diff -Nru systemd-239/debian/changelog systemd-239/debian/changelog
--- systemd-239/debian/changelog	2018-11-29 16:53:00.000000000 +0000
+++ systemd-239/debian/changelog	2018-12-03 13:49:24.000000000 +0000
@@ -1,3 +1,29 @@
+systemd (239-7ubuntu15) disco; urgency=medium
+
+  * core: set /run size to 10%, like initramfs-tools does.
+    Currently there is a difference between initrd and initrd-less boots,
+    w.r.t. size= mount option of /run. This yields different runtime journald caps
+    (1% vs 10%), and on dense deployments of containers may result in OOM kills.
+    (LP: #1799251)
+    File: debian/patches/debian/UBUNTU-core-set-run-size-to-10-like-initramfs-tools-does.patch
+    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1fac2568fe716dc1a41bada78293dc6327a6df0d
+
+  * resolved: Increase size of TCP stub replies.
+    DNS_PACKET_PAYLOAD_SIZE_MAX is limiting the size of the stub replies to
+    512 with EDNS off or 4096 with EDNS on, without checking the protocol
+    used. This makes TCP replies for clients without EDNS support to be
+    limited to 512, making the truncate flag useless if the query result is
+    bigger than 512 bytes.
+    This commit increases the size of TCP replies to DNS_PACKET_SIZE_MAX
+    Fixes: #10816
+    (cherry picked from commit e6eed9445956cfa496e1db933bfd3530db23bfce)
+    (LP: #1804487)
+    Author: Victor Tapia
+    File: debian/patches/resolved-Increase-size-of-TCP-stub-replies.patch
+    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=702a4566174c4d2bd84b70805107cfc1a7c128cc
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 03 Dec 2018 13:49:24 +0000
+
 systemd (239-7ubuntu14) disco; urgency=medium
 
   * Fix compat with new meson.
diff -Nru systemd-239/debian/patches/debian/UBUNTU-core-set-run-size-to-10-like-initramfs-tools-does.patch systemd-239/debian/patches/debian/UBUNTU-core-set-run-size-to-10-like-initramfs-tools-does.patch
--- systemd-239/debian/patches/debian/UBUNTU-core-set-run-size-to-10-like-initramfs-tools-does.patch	1970-01-01 00:00:00.000000000 +0000
+++ systemd-239/debian/patches/debian/UBUNTU-core-set-run-size-to-10-like-initramfs-tools-does.patch	2018-12-03 13:38:52.000000000 +0000
@@ -0,0 +1,30 @@
+From: Dimitri John Ledkov <xnox@ubuntu.com>
+Date: Mon, 3 Dec 2018 12:31:20 +0000
+Subject: core: set /run size to 10%, like initramfs-tools does.
+
+Currently there is a difference between initrd and initrd-less boots,
+w.r.t. size= mount option of /run. This yields different runtime journald caps
+(1% vs 10%), and on dense deployments of containers may result in OOM kills.
