From 6751c559c701217b2a9904e629cdadd4362262f2 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Fri, 18 Jul 2014 18:02:10 -0700
Subject: [PATCH] systemd: slurp bugfixes in from master

This pulls in all patches marked with a Backport note as well as a some
assorted networkd fixes. May this release be a little less crashy...
---
 ...-don-t-return-uninitialized-variable.patch |  26 ++++
 ...le-setup-run-setfont-before-loadkeys.patch |  94 ++++++++++++
 ...le-setup-fix-inverted-error-messages.patch |  37 +++++
 ...ignore-errors-due-to-missing-MAC-ad.patch} |   4 +-
 ...F-a-control-chracter-which-it-is-DE.patch} |   5 +-
 ...archs-to-ConditionArchitecture-descr.patch |  48 ++++++
 ...-are-no-longer-detected-by-Condition.patch |  25 ++++
 ...c-terminate-string-array-elements-wi.patch |  38 +++++
 ...ces-to-the-priviliged-command-line-o.patch |  52 +++++++
 ...add-comma-when-removed-option-is-in-.patch |  28 ++++
 ...mat-attribute-and-fix-a-wrong-caller.patch |  45 ++++++
 ...ed-fix-format-string-for-usec_t-type.patch |  25 ++++
 ...switching-to-unused-VTs-via-SwitchTo.patch |  37 +++++
 ...sual-alignment-for-lines-prefixed-wi.patch |  26 ++++
 ...n-t-wait-for-new-data-from-the-senso.patch |  75 ++++++++++
 ...llow-user-names-longer-than-UT_NAMES.patch |  54 +++++++
 ...-include-PolicyKit-files-as-part-of-.patch |  34 +++++
 ...-distribute-generated-emergency.serv.patch |  29 ++++
 ...ysusers.d-correct-default-user-shell.patch |  27 ++++
 ...20-rules-consistently-use-instead-of.patch |  69 +++++++++
 ...ss-resync-at-system-time-change-when.patch |  33 ++++
 ...isten-to-clock-changes-when-connecte.patch |  47 ++++++
 ...fix-oneshot-service-resource-control.patch |  28 ++++
 ...-allow-files-with-no-data-whatsoever.patch |  33 ++++
 ...ty-.service-use-the-default-RestartS.patch |  34 +++++
 ...rly-track-addresses-when-first-added.patch | 104 +++++++++++++
 ...lear-dhcpv6-lease-timers-if-there-s-.patch |  29 ++++
 ...section-DHCP-in-systemd.network-file.patch |  25 ++++
 ...cp-network-add-check-for-DHCP.chaddr.patch | 106 +++++++++++++
 ...030-networkd-netdev-add-missing-refs.patch |  69 +++++++++
 ...5-0031-networkd-link-fix-memory-leak.patch |  28 ++++
 ...lient-make-request-broadcasts-opt-in.patch | 141 ++++++++++++++++++
 ...md-215-r5.ebuild => systemd-215-r6.ebuild} |  11 +-
 33 files changed, 1453 insertions(+), 13 deletions(-)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0001-machine-don-t-return-uninitialized-variable.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0002-vconsole-setup-run-setfont-before-loadkeys.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0003-vconsole-setup-fix-inverted-error-messages.patch
 rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/{215-0001-udev-link_config-ignore-errors-due-to-missing-MAC-ad.patch => 215-0004-udev-link_config-ignore-errors-due-to-missing-MAC-ad.patch} (92%)
 rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/{215-0002-util-consider-0x7F-a-control-chracter-which-it-is-DE.patch => 215-0005-util-consider-0x7F-a-control-chracter-which-it-is-DE.patch} (90%)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0006-man-add-missing-archs-to-ConditionArchitecture-descr.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0007-man-chroot-jails-are-no-longer-detected-by-Condition.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0008-base-filesystem.c-terminate-string-array-elements-wi.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0009-man-drop-references-to-the-priviliged-command-line-o.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0010-fstab-generator-add-comma-when-removed-option-is-in-.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0011-dropin-add-format-attribute-and-fix-a-wrong-caller.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0012-shared-fix-format-string-for-usec_t-type.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0013-logind-allow-switching-to-unused-VTs-via-SwitchTo.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0014-systemctl-fix-visual-alignment-for-lines-prefixed-wi.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0015-accelerometer-Don-t-wait-for-new-data-from-the-senso.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0016-sysusers-don-t-allow-user-names-longer-than-UT_NAMES.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0017-Revert-build-sys-include-PolicyKit-files-as-part-of-.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0018-build-sys-Do-not-distribute-generated-emergency.serv.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0019-man-sysusers.d-correct-default-user-shell.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0020-rules-consistently-use-instead-of.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0021-timesyncd-suppress-resync-at-system-time-change-when.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0022-timesyncd-only-listen-to-clock-changes-when-connecte.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0023-core-fix-oneshot-service-resource-control.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0024-journal-allow-files-with-no-data-whatsoever.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0025-units-serial-getty-.service-use-the-default-RestartS.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0026-networkd-properly-track-addresses-when-first-added.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0027-networkd-don-t-clear-dhcpv6-lease-timers-if-there-s-.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0028-networkd-accept-section-DHCP-in-systemd.network-file.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0029-dhcp-network-add-check-for-DHCP.chaddr.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0030-networkd-netdev-add-missing-refs.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0031-networkd-link-fix-memory-leak.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0032-sd-dhcp-client-make-request-broadcasts-opt-in.patch
 rename sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/{systemd-215-r5.ebuild => systemd-215-r6.ebuild} (96%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0001-machine-don-t-return-uninitialized-variable.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0001-machine-don-t-return-uninitialized-variable.patch
new file mode 100644
index 0000000000..d7b2481f95
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0001-machine-don-t-return-uninitialized-variable.patch
@@ -0,0 +1,26 @@
+From d26956e27de9ec6d7bfd22da985136ae22930eaf Mon Sep 17 00:00:00 2001
+From: Tom Gundersen <teg@jklm.no>
+Date: Sun, 6 Jul 2014 14:12:28 +0200
+Subject: [PATCH 01/32] machine: don't return uninitialized variable
+
+Repotred by Ronny Chevalier
+---
+ src/machine/machine.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/machine/machine.c b/src/machine/machine.c
+index c0fa1b2..cf38e3f 100644
+--- a/src/machine/machine.c
++++ b/src/machine/machine.c
+@@ -371,7 +371,7 @@ static int machine_stop_scope(Machine *m) {
+         free(m->scope_job);
+         m->scope_job = job;
+ 
+-        return r;
++        return 0;
+ }
+ 
+ int machine_stop(Machine *m) {
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0002-vconsole-setup-run-setfont-before-loadkeys.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0002-vconsole-setup-run-setfont-before-loadkeys.patch
new file mode 100644
index 0000000000..57ba7c5f9c
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0002-vconsole-setup-run-setfont-before-loadkeys.patch
@@ -0,0 +1,94 @@
+From 79c9e82026d0c2e9466a5b2bc81ee7a3d16b1ade Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 1 Jul 2014 22:20:11 -0400
+Subject: [PATCH 02/32] vconsole-setup: run setfont before loadkeys
+
+https://bugs.freedesktop.org/show_bug.cgi?id=80685
+---
+ src/vconsole/vconsole-setup.c | 48 +++++++++++++++++++++----------------------
+ 1 file changed, 23 insertions(+), 25 deletions(-)
+
+diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
+index e0c4050..25d15af 100644
+--- a/src/vconsole/vconsole-setup.c
++++ b/src/vconsole/vconsole-setup.c
+@@ -238,12 +238,10 @@ static void font_copy_to_all_vcs(int fd) {
+ 
+ int main(int argc, char **argv) {
+         const char *vc;
+-        char *vc_keymap = NULL;
+-        char *vc_keymap_toggle = NULL;
+-        char *vc_font = NULL;
+-        char *vc_font_map = NULL;
+-        char *vc_font_unimap = NULL;
+-        int fd = -1;
++        _cleanup_free_ char
++                *vc_keymap = NULL, *vc_keymap_toggle = NULL,
++                *vc_font = NULL, *vc_font_map = NULL, *vc_font_unimap = NULL;
++        _cleanup_close_ int fd = -1;
+         bool utf8;
+         pid_t font_pid = 0, keymap_pid = 0;
+         bool font_copy = false;
+@@ -265,12 +263,12 @@ int main(int argc, char **argv) {
+         fd = open_terminal(vc, O_RDWR|O_CLOEXEC);
+         if (fd < 0) {
+                 log_error("Failed to open %s: %m", vc);
+-                goto finish;
++                return EXIT_FAILURE;
+         }
+ 
+         if (!is_vconsole(fd)) {
+                 log_error("Device %s is not a virtual console.", vc);
+-                goto finish;
++                return EXIT_FAILURE;
+         }
+ 
+         utf8 = is_locale_utf8();
+@@ -305,27 +303,27 @@ int main(int argc, char **argv) {
+         else
+                 disable_utf8(fd);
+ 
+-        r = EXIT_FAILURE;
+-        if (keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid) >= 0 &&
+-            font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid) >= 0)
+-                r = EXIT_SUCCESS;
+-
+-finish:
+-        if (keymap_pid > 0)
+-                wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid);
++        r = font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid);
++        if (r < 0) {
++                log_error("Failed to start " KBD_LOADKEYS ": %s", strerror(-r));
++                return EXIT_FAILURE;
++        }
+ 
+-        if (font_pid > 0) {
++        if (font_pid > 0)
+                 wait_for_terminate_and_warn(KBD_SETFONT, font_pid);
+-                if (font_copy)
+-                        font_copy_to_all_vcs(fd);
++
++        r = keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid);
++        if (r < 0) {
++                log_error("Failed to start " KBD_SETFONT ": %s", strerror(-r));
++                return EXIT_FAILURE;
+         }
+ 
+-        free(vc_keymap);
+-        free(vc_font);
+-        free(vc_font_map);
+-        free(vc_font_unimap);
++        if (keymap_pid > 0)
++                wait_for_terminate_and_warn(KBD_LOADKEYS, keymap_pid);
+ 
+-        safe_close(fd);
++        /* Only copy the font when we started setfont successfully */
++        if (font_copy && font_pid > 0)
++                font_copy_to_all_vcs(fd);
+ 
+-        return r;
++        return EXIT_SUCCESS;
+ }
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0003-vconsole-setup-fix-inverted-error-messages.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0003-vconsole-setup-fix-inverted-error-messages.patch
new file mode 100644
index 0000000000..64c6b4dcf0
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0003-vconsole-setup-fix-inverted-error-messages.patch
@@ -0,0 +1,37 @@
+From b44c15f77e59d40d5bdf5608bf8d76cc2375ac6e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 7 Jul 2014 08:55:30 -0400
+Subject: [PATCH 03/32] vconsole-setup: fix inverted error messages
+
+Introduced in abee28c56d.
