diff --git a/systemd-mini.changes b/systemd-mini.changes
index 49998b05..e24b4142 100644
--- a/systemd-mini.changes
+++ b/systemd-mini.changes
@@ -1,3 +1,69 @@
+-------------------------------------------------------------------
+Fri Oct 15 12:09:44 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Import commit 8521f8d22fd44400289fcea03493ebd7f8b1487d (merge of v249.5)
+
+  For a complete list of changes, visit:
+  https://github.com/openSUSE/systemd/compare/355e113ce193e5e2d195278c57d47f9a1b00ae46...8521f8d22fd44400289fcea03493ebd7f8b1487d
+
+-------------------------------------------------------------------
+Fri Oct 15 11:54:34 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Import commit 355e113ce193e5e2d195278c57d47f9a1b00ae46
+
+  3b4a005095 meson: add missing include directory when using xkbcommon
+  4c4e642712 meson: allow extra net naming schemes to be defined during configuration (jsc#SLE-18514)
+  78466e4464 meson: drop the list of valid net naming schemes
+  b9a2098f9d netif-naming: inline one iterator variable
+  d7fbbc5e74 Add remaining supported schemes as options for default-net-naming-scheme
+
+-------------------------------------------------------------------
+Fri Oct 15 11:38:41 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Rename %{gnu-efi} into %{sd_boot}
+
+  Build conditionals (%bcond_with and %bcond_without) are used to
+  define a specific feature of systemd. "gnu-efi" is rather an
+  implemenation detail. Also not really sure what "efi" option alone
+  is useful for since systemd-boot & co depends on "gnu-efi".
+
+- Enable sd_boot support for aarch64
+
+-------------------------------------------------------------------
+Fri Oct 15 09:27:00 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Ghost own directories /var/log/journal and /var/log/journal/remote again
+
+  rpmlint no more complain about the setgid bit, see sr#923496.
+
+-------------------------------------------------------------------
+Fri Oct  8 11:14:20 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Overwriting rootprefix= is only required when split-usr is enabled
+
+-------------------------------------------------------------------
+Fri Oct  8 09:01:59 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Rename %usrmerged into %split_usr
+
+-------------------------------------------------------------------
+Wed Oct  6 07:40:24 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Suppress PAM warning when the credentials for user@.service service
+  are established (bsc#1190515)
+
+  systemd-user PAM service needs to define a default implementation of
+  pam_setcred() otherwise the fallback (defined by /etc/pam.d/other)
+  is used, which consists of pam_warn.so + pam_deny.so, and will throw
+  a warning each time a user logs in.
+
+-------------------------------------------------------------------
+Mon Oct  4 14:40:12 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- No need to install upstream pam configuration file "systemd-user"
+
+  It's overwritten by the SUSE version anyway.
+
 -------------------------------------------------------------------
 Wed Sep 29 10:04:38 UTC 2021 - Franck Bui <fbui@suse.com>
 
diff --git a/systemd-mini.spec b/systemd-mini.spec
index c7cf5326..e2e18d20 100644
--- a/systemd-mini.spec
+++ b/systemd-mini.spec
@@ -26,10 +26,9 @@
 ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! #####
 %define mini -mini
 %define min_kernel_version 4.5
-%define suse_version +suse.39.g7a5801342f
+%define suse_version +suse.47.g8521f8d22f
 %define _testsuitedir /usr/lib/systemd/tests
 
-%bcond_with     gnuefi
 %if 0%{?bootstrap}
 %bcond_with     coredump
 %bcond_with     importd
@@ -38,28 +37,33 @@
 %bcond_with     networkd
 %bcond_with     portabled
 %bcond_with     resolved
+%bcond_with     sd_boot
 %bcond_with     sysvcompat
 %bcond_with     experimental
 %bcond_with     testsuite
 %else
 %bcond_without  coredump
-%ifarch %{ix86} x86_64
-%bcond_without  gnuefi
-%endif
 %bcond_without  importd
 %bcond_without  journal_remote
 %bcond_without  machined
 %bcond_without  networkd
 %bcond_without  portabled
 %bcond_without  resolved
+%ifarch %{ix86} x86_64 aarch64
+%bcond_without  sd_boot
+%else
+%bcond_with     sd_boot
+%endif
 %bcond_without  sysvcompat
 %bcond_without  experimental
 %bcond_without  testsuite
 %endif
+# Kept to ease migrations toward SLE
+%bcond_with     split_usr
 
