meson: bump version to 258.3

hwdb: update to main@{2025-12-10}
git restore -s origin/main hwdb.d/ test/hwdb.d
2026-03-25 16:25:04 +01:00 · 2025-12-12 13:44:06 +00:00 · 2025-12-10 15:40:24 +00:00 · 2025-12-10 15:40:24 +00:00 · 2025-12-10 15:40:24 +00:00 · 2025-12-10 15:40:24 +00:00
186 changed files with 11733 additions and 3773 deletions
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@ -25,7 +25,7 @@ jobs:

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@d45142e329550abc9c6fc63c1f1f86e5286d3d67
+      - uses: systemd/mkosi@5a476a92deca8ad54869e5d416217aa1bb137b25

      # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
      # immediately, we remove the files in the background. However, we first move them to a different location
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@ -29,7 +29,7 @@ jobs:
          fetch-depth: 0

      - name: Lint Code Base
-        uses: super-linter/super-linter/slim@12150456a73e248bdc94d0794898f94e23127c88
+        uses: super-linter/super-linter/slim@502f4fe48a81a392756e173e39a861f8c8efe056
        env:
          DEFAULT_BRANCH: main
          MULTI_STATUS: false
@ -38,7 +38,7 @@ jobs:
          LINTER_RULES_PATH: .github/linters
          GITHUB_ACTIONS_CONFIG_FILE: actionlint.yml

-      - uses: systemd/mkosi@d45142e329550abc9c6fc63c1f1f86e5286d3d67
+      - uses: systemd/mkosi@5a476a92deca8ad54869e5d416217aa1bb137b25

      - name: Check that tabs are not used in Python code
        run: sh -c '! git grep -P "\\t" -- src/core/generate-bpf-delegate-configs.py src/boot/generate-hwids-section.py src/ukify/ukify.py test/integration-tests/integration-test-wrapper.py'
--- a/.github/workflows/make-release.yml
+++ b/.github/workflows/make-release.yml
@ -18,7 +18,7 @@ jobs:

    steps:
      - name: Release
-        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631
+        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b
        with:
          prerelease: ${{ contains(github.ref_name, '-rc') }}
          draft: ${{ github.repository == 'systemd/systemd' }}
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@ -167,7 +167,7 @@ jobs:

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-      - uses: systemd/mkosi@d45142e329550abc9c6fc63c1f1f86e5286d3d67
+      - uses: systemd/mkosi@5a476a92deca8ad54869e5d416217aa1bb137b25

      # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
      # immediately, we remove the files in the background. However, we first move them to a different location
--- a/.github/workflows/unit-tests.sh
+++ b/.github/workflows/unit-tests.sh
@ -109,7 +109,7 @@ for phase in "${PHASES[@]}"; do
            run_meson -Dnobody-group=nogroup --werror -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true "${MESON_ARGS[@]}" build
            ninja -C build -v
            # Ensure setting a timezone (like the reproducible build tests do) does not break time/date unit tests
-            TZ=GMT+12 meson test "${MESON_TEST_ARGS[@]}" -C build --print-errorlogs
+            TZ=GMT+12 meson test "${MESON_TEST_ARGS[@]}" -C build --print-errorlogs --no-stdsplit
            ;;
        RUN_ASAN_UBSAN|RUN_GCC_ASAN_UBSAN|RUN_CLANG_ASAN_UBSAN|RUN_CLANG_ASAN_UBSAN_NO_DEPS)
            # TODO: drop after we switch to ubuntu 26.04
@ -151,7 +151,7 @@ for phase in "${PHASES[@]}"; do
            # during debugging, wonderful), so let's at least keep a workaround
            # here to make the builds stable for the time being.
            (set +x; while :; do echo -ne "\n[WATCHDOG] $(date)\n"; sleep 30; done) &
-            meson test --timeout-multiplier=3 -C build --print-errorlogs
+            meson test --timeout-multiplier=3 -C build --print-errorlogs --no-stdsplit
            ;;
        CLEANUP)
            info "Cleanup phase"
--- a/.packit.yml
+++ b/.packit.yml
@ -19,7 +19,7 @@ actions:
  post-upstream-clone:
    # Use the Fedora Rawhide specfile
    - git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm
-    - bash -c 'git -C .packit_rpm checkout "$(grep GIT_COMMIT= mkosi/mkosi.conf.d/centos-fedora/mkosi.conf.d/pkgenv.conf | cut -d= -f2)"'
+    - bash -c 'git -C .packit_rpm checkout "$(grep GIT_COMMIT= mkosi/mkosi.pkgenv/mkosi.conf.d/centos-fedora.conf | cut -d= -f2)"'
    - bash -c 'echo "%bcond upstream 1" > .packit_rpm/systemd.spec.new'
    - bash -c 'echo "%define meson_extra_configure_options --werror" >> .packit_rpm/systemd.spec.new'
    - bash -c 'cat .packit_rpm/systemd.spec >> .packit_rpm/systemd.spec.new'
@ -39,7 +39,7 @@ jobs:
  trigger: pull_request
  fmf_url: https://src.fedoraproject.org/rpms/systemd
  # This is automatically updated by tools/fetch-distro.py --update fedora
-  fmf_ref: 8e2833a5b64f7e2ce62ea0a2d0ec9e393e718dfa
+  fmf_ref: 12f95f807fef5075a8842dd107f83b4c41d5ac26
  targets:
  - fedora-rawhide-x86_64
  # testing-farm in the Fedora repository is explicitly configured to use testing-farm bare metal runners as
--- a/6
+++ b/6
@ -40,12 +40,12 @@ REQUIREMENTS:
                     ≥ 4.13 for TIOCGPTPEER and SYNTH_UUID= property support in uevent
                     ≥ 4.15 for cgroup-bpf device hook and cpu controller in cgroup v2
                     ≥ 4.17 for cgroup-bpf socket address hooks, /sys/power/resume_offset,
-                            and FRA_PROTOCOL attribute for fib rules
+                                and FRA_PROTOCOL attribute for fib rules
                     ≥ 4.20 for PSI (used by systemd-oomd)
                     ≥ 5.1 for SO_BINDTOIFINDEX
                     ≥ 5.2 for cgroup freezer and new mount API
                     ≥ 5.3 for bounded loops in BPF program, keyring namespacing,
-                           and nexthop support
+                               and nexthop support
                     ≥ 5.4 for pidfd and signed Verity images

        ⛔ Kernel versions below 5.4 ("minimum baseline") are not supported at all,
@ -71,7 +71,7 @@ REQUIREMENTS:
                     ≥ 6.6 for quota support on tmpfs
                     ≥ 6.9 for pidfs
                     ≥ 6.10 for fcntl(F_DUPFD_QUERY), unprivileged linkat(AT_EMPTY_PATH),
-                            and block device 'partscan' sysfs attribute
+                                and block device 'partscan' sysfs attribute
                     ≥ 6.13 for PIDFD_GET_INFO and {set,remove}xattrat()
                     ≥ 6.16 for coredump pattern '%F' (pidfd) specifier and SO_PASSRIGHTS

--- a/docs/AUTOMATIC_BOOT_ASSESSMENT.md
+++ b/docs/AUTOMATIC_BOOT_ASSESSMENT.md
@ -9,7 +9,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later

 systemd provides support for automatically reverting back to the previous
 version of the OS or kernel in case the system consistently fails to boot. The
-[Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting)
+[UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting)
 describes how to annotate boot loader entries with a counter that specifies how
 many attempts should be made to boot it. This document describes how systemd
 implements this scheme.
@ -28,7 +28,7 @@ Here's a brief overview of the complete set of components:
 * The
  [`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)
  boot loader optionally maintains a per-boot-loader-entry counter described by
-  the [Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting)
+  the [UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting)
  that is decreased by one on each attempt to boot the entry, prioritizing
  entries that have non-zero counters over those which already reached a
  counter of zero when choosing the entry to boot.
@ -61,7 +61,7 @@ Here's a brief overview of the complete set of components:
 ## Details

 As described in the
-[Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting),
+[UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting),
 the boot counting data is stored in the file name of the boot loader entries as
 a plus (`+`), followed by a number, optionally followed by `-` and another
 number, right before the file name suffix (`.conf` or `.efi`).
--- a/docs/BACKPORTS.md
+++ b/docs/BACKPORTS.md
@ -7,20 +7,30 @@ SPDX-License-Identifier: LGPL-2.1-or-later

 # Backports

-The upstream systemd git repo at [https://github.com/systemd/systemd](https://github.com/systemd/systemd) only contains the main systemd branch that progresses at a quick pace, continuously bringing both bugfixes and new features.
+The upstream systemd git repo at https://github.com/systemd/systemd
+contains the `main` branch that progresses at a quick pace,
+continuously bringing both bugfixes and new features.
+New releases are tagged as `vNNN` on this branch.

-Distributions usually prefer basing their releases on stabilized versions branched off from this, that receive the bugfixes but not the features.
+In addition to the `main` branch,
+the repo contains a number of branches for stable point updates for a given release,
+called `vNNN-stable`.
+Stable releases are tagged as `vNNN.X` on those branches.
+See [list of branches](https://github.com/systemd/systemd/branches/all?query=-stable)
+and [pull requests for stable branches](https://github.com/systemd/systemd/pulls?q=is%3Apr+is%3Aopen+label%3Astable-branch).

-## Stable Branch Repository
+Distributions usually prefer basing their releases on those stable branches.
+Stable branches are typically managed by distribution maintainers on an as-needed basis.

-Stable branches are available from [https://github.com/systemd/systemd-stable](https://github.com/systemd/systemd-stable).
+## Stable Branch Repository for older releases

-Stable branches are started for certain releases of systemd and named after them, e.g. v208-stable.
-Stable branches are typically managed by distribution maintainers on an as needed basis.
+Stable branches for releases up to 255 are available from
+[https://github.com/systemd/systemd-stable](https://github.com/systemd/systemd-stable).

-For example v208 has been chosen for stable as several distributions are shipping this version and the official/upstream cycle of v208-v209 was a long one due to kdbus work.
+## Policy for backports into stable branches

-If you are using a particular version and find yourself backporting several patches, you may consider pushing a stable branch here for that version so others can benefit.
+If you are using a particular version and find yourself backporting several patches,
+consider pushing a stable branch here for that version so others can benefit.

 Please contact us if you are interested.

@ -31,5 +41,16 @@ The following types of commits are cherry-picked onto those branches:
 * hardware database additions, especially the keymap updates
 * small non-conflicting features deemed safe to add in a stable release

-Please try to ensure that anything backported to the stable repository is done with the `git cherry-pick -x` option such that text stating the original SHA1 is added into the commit message.
-This makes it easier to check where the code came from (as sometimes it is necessary to add small fixes as new code due to the upstream refactors) that are deemed too invasive to backport as a stable patch.
+Please try to ensure that anything backported to the stable repository is done
+with the `git cherry-pick -x` option such that text stating the original SHA1 is added into the commit message.
+This makes it easier to check where the code came from
+(as sometimes it is necessary to add small fixes as new code due to the upstream refactors)
+that are deemed too invasive to backport as a stable patch.
+
+Pull requests for the stable branches should be tagged with `stable-branch`.
+
+Pull requests that shall be backported to stable releases,
+should be tagged with `needs-stable-backport`.
+See [pull requests marked for backporting](https://github.com/systemd/systemd/pulls?q=is%3Apr+label%3Aneeds-stable-backport).
+If only some commits should be backported, this should be mentioned in the pull request.
+If the backport is not obvious, additional justification can also be provided in the pull request.
--- a/docs/BOOT_LOADER_INTERFACE.md
+++ b/docs/BOOT_LOADER_INTERFACE.md
@ -136,7 +136,7 @@ the identifiers as passed in `LoaderEntries`, `LoaderEntryDefault`,
 names for them in UIs.

 1. When boot loader entries are defined through the
-   [Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/)
+   [BOOT.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/)
   files, the identifier should be derived directly from the file name,
   but with the `.conf` (Type #1 snippets) or `.efi` (Type #2 images)
   suffix removed.
@ -167,8 +167,8 @@ names for them in UIs.

 ## Links

-[Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)<br>
-[Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)<br>
+[UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)<br>
+[UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)<br>
 [`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)<br>
 [`bootctl(1)`](https://www.freedesktop.org/software/systemd/man/bootctl.html)<br>
 [`systemd-gpt-auto-generator(8)`](https://www.freedesktop.org/software/systemd/man/systemd-gpt-auto-generator.html)
--- a/docs/BUILDING_IMAGES.md
+++ b/docs/BUILDING_IMAGES.md
@ -66,7 +66,7 @@ boot. For that it's essential to:
 The
 [`kernel-install(8)`](https://www.freedesktop.org/software/systemd/man/kernel-install.html)
 logic used to generate
-[Boot Loader Specification Type #1](https://uapi-group.org/specifications/specs/boot_loader_specification/#type-1-boot-loader-specification-entries)
+[UAPI.1 Boot Loader Specification Type #1](https://uapi-group.org/specifications/specs/boot_loader_specification/#type-1-boot-loader-specification-entries)
 entries by default uses the machine ID as stored in `/etc/machine-id` for
 naming boot menu entries and the directories in the ESP to place kernel images in.
 This is done in order to allow multiple installations of the same OS on the
@ -207,7 +207,7 @@ it, then format it.
   in. The `x-systemd.growfs` mount option in `/etc/fstab` is sufficient to
   enable this logic for specific mounts. Alternatively appropriately set up
   partitions can set GPT partition flag 59 to request this behaviour, see the
-   [Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)
+   [UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)
   for details. If the file system is already grown it executes no operation.

 3. Similar, the `systemd-makefs@.service` and `systemd-makeswap@.service`
@ -268,8 +268,8 @@ fields.
 [`machine-id(5)`](https://www.freedesktop.org/software/systemd/man/machine-id.html)<br>
 [`systemd-random-seed(8)`](https://www.freedesktop.org/software/systemd/man/systemd-random-seed.service.html)<br>
 [`os-release(5)`](https://www.freedesktop.org/software/systemd/man/os-release.html)<br>
-[Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)<br>
-[Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)<br>
+[UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)<br>
+[UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)<br>
 [`mkosi`](https://github.com/systemd/mkosi)<br>
 [`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)<br>
 [`systemd-repart(8)`](https://www.freedesktop.org/software/systemd/man/systemd-repart.service.html)<br>
--- a/docs/CODING_STYLE.md
+++ b/docs/CODING_STYLE.md
@ -574,8 +574,8 @@ SPDX-License-Identifier: LGPL-2.1-or-later
  code. (With one exception: it is OK to log with DEBUG level from any code,
  with the exception of maybe inner loops).

- In public API calls, you **must** validate all your input arguments for
-  programming error with `assert_return()` and return a sensible return
+- In libsystemd public API calls, you **must** validate all your input arguments
+  for programming error with `assert_return()` and return a sensible return
  code. In all other calls, it is recommended to check for programming errors
  with a more brutal `assert()`. We are more forgiving to public users than for
  ourselves! Note that `assert()` and `assert_return()` really only should be
@ -973,5 +973,8 @@ SPDX-License-Identifier: LGPL-2.1-or-later
  macro exists for your specific use case, please add a new assertion macro in a
  separate commit.

+- Use `ASSERT_OK_ERRNO()` and similar macros instead of `ASSERT_OK()` when
+  calling glibc APIs that return the error in `errno`.
+
 - When modifying existing tests, please convert the test to use the new assertion
  macros from `tests.h` if it is not already using those.
--- a/docs/ELF_DLOPEN_METADATA.md
+++ b/docs/ELF_DLOPEN_METADATA.md
@ -1,176 +1 @@
---
-title: Dlopen Metadata for ELF Files
-category: Interfaces
-layout: default
-SPDX-License-Identifier: LGPL-2.1-or-later
---
-
-# `dlopen()` Metadata for ELF Files
-
-*Intended audience: hackers working on packaging ELF files that use dlopen to load libraries.*
-
-## Motivation
-
-Using `dlopen()` to load optional dependencies brings several advantages: programs can gracefully downgrade
-a feature when a library is not available, and the shared library is only loaded into the process (and its
-ELF constructors are run) only when the requested feature is actually used. But it also has some drawbacks,
-and the main one is that it is harder to track a program's dependencies, since unlike build-time dynamic
-linking there will not be a mention in the ELF metadata. This specification aims to solve this problem by
-providing a standardized specification for a custom ELF note that can be used to list `dlopen()`
-dependencies.
-
-## Implementation
-
-This document will attempt to define a common metadata format specification, so that multiple implementers
-might use it when coding upstream software, and packagers might use it when building packages and setting
-dependencies.
-
-The metadata will be embedded in a series of new, 4-byte-aligned, allocated, 0-padded, read-only ELF header
-sections, in a JSON array containing name-value objects, either one ELF note per dependency or as a single
-note listing multiple dependencies in the top-level array. Implementers working on parsing ELF files should
-not assume a specific list of names, but parse anything that is included in the section, and should look for
-the note using the `note type`. Implementers working on build tools should strive to use the same names, for
-consistency. The most common will be listed here.
-
-* Section header
-
-```
-SECTION: `.note.dlopen`
-note type: `0x407c0c0a`
-Owner: `FDO` (FreeDesktop.org)
-Value: an array of JSON objects encoded as a zero-terminated UTF-8 string
-```
-
-* JSON payload
-
-```json
-[
-    {
-        "soname":      ["libfoo.so.1"],
-        "feature":     "foo",
-        "description": "Enables the foo feature",
-        "priority":    "recommended"
-    }
-]
-```
-
-The format is a single JSON array containing objects, encoded as a zero-terminated `UTF-8` string. Each key
-in each object shall be unique as per recommendations of [RFC8259](https://datatracker.ietf.org/doc/html/rfc8259#section-4).
-Strings shall not contain any control characters or use `\uXXX` escaping.
-
-Reference implementations of [packaging tools for `.deb` and `.rpm`](https://github.com/systemd/package-notes)
-are available, and provide macros/helpers to parse the note when building packages and adding dependencies.
-
-## Well-known keys
-
-The metadata format is intentionally extensible, so that upstreams and later revisions of this spec can add
-their own information. The 'soname' array is required, with at least one element, everything else is
-optional. If alternative soname versions for the same library are supported at the same time, an array can
-be used, listing the most preferred first, and parsers are expected to select only the first one that is
-available on the system, as it is a mechanism to specify alternatives. If the `priority` field is used, it
-must follow the specification and use one of the values specified in the table. If it is not specified, a
-parser should assume 'recommended' if a priority is needed. If the `feature` field is used, it will identify
-an individual feature, and multiple entries using the same `feature` denote functionality that requires all
-of the libraries they specify in order to be enabled.
-
-| Key name    | Key type                   | Mandatory | Key description                                                          | Example value                    |
-|-------------|----------------------------|-----------|--------------------------------------------------------------------------|----------------------------------|
-| soname      | array of strings           | yes       | The library names loaded by `dlopen()`                                   | [ "libfoo.so.1", "libfoo.so.0" ] |
-| feature     | string                     | no        | A keyword identifying the feature that the library contributes to enable | "foo"                            |
-| description | string                     | no        | A human-readable text string describing the feature                      | "Enables the foo feature"        |
-| priority    | string                     | no        | The priority of the feature, one of: required, recommended, suggested    | "recommended"                    |
-
-### Priority definition
-
-| Priority    | Semantics                                                                                                                            |
-|-------------|--------------------------------------------------------------------------------------------------------------------------------------|
-| required    | Core functionality needs the dependency, the binary will not work if it cannot be found                                              |
-| recommended | Important functionality needs the dependency, the binary will work but in most cases the dependency should be provided               |
-| suggested   | Secondary functionality needs the dependency, the binary will work and the dependency is only needed for full-featured installations |
-
-### Displaying `dlopen()` notes
-
-The raw ELF section can be extracted using `objdump`:
-```console
-$ objdump -j .note.dlopen -s /usr/lib64/systemd/libsystemd-shared-257.so
-
-/usr/lib64/systemd/libsystemd-shared-257.so:     file format elf64-x86-64
-
-Contents of section .note.dlopen:
- 0334 04000000 8e000000 0a0c7c40 46444f00  ..........|@FDO.
- 0344 5b7b2266 65617475 7265223a 22627066  [{"feature":"bpf
- 0354 222c2264 65736372 69707469 6f6e223a  ","description":
- 0364 22537570 706f7274 20666972 6577616c  "Support firewal
- 0374 6c696e67 20616e64 2073616e 64626f78  ling and sandbox
- 0384 696e6720 77697468 20425046 222c2270  ing with BPF","p
- 0394 72696f72 69747922 3a227375 67676573  riority":"sugges
- 03a4 74656422 2c22736f 6e616d65 223a5b22  ted","soname":["
- 03b4 6c696262 70662e73 6f2e3122 2c226c69  libbpf.so.1","li
- 03c4 62627066 2e736f2e 30225d7d 5d000000  bbpf.so.0"]}]...
- 03d4 04000000 9e000000 0a0c7c40 46444f00  ..........|@FDO.
-...
-```
-
-It is more convenient to use a higher level tool:
-```console
-$ dlopen-notes /usr/lib64/systemd/libsystemd-shared-257.so
-# /usr/lib64/systemd/libsystemd-shared-257.so
-[
-  {
-    "feature": "archive",
-    "description": "Support for decompressing archive files",
-    "priority": "suggested",
-    "soname": [
-      "libarchive.so.13"
-    ]
-  },
-  {
-    "feature": "bpf",
-    "description": "Support firewalling and sandboxing with BPF",
-    "priority": "suggested",
-    "soname": [
-      "libbpf.so.1",
-      "libbpf.so.0"
-    ]
-  },
-...
-```
-
-`dlopen-notes` can display the notes grouped in a few different ways.
-One option is to filter the libraries by "feature". This answers the
-question "what libraries are needed to provide specified features":
-
-```console
-$ dlopen-notes.py -f archive,bpf /usr/lib64/systemd/libsystemd-shared-257.so
-# grouped by feature
-{
-  "bpf": {
-    "description": "Support firewalling and sandboxing with BPF",
-    "sonames": {
-      "libbpf.so.1": "suggested",
-      "libbpf.so.0": "suggested"
-    }
-  },
-  "archive": {
-    "description": "Support for decompressing archive files",
-    "sonames": {
-      "libarchive.so.13": "suggested"
-    }
-  }
-}
-
-The format that is used when building `deb` packages:
-```console
-$ dlopen-notes -s /usr/lib64/systemd/libsystemd-shared-257.so
-libarchive.so.13 suggested
-libbpf.so.0 suggested
-libbpf.so.1 suggested
-...
-```
-
-The format that can be useful when building `rpm` packages:
-```console
-$ dlopen-notes --rpm-requires archive --rpm-recommends bpf  /usr/lib64/systemd/libsystemd-shared-257.so
-Requires: libarchive.so.13()(64bit)
-Recommends: libbpf.so.1()(64bit)
-```
+[This content has moved to the UAPI group website](https://uapi-group.org/specifications/specs/elf_dlopen_metadata/)
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@ -230,7 +230,7 @@ All tools:
  file may be checked for by services run during system shutdown in order to
  request the appropriate operation from the boot loader in an alternative
  fashion. Note that by default only boot loader entries which follow the
-  [Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)
+  [UAPI.1 Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification)
  and are placed in the ESP or the Extended Boot Loader partition may be
  selected this way. However, if a directory `/run/boot-loader-entries/`
  exists, the entries are loaded from there instead. The directory should
@ -503,7 +503,7 @@ disk images with `--image=` or similar:
  to load the embedded Verity signature data. If enabled (which is the
  default), Verity root hash information and a suitable signature is
  automatically acquired from a signature partition, following the
-  [Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification).
+  [UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification).
  If disabled any such partition is ignored. Note that this only disables
  discovery of the root hash and its signature, the Verity data partition
  itself is still searched in the GPT image.
@ -536,8 +536,8 @@ disk images with `--image=` or similar:
 * `$SYSTEMD_DISSECT_VERITY_GUESS` – takes a boolean. Controls whether to guess
  the Verity root hash from the partition UUIDs of a suitable pair of data
  partition and matching Verity partition: the UUIDs two are simply joined and
-  used as root hash, in accordance with the recommendations in [Discoverable
-  Partitions
+  used as root hash, in accordance with the recommendations in [UAPI.2
+  Discoverable Partitions
  Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification). Defaults
  to true.

--- a/docs/HACKING.md
+++ b/docs/HACKING.md
@ -39,11 +39,11 @@ chance that your distribution's packaged version of mkosi will be too old.
 Then, you can build, run and test systemd executables as follows:

 ```sh
-$ mkosi -f genkey                                  # Generate signing keys once.
+$ mkosi -f genkey                                            # Generate signing keys once.
 $ mkosi -f box -- meson setup -Dbpf-framework=disabled build # bpftool detection inside mkosi box is broken on Ubuntu Noble and older
 $ mkosi -f box -- meson compile -C build
 $ mkosi -f box -- build/systemctl --version
-$ mkosi -f box -- meson test -C build          # Run the unit tests
+$ mkosi -f box -- meson test -C build --print-errorlogs      # Run the unit tests
 ```

 To build and boot an OS image with the latest systemd installed:
--- a/docs/MEMORY_PRESSURE.md
+++ b/docs/MEMORY_PRESSURE.md
@ -227,12 +227,15 @@ handling, it's typically sufficient to add a line such as:

 Other programming environments might have native APIs to watch memory
 pressure/low memory events. Most notable is probably GLib's
-[GMemoryMonitor](https://docs.gtk.org/gio/iface.MemoryMonitor.html). It
-currently uses the per-system Linux PSI interface as the backend, but operates
-differently than the above: memory pressure events are picked up by a system
-service, which then propagates this through D-Bus to the applications. This is
-typically less than ideal, since this means each notification event has to
-traverse three processes before being handled. This traversal creates
+[GMemoryMonitor](https://docs.gtk.org/gio/iface.MemoryMonitor.html). As of GLib
+2.86.0, it uses the per-cgroup PSI kernel file to monitor for memory pressure,
+but does not yet read the environment variables recommended above.
+
+In older versions, it used the per-system Linux PSI interface as the backend, but operated
+differently than the above: memory pressure events were picked up by a system
+service, which then propagated this through D-Bus to the applications. This was
+typically less than ideal, since this means each notification event had to
+traverse three processes before being handled. This traversal created
 additional latencies at a time where the system is already experiencing adverse
-latencies. Moreover, it focuses on system-wide PSI events, even though
+latencies. Moreover, it focused on system-wide PSI events, even though
 service-local ones are generally the better approach.
--- a/docs/MOUNT_REQUIREMENTS.md
+++ b/docs/MOUNT_REQUIREMENTS.md
@ -7,51 +7,72 @@ SPDX-License-Identifier: LGPL-2.1-or-later

 # Mount Point Availability Requirements

-systemd makes various requirements on the time during boot where various parts
-of the Linux file system hierarchy must be available and must be mounted. If
-the file systems backing these mounts are located on external or remote media,
-that require special drivers, infrastructure or networking to be set up, then
-this implies that this functionality must be started and running at that point
-already.
+This document describes the requirements placed by systemd
+on the time when various parts of the file system hierarchy
+must be available and mounted during boot.
+This document should be read in conjunction with
+[UAPI.9 Linux File System Hierarchy](https://uapi-group.org/specifications/specs/linux_file_system_hierarchy/),
+which describes the role of the mount points discussed here.

-Generally, there are three categories of requirements:
+If the file system backing a mount point is located on external or remote media
+that require special drivers, infrastructure or networking to be set up,
+then this implies that this functionality must be started and running
+at the point in the boot sequence when that mount point is required.
+
+There are three general categories of mount points:

 1. 🌥️ *initrd*: File system mounts that must be established before the OS
-   transitions into the root file system. (i.e. that must be stablished from
+   transitions into the root file system. (I.e., must be mounted in
   the initrd before the initrd→host transition takes place.)

-2. 🌤️ *early*: File system mounts that must be established during early boot,
-   after the initrd→host transition took place, but before regular services are
-   started. (i.e. before `local-fs.target` is reached.)
+2. 🌤️ *early*: File system mounts that must be established
+   before the end of "early boot", i.e. before `local-fs.target` is reached.
+   All services that do not explicitly opt-out of the dependency
+   are ordered after that point.

-3. ☀️ *regular*: File system mounts that can be mounted at any time during the
-   boot process – but which specific, individual services might require to be
-   established at the point they are started. (i.e. these mounts are typically
-   ordered before `remote-fs.target`.)
+3. ☀️ *regular*: File system mounts that can be mounted later.
+   Individual services might pull in specific mount points and be ordered after them.
+   Mount points that require network to be available
+   are typically ordered before `remote-fs.target`.
+   Those mount points may be established as automount points.

-Of course, mounts that fall into category 3 can also be mounted during the
-initrd or in early boot. And those from category 2 can also be mounted already
-from the initrd.
+Mounts in the later categories may be established earlier,
+i.e. mounts that fall into category 2/early may also be mounted in the initrd,
+and mounts in category 3/regular may also be mounted in the initrd or early boot.
+Since mount points that are lower in the hierarchy are mounted later,
+if a mount point is *not* split out,
+but a given subtree is part of the parent mount,
+the requirements for that subtree are trivially satisfied by the parent.
+
+A "mount point" in this document means the whole subtree of the hierarchy,
+until a mountpoint lower in the hierarchy which is conceptually separate.
+For example, on a system with a custom mount point located below `/var/spool/`,
+most of `/var/` would be in category 2/early,
+but the additional mount would be in category 3/regular.
+Conversely, if some part of `/usr/` that is normally part of that subtree
+was split out to a separate mount,
+this mount point would fall into category 1/initrd
+and configuration would need to be provided for it to be mounted in the initrd.

 Here's a table with relevant mounts and to which category they belong:

 | *Mount*       | *Category* |
 |---------------|------------|
-| `/` (root fs) |          1 |
-| `/usr/`       |          1 |
-| `/etc/`       |          1 |
-| `/var/`       |          2 |
-| `/var/tmp/`   |          2 |
-| `/tmp/`       |          2 |
-| `/home/`      |          3 |
-| `/srv/`       |          3 |
-| XBOOTLDR      |          3 |
-| ESP           |          3 |
+| `/` (root fs) |  1/initrd  |
+| `/usr/`       |  1/initrd  |
+| `/etc/`       |  1/initrd  |
+| `/var/`       |  2/early   |
+| `/var/tmp/`   |  2/early   |
+| `/tmp/`       |  2/early   |
+| `/home/`      |  3/regular |
+| `/srv/`       |  3/regular |
+| XBOOTLDR      |  3/regular |
+| ESP           |  3/regular |

 Or in other words: the root file system (obviously…), `/usr/` and `/etc/` (if
 these are split off) must be mounted at the moment the initrd transitions into
 the host. Then, `/var/` (with `/var/tmp/`) and `/tmp/` (if split off) must be
-mounted, before the host reaches `local-fs.target` (and then `basic.target`),
+mounted before the host reaches `local-fs.target` (and then `basic.target`),
 after which any remaining mounts may be established.

 If mounts such as `/var/` are not mounted during early boot (or from the
@ -63,18 +84,19 @@ Also note that the whole of `/var/` (including `/var/tmp/`), and `/tmp/` must
 be *writable* at the moment indicated above. It's OK if they are mounted
 read-only at an earlier time as long as they are remounted writable by the
 indicated point in time. Systems where these three hierarchies remain read-only
-during regular operation are not supported by `systemd`. (Note that for
-stateless systems it is absolutely OK and supported to mount an empty `tmpfs`
-there at boot, `systemd` will know how to populate the tree as necessary.)
+during regular operation are not supported by `systemd`.
+
+An exception to the rules described above are ephemeral systems,
+where the root file system is initially an empty `tmpfs` mount point
+and parts of the file system hierarchy are populated by systemd during early boot.

 If you intend to use network-backed mounts (NFS, SMB, iSCSI, NVME-TCP and
 similar, including anything you add the `_netdev` pseudo mount option to) for
-any of the mounts from category 1 or 2, make sure to use a network managing
-implementation that is capable of running from the initrd/during early
-boot. [`systemd-networkd(8)`](https://www.freedesktop.org/software/systemd/man/latest/systemd-networkd.html)
+any of the mounts from category 1/initrd or 2/early,
+make sure to use a network manager that is capable of running in the initrd or early boot.
+[`systemd-networkd(8)`](https://www.freedesktop.org/software/systemd/man/latest/systemd-networkd.html)
 for example works well in such scenarios.

