Adding upstream version 4.23.0.upstream/4.23.0

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

132 files changed, 2501 insertions, 1246 deletions

diff --git a/upstream/opensuse-tumbleweed/man8/bridge.8 b/upstream/opensuse-tumbleweed/man8/bridge.8
index a60964bb..bb02bd27 100644
--- a/upstream/opensuse-tumbleweed/man8/bridge.8
+++ b/upstream/opensuse-tumbleweed/man8/bridge.8
@@ -22,6 +22,7 @@ bridge \- show / manipulate bridge addresses and devices
 \fB\-s\fR[\fItatistics\fR] |
 \fB\-n\fR[\fIetns\fR] name |
 \fB\-b\fR[\fIatch\fR] filename |
+\fB\-com\fR[\fIpressvlans\fR] |
 \fB\-c\fR[\fIolor\fR] |
 \fB\-p\fR[\fIretty\fR] |
 \fB\-j\fR[\fIson\fR] |
@@ -188,6 +189,25 @@ bridge \- show / manipulate bridge addresses and devices
 .IR SRC_VNI " ]"
 
 .ti -8
+.B "bridge mdb flush"
+.BI dev " DEV "
+.RB "[ " port
+.IR PORT " ]"
+.RB "[ " vid
+.IR VID " ]"
+.RB "[ " src_vni
+.IR SRC_VNI " ]"
+.RB "[ " proto
+.IR PROTO " ]"
+.RB "[ " [no]permanent " ]"
+.RB "[ " dst
+.IR IPADDR " ]"
+.RB "[ " dst_port
+.IR DST_PORT " ]"
+.RB "[ " vni
+.IR VNI " ]"
+
+.ti -8
 .BR "bridge vlan" " { " add " | " del " } "
 .B dev
 .I DEV
@@ -327,6 +347,11 @@ If there were any errors during execution of the commands, the application
 return code will be non zero.
 
 .TP
+.BR "\-com", " \-compressvlans"
+Show compressed VLAN list. It will show continuous VLANs with the range instead
+of separated VLANs. Default is off.
+
+.TP
 .BR \-c [ color ][ = { always | auto | never }
 Configure color output. If parameter is omitted or
 .BR always ,
@@ -1172,6 +1197,54 @@ the VLAN ID. Only relevant when the bridge is VLAN-aware.
 the source VNI Network Identifier. Only relevant when the VXLAN device is in
 external mode.
 
+.SS bridge mdb flush - flush multicast group database entries.
+
+This command flushes the matching multicast group database entries.
+
+.TP
+.BI dev " DEV"
+the interface where this group address is associated.
+
+.TP
+.BI port " PORT"
+the target port for the operation. If the bridge device is specified then only
+entries pointing to the bridge itself will be deleted.
+
+.TP
+.BI vid " VID"
+the VLAN ID for the operation. Match entries only with the specified VLAN ID.
+
+.TP
+.BI src_vni " SRC_VNI"
+the source VNI Network Identifier for the operation. Match entries only with
+the specified source VNI.
+
+.TP
+.BI proto " PROTO"
+the routing protocol identifier for the operation. Match entries only with the
+specified routing protocol. Can be a number or a string from the file
+/etc/iproute2/rt_protos.
+
+.TP
+.B [no]permanent
+if specified then only permanent entries will be deleted or respectively if
+"no" is prepended then only non-permanent (temp) entries will be deleted.
+
+.TP
+.BI dst " IPADDR"
+the IP address of the destination VXLAN tunnel endpoint where the multicast
+receivers reside. Match entries only with the specified destination IP.
+
+.TP
+.BI dst_port " DST_PORT"
+the UDP destination port number to use to connect to the remote VXLAN tunnel
+endpoint. Match entries only with the specified destination port number.
+
+.TP
+.BI vni " VNI"
+the VXLAN VNI Network Identifier to use to connect to the remote VXLAN tunnel
+endpoint. Match entries only with the specified destination VNI.
+
 .SH bridge vlan - VLAN filter list
 
 .B vlan
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-balance.8 b/upstream/opensuse-tumbleweed/man8/btrfs-balance.8
index c30684c6..6a56c5b9 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-balance.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-balance.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-BALANCE" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-BALANCE" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-balance \- balance block groups on a btrfs filesystem
 .SH SYNOPSIS
@@ -185,7 +185,7 @@ or \fIraid6\fP
 .INDENT 7.0
 .TP
 .B \-\-background|\-\-bg
-run the balance operation asynchronously in the background, uses \fBfork(2)\fP to
+run the balance operation asynchronously in the background, uses \fI\%fork(2)\fP to
 start the process that calls the kernel ioctl
 .UNINDENT
 .INDENT 7.0
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-check.8 b/upstream/opensuse-tumbleweed/man8/btrfs-check.8
index 59d0a764..596e63ad 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-check.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-check.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-CHECK" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-CHECK" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-check \- check or repair a btrfs filesystem
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-convert.8 b/upstream/opensuse-tumbleweed/man8/btrfs-convert.8
index fded5087..7f33d1af 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-convert.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-convert.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-CONVERT" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-CONVERT" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-convert \- convert from ext2/3/4 or reiserfs filesystem to btrfs in-place
 .SH SYNOPSIS
@@ -76,6 +76,16 @@ have a supported data block size (i.e. the same that would be valid for
 \fBmkfs.btrfs\fP). This is typically the system page size (4KiB on x86_64
 machines).
 .sp
+\fBNOTE:\fP
+.INDENT 0.0
+.INDENT 3.5
+Always consider if a mkfs and file copy would not be a better option than
+the in\-place conversion given what was said above. The conversion depends on
+3rd party libraries and the other filesystems could still evolve and add new
+features. Not all combinations are covered or tested.
+.UNINDENT
+.UNINDENT
+.sp
 \fBBEFORE YOU START\fP
 .sp
 The source filesystem must be clean, e.g. no journal to replay or no repairs
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-device.8 b/upstream/opensuse-tumbleweed/man8/btrfs-device.8
index 5789f4fa..6c9854a0 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-device.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-device.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-DEVICE" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-DEVICE" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-device \- manage devices of btrfs filesystems
 .SH SYNOPSIS
@@ -186,9 +186,9 @@ $ btrfs device remove /dev/sda /mnt
 Add device(s) to the filesystem identified by \fIpath\fP\&.
 .sp
 If applicable, a whole device discard (TRIM) operation is performed prior to
-adding the device. A device with existing filesystem detected by \fBblkid(8)\fP
+adding the device. A device with existing filesystem detected by \fI\%blkid(8)\fP
 will prevent device addition and has to be forced. Alternatively the filesystem
-can be wiped from the device using e.g. the \fBwipefs(8)\fP tool.
+can be wiped from the device using e.g. the \fI\%wipefs(8)\fP tool.
 .sp
 The operation is instant and does not affect existing data. The operation merely
 adds the device to the filesystem structures and creates some block groups
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-filesystem.8 b/upstream/opensuse-tumbleweed/man8/btrfs-filesystem.8
index f73467d9..ac54ff7e 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-filesystem.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-filesystem.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-FILESYSTEM" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-FILESYSTEM" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-filesystem \- command group that primarily does work on the whole filesystems
 .SH SYNOPSIS
@@ -292,7 +292,7 @@ Subvolume containing a swapfile cannot be snapshotted and blocks of an
 activated swapfile cannot be balanced.
 .sp
 Swapfile creation can be achieved by standalone commands too. Activation
-needs to be done by command \fBswapon(8)\fP\&. See also command
+needs to be done by command \fI\%swapon(8)\fP\&. See also command
 \fBbtrfs inspect\-internal map\-swapfile\fP
 and the \fI\%Swapfile feature\fP description.
 .sp
@@ -346,12 +346,21 @@ device respecting \fIdevid\fP (remember, devid 1 by default).
 .sp
 The resize command does not manipulate the size of underlying
 partition.  If you wish to enlarge/reduce a filesystem, you must make sure you
-can expand the partition before enlarging the filesystem and shrink the
-partition after reducing the size of the filesystem.  This can done using
-\fBfdisk(8)\fP or \fBparted(8)\fP to delete the existing partition and recreate
+expand the partition before enlarging the filesystem and shrink the
+partition after reducing the size of the filesystem.  This can be done using
+\fI\%fdisk(8)\fP or \fI\%parted(8)\fP to delete the existing partition and recreate
 it with the new desired size.  When recreating the partition make sure to use
 the same starting partition offset as before.
 .sp
+The size of the portion that the filesystem uses of an underlying device can be
+determined via the \fBbtrfs filesystem show \-\-raw\fP command on the
+filesystem’s mount point (where it’s given for each \fIdevid\fP after the string
+\fIsize\fP or via the \fBbtrfs inspect\-internal dump\-super\fP command on the
+specific device (where it’s given as the value of \fIdev_item.total_bytes\fP, which
+is not to be confused with \fItotal_bytes\fP).
+The value is also the address of the first byte not used by the
+filesystem.
+.sp
 Growing is usually instant as it only updates the size. However, shrinking could
 take a long time if there are data in the device area that\(aqs beyond the new
 end. Relocation of the data takes time.
@@ -411,7 +420,7 @@ show sizes in TiB, or TB with \-\-si
 .UNINDENT
 .TP
 .B sync <path>
-Force a sync of the filesystem at \fIpath\fP, similar to the \fBsync(1)\fP command. In
+Force a sync of the filesystem at \fIpath\fP, similar to the \fI\%sync(1)\fP command. In
 addition, it starts cleaning of deleted subvolumes. To wait for the subvolume
 deletion to complete use the \fBbtrfs subvolume sync\fP command.
 .TP
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-image.8 b/upstream/opensuse-tumbleweed/man8/btrfs-image.8
index c369ee4d..6f339342 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-image.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-image.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-IMAGE" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-IMAGE" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-image \- create/restore an image of the filesystem
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-inspect-internal.8 b/upstream/opensuse-tumbleweed/man8/btrfs-inspect-internal.8
index 25160caf..8f974b51 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-inspect-internal.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-inspect-internal.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-INSPECT-INTERNAL" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-INSPECT-INTERNAL" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-inspect-internal \- query various internal information
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-map-logical.8 b/upstream/opensuse-tumbleweed/man8/btrfs-map-logical.8
index c40866f1..8fd419a3 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-map-logical.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-map-logical.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-MAP-LOGICAL" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-MAP-LOGICAL" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-map-logical \- map btrfs logical extent to physical extent
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-property.8 b/upstream/opensuse-tumbleweed/man8/btrfs-property.8
index 1d7330d6..45e15d0a 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-property.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-property.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-PROPERTY" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-PROPERTY" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-property \- get/set/list properties for given filesystem object
 .SH SYNOPSIS
@@ -40,8 +40,8 @@ The object can be an inode (file or directory), subvolume or the whole
 filesystem.
 .sp
 \fBbtrfs property\fP provides an unified and user\-friendly method to tune different
-btrfs properties instead of using the traditional method like \fBchattr(1)\fP or
-\fBlsattr(1)\fP\&.
+btrfs properties instead of using the traditional method like \fI\%chattr(1)\fP or
+\fI\%lsattr(1)\fP\&.
 .SS Object types
 .sp
 A property might apply to several object types so in some cases it\(aqs necessary
@@ -174,7 +174,7 @@ returned in case of failure.
 .SH SEE ALSO
 .sp
 \fI\%mkfs.btrfs(8)\fP,
-\fBlsattr(1)\fP,
-\fBchattr(1)\fP
+\fI\%lsattr(1)\fP,
+\fI\%chattr(1)\fP
 .\" Generated by docutils manpage writer.
 .
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-qgroup.8 b/upstream/opensuse-tumbleweed/man8/btrfs-qgroup.8
index 71718ce5..7ae9db65 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-qgroup.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-qgroup.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-QGROUP" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-QGROUP" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-qgroup \- control the quota group of a btrfs filesystem
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-quota.8 b/upstream/opensuse-tumbleweed/man8/btrfs-quota.8
index e1181252..54d51645 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-quota.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-quota.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-QUOTA" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-QUOTA" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-quota \- control the global quota status of a btrfs filesystem
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-receive.8 b/upstream/opensuse-tumbleweed/man8/btrfs-receive.8
index d206b010..5fb2fef5 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-receive.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-receive.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-RECEIVE" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-RECEIVE" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-receive \- receive subvolumes from send stream
 .SH SYNOPSIS
@@ -67,7 +67,7 @@ read the stream from \fIFILE\fP instead of stdin,
 .INDENT 0.0
 .TP
 .B \-C|\-\-chroot
-confine the process to \fIpath\fP using \fBchroot(1)\fP
+confine the process to \fIpath\fP using \fI\%chroot(1)\fP
 .UNINDENT
 .INDENT 0.0
 .TP
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-replace.8 b/upstream/opensuse-tumbleweed/man8/btrfs-replace.8
index d5bb007c..ad17fc10 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-replace.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-replace.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-REPLACE" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-REPLACE" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-replace \- replace devices managed by btrfs with other device
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-rescue.8 b/upstream/opensuse-tumbleweed/man8/btrfs-rescue.8
index 441e07c0..a9ed5ae7 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-rescue.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-rescue.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-RESCUE" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-RESCUE" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-rescue \- recover a damaged btrfs filesystem
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-restore.8 b/upstream/opensuse-tumbleweed/man8/btrfs-restore.8
index 79916614..043ef85d 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-restore.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-restore.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-RESTORE" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-RESTORE" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-restore \- try to restore files from a damaged filesystem image
 .SH SYNOPSIS
@@ -106,7 +106,7 @@ dry run (only list files that would be recovered)
 .INDENT 0.0
 .TP
 .BI \-\-path\-regex \ <regex>
-restore only filenames matching a regular expression (\fBregex(7)\fP)
+restore only filenames matching a regular expression (\fI\%regex(7)\fP)
 with a mandatory format
 .sp
 \fB^/(|home(|/username(|/Desktop(|/.*))))$\fP
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-scrub.8 b/upstream/opensuse-tumbleweed/man8/btrfs-scrub.8
index e415fac8..662fc705 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-scrub.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-scrub.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-SCRUB" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-SCRUB" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-scrub \- scrub btrfs filesystem, verify block checksums
 .SH SYNOPSIS
@@ -68,13 +68,13 @@ scrub only a selected device. See \fI\%btrfs scrub start\fP for more.
 \fBNOTE:\fP
 .INDENT 0.0
 .INDENT 3.5
-The \fBionice(1)\fP may not be generally supported by all IO schedulers and
+The \fI\%ionice(1)\fP may not be generally supported by all IO schedulers and
 the options to \fBbtrfs scrub start\fP may not work as expected.
 .UNINDENT
 .UNINDENT
 .sp
 In the past when the \fI\%CFQ IO scheduler\fP was generally used
-the \fBionice(1)\fP syscalls set the priority to \fIidle\fP so the IO would not
+the \fI\%ionice(1)\fP syscalls set the priority to \fIidle\fP so the IO would not
 interfere with regular IO. Since the kernel 5.0 the CFQ is not available.
 .sp
 The IO scheduler known to support that is \fI\%BFQ\fP, but first read the
@@ -91,7 +91,7 @@ belong to the same accounting group.
 .sp
 .nf
 .ft C
-$ systemd\-run \-p \(dqIOBandwidthReadMax=/dev/sdx 10M\(dq btrfs scrub start \-B /
+$ systemd\-run \-p \(dqIOReadBandwidthMax=/dev/sdx 10M\(dq btrfs scrub start \-B /
 .ft P
 .fi
 .UNINDENT
@@ -226,14 +226,14 @@ necessary
 .INDENT 7.0
 .TP
 .BI \-c \ <ioprio_class>
-set IO priority class (see \fBionice(1)\fP manual page) if the IO
+set IO priority class (see \fI\%ionice(1)\fP manual page) if the IO
 scheduler configured for the device supports ionice. This is
 only supported by BFQ or Kyber but is \fInot\fP supported by
 mq\-deadline. Please read the section about
 \fI\%IO limiting\fP\&.
 .TP
 .BI \-n \ <ioprio_classdata>
-set IO priority classdata (see \fBionice(1)\fP manpage)
+set IO priority classdata (see \fI\%ionice(1)\fP manpage)
 .TP
 .B  \-q
 (deprecated) alias for global \fI\-q\fP option
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-select-super.8 b/upstream/opensuse-tumbleweed/man8/btrfs-select-super.8
index cbf1079a..fb833db2 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-select-super.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-select-super.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-SELECT-SUPER" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-SELECT-SUPER" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-select-super \- overwrite primary superblock with a backup copy
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-send.8 b/upstream/opensuse-tumbleweed/man8/btrfs-send.8
index 0f0ca7d8..857eb89e 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-send.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-send.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-SEND" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-SEND" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-send \- generate a stream of changes between two subvolume snapshots
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs-subvolume.8 b/upstream/opensuse-tumbleweed/man8/btrfs-subvolume.8
index 1ac17e3e..4961d73e 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs-subvolume.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs-subvolume.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS-SUBVOLUME" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS-SUBVOLUME" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs-subvolume \- manage btrfs subvolumes
 .SH SYNOPSIS
@@ -41,7 +41,8 @@ snapshots.
 A BTRFS subvolume is a part of filesystem with its own independent
 file/directory hierarchy and inode number namespace. Subvolumes can share file
 extents. A snapshot is also subvolume, but with a given initial content of the
-original subvolume. A subvolume has always inode number 256.
+original subvolume. A subvolume has always inode number 256 (see more in
+\fI\%Inode numbers (in Subvolumes)\fP).
 .sp
 \fBNOTE:\fP
 .INDENT 0.0
@@ -200,10 +201,28 @@ the 4th column:
 .UNINDENT
 .SH INODE NUMBERS
 .sp
-A proper subvolume has always inode number 256. If a subvolume is nested and
-then a snapshot is taken, then the cloned directory entry representing the
-subvolume becomes empty and the inode has number 2. All other files and
-directories in the target snapshot preserve their original inode numbers.
+A directory representing a subvolume has always inode number 256 (sometimes
+also called a root of the subvolume):
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+$ ls \-lis
+total 0
+389111 0 drwxr\-xr\-x 1 user users 0 Jan 20 12:13 dir
+389110 0 \-rw\-r\-\-r\-\- 1 user users 0 Jan 20 12:13 file
+   256 0 drwxr\-xr\-x 1 user users 0 Jan 20 12:13 snap1
+   256 0 drwxr\-xr\-x 1 user users 0 Jan 20 12:13 subv1
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+If a subvolume is nested and then a snapshot is taken, then the cloned
+directory entry representing the subvolume becomes empty and the inode has
+number 2. All other files and directories in the target snapshot preserve their
+original inode numbers.
 .sp
 \fBNOTE:\fP
 .INDENT 0.0
@@ -333,16 +352,6 @@ wait for transaction commit after deleting each subvolume.
 .B \-i|\-\-subvolid <subvolid>
 subvolume id to be removed instead of the <path> that should point to the
 filesystem with the subvolume
-.UNINDENT
-.INDENT 7.0
-.TP
-.B  \-\-delete\-qgroup
-also delete the qgroup 0/subvolid if it exists
-.TP
-.B  \-\-no\-delete\-qgroup
-do not delete the 0/subvolid qgroup (default)
-.UNINDENT
-.INDENT 7.0
 .TP
 .B \-v|\-\-verbose
 (deprecated) alias for global \fI\-v\fP option
@@ -568,6 +577,6 @@ returned in case of failure.
 \fI\%btrfs\-quota(8)\fP,
 \fI\%btrfs\-send(8)\fP,
 \fI\%mkfs.btrfs(8)\fP,
-\fBmount(8)\fP
+\fI\%mount(8)\fP
 .\" Generated by docutils manpage writer.
 .
diff --git a/upstream/opensuse-tumbleweed/man8/btrfs.8 b/upstream/opensuse-tumbleweed/man8/btrfs.8
index f20beee4..343c283c 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfs.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfs.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFS" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFS" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfs \- a toolbox to manage btrfs filesystems
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/btrfstune.8 b/upstream/opensuse-tumbleweed/man8/btrfstune.8
index 94cc266f..6b906870 100644
--- a/upstream/opensuse-tumbleweed/man8/btrfstune.8
+++ b/upstream/opensuse-tumbleweed/man8/btrfstune.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "BTRFSTUNE" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "BTRFSTUNE" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 btrfstune \- tune various filesystem parameters
 .SH SYNOPSIS
@@ -134,7 +134,7 @@ change operation in case it was interrupted.
 .BI \-U \ <UUID>
 Change fsid to \fIUUID\fP in all metadata blocks.
 .sp
-The \fIUUID\fP should be a 36 bytes string in \fBprintf(3)\fP format
+The \fIUUID\fP should be a 36 bytes string in \fI\%printf(3)\fP format
 \fB%08x\-%04x\-%04x\-%04x\-%012x\fP\&.
 If there is a previous unfinished fsid change, it will continue only if the
 \fIUUID\fP matches the unfinished one or if you use the option \fI\-u\fP\&.
diff --git a/upstream/opensuse-tumbleweed/man8/depmod.8 b/upstream/opensuse-tumbleweed/man8/depmod.8
index 43312c39..d854abb7 100644
--- a/upstream/opensuse-tumbleweed/man8/depmod.8
+++ b/upstream/opensuse-tumbleweed/man8/depmod.8
@@ -2,12 +2,12 @@
 .\"     Title: depmod
 .\"    Author: Jon Masters <jcm@jonmasters.org>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 12/06/2023
+.\"      Date: 03/05/2024
 .\"    Manual: depmod
 .\"    Source: kmod
 .\"  Language: English
 .\"
-.TH "DEPMOD" "8" "12/06/2023" "kmod" "depmod"
+.TH "DEPMOD" "8" "03/05/2024" "kmod" "depmod"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -40,7 +40,7 @@ Linux kernel modules can provide services (called "symbols") for other modules t
 .PP
 \fBdepmod\fR
 creates a list of module dependencies by reading each module under
-/usr/lib/modules/\fIversion\fR
+/lib/modules/\fIversion\fR
 and determining what symbols it exports and what symbols it needs\&. By default, this list is written to
 modules\&.dep, and a binary hashed version named
 modules\&.dep\&.bin, in the same directory\&. If filenames are given on the command line, only those modules are examined (which is rarely useful unless all modules are listed)\&.
@@ -75,7 +75,7 @@ file before any work is done: if not, it silently exits rather than regenerating
 \fB\-b \fR\fB\fIbasedir\fR\fR, \fB\-\-basedir \fR\fB\fIbasedir\fR\fR
 .RS 4
 If your modules are not currently in the (normal) directory
-/usr/lib/modules/\fIversion\fR, but in a staging area, you can specify a
+/lib/modules/\fIversion\fR, but in a staging area, you can specify a
 \fIbasedir\fR
 which is prepended to the directory name\&. This
 \fIbasedir\fR
diff --git a/upstream/opensuse-tumbleweed/man8/devlink-rate.8 b/upstream/opensuse-tumbleweed/man8/devlink-rate.8
index bcec3c31..f09ac4ac 100644
--- a/upstream/opensuse-tumbleweed/man8/devlink-rate.8
+++ b/upstream/opensuse-tumbleweed/man8/devlink-rate.8
@@ -149,7 +149,7 @@ These parameter accept integer meaning weight or priority of a node.
 - set rate object parent to existing node with name \fINODE_NAME\fR or unset
 parent. Rate limits of the parent node applied to all it's children. Actual
 behaviour is details of driver's implementation. Setting parent to empty ("")
-name due to the kernel logic threated as parent unset.
+name due to the kernel logic treated as parent unset.
 
 .SS devlink port function rate add - create node rate object with specified parameters.
 Creates rate object of type node and sets parameters. Parameters same as for the
diff --git a/upstream/opensuse-tumbleweed/man8/fsck.btrfs.8 b/upstream/opensuse-tumbleweed/man8/fsck.btrfs.8
index 02a04994..fcae9bd7 100644
--- a/upstream/opensuse-tumbleweed/man8/fsck.btrfs.8
+++ b/upstream/opensuse-tumbleweed/man8/fsck.btrfs.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "FSCK.BTRFS" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "FSCK.BTRFS" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 fsck.btrfs \- do nothing, successfully
 .SH SYNOPSIS
@@ -37,7 +37,7 @@ fsck.btrfs \- do nothing, successfully
 .sp
 \fBfsck.btrfs\fP is a type of utility that should exist for any filesystem and is
 called during system setup when the corresponding \fB/etc/fstab\fP entries
-contain non\-zero value for \fIfs_passno\fP, see \fBfstab(5)\fP for more.
+contain non\-zero value for \fIfs_passno\fP, see \fI\%fstab(5)\fP for more.
 .sp
 Traditional filesystems need to run their respective fsck utility in case the
 filesystem was not unmounted cleanly and the log needs to be replayed before
@@ -68,7 +68,7 @@ Operational error, e.g. device does not exist
 .SH SEE ALSO
 .sp
 \fI\%btrfs(8)\fP,
-\fBfsck(8)\fP,
-\fBfstab(5)\fP
+\fI\%fsck(8)\fP,
+\fI\%fstab(5)\fP
 .\" Generated by docutils manpage writer.
 .
diff --git a/upstream/opensuse-tumbleweed/man8/grub2-bios-setup.8 b/upstream/opensuse-tumbleweed/man8/grub2-bios-setup.8
index 510f9129..1b940ec9 100644
--- a/upstream/opensuse-tumbleweed/man8/grub2-bios-setup.8
+++ b/upstream/opensuse-tumbleweed/man8/grub2-bios-setup.8
@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH GRUB-BIOS-SETUP "8" "February 2024" "GRUB2 2.12" "System Administration Utilities"
+.TH GRUB-BIOS-SETUP "8" "May 2024" "GRUB2 2.12" "System Administration Utilities"
 .SH NAME
 grub-bios-setup \- set up a device to boot using GRUB
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/grub2-install.8 b/upstream/opensuse-tumbleweed/man8/grub2-install.8
index 4d686a02..ac7b6e8a 100644
--- a/upstream/opensuse-tumbleweed/man8/grub2-install.8
+++ b/upstream/opensuse-tumbleweed/man8/grub2-install.8
@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH GRUB-INSTALL "8" "February 2024" "GRUB2 2.12" "System Administration Utilities"
+.TH GRUB-INSTALL "8" "May 2024" "GRUB2 2.12" "System Administration Utilities"
 .SH NAME
 grub-install \- install GRUB to a device
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/grub2-macbless.8 b/upstream/opensuse-tumbleweed/man8/grub2-macbless.8
index 59ef607b..54c18939 100644
--- a/upstream/opensuse-tumbleweed/man8/grub2-macbless.8
+++ b/upstream/opensuse-tumbleweed/man8/grub2-macbless.8
@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH GRUB-MACBLESS "8" "February 2024" "GRUB2 2.12" "System Administration Utilities"
+.TH GRUB-MACBLESS "8" "May 2024" "GRUB2 2.12" "System Administration Utilities"
 .SH NAME
 grub-macbless \- bless a mac file/directory
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/grub2-mkconfig.8 b/upstream/opensuse-tumbleweed/man8/grub2-mkconfig.8
index f7a3f102..d28de90a 100644
--- a/upstream/opensuse-tumbleweed/man8/grub2-mkconfig.8
+++ b/upstream/opensuse-tumbleweed/man8/grub2-mkconfig.8
@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH GRUB-MKCONFIG "8" "February 2024" "GRUB2 2.12" "System Administration Utilities"
+.TH GRUB-MKCONFIG "8" "May 2024" "GRUB2 2.12" "System Administration Utilities"
 .SH NAME
 grub-mkconfig \- generate a GRUB configuration file
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/grub2-ofpathname.8 b/upstream/opensuse-tumbleweed/man8/grub2-ofpathname.8
index 08c9734c..95201833 100644
--- a/upstream/opensuse-tumbleweed/man8/grub2-ofpathname.8
+++ b/upstream/opensuse-tumbleweed/man8/grub2-ofpathname.8
@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH GRUB-OFPATHNAME "8" "February 2024" "GRUB2 2.12" "System Administration Utilities"
+.TH GRUB-OFPATHNAME "8" "May 2024" "GRUB2 2.12" "System Administration Utilities"
 .SH NAME
 grub-ofpathname \- find OpenBOOT path for a device
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/grub2-probe.8 b/upstream/opensuse-tumbleweed/man8/grub2-probe.8
index edbc6df6..a8e9ba10 100644
--- a/upstream/opensuse-tumbleweed/man8/grub2-probe.8
+++ b/upstream/opensuse-tumbleweed/man8/grub2-probe.8
@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH GRUB-PROBE "8" "February 2024" "GRUB2 2.12" "System Administration Utilities"
+.TH GRUB-PROBE "8" "May 2024" "GRUB2 2.12" "System Administration Utilities"
 .SH NAME
 grub-probe \- probe device information for GRUB
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/grub2-reboot.8 b/upstream/opensuse-tumbleweed/man8/grub2-reboot.8
index 8d9faf99..bf1034c3 100644
--- a/upstream/opensuse-tumbleweed/man8/grub2-reboot.8
+++ b/upstream/opensuse-tumbleweed/man8/grub2-reboot.8
@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH GRUB-REBOOT "8" "February 2024" "GRUB2 2.12" "System Administration Utilities"
+.TH GRUB-REBOOT "8" "May 2024" "GRUB2 2.12" "System Administration Utilities"
 .SH NAME
 grub-reboot \- set the default boot entry for GRUB, for the next boot only
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/grub2-set-default.8 b/upstream/opensuse-tumbleweed/man8/grub2-set-default.8
index 32bf06ea..74ead940 100644
--- a/upstream/opensuse-tumbleweed/man8/grub2-set-default.8
+++ b/upstream/opensuse-tumbleweed/man8/grub2-set-default.8
@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH GRUB-SET-DEFAULT "8" "February 2024" "GRUB2 2.12" "System Administration Utilities"
+.TH GRUB-SET-DEFAULT "8" "May 2024" "GRUB2 2.12" "System Administration Utilities"
 .SH NAME
 grub-set-default \- set the saved default boot entry for GRUB
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/grub2-sparc64-setup.8 b/upstream/opensuse-tumbleweed/man8/grub2-sparc64-setup.8
index 8a323a9d..7c310aa4 100644
--- a/upstream/opensuse-tumbleweed/man8/grub2-sparc64-setup.8
+++ b/upstream/opensuse-tumbleweed/man8/grub2-sparc64-setup.8
@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.49.3.
-.TH GRUB-SPARC64-SETUP "8" "February 2024" "GRUB2 2.12" "System Administration Utilities"
+.TH GRUB-SPARC64-SETUP "8" "May 2024" "GRUB2 2.12" "System Administration Utilities"
 .SH NAME
 grub-sparc64-setup \- set up a device to boot using GRUB
 .SH SYNOPSIS
diff --git a/upstream/opensuse-tumbleweed/man8/iconvconfig.8 b/upstream/opensuse-tumbleweed/man8/iconvconfig.8
index f02eede8..c7e962e3 100644
--- a/upstream/opensuse-tumbleweed/man8/iconvconfig.8
+++ b/upstream/opensuse-tumbleweed/man8/iconvconfig.8
@@ -2,7 +2,7 @@
 .\"
 .\" SPDX-License-Identifier: GPL-2.0-or-later
 .\"
-.TH iconvconfig 8 2022-10-30 "Linux man-pages 6.05.01"
+.TH iconvconfig 8 2024-05-02 "Linux man-pages (unreleased)"
 .SH NAME
 iconvconfig \- create iconv module configuration cache
 .SH SYNOPSIS
@@ -21,12 +21,12 @@ Loading and parsing such a configuration file would slow down
 programs that use
 .BR iconv (3),
 so a caching mechanism is employed.
-.PP
+.P
 The
 .B iconvconfig
 program reads iconv module configuration files and writes
 a fast-loading gconv module configuration cache file.
-.PP
+.P
 In addition to the system provided gconv modules, the user can specify
 custom gconv module directories with the environment variable
 .BR GCONV_PATH .
@@ -40,7 +40,9 @@ is not set.
 Do not search the system default gconv directory,
 only the directories provided on the command line.
 .TP
-.BI \-o " outputfile" ", \-\-output=" outputfile
+.BI \-\-output= outputfile
+.TQ
+.BI \-o\~ outputfile
 Use
 .I outputfile
 for output instead of the system default cache location.
@@ -56,13 +58,17 @@ the gconv module configuration would be read from
 and the cache would be written to
 .IR foo/usr/lib/gconv/gconv\-modules.cache .
 .TP
-.BR \-? ", " \-\-help
+.B \-\-help
+.TQ
+.B \-?
 Print a usage summary and exit.
 .TP
-.B "\-\-usage"
+.B \-\-usage
 Print a short usage summary and exit.
 .TP
-.BR \-V ", " \-\-version
+.B \-\-version
+.TQ
+.B \-V
 Print the version number, license, and disclaimer of warranty for
 .BR iconv .
 .SH EXIT STATUS
@@ -77,7 +83,7 @@ Usual system default gconv module configuration file.
 .TP
 .I /usr/lib/gconv/gconv\-modules.cache
 Usual system gconv module configuration cache.
-.PP
+.P
 Depending on the architecture,
 the above files may instead be located at directories with the path prefix
 .IR /usr/lib64 .
diff --git a/upstream/opensuse-tumbleweed/man8/insmod.8 b/upstream/opensuse-tumbleweed/man8/insmod.8
index 0af511cc..9edab6b2 100644
--- a/upstream/opensuse-tumbleweed/man8/insmod.8
+++ b/upstream/opensuse-tumbleweed/man8/insmod.8
@@ -2,12 +2,12 @@
 .\"     Title: insmod
 .\"    Author: Jon Masters <jcm@jonmasters.org>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/09/2023
+.\"      Date: 03/05/2024
 .\"    Manual: insmod
 .\"    Source: kmod
 .\"  Language: English
 .\"
-.TH "INSMOD" "8" "02/09/2023" "kmod" "insmod"
+.TH "INSMOD" "8" "03/05/2024" "kmod" "insmod"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/intro.8 b/upstream/opensuse-tumbleweed/man8/intro.8
index 23fbcbd9..1affa450 100644
--- a/upstream/opensuse-tumbleweed/man8/intro.8
+++ b/upstream/opensuse-tumbleweed/man8/intro.8
@@ -7,7 +7,7 @@
 .\" Modified Sat Jul 24 17:35:48 1993 by Rik Faith (faith@cs.unc.edu)
 .\" 2007-10-23 mtk: minor rewrites, and added paragraph on exit status
 .\"
-.TH intro 8 2022-10-30 "Linux man-pages 6.05.01"
+.TH intro 8 2024-05-02 "Linux man-pages (unreleased)"
 .SH NAME
 intro \- introduction to administration and privileged commands
 .SH DESCRIPTION
@@ -15,7 +15,7 @@ Section 8 of the manual describes commands
 which either can be or are used only by the superuser,
 like system-administration commands, daemons,
 and hardware-related commands.
-.PP
+.P
 As with the commands described in Section 1, the commands described
 in this section terminate with an exit status that indicates
 whether the command succeeded or failed.
diff --git a/upstream/opensuse-tumbleweed/man8/ip-address.8 b/upstream/opensuse-tumbleweed/man8/ip-address.8
index 8e0de0e9..277c5068 100644
--- a/upstream/opensuse-tumbleweed/man8/ip-address.8
+++ b/upstream/opensuse-tumbleweed/man8/ip-address.8
@@ -146,7 +146,8 @@ ip-address \- protocol address management
 .BR ipvlan " |"
 .BR lowpan " |"
 .BR geneve " |"
-.BR macsec " ]"
+.BR macsec " |"
+.BR netkit " ]"
 
 .SH "DESCRIPTION"
 The
diff --git a/upstream/opensuse-tumbleweed/man8/ip-ioam.8 b/upstream/opensuse-tumbleweed/man8/ip-ioam.8
index 1bdc0ece..c723d782 100644
--- a/upstream/opensuse-tumbleweed/man8/ip-ioam.8
+++ b/upstream/opensuse-tumbleweed/man8/ip-ioam.8
@@ -49,12 +49,17 @@ ip-ioam \- IPv6 In-situ OAM (IOAM)
 .RI " { " ID " | "
 .BR none " }"
 
+.ti -8
+.B ip ioam monitor
+
 .SH DESCRIPTION
 The \fBip ioam\fR command is used to configure IPv6 In-situ OAM (IOAM6)
 internal parameters, namely IOAM namespaces and schemas.
 .PP
 Those parameters also include the mapping between an IOAM namespace and an IOAM
 schema.
+.PP
+The \fBip ioam monitor\fR command displays IOAM data received.
 