+
+LP: #1799251
+---
+ src/core/mount-setup.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
+index 908a83f..7de24b5 100644
+--- a/src/core/mount-setup.c
++++ b/src/core/mount-setup.c
+@@ -76,10 +76,10 @@ static const MountPoint mount_table[] = {
+         { "devpts",      "/dev/pts",                  "devpts",     "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC,
+           NULL,          MNT_IN_CONTAINER           },
+ #if ENABLE_SMACK
+-        { "tmpfs",       "/run",                      "tmpfs",      "mode=755,smackfsroot=*",  MS_NOSUID|MS_NODEV|MS_STRICTATIME,
++        { "tmpfs",       "/run",                      "tmpfs",      "mode=755,size=10%,smackfsroot=*",  MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+           mac_smack_use, MNT_FATAL                  },
+ #endif
+-        { "tmpfs",       "/run",                      "tmpfs",      "mode=755",                MS_NOSUID|MS_NODEV|MS_STRICTATIME,
++        { "tmpfs",       "/run",                      "tmpfs",      "mode=755,size=10%",                MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+           NULL,          MNT_FATAL|MNT_IN_CONTAINER },
+         { "tmpfs",       "/run/lock",                 "tmpfs",      "mode=1777,size=5242880",  MS_NOSUID|MS_NODEV|MS_NOEXEC,
+           NULL,          MNT_FATAL|MNT_IN_CONTAINER },
diff -Nru systemd-239/debian/patches/resolved-Increase-size-of-TCP-stub-replies.patch systemd-239/debian/patches/resolved-Increase-size-of-TCP-stub-replies.patch
--- systemd-239/debian/patches/resolved-Increase-size-of-TCP-stub-replies.patch	1970-01-01 00:00:00.000000000 +0000
+++ systemd-239/debian/patches/resolved-Increase-size-of-TCP-stub-replies.patch	2018-12-03 13:38:52.000000000 +0000
@@ -0,0 +1,39 @@
+From: Victor Tapia <victor.tapia@canonical.com>
+Date: Wed, 21 Nov 2018 14:01:04 +0100
+Subject: resolved: Increase size of TCP stub replies
+
+DNS_PACKET_PAYLOAD_SIZE_MAX is limiting the size of the stub replies to
+512 with EDNS off or 4096 with EDNS on, without checking the protocol
+used. This makes TCP replies for clients without EDNS support to be
+limited to 512, making the truncate flag useless if the query result is
+bigger than 512 bytes.
+
+This commit increases the size of TCP replies to DNS_PACKET_SIZE_MAX
+
+LP: #1804487
+Fixes: #10816
+(cherry picked from commit e6eed9445956cfa496e1db933bfd3530db23bfce)
+---
+ src/resolve/resolved-dns-packet.h | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h
+index 8e9d74a..22ef871 100644
+--- a/src/resolve/resolved-dns-packet.h
++++ b/src/resolve/resolved-dns-packet.h
+@@ -120,11 +120,14 @@ static inline uint16_t DNS_PACKET_RCODE(DnsPacket *p) {
+ 
+ static inline uint16_t DNS_PACKET_PAYLOAD_SIZE_MAX(DnsPacket *p) {
+ 
+-        /* Returns the advertised maximum datagram size for replies, or the DNS default if there's nothing defined. */
++        /* Returns the advertised maximum size for replies, or the DNS default if there's nothing defined. */
+ 
+         if (p->opt)
+                 return MAX(DNS_PACKET_UNICAST_SIZE_MAX, p->opt->key->class);
+ 
++        if (p->ipproto == IPPROTO_TCP)
++                return DNS_PACKET_SIZE_MAX;
++
+         return DNS_PACKET_UNICAST_SIZE_MAX;
+ }
+ 
diff -Nru systemd-239/debian/patches/series systemd-239/debian/patches/series
--- systemd-239/debian/patches/series	2018-11-29 16:49:22.000000000 +0000
+++ systemd-239/debian/patches/series	2018-12-03 13:38:52.000000000 +0000
@@ -49,6 +49,7 @@
 hwdb-Update-PNP-IDs-of-Goldstar-now-LG-Electronics-.-1005.patch
 hwdb-revert-airplane-mode-keys-handling-on-Dell.patch
 meson-rename-Ddebug-to-Ddebug-extra.patch
+resolved-Increase-size-of-TCP-stub-replies.patch
 debian/Use-Debian-specific-config-files.patch
 debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
 debian/Make-run-lock-tmpfs-an-API-fs.patch
@@ -91,6 +92,7 @@
 debian/UBUNTU-Support-system-image-read-only-etc.patch
 debian/UBUNTU-bump-selftest-timeouts.patch
 debian/UBUNTU-units-disable-journald-watchdog.patch
+debian/UBUNTU-core-set-run-size-to-10-like-initramfs-tools-does.patch
 CVE-2018-15688.patch
 CVE-2018-15686.patch
 CVE-2018-15687.patch