-Note that
 [`systemd-homed.service(8)`](https://www.freedesktop.org/software/systemd/man/latest/systemd-homed.html)
-(which is a regular service, i.e. runs after `basic.target`) requires `/home/`
-to be mounted.
+is an example of a regular service from category 3/regular.
+It runs after `basic.target` and requires `/home/` to be mounted.
--- a/docs/PACKAGE_METADATA_FOR_EXECUTABLE_FILES.md
+++ b/docs/PACKAGE_METADATA_FOR_EXECUTABLE_FILES.md
@ -1,236 +1 @@
---
-title: Package Metadata for Executable Files
-category: Interfaces
-layout: default
-SPDX-License-Identifier: LGPL-2.1-or-later
---
-
-# Package Metadata for Executable Files
-
-*Intended audience: hackers working on userspace subsystems that
-create or manipulate ELF or PE/COFF binaries
-or parse core files.*
-
-## Motivation
-
-ELF binaries get stamped with a unique, build-time generated hex string identifier called `build-id`,
-[which gets embedded as an ELF note called `.note.gnu.build-id`](https://fedoraproject.org/wiki/Releases/FeatureBuildId).
-In most cases, this allows a stripped binary to be associated with its debugging information.
-It is used, for example, to dynamically fetch DWARF symbols from a debuginfo server, or
-to query the local package manager and find out the package metadata or, again, the DWARF
-symbols or program sources.
-
-However, this usage of the `build-id` requires either local metadata, usually set up by
-the package manager, or access to a remote server over the network. Both of those might
-be unavailable or forbidden.
-
-Thus it becomes desirable to add additional metadata to a binary at build time, so that
-`systemd-coredump` and other services analyzing core files are able to extract said
-metadata simply from the core file itself, without external dependencies.
-
-This metadata is stored as a section in the executable file,
-so that it will be loaded into memory along with the text and data of the binary,
-and will be preserved in a core dump.
-This metadata can also be easily read from the file on disk,
-so it can be used to identify provenience of files,
-independently of any package management system,
-even if the file is renamed or copied.
-
-## Implementation
-
-This document will attempt to define a common metadata format specification, so that
-multiple implementers might use it when building packages, or core file analyzers, and
-so on.
-
-Implementers working on parsing the metadata should not assume a specific list of names,
-but parse anything that is included in the JSON object.
-
-Implementers working on build tools should strive to use the same names, for consistency.
-The most common will be listed here.
-When corresponding to the content of os-release, the values should match, again for consistency.
-
-If available, the metadata should also include the debuginfod server URL that can provide
-the original executable, debuginfo and sources, to further facilitate debugging.
-
-### ELF header section
-
-The metadata will be embedded in a single, 4 byte-aligned, allocated, NUL-padded,
-read-only ELF header section, in a name-value JSON object format.
-The JSON string is terminated with a NUL
-and subsequently padded with NULs to a multiple of four bytes.
-
-The `note type` must be set during creation and checked when reading.
-
-Section: `.note.package`<br/>
-`note type`: `0xcafe1a7e`<br/>
-Owner: `FDO` (FreeDesktop.org)<br/>
-Value: a single JSON object encoded as a NUL-terminated UTF-8 string
-
-### PE/COFF section
-
-The metadata will be embedded in a single, allocated, NUL-padded,
-read-only COFF data section,
-in a name-value JSON object format.
-The JSON string is terminated with a NUL
-and subsequently padded with NULs if appropriate.
-The `IMAGE_SCN_CNT_INITIALIZED_DATA` section flag shall be set.
-The alignment and padding shall be chosen as appropriate for the use of the PE/COFF file.
-
-Section: `.pkgnote`<br/>
-Value: a single JSON object encoded as a NUL-terminated UTF-8 string
-
-### JSON payload
-
-```json
-{
-     "type":"rpm",          # this provides a namespace for the package+package-version fields
-     "os":"fedora",
-     "osVersion":"33",
-     "name":"coreutils",
-     "version":"4711.0815.fc13",
-     "architecture":"arm32",
-     "osCpe": "cpe:2.3:o:fedoraproject:fedora:33",          # A CPE name for the operating system, `CPE_NAME` from os-release is a good default
-     "appCpe": "cpe:2.3:a:gnu:coreutils:5.0",               # A CPE name for the upstream application, use NVD CPE search
-     "debugInfoUrl": "https://debuginfod.fedoraproject.org/"
-}
-```
-
-The format is a single JSON object,
-encoded as a NUL-terminated `UTF-8` string.
-Each name in the object shall be unique as per recommendations of
-[RFC8259](https://datatracker.ietf.org/doc/html/rfc8259#section-4).
-Strings shall not contain any control characters or use `\uXXX` escaping.
-
-When it comes to JSON numbers, this specification assumes that JSON parsers
-processing this information are capable of reproducing the full signed 53bit
-integer range (i.e. -2⁵³+1…+2⁵³-1) as well as the full 64-bit IEEE floating
-point number range losslessly (with the exception of NaN/-inf/+inf, since JSON
-cannot encode that), as per recommendations of
-[RFC8259](https://datatracker.ietf.org/doc/html/rfc8259#page-8). Fields in
-these JSON objects are thus permitted to encode numeric values from these
-ranges as JSON numbers, and should not use numeric values not covered by these
-types and ranges.
-
-If available, the metadata should also include the debuginfod server URL that can provide
-the original executable, debuginfo and sources, to further facilitate debugging.
-
-Reference implementations of [packaging tools for .deb and .rpm](https://github.com/systemd/package-notes)
-are available, and provide macros/helpers to include the note in binaries built
-by the package build system.
-They make use of the new `--package-metadata=` flag that is available in the
-`bfd`, `gold`, `mold`, and `lld` linkers
-(versions 2.39, 2.39, 1.3.0, and 15.0 respectively).
-This linker flag takes the JSON payload as parameter.
-
-## Well-known keys
-
-The metadata format is intentionally left open, so that vendors can add their own information.
-A set of well-known keys is defined here, and hopefully shared among all vendors.
-
-| Key name     | Key description                                                          | Example value                         |
-|--------------|--------------------------------------------------------------------------|---------------------------------------|
-| type         | The packaging type                                                       | rpm                                   |
-| os           | The OS name, typically corresponding to ID in os-release                 | fedora                                |
-| osVersion    | The OS version, typically corresponding to VERSION_ID in os-release      | 33                                    |
-| name         | The source package name                                                  | coreutils                             |
-| version      | The source package version                                               | 4711.0815.fc13                        |
-| architecture | The binary package architecture                                          | arm32                                 |
-| osCpe        | A CPE name for the OS, typically corresponding to CPE_NAME in os-release | cpe:2.3:o:fedoraproject:fedora:33     |
-| appCpe       | A CPE name for the upstream Application, as found in [NVD CPE search]    | cpe:2.3:a:gnu:coreutils:5.0           |
-| debugInfoUrl | The debuginfod server url, if available                                  | https://debuginfod.fedoraproject.org/ |
-
-[NVD CPE search]: https://nvd.nist.gov/products/cpe/search
-
-### Displaying package notes
-
-The raw ELF section can be extracted using `objdump`:
-```console
-$ objdump -j .note.package -s /usr/bin/ls
-
-/usr/bin/ls:     file format elf64-x86-64
-
-Contents of section .note.package:
- 03cc 04000000 7c000000 7e1afeca 46444f00  ....|...~...FDO.
- 03dc 7b227479 7065223a 2272706d 222c226e  {"type":"rpm","n
- 03ec 616d6522 3a22636f 72657574 696c7322  ame":"coreutils"
- 03fc 2c227665 7273696f 6e223a22 392e342d  ,"version":"9.4-
- 040c 372e6663 3430222c 22617263 68697465  7.fc40","archite
- 041c 63747572 65223a22 7838365f 3634222c  cture":"x86_64",
- 042c 226f7343 7065223a 22637065 3a2f6f3a  "osCpe":"cpe:/o:
- 043c 6665646f 72617072 6f6a6563 743a6665  fedoraproject:fe
- 044c 646f7261 3a343022 7d000000           dora:40"}...
-```
-
-It is more convenient to use a higher level tool:
-```console
-$ readelf --notes /usr/bin/ls
-...
-Displaying notes found in: .note.gnu.build-id
-  Owner                Data size 	Description
-  GNU                  0x00000014	NT_GNU_BUILD_ID (unique build ID bitstring)
-    Build ID: 40e5a1570a9d97fc48f5c61cfb7690fec0f872b2
-
-Displaying notes found in: .note.ABI-tag
-  Owner                Data size 	Description
-  GNU                  0x00000010	NT_GNU_ABI_TAG (ABI version tag)
-    OS: Linux, ABI: 3.2.0
-
-Displaying notes found in: .note.package
-  Owner                Data size 	Description
-  FDO                  0x0000007c	FDO_PACKAGING_METADATA
-    Packaging Metadata: {"type":"rpm","name":"coreutils","version":"9.4-7.fc40","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:40"}
-...
-
-$ systemd-analyze inspect-elf /usr/bin/ls
-           path: /usr/bin/ls
-        elfType: executable
-elfArchitecture: AMD x86-64
-
-           type: rpm
-           name: coreutils
-        version: 9.4-7.fc40
-   architecture: x86_64
-          osCpe: cpe:/o:fedoraproject:fedora:40
-        buildId: 40e5a1570a9d97fc48f5c61cfb7690fec0f872b2
-```
-
-If the binary crashes, `systemd-coredump` will display the combined information
-from the crashing binary and any shared libraries it links to:
-
-```console
-$  coredumpctl info
-           PID: 3987823 (ls)
-        Signal: 11 (SEGV)
-  Command Line: ls --color=tty -lR /
-    Executable: /usr/bin/ls
-...
-       Storage: /var/lib/systemd/coredump/core.ls.1000.88dea1b9831c420dbb398f9d2ad9b41e.3987823.1726230641000000.zst (present)
-  Size on Disk: 194.4K
-       Package: coreutils/9.4-7.fc40
-      build-id: 40e5a1570a9d97fc48f5c61cfb7690fec0f872b2
-       Message: Process 3987823 (ls) of user 1000 dumped core.
-
-                Module /usr/bin/ls from rpm coreutils-9.4-7.fc40.x86_64
-                Module libz.so.1 from rpm zlib-ng-2.1.7-1.fc40.x86_64
-                Module libcrypto.so.3 from rpm openssl-3.2.2-3.fc40.x86_64
-                Module libmount.so.1 from rpm util-linux-2.40.1-1.fc40.x86_64
-                Module libcrypt.so.2 from rpm libxcrypt-4.4.36-5.fc40.x86_64
-                Module libblkid.so.1 from rpm util-linux-2.40.1-1.fc40.x86_64
-                Module libnss_sss.so.2 from rpm sssd-2.9.5-1.fc40.x86_64
-                Module libpcre2-8.so.0 from rpm pcre2-10.44-1.fc40.x86_64
-                Module libcap.so.2 from rpm libcap-2.69-8.fc40.x86_64
-                Module libselinux.so.1 from rpm libselinux-3.6-4.fc40.x86_64
-                Stack trace of thread 3987823:
-                #0  0x00007f19331c3f7e lgetxattr (libc.so.6 + 0x116f7e)
-                #1  0x00007f19332be4c0 lgetfilecon_raw (libselinux.so.1 + 0x134c0)
-                #2  0x00007f19332c3bd9 lgetfilecon (libselinux.so.1 + 0x18bd9)
-                #3  0x000056038273ad55 gobble_file.constprop.0 (/usr/bin/ls + 0x17d55)
-                #4  0x0000560382733c55 print_dir (/usr/bin/ls + 0x10c55)
-                #5  0x0000560382727c35 main (/usr/bin/ls + 0x4c35)
-                #6  0x00007f19330d7088 __libc_start_call_main (libc.so.6 + 0x2a088)
-                #7  0x00007f19330d714b __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2a14b)
-                #8  0x0000560382728f15 _start (/usr/bin/ls + 0x5f15)
-                ELF object binary architecture: AMD x86-64
-```
-
-(This is just a simulation. `ls` is not prone to crashing with a segmentation violation.)
+[This content has moved to the UAPI group website](https://uapi-group.org/specifications/specs/package_metadata_for_executable_files/)
--- a/docs/PORTABLE_SERVICES.md
+++ b/docs/PORTABLE_SERVICES.md
@ -162,7 +162,7 @@ Specifically, the following requirements are made for an image that can be attac
   an image with a partition table understood by the Linux kernel with only a
   single partition defined, or alternatively, a GPT partition table with a set
   of properly marked partitions following the
-   [Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification).
+   [UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification).

 3. The image must at least contain one matching unit file, with the right name
   prefix and suffix (see above).
--- a/docs/PORTING_TO_NEW_ARCHITECTURES.md
+++ b/docs/PORTING_TO_NEW_ARCHITECTURES.md
@ -27,7 +27,7 @@ architecture.
   partitions. Use `systemd-id128 new -p` to generate new suitable UUIDs you
   can use for this. Make sure to register your new types in the various
   functions in `gpt.c`. Also make sure to update the tables in
-   [Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)
+   [UAPI.2 Discoverable Partitions Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification)
   and `man/systemd-gpt-auto-generator.xml` accordingly.

 3. If your architecture supports UEFI, make sure to update the `efi_arch`
--- a/docs/RELEASE.md
+++ b/docs/RELEASE.md
@ -13,7 +13,7 @@ SPDX-License-Identifier: LGPL-2.1-or-later
 4. Update hwdb (`ninja -C build update-hwdb`, `ninja -C build update-hwdb-autosuspend`, commit separately).
 5. Update syscall numbers (`ninja -C build update-syscall-tables update-syscall-header`).
 6. [RC1] Update library numbers in `meson.build`
-7. Update version number in `meson.version` (e.g. from `256~devel` to `256~rc1` or from `256~rc3` to `256`). Note that this uses a tilde (\~) instead of a hyphen (-) because tildes sort lower in version comparisons according to the [version format specification](https://uapi-group.org/specifications/specs/version_format_specification/), and we want `255~rc1` to sort lower than `255`.
+7. Update version number in `meson.version` (e.g. from `256~devel` to `256~rc1` or from `256~rc3` to `256`). Note that this uses a tilde (\~) instead of a hyphen (-) because tildes sort lower in version comparisons according to the [UAPI.10 Version Format Specification](https://uapi-group.org/specifications/specs/version_format_specification/), and we want `255~rc1` to sort lower than `255`.
 8. Check dbus docs with `ninja -C build update-dbus-docs`
 9. Check manpages list with `ninja -C build update-man-rules`
 10. Update translation strings (`ninja -C build systemd-pot`, `ninja -C build systemd-update-po`) - drop the header comments from `systemd.pot` + re-add SPDX before committing. If the only change in a file is the 'POT-Creation-Date' field, then ignore that file.
--- a/docs/ROOTFS_DISCOVERY.md
+++ b/docs/ROOTFS_DISCOVERY.md
@ -15,13 +15,13 @@ components:
   i.e. [`systemd-boot`](https://www.freedesktop.org/software/systemd/man/latest/systemd-boot.html)
   that provides interactive and programmatic control of what precisely to
   boot. It takes care of enumerating all possible boot targets (implementing
-   the [Boot Loader
+   the [UAPI.1 Boot Loader
   Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/)),
   potentially presenting it to the user in a menu, but otherwise picking an
   item automatically, implementing boot counting and automatic rollback if
   desired.

-2. A [unified kernel image
+2. A [UAPI.5 Unified Kernel Image
   ("UKI")](https://uapi-group.org/specifications/specs/unified_kernel_image/),
   i.e. an UEFI PE executable that combines
   [`systemd-stub`](https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html),
@ -133,7 +133,7 @@ the same disk. Specifically:
   ESP as well, in particular below the `/loader/` subdirectory.

 2. The UKIs may either be placed in the ESP (below the `/EFI/Linux/`
-   subdirectory), or in the [Extended Boot Loader
+   subdirectory), or in the [UAPI.1 Extended Boot Loader
   Partition](https://uapi-group.org/specifications/specs/boot_loader_specification/#the-partitions)
   ("XBOOTLDR"), which can be placed on the same disk as the ESP and is also
   VFAT. XBOOTLDR is an optional concept and it's only *raison d'être* is that
@ -146,7 +146,7 @@ the same disk. Specifically:
 3. The `rootfs` is placed on the same disk as the ESP/XBOOTLDR, in a partition
   marked with a special GPT partition type. Various other well-known types of
   partitions can be placed next to the `rootfs` and are automatically
-   discovered and mounted, see the [Discoverable Partitions
+   discovered and mounted, see the [UAPI.2 Discoverable Partitions
   Specification](https://uapi-group.org/specifications/specs/discoverable_partitions_specification/)
   for details.

@ -179,8 +179,8 @@ each of these resources:
   [`bootctl`](https://www.freedesktop.org/software/systemd/man/latest/bootctl.html),
   `efibootmgr` or `kernel-bootcfg`.

-2. The `systemd-boot` boot loader may be configured via [`Boot Loader
-   Specification Type #1`](https://uapi-group.org/specifications/specs/boot_loader_specification/)
+2. The `systemd-boot` boot loader may be configured via [UAPI.1 Boot Loader
+   Specification Type #1](https://uapi-group.org/specifications/specs/boot_loader_specification/)
   entries to acquire UKIs or similar from other locations.

 3. The `initrd` part of the UKI understands the `root=` (and `mount.usr=`)
@ -220,7 +220,7 @@ local disk. This can happen at each of these three components:
   `rootfs` from HTTP
   sources](https://www.freedesktop.org/software/systemd/man/latest/systemd-import-generator.html),
   either in a GPT disk image (specifically:
-   [DDIs](https://uapi-group.org/specifications/specs/discoverable_disk_image/),
+   [UAPI.3 DDIs](https://uapi-group.org/specifications/specs/discoverable_disk_image/),
   with `.raw` suffix) or in a `.tar` file, which are placed in system RAM and
   then booted into (these downloads can be downloaded in compressed form and
   are automatically decompressed on-the-fly). This of course requires
--- a/docs/TPM2_PCR_MEASUREMENTS.md
+++ b/docs/TPM2_PCR_MEASUREMENTS.md
@ -17,7 +17,7 @@ to systemd's UEFI-mode measurements, and if the latter are not done the former
 aren't made either.

 See
-[Linux TPM PCR Registry](https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/)
+[UAPI.7 Linux TPM PCR Registry](https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/)
 for an overview of PCRs.

 systemd will measure to PCRs 5 (`boot-loader-config`), 11 (`kernel-boot`),
@ -77,8 +77,8 @@ trailing NUL bytes).
 ### PCR 11, `EV_IPL`, PE section name

 A measurement is made for each PE section of the UKI that is defined by the
-[UKI
-specification](https://uapi-group.org/specifications/specs/unified_kernel_image/),
+[UAPI.5 UKI
+Specification](https://uapi-group.org/specifications/specs/unified_kernel_image/),
 in the canonical order described in the specification.

 Happens once for each UKI-defined PE section of the UKI, in the canonical UKI
--- a/docs/VARLINK.md
+++ b/docs/VARLINK.md
@ -0,0 +1,74 @@
+---
+title: Varlink API Style
+category: Contributing
+layout: default
+SPDX-License-Identifier: LGPL-2.1-or-later
+---
+
+# General guideline
+
+- Varlink field names should use camelCase. This guideline does not apply to
+  well-known and documented configuration options, such as those defined in
+  [systemd.unit](https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html),
+  where existing naming conventions should be preserved for
+  compatibility and clarity.
+
+- Every field and method should include meaningful documentation. It's
+  acceptable to reference existing documentation where appropriate.
+  Documentation may be omitted only when the meaning is self-evident, even to
+  someone not already familiar with varlink interface/method.
+
+- Varlink fields should optimize toward clarity:
+  * avoid abbreviations: `cacheDir` -> `cacheDirectory`
+  * prefer string values over numeric codes when possible,
+    to make interfaces more self-descriptive and easier to understand.
+
+# Interface structure
+
+- Varlink methods should consider splitting their output into 'context' and
+  'runtime' sections. The guiding principle is simple: if a property makes
+  sense to include in a configuration (e.g. unit file), it belongs to 'context';
+  otherwise, it goes under 'runtime'. This split ensures a consistent and
+  reusable structure. Functions that describe an object can produce context
+  data that other functions can later consume to create a similar object.
+
+  Example: `io.systemd.Unit.List` outputs unit configuration, which can later
+  be reused to create another unit via `io.systemd.Unit.StartTransient` (not
+  implemented yet). The `io.systemd.Unit.StartTransient` call should accept
+  only the 'context' portion of the output, without requiring any runtime data
+  such as state (e.g. pid) or statistics.
+
+- Following the guideline above, any field within 'context' should be nullable
+  by default. This ensures that when a context structure is used as input, the
+  caller is not required to provide every field explicitly. Omitted fields are
+  automatically assigned their default values, allowing partial context
+  definitions to be valid and simplifying reuse across different operations.
+  Fields that cannot logically be omitted in input (e.g. a unit type) may remain
+  non-nullable.
+
+# Enums
+
+- Enum fields in the codebase must be exposed as string values in Varlink, not
+  as their underlying integer representations. Use `SD_VARLINK_DEFINE_ENUM_TYPE`
+  to declare an enum type in the Varlink specification.
+
+- The Varlink IDL validator does not permit enum values that contain dashes.
+  Therefore, when defining an enum for Varlink, replace dashes with underscores.
+
+- Varlink interface should output enum values using the underscore form. For
+  input, it should accept both the original dash-containing form and the
+  underscore form. The following helpers simplify this:
+  * `JSON_BUILD_STRING_UNDERSCORIFY` - outputs a stringified enum value
+    with dashes converted to underscores.
+  * `JSON_DISPATCH_ENUM_DEFINE` - creates a `json_dispatch_*` function that
+    accepts both the original and the underscorified enum value as valid input.
+
+- An internal enum may be exposed as a simple string field instead of a Varlink
+  enum type when the field is output-only and never provided or controlled by
+  the user. However, such fields should avoid using dashes to prevent breaking
+  changes if they are later converted into enums (see below).
+
+- A varlink string field that has a finite set of possible values may later be
+  converted into an enum without introducing a breaking change. This allows the
+  interface to evolve from loosely defined string values to a more explicit and
+  type-safe enumeration once the valid options are well established.
--- a/factory/templates/meson.build
+++ b/factory/templates/meson.build
@ -15,3 +15,9 @@ custom_target(
        command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'],
        install : true,
        install_dir : factory_etc_dir)
+
+if conf.get('ENABLE_NSS') == 1
+        install_data(
+                'nsswitch.conf',
+                install_dir : factory_etc_dir)
+endif
--- a/factory/templates/nsswitch.conf
+++ b/factory/templates/nsswitch.conf
--- a/hwdb.d/20-OUI.hwdb
+++ b/hwdb.d/20-OUI.hwdb
--- a/hwdb.d/20-acpi-vendor.hwdb
+++ b/hwdb.d/20-acpi-vendor.hwdb
@ -18,6 +18,12 @@ acpi:AANT*:
 acpi:AAVA*:
 ID_VENDOR_FROM_DATABASE=Aava Mobile Oy

+acpi:ACPI*:
+ ID_VENDOR_FROM_DATABASE=Intel Corporation
+
+acpi:AHCL*:
+ ID_VENDOR_FROM_DATABASE=Advantech Co., Ltd.
+
 acpi:AMDI*:
 ID_VENDOR_FROM_DATABASE=AMD

@ -306,6 +312,9 @@ acpi:PEGA*:
 acpi:PHYT*:
 ID_VENDOR_FROM_DATABASE=Phytium Technology Co. Ltd.

+acpi:PICO*:
+ ID_VENDOR_FROM_DATABASE=Picoheart (SG) Pte. Ltd.
+
 acpi:PIXA*:
 ID_VENDOR_FROM_DATABASE=PixArt imaging inc.

@ -381,6 +390,9 @@ acpi:SWEM*:
 acpi:SYNA*:
 ID_VENDOR_FROM_DATABASE=Synaptics Inc

+acpi:SYNC*:
+ ID_VENDOR_FROM_DATABASE=SYNCS / Aviot Systems Pte Ltd
+
 acpi:TCAG*:
 ID_VENDOR_FROM_DATABASE=Teracue AG

--- a/hwdb.d/20-acpi-vendor.hwdb.patch
+++ b/hwdb.d/20-acpi-vendor.hwdb.patch
@ -1,5 +1,5 @@
--- 20-acpi-vendor.hwdb.base	2025-09-17 09:39:11.942879943 +0100
-+++ 20-acpi-vendor.hwdb	2025-09-17 09:39:11.950880802 +0100
+--- 20-acpi-vendor.hwdb.base	2025-11-26 01:12:05.447760939 +0000
+++ 20-acpi-vendor.hwdb	2025-11-26 01:12:05.459761232 +0000
@@ -3,6 +3,8 @@
 # Data imported from:
 #     https://uefi.org/uefi-pnp-export
@ -9,17 +9,7 @@
 
 acpi:3GVR*:
  ID_VENDOR_FROM_DATABASE=VR Technology Holdings Limited
-@@ -16,9 +18,6 @@
- acpi:AAVA*:
-  ID_VENDOR_FROM_DATABASE=Aava Mobile Oy
- 
-acpi:ACPI*:
- ID_VENDOR_FROM_DATABASE=Intel Corporation
-
- acpi:AMDI*:
-  ID_VENDOR_FROM_DATABASE=AMD
- 
-@@ -427,6 +426,9 @@
+@@ -436,6 +438,9 @@
 acpi:AAA*:
  ID_VENDOR_FROM_DATABASE=Avolites Ltd
 
@ -29,7 +19,7 @@
 acpi:AAE*:
  ID_VENDOR_FROM_DATABASE=Anatek Electronics Inc.
 
-@@ -454,6 +456,9 @@
+@@ -463,6 +468,9 @@
 acpi:ABO*:
  ID_VENDOR_FROM_DATABASE=D-Link Systems Inc
 
@ -39,7 +29,7 @@
 acpi:ABS*:
  ID_VENDOR_FROM_DATABASE=Abaco Systems, Inc.
 
-@@ -499,7 +504,7 @@
+@@ -508,7 +516,7 @@
 acpi:ACO*:
  ID_VENDOR_FROM_DATABASE=Allion Computer Inc.
 
@ -48,7 +38,7 @@
  ID_VENDOR_FROM_DATABASE=Aspen Tech Inc
 
 acpi:ACR*:
-@@ -778,6 +783,9 @@
+@@ -787,6 +795,9 @@
 acpi:AMT*:
  ID_VENDOR_FROM_DATABASE=AMT International Industry
 
@ -58,7 +48,7 @@
 acpi:AMX*:
  ID_VENDOR_FROM_DATABASE=AMX LLC
 
-@@ -826,6 +834,9 @@
+@@ -835,6 +846,9 @@
 acpi:AOA*:
  ID_VENDOR_FROM_DATABASE=AOpen Inc.
 
@ -68,7 +58,7 @@
 acpi:AOE*:
  ID_VENDOR_FROM_DATABASE=Advanced Optics Electronics, Inc.
 
-@@ -835,6 +846,9 @@
+@@ -844,6 +858,9 @@
 acpi:AOT*:
  ID_VENDOR_FROM_DATABASE=Alcatel
 
@ -78,7 +68,7 @@
 acpi:APC*:
  ID_VENDOR_FROM_DATABASE=American Power Conversion
 
-@@ -1016,7 +1030,7 @@
+@@ -1025,7 +1042,7 @@
  ID_VENDOR_FROM_DATABASE=ALPS ALPINE CO., LTD.
 
 acpi:AUO*:
@ -87,7 +77,7 @@
 
 acpi:AUR*:
  ID_VENDOR_FROM_DATABASE=Aureal Semiconductor
-@@ -1096,6 +1110,9 @@
+@@ -1105,6 +1122,9 @@
 acpi:AXE*:
  ID_VENDOR_FROM_DATABASE=Axell Corporation
 
@ -97,7 +87,7 @@
 acpi:AXI*:
  ID_VENDOR_FROM_DATABASE=American Magnetics
 
-@@ -1255,6 +1272,9 @@
+@@ -1264,6 +1284,9 @@
 acpi:BML*:
  ID_VENDOR_FROM_DATABASE=BIOMED Lab
 
@ -107,7 +97,7 @@
 acpi:BMS*:
  ID_VENDOR_FROM_DATABASE=BIOMEDISYS
 
-@@ -1267,6 +1287,9 @@
+@@ -1276,6 +1299,9 @@
 acpi:BNO*:
  ID_VENDOR_FROM_DATABASE=Bang & Olufsen
 
@ -117,7 +107,7 @@
 acpi:BNS*:
  ID_VENDOR_FROM_DATABASE=Boulder Nonlinear Systems
 
-@@ -1513,6 +1536,9 @@
+@@ -1522,6 +1548,9 @@
 acpi:CHA*:
  ID_VENDOR_FROM_DATABASE=Chase Research PLC
 
@ -127,7 +117,7 @@
 acpi:CHD*:
  ID_VENDOR_FROM_DATABASE=ChangHong Electric Co.,Ltd
 
-@@ -1678,6 +1704,9 @@
+@@ -1687,6 +1716,9 @@
 acpi:COD*:
  ID_VENDOR_FROM_DATABASE=CODAN Pty. Ltd.
 
@ -137,7 +127,7 @@
 acpi:COI*:
  ID_VENDOR_FROM_DATABASE=Codec Inc.
 
-@@ -2096,7 +2125,7 @@
+@@ -2105,7 +2137,7 @@
  ID_VENDOR_FROM_DATABASE=Dragon Information Technology
 
 acpi:DJE*:
@ -146,7 +136,7 @@
 
 acpi:DJP*:
  ID_VENDOR_FROM_DATABASE=Maygay Machines, Ltd
-@@ -2449,6 +2478,9 @@
+@@ -2458,6 +2490,9 @@
 acpi:EIN*:
  ID_VENDOR_FROM_DATABASE=Elegant Invention
 
@ -156,7 +146,7 @@
 acpi:EKA*:
  ID_VENDOR_FROM_DATABASE=MagTek Inc.
 
-@@ -2719,6 +2751,9 @@
+@@ -2728,6 +2763,9 @@
 acpi:FCG*:
  ID_VENDOR_FROM_DATABASE=First International Computer Ltd
 
@ -166,7 +156,7 @@
 acpi:FCS*:
  ID_VENDOR_FROM_DATABASE=Focus Enhancements, Inc.
 
-@@ -3095,7 +3130,7 @@
+@@ -3104,7 +3142,7 @@
  ID_VENDOR_FROM_DATABASE=General Standards Corporation
 
 acpi:GSM*:
@ -175,7 +165,7 @@
 
 acpi:GSN*:
  ID_VENDOR_FROM_DATABASE=Grandstream Networks, Inc.
-@@ -3205,6 +3240,9 @@
+@@ -3214,6 +3252,9 @@
 acpi:HEC*:
  ID_VENDOR_FROM_DATABASE=Hisense Electric Co., Ltd.
 
@ -185,7 +175,7 @@
 acpi:HEL*:
  ID_VENDOR_FROM_DATABASE=Hitachi Micro Systems Europe Ltd
 
-@@ -3340,6 +3378,9 @@
+@@ -3349,6 +3390,9 @@
 acpi:HSD*:
  ID_VENDOR_FROM_DATABASE=HannStar Display Corp
 
@ -195,7 +185,7 @@
 acpi:HSM*:
  ID_VENDOR_FROM_DATABASE=AT&T Microelectronics
 
-@@ -3466,6 +3507,9 @@
+@@ -3475,6 +3519,9 @@
 acpi:ICI*:
  ID_VENDOR_FROM_DATABASE=Infotek Communication Inc
 
@ -205,7 +195,7 @@
 acpi:ICM*:
  ID_VENDOR_FROM_DATABASE=Intracom SA
 
-@@ -3562,6 +3606,9 @@
+@@ -3571,6 +3618,9 @@
 acpi:IKE*:
  ID_VENDOR_FROM_DATABASE=Ikegami Tsushinki Co. Ltd.
 
@ -215,7 +205,7 @@
 acpi:IKS*:
  ID_VENDOR_FROM_DATABASE=Ikos Systems Inc
 
-@@ -3610,6 +3657,9 @@
+@@ -3619,6 +3669,9 @@
 acpi:IMX*:
  ID_VENDOR_FROM_DATABASE=arpara Technology Co., Ltd.
 
