XBOOTLDR
  * v257 batch up to b5ea69f5acc4ae0e8d31b236072f75b233dae6e8 (#35682)
  * man/systemd.timer: Correct inaccuracy in man page
  * core/timer: Introduce RandomOffsetSec= knob
  * Define uid range for greeter
  * userdbctl: Label dynamic greeter users
  * man/systemd.timer: Correct inaccuracy in man page

  [ Bastien Nocera ]
  * libudev: Update list of possible actions
  * hwdb: Also mark lis3lv02d sensors in "HP" laptops as being in the base
  * hwdb: Force "mouse" type on Logitech Ultrathin Touch Mouse
  * udev: Extract RAM properties from DMI information
  * meson: Split off udev helper programs array
  * meson: Disable dmi_memory_id on arches without DMI
  * udev: Import hwdb matches for USB devices
  * hwdb: Allow end-users root-less access to USB analyzers
  * hwdb: Allow console users access to media* nodes
  * hwdb: Tag IR cameras as such
  * hwdb: Allow console users access to rfkill
  * hwdb: Allow end-users root-less access to TL866 EPROM readers
  * hostname: Allow overriding the chassis type from hwdb
  * hwdb: Add Microsoft Surface Pro 1 chassis quirk
  * memory-id: Work-around incorrect "Number of slots"
  * hwdb: analyzers: Clarify the type of devices we want listed
  * hwdb: Allow users access to USB serial for analysers
  * hwdb: Add Greaseweazle "drives" to the list of analyzers
  * hwdb: Add override for headset form-factors
  * hwdb: Mark Apple Wireless keyboards as not having NumLock LED
  * hwdb: Make 3D mice work out-of-the-box
  * hwdb: Make remote controllable lights work out-of-the-box
  * hwdb: Make remote controllable lights work out-of-the-box
  * hwdb: Add hwbd definitions for maker tools

  [ Oliver Schramm ]
  * hwdb: Add support for Lenovo IdeaPad Slim 5 series

  [ Arkadiusz Bokowy ]
  * sd-bus: Preserve interfaces addition order

  [ Ryan Blue ]
  * network/can: properly handle CAN.RestartSec=0

  [ Avram Dorfman ]
  * test-network: add test case for bootp

  [ Colin Foster ]
  * test-dhcp-client: utilize log_info instead of printf
  * dhcp: relocate type field
  * sd-dhcp-client: add ability to support bootp
  * test-dhcp-client: add test for bootp clients
  * network/dhcp4: add ability to use BOOTP

  [ Luke Yeager ]
  * man: fix typo in dns-delegate example

  [ Dan Streetman ]
  * d/t/boot-and-services: fix test_failing()
  * d/t/boot-and-services: check for any kernel message, not just first kernel message
  * src/network/networkd-dhcp4.c: set prefsrc for classless or static routes
  * d/t/upstream: add TEST-30, TEST-34 to blacklist
  * test/udev-test.pl: cleanup if skipping test
  * test: add create_empty_image_rootdir() to simplify testcase setup
  * test: ignore errors during test cleanup, so cleanup can finish
  * test: when stripping binaries, ignore case in suppressing "File format not recognized"
  * test/test-functions: instmods call to find should use -type f
  * test/test-functions: fix install_dmeventd to correctly install bin/libs
  * test/TEST-16: don't copy systemd-notify or lib from $BUILD_DIR
  * d/t/timedated: replace systemctl is-active with systemctl show
  * d/t/control: root-unittests can break networking, add breaks-testbed
  * d/t/control: mark udev test skippable
  * d/t/upstream: always cleanup after (and before) each test
  * d/t/control: upstream test requires dmeventd
  * d/e/checkout-upstream: don't remove .git
  * d/e/checkout-upstream: move change to debian/ files above other changes
  * d/e/checkout-upstream: add UPSTREAM_KEEP_CHANGELOG param
  * test: convert all uses of '|| true' into '|| :'
  * d/e/checkout-upstream: create git commits for each change
  * d/e/checkout-upstream: switch from 'quilt' to 'native' format
  * d/e/checkout-upstream: set user.name, user.email if unset
  * d/t/storage: change plaintext_name to include testname
  * d/t/storage: increase wait for plaintext_dev from 5 to 30 seconds
  * d/t/storage: wait for service to start, only stop if active
  * d/t/storage: don't search for 'scsi_debug' in ask_password
  * d/t/storage: manage scsi_debug using add_hosts
  * d/t/storage: use short timeout waiting for scsi_debug block dev to appear
  * d/t/storage: convert password agent into normal Thread
  * d/t/storage: fail if socket info not in ask_password contents
  * d/t/boot-smoke: pass failure reason to fail() to print instead of separate echo
  * d/t/boot-smoke: in fail() set +e so errors are ignored while gathering data
  * d/t/boot-smoke: gather still running jobs in fail()
  * d/t/boot-smoke: wait for is-system-running
  * d/t/boot-smoke: call fail if pidof polkitd fails
  * d/t/boot-smoke: remove check for running jobs
  * src/basic/missing_syscall: add s390 syscall number for __NR_pkey_mprotect
  * src/shared/seccomp-util.c: Add mmap definitions for s390
  * src/basic/missing_syscall: change #ifndef to #if ! (defined && > 0)
  * src/basic/missing_syscall: add comment lines for PR 13319 changes
  * src/boot/efi/shim: elide __attribute__((sysv_abi)) on non-intel archs
  * src/boot/efi/linux: elide __attribute__((regparm(0))) on non-i386
  * src/boot/efi/meson.build: if meson --werror is true, set gcc -Werror
  * test/test-functions: avoid stderr noise, only umount on cleanup if mountpoint
  * test: TEST-33 and TEST-36 should use create_empty_image_rootdir
  * test: replace $TESTDIR/root with $initdir
  * test/test-functions: add mkdir to import_initdir
  * test: increase qemu timeout for TEST-18 and TEST-19
  * test/test-functions: use binaries from $BUILD_DIR or installed system
  * test/test-functions: use truncate instead of dd to create testbed image
  * d/rules: add CONFFGLAGS_UPSTREAM to dh_auto_configure -- params
  * test/TEST-18-FAILUREACTION: fix typo to actually run firstphase action
  * test/TEST-10-ISSUE-2467: remove testsuite.service TimeoutStartSec
  * d/t/control: upstream test requires qemu-system-ppc on ppc64el
  * d/t/control: install seabios for upstream test
  * d/extra/rules/73-special-net-names.rules: use $$ instead of $ in PROGRAM= value
  * src/core/automount: use DirectoryMode when calling mkdir -p
  * test: add temporarily blacklisted tests
  * test/README.testsuite: add section for Ubuntu CI blacklist files
  * d/t/upstream: change BLACKLIST env var into per-test file that upstream can control
  * test: add initial blacklist files
  * test: blacklist TEST-41 on Ubuntu CI
  * test: correct TEST-41 StartLimitBurst test
  * resolved: set stream type during DnsStream creation
  * test/test-network/systemd-networkd-tests.py: suppress stderr for functionality checks
  * test: check /usr/lib and /lib for systemd binaries
  * test-network: Remove/replace non-capturing group regex
  * blacklist: fix blacklist patch file header info, add details and upstream bugs
  * blacklist: remove short timeout from TEST-10, and unblacklist it
  * network: set ipv6 mtu after link-up or device mtu change
  * test-network: allow specifying only individual drop-in files
  * test-network: read link attribute at any depth
  * test-network: in wait_online() allow a few seconds to reach setup_state
  * test-network: disable restart limiting for networkd
  * test-network: add tests to verify IPv6MTUBytes
  * network: rename linux_configure_after_setting_mtu() to linux_configure_continue()
  * network: add link->setting_genmode flag
  * network: if ipv6ll is disabled, enumerate tentative ipv6 addrs before dropping foreign addrs
  * network: drop foreign config after addr_gen_mode has been set
  * test-network: rename check_operstate() to wait_operstate()
  * test-network: convert wait_operstate() to recheck condition for timeout seconds
  * test-network: simplify wait_online() by calling wait_operstate()
  * man: sort log parameters in alphabetical order
  * man: remove the '=' from --log-color and --log-location as they are optional arg
  * log: add support for prefixing console log messages with current timestamp
  * network: attach sd-event in link_load() when creating link dhcp_client or ipv4ll
  * d/t/logind: use grep -s when checking /sys/power/state
  * d/rules: in dh_auto_test, include meson param --print-errorlogs
  * Follow symlinks when finding link files to copy into initramfs
  * remove Ubuntu-specific ondemand.service
  * cleanup ondemand.service symlink
  * network: change UseGateway= default to UseRoutes= setting
  * test: modify/add tests for UseRoutes= and UseGateway= configuration
  * network: honor SetDNSRoutes= even if UseGateway=False
  * test: verify RoutesToDNS= is independent of UseGateway=
  * cgroup-util: check for SYSFS_MAGIC when detecting cgroup format
  * test-cgroup: skip if /sys/fs/cgroup unknown fs
  * test: find path for systemd-journal-remote
  * Cherry-pick fix from upstream master to adjust UseGateway= default
  * network: Change IgnoreCarrierLoss default to value of ConfigureWithoutCarrier
  * network: return 1 on start and 0 if ipv4ll is already started
  * test: expand configure-without-carrier test
  * test: add bridge configure-without-carrier test
  * test: in test_bridge_configure_without_carrier, ignore setup_state
  * 40-vm-hotadd.rules: check offline before onlining memory/cpus
  * d/t/upstream: capture new merged 'system.journal' from tests
  * d/t/upstream: use --directory or --file param for journalctl
  * d/t/storage: check for ext2 or ext4 fs when using crypttab 'tmp' option
  * test-network: don't print networkctl output for passing subtests
  * test-netowrk: in test_bridge_configure_without_carrier, avoid strange test failures
  * Add libzstd-dev and zstd as build and test deps
  * semaphoreci: update Debian release to bullseye
  * test: convert ubuntu-ci to use deny-list
  * network: move set-MAC and set-nomaster operations out of link_up()
  * test: ignore ENOMEDIUM error from sd_pid_get_cgroup()
  * d/control: update meson minimum version
  * d/t/upstream: convert 'blacklist' term to 'deny-list'
  * test/test-functions: copy /usr/lib/pam.d into $initdir
  * test: use cap_last_cap() for max supported cap number, not capability_list_length()
  * sd-dhcp-client: don't log timeouts if already expired
  * sd-dhcp-client: track dhcp4 t1, t2, expire times
  * sd-dhcp-client: add RFC2131 retransmission details
  * sd-dhcp-client: simplify dhcp4 t1/t2 parsing
  * sd-dhcp-client: correct dhcpv4 renew/rebind retransmit timeouts
  * sd-dhcp-client: correct retransmission timeout to match RFC
  * test-network: increase wait_online timeout to handle longer dhcpv4 transient timeout
  * sd-dhcp-client: fix renew/rebind timeout calculation to avoid infinite loop
  * udev: use DEFINE_MAIN_FUNCTION in cdrom_id
  * network: add ActivationPolicy= configuration parameter
  * test: add ActivationPolicy= unit tests
  * save link activation policy to state file and display in networkctl
  * test: remove unused 'basedir' var from integration test makefiles
  * test/test-functions: move var assignment
  * test/test-functions: add variables for several dir locations
  * test: find $BUILD_DIR in test-functions, remove from other scripts
  * test/test-functions: allow installing systemd files from local system
  * test: allow run-integration-tests.sh to run without build
  * test/run-integration-tests.sh: adjust arg processing
  * test/TEST-01-BASIC: also install testsuite.target
  * test: skip tests if cgroup isn't mounted
  * Skip TEST-50 on ubuntu ci
  * Slight adjustments to previous patch for deny/black-list naming
  * d/t/upstream: use NO_BUILD=1
  * d/t/control: install all binary packages for upstream test
  * d/t/boot-smoke: update test to avoid false negatives
  * test: combine stdout/stderr from failed test
  * d/t: replace 'root-unittests' shell script with simple call to upstream script
  * macro: add ONCE macro that evaluates to 1 one time
  * log: add log_once() and log_once_errno() macros
  * psi: update is_pressure_supported to read file
  * oom: log one-time warning if kernel doesn't provide memory.swap.current
  * test/networkd-test: in bridge test, wait for online after restart systemd-networkd
  * network: default RequiredForOnline=false if ActivactionPolicy= not set to up
  * networkctl: add field 'Required For Online'
  * test: add test to verify RequiredForOnline= setting with ActivationPolicy=
  * Add systemd-resolve backwards compatibility section to resolvectl docs
  * time: simplify get_timezones()
  * time: split get_timezone() into main function and zone1970.tab function
  * time: get timezones from tzdata.zi
  * test: optionally, only save test journal for failing tests
  * cgroup: do 'catchup' for unit cgroup inotify watch files
  * meson.build: change operator combining bools from + to and
  * userdb: fix if-else to allow NameServiceSwitch lookups
  * cgroup: check if any controller is in use as v1
  * cgroup: when checking for legacy controllers, ignore any we don't care about
  * test: refactor test-procfs-util for clarity and skip test on perm failure
  * resolve: remove server 'large' level
  * add CAP_LINUX_IMMUTABLE to systemd-machined, so it can handle machinectl read-only requests
  * d/control: set minimum version for dh-package-notes
  * tpm2: replace magic number
  * Consolidate various TAKE_* into TAKE_GENERIC(), add TAKE_STRUCT()
  * tpm2: rename tpm2 alg id<->string functions
  * tpm2: rename struct tpm2_context to Tpm2Context
  * tpm2: use ref counter for Tpm2Context
  * tpm2: use Tpm2Context* instead of ESYS_CONTEXT*
  * tpm2: add Tpm2Handle with automatic cleanup
  * tpm2: fix build failure without openssl
  * tpm2: simplify tpm2_seal() blob creation
  * basic/macro: add macro to iterate variadic args
  * test/test-macro: add tests for FOREACH_VA_ARGS()
  * basic/bitfield: add bitfield operations
  * test/test-bitfield: add tests for bitfield macros
  * tpm2: add tpm2_get_policy_digest()
  * tpm2: add TPM2_PCR_VALID()
  * tpm2: add/rename functions to manage pcr selections
  * test/test-tpm2: add tests for pcr selection functions
  * tpm2: add tpm2_pcr_read()
  * tpm2: move openssl-required ifdef code out of policy-building function
  * tpm2: add tpm2_is_encryption_session()
  * tpm2: move policy building out of policy session creation
  * tpm2: add tpm2_digest_*() functions
  * tpm2: replace hash_pin() with tpm2_digest_*() functions
  * tpm2: add tpm2_set_auth()
  * tpm2: add tpm2_get_name()
  * tpm2: rename pcr_values_size vars to n_pcr_values
  * tpm2: add tpm2_policy_pcr()
  * tpm2: add tpm2_policy_auth_value()
  * tpm2: add tpm2_policy_authorize()
  * tpm2: use tpm2_policy_authorize()
  * tpm2: add tpm2_calculate_sealing_policy()
  * boot/measure: replace TPM PolicyPCR session with calculation
  * tpm: remove external calls to dlopen_tpm2()
  * tpm2: remove all extern tpm2-tss symbols
  * tpm2: sort tpm2 symbol list
  * tpm2: add tpm2_get_capability(), tpm2_cache_capabilities(), tpm2_capability_pcrs()
  * tpm2: verify symmetric parms in tpm2_context_new()
  * tpm2: replace _cleanup_tpm2_* macros with _cleanup_()
  * tpm2: add tpm2_get_capability_handle(), tpm2_esys_handle_from_tpm_handle()
  * tpm2: add tpm2_read_public()
  * tpm2: add tpm2_get_legacy_template() and tpm2_get_srk_template()
  * tpm2: add tpm2_load()
  * tpm2: add tpm2_load_external()
  * tpm2: move local vars in tpm2_seal() to point of use
  * tpm2: replace magic number in hmac_sensitive initialization
  * tpm2: add tpm2_create()
  * tpm2: replace tpm2_capability_pcrs() macro with direct c->capaiblity_pcrs use
  * basic/alloc-util: add greedy_realloc_append()
  * tpm2: cache the TPM supported commands, add tpm2_supports_command()
  * tpm2: cache TPM algorithms
  * tpm2: add tpm2_persist_handle()
  * tpm2: add tpm2_get_or_create_srk()
  * tpm2: move local vars in tpm2_unseal() to point of use
  * tpm2: remove tpm2_make_primary()
  * test: Add DA lockout handling to TEST-70-TPM2
  * test: reduce the number of loops in tpm2 test_tpms_pcr_selection_mask_and_hash()
  * tpm2: handle older tpm enrollments without a saved pcr bank
  * tpm2: add tpm2_get_pin_auth()
  * test: avoid TEST-70 passphrase and password file mode complaints
  * Revert "cryptenroll: drop unmet condition"
  * tpm2: instead of adjusting authValue trailing 0(s), trim them as required by tpm spec
  * tpm2: use CreatePrimary() to create primary keys instead of Create()
  * tpm2: add debug logging to functions converting hash or asym algs to/from strings or ids
  * tpm2: add tpm2_hash_alg_to_size()
  * tpm2: change tpm2_tpm*_pcr_selection_to_mask() to return mask
  * tpm2: add more helper functions for managing TPML_PCR_SELECTION and TPMS_PCR_SELECTION
  * tpm2: add Tpm2PCRValue struct and associated functions
  * tpm2: move declared functions in header lower down
  * tpm2: declare tpm2_log_debug_*() functions in tpm2_util.h
  * tpm2: change tpm2_calculate_policy_pcr(), tpm2_calculate_sealing_policy() to use Tpm2PCRValue array
  * tpm2: change tpm2_parse_pcr_argument() parameters to parse to Tpm2PCRValue array
  * tpm2: add TPM2B_*_MAKE(), TPM2B_*_CHECK_SIZE() macros
  * tpm2: add tpm2_pcr_read_missing_values()
  * openssl: add openssl_pkey_from_pem()
  * openssl: add rsa_pkey_new(), rsa_pkey_from_n_e(), rsa_pkey_to_n_e()
  * openssl: add ecc_pkey_new(), ecc_pkey_from_curve_x_y(), ecc_pkey_to_curve_x_y()
  * test: add DEFINE_HEX_PTR() helper function
  * openssl: add test-openssl
  * tpm2: add functions to convert TPM2B_PUBLIC to/from openssl pkey or PEM
  * tpm2: move policy calculation out of tpm2_seal()
  * man: update systemd-cryptenroll man page with details on --tpm2-pcrs format change
  * tpm2: update TEST-70-TPM2 to test passing PCR value to systemd-cryptenroll
  * tpm2: use ELEMENTSOF() instead of sizeof() for TPML_PCR_SELECTION pcrSelections field
  * openssl: add log_openssl_errors()
  * tpm2: change *alg_to_* functions to use switch()
  * tpm2: lowercase TPM2_PCR_VALUE[S]_VALID functions
  * tpm2: move cast from lhs to rhs in uint16_t/int comparison
  * tpm2: in validator functions, return false instead of assert failure
  * tpm2: in tpm2_pcr_values_valid() use FOREACH_ARRAY()
  * tpm2: use SIZE_MAX instead of strlen() for unhexmem()
  * tpm2: put !isempty() check inside previous !isempty() check
  * tpm2: simplify call to asprintf()
  * tpm2: check pcr value hash != 0 before looking up hash algorithm name
  * tpm2: use strempty()
  * tpm2: split TPM2_PCR_VALUE_MAKE() over multiple lines
  * tpm2: remove ret_ prefix from input/output params
  * tpm2: use memcpy_safe() instead of memcpy()
  * openssl: use new(char, size) instead of malloc(size)
  * tpm2: use table for openssl<->tpm2 ecc curve id mappings
  * tpm2: use switch() instead of if-else
  * tpm2: make logging level consistent at debug for some functions
  * tpm2: remove unnecessary void* cast
  * tpm2: add tpm2_pcr_values_has_(any|all)_values() functions
  * tpm2: wrap (7) in UINT32_C()
  * cryptenroll: change man page example to remove leading 0x and lowercase hex
  * test: only load tpm_ibmvtpm kernel module on PowerPC hw
  * openssl: add openssl_digest_size()
  * openssl: add openssl_digest_many()
  * openssl: replace openssl_hash() with openssl_digest()
  * openssl: add openssl_hmac_many()
  * openssl: add rsa_oaep_encrypt_bytes()
  * openssl: add kdf_kb_hmac_derive()
  * openssl: add openssl_cipher_many()
  * openssl: add ecc_edch()
  * openssl: add kdf_ss_derive()
  * tpm2: add tpm2_marshal_blob() and tpm2_unmarshal_blob()
  * tpm2: add tpm2_serialize() and tpm2_deserialize()
  * tpm2: add tpm2_index_to_handle() and tpm2_index_from_handle()
  * tpm2: edit tpm2_get_or_create_srk() comment
  * tpm2: downgrade most log functions from error to debug
  * tpm2: allow tpm2_make_encryption_session() without bind key
  * tpm2: update tpm2 test for supported commands
  * tpm2: use GREEDY_REALLOC_APPEND() in tpm2_get_capability_handles(), cap max value
  * tpm2: change tpm2_unseal() to accept Tpm2Context instead of device string
  * tpm2: cache TPM's supported ECC curves
  * cryptenroll: allow specifying handle index of key to use for sealing
  * test: add tests for systemd-cryptenroll --tpm2-seal-key-handle
  * tpm2: do not call Esys_TR_Close()
  * tpm2: don't use GetCapability() to check transient handles
  * tpm: update comment on transient handle GetCapability bug in kernel tpm resource manager
  * tpm2: allow using tpm2_get_srk_template() without tpm
  * tpm2: add test to verify srk templates
  * tpm2: add tpm2_sym_alg_*_string() and tpm2_sym_mode_*_string()
  * tpm2: add tpm2_calculate_seal() and helper functions
  * tpm2: update test-tpm2 for tpm2_calculate_seal()
  * cryptenroll: add support for calculated TPM2 enrollment
  * test: fix env var name of persistent handle used for testing so it is removed after test
  * test: update TEST-70 with systemd-cryptenroll calculated TPM2 enrollment
  * tpm2: Do not use RSA exponent special-case default value in PEM->TPM2B_PUBLIC conversion
  * test: verify PEM->TPM2B_PUBLIC conversion for RSA key with non-default exponent
  * test: check TPM2B_PUBLIC "name" during PEM->TPM2B_PUBLIC conversion tests
  * tpm2: If unsealing results in policy hash mismatch when using RSA pubkey, possibly retry
  * d/t/upstream: only save journal for failing integration tests
  * debian/tests/storage: without scsi_debug, skip test
  * systemd-keyutil: add verb to conver PKCS#1 to PKCS#7
  * test: run PKCS#7 verification with both internal and external certificates
  * keyutil: support adding content into PKCS#7 signature
  * openssl: add hash_algorithm parameter to pkcs7_new()
  * keyutil: add parameter to specify hash algorithm used for PKCS#1 signature
  * test: update keyutil test to verify new pkcs7 --hash-algorithm param

  [ Dai MIKURUBE ]
  * doc: explicitly mention the license of libudev in LICENSES/README.md (#37792)

  [ A. Wilcox ]
  * man: Ensure notify example includes <string.h>
  * edit-util: EditFileContext: avoid reserved 'stdin'
  * basic: Include <sys/file.h> for LOCK_* constants
  * tree-wide: basename -> path_extract_filename

  [ Lorenzo Arena ]
  * sd-lldp-rx: add VLAN ID parsing
  * network: test-lldp-rx: set more variable as static const

  [ tytan652 ]
  * hwdb: add support for Loupedeck devices

  [ Emmanuel Ferdman ]
  * doc: fix integration tests guide reference

  [ Anton Ryzhov ]
  * man/systemd-creds: fix documentation typo in systemd.exec.xml

  [ Michał Moczulski ]
  * hwdb: fix touchpad for ASUS X1504ZA (#37696)

  [ Christian Glombek ]
  * portable,sysext: match extension OS ID also against host ID_LIKE

  [ Shubhendra Kushwaha ]
  * docs: add man pages for sd_device_enumerator_[new,ref,unref,unrefp] (#37586)
  * docs: add man pages for sd_device_enumerator_[new,ref,unref,unrefp] (#37586)
  * docs: add man pages for `sd_device_enumerator_add_match_*` (#37589)
  * docs: add man page for sd_device_enumerator_get_device_first() and friends

  [ Kirill Rekhov ]
  * d/systemd.postrm: delete more internal state directories on purge
  * Set upstream metadata fields: Security-Contact

  [ Tim Vangehugten ]
  * po: Translated using Weblate (Dutch)

  [ TheHillBright ]
  * journald: clarify doc for usage-related values cap (#37528)
  * journald: clarify doc for usage-related values cap (#37528)

  [ Jan Vaclav ]
  * pidfd-util: avoid alignment warning when accessing f_handle
  * cgroup-util: avoid alignment warning when accessing f_handle
  * in-addr-util: use s6_addr* macros everywhere

  [ Dusty Mabe ]
  * src/core/manager.c: log preset activity on first boot

  [ tuxmainy ]
  * hwdb: make Saitek PLC Pro Flight Rudder Pedals a joystick (#37601)

  [ Stefan Herbrechtsmeier ]
  * hostname: add hardware Stock-Keeping Unit
  * hostname: add hardware version

  [ maia x. ]
  * namespace: Fix extension release memory leak
  * mkosi: add socat to minimal-0/1 images
  * vpick: add path_uses_vpick helper method
  * core: reload confexts when reloading notify-reload services
  * test: check reloading notify-reload service refreshes vpick extensions
  * man: document confext reload behavior for ExtensionDirectories/Images

  [ Tommy Unger ]
  * test: write file from systemd service in transient unit

  [ Nuno Sá ]
  * hwdb: add Analog Devices PLUTO SDR
  *  hwdb: append ID_MM_DEVICE_IGNORE to hwdb parser

  [ Todd C. Miller ]
  * flush_ports: flush POSIX message queues properly
  * flush_ports: flush POSIX message queues properly

  [ Debarshi Ray ]
  * sysctl: Enable ping(8) inside rootless Podman containers
  * meson: Ensure that distribution packages own systemenvgeneratordir
  * meson: Ensure that distribution packages own systemenvgeneratordir

  [ Alexander Stepchenko ]
  * man/systemctl: add preposition for clarity
  * man/systemctl: add preposition for clarity

  [ Tim Small ]
  * man/network: clarify SR-IOV section description and usage
  * man/network: Note .link early boot caveat, and .network .netdev usage.
  * document requirement to sync *.link files with initrd
  * man/network: clarify SR-IOV section description and usage
  * man/network: Note .link early boot caveat, and .network .netdev usage.

  [ David Rheinsberg ]
  * sd-bus: avoid magic number in SASL length calculation
  * sd-bus: fix SASL reply to empty AUTH
  * sd-bus: skip sending formatted UIDs via SASL
  * bus: use inline trace argument for ANONYMOUS auth
  * basic/memfd: drop test for F_SEAL_SEAL
  * basic/memfd: reduce default seals to historic set
  * basic/memfd: add fcntl() wrappers
  * basic/memfd: fix memfd_map() seal test
  * docs/DESKTOP_ENVIRONMENTS: fix formatting
  * docs/DESKTOP_ENVIRONMENT: clarify <RANDOM> usage
  * docs/DESKTOP_ENVIRONMENTS: clarify name aliases
  * basic/time-util: fix error handling of clock_nanosleep()
  * basic/time-util: fix error handling of clock_nanosleep()

  [ Jesper Nilsson ]
  * man/sd_bus_slot_set_floating: Improve wording around b parameter
  * man/sd_bus_slot_set_floating: Improve wording around b parameter

  [ igo95862 ]
  * man: Separated paragraph about making sd_bus object reply async
  * man: Add a paragraph to sd_bus_call explaning callback message lifetime
  * man: Fix sd_bus_message_append_array_space function signature
  * man: Specify that sd_bus_message_read_basic returns 0 if end of array had been reached.
  * man: Fixed an incomplete sentence
  * man: Speicfy exact return values of sd_bus_message_enter_container
  * docs: `mesonconf` is not a valid command, `meson configure` is
  * man: Specify that only d-bus methods can be answered async
  * Export D-Bus interfaces to /usr/share/dbus-1/interfaces
  * Export systemd-networkd D-Bus XML introspection
  * Disable exporting D-Bus Introspection XML if cross-compiling
  * test-bus-objects: Test GetManagedObjects interfaces are correct
  * Fix GetManagedObjects returning ObjectManager interface for non-manager objects
  * test-bus-objects: Test interfaces added/removed signal interfaces
  * Fix ObjectManager interface emitted for non-manager objects
  * man: Fix systemd-boot man page wrong secure keys location
  * man/sd_bus_emit_signal: Fix extra const for strv functions
  * man/sd-bus: Add at least one reference per sd-bus function man page
  * man/sd_bus_emit_signal: Fix extra const for strv functions
  * man/sd-bus: Add at least one reference per sd-bus function man page

  [ Alexander Kurtz ]
  * docs/MEMORY_PRESSURE: Replace incorrect "packages" with correct "pages"
  * docs/MEMORY_PRESSURE: Replace incorrect "packages" with correct "pages"

  [ LuK1337 ]
  * rules: Make ADB and fastboot work out-of-the-box
  * rules: Make ADB and fastboot work out-of-the-box

  [ kmeaw ]
  * shared/calendarspec: fix normalization when DST is negative
  * shared/calendarspec: fix normalization when DST is negative

  [ Jules Lamur ]
  * fstab-generator: fix options in systemd.mount-extra= arg
  * fstab-generator: fix options in systemd.mount-extra= arg

  [ Jan Engelhardt ]
  * rpm: use sh compatible redirects
  * rpm: check argument counts for systemd macros
  * rpm: avoid hiding errors from systemd commands
  * coredump: re-document raised default dump sizes
  * doc: replace wrong á preposition by 
  * doc: replace wrong idiom in homed comment
  * doc: correct wrong use "'s" contractions
  * test: drop route from test-functions
  * man: grammar fixes: replace "respectively"
  * man: grammar fixes for "regardless"
  * man: expand word contractions
  * man: grammar fixes for introductory adverbs/phrases
  * man: grammar fixes for varlinkctl(1)
  * man: grammar fixes for userdbctl(1)
  * man: expand word contractions
  * man: grammar fixes for introductory adverbs/phrases

  [ Mario Limonciello ]
  * rules: Add automatic suspend udev rules
  * trivial: update tools/chromeos/gen_autosuspend_rules.py
  * chromiumos: sync auto suspend rules with chromeos commit e348a229bacc3
  * Add support to set autosuspend delay via hwdb
  * Set autosuspend delay for Fibocom LG850-GL
  * backlight: Drop support for actual_brightness
  * backlight: Drop support for actual_brightness

  [ Ryan Thompson ]
  * hwdb: add bladeRF SDR devices
  * hwdb: append ID_SOFTWARE_RADIO to hwdb parser

  [ André Monteiro ]
  * Add dns0.eu in resolved.conf.in (#37404)

  [ Valentin Hăloiu ]
  * Add netdev files associated with link to networkd JSON output (#37402)

  [ Kurt Borja ]
  * hwdb: keyboard: Add Alienware special keys

  [ anonymix007 ]
  * boot: Add be32toh
  * boot: Add bswap_{16,32}
  * boot: Add EFI_STATUS_IS_ERROR macro
  * boot: Add xcalloc and xcalloc_multiply
  * boot: Move smbios-related functions to a separate file
  * boot: Add smbios_populate_raw_info
  * boot: Add log_info and log_debug
  * fundamental: Add EFI_GUID userspace definition
  * macro: Add DISABLE_WARNING_STRINGOP_OVERREAD
  * fundamental: Import SHA1 implementation from libxcrypt
  * test: Add tests for SHA1
  * boot: Add xnew0
  * fundamental: Add HWID calculation
  * boot: Add firmware_devicetree_exists()
  * boot: Add HWID calculation from SMBIOS strings and matching against a built-in list
  * boot: Add .dtbauto section matching in PE section discovery against HWIDs and FW-provided DT
  * measure: introduce support for a .hwids section
  * uki: add new .dtbauto PE section type
  * measure: Introduce .dtbauto support
  * stub: Handle .dtbauto sections
  * man: Document stub behaviour for .hwids and .dtbauto sections
  * boot: Drop const modifier for smbios_fields and fix smbios_info_done
  * boot: Fix overflow check for FDT_PROP in devicetree_get_compatible
  * boot: Fix .dtbauto section number for error reporting
  * fundamental: Add userspace efi_guid_equal
  * test: Add chid-fundamental test
  * fundamental: move string includes from chid-fundamental.c to header
  * fundamental: Fix iteration count in chid_calculate
  * fundamental: Fix buffer size in get_chid
  * ukify: Support building UKIs with .dtbauto sections
  * ukify: Support building UKIs with a .hwids section
  * ukify: Use new .hwids PE section format
  * ukify: Switch to JSON HWID description format
  * man: Document ukify --hwids= and --devicetree-auto= options
  * boot: Deduplicate efi.h and efi-fundamental.h
  * boot: Add chid.c to libefitest
  * test: Add test-chid-match
  * fundamental: Move common string constants from basic/string-util.h to string-util-fundamental.h
  * boot: Add be16toh, le16toh and le32toh
  * fundamental: Introduce EDID header parsing
  * boot: Add EDID parsing
  * chid-fundamental: Introduce new CHID types
  * chid: Setup EDID CHIDs
  * sd-device: Introduce sd_device_get_sysattr_value_with_size()
  * analyze-chid: Support EDID CHIDs

  [ damnkiwi6120 ]
  * Replace reference URLs with working ones

  [ madroach ]
  * hwdb: add HP 150 Wired Mouse (#37341)

  [ Werner Sembach ]
  * Fix systemd-backlight ignoring numbered kbd_backlight entries
  * hwdb/keyboard: Map FN key on TUXEDO NB02 devices
  * hwdb/keyboard: Map FN key on TUXEDO InfinityFlex 14 Gen1

  [ Michal Koutný ]
  * core: Extract job ordering logic
  * core: Check transaction against execution cycles
  * tests: Check job ordering on execution cycles
  * tests: Check trivial loop between two jobs
  * docs: Correct resource weight range
  * mkosi: Use distro-invariant rootprefix
  * test: Simplify hostname checking
  * mkosi: Unify environment for unit tests
  * mkosi: Add openSUSE params file
  * test: Fix build with !HAVE_LZ4 && HAVE_XZ
  * mkosi: Fix openSUSE image declaration
  * mkosi: Add openSUSE Tumbleweed packages
  * mkosi: Add explicit --bootable=no openSUSE dependencies
  * systemctl: Fix frozen state coloring
  * tests: Fix description of test units
  * cgroup: Make empty assignments reset to default
  * cgroup: Allow empty assignments of Memory{Low,Min}=
  * cgroup: Parse infinity properly for memory protections
  * test: Test memory limit parsing
  * missing: Add new Linux capabilities
  * cgroup: Make realize_queue behave FIFO
  * cgroup: Add root slice to cgroup realization queue
  * cgroup: Swap cgroup v1 deletion and migration
  * cgroup: Eager realization in unit_free
  * cgroup: Implicit unit_invalidate_cgroup_members_masks
  * cgroup: Introduce family queueing instead of siblings
  * cgroup: Reduce unit_get_ancestor_disable_mask use
  * cgroup: Cleanup function usage
  * missing: Add new Linux capability
  * meson: Fix missing libseccomp dependencies
  * cgroup: Simplify cg_get_path_and_check
  * core: Make (user) instance aware of delegated cgroup controllers
  * Revert "Silence cgroups v1 read-only filesystem warning"
  * core: Avoid spurious realization of unit cgroups
  * mkosi: openSUSE update --bootable=no dependencies
  * mkosi: Fix openSUSE Jinja2 package name
  * ci: Bump mkosi version to v10
  * ci: Do not require network in test images
  * ci: Detect shell prompt with higher specificity
  * ci: Add openSUSE Tumbleweed among tested distros
  * core: Make sure cgroup_oom_queue is flushed on manager exit
  * Revert "CI: disable opensuse mkosi CI"
  * core/cgroup: Provide information about applied BFQ scaling
  * cgroup-util: Move macros to macros and tests to tests
  * core/cgroup: Factor out BFQ weight setting
  * core/cgroup: Apply IODeviceWeight= through BFQ attributes as well
  * core/cgroup: Refactor device weight property name
  * core/cgroup: Silence warnings IODeviceWeigth= on old kernels
  * core/cgroup: Silence IODeviceWeight= exclusive policy warnings
  * meson: Require TPM2 for measuring utilities
  * meson: Store fuzz tests in structured way
  * meson: Generate fuzzer inputs with directives
  * logind: Properly unescape names of lingering users
  * cgtop: Do not rewrite -P or -k options
  * test: Add tests for systemd-cgtop args parsing
  * cgtop: Update code comments
  * cgroup: Do not emit compat message without memory limit
  * core: mount namespaces: Remove auxiliary bind mounts directory after unit termination
  * meson: Copy files with git only in true git repository
  * mkosi: Copy sources under /usr in the image
  * cgroup: Fix MemoryAvailable= by considering physical memory
  * cgroup: Refactor MemoryAvailable= evaluation
  * cgroup: Estimate MemoryAvailable= when DefaultMemoryAccounting=no
  * dbus: Document org.freedesktop.systemd1.Service.MemoryAvailable property
  * sysctl.d: Fix pid_max comment
  * man: Add remarks about StandardInput=socket and sd_listen_fds()
  * cgroup: Add EffectiveMemoryMax=, EffectiveMemoryHigh= and EffectiveTasksMax= properties
  * test: Convert rlimit test to subtest of generic limit testing
  * test: Add effective cgroup limits testing
  * cgroup: Restrict effective limits with global resource provision
  * cgroup: Rename effective limits internal table
  * service: Demote log level of NotifyAccess= messages to debug
  * timedated: Respond on org.freedesktop.timedate1.SetNTP only when really finished
  * test: Ensure delegation test unit has memory controller
  * Revert "TEST-19-CGROUP: Skip on opensuse"
  * test: Reorganize testcase of cgroup delegation
  * test: Fail cgroup delegation test when user cannot be created
  * core/cgroup: Apply IODevice*= directives in configured order
  * test: Add test for per-device cgroup properties
  * core/manager: Deprecate StartAuxiliaryScope() method
  * mkosi: Fix tools image package name
  * mkosi: Fix tools image package name
  * sd-event: Fix sd_event_source leak
  * user-record: Handle invalid uid/gid case
  * userdb: Fix return value of groupdb_by_name()
  * user-record: Make user and group matching functions total
  * TEST-13-NSPAWN.nss-mymachines: Use negative matching switch
  * path: Close inotify FD asynchronously
  * TEST-13-NSPAWN.nss-mymachines: Use negative matching switch
  * capsule-util: Move from shared/ to basic/
  * cgroup-util: Handle capsule@ paths like user@ paths
  * test-cgroup-util: Check return values
  * test-cgroup-util: Skip procs analysis without cgroupfs
  * test-cgroup-util: Ignore LXC group
  * update TODO

  [ Matthieu Baerts (NGI0) ]
  * core/socket: allow MPTCP protocol
  * ssh-proxy: add scp and rsync support

  [ Stefan Hansson ]
  * missing_fcntl: Introduce O_ACCMODE_STRICT

  [ MaxHearnden ]
  * systemctl: allow user to suppress output when no action scheduled (#32278)
  * Use the correct name of CEL
  * resolve: query the parent zone for DS records

  [ Busayo Dada ]
  * test: update to use the new ASSERT_OK() macro and friends
  * socket-proxy: add syntax highlighting to help output
  * test: Improve coverage in test-memfd-util and use ASSERT_OK() macro and friends
  * Use secure_getenv() instead of getenv() where appropriate

  [ hsu zangmen ]
  * po: Translated using Weblate (Chinese (Traditional) (zh_TW))
  * po: Translated using Weblate (Chinese (Traditional) (zh_TW))

  [ Hang Li ]
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))

  [ Khem Raj ]
  * sysctl: Don't pass null directive argument to '%s'
  * core: Fix use after free case in load_from_path()
  * meson: Fix reallocarray check
  * test-parse-argument: Include signal.h
  * test-seccomp: Check for __NR_ppoll before use (#19858)
  * networkd: Include linux/netdevice.h header
  * resolve: Use sockaddr pointer type for bind()
  * Add sys/stat.h for S_IFDIR
  * networkd-ipv4acd.c: Use net/if.h for getting IFF_LOOPBACK definition
  * include sys/file.h for LOCK_EX
  * test/test-sizeof: Include sys/timex.h for struct timex
  * include missing sys/file.h for LOCK_EX
  * shared/cred-util: Ensure TPM code is used with HAVE_TPM2 guards

  [ David C. Manuelda ]
  * boot: only link libgcc when compiler is gcc

  [ Javier Francisco ]
  * po: Translated using Weblate (Spanish)

  [ z z ]
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))

  [ victor-ok ]
  * test: converted unittest in src/test/test-mkdir.c to use new ASSERT_OK() macros and friends

  [ herbrechtsmeier ]
  * hostnamed: fix incorrect usage of device_dmi (#36948)

  [ wtmpx ]
  * man: coredump.conf template is not always installed in /etc

  [ msizanoen ]
  * Revert "core/service: when resetting PID also reset known flag"
  * login: Properly handle -EIO in session_leave_vt
  * journal: Don't write to journal files without the new boot ID update behavior guarantee
  * journal: Relax boot ID and monotonic clock consistency checks
  * sd-login: Fix sd_pidfd_* function signature parameter types
  * journald: reset runtime seqnum data when flushing to system journal
  * login: Continue watching leader pidfd after stop
  * login: Queue session for garbage collection on leader death
  * login: Continue watching leader pidfd after stop
  * login: Queue session for garbage collection on leader death
  * core/cgroup: Properly handle aborting a pending freeze operation

  [ Steve Ramage ]
  * man: restores ConditionVirtualization documentation (#14138)
  * Adds missing documentation for Assertions (#17825)
  * Documents the AssertCPUFeature= flag (#23594)
  * man: Add documentation for AssertCredential= (#25178)
  * man: create a new section for nspawn files in systemd.syntax man page (#25807)
  * Resolves #26142 - Fix list of supported personalities
  * man: add DefaultStartupMemoryLow= as term in term list
  * network: doc and code typo fixes (#36422)
  * core: DelegateNamespaces= does not depend on seccomp (#36580)
  * man: Add AssertVersion= to documentation (#36862)

  [ Andrea Pappacoda ]
  * docs: update autofs Kconfig name
  * po: fix "sistemd" typo in it.po
  * sd-boot: add initramfs hook
  * d/control: only conflict against opensysusers << 0.7.3-4.1~

  [ Erik Larsson ]
  * networkd: add support for externally managed vxlan devices
  * networkd: add support for setting vlan_tunnel on bridge ports

  [ Jose Ortuno ]
  * po: Translated using Weblate (Spanish)
  * po: Translated using Weblate (Spanish)

  [ Sonia Zorba ]
  * hwdb: fix backspace not working on HP Pavilion laptop (#36777)

  [ Y T ]
  * po: Translated using Weblate (Japanese)

  [ Jordan Petridis ]
  * meson: Check for lxml before generating indicies

  [ Andrii Chubatiuk ]
  * basic: expose compression level argument in compress_blob functions
  * journal-remote: added compression, compression-level and content-encoding negotiation
  * journal-remote: added custom headers support

  [ Michael Catanzaro ]
  * resolved.conf.in: add missing Quad9 servers
  * nss-systemd: pack pw_passwd result into supplied buffer
  * nss-systemd: ensure returned strings point into provided buffer
  * resolve: add warning comment to config file

  [ NetSysFire ]
  * systemd.exec(5): RestrictAddressFamilies: mention address_families(7)

  [ H A ]
  * po: Added translation using Weblate (Estonian)
  * po: Translated using Weblate (Estonian)
  * po: Translated using Weblate (Estonian)
  * po: Translated using Weblate (Estonian)
  * po: Translated using Weblate (Estonian)
  * po: Translated using Weblate (Estonian)

  [ Дамјан Георгиевски ]
  * portable: document /etc/machine-id and /etc/resolv.conf
  * docs: import password agents documentation
  * fix WikiWord not-links
  * docs: add some backticks and more formatting to PASSWORD_AGENTS.md (#15803)
  * bootctl: add @current/@oneshot/@default targets to set-default/set-oneshot
  * man: Rename duplicate Credentials section name
  * bootctl: optionally install .signed efi file
  * man: fix explanation for Credential= match in .link files
  * socket-proxyd: support Type=notify
  * add a github workflow action to make a release from tags
  * ci: add permissions to make a release
  * man: typo, it's DHCP not DCHP in DHCPPrefixDelegation=
  * fix: prefix of dmesg pstore files
  * vsock-mux ssh proxy
  * add vsock-mux/* in ssh config drop-in

  [ Thorsten Kukuk ]
  * sd-login: add sd_uid_get_login_time interface #26574
  * sd-login: document that result is in microseconds
  * sd-login: add SetTTY session object #26611
  * sd-login: add sd_session_get_leader interface
  * shared/wall: use logind if build without utmp support
  * sd-varlink: add sd_varlink_server_listen_name (#35697)
  * systemd-pull: support .asc and .sha256.* signature
  * import-pubring.gpg: add openSUSE build key
  * import-pubring.gpg: add openSUSE build key
  * sysupdate: fix features and vaccum if all features are disabled

  [ Aaron Rogers ]
  * cryptsetup: align tpm2-blob

  [ Dan McGregor ]
  * machine-id-setup: bhyve also provides a uuid
  * machine-id-setup: bhyve also provides a uuid

  [ Martin Wilck ]
  * udevd: wait for workers to finish when exiting
  * udevd: fix crash when workers time out after exit is signal caught
  * Revert "udevd: fix crash when workers time out after exit is signal caught"
  * udevd: don't use monitor after manager_exit()
  * test/udev-test.pl: allow multiple devices per test
  * test/udev-test.pl: create rules only once
  * test/udev-test.pl: allow concurrent additions and removals
  * test/udev-test.pl: use computed devnode name
  * test/udev-test.pl: test correctness of symlink targets
  * test/udev-test.pl: allow checking multiple symlinks
  * test/udev-test.pl: fix wrong test descriptions
  * test/udev-test.pl: last_rule is unsupported
  * test/udev-test.pl: Make some tests a little harder
  * test/udev-test.pl: remove bogus rules from magic subsys test
  * test/udev-test.pl: merge "space and var with space" tests
  * test/udev-test.pl: merge import parent tests into one
  * test/udev-test.pl: count "good" results
  * tests/udev-test.pl: add multiple device test
  * test/udev-test.pl: add repeat count
  * test/udev-test.pl: generator for large list of block devices
  * test/sd-script.py: new helper script for udev testing
  * test/udev-test.pl: suppress umount error message at startup
  * test/udev_test.pl: add "expected good" count
  * test/sys-script.py: add missing DEVNAME entries to uevents
  * sd-device: don't use BPF filtering for kernel monitors
  * udevadm: cleanup_dir: use dot_or_dot_dot()
  * udevadm: cleanup-db: don't delete information for kept db entries
  * core/device: device_coldplug(): don't set DEVICE_DEAD
  * units: modprobe@.service: don't unescape instance name
  * 99-systemd.rules: rework SYSTEMD_READY logic for device mapper
  * udev-builtin-path_id: SAS wide ports must have num_phys > 1
  * libfido2-util: accept cached pin in fido2_generate_hmac_hash()
  * libfido2-util: accept cached pin in fido2_generate_hmac_hash()

  [ Andreas Stührk ]
  * copy: Invoke hardlink context cleanup before restoring timestamps
  * copy: Invoke hardlink context cleanup before restoring timestamps

  [ Harrison Vanderbyl ]
  * hwdb: add rotation profile matrix for Rog Ally X (2024) (#36591)

  [ Chris Grant ]
  * hwdb: Add accel orientation quirk for the GPD Pocket 4

  [ Jaroslav Škarvada ]
  * hwdb: add GOLD WARRIOR SIM PhoenixRC 10411R
  * hwdb: add Code Mercenaries Hard- und Software GmbH Virtual RC USB

  [ Justinas Kairys ]
  * po: Translated using Weblate (Lithuanian)
  * po: Translated using Weblate (Lithuanian)

  [ Markus Kurz ]
  * udev_device_has_tag: fix typo

  [ Lin Jian ]
  * docs/CONTROL_GROUP_INTERFACE: fix typo
  * docs/CONTROL_GROUP_INTERFACE: fix typo

  [ Ahmad Fatoum ]
  * man: fix typo in systemd.watchdog_device kernel option
  * man: fix typo in systemd.watchdog_device kernel option

  [ Anthony Avina ]
  * Update footer.html to 2025
  * Update footer.html to 2025

  [ Louis Sautier ]
  * man/networkd.conf: add missing whitespace between words
  * man/networkd.conf: add missing whitespace between words

  [ KidGrimes ]
  * hwdb: add axis range corrections for the Lenovo Yoga Slim 7 14ARE05

  [ Pavithra Barithaya ]
  * timedated: Send error when time set is past build date time

  [ xinpeng wang ]
  * logind: fix abnormal switching causing the screen to go black
  * logind: save seat before applying acl

  [ Jan Macku ]
  * core: Hide "Deactivated successfully" message
  * core: Add new DBUS properties UnitsReloadStartTimestamp and UnitsLoadTimestampMontonic
  * core: Indicate the time when the manager started loading units the last time
  * github: Update issue templates to issue forms
  * github: Issue forms templates follow-up
  * github: Issue forms - fix GA `SHA1` ref
  * github: add more components to RFE issue template
  * ci(lint): add shell linter - Differential ShellCheck
  * ci: Drop `actions/setup-node` - unused
  * ci(issue-labeler): Add missing policy for `coredump` label
  * ci(issue-labeler): Update to `advanced-issue-labeler@v2`
  * issue-templates: Add note about updating labeling policy
  * ci(dev-freeze): Use GitHub Action for PR comments
  * doc: update link to systemd-rhel GitHub repo
  * doc: fix markdown-lint issues in `CONTRIBUTING.md`
  * doc: CentOS is EOL use CentOS stream
  * ci: Fix Development Freeze Automation
  * ci: fix missing quotes in `labeler.yml`
  * ci: remove `if: github.event.issue.pull_request` from `labeler.yml`
  * ci: Add names to steps in labeler workflow
  * ci(labeler): fix missing emoji in `quick-review` label
  * ci(labeler): fix missing emoji in `dont-merge` label
  * ci: trigger differential-shellcheck workflow on push
  * ci: limit permissions for `differential-shellcheck`
  * ci: don't run release wf on `systemd-security`
  * ci: drop checkout from release workflow
  * ci(lint): exclude `.in` files from ShellCheck lint
  * docs: update link to RHEL/CentOS Stream tracker
  * ci(labeler): add policy for `escape` labeler
  * ci(freezer): use GitHub Markdown magic for messages
  * ci(lint): exclude zsh completion from ShellCheck
  * fix(SC2148): add ShellCheck directive to bash completion scripts
  * ci(lint): temporarily disable ShellCheck for bash-completion
  * ci(labeler): add rule for `shell-completion` label
  * ci(metadata): remove `fetch-depth: 0` it's not needed anymore
  * ci(freezer): update metadata and development_freeze workflow
  * ci(freezer): update `devel-freezer` GHA to `v1.1.0`
  * shared/bus-util: add missing `set.h` include
  * github: bump versions in issue forms

  [ Marco Trevisan (Treviño) ]
  * man/org.freedesktop.systemd1.xml: Clarify the behavior of Subscribe()

  [ Emilio Sepulveda ]
  * po: Added translation using Weblate (Interlingua)
  * po: Added translation using Weblate (Interlingua)
  * po: Translated using Weblate (Interlingua)

  [ Volodymyr Shkriabets ]
  * hwdb.d: add ANP09 Intel n100 tablet sensor configuration (#36390)

  [ fishears ]
  * hwdb.d: add support for Akoya P15645

  [ Muhammad Nuzaihan Bin Kamal Luddin ]
  * resolve: add an option to explicitly disable query AAAA, SRV, MX, etc... (#34165)
  * resolve: clear previous assignments of RefuseRecordTypes= on reload

  [ Michael Olbrich ]
  * v4l_id: use device_caps if available
  * meson: declare version.h as dependency for systemd
  * basic: reorder UnitType enum
  * job: make the run queue order deterministic
  * pstore: fix use after free
  * Handle d_type == DT_UNKNOWN correctly
  * watchdog: fix watchdog_set_device() when the default watchdog device is used
  * shutdown: don't stop the watchdog
  * missing_sched: add CLONE_PIDFD
  * missing_sched: add CLONE_PIDFD

  [ Paul Fertser ]
  * socket: resolve unit specifiers in BindToDevice

  [ Anthony Messina ]
  * nspawn: add @keyring to default syscall allow_list

  [ Alexander Shopov ]
  * Update Bulgarian translation
  * Move message repeat
  * po: Translated using Weblate (Bulgarian)
  * Update Bulgarian translation
  * po: Translated using Weblate (Bulgarian)

  [ Jan Kalabza ]
  * po: Translated using Weblate (Czech)

  [ Enrico Tagliavini ]
  * hwdb: add accel orientation and location for the BMAX Y14

  [ Matthew Schwartz ]
  * hwdb: add front button support for MSI Claw 7 AI+ A2VM

  [ Vyacheslav Yurkov ]
  * meson: add install tag for systemctl
  * meson: Skip getent when it's not found
  * meson: add install tag for systemctl
  * meson: Skip getent when it's not found

  [ Fabian Möller ]
  * resolved: fix DNSSEC `missing-key` error
  * resolved: fix DNSSEC `missing-key` error

  [ Matthieu LAURENT ]
  * homectl: fix typo in help text
  * homectl: fix typo in man page
  * homectl: fix typo in help text
  * homectl: fix typo in man page

  [ Andrew Sayers ]
  * Fix a typo in the org.freedesktop.systemd1 man page
  * Make RestartPreventExitStatus= documentation resemble SuccessExitStatus=
  * Clarify that Conflicts= only applies when starting units
  * Reduce priority of "cleared HibernateLocation" message
  * Fix tense in SD_MESSAGE_SHUTDOWN_STR
  * Fix tense in SD_MESSAGE_SHUTDOWN_STR

  [ Devilish Spirits ]
  * Fix inversion of timesyncd_usec/epoch_usec variables in clock-warp.c
  * Fix inversion of timesyncd_usec/epoch_usec variables in clock-warp.c

  [ Alex Xu (Hello71) ]
  * meson: generate keyboard-keys-list from local input.h
  * meson: generate keyboard-keys-list from local input.h

  [ AndreFerreiraMsc ]
  * man: Update nss-myhostname.xml to reflect files
  * man: Update nss-myhostname.xml to reflect files

  [ Adam Williamson ]
  * kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT
  * kbd-model-map: add a mapping for switched czech qwerty/us
  * kbd-model-map: correct variants for cz-qwerty to include comma
  * find_legacy_keymap: fix empty variant matching
  * find_legacy_keymap: try matching with layout order reversed
  * keyboard-model-map: correct sk-qwerty entry
  * find_legacy_keymap: extend variant match bonus again
  * kbd-model-map: add a georgian mapping
  * kbd-model-map: add a georgian mapping

  [ Daniil ]
  * hwdb: XBox Series Elite controller modalias entry has been added. (#36305)

  [ tim tom ]
  * po: Added translation using Weblate (Kannada)

  [ Trollimpo ]
  * hwdb: fix screen rotation for EXO Wings 2in1 w1125 (#36283)

  [ andhe ]
  * man: systemd-repart: factory=reset typo

  [ Ani Sinha ]
  * measure: add 'dtbauto' option in help message
  * Use device3.xml for testing chid_match
  * hwids: add a new uefi firmware type of device entry
  * chid_match: match only against the provided device type
  * uki: introduce support for a .efifw section

  [ Jonas Gorski ]
  * network: bridge: add support for NO_LL_LEARN
  * network: bridge: add support for IFLA_BRPORT_LOCKED
  * network: bridge: add support for IFLA_BRPORT_MAB

  [ ver4a ]
  * Fix typo

  [ wrvsrx ]
  * efivars: deal with uncommitted efi variables
  * efivars: deal with uncommitted efi variables

  [ 16mc1r ]
  * Adds asus T103HAF rotation matrix to 60-sensor.hwdb (#36177)

  [ Ivan Trubach ]
  * man: insert missing varname tag

  [ honjow ]
  * hwdb: add MSI Claw 8 AT Keyboard Scancodes (#36180)

  [ Gavin Li ]
  * basic: move JobMode from core
  * run: add --job-mode= argument

  [ Tommi Rantala ]
  * update-utmp: fix assertion failure if rescue.target, multi-user.target and graphical.target are all inactive
  * resolved: empty "ipv4hint" and "ipv6hint" SvcParams are invalid

  [ Hendrik Wolff ]
  * man/systemd.special: Add suspend-then-hibernate.target to sleep.target documentation

  [ Duncan Overbruck ]
  * shell-completions: add systemctl sleep

  [ hanjinpeng ]
  * man: mention that ExecCondition= in COMMAND LINES section for systemd.service
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: update and correction translation (Chinese (Traditional) (zh_TW))
  * log: check isempty for object_field and extra_field

  [ jane400 ]
  * curl-util: use curl_getdate instead of implementing http spec

  [ Jeremy Linton ]
  * acpi-fpdt: Use kernel fpdt parsing
  * confidential-virt: add detection for aarch64 CCA

  [ Silvio Knizek ]
  * docs: fix markup (#35995)

  [ Sea-Eun Lee ]
  * oomd: support reloading configuration at runtime

  [ Aman Verma ]
  * update-done: remove spurious trailing whitespace from MESSAGE.

