Rebased to version 1.4.1

qemu stable release 1.4.1 (bz 952599) CVE-2013-1922: qemu-nbd block format auto-detection vulnerability (bz 952574, bz 923219)
2013-04-20 20:10:19 -04:00 · 2013-04-20 20:10:19 -04:00 · 1c306606ca
commit 1c306606ca
parent 0194f981be
26 changed files with 45 additions and 229 deletions
--- a/.gitignore
+++ b/.gitignore
@ -18,3 +18,4 @@ qemu-kvm-0.13.0-25fdf4a.tar.gz
 /qemu-kvm-1.2.0.tar.gz
 /qemu-1.3.0.tar.bz2
 /qemu-1.4.0.tar.bz2
 /qemu-1.4.1.tar.bz2
--- a/0001-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch
+++ b/0001-char-Split-out-tcp-socket-close-code-in-a-separate-f.patch
@ -1,4 +1,4 @@
-From d9ba8b0f4597724179eab2d5c44c3c438bc40617 Mon Sep 17 00:00:00 2001
+From bed754a15e27a3630681959cf1d3161084f29fe9 Mon Sep 17 00:00:00 2001
 From: Amit Shah <amit.shah@redhat.com>
 Date: Mon, 21 Mar 2011 21:57:47 +0100
 Subject: [PATCH] char: Split out tcp socket close code in a separate function
@ -10,7 +10,7 @@ Signed-off-by: Cole Robinson <crobinso@redhat.com>
 1 file changed, 16 insertions(+), 9 deletions(-)
 diff --git a/qemu-char.c b/qemu-char.c
-index e4b0f53..d7fa7e6 100644
+index f4a74ac..ac2abeb 100644
 --- a/qemu-char.c
 +++ b/qemu-char.c
@@ -2155,6 +2155,21 @@ typedef struct {
@ -35,7 +35,7 @@ index e4b0f53..d7fa7e6 100644
 static int tcp_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
 {
     TCPCharDriver *s = chr->opaque;
-@@ -2313,15 +2328,7 @@ static void tcp_chr_read(void *opaque)
+@@ -2316,15 +2331,7 @@ static void tcp_chr_read(void *opaque)
         len = s->max_size;
     size = tcp_chr_recv(chr, (void *)buf, len);
     if (size == 0) {
--- a/0002-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch
+++ b/0002-char-Add-a-QemuChrHandlers-struct-to-initialise-char.patch
@ -1,4 +1,4 @@
-From 88f73511fce36aca2043b95476ad5aff95e75e07 Mon Sep 17 00:00:00 2001
+From de768f74c31d04063889c5dc588d55bc19cf7315 Mon Sep 17 00:00:00 2001
 From: Amit Shah <amit.shah@redhat.com>
 Date: Mon, 21 Mar 2011 20:31:45 +0100
 Subject: [PATCH] char: Add a QemuChrHandlers struct to initialise chardev
@ -978,7 +978,7 @@ index 4df550f..2868229 100644
     return 0;
 diff --git a/qemu-char.c b/qemu-char.c
-index d7fa7e6..5abb8b9 100644
+index ac2abeb..0c97bdf 100644
 --- a/qemu-char.c
 +++ b/qemu-char.c
@@ -192,19 +192,26 @@ void qemu_chr_fe_printf(CharDriverState *s, const char *fmt, ...)
