diff --git a/0001-strv-add-an-additional-overflow-check-when-enlarging.patch b/0001-strv-add-an-additional-overflow-check-when-enlarging.patch
new file mode 100644
index 00000000..3f953f4f
--- /dev/null
+++ b/0001-strv-add-an-additional-overflow-check-when-enlarging.patch
@@ -0,0 +1,35 @@
+Based on 97569e154b80541cbad39d78231b7f360d4ff058 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 21 Oct 2014 14:01:28 +0200
+Subject: [PATCH] strv: add an additional overflow check when enlarging
+ strv()s
+
+https://bugs.freedesktop.org/show_bug.cgi?id=76745
+---
+ src/shared/strv.c |   10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- src/shared/strv.c
++++ src/shared/strv.c	2014-10-23 00:00:00.000000000 +0000
+@@ -361,13 +361,19 @@ char *strv_join_quoted(char **l) {
+ 
+ int strv_push(char ***l, char *value) {
+         char **c;
+-        unsigned n;
++        unsigned n, m;
+ 
+         if (!value)
+                 return 0;
+ 
+         n = strv_length(*l);
+-        c = realloc(*l, sizeof(char*) * (n + 2));
++
++        /* increase and check for overflow */
++        m = n + 2;
++        if (m < n)
++                return -ENOMEM;
++
++        c = realloc(*l, sizeof(char*) * (size_t) m);
+         if (!c)
+                 return -ENOMEM;
+ 
diff --git a/0002-hwdb-Add-mapping-for-special-keys-on-compaq-ku-0133-.patch b/0002-hwdb-Add-mapping-for-special-keys-on-compaq-ku-0133-.patch
new file mode 100644
index 00000000..8304b2d4
--- /dev/null
+++ b/0002-hwdb-Add-mapping-for-special-keys-on-compaq-ku-0133-.patch
@@ -0,0 +1,42 @@
+From fc1ae82cae69d8dbbd9e7a31938810a486fac782 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Wed, 22 Oct 2014 14:09:21 +0200
+Subject: [PATCH] hwdb: Add mapping for special keys on compaq ku 0133
+ keyboards
+
+The compaq ku 0133 keyboard has 8 special keys at the top:
+http://lackof.org/taggart/hacking/keyboard/cpqwireless.jpg
+
+3 of these use standard HID usage codes from the consumer page, the 5
+others use part of the reserved 0x07 - 0x1f range.
+
+This commit adds mapping for this keyboard for these reserved codes, making
+the other 5 keys work.
+
+Cc: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ hwdb/60-keyboard.hwdb |    7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git hwdb/60-keyboard.hwdb hwdb/60-keyboard.hwdb
+index 59f467b..06caba9 100644
+--- hwdb/60-keyboard.hwdb
++++ hwdb/60-keyboard.hwdb
+@@ -181,6 +181,13 @@ keyboard:dmi:bvn*:bvr*:bd*:svnCompaq*:pn*Evo*N*:pvr*
+  KEYBOARD_KEY_9e=email
+  KEYBOARD_KEY_9f=homepage
+ 
++keyboard:usb:v049Fp0051d*dc*dsc*dp*ic*isc*ip*in01*
++ KEYBOARD_KEY_0c0011=presentation
++ KEYBOARD_KEY_0c0012=addressbook
++ KEYBOARD_KEY_0c0013=info
++ KEYBOARD_KEY_0c0014=prog1
++ KEYBOARD_KEY_0c0015=messenger
++
+ ###########################################################
+ # Dell
+ ###########################################################
+-- 
+1.7.9.2
+
diff --git a/0003-journald-add-CAP_MAC_OVERRIDE-in-journald-for-SMACK-.patch b/0003-journald-add-CAP_MAC_OVERRIDE-in-journald-for-SMACK-.patch
new file mode 100644
index 00000000..c88ed60b
--- /dev/null
+++ b/0003-journald-add-CAP_MAC_OVERRIDE-in-journald-for-SMACK-.patch
@@ -0,0 +1,41 @@
+From f2a474aea8f82fa9b695515d4590f4f3398358a7 Mon Sep 17 00:00:00 2001
+From: Juho Son <juho80.son@samsung.com>
+Date: Thu, 11 Sep 2014 16:06:38 +0900
+Subject: [PATCH] journald: add CAP_MAC_OVERRIDE in journald for SMACK issue
+
+systemd-journald check the cgroup id to support rate limit option for
+every messages. so journald should be available to access cgroup node in
+each process send messages to journald.
+In system using SMACK, cgroup node in proc is assigned execute label
+as each process's execute label.
+so if journald don't want to denied for every process, journald
+should have all of access rule for all process's label.
+It's too heavy. so we could give special smack label for journald te get
+all accesses's permission.
+'^' label.
+When assign '^' execute smack label to systemd-journald,
+systemd-journald need to add  CAP_MAC_OVERRIDE capability to get that smack privilege.
+
+so I want to notice this information and set default capability to
+journald whether system use SMACK or not.
+because that capability affect to only smack enabled kernel
+---
+ units/systemd-journald.service.in |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git units/systemd-journald.service.in units/systemd-journald.service.in
+index 7013979..4de38fa 100644
+--- units/systemd-journald.service.in
++++ units/systemd-journald.service.in
+@@ -20,7 +20,7 @@ Restart=always
+ RestartSec=0
+ NotifyAccess=all
+ StandardOutput=null
+-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID
++CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
+ WatchdogSec=1min
+ 
+ # Increase the default a bit in order to allow many simultaneous
+-- 
+1.7.9.2
+
diff --git a/0004-journal-do-server_vacuum-for-sigusr1.patch b/0004-journal-do-server_vacuum-for-sigusr1.patch
new file mode 100644
index 00000000..530a5397
--- /dev/null
+++ b/0004-journal-do-server_vacuum-for-sigusr1.patch
@@ -0,0 +1,30 @@
+From 3bfd4e0c6341b0ef946d2198f089743fa99e0a97 Mon Sep 17 00:00:00 2001
+From: WaLyong Cho <walyong.cho@samsung.com>
+Date: Thu, 28 Aug 2014 21:33:03 +0900
+Subject: [PATCH] journal: do server_vacuum for sigusr1
+
+runtime journal is migrated to system journal when only
+"/run/systemd/journal/flushed" exist. It's ok but according to this
+the system journal directory size(max use) can be over the config. If
+journal is not rotated during some time the journal directory can be
+remained as over the config(or default) size. To avoid, do
+server_vacuum just after the system journal migration from runtime.
+---
+ src/journal/journald-server.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git src/journal/journald-server.c src/journal/journald-server.c
+index 52111f7..bf9cfcc 100644
+--- src/journal/journald-server.c
++++ src/journal/journald-server.c
+@@ -1224,6 +1224,7 @@ static int dispatch_sigusr1(sd_event_source *es, const struct signalfd_siginfo *
+         touch("/run/systemd/journal/flushed");
+         server_flush_to_var(s);
+         server_sync(s);
++        server_vacuum(s);
+ 
+         return 0;
+ }
+-- 
+1.7.9.2
+
diff --git a/0005-cryptsetup-fix-an-OOM-check.patch b/0005-cryptsetup-fix-an-OOM-check.patch
new file mode 100644
index 00000000..23b39bb5
--- /dev/null
+++ b/0005-cryptsetup-fix-an-OOM-check.patch
@@ -0,0 +1,25 @@
+From 0e2f14014c65b4d8b30146e414579154cfa932da Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 23 Oct 2014 00:30:04 +0200
+Subject: [PATCH] cryptsetup: fix an OOM check
+
+---
+ src/cryptsetup/cryptsetup-generator.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git src/cryptsetup/cryptsetup-generator.c src/cryptsetup/cryptsetup-generator.c
+index 137b787..c7f30f6 100644
+--- src/cryptsetup/cryptsetup-generator.c
++++ src/cryptsetup/cryptsetup-generator.c
+@@ -387,7 +387,7 @@ int main(int argc, char *argv[]) {
+                                 if (k == 2 && streq(proc_uuid, device + 5)) {
+                                         free(options);
+                                         options = strdup(p);
+-                                        if (!proc_options) {
++                                        if (!options) {
+                                                 log_oom();
+                                                 goto cleanup;
+                                         }
+-- 
+1.7.9.2
+
diff --git a/systemd-mini.changes b/systemd-mini.changes
index 3ae63a41..7eb5d40d 100644
--- a/systemd-mini.changes
+++ b/systemd-mini.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu Oct 23 14:05:08 UTC 2014 - werner@suse.de
+
+- Add upstream patches
+  0001-strv-add-an-additional-overflow-check-when-enlarging.patch
+  0002-hwdb-Add-mapping-for-special-keys-on-compaq-ku-0133-.patch
+  0003-journald-add-CAP_MAC_OVERRIDE-in-journald-for-SMACK-.patch
+  0004-journal-do-server_vacuum-for-sigusr1.patch
+  0005-cryptsetup-fix-an-OOM-check.patch
+
 -------------------------------------------------------------------
 Wed Oct 22 13:56:22 UTC 2014 - werner@suse.de
 
