[Pkg-libvirt-commits] [libvirt] 06/18: Drop patches fixed upstream
Guido Guenther
agx at moszumanska.debian.org
Sun Sep 28 12:31:46 UTC 2014
This is an automated email from the git hooks/post-receive script.
agx pushed a commit to annotated tag debian/0.9.12.3-1+deb7u1
in repository libvirt.
commit 2e5a8730b1b3afcb72f08e5ec04c4ede837b7004
Author: Guido Günther <agx at sigxcpu.org>
Date: Tue Oct 1 21:44:13 2013 +0200
Drop patches fixed upstream
Include-stdint.h-for-uint32_t.patch
Revert-rpc-Discard-non-blocking-calls-only-when-nece.patch
fix-leak-virStorageBackendLogicalMakeVol.patch
qemu-Add-support-for-no-user-config.patch
qemu-Fix-off-by-one-error-while-unescaping-monitor-s.patch
rpc-Fix-crash-on-error-paths-of-message-dispatching.patch
security/CVE-2012-3445.patch
security/Fix-crash-in-remoteDispatchDomainMemoryStats.patch
security/security-Fix-libvirtd-crash-possibility.patch
upstream/Fix-libvirtd-crash-when-destroying-a-domain-with-att.patch
upstream/Fix-race-condition-when-destroying-guests.patch
---
debian/patches/Include-stdint.h-for-uint32_t.patch | 26 -
...Discard-non-blocking-calls-only-when-nece.patch | 67 ---
.../fix-leak-virStorageBackendLogicalMakeVol.patch | 31 -
.../qemu-Add-support-for-no-user-config.patch | 642 ---------------------
...f-by-one-error-while-unescaping-monitor-s.patch | 55 --
...ash-on-error-paths-of-message-dispatching.patch | 51 --
debian/patches/security/CVE-2012-3445.patch | 87 ---
...-crash-in-remoteDispatchDomainMemoryStats.patch | 37 --
.../security-Fix-libvirtd-crash-possibility.patch | 55 --
debian/patches/series | 11 -
...d-crash-when-destroying-a-domain-with-att.patch | 72 ---
...Fix-race-condition-when-destroying-guests.patch | 55 --
12 files changed, 1189 deletions(-)
diff --git a/debian/patches/Include-stdint.h-for-uint32_t.patch b/debian/patches/Include-stdint.h-for-uint32_t.patch
deleted file mode 100644
index cfa699e..0000000
--- a/debian/patches/Include-stdint.h-for-uint32_t.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx at sigxcpu.org>
-Date: Wed, 20 Jun 2012 08:23:37 +0200
-Subject: Include stdint.h for uint32_t
-
-to fix the build on kFreeBSD
-
-Referendes: https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=kfreebsd-amd64&ver=0.9.12-2&stamp=1339698841
----
- src/util/virnetlink.h | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/util/virnetlink.h b/src/util/virnetlink.h
-index bafe8ca..acd88b7 100644
---- a/src/util/virnetlink.h
-+++ b/src/util/virnetlink.h
-@@ -21,8 +21,10 @@
- # define __VIR_NETLINK_H__
-
- # include "config.h"
-+# include <stdint.h>
- # include "internal.h"
-
-+
- # if defined(__linux__) && defined(HAVE_LIBNL)
-
- # include <netlink/msg.h>
diff --git a/debian/patches/Revert-rpc-Discard-non-blocking-calls-only-when-nece.patch b/debian/patches/Revert-rpc-Discard-non-blocking-calls-only-when-nece.patch
deleted file mode 100644
index cd4f188..0000000
--- a/debian/patches/Revert-rpc-Discard-non-blocking-calls-only-when-nece.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From: Jiri Denemark <jdenemar at redhat.com>
-Date: Mon, 21 May 2012 16:02:05 +0200
-Subject: Revert "rpc: Discard non-blocking calls only when necessary"
-
-This reverts commit b1e374a7ac56927cfe62435179bf0bba1e08b372, which was
-rather bad since I failed to consider all sides of the issue. The main
-things I didn't consider properly are:
-
-- a thread which sends a non-blocking call waits for the thread with
- the buck to process the call
-- the code doesn't expect non-blocking calls to remain in the queue
- unless they were already partially sent
-
-Thus, the reverted patch actually breaks more than what it fixes and
-clients (which may even be libvirtd during p2p migrations) will likely
-end up in a deadlock.
----
- src/rpc/virnetclient.c | 21 ++++++++++++---------
- 1 file changed, 12 insertions(+), 9 deletions(-)
-
-diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
-index 3a60db6..d88288d 100644
---- a/src/rpc/virnetclient.c
-+++ b/src/rpc/virnetclient.c
-@@ -1265,13 +1265,6 @@ static void virNetClientIOEventLoopPassTheBuck(virNetClientPtr client, virNetCli
- }
- client->haveTheBuck = false;
-
-- /* Remove non-blocking calls from the dispatch list since there is no
-- * call with a thread in the list which could take care of them.
-- */
-- virNetClientCallRemovePredicate(&client->waitDispatch,
-- virNetClientIOEventLoopRemoveNonBlocking,
-- thiscall);
--
- VIR_DEBUG("No thread to pass the buck to");
- if (client->wantClose) {
- virNetClientCloseLocked(client);
-@@ -1315,9 +1308,12 @@ static int virNetClientIOEventLoop(virNetClientPtr client,
- if (virNetSocketHasCachedData(client->sock) || client->wantClose)
- timeout = 0;
-
-- /* If we are non-blocking, we don't want to sleep in poll()
-+ /* If there are any non-blocking calls in the queue,
-+ * then we don't want to sleep in poll()
- */
-- if (thiscall->nonBlock)
-+ if (virNetClientCallMatchPredicate(client->waitDispatch,
-+ virNetClientIOEventLoopWantNonBlock,
-+ NULL))
- timeout = 0;
-
- fds[0].events = fds[0].revents = 0;
-@@ -1422,6 +1418,13 @@ static int virNetClientIOEventLoop(virNetClientPtr client,
- virNetClientIOEventLoopRemoveDone,
- thiscall);
-
-+ /* Iterate through waiting calls and if any are
-+ * non-blocking, remove them from the dispatch list...
-+ */
-+ virNetClientCallRemovePredicate(&client->waitDispatch,
-+ virNetClientIOEventLoopRemoveNonBlocking,
-+ thiscall);
-+
- /* Now see if *we* are done */
- if (thiscall->mode == VIR_NET_CLIENT_MODE_COMPLETE) {
- virNetClientCallRemove(&client->waitDispatch, thiscall);
diff --git a/debian/patches/fix-leak-virStorageBackendLogicalMakeVol.patch b/debian/patches/fix-leak-virStorageBackendLogicalMakeVol.patch
deleted file mode 100644
index 013d931..0000000
--- a/debian/patches/fix-leak-virStorageBackendLogicalMakeVol.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Luca Tettamanti <ltettamanti at acunu.com>
-Date: Thu, 25 Apr 2013 21:44:30 +0200
-Subject: Backport upstream 71da3b66 (fix leak in virStorageBackendLogicalMakeVol)
-
-===================================================================
----
- src/storage/storage_backend_logical.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/storage/storage_backend_logical.c b/src/storage/storage_backend_logical.c
-index 9a91dd9..7abb17b 100644
---- a/src/storage/storage_backend_logical.c
-+++ b/src/storage/storage_backend_logical.c
-@@ -204,13 +204,16 @@ virStorageBackendLogicalMakeVol(virStoragePoolObjPtr pool,
- if (err != 0) {
- char error[100];
- regerror(err, reg, error, sizeof(error));
-+ regfree(reg);
- virStorageReportError(VIR_ERR_INTERNAL_ERROR,
- _("Failed to compile regex %s"),
- error);
- goto cleanup;
- }
-
-- if (regexec(reg, groups[3], nvars, vars, 0) != 0) {
-+ err = regexec(reg, groups[3], nvars, vars, 0);
-+ regfree(reg);
-+ if (err != 0) {
- virStorageReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("malformed volume extent devices value"));
- goto cleanup;
diff --git a/debian/patches/qemu-Add-support-for-no-user-config.patch b/debian/patches/qemu-Add-support-for-no-user-config.patch
deleted file mode 100644
index 0d29d0d..0000000
--- a/debian/patches/qemu-Add-support-for-no-user-config.patch
+++ /dev/null
@@ -1,642 +0,0 @@
-From: Jiri Denemark <jdenemar at redhat.com>
-Date: Thu, 26 Apr 2012 12:11:49 +0200
-Subject: qemu: Add support for -no-user-config
-
-Thanks to this new option we are now able to use modern CPU models (such
-as Westmere) defined in external configuration file.