+
+Pointed-out-by: Werner Fink <werner@suse.de>
+---
+ src/vconsole/vconsole-setup.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
+index 25d15af..645b1e6 100644
+--- a/src/vconsole/vconsole-setup.c
++++ b/src/vconsole/vconsole-setup.c
+@@ -305,7 +305,7 @@ int main(int argc, char **argv) {
+ 
+         r = font_load(vc, vc_font, vc_font_map, vc_font_unimap, &font_pid);
+         if (r < 0) {
+-                log_error("Failed to start " KBD_LOADKEYS ": %s", strerror(-r));
++                log_error("Failed to start " KBD_SETFONT ": %s", strerror(-r));
+                 return EXIT_FAILURE;
+         }
+ 
+@@ -314,7 +314,7 @@ int main(int argc, char **argv) {
+ 
+         r = keymap_load(vc, vc_keymap, vc_keymap_toggle, utf8, &keymap_pid);
+         if (r < 0) {
+-                log_error("Failed to start " KBD_SETFONT ": %s", strerror(-r));
++                log_error("Failed to start " KBD_LOADKEYS ": %s", strerror(-r));
+                 return EXIT_FAILURE;
+         }
+ 
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0001-udev-link_config-ignore-errors-due-to-missing-MAC-ad.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0004-udev-link_config-ignore-errors-due-to-missing-MAC-ad.patch
similarity index 92%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0001-udev-link_config-ignore-errors-due-to-missing-MAC-ad.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0004-udev-link_config-ignore-errors-due-to-missing-MAC-ad.patch
index 57fcc5e17a..95facdc75c 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0001-udev-link_config-ignore-errors-due-to-missing-MAC-ad.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0004-udev-link_config-ignore-errors-due-to-missing-MAC-ad.patch
@@ -1,7 +1,7 @@
-From e61b751158571ced56447b02f1855d6c5c79e213 Mon Sep 17 00:00:00 2001
+From 36749d890949896f3105fc852cfb5b8c2f22af3e Mon Sep 17 00:00:00 2001
 From: Tom Gundersen <teg@jklm.no>
 Date: Mon, 7 Jul 2014 14:50:16 +0200
-Subject: [PATCH 1/2] udev: link_config - ignore errors due to missing MAC
+Subject: [PATCH 04/32] udev: link_config - ignore errors due to missing MAC
  address
 
 Otherwis, we get misleading error messages on links with MACs.
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0002-util-consider-0x7F-a-control-chracter-which-it-is-DE.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0005-util-consider-0x7F-a-control-chracter-which-it-is-DE.patch
similarity index 90%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0002-util-consider-0x7F-a-control-chracter-which-it-is-DE.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0005-util-consider-0x7F-a-control-chracter-which-it-is-DE.patch
index 7e6280c464..c62a51f58d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0002-util-consider-0x7F-a-control-chracter-which-it-is-DE.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0005-util-consider-0x7F-a-control-chracter-which-it-is-DE.patch
@@ -1,7 +1,8 @@
-From 90b2bbeb2aa576fff12539f18bc53986fb182832 Mon Sep 17 00:00:00 2001
+From 1335bbd1c9dd114d6491f08bc3b2c5eaf3768a04 Mon Sep 17 00:00:00 2001
 From: Lennart Poettering <lennart@poettering.net>
 Date: Mon, 7 Jul 2014 11:47:10 +0200
-Subject: [PATCH 2/2] util: consider 0x7F a control chracter (which it is: DEL)
+Subject: [PATCH 05/32] util: consider 0x7F a control chracter (which it is:
+ DEL)
 
 Let's better be safe than sorry.
 ---
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0006-man-add-missing-archs-to-ConditionArchitecture-descr.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0006-man-add-missing-archs-to-ConditionArchitecture-descr.patch
new file mode 100644
index 0000000000..ade4846770
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0006-man-add-missing-archs-to-ConditionArchitecture-descr.patch
@@ -0,0 +1,48 @@
+From efbcb2ef7b6337530ece0a251b80b35c109fcdf7 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 7 Jul 2014 14:58:13 +0200
+Subject: [PATCH 06/32] man: add missing archs to ConditionArchitecture=
+ description
+
+---
+ man/systemd.unit.xml | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
+index 960fb90..be0873c 100644
+--- a/man/systemd.unit.xml
++++ b/man/systemd.unit.xml
+@@ -931,7 +931,9 @@
+                                 <varname>x86</varname>,
+                                 <varname>x86-64</varname>,
+                                 <varname>ppc</varname>,
++                                <varname>ppc-le</varname>,
+                                 <varname>ppc64</varname>,
++                                <varname>ppc64-le</varname>,
+                                 <varname>ia64</varname>,
+                                 <varname>parisc</varname>,
+                                 <varname>parisc64</varname>,
+@@ -940,7 +942,9 @@
+                                 <varname>sparc</varname>,
+                                 <varname>sparc64</varname>,
+                                 <varname>mips</varname>,
++                                <varname>mips-le</varname>,
+                                 <varname>mips64</varname>,
++                                <varname>mips64-le</varname>,
+                                 <varname>alpha</varname>,
+                                 <varname>arm</varname>,
+                                 <varname>arm-be</varname>,
+@@ -948,7 +952,9 @@
+                                 <varname>arm64-be</varname>,
+                                 <varname>sh</varname>,
+                                 <varname>sh64</varname>,
+-                                <varname>m86k</varname> to test
++                                <varname>m86k</varname>,
++                                <varname>tilegx</varname>,
++                                <varname>cris</varname> to test
+                                 against a specific architecture. The
+                                 architecture is determined from the
+                                 information returned by
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0007-man-chroot-jails-are-no-longer-detected-by-Condition.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0007-man-chroot-jails-are-no-longer-detected-by-Condition.patch
new file mode 100644
index 0000000000..7cff8d8db1
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0007-man-chroot-jails-are-no-longer-detected-by-Condition.patch
@@ -0,0 +1,25 @@
+From cb59448753d949cd31c5a84bccc37f10597e23d7 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 7 Jul 2014 14:58:36 +0200
+Subject: [PATCH 07/32] man: chroot jails are no longer detected by
+ ConditionVirtualization=
+
+---
+ man/systemd.unit.xml | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
+index be0873c..cd3279c 100644
+--- a/man/systemd.unit.xml
++++ b/man/systemd.unit.xml
+@@ -990,7 +990,6 @@
+                                 <varname>oracle</varname>,
+                                 <varname>xen</varname>,
+                                 <varname>bochs</varname>,
+-                                <varname>chroot</varname>,
+                                 <varname>uml</varname>,
+                                 <varname>openvz</varname>,
+                                 <varname>lxc</varname>,
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0008-base-filesystem.c-terminate-string-array-elements-wi.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0008-base-filesystem.c-terminate-string-array-elements-wi.patch
new file mode 100644
index 0000000000..5b39449490
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0008-base-filesystem.c-terminate-string-array-elements-wi.patch
@@ -0,0 +1,38 @@
+From 5055a12659b731d78cc30553576193905b6530ae Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald@redhat.com>
+Date: Mon, 7 Jul 2014 17:45:53 +0200
+Subject: [PATCH 08/32] base-filesystem.c: terminate string array elements with
+ \0
+
+NULSTR_FOREACH() looks for a terminating zero and the element also needs
+one.