@ -225,7 +215,7 @@
 acpi:INA*:
  ID_VENDOR_FROM_DATABASE=Inventec Corporation
 
-@@ -4138,6 +4188,9 @@
+@@ -4147,6 +4200,9 @@
 acpi:LAN*:
  ID_VENDOR_FROM_DATABASE=Sodeman Lancom Inc
 
@ -235,7 +225,7 @@
 acpi:LAS*:
  ID_VENDOR_FROM_DATABASE=LASAT Comm. A/S
 
-@@ -4189,6 +4242,9 @@
+@@ -4198,6 +4254,9 @@
 acpi:LED*:
  ID_VENDOR_FROM_DATABASE=Long Engineering Design Inc
 
@ -245,7 +235,7 @@
 acpi:LEG*:
  ID_VENDOR_FROM_DATABASE=Legerity, Inc
 
-@@ -4207,6 +4263,9 @@
+@@ -4216,6 +4275,9 @@
 acpi:LGD*:
  ID_VENDOR_FROM_DATABASE=LG Display
 
@ -255,7 +245,7 @@
 acpi:LGI*:
  ID_VENDOR_FROM_DATABASE=Logitech Inc
 
-@@ -4273,6 +4332,9 @@
+@@ -4282,6 +4344,9 @@
 acpi:LND*:
  ID_VENDOR_FROM_DATABASE=Land Computer Company Ltd
 
@ -265,7 +255,7 @@
 acpi:LNK*:
  ID_VENDOR_FROM_DATABASE=Link Tech Inc
 
-@@ -4307,7 +4369,7 @@
+@@ -4316,7 +4381,7 @@
  ID_VENDOR_FROM_DATABASE=Design Technology
 
 acpi:LPL*:
@ -274,7 +264,7 @@
 
 acpi:LSC*:
  ID_VENDOR_FROM_DATABASE=LifeSize Communications
-@@ -4483,6 +4545,9 @@
+@@ -4492,6 +4557,9 @@
 acpi:MCX*:
  ID_VENDOR_FROM_DATABASE=Millson Custom Solutions Inc.
 
@ -284,7 +274,7 @@
 acpi:MDA*:
  ID_VENDOR_FROM_DATABASE=Media4 Inc
 
-@@ -4729,6 +4794,9 @@
+@@ -4738,6 +4806,9 @@
 acpi:MOM*:
  ID_VENDOR_FROM_DATABASE=Momentum Data Systems
 
@ -294,7 +284,7 @@
 acpi:MOS*:
  ID_VENDOR_FROM_DATABASE=Moses Corporation
 
-@@ -4969,6 +5037,9 @@
+@@ -4978,6 +5049,9 @@
 acpi:NAL*:
  ID_VENDOR_FROM_DATABASE=Network Alchemy
 
@ -304,7 +294,7 @@
 acpi:NAT*:
  ID_VENDOR_FROM_DATABASE=NaturalPoint Inc.
 
-@@ -5509,6 +5580,9 @@
+@@ -5518,6 +5592,9 @@
 acpi:PCX*:
  ID_VENDOR_FROM_DATABASE=PC Xperten
 
@ -314,7 +304,7 @@
 acpi:PDM*:
  ID_VENDOR_FROM_DATABASE=Psion Dacom Plc.
 
-@@ -5572,9 +5646,6 @@
+@@ -5581,9 +5658,6 @@
 acpi:PHE*:
  ID_VENDOR_FROM_DATABASE=Philips Medical Systems Boeblingen GmbH
 
@ -324,7 +314,7 @@
 acpi:PHL*:
  ID_VENDOR_FROM_DATABASE=Philips Consumer Electronics Company
 
-@@ -5665,9 +5736,6 @@
+@@ -5674,9 +5748,6 @@
 acpi:PNL*:
  ID_VENDOR_FROM_DATABASE=Panelview, Inc.
 
@ -334,7 +324,7 @@
 acpi:PNR*:
  ID_VENDOR_FROM_DATABASE=Planar Systems, Inc.
 
-@@ -6145,9 +6213,6 @@
+@@ -6154,9 +6225,6 @@
 acpi:RTI*:
  ID_VENDOR_FROM_DATABASE=Rancho Tech Inc
 
@ -344,7 +334,7 @@
 acpi:RTL*:
  ID_VENDOR_FROM_DATABASE=Realtek Semiconductor Company Ltd
 
-@@ -6322,9 +6387,6 @@
+@@ -6331,9 +6399,6 @@
 acpi:SEE*:
  ID_VENDOR_FROM_DATABASE=SeeColor Corporation
 
@ -354,7 +344,7 @@
 acpi:SEI*:
  ID_VENDOR_FROM_DATABASE=Seitz & Associates Inc
 
-@@ -6808,6 +6870,9 @@
+@@ -6817,6 +6882,9 @@
 acpi:SVD*:
  ID_VENDOR_FROM_DATABASE=SVD Computer
 
@ -364,7 +354,7 @@
 acpi:SVI*:
  ID_VENDOR_FROM_DATABASE=Sun Microsystems
 
-@@ -6892,6 +6957,9 @@
+@@ -6901,6 +6969,9 @@
 acpi:SZM*:
  ID_VENDOR_FROM_DATABASE=Shenzhen MTC Co., Ltd
 
@ -374,7 +364,7 @@
 acpi:TAA*:
  ID_VENDOR_FROM_DATABASE=Tandberg
 
-@@ -6982,6 +7050,9 @@
+@@ -6991,6 +7062,9 @@
 acpi:TDG*:
  ID_VENDOR_FROM_DATABASE=Six15 Technologies
 
@ -384,7 +374,7 @@
 acpi:TDM*:
  ID_VENDOR_FROM_DATABASE=Tandem Computer Europe Inc
 
-@@ -7024,6 +7095,9 @@
+@@ -7033,6 +7107,9 @@
 acpi:TEV*:
  ID_VENDOR_FROM_DATABASE=Televés, S.A.
 
@ -394,7 +384,7 @@
 acpi:TEZ*:
  ID_VENDOR_FROM_DATABASE=Tech Source Inc.
 
-@@ -7153,9 +7227,6 @@
+@@ -7162,9 +7239,6 @@
 acpi:TNC*:
  ID_VENDOR_FROM_DATABASE=TNC Industrial Company Ltd
 
@ -404,7 +394,7 @@
 acpi:TNM*:
  ID_VENDOR_FROM_DATABASE=TECNIMAGEN SA
 
-@@ -7468,14 +7539,14 @@
+@@ -7477,14 +7551,14 @@
 acpi:UNC*:
  ID_VENDOR_FROM_DATABASE=Unisys Corporation
 
@ -425,7 +415,7 @@
 
 acpi:UNI*:
  ID_VENDOR_FROM_DATABASE=Uniform Industry Corp.
-@@ -7510,6 +7581,9 @@
+@@ -7519,6 +7593,9 @@
 acpi:USA*:
  ID_VENDOR_FROM_DATABASE=Utimaco Safeware AG
 
@ -435,7 +425,7 @@
 acpi:USD*:
  ID_VENDOR_FROM_DATABASE=U.S. Digital Corporation
 
-@@ -7771,9 +7845,6 @@
+@@ -7780,9 +7857,6 @@
 acpi:WAL*:
  ID_VENDOR_FROM_DATABASE=Wave Access
 
@ -445,7 +435,7 @@
 acpi:WAV*:
  ID_VENDOR_FROM_DATABASE=Wavephore
 
-@@ -7901,7 +7972,7 @@
+@@ -7910,7 +7984,7 @@
  ID_VENDOR_FROM_DATABASE=WyreStorm Technologies LLC
 
 acpi:WYS*:
@ -454,7 +444,7 @@
 
 acpi:WYT*:
  ID_VENDOR_FROM_DATABASE=Wooyoung Image & Information Co.,Ltd.
-@@ -7915,9 +7986,6 @@
+@@ -7924,9 +7998,6 @@
 acpi:XDM*:
  ID_VENDOR_FROM_DATABASE=XDM Ltd.
 
@ -464,7 +454,7 @@
 acpi:XES*:
  ID_VENDOR_FROM_DATABASE=Extreme Engineering Solutions, Inc.
 
-@@ -7951,9 +8019,6 @@
+@@ -7960,9 +8031,6 @@
 acpi:XNT*:
  ID_VENDOR_FROM_DATABASE=XN Technologies, Inc.
 
@ -474,7 +464,7 @@
 acpi:XQU*:
  ID_VENDOR_FROM_DATABASE=SHANGHAI SVA-DAV ELECTRONICS CO., LTD
 
-@@ -8020,6 +8085,9 @@
+@@ -8029,6 +8097,9 @@
 acpi:ZBX*:
  ID_VENDOR_FROM_DATABASE=Zebax Technologies
 
--- a/hwdb.d/20-pci-classes.hwdb
+++ b/hwdb.d/20-pci-classes.hwdb
@ -20,6 +20,21 @@ pci:v*d*sv*sd*bc01*
 pci:v*d*sv*sd*bc01sc00*
 ID_PCI_SUBCLASS_FROM_DATABASE=SCSI storage controller

+pci:v*d*sv*sd*bc01sc00i00*
+ ID_PCI_INTERFACE_FROM_DATABASE=Vendor specific
+
+pci:v*d*sv*sd*bc01sc00i11*
+ ID_PCI_INTERFACE_FROM_DATABASE=SCSI storage device (SOP target port using PQI)
+
+pci:v*d*sv*sd*bc01sc00i12*
+ ID_PCI_INTERFACE_FROM_DATABASE=SCSI controller (SOP target port using PQI)
+
+pci:v*d*sv*sd*bc01sc00i13*
+ ID_PCI_INTERFACE_FROM_DATABASE=SCSI storage device & controller (SOP target port using PQI)
+
+pci:v*d*sv*sd*bc01sc00i21*
+ ID_PCI_INTERFACE_FROM_DATABASE=SCSI storage device (SOP target port using NVMe)
+
 pci:v*d*sv*sd*bc01sc01*
 ID_PCI_SUBCLASS_FROM_DATABASE=IDE interface

@ -56,6 +71,9 @@ pci:v*d*sv*sd*bc01sc03*
 pci:v*d*sv*sd*bc01sc04*
 ID_PCI_SUBCLASS_FROM_DATABASE=RAID bus controller

+pci:v*d*sv*sd*bc01sc04i00*
+ ID_PCI_INTERFACE_FROM_DATABASE=Vendor specific
+
 pci:v*d*sv*sd*bc01sc05*
 ID_PCI_SUBCLASS_FROM_DATABASE=ATA controller

@ -92,6 +110,9 @@ pci:v*d*sv*sd*bc01sc08i01*
 pci:v*d*sv*sd*bc01sc08i02*
 ID_PCI_INTERFACE_FROM_DATABASE=NVM Express

+pci:v*d*sv*sd*bc01sc08i03*
+ ID_PCI_INTERFACE_FROM_DATABASE=NVM Express administrative controller
+
 pci:v*d*sv*sd*bc01sc09*
 ID_PCI_SUBCLASS_FROM_DATABASE=Universal Flash Storage controller

@ -110,6 +131,9 @@ pci:v*d*sv*sd*bc02*
 pci:v*d*sv*sd*bc02sc00*
 ID_PCI_SUBCLASS_FROM_DATABASE=Ethernet controller

+pci:v*d*sv*sd*bc02sc00i01*
+ ID_PCI_INTERFACE_FROM_DATABASE=Ethernet Controller with IDPF Compliant Interface
+
 pci:v*d*sv*sd*bc02sc01*
 ID_PCI_SUBCLASS_FROM_DATABASE=Token ring network controller

@ -173,6 +197,12 @@ pci:v*d*sv*sd*bc04sc02*
 pci:v*d*sv*sd*bc04sc03*
 ID_PCI_SUBCLASS_FROM_DATABASE=Audio device

+pci:v*d*sv*sd*bc04sc03i00*
+ ID_PCI_INTERFACE_FROM_DATABASE=HDA compatible
+
+pci:v*d*sv*sd*bc04sc03i80*
+ ID_PCI_INTERFACE_FROM_DATABASE=HDA compatible with vendor specific extensions
+
 pci:v*d*sv*sd*bc04sc80*
 ID_PCI_SUBCLASS_FROM_DATABASE=Multimedia controller

@ -192,7 +222,7 @@ pci:v*d*sv*sd*bc05sc02i00*
 ID_PCI_INTERFACE_FROM_DATABASE=CXL Memory Device - vendor specific

 pci:v*d*sv*sd*bc05sc02i10*
- ID_PCI_INTERFACE_FROM_DATABASE=CXL Memory Device (CXL 2.x)
+ ID_PCI_INTERFACE_FROM_DATABASE=CXL Memory Device (CXL 2.0 or later)

 pci:v*d*sv*sd*bc05sc80*
 ID_PCI_SUBCLASS_FROM_DATABASE=Memory controller
@ -536,6 +566,9 @@ pci:v*d*sv*sd*bc0Csc08*
 pci:v*d*sv*sd*bc0Csc09*
 ID_PCI_SUBCLASS_FROM_DATABASE=CANBUS

+pci:v*d*sv*sd*bc0Csc0A*
+ ID_PCI_SUBCLASS_FROM_DATABASE=MIPI I3C
+
 pci:v*d*sv*sd*bc0Csc80*
 ID_PCI_SUBCLASS_FROM_DATABASE=Serial bus controller

@ -558,10 +591,16 @@ pci:v*d*sv*sd*bc0Dsc12*
 ID_PCI_SUBCLASS_FROM_DATABASE=Broadband

 pci:v*d*sv*sd*bc0Dsc20*
- ID_PCI_SUBCLASS_FROM_DATABASE=802.1a controller
+ ID_PCI_SUBCLASS_FROM_DATABASE=802.11a 5 GHz controller

 pci:v*d*sv*sd*bc0Dsc21*
- ID_PCI_SUBCLASS_FROM_DATABASE=802.1b controller
+ ID_PCI_SUBCLASS_FROM_DATABASE=802.11b 2.4 GHz controller
+
+pci:v*d*sv*sd*bc0Dsc40*
+ ID_PCI_SUBCLASS_FROM_DATABASE=Cellular controller/modem
+
+pci:v*d*sv*sd*bc0Dsc41*
+ ID_PCI_SUBCLASS_FROM_DATABASE=Cellular controller/modem plus Ethernet (802.11)

 pci:v*d*sv*sd*bc0Dsc80*
 ID_PCI_SUBCLASS_FROM_DATABASE=Wireless controller
--- a/hwdb.d/20-pci-vendor-model.hwdb
+++ b/hwdb.d/20-pci-vendor-model.hwdb
--- a/hwdb.d/60-keyboard.hwdb
+++ b/hwdb.d/60-keyboard.hwdb
@ -237,6 +237,8 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pnNitro*AN*515-47:pvr*

 # Nitro AN515-58
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pnNitro*AN*515-58:pvr*
+ KEYBOARD_KEY_ef=kbdillumup                             # Fn+F10
+ KEYBOARD_KEY_f0=kbdillumdown                           # Fn+F9
 KEYBOARD_KEY_8a=micmute                                # Microphone mute button
 KEYBOARD_KEY_55=power

@ -344,6 +346,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnNotebook:pnW65_67SZ:*
 evdev:atkbd:dmi:bvn*:bvr*:svnNotebook:pnNS50_70MU:*
 evdev:atkbd:dmi:bvn*:bvr*:svnNotebook:pnNV4XMB,ME,MZ:*
 evdev:atkbd:dmi:bvn*:bvr*:svnNotebook:pnNS5x_NS7xPU:*
+evdev:atkbd:dmi:bvn*:bvr*:svnNotebook:pnV64x_V65xAU:*
 KEYBOARD_KEY_f7=touchpad_toggle                        # Touchpad Toggle
 KEYBOARD_KEY_f8=touchpad_toggle                        # Touchpad Toggle

@ -443,6 +446,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron11-3168:pvr*

 # Dell Inspiron 1520 and Latitude 2110
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron*1520:*
+evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnInspiron*3505:*
 evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnLatitude*2110:*
 KEYBOARD_KEY_85=unknown  # Brightness Down, also emitted by acpi-video, ignore
 KEYBOARD_KEY_86=unknown  # Brightness Up, also emitted by acpi-video, ignore
--- a/hwdb.d/60-sensor.hwdb
+++ b/hwdb.d/60-sensor.hwdb
@ -103,6 +103,9 @@ sensor:modalias:acpi:SMO8500:*:dmi:*Acer*:pnOneS1002:*
 sensor:modalias:acpi:KIOX0009*:dmi:*:svnAcer:pnOneS1003:*
 ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1

+sensor:modalias:acpi:KIOX000A*:dmi:*:svnAcer:pnSwitchOneSW1-011:*
+ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
+
 sensor:modalias:acpi:BOSC0200*:dmi:*:svnAcer*:pnSwitchSW312-31:*
 ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1

@ -601,6 +604,10 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnGPD:pnG1628-04:*
 sensor:modalias:acpi:BMI0160*:dmi:*:svnGPD:pnG1619*:*
 ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1

+# GPD MicroPC 2
+sensor:modalias:acpi:MXC6655*:dmi:*:svnGPD:pnG1688-*:*
+ ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, -1
+
 #########################################
 # Hometech
 ########################################
@ -749,10 +756,6 @@ sensor:modalias:acpi:BMA250E*:dmi:bvnLENOVO:*:pvrLenovoMIIX3-1030:*
 sensor:modalias:acpi:SMO8500*:dmi:bvnLENOVO:*:pvrLenovoMIIX3-830:*
 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1

-# IdeaPad D330-10IGM (both 81H3 and 81MD product names)
-sensor:modalias:acpi:BOSC0200*:dmi:*:svnLENOVO:*:pvrLenovoideapadD330-10IGM:*
- ACCEL_MOUNT_MATRIX=0, 1, 0; -1, 0, 0; 0, 0, 1
-
 # IdeaPad Miix 300
 sensor:modalias:acpi:SMO8500*:dmi:bvnLENOVO:*:pvrMIIX300-*:*
 ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
--- a/hwdb.d/70-av-production.hwdb
+++ b/hwdb.d/70-av-production.hwdb
@ -37,6 +37,10 @@ usb:v2982p1967*
 usb:v33AEp0001*
 ID_AV_PRODUCTION_CONTROLLER=1

+# Beacn Mic (alt mode)
+usb:v33AEp8001*
+ ID_AV_PRODUCTION_CONTROLLER=1
+
 # Beacn Studio
 usb:v33AEp0003*
 ID_AV_PRODUCTION_CONTROLLER=1
--- a/hwdb.d/70-mouse.hwdb
+++ b/hwdb.d/70-mouse.hwdb
@ -267,6 +267,18 @@ mouse:usb:v056ep0155:name:ELECOM ELECOM Relacon:*
 MOUSE_DPI=*500 1000 1500
 MOUSE_WHEEL_CLICK_ANGLE=30

+# Elecom IST Pro (via wired usb) (M-IPT10MRSABK)
+mouse:usb:v056ep018a:name:ELECOM ELECOM IST PRO Mouse:*
+ ID_INPUT_TRACKBALL=1
+
+# Elecom IST Pro (via usb receiver) (M-IPT10MRSABK)
+mouse:usb:v056ep01a9:name:ELECOM ELECOM Bridge G1000 Mouse:*
+ ID_INPUT_TRACKBALL=1
+
+# Elecom IST Pro (via Bluetooth) (M-IPT10MRSABK)
+mouse:bluetooth:v056ep018a:name:ELECOM IST PRO Mouse:*
+ ID_INPUT_TRACKBALL=1
+
 ##########################################
 # Fujitsu Siemens
 ##########################################
@ -611,6 +623,10 @@ mouse:usb:v046dpc548:name:Logitech USB Receiver Mouse:*
 mouse:bluetooth:v046dpb035:name:MX Master 3S B Mouse:*
 MOUSE_DPI=1000@142

+# Logitech MX Master 4 (via Bluetooth)
+mouse:bluetooth:v046dpb042:name:MX Master 4 Mouse:*
+ MOUSE_DPI=1000@142
+
 # Logitech MX Ergo
 mouse:usb:v046dp406f:name:Logitech MX Ergo:*
 mouse:usb:v046dpc52b:name:Logitech Unifying Device. Wireless PID:406f:*
@ -840,6 +856,19 @@ mouse:bluetooth:v000ep3412:name:Nulea BT5.0 Mouse:*
 mouse:bluetooth:v056ep0061:name:Laser  BTmouse:*
 MOUSE_DPI=*800@333 1600@333

+##########################################
+# ProtoArc
+##########################################
+
+# ProtoArc EM01 NL
+mouse:usb:v25a7pfa61:name:Compx 2.4G Receiver Mouse:*
+ ID_INPUT_TRACKBALL=1
+ MOUSE_DPI=200@250 *400@250 800@250 1200@250 1600@250
+
+mouse:bluetooth:v25a7pfaa0:name:EM01 NL:*
+ ID_INPUT_TRACKBALL=1
+ MOUSE_DPI=200@150 *400@150 800@150 1200@150 1600@150
+
 ##########################################
 # P-Active
 ##########################################
--- a/hwdb.d/70-touchpad.hwdb
+++ b/hwdb.d/70-touchpad.hwdb
@ -43,6 +43,7 @@ touchpad:bluetooth:*
 # Magic Trackpad (1 and 2)
 touchpad:usb:v05acp030e:*
 touchpad:usb:v05acp0265:*
+touchpad:usb:v05acp0324:*
 ID_INPUT_TOUCHPAD_INTEGRATION=external

 ###########################################################
--- a/hwdb.d/82-net-auto-link-local.hwdb
+++ b/hwdb.d/82-net-auto-link-local.hwdb
@ -10,3 +10,9 @@
 usb:v067Bp25A1*
 usb:v067Bp27A1*
 ID_NET_AUTO_LINK_LOCAL_ONLY=1
+
+# BMC USB-to-USB links for AMI MegaRAC and OpenBMC
+usb:v1D6Bp0103*
+usb:v0525pA4A2*
+usb:v046BpFFB0*
+ ID_NET_AUTO_LINK_LOCAL_ONLY=1
--- a/hwdb.d/acpi_id_registry.csv
+++ b/hwdb.d/acpi_id_registry.csv
@ -139,3 +139,6 @@ IDEMIA,IDEM,06/26/2018
 "JP Morgan Chase N.A.",JPMC,05/30/2025
 "Roku, Inc.",ROKU,07/15/2025
 "UltraRISC Technology (Shanghai) Co., Ltd",ULRV,09/15/2025
+"SYNCS / Aviot Systems Pte Ltd",SYNC,10/21/2025
+"Advantech Co., Ltd.",AHCL,10/23/2025
+"Picoheart (SG) Pte. Ltd.",PICO,10/30/2025
--- a/hwdb.d/ma-large.txt
+++ b/hwdb.d/ma-large.txt
--- a/hwdb.d/ma-medium.txt
+++ b/hwdb.d/ma-medium.txt
@ -7289,12 +7289,6 @@ D00000-DFFFFF     (base 16)		Silicon Dynamic Networks
 				Shenzhen  Guangdong  518131
 				CN

-48-08-EB   (hex)		Aureka, Inc.
-600000-6FFFFF     (base 16)		Aureka, Inc.
-				755 Page Mill Road, STE A200
-				Palo Alto  CA  94304
-				US
-
 50-FA-CB   (hex)		The Scotts Company
 C00000-CFFFFF     (base 16)		The Scotts Company
 				14111 Scottslawn
@ -7385,6 +7379,96 @@ E00000-EFFFFF     (base 16)		Shanghai Kanghai Information System CO.,LTD.
 				Hamburg      20097
 				DE

+24-A1-0D   (hex)		Cyon Drones
+700000-7FFFFF     (base 16)		Cyon Drones
+				19850 Nordhoff Pl
+				Chatsworth  CA  91311
+				US
+
+F0-40-AF   (hex)		ROBOX SG PTE. LTD.
+400000-4FFFFF     (base 16)		ROBOX SG PTE. LTD.
+				60 PAYA LEBAR ROAD #12-03 PAYA LEBAR SQUARE SINGAPORE
+				SINGAPORE    409051
+				SG
+
+F0-40-AF   (hex)		Flextronics Technologies India Private Limited
+300000-3FFFFF     (base 16)		Flextronics Technologies India Private Limited
+				NO 90, SURVEY NO 400, 402 ASV MINDSPACE SP ROAD,UTHUKKADU KATTAVAKKAM VILLAGE
+				WALLAJABAD   TAMILNADU  636105 
+				IN
+
+F0-40-AF   (hex)		Rayve Innovation Corp
+C00000-CFFFFF     (base 16)		Rayve Innovation Corp
+				10810 w 78th st
+				Shawnee  KS  66214
+				US
+
+E8-F6-D7   (hex)		CowManager
+700000-7FFFFF     (base 16)		CowManager
+				Gerverscop 9
+				Harmelen  UT  3481LT
+				NL
+
+74-33-36   (hex)		ACTECK TECHNOLOGY Co., Ltd
+D00000-DFFFFF     (base 16)		ACTECK TECHNOLOGY Co., Ltd
+				4F-1, No. 13, Sec.2 Beitou Rd., Beitou Dist.
+				Taipei City  Taiwan  112028
+				TW
+
+E8-F6-D7   (hex)		Emergent Solutions Inc.
+E00000-EFFFFF     (base 16)		Emergent Solutions Inc.
+				3600 Steeles Ave. E, Markham, ON
+				Markham  ON  L3R 9Z7
+				CA
+
+E8-F6-D7   (hex)		INTEGRA Metering AG
+800000-8FFFFF     (base 16)		INTEGRA Metering AG
+				Ringstrasse, 75
+				Therwil    CH-4106
+				CH
+
+48-08-EB   (hex)		Aria Networks, Inc.
+600000-6FFFFF     (base 16)		Aria Networks, Inc.
+				755 Page Mill Road, STE A200
+				Palo Alto  CA  94304
+				US
+
+74-33-36   (hex)		Shenzhen Jooan Technology  Co., Ltd
+A00000-AFFFFF     (base 16)		Shenzhen Jooan Technology  Co., Ltd
+				Area B, Floor 101-2, Floor 3, Floor 5 and Floor 6 of area B, Building No. 8, Guixiang Community Plaza Road, Guanlan Street, Longhua District, Shenzhen. 
+				Shenzhen  Guangdong  518000
+				CN
+
+74-33-36   (hex)		Shengzhen Gongjin Electronics
+100000-1FFFFF     (base 16)		Shengzhen Gongjin Electronics
+				No. 2 Danzi North Road, Kengzi Street, Pingshan District
+				Shenzhen  Guangdong  518122
+				CN
+
+0C-BF-B4   (hex)		Acula Technology Corp
+000000-0FFFFF     (base 16)		Acula Technology Corp
+				11 Alley 21 Lane 20 Dashing Rd.,Luchu Dist Taoyuan City 33862, Taiwan 
+				Taoyuan City   Taiwan   33862
+				TW
+
+58-76-07   (hex)		Controlway(Suzhou) Electric Co., Ltd.
+200000-2FFFFF     (base 16)		Controlway(Suzhou) Electric Co., Ltd.
+				No.585, Maxia Road, Wuzhong District
+				SUZHOU  JiangSu  215124
+				CN
+
+58-76-07   (hex)		Suprock Technologies
+900000-9FFFFF     (base 16)		Suprock Technologies
+				45 Scott Hill Rd
+				Warren  NH  03279
+				US
+
+5C-5C-75   (hex)		Spectrum FiftyNine BV
+900000-9FFFFF     (base 16)		Spectrum FiftyNine BV
+				Middelweg 8a
+				Molenhoek  Limb  6584ah
+				NL
+
 B8-4C-87   (hex)		Shenzhen Link-all Technology Co., Ltd
 300000-3FFFFF     (base 16)		Shenzhen Link-all Technology Co., Ltd
 				Floor 5th, Block 9th, Sunny Industrial Zone, Xili Town, Nanshan District, Shenzhen, China 
@ -14288,6 +14372,84 @@ A00000-AFFFFF     (base 16)		Detroit Defense Inc.
 				Weifang  Shandong  261000
 				CN

+F0-40-AF   (hex)		Nepean Networks Pty Ltd
+600000-6FFFFF     (base 16)		Nepean Networks Pty Ltd
+				Level 1, 119-125 Ocean Beach Rd
+				Sorrento  Victoria  3943
+				AU
+
+F0-40-AF   (hex)		TargaSystem S.r.L.
+800000-8FFFFF     (base 16)		TargaSystem S.r.L.
+				Via Circonvallazione Clodia 165-167
+				Roma    00195
+				IT
+
+E8-F6-D7   (hex)		Xiphos Systems Corp.
+400000-4FFFFF     (base 16)		Xiphos Systems Corp.
+				Suite 500
+				Montreal  QC  H2W 1Y5
+				CA
+
+E8-F6-D7   (hex)		ZIEHL-ABEGG SE
+300000-3FFFFF     (base 16)		ZIEHL-ABEGG SE
+				Heinz-Ziehl-Strasse 1
+				Kuenzelsau    74653
+				DE
+
+74-33-36   (hex)		Elide Interfaces Inc
+400000-4FFFFF     (base 16)		Elide Interfaces Inc
+				286 N 6TH ST APT 3A
+				Brooklyn  NY  11211
+				US
+
+74-33-36   (hex)		Lyno Dynamics LLC
+900000-9FFFFF     (base 16)		Lyno Dynamics LLC
+				2232 dell range blvd
+				Cheyenne  WY  82009
+				US
+
+E8-F6-D7   (hex)		emicrotec
+500000-5FFFFF     (base 16)		emicrotec
+				Münzgrabenstraße 168/102
+				Graz  Styria  8010
+				AT
+
+0C-BF-B4   (hex)		Nanchang si colordisplay Technology Co.,Ltd
+D00000-DFFFFF     (base 16)		Nanchang si colordisplay Technology Co.,Ltd
+				No.679,Aixihu North Road, High-tech Zone
+				Nanchang  Jiangxi  330096
+				CN
+
+0C-BF-B4   (hex)		IRTEYA LLC
+A00000-AFFFFF     (base 16)		IRTEYA LLC
+				Andropova prospect 18 bld 8
+				Moscow  Moscow  115432
+				RU
+
+20-2B-DA   (hex)		Thales Nederland BV
+200000-2FFFFF     (base 16)		Thales Nederland BV
+				Haaksbergerstraat 49
+				Hengelo  Overijssel  7554PA
+				NL
+
+58-76-07   (hex)		Shade Innovations
+600000-6FFFFF     (base 16)		Shade Innovations
+				9715 B Burnet Rd. Suite 400
+				Austin  TX  78758
+				US
+
+58-76-07   (hex)		Hubcom Techno System LLP
+D00000-DFFFFF     (base 16)		Hubcom Techno System LLP
+				Level 4 Ceejay House, Dr. Annie Besant Road, Worli, Mumbai City
+				mumbai  Maharashtra  400018
+				IN
+
+5C-5C-75   (hex)		hassoun Gulf Industrial Company
+800000-8FFFFF     (base 16)		hassoun Gulf Industrial Company
+				Building NO:9273Al Shihabi Street3rd Industrial CityJeddah- KSA
+				jeddah    000
+				SA
+
 B8-4C-87   (hex)		Altronix , Corp
 A00000-AFFFFF     (base 16)		Altronix , Corp
 				140 58th St. Bldg A, Ste 2N
@ -21680,6 +21842,150 @@ B00000-BFFFFF     (base 16)		Shenzhen Coslight Technology Co.,Ltd.
 				Minato-ku  Tokyo  107-0052
 				JP