 .SH EXAMPLES
 .PP
diff --git a/upstream/opensuse-tumbleweed/man8/ip-l2tp.8 b/upstream/opensuse-tumbleweed/man8/ip-l2tp.8
index 9aba6bec..7109c0a0 100644
--- a/upstream/opensuse-tumbleweed/man8/ip-l2tp.8
+++ b/upstream/opensuse-tumbleweed/man8/ip-l2tp.8
@@ -392,7 +392,7 @@ If L2TP is being used over IPv6, use the IPv6 defrag module.
 .SH INTEROPERABILITY
 .PP
 Unmanaged (static) L2TPv3 tunnels are supported by some network
-equipment equipment vendors such as Cisco.
+equipment vendors such as Cisco.
 .PP
 In Linux, L2TP Hello messages are not supported in unmanaged
 tunnels. Hello messages are used by L2TP clients and servers to detect
diff --git a/upstream/opensuse-tumbleweed/man8/ip-link.8 b/upstream/opensuse-tumbleweed/man8/ip-link.8
index 209ae825..e3c71efd 100644
--- a/upstream/opensuse-tumbleweed/man8/ip-link.8
+++ b/upstream/opensuse-tumbleweed/man8/ip-link.8
@@ -63,7 +63,7 @@ ip-link \- network device configuration
 .RI "[ " ARGS " ]"
 
 .ti -8
-.BR "ip link set " {
+.BR "ip link" " { " set " | " change " } " {
 .IR DEVICE " | "
 .BI "group " GROUP
 }
@@ -247,6 +247,7 @@ ip-link \- network device configuration
 .BR macvlan  " | "
 .BR macvtap  " | "
 .BR netdevsim " |"
+.BR netkit " |"
 .BR nlmon " |"
 .BR rmnet " |"
 .BR sit " |"
@@ -384,6 +385,9 @@ Link types:
 .BR netdevsim
 - Interface for netdev API tests
 .sp
+.BR netkit
+- BPF-programmable network device
+.sp
 .BR nlmon
 - Netlink monitoring device
 .sp
@@ -441,6 +445,11 @@ TCP for IPv6 on this device when the size is greater than 65536.
 specifies the recommended maximum size of a IPv4 Generic Segment Offload
 packet the new device should accept. This is especially used to enable
 BIG TCP for IPv4 on this device by setting to a size greater than 65536.
+Note that
+.B gso_max_size
+needs to be set to a size greater than or equal to
+.B gso_ipv4_max_size
+to really enable BIG TCP for IPv4.
 
 .TP
 .BI gso_max_segs " SEGMENTS "
@@ -849,6 +858,46 @@ tunnel.
 .in -8
 
 .TP
+netkit Type Support
+For a link of type
+.I netkit
+the following additional arguments are supported:
+
+.BI "ip link add " DEVICE
+.BR type " netkit "
+[
+.BI mode " MODE "
+] [
+.I "POLICY "
+] [
+.BR peer
+[
+.I "POLICY "
+] [
+.I "NAME "
+] ]
+
+.in +8
+
+.sp
+.BI mode " MODE"
+- specifies the operation mode of the netkit device with "l3" and "l2"
+as possible values. Default option is "l3".
+
+.sp
+.I "POLICY"
+- specifies the default device policy when no BPF programs are attached
+with "forward" and "blackhole" as possible values. Default option is
+"forward". Specifying policy before the peer option refers to the primary
+device, after the peer option refers to the peer device.
+
+.sp
+.I "NAME"
+- specifies the device name of the peer device.
+
+.in -8
+
+.TP
 IPIP, SIT Type Support
 For a link of type
 .IR IPIP or SIT
diff --git a/upstream/opensuse-tumbleweed/man8/ip-netns.8 b/upstream/opensuse-tumbleweed/man8/ip-netns.8
index 0c03fdb3..cad9c55b 100644
--- a/upstream/opensuse-tumbleweed/man8/ip-netns.8
+++ b/upstream/opensuse-tumbleweed/man8/ip-netns.8
@@ -98,7 +98,7 @@ If NAME is available in /run/netns this command creates a new
 network namespace and assigns NAME.
 
 .TP
-.B ip netns attach NAME PID - create a new named network namespace
+.B ip netns attach NAME PID - assign a name to the network namespace of the process
 .sp
 If NAME is available in /run/netns this command attaches the network
 namespace of the process PID to NAME as if it were created with ip netns.
diff --git a/upstream/opensuse-tumbleweed/man8/ip-route.8 b/upstream/opensuse-tumbleweed/man8/ip-route.8
index 8a7553c2..aa8a1a87 100644
--- a/upstream/opensuse-tumbleweed/man8/ip-route.8
+++ b/upstream/opensuse-tumbleweed/man8/ip-route.8
@@ -29,6 +29,7 @@ ip-route \- routing table management
 .ti -8
 .B  ip route get
 .I ROUTE_GET_FLAGS
+.B  [ to ]
 .IR ADDRESS " [ "
 .BI from " ADDRESS " iif " STRING"
 .RB " ] [ " oif
@@ -44,7 +45,9 @@ ip-route \- routing table management
 .B  sport
 .IR NUMBER " ] [ "
 .B  dport
-.IR NUMBER " ] "
+.IR NUMBER " ] ["
+.B  as
+.IR ADDRESS " ]"
 
 .ti -8
 .BR "ip route" " { " add " | " del " | " change " | " append " | "\
@@ -263,9 +266,14 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]"
 
 .ti -8
 .IR ROUTE_GET_FLAGS " := "
-.BR " [ "
-.BR fibmatch
-.BR " ] "
+.IR ROUTE_GET_FLAG " [ "
+.IR ROUTE_GET_FLAGS " ] "
+
+.ti -8
+.IR ROUTE_GET_FLAG " := "
+.BR "[ "
+.BR connected " | " fibmatch " | " notify
+.BR "]"
 
 .SH DESCRIPTION
 .B ip route
diff --git a/upstream/opensuse-tumbleweed/man8/ip.8 b/upstream/opensuse-tumbleweed/man8/ip.8
index 72227d44..fdae57c5 100644
--- a/upstream/opensuse-tumbleweed/man8/ip.8
+++ b/upstream/opensuse-tumbleweed/man8/ip.8
@@ -19,10 +19,12 @@ ip \- show / manipulate routing, network devices, interfaces and tunnels
 
 .ti -8
 .IR OBJECT " := { "
-.BR link " | " address " | " addrlabel " | " route " | " rule " | " neigh " | "\
- ntable " | " tunnel " | " tuntap " | " maddress " | "  mroute " | " mrule " | "\
- monitor " | " xfrm " | " netns " | "  l2tp " | "  tcp_metrics " | " token " | "\
- macsec " | " vrf " | " mptcp " | " ioam " | " stats " }"
+.BR address " | " addrlabel " | " fou " | " help " | " ila " | " ioam " | "\
+ l2tp " | " link " | " macsec " | " maddress " | " monitor " | " mptcp " | "\
+ mroute " | " mrule " | " neighbor " | " neighbour " | " netconf " | "\
+ netns " | " nexthop " | " ntable " | " ntbl " | " route " | " rule " | "\
+ sr " | " tap " | " tcpmetrics " | " token " | " tunnel " | " tuntap " | "\
+ vrf " | " xfrm " }"
 .sp
 
 .ti -8
@@ -255,6 +257,14 @@ Request the kernel to send the applied configuration back.
 - label configuration for protocol address selection.
 
 .TP
+.B fou
+- Foo-over-UDP receive port configuration.
+
+.TP
+.B ila
+- manage identifier locator addresses (ILA).
+
+.TP
 .B ioam
 - manage IOAM namespaces and IOAM schemas.
 
@@ -267,6 +277,10 @@ Request the kernel to send the applied configuration back.
 - network device.
 
 .TP
+.B macsec
+- MACsec device configuration.
+
+.TP
 .B maddress
 - multicast address.
 
@@ -291,10 +305,18 @@ Request the kernel to send the applied configuration back.
 - manage ARP or NDISC cache entries.
 
 .TP
+.B netconf
+- network configuration monitoring.
+
+.TP
 .B netns
 - manage network namespaces.
 
 .TP
+.B nexthop
+- manage nexthop objects.
+
+.TP
 .B ntable
 - manage the neighbor cache's operation.
 
@@ -307,12 +329,16 @@ Request the kernel to send the applied configuration back.
 - rule in routing policy database.
 
 .TP
+.B sr
+- manage IPv6 segment routing.
+
+.TP
 .B stats
 - manage and show interface statistics.
 
 .TP
 .B tcp_metrics/tcpmetrics
-- manage TCP Metrics
+- manage TCP Metrics.
 
 .TP
 .B token
@@ -415,19 +441,24 @@ was written by Alexey N. Kuznetsov and added in Linux 2.2.
 .SH SEE ALSO
 .BR ip-address (8),
 .BR ip-addrlabel (8),
+.BR ip-fou (8),
 .BR ip-ioam (8),
 .BR ip-l2tp (8),
 .BR ip-link (8),
+.BR ip-macsec (8),
 .BR ip-maddress (8),
 .BR ip-monitor (8),
 .BR ip-mptcp (8),
 .BR ip-mroute (8),
 .BR ip-neighbour (8),
+.BR ip-netconf (8),
 .BR ip-netns (8),
+.BR ip-nexthop (8),
 .BR ip-ntable (8),
 .BR ip-route (8),
 .BR ip-rule (8),
-.BR ip-stats (8)
+.BR ip-sr (8),
+.BR ip-stats (8),
 .BR ip-tcp_metrics (8),
 .BR ip-token (8),
 .BR ip-tunnel (8),
diff --git a/upstream/opensuse-tumbleweed/man8/kmod.8 b/upstream/opensuse-tumbleweed/man8/kmod.8
index 7019d479..8784cb64 100644
--- a/upstream/opensuse-tumbleweed/man8/kmod.8
+++ b/upstream/opensuse-tumbleweed/man8/kmod.8
@@ -2,12 +2,12 @@
 .\"     Title: kmod
 .\"    Author: Lucas De Marchi <lucas.de.marchi@gmail.com>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/09/2023
+.\"      Date: 03/05/2024
 .\"    Manual: kmod
 .\"    Source: kmod
 .\"  Language: English
 .\"
-.TH "KMOD" "8" "02/09/2023" "kmod" "kmod"
+.TH "KMOD" "8" "03/05/2024" "kmod" "kmod"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/ld.so.8 b/upstream/opensuse-tumbleweed/man8/ld.so.8
index afd29c52..b464448e 100644
--- a/upstream/opensuse-tumbleweed/man8/ld.so.8
+++ b/upstream/opensuse-tumbleweed/man8/ld.so.8
@@ -4,7 +4,7 @@
 .\" Various parts:
 .\" Copyright (C) 2007-9, 2013, 2016 Michael Kerrisk <mtk.manpages@gmail.com>
 .\"
-.TH ld.so 8 2023-07-18 "Linux man-pages 6.05.01"
+.TH ld.so 8 2024-05-08 "Linux man-pages (unreleased)"
 .SH NAME
 ld.so, ld\-linux.so \- dynamic linker/loader
 .SH SYNOPSIS
@@ -15,7 +15,7 @@ to the dynamic linker can be passed and, in the ELF case, the dynamic linker
 which is stored in the
 .B .interp
 section of the program is executed) or directly by running:
-.PP
+.P
 .I /lib/ld\-linux.so.*
 [OPTIONS] [PROGRAM [ARGUMENTS]]
 .SH DESCRIPTION
@@ -25,14 +25,14 @@ and
 .B ld\-linux.so*
 find and load the shared objects (shared libraries) needed by a program,
 prepare the program to run, and then run it.
-.PP
+.P
 Linux binaries require dynamic linking (linking at run time)
 unless the
 .B \-static
 option was given to
 .BR ld (1)
 during compilation.
-.PP
+.P
 The program
 .B ld.so
 handles a.out binaries, a binary format used long ago.
@@ -46,7 +46,7 @@ support files and programs
 .BR ldconfig (8),
 and
 .IR /etc/ld.so.conf ).
-.PP
+.P
 When resolving shared object dependencies,
 the dynamic linker first inspects each dependency
 string to see if it contains a slash (this can occur if
@@ -54,14 +54,13 @@ a shared object pathname containing slashes was specified at link time).
 If a slash is found, then the dependency string is interpreted as
 a (relative or absolute) pathname,
 and the shared object is loaded using that pathname.
-.PP
+.P
 If a shared object dependency does not contain a slash,
 then it is searched for in the following order:
 .IP (1) 5
 Using the directories specified in the
 DT_RPATH dynamic section attribute
 of the binary if present and DT_RUNPATH attribute does not exist.
-Use of DT_RPATH is deprecated.
 .IP (2)
 Using the environment variable
 .BR LD_LIBRARY_PATH ,
@@ -132,7 +131,7 @@ in the filename arguments to the
 and
 .BR dlmopen (3)
 functions.
-.PP
+.P
 The substituted tokens are as follows:
 .TP
 .IR $ORIGIN " (or equivalently " ${ORIGIN} )
@@ -187,7 +186,7 @@ value in the auxiliary vector (see
 .\"
 .\" ld.so lets names be abbreviated, so $O will work for $ORIGIN;
 .\" Don't do this!!
-.PP
+.P
 Note that the dynamic string tokens have to be quoted properly when
 set from a shell,
 to prevent their expansion as shell or environment variables.
@@ -208,6 +207,14 @@ The objects in
 .I list
 are delimited by colons.
 .TP
+.BI \-\-glibc-hwcaps-mask " list"
+only search built-in subdirectories if in
+.IR list .
+.TP
+.BI \-\-glibc-hwcaps-prepend " list"
+Search glibc-hwcaps subdirectories in
+.IR list .
+.TP
 .B \-\-inhibit\-cache
 Do not use
 .IR /etc/ld.so.cache .
@@ -238,6 +245,16 @@ are delimited by colons or spaces.
 .B \-\-list
 List all dependencies and how they are resolved.
 .TP
+.BR \-\-list\-diagnostics " (since glibc 2.33)"
+Print system diagnostic information in a machine-readable format,
+such as some internal loader variables,
+the auxiliary vector
+(see
+.BR getauxval (3)),
+and the environment variables.
+On some architectures,
+the command might print additional information
+(like the cpu features used in GNU indirect function selection on x86).
 .BR \-\-list\-tunables " (since glibc 2.33)"
 Print the names and values of all tunables,
 along with the minimum and maximum allowed values.
@@ -280,6 +297,17 @@ Other environment variables treated in this way include:
 .BR GETCONF_DIR ,
 .BR HOSTALIASES ,
 .BR LOCALDOMAIN ,
+.BR LD_AUDIT ,
+.BR LD_DEBUG ,
+.BR LD_DEBUG_OUTPUT ,
+.BR LD_DYNAMIC_WEAK ,
+.BR LD_HWCAP_MASK ,
+.BR LD_LIBRARY_PATH ,
+.BR LD_ORIGIN_PATH ,
+.BR LD_PRELOAD ,
+.BR LD_PROFILE ,
+.BR LD_SHOW_AUXV ,
+.BR LOCALDOMAIN ,
 .BR LOCPATH ,
 .BR MALLOC_TRACE ,
 .BR NIS_PATH ,
@@ -289,7 +317,7 @@ Other environment variables treated in this way include:
 .BR TMPDIR ,
 and
 .BR TZDIR .
-.PP
+.P
 A binary is executed in secure-execution mode if the
 .B AT_SECURE
 entry in the auxiliary vector (see
@@ -310,7 +338,7 @@ A nonzero value may have been set by a Linux Security Module.
 .SS Environment variables
 Among the more important environment variables are the following:
 .TP
-.BR LD_ASSUME_KERNEL " (since glibc 2.2.3)"
+.BR LD_ASSUME_KERNEL " (from glibc 2.2.3 to glibc 2.36)"
 Each shared object can inform the dynamic linker of the minimum kernel ABI
 version that it requires.
 (This requirement is encoded in an ELF note section that is viewable via
@@ -457,7 +485,7 @@ If set (to any value), causes the program to list its dynamic
 dependencies, as if run by
 .BR ldd (1),
 instead of running normally.
-.PP
+.P
 Then there are lots of more or less obscure variables,
 many obsolete or only for internal use.
 .TP
@@ -627,8 +655,11 @@ Since glibc 2.3.4,
 .B LD_DYNAMIC_WEAK
 is ignored in secure-execution mode.
 .TP
-.BR LD_HWCAP_MASK " (since glibc 2.1)"
+.BR LD_HWCAP_MASK " (from glibc 2.1 to glibc 2.38)"
 Mask for hardware capabilities.
+Since glibc 2.26,
+the option might be ignored
+if glibc does not support tunables.
 .TP
 .BR LD_ORIGIN_PATH " (since glibc 2.1)"
 Path where the binary is found.
@@ -663,7 +694,7 @@ Profiling output is appended to the file whose name is:
 .IP
 Since glibc 2.2.5,
 .B LD_PROFILE
-is ignored in secure-execution mode.
+uses a different default path in secure-execution mode.
 .TP
 .BR LD_PROFILE_OUTPUT " (since glibc 2.1)"
 Directory where
@@ -677,10 +708,6 @@ then the default is
 is ignored in secure-execution mode; instead
 .I /var/profile
 is always used.
-(This detail is relevant only before glibc 2.2.5,
-since in later glibc versions,
-.B LD_PROFILE
-is also ignored in secure-execution mode.)
 .TP
 .BR LD_SHOW_AUXV " (since glibc 2.1)"
 If this environment variable is defined (with any value),
@@ -691,7 +718,7 @@ Since glibc 2.3.4,
 .B LD_SHOW_AUXV
 is ignored in secure-execution mode.
 .TP
-.BR LD_TRACE_PRELINKING " (since glibc 2.4)"
+.BR LD_TRACE_PRELINKING " (from glibc 2.4 to glibc 2.35)"
 If this environment variable is defined,
 trace prelinking of the object whose name is assigned to
 this environment variable.
@@ -702,7 +729,7 @@ If the object name is not recognized,
 .\" (This is what seems to happen, from experimenting)
 then all prelinking activity is traced.
 .TP
-.BR LD_USE_LOAD_BIAS " (since glibc 2.3.3)"
+.BR LD_USE_LOAD_BIAS " (from glibc 2.3.3 to glibc 2.35)"
 .\" http://sources.redhat.com/ml/libc-hacker/2003-11/msg00127.html
 .\" Subject: [PATCH] Support LD_USE_LOAD_BIAS
 .\" Jakub Jelinek
@@ -788,7 +815,7 @@ as a temporary workaround to a library misconfiguration issue.)
 .I lib*.so*
 shared objects
 .SH NOTES
-.SS Hardware capabilities
+.SS Legacy Hardware capabilities (from glibc 2.5 to glibc 2.37)
 Some shared objects are compiled using hardware-specific instructions which do
 not exist on every CPU.
 Such objects should be installed in directories whose names define the
@@ -823,6 +850,65 @@ z900, z990, z9-109, z10, zarch
 .B x86 (32-bit only)
 acpi, apic, clflush, cmov, cx8, dts, fxsr, ht, i386, i486, i586, i686, mca, mmx,
 mtrr, pat, pbe, pge, pn, pse36, sep, ss, sse, sse2, tm
+.P
+The legacy hardware capabilities support has the drawback that
+each new feature added grows the search path exponentially,
+because it has to be added to
+every combination of the other existing features.
+.P
+For instance, on x86 32-bit,
+if the hardware supports
+.B i686
+and
+.BR sse2 ,
+the resulting search path will be
+.BR i686/sse2:i686:sse2:. .
+A new capability
+.B newcap
+will set the search path to
+.BR newcap/i686/sse2:newcap/i686:newcap/sse2:newcap:i686/sse2:i686:sse2: .
+.\"
+.SS glibc Hardware capabilities (from glibc 2.33)
+.TP
+.\" The initial discussion on various pitfalls of the old scheme is
+.\" <https://sourceware.org/pipermail/libc-alpha/2020-May/113757.html>
+.\" and the patchset that proposes the glibc-hwcap support is
+.\" <https://sourceware.org/pipermail/libc-alpha/2020-June/115250.html>
+glibc 2.33 added a new hardware capability scheme,
+where under each CPU architecture,
+certain levels can be defined,
+grouping support for certain features or special instructions.
+Each architecture level has
+a fixed set of paths that it adds to the dynamic linker search list,
+depending on the hardware of the machine.
+Since each new architecture level is
+not combined with previously existing ones,
+the new scheme does not have the drawback of
+growing the dynamic linker search list uncontrollably.
+.P
+For instance, on x86 64-bit,
+if the hardware supports
+.B x86_64-v3
+(for instance Intel Haswell or AMD Excavator),
+the resulting search path will be
+.B glibc-hwcaps/x86-64-v3:glibc-hwcaps/x86-64-v2:.
+.\" The x86_64 architectures levels are defined the official ABI:
+.\" <https://gitlab.com/x86-psABIs/x86-64-ABI/-/blob/master/x86-64-ABI/low-level-sys-info.tex>
+.\" The PowerPC and s390x are glibc defined ones based on chip
+.\" support (which maps to ISA levels).
+The following paths are currently supported, in priority order.
+.TP
+.B PowerPC (64-bit little-endian only)
+power10, power9
+.TP
+.B s390 (64-bit only)
+z16, z15, z14, z13
+.TP
+.B x86 (64-bit only)
+x86-64-v4, x86-64-v3, x86-64-v2
+.P
+glibc 2.37 removed support for the legacy hardware capabilities.
+.\"
 .SH SEE ALSO
 .BR ld (1),
 .BR ldd (1),
diff --git a/upstream/opensuse-tumbleweed/man8/ldconfig.8 b/upstream/opensuse-tumbleweed/man8/ldconfig.8
index 5bbfd863..a6141643 100644
--- a/upstream/opensuse-tumbleweed/man8/ldconfig.8
+++ b/upstream/opensuse-tumbleweed/man8/ldconfig.8
@@ -5,7 +5,7 @@
 .\"
 .\" Modified, 6 May 2002, Michael Kerrisk, <mtk.manpages@gmail.com>
 .\"   Change listed order of /usr/lib and /lib
-.TH ldconfig 8 2023-03-11 "Linux man-pages 6.05.01"
+.TH ldconfig 8 2024-05-02 "Linux man-pages (unreleased)"
 .SH NAME
 ldconfig \- configure dynamic linker run-time bindings
 .SH SYNOPSIS
@@ -49,7 +49,7 @@ while
 and
 .I /usr/lib64
 are used for 64-bit libraries.
-.PP
+.P
 The cache is used by the run-time linker,
 .I ld.so
 or
@@ -63,7 +63,7 @@ determining which versions should have their links updated.
 .B \%ldconfig
 should normally be run by the superuser as it may require write
 permission on some root owned directories and files.
-.PP
+.P
 .B \%ldconfig
 will look only at files that are named
 .I lib*.so*
@@ -78,20 +78,20 @@ like this example,
 where the middle file
 .RB ( libfoo.so.1
 here) is the SONAME for the library:
-.PP
+.P
 .in +4n
 .EX
 libfoo.so \-> libfoo.so.1 \-> libfoo.so.1.12
 .EE
 .in
-.PP
+.P
 Failure to follow this pattern may result in compatibility issues
 after an upgrade.
 .SH OPTIONS
 .TP
-.BI \-c\~ fmt
-.TQ
 .BI \-\-format= fmt
+.TQ
+.BI \-c\~ fmt
 (Since glibc 2.2)
 .\" commit 45eca4d141c047950db48c69c8941163d0a61fcd
 Use cache format
@@ -121,9 +121,9 @@ Use
 instead of
 .IR /etc/ld.so.conf .
 .TP
-.B \-i
-.TQ
 .B \-\-ignore\-aux\-cache
+.TQ
+.B \-i
 (Since glibc 2.7)
 .\" commit 27d9ffda17df4d2388687afd12897774fde39bcc
 Ignore auxiliary cache file.
@@ -148,9 +148,9 @@ Unless
 is also specified,
 links are still updated.
 .TP
-.B \-p
-.TQ
 .B \-\-print\-cache
+.TQ
+.B \-p
 Print the lists of directories and candidate libraries stored in
 the current cache.
 .TP
@@ -159,18 +159,18 @@ Change to and use
 .I root
 as the root directory.
 .TP
-.B \-v
-.TQ
 .B \-\-verbose
+.TQ
+.B \-v
 Verbose mode.
 Print current version number,
 the name of each directory as it is scanned,
 and any links that are created.
 Overrides quiet mode.
 .TP
-.B \-V
-.TQ
 .B \-\-version
+.TQ
+.B \-V
 Print program version.
 .TP
 .B \-X
diff --git a/upstream/opensuse-tumbleweed/man8/lsmod.8 b/upstream/opensuse-tumbleweed/man8/lsmod.8
index 87ef8f34..a804c3c2 100644
--- a/upstream/opensuse-tumbleweed/man8/lsmod.8
+++ b/upstream/opensuse-tumbleweed/man8/lsmod.8
@@ -2,12 +2,12 @@
 .\"     Title: lsmod
 .\"    Author: Jon Masters <jcm@jonmasters.org>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/09/2023
+.\"      Date: 03/05/2024
 .\"    Manual: lsmod
 .\"    Source: kmod
 .\"  Language: English
 .\"
-.TH "LSMOD" "8" "02/09/2023" "kmod" "lsmod"
+.TH "LSMOD" "8" "03/05/2024" "kmod" "lsmod"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/mkfs.btrfs.8 b/upstream/opensuse-tumbleweed/man8/mkfs.btrfs.8
index d3a88275..2664cf4d 100644
--- a/upstream/opensuse-tumbleweed/man8/mkfs.btrfs.8
+++ b/upstream/opensuse-tumbleweed/man8/mkfs.btrfs.8
@@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "MKFS.BTRFS" "8" "Feb 14, 2024" "6.7.1" "BTRFS"
+.TH "MKFS.BTRFS" "8" "May 02, 2024" "6.8.1" "BTRFS"
 .SH NAME
 mkfs.btrfs \- create a btrfs filesystem
 .SH SYNOPSIS
@@ -422,14 +422,23 @@ conversion is not possible.
 .INDENT 0.0
 .TP
 .B raid\-stripe\-tree
-(kernel support since 6.7)
+(kernel support since 6.7, CONFIG_BTRFS_DEBUG)
 .sp
-New tree for logical file extent mapping where the physical mapping
-may not match on multiple devices. this is now used in zoned mode to
+Separate tree for logical file extent mapping where the physical mapping
+may not match on multiple devices. This is now used in zoned mode to
 implement RAID0/RAID1* profiles, but can be used in non\-zoned mode as
 well. The support for RAID56 is in development and will eventually
 fix the problems with the current implementation. This is a backward
 incompatible feature and has to be enabled at mkfs time.
+.sp
+\fBNOTE:\fP
+.INDENT 7.0
+.INDENT 3.5
+Due to the status of implementation it is enabled only in
+builds with CONFIG_BTRFS_DEBUG. Support by the kernel module
+can be found in the sysfs feature list.
+.UNINDENT
+.UNINDENT
 .TP
 .B squota
 (kernel support since 6.7)
@@ -1009,6 +1018,6 @@ than can fit into the filesystem.
 \fI\%btrfs(5)\fP,
 \fI\%btrfs(8)\fP,
 \fI\%btrfs\-balance(8)\fP,
-\fBwipefs(8)\fP
+\fI\%wipefs(8)\fP
 .\" Generated by docutils manpage writer.
 .
diff --git a/upstream/opensuse-tumbleweed/man8/mkfs.xfs.8 b/upstream/opensuse-tumbleweed/man8/mkfs.xfs.8
index 891570d0..e4852572 100644
--- a/upstream/opensuse-tumbleweed/man8/mkfs.xfs.8
+++ b/upstream/opensuse-tumbleweed/man8/mkfs.xfs.8
@@ -504,6 +504,33 @@ directories.
 By default,
 .B mkfs.xfs
 will not enable DAX mode.
+.TP
+.BI concurrency= value
+Create enough allocation groups to handle the desired level of concurrency.
+The goal of this calculation scheme is to set the number of allocation groups
+to an integer multiple of the number of writer threads desired, to minimize
+contention of AG locks.
+This scheme will neither create fewer AGs than would be created by the default
+configuration, nor will it create AGs smaller than 4GB.
+This option is not compatible with the
+.B agcount
+or
+.B agsize
+options.
+The magic value
+.I nr_cpus
+or
+.I 1
+or no value at all will set this parameter to the number of active processors
+in the system.
+If the kernel advertises that the data device is a non-mechanical storage
+device,
+.B mkfs.xfs
+will use this new geometry calculation scheme.
+The magic value of
+.I 0
+forces use of the older AG geometry calculations that is used for mechanical
+storage.
 .RE
 .TP
 .B \-f
@@ -768,6 +795,25 @@ if you want to disable this feature for older kernels which don't support
 it.
 .IP
 This option is only tunable on the deprecated V4 format.
+.TP
+.BI concurrency= value
+Allocate a log that is estimated to be large enough to handle the desired level
+of concurrency without userspace program threads contending for log space.
+This scheme will neither create a log smaller than the minimum required,
+nor create a log larger than the maximum possible.
+This option is only valid for internal logs and is not compatible with the
+size option.
+This option is not compatible with the
+.B logdev
+or
+.B size
+options.
+The magic value
+.I nr_cpus
+or
+.I 1
+or no value at all will set this parameter to the number of active processors
+in the system.
 .RE
 .PP
 .PD 0
diff --git a/upstream/opensuse-tumbleweed/man8/modinfo.8 b/upstream/opensuse-tumbleweed/man8/modinfo.8
index ee889579..f7175dc1 100644
--- a/upstream/opensuse-tumbleweed/man8/modinfo.8
+++ b/upstream/opensuse-tumbleweed/man8/modinfo.8
@@ -2,12 +2,12 @@
 .\"     Title: modinfo
 .\"    Author: Jon Masters <jcm@jonmasters.org>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 12/06/2023
+.\"      Date: 03/05/2024
 .\"    Manual: modinfo
 .\"    Source: kmod
 .\"  Language: English
 .\"
-.TH "MODINFO" "8" "12/06/2023" "kmod" "modinfo"
+.TH "MODINFO" "8" "03/05/2024" "kmod" "modinfo"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -40,7 +40,7 @@ modinfo \- Show information about a Linux Kernel module
 .PP
 \fBmodinfo\fR
 extracts information from the Linux Kernel modules given on the command line\&. If the module name is not a filename, then the
-/usr/lib/modules/\fIversion\fR
+/lib/modules/\fIversion\fR
 directory is searched, as is also done by
 \fBmodprobe\fR(8)
 when loading kernel modules\&.
diff --git a/upstream/opensuse-tumbleweed/man8/modprobe.8 b/upstream/opensuse-tumbleweed/man8/modprobe.8
index c5fd0dc0..8a286ebb 100644
--- a/upstream/opensuse-tumbleweed/man8/modprobe.8
+++ b/upstream/opensuse-tumbleweed/man8/modprobe.8
@@ -2,12 +2,12 @@
 .\"     Title: modprobe
 .\"    Author: Jon Masters <jcm@jonmasters.org>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 12/06/2023
+.\"      Date: 03/05/2024
 .\"    Manual: modprobe
 .\"    Source: kmod
 .\"  Language: English
 .\"
-.TH "MODPROBE" "8" "12/06/2023" "kmod" "modprobe"
+.TH "MODPROBE" "8" "03/05/2024" "kmod" "modprobe"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -44,7 +44,7 @@ modprobe \- Add and remove modules from the Linux Kernel
 intelligently adds or removes a module from the Linux kernel: note that for convenience, there is no difference between _ and \- in module names (automatic underscore conversion is performed)\&.
 \fBmodprobe\fR
 looks in the module directory
-/usr/lib/modules/`uname \-r`
+/lib/modules/`uname \-r`
 for all the modules and other files, except for the optional configuration files in the
 /etc/modprobe\&.d
 directory (see
diff --git a/upstream/opensuse-tumbleweed/man8/nscd.8 b/upstream/opensuse-tumbleweed/man8/nscd.8
index 1b39b95d..07d365ce 100644
--- a/upstream/opensuse-tumbleweed/man8/nscd.8
+++ b/upstream/opensuse-tumbleweed/man8/nscd.8
@@ -6,7 +6,7 @@
 .\" 2008-12-05 Petr Baudis <pasky@suse.cz>
 .\"	Rewrite the NOTES section to reflect modern reality
 .\"
-.TH nscd 8 2022-10-30 "Linux man-pages 6.05.01"
+.TH nscd 8 2024-05-02 "Linux man-pages (unreleased)"
 .SH NAME
 nscd \- name service cache daemon
 .SH DESCRIPTION
@@ -18,7 +18,7 @@ The default configuration file,
 determines the behavior of the cache daemon.
 See
 .BR nscd.conf (5).
-.PP
+.P
 .B nscd
 provides caching for accesses of the
 .BR passwd (5),
@@ -34,7 +34,7 @@ databases through standard libc interfaces, such as
 .BR getgrgid (3),
 .BR gethostbyname (3),
 and others.
-.PP
+.P
 There are two caches for each database:
 a positive one for items found, and a negative one
 for items not found.
@@ -70,7 +70,7 @@ In that case, you need to run the following command
 after changing the configuration file of the database so that
 .B nscd
 invalidates its cache:
-.PP
+.P
 .in +4n
 .EX
 $ \fBnscd \-i\fP \fI<database>\fP
diff --git a/upstream/opensuse-tumbleweed/man8/nss-myhostname.8 b/upstream/opensuse-tumbleweed/man8/nss-myhostname.8
index ab3064a2..d2e92b58 100644
--- a/upstream/opensuse-tumbleweed/man8/nss-myhostname.8
+++ b/upstream/opensuse-tumbleweed/man8/nss-myhostname.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "NSS\-MYHOSTNAME" "8" "" "systemd 254" "nss-myhostname"
+.TH "NSS\-MYHOSTNAME" "8" "" "systemd 255" "nss-myhostname"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -129,12 +129,11 @@ correctly:
 .RS 4
 .\}
 .nf
-passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
-shadow:         compat systemd
+passwd:         files systemd
+group:          files [SUCCESS=merge] systemd
+shadow:         files systemd
 gshadow:        files systemd
 