-
-The qemu-1.1{,-device} data files for qemuhelptest are filled in with
-qemu-1.1-rc2 output for now. I will update those files with real
-qemu-1.1 output once it is released.
----
- cfg.mk | 3 +-
- src/qemu/qemu_capabilities.c | 7 +-
- src/qemu/qemu_capabilities.h | 1 +
- src/qemu/qemu_command.c | 11 +-
- src/qemu/qemu_driver.c | 2 +-
- tests/qemuhelpdata/qemu-1.1 | 268 ++++++++++++++++++++++++++++++++++++
- tests/qemuhelpdata/qemu-1.1-device | 160 +++++++++++++++++++++
- tests/qemuhelptest.c | 75 ++++++++++
- 8 files changed, 519 insertions(+), 8 deletions(-)
- create mode 100644 tests/qemuhelpdata/qemu-1.1
- create mode 100644 tests/qemuhelpdata/qemu-1.1-device
-
-diff --git a/cfg.mk b/cfg.mk
-index 9dab3c3..67141a9 100644
---- a/cfg.mk
-+++ b/cfg.mk
-@@ -823,7 +823,8 @@ exclude_file_name_regexp--sc_require_config_h = ^examples/
-
- exclude_file_name_regexp--sc_require_config_h_first = ^examples/
-
--exclude_file_name_regexp--sc_trailing_blank = \.(fig|gif|ico|png)$$
-+exclude_file_name_regexp--sc_trailing_blank = \
-+ (/qemuhelpdata/|\.(fig|gif|ico|png)$$)
-
- exclude_file_name_regexp--sc_unmarked_diagnostics = \
- ^(docs/apibuild.py|tests/virt-aa-helper-test)$$
-diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
-index 6e5165b..a3c87d1 100644
---- a/src/qemu/qemu_capabilities.c
-+++ b/src/qemu/qemu_capabilities.c
-@@ -161,6 +161,7 @@ VIR_ENUM_IMPL(qemuCaps, QEMU_CAPS_LAST,
- "block-job-async",
- "scsi-cd",
- "ide-cd",
-+ "no-user-config",
- );
-
- struct qemu_feature_flags {
-@@ -1082,6 +1083,8 @@ qemuCapsComputeCmdFlags(const char *help,
- }
- if (strstr(help, "-nodefconfig"))
- qemuCapsSet(flags, QEMU_CAPS_NODEFCONFIG);
-+ if (strstr(help, "-no-user-config"))
-+ qemuCapsSet(flags, QEMU_CAPS_NO_USER_CONFIG);
- /* The trailing ' ' is important to avoid a bogus match */
- if (strstr(help, "-rtc "))
- qemuCapsSet(flags, QEMU_CAPS_RTC);
-@@ -1634,7 +1637,9 @@ qemuCapsProbeCommand(const char *qemu,
- virCommandPtr cmd = virCommandNew(qemu);
-
- if (qemuCaps) {
-- if (qemuCapsGet(qemuCaps, QEMU_CAPS_NODEFCONFIG))
-+ if (qemuCapsGet(qemuCaps, QEMU_CAPS_NO_USER_CONFIG))
-+ virCommandAddArg(cmd, "-no-user-config");
-+ else if (qemuCapsGet(qemuCaps, QEMU_CAPS_NODEFCONFIG))
- virCommandAddArg(cmd, "-nodefconfig");
- }
-
-diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
-index 7a6c5a0..0e0899e 100644
---- a/src/qemu/qemu_capabilities.h
-+++ b/src/qemu/qemu_capabilities.h
-@@ -129,6 +129,7 @@ enum qemuCapsFlags {
- QEMU_CAPS_BLOCKJOB_ASYNC = 91, /* qemu 1.1 block-job-cancel */
- QEMU_CAPS_SCSI_CD = 92, /* -device scsi-cd */
- QEMU_CAPS_IDE_CD = 93, /* -device ide-cd */
-+ QEMU_CAPS_NO_USER_CONFIG = 94, /* -no-user-config */
-
- QEMU_CAPS_LAST, /* this must always be the last item */
- };
-diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
-index 117542f..8d14d41 100644
---- a/src/qemu/qemu_command.c
-+++ b/src/qemu/qemu_command.c
-@@ -4237,11 +4237,12 @@ qemuBuildCommandLine(virConnectPtr conn,
- virCommandAddArg(cmd, "-nographic");
-
- if (qemuCapsGet(qemuCaps, QEMU_CAPS_DEVICE)) {
-- if (qemuCapsGet(qemuCaps, QEMU_CAPS_NODEFCONFIG))
-- virCommandAddArg(cmd,
-- "-nodefconfig"); /* Disable global config files */
-- virCommandAddArg(cmd,
-- "-nodefaults"); /* Disable default guest devices */
-+ /* Disable global config files and default devices */
-+ if (qemuCapsGet(qemuCaps, QEMU_CAPS_NO_USER_CONFIG))
-+ virCommandAddArg(cmd, "-no-user-config");
-+ else if (qemuCapsGet(qemuCaps, QEMU_CAPS_NODEFCONFIG))
-+ virCommandAddArg(cmd, "-nodefconfig");
-+ virCommandAddArg(cmd, "-nodefaults");
- }
-
- /* Serial graphics adapter */
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 385b861..0053ed1 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -4898,7 +4898,7 @@ qemudCanonicalizeMachineDirect(virDomainDefPtr def, char **canonical)
- int i, nmachines = 0;
-
- /* XXX we should be checking emulator capabilities and pass them instead
-- * of NULL so that -nodefconfig is properly added when
-+ * of NULL so that -nodefconfig or -no-user-config is properly added when
- * probing machine types. Luckily, qemu does not support specifying new
- * machine types in its configuration files yet, which means passing this
- * additional parameter makes no difference now.
-diff --git a/tests/qemuhelpdata/qemu-1.1 b/tests/qemuhelpdata/qemu-1.1
-new file mode 100644
-index 0000000..79bc8ba
---- /dev/null
-+++ b/tests/qemuhelpdata/qemu-1.1
-@@ -0,0 +1,268 @@
-+QEMU emulator version 1.0.92, Copyright (c) 2003-2008 Fabrice Bellard
-+usage: qemu-system-x86_64 [options] [disk_image]
-+
-+'disk_image' is a raw hard disk image for IDE hard disk 0
-+
-+Standard options:
-+-h or -help display this help and exit
-+-version display version information and exit
-+-machine [type=]name[,prop[=value][,...]]
