Merge pull request #18407 from keszybz/resolved-reference-counting-again

Use reference counting for DnsQueryCandidate

NEWS

@@ -5059,7 +5059,7 @@ CHANGES WITH 232:
 
         * Support for dynamically creating users for the lifetime of a service
           has been added. If DynamicUser=yes is specified, user and group IDs
-          will be allocated from the range 61184..65519 for the lifetime of the
+          will be allocated from the range 61184…65519 for the lifetime of the
           service. They can be resolved using the new nss-systemd.so NSS
           module. The module must be enabled in /etc/nsswitch.conf. Services
           started in this way have PrivateTmp= and RemoveIPC= enabled, so that
@@ -5801,7 +5801,7 @@ CHANGES WITH 230:
 
         * The LimitNICE= setting now optionally takes normal UNIX nice values
           in addition to the raw integer limit value. If the specified
-          parameter is prefixed with "+" or "-" and is in the range -20..19 the
+          parameter is prefixed with "+" or "-" and is in the range -20…19 the
           value is understood as UNIX nice value. If not prefixed like this it
           is understood as raw RLIMIT_NICE limit.
 
@@ -6139,10 +6139,10 @@ CHANGES WITH 228:
           individual indexes.
 
         * The various memory-related resource limit settings (such as
-          LimitAS=) now understand the usual K, M, G, ... suffixes to
+          LimitAS=) now understand the usual K, M, G, … suffixes to
           the base of 1024 (IEC). Similar, the time-related resource
-          limit settings understand the usual min, h, day, ...
+          limit settings understand the usual min, h, day, … suffixes
-          suffixes now.
+          now.
 
         * There's a new system.conf setting DefaultTasksMax= to
           control the default TasksMax= setting for services and
@@ -7076,7 +7076,7 @@ CHANGES WITH 220:
 
         * /usr/lib/os-release gained a new optional field VARIANT= for
           distributions that support multiple variants (such as a
-          desktop edition, a server edition, ...)
+          desktop edition, a server edition, …)
 
         Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
         Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
@@ -7575,7 +7575,7 @@ CHANGES WITH 218:
           into account when storing rfkill state on disk, as the name
           might be dynamically assigned and not stable. Instead, the
           ID_PATH udev variable combined with the rfkill type (wlan,
-          bluetooth, ...) is used.
+          bluetooth, …) is used.
 
         * A new service systemd-machine-id-commit.service has been
           added. When used on systems where /etc is read-only during
@@ -7805,7 +7805,7 @@ CHANGES WITH 217:
         * Calendar time specifications in .timer units now also
           understand the strings "semi-annually", "quarterly" and
           "minutely" as shortcuts (in addition to the preexisting
-          "annually", "hourly", ...).
+          "annually", "hourly", …).
 
         * systemd-tmpfiles will now correctly create files in /dev
           at boot which are marked for creation only at boot. It is
@@ -9025,7 +9025,7 @@ CHANGES WITH 209:
           match against MAC address, device path, driver name and type,
           and will apply attributes like the naming policy, link speed,
           MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
-          address assignment policy (randomized, ...).
+          address assignment policy (randomized, …).
 
         * The configuration of network interface naming rules for
           "permanent interface names" has changed: a new NamePolicy=
@@ -9102,7 +9102,7 @@ CHANGES WITH 209:
           recent boots with their times and boot IDs.
 
         * The various tools like systemctl, loginctl, timedatectl,
-          busctl, systemd-run, ... have gained a new switch "-M" to
+          busctl, systemd-run, … have gained a new switch "-M" to
           connect to a specific, local OS container (as direct
           connection, without requiring SSH). This works on any
           container that is registered with machined, such as those
@@ -9851,7 +9851,7 @@ CHANGES WITH 205:
         * If a privileged process logs a journal message with the
           OBJECT_PID= field set, then journald will automatically
           augment this with additional OBJECT_UID=, OBJECT_GID=,
-          OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if
+          OBJECT_COMM=, OBJECT_EXE=, … fields. This is useful if
           system services want to log events about specific client
           processes. journactl/systemctl has been updated to make use
           of this information if all log messages regarding a specific
@@ -10991,7 +10991,7 @@ CHANGES WITH 190:
           inhibitors during their runtime. A simple way to achieve
           that is to invoke the DE wrapped in an invocation of:
 
-          systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch ...
+          systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch …
 
         * Access to unit operations is now checked via SELinux taking
           the unit file label and client process label into account.
@@ -11398,7 +11398,7 @@ CHANGES WITH 183:
           should be used to create dead device nodes as workarounds for broken
           subsystems.
 
-        * udev: RUN+="socket:..."  and udev_monitor_new_from_socket() is
+        * udev: RUN+="socket:…"  and udev_monitor_new_from_socket() is
           no longer supported. udev_monitor_new_from_netlink() needs to be
           used to subscribe to events.
 

man/networkctl.xml

@@ -104,7 +104,7 @@
                 <term>carrier</term>
                 <listitem>
                   <para>the link has a carrier, or for bond or bridge master, all bonding or bridge slave
-                  network interfaces are enslaved to the master.</para>
+                  network interfaces are enslaved to the master</para>
                 </listitem>
               </varlistentry>
               <varlistentry>

man/networkd.conf.xml

@@ -72,10 +72,11 @@
 
       <varlistentry>
         <term><varname>RouteTable=</varname></term>
-        <listitem><para>Specifies the route table name. Takes a route name and table number separated with a colon.
+        <listitem><para>Specifies the route table name. Takes a route name and table number separated with a
-        (<literal><replaceable>name</replaceable>:<replaceable>integer</replaceable></literal>. The route table number
+        colon. (<literal><replaceable>name</replaceable>:<replaceable>integer</replaceable></literal>. The
-        must be an integer in the range 1..4294967295. This setting can be specified multiple times. If an empty string
+        route table number must be an integer in the range 1…4294967295. This setting can be specified
-        is specified, then all options specified earlier are cleared. Defaults to unset.</para></listitem>
+        multiple times. If an empty string is specified, then all options specified earlier are cleared.
+        Defaults to unset.</para></listitem>
       </varlistentry>
 
     </variablelist>

man/systemctl.xml

@@ -2274,13 +2274,38 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err
         <term><option>--timestamp=</option></term>
 
         <listitem>
-          <para>Takes one of <literal>pretty</literal> (the default),
+          <para>Change the format of printed timestamps. The following values may be used:
-          <literal>us</literal>, <literal>µs</literal>, <literal>utc</literal>.
+          </para>
-          Changes the format of printed timestamps.
+
-          <literal>pretty</literal>: <literal>Day YYYY-MM-DD HH:MM:SS TZ</literal>
+          <variablelist>
-          <literal>us</literal> or <literal>µs</literal>: <literal>Day YYYY-MM-DD HH:MM:SS.UUUUUU TZ</literal>
+            <varlistentry>
-          <literal>utc</literal>: <literal>Day YYYY-MM-DD HH:MM:SS UTC</literal></para>
+              <term><option>pretty</option> (this is the default)</term>
-          <literal>us+utc</literal> or <literal>µs+utc</literal>: <literal>Day YYYY-MM-DD HH:MM:SS.UUUUUU UTC</literal>
+              <listitem><para><literal>Day YYYY-MM-DD HH:MM:SS TZ</literal></para></listitem>
+            </varlistentry>
+          </variablelist>
+
+          <variablelist>
+            <varlistentry>
+              <term><option>us</option></term>
+              <term><option>µs</option></term>
+              <listitem><para><literal>Day YYYY-MM-DD HH:MM:SS.UUUUUU TZ</literal></para></listitem>
+            </varlistentry>
+          </variablelist>
+
+          <variablelist>
+            <varlistentry>
+              <term><option>utc</option></term>
+              <listitem><para><literal>Day YYYY-MM-DD HH:MM:SS UTC</literal></para></listitem>
+            </varlistentry>
+          </variablelist>
+
+          <variablelist>
+            <varlistentry>
+              <term><option>us+utc</option></term>
+              <term><option>µs+utc</option></term>
+              <listitem><para><literal>Day YYYY-MM-DD HH:MM:SS.UUUUUU UTC</literal></para></listitem>
+            </varlistentry>
+          </variablelist>
         </listitem>
       </varlistentry>
 