-
 hosts:          mymachines resolve [!UNAVAIL=return] files \fBmyhostname\fR dns
 networks:       files
 
diff --git a/upstream/opensuse-tumbleweed/man8/nss-mymachines.8 b/upstream/opensuse-tumbleweed/man8/nss-mymachines.8
index 009e217f..60a2b3a7 100644
--- a/upstream/opensuse-tumbleweed/man8/nss-mymachines.8
+++ b/upstream/opensuse-tumbleweed/man8/nss-mymachines.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "NSS\-MYMACHINES" "8" "" "systemd 254" "nss-mymachines"
+.TH "NSS\-MYMACHINES" "8" "" "systemd 255" "nss-mymachines"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -66,9 +66,9 @@ correctly:
 .RS 4
 .\}
 .nf
-passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
-shadow:         compat systemd
+passwd:         files systemd
+group:          files [SUCCESS=merge] systemd
+shadow:         files systemd
 gshadow:        files systemd
 
 hosts:          \fBmymachines\fR resolve [!UNAVAIL=return] files myhostname dns
diff --git a/upstream/opensuse-tumbleweed/man8/nss-resolve.8 b/upstream/opensuse-tumbleweed/man8/nss-resolve.8
index 994bd818..5c12c8d4 100644
--- a/upstream/opensuse-tumbleweed/man8/nss-resolve.8
+++ b/upstream/opensuse-tumbleweed/man8/nss-resolve.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "NSS\-RESOLVE" "8" "" "systemd 254" "nss-resolve"
+.TH "NSS\-RESOLVE" "8" "" "systemd 255" "nss-resolve"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -91,6 +91,8 @@ socket\&.
 \fI$SYSTEMD_NSS_RESOLVE_VALIDATE\fR
 .RS 4
 Takes a boolean argument\&. When false, cryptographic validation of resource records via DNSSEC will be disabled\&. This may be useful for testing, or when system time is known to be unreliable\&.
+.sp
+Added in version 250\&.
 .RE
 .PP
 \fI$SYSTEMD_NSS_RESOLVE_SYNTHESIZE\fR
@@ -98,28 +100,38 @@ Takes a boolean argument\&. When false, cryptographic validation of resource rec
 Takes a boolean argument\&. When false, synthetic records, e\&.g\&. for the local host name, will not be returned\&. See section SYNTHETIC RECORDS in
 \fBsystemd-resolved.service\fR(8)
 for more information\&. This may be useful to query the "public" resource records, independent of the configuration of the local machine\&.
+.sp
+Added in version 250\&.
 .RE
 .PP
 \fI$SYSTEMD_NSS_RESOLVE_CACHE\fR
 .RS 4
 Takes a boolean argument\&. When false, the cache of previously queried records will not be used by
 \fBsystemd-resolved\fR(8)\&.
+.sp
+Added in version 250\&.
 .RE
 .PP
 \fI$SYSTEMD_NSS_RESOLVE_ZONE\fR
 .RS 4
 Takes a boolean argument\&. When false, answers using locally registered public LLMNR/mDNS resource records will not be returned\&.
+.sp
+Added in version 250\&.
 .RE
 .PP
 \fI$SYSTEMD_NSS_RESOLVE_TRUST_ANCHOR\fR
 .RS 4
 Takes a boolean argument\&. When false, answers using locally configured trust anchors will not be used\&.
+.sp
+Added in version 250\&.
 .RE
 .PP
 \fI$SYSTEMD_NSS_RESOLVE_NETWORK\fR
 .RS 4
 Takes a boolean argument\&. When false, answers will be returned without using the network, i\&.e\&. either from local sources or the cache in
 \fBsystemd-resolved\fR(8)\&.
+.sp
+Added in version 250\&.
 .RE
 .SH "EXAMPLE"
 .PP
@@ -133,9 +145,9 @@ correctly:
 .RS 4
 .\}
 .nf
-passwd:         compat systemd
-group:          compat [SUCCESS=merge] systemd
-shadow:         compat systemd
+passwd:         files systemd
+group:          files [SUCCESS=merge] systemd
+shadow:         files systemd
 gshadow:        files systemd
 
 hosts:          mymachines \fBresolve [!UNAVAIL=return]\fR files myhostname dns
diff --git a/upstream/opensuse-tumbleweed/man8/nss-systemd.8 b/upstream/opensuse-tumbleweed/man8/nss-systemd.8
index cc685a61..31d5b1ba 100644
--- a/upstream/opensuse-tumbleweed/man8/nss-systemd.8
+++ b/upstream/opensuse-tumbleweed/man8/nss-systemd.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "NSS\-SYSTEMD" "8" "" "systemd 254" "nss-systemd"
+.TH "NSS\-SYSTEMD" "8" "" "systemd 255" "nss-systemd"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -62,8 +62,6 @@ It is recommended to place
 "systemd"
 after the
 "files"
-or
-"compat"
 entry of the
 /etc/nsswitch\&.conf
 lines so that
@@ -142,9 +140,9 @@ correctly:
 .RS 4
 .\}
 .nf
-passwd:         compat \fBsystemd\fR
-group:          compat [SUCCESS=merge] \fBsystemd\fR
-shadow:         compat \fBsystemd\fR
+passwd:         files \fBsystemd\fR
+group:          files \fB[SUCCESS=merge] systemd\fR
+shadow:         files \fBsystemd\fR
 gshadow:        files \fBsystemd\fR
 
 hosts:          mymachines resolve [!UNAVAIL=return] files myhostname dns
diff --git a/upstream/opensuse-tumbleweed/man8/pam_systemd.8 b/upstream/opensuse-tumbleweed/man8/pam_systemd.8
index f5836b9e..21a69f0e 100644
--- a/upstream/opensuse-tumbleweed/man8/pam_systemd.8
+++ b/upstream/opensuse-tumbleweed/man8/pam_systemd.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "PAM_SYSTEMD" "8" "" "systemd 254" "pam_systemd"
+.TH "PAM_SYSTEMD" "8" "" "systemd 255" "pam_systemd"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -144,6 +144,8 @@ or
 "background"\&. See
 \fBsd_session_get_class\fR(3)
 for details about the session class\&.
+.sp
+Added in version 197\&.
 .RE
 .PP
 \fItype=\fR
@@ -159,6 +161,8 @@ or
 "mir"\&. See
 \fBsd_session_get_type\fR(3)
 for details about the session type\&.
+.sp
+Added in version 209\&.
 .RE
 .PP
 \fIdesktop=\fR
@@ -173,6 +177,8 @@ environment variable (see below) takes precedence\&. This may be used to indicat
 \fI$XDG_CURRENT_DESKTOP\fR\&.) See
 \fBsd_session_get_desktop\fR(3)
 for further details\&.
+.sp
+Added in version 240\&.
 .RE
 .PP
 \fIdefault\-capability\-bounding\-set=\fR, \fIdefault\-capability\-ambient\-set=\fR
@@ -186,6 +192,8 @@ for details on the capabilities concept\&. If not specified, the default boundin
 for regular users if the PAM session is associated with a local seat or if it is invoked for the
 "systemd\-user"
 service\&. Otherwise defaults to the empty set\&.
+.sp
+Added in version 254\&.
 .RE
 .PP
 \fIdebug\fR[=]
@@ -225,6 +233,8 @@ is not set if the current user is not the original user of the session\&.
 \fI$TZ\fR, \fI$EMAIL\fR, \fI$LANG\fR
 .RS 4
 If a JSON user record is known for the user logging in these variables are initialized from the respective data in the record\&.
+.sp
+Added in version 245\&.
 .RE
 .PP
 The following environment variables are read by the module and may be used by the PAM service to pass metadata to the module\&. If these variables are not set when the PAM module is invoked but can be determined otherwise they are set by the module, so that these variables are initialized for the session and applications if known at all\&.
@@ -234,6 +244,8 @@ The following environment variables are read by the module and may be used by th
 The session type\&. This may be used instead of
 \fItype=\fR
 on the module parameter line, and is usually preferred\&.
+.sp
+Added in version 209\&.
 .RE
 .PP
 \fI$XDG_SESSION_CLASS\fR
@@ -241,6 +253,8 @@ on the module parameter line, and is usually preferred\&.
 The session class\&. This may be used instead of
 \fIclass=\fR
 on the module parameter line, and is usually preferred\&.
+.sp
+Added in version 209\&.
 .RE
 .PP
 \fI$XDG_SESSION_DESKTOP\fR
@@ -248,17 +262,23 @@ on the module parameter line, and is usually preferred\&.
 The desktop identifier\&. This may be used instead of
 \fIdesktop=\fR
 on the module parameter line, and is usually preferred\&.
+.sp
+Added in version 209\&.
 .RE
 .PP
 \fI$XDG_SEAT\fR
 .RS 4
 The seat name the session shall be registered for, if any\&.
+.sp
+Added in version 209\&.
 .RE
 .PP
 \fI$XDG_VTNR\fR
 .RS 4
 The VT number the session shall be registered for, if any\&. (Only applies to seats with a VT available, such as
 "seat0")
+.sp
+Added in version 209\&.
 .RE
 .PP
 If not set,
@@ -290,30 +310,40 @@ for additional information about how to set the context objects\&.
 .RS 4
 Sets unit
 \fIMemoryMax=\fR\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fIsystemd\&.tasks_max=\fR
 .RS 4
 Sets unit
 \fITasksMax=\fR\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fIsystemd\&.cpu_weight=\fR
 .RS 4
 Sets unit
 \fICPUWeight=\fR\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fIsystemd\&.io_weight=\fR
 .RS 4
 Sets unit
 \fIIOWeight=\fR\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fIsystemd\&.runtime_max_sec=\fR
 .RS 4
 Sets unit
 \fIRuntimeMaxSec=\fR\&.
+.sp
+Added in version 244\&.
 .RE
 .PP
 Example data as can be provided from an another PAM module:
diff --git a/upstream/opensuse-tumbleweed/man8/pam_systemd_home.8 b/upstream/opensuse-tumbleweed/man8/pam_systemd_home.8
index d596d82f..866cecd2 100644
--- a/upstream/opensuse-tumbleweed/man8/pam_systemd_home.8
+++ b/upstream/opensuse-tumbleweed/man8/pam_systemd_home.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "PAM_SYSTEMD_HOME" "8" "" "systemd 254" "pam_systemd_home"
+.TH "PAM_SYSTEMD_HOME" "8" "" "systemd 255" "pam_systemd_home"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -53,11 +53,15 @@ This setting may also be controlled via the
 environment variable (see below), which
 \fBpam_systemd_home\fR
 reads during initialization and sets for sessions\&. If both the environment variable is set and the module parameter specified the latter takes precedence\&.
+.sp
+Added in version 245\&.
 .RE
 .PP
 \fIdebug\fR[=]
 .RS 4
 Takes an optional boolean argument\&. If yes or without the argument, the module will log debugging information as it operates\&.
+.sp
+Added in version 245\&.
 .RE
 .SH "MODULE TYPES PROVIDED"
 .PP
@@ -82,6 +86,8 @@ The following environment variables are initialized by the module and available
 .RS 4
 Indicates that the user\*(Aqs home directory is managed by
 systemd\-homed\&.service\&.
+.sp
+Added in version 245\&.
 .RE
 .PP
 \fI$SYSTEMD_HOME_SUSPEND=\fR
@@ -90,6 +96,8 @@ Indicates whether the session has been registered with the suspend mechanism ena
 "0"
 or
 "1"\&. Note that the module both reads the variable when initializing, and sets it for sessions\&.
+.sp
+Added in version 246\&.
 .RE
 .SH "EXAMPLE"
 .PP
diff --git a/upstream/opensuse-tumbleweed/man8/pam_systemd_loadkey.8 b/upstream/opensuse-tumbleweed/man8/pam_systemd_loadkey.8
new file mode 100644
index 00000000..679dfd2e
--- /dev/null
+++ b/upstream/opensuse-tumbleweed/man8/pam_systemd_loadkey.8
@@ -0,0 +1,99 @@
+'\" t
+.TH "PAM_SYSTEMD_LOADKEY" "8" "" "systemd 255" "pam_systemd_loadkey"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_systemd_loadkey \- Read password from kernel keyring and set it as PAM authtok
+.SH "SYNOPSIS"
+.PP
+pam_systemd_loadkey\&.so
+.SH "DESCRIPTION"
+.PP
+\fBpam_systemd_loadkey\fR
+reads a NUL\-separated password list from the kernel keyring, and sets the last password in the list as the PAM authtok\&.
+.PP
+The password list is supposed to be stored in the "user" keyring of the root user, by an earlier call to
+\fBsystemd-ask-password\fR(1)
+with
+\fB\-\-keyname=\fR\&. You can pass the keyname to
+\fBpam_systemd_loadkey\fR
+via the
+\fBkeyname=\fR
+option\&.
+.SH "OPTIONS"
+.PP
+The following options are understood:
+.PP
+\fIkeyname=\fR
+.RS 4
+Takes a string argument which sets the keyname to read\&. The default is
+"cryptsetup", which is used by
+\fBsystemd-cryptsetup@.service\fR(8)
+to store LUKS passphrase during boot\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fIdebug\fR
+.RS 4
+The module will log debugging information as it operates\&.
+.sp
+Added in version 255\&.
+.RE
+.SH "EXAMPLE"
+.PP
+This module is intended to be used when you use LUKS with a passphrase, enable autologin in the display manager, and want to unlock Gnome Keyring / KDE KWallet automatically\&. So in total, you only enter one password during boot\&.
+.PP
+You need to set the password of your Gnome Keyring/KWallet to the same as your LUKS passphrase\&. Then add the following lines to your display manager\*(Aqs PAM config under
+/etc/pam\&.d/
+(e\&.g\&.
+sddm\-autologin):
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+\-auth       optional    pam_systemd_loadkey\&.so
+\-session    optional    pam_gnome_keyring\&.so auto_start
+\-session    optional    pam_kwallet5\&.so auto_start
+    
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+And add the following lines to your display manager\*(Aqs systemd service file, so it can access root\*(Aqs keyring:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+[Service]
+KeyringMode=inherit
+    
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+In this setup, early during the boot process,
+\fBsystemd-cryptsetup@.service\fR(8)
+will ask for the passphrase and store it in the kernel keyring with the keyname
+"cryptsetup"\&. Then when the display manager does the autologin, pam_systemd_loadkey will read the passphrase from the kernel keyring, set it as the PAM authtok, and then pam_gnome_keyring and pam_kwallet5 will unlock with the same passphrase\&.
diff --git a/upstream/opensuse-tumbleweed/man8/poweroff.8 b/upstream/opensuse-tumbleweed/man8/poweroff.8
index efafc081..92c73aa8 100644
--- a/upstream/opensuse-tumbleweed/man8/poweroff.8
+++ b/upstream/opensuse-tumbleweed/man8/poweroff.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "POWEROFF" "8" "" "systemd 254" "poweroff"
+.TH "POWEROFF" "8" "" "systemd 255" "poweroff"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -41,11 +41,15 @@ The following options are understood:
 \fB\-\-help\fR
 .RS 4
 Print a short help text and exit\&.
+.PP
+Added in version 253\&.
 .RE
 .PP
 \fB\-\-halt\fR
 .RS 4
 Halt the machine, regardless of which one of the three commands is invoked\&.
+.sp
+Added in version 253\&.
 .RE
 .PP
 \fB\-p\fR, \fB\-\-poweroff\fR
@@ -57,11 +61,15 @@ or
 is invoked\&. This option is ignored when
 \fBreboot\fR
 is invoked\&.
+.sp
+Added in version 253\&.
 .RE
 .PP
 \fB\-\-reboot\fR
 .RS 4
 Reboot the machine, regardless of which one of the three commands is invoked\&.
+.sp
+Added in version 253\&.
 .RE
 .PP
 \fB\-f\fR, \fB\-\-force\fR
@@ -71,26 +79,36 @@ Force immediate power\-off, halt, or reboot\&. If specified, the command does no
 is mostly equivalent to
 \fBsystemctl reboot \-ff\fR, instead of
 \fBsystemctl reboot \-f\fR\&.
+.sp
+Added in version 253\&.
 .RE
 .PP
 \fB\-w\fR, \fB\-\-wtmp\-only\fR
 .RS 4
 Only write wtmp shutdown entry, do not actually power off, reboot, or halt\&.
+.sp
+Added in version 253\&.
 .RE
 .PP
 \fB\-d\fR, \fB\-\-no\-wtmp\fR
 .RS 4
 Do not write wtmp shutdown entry\&.
+.sp
+Added in version 253\&.
 .RE
 .PP
 \fB\-n\fR, \fB\-\-no\-sync\fR
 .RS 4
 Don\*(Aqt sync hard disks/storage media before power\-off, reboot, or halt\&.
+.sp
+Added in version 253\&.
 .RE
 .PP
 \fB\-\-no\-wall\fR
 .RS 4
 Do not send wall message before power\-off, reboot, or halt\&.
+.sp
+Added in version 253\&.
 .RE
 .SH "EXIT STATUS"
 .PP
diff --git a/upstream/opensuse-tumbleweed/man8/rmmod.8 b/upstream/opensuse-tumbleweed/man8/rmmod.8
index 3700ec0a..026d2608 100644
--- a/upstream/opensuse-tumbleweed/man8/rmmod.8
+++ b/upstream/opensuse-tumbleweed/man8/rmmod.8
@@ -2,12 +2,12 @@
 .\"     Title: rmmod
 .\"    Author: Jon Masters <jcm@jonmasters.org>
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 02/09/2023
+.\"      Date: 03/05/2024
 .\"    Manual: rmmod
 .\"    Source: kmod
 .\"  Language: English
 .\"
-.TH "RMMOD" "8" "02/09/2023" "kmod" "rmmod"
+.TH "RMMOD" "8" "03/05/2024" "kmod" "rmmod"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/runlevel.8 b/upstream/opensuse-tumbleweed/man8/runlevel.8
index 12a58cf8..edbabfde 100644
--- a/upstream/opensuse-tumbleweed/man8/runlevel.8
+++ b/upstream/opensuse-tumbleweed/man8/runlevel.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "RUNLEVEL" "8" "" "systemd 254" "runlevel"
+.TH "RUNLEVEL" "8" "" "systemd 255" "runlevel"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -120,6 +120,8 @@ will print this value as previous runlevel and ignore utmp\&.
 The utmp database
 \fBrunlevel\fR
 reads the previous and current runlevel from\&.
+.sp
+Added in version 237\&.
 .RE
 .SH "SEE ALSO"
 .PP
diff --git a/upstream/opensuse-tumbleweed/man8/saned.8 b/upstream/opensuse-tumbleweed/man8/saned.8
index 1112ade7..b2215c95 100644
--- a/upstream/opensuse-tumbleweed/man8/saned.8
+++ b/upstream/opensuse-tumbleweed/man8/saned.8
@@ -24,6 +24,9 @@ saned \- SANE network daemon
 .B ]
 .B [ \-e ]
 .B [ \-h ]
+.B [ \-B
+.I buffer-size
+.B ]
 
 .SH DESCRIPTION
 .B saned
@@ -115,33 +118,15 @@ will divert
 debug output to stderr instead of the syslog default.
 
 .TP
+.BR \-B ", " \-\-buffer-size=\fIbuffer\-size\fR
+specifies the size of the read buffer used for communication with the backend in KB.
+Default value is 1MB.
+
+.TP
 .BR \-h ", " \-\-help
 displays a short help message.
-.PP
-If
-.B saned
-is run from other programs such as
-.BR inetd (8),
-.BR xinetd (8)
-and
-.BR systemd (1),
-check that program's documentation on how to pass command-line options.
 
 .SH CONFIGURATION
-First and foremost:
-.B saned
-is not intended to be exposed to the internet or other non-trusted
-networks. Make sure that access is limited by tcpwrappers and/or a firewall
-setup. Don't depend only on
-.BR saned 's
-own authentication. Don't run
-.B saned
-as root if it's not necessary. And do
-.B not
-install
-.B saned
-as setuid root.
-.PP
 The
 .I saned.conf
 configuration file contains both options for the daemon and the access
@@ -199,282 +184,6 @@ scan\-client.somedomain.firm
 .PP
 The case of the host names does not matter, so AHost.COM is considered
 identical to ahost.com.
-.SH SERVER DAEMON CONFIGURATION
-For
-.B saned
-to work properly in its default mode of operation, it is also necessary to
-add the appropriate configuration for
-.BR xinetd (8),
-.BR inetd (8)
-or
-.BR systemd (1)
-(see below).
-Note that your
-.BR inetd (8)
-must support IPv6 if you want to connect to
-.B saned
-over IPv6;
-.BR xinetd (8),
-.BR openbsd-inetd (8)
-and
-.BR systemd (1)
-are known to support IPv6, check the documentation for your
-.BR inetd (8)
-daemon.
-.PP
-In the sections below the configuration for
-.BR inetd (8),
-.BR xinetd (8)
-and
-.BR systemd (1)
-are described in more detail.
-.PP
-For the configurations below it is necessary to add a line of the following
-form to
-.IR /etc/services :
-.PP
-.RS
-sane\-port 6566/tcp # SANE network scanner daemon
-.RE
-.PP
-The official IANA short name for port 6566 is "sane\-port". The older name
-"sane" is now deprecated.
-
-.SH INETD CONFIGURATION
-It is required to add a single line to the
-.BR inetd (8)
-configuration file
-.IR (/etc/inetd.conf)
-.
-.PP
-The configuration line normally looks like this:
-.PP
-.RS
-sane\-port stream tcp nowait saned.saned /usr/sbin/saned saned
-.RE
-.PP
-However, if your system uses
-.BR tcpd (8)
-for additional security screening, you may want to disable
-.B saned
-access control by putting ``+'' in
-.IR saned.conf
-and use a line of the following form in
-.IR /etc/inetd.conf
-instead:
-.PP
-.RS
-sane\-port stream tcp nowait saned.saned /usr/sbin/tcpd /usr/sbin/saned
-.RE
-.PP
-Note that both examples assume that there is a
-.B saned
-group and a
-.B saned
-user.  If you follow this example, please make sure that the
-access permissions on the special device are set such that
-.B saned
-can access the scanner (the program generally needs read and
-write access to scanner devices).
-
-.SH XINETD CONFIGURATION
-If
-.BR xinetd (8)
-is installed on your system instead of
-.BR inetd (8)
-the following example for
-.I /etc/xinetd.conf
-may be helpful:
-.PP
-.RS
-.ft CR
-.nf
-# default: off
-# description: The sane server accepts requests
-# for network access to a local scanner via the
-# network.
-service sane\-port
-{
-   port        = 6566
-   socket_type = stream
-   wait        = no
-   user        = saned
-   group       = saned
-   server      = /usr/sbin/saned
-}
-.fi
-.ft R
-.RE
-
-.SH SYSTEMD CONFIGURATION
-.B saned
-can be compiled with explicit
-.BR systemd (1)
-support. This
-will allow logging debugging information to be forwarded
-to the
-.BR systemd (1)
-journal. The
-.BR systemd (1)
-support requires compilation with the systemd-devel package
-installed on the system. This is the preferred option.
-
-.B saned
-can be used with
-.BR systemd (1)
-without the
-.BR systemd (1)
-integration compiled in, but then logging of debug information is not supported.
-
-The
-.BR systemd (1)
-configuration is different for the 2 options, so both are described below.
-
-.SH Systemd configuration for saned with systemd support compiled in
-For
-.BR systemd (1)
-configuration we need to add 2 configuration files in
-.IR /etc/systemd/system .
-.PP
-The first file we need to add here is called
-.I saned.socket.
-It shall have
-the following contents:
-.PP
-.RS
-.ft CR
-.nf
-[Unit]
-Description=saned incoming socket
-
-[Socket]
-ListenStream=6566
-Accept=yes
-MaxConnections=1
-
-[Install]
-WantedBy=sockets.target
-.fi
-.ft R
-.RE
-.PP
-The second file to be added is
-.I saned@.service
-with the following contents:
-.PP
-.RS
-.ft CR
-.nf
-[Unit]
-Description=Scanner Service
-Requires=saned.socket
-
-[Service]
-ExecStart=/usr/sbin/saned
-User=saned
-Group=saned
-StandardInput=null
-StandardOutput=syslog
-StandardError=syslog
-Environment=SANE_CONFIG_DIR=/etc/sane.d
-# If you need to debug your configuration uncomment the next line and
-# change it as appropriate to set the desired debug options
-# Environment=SANE_DEBUG_DLL=255 SANE_DEBUG_BJNP=5
-
-[Install]
-Also=saned.socket
-.fi
-.ft R
-.RE
-.PP
-You need to set an environment variable for
-.B SANE_CONFIG_DIR
-pointing to the directory where
-.B saned
-can find its configuration files.
-You will have to remove the # on the last line and set the variables
-for the desired debugging information if required.  Multiple variables
-can be set by separating the assignments by spaces as shown in the
-example above.
-.PP
-Unlike
-.BR xinetd (8)
-and
-.BR inetd (8),
-.BR systemd (1)
-allows debugging output from backends set using
-.B SANE_DEBUG_XXX
-to be captured. See the man-page for your backend to see what options
-are  supported.
-With the service unit as described above, the debugging output is
-forwarded to the system log.
-
-.SH Systemd configuration when saned is compiled without systemd support
-This configuration will also work when
-.B saned
-is compiled WITH
-.BR systemd (1)
-integration support, but it does not allow debugging information to be logged.
-.PP
-For
-.BR systemd (1)
-configuration for
-.BR saned ,
-we need to add 2 configuration files in
-.IR /etc/systemd/system .
-.PP
-The first file we need to add here is called
-.I saned.socket.
-It is identical to the version for
-.BR systemd (1)
-with the support compiled in.
-It shall have the following contents:
-.PP
-.RS
-.ft CR
-.nf
-[Unit]
-Description=saned incoming socket
-
-[Socket]
-ListenStream=6566
-Accept=yes
-MaxConnections=1
-
-[Install]
-WantedBy=sockets.target
-.fi
-.ft R
-.RE
-.PP
-The second file to be added is
-.IR saned@.service .
-This one differs from the version with
-.BR systemd (1)
-integration compiled in:
-.PP
-.RS
-.ft CR
-.nf
-[Unit]
-Description=Scanner Service
-Requires=saned.socket
-
-[Service]
-ExecStart=/usr/sbin/saned
-User=saned
-Group=saned
-StandardInput=socket
-
-Environment=SANE_CONFIG_DIR=/etc/sane.d
-
-[Install]
-Also=saned.socket
-.fi
-.ft R
-.RE
-.PP
-
 .SH FILES
 .TP
 .I /etc/hosts.equiv
@@ -518,6 +227,28 @@ and
 .I "/etc/sane.d"
 being searched (in this order).
 
+.SH NOTES
+.B saned
+does
+.I not
+provide confidentiality when communicating with clients. If
+.B saned
+is exposed directly on the network, other users may be able to intercept
+scanned images, or learn passwords for connecting to
+.BR saned ,
+with little effort. Client systems should connect to
+.B saned
+through a secure tunnel to the server instead.
+.PP
+.B saned
+is not a trusted program and should not run with root privileges.
+.PP
+Refer to
+.I /usr/share/doc/packages/sane-backends/saned/saned.install.md
+for details on configuring
+.B saned
+as a service.
+
 .SH "SEE ALSO"
 .BR sane (7),
 .BR scanimage (1),
diff --git a/upstream/opensuse-tumbleweed/man8/shutdown.8 b/upstream/opensuse-tumbleweed/man8/shutdown.8
index eff64f9f..fa4aafcf 100644
--- a/upstream/opensuse-tumbleweed/man8/shutdown.8
+++ b/upstream/opensuse-tumbleweed/man8/shutdown.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SHUTDOWN" "8" "" "systemd 254" "shutdown"
+.TH "SHUTDOWN" "8" "" "systemd 255" "shutdown"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -105,6 +105,8 @@ or
 \fB\-\-show\fR
 .RS 4
 Show a pending shutdown action and time if there is any\&.
+.sp
+Added in version 250\&.
 .RE
 .SH "EXIT STATUS"
 .PP
diff --git a/upstream/opensuse-tumbleweed/man8/sln.8 b/upstream/opensuse-tumbleweed/man8/sln.8
index 81d9078e..0bb74c83 100644
--- a/upstream/opensuse-tumbleweed/man8/sln.8
+++ b/upstream/opensuse-tumbleweed/man8/sln.8
@@ -2,7 +2,7 @@
 .\"
 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
 .\"
-.TH sln 8 2023-01-07 "Linux man-pages 6.05.01"
+.TH sln 8 2024-05-02 "Linux man-pages (unreleased)"
 .SH NAME
 sln \- create symbolic links
 .SH SYNOPSIS
@@ -20,13 +20,13 @@ program, it is statically linked.
 This means that if for some reason the dynamic linker is not working,
 .B sln
 can be used to make symbolic links to dynamic libraries.
-.PP
+.P
 The command line has two forms.
 In the first form, it creates
 .I dest
 as a new symbolic link to
 .IR source .
-.PP
+.P
 In the second form,
 .I filelist
 is a list of space-separated pathname pairs,
@@ -34,7 +34,7 @@ and the effect is as if
 .B sln
 was executed once for each line of the file,
 with the two pathnames as the arguments.
-.PP
+.P
 The
 .B sln
 program supports no command-line options.
diff --git a/upstream/opensuse-tumbleweed/man8/ss.8 b/upstream/opensuse-tumbleweed/man8/ss.8
index 073e9f03..e23af826 100644
--- a/upstream/opensuse-tumbleweed/man8/ss.8
+++ b/upstream/opensuse-tumbleweed/man8/ss.8
@@ -24,6 +24,9 @@ Output version information.
 .B \-H, \-\-no-header
 Suppress header line.
 .TP
+.B \-Q, \-\-no-queues
+Suppress sending and receiving queue columns.
+.TP
 .B \-O, \-\-oneline
 Print each socket's data on a single line.
 .TP
@@ -40,6 +43,10 @@ established connections) sockets.
 .B \-l, \-\-listening
 Display only listening sockets (these are omitted by default).
 .TP
+.B \-B, \-\-bound-inactive
+Display only TCP bound but inactive (not listening, connecting, etc.) sockets
+(these are omitted by default).
+.TP
 .B \-o, \-\-options
 Show timer information. For TCP protocol, the output format is:
 .RS
@@ -419,6 +426,12 @@ to FILE after applying filters. If FILE is - stdout is used.
 Read filter information from FILE.  Each line of FILE is interpreted
 like single command line option. If FILE is - stdin is used.
 .TP
+.B \-\-bpf-maps
+Pretty-print all the BPF socket-local data entries for each socket.
+.TP
+.B \-\-bpf-map-id=MAP_ID
+Pretty-print the BPF socket-local data entries for the requested map ID. Can be used more than once.
+.TP
 .B FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
 Please take a look at the official documentation for details regarding filters.
 