  [ Philipp Kern ]
  * sd-dhcp6-lease: ignore invalid byte(s) at the end of the packet
  * Update README.source in the signing-template

  [ Eaterminer ]
  * homectl: fix minor spelling mistake (#35963)

  [ Pontus Lundkvist ]
  * Remove no longer needed login-options override. Fixes agetty autologin.

  [ Jacob McNamee ]
  * stdio-bridge: fix polled fds
  * stdio-bridge: fix polled fds

  [ Tobias Klauser ]
  * man: remove duplicate in list of variables ignored by Anonymize
  * mailmap: fix entries for Tobias Klauser
  * profile.d: don't bail if $SHELL_* variables are unset
  * profile.d: don't bail if $SHELL_* variables are unset
  * resolve: fix typo in DNS_EDE_RCODE_PROHIBITIED constant name

  [ Arnaudv6 ]
  * hwdb: WALTOP International Corp. Slim Tablet Stylus

  [ Chris Hofstaedtler ]
  * autopkgtest: install open-iscsi and tgt for upstream suite
  * test: fix iscsi TEST-64-UDEV-STORAGE on Debian
  * analyze: fix URLs to DeviceAllow=, IPAddressDeny=

  [ Tim Crawford ]
  * hwdb: Add micmute for System76
  * hwdb: Add newer System76 Pangolins

  [ Noel Georgi ]
  * fix: sd-measure `dtbauto` and `hwdids` arg parsing

  [ Chris Mayo ]
  * hwdb: Add macro keys for HP 430 Programmable Wireless Keypad

  [ Michael Limiero ]
  * Correct ACCEL_MOUNT_MATRIX for Chuwi Hi10 Max

  [ richfifeg ]
  * 60-sensor.hwdb: Loosen model mask to include entire series

  [ Ettore Atalan ]
  * po: Translated using Weblate (German)
  * po: Translated using Weblate (German)
  * po: Translated using Weblate (German)
  * po: Translated using Weblate (German)
  * po: Translated using Weblate (German)
  * po: Translated using Weblate (German)

  [ Alexander Krabler ]
  * man: Extend journalctl color information
  * docs: Clarify requirement

  [ Salvatore Cocuzza ]
  * po: Translated using Weblate (Italian)

  [ Joey Holtzman ]
  * shell-completion: add bash completion for userdbctl (#35720)

  [ Matthias Lisin ]
  * tools: adjust re.match to recent gpt.h additions
  * docs: swap Name and Partition Type UUID in header
  * docs: fix typo XBOOOTLDR -> XBOOTLDR
  * docs: fix keys in wrong section
  * man: fix minor issues
  * tmpfiles: use common macro for a set of specifiers
  * man: Add %q specifier to repart.d, sysusers.d
  * man: fix args order for udevadm info cmd
  * man/sysupdate.d: fix wrong PathRelativeTo value
  * sysupdate: fix args order of formatted error
  * man/sysupdate.features: fix typos

  [ Thomas Hebb ]
  * network: don't forget old RAs when a new one arrives
  * ukify: Fix regression in --no-sign-kernel flag
  * ukify: Fix regression in --no-sign-kernel flag

  [ Morten Hauke Solvang ]
  * resolved: if one transaction completes, expect other transactions within candidate to succeed quickly
  * resolved: if one transaction completes, expect other transactions within candidate to succeed quickly

  [ Florian Schmaus ]
  * cgroup: add support for memory.peak
  * core: include peak memory in unit_log_resources()
  * run: include peak memory in output
  * core: fix array size in unit_log_resources()
  * cgroup: add support for memory.swap.peak
  * cgroup: de-duplicate uni_get_memory_* code
  * cgroup: add support for memory.swap.current
  * cgroup: add support for memory.zswap.current
  * systemctl-show: merge subsequent swap printf() blocks
  * systemctl-show: only show available memory if it was artifically limited
  * NEWS: fix typo s/show/shown/
  * core/exec-invoke: use sched_setattr instead of sched_setscheduler
  * logind: let system-wide idle begin at the time logind was initialized
  * logind: let system-wide idle begin at the time logind was initialized

  [ Balint Reczey ]
  * virt: detect WSL environment as a container (id: wsl)
  * Move verify_vc_kbmode() to terminal-util.c as vt_verify_kbmode()
  * Add check to switch VTs only between K_XLATE or K_UNICODE
  * New upstream version 243~rc1
  * d/e/checkout-upstream: UPSTREAM_REPO can override default systemd repo
  * debian/extra/checkout-upstream: rebase only PRs on upstream master
  * d/e/checkout-upstream: Add KEEP_DEBIAN_PATCHES option to keep patches
  * d/e/checkout-upstream: Keep all autopkgtests when KEEP_DEBIAN_TESTS is set
  * debian/extra/checkout-upstream: Use dots when deriving version from upstream
  * test-execute: Filter /dev/.lxc in exec-dynamicuser-statedir.service
  * test: Pass personality test even when i686 userland runs on x86_64 kernel
  * Use package version as systemd's reported version
  * debian/watch: Switch to watch tags at github.com/systemd/systemd-stable
  * Remove empty /var/log/journal/ on purge
  * pstore: Don't start systemd-pstore.service in containers
  * New upstream version 245
  * Update upstream source from tag 'upstream/245'
  * Refresh patches
  * Update changelog
  * Update symbols
  * units: Don't mount tracefs in LXC
  * user-util: Allow names starting with a digit
  * Ship systemd-timesyncd in a separate package
  * shared: Don't try calling NULL callback in bus_wait_for_units_clear
  * test: Skip test-boot-timestamps on permission denied
  * debian/tests/boot-and-services: Handle missing fstab
  * dhclient-exit-hooks.d/timesyncd: Act only when systemd-timesyncd is available
  * debian/systemd.postinst: Restart systemd-networkd.socket on incompatible change
  * debian/tests/timedated: Wait for the killed child only
  * debian/udev.NEWS: Mention udev rules changes in 247
  * New upstream version 248
  * Update upstream source from tag 'upstream/248'
  * New upstream version 248
  * Refresh patches
  * debian/rules: Enable new systemd-sysext tool
  * debian/rules: Build support for flushing of the nscd caches
  * debian/rules: Build translations for debs but not for udebs
  * debian/rules: Build without TPM2 support
  * Ship systemd-cryptenroll in systemd package
  * Update symbols file for libsystemd0
  * debian/tests/control: Upstream test depends on attr
  * debian/udev.postinst: Create the sgx system group
  * debian/rules: Don't ship README files in (/usr)/lib/*.d
  * Revert "pager: stop disabling urlification under a pager"
  * test: Allow running only a subset of integration tests by setting SELECTED_TESTS
  * debian/rules: Don't ship README files in (/usr)/lib/*.d
  * debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown

  [ Federico Giovanardi ]
  * test: fix generate-sym-test using the wrong array
  * style: Fix formatting
  * udev: add option to trigger parent devices despite filters

  [ persmule ]
  * hwdb: add scancodes for HP Elitebook 2170p runnning coreboot

  [ David Härdeman ]
  * logind: allow wall messages to be controlled via config file

  [ Soumyadeep Ghosh ]
  * hwdb: move down touchpad toggle section from generic to product specific

  [ Carlo Teubner ]
  * man/systemctl.xml: fix missing "not"
  * docs: use current spelling "macOS" not "OS X" etc.
  * man/systemd-dissect.xml: fix trivial error
  * NEWS: fix typo
  * man/capsule@.service.xml: fix typo
  * systemd-cryptenroll.xml: fix typo
  * systemd-cryptenroll.xml: fix typo

  [ andrejpodzimek ]
  * Fixing VLAN ranges in man systemd.network.
  * Fixing VLAN ranges in man systemd.network.

  [ Katariina Lounento ]
  * man: document unprivileged is not for reading properties
  * man: document unprivileged is not for reading properties

  [ Ryan Wilson ]
  * analyze: add test for verify exit status with warnings
  * busctl: Support file descriptors in busctl
  * Add ExtraFileDescriptor property to StartTransientUnit dbus API
  * Add integration test for ExtraFileDescriptors after daemon-reexec
  * oomd: Refactor DefaultMemoryPressureDurationSec= to use conf parser
  * cgroup: Add ManagedOOMMemoryPressureDurationSec= override setting for units
  * Reformat load-fragment-gperf.gperf.in
  * core/execute: Rename error_path -> reterr_path/ret_path per coding guidelines
  * core: Add RootDirectory= path to error message if directory does not exist
  * core: Refactor ProtectControlGroups= to use enum vs bool
  * cgroup: Add support for ProtectControlGroups= private and strict
  * Fix PrivatePIDs=yes integration test for kernels with no /proc/scsi
  * core: Add PrivateUsers=full
  * core: Migrate ProtectHostname to use enum vs boolean
  * core: Add ProtectHostname=private
  * core: Fix time namespace in RestrictNamespaces=
  * core: Set /proc/pid/setgroups to allow for PrivateUsers=full

  [ Aurelien Jarno ]
  * seccomp: add support for riscv64
  * udev: install dmi_memory_id and its rules on riscv64

  [ Samuel Dionne-Riel ]
  * boot: Fix typo in looking_for_dtbauto

  [ davjav ]
  * Add credential support for mount units
  * test: mount unit with credential

  [ Greg Heartsfield ]
  * hwdb: Add Chuwi MiniBook X trackpad fuzz

  [ Tristan F.-R. ]
  * docs/MEMORY_PRESSURE: fix typo

  [ Andreas Schwab ]
  * dmi: add RISC-V 64bit support

  [ Geraldo S. Simião Kutz ]
  * po: Translated using Weblate (Portuguese (Brazil))

  [ Excited-bore ]
  * Bash completion: no more ANSI colorcode in pathnames

  [ Yuri Chornoivan ]
  * Update Ukrainian translation
  *  po: update Ukrainian translation (#13329)
  * l10n: update Ukrainian translation
  * po: update Ukrainian translation (#15228)
  * all: fix minor typos
  * Translated using Weblate (Ukrainian)
  * Translated using Weblate (Ukrainian)
  * po: Translated using Weblate (Ukrainian)
  * po: Translated using Weblate (Ukrainian)
  * po: Translated using Weblate (Ukrainian)
  * po: Translated using Weblate (Ukrainian)
  * po: Translated using Weblate (Ukrainian)
  * po: Translated using Weblate (Ukrainian)
  * po: Translated using Weblate (Ukrainian)
  * po: Translated using Weblate (Ukrainian)
  * po: Translated using Weblate (Ukrainian)

  [ SuhailAhmedVelorum ]
  * Typo fix in man/systemd.resource-control

  [ gerblesh ]
  * sysext: set SELinux context for hierarchies and workdir

  [ Winterhuman ]
  * Correct journal misspell
  * Improve IgnoreSIGPIPE description
  * journalctl: update help to say "priority range" (#32323)
  * man/systemd-system.conf: Correct "struct" to "strict" (#35364)

  [ Ben Hutchings ]
  * sysctl: Add file trigger on /usr/lib/sysctl.d to restart systemd-sysctl

  [ Vito Caputo ]
  * journal-file: delete some unnecessary braces
  * swap: check p->what for NULL
  * home: narrow scope of 'size_t n'
  * home: fix several typos
  * fileio: introduce take_fdopen{_unlocked}() variant
  * *: convert amenable fdopen calls to take_fdopen
  * fileio: add take_fdopendir() variant
  * *: convert amenable fdopendir() calls to take_fdopendir()
  * *: use _cleanup_close_ with fdopen() where trivial
  * *: use _cleanup_close_ with fdopendir() where trivial
  * sd-bus: add va_list variants of variadic convenience functions
  * bus: introduce some sd-bus convenience helpers
  * bus: s/BusAddress/BusLocator/
  * bus: add sd_bus_message_new_method_call() helper
  * home: switch to BusLocator-oriented helpers
  * bus: introduce bus-locator.[ch]
  * home: switch to shared bus_home_mgr
  * analyze: switch to BusLocator-oriented helpers
  * locale: switch to BusLocator-oriented helpers
  * login: switch to BusLocator-oriented helpers
  * machine: switch to BusLocator-oriented helpers
  * mount: switch to BusLocator-oriented helpers
  * network: switch to BusLocator-oriented helpers
  * nspawn: switch to BusLocator-oriented helpers
  * nss-mymachines: switch to BusLocator-oriented helpers
  * nss-resolve: switch to BusLocator-oriented helpers
  * portable: switch to BusLocator-oriented helpers
  * resolve: switch to BusLocator-oriented helpers
  * run: switch to BusLocator-oriented helpers
  * systemctl: switch to BusLocator-oriented helpers
  * timedate: switch to BusLocator-oriented helpers
  * Merge pull request #15681 from vcaputo/buslocator
  * network: tc: fix n_prio bounds check
  * sd-journal: narrow scope of boot id variable
  * JOURNAL_FILE_FORMAT: fixup typos and punctuation
  * sd-event: fix delays assert brain-o (#17790)
  * mmap-cache: replace stats accessors with log func
  * mmap-cache: separate context and window list cache hit accounting
  * mmap-cache: bind prot(ection) to MMapFileDescriptor
  * mmap-cache: drop ret_size from mmap_cache_get()
  * journal-file: fix archiving offline journals
  * logs-show: move show_journal_by_unit _BOOT_ID match
  * journal-file: truncate archived journals
  * sd-journal: move payload hashing to helper function
  * sd-journal: verify field object hashes
  * sd-journal: use FILE streams to buffer write_uint64()
  * mmap-cache: simplify API around MMapFileDescriptor
  * mmap-cache: s/mmap_cache/mmap_cache_fd_/ where apropos
  * mmap-cache: LIST_REMOVE() *after* w->unused_prev
  * mmap-cache: embed MMapCache.contexts[]
  * mmap-cache: ref/unref MMapCache in fd add/free
  * mmap-cache: add MMapFileDescriptor.cache accessor
  * journal: stop using JournalFile.mmap everywhere
  * journal-file: goodbye JournalFile.mmap
  * mmap-cache: add MMapCache trivial cleanup helpers
  * journal-file: require MMapCache* for journal_file_open()
  * man: fix grammatical error in --cursor-file description
  * manager: perform objective->shutdown_verb mapping locally
  * doc: some trivial cleanups to MEMORY_PRESSURE.md
  * man: add note about journald forwarding being sync
  * man: fix typo s/veno/reno/
  * mmap-cache: enforce an unused windows minimum
  * mmap-cache: add some stats about files/windows/unused
  * NEWS: add blurb thanking Nick Owens

  [ 白一百 ]
  * hwdb: add entry for Chuwi Hi10 X1 (#35331)

  [ Marco Tomaschett ]
  * hwdb: add support for PineTab2 to 60-sensor.hwdb (#35304)

  [ Tobias Zimmermann ]
  * hwdb: Add quirk for Logitech MX Keys for Mac

  [ Jiri Grönroos ]
  * po: Translated using Weblate (Finnish)

  [ Dmytro Markevych ]
  * po: Translated using Weblate (Ukrainian)

  [ Xuanjun Wen ]
  * hwdb: add new Cube Mix Plus (i18D) rotation info

  [ Yaron Shahrabani ]
  * po: Translated using Weblate (Hebrew)
  * po: Translated using Weblate (Hebrew)
  * po: Translated using Weblate (Hebrew)
  * po: Translated using Weblate (Hebrew)

  [ Michał Górny ]
  * nspawn: Include arm_fadvise64_64 in syscall allow_list

  [ andre4ik3 ]
  * boot/stub: allocate pages for combined initrds below 4GiB only on x86 (#35149)

  [ Davide Cavalca ]
  * fs-util: add missing linux/falloc.h include
  * man: clarify whitespace handling in systemd.syntax
  * test: do not assume test-chown-rec is running as root
  * meson: scope more git invocations with current_source_dir()
  * core: fix build failure if seccomp is disabled
  * man: do not install sd-boot man pages when -Dgnu-efi=false is set
  * hwdb: add new database file for PDA devices
  * hwdb: add HP calculators
  * hwdb: add more AV controllers
  * mkosi: Install tpm2-tss-devel to tools for CentOS and Fedora instead of tss2-devel
  * mkosi: ruff is not available on all distros

  [ Maanya Goenka ]
  * systemd-analyze: validate root argument
  * systemd-analyze: add --root option for 'verify' verb and allow path parsing
  * systemd-analyze: support discrete images for 'verify' verb
  * path-util: teach find_executable_full how to look into the root directory
  * systemd-analyze: add root to find and verify executable
  * systemd-analyze: parse ip_filters_custom_egress correctly
  * manager: use FLAGS_SET when checking for MANAGER_TEST_RUN_MINIMAL
  * manager: add a test flag to ignore dependencies
  * systemd-analyze: option to exit with an error when 'verify' fails
  * set: modify the previously incorrect definition of set_copy and add test for it
  * systemd-analyze: refactor security_info to make use of existing struct variables
  * systemd-analyze: 'security' option to perform offline reviews of the specified unit file(s)
  * systemd-analyze: add new 'security' option to compare unit's overall exposure level with
  * systemd-analyze: add new 'security' option to allow user to choose custom requirements
  * systemd-analyze: allow parsing of JSON file to obtain custom security requirements for comparison
  * test: add integration tests for systemd-analyze
  * systemd-analyze: add new option to generate JSON output of security analysis table
  * sysext: change the table lookup string to be more verbose
  * confext: add dissect tool support for confext images
  * confext: test image wide systemd support for confext
  * add an @ option for confext
  * allow ExtensionImages= and ExtensionDirectories= settings to support confext images
  * test: add test for confext service-scoped support
  * documentation: add man page data for confext
  * fix: do not check/verify slice units if recursive errors are to be ignored
  * portable: add support for confext
  * preset: enable confext and sysext by default (#31211)
  * src/sysext: Use versioned names when logging extensions used for merge operation
  * TODO: Fix typo (#35138)

  [ Štěpán Němec ]
  * docs/CGROUP_DELEGATION: fix some typos
  * docs/CODING_STYLE: fix some typos
  * zsh/_journalctl: complete -g, --case-sensitive, 'help' (pseudo-)facility
  * man, shell-completion: fix a few typos/language issues
  * tmpfiles.d: avoid deprecated, undocumented syntax (s/F/f+/)
  * man: fix incorrect volume numbers in internal man page references
  * man/systemd.special: fix a typo

  [ Gabriel Elyas ]
  * po: Translated using Weblate (Portuguese (Brazil))
  * po: Translated using Weblate (Portuguese (Brazil))

  [ 12paper ]
  * login: fix session_kill(..., KILL_LEADER,...) (#35105)

  [ Lidong Zhong ]
  * udev: rename the persistent link for ATA devices
  * shutdown: release the watchdog finally
  * udev: skipping empty udev rules file while collecting the stats

  [ Vursc ]
  * hwdb: fix broken numpad paren keys on Lenovo Thinkbook 16 G6+ 2024

  [ Anselm Schueler ]
  * po: Translated using Weblate (German)

  [ Michele Dionisio ]
  * networkd: add possibility to specify MulticastIGMPVersion

  [ Diogo Ivo ]
  * boot: add matching against FW-provided Devicetree blob

  [ Łukasz Stelmach ]
  * udev: split attribute assignment for MMC cards
  * core: Fix memory leaks
  * smack: Add DefaultSmackProcessLabel to user.conf and system.conf
  * core: drop ambient capabilities in user manager
  * man: clarify applicability of IPv6AcceptRA option
  * Fix _do_log conditions in log_exec_* macros
  * core: drop ambient capabilities in systemd-executor
  * Revert "execute: Call capability_ambient_set_apply even if ambient set is 0"
  * core: don't forget about fallback_smack_process_label
  * core: make mount(8) and swapon(8) inherit SMACK label from systemd

  [ Michal Sekletár ]
  * cryptsetup: reduce the chance that we will be OOM killed
  * sd-journal: close journal files that were deleted by journald before we've setup inotify watch
  * shared: split out NUMA code from cpu-set-util.c to numa-util.c
  * core: add support for setting CPUAffinity= to special "numa" value
  * sd-journal: remove the dead code and actually fix #14695
  * device: make sure we emit PropertiesChanged signal once we set sysfs
  * device: don't emit PropetiesChanged needlessly
  * selinux: do preprocessor check only in selinux-access.c
  * basic/cgroup-util: introduce cg_get_keyed_attribute_full()
  * core: introduce support for cgroup freezer
  * test: add test for cgroup v2 freezer support
  * udev: make signal that we use to kill workers on timeout configurable
  * test: add integration test for udev event timeout
  * tests: sleep a bit and give kernel time to perform the action after manual freeze/thaw
  * core: fix the return value in order to make sure we don't dipatch method return too early
  * core: introduce support for setting NUMAMask= to special "all" value
  * cgroup: freezer action must be NOP when cgroup v2 freezer is not available
  * cryptsetup: generate the unit to umount keydev filesystem
  * udev/net_id: parse _SUN ACPI index as a signed integer
  * udev/net_id: don't generate slot based names if multiple devices might claim the same slot
  * sd-event: split out helper functions for reshuffling prioqs
  * basic/stat-util: make mtime check stricter and use entire timestamp
  * udev: make algorithm that selects highest priority devlink less susceptible to race conditions
  * test: add ratelimiting test
  * core: prevent excessive /proc/self/mountinfo parsing
  * udev: add basic set of user-space defined tracepoints (USDT)
  * coredump: return correct error variable

  [ hugo303 ]
  * analyze: Add times in seconds for Activating and Activated in tooltip

  [ David Michael ]
  * fs-util: exempt root prefix directories from UID checks
  * tmpfiles: pass arg_root to chase_symlinks as the root prefix
  * TEST-22: add test for unprivileged dirs in root prefixes
  * test-fs-util: test chase_symlinks with user-owned dirs
  * shared/install: Preserve escape characters for escaped unit names
  * sysusers: support creating users with a specific primary group
  * socket: support setting ownership of message queues

  [ Zhou Qiankang ]
  * meson: add loongarch64's definition to cpu_arch_defines

  [ Sascha Mester ]
  * hwdb: add Stream Deck Neo (#34903)

  [ Integral ]
  * refactor: replace sizeof in loop with ELEMENTSOF & FOREACH_ELEMENT (#34863)
  * tree-wide: replace for loop with FOREACH_ELEMENT or FOREACH_ARRAY macros (#34893)

  [ Anders Jonsson ]
  * po: Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)

  [ xujing ]
  * core: fix free undefined pointer when strdup failed in the first loop
  * pid1: add env var to override default mount rate limit interval

  [ Benjamin Drung ]
  * Fix shellcheck issues in initramfs-tools scripts
  * initramfs-tools: support missing /etc/udev/udev.conf

  [ Bryan Gurney ]
  * Pin obsolete NVMe symlinks to namespace 1
  * TEST-64-UDEV-STORAGE: remove obsolete NVMe symlink for nvme_subsystem
  * TEST-64-UDEV-STORAGE: test for absence of obsolete NVMe symlink

  [ John A. Leuenhagen ]
  * run: fix bug causing run0 to ignore `-D /`.
  * TEST-74-AUX-UTILS: add tests for 'run0 -D'

  [ Gaël PORTAY ]
  * docs: fix the link to boot loader specification
  * man: fix path reference to unit file
  * veritysetup: add support for dm-verity options
  * veritysetup-generator: add support for verity root options
  * veritysetup-generator: add support for veritytab
  * veritysetup: remove unused globals
  * man/systemd-veritysetup-generator: fix trailing space
  * veritysetup: fix typo (#22886)
  * man: update root-hash-signature option with value
  * veritysetup: add support for hash-offset option
  * veritysetup: add support for superblock and underlying options
  * veritysetup: add support for fec options
  * path-util: fix typo in comment
  * docs: add a missing : character

  [ Michiel ]
  * Fix some typos in socket-util.h

  [ Arthur Shau ]
  * run: change sd_bus_call_method to bus_call_method (#27518)
  * varlink: Add new varlink_collect method
  * timer: introduce DeferReactivation setting

  [ Uday Shankar ]
  * udev: allow persistent storage rules for ublk devices

  [ Darsey Litzenberger ]
  * udev: add flag to allow disabling blkid probing
  * network/dhcp4: add support for ARPHRD_RAWIP and ARPHRD_NONE network interface types

  [ Tobias Fleig ]
  * stub: Add support for .ucode UKI section
  * measure: Add .ucode UKI section support
  * ukify: Add support for .ucode UKI section
  * stub: Add support for .ucode EFI addons
  * stub: Add support for .initrd addon files

  [ WilliButz ]
  * repart: derive hash partition size from SizeMaxBytes= of data sibling
  * test/repart: add test case for hash size derived from max data size

  [ Renjaya Raga Zenta ]
  * udevd: Add ReceivePacketSteeringCPUMask for systemd.link
  * test-network: Add test for rps_cpu_mask option
  * core/dbus: pass transient unit name metadata to polkit

  [ Chen Guanqiao ]
  * mount: optimize mountinfo traversal by decoupling device discovery

  [ David Joaquín Shourabi Porcel ]
  * man: `systemd-nspawn(1)`: Fix some typos
  * man: `machinectl(1)`: Fix description of subcommand `poweroff`

  [ Joshua Grisham ]
  * hwdb: add SCAI SKU prefix for Samsung keyboard mapping (#34648)

  [ Benjamin ROBIN ]
  * shutdown: In sync_with_progress(), log first then send SIGKILL

  [ Daniel Martinez ]
  * Use case insensitive comparison for the machine's architechture

  [ Marcel Hellwig ]
  * fix signature of sd_journal_print_with_location in docs
  * Update sd_bus_message_append_array.xml

  [ Daniel Dawson ]
  * systemd-integritysetup: accept integrity-algorithm=xxhash64

  [ Mickaël Salaün ]
  * seccomp-util: include @sandbox in @default

  [ Simon Pilkington ]
  * creds: fix cat with encrypted credentials
  * NEWS: Document change to systemd-creds 'cat' verb

  [ Fábio Rodrigues Ribeiro ]
  * po: Translated using Weblate (Portuguese (Brazil))

  [ Ivan Shapovalov ]
  * basic/log: fix SYSTEMD_LOG_* parsing error messages
  * cryptsetup: set libcryptsetup global log callback too
  * cryptsetup: enable libcryptsetup debug logging if we want it
  * growfs: call crypt_set_debug_level() correctly, skip if not needed
  * machine-pool: simplify return values from setup_machine_directory()
  * import: wire up SYSTEMD_IMPORT_BTRFS_{SUBVOL,QUOTA} to importd
  * shell-completion/zsh: improve and expand machinectl completion
  * shell-completion/zsh: complete hidden images when word starts with "."
  * hostname-setup: read hostname from system.hostname credential
  * nspawn: permit --ephemeral with --link-journal=try-* (treat as =no)
  * analyze: capability: cosmetic, fix error message spelling
  * analyze: capability: add support for decoding capability masks
  * Revert "network/ndisc: ignore most fields of RA header when lifetime is zero"
  * core/exec-invoke: call setpriority() after sched_setattr()
  * core/exec-invoke: document calling setpriority() after sched_setattr()
  * systemctl: cat: do not exit(1) on missing units if `--force`
  * core/cgroup: drop `allow_cache` parameter in `unit_get_io_accounting()`
  * core/cgroup: cache IO accounting data when pruning a cgroup

  [ JoseskVolpe ]
  * hwdb: add keymaps for Acer Nitro 5 AN515-47 (#34493)

  [ Marius Hoch ]
  * hwdb: Add accel orientation quirk for the IdeaPad Duet 3 10IGL5-LTE

  [ chenjiayi ]
  * udev: distinguish host-managed zoned block in scsi_id
  * systemd: rewatch pids under cgroup v1 when sigchld of processes more than main pid and control pid is captured

  [ Jason Yundt ]
  * man: document ShowStatus and SetShowStatus()

  [ PavlNekrasov ]
  * Use correct error code in log message in pkcs11_token_find_x509_certificate (#34187)
  * Use correct error code in log message in output_waiting_jobs (#34404)

  [ Celeste Liu ]
  * seccomp: add riscv_flush_icache to allow list
  * hwdb: add Kensington SlimBlade Pro trackball (Bluetooth mode)

  [ Matthieu CHARETTE ]
  * Add HUAWEI MateBook D 15 AMD ACCEL properties

  [ Gregory Arenius ]
  * Add ACCEL_MOUNT_MATRIX for Chuwi Hi10 Max.

  [ Filip Lewiński ]
  *  hwdb.d/60-keyboard.hwdb: add Clevo mic mute quirk for V5x dGPU
  *  hwdb.d/60-keyboard.hwdb: add Clevo mic mute quirk for V5x iGPU, NV41PZ

  [ Karel Zak ]
  * systemd-mount: don't check for non-normalized WHAT for network FS
  * udev-builtin-blkid: add VOLUME_ID, LOGICAL_VOLUME_ID, VOLUME_SET_ID and DATA_PREPARER_ID
  * udev-builtin-blkid: add support for --hint offsets
  * udev: allow persistent storage rules for zram devices

  [ sinus-x ]
  * man: Correct flag description of systemd-cat

  [ Skye Chappelle ]
  * Change OS X to macOS in BOOT.md (#34358)

  [ Tomas Bzatek ]
  * udev/ata_id: export read look-ahead values

  [ Yanqing Jing ]
  * update keyboard hwdb to add acer Predator PHN16-72

  [ samuelvw01 ]
  * Update _udevadm
  * Fix typo in escape.c

  [ Erik Sjölund ]
  * docs: fix typos and improve language
  * man: fix typos
  * TODO: fix typo

  [ marginaldev ]
  * Fix grammar in udevadm settle timeout message

  [ Luke T. Shumaker ]
  * nspawn: fix the comment about which namespaces outer_child is in
  * nspawn: convert copy_devnodes():devnodes from nulstr to strv
  * test: add a testcase for unprivileged nspawn
  * nspawn: re-flow comments that are wrapped weird
  * nspawn: register_machine() and allocate_scope() bools to flags
  * nspawn: enable FUSE in containers

  [ Takeo Kondo ]
  * man: CAP_SYS_ADMIN does NOT grant any permission for dbus API

  [ Etienne Cordonnier ]
  * coredump: set ProtectHome to read-only

  [ Peter Rajnoha ]
  * udev: allow persistent storage rules for rbd devices

  [ Simon Chopin ]
  * Filter out zdev rules in the initramfs hook (LP: #2044104)

  [ Göran Uddeborg ]
  * Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)
  * po: Translated using Weblate (Swedish)

  [ Etienne Champetier ]
  * udev-builtin-net_id: use firmware_node/sun for ID_NET_NAME_SLOT
  * udev-builtin-net_id: ignore firmware_node/sun == 0

  [ Alyssa Ross ]
  * load-fragment: fix grammar in error messages
  * udev: make /dev/vfio/vfio 0666
  * docs: fix descriptions in discoverable partitions
  * bootctl: don't load etc/machine-info from cwd

  [ Tom Coldrick ]
  * sysupdate: Use FOREACH_ARRAY where possible
  * sysupdate: Add integration test for updatectl updates

  [ Kornilios Kourtis ]
  * process-util: handle pidfd_spawn() returning E2BIG

  [ rindeal ]
  * kernel-install: discard comments in cmdline files

  [ bryango ]
  * shell-completion: zsh: fix incorrect unescaping

  [ Matthias Schiffer ]
  * rules: add mtd/by-name symlinks
  * udev-builtin-net_id: add NAMING_DEVICETREE_PORT_ALIASES to check of_node of netdevs before their parents

  [ Chengen Du ]
  * udev: Handle PTP device symlink properly on udev action 'change'

  [ Thorsten Scherer ]
  * repart: Fix misleading typo in GPT partition flag

  [ Susant Sahani ]
  * netdev bond: add support to configure tlb_dynamic_lb
  * networkd: Bond - AllSlavesActive fix parser
  * networkd: wait for kernel to reply ipv6 peer address
  * test-network: skip erspan test if not available
  * networkd: Allow to retain configs even if carrier is lost
  * networkd: honour LinkLocalAddressing
  * networkd: ipv6ra allow to ignore addresses
  * Add to fuzzer
  * networkd: Introduce l2tp tunnel
  * network: Introduce MACsec
  * networkd: Add back static routes after DHCPv4 lease expires.
  * netword: fdb fix coding style
  * networkd: Add support to configure destination address for bridge FDB
  * networkd: Option to use LinkLocalAddressing only when DHCP fails
  * networkd: stop clients when networkd shuts down (#12463)
  * networkd: manager do not unef netlink and gennetlink early
  * networkd: Allow DHCP4 client to set the number to attempt to reconfigure.
  * networkd: VXLAN ID define range in the man
  * networkd: VXLAN rename Id to VNI
  * networkd: VXLan Make group and remote variable separate
  * networkd: VXLan TTL must be <= 255
  * networkd: VXLAN add support to configure Generic Protocol Extension
  * networkd: VXLAN use correct type for VNI
  * networkd: bridge fdb add support to configure VXLAN VNI
  * networkd: Add support to configure proxy ARP and proxy ARP Wifi
  * networkd: fix link_up() (#12505)
  * networkd: Assign VXLAN destination port to when GPE is set
  * sd-netlink: Add VXLAN netlink properties
  * networkd: VXLAN add support to configure IP Don't fragment.
  * network: add support to configure proxy ARP/WIFI
  * networkd: Log error if LLDP fails to start/stop
  * networkd: Add support for blacklisting servers
  * sd-netlink: Add supprt for geneve properties
  * networkd: Geneve add support configure IP don't fragment
  * networkd: Geneve Allow TTL to be zero.
  * networkd: VXLAN support keyword 'inherit' for TTL
  * LLDP: Fix logs for LLDP
  * networkd: Geneve add support for inherit for TTL
  * sd-netlink: support RTAX_FASTOPEN_NO_COOKIE
  * networkd: bridge FDB support more NTF_* flags
  * networkd: route add support to configure fastopen_no_cookie
  * networkd: route fix coding style
  * networkd: DHCP client add support to send RELEASE packet
  * networkd: do not generate MAC for bridge device.
  * networkd: introduce netdev ipvtap
  * sd-netlink: Add Fou properties FOU_ATTR_LOCAL_V4/FOU_ATTR_PEER_V4
  * networkd: FOU tunnel support Local and Peer tunnel addresses
  * sd-netlink: add route netlink properties
  * networkd: FOU netdev add support to configure peer port
  * networkd: route add MPLS TTL propagate
  * networkd: Ability to selectively ignore IPv6 prefixes supplied via router advertisement
  * networkctl: Display MTU
  * sd-netlink: Add netlink property IFLA_MIN_MTU and IFLA_MAX_MTU,
  * networkctl: Add support to display min and max MTU
  * networkctl: add support to display Transmit/Recieve queue length (#12633)
  * networkctl: add support to delete virtual netdevs
  * networkd: add support to keep configuration
  * networkd: DHCPv6 - separate DHCPv6 options from DHCPv4 options
  * network: fix DHCP route rumber parsing.
  * networkd: bridge add support to set IGMP version
  * networkctl: Add support to display bridge properties
  * networkctl : Add support to display vxlan properties
  * network: Do not disable IPv6 by writing to sysctl
  * sd-network: add support to get DHCP4 address
  * networkctl: Display address is a DHCP4 address
  * network DHCP4: Dont mislead the logs.
  * network: Add support to advertie ipv6 route
  * Add test for IPv6 Route advertisement
  * test-network: Drop start dnsmasq
  * network dhcp4: Add support send request options in a generic manner
  * network: DHCP server Add support to transmit SIP server
  * link: Add support to configure NIC ring buffer size
  * network: DHCPv6 client add support for prefix delegation hint
  * network: introduce ip nexthop routing
  * network: DHCPv4 client: add support to send arbitary option and data
  * network: introduce TrafficControl
  * networkd: dhcp server Support Vendor specific 43
  * qdisc: netem add support to duplicate packets.
  * tc: qdisc remove some duplicate code
  * Fix CID 1406578:  Resource leaks  (RESOURCE_LEAK)
  * network: DHCP server remove duplicate free
  * networkd tc: introduce tbf
  * network: tc introduce sfq - Stochastic Fairness Queueing
  * network: introduce DAD for static address
  * sd-netlink: add support for ifb device
  * network: introduce ifb (Intermediate Functional Block)
  * network tc: qdisc parent add support to set ingress
  * network tc: Add support to conkfigure CoDel - Controlled-Delay Active Queue Management algorithm
  * network tc: inroduce FQ - Fair Queue traffic policing
  * network: DHCP4 introduce send decline
  * network: tc introduce codel
  * network: Add support to configure DHCPv4 route MTU
  * efi: fix build.
  * network: Allow to specify multiple IPv6Token for SLAAC
  * network: add support for qdisc handle
  * network: introduce bus method forcerenew for DHCP server
  * network: Add policy in polkit DHCP server forcenenew
  * network: Add support in networkctl for DHCP server forcerenew
  * network: Introduce method to generate EUI-64 addresses
  * network: radv introduce sd_radv_prefix_get_prefix
  * network: introduce IPv6 prefix assign
  * network: make use of generate_ipv6_eui_64_address
  * network: Allow to configure GW even UseRoutes=false
  * man: fix typo
  * network: TC introduce PFIFO
  * network: TC introduce GRED, Generic Random Early Detection
  * network: TC introduce sfb - Stochastic Fair Blue
  * sd-netlink: introduce sd_netlink_message_append_s8() and friends
  * network: tc: introduce cake
  * network: Move config_parse_ip_service_type to networkd-dhcp4.c and
  * network: Allow DHCPv6 client to start without router's managed flag.
  * network: Add support to ignore foreign routes
  * sd-netlink: add support for PIE
  * network: tc- introduce PIE
  * sd-netlink: add DRR netlink properties
  * network: TC - introduce DRR
  * network: TC - introduce BFIFO
  * network: TC - introduce pfifo_head_drop
  * network: TC - introduce pfifo_fast
  * sd-netlink: add HHF netlink property
  * network: TC - introduce HHF
  * sd-netlink: Add IFLA_QDISC
  * networkctl: Add support to display qdisc
  * networkctl: Add support to display vlan ID
  * networkctl: Add support to display master device
  * networkctl: Add support to show tunnel (ipip/sit) local and remote address
  * networkctl: Add support to display geneve tunnel info
  * networkctl: Add support to display gre gretap and erspan
  * networkctl: add support to display ip6gre, ip6gretap, ip6erspan
  * networkctl: Add support to display vti and vti6 tunnels
  * networkctl: Add support to display bond
  * networkctl: Add support to display IPv6 addrgenmode
  * network: DHCP lease load SIP copy paste error
  * sd-network: Provice APIs to access SIP servers given by DHCP4 server
  * networkctl: Add support to display SIP servers
  * networkctl: Add more bridge properties
  * shared: Introduce bridge util
  * networkctl: Use string table for bridge state
  * network: Introduce geneve util
  * networkctl: Display more geneve preperties
  * networkctl: Add support to set link up and down
  * shared- bride util allign bridge_state_table
  * libsystemd-network: DHCP add support to emit and retrive DHCP POP3 server
  * DHCP: Add support to emit and retrieve POP3 server
  * sd-network: Add support to emit and receive pop3 server information
  * networkctl: Add support to display DHCP pop3 servers
  * sd-dhcp: Add support to emit and retrieve SMTP server
  * network: DHCP - add support to emit and receive SMTP server information
  * sd-network: Add support to emit and receive SMTP server information
  * networkctl: Add support to display DHCP SMTP servers
  * sd-dhcpv4: introduce The Manufacturer Usage Description (MUD)
  * network: DHCPv4 - introduce The Manufacturer Usage Description (MUD)
  * sd-dhcpv6: Add support to set request MUD URL
  * network: DHCPv6 Add support to send MUD URL
  * sd-lldp: Add support to receive MUD
  * LLDP: Add support to transmit MUD URL
  * network: VXLan - fix adding Group address
  * network: VXLan - Add support for remote address
  * networkctl: Add support to display VXLan remote address
  * sd-network: DHCPv6 - Add NoPrefixAvail to error code
  * sd-network: DHCP6 - Use readable error status rather than numeric
  * sd-network: DHCPv6 - Add status codes
  * network: Allow DHCPv6 client to be started even if no O or M bit in RA.
  * sd-network: DHCPv4 Add support to send and receive LPR servers.
  * network: Add support send and receive LPR servers
  * sd-network: Add support to retrive LPR servers
  * networkctl: Add support to display LPR servers
  * network: Introduce macvlan util
  * networkctl: Add support to display macvlan/macvtap mode
  * network: Add support to group links.
  * network: Introduce ipvlan util
  * networkctl: VXLan - display more properties
  * network: Introduce bond util
  * networkctl: Use bond util common functions
  * sd-dhcp6: Allow to add arbitary request option
  * network: DHCPv6 - Add support set arbitary request options
  * dhcpv6 tests: Update since we allow arbitrary options to be set
  * networkctl: Add support to display ipvlan
  * sd-network: DHCPv6 - add support to send userclass option
  * network: DHCPv6 - Add support to send user class
  * DHCP: Use UINT8_MAX instead of 255
  * sd-dhcpv4: Allow to configure lease lifetime
  * network: DHCPv4- Allow to set DHCP lease lifetime
  * sd-network: DHCPv6 - Add support to send vendor class data
  * network: DHCPv6 - Add support to send vendor class information
  * DHCPv6: MUD URL lengh - use UINT8_MAX instead of 255
  * sd-network: DHCPv4 - Add user class, extra option and send generic options in request state
  * networkctl: Add a range to address genmode
  * network: Allow to configure addr_gen_mode
  * network: Fix crash when SendOption= is invalid
  * sd-network: Rectify Advertise Message Processing by a Client
  * network: DHCPv6 Assign delegated prefix to LAN interface
  * sd-dhcp6: Introduce vendor specific information
  * network: Inroduce DHCP6- send vendor options
  * network: dhcp6 - fix memory leak
  * network: L2TP fix crash
  * sd-netlink: add netlink properties of Quick Fair Queueing (QFQ)
  * network: tc: introduce Quick Fair Queueing (QFQ)
  * man: fix typo Takse -> Takes
  * network: DHCP4 client ID save in state file
  * sd-network: Introduce API to access DHCP4 client ID
  * networkctl: Display DHCP4 client ID
  * dhcp6: Provide method to access IAID
  * network: DHCPv6 - export IAID to state file
  * sd-network: Introduce API to get DHCPv6 IAID
  * networkctl: DHCPv6 - display IAID
  * network: DHCP6 - introduce DHCP6 DUID to string
  * network: DHCP6 - save DUID to state file
  * sd-network: Introduce APIs to get DHCP6 DUID
  * networkctl: Display DHCP6 DUID
  * network: DHCPv6 - Add support to set token on the LAN interface
  * networkctl: display DHCPv4 server address
  * sd-netlink: Add SR-IOV netlink properties
  * network: Introduce SR-IOV
  * network: Allow DHCPv6 client  to start solicit mode
  * DHCPv4: client add support for DHCP server allow list
  * basic: Introduce ordered_hashmap_ensure_put
  * shared: Introduce socket_addr_port_from_string_auto
  * resolve: allow configurable bind address
  * sd-netlink: Add support for bare UDP
  * network: Introduce bare UDP
  * network: Allow vxlan to be created without .network file
  * sd-netlink: add fq pie options
  * network: TC - introduce fq pie
  * timesync: Make delaying attempts to contact servers configurable
  * network: Allow to configure interface promiscuous mode
  * sd-netlink: routing policy rule port to fib_rule_hdr
  * network: Allow to configure unreachable/blackhole RoutingPolicyRule (#17984)
  * networkd: add support for prefix allow-list and route allow-list
  * network: Allow to set device's receive queues and transmit queues
  * network: route - add support to configure tcp advmss
  * sd-netlink: Add Generic Segment Offload attributes
  * sd-netlink: Add VLan QOS map properties
  * sd-netlink: add support to configure Generic Segment Offload
  * network: Allow to configure VLan egress qos maps
  * network: Allow to configure VLan egress qos maps
  * TODO: Already implemented with SendDecline=
  * TODO: SR_IOV already implemeted
  * link: Add support to configure Generic Segment Offload
  * basic: Add macvlan netlink attributes
  * sd-netlink: Supprt netlink types bitfield and reject
  * sd-netlink: mcvlan - add new attributes
  * homed: use ordered_set_ensure_put
  * basic: introuce hashmap_ensure_put
  * generator: Use hashmap_ensure_put
  * network: netdev - Use hashmap_ensure_put
  * network: wireguard - Use hashmap_ensure_put
  * network: address label - use hashmap_ensure_put
  * network: dhcp6 - use hashmap_ensure_put
  * network: fdb - Use hashmap_ensure_put
  * network: link - use hashmap_ensure_put
  * network: link - use hashmap_ensure_put
  * network: mdb - use hashmap_ensure_put
  * network: neighbor - use hashmap_ensure_put
  * network: radv - Use hashmap_ensure_put
  * network: route - Use hashmap_ensure_put
  * network: routing policy rule - Use hashmap_ensure_put
  * network: online - use hashmap_ensure_put
  * udevd: Use hashmap_ensure_put
  * network: nexthop - use TAKE_PTR
  * network: generator tighten variable scope used in loop
  * network: macsec - tighten variable scope used in loop
  * networkctl: tighten variable scope used in loop
  * network: mdb - use TAKE_PTR
  * network: address label - use TAKE_PTR
  * network: route - use ordered_set_ensure_put
  * network: manager tighten variable scope used in loop
  *  network: tc - use TAKE_PTR (#18266)
  * network: route - add a zero verification for tcp window
  * network: routing-policy-rule - TAKE_PTR
  * network: use hashmap_ensure_put
  * network: nexthop - use hashmap_ensure_put
  * network: tighten variable scope used in loop (#18277)
  * machine: machined-dbus - tighten variable scope used in loop
  * journal: journal-file - tighten variable scope used in loop
  * network: macvlan - add support to configure rx queue for broadcast/multicast
  * core: dbus - use hashmap_ensure_put
  * network: Use ordered_hashmap_ensure_put (#18233)
  * core: job - use hashmap_ensure_put
  * core: load fragment - use hashmap_ensure_put
  * journal-remote: use hashmap_ensure_put
  * resolved-bus: Use hashmap_ensure_put
  * resolved-dns-packet: Use hashmap_ensure_put
  * resolved-dns-packet: Use TAKE_PTR
  * resolved-dnssd: Use hashmap_ensure_put
  * resolved-dnssd: Use TAKE_PTR
  * udev-rules: Use hashmap_ensure_put
  * udevadm-monitor: Use hashmap_ensure_put
  * udevadm-monitor: use TAKE_PTR
  * network: tc use TAKE_PTR
  * journal: context - Use _cleanup_free_
  * journal: context - use hashmap_ensure_put
  * network: bond - use ordered_set_ensure_put
  * network: macsec - use ordered_hashmap_ensure_put
  * network: address - use ordered_hashmap_ensure_put
  * network: network -- use ordered_hashmap_ensure_put
  * network: Use TAKE_PTR
  * install: use ordered_hashmap_ensure_put
  * network: radv - use hashmap_ensure_put
  * network: wait-online - use hashmap_ensure_put
  * network: wait-online - add a assert
  * varlink: use hashmap_ensure_put
  * sd-netlink: use hashmap_ensure_put
  * sysusers: use ordered_hashmap_ensure_put
  * core: transaction - use hashmap_ensure_put
  * remount-fs: Use hashmap_ensure_put
  * resolve: link - use hashmap_ensure_put
  * share: bus-unit-procs - use hashmap_ensure_put
  * network: sd-dhcp6-client - use ordered_hashmap_ensure_put
  * core: dbus - use set_ensure_put
  * core: execute - use hashmap_ensure_put
  * import: use - hashmap_ensure_put
  * sysusers: use ordered_hashmap_ensure_put
  * udev-rules: Use ordered_hashmap_ensure_put
  * udev: Use TAKE_PTR
  * network: add support to RoutingPolicyRule lookup table name
  * Journal: Use hashmap_ensure_put
  * journal: Use cleanup_free
  * logind: Use hashmap_ensure_put
  * machine: Use hashmap_ensure_put
  * network: ndisc - Use ordered_set_ensure_put
  * network: Use hashmap_ensure_put
  * network: networkd-network use TAKE_PTR
  * udev-rules: use ordered_hashmap_ensure_put
  * sd-device: Use hashmap_ensure_put
  * sd-device: Use TAKE_PTR
  * sd-event: Use hashmap_ensure_put
  * sd-event: Use hashmap_ensure_put
  * analyze: tighten variable scope used in loop
  * btrfs-util: tighten variable scope used in loop
  * treewide: tighten variable scope in loops (#18372)
  * network: DHCP option- use correct byteorder
  * network: Add "route_localnet" sysctl support
  * network: bridge-fdb: add support to specify outgoing interface
  * ndisc: honour MTU for onlink prefix
  * network: DHCP4 allow to set InitialCongestionWindow and InitialAdvertisedReceiveWindow
  * networkd: allow setting rp_filter for an interface
  * CI: network - Add test for rp_filter
  * network: ndisc - Honour CurHopLimit
  * network: ndisc - Ignore route information if reserved (10) value is
  * network: Route - allow to set TCP RTO
  * CI: network - Add test for route TCP RTO
  * network: DHCP6 client- Allow to send manual DUID
  * CI: network dhcp6 - Add test for custom client identifier
  * network: static route - Allow to configure per route hop liimt
  * CI: network - Add test for route hoplimit
  * network: ndisc - Allow to use ICMP6 rate limit from received RA
  * network: ndisc - Also fill router preference
  * network: ndisc - drop routes of lifetime 0
  *  network/radv: allow to configure the time between retransmitted Neighbor Solicitation (#28888)
  * network: radv - Allow to send hop limit
  * test-network: re-add test for custom client identifier
  * network: sd-radv - Introduce pref64 support (RFC8781)
  * sd-radv: fix memory leak
  * network: sd-radv - Allow to configure Mobile IPv6 Home Agent
  * network: ndisc - Allow to parse PREF64 prefix
  * network: Fix memory leak PREF64 (#29064)
  * test-network: Add test for PREF64
  * ndisc: Also set link hoplimit
  * sd-dhcp-server: support IPv6 only mode
  * network/dhcp-server: allow to configure IPv6 only preferred option
  * network: netdev - bond add support for ARP missed max
  * test-network: Add test for bond arp_missed_max option
  * network: DHCP6 Allow to export DHCP6 DUID (#31355)
  * network: JSON - Export DHCPv4 client ID
  * netdev/macvlan: allow to set the broadcast queueing threshold
  * test-network: add test for macvlan BroadcastQueueMulticastLength= and BroadcastQueueThreashold=
  * netdev: bond - add support for peer_notif_delay
  * test-network: Add test for bond peer_notif_delay
  * network: netdev - BareUDP Add support for srcportmin
  * test-network: Add test for BareUDP srcportmin

  [ James Muir ]
  * bulgarian: use "RateLimitIntervalSec" rather than "RateLimitInterval"
  * man/systemd-sysusers, man/systemd-tmpfiles: fix sentence fragments

  [ Renan Guilherme ]
  * hwdb: Fix accelerometer mount matrix for ASUS T100TAS

  [ Cristian Rodríguez ]
  * malloc() uses getrandom now
  * gcrypt: prefer the OS RNG
  * gcrypt: switch to system rng before gcry_check_version (#24162)
  * build: Use -fstrict-flex-arrays=1 if supported
  * resolve: Use only C99 flex arrays (#25335)
  * journal-remote: code is of type enum MHD_RequestTerminationCode
  * resolve: dns_server_feature_level_*_string type is DnsServerFeatureLevel
  * shared|install: Use InstallChangeType consistently
  * basic: fix hosed return value in skip_session()
  * basic: Fix incompatible type for arguments errors in C2X
  * libsystemd-network: FTBS in c2x mode
  * Include <threads.h> if possible to get thread_local definition
  * resolve: change DNS_PACKET_UNICAST_SIZE_LARGE_MAX to 1232 (#27171)
  * timesync: IPTOS_LOWDELAY --> IPTOS_DSCP_EF
  * Fix gcc14 -Wcalloc-transposed-args warnings
  * fundamental: declare flex array updated for gcc15 and clang 19
  * basic|boot: silence Wunterminated-string-initialization gcc15 warnings

  [ Arnaud Patard ]
  * src/pcrlock/pcrlock.c: Handle empty pcrlock.d directories

  [ rajmohan r ]
  * systemd-analyze: Add svg scaling options

  [ Marc Reisner ]
  * sleep: add HibernateOnACPower= option (#33846)

  [ Marin Kresic ]
  * po: Translated using Weblate (Croatian)

  [ Dimitrys Meliates ]
  * po: Translated using Weblate (Greek)

  [ Nova840 ]
  * hwdb: fix auto rotate on Asus Q551LB (#33921)

  [ Daniel P. Berrangé ]
  * add APIs for detecting confidential virtualization
  * detect-virt: add --cvm option
  * detect-virt: add --list-cvm option
  * unit: add "cvm" option for ConditionSecurity
  * dbus: add 'ConfidentialVirtualization' property to manager object
  * core: log detected confidential virtualization type
  * core: set SYSTEMD_CONFIDENTIAL_VIRTUALIZATION env for generators
  * udev: add 'conf-virt' constant for confidential virtualization tech
  * fundamental: share constants for confidential virt detection
  * efi: add helper API for detecting confidential virtualization
  * efi: don't pull kernel cmdline from SMBIOS in a confidential VM
  * repart: avoid use of uninitialized TPM2B_PUBLIC data
  * test-blockdev-util: avoid abort when /home is a symlink
  * test-systemd-tmpfiles: skip when /tmp has unexpected ownership
  * test-fstab-generator: skip test impacted by /mnt symlink
  * debian/rules: don't override default telinit-path
  * Fix detection of TDX confidential VM on Azure platform
  * confidential-virt: split caching of CVM detection into separate method
  * confidential-virt: add detection for s390x target
  * man/systemd-detect-virt: fix row spanning for VM header
  * man/systemd-detect-virt: list known CVM technologies

  [ jauge-technica ]
  * Added support for L2 BridgeMDB entries (#32894)

  [ Dan Nicholson ]
  * test-process-util: Handle unprivileged setrlimit success
  * test: extend firstboot testing
  * firstboot: create locked and empty root passwords consistently
  * firstboot: handle missing root password entries
  * firstboot: fix root params with creds and prompting disabled