+---
+ src/shared/base-filesystem.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
+index daaeaca..addd26c 100644
+--- a/src/shared/base-filesystem.c
++++ b/src/shared/base-filesystem.c
+@@ -42,12 +42,13 @@ typedef struct BaseFilesystem {
+ } BaseFilesystem;
+ 
+ static const BaseFilesystem table[] = {
+-        { "bin",      0, "usr/bin",                             NULL },
+-        { "lib",      0, "usr/lib",                             NULL },
+-        { "root",  0755, NULL,                                  NULL },
+-        { "sbin",     0, "usr/sbin",                            NULL },
++        { "bin",      0, "usr/bin\0",                  NULL },
++        { "lib",      0, "usr/lib\0",                  NULL },
++        { "root",  0755, NULL,                         NULL },
++        { "sbin",     0, "usr/sbin\0",                 NULL },
+ #if defined(__i386__) || defined(__x86_64__)
+-        { "lib64",    0, "usr/lib/x86_64-linux-gnu\0usr/lib64", "ld-linux-x86-64.so.2" },
++        { "lib64",    0, "usr/lib/x86_64-linux-gnu\0"
++                         "usr/lib64\0",                "ld-linux-x86-64.so.2" },
+ #endif
+ };
+ 
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0009-man-drop-references-to-the-priviliged-command-line-o.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0009-man-drop-references-to-the-priviliged-command-line-o.patch
new file mode 100644
index 0000000000..0c6e49f940
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0009-man-drop-references-to-the-priviliged-command-line-o.patch
@@ -0,0 +1,52 @@
+From 1a45876927c5a2fb7a48d4ecd00359b37b8e1c4f Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 7 Jul 2014 18:45:07 +0200
+Subject: [PATCH 09/32] man: drop references to the --priviliged command line
+ option which has been removed a while back
+
+---
+ man/hostnamectl.xml | 8 --------
+ man/localectl.xml   | 8 --------
+ 2 files changed, 16 deletions(-)
+
+diff --git a/man/hostnamectl.xml b/man/hostnamectl.xml
+index 71973fd..4e456eb 100644
+--- a/man/hostnamectl.xml
++++ b/man/hostnamectl.xml
+@@ -102,14 +102,6 @@
+                         </varlistentry>
+ 
+                         <varlistentry>
+-                                <term><option>-P</option></term>
+-                                <term><option>--privileged</option></term>
+-
+-                                <listitem><para>Acquire privileges via PolicyKit
+-                                before executing the operation.</para></listitem>
+-                        </varlistentry>
+-
+-                        <varlistentry>
+                                 <term><option>--static</option></term>
+                                 <term><option>--transient</option></term>
+                                 <term><option>--pretty</option></term>
+diff --git a/man/localectl.xml b/man/localectl.xml
+index c2e79a2..9c32c79 100644
+--- a/man/localectl.xml
++++ b/man/localectl.xml
+@@ -90,14 +90,6 @@
+                         </varlistentry>
+ 
+                         <varlistentry>
+-                                <term><option>-P</option></term>
+-                                <term><option>--privileged</option></term>
+-
+-                                <listitem><para>Acquire privileges via PolicyKit
+-                                before executing the operation.</para></listitem>
+-                        </varlistentry>
+-
+-                        <varlistentry>
+                                 <term><option>--no-convert</option></term>
+ 
+                                 <listitem><para>If
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0010-fstab-generator-add-comma-when-removed-option-is-in-.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0010-fstab-generator-add-comma-when-removed-option-is-in-.patch
new file mode 100644
index 0000000000..174d9711c2
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0010-fstab-generator-add-comma-when-removed-option-is-in-.patch
@@ -0,0 +1,28 @@
+From f71f5fa7f6796cb809a2b827a5348cc494c128e1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 7 Jul 2014 16:10:38 -0400
+Subject: [PATCH 10/32] fstab-generator: add comma when removed option is in
+ the middle
+
+xxx,x-systemd.default-timeout=y,zzz was filtered to xxxzzz,
+but should be xxx,zzz, of course.
+---
+ src/shared/generator.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/generator.c b/src/shared/generator.c
+index 5d5b6a0..2f9e595 100644
+--- a/src/shared/generator.c
++++ b/src/shared/generator.c
+@@ -125,7 +125,7 @@ int generator_write_timeouts(const char *dir, const char *what, const char *wher
+                 char *prefix, *postfix;
+ 
+                 prefix = strndupa(opts, start - opts - (start != opts));
+-                postfix = timeout + len + (timeout[len] != '\0');
++                postfix = timeout + len + (start == opts && timeout[len] != '\0');
+                 *filtered = strjoin(prefix, *postfix ? postfix : NULL, NULL);
+                 if (!*filtered)
+                         return log_oom();
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0011-dropin-add-format-attribute-and-fix-a-wrong-caller.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0011-dropin-add-format-attribute-and-fix-a-wrong-caller.patch
new file mode 100644
index 0000000000..838130109e
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0011-dropin-add-format-attribute-and-fix-a-wrong-caller.patch
@@ -0,0 +1,45 @@
+From 05e483d224be6a7c057a7b6eb30d830fea18eda8 Mon Sep 17 00:00:00 2001
+From: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
+Date: Mon, 7 Jul 2014 21:40:00 +0200
+Subject: [PATCH 11/32] dropin: add format attribute and fix a wrong caller
+
+---
+ src/shared/dropin.h    | 4 +++-
+ src/shared/generator.c | 2 +-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/shared/dropin.h b/src/shared/dropin.h
+index 27a2b29..9c9742d 100644
+--- a/src/shared/dropin.h
++++ b/src/shared/dropin.h
+@@ -21,6 +21,8 @@
+   along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ ***/
+ 
++#include "macro.h"
++
+ int drop_in_file(const char *dir, const char *unit, unsigned level,
+                  const char *name, char **_p, char **_q);
+ 
+@@ -28,4 +30,4 @@ int write_drop_in(const char *dir, const char *unit, unsigned level,
+                   const char *name, const char *data);
+ 
+ int write_drop_in_format(const char *dir, const char *unit, unsigned level,
+-                         const char *name, const char *format, ...);
++                         const char *name, const char *format, ...) _printf_(5, 6);
+diff --git a/src/shared/generator.c b/src/shared/generator.c
+index 2f9e595..5d4cb5d 100644
+--- a/src/shared/generator.c
++++ b/src/shared/generator.c
+@@ -148,7 +148,7 @@ int generator_write_timeouts(const char *dir, const char *what, const char *wher
+ 
+         return write_drop_in_format(dir, unit, 50, "device-timeout",
+                                     "# Automatically generated by %s\n\n"
+-                                    "[Unit]\nJobTimeoutSec=%u",
++                                    "[Unit]\nJobTimeoutSec=%lu",
+                                     program_invocation_short_name,
+                                     u / USEC_PER_SEC);
+ }
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0012-shared-fix-format-string-for-usec_t-type.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0012-shared-fix-format-string-for-usec_t-type.patch
new file mode 100644
index 0000000000..ce83ed0a9d
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0012-shared-fix-format-string-for-usec_t-type.patch
@@ -0,0 +1,25 @@
+From 8070ab78b7bba4a20bba278086580d6582c96e80 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 7 Jul 2014 22:49:59 +0200
+Subject: [PATCH 12/32] shared: fix format string for usec_t type
+
+---
+ src/shared/generator.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/generator.c b/src/shared/generator.c
+index 5d4cb5d..414470b 100644
+--- a/src/shared/generator.c
++++ b/src/shared/generator.c
+@@ -148,7 +148,7 @@ int generator_write_timeouts(const char *dir, const char *what, const char *wher
+ 
+         return write_drop_in_format(dir, unit, 50, "device-timeout",
+                                     "# Automatically generated by %s\n\n"
+-                                    "[Unit]\nJobTimeoutSec=%lu",
++                                    "[Unit]\nJobTimeoutSec=" USEC_FMT,
+                                     program_invocation_short_name,
+                                     u / USEC_PER_SEC);
+ }
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0013-logind-allow-switching-to-unused-VTs-via-SwitchTo.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0013-logind-allow-switching-to-unused-VTs-via-SwitchTo.patch
new file mode 100644
index 0000000000..0ef009570e
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0013-logind-allow-switching-to-unused-VTs-via-SwitchTo.patch
@@ -0,0 +1,37 @@
+From 82155b957fac44db3858e1b008cf31e5004d40cd Mon Sep 17 00:00:00 2001
+From: David Herrmann <dh.herrmann@gmail.com>
+Date: Tue, 8 Jul 2014 12:56:55 +0200
+Subject: [PATCH 13/32] logind: allow switching to unused VTs via SwitchTo()
+
+If compositors use the new SwitchTo() logic to map F1-F12, we should allow
+them to switch to unregistered VTs, too. Otherwise, the auto-spawn logic
+of gettys won't trigger.
+
+Reported-by: Jasper St. Pierre <jstpierre@mecheye.net>
+Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
+---
+ src/login/logind-seat.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
+index 3114de8..9992195 100644
+--- a/src/login/logind-seat.c
++++ b/src/login/logind-seat.c
+@@ -275,8 +275,13 @@ int seat_switch_to(Seat *s, unsigned int num) {
+         if (!num)
+                 return -EINVAL;
+ 
+-        if (num >= s->position_count || !s->positions[num])
++        if (num >= s->position_count || !s->positions[num]) {
++                /* allow switching to unused VTs to trigger auto-activate */
++                if (seat_has_vts(s) && num < 64)
++                        return chvt(num);
++
+                 return -EINVAL;
++        }
+ 
+         return session_activate(s->positions[num]);
+ }
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0014-systemctl-fix-visual-alignment-for-lines-prefixed-wi.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0014-systemctl-fix-visual-alignment-for-lines-prefixed-wi.patch
new file mode 100644
index 0000000000..59fab0aa65
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0014-systemctl-fix-visual-alignment-for-lines-prefixed-wi.patch
@@ -0,0 +1,26 @@
+From d91cba9f5ed3aee340115bd4b4097bf3bf396365 Mon Sep 17 00:00:00 2001
+From: Michal Schmidt <mschmidt@redhat.com>
+Date: Tue, 8 Jul 2014 15:17:36 +0200
+Subject: [PATCH 14/32] systemctl: fix visual alignment for lines prefixed with
+ color dots
+
+---
+ src/systemctl/systemctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 03720f4..8086e1e 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -456,7 +456,7 @@ static int output_units_list(const UnitInfo *unit_infos, unsigned c) {
+                 }
+ 
+                 if (circle_len > 0)
+-                        printf("%s%s%s", on_circle, circle ? draw_special_char(DRAW_BLACK_CIRCLE) : "  ", off_circle);
++                        printf("%s%s%s ", on_circle, circle ? draw_special_char(DRAW_BLACK_CIRCLE) : " ", off_circle);
+ 
+                 printf("%s%-*s%s %s%-*s%s %s%-*s %-*s%s %-*s",
+                        on_active, id_len, id, off_active,
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0015-accelerometer-Don-t-wait-for-new-data-from-the-senso.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0015-accelerometer-Don-t-wait-for-new-data-from-the-senso.patch
new file mode 100644
index 0000000000..acceebb6af
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0015-accelerometer-Don-t-wait-for-new-data-from-the-senso.patch
@@ -0,0 +1,75 @@
+From 18dd397f6383eb21ba383840dd9b10feaca4a663 Mon Sep 17 00:00:00 2001
+From: Bastien Nocera <hadess@hadess.net>
+Date: Tue, 8 Jul 2014 18:29:06 +0200
+Subject: [PATCH 15/32] accelerometer: Don't wait for new data from the sensor
+
+Instead of waiting for new data from the sensor, which might be
+a long time coming, depending on the sensor device, ask the kernel
+for the last state for that particular input device.