+F0-40-AF   (hex)		Shenzhen BitFantasy Technology Co., Ltd
+B00000-BFFFFF     (base 16)		Shenzhen BitFantasy Technology Co., Ltd
+				Room 507, Building C3, East Industrial Zone, No.12 Wenchang Street, Xiangshan Street Community, Shahe Subdistrict, Nanshan District, Shenzhen, Guangdong, China 
+				Shenzhen    518000
+				CN
+
+F0-40-AF   (hex)		Actia Nordic AB
+200000-2FFFFF     (base 16)		Actia Nordic AB
+				Datalinjen 3A
+				Linkoping    583 30
+				SE
+
+F0-40-AF   (hex)		Smart Gadgets Global LLC
+500000-5FFFFF     (base 16)		Smart Gadgets Global LLC
+				2637 North 400 East 127
+				North Ogden  UT  84414
+				US
+
+E8-F6-D7   (hex)		Jinan Ruolin Video Technology Co., Ltd
+200000-2FFFFF     (base 16)		Jinan Ruolin Video Technology Co., Ltd
+				济南市市中区顺河东街66号银座晶都国际1-2303 
+				济南市    250000
+				CN
+
+E8-F6-D7   (hex)		Hefei BOE Vision-electronic Technology Co.,Ltd.
+900000-9FFFFF     (base 16)		Hefei BOE Vision-electronic Technology Co.,Ltd.
+				No.2177 Dongfang RD,Xinzhan General Pilot Zone,Hefei,Anhui,230012,P.R.China
+				Hefei  Anhui  230012
+				CN
+
+E8-F6-D7   (hex)		clover Co,.Ltd
+C00000-CFFFFF     (base 16)		clover Co,.Ltd
+				Uiwang-si, Korea
+				Uiwang-si Gyeonggi-do    16072
+				KR
+
+E8-F6-D7   (hex)		Massive Beams GmbH
+600000-6FFFFF     (base 16)		Massive Beams GmbH
+				Bismarckstr. 10-12
+				Berlin    10625
+				DE
+
+74-33-36   (hex)		Ramon Space
+E00000-EFFFFF     (base 16)		Ramon Space
+				HAHARASH 4
+				HOD HASHARON    4524078
+				IL
+
+74-33-36   (hex)		Moultrie Mobile
+800000-8FFFFF     (base 16)		Moultrie Mobile
+				5724 Highway 280 East
+				Birmingham  AL  35242
+				US
+
+74-33-36   (hex)		Zoller + Fröhlich GmbH
+200000-2FFFFF     (base 16)		Zoller + Fröhlich GmbH
+				Simoniusstraße 22
+				Wangen im Allgäu    88239
+				DE
+
+0C-BF-B4   (hex)		ShenZhen XunDun Technology CO.LTD
+300000-3FFFFF     (base 16)		ShenZhen XunDun Technology CO.LTD
+				2/F, Building 11, Mabian Industrial Zone (Dezhi High-tech Park), Area 72, Xingdong Community, Xin 'an Street, Bao 'an District, Shenzhen
+				ShenZhen    518101
+				CN
+
+0C-BF-B4   (hex)		Shenzhen EN Plus Tech Co.,Ltd.
+400000-4FFFFF     (base 16)		Shenzhen EN Plus Tech Co.,Ltd.
+				Floor 2, Building 6, No. 1026 Songbai Road, Nanshan District, Shenzhen, China. 518055
+				shenzhen    518055
+				CN
+
+0C-BF-B4   (hex)		VirtualV Trading Limited
+900000-9FFFFF     (base 16)		VirtualV Trading Limited
+				1 Innovation Way
+				Cramlington  Northumberland  NE23 7FP
+				GB
+
+0C-BF-B4   (hex)		Innomotics GmbH
+100000-1FFFFF     (base 16)		Innomotics GmbH
+				Vogelweiherstr. 1-15
+				Nuremberg  Bayern  90441
+				DE
+
+0C-BF-B4   (hex)		ICWiser
+500000-5FFFFF     (base 16)		ICWiser
+				5th Floor, Building 1, Liandong U Valley, No. 97, Xingguan Road, Industrial Park, Jiading District,
+				Shanghai  Shanghai  201800
+				CN
+
+20-2B-DA   (hex)		EV4 Limited
+C00000-CFFFFF     (base 16)		EV4 Limited
+				KAD House
+				Esher  Surrey  KT10 9AD
+				GB
+
+20-2B-DA   (hex)		Enovates NV
+100000-1FFFFF     (base 16)		Enovates NV
+				Brandstraat 13
+				Lokeren    9160
+				BE
+
+20-2B-DA   (hex)		ZhuoYu Technology
+E00000-EFFFFF     (base 16)		ZhuoYu Technology
+				No. 60 Xingke Road, Xili Street
+				Nanshan District,  Shenzhen  518054
+				CN
+
+58-76-07   (hex)		RealSense Inc.
+500000-5FFFFF     (base 16)		RealSense Inc.
+				20400 Stevens Creek Boulevard Suite 290
+				Cupertino  CA  95014
+				US
+
+58-76-07   (hex)		Shenzhen HANSWELL Technology Co., Ltd.
+300000-3FFFFF     (base 16)		Shenzhen HANSWELL Technology Co., Ltd.
+				17th Floor, Block A, Building 6, International Innovation Valley, Dashi 1st Road, Nanshan District
+				Shenzhen  Guangdong   518051
+				CN
+
+58-76-07   (hex)		Beijing FHZX Science and Technology Co., Ltd.
+400000-4FFFFF     (base 16)		Beijing FHZX Science and Technology Co., Ltd.
+				‌Room 120-6 & 120-8, 1st Floor, Building A, Fengyu Office Building, No. 115 Fucheng Road, Haidian District
+				Beijing  Beijing  100048
+				CN
+
+58-76-07   (hex)		Oceansbio
+700000-7FFFFF     (base 16)		Oceansbio
+				345, Cheongpa-ro, Yongsan-gu, Seoul
+				Yongsan-gu  Seoul  04303
+				KR
+
+58-76-07   (hex)		Rwaytech
+B00000-BFFFFF     (base 16)		Rwaytech
+				231 Rue Douglas Engelbart
+				Archamps  Haute-Savoie  74160
+				FR
+
+58-76-07   (hex)		HARDWARIO a.s.
+000000-0FFFFF     (base 16)		HARDWARIO a.s.
+				U Jezu 525/4
+				Liberec    460 01
+				CZ
+
 D0-14-11   (hex)		P.B. Elettronica srl
 100000-1FFFFF     (base 16)		P.B. Elettronica srl
 				Via Santorelli, 8
@ -26207,12 +26513,6 @@ B00000-BFFFFF     (base 16)		Orchard Electronics Co., Ltd.
 				shenzhen    518034
 				CN

-C0-D3-91   (hex)		SAMSARA NETWORKS INC
-E00000-EFFFFF     (base 16)		SAMSARA NETWORKS INC
-				525 York St
-				San Francisco  CA  94110
-				US
-
 C0-D3-91   (hex)		Alpha Audiotronics, Inc.
 A00000-AFFFFF     (base 16)		Alpha Audiotronics, Inc.
 				401 Park Avenue South, Fl. 10
@ -28775,6 +29075,144 @@ B00000-BFFFFF     (base 16)		Shanghai Kanghai Information System CO.,LTD.
 				ShenZhen  GuangDong  518000
 				CN

+24-A1-0D   (hex)		Gönnheimer Elektronic GmbH
+E00000-EFFFFF     (base 16)		Gönnheimer Elektronic GmbH
+				Dr. Julius Leber Str. 2
+				Neustadt  Rheinland Pfalz  67433
+				DE
+
+F0-40-AF   (hex)		Colorlight Cloud Tech Ltd
+000000-0FFFFF     (base 16)		Colorlight Cloud Tech Ltd
+				38F, Building A, Building 8, Shenzhen International Innovation Valley, Vanke Cloud City, Nanshan District, Shenzhen
+				Shenzhen  Guang Dong  518055
+				CN
+
+F0-40-AF   (hex)		Raspberry Pi (Trading) Ltd
+900000-9FFFFF     (base 16)		Raspberry Pi (Trading) Ltd
+				Maurice Wilkes Building, St Johns Innovation Park
+				Cambridge  Cambridgeshire  CB4 0DS
+				GB
+
+F0-40-AF   (hex)		Nuro.ai
+100000-1FFFFF     (base 16)		Nuro.ai
+				1300 Terra Bella Ave, Ste 100
+				Mountain View  CA  94070
+				US
+
+F0-40-AF   (hex)		Proemion GmbH
+D00000-DFFFFF     (base 16)		Proemion GmbH
+				Donaustraße 14
+				Fulda  Hessen  36043
+				DE
+
+F0-40-AF   (hex)		Shanghai Kanghai Information System CO.,LTD.
+E00000-EFFFFF     (base 16)		Shanghai Kanghai Information System CO.,LTD.
+				9th FIoor, Building 9, No.1 Qingxiang road, BaoNeng Science and TechnoIogy Industrial Park, Longhua New District
+				ShenZhen  GuangDong  518000
+				CN
+
+F0-40-AF   (hex)		Unionbell Technologies Limited
+700000-7FFFFF     (base 16)		Unionbell Technologies Limited
+				Crown Court Estate, NO 11 DR Nwachukwu Nwanesi Street
+				Durumi  Abuja  900103
+				NG
+
+E8-F6-D7   (hex)		ZhuoPuCheng (Shenzhen) Technology.Co.,Ltd.
+D00000-DFFFFF     (base 16)		ZhuoPuCheng (Shenzhen) Technology.Co.,Ltd.
+				 Building T3， Gaoxin Industrial Village, No. 011, Gaoxin Nanqi Dao
+				Shenzhen  Guangdong  518057
+				CN
+
+E8-F6-D7   (hex)		Mono Technologies Inc.
+000000-0FFFFF     (base 16)		Mono Technologies Inc.
+				600 N Broad Street, Suite 5 # 924
+				Middletown  DE  19709
+				US
+
+E8-F6-D7   (hex)		Ivostud GmbH
+A00000-AFFFFF     (base 16)		Ivostud GmbH
+				Schützenstraße 6-8
+				Breckerfeld    58339
+				DE
+
+74-33-36   (hex)		Shenzhen Handheld-Wireless Technology Co., Ltd.
+C00000-CFFFFF     (base 16)		Shenzhen Handheld-Wireless Technology Co., Ltd.
+				702-1, Building 5, Gonglian Fuji Innovation Park, No. 58 Ping'an Road, Dafu Community, Guanlan Street, Longhua District, 
+				Shenzhen  GuangDong  518000
+				CN
+
+74-33-36   (hex)		Annapurna labs
+B00000-BFFFFF     (base 16)		Annapurna labs
+				Matam Scientific Industries Center,   Building 8.2
+				Mail box 15123  Haifa  3508409
+				IL
+
+74-33-36   (hex)		SECLAB FR
+500000-5FFFFF     (base 16)		SECLAB FR
+				40 av Theroigne de Mericourt
+				MONTPELLIER    34000
+				FR
+
+74-33-36   (hex)		Venture International Pte Ltd
+700000-7FFFFF     (base 16)		Venture International Pte Ltd
+				5006, Ang Mo Kio Ave 5, #05-01/12, Techplace II
+				Singapore    569873
+				SG
+
+74-33-36   (hex)		Huzhou Luxshare Precision Industry Co.LTD
+000000-0FFFFF     (base 16)		Huzhou Luxshare Precision Industry Co.LTD
+				399 Shengxun Road, Zhili Town, Wuxing District,Huzhou City, Zhejiang Province
+				Huzhou  Zhejiang  313008
+				CN
+
+C0-D3-91   (hex)		SAMSARA NETWORKS INC
+E00000-EFFFFF     (base 16)		SAMSARA NETWORKS INC
+				1 De Haro St
+				San Francisco  CA  94103
+				US
+
+20-2B-DA   (hex)		REDMOUSE Inc.
+900000-9FFFFF     (base 16)		REDMOUSE Inc.
+				#1615, Dongtan SK V1 Center, 830 Dongtansunhwan-daero,Hwaseong-si, Gyeonggi-do, Republic of Korea
+				Gyeonggido    18468
+				KR
+
+20-2B-DA   (hex)		Arvind Limited
+B00000-BFFFFF     (base 16)		Arvind Limited
+				Survey No. 33/1, Kondhwa Pisoli Road, Pisoli,
+				Pune  Maharastra  411060
+				IN
+
+20-2B-DA   (hex)		Shenzhen FeiCheng Technology Co.,Ltd
+600000-6FFFFF     (base 16)		Shenzhen FeiCheng Technology Co.,Ltd
+				Room 402, Building B, Huafeng Internet Creative Park, No. 107 Gongye Road, Gonge Community, Xixiang Street, Bao'an District, Shenzhen
+				Shenzhen    518000
+				CN
+
+58-76-07   (hex)		Olte Climate sp. z o.o.
+800000-8FFFFF     (base 16)		Olte Climate sp. z o.o.
+				ul. Rzeczna 8/5NIP: 6772533194
+				Krakow  malopolska  30-021
+				PL
+
+20-2B-DA   (hex)		Industrial Connections & Solutions LLC
+A00000-AFFFFF     (base 16)		Industrial Connections & Solutions LLC
+				6801 Industrial Dr
+				Mebane  NC  27302
+				US
+
+58-76-07   (hex)		Shing Chong International Co., Ltd.
+100000-1FFFFF     (base 16)		Shing Chong International Co., Ltd.
+				8 F., No. 268, Sec. 2, Zhonghua Rd., Xinzhuang Dist.
+				New Taipei City    242
+				TW
+
+5C-5C-75   (hex)		O-cubes Shanghai Microelectronics Technology Co., Ltd
+300000-3FFFFF     (base 16)		O-cubes Shanghai Microelectronics Technology Co., Ltd
+				NO. 294 , Taiyuan Rd
+				shanghai    200031
+				CN
+
 C8-5C-E2   (hex)		Fela Management AG 
 000000-0FFFFF     (base 16)		Fela Management AG 
 				Basadingerstrasse 18
@ -36025,3 +36463,141 @@ B00000-BFFFFF     (base 16)		Shanghai Kanghai Information System CO.,LTD.
 				No. 69, Yongsheng Road, Huangpu District, Guangzhou
 				Guangzhou  Guangdong Province  510000
 				CN
+
+F0-40-AF   (hex)		SIEMENS AG
+A00000-AFFFFF     (base 16)		SIEMENS AG
+				Oestl. Rheinbrueckenstr.50
+				Karlsruhe    76187
+				DE
+
+E8-F6-D7   (hex)		GUANGZHOU PANYU JUDA CAR AUDIO EQUIPMENT CO.,LTD 
+B00000-BFFFFF     (base 16)		GUANGZHOU PANYU JUDA CAR AUDIO EQUIPMENT CO.,LTD 
+				No.139, Zhouxing Street, Wanzhou Village, Dongchong Town, Nansha District,
+				 Guangzhou  Guangdong  511400
+				CN
+
+E8-F6-D7   (hex)		PRECISION FUKUHARA WORKS,LTD.
+100000-1FFFFF     (base 16)		PRECISION FUKUHARA WORKS,LTD.
+				2-1,Ibukidai Higasimachi 7-choume, Nishi-ku
+				Kobe  Hyougo  651-2242
+				JP
+
+74-33-36   (hex)		Baumer Inspection GmbH
+600000-6FFFFF     (base 16)		Baumer Inspection GmbH
+				Lohnerhofstraße 6
+				Konstanz    78467
+				DE
+
+74-33-36   (hex)		Shenzhen DBG Innovation Tech Limited
+300000-3FFFFF     (base 16)		Shenzhen DBG Innovation Tech Limited
+				Unit 301, Building C, Qianwan Key & Core Technology Industrial Park, Xixiang, Bao'an Shenzhen, Guangdong. 
+				Shenzhen    518103
+				CN
+
+0C-BF-B4   (hex)		Changzhou Asia Networks Information Technology Co., Ltd
+800000-8FFFFF     (base 16)		Changzhou Asia Networks Information Technology Co., Ltd
+				ROOM 908, NO.888 CHANGWU MID., RD. HUTANG, WUJIN
+				CHANGZHOU  JIANGSU  213161
+				CN
+
+0C-BF-B4   (hex)		Odyssey Robot LLC
+700000-7FFFFF     (base 16)		Odyssey Robot LLC
+				3422 Old Capitol Trail STE 700,Delaware, USA
+				WiImington  DE  19808
+				US
+
+0C-BF-B4   (hex)		Macnica Technology
+200000-2FFFFF     (base 16)		Macnica Technology
+				380 Stevens Avenue
+				Solana Beach  CA  92075
+				US
+
+0C-BF-B4   (hex)		ShenZhen Zeal-All Technology Co.,Ltd
+C00000-CFFFFF     (base 16)		ShenZhen Zeal-All Technology Co.,Ltd
+				Room 1001, C Building,Tsinghua UNIS information port,langshan Road 13, Nanshan District, Shenzhen,Guangdong,China
+				ShenZhen  Guangdong  518057
+				CN
+
+0C-BF-B4   (hex)		대한전력전자
+B00000-BFFFFF     (base 16)		대한전력전자
+				경기 안양시 동안구 전파로104번길 70 1층
+				동안구  안양시  14042
+				KR
+
+0C-BF-B4   (hex)		Prolight Concepts (UK) Ltd
+600000-6FFFFF     (base 16)		Prolight Concepts (UK) Ltd
+				Edison Point
+				Colne  Lancashire  BB8 8LJ
+				GB
+
+0C-BF-B4   (hex)		Shenzhen PengBrain Technology Co.,Ltd
+E00000-EFFFFF     (base 16)		Shenzhen PengBrain Technology Co.,Ltd
+				B1014, Building 2, Chuangwei Innovation Valley, No. 8, Tangtou 1st Road, Tangtou Community, Shiyan Street, Bao'an District,
+				Shenzhen  Guangdong  518000
+				CN
+
+20-2B-DA   (hex)		Chongqing Ruishixing Technology Co., Ltd
+700000-7FFFFF     (base 16)		Chongqing Ruishixing Technology Co., Ltd
+				No. 1, 5th Floor, Unit 2, Building 1, Jinqian Port Industrial Park, No. 808, Haier Road, Tieshanping Street,
+				Jiangbei District  Chongqing  400000
+				CN
+
+20-2B-DA   (hex)		BRUSH ELECTRICAL MACHINES LTD
+800000-8FFFFF     (base 16)		BRUSH ELECTRICAL MACHINES LTD
+				Powerhouse, Excelsior Rd
+				ASHBY-DE-LA-ZOUCH    LE65 1BU
+				GB
+
+20-2B-DA   (hex)		IK MULTIMEDIA PRODUCTION SRL
+000000-0FFFFF     (base 16)		IK MULTIMEDIA PRODUCTION SRL
+				Via dell'Industria 46
+				Modena  Italy  41122
+				IT
+
+20-2B-DA   (hex)		CtrlMovie AG
+300000-3FFFFF     (base 16)		CtrlMovie AG
+				Grenzstrasse 5a
+				Schenkon  LU  6214
+				CH
+
+20-2B-DA   (hex)		Transit Solutions, LLC.
+D00000-DFFFFF     (base 16)		Transit Solutions, LLC.
+				114 West Grandview Avenue
+				Zelienople  PA  16063
+				US
+
+20-2B-DA   (hex)		Teletek Electronics JSC
+400000-4FFFFF     (base 16)		Teletek Electronics JSC
+				2 Iliyansko Shose Str.
+				Sofia  Sofia  1220
+				BG
+
+20-2B-DA   (hex)		Plato System Development B.V.
+500000-5FFFFF     (base 16)		Plato System Development B.V.
+				Amerikalaan 59
+				Maastricht-Airport    6199 AE
+				NL
+
+58-76-07   (hex)		BOE Technology Group Co., Ltd.
+C00000-CFFFFF     (base 16)		BOE Technology Group Co., Ltd.
+				No.12 Xihuanzhong RD, BDA
+				Beijing  Beijing  100176
+				CN
+
+58-76-07   (hex)		INP Technologies Ltd
+A00000-AFFFFF     (base 16)		INP Technologies Ltd
+				202 Grand Edifice, Akurli Road
+				Mumbai  Maharashtra (MH)  400101
+				IN
+
+58-76-07   (hex)		SHENZHEN GAGO ELECTRONICS CO.,LTD
+E00000-EFFFFF     (base 16)		SHENZHEN GAGO ELECTRONICS CO.,LTD
+				ROOM 301,1ST BUILDING,GEYA TECHNOLOGY PARK,GONGMING TOWN,GUANGMING DISTRICT
+				SHENZHEN  GUANGDONG  518107
+				CN
+
+5C-5C-75   (hex)		youyeetoo
+200000-2FFFFF     (base 16)		youyeetoo
+				Room 601, Building 17, No. A3, Fourth Industrial Zone, HeWan Community, Matian Street, Guangming District
+				Shenzhen  Guangdong  518100
+				CN
--- a/hwdb.d/ma-small.txt
+++ b/hwdb.d/ma-small.txt
@ -8021,6 +8021,108 @@ E2A000-E2AFFF     (base 16)		WHITEBOX TECHNOLOGY HONG KONG LTD
 				Wan Chai  Hong Kong  Hong Kong
 				HK

+8C-1F-64   (hex)		Invader Technologies Pvt Ltd
+859000-859FFF     (base 16)		Invader Technologies Pvt Ltd
+				4th Floor, Landmark TowerPlot No -2, Ashok Marg, Silokhra, South City Part 1 
+				Gurgaon  Haryana  122001
+				IN
+
+8C-1F-64   (hex)		Indra Heera Network Private Limited
+9C4000-9C4FFF     (base 16)		Indra Heera Network Private Limited
+				Narayan Colony, Old Police Line, Arrah
+				Bhojpur  Bihar  802301
+				IN
+
+8C-1F-64   (hex)		INVIXIUM ACCESS INC
+C70000-C70FFF     (base 16)		INVIXIUM ACCESS INC
+				111 Gordon Baker Road, Suite #300
+				Toronto  Ontario  M2H 3R1
+				CA
+
+8C-1F-64   (hex)		Televic Rail GmbH
+9D1000-9D1FFF     (base 16)		Televic Rail GmbH
+				Teltowkanalstr.1
+				Berlin    12247
+				DE
+
+8C-1F-64   (hex)		Potter Electric Signal Co. LLC
+8C8000-8C8FFF     (base 16)		Potter Electric Signal Co. LLC
+				1609 Park 370 Place
+				Hazelwood  MO  63042
+				US
+
+8C-1F-64   (hex)		Kuntu Technology Limited Liability Compant
+7CC000-7CCFFF     (base 16)		Kuntu Technology Limited Liability Compant
+				Presnensky vet municipal district,Presnenskaya emb., 12,room. 10/45
+				Moscow  Select State  123112
+				RU
+
+8C-1F-64   (hex)		VORTIX NETWORKS
+96F000-96FFFF     (base 16)		VORTIX NETWORKS
+				3230 E Imperial Hwy, Suite 300
+				Brea  CA  92821
+				US
+
+8C-1F-64   (hex)		VMA GmbH
+783000-783FFF     (base 16)		VMA GmbH
+				Graefinauer Strasse 2
+				Ilmenau    98693
+				DE
+
+8C-1F-64   (hex)		浙江红谱科技有限公司
+6DA000-6DAFFF     (base 16)		浙江红谱科技有限公司
+				紫宣路18号西投绿城·浙谷深蓝中心7号楼7楼红谱科技
+				杭州市  浙江省  310030
+				CN
+
+8C-1F-64   (hex)		Syrma SGS Technology 
+43E000-43EFFF     (base 16)		Syrma SGS Technology 
+				MEPTZ , TAMBARAM 
+				Chennai  Tamil Nadu  600045
+				IN
+
+8C-1F-64   (hex)		MB connect line GmbH
+DB4000-DB4FFF     (base 16)		MB connect line GmbH
+				Winnettener Strasse 6
+				Dinkelsbuehl  Bavaria  91550
+				DE
+
+8C-1F-64   (hex)		eumig industrie-TV GmbH.
+60B000-60BFFF     (base 16)		eumig industrie-TV GmbH.
+				Gewerbeparkstrasse 9
+				Anif  Salzburg  5081
+				AT
+
+8C-1F-64   (hex)		TECHTUIT CO.,LTD.
+2D6000-2D6FFF     (base 16)		TECHTUIT CO.,LTD.
+				1-4-28,MITA,26F MITA KOKUSAIBLDG,
+				MINATO-KU  TOKYO  108-0073
+				JP
+
+8C-1F-64   (hex)		SEGRON Automation, s.r.o.
+DC1000-DC1FFF     (base 16)		SEGRON Automation, s.r.o.
+				Tomasikova 19
+				Bratislava    82101
+				SK
+
+8C-1F-64   (hex)		Abbott Diagnostics Technologies AS
+7F6000-7F6FFF     (base 16)		Abbott Diagnostics Technologies AS
+				P. O.  Box 6863 Rodeløkka
+				Oslo  Oslo  0504
+				NO
+
+8C-1F-64   (hex)		Zengar Institute Inc
+710000-710FFF     (base 16)		Zengar Institute Inc
+				1007 Fort St, 4th FL
+				Victoria  BC  V8V 3K5
+				CA
+
+8C-1F-64   (hex)		RESMED PTY LTD
+3C7000-3C7FFF     (base 16)		RESMED PTY LTD
+				1 Elizabeth Macarthur Drive, Bella Vista NSW 2153 Australia
+				NSW    2153
+				AT
+
 8C-1F-64   (hex)		Jacobs Technology, Inc.
 A98000-A98FFF     (base 16)		Jacobs Technology, Inc.
 				7765 Old Telegraph Road
@ -8051,12 +8153,6 @@ E80000-E80FFF     (base 16)		Power Electronics Espana, S.L.
 				Paterna  Valencia  46980
 				ES

-70-B3-D5   (hex)		BAE Systems Apllied Intelligence
-1D7000-1D7FFF     (base 16)		BAE Systems Apllied Intelligence
-				170 Waterside House
-				Guildford  Surrey  GU2 7RQ
-				GB
-
 70-B3-D5   (hex)		RCH SPA
 DA9000-DA9FFF     (base 16)		RCH SPA
 				Via Cendon 39
@ -14489,12 +14585,6 @@ AE9000-AE9FFF     (base 16)		Cari Electronic
 				Baden-Dättwil  AG  5405
 				CH

-00-1B-C5   (hex)		Xiphos Systems Corp.
-03C000-03CFFF     (base 16)		Xiphos Systems Corp.
-				Suite 500
-				Montreal  QC  H2W 1Y5
-				CA
-
 00-1B-C5   (hex)		Promixis, LLC
 03B000-03BFFF     (base 16)		Promixis, LLC
 				211 Edenberry Avenue
@ -16073,6 +16163,150 @@ B8C000-B8CFFF     (base 16)		Chipset Communication Co.,Ltd.
 				Zhonghe Dist.,  New Taipei City  235
 				TW

+8C-1F-64   (hex)		Thermo Fisher Scientific (Asheville) LLC
+B25000-B25FFF     (base 16)		Thermo Fisher Scientific (Asheville) LLC
+				275 Aiken Rd
+				Asheville  NC  28804
+				US
+
+8C-1F-64   (hex)		TEMCOLINE
+93F000-93FFFF     (base 16)		TEMCOLINE
+				(1228~1225) 34, Gasan digital 2-ro, Geumcheon-gu, Seoul, R,O,K Zip 08592
+				Geumcheon-gu, Seoul  Select State  08592
+				KR
+
+8C-1F-64   (hex)		Eurotronic Technology GmbH
+E27000-E27FFF     (base 16)		Eurotronic Technology GmbH
+				Südweg 1
+				Steinau    36396
+				DE
+
+8C-1F-64   (hex)		TCL OPERATIONS POLSKA SP. Z O.O.
+233000-233FFF     (base 16)		TCL OPERATIONS POLSKA SP. Z O.O.
+				ul. MICKIEWICZA, 31/41, 96-300, ZYRARDOW, POLAN
+				ZYRARDOW    96-300
+				PL
+
+8C-1F-64   (hex)		Monnit Corporation
+A28000-A28FFF     (base 16)		Monnit Corporation
+				3400 S West Temple
+				S Salt Lake  UT  84115
+				US
+
+8C-1F-64   (hex)		KMtronic LTD
+6E0000-6E0FFF     (base 16)		KMtronic LTD
+				Knit Boris I str 44
+				Gorna Oriahovitsa  VT  5100
+				BG
+
+00-1B-C5   (hex)		Xiphos Systems Corp.
+03C000-03CFFF     (base 16)		Xiphos Systems Corp.
+				3981 St-Laurent Suite 500
+				Montreal  QC  H2W 1Y5
+				CA
+
+8C-1F-64   (hex)		CommBox Pty Ltd
+59D000-59DFFF     (base 16)		CommBox Pty Ltd
+				32A/6 Jubilee Ave
+				Warriewood  NSW  2102
+				AU
+
+8C-1F-64   (hex)		Power Electronics Espana, S.L.
+EB8000-EB8FFF     (base 16)		Power Electronics Espana, S.L.
+				Ctra. CV-35, Salida 30 Parcela M-13. Pla de Carrases B
+				LIRIA, Valencia  Valencia  46160
+				ES
+
+70-B3-D5   (hex)		BAE Systems
+1D7000-1D7FFF     (base 16)		BAE Systems
+				Waterside House, 170 Priestley Road, Surrey Research Park
+				Guildford  Surrey  GU2 7RQ
+				GB
+
+8C-1F-64   (hex)		Sentek Pty Ltd
+A95000-A95FFF     (base 16)		Sentek Pty Ltd
+				77 Magill Road
+				Stepney  SA  5069
+				AU
+
+8C-1F-64   (hex)		FIBERNET LTD
+F48000-F48FFF     (base 16)		FIBERNET LTD
+				9 Hakidma st. Hi-Tech City Park,
+				Yokneam  Non-US/Canada  2069206
+				IL
+
+8C-1F-64   (hex)		Carestream Healthcare International Company Limited 
+4CC000-4CCFFF     (base 16)		Carestream Healthcare International Company Limited 
+				Building 7, No.1510 Chuanqiao Road, China (Shanghai) Pilot Free Trade Zone
+				Shanghai  Shanghai  201206
+				CN
+
+8C-1F-64   (hex)		Aidhom
+B1E000-B1EFFF     (base 16)		Aidhom
+				Avenue de la résistance 188
+				Soumagne  Liège  4630
+				BE
+
+8C-1F-64   (hex)		IDNEO TECHNOLOGIES,S.A.U.
+507000-507FFF     (base 16)		IDNEO TECHNOLOGIES,S.A.U.
+				GRAN VÍA CARLOS III , 98 .PLANTA 5
+				Barcelona  Barcelona  08028
+				ES
+
+8C-1F-64   (hex)		ID Quantique SA
+4A3000-4A3FFF     (base 16)		ID Quantique SA
+				Rue Eugène-Marziano 25
+				Acacias_geneva  Geneva  1227
+				CH
+
+8C-1F-64   (hex)		Elektrotechnik & Elektronik Oltmann GmbH
+FCA000-FCAFFF     (base 16)		Elektrotechnik & Elektronik Oltmann GmbH
+				Gartenfelder Str. 29
+				Berlin    D-13599
+				DE
+
+8C-1F-64   (hex)		ETM CO LTD
+AB0000-AB0FFF     (base 16)		ETM CO LTD
+				Room 803, B-dong, Woolim Lions Valley 5, 302, Galmachi-ro, Jungwon-gu
+				Gyeonggi-do    13201
+				KR
+
+8C-1F-64   (hex)		Daniele Saladino
+515000-515FFF     (base 16)		Daniele Saladino
+				Via G. B. Sala, 13
+				Lecco  Lecco  23900
+				IT
+
+8C-1F-64   (hex)		ZJU-Hangzhou Global Scientific and Technological Innovation Center
+A10000-A10FFF     (base 16)		ZJU-Hangzhou Global Scientific and Technological Innovation Center
+				No. 733 Jianshesan Road,  Xiaoshan District, Hangzhou
+				Hangzhou  Zhejiang  311200
+				CN
+
+8C-1F-64   (hex)		YUYAMA MFG Co.,Ltd
+5CF000-5CFFFF     (base 16)		YUYAMA MFG Co.,Ltd
+				1-4-30
+				MEISHINGUCHI,TOYONAKA  OSAKA  561-0841
+				JP
+
+8C-1F-64   (hex)		nanoTRONIX Computing Inc.
+F21000-F21FFF     (base 16)		nanoTRONIX Computing Inc.
+				1, Wood Road
+				Wilmington  DE   19806
+				US
+
+8C-1F-64   (hex)		RADIC Technologies, Inc.
+E91000-E91FFF     (base 16)		RADIC Technologies, Inc.
+				1625 The Alameda, Suite 708
+				SAN JOSE    95126
+				US
+
+8C-1F-64   (hex)		Fairwinds Technologies
+D55000-D55FFF     (base 16)		Fairwinds Technologies
+				6165 Guardian Gateway, Suites A-C 
+				Aberdeen Proving Ground  MD  21005
+				US
+
 8C-1F-64   (hex)		Vision Systems Safety Tech
 E6F000-E6FFFF     (base 16)		Vision Systems Safety Tech
 				5 Chemin de Chiradie
@ -24125,6 +24359,126 @@ EC2000-EC2FFF     (base 16)		HARBIN DIGITAL ECONOMY DEVELOPMENT CO.,LTD
 				Canoas  RS  92120130
 				BR