@@ -456,6 +469,9 @@ states except for
 - opposite to
 .B bucket
 
+.B bound-inactive
+- bound but otherwise inactive sockets (not listening, connecting, etc.)
+
 .SH EXPRESSION
 
 .B EXPRESSION
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-ask-password-console.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-ask-password-console.service.8
index 244a3b7f..fa9566e6 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-ask-password-console.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-ask-password-console.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-ASK\-PASSWORD\-CONSOLE\&.SERVICE" "8" "" "systemd 254" "systemd-ask-password-console.service"
+.TH "SYSTEMD\-ASK\-PASSWORD\-CONSOLE\&.SERVICE" "8" "" "systemd 255" "systemd-ask-password-console.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-binfmt.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-binfmt.service.8
index e87b5056..da878c7a 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-binfmt.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-binfmt.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-BINFMT\&.SERVICE" "8" "" "systemd 254" "systemd-binfmt.service"
+.TH "SYSTEMD\-BINFMT\&.SERVICE" "8" "" "systemd 255" "systemd-binfmt.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -39,6 +39,8 @@ for information about the configuration of this service\&.
 \fB\-\-unregister\fR
 .RS 4
 If passed, instead of registering configured binary formats in the kernel, the reverse operation is executed: all currently registered binary formats are unregistered from the kernel\&.
+.sp
+Added in version 246\&.
 .RE
 .PP
 \fB\-\-cat\-config\fR
@@ -46,6 +48,11 @@ If passed, instead of registering configured binary formats in the kernel, the r
 Copy the contents of config files to standard output\&. Before each file, the filename is printed as a comment\&.
 .RE
 .PP
+\fB\-\-tldr\fR
+.RS 4
+Copy the contents of config files to standard output\&. Only the "interesting" parts of the configuration files are printed, comments and empty lines are skipped\&. Before each file, the filename is printed as a comment\&.
+.RE
+.PP
 \fB\-\-no\-pager\fR
 .RS 4
 Do not pipe output into a pager\&.
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-boot-check-no-failures.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-boot-check-no-failures.service.8
index 58946edc..d3edc66b 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-boot-check-no-failures.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-boot-check-no-failures.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-BOOT\-CHECK\-NO\-FAILURES\&.SERVICE" "8" "" "systemd 254" "systemd-boot-check-no-failures.service"
+.TH "SYSTEMD\-BOOT\-CHECK\-NO\-FAILURES\&.SERVICE" "8" "" "systemd 255" "systemd-boot-check-no-failures.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-bsod.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-bsod.service.8
new file mode 100644
index 00000000..cd820d5b
--- /dev/null
+++ b/upstream/opensuse-tumbleweed/man8/systemd-bsod.service.8
@@ -0,0 +1,61 @@
+'\" t
+.TH "SYSTEMD\-BSOD\&.SERVICE" "8" "" "systemd 255" "systemd-bsod"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+systemd-bsod.service, systemd-bsod \- Displays boot\-time emergency log message in full screen
+.SH "SYNOPSIS"
+.PP
+systemd\-bsod\&.service
+.HP \w'\fBsystemd\-bsod\fR\ 'u
+\fBsystemd\-bsod\fR [OPTIONS...]
+.SH "DESCRIPTION"
+.PP
+systemd\-bsod\&.service
+is used to display a blue screen which contains a message relating to a boot failure, including a QR code which can be scanned to get helpful information about the failure\&.
+.SH "OPTIONS"
+.PP
+The following options are understood by
+\fBsystemd\-bsod\fR:
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Print a short help text and exit\&.
+.RE
+.PP
+\fB\-\-version\fR
+.RS 4
+Print a short version string and exit\&.
+.RE
+.PP
+\fB\-c\fR, \fB\-\-continuous\fR
+.RS 4
+When specified,
+\fBsystemd\-bsod\fR
+waits continuously for changes in the journal if it doesn\*(Aqt find any emergency messages on the initial attempt\&.
+.sp
+Added in version 255\&.
+.RE
+.SH "EXIT STATUS"
+.PP
+On success (displaying the journal message successfully), 0 is returned, a non\-zero failure code otherwise\&.
+.SH "SEE ALSO"
+.PP
+\fBsystemd\fR(1)
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-coredump.8 b/upstream/opensuse-tumbleweed/man8/systemd-coredump.8
index 64484c0e..842c5fc9 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-coredump.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-coredump.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-COREDUMP" "8" "" "systemd 254" "systemd-coredump"
+.TH "SYSTEMD\-COREDUMP" "8" "" "systemd 255" "systemd-coredump"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -203,17 +203,23 @@ When the crashed process was part of a container (or in a process or user namesp
 \fIoutside\fR, in the namespace where
 systemd\-coredump
 is running\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_TIMESTAMP=\fR
 .RS 4
 The time of the crash as reported by the kernel (in μs since the epoch)\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_RLIMIT=\fR
 .RS 4
 The core file size soft resource limit, see
 \fBgetrlimit\fR(2)\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_UNIT=\fR, \fICOREDUMP_SLICE=\fR
@@ -222,6 +228,8 @@ The system unit and slice names\&.
 .sp
 When the crashed process was in container, those are the units names
 \fIoutside\fR, in the main system manager\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_CGROUP=\fR
@@ -229,6 +237,8 @@ When the crashed process was in container, those are the units names
 The primary cgroup of the unit of the crashed process\&.
 .sp
 When the crashed process was in a container, this is the full path, as seen outside of the container\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_PROC_CGROUP=\fR
@@ -238,14 +248,18 @@ Control group information in the format used in
 "0::", and multiple paths prefixed with controller numbers on legacy systems\&.
 .sp
 When the crashed process was in a container, this is the full path, as seen outside of the container\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_OWNER_UID=\fR, \fICOREDUMP_USER_UNIT=\fR, \fICOREDUMP_SESSION=\fR
 .RS 4
-The numerical UID of the user owning the login session or systemd user unit of the crashed process, the user manager unit, and the sesion identifier\&. All three fields are only present for user processes\&.
+The numerical UID of the user owning the login session or systemd user unit of the crashed process, the user manager unit, and the session identifier\&. All three fields are only present for user processes\&.
 .sp
 When the crashed process was in container, those are the values
 \fIoutside\fR, in the main system\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_SIGNAL_NAME=\fR, \fICOREDUMP_SIGNAL=\fR
@@ -254,6 +268,8 @@ The terminating signal name (with the
 "SIG"
 prefix
 \&\s-2\u[4]\d\s+2) and numerical value\&. (Both are included because signal numbers vary by architecture\&.)
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_CWD=\fR, \fICOREDUMP_ROOT=\fR
@@ -261,6 +277,8 @@ prefix
 The current working directory and root directory of the crashed process\&.
 .sp
 When the crashed process is in a container, those paths are relative to the root of the container\*(Aqs mount namespace\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_OPEN_FDS=\fR
@@ -290,6 +308,8 @@ The first line contains the file descriptor number
 \fIfd\fR
 and the path, while subsequent lines show the contents of
 /proc/\fIpid\fR/fdinfo/\fIfd\fR\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_EXE=\fR
@@ -299,6 +319,8 @@ The destination of the
 symlink\&.
 .sp
 When the crashed process is in a container, that path is relative to the root of the container\*(Aqs mount namespace\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_CMDLINE=\fR, \fICOREDUMP_COMM=\fR, \fICOREDUMP_ENVIRON=\fR, \fICOREDUMP_PROC_AUXV=\fR, \fICOREDUMP_PROC_LIMITS=\fR, \fICOREDUMP_PROC_MAPS=\fR, \fICOREDUMP_PROC_MOUNTINFO=\fR, \fICOREDUMP_PROC_STATUS=\fR
@@ -327,6 +349,8 @@ filesystem:
 See
 \fBproc\fR(5)
 for more information\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_HOSTNAME=\fR
@@ -334,21 +358,29 @@ for more information\&.
 The system hostname\&.
 .sp
 When the crashed process was in container, this is the container hostname\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_CONTAINER_CMDLINE=\fR
 .RS 4
-For processes running in a container, the commandline of the process spawning the container (the first parent process with a different mount namespace)\&.
+For processes running in a container, the command line of the process spawning the container (the first parent process with a different mount namespace)\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP=\fR
 .RS 4
 When the core is stored in the journal, the core image itself\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_FILENAME=\fR
 .RS 4
 When the core is stored externally, the path to the core file\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_TRUNCATED=\fR
@@ -356,6 +388,8 @@ When the core is stored externally, the path to the core file\&.
 Set to
 "1"
 when the saved coredump was truncated\&. (A partial core image may still be processed by some tools, though obviously not all information is available\&.)
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fICOREDUMP_PACKAGE_NAME=\fR, \fICOREDUMP_PACKAGE_VERSION=\fR, \fICOREDUMP_PACKAGE_JSON=\fR
@@ -366,6 +400,8 @@ and
 \fIpackageVersion\fR
 of the \*(Aqmain\*(Aq ELF module (ie: the executable) will be appended individually\&. The JSON\-formatted content of all modules will be appended as a single JSON object, each with the module name as the key\&. For more information about this metadata format and content, see
 \m[blue]\fBthe coredump metadata spec\fR\m[]\&\s-2\u[5]\d\s+2\&.
+.sp
+Added in version 249\&.
 .RE
 .PP
 \fIMESSAGE=\fR
@@ -376,6 +412,8 @@ that includes the backtrace if it was successfully generated\&. When
 \fBsystemd\-coredump\fR
 is invoked with
 \fB\-\-backtrace\fR, this field is provided by the caller\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 Various other fields exist in the journal entry, but pertain to the logging process, i\&.e\&.
@@ -398,6 +436,8 @@ Those are the same as
 \fICOREDUMP_HOSTNAME=\fR,
 \fICOREDUMP_COMM=\fR, and
 \fICOREDUMP_EXE=\fR, described above\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 Those can be viewed using
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-debug-generator.8 b/upstream/opensuse-tumbleweed/man8/systemd-debug-generator.8
index f5e8d603..7aa1b11a 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-debug-generator.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-debug-generator.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-DEBUG\-GENERATOR" "8" "" "systemd 254" "systemd-debug-generator"
+.TH "SYSTEMD\-DEBUG\-GENERATOR" "8" "" "systemd 255" "systemd-debug-generator"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-environment-d-generator.8 b/upstream/opensuse-tumbleweed/man8/systemd-environment-d-generator.8
index a5051534..2e7e31ab 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-environment-d-generator.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-environment-d-generator.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-ENVIRONMENT\-D\-GENERATOR" "8" "" "systemd 254" "systemd-environment-d-generator"
+.TH "SYSTEMD\-ENVIRONMENT\-D\-GENERATOR" "8" "" "systemd 255" "systemd-environment-d-generator"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-getty-generator.8 b/upstream/opensuse-tumbleweed/man8/systemd-getty-generator.8
index f8bd860b..a14b9abc 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-getty-generator.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-getty-generator.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-GETTY\-GENERATOR" "8" "" "systemd 254" "systemd-getty-generator"
+.TH "SYSTEMD\-GETTY\-GENERATOR" "8" "" "systemd 255" "systemd-getty-generator"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -61,12 +61,16 @@ parameters:
 \fIsystemd\&.getty_auto=\fR
 .RS 4
 this options take an optional boolean argument, and default to yes\&. The generator is enabled by default, and a false value may be used to disable it\&.
+.sp
+Added in version 250\&.
 .RE
 .SH "ENVIRONMENT"
 .PP
 \fI$SYSTEMD_GETTY_AUTO\fR
 .RS 4
 This variable takes an optional boolean argument, and default to yes\&. The generator is enabled by default, and a false value may be used to disable it\&.
+.sp
+Added in version 250\&.
 .RE
 .SH "SYSTEM CREDENTIALS"
 .PP
@@ -79,6 +83,8 @@ serial\-getty@\&.service
 container\-getty@\&.service
 (in case of
 \fIgetty\&.ttys\&.container\fR) on\&.
+.sp
+Added in version 254\&.
 .RE
 .SH "SEE ALSO"
 .PP
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-hibernate-resume.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-hibernate-resume.service.8
index 68f808d4..f5b1b7a1 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-hibernate-resume.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-hibernate-resume.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-HIBERNATE\-RESUME\&.SERVICE" "8" "" "systemd 254" "systemd-hibernate-resume.service"
+.TH "SYSTEMD\-HIBERNATE\-RESUME\&.SERVICE" "8" "" "systemd 255" "systemd-hibernate-resume.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,9 +31,9 @@ systemd\-hibernate\-resume\&.service
 systemd\-hibernate\-resume\&.service
 initiates the resume from hibernation\&.
 .PP
-systemd\-hibernate\-resume
+\fBsystemd\-hibernate\-resume\fR
 only supports the in\-kernel hibernation implementation, see
-\m[blue]\fBSwap suspend\fR\m[]\&\s-2\u[1]\d\s+2\&. Internally, it works by writing the major:minor of specified device node to
+\m[blue]\fBSwap suspend\fR\m[]\&\s-2\u[1]\d\s+2\&. Internally, it works by writing the major:minor of selected device node to
 /sys/power/resume, along with the offset in memory pages (/sys/power/resume_offset) if supported\&.
 .PP
 Failing to initiate a resume is not an error condition\&. It may mean that there was no resume image (e\&. g\&. if the system has been simply powered off and not hibernated)\&. In such cases, the boot is ordinarily continued\&.
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-homed.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-homed.service.8
index 518b8437..b9f44fb1 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-homed.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-homed.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-HOMED\&.SERVICE" "8" "" "systemd 254" "systemd-homed.service"
+.TH "SYSTEMD\-HOMED\&.SERVICE" "8" "" "systemd 255" "systemd-homed.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -55,16 +55,22 @@ directory:
 /var/lib/systemd/home/local\&.private
 .RS 4
 The private key of the public/private key pair used for local records\&. Currently, only a single such key may be installed\&.
+.sp
+Added in version 246\&.
 .RE
 .PP
 /var/lib/systemd/home/local\&.public
 .RS 4
 The public key of the public/private key pair used for local records\&. Currently, only a single such key may be installed\&.
+.sp
+Added in version 246\&.
 .RE
 .PP
 /var/lib/systemd/home/*\&.public
 .RS 4
 Additional public keys\&. Any users whose user records are signed with any of these keys are permitted to log in locally\&. An arbitrary number of keys may be installed this way\&.
+.sp
+Added in version 246\&.
 .RE
 .PP
 All key files listed above are in PEM format\&.
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-hostnamed.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-hostnamed.service.8
index a55d20ef..af2fd26a 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-hostnamed.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-hostnamed.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-HOSTNAMED\&.SERVICE" "8" "" "systemd 254" "systemd-hostnamed.service"
+.TH "SYSTEMD\-HOSTNAMED\&.SERVICE" "8" "" "systemd 255" "systemd-hostnamed.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-importd.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-importd.service.8
index c1e66985..a9bdd93f 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-importd.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-importd.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-IMPORTD\&.SERVICE" "8" "" "systemd 254" "systemd-importd.service"
+.TH "SYSTEMD\-IMPORTD\&.SERVICE" "8" "" "systemd 255" "systemd-importd.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-initctl.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-initctl.service.8
index dc406721..b88bead9 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-initctl.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-initctl.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-INITCTL\&.SERVICE" "8" "" "systemd 254" "systemd-initctl.service"
+.TH "SYSTEMD\-INITCTL\&.SERVICE" "8" "" "systemd 255" "systemd-initctl.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-journal-gatewayd.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-journal-gatewayd.service.8
index cca2aabd..5ab1dd0b 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-journal-gatewayd.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-journal-gatewayd.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-JOURNAL\-GATEWAYD\&.SERVICE" "8" "" "systemd 254" "systemd-journal-gatewayd.service"
+.TH "SYSTEMD\-JOURNAL\-GATEWAYD\&.SERVICE" "8" "" "systemd 255" "systemd-journal-gatewayd.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -54,6 +54,8 @@ stream socket to read the server certificate from\&. The certificate must be in
 \fBsystemd\-journal\-gatewayd\fR
 into HTTPS mode and must be used together with
 \fB\-\-key=\fR\&.
+.sp
+Added in version 198\&.
 .RE
 .PP
 \fB\-\-key=\fR
@@ -63,6 +65,8 @@ Specify the path to a file or
 stream socket to read the secret server key corresponding to the certificate specified with
 \fB\-\-cert=\fR
 from\&. The key must be in PEM format\&.
+.sp
+Added in version 198\&.
 .RE
 .PP
 \fB\-\-trust=\fR
@@ -70,6 +74,8 @@ from\&. The key must be in PEM format\&.
 Specify the path to a file or
 \fBAF_UNIX\fR
 stream socket to read a CA certificate from\&. The certificate must be in PEM format\&.
+.sp
+Added in version 236\&.
 .RE
 .PP
 \fB\-\-system\fR, \fB\-\-user\fR
@@ -80,6 +86,8 @@ and
 \fB\-\-user\fR
 options for
 \fBjournalctl\fR(1)\&. If neither is specified, all accessible entries are served\&.
+.sp
+Added in version 249\&.
 .RE
 .PP
 \fB\-m\fR, \fB\-\-merge\fR
@@ -88,6 +96,8 @@ Serve entries interleaved from all available journals, including other machines\
 \fB\-\-merge\fR
 option for
 \fBjournalctl\fR(1)\&.
+.sp
+Added in version 249\&.
 .RE
 .PP
 \fB\-D \fR\fB\fIDIR\fR\fR, \fB\-\-directory=\fR\fB\fIDIR\fR\fR
@@ -97,6 +107,8 @@ Takes a directory path as argument\&. If specified,
 will serve the specified journal directory
 \fIDIR\fR
 instead of the default runtime and system journal paths\&.
+.sp
+Added in version 232\&.
 .RE
 .PP
 \fB\-\-file=\fR\fB\fIGLOB\fR\fR
@@ -107,6 +119,8 @@ instead of the default runtime and system journal paths\&. May be specified mult
 \fB\-\-file=\fR
 option for
 \fBjournalctl\fR(1)\&.
+.sp
+Added in version 249\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -125,6 +139,8 @@ The following URLs are recognized:
 /browse
 .RS 4
 Interactive browsing\&.
+.sp
+Added in version 197\&.
 .RE
 .PP
 /entries[?option1&option2=value\&...]
@@ -140,6 +156,8 @@ The
 part of the HTTP header determines the range of events returned\&. Supported values are described below\&.
 .sp
 GET parameters can be used to modify what events are returned\&. Supported parameters are described below\&.
+.sp
+Added in version 197\&.
 .RE
 .PP
 /machine
@@ -163,11 +181,14 @@ Example:
 .RE
 .\}
 .sp
+Added in version 197\&.
 .RE
 .PP
 /fields/\fIFIELD_NAME\fR
 .RS 4
 Return a list of values of this field present in the logs\&.
+.sp
+Added in version 197\&.
 .RE
 .SH "ACCEPT HEADER"
 .PP
@@ -179,6 +200,8 @@ Recognized formats:
 .RS 4
 The default\&. Plaintext syslog\-like output, one line per journal entry (like
 \fBjournalctl \-\-output short\fR)\&.
+.sp
+Added in version 197\&.
 .RE
 .PP
 \fBapplication/json\fR
@@ -187,6 +210,8 @@ Entries are formatted as JSON data structures, one per line (like
 \fBjournalctl \-\-output json\fR)\&. See
 \m[blue]\fBJournal JSON Format\fR\m[]\&\s-2\u[1]\d\s+2
 for more information\&.
+.sp
+Added in version 197\&.
 .RE
 .PP
 \fBtext/event\-stream\fR
@@ -195,6 +220,8 @@ Entries are formatted as JSON data structures, wrapped in a format suitable for
 \m[blue]\fBServer\-Sent Events\fR\m[]\&\s-2\u[2]\d\s+2
 (like
 \fBjournalctl \-\-output json\-sse\fR)\&.
+.sp
+Added in version 229\&.
 .RE
 .PP
 \fBapplication/vnd\&.fdo\&.journal\fR
@@ -203,6 +230,8 @@ Entries are serialized into a binary (but mostly text\-based) stream suitable fo
 \fBjournalctl \-\-output export\fR)\&. See
 \m[blue]\fBJournal Export Format\fR\m[]\&\s-2\u[3]\d\s+2
 for more information\&.
+.sp
+Added in version 197\&.
 .RE
 .SH "RANGE HEADER"
 .PP
@@ -225,23 +254,31 @@ follow
 .RS 4
 wait for new events (like
 \fBjournalctl \-\-follow\fR, except that the number of events returned is not limited)\&.
+.sp
+Added in version 197\&.
 .RE
 .PP
 discrete
 .RS 4
 Test that the specified cursor refers to an entry in the journal\&. Returns just this entry\&.
+.sp
+Added in version 197\&.
 .RE
 .PP
 boot
 .RS 4
 Limit events to the current boot of the system (like
 \fBjournalctl \-b\fR)\&.
+.sp
+Added in version 197\&.
 .RE
 .PP
 \fIKEY\fR=\fImatch\fR
 .RS 4
 Match journal fields\&. See
 \fBsystemd.journal-fields\fR(7)\&.
+.sp
+Added in version 197\&.
 .RE
 .SH "EXAMPLES"
 .PP
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-journal-remote.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-journal-remote.service.8
index 5b455ece..041ce227 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-journal-remote.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-journal-remote.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-JOURNAL\-REMOTE\&.SERVICE" "8" "" "systemd 254" "systemd-journal-remote.service"
+.TH "SYSTEMD\-JOURNAL\-REMOTE\&.SERVICE" "8" "" "systemd 255" "systemd-journal-remote.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -65,6 +65,8 @@ Active sources can be specified in the following ways:
 When
 \fB\-\fR
 is given as a positional argument, events will be read from standard input\&. Other positional arguments will be treated as filenames to open and read from\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-url=\fR\fB\fIADDRESS\fR\fR
@@ -75,6 +77,8 @@ option, events will be retrieved using HTTP from
 \fIADDRESS\fR\&. This URL should refer to the root of a remote
 \fBsystemd-journal-gatewayd\fR(8)
 instance, e\&.g\&. http://some\&.host:19531/ or https://some\&.host:19531/\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-getter=\*(Aq\fR\fB\fIPROG\fR\fR\fB \fR\fB[OPTIONS...]\fR\fB\*(Aq\fR
@@ -102,6 +106,8 @@ Examples:
 .if n \{\
 .RE
 .\}
+.sp
+Added in version 239\&.
 .RE
 .PP
 Passive sources can be specified in the following ways:
@@ -115,6 +121,8 @@ must be an address suitable for
 \fBsystemd.socket\fR(5))\&.
 \fBsystemd\-journal\-remote\fR
 will listen on this socket for connections\&. Each connection is expected to be a stream of journal events\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-listen\-http=\fR\fB\fIADDRESS\fR\fR, \fB\-\-listen\-https=\fR\fB\fIADDRESS\fR\fR
@@ -132,6 +140,8 @@ and
 with
 "Content\-Type: application/vnd\&.fdo\&.journal"
 are supported\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fI$LISTEN_FDS\fR
@@ -146,6 +156,8 @@ described above, unless they are specified as an argument in
 or
 \fB\-\-listen\-https=\-\fR\fB\fIn\fR\fR
 above\&. In the latter case, an HTTP or HTTPS server will be spawned using this descriptor and connections must be made over the HTTP protocol\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-key=\fR
@@ -155,6 +167,8 @@ Takes a path to a SSL secret key file in PEM format\&. Defaults to
 \fB\-\-listen\-https=\fR\&. If the path refers to an
 \fBAF_UNIX\fR
 stream socket in the file system a connection is made to it and the key read from it\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-cert=\fR
@@ -164,6 +178,8 @@ Takes a path to a SSL certificate file in PEM format\&. Defaults to
 \fB\-\-listen\-https=\fR\&. If the path refers to an
 \fBAF_UNIX\fR
 stream socket in the file system a connection is made to it and the certificate read from it\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-trust=\fR
@@ -176,6 +192,8 @@ is set, then certificate checking will be disabled\&. Defaults to
 \fB\-\-listen\-https=\fR\&. If the path refers to an
 \fBAF_UNIX\fR
 stream socket in the file system a connection is made to it and the certificate read from it\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-gnutls\-log=\fR
@@ -184,6 +202,8 @@ Takes a comma separated list of gnutls logging categories\&. This option can be
 \fB\-\-listen\-http=\fR
 or
 \fB\-\-listen\-https=\fR\&.
+.sp
+Added in version 239\&.
 .RE
 .SH "SINKS"
 .PP
@@ -196,6 +216,8 @@ or
 .RS 4
 Will write to this journal file\&. The filename must end with
 \&.journal\&. The file will be created if it does not exist\&. If necessary (journal file full, or corrupted), the file will be renamed following normal journald rules and a new journal file will be created in its stead\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-o \fR\fB\fIDIR\fR\fR, \fB\-\-output=\fR\fB\fIDIR\fR\fR
@@ -204,6 +226,8 @@ Will create journal files underneath directory
 \fIDIR\fR\&. The directory must exist\&. If necessary (journal files over size, or corrupted), journal files will be rotated following normal journald rules\&. Names of files underneath
 \fIDIR\fR
 will be generated using the rules described below\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 If
@@ -234,6 +258,8 @@ In the case that "active" sources are given by the positional arguments or
 option, the output file name must always be given explicitly and only
 \fBnone\fR
 is allowed\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-compress\fR [\fIBOOL\fR]
@@ -242,6 +268,8 @@ If this is set to
 "yes"
 then compress the data in the journal using XZ\&. The default is
 "yes"\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-seal\fR [\fIBOOL\fR]
@@ -250,6 +278,8 @@ If this is set to
 "yes"
 then periodically sign the data in the journal using Forward Secure Sealing\&. The default is
 "no"\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-journal-upload.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-journal-upload.service.8
index 728d0314..0ea61197 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-journal-upload.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-journal-upload.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-JOURNAL\-UPLOAD\&.SERVICE" "8" "" "systemd 254" "systemd-journal-upload.service"
+.TH "SYSTEMD\-JOURNAL\-UPLOAD\&.SERVICE" "8" "" "systemd 255" "systemd-journal-upload.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -54,6 +54,8 @@ may specify either just the hostname or both the protocol and hostname\&.
 is the default\&. The port number may be specified after a colon (":"), otherwise
 \fB19532\fR
 will be used by default\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-system\fR, \fB\-\-user\fR
@@ -64,6 +66,8 @@ and
 \fB\-\-user\fR
 options for
 \fBjournalctl\fR(1)\&. If neither is specified, all accessible entries are uploaded\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-m\fR, \fB\-\-merge\fR
@@ -72,6 +76,8 @@ Upload entries interleaved from all available journals, including other machines
 \fB\-\-merge\fR
 option for
 \fBjournalctl\fR(1)\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-namespace=\fR\fB\fINAMESPACE\fR\fR
@@ -82,6 +88,8 @@ instead of the default namespace\&. This has the same meaning as
 \fB\-\-namespace=\fR
 option for
 \fBjournalctl\fR(1)\&.
+.sp
+Added in version 254\&.
 .RE
 .PP
 \fB\-D\fR, \fB\-\-directory=\fR\fB\fIDIR\fR\fR
@@ -92,6 +100,8 @@ instead of the default runtime and system journal paths\&. This has the same mea
 \fB\-\-directory=\fR
 option for
 \fBjournalctl\fR(1)\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-file=\fR\fB\fIGLOB\fR\fR
@@ -102,6 +112,8 @@ instead of the default runtime and system journal paths\&. May be specified mult
 \fB\-\-file=\fR
 option for
 \fBjournalctl\fR(1)\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-cursor=\fR
@@ -110,6 +122,8 @@ Upload entries from the location in the journal specified by the passed cursor\&
 \fB\-\-cursor=\fR
 option for
 \fBjournalctl\fR(1)\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-after\-cursor=\fR
@@ -120,6 +134,8 @@ the location specified by the this cursor\&. This has the same meaning as
 \fB\-\-after\-cursor=\fR
 option for
 \fBjournalctl\fR(1)\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-save\-state\fR[=\fIPATH\fR]
@@ -130,6 +146,8 @@ the location specified by the cursor saved in file at
 \fIPATH\fR
 (/var/lib/systemd/journal\-upload/state
 by default)\&. After an entry is successfully uploaded, update this file with the cursor of that entry\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-follow\fR[=\fIBOOL\fR]
@@ -137,6 +155,8 @@ by default)\&. After an entry is successfully uploaded, update this file with th
 If set to yes, then
 \fBsystemd\-journal\-upload\fR
 waits for input\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-key=\fR
@@ -146,6 +166,8 @@ Takes a path to a SSL key file in PEM format, or
 \fB\-\fR
 is set, then client certificate authentication checking will be disabled\&. Defaults to
 /etc/pki/systemd/private/journal\-upload\&.pem\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-cert=\fR
@@ -155,6 +177,8 @@ Takes a path to a SSL certificate file in PEM format, or
 \fB\-\fR
 is set, then client certificate authentication checking will be disabled\&. Defaults to
 /etc/pki/systemd/certs/journal\-upload\&.pem\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-\-trust=\fR
@@ -164,6 +188,8 @@ Takes a path to a SSL CA certificate file in PEM format, or
 \fB\-\fR/\fBall\fR
 is set, then certificate checking will be disabled\&. Defaults to
 /etc/pki/systemd/ca/trusted\&.pem\&.
+.sp
+Added in version 239\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-journald.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-journald.service.8
index 7f439f04..58c564ca 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-journald.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-journald.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-JOURNALD\&.SERVICE" "8" "" "systemd 254" "systemd-journald.service"
+.TH "SYSTEMD\-JOURNALD\&.SERVICE" "8" "" "systemd 255" "systemd-journald.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -247,6 +247,8 @@ regardless of the configuration\&. Use the
 command to request flushing of the journal files, and wait for the operation to complete\&. See
 \fBjournalctl\fR(1)
 for details\&.
+.sp
+Added in version 186\&.
 .RE
 .PP
 SIGUSR2
@@ -254,6 +256,8 @@ SIGUSR2
 Request immediate rotation of the journal files\&. Use the
 \fBjournalctl \-\-rotate\fR
 command to request journal file rotation, and wait for the operation to complete\&.
+.sp
+Added in version 186\&.
 .RE
 .PP
 SIGRTMIN+1
@@ -261,6 +265,8 @@ SIGRTMIN+1
 Request that all unwritten log data is written to disk\&. Use the
 \fBjournalctl \-\-sync\fR
 command to trigger journal synchronization, and wait for the operation to complete\&.
+.sp
+Added in version 228\&.
 .RE
 .SH "KERNEL COMMAND LINE"
 .PP
@@ -275,6 +281,17 @@ Enables/disables forwarding of collected log messages to syslog, the kernel log
 See
 \fBjournald.conf\fR(5)
 for information about these settings\&.
+.sp
+Added in version 186\&.
+.RE
+.PP
+\fIsystemd\&.journald\&.max_level_store=\fR, \fIsystemd\&.journald\&.max_level_syslog=\fR, \fIsystemd\&.journald\&.max_level_kmsg=\fR, \fIsystemd\&.journald\&.max_level_console=\fR, \fIsystemd\&.journald\&.max_level_wall=\fR, \fIsystemd\&.journald\&.max_level_socket=\fR
+.RS 4
+Controls the maximum log level of messages that are stored in the journal, forwarded to syslog, kmsg, the console, the wall, or a socket\&. This kernel command line options override the settings of the same names in the
+\fBjournald.conf\fR(5)
+file\&.
+.sp
+Added in version 232\&.
 .RE
 .PP
 Note that these kernel command line options are only honoured by the default namespace, see above\&.
@@ -316,6 +333,8 @@ Configure
 \fBsystemd\-journald\fR
 behavior\&. See
 \fBjournald.conf\fR(5)\&.
+.sp
+Added in version 206\&.
 .RE
 .PP
 /run/log/journal/\fImachine\-id\fR/*\&.journal, /run/log/journal/\fImachine\-id\fR/*\&.journal~, /var/log/journal/\fImachine\-id\fR/*\&.journal, /var/log/journal/\fImachine\-id\fR/*\&.journal~
@@ -359,6 +378,8 @@ will automatically remove the oldest archived journal files to limit disk use\&.
 \fISystemMaxUse=\fR
 and related settings in
 \fBjournald.conf\fR(5)\&.
+.sp
+Added in version 206\&.
 .RE
 .PP
 /dev/kmsg, /dev/log, /run/systemd/journal/dev\-log, /run/systemd/journal/socket, /run/systemd/journal/stdout
@@ -371,6 +392,8 @@ can listen for audit events using
 \fBnetlink\fR(7), depending on whether
 "systemd\-journald\-audit\&.socket"
 is enabled or not\&.
+.sp
+Added in version 228\&.
 .RE
 .PP
 If journal namespacing is used these paths are slightly altered to include a namespace identifier, see above\&.
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-localed.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-localed.service.8
index 84c0fe34..eabe5304 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-localed.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-localed.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-LOCALED\&.SERVICE" "8" "" "systemd 254" "systemd-localed.service"
+.TH "SYSTEMD\-LOCALED\&.SERVICE" "8" "" "systemd 255" "systemd-localed.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-logind.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-logind.service.8
index 098085b5..f1bf34d2 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-logind.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-logind.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-LOGIND\&.SERVICE" "8" "" "systemd 254" "systemd-logind.service"
+.TH "SYSTEMD\-LOGIND\&.SERVICE" "8" "" "systemd 255" "systemd-logind.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-machine-id-commit.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-machine-id-commit.service.8
index 78d518eb..c76834db 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-machine-id-commit.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-machine-id-commit.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-MACHINE\-ID\-COMMIT\&.SERVICE" "8" "" "systemd 254" "systemd-machine-id-commit.service"
+.TH "SYSTEMD\-MACHINE\-ID\-COMMIT\&.SERVICE" "8" "" "systemd 255" "systemd-machine-id-commit.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-machined.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-machined.service.8
index 851bea14..37940727 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-machined.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-machined.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-MACHINED\&.SERVICE" "8" "" "systemd 254" "systemd-machined.service"
+.TH "SYSTEMD\-MACHINED\&.SERVICE" "8" "" "systemd 255" "systemd-machined.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-networkd-wait-online.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-networkd-wait-online.service.8
index 046ff4b7..a1eafa54 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-networkd-wait-online.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-networkd-wait-online.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-NETWORKD\-WAIT\-ONLINE\&.SERVICE" "8" "" "systemd 254" "systemd-networkd-wait-online.service"
+.TH "SYSTEMD\-NETWORKD\-WAIT\-ONLINE\&.SERVICE" "8" "" "systemd 255" "systemd-networkd-wait-online.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -76,11 +76,15 @@ in the corresponding
 file is used if present, and
 "degraded"
 otherwise\&.
+.sp
+Added in version 213\&.
 .RE
 .PP
 \fB\-\-ignore=\fR\fIINTERFACE\fR
 .RS 4
 Network interfaces to be ignored when deciding if the system is online\&. By default, only the loopback interface is ignored\&. This option may be used more than once to ignore multiple network interfaces\&.
+.sp
+Added in version 219\&.
 .RE
 .PP
 \fB\-o\fR \fIMIN_OPERSTATE\fR[:\fIMAX_OPERSTATE\fR], \fB\-\-operational\-state=\fR\fIMIN_OPERSTATE\fR[:\fIMAX_OPERSTATE\fR]
@@ -94,6 +98,8 @@ settings in
 files\&. But this does not override operational states specified in
 \fB\-\-interface=\fR
 option\&.
+.sp
+Added in version 242\&.
 .RE
 .PP
 \fB\-4\fR, \fB\-\-ipv4\fR
@@ -115,6 +121,8 @@ is specified, then the value from
 in the corresponding
 \&.network
 file is used if present\&.
+.sp
+Added in version 249\&.
 .RE
 .PP
 \fB\-6\fR, \fB\-\-ipv6\fR
@@ -136,6 +144,8 @@ is specified, then the value from
 in the corresponding
 \&.network
 file is used if present\&.
+.sp
+Added in version 249\&.
 .RE
 .PP
 \fB\-\-any\fR
@@ -146,16 +156,22 @@ exits with success when at least one interface becomes online\&. When this optio
 \fB\-\-interface=\fR, then
 \fBsystemd\-networkd\-wait\-online\fR
 waits for one of the specified interfaces to be online\&. This option is useful when some interfaces may not have carrier on boot\&.
+.sp
+Added in version 242\&.
 .RE
 .PP
 \fB\-\-timeout=\fR\fISECS\fR
 .RS 4
 Fail the service if the network is not online by the time the timeout elapses\&. A timeout of 0 disables the timeout\&. Defaults to 120 seconds\&.
+.sp
+Added in version 219\&.
 .RE
 .PP
 \fB\-q\fR, \fB\-\-quiet\fR
 .RS 4
 Suppress log messages\&.
+.sp
+Added in version 242\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-networkd.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-networkd.service.8
index c726e20b..f421a6a1 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-networkd.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-networkd.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-NETWORKD\&.SERVICE" "8" "" "systemd 254" "systemd-networkd.service"
+.TH "SYSTEMD\-NETWORKD\&.SERVICE" "8" "" "systemd 255" "systemd-networkd.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-oomd.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-oomd.service.8
index 00ccf471..b29c880d 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-oomd.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-oomd.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-OOMD\&.SERVICE" "8" "" "systemd 254" "systemd-oomd.service"
+.TH "SYSTEMD\-OOMD\&.SERVICE" "8" "" "systemd 255" "systemd-oomd.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -118,6 +118,8 @@ may prefer a much lower value like 40%\&.
 .RS 4
 Do a dry run of
 \fBsystemd\-oomd\fR: when a kill is triggered, print it to the log instead of killing the cgroup\&.
+.sp
+Added in version 253\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-pcrlock.8 b/upstream/opensuse-tumbleweed/man8/systemd-pcrlock.8
new file mode 100644
index 00000000..a983ad68
--- /dev/null
+++ b/upstream/opensuse-tumbleweed/man8/systemd-pcrlock.8
@@ -0,0 +1,537 @@
+'\" t
+.TH "SYSTEMD\-PCRLOCK" "8" "" "systemd 255" "systemd-pcrlock"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+systemd-pcrlock, systemd-pcrlock-file-system.service, systemd-pcrlock-firmware-code.service, systemd-pcrlock-firmware-config.service, systemd-pcrlock-machine-id.service, systemd-pcrlock-make-policy.service, systemd-pcrlock-secureboot-authority.service, systemd-pcrlock-secureboot-policy.service \- Analyze and predict TPM2 PCR states and generate an access policy from the prediction
+.SH "SYNOPSIS"
+.HP \w'\fB/usr/lib/systemd/systemd\-pcrlock\ \fR\fB[OPTIONS...]\fR\ 'u
+\fB/usr/lib/systemd/systemd\-pcrlock \fR\fB[OPTIONS...]\fR
+.SH "DESCRIPTION"
+.PP
+Note: this command is experimental for now\&. While it is likely to become a regular component of systemd, it might still change in behaviour and interface\&.
+.PP
+\fBsystemd\-pcrlock\fR
+is a tool that may be used to analyze and predict TPM2 PCR measurements, and generate TPM2 access policies from the prediction which it stores in a TPM2 NV index (i\&.e\&. in the TPM2 non\-volatile memory)\&. This may then be used to restrict access to TPM2 objects (such as disk encryption keys) to system boot\-ups in which only specific, trusted components are used\&.
+.PP
+\fBsystemd\-pcrlock\fR
+uses as input for its analysis and prediction:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The UEFI firmware TPM2 event log (i\&.e\&.
+/sys/kernel/security/tpm0/binary_bios_measurements) of the current boot\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The userspace TPM2 event log (i\&.e\&.
+/run/log/systemd/tpm2\-measure\&.log) of the current boot\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The current PCR state of the TPM2 chip\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Boot component definition files (*\&.pcrlock
+and
+*\&.pcrlock\&.d/*\&.pcrlock, see
+\fBsystemd.pcrlock\fR(5)) that each define expected measurements for one component of the boot process, permitting alternative variants for each\&. (Variants may be used used to bless multiple kernel versions or boot loader versions at the same time\&.)
+.RE
+.PP
+It uses these inputs to generate a combined event log, validating it against the PCR states\&. It then attempts to recognize event log records and matches them against the defined components\&. For each PCR where this can be done comprehensively (i\&.e\&. where all listed records and all defined components have been matched) this may then be used to predict future PCR measurements, taking the alternative variants defined for each component into account\&. This prediction may then be converted into a TPM2 access policy (consisting of TPM2
+\fBPolicyPCR\fR
+and
+\fBPolicyOR\fR
+items), which is then stored in an NV index in the TPM2\&. This may be used to then lock secrets (such as disk encryption keys) to these policies (via a TPM2
+\fBPolicyAuthorizeNV\fR
+policy)\&.
+.PP
+Use tools such as
+\fBsystemd-cryptenroll\fR(1)
+or
+\fBsystemd-repart\fR(8)
+to bind disk encryption to such a
+\fBsystemd\-pcrlock\fR
+TPM2 policy\&. Specifically, see the
+\fB\-\-tpm2\-pcrlock=\fR
+switches of these tools\&.
+.PP
+The access policy logic requires a TPM2 device that implements the
+"PolicyAuthorizeNV"
+command, i\&.e\&. implements TPM 2\&.0 version 1\&.38 or newer\&.
+.SH "COMMANDS"
+.PP
+The following commands are understood:
+.PP
+\fBlog\fR
+.RS 4
+This reads the combined TPM2 event log, validates it, matches it against the current PCR values, and outputs both in tabular form\&. Combine with
+\fB\-\-json=\fR
+to generate output in JSON format\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBcel\fR
+.RS 4
+This reads the combined TPM2 event log and writes it to STDOUT in
+\m[blue]\fBTCG Canonical Event Log Format (CEL\-JSON)\fR\m[]\&\s-2\u[1]\d\s+2
+format\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlist\-components\fR
+.RS 4
+Shows a list of component definitions and their variants, i\&.e\&. the
+*\&.pcrlock
+files discovered in
+/var/lib/pcrlock\&.d/,
+/usr/lib/pcrlock\&.d/, and the other supported directories\&. See
+\fBsystemd.pcrlock\fR(5)
+for details on these files and the full list of directories searched\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBpredict\fR
+.RS 4
+Predicts the PCR state on future boots\&. This will analyze the TPM2 event log as described above, recognize components, and then generate all possible resulting PCR values for all combinations of component variants\&. Note that no prediction is made for PCRs whose value does not match the event log records, for which unrecognized measurements are discovered or for which components are defined that cannot be found in the event log\&. This is a safety measure to ensure that any generated access policy can be fulfilled correctly on current and future boots\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBmake\-policy\fR
+.RS 4
+This predicts the PCR state for future boots, much like the
+\fBpredict\fR
+command above\&. It then uses this data to generate a TPM2 access policy which it stores in a TPM2 NV index\&. The prediction and information about the used TPM2 and its NV index are written to
+/var/lib/systemd/pcrlock\&.json\&.
+.sp
+The NV index is allocated on first invocation, and updated on subsequent invocations\&.
+.sp
+The NV index contents may be changed (and thus the policy stored in it updated) by providing an access PIN\&. This PIN is normally generated automatically and stored in encrypted form (with an access policy binding it to the NV index itself) in the aforementioned JSON policy file\&. This PIN may be chosen by the user, via the
+\fB\-\-recovery\-pin=\fR
+switch\&. If specified it may be used as alternative path of access to update the policy\&.
+.sp
+If the new prediction matches the old this command terminates quickly and executes no further operation\&. (Unless
+\fB\-\-force\fR
+is specified, see below\&.)
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBremove\-policy\fR
+.RS 4
+Removes a previously generated policy\&. Deletes the
+/var/lib/systemd/pcrlock\&.json
+file, and deallocates the NV index\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-firmware\-code\fR, \fBunlock\-firmware\-code\fR
+.RS 4
+Generates/removes
+\&.pcrlock
+files based on the TPM2 event log of the current boot covering all records for PCRs 0 ("platform\-code") and 2 ("external\-code")\&.
+.sp
+This operation allows locking the boot process to the current version of the firmware of the system and its extension cards\&. This operation should only be used if the system vendor does not provide suitable pcrlock data ahead of time\&.
+.sp
+Note that this data only matches the current version of the firmware\&. If a firmware update is applied this data will be out\-of\-date and any access policy generated from it will no longer pass\&. It is thus recommended to invoke
+\fBunlock\-firmware\-code\fR
+before doing a firmware update, followed by
+\fBmake\-policy\fR
+to refresh the policy\&.
+.sp
+\fBsystemd\-pcrlock lock\-firmware\-code\fR
+is invoked automatically at boot via the
+systemd\-pcrlock\-firmware\-code\&.service
+unit, if enabled\&. This ensures that an access policy managed by
+\fBsystemd\-pcrlock\fR
+is automatically locked to the new firmware version whenever the policy has been relaxed temporarily, in order to cover for firmware updates, as described above\&.
+.sp
+The files are only generated from the event log if the event log matches the current TPM2 PCR state\&.
+.sp
+This writes/removes the files
+/var/lib/pcrlock\&.d/250\-firmware\-code\-early\&.pcrlock\&.d/generated\&.pcrlock
+and
+/var/lib/pcrlock\&.d/550\-firmware\-code\-late\&.pcrlock\&.d/generated\&.pcrlock\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-firmware\-config\fR, \fBunlock\-firmware\-config\fR
+.RS 4
+This is similar to
+\fBlock\-firmware\-code\fR/\fBunlock\-firmware\-code\fR
+but locks down the firmware configuration, i\&.e\&. PCRs 1 ("platform\-config") and 3 ("external\-config")\&.
+.sp
+This functionality should be used with care as in most scenarios a minor firmware configuration change should not invalidate access policies to TPM2 objects\&. Also note that some systems measure unstable and unpredictable information (e\&.g\&. current CPU voltages, temperatures, as part of SMBIOS data) to these PCRs, which means this form of lockdown cannot be used reliably on such systems\&. Use this functionality only if the system and hardware is well known and does not suffer by these limitations, for example in virtualized environments\&.
+.sp
+Use
+\fBunlock\-firmware\-config\fR
+before making firmware configuration changes\&. If the
+systemd\-pcrlock\-firmware\-config\&.service
+unit is enabled it will automatically generate a pcrlock file from the new measurements\&.
+.sp
+This writes/removes the files
+/var/lib/pcrlock\&.d/250\-firmware\-config\-early\&.pcrlock\&.d/generated\&.pcrlock
+and
+/var/lib/pcrlock\&.d/550\-firmware\-config\-late\&.pcrlock\&.d/generated\&.pcrlock\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-secureboot\-policy\fR, \fBunlock\-secureboot\-policy\fR
+.RS 4
+Generates/removes a
+\&.pcrlock
+file based on the SecureBoot policy currently enforced\&. This looks at the SecureBoot, PK, KEK, db, dbx, dbt, dbr EFI variables and predicts their measurements to PCR 7 ("secure\-boot\-policy") on the next boot\&.
+.sp
+Use
+\fBunlock\-firmware\-config\fR
+before applying SecureBoot policy updates\&. If the
+systemd\-pcrlock\-secureboot\-policy\&.service
+unit is enabled it will automatically generate a pcrlock file from the policy discovered\&.