 Name:           systemd-mini
 URL:            http://www.freedesktop.org/wiki/Software/systemd
-Version:        249.4
+Version:        249.5
 Release:        0
 Summary:        A System and Session Manager
 License:        LGPL-2.1-or-later
@@ -115,7 +119,7 @@ BuildRequires:  pkgconfig(zlib)
 BuildRequires:  pkgconfig(libcurl)
 BuildRequires:  pkgconfig(libmicrohttpd) >= 0.9.33
 %endif
-%if %{with gnuefi}
+%if %{with sd_boot}
 BuildRequires:  gnu-efi
 %endif
 
@@ -604,14 +608,14 @@ Have fun with these services at your own risk.
         -Dmode=release \
         -Dversion-tag=%{version}%{suse_version} \
         -Ddocdir=%{_docdir}/systemd \
+%if %{with split_usr}
         -Drootprefix=/usr \
-%if !0%{?usrmerged}
         -Dsplit-usr=true \
 %endif
         -Dsplit-bin=true \
         -Dsystem-uid-max=499 \
         -Dsystem-gid-max=499 \
-        -Dpamconfdir=%{_pam_vendordir} \
+        -Dpamconfdir=no \
         -Dpamlibdir=%{_pam_moduledir} \
         -Dxinitrcdir=%{_distconfdir}/X11/xinit/xinitrc.d \
         -Drpmmacrosdir=no \
@@ -650,8 +654,12 @@ Have fun with these services at your own risk.
 %if %{without coredump}
         -Dcoredump=false \
 %endif
-%if %{without gnuefi}
+%if %{without sd_boot}
+        -Defi=false \
         -Dgnu-efi=false \
+%else
+        -Defi=true \
+        -Dgnu-efi=true \
 %endif
 %if %{without importd}
         -Dimportd=false \
@@ -723,7 +731,7 @@ for s in %{S:100} %{S:101} %{S:102}; do
 	install -m0755 -D $s %{buildroot}%{_prefix}/lib/systemd/scripts/${s#*/scripts-systemd-}
 done
 
-%if !0%{?usrmerged}
+%if %{with split_usr}
 # Legacy sysvinit tools
 mkdir -p %{buildroot}/sbin
 ln -s ../usr/lib/systemd/systemd %{buildroot}/sbin/init
@@ -743,7 +751,7 @@ rm -rf %{buildroot}/etc/systemd/system/*.target.{requires,wants}
 rm -f %{buildroot}/etc/systemd/system/default.target
 
 # Replace upstream systemd-user with the openSUSE one.
-install -m0644 %{S:2} %{buildroot}%{_pam_vendordir}
+install -m0644 -D --target-directory=%{buildroot}%{_pam_vendordir} %{S:2}
 
 # don't enable wall ask password service, it spams every console (bnc#747783)
 rm %{buildroot}%{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path
@@ -1215,8 +1223,10 @@ fi
 %files
 %defattr(-,root,root)
 %license LICENSE*
-%{_bindir}/busctl
+%if %{with sd_boot}
 %{_bindir}/bootctl
+%endif
+%{_bindir}/busctl
 %{_bindir}/hostnamectl
 %{_bindir}/kernel-install
 %{_bindir}/localectl
@@ -1365,7 +1375,7 @@ fi
 
 %{_pam_moduledir}/pam_systemd.so
 
-%if %{with gnuefi}
+%if %{with sd_boot}
 %dir %{_prefix}/lib/systemd/boot
 %dir %{_prefix}/lib/systemd/boot/efi
 %{_prefix}/lib/systemd/boot/efi/*.efi
@@ -1433,6 +1443,7 @@ fi
 %{_modprobedir}/systemd.conf
 