+---
+ src/udev/accelerometer/accelerometer.c | 33 ++++++---------------------------
+ 1 file changed, 6 insertions(+), 27 deletions(-)
+
+diff --git a/src/udev/accelerometer/accelerometer.c b/src/udev/accelerometer/accelerometer.c
+index 925d38d..32adf27 100644
+--- a/src/udev/accelerometer/accelerometer.c
++++ b/src/udev/accelerometer/accelerometer.c
+@@ -180,7 +180,7 @@ get_prev_orientation(struct udev_device *dev)
+         return string_to_orientation(value);
+ }
+ 
+-#define SET_AXIS(axis, code_) if (ev[i].code == code_) { if (got_##axis == 0) { axis = ev[i].value; got_##axis = true; } }
++#define READ_AXIS(axis, var) { memzero(&abs_info, sizeof(abs_info)); r = ioctl(fd, EVIOCGABS(axis), &abs_info); if (r < 0) return; var = abs_info.value; }
+ 
+ /* accelerometers */
+ static void test_orientation(struct udev *udev,
+@@ -189,10 +189,9 @@ static void test_orientation(struct udev *udev,
+ {
+         OrientationUp old, new;
+         _cleanup_close_ int fd = -1;
+-        struct input_event ev[64];
+-        bool got_syn = false;
+-        bool got_x = false, got_y = false, got_z = false;
++        struct input_absinfo abs_info;
+         int x = 0, y = 0, z = 0;
++        int r;
+         char text[64];
+ 
+         old = get_prev_orientation(dev);
+@@ -201,30 +200,10 @@ static void test_orientation(struct udev *udev,
+         if (fd < 0)
+                 return;
+ 
+-        while (1) {
+-                int i, r;
+-
+-                r = read(fd, ev, sizeof(struct input_event) * 64);
+-
+-                if (r < (int) sizeof(struct input_event))
+-                        return;
+-
+-                for (i = 0; i < r / (int) sizeof(struct input_event); i++) {
+-                        if (got_syn) {
+-                                if (ev[i].type == EV_ABS) {
+-                                        SET_AXIS(x, ABS_X);
+-                                        SET_AXIS(y, ABS_Y);
+-                                        SET_AXIS(z, ABS_Z);
+-                                }
+-                        }
+-                        if (ev[i].type == EV_SYN && ev[i].code == SYN_REPORT)
+-                                got_syn = true;
+-                        if (got_x && got_y && got_z)
+-                                goto read_dev;
+-                }
+-        }
++        READ_AXIS(ABS_X, x);
++        READ_AXIS(ABS_Y, y);
++        READ_AXIS(ABS_Z, z);
+ 
+-read_dev:
+         new = orientation_calc(old, x, y, z);
+         snprintf(text, sizeof(text),
+                  "ID_INPUT_ACCELEROMETER_ORIENTATION=%s", orientation_to_string(new));
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0016-sysusers-don-t-allow-user-names-longer-than-UT_NAMES.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0016-sysusers-don-t-allow-user-names-longer-than-UT_NAMES.patch
new file mode 100644
index 0000000000..288ae91dec
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0016-sysusers-don-t-allow-user-names-longer-than-UT_NAMES.patch
@@ -0,0 +1,54 @@
+From c4067527b6c8875b1cb767cf4efd14998cf17c34 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 9 Jul 2014 19:20:58 +0200
+Subject: [PATCH 16/32] sysusers: don't allow user names longer than
+ UT_NAMESIZE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+As pointed out by Miloslav Trmač it might be a good idea to make sure
+that usernames stay with in the utmp-defined limits.
+---
+ man/sysusers.d.xml      | 2 +-
+ src/sysusers/sysusers.c | 4 ++++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/man/sysusers.d.xml b/man/sysusers.d.xml
+index 549b3f6..40f8715 100644
+--- a/man/sysusers.d.xml
++++ b/man/sysusers.d.xml
+@@ -142,7 +142,7 @@ m authd input</programlisting>
+                         <title>Name</title>
+ 
+                         <para>The name field specifies the user or
+-                        group name. It should be be shorter than 256
++                        group name. It should be be shorter than 31
+                         characters and avoid any non-ASCII characters,
+                         and not begin with a numeric character. It is
+                         strongly recommended to pick user and group
+diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
+index 1209a5a..dfac7e6 100644
+--- a/src/sysusers/sysusers.c
++++ b/src/sysusers/sysusers.c
+@@ -24,6 +24,7 @@
+ #include <grp.h>
+ #include <shadow.h>
+ #include <getopt.h>
++#include <utmp.h>
+ 
+ #include "util.h"
+ #include "hashmap.h"
+@@ -1095,6 +1096,9 @@ static bool valid_user_group_name(const char *u) {
+         if ((size_t) (i-u) > (size_t) sz)
+                 return false;
+ 
++        if ((size_t) (i-u) > UT_NAMESIZE - 1)
++                return false;
++
+         return true;
+ }
+ 
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0017-Revert-build-sys-include-PolicyKit-files-as-part-of-.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0017-Revert-build-sys-include-PolicyKit-files-as-part-of-.patch
new file mode 100644
index 0000000000..83200fadfc
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0017-Revert-build-sys-include-PolicyKit-files-as-part-of-.patch
@@ -0,0 +1,34 @@
+From b407f12e7656916b25b3b3c006290187e1064793 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 4 Jul 2014 14:43:14 -0400
+Subject: [PATCH 17/32] Revert "build-sys: include PolicyKit files as part of
+ distribution"
+
+This reverts commit 0c26bfc3d21fdb3963f1248c237e2f1a33b5566d.
+
+src/core/org.freedesktop.systemd1.policy.in.in depends on values which
+are specified at configure time, so we cannot ship the corresponding
+policy file in the tarball.
+
+Since we need to regenerate one policy file, we might as well generate
+them all.
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index e238cde..32dc1fd 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -5216,7 +5216,7 @@ units/user/%: units/%.m4
+ 	$(AM_V_M4)$(M4) -P $(M4_DEFINES) -DFOR_USER=1 < $< > $@
+ 
+ if ENABLE_POLKIT
+-dist_polkitpolicy_DATA = \
++nodist_polkitpolicy_DATA = \
+ 	$(polkitpolicy_files) \
+ 	$(polkitpolicy_in_in_files:.policy.in.in=.policy)
+ endif
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0018-build-sys-Do-not-distribute-generated-emergency.serv.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0018-build-sys-Do-not-distribute-generated-emergency.serv.patch
new file mode 100644
index 0000000000..65baa7e3b9
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0018-build-sys-Do-not-distribute-generated-emergency.serv.patch
@@ -0,0 +1,29 @@
+From 669455ef0d5a3cf56c03c9fc668daa0750629cf5 Mon Sep 17 00:00:00 2001
+From: Jon Severinsson <jon@severinsson.net>
+Date: Fri, 11 Jul 2014 14:37:36 +0200
+Subject: [PATCH 18/32] build-sys: Do not distribute generated
+ emergency.service
+
+It is already in nodist_systemunit_DATA and if it is
+shipped, it contains the hardcoded path to systemctl
+which will cause it to fail to start when
+rootprefix != prefix and rootbindir != bindir.
+---
+ Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 32dc1fd..5d169b7 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -412,7 +412,6 @@ dist_sysctl_DATA = \
+ dist_systemunit_DATA = \
+ 	units/graphical.target \
+ 	units/multi-user.target \
+-	units/emergency.service \
+ 	units/emergency.target \
+ 	units/sysinit.target \
+ 	units/basic.target \
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0019-man-sysusers.d-correct-default-user-shell.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0019-man-sysusers.d-correct-default-user-shell.patch
new file mode 100644
index 0000000000..23a94d386e
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0019-man-sysusers.d-correct-default-user-shell.patch
@@ -0,0 +1,27 @@
+From c49b22614e4a6f843f8c2395d22bedf335f79fde Mon Sep 17 00:00:00 2001
+From: Sjoerd Simons <sjoerd@luon.net>
+Date: Sun, 13 Jul 2014 16:56:16 +0200
+Subject: [PATCH 19/32] man: sysusers.d correct default user shell
+
+For the non-root user sysusers uses nologin as the default shell, not
+login. Correct the documentation to match the code.