+8C-1F-64   (hex)		Maven Pet Inc
+B7E000-B7EFFF     (base 16)		Maven Pet Inc
+				800 N King Street Suite 304 2873 Wilmington
+				Wilmington  DE  19801
+				US
+
+8C-1F-64   (hex)		YONNET BILISIM YAZ. EGT. VE DAN. HIZ. TIC. A.S.
+75E000-75EFFF     (base 16)		YONNET BILISIM YAZ. EGT. VE DAN. HIZ. TIC. A.S.
+				CUMHURIYET MAH.
+				ISTANBUL    34870
+				TR
+
+8C-1F-64   (hex)		FaceLabs.AI DBA PropTech.AI
+FA9000-FA9FFF     (base 16)		FaceLabs.AI DBA PropTech.AI
+				575 Madison Ave Suite 1603B
+				New York  NY  10022
+				US
+
+8C-1F-64   (hex)		VOOST analytics
+EC0000-EC0FFF     (base 16)		VOOST analytics
+				Alsulymanya Pr. Mamdouh St.Riyadh
+				Riyadh  Al Riyadh  11391
+				SA
+
+8C-1F-64   (hex)		MobileMustHave
+6A7000-6A7FFF     (base 16)		MobileMustHave
+				63 Key Road Suite 3-1011
+				Keene  NH  03431
+				US
+
+8C-1F-64   (hex)		Landis+Gyr Equipamentos de Medição Ltda
+CE9000-CE9FFF     (base 16)		Landis+Gyr Equipamentos de Medição Ltda
+				Hasdrubal Bellegard, 400, CIC
+				Curitiba  Paraná  81460-120
+				BR
+
+8C-1F-64   (hex)		Förster-Technik GmbH
+448000-448FFF     (base 16)		Förster-Technik GmbH
+				Gerwigstrasse 25
+				Engen  BadenWürtemberg  78234
+				DE
+
+8C-1F-64   (hex)		Smart Tech Inc
+285000-285FFF     (base 16)		Smart Tech Inc
+				1712 Pioneer Ave
+				Cheyenne  WY  82001
+				US
+
+8C-1F-64   (hex)		TOKYO INTERPHONE CO.,LTD.
+652000-652FFF     (base 16)		TOKYO INTERPHONE CO.,LTD.
+				8F, JS Shibuya Building3-8-10 Shibuya, Shibuya-ku
+				TOKYO    150-0002
+				JP
+
+8C-1F-64   (hex)		YUYAMA MFG Co.,Ltd
+65A000-65AFFF     (base 16)		YUYAMA MFG Co.,Ltd
+				1-4-30
+				MEISHINGUCHI,TOYONAKA  OSAKA  561-0841
+				JP
+
+8C-1F-64   (hex)		Pro Design Electronic GmbH
+62F000-62FFFF     (base 16)		Pro Design Electronic GmbH
+				Albert-Mayer-Straße 14-16
+				Bruckmuehl  Bavaria  83052
+				DE
+
+8C-1F-64   (hex)		MAYSUN CORPORATION
+784000-784FFF     (base 16)		MAYSUN CORPORATION
+				966-2 Gokanjima
+				Fuji-shi  Shizuoka-ken  416-0946
+				JP
+
+8C-1F-64   (hex)		Buckeye Mountain
+BA4000-BA4FFF     (base 16)		Buckeye Mountain
+				3631 Brookwall DrSuite 101
+				Akron  OH  44333
+				US
+
+8C-1F-64   (hex)		NEWONE CO.,LTD.
+64D000-64DFFF     (base 16)		NEWONE CO.,LTD.
+				21 seodun-ro,gwonseon-gu
+				suwon-si  gyeonggi-do  16623
+				KR
+
+8C-1F-64   (hex)		Shenzhen Tezesk Energy Technology Co.,LTD
+02D000-02DFFF     (base 16)		Shenzhen Tezesk Energy Technology Co.,LTD
+				12AB, Building AB, New Energy Building, No.2239 Nanhai Avenue, Nanguang Community, Nanshan Subdistrict
+				 Shenzhen  Guangdong  518067
+				CN
+
+8C-1F-64   (hex)		MARVAUS TECHNOLOGIES PRIVATE LIMITED
+447000-447FFF     (base 16)		MARVAUS TECHNOLOGIES PRIVATE LIMITED
+				P-6095 Devender Vihar Sector 56
+				Gurugram  Haryana  122011
+				IN
+
+8C-1F-64   (hex)		Polarity Inc
+F37000-F37FFF     (base 16)		Polarity Inc
+				11294 Sunrise Park Dr
+				RANCHO CORDOVA  CA  95742-6599
+				US
+
+8C-1F-64   (hex)		Attack do Brasil Ind Com Apar de Som LTDA
+178000-178FFF     (base 16)		Attack do Brasil Ind Com Apar de Som LTDA
+				AV AYRTON SENNA DA SILVA, 400 – PQ INDL ZONA OESTE
+				Apucarana  Parana  86803-570
+				BR
+
+8C-1F-64   (hex)		Infosoft Digital Design and Services P L
+EDC000-EDCFFF     (base 16)		Infosoft Digital Design and Services P L
+				484, SECTOR-8 ,IMT MANESER,GURGAONMANESER
+				GURGAON  Haryana  122050
+				IN
+
+8C-1F-64   (hex)		Guangzhou Beizeng Information Technology Co.,Ltd
+39F000-39FFFF     (base 16)		Guangzhou Beizeng Information Technology Co.,Ltd
+				Room 714, Building D3, No. 197, Shuixi Road, Huangpu District, Guangzhou City, China
+				Guangzhou    510530
+				CN
+
 8C-1F-64   (hex)		Flow Power
 82B000-82BFFF     (base 16)		Flow Power
 				Suite 2, Level 3, 18 - 20 York St
@ -29951,12 +30305,6 @@ E21000-E21FFF     (base 16)		LLVISION TECHNOLOGY CO.,LTD
 				Beijing  Beijing  100026
 				CN

-70-B3-D5   (hex)		AML Oceanographic
-0CD000-0CDFFF     (base 16)		AML Oceanographic
-				2071 Malaview Avenue
-				Sidney  British Columbia  V8L 5X6
-				CA
-
 70-B3-D5   (hex)		Twoway Communications, Inc.
 4AA000-4AAFFF     (base 16)		Twoway Communications, Inc.
 				41 Wu Kung 6 Rd., New Taipei Industrial Park, New Taipei City,24891,Taiwan,R.O.C.
@ -30932,12 +31280,6 @@ C3F000-C3FFFF     (base 16)		SONIC CORPORATION
 				Thu Duc City  Ho Chi Minh City  700000
 				VN

-00-1B-C5   (hex)		CyanConnode
-0C6000-0C6FFF     (base 16)		CyanConnode
-				The Jeffreys Building, Cowley Road
-				Milton  Cambridge  CB4 0DS
-				SE
-
 8C-1F-64   (hex)		ViewSonic Corp
 62E000-62EFFF     (base 16)		ViewSonic Corp
 				10 Point Drive Brea, CA 92821 USA
@ -32156,6 +32498,84 @@ B80000-B80FFF     (base 16)		Private
 				Le versoud    38420
 				FR

+8C-1F-64   (hex)		Breas Medical AB
+348000-348FFF     (base 16)		Breas Medical AB
+				Företagsvägen 1
+				Mölnlycke    SE-435 33
+				SE
+
+8C-1F-64   (hex)		Phospec Industries Inc.
+491000-491FFF     (base 16)		Phospec Industries Inc.
+				47 West Cedar Place SW
+				Calgary  Alberta  T3H 5T9
+				CA
+
+8C-1F-64   (hex)		Thales Nederland BV
+29C000-29CFFF     (base 16)		Thales Nederland BV
+				Haaksbergerstraat 49
+				Hengelo  Overijssel  7554PA
+				NL
+
+00-1B-C5   (hex)		CyanConnode
+0C6000-0C6FFF     (base 16)		CyanConnode
+				Suite 2, Ground Floor, The Jeffreys Building, Cowley Road
+				Milton  Cambridge  CB4 0DS
+				GB
+
+8C-1F-64   (hex)		SMC Gateway
+0B5000-0B5FFF     (base 16)		SMC Gateway
+				78 HIGH BEECHES
+				BANSTEAD    SM7 1NW
+				GB
+
+8C-1F-64   (hex)		Pacton Technologies Pty Ltd
+9C5000-9C5FFF     (base 16)		Pacton Technologies Pty Ltd
+				G03, 190  Reynolds Road
+				Doncaster East  Victoria  3109
+				AU
+
+8C-1F-64   (hex)		ANTARA TECHNOLOGIES
+3F6000-3F6FFF     (base 16)		ANTARA TECHNOLOGIES
+				Sr.No. 250, F.NO.B34, BHAKTI SHAKTI, GOLANDE ESTATE, LINK ROAD, CHINCHWAD
+				PUNE  MAHARASHTRA  411033
+				IN
+
+8C-1F-64   (hex)		Samkyung MS
+B44000-B44FFF     (base 16)		Samkyung MS
+				3rd Floor, 94 Sanbon-ro
+				 Gunpo-si  Gyeonggi-do  15847
+				KR
+
+8C-1F-64   (hex)		Sysinno Technology Inc.
+F99000-F99FFF     (base 16)		Sysinno Technology Inc.
+				17F-7, No.27, Guanxin Rd., East Dist.
+				Hsinchu    300
+				TW
+
+8C-1F-64   (hex)		InfoMac Sp. z o.o. Sp.k.
+840000-840FFF     (base 16)		InfoMac Sp. z o.o. Sp.k.
+				UL. WOJSKA POLSKIEGO 6
+				Szczecinek  zachodniopomorskie  78-400
+				PL
+
+8C-1F-64   (hex)		RSC
+B31000-B31FFF     (base 16)		RSC
+				36 27th Street, Umm Suqeim 3
+				Dubai  Dubai  00000
+				AE
+
+8C-1F-64   (hex)		Bounce Imaging
+1AE000-1AEFFF     (base 16)		Bounce Imaging
+				247 Cayuga Rd., Suite 15e
+				Cheektowaga  NY  14225
+				US
+
+70-B3-D5   (hex)		AML Oceanographic
+0CD000-0CDFFF     (base 16)		AML Oceanographic
+				121 ILSLEY AVE UNIT 112
+				DARTMOUTH  NS   B3B 1S4
+				CA
+
 8C-1F-64   (hex)		Mobileye
 D63000-D63FFF     (base 16)		Mobileye
 				13 Hartom st.
@ -32768,12 +33188,6 @@ A00000-A00FFF     (base 16)		BITECHNIK GmbH
 				Marlborough   CT  06447
 				US

-70-B3-D5   (hex)		BAE Systems Apllied Intelligence
-E2D000-E2DFFF     (base 16)		BAE Systems Apllied Intelligence
-				170 Waterside House
-				Guildford  Surrey  GU2 7RQ
-				GB
-
 8C-1F-64   (hex)		RealD, Inc.
 44F000-44FFFF     (base 16)		RealD, Inc.
 				9777 Wilshire Boulevard, Ste 430
@ -38204,12 +38618,6 @@ DC5000-DC5FFF     (base 16)		Excel Medical Electronics LLC
 				Jupiter  Florida  33458
 				US

-70-B3-D5   (hex)		Weigl Elektronik & Mediaprojekte
-01D000-01DFFF     (base 16)		Weigl Elektronik & Mediaprojekte
-				Limberg 3
-				Gramastetten  Oberoesterreich  4201
-				AT
-
 70-B3-D5   (hex)		christmann informationstechnik + medien GmbH & Co. KG
 564000-564FFF     (base 16)		christmann informationstechnik + medien GmbH & Co. KG
 				Ilseder Huette 10c
@ -39710,12 +40118,6 @@ B88000-B88FFF     (base 16)		INTRONIK GmbH
 				Dresden  SN  01108
 				DE

-8C-1F-64   (hex)		Fugro Technology B.V.
-7CD000-7CDFFF     (base 16)		Fugro Technology B.V.
-				Veurse Achterweg 10
-				Leidschendam  Zuid Holland  2264 SG
-				NL
-
 8C-1F-64   (hex)		SeAIoT Solutions Ltda
 E32000-E32FFF     (base 16)		SeAIoT Solutions Ltda
 				Av. Flores da Cunha, 650
@ -40063,3 +40465,132 @@ CED000-CEDFFF     (base 16)		NHA TRANG HITECH COMPANY,  LTD
 				No. 152, Hoang Van Thu Street, Tay Nha Trang Ward
 				KHANH HOA  KHANH HOA  650000
 				VN
+
+8C-1F-64   (hex)		Guardian Controls International Ltd
+266000-266FFF     (base 16)		Guardian Controls International Ltd
+				 The Dairy, Spring Bank Farm
+				Arclid  Cheshire  CW11 2UD
+				GB
+
+8C-1F-64   (hex)		Talleres de Escoriaza SAU
+A3C000-A3CFFF     (base 16)		Talleres de Escoriaza SAU
+				Barrio Ventas 35, Irun
+				Irun  Gipuzkoa  20305
+				ES
+
+8C-1F-64   (hex)		DAVE SRL
+5FF000-5FFFFF     (base 16)		DAVE SRL
+				Via Talponedo 29a
+				Porcia  Pordenone  33080
+				IT
+
+8C-1F-64   (hex)		Novanta IMS
+DFD000-DFDFFF     (base 16)		Novanta IMS
+				370 North Main St
+				Marlborough   CT  06447
+				US
+
+8C-1F-64   (hex)		Colossus Computing, Inc.
+226000-226FFF     (base 16)		Colossus Computing, Inc.
+				470 3rd st
+				Oakland  CA  94607
+				US
+
+8C-1F-64   (hex)		UBIQ TECHNOLOGIES INTERNATIONAL LTD
+290000-290FFF     (base 16)		UBIQ TECHNOLOGIES INTERNATIONAL LTD
+				ROOM C, 14/F, CENTRO COMERCIAL DO GRUPO BRILHANTISMO, NO.181, ALAMEDA DR. CARLOS D'ASSUMPCAO
+				MACAU    Macau
+				MO
+
+8C-1F-64   (hex)		Opal Camera Inc.
+0C1000-0C1FFF     (base 16)		Opal Camera Inc.
+				150 POST STREET, SUITE 700
+				SAN FRANCISCO  CA  94108
+				US
+
+70-B3-D5   (hex)		BAE Systems
+E2D000-E2DFFF     (base 16)		BAE Systems
+				170 Waterside House
+				Guildford  Surrey  GU2 7RQ
+				GB
+
+8C-1F-64   (hex)		XYZ Digital Private Limited
+4B3000-4B3FFF     (base 16)		XYZ Digital Private Limited
+				KH NO 1126 GROUND FLOOR STREET NO 17 VILLAGE RITHALA LANDMARK HONDA SHOW ROOM, North Delhi
+				Rohini  Delhi  110085
+				IN
+
+8C-1F-64   (hex)		RADA Electronics Industries Ltd.
+E37000-E37FFF     (base 16)		RADA Electronics Industries Ltd.
+				7 Gibory Israel St.
+				Netanya    42504
+				IL
+
+8C-1F-64   (hex)		Meiji Electric Industry
+75B000-75BFFF     (base 16)		Meiji Electric Industry
+				48-1 Itabari , Yamayashiki-cho
+				Chiryu  AICHI  472-0022
+				JP
+
+8C-1F-64   (hex)		Private
+D48000-D48FFF     (base 16)		Private
+
+8C-1F-64   (hex)		Fugro Technology B.V.
+7CD000-7CDFFF     (base 16)		Fugro Technology B.V.
+				Prismastraat 3
+				Nootdorp    2631RT 
+				NL
+
+8C-1F-64   (hex)		Hiwin Mikrosystem Corp.
+A74000-A74FFF     (base 16)		Hiwin Mikrosystem Corp.
+				NO 6 JINGKE CENTRAL RD  TAICHUNG CITY TAIWAN 40841
+				TAICHUNG    40841
+				TW
+
+8C-1F-64   (hex)		Irmos Technologies AG
+DDD000-DDDFFF     (base 16)		Irmos Technologies AG
+				Technoparkstrasse 1
+				Zürich    8005
+				CH
+
+8C-1F-64   (hex)		37130
+81E000-81EFFF     (base 16)		37130
+				Gaildorfer Strasse 6
+				Backnang    71540
+				DE
+
+8C-1F-64   (hex)		SAEL SRL
+60F000-60FFFF     (base 16)		SAEL SRL
+				Via Dei Genieri, 31
+				Torri di Quartesolo  Vicenza  36040
+				IT
+
+8C-1F-64   (hex)		Kyowakiden Industry Co.,Ltd.
+3D6000-3D6FFF     (base 16)		Kyowakiden Industry Co.,Ltd.
+				10-2 Kawaguchi-machi
+				Nagasaki-shi  Nagasaki  852-8108
+				JP
+
+8C-1F-64   (hex)		Baker Hughes EMEA
+983000-983FFF     (base 16)		Baker Hughes EMEA
+				Sensing House, Shannon Free Zone East
+				Shannon  Co. Clare  V14 V99
+				IE
+
+8C-1F-64   (hex)		CEI Ptd Ltd
+0FD000-0FDFFF     (base 16)		CEI Ptd Ltd
+				2 Ang Mo Kio Ave 12
+				Singapore    569707
+				SG
+
+70-B3-D5   (hex)		Weigl GmbH & Co KG
+01D000-01DFFF     (base 16)		Weigl GmbH & Co KG
+				Limberg 3
+				Gramastetten  Oberoesterreich  4201
+				AT
+
+8C-1F-64   (hex)		Weigl GmbH & Co KG
+455000-455FFF     (base 16)		Weigl GmbH & Co KG
+				Weingartenstrasse 14/1/9-11
+				Ottensheim  Upper Austria  4100
+				AT
--- a/hwdb.d/parse_hwdb.py
+++ b/hwdb.d/parse_hwdb.py
@ -205,7 +205,7 @@ def property_grammar():
                   for name, val in props]
    kbd_props = [Regex(r'KEYBOARD_KEY_[0-9a-f]+')('NAME')
                 - Suppress('=') -
-                 ('!' ^ (Optional('!') - Word(alphanums + '_')))('VALUE')
+                 Group('!' ^ (Optional('!') - Word(alphanums + '_')))('VALUE')
                ]
    abs_props = [Regex(r'EVDEV_ABS_[0-9a-f]{2}')('NAME')
                 - Suppress('=') -
--- a/hwdb.d/pci.ids
+++ b/hwdb.d/pci.ids
--- a/man/custom-entities.ent.in
+++ b/man/custom-entities.ent.in
@ -18,5 +18,5 @@
 <!ENTITY DEFAULT_TIMEOUT "{{DEFAULT_TIMEOUT_SEC}} s">
 <!ENTITY DEFAULT_USER_TIMEOUT "{{DEFAULT_USER_TIMEOUT_SEC}} s">
 <!ENTITY DEFAULT_KEYMAP "{{SYSTEMD_DEFAULT_KEYMAP}}">
-<!ENTITY fedora_latest_version "42">
-<!ENTITY fedora_cloud_release "1.1">
+<!ENTITY fedora_latest_version "43">
+<!ENTITY fedora_cloud_release "1.6">
--- a/man/file-hierarchy.xml
+++ b/man/file-hierarchy.xml
@ -17,7 +17,7 @@

  <refnamediv>
    <refname>file-hierarchy</refname>
-    <refpurpose>File system hierarchy overview</refpurpose>
+    <refpurpose>systemd file system hierarchy requirements</refpurpose>
  </refnamediv>

  <refsect1>
@ -25,20 +25,12 @@

    <para>Operating systems using the
    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> system and
-    service manager are organized based on a file system hierarchy inspired by UNIX, more specifically the
-    hierarchy described in the <ulink url="http://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html">File
-    System Hierarchy</ulink> specification and <citerefentry
-    project='man-pages'><refentrytitle>hier</refentrytitle><manvolnum>7</manvolnum></citerefentry>, with
-    various extensions, partially documented in the <ulink
-    url="https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG Base Directory
-    Specification</ulink> and <ulink url="https://www.freedesktop.org/wiki/Software/xdg-user-dirs">XDG User
-    Directories</ulink>. This manual page describes a more generalized, though minimal and modernized subset
-    of these specifications that defines more strictly the suggestions and restrictions systemd makes on the
-    file system hierarchy. Note that this document makes no attempt to define the directory structure
-    comprehensively, it only documents a skeleton of a directory tree, that downstreams can extend. Because
-    of that traditional directories such as <filename>/usr/include/</filename> or
-    <filename>/var/spool/</filename> are not covered, even though it might (or might not) make a lot of sense
-    to include them in the structure of an actually deployed OS.</para>
+    service manager are organized based on a file system hierarchy inspired by UNIX,
+    as described in <ulink url="https://uapi-group.org/specifications/specs/linux_file_system_hierarchy/">
+    Linux File System Hierarchy</ulink>.
+    Additional requirements on <emphasis>when</emphasis> given parts of the hierarchy
+    must be available during boot are listed in
+    <ulink url="https://systemd.io/MOUNT_REQUIREMENTS/">Mount Requirements</ulink>.</para>

    <para>Many of the paths described here can be queried
    with the
@ -46,720 +38,13 @@
    tool.</para>
  </refsect1>