-+ selects emulated machine (-machine ? for list)
-+ property accel=accel1[:accel2[:...]] selects accelerator
-+ supported accelerators are kvm, xen, tcg (default: tcg)
-+ kernel_irqchip=on|off controls accelerated irqchip support
-+ kvm_shadow_mem=size of KVM shadow MMU
-+-cpu cpu select CPU (-cpu ? for list)
-+-smp n[,maxcpus=cpus][,cores=cores][,threads=threads][,sockets=sockets]
-+ set the number of CPUs to 'n' [default=1]
-+ maxcpus= maximum number of total cpus, including
-+ offline CPUs for hotplug, etc
-+ cores= number of CPU cores on one socket
-+ threads= number of threads on one CPU core
-+ sockets= number of discrete sockets in the system
-+-numa node[,mem=size][,cpus=cpu[-cpu]][,nodeid=node]
-+-fda/-fdb file use 'file' as floppy disk 0/1 image
-+-hda/-hdb file use 'file' as IDE hard disk 0/1 image
-+-hdc/-hdd file use 'file' as IDE hard disk 2/3 image
-+-cdrom file use 'file' as IDE cdrom image (cdrom is ide1 master)
-+-drive [file=file][,if=type][,bus=n][,unit=m][,media=d][,index=i]
-+ [,cyls=c,heads=h,secs=s[,trans=t]][,snapshot=on|off]
-+ [,cache=writethrough|writeback|none|directsync|unsafe][,format=f]
-+ [,serial=s][,addr=A][,id=name][,aio=threads|native]
-+ [,readonly=on|off][,copy-on-read=on|off]
-+ [[,bps=b]|[[,bps_rd=r][,bps_wr=w]]][[,iops=i]|[[,iops_rd=r][,iops_wr=w]]
-+ use 'file' as a drive image
-+-set group.id.arg=value
-+ set <arg> parameter for item <id> of type <group>
-+ i.e. -set drive.$id.file=/path/to/image
-+-global driver.prop=value
-+ set a global default for a driver property
-+-mtdblock file use 'file' as on-board Flash memory image
-+-sd file use 'file' as SecureDigital card image
-+-pflash file use 'file' as a parallel flash image
-+-boot [order=drives][,once=drives][,menu=on|off]
-+ [,splash=sp_name][,splash-time=sp_time]
-+ 'drives': floppy (a), hard disk (c), CD-ROM (d), network (n)
-+ 'sp_name': the file's name that would be passed to bios as logo picture, if menu=on
-+ 'sp_time': the period that splash picture last if menu=on, unit is ms
-+-snapshot write to temporary files instead of disk image files
-+-m megs set virtual RAM size to megs MB [default=128]
-+-mem-path FILE provide backing storage for guest RAM
-+-mem-prealloc preallocate guest memory (use with -mem-path)
-+-k language use keyboard layout (for example 'fr' for French)
-+-audio-help print list of audio drivers and their options
-+-soundhw c1,... enable audio support
-+ and only specified sound cards (comma separated list)
-+ use -soundhw ? to get the list of supported cards
-+ use -soundhw all to enable all of them
-+-balloon none disable balloon device
-+-balloon virtio[,addr=str]
-+ enable virtio balloon device (default)
-+-usb enable the USB driver (will be the default soon)
-+-usbdevice name add the host or guest USB device 'name'
-+-device driver[,prop[=value][,...]]
-+ add device (based on driver)
-+ prop=value,... sets driver properties
-+ use -device ? to print all possible drivers
-+ use -device driver,? to print all possible properties
-+
-+File system options:
-+-fsdev fsdriver,id=id[,path=path,][security_model={mapped-xattr|mapped-file|passthrough|none}]
-+ [,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd]
-+
-+Virtual File system pass-through options:
-+-virtfs local,path=path,mount_tag=tag,security_model=[mapped-xattr|mapped-file|passthrough|none]
-+ [,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd]
-+-virtfs_synth Create synthetic file system image
-+
-+-name string1[,process=string2]
-+ set the name of the guest
-+ string1 sets the window title and string2 the process name (on Linux)
-+-uuid %08x-%04x-%04x-%04x-%012x
-+ specify machine UUID
-+
-+Display options:
-+-display sdl[,frame=on|off][,alt_grab=on|off][,ctrl_grab=on|off]
-+ [,window_close=on|off]|curses|none|
-+ vnc=<display>[,<optargs>]
-+ select display type
-+-nographic disable graphical output and redirect serial I/Os to console
-+-curses use a curses/ncurses interface instead of SDL
-+-no-frame open SDL window without a frame and window decorations
-+-alt-grab use Ctrl-Alt-Shift to grab mouse (instead of Ctrl-Alt)
-+-ctrl-grab use Right-Ctrl to grab mouse (instead of Ctrl-Alt)
-+-no-quit disable SDL window close capability
-+-sdl enable SDL
-+-spice <args> enable spice
-+-portrait rotate graphical output 90 deg left (only PXA LCD)
-+-rotate <deg> rotate graphical output some deg left (only PXA LCD)
-+-vga [std|cirrus|vmware|qxl|xenfb|none]
-+ select video card type
-+-full-screen start in full screen
-+-vnc display start a VNC server on display
-+
-+i386 target only:
-+-win2k-hack use it when installing Windows 2000 to avoid a disk full bug
-+-no-fd-bootchk disable boot signature checking for floppy disks
-+-no-acpi disable ACPI
-+-no-hpet disable HPET
-+-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n][,asl_compiler_id=str][,asl_compiler_rev=n][,{data|file}=file1[:file2]...]
-+ ACPI table description
-+-smbios file=binary
-+ load SMBIOS entry from binary file
-+-smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d]
-+ specify SMBIOS type 0 fields
-+-smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str]
-+ [,uuid=uuid][,sku=str][,family=str]
-+ specify SMBIOS type 1 fields
-+
-+Network options:
-+-net nic[,vlan=n][,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]
-+ create a new Network Interface Card and connect it to VLAN 'n'
-+-net user[,vlan=n][,name=str][,net=addr[/mask]][,host=addr][,restrict=on|off]
-+ [,hostname=host][,dhcpstart=addr][,dns=addr][,tftp=dir][,bootfile=f]
-+ [,hostfwd=rule][,guestfwd=rule][,smb=dir[,smbserver=addr]]
-+ connect the user mode network stack to VLAN 'n', configure its
-+ DHCP server and enabled optional services
-+-net tap[,vlan=n][,name=str][,fd=h][,ifname=name][,script=file][,downscript=dfile][,helper=helper][,sndbuf=nbytes][,vnet_hdr=on|off][,vhost=on|off][,vhostfd=h][,vhostforce=on|off]
-+ connect the host TAP network interface to VLAN 'n'
-+ use network scripts 'file' (default=/etc/qemu-ifup)
-+ to configure it and 'dfile' (default=/etc/qemu-ifdown)
-+ to deconfigure it
-+ use '[down]script=no' to disable script execution
-+ use network helper 'helper' (default=/usr/libexec/qemu-bridge-helper) to
-+ configure it
-+ use 'fd=h' to connect to an already opened TAP interface
-+ use 'sndbuf=nbytes' to limit the size of the send buffer (the
-+ default is disabled 'sndbuf=0' to enable flow control set 'sndbuf=1048576')
-+ use vnet_hdr=off to avoid enabling the IFF_VNET_HDR tap flag
-+ use vnet_hdr=on to make the lack of IFF_VNET_HDR support an error condition
-+ use vhost=on to enable experimental in kernel accelerator
-+ (only has effect for virtio guests which use MSIX)
-+ use vhostforce=on to force vhost on for non-MSIX virtio guests
-+ use 'vhostfd=h' to connect to an already opened vhost net device
-+-net bridge[,vlan=n][,name=str][,br=bridge][,helper=helper]
-+ connects a host TAP network interface to a host bridge device 'br'
-+ (default=br0) using the program 'helper'
-+ (default=/usr/libexec/qemu-bridge-helper)
-+-net socket[,vlan=n][,name=str][,fd=h][,listen=[host]:port][,connect=host:port]
-+ connect the vlan 'n' to another VLAN using a socket connection
-+-net socket[,vlan=n][,name=str][,fd=h][,mcast=maddr:port[,localaddr=addr]]
-+ connect the vlan 'n' to multicast maddr and port
-+ use 'localaddr=addr' to specify the host address to send packets from
-+-net socket[,vlan=n][,name=str][,fd=h][,udp=host:port][,localaddr=host:port]
-+ connect the vlan 'n' to another VLAN using an UDP tunnel
-+-net dump[,vlan=n][,file=f][,len=n]
-+ dump traffic on vlan 'n' to file 'f' (max n bytes per packet)
-+-net none use it alone to have zero network devices. If no -net option
-+ is provided, the default is '-net nic -net user'
-+-netdev [user|tap|bridge|socket],id=str[,option][,option][,...]