  [ Nick Cao ]
  * network: Add L3MasterDevice= into routing policy
  * man: network: move note about L3MasterDevice to the correct section
  * network: Fixup Table when L3MasterDevice is set on routing policy rule

  [ Vladimir Panteleev ]
  * man: Document the crypttab keyfile syntax specifying a device
  * Fix typo in dbus property name ("OnSuccesJobMode")
  * fstab-generator: Respect nofail when ordering
  * man: improve ManagerEnvironment documentation
  * man: clarify systemd-path variable source

  [ Jose Ignacio Tornos Martinez ]
  * kernel-install: remove depmod generated file modules.weakdep

  [ Jeffrey Bosboom ]
  * docs/CONTROL_GROUP_INTERFACE.md: document accounting information available via D-Bus

  [ MkKvcs ]
  * hwdb: add axis range corrections for the Lenovo Thinkpad E16

  [ vdovhanych ]
  * add udev rules for trezor hw wallet devices

  [ James Coglan ]
  * resolved: allow the full TTL to be used by OPT records
  * resolved: correct parsing of OPT extended RCODEs
  * resolved: tests for parsing DNS packet headers
  * resolved: tests for dns_packet_extract(); parsing of queries
  * resolved: tests for dns_packet_extract(); A and CNAME answers with domain compression
  * resolved: tests for dns_packet_extract(); checking for malformed queries
  * resolved: tests for dns_packet_extract(); check handling of self-referential compression pointers
  * resolved: tests for dns_packet_extract(); parsing A records
  * resolved: tests for dns_packet_extract(); parsing NS records
  * resolved: tests for dns_packet_extract(); parsing SOA records
  * resolved: tests for dns_packet_extract(); handling ANY class/type in answers
  * resolved: tests for dns_packet_extract(); parsing SRV records
  * resolved: tests for dns_packet_extract(); parsing RRSIG records
  * resolved: tests for dns_packet_extract(); parsing SVCB and HTTPS records
  * resolved: tests for dns_packet_extract(); parsing HINFO records
  * resolved: tests for dns_packet_extract(); parsing NAPTR records
  * resolved: tests for dns_packet_extract(); parsing OPT records
  * resolved: tests for dns_packet_extract(); parsing TXT records
  * resolved: tests for dns_packet_extract(); parsing LOC records
  * resolved: tests for dns_packet_equal()
  * resolved: tests for dns_ede_rcode_is_dnssec()
  * resolved: tests for dns_packet_ede_rcode()
  * resolved: tests for dns_packet_has_nsid_request()
  * resolved: tests for dns_packet_validate_{query,reply}()
  * resolved: tests for dns_packet_is_reply_for()
  * resolved: tests for DNS parameter formatters
  * resolved: tests for dns_packet_set_flags()
  * resolved: tests for basic usage of dns_packet_append_key()
  * resolved: tests for dns_packet_append_key() domain name compression
  * resolved: tests for dns_packet_append_opt()
  * resolved: tests for dns_packet_truncate_opt()
  * resolved: tests for dns_packet_append_answer(); single A record
  * resolved: tests for dns_packet_append_answer(); NS, CNAME, PTR and MX records
  * resolved: tests for dns_packet_append_answer(); SRV records
  * resolved: tests for dns_packet_append_answer(); RRSIG records
  * resolved: tests for dns_packet_append_answer(); HINFO records
  * resolved: tests for dns_packet_append_answer(); SVCB and HTTPS records
  * resolved: tests for dns_packet_append_answer(); NAPTR records
  * resolved: tests for dns_packet_append_answer(); TXT records
  * resolved: tests for dns_packet_append_answer(); LOC records
  * resolved: tests for dns_packet_patch_max_udp_size()
  * resolved: tests for dns_packet_dup()
  * resolved: tests for link_new(), link_process_rtnl()
  * resolved: tests for link_relevant()
  * resolved: tests for link_find_address()
  * resolved: basic tests for link_allocate_scopes()
  * resolved: refactor env setup for link_allocate_scopes() tests
  * resolved: tests for link_allocate_scopes(): LLMNR, MDNS, IPv4/6
  * resolved: test for DNS_RESOURCE_RECORD_RDATA()
  * resolved: tests for dns_resource_key_new() and dns_resource_key_new_redirect()
  * resolved: tests for dns_resource_key_new_append_suffix()
  * resolved: tests for dns_resource_key_is_{address, dnssd_ptr, dnssd_two_label_ptr}
  * resolved: tests for dns_resource_key_equal() and dns_resource_key_match_rr()
  * resolved: tests for dns_resource_key_match_cname_or_dname(), dns_resource_key_match_soa()
  * resolved: tests for dns_resource_key_to_string()
  * resolved: tests for dns_resource_key_reduce()
  * resolved: tests for dns_resource_record_new_address(), dns_resource_record_new_reverse()
  * resolved: tests for dns_resource_record_equal(); general cases
  * resolved: tests for dns_resource_record_equal(); A and AAAA records
  * resolved: tests for dns_resource_record_equal(); NS records
  * resolved: tests for dns_resource_record_equal(); CNAME records
  * resolved: tests for dns_resource_record_equal(); SOA records
  * resolved: tests for dns_resource_record_equal(); PTR records
  * resolved: tests for dns_resource_record_equal(); HINFO records
  * resolved: tests for dns_resource_record_equal(); MX records
  * resolved: tests for dns_resource_record_equal(); DNAME records
  * resolved: tests for dns_resource_record_equal(); TXT records
  * resolved: tests for dns_resource_record_equal(); SRV records
  * resolved: tests for dns_resource_record_equal(); NAPTR records
  * resolved: tests for dns_resource_record_equal(); RRSIG records
  * resolved: tests for dns_resource_record_equal(); SVCB records
  * resolved: tests for dns_resource_record_equal(); LOC records
  * resolved: tests for dns_resource_record_clamp_ttl()
  * resolved: tests for dns_resource_key_{to,from}_json()
  * resolved: tests for dns_resource_record_to_string()
  * resolved: tests for dns_resource_record_to_wire_format()
  * resolved: tests for dns_resource_record_source(), dns_resource_record_is_synthetic(), dns_resource_record_signer(), dns_resource_record_is_signer()
  * resolved: tests for dns_question_add()
  * resolved: tests for dns_question_new_address()
  * resolved: tests for dns_question_new_reverse()
  * resolved: tests for dns_question_new_service()
  * resolved: tests for dns_question_matches_rr()
  * resolved: tests for dns_question_matches_cname_or_dname()
  * resolved: tests for dns_question_is_valid_for_query()
  * resolved: tests for dns_question_is_equal()
  * resolved: tests for dns_question_cname_redirect()
  * resolved: tests for dns_question_dump()
  * resolved: tests for dns_question_first_name()
  * resolved: tests for dns_question_merge()
  * resolved: tests for dns_answer_add(), dns_answer_match_key()
  * resolved: tests for dns_answer_find_soa()
  * resolved: tests for dns_answer_merge() and dns_answer_extend()
  * resolved: tests for dns_answer_remove_by_{key,rr}()
  * resolved: tests for dns_answer_remove_by_answer_keys()
  * resolved: tests for dns_answer_{copy,move}_by_key()
  * resolved: tests for dns_answer_dump()
  * resolved: tests for dns_answer_has_dname_for_cname()
  * resolved: tests for dns_answer_order_by_scope()
  * resolved: tests for dns_search_domain_new()
  * resolved: tests for dns_search_domain_unlink()
  * resolved: extract function for checking search domains
  * resolved: tests for search domain marking and unlinking
  * resolved: tests for dns_search_domain_find()
  * resolved: tests for dns_zone_put()
  * resolved: tests for dns_zone_remove_rr()
  * resolved: tests for dns_zone_remove_rrs_by_key()
  * resolved: tests for dns_zone_lookup()
  * resolved: tests for dns_cache_put(); successful A query
  * resolved: tests for dns_cache_put() with different RCODEs
  * resolved: test for dns_cache_put() with empty answer
  * resolved: refactor DNS answer construction for cache tests
  * resolved: tests for dns_cache_put() with non-matching class, type, name
  * resolved: tests for dns_cache_put(); CNAME success and name error
  * resolved: check that adding an expired response removes cache entry
  * resolved: tests for dns_cache_dump_to_json()
  * resolved: first test for dns_cache_lookup()
  * resolved: tests for dns_cache_lookup() for NXDOMAIN
  * resolved: test cache misses
  * resolved: tests for dns_cache_dump()
  * resolved: tests for dns_cache_lookup() returning the most recent input
  * resolved: tests for dns_cache_lookup(); mDNS and multiple matching entries
  * resolved: tests for dns_cache_export_shared_to_packet()
  * resolved: tests for dns_cache_check_conflicts()
  * resolves: tests for dns_cache_prune()
  * resolved: test that pseudo classes and types are not cached
  * resolved: tests for dns_cache_put() for  NXDOMAIN with no SOA
  * resolved: tests for dns_cache_lookup() clamping the TTL
  * resolved: tests for dns_query_new()
  * resolved: tests for dns_query_make_auxiliary()
  * resolved: tests for common usage of dns_query_process_cname_one()
  * resolved: tests for dns_query_process_cname_many()
  * resolved: tests for dns_query_process_cname_one(); no match, DNAME, utf-8 handling
  * resolved: tests for dns_query_go() -- with and without network link
  * resolved: tests for dns_query_go() using a bypass query
  * resolved: tests for dns_query_go() when no scopes are available
  * resolved: tests for dns_query_go() when configured with search domains
  * resolved: refactor environment management in dns_query_go() tests
  * resolved: tests for dns_query_go(); multiple search domains for dns_query_candidate_notify()
  * resolved: tests for dns_query_string()
  * resolved: tests for dns_synthesize_answer()
  * resolved: tests for dns_synthesize_family() and dns_synthesize_protocol()

  [ Mary Strodl ]
  * sd-dhcp-server: persist hardware addresses in leases

  [ Anouk Ceyssens ]
  * test-daemon: use new assertion macros
  * test-date: use new assertion macros
  * test-dev-setup: use new assertion macros
  * test-clock: use new assertion macros
  * fix compilation errors

  [ Steve Traylen ]
  * Corect man page reference in systemd-nologin.conf comments
  * Document that MemorySwapMax supports % configuration

  [ Collin L ]
  * zsh/_networkctl: remove duplicated argument for completion (#31926)

  [ Mauri de Souza Meneguzzo ]
  * shared: log error when execve fail

  [ Gregor Herburger ]
  * network: bridge: add support for IFLA_BR_FDB_MAX_LEARNED
  * networkctl: add support to display learned fdb entries
  * test: systemd-networkd-tests: add fdb learned tests

  [ Kamil Szczęk ]
  * libfido2-util: fix a regression in the pre-flight mechanism
  * json: use secure un{base64,hex}mem for sensitive variants
  * core: populate $REMOTE_ADDR for AF_UNIX sockets
  * cryptsetup: manual FIDO2 PIN, UP and UV configuration
  * cryptenroll: support for enrolling FIDO2 tokens in manual mode
  * cryptsetup: improve TPM2 blob display
  * cryptsetup: make key discovery more robust
  * cryptsetup: allow customizing cache behavior
  * cryptsetup: handle parallel activation of volumes with another tool gracefully

  [ Alain Greppin ]
  * systemd.dnssd does not handle local requests (#32991)

  [ ShreyasMahangade ]
  * timedatectl: setting set_local_rtc to 1 will throw Warning as well, use log_warning() (#33489)

  [ Dominique Martinet ]
  * man: fix option typo in pam_systemd man page
  * unit_is_bound_by_inactive: fix return pointer check
  * build: fix build without seccomp
  * libbpf: add compat helpers for libbpf down to 0.1.0
  * bpf-firewall: give a name to maps used
  * meson: fix missing failure if bpf-framework was enabled

  [ Kai-Chuan Hsieh ]
  * Add ACCEL_LOCATION property for Dell clamshell models
  * hwdb: Mark Dell platform accel sensor location to base
  * hwdb: Add mic mute key mapping for Dell Pro Rugged series

  [ Lucas Werkmeister ]
  * man: systemctl: document effect of --all on journal output
  * Enable regular file and FIFO protection
  * docs: fix misplaced close-paren
  * docs: fix typo
  * shell-completion: add missing completions to meson.build
  * man: systemd-sysusers does not create home dir
  * Add truncate: to StandardOutput= etc.
  * test: fix exec-standardoutput-truncate test
  * man: document that truncate:file happens per command line
  * man: document effects of concurrent truncation
  * man: Mention Type=oneshot timeout directive

  [ migleeson ]
  * docs: update mkosi version mentioned in HACKING.md (#33723)

  [ Sean Rhodes ]
  * Revert "hwdb: Added StarLabs StarLite position sensor mapping"

  [ chayleaf ]
  * fstab-generator: add x-systemd.wants

  [ Merlin Jehli ]
  * machine-id: Add cmdline argument to use VM behaviour on bare metal (#32086)

  [ Kuntal Majumder ]
  * man: fix typo in unit options section

  [ Tom Yan ]
  * mount/generators: do not make unit wanted by its device unit
  * mount: remove unused mount_is_auto and mount_is_automount
  * network: allow users to forbid passthru MACVLAN from putting its link into promiscuous mode
  * man: network: mention that Promiscuous= can be used to set nopromisc for passthru MACV{LAN,TAP}
  * man: network: mention that RouteMetric= in [DHCPv4] is also applied to the prefix route
  * network: default LinkLocalAddresssing= to no for link stacked with a passthru mode MACVLAN/MACVTAP
  * fstab-generator: also order noauto or automount mount units before "post" target units
  * core/mount: also add default before dependency for automount mount units
  * resolved: filter stub listeners in manager_get_dns_server()
  * repart: use real disk start/end for bar production
  * logind-dbus: set gc_mode to USER_GC_BY_PIN when disable linger

  [ Derek J. Clark ]
  * hwdb: add scancodes for AYANEO devices (#33378)
  * Add OrangePi NEO Scancodes
  * Add MSI Claw AT Keyboard Scancodes.
  * Add or fix mount matrix for multiple handhelds. (#33586)

  [ ZHANG Yuntian ]
  * man: fix typo in the alias symlink name

  [ Henry Chen ]
  * vmspawn: define default machines for mips targets

  [ csp5me ]
  * Update 60-sensor.hwdb

  [ Riku ]
  * 70-mouse.hwdb: Added Glorious Model O DPI

  [ fwfy ]
  * Remove extra period at the end of systemd-bsod's unit description. (#33632)

  [ GwynBleidD ]
  * hwdb: Added StarLabs StarLite position sensor mapping

  [ Edson Juliano Drosdeck ]
  * Fix  inverted rotation in the Positivo DUO #24769 (#24770)
  * hwdb: fix Positivo-vaio FE14 V2 key toggle touchpad #24822  (#24825)
  * hwdb: fix key toggle and programmable button for Positivo K142 (#25111)
  * hwdb: fix Compaq N14KP6 key toggle touchpad (#25404)
  * hwdb: add Positivo-vaio Pro PW key toggle touchpad (#25669)
  * hwdb: fix Positivo CG15D key toggle touchpad and programmable keys (#27689)
  * Fix Positivo N14NPE-N and N15NPE-N key toggle touchpad and search key
  * Fix key toggle touchpad and programmable buttom for Positivo N14AP7
  * Fix key toggle touchpad button for multilaser ul154 (#33630)

  [ tfg13 ]
  * stub: mem fixes in devicetree addon handling (#33624)

  [ Topi Miettinen ]
  * Delete duplicate lines
  * Remove 'inline' attributes from static functions in .c files (#11426)
  * Document weaknesses with MDWE and suggest hardening
  * basic: change read_one_line_file() to return number of bytes read
  * backlight: handle loading truncated file
  * Detect file truncation earlier in a few places
  * core: ProtectHostname= feature
  * units: enable ProtectHostname=yes
  * analyze security: check for ProtectHostname=yes
  * tree-wide: fix false search hits with ppp (typos)
  * build: install /etc/systemd/{system,user}-generators
  * small fixes: make get_process_state() static and fix typo
  * units: deny access to block devices
  * cgroup-util: kill also threads
  * cgroup-util: update comment to reflect stable kernel fixes
  * core: swap priority can be negative
  * resolved, networkd: don't resolve the user if not root
  * shared/dropin: fix assert for invalid drop-in
  * analyze: badness if neither of RootImage and RootDirectory exists
  * systemd.exec: document the file system for EnvironmentFile paths
  * dbus-execute: avoid extra strdup()
  * pam_systemd: resolve the tty of display via /sys instead of /dev
  * man: tmpfiles.d: z/Z ignore the argument
  * namespace: fix MAC labels of /dev when PrivateDevices=yes
  * Revert "namespace: fix MAC labels of /dev when PrivateDevices=yes"
  * mount-setup: make /dev noexec
  * dissect-image: avoid scanning partitions
  * namespace: ignore prefix chars when comparing paths
  * execute: don't create /tmp and /var/tmp if both are inaccessible
  * namespace: fix MAC labels of /dev when PrivateDevices=yes
  * README.md: add repology badge
  * dbus-execute: show also ProtectClock
  * shared/dissect-image: log messages from cryptsetup
  * units: add ProtectClock=yes
  * tests: various small fixes for strict systems
  * tree-wide: add size limits for tmpfs mounts
  * Increase size of /run to 20%
  * Delete empty lines at end of file
  * login: limit nr_inodes for /run/user/$UID
  * man: match parentheses
  * test-fs-util: skip encrypted path test if we get EACCES
  * exec: Add kill action to system call filters
  * exec: SystemCallLog= directive
  * test-execute: kill Waldo and Quux
  * shared/seccomp-util: move stime() to @obsolete
  * New directives NoExecPaths= ExecPaths=
  * Update NEWS
  * Mount all fs nosuid when NoNewPrivileges=yes
  * Revert "Mount all fs nosuid when NoNewPrivileges=yes"
  * execute: respect selinux_context_ignore
  * execute: always log a warning when setting SELinux context fails
  * namespace: allow ProcSubset=pid with some ProtectKernel options
  * pam_systemd: Check also abstract socket for X11
  * namespace: allow overriding /run with a TemporaryFileSystem=
  * networkd: NetLabel integration
  * network: firewall integration with NFT sets
  * core: firewall integration with ControlGroupNFTSet=
  * core: firewall integration with DynamicUserNFTSet=
  * sd-netlink: add sizes for some IP and Ethernet addresses
  * basic: generate netmasks for IPv6 and generic IP family addresses
  * sd-netlink: add NetLabel support
  * network: NetLabel integration
  * test: testing for networkd NetLabel feature
  * units: udev: partially emulate ProtectClock=
  * tmpfiles: fix assert
  * NEWS: fix typo
  * execute: use prctl(PR_SET_MDWE) for MemoryDenyWriteExecute=yes
  * homework-luks: fix typos
  * shared/firewall-util: parametrize table and set names
  * shared/firewall-util: parametrize table name
  * shared/firewall-util: make NFT table init optional
  * network: firewall integration with NFT sets
  * test: testing for networkd NFTSet feature
  * shared/firewall-util: promote failure to init ipv6 NAT to error
  * core: firewall integration of cgroups with NFTSet=
  * core: add user and group to NFTSet=
  * test: testing for core NFTSet= feature
  * core/cgroup: ignore NFT sets for other sources
  * network/networkd-address: don't set up firewall rules here
  * test-network: fix racy test for address_static
  * Revert "test: temporarily skip checking NFT sets in test_address_static"
  * test-network: accept kernel versions like 1.2.3+ (self-built)
  * load-fragment: allow MountImages= with paths starting with /dev

  [ Brenton Simpson ]
  * boot: cover for hardware keys on phones/tablets

  [ Anton Golubev ]
  * hwdb: Add some HP IR cameras

  [ rhellstrom ]
  *     Conditional PSI check to reflect changes done in 5.13

  [ DocNITE ]
  * Added mised EVDEV_ABS_35 & EVDEV_ABS_36 for GAOMON s620

  [ Giovanni Baratta ]
  * man/tmpfiles: remove outdated behavior regarding symlink ownership

  [ nerdopolis ]
  * login: Fix incorrect reporting of CanMultiSession=no on non-seat0 seats
  * Clarify help information for --global
  * login: Add a new SecureAttentionKey dbus signal when Ctrl+Alt+Shift+Esc is pressed

  [ Eugeny Shcheglov ]
  * Fix typo in CAP_BPF description (#33464)

  [ oldherl ]
  * hwdb: fix keyboard of RedmiBook Pro 15 2022 (#33465)

  [ Robin Lee ]
  * vmspawn: define QEMU_MACHINE_TYPE for loongarch64

  [ Stuart Hayhurst ]
  * hwdb: Add override for headset form-factor for the Corsair Void Elite
  * hwdb: Fix Logitech G915 TKL (Bluetooth) appearing as a mouse

  [ Diego Viola ]
  * TODO: fix typos
  * TODO: fix more typos
  * meson: make lines more consistent
  * test-systemctl-enable: make titles more consistent
  * man: fix typo in systemd-tmpfiles
  * man: fix double is typo in systemd-tmpfiles

  [ Johannes Schneider ]
  * meson: bpf: propagate 'sysroot' for cross compilation

  [ Ludwig Nussel ]
  * systemctl: add shutdown --show option
  * logind: allow to read /proc
  * machined: set TTYPath for container shell
  * test: mark partition bootable
  * systemctl: Fix --show timestamp
  * systemctl: consistent output for scheduled shutdowns
  * machined: provide more details to polkit auth
  * logind: fix wall message for immediate shutdowns
  * systemctl: simplify halt_main()
  * logind: enable wall messages by default
  * logind: fix wall messages for direct shutdown calls
  * logind: require polkit auth for cancelling shutdowns
  * logind: refactor
  * systemctl: shutdown don't fallback on auth fail
  * test: add shutdown test
  * logind: add handle enum to struct
  * logind: style fixes
  * logind: increase max wall message length to 4096
  * logind: more verbose struct initialization
  * systemctl: fix halt -f
  * Revert "man: fix description of --force in halt(8) (#7392)"
  * systemctl: improve error messages related to halt failures
  * logind: fix handle_action_valid()
  * logind: load scheduled shutdown on restart
  * systemctl: use action_table for scheduling shutdown
  * logind: use mfree instead of freep
  * pull: fix PullFlags numbering
  * kmod-setup: load dmi-sysfs if it's a module
  * creds: refactor reading user password
  * docs: mention qemu fw_cfg size limitation
  * machined: pass shell command line to polkit
  * bootctl: print entry token as well
  * kernel-install: run depmod only if writeable
  * kernel-install: refactor some variables
  * bootctl: honor $KERNEL_INSTALL_CONF_ROOT
  * bootspec: show efi entry too
  * meson: ukify depends on GNU_EFI
  * chase-symlinks: new chase_symlinks_and_unlink()
  * bootctl: unlink and cleanup functions
  * manager: fix scope for environment generators
  * docs: fix coredump legacy example
  * bootctl: show report state and type in json output
  * strv: introduce strv_copy_unless_empty()
  * kernel-install: fix context_copy
  * kernel-install: silence num kernels installed
  * Revert "options" rename in json bootctl output
  * creds: allow null when decrypting
  * nsresourced: don't redefine of bpf_rdonly_cast
  * cryptenroll: use root device by default
  * bootctl: add --random-seed=yes/no
  * logind: implement maintenance time

  [ Maximilian Wilhelm ]
  * man/systemd.exec: list inaccessible files for ProtectKernelTunables

  [ Xeonacid ]
  * seccomp: add riscv_hwprobe to @default
  * vmspawn: define QEMU_MACHINE_TYPE for riscv

  [ pyfisch ]
  * Use consistent spelling of systemd.condition_first_boot argument

  [ reDBo0n ]
  * hwdb: add support for AIPTEK Media Tablet Ultimate (#33371)

  [ Raphaël Mélotte ]
  * src/basic/missing_loop.h: fix missing LOOP_SET_BLOCK_SIZE

  [ Ian Abbott ]
  * udev: tag MTD devices for systemd

  [ Tobias Jakobi ]
  * hwdb: add keyboard mappings for the Ayaneo Kun face buttons

  [ Kevin Fleming ]
  * Additional workaround for links to legacy /usr/share/systemd/tmp.mount placeholder

  [ David Seifert ]
  * Use correct `<fcntl.h>` include
  * Use correct `<poll.h>` include
  * gpt-auto: allow using without cryptsetup
  * test: remove brittle iszero_safe() test
  * libpasswdqc: add missing `#include "dlfcn-util.h"`

  [ Pierre GRASSER ]
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)
  * po: Translated using Weblate (French)

  [ Heran Yang ]
  * docs: fix typo in CGroup Interface
  * docs: fix escaped $ in CGroup Interface

  [ Scrambled 777 ]
  * po: Added translation using Weblate (Hindi)
  * po: Translated using Weblate (Hindi)
  * po: Translated using Weblate (Hindi)

  [ Leonard ]
  * hwdb: added hwdb rules for micmute and power button on Acer Nitro AN 515-58 (#32867)

  [ Tiago Rocha Cunha ]
  * po: Translated using Weblate (Portuguese)

  [ Chris Packham ]
  * basic/linux: Sync if_arp.h with Linux 5.14
  * basic: Add BCACHEFS magic

  [ Victor Berchet ]
  * hwdb: Lenovo 16G6IRL volume keys and friends (#33107)

  [ Maciej S. Szmigiero ]
  * hwdb: add another Logitech M705 mouse variant
  * hwdb: Add a common Logitech M185/M225 mouse variant
  * hwdb: Add a Logitech MX Master 3S (connected via Bolt Receiver)
  * hwdb: Add Logitech MX Master 3S Bluetooth ID

  [ Lain "Fearyncess" Yang ]
  * hwdb: add a vmbus id for HyperV Video device

  [ Christian Göttsche ]
  * copy: add flag COPY_MAC_CREATE to create with correct label
  * tmpfiles: create with correct MAC label on option C
  * core: reload SELinux label cache on daemon-reload
  * selinux-util: increase log severity
  * selinux-access: log warning on context acquisition failure
  * core: unit_label_path(): take const unit
  * core: move bus-util include out of selinux-access header
  * core: do not prepare a SELinux context for dummy files for devicenode bind-mounting
  * selinux: check return value of string_to_security_class()
  * selinux: add trigger for policy reload to refresh internal selabel cache
  * selinux: cache enforced status and treat retrieve failure as enforced mode
  * selinux: delay mac_selinux_enforcing call after SELinux was determined to be enabled
  * selinux: add unlikely compiler hints for cache functions
  * selinux: add debug logging to cache functions
  * selinux: print enforcing state in access check debug message
  * selinux: add parenthesis to function names in log messages
  * Initialize SELinux in user instances
  * Make failures of mac_selinux_init() fatal
  * selinux: update mac_selinux_free()
  * selinux: check mac_selinux_init() in tests
  * basic: add helper function mknod_label()
  * selinux: create standard user-runtime nodes with default context
  * namespace: fix MAC labels of TemporaryFileSystem=
  * shared: fix error handling in make_inaccessible_nodes
  * namespace: unify logging in mount_tmpfs
  * network: fix typo
  * Fix clang-11 issues
  * selinux: use SELinux status page
  * selinux: fork label-aware children with up-to-date label database
  * selinux: create unit invocation links with default SELinux context
  * selinux: create systemd/notify socket with default SELinux context
  * selinux: create /run/systemd/userdb directory and sockets with default SELinux context
  * selinux/systemctl: create unit file with default context on edit
  * selinux: early exit in mac_selinux_maybe_reload if not initialized
  * selinux: create /run/user/${USERID}/systemd with default context
  * socket-util: reset length argument for second getsockopt call in fd_[gs]et_rcvbuf
  * selinux: reload label db on policy load with libselinux 3.2
  * selinux: invoke selinux_set_callback(3) more type-safe
  * core: correct SELinux label of service credential directory
  * selinux: add function name to audit data
  * selinux: improve debug log format
  * selinux: name mac_selinux_generic_access_check as internal function
  * core: prefix functions to avoid identical static function names
  * core: use correct level for CPU time log message
  * login: do not issue wall messages on local terminals for suspend and hibernate
  * sysctl: increase log severity on failed write
  * core: respect SELinuxContext= for socket creation
  * test: fstab-generator: adjust PATH for fsck
  * core: update audit messages
  * loop-util: open lock fd read-only
  * basic: add mknodat_label()
  * basic: add open_mkdir_at_full()
  * shared: create inaccessible files with correct security label
  * sd-bus: close peer pidfd
  * tmpfiles: improve warning message and use O_NOCTTY

  [ Mathias Lang ]
  * networkd: Correct documentation for LinkLocalAddressing
  * docs/CONTRIBUTING.md: Fix links in CONTRIBUTING

  [ Nicholas Little ]
  * hwdb: Lenovo IdeaPad Z500 Touchpad Toggle (#33039)

  [ Daniel Winzen ]
  * cryptsetup: mention correct action in log message

  [ Gioele Barabucci ]
  * d/control: Use dh_installnss
  * d/libnss-myhostname.nss: Install NSS service `myhostname` via dh_installnss
  * d/libnss-mymaschines.nss: Install NSS service `mymaschines` via dh_installnss
  * d/libnss-resolve.nss: Install NSS service `resolve` via dh_installnss
  * d/libnss-systemd.nss: Install NSS service `systemd` via dh_installnss
  * docs/NETWORK_ONLINE: Move `Type=`, `RemainAfterExit=` to `[Service]`
  * docs/NETWORK_ONLINE: Use `until` instead of `while !`
  * debian/udev.debian-udev.sysusers: Add Debian-specific sysusers for udev
  * d/udev.postinst: Do not use addgroup to add udev-related groups
  * d/control: Remove adduser
  * d/libnss-mymachines.nss: Install before `resolve` and `dns`
  * d/libnss-myhostname.nss: Install after `files`

  [ drewbug ]
  * man: fix grammar for Name= option in systemd.link

  [ Arthur Zamarin ]
  * bash-completion: add missing option to systemd-cat
  * bash-completion: add missing option to systemd-cgls
  * bash-completion: add missing option to systemd-confext
  * shell completion: add bash completion for importctl
  * shell completion: fix machinectl import-{tar,raw}
  * shell-completions: install new completions which were forgotten
  * shell-completion: add bash-completion for run0 command
  * shell-completion: add bash-completion for systemd-vpick command
  * shell-completion: add missing args to bash systemd-analyze
  * shell-completion: add missing args to bash resolvectl
  * shell-completion: add missing args to zsh resolvectl
  * shell-completion: add bash completion for systemd-vmspawn
  * shell-completion: add missing args to bash systemd-run
  * shell-completion: add missing args to bash systemd-nspawn
  * shell-completion: add systemd-vmspawn to meson.build

  [ Jian-Hong Pan ]
  * hwdb: Fix kbd brightness keys on Acer Predator PH 315-52
  * hwdb: Fix Pinebook Pro's brightness up/down and sleep keys
  * hwdb: Enable JP-IK LEAP W502's touchpad toggle key

  [ Michał Kopeć ]
  * hwdb: add axis range corrections for Lenovo ThinkPad T14 Gen1
  * hwdb.d/60-keyboard.hwdb: enable Clevo quirk for model V5x0TU

  [ Radoslav Kolev ]
  * sd-event: increase test-event timeout to 120s
  * libsystemd-network: skip dhcp server test in case of EAFNOSUPPORT
  * test/test-rpm-macros.sh: add build directory to pkg-config search path

  [ Timo Rothenpieler ]
  * network: actually update radv mac
  * sd-netlink: introduce netlink_message_{read,append}_hw_addr
  * network: store full hardware address in Link struct
  * dhcp4: fix DHCP on InfiniBand interfaces
  * networkctl: use and print full hardware address
  * cgroup-util: allow cg_read_pid() to skip unmapped (zero) pids

  [ Michael Biebl ]
  * Replace with cherry-pick from upstream master
  * Unbreak upstream PR which dropped PACKAGE_VERSION
  * New upstream version 240
  * Update upstream source from tag 'upstream/240'
  * New upstream version 240
  * Rebase patches
  * Install new systemd-id128 binary
  * Update symbols file for libsystemd0
  * Update nss build options
  * Release version 240-1 to unstable
  * Pass seperate dev_t var to device_path_parse_major_minor
  * test-json: Check absolute and relative difference in floating point test
  * sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}()
  * udev-event: Do not read stdout or stderr if the pipefd is not created
  * Don't bump fs.nr_open in PID 1
  * Release version 240-2 to unstable
  * Fix typo in changelog
  * Replace with cherry-pick from upstream master
  * Replace with cherry-picks from upstream master
  * udev.init: Trigger add events for subsystems
  * udevadm: Refuse to run trigger, control, settle and monitor commands in chroot
  * network: Set link state configuring before setting addresses
  * libudev-util: Make util_replace_whitespace() read only len characters
  * man: Update color of journal logs in DEBUG level
  * Remove old state directory of systemd-timesyncd on upgrades
  * Release version 240-3 to unstable
  * meson: stop setting -fPIE globally
  * Import patches from v240-stable branch (up to f02b5472c6)
  * sd-device-monitor: Fix ordering of setting buffer size
  * meson: Stop setting -fPIE globally
  * Release version 240-4 to unstable
  * Merge pull request #11417 from yuwata/fix-11416
  * Fix typo in changelog
  * Disable fallback DNS servers in resolved
  * units: fix systemd.special man page reference in system-update-cleanup.service
  * cgtop: Fix processing of controllers other than CPU
  * udev: Restore debug level when logging a failure in the external prog called by IMPORT{program}
  * core: Remove "." path components from required mount paths
  * udev.init: Use new s-s-d --notify-await to start udev daemon
  * Re-add uaccess tag for /dev/dri/renderD*
  * Make /dev/dri/renderD* accessible to group "render"
  * Release version 241-2 to unstable
  * Drop systemd-shim alternative from libpam-systemd
  * Properly remove duplicate directories from systemd package
  * udev: Run programs in the specified order
  * bash-completion: Use default completion for redirect operators
  *  networkd: Clarify that IPv6 RA uses our own stack, no the kernel's
  * Revert "Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf"
  * network: Fix routing policy rule issue
  * pam-systemd: Use secure_getenv() rather than getenv()
  * Release version 241-3 to unstable
  * Switch debian-branch to experimental
  * New upstream version 242
  * Update upstream source from tag 'upstream/242'
  * New upstream version 242
  * journal-remote: Do not request Content-Length if Transfer-Encoding is chunked
  * Drop Revert-udev-network-device-renaming-immediately-give.patch
  * Rebase patches
  * Drop pre-stretch migration code
  * Drop /sbin/udevadm compat symlink
  * socket-util: Make sure flush_accept() doesn't hang on unexpected EOPNOTSUPP
  * Enable regexp matching support in journalctl using pcre2
  * Switch from libidn to libidn2
  * Release version 242-1 to experimental
  * Drop dependency on lsb-base
  * systemctl: Restore "systemctl reboot ARG" functionality
  * Merge pull request #12536 from poettering/rdrand-workaround-on-amd
  * Stop removing enablement symlinks in /etc/systemd/system
  * meson: stop creating .wants directories for {multi-user,getty}.target (#12569)
  * Revert "Build manpages in .deb variant."
  * Revert "debian/extra/checkout-upstream: Support submodules"
  * random-util: Eat up bad RDRAND values seen on AMD CPUs
  * Add check to switch VTs only between K_XLATE or K_UNICODE
  * Document that DRM render nodes are now owned by group "render"
  * Release version 241-4 to unstable
  * test-bpf: skip test when run inside containers
  * Drop support for /usr/sbin/halt.local
  * Revert "Add check to switch VTs only between K_XLATE or K_UNICODE"
  * Release version 241-5 to unstable
  * meson: stop creating .wants directories for {multi-user,getty}.target
  * Drop no longer needed halt-local.service.in
  * Replace manual removal of halt-local.service with upstream patch
  * Release version 242-2 to experimental
  * ask-password: Prevent buffer overflow when reading from keyring
  * Clarify documentation regarding %h/%u/%U specifiers
  * network: Behave more gracefully when IPv6 has been disabled
  * Merge pull request #12916 from yuwata/meson-drop-duplicated-line
  * Release version 241-6 to unstable
  * network: Fix failure to bring up interface with Linux kernel 5.2
  * meson: make nologin path build time configurable
  * test: replace Makefile copy with a symlink for TEST-28-PERCENTJ-WANTEDBY
  * Use /usr/sbin/nologin as nologin shell
  * Release version 241-7 to unstable
  * d/t/boot-smoke: check for NetworkManager instead of D-Bus activated polkitd
  * Release version 242-3 to experimental
  * Merge branch 'master' into experimental
  * Release version 242-4 to unstable
  * New upstream version 243~rc2
  * core: never propagate reload failure to service result
  * shared/seccomp: add sync_file_range2
  * bash-completion: don't sort syslog priorities
  * test-bpf: skip test when run inside containers
  * Release version 242-5 to unstable
  * Switch debian-branch to experimental
  * Merge tag 'upstream/243_rc2' into experimental
  * Drop dbus activation stub service
  * New upstream version 243~rc2
  * Rebase patches
  * Update symbols file for libsystemd0
  * core: stop removing non-existent and duplicate lookup paths
  * Install static-nodes-permissions.conf tmpfile in udev
  * Release version 243~rc2-1 to experimental
  * Drop unused lintian override
  * network: fix ListenPort= in [WireGuard] section
  * d/e/r/73-usb-net-by-mac.rules: import net.ifnames only for network devices
  * d/e/r/73-usb-net-by-mac.rules: skip if iface name was provided by user-space
  * Drop dbus activation stub service
  * Revert "core: check start limit on condition checks too"
  * Release version 242-6 to unstable
  * New upstream version 243
  * Update upstream source from tag 'upstream/243'
  * New upstream version 243
  * Drop trailing ~ from symbol versions now that we have the final v243 release
  * Rebase patches
  * sleep: properly pass verb to sleep script
  * core: factor root_directory application out of apply_working_directory
  * shared/bus-util: drop trusted annotation from bus_open_system_watch_bind_with_description()
  * Release version 242-7 to unstable
  * Merge branch 'master' into experimental
  * Release version 243-1 to experimental
  * Import patches from v243-stable branch (up to fab6f010ac)
  * man: fix typo
  * Release version 243-2 to experimental
  * Import patches from v243-stable branch (up to ef677436aa)
  * Release version 243-3 to experimental
  * debiant/tests/udev: replace deprecated ADTTMP with AUTOPKGTEST_TMP
  * Release version 242-8 to upstream
  * Merge branch 'master' into experimental
  * Release version 243-4 to experimental
  * Switch debian-branch to master
  * Switch default hierarchy (back) to hybrid
  * Drop masks for SysV init scripts that have been dropped
  * Drop masks for SysV init scripts provided by initscripts and bootlogd
  * Drop alias for rc.local and urandom as well
  * logind: fix emission of PropertiesChanged signal for users and seats
  * Bump Standards Version to 4.4.1
  * Release version 243-5 to unstable
  * Revert "sysusers: properly mark generated accounts as locked"
  * udev: ignore error caused by device disconnection
  * udev: do not append newline when writing attributes
  * Release version 243-6 to unstable
  * Fix build failure on arm64 with libseccomp >= 2.4.2
  * Release version 243-7 to unstable
  * Use DEP-14 branch names
  * udevadm: ignore EROFS and return earlier
  * udev: silence warning about PROGRAM+= or IMPORT+= rules
  * man: add entry about SpeedMeter=
  * udev: drop SystemCallArchitectures=native from systemd-udevd.service
  * Release version 243-8 to unstable
  * Mark udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch as Debian specific
  * Release version 243-9 to unstable
  * Switch debian-branch to debian/experimental
  * New upstream version 244
  * Update upstream source from tag 'upstream/244'
  * New upstream version 244
  * Rebase patches
  * Release version 244-1 to experimental
  * semaphore: switch branch to debian/master
  * Add lintian override for udev
  * Add lintian override for systemd-container
  * Make it easier to override MAC based name policy for USB network adapters
  * Switch debian-branch to debian/master
  * Move libpam-systemd Recommends from systemd to systemd-sysv
  * Release version 244-2 to unstable
  * Update udev-udeb to use 73-usb-net-by-mac.link
  * Release version 244-3 to unstable
  * Revert "Install missing files, prior to deduplication."
  * Revert "When doing upstream ci, install any missing files into the systemd package."
  * Revert "Add build-depends libssl-dev, libp11-kit-dev, libpwquality-dev for upstream CI of homed."
  * Revert "Add libfdisk-dev build-depends for upstream CI for repart tool."
  * New upstream version 244.1
  * Update upstream source from tag 'upstream/244.1'
  * New upstream version 244.1
  * core: don't allow perpetual units to be masked
  * Release version 244.1-1 to unstable
  * Report status of libpam-systemd and libnss-systemd in systemd reportbug template
  * Drop btrfs-progs Recommends from systemd-container
  * Fix processing of dpkg triggers in systemd
  * Use more consistent shell script headers
  * Fix cleanup of timesyncd state directory
  * Merge pull request #14718 from yuwata/man-repart-14716
  * Enable persistent journal
  * Release version 244.1-2 to unstable
  * Update documentation regarding network interface naming
  * Update debian/rules clean target to remove all Python bytecode
  * Update systemd package description
  * shared/dropin: fix assert for invalid drop-in
  * core: call dynamic_user_acquire() only when 'group' is non-null
  * Don't fail upgrade if /proc is not mounted
  * Release version 244.1-3 to unstable
  * New upstream version 244.2
  * Update upstream source from tag 'upstream/244.2'
  * New upstream version 244.2
  * Rebase patches
  * Bump Standards-Version to 4.5.0
  * Release version 244.2-1 to unstable
  * New upstream version 244.3
  * Update upstream source from tag 'upstream/244.3'
  * New upstream version 244.3
  * Release version 244.3-1 to unstable
  * Disable repart, userdb, homed, fdisk, pwquality, p11kit feature
  * analyze: fix table time output
  * execute: Fix migration from DynamicUser=yes to no
  * Drop manual clean up of /var/lib/private/systemd/timesync
  * Release version 245-1 to unstable
  * Revert "job: Don't mark as redundant if deps are relevant"
  * Release version 245-2 to unstable
  * New upstream version 245.2
  * Update upstream source from tag 'upstream/245.2'
  * New upstream version 245.2
  * Rebase patches
  * Enable seccomp support on riscv64
  * Use same GECOS field description as upstream for systemd-coredump
  * Drop migration code for the switch from DynamicUser=yes to no
  * Release version 245.2-1 to unstable
  * New upstream version 245.4
  * Update upstream source from tag 'upstream/245.4'
  * Update changelog
  * Enable systemd-pstore.service by default on new installs and upgrades
  * Revert "Enable seccomp support on riscv64"
  * Release version 245.4-1 to unstable
  * Small fixups for the previous commit
  * Small updates to debian/copyright
  * Release version 245.4-2 to unstable
  * pid1: by default make user units inherit their umask from the user manager
  * user-util: rework how we validate user names
  * Release version 245.4-3 to unstable
  * Drop Conflicts: virtualbox-guest-utils from systemd-timesyncd
  * pid1: automatically generate systemd-remount-fs.service deps, plus enable systemd-pstore from sysinit.target
  * Fix systemd-pstore.service enablement symlink on upgrades
  * Wrap overly long comment
  * Release version 245.4-4 to unstable
  * New upstream version 245.5
  * Update upstream source from tag 'upstream/245.5'
  * Update changelog
  * Rebase patches
  * Add reference to upstream issue for systemd-tmpfiles needing /proc
  * Release version 245.5-1 to unstable
  * Cherry-pick various fixes from upstream master
  * Install 60-block.rules in udev-udeb and initramfs-tools
  * Release version 245.5-2 to unstable
  * Bump priority of libnss-systemd to standard
  * logind: avoid shadow lookups when doing userdb client side
  * Disable DNSSEC support by default in resolved
  * Bump debhelper compatibility level to 13
  * Convert to dh_installsystemd and disable dh_installsystemduser
  * Drop custom initramfs update code
  * Release version 245.5-3 to unstable
  * man: fix conditional in homed.conf.xml
  * New upstream version 245.6
  * Update upstream source from tag 'upstream/245.6'
  * New upstream version 245.6
  * Rebase patches
  * Release version 245.6-1 to unstable
  * d/t/boot-and-services: use canonical name for NetworkManager service
  * Fix build with libmicrohttpd 0.9.71
  * Release version 245.6-2 to unstable
  * Release version 245.6-3 to unstable
  * Mark zstd Build-Depends as <!nocheck>
  * New upstream version 245.7
  * Tighten libzstd-dev Build-Depends
  * Update upstream source from tag 'upstream/245.7'
  * Update changelog
  * Rebase patches
  * Release version 245.7-1 to unstable
  * Switch debian-branch to debian/experimental
  * New upstream version 246
  * Update upstream source from tag 'upstream/246'
  * New upstream version 246
  * Rebase patches
  * Update symbols file for libsystemd0
  * Bump libapparmor-dev Build-Depends to (>= 2.13)
  * Disable libfido2 support
  * Release version 246-1 to experimental
  * Revert "Switch debian-branch to debian/experimental"
  * Release version v246-2 to unstable
  * New upstream version 246.1
  * Update upstream source from tag 'upstream/246.1'
  * New upstream version 246.1
  * Rebase patches
  * Release version 246.1-1 to unstable
  * Remove resolvconf.conf drop-in, resolved integration moved to resolvconf package
  * New upstream version 246.2
  * Update upstream source from tag 'upstream/246.2'
  * Update changelog for 246.2 release
  * Rebase patches
  * Add versioned Breaks against resolvconf (<< 1.83~) to systemd
  * Keep journal files compatible with older versions
  * Release version 246.2-1 to unstable
  * networkd: use socket activation when starting networkd
  * test: remove executable bit from testsuite-52.service
  * test-network: stop networkd and its socket
  * Merge pull request #16850 from mbiebl/networkd-socket-activation
  * Fix restart of systemd-networkd.socket
  * seccomp: Add support for riscv64
  * Support missing conditions/asserts everywhere
  * path: Skip directories when finalising $PATH search
  * Release version 246.2-2 to unstable
  * New upstream version 246.3
  * Update upstream source from tag 'upstream/246.3'
  * New upstream version 246.3
  * Rebase patches
  * Release version 246.3-1 to unstable
  * New upstream version 246.4
  * Update upstream source from tag 'upstream/246.4'
  * New upstream version 246.4
  * Rebase patches
  * Release version 246.4-1 to unstable
  * New upstream version 246.5
  * Update upstream source from tag 'upstream/246.5'
  * New upstream version 246.5
  * Rebase patches
  * Release version 246.5-1 to unstable
  * New upstream version 246.6
  * Update upstream source from tag 'upstream/246.6'
  * New upstream version 246.6
  * Rebase patches
  * Release version 246.6-1 to unstable
  * basic/missing_syscall: fix syscall numbers for mips*
  * XDG autostart improvements
  * Re-enable seccomp support on riscv64
  * Move sysusers.d/sysctl.d/binfmt.d/modules-load.d back to /usr
  * units: update serial-getty@.service to support 57600 baud rate
  * bootspec: don't fail with EIO if searching for ESP and finding one without an enveloping partition table
  * Release version 246.6-2 to unstable
  * Merge pull request #17297 from keszybz/tmpfiles-sysusers-disable-standalone-image
  * Switch debian-branch to debian/experimental
  * New upstream version 247~rc2
  * Update upstream source from tag 'upstream/247_rc2'
  * New upstream version 247~rc2
  * Rebase patches
  * Explicitly disable oomd
  * Use -Dmode=release as we want a release, not developer, build
  * Update symbols file for libudev1
  * Update symbols file for libsystemd0
  * Release version 247~rc2-1 to experimental
  * missing: define several syscall numbers for MIPS arch
  * Release version 247~rc2-2 to experimental
  * test: bump timeout for test-libcrypt-util
  * pam: include pam_keyinit session module in systemd-user
  * pam: move systemd-user PAM config from /etc/pam.d to /usr/lib/pam.d
  * init-functions: update LSB hook to not use ignore-dependencies
  * d/t/timedated: use /bin/bash to work around job handling issue in dash
  * Release version 246.6-3 to unstable
  * Revert "Trigger a systemctl daemon-reload when init scripts are installed or removed"
  * Release version 246.6-4 to unstable
  * Drop non-functional DefaultTasksMax patch
  * Merge pull request #17706 from ddstreet/test-move-pam-systemd-user
  * test-seccomp: accept ENOSYS from sysctl(2) too
  * test/test-functions: copy /usr/lib/pam.d into $initdir
  * Release version 246.6-5 to unstable
  * Merge tag 'debian/246.6-5' into debian/experimental
  * sd-device: make sd_device_has_current_tag() compatible with udev database generated by older udevd
  * Add Breaks: udev (<< 247~) to systemd
  * Release version 247~rc2-3 to unstable
  * New upstream version 247
  * Update upstream source from tag 'upstream/247'
  * New upstream version 247
  * Rebase patches
  * Update symbol versions for the v247 release
  * Release version 247-1 to experimental
  * Switch debian/watch back to systemd-stable repo now that v247 is released
  * New upstream version 247.1
  * Update upstream source from tag 'upstream/247.1'
  * New upstream version 247.1
  * Release version 247.1-1 to experimental
  * Revert "d/t/timedated: use /bin/bash to work around job handling issue in dash"
  * Merge branch 'debian/experimental' into debian/master
  * Switch debian-branch to debian/master
  * Release version 247.1-2 to unstable
  * d/t/timedated: Ignore return code of dbus-monitor in wait_mon()
  * Release version 247.1-3 to unstable
  * sd-device: keep escaped strings in DEVLINK= property
  * Release version 247.1-4 to unstable
  * Move udev NEWS entry to systemd
  * New upstream version 247.2
  * Update upstream source from tag 'upstream/247.2'
  * Rebase patches
  * test: fix fd_is_mount_point() check
  * Release version 247.2-1 to unstable
  * Switch to "unified" cgroup hierarchy (i.e. cgroupv2)
  * Release version 247.2-2 to unstable
  * test: use modern qemu numa arguments
  * Increase timeout when running unit tests
  * init-functions, getty-static.service: Don't hard-code path to systemctl binary
  * getty-static.service: Skip if dbus-broker is installed
  * Release version 247.2-3 to unstable
  * Move libraries and NSS modules from /lib to /usr/lib
  * Release version 247.2-4 to unstable
  * systemctl: do not shutdown immediately on scheduled shutdown
  * test: disable DnsmasqClientTest.test_resolved_etc_hosts in networkd-test.py
  * Bump Standards-Version to 4.5.1
  * Set upstream metadata fields: Bug-Submit, Bug-Database, Repository, Repository-Browse
  * Release version 247.2-5 to unstable
  * New upstream version 247.3
  * Update upstream source from tag 'upstream/247.3'
  * New upstream version 247.3
  * Rebase patches
  * Release version 247.3-1 to unstable
  * Downgrade a couple of warnings to debug
  * core: fix mtime calculation of dropin files
  * analyze: slightly reword PrivateTmp= message
  * rules: move ID_SMARTCARD_READER definition to a <70 configuration
  * units: turn off DNSSEC validation when timesyncd resolves hostnames
  * table: drop trailing white spaces of the last cell in row
  * Release version 247.3-2 to unstable
  * pkg-config: make prefix overridable again
  * Revert "units: turn off DNSSEC validation when timesyncd resolves hostnames"
  * Release version 247.3-3 to unstable
  * Fix patch metadata to be gbp dch compliant
  * network: Delay addition of IPv6 Proxy NDP addresses
  * Release version 247.3-4 to unstable
  * udev-udeb: setup /dev/fd, /dev/std{in,out,err} symlinks
  * Release version 247.3-5 to unstable
  * Switch debian-branch to debian/experimental
  * Release version 248-1 to experimental
  * New upstream version 248.1
  * Update upstream source from tag 'upstream/248.1'
  * New upstream version 248.1
  * Rebase patches
  * d/e/checkout-upstream: switch to main branch
  * Set executable bit for make-fbdev-blacklist script
  * Update make-fbdev-blacklist to not blacklist hyperv_fb
  * Release version 248.1-1 to experimental
  * d/t/control: drop obsolete alternative util-linux dependency
  * New upstream version 248.2
  * Update upstream source from tag 'upstream/248.2'
  * New upstream version 248.2
  * Release version 248.2-1 to experimental
  * New upstream version 248.3
  * Update upstream source from tag 'upstream/248.3'
  * New upstream version 248.3
  * Rebase patches
  * Release version 248.3-1 to experimental
  * Switch debian/watch from systemd-stable to systemd to get pre releases
  * New upstream version 249~rc1
  * Update upstream source from tag 'upstream/249_rc1'
  * New upstream version 249~rc1
  * Rebase patches
  * Replace m4 Build-Depends with python3-jinja2
  * Update symbols file for libsystemd0
  * test: do not run 'meson configure' if NO_BUILD is set
  * test: drop the mawk-incompatible expression
  * Add gawk <!nocheck> to Build-Depends
  * autopkgtest: add udev dependency to unit-tests
  * Release version 249~rc1-1 to experimental
  * New upstream version 249~rc2
  * Update upstream source from tag 'upstream/249_rc2'
  * New upstream version 249~rc2
  * Rebase patches
  * Release version 249~rc2-1 to experimental
  * New upstream version 249~rc3
  * Update upstream source from tag 'upstream/249_rc3'
  * New upstream version 249~rc3
  * Rebase patches
  * Release version 249~rc3-1 to experimental
  * New upstream version 249
  * Update upstream source from tag 'upstream/249'
  * New upstream version 249
  * Rebase patches
  * Update symbol versions for the v249 release
  * Fix removal of systemd-hwdb-update.service
  * Revert "Switch debian/watch from systemd-stable to systemd to get pre releases"
  * Release version 249-1 to experimental
  * New upstream version 249.1
  * Update upstream source from tag 'upstream/249.1'
  * New upstream version 249.1
  * Release version 249.1-1 to experimental
  * New upstream version 249.2
  * Update upstream source from tag 'upstream/249.2'
  * New upstream version 249.2
  * Rebase patches
  * Release version 249.2-1 to experimental
  * Remove obsolete upgrade code from maintainer scripts
  * Clean up old versions from maintscript files
  * Drop obsolete systemd Breaks/Replaces
  * Drop obsolete python-dbusmock Breaks
  * Turn versioned systemd-shim Breaks into unversioned Conflicts
  * Drop patches which are no longer needed after bullseye
  * Stop setting up device symlinks for CD-RW/DVD drives
  * autopkgtest: add systemd-timesyncd dependency to timedated test
  * autopkgtest: clean up dependencies of boot-smoke test
  * Release version 249.2-2 to experimental
  * New upstream version 249.3
  * Update upstream source from tag 'upstream/249.3'
  * New upstream version 249.3
  * Rebase patches
  * Remove obsolete systemd-resolve compat symlink
  * Release version 249.3-1 to experimental
  * Provide standalone binaries for sysusers and tmpfiles
  * Fix test dependencies of upstream test
  * Release version 249.3-2 to experimental
  * test: fix TEST-10-ISSUE-2467
  * Use C/R/P for systemd-sysusers and systemd-tmpfiles
  * Release version 249.3-3 to experimental
  * Set upstream-branch to upstream/247.x
  * New upstream version 247.9
  * Update upstream source from tag 'upstream/247.9'
  * New upstream version 247.9
  * Rebase patches
  * Fix removal of systemd-hwdb-update.service
  * Release version 247.9-1 to unstable
  * Add Conflicts/Replaces: systemd to systemd-standalone-{sysusers,tmpfiles}
  * Release version 249.3-4 to unstable
  * New upstream version 249.4
  * Update upstream source from tag 'upstream/249.4'
  * New upstream version 249.4
  * Rebase patches
  * Release version 249.4-1 to experimental
  * Demote systemd-timesyncd from Depends to Recommends
  * Release version 247.9-2 to unstable
  * Revert multipath symlink race fix
  * Release version 247.9-3 to unstable
  * Revert "tests/udev-test.pl: add multiple device test"
  * networkd-test: fix resolved_domain_restricted_dns
  * test: Fix flakiness in TEST-10-ISSUE-2467
  * autopktest: Fix timedated test dependencies
  * autopkgtest: Merge configuration of logind test with timedated and related tests
  * Revert "test: disable DnsmasqClientTest.test_resolved_etc_hosts in networkd-test.py"
  * networkd-test: fix resolved_domain_restricted_dns
  * Release version 247.9-4 to unstable
  * Merge branch 'debian/master' into debian/experimental
  * Remove unused initialize_coredump() function
  * Fix #993738 by pulling the patches from upstream PR#20603
  * Release version 249.4-2 to unstable
  * New upstream version 249.5
  * Update upstream source from tag 'upstream/249.5'
  * New upstream version 249.5
  * Rebase patches
  * Update debian/copyright
  * Clean up lintian overrides
  * Release version 249.5-1 to unstable
  * hwdb: Allow console users access to media* nodes
  * Release version 249.5-2 to unstable
  * New upstream version 249.6
  * Update upstream source from tag 'upstream/249.6'
  * New upstream version 249.6
  * Rebase patches
  * test: use kbd-mode-map we ship in one more test case
  * Bump Standards-Version to 4.6.0
  * Drop obsolete C/R upstart from systemd-sysv
  * Drop obsolete dpkg (>= 1.19.3) | systemd-sysv dependency from udev
  * Make the C/R against systemd versioned in systemd-standalone-{sysusers,tmpfiles}
  * Drop obsolete migration code for RAMTMP, TPMTIME and UTC
  * Release version 249.6-1 to unstable
  * Consider dbus-broker in systemd-logind.service Condition check
  * Temporarily disable LTO
  * Use more consistent ordering in .install files
  * sysusers: split up systemd.conf
  * Release version 249.6-2 to unstable
  * Clean up udev.install a bit
  * scope: count successful cgroup additions when delegating via D-Bus
  * Release version 249.6-3 to unstable
  * New upstream version 249.7
  * Update upstream source from tag 'upstream/249.7'
  * New upstream version 249.7
  * Rebase patches
  * Release version 249.7-1 to unstable
  * Switch debian-branch to experimental
  * test: record missing openssl as a failure
  * test: mark TEST-46-HOMED as skipped if feature is disabled
  * New upstream version 250~rc3
  * Update upstream source from tag 'upstream/250_rc3'
  * New upstream version 250~rc3
  * Bump meson Build-Depends to (>= 0.53.2)
  * Rebase patches
  * Update symbols file for libsystemd0
  * Update removal of upstream provided license files
  * Use -Durlify=false instead of shipping an upstream revert patch
  * Explicitly disable OpenSSL support
  * autopkgtest: install dbus-user-session for upstream test
  * Revert "Temporarily disable LTO"
  * Small updates to debian/copyright
  * Remove dbus introspection files
  * Release version 250~rc3-1 to experimental
  * New upstream version 250
  * Update upstream source from tag 'upstream/250'
  * New upstream version 250
  * Rebase patches
  * Update symbol versions for the v250 release
  * Release version 250-1 to experimental
  * Drop separate udeb build
  * Don't override sourcedir/destdir anymore
  * Cherry-pick various fixes targeted for v250-stable
  * Release version 250-2 to experimental
  * New upstream version 250.1
  * Update upstream source from tag 'upstream/250.1'
  * New upstream version 250.1
  * Rebase patches
  * Release version 250.1-1 to experimental
  * oomd: move oomctl to bindir
  * oomd: move oomctl to bindir
  * Enable systemd-repart and ship it in the main systemd package
  * test-repart: append /sbin and /usr/sbin to $PATH= so sfdisk can be found
  * Release version 250.1-2 to experimental
  * test: explicitly configure oomd stuff via dropins
  * autopkgtest: add systemd-oomd dependency to upstream test
  * New upstream version 250.2
  * Update upstream source from tag 'upstream/250.2'
  * Update changelog
  * Rebase patches
  * Switch debian-branch to debian/master
  * Release version 250.2-1 to unstable
  * units: don't install dbus-org.freedesktop.oom1.service alias
  * test: enable systemd-oomd.service
  * Ship systemd-oomd.socket in correct systemd-oomd package
  * Don't install dbus-org.freedesktop.oom1.service symlink
  * Release version 250.2-2 to unstable
  * Don't stop systemd-oomd.socket during upgrades
  * Release version 250.2-3 to unstable
  * New upstream version 250.3
  * Update upstream source from tag 'upstream/250.3'
  * Update changelog
  * Add Recommends: libdw1 to systemd-coredump
  * Release version 250.3-1 to unstable
  * Add Recommends: dbus-user-session to libpam-systemd
  * Report status of dbus-user-session in systemd reportbug template
  * man: fix typo
  * login: typo fix
  * tree-wide: fix duplicated words
  * New upstream version 251~rc1
  * Update upstream source from tag 'upstream/251_rc1'
  * New upstream version 251~rc1
  * Rebase patches
  * Update symbols file for libsystemd0
  * Install shell completions for oomctl in systemd-oomd
  * Release version 251~rc1-1 to experimental
  * Drop outdated comment
  * Revert "Ignore libsystemd-core in dh_shlibdeps"
  * Adjust library search path for dh_shlibdeps
  * Release version 251~rc1-2 to experimental
  * Do not ship /usr/lib/tmpfiles.d/systemd-resolve.conf in systemd
  * hwdb: fix parsing options
  * Release version 251~rc1-3 to experimental
  * New upstream version 251~rc2
  * Update upstream source from tag 'upstream/251_rc2'
  * New upstream version 251~rc2
  * Rebase patches
  * Update symbols file for libsystemd0
  * Release version 251~rc2-1 to experimental
  * sd-device: always translate sysname to sysfs filename
  * Release version 251~rc2-2 to experimental
  * Enable pager Hyperlink ANSI sequence support
  * Drop unnecessary version constraints / dependencies
  * Update liblz4-dev Build-Depends as per meson.build
  * Use lower case consistently to start short description
  * Move homectl and userdbctl to bindir
  * New upstream version 251.2
  * Update upstream source from tag 'upstream/251.2'
  * New upstream version 251.2
  * Rebase patches
  * Fix parsing of command line options in fsckd
  * Do not require a valid version when parsing sd-boot loader entries
  * Add dpkg file trigger for systemd-binfmt to update binfmt registrations
  * Use a single NEWS file shipped in the main systemd package
  * Release version 251.2-1 to unstable
  * sha256: fix compilation on efi-ia32
  * Release version 251.2-2 to unstable
  * Move homectl and userdbctl to /usr/bin
  * Switch debian-branch to experimental
  * meson: install libsystemd-shared into rootpkglibdir
  * Install libsystemd-shared into rootpkglibdir
  * Split out libsystemd-shared into its own package
  * salsa-ci: disable piuparts
  * Split out systemd-boot into its own package
  * Add NEWS entry for the systemd-boot package split
  * Fix versions in Breaks/Replaces for systemd-boot split
  * Fix spelling error in debian/changelog
  * Use try-restart in systemd-binfmt dpkg trigger
  * Fix bashism in kernel-install
  * Upload to unstable
  * Release version 251.2-4 to unstable
  * Tweak description of systemd-homed package
  * Move shlibs dependencies of libsystemd-shared from Pre-Depends to Depends
  * Add versioned Breaks against sicherboot for the systemd-boot split
  * Drop old Conflicts against hal from udev
  * Release version 251.2-5 to unstable
  * Do not fail EFI build with newer binutils
  * shared/microhttp-util: silence gcc warning
  * Clarify NEWS message about systemd-boot split
  * Release version 251.2-6 to unstable
  * Use https for freedesktop.org
  * sd-boot: exit early in initramfs and kernel hook scripts if package is removed but not purged
  * Do not fail with older binutils
  * Release version 251.2-7 to unstable
  * Use https for man7.org
  * Use https for gnu.org
  * autopkgtest: install openssl for upstream test
  * Start all short descriptions with lowercase consistently
  * Add versioned dependency on init-system-helpers to systemd-homed
  * Demote shlibs dependencies of libsystemd0 from Pre-Depends to Depends
  * Work around some more dh_installman issues
  * Release version 251.2-8 to unstable
  * New upstream version 251.3
  * Update upstream source from tag 'upstream/251.3'
  * New upstream version 251.3
  * Do not fail EFI build with newer binutils
  * Rebase patches
  * Release version 251.3-1 to unstable
  * Fix typo in systemd-resolved package description
  * Merge branch 'debian/experimental' into debian/master
  * Merge changes from experimental and release version 251.3-2 to unstable
  * New upstream version 251.4
  * Update upstream source from tag 'upstream/251.4'
  * New upstream version 251.4
  * Rebase patches
  * Release version 251.4-1 to unstable
  * Install NEWS.Debian file into all binary packages
  * Handle removal of /var/log/README
  * New upstream version 251.5
  * Update upstream source from tag 'upstream/251.5'
  * Update changelog
  * Rebase patches
  * Release version 251.5-1 to unstable
  * salsa-ci: rename gitlab-ci.yml to salsa-ci.yml
  * salsa-ci: drop no longer needed workaround for lintian false positives
  * udev: fix regression in udev-builtin path_id when processing NVME devices
  * Release version 251.5-2 to unstable
  * logind: fix getting property OnExternalPower via D-Bus
  * Update comment regarding logind restart
  * Update symbol versions for the v251 release
  * ata_id: fix getting Response Code from SCSI Sense Data
  * logind: do not emit beep in wall messages
  * logind: remember our idle state and use it to detect idle level transitions
  * Merge pull request #24976 from mbiebl/logind-fix-dbus-on_ac_power
  * logind: fix getting property OnExternalPower via D-Bus
  * Release version 251.5-3 to unstable
  * New upstream version 251.6
  * Update upstream source from tag 'upstream/251.6'
  * New upstream version 251.6
  * Rebase patches
  * Use dh_installsystemd to enable machines.target in systemd-container
  * Release version 251.6-1 to unstable
  * Install sysusers.d and tmpfiles.d man pages in standalone packages
  * Merge pull request #25083 from bluca/revert_timer
  * Keep policykit-1 as alternative dependency to polkitd
  * Update remaining policykit-1 (test) dependencies and prefer polkitd
  * Release version 252.2-2 to unstable
  * New upstream version 252.3
  * Update upstream source from tag 'upstream/252.3'
  * New upstream version 252.3
  * Rebase patches
  * Release version 252.3-1 to unstable
  * Skip flaky test_resolved_domain_restricted_dns in networkd-test.py
  * Release version 252.3-2 to unstable
  * test: fix TEST-73-LOCALE on Debian
  * Refresh patches
  * Tweak description of systemd and systemd-sysv package
  * autopkgtest: add psmsic to upstream suite
  * autopkgtest: add xkb-data, locales and locales-all to upstream suite
  * autopkgtest: prefer knot-dnssecutils over knot-dnsutils for upstream suite
  * Cherry-pick upstream fixes for TEST-74-AUX-UTILS
  * Cherry-pick upstream fix for TEST-73-LOCALE
  * Skip firstboot --prompt-keymap check in TEST-74-AUX-UTILS
  * Release version 252.4-2 to unstable
  * test: skip firstboot --prompt-keymap check if keymaps are missing
  * Run the systemd-binfmt trigger unconditionally
  * Ask before attaching the udev db information to the bug report
  * Install D-Bus interface files in systemd-dev
  * Clean up a couple more __pycache__ directories
  * Remove workarounds for dh_installman
  * Remove all empty directories from (/usr)/lib
  * Remove no longer needed maintainer scripts migration code for versions older then oldstable
  * Revert "Add workaround for Meson regression to fix FTBFS on mips64el"
  * Release version 254.1-3 to unstable
  * Remove obsolete SysV init script
  * Use dh_installsystemd to handle systemd-udevd.service
  * Add Conflicts against initscripts and orphan-sysvinit-scripts
  * Fix installation of tzdata-legacy
  * Drop obsolete Breaks/Replaces and migration code for versions older than oldstable
  * Drop -f from update-rc.d udev remove
  * test: use kill-whom instead of kill-who (the latter is deprecated)
  * Update symbol versions for the final 254 release
  * Remove mangling of man pages post build trying to fix up paths
  * Use a drop-in to avoid startup failures of systemd-logind when dbus is missing
  * Add versioned Breaks against dracut
  * Release version 255~rc2-2 to unstable
  * Use canonical paths for scripts in debian/extra
  * autopkgtest: install systemd-boot-efi for upstream suite
  * test: skip tests for unsupported localectl features
  * Update symbol versions for the final 255 release
  * Install systemd and udev files explicitly without duplicates
  * Mark usr/lib/sysctl.d/50-pid-max.conf as arch specific
  * Fix arch "all" builds
  * Install standalone binaries using dh-exec
  * Print empty directories
  * Split ukify into a separate package named systemd-ukify
  * Add a reference to #1038137 for the boot-and-services workaround
  * Make the Conflicts against bfh-container and progress-linux-container versioned
  * Update version in Breaks/Replaces for systemd-ukify split
  * Release version 255.1-1 to experimental
  * Upgrade the Breaks to Conflicts for the systemd-ukify package split
  * Update package description of libnss-myhostname to use the correct IPv4 address
  * resolved: actually check authenticated flag of SOA transaction
  * Explicitly disable ukify for stage1 builds
  * Enable dh-exec for systemd.manpages and udev.install
  * Restrict pcr/tpm2 related files to UEFI architectures
  * Install dmi_memory_id and its udev rules file only on dmi architectures
  * Fix stage1 profile build
  * Release version 255.1-2 to experimental
  * Fix installation of dmi_memory_id on i386 and x32
  * Explicitly disable bootloader for stage1 build
  * Mark missing man pages from stage1 build
  * Release version 255.1-3 to unstable
  * Cherry-pick fixes for upstream integration tests
  * Add explicit Build-Depends on debhelper (>= 13.11.6)
  * test: deny-list TEST-13-NSPAWN
  * Release version 255.2-3 to unstable
  * autopkgtest: add btrfs-progs Depends to upstream suite
  * Revert "test: deny-list TEST-13-NSPAWN"
  * autopkgtest: add multipath-tools and kpartx Depends to upstream suite
  * test: install correct kpartx udev rules on Debian
  * Release version 255.2-4 to unstable
  * systemctl: drop chain invocation of telinit
  * autopkgtest: depend on pkgconf rather than pkg-config
  * upstream-ci: move bootctl related units to systemd-boot
  * Stop setting default-hierarchy to unified explicitly
  * Drop build-api support
  * Replace Skip-flaky-test_resolved_domain_restricted_dns-in-network.patch
  * man: fix systemd-timedated man page wrt ntp-units.d
  * Fix bpf-framework build failure with gcc-bpf
  * Remove myself from Uploaders
  * Stop setting the build system explicitly
  * Remove systemd-dev dependency from systemd and udev

