rpms
/
systemd
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backport fixes 

Resolves: #1283971
Resolves: #1279156
Resolves: #1278475
Resolves: #1266776
Resolves: #1266775
Resolves: #1255619
Resolves: #1238285
Resolves: #1182661
Resolves: #1287592
This commit is contained in:
Jan Synacek 2015-12-14 10:17:38 +01:00
parent c9f6df1cdc
commit 60ed166b54
12 changed files with 567 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
0057-user-sessions-make-sure-run-nologin-has-correct-SELi.patch Normal file
View File

@ -0,0 +1,56 @@
From fa5147fc7c5fcc26d742f87f63a6216bd88ea091 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Dec 2015 21:33:42 +0100
Subject: [PATCH 01/12] user-sessions: make sure /run/nologin has correct
SELinux label
(cherry picked from commit ea4e6292af593b3b631560ac5139ad1f7442d881)
Resolves: #1287592
---
src/user-sessions/user-sessions.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/user-sessions/user-sessions.c b/src/user-sessions/user-sessions.c
index 1c31769..dc27723 100644
--- a/src/user-sessions/user-sessions.c
+++ b/src/user-sessions/user-sessions.c
@@ -22,7 +22,9 @@
#include <unistd.h>
#include <errno.h>
+#include "fileio-label.h"
#include "log.h"
+#include "selinux-util.h"
#include "util.h"
#include "fileio.h"
@@ -39,6 +41,8 @@ int main(int argc, char*argv[]) {
umask(0022);
+ mac_selinux_init(NULL);
+
if (streq(argv[1], "start")) {
int r = 0;
@@ -65,7 +69,7 @@ int main(int argc, char*argv[]) {
} else if (streq(argv[1], "stop")) {
int r;
- r = write_string_file_atomic("/run/nologin", "System is going down.");
+ r = write_string_file_atomic_label("/run/nologin", "System is going down.");
if (r < 0) {
log_error_errno(r, "Failed to create /run/nologin: %m");
return EXIT_FAILURE;
@@ -76,5 +80,7 @@ int main(int argc, char*argv[]) {
return EXIT_FAILURE;
}
+ mac_selinux_finish();
+
return EXIT_SUCCESS;
}
--
2.5.0

28
0058-login-make-sure-run-nologin-has-correct-SELinux-labe.patch Normal file
View File

@ -0,0 +1,28 @@
From f8e8050017326f83fc2be3a8e7a344e795b1430d Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 4 Dec 2015 22:29:38 +0100
Subject: [PATCH 02/12] login: make sure /run/nologin has correct SELinux label
(cherry picked from commit 716cff4b459017028ddb4460cdfdcd09acb36dff)
Resolves: #1287592
---
src/login/logind-dbus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 291f307..1c1011c 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1774,7 +1774,7 @@ static int nologin_timeout_handler(
log_info("Creating /run/nologin, blocking further logins...");
- r = write_string_file_atomic("/run/nologin", "System is going down.");
+ r = write_string_file_atomic_label("/run/nologin", "System is going down.");
if (r < 0)
log_error_errno(r, "Failed to create /run/nologin: %m");
else
--
2.5.0

44
0059-man-journalctl-mention-systemd.time-7-where-appropri.patch Normal file
View File

@ -0,0 +1,44 @@
From 87c3c33f022344d007d181e62267671a09605f84 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 10 Nov 2015 13:05:48 +0100
Subject: [PATCH 03/12] man/journalctl: mention systemd.time(7) where
appropriate
Original bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1182661
(cherry picked from commit 20b2aec031f79018d290b8f42ab6c3e1116f2d89)
Resolves: #1182661
---
man/journalctl.xml | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/man/journalctl.xml b/man/journalctl.xml
index ca93364..a49c87d 100644
--- a/man/journalctl.xml
+++ b/man/journalctl.xml
@@ -554,7 +554,10 @@
respectively. <literal>now</literal> refers to the current
time. Finally, relative times may be specified, prefixed with
<literal>-</literal> or <literal>+</literal>, referring to
- times before or after the current time, respectively.</para>
+ times before or after the current time, respectively. For complete
+ time and date specification, see
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
+ </para>
</listitem>
</varlistentry>
@@ -836,7 +839,8 @@
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>coredumpctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>
--
2.5.0