diff --git a/systemd-mini.spec b/systemd-mini.spec
index 4e04d0ef..6751159a 100644
--- a/systemd-mini.spec
+++ b/systemd-mini.spec
@@ -964,6 +964,16 @@ Patch466:       0001-systemd-continue-switch-root-even-if-umount-fails.patch
 Patch467:       0002-systemd-try-harder-to-bind-to-notify-socket.patch
 # PATCH-FIX-SUSE added at 2014/10/15
 Patch468:       avoid-leaking-socket-descriptors.patch
+# PATCH-FIX-UPSTREAM added at 2014/10/23
+Patch469:       0001-strv-add-an-additional-overflow-check-when-enlarging.patch
+# PATCH-FIX-UPSTREAM added at 2014/10/23
+Patch470:       0002-hwdb-Add-mapping-for-special-keys-on-compaq-ku-0133-.patch
+# PATCH-FIX-UPSTREAM added at 2014/10/23
+Patch471:       0003-journald-add-CAP_MAC_OVERRIDE-in-journald-for-SMACK-.patch
+# PATCH-FIX-UPSTREAM added at 2014/10/23
+Patch472:       0004-journal-do-server_vacuum-for-sigusr1.patch
+# PATCH-FIX-UPSTREAM added at 2014/10/23
+Patch473:       0005-cryptsetup-fix-an-OOM-check.patch
 