-  <refsect1>
-    <title>General Structure</title>
-
-    <variablelist>
-      <varlistentry>
-        <term><filename>/</filename></term>
-        <listitem><para>The file system root. Usually writable, but this is not required. Possibly a
-        temporary file system (<literal>tmpfs</literal>). Not shared with other hosts (unless
-        read-only).</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/boot/</filename></term>
-        <listitem><para>The boot partition used for bringing up the system. On EFI systems, this is possibly
-        the EFI System Partition (ESP), also see
-        <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
-        This directory is usually strictly local to the host, and should be considered read-only, except when
-        a new kernel or boot loader is installed. This directory only exists on systems that run on physical
-        or emulated hardware that requires boot loaders.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/efi/</filename></term>
-        <listitem><para>If the boot partition <filename>/boot/</filename> is maintained separately from the
-        EFI System Partition (ESP), the latter is mounted here. Tools that need to operate on the EFI system
-        partition should look for it at this mount point first, and fall back to <filename>/boot/</filename>
-        — if the former does not qualify (for example if it is not a mount point or does not have the correct
-        file system type <constant>MSDOS_SUPER_MAGIC</constant>).</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/etc/</filename></term>
-        <listitem><para>System-specific configuration. This directory may or may not be
-        read-only. Frequently, this directory is pre-populated with vendor-supplied configuration files, but
-        applications should not make assumptions about this directory being fully populated or populated at
-        all, and should fall back to defaults if configuration is missing.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/home/</filename></term>
-        <listitem><para>The location for normal user's home directories. Possibly shared with other systems,
-        and never read-only. This directory should only be used for normal users, never for system
-        users. This directory and possibly the directories contained within it might only become available or
-        writable in late boot or even only after user authentication.  This directory might be placed on
-        limited-functionality network file systems, hence applications should not assume the full set of file
-        API is available on this directory.  Applications should generally not reference this directory
-        directly, but via the per-user <varname>$HOME</varname> environment variable, or via the home
-        directory field of the user database.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/root/</filename></term>
-        <listitem><para>The home directory of the root user. The root user's home directory is located
-        outside of <filename>/home/</filename> in order to make sure the root user may log in even without
-        <filename>/home/</filename> being available and mounted.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/srv/</filename></term>
-        <listitem><para>The place to store general server payload, managed by the administrator. No
-        restrictions are made how this directory is organized internally. Generally writable, and possibly
-        shared among systems. This directory might become available or writable only very late during
-        boot.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/tmp/</filename></term>
-        <listitem><para>The place for small temporary files. This directory is usually mounted as a
-        <literal>tmpfs</literal> instance, and should hence not be used for larger files. (Use
-        <filename>/var/tmp/</filename> for larger files.) This directory is usually flushed at boot-up. Also,
-        files that are not accessed within a certain time may be automatically deleted.</para>
-
-        <para>If applications find the environment variable <varname>$TMPDIR</varname> set, they should use
-        the directory specified in it instead of <filename>/tmp/</filename> (see <citerefentry
-        project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> and
-        <ulink url="http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03">IEEE
-        Std 1003.1</ulink> for details).</para>
-
-        <para>Since <filename>/tmp/</filename> is accessible to other users of the system, it is essential
-        that files and subdirectories under this directory are only created with <citerefentry
-        project='man-pages'><refentrytitle>mkstemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-        <citerefentry
-        project='man-pages'><refentrytitle>mkdtemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-        and similar calls. For more details, see <ulink url="https://systemd.io/TEMPORARY_DIRECTORIES">Using
-        /tmp/ and /var/tmp/ Safely</ulink>.</para></listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>Runtime Data</title>
-
-    <variablelist>
-      <varlistentry>
-        <term><filename>/run/</filename></term>
-        <listitem><para>A <literal>tmpfs</literal> file system for system packages to place runtime data,
-        socket files, and similar. This directory is flushed on boot, and generally writable for privileged
-        programs only. Always writable.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/run/log/</filename></term>
-        <listitem><para>Runtime system logs. System components may place private logs in this
-        directory. Always writable, even when <filename>/var/log/</filename> might not be accessible
-        yet.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/run/user/</filename></term>
-        <listitem><para>Contains per-user runtime directories, each usually individually mounted
-        <literal>tmpfs</literal> instances. Always writable, flushed at each reboot and when the user logs
-        out. User code should not reference this directory directly, but via the
-        <varname>$XDG_RUNTIME_DIR</varname> environment variable, as documented in the <ulink
-        url="https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG Base Directory
-        Specification</ulink>.</para></listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>Vendor-supplied Operating System Resources</title>
-
-    <variablelist>
-
-      <varlistentry>
-        <term><filename>/usr/</filename></term>
-        <listitem><para>Vendor-supplied operating system resources.  Usually read-only, but this is not
-        required. Possibly shared between multiple hosts. This directory should not be modified by the
-        administrator, except when installing or removing vendor-supplied packages.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/usr/bin/</filename></term>
-        <listitem><para>Binaries and executables for user commands that shall appear in the
-        <varname>$PATH</varname> search path.  It is recommended not to place binaries in this directory that
-        are not useful for invocation from a shell (such as daemon binaries); these should be placed in a
-        subdirectory of <filename>/usr/lib/</filename> instead.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/usr/lib/</filename></term>
-        <listitem><para>Static, private vendor data that is compatible with all architectures (though not
-        necessarily architecture-independent). Note that this includes internal executables or other binaries
-        that are not regularly invoked from a shell. Such binaries may be for any architecture supported by
-        the system. Do not place public libraries in this directory, use <varname>$libdir</varname> (see
-        below), instead.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/usr/lib/<replaceable>arch-id</replaceable>/</filename></term>
-        <listitem><para>Location for placing dynamic libraries into, also called
-        <varname>$libdir</varname>. The architecture identifier to use is defined on <ulink
-        url="https://wiki.debian.org/Multiarch/Tuples">Multiarch Architecture Specifiers (Tuples)</ulink>
-        list. Legacy locations of <varname>$libdir</varname> are <filename>/usr/lib/</filename>,
-        <filename>/usr/lib64/</filename>. This directory should not be used for package-specific data, unless
-        this data is architecture-dependent, too.</para>
-
-        <para>To query <varname>$libdir</varname> for the primary architecture of the system, invoke:
-        <programlisting>systemd-path system-library-arch</programlisting></para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/usr/share/</filename></term>
-        <listitem><para>Resources shared between multiple packages, such as documentation, man pages, time
-        zone information, fonts and other resources. Usually, the precise location and format of files stored
-        below this directory is subject to specifications that ensure interoperability.</para>
-
-        <para>Note that resources placed in this directory typically are under shared ownership,
-        i.e. multiple different packages have provided and consumed these resources, on equal footing, without
-        any obvious primary owner. This makes things systematically different from
-        <filename>/usr/lib/</filename>, where ownership is generally not shared.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/usr/share/doc/</filename></term>
-        <listitem><para>Documentation for the operating system or system packages.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/usr/share/factory/etc/</filename></term>
-        <listitem><para>Repository for vendor-supplied default configuration files. This directory should be
-        populated with pristine vendor versions of all configuration files that may be placed in
-        <filename>/etc/</filename>. This is useful to compare the local configuration of a system with vendor
-        defaults and to populate the local configuration with defaults. Software should not read configuration
-        settings directly from <filename>/usr/share/factory/</filename>. Those files will be copied to
-        other locations if appropriate, and should only be read from there.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/usr/share/factory/var/</filename></term>
-
-        <listitem><para>Similar to
-        <filename>/usr/share/factory/etc/</filename>, but for vendor
-        versions of files in the variable, persistent data directory
-        <filename>/var/</filename>. The same recommendations as for
-        <filename>/usr/share/factory/etc/</filename> apply here.
-        </para></listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>Persistent Variable System Data</title>
-
-    <variablelist>
-      <varlistentry>
-        <term><filename>/var/</filename></term>
-        <listitem><para>Persistent, variable system data. Writable during normal system operation. This
-        directory might be pre-populated with vendor-supplied data, but applications should be able to
-        reconstruct necessary files and directories in this subhierarchy should they be missing, as the
-        system might start up without this directory being populated. Persistency is recommended, but
-        optional, to support ephemeral systems. This directory might become available or writable only very
-        late during boot. Components that are required to operate during early boot hence shall not
-        unconditionally rely on this directory.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/var/cache/</filename></term>
-        <listitem><para>Persistent system cache data. System components may place non-essential data in this
-        directory.  Flushing this directory should have no effect on operation of programs, except for
-        increased runtimes necessary to rebuild these caches.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/var/lib/</filename></term>
-        <listitem><para>Persistent system data. System components may place private data in this
-        directory.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/var/log/</filename></term>
-        <listitem><para>Persistent system logs. System components may place private logs in this directory,
-        though it is recommended to do most logging via the <citerefentry
-        project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry> and
-        <citerefentry><refentrytitle>sd_journal_print</refentrytitle><manvolnum>3</manvolnum></citerefentry>
-        calls.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/var/tmp/</filename></term>
-        <listitem><para>The place for larger and persistent temporary files. In contrast to
-        <filename>/tmp/</filename>, this directory is usually mounted from a persistent physical file system
-        and can thus accept larger files. (Use <filename>/tmp/</filename> for small ephemeral files.) This
-        directory is generally not flushed at boot-up, but time-based cleanup of files that have not been
-        accessed for a certain time is applied.</para>
-
-        <para>If applications find the environment variable <varname>$TMPDIR</varname> set, they should use
-        the directory specified in it instead of <filename>/var/tmp/</filename> (see <citerefentry
-        project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry> for
-        details).</para>
-
-        <para>The same security restrictions as with <filename>/tmp/</filename> apply: <citerefentry
-        project='man-pages'><refentrytitle>mkstemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-        <citerefentry
-        project='man-pages'><refentrytitle>mkdtemp</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-        and similar calls should be used. For further details about this directory, see <ulink
-        url="https://systemd.io/TEMPORARY_DIRECTORIES">Using /tmp/ and /var/tmp/
-        Safely</ulink>.</para></listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>Virtual Kernel and API File Systems</title>
-
-    <variablelist>
-      <varlistentry>
-        <term><filename>/dev/</filename></term>
-        <listitem><para>The root directory for device nodes. Usually, this directory is mounted as a
-        <literal>devtmpfs</literal> instance, but might be of a different type in sandboxed/containerized
-        setups. This directory is managed jointly by the kernel and
-        <citerefentry><refentrytitle>systemd-udevd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
-        and should not be written to by other components. A number of special purpose virtual file systems
-        might be mounted below this directory.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/dev/shm/</filename></term>
-        <listitem><para>Place for POSIX shared memory segments, as created via <citerefentry
-        project='die-net'><refentrytitle>shm_open</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
-        This directory is flushed on boot, and is a <literal>tmpfs</literal> file system. Since all users
-        have write access to this directory, special care should be taken to avoid name clashes and
-        vulnerabilities. For normal users, shared memory segments in this directory are usually deleted when
-        the user logs out. Usually, it is a better idea to use memory mapped files in
-        <filename>/run/</filename> (for system programs) or <varname>$XDG_RUNTIME_DIR</varname> (for user
-        programs) instead of POSIX shared memory segments, since these directories are not world-writable and
-        hence not vulnerable to security-sensitive name clashes.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/proc/</filename></term>
-        <listitem><para>A virtual kernel file system exposing the process list and other functionality. This
-        file system is mostly an API to interface with the kernel and not a place where normal files may be
-        stored. For details, see <citerefentry
-        project='man-pages'><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>.  A
-        number of special purpose virtual file systems might be mounted below this
-        directory.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/proc/sys/</filename></term>
-        <listitem><para>A hierarchy below <filename>/proc/</filename> that exposes a number of kernel
-        tunables. The primary way to configure the settings in this API file tree is via
-        <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-        files. In sandboxed/containerized setups, this directory is generally mounted
-        read-only.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/sys/</filename></term>
-        <listitem><para>A virtual kernel file system exposing discovered devices and other
-        functionality. This file system is mostly an API to interface with the kernel and not a place where
-        normal files may be stored. In sandboxed/containerized setups, this directory is generally mounted
-        read-only. A number of special purpose virtual file systems might be mounted below this
-        directory.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/sys/fs/cgroup/</filename></term>
-        <listitem><para>A virtual kernel file system exposing process control groups (cgroups). This file
-        system is an API to interface with the kernel and not a place where normal files may be stored. On
-        current systems running in the default "unified" mode, this directory serves as the mount point for
-        the <literal>cgroup2</literal> filesystem, which provides a unified cgroup hierarchy for all resource
-        controllers. On systems with non-default configurations, this directory may instead be a tmpfs
-        filesystem containing mount points for various <literal>cgroup</literal> (v1) resource controllers;
-        in such configurations, if <literal>cgroup2</literal> is mounted it will be mounted on
-        <filename>/sys/fs/cgroup/unified/</filename>, but cgroup2 will not have resource controllers
-        attached. In sandboxed/containerized setups, this directory may either not exist or may include a
-        subset of functionality.</para></listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>Compatibility Symlinks</title>
-
-    <variablelist>
-      <varlistentry>
-        <term><filename>/bin/</filename></term>
-        <term><filename>/sbin/</filename></term>
-        <term><filename>/usr/sbin/</filename></term>
-
-        <listitem><para>These compatibility symlinks point to <filename>/usr/bin/</filename>, ensuring that
-        scripts and binaries referencing these legacy paths correctly find their binaries.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/lib/</filename></term>
-
-        <listitem><para>This compatibility symlink points to <filename>/usr/lib/</filename>, ensuring that
-        programs referencing this legacy path correctly find their resources.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/lib64/</filename></term>
-
-        <listitem><para>On some architecture ABIs, this compatibility symlink points to
-        <varname>$libdir</varname>, ensuring that binaries referencing this legacy path correctly find their
-        dynamic loader. This symlink only exists on architectures whose ABI places the dynamic loader in this
-        path.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>/var/run/</filename></term>
-
-        <listitem><para>This compatibility symlink points to <filename>/run/</filename>, ensuring that
-        programs referencing this legacy path correctly find their runtime data.</para></listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>Home Directory</title>
-
-    <para>User applications may want to place files and directories in
-    the user's home directory. They should follow the following basic
-    structure. Note that some of these directories are also
-    standardized (though more weakly) by the <ulink
-    url="https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG
-    Base Directory Specification</ulink>. Additional locations for
-    high-level user resources are defined by <ulink
-    url="https://www.freedesktop.org/wiki/Software/xdg-user-dirs">xdg-user-dirs</ulink>.</para>
-
-    <variablelist>
-      <varlistentry>
-        <term><filename>~/.cache/</filename></term>
-
-        <listitem><para>Persistent user cache data. User programs may place non-essential data in this
-        directory. Flushing this directory should have no effect on operation of programs, except for
-        increased runtimes necessary to rebuild these caches. If an application finds
-        <varname>$XDG_CACHE_HOME</varname> set, it should use the directory specified in it instead of this
-        directory.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>~/.config/</filename></term>
-
-        <listitem><para>Application configuration. When a new user is created, this directory will be empty
-        or not exist at all. Applications should fall back to defaults should their configuration in this
-        directory be missing. If an application finds <varname>$XDG_CONFIG_HOME</varname> set, it should use
-        the directory specified in it instead of this directory.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>~/.local/bin/</filename></term>
-
-        <listitem><para>Executables that shall appear in the user's <varname>$PATH</varname> search path. It
-        is recommended not to place executables in this directory that are not useful for invocation from a
-        shell; these should be placed in a subdirectory of <filename>~/.local/lib/</filename> instead. Care
-        should be taken when placing architecture-dependent binaries in this place, which might be
-        problematic if the home directory is shared between multiple hosts with different
-        architectures.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>~/.local/lib/</filename></term>
-
-        <listitem><para>Static, private vendor data that is compatible with all
-        architectures.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>~/.local/lib/<replaceable>arch-id</replaceable>/</filename></term>
-
-        <listitem><para>Location for placing public dynamic libraries. The architecture identifier to use is
-        defined on <ulink url="https://wiki.debian.org/Multiarch/Tuples">Multiarch Architecture Specifiers
-        (Tuples)</ulink> list.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>~/.local/share/</filename></term>
-
-        <listitem><para>Resources shared between multiple packages, such as fonts or artwork. Usually, the
-        precise location and format of files stored below this directory is subject to specifications that
-        ensure interoperability. If an application finds <varname>$XDG_DATA_HOME</varname> set, it should use
-        the directory specified in it instead of this directory.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><filename>~/.local/state/</filename></term>
-
-        <listitem><para>Application state. When a new user is created, this directory will be empty or not
-        exist at all. Applications should fall back to defaults should their state in this directory be
-        missing. If an application finds <varname>$XDG_STATE_HOME</varname> set, it should use the directory
-        specified in it instead of this directory.</para></listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>Write Access</title>
-
-    <refsect2>
-      <title>Unprivileged Write Access</title>
-
-      <para>Unprivileged processes generally lack write access to most of the hierarchy.</para>
-
-      <para>The exceptions for normal users are
-      <filename>/tmp/</filename>,
-      <filename>/var/tmp/</filename>,
-      <filename>/dev/shm/</filename>, as well as the home directory
-      <varname>$HOME</varname> (usually found below
-      <filename>/home/</filename>) and the runtime directory
-      <varname>$XDG_RUNTIME_DIR</varname> (found below
-      <filename>/run/user/</filename>) of the user, which are all
-      writable.</para>
-
-      <para>For unprivileged system processes, only
-      <filename>/tmp/</filename>,
-      <filename>/var/tmp/</filename> and
-      <filename>/dev/shm/</filename> are writable. If an
-      unprivileged system process needs a private writable directory in
-      <filename>/var/</filename> or <filename>/run/</filename>, it is
-      recommended to either create it before dropping privileges in the
-      daemon code, to create it via
-      <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-      fragments during boot, or via the
-      <varname>StateDirectory=</varname> and <varname>RuntimeDirectory=</varname>
-      directives of service units (see
-      <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-      for details).</para>
-
-      <para><filename>/tmp/</filename>, <filename>/var/tmp/</filename> and <filename>/dev/shm/</filename>
-      should be mounted <option>nosuid</option> and <option>nodev</option>, which means that set-user-id mode
-      and character or block special devices are not interpreted on those file systems. In general it is not
-      possible to mount them <option>noexec</option>, because various programs use those directories for
-      dynamically generated or optimized code, and with that flag those use cases would break. Using this
-      flag is OK on special-purpose installations or systems where all software that may be installed is
-      known and does not require such functionality. See the discussion of
-      <option>nosuid</option>/<option>nodev</option>/<option>noexec</option> in <citerefentry
-      project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> and
-      <constant>PROT_EXEC</constant> in <citerefentry
-      project='man-pages'><refentrytitle>mmap</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
-      </para>
-    </refsect2>
-
-    <refsect2>
-      <title>Lack of Write Access on Read-Only Systems and during System Recovery</title>
-
-      <para>As noted above, some systems operate with the <filename>/usr</filename> and
-      <filename>/etc</filename> hierarchies mounted read-only, possibly only allowing write access during
-      package upgrades. Other part of the hierarchy are generally mounted read-write (in particular
-      <filename>/var</filename> and <filename>/var/tmp</filename>), but may be read-only when the kernel
-      remounts the file system read-only in response to errors, or when the system is booted read-only for
-      recovery purposes. To the extent reasonable, applications should be prepared to execute without write
-      access, so that for example, failure to save non-essential data to <filename>/var/cache/</filename> or
-      failure to create a custom log file under <filename>/var/log</filename> does not prevent the
-      application from running.</para>
-
-      <para>The <filename>/run/</filename> directory is available since the earliest boot and is always
-      writable. It should be used for any runtime data and sockets, so that write access to e.g.
-      <filename>/etc</filename> or <filename>/var</filename> is not needed.</para>
-    </refsect2>
-  </refsect1>
-
-  <refsect1>
-    <title>Node Types</title>
-
-    <para>Unix file systems support different types of file nodes,
-    including regular files, directories, symlinks, character and
-    block device nodes, sockets and FIFOs.</para>
-
-    <para>It is strongly recommended that <filename>/dev/</filename> is
-    the only location below which device nodes shall be placed.
-    Similarly, <filename>/run/</filename> shall be the only location to
-    place sockets and FIFOs. Regular files, directories and symlinks
-    may be used in all directories.</para>
-
-    <para>Applications should expect that a security policy might be enforced on a system that enforces these
-    rules.</para>
-  </refsect1>
-
-  <refsect1>
-    <title>System Packages</title>
-
-    <para>Developers of system packages should follow strict rules when placing their files in the file
-    system. The following table lists recommended locations for specific types of files supplied by the
-    vendor.</para>
-
-    <table>
-      <title>System package vendor files locations</title>
-      <tgroup cols='2' align='left' colsep='1' rowsep='1'>
-        <colspec colname="directory" />
-        <colspec colname="purpose" />
-        <thead>
-          <row>
-      <entry>Directory</entry>
-      <entry>Purpose</entry>
-          </row>
-        </thead>
-        <tbody>
-          <row>
-      <entry><filename>/usr/bin/</filename></entry>
-      <entry>Package executables that shall appear in the <varname>$PATH</varname> executable search path, compiled for any of the supported architectures compatible with the operating system. It is not recommended to place internal binaries or binaries that are not commonly invoked from the shell in this directory, such as daemon binaries. As this directory is shared with most other packages of the system, special care should be taken to pick unique names for files placed here, that are unlikely to clash with other package's files.</entry>
-          </row>
-          <row>
-      <entry><filename>/usr/lib/<replaceable>arch-id</replaceable>/</filename></entry>
-      <entry>Public shared libraries of the package. As above, be careful with using too generic names, and pick unique names for your libraries to place here to avoid name clashes.</entry>
-          </row>
-          <row>
-      <entry><filename>/usr/lib/<replaceable>package</replaceable>/</filename></entry>
-      <entry>Private static vendor resources of the package, including private binaries and libraries, or any other kind of read-only vendor data.</entry>
-          </row>
-          <row>
-      <entry><filename>/usr/lib/<replaceable>arch-id</replaceable>/<replaceable>package</replaceable>/</filename></entry>
-      <entry>Private other vendor resources of the package that are architecture-specific and cannot be shared between architectures. Note that this generally does not include private executables since binaries of a specific architecture may be freely invoked from any other supported system architecture.</entry>
-          </row>
-        </tbody>
-      </tgroup>
-    </table>
-
-    <para>Additional static vendor files with shared ownership may be installed in the
-    <filename>/usr/share/</filename> hierarchy to the locations defined by the various relevant
-    specifications.</para>
-
-    <para>The following directories shall be used by the package for local configuration and files created
-    during runtime:</para>
-
-    <table>
-      <title>System package variable files locations</title>
-      <tgroup cols='2' align='left' colsep='1' rowsep='1'>
-        <colspec colname="directory" />
-        <colspec colname="purpose" />
-        <thead>
-          <row>
-      <entry>Directory</entry>
-      <entry>Purpose</entry>
-          </row>
-        </thead>
-        <tbody>
-          <row>
-      <entry><filename>/etc/<replaceable>package</replaceable>/</filename></entry>
-      <entry>System-specific configuration for the package. It is recommended to default to safe fallbacks if this configuration is missing, if this is possible. Alternatively, a <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> fragment may be used to copy or symlink the necessary files and directories from <filename>/usr/share/factory/</filename> during boot, via the <literal>L</literal> or <literal>C</literal> directives.</entry>
-          </row>
-          <row>
-      <entry><filename>/run/<replaceable>package</replaceable>/</filename></entry>
-      <entry>Runtime data for the package. Packages must be able to create the necessary subdirectories in this tree on their own, since the directory is flushed automatically on boot. Alternatively, a <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> fragment may be used to create the necessary directories during boot, or the <varname>RuntimeDirectory=</varname> directive of service units may be used to create them at service startup (see <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details).</entry>
-          </row>
-          <row>
-      <entry><filename>/run/log/<replaceable>package</replaceable>/</filename></entry>
-      <entry>Runtime log data for the package. As above, the package needs to make sure to create this directory if necessary, as it will be flushed on every boot.</entry>
-          </row>
-          <row>
-      <entry><filename>/var/cache/<replaceable>package</replaceable>/</filename></entry>
-      <entry>Persistent cache data of the package. If this directory is flushed, the application should work correctly on next invocation, though possibly slowed down due to the need to rebuild any local cache files. The application must be capable of recreating this directory should it be missing and necessary. To create an empty directory, a <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> fragment or the <varname>CacheDirectory=</varname> directive of service units (see <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>) may be used.</entry>
-          </row>
-          <row>
-      <entry><filename>/var/lib/<replaceable>package</replaceable>/</filename></entry>
-      <entry>Persistent private data of the package. This is the primary place to put persistent data that does not fall into the other categories listed. Packages should be able to create the necessary subdirectories in this tree on their own, since the directory might be missing on boot. To create an empty directory, a <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> fragment or the <varname>StateDirectory=</varname> directive of service units (see <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>) may be used.</entry>
-          </row>
-          <row>
-      <entry><filename>/var/log/<replaceable>package</replaceable>/</filename></entry>
-      <entry>Persistent log data of the package. As above, the package should make sure to create this directory if necessary, possibly using <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> or <varname>LogsDirectory=</varname> (see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>), as it might be missing.</entry>
-          </row>
-        </tbody>
-      </tgroup>
-    </table>
-  </refsect1>
-
-  <refsect1>
-    <title>User Packages</title>
-
-    <para>Programs running in user context should follow strict rules when placing their own files in the
-    user's home directory. The following table lists recommended locations in the home directory for specific
-    types of files supplied by the vendor if the application is installed in the home directory. (User
-    applications installed system-wide are covered by the rules outlined above for vendor files.)</para>
-
-    <table>
-      <title>Vendor package file locations under the home directory of the user</title>
-      <tgroup cols='2' align='left' colsep='1' rowsep='1'>
-        <colspec colname="directory" />
-        <colspec colname="purpose" />
-        <thead>
-          <row>
-      <entry>Directory</entry>
-      <entry>Purpose</entry>
-          </row>
-        </thead>
-        <tbody>
-          <row>
-      <entry><filename>~/.local/bin/</filename></entry>
-      <entry>Package executables that shall appear in the <varname>$PATH</varname> executable search path. It is not recommended to place internal executables or executables that are not commonly invoked from the shell in this directory, such as daemon executables. As this directory is shared with most other packages of the user, special care should be taken to pick unique names for files placed here, that are unlikely to clash with other package's files.</entry>
-          </row>
-          <row>
-      <entry><filename>~/.local/lib/<replaceable>arch-id</replaceable>/</filename></entry>
-      <entry>Public shared libraries of the package. As above, be careful with using overly generic names, and pick unique names for your libraries to place here to avoid name clashes.</entry>
-          </row>
-          <row>
-      <entry><filename>~/.local/lib/<replaceable>package</replaceable>/</filename></entry>
-      <entry>Private, static vendor resources of the package, compatible with any architecture, or any other kind of read-only vendor data.</entry>
-          </row>
-          <row>
-      <entry><filename>~/.local/lib/<replaceable>arch-id</replaceable>/<replaceable>package</replaceable>/</filename></entry>
-      <entry>Private other vendor resources of the package that are architecture-specific and cannot be shared between architectures.</entry>
-          </row>
-        </tbody>
-      </tgroup>
-    </table>
-
-    <para>Additional static vendor files with shared ownership may be installed in the
-    <filename>~/.local/share/</filename> hierarchy, mirroring the subdirectories specified in the section
-    "Vendor-supplied operating system resources" above.</para>
-
-    <para>The following directories shall be used by the package for per-user local configuration and files
-    created during runtime:</para>
-
-    <table>
-      <title>User package variable file locations</title>
-      <tgroup cols='2' align='left' colsep='1' rowsep='1'>
-        <colspec colname="directory" />
-        <colspec colname="purpose" />
-        <thead>
-          <row>
-      <entry>Directory</entry>
-      <entry>Purpose</entry>
-          </row>
-        </thead>
-        <tbody>
-          <row>
-      <entry><filename>~/.config/<replaceable>package</replaceable>/</filename></entry>
-      <entry>User-specific configuration for the package. It is required to default to safe fallbacks if this configuration is missing.</entry>
-          </row>
-          <row>
-      <entry><filename><varname>$XDG_RUNTIME_DIR</varname>/<replaceable>package</replaceable>/</filename></entry>
-      <entry>User runtime data for the package.</entry>
-          </row>
-          <row>
-      <entry><filename>~/.cache/<replaceable>package</replaceable>/</filename></entry>
-      <entry>Persistent cache data of the package. If this directory is flushed, the application should work correctly on next invocation, though possibly slowed down due to the need to rebuild any local cache files. The application must be capable of recreating this directory should it be missing and necessary.</entry>
-          </row>
-          <row>
-      <entry><filename>~/.local/state/<replaceable>package</replaceable>/</filename></entry>
-      <entry>Persistent state data of the package.</entry>
-          </row>
-        </tbody>
-      </tgroup>
-    </table>
-  </refsect1>
-
  <refsect1>
    <title>See Also</title>
-    <para><simplelist type="inline">
-      <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+    <para><simplelist>
      <member><citerefentry project='man-pages'><refentrytitle>hier</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
-      <member><citerefentry><refentrytitle>systemd-path</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
-      <member><citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
-      <member><citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
-      <member><citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
-      <member><citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
-      <member><citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
+      <member><ulink url="http://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html">File System Hierarchy</ulink></member>
+      <member><ulink url="https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG Base Directory Specification</ulink></member>
+      <member><ulink url="https://www.freedesktop.org/wiki/Software/xdg-user-dirs">XDG User Directories</ulink></member>
    </simplelist></para>
  </refsect1>

--- a/man/hostname.xml
+++ b/man/hostname.xml
@ -38,10 +38,12 @@

    <para>The file should contain a single newline-terminated hostname string. Comments (lines starting with
    a <literal>#</literal>) are ignored. The hostname should be composed of up to 64 7-bit ASCII lower-case
-    alphanumeric characters or hyphens forming a valid DNS domain name. It is recommended that this name
-    contains only a single label, i.e. without any dots. Invalid characters will be filtered out in an
-    attempt to make the name valid, but obviously it is recommended to use a valid name and not rely on this
-    filtering.</para>
+    alphanumeric characters or hyphens forming a valid DNS domain name. It is strongly recommended that this
+    name contains only a single DNS label, i.e does not contain any dots. This recommendation reflects both
+    usual expectations of applications, and the fact that the Linux kernel limits the length of the system
+    hostname to 64 (i.e. close to the maximum DNS label length of 63) rather than 255 (the maximum DNS domain
+    name length). When applied, invalid characters will be filtered out in an attempt to make the name valid,
+    but obviously it is recommended to use a valid name and not rely on this filtering.</para>

    <para id="question-mark-hostname-pattern">If the question mark character <literal>?</literal> appears in
    the hostname, it is automatically substituted by a hexadecimal character derived from the
--- a/man/loader.conf.xml
+++ b/man/loader.conf.xml
@ -293,8 +293,10 @@
        <para>Controls enrollment of secure boot keys found on the ESP if the system is in setup mode:
        <variablelist>
          <varlistentry>
-            <term><option>off</option></term>
-            <listitem><para>No action is taken.</para>
+            <term><option>if-safe</option></term>
+            <listitem><para>This is the default. Same behavior as <option>manual</option>, but will try to automatically
+            enroll the key named <literal>auto</literal> if it is considered to be safe. Currently, this is only
+            the case if the system is running inside a virtual machine.</para>

            <xi:include href="version-info.xml" xpointer="v253"/></listitem>
          </varlistentry>
@ -308,10 +310,8 @@
          </varlistentry>

          <varlistentry>
-            <term><option>if-safe</option></term>
-            <listitem><para>Same behavior as <option>manual</option>, but will try to automatically
-            enroll the key <literal>auto</literal> if it is considered to be safe. Currently, this is only
-            the case if the system is running inside a virtual machine.</para>
+            <term><option>off</option></term>
+            <listitem><para>No action is taken.</para>

            <xi:include href="version-info.xml" xpointer="v253"/></listitem>
          </varlistentry>
--- a/man/machine-info.xml
+++ b/man/machine-info.xml
@ -120,6 +120,7 @@
          <literal>development</literal>,
          <literal>integration</literal>,
          <literal>staging</literal>,
+          <literal>testing</literal>,
          <literal>production</literal>.
          </para>

--- a/man/systemd-analyze.xml
+++ b/man/systemd-analyze.xml
@ -458,7 +458,7 @@ $ eog targets.svg</programlisting>
      <title><command>systemd-analyze exit-status <optional><replaceable>STATUS</replaceable>...</optional></command></title>

      <para>This command prints a list of exit statuses along with their "class", i.e. the source of the
-      definition (one of <literal>glibc</literal>, <literal>systemd</literal>, <literal>LSB</literal>, or
+      definition (one of <literal>libc</literal>, <literal>systemd</literal>, <literal>LSB</literal>, or
      <literal>BSD</literal>), see the Process Exit Codes section in
      <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
      If no additional arguments are specified, all known statuses are shown. Otherwise, only the
@ -469,8 +469,8 @@ $ eog targets.svg</programlisting>

        <programlisting>$ systemd-analyze exit-status 0 1 {63..65}
 NAME    STATUS CLASS
-SUCCESS 0      glibc
-FAILURE 1      glibc
+SUCCESS 0      libc
+FAILURE 1      libc
 -       63     -
 USAGE   64     BSD
 DATAERR 65     BSD
--- a/man/systemd-boot.xml
+++ b/man/systemd-boot.xml
@ -392,8 +392,9 @@
    <para>Enrollment of Secure Boot variables can be performed manually or automatically if files are available
    under <filename>/loader/keys/<replaceable>NAME</replaceable>/{db,dbx,KEK,PK}.auth</filename>, <replaceable>NAME</replaceable>
    being the display name for the set of variables in the menu. If one of the sets is named <filename>auto</filename>
-    then it might be enrolled automatically depending on whether <literal>secure-boot-enroll</literal> is set
-    to force or not.</para>
+    then it might be enrolled automatically depending on the execution environment and the value of the <literal>secure-boot-enroll</literal> option.
+    See
+    <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
  </refsect1>

  <refsect1>
--- a/man/systemd-inhibit.xml
+++ b/man/systemd-inhibit.xml
@ -63,12 +63,13 @@
        <literal>sleep</literal>,
        <literal>idle</literal>,
        <literal>handle-power-key</literal>,
+        <literal>handle-reboot-key</literal>,
        <literal>handle-suspend-key</literal>,
        <literal>handle-hibernate-key</literal>,
        <literal>handle-lid-switch</literal>,
        for inhibiting reboot/power-off/halt/kexec/soft-reboot,
        suspending/hibernating, the automatic idle detection, or the
-        low-level handling of the power/sleep key and the lid switch,
+        low-level handling of the power/reboot/sleep key and the lid switch,
        respectively. If omitted, defaults to
        <literal>idle:sleep:shutdown</literal>.</para></listitem>
      </varlistentry>
--- a/man/systemd-logind.service.xml
+++ b/man/systemd-logind.service.xml
@ -95,6 +95,16 @@
    Desktop Environments</ulink>.</para>
  </refsect1>

+  <refsect1>
+    <title>Signal</title>
+    <variablelist>
+      <varlistentry>
+         <term><constant>SIGHUP</constant></term>
+         <listitem><para>Reloads the service configuration file.</para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
  <refsect1>
    <title>See Also</title>
    <para><simplelist type="inline">
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@ -626,11 +626,10 @@
        provides protection against accidental destructive operations only.</para>

        <para>Note that if credentials are used in combination with a non-root <option>--user=</option>
-        (e.g.: <option>--set-credential=</option>, <option>--load-credential=</option> or
-        <option>--import-credential=</option>), then <option>--no-new-privileges=yes</option> must be used, and
-        <option>--boot</option> or <option>--as-pid2</option> must not be used, as the credentials would
-        otherwise be unreadable by the container due to missing privileges after switching to the specified
-        user.</para></listitem>
+        (e.g.: <option>--set-credential=</option> or <option>--load-credential=</option>), then
+        <option>--no-new-privileges=yes</option> must be used, and <option>--boot</option> or
+        <option>--as-pid2</option> must not be used, as the credentials would otherwise be unreadable
+        by the container due to missing privileges after switching to the specified user.</para></listitem>
      </varlistentry>

      <varlistentry>
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@ -747,6 +747,9 @@ DuplicateAddressDetection=none</programlisting></para>
          This is a short-hand for a [Route] section only containing a <varname>Gateway=</varname> key.
          This option may be specified more than once.</para>

+          <para>If an empty string is specified, then the all previous assignments in both [Network] and
+          [Route] sections are cleared.</para>
+
          <xi:include href="version-info.xml" xpointer="v211"/>
        </listitem>
      </varlistentry>
@ -6390,7 +6393,7 @@ Gateway=192.168.0.1</programlisting>
    <example>
      <title>DHCP on ethernet links</title>

-      <programlisting># /etc/systemd/network/80-dhcp.network
+      <programlisting># /etc/systemd/network/60-dhcp.network
 [Match]
 Name=en*

--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@ -717,9 +717,10 @@
        <term><varname>BindsTo=</varname></term>

        <listitem><para>Configures requirement dependencies, very similar in style to
-        <varname>Requires=</varname>. However, this dependency type is stronger: in addition to the effect of
-        <varname>Requires=</varname> it declares that if the unit bound to is stopped, this unit will be stopped
-        too. This means a unit bound to another unit that suddenly enters inactive state will be stopped too.
+        <varname>Requires=</varname>. However, this dependency type is stronger: in addition to the effects of
+        <varname>Requires=</varname>, which already stops (or restarts) the configuring unit when a listed unit is
+        explicitly stopped (or restarted), it also does so when a listed unit stops unexpectedly (which includes when it
+        fails).
        Units can suddenly, unexpectedly enter inactive state for different reasons: the main process of a service unit
        might terminate on its own choice, the backing device of a device unit might be unplugged or the mount point of
        a mount unit might be unmounted without involvement of the system and service manager.</para>
--- a/meson.build
+++ b/meson.build
@ -656,10 +656,6 @@ foreach prog : progs
        conf.set_quoted(name, path)
 endforeach

-if run_command(ln, '--relative', '--help', check : false).returncode() != 0
-        error('ln does not support --relative (added in coreutils 8.16)')
-endif
-
 #####################################################################

 gperf_test_format = '''
@ -761,7 +757,13 @@ if time_epoch <= 0
        if time_epoch == ''
                NEWS = files('NEWS')
                time_epoch = run_command(stat, '-c', '%Y', NEWS,
-                                         check : true).stdout()
+                                         check : false)
+                if time_epoch.returncode() != 0
+                        # If the above fails, maybe the stat(1) uses BSD-style syntax
+                        time_epoch = run_command(stat, '-f', '%m', NEWS,
+                                                 check : true)
+                endif
+                time_epoch = time_epoch.stdout()
        endif
        time_epoch = time_epoch.strip().to_int()
 endif
@ -1315,7 +1317,7 @@ feature = get_option('gcrypt')
 libgcrypt = dependency('libgcrypt',
                       required : feature)
 libgpg_error = dependency('gpg-error',
-                          required : feature.disabled() ? feature : false)
+                          required : feature)

 have = libgcrypt.found() and libgpg_error.found()
 if not have
@ -1533,10 +1535,19 @@ conf.set('DEFAULT_DNSSEC_MODE',
         'DNSSEC_' + default_dnssec.underscorify().to_upper())
 conf.set_quoted('DEFAULT_DNSSEC_MODE_STR', default_dnssec)

+have = get_option('importd').require(
+        conf.get('HAVE_LIBCURL') == 1 and
+        conf.get('HAVE_OPENSSL') == 1 and
+        conf.get('HAVE_ZLIB') == 1 and
+        conf.get('HAVE_XZ') == 1,
+        error_message : 'curl, openssl/grypt, zlib and xz required').allowed()
+conf.set10('ENABLE_IMPORTD', have)
+
 have = get_option('sysupdate').require(
+        conf.get('ENABLE_IMPORTD') == 1 and
        conf.get('HAVE_OPENSSL') == 1 and
        conf.get('HAVE_LIBFDISK') == 1,
-        error_message : 'fdisk and openssl required').allowed()
+        error_message : 'systemd-importd, fdisk, and openssl required').allowed()
 conf.set10('ENABLE_SYSUPDATE', have)

 have2 = get_option('sysupdated')
@ -1555,14 +1566,6 @@ conf.set10('ENABLE_SYSUPDATED', have2)

 conf.set10('ENABLE_STORAGETM', get_option('storagetm'))

-have = get_option('importd').require(
-        conf.get('HAVE_LIBCURL') == 1 and
-        conf.get('HAVE_OPENSSL') == 1 and
-        conf.get('HAVE_ZLIB') == 1 and
-        conf.get('HAVE_XZ') == 1,
-        error_message : 'curl, openssl/grypt, zlib and xz required').allowed()
-conf.set10('ENABLE_IMPORTD', have)
-
 have = get_option('homed').require(
        conf.get('HAVE_OPENSSL') == 1 and
        conf.get('HAVE_LIBFDISK') == 1 and
--- a/meson.version
+++ b/meson.version
@ -1 +1 @@
-258.2
+258.3
--- a/mkosi/mkosi.conf
+++ b/mkosi/mkosi.conf
@ -1,7 +1,7 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

 [Config]
-MinimumVersion=commit:d45142e329550abc9c6fc63c1f1f86e5286d3d67
+MinimumVersion=commit:5a476a92deca8ad54869e5d416217aa1bb137b25
 Dependencies=
        exitrd
        initrd
@ -147,7 +147,6 @@ Credentials=
        tty.virtual.tty1.agetty.autologin=root
        tty.virtual.tty1.login.noauth=yes
 RuntimeBuildSources=yes
-RuntimeScratch=no
 CPUs=2
 TPM=yes
 VSock=yes
@ -156,3 +155,4 @@ KVM=yes
 [Include]
 Include=%D/mkosi/mkosi.sanitizers
        %D/mkosi/mkosi.coverage
+        %D/mkosi/mkosi.pkgenv
--- a/mkosi/mkosi.images/build/mkosi.conf
+++ b/mkosi/mkosi.images/build/mkosi.conf
@ -1,5 +1,8 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

+[Include]
+Include=%D/mkosi/mkosi.pkgenv
+
 [Content]
 Packages=
        clang
--- a/mkosi/mkosi.images/build/mkosi.conf.d/arch/mkosi.conf
+++ b/mkosi/mkosi.images/build/mkosi.conf.d/arch/mkosi.conf
@ -3,9 +3,6 @@
 [Match]
 Distribution=arch

-[Include]
-Include=%D/mkosi/mkosi.conf.d/arch/mkosi.conf.d/pkgenv.conf
-
 [Content]
 Packages=
        base
--- a/mkosi/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf
+++ b/mkosi/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.conf
@ -4,9 +4,6 @@
 Distribution=|centos
 Distribution=|fedora

-[Include]
-Include=%D/mkosi/mkosi.conf.d/centos-fedora/mkosi.conf.d/pkgenv.conf
-
 [Content]
 Packages=
        clang-devel
--- a/mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
+++ b/mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf
@ -4,9 +4,6 @@
 Distribution=|debian
 Distribution=|ubuntu

-[Include]
-Include=%D/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf.d/pkgenv.conf
-
 [Content]
 Packages=
        apt
--- a/mkosi/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
+++ b/mkosi/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.conf
@ -3,9 +3,6 @@
 [Match]
 Distribution=opensuse

-[Include]
-Include=%D/mkosi/mkosi.conf.d/opensuse/mkosi.conf.d/pkgenv.conf
-
 [Content]
 Packages=
        clang
--- a/mkosi/mkosi.conf.d/arch/mkosi.conf.d/pkgenv.conf
+++ b/mkosi/mkosi.conf.d/arch/mkosi.conf.d/pkgenv.conf
@ -1,5 +1,8 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

+[Match]
+Distribution=arch
+
 [Build]
 Environment=
        GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
--- a/mkosi/mkosi.conf.d/centos-fedora/mkosi.conf.d/pkgenv.conf
+++ b/mkosi/mkosi.conf.d/centos-fedora/mkosi.conf.d/pkgenv.conf
@ -1,8 +1,13 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

+[Match]
+Distribution=|fedora
+Distribution=|centos
+Profiles=!hyperscale
+
 [Build]
 Environment=
        GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
        GIT_BRANCH=rawhide
-        GIT_COMMIT=8e2833a5b64f7e2ce62ea0a2d0ec9e393e718dfa
+        GIT_COMMIT=12f95f807fef5075a8842dd107f83b4c41d5ac26
        PKG_SUBDIR=fedora
--- a/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf.d/pkgenv.conf
+++ b/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf.d/pkgenv.conf
@ -1,5 +1,9 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