57
0060-sd-device-never-return-NULL-0.patch Normal file
View File

@ -0,0 +1,57 @@
From f88ff4551822931baf9f6b03f59e49d69c950885 Mon Sep 17 00:00:00 2001
From: David Herrmann <dh.herrmann@gmail.com>
Date: Wed, 15 Jul 2015 12:30:08 +0200
Subject: [PATCH 04/12] sd-device: never return NULL+0
It is highly confusing if a getter function returns 0, but the value is
set to NULL. This, right now, triggers assertions as code relies on the
returned values to be non-NULL.
Like with sd-bus-creds and friends, return 0 only if a value is actually
available.
Discussed with Tom, and actually fixes real bugs as in #512.
(cherry picked from commit bf4c113e179650c07a8f95a14d71f365dbfe66e4)
Resolves: #1238285
---
src/libsystemd/sd-device/sd-device.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
index b274f71..7cea5a0 100644
--- a/src/libsystemd/sd-device/sd-device.c
+++ b/src/libsystemd/sd-device/sd-device.c
@@ -791,6 +791,9 @@ _public_ int sd_device_get_subsystem(sd_device *device, const char **ret) {
device->subsystem_set = true;
}
+ if (!device->subsystem)
+ return -ENOENT;
+
*ret = device->subsystem;
return 0;
@@ -908,6 +911,9 @@ _public_ int sd_device_get_driver(sd_device *device, const char **ret) {
return log_debug_errno(r, "sd-device: could not set driver for %s: %m", device->devpath);
}
+ if (!device->driver)
+ return -ENOENT;
+
*ret = device->driver;
return 0;
@@ -1002,6 +1008,8 @@ _public_ int sd_device_get_sysname(sd_device *device, const char **ret) {
return r;
}
+ assert_return(device->sysname, -ENOENT);
+
*ret = device->sysname;
return 0;
--
2.5.0

33
0061-journalctl-properly-detect-empty-journal-files.patch Normal file
View File

@ -0,0 +1,33 @@
From c6ab40306733c31e5f2f2d56b3fb199e6b4bfda2 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 24 Jul 2015 02:10:32 +0200
Subject: [PATCH 05/12] journalctl: properly detect empty journal files
When we encounter a journal file with exactly zero entries, print a nice
message and exit, and don't print a weird error message.
(cherry picked from commit 02ab86c732576a71179ce12e97d44c289833236d)
Resolves: #1255619
---
src/journal/journalctl.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 2d6ecfb..073cc77 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -2066,6 +2066,10 @@ int main(int argc, char *argv[]) {
log_error_errno(r, "Failed to iterate through journal: %m");
goto finish;
}
+ if (r == 0) {
+ printf("-- No entries --\n");
+ goto finish;
+ }
if (!arg_follow)
pager_open_if_enabled();
--
2.5.0

95
0062-import-hash-URL-in-paths-if-they-are-too-long.patch Normal file
View File