man/systemd-dissect.xml

@@ -207,7 +207,7 @@
 
         <listitem><para>Takes one of <literal>disabled</literal>, <literal>loop</literal>,
         <literal>all</literal>, <literal>crypto</literal>. If <literal>disabled</literal> the image is
-        accessed with empty block discarding turned off. if <literal>loop</literal> discarding is enabled if
+        accessed with empty block discarding turned off. If <literal>loop</literal> discarding is enabled if
         operating on a regular file. If <literal>crypt</literal> discarding is enabled even on encrypted file
         systems. If <literal>all</literal> discarding is unconditionally enabled.</para></listitem>
       </varlistentry>
@@ -217,15 +217,16 @@
         <term><option>--root-hash-sig=</option></term>
         <term><option>--verity-data=</option></term>
 
-        <listitem><para>Configure various aspects of Verity data integrity for the OS
+        <listitem><para>Configure various aspects of Verity data integrity for the OS image. Option
-        image. <option>--root-hash=</option> expects a hex-encoding top-level Verity hash to use for setting
+        <option>--root-hash=</option> specifies a hex-encoded top-level Verity hash to use for setting up the
-        up the Verity integrity protection. <option>--root-hash-sig=</option> expects the path to a file
+        Verity integrity protection. Option <option>--root-hash-sig=</option> specifies the path to a file
-        containing a PKCS#7 signature file for the hash. This signature is passed to the kernel during
+        containing a PKCS#7 signature for the hash. This signature is passed to the kernel during activation,
-        activation, which will match it against signature keys available in the kernel
+        which will match it against signature keys available in the kernel keyring.  Option
-        keyring. <option>--verity-data=</option> expects the path to a file with the Verity data to use for
+        <option>--verity-data=</option> specifies a path to a file with the Verity data to use for the OS
-        the OS image, in case it is stored in a detached file. It is recommended to embed the Verity data
+        image, in case it is stored in a detached file. It is recommended to embed the Verity data directly
-        directly in the image, using the Verity mechanisms in the <ulink
+        in the image, using the Verity mechanisms in the <ulink
-        url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions Specification</ulink>.</para></listitem>
+        url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions Specification</ulink>.
+        </para></listitem>
       </varlistentry>
 
       <xi:include href="standard-options.xml" xpointer="no-pager" />

man/systemd-firstboot.xml

@@ -237,8 +237,8 @@
       <varlistentry>
         <term><option>--copy</option></term>
 
-        <listitem><para>Copy locale, keymap, time zone and root password from
+        <listitem><para>Copy locale, keymap, time zone, root password and shell from the host. This is
-        the host. This is equivalent to specifying
+        equivalent to specifying
         <option>--copy-locale</option>,
         <option>--copy-keymap</option>,
         <option>--copy-timezone</option>,

man/systemd-pstore.service.xml

@@ -34,10 +34,10 @@
     thus preserving the existing information contained in the pstore, and clearing
     pstore storage for future error events.</para>
 
-    <para>Linux provides a persistent storage file system, pstore, that can store
+    <para>Linux provides a persistent storage file system, pstore, that can store error records when the
-    error records when the kernel dies (or reboots or powers-off). These records in
+    kernel dies (or reboots or powers-off). These records in turn can be referenced to debug kernel problems
-    turn can be referenced to debug kernel problems (currently the kernel stuffs
+    (currently the kernel stores the tail of the kernel log, which also contains a stack backtrace, into
-    the tail of the dmesg, which also contains a stack backtrace, into pstore).</para>
+    pstore).</para>
 
     <para>The pstore file system supports a variety of backends that map onto persistent
     storage, such as the ACPI ERST and UEFI variables. The pstore backends
@@ -48,7 +48,7 @@
     pstore.</para>
 
     <para>The pstore service is independent of the kdump service. In cloud environments
-    specifically, host and guest filesystems are on remote filesystems (eg. iSCSI
+    specifically, host and guest filesystems are on remote filesystems (e.g. iSCSI
     or NFS), thus kdump relies (implicitly and/or explicitly) upon proper operation
     of networking software *and* hardware *and* infrastructure. Thus it may not be
     possible to capture a kernel coredump to a file since writes over the network
@@ -59,9 +59,9 @@
     debugging.</para>
 
     <para>The <command>systemd-pstore</command> executable does the actual work. Upon starting,
-    the <filename>pstore.conf</filename> file is read and the <filename>/sys/fs/pstore</filename>
+    the <filename>pstore.conf</filename> file is read and the <filename>/sys/fs/pstore/</filename>
     directory contents are processed according to the options. Pstore files are written to the
-    journal, and optionally saved into <filename>/var/lib/systemd/pstore</filename>.</para>
+    journal, and optionally saved into <filename>/var/lib/systemd/pstore/</filename>.</para>
   </refsect1>
 
   <refsect1>
@@ -83,17 +83,14 @@
     </refsect2>
 
     <refsect2>
-      <title>Controlling kernel parameters</title>
+      <title>Kernel parameters</title>
 
       <para> The kernel has two parameters,
       <filename>/sys/module/kernel/parameters/crash_kexec_post_notifiers</filename> and
-      <filename>/sys/module/printk/parameters/always_kmsg_dump</filename>,
+      <filename>/sys/module/printk/parameters/always_kmsg_dump</filename>, that control writes into pstore.
-      that control writes into pstore.
+      The first enables storing of the kernel log (including stack trace) into pstore upon a panic or crash,
-      The crash_kexec_post_notifiers parameter enables the kernel to write
+      and the second enables storing of the kernel log upon a normal shutdown (shutdown, reboot, halt). These
-      dmesg (including stack trace) into pstore upon a panic or crash, and
+      parameters can be managed via the
-      printk.always_kmsg_dump parameter enables the kernel to write dmesg
-      upon a normal shutdown (shutdown, reboot, halt). These kernel
-      parameters are managed via the
       <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
       mechanism, specifically the file <filename>/usr/lib/tmpfiles/systemd-pstore.conf</filename>.
       </para>

man/systemd-resolved.service.xml

@@ -223,7 +223,7 @@
 
     <para>This section provides a short summary of differences in the stub resolver implemented by
     <citerefentry><refentrytitle>nss-resolve</refentrytitle><manvolnum>8</manvolnum></citerefentry> together
-    with <command>systemd-resolved</command> and the tranditional stub resolver implemented in
+    with <command>systemd-resolved</command> and the traditional stub resolver implemented in
     <citerefentry><refentrytitle>nss-dns</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
 
     <itemizedlist>

man/systemd.exec.xml

@@ -338,10 +338,10 @@
         <term><varname>ProcSubset=</varname></term>
 
         <listitem><para>Takes one of <literal>all</literal> (the default) and <literal>pid</literal>. If
-        the latter all files and directories not directly associated with process management and introspection
+        <literal>pid</literal>, all files and directories not directly associated with process management and
-        are made invisible in the <filename>/proc/</filename> file system configured for the unit's
+        introspection are made invisible in the <filename>/proc/</filename> file system configured for the
-        processes. This controls the <literal>subset=</literal> mount option of the <literal>procfs</literal>
+        unit's processes. This controls the <literal>subset=</literal> mount option of the
-        instance for the unit. For further details see <ulink
+        <literal>procfs</literal> instance for the unit. For further details see <ulink
         url="https://www.kernel.org/doc/html/latest/filesystems/proc.html#mount-options">The /proc
         Filesystem</ulink>. Note that Linux exposes various kernel APIs via <filename>/proc/</filename>,
         which are made unavailable with this setting. Since these APIs are used frequently this option is
@@ -766,8 +766,8 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
         enforcement. For example, time limits specified for <varname>LimitCPU=</varname> will be rounded up
         implicitly to multiples of 1s. For <varname>LimitNICE=</varname> the value may be specified in two
         syntaxes: if prefixed with <literal>+</literal> or <literal>-</literal>, the value is understood as
-        regular Linux nice value in the range -20..19. If not prefixed like this the value is understood as
+        regular Linux nice value in the range -20…19. If not prefixed like this the value is understood as
-        raw resource limit parameter in the range 0..40 (with 0 being equivalent to 1).</para>
+        raw resource limit parameter in the range 0…40 (with 0 being equivalent to 1).</para>
 