 # Some files created at runtime.
+%ghost %dir %attr(2755, root, systemd-journal) %{_localstatedir}/log/journal/
 %ghost %config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf
 %ghost %config(noreplace) %{_sysconfdir}/vconsole.conf
 %ghost %config(noreplace) %{_sysconfdir}/locale.conf
@@ -1542,7 +1553,6 @@ fi
 %defattr(-,root,root,-)
 %dir %{_docdir}/systemd
 %{_docdir}/systemd/html
-# /bootstrap
 %endif
 
 %files devel
@@ -1557,7 +1567,7 @@ fi
 
 %files sysvinit
 %defattr(-,root,root,-)
-%if !0%{?usrmerged}
+%if %{with split_usr}
 /sbin/init
 /sbin/reboot
 /sbin/halt
@@ -1764,6 +1774,7 @@ fi
 %{_mandir}/man8/systemd-journal-remote.*
 %{_mandir}/man8/systemd-journal-upload.*
 %{_datadir}/systemd/gatewayd
+%ghost %dir %{_localstatedir}/log/journal/remote
 %endif
 
 %if %{with networkd} || %{with resolved}
@@ -1785,7 +1796,6 @@ fi
 %{_unitdir}/systemd-networkd.service
 %{_unitdir}/systemd-networkd.socket
 %{_unitdir}/systemd-networkd-wait-online.service
-# Some files created at runtime
 %endif
 %if %{with resolved}
 %{_bindir}/resolvectl
diff --git a/systemd-user b/systemd-user
index f1d252b7..3907c885 100644
--- a/systemd-user
+++ b/systemd-user
@@ -2,8 +2,21 @@
 #
 # Used by systemd --user instances.
 
-account  include common-account
+# This is not about authentication per se (user@.service is a system
+# service anyway) but to give the possibility to user services
+# (especially those like gnome-terminal, see [1]) to have theirs
+# credentials extended similar to the ones received by a user when he
+# logs in (and the full PAM authentication stack is run). See [2] and
+# [3] for details.
+#
+# [1] https://gitlab.gnome.org/GNOME/gdm/-/issues/393
+# [2] https://github.com/systemd/systemd/issues/11198
+# [3] https://bugzilla.suse.com/show_bug.cgi?id=1190515
+#
+auth include common-auth
+
+account  include  common-account
 
 session  required pam_selinux.so close
 session  required pam_selinux.so nottys open
-session  include common-session
+session  include  common-session
diff --git a/systemd-v249.4+suse.39.g7a5801342f.tar.xz b/systemd-v249.4+suse.39.g7a5801342f.tar.xz
deleted file mode 100644
index 5000653b..00000000
--- a/systemd-v249.4+suse.39.g7a5801342f.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:253802820cf7090eb06e26f5dc23dfd9dfd967fc20b8c85350ea4856fe99442d
-size 7266304
diff --git a/systemd-v249.5+suse.47.g8521f8d22f.tar.xz b/systemd-v249.5+suse.47.g8521f8d22f.tar.xz
new file mode 100644
index 00000000..5c5dfb3d
--- /dev/null
+++ b/systemd-v249.5+suse.47.g8521f8d22f.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e8a0ffb611331f565bf6bc5b7ec30cf9725cf462b08dae3c2b7bd344d1c9ed7c
+size 7268136
diff --git a/systemd.changes b/systemd.changes
index 49998b05..e24b4142 100644
--- a/systemd.changes
+++ b/systemd.changes
@@ -1,3 +1,69 @@
+-------------------------------------------------------------------
+Fri Oct 15 12:09:44 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Import commit 8521f8d22fd44400289fcea03493ebd7f8b1487d (merge of v249.5)
+
+  For a complete list of changes, visit:
+  https://github.com/openSUSE/systemd/compare/355e113ce193e5e2d195278c57d47f9a1b00ae46...8521f8d22fd44400289fcea03493ebd7f8b1487d
+
+-------------------------------------------------------------------
+Fri Oct 15 11:54:34 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Import commit 355e113ce193e5e2d195278c57d47f9a1b00ae46
+
+  3b4a005095 meson: add missing include directory when using xkbcommon
+  4c4e642712 meson: allow extra net naming schemes to be defined during configuration (jsc#SLE-18514)
+  78466e4464 meson: drop the list of valid net naming schemes
+  b9a2098f9d netif-naming: inline one iterator variable
+  d7fbbc5e74 Add remaining supported schemes as options for default-net-naming-scheme
+
+-------------------------------------------------------------------
+Fri Oct 15 11:38:41 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Rename %{gnu-efi} into %{sd_boot}
+
+  Build conditionals (%bcond_with and %bcond_without) are used to
+  define a specific feature of systemd. "gnu-efi" is rather an
+  implemenation detail. Also not really sure what "efi" option alone
+  is useful for since systemd-boot & co depends on "gnu-efi".
+
+- Enable sd_boot support for aarch64
+
+-------------------------------------------------------------------
+Fri Oct 15 09:27:00 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Ghost own directories /var/log/journal and /var/log/journal/remote again
+
+  rpmlint no more complain about the setgid bit, see sr#923496.
+
+-------------------------------------------------------------------
+Fri Oct  8 11:14:20 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Overwriting rootprefix= is only required when split-usr is enabled
+
+-------------------------------------------------------------------
+Fri Oct  8 09:01:59 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Rename %usrmerged into %split_usr
+
+-------------------------------------------------------------------
+Wed Oct  6 07:40:24 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Suppress PAM warning when the credentials for user@.service service
+  are established (bsc#1190515)
+
+  systemd-user PAM service needs to define a default implementation of
+  pam_setcred() otherwise the fallback (defined by /etc/pam.d/other)
+  is used, which consists of pam_warn.so + pam_deny.so, and will throw
+  a warning each time a user logs in.
+
+-------------------------------------------------------------------
+Mon Oct  4 14:40:12 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- No need to install upstream pam configuration file "systemd-user"
+
+  It's overwritten by the SUSE version anyway.
+
 -------------------------------------------------------------------
 Wed Sep 29 10:04:38 UTC 2021 - Franck Bui <fbui@suse.com>
 
