4 files changed, 95 insertions, 13 deletions

diff --git a/NEWS b/NEWS
index e56a922d2b..fb16632626 100644
--- a/NEWS
+++ b/NEWS
@@ -20,11 +20,11 @@ CHANGES WITH 227:
           global option DefaultTasksAccounting=.
 
         * Support for the "net_cls" cgroup controller has been added.
-          It allows assigning a net class ID to each task in the cgroup,
-          which can then be used in firewall rules and traffic shaping
-          configurations. Note that the kernel netfilter code does not
-          currently work reliably for ingress packets on unestablished
-          sockets.
+          It allows assigning a net class ID to each task in the
+          cgroup, which can then be used in firewall rules and traffic
+          shaping configurations. Note that the kernel netfilter net
+          class code does not currently work reliably for ingress
+          packets on unestablished sockets.
 
           This adds a new config directive called NetClass= to CGroup
           enabled units. Allowed values are positive numbers for fixed
@@ -49,6 +49,9 @@ CHANGES WITH 227:
           directory is set to the home directory of the user configured
           in User=.
 
+        * "machinectl shell" will now open the shell in the home
+          directory of the selected user by default.
+
         * A new systemd.crash_reboot=1 kernel command line option has
           been added that triggers a reboot after crashing. This can
           also be set through CrashReboot= in systemd.conf.
@@ -60,9 +63,68 @@ CHANGES WITH 227:
           between 1 and 63, or a boolean value. The formerly supported
           '-1' value for disabling stays around for compat reasons.
 
-        * The PrivateTmp, PrivateDevices, PrivateNetwork,
-          NoNewPrivileges, TTYPath, WorkingDirectory and RootDirectory
-          properties can now be set for transient units.
+        * The PrivateTmp=, PrivateDevices=, PrivateNetwork=,
+          NoNewPrivileges=, TTYPath, WorkingDirectory= and
+          RootDirectory= properties can now be set for transient
+          units.
+
+        * The systemd-analyze tool gained a new "set-log-target" verb
+          to change the logging target the system manager logs to
+          dynamically during runtime. This is similar to how
+          "systemd-analyze set-log-level" already changes the log
+          level.
+
+        * In nspawn /sys is now mounted as tmpfs, with only a selected
+          set of subdirectories mounted in from the real sysfs. This
+          enhances security slightly, and is useful for ensuring user
+          namespaces work correctly.
+
+        * Support for USB FunctionFS activation has been added. This
+          allows implementation of USB gadget services that are
+          activated as soon as they are requested, so that they don't
+          have to run continously, similar to classic socket
+          activation.
+
+        * The "systemctl exit" command now optionally takes an
+          additional parameter that sets the exit code to return from
+          the systemd manager when exiting. This is only relevant when
+          running the systemd user instance, or when running the
+          system instance in a container.
+
+        * sd-bus gained the new API calls sd_bus_path_encode_many()
+          and sd_bus_path_decode_many() that allow easy encoding and
+          decoding of multiple identifier strings inside a D-Bus
+          object path. Another new call sd_bus_default_flush_close()
+          has been added to flush and close per-thread default
+          connections.
+
+        * systemd-cgtop gained support for a -M/--machine= switch to
+          show the control groups within a certain container only.
+
+        * "systemctl kill" gained support for an optional --fail
+          switch. If specified the requested operation will fail of no
+          processes have been killed, because the unit had no
+          processes attached, or similar.
+
+        * A new (still internal) libary API sd-ipv4acd has been added,
+          that implements address conflict detection for IPv4. It's
+          based on code from sd-ipv4ll, and will be useful for
+          detecting DHCP address conflicts.
+
+        * The RuntimeDirectory= setting now understands unit
+          specifiers like %i or %f.
+
+        * networkd gained support for setting the IPv6 Router
+          Advertisment settings via IPv6AcceptRouterAdvertisements= in
+          .network files.
+
+        * udev will now create /dev/disk/by-path links for ATA devices
+          on kernels where that is supported.
+
+        * When downloading tar or raw images using "machinectl
+          pull-tar" or "machinectl pull-raw", a matching ".nspawn"
+          file is now also downloaded, if it is available and stored
+          next to the image file.
 
         * Galician, Turkish and Korean translations were added.
 
diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
index 29df842277..b839e5979b 100644
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@@ -1010,7 +1010,22 @@ int main(int argc, char *argv[]) {
                         { MHD_OPTION_END, 0, NULL },
                         { MHD_OPTION_END, 0, NULL }};
                 int opts_pos = 2;
-                int flags = MHD_USE_THREAD_PER_CONNECTION|MHD_USE_POLL|MHD_USE_DEBUG;
+
+                /* We force MHD_USE_PIPE_FOR_SHUTDOWN here, in order
+                 * to make sure libmicrohttpd doesn't use shutdown()
+                 * on our listening socket, which would break socket
+                 * re-activation. See
+                 *
+                 * https://lists.gnu.org/archive/html/libmicrohttpd/2015-09/msg00014.html
+                 * https://github.com/systemd/systemd/pull/1286
+                 */
+
+                int flags =
+                        MHD_USE_DEBUG |
+                        MHD_USE_DUAL_STACK |
+                        MHD_USE_PIPE_FOR_SHUTDOWN |
+                        MHD_USE_POLL |
+                        MHD_USE_THREAD_PER_CONNECTION;
 
                 if (n > 0)
                         opts[opts_pos++] = (struct MHD_OptionItem)
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index 50f41a575d..5354bf6e51 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -647,9 +647,10 @@ static int setup_microhttpd_server(RemoteServer *s,
         int opts_pos = 3;
         int flags =
                 MHD_USE_DEBUG |
-                MHD_USE_PEDANTIC_CHECKS |
+                MHD_USE_DUAL_STACK |
                 MHD_USE_EPOLL_LINUX_ONLY |
-                MHD_USE_DUAL_STACK;
+                MHD_USE_PEDANTIC_CHECKS |
+                MHD_USE_PIPE_FOR_SHUTDOWN;
 
         const union MHD_DaemonInfo *info;
         int r, epoll_fd;
diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c
index aa07846693..df3d8e6e3c 100644
--- a/src/libsystemd-network/sd-dhcp-lease.c
+++ b/src/libsystemd-network/sd-dhcp-lease.c
@@ -314,10 +314,14 @@ static int lease_parse_string(const uint8_t *option, size_t len, char **ret) {
         else {
                 char *string;
 
-                if (memchr(option, 0, len))
+                /*
+                 * One trailing NUL byte is OK, we don't mind. See:
+                 * https://github.com/systemd/systemd/issues/1337
+                 */
+                if (memchr(option, 0, len - 1))
                         return -EINVAL;
 
-                string = strndup((const char *)option, len);
+                string = strndup((const char *) option, len);
                 if (!string)
                         return -ENOMEM;