+.sp
+This writes/removes the file
+/var/lib/pcrlock\&.d/230\-secureboot\-policy\&.pcrlock\&.d/generated\&.pcrlock\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-secureboot\-authority\fR, \fBunlock\-secureboot\-authority\fR
+.RS 4
+Generates/removes a
+\&.pcrlock
+file based on the SecureBoot authorities used to validate the boot path\&. SecureBoot authorities are the specific SecureBoot database entries that where used to validate the UEFI PE binaries executed at boot\&. This looks at the event log of the current boot, and uses relevant measurements on PCR 7 ("secure\-boot\-policy")\&.
+.sp
+This writes/removes the file
+/var/lib/pcrlock\&.d/620\-secureboot\-authority\&.pcrlock\&.d/generated\&.pcrlock\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-gpt\fR [\fIDEVICE\fR], \fBunlock\-gpt\fR
+.RS 4
+Generates/removes a
+\&.pcrlock
+file based on the GPT partition table of the specified disk\&. If no disk is specified automatically determines the block device backing the root file system\&. This locks the state of the disk partitioning of the booted medium, which firmware measures to PCR 5 ("boot\-loader\-config")\&.
+.sp
+This writes/removes the file
+/var/lib/pcrlock\&.d/600\-gpt\&.pcrlock\&.d/generated\&.pcrlock\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-pe\fR [\fIBINARY\fR], \fBunlock\-pe\fR
+.RS 4
+Generates/removes a
+\&.pcrlock
+file based on the specified PE binary\&. This is useful for predicting measurements the firmware makes to PCR 4 ("boot\-loader\-code") if the specified binary is part of the UEFI boot process\&. Use this on boot loader binaries and suchlike\&. Use
+\fBlock\-uki\fR
+(see below) for PE binaries that are unified kernel images (UKIs)\&.
+.sp
+Expects a path to the PE binary as argument\&. If not specified, reads the binary from STDIN instead\&.
+.sp
+The pcrlock file to write must be specified via the
+\fB\-\-pcrlock=\fR
+switch\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-uki\fR [\fIUKI\fR], \fBunlock\-uki\fR
+.RS 4
+Generates/removes a
+\&.pcrlock
+file based on the specified UKI PE binary\&. This is useful for predicting measurements the firmware makes to PCR 4 ("boot\-loader\-code"), and
+\fBsystemd-stub\fR(7)
+makes to PCR 11 ("kernel\-boot"), if the specified UKI is booted\&. This is a superset of
+\fBlock\-pe\fR\&.
+.sp
+Expects a path to the UKI PE binary as argument\&. If not specified, reads the binary from STDIN instead\&.
+.sp
+The pcrlock file to write must be specified via the
+\fB\-\-pcrlock=\fR
+switch\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-machine\-id\fR, \fBunlock\-machine\-id\fR
+.RS 4
+Generates/removes a
+\&.pcrlock
+file based on
+/etc/machine\-id\&. This is useful for predicting measurements
+\fBsystemd-pcrmachine.service\fR(8)
+makes to PCR 15 ("system\-identity")\&.
+.sp
+This writes/removes the file
+/var/lib/pcrlock\&.d/820\-machine\-id\&.pcrlock\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-file\-system\fR [\fIPATH\fR], \fBunlock\-file\-system\fR [\fIPATH\fR]
+.RS 4
+Generates/removes a
+\&.pcrlock
+file based on file system identity\&. This is useful for predicting measurements
+\fBsystemd-pcrfs@.service\fR(8)
+makes to PCR 15 ("system\-identity") for the root and
+/var/
+file systems\&.
+.sp
+This writes/removes the files
+/var/lib/pcrlock\&.d/830\-root\-file\-system\&.pcrlock
+and
+/var/lib/pcrlock\&.d/840\-file\-system\-\fIpath\fR\&.pcrlock\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-kernel\-cmdline\fR [\fIFILE\fR], \fBunlock\-kernel\-cmdline\fR
+.RS 4
+Generates/removes a
+\&.pcrlock
+file based on
+/proc/cmdline
+(or the specified file if given)\&. This is useful for predicting measurements the Linux kernel makes to PCR 9 ("kernel\-initrd")\&.
+.sp
+This writes/removes the file
+/var/lib/pcrlock\&.d/710\-kernel\-cmdline\&.pcrlock/generated\&.pcrlock\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-kernel\-initrd\fR \fIFILE\fR, \fBunlock\-kernel\-initrd\fR
+.RS 4
+Generates/removes a
+\&.pcrlock
+file based on a kernel initrd cpio archive\&. This is useful for predicting measurements the Linux kernel makes to PCR 9 ("kernel\-initrd")\&. Do not use for
+\fBsystemd\-stub\fR
+UKIs, as the initrd is combined dynamically from various sources and hence does not take a single input, like this command\&.
+.sp
+This writes/removes the file
+/var/lib/pcrlock\&.d/720\-kernel\-initrd\&.pcrlock/generated\&.pcrlock\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fBlock\-raw\fR [\fIFILE\fR], \fBunlock\-raw\fR
+.RS 4
+Generates/removes a
+\&.pcrlock
+file based on raw binary data\&. The data is either read from the specified file or from STDIN (if none is specified)\&. This requires that
+\fB\-\-pcrs=\fR
+is specified\&. The generated \&.pcrlock file is written to the file specified via
+\fB\-\-pcrlock=\fR
+or to STDOUT (if none is specified)\&.
+.sp
+Added in version 255\&.
+.RE
+.SH "OPTIONS"
+.PP
+The following options are understood:
+.PP
+\fB\-\-raw\-description\fR
+.RS 4
+When displaying the TPM2 event log do not attempt to decode the records to provide a friendly event log description string\&. Instead, show the binary payload data in escaped form\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fB\-\-pcr=\fR
+.RS 4
+Specifies the PCR number to use\&. May be specified more than once to select multiple PCRs\&.
+.sp
+This is used by
+\fBlock\-raw\fR
+and
+\fBlock\-pe\fR
+to select the PCR to lock against\&.
+.sp
+If used with
+\fBpredict\fR
+and
+\fBmake\-policy\fR
+this will override which PCRs to include in the prediction and policy\&. If unspecified this defaults to PCRs 0\-5, 7, 11\-15\&. Note that these commands will not include any PCRs in the prediction/policy (even if specified explicitly) if there are measurements in the event log that do not match the current PCR value, or there are unrecognized measurements in the event log, or components define measurements not seen in the event log\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fB\-\-nv\-index=\fR
+.RS 4
+Specifies the NV index to store the policy in\&. Honoured by
+\fBmake\-policy\fR\&. If not specified the command will automatically pick a free NV index\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fB\-\-components=\fR
+.RS 4
+Takes a path to read
+*\&.pcrlock
+and
+*\&.pcrlock\&.d/*\&.pcrlock
+files from\&. May be used more than once to specify multiple such directories\&. If not specified defaults to
+/etc/pcrlock\&.d/,
+/run/pcrlock\&.d/,
+/var/lib/pcrlock\&.d/,
+/usr/local/pcrlock\&.d/,
+/usr/lib/pcrlock\&.d/\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fB\-\-location=\fR
+.RS 4
+Takes either a string or a colon\-separated pair of strings\&. Configures up to which point in the sorted list of defined components to analyze/predict PCRs to\&. Typically, the
+\fBsystemd\-pcrlock\fR
+tool is invoked from a fully booted system after boot\-up and before shutdown\&. This means various components that are defined for shutdown have not been measured yet, and should not be searched for\&. This option allows one to restrict which components are considered for analysis (taking only components before some point into account, ignoring components after them)\&. The expected string is ordered against the filenames of the components defined\&. Any components with a lexicographically later name are ignored\&. This logic applies to the
+\fBlog\fR,
+\fBpredict\fR, and
+\fBmake\-policy\fR
+verbs\&. If a colon\-separated pair of strings are specified then they select which phases of the boot to include in the prediction/policy\&. The first string defines where the first prediction shall be made, and the second string defines where the last prediction shall be made\&. All such predictions are then combined into one set\&.
+.sp
+If used with
+\fBlist\-components\fR
+the selected location range will be highlighted in the component list\&.
+.sp
+Defaults to
+"760\-:940\-", which means the policies generated by default will basically cover the whole runtime of the OS userspace, from the initrd (as
+"760\-"
+closely follows
+750\-enter\-initrd\&.pcrlock) until (and including) the main runtime of the system (as
+"940\-"
+is closely followed by
+950\-shutdown\&.pcrlock)\&. See
+\fBsystemd.pcrlock\fR(5)
+for a full list of well\-known components, that illustrate where this range is placed by default\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fB\-\-recovery\-pin=\fR
+.RS 4
+Takes a boolean\&. Defaults to false\&. Honoured by
+\fBmake\-policy\fR\&. If true, will query the user for a PIN to unlock the TPM2 NV index with\&. If no policy was created before this PIN is used to protect the newly allocated NV index\&. If a policy has been created before the PIN is used to unlock write access to the NV index\&. If this option is not used a PIN is automatically generated\&. Regardless if user supplied or automatically generated, it is stored in encrypted form in the policy metadata file\&. The recovery PIN may be used to regain write access to an NV index in case the access policy became out of date\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fB\-\-pcrlock=\fR
+.RS 4
+Takes a file system path as argument\&. If specified overrides where to write the generated pcrlock data to\&. Honoured by the various
+\fBlock\-*\fR
+commands\&. If not specified, a default path is generally used, as documented above\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fB\-\-policy=\fR
+.RS 4
+Takes a file system path as argument\&. If specified overrides where to write pcrlock policy metadata to\&. If not specified defaults to
+/var/lib/systemd/pcrlock\&.json\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fB\-\-force\fR
+.RS 4
+If specified with
+\fBmake\-policy\fR, the predicted policy will be written to the NV index even if it is detected to be the same as the previously stored one\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fB\-\-json=\fR\fIMODE\fR
+.RS 4
+Shows output formatted as JSON\&. Expects one of
+"short"
+(for the shortest possible output without any redundant whitespace or line breaks),
+"pretty"
+(for a pretty version of the same, with indentation and line breaks) or
+"off"
+(to turn off JSON output, the default)\&.
+.RE
+.PP
+\fB\-\-no\-pager\fR
+.RS 4
+Do not pipe output into a pager\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Print a short help text and exit\&.
+.RE
+.PP
+\fB\-\-version\fR
+.RS 4
+Print a short version string and exit\&.
+.RE
+.SH "EXIT STATUS"
+.PP
+On success, 0 is returned, a non\-zero failure code otherwise\&.
+.SH "SEE ALSO"
+.PP
+\fBsystemd\fR(1),
+\fBsystemd.pcrlock\fR(5),
+\fBsystemd-cryptenroll\fR(1),
+\fBsystemd-cryptsetup@.service\fR(8),
+\fBsystemd-repart\fR(8),
+\fBsystemd-pcrmachine.service\fR(8)
+.SH "NOTES"
+.IP " 1." 4
+TCG Canonical Event Log Format (CEL-JSON)
+.RS 4
+\%https://trustedcomputinggroup.org/resource/canonical-event-log-format/
+.RE
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-pcrphase.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-pcrphase.service.8
index 595294a8..8cd1d2f3 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-pcrphase.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-pcrphase.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-PCRPHASE\&.SERVICE" "8" "" "systemd 254" "systemd-pcrphase.service"
+.TH "SYSTEMD\-PCRPHASE\&.SERVICE" "8" "" "systemd 255" "systemd-pcrphase.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -20,7 +20,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-systemd-pcrphase.service, systemd-pcrphase-sysinit.service, systemd-pcrphase-initrd.service, systemd-pcrmachine.service, systemd-pcrfs-root.service, systemd-pcrfs@.service, systemd-pcrphase \- Measure boot phase into TPM2 PCR 11, machine ID and file system identity into PCR 15
+systemd-pcrphase.service, systemd-pcrphase-sysinit.service, systemd-pcrphase-initrd.service, systemd-pcrmachine.service, systemd-pcrfs-root.service, systemd-pcrfs@.service, systemd-pcrextend \- Measure boot phase into TPM2 PCR 11, machine ID and file system identity into PCR 15
 .SH "SYNOPSIS"
 .PP
 systemd\-pcrphase\&.service
@@ -35,7 +35,7 @@ systemd\-pcrfs\-root\&.service
 .PP
 systemd\-pcrfs@\&.service
 .PP
-/usr/lib/systemd/systemd\-pcrphase
+/usr/lib/systemd/systemd\-pcrextend
 [\fISTRING\fR]
 .SH "DESCRIPTION"
 .PP
@@ -183,12 +183,25 @@ mount option in
 .SH "OPTIONS"
 .PP
 The
-/usr/lib/systemd/system\-pcrphase
+/usr/lib/systemd/system\-pcrextend
 executable may also be invoked from the command line, where it expects the word to extend into PCR 11, as well as the following switches:
 .PP
 \fB\-\-bank=\fR
 .RS 4
 Takes the PCR banks to extend the specified word into\&. If not specified the tool automatically determines all enabled PCR banks and measures the word into all of them\&.
+.sp
+Added in version 252\&.
+.RE
+.PP
+\fB\-\-pcr=\fR
+.RS 4
+Takes the index of the PCR to extend\&. If
+\fB\-\-machine\-id\fR
+or
+\fB\-\-file\-system=\fR
+are specified defaults to 15, otherwise defaults to 11\&.
+.sp
+Added in version 255\&.
 .RE
 .PP
 \fB\-\-tpm2\-device=\fR\fIPATH\fR
@@ -199,21 +212,29 @@ Controls which TPM2 device to use\&. Expects a device node path referring to the
 may be specified, in order to automatically determine the device node of a suitable TPM2 device (of which there must be exactly one)\&. The special value
 "list"
 may be used to enumerate all suitable TPM2 devices currently discovered\&.
+.sp
+Added in version 252\&.
 .RE
 .PP
 \fB\-\-graceful\fR
 .RS 4
 If no TPM2 firmware, kernel subsystem, kernel driver or device support is found, exit with exit status 0 (i\&.e\&. indicate success)\&. If this is not specified any attempt to measure without a TPM2 device will cause the invocation to fail\&.
+.sp
+Added in version 253\&.
 .RE
 .PP
 \fB\-\-machine\-id\fR
 .RS 4
 Instead of measuring a word specified on the command line into PCR 11, measure the host\*(Aqs machine ID into PCR 15\&.
+.sp
+Added in version 253\&.
 .RE
 .PP
 \fB\-\-file\-system=\fR
 .RS 4
 Instead of measuring a word specified on the command line into PCR 11, measure identity information of the specified file system into PCR 15\&. The parameter must be the path to the established mount point of the file system to measure\&.
+.sp
+Added in version 253\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -225,10 +246,48 @@ Print a short help text and exit\&.
 .RS 4
 Print a short version string and exit\&.
 .RE
+.SH "FILES"
+.PP
+/run/log/systemd/tpm2\-measure\&.log
+.RS 4
+Measurements are logged into an event log file maintained in
+/run/log/systemd/tpm2\-measure\&.log, which contains a
+\m[blue]\fBJSON\-SEQ\fR\m[]\&\s-2\u[1]\d\s+2
+series of objects that follow the general structure of the
+\m[blue]\fBTCG Canonical Event Log Format (CEL\-JSON)\fR\m[]\&\s-2\u[2]\d\s+2
+event objects (but lack the
+"recnum"
+field)\&.
+.sp
+A
+\fBLOCK_EX\fR
+BSD file lock (\fBflock\fR(2)) on the log file is acquired while the measurement is made and the file is updated\&. Thus, applications that intend to acquire a consistent quote from the TPM with the associated snapshot of the event log should acquire a
+\fBLOCK_SH\fR
+lock while doing so\&.
+.sp
+Added in version 252\&.
+.RE
 .SH "SEE ALSO"
 .PP
 \fBsystemd\fR(1),
 \fBsystemd-stub\fR(7),
 \fBsystemd-measure\fR(1),
 \fBsystemd-gpt-auto-generator\fR(8),
-\fBsystemd-fstab-generator\fR(8)
+\fBsystemd-fstab-generator\fR(8),
+\m[blue]\fBTPM2 PCR Measurements Made by systemd\fR\m[]\&\s-2\u[3]\d\s+2
+.SH "NOTES"
+.IP " 1." 4
+JSON-SEQ
+.RS 4
+\%https://www.rfc-editor.org/rfc/rfc7464.html
+.RE
+.IP " 2." 4
+TCG Canonical Event Log Format (CEL-JSON)
+.RS 4
+\%https://trustedcomputinggroup.org/resource/canonical-event-log-format/
+.RE
+.IP " 3." 4
+TPM2 PCR Measurements Made by systemd
+.RS 4
+\%https://systemd.io/TPM2_PCR_MEASUREMENTS
+.RE
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-portabled.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-portabled.service.8
index 33e2ccd0..e3b40f6e 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-portabled.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-portabled.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-PORTABLED\&.SERVICE" "8" "" "systemd 254" "systemd-portabled.service"
+.TH "SYSTEMD\-PORTABLED\&.SERVICE" "8" "" "systemd 255" "systemd-portabled.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -37,8 +37,8 @@ Most of
 command\&.
 .PP
 See the
-\m[blue]\fBPortable Services Documentation\fR\m[]\&\s-2\u[1]\d\s+2
-for details about the concepts this service implements\&.
+\m[blue]\fBPortable Services\fR\m[]\&\s-2\u[1]\d\s+2
+page for details about the concepts this service implements\&.
 .SH "SEE ALSO"
 .PP
 \fBsystemd\fR(1),
@@ -46,7 +46,7 @@ for details about the concepts this service implements\&.
 \fBorg.freedesktop.portable1\fR(5)
 .SH "NOTES"
 .IP " 1." 4
-Portable Services Documentation
+Portable Services
 .RS 4
 \%https://systemd.io/PORTABLE_SERVICES
 .RE
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-poweroff.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-poweroff.service.8
index e5ae5eda..52f8f64a 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-poweroff.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-poweroff.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-POWEROFF\&.SERVICE" "8" "" "systemd 254" "systemd-poweroff.service"
+.TH "SYSTEMD\-POWEROFF\&.SERVICE" "8" "" "systemd 255" "systemd-poweroff.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -68,7 +68,7 @@ and pass one arguments to them: either
 "reboot", or
 "kexec", depending on the chosen action\&. All executables in this directory are executed in parallel, and execution of the action is not continued before all executables finished\&. Note that these executables are run
 \fIafter\fR
-all services have been shut down, and after most mounts have been detached (the root file system as well as
+all services have been shut down, and after most mounts have been unmounted (the root file system as well as
 /run/
 and various API file systems are still around though)\&. This means any programs dropped into this directory must be prepared to run in such a limited execution environment and not rely on external services or hierarchies such as
 /var/
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-rc-local-generator.8 b/upstream/opensuse-tumbleweed/man8/systemd-rc-local-generator.8
index 6dc90988..d6b48aec 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-rc-local-generator.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-rc-local-generator.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-RC\-LOCAL\-GENERATOR" "8" "" "systemd 254" "systemd-rc-local-generator"
+.TH "SYSTEMD\-RC\-LOCAL\-GENERATOR" "8" "" "systemd 255" "systemd-rc-local-generator"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-repart.8 b/upstream/opensuse-tumbleweed/man8/systemd-repart.8
deleted file mode 100644
index 63adc1fc..00000000
--- a/upstream/opensuse-tumbleweed/man8/systemd-repart.8
+++ /dev/null
@@ -1,548 +0,0 @@
-'\" t
-.TH "SYSTEMD\-REPART" "8" "" "systemd 254" "systemd-repart"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-systemd-repart, systemd-repart.service \- Automatically grow and add partitions
-.SH "SYNOPSIS"
-.HP \w'\fBsystemd\-repart\fR\ 'u
-\fBsystemd\-repart\fR [OPTIONS...] [\fI[BLOCKDEVICE]\fR...]
-.PP
-systemd\-repart\&.service
-.SH "DESCRIPTION"
-.PP
-\fBsystemd\-repart\fR
-grows and adds partitions to a partition table, based on the configuration files described in
-\fBrepart.d\fR(5)\&.
-.PP
-If invoked with no arguments, it operates on the block device backing the root file system partition of the running OS, thus growing and adding partitions of the booted OS image itself\&. If
-\fI\-\-image=\fR
-is used it will operate on the specified image file\&. When called in the initrd it operates on the block device backing
-/sysroot/
-instead, i\&.e\&. on the block device the system will soon transition into\&. The
-systemd\-repart\&.service
-service is generally run at boot in the initrd, in order to augment the partition table of the OS before its partitions are mounted\&.
-\fBsystemd\-repart\fR
-(mostly) operates in a purely incremental mode: it only grows existing and adds new partitions; it does not shrink, delete or move existing partitions\&. The service is intended to be run on every boot, but when it detects that the partition table already matches the installed
-repart\&.d/*\&.conf
-configuration files, it executes no operation\&.
-.PP
-\fBsystemd\-repart\fR
-is intended to be used when deploying OS images, to automatically adjust them to the system they are running on, during first boot\&. This way the deployed image can be minimal in size and may be augmented automatically at boot when needed, taking possession of disk space available but not yet used\&. Specifically the following use cases are among those covered:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-The root partition may be grown to cover the whole available disk space\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-A
-/home/, swap or
-/srv/
-partition can be added\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-A second (or third, \&...) root partition may be added, to cover A/B style setups where a second version of the root file system is alternatingly used for implementing update schemes\&. The deployed image would carry only a single partition ("A") but on first boot a second partition ("B") for this purpose is automatically created\&.
-.RE
-.PP
-The algorithm executed by
-\fBsystemd\-repart\fR
-is roughly as follows:
-.sp
-.RS 4
-.ie n \{\
-\h'-04' 1.\h'+01'\c
-.\}
-.el \{\
-.sp -1
-.IP "  1." 4.2
-.\}
-The
-repart\&.d/*\&.conf
-configuration files are loaded and parsed, and ordered by filename (without the directory prefix)\&. For each configuration file, drop\-in files are looked for in directories with same name as the configuration file with a suffix "\&.d" added\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04' 2.\h'+01'\c
-.\}
-.el \{\
-.sp -1
-.IP "  2." 4.2
-.\}
-The partition table already existing on the block device is loaded and parsed\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04' 3.\h'+01'\c
-.\}
-.el \{\
-.sp -1
-.IP "  3." 4.2
-.\}
-The existing partitions in the partition table are matched up with the
-repart\&.d/*\&.conf
-files by GPT partition type UUID\&. The first existing partition of a specific type is assigned the first configuration file declaring the same type\&. The second existing partition of a specific type is then assigned the second configuration file declaring the same type, and so on\&. After this iterative assigning is complete any left\-over existing partitions that have no matching configuration file are considered "foreign" and left as they are\&. And any configuration files for which no partition currently exists are understood as a request to create such a partition\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04' 4.\h'+01'\c
-.\}
-.el \{\
-.sp -1
-.IP "  4." 4.2
-.\}
-Partitions that shall be created are now allocated on the disk, taking the size constraints and weights declared in the configuration files into account\&. Free space is used within the limits set by size and padding requests\&. In addition, existing partitions that should be grown are grown\&. New partitions are always appended to the end of the partition table, taking the first partition table slot whose index is greater than the indexes of all existing partitions\&. Partitions are never reordered and thus partition numbers remain stable\&. When partitions are created, they are placed in the smallest area of free space that is large enough to satisfy the size and padding limits\&. This means that partitions might have different order on disk than in the partition table\&. Note that this allocation happens in memory only, the partition table on disk is not updated yet\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04' 5.\h'+01'\c
-.\}
-.el \{\
-.sp -1
-.IP "  5." 4.2
-.\}
-All existing partitions for which configuration files exist and which currently have no GPT partition label set will be assigned a label, either explicitly configured in the configuration or \(em if that\*(Aqs missing \(em derived automatically from the partition type\&. The same is done for all partitions that are newly created\&. These assignments are done in memory only, too, the disk is not updated yet\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04' 6.\h'+01'\c
-.\}
-.el \{\
-.sp -1
-.IP "  6." 4.2
-.\}
-Similarly, all existing partitions for which configuration files exist and which currently have an all\-zero identifying UUID will be assigned a new UUID\&. This UUID is cryptographically hashed from a common seed value together with the partition type UUID (and a counter in case multiple partitions of the same type are defined), see below\&. The same is done for all partitions that are created anew\&. These assignments are done in memory only, too, the disk is not updated yet\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04' 7.\h'+01'\c
-.\}
-.el \{\
-.sp -1
-.IP "  7." 4.2
-.\}
-Similarly, if the disk\*(Aqs volume UUID is all zeroes it is also initialized, also cryptographically hashed from the same common seed value\&. This is done in memory only too\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04' 8.\h'+01'\c
-.\}
-.el \{\
-.sp -1
-.IP "  8." 4.2
-.\}
-The disk space assigned to new partitions (i\&.e\&. what was previously free space) is now erased\&. Specifically, all file system signatures are removed, and if the device supports it, the
-\fBBLKDISCARD\fR
-I/O control command is issued to inform the hardware that the space is now empty\&. In addition any "padding" between partitions and at the end of the device is similarly erased\&.
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04' 9.\h'+01'\c
-.\}
-.el \{\
-.sp -1
-.IP "  9." 4.2
-.\}
-The new partition table is finally written to disk\&. The kernel is asked to reread the partition table\&.
-.RE
-.PP
-As exception to the normally strictly incremental operation, when called in a special "factory reset" mode,
-\fBsystemd\-repart\fR
-may also be used to erase existing partitions to reset an installation back to vendor defaults\&. This mode of operation is used when either the
-\fB\-\-factory\-reset=yes\fR
-switch is passed on the tool\*(Aqs command line, or the
-\fBsystemd\&.factory_reset=yes\fR
-option specified on the kernel command line, or the
-\fIFactoryReset\fR
-EFI variable (vendor UUID
-\fB8cf2644b\-4b0b\-428f\-9387\-6d876050dc67\fR) is set to "yes"\&. It alters the algorithm above slightly: between the 3rd and the 4th step above any partition marked explicitly via the
-\fIFactoryReset=\fR
-boolean is deleted, and the algorithm restarted, thus immediately re\-creating these partitions anew empty\&.
-.PP
-Note that
-\fBsystemd\-repart\fR
-only changes partition tables, it does not create or resize any file systems within these partitions\&. A separate mechanism should be used for that, for example
-\fBsystemd-growfs\fR(8)
-and
-\fBsystemd\-makefs\fR\&.
-.PP
-The UUIDs identifying the new partitions created (or assigned to existing partitions that have no UUID yet), as well as the disk as a whole are hashed cryptographically from a common seed value\&. This seed value is usually the
-\fBmachine-id\fR(5)
-of the system, so that the machine ID reproducibly determines the UUIDs assigned to all partitions\&. If the machine ID cannot be read (or the user passes
-\fB\-\-seed=random\fR, see below) the seed is generated randomly instead, so that the partition UUIDs are also effectively random\&. The seed value may also be set explicitly, formatted as UUID via the
-\fB\-\-seed=\fR
-option\&. By hashing these UUIDs from a common seed images prepared with this tool become reproducible and the result of the algorithm above deterministic\&.
-.PP
-The positional argument should specify the block device to operate on\&. Instead of a block device node path a regular file may be specified too, in which case the command operates on it like it would if a loopback block device node was specified with the file attached\&. If
-\fB\-\-empty=create\fR
-is specified the specified path is created as regular file, which is useful for generating disk images from scratch\&.
-.SH "OPTIONS"
-.PP
-The following options are understood:
-.PP
-\fB\-\-dry\-run=\fR
-.RS 4
-Takes a boolean\&. If this switch is not specified
-\fB\-\-dry\-run=yes\fR
-is the implied default\&. Controls whether
-systemd\-repart
-executes the requested re\-partition operations or whether it should only show what it would do\&. Unless
-\fB\-\-dry\-run=no\fR
-is specified
-systemd\-repart
-will not actually touch the device\*(Aqs partition table\&.
-.RE
-.PP
-\fB\-\-empty=\fR
-.RS 4
-Takes one of
-"refuse",
-"allow",
-"require",
-"force"
-or
-"create"\&. Controls how to operate on block devices that are entirely empty, i\&.e\&. carry no partition table/disk label yet\&. If this switch is not specified the implied default is
-"refuse"\&.
-.sp
-If
-"refuse"
-\fBsystemd\-repart\fR
-requires that the block device it shall operate on already carries a partition table and refuses operation if none is found\&. If
-"allow"
-the command will extend an existing partition table or create a new one if none exists\&. If
-"require"
-the command will create a new partition table if none exists so far, and refuse operation if one already exists\&. If
-"force"
-it will create a fresh partition table unconditionally, erasing the disk fully in effect\&. If
-"force"
-no existing partitions will be taken into account or survive the operation\&. Hence: use with care, this is a great way to lose all your data\&. If
-"create"
-a new loopback file is create under the path passed via the device node parameter, of the size indicated with
-\fB\-\-size=\fR, see below\&.
-.RE
-.PP
-\fB\-\-discard=\fR
-.RS 4
-Takes a boolean\&. If this switch is not specified
-\fB\-\-discard=yes\fR
-is the implied default\&. Controls whether to issue the
-\fBBLKDISCARD\fR
-I/O control command on the space taken up by any added partitions or on the space in between them\&. Usually, it\*(Aqs a good idea to issue this request since it tells the underlying hardware that the covered blocks shall be considered empty, improving performance\&. If operating on a regular file instead of a block device node, a sparse file is generated\&.
-.RE
-.PP
-\fB\-\-size=\fR
-.RS 4
-Takes a size in bytes, using the usual K, M, G, T suffixes, or the special value
-"auto"\&. If used the specified device node path must refer to a regular file, which is then grown to the specified size if smaller, before any change is made to the partition table\&. If specified as
-"auto"
-the minimal size for the disk image is automatically determined (i\&.e\&. the minimal sizes of all partitions are summed up, taking space for additional metadata into account)\&. This switch is not supported if the specified node is a block device\&. This switch has no effect if the file is already as large as the specified size or larger\&. The specified size is implicitly rounded up to multiples of 4096\&. When used with
-\fB\-\-empty=create\fR
-this specifies the initial size of the loopback file to create\&.
-.sp
-The
-\fB\-\-size=auto\fR
-option takes the sizes of pre\-existing partitions into account\&. However, it does not accommodate for partition tables that are not tightly packed: the configured partitions might still not fit into the backing device if empty space exists between pre\-existing partitions (or before the first partition) that cannot be fully filled by partitions to grow or create\&.
-.sp
-Also note that the automatic size determination does not take files or directories specified with
-\fBCopyFiles=\fR
-into account: operation might fail if the specified files or directories require more disk space then the configured per\-partition minimal size limit\&.
-.RE
-.PP
-\fB\-\-factory\-reset=\fR
-.RS 4
-Takes boolean\&. If this switch is not specified
-\fB\-\-factory=reset=no\fR
-is the implied default\&. Controls whether to operate in "factory reset" mode, see above\&. If set to true this will remove all existing partitions marked with
-\fIFactoryReset=\fR
-set to yes early while executing the re\-partitioning algorithm\&. Use with care, this is a great way to lose all your data\&. Note that partition files need to explicitly turn
-\fIFactoryReset=\fR
-on, as the option defaults to off\&. If no partitions are marked for factory reset this switch has no effect\&. Note that there are two other methods to request factory reset operation: via the kernel command line and via an EFI variable, see above\&.
-.RE
-.PP
-\fB\-\-can\-factory\-reset\fR
-.RS 4
-If this switch is specified the disk is not re\-partitioned\&. Instead it is determined if any existing partitions are marked with
-\fIFactoryReset=\fR\&. If there are the tool will exit with exit status zero, otherwise non\-zero\&. This switch may be used to quickly determine whether the running system supports a factory reset mechanism built on
-\fBsystemd\-repart\fR\&.
-.RE
-.PP
-\fB\-\-root=\fR
-.RS 4
-Takes a path to a directory to use as root file system when searching for
-repart\&.d/*\&.conf
-files, for the machine ID file to use as seed and for the
-\fICopyFiles=\fR
-and
-\fICopyBlocks=\fR
-source files and directories\&. By default when invoked on the regular system this defaults to the host\*(Aqs root file system
-/\&. If invoked from the initrd this defaults to
-/sysroot/, so that the tool operates on the configuration and machine ID stored in the root file system later transitioned into itself\&.
-.RE
-.PP
-\fB\-\-image=\fR
-.RS 4
-Takes a path to a disk image file or device to mount and use in a similar fashion to
-\fB\-\-root=\fR, see above\&.
-.RE
-.PP
-\fB\-\-image\-policy=\fR\fB\fIpolicy\fR\fR
-.RS 4
-Takes an image policy string as argument, as per
-\fBsystemd.image-policy\fR(7)\&. The policy is enforced when operating on the disk image specified via
-\fB\-\-image=\fR, see above\&. If not specified defaults to the
-"*"
-policy, i\&.e\&. all recognized file systems in the image are used\&.
-.RE
-.PP
-\fB\-\-seed=\fR
-.RS 4
-Takes a UUID as argument or the special value
-\fBrandom\fR\&. If a UUID is specified the UUIDs to assign to partitions and the partition table itself are derived via cryptographic hashing from it\&. If not specified it is attempted to read the machine ID from the host (or more precisely, the root directory configured via
-\fB\-\-root=\fR) and use it as seed instead, falling back to a randomized seed otherwise\&. Use
-\fB\-\-seed=random\fR
-to force a randomized seed\&. Explicitly specifying the seed may be used to generated strictly reproducible partition tables\&.
-.RE
-.PP
-\fB\-\-pretty=\fR
-.RS 4
-Takes a boolean argument\&. If this switch is not specified, it defaults to on when called from an interactive terminal and off otherwise\&. Controls whether to show a user friendly table and graphic illustrating the changes applied\&.
-.RE
-.PP
-\fB\-\-definitions=\fR
-.RS 4
-Takes a file system path\&. If specified the
-*\&.conf
-files are read from the specified directory instead of searching in
-/usr/lib/repart\&.d/*\&.conf,
-/etc/repart\&.d/*\&.conf,
-/run/repart\&.d/*\&.conf\&.
-.sp
-This parameter can be specified multiple times\&.
-.RE
-.PP
-\fB\-\-key\-file=\fR
-.RS 4
-Takes a file system path\&. Configures the encryption key to use when setting up LUKS2 volumes configured with the
-\fIEncrypt=key\-file\fR
-setting in partition files\&. Should refer to a regular file containing the key, or an
-\fBAF_UNIX\fR
-stream socket in the file system\&. In the latter case a connection is made to it and the key read from it\&. If this switch is not specified the empty key (i\&.e\&. zero length key) is used\&. This behaviour is useful for setting up encrypted partitions during early first boot that receive their user\-supplied password only in a later setup step\&.
-.RE
-.PP
-\fB\-\-private\-key=\fR
-.RS 4
-Takes a file system path\&. Configures the signing key to use when creating verity signature partitions with the
-\fIVerity=signature\fR
-setting in partition files\&.
-.RE
-.PP
-\fB\-\-certificate=\fR
-.RS 4
-Takes a file system path\&. Configures the PEM encoded X\&.509 certificate to use when creating verity signature partitions with the
-\fIVerity=signature\fR
-setting in partition files\&.
-.RE
-.PP
-\fB\-\-tpm2\-device=\fR, \fB\-\-tpm2\-pcrs=\fR
-.RS 4
-Configures the TPM2 device and list of PCRs to use for LUKS2 volumes configured with the
-\fIEncrypt=tpm2\fR
-option\&. These options take the same parameters as the identically named options to
-\fBsystemd-cryptenroll\fR(1)
-and have the same effect on partitions where TPM2 enrollment is requested\&.
-.RE
-.PP
-\fB\-\-tpm2\-public\-key=\fR [PATH], \fB\-\-tpm2\-public\-key\-pcrs=\fR [PCR...]
-.RS 4
-Configures a TPM2 signed PCR policy to bind encryption to\&. See
-\fBsystemd-cryptenroll\fR(1)
-for details on these two options\&.
-.RE
-.PP
-\fB\-\-split=\fR [BOOL]
-.RS 4
-Enables generation of split artifacts from partitions configured with
-\fISplitName=\fR\&. If enabled, for each partition with
-\fISplitName=\fR
-set, a separate output file containing just the contents of that partition is generated\&. The output filename consists of the loopback filename suffixed with the name configured with
-\fISplitName=\fR\&. If the loopback filename ends with
-"\&.raw", the suffix is inserted before the
-"\&.raw"
-extension instead\&.
-.sp
-Note that
-\fB\-\-split\fR
-is independent from
-\fB\-\-dry\-run\fR\&. Even if
-\fB\-\-dry\-run\fR
-is enabled, split artifacts will still be generated from an existing image if
-\fB\-\-split\fR
-is enabled\&.
-.RE
-.PP
-\fB\-\-include\-partitions=\fR [PARTITION...], \fB\-\-exclude\-partitions=\fR [PARTITION...]
-.RS 4
-These options specify which partition types
-\fBsystemd\-repart\fR
-should operate on\&. If
-\fB\-\-include\-partitions=\fR
-is used, all partitions that aren\*(Aqt specified are excluded\&. If
-\fB\-\-exclude\-partitions=\fR
-is used, all partitions that are specified are excluded\&. Both options take a comma separated list of GPT partition type UUIDs or identifiers (see
-\fIType=\fR
-in
-\fBrepart.d\fR(5))\&.
-.RE
-.PP
-\fB\-\-defer\-partitions=\fR [PARTITION...]
-.RS 4
-This option specifies for which partition types
-\fBsystemd\-repart\fR
-should defer\&. All partitions that are deferred using this option are still taken into account when calculating the sizes and offsets of other partitions, but aren\*(Aqt actually written to the disk image\&. The net effect of this option is that if you run
-\fBsystemd\-repart\fR
-again without this option, the missing partitions will be added as if they had not been deferred the first time
-\fBsystemd\-repart\fR
-was executed\&.
-.RE
-.PP
-\fB\-\-sector\-size=\fR [BYTES]
-.RS 4
-This option allows configuring the sector size of the image produced by
-\fBsystemd\-repart\fR\&. It takes a value that is a power of
-"2"
-between
-"512"
-and
-"4096"\&. This option is useful when building images for disks that use a different sector size as the disk on which the image is produced\&.
-.RE
-.PP
-\fB\-\-architecture=\fR [ARCH]
-.RS 4
-This option allows overriding the architecture used for architecture specific partition types\&. For example, if set to
-"arm64"
-a partition type of
-"root\-x86\-64"
-referenced in
-repart\&.d/
-drop\-ins will be patched dynamically to refer to
-"root\-arm64"
-instead\&. Takes one of
-"alpha",
-"arc",
-"arm",
-"arm64",
-"ia64",
-"loongarch64",
-"mips\-le",
-"mips64\-le",
-"parisc",
-"ppc",
-"ppc64",
-"ppc64\-le",
-"riscv32",
-"riscv64",
-"s390",
-"s390x",
-"tilegx",
-"x86"
-or
-"x86\-64"\&.
-.RE
-.PP
-\fB\-\-offline=\fR [BOOL]
-.RS 4
-Instructs
-\fBsystemd\-repart\fR
-to build the image offline\&. Takes a boolean or
-"auto"\&. Defaults to
-"auto"\&. If enabled, the image is built without using loop devices\&. This is useful to build images unprivileged or when loop devices are not available\&. If disabled, the image is always built using loop devices\&. If
-"auto",
-\fBsystemd\-repart\fR
-will build the image online if possible and fall back to building the image offline if loop devices are not available or cannot be accessed due to missing permissions\&.
-.RE
-.PP
-\fB\-h\fR, \fB\-\-help\fR
-.RS 4
-Print a short help text and exit\&.
-.RE
-.PP
-\fB\-\-version\fR
-.RS 4
-Print a short version string and exit\&.
-.RE
-.PP
-\fB\-\-no\-pager\fR
-.RS 4
-Do not pipe output into a pager\&.
-.RE
-.PP
-\fB\-\-no\-legend\fR
-.RS 4
-Do not print the legend, i\&.e\&. column headers and the footer with hints\&.
-.RE
-.PP
-\fB\-\-json=\fR\fIMODE\fR
-.RS 4
-Shows output formatted as JSON\&. Expects one of
-"short"
-(for the shortest possible output without any redundant whitespace or line breaks),
-"pretty"
-(for a pretty version of the same, with indentation and line breaks) or
-"off"
-(to turn off JSON output, the default)\&.
-.RE
-.SH "EXIT STATUS"
-.PP
-On success, 0 is returned, a non\-zero failure code otherwise\&.
-.SH "SEE ALSO"
-.PP
-\fBsystemd\fR(1),
-\fBrepart.d\fR(5),
-\fBmachine-id\fR(5),
-\fBsystemd-cryptenroll\fR(1)
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-resolved.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-resolved.service.8
index 603a1913..86ed8074 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-resolved.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-resolved.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-RESOLVED\&.SERVICE" "8" "" "systemd 254" "systemd-resolved.service"
+.TH "SYSTEMD\-RESOLVED\&.SERVICE" "8" "" "systemd 255" "systemd-resolved.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -620,6 +620,8 @@ Upon reception of the
 process signal
 \fBsystemd\-resolved\fR
 will dump the contents of all DNS resource record caches it maintains, as well as all feature level information it learnt about configured DNS servers into the system logs\&.
+.sp
+Added in version 231\&.
 .RE
 .PP
 \fBSIGUSR2\fR
@@ -635,6 +637,8 @@ flushes the caches automatically anyway any time the host\*(Aqs network configur
 is equivalent to the
 \fBresolvectl flush\-caches\fR
 command, however the latter is recommended since it operates in a synchronous way\&.
+.sp
+Added in version 231\&.
 .RE
 .PP
 \fBSIGRTMIN+1\fR
@@ -650,6 +654,8 @@ automatically forgets learnt information any time the DNS server configuration c
 is equivalent to the
 \fBresolvectl reset\-server\-features\fR
 command, however the latter is recommended since it operates in a synchronous way\&.
+.sp
+Added in version 235\&.
 .RE
 .SH "CREDENTIALS"
 .PP
@@ -666,6 +672,8 @@ May contain a space separated list of DNS server IP addresses and DNS search dom
 /etc/systemd/resolved\&.conf,
 /etc/resolv\&.conf
 or the kernel command line has been provided\&.
+.sp
+Added in version 253\&.
 .RE
 .SH "KERNEL COMMAND LINE"
 .PP
@@ -685,6 +693,8 @@ and
 settings of
 \fBresolved.conf\fR(5)
 will be ignored\&. These two kernel command line options hence override system configuration\&.
+.sp
+Added in version 253\&.
 .RE
 .SH "IP PORTS"
 .PP
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-run-generator.8 b/upstream/opensuse-tumbleweed/man8/systemd-run-generator.8
index 01d0fd45..759d7647 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-run-generator.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-run-generator.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-RUN\-GENERATOR" "8" "" "systemd 254" "systemd-run-generator"
+.TH "SYSTEMD\-RUN\-GENERATOR" "8" "" "systemd 255" "systemd-run-generator"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-socket-proxyd.8 b/upstream/opensuse-tumbleweed/man8/systemd-socket-proxyd.8
index 909910cb..e7057e71 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-socket-proxyd.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-socket-proxyd.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-SOCKET\-PROXYD" "8" "" "systemd 254" "systemd-socket-proxyd"
+.TH "SYSTEMD\-SOCKET\-PROXYD" "8" "" "systemd 255" "systemd-socket-proxyd"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -39,6 +39,18 @@ This utility\*(Aqs behavior is similar to
 are support for socket activation with
 "Accept=no"
 and an event\-driven design that scales better with the number of connections\&.
+.PP
+Note that
+\fBsystemd\-socket\-proxyd\fR
+will not forward socket side channel information, i\&.e\&. will not forward
+\fBSCM_RIGHTS\fR,
+\fBSCM_CREDENTIALS\fR,
+\fBSCM_SECURITY\fR,
+\fBSO_PEERCRED\fR,
+\fBSO_PEERPIDFD\fR,
+\fBSO_PEERSEC\fR,
+\fBSO_PEERGROUPS\fR
+and similar\&.
 .SH "OPTIONS"
 .PP
 The following options are understood:
@@ -56,6 +68,8 @@ Print a short version string and exit\&.
 \fB\-\-connections\-max=\fR, \fB\-c\fR
 .RS 4
 Sets the maximum number of simultaneous connections, defaults to 256\&. If the limit of concurrent connections is reached further connections will be refused\&.
+.sp
+Added in version 233\&.
 .RE
 .PP
 \fB\-\-exit\-idle\-time=\fR
@@ -63,6 +77,8 @@ Sets the maximum number of simultaneous connections, defaults to 256\&. If the l
 Sets the time before exiting when there are no connections, defaults to
 \fBinfinity\fR\&. Takes a unit\-less value in seconds, or a time span value such as
 "5min 20s"\&.
+.sp
+Added in version 246\&.
 .RE
 .SH "EXIT STATUS"
 .PP
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-soft-reboot.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-soft-reboot.service.8
index 84476beb..6aa6122f 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-soft-reboot.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-soft-reboot.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-SOFT\-REBOOT\&.SERVICE" "8" "" "systemd 254" "systemd-soft-reboot.service"
+.TH "SYSTEMD\-SOFT\-REBOOT\&.SERVICE" "8" "" "systemd 255" "systemd-soft-reboot.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,8 +31,8 @@ is a system service that is pulled in by
 soft\-reboot\&.target
 and is responsible for performing a userspace\-only reboot operation\&. When invoked, it will send the
 \fBSIGTERM\fR
-signal to any processes left running (but does not follow up with
-\fBSIGKILL\fR, and does not wait for the processes to exit)\&. If the
+signal to any processes left running (but does not wait for the processes to exit), and follow up with
+\fBSIGKILL\fR\&. If the
 /run/nextroot/
 directory exists (which may be a regular directory, a directory mount point or a symlink to either) then it will switch the file system root to it\&. It then reexecutes the service manager off the (possibly now new) root file system, which will enqueue a new boot transaction as in a normal reboot\&.
 .PP
@@ -60,7 +60,7 @@ The second phase of regular shutdown, as implemented by
 .sp -1
 .IP \(bu 2.3
 .\}
-The third phase of regular shutdown, i\&.e\&. the return to the initrd context
+The third phase of regular shutdown, i\&.e\&. the return to the initrd context\&.
 .RE
 .sp
 .RS 4
@@ -71,7 +71,7 @@ The third phase of regular shutdown, i\&.e\&. the return to the initrd context
 .sp -1
 .IP \(bu 2.3
 .\}
-The hardware reboot operation
+The hardware reboot operation\&.
 .RE
 .sp
 .RS 4
@@ -82,7 +82,7 @@ The hardware reboot operation
 .sp -1
 .IP \(bu 2.3
 .\}
-The firmware initialization
+The firmware initialization\&.
 .RE
 .sp
 .RS 4
@@ -93,7 +93,7 @@ The firmware initialization
 .sp -1
 .IP \(bu 2.3
 .\}
-The boot loader initialization
+The boot loader initialization\&.
 .RE
 .sp
 .RS 4
@@ -104,7 +104,7 @@ The boot loader initialization
 .sp -1
 .IP \(bu 2.3
 .\}
-The kernel initialization
+The kernel initialization\&.
 .RE
 .sp
 .RS 4
@@ -115,7 +115,7 @@ The kernel initialization
 .sp -1
 .IP \(bu 2.3
 .\}
-The initrd initialization
+The initrd initialization\&.
 .RE
 .PP
 However this form of reboot comes with drawbacks as well:
@@ -207,11 +207,48 @@ file system remains mounted and populated and may be used to pass state informat
 .sp -1
 .IP \(bu 2.3
 .\}
-Service processes may continue to run over the transition, if they are placed in services that remain active until the very end of shutdown (which again is achieved via
+Service processes may continue to run over the transition, past soft\-reboot and into the next session, if they are placed in services that remain active until the very end of shutdown (which again is achieved via
 \fIDefaultDependencies=no\fR)\&. They must also be set up to avoid being killed by the aforementioned
 \fBSIGTERM\fR
-spree (as per
-\m[blue]\fBsystemd and Storage Daemons for the Root File System\fR\m[]\&\s-2\u[1]\d\s+2)\&.
+and
+\fBSIGKILL\fR
+via
+\fISurviveFinalKillSignal=yes\fR, and also be configured to avoid being stopped on isolate via
+\fIIgnoreOnIsolate=yes\fR\&. They also have to be configured to be stopped on normal shutdown, reboot and maintenance mode\&. Finally, they have to be ordered after
+\fBbasic\&.target\fR