         <para>Note that most process resource limits configured with these options are per-process, and
         processes may fork in order to acquire a new set of resources that are accounted independently of the
@@ -1460,14 +1460,13 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
         executed processes and mounts private <filename>/tmp/</filename> and <filename>/var/tmp/</filename>
         directories inside it that are not shared by processes outside of the namespace. This is useful to
         secure access to temporary files of the process, but makes sharing between processes via
-        <filename>/tmp/</filename> or <filename>/var/tmp/</filename> impossible. If this is enabled, all
+        <filename>/tmp/</filename> or <filename>/var/tmp/</filename> impossible. If true, all temporary files
-        temporary files created by a service in these directories will be removed after the service is
+        created by a service in these directories will be removed after the service is stopped. Defaults to
-        stopped. Defaults to false. It is possible to run two or more units within the same private
+        false. It is possible to run two or more units within the same private <filename>/tmp/</filename> and
-        <filename>/tmp/</filename> and <filename>/var/tmp/</filename> namespace by using the
+        <filename>/var/tmp/</filename> namespace by using the <varname>JoinsNamespaceOf=</varname> directive,
-        <varname>JoinsNamespaceOf=</varname> directive, see
+        see <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+        for details. This setting is implied if <varname>DynamicUser=</varname> is set. For this setting the
-        details. This setting is implied if <varname>DynamicUser=</varname> is set. For this setting the same
+        same restrictions regarding mount propagation and privileges apply as for
-        restrictions regarding mount propagation and privileges apply as for
         <varname>ReadOnlyPaths=</varname> and related calls, see above. Enabling this setting has the side
         effect of adding <varname>Requires=</varname> and <varname>After=</varname> dependencies on all mount
         units necessary to access <filename>/tmp/</filename> and <filename>/var/tmp/</filename>. Moreover an
@@ -2779,8 +2778,7 @@ StandardInputData=SWNrIHNpdHplIGRhIHVuJyBlc3NlIEtsb3BzLAp1ZmYgZWVtYWwga2xvcHAncy
         <varname>ExecStart=</varname> command line use <literal>${CREDENTIALS_DIRECTORY}/mycred</literal>,
         e.g. <literal>ExecStart=cat ${CREDENTIALS_DIRECTORY}/mycred</literal>.</para>
 
-        <para>Currently, an accumulated credential size limit of 1M bytes per unit is
+        <para>Currently, an accumulated credential size limit of 1 MB per unit is enforced.</para>
-        enforced.</para>
 
         <para>If referencing an <constant>AF_UNIX</constant> stream socket to connect to, the connection will
         originate from an abstract namespace socket, that includes information about the unit and the

man/systemd.link.xml

@@ -413,7 +413,7 @@
         <term><varname>TxQueueLength=</varname></term>
         <listitem>
           <para>Specifies the transmit queue length of the device in number of packets. An unsigned integer
-          in the range 0..4294967294. When unset, the kernel's default will be used.</para>
+          in the range 0…4294967294. When unset, the kernel's default will be used.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
@@ -755,15 +755,15 @@
         <listitem>
           <para>Specifies the maximum size of a Generic Segment Offload (GSO) packet the
           device should accept. The usual suffixes K, M, G, are supported and are
-          understood to the base of 1024. An unsigned integer in the range 1—65536.
+          understood to the base of 1024. An unsigned integer in the range 1…65536.
           Defaults to unset.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
         <term><varname>GenericSegmentOffloadMaxSegments=</varname></term>
         <listitem>
-          <para>Specifies the maximum number of a Generic Segment Offload (GSO) segments the device should accept.
+          <para>Specifies the maximum number of a Generic Segment Offload (GSO) segments the device should
-          An unsigned integer in the range 1—65535. Defaults to unset.</para>
+          accept.  An unsigned integer in the range 1…65535. Defaults to unset.</para>
         </listitem>
       </varlistentry>
 

man/systemd.net-naming-scheme.xml

@@ -271,7 +271,7 @@
     <title>History</title>
 
     <para>The following "naming schemes" have been defined (which may be chosen at system boot-up time via
-    the <varname>net.naming-scheme=</varname> kernel command line switch, see above:</para>
+    the <varname>net.naming-scheme=</varname> kernel command line switch, see above):</para>
 
     <variablelist>
         <varlistentry>
@@ -362,11 +362,11 @@
         <varlistentry>
           <term><constant>v247</constant></term>
 
-          <listitem><para>If the PCI slot is associated with PCI bridge and that has multiple child network
+          <listitem><para>When a PCI slot is associated with a PCI bridge that has multiple child network
-          controllers then all of them might derive the same value of <varname>ID_NET_NAME_SLOT</varname>
+          controllers, the same value of the <varname>ID_NET_NAME_SLOT</varname> property might be derived
-          property. That could cause naming conflict if the property is selected as a device name. Now, we detect the
+          for those controllers. This would cause a naming conflict if the property is selected as the device
-          situation, slot - bridge relation, and we don't produce the <varname>ID_NET_NAME_SLOT</varname> property to
+          name. Now, we detect this situation and don't produce the <varname>ID_NET_NAME_SLOT</varname>
-          avoid possible naming conflict.</para></listitem>
+          property.</para></listitem>
         </varlistentry>
 
       </variablelist>

man/systemd.netdev.xml

@@ -550,7 +550,7 @@
         <term><varname>BroadcastMulticastQueueLength=</varname></term>
         <listitem>
           <para>Specifies the length of the receive queue for broadcast/multicast packets. An unsigned
-          integer in the range 0—4294967294. Defaults to unset.</para>
+          integer in the range 0…4294967294. Defaults to unset.</para>
         </listitem>
       </varlistentry>
     </variablelist>
@@ -608,7 +608,7 @@
       <varlistentry>
         <term><varname>VNI=</varname></term>
         <listitem>
-          <para>The VXLAN Network Identifier (or VXLAN Segment ID). Takes a number in the range 1-16777215.</para>
+          <para>The VXLAN Network Identifier (or VXLAN Segment ID). Takes a number in the range 1…16777215.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
@@ -907,7 +907,7 @@
       <varlistentry>
         <term><varname>PeerTunnelId=</varname></term>
         <listitem>
-          <para>Specifies the peer tunnel id. Takes a number in the range 1—4294967295. The value used must
+          <para>Specifies the peer tunnel id. Takes a number in the range 1…4294967295. The value used must
           match the <literal>TunnelId=</literal> value being used at the peer. This setting is compulsory.
           </para>
         </listitem>
@@ -1390,7 +1390,7 @@
       <varlistentry>
         <term><varname>ERSPANIndex=</varname></term>
         <listitem>
-          <para>Specifies the ERSPAN index field for the interface, an integer in the range 1-1048575 associated with
+          <para>Specifies the ERSPAN index field for the interface, an integer in the range 1…1048575 associated with
           the ERSPAN traffic's source port and direction. This field is mandatory.
           </para>
         </listitem>
@@ -1442,7 +1442,7 @@
           <para>The <varname>Protocol=</varname> specifies the protocol number of the packets arriving
           at the UDP port. When <varname>Encapsulation=FooOverUDP</varname>, this field is mandatory
           and is not set by default. Takes an IP protocol name such as <literal>gre</literal> or
-          <literal>ipip</literal>, or an integer within the range 1-255. When
+          <literal>ipip</literal>, or an integer within the range 1…255. When
           <varname>Encapsulation=GenericUDPEncapsulation</varname>, this must not be specified.</para>
         </listitem>
       </varlistentry>
@@ -1801,7 +1801,7 @@
       <varlistentry>
         <term><varname>AdActorSystemPriority=</varname></term>
         <listitem>
-          <para>Specifies the 802.3ad actor system priority. Takes a number in the range 1—65535.</para>
+          <para>Specifies the 802.3ad actor system priority. Takes a number in the range 1…65535.</para>
         </listitem>
       </varlistentry>
 