+---
+ man/sysusers.d.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/sysusers.d.xml b/man/sysusers.d.xml
+index 40f8715..b8e5af5 100644
+--- a/man/sysusers.d.xml
++++ b/man/sysusers.d.xml
+@@ -106,7 +106,7 @@ m authd input</programlisting>
+                                         group will be set to the group
+                                         bearing the same name. The
+                                         user's shell will be set to
+-                                        <filename>/sbin/login</filename>,
++                                        <filename>/sbin/nologin</filename>,
+                                         the home directory to
+                                         <filename>/</filename>. The
+                                         account will be created
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0020-rules-consistently-use-instead-of.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0020-rules-consistently-use-instead-of.patch
new file mode 100644
index 0000000000..27b010d39b
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0020-rules-consistently-use-instead-of.patch
@@ -0,0 +1,69 @@
+From 584152929252c948e9826bc3c735165ea1328737 Mon Sep 17 00:00:00 2001
+From: Kay Sievers <kay@vrfy.org>
+Date: Tue, 15 Jul 2014 02:04:47 +0200
+Subject: [PATCH 20/32] rules: consistently use "?*" instead of "*?"
+
+---
+ rules/99-systemd.rules.in  |  2 +-
+ src/login/70-uaccess.rules | 12 ++++++------
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
+index db72373..c3ef81b 100644
+--- a/rules/99-systemd.rules.in
++++ b/rules/99-systemd.rules.in
+@@ -43,7 +43,7 @@ SUBSYSTEM=="net", KERNEL!="lo", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsys
+ SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsystem/bluetooth/devices/%k"
+ 
+ SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_WANTS}+="bluetooth.target"
+-ENV{ID_SMARTCARD_READER}=="*?", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target"
++ENV{ID_SMARTCARD_READER}=="?*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target"
+ SUBSYSTEM=="sound", KERNEL=="card*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="sound.target"
+ 
+ SUBSYSTEM=="printer", TAG+="systemd", ENV{SYSTEMD_WANTS}+="printer.target"
+diff --git a/src/login/70-uaccess.rules b/src/login/70-uaccess.rules
+index e1cf897..57f619d 100644
+--- a/src/login/70-uaccess.rules
++++ b/src/login/70-uaccess.rules
+@@ -12,7 +12,7 @@ ENV{MAJOR}=="", GOTO="uaccess_end"
+ SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="uaccess"
+ 
+ # Digicams with proprietary protocol
+-ENV{ID_GPHOTO2}=="*?", TAG+="uaccess"
++ENV{ID_GPHOTO2}=="?*", TAG+="uaccess"
+ 
+ # SCSI and USB scanners
+ ENV{libsane_matched}=="yes", TAG+="uaccess"
+@@ -49,13 +49,13 @@ SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess"
+ SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess"
+ 
+ # smart-card readers
+-ENV{ID_SMARTCARD_READER}=="*?", TAG+="uaccess"
++ENV{ID_SMARTCARD_READER}=="?*", TAG+="uaccess"
+ 
+ # (USB) authentication devices
+-ENV{ID_SECURITY_TOKEN}=="*?", TAG+="uaccess"
++ENV{ID_SECURITY_TOKEN}=="?*", TAG+="uaccess"
+ 
+ # PDA devices
+-ENV{ID_PDA}=="*?", TAG+="uaccess"
++ENV{ID_PDA}=="?*", TAG+="uaccess"
+ 
+ # Programmable remote control
+ ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess"
+@@ -64,10 +64,10 @@ ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess"
+ SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="uaccess"
+ 
+ # color measurement devices
+-ENV{COLOR_MEASUREMENT_DEVICE}=="*?", TAG+="uaccess"
++ENV{COLOR_MEASUREMENT_DEVICE}=="?*", TAG+="uaccess"
+ 
+ # DDC/CI device, usually high-end monitors such as the DreamColor
+-ENV{DDC_DEVICE}=="*?", TAG+="uaccess"
++ENV{DDC_DEVICE}=="?*", TAG+="uaccess"
+ 
+ # media player raw devices (for user-mode drivers, Android SDK, etc.)
+ SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess"
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0021-timesyncd-suppress-resync-at-system-time-change-when.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0021-timesyncd-suppress-resync-at-system-time-change-when.patch
new file mode 100644
index 0000000000..dd9164eee8
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0021-timesyncd-suppress-resync-at-system-time-change-when.patch
@@ -0,0 +1,33 @@
+From 19c0af955631f8a32b3c95232cfcb4682dc362d6 Mon Sep 17 00:00:00 2001
+From: Kay Sievers <kay@vrfy.org>
+Date: Tue, 15 Jul 2014 02:24:35 +0200
+Subject: [PATCH 21/32] timesyncd: suppress resync at system time change when
+ not connected
+
+Jul 04 17:46:03 orchid systemd[1]: Starting Network Time Synchronization...
+Jul 04 17:46:03 orchid systemd[1]: Started Network Time Synchronization.
+Jul 04 17:46:22 orchid systemd-timesyncd[301]: System time changed. Resyncing.
+Jul 04 17:46:22 orchid systemd-timesyncd[301]: Assertion 'm->current_server_name'
+
+https://bugs.freedesktop.org/show_bug.cgi?id=80932
+---
+ src/timesync/timesyncd.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
+index 27f6b2d..9bc773c 100644
+--- a/src/timesync/timesyncd.c
++++ b/src/timesync/timesyncd.c
+@@ -331,6 +331,9 @@ static int manager_clock_watch(sd_event_source *source, int fd, uint32_t revents
+         /* rearm timer */
+         manager_clock_watch_setup(m);
+ 
++        if (!m->current_server_address)
++                return 0;
++
+         /* skip our own jumps */
+         if (m->jumped) {
+                 m->jumped = false;
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0022-timesyncd-only-listen-to-clock-changes-when-connecte.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0022-timesyncd-only-listen-to-clock-changes-when-connecte.patch
new file mode 100644
index 0000000000..96fe9aba24
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0022-timesyncd-only-listen-to-clock-changes-when-connecte.patch
@@ -0,0 +1,47 @@
+From 446e61ba07ec949544594729cdd2dff79c8e4cdc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 15 Jul 2014 09:52:17 -0400
+Subject: [PATCH 22/32] timesyncd: only listen to clock changes when connected
+
+This reverts previous commit and applies a different fix.
+
+manager_clock_watch() callback calls manager_send_request() to kick
+off a resync. We can only do that when we're actually connected to
+something. It is not useful to setup the callback from manager_new().
+
+Now the callback will be dropped in manager_connect() and requested
+in manager_begin().
+
+https://bugs.freedesktop.org/show_bug.cgi?id=80932
+---
+ src/timesync/timesyncd.c | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
+index 9bc773c..19af9f9 100644
+--- a/src/timesync/timesyncd.c
++++ b/src/timesync/timesyncd.c
+@@ -331,9 +331,6 @@ static int manager_clock_watch(sd_event_source *source, int fd, uint32_t revents
+         /* rearm timer */
+         manager_clock_watch_setup(m);
+ 
+-        if (!m->current_server_address)
+-                return 0;
+-
+         /* skip our own jumps */
+         if (m->jumped) {
+                 m->jumped = false;
+@@ -1047,10 +1044,6 @@ static int manager_new(Manager **ret) {
+         if (r < 0)
+                 return r;
+ 
+-        r = manager_clock_watch_setup(m);
+-        if (r < 0)
+-                return r;
+-
+         *ret = m;
+         m = NULL;
+ 
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0023-core-fix-oneshot-service-resource-control.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0023-core-fix-oneshot-service-resource-control.patch
new file mode 100644
index 0000000000..0a9e413f9c
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0023-core-fix-oneshot-service-resource-control.patch
@@ -0,0 +1,28 @@
+From bdabb3772ddd38ef7a62342efaa5b23d77765e5b Mon Sep 17 00:00:00 2001
+From: Umut Tezduyar Lindskog <umut.tezduyar@axis.com>
+Date: Tue, 15 Jul 2014 08:36:29 +0200
+Subject: [PATCH 23/32] core: fix oneshot service resource control
+
+Oneshot services's cgroup is removed when the service
+exits. An assert is hit otherwise.
+---
+ src/core/manager.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 0cb2044..edcde31 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -2539,7 +2539,8 @@ void manager_check_finished(Manager *m) {
+         }
+ 
+         SET_FOREACH(u, m->startup_units, i)
+-                cgroup_context_apply(unit_get_cgroup_context(u), unit_get_cgroup_mask(u), u->cgroup_path, manager_state(m));
++                if (u->cgroup_path)
++                        cgroup_context_apply(unit_get_cgroup_context(u), unit_get_cgroup_mask(u), u->cgroup_path, manager_state(m));
+ 
+         bus_manager_send_finished(m, firmware_usec, loader_usec, kernel_usec, initrd_usec, userspace_usec, total_usec);
+ 
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0024-journal-allow-files-with-no-data-whatsoever.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0024-journal-allow-files-with-no-data-whatsoever.patch
new file mode 100644
index 0000000000..7404dcdeb6
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0024-journal-allow-files-with-no-data-whatsoever.patch
@@ -0,0 +1,33 @@
+From 168b42d2860dcaaa4f4970f96467da1007cd78f5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 30 Mar 2014 14:20:34 -0400
+Subject: [PATCH 24/32] journal: allow files with no data whatsoever
+
+If a file was opened for writing, and then closed immediately without
+actually writing any entries, on subsequent opening, it would be
+considered "corrupted". This should be totally fine, and even in
+read mode, an empty file can become non-empty later on.