 # UDEV PATCHES
 # ============
@@ -1778,6 +1788,11 @@ cp %{SOURCE7} m4/
 %patch466 -p0
 %patch467 -p0
 %patch468 -p0
+%patch469 -p0
+%patch470 -p0
+%patch471 -p0
+%patch472 -p0
+%patch473 -p0
 
 # udev patches
 %patch1001 -p1
diff --git a/systemd.changes b/systemd.changes
index 3ae63a41..7eb5d40d 100644
--- a/systemd.changes
+++ b/systemd.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu Oct 23 14:05:08 UTC 2014 - werner@suse.de
+
+- Add upstream patches
+  0001-strv-add-an-additional-overflow-check-when-enlarging.patch
+  0002-hwdb-Add-mapping-for-special-keys-on-compaq-ku-0133-.patch
+  0003-journald-add-CAP_MAC_OVERRIDE-in-journald-for-SMACK-.patch
+  0004-journal-do-server_vacuum-for-sigusr1.patch
+  0005-cryptsetup-fix-an-OOM-check.patch
+
 -------------------------------------------------------------------
 Wed Oct 22 13:56:22 UTC 2014 - werner@suse.de
 
diff --git a/systemd.spec b/systemd.spec
index 7e1e0e80..ffa49e2c 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -959,6 +959,16 @@ Patch466:       0001-systemd-continue-switch-root-even-if-umount-fails.patch
 Patch467:       0002-systemd-try-harder-to-bind-to-notify-socket.patch
 # PATCH-FIX-SUSE added at 2014/10/15
 Patch468:       avoid-leaking-socket-descriptors.patch
+# PATCH-FIX-UPSTREAM added at 2014/10/23
+Patch469:       0001-strv-add-an-additional-overflow-check-when-enlarging.patch
+# PATCH-FIX-UPSTREAM added at 2014/10/23
+Patch470:       0002-hwdb-Add-mapping-for-special-keys-on-compaq-ku-0133-.patch
+# PATCH-FIX-UPSTREAM added at 2014/10/23
+Patch471:       0003-journald-add-CAP_MAC_OVERRIDE-in-journald-for-SMACK-.patch
+# PATCH-FIX-UPSTREAM added at 2014/10/23
+Patch472:       0004-journal-do-server_vacuum-for-sigusr1.patch
+# PATCH-FIX-UPSTREAM added at 2014/10/23
+Patch473:       0005-cryptsetup-fix-an-OOM-check.patch
 
 # UDEV PATCHES
 # ============
@@ -1773,6 +1783,11 @@ cp %{SOURCE7} m4/
 %patch466 -p0
 %patch467 -p0
 %patch468 -p0
+%patch469 -p0
+%patch470 -p0
+%patch471 -p0
+%patch472 -p0
+%patch473 -p0
 
 # udev patches
 %patch1001 -p1