+[Match]
+Distribution=|debian
+Distribution=|ubuntu
+
 [Build]
 Environment=
        GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
--- a/mkosi/mkosi.pkgenv/mkosi.conf.d/hyperscale.conf
+++ b/mkosi/mkosi.pkgenv/mkosi.conf.d/hyperscale.conf
@ -0,0 +1,14 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Profiles=hyperscale
+
+[Assert]
+Distribution=centos
+
+[Build]
+Environment=
+        GIT_URL=https://gitlab.com/CentOS/Hyperscale/rpms/systemd.git
+        GIT_BRANCH=c10s-sig-hyperscale
+        GIT_COMMIT=417b671b173ea6271c00a3c605215b5f68795a3a
+        PKG_SUBDIR=hyperscale
--- a/mkosi/mkosi.conf.d/opensuse/mkosi.conf.d/pkgenv.conf
+++ b/mkosi/mkosi.conf.d/opensuse/mkosi.conf.d/pkgenv.conf
@ -1,5 +1,8 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

+[Match]
+Distribution=opensuse
+
 [Build]
 Environment=
        GIT_URL=https://github.com/bmwiedemann/openSUSE
--- a/mkosi/mkosi.profiles/hyperscale/mkosi.conf
+++ b/mkosi/mkosi.profiles/hyperscale/mkosi.conf
@ -0,0 +1,7 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=centos
+
+[Distribution]
+Repositories=hyperscale-packages-main
--- a/mkosi/mkosi.tools.conf/mkosi.conf
+++ b/mkosi/mkosi.tools.conf/mkosi.conf
@ -1,8 +1,12 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

+[Include]
+Include=%D/mkosi/mkosi.pkgenv
+
 [Content]
 SyncScripts=%D/mkosi/mkosi.sync
 Packages=
        gdb
        llvm
        meson # Also needed in the NO_BUILD case so we list it explicitly.
+        valgrind
--- a/mkosi/mkosi.tools.conf/mkosi.conf.d/arch.conf
+++ b/mkosi/mkosi.tools.conf/mkosi.conf.d/arch.conf
@ -3,9 +3,6 @@
 [Match]
 Distribution=arch

-[Include]
-Include=%D/mkosi/mkosi.conf.d/arch/mkosi.conf.d/pkgenv.conf
-
 [Content]
 PrepareScripts=%D/mkosi/mkosi.images/build/mkosi.conf.d/arch/mkosi.prepare
 Packages=
--- a/mkosi/mkosi.tools.conf/mkosi.conf.d/centos-fedora.conf
+++ b/mkosi/mkosi.tools.conf/mkosi.conf.d/centos-fedora.conf
@ -4,12 +4,12 @@
 Distribution=|fedora
 Distribution=|centos

-[Include]
-Include=%D/mkosi/mkosi.conf.d/centos-fedora/mkosi.conf.d/pkgenv.conf
-
 [Content]
 PrepareScripts=%D/mkosi/mkosi.images/build/mkosi.conf.d/centos-fedora/mkosi.prepare
 Packages=
        clang-tools-extra
        python3-mypy
        rpm-build
+        libasan
+        libubsan
+        compiler-rt
--- a/mkosi/mkosi.tools.conf/mkosi.conf.d/debian-ubuntu.conf
+++ b/mkosi/mkosi.tools.conf/mkosi.conf.d/debian-ubuntu.conf
@ -4,9 +4,6 @@
 Distribution=|debian
 Distribution=|ubuntu

-[Include]
-Include=%D/mkosi/mkosi.conf.d/debian-ubuntu/mkosi.conf.d/pkgenv.conf
-
 [Content]
 PrepareScripts=%D/mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.prepare
 Packages=
--- a/mkosi/mkosi.tools.conf/mkosi.conf.d/opensuse.conf
+++ b/mkosi/mkosi.tools.conf/mkosi.conf.d/opensuse.conf
@ -3,9 +3,6 @@
 [Match]
 Distribution=opensuse

-[Include]
-Include=%D/mkosi/mkosi.conf.d/opensuse/mkosi.conf.d/pkgenv.conf
-
 [Content]
 PrepareScripts=%D/mkosi/mkosi.images/build/mkosi.conf.d/opensuse/mkosi.prepare
 Packages=
--- a/profile.d/80-systemd-osc-context.sh
+++ b/profile.d/80-systemd-osc-context.sh
@ -13,6 +13,10 @@
 # Not bash?
 [ -n "${BASH_VERSION:-}" ] || return 0

+# If we're on a "dumb" terminal, do not install the prompt.
+# Treat missing $TERM same as "dumb".
+[ "${TERM:-dumb}" = "dumb" ] && return 0
+
 __systemd_osc_context_escape() {
    # Escape according to the OSC 3008 spec. Since this requires shelling out
    # to 'sed' we'll only do it where it's strictly necessary, and skip it when
@ -53,10 +57,21 @@ __systemd_osc_context_precmdline() {
    read -r systemd_osc_context_cmd_id </proc/sys/kernel/random/uuid
 }

-if [[ -n "${BASH_VERSION:-}" ]] && [[ "${TERM:-}" != "dumb" ]]; then
-    # Whenever a new prompt is shown close the previous command, and prepare new command
+__systemd_osc_context_ps0() {
+    # Skip if PROMPT_COMMAND= is cleared manually or by other profiles.
+    [ -n "${systemd_osc_context_cmd_id:-}" ] || return
+
+    printf "\033]3008;start=%s%s;type=command;cwd=%s\033\\" "$systemd_osc_context_cmd_id" "$(__systemd_osc_context_common)" "$(__systemd_osc_context_escape "$PWD")"
+}
+
+if [ -n "${BASH_VERSION:-}" ]; then
+    # Legacy bashrc will assign PROMPT_COMMAND=, which is equivalent to assigning
+    # index 0 in the array. Leave an empty spot to handle this gracefully.
+    [ -n "$(declare -p PROMPT_COMMAND 2>/dev/null)" ] || PROMPT_COMMAND+=('')
+
+    # Whenever a new prompt is shown, close the previous command, and prepare new command
    PROMPT_COMMAND+=(__systemd_osc_context_precmdline)

    # PS0 is shown right after a prompt completed, but before the command is executed
-    PS0='\033]3008;start=$systemd_osc_context_cmd_id$(__systemd_osc_context_common);type=command;cwd=$(__systemd_osc_context_escape "$PWD")\033\\'"${PS0:-}"
+    PS0='$(__systemd_osc_context_ps0)'"${PS0:-}"
 fi
--- a/shell-completion/bash/meson.build
+++ b/shell-completion/bash/meson.build
@ -1,7 +1,9 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

 bashcompletiondir = get_option('bashcompletiondir')
-if bashcompletiondir == ''
+if bashcompletiondir == 'no'
+        subdir_done()
+elif bashcompletiondir == ''
        bash_completion = dependency('bash-completion', required : false)
        if bash_completion.found()
                bashcompletiondir = bash_completion.get_variable(pkgconfig : 'completionsdir')
@ -14,49 +16,51 @@ custom_target(
        input : 'systemctl.in',
        output : 'systemctl',
        command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'],
-        install : bashcompletiondir != 'no',
+        install : true,
        install_dir : bashcompletiondir)

-items = [['busctl',              ''],
-         ['journalctl',          ''],
-         ['systemd-analyze',     ''],
-         ['systemd-cat',         ''],
-         ['systemd-cgls',        ''],
-         ['systemd-cgtop',       ''],
-         ['systemd-creds',       ''],
-         ['systemd-delta',       ''],
-         ['systemd-detect-virt', ''],
-         ['systemd-id128',       ''],
-         ['systemd-nspawn',      'ENABLE_NSPAWN'],
-         ['systemd-path',        ''],
-         ['systemd-run',         ''],
-         ['systemd-vpick',       ''],
-         ['udevadm',             ''],
-         ['bootctl',             ''],
-         ['run0',                ''],
-         ['coredumpctl',         'ENABLE_COREDUMP'],
-         ['homectl',             'ENABLE_HOMED'],
-         ['hostnamectl',         'ENABLE_HOSTNAMED'],
-         ['importctl',           'ENABLE_IMPORTD'],
-         ['kernel-install',      'ENABLE_KERNEL_INSTALL'],
-         ['localectl',           'ENABLE_LOCALED'],
-         ['loginctl',            'ENABLE_LOGIND'],
-         ['machinectl',          'ENABLE_MACHINED'],
-         ['networkctl',          'ENABLE_NETWORKD'],
-         ['oomctl',              'ENABLE_OOMD'],
-         ['portablectl',         'ENABLE_PORTABLED'],
-         ['resolvectl',          'ENABLE_RESOLVE'],
-         ['systemd-cryptenroll', 'HAVE_LIBCRYPTSETUP'],
-         ['systemd-confext',     'ENABLE_SYSEXT'],
-         ['systemd-dissect',     'HAVE_BLKID'],
-         ['systemd-resolve',     'ENABLE_RESOLVE'],
-         ['systemd-sysext',      'ENABLE_SYSEXT'],
-         ['systemd-vmspawn',     'ENABLE_VMSPAWN'],
-         ['timedatectl',         'ENABLE_TIMEDATED'],
-         ['userdbctl',           'ENABLE_USERDB']]
+foreach item : [
+        ['bootctl',             ''],
+        ['busctl',              ''],
+        ['coredumpctl',         'ENABLE_COREDUMP'],
+        ['homectl',             'ENABLE_HOMED'],
+        ['hostnamectl',         'ENABLE_HOSTNAMED'],
+        ['importctl',           'ENABLE_IMPORTD'],
+        ['journalctl',          ''],
+        ['kernel-install',      'ENABLE_KERNEL_INSTALL'],
+        ['localectl',           'ENABLE_LOCALED'],
+        ['loginctl',            'ENABLE_LOGIND'],
+        ['machinectl',          'ENABLE_MACHINED'],
+        ['networkctl',          'ENABLE_NETWORKD'],
+        ['oomctl',              'ENABLE_OOMD'],
+        ['portablectl',         'ENABLE_PORTABLED'],
+        ['resolvectl',          'ENABLE_RESOLVE'],
+        ['run0',                ''],
+        ['systemd-analyze',     ''],
+        ['systemd-cat',         ''],
+        ['systemd-cgls',        ''],
+        ['systemd-cgtop',       ''],
+        ['systemd-confext',     'ENABLE_SYSEXT'],
+        ['systemd-creds',       ''],
+        ['systemd-cryptenroll', 'HAVE_LIBCRYPTSETUP'],
+        ['systemd-delta',       ''],
+        ['systemd-detect-virt', ''],
+        ['systemd-dissect',     'HAVE_BLKID'],
+        ['systemd-id128',       ''],
+        ['systemd-nspawn',      'ENABLE_NSPAWN'],
+        ['systemd-path',        ''],
+        ['systemd-resolve',     'ENABLE_RESOLVE'],
+        ['systemd-run',         ''],
+        ['systemd-sysext',      'ENABLE_SYSEXT'],
+        ['systemd-vmspawn',     'ENABLE_VMSPAWN'],
+        ['systemd-vpick',       ''],
+        ['timedatectl',         'ENABLE_TIMEDATED'],
+        ['udevadm',             ''],
+        ['userdbctl',           'ENABLE_USERDB'],
+        ['varlinkctl',          ''],
+]

-foreach item : items
-        if bashcompletiondir != 'no' and (item[1] == '' or conf.get(item[1]) == 1)
+        if item[1] == '' or conf.get(item[1]) == 1
                install_data(item[0],
                             install_dir : bashcompletiondir)
        endif
--- a/shell-completion/bash/portablectl
+++ b/shell-completion/bash/portablectl
@ -91,7 +91,7 @@ _portablectl() {
    elif __contains_word "$verb" ${VERBS[STANDALONE]}; then
        comps=''
    elif __contains_word "$verb" ${VERBS[IMAGE]}; then
-        if [[ $n == 1 ]]; then
+        if [[ $n == 1 ]] || [[ "$prev" = -* ]] || __contains_word "${COMP_WORDS[COMP_CWORD-2]}" ${OPTS[ARG]}; then
            comps=$( compgen -A file -- "$cur" )
            compopt -o filenames
        else
@ -101,10 +101,10 @@ _portablectl() {
        comps=$( compgen -A file -- "$cur" )
        compopt -o filenames
    elif __contains_word "$verb" ${VERBS[IMAGE_WITH_BOOL]}; then
-        if [[ $n == 1 ]]; then
+        if [[ $n == 1 ]] || [[ "$prev" = -* ]] || __contains_word "${COMP_WORDS[COMP_CWORD-2]}" ${OPTS[ARG]}; then
            comps=$( compgen -A file -- "$cur" )
            compopt -o filenames
-        elif [[ $n == 2 ]]; then
+        elif ! __contains_word "$prev" "yes" "no" && { [[ $n == 2 ]] || [[ "$prev" != -* ]]; }; then
            comps='yes no'
        else
            comps=''
--- a/shell-completion/bash/systemd-analyze
+++ b/shell-completion/bash/systemd-analyze
@ -56,6 +56,15 @@ __get_architectures() {
    systemd-analyze --no-legend --no-pager architectures 2>/dev/null | { while read -r a b; do echo " $a"; done; }
 }

+__get_filesystem_sets() {
+    local line
+    systemd-analyze filesystems --no-pager 2>/dev/null | while IFS= read -r line; do
+        if [[ $line == @* ]]; then
+            printf '%s\n' "$line"
+        fi
+    done
+}
+
 _systemd_analyze() {
    local i verb comps mode
    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
@ -68,7 +77,7 @@ _systemd_analyze() {
    )

    local -A VERBS=(
-        [STANDALONE]='time blame unit-files unit-paths exit-status compare-versions calendar timestamp timespan pcrs srk has-tpm2 smbios11 chid'
+        [STANDALONE]='time blame unit-files unit-paths exit-status compare-versions timestamp timespan pcrs srk has-tpm2 smbios11 chid image-policy'
        [CRITICAL_CHAIN]='critical-chain'
        [DOT]='dot'
        [DUMP]='dump'
@ -85,6 +94,8 @@ _systemd_analyze() {
        [TRANSIENT_SETTINGS]='transient-settings'
        [UNIT_SHELL]='unit-shell'
        [UNIT_GDB]='unit-gdb'
+        [FILESYSTEMS]='filesystems'
+        [CALENDAR]='calendar'
    )

    local CONFIGS='locale.conf systemd/bootchart.conf systemd/coredump.conf systemd/journald.conf
@ -256,6 +267,18 @@ _systemd_analyze() {
        else
            comps=$( __get_services $mode )
        fi
+
+    elif __contains_word "$verb" ${VERBS[FILESYSTEMS]}; then
+        if [[ $cur = -* ]]; then
+            comps='--help --version --no-pager'
+        else
+            comps=$( __get_filesystem_sets )
+        fi
+
+    elif __contains_word "$verb" ${VERBS[CALENDAR]}; then
+        if [[ $cur = -* ]]; then
+            comps='--help --version --iterations --base-time'
+        fi
    fi

    COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
--- a/shell-completion/bash/varlinkctl
+++ b/shell-completion/bash/varlinkctl
@ -0,0 +1,117 @@
+# shellcheck shell=bash
+# varlinkctl(1) completion                           -*- shell-script -*-
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# systemd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with systemd; If not, see <https://www.gnu.org/licenses/>.
+
+__contains_word () {
+    local w word=$1; shift
+    for w in "$@"; do
+        [[ $w = "$word" ]] && return
+    done
+}
+
+__get_interfaces() {
+    local address=$1
+    local a
+    varlinkctl list-interfaces --no-pager "$address" 2>/dev/null |
+        { while read -r a; do echo " $a"; done; }
+}
+
+__get_methods() {
+    local address=$1
+    local a
+    varlinkctl list-methods --no-pager "$address" 2>/dev/null |
+        { while read -r a; do echo " $a"; done; }
+}
+
+_varlinkctl() {
+    local i n verb comps
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local -A OPTS=(
+        [STANDALONE]='-h --help --version --no-pager -q --quiet
+                      --oneway --collect --more --exec -j -E'
+        [ARG]='--graceful --timeout --push-fd --json'
+    )
+
+    if __contains_word "$prev" ${OPTS[ARG]}; then
+        case $prev in
+            --json)
+                comps=$( varlinkctl --json=help 2>/dev/null )
+                ;;
+        esac
+        COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
+        return 0
+    fi
+
+    if [[ "$cur" = -* ]]; then
+        COMPREPLY=( $(compgen -W '${OPTS[*]}' -- "$cur") )
+        return 0
+    fi
+
+    local -A VERBS=(
+        [STANDALONE]='help'
+        [CALL]='call'
+        [FILE]='info list-interfaces validate-idl'
+        [ADDRESS_INTERFACES]='list-methods introspect'
+    )
+
+    for ((i=0; i < COMP_CWORD; i++)); do
+        if __contains_word "${COMP_WORDS[i]}" ${VERBS[*]} &&
+                ! __contains_word "${COMP_WORDS[i-1]}" ${OPTS[ARG]}; then
+            verb=${COMP_WORDS[i]}
+            break
+        fi
+    done
+
+    n=$((COMP_CWORD - i))
+
+    if [[ -z ${verb-} ]]; then
+        comps=${VERBS[*]}
+    elif __contains_word "$verb" ${VERBS[STANDALONE]}; then
+        comps=''
+    elif __contains_word "$verb" ${VERBS[FILE]}; then
+        comps=$(compgen -f -- "$cur")
+        compopt -o filenames
+    elif __contains_word "$verb" ${VERBS[ADDRESS_INTERFACES]}; then
+        if [[ $n -eq 1 ]] ; then
+            comps=$(compgen -f -- "$cur")
+            compopt -o filenames
+        elif [[ $n -eq 2 ]] ; then
+            comps=$( __get_interfaces ${COMP_WORDS[COMP_CWORD-1]})
+        else
+            comps=''
+        fi
+    elif __contains_word "$verb" ${VERBS[CALL]}; then
+        if [[ $n -eq 1 ]] ; then
+            comps=$(compgen -f -- "$cur")
+            compopt -o filenames
+        elif [[ $n -eq 2 ]] ; then
+            comps=$( __get_methods ${COMP_WORDS[COMP_CWORD-1]})
+        elif [[ $n -eq 3 ]] ; then
+            comps="'{}'"
+        elif [[ ${COMP_WORDS[COMP_CWORD-1]} == "--" ]] && __contains_word "--exec" ${COMP_WORDS[*]} ; then
+            comps=$(compgen -c -- "$cur")
+        else
+            comps=''
+        fi
+    fi
+
+    COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
+    return 0
+}
+
+complete -F _varlinkctl varlinkctl
--- a/shell-completion/zsh/_systemd-analyze
+++ b/shell-completion/zsh/_systemd-analyze
@ -11,6 +11,11 @@
        _files -W '(/run/systemd/ /etc/systemd/ /usr/lib/systemd/)' -P 'systemd/'
    }

+(( $+functions[_systemd-analyze_inspect-elf] )) ||
+    _systemd-analyze_inspect-elf() {
+        _files
+    }
+
 (( $+functions[_systemd-analyze_critical-chain] )) ||
    _systemd-analyze_critical-chain() {
        local -a _units
@ -40,6 +45,13 @@
        _describe -t groups 'file system groups' _groups || compadd "$@"
    }

+(( $+functions[_systemd-analyze_architectures] )) ||
+    _systemd-analyze_architectures() {
+        local -a _architectures
+        _architectures=( $(systemd-analyze --quiet --no-pager --no-legend architectures | { while read -r a b; do echo " $a"; done; } 2>/dev/null) )
+        _describe -t architectures 'architectures' _architectures || compadd "$@"
+    }
+
 (( $+functions[_systemd-analyze_plot] )) ||
    _systemd-analyze_plot() {
        local -a _options
@ -81,6 +93,13 @@
            'inspect-elf:Parse and print ELF package metadata'
            'has-tpm2:Report whether TPM2 support is available'
            'transient-settings:List transient settings for unit types'
+            'architectures:List known architectures'
+            'smbios11:List strings passed via SMBIOS Type #11'
+            'chid:List local CHIDs'
+            'compare-versions:Compare two version strings'
+            'image-policy:Analyze image policy string'
+            'pcrs:Show TPM2 PCRs and their names'
+            'srk:Write TPM2 SRK (to FILE)'
            # log-level, log-target, service-watchdogs have been deprecated
        )

--- a/shell-completion/zsh/meson.build
+++ b/shell-completion/zsh/meson.build
@ -1,7 +1,9 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

 zshcompletiondir = get_option('zshcompletiondir')
-if zshcompletiondir == ''
+if zshcompletiondir == 'no'
+        subdir_done()
+elif zshcompletiondir == ''
        zshcompletiondir = datadir / 'zsh/site-functions'
 endif

@ -9,41 +11,42 @@ custom_target(
        input : '_systemctl.in',
        output : '_systemctl',
        command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'],
-        install : zshcompletiondir != 'no',
+        install : true,
        install_dir : zshcompletiondir)

-items = [['_busctl',                   ''],
-         ['_journalctl',               ''],
-         ['_systemd-analyze',          ''],
-         ['_systemd-delta',            ''],
-         ['_systemd-nspawn',           ''],
-         ['_systemd',                  ''],
-         ['_systemd-path',             ''],
-         ['_systemd-run',              ''],
-         ['_run0',                     ''],
-         ['_udevadm',                  ''],
-         ['_varlinkctl',               ''],
-         ['_kernel-install',           'ENABLE_KERNEL_INSTALL'],
-         ['_sd_bus_address',           ''],
-         ['_sd_hosts_or_user_at_host', ''],
-         ['_sd_outputmodes',           ''],
-         ['_sd_unit_files',            ''],
-         ['_sd_machines',              ''],
-         ['_bootctl',                  ''],
-         ['_coredumpctl',              'ENABLE_COREDUMP'],
-         ['_hostnamectl',              'ENABLE_HOSTNAMED'],
-         ['_localectl',                'ENABLE_LOCALED'],
-         ['_loginctl',                 'ENABLE_LOGIND'],
-         ['_machinectl',               'ENABLE_MACHINED'],
-         ['_networkctl',               'ENABLE_NETWORKD'],
-         ['_oomctl',                   'ENABLE_OOMD'],
-         ['_systemd-inhibit',          'ENABLE_LOGIND'],
-         ['_resolvectl',               'ENABLE_RESOLVE'],
-         ['_systemd-tmpfiles',         'ENABLE_TMPFILES'],
-         ['_timedatectl',              'ENABLE_TIMEDATED']]
+foreach item : [
+        ['_bootctl',                  ''],
+        ['_busctl',                   ''],
+        ['_coredumpctl',              'ENABLE_COREDUMP'],
+        ['_hostnamectl',              'ENABLE_HOSTNAMED'],
+        ['_journalctl',               ''],
+        ['_kernel-install',           'ENABLE_KERNEL_INSTALL'],
+        ['_localectl',                'ENABLE_LOCALED'],
+        ['_loginctl',                 'ENABLE_LOGIND'],
+        ['_machinectl',               'ENABLE_MACHINED'],
+        ['_networkctl',               'ENABLE_NETWORKD'],
+        ['_oomctl',                   'ENABLE_OOMD'],
+        ['_resolvectl',               'ENABLE_RESOLVE'],
+        ['_run0',                     ''],
+        ['_sd_bus_address',           ''],
+        ['_sd_hosts_or_user_at_host', ''],
+        ['_sd_machines',              ''],
+        ['_sd_outputmodes',           ''],
+        ['_sd_unit_files',            ''],
+        ['_systemd',                  ''],
+        ['_systemd-analyze',          ''],
+        ['_systemd-delta',            ''],
+        ['_systemd-inhibit',          'ENABLE_LOGIND'],
+        ['_systemd-nspawn',           ''],
+        ['_systemd-path',             ''],
+        ['_systemd-run',              ''],
+        ['_systemd-tmpfiles',         'ENABLE_TMPFILES'],
+        ['_timedatectl',              'ENABLE_TIMEDATED'],
+        ['_udevadm',                  ''],
+        ['_varlinkctl',               ''],
+]

-foreach item : items
-        if zshcompletiondir != 'no' and (item[1] == '' or conf.get(item[1]) == 1)
+        if item[1] == '' or conf.get(item[1]) == 1
                install_data(item[0],
                             install_dir : zshcompletiondir)
        endif
--- a/src/basic/efivars.c
+++ b/src/basic/efivars.c
@ -14,6 +14,7 @@
 #include "io-util.h"
 #include "log.h"
 #include "memory-util.h"
+#include "stat-util.h"
 #include "string-util.h"
 #include "time-util.h"
 #include "utf8.h"
@ -32,6 +33,7 @@ int efi_get_variable(
                void **ret_value,
                size_t *ret_size) {

+        int r;
        usec_t begin = 0; /* Unnecessary initialization to appease gcc */

        assert(variable);
@ -75,13 +77,16 @@ int efi_get_variable(

                if (fstat(fd, &st) < 0)
                        return log_debug_errno(errno, "fstat(\"%s\") failed: %m", p);
-                if (st.st_size == 0)
-                        return log_debug_errno(SYNTHETIC_ERRNO(ENOENT),
-                                               "EFI variable %s is uncommitted", p);
-                if (st.st_size < 4)
-                        return log_debug_errno(SYNTHETIC_ERRNO(ENODATA), "EFI variable %s is shorter than 4 bytes, refusing.", p);
-                if (st.st_size > 4*1024*1024 + 4)
-                        return log_debug_errno(SYNTHETIC_ERRNO(E2BIG), "EFI variable %s is ridiculously large, refusing.", p);
+                r = stat_verify_regular(&st);
+                if (r < 0)
+                        return log_debug_errno(r, "EFI variable '%s' is not a regular file, refusing: %m", p);
+
+                if (st.st_size == 0) /* for uncommited variables, see below */
+                        return log_debug_errno(SYNTHETIC_ERRNO(ENOENT), "EFI variable '%s' is uncommitted", p);
+                if ((uint64_t) st.st_size < sizeof(attr))
+                        return log_debug_errno(SYNTHETIC_ERRNO(ENODATA), "EFI variable '%s' is shorter than %zu bytes, refusing.", p, sizeof(attr));
+                if ((uint64_t) st.st_size > sizeof(attr) + 4 * U64_MB)
+                        return log_debug_errno(SYNTHETIC_ERRNO(E2BIG), "EFI variable '%s' is ridiculously large, refusing.", p);

                if (!ret_attribute && !ret_value) {
                        /* No need to read anything, return the reported size. */
@ -90,31 +95,37 @@ int efi_get_variable(
                }

                /* We want +1 for the read call, and +3 for the additional terminating bytes added below. */
-                char *t = realloc(buf, (size_t) st.st_size + MAX(1, 3));
-                if (!t)
+                free(buf);
+                buf = malloc((size_t) st.st_size - sizeof(attr) + CONST_MAX(1, 3));
+                if (!buf)
                        return -ENOMEM;
-                buf = t;

-                const struct iovec iov[] = {
-                        { &attr, sizeof(attr) },
-                        { buf, (size_t) st.st_size + 1 },
+                struct iovec iov[] = {
+                        { &attr, sizeof(attr)                           },
+                        { buf,   (size_t) st.st_size - sizeof(attr) + 1 },
                };

                n = readv(fd, iov, 2);
-                assert(n <= st.st_size + 1);
-                if (n == st.st_size + 1)
-                        /* We need to try again with a bigger buffer. */
-                        continue;
-                if (n >= 0)
-                        break;
+                if (n < 0) {
+                        if (errno != EINTR)
+                                return log_debug_errno(errno, "Reading from '%s' failed: %m", p);
+
+                        log_debug("Reading from '%s' failed with EINTR, retrying.", p);
+                } else if ((size_t) n == sizeof(attr) + st.st_size + 1)
+                        /* We need to try again with a bigger buffer, the variable was apparently changed concurrently? */
+                        log_debug("EFI variable '%s' larger than expected, retrying.", p);
+                else {
+                        assert((size_t) n < sizeof(attr) + st.st_size + 1);
+                        break;
+                }

-                log_debug_errno(errno, "Reading from \"%s\" failed: %m", p);
-                if (errno != EINTR)
-                        return -errno;
                if (try >= EFI_N_RETRIES_TOTAL)
-                        return -EBUSY;
+                        return log_debug_errno(SYNTHETIC_ERRNO(EBUSY), "Reading EFI variable '%s' failed even after %u tries, giving up.", p, try);
                if (try >= EFI_N_RETRIES_NO_DELAY)
                        (void) usleep_safe(EFI_RETRY_DELAY);
+
+                /* Start from the beginning */
+                (void) lseek(fd, 0, SEEK_SET);
        }

        /* Unfortunately kernel reports EOF if there's an inconsistency between efivarfs var list and
@ -131,19 +142,21 @@ int efi_get_variable(
        if (n == 0)
                return log_debug_errno(SYNTHETIC_ERRNO(ENOENT),
                                       "EFI variable %s is uncommitted", p);
-        if (n < 4)
+        if ((size_t) n < sizeof(attr))
                return log_debug_errno(SYNTHETIC_ERRNO(EIO),
-                                       "Read %zi bytes from EFI variable %s, expected >= 4", n, p);
+                                       "Read %zi bytes from EFI variable %s, expected >= %zu", n, p, sizeof(attr));
+        size_t value_size = n - sizeof(attr);

        if (ret_attribute)
                *ret_attribute = attr;
+
        if (ret_value) {
                assert(buf);
                /* Always NUL-terminate (3 bytes, to properly protect UTF-16, even if truncated in
                 * the middle of a character) */
-                buf[n - 4] = 0;
-                buf[n - 4 + 1] = 0;
-                buf[n - 4 + 2] = 0;
+                buf[value_size] = 0;
+                buf[value_size + 1] = 0;
+                buf[value_size + 2] = 0;
                *ret_value = TAKE_PTR(buf);
        }

@ -158,7 +171,7 @@ int efi_get_variable(
         * with a smaller value. */

        if (ret_size)
-                *ret_size = n - 4;
+                *ret_size = value_size;

        return 0;
 }
--- a/src/basic/log-context.c
+++ b/src/basic/log-context.c
@ -58,7 +58,9 @@ static LogContext* log_context_detach(LogContext *c) {
 LogContext* log_context_new(const char *key, const char *value) {
        assert(key);
        assert(endswith(key, "="));
-        assert(value);
+
+        if (!value)
+                return NULL;

        LIST_FOREACH(ll, i, _log_context)
                if (i->key == key && i->value == value)
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@ -1928,9 +1928,19 @@ int vsock_get_local_cid(unsigned *ret) {
                return log_debug_errno(errno, "Failed to open %s: %m", "/dev/vsock");

        unsigned tmp;
-        if (ioctl(vsock_fd, IOCTL_VM_SOCKETS_GET_LOCAL_CID, ret ?: &tmp) < 0)
+        if (ioctl(vsock_fd, IOCTL_VM_SOCKETS_GET_LOCAL_CID, &tmp) < 0)
                return log_debug_errno(errno, "Failed to query local AF_VSOCK CID: %m");
+        log_debug("Local AF_VSOCK CID: %u", tmp);

+        /* If ret == NULL, we're just want to check if AF_VSOCK is available, so accept
+         * any address. Otherwise, filter out special addresses that are cannot be used
+         * to identify _this_ machine from the outside. */
+        if (ret && IN_SET(tmp, VMADDR_CID_LOCAL, VMADDR_CID_HOST))
+                return log_debug_errno(SYNTHETIC_ERRNO(EADDRNOTAVAIL),
+                                       "IOCTL_VM_SOCKETS_GET_LOCAL_CID returned special value (%u), ignoring.", tmp);
+
+        if (ret)
+                *ret = tmp;
        return 0;
 }

--- a/src/basic/terminal-util.c
+++ b/src/basic/terminal-util.c
@ -2260,7 +2260,6 @@ int terminal_get_size_by_dsr(
                unsigned *ret_rows,
                unsigned *ret_columns) {

-        _cleanup_close_ int nonblock_input_fd = -EBADF;
        int r;

        assert(input_fd >= 0);
@ -2288,14 +2287,20 @@ int terminal_get_size_by_dsr(
        if (r < 0)
                return log_debug_errno(r, "Called with distinct input/output fds: %m");

+        /* Open a 2nd input fd, in non-blocking mode, so that we won't ever hang in read()
+         * should someone else process the POLLIN. Do all subsequent operations on the new fd. */
+        _cleanup_close_ int nonblock_input_fd = r = fd_reopen(input_fd, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
+        if (r < 0)
+                return r;
+
        struct termios old_termios;
-        if (tcgetattr(input_fd, &old_termios) < 0)
+        if (tcgetattr(nonblock_input_fd, &old_termios) < 0)
                return log_debug_errno(errno, "Failed to get terminal settings: %m");

        struct termios new_termios = old_termios;
        termios_disable_echo(&new_termios);