--- a/0003-iohandlers-Add-enable-disable_write_fd_handler-funct.patch
+++ b/0003-iohandlers-Add-enable-disable_write_fd_handler-funct.patch
@ -1,4 +1,4 @@
-From 4dabaa88ce83dbb6ba07e8f8a2e8eeb53604b56f Mon Sep 17 00:00:00 2001
+From 64080f1b8983660b707ed8c0d10ace22e9b46f7a Mon Sep 17 00:00:00 2001
 From: Amit Shah <amit.shah@redhat.com>
 Date: Mon, 21 Mar 2011 20:32:58 +0100
 Subject: [PATCH] iohandlers: Add enable/disable_write_fd_handler() functions
--- a/0004-char-Add-framework-for-a-write-unblocked-callback.patch
+++ b/0004-char-Add-framework-for-a-write-unblocked-callback.patch
@ -1,4 +1,4 @@
-From f4be4da263d4bad7c600d847e13e69cca4ab08b6 Mon Sep 17 00:00:00 2001
+From 84877040f31425a8fecdbee19cb24fcc5a8212df Mon Sep 17 00:00:00 2001
 From: Amit Shah <amit.shah@redhat.com>
 Date: Mon, 21 Mar 2011 21:41:42 +0100
 Subject: [PATCH] char: Add framework for a 'write unblocked' callback
@ -39,7 +39,7 @@ index 3027cc1..2fee107 100644
 };
 diff --git a/qemu-char.c b/qemu-char.c
-index 5abb8b9..ce2eba8 100644
+index 0c97bdf..ab0c552 100644
 --- a/qemu-char.c
 +++ b/qemu-char.c
@@ -211,11 +211,14 @@ void qemu_chr_add_handlers(CharDriverState *s,
--- a/0005-char-Update-send_all-to-handle-nonblocking-chardev-w.patch
+++ b/0005-char-Update-send_all-to-handle-nonblocking-chardev-w.patch
@ -1,4 +1,4 @@
-From 8b85c38edae20f5dddb82d7530ca33c2c64be0c4 Mon Sep 17 00:00:00 2001
+From c7e9b2a5b981209f4e77b26562758663cc060900 Mon Sep 17 00:00:00 2001
 From: Amit Shah <amit.shah@redhat.com>
 Date: Mon, 21 Mar 2011 22:00:27 +0100
 Subject: [PATCH] char: Update send_all() to handle nonblocking chardev write
@ -22,7 +22,7 @@ Signed-off-by: Cole Robinson <crobinso@redhat.com>
 2 files changed, 65 insertions(+), 7 deletions(-)
 diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
-index 803ae17..8ee146c 100644
+index 0ccf32f..42ca690 100644
 --- a/include/qemu/sockets.h
 +++ b/include/qemu/sockets.h
@@ -29,6 +29,7 @@ int inet_aton(const char *cp, struct in_addr *ia);
@ -35,15 +35,15 @@ index 803ae17..8ee146c 100644
 int qemu_socket(int domain, int type, int protocol);
@@ -36,7 +37,7 @@ int qemu_accept(int s, struct sockaddr *addr, socklen_t *addrlen);
 int socket_set_cork(int fd, int v);
- void socket_set_block(int fd);
+ void qemu_set_block(int fd);
- void socket_set_nonblock(int fd);
+ void qemu_set_nonblock(int fd);
 -int send_all(int fd, const void *buf, int len1);
 +int send_all(CharDriverState *chr, int fd, const void *buf, int len1);
 /* callback function for nonblocking connect
  * valid fd on success, negative error code on failure
 diff --git a/qemu-char.c b/qemu-char.c
-index ce2eba8..3d6e2f8 100644
+index ab0c552..96fc54e 100644
 --- a/qemu-char.c
 +++ b/qemu-char.c
@@ -508,7 +508,7 @@ static CharDriverState *qemu_chr_open_mux(CharDriverState *drv)
--- a/0006-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch
+++ b/0006-char-Equip-the-unix-tcp-backend-to-handle-nonblockin.patch
@ -1,4 +1,4 @@
-From 9fd3a478a3823258516f06201fa681e07dce1781 Mon Sep 17 00:00:00 2001
+From 6540bebbaa749d405df91516e1ca5a075e354628 Mon Sep 17 00:00:00 2001
 From: Amit Shah <amit.shah@redhat.com>
 Date: Mon, 21 Mar 2011 22:02:47 +0100
 Subject: [PATCH] char: Equip the unix/tcp backend to handle nonblocking
@ -19,7 +19,7 @@ Signed-off-by: Cole Robinson <crobinso@redhat.com>
 1 file changed, 27 insertions(+)