@ -0,0 +1,95 @@
From a814fa3f3a2067a17a6698d2fcb6230774d0f981 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Fri, 2 Oct 2015 11:00:19 +0200
Subject: [PATCH 06/12] import: hash URL in paths if they are too long
https://bugzilla.redhat.com/show_bug.cgi?id=1266775
(cherry picked from commit 9818005de6cc6f525be8aa62a2b8593a7c72e798)
Resolves: #1266775
---
src/import/pull-common.c | 44 ++++++++++++++++++++++++++++++++++++++------
1 file changed, 38 insertions(+), 6 deletions(-)
diff --git a/src/import/pull-common.c b/src/import/pull-common.c
index 652277e..84611cb 100644
--- a/src/import/pull-common.c
+++ b/src/import/pull-common.c
@@ -31,8 +31,10 @@
#include "pull-common.h"
#include "process-util.h"
#include "signal-util.h"
+#include "siphash24.h"
#define FILENAME_ESCAPE "/.#\"\'"
+#define HASH_URL_THRESHOLD_LENGTH (_POSIX_PATH_MAX - 16)
int pull_find_old_etags(const char *url, const char *image_root, int dt, const char *prefix, const char *suffix, char ***etags) {
_cleanup_free_ char *escaped_url = NULL;
@@ -142,8 +144,21 @@ int pull_make_local_copy(const char *final, const char *image_root, const char *
return 0;
}
+static int hash_url(const char *url, char **ret) {
+ uint64_t h;
+ static const sd_id128_t k = SD_ID128_ARRAY(df,89,16,87,01,cc,42,30,98,ab,4a,19,a6,a5,63,4f);
+
+ assert(url);
+
+ siphash24((uint8_t *) &h, url, strlen(url), k.bytes);
+ if (asprintf(ret, "%"PRIx64, h) < 0)
+ return -ENOMEM;
+
+ return 0;
+}
+
int pull_make_path(const char *url, const char *etag, const char *image_root, const char *prefix, const char *suffix, char **ret) {
- _cleanup_free_ char *escaped_url = NULL;
+ _cleanup_free_ char *escaped_url = NULL, *escaped_etag = NULL;
char *path;
assert(url);
@@ -157,18 +172,35 @@ int pull_make_path(const char *url, const char *etag, const char *image_root, co
return -ENOMEM;
if (etag) {
- _cleanup_free_ char *escaped_etag = NULL;
-
escaped_etag = xescape(etag, FILENAME_ESCAPE);
if (!escaped_etag)
return -ENOMEM;
+ }
- path = strjoin(image_root, "/", strempty(prefix), escaped_url, ".", escaped_etag, strempty(suffix), NULL);
- } else
- path = strjoin(image_root, "/", strempty(prefix), escaped_url, strempty(suffix), NULL);
+ path = strjoin(image_root, "/", strempty(prefix), escaped_url, escaped_etag ? "." : "",
+ strempty(escaped_etag), strempty(suffix), NULL);
if (!path)
return -ENOMEM;
+ /* URLs might make the path longer than the maximum allowed length for a file name.
+ * When that happens, a URL hash is used instead. Paths returned by this function
+ * can be later used with tempfn_random() which adds 16 bytes to the resulting name. */
+ if (strlen(path) >= HASH_URL_THRESHOLD_LENGTH) {
+ _cleanup_free_ char *hash = NULL;
+ int r;
+
+ free(path);
+
+ r = hash_url(url, &hash);
+ if (r < 0)
+ return r;
+
+ path = strjoin(image_root, "/", strempty(prefix), hash, escaped_etag ? "." : "",
+ strempty(escaped_etag), strempty(suffix), NULL);
+ if (!path)
+ return -ENOMEM;
+ }
+
*ret = path;
return 0;
}
--
2.5.0

35
0063-nspawn-fix-image-when-nspawn-is-run-as-service.patch Normal file
View File

@ -0,0 +1,35 @@
From 2c4f4e407fad772552e82129399173adef1e8e53 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Sat, 3 Oct 2015 11:23:52 +0200
Subject: [PATCH 07/12] nspawn: fix --image= when nspawn is run as service
nspawn needs access to /dev/loop to implement --image=, hence grant that
in the service file.
Fixes #1446.
(cherry picked from commit 988a47964283b6a72f5ce117f287ebeb12e26d2d)
Resolves: #1266776
---
units/systemd-nspawn@.service.in | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
index 074b916..110f1a6 100644
--- a/units/systemd-nspawn@.service.in
+++ b/units/systemd-nspawn@.service.in
@@ -35,5 +35,10 @@ DeviceAllow=/dev/net/tun rwm
DeviceAllow=/dev/pts/ptmx rw
DeviceAllow=char-pts rw
+# nspawn itself needs access to /dev/loop-control and /dev/loop, to
+# implement the --image= option. Add these here, too.
+DeviceAllow=/dev/loop-control rw
+DeviceAllow=block-loop rw
+
[Install]
WantedBy=machines.target
--
2.5.0

33
0064-units-also-whitelist-blkext-block-devices-for-nspawn.patch Normal file
View File

@ -0,0 +1,33 @@
From c99a4a60f5ef8a46d8d0841c2e3b72d73611c602 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 22 Oct 2015 00:39:57 +0200
Subject: [PATCH 08/12] units: also whitelist "blkext" block devices for nspawn
service
/dev/loop*p* block devices are of the "blkext" subsystem, not of loop,
hence whitelist this too.
Fixes #1446
(cherry picked from commit a2c90f05f11c01a9f9faf3efb3ec0e05acebd75f)
Resolves: #1266776
---
units/systemd-nspawn@.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
index 110f1a6..60f0014 100644
--- a/units/systemd-nspawn@.service.in
+++ b/units/systemd-nspawn@.service.in
@@ -39,6 +39,7 @@ DeviceAllow=char-pts rw
# implement the --image= option. Add these here, too.
DeviceAllow=/dev/loop-control rw
DeviceAllow=block-loop rw
+DeviceAllow=block-blkext rw
[Install]
WantedBy=machines.target
--
2.5.0

67
0065-unquote_first_word-parse-as-an-empty-argument-instea.patch Normal file
View File