man/systemd.network.xml

@@ -212,20 +212,20 @@
           <para>Link groups are similar to port ranges found in managed switches.
           When network interfaces are added to a numbered group, operations on
           all the interfaces from that group can be performed at once. An unsigned
-          integer in the range 0—4294967294. Defaults to unset.</para>
+          integer in the range 0…4294967294. Defaults to unset.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
         <term><varname>TransmitQueues=</varname></term>
         <listitem>
-          <para>Specifies the devices's number of transmit queues. An integer in the range 1...4096.
+          <para>Specifies the devices's number of transmit queues. An integer in the range 1…4096.
           When unset, the kernel's default will be used.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
         <term><varname>ReceiveQueues=</varname></term>
         <listitem>
-          <para>Specifies the devices's number of receive queues. An integer in the range 1...4096.
+          <para>Specifies the devices's number of receive queues. An integer in the range 1…4096.
           When unset, the kernel's default will be used.</para>
         </listitem>
       </varlistentry>
@@ -295,21 +295,21 @@
           <term><varname>VirtualFunction=</varname></term>
           <listitem>
             <para>Specifies a Virtual Function (VF), lightweight PCIe function designed solely to move data
-            in and out. Takes an unsigned integer in the range 0..2147483646. This option is compulsory.</para>
+            in and out. Takes an unsigned integer in the range 0…2147483646. This option is compulsory.</para>
           </listitem>
         </varlistentry>
 
         <varlistentry>
           <term><varname>VLANId=</varname></term>
           <listitem>
-            <para>Specifies VLAN ID of the virtual function. Takes an unsigned integer in the range 1..4095.</para>
+            <para>Specifies VLAN ID of the virtual function. Takes an unsigned integer in the range 1…4095.</para>
           </listitem>
         </varlistentry>
 
         <varlistentry>
           <term><varname>QualityOfService=</varname></term>
           <listitem>
-            <para>Specifies quality of service of the virtual function. Takes an unsigned integer in the range 1..4294967294.</para>
+            <para>Specifies quality of service of the virtual function. Takes an unsigned integer in the range 1…4294967294.</para>
           </listitem>
         </varlistentry>
 
@@ -665,8 +665,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
         <varlistentry>
           <term><varname>DNS=</varname></term>
           <listitem>
-            <para>A DNS server address, which must be in the format
+            <para>A DNS server address, which must be in the format described in
-            described in
             <citerefentry project='man-pages'><refentrytitle>inet_pton</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
             This option may be specified more than once. Each address can optionally take a port number
             separated with <literal>:</literal>, a network interface name or index separated with
@@ -674,9 +673,8 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
             When IPv6 address is specified with a port number, then the address must be in the square
             brackets. That is, the acceptable full formats are
             <literal>111.222.333.444:9953%ifname#example.com</literal> for IPv4 and
-            <literal>[1111:2222::3333]:9953%ifname#example.com</literal> for IPv6. This setting can be
+            <literal>[1111:2222::3333]:9953%ifname#example.com</literal> for IPv6. If an empty string is
-            specified multiple times. If an empty string is assigned, then the all previous assignments
+            assigned, then the all previous assignments are cleared. This setting is read by
-            are cleared. This setting is read by
             <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
           </listitem>
         </varlistentry>
@@ -1074,13 +1072,12 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
         <varlistentry>
           <term><varname>PreferredLifetime=</varname></term>
           <listitem>
-            <para>Allows the default "preferred lifetime" of the address to be overridden.
+            <para>Allows the default "preferred lifetime" of the address to be overridden. Only three
-            Only three settings are accepted: <literal>forever</literal> or <literal>infinity</literal>
+            settings are accepted: <literal>forever</literal>, <literal>infinity</literal>, which is the
-            which is the default and means that the address never expires, and <literal>0</literal> which means
+            default and means that the address never expires, and <literal>0</literal>, which means that the
-            that the address is considered immediately "expired" and will not be used,
+            address is considered immediately "expired" and will not be used, unless explicitly requested. A
-            unless explicitly requested. A setting of PreferredLifetime=0 is useful for
+            setting of <option>PreferredLifetime=0</option> is useful for addresses which are added to be
-            addresses which are added to be used only by a specific application,
+            used only by a specific application, which is then configured to use them explicitly.</para>
-            which is then configured to use them explicitly.</para>
           </listitem>
         </varlistentry>
         <varlistentry>
@@ -1090,7 +1087,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
             <literal>global</literal> (valid everywhere on the network, even through a gateway),
             <literal>link</literal> (only valid on this device, will not traverse a gateway) or
             <literal>host</literal> (only valid within the device itself, e.g. 127.0.0.1)
-            or an unsigned integer in the range 0—255.
+            or an unsigned integer in the range 0…255.
             Defaults to <literal>global</literal>.</para>
           </listitem>
         </varlistentry>
@@ -1309,7 +1306,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
         <varlistentry>
           <term><varname>SuppressPrefixLength=</varname></term>
           <listitem>
-            <para>Takes a number <replaceable>N</replaceable> in the range 0-128 and rejects routing
+            <para>Takes a number <replaceable>N</replaceable> in the range 0…128 and rejects routing
             decisions that have a prefix length of <replaceable>N</replaceable> or less. Defaults to
             unset.</para>
           </listitem>
@@ -1882,8 +1879,8 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
         <varlistentry>
           <term><varname>RequestOptions=</varname></term>
           <listitem>
-            <para>When configured, allows to set arbitrary request options in the DHCPv4 request options list and will be
+            <para>Sets request options to be sent to the server in the DHCPv4 request options list. A
-            sent to the DHCPV4 server. A whitespace-separated list of integers in the range 1..254. Defaults to unset.</para>
+            whitespace-separated list of integers in the range 1…254. Defaults to unset.</para>
           </listitem>
         </varlistentry>
 