  [ Matt Muggeridge ]
  * IPv6 RA: Support the Retrans Timer field (IPv6 Conformance Test: v6LC.2.1.5)
  * network/ndisc: also set sysctl hop_limit value
  * network: IPv6 Compliance: Router Advertisement Processing, Reachable Time [v6LC.2.2.15] (#32792)
  * network: IPv6 Compliance RFC4862: Address Lifetime Expiry (Hosts Only) [v6LC.3.2.2]

  [ KayJay7 ]
  * hwdb: ASRock LED Controller classified incorrectly as joystick due to buttons and axis (#32775)

  [ zeroskyx ]
  * hwdb: Add accelerometer data for Librem11 (#29974)
  * hwdb: updated Librem 11 accelerometer (#32772)

  [ mburucuyapy ]
  * hwdb: update Dere N12 / Juno Tablet 3 accelerometer (#32765)

  [ Lucas Salles ]
  * Fix Positivo N14EPE and N15EPE key toggle touchpad and search key

  [ Florian Fainelli ]
  * basic/linux: Copy netfilter.h to the source tree

  [ hydrargyrum ]
  * shell-completion: on zsh, systemd-cat is a precommand

  [ Jarne Förster ]
  * po: Translated using Weblate (German)

  [ Colin Watson ]
  * docs,man: Avoid some ambiguous uses of "may not"

  [ Vladimir Stoiakin ]
  * cryptenroll, homectl: deduplicate generation of LUKS2 volume keys
  * cryptsetup: Add support for EC keys in PKCS#11 tokens
  * cryptsetup: convert a EC point to compressed format if required by a token
  * TEST-24-CRYPTSETUP: add test for PKCS#11 tokens
  * cryptenroll: change class in provided PKCS#11 URI if necessary
  * TEST-24-CRYPTSETUP: depend on OpenSSL for testing PKCS#11 tokens
  * cryptenroll: allow to use a public key on a token
  * cryptsetup: make type-specific checks for PKCS#11 private keys

  [ Adrian Wannenmacher ]
  * man: fix efi var vendor uuid for systemd-bless-boot.service
  * docs: minor improvements to CREDENTIALS.md

  [ Moritz Sanft ]
  * repart: respect `SOURCE_DATE_EPOCH` on `mkdir_p_root`

  [ Takashi Sakamoto ]
  * hwdb: add hardware database for unit of IEEE 1394
  * hwdb: add parser grammar for IEEE 1394 unit function list
  * hwdb: allow parser to expect usage of slash sign in value of property
  * hwdb: add database entries for models with ASICs in BeBoB solution
  * hwdb: add database entries for models with Fireworks board module
  * hwdb: add database entries for models with OXFW970/971 ASICs
  * hwdb: add database entries for models based on DICE ASICs with TCAT specification
  * hwdb: add database entries for models based on DICE ASICs specialized to M-Audio
  * hwdb: add database entries for models based on DICE ASICs specialized to Weiss Engineering
  * hwdb: add database entries for models based on DICE ASICs specialized by Loud Technologies
  * hwdb: add database entries for models based on DICE ASICs specialized by Harman Music Group
  * hwdb: add database entries for models based on DICE ASICs specialized by Solid State Logic
  * hwdb: add database entries for models of Digidesign Digi 00x family
  * hwdb: add database entries for Tascam FireWire series
  * hwdb: add database entries for MOTU FireWire series
  * hwdb: add database entries for RME Fireface series
  * hwdb: add database entries for Yamaha mLAN 2nd generation
  * hwdb: add database entries for Yamaha mLAN 3rd generation
  * hwdb: add database entries for Focusrite Liquid Mix series
  * hwdb: add database entries for TC Electronic PowerCore FireWire series
  * hwdb: add database entry for node with single unit with video function
  * hwdb: add database entries for node with multiple units
  * hwdb: add database entries for node with single unit for multiple functions
  * hwdb: fix parser to execute test for ieee1394-unit-function with no argument
  * hwdb: ieee1394-unit-function: fix indentation
  * hwdb: ieee1394-unit-function: add entries for Digital Everywhere FloppyDTV and FireDTV
  * hwdb: ieee1394-unit-function: add IIDC generic entries
  * hwdb: ieee1394-unit-function: add entries for Point Grey cameras
  * hwdb: ieee1394-unit-function: remove entry for Cool Stream iSweet
  * hwdb: ieee1394-unit-function: add entry for AV/C device with generic AV/C command set
  * hwdb: ieee1394-unit-function: add entry for AV/C device with vendor unique command set
  * udev: uaccess: remove ID_FFADO entry
  * hwdb: ieee1394-unit-function: correct entries for Phonic products
  * hwdb: ieee1394-unit-function: correct comment for Mackie Onyx-i series
  * hwdb: ieee1394-unit-function: correct comment for Mackie d.2 and d.2 Pro
  * hwdb: ieee1394-unit-function: correct entries for eAR Master One and Terratec Aureon 7.1 FireWire
  * hwdb: ieee1394-unit-function: add entry for MOTU Track 16
  * hwdb: ieee1394-unit-function: fullfill for Sony DCR-TRV310
  * hwdb: ieee1394-unit-function: add comment about legacy AV/C devices
  * hwdb: ieee1394-unit-function: add MOTU 896 mk3 Hybrid
  * hwdb: ieee1394-unit-function: remove superfluous Weiss Engineering DAC1 entry
  * hwdb: ieee1394-unit-function: add Weiss Engineering DAC202 (Maya edition)
  * hwdb: ieee1394-unit-function: add Weiss Engineering INT203 entry with older firmware
  * hwdb: ieee1394-unit-function: add Weiss Engieering MAN301
  * hwdb: ieee1394-unit-function: add Miglia Technology Harmony Audio (HA02)
  * hwdb: ieee1394-unit-function: arrangement for Sony DVMC-DA1
  * hwdb: ieee1394-unit-function: adjustment of entries with device attributes available in Linux v6.8
  * hwdb: ieee1394-unit-function: add Tascam IF-FW/DM mkII

  [ Nicolas Bouchinet ]
  * systemd-boot: Allow key enroll in AuditMode

  [ Richard Maw ]
  * test: Skip test-recurse-dir on overlayfs
  * test: Create analyze chroot with --rbind
  * test: slacken plugged -> dead test
  * test: mount overlayfs over /usr in some tests
  * mkosi: Allow the output directory to be overridden
  * mkosi: Add testuser and tar to system image
  * mkosi: Install locales in fedora
  * mkosi: make sysvinit path inference consistent
  * mkosi: Remove testuser from base/mkosi.postinst.chroot
  * mkosi: Add selinux support to CentOS and Fedora initrds
  * mkosi: Extend default device timeout to 20 seconds
  * test: Add mkosi-based integration test runner
  * mkosi: Update to latest
  * test: document when writable /usr overlays may be needed
  * test: Shut down tests on crash
  * mkosi: Add psmisc to arch for killall
  * mkosi: Add psmisc to debian-ubuntu for killall
  * mkosi: Add psmisc to opensuse for killall
  * mkosi: Build images with --debug to aid debugging in CI
  * test: Add --debug when running mkosi through integration-test-wrapper
  * ci: Update mkosi version
  * ci: Add the meson logs to failure log artifacts
  * test: Disable network by default in mkosi tests
  * mkosi: Use default opensuse kernel for tests
  * mkosi: use generic ubuntu kernel for udev and nvme tests
  * TEST-17-UDEV: Skip credentials test if service not loaded
  * TEST-19-CGROUP: Skip on opensuse
  * TEST-25-IMPORT: Skip if importctl not installed
  * TEST-26-SYSTEMCTL: Create /etc/init.d if needed
  * TEST-36-NUMAPOLICY: Bump PID1 strace time to 3 seconds
  * TEST-81-GENERATORS: Clean /proc/cmdline of unusual mounts
  * test/meson.build: Add some runnable integration tests
  * mkosi: Add curl package for journal tests
  * TEST-35-LOGIN: Handle multiple lock messages per sleep
  * TEST-13-NSPAWN: move container template to /usr/share
  * TEST-13-NSPAWN: move disk images to /var/tmp
  * test: Enable more mkosi integration tests
  * mkosi: Fix particle profile
  * test: Skip TEST-06-SELINUX early if not on fedora/centos
  * test: Integrate custom selinux relabelling unit with firstboot
  * mkosi: Disable selinux labelling and install policy in initramfs
  * test: Enable TEST-06-SELINUX testing with mkosi
  * TEST-21-DFUZZER: Skip test if dfuzzer is not installed
  * TEST-74-AUX-UTILS: Support credential-provided root SSH public key
  * TEST-74-AUX-UTILS: Support systems with pre-existing modules config
  * TEST-74-AUX-UTILS: Support running on UEFI systems
  * TEST-07-PID1: Move mount units to test dir
  * TEST-07-PID1: Test access to allocated loop instead of loop0
  * TEST-55-OOMD: swapoff before adding new swapfile

  [ Thayne McCombs ]
  * man/run0: Describe environment variables set (#32622)

  [ anphir ]
  * man: improve documentation about using resource-control options

  [ Daniele Medri ]
  * po: update Italian translation
  * Systemd Catalog, Italian translation: minor updates (#12483)
  * Italian translations: minor updates (#12494)
  * po: minor fixes to Italian translation (#12500)
  * Italian: language update
  * italian: language updates
  * Italian: removed spurious lines of old labels
  * po: revert some recent translation changes (#17237)
  * po: italian minor fix and updates
  * po: systemd.pot updated
  * po: update italian translations
  * it.po: minor updates
  * it.po: updates
  * po: update Italian translation (#32621)

  [ Saliba-san ]
  * hwdb: Add mapping for Samsung GalaxyBook - 550X (#32616)

  [ Skia ]
  * docs: autopkgtest: refresh the docs with up-to-date information

  [ Michael Marley ]
  * network: Don't send RA with zero router lifetime when restarting radv
  * network: radv: Send RA on newly-added dynamic prefix
  * network: Fix "Unknown section 'DHCPv6PrefixDelegation'." message
  * manager: Fix HW watchdog when systemd starts before driver loaded
  * Use absolute path when including libkmod in initramfs

  [ spdfnet ]
  * docs: update link for SUSE whitepaper

  [ Sebastian Pucilowski ]
  * Fix "link-local" language inconsistencies
  * network:  DHCP version logging typos

  [ Dmitry V. Levin ]
  * tmpfiles: fix specifier expansion in arguments of C lines
  * tmpfiles: avoid double specifier expansion in L lines
  * coredump: use fstatvfs to check the available space
  * docs: fix a few typos
  * docs: fix grammar a bit
  * docs: fix formatting a bit
  * docs, man: consistently use comma after "For example"
  * src: fix several typos in log messages
  * treewide: fix a few typos in NEWS, docs and comments
  * rules: remove redundant duplicate comparisons
  * udev_rules_parse_file: do not skip ENOENT
  * udev_rules_parse_file: mark logged issues
  * udevadm: introduce new 'verify' command
  * rules: do not use blkid builtin if built without blkid support
  * meson.build: check udev rules using udevadm verify
  * test: add a test for udevadm verify
  * udevadm-verify: check for unused labels
  * test: check udevadm verify diagnostics of unused labels
  * udev_rules_parse_file: issue diagnostics about line continuation at EOF
  * CODING_STYLE: note that 'unsigned' form is preferred over 'unsigned int'
  * testsuite-17.11.sh: robustify unknown user/group checks
  * testsuite-17.11.sh: create all files in a temporary directory
  * testsuite-17.11.sh: prepare to test udevadm verify --root
  * udevadm verify: load all rules from the system if no rules were given
  * udevadm verify: introduce --root option
  * testsuite-17.11.sh: check udevadm verify --root
  * udev_rules_parse_file: issue diagnostics about duplicate LABEL tokens
  * udev-rules: check for conflicting and duplicate expressions
  * test: fix testsuite-17.10.sh
  * udev-rules: fix matching of token types that support alternative patterns
  * Revert "udev: prepare memory for extra NUL termination for NULSTR"
  * udev-rules: fix check for conflicting and duplicate expressions
  * udev-rules: add another check for conflicting expressions
  * rules: remove stray whitespace before comma between tokens
  * rules: add whitespace after comma before the line continuation
  * testsuite-17.11.sh: add commas between tokens
  * udev-rules: move udev_rules_parse_file() after udev_check_rule_line()
  * udev-rules: move udev_check_rule_line() invocation
  * udev-rules: check token delimiters
  * udev-rules: extend the check for conflicting expressions
  * udev-rules: fix grammar in diagnostics about lines that have no effect
  * udev_rules_parse_file: do not ignore ENOENT when invoked by udevadm verify
  * treewide: fix unnecessary $ on arithmetic variables
  * udev-rules: check tokens order
  * testsuite-17.11.sh: fix assert_1()
  * udev-rules: avoid issuing redundant diagnostics in verify mode
  * udevadm-verify: add support for directory arguments
  * udevadm-verify: introduce --no-summary option
  * man: mention that udevadm verify also checks for udev rules style issues
  * pwquality: remove old built-in cracklib dictionary workaround
  * pwquality: fix use of ERRNO_IS_NOT_SUPPORTED
  * pwquality: fix quality_check_password return value
  * pwquality: do not log password suggestions
  * pwquality: add old password argument to quality_check_password
  * homed: change user_record_quality_check_password to use quality_check_password
  * resolved: keep track of first names listed for each address in /etc/hosts
  * resolved: fix the canonical name returned by hosts lookup by address
  * resolved: fix the canonical name returned by hosts lookup by name
  * kbd-util: fix use of ERRNO_IS_RESOURCE()
  * socket: fix use of ERRNO_IS_DISCONNECT()
  * sd-bus: fix use of ERRNO_IS_DISCONNECT()
  * resolved: fix use of ERRNO_IS_DISCONNECT()
  * test: fix use of ERRNO_IS_PRIVILEGE()
  * locale-util: fix _() definition
  * socket: cleanup use of ERRNO_IS_DISCONNECT()
  * resolved: cleanup use of ERRNO_IS_DISCONNECT()
  * varlink: cleanup use of ERRNO_IS_DISCONNECT()
  * bootctl: cleanup use of ERRNO_IS_NOT_SUPPORTED()
  * cryptsetup: cleanup use of ERRNO_IS_NOT_SUPPORTED()
  * homework: cleanup use of ERRNO_IS_NOT_SUPPORTED()
  * logind: cleanup use of ERRNO_IS_NOT_SUPPORTED()
  * nspawn: cleanup use of ERRNO_IS_NOT_SUPPORTED()
  * repart: cleanup use of ERRNO_IS_NOT_SUPPORTED()
  * btrfs-util,tmpfiles: cleanup use of ERRNO_IS_NOT_SUPPORTED()
  * execute: cleanup use of ERRNO_IS_PRIVILEGE()
  * coredumpctl: cleanup use of ERRNO_IS_PRIVILEGE()
  * userdb: cleanup use of ERRNO_IS_PRIVILEGE()
  * test: cleanup use of ERRNO_IS_PRIVILEGE()
  * homework: cleanup use of ERRNO_IS_DEVICE_ABSENT()
  * nspawn,shared: cleanup use of ERRNO_IS_SECCOMP_FATAL()
  * treewide: fix a few typos in NEWS, docs, comments, and log messages

  [ Rasmus Villemoes ]
  * string-util: simplify logic in strjoin_real()
  * string-util: improve overflow checking
  * signal-util: make sigaction_many_ap a little more concise
  * strv.c: simplify strv_new_ap
  * sysusers: avoid creating spurious "nobody" group
  * systemctl: list-jobs: interchange 'waiting for' and 'blocking' in output

  [ Simon Fowler ]
  * Add self-contained Python sd_notify example.

  [ Guido Leenders ]
  * Document effective owner of stdout/stderr log file upon creation

  [ Sarvajith Adyanthaya ]
  * Replaced "machined" label with "machine" #32373

  [ Krzesimir Nowak ]
  * repart: Fix compilation warning when tpm2 is disabled
  * mount-util: Add a helper for remounting a bind mount
  * sysext: Do not log failed unmount error again
  * sysext: Factor out adding overlayfs option
  * test: Initial systemd-sysext tests
  * sysext: Refactor the merge hierarchy code
  * sysext: Add minimal support for optional mutability for extensions
  * sysext: Add --mutable mode flag
  * test: Extend systemd-sysext tests to cover the mutability feature
  * sysext: Move parsing mutable mode to a separate function
  * sysext: Add support for mutable mode environment variables
  * docs: Document SYSTEMD_SYSEXT_MUTABLE_MODE env var
  * test: Fail sysext test if reusing a root directory
  * test: Extend sysext tests with cases using env var for mutable mode
  * man: Install sysext man pages when ENABLE_SYSEXT is true
  * sysext: Add missing --mutable mode in help output
  * sysext: Implement ephemeral mode
  * man: Document sysext ephemeral mode
  * test: Extend sysext tests with cases using ephemeral mode
  * sysext: Implement ephemeral import mode
  * man: Document sysext ephemeral-import mode
  * test: Add test cases for sysext ephemeral-import mode
  * test, sysext: Actually fail the whole operation if sd-merge worker failed
  * sysext: Fail when trying to import mutable layer that's a symlink to hierarchy
  * test: Add cases for failures to import the hierarchy
  * sysext: Fix some small issues in error cases
  * sysext: Make sure that merged hierarchy does not change its permissions
  * test: Add sysext test-cases for checking mode preservation
  * sysext: Check if preexisting mutable directory has a valid mode
  * test: Add sysext test case for checking valid mutable directory mode
  * sysext: Code style fixes
  * sysext: Fix ephemeral-import mode for unused hierarchies
  * test: Do not limit hierarchies
  * sysext: Use string table for parsing mutable mode
  * sysext: Make static const a macro instead
  * path-util: Add a helper for checking paths
  * sysext: Use the new path-util helper
  * sysext: Use EPROTO for child failure
  * sysext: Determine extensions earlier
  * test: Make the sysext test to run with --root and without

  [ Max Staudt ]
  * udev: Add /dev/media/by-path symlinks for media controllers
  * udev: permanent symlinks with USB revision for /dev/media*

  [ Jonathan Conder ]
  * man: add pam_gnome_keyring to auth section after pam_systemd_loadkey
  * man: document other keyname options for pam_systemd_loadkey

  [ Norbert Lange ]
  * fix build with compilers with default stack-protector enabled
  * units: add mount for tracefs
  * Improve help for clang-format
  * coredump: add zstandard support for coredumps
  * install libzstd-dev for CI builds
  * allow removal of initrd services
  * dont install systemd-initctl, runlevel, telinit if no SYSV compat
  * udev: single binary replacing udevd and udevadm
  * build: skip installation of 2 files if feature is disabled
  * clang-format: set Break afer enum to false
  * resolved-dnstls: remove deprecated openssl functions
  * openssl-util: compatible with restricted openssl3

  [ Bryan Jacobs ]
  * cryptenroll: Use CTAP2.1 credProtect extension

  [ Kristian Klausen ]
  * gpt-auto-generator: Use volatile-root by default and automatic logic as fallback
  * repart: Support volatile-root for finding the root partition
  * vmspawn: Fix incorrect/broken links in the man page
  * github: add systemd-vmspawn to the issue templates

  [ Henry Li ]
  * network: add mechanism to configure default UseDomains= setting, update man page and add test

  [ Ole Peder Brandtzæg ]
  * man: remove PrivateMounts= from list of other settings in its own description

  [ Evgeny Vereshchagin ]
  * Merge pull request #11099 from abogdanenko/udev-test-fix-missing-dir
  * travis: use xenial instead of trusty
  * travis: skip test-bpf on Travis CI
  * travis: switch to Debian Testing
  * travis: add another stage to really run everything under ASan+UBsan
  * tests: use systemd-journald to check whether everything has been built with ASan
  * test: don't run TEST-01-BASIC in unprivileged containers on Travis CI
  * core: free lines after reading them
  * tests: reproduce https://github.com/systemd/systemd/issues/11251
  * tests: fail if asan has found issues in journald
  * journal: rely on _cleanup_free_ to free a temporary string used in client_context_read_cgroup
  * tests: overwrite a hard-coded timeout in systemd-hwdb-update.service
  * travis: merge RUN_CLANG into RUN
  * travis: pass $TRAVIS when running the tests so that they can be skipped properly
  * travis: also run TEST-01-BASIC with QEMU to cover udevd and so on
  * tests: double DefaultTimeoutStartSec when systemd is run under ASan+UBSan
  * tests: look for ASan+UBSan reports in the journal
  * tests: introduce check_asan_reports and use it in check_result_{qemu|nspawn}
  * Merge pull request #11393 from mrc0mmand/fix-service-masking-in-TEST-01-BASIC
  * travis: switch to the "official" systemd-ci repository
  * tests: ignore memory leaks in dbus-daemon
  * tests: crash PID1 if UBSan is unhappy
  * Merge pull request #11592 from evverx/ignore-memory-leaks-in-dbus
  * travis: stop using the official upstream-systemd-ci repository
  * semaphore: keep build settings in the repository
  * Revert "README: remove Coverity Scan badge"
  * travis: use /bin/systemd instead of /usr/bin/systemd
  * lgtm: replace the query used for looking for fgets with a more general query
  * network: add missing nulstr terminator
  * Revert "Revert "README: remove Coverity Scan badge""
  * tests: hook up fuzz targets to FuzzBuzz
  * travis: make sure the fuzz targets can be built on FuzzBuzz
  * travis: make sure that the fuzz targets can be built on OSS-Fuzz
  * util-lib: fix a typo in rdrand
  * Merge pull request #12521 from mrc0mmand/test-functions-tweaks-for-sanitizers
  * tests: redirect UBsan reports to a file
  * tests: redirect the stdout/stderr of journald to a file (under ASan+UBSan)
  * tests: override a hard-coded timeout that kicks in too early (under ASan+UBSan)
  * travis: make the ASan+UBSan stage compatible with Azure Pipelines
  * tests: hook up the repository to Azure Pipelines
  * Merge pull request #12524 from evverx/UBSan-reports
  * tests: try to run fuzzbuzz.sh with Azure Pipelines to see how it fares there
  * tests: make fuzzbuzz.sh compatible with Azure Piplines
  * tests: move the FuzzBuzz stage from Travis CI to Azure Pipelines
  * README: yet another badge. with the status of Pipelines this time.
  * Merge pull request #12542 from evverx/TEST-PIPELINE
  * tests: set NSPAWN_TIMEOUT and QEMU_TIMEOUT explicitly
  * tests: turn on the QEMU part in the Xenial job
  * travis: make sure the fuzzers can be built in "local" mode
  * fuzzers: use -fsanitizer=fuzzer if clang supports it
  * README: bring the coverity badge back
  * tests: make fuzzbuzz.sh compatible with Azure Pipelines again
  * tests: make docker-run and helper.py happy by not using colons in filenames
  * tests: catch broken fuzz targets as early as possible
  * Merge pull request #12663 from mrc0mmand/clang-asan-improvements
  * Merge pull request #12617 from mbiebl/skip-test-bpf-containers
  * tests: skip test-bpf only when we're 100% sure it's run in containers
  * travis: run Coverity after Fuzzit-Fuzzing
  * travis: skip the Fuzzit-Sanity stage when it's run by cron
  * travis: always run the "Build & test" stage first
  * travis: add 5 more fuzz targets
  * Merge pull request #12799 from evverx/fuzzit-follow-up
  * travis: turn on UBSan on Fuzzit
  * travis: use UBSan checks from OSS-Fuzz
  * travis: clean up bash variables a bit
  * travis: add more ASan options
  * Merge pull request #12761 from evverx/try-fuzzit
  * travis: turn on nonnull-attribute on Fuzzit
  * fuzzit: sort UBSan checks alphabetically
  * travis: turn on all default UBSan checks except for pointer-overflow, object-size and float-cast-overflow
  * coverity: stop setting _Float*
  * Merge pull request #12892 from yuwata/fix-test-format-util-12891
  * semaphore: pass allow-releaseinfo-change to apt-get
  * Merge pull request #12992 from mrc0mmand/test-functions-fixes
  * fuzzbuzz: rename fuzz.yaml to fuzzbuzz.yaml
  * tests: turn on the "object-size" UBSan check on Fuzzit
  * semaphore: avoid running autopkgtest with --apt-upgrade
  * tests: run TEST-01-BASIC under ASAN+UBSan again
  * tests: bump up QEMU_MEM
  * Free up some resources on Azure Pipelines
  * tests: pass --werror to meson on Semaphore
  * Revert "sysctl: Enable ping(8) inside rootless Podman containers"
  * fuzzit: unleash MSan on all the fuzzers
  * fuzzit: switch to a new organization
  * fuzzit: collapse a series of commands
  * Merge pull request #13281 from evverx/unleash-msan
  * fuzzit: get MSan to track origins
  * README: add an OSS-Fuzz badge
  * semaphore: switch back to the master branch
  * travis: protect the systemd organization on Fuzzit from forks
  * semaphore: switch to another keyserver
  * travis: switch to the latest version of the fuzzit CLI
  * travis: skip the right stage
  * oss-fuzz.sh: stop downloading the skia seed corpus
  * fuzzit: export the API key instead of using `auth`
  * semaphore: turn on systemd-networkd in lxc-containers on Semaphore
  * coverity: replace python with jq
  * tests: unset LD_PRELOAD in testsuite.service when it's run under ASan
  * Merge pull request #14849 from mrc0mmand/lgtm-override-TMPDIR
  * ci: pass max_total_time to libFuzzer
  * travis: install ninja with pip
  * ci: turn off FuzzBuzz
  * Merge pull request #15309 from poettering/strv-split
  * semaphore: switch to upstream-ci
  * oss-fuzz: point the badge directly to our logs
  * cifuzz: upload artifacts only when the "run fuzzers" step fails
  * Merge pull request #15422 from nolange/add_zstd_coredump
  * build-system: bring back 'nonnull'
  * semaphore: use dots instead of dashes
  * ci: install fdisk on Debian
  * cifuzz: set allowed-broken-targets-percentage to 0
  * cifuzz: protect forks from CIFuzz
  * README: add a CIFuzz badge
  * build-system: build the fuzz targets with both ASan and UBSan
  * fuzzit: turn on the pointer-overflow check
  * Merge pull request #15865 from evverx/ubsan-to-the-rescue
  * oss-fuzz: turn on the pointer-overflow check
  * docs: add a link to the Fossies codespell report
  * Merge pull request #15877 from mrc0mmand/meson-fuzz-test
  * tests: add a testcase for https://github.com/systemd/systemd/issues/15885
  * Merge pull request #15889 from evverx/15885
  * Merge pull request #15886 from mrc0mmand/travis-enable-fuzz-tests
  * add a test triggering https://github.com/systemd/systemd/issues/15907
  * Merge pull request #15914 from poettering/ubsan-float-check
  * fuzzit: switch to -fundefined
  * README: add a Fossies codespell badge
  * tests: add a testcase triggering https://github.com/systemd/systemd/issues/15968
  * turn off fuzzit
  * Merge pull request #16136 from mrc0mmand/travis-cleanup
  * Merge pull request #16144 from mrc0mmand/gh-actions-followup
  * turn off fuzzit part 2
  * cifuzz: build fuzz target with UBsan and MSan as well
  * ci: pass -Werror using CFLAGS
  * ci: bring back Coverity
  * ci: bring back Coverity part 2
  * ci: switch to Ubuntu Bionic on Semaphore
  * ci: free up some resources on Pipelines
  * coverity: switch back to Fedora 31
  * coverity: install systemd
  * Merge pull request #16437 from systemd/coverity-gcc-10
  * ci: turn off the "upstream-systemd-ci" ppa
  * Revert "ci: turn off the "upstream-systemd-ci" ppa"
  * ci: turn off Azure Pipelines
  * Merge pull request #18195 from bluca/bpf_init
  * GH Actions: switch to main
  * ci: point the Fossies badge to main
  * oss-fuzz: show meson logs
  * ci: switch back to meson-0.56.2
  * Revert "ci: switch back to meson-0.56.2"
  * ci: pin labeler
  * ci: pin some workflows to SHAs
  * try to fix a Dependabot error
  * ci: allow Dependabot to open up to 2 PRs
  * ci: run codeql-analysis daily
  * ci: tighten several GHActions a bit more
  * ci: LGPLv2+ify dependapot config and codeql action
  * ci: mimic the "restricted" mode
  * ci: pin the codeql action to SHAs
  * ci: tighten codeql and labeler even more
  * Merge pull request #21366 from evverx/ci-follow-ups-3
  * ci: pin mkosi to SHAs as well
  * ci: run codeql on PRs from Dependabot
  * ci: switch to weekly dependabot updates
  * oss-fuzz: move apt-gets and pips to the systemd repository
  * ci: pin python dependencies and let Dependabot keep track of them
  * meson: make it compatible with AFL and honggfuzz again
  * ci: replace apt-key with signed-by
  * tests: add fuzz-bcd
  * oss-fuzz: turn on the alignment check
  * tests: run nss-{users|hosts} by default
  * Merge pull request #21960 from medhefgo/boot-gap
  * tests: no longer load libnss_{files|dns}
  * fuzz: no longer skip empty files
  * oss-fuzz: drop line-tables-only
  * meson: no longer skip dependencies when fuzzers are built locally
  * {build|unit}-test: show meson-log.txt when meson fails
  * ci: turn meson warnings into errors
  * ci: switch to requirements.txt in the unit tests workflow
  * ci: install libbpf-dev in the unit_tests workflow
  * ci: get Coverity and CodeQL to analyze the "libxkbcommon" part
  * ci: trigger CodeQL on PRs when its dependencies change
  * Merge pull request #22142 from evverx/libxkbcommon-dev
  * ci: switch from unstable to testing on mkosi
  * ci: point mkosi to commit where "testing" is fixed
  * meson: force ctags to use absolute paths
  * tests: fuzz etc_hosts_parse
  * ci: switch to fedora-35 on i386 on Packit
  * tests: make fuzz-journal-remote less flaky
  * tests: fuzz dhcp_server_relay_message
  * tests: fuzz client_handle_offer
  * sd-dhcp-lease: fix an infinite loop found by the fuzzer
  * tests: add a file triggering a memory leak in dhcp_lease_parse_search_domains
  * sd-dhcp-lease: fix a memory leak in dhcp_lease_parse_search_domains
  * ci: use CFLite to test forks (including systemd-stable)
  * ci: update GHActions once a month
  * ci: merge seed corpora with public OSS-Fuzz corpora on CFLite
  * ci: no longer upload the latest builds on commits
  * dhcp-identifier: always use a fixed machine-id while fuzzing
  * tests: fuzz client_send_message
  * tests: pass FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to fuzzers
  * tests: also fuzz packets sent in the DHCP6_STATE_SOLICITATION state
  * ci: validate actions and fix actionlint warnings
  * ci: remove MULTI_STATUS from superlinter
  * resolve: describe mdns event sources
  * ci: run all fuzz targets on CIFuzz
  * Merge pull request #22499 from mrc0mmand/ci-tweaks
  * tests: allow running all the services with SYSTEMD_LOG_LEVEL
  * meson: allow skipping optional dependencies
  * ci: build systemd without optional dependencies
  * meson: pass skip-deps on to the fuzzers as well
  * oss-fuzz: turn off fuzz-introspector
  * ci: unpin CFLite
  * ci: bring fatal-meson-warnings back
  * ci: actually turn on fatal-meson-warnings in the "build" workflow
  * tests: make it possible to install valgrind
  * tests: make valgrind_wrapper track file descriptors
  * timedatectl: fix a memory leak
  * Merge pull request #23246 from medhefgo/check-compilation
  * tests: ignore dbus-broker-launcher
  * ci: bump gcc in the "build test" workflow
  * docs: update OSS-Fuzz links
  * docs: be more specific about the OSS-Fuzz toolchain
  * meson: exclude pcre2 when dependencies are skipped
  * docs: mention how to build 32 bit fuzz targets
  * oss-fuzz: support i386
  * tests: link tests using fabs against libm explicitly
  * ci: build systemd with clang with -Dmode=release --optimization=2
  * Revert "Support -D_FORTIFY_SOURCE=3 by using __builtin_dynamic_object_size."
  * cifuzz: build fuzzers on i386 as well
  * Merge pull request #22547 from mrc0mmand/dfuzzer
  * Merge pull request #23791 from mrc0mmand/dfuzzer-followups
  * ci: remove links to "codeless contribution" actions
  * ci: set top-level permissions as well
  * Merge pull request #23834 from mrc0mmand/dfuzzer-in-a-container
  * Merge pull request #23954 from yuwata/resolve-overflow
  * Merge pull request #24025 from DaanDeMeyer/mkosi-sanitizers
  * Merge pull request #24260 from systemd/coverity-update
  * tests: add a file triggering crash in type_bitmap_to_json
  * tests: fuzz dns resource records
  * tests: add a file triggering "applying zero offset to null pointer"
  * resolve: format zero-length RDATA according to rfc3597
  * ci: drop the "find" kludge
  * fuzz: dump LLDP neighbors JSON too
  * fuzz: save/load DHCP client leases
  * fuzz: make sure DHCP client leases are loaded successfully
  * cifuzz,cflite: set mmap_rnd_bits to 28
  * CI: revert the mmap_rnd_bits kludge
  * fuzz: check that ND options are parsed sucessfully
  * fuzz: check that resource records are serialized successfully

  [ Pablo Méndez Hernández ]
  * man/journald: Add missing configuration files

  [ Usman Akinyemi ]
  * I made more unit test to use the test macro

  [ Kirk ]
  * hwdb: fix missing colon (#32108)

  [ mkubiak ]
  * Added resolution for Huion Kamvas Pro 19
  * Fixed resolution for pen and touchpad

  [ Julius Alexandre ]
  * core/exec-invoke: replace basename() with path_extract_filename() (#32076)

  [ Burak Gerz ]
  * sysupdate: print assumed value

  [ hulkoba ]
  * docs: show mkosi project on website
  * docs: add Manuals and Documentation for Users and Administrators
  * docs: add distributions and mastodon
  * docs: use collections to structure the data
  * docs/ARCHITECTURE: link test/readme.testsuite
  * docs/CODING_STYLE: remove whitespace
  * docs/HACKING: link mkosi webpage
  * docs/HACKING: fix jinja link
  * docs/WRITING_RESOLVER_CLIENTS: format text
  * docs/WRITING_RESOLVER_CLIENTS: update manpage link
  * docs/GROUP_DELEGATION: update links
  * docs/CONTAINER_INTERACE: update vm-or-container-manager link
  * docs/INITRD_INTERFACE: update link
  * docs/JOURNAL_FILE_FORMAT: update journal links
  * docs/PORTABILITY_AND_STABILITY: update internal links
  * docs/FAQ: update logind man page link and fix relative link
  * docs/API_FILE_SYSTEM: format text
  * docs/ARCHITECTURE: format text
  * docs/AUTOPKGTEST: format text
  * docs/BACKPORTS: format text
  * docs/BOOT: format text
  * docs/BUILDING_IMAGES: format text
  * docs/CATALOG: format text
  * docs/CODE_OF_CONDUCT: format text
  * docs/CONTRIBUTING: format text
  * docs/CONVERTING_TO_HOMED: format text
  * docs/COREDUMP: format text
  * docs/CREDENTIALS: format text
  * docs/DAEMON_SOCKET_ACTIVATION: format text
  * docs/DEBUGGING: format text
  * docs/DESKTOP_ENVIRONMENTS: format text
  * docs/MINIMAL_BUILDS: format text
  * docs/HACKING: format text
  * docs/OPTIMIZATIONS: format text
  * docs/GROUP_RECORD: format text
  * docs/PASSWORD_AGENTS: format text
  * docs/PRESET: format text
  * docs/SECURITY: format text
  * docs/SYSLOG: format text
  * docs/UIDS-GIDS: format text
  * docs/ELF_PKG_METADATA: format text
  * docs/JOURNAL_EXPORT_FORMATS: format text
  * docs/HOME_DIRECTORY: format text
  * docs/INCOMPABILITIES: format text
  * docs/TIPS_AND_TRICKS: format text
  * docs/USER_NAMES: format text
  * docs/INHIBITOR_LOCKS: format text
  * docs/DISTRO_PORTING: format text
  * docs/PORTABILITY_AND_STABILITY: format text
  * docs/USER_RECORD: format text
  * docs/PORTABLE_SERVICES: format text
  * docs/SYSTEMD_FILE_HIERARCHY: format text
  * docs/SEPARATE_USR_IS_BROKEN: format text
  * docs/VIRTUALIZED_TESTING: format text
  * docs/MY_SERVICE_CANT_GET_REALTIME: format text
  * docs/PREDICTABLE_INTERACES: format text
  * docs/USER_GROUP_API: format text
  * docs/WRITING_DISPLAY_MANAGER: format text
  * docs/USERDB_AND_DESKTOPS: format text
  * docs/RANDOM_SEEDS: format text
  * docs/WRITING_VM_AND_CONTAINER_MANAGERS: format text
  * docs/WRITING_NETWORK_CONFIG_MANAGERS: format text
  * docs/WRITING_DESKTOP_ENVIRONMENTS: format text
  * docs/COREDUMP: use internal link
  * docs/JOURNAL_FILE_FORMAT: format text
  * chore(docs): change permalink at the Jekyll config
  * docs/RANDOM_SEEDS: update NetBSD link

  [ Mariano Giménez ]
  * add publications to extra_pages.json
  * add videos and presentations
  * add administrators blog series links to extra_pages.json
  * add The systemd for Developers Series pages
  * add related packages links
  * docs: add documentation for developers
  * docs/BACKPORTS: close parenthesis
  * docs/BOOT: update bootloader specification link
  * docs/CONTROL_GROUP_INTERFACE: update links
  * docs/INHIBITOR_LOCKS: update logind d-bus api link
  * docs/MINIMAL_BUILDS: remove last sentence due to missing link
  * docs/THE_CASE_FOR_THE_USR_MERGE): update link to 'seprate usr is broken'
  * docs/WRITING_DESKTOP_ENV: update links
  * docs/WRITING_DISPLAY_MANAGERS: update links
  * docs/WRITING_NETWORK_CONFIGURATION_MANAGERS: update manpage links
  * docs/WRITING VM_AND_CONTAINER_MANAGERS: update manpage link
  * docs/DEBUGGING: add screenshot and fix path to it
  * docs/TIPS_AND_TRICKS: update faq link
  * docs: add pax control groups

  [ Jakub Sitnicki ]
  * socket: pass socket FDs to all ExecXYZ= commands but ExecStartPre=
  * test: integration test for PassFileDescriptorsToExec= option

  [ Luxiter ]
  * hwdb: fix Asus T300FA rotation matrix (#31973)

  [ Dionna Amalie Glaze ]
  * efi: Measure into both CC and TPM if available. (#31939)

  [ Gaël Donval ]
  * Document SYSTEMD_REPART_MKFS_* in repart.d manual

  [ Friedrich Altheide ]
  * basic/virt: Fix virtualbox detection on proprietary system via board_vendor

  [ networkException ]
  * core: allow interface altnames in RestrictNetworkInterfaces=
  * parse-helpers: allow port 0 for socket bind items
  * resolve: include interface name in org.freedesktop.resolve1 polkit checks
  * bpf-socket-bind: fix unexpected behavior with either 0 allow or deny rules

  [ Unique-Usman ]
  * Improve the formatting by adding AlignArrayOfStructures and setting it to Right(right justify)
  * Added a unit test to cover af_to_name in af-list.c
  * Add more unit test to cover the  uid_range_covers inside the uid-range.c file (#31666)
  * Added a new test to cover login-util.c
  * Added a test file for the dirent-util.c
  * Add a set of assertion macros to tests.h
  * Follow up with the PR #31819
  * Added more ASSERT macro and also make some test file to use them

  [ Gerd Hoffmann ]
  * boot: export reconnect()
  * boot: improve support for qemu
  * systemd-boot man page: add section for virtual machines
  * bootctl: add kernel-identity command
  * bootctl: add kernel-inspect command
  * bootctl: add kernel-inspect to --help text
  * bootctl: kernel-inspect: print os info
  * bootctl: tweak DOS header magic check
  * 90-uki-copy.install: create $BOOT/EFI/Linux directory if needed
  * kernel-install: remove math slang from man page
  * kernel-install: handle uki installs automatically
  * kernel-install: fix uki-copy deinstall
  * sd-boot: add support for custom mode.
  * sd-boot: add support for support enrolling dbx

  [ Markus Merklinger ]
  * Update USB ids of hwdb

  [ cunshunxia ]
  * mute the memory recursiveprot log if version of kernel is low.
  * Fix OOMPolicy= version in manpage of systemd.scope
  * man: fix a few issues in manpage

  [ Abraham Samuel Adekunle ]
  * add unittest cases for argv_looks_like_help
  * Add unittest file for basic:label
  * Add new unittest for shared:recovery-key

  [ Tycho Andersen ]
  * docs: update footer to 2024

  [ Max Gautier ]
  * docs: Correct WantedBy= regarding template units
  * docs: Correct StandartOutput documentation
  * Fixing bad link to Debian packages tests
  * documentation: fix inconsistency

  [ sharad3001 ]
  * udev: add assert for EVENT_RESULT_EXIT_STATUS_BASE (#31710)

  [ AKHIL KUMAR ]
  * networkctl.c : call 'assert_not_reached' where appropriate

  [ SidhuRupinder ]
  * Update catalog.c - Removing sanity check as there is no need of checking non null pointer (#31653)
  * local-addresses: call 'assert_not_reached' where appropriate (#31728)

  [ Lars Ellenberg ]
  * fs-utils: new wrapper fd_reopen_propagate_append_and_position()

  [ Ross Burton ]
  * virt: detect the ACRN hypervisor
  * man: add ACRN hypervisor
  * test/run-unit-tests: sort the test cases we're executing
  * tests/run-unit-tests: add option to skip tests

  [ cpackham-atlnz ]
  * basic: add PIDFS magic (#31709)

  [ İ. Ensar Gülşen ]
  * hwdb: Add touchpad configuration for ThinkPad E495

  [ Vasiliy Stelmachenok ]
  * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call

  [ Chandra Pratap ]
  * extract-word: increase test-extract-word coverage for unicode inputs

  [ Xiaotian Wu ]
  * gpt: update the gpt test case for LoongArch
  * syscalls: add LoongArch 64bit syscalls
  * syscalls: run ninja update-syscall-tables
  * dmi: add LoongArch 64bit support
  * virt: add detection for LoongArch 64bit
  * test: add LoongArch 64bit testcase
  * basic: update the Arch tuples for LoongArch
  * basic: update the Arch tuples for LoongArch
  * seccomp: add LoongArch 64bit support
  * LoongArch: Replace __loongarch64 with __loongarch_lp64
  * uki: Support zboot efistub kernel
  * loongarch64: disable simd when build efi

  [ TobiPeterG ]
  * boot: replace manual string manipulation with xasprintf

  [ Christian Wesselhoeft ]
  * PORTABLE_SERVICES.md: Improve grammar

  [ Guilhem Lettron ]
  * Implement SNI when using DNS-over-TLS
  * kernel-install: Add kernel version to title (#31581)

  [ Tomáš Pecka ]
  * varlink: fix varlink_collect_full not resetting state
  * sd-lldp-rx: serialize LLDP neighbors to JSON format

  [ Eli Schwartz ]
  * meson: use better shellscript argument passing
  * meson: fix type for many build options
  * meson: move i18n module import to only when it is used
  * meson: use files in run_command with relativized path
  * meson: strip various strings before converting them to integers
  * meson: fix broken boolean kwarg
  * fix the value of default shells to use /bin and not /usr/bin

  [ Alexander Zavyalov ]
  * Fix: Chuwi UBook X (CWI535) screen rotation matrix

  [ Georges Basile Stavracas Neto ]
  * hwdb: Add AV production access to Elgado Stream Deck devices
  * hwdb: Add support for Elgato Stream Deck Plus

  [ Thilo Fromm ]
  * man/systemd-sysext.xml: document mutable extensions

  [ Heinrich Schuchardt ]
  * meson: add libatomic dependency
  * detect-virt: allow detection via device-tree on RISC-V
  * detect-virt: allow detection via SMBIOS on RISC-V

  [ zzywysm ]
  * README: mention fq_codel

  [ medusalix ]
  * hwdb: Add headset form-factor override for Xbox Wireless Dongle

  [ Martin Ivicic ]
  * networkd: support setting dhcp server port

  [ Zmyeir ]
  * hwdb: Add support for MetawillBook01 to 60-sensor.hwdb

  [ MrSmör ]
  * boot: padding for default arrow at too long lines

  [ runiq ]
  * udev: String substitutions can be done in ENV, too

  [ Colin Geniet ]
  * hwdb: Remove version check in CH Pro Pedals rule

  [ mooo ]
  * po: Translated using Weblate (Lithuanian)
  * po: Translated using Weblate (Lithuanian)

  [ Benjamin Franzke ]
  * docs: configure editorconfig for css and html
  * docs: remove trailing space
  * docs: remove invalid link to feed.xml
  * docs: remove link to missing apple-touch-icon
  * docs: replace invalid h1 font-weight
  * docs: use whole numbers for circle in page-logo
  * docs: remove unneeded font-related attributes from svg logo
  * docs: adapt theme color meta property
  * docs: replace <pre>, <code> and <tt> tags by backticks
  * docs: add reasonable difference between h2 and h3 font-size
  * docs: respect default browser font-size
  * docs: provide a first level headline for the frontpage
  * docs: avoid multiple first-level headlines
  * docs: regenerate highlight style and streamline background overwrite
  * docs: add dark mode
  * docs: overhaul styling for example log messages on startpage
  * docs: use relative links
  * docs: streamline headline structure in JOURNAL_EXPORT_FORMATS.md
  * tree-wide: streamline wiki links
  * tree-wide: replace obsolete wiki links with systemd.io/manpages
  * tree-wide: Update homepage to systemd.io
  * docs: adapt forward layout to systemd.io design
  * docs: improve table readability
  * man/nspawn: fix boot-option related wording
  * man/nspawn: add a sentence-connecting adverb to machinectl note
  * man/nspawn: os-release is only checked for booted containers
  * resolved: define source address for proxy-only stub replies
  * resolved: choose correct file descriptor for proxy stub replies
  * docs: desaturate dark-mode background color
  * nspawn: add support for owneridmap bind option

  [ Ondrej Kozina ]
  * cryptsetup-generator: use proper constant for uuid alphabet
  * cryptsetup-generator: rename and extend device mount helpers.
  * cryptsetup-generator: Add warn_uuid_invalid helper
  * cryptsetup-generator: rename split_keyspec to split_locationspec
  * cryptsetup-generator: add detached LUKS header support
  * cryptsetup-generator: Add support for header device in crypttab
  * cryptsetup-util: disable pbkdf benchmark in cryptsetup_set_minimal_pbkdf.
  * cryptsetup: Fix misplaced assert.
  * cryptsetup-pkcs11: use erase_and_free for decrypted key cleanup.
  * Add support for systemd-tpm2 libcryptsetup plugin.
  * cryptsetup: validate optional tpm2 pcr bank field in token.
  * Add support for systemd-fido2 libcryptsetup plugin.
  * cryptsetup-pkcs11: move pkcs11_callback and data in shared utils.
  * pkcs11-util: split pkcs11_token_login function
  * Add support for systemd-pkcs11 libcryptsetup plugin.
  * homework: Use minimal pbkdf2 parameters without benchmark.
  * cryptsetup: Add optional support for linking volume key in keyring.