 diff --git a/qemu-char.c b/qemu-char.c
-index 3d6e2f8..18e980d 100644
+index 96fc54e..53d2c13 100644
 --- a/qemu-char.c
 +++ b/qemu-char.c
@@ -105,6 +105,19 @@
--- a/0007-virtio-console-Enable-port-throttling-when-chardev-i.patch
+++ b/0007-virtio-console-Enable-port-throttling-when-chardev-i.patch
@ -1,4 +1,4 @@
-From 2de627bd1e2761e5caf02e975bc6d744e36adc87 Mon Sep 17 00:00:00 2001
+From 33f3874dc760f0960d408be2f916d04373de543b Mon Sep 17 00:00:00 2001
 From: Amit Shah <amit.shah@redhat.com>
 Date: Mon, 21 Mar 2011 22:06:41 +0100
 Subject: [PATCH] virtio-console: Enable port throttling when chardev is slow
--- a/0008-spice-qemu-char.c-add-throttling.patch
+++ b/0008-spice-qemu-char.c-add-throttling.patch
@ -1,4 +1,4 @@
-From 57a83c6d83b53eb5baae9f006973e7faac52b36b Mon Sep 17 00:00:00 2001
+From aa0a2c94c70ae5ed0fb215328c8ecebbef10cbe9 Mon Sep 17 00:00:00 2001
 From: Alon Levy <alevy@redhat.com>
 Date: Tue, 22 Mar 2011 12:27:59 +0200
 Subject: [PATCH] spice-qemu-char.c: add throttling
--- a/0009-spice-qemu-char.c-remove-intermediate-buffer.patch
+++ b/0009-spice-qemu-char.c-remove-intermediate-buffer.patch
@ -1,4 +1,4 @@
-From f6239f570a57ba6069ce1033b696365bdfed1b47 Mon Sep 17 00:00:00 2001
+From de979c48aa4b5e7f3f8658f9ac69030f3de3c99c Mon Sep 17 00:00:00 2001
 From: Alon Levy <alevy@redhat.com>
 Date: Tue, 22 Mar 2011 12:28:00 +0200
 Subject: [PATCH] spice-qemu-char.c: remove intermediate buffer
--- a/0010-usb-redir-Add-flow-control-support.patch
+++ b/0010-usb-redir-Add-flow-control-support.patch
@ -1,4 +1,4 @@
-From 40a91b44f1dfb7f19f2e3156491d721c62a2c9b3 Mon Sep 17 00:00:00 2001
+From 1e87b85766f9c18a2f9dffd289c0e56d640637c4 Mon Sep 17 00:00:00 2001
 From: Hans de Goede <hdegoede@redhat.com>
 Date: Tue, 19 Jul 2011 10:56:19 +0200
 Subject: [PATCH] usb-redir: Add flow control support
--- a/0011-char-Disable-write-callback-if-throttled-chardev-is-.patch
+++ b/0011-char-Disable-write-callback-if-throttled-chardev-is-.patch
@ -1,4 +1,4 @@
-From 6ad6a0becf4ef5934273175df5f8810d43266856 Mon Sep 17 00:00:00 2001
+From 42931bebb2856307dcdc9babc5dd9954b60c8094 Mon Sep 17 00:00:00 2001
 From: Amit Shah <amit.shah@redhat.com>
 Date: Fri, 2 Dec 2011 15:42:55 +0530
 Subject: [PATCH] char: Disable write callback if throttled chardev is detached
@ -16,7 +16,7 @@ Signed-off-by: Cole Robinson <crobinso@redhat.com>
 1 file changed, 5 insertions(+)
 diff --git a/qemu-char.c b/qemu-char.c
-index 18e980d..04ae28c 100644
+index 53d2c13..fde72ff 100644
 --- a/qemu-char.c
 +++ b/qemu-char.c
@@ -223,6 +223,11 @@ void qemu_chr_add_handlers(CharDriverState *s,
--- a/0012-hw-virtio-serial-bus-replay-guest-open-on-destinatio.patch
+++ b/0012-hw-virtio-serial-bus-replay-guest-open-on-destinatio.patch
@ -1,4 +1,4 @@
-From 1183739a4da98952d93b9a3870ce5efea6eedb48 Mon Sep 17 00:00:00 2001
+From 81ab56732f4990c288c88a545925dc4431c313d2 Mon Sep 17 00:00:00 2001
 From: Alon Levy <alevy@redhat.com>
 Date: Fri, 16 Nov 2012 16:24:47 +0200
 Subject: [PATCH] hw/virtio-serial-bus: replay guest open on destination
--- a/0101-configure-Add-enable-migration-from-qemu-kvm.patch
+++ b/0101-configure-Add-enable-migration-from-qemu-kvm.patch
@ -1,4 +1,4 @@
-From 4c0c92f91370c1a3279e1488aaf4c979a0ccb1f0 Mon Sep 17 00:00:00 2001
+From c6c153bfd7f9da48eb541d78bf09bc03bcc337e5 Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Tue, 19 Feb 2013 14:39:05 -0500