-+
-+Character device options:
-+-chardev null,id=id[,mux=on|off]
-+-chardev socket,id=id[,host=host],port=host[,to=to][,ipv4][,ipv6][,nodelay]
-+ [,server][,nowait][,telnet][,mux=on|off] (tcp)
-+-chardev socket,id=id,path=path[,server][,nowait][,telnet],[mux=on|off] (unix)
-+-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr]
-+ [,localport=localport][,ipv4][,ipv6][,mux=on|off]
-+-chardev msmouse,id=id[,mux=on|off]
-+-chardev vc,id=id[[,width=width][,height=height]][[,cols=cols][,rows=rows]]
-+ [,mux=on|off]
-+-chardev file,id=id,path=path[,mux=on|off]
-+-chardev pipe,id=id,path=path[,mux=on|off]
-+-chardev pty,id=id[,mux=on|off]
-+-chardev stdio,id=id[,mux=on|off][,signal=on|off]
-+-chardev tty,id=id,path=path[,mux=on|off]
-+-chardev parport,id=id,path=path[,mux=on|off]
-+-chardev spicevmc,id=id,name=name[,debug=debug]
-+
-+-iscsi [user=user][,password=password]
-+ [,header-digest=CRC32C|CR32C-NONE|NONE-CRC32C|NONE
-+ [,initiator-name=iqn]
-+ iSCSI session parameters
-+Bluetooth(R) options:
-+-bt hci,null dumb bluetooth HCI - doesn't respond to commands
-+-bt hci,host[:id]
-+ use host's HCI with the given name
-+-bt hci[,vlan=n]
-+ emulate a standard HCI in virtual scatternet 'n'
-+-bt vhci[,vlan=n]
-+ add host computer to virtual scatternet 'n' using VHCI
-+-bt device:dev[,vlan=n]
-+ emulate a bluetooth device 'dev' in scatternet 'n'
-+
-+Linux/Multiboot boot specific:
-+-kernel bzImage use 'bzImage' as kernel image
-+-append cmdline use 'cmdline' as kernel command line
-+-initrd file use 'file' as initial ram disk
-+-dtb file use 'file' as device tree image
-+
-+Debug/Expert options:
-+-serial dev redirect the serial port to char device 'dev'
-+-parallel dev redirect the parallel port to char device 'dev'
-+-monitor dev redirect the monitor to char device 'dev'
-+-qmp dev like -monitor but opens in 'control' mode
-+-mon chardev=[name][,mode=readline|control][,default]
-+-debugcon dev redirect the debug console to char device 'dev'
-+-pidfile file write PID to 'file'
-+-singlestep always run in singlestep mode
-+-S freeze CPU at startup (use 'c' to start execution)
-+-gdb dev wait for gdb connection on 'dev'
-+-s shorthand for -gdb tcp::1234
-+-d item1,... output log to /tmp/qemu.log (use -d ? for a list of log items)
-+-D logfile output log to logfile (instead of the default /tmp/qemu.log)
-+-hdachs c,h,s[,t]
-+ force hard disk 0 physical geometry and the optional BIOS
-+ translation (t=none or lba) (usually QEMU can guess them)
-+-L path set the directory for the BIOS, VGA BIOS and keymaps
-+-bios file set the filename for the BIOS
-+-enable-kvm enable KVM full virtualization support
-+-xen-domid id specify xen guest domain id
-+-xen-create create domain using xen hypercalls, bypassing xend
-+ warning: should not be used when xend is in use
-+-xen-attach attach to existing xen domain
-+ xend will use this when starting QEMU
-+-no-reboot exit instead of rebooting
-+-no-shutdown stop before shutdown
-+-loadvm [tag|id]
-+ start right away with a saved state (loadvm in monitor)
-+-daemonize daemonize QEMU after initializing
-+-option-rom rom load a file, rom, into the option ROM space
-+-clock force the use of the given methods for timer alarm.
-+ To see what timers are available use -clock ?
-+-rtc [base=utc|localtime|date][,clock=host|rt|vm][,driftfix=none|slew]
-+ set the RTC base and clock, enable drift fix for clock ticks (x86 only)
-+-icount [N|auto]
-+ enable virtual instruction counter with 2^N clock ticks per
-+ instruction
-+-watchdog i6300esb|ib700
-+ enable virtual hardware watchdog [default=none]
-+-watchdog-action reset|shutdown|poweroff|pause|debug|none
-+ action when watchdog fires [default=reset]
-+-echr chr set terminal escape character instead of ctrl-a
-+-virtioconsole c
-+ set virtio console
-+-show-cursor show cursor
-+-tb-size n set TB size
-+-incoming p prepare for incoming migration, listen on port p
-+-nodefaults don't create default devices
-+-chroot dir chroot to dir just before starting the VM
-+-runas user change to user id user just before starting the VM
-+-readconfig <file>
-+-writeconfig <file>
-+ read/write config file
-+-nodefconfig
-+ do not load default config files at startup
-+-no-user-config
-+ do not load user-provided config files at startup
-+-trace [events=<file>][,file=<file>]
-+ specify tracing options
-+-qtest CHR specify tracing options
-+-qtest-log LOG specify tracing options
-+
-+During emulation, the following keys are useful:
-+ctrl-alt-f toggle full screen
-+ctrl-alt-n switch to virtual console 'n'
-+ctrl-alt toggle mouse and keyboard grab
-+
-+When using -nographic, press 'ctrl-a h' to get some help.