+to ensure correct ordering on boot\&. Note that in case any new or custom units are used to isolate to, or that implement an equivalent shutdown functionality, they will also have to be configured manually for correct ordering and conflicting\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+[Unit]
+Description=My surviving service
+SurviveFinalKillSignal=yes
+IgnoreOnIsolate=yes
+DefaultDependencies=no
+After=basic\&.target
+Conflicts=reboot\&.target
+Before=reboot\&.target
+Conflicts=kexec\&.target
+Before=kexec\&.target
+Conflicts=poweroff\&.target
+Before=poweroff\&.target
+Conflicts=halt\&.target
+Before=halt\&.target
+Conflicts=rescue\&.target
+Before=rescue\&.target
+Conflicts=emergency\&.target
+Before=emergency\&.target
+
+[Service]
+Type=oneshot
+ExecStart=sleep infinity
+      
+.fi
+.if n \{\
+.RE
+.\}
 .RE
 .sp
 .RS 4
@@ -226,11 +263,255 @@ File system mounts may remain mounted during the transition, and complex storage
 \fIDefaultDependencies=no\fR, and by avoiding
 \fIConflicts=umount\&.target\fR)
 .RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+If the unit publishes a service over D\-Bus, the connection needs to be re\-established after soft\-reboot as the D\-Bus broker will be stopped and then started again\&. When using the sd\-bus library this can be achieved by adapting the following example\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+/* SPDX\-License\-Identifier: MIT\-0 */
+
+/* Implements a D\-Bus service that automatically reconnects when the system bus is restarted\&.
+ *
+ * Compile with \*(Aqcc sd_bus_service_reconnect\&.c $(pkg\-config \-\-libs \-\-cflags libsystemd)\*(Aq
+ *
+ * To allow the program to take ownership of the name \*(Aqorg\&.freedesktop\&.ReconnectExample\*(Aq,
+ * add the following as /etc/dbus\-1/system\&.d/org\&.freedesktop\&.ReconnectExample\&.conf
+ * and then reload the broker with \*(Aqsystemctl reload dbus\*(Aq:
+
+<?xml version="1\&.0"?> <!\-\-*\-nxml\-*\-\->
+<!DOCTYPE busconfig PUBLIC "\-//freedesktop//DTD D\-BUS Bus Configuration 1\&.0//EN"
+        "http://www\&.freedesktop\&.org/standards/dbus/1\&.0/busconfig\&.dtd">
+<busconfig>
+        <policy user="root">
+                <allow own="org\&.freedesktop\&.ReconnectExample"/>
+                <allow send_destination="org\&.freedesktop\&.ReconnectExample"/>
+                <allow receive_sender="org\&.freedesktop\&.ReconnectExample"/>
+        </policy>
+
+        <policy context="default">
+                <allow send_destination="org\&.freedesktop\&.ReconnectExample"/>
+                <allow receive_sender="org\&.freedesktop\&.ReconnectExample"/>
+        </policy>
+</busconfig>
+
+ *
+ * To get the property via busctl:
+ *
+ * $ busctl \-\-user get\-property org\&.freedesktop\&.ReconnectExample \e
+ *                              /org/freedesktop/ReconnectExample \e
+ *                              org\&.freedesktop\&.ReconnectExample \e
+ *                              Example
+ *   s "example"
+ */
+
+#include <errno\&.h>
+#include <stdio\&.h>
+#include <stdlib\&.h>
+#include <systemd/sd\-bus\&.h>
+
+#define _cleanup_(f) __attribute__((cleanup(f)))
+
+#define check(x) ({                             \e
+  int _r = (x);                                 \e
+  errno = _r < 0 ? \-_r : 0;                     \e
+  printf(#x ": %m\en");                          \e
+  if (_r < 0)                                   \e
+    return EXIT_FAILURE;                        \e
+  })
+
+typedef struct object {
+  const char *example;
+  sd_bus **bus;
+  sd_event **event;
+} object;
+
+static int property_get(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+  object *o = userdata;
+
+  if (strcmp(property, "Example") == 0)
+    return sd_bus_message_append(reply, "s", o\->example);
+
+  return sd_bus_error_setf(error,
+                           SD_BUS_ERROR_UNKNOWN_PROPERTY,
+                           "Unknown property \*(Aq%s\*(Aq",
+                           property);
+}
+
+/* https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_add_object\&.html */
+static const sd_bus_vtable vtable[] = {
+  SD_BUS_VTABLE_START(0),
+  SD_BUS_PROPERTY(
+    "Example", "s",
+    property_get,
+    0,
+    SD_BUS_VTABLE_PROPERTY_CONST),
+  SD_BUS_VTABLE_END
+};
+
+static int setup(object *o);
+
+static int on_disconnect(sd_bus_message *message, void *userdata, sd_bus_error *ret_error) {
+  check(setup((object *)userdata));
+  return 0;
+}
+
+/* Ensure the event loop exits with a clear error if acquiring the well\-known service name fails */
+static int request_name_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
+  if (!sd_bus_message_is_method_error(m, NULL))
+    return 1;
+
+  const sd_bus_error *error = sd_bus_message_get_error(m);
+
+  if (sd_bus_error_has_names(error, SD_BUS_ERROR_TIMEOUT, SD_BUS_ERROR_NO_REPLY))
+    return 1; /* The bus is not available, try again later */
+
+  printf("Failed to request name: %s\en", error\->message);
+  object *o = userdata;
+  check(sd_event_exit(*o\->event, \-sd_bus_error_get_errno(error)));
+
+  return 1;
+}
+
+static int setup(object *o) {
+  /* If we are reconnecting, then the bus object needs to be closed, detached from
+   * the event loop and recreated\&.
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_detach_event\&.html
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_close_unref\&.html
+   */
+  if (*o\->bus) {
+    check(sd_bus_detach_event(*o\->bus));
+    *o\->bus = sd_bus_close_unref(*o\->bus);
+  }
+
+  /* Set up a new bus object for the system bus, configure it to wait for D\-Bus to be available
+   * instead of failing if it is not, and start it\&. All the following operations are asyncronous
+   * and will not block waiting for D\-Bus to be available\&.
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_new\&.html
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_set_address\&.html
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_set_bus_client\&.html
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_negotiate_creds\&.html
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_set_watch_bind\&.html
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_set_connected_signal\&.html
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_start\&.html
+   */
+  check(sd_bus_new(o\->bus));
+  check(sd_bus_set_address(*o\->bus, "unix:path=/run/dbus/system_bus_socket"));
+  check(sd_bus_set_bus_client(*o\->bus, 1));
+  check(sd_bus_negotiate_creds(*o\->bus, 1, SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS));
+  check(sd_bus_set_watch_bind(*o\->bus, 1));
+  check(sd_bus_start(*o\->bus));
+
+  /* Publish an interface on the bus, specifying our well\-known object access
+   * path and public interface name\&.
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_add_object\&.html
+   * https://dbus\&.freedesktop\&.org/doc/dbus\-tutorial\&.html
+   */
+  check(sd_bus_add_object_vtable(*o\->bus,
+                                 NULL,
+                                 "/org/freedesktop/ReconnectExample",
+                                 "org\&.freedesktop\&.ReconnectExample",
+                                 vtable,
+                                 o));
+  /* By default the service is only assigned an ephemeral name\&. Also add a well\-known
+   * one, so that clients know whom to call\&. This needs to be asynchronous, as
+   * D\-Bus might not be yet available\&. The callback will check whether the error is
+   * expected or not, in case it fails\&.
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_request_name\&.html
+   */
+  check(sd_bus_request_name_async(*o\->bus,
+                                  NULL,
+                                  "org\&.freedesktop\&.ReconnectExample",
+                                  0,
+                                  request_name_callback,
+                                  o));
+  /* When D\-Bus is disconnected this callback will be invoked, which will
+   * set up the connection again\&. This needs to be asynchronous, as D\-Bus might not
+   * yet be available\&.
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_match_signal_async\&.html
+   */
+  check(sd_bus_match_signal_async(*o\->bus,
+                                  NULL,
+                                  "org\&.freedesktop\&.DBus\&.Local",
+                                  NULL,
+                                  "org\&.freedesktop\&.DBus\&.Local",
+                                  "Disconnected",
+                                  on_disconnect,
+                                  NULL,
+                                  o));
+  /* Attach the bus object to the event loop so that calls and signals are processed\&.
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_attach_event\&.html
+   */
+  check(sd_bus_attach_event(*o\->bus, *o\->event, 0));
+
+  return 0;
+}
+
+int main(int argc, char **argv) {
+  /* The bus should be relinquished before the program terminates\&. The cleanup
+   * attribute allows us to do it nicely and cleanly whenever we exit the
+   * block\&.
+   */
+  _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+  _cleanup_(sd_event_unrefp) sd_event *event = NULL;
+  object o = {
+    \&.example = "example",
+    \&.bus = &bus,
+    \&.event = &event,
+  };
+
+  /* Create an event loop data structure, with default parameters\&.
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_event_default\&.html
+   */
+  check(sd_event_default(&event));
+
+  /* By default the event loop will terminate when all sources have disappeared, so
+   * we have to keep it \*(Aqoccupied\*(Aq\&. Register signal handling to do so\&.
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_event_add_signal\&.html
+   */
+  check(sd_event_add_signal(event, NULL, SIGINT|SD_EVENT_SIGNAL_PROCMASK, NULL, NULL));
+  check(sd_event_add_signal(event, NULL, SIGTERM|SD_EVENT_SIGNAL_PROCMASK, NULL, NULL));
+
+  check(setup(&o));
+
+  /* Enter the main loop, it will exit only on sigint/sigterm\&.
+   * https://www\&.freedesktop\&.org/software/systemd/man/sd_event_loop\&.html
+   */
+  check(sd_event_loop(event));
+
+  /* https://www\&.freedesktop\&.org/software/systemd/man/sd_bus_release_name\&.html */
+  check(sd_bus_release_name(bus, "org\&.freedesktop\&.ReconnectExample"));
+
+  return 0;
+}
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+.RE
 .PP
 Even though passing resources from one soft reboot cycle to the next is possible this way, we strongly suggest to use this functionality sparingly only, as it creates a more fragile system as resources from different versions of the OS and applications might be mixed with unforeseen consequences\&. In particular it\*(Aqs recommended to
 \fIavoid\fR
 allowing processes to survive the soft reboot operation, as this means code updates will necessarily be incomplete, and processes typically pin various other resources (such as the file system they are backed by), thus increasing memory usage (as two versions of the OS/application/file system might be kept in memory)\&. Leaving processes running during a soft\-reboot operation requires disconnecting the service comprehensively from the rest of the OS, i\&.e\&. minimizing IPC and reducing sharing of resources with the rest of the OS\&. A possible mechanism to achieve this is the concept of
-\m[blue]\fBPortable Services\fR\m[]\&\s-2\u[2]\d\s+2, but make sure no resource from the host\*(Aqs OS filesystems is pinned via
+\m[blue]\fBPortable Services\fR\m[]\&\s-2\u[1]\d\s+2, but make sure no resource from the host\*(Aqs OS filesystems is pinned via
 \fIBindPaths=\fR
 or similar unit settings, otherwise the old, originating filesystem will remain mounted as long as the unit is running\&.
 .SH "NOTES"
@@ -245,6 +526,13 @@ Note that
 systemd\-soft\-reboot\&.service
 (and related units) should never be executed directly\&. Instead, trigger system shutdown with a command such as
 "systemctl soft\-reboot"\&.
+.PP
+Note that if a new root file system has been set up on
+"/run/nextroot/", a
+\fBsoft\-reboot\fR
+will be performed when the
+\fBreboot\fR
+command is invoked\&.
 .SH "SEE ALSO"
 .PP
 \fBsystemd\fR(1),
@@ -255,11 +543,6 @@ systemd\-soft\-reboot\&.service
 \fBbootup\fR(7)
 .SH "NOTES"
 .IP " 1." 4
-systemd and Storage Daemons for the Root File System
-.RS 4
-\%https://systemd.io/ROOT_STORAGE_DAEMONS
-.RE
-.IP " 2." 4
 Portable Services
 .RS 4
 \%https://systemd.io/PORTABLE_SERVICES
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-storagetm.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-storagetm.service.8
new file mode 100644
index 00000000..562730c7
--- /dev/null
+++ b/upstream/opensuse-tumbleweed/man8/systemd-storagetm.service.8
@@ -0,0 +1,89 @@
+'\" t
+.TH "SYSTEMD\-STORAGETM\&.SERVICE" "8" "" "systemd 255" "systemd-storagetm.service"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+systemd-storagetm.service, systemd-storagetm \- Exposes all local block devices as NVMe\-TCP mass storage devices
+.SH "SYNOPSIS"
+.PP
+systemd\-storagetm\&.service
+.HP \w'\fB/usr/lib/systemd/systemd\-storagetm\fR\ 'u
+\fB/usr/lib/systemd/systemd\-storagetm\fR [OPTIONS...] [\fIDEVICE\fR]
+.SH "DESCRIPTION"
+.PP
+systemd\-storagetm\&.service
+is a service that exposes all local block devices as NVMe\-TCP mass storage devices\&. Its primary use\-case is to be invoked by the
+storage\-target\-mode\&.target
+unit that can be booted into\&.
+.PP
+Warning: the NVMe disks are currently exposed without authentication or encryption, in read/write mode\&. This means network peers may read from and write to the device without any restrictions\&. This functionality should hence only be used in a local setup\&.
+.PP
+Note that to function properly networking must be configured too\&. The recommended mechanism to boot into a storage target mode is by adding
+"rd\&.systemd\&.unit=storage\-target\-mode\&.target ip=link\-local"
+on the kernel command line\&. Note that
+"ip=link\-local"
+only configures link\-local IP, i\&.e\&. IPv4LL and IPv6LL, which means non\-routable addresses\&. This is done for security reasons, so that only systems on the local link can access the devices\&. Use
+"ip=dhcp"
+to assign routable addresses too\&. For further details see
+\fBsystemd-network-generator.service\fR(8)\&.
+.PP
+Unless the
+\fB\-\-all\fR
+switch is used expects one or more block devices or regular files to expose via NVMe\-TCP as argument\&.
+.SH "OPTIONS"
+.PP
+The following options are understood:
+.PP
+\fB\-\-nqn=\fR
+.RS 4
+Takes a string\&. If specified configures the NVMe Qualified Name to use for the exposed NVMe\-TCP mass storage devices\&. The NQN should follow the syntax described in
+\m[blue]\fBNVM Express Base Specification 2\&.0c\fR\m[]\&\s-2\u[1]\d\s+2, section 4\&.5 "NVMe Qualified Names"\&. Note that the NQN specified here will be suffixed with a dot and the block device name before it is exposed on the NVMe target\&. If not specified defaults to
+"nqn\&.2023\-10\&.io\&.systemd:storagetm\&.\fIID\fR", where ID is replaced by a 128bit ID derived from
+\fBmachine-id\fR(5)\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fB\-\-all\fR, \fB\-a\fR
+.RS 4
+If specified exposes all local block devices via NVMe\-TCP, current and future (i\&.e\&. it watches block devices come and go and updates the NVMe\-TCP list as needed)\&. Note that by default any block devices that originate on the same block device as the block device backing the current root file system are excluded\&. If the switch is specified twice this safety mechanism is disabled\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Print a short help text and exit\&.
+.RE
+.PP
+\fB\-\-version\fR
+.RS 4
+Print a short version string and exit\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBsystemd\fR(1),
+\fBsystemd.special\fR(7)
+.SH "NOTES"
+.IP " 1." 4
+NVM Express Base Specification 2.0c
+.RS 4
+\%https://nvmexpress.org/wp-content/uploads/NVM-Express-Base-Specification-2.0c-2022.10.04-Ratified.pdf
+.RE
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-sysctl.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-sysctl.service.8
index a4e353d9..35eeee7c 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-sysctl.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-sysctl.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-SYSCTL\&.SERVICE" "8" "" "systemd 254" "systemd-sysctl.service"
+.TH "SYSTEMD\-SYSCTL\&.SERVICE" "8" "" "systemd 255" "systemd-sysctl.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -53,11 +53,15 @@ before it takes effect\&. It is possible to update specific settings, or simply
 \fB\-\-prefix=\fR
 .RS 4
 Only apply rules with the specified prefix\&.
+.sp
+Added in version 230\&.
 .RE
 .PP
 \fB\-\-strict=\fR
 .RS 4
 Always return non\-zero exit code on failure (including invalid sysctl variable name and insufficient permissions), unless the sysctl variable name is prefixed with a "\-" character\&.
+.sp
+Added in version 252\&.
 .RE
 .PP
 \fB\-\-cat\-config\fR
@@ -65,6 +69,11 @@ Always return non\-zero exit code on failure (including invalid sysctl variable
 Copy the contents of config files to standard output\&. Before each file, the filename is printed as a comment\&.
 .RE
 .PP
+\fB\-\-tldr\fR
+.RS 4
+Copy the contents of config files to standard output\&. Only the "interesting" parts of the configuration files are printed, comments and empty lines are skipped\&. Before each file, the filename is printed as a comment\&.
+.RE
+.PP
 \fB\-\-no\-pager\fR
 .RS 4
 Do not pipe output into a pager\&.
@@ -93,6 +102,8 @@ for details)\&. The following credentials are used when passed in:
 The contents of this credential may contain additional lines to operate on\&. The credential contents should follow the same format as any other
 sysctl\&.d/
 drop\-in configuration file\&. If this credential is passed it is processed after all of the drop\-in files read from the file system\&. The settings configured in the credential hence take precedence over those in the file system\&.
+.sp
+Added in version 252\&.
 .RE
 .PP
 Note that by default the
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-sysext.8 b/upstream/opensuse-tumbleweed/man8/systemd-sysext.8
index 7a498533..8d83408c 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-sysext.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-sysext.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-SYSEXT" "8" "" "systemd 254" "systemd-sysext"
+.TH "SYSTEMD\-SYSEXT" "8" "" "systemd 255" "systemd-sysext"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -146,8 +146,8 @@ systemd\-sysext\&.service
 is enabled\&. Note that this service runs only after the underlying file systems where system extensions may be located have been mounted\&. This means they are not suitable for shipping resources that are processed by subsystems running in earliest boot\&. Specifically, OS extension images are not suitable for shipping system services or
 \fBsystemd-sysusers\fR(8)
 definitions\&. See the
-\m[blue]\fBPortable Services Documentation\fR\m[]\&\s-2\u[2]\d\s+2
-for a simple mechanism for shipping system services in disk images, in a similar fashion to OS extensions\&. Note the different isolation on these two mechanisms: while system extension directly extend the underlying OS image with additional files that appear in a way very similar to as if they were shipped in the OS image itself and thus imply no security isolation, portable services imply service level sandboxing in one way or another\&. The
+\m[blue]\fBPortable Services\fR\m[]\&\s-2\u[2]\d\s+2
+page for a simple mechanism for shipping system services in disk images, in a similar fashion to OS extensions\&. Note the different isolation on these two mechanisms: while system extension directly extend the underlying OS image with additional files that appear in a way very similar to as if they were shipped in the OS image itself and thus imply no security isolation, portable services imply service level sandboxing in one way or another\&. The
 systemd\-sysext\&.service
 service is guaranteed to finish start\-up before
 basic\&.target
@@ -164,7 +164,7 @@ Note that there is no concept of enabling/disabling installed system extension i
 to "mask" an extension with the same name in a system folder with lower precedence\&.
 .PP
 A simple mechanism for version compatibility is enforced: a system extension image must carry a
-/usr/lib/extension\-release\&.d/extension\-release\&.\fI$name\fR
+/usr/lib/extension\-release\&.d/extension\-release\&.\fINAME\fR
 file, which must match its image name, that is compared with the host
 os\-release
 file: the contained
@@ -187,7 +187,11 @@ it has to match the kernel\*(Aqs architecture reported by
 but the used architecture identifiers are the same as for
 \fIConditionArchitecture=\fR
 described in
-\fBsystemd.unit\fR(5)\&. System extensions should not ship a
+\fBsystemd.unit\fR(5)\&.
+\fIEXTENSION_RELOAD_MANAGER=\fR
+can be set to 1 if the extension requires a service manager reload after application of the extension\&. Note that for the reasons mentioned earlier:
+\m[blue]\fBPortable Services\fR\m[]\&\s-2\u[2]\d\s+2
+remain the recommended way to ship system services\&. System extensions should not ship a
 /usr/lib/os\-release
 file (as that would be merged into the host
 /usr/
@@ -228,8 +232,10 @@ and
 suffix are considered disk image based confext images\&.
 .PP
 Again, just like sysext images, the confext images will contain a
-/etc/extension\-release\&.d/extension\-release\&.\fI$name\fR
-file, which must match the image name (with the usual escape hatch of xattr), and again with content being one or more of
+/etc/extension\-release\&.d/extension\-release\&.\fINAME\fR
+file, which must match the image name (with the usual escape hatch of the
+\fIuser\&.extension\-release\&.strict\fR
+\fBxattr\fR(7)), and again with content being one or more of
 \fIID=\fR,
 \fIVERSION_ID=\fR, and
 \fICONFEXT_LEVEL\fR\&. Confext images will then be checked and matched against the base OS layer\&.
@@ -264,6 +270,8 @@ and
 of sysext and for
 /etc/
 of confext)\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fBmerge\fR
@@ -276,6 +284,8 @@ and
 file system combining the underlying hierarchies with those included in the extension images\&. This command will fail if the hierarchies are already merged\&. For confext, the merge happens into the
 /etc/
 directory instead\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fBunmerge\fR
@@ -290,6 +300,8 @@ for sysext and
 file systems created by
 \fBmerge\fR
 prior\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fBrefresh\fR
@@ -308,11 +320,15 @@ is executed, without establishing any new
 instance\&. Note that currently there\*(Aqs a brief moment where neither the old nor the new
 "overlayfs"
 file system is mounted\&. This implies that all resources supplied by a system extension will briefly disappear \(em even if it exists continuously during the refresh operation\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fBlist\fR
 .RS 4
 A brief list of installed extension images is shown\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -337,6 +353,8 @@ and
 hierarchies for sysext or
 /etc/
 for confext, but below some specified root directory\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fB\-\-force\fR
@@ -348,6 +366,8 @@ and
 for sysext and
 /etc/
 for confext, ignore version incompatibilities, i\&.e\&. force merging regardless of whether the version information included in the images matches the host or not\&.
+.sp
+Added in version 248\&.
 .RE
 .PP
 \fB\-\-image\-policy=\fR\fB\fIpolicy\fR\fR
@@ -362,6 +382,8 @@ file systems in the image are used\&. For configuration extensions defaults to
 /\&.extra/sysext/
 directory a slightly stricter policy is used by default:
 "root=signed+absent:usr=signed+absent", see above for details\&.
+.sp
+Added in version 254\&.
 .RE
 .PP
 \fB\-\-noexec=\fR\fIBOOL\fR
@@ -371,6 +393,21 @@ When merging configuration extensions into
 the
 "MS_NOEXEC"
 mount flag is used by default\&. This option can be used to disable it\&.
+.sp
+Added in version 254\&.
+.RE
+.PP
+\fB\-\-no\-reload\fR
+.RS 4
+When used with
+\fBmerge\fR,
+\fBunmerge\fR
+or
+\fBrefresh\fR, do not reload daemon after executing the changes even if an extension that is applied requires a reload via the
+\fIEXTENSION_RELOAD_MANAGER=\fR
+set to 1\&.
+.sp
+Added in version 255\&.
 .RE
 .PP
 \fB\-\-no\-pager\fR
@@ -408,7 +445,7 @@ Discoverable Partitions Specification
 \%https://uapi-group.org/specifications/specs/discoverable_partitions_specification
 .RE
 .IP " 2." 4
-Portable Services Documentation
+Portable Services
 .RS 4
 \%https://systemd.io/PORTABLE_SERVICES
 .RE
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-system-update-generator.8 b/upstream/opensuse-tumbleweed/man8/systemd-system-update-generator.8
index 2ae6d209..47e3b738 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-system-update-generator.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-system-update-generator.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-SYSTEM\-UPDATE\-GENERATOR" "8" "" "systemd 254" "systemd-system-update-generator"
+.TH "SYSTEMD\-SYSTEM\-UPDATE\-GENERATOR" "8" "" "systemd 255" "systemd-system-update-generator"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-sysupdate.8 b/upstream/opensuse-tumbleweed/man8/systemd-sysupdate.8
index 1f5a2bfa..99d876fa 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-sysupdate.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-sysupdate.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-SYSUPDATE" "8" "" "systemd 254" "systemd-sysupdate"
+.TH "SYSTEMD\-SYSUPDATE" "8" "" "systemd 255" "systemd-sysupdate"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -73,11 +73,15 @@ The following commands are understood:
 If invoked without an argument, enumerates downloadable and installed versions, and shows a summarizing table with the discovered versions and their properties, including whether there\*(Aqs a newer candidate version to update to\&. If a version argument is specified, shows details about the specific version, including the individual files that need to be transferred to acquire the version\&.
 .sp
 If no command is explicitly specified this command is implied\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fBcheck\-new\fR
 .RS 4
 Checks if there\*(Aqs a new version available\&. This internally enumerates downloadable and installed versions and returns exit status 0 if there\*(Aqs a new version to update to, non\-zero otherwise\&. If there is a new version to update to, its version identifier is written to standard output\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fBupdate\fR [\fIVERSION\fR]
@@ -90,6 +94,8 @@ in
 \fBsysupdate.d\fR(5), or via the available partition slots of the right type\&. This implicit operation can also be invoked explicitly via the
 \fBvacuum\fR
 command described below\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fBvacuum\fR
@@ -99,6 +105,8 @@ Deletes old installed versions until the limits configured via
 in
 \fBsysupdate.d\fR(5)
 are met again\&. Normally, it should not be necessary to invoke this command explicitly, since it is implicitly invoked whenever a new update is initiated\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fBpending\fR
@@ -107,6 +115,8 @@ Checks whether a newer version of the OS is installed than the one currently run
 \fIIMAGE_VERSION=\fR
 field in
 /etc/os\-release\&. If the former is newer than the latter, an update was apparently completed but not activated (i\&.e\&. rebooted into) yet\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fBreboot\fR
@@ -118,6 +128,8 @@ command but immediately reboots in case a newer version of the OS has been insta
 command, after a completed update via the
 \fB\-\-reboot\fR
 switch, see below\&. This command will execute no operation (and return success) if no update has been installed, and thus the system was not rebooted\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fBcomponents\fR
@@ -130,6 +142,8 @@ and
 directories that contain transfer files\&. This command is useful to list possible parameters for
 \fB\-\-component=\fR
 (see below)\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fB\-h\fR, \fB\-\-help\fR
@@ -169,6 +183,8 @@ directory for these cases\&.
 .sp
 This option may not be combined with
 \fB\-\-definitions=\fR\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fB\-\-definitions=\fR
@@ -182,6 +198,8 @@ files are read from this directory instead of
 .sp
 This option may not be combined with
 \fB\-\-component=\fR\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fB\-\-root=\fR
@@ -189,12 +207,16 @@ This option may not be combined with
 Takes a path to a directory to use as root file system when searching for
 sysupdate\&.d/*\&.conf
 files\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fB\-\-image=\fR
 .RS 4
 Takes a path to a disk image file or device to mount and use in a similar fashion to
 \fB\-\-root=\fR, see above\&. If this is used and partition resources are updated this is done inside the specified disk image\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fB\-\-image\-policy=\fR\fB\fIpolicy\fR\fR
@@ -213,16 +235,22 @@ Takes a decimal integer greater than or equal to 2\&. Controls how many versions
 setting, see
 \fBsysupdate.d\fR(5)
 for details\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fB\-\-sync=\fR
 .RS 4
 Takes a boolean argument, defaults to yes\&. This may be used to specify whether the newly updated resource versions shall be synchronized to disk when appropriate (i\&.e\&. after the download is complete, before it is finalized, and again after finalization)\&. This should not be turned off, except to improve runtime performance in testing environments\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fB\-\-verify=\fR
 .RS 4
 Takes a boolean argument, defaults to yes\&. Controls whether to cryptographically verify downloads\&. Do not turn this off, except in testing environments\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fB\-\-reboot\fR
@@ -230,6 +258,8 @@ Takes a boolean argument, defaults to yes\&. Controls whether to cryptographical
 When used in combination with the
 \fBupdate\fR
 command and a new version is installed, automatically reboots the system immediately afterwards\&.
+.sp
+Added in version 251\&.
 .RE
 .PP
 \fB\-\-no\-pager\fR
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-sysusers.8 b/upstream/opensuse-tumbleweed/man8/systemd-sysusers.8
index cf03222f..5d5726a1 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-sysusers.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-sysusers.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-SYSUSERS" "8" "" "systemd 254" "systemd-sysusers"
+.TH "SYSTEMD\-SYSUSERS" "8" "" "systemd 255" "systemd-sysusers"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -50,6 +50,8 @@ The following options are understood:
 Takes a directory path as an argument\&. All paths will be prefixed with the given alternate
 \fIroot\fR
 path, including config search paths\&.
+.sp
+Added in version 215\&.
 .RE
 .PP
 \fB\-\-image=\fR\fB\fIimage\fR\fR
@@ -59,6 +61,8 @@ Takes a path to a disk image file or block device node\&. If specified all opera
 but operates on file systems stored in disk images or block devices\&. The disk image should either contain just a file system or a set of file systems within a GPT partition table, following the
 \m[blue]\fBDiscoverable Partitions Specification\fR\m[]\&\s-2\u[1]\d\s+2\&. For further information on supported disk images, see
 \fBsystemd-nspawn\fR(1)\*(Aqs switch of the same name\&.
+.sp
+Added in version 247\&.
 .RE
 .PP
 \fB\-\-image\-policy=\fR\fB\fIpolicy\fR\fR
@@ -100,16 +104,22 @@ or even
 /etc/sysusers\&.d/00\-overrides\&.conf\&.
 .sp
 Note that this is the expanded form, and when used in a package, this would be written using a macro with "radvd" and a file containing the configuration line as arguments\&.
+
+Added in version 238\&.
 .RE
 .PP
 \fB\-\-dry\-run\fR
 .RS 4
 Process the configuration and figure out what entries would be created, but don\*(Aqt actually write anything\&.
+.sp
+Added in version 250\&.
 .RE
 .PP
 \fB\-\-inline\fR
 .RS 4
 Treat each positional argument as a separate configuration line instead of a file name\&.
+.sp
+Added in version 238\&.
 .RE
 .PP
 \fB\-\-cat\-config\fR
@@ -117,6 +127,11 @@ Treat each positional argument as a separate configuration line instead of a fil
 Copy the contents of config files to standard output\&. Before each file, the filename is printed as a comment\&.
 .RE
 .PP
+\fB\-\-tldr\fR
+.RS 4
+Copy the contents of config files to standard output\&. Only the "interesting" parts of the configuration files are printed, comments and empty lines are skipped\&. Before each file, the filename is printed as a comment\&.
+.RE
+.PP
 \fB\-\-no\-pager\fR
 .RS 4
 Do not pipe output into a pager\&.
@@ -135,7 +150,7 @@ Print a short version string and exit\&.
 .PP
 \fBsystemd\-sysusers\fR
 supports the service credentials logic as implemented by
-\fIImportCredential=\fR\fILoadCredential=\fR/\fISetCredential=\fR
+\fIImportCredential=\fR/\fILoadCredential=\fR/\fISetCredential=\fR
 (see
 \fBsystemd.exec\fR(1)
 for details)\&. The following credentials are used when passed in:
@@ -147,6 +162,8 @@ A UNIX hashed password string to use for the specified user, when creating an en
 user as it allows provisioning the default root password to use via a unit file drop\-in or from a container manager passing in this credential\&. Note that setting this credential has no effect if the specified user account already exists\&. This credential is hence primarily useful in first boot scenarios or systems that are fully stateless and come up with an empty
 /etc/
 on every boot\&.
+.sp
+Added in version 249\&.
 .RE
 .PP
 \fIpasswd\&.plaintext\-password\&.\fR\fI\fIuser\fR\fR
@@ -154,11 +171,15 @@ on every boot\&.
 Similar to
 "passwd\&.hashed\-password\&.\fIuser\fR"
 but expect a literal, plaintext password, which is then automatically hashed before used for the user account\&. If both the hashed and the plaintext credential are specified for the same user the former takes precedence\&. It\*(Aqs generally recommended to specify the hashed version; however in test environments with weaker requirements on security it might be easier to pass passwords in plaintext instead\&.
+.sp
+Added in version 249\&.
 .RE
 .PP
 \fIpasswd\&.shell\&.\fR\fI\fIuser\fR\fR
 .RS 4
 Specifies the shell binary to use for the specified account when creating it\&.
+.sp
+Added in version 249\&.
 .RE
 .PP
 \fIsysusers\&.extra\fR
@@ -166,6 +187,8 @@ Specifies the shell binary to use for the specified account when creating it\&.
 The contents of this credential may contain additional lines to operate on\&. The credential contents should follow the same format as any other
 sysusers\&.d/
 drop\-in\&. If this credential is passed it is processed after all of the drop\-in files read from the file system\&.
+.sp
+Added in version 252\&.
 .RE
 .PP
 Note that by default the
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-sysv-generator.8 b/upstream/opensuse-tumbleweed/man8/systemd-sysv-generator.8
index dfe288f0..80b51288 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-sysv-generator.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-sysv-generator.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-SYSV\-GENERATOR" "8" "" "systemd 254" "systemd-sysv-generator"
+.TH "SYSTEMD\-SYSV\-GENERATOR" "8" "" "systemd 255" "systemd-sysv-generator"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-time-wait-sync.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-time-wait-sync.service.8
index 4b47bd81..d6849abe 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-time-wait-sync.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-time-wait-sync.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-TIME\-WAIT\-SYNC\&.SERVICE" "8" "" "systemd 254" "systemd-time-wait-sync.service"
+.TH "SYSTEMD\-TIME\-WAIT\-SYNC\&.SERVICE" "8" "" "systemd 255" "systemd-time-wait-sync.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -47,6 +47,8 @@ also tries to detect when the kernel marks the system clock as synchronized, but
 /run/systemd/timesync/synchronized
 .RS 4
 The presence of this file indicates to this service that the system clock has been synchronized\&.
+.sp
+Added in version 239\&.
 .RE
 .SH "SEE ALSO"
 .PP
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-timedated.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-timedated.service.8
index 309d4765..20bfcc8e 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-timedated.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-timedated.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-TIMEDATED\&.SERVICE" "8" "" "systemd 254" "systemd-timedated.service"
+.TH "SYSTEMD\-TIMEDATED\&.SERVICE" "8" "" "systemd 255" "systemd-timedated.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -91,7 +91,7 @@ and
 for information about the D\-Bus API\&.
 .SH "LIST OF NETWORK TIME SYNCHRONIZATION SERVICES"
 .PP
-\fBsystemd\-timesyncd\fR
+\fBsystemd\-timedated\fR
 will look for files with a
 "\&.list"
 extension in
@@ -131,7 +131,7 @@ systemd\-timesyncd\&.service
 If the environment variable
 \fI$SYSTEMD_TIMEDATED_NTP_SERVICES\fR
 is set,
-\fBsystemd\-timesyncd\fR
+\fBsystemd\-timedated\fR
 will parse the contents of that variable as a colon\-separated list of unit names\&. When set, this variable overrides the file\-based list described above\&.
 .PP
 \fBExample\ \&2.\ \&An override that specifies that chronyd should be used if available\fR
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-tmpfiles.8 b/upstream/opensuse-tumbleweed/man8/systemd-tmpfiles.8
index 84bc8086..6e6407bc 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-tmpfiles.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-tmpfiles.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-TMPFILES" "8" "" "systemd 254" "systemd-tmpfiles"
+.TH "SYSTEMD\-TMPFILES" "8" "" "systemd 255" "systemd-tmpfiles"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -132,6 +132,8 @@ are removed unless an exclusive or shared BSD lock is taken on them (see
 Execute "user" configuration, i\&.e\&.
 tmpfiles\&.d
 files in user configuration directories\&.
+.sp
+Added in version 236\&.
 .RE
 .PP
 \fB\-\-boot\fR
@@ -142,21 +144,29 @@ is executed in early boot with
 \fB\-\-boot\fR
 specified and will execute those lines\&. When invoked again later, it should be called without
 \fB\-\-boot\fR\&.
+.sp
+Added in version 209\&.
 .RE
 .PP
 \fB\-\-graceful\fR
 .RS 4
 Ignore configuration lines pertaining to unknown users or groups\&. This option is intended to be used in early boot before all users or groups have been created\&.
+.sp
+Added in version 254\&.
 .RE
 .PP
 \fB\-\-prefix=\fR\fB\fIpath\fR\fR
 .RS 4
 Only apply rules with paths that start with the specified prefix\&. This option can be specified multiple times\&.
+.sp
+Added in version 212\&.
 .RE
 .PP
 \fB\-\-exclude\-prefix=\fR\fB\fIpath\fR\fR
 .RS 4
 Ignore rules with paths that start with the specified prefix\&. This option can be specified multiple times\&.
+.sp
+Added in version 207\&.
 .RE
 .PP
 \fB\-E\fR
@@ -164,6 +174,8 @@ Ignore rules with paths that start with the specified prefix\&. This option can
 A shortcut for
 "\-\-exclude\-prefix=/dev \-\-exclude\-prefix=/proc \-\-exclude\-prefix=/run \-\-exclude\-prefix=/sys", i\&.e\&. exclude the hierarchies typically backed by virtual or memory file systems\&. This is useful in combination with
 \fB\-\-root=\fR, if the specified directory tree contains an OS tree without these virtual/memory file systems mounted in, as it is typically not desirable to create any files and directories below these subdirectories if they are supposed to be overmounted during runtime\&.
+.sp
+Added in version 247\&.
 .RE
 .PP
 \fB\-\-root=\fR\fB\fIroot\fR\fR
@@ -181,6 +193,8 @@ inside the alternate root are read directly\&. This means that users/groups not
 Consider combining this with
 \fB\-E\fR
 to ensure the invocation does not create files or directories below mount points in the OS image operated on that are typically overmounted during runtime\&.
+.sp
+Added in version 212\&.
 .RE
 .PP
 \fB\-\-image=\fR\fB\fIimage\fR\fR
@@ -193,6 +207,8 @@ but operates on file systems stored in disk images or block devices\&. The disk
 .sp
 Implies
 \fB\-E\fR\&.
+.sp
+Added in version 247\&.
 .RE
 .PP
 \fB\-\-image\-policy=\fR\fB\fIpolicy\fR\fR
@@ -212,6 +228,8 @@ will be read, and the configuration given on the command line will be handled in
 \fIPATH\fR\&.
 .sp
 This option is intended to be used when package installation scripts are running and files belonging to that package are not yet available on disk, so their contents must be given on the command line, but the admin configuration might already exist and should be given higher priority\&.
+.sp
+Added in version 238\&.
 .RE
 .PP
 \fB\-\-cat\-config\fR
@@ -219,6 +237,11 @@ This option is intended to be used when package installation scripts are running
 Copy the contents of config files to standard output\&. Before each file, the filename is printed as a comment\&.
 .RE
 .PP
+\fB\-\-tldr\fR
+.RS 4
+Copy the contents of config files to standard output\&. Only the "interesting" parts of the configuration files are printed, comments and empty lines are skipped\&. Before each file, the filename is printed as a comment\&.
+.RE
+.PP
 \fB\-\-no\-pager\fR
 .RS 4
 Do not pipe output into a pager\&.
@@ -263,6 +286,8 @@ for details)\&. The following credentials are used when passed in:
 The contents of this credential may contain additional lines to operate on\&. The credential contents should follow the same format as any other
 tmpfiles\&.d/
 drop\-in configuration file\&. If this credential is passed it is processed after all of the drop\-in files read from the file system\&. The lines in the credential can hence augment existing lines of the OS, but not override them\&.
+.sp
+Added in version 252\&.
 .RE
 .PP
 Note that by default the
@@ -390,6 +415,12 @@ will be ignored by the executable, and needs to be handled by the pager\&.
 This option instructs the pager to not send termcap initialization and deinitialization strings to the terminal\&. It is set by default to allow command output to remain visible in the terminal even after the pager exits\&. Nevertheless, this prevents some pager functionality from working, in particular paged output cannot be scrolled with the mouse\&.
 .RE
 .sp
+Note that setting the regular
+\fI$LESS\fR
+environment variable has no effect for
+\fBless\fR
+invocations by systemd tools\&.
+.sp
 See
 \fBless\fR(1)
 for more discussion\&.
@@ -401,6 +432,12 @@ Override the charset passed to
 \fBless\fR
 (by default
 "utf\-8", if the invoking terminal is determined to be UTF\-8 compatible)\&.
+.sp
+Note that setting the regular
+\fI$LESSCHARSET\fR
+environment variable has no effect for
+\fBless\fR
+invocations by systemd tools\&.
 .RE
 .PP
 \fI$SYSTEMD_PAGERSECURE\fR
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-tpm2-setup.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-tpm2-setup.service.8
new file mode 100644
index 00000000..2b155a66
--- /dev/null
+++ b/upstream/opensuse-tumbleweed/man8/systemd-tpm2-setup.service.8
@@ -0,0 +1,72 @@
+'\" t
+.TH "SYSTEMD\-TPM2\-SETUP\&.SERVICE" "8" "" "systemd 255" "systemd-tpm2-setup.service"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+systemd-tpm2-setup.service, systemd-tpm2-setup-early.service, systemd-tpm2-setup \- Set up the TPM2 Storage Root Key (SRK) at boot
+.SH "SYNOPSIS"
+.PP
+systemd\-tpm2\-setup\&.service
+.PP
+/usr/lib/systemd/systemd\-tpm2\-setup
+.SH "DESCRIPTION"
+.PP
+systemd\-tpm2\-setup\&.service
+and
+systemd\-tpm2\-setup\-early\&.service
+are services that generate the Storage Root Key (SRK) if it hasn\*(Aqt been generated yet, and stores it in the TPM\&.
+.PP
+The services will store the public key of the SRK key pair in a PEM file in
+/run/systemd/tpm2\-srk\-public\-key\&.pem
+and
+/var/lib/systemd/tpm2\-srk\-public\-key\&.pem\&. They will also store it in TPM2B_PUBLIC format in
+/run/systemd/tpm2\-srk\-public\-key\&.tpm2_public
+and
+/var/lib/systemd/tpm2\-srk\-public\-key\&.tpm2b_public\&.
+.PP
+systemd\-tpm2\-setup\-early\&.service
+runs very early at boot (possibly in the initrd), and writes the SRK public key to
+/run/systemd/tpm2\-srk\-public\-key\&.*
+(as
+/var/
+is generally not accessible this early yet), while
+systemd\-tpm2\-setup\&.service
+runs during a later boot phase and saves the public key to
+/var/lib/systemd/tpm2\-srk\-public\-key\&.*\&.
+.SH "FILES"
+.PP
+/run/systemd/tpm2\-srk\-public\-key\&.pem, /run/systemd/tpm2\-srk\-public\-key\&.tpm2b_public
+.RS 4
+The SRK public key in PEM and TPM2B_PUBLIC format, written during early boot\&.
+.sp
+Added in version 255\&.
+.RE
+.PP
+/var/lib/systemd/tpm2\-srk\-public\-key\&.pem, /var/lib/systemd/tpm2\-srk\-public\-key\&.tpm2_public
+.RS 4
+The SRK public key in PEM and TPM2B_PUBLIC format, written during later boot (once
+/var/
+is available)\&.
+.sp
+Added in version 255\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBsystemd\fR(1)
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-update-done.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-update-done.service.8
index f7ce689a..22332dc8 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-update-done.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-update-done.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-UPDATE\-DONE\&.SERVICE" "8" "" "systemd 254" "systemd-update-done.service"
+.TH "SYSTEMD\-UPDATE\-DONE\&.SERVICE" "8" "" "systemd 255" "systemd-update-done.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-user-sessions.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-user-sessions.service.8
index fd4e5ce0..c6be118b 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-user-sessions.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-user-sessions.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-USER\-SESSIONS\&.SERVICE" "8" "" "systemd 254" "systemd-user-sessions.service"
+.TH "SYSTEMD\-USER\-SESSIONS\&.SERVICE" "8" "" "systemd 255" "systemd-user-sessions.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-userdbd.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-userdbd.service.8
index a696713d..62831c5d 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-userdbd.service.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-userdbd.service.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-USERDBD\&.SERVICE" "8" "" "systemd 254" "systemd-userdbd.service"
+.TH "SYSTEMD\-USERDBD\&.SERVICE" "8" "" "systemd 255" "systemd-userdbd.service"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -29,12 +29,15 @@ systemd\-userdbd\&.service
 .SH "DESCRIPTION"
 .PP
 \fBsystemd\-userdbd\fR
-is a system service that multiplexes user/group lookups to all local services that provide JSON user/group record definitions to the system\&. In addition it synthesizes JSON user/group records from classic UNIX/glibc NSS user/group records in order to provide full backwards compatibility\&. It may also pick up statically defined JSON user/group records from drop\-in files in
+is a system service that multiplexes user/group lookups to all local services that provide JSON user/group record definitions to the system\&. In addition it synthesizes JSON user/group records from classic UNIX/glibc NSS user/group records in order to provide full backwards compatibility\&. It may also pick up statically defined JSON user/group records from files in
 /etc/userdb/,
 /run/userdb/,
 /run/host/userdb/
 and
-/usr/lib/userdb/\&.
+/usr/lib/userdb/
+with the
+"\&.user"
+extension\&.
 .PP
 Most of
 \fBsystemd\-userdbd\fR\*(Aqs functionality is accessible through the
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-xdg-autostart-generator.8 b/upstream/opensuse-tumbleweed/man8/systemd-xdg-autostart-generator.8
index f51ffa35..4d0787cc 100644
--- a/upstream/opensuse-tumbleweed/man8/systemd-xdg-autostart-generator.8
+++ b/upstream/opensuse-tumbleweed/man8/systemd-xdg-autostart-generator.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "SYSTEMD\-XDG\-AUTOSTART\-GENERATOR" "8" "" "systemd 254" "systemd-xdg-autostart-generator"
+.TH "SYSTEMD\-XDG\-AUTOSTART\-GENERATOR" "8" "" "systemd 255" "systemd-xdg-autostart-generator"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/tc-bfifo.8 b/upstream/opensuse-tumbleweed/man8/tc-bfifo.8
index 3e290322..bc05ef4d 100644
--- a/upstream/opensuse-tumbleweed/man8/tc-bfifo.8
+++ b/upstream/opensuse-tumbleweed/man8/tc-bfifo.8
@@ -37,8 +37,6 @@ If the list is too long, no further packets are allowed on. This is called 'tail
 limit
 Maximum queue size. Specified in bytes for bfifo, in packets for pfifo. For pfifo, defaults
 to the interface txqueuelen, as specified with
-.BR ifconfig (8)
-or
 .BR ip (8).
 The range for this parameter is [0, UINT32_MAX].
 