+---
+ src/journal/journal-file.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
+index b3b1ffc..ef54af4 100644
+--- a/src/journal/journal-file.c
++++ b/src/journal/journal-file.c
+@@ -271,12 +271,6 @@ static int journal_file_verify_header(JournalFile *f) {
+             !VALID64(le64toh(f->header->entry_array_offset)))
+                 return -ENODATA;
+ 
+-        if (le64toh(f->header->data_hash_table_offset) < le64toh(f->header->header_size) ||
+-            le64toh(f->header->field_hash_table_offset) < le64toh(f->header->header_size) ||
+-            le64toh(f->header->tail_object_offset) < le64toh(f->header->header_size) ||
+-            le64toh(f->header->entry_array_offset) < le64toh(f->header->header_size))
+-                return -ENODATA;
+-
+         if (f->writable) {
+                 uint8_t state;
+                 sd_id128_t machine_id;
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0025-units-serial-getty-.service-use-the-default-RestartS.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0025-units-serial-getty-.service-use-the-default-RestartS.patch
new file mode 100644
index 0000000000..3227132d3e
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0025-units-serial-getty-.service-use-the-default-RestartS.patch
@@ -0,0 +1,34 @@
+From 0a9a32ccbb38db14ff5dc8455af8cdac9610fbce Mon Sep 17 00:00:00 2001
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 15 Jul 2014 18:28:10 +0200
+Subject: [PATCH 25/32] units/serial-getty@.service: use the default RestartSec
+
+For pluggable ttys such as USB serial devices, the getty is restarted
+and exits in a loop until the remove event reaches systemd. Under
+certain circumstances the restart loop can overload the system in a
+way that prevents the remove event from reaching systemd for a long
+time (e.g. at least several minutes on a small embedded system).
+
+Use the default RestartSec to prevent the restart loop from
+overloading the system. Serial gettys are interactive units, so
+waiting an extra 100ms really doesn't make a difference anyways
+compared to the time it takes the user to log in.
+---
+ units/serial-getty@.service.m4 | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/units/serial-getty@.service.m4 b/units/serial-getty@.service.m4
+index 4ac51e7..4522d0d 100644
+--- a/units/serial-getty@.service.m4
++++ b/units/serial-getty@.service.m4
+@@ -25,7 +25,6 @@ IgnoreOnIsolate=yes
+ ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM
+ Type=idle
+ Restart=always
+-RestartSec=0
+ UtmpIdentifier=%I
+ TTYPath=/dev/%I
+ TTYReset=yes
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0026-networkd-properly-track-addresses-when-first-added.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0026-networkd-properly-track-addresses-when-first-added.patch
new file mode 100644
index 0000000000..3f8369038c
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0026-networkd-properly-track-addresses-when-first-added.patch
@@ -0,0 +1,104 @@
+From c831530cf5cf6795e6c465c51689481a308a20a0 Mon Sep 17 00:00:00 2001
+From: Tom Gundersen <teg@jklm.no>
+Date: Thu, 3 Jul 2014 22:47:51 +0200
+Subject: [PATCH 26/32] networkd: properly track addresses when first added
+
+When doing a NEWADDR, the reply we get back is the NEWADDR itself, rather
+than just an empty ack (unlike how NEWLINK works). For this reason, the
+process that did the NEWADDR does not get the broadcast message.
+
+We were only listening for broadcast messages, and hence not tracking the
+addresses we added ourselves. This went unnoticed as the kernel will usually
+send NEWADDR messages from time to time anyway, so things would mostly work,
+but in the worst case we would not notice that a routable address was available
+and consider ourselves offline.
+---
+ src/network/networkd-link.c | 54 +++++++++++++++++++++++++--------------------
+ 1 file changed, 30 insertions(+), 24 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 14c0417..2289284 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -599,10 +599,35 @@ static int route_drop_handler(sd_rtnl *rtnl, sd_rtnl_message *m, void *userdata)
+         return 0;
+ }
+ 
++static int link_get_address_handler(sd_rtnl *rtnl, sd_rtnl_message *m, void *userdata) {
++        _cleanup_link_unref_ Link *link = userdata;
++        int r;
++
++        assert(rtnl);
++        assert(m);
++        assert(link);
++        assert(link->manager);
++
++        for (; m; m = sd_rtnl_message_next(m)) {
++                r = sd_rtnl_message_get_errno(m);
++                if (r < 0) {
++                        log_debug_link(link, "getting address failed: %s", strerror(-r));
++                        continue;
++                }
++
++                r = link_rtnl_process_address(rtnl, m, link->manager);
++                if (r < 0)
++                        log_warning_link(link, "could not process address: %s", strerror(-r));
++        }
++
++        return 1;
++}
++
+ static int address_handler(sd_rtnl *rtnl, sd_rtnl_message *m, void *userdata) {
+         _cleanup_link_unref_ Link *link = userdata;
+         int r;
+ 
++        assert(rtnl);
+         assert(m);
+         assert(link);
+         assert(link->ifname);
+@@ -623,6 +648,11 @@ static int address_handler(sd_rtnl *rtnl, sd_rtnl_message *m, void *userdata) {
+                                 link->ifname, strerror(-r),
+                                 "ERRNO=%d", -r,
+                                 NULL);
++        if (r >= 0) {
++                /* calling handler directly so take a ref */
++                link_ref(link);
++                link_get_address_handler(rtnl, m, link);
++        }
+ 
+         if (link->addr_messages == 0) {
+                 log_debug_link(link, "addresses set");
+@@ -2228,30 +2258,6 @@ int link_rtnl_process_address(sd_rtnl *rtnl, sd_rtnl_message *message, void *use
+         return 1;
+ }
+ 
+-static int link_get_address_handler(sd_rtnl *rtnl, sd_rtnl_message *m, void *userdata) {
+-        _cleanup_link_unref_ Link *link = userdata;
+-        int r;
+-
+-        assert(rtnl);
+-        assert(m);
+-        assert(link);
+-        assert(link->manager);
+-
+-        for (; m; m = sd_rtnl_message_next(m)) {
+-                r = sd_rtnl_message_get_errno(m);
+-                if (r < 0) {
+-                        log_debug_link(link, "getting address failed: %s", strerror(-r));
+-                        continue;
+-                }
+-
+-                r = link_rtnl_process_address(rtnl, m, link->manager);
+-                if (r < 0)
+-                        log_warning_link(link, "could not process address: %s", strerror(-r));
+-        }
+-
+-        return 1;
+-}
+-
+ int link_add(Manager *m, sd_rtnl_message *message, Link **ret) {
+         Link *link;
+         _cleanup_rtnl_message_unref_ sd_rtnl_message *req = NULL;
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0027-networkd-don-t-clear-dhcpv6-lease-timers-if-there-s-.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0027-networkd-don-t-clear-dhcpv6-lease-timers-if-there-s-.patch
new file mode 100644
index 0000000000..1c9aef7785
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0027-networkd-don-t-clear-dhcpv6-lease-timers-if-there-s-.patch
@@ -0,0 +1,29 @@
+From f491638dd12ad53539d62f5a1088eb26e233badf Mon Sep 17 00:00:00 2001
+From: Steven Noonan <steven@uplinklabs.net>
+Date: Thu, 3 Jul 2014 19:43:56 -0700
+Subject: [PATCH 27/32] networkd: don't clear dhcpv6 lease timers if there's no
+ previous lease
+
+If client->lease is NULL, dhcp6_lease_clear_timers will cause a segmentation
+fault.
+---
+ src/libsystemd-network/sd-dhcp6-client.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c
+index 8fdbbfe..a83778e 100644
+--- a/src/libsystemd-network/sd-dhcp6-client.c
++++ b/src/libsystemd-network/sd-dhcp6-client.c
+@@ -708,7 +708,8 @@ static int client_receive_reply(sd_dhcp6_client *client, DHCP6Message *reply,
+                         return 0;
+         }
+ 
+-        dhcp6_lease_clear_timers(&client->lease->ia);
++        if (client->lease)
++            dhcp6_lease_clear_timers(&client->lease->ia);
+ 
+         client->lease = sd_dhcp6_lease_unref(client->lease);
+         client->lease = lease;
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0028-networkd-accept-section-DHCP-in-systemd.network-file.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0028-networkd-accept-section-DHCP-in-systemd.network-file.patch
new file mode 100644
index 0000000000..4f1fce117d
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0028-networkd-accept-section-DHCP-in-systemd.network-file.patch
@@ -0,0 +1,25 @@
+From 49047278910689c619b768130cce40c377fa5560 Mon Sep 17 00:00:00 2001
+From: Steven Noonan <steven@uplinklabs.net>
+Date: Thu, 3 Jul 2014 19:42:19 -0700
+Subject: [PATCH 28/32] networkd: accept section DHCP in systemd.network files
+
+---
+ src/network/networkd-network.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
+index 9ab4f23..9f6de18 100644
+--- a/src/network/networkd-network.c
++++ b/src/network/networkd-network.c
+@@ -92,7 +92,7 @@ static int network_load_one(Manager *manager, const char *filename) {
+         network->dhcp_routes = true;
+         network->dhcp_sendhost = true;
+ 
+-        r = config_parse(NULL, filename, file, "Match\0Network\0Address\0Route\0DHCPv4\0", config_item_perf_lookup,
++        r = config_parse(NULL, filename, file, "Match\0Network\0Address\0Route\0DHCP\0DHCPv4\0", config_item_perf_lookup,
+                         (void*) network_network_gperf_lookup, false, false, network);
+         if (r < 0) {
+                 log_warning("Could not parse config file %s: %s", filename, strerror(-r));
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0029-dhcp-network-add-check-for-DHCP.chaddr.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0029-dhcp-network-add-check-for-DHCP.chaddr.patch
new file mode 100644
index 0000000000..aea641e0dc
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0029-dhcp-network-add-check-for-DHCP.chaddr.patch
@@ -0,0 +1,106 @@
+From f0b0beb95c95235ffc88d7230334f93e37982b04 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Thu, 19 Jun 2014 15:14:14 +0200
+Subject: [PATCH 29/32] dhcp-network: add check for DHCP.chaddr
+
+Check that received DHCP packets actually include our MAC address in
+chaddr field. BPF interpreter has 32 bit wide registers but MAC address
+is 48 bits long so we have to do check in two steps.