diff --git a/systemd.spec b/systemd.spec
index bd5c5924..17246d92 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -24,10 +24,9 @@
 %define bootstrap 0
 %define mini %nil
 %define min_kernel_version 4.5
-%define suse_version +suse.39.g7a5801342f
+%define suse_version +suse.47.g8521f8d22f
 %define _testsuitedir /usr/lib/systemd/tests
 
-%bcond_with     gnuefi
 %if 0%{?bootstrap}
 %bcond_with     coredump
 %bcond_with     importd
@@ -36,28 +35,33 @@
 %bcond_with     networkd
 %bcond_with     portabled
 %bcond_with     resolved
+%bcond_with     sd_boot
 %bcond_with     sysvcompat
 %bcond_with     experimental
 %bcond_with     testsuite
 %else
 %bcond_without  coredump
-%ifarch %{ix86} x86_64
-%bcond_without  gnuefi
-%endif
 %bcond_without  importd
 %bcond_without  journal_remote
 %bcond_without  machined
 %bcond_without  networkd
 %bcond_without  portabled
 %bcond_without  resolved
+%ifarch %{ix86} x86_64 aarch64
+%bcond_without  sd_boot
+%else
+%bcond_with     sd_boot
+%endif
 %bcond_without  sysvcompat
 %bcond_without  experimental
 %bcond_without  testsuite
 %endif
+# Kept to ease migrations toward SLE
+%bcond_with     split_usr
 
 Name:           systemd
 URL:            http://www.freedesktop.org/wiki/Software/systemd
-Version:        249.4
+Version:        249.5
 Release:        0
 Summary:        A System and Session Manager
 License:        LGPL-2.1-or-later
@@ -113,7 +117,7 @@ BuildRequires:  pkgconfig(zlib)
 BuildRequires:  pkgconfig(libcurl)
 BuildRequires:  pkgconfig(libmicrohttpd) >= 0.9.33
 %endif
-%if %{with gnuefi}
+%if %{with sd_boot}
 BuildRequires:  gnu-efi
 %endif
 