diff --git a/upstream/opensuse-tumbleweed/man8/tc-gact.8 b/upstream/opensuse-tumbleweed/man8/tc-gact.8
new file mode 100644
index 00000000..81aa30eb
--- /dev/null
+++ b/upstream/opensuse-tumbleweed/man8/tc-gact.8
@@ -0,0 +1,85 @@
+.TH "Generic actions in tc" 8 "11 Jan 2023" "iproute2" "Linux"
+
+.SH NAME
+gact - generic action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action gact"
+.IR CONTROL " [ " RAND " ] [ " INDEX " ]"
+.ti -8
+.IR CONTROL " := { "
+.BR reclassify " | " drop " | " continue " | " pass " | " pipe " | "
+.br
+.BI "goto chain " "CHAIN_INDEX"
+|
+.br
+.BI "jump " "JUMP_COUNT"
+}
+
+.ti -8
+.IR RAND " := "
+.BI random " RANDTYPE CONTROL VAL"
+.ti -8
+.IR RANDTYPE " := { "
+.BR netrand " | " determ " }"
+.ti -8
+.IR VAL " := number not exceeding 10000"
+.ti -8
+.IR JUMP_COUNT " := absolute jump from start of action list"
+.ti -8
+.IR INDEX " := index value used"
+
+.SH DESCRIPTION
+The
+.B gact
+action allows reclassify, dropping, passing, or accepting packets.
+At the moment there are only two algorithms. One is deterministic
+and the other uses internal kernel netrand.
+
+.SH OPTIONS
+.TP
+.BI random " RANDTYPE CONTROL VAL"
+The probability of taking the action expressed in terms of 1 out of
+.I VAL
+packets.
+
+.TP
+.I CONTROL
+Indicate how
+.B tc
+should proceed if the packet matches.
+For a description of the possible
+.I CONTROL
+values, see
+.BR tc-actions (8).
+
+.SH EXAMPLES
+Apply a rule on ingress to drop packets from a given source address.
+.RS
+.EX
+# tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
+10.0.0.9/32 flowid 1:16 action drop
+.EE
+.RE
+
+Allow 1 out 10 packets from source randomly using the netrand generator
+.RS
+.EX
+# tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
+10.0.0.9/32 flowid 1:16 action drop random netrand ok 10
+.EE
+.RE
+
+Deterministically accept every second packet
+.RS
+.EX
+# tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
+10.0.0.9/32 flowid 1:16 action drop random determ ok 2
+.EE
+.RE
+
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-actions (8),
+.BR tc-u32 (8)
diff --git a/upstream/opensuse-tumbleweed/man8/tc-htb.8 b/upstream/opensuse-tumbleweed/man8/tc-htb.8
index 7aa62615..59b159fb 100644
--- a/upstream/opensuse-tumbleweed/man8/tc-htb.8
+++ b/upstream/opensuse-tumbleweed/man8/tc-htb.8
@@ -36,7 +36,7 @@ bytes
 