@@ -1893,10 +1890,11 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
             <para>Send an arbitrary raw option in the DHCPv4 request. Takes a DHCP option number, data type
             and data separated with a colon
             (<literal><replaceable>option</replaceable>:<replaceable>type</replaceable>:<replaceable>value</replaceable></literal>).
-            The option number must be an integer in the range 1..254. The type takes one of <literal>uint8</literal>,
+            The option number must be an integer in the range 1…254. The type takes one of
-            <literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, or
+            <literal>uint8</literal>, <literal>uint16</literal>, <literal>uint32</literal>,
-            <literal>string</literal>. Special characters in the data string may be escaped using
+            <literal>ipv4address</literal>, or <literal>string</literal>. Special characters in the data
-            <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
+            string may be escaped using <ulink
+            url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
             escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
             then all options specified earlier are cleared. Defaults to unset.</para>
           </listitem>
@@ -1905,13 +1903,14 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
         <varlistentry>
           <term><varname>SendVendorOption=</varname></term>
           <listitem>
-            <para>Send an arbitrary vendor option in the DHCPv4 request. Takes a DHCP option number, data type
+            <para>Send an arbitrary vendor option in the DHCPv4 request. Takes a DHCP option number, data
-            and data separated with a colon
+            type and data separated with a colon
             (<literal><replaceable>option</replaceable>:<replaceable>type</replaceable>:<replaceable>value</replaceable></literal>).
-            The option number must be an integer in the range 1..254. The type takes one of <literal>uint8</literal>,
+            The option number must be an integer in the range 1…254. The type takes one of
-            <literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, or
+            <literal>uint8</literal>, <literal>uint16</literal>, <literal>uint32</literal>,
-            <literal>string</literal>. Special characters in the data string may be escaped using
+            <literal>ipv4address</literal>, or <literal>string</literal>. Special characters in the data
-            <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
+            string may be escaped using <ulink
+            url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
             escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
             then all options specified earlier are cleared. Defaults to unset.</para>
           </listitem>
@@ -1965,7 +1964,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
           <term><varname>MUDURL=</varname></term>
           <listitem>
             <para>When configured, the specified Manufacturer Usage Description (MUD) URL will be sent to
-            the DHCPV6 server. The syntax and semantics are the same as for <varname>MUDURL=</varname> in the
+            the DHCPv6 server. The syntax and semantics are the same as for <varname>MUDURL=</varname> in the
             [DHCPv4] section described above.</para>
           </listitem>
         </varlistentry>
@@ -1974,8 +1973,8 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
           <term><varname>RequestOptions=</varname></term>
           <listitem>
             <para>When configured, allows to set arbitrary request options in the DHCPv6 request options list
-            that will be sent to the DHCPV6 server. A whitespace-separated list of integers in the range
+            that will be sent to the DHCPv6 server. A whitespace-separated list of integers in the range
-            1..254. Defaults to unset.</para>
+            1…254. Defaults to unset.</para>
           </listitem>
         </varlistentry>
 
@@ -2035,7 +2034,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
           <term><varname>SendOption=</varname></term>
           <listitem>
             <para>As in the [DHCPv4] section, however because DHCPv6 uses 16-bit fields to store
-            option numbers, the option number is an integer in the range 1..65536.</para>
+            option numbers, the option number is an integer in the range 1…65536.</para>
           </listitem>
         </varlistentry>
 
@@ -2306,7 +2305,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
         servers set. The "uplink" interface is determined by the default route of the system with the highest
         priority. Note that this information is acquired at the time the lease is handed out, and does not
         take uplink interfaces into account that acquire DNS server information at a later point. If no
-        suitable uplinkg interface is found the DNS server data from <filename>/etc/resolv.conf</filename> is
+        suitable uplink interface is found the DNS server data from <filename>/etc/resolv.conf</filename> is
         used. Also, note that the leases are not refreshed if the uplink network configuration changes. To
         ensure clients regularly acquire the most current uplink DNS server information, it is thus advisable
         to shorten the DHCP lease time via <varname>MaxLeaseTimeSec=</varname> described
@@ -2360,7 +2359,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
         <listitem>
           <para>Send a raw option with value via DHCPv4 server. Takes a DHCP option number, data type
           and data (<literal><replaceable>option</replaceable>:<replaceable>type</replaceable>:<replaceable>value</replaceable></literal>).
-          The option number is an integer in the range 1..254. The type takes one of <literal>uint8</literal>,
+          The option number is an integer in the range 1…254. The type takes one of <literal>uint8</literal>,
           <literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, <literal>ipv6address</literal>, or
           <literal>string</literal>. Special characters in the data string may be escaped using
           <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
@@ -2374,7 +2373,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
         <listitem>
           <para>Send a vendor option with value via DHCPv4 server. Takes a DHCP option number, data type
           and data (<literal><replaceable>option</replaceable>:<replaceable>type</replaceable>:<replaceable>value</replaceable></literal>).
-          The option number is an integer in the range 1..254. The type takes one of <literal>uint8</literal>,
+          The option number is an integer in the range 1…254. The type takes one of <literal>uint8</literal>,
           <literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, or
           <literal>string</literal>. Special characters in the data string may be escaped using
           <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
@@ -2699,7 +2698,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
           <term><varname>VNI=</varname></term>
           <listitem>
             <para>The VXLAN Network Identifier (or VXLAN Segment ID) to use to connect to
-            the remote VXLAN tunnel endpoint. Takes a number in the range 1-16777215.
+            the remote VXLAN tunnel endpoint. Takes a number in the range 1…16777215.
             Defaults to unset.</para>
           </listitem>
         </varlistentry>
@@ -2767,7 +2766,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
           <term><varname>BitRate=</varname></term>
           <listitem>
             <para>The bitrate of CAN device in bits per second. The usual SI prefixes (K, M) with the base of 1000 can
-            be used here. Takes a number in the range 1..4294967295.</para>
+            be used here. Takes a number in the range 1…4294967295.</para>
           </listitem>
         </varlistentry>
         <varlistentry>
@@ -3003,8 +3002,9 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
       <varlistentry>
         <term><varname>PacketLimit=</varname></term>
         <listitem>
-          <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
+          <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
-          dropped. An unsigned integer in the range 1–4294967294. Defaults to unset and kernel's default is used.</para>
+          incoming packets are dropped. An unsigned integer in the range 1…4294967294. Defaults to unset and
+          kernel's default is used.</para>
         </listitem>
       </varlistentry>
     </variablelist>
@@ -3022,8 +3022,9 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
       <varlistentry>
         <term><varname>PacketLimit=</varname></term>
         <listitem>
-          <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
+          <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
-          dropped. An unsigned integer ranges 1 to 4294967294. Defaults to unset and kernel's default is used.</para>
+          incoming packets are dropped. An unsigned integer ranges 1 to 4294967294. Defaults to unset and
+          kernel's default is used.</para>
         </listitem>
       </varlistentry>
     </variablelist>
@@ -3101,10 +3102,10 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
       <varlistentry>
         <term><varname>PacketLimit=</varname></term>
         <listitem>
-          <para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer
+          <para>Specifies the hard limit on the number of packets in the FIFO queue. The size limit prevents
-          size) to prevent it from overflowing in case it is unable to dequeue packets as quickly as it
+          overflow in case the kernel is unable to dequeue packets as quickly as it receives them. When this
-          receives them. When this limit is reached, incoming packets are dropped. An unsigned integer in the
+          limit is reached, incoming packets are dropped. An unsigned integer in the range
-          range 0–4294967294. Defaults to unset and kernel's default is used.</para>
+          0–4294967294. Defaults to unset and kernel's default is used.</para>
         </listitem>
       </varlistentry>
     </variablelist>
@@ -3294,7 +3295,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
           separated list of numbers. The first number indicates which band the packets with priority 0 should
           be put to, the second is for priority 1, and so on. There can be up to 16 numbers in the list. If
           there are fewer, the default band that traffic with one of the unmentioned priorities goes to is
-          the last one. Each band number must be in the range 0..255. This setting can be specified multiple
+          the last one. Each band number must be in the range 0…255. This setting can be specified multiple
           times. If an empty string is assigned, then the all previous assignments are cleared.</para>
         </listitem>
       </varlistentry>
@@ -3313,7 +3314,8 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
       <varlistentry>
         <term><varname>VirtualQueues=</varname></term>
         <listitem>
-          <para>Specifies the number of virtual queues. Takes a integer in the range 1-16. Defaults to unset and kernel's default is used.</para>
+          <para>Specifies the number of virtual queues. Takes a integer in the range 1…16. Defaults to unset
+          and kernel's default is used.</para>
         </listitem>
       </varlistentry>
 