-diff --git a/tests/qemuhelpdata/qemu-1.1-device b/tests/qemuhelpdata/qemu-1.1-device
-new file mode 100644
-index 0000000..64aacba
---- /dev/null
-+++ b/tests/qemuhelpdata/qemu-1.1-device
-@@ -0,0 +1,160 @@
-+name "usb-storage", bus USB
-+name "VGA", bus PCI
-+name "scsi-hd", bus SCSI, desc "virtual SCSI disk"
-+name "i82559a", bus PCI, desc "Intel i82559A Ethernet"
-+name "i82559b", bus PCI, desc "Intel i82559B Ethernet"
-+name "i82559c", bus PCI, desc "Intel i82559C Ethernet"
-+name "sysbus-ohci", bus System, desc "OHCI USB Controller"
-+name "virtio-blk-pci", bus PCI, alias "virtio-blk"
-+name "qxl-vga", bus PCI, desc "Spice QXL GPU (primary, vga compatible)"
-+name "x3130-upstream", bus PCI, desc "TI X3130 Upstream Port of PCI Express Switch"
-+name "ide-drive", bus IDE, desc "virtual IDE disk or CD-ROM (legacy)"
-+name "virtio-9p-pci", bus PCI
-+name "cirrus-vga", bus PCI, desc "Cirrus CLGD 54xx VGA"
-+name "ide-hd", bus IDE, desc "virtual IDE disk"
-+name "ES1370", bus PCI, desc "ENSONIQ AudioPCI ES1370"
-+name "ioh3420", bus PCI, desc "Intel IOH device id 3420 PCIE Root Port"
-+name "sga", bus ISA, desc "Serial Graphics Adapter"
-+name "scsi-block", bus SCSI, desc "SCSI block device passthrough"
-+name "usb-serial", bus USB
-+name "pc-sysfw", bus System, desc "PC System Firmware"
-+name "usb-mouse", bus USB
-+name "usb-net", bus USB
-+name "usb-hub", bus USB
-+name "ccid-card-emulated", bus ccid-bus, desc "emulated smartcard"
-+name "ne2k_isa", bus ISA
-+name "scsi-generic", bus SCSI, desc "pass through generic scsi device (/dev/sg*)"
-+name "pcnet", bus PCI
-+name "lsi53c895a", bus PCI, alias "lsi"
-+name "scsi-disk", bus SCSI, desc "virtual SCSI disk or CD-ROM (legacy)"
-+name "nec-usb-xhci", bus PCI
-+name "xio3130-downstream", bus PCI, desc "TI X3130 Downstream Port of PCI Express Switch"
-+name "pci-ohci", bus PCI, desc "Apple USB Controller"
-+name "virtserialport", bus virtio-serial-bus
-+name "hda-micro", bus HDA, desc "HDA Audio Codec, duplex (speaker, microphone)"
-+name "usb-braille", bus USB
-+name "scsi-cd", bus SCSI, desc "virtual SCSI CD-ROM"
-+name "usb-wacom-tablet", bus USB, desc "QEMU PenPartner Tablet"
-+name "isa-serial", bus ISA
-+name "i82550", bus PCI, desc "Intel i82550 Ethernet"
-+name "i82551", bus PCI, desc "Intel i82551 Ethernet"
-+name "isa-debugcon", bus ISA
-+name "ide-cd", bus IDE, desc "virtual IDE CD-ROM"
-+name "SUNW,fdtwo", bus System
-+name "ich9-usb-uhci1", bus PCI
-+name "ich9-usb-uhci2", bus PCI
-+name "ich9-usb-uhci3", bus PCI
-+name "isa-parallel", bus ISA
-+name "virtconsole", bus virtio-serial-bus
-+name "ne2k_pci", bus PCI
-+name "virtio-serial-pci", bus PCI, alias "virtio-serial"
-+name "hda-duplex", bus HDA, desc "HDA Audio Codec, duplex (line-out, line-in)"
-+name "intel-hda", bus PCI, desc "Intel HD Audio Controller"
-+name "i82559er", bus PCI, desc "Intel i82559ER Ethernet"
-+name "hda-output", bus HDA, desc "HDA Audio Codec, output-only (line-out)"
-+name "i82562", bus PCI, desc "Intel i82562 Ethernet"
-+name "sysbus-ahci", bus System
-+name "usb-ccid", bus USB, desc "CCID Rev 1.1 smartcard reader"
-+name "ivshmem", bus PCI
-+name "AC97", bus PCI, desc "Intel 82801AA AC97 Audio"
-+name "e1000", bus PCI, desc "Intel Gigabit Ethernet"
-+name "sysbus-fdc", bus System
-+name "usb-bt-dongle", bus USB
-+name "usb-tablet", bus USB
-+name "isa-vga", bus ISA
-+name "usb-kbd", bus USB
-+name "isa-applesmc", bus ISA
-+name "ib700", bus ISA
-+name "rtl8139", bus PCI
-+name "qxl", bus PCI, desc "Spice QXL GPU (secondary)"
-+name "i82557a", bus PCI, desc "Intel i82557A Ethernet"
-+name "i82557b", bus PCI, desc "Intel i82557B Ethernet"
-+name "i82557c", bus PCI, desc "Intel i82557C Ethernet"
-+name "usb-audio", bus USB
-+name "piix3-usb-uhci", bus PCI
-+name "piix4-usb-uhci", bus PCI
-+name "ccid-card-passthru", bus ccid-bus, desc "passthrough smartcard"
-+name "i82801", bus PCI, desc "Intel i82801 Ethernet"
-+name "smbus-eeprom", bus I2C
-+name "vmware-svga", bus PCI
-+name "isa-cirrus-vga", bus ISA
-+name "sb16", bus ISA, desc "Creative Sound Blaster 16"
-+name "pci-bridge", bus PCI, desc "Standard PCI Bridge"
-+name "usb-ehci", bus PCI
-+name "vt82c686b-usb-uhci", bus PCI
-+name "i82558a", bus PCI, desc "Intel i82558A Ethernet"
-+name "virtio-net-pci", bus PCI, alias "virtio-net"
-+name "virtio-balloon-pci", bus PCI, alias "virtio-balloon"
-+name "ich9-usb-ehci1", bus PCI
-+name "isa-ide", bus ISA
-+name "usb-host", bus USB
-+name "ich9-ahci", bus PCI, alias "ahci"
-+name "i6300esb", bus PCI
-+name "i82558b", bus PCI, desc "Intel i82558B Ethernet"
-+name "virtio-scsi-pci", bus PCI
-+virtio-blk-pci.class=hex32
-+virtio-blk-pci.drive=drive
-+virtio-blk-pci.logical_block_size=blocksize
-+virtio-blk-pci.physical_block_size=blocksize
-+virtio-blk-pci.min_io_size=uint16
-+virtio-blk-pci.opt_io_size=uint32
-+virtio-blk-pci.bootindex=int32
-+virtio-blk-pci.discard_granularity=uint32
-+virtio-blk-pci.serial=string
-+virtio-blk-pci.ioeventfd=on/off
-+virtio-blk-pci.vectors=uint32
-+virtio-blk-pci.indirect_desc=on/off
-+virtio-blk-pci.event_idx=on/off
-+virtio-blk-pci.scsi=on/off
-+virtio-blk-pci.addr=pci-devfn
-+virtio-blk-pci.romfile=string
-+virtio-blk-pci.rombar=uint32
-+virtio-blk-pci.multifunction=on/off
-+virtio-blk-pci.command_serr_enable=on/off
-+virtio-net-pci.ioeventfd=on/off
-+virtio-net-pci.vectors=uint32
-+virtio-net-pci.indirect_desc=on/off
-+virtio-net-pci.event_idx=on/off
-+virtio-net-pci.csum=on/off
-+virtio-net-pci.guest_csum=on/off
-+virtio-net-pci.gso=on/off
-+virtio-net-pci.guest_tso4=on/off
-+virtio-net-pci.guest_tso6=on/off
-+virtio-net-pci.guest_ecn=on/off
-+virtio-net-pci.guest_ufo=on/off
-+virtio-net-pci.host_tso4=on/off
-+virtio-net-pci.host_tso6=on/off
-+virtio-net-pci.host_ecn=on/off
-+virtio-net-pci.host_ufo=on/off
-+virtio-net-pci.mrg_rxbuf=on/off
-+virtio-net-pci.status=on/off
-+virtio-net-pci.ctrl_vq=on/off
-+virtio-net-pci.ctrl_rx=on/off
-+virtio-net-pci.ctrl_vlan=on/off