  [ Eric Daigle ]
  * firstboot: validate keymap entry

  [ mille-feuille ]
  * detect-virt: fix Google Compute Engine support

  [ Sludge ]
  * hwdb: add resolution setting for GAOMON S620

  [ Fernando Fernandez Mancera ]
  * sd-dhcp6-client: allow setting send-release when client is running

  [ Keian ]
  * 60-evdev.hwdb: Add support for Huion Inspiroy 2 L (#31241)

  [ Felix Riemann ]
  * pager: Fix deadlock when using built-in pager
  * update-done: Do not fail with read-only /etc or /var
  * timesync: Keep trying to connect even if the socket cannot be opened
  * cryptenroll: Fix reading keyfile from socket

  [ Harald Brinkmann ]
  * coredump: log minimal metadata early

  [ r-vdp ]
  * Fix bug where systemd-tmpfiles gets stuck on fifos in tmp.

  [ David Venhoek ]
  * timesyncd: make the transmit timestamp in requests fully random

  [ Bernhard M. Wiedemann ]
  * Sort input file list

  [ Mikko Ylinen ]
  * efi: Add EFI CC measurement protocol to stub

  [ Rafaël Kooi ]
  * id128-util: Attempt to read UUID from /sys/hypervisor/uuid
  * machine-id-setup: Generate stable machine IDs based on Xen hypervisor UUID
  * man: Describe how machine ID is initialized on Xen

  [ Martin Trigaux ]
  * Remove duplicated command in help message

  [ Clayton Craft ]
  * boot: load device tree even if no original config exists
  * boot: don't print error if device tree fixup protocol isn't supported

  [ Black-Hole1 ]
  * virt: support detection of Apple Virtualization guests with cpuid

  [ Nandakumar Raghavan ]
  * networkd: Add T1 and T2 DHCPv6 options to expose in dbus API
  * networkd: Add DHCP vendor specific options to dbus API
  * networkd: Adding DHCPv4 private options to D-BUS

  [ hfavisado ]
  * hwdb: Correct display rotation on Chuwi Ubook X N4100 (#24248)

  [ A S Alam ]
  * Translated using Weblate (Punjabi)
  * Translated using Weblate (Punjabi)
  * po: Translated using Weblate (Punjabi)
  * po: Translated using Weblate (Punjabi)
  * po: Translated using Weblate (Punjabi)

  [ 我超厉害 ]
  * udev: even if a device is a zac device, scsi-$ID_SERIAL will be reserved for it (#30459)

  [ Rose ]
  * fundamental: prefer byte swap builtins over byte swapping manually
  * basic: fix overflow detection in sigbus_pop
  * tree-wide: replace string functions with fundamental functions
  * boot/efi: use Header field of hd directly instead of casting to EFI_DEVICE_PATH

  [ Carlos Garnacho ]
  * logind: Mark LidClosed property as "emits change"

  [ Holger Assmann ]
  * watchdog: ensure configured timeout is used instead of USEC_INFINITY

  [ Damien Challet ]
  * hwdb: add Teclast X98 Pro sensor info (#30859)

  [ AtariDreams ]
  * simplify bitwise checking (#30722)
  * cocci: merge mfree.cocci and mfree_return.cocci (#30838)

  [ Sergei Zhmylev ]
  * journalctl: add --exclude-identifier option

  [ Dmitry Konishchev ]
  * Fix KeepCarrier tun/tap device option

  [ Joakim Nohlgård ]
  * udevadm: Propagate return code from verb result

  [ Chris Simons ]
  * machinectl: add `restart` convenience alias (#30625)

  [ djantti ]
  * udev: add hwdb execution for hidraw subsystem devices

  [ Raito Bezarius ]
  * secure-boot: print just before cold-resetting to help diagnose hangs
  * networkd: support `proxy_arp_pvlan` sysctl

  [ Matt Layher ]
  * network: use varlink for networkctl check_netns_match()

  [ QuonXF ]
  * Add Bosto BT-12HD series to hwdb

  [ Artur Pak ]
  * Add three Dell platforms to sensor accel location base

  [ Will Springer ]
  * man: make minor corrections to smbios-type-11(7)

  [ ksaleem ]
  * bootctl: fix case-sensitive comparisons in reporting bootloader entries

  [ JmbFountain ]
  * Adding Trekstor Primebook C13 rotation to 60-sensor.hwdb (#30415)

  [ aslepykh ]
  * test: avoid NO_CAST.INTEGER_OVERFLOW in test-oomd-util (#30365)

  [ Shulhan ]
  * man: correct the path for location of "machinectl edit" setting file

  [ Samuel BF ]
  * Removing unused n_fields in journal-gatewayd
  * Wider range of options for selecting entries for systemd-journal-gatewayd
  * journal-gatewayd: add since/until parameters for /entries

  [ Roland Hieber ]
  * sd-gpt: add defines for big-endian MIPS/MIPS64
  * udev: generate system-unique storage symlinks using device path

  [ Alan Liang ]
  * core: add specifier expansion to AllowedCPUs= and friends

  [ Roland Singer ]
  * ukify: fix handling of  --secureboot-certificate-validity= (#30315)

  [ Neil Wilson ]
  * homework-quota.c: correct error message in home_update_quota_btrfs
  * systemd-homed.service.in: add quotactl to SystemCallFilter

  [ Joerg Behrmann ]
  * core: factor root_directory application out of apply_working_directory
  * docs: Add syntax for templated units to systemd.preset man page
  * docs: spelling fixes
  * treewide: fix spelling
  * systemd-notify: Fix return value of --booted
  * NEWS: fix typos
  * kernel-install: Add uki layout
  * NEWS: various fixes
  * treewide: fix "an" before consonant U sounds
  * analyze: don't warn about version spec compliant versions
  * treewide: fix typos
  * man: remove quotes around default values
  * treewide: split commandline into command line
  * credentials: document that their path is stable for system services
  * NEWS: more typo fixes
  * man: document how to properly use a target as the Unit= of a timer

  [ Oxan van Leeuwen ]
  * Move kernel-install initrd script to earlier prefix

  [ janana ]
  * udev: fix typo for persistent flag
  * rules: go to the end of rules indeed when dm is suspended

  [ Adam Goldman ]
  * hwdb: ieee1394-unit-function: add Sony DVMC-DA1

  [ Paymon MARANDI ]
  * ukify: be more explicit about where to find ukify

  [ linuxlion ]
  * Update 60-autosuspend.hwdb (#30131)

  [ Martin Joerg ]
  * man: Fix example for systemd-run

  [ onenowy ]
  * hwdb: add Predator PHN16-71

  [ Charles Lee ]
  * Translated using Weblate (Chinese (Simplified))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))
  * po: Translated using Weblate (Chinese (Simplified) (zh_CN))

  [ Yo-Jung Lin ]
  * hwdb: Mark Dell platform accel sensor location to base

  [ Matthias Geiger ]
  * Bump version number for udev.postinst and udev.maintscript
  * Fix udev.postinst to preserve the enablement of the init script

  [ Jeremy Fleischman ]
  * Fix some typos in RESOLVED-VPNS.md

  [ Cheng-Chia Tseng ]
  * po: Translated using Weblate (Chinese (Traditional) (zh_TW))

  [ Felix Dörre ]
  * journalctl: verify sealed log epochs are continuous

  [ Iago López Galeiras ]
  * Revert "nspawn: remove unnecessary mount option parsing logic"
  * test: add some test for norbind
  * exit-status: fix mappings comment
  * missing_magic: add several filesystems
  * basic: add filesystem database
  * basic: use filesystem database
  * bpf: add restrict_fs BPF program
  * cgroup-util: add cg_path_get_cgroupid()
  * exit-status: add EXIT_BPF
  * shared/bpf-dlopen: expose more libbpf functions
  * core: add RestrictFileSystems= fragment parser
  * core: add dbus RestrictFileSystems= properties
  * mkosi: add libbpf dependency
  * man: add RestrictFileSystems= documentation
  * man: document EXIT_BPF status
  * test: add test-bpf-lsm
  * README: document LSM BPF requirements
  * analyze: add filesystems command
  * man: document systemd-analyze filesystems
  * core: allow using seccomp without no_new_privs when unprivileged
  * test-execute: add no_new_privs tests for SystemCallFilter

  [ Tad Fisher ]
  * hwdb.d/70-mouse.hwdb: add entry for ELECOM Huge TrackBall
  * resolve: use exact-match domain as routing domain for single-labels

  [ jjimbo137 ]
  * tcrypt: try all entered passphrases instead of just the first one (#29837)

  [ Arseny Maslennikov ]
  * seccomp: fix debug logging typo
  * Update system call tables for Linux 6.6
  * basic/missing_syscall: generate defs for `fchmodat2(2)`
  * seccomp: include `fchmodat2` in `@file-system`
  * seccomp: also check the mode parameter of `fchmodat2(2)`
  * basic/missing_syscall: add missing_fchmodat2()
  * basic/fs-util: prefer fchmodat2 in fchmod_opath
  * nspawn-patch-uid: try fchmodat2() to restore mode of symlink

  [ André Paiusco ]
  * man: Improve text for SystemMaxFileSize when not set

  [ Marc Pervaz Boocha ]
  * Teach 60-ukify.install to search the staging dir
  * Fixed a typo in kernel-install/60-ukify.install.in for globing microcode

  [ Hugo Carvalho ]
  * po: Added translation using Weblate (Portuguese)
  * po: Translated using Weblate (Portuguese)
  * Update LINGUAS (#21499)
  * po: Translated using Weblate (Portuguese)
  * Update LINGUAS
  * po: Translated using Weblate (Portuguese)
  * po: Translated using Weblate (Portuguese)

  [ Jin Liu ]
  * New PAM module: pam_systemd_loadkey

  [ Alex Hudspith ]
  * man: revise wording of cgtop -k and -P

  [ Anton Lundin ]
  * tpm2: fix build failure without openssl

  [ Raul Cheleguini ]
  * man: Add /usr/local/lib path to Synopsis section for modules-load
  * nspawn: allow user-specified MAC address on container side
  * nspawn: Make parameter provided_mac a const for setup_veth()

  [ Julien Malka ]
  * creds-utils: fix read_full_file_full call in read_credential_with_decryption

  [ NAHO ]
  * docs: correct parenthesis placement in 'man/tmpfiles.d.xml'

  [ Malte Poll ]
  * ukify: fix handling signed kernel as file
  * mkfs-util: propagate SOURCE_DATE_EPOCH to mcopy
  * mkfs-util: set timezone to UTC when copying files into fat partition

  [ Emil Velikov ]
  * sd-boot: introduce and use efivar_unset()
  * bootctl: remove all our non-volatile variables on uninstall
  * man: document LoaderConfigConsoleMode
  * man: document LoaderEntryLastBooted
  * sd-boot: cast away reboot_into_firmware() return type
  * sd-boot: remove unneeded false assignment
  * sd-boot: sprinkle some ", ignoring" trailing messages
  * sd-boot: add auto-reboot and auto-poweroff entries
  * docs/BOOT_LOADER_INTERFACE: mention that menu-* options are strings
  * bootctl, sd-boot: cross document the menu-hidden/force ABI
  * sd-boot: add way to disable the 100ms delay when timeout=0

  [ Jan Janssen ]
  * ethtool: Make sure advertise is actually set when autonegotiation is used
  * sd-boot: Only disable optimization on debug builds
  * sd-boot: Don't loudly complain if RNG protocol isn't available
  * sd-boot: Silence compiler warning when building with -O2
  * sd-boot: Skip adding boot entries when the loader does not exist
  * sd-boot: Add → as alternative to boot selected entry
  * resolved.conf: Add hostnames for default DNS servers
  * macro: Move some macros to macro-fundamental.h
  * sd-boot: Unify error handling
  * sd-boot: Don't use magic integer constants
  * sd-boot: Fix possible null pointer dereference
  * sd-boot: Add assert implementation
  * sd-boot: Assert all the things!
  * sd-boot: Use StrSize where it makes sense
  * sd-boot: Rework console input handling
  * sd-boot: Provide error messages when parsing a config option fails
  * sd-boot: Allow on/off and t/f for booleans too
  * meson: Make unused-function an error
  * sd-boot: Fix PE section parsing
  * sd-boot: Try harder to detect ourselves
  * sd-boot: Add memmem_safe and memory_startswith
  * sd-boot: Detect windows boot loader title from BCD
  * sd-boot: Improve selection of initial entries to show
  * sd-boot: Allow automatic entries to be default
  * sd-boot: Fix marking EFI var default entry
  * sd-boot: Introduce print_at helper function
  * sd-boot: Render title entries centered and not to entire screen width
  * sd-boot: Improve key bindings
  * sd-boot: Add compile-time color support
  * sd-boot: Draw custom edit cursor
  * sd-boot: Use UEFI provided CRC32
  * journalctl: Use constants for _BOOT_ID= matches
  * journalctl: Use constants in some more places
  * sd-boot: Fix assertion fail
  * sd-boot: Simplify setting console mode
  * sd-boot: Add support for changing console mode at runtime
  * sd-boot: Allow disabling timeout
  * bootctl: Add set-timeout verb
  * sd-boot: Invert if in disk_get_part_uuid()
  * sd-boot: Move xbootldr code into its own file
  * sd-boot: Fix xbootldr detection
  * sd-boot: Split up xbootldr_open()
  * sd-boot: Use backup LBA location from first GPT header
  * sd-boot: Remove unnecessary TPM conditionalization
  * sd-boot: Use _cleanup_ in more places
  * sd-boot: Move security and console control protocol to missing_efi.h
  * sd-boot: Check for OOM in some places
  * sd-boot: Rearm the watchdog in console_key_read
  * sd-boot: Rework print_status()
  * sd-boot: Convert VOID -> void
  * sd-boot: Get rid of uefi_call_wrapper
  * sd-boot: Require gnu-efi 3.0.5
  * macro: Move ALIGN_TO to macro-fundamental.h and introduce CONST_ALIGN_TO
  * sd-boot: Be more precise about secure boot modes
  * sd-boot: Add keys to reboot into firmware interface
  * sd-boot: Keep all EFI var loading together
  * sd-boot: Allow glob patterns for default and oneshot EFI vars too
  * sd-boot: Add support to boot last selected entry
  * sd-boot: Save and restore console attributes
  * sd-boot: Always compile with -ffreestanding and -fshort-wchar
  * sd-boot: Move flags helpers to macro-fundamental.h
  * sd-boot: Use FLAGS_SET
  * sd-boot: Move optional header verification into verify_pe
  * sd-boot: Check for existence of required pe sections
  * sd-stub: Fix possible memory leak
  * sd-boot: Add some link flags
  * sd-boot: Detect supported compile args
  * sd-boot: Fix efi_arch checks
  * test: Add test for flag macros
  * sd-boot: Add .osrel section
  * meson: Add --warn-common and --fatal-warnings to link flags
  * meson: Rework gnu-efi detection
  * test: Create convenience macros to declare tests
  * meson: Use fs module
  * Remove own copyright line
  * test: Slightly rework DEFINE_TEST_MAIN macros
  * test-time-util: Properly restore TZ variable
  * test: Use TEST macro
  * test: Use TEST macro in more cases
  * test: Add TEST_RET macro
  * test: Add sd_booted condition test to TEST macro
  * test: Convert to TEST/TEST_RET macros
  * test-barrier: Convert to TEST macro
  * test-namespace: Convert to TEST macro
  * test-parse-util: Add SI-suffix parse_size tests
  * meson: Default to sbat-distro=auto
  * meson: Rename compile_args to efi_cfalgs
  * sd-boot: Let the compiler invoke the linker for us
  * sd-boot: Let compiler figure out libgcc location
  * sd-boot: Add LTO support
  * sd-boot: Always add TextInputEx to wait queue if available
  * sd-boot: Add non-failing allocators
  * sd-boot: Use non-failing allocators in boot.c
  * sd-boot: Make stra_to_path/stra_to_str non-failing
  * sd-boot: Simplify path creation
  * sd-boot: Use non-failing allocators everywhere else
  * sd-boot: Fix assert failure in random-seed.c
  * ci: Build test with different linkers
  * meson: Auto detect efi-ld
  * meson: Fix gnu-efi detection for clang
  * boot: Add strncasecmpa helper function
  * boot: Make OFFSETOF lowercase
  * boot: Add BCD store parser
  * boot: Remove unused memmem_safe
  * test: Add BCD unit test
  * meson: Drop meson version compare for fuzz test
  * boot: Fix armhf build failure
  * test,static-destruct: Use retain attribute to prevent linker garbage collection
  * boot: Use -fvisibility=hidden instead of -fwhole-program
  * boot: Use correct handle to find TextInputEx protocol
  * boot: Fix off-by-one NUL-termination
  * boot: Fix off-by-one offset sanity checks
  * boot: Fix name length comparison
  * boot: Build BCD parser only on arches supported by Windows
  * boot: Reject unaligned data
  * boot: Introduce helper macros for offset checking
  * meson: Remove efi-cc option
  * meson: Get objcopy location from compiler
  * boot: Add disabled secure boot mode without setup mode
  * boot: Use objcopy to align sections
  * ci: Test efi binaries for section table gaps
  * boot: Rename cleanup functions
  * boot: Convert goto into loop
  * boot: Unify idx type handling
  * boot: Prevent stub command line editing under secure boot
  * boot: Do not warn if an initializing driver returns EFI_ABORTED
  * boot: Add gdb support and documentation
  * boot: Simplify config_entry_add_osx
  * boot: Close xbootldr root_dir
  * boot: Remove no_autoselect
  * boot: Do more config handling in config_load_all_entries
  * boot: Switch to insertion sort
  * boot: Simplify line_edit
  * meson: Use files() for source lists for boot and fundamental
  * boot-timestamps: Discard firmware init time when running in a VM
  * boot: Add TPM to status info
  * boot: Add BitLocker TPM key sealing workaround
  * boot: Change boot entry sorting
  * boot: Fix readdir_harder() on VirtualBox
  * meson: Use files() for tests
  * meson: Use files() for fuzzers
  * meson: Add check argument to remaining run_command() calls
  * meson: Use echo to list files
  * boot: Fix invalid free
  * boot: Use EFI_FILE* instead of EFI_FILE_HANDLE
  * boot: Don't try to free loaded_image
  * boot: Use _cleanup_ in shim
  * boot: Add missing assert to file_read()
  * boot: Use FreePool from boot services directly
  * boot: Add PC speaker support
  * boot: Beep n times for n-th entry
  * boot: Search for the partition node directly
  * boot: Simplify looking for the xboot hard drive
  * boot: Pass around HARDDRIVE_DEVICE_PATH
  * boot: Use -ffile-prefix-map when present
  * bus: Use OrderedSet for introspection
  * meson: Add missing boot headers and use @INPUT@ for linking
  * boot: Only build with debug symbols in developer mode
  * meson: Remove test-efi-create-disk.sh
  * meson: Use same name format for efi binary intermediates
  * meson: Use --no-wchar-size-warning
  * boot: Optimize unique title generation
  * boot: Use ASSERT_PTR
  * boot: Also NUL-terminate for CHAR16 in file_reaad
  * boot: Add screen resolution to print status
  * boot: Fix some error messages
  * boot: Correctly check the return value of CheckEvent
  * generator: Rename password arg
  * boot: Properly check status code of console_key_read
  * boot: Handle shift and logo keys too
  * test: Use TEST macros in more places
  * test: Use C11 UTF-16 string literal
  * test-journal-syslog: Add some valid priority cases
  * boot: Draw unicode separator line for status messages
  * meson: Add efi-cflags option
  * meson: Add support for building efi binaries on multilib
  * boot: Restrict block IO buf size
  * ci: Add ia32 EFI multilib test
  * boot: Fix integer format specifiers
  * boot: Use correct device root when loading device trees
  * boot: Add missing continue statements
  * tree-wide: Simplify variable declarations behind #ifdef
  * boot: Mark loader.conf settings with (config)
  * meson: Exit early with subdir_done()
  * meson: Remove check-compilation.sh
  * meson: Use meson test suite feature
  * meson: Add -Wall and -Wextra to header checks
  * boot: Fix null pointer dereference
  * meson: Compile with -ftrivial-auto-var-init=zero in release mode
  * boot: Build with C11 too
  * macro: Use C11 static_assert
  * macro: Use C11 noreturn only
  * boot: Build with -flto=auto if available
  * boot: Use cleanup handler to unload image
  * fundamental: Move some helpers into string-util-fundamental
  * boot: Edit config entry options inline
  * boot: Keep initrds separate from cmdline options
  * boot: Add LINUX_INITRD_MEDIA support to boot.c
  * boot: Support booting in EFI mixed mode
  * bootctl: Add EFI arch detection support
  * boot: Remove trivial config entry add helpers
  * boot: Rename functions adding entries to match userspace
  * test: Test STRLEN for C11 string literals
  * boot: Fix bad CompareMem call
  * macro: Move attribute defintions to macro-fundamental
  * meson: Document why -Wimplicit-fallthrough is not used with clang
  * clang-format: Adjust style of pointers
  * meson: Build header tests with -pedantic
  * boot: Use stddef.h offsetof
  * boot: Add strlen8/16
  * boot: Use strlen8/16
  * boot: Add strcmp8/16
  * boot: Use strcmp8/16
  * boot: Use strcmp16 for cpio sorting
  * boot: Add strtolower8/16
  * boot: Use strtolower8/16
  * boot: Add strcpy8/16
  * boot: Use strcpy8/16
  * boot: Add strchr8/16
  * boot: Use strchr8/16
  * boot: Add strsize8/16
  * boot: Use strsize8/16
  * boot: Add memcmp/memcpy/memset
  * boot: Use memcmp/memcpy/memset
  * boot: Add xstrdup8/16
  * boot: Use xstrdup8/16
  * boot: Add efi_fnmatch
  * boot: Drop use of MetaiMatch
  * boot: Drop use of LibGetSystemConfigurationTable
  * boot: Drop use of LibOpenRoot
  * boot: Drop use of LibLocateProtocol
  * boot: Drop use of DevicePathFromHandle
  * boot: Add xmalloc
  * boot: Use xmalloc
  * boot: Drop use of FileDevicePath
  * boot: Drop use of UnpackDevicePath
  * boot: Drop use of LibLocateHandle
  * boot: Don't copy device path
  * boot: Drop use of DuplicateDevicePath
  * shutdown: Rename umount_log_level and make it a bool
  * shutdown: Log processes that block umount
  * shutdown: Lazy unmount /oldroot/{dev,proc,sys}
  * boot: Add parse_number8/16
  * boot: Drop use of Atoi
  * boot: Use parse_number16 for boot counter parsing
  * efi-string: Remove one more |= for bool
  * boot: Mark memcmp/memcpy/memset aliases as used
  * boot: Use memcpy/memset provided by firmware
  * meson: Reorder cflags for sd-boot
  * bootspec: Add PE file name to log messages
  * boot: Fix calls to ResetSystem
  * sha256: Use stdbool and uintptr_t
  * fundamental: Remove types-fundamental.h
  * boot: Rename remaining EFI_STATUS vars to err for consistency
  * boot: Remove use of EFI_ERROR
  * boot: Use stdint types
  * boot: Use char16_t
  * boot: Use char
  * boot: Use stdbool
  * boot: Use open_volume when creating cpio
  * boot: Use void for base pointer
  * boot: Constify PE sections type
  * boot: Use typedef for PE structs
  * boot: Use UEFI protocol struct names
  * boot: Use uintptr_t when converting EFI_PHYSICAL_ADDRESS
  * boot: Use int instead of INTN
  * boot: Remove _cleanup_freepool_
  * bcd: Use std alignof
  * bcd: Clean up includes
  * man: Miscellaneous fixes
  * boot: Follow-up fixes for #20255
  * man: Add instructions for Microsoft secure boot keys
  * boot: Skip safety countdown when running in a VM
  * boot: Build with at least -O1 as workaround
  * stub: Use EfiLoaderCode for kernel memory
  * meson: Test correct efi linker for supported args
  * Use correct label for boot related issues
  * ci: Add mold to build tests
  * meson: Downgrade efi-ld warning
  * shutdown: Fix last try detection
  * mkosi: Print logs of failing tests
  * tree-wide: Use correct format specifiers
  * efivars: Parse into unsigned
  * journal: Show grcrypt error message instead of a raw code
  * tree-wide: Mark some constants as unsigned
  * tree-wide: Fix a some remaining format warnings by casting
  * tree-wide: Fix format specifier warnings for %x
  * tree-wide: Fix field width specifier warnings
  * meson: Compile with -Werror=format-signedness
  * tree-wide: Use devnum helpers in a few more places
  * boot: Add mempcpy
  * boot: Use mempcpy
  * boot: Fix device path unaligned access
  * boot: Refuse GPT with invalid entry size
  * boot: Correctly handle shift keys
  * boot: Accept Ctrl+Del for deleting words
  * boot: Use proper scan codes
  * boot: Avoid magic values in timeout EFI vars
  * boot: Be more explicit where to look for sections
  * boot: Try to detect overlapping PE sections
  * boot: Change the way we provide builtins
  * stub: Fix above 4G boot
  * stub: Provide a proper boot params page
  * stub: Refuse operating above 4G if not supported
  * stub: Refuse operation if kernel lacks EFI handover support
  * stub: Properly clean up pages on error
  * stub: Remove unnecessary asm cli call
  * stub: Be explicit about EFI handover calling convention
  * stub: Always use LINUX_INITRD_MEDIA_GUID if available
  * fuzz-bcd: Do not include bcd.c
  * fuzz: Introduce DO_NOT_OPTIMIZE
  * fuzz: Add fuzzer for some efi string functions
  * boot: Make efi_fnmatch non-backtracking
  * stub: Remove unused function parameter
  * meson: Fix build with --optimization=plain
  * boot: Add device_path_to_str
  * boot: Use device_path_to_str
  * stub: Correctly handle multi node file paths
  * boot: Always reconnect all drivers
  * bootctl: Also display the root for entry paths
  * boot: Correctly handle @saved default patterns
  * stub: Fix booting with old kernels
  * stub: Rename image parameter
  * stub: Use LoadImage/StartImage to start the kernel
  * boot: Remove unused parameters from pe_kernel_info
  * boot: Use proper security arch protocol names
  * stub: Allow loading unsigned kernel images
  * boot: Rework shim image verification
  * macro: Use more correct type in IN_SET
  * macro: Simply case macros for IN_SET
  * boot: Mark some functions as static
  * NEWS: Clarify overlapping UKI PE section offsets
  * coverage: Mark _coverage__exit as noreturn
  * boot: Silence driver reconnect errors
  * boot: Fix error message
  * boot: Fix memory leak
  * boot: Do not require a loaded image path
  * boot: Manually convert filepaths if needed
  * boot: Rework security arch override
  * boot: Replace firmware security hooks directly
  * boot: Add xstrn8_to_16
  * boot: Use xstr8_to_16
  * boot: Use xstr8_to_16 for path conversion
  *  stub: Fix cmdline handling
  * stub: Fix splash alpha blending
  * stub: Small code style changes
  * stub: Detect empty LoadOptions when run from EFI shell
  * boot: Use EFI_BOOT_MANAGER_POLICY_PROTOCOL to connect console devices
  * boot: Make sure all partitions drivers are connected
  * boot: Only do full driver initialization in VMs
  * ukify: Fix section offset calculation
  * Revert "boot: Use EFI_BOOT_MANAGER_POLICY_PROTOCOL to connect console devices"
  * bootctl: Fix NULL pointer dereference
  * boot: Remove option TPM PCR compat option
  * boot: Simplify object erasure
  * ukify: Fix tools detection if --tools was not passed
  * man: Use ukify instead of objcopy in examples
  * boot: Detect hypervisors using SMBIOS info
  * boot: Skip soft-brick warning when in a VM
  * boot: Fix missed argument to Print()
  * boot: Add printf functions
  * boot: Use printf for error logging
  * boot: Introduce log_wait
  * boot: Add log_trace debugging helper
  * tree-wide: Use __func__ in asserts
  * boot: Drop use of xpool_print/SPrint
  * boot: Drop use of Print
  * boot: Properly strip EFI binaries
  * boot: Drop use of GuidToString
  * boot: Drop use of ValueToString
  * boot: Rework GUID handling
  * boot: Simplify debug hook
  * boot: Introduce DEFINE_EFI_MAIN macro
  * boot: Stop linking against libefi.a
  * meson: Move bootctl sources defintion to its own file
  * meson: Use python module for detection
  * meson: Do not include headers in source lists
  * boot: Replace UINTN with size_t
  * boot: Use unsigned for beep counting
  * boot: Use unicode literals
  * boot: Use aarch64 virtual counter
  * meson: Remove unused variables
  * meson: Properly install 90-uki-copy.install
  * meson: Install all catalogs
  * meson: Install missing network file
  * meson: Install missing bash-completions
  * meson: Install missing udev rule
  * meson: Use files() in one more place
  * man: Use sbsigntools for secure boot key generation example
  * boot: Add if-safe mode for secure boot enrollment
  * git: Ignore mkosi secure boot keys
  * ci: Test with secure boot enabled under mkosi
  * boot: Fix undefined reference to raise() on arm
  * boot: Ensure raise() is not dropped by LTO
  * boot: Fix assertion failure
  * boot: Drop use of efigpt.h
  * boot: Use C escape sequence for control chars
  * boot: Query EFI var size before fetching them
  * boot: Provide our own EFI API headers
  * meson: Add simple_tests list
  * meson: Use dicts for test definitions
  * meson: Add simple_fuzzers list
  * meson: Use dicts for fuzzer definitions
  * stub: Fix unaligned read
  * fundamental: Drop some unnecessary ifdefs
  * boot: Do not use errno.h/inttypes.h
  * boot: Drop _harder suffix
  * boot: Move disk_get_part_uuid into part-discovery.c
  * boot: Split out device path functions
  * boot: Remove some device path helper macros
  * boot: Move more device path helpers to device-path-util.c
  * boot: Add GUID format helper macro
  * boot: Take advantage of packed device paths
  * tree-wide: Use correct SPDX license identifier
  * boot: Fix data model detection for ARM
  * boot: Provide div0 handlers for ARM
  * meson: Introduce userspace dep
  * tree-wide: Drop gnu-efi
  * boot: Bring back bootloader builds
  * boot: Fix debug experience
  * boot: Add RISCV32 and LoongArch support
  * ci: Adjust for new EFI build
  * boot: Fix unused function warning
  * meson: Use static library for EFI tests
  * stub: Remove overlapping PE section warning
  * boot: Detect nested assertions
  * boot: Add support for -fstack-protector
  * boot: Add support for -ftrapv
  * meson: Share more C flags
  * boot: Add undefined sanitizer support
  * ukify: Use pefile to add sections to EFI stub
  * ukify: Add riscv32 and loongarch support
  * ukify: Strip symbol/string table for old stubs
  * boot: Fix alignment of long long inside structs on x86
  * boot: Use compiler intrinsic for TSC
  * boot: Rework timer frquency reading
  * boot: Use CPUID to detect TSC frequency
  * boot: Fix EFI_SIZE_TO_PAGES macro
  * stub: Relocate kernels below 4G for EFI handover
  * boot: Use correct memory type for allocations
  * boot: Read files in small chunks on broken firmware
  * elf2efi: Do not emit an empty relocation section
  * boot: Fix memory leak
  * boot: Unify protocol opening
  * meson: Use fs module in more places
  * meson: Use build_tgt.name()
  * boot: Move custom device path string creating into its own function
  * boot: Split log_hexdump()
  * boot: Improve device_path_to_str_internal()
  * boot: Fix build for x32
  * boot: Fall back to using image load address for stack guard
  * elf2efi: Fix header size calculation
  * stub: Also reserve sections for EFI stub
  * bless-boot: Actually return successfully
  * boot: Fix boot counting for XBOOTLDR entries
  * boot: Make file info size a constant
  * meson: Use feature options
  * meson: Convert fidsk to meson feature
  * meson: Convert options to meson features (find_library fallback)
  * meson: Convert dbus to meson feature
  * meson: Convert options to meson features (require)
  * meson: Convert bpf-framework to meson feature
  * meson: Convert more options to meson features
  * meson: Drop skip-deps option
  * meson: Simplify efi test/fuzz definitions
  * meson: Bring back use of vcs_tag
  * meson: Fix version script
  * ask-password: Use unicode for password echo
  * ci: Remove custom build step names
  * ci: Use add-apt-repository to enable sources
  * ci: Use apt-get in favor of apt
  * ci: Don't produce debug output for build tests
  * ci: Do not run build test as root
  * man: Add new Microsoft CAs to example
  * efi: Add some more paranoia asserts
  * meson: Fix version script handling
  * elf2efi: Rework ELF section conversion
  * elf2efi: Check ELF image base if possible
  * elf2efi: Add next_section_address helper
  * elf2efi: Add --copy-sections option
  * boot: Lift linker requirements
  * ci: Update compiler build matrix
  * elf2efi: Add GNU_RELRO support
  * man: Adjust Microsoft UEFI certificate links
  * man: Verify Microsoft keys
  * meson: Pass all -static-pie args to linker
  * test: Remove unnecessary test prefix
  * boot: Move parse_boolean to efi-string
  * boot: Move line_get_key_value to efi-string
  * boot: Fix OOB reads in conf/osrel parsing
  * fuzz: Add fuzzer for efi conf/osrel parsing
  * meson: Fix unused format parameter warning

  [ Lukas ]
  * stub: NULL checks for DeviceHandle and FilePath

  [ Priit Laes ]
  * systemd-journal-upload: Increase failure tolerance (#19426, #2877)

  [ Reto Schneider ]
  * man/systemd.exec: Update service result table

  [ Jordan Williams ]
  * Revert "Revert "meson: use c_args in generator scripts (#10289)""

  [ PhylLu ]
  * timedate: Extend timeout for setting NTP

  [ Laszlo Gombos ]
  * man: fix example for systemd.swap-extra

  [ Martin Beneš ]
  * add udev rule for micmute (f20)

  [ G2-Games ]
  * Fix a typo in `systemctl-enable.c`

  [ felixdoerre ]
  * journalctl: verify that old entries are not sealed with too recent key (#28885)

  [ Jade Lovelace ]
  * oomd: print dry run output at INFO level
  * man/systemd-oomd.service: Document command line options
  * analyze: add tooltips with dependency information to "plot"
  * NEWS: systemd-analyze plot tooltips

  [ NRK ]
  * udevadm: avoid side-effect in assert()
  * macro: use __builtin_unreachable on NDEBUG

  [ Benjamin Peterson ]
  * resolve: tolerate merging a zero-ttl RR and a nonzero-ttl RR if not mDNS

  [ Max Kellermann ]
  * test/test-chown-rec: skip ACL tests if kernel has no ACL support
  * test/test-execute: skip PrivateNetwork tests if kernel has no dummy netdevice support

  [ Valentin Lefebvre ]
  * ukify: explicitly import attribute

  [ Bertrand Jacquin ]
  * virt: detect Amazon EC2 Nitro instance
  * machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
  * resolved: never respond to .alt pseudo-TLD.
  * resolved: register ipv4only.arpa are private domain

  [ Balázs Úr ]
  * po: Translated using Weblate (Hungarian)

  [ beh_10257 ]
  * add support for hp pavilion gaming 15 lid switch (#29304)

  [ Alexandre Peixoto Ferreira ]
  * sd-dhcp-client: reject NAKs from servers that we did not send an offer to (#29290)

  [ RoepLuke ]
  * Add recommended initramfs regeneration

  [ Jordan Rome ]
  * core: change 'basename' to 'path_extract_filename'
  * Add mkosi.conf to gitignore

  [ Tomasz Świątek ]
  * hwdb: Bush tablet rotation support (#29268)

  [ IllusionMan1212 ]
  * hwdb: add mic mute key mappings for Acer Predator Triton 300 SE

  [ commondservice ]
  * hwdb: Add quirk for teclast x3 plus (G4K3) rotation (#29202)

  [ Michael Kuhn ]
  * hwdb: Add Logitech G502 X

  [ Tj ]
  * doc: Scope is automatic for IPv6 address

  [ Alvin Alvarado ]
  * man: Fix typo in config file example for ukify
  * ukify/man: Look for a config file in systemd folders if not specified

  [ Christian Kirbach ]
  * po: Translated using Weblate (German)

  [ khm ]
  * Update 60-input-id.hwdb: add TEX Shinobi (#29068)

  [ Victor Westerhuis ]
  * Do not require a valid version when parsing sd-boot loader entries
  * userdbd: Order systemd-userdbd.service after systemd-remount-fs.service

  [ Robby Red ]
  * hwdb: Added config for RCA W101SA23T1 (#29041)

  [ pelaufer ]
  * Adding client_set_state to sd-dhcp-client.c to support a client state change hook
  * Add dhcp client prefix lease information to networkd json output
  * Adding dhcp_state_to_string and dhcp client state change logging
  * Adding dhcp client and dhcp6 client state interface
  * Adding dhcp client and dhcp6 client dbus status interface
  * Adding tests for dhcp client and dhcp6 client dbus state interface

  [ Christian Hergert ]
  * oomd: avoid unnecessary wake-ups for ManagedOOMSwap

  [ OMOJOLA JOSHUA ]
  * added a unit test for a function in "argv-utils.c" (#26760)
  * src: changed instances of sd_bus_call_method() to bus_call_method() (#26819)
  * updated usage of SD_BUS_METHOD_WITH_NAMES macros to SD_BUS_METHOD_WIT… (#26840)
  * Remove battery level check at early boot from TODO
  * PID1: detect battery level in initrd and if low refuse continuing to boot, print message and shut down.
  * Add tool to display emergency log message full-screen on boot failure.
  * systemd-bsod: Add "--continuous" option
  * Make systemd-bsod not a public binary
  * Journal: Add message IDs for emergency-level log messages

  [ Milton D. Miller II ]
  * NEWS: Typo

  [ Mathieu Tortuyaux ]
  * sysext: support EXTENSION_RELOAD_MANAGER metadata
  * sysext: fix `--root=` support
  * sysext: skip the reload if `--root=` is provided

  [ Chris Patterson ]
  * 99-systemd.rules.in: tag PTP devices with systemd

  [ Michael Vasseur ]
  * pkg.m4 macro needs brackets

  [ Daniel Andersson ]
  * Add systemd-sysupdate

  [ Juno Computers ]
  * hwdb: add support for Jun Tab2/Dere T11 to 60-sensor.hwdb (#28092)
  * Update 60-sensor.hwdb (#28804)

  [ Jan Kuparinen ]
  * po: Added translation using Weblate (Finnish)
  * po: Translated using Weblate (Finnish)
  * po: Translated using Weblate (Finnish)
  * po: Translated using Weblate (Finnish)
  * po: Translated using Weblate (Finnish)
  * po: Translated using Weblate (Finnish)
  * po: Translated using Weblate (Finnish)
  * po: Translated using Weblate (Finnish)
  * po: Translated using Weblate (Finnish)

  [ Maarten ]
  * po: Translated using Weblate (Dutch)

  [ Johannes Segitz ]
  * test: Check that SELinux policy is available before running SELinux test (#28868)

  [ Brian Norris ]
  * tools: update-hwdb-autosuspend.sh: Point at HEAD, not master branch

  [ Michael A Cassaniti ]
  * repart: Set sector size of loopback devices
  * file-io: Fix copying sparse files
  * sysupdate: Use sector size for partition size calculations
  * repart: Add verity configuration section and options

  [ Kiran Vemula ]
  * resolved: added serve stale feature implementation of RFC 8767
  * resolved: Initialize until_valid while storing negative/NXDOMAIN  response in the cache
  * resolved: added show-server-state verb and DumpStatistics  varlink method
  * resolved: fixed bugs reported in varlink statistics (#28796)

  [ Warren ]
  * p11kit: check the flags associated with the slot instead of flags associated with the token

  [ Rahil Bhimjiani ]
  * [sd-boot] improve documentation of beep
  * man: kernel-install(8) add uki.conf in FILES & add ukify(1) in SEE ALSO

  [ mordner ]
  * man: fix typo in journalctl

  [ Vincent Haupert ]
  * repart: derive verity salt and uuid from seed

  [ Kingbom Dou ]
  * timesyncd: emit signal when timesyncd NTPServers property changes

  [ Maxim Mikityanskiy ]
  * hwdb: Add Fn+F12 on HP Dragonfly G2 and mute extra rfkill keys
  * hwdb: Mute SW rfkill keys on MSI Wind U100

  [ Etienne Dechamps ]
  * NEWS: PrivateNetwork implies PrivateMounts

  [ Curtis Klein ]
  * watchdog: saturate to kernel's max watchdog timeout
  * watchdog: Add watchdog pretimeout support
  * watchdog: check pretimeout governor
  * watchdog: Allow the watchdog to be disabled at runtime

  [ Sven Joachim ]
  * mkosi: set CONFIG_AUTOFS_FS rather than CONFIG_AUTOFS4_FS

  [ Petr Menšík ]
  * Include in manual what DNSSEC=no means in detail

  [ Haochen Tong ]
  * hwdb: add bluetooth entry for Logitech MX Anywhere 2S
  * analyze: fix table time output
  * home: fix segfault when parsing arguments in PAM module
  * zsh: fix disable/enable completion
  * tools/make-man-index: fix purpose text that contains tags
  * execute: fix the condition of private mounts for user namespacing
  * NEWS: fix typo

  [ Fuminobu TAKEYAMA ]
  * core: fix race condition during startup of a service with ExitType=cgroup

  [ Roger Gammans ]
  * Add alternate name for MX Ergo as found on some devices

  [ Micah Abbott ]
  * docs: cleanups to ROOT_STORAGE_DAEMONS

  [ Lily Foster ]
  * fstab-generator: use correct targets when /sysroot is specificied in fstab only
  * fstab-generator: add SYSTEMD_SYSFS_CHECK env var
  * test: add fstab file support for fstab-generator tests
  * fstab-generator: unify initrd-root-device.target dependency handling code

  [ Richard Phibel ]
  * analyze: Migrate to bus-locator.h
  * mkosi: Add package libfdisk to Ubuntu dependencies (#24211)
  * config-parser: Add list of drop-in files as return argument of config_parse_many
  * repart: Add support for drop-in overrides
  * repart: add test for drop-in files
  * repart: add support for list of definitions directories
  * man: document support for list of definitions directories in systemd-repart
  * man: document support for drop-in files in systemd-repart
  * journald: use rate-limited logging to log 'Failed to write entry' message
  * systemctl: add support for --image option
  * coredumpctl: Add support for the --root option
  * coredumpctl: Add support for the --image option
  * coredumpctl: Add support for the --root option (after merge fixes)
  * log: Switch logging to runtime when FS becomes read-only
  * core: add OpenFile setting
  * core: Don't GC unit if it is in cgroup_empty_queue
  * core: Handle cgroup pruning in on_cgroup_empty_event
  * Fix failing test
  * service: add new RestartMode option
  * service: fix for RestartMode=direct option

  [ Egor Ignatov ]
  * time-set: adjust system clock if rtc is far in future
  * shared: add password quality check abstraction layer to support both pwquality and passwdqc
  * shared: add libpasswdqc support

  [ Andrew Baxter ]
  * Hwdb: Add Sanwa Direct 400-MA128 external trackpad (#28272)

  [ Thomas Genty ]
  * hwdb : add support for Archos 101 Cesium Educ to 60-sensor.hwdb
  * hwdb: add support for Archos 101 Cesium to 60-sensor.hwdb (#28270)

  [ Igor Tsiglyar ]
  * journal-remote: upload journals from namespace

  [ Ivan Vecera ]
  * udev-builtin-net_id: align VF representor names with VF names

  [ Yuxiang Zhu ]
  * network: Add `IgnoreDdontFragment=` option for Fragmentation control (#28131)

  [ Franklin Yu ]
  * Fix cross-reference of manual for LogsDirectory
  * man: mention the newly-added XDG_STATE_HOME

  [ Hoe Hao Cheng ]
  * hwdb: fix volume control keys on Lenovo IdeaPad Flex 5 (14ARE05)

  [ Steven Luo ]
  * replace basename() with path_extract_filename() in resolved-resolv-conf.c (#28114)

  [ François Rigault ]
  * test: don't assume yum is a script

  [ Romain Geissler ]
  * elf-util: discard PT_LOAD segment early based on the start address.
  * elf-util: check for overflow when computing end of core's PT_LOAD segments

  [ Jan Luebbe ]
  * hwdb: analyzers: remove generic "STM Device in DFU Mode"
  * man: correct reference to sd_id128_get_boot_app_specific

  [ licunlong ]
  * main: log which process send SIGNAL to PID1
  * main: drop get_process_cmdline from crash handler
  * test: add a testcase for reexecuting with background mount job
  * sd-bus: make bus_add_match_full accept timeout
  * core/unit: add get_timeout_start_usec in UnitVTable and define it for service
  * core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout
  * core/dbus-manager: also show DefaultIOAccounting and DefaultIPAccounting
  * basic/env-file: also change to state PRE_KEY if we see NEWLINE in state COMMENT_ESCAPE
  * NEWS: note the incompatible change of EnvironmentFile

  [ Sam Morris ]
  * resolved: have the stub resolver listen on both TCP and UDP by default
  * nss: prevent PROTECT_ERRNO from squashing changes to *errnop
  * docs: note that udev doesn't deal with binary attribute values (#11383)
  * Resource control manpage fixup (#28046)

  [ Gibeom Gwon ]
  * homed: remember the secret even when the for_state is FIXATING_FOR_ACQUIRE
  * qrcode-util: set case-sensitive for generating QR codes
  * homed: allow systemd-homed access to FIDO2 devices
  * cryptenroll: fix wrong error messages
  * calendarspec: fix possibly skips next elapse
  * homework: resize to maximum disk space if disk size is not specified

  [ zhmylove ]
  * journalctl: add --truncate-newline option

  [ Joyce ]
  * ci: Enable Scorecard Github Action and Badge (#25054)
  * Fix scorecard version comment format (#28027)
  * Update badge on README to refer new scorecard viewer (#28050)

  [ Henrik Holst ]
  * network: make degraded-carrier bond/bridge as routable (#27776)

  [ Joyce Brum ]
  * Squashed commit of the following:

  [ Anatoli Babenia ]
  * man: document "s" is default --vacuum-time= suffix

  [ Benjamin Raison ]
  * hwdb: fix arrow keys on HP Elite Dragonfly G3

  [ Alfred Klomp ]
  * integritysetup: support mode=(journal|bitmap|direct)

  [ Cyril Roelandt ]
  * Fix zsh completion for "localectl set-locale"

  [ Balló György ]
  * kbd-model-map: change the order of Hungarian keymaps

  [ Simon Braunschmidt ]
  * 99-systemd.rules.in: guard systemd-backlight udev rules by ENABLE_BACKLIGHT

  [ Stefan Roesch ]
  * add support for KSM

  [ jonathanmetzman ]
  * ci: Report results from CIFuzz using SARIF

  [ Asier Sarasua Garmendia ]
  * po: Translated using Weblate (Basque)

  [ Hannu Lounento ]
  * man: fix sd_journal_*_with_location's func argument

  [ Rene Hollander ]
  * Add --efi-boot-option-description argument to bootctl to control the name of the boot
  * Add DHCPServer information to JSON output.
  * networkd/dhcpserver: Save and expose the client hostname sent when requesting a DHCP lease.

  [ Times-Z ]
  * hwdb: add support for Elgato Stream Deck mini (gen 2)

  [ Russell Harmon ]
  * Support no-journal for dm-integrity devices.