@@ -3674,7 +3676,7 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
       <varlistentry>
         <term><varname>Weight=</varname></term>
         <listitem>
-          <para>Specifies the weight of the class. Takes an integer in the range 1..1023. Defaults to
+          <para>Specifies the weight of the class. Takes an integer in the range 1…1023. Defaults to
           unset in which case the kernel default is used.</para>
         </listitem>
       </varlistentry>
@@ -3682,9 +3684,9 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
       <varlistentry>
         <term><varname>MaxPacketBytes=</varname></term>
         <listitem>
-          <para>Specifies the maximum packet size in bytes for the class. When suffixed with K, M, or G, the specified
+          <para>Specifies the maximum packet size in bytes for the class. When suffixed with K, M, or G, the
-          size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. When unset,
+          specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of
-          the kernel default is used.</para>
+          1024. When unset, the kernel default is used.</para>
         </listitem>
       </varlistentry>
     </variablelist>

man/systemd.resource-control.xml

@@ -905,10 +905,11 @@ DeviceAllow=/dev/loop-control
 
         <listitem>
           <para>Overrides the default memory pressure limit set by
-          <citerefentry><refentrytitle>oomd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> for this unit
+          <citerefentry><refentrytitle>oomd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
-          (cgroup). Takes a percentage value between 0% and 100%, inclusive. This property is ignored unless
+          this unit (cgroup). Takes a percentage value between 0% and 100%, inclusive. This property is
-          <varname>ManagedOOMMemoryPressure=</varname><option>kill</option>. Defaults to 0%, which means use the
+          ignored unless <varname>ManagedOOMMemoryPressure=</varname><option>kill</option>. Defaults to 0%,
-          default set by <citerefentry><refentrytitle>oomd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+          which means to use the default set by
+          <citerefentry><refentrytitle>oomd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
           </para>
         </listitem>
       </varlistentry>

man/systemd.service.xml

@@ -780,7 +780,7 @@
         abnormally by a signal, or hit a timeout.</para>
 
         <table>
-          <title>Exit causes and the effect of the <varname>Restart=</varname> settings on them</title>
+          <title>Exit causes and the effect of the <varname>Restart=</varname> settings</title>
 
           <tgroup cols='2'>
             <colspec colname='path' />

man/systemd.special.xml

@@ -1281,9 +1281,9 @@
             <para>The XDG specification defines a way to autostart applications using XDG desktop files.
             systemd ships
             <citerefentry><refentrytitle>systemd-xdg-autostart-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
-            for the XDG desktop files in autostart directories.
+            for the XDG desktop files in autostart directories. Desktop Environments can opt-in to use this
-            Desktop Environments can opt-in to use this service by adding a <varname>Wants=</varname>
+            service by adding a <varname>Wants=</varname> dependency on
-            dependency on <literal>xdg-desktop-autostart.target</literal>.</para>
+            <filename>xdg-desktop-autostart.target</filename>.</para>
           </listitem>
         </varlistentry>
       </variablelist>

man/userdbctl.xml

@@ -36,8 +36,8 @@
     <para><command>userdbctl</command> may be used to inspect user and groups (as well as group memberships)
     of the system. This client utility inquires user/group information provided by various system services,
     both operating on JSON user/group records (as defined by the <ulink
-    url="https://systemd.io/USER_RECORD">JSON User Record</ulink> and <ulink
+    url="https://systemd.io/USER_RECORD">JSON User Records</ulink> and <ulink
-    url="https://systemd.io/GROUP_RECORD">JSON Group Record</ulink> definitions), and classic UNIX NSS/glibc
+    url="https://systemd.io/GROUP_RECORD">JSON Group Records</ulink> definitions), and classic UNIX NSS/glibc
     user and group records. This tool is primarily a client to the <ulink
     url="https://systemd.io/USER_GROUP_API">User/Group Record Lookup API via Varlink</ulink>.</para>
   </refsect1>

src/import/import-compress.c

@@ -83,6 +83,13 @@ int import_uncompress_detect(ImportCompress *c, const void *data, size_t size) {
         return 1;
 }
 
+void import_uncompress_force_off(ImportCompress *c) {
+        assert(c);
+
+        c->type = IMPORT_COMPRESS_UNCOMPRESSED;
+        c->encoding = false;
+}
+
 int import_uncompress(ImportCompress *c, const void *data, size_t size, ImportCompressCallback callback, void *userdata) {
         int r;
 
@@ -125,10 +132,12 @@ int import_uncompress(ImportCompress *c, const void *data, size_t size, ImportCo
                         if (!IN_SET(lzr, LZMA_OK, LZMA_STREAM_END))
                                 return -EIO;
 
+                        if (c->xz.avail_out < sizeof(buffer)) {
                                 r = callback(buffer, sizeof(buffer) - c->xz.avail_out, userdata);
                                 if (r < 0)
                                         return r;
                         }
+                }
 
                 break;
 
@@ -146,10 +155,12 @@ int import_uncompress(ImportCompress *c, const void *data, size_t size, ImportCo
                         if (!IN_SET(r, Z_OK, Z_STREAM_END))
                                 return -EIO;
 
+                        if (c->gzip.avail_out < sizeof(buffer)) {
                                 r = callback(buffer, sizeof(buffer) - c->gzip.avail_out, userdata);
                                 if (r < 0)
                                         return r;
                         }
+                }
 
                 break;
 
@@ -168,10 +179,12 @@ int import_uncompress(ImportCompress *c, const void *data, size_t size, ImportCo
                         if (!IN_SET(r, BZ_OK, BZ_STREAM_END))
                                 return -EIO;
 
+                        if (c->bzip2.avail_out < sizeof(buffer)) {
                                 r = callback(buffer, sizeof(buffer) - c->bzip2.avail_out, userdata);
                                 if (r < 0)
                                         return r;
                         }
+                }
 
                 break;
 #endif

src/import/import-compress.h

@@ -37,6 +37,7 @@ typedef int (*ImportCompressCallback)(const void *data, size_t size, void *userd
 void import_compress_free(ImportCompress *c);
 
 int import_uncompress_detect(ImportCompress *c, const void *data, size_t size);
+void import_uncompress_force_off(ImportCompress *c);
 int import_uncompress(ImportCompress *c, const void *data, size_t size, ImportCompressCallback callback, void *userdata);
 
 int import_compress_init(ImportCompress *c, ImportCompressType t);

src/import/import-raw.c

@@ -64,10 +64,7 @@ RawImport* raw_import_unref(RawImport *i) {
 
         sd_event_unref(i->event);
 
-        if (i->temp_path) {
+        unlink_and_free(i->temp_path);
-                (void) unlink(i->temp_path);
-                free(i->temp_path);
-        }
 
         import_compress_free(&i->compress);
 
@@ -316,20 +313,15 @@ static int raw_import_process(RawImport *i) {
                 r = log_error_errno(errno, "Failed to read input file: %m");
                 goto finish;
         }
-        if (l == 0) {
-                if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
-                        log_error("Premature end of file.");
-                        r = -EIO;
-                        goto finish;
-                }
-
-                r = raw_import_finish(i);
-                goto finish;
-        }
 
         i->buffer_size += l;
 
         if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
+
+                if (l == 0) { /* EOF */
+                        log_debug("File too short to be compressed, as no compression signature fits in, thus assuming uncompressed.");
+                        import_uncompress_force_off(&i->compress);
+                } else {
                         r = import_uncompress_detect(&i->compress, i->buffer, i->buffer_size);
                         if (r < 0) {
                                 log_error_errno(r, "Failed to detect file compression: %m");
@@ -337,6 +329,7 @@ static int raw_import_process(RawImport *i) {
                         }
                         if (r == 0) /* Need more data */
                                 return 0;
+                }
 
                 r = raw_import_open_disk(i);
                 if (r < 0)
@@ -345,10 +338,8 @@ static int raw_import_process(RawImport *i) {
                 r = raw_import_try_reflink(i);
                 if (r < 0)
                         goto finish;
-                if (r > 0) {
+                if (r > 0)
-                        r = raw_import_finish(i);
+                        goto complete;
-                        goto finish;
-                }
         }
 
         r = import_uncompress(&i->compress, i->buffer, i->buffer_size, raw_import_write, i);
@@ -360,10 +351,16 @@ static int raw_import_process(RawImport *i) {
         i->written_compressed += i->buffer_size;
         i->buffer_size = 0;
 