-+virtio-net-pci.ctrl_rx_extra=on/off
-+virtio-net-pci.mac=macaddr
-+virtio-net-pci.vlan=vlan
-+virtio-net-pci.netdev=netdev
-+virtio-net-pci.bootindex=int32
-+virtio-net-pci.x-txtimer=uint32
-+virtio-net-pci.x-txburst=int32
-+virtio-net-pci.tx=string
-+virtio-net-pci.addr=pci-devfn
-+virtio-net-pci.romfile=string
-+virtio-net-pci.rombar=uint32
-+virtio-net-pci.multifunction=on/off
-+virtio-net-pci.command_serr_enable=on/off
-+scsi-disk.drive=drive
-+scsi-disk.logical_block_size=blocksize
-+scsi-disk.physical_block_size=blocksize
-+scsi-disk.min_io_size=uint16
-+scsi-disk.opt_io_size=uint32
-+scsi-disk.bootindex=int32
-+scsi-disk.discard_granularity=uint32
-+scsi-disk.ver=string
-+scsi-disk.serial=string
-+scsi-disk.removable=on/off
-+scsi-disk.dpofua=on/off
-+scsi-disk.channel=uint32
-+scsi-disk.scsi-id=uint32
-+scsi-disk.lun=uint32
-diff --git a/tests/qemuhelptest.c b/tests/qemuhelptest.c
-index d23b35a..57d1859 100644
---- a/tests/qemuhelptest.c
-+++ b/tests/qemuhelptest.c
-@@ -678,6 +678,81 @@ mymain(void)
- QEMU_CAPS_SCSI_BLOCK,
- QEMU_CAPS_SCSI_CD,
- QEMU_CAPS_IDE_CD);
-+ DO_TEST("qemu-1.1", 1000092, 0, 0,
-+ QEMU_CAPS_VNC_COLON,
-+ QEMU_CAPS_NO_REBOOT,
-+ QEMU_CAPS_DRIVE,
-+ QEMU_CAPS_NAME,
-+ QEMU_CAPS_UUID,
-+ QEMU_CAPS_MIGRATE_QEMU_TCP,
-+ QEMU_CAPS_MIGRATE_QEMU_EXEC,
-+ QEMU_CAPS_DRIVE_CACHE_V2,
-+ QEMU_CAPS_DRIVE_CACHE_UNSAFE,
-+ QEMU_CAPS_DRIVE_FORMAT,
-+ QEMU_CAPS_DRIVE_SERIAL,
-+ QEMU_CAPS_XEN_DOMID,
-+ QEMU_CAPS_DRIVE_READONLY,
-+ QEMU_CAPS_VGA,
-+ QEMU_CAPS_0_10,
-+ QEMU_CAPS_MEM_PATH,
-+ QEMU_CAPS_SDL,
-+ QEMU_CAPS_MIGRATE_QEMU_UNIX,
-+ QEMU_CAPS_CHARDEV,
-+ QEMU_CAPS_ENABLE_KVM,
-+ QEMU_CAPS_MONITOR_JSON,
-+ QEMU_CAPS_BALLOON,
-+ QEMU_CAPS_DEVICE,
-+ QEMU_CAPS_SMP_TOPOLOGY,
-+ QEMU_CAPS_NETDEV,
-+ QEMU_CAPS_RTC,
-+ QEMU_CAPS_VHOST_NET,
-+ QEMU_CAPS_NO_HPET,
-+ QEMU_CAPS_NODEFCONFIG,
-+ QEMU_CAPS_BOOT_MENU,
-+ QEMU_CAPS_FSDEV,
-+ QEMU_CAPS_NAME_PROCESS,
-+ QEMU_CAPS_SMBIOS_TYPE,
-+ QEMU_CAPS_VGA_QXL,
-+ QEMU_CAPS_SPICE,
-+ QEMU_CAPS_VGA_NONE,
-+ QEMU_CAPS_MIGRATE_QEMU_FD,
-+ QEMU_CAPS_BOOTINDEX,
-+ QEMU_CAPS_HDA_DUPLEX,
-+ QEMU_CAPS_DRIVE_AIO,
-+ QEMU_CAPS_CCID_EMULATED,
-+ QEMU_CAPS_CCID_PASSTHRU,
-+ QEMU_CAPS_CHARDEV_SPICEVMC,
-+ QEMU_CAPS_VIRTIO_TX_ALG,
-+ QEMU_CAPS_DEVICE_QXL_VGA,
-+ QEMU_CAPS_PCI_MULTIFUNCTION,
-+ QEMU_CAPS_VIRTIO_IOEVENTFD,
-+ QEMU_CAPS_SGA,
-+ QEMU_CAPS_VIRTIO_BLK_EVENT_IDX,
-+ QEMU_CAPS_VIRTIO_NET_EVENT_IDX,
-+ QEMU_CAPS_DRIVE_CACHE_DIRECTSYNC,
-+ QEMU_CAPS_PIIX3_USB_UHCI,
-+ QEMU_CAPS_PIIX4_USB_UHCI,
-+ QEMU_CAPS_USB_EHCI,
-+ QEMU_CAPS_ICH9_USB_EHCI1,
-+ QEMU_CAPS_VT82C686B_USB_UHCI,
-+ QEMU_CAPS_PCI_OHCI,
-+ QEMU_CAPS_USB_HUB,
-+ QEMU_CAPS_NO_SHUTDOWN,
-+ QEMU_CAPS_PCI_ROMBAR,
-+ QEMU_CAPS_ICH9_AHCI,
-+ QEMU_CAPS_NO_ACPI,
-+ QEMU_CAPS_FSDEV_READONLY,
-+ QEMU_CAPS_VIRTIO_BLK_SCSI,
-+ QEMU_CAPS_VIRTIO_BLK_SG_IO,
-+ QEMU_CAPS_DRIVE_COPY_ON_READ,
-+ QEMU_CAPS_CPU_HOST,
-+ QEMU_CAPS_FSDEV_WRITEOUT,
-+ QEMU_CAPS_DRIVE_IOTUNE,
-+ QEMU_CAPS_SCSI_DISK_CHANNEL,
-+ QEMU_CAPS_SCSI_BLOCK,
-+ QEMU_CAPS_SCSI_CD,
-+ QEMU_CAPS_IDE_CD,
-+ QEMU_CAPS_NO_USER_CONFIG);
-
- return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
- }
diff --git a/debian/patches/qemu-Fix-off-by-one-error-while-unescaping-monitor-s.patch b/debian/patches/qemu-Fix-off-by-one-error-while-unescaping-monitor-s.patch
deleted file mode 100644
index da1d991..0000000
--- a/debian/patches/qemu-Fix-off-by-one-error-while-unescaping-monitor-s.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From: Peter Krempa <pkrempa at redhat.com>
-Date: Thu, 14 Jun 2012 10:29:36 +0200
-Subject: qemu: Fix off-by-one error while unescaping monitor strings
-
-While unescaping the commands the commands passed through to the monitor
-function qemuMonitorUnescapeArg() initialized lenght of the input string
-to strlen()+1 which is fine for alloc but not for iteration of the
-string.
-
-This patch fixes the off-by-one error and drops the pointless check for
-a single trailing slash that is automaticaly handled by the default
-branch of switch.
-
-Closes: #699281
-Thanks: Philipp Hahn for debugging this
----
- src/qemu/qemu_monitor.c | 11 +++--------
- 1 file changed, 3 insertions(+), 8 deletions(-)
-
-diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
-index 0d4319d..68ecdb9 100644
---- a/src/qemu/qemu_monitor.c
-+++ b/src/qemu/qemu_monitor.c
-@@ -157,20 +157,15 @@ char *qemuMonitorUnescapeArg(const char *in)
- {
- int i, j;
- char *out;
-- int len = strlen(in) + 1;
-+ int len = strlen(in);
- char next;
-
-- if (VIR_ALLOC_N(out, len) < 0)
-+ if (VIR_ALLOC_N(out, len + 1) < 0)
- return NULL;
-
- for (i = j = 0; i < len; ++i) {
- next = in[i];
- if (in[i] == '\\') {
-- if (len < i + 1) {
-- /* trailing backslash shouldn't be possible */
-- VIR_FREE(out);
-- return NULL;
-- }
- ++i;
- switch(in[i]) {
- case 'r':
-@@ -184,7 +179,7 @@ char *qemuMonitorUnescapeArg(const char *in)
- next = in[i];
- break;
- default:
-- /* invalid input */
-+ /* invalid input (including trailing '\' at end of in) */
- VIR_FREE(out);
- return NULL;
- }
diff --git a/debian/patches/rpc-Fix-crash-on-error-paths-of-message-dispatching.patch b/debian/patches/rpc-Fix-crash-on-error-paths-of-message-dispatching.patch
deleted file mode 100644
index 3d4d681..0000000
--- a/debian/patches/rpc-Fix-crash-on-error-paths-of-message-dispatching.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From: Peter Krempa <pkrempa at redhat.com>
-Date: Fri, 4 Jan 2013 16:15:04 +0100
-Subject: rpc: Fix crash on error paths of message dispatching
-
-This patch resolves CVE-2013-0170:
-https://bugzilla.redhat.com/show_bug.cgi?id=893450
-
-When reading and dispatching of a message failed the message was freed
-but wasn't removed from the message queue.
-
-After that when the connection was about to be closed the pointer for
-the message was still present in the queue and it was passed to
-virNetMessageFree which tried to call the callback function from an
-uninitialized pointer.