  [ Will Fancher ]
  * sysroot: Support x-systemd.makefs
  * sysroot: Order systemd-fsck-root after systemd-makefs
  * mount: Include After=local-fs-pre.target by default in initrd
  * tmpfiles: Test C-style escape sequences
  * tmpfiles: Allow C escapes

  [ Stanislaw Gruszka ]
  * rules: add rule for accel devices

  [ msizanoen1 ]
  * cgroup-util: Properly handle conditions where cgroup.threads is empty after SIGKILL but processes still remain
  * resolve: persist DNSOverTLS configuration in state file
  * shared/logs-show: do not overwrite journal time in export format with source timestamps
  * journald: harden against forward clock jumps before unclean shutdown
  * journal: fix indentation in managed_journal_file_open_reliably
  * sleep: always thaw user.slice even if freezing failed
  * core/slice: skip member units without realized cgroup during freeze or thaw
  * core/cgroup: thaw slice of unit when thawing unit
  * core/unit: allow overriding an ongoing freeze operation
  * core/cgroup: ignore kernel cgroup.events when thawing
  * core/sleep: set timeout for freeze/thaw operation to 1.5 seconds
  * core: pending_freezer_{message => invocation}
  * udev: match device tags in rules using current device tags
  * journal: enforce strict consistency for realtime timestamps on write
  * test-journal-flush: don't fail on -EREMCHG
  * journal: handle clock rollback error in managed_journal_file_open_reliably
  * unit: always return 1 in log_kill
  * escape: Ensure that output is always valid UTF-8
  * test-escape: Add tests for escaping bogus UTF-8 sequences
  * escape: add missing non-NULL parameter assertions
  * core: check for SERVICE_RELOAD_NOTIFY in manager_dbus_is_running
  * core: Do not check child freezability when thawing slice

  [ Mateusz Poliwczak ]
  * nss-resolve: report EAI_NODATA

  [ Matt Johnston ]
  * man: fix sd_bus_add_node_enumerator() ret_nodes
  * busctl: Add space before "tree" paths for copying

  [ nikstur ]
  * man: use correct name for --bank option

  [ saikat0511 ]
  * Fix volume control keys for Lenovo Ideapad Flex 5
  * hwdb: fix keyboard entry for IdeapadFlex5 (#27643)

  [ Robert Scheck ]
  * network, meson: allow statically linked build
  * timesync, meson: allow statically linked build
  * boot, meson: allow statically linked build
  * portable, meson: allow statically linked build

  [ Maksim Kliazovich ]
  * po: Translated using Weblate (Belarusian)

  [ drosdeck ]
  * Fix Positivo DUO k116 key toggle touchpad
  * Fix key toggle touchpad and programmable buttom for Positivo Motion CW14Q01P #24909
  * Fix key toggle touchpad and programmable buttom for Positivo N14
  * Fix key toggle and programmable button for Positivo N14ZP
  * Fix Positivo MASTER-N1110 key toggle touchpad
  * Fix Positivo-vaio VJPW12F11X key toggle touchpad
  * Fix Positivo CF40CM-V2 key toggle touchpad

  [ Xi Ruoyao ]
  * tmpfiles: do not create /run/nologin if PAM is disabled
  * sd-bus: bus_message_type_from_string is not pure

  [ Marko Korhonen ]
  * shell completion: add timesync-status and show-timesync to zsh completion file (#27574)

  [ Miao Wang ]
  * doc: remove legacy DefaultControlGroup from dbus properties

  [ Janne Sirén ]
  * hwdb: add landscape IdeaPad Miix 310 sensor orientation (#27555)

  [ Klaus Zipfel ]
  * crypttab: Support for VeraCrypt PIM and detached headers for TrueCrypt/VeraCrypt (#27548)

  [ OMOJOLA ]
  * tpm2 PCRs: fix unchecked attempt to set PCR[24]

  [ Christopher Gurnee ]
  * man: small fixes to systemd.time Calendar Events

  [ Klaus ]
  * docs: add correct `pacman` command (#27486)

  [ don bright ]
  * hwdb: add hardware rfkill key for Dell Latitude E6* models (#27462)

  [ Brad Fitzpatrick ]
  * man: clarify RoutingPolicyRule.TypeOfService docs

  [ David Edmundson ]
  * path-lookup: Use default value for XDG_CONFIG_DIRS if environment is not set
  * docs: Change suffix for desktop applications to support non-transient services
  * docs: Document xdg-autostart parameter X-systemd-skip
  * xdg-autostart: Generate autostart services with templated name
  * xdg-autostart-service: Use common boolean parser
  * xdg-autostart-service: expand tilde in Exec lines
  * xdg-autostart-service: Add comments to tilde expansion, use path_join()
  * xdg-autostart-service: handle gnome autostart phase better on other desktops

  [ Eric Curtin ]
  * Support /etc/system-update for OSTree systems

  [ Lawrence Thorpe ]
  * docs: fix LoadCredentialEncrypted example (#27387)

  [ Wolfgang Müller ]
  * cryptsetup-fido2: Depend on libcryptsetup

  [ 07416 ]
  * a colloquial abbreviation 'btw' in TEMPORARY_DIRECTORIES.md (#27365)

  [ Gustavo Noronha Silva ]
  * Apply known iocost solutions to block devices

  [ Robert Meijers ]
  * networkd: fallback to chaddr for static lease lookup when not found

  [ Quintin Hill ]
  * dissect-image: fix log level in dissect_log_error

  [ Paolo Velati ]
  * hwdb: Fix rotation for BMAX Y13

  [ Florian Klink ]
  * man: tmpfiles.d: list missing q
  * meson.build: drop unused SYSTEMD_SLEEP_BINARY_PATH
  * resolved-dns-query: remove dns_query_candidate_is_routable
  * network: fix DHCPv6 Prefix Delegation example after option rename
  * homed: fix log message to honor real homework path
  * man/systemd.netdev: clarify the wireguard AllowedIPs= setting
  * network: fix typo
  * network: fix IPv6PrivacyExtensions=kernel handling
  * man: stop recommending putting myhostname after dns
  * man: document nss-{resolve,myhostname} resolving in the other direction, too
  * fsck: look for fsck binary not just in /sbin
  * fsck: use execv_p_ and execl_p_

  [ jcg ]
  * Fix typo
  * mount-setup: don't need to mount /sys/fs/pstore if there is no ENABLE_PSTORE
  * user-util:remove duplicate includes

  [ Benjamin Herrenschmidt ]
  * virt: Improve detection of EC2 metal instances
  * udev: net_id: introduce predictable names for xen-netfront
  * virt: Further improve detection of EC2 metal instances

  [ Fran Diéguez ]
  * po: Translated using Weblate (Galician)

  [ ZjYwMj ]
  * Synposis and description of networkctl man page reflecting only part of its functionality  (#27264)

  [ OMOJOLA JOSHUA DAMILOLA ]
  * compare-operator: added unit tests
  * compare-operator:unit test
  * added more test cases
  * test: fixed negative checks in TEST-70-TPM2.
  * src: changed usage of basename() to path_extract_filename().
  * systemd-cryptenroll: add string aliases for tpm2 PCRs

  [ Sjoerd Simons ]
  * repart: Discard from/to first/last usable lba

  [ David Schroeder ]
  * pid1: fix coredump_filter setting

  [ Thierry Martin ]
  * nspawn: container network interface naming

  [ Tanishka ]
  * Modified to use STRV_MAKE() in strv_env_name_is_valid() function listed in env-util.c

  [ Bill Peterson ]
  * hwdb: add matrix for Asus BR1100F (#27197)

  [ Masatake YAMATO ]
  * busctl: add --xml-interface to the help message
  * shell-completion: add --xml-interface option of busctl to the rules

  [ Olivier Gayot ]
  * localed: fix invalid free after shifting pointers using strstrip

  [ Uwe Kleine-König ]
  * udev: add debug logs for delaying and delegation of events
  * Add support for conditions on the machines firmware
  * man/systemd-mount: Clearify documentation about --bind-device

  [ Dmitrii Fomchenkov ]
  * hwdb: Add support for "Passion Model P612F"

  [ Sorah Fukumori ]
  * man: netdev: Clarify wireguard IPv6 endpoint format

  [ maanyagoenka ]
  * os-util: add a new confext image type and the ability to parse their release files
  * extension-release: establish compatibility between host file and extension-release file
  * confext: add multi call functionality to sysext
  * confext: add the systemd-confext.service file
  * confext: add tests for systemd-confext
  * test-os-util: add tests for sysext and confext release files
  * confext: documentation and man page updates for confext
  * confext: shell completion for systemd-confext

  [ William Roberts ]
  * tpm2: add bind key
  * cryptsetup: use TPM flags over bool
  * docs/HACKING.md: clarify some portions
  * tpm2: add salt to pin
  * sha256: header needs stddef
  * tpm2: add support for a trusted SRK
  * tpm2: fix nits from PR #26185

  [ dmkUK ]
  * update 60-sensor.hwdb with toshiba tablet (#27103)

  [ taniishkaaa ]
  * hwdb: fix Wifi toggling for Haier 7G-Series/JWU (#25293) (#26878)
  * hwdb: Fix incorrect touchpad dimensions on Thinkpad L14 Gen1 (#26937)
  * hwdb: Fixed thumb buttons reversed on CHERRY MW 2310 (#26992)
  * Added unit test for strv_env_name_is_valid() function listed in env-util.c (#27100)

  [ Andrei Stepanov ]
  * po: Translated using Weblate (Russian)

  [ Gertalitec ]
  * Define $KERNEL_INSTALL_UKI_GENERATOR

  [ Tobias Powalowski ]
  * ukify: allow uncompressed kernel images for UNAME detection on aarch64 and riscv64 (#26929)

  [ Velislav Ivanov ]
  * po: Translated using Weblate (Bulgarian)

  [ Addison Snelling ]
  * man: fix misspelled executable name (#26858)

  [ Cornelius Hoffmann ]
  * Update github issue template to include systemd-dissect

  [ bri ]
  * Add rebrands of Medion Akoya notebooks/tablets

  [ Thomas Weißschuh ]
  * hwdb: add entry for Zowie FK2 mouse (#13139)
  * userdbctl: initialize parameter `n` for uid_range_load_userns()
  * missing: add memfd exec flags
  * memfd-util: add wrapper for memfd_create
  * treewide: memfd_create: use exec flags

  [ EinBaum ]
  * hwdb: 60-keyboard.hwdb: Fix modalias for Thinkpad X200 Tablet (#26795)

  [ tofylion ]
  * hwdb: update 70-mouse.hwdb (#26782)

  [ Morten Linderud ]
  * man/systemd-cryptenroll: Fix sd-boot manvolnum from 8 to 7
  * man: correct minor mistakes in systemd-creds
  * src: Fixup copy-paste error for terminal_urlify_man
  * man: Fix pcrphase.service manvolnum from 1 to 8

  [ Jeidnx ]
  * man: fix typo in ukify page

  [ Chitoku ]
  * timesync: stop re-sync on network configuration change when no link servers are configured (#26708)

  [ Joshua Goins ]
  * udev: Fix some tablet pads being classified as mouse or joysticks
  * udev: Don't mark as tablet if device has relative coordinates

  [ Josef Miegl ]
  * network: geneve: add InheritInnerProtocol flag

  [ Vít Zikmund ]
  * hwdb: fix swapped buttons for Logitech Lift left

  [ Aidan Dang ]
  * Implement --luks-sector-size for homed
  * Implement --luks-pbkdf-force-iterations for homed
  * Implement SYSTEMD_HOME_MKFS_OPTIONS_* envvars to configure mkfs options for homed LUKS directories
  * Enable TPM by default with SetCredentialEncrypted

  [ Samanta Navarro ]
  * seccomp-util: fix typo in help message
  * man: fix typos
  * bootctl: Fix debug messages

  [ Paul Barker ]
  * man: Fix spelling mistake

  [ HATAYAMA Daisuke ]
  * core, job: fix breakage of ordering dependencies by systemctl reload command
  * verify: fix segmentation fault
  * man: describe "symlink" and "systemctl link" explicitly in UNIT FILE LOAD PATH
  * swap: finish the secondary swap units' jobs if deactivation of the primary swap unit fails
  * shared/logs-show: Remove unused OUTPUT_FOLLOW
  * sulogin: use DEFINE_MAIN_FUNCTION()
  * sulogin: fix control lost of the current terminal when default.target is rescue.target

  [ Joan Bruguera ]
  * resolved: Fix DoT timeout on multiple answer records
  * resolved: Test for DnsStream (plain TCP DNS and DoT)
  * resolved: Make event flags logic robust for DoT
  * resolved: Avoid multiple SSL writes per DoT packet
  * resolved: Read as much as possible per stream EPOLLIN event
  * resolved: Allow test-resolved-stream to run concurrently
  * resolved: Fall back to TCP if UDP is blocked

  [ Raul Tambre ]
  * man: Don't link to a manpage that's within our documentation
  * resolved: Fix link to resolv.conf manpage
  * man/systemd.network: Fix duplicate Xfrm description
  * man/tc: Fix hexadecimals being with an O

  [ Jean-Tiare Le Bigot ]
  * hwdb: Add HP ENVY x360 2-in-1

  [ ml ]
  * man: fix typo in loader.conf(5)
  * man: remove unintentionally repetitive words
  * nspawn: fix directory in logged error
  * man: fix directory for user home bind mounts
  * man: fix typos

  [ Samuel Cabrero ]
  * userdb: Use json_dispatch_user_group_name() to parse GetMembership fields

  [ Geert Lorang ]
  * docs/NETWORK_ONLINE: fix example

  [ Fabian Gurtner ]
  * hwdb: Add HP Envy x360 Convertible 15-cn0xxx to existing entry

  [ Darrell Kavanagh ]
  * Add hwdb sensor entry for Lenovo IdeaPad Duet 3 10IGL5 (82AT).

  [ Simon Brand ]
  * man: correct path for systemd-pcrphase

  [ wouter bolsterlee ]
  * Update docs about fdisk/gdisk support for discoverable partitions
  * docs: tweak rsync flags for moving existing home dir to systemd-homed

  [ Robin Humble ]
  * pid1: fix segv triggered by status query (#26279)

  [ Rudi Heitbaum ]
  * glibc: Remove #include <linux/fs.h> to resolve fsconfig_command/mount_attr conflict with glibc 2.36
  * glibc: Conditionally #include <linux/fs.h> to resolve fsconfig_command/mount_attr conflict with glibc 2.36

  [ Tuetuopay ]
  * network/dhcp4: accept local subnet routes from DHCP

  [ Ilya Leoshkevich ]
  * bpf: fix restrict_fs on s390x

  [ Arsen Arsenović ]
  * importd: Always specify file unpacked by tar

  [ cake03 ]
  * update footer to 2023

  [ Peter Cai ]
  * libfido2-util: Disable pre-flight checks for credentials with UV
  * libfido2-util: Perform pre-flight checks as well when a specific device path is given
  * libfido2-util: Refactor pre-flight failure handling
  * cryptsetup-fido2: Try all FIDO2 key slots when opening LUKS volume
  * cryptsetup-fido2: Relocate to libsystemd-shared
  * cryptsetup-fido2: Remove plain mode parameters from `acquire_fido2_key_auto()`
  * cryptenroll: Implement support for unlocking via FIDO2 tokens
  * docs: Update crypt{enroll,setup} limitations regarding FIDO2
  * NEWS: Add entry about support for multiple FIDO2 tokens

  [ Callum Farmer ]
  * boot: Use objcopy with arm64

  [ DaPigGuy ]
  * hwdb: Prevent activation of airplane mode on HP ENVY x360

  [ 13r0ck ]
  * hwdb: Add touchpad toggle mapping for System76 Pangolin 12

  [ Waltibaba ]
  * hwdb: Add Chuwi Hi10X (N4120 version) iio matrix

  [ edupont ]
  * Fix typo in parameter name

  [ joshuazivkovic ]
  * systemd-analyze: Update man/systemd-analyze.xml with Plot JSON and table
  * systemd-analyze: Add tab complete logic for plot
  * systemd-analyze: Add --json=, --table and -no-legend tests for plot

  [ Joshua Zivkovic ]
  * systemd-analyze: Add table and JSON output implementation to plot

  [ Koba Ko ]
  * hwdb: Add mic mute key mappings for Dell G16 Series

  [ chris ]
  * optionally set socket priority on DHCPv4 raw socket
  * send dhcpv6 release when stopping

  [ Ulrich Ölmann ]
  * network: can: simplify usage of booleans
  * network: can: pretty up debug messages
  * network: can: add support for bus error reporting
  * link-config: amend log message for failed application of settings
  * udev: introduce TxQueueLength= setting
  * shutdown: fix typo
  * man/systemd.netdev: fix typos
  * man/systemd.netdev: adjust documentation of MAC addresses for bridges
  * man: document udevadm lock's exit code
  * man: exec,nspawn: fix typo
  * man: libudev: fix typo
  * man: udev_enumerate_new: fix typo

  [ Alvin Šipraga ]
  * network: add support for MACVLAN source mode
  * network: add an online state for links and manager
  * network: use the overall online state in network_is_online()
  * man: clarify RequiredForOnline= behaviour for online state
  * man: clarify RequiredFamilyForOnline= behaviour for online state
  * network: show online state in networkctl status output
  * networkd-test: support online state in networkctl status output
  * man: describe overall online status in networkctl(1)
  * network: print Ethernet Link-Layer DHCP client ID with leading 0's
  * udev/net: support Match.Firmware= in .link files (#22462)
  * network: wifi: check SSID when AP interfaces go up
  * network: fix race between RTM_NEWLINK and NL82011_CMD_NEW_INTERFACE

  [ Spindle Security ]
  * hwdb: Add mount matrix for Linx 1020

  [ Siddhesh Poyarekar ]
  * Use dummy allocator to make accesses defined as per standard
  * alloc-util: Disallow inlining of expand_to_usable

  [ Dirk Su ]
  * hwdb: Add Dell models that require ACCEL_LOCATION=base

  [ Benjamin Tissoires ]
  * virt: fix container detection

  [ marcel151 ]
  * Added Tablet Teclast X98 Air 3G (C5J6)

  [ Jia Zhang ]
  * measure: fix the failures of compare_reported_pcr_nr()
  * boot: don't convert the trailing newline in mangle_stub_cmdline()
  * efi-api: check the EFI_TCG2_FINAL_EVENTS_TABLE in efi_has_tpm2()

  [ Gio ]
  * Added DERE DBook D10 (#24173)
  * Update 60-sensor.hwdb

  [ Hannoskaj ]
  * Prevents airplane mode toggle for HP Spectre 16

  [ Philipp Jungkamp ]
  * hwdb: change definition of PROXIMITY_NEAR_LEVEL for sensors

  [ Jacek Migacz ]
  * emacs: ignore .dir-locals-2.el (personal customization) versioning
  * resolved: fix single-label resolution over DNS
  * resolve: control system hostname synthesis via environment variable
  * resolve: unsupported DNSSEC algorithms are considered INSECURE; not BOGUS
  * core: give a nicer error message on invalid aliases
  * resolve: fix enumerator name for DNS search domain

  [ noodlejetski ]
  * hwdb: Fn+F5 fix for MSI Bravo 15-B5DX (#25788)

  [ asavah ]
  * man: prevent race condition when generating systemd.directives.xml
  * smack: fix build failure with -Dsmack=false
  * meson: fix math flags check
  * meson: fix cross-compilation of LONG_MAX

  [ berenddeschouwer ]
  * vacuum journal remote (#25076)

  [ mvzlb ]
  * hwdb: Fix mount matrix for CSL Panther Tab HD (#25752)

  [ MVZ Ludwigsburg ]
  * hwdb: Add mount matrix for CSL Panther Tab HD

  [ Jiayi Chen ]
  * doc: add language decorator on the code block

  [ AndyChi ]
  * hwdb: Add additional Dell models that require ACCEL_LOCATION=base (#25724)

  [ Christian Brauner ]
  * build: preserve correct mode when generating files via jinja2
  * core/namespace: allow using ProtectSubset=pid and ProtectHostname=true together
  * core/namespace: s/normalize_mounts()/drop_unused_mounts()
  * NEWS: mention temporary limitations for running containers in systemd-homed directories
  * missing_sched: add CLONE_NEWTIME
  * namespace-util: add namespace_info
  * nsflags: replace namespace_flag_map with general namespace_info introduced earlier
  * namespace-util: add in_same_namespace()
  * nspawn: use in_same_namespace() helper
  * mount-util: use in_same_namespace()
  * shared: use move_pivot_root() for services
  * TODO: consolidate nspawn items
  * TODO: add CLONE_PARENT entry for nspawn
  * TODO: add socket reduction entry for nspawn
  * TODO: add unprivileged nspawn item
  * nspawn: support pivot_root()
  * nspawn: mount temporary visible procfs and sysfs instance
  * nspawn: split mount tunnel setup
  * nspawn: s/notify_socket/fd_socket/g
  * nspawn: remove pid socket
  * nspawn: remove uuid socket
  * nspawn: remove uid socket
  * nspawn: s/fd_socket_pair/fd_outer_socket_pair/g
  * nspawn: s/kmsg_socket_pair/fd_inner_socket_pair/g
  * nspawn: remove rtnl socket
  * nspawn: remove pty socket
  * nspawn: remove cgroup socket

  [ January ]
  * doc: add an example code to lock the whole disk

  [ uerdogan ]
  * Update 60-evdev.hwdb (#25704)

  [ Lycowolf ]
  * Add mount matrix for VisionBook 12Wr Tab

  [ Thomas Haller ]
  * in-addr-util: fix undefined result for in4_addr_netmask_to_prefixlen(<0.0.0.0>)
  * dhcp: fix sd_dhcp_client_set_client_id() for infiniband addresses
  * dhcp: don't enforce hardware address length for sd_dhcp_client_set_client_id()
  * dhcp6: don't enforce DUID content for sd_dhcp6_client_set_duid()
  * build: don't include shared's "serialize.h" in basic's "time-util.c"
  * dhcp/trivial: fix spelling error in comment
  * hashmap: avoid uninitialized variable warning in internal_hashmap_clear()
  * hashmap: always set key output argument of internal_hashmap_first_key_and_value()
  * dhcp: ignore padding of 'chaddr' in DHCP server response
  * netlink: fix netlink type for routing-rule FRA_L3MDEV
  * netlink: fix routing-policy-rule netlink type for FRA_GOTO/FRA_UNUSED2
  * network: don't return allocated buffer of zero length from deserialize_in_addrs()
  * dhcp: handle multiple addresses for "Router" (option 3) in DHCP library
  * dhcp: move filtering of bogus DNS/NTP addresses out of DHCP client
  * network: avoid inet_ntoa() in favor of inet_ntop()
  * netlink: fix routing-policy-rule integer type for FRA_TUN_ID
  * errno-util: return const string from strerror_safe()
  * basic/tmpfile: avoid maybe-uninitialized warning in mkostemp_safe()
  * dhcp6: make string argument to sd_dhcp6_client_set_request_mud_url() const
  * lldp: fix assertion checking argument for sd_lldp_set_neighbors_max()
  * sd-dhcp-client: avoid "maybe-uninitialized" warning in client_timeout_resend()
  * macro: fix ALIGN_TO() to use ULLONG_MAX instead of ULONGLONG_MAX
  * sd-event: workaround maybe-uninitalized warning in sd_event_add_inotify()
  * sd-dhcp6-client: fix sending prefix delegation request during rebind
  * fundamental: adjust #if conditional for _fallthrough_ for clang
  * fundamental: add CAST_ALIGN_PTR() macro
  * all: avoid various "-Wcast-align=strict" warnings

  [ Space Meyer ]
  * journald: prevent segfault on empty attr/current

  [ Jian Zhang ]
  * network: Fix set bond device MAC address failed
  * test-network: add test for bond mac address config

  [ Eric DeVolder ]
  * pstore: Tool to archive contents of pstore
  * pstore: introduce tmpfiles.d/systemd-pstore.conf
  * pstore: fixes for dmesg.txt reconstruction

  [ rogg ]
  * hwdb: add Dell Inspiron N4010 touchpad corrections

  [ Neil Moore ]
  * virt: Support detection of LMHS SRE guests

  [ Phaedrus Leeds ]
  * man: Fix typo in systemd-tmpfiles
  * docs: Fix typos in PORTABLE_SERVICES.md
  * NEWS: Fix some minor mistakes
  * nspawn: Use "Ctrl-" rather than "^" in info msg

  [ Ray Strode ]
  * terminal-util: Set OPOST when setting ONLCR

  [ Michał Kotyla ]
  * hwdb: add Clevo touchpad toggle key quirks

  [ Tonći Galić ]
  * hwdb: Add support for Elgato Stream Pedal (#25550)

  [ Mark Laws ]
  * systemd: Support OOMPolicy in scope units
  * systemd: Default to OOMPolicy=continue for login session scopes

  [ Bernd Steinhauser ]
  * hwdb: remove fuzz and deadzone for Simucube wheel bases.

  [ Jason A. Donenfeld ]
  * random-seed: hash together old seed and new seed before writing out file
  * random-seed: cleanup code nits
  * random-util: unify RANDOM_ALLOW_INSECURE and !RANDOM_BLOCK and simplify
  * random-util: remove RDRAND usage
  * random-util: use correct minimum pool size constant
  * Simplify random number selection
  * boot: implement kernel EFI RNG seed protocol with proper hashing
  * random-seed: refresh EFI boot seed when writing a new seed
  * random-seed: handle post-merge review nits
  * boot: do not truncate random seed file
  * boot: only use __builtin_object_size with -O>0
  * Update NEWS and TODO with sd-boot random seed developments
  * bootctl: install system token on virtualized systems
  * boot: remove random-seed-mode
  * stub: handle random seed like sd-boot does
  * Update changelog with latest sd-boot, sd-stub, and bootctl changes

  [ Anita Zhang ]
  * core: add ':' prefix to ExecXYZ= skip env var substitution
  * core: consider non-SERVICE_EXEC_START commands for EXIT_CLEAN_COMMAND
  * seccomp: check more error codes from seccomp_load()
  * core: support DisableControllers= for transient units
  * core: add ExecStartXYZEx= with dbus support for executable prefixes
  * nspawn: don't hard fail when setting capabilities
  * bpf-firewall: optimization for IPAddressXYZ="any" (and unprivileged users)
  * core: ExecCondition= for services
  * NEWS: bullet point for ExecCondition=
  * catalog: reference ExecCondition= in unit skipped str
  * docs: typo in arg name replace-irreversible -> replace-irreversibly
  * [systemctl] Don't print ExecXYZEx= when doing 'systemctl status'
  * core: TAKE_PTR in timer_add_one_calendar_spec
  * core: add ExecXYZEx= bus hook ups to all exec command properties
  * Merge pull request #13651 from cdown/find_binary_2
  * Merge pull request #13687 from cdown/cgroupv2_docs
  * core: disallow using '-.service' as a service name
  * basic/set: const-ify set_first()
  * shared/dropin: support -.service.d/ top level drop-in for service units
  * Merge pull request #13726 from bluca/portable_detach_symlink
  * Merge pull request #13786 from keszybz/systemctl-start-glob-warning
  * Merge pull request #13754 from claudiozz/master
  * Merge pull request #13795 from ddstreet/test-41
  * Merge pull request #13811 from keszybz/logind-signal-emitting-fix
  * Merge pull request #13846 from keszybz/sleep-config-fixups
  * meson: expand ternary in functions to if statements
  * Merge pull request #13676 from ClydeByrdIII/service-result-patch
  * Merge pull request #13884 from poettering/event-fd-close-fix
  * Merge pull request #13892 from keur/mkosi_arch
  * Merge pull request #13891 from yuwata/basic-drop-missing
  * Merge pull request #13895 from jsynacek/master
  * Merge pull request #13935 from poettering/bootctl-random-seed-mkdir
  * Merge pull request #13944 from yuwata/network-split-struct-prefix
  * Merge pull request #13936 from keszybz/format-table-uninhibited
  * man: small grammatical/word choice fixes to crypttab man page
  * man: save pull-raw example file without underscores
  * Merge pull request #13960 from keszybz/meson-loop-fix
  * core: change top-level drop-in from -.service.d to service.d
  * include missing_fcntl.h where needed
  * Merge pull request #13996 from poettering/utc-fix
  * Merge pull request #13997 from khfeng/hwdb-dell-vostro5581-ish
  * Merge pull request #14001 from keszybz/test-unit-name-more
  * id128: fix initializer element is not constant
  * Merge pull request #14112 from keszybz/restart-no-log
  * Merge pull request #14151 from mk-fg/fix-timer-dump-syntax-bug
  * Merge pull request #14219 from poettering/homed-preparatory-loop
  * Merge pull request #14173 from ssahani/tc-sfq
  * Merge pull request #14258 from TimoWilken/patch-1
  * Merge pull request #14265 from keszybz/seccomp-log-line-fix
  * Merge pull request #14284 from yuwata/network-fix-segfault-14283
  * Merge pull request #14317 from poettering/hwdb-indent-fix
  * Merge pull request #14307 from poettering/unicode-fuckup
  * man: document INVOCATION_ID and USER_INVOCATION_ID journal fields
  * Merge pull request #14351 from yuwata/util-constify-strv-xxx
  * [import] fix stdin/stdout pipe behavior in import/export tar/raw
  * core: PrivateUsers=true for (unprivileged) user managers
  * core: create inaccessible nodes for users when making runtime dirs
  * test: add test case for PrivateDevices=y and Group=daemon
  * [man] fix URL
  * [man] note which UID ranges will get user journals
  * Merge pull request #14382 from topimiettinen/fix-analyze-security-rootimage
  * core,journal: export user units' InvocationID and use as _SYSTEMD_INVOCATION_ID
  * Merge pull request #14472 from poettering/test-43-fixes
  * Merge pull request #14527 from poettering/socket-state-fix
  * Merge pull request #14534 from poettering/cgroup-sibling-fix
  * initctl: (void)ify epoll_ctl()
  * Merge pull request #14614 from poettering/import-fixlets
  * Merge pull request #14618 from poettering/growfs-rootfs
  * Merge pull request #14696 from poettering/dissect-tweaks
  * Merge pull request #14712 from wlhlm/root-storage-daemons-docs-fix
  * Merge pull request #14721 from yuwata/home-tiny-fixes
  * Merge pull request #14747 from yuwata/core-dynamic-user-14733
  * core: sync SeccompParseFlags between dbus-execute and load-fragment
  * Merge pull request #14910 from whot/wip/install-input-id-hwdb
  * Merge pull request #14944 from yuwata/userdb-fix-iterator
  * Merge pull request #14950 from keszybz/kernel-install-script-boot_image
  * Merge pull request #14960 from yuwata/udevadm-info-export-db-error-message
  * Merge pull request #14965 from keszybz/journal-rotation-hint
  * Merge pull request #14964 from yuwata/conf-parser-fix-line-number
  * man: update list of supported controllers
  * core: transition to FINAL_SIGTERM state after ExecStopPost=
  * Merge pull request #15081 from mrc0mmand/systemctl-hide-glyph-column
  * Merge pull request #15097 from keszybz/job-logging-and-news-update
  * Merge pull request #15139 from DaanDeMeyer/sd-bus-remove-unused-cite
  * Merge pull request #15138 from ssahani/networkctl-vlan
  * cgroup-util: helper to cg_get_attribute and convert to uint64_t
  * cgroup-util: cg_get_xattr_malloc helper
  * Merge pull request #15191 from GiedriusS/feature/list-unit-files-return-1
  * Merge pull request #15236 from ssahani/br-follow-up
  * Merge pull request #15186 from DaanDeMeyer/clangd-fix-wstring-plus-int
  * Merge pull request #15297 from poettering/homed-no-fallocate
  * Merge pull request #15290 from keszybz/unrelated-fixes
  * Merge pull request #15321 from topimiettinen/dbus-execute-add-protect-clock
  * Merge pull request #15358 from poettering/preset-clean-up
  * Merge pull request #15361 from mrc0mmand/yet-another-TEST-47-tweak
  * Merge pull request #15379 from poettering/homed-man-ref-add
  * Merge pull request #15414 from mrc0mmand/coredumpctl-file
  * Merge pull request #15647 from benzea/benzea/graphical-use-app-prefix
  * Merge pull request #15636 from poettering/sensitivity-training
  * Merge pull request #15864 from poettering/pam-sudo-fixes-part3
  * Merge pull request #15854 from poettering/call-method-ret-error
  * Merge pull request #15557 from poettering/journal-zero-fix
  * core: don't consider SERVICE_SKIP_CONDITION for abnormal or failure restarts
  * core: check null_or_empty for masked units instead of /dev/null
  * man: fix some manvolnum
  * analyze: CAP_RAWIO -> CAP_SYS_RAWIO
  * Merge pull request #16650 from keszybz/two-doc-updates
  * Merge pull request #16690 from poettering/userdb-group-desc
  * Merge pull request #16780 from alyssais/grammar
  * meson: add min version for libfdisk
  * Merge pull request #16793 from poettering/path-join-more
  * Merge pull request #16792 from poettering/machine-id-chroot
  * Merge pull request #16917 from poettering/contrib-rfe
  * Merge pull request #16885 from keszybz/rework-cache-timestamps
  * Merge pull request #17080 from poettering/repart-umask-fix
  * Merge pull request #17082 from poettering/nspawn-ctty-tweaks
  * meson: remove multi-line statement with trailing '\'
  * Merge pull request #17146 from poettering/use-more-proc-mounted
  * Merge pull request #17142 from poettering/catalog-fix-de
  * core: move reset_arguments() to the end of main's finish
  * Merge pull request #17186 from poettering/tmpfiles-cleanup-man-fix
  * core: add ManagedOOM*= properties to configure systemd-oomd on the unit
  * varlink: add server write states to disconnect check
  * core: add varlink call to get cgroup paths of units using ManagedOOM*=
  * parse-util: add parse_loadavg_fixed_point
  * shared: helpers to read pressure stats from cgroups
  * systemd-oomd: unit testable helper functions
  * cgroup-util: add cg_get_attribute_as_bool() helper
  * systemd-oomd: manager/daemon
  * core: systemd-oomd pid1 integration
  * systemd-oomd: dbus hook ups and oomctl CLI
  * systemd-oomd: service files
  * core: add systemd-oomd implicit dependencies
  * man: document systemd-oomd and related items
  * meson: disable systemd-oomd by default
  * oomd: fix unit test when xattrs not supported
  * core: varlink tweaks
  * core: reindent and align table in load-fragment-gperf.gperf.m4
  * NEWS: fix typo
  * core: move where we send unit change updates to oomd
  * oomd: simplify if/else error check
  * units: drop ConditionCapability from systemd-oomd.service
  * oomd: use ERRNO_IS_NOT_SUPPORTED and ERRNO_IS_PRIVILEGE
  * test: add basic memory pressure extended test for oomd
  * oomd: make start up swap check more robust
  * test: make TEST-56-OOMD service unit files static
  * docs: update coding style for `return (void) func(...)`
  * core: clean up inactive/failed {service|scope}'s cgroups when the last process exits
  * man: add <option> around default booleans in systemd.timer
  * test-oomd-util: remove memory_pressure == 0 checks
  * test: fix TEST-56-OOMD thresholds for linux 5.9 changes
  * systemctl-edit: fix abort in find_paths_to_edit()
  * systemctl-edit: Add missing ret_dropin_paths argument in retry path
  * core: update setings on the unit and job as the result of ExecCondition=
  * oom: make memory pressure duration configurable through oomd.conf
  * oom: make swap a soft requirement
  * oom: fix reclaim activity detection
  * oom: update extended test to remove swap gating
  * tools: make update-dbus-docs compatible with Python 3.6
  * parse-util: add permyriad parsing
  * oom: rework *MemoryPressureLimit= properties to have 1/10000 precision
  * oom: shorten xattr name
  * oom: wrap reply.path with empty_to_root
  * oom: sort by pgscan and memory usage
  * oom: skip over cgroups with no memory usage
  * cgroup-util: add ManagedOOMPreference enum to use between pid1 and oomd
  * oom: implement avoid/omit xattr support
  * oom: add unit file settings for oomd avoid/omit xattrs
  * man: document ManagedOOMPreference=
  * units: add Conditions for systemd-oomd.service
  * README: add config_psi as requirement for systemd-oomd
  * json: rename json_dispatch_{integer,unsigned} -> json_dispatch_{intmax,uintmax}
  * run: update dbus unique names check
  * shutdown: set always_reopen_console
  * shutdown: log on container exit
  * Merge pull request #18910 from yuwata/socket-util-initialize-variable
  * oomd: add unit test to repro #18926
  * oomd: move TAKE_PTR to end of oomd_insert_cgroup_context()
  * oomd: wrap paths in oomd_insert_cgroup_context with empty_to_root
  * oomd: new helper oomd_update_cgroup_contexts_between_hashmaps
  * oomd: update memory pressure candidates every interval
  * oomd: sort by pgscan rate not pgscan
  * oomctl: show last_pgscan
  * oomd: clean up error handling
  * process-util: dont allocate max length to read /proc/PID/cmdline
  * oomd: make it more clear when a kill happens
  * meson: link with libm for math functions
  * oomd: split swap and mem pressure event timers
  * oomd: refactor pgscan_rate calculation into helper
  * oomd: rework memory reclaim detection logic
  * oomd: rename last_hit_mem_pressure_limit -> mem_pressure_limit_hit_start
  * oomd: delete unused variables
  * oomd: force DefaultMemoryPressureDurationSec= to be greater than or equal 1 sec
  * test-oomd-util: fix running in mkosi
  * oomd: don't get pressure candidates on every interval
  * oomd: threshold swap kill candidates to usages of more than 5%
  * test-firewall-util: skip if iptables nat table does not exist
  * units: install dbus-org.freedesktop.oom1.service alias
  * man: correct requirements for systemd-oomd.service
  * run: update checks to allow running with a user's bus
  * man: only the system manager does not pass vars in ManagerEnvironment=
  * man: document default rlimits
  * test: add extended test for triggering mount rate limit
  * man: add note about operation without swap in systemd-oomd
  * oomd: switch system context parsing to use /proc/meminfo
  * oomd: get memory total and free as part of system context
  * oomd: check mem free and swap free before doing a swap-based kill
  * oomd: review follow ups to #20020
  * oomd: don't collect candidate stats on every interval
  * test: tweak parameters for TEST-55-OOMD
  * fileio: start with 4k buffer for procfs
  * link: connect 5 more properties to ethtool features
  * basic/unit-file: don't filter out names starting with dot
  * Merge pull request #20892 from yuwata/test-network-preferred-lifetime-zero
  * core: serialize device cgroup bpf progs across daemon-reload/reexec
  * core: replace slice dependencies as they get added
  * test: make test-55-oomd less flaky
  * test: adjust MemoryHigh= on oomd extended test units
  * oomd: fix race with path unavailability when killing cgroups
  * oomd: handle situations when no cgroups are killed
  * tree-wide: don't use strjoina() on getenv() values
  * Merge pull request #22289 from yuwata/network-hashmap-remove-value
  * Merge pull request #22373 from DaanDeMeyer/journald-file-rename
  * Merge pull request #22394 from bluca/requires_restart_doc
  * Merge pull request #22400 from poettering/resolved-single-invalid-list
  * Merge pull request #22355 from yuwata/network-tunnel-external
  * Merge pull request #22395 from benzea/benzea/oomd-dump-offenders
  * Merge pull request #22467 from mrc0mmand/TEST-64-lvm-static-autoactivation
  * Merge pull request #22768 from poettering/cgls-delegate-xattr
  * man: fix sysupdate typos
  * Merge pull request #22965 from enr0n/oomd-used-memory-calc
  * test-seccomp: check for CAP_IPC_OWNER before calling shmat()
  * Merge pull request #24271 from yuwata/oom-log-message-m
  * varlink: set address field in VarlinkServerSocket
  * varlink: refactor adding socket event source to the event loop
  * core: refactor manager varlink init
  * core: serialize/deserialize varlink sockets for pid1
  * core: only allow systemd-oomd to use SubscribeManagedOOMCGroups
  * man: update docs for MemoryZSwapMax=

  [ Benjamin Fogle ]
  * resolved: Fix OpenSSL error messages

  [ BerndAdameit ]
  * man/systemd-run: Refer to man-pages project (man7.org) when citing bash(1)
  * man/sd_bus_default: Refer to man-pages project (man7.org) for ssh(1)

  [ Richard E. van der Luit ]
  * po: Translated using Weblate (Dutch)

  [ lichao ]
  * remove obsolete translate in zh_CN.po

  [ reuben olinsky ]
  * sysupdate: Support volatile-root for finding the root partition

  [ Li kunyu ]
  * src: The return value of server_vacuum () is not used and could be modified to void type
  * tree-wide: Remove the repeated ';' from code (#23901)
  * repart: Remove the repeated ';' from code (#25386)
  * fuzz: fuzz-compress: fix copy-and-paste error: buf -> buf2 (#25431)
  * boot/measure: fix oom check

  [ Marcus Schäfer ]
  * Fix reading /etc/machine-id in kernel-install (#25388)
  * Handle MACHINE_ID=uninitialized

  [ angus-p ]
  * Update hostnamectl.xml

  [ Pasha Vorobyev ]
  * MemoryZSwapMax directive to configure new memory.zswap.max cgroup file

  [ MkfsSion ]
  * cryptenroll,homectl: Introduce --fido2-credential-algorithm option
  * libfido2-util: Commonize FIDO2 basic property settings
  * libfido2-util: Extract error handling logic from fido2_use_hmac_hash_specific_token
  * libfido2-util: Perform pre-flight check for credentials in token

  [ blutch112 ]
  * po: Translated using Weblate (French)

  [ Torsten Hilbrich ]
  * hwdb: Add trackpoint rules for Lenovo Thinkpad 70, 80, 90
  * nspawn: Allow Capability= to overrule private network setting
  * systemd-nspawn: Allow setting ambient capability set
  * test: compile test-utmp.c only if UTMP is enabled

  [ Luca BRUNO ]
  * man/systemd-service: clarify env variable expansion
  * man/localtime: document default timezone
  * man/dnssec-trust-anchors: fix an XML syntax typo
  * docs: move /var/log/README to a tmpfiles.d symlink
  * factory: populate /etc/locale.conf with systemd build-time setting
  * factory/locale.conf: mention systemd ownership
  * sysusers: only check whether the requested GID is available
  * sysusers: properly process user entries with an explicit GID
  * docs: add a note about selectively overriding default dependencies
  * test-string-util: remove several strdupa() calls
  * sysusers: cross-check user and group names too
  * test-sysusers: check group creation with matching user entry

  [ Samuel Thibault ]
  * shutdown: Add Xen kexec support

  [ Jörg Thalheim ]
  * tools/choose-default-locale.sh: set shebang to /bin/sh
  * wireguard: fix exponential backoff when resolving hosts
  * treewide: more portable bash shebangs
  * systemd-resolved: use hostname for certificate validation in DoT
  * meson: add option to skip installing to $sysconfdir
  * networkd/dhcp6: allow layer3 devices without MAC
  * fix bash shebangs
  * also provide credentials in ExecStartPre
  * update credentials when reloading a service

  [ Jochen Sprickerhof ]
  * Remove duplicated word
  * Let dh_installsysusers fix the /var/log/journal permissions
  * Move restarting units after #DEBHELPER#

  [ Youfu Zhang ]
  * fsckd: avoid useless CR displayed on console
  * resolved: fix typo in feature level table

  [ p-fpv ]
  * hwdb: Add Lenovo G580

  [ Marek Vasut ]
  * udev: Handle AMBA bus the same way as generic platform bus

  [ Erik Moqvist ]
  * sd-bus: convenience functions to emit a signal to a destination (#25123)

  [ Charles Hardin ]
  * udev-builtin-net_id: support getting usb path off the host

  [ Release o'Lantern ]
  * Finalise 👻 SpOoOky 👻 NEWS for v252

  [ Gogo Gogsi ]
  * Translated using Weblate (Croatian)
  * po: Translated using Weblate (Croatian)
  * po: Translated using Weblate (Croatian)

  [ Olga Smirnova ]
  * po: Translated using Weblate (Russian)

  [ xiaoyang ]
  * Revert "core: drop non-default value for DefaultLimitMEMLOCK=" (#25058)

  [ Jonathan Kang ]
  * hwdb: Add support for Elgato Stream Deck XL (gen 2)

  [ Leon M. George ]
  * man: document effect of --user on --unit with journalctl

  [ Ted X. Toth ]
  * manager: use target process context to set socket context

  [ Jan Kiszka ]
  * Install native python packages
  * Enable systemd-boot for riscv64

  [ Pyfisch ]
  * Document two systemd-repart options in man page
  * Update list of partition type identifiers

  [ Lubomir Rintel ]
  * hwdb: label the trackpoint on IBM UltraNav keyboard as a pointing stick (#11934)
  * hwdb: Make the OLPC XO rules also match XO-1.75
  * hwdb: No LEDs on the OLPC XO keyboard
  * hwdb: Fix the OLPC XO rotate key
  * hwdb: Fix the key codes of the OLPC XO button pad
  * udevd: fix a reversed conditional on global property set
  * sd-device: don't accept /sys as a device path
  * cryptsetup-generator: fix luks-* entry parsing from crypttab
  * hwdb: 60-keyboard: Support the buttons on CZC P10T tablet
  * udev/rules: add by-path and by-ibdev links to infiniband verbs

  [ anarcat ]
  * man/shutdown: document how to switch to single-user mode

  [ Arnaud Ferraris ]
  * login: allow non-console sessions to change vt
  * basic: nulstr-util: add nulstr_get() returning the matching string
  * hostnamed: add support for getting the chassis type from device-tree
  * repart: always honour `--discard=no`

  [ Aleksey Vasenev ]
  * ata_id: Fixed getting Response Code from SCSI Sense Data (#24921)

  [ Marius Vollmer ]
  * bus: Process authentication after write

  [ Clyde Byrd III ]
  * core/dbus-job: Use new way of specifying sd-bus vtable parameter names
  * gitignore: ignore mkosi.installdir
  * man: Update systemd.killMode docs

  [ Jonas Kümmerlin ]
  * generator: skip fsck if fsck command is missing

  [ JeroenHD ]
  * Add special keyboard combos for Thinkpad P1 Gen 3 (#24862)

  [ Sarah Brofeldt ]
  * docs/NETWORK_ONLINE: systemd.network hyperlink fix

  [ Albert Mikaelyan ]
  * Add Asus G14 GA402 to hwdb

  [ Avamander ]
  * Updated Lenovo ThinkPad T440p/T440 touchpad fuzz (#24779)

  [ Daniel Braunwarth ]
  * pid1: extend "ConditionFirmware=" for checking SMBIOS system identification information
  * condition: fix device-tree firmware path
  * test: extend ConditionFirmware tests
  * journalctl: respect --quiet flag during file concistency verification
  * logs-show: move timestamp reading into show_journal_entry()
  * shared/logs-show: add new --output= format "short-delta"

  [ Joost Heitbrink ]
  * Fix omission in docs
  * man: don't mention Socket files in Scope man page
  * systemd-run: refuse --working-directory option with --scope

  [ j00512545 ]
  * fix typo in log

  [ Ansgar Burchardt ]
  * man: tmpfiles.d: "b", "c" options require major and minor numbers
  * man: tmpfiles.d: only list "v" once
  * NEWS: correct indenting for two entries
  * NEWS: fix typo: speicify → specify
  * NEWS: fix typo: as → at
  * man/system-or-user-ns.xml: explicitly refer to `PrivateUsers=` option
  * base-filesystem.c: add trailing zero byte for s390x entry

  [ Suraj Krishnan ]
  * Implement DNS notifications from resolved via varlink

  [ Guillaume W. Bres ]
  * basic/missing_loop.h: fix missing lo_flags LO_FLAGS_DIRECT_IO

  [ Sebastian Scheibner ]
  * busctl: Fix warning about invaild introspection data
  * busctl: Add introspect support for methods with same name but different signature

  [ Maccraft123 ]
  * hwdb: Add accel orientation quirk for the Aya Neo Next
  * hwdb: Add accel orientation quirk for the Aya Neo Air

  [ Jade Bilkey ]
  * man: fix static bridge example

  [ Johannes Schauer Marin Rodrigues ]
  * use systemd-sysusers instead of adduser
  * debian/systemd.postinst: add --root argument to systemctl and systemd-* calls for DPKG_ROOT support
  * sysusers: make sp_lstchg shadow field reproducible

  [ Swapnil Devesh ]
  * hwdb: Add Dell Professional Sound Bar AE515
  * hwdb: fix Dell Professional Sound Bar AE515 scancode (#24497)

  [ LockBlock-dev ]
  * hwdb: Force release calculator key on all HP Victus laptops

  [ Wenchao Hao ]
  * scsi_id: retry inquiry ioctl if host_byte is DID_TRANSPORT_DISRUPTED

  [ adrian5 ]
  * man: fix typo
  * docs: Improve HOME_DIRECTORY.md
  * man: Add some punctuation; remove double spaces.
  * man: Minor punctuation and word tweak

  [ Uriel Corfa ]
  * docs: fix incorrect env var name for credentials directory

  [ Devendra Tewari ]
  * systemd-growfs: remove dependency on udev symlinks
  * systemd-growfs: use sd_device_new_from_devnum()

  [ Sonali Srivastava ]
  * timesync: update to use new-style sd-bus macros
  * timedate: update to use new-style sd-bus macros
  * hostnamed: display firmware version
  * hostnamed: update to use new style sd-bus macros
  * terminal-util: get_color_mode checks COLORTERM
  * sleep: use current charge level to decide suspension
  * sleep: store battery discharge rate/hour with hash
  * docs: mkosi-13 or newer required
  * sleep: support multiple battery instead of only BAT0
  * sleep: support acpi_btp and suspend system if enabled, skipping custom timer
  * sleep: freeze and thaw user.slice to save resource while suspend
  * sleep: doc update for multiple battery, acpi_btp support and freeze/thaw user.slice

  [ Andrew Stone ]
  * core/automount: Add ExtraOptions field
  * test: Move testsuite-03 units to .units directory
  * job: Don't discard propagated restart jobs when unit is activating

  [ Zhaofeng Li ]
  * virt: Support detection of Apple Virtualization.framework guests

  [ David Jaša ]
  * check-os-release.py compatible with Python < 3.8

  [ eggfly ]
  * fix typos

  [ jiangchuangang ]
  * logind:add missing equal sign
  * fix ConditionDirectoryNotEmpty when it comes to a Non-directory file
  * fix ConditionPathIsReadWrite when path does not exist.
  * take jointly mounted controllers into account when migrate cgroups, otherwise "CGroupMask done" seems to be redundant.
  * fix typo

  [ Tomáš Hnyk ]
  * Add support for Fn+PrtSc on Thinkpads

  [ Aryan singh ]
  * hwdb: Add Avita Liber NS13A2 (#24376)

  [ Alper Nebi Yasak ]
  * hwdb: Apply existing accel orientation quirk to all Chromebooks
  * udev: hwdb: Match iio sensors based on their label
  * hwdb: Add Chromebook accel orientation quirks based on sysfs label
  * udev: hwdb: Add rules to match cros-ec-accel by 'location' sysfs file

  [ Avram Lubkin ]
  * sysusers: add fsync for passwd (#24324)

  [ Sean Anderson ]
  * udev: net_id: Use devicetree aliases when available
  * Fix typo in net-naming-scheme man page

  [ bin456789 ]
  * firstboot: fix can't overwrite timezone

  [ williamsumendap ]
  * network: replace usage of sd_bus_call_method_async() to bus_call_method_async() (#24290)

  [ wineway ]
  * core/cgroup: CPUWeight/CPUShares support idle input

  [ Jan B ]
  * cryptenroll: adding the option to use a keyfile to unlock the device
  * docs: adding "--unlock-key-file" to systemd-cryptenroll
  * tests: systemd-cryptenroll: unlock volume with keyfile

  [ exploide ]
  * resolvctl: only remove protocol after last dot when mangling ifname for resolvconf

  [ Oleg Solovyov ]
  * oomd: notify via dbus what have been killed

  [ gtwang01 ]
  * tree-wide: use bus locator (#24252)
  * core/scope: Add oom-kill status for scope units (#24269)

  [ Balázs Meskó ]
  * po: Translated using Weblate (Hungarian)

  [ josh-gordon-fb ]
  * core/cgroup: use bus locator (#24251)

  [ Chih-Hsuan Yen ]
  * cryptsetup: support keyfile-timeout for using a device as the key file

  [ João Loureiro ]
  * Fix issue with system time set back (#24131)

  [ undef ]
  * growfs: don't actually resize on dry-run
  * growfs: Expand FS even if underlying block expansion fails
  * shared/generator: Ensure growfs unit runs after repart

  [ Jonas Witschel ]
  * scope: count successful cgroup additions when delegating via D-Bus
  * test: add regression test for systemd-run --scope [--user]
  * cryptsetup: refactor asking for a PIN into a more generic function
  * cryptsetup: implement cryptsetup_token_open_pin for systemd-tpm2 LUKS2 token
  * cryptsetup-token-systemd-fido2: use crypt_normalize_pin
  * cryptsetup: ask for PIN when trying to activate using a LUKS2 token plugin
  * cryptsetup: test unlocking using a TPM2 LUKS2 token plugin with a PIN

  [ Loïc Collignon ]
  * Fix 24172: __STDC_VERSION__ may be defined in C++

  [ Vincent Dagonneau ]
  *  This patch adds support for enrolling secure boot boot keys from sd-boot.

  [ Einsler Lee ]
  * change fs/file-max to LONG_MAX instead of ULONG_MAX
  * man: make it clear how systemd calculate the DefaultTasksMax.
  * remove the default value of CPUAffinity
  * main: reopen /dev/console for user service manager
  * "auto" is the default LogTarget of user service manager

  [ Joaquín Ignacio Aramendía ]
  * Add ACCEL_MOUNT_MATRIX for OXP Mini

  [ Fei Li ]
  * virt: detect KubeVirt instance

  [ Janis Goldschmidt ]
  * Use correct option name in error message

  [ Alexander Wilson ]
  * coredumpctl: Use BusLocator functions
  * copy.[ch]: Refactor
  * copy: Respect COPY_REPLACE flag for copy_tree
  * machinectl: Add plumbing for a `--force` flag for file copy

  [ codefiles ]
  * man: Fix typo

  [ Andrey Albershteyn ]
  * udev: enable BLKID_SUBLKS_FSINFO tags

  [ Richard Huang ]
  * Update sleep.conf HibernateDelaySec default to match implementation

  [ Mitchell Freiderich ]
  * hwdb: Add Acer Aspire A317-33 (#24050)

  [ lastkrick ]
  * man: fix typo in systemd.network documentation in IPv6RoutePrefix section (#24030)

  [ matoro ]
  * process-util: replace __sync intrinsics to __atomic
  * fundamental: replace __sync with __atomic in ONCE macro
  * basic: replace __sync intrinsics with __atomic
  * journal: replace __sync intrinsics with __atomic
  * README: gcc now has a minimum requirement of 4.7

  [ Andre Kalb ]
  * network: Add support to select an IPv4 link-local start address
  * sd-ipv4ll/networkd: Try to select an IPv4 link-local start address
  * man/network: ServerAddress= drop "literal" from IP address ranges

  [ Michal Stanke ]
  * Fix automatic screen rotation for Asus Transformer T100TAM

  [ Frank Dana ]
  * resolvectl man page: Word correction

  [ Akihiko Odaki ]
  * hwdb: Add Lenovo ThinkPad C13 Yoga

  [ Alban Bedel ]
  * units: remove the restart limit on the modprobe@.service

  [ Pavel Zhukov ]
  * Add sys/file.h for LOCK_

  [ Marc Kleine-Budde ]
  * udev: spi: include chip select number in ID_PATH
  * Update DISCOVERABLE_PARTITIONS.md
  * networkctl: fix output of "status": replace "Queue Length" by "Number of Queues"

  [ Philipp Gortan ]
  * add program name to log line

  [ Foster Snowhill ]
  * cryptenroll: fix typo in manpage

  [ Shreenidhi Shedi ]
  * polkit: explicitly ignore fd_wait_for_event()'s return value
  * machinectl: ignore return value of get_process_comm()
  * manager: ignore return value of unit_watch_pid()
  * execute: fix resource leak
  * boot: use efi_memcpy inplace of memcpy
  * network: l2tp: initialize a to NULL
  * homework: initialize we_detached
  * sd-journal: check retval of sd_id128_from_string call

  [ Alexander Graf ]
  * pstore: Run after modules are loaded

  [ Elias Probst ]
  * NEWS: fix typo (`systemd-userdb` > `systemd-userdbd`)
  * Typo (`swich-root` → `switch-root`)
  * Use consistent formatting for `PID 1` across `docs/`
  * systemctl: add `edit` verb to arguments' help text

  [ i-do-cpp ]
  * fix: sd_id128_get_invocation now works for user services

  [ Jeremy Soller ]
  * Add System76 touchpad toggle support
  * hwdb: Add HP Dev One

  [ Tomasz Paweł Gajc ]
  * rpm: use rpm.execute() instead of fork() and execp() for trigger scriplets
  * rpm: adjust lua trigger for udevadm

  [ Javkhlanbayar Khongorzul ]
  * man: Fix minor typo

  [ Pablo Ceballos ]
  * hwdb: Add Google Hangouts Meet speakermic
  * hwdb: Add Google Meet speakermic

  [ Eduard Tolosa ]
  * Update footer.html
  * Add ConditionCPUFeature to load-fragment-gperf.gperf (#23076)
  * loader.conf: Clarify the default value of timeout.