@@ -602,14 +606,14 @@ Have fun with these services at your own risk.
         -Dmode=release \
         -Dversion-tag=%{version}%{suse_version} \
         -Ddocdir=%{_docdir}/systemd \
+%if %{with split_usr}
         -Drootprefix=/usr \
-%if !0%{?usrmerged}
         -Dsplit-usr=true \
 %endif
         -Dsplit-bin=true \
         -Dsystem-uid-max=499 \
         -Dsystem-gid-max=499 \
-        -Dpamconfdir=%{_pam_vendordir} \
+        -Dpamconfdir=no \
         -Dpamlibdir=%{_pam_moduledir} \
         -Dxinitrcdir=%{_distconfdir}/X11/xinit/xinitrc.d \
         -Drpmmacrosdir=no \
@@ -648,8 +652,12 @@ Have fun with these services at your own risk.
 %if %{without coredump}
         -Dcoredump=false \
 %endif
-%if %{without gnuefi}
+%if %{without sd_boot}
+        -Defi=false \
         -Dgnu-efi=false \
+%else
+        -Defi=true \
+        -Dgnu-efi=true \
 %endif
 %if %{without importd}
         -Dimportd=false \
@@ -721,7 +729,7 @@ for s in %{S:100} %{S:101} %{S:102}; do
 	install -m0755 -D $s %{buildroot}%{_prefix}/lib/systemd/scripts/${s#*/scripts-systemd-}
 done
 
-%if !0%{?usrmerged}
+%if %{with split_usr}
 # Legacy sysvinit tools
 mkdir -p %{buildroot}/sbin
 ln -s ../usr/lib/systemd/systemd %{buildroot}/sbin/init
@@ -741,7 +749,7 @@ rm -rf %{buildroot}/etc/systemd/system/*.target.{requires,wants}
 rm -f %{buildroot}/etc/systemd/system/default.target
 
 # Replace upstream systemd-user with the openSUSE one.
-install -m0644 %{S:2} %{buildroot}%{_pam_vendordir}
+install -m0644 -D --target-directory=%{buildroot}%{_pam_vendordir} %{S:2}
 
 # don't enable wall ask password service, it spams every console (bnc#747783)
 rm %{buildroot}%{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path
@@ -1213,8 +1221,10 @@ fi
 %files
 %defattr(-,root,root)
 %license LICENSE*
-%{_bindir}/busctl
+%if %{with sd_boot}
 %{_bindir}/bootctl
+%endif
+%{_bindir}/busctl
 %{_bindir}/hostnamectl
 %{_bindir}/kernel-install
 %{_bindir}/localectl
@@ -1363,7 +1373,7 @@ fi
 
 %{_pam_moduledir}/pam_systemd.so
 
-%if %{with gnuefi}
+%if %{with sd_boot}
 %dir %{_prefix}/lib/systemd/boot
 %dir %{_prefix}/lib/systemd/boot/efi
 %{_prefix}/lib/systemd/boot/efi/*.efi
@@ -1431,6 +1441,7 @@ fi
 %{_modprobedir}/systemd.conf
 
 # Some files created at runtime.
+%ghost %dir %attr(2755, root, systemd-journal) %{_localstatedir}/log/journal/
 %ghost %config(noreplace) %{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf
 %ghost %config(noreplace) %{_sysconfdir}/vconsole.conf
 %ghost %config(noreplace) %{_sysconfdir}/locale.conf
@@ -1540,7 +1551,6 @@ fi
 %defattr(-,root,root,-)
 %dir %{_docdir}/systemd
 %{_docdir}/systemd/html
-# /bootstrap
 %endif
 
 %files devel
@@ -1555,7 +1565,7 @@ fi
 
 %files sysvinit
 %defattr(-,root,root,-)
-%if !0%{?usrmerged}
+%if %{with split_usr}
 /sbin/init
 /sbin/reboot
 /sbin/halt
@@ -1762,6 +1772,7 @@ fi
 %{_mandir}/man8/systemd-journal-remote.*
 %{_mandir}/man8/systemd-journal-upload.*
 %{_datadir}/systemd/gatewayd
+%ghost %dir %{_localstatedir}/log/journal/remote
 %endif
 
 %if %{with networkd} || %{with resolved}
@@ -1783,7 +1794,6 @@ fi
 %{_unitdir}/systemd-networkd.service
 %{_unitdir}/systemd-networkd.socket
 %{_unitdir}/systemd-networkd-wait-online.service
-# Some files created at runtime
 %endif
 %if %{with resolved}
 %{_bindir}/resolvectl