-
-This patch removes the message from the queue before it's freed.
-
-* rpc/virnetserverclient.c: virNetServerClientDispatchRead:
- - avoid use after free of RPC messages
----
- src/rpc/virnetserverclient.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
-index 67600fd..3838136 100644
---- a/src/rpc/virnetserverclient.c
-+++ b/src/rpc/virnetserverclient.c
-@@ -840,6 +840,7 @@ readmore:
-
- /* Decode the header so we can use it for routing decisions */
- if (virNetMessageDecodeHeader(msg) < 0) {
-+ virNetMessageQueueServe(&client->rx);
- virNetMessageFree(msg);
- client->wantClose = true;
- return;
-@@ -849,6 +850,7 @@ readmore:
- * file descriptors */
- if (msg->header.type == VIR_NET_CALL_WITH_FDS &&
- virNetMessageDecodeNumFDs(msg) < 0) {
-+ virNetMessageQueueServe(&client->rx);
- virNetMessageFree(msg);
- client->wantClose = true;
- return; /* Error */
-@@ -858,6 +860,7 @@ readmore:
- for (i = msg->donefds ; i < msg->nfds ; i++) {
- int rv;
- if ((rv = virNetSocketRecvFD(client->sock, &(msg->fds[i]))) < 0) {
-+ virNetMessageQueueServe(&client->rx);
- virNetMessageFree(msg);
- client->wantClose = true;
- return;
diff --git a/debian/patches/security/CVE-2012-3445.patch b/debian/patches/security/CVE-2012-3445.patch
deleted file mode 100644
index b69eb39..0000000
--- a/debian/patches/security/CVE-2012-3445.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx at sigxcpu.org>
-Date: Wed, 1 Aug 2012 13:11:34 +0200
-Subject: CVE-2012-3445
-
-Patch taken from upstream commit
-6039a2cb49c8af4c68460d2faf365a7e1c686c7b.
-
----
- daemon/remote.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/daemon/remote.c b/daemon/remote.c
-index 16a8a05..4ece019 100644
---- a/daemon/remote.c
-+++ b/daemon/remote.c
-@@ -964,7 +964,7 @@ remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server ATTRIBUTE_UNUS
- virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
- goto cleanup;
- }
-- if (VIR_ALLOC_N(params, nparams) < 0)
-+ if (nparams && VIR_ALLOC_N(params, nparams) < 0)
- goto no_memory;
-
- if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
-@@ -1019,7 +1019,7 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server ATTRIBUTE
- virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
- goto cleanup;
- }
-- if (VIR_ALLOC_N(params, nparams) < 0)
-+ if (nparams && VIR_ALLOC_N(params, nparams) < 0)
- goto no_memory;
-
- if (!(dom = get_nonnull_domain(priv->conn, args->dom)))
-@@ -1200,7 +1200,7 @@ remoteDispatchDomainBlockStatsFlags(virNetServerPtr server ATTRIBUTE_UNUSED,
- virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
- goto cleanup;
- }
-- if (VIR_ALLOC_N(params, nparams) < 0) {
-+ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
- virReportOOMError();
- goto cleanup;
- }
-@@ -1674,7 +1674,7 @@ remoteDispatchDomainGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
- virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
- goto cleanup;
- }
-- if (VIR_ALLOC_N(params, nparams) < 0) {
-+ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
- virReportOOMError();
- goto cleanup;
- }
-@@ -1739,7 +1739,7 @@ remoteDispatchDomainGetNumaParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
- virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
- goto cleanup;
- }
-- if (VIR_ALLOC_N(params, nparams) < 0) {
-+ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
- virReportOOMError();
- goto cleanup;
- }
-@@ -1804,7 +1804,7 @@ remoteDispatchDomainGetBlkioParameters(virNetServerPtr server ATTRIBUTE_UNUSED,
- virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
- goto cleanup;
- }
-- if (VIR_ALLOC_N(params, nparams) < 0) {
-+ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
- virReportOOMError();
- goto cleanup;
- }
-@@ -2064,7 +2064,7 @@ remoteDispatchDomainGetBlockIoTune(virNetServerPtr server ATTRIBUTE_UNUSED,
- goto cleanup;
- }
-
-- if (VIR_ALLOC_N(params, nparams) < 0) {
-+ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
- virReportOOMError();
- goto cleanup;
- }
-@@ -3567,7 +3567,7 @@ remoteDispatchDomainGetInterfaceParameters(virNetServerPtr server ATTRIBUTE_UNUS
- virNetError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
- goto cleanup;
- }
-- if (VIR_ALLOC_N(params, nparams) < 0) {
-+ if (nparams && VIR_ALLOC_N(params, nparams) < 0) {
- virReportOOMError();
- goto cleanup;
- }
diff --git a/debian/patches/security/Fix-crash-in-remoteDispatchDomainMemoryStats.patch b/debian/patches/security/Fix-crash-in-remoteDispatchDomainMemoryStats.patch
deleted file mode 100644
index 32004a2..0000000
--- a/debian/patches/security/Fix-crash-in-remoteDispatchDomainMemoryStats.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: "Daniel P. Berrange" <berrange at redhat.com>
-Date: Mon, 9 Sep 2013 13:08:20 +0200
-Subject: Fix crash in remoteDispatchDomainMemoryStats
-
-The 'stats' variable was not initialized to NULL, so if some
-early validation of the RPC call fails, it is possible to jump
-to the 'cleanup' label and VIR_FREE an uninitialized pointer.
-This is a security flaw, since the API can be called from a
-readonly connection which can trigger the validation checks.
-
-This was introduced in release v0.9.1 onwards by
-
- commit 158ba8730e44b7dd07a21ab90499996c5dec080a
- Author: Daniel P. Berrange <berrange at redhat.com>
- Date: Wed Apr 13 16:21:35 2011 +0100
-
- Merge all returns paths from dispatcher into single path
-
-Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
-
----
- daemon/remote.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/daemon/remote.c b/daemon/remote.c
-index 4ece019..7d72b0a 100644
---- a/daemon/remote.c
-+++ b/daemon/remote.c
-@@ -1060,7 +1060,7 @@ remoteDispatchDomainMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED,
- remote_domain_memory_stats_ret *ret)
- {
- virDomainPtr dom = NULL;
-- struct _virDomainMemoryStat *stats;
-+ struct _virDomainMemoryStat *stats = NULL;
- int nr_stats, i;
- int rv = -1;
- struct daemonClientPrivate *priv =
diff --git a/debian/patches/security/security-Fix-libvirtd-crash-possibility.patch b/debian/patches/security/security-Fix-libvirtd-crash-possibility.patch
deleted file mode 100644
index 0e84aba..0000000
--- a/debian/patches/security/security-Fix-libvirtd-crash-possibility.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From: Martin Kletzander <mkletzan at redhat.com>
-Date: Wed, 12 Sep 2012 23:43:26 +0200
-Subject: security: Fix libvirtd crash possibility
-
-Fix for CVE-2012-4423.
-
-When generating RPC protocol messages, it's strictly needed to have a
-continuous line of numbers or RPC messages. However in case anyone
-tries backporting some functionality and will skip a number, there is
-a possibility to make the daemon segfault with newer virsh (version of
-the library, rpc call, etc.) even unintentionally.
-
-The problem is that the skipped numbers will get func filled with
-NULLs, but there is no check whether these are set before the daemon
-tries to run them. This patch very simply enhances one check and fixes
-that.
-
----
- src/rpc/virnetserverprogram.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/src/rpc/virnetserverprogram.c b/src/rpc/virnetserverprogram.c
-index 7f589c8..5439878 100644
---- a/src/rpc/virnetserverprogram.c
-+++ b/src/rpc/virnetserverprogram.c
-@@ -1,7 +1,7 @@
- /*
- * virnetserverprogram.c: generic network RPC server program
- *
-- * Copyright (C) 2006-2011 Red Hat, Inc.