  [ Tomasz Pala ]
  * udev: fixed config_parse_ifalias() logic not to skip setting IFLA_IFALIAS

  [ Nikolai Kostrigin ]
  * hwdb: fix accelerometer mount matrix for Aquarius NS483

  [ Martin ]
  *  hwdb: Add accel orientation for the I15-TG

  [ Nikolai Grigoriev ]
  * hwdb: add touchpad parameters for Lenovo T15g Gen1 (#23373)

  [ Stefan Seering ]
  * fix typo

  [ Kazuo Moriwaka ]
  * add missing cleanup-age to quickref
  * man: mention to Age parameter in C Type

  [ Yutsuten ]
  * Add HUION Inspiroy H420X to hwdb

  [ lucagoc ]
  * hwdb: add rammus accelerometer support

  [ Alex Henrie ]
  * network: clarify the relationship between RA flags and DHCPv6 modes
  * network: clarify the relationship between DHCP= and WithoutRA=

  [ Jakob Lell ]
  * Amend documentation for LimitNPROC=

  [ Andreas Rammhold ]
  * man: fix typo in systemd.netdev Xfrm example
  * sd-netlink: remove unused RTNL_WQUEUE_MAX define
  * in-addr-util: introduce in_addr_prefix_nth
  * in-addr-util: removed in_addr_prefix_next implementation
  * networkd: Add support for setting a preferred subnet id for IPv6 PD leases
  * editorconfig: add man configuration
  * core: respect install_sysconfdir_samples in meson file
  * login: respect install_sysconfdir_samples in meson file
  * editorconfig: enforce maximum line length in .c and .h files
  * editorconfig: set maximum line length to 109 for man/*.xml files
  * core: handle lookup paths being symlinks

  [ Matthijs van Duin ]
  * sd-bus: fix missing initializer in SD_BUS_VTABLE_END (#20253)
  * Fix placement of TTL TLV in LLDP transmit

  [ Jonathan Lebon ]
  * units: update catalog after systemd-tmpfiles runs
  * fstab-generator: use DefaultDependencies=no for /sysroot mounts
  * cryptsetup-generator: use "/proc/cmdline" as source when appropriate
  * cryptsetup-generator: avoid magic value in ternary
  * units: add initrd-cryptsetup.target
  * units: unconditionally pull in remote-cryptsetup.target in the initramfs
  * manager: optionally, do a full preset on first boot

  [ rodin-ia ]
  * Adding a description of the keyboard shortcut Fn+F12 for the HP EliteBook 845 G7 device. (#23253)

  [ Alice S ]
  * Fix orientation detection for HP Pavilion X2 10-k010nr

  [ techtino ]
  * Fix orientation detection for Asus Transformer T100TAF, copied T100TA rule

  [ wangyuhang ]
  * test: use cp  for journal copying when systemd-journal-remote non-existent

  [ Lance ]
  * hwdb: Fix rotation for Nuvision Solo 10 Draw (#11686)
  * hwdb: Fix rotation for HP Pro Tablet 408 G1

  [ Benjamin Berg ]
  * hwdb: Fix airplane mode triggering when resuming HP Spectre x360 13
  * hwdb: Fix micmute on ASUS FX503VD
  * core: Move environment generator path lookup into path-lookup.c
  * path-lookup: Split out helper to get paths from environment
  * path-lookup: Allow setting generator paths via environment
  * test: Add test for setting generator paths via environment
  * man: Add documentation for generator path environment variables
  * core: Fix resolution of nested DM devices for cgroups
  * docs: Add some notes about managing graphical user sessions
  * docs: Change prefix for desktop applications to app-
  * sysv-generator: Downgrade directory listing fails to warning
  * xdg-autostart-generator: Add a generator for XDG autostart files
  * man: Add systemd-xdg-autostart-generator man page
  * test: Add test for XDG desktop file parsing and interpretation
  * fuzz: Add an XDG desktop file fuzzer
  * xdg-autostart: Fix info message if Type= is not Application
  * xdg-autostart: Ignore all files with GNOME autostart phase
  * docs: Update section about XDG autostart generator
  * mount-setup: Enable memory_recursiveprot for cgroup2
  * man: Improve MemoryMin=/MemoryLow= description
  * xdg-autostart: Add support for Path= in XDG Desktop File
  * xdg-autostart: Ignore more common XDG Desktop Entry fields
  * xdg-autostart: Lower most info messages to debug level
  * units: Add special Desktop Environment user related units
  * basic: Define macros for special user slices
  * core: Move user units into app.slice by default
  * man: Document app, session and background special user slice units
  * units: Move user tmpfiles clean service into background.slice
  * tools: Pass source directory to autosuspend-update.sh
  * hwdb: Pull autosuspend rules from upstream libfprint
  * hwdb: Permit unsetting power/persist for USB devices
  * hwdb: update fingerprint autosuspend rules
  * seccomp: Always install filters for native architecture
  * test: Check that "native" architecture is always filtered
  * test: Add failing/non-failing syscall filter test setting architecture
  * xdg-autostart-service: Ignore missing desktop-sepcific condition binary
  * man: Add more details about desktop file processing
  * oomd: Dump top offenders after a kill action
  * oom: Cleanup of information dump code after kill
  * xdg-autostart-service: Fix binary escaping and simplify code a bit
  * hwdb: Remap micmute to f20 for ASUS WMI hotkeys

  [ davijosw ]
  * hwdb: Update 60-keyboard.hwdb (#23074)
  * hwdb: add resolutions for the Vaio FE14 touchpad (#23136)

  [ Matthew Blythe ]
  * hwdb 60-keyboard Add HP/Compaq KBR0133

  [ w30023233 ]
  * virt: detect OpenStack Nova instance

  [ amarjargal ]
  * core: update to use new-style sd-bus macros
  * systemctl: colorize "enabled" in 'systemctl status ...'

  [ Simon Ellmann ]
  * networkctl: obey --full with lldp command

  [ Ben Efros ]
  * Ensure dns_search_domain_unlink_marked removes all marked domains

  [ Daniel Mack ]
  * clock-util: read timestamp from /usr/lib/clock-epoch
  * sd-netlink: add MDB types
  * network: add support for setting MDB entries
  * man: document new Network.BridgeMDB config options
  * test: add BridgeMDB to fuzz-network-parser/directives.network
  * timesync: export manager_is_connected()
  * timesyncd: add RUNTIME servers
  * timesyncd: add address type information to debug log
  * timesyncd: clean up server_name_new()
  * timesync: be explicit in the integer check of poll_interval_usec

  [ Amarjargal ]
  * machine: update to use new-style sd-bus macros (#23012)

  [ Mariusz Tkaczyk ]
  * shutdown: get only active md arrays.

  [ Martin Liska ]
  * Support -D_FORTIFY_SOURCE=3 by using __builtin_dynamic_object_size.

  [ Andy Chi ]
  * hwdb: 60-keyboard:: Update Dell Privacy Micmute Hotkey Map
  * keymap: Add microphone mute keymap for Dell Machine
  * hwdb: Add mic mute key mapping for HP Elite x360

  [ Romain Naour ]
  * random-seed: add missing header for GRND_NONBLOCK (#14988)
  * missing-syscall: define MOVE_MOUNT_T_EMPTY_PATH if missing

  [ Heiko Becker ]
  * meson: Detect python instead of hard-coding python3

  [ Nishal Kulkarni ]
  * shell-completion: Add completion for systemd-analyze critical-chain
  * homed: Use new SD_BUS_METHOD_WITH_ARGS macro
  * logind: Use new macros
  * shell-completion: Add completion in bootctl
  * shell-completion: Add completion for oomctl
  * core/cgroup: Add OOM check
  * core/oomd: Use oom-kill ServiceResult for oomd
  * test/oomd: Add test for new oomd_ooms xattr
  * man: Mention systemd-oomd now follows OOMPolicy

  [ Danilo Krummrich ]
  * udevadm: trigger: implement --initialized-match/nomatch arguments

  [ AlexCatze ]
  * Add HP Elitebook 2760p support (#22766)

  [ David ]
  * Changed wording in systemd-debug-generator manpage

  [ Grigori Goronzy ]
  * hmac/sha256: move size define to sha256.h
  * tpm2: support policies with PIN
  * cryptenroll: add support for TPM2 pin
  * cryptsetup: add support for TPM2 pin
  * cryptsetup: add libcryptsetup TPM2 PIN support
  * cryptenroll: add TPM2 PIN documentation
  * cryptsetup: add manual TPM2 PIN configuration
  * cryptenroll: add tests for TPM2 unlocking
  * tpm2: enable parameter encryption

  [ Vivien Didelot ]
  * units: fix factory-reset.target description

  [ Be ]
  * Add AV production controllers to hwdb and add uaccess

  [ Laura Barcziova ]
  * Packit: build SRPMs in Copr

  [ David Bond ]
  * udev: 60-persistent-storage-tape.rules: handle duplicate device ID

  [ tawefogo ]
  * Fix mic mute on Acer TravelMate B311-31 (#22677)

  [ 4piu ]
  * Add support for NEC VersaPro VG-S

  [ Alfonso Sánchez-Beato ]
  * src/boot/efi/linux: fix linux_exec prototype
  * sd-stub: do not print warning if filesystem is not supported

  [ Tobias Stoeckmann ]
  * systemd-analyze: fixed typo in documentation
  * core: check size before mmap

  [ Lan Tian ]
  * hwdb: Force release calculator key on all HP OMEN laptops

  [ prumian ]
  * hwdb: add CST Laser Trackball (#22583)

  [ Richard Neill ]
  * virt: Fix Xen Dom0 detection logic to no longer report as VM

  [ Matija Skala ]
  * do not call __register_atfork directly

  [ Joerie de Gram ]
  * network: attempt to trigger kernel IPv6LL address generation

  [ Federico Ceratto ]
  * Clarify protocol used in systemd-journal-upload (#22465)

  [ Santa Wiryaman ]
  * Add support for `isolated` parameter

  [ Matt Walton ]
  * hwbd: 60-sensor.hwdb: Add Pipo W2Pro

  [ bearhoney ]
  * Update CODING_STYLE.md

  [ Ruben Kerkhof ]
  * systemd.netdev(5): fix acronym for DOVE extensions

  [ Leviticoh ]
  * fix italian translations to display unit name

  [ Dorian Clay ]
  * hwdb: add support for Surface Laptop 2 & 3 (#22303)

  [ Donald Chan ]
  * basic: mac_[selinux,smack]_apply_fd does not work when applying labels

  [ Ryan Hendrickson ]
  * core: apply LogLevelMax to messages about units
  * hwdb: add two Elecom trackballs

  [ Julia Kartseva ]
  * bpf-firewall: attach with BPF_F_ALLOW_MULTI if kernel supports
  * shared: add bpf-program helpers
  * shared: bpf_attach_type {from,to} string
  * cgroup: add foreign program to cgroup context
  * core: add bpf-foreign unit helpers
  * core: add bpf-foreign cgroup mask and harness
  * core: add bpf-foreign to fragment parser
  * tests: add unit file tests for BPFProgram=
  * man: add BPFProgram= documentation
  * dbus-cgroup: add BPFProgram= dbus support
  * fuzz: add BPFProgram= to directives
  * bpf: add socket-bind BPF program code sources
  * bpf: add build script for bpf programs
  * meson, bpf: add HAVE_LIBBPF, BPF_FRAMEWORK options
  * meson, bpf: add build rule for socket-bind program
  * shared, bpf: add bpf link helpers
  * cgroup: add socket-bind to cgroup context
  * core, bpf: add socket-bind feature to unit
  * core: add socket-bind cgroup mask harness
  * core: add SocketBind{Allow|Deny} fragment parser
  * shared, bpf: add bpf link serialization
  * tests: add test program for SocketBind{Allow|Deny}=
  * dbus: add dbus-cgroup for SocketBind{Allow|Deny}=
  * systemctl: show SocketBind{Allow|Deny} properties
  * man: add SocketBind{Allow|Deny}= documentation
  * readme: update README with requirements for bpf
  * fuzz: add SocketBind{Allow|Deny}= directive
  * dbus: extend SocktBind{Allow|Deny}= with ip proto
  * dbus: update SocketBind{Allow|Deny}= doc
  * bpf: add ip proto matching to socket-bind prog
  * shared: add ip_protocol_{from|to}_tcp_udp helpers
  * shared: add parser for SocketBind{Allow|Deny}=
  * fragment: add ip protocol to SocketBind{Allow|Deny}=
  * dbus: extend SocketBind{Allow|Deny}= with ip proto
  * man: document ip proto in SocketBind{Allow|Deny}=
  * core: fix bpf-foreign cg controller realization
  * core: check fs type of BPFProgram= property path
  * bpf: fix memleak in restrict_fs_bpf
  * bpf: do not freeze if bpf lsm fails to set up
  * bpf: check if lsm link ptr is libbpf error
  * bpf: fix bpf_can_link_lsm_program condition
  * bpf: name unnamed bpf programs
  * bpf: load firewall with name only if supported

  [ Seth Falco ]
  * hwdb: treat logitech craft keyboard as a keyboard

  [ Arfrever Frehtes Taifersar Arahesis ]
  * logind.conf: Fix name of option: RuntimeDirectoryInodes -> RuntimeDirectoryInodesMax

  [ Rike-Benjamin Schuppner ]
  * man: Fix paths for user units (transient/generator.early)

  [ march1993 ]
  * Update systemd.netdev.xml

  [ Yonathan Randolph ]
  * man: clarify Environmentfile format

  [ ash ]
  * man: note more clearly that $SYSTEMD_PAGER requires $SYSTEMD_PAGERSECURE

  [ YmrDtnJu ]
  * shared: Revert commit 49fe5c099 in parts for function parse_acl.
  * resolve: enable RES_TRUSTAD towards the 127.0.0.53 stub resolver
  * basic: New function fstype_is_blockdev_backed for fstypes that need a blockdev
  * mount-tool: Replace fstype_is_{network,api_vfs} with fstype_is_blockdev_backed
  * AppArmor: Support for loading a set of pre-compiled profiles at startup time
  * networkd: Use NLM_F_ACK on the netlink message to add a neighbor.
  * Fix journald audit logging with fields > N_IOVEC_AUDIT_FIELDS.

  [ Thomas Batten ]
  * hwdb: Add accel orientation quirk for the GPD Pocket 3

  [ Tyson Whitehead ]
  * hwdb: CH Pro Pedals not classified correctly due to no buttons

  [ yangmingtai ]
  * fix DirectoryNotEmpty when it comes to a Non-directory file
  * fix test-string-util failed when locale is not utf8

  [ lincoln auster ]
  * sd-bus/man: document EBUSY error in bus_message_read (#21954)

  [ Albert Brox ]
  * Improve tmpfiles unsafe transition log message (#20048)
  * pid1: add support for cgroup.kill
  * core: implement RuntimeMaxDeltaSec directive
  * implement aliasing for systemd-analyze verify
  * analyze: basename -> path_extract_filename and other minor fixes
  * core: teach LoadCredential= to load from a directory

  [ Markus Weippert ]
  * homed: stop before stopping dbus

  [ Pigmy-penguin ]
  * userdbctl: fix "Password OK" shown even when password is empty or locked (#21308)

  [ Lukas Märdian ]
  * d/rules: Enable build of systemd-oomd
  * d/control: Ship oomd in a systemd-oomd package
  * Start systemd-oomd.service after package installation

  [ Marco Scardovi ]
  * Add missing greater than/less than tab on some HP
  * make HP 15s-eq0xxx changes specific to sku9MG38EA#ABZ

  [ Noel Kuntze ]
  * network: complete example for xfrm setup

  [ ksa678491784 ]
  * stub: Do not assume having DeviceHandle

  [ Stephen Hemminger ]
  * bus-dump: change capture output to use pcapng (#21738)

  [ Scott Worley ]
  * timedatectl: Uniform commas in NTPMessage output

  [ Jayce Fayne ]
  * hwdb: Add accel orientation quirk for the Chuwi Hi10 Go tablet

  [ acsfer ]
  * Fix loading of graphs

  [ Sho Iizuka ]
  * NEWS: net.ipv4.tcp_ecn = 1 was reverted at v240
  * man: how to unset CPUQuota=

  [ Peter Morrow ]
  * core: allow services stuck in reloading state to exit
  * test: add a test to cover restarting services in reloading state
  * man: add details on overriding top level drop-ins
  * man: fix missing markdown & minor errors
  * cgroup: add support for StartupAllowedCPUs and StartupAllowedMemoryNodes
  * docs: update docs with StartupAllowedCPUs and StartupAllowedMemoryNodes details
  * fuzz: add StartupAllowedCPUs and StartupAllowedMemoryNodes to directives
  * cgroup: re-evaluate startup units during shutdown as well
  * fuzz: list directives in alphabetical order
  * man: Startup* updates for systemd.resource-control
  * service: pass service exit status to spawned On{Failure,Success}= dependency
  * tests: add test to cover service exit status propagation
  * man: document $MONITOR_METADATA usage

  [ Jarkko Sakkinen ]
  * Enable /dev/sgx_vepc access for the group 'sgx'

  [ Jonas Jelten ]
  * ceph is a network filesystem
  * network-generator: support link6 network configuration

  [ LaserEyess ]
  * network: rename SetupState to AdministrativeState

  [ Maciek Borzecki ]
  * units/systemd-udevd: allow bpf() syscall

  [ Pavel Březina ]
  * man: fix description of sd_uid_get_sessions

  [ Joris Hartog ]
  * systemctl: support JSON output for "show-environment"

  [ Urs Ritzmann ]
  * sd_bus_get_timeout: fix timeout value doc

  [ KennthStailey ]
  * Fixed typo

  [ Kevin Kuehler ]
  * systemctl: Default suffixes for timer and socket
  * Fix mkosi on Arch Linux
  * mkosi: Find hostname command on Arch Linux
  * core: Add triggering job mode
  * man: Document --job-mode=triggering switch
  * systemctl: Add TriggeredBy and Triggers to status
  * systemctl: Align all status outputs to TriggeredBy
  * shared: Add ProtectKernelLogs property
  * core: Add ProtectKernelLogs
  * tests: Add capability tests for ProtectKernelLogs
  * core: ProtectKernelLogs= mask kmsg in proc and sys
  * test/test-seccomp: add test_protect_syslog
  * man: Add description for ProtectKernelLogs=
  * test-namespace: Add test for ProtectKernelLogs=
  * units: set ProtectKernelLogs=yes on relevant units
  * systemd-analyze: Add ProtectKernelLogs to security
  * basic: Drop ambient inherited capabilities by default
  * test-capability: Modify ambient capability tests to test clearing caps
  * execute: Call capability_ambient_set_apply even if ambient set is 0
  * shared/ask-password-api: modify keyctl break value
  * job: Don't mark as redundant if deps are relevant
  * shared/bus-util: Don't replace exsting strv
  * systemctl: Add --with-dependencies flag
  * man: Document systemctl --with-dependencies switch
  * core: shared: Add ProtectClock= to systemd.exec
  * analyze: Add ProtectClock= to analyze-security
  * man: doc: Document ProtectClock=
  * import: Only keep RO copy if ETag header is set
  * basic: Fix capability_ambient_set_apply for kernels < 4.3
  * repart: port to our home-grown hmac_sha256
  * resolve: Add coverage for dnssec ecdsa (rfc6605)
  * resolve: Port dnssec verify from gcrypt to openssl^gcrypt
  * resolve: Port dnskey verification by ds to openssl^gcrypt
  * resolve: Port nsec3 code to openssl^gcrypt
  * basic/openssl-util: Add sha256 hash wrapper

  [ Arvid E. Picciani ]
  * docs: document that systemd closes console during normal runtime

  [ Wu Xiaotian ]
  * architecture: Add support for the LoongArch architecture

  [ Amir Omidi ]
  * systemctl: display how long a systemd service will run (#21494)

  [ Nacho Barrientos ]
  * Byte order to host before using the lifetime

  [ Henri Chain ]
  * Introduce ExitType
  * core: fix SIGABRT on empty exec command argv
  * Reintroduce ExitType
  * Use ExitType=cgroup for autostart generated services
  * Try to fix exittype test flakyness

  [ Miika Karanki ]
  * sd-bus: Fix standard method argument names

  [ Boqun Feng ]
  * virt: Support detection for ARM64 Hyper-V guests
  * virt: Fix the detection for Hyper-V VMs

  [ Robert-L-Turner ]
  * FIDO2 device removal instructions (#21426)

  [ Mark Boudreau ]
  * veritysetup-generator: generate service for usr device
  * fstab-generator: use 'usr' mapper device when 'usrhash' is present
  * Document usr-specific verity parameters

  [ Daniel Maixner ]
  * removed copyright

  [ Slava Bacherikov ]
  * network: change link group type to int32
  * network: Add SuppressInterfaceGroup= into routing policy

  [ Taiki Sugawara ]
  * hwdb: Add Kensington Expert Mouse Wireless Trackball

  [ Emily Gonyer ]
  * Change gendered terms to be gender-neutral (#21325)

  [ Scott Lamb ]
  * fsck: no emergency.target on nofail mounts

  [ Paulo Neves ]
  * docs: Clarify systemctl show manual

  [ xdavidwu ]
  * coredump: fix filename in journal when not compressed

  [ Tony Asleson ]
  * rules: watch metadata changes on nbd devices
  * dm-verity: Remove usage of integrity
  * Add stand-alone dm-integrity support
  * integritysetup: Check args to prevent assert
  * test: exercise sytemd-integritysetup & generator

  [ Toke Høiland-Jørgensen ]
  * sd-dhcp-server: clear out expired leases when processing requests
  * sd-dhcp-server: fix address availability checks

  [ Andreas Valder ]
  * nspawn: add filesystem id mapping support to --bind and --bind-ro

  [ Greg Zuro ]
  * change indicator used for later versions of VirtualBox (#21127)

  [ gregzuro ]
  * change req meson version

  [ Anssi Hannula ]
  * cryptsetup-tokens: fix typo in tpm2 token dump output
  * bootctl: Fix update not adding EFI entry if Boot IDs are non-consecutive
  * man: fix a reference in timedatectl man page
  * efivars: skip writing if variable is already in wanted state

  [ Jonas Dreßler ]
  * hwdb: Allow USB autosuspend for MS Surface Pro (2017) Type Cover

  [ Dimitri Papadopoulos ]
  * Typos found by codespell

  [ Vincent Bernat ]
  * utmp: remove /dev from line

  [ Alexander Kanavin ]
  * meson: use partial_dependency() to get include directory

  [ Max Resch ]
  * sd-boot: time measurements for the ARM64
  * sd-stub: Provide initrd with LINUX_EFI_INITRD_MEDIA_GUID
  * move mfree to macro-fundamentals.h
  * [sd-stub] Add support for aarch64 booting via pe-entry point
  * [sd-stub] add support for embedding devicetree
  * [st-stub] documenting the .dtb section

  [ alexlzhu ]
  * man: update docs on systemd-system.conf logging (LogTime=) (#19846)
  * core: Add ExecSearchPath parameter to specify the directory relative to which binaries executed by Exec*= should be found
  * docs: Fixing typo in systemd.device man page and README.
  * core: remove refcount for bpf program

  [ Bogdan Seniuc ]
  * virt: Fix Xen PV detection when nested inside another hypervisor

  [ (GalaxyMaster) ]
  * Avoid passing NULL to underlying fprintf() in sysusers (#20974)

  [ chlorophyll-zz ]
  * Sensor Y Axis is inverted for TrekStor Surftab W1
  * Update 60-sensor.hwdb

  [ Iago Lopez Galeiras ]
  * basic: move CIFS magic number to missing_magic.h
  * core: add BPF LSM functions
  * core: use LSM BPF functions to implement RestrictFileSystems=

  [ Andrew Soutar ]
  * basic/env-util: correctly parse extended vars after non-extended vars (#20941)

  [ Egor ]
  * sleep: don't skip resume device with low priority/available space

  [ Slimane Selyan Amiri ]
  * Added translation using Weblate (Kabyle)
  * Translated using Weblate (Kabyle)
  * po: Translated using Weblate (Kabyle)

  [ Lukas Senionis ]
  * hwdb: add touchpad fuzz for Asus UX362FA (#20770)
  * reduce the fuzz values in evdev hwdb for Asus UX362FA

  [ Marcel Menzel ]
  * doc: network: Move "Independent=" flag to the VXLAN section (#20881)

  [ Antony Deepak Thomas ]
  * fileio: introduce read_virtual_file_fd()
  * string-util: introduce streq_skip_trailing_chars()
  * fileio: introduce new mode to suppress writing the same value
  * sysctl-util: minimize side-effects when running `systemd-sysctl`

  [ dann frazier ]
  * test: Synchronize journal before reading from it
  * Add remaining supported schemes as options for default-net-naming-scheme
  * Remind developers to update the list of net naming schemes that can be selected as a build-time defaults.

  [ Kay Siver Bø ]
  * hwbd: 60-sensor.hwdb: Add Lenovo ThinkPad Yoga 11e 5th Gen (Type: 20LN, Gemini Lake)

  [ Alberto Mardegan ]
  * docs: clarify order of events in cgroup scope creation

  [ John Lindgren ]
  * Add Logitech USB-PS/2 M-BT96A to hwdb

  [ Lia Lenckowski ]
  * bash-completion: circumvent aliases for 'ls'

  [ Christian Wehrli ]
  * po: Translated using Weblate (German)

  [ Marcus Harrison ]
  * Fix error building repart with no libcryptsetup (#20739)

  [ Yao Wei (魏銘廷) ]
  * Add additional Dell models that require ACCEL_LOCATION=base

  [ Anatol Pomozov ]
  * tpm-util: fix TPM parameter handling

  [ Takuro Onoue ]
  * po: Translated using Weblate (Japanese)

  [ pedro martelletto ]
  * explicitly close FIDO2 devices

  [ Kyle Laker ]
  * systemd-analyze: use config value in RestrictNamespaces id (#20645)

  [ Ross Jennings ]
  * Fix volume control keys for LG Gram (#20644)

  [ lainahai ]
  * Fix esc, volume control keys and Fn+F1 for Samsung Galaxy Book

  [ jlempen ]
  * Add matrix for the Chuwi SurBook Mini (CWI540)

  [ José Expósito ]
  * hwdb: add a generic rule for trackpoints (#20543)

  [ Kevin Orr ]
  * Fix another crash due to missing NHDR

  [ Adolfo Jayme Barrientos ]
  * Translated using Weblate (Spanish)
  * po: Translated using Weblate (Spanish)

  [ Wind/owZ ]
  * hwdb: Add sensor rule for Hometech Wi101

  [ I-dont-need-name ]
  * hwdb: Add force-release for HP Omen 15 calculator key. (#20538)

  [ Mauricio Vásquez ]
  * core: add RestrictNetworkInterfaces= BPF program source code
  * core: implement RestrictNetworkInterfaces=
  * core: add load fragment implementation for RestrictNetworkInterfaces=
  * core: add D-bus properties for RestrictNetworkInterfaces=
  * Document RestrictNetworkInterfaces dbus properties
  * man: add RestrictNetworkInterfaces= documentation
  * src/test: add restrict network interfaces to test-cgroup-mask
  * tests: add integration test for RestrictNetworkInterfaces=
  * systemctl: show RestrictNetworkInterfaces= in systemctl show
  * README: add requirements for RestrictNetworkInterfaces=

  [ Hela Basa ]
  * po: Added translation using Weblate (Sinhala)
  * po: Translated using Weblate (Sinhala)

  [ Gustavo Costa ]
  * Translated using Weblate (Portuguese (Brazil))
  * po: Translated using Weblate (Portuguese (Brazil))

  [ Geass-LL ]
  * unit: coldplug both job and nop_job if possible

  [ Maxime de Roucy ]
  * network: add address label on dhcpv4

  [ Milo Turner ]
  * Don't open /var journals in volatile mode when runtime_journal==NULL

  [ Steven Siloti ]
  * resolved: retry on SERVFAIL before downgrading feature level

  [ Andrej Lajovic ]
  * shared/copy: add a new flag COPY_ALL_XATTRS

  [ Kai-Heng Feng ]
  * hwdb: Add support for Alienware touchpad toggle
  * hwdb: Mark Intel Sensor Hub's accel sensor on Vostro 5581 as being in the base
  * hwdb: Mask rfkill event from intel-hid on HP platforms
  * hwdb: Add EliteBook to use micmute hotkey
  * hwdb: Add ProBook to use micmute hotkey
  * hwdb: Remove intel-hid rfkill mask
  * NEWS: Note Intel HID rfkill mask is removed

  [ MertsA ]
  * Get rid of dangling setutxent()

  [ Yegor Alexeyev ]
  * dhcp: Implemented BindToInterface= configuration option
  * relay role implementation
  * rfc3046 implementation
  * logind: allow binding different operation to reboot key long presses
  * added missing handling of button release events
  * units: added factory-reset.target

  [ Jack Dähn ]
  * resolved: Don't omit AD bit in reply if DO is set in the query

  [ Tianlu Shao ]
  * Update traditional Chinese Translation

  [ svonohr ]
  * hwdb: Add Lenovo Thinkpad P14s Gen1/2 rule

  [ Dimitry Ishenko ]
  * timesync: add option to periodically save time

  [ longpanda ]
  * Fix the "Failed to open random seed ..." message.

  [ StefanBruens ]
  * Update 60-autosuspend-fingerprint-reader.hwdb to libfprint-1.92.1

  [ GnunuX ]
  * man systemd-sysusers: fix password to passwd

  [ Sergei Trofimovich ]
  * coredump/stacktrace.c: avoid crash on binaries without NHDR

  [ Yao Wei ]
  * Use SKU to identify Dell clamshell models for accelerometer properties

  [ Riccardo Schirone ]
  * Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit.
  * Allocate temporary strings to hold dbus paths on the heap
  * Be more specific in resolved.conf man page with regard to DNSOverTLS
  * Check return value of pam_get_item/pam_get_data functions

  [ ratijas ]
  * man: Fix incorrect EFI vendor UUID (last missing nibble)

  [ hikigaya58 ]
  * Typo correction on systemd.unit man page

  [ Salvatore Bonaccorso ]
  * unit-name: generate a clear error code when converting an overly long fs path to a unit name
  * basic/unit-name: do not use strdupa() on a path (CVE-2021-33910)
  * basic/unit-name: adjust comments
  * Prepare changelog for release

  [ WANG Xuerui ]
  * gpt: support LoongArch 64-bit
  * gpt: reformat for restoring vertical alignment

  [ Aakash Singh ]
  * hwdb: 60-keyboard:: Update MSI Modern backslash and hotkeys
  * hwdb: merge Micro Star in MSI
  * hwdb: merge MSI Prestige And MSI Modern FnKeys and Special keys definitions
  * hwdb: 60-keyboard::remove hardcoded definition for  KEYBOARD_KEY_56 for MSI Prestige And  Modern

  [ rene ]
  * Minor typo (#20254)

  [ monosans ]
  * log-generator: count arguments as offset from an iterator

  [ duament ]
  * shell-completion/zsh/_systemd-run: Fix completion of command names and arguments

  [ Carl Lei ]
  * man: fix RFC number

  [ Ben Stockett ]
  * Updated manpage for sd_bus_set_property

  [ nassir90 ]
  * Fixed typo (#20187)

  [ Hugo Osvaldo Barrera ]
  * Mount encrypted swap partitions via gpt-auto

  [ Jan Palus ]
  * login: filenames in /run/systemd/users are uids
  * hostnamed: correct variable with errno in fallback_chassis

  [ Hamish Moffatt ]
  * Clarify the behaviour of suspend-then-sleep mode in the manual pages.

  [ Icenowy Zheng ]
  * hwdb: add resolution override for Pinebook Pro touchpad

  [ qhill ]
  * units: correct description of final.target

  [ Trent Piepho ]
  * udev: Fix by-uuid symlink for ubifs volumes

  [ Alexey Rubtsov ]
  * po: Translated using Weblate (Russian)

  [ milaq ]
  * hwdb: Add Logitech G403 Hero
  * hwdb: Add DPI info for Logitech MX Ergo
  * hwdb: Fix Logitech G500 default DPI settings
  * hwdb: Fix Logitech G700 default DPI settings
  * hwdb: Add Logitech G700 "Nano" receiver
  * hwdb: Add Logitech G Pro Wireless
  * hwdb: Use correct default values for Logitech M310
  * hwdb: Add Logitech Trackman Marble

  [ laineantti ]
  * hwdb: add accel matrix for One-netbook OneMix 2s

  [ Alexander Tsoy ]
  * resolved: correctly prove the non-existense of wildcard
  * resolved: do not try to copy empty NSEC types bitmaps

  [ Paweł Marciniak ]
  * core: add combined status unit format

  [ dgcampea ]
  * man: fix incorrect description regarding DynamicUser= and StateDirectory=

  [ Mike Crowe ]
  * resolvectl: Only strip ifname suffixes when being resolvconf

  [ Juergen Hoetzel ]
  * busctl: add missing shortopt -l
  * docs: EFI separator needs to be backslash-escaped in markdown

  [ Anders Wenhaug ]
  * time-util: don't use plural units indiscriminately
  * docs: add coding style example

  [ Hristo Venev ]
  * networkd: Permit all-zero RoutingPolicyRule prefixes

  [ simmon ]
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)
  * po: Translated using Weblate (Korean)

  [ Jesse Stricker ]
  * hwdb: add rules for Lenovo U41-70 (80JV)

  [ plattrap ]
  * Update systemd-resolved.service.8 help

  [ Jeremy Szu ]
  * hwdb: Add mic mute key mapping for HP Elite Dragonfly

  [ Eric Cook ]
  * shell-completion: revert c1072f6473bafa063cbf700c86524083d2857031

  [ Jayanth Ananthapadmanaban ]
  * Add a network timeout option to journal-upload

  [ Daniel Schaefer ]
  * doc: Add RISC-V to FAQ

  [ Srinidhi Kaushik ]
  * tmpfiles: extend "Age" to accept an "age-by" argument

  [ Allen Webb ]
  * tmpfiles: add '=' action modifier.

  [ Emilio Herrera ]
  * po: Translated using Weblate (Spanish)

  [ Sebastian Blunt ]
  * Add crypttab option silent
  * Respect option 'silent' on cryptsetup FIDO2 pin entry
  * Rename crypttab opt silent to password-echo

  [ scootergrisen ]
  * Translated using Weblate (Danish)
  * po: Translated using Weblate (Danish)

  [ Peter Kjellerstedt ]
  * meson: Correctly validate that prefix is a child of rootprefix

  [ borna-blazevic ]
  * sd-dhcp-server: support static address to DHCPv4 offer
  * network: dhcp-server: introduce [DHCPServerStaticLease] section
  * test-network: add a testcase for DHCP static lease

  [ Roshan Shariff ]
  * rules.d: Properly quote $env{MODALIAS}

  [ Vincent Dechenaux ]
  * Typo in service.c

  [ Olle Lundberg ]
  * nspawn: bring back the word `may` in error text

  [ ei-ke ]
  * Fixed a typo

  [ Milan ]
  * docs: Update link to journal-def.h
  * docs: Update link to journal file format codebase

  [ tramsay ]
  * network:dhcp4_server_configure returns if not able to get timezone

  [ Simon Watts ]
  * Add Microsoft Pro Intellimouse MOUSE_DPI to hwdb

  [ Seong-ho Cho ]
  * Update Korean translation (#19083)

  [ zsien ]
  * bootctl: same entry path check case-insensitive

  [ howl ]
  * hwdb: Add Lenovo IdeaPad D330 accel mount matrix
  * Unify pn81H3 and cvrLenovoideapadD330-10IGM
  * hwdb: sensor: D330-IGM use pvr instead cvr
  * hwdb: keyboard: D330 Touchpad toggle keymap

  [ gitm0 ]
  * hwdb: add accel matrix for One-netbook OneMix 3s (#19549)

  [ Lucas Magasweran ]
  * network: examples: use wlan for Type instead of wifi
  * man: network: use `networkctl list` instead of `status` to list network interface type

  [ Roman Beranek ]
  * Revert "resolve: check DNSSD service name template before assigning it"
  * resolve: remove RRs from zones before an update

  [ Harsh Barsaiyan ]
  * hwdb: Add Asus TP550LA

  [ Jörg Deckert ]
  * networkd: correct batman-adv setting name (GatewayBandwidth) (#19539)

  [ Marco Antonio Mauro ]
  * Added Teclast X4 ACCEL_MOUNT_MATRIX (#19540)

  [ Mike Kazantsev ]
  * cgroup: fix typo in BPF firewall support warning message
  * core.timer: fix "systemd-analyze dump" and docs syntax inconsistencies wrt OnTimezoneChange=
  * NEWS: fix use of tabs instead of spaces for one item
  * Fix indent prefix being used as a suffix in systemd-analyze dump for some properties

  [ Mark Wielaard ]
  * docs/COREDUMP_PACKAGE_METADATA.md: Add debuginfod key

  [ imayoda ]
  * Add correct rotation support for Mediacom Winpad 7.0 W700

  [ Jakub Warczarek ]
  * hostnamectl: deprecate set-* methods and expose getters by only using nouns in commands

  [ Luca Adrian L ]
  * Document the need to do journalctl --flush for persistent logging (#19481)

  [ Noah Meyerhans ]
  * Use BIOS characteristics to distinguish EC2 bare-metal from VMs

  [ Steve Bonds ]
  * Clarify that these values are in bytes

  [ syyhao1994 ]
  * man: importd also provides the option of import-fs for machinectl (#19477)

  [ Alexander Sverdlin ]
  * systemd-coredump: Add conflict with shutdown.target

  [ Viktor Mihajlovski ]
  * udev: fix slot based network names on s390
  * network: enable DHCP broadcast flag if required by interface
  * udev: allow onboard index up to 65535

  [ caoxia2008cxx ]
  * set boot time from monotonic time (#19444)

  [ Perry.Yuan ]
  * hwdb: 60-keyboard:: Update Dell Privacy Local Mic Mute Hotkey (#19261)

  [ William A. Kennington III ]
  * networkd: Routes should take the gateway into account
  * networkd: Keep track of static neighbors
  * network: neighbor: Always add neighbors with replace

  [ Flos Lonicerae ]
  * Add D-Bus property exposing Ctrl-Alt-Delete action (#19217)

  [ Jan Synacek ]
  * rule-syntax-check: allow PROGRAM as an assignment
  * man: note that journal does not validate syslog fields
  * man: drop my copyright
  * debug-generator: enable custom systemd.debug_shell tty
  * analyze-security: move assert above first use of the variable (#13238)
  * udev: introduce CONST key name
  * rule-syntax-check: add CONST
  * sd-dhcp: fix resource leak
  * man/systemd.net-naming-scheme: fix typo
  * install: warn if WantedBy targets don't exist

  [ Jóhann B. Guðmundsson ]
  * mkosi: update to Fedora30 (#12642)
  * Update to Fedora31
  * fix: point to the correct drop-ins subdirectory for confs

  [ Igor Zhbanov ]
  * journald: Retry if posix_fallocate returned -1 (EINTR)

  [ Yangyang Shen ]
  * fix wrong statement JOURNAL_FILE_FORMAT.md doc
  * journald: enforce longer line length limit during "setup" phase of stream protocol

  [ Miroslav Suchý ]
  * document DefaultOOMPolicy

  [ Jason Francis ]
  * sd-login: correct prototype of sd_peer_get_cgroup
  * sd-login: fix wrong constructor used in sd_login_monitor manpage example

  [ sverdlin ]
  * systemd-networkd.socket: Add conflict with shutdown.target (#19348)

  [ Sevan Janiyan ]
  * meson.build: typo

  [ LetzteInstanz ]
  * network: move AddressFamily into network-util for the use by wait-online later
  * network: save IPv4/IPv6 address states into state file
  * sd-network: read IPv4/IPv6 address states from state files
  * wait-online: wait for address family
  * test-network: test waiting for address family

  [ gaoyi ]
  * udev: specify the end of value
  * test: add test case for multi matches when use "||"
  * udevd: don't kill worker in manager_kill_workers when it's running
  * gpt-auto-generator: don't generate systemd-cryptsetup@.service when --Dlibcryptsetup=false
  * man: fix discriptions for --exec-delay
  * udev: delete useless codes

  [ Francois Gervais ]
  * load-fragment: parse specifiers in CPUAffinity= (#19281)

  [ Oleg Popov ]
  * Extend characters set for PKCS11 URI

  [ Jérôme Carretero ]
  * login: logind-dbus: support scheduled kexec (#19162)

  [ Masahiro Matsuya ]
  * tmpfiles: use a entry in hashmap as ItemArray in read_config_file()

  [ KoyamaSohei ]
  * resolve: copy rd flag from the query to response

  [ Sibo Dong ]
  * bash-completion: localize words and cword variables

  [ James Buren ]
  * hwdb: Fix rotation for Nuvision Encite Split 11
  * hwdb: 60-keyboard:: Add HP mt44 Mobile Thin Client hotkey quirks
  * hwdb: 60-keyboard:: Add HP ProBook 455 G5 hotkey quirks

  [ Deepak Rawat ]
  * logind: Introduce RebootWithFlags and others
  * logind: Add new flag for kexec reboot
  * logind: Rename kexec reboot flag

  [ Sergey Bugaev ]
  * virt: detect Docker and Podman containers
  * virt: detect cgroups namespaces
  * resolved: set the AA bit for synthetic answers
  * resolved: set the AA bit for mDNS responses
  * resolved: don't discard mDNS packets with ip6.arpa RRs
  * resolved: don't discard mDNS queries with bad flags
  * log: protect errno in log_open()
  * tree-wide: reopen log after fork when needed
  * homework: use FORK_CLOSE_ALL_FDS in a few more places
  * resolved: add flags to DnsQuestion items
  * resolved: fix mistaking QU bit for cache-flush bit
  * resolved: reply using unicast mDNS when appropriate

  [ Fangrui Song ]
  * sd-bus: set retain attribute on BUS_ERROR_MAP_ELF_REGISTER

  [ Pjotr Vertaalt ]
  * po: Added translation using Weblate (Dutch)
  * po: Translated using Weblate (Dutch)

  [ Lincoln Ramsay ]
  * pid1: do not use generated strings as format strings (#19098)

  [ hide ]
  * network: fix ipv6 tunnel encapsulation limit (#19087)

  [ Antonio Terceiro ]
  * logs-show: add missing newline in warning message

  [ tpgxyz ]
  * systemd-boot: LLVM/lld does not support PE/COFF relocations. Bail out with an error message

  [ Michael Gisbers ]
  * correct incorrect command in NEWS (#19048)

  [ Sam Lunt ]
  * Wrong index in error message

  [ Dan Sanders ]
  * hwdb: unifying receiver match keys for Logitech MX Ergo

  [ Kevin Backhouse ]
  * ask-password-api: fix error handling on invalid unicode character

  [ ulf-f ]
  * Update resolvectl.xml

  [ Perry Yuan ]
  * hwdb: 60-keyboard:: Update Dell Privacy Micmute Hotkey Map

  [ Carlo Wood ]
  * Manual page fixes (#18906)

  [ ChopperRob ]
  * Update 60-sensor.hwdb (#18884)

  [ Alastair Pharo ]
  * hwdb: add fuzz for Dell Latitude E7470 (#18876)

  [ caoxia ]
  * trans_time sec is int32,it will overflow if local system time is later than 2038.

  [ Xℹ Ruoyao ]
  * fuzz: add NetworkNamespacePath= into directives.service
  * Refactor network namespace specific functions in generic helpers
  * New directives PrivateIPC and IPCNamespacePath
  * Remount /dev/mqueue in unshared mount namespace for PrivateIPC

  [ Vincent Pelletier ]
  * rules: Move ID_SMARTCARD_READER definition to a <70 configuration.

  [ Tom Shield ]
  * udev: add i2c to 60-persistent-input.rules for by-path (#18808)

  [ Lajos Veres ]
  * Fix path typo in systemd.unit

  [ Annika Wickert ]
  * network: Implement B.A.T.M.A.N. Advanced interface type

  [ clayton craft ]
  * Add DPI info for Kensington Trackball Expert Mouse in hwdb (#18709)

  [ Benjamin Robin ]
  * core/killall: Propagate errors and return the number of process left
  * shutdown: Bump sysctl kernel.printk log level in order to see info msg
  * core/killall: Log the process names not killed after 10s
  * core/killall: Add documentation about broadcast_signal()
  * basic/fileio: Fix memory leak if READ_FULL_FILE_SECURE flag is used
  * tree-wide: Mark as _unused_ variables that are only used in assert()
  * tree-wide: Fix, replace assert() by assert_se() when there is side effect
  * test: Use assert_se() where variables are only checked by assert
  * resize-fs: Use xsprintf instead of snprintf
  * meson: Do not drop warnings (unused variable) when NDEBUG is defined
  * tree-wide: Workaround -Wnonnull GCC bug
  * tree-wide: Replace assert() by assert_se() when there is side effect
  * basic: Allow to call STRV_FOREACH_BACKWARDS() with a char * const * strv
  * core: Update prototype of notify_message, tags list is read only
  * journald: Increase stdout buffer size sooner, when almost full
  * test: Add a test case for #15654
  * test: Stricter test case for #15654 (Add more checks)
  * core: Parse the tags list sooner, and use it for multiple function
  * netlink: Fix assert condition on n_containers
  * tree-wide: Initialize _cleanup_ variables if needed
  * network: 'cur' variable cannot be null, so simplify code
  * systemctl: Check clean_or_freeze_unit(): Add assert if unknown method
  * test: Add return 0 to main() function (even it is not strictly necessary)
  * basic: use -EINVAL for _MANAGED_OOM_PREFERENCE_INVALID
  * shared: use -EINVAL for _EXEC_COMMAND_FLAGS_INVALID
  * shared: use -EINVAL for _UNIT_FILE_CHANGE_TYPE_INVALID
  * shared: Fix _DNS_CACHE_MODE_INVALID value: use -EINVAL
  * basic: use -EINVAL for _DUID_TYPE_INVALID
  * libsystemd-network: use -EINVAL for _DUID_TYPE_INVALID
  * portable: use -EINVAL for _PORTABLE_CHANGE_TYPE_INVALID
  * shared: use -EINVAL for _NETDEV_BRIDGE_STATE_INVALID
  * resolve: Fix build for cleanup function (SSL_free + BIO_free)
  * man: Small fix of sd_bus_message_send() man page

  [ Tyler Hicks ]
  * man: correct the unit file directory for attached images

  [ Sven Mueller ]
  * Fix grammar and a small typo on a comment

  [ Jameer Pathan ]
  * Add Pull Request Labeler
  * GH Actions: Fix labeler bot

  [ chri2 ]
  * https://github.com/systemd/systemd/issues/15360

  [ Richard Laager ]
  * Remove outdated disable_ipv6 docs

  [ Giedrius Statkevičius ]
  * systemctl: exit with 1 if no unit files found
  * resolve: reload /etc/hosts on inode change
  * verify: ignore nonexistent executables if required
  * condition: add CPUFeature

  [ Joshua Watt ]
  * logind: Restore chvt as non-root user without polkit

  [ heretoenhance ]
  * Adding an explanation for CONFIG_NET requirement (#18600)

  [ RussianNeuroMancer ]
  * Add accel mount matrix for Irbis TW90
  * Add Logitech touchpads, sort vendors alphabetically (#13167)
  * Add HP Elite x2 1013 G3 touchpad as external
  * Add accel mount matrix for Irbis NB111 transformer
  * Prevent triple reporting of rfkill button on HP Elite x2 1013 G3, plus five other hotkeys
  * Calendar and micmute hotkeys on HP EliteBook Folio G1
  * Fix micmute hotkey on HP EliteBook Folio G1

  [ Pierre Dubouilh ]
  * rlimit-util: log when falling back setting limit

  [ Florian Hülsmann ]
  * hwdb: add resolution for Waltop/MEDION batteryless graphics tablet (v:172f p:0505)

  [ Ardy ]
  * hwdb: Add accel orientation quirk for Reeder A8iW Tablet

  [ Alan Perry ]
  * add error message when bind mount src missing
  * no blkid for mmcblk[0-9]boot[0-9]

  [ Nick ]
  * Added Trekstor Yourbook C11B to 60-sensor.hwdb

  [ Vinnie Magro ]
  * networkd: add UseFQDN option for DHCPv6

  [ Weblate (bot) ]
  * Translated using Weblate (Swedish) (#18457)
  * Translations update from Weblate (#18485)
  * Translations update from Weblate (#18537)

  [ Gablegritule ]
  * hwdb: add axis overrides for the Dell Latitude E5510 TouchPad (#18493)

  [ Antonius Frie ]
  * Use correct config parser for MountAPIVFS (#18501)

  [ cprn ]
  * hwdb: add Acecad Flair / Pentagram Quadpen (#18443)

  [ Julia Cartwright ]
  * man: fix misspellings of "NameSeviceSwitch"

  [ Ali Abdallah ]
  * PATCH] Always free deserialized_subscribed on reload

  [ Ioanna Alifieraki ]
  * systemctl: return error code when scheduled shutdown fails

  [ Simonas Kazlauskas ]
  * hwdb: Add evdev for Huawei EUL-XW9

  [ Pavel Hrdina ]
  * cgroup: introduce support for cgroup v2 CPUSET controller
  * cgroup-util: fix obsolete comment about supported controllers
  * cgroup: Also set blkio.bfq.weight
  * man: fix small issue in AllowedMemoryNodes description

  [ Stefan Agner ]
  * Avoid error when bind mount source already exists

  [ John Slade ]
  * hwdb.d/60-keyboard.hwdb: Fixes for Samsung 900X laptops

  [ Jiehong ]
  * feature: display status with a different shape depending on the status (#17728)

  [ corvusnix ]
  * hwdb: add Medion Akoya E2228T MD61900 (#18317)

  [ Florian Westphal ]
  * fw_add_local_dnat: remove unused function arguments
  * fw_add_masquerade: remove unused function arguments
  * firewall-util: reject NULL source or address with prefixlen 0
  * firewall-util: prepare for alternative to iptables backend
  * nspawn: pass userdata pointer, not inet_addr union
  * firewall-util: introduce context structure
  * linux: import nf_tables and nfnetlink headers from Linux 5.8
  * sd-netlink: add nfnetlink/nftables type system
  * sd-netlink: add nfnetlink helper routines
  * sd-netlink: add sd_netlink_sendv
  * sd-netlink: add a read function
  * firewall-util: add nftables backend
  * firewall-util-nft: attempt table recreation when add operation fails
  * homed: fix build without p11kit
  * firewall-util: add ipv6 support to nftables backend
  * nspawn: expose container ipv6 address too
  * networkd: extend IPMasquerade to cover ipv6
  * firewall-util-nft: clear previous address on replay
  * add ipv6 range element creation test cases

  [ moson-mo ]
  * hwdb: Add Logitech MX 518 Legendary mouse

  [ Matthias Klumpp ]
  * core: Allow to configure execute_directories execution behavior
  * Add helper for case-independent string equality checks
  * localed: Run locale-gen if available to generate missing locale
  * Configure localed to run locale-gen to generate missing locale

  [ Jonathan McDowell ]
  * hwdb: Add support for Gemini NC14 keyboard
  * hwdb: Add NEWYES 10" LCD writing tablet (#18274)

  [ Adam Nielsen ]
  * login: allow individual USB ports to be assigned to seats
  * man: clarify what network scopes are

  [ Kairui Song ]
  * pstore: don't enable crash_kexec_post_notifiers by default
  * util: rework in_initrd() to make use of path_is_temporary_fs()
  * initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs
  * initrd: do a debug log if failed to detect rootfs type
  * initrd: do a debug log if /etc/initrd-release doesn't take effect

  [ krissgjeng ]
  *  hwdb: add Linx Vision 8 rotation information (#18228)
  * hwdb: add Cube Mix Plus (i18B) rotation info

  [ Julien Humbert ]
  * Translated using Weblate (French)
  * Translated using Weblate (French)
  * Translated using Weblate (French)
  * Translated using Weblate (French)

  [ Vlad ]
  * Translated using Weblate (Romanian)
  * Translated using Weblate (Romanian)

  [ Zmicer Turok ]
  * Translated using Weblate (Belarusian)
  * Translated using Weblate (Belarusian)

  [ Felix Stupp ]
  * Added option --check-inhibitors for non-tty usage

  [ Marc-André Lureau ]
  * udev-rules: add udmabuf to kvm group
  * systemd-run: add --slice-inherit
  * network: add TUN/TAP vt-* network rule for VMs
  * shared: move in_addr_ifindex_name_from_string_auto() there
  * network: fallback on resolved resolv.conf for DHCP server settings
  * sd-dhcp-server: add sd_dhcp_server_set_callback()
  * sd-dhcp-server: notify callback on lease changed
  * networkd: start a DBus interface for the DHCP server
  * networkd: expose DHCPServer interface on links
  * sd-dhcp-client: make struct sd_dhcp_client_id reusable
  * macro.h: add sizeof_field() helper
  * sd-dhcp-client: add sd_dhcp_client_id_to_string()
  * networkctl: factor out link_get_property()
  * networkctl: print DHCP leases
  * udev: make /dev/vsock 0666
  * udev: allow kvm group to access vhost-vsock device
  * udev: allow kvm group to access vhost-net device

  [ feliperodriguesfr ]
  * hwdb: add Digibras F10-30 rotation information (#18215)

  [ Luka Kudra ]
  * network: register callback for dhcp server (#18146)

  [ Ariel Fermani ]
  * hwdb: Add HP ENVY x360 13 microphone mute key

  [ Arnaud T ]
  * Translated using Weblate (French)

  [ Zach Smith ]
  * fix typo in wakealarm message
  * fix typo in partition device message
  * systemd-sleep: replace rtc wakealarm with CLOCK_BOOTTIME_ALARM s2h
  * systemd-sleep: refactor sleep config parsing
  * systemd-sleep: (bug) honor s2h and hybrid_sleep disable settings
  * systemd-sleep: (bug) use resume_offset value if set
  * systemd-sleep: refuse to calculate swapfile offset on Btrfs
  * systemd-sleep: use swaps in priority order
  * systemd-tmpfiles: rename force to append_or_force
  * systemd-tmpfiles: allow appending content to file
  * systemd-sleep: always prefer resume device or file
  * systemd-sleep: improve /proc/swaps open fail message
  * systemd-tmpfiles: deprecate F for f+
  * systemd-tmpfiles: cleanup man page program listing
  * systemd-sleep: always attempt hibernation if configured
  * systemd-sleep: Set SYSTEMD_SLEEP_ACTION for systemd-sleep hooks.

  [ hadess ]
  * Merge pull request #14129 from jlxawk/hwdb-sensor-jumper-ezpad-go
  * Merge pull request #14628 from poettering/hwdb-asus-tp500la
  * Merge pull request #16343 from jirislaby/master
  * Merge pull request #18156 from BjoernDaase/patch-3

  [ Björn Daase ]
  * hwdb: Relax parsing script to allow 0 and 1 for all ID_* properties
  * hwdb: Force no "mouse" type on Logitech MX Keys

  [ AJ Jordan ]
  * man: clarify that coredumps are gc'd after 3 days

  [ Jan Tojnar ]
  * man: use mkswap@ instead of makeswap@
  * pkg-config: make prefix overridable again

  [ milovlad ]
  * Update 60-sensor.hwdb

  [ Darren Ng ]
  * fix typo

  [ Endre Szabo ]
  * A typo fix in bootctl.c (#18106)

  [ Sebastiaan van Stijn ]
  * Improve instructions for debugging failing service

  [ Jonathan G. Underwood ]
  * cryptsetup: add support for workqueue options

  [ Dmitry Borodaenko ]
  * typo in systemd.network(5): IPv6PrefixDelegation=dhcpv6
  * man/systemd-nspawn: document hashing machine name for uid base

  [ pali ]
  * udev: Updates for cdrom_id helper

  [ Alexander Batischev ]
  * man: Advertise systemd-time-wait-sync.service more (#17729)

  [ Devon Pringle ]
  * networkd: handle ignoring ll gateway being link ll
  * networkd: add RouteDenyList

  [ Michal Fabik ]
  * coredumpctl: Add --debugger-args= option

  [ Christian Ehrhardt ]
  * seccomp: fix multiplexed system calls
  * seccomp: ensure rules are loaded in seccomp_memory_deny_write_execute
  * seccomp: use per arch shmat_syscall
  * seccomp: mmap test results depend on kernel/libseccomp/glibc
  * test: increase qemu timeout for TEST-08 and TEST-09
  * test: use modern qemu numa arguments

  [ d032747 ]
  * busctl: add a timestamp to the output of the busctl monitor command

  [ rnhmjoj ]
  * basic/term-util: extend $SYSTEMD_COLORS
  * tree-wide: avoid direct use of color macros
  * basic/term-util: inline colors_enabled function

  [ shenyangyang4 ]
  * journalctl: don't skip the entries that have the same seqnum

  [ Gaurav ]
  * Detect special character in dbus interface name
  * Handle escape characters in interface name
  * Fix build warning.
  * Fix review comments in added debug log.