@ -0,0 +1,67 @@
From 3fd5f2d43442105cd5208c46e3e91e33553ae80d Mon Sep 17 00:00:00 2001
From: Richard Maw <richard.maw@codethink.co.uk>
Date: Fri, 24 Jul 2015 09:29:46 +0000
Subject: [PATCH 09/12] unquote_first_word: parse ` '' ` as an empty argument
instead of no argument
(cherry picked from commit 14e685c29d5b317b815e3e9f056648027852b07e)
Resolves: #1278475
---
src/basic/util.c | 14 ++++++++++----
src/test/test-util.c | 11 +++++++++++
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/src/basic/util.c b/src/basic/util.c
index dffb4a2..d6ab781 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -5193,13 +5193,19 @@ int unquote_first_word(const char **p, char **ret, UnquoteFlags flags) {
case VALUE:
if (c == 0)
goto finish;
- else if (c == '\'')
+ else if (c == '\'') {
+ if (!GREEDY_REALLOC(s, allocated, sz+1))
+ return -ENOMEM;
+
state = SINGLE_QUOTE;
- else if (c == '\\')
+ } else if (c == '\\')
state = VALUE_ESCAPE;
- else if (c == '\"')
+ else if (c == '\"') {
+ if (!GREEDY_REALLOC(s, allocated, sz+1))
+ return -ENOMEM;
+
state = DOUBLE_QUOTE;
- else if (strchr(WHITESPACE, c))
+ } else if (strchr(WHITESPACE, c))
state = SPACE;
else {
if (!GREEDY_REALLOC(s, allocated, sz+2))
diff --git a/src/test/test-util.c b/src/test/test-util.c
index ad9ea3b..41eaa49 100644
--- a/src/test/test-util.c
+++ b/src/test/test-util.c
@@ -1398,6 +1398,17 @@ static void test_unquote_first_word(void) {
assert_se(streq(t, "\\w+\b"));
free(t);
assert_se(p == original + 5);
+
+ p = original = "-N ''";
+ assert_se(unquote_first_word(&p, &t, UNQUOTE_CUNESCAPE) > 0);
+ assert_se(streq(t, "-N"));
+ free(t);
+ assert_se(p == original + 3);
+
+ assert_se(unquote_first_word(&p, &t, UNQUOTE_CUNESCAPE) > 0);
+ assert_se(streq(t, ""));
+ free(t);
+ assert_se(p == original + 5);
}
static void test_unquote_first_word_and_warn(void) {
--
2.5.0

55
0066-login-fix-NULL-deref-on-wall_message.patch Normal file
View File

@ -0,0 +1,55 @@
From d3d5865931637112cd80fe5c95bcbf894b283a45 Mon Sep 17 00:00:00 2001
From: David Herrmann <dh.herrmann@gmail.com>
Date: Sat, 5 Sep 2015 12:56:04 +0200
Subject: [PATCH 10/12] login: fix NULL-deref on wall_message
We treat an empty wall-message equal to a NULL wall-message since:
commit 5744f59a3ee883ef3a78214bd5236157acdc35ba
Author: Lennart Poettering <lennart@poettering.net>
Date: Fri Sep 4 10:34:47 2015 +0200
logind: treat an empty wall message like a NULL one
Fix the shutdown scheduler to not deref a NULL pointer, but properly
check for an empty wall-message.
Fixes: #1120
(cherry picked from commit 3d1c455f9a898e7427b642800644ae7142dc7557)
Resolves: #1279156
---
src/login/logind-dbus.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 1c1011c..c180ce1 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1795,9 +1795,11 @@ static int update_schedule_file(Manager *m) {
if (r < 0)
return log_error_errno(r, "Failed to create shutdown subdirectory: %m");
- t = cescape(m->wall_message);
- if (!t)
- return log_oom();
+ if (!isempty(m->wall_message)) {
+ t = cescape(m->wall_message);
+ if (!t)
+ return log_oom();
+ }
r = fopen_temporary("/run/systemd/shutdown/scheduled", &f, &temp_path);
if (r < 0)
@@ -1813,7 +1815,7 @@ static int update_schedule_file(Manager *m) {
m->enable_wall_messages,
m->scheduled_shutdown_type);
- if (!isempty(m->wall_message))
+ if (t)
fprintf(f, "WALL_MESSAGE=%s\n", t);
(void) fflush_and_check(f);
--
2.5.0

37
0067-libudev-simplify-udev_device_ensure_usec_initialized.patch Normal file
View File