+---
+ src/libsystemd-network/dhcp-internal.h    |  3 ++-
+ src/libsystemd-network/dhcp-network.c     | 15 +++++++++++++--
+ src/libsystemd-network/sd-dhcp-client.c   |  4 ++--
+ src/libsystemd-network/test-dhcp-client.c |  2 +-
+ 4 files changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/src/libsystemd-network/dhcp-internal.h b/src/libsystemd-network/dhcp-internal.h
+index 6f6f121..1069c8a 100644
+--- a/src/libsystemd-network/dhcp-internal.h
++++ b/src/libsystemd-network/dhcp-internal.h
+@@ -24,13 +24,14 @@
+ 
+ #include <stdint.h>
+ #include <linux/if_packet.h>
++#include <net/ethernet.h>
+ 
+ #include "socket-util.h"
+ 
+ #include "sd-dhcp-client.h"
+ #include "dhcp-protocol.h"
+ 
+-int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link, uint32_t xid);
++int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link, uint32_t xid, struct ether_addr mac_addr);
+ int dhcp_network_bind_udp_socket(be32_t address, uint16_t port);
+ int dhcp_network_send_raw_socket(int s, const union sockaddr_union *link,
+                                  const void *packet, size_t len);
+diff --git a/src/libsystemd-network/dhcp-network.c b/src/libsystemd-network/dhcp-network.c
+index 9d57917..f119cae 100644
+--- a/src/libsystemd-network/dhcp-network.c
++++ b/src/libsystemd-network/dhcp-network.c
+@@ -33,7 +33,7 @@
+ #include "dhcp-internal.h"
+ 
+ int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link,
+-                                 uint32_t xid) {
++                                 uint32_t xid, struct ether_addr mac_addr) {
+         struct sock_filter filter[] = {
+             BPF_STMT(BPF_LD + BPF_W + BPF_LEN, 0),                                 /* A <- packet length */
+             BPF_JUMP(BPF_JMP + BPF_JGE + BPF_K, sizeof(DHCPPacket), 1, 0),         /* packet >= DHCPPacket ? */
+@@ -60,7 +60,18 @@ int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link,
+             BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(DHCPPacket, dhcp.xid)),    /* A <- client identifier */
+             BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, xid, 1, 0),                        /* client identifier == xid ? */
+             BPF_STMT(BPF_RET + BPF_K, 0),                                          /* ignore */
+-            /* TODO: match chaddr */
++            BPF_STMT(BPF_LD + BPF_IMM, htobe32(*((unsigned int *) &mac_addr))),                    /* A <- 4 bytes of client's MAC */
++            BPF_STMT(BPF_MISC + BPF_TAX, 0),                                                       /* X <- A */
++            BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(DHCPPacket, dhcp.chaddr)),                 /* A <- 4 bytes of MAC from dhcp.chaddr */
++            BPF_STMT(BPF_ALU + BPF_XOR + BPF_X, 0),                                                /* A xor X */
++            BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0),                                          /* A == 0 ? */
++            BPF_STMT(BPF_RET + BPF_K, 0),                                                          /* ignore */
++            BPF_STMT(BPF_LD + BPF_IMM, htobe16(*((unsigned short *) (((char *) &mac_addr) + 4)))), /* A <- remainder of client's MAC */
++            BPF_STMT(BPF_MISC + BPF_TAX, 0),                                                       /* X <- A */
++            BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(DHCPPacket, dhcp.chaddr) + 4),             /* A <- remainder of MAC from dhcp.chaddr */
++            BPF_STMT(BPF_ALU + BPF_XOR + BPF_X, 0),                                                /* A xor X */
++            BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0),                                          /* A == 0 ? */
++            BPF_STMT(BPF_RET + BPF_K, 0),                                                          /* ignore */
+             BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(DHCPPacket, dhcp.magic)),  /* A <- DHCP magic cookie */
+             BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, DHCP_MAGIC_COOKIE, 1, 0),          /* cookie == DHCP magic cookie ? */
+             BPF_STMT(BPF_RET + BPF_K, 0),                                          /* ignore */
+diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
+index d8a9d20..6b19666 100644
+--- a/src/libsystemd-network/sd-dhcp-client.c
++++ b/src/libsystemd-network/sd-dhcp-client.c
+@@ -751,7 +751,7 @@ static int client_start(sd_dhcp_client *client) {
+ 
+         client->xid = random_u32();
+ 
+-        r = dhcp_network_bind_raw_socket(client->index, &client->link, client->xid);
++        r = dhcp_network_bind_raw_socket(client->index, &client->link, client->xid, client->client_id.mac_addr);
+         if (r < 0) {
+                 client_stop(client, r);
+                 return r;
+@@ -795,7 +795,7 @@ static int client_timeout_t2(sd_event_source *s, uint64_t usec, void *userdata)
+         client->state = DHCP_STATE_REBINDING;
+         client->attempt = 1;
+ 
+-        r = dhcp_network_bind_raw_socket(client->index, &client->link, client->xid);
++        r = dhcp_network_bind_raw_socket(client->index, &client->link, client->xid, client->client_id.mac_addr);
+         if (r < 0) {
+                 client_stop(client, r);
+                 return 0;
+diff --git a/src/libsystemd-network/test-dhcp-client.c b/src/libsystemd-network/test-dhcp-client.c
+index 450b6d4..7cbe10d 100644
+--- a/src/libsystemd-network/test-dhcp-client.c
++++ b/src/libsystemd-network/test-dhcp-client.c
+@@ -196,7 +196,7 @@ int dhcp_network_send_raw_socket(int s, const union sockaddr_union *link,
+         return 575;
+ }
+ 
+-int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link, uint32_t id)
++int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link, uint32_t id, struct ether_addr mac)
+ {
+         if (socketpair(AF_UNIX, SOCK_STREAM, 0, test_fd) < 0)
+                 return -errno;
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0030-networkd-netdev-add-missing-refs.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0030-networkd-netdev-add-missing-refs.patch
new file mode 100644
index 0000000000..92187dad06
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0030-networkd-netdev-add-missing-refs.patch
@@ -0,0 +1,69 @@
+From 5c7eaa88675fc6e400420bbeb4890ef13b18b85b Mon Sep 17 00:00:00 2001
+From: Tom Gundersen <teg@jklm.no>
+Date: Mon, 7 Jul 2014 14:18:26 +0200
+Subject: [PATCH 30/32] networkd: netdev - add missing refs
+
+Without this, the underlying device would get freed (and hence
+fail).
+---
+ src/network/networkd-macvlan.c | 2 ++
+ src/network/networkd-tunnel.c  | 2 ++
+ src/network/networkd-vlan.c    | 2 ++
+ src/network/networkd-vxlan.c   | 2 ++
+ 4 files changed, 8 insertions(+)
+
+diff --git a/src/network/networkd-macvlan.c b/src/network/networkd-macvlan.c
+index 9227144..7c23426 100644
+--- a/src/network/networkd-macvlan.c
++++ b/src/network/networkd-macvlan.c
+@@ -150,6 +150,8 @@ int netdev_create_macvlan(NetDev *netdev, Link *link, sd_rtnl_message_handler_t
+                 return r;
+         }
+ 
++        link_ref(link);
++
+         log_debug_netdev(netdev, "creating netdev");
+ 
+         netdev->state = NETDEV_STATE_CREATING;
+diff --git a/src/network/networkd-tunnel.c b/src/network/networkd-tunnel.c
+index 7341487..5a244f6 100644
+--- a/src/network/networkd-tunnel.c
++++ b/src/network/networkd-tunnel.c
+@@ -529,6 +529,8 @@ int netdev_create_tunnel(NetDev *netdev, Link *link, sd_rtnl_message_handler_t c
+                 return r;
+         }
+ 
++        link_ref(link);
++
+         log_debug_netdev(netdev, "Creating tunnel netdev: %s",
+                          netdev_kind_to_string(netdev->kind));
+ 
+diff --git a/src/network/networkd-vlan.c b/src/network/networkd-vlan.c
+index 1d812fd..8727b9f 100644
+--- a/src/network/networkd-vlan.c
++++ b/src/network/networkd-vlan.c
+@@ -139,6 +139,8 @@ int netdev_create_vlan(NetDev *netdev, Link *link, sd_rtnl_message_handler_t cal
+                 return r;
+         }
+ 
++        link_ref(link);
++
+         log_debug_netdev(netdev, "creating netdev");
+ 
+         netdev->state = NETDEV_STATE_CREATING;
+diff --git a/src/network/networkd-vxlan.c b/src/network/networkd-vxlan.c
+index 8832024..1604594 100644
+--- a/src/network/networkd-vxlan.c
++++ b/src/network/networkd-vxlan.c
+@@ -154,6 +154,8 @@ int netdev_create_vxlan(NetDev *netdev, Link *link, sd_rtnl_message_handler_t ca
+                 return r;
+         }
+ 
++        link_ref(link);
++
+         log_debug_netdev(netdev, "Creating vxlan netdev: %s",
+                          netdev_kind_to_string(netdev->kind));
+ 
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0031-networkd-link-fix-memory-leak.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0031-networkd-link-fix-memory-leak.patch
new file mode 100644
index 0000000000..678406c794
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0031-networkd-link-fix-memory-leak.patch
@@ -0,0 +1,28 @@
+From 25bb651691c89caa40d57ca6cb347fbbf20633c5 Mon Sep 17 00:00:00 2001
+From: Tom Gundersen <teg@jklm.no>
+Date: Sun, 13 Jul 2014 01:11:52 +0200
+Subject: [PATCH 31/32] networkd: link - fix memory leak
+
+Make link_initialized() idempotent to avoid taking refs on several udev_device
+objects.