  [ Fabian Affolter ]
  * Translated using Weblate (German)

  [ Ondrej Mosnacek ]
  * resolved: create stub-resolv.conf symlink with correct security label

  [ Andrew Balmos ]
  * efi: Only use arm flags if supported

  [ Ilya Dmitrichenko ]
  * nspawn: remove outdated comment regarding bpffs

  [ dropsignal ]
  * Update 60-keyboard.hwdb

  [ Jinyuan Si ]
  * cryptsetup: Fix crypto device missing issue after bootup

  [ Greg Depoire--Ferrer ]
  * seccomp: don't install filters for archs that can't use syscalls

  [ Takashi Iwai ]
  * udev: Fix sound.target dependency

  [ l4gfcm ]
  * hwdb: add funcional keys for MSI Modern series (tested on Modern 14) (#17880)

  [ Matt Turner ]
  * missing: Define several syscall numbers for Alpha arch

  [ Felipe Borges ]
  * hwdb: Add dmi-id database
  * rules.d: Add rule for the /sys/class/dmi/id device
  * hostnamed: Expose dmi "Vendor" and "Model" fields

  [ Christopher Obbard ]
  * virt: Properly detect nested UML inside another hypervisor

  [ walbit-de ]
  * network: add Protocol= to vlan netdev (#17794)

  [ Pavel Sapezhko ]
  * man: clarify DefaultTasksMax doc
  * resolved: allow cache responses from local DNS servers
  * mkosi: make ubuntu image bootable by default

  [ Whired Planck ]
  * Translated using Weblate (Chinese (Simplified))
  * Translated using Weblate (Chinese (Simplified))

  [ nihilix-melix ]
  * Update logind-button.c

  [ Konomi ]
  * hwdb: 60-keyboard: Add Dell Inspiron 11 3168 Fn+Home/End/PageUp/PageDown key mappings

  [ Lee Whalen ]
  * add touchpad-edge-detect output for the Lenovo Thinkpad Extreme to evdev.hwdb

  [ Christoph Ruegge ]
  * pam_systemd_home: export password as PAM_AUTHTOK

  [ INSUN PYO ]
  * systemctl: show SELinuxContext=, AppArmorProfile= and SmackProcessLabel=
  * man: change true/false to yes/no for DefaultDependencies.
  * sd-device-enumerator: do not return error when a device is removed

  [ Etienne Doms ]
  * man: fix typo in systemd.service
  * ratelimit: fix integer overflow
  * curl-util: fix callback prototype

  [ vanou ]
  * man: Fix misspelling of directive and typos in systemd-coredump man page

  [ Jérémy Nouhaud ]
  * hwdb: fix size lenovo x240 touchpad (#16871)
  * hwdb: set fuzz value for lenovo x240 touchpad to improve cursor precision (#17659)

  [ Christof Efkemann ]
  * networkd: fix default value of DHCPv6Client

  [ perry_yuan ]
  * hwdb: 60-keyboard:: add Dell Privacy Micmute Hotkey

  [ onlybugreports ]
  * Add Logitech G403 Prodigy Gaming Mouse to hwdb. (#17537)

  [ fwSmit ]
  * hwdb: Add support for HP ZBook Studio G5 keyboard (#17525)

  [ Kristijan Gjoshev ]
  * timer: add new feature FixedRandomDelay=

  [ Muhammet Kara ]
  * po: Update Turkish translation

  [ Purushottam choudhary ]
  * network: selinux hook handling to enumerate nexthop

  [ Sorin Ionescu ]
  * Fix typo

  [ Yu, Li-Yu ]
  * man: flush-caches and reset-server-features are commands for resolvectl (#11877)
  * udev: escaped string syntax e"..." in rule files
  * udev: test udev_rule_parse_value()
  * udev: add fuzzer for udev_rule_parse_value
  * document udev escaped string in udev(7)

  [ Luca Weiss ]
  * Update org.freedesktop.hostname1 documentation

  [ Josh Brobst ]
  * man: correct xdg-autostart-generator path

  [ Pat Coulthard ]
  * tmpfiles: Handle filesystems without ACL support in more cases.

  [ Hans Ulrich Niedermann ]
  * test-env-util: Verify that \r is disallowed in env var values

  [ williamvds ]
  * Add strv_prepend
  * Add WRITE_STRING_FILE_TRUNCATE to set O_TRUNC
  * systemctl: show original contents when editing unit

  [ Chandradeep Dey ]
  * homed: remove PAM_USER_UNKNOWN test in pam_sm_acct_mgmt

  [ Harald Seiler ]
  * preset: don't enable proc-sys-fs-binfmt_misc.mount
  * core: treat "uninitialized" in /etc/machine-id as first boot as well
  * id128: add format which treats "uninitialized" like an empty id
  * nspawn: robustly deal with "uninitialized" machine-id
  * repart: correctly handle "uninitialized" machine-id
  * dissect-image: support "uninitialized" machine-id
  * core: keep machine-id transient until first boot completes
  * machine-id-setup: sync before committing machine-id
  * units: add first-boot-complete.target for first boot ordering
  * units: order systemd-firstboot.service before first-boot-complete.target
  * units: order systemd-random-seed.service before first-boot-complete.target
  * man: Document new machine-id and first boot behavior

  [ Pedro Ruiz ]
  * hwdb: Add accel orientation for AsusTek TP300LAB

  [ Máté Pozsgay ]
  * hwdb: mount matrix for Chuwi Hi8 (CWI509) (#17355)

  [ Bjørn Mork ]
  * units: update serial-getty@.service to support 57600 baud rate

  [ mirabilos ]
  * missing_syscall: fixup syscall numbers for x32 vs. amd64

  [ Renaud Métrich ]
  * Call getgroups() to know size of supplementary groups array to allocate
  * socket: New option 'FlushPending' (boolean) to flush socket before entering listening state
  * socket: unified documentation for Accept to use 'yes/no' everywhere
  * unit: don't emit PropertiesChanged signal if adding a dependency to a unit is a no-op

  [ Marco Wang ]
  * boot/efi: Explicitly specify void in parameter list

  [ Michal Suchanek ]
  * udev/cdrom_id: Do not open CD-rom in exclusive mode.
  * libblkid: open device in nonblock mode.
  * basic/virt: Detect PowerVM hypervisor

  [ Jan Schlüter ]
  * Add Aiptek Hyperpen 6000U to hwdb

  [ Pass Automated Testing Suite ]
  * path-lookup: Correct order of XDG_CONFIG_HOME and XDG_CONFIG_DIRS

  [ bauen1 ]
  * core: ensure that namespace tmp directories always get the correct label

  [ huangyong ]
  * Add Chinese translation

  [ mog422 ]
  * sd-dhcp6-client: Fix sending prefix delegation request (#17136)

  [ germanztz ]
  * hwdb: add Medion Akoya E2221T MD60691 (#17147)

  [ Kyle Huey ]
  * random-util: Add an environment variable to disable RDRAND.

  [ Roy Chen (陳彥廷) ]
  * man: sd_bus_message_new: fix typo

  [ Hubert Kario ]
  * Try stopping MD RAID devices in shutdown too

  [ Mitsuha_QuQ ]
  * Update 60-sensor.hwdb
  * Update 60-sensor.hwdb

  [ ErrantSpore ]
  * hwdb: Chuwi Hi12 (#17042)

  [ Milo Casagrande ]
  * Translated using Weblate (Italian)

  [ masmullin2000 ]
  * Fix compilation without libcryptsetup (#17071)

  [ Nazar Vinnichuk ]
  * man: document the random delay of persistent timers

  [ lichangze ]
  * hostnamed: map 'all-in-one' DMI chassis type to desktop

  [ Mikael Szreder ]
  * cryptsetup: Fix null pointer dereference (#16987)

  [ Robert Marko ]
  * login: Add KEY_RESTART handling

  [ Tobias Kaufmann ]
  * capability-util: add new function for raising setpcap
  * core: fix securebits setting
  * core: fix comments on ambient capabilities
  * core: fix set keep caps for ambient capabilities

  [ George Rawlinson ]
  * man: fix typo in resolved.conf

  [ Amitanand.Chikorde ]
  * udev: fix codesonar warnings
  * sd-bus: drop unnecessary free()

  [ Glen Whitney ]
  * hwdb: Add Adesso AKB-805MAC keyboard, mfd by Ortek

  [ afg ]
  * nspawn: allow Capability=all in systemd.nspawn [EXEC] section
  * firstboot: fill empty color if ansi_color unavailable from os-release
  * firstboot: don't create/modify passwd and shadow if not asked

  [ fangxiuning ]
  * userdbctl homectl use table_log_add_error()
  * table add table_log_show_error()
  * table add table_log_sort_error()
  * table use table_log_print_error() instead of table_log_show_error
  * install: fix wrong data type
  * bus: use bus_log_parse_error to print message
  * bus: use bus_log_connect_error to print error message
  * analyze-verify: drop pointless zero initialization
  * analyze: drop pointless zero initialization
  * tree-wide: drop pointless zero initialization (#16884)
  * tree-wide: drop pointless zero initialization (#16900)

  [ Fabrice Fontaine ]
  * capability: fix build without PR_CAP_AMBIENT
  * basic/tmpfile-util.c: fix build without O_TMPFILE
  * missing_if_link.h: add IFLA_BOND_MODE
  * missing_syscall.h: include errno.h
  * lockfile-util.c: fix build without F_OFD_SETLK
  * networkd-brvlan.c: fix build without BRIDGE_VLAN_INFO_RANGE_END
  * networkd-ndisc.c: fix build without IFA_F_NOPREFIXROUTE
  * networkd-address.c: fix build without IFA_F_NOPREFIXROUTE
  * networkd-dhcp6.c: fix build without IFA_F_NOPREFIXROUTE
  * src/shared/dissect-image.c: fix build without blkdid (#16901)

  [ Kyle Russell ]
  * units: add missing usb-gadget.target

  [ Ikey Doherty ]
  * partition/makefs: Include missing sys/file.h header
  * login/logind: Include sys/stat.h for struct stat usage

  [ Plan C ]
  * Add simple usage message to systemd-backlight (#16709)

  [ Njibhu ]
  * Add sensor configuration for Acer SW5-017-17BU

  [ Olivier Le Moal ]
  * shell-completion/zsh: add missing verbs for networkctl
  * add "list" verb to autocompleted commands

  [ PhoenixDiscord ]
  * Replace gendered pronouns with gender neutral ones. (#16844)

  [ Andrew Hangsleben ]
  * Added sensor configuration for One-netbook OneMix 3 Pro

  [ Alec Moskvin ]
  * rules: don't install 80-drivers.rules when kmod is disabled

  [ Jan Chren ]
  * meson: fix incomplete option descriptions
  * man: install runlevel.8 unconditionally
  * man: fix a fix of a typo in systemd.service example

  [ Clemens Gruber ]
  * network: introduce TripleSampling= option in CAN section
  * network: can: Fix CAN initialization

  [ Steve Dodd ]
  * Request seccomp logging if SYSTEMD_LOG_SECCOMP environment variable is set.

  [ brainrom ]
  * hwdb: ACCEL_MOUNT_MATRIX for Irbis TW118 (#16786)

  [ Wen Yang ]
  * test: fix some failures in test-cgroup
  * core/unit: print info when unit_add_name failed
  * mount-setup: change the system mount propagation to shared by default only at bootup
  * basic/virt: treat "pouch" as a container type (id: pouch)

  [ Nicolas Fella ]
  * Fix function description in logind man page

  [ Grant Mathews ]
  * hwdb: ACCEL_MOUNT_MATRIX quirk for Acer SP111-32*

  [ Michael Scherer ]
  * man: Use the proper option name in documentation
  * Newer Glibc use faccessat2 to implement faccessat

  [ Nicholas Narsing ]
  * hwdb: Add ACCEL_MOUNT_MATRIX quirk for Asus M80TA

  [ Matt Fenwick ]
  * fix typo in systemctl help

  [ Kamil Dudka ]
  * _sd-common.h: avoid parsing errors with Coverity

  [ Axel Rasmussen ]
  * selinux: handle getcon_raw producing a NULL pointer, despite returning 0
  * selinux: improve comment about getcon_raw semantics

  [ Elisei Roca ]
  * test-functions: read /usr/etc/nsswitch.conf if /etc/nsswitch.conf does not exist (#16195)
  * test: adapt test-functions for SUSE
  * test: adapt TEST-21-SYSUSERS for SUSE
  * test: adapt TEST-13-NSPAWN-SMOKE for SUSE

  [ Marti Raudsepp ]
  * machine: Pass machine, user, program values to polkit on OpenMachineShell

  [ Kir Kolyshkin ]
  * kernel-install/90-loaderentry: fix when /boot is not mountpoint

  [ Benjamin Dahlhoff ]
  * hwdb: rotation for Trekstor Surf Tab Twin 11.6 aka VolksTablet (#11771)
  * Added Trekstor Primetab S11B
  * Added Chuwi Hibook Pro (Model: CWI526) (#15770)
  * added alternative version of SurfTab Twin

  [ Tobias Hunger ]
  * repart: Add UUID option to config files
  * Repart: Add simple tests for Label="" and UUID=""
  * Repart: Add support for machine readably report

  [ Gaurav Singh ]
  * test-cgroup-util: Handle result=NULL as empty string

  [ szb512 ]
  * Make the instructions slightly easier to read
  * Update .clang-format
  * Update mkosi.ubuntu to 'focal'

  [ Filipe Brandenburger ]
  * lldp: add test coverage for sd_lldp_get_neighbors() with multiple neighbors
  * lldp: simplify compare_func, using ?: to chain comparisons
  * Merge pull request #11137 from poettering/bogus-id128
  * Revert "lldp: add test coverage for sd_lldp_get_neighbors() with multiple neighbors"
  * lldp: add test coverage for sd_lldp_get_neighbors() with multiple neighbors
  * docs: add a "front matter" snippet to our markdown pages
  * docs: generate index.md in Jekyll
  * README: remove Coverity Scan badge
  * time-util: Introduce parse_sec_def_infinity
  * core: add CPUQuotaPeriodSec=
  * core: downgrade CPUQuotaPeriodSec= clamping logs to debug
  * editors: Prevent ctags from following symlinks
  * readme: Minor style and spacing fix
  * log: Add missing "%" in "%m" log format strings
  * test: Disable LUKS devices from initramfs in QEMU tests
  * core: add test case for PrivateUsers=true in user manager
  * meson: add a new -Dstandalone-binaries=true option
  * meson: build standalone version of systemd-tmpfiles
  * efi: Cache contents of EFI variable SystemdOptions
  * efi: Skip parsing SystemdOptions if there's an error getting it.
  * log: introduce log_parse_environment_cli() and log_setup_cli()
  * test: Add "finish" rule to .PHONY
  * timer: Adjust calendar timers based on monotonic timer instead of realtime

  [ Martin Pitt ]
  * tests: Disable some flaky upstream tests
  * tests: Disable flaky TEST-17-UDEV-WANTS upstream test
  * process-util: Fix memory leak
  * releasing package systemd version 240-5
  * udevadm: Fix segfault with subsystem-match containing '/'
  * sd-bus: if we receive an invalid dbus message, ignore and proceeed
  * sd-bus: enforce a size limit on D-Bus object paths
  * releasing package systemd version 240-6
  * networkd-test: disable DNSSEC in domain-restricted DNS test
  * networkd-test: use a complete domain name in test_route_only_dns()
  * networkd-test: fix test_dropin()
  * systemd.postinst: Don't fail on an existing dynamic systemd-timesync user
  * Revert "systemd.postinst: Don't fail on an existing dynamic systemd-timesync user"
  * debian/libsystemd0.symbols: Add new symbol from release 241
  * Fix various bugs and races in networkd tests
  * units: re-drop ProtectHostname from systemd-hostnamed.service (#11792)
  * debian/tests/boot-smoke: Create "render" system group
  * debian/tests/unit-config: Tolerate path variations
  * networkd-test: show service journal on startup failure
  * networkd-test: specify Address= with prefix length
  * networkd-test: ignore failures of test_route_only_dns* in containers
  * debian/tests/boot-smoke: Create journal and udevdb artifacts on all failures
  * autopkgtests: Replace obsolete $ADT_* variables
  * semaphoreci: Run subset of autopkgtests in LXC (#11814)
  * networkd-test: ignore failures of test_route_only_dns* in containers
  * Bump Standards-Version to 4.3.0
  * debian/tests/boot-smoke: Save complete journal artifact on failure
  * debian/tests/boot-smoke: Only check current boot for connection timeouts
  * semaphoreci: caching and more robust creation of container image
  * timedated: Fix emitted value when ntp client is enabled/disabled
  * debian/tests/timedated: Check enabling/disabling NTP
  * debian/tests/timedated: Fix race condition
  * udev: Relax udev's dpkg dependency again
  * Revert "debian/tests/unit-config: Tolerate path variations"
  * Revert "debian/tests/boot-smoke: Create "render" system group"
  * Enable udev autopkgtest in containers
  * Enable boot-and-service autopkgtest in containers
  * boot-and-service autopkgtest: Ensure graphical.target gets booted
  * debian/extra/checkout-upstream: Support submodules
  * semaphore: switch to Debian experimental packaging branch
  * debian/extra/checkout-upstream: Support submodules
  * debian/tests/localed-locale: Fix for environments without en_US.UTF-8

  [ Mikhail Novosyolov ]
  * rpm: avoid odd symbols in EOF indicator
  * rpm: avoid hiding errors and output in *_create_package macros

  [ Clinton Roy ]
  * news corrections and improvements (#13200)
  * NEWS: grammar improvements (#16413)

  [ Filippo Falezza ]
  * Added MSI Prestige15 A10SC specific keycodes

  [ Surhud More ]
  * Add support for HP Elitebook x360 1040 G6 micmute button

  [ Florian Mayer ]
  * Explain how to determine hierarchy type from shell

  [ satmandu ]
  * hwdb: Add Google Pixel Slate (nocturne) (#16377)

  [ Tomer Shechner ]
  * fix typo

  [ Dan Callaghan ]
  * core: set private section name for automount units

  [ MaxVerevkin ]
  * hwdb: Pavilion 13 x360: Tablet mode and SYSRQ key

  [ gzjsgdsb ]
  * initialize arg_clock_usec

  [ Jiri Slaby ]
  * hwdb: Add accel orientation quirk for UMAX VisionBook 10Wi Pro

  [ Amos Bird ]
  * hwdb: adjust touchpad edge detection for X1Tab3 (#16310)

  [ Gaoyi ]
  * Add quotes for -n

  [ Jay Burger ]
  * fix_test_function_timeout
  * feature to honor first shutdown request to completion

  [ Gigadoc2 ]
  * hwdb: add another Logitech G502 Hero variant (#16256)

  [ Dave Reisner ]
  * Make default locale a compile time option
  * importd: Avoid need for fd translation table
  * Revert "job: Don't mark as redundant if deps are relevant"

  [ ignapk ]
  * man: add note regarding editing user groups

  [ Matthew Leeds ]
  * man: Fix grammar in systemd.kill.xml
  * hwdb: Fix touchpad toggle on WeiHeng P325J
  * man: Fix a typo of session

  [ Paul Cercueil ]
  * sd-boot: Work around malformed CR key code
  * sd-boot: Add small comments after device-specific key macros

  [ AndreRH ]
  * hwdb: Add accel orientation quirk for Odys Fusion Win 12 2in1

  [ Tomáš Pospíšek ]
  * Improve message for scheduled shutdown or reboot

  [ Yigal Korman ]
  * man: udevadm: mention non-zero exit code on settle

  [ Michał Bartoszkiewicz ]
  * docs: use bool in varlink interface definition

  [ Yegor Vialov ]
  * hwbd entry for  Dell Inspiron Chromebook 14 2-in-1 sensor (#16109)

  [ Jan Klötzke ]
  * service: handle abort stops with dedicated timeout
  * core: immediately trigger watchdog action on WATCHDOG=trigger
  * core: let user define start-/stop-timeout behaviour

  [ Maxim Fomin ]
  * Add 'bitlk' option to mount Bitlocker drives with cryptsetup.

  [ Niccolò Maggioni ]
  * hwdb: add HP Spectre x360's mic mute switch

  [ layderv ]
  * homed help --uid short option

  [ Christian Oder ]
  * hwdb: Add accel orientation quirk for Chuwi Hi10 X

  [ Michael Gubbels ]
  * Fix typo.

  [ laydervus ]
  * #15773 add --reboot-argument to systemctl reboot

  [ sterlinghughes ]
  * Check ambient set against bounding set prior to applying ambient set

  [ Chris Kerr ]
  * man: Fix typo in suggested permissions

  [ Daniel Fullmer ]
  * sd-boot: fix menu ordering with boot counting

  [ Dana Olson ]
  * ACCEL_MOUNT_MATRIX for additional Acer Spin model

  [ Tudor Roman ]
  * home: respect user record mount flags

  [ codicodi ]
  * Update resolvectl zsh completion

  [ Jeremy Cline ]
  * Tidy up the Fedora mkosi Package list
  * shared: treat generator units as vendor units

  [ ExtinctFire ]
  * load-fragment: fix a typo

  [ Vladyslav Tronko ]
  * journal: fix dropping first record during upload to remote journal

  [ Ankit Jain ]
  * journal-send: Fix the limitation of LINE_MAX

  [ Rubens Figueiredo ]
  * network: allow setting VLAN protocol on bridges

  [ Joel Shapiro ]
  * Fix pam_systemd_home's debug parameter to match man page description
  * Fix misuse of PAM_PROMPT_ECHO_OFF in systemd-homed

  [ Andrew Doran ]
  * DHCP client: make SendOption work for DHCPv6 too.

  [ gaurav ]
  * netlink socket correct check (#15720)

  [ Eric Anderson ]
  * socket-proxy: Support exit-on-idle

  [ Gergely Polonkai ]
  * Update the rsync command in CONVERTING_TO_HOMED

  [ Ferran Pallarès Roca ]
  * Add Zowie ZA12 details to mouse hwdb

  [ ianhi ]
  * correct evdev dimensions for T490 trackpad

  [ Diego Escalante Urrelo ]
  * hwdb: Fix brightness keys for Logitech K811

  [ Motiejus Jakštys ]
  * nspawn: mount custom paths before writing to /etc

  [ Michael Chapman ]
  * core/path: use escaped path in serialization
  * core/path: recheck path specs when triggered unit changes state

  [ Lukas Klingsbo ]
  * Add Kensington SlimBlade Trackball

  [ Emmanuel Garette ]
  * repart: fix partition maximum size segfault

  [ Kumar Kartikeya Dwivedi ]
  * test: add a test case for #15528
  * Introduce sd_notify_barrier
  * man: sd_notify() race is gone with sd_notify_barrier()

  [ Corey Hinshaw ]
  * Add SetType method to login Session interface

  [ Kenny Levinsen ]
  * core: Add optional FDPOLL=0 argument to fdstore
  * core: (De-)Serialize poll flag for fds in fdstore

  [ MadMcCrow ]
  * Fix Chromebook Caroline board accelerometer not having correct orientation

  [ nabijaczleweli ]
  * Fix generator name in hibernate-resume-generator's drop-in
  * fstab-generator: handle systemd.swap= command-line argument
  * link: Add units and fix typo in (Rx|Tx)BufferSize= manpage. Clean up the implementation slightly
  * link: Allow configuring RX mini and jumbo ring sizes, too

  [ Niklas Hambüchen ]
  * timesyncd: Improve sync log message. Fixes #11548.
  * man: Fix typo "multiplied with" -> "multiplied by"

  [ Balaji Punnuru ]
  * util: return the correct correct wd from inotify helpers

  [ Jérémy Rosen ]
  * Document /etc/initrd-release
  * allow an empty DefaultInstance= in configuration files
  * Create parent directories when creating systemd-private subdirs
  * Be more strict about what can be an Alias for template and instances
  * make-directive-index: allow pages to specify the path to search
  * make-directive-index: allow variablelist to specify an element to index
  * update-dbus-docs: automatically add variablelist for introspected items

  [ Jouke Witteveen ]
  * systemctl: hide first column with --plain instead of --no-legend

  [ Sebastian Jennen ]
  * code style format: clang-format applied to src/a*/*
  * Add .clang-format file

  [ Alin Popa ]
  * systemd: Fix busctl crash on aarch64 when setting output table format
  * systemd: Fix busctl crash on aarch64 when setting output table format
  * watchdog: reduce watchdog pings in timeout interval

  [ Ciprian Hacman ]
  * Support journal-upload HTTPS without key and certificate

  [ Jakov Smolic ]
  * Add meson build option to prevent building kernel-install
  * Add new meson configure option for controlling systemd-analyze support
  * Include new configure options in features list

  [ Arthur Moraes do Lago ]
  * Add Logitech G502 HERO to mouse hwdb

  [ Ross Lagerwall ]
  * hwdb: Add accel orientation quirk for Geoflex laptop

  [ root ]
  * login: fixup button_open() fd
  * fix manager_state

  [ Marcel Holtmann ]
  * hwdb: Update database of Bluetooth company identifiers

  [ Lénaïc Huard ]
  * udev: Fix SIGSEGV in AlternativeNamesPolicy handling

  [ Richard Petri ]
  * network: can: introduce a config parser function for bitrates
  * network: can: add support for CAN-FD related properties

  [ Piero La Terza ]
  * homectl: fix a typo

  [ 24bisquitz ]
  * Add a device to 60-sensor.hwdb

  [ Sean-StarLabs ]
  * hwdb: add Star Lite Mk II and Star LabTop Mk III (#14621)

  [ Tom ]
  * Add Lenovo IdeaPad Miix 300 ACCEL_MOUNT_MATRIX

  [ Zhu Li ]
  * Remove stale doc about PrivateNetwork and type

  [ Pieter Lexis ]
  * Add `shell` to machinectl ZSH completion

  [ pelzvieh ]
  * davfs is a network file system

  [ Arusekk ]
  * Fall back to kexec when no kexec binary exists

  [ Finn ]
  * Fix keys on Medion Akoya P6669

  [ David Wood ]
  * network: Fix split in `SendOption=` on client and server

  [ duguxy ]
  * hwdb: add support for Lenovo Legion Y9000X2020 (#15127)

  [ Alexander Malafeev ]
  * Fix volume control keys on Lenovo Yoga S940

  [ Georg Müller ]
  * sd-radv: if lifetime < SD_RADV_DEFAULT_MAX_TIMEOUT_USEC, adjust timeout (#13491)
  * journalctl: show duplicate entries if they are from the same file (#14898)
  * fix journalctl regression (#15099)

  [ Valery0xff ]
  * udev: fix SECLABEL{selinux} issue (#15064)

  [ dolphrundgren ]
  * Modified line 197 for readability. (#15071)

  [ Denis Pronin ]
  * Support compiling with clang and gnu11 standard

  [ bemarek ]
  * Typo fix

  [ gogogogi ]
  * Update Croatian translation (#15042)

  [ James T. Lee ]
  * boot: Ensure ARM UEFI binary does not contain FP/SIMD instructions

  [ Matt Ranostay ]
  * network: add CAN Termination tristate option

  [ antznin ]
  * Fix typo on initrd-root-device.target

  [ Daniel Lublin ]
  * hwdb: add corrections for Olimex Teres-I to keyboard hwdb

  [ Vladimir Yerilov ]
  * update Russian translation
  * drop unused translations

  [ Paul Menzel ]
  * man/systemd-sysusers: Fix typo in *from* to *form*
  * Update UEFI URLs (#12260)
  * NEWS: List getty@tty1.service as not being enabled anymore
  * man/systemd.link: Add missing verb *be*
  * man/systemd.unit: Add missing article to `Wants=` description
  * NEWS: Use correct tense in v245 entry

  [ Guillaume Douézan-Grard ]
  * units: disable ProtectKernelLogs for machined

  [ Nate Jones ]
  * execute: Make '+' exec prefix ignore PrivateTmp=yes

  [ Rocka ]
  * hwdb: add cube i7

  [ Lukas K ]
  * fix ACCEL_MOUNT_MATRIX for Thinkpad Yoga 11e 3rd gen

  [ Ryan Attard ]
  * ata_id: Add check for fixed format sense codes (#13654)
  * ata_id: Add support for host managed zone block devices (#14933)

  [ Mark Deneen ]
  * typo: stringy -> string

  [ Tom Hughes ]
  * Remove dnssec_canonicalize function which is no longer used
  * Canonicalise names in DNS responses per RFC4034 requirements

  [ Lynn Kirby ]
  * docs: fix HACKING.md broken links
  * Change all fuzzing links to point to OSS-Fuzz site

  [ tsia ]
  * fixed typo in systemd.netdev Documentation for L2TP

  [ Oliver Giles ]
  * makefs: strdup arguments to mkfs

  [ Chris Murphy ]
  * fix typo in object field

  [ Will Fleming ]
  * man: fix typo in systemd.unit man page

  [ splantefeve ]
  * po: update French translation
  * po: update French translation

  [ Naïm Favier ]
  * network: add SuppressPrefixLength option to RoutingPolicyRule (#14736)

  [ Wilhelm Schuster ]
  * docs: Fix example code in ROOT_STORAGE_DAEMONS

  [ mtron ]
  * fix link to JSON User Records
  * fix links to GROUP_RECORD and USER_GROUP_API
  * docs: formatting fix (#14707)

  [ Ashley Davis ]
  * fix erroneous "`" in boot loader spec

  [ sangelovic ]
  * sd-bus: fix introspection bug in signal parameter names

  [ WataruMatsuoka ]
  * Update copyright notice

  [ Emmanuel Bourg ]
  * Fixed some typos in the documentation

  [ Antonio Russo ]
  * Documentation update for x-systemd.{before,after}
  * Implemented x-systemd.{required,wanted}-by= options

  [ Sascha Dewald ]
  * pkgconf: add full generator paths

  [ Wieland Hoffmann ]
  * fstab-generator: Prevent double free of reused FILE*
  * typo: "May modify to" -> "May modify"

  [ Jun'ichi Nomura ]
  * mount: mark an existing "mounting" unit from /proc/self/mountinfo as "just_mounted"

  [ Zeyu DONG ]
  * hwdb: Entry for Lenovo Ideapad 310S-14ISK Alps Touchpad

  [ Timo Schlüßler ]
  * journalctl: Correctly handle --show-cursor in combination with --until or --since and --reverse
  * journalctl: Correctly handle combination of --reverse and --lines (fixes #1596)

  [ Dariusz Gadomski ]
  * user-util: Add helper functions for gid lists operations
  * execute: Restore call to pam_setcred
  * execute: Detect groups added by PAM and merge them with supplementary groups
  * test: Add tests for gid list ops

  [ rhn ]
  * nspawn: Correct "container" to "host" MAC setting message

  [ Thomas Schmitt ]
  * udev: don't import parent ID_FS_ data on partitions

  [ ezst036 ]
  * Support Plugable UD-PRO8 dock

  [ Daniel Shahaf ]
  * zsh: Group systemctl subcommands as in the manual. No functional change.
  * zsh: Complete more systemctl commands
  * zsh: Prepare for classifying systemctl commands (#14422)
  * zsh: Complete systemctl subcommands in separate tags

  [ Iain Lane ]
  * units: Split modprobing out into a separate service unit

  [ Mike Auty ]
  * Add multiple initrd file support to kernel-install
  * hwdb: Lenovo T490 Synaptics Touchpad hwdb entry

  [ Kai Krakow ]
  * cgroup: Also set io.bfq.weight
  * nspawn: Generate unique short veth names

  [ Rafa Couto ]
  * hwdb: 60-sensor.hwdb Chuwi Hi10 CWI515 accelerometer orientation.

  [ Fran Dieguez ]
  * Update Galician translations

  [ Greg "GothAck" Miell ]
  * Add failing test to show service.d global drop-in does not get overridden by more specific dropins
  * unit drop-in: Fix ordering of special type.d drop-ins

  [ Felipe Sateler ]
  * Backport upstream patch reverting interface renaming changes.
  * Reenable pristine-tar in gbp.conf
  * d/watch: add version mangle to transform -rc to ~rc
  * Fix comment about why we disable hwclock.service
  * udev: Backport upstream preventing mass killings when not running under systemd
  * New upstream version 241
  * Update upstream source from tag 'upstream/241'
  * Refresh patches
  * Backport upstream fix for Driver= matches in .network files
  * Release
  * Fix several typos in documentation
  * test-condition: fix group check condition

  [ Leonid Evdokimov ]
  * Fix typo

  [ cvoinf ]
  * hwdb: assume all Medion Akoya E-models have the same matrix

  [ Jan Alexander Steffens (heftig) ]
  * hwdb: Add Bluetooth-attached Logitech MX Master

  [ Bart Willems ]
  * systemctl: show what verbs support --dry-run in the help page

  [ Jin Park ]
  * Add Acer Spin 1 SP111-33 to sensor hwdb

  [ Tobias Bernard ]
  * docs: make it pretty
  * minor: avoid double title
  * Merge pull request #14333 from poettering/markdown-header-fixes

  [ Shengjing Zhu ]
  * nspawn: allow combination of private-network and network-namespace-path

  [ cheese1 ]
  * man: fix typos (#14304)

  [ AJ Bagwell ]
  * ipv4ll: do not reset conflict counter on restart

  [ Yong Cong Sin ]
  * Add Cube iWork 11 Stylus

  [ Timo Wilken ]
  * Fix typo (duplicate "or")

  [ Charles (Chas) Williams ]
  * man: document journal rate limit burst multiplier

  [ Leonid Bloch ]
  * sd-boot: Add a 0.1 second delay before key-probing for showing menu

  [ Paul Davey ]
  * udev: Ensure udev_event_spawn reads stdout

  [ Raphael ]
  * Fix DPI for MX Master 2s bluetooth mouse

  [ lothrond ]
  * Alienware M17xR3 ejectcd button fix

  [ xduugu ]
  * hwdb: Set trackball property for Logitech MX Ergo (#14231)

  [ Slava Kardakov ]
  * Fixup typo in NEWS

  [ Daniel Kahn Gillmor ]
  * resolved: fix connection failures with TLS 1.3 and GnuTLS

  [ J. Xing ]
  * hwdb: add accel sensor entry for Jumper EZpad Go

  [ Pascal de Bruijn ]
  * systemd-tmpfiles: don't install timer when service isn't installed either

  [ ksbex ]
  * hwdb: Dell venue 10 pro 5055 accel mount matrix (#14104)

  [ Spencer Michaels ]
  * boot: Make EFISTUB IDs use binaries' filenames.
  * boot: Ignore EFISTUB binaries starting with "auto-".
  * boot: Retain ".conf" suffix for loader config IDs.
  * boot: Improve EFISTUB name and version detection.
  * boot: Update bootspec.c to match previous changes.
  * boot: Deduplicate old-style loader entries.

  [ Serge ]
  * sd-dhcp-client: anonymize DHCPDISCOVER (fixes #13992)

  [ Tom Fitzhenry ]
  * Error, rather than warn, if failing to start DHCP server

  [ Cyprien Laplace ]
  * basic: add vmware hypervisor detection from device-tree

  [ Tommy J ]
  * PrefixDelegationHint-section: typo

  [ Alcaro ]
  * doc: Fix missing parenthesis

  [ Lorenz Bauer ]
  * journal: refresh cached credentials of stdout streams

  [ Sebastian Wick ]
  * hwdb: add XKB_FIXED_MODEL to the keyboard hwdb

  [ Jan Kundrát ]
  * journalctl: allow running vacuum on remote journals, too

  [ Justin Trudell ]
  * nspawn: respect quiet on capabilities warning

  [ Christian Rebischke ]
  * add systemd logo to README.md
  * add other worthy news

  [ Iwan Timmer ]
  * Revert "resolved: Fix incorrect use of OpenSSL BUF_MEM"
  * resolved: make no changes to OpenSSL BUF_MEM struct
  * resolved: move TLS data shared by all servers to manager
  * resolved: add missing error code check when initializing DNS-over-TLS
  * resolved: don't require check when importing resolved-dnstls.h
  * resolved: add strict mode for DNS-over-TLS
  * resolved: support TLS 1.3 when using GnuTLS for DNS-over-TLS
  * resolved: require at least version 3.6.0 of GnuTLS for DNS-over-TLS
  * resolved: check for IP in certificate when using DoT with GnuTLS

  [ Michael Tretter ]
  * boot-loader-spec: add devicetree-overlay key

  [ David Pedersen ]
  * network-generator: Add missing help for --root

  [ pan93412 ]
  * tran: update Chinese (Traditional) translation to the latest. (#12662)
  * l10n(zh_TW): update translations

  [ 1848 ]
  * Added support for xfrm interfaces
  * Fixed condition checked twice
  * network: Added neighbor lladdr support for IPv6
  * Set key (IFLA_GRE_IKEY,IFLA_GRE_OKEY) on ip6gre interfaces.
  * Added ip6gre example to man

  [ Thibault Nélis ]
  * journal: Consistently capitalize printed header entries

  [ Marko Myllynen ]
  * Remove unprintable non-ASCII char from special glyph ASCII fallback table

  [ Peter Wu ]
  * resolved: fix connection failures with TLS 1.3 and GnuTLS

  [ Daniel ]
  * Add Schneider SCT101CTM to sensor hwdb

  [ Benjamin Bouvier ]
  * systemd-fsck: fix systemd-fsck/fsck pipe bad closure

  [ Aaron Plattner ]
  * core: Fix return argument check for parse_emergency_action
  * core: Fix -EOPNOTSUPP emergency action error string
  * coredump: Include module offsets in stack traces

  [ Claudio Zumbo ]
  * Allow restart for oneshot units

  [ RoadrunnerWMC ]
  * Add Acer Switch SW312-31 to sensor hwdb

  [ Tim Teichmann ]
  * Add missing license file and information for tools/chromeos/gen_autosuspend_rules.py (#13729)
  * trivial: rename chromeos to chromiumos

  [ crashfistfight ]
  * added working volume buttons for medion erazer...

  [ Mark Stosberg ]
  * man: document updated newline support

  [ Léonard Gérard ]
  * Update sd_journal_print.xml

  [ Nicolas Douma ]
  * nspawn: surrender controlling terminal to PID2 when using the PID1 stub

  [ Jonas Thelemann ]
  * hwdb: Correct WWWW Pattern In Documentation Comment

  [ Jay Strict ]
  * cryptsetup: bump minimum libcryptsetup version to v2.0.1

  [ Kenneth D'souza ]
  * Consider smb3 as remote filesystem

  [ ClydeByrdIII ]
  * Update service result table

  [ Siddharth Chandrasekara ]
  * dhcp4: make IPServiceType configurable

  [ cbzxt ]
  * Updated log message when the timesync happens for the first time (#13624)

  [ Daniel Stuart ]
  * rules: Allow quirks for platform IIO accelerometers
  * hwdb: Add Chromebook accelerometer orientation quirk

  [ ypf791 ]
  * core: coldplug possible nop_job

  [ Maciej Stanczew ]
  * core: Fix setting StatusUnitFormat from config files

  [ Donald A. Cupp Jr ]
  * Update m4 for selective utmp support.

  [ matthiasroos ]
  * hwdb: add Medion Akoya E2292 (#13498)

  [ Benjamin Gilbert ]
  * mount-setup: relabel items mentioned directly in relabel-extra.d

  [ baybal ]
  * hwdb: axis override for Dell 9360 touchpad

  [ Fabian Henneke ]
  * udev: Add id program and rule for FIDO security tokens

  [ Daniel Edgecumbe ]
  * journal: Make the output of --update-catalog deterministic

  [ nikolas ]
  * Fix typo in comment: overide -> override
  * pstore: fix typo in error message - directoy -> directory
  * docs: fix typo in boot loader doc

  [ Your Name ]
  * logind: fix property emission on Sessions

  [ Jan-Michael Brummer ]
  * hwdb: Add HP Elitebook 850 G3 laptop accelerometer location quirk

  [ Michael Prokop ]
  * docs: fix typos and duplicate words
  * README.Debian: document KillUserProcesses behavior in Debian

  [ Jan Losinski ]
  * basic/virt: Fix current virtualbox detection

  [ VD-Lycos ]
  * Add accel mount matrix for Medion Akoya E2293

  [ Albrecht Lohofener ]
  * Add Chuwi Hi10 to 60-sensor.hwdb (#13351)

  [ Theo Ouzhinski ]
  * man/shutdown: Fix grammar
  * man/systemd-veritysetup-generator: Fix grammar
  * man: add missing comma

  [ Mr-Foo ]
  * trivial spelling fixes (#13339)

  [ EtherGraf ]
  * hwdb: acceleration mount matrix for a Medion Akoya E3221 (#13310)

  [ Mattias Jernberg ]
  * core: Avoid race when starting dbus services

  [ Daniel Black ]
  * service: make killmode=cgroup|mixed, SendSIGKILL=no services singletons
  * test: ppc64* qemu is qemu-system-ppc64

  [ Francesco Pennica ]
  * hwdb: Fix airplane mode spam on HP Spectre x360 Convertible

  [ William Wold ]
  * hwdb: Add axis overrides for HP Envy x360 (#13304)

  [ frederik ]
  * man: add example for IPv6 Prefix Delegation

  [ Johannes Christ ]
  * Fix typo in `analyze-security.c`.

  [ Simon Schricker ]
  * man: mention garbage collection of failed conditions
  * docs: fix typo

  [ Thiebaud Weksteen ]
  * logind: notify dbus of changes to session State

  [ Network Silence ]
  * Update Touchpad for g6

  [ Shreyas Behera ]
  * Add IFLA_BR_MCAST_IGMP_VERSION

  [ Christian Kellner ]
  * hwdb: add HHKB Pro JP keyboard lack of LEDs

  [ Mert Dirik ]
  * 40-systemd: Don't fail if SysV init script uses set -u and $1 is unset

  [ Jorge Niedbalski ]
  * resolved: switch cache option to a tri-state option (systemd#5552).

  [ shinygold ]
  * cryptsetup: add documentation for keyfile-timeout
  * cryptsetup: add keyfile-timeout to allow a keydev timeout and allow to fallback to a password if it fails.

  [ Jakob Unterwurzacher ]
  * mount-util: bind_remount: avoid calling statvfs

  [ Alan Jenkins ]
  * systemctl: do not suggest passing --all if the user passed --state=

  [ Boucman ]
  * Update NEWS

  [ Michael Zhivich ]
  * man: offline-updates: make dependence on system-update.target explicit

  [ Johannes Schmitz ]
  * po: Fix typo in German translation

  [ Connor Reeder ]
  * Added ACCEL_MOUNT_MATRIX for Asus Q551LN in hwdb/60-sensor.hwdb

  [ Michael Stapelberg ]
  * cryptsetup: comment: crypt_setup → crypt_format

  [ camoz ]
  * systemd-nspawn(1): update example section

  [ Kai Lüke ]
  * bpf-firewall: custom BPF programs through IP(Ingress|Egress)FilterPath=

  [ Peter A. Bigot ]
  * units: add time-set.target
  * man: fix reference to sd_bus_add_fallback_vtable
  * man: fix references to VTABLE property flags

  [ Donald Buczek ]
  * cgroup: Continue unit reset if cgroup is busy

  [ Markus Felten ]
  * fix(journal-gatewayd): use relative urls (not starting with '/')

  [ Jan Pokorný ]
  * docs: CGROUP_DELEGATION: fix a typo in "that"

  [ Jeka Pats ]
  * Continuous Fuzzing Integration with Fuzzit

  [ Tomas Mraz ]
  * resolved: Fix incorrect use of OpenSSL BUF_MEM

  [ Jonathan Rouleau ]
  * hibernate-resume: fix resume device timeout
  * hibernate-resume: add resumeflags= kernel option

  [ Joe Richey ]
  * sd-boot: Remove unnecessary call to GetEventLog

  [ Krayushkin Konstantin ]
  * coredump: fixed bug - some coredump temp files could be lost

  [ Roberto Santalla ]
  * cryptsetup: Add dependency for detached header

  [ Feldwor ]
  * hwdb: add axis range corrections for the Asus N53SV

  [ Franz Pletz ]
  * man: add vrf section

  [ Milan Broz ]
  * cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails.
  * cryptsetup: call crypt_load() for LUKS only once
  * cryptsetup: Add LUKS2 token support.

  [ Douglas Christman ]
  * zsh-completion: fix completion for systemd-inhibit --what

  [ Oliver Harley ]
  * --bind-device does not take a bool

  [ Jack ]
  * hwdb: Add support for Linx 12V64 (#12665)

  [ ven ]
  * bus_open leak sd_event_source when udevadm trigger。

  [ Zhang Xianwei ]
  * udev/scsi_id: fix incorrect page length when get device identification VPD page

  [ Joe Lin ]
  * meson-vcs-tag: enhance version info generation

  [ Kashyap Chamarthy ]
  * man: systemd-nspawn: Update syntax to launch an image

  [ Luís Ferreira ]
  * hwdb: Add accelerometer orientation quirk for the Teclast F6 Pro
  * hwdb: add ACCEL_LOCATION to the allowed properties
  * hwdb: add ACCEL_LOCATION property to parse_hwdb.py
  * hwdb: add base sensor and ACCEL_LOCATION property for Teclast F6 Pro device sensors
  * hwdb: update ACCEL_LOCATION property to use Or instead of QuotedString

  [ Andrej Valek ]
  * fs-util.h: add missing sys/stat include

  [ Adrian Bunk ]
  * src/udev/udev-event.c must #include <sys/wait.h>
  * Replace the legacy ULONG_LONG_MAX with the C99 ULLONG_MAX

  [ Thadeu Lima de Souza Cascardo ]
  * ask-password: prevent buffer overrow when reading from keyring

  [ pEJipE ]
  * hwdb: update the Chuwi HI13 pattern (#12469)

  [ mpe85 ]
  * hwdb: add Medion Akoya E3222 MD62450 to 60-sensor.hwdb (#12485)

  [ Chris Chiu ]
  * Revert "hwdb: Apply Acer mappings to all Gateway and Packard Bell models"
  * hwdb: Align airplane mode toggle key mapping for all Acer series

  [ Aaron Barany ]
  * alloc-util: don't use malloc_usable_size() to determine allocated size

  [ Ben Boeckel ]
  * nspawn-expose-ports: fix a typo in error message
  * codespell: fix spelling errors

  [ Dave Ross ]
  * hwdb: add axis range corrections for the Dell Latitude e7250

  [ Jiri Pirko ]
  * udev: net_id: introduce predictable names for netdevsim

  [ David Art ]
  * hwdb: Add Medion Akoya E3216 MD60900 (#12323)

  [ Florian Dollinger ]
  * Document (final) assignment on the RUN (#12310)
  * Check for final assignments in RUN keys (#12309)

  [ Dominick Grift ]
  * nspawn: Fix volatile SELinux label

  [ Sebastian Krzyszkowiak ]
  * hwdb: mark Apple Magic Trackpads as external

  [ welaq ]
  * l10n: Updated Lithuanian translation

  [ Jonas DOREL ]
  * man: correct units path usage according to FHS (#11388)

  [ Jussi Pakkanen ]
  * meson: drop misplaced -Wl,--undefined argument

  [ Chris Morin ]
  * CODING_STYLE: fix grammar mistake
  * journal-file: handle SIGBUS on offlining thread
  * journal-remote: use source's boot-id

  [ Jörg Sommer ]
  * journalctl: New option --cursor-file
  * Better C code formatting of arguments in Emacs
  * completion/zsh/journalctl: Add --no-hostname

  [ Vesa Jääskeläinen ]
  * Fix compilation without EFI being enabled
  * systemctl: restore "systemctl reboot ARG" functionality
  * logind: relocate function return_test_polkit()
  * logind: Add support for RebootParameter

  [ dana ]
  * zsh completion: Prevent functions from clobbering each other, &c.
  * journalctl: support `-b all` to negate effect of -b

  [ Hugo Kindel ]
  * systemd-cgls: typo error in help command

  [ Claudius Ellsel ]
  * Fixed small typo in 70-mouse.hwdb
  * Unchain not related mice in 70-mouse.hwdb
  * Add another entry for MX Master to 70-mouse.hwdb (#11633)
  * Change Razer Abyssus DPI in 70-mouse.hwdb (#12029)

  [ AndreyYashkin ]
  * Update 60-sensor.hwdb for Acer Acer One 10 S1002

  [ Van Laser ]
  * Add accelerometer orientation quirk for the MYRIA MY8307 2-in-1.

  [ Tobias Jungel ]
  * networkd: Add bridge port capabilities

  [ Adam Jackson ]
  * login: mark nomodeset fb devices as master-of-seat

  [ Sylvain Plantefève ]
  * po: update French translation

  [ StKob ]
  * Added support for touchpad hotkey for Lenovo Y50-70 (#11937)

  [ Robin Elvedi ]
  * fix a typo in the man page for dhcpserver

  [ Stephane Chazelas ]
  * remove "." path components from required mount paths

  [ roadrunner2 ]
  * hwdb: add touchpad resolutions for 2015-2017 MacBook(Pro)'s. (#11874)

  [ Mike Lothian ]
  * login: HyperV requires master-of-seat to be set

  [ Ben Iofel ]
  * xbootldr: multiple spaces between keys and values (#11872)

  [ Christopher Wong ]
  * Use new time zone list

  [ Giacinto Cifelli ]
  * sd-bus: add methods and signals parameter names. Fixes: #1564

  [ Ryan Gonzalez ]
  * stat-util: Add dir_is_empty_at
  * copy: Add a COPY_MERGE_EMPTY flag to merge only if the target is empty
  * tmpfiles: Make C still copy if the destination directory is empty
  * test: Add tests for tmpfiles C behavior
  * cryptsetup: Treat key file errors as a failed password attempt

  [ Chris ]
  * Fix manpage typo: abrubtly

  [ Roman Kulikov ]
  * logind: udev rule for Parallels video adapter

  [ Taro Yamada ]
  * Fixes #11128
  * Revert "Fixes #11128"
  * Add a warning about the difference in permissions between existing directories and unit settings.
  * test: (ArchLinux) Replace initramfs-linux.img with initramfs-linux-fallback.img.
  * core: delay persistent timers by "RandomizedDelaySec=" at boot.
  * mkosi: (Archlinux) increase the size of root partition.

  [ emersion ]
  * libsystemd: check if _POSIX_C_SOURCE is defined

  [ Szabolcs Fruhwald ]
  * cgtop: Fix processing of controllers other than CPU

  [ Michael Niewöhner ]
  * Revert "Set secure_boot flag in Kernel Zero-Page (#7482)"
  * Make systemd-boot compliant with the Linux Boot / EFI Handover Protocol

  [ unixsysadmin ]
  * Fix typo - "do note use guessable names"

  [ Adam Borowski ]
  * Make libpam-systemd Provide: logind, default-logind

  [ Andrzej Pietrasiewicz ]
  * units: add usb-gadget target

  [ Jonathon Kowalski ]
  * Change job mode of manager triggered restarts to JOB_REPLACE
  * Return -EAGAIN instead of -EALREADY from unit_reload
  * Enable some more debug logging for transaction building
  * Fail RequisiteOf units with oneshots

  [ Ignat Korchagin ]
  * resolved: use Cloudflare public DNS server as a default fallback alongside Google one

  [ Alberts Muktupāvels ]
  * core: when we uninstall a job, add unit to dbus queue

  [ Stephan E ]
  * Update mount.c

  [ Stephan Gerhold ]
  * hwdb: Add accelerometer mount matrix for ASUS MeMO Pad 7 (ME176C)

  [ YiFei Zhu ]
  * boot/efi: use a wildcard section copy for final EFI generation

  [ NeilBrown ]
  * core/mount: minimize impact on mount storm.
  * mount: disable mount-storm protection while mount unit is starting.
  * automount: don't pass non-blocking pipe to kernel.

  [ govwin ]
  * Add Lenovo Yoga 500-14IBD, 80N4 GlidePoint Touchpad (#11606)

  [ Ronnie P. Thomas ]
  * Fixed minor typo in man/tmpfiles.d.xml

  [ Marc-Antoine Perennou ]
  * kernel-install: fix dracut initrd detection (240 backward compatibility) (#11570)

  [ zsergeant77 ]
  * Update 60-sensor.hwdb

  [ Jonathan Roemer ]
  * Add missing dash to --all option in the timedatectl man page

  [ Chris Lamb ]
  * hwdb: Add support for Purism Librem 13 V4 keyboards
  * Correct more spelling errors.

  [ Ayman Bagabas ]
  * hwdb: Add Huawei section and remap keys (#11406)
  * hwdb: fix duplicate events on Huawei MACH-WX9

  [ Louis Taylor ]
  * util-lib: follow shell syntax for escape in quotes
  * tree-wide: use '"' instead of '\"'
  * mkosi: add qrencode to arch package list
  * NEWS: add section about backslashes in EnvironmentFile
  * meson: make version a dependency and use it in libbasic

  [ dcanuhe ]
  * add hwdb rule for Bangho touchpad (#11475)

  [ bl33pbl0p ]
  * Log the job being merged
  * Add note about transactions being genereated independently of a unit's state.

  [ Daniel Axtens ]
  * Move link_check_ready() to later in the file
  * Install routes after addresses are ready
  * tests: Add test for IPv6 source routing

  [ Mikhail Kasimov ]
  * Update systemd-system.conf.xml
  * Update uk.po

  [ marvelousblack ]
  * Add Teclast X80 PLUS (H5C5) accel mount matrix

  [ Michael Sloan ]
  * cat: add --stderr-priority option

  [ YunQiang Su ]
  * Pass separate dev_t var to device_path_parse_major_minor

  [ Alex Mayer ]
  * Docs: Add Missing Space Between Words

  [ Burt P ]
  * hwdb/sdio.ids: add BCM43438 + minor rewording of class name

  [ Paul Seyfert ]
  * zsh/coredumpctl: complete argument for --debugger=
  * zsh/coredumpctl: offer --directory option
  * zsh/coredumpctl: offer --quiet
  * zsh/coredumpctl: don't print warnings from completion function

  [ ikelos ]
  * Improve kernel-install support for initrd files. (#11281)

  [ Jani Uusitalo ]
  * Replace 'older then' with 'older than'

  [ rogerjames99 ]
  * Do not start server if it is already runnning (#11245)

  [ Patrick Williams ]
  * core: support %j in unit dependency resolution

  [ Dmitry Torokhov ]
  * sd-device: ignore bind/unbind events for now

  [ Jeremy Su ]
  * hwdb: Add support for HP ProBook 645 wifi and slash key (#11207)

  [ Alexey Bogdanenko ]
  * udev-test: add message to show why test-udev failed
  * udev-test: check if permitted to create block device nodes
  * mkosi: update libqrencode in Debian config
  * core: fix KeyringMode for user services

  [ Tore Anderson ]
  * resolve: enable EDNS0 towards the 127.0.0.53 stub resolver

  [ lbernstone ]
  * hwdb: add accelerometer orientation quirk for the Teclast F5 (#11005)

  [ Bruce Zhang ]
  * add device hwdb for IdeaPad Miix510-12ISK

  [ tibbling ]
  * timedated: Add dbus method to retrieve list of time zones (#11114)

  [ LennartPoettering ]
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *

  [ TanuKaskinen ]
  * fix typo

  [ ColinGuthrie ]
  * Document the net.ifnames kernel command line.
  * Deal with 80-net-setup-link.rules introduced in 209.

  [ Joe Rayhawk ]
  * moin2mdwn: convert page docs/PredictableNetworkInterfaceNames

  [ 127.0.0.1 ]
  * typo fix

 -- Bardia Moshiri <bardia@furilabs.com>  Sat, 17 Jan 2026 20:41:12 -0500