 Subject: [PATCH] configure: Add --enable-migration-from-qemu-kvm
@ -16,7 +16,7 @@ Signed-off-by: Cole Robinson <crobinso@redhat.com>
 1 file changed, 10 insertions(+)
 diff --git a/configure b/configure
-index 8789324..9e7f80f 100755
+index e7468a9..719e348 100755
 --- a/configure
 +++ b/configure
@@ -170,6 +170,7 @@ xfs=""
@ -46,7 +46,7 @@ index 8789324..9e7f80f 100755
 echo "  --enable-tcg-interpreter enable TCG with bytecode interpreter (TCI)"
 echo "  --disable-nptl           disable usermode NPTL support"
 echo "  --enable-nptl            enable usermode NPTL support"
-@@ -3318,6 +3324,7 @@ echo "Linux AIO support $linux_aio"
+@@ -3324,6 +3330,7 @@ echo "Linux AIO support $linux_aio"
 echo "ATTR/XATTR support $attr"
 echo "Install blobs     $blobs"
 echo "KVM support       $kvm"
@ -54,7 +54,7 @@ index 8789324..9e7f80f 100755
 echo "TCG interpreter   $tcg_interpreter"
 echo "fdt support       $fdt"
 echo "preadv support    $preadv"
-@@ -3606,6 +3613,9 @@ fi
+@@ -3612,6 +3619,9 @@ fi
 if test "$signalfd" = "yes" ; then
   echo "CONFIG_SIGNALFD=y" >> $config_host_mak
 fi
--- a/0102-acpi_piix4-Drop-minimum_version_id-to-handle-qemu-kv.patch
+++ b/0102-acpi_piix4-Drop-minimum_version_id-to-handle-qemu-kv.patch
@ -1,4 +1,4 @@
-From d83f40ffc3720fd564591ea6b00778d133b22edd Mon Sep 17 00:00:00 2001
+From 75e3acce2d9302a2344b3de381a49f6cd0fa04ad Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Tue, 19 Feb 2013 14:44:49 -0500
 Subject: [PATCH] acpi_piix4: Drop minimum_version_id to handle qemu-kvm
@ -22,7 +22,7 @@ Signed-off-by: Cole Robinson <crobinso@redhat.com>
 1 file changed, 9 insertions(+), 6 deletions(-)
 diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
-index 65b2601..e3d2e41 100644
+index 1beac21..2abcc9d 100644
 --- a/hw/acpi_piix4.c
 +++ b/hw/acpi_piix4.c
@@ -257,16 +257,19 @@ static int acpi_load_old(QEMUFile *f, void *opaque, int version_id)
--- a/0103-i8254-Fix-migration-from-qemu-kvm-1.1.patch
+++ b/0103-i8254-Fix-migration-from-qemu-kvm-1.1.patch
@ -1,4 +1,4 @@
-From 8da856131e3e6b9965a61a987df7ab487e80d1a0 Mon Sep 17 00:00:00 2001
+From c50ed212c0b0814a0edefb2d2a2fc7abc6aed2af Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Tue, 19 Feb 2013 15:04:59 -0500
 Subject: [PATCH] i8254: Fix migration from qemu-kvm < 1.1
--- a/0104-pc_piix-Add-compat-handling-for-qemu-kvm-VGA-mem-siz.patch
+++ b/0104-pc_piix-Add-compat-handling-for-qemu-kvm-VGA-mem-siz.patch
@ -1,4 +1,4 @@
-From a3c975852ea909b93953f53a39ab4c696c595091 Mon Sep 17 00:00:00 2001
+From 271e4d924c39efd716cc3ad86a5f615660b13f22 Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Tue, 19 Feb 2013 15:35:40 -0500
 Subject: [PATCH] pc_piix: Add compat handling for qemu-kvm VGA mem size
--- a/0105-qxl-Add-rom_size-compat-property-fix-migration-from-.patch
+++ b/0105-qxl-Add-rom_size-compat-property-fix-migration-from-.patch
@ -1,4 +1,4 @@
-From 95a59bc743f27d7d3fdcc1b0ff131f240e01e839 Mon Sep 17 00:00:00 2001
+From 66cc6383d6b1d934d22e9a16b432cacacd58c315 Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Tue, 19 Feb 2013 16:19:02 -0500
 Subject: [PATCH] qxl: Add rom_size compat property, fix migration from 1.2
@ -60,7 +60,7 @@ index e3f8e96..a1a6794 100644
 static QEMUMachine pc_machine_v1_1 = {
 diff --git a/hw/qxl.c b/hw/qxl.c
-index 2e1c5e2..436e375 100644
+index ca094e6..80bd92a 100644