+---
+ src/network/networkd-link.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 2289284..5e63045 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -2114,6 +2114,9 @@ int link_initialized(Link *link, struct udev_device *device) {
+         if (link->state != LINK_STATE_INITIALIZING)
+                 return 0;
+ 
++        if (link->udev_device)
++                return 0;
++
+         log_debug_link(link, "udev initialized link");
+ 
+         link->udev_device = udev_device_ref(device);
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0032-sd-dhcp-client-make-request-broadcasts-opt-in.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0032-sd-dhcp-client-make-request-broadcasts-opt-in.patch
new file mode 100644
index 0000000000..c1cdb20ccb
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/215-0032-sd-dhcp-client-make-request-broadcasts-opt-in.patch
@@ -0,0 +1,141 @@
+From 64e271490cf958e5554ddb8daa662c84c2003452 Mon Sep 17 00:00:00 2001
+From: Tom Gundersen <teg@jklm.no>
+Date: Tue, 15 Jul 2014 18:55:31 +0200
+Subject: [PATCH 32/32] sd-dhcp-client: make request broadcasts opt-in
+
+It appears there is no good way to decide whether or not broadcasts should be enabled,
+there is hardware that must have broadcast, and there are networks that only allow
+unicast. So we give up and make this configurable.
+
+By default, unicast is used, but if the kernel were to inform us abotu certain
+interfaces requiring broadcast, we could change this to opt-in by default in
+those cases.
+
+Conflicts:
+	man/systemd.network.xml
+---
+ man/systemd.network.xml                  |  9 +++++++++
+ src/libsystemd-network/sd-dhcp-client.c  | 18 ++++++++++++++++--
+ src/network/networkd-link.c              |  4 ++++
+ src/network/networkd-network-gperf.gperf |  1 +
+ src/network/networkd.h                   |  1 +
+ src/systemd/sd-dhcp-client.h             |  1 +
+ 6 files changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/man/systemd.network.xml b/man/systemd.network.xml
+index 2b0eb56..f7cc39b 100644
+--- a/man/systemd.network.xml
++++ b/man/systemd.network.xml
+@@ -433,6 +433,15 @@
+                                                 if, say, the root filesystem relies on this connection. Defaults to false.</para>
+                                         </listitem>
+                                 </varlistentry>
++                                <varlistentry>
++                                        <term><varname>RequestBroadcast=</varname></term>
++                                        <listitem>
++                                                <para>Request the server to use broadcast messages before the IP address has been
++                                                configured. This is necessary for devices that cannot receive RAW packets, or that
++                                                cannot receive packets at all before an IP address has been configured. On the other
++                                                hand, this must not be enabled on networks where broadcasts are filtered out.</para>
++                                        </listitem>
++                                </varlistentry>
+                        </variablelist>
+ 
+         </refsect1>
+diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
+index 6b19666..04ee7de 100644
+--- a/src/libsystemd-network/sd-dhcp-client.c
++++ b/src/libsystemd-network/sd-dhcp-client.c
+@@ -48,6 +48,7 @@ struct sd_dhcp_client {
+         int fd;
+         union sockaddr_union link;
+         sd_event_source *receive_message;
++        bool request_broadcast;
+         uint8_t *req_opts;
+         size_t req_opts_allocated;
+         size_t req_opts_size;
+@@ -95,6 +96,14 @@ int sd_dhcp_client_set_callback(sd_dhcp_client *client, sd_dhcp_client_cb_t cb,
+         return 0;
+ }
+ 
++int sd_dhcp_client_set_request_broadcast(sd_dhcp_client *client, int broadcast) {
++        assert_return(client, -EINVAL);
++
++        client->request_broadcast = !!broadcast;
++
++        return 0;
++}
++
+ int sd_dhcp_client_set_request_option(sd_dhcp_client *client, uint8_t option) {
+         size_t i;
+ 
+@@ -304,8 +313,13 @@ static int client_message_init(sd_dhcp_client *client, DHCPPacket **ret,
+            BROADCAST bit in the 'flags' field to 1 in any DHCPDISCOVER or
+            DHCPREQUEST messages that client sends.  The BROADCAST bit will
+            provide a hint to the DHCP server and BOOTP relay agent to broadcast
+-           any messages to the client on the client's subnet. */
+-        packet->dhcp.flags = htobe16(0x8000);
++           any messages to the client on the client's subnet.
++
++           Note: some interfaces needs this to be enabled, but some networks
++           needs this to be disabled as broadcasts are filteretd, so this
++           needs to be configurable */
++        if (client->request_broadcast)
++                packet->dhcp.flags = htobe16(0x8000);
+ 
+         /* RFC2132 section 4.1.1:
+            The client MUST include its hardware address in the ’chaddr’ field, if
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 5e63045..a806990 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -1997,6 +1997,10 @@ static int link_configure(Link *link) {
+                 if (r < 0)
+                         return r;
+ 
++                r = sd_dhcp_client_set_request_broadcast(link->dhcp_client, link->network->dhcp_broadcast);
++                if (r < 0)
++                        return r;
++
+                 if (link->network->dhcp_mtu) {
+                         r = sd_dhcp_client_set_request_option(link->dhcp_client, 26);
+                         if (r < 0)
+diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
+index ce9047c..53cfd5e 100644
+--- a/src/network/networkd-network-gperf.gperf
++++ b/src/network/networkd-network-gperf.gperf
+@@ -49,6 +49,7 @@ DHCP.UseHostname,            config_parse_bool,                  0,
+ DHCP.UseDomainName,          config_parse_bool,                  0,                             offsetof(Network, dhcp_domainname)
+ DHCP.UseRoutes,              config_parse_bool,                  0,                             offsetof(Network, dhcp_routes)
+ DHCP.SendHostname,           config_parse_bool,                  0,                             offsetof(Network, dhcp_sendhost)
++DHCP.RequestBroadcast,       config_parse_bool,                  0,                             offsetof(Network, dhcp_broadcast)
+ DHCP.CriticalConnection,     config_parse_bool,                  0,                             offsetof(Network, dhcp_critical)
+ /* backwards compatibility: do not add new entries to this section */
+ DHCPv4.UseDNS,               config_parse_bool,                  0,                             offsetof(Network, dhcp_dns)
+diff --git a/src/network/networkd.h b/src/network/networkd.h
+index 6a00175..1185747 100644
+--- a/src/network/networkd.h
++++ b/src/network/networkd.h
+@@ -180,6 +180,7 @@ struct Network {
+         bool dhcp_hostname;
+         bool dhcp_domainname;
+         bool dhcp_sendhost;
++        bool dhcp_broadcast;
+         bool dhcp_critical;
+         bool dhcp_routes;
+         bool ipv4ll;
+diff --git a/src/systemd/sd-dhcp-client.h b/src/systemd/sd-dhcp-client.h
+index c3ea059..0b07237 100644
+--- a/src/systemd/sd-dhcp-client.h
++++ b/src/systemd/sd-dhcp-client.h
+@@ -48,6 +48,7 @@ int sd_dhcp_client_set_callback(sd_dhcp_client *client, sd_dhcp_client_cb_t cb,
+ int sd_dhcp_client_set_request_option(sd_dhcp_client *client, uint8_t option);
+ int sd_dhcp_client_set_request_address(sd_dhcp_client *client,
+                                        const struct in_addr *last_address);
++int sd_dhcp_client_set_request_broadcast(sd_dhcp_client *client, int broadcast);
+ int sd_dhcp_client_set_index(sd_dhcp_client *client, int interface_index);
+ int sd_dhcp_client_set_mac(sd_dhcp_client *client,
+                            const struct ether_addr *addr);
+-- 
+1.8.5.5
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r6.ebuild
similarity index 96%
rename from sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r5.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r6.ebuild
index 168284a424..a6e16311ff 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r5.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-215-r6.ebuild
@@ -110,15 +110,8 @@ if [[ ${PV} == *9999 ]]; then
 		echo 'EXTRA_DIST =' > docs/gtk-doc.make
 	fi
 fi
-	# backports from master tagged with "Backport: bugfix" notes.
-	epatch "${FILESDIR}"/215-0001-udev-link_config-ignore-errors-due-to-missing-MAC-ad.patch
-	epatch "${FILESDIR}"/215-0002-util-consider-0x7F-a-control-chracter-which-it-is-DE.patch
-
-	# http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/20815
-	touch src/core/org.freedesktop.systemd1.policy.in.in || die
-
-	# http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/21074
-	touch units/emergency.service.in || die
+	# backports from master
+	epatch "${FILESDIR}"/215-*.patch
 
 	# Bug 463376
 	sed -i -e 's/GROUP="dialout"/GROUP="uucp"/' rules/*.rules || die