+        if (l == 0) /* EOF */
+                goto complete;
+
         raw_import_report_progress(i);
 
         return 0;
 
+complete:
+        r = raw_import_finish(i);
+
 finish:
         if (i->on_finished)
                 i->on_finished(i, r, i->userdata);

src/import/import-tar.c

@@ -73,10 +73,7 @@ TarImport* tar_import_unref(TarImport *i) {
                 (void) wait_for_terminate(i->tar_pid, NULL);
         }
 
-        if (i->temp_path) {
+        rm_rf_subvolume_and_free(i->temp_path);
-                (void) rm_rf(i->temp_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
-                free(i->temp_path);
-        }
 
         import_compress_free(&i->compress);
 
@@ -262,20 +259,15 @@ static int tar_import_process(TarImport *i) {
                 r = log_error_errno(errno, "Failed to read input file: %m");
                 goto finish;
         }
-        if (l == 0) {
-                if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
-                        log_error("Premature end of file.");
-                        r = -EIO;
-                        goto finish;
-                }
-
-                r = tar_import_finish(i);
-                goto finish;
-        }
 
         i->buffer_size += l;
 
         if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
+
+                if (l == 0) { /* EOF */
+                        log_debug("File too short to be compressed, as no compression signature fits in, thus assuming uncompressed.");
+                        import_uncompress_force_off(&i->compress);
+                } else {
                         r = import_uncompress_detect(&i->compress, i->buffer, i->buffer_size);
                         if (r < 0) {
                                 log_error_errno(r, "Failed to detect file compression: %m");
@@ -283,6 +275,7 @@ static int tar_import_process(TarImport *i) {
                         }
                         if (r == 0) /* Need more data */
                                 return 0;
+                }
 
                 r = tar_import_fork_tar(i);
                 if (r < 0)
@@ -298,6 +291,11 @@ static int tar_import_process(TarImport *i) {
         i->written_compressed += i->buffer_size;
         i->buffer_size = 0;
 
+        if (l == 0) { /* EOF */
+                r = tar_import_finish(i);
+                goto finish;
+        }
+
         tar_import_report_progress(i);
 
         return 0;

src/import/pull-common.c

@@ -490,12 +490,15 @@ finish:
 
 int pull_verify(ImportVerify verify,
                 PullJob *main_job,
-                PullJob *roothash_job,
-                PullJob *settings_job,
                 PullJob *checksum_job,
-                PullJob *signature_job) {
+                PullJob *signature_job,
+                PullJob *settings_job,
+                PullJob *roothash_job,
+                PullJob *roothash_signature_job,
+                PullJob *verity_job) {
 
         VerificationStyle style;
+        PullJob *j;
         int r;
 
         assert(main_job);
@@ -513,17 +516,11 @@ int pull_verify(ImportVerify verify,
                 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
                                        "Checksum is empty, cannot verify.");
 
-        r = verify_one(checksum_job, main_job);
+        FOREACH_POINTER(j, main_job, settings_job, roothash_job, roothash_signature_job, verity_job) {
-        if (r < 0)
+                r = verify_one(checksum_job, j);
-                return r;
-
-        r = verify_one(checksum_job, roothash_job);
-        if (r < 0)
-                return r;
-
-        r = verify_one(checksum_job, settings_job);
                 if (r < 0)
                         return r;
+        }
 
         if (verify == IMPORT_VERIFY_CHECKSUM)
                 return 0;

src/import/pull-common.h

@@ -27,7 +27,7 @@ int pull_make_path(const char *url, const char *etag, const char *image_root, co
 int pull_make_auxiliary_job(PullJob **ret, const char *url, int (*strip_suffixes)(const char *name, char **ret), const char *suffix, CurlGlue *glue, PullJobFinished on_finished, void *userdata);
 int pull_make_verification_jobs(PullJob **ret_checksum_job, PullJob **ret_signature_job, ImportVerify verify, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata);
 
-int pull_verify(ImportVerify verify, PullJob *main_job, PullJob *roothash_job, PullJob *settings_job, PullJob *checksum_job, PullJob *signature_job);
+int pull_verify(ImportVerify verify, PullJob *main_job, PullJob *checksum_job, PullJob *signature_job, PullJob *settings_job, PullJob *roothash_job, PullJob *roothash_signature_job, PullJob *verity_job);
 
 typedef enum VerificationStyle {
         VERIFICATION_PER_FILE,      /* SuSE-style ".sha256" files with inline gpg signature */

src/import/pull-raw.c

@@ -542,7 +542,14 @@ static void raw_pull_job_on_finished(PullJob *j) {
 
                 raw_pull_report_progress(i, RAW_VERIFYING);
 
-                r = pull_verify(i->verify, i->raw_job, i->roothash_job, i->settings_job, i->checksum_job, i->signature_job);
+                r = pull_verify(i->verify,
+                                i->raw_job,
+                                i->checksum_job,
+                                i->signature_job,
+                                i->settings_job,
+                                i->roothash_job,
+                                i->roothash_signature_job,
+                                i->verity_job);
                 if (r < 0)
                         goto finish;
 

src/import/pull-tar.c

@@ -336,7 +336,14 @@ static void tar_pull_job_on_finished(PullJob *j) {
 
                 tar_pull_report_progress(i, TAR_VERIFYING);
 
-                r = pull_verify(i->verify, i->tar_job, NULL, i->settings_job, i->checksum_job, i->signature_job);
+                r = pull_verify(i->verify,
+                                i->tar_job,
+                                i->checksum_job,
+                                i->signature_job,
+                                i->settings_job,
+                                /* roothash_job = */ NULL,
+                                /* roothash_signature_job = */ NULL,
+                                /* verity_job = */ NULL);
                 if (r < 0)
                         goto finish;
 

src/import/pull.c

@@ -212,7 +212,8 @@ static int help(int argc, char *argv[], void *userdata) {
                "                              'checksum', 'signature'\n"
                "     --settings=BOOL          Download settings file with image\n"
                "     --roothash=BOOL          Download root hash file with image\n"
-               "     --roothash-sigature=BOOL Download root hash signature file with image\n"
+               "     --roothash-signature=BOOL\n"
+               "                              Download root hash signature file with image\n"
                "     --verity=BOOL            Download verity file with image\n"
                "     --image-root=PATH        Image root directory\n\n"
                "Commands:\n"

src/libsystemd/sd-event/sd-event.c

@@ -407,7 +407,7 @@ _public_ int sd_event_new(sd_event** ret) {
         e->epoll_fd = fd_move_above_stdio(e->epoll_fd);
 
         if (secure_getenv("SD_EVENT_PROFILE_DELAYS")) {
-                log_debug("Event loop profiling enabled. Logarithmic histogram of event loop iterations in the range 2^0 ... 2^63 us will be logged every 5s.");
+                log_debug("Event loop profiling enabled. Logarithmic histogram of event loop iterations in the range 2^0 … 2^63 us will be logged every 5s.");
                 e->profile_delays = true;
         }
 

src/network/networkd-dhcp-common.c

@@ -551,13 +551,13 @@ int config_parse_dhcp_user_or_vendor_class(
                 if (ltype == AF_INET) {
                         if (len > UINT8_MAX || len == 0) {
                                 log_syntax(unit, LOG_WARNING, filename, line, 0,
-                                           "%s length is not in the range 1-255, ignoring.", w);
+                                           "%s length is not in the range 1…255, ignoring.", w);
                                 continue;
                         }
                 } else {
                         if (len > UINT16_MAX || len == 0) {
                                 log_syntax(unit, LOG_WARNING, filename, line, 0,
-                                           "%s length is not in the range 1-65535, ignoring.", w);
+                                           "%s length is not in the range 1…65535, ignoring.", w);
                                 continue;
                         }
                 }

src/resolve/resolved-dns-query.c

@@ -26,6 +26,7 @@ static int dns_query_candidate_new(DnsQueryCandidate **ret, DnsQuery *q, DnsScop
                 return -ENOMEM;
 