@ -0,0 +1,37 @@
From 8e32c9b7b26ff6f33e7bcec5f7a036e4133da6b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 7 Dec 2015 00:09:12 -0500
Subject: [PATCH 11/12] libudev: simplify udev_device_ensure_usec_initialized a
bit
(cherry picked from commit 90b33a2746ef9a409e5b70ea6ef363941c671c1d)
Resolves: #1283971
---
src/libudev/libudev-device-private.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/libudev/libudev-device-private.c b/src/libudev/libudev-device-private.c
index 4b9c053..fa9bd9e 100644
--- a/src/libudev/libudev-device-private.c
+++ b/src/libudev/libudev-device-private.c
@@ -137,14 +137,10 @@ gid_t udev_device_get_devnode_gid(struct udev_device *udev_device) {
}
void udev_device_ensure_usec_initialized(struct udev_device *udev_device, struct udev_device *udev_device_old) {
- sd_device *device_old = NULL;
-
assert(udev_device);
- if (udev_device_old)
- device_old = udev_device_old->device;
-
- device_ensure_usec_initialized(udev_device->device, device_old);
+ device_ensure_usec_initialized(udev_device->device,
+ udev_device_old ? udev_device_old->device : NULL);
}
char **udev_device_get_properties_envp(struct udev_device *udev_device) {
--
2.5.0

30
systemd.spec
View File

@ -13,7 +13,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 222
Release: 8%{?gitcommit:.git%{gitcommit}}%{?dist}
Release: 9%{?gitcommit:.git%{gitcommit}}%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: A System and Service Manager
@ -89,8 +89,18 @@ Patch0053: 0050-logind-rename-pos-to-position.patch
Patch0054: 0051-logind-bring-bus-policy-up-to-date.patch
Patch0055: 0052-logind-some-firmware-implementations-remove-OsIndica.patch
Patch0056: 0053-logind-prefer-new-sessions-over-older-ones-on-VT-swi.patch
Patch0057: 0054-logind-never-select-closing-sessions-for-a-VT.patch
Patch0059: 0055-logind-release-VT-positions-when-closing-sessions.patch
Patch0057: 0057-user-sessions-make-sure-run-nologin-has-correct-SELi.patch
Patch0058: 0058-login-make-sure-run-nologin-has-correct-SELinux-labe.patch
Patch0059: 0059-man-journalctl-mention-systemd.time-7-where-appropri.patch
Patch0060: 0060-sd-device-never-return-NULL-0.patch
Patch0061: 0061-journalctl-properly-detect-empty-journal-files.patch
Patch0062: 0062-import-hash-URL-in-paths-if-they-are-too-long.patch
Patch0063: 0063-nspawn-fix-image-when-nspawn-is-run-as-service.patch
Patch0064: 0064-units-also-whitelist-blkext-block-devices-for-nspawn.patch
Patch0065: 0065-unquote_first_word-parse-as-an-empty-argument-instea.patch
Patch0066: 0066-login-fix-NULL-deref-on-wall_message.patch
Patch0067: 0067-libudev-simplify-udev_device_ensure_usec_initialized.patch
Patch0068: 0068-udev-fix-NULL-deref-when-executing-rules.patch
Patch997: 0001-Re-apply-walters-unit-patch-for-F23-systemd-v222.patch
Patch998: 0001-Revert-core-mount-add-dependencies-to-dynamically-mo-v222.patch
@ -829,6 +839,20 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
/usr/lib/firewalld/services/*
%changelog
* Mon Dec 14 2015 Jan Synáček <jsynacek@redhat.com> - 222-9
- udev: fix NULL deref when executing rules (#1283971)
- libudev: simplify udev_device_ensure_usec_initialized a (#1283971)
- login: fix NULL-deref on wall_message (#1279156)
- unquote_first_word: parse ` '' ` as an empty argument (#1278475)
- units: also whitelist "blkext" block devices for nspawn (#1266776)
- nspawn: fix --image= when nspawn is run as service (#1266776)
- import: hash URL in paths if they are too long (#1266775)
- journalctl: properly detect empty journal files (#1255619)
- sd-device: never return NULL+0 (#1238285)
- man/journalctl: mention systemd.time(7) where (#1182661)
- login: make sure /run/nologin has correct SELinux label (#1287592)
- user-sessions: make sure /run/nologin has correct (#1287592)
* Mon Oct 19 2015 Jan Synáček <jsynacek@redhat.com> - 222-8
- remove the fix for Corsair K70 Keyboard introduced in 222-3 (#1267225)