 .SH DESCRIPTION
 HTB allows  control of the outbound bandwidth on a given link.
-It allows simulating simulating several slower links and to send different
+It allows simulating several slower links and to send different
 kinds of traffic on different simulated links. In both cases, you have
 to specify how to divide the physical link into simulated links and
 how to decide which simulated link to use for a given packet to be sent.
diff --git a/upstream/opensuse-tumbleweed/man8/tc-matchall.8 b/upstream/opensuse-tumbleweed/man8/tc-matchall.8
index d0224066..538cf745 100644
--- a/upstream/opensuse-tumbleweed/man8/tc-matchall.8
+++ b/upstream/opensuse-tumbleweed/man8/tc-matchall.8
@@ -37,39 +37,39 @@ To create ingress mirroring from port eth1 to port eth2:
 .RS
 .EX
 
-tc qdisc  add dev eth1 handle ffff: ingress
-tc filter add dev eth1 parent ffff:           \\
+tc qdisc  add dev eth1 handle ffff: clsact
+tc filter add dev eth1 ingress                \\
         matchall skip_sw                      \\
         action mirred egress mirror           \\
         dev eth2
 .EE
 .RE
 
-The first command creates an ingress qdisc with handle
+The first command creates a clsact qdisc with handle
 .BR ffff:
 on device
 .BR eth1
 where the second command attaches a matchall filters on it that mirrors the
-packets to device eth2.
+packets to device eth2 for ingress.
 
 To create egress mirroring from port eth1 to port eth2:
 .RS
 .EX
 
-tc qdisc add dev eth1 handle 1: root prio
-tc filter add dev eth1 parent 1:               \\
+tc qdisc add dev eth1 handle ffff: clsact
+tc filter add dev eth1 egress                  \\
         matchall skip_sw                       \\
         action mirred egress mirror            \\
         dev eth2
 .EE
 .RE
 
-The first command creates an egress qdisc with handle
-.BR 1:
-that replaces the root qdisc on device
+The first command creates a clsact qdisc with handle
+.BR ffff:
+on device
 .BR eth1
 where the second command attaches a matchall filters on it that mirrors the
-packets to device eth2.
+packets to device eth2 for egress.
 
 To sample one of every 100 packets flowing into interface eth0 to psample group
 12:
diff --git a/upstream/opensuse-tumbleweed/man8/tc-mirred.8 b/upstream/opensuse-tumbleweed/man8/tc-mirred.8
index 38833b45..6959e3e6 100644
--- a/upstream/opensuse-tumbleweed/man8/tc-mirred.8
+++ b/upstream/opensuse-tumbleweed/man8/tc-mirred.8
@@ -9,13 +9,24 @@ mirred - mirror/redirect action
 .I DIRECTION ACTION
 .RB "[ " index
 .IR INDEX " ] "
-.BI dev " DEVICENAME"
+.I TARGET
 
 .ti -8
 .IR DIRECTION " := { "
 .BR ingress " | " egress " }"
 
 .ti -8
+.IR TARGET " := { " DEV " | " BLOCK " }"
+
+.ti -8
+.IR DEV " :=  "
+.BI dev " DEVICENAME"
+
+.ti -8
+.IR BLOCK " :=  "
+.BI blockid " BLOCKID"
+
+.ti -8
 .IR ACTION " := { "
 .BR mirror " | " redirect " }"
 .SH DESCRIPTION
@@ -24,6 +35,12 @@ The
 action allows packet mirroring (copying) or redirecting (stealing) the packet it
 receives. Mirroring is what is sometimes referred to as Switch Port Analyzer
 (SPAN) and is commonly used to analyze and/or debug flows.
+When mirroring to a tc block, the packet will be mirrored to all the ports in
+the block with exception of the port where the packet ingressed, if that port is
+part of the tc block. Redirecting is similar to mirroring except that the
+behaviour is to mirror to the first N - 1 ports in the block and redirect to the
+last one (note that the port in which the packet arrived is not going to be
+mirrored or redirected to).
 .SH OPTIONS
 .TP
 .B ingress
@@ -39,7 +56,7 @@ Define whether the packet should be copied
 .RB ( mirror )
 or moved
 .RB ( redirect )
-to the destination interface.
+to the destination interface or block.
 .TP
 .BI index " INDEX"
 Assign a unique ID to this action instead of letting the kernel choose one
@@ -49,14 +66,17 @@ is a 32bit unsigned integer greater than zero.
 .TP
 .BI dev " DEVICENAME"
 Specify the network interface to redirect or mirror to.
+.TP
+.BI blockid " BLOCKID"
+Specify the tc block to redirect or mirror to.
 .SH EXAMPLES
 Limit ingress bandwidth on eth0 to 1mbit/s, redirect exceeding traffic to lo for
 debugging purposes:
 
 .RS
 .EX
-# tc qdisc add dev eth0 handle ffff: ingress
-# tc filter add dev eth0 parent ffff: u32 \\
+# tc qdisc add dev eth0 handle ffff: clsact
+# tc filter add dev eth0 ingress u32 \\
 	match u32 0 0 \\
 	action police rate 1mbit burst 100k conform-exceed pipe \\
 	action mirred egress redirect dev lo
@@ -70,8 +90,8 @@ with e.g. tcpdump:
 .EX
 # ip link add dummy0 type dummy
 # ip link set dummy0 up
-# tc qdisc add dev eth0 handle ffff: ingress
-# tc filter add dev eth0 parent ffff: protocol ip \\
+# tc qdisc add dev eth0 handle ffff: clsact
+# tc filter add dev eth0 ingress protocol ip \\
 	u32 match ip protocol 1 0xff \\
 	action mirred egress mirror dev dummy0
 .EE
@@ -87,13 +107,21 @@ interface, it is possible to send ingress traffic through an instance of
 # modprobe ifb
 # ip link set ifb0 up
 # tc qdisc add dev ifb0 root sfq
-# tc qdisc add dev eth0 handle ffff: ingress
-# tc filter add dev eth0 parent ffff: u32 \\
+# tc qdisc add dev eth0 handle ffff: clsact
+# tc filter add dev eth0 ingress u32 \\
 	match u32 0 0 \\
 	action mirred egress redirect dev ifb0
 .EE
 .RE
 
+.SH LIMITATIONS
+The kernel restricts nesting to four levels to avoid the chance
+of nesting loops.
+.PP
+Do not redirect for one IFB device to another.
+IFB is a very specialized case of packet redirecting device.
+Redirecting from ifbX->ifbY will cause all packets to be dropped.
+
 .SH SEE ALSO
 .BR tc (8),
 .BR tc-u32 (8)
diff --git a/upstream/opensuse-tumbleweed/man8/tc-pfifo_fast.8 b/upstream/opensuse-tumbleweed/man8/tc-pfifo_fast.8
index baf34b1d..0029d67f 100644
--- a/upstream/opensuse-tumbleweed/man8/tc-pfifo_fast.8
+++ b/upstream/opensuse-tumbleweed/man8/tc-pfifo_fast.8
@@ -27,8 +27,6 @@ have traffic, higher bands are never dequeued. This can be used to
 prioritize interactive traffic or penalize 'lowest cost' traffic.
 
 Each band can be txqueuelen packets long, as configured with
-.BR ifconfig (8)
-or
 .BR ip (8).
 Additional packets coming in are not enqueued but are instead dropped.
 
@@ -40,8 +38,6 @@ for complete details on how TOS bits are translated into bands.
 txqueuelen
 The length of the three bands depends on the interface txqueuelen, as
 specified with
-.BR ifconfig (8)
-or
 .BR ip (8).
 
 .SH BUGS
diff --git a/upstream/opensuse-tumbleweed/man8/tc-sfb.8 b/upstream/opensuse-tumbleweed/man8/tc-sfb.8
index e4584deb..1f2b8c5e 100644
--- a/upstream/opensuse-tumbleweed/man8/tc-sfb.8
+++ b/upstream/opensuse-tumbleweed/man8/tc-sfb.8
@@ -67,7 +67,7 @@ the number of non-responsive flows, M. It is (1 - (1 - (1 / 16.0)) ** M) **8,
 so for example with 10 non-responsive flows approximately 0.2% of responsive flows
 will be misidentified.
 
-To mitigate this, SFB performs performs periodic re-hashing to avoid
+To mitigate this, SFB performs periodic re-hashing to avoid
 misclassification for prolonged periods of time.
 
 The default hashing method will use source and destination ip addresses and port numbers
diff --git a/upstream/opensuse-tumbleweed/man8/tc-simple.8 b/upstream/opensuse-tumbleweed/man8/tc-simple.8
index f565755e..ae1aec31 100644
--- a/upstream/opensuse-tumbleweed/man8/tc-simple.8
+++ b/upstream/opensuse-tumbleweed/man8/tc-simple.8
@@ -55,11 +55,11 @@ grep the logs to see the logged message
 display stats again and observe increment by 1
 
 .EX
-  hadi@noma1:$ tc qdisc add dev eth0 ingress
-  hadi@noma1:$tc filter add dev eth0 parent ffff: protocol ip prio 5 \\
+  $ tc qdisc add dev eth0 ingress
+  $ tc filter add dev eth0 parent ffff: protocol ip prio 5 \\
 	 u32 match ip protocol 1 0xff flowid 1:1 action simple sdata "Incoming ICMP"
 
-  hadi@noma1:$ sudo tc -s filter ls  dev eth0 parent ffff:
+  $ sudo tc -s filter ls dev eth0 parent ffff:
    filter protocol ip pref 5 u32
    filter protocol ip pref 5 u32 fh 800: ht divisor 1
    filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1
@@ -71,7 +71,7 @@ display stats again and observe increment by 1
 		backlog 0b 0p requeues 0
 
 
-  hadi@noma1$ ping -c 1 www.google.ca
+  $ ping -c 1 www.google.ca
   PING www.google.ca (74.125.225.120) 56(84) bytes of data.
   64 bytes from ord08s08-in-f24.1e100.net (74.125.225.120): icmp_req=1 ttl=53 time=31.3 ms
 
@@ -79,10 +79,10 @@ display stats again and observe increment by 1
   1 packets transmitted, 1 received, 0% packet loss, time 0ms
   rtt min/avg/max/mdev = 31.316/31.316/31.316/0.000 ms
 
-  hadi@noma1$ dmesg | grep simple
+  $ dmesg | grep simple
   [135354.473951] simple: Incoming ICMP_1
 
-  hadi@noma1$ sudo tc/tc -s filter ls  dev eth0 parent ffff:
+  $ sudo tc/tc -s filter ls dev eth0 parent ffff:
   filter protocol ip pref 5 u32
   filter protocol ip pref 5 u32 fh 800: ht divisor 1
   filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1
diff --git a/upstream/opensuse-tumbleweed/man8/tc-xt.8 b/upstream/opensuse-tumbleweed/man8/tc-xt.8
deleted file mode 100644
index f6dc5add..00000000
--- a/upstream/opensuse-tumbleweed/man8/tc-xt.8
+++ /dev/null
@@ -1,42 +0,0 @@
-.TH "iptables action in tc" 8 "3 Mar 2016" "iproute2" "Linux"
-
-.SH NAME
-xt - tc iptables action
-.SH SYNOPSIS
-.in +8
-.ti -8
-.BR tc " ... " "action xt \-j"
-.IR TARGET " [ " TARGET_OPTS " ]"
-.SH DESCRIPTION
-The
-.B xt
-action allows one to call arbitrary iptables targets for packets matching the filter
-this action is attached to.
-.SH OPTIONS
-.TP
-.BI -j " TARGET \fR[\fI TARGET_OPTS \fR]"
-Perform a jump to the given iptables target, optionally passing any target
-specific options in
-.IR TARGET_OPTS .
-.SH EXAMPLES
-The following will attach a
-.B u32
-filter to the
-.B ingress
-qdisc matching ICMP replies and using the
-.B xt
-action to make the kernel yell 'PONG' each time:
-
-.RS
-.EX
-tc qdisc add dev eth0 ingress
-tc filter add dev eth0 parent ffff: proto ip u32 \\
-	match ip protocol 1 0xff \\
-	match ip icmp_type 0 0xff \\
-	action xt -j LOG --log-prefix PONG
-.EE
-.RE
-.SH SEE ALSO
-.BR tc (8),
-.BR tc-u32 (8),
-.BR iptables-extensions (8)
diff --git a/upstream/opensuse-tumbleweed/man8/tc.8 b/upstream/opensuse-tumbleweed/man8/tc.8
index e5bef911..dce58af1 100644
--- a/upstream/opensuse-tumbleweed/man8/tc.8
+++ b/upstream/opensuse-tumbleweed/man8/tc.8
@@ -127,7 +127,7 @@ tc \- show / manipulate traffic control settings
 \fB[ \fB-nm \fR| \fB-nam\fR[\fIes\fR] \fB] \fR|
 \fB[ \fR{ \fB-cf \fR| \fB-c\fR[\fIonf\fR] \fR} \fB[ filename ] \fB] \fR
 \fB[ -t\fR[imestamp\fR] \fB\] \fR| \fB[ -t\fR[short\fR] \fR| \fB[
--o\fR[neline\fR] \fB]\fR }
+-o\fR[neline\fR] \fB] \fR| \fB[ -echo ]\fR }
 
 .ti 8
 .IR FORMAT " := {"
@@ -743,6 +743,10 @@ When\fB\ tc monitor\fR\ runs, print timestamp before the event message in format
 When\fB\ tc monitor\fR\ runs, prints short timestamp before the event message in format:
    [<YYYY>-<MM>-<DD>T<hh:mm:ss>.<ms>]
 
+.TP
+.BR "\-echo"
+Request the kernel to send the applied configuration back.
+
 .SH FORMAT
 The show command has additional formatting options:
 
@@ -871,6 +875,7 @@ was written by Alexey N. Kuznetsov and added in Linux 2.2.
 .BR tc-fq_codel (8),
 .BR tc-fq_pie (8),
 .BR tc-fw (8),
+.BR tc-gact (8),
 .BR tc-hfsc (7),
 .BR tc-hfsc (8),
 .BR tc-htb (8),
diff --git a/upstream/opensuse-tumbleweed/man8/telinit.8 b/upstream/opensuse-tumbleweed/man8/telinit.8
index 77df1e4f..750c2242 100644
--- a/upstream/opensuse-tumbleweed/man8/telinit.8
+++ b/upstream/opensuse-tumbleweed/man8/telinit.8
@@ -1,5 +1,5 @@
 '\" t
-.TH "TELINIT" "8" "" "systemd 254" "telinit"
+.TH "TELINIT" "8" "" "systemd 255" "telinit"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/upstream/opensuse-tumbleweed/man8/tipc-nametable.8 b/upstream/opensuse-tumbleweed/man8/tipc-nametable.8
index b187d25e..f7c51f19 100644
--- a/upstream/opensuse-tumbleweed/man8/tipc-nametable.8
+++ b/upstream/opensuse-tumbleweed/man8/tipc-nametable.8
@@ -49,13 +49,13 @@ provided by a port.
 .B Lower
 .br
 The lower bound of the 32-bit instance field of the port name.
-The instance field is often used as as a sub-class indicator.
+The instance field is often used as a sub-class indicator.
 
 .TP
 .B Upper
 .br
 The upper bound of the 32-bit instance field of the port name.
-The instance field is often used as as a sub-class indicator.
+The instance field is often used as a sub-class indicator.
 A difference in
 .BR "lower " "and " upper
 means the socket is bound to the port name range [lower,upper]
diff --git a/upstream/opensuse-tumbleweed/man8/tzselect.8 b/upstream/opensuse-tumbleweed/man8/tzselect.8
index 4578090f..ee031614 100644
--- a/upstream/opensuse-tumbleweed/man8/tzselect.8
+++ b/upstream/opensuse-tumbleweed/man8/tzselect.8
@@ -95,7 +95,7 @@ Output version information and exit.
 .SH "ENVIRONMENT VARIABLES"
 .TP
 \f3AWK\fP
-Name of a Posix-compliant
+Name of a POSIX-compliant
 .B awk
 program (default:
 .BR awk ).
diff --git a/upstream/opensuse-tumbleweed/man8/xfs_db.8 b/upstream/opensuse-tumbleweed/man8/xfs_db.8
index f53ddd67..a7f6d55e 100644
--- a/upstream/opensuse-tumbleweed/man8/xfs_db.8
+++ b/upstream/opensuse-tumbleweed/man8/xfs_db.8
@@ -388,6 +388,29 @@ and
 options are used to select the attribute or data
 area of the inode, if neither option is given then both areas are shown.
 .TP
+.BI "bmapinflate [\-d " dirty_bytes "] [-e] [\-n " nr "]
+Duplicates the first data fork mapping this many times, as if the mapping had
+been repeatedly reflinked.
+This is an expert-mode command for exercising high-refcount filesystems only.
+Existing data fork mappings will be forgotten and the refcount btree will not
+be updated.
+This command leaves at least the refcount btree and the inode inconsistent;
+.B xfs_repair
+must be run afterwards.
+.RS 1.0i
+.TP 0.4i
+.B \-d
+Constrain the memory consumption of new dirty btree blocks to this quantity.
+Defaults to 60MiB.
+.TP 0.4i
+.B \-e
+Estimate the number of blocks and height of the new data fork mapping
+structure and exit without changing anything.
+.TP 0.4i
+.B \-n
+Create this many copies of the first mapping.
+.RE
+.TP
 .B btdump [-a] [-i]
 If the cursor points to a btree node, dump the btree from that block downward.
 If instead the cursor points to an inode, dump the data fork block mapping btree if there is one.
diff --git a/upstream/opensuse-tumbleweed/man8/zdump.8 b/upstream/opensuse-tumbleweed/man8/zdump.8
index f77c0c79..c3f0bba6 100644
--- a/upstream/opensuse-tumbleweed/man8/zdump.8
+++ b/upstream/opensuse-tumbleweed/man8/zdump.8
@@ -152,10 +152,9 @@ tabbed columns line up.)
 .nf
 .sp
 .if \n(.g .ft CR
-.if t .in +.5i
-.if n .in +2
+.in +2
 .nr w \w'1896-01-13  'u+\n(.i
-.ta \w'1896-01-13  'u +\w'12:01:26  'u +\w'-103126  'u +\w'HWT  'u
+.ta \w'1896-01-13\0\0'u +\w'12:01:26\0\0'u +\w'-103126\0\0'u +\w'HWT\0\0'u
 TZ="Pacific/Honolulu"
 -	-	-103126	LMT
 1896-01-13	12:01:26	-1030	HST
diff --git a/upstream/opensuse-tumbleweed/man8/zic.8 b/upstream/opensuse-tumbleweed/man8/zic.8
index c467efef..0ad373a2 100644
--- a/upstream/opensuse-tumbleweed/man8/zic.8
+++ b/upstream/opensuse-tumbleweed/man8/zic.8
@@ -95,7 +95,7 @@ as local time.
 .B zic
 will act as if the input contained a link line of the form
 .sp
-.ti +.5i
+.ti +2
 .ta \w'Link\0\0'u  +\w'\fItimezone\fP\0\0'u
 Link	\fItimezone\fP		localtime
 .sp
@@ -118,9 +118,15 @@ TZ strings like "EET\*-2EEST" that lack transition rules.
 .B zic
 will act as if the input contained a link line of the form
 .sp
-.ti +.5i
+.ti +2
 Link	\fItimezone\fP		posixrules
 .sp
+If
+.I timezone
+is
+.q "\*-"
+(the default), any already-existing link is removed.
+.sp
 Unless
 .I timezone is
 .q "\*-" ,
@@ -131,12 +137,6 @@ and it should not be combined with
 if
 .IR timezone 's
 transitions are at standard time or Universal Time (UT) instead of local time.
-.sp
-If
-.I timezone
-is
-.BR \*- ,
-any already-existing link is removed.
 .TP
 .BR "\*-r " "[\fB@\fP\fIlo\fP][\fB/@\fP\fIhi\fP]"
 Limit the applicability of output files
@@ -171,7 +171,7 @@ boundaries, particularly if
 causes a TZif file to contain explicit entries for
 .RI pre- hi
 transitions rather than concisely representing them
-with an extended POSIX TZ string.
+with an extended POSIX.1-2017 TZ string.
 Also see the
 .B "\*-b slim"
 option for another way to shrink output size.
@@ -181,10 +181,10 @@ Generate redundant trailing explicit transitions for timestamps
 that occur less than
 .I hi
 seconds since the Epoch, even though the transitions could be
-more concisely represented via the extended POSIX TZ string.
+more concisely represented via the extended POSIX.1-2017 TZ string.
 This option does not affect the represented timestamps.
 Although it accommodates nonstandard TZif readers
-that ignore the extended POSIX TZ string,
+that ignore the extended POSIX.1-2017 TZ string,
 it increases the size of the altered output files.
 .TP
 .BI "\*-t " file
@@ -245,10 +245,10 @@ for
 .PP
 The output file does not contain all the information about the
 long-term future of a timezone, because the future cannot be summarized as
-an extended POSIX TZ string.  For example, as of 2023 this problem
+an extended POSIX.1-2017 TZ string.  For example, as of 2023 this problem
 occurs for Morocco's daylight-saving rules, as these rules are based
 on predictions for when Ramadan will be observed, something that
-an extended POSIX TZ string cannot represent.
+an extended POSIX.1-2017 TZ string cannot represent.
 .PP
 The output contains data that may not be handled properly by client
 code designed for older
@@ -330,19 +330,19 @@ abbreviation must be unambiguous in context.
 .PP
 A rule line has the form
 .nf
-.ti +.5i
+.ti +2
 .ta \w'Rule\0\0'u +\w'NAME\0\0'u +\w'FROM\0\0'u +\w'1973\0\0'u +\w'\*-\0\0'u +\w'Apr\0\0'u +\w'lastSun\0\0'u +\w'2:00w\0\0'u +\w'1:00d\0\0'u
 .sp
 Rule	NAME	FROM	TO	\*-	IN	ON	AT	SAVE	LETTER/S
 .sp
 For example:
-.ti +.5i
+.ti +2
 .sp
 Rule	US	1967	1973	\*-	Apr	lastSun	2:00w	1:00d	D
 .sp
 .fi
 The fields that make up a rule line are:
-.TP "\w'LETTER/S'u"
+.TP
 .B NAME
 Gives the name of the rule set that contains this line.
 The name must start with a character that is neither
@@ -360,24 +360,15 @@ an unquoted name should not contain characters from the set
 Gives the first year in which the rule applies.
 Any signed integer year can be supplied; the proleptic Gregorian calendar
 is assumed, with year 0 preceding year 1.
-The word
-.B minimum
-(or an abbreviation) means the indefinite past.
-The word
-.B maximum
-(or an abbreviation) means the indefinite future.
 Rules can describe times that are not representable as time values,
 with the unrepresentable times ignored; this allows rules to be portable
 among hosts with differing time value types.
 .TP
 .B TO
 Gives the final year in which the rule applies.
-In addition to
-.B minimum
-and
+The word
 .B maximum
-(as above),
-the word
+(or an abbreviation) means the indefinite future, and the word
 .B only
 (or an abbreviation)
 may be used to repeat the value of the
@@ -404,7 +395,7 @@ Month names may be abbreviated.
 Gives the day on which the rule takes effect.
 Recognized forms include:
 .nf
-.in +.5i
+.in +2
 .sp
 .ta \w'Sun<=25\0\0'u
 5	the fifth of the month
@@ -413,7 +404,7 @@ lastMon	the last Monday in the month
 Sun>=8	first Sunday on or after the eighth
 Sun<=25	last Sunday on or before the 25th
 .fi
-.in -.5i
+.in
 .sp
 A weekday name (e.g.,
 .BR "Sunday" )
@@ -440,7 +431,7 @@ Gives the time of day at which the rule takes effect,
 relative to 00:00, the start of a calendar day.
 Recognized forms include:
 .nf
-.in +.5i
+.in +2
 .sp
 .ta \w'00:19:32.13\0\0'u
 2	time in hours
@@ -454,7 +445,7 @@ Recognized forms include:
 \*-2:30	2.5 hours before 00:00
 \*-	equivalent to 0
 .fi
-.in -.5i
+.in
 .sp
 Although
 .B zic
@@ -532,18 +523,18 @@ the variable part is null.
 A zone line has the form
 .sp
 .nf
-.ti +.5i
+.ti +2
 .ta \w'Zone\0\0'u +\w'Asia/Amman\0\0'u +\w'STDOFF\0\0'u +\w'Jordan\0\0'u +\w'FORMAT\0\0'u
 Zone	NAME	STDOFF	RULES	FORMAT	[UNTIL]
 .sp
 For example:
 .sp
-.ti +.5i
+.ti +2
 Zone	Asia/Amman	2:00	Jordan	EE%sT	2017 Oct 27 01:00
 .sp
 .fi
 The fields that make up a zone line are:
-.TP "\w'STDOFF'u"
+.TP
 .B NAME
 The name of the timezone.
 This is the name used in creating the time conversion information file for the
@@ -663,15 +654,15 @@ For example:
 .br
 .ne 7
 .nf
-.in +2m
+.in +2
 .ta \w'# Rule\0\0'u +\w'NAME\0\0'u +\w'FROM\0\0'u +\w'2006\0\0'u +\w'\*-\0\0'u +\w'Oct\0\0'u +\w'lastSun\0\0'u +\w'2:00\0\0'u +\w'SAVE\0\0'u
 .sp
 # Rule	NAME	FROM	TO	\*-	IN	ON	AT	SAVE	LETTER/S
 Rule	US	1967	2006	-	Oct	lastSun	2:00	0	S
 Rule	US	1967	1973	-	Apr	lastSun	2:00	1:00	D
-.ta \w'Zone\0\0America/Menominee\0\0'u +\w'STDOFF\0\0'u +\w'RULES\0\0'u +\w'FORMAT\0\0'u
-# Zone\0\0NAME	STDOFF	RULES	FORMAT	[UNTIL]
-Zone\0\0America/Menominee	\*-5:00	\*-	EST	1973 Apr 29 2:00
+.ta \w'# Zone\0\0'u +\w'America/Menominee\0\0'u +\w'STDOFF\0\0'u +\w'RULES\0\0'u +\w'FORMAT\0\0'u
+# Zone	NAME	STDOFF	RULES	FORMAT	[UNTIL]
+Zone	America/Menominee	\*-5:00	\*-	EST	1973 Apr 29 2:00
 	\*-6:00	US	C%sT
 .sp
 .in
@@ -687,13 +678,13 @@ interprets this more sensibly as a single transition from 02:00 CST (\*-05) to
 A link line has the form
 .sp
 .nf
-.ti +.5i
+.ti +2
 .ta \w'Link\0\0'u +\w'Europe/Istanbul\0\0'u
 Link	TARGET	LINK-NAME
 .sp
 For example:
 .sp
-.ti +.5i
+.ti +2
 Link	Europe/Istanbul	Asia/Istanbul
 .sp
 .fi
@@ -717,7 +708,7 @@ For example:
 .sp
 .ne 3
 .nf
-.in +2m
+.in +2
 .ta \w'Zone\0\0'u +\w'Greenwich\0\0'u
 Link	Greenwich	G_M_T
 Link	Etc/GMT	Greenwich
@@ -737,13 +728,13 @@ The file that describes leap seconds can have leap lines and an
 expiration line.
 Leap lines have the following form:
 .nf
-.ti +.5i
+.ti +2
 .ta \w'Leap\0\0'u +\w'YEAR\0\0'u +\w'MONTH\0\0'u +\w'DAY\0\0'u +\w'HH:MM:SS\0\0'u +\w'CORR\0\0'u
 .sp
 Leap	YEAR	MONTH	DAY	HH:MM:SS	CORR	R/S
 .sp
 For example:
-.ti +.5i
+.ti +2
 .sp
 Leap	2016	Dec	31	23:59:60	+	S
 .sp
@@ -791,13 +782,13 @@ option is used.
 .PP
 The expiration line, if present, has the form:
 .nf
-.ti +.5i
+.ti +2
 .ta \w'Expires\0\0'u +\w'YEAR\0\0'u +\w'MONTH\0\0'u +\w'DAY\0\0'u
 .sp
 Expires	YEAR	MONTH	DAY	HH:MM:SS
 .sp
 For example:
-.ti +.5i
+.ti +2
 .sp
 Expires	2020	Dec	28	00:00:00
 .sp
@@ -816,7 +807,7 @@ Here is an extended example of
 .B zic
 input, intended to illustrate many of its features.
 .nf
-.in +2m
+.in +2
 .ta \w'# Rule\0\0'u +\w'NAME\0\0'u +\w'FROM\0\0'u +\w'1973\0\0'u +\w'\*-\0\0'u +\w'Apr\0\0'u +\w'lastSun\0\0'u +\w'2:00\0\0'u +\w'SAVE\0\0'u
 .sp
 # Rule	NAME	FROM	TO	\*-	IN	ON	AT	SAVE	LETTER/S