         *c = (DnsQueryCandidate) {
+                .n_ref = 1,
                 .query = q,
                 .scope = s,
         };
@@ -49,8 +50,7 @@ static void dns_query_candidate_stop(DnsQueryCandidate *c) {
         }
 }
 
-DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c) {
+static DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c) {
-
         if (!c)
                 return NULL;
 
@@ -68,8 +68,10 @@ DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c) {
         return mfree(c);
 }
 
+DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(DnsQueryCandidate, dns_query_candidate, dns_query_candidate_free);
+
 static int dns_query_candidate_next_search_domain(DnsQueryCandidate *c) {
-        DnsSearchDomain *next = NULL;
+        DnsSearchDomain *next;
 
         assert(c);
 
@@ -130,14 +132,15 @@ static int dns_query_candidate_add_transaction(DnsQueryCandidate *c, DnsResource
 }
 
 static int dns_query_candidate_go(DnsQueryCandidate *c) {
+        _cleanup_(dns_query_candidate_unrefp) DnsQueryCandidate *keep_c = NULL;
         DnsTransaction *t;
         int r;
         unsigned n = 0;
-        bool notify = false;
 
         assert(c);
 
-        c->query->block_ready++;
+        /* Let's keep a reference to the query while we're operating */
+        keep_c = dns_query_candidate_ref(c);
 
         /* Start the transactions that are not started yet */
         SET_FOREACH(t, c->transactions) {
@@ -145,21 +148,14 @@ static int dns_query_candidate_go(DnsQueryCandidate *c) {
                         continue;
 
                 r = dns_transaction_go(t);
-                if (r < 0) {
+                if (r < 0)
-                        c->query->block_ready--;
                         return r;
-                }
-                if (r == 0)
-                        /* A transaction is complete. */
-                        notify = true;
 
                 n++;
         }
 
-        c->query->block_ready--;
-
         /* If there was nothing to start, then let's proceed immediately */
-        if (n == 0 || notify)
+        if (n == 0)
                 dns_query_candidate_notify(c);
 
         return 0;
@@ -307,11 +303,11 @@ static void dns_query_stop(DnsQuery *q) {
                 dns_query_candidate_stop(c);
 }
 
-static void dns_query_free_candidates(DnsQuery *q) {
+static void dns_query_unref_candidates(DnsQuery *q) {
         assert(q);
 
         while (q->candidates)
-                dns_query_candidate_free(q->candidates);
+                dns_query_candidate_unref(q->candidates);
 }
 
 static void dns_query_reset_answer(DnsQuery *q) {
@@ -340,7 +336,7 @@ DnsQuery *dns_query_free(DnsQuery *q) {
                 LIST_REMOVE(auxiliary_queries, q->auxiliary_for->auxiliary_queries, q);
         }
 
-        dns_query_free_candidates(q);
+        dns_query_unref_candidates(q);
 
         dns_question_unref(q->question_idna);
         dns_question_unref(q->question_utf8);
@@ -515,7 +511,7 @@ static int on_query_timeout(sd_event_source *s, usec_t usec, void *userdata) {
 }
 
 static int dns_query_add_candidate(DnsQuery *q, DnsScope *s) {
-        _cleanup_(dns_query_candidate_freep) DnsQueryCandidate *c = NULL;
+        _cleanup_(dns_query_candidate_unrefp) DnsQueryCandidate *c = NULL;
         int r;
 
         assert(q);
@@ -602,8 +598,8 @@ static int dns_query_try_etc_hosts(DnsQuery *q) {
 
         assert(q);
 
-        /* Looks in /etc/hosts for matching entries. Note that this is done *before* the normal lookup is done. The
+        /* Looks in /etc/hosts for matching entries. Note that this is done *before* the normal lookup is
-         * data from /etc/hosts hence takes precedence over the network. */
+         * done. The data from /etc/hosts hence takes precedence over the network. */
 
         r = manager_etc_hosts_lookup(
                         q->manager,
@@ -936,7 +932,7 @@ static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname)
         dns_question_unref(q->question_utf8);
         q->question_utf8 = TAKE_PTR(nq_utf8);
 
-        dns_query_free_candidates(q);
+        dns_query_unref_candidates(q);
         dns_query_reset_answer(q);
 
         q->state = DNS_TRANSACTION_NULL;

src/resolve/resolved-dns-query.h

@@ -16,12 +16,14 @@ typedef struct DnsStubListenerExtra DnsStubListenerExtra;
 #include "resolved-dns-transaction.h"
 
 struct DnsQueryCandidate {
+        unsigned n_ref;
+        int error_code;
+
         DnsQuery *query;
         DnsScope *scope;
 
         DnsSearchDomain *search_domain;
 
-        int error_code;
         Set *transactions;
 
         LIST_FIELDS(DnsQueryCandidate, candidates_by_query);
@@ -31,19 +33,19 @@ struct DnsQueryCandidate {
 struct DnsQuery {
         Manager *manager;
 
-        /* When resolving a service, we first create a TXT+SRV query,
+        /* When resolving a service, we first create a TXT+SRV query, and then for the hostnames we discover
-         * and then for the hostnames we discover auxiliary A+AAAA
+         * auxiliary A+AAAA queries. This pointer always points from the auxiliary queries back to the
-         * queries. This pointer always points from the auxiliary
+         * TXT+SRV query. */
-         * queries back to the TXT+SRV query. */
         DnsQuery *auxiliary_for;
         LIST_HEAD(DnsQuery, auxiliary_queries);
         unsigned n_auxiliary_queries;
         int auxiliary_result;
 
-        /* The question, formatted in IDNA for use on classic DNS, and as UTF8 for use in LLMNR or mDNS. Note that even
+        /* The question, formatted in IDNA for use on classic DNS, and as UTF8 for use in LLMNR or mDNS. Note
-         * on classic DNS some labels might use UTF8 encoding. Specifically, DNS-SD service names (in contrast to their
+         * that even on classic DNS some labels might use UTF8 encoding. Specifically, DNS-SD service names
-         * domain suffixes) use UTF-8 encoding even on DNS. Thus, the difference between these two fields is mostly
+         * (in contrast to their domain suffixes) use UTF-8 encoding even on DNS. Thus, the difference
-         * relevant only for explicit *hostname* lookups as well as the domain suffixes of service lookups. */
+         * between these two fields is mostly relevant only for explicit *hostname* lookups as well as the
+         * domain suffixes of service lookups. */
         DnsQuestion *question_idna;
         DnsQuestion *question_utf8;
 
@@ -101,8 +103,9 @@ enum {
         DNS_QUERY_RESTARTED,
 };
 
-DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c);
+DnsQueryCandidate* dns_query_candidate_ref(DnsQueryCandidate*);
-DEFINE_TRIVIAL_CLEANUP_FUNC(DnsQueryCandidate*, dns_query_candidate_free);
+DnsQueryCandidate* dns_query_candidate_unref(DnsQueryCandidate*);
+DEFINE_TRIVIAL_CLEANUP_FUNC(DnsQueryCandidate*, dns_query_candidate_unref);
 
 void dns_query_candidate_notify(DnsQueryCandidate *c);
 

src/resolve/resolved-dns-scope.c

@@ -105,7 +105,7 @@ DnsScope* dns_scope_free(DnsScope *s) {
         dns_scope_abort_transactions(s);
 
         while (s->query_candidates)
-                dns_query_candidate_free(s->query_candidates);
+                dns_query_candidate_unref(s->query_candidates);
 
         hashmap_free(s->transactions_by_key);