-        if (tcsetattr(input_fd, TCSANOW, &new_termios) < 0)
+        if (tcsetattr(nonblock_input_fd, TCSANOW, &new_termios) < 0)
                return log_debug_errno(errno, "Failed to set new terminal settings: %m");

        unsigned saved_row = 0, saved_column = 0;
@ -2308,13 +2313,6 @@ int terminal_get_size_by_dsr(
        if (r < 0)
                goto finish;

-        /* Open a 2nd input fd, in non-blocking mode, so that we won't ever hang in read() should someone
-         * else process the POLLIN. */
-
-        nonblock_input_fd = r = fd_reopen(input_fd, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
-        if (r < 0)
-                goto finish;
-
        usec_t end = usec_add(now(CLOCK_MONOTONIC), CONSOLE_REPLY_WAIT_USEC);
        char buf[STRLEN("\x1B[1;1R")]; /* The shortest valid reply possible */
        size_t buf_full = 0;
@ -2407,7 +2405,7 @@ finish:
        if (saved_row > 0 && saved_column > 0)
                RET_GATHER(r, terminal_set_cursor_position(output_fd, saved_row, saved_column));

-        RET_GATHER(r, RET_NERRNO(tcsetattr(input_fd, TCSANOW, &old_termios)));
+        RET_GATHER(r, RET_NERRNO(tcsetattr(nonblock_input_fd, TCSANOW, &old_termios)));
        return r;
 }

--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@ -1744,8 +1744,6 @@ int time_change_fd(void) {

        _cleanup_close_ int fd = -EBADF;

-        assert_cc(sizeof(time_t) == sizeof(TIME_T_MAX));
-
        /* Uses TFD_TIMER_CANCEL_ON_SET to get notifications whenever CLOCK_REALTIME makes a jump relative to
         * CLOCK_MONOTONIC. */

--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@ -830,7 +830,7 @@ int running_in_chroot(void) {
                        return -ENOSYS;
        }
        if (r < 0)
-                return r;
+                return log_debug_errno(r, "Failed to check if /proc/1/root and / are the same inode: %m");

        return r == 0;
 }
--- a/src/boot/boot.c
+++ b/src/boot/boot.c
@ -2255,15 +2255,6 @@ static void boot_entry_add_type2(
                                }
                }

-                _cleanup_free_ char16_t *id = NULL;
-                if (profile > 0) {
-                        if (profile_id)
-                                id = xasprintf("%ls@%ls", filename, profile_id);
-                        else
-                                id = xasprintf("%ls@%u", filename, profile);
-                } else
-                        id = xstrdup16(filename);
-
                _cleanup_free_ char16_t *title = NULL;
                if (profile_title)
                        title = xasprintf("%ls (%ls)", good_name, profile_title);
@ -2277,8 +2268,6 @@ static void boot_entry_add_type2(

                BootEntry *entry = xnew(BootEntry, 1);
                *entry = (BootEntry) {
-                        .id = strtolower16(TAKE_PTR(id)),
-                        .id_without_profile = profile > 0 ? strtolower16(xstrdup16(filename)) : NULL,
                        .type = LOADER_TYPE2_UKI,
                        .title = TAKE_PTR(title),
                        .version = xstrdup16(good_version),
@ -2292,9 +2281,25 @@ static void boot_entry_add_type2(
                        .call = call_image_start,
                };

-                config_add_entry(config, entry);
                boot_entry_parse_tries(entry, path, filename, u".efi");

+                /* If the filename had no tries suffixes then the id won't be set by the above call, do it now */
+                if (!entry->id)
+                        entry->id = strtolower16(xstrdup16(filename));
+
+                /* Ensure the secondary profiles IDs also have the tries suffix stripped, to match the primary */
+                if (profile > 0) {
+                        entry->id_without_profile = TAKE_PTR(entry->id);
+
+                        if (profile_id)
+                                entry->id = xasprintf("%ls@%ls", entry->id_without_profile, profile_id);
+                        else
+                                entry->id = xasprintf("%ls@%u", entry->id_without_profile, profile);
+
+                }
+
+                config_add_entry(config, entry);
+
                if (!PE_SECTION_VECTOR_IS_SET(sections + SECTION_CMDLINE))
                        continue;

@ -2405,12 +2410,6 @@ static EFI_STATUS initrd_prepare(
        size_t size = 0, padded_size = 0;

        STRV_FOREACH(i, entry->initrd) {
-                _cleanup_free_ char16_t *o = options;
-                if (o)
-                        options = xasprintf("%ls initrd=%ls", o, *i);
-                else
-                        options = xasprintf("initrd=%ls", *i);
-
                _cleanup_file_close_ EFI_FILE *handle = NULL;
                err = root->Open(root, &handle, *i, EFI_FILE_MODE_READ, 0);
                if (err != EFI_SUCCESS)
@ -2421,6 +2420,15 @@ static EFI_STATUS initrd_prepare(
                if (err != EFI_SUCCESS)
                        return err;

+                if (info->FileSize == 0) /* Automatically skip over empty files */
+                        continue;
+
+                _cleanup_free_ char16_t *o = options;
+                if (o)
+                        options = xasprintf("%ls initrd=%ls", o, *i);
+                else
+                        options = xasprintf("initrd=%ls", *i);
+
                size_t inc = info->FileSize;

                if (!INC_SAFE(&padded_size, ALIGN4(inc)))
@ -2428,6 +2436,14 @@ static EFI_STATUS initrd_prepare(
                assert_se(INC_SAFE(&size, *(i + 1) ? ALIGN4(inc) : inc));
        }

+        /* Skip if no valid initrd files */
+        if (padded_size == 0) {
+                *ret_options = NULL;
+                *ret_initrd_pages = (Pages) {};
+                *ret_initrd_size = 0;
+                return EFI_SUCCESS;
+        }
+
        _cleanup_pages_ Pages pages = xmalloc_initrd_pages(padded_size);
        uint8_t *p = PHYSICAL_ADDRESS_TO_POINTER(pages.addr);

@ -2957,9 +2973,8 @@ static void config_load_all_entries(

        config_add_system_entries(config);

-        /* Find secure boot signing keys and autoload them if configured.  Otherwise, create menu entries so
-         * that the user can load them manually.  If the secure-boot-enroll variable is set to no (the
-         * default), we do not even search for keys on the ESP */
+        /* Using the rules defined by the `secure-boot-enroll` variable, find secure boot signing keys
+         * and perform operations like autoloading them or create menu entries if configured. */
        (void) secure_boot_discover_keys(config, root_dir);

        if (config->n_entries == 0)
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@ -1238,7 +1238,10 @@ static int exec_context_get_tty_for_pam(const ExecContext *context, char **ret)
                return 1;
        }

-        if (!IN_SET(context->std_input, EXEC_INPUT_TTY, EXEC_INPUT_TTY_FAIL, EXEC_INPUT_TTY_FORCE)) {
+        /* Do not implicitly configure TTY unless TTYPath= or StandardInput=tty is specified. See issue
+         * #39334. Note, exec_context_tty_path() returns "/dev/console" when TTYPath= is unspecified, hence
+         * explicitly check context->tty_path here. */
+        if (!context->tty_path && !exec_input_is_terminal(context->std_input)) {
                *ret = NULL;
                return 0;
        }
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@ -2812,13 +2812,21 @@ int setup_namespace(const NamespaceParameters *p, char **reterr_path) {
                        return log_oom_debug();

                *me = (MountEntry) {
-                        .path_const = "/run/credentials",
                        .mode = MOUNT_TMPFS,
                        .read_only = true,
                        .options_const = "mode=0755" TMPFS_LIMITS_EMPTY_OR_ALMOST,
                        .flags = MS_NODEV|MS_STRICTATIME|MS_NOSUID|MS_NOEXEC,
                };

+                if (p->runtime_scope == RUNTIME_SCOPE_SYSTEM)
+                        me->path_const = "/run/credentials";
+                else {
+                        r = path_extract_directory(p->creds_path, &me->path_malloc);
+                        if (r < 0)
+                                return log_debug_errno(r, "Failed to extract parent directory from '%s': %m",
+                                                       p->creds_path);
+                }
+
                me = mount_list_extend(&ml);
                if (!me)
                        return log_oom_debug();
@ -2830,9 +2838,11 @@ int setup_namespace(const NamespaceParameters *p, char **reterr_path) {
                        .source_const = p->creds_path,
                        .ignore = true,
                };
-        } else {
-                /* If our service has no credentials store configured, then make the whole credentials tree
-                 * inaccessible wholesale. */
+        }
+
+        if (!p->creds_path || p->runtime_scope != RUNTIME_SCOPE_SYSTEM) {
+                /* If our service has no credentials store configured, or we're running in user scope, then
+                 * make the system credentials tree inaccessible wholesale. */

                MountEntry *me = mount_list_extend(&ml);
                if (!me)
--- a/src/core/socket.c
+++ b/src/core/socket.c
@ -1027,9 +1027,16 @@ static void socket_close_fds(Socket *s) {

 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(Socket*, socket_close_fds, NULL);

-#define SOCKET_OPTION_WARNING_FORMAT_STR "Failed to set %s socket option, ignoring: %m"
-#define log_socket_option_warning_errno(s, error, option) \
-        log_unit_warning_errno(UNIT(s), (error), SOCKET_OPTION_WARNING_FORMAT_STR, STRINGIFY(option))
+#define log_socket_option_errno(s, e, option)                                          \
+        ({                                                                             \
+                int _e_ = (e);                                                         \
+                log_unit_full_errno(                                                   \
+                                UNIT(s),                                               \
+                                ERRNO_IS_NOT_SUPPORTED(_e_) ? LOG_DEBUG : LOG_WARNING, \
+                                _e_,                                                   \
+                                "Failed to set %s socket option, ignoring: %m",        \
+                                option);                                               \
+        })

 static void socket_apply_socket_options(Socket *s, SocketPort *p, int fd) {
        int r;
@ -1041,82 +1048,79 @@ static void socket_apply_socket_options(Socket *s, SocketPort *p, int fd) {
        if (s->keep_alive) {
                r = setsockopt_int(fd, SOL_SOCKET, SO_KEEPALIVE, true);
                if (r < 0)
-                        log_socket_option_warning_errno(s, r, SO_KEEPALIVE);
+                        log_socket_option_errno(s, r, "SO_KEEPALIVE");
        }

        if (timestamp_is_set(s->keep_alive_time)) {
                r = setsockopt_int(fd, SOL_TCP, TCP_KEEPIDLE, s->keep_alive_time / USEC_PER_SEC);
                if (r < 0)
-                        log_socket_option_warning_errno(s, r, TCP_KEEPIDLE);
+                        log_socket_option_errno(s, r, "TCP_KEEPIDLE");
        }

        if (s->keep_alive_interval > 0) {
                r = setsockopt_int(fd, SOL_TCP, TCP_KEEPINTVL, s->keep_alive_interval / USEC_PER_SEC);
                if (r < 0)
-                        log_socket_option_warning_errno(s, r, TCP_KEEPINTVL);
+                        log_socket_option_errno(s, r, "TCP_KEEPINTVL");
        }

        if (s->keep_alive_cnt > 0) {
                r = setsockopt_int(fd, SOL_TCP, TCP_KEEPCNT, s->keep_alive_cnt);
                if (r < 0)
-                        log_socket_option_warning_errno(s, r, TCP_KEEPCNT);
+                        log_socket_option_errno(s, r, "TCP_KEEPCNT");
        }

        if (s->defer_accept > 0) {
                r = setsockopt_int(fd, SOL_TCP, TCP_DEFER_ACCEPT, s->defer_accept / USEC_PER_SEC);
                if (r < 0)
-                        log_socket_option_warning_errno(s, r, TCP_DEFER_ACCEPT);
+                        log_socket_option_errno(s, r, "TCP_DEFER_ACCEPT");
        }

        if (s->no_delay) {
                if (s->socket_protocol == IPPROTO_SCTP) {
                        r = setsockopt_int(fd, SOL_SCTP, SCTP_NODELAY, true);
                        if (r < 0)
-                                log_socket_option_warning_errno(s, r, SCTP_NODELAY);
+                                log_socket_option_errno(s, r, "SCTP_NODELAY");
                } else {
                        r = setsockopt_int(fd, SOL_TCP, TCP_NODELAY, true);
                        if (r < 0)
-                                log_socket_option_warning_errno(s, r, TCP_NODELAY);
+                                log_socket_option_errno(s, r, "TCP_NODELAY");
                }
        }

        if (s->broadcast) {
                r = setsockopt_int(fd, SOL_SOCKET, SO_BROADCAST, true);
                if (r < 0)
-                        log_socket_option_warning_errno(s, r, SO_BROADCAST);
+                        log_socket_option_errno(s, r, "SO_BROADCAST");
        }

        if (s->pass_cred) {
                r = setsockopt_int(fd, SOL_SOCKET, SO_PASSCRED, true);
                if (r < 0)
-                        log_socket_option_warning_errno(s, r, SO_PASSCRED);
+                        log_socket_option_errno(s, r, "SO_PASSCRED");
        }

        if (s->pass_pidfd) {
                r = setsockopt_int(fd, SOL_SOCKET, SO_PASSPIDFD, true);
                if (r < 0)
-                        log_unit_full_errno(UNIT(s), ERRNO_IS_NEG_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r,
-                                            SOCKET_OPTION_WARNING_FORMAT_STR, "SO_PASSPIDFD");
+                        log_socket_option_errno(s, r, "SO_PASSPIDFD");
        }

        if (s->pass_sec) {
                r = setsockopt_int(fd, SOL_SOCKET, SO_PASSSEC, true);
                if (r < 0)
-                        log_unit_full_errno(UNIT(s), ERRNO_IS_NEG_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r,
-                                            SOCKET_OPTION_WARNING_FORMAT_STR, "SO_PASSSEC");
+                        log_socket_option_errno(s, r, "SO_PASSSEC");
        }

        if (s->pass_pktinfo) {
                r = socket_set_recvpktinfo(fd, socket_address_family(&p->address), true);
                if (r < 0)
-                        log_unit_warning_errno(UNIT(s), r, SOCKET_OPTION_WARNING_FORMAT_STR, "packet info");
+                        log_socket_option_errno(s, r, "packet info");
        }

        if (!s->pass_rights) {
                r = setsockopt_int(fd, SOL_SOCKET, SO_PASSRIGHTS, false);
                if (r < 0)
-                        log_unit_full_errno(UNIT(s), ERRNO_IS_NEG_NOT_SUPPORTED(r) ? LOG_DEBUG : LOG_WARNING, r,
-                                            SOCKET_OPTION_WARNING_FORMAT_STR, "SO_PASSRIGHTS");
+                        log_socket_option_errno(s, r, "SO_PASSRIGHTS");
        }

        if (s->timestamping != SOCKET_TIMESTAMPING_OFF) {
@ -1124,61 +1128,59 @@ static void socket_apply_socket_options(Socket *s, SocketPort *p, int fd) {
                                   s->timestamping == SOCKET_TIMESTAMPING_NS ? SO_TIMESTAMPNS : SO_TIMESTAMP,
                                   true);
                if (r < 0)
-                        log_unit_warning_errno(UNIT(s), r, SOCKET_OPTION_WARNING_FORMAT_STR, "timestamping");
+                        log_socket_option_errno(s, r, "timestamping");
        }

        if (s->priority >= 0) {
                r = setsockopt_int(fd, SOL_SOCKET, SO_PRIORITY, s->priority);
                if (r < 0)
-                        log_socket_option_warning_errno(s, r, SO_PRIORITY);
+                        log_socket_option_errno(s, r, "SO_PRIORITY");
        }

        if (s->receive_buffer > 0) {
                r = fd_set_rcvbuf(fd, s->receive_buffer, false);
                if (r < 0)
-                        log_unit_full_errno(UNIT(s), ERRNO_IS_NEG_PRIVILEGE(r) ? LOG_DEBUG : LOG_WARNING, r,
-                                            SOCKET_OPTION_WARNING_FORMAT_STR, "SO_RCVBUF/SO_RCVBUFFORCE");
+                        log_socket_option_errno(s, r, "SO_RCVBUF/SO_RCVBUFFORCE");
        }

        if (s->send_buffer > 0) {
                r = fd_set_sndbuf(fd, s->send_buffer, false);
                if (r < 0)
-                        log_unit_full_errno(UNIT(s), ERRNO_IS_NEG_PRIVILEGE(r) ? LOG_DEBUG : LOG_WARNING, r,
-                                            SOCKET_OPTION_WARNING_FORMAT_STR, "SO_SNDBUF/SO_SNDBUFFORCE");
+                        log_socket_option_errno(s, r, "SO_SNDBUF/SO_SNDBUFFORCE");
        }

        if (s->mark >= 0) {
                r = setsockopt_int(fd, SOL_SOCKET, SO_MARK, s->mark);
                if (r < 0)
-                        log_socket_option_warning_errno(s, r, SO_MARK);
+                        log_socket_option_errno(s, r, "SO_MARK");
        }

        if (s->ip_tos >= 0) {
                r = setsockopt_int(fd, IPPROTO_IP, IP_TOS, s->ip_tos);
                if (r < 0)
-                        log_socket_option_warning_errno(s, r, IP_TOS);
+                        log_socket_option_errno(s, r, "IP_TOS");
        }

        if (s->ip_ttl >= 0) {
                r = socket_set_ttl(fd, socket_address_family(&p->address), s->ip_ttl);
                if (r < 0)
-                        log_unit_warning_errno(UNIT(s), r, SOCKET_OPTION_WARNING_FORMAT_STR, "IP_TTL/IPV6_UNICAST_HOPS");
+                        log_socket_option_errno(s, r, "IP_TTL/IPV6_UNICAST_HOPS");
        }

        if (s->tcp_congestion)
                if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
-                        log_socket_option_warning_errno(s, errno, TCP_CONGESTION);
+                        log_socket_option_errno(s, errno, "TCP_CONGESTION");

        if (s->smack_ip_in) {
                r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
                if (r < 0)
-                        log_unit_error_errno(UNIT(s), r, "Failed to apply SMACK label for IP input, ignoring: %m");
+                        log_unit_warning_errno(UNIT(s), r, "Failed to apply SMACK label for IP input, ignoring: %m");
        }

        if (s->smack_ip_out) {
                r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
                if (r < 0)
-                        log_unit_error_errno(UNIT(s), r, "Failed to apply SMACK label for IP output, ignoring: %m");
+                        log_unit_warning_errno(UNIT(s), r, "Failed to apply SMACK label for IP output, ignoring: %m");
        }
 }

--- a/src/core/timer.c
+++ b/src/core/timer.c
@ -394,6 +394,7 @@ static void timer_enter_waiting(Timer *t, bool time_change) {
                if (v->base == TIMER_CALENDAR) {
                        bool rebase_after_boot_time = false;
                        usec_t b, random_offset = 0;
+                        usec_t boot_monotonic = UNIT(t)->manager->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic;

                        if (t->random_offset_usec != 0)
                                random_offset = timer_get_fixed_delay_hash(t) % t->random_offset_usec;
@ -414,9 +415,16 @@ static void timer_enter_waiting(Timer *t, bool time_change) {
                                                t->last_trigger.realtime);
                                else
                                        b = trigger->inactive_enter_timestamp.realtime;
-                        } else if (dual_timestamp_is_set(&t->last_trigger))
+                        } else if (dual_timestamp_is_set(&t->last_trigger)) {
                                b = t->last_trigger.realtime;
-                        else if (dual_timestamp_is_set(&UNIT(t)->inactive_exit_timestamp))
+
+                                /* Check if the last_trigger timestamp is older than the current machine
+                                 * boot. If so, this means the timestamp came from a stamp file of a
+                                 * persistent timer and we need to rebase it to make RandomizedDelaySec=
+                                 * work (see below). */
+                                if (t->last_trigger.monotonic < boot_monotonic)
+                                        rebase_after_boot_time = true;
+                        } else if (dual_timestamp_is_set(&UNIT(t)->inactive_exit_timestamp))
                                b = UNIT(t)->inactive_exit_timestamp.realtime - random_offset;
                        else {
                                b = ts.realtime - random_offset;
@ -434,8 +442,7 @@ static void timer_enter_waiting(Timer *t, bool time_change) {
                                 * time has already passed, set the time when systemd first started as the scheduled
                                 * time. Note that we base this on the monotonic timestamp of the boot, not the
                                 * realtime one, since the wallclock might have been off during boot. */
-                                usec_t rebased = map_clock_usec(UNIT(t)->manager->timestamps[MANAGER_TIMESTAMP_USERSPACE].monotonic,
-                                                         CLOCK_MONOTONIC, CLOCK_REALTIME);
+                                usec_t rebased = map_clock_usec(boot_monotonic, CLOCK_MONOTONIC, CLOCK_REALTIME);
                                if (v->next_elapse < rebased)
                                        v->next_elapse = rebased;
                        }
--- a/src/home/homed-home.c
+++ b/src/home/homed-home.c
@ -570,7 +570,7 @@ static int home_parse_worker_stdout(int _fd, UserRecord **ret) {
                return 0;
        }

-        if (lseek(fd, SEEK_SET, 0) < 0)
+        if (lseek(fd, 0, SEEK_SET) < 0)
                return log_error_errno(errno, "Failed to seek to beginning of memfd: %m");

        f = take_fdopen(&fd, "r");
--- a/src/home/homed-manager.c
+++ b/src/home/homed-manager.c
@ -1101,7 +1101,7 @@ static int manager_bind_varlink(Manager *m) {

        r = sd_varlink_server_listen_address(m->varlink_server, socket_path, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755);
        if (r < 0)
-                return log_error_errno(r, "Failed to bind to varlink socket: %m");
+                return log_error_errno(r, "Failed to bind to varlink socket '%s': %m", socket_path);

        r = sd_varlink_server_attach_event(m->varlink_server, m->event, SD_EVENT_PRIORITY_NORMAL);
        if (r < 0)
--- a/src/home/pam_systemd_home.c
+++ b/src/home/pam_systemd_home.c
@ -64,7 +64,7 @@ static int parse_argv(
                                *debug = k;

                } else
-                        pam_syslog(handle, LOG_WARNING, "Unknown parameter '%s', ignoring", argv[i]);
+                        pam_syslog(handle, LOG_WARNING, "Unknown parameter '%s', ignoring.", argv[i]);
        }

        return 0;
@ -188,9 +188,8 @@ static int acquire_user_record(
                                goto user_unknown;
                        }

-                        pam_syslog(handle, LOG_ERR,
-                                   "Failed to query user record: %s", bus_error_message(&error, r));
-                        return PAM_SERVICE_ERR;
+                        return pam_syslog_pam_error(handle, LOG_ERR, PAM_SERVICE_ERR,
+                                                    "Failed to query user record: %s", bus_error_message(&error, r));
                }

                r = sd_bus_message_read(reply, "sbo", &json, NULL, NULL);
@ -686,8 +685,10 @@ static int acquire_home(
                                                if (home_locked)
                                                        (void) pam_prompt_graceful(handle, PAM_ERROR_MSG, NULL, _("Home of user %s is currently locked, please unlock locally first."), ur->user_name);

-                                                if (FLAGS_SET(flags, ACQUIRE_MUST_AUTHENTICATE) || debug)
-                                                        pam_syslog(handle, FLAGS_SET(flags, ACQUIRE_MUST_AUTHENTICATE) ? LOG_ERR : LOG_DEBUG, "Failed to prompt for password/prompt.");
+                                                if (FLAGS_SET(flags, ACQUIRE_MUST_AUTHENTICATE))
+                                                        pam_syslog(handle, LOG_ERR, "Failed to prompt for password/prompt.");
+                                                else if (debug)
+                                                        pam_debug_syslog(handle, debug, "Failed to prompt for password/prompt.");

                                                return home_not_active || home_locked ? PAM_PERM_DENIED : PAM_CONV_ERR;
                                        }
@ -803,7 +804,7 @@ _public_ PAM_EXTERN int pam_sm_authenticate(
                       &debug) < 0)
                return PAM_AUTH_ERR;

-        pam_debug_syslog(handle, debug, "pam-systemd-homed authenticating");
+        pam_debug_syslog(handle, debug, "pam-systemd-homed: authenticating...");

        return acquire_home(handle, ACQUIRE_MUST_AUTHENTICATE|flags, debug, /* bus_data= */ NULL);
 }
@ -866,7 +867,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
                       &debug) < 0)
                return PAM_SESSION_ERR;

-        pam_debug_syslog(handle, debug, "pam-systemd-homed session start");
+        pam_debug_syslog(handle, debug, "pam-systemd-homed: starting session...");

        r = fallback_shell_can_work(handle, &flags);
        if (r != PAM_SUCCESS)
@ -916,7 +917,7 @@ _public_ PAM_EXTERN int pam_sm_close_session(
                       &debug) < 0)
                return PAM_SESSION_ERR;

-        pam_debug_syslog(handle, debug, "pam-systemd-homed session end");
+        pam_debug_syslog(handle, debug, "pam-systemd-homed: closing session...");

        r = pam_get_user(handle, &username, NULL);
        if (r != PAM_SUCCESS)
@ -980,7 +981,7 @@ _public_ PAM_EXTERN int pam_sm_acct_mgmt(
                       &debug) < 0)
                return PAM_AUTH_ERR;

-        pam_debug_syslog(handle, debug, "pam-systemd-homed account management");
+        pam_debug_syslog(handle, debug, "pam-systemd-homed: starting account management...");

        r = fallback_shell_can_work(handle, &flags);
        if (r != PAM_SUCCESS)
@ -1092,7 +1093,7 @@ _public_ PAM_EXTERN int pam_sm_chauthtok(
                       &debug) < 0)
                return PAM_AUTH_ERR;

-        pam_debug_syslog(handle, debug, "pam-systemd-homed account management");
+        pam_debug_syslog(handle, debug, "pam-systemd-homed: starting authentication token management...");

        r = acquire_user_record(handle, /* username= */ NULL, debug, &ur, /* bus_data= */ NULL);
        if (r != PAM_SUCCESS)
--- a/src/import/pull-raw.c
+++ b/src/import/pull-raw.c
@ -368,7 +368,7 @@ static int raw_pull_make_local_copy(RawPull *i) {
                assert(i->raw_job->disk_fd >= 0);
                assert(i->offset == UINT64_MAX);

-                if (lseek(i->raw_job->disk_fd, SEEK_SET, 0) < 0)
+                if (lseek(i->raw_job->disk_fd, 0, SEEK_SET) < 0)
                        return log_error_errno(errno, "Failed to seek to beginning of vendor image: %m");
        }

--- a/src/include/uapi/linux/bpf.h
+++ b/src/include/uapi/linux/bpf.h
@ -1522,6 +1522,12 @@ union bpf_attr {
 		 * If provided, map_flags should have BPF_F_TOKEN_FD flag set.
 		 */
 		__s32	map_token_fd;
+
+		/* Hash of the program that has exclusive access to the map.
+		 */
+		__aligned_u64 excl_prog_hash;
+		/* Size of the passed excl_prog_hash. */
+		__u32 excl_prog_hash_size;
 	};

 	struct { /* anonymous struct used by BPF_MAP_*_ELEM and BPF_MAP_FREEZE commands */
@ -1605,6 +1611,16 @@ union bpf_attr {
 		 * continuous.
 		 */
 		__u32		fd_array_cnt;
+		/* Pointer to a buffer containing the signature of the BPF
+		 * program.
+		 */
+		__aligned_u64   signature;
+		/* Size of the signature buffer in bytes. */
+		__u32 		signature_size;
+		/* ID of the kernel keyring to be used for signature
+		 * verification.
+		 */
+		__s32		keyring_id;
 	};

 	struct { /* anonymous struct used by BPF_OBJ_* commands */
@ -4875,7 +4891,7 @@ union bpf_attr {
 *
 *		**-ENOENT** if the bpf_local_storage cannot be found.
 *
- * long bpf_d_path(struct path *path, char *buf, u32 sz)
+ * long bpf_d_path(const struct path *path, char *buf, u32 sz)
 *	Description
 *		Return full path for given **struct path** object, which
 *		needs to be the kernel BTF *path* object. The path is
@ -6666,6 +6682,8 @@ struct bpf_map_info {
 	__u32 btf_value_type_id;
 	__u32 btf_vmlinux_id;
 	__u64 map_extra;
+	__aligned_u64 hash;
+	__u32 hash_size;
 } __attribute__((aligned(8)));

 struct bpf_btf_info {
@ -7418,6 +7436,10 @@ struct bpf_timer {
 	__u64 __opaque[2];
 } __attribute__((aligned(8)));

+struct bpf_task_work {
+	__u64 __opaque;
+} __attribute__((aligned(8)));
+
 struct bpf_wq {
 	__u64 __opaque[2];
 } __attribute__((aligned(8)));
--- a/src/include/uapi/linux/can/netlink.h
+++ b/src/include/uapi/linux/can/netlink.h
@ -101,8 +101,8 @@ struct can_ctrlmode {
 #define CAN_CTRLMODE_PRESUME_ACK	0x40	/* Ignore missing CAN ACKs */
 #define CAN_CTRLMODE_FD_NON_ISO		0x80	/* CAN FD in non-ISO mode */
 #define CAN_CTRLMODE_CC_LEN8_DLC	0x100	/* Classic CAN DLC option */
-#define CAN_CTRLMODE_TDC_AUTO		0x200	/* CAN transiver automatically calculates TDCV */
-#define CAN_CTRLMODE_TDC_MANUAL		0x400	/* TDCV is manually set up by user */
+#define CAN_CTRLMODE_TDC_AUTO		0x200	/* FD transceiver automatically calculates TDCV */
+#define CAN_CTRLMODE_TDC_MANUAL		0x400	/* FD TDCV is manually set up by user */

 /*
 * CAN device statistics
@ -129,14 +129,14 @@ enum {
 	IFLA_CAN_RESTART_MS,
 	IFLA_CAN_RESTART,
 	IFLA_CAN_BERR_COUNTER,
-	IFLA_CAN_DATA_BITTIMING,
-	IFLA_CAN_DATA_BITTIMING_CONST,
+	IFLA_CAN_DATA_BITTIMING, /* FD */
+	IFLA_CAN_DATA_BITTIMING_CONST, /* FD */
 	IFLA_CAN_TERMINATION,
 	IFLA_CAN_TERMINATION_CONST,
 	IFLA_CAN_BITRATE_CONST,
-	IFLA_CAN_DATA_BITRATE_CONST,
+	IFLA_CAN_DATA_BITRATE_CONST, /* FD */
 	IFLA_CAN_BITRATE_MAX,
-	IFLA_CAN_TDC,
+	IFLA_CAN_TDC, /* FD */
 	IFLA_CAN_CTRLMODE_EXT,

 	/* add new constants above here */
@ -145,7 +145,7 @@ enum {
 };

 /*
- * CAN FD Transmitter Delay Compensation (TDC)
+ * CAN FD/XL Transmitter Delay Compensation (TDC)
 *
 * Please refer to struct can_tdc_const and can_tdc in
 * include/linux/can/bittiming.h for further details.
--- a/src/include/uapi/linux/ethtool.h
+++ b/src/include/uapi/linux/ethtool.h
@ -2378,6 +2378,7 @@ enum {
 #define	RXH_L4_B_0_1	(1 << 6) /* src port in case of TCP/UDP/SCTP */
 #define	RXH_L4_B_2_3	(1 << 7) /* dst port in case of TCP/UDP/SCTP */
 #define	RXH_GTP_TEID	(1 << 8) /* teid in case of GTP */
+#define	RXH_IP6_FL	(1 << 9) /* IPv6 flow label */
 #define	RXH_DISCARD	(1 << 31)

 #define	RX_CLS_FLOW_DISC	0xffffffffffffffffULL
--- a/src/include/uapi/linux/fs.h
+++ b/src/include/uapi/linux/fs.h
@ -426,10 +426,13 @@ typedef int __bitwise __kernel_rwf_t;
 /* buffered IO that drops the cache after reading or writing data */
 #define RWF_DONTCACHE	((__kernel_rwf_t)0x00000080)

+/* prevent pipe and socket writes from raising SIGPIPE */
+#define RWF_NOSIGNAL	((__kernel_rwf_t)0x00000100)
+
 /* mask of flags supported by the kernel */
 #define RWF_SUPPORTED	(RWF_HIPRI | RWF_DSYNC | RWF_SYNC | RWF_NOWAIT |\
 			 RWF_APPEND | RWF_NOAPPEND | RWF_ATOMIC |\
-			 RWF_DONTCACHE)
+			 RWF_DONTCACHE | RWF_NOSIGNAL)

 #define PROCFS_IOCTL_MAGIC 'f'

--- a/Show More
+++ b/Show More
 @ -1 +1 @@
 .2
 .3