-+ * Copyright (C) 2006-2012 Red Hat, Inc.
- * Copyright (C) 2006 Daniel P. Berrange
- *
- * This library is free software; you can redistribute it and/or
-@@ -101,12 +101,19 @@ int virNetServerProgramMatches(virNetServerProgramPtr prog,
- static virNetServerProgramProcPtr virNetServerProgramGetProc(virNetServerProgramPtr prog,
- int procedure)
- {
-+ virNetServerProgramProcPtr proc;
-+
- if (procedure < 0)
- return NULL;
- if (procedure >= prog->nprocs)
- return NULL;
-
-- return &prog->procs[procedure];
-+ proc = &prog->procs[procedure];
-+
-+ if (!proc->func)
-+ return NULL;
-+
-+ return proc;
- }
-
- unsigned int
diff --git a/debian/patches/series b/debian/patches/series
index d94c3a3..fc6e78f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,15 +11,4 @@ Disable-failing-virnetsockettest.patch
Don-t-fail-if-we-can-t-setup-avahi.patch
Only-check-for-cluster-fs-if-we-re-using-a-filesyste.patch
Reduce-udevadm-settle-timeout-to-10-seconds.patch
-Include-stdint.h-for-uint32_t.patch
-security/CVE-2012-3445.patch
-security/security-Fix-libvirtd-crash-possibility.patch
-Revert-rpc-Discard-non-blocking-calls-only-when-nece.patch
-qemu-Fix-off-by-one-error-while-unescaping-monitor-s.patch
-rpc-Fix-crash-on-error-paths-of-message-dispatching.patch
-qemu-Add-support-for-no-user-config.patch
debian/Allow-xen-toolstack-to-find-it-s-binaries.patch
-fix-leak-virStorageBackendLogicalMakeVol.patch
-upstream/Fix-libvirtd-crash-when-destroying-a-domain-with-att.patch
-upstream/Fix-race-condition-when-destroying-guests.patch
-security/Fix-crash-in-remoteDispatchDomainMemoryStats.patch
diff --git a/debian/patches/upstream/Fix-libvirtd-crash-when-destroying-a-domain-with-att.patch b/debian/patches/upstream/Fix-libvirtd-crash-when-destroying-a-domain-with-att.patch
deleted file mode 100644
index 62899fa..0000000
--- a/debian/patches/upstream/Fix-libvirtd-crash-when-destroying-a-domain-with-att.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From: Peter Krempa <pkrempa at redhat.com>
-Date: Sat, 8 Jun 2013 15:20:45 +0200
-Subject: Fix libvirtd crash when destroying a domain with attached console
-
-Origin: upstream
-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=969497
-Applied-Upstream: ba226d334acbc49f6751b430e0c4e00f69eef6bf and 45edefc7a7bcbec988f54331ff37fc32e4bc2718
-Last-Update: 2013-06-07
-
-This is two upstream commits squashed:
-
-commit ba226d334acbc49f6751b430e0c4e00f69eef6bf
-Author: Peter Krempa <pkrempa at redhat.com>
-Date: Fri Jul 27 14:50:54 2012 +0200
-
- conf: Remove callback from stream when freeing entries in console hash
-
- When a domain has a active console connection and is destroyed the
- callback is called on private data that no longer exist causing a
- segfault.
-
-commit 45edefc7a7bcbec988f54331ff37fc32e4bc2718
-Author: Peter Krempa <pkrempa at redhat.com>
-Date: Fri Aug 3 11:20:29 2012 +0200
-
- conf: Remove console stream callback only when freeing console helper
-
- Commit ba226d334acbc49f6751b430e0c4e00f69eef6bf tried to fix crash of
- the daemon when a domain with an open console was destroyed. The fix was
- wrong as it tried to remove the callback also when the stream was
- aborted, where at that point the fd stream driver was already freed and
- removed.
-
- This patch clears the callbacks with a helper right before the hash is
- freed, so that it doesn't interfere with other codepaths where the
- stream object is freed.
-
----
- src/conf/virconsole.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/src/conf/virconsole.c b/src/conf/virconsole.c
-index 443d80d..01f1c84 100644
---- a/src/conf/virconsole.c
-+++ b/src/conf/virconsole.c
-@@ -290,6 +290,18 @@ error:
- }
-
- /**
-+ * Helper to clear stream callbacks when freeing the hash
-+ */
-+static void virConsoleFreeClearCallbacks(void *payload,
-+ const void *name ATTRIBUTE_UNUSED,
-+ void *data ATTRIBUTE_UNUSED)
-+{
-+ virStreamPtr st = payload;
-+
-+ virFDStreamSetInternalCloseCb(st, NULL, NULL, NULL);
-+}
-+
-+/**
- * Free structures for handling open console streams.
- *
- * @cons Pointer to the private structure.
-@@ -300,6 +312,7 @@ void virConsoleFree(virConsolesPtr cons)
- return;
-
- virMutexLock(&cons->lock);
-+ virHashForEach(cons->hash, virConsoleFreeClearCallbacks, NULL);
- virHashFree(cons->hash);
- virMutexUnlock(&cons->lock);
- virMutexDestroy(&cons->lock);
diff --git a/debian/patches/upstream/Fix-race-condition-when-destroying-guests.patch b/debian/patches/upstream/Fix-race-condition-when-destroying-guests.patch
deleted file mode 100644
index 121a511..0000000
--- a/debian/patches/upstream/Fix-race-condition-when-destroying-guests.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From: =?UTF-8?q?Ferenc=20W=C3=A1gner?= <wferi at niif.hu>
-Date: Wed, 21 Aug 2013 18:58:06 +0200
-Subject: Fix race condition when destroying guests
-
-Backport of 81621f3e6e45e8681cc18ae49404736a0e772a11 and
-f1b4021b38f9485c50d386af6f682ecfc8025af5 to fix a race (resulting in a
-segfault) when destroying domains.
----
- src/qemu/qemu_driver.c | 19 +++++++++++++------
- 1 file changed, 13 insertions(+), 6 deletions(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 0053ed1..c0b4707 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -1827,6 +1827,12 @@ qemuDomainDestroyFlags(virDomainPtr dom,
-
- qemuDomainSetFakeReboot(driver, vm, false);
-
-+
-+ /* We need to prevent monitor EOF callback from doing our work (and sending
-+ * misleading events) while the vm is unlocked inside BeginJob/ProcessKill API
-+ */
-+ priv->beingDestroyed = true;
-+
- /* Although qemuProcessStop does this already, there may
- * be an outstanding job active. We want to make sure we
- * can kill the process even if a job is active. Killing
-@@ -1834,19 +1840,20 @@ qemuDomainDestroyFlags(virDomainPtr dom,
- */
- if (flags & VIR_DOMAIN_DESTROY_GRACEFUL) {
- if (qemuProcessKill(driver, vm, 0) < 0) {
-+ priv->beingDestroyed = false;
- qemuReportError(VIR_ERR_OPERATION_FAILED, "%s",
- _("failed to kill qemu process with SIGTERM"));
- goto cleanup;
- }
- } else {
-- ignore_value(qemuProcessKill(driver, vm, VIR_QEMU_PROCESS_KILL_FORCE));
-+ if (qemuProcessKill(driver, vm, VIR_QEMU_PROCESS_KILL_FORCE) < 0) {
-+ priv->beingDestroyed = false;
-+ qemuReportError(VIR_ERR_OPERATION_FAILED, "%s",
-+ _("failed to kill qemu process with SIGTERM"));
-+ goto cleanup;
-+ }
- }
-
-- /* We need to prevent monitor EOF callback from doing our work (and sending
-- * misleading events) while the vm is unlocked inside BeginJob API
-- */
-- priv->beingDestroyed = true;
--
- if (qemuDomainObjBeginJobWithDriver(driver, vm, QEMU_JOB_DESTROY) < 0)
- goto cleanup;
-
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libvirt.git
More information about the Pkg-libvirt-commits
mailing list