 --- a/hw/qxl.c
 +++ b/hw/qxl.c
@@ -302,16 +302,14 @@ static inline uint32_t msb_mask(uint32_t val)
--- a/0106-docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch
+++ b/0106-docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch
@ -1,4 +1,4 @@
-From 1b852140f347cbebdceaca44e5ce3cb8e3db702d Mon Sep 17 00:00:00 2001
+From f76e7a03ac948a7649878d7ddbb02ace0f6e3625 Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Wed, 20 Feb 2013 11:14:45 -0500
 Subject: [PATCH] docs: Fix generating qemu-doc.html with texinfo 5
@ -15,10 +15,10 @@ Signed-off-by: Cole Robinson <crobinso@redhat.com>
 1 file changed, 7 insertions(+), 12 deletions(-)
 diff --git a/qemu-options.hx b/qemu-options.hx
-index 9d7131a..1000d49 100644
+index 15dc29e..470c2b4 100644
 --- a/qemu-options.hx
 +++ b/qemu-options.hx
-@@ -2075,18 +2075,13 @@ QEMU supports using either local sheepdog devices or remote networked
+@@ -2092,18 +2092,13 @@ QEMU supports using either local sheepdog devices or remote networked
 devices.
 Syntax for specifying a sheepdog device
--- a/0107-rtc-test-Fix-test-failures-with-recent-glib.patch
+++ b/0107-rtc-test-Fix-test-failures-with-recent-glib.patch
@ -1,34 +0,0 @@
 From 2e8c33aab214c118fa8a579938f1dbd54397a80d Mon Sep 17 00:00:00 2001
 From: Cole Robinson <crobinso@redhat.com>
 Date: Wed, 27 Feb 2013 09:43:54 -0500
 Subject: [PATCH] rtc-test: Fix test failures with recent glib
 As of glib 2.35.4, glib changed its logic for ordering test cases:
 https://bugzilla.gnome.org/show_bug.cgi?id=694487
 This was causing failures in rtc-test. Group the reordered test
 cases into their own suite, which maintains the original ordering.
 ---
 tests/rtc-test.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/tests/rtc-test.c b/tests/rtc-test.c
 index 203c0fc..097cfb4 100644
 --- a/tests/rtc-test.c
 +++ b/tests/rtc-test.c
@@ -384,11 +384,11 @@ int main(int argc, char **argv)
     qtest_add_func("/rtc/bcd/check-time", bcd_check_time);
     qtest_add_func("/rtc/dec/check-time", dec_check_time);
 -    qtest_add_func("/rtc/alarm-time", alarm_time);
 +    qtest_add_func("/rtc/alarm/alarm-time", alarm_time);
     qtest_add_func("/rtc/set-year/20xx", set_year_20xx);
     qtest_add_func("/rtc/set-year/1980", set_year_1980);
 -    qtest_add_func("/rtc/register_b_set_flag", register_b_set_flag);
 -    qtest_add_func("/rtc/fuzz-registers", fuzz_registers);
 +    qtest_add_func("/rtc/misc/register_b_set_flag", register_b_set_flag);
 +    qtest_add_func("/rtc/misc/fuzz-registers", fuzz_registers);
     ret = g_test_run();
     if (s) {
--- a/0108-iscsi-look-for-pkg-config-file-too.patch
+++ b/0108-iscsi-look-for-pkg-config-file-too.patch
@ -1,36 +0,0 @@
 From: Paolo Bonzini <pbonzini@redhat.com>
 Subject: [PATCH 3/6] iscsi: look for pkg-config file too
 Date: Tue,  5 Mar 2013 18:05:22 +0100
 Due to library conflicts, Fedora will have to put libiscsi in
 /usr/lib/iscsi.  Simplify configuration by using a pkg-config
 file.  The Fedora package will distribute one, and the patch
 to add it has been sent to upstream libiscsi as well.
 Cc: qemu-stable@nongnu.org
 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 ---
 configure | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
 diff --git a/configure b/configure
 index 2f98c5a..a9a7c99 100755
 --- a/configure
 +++ b/configure
@@ -2803,7 +2803,13 @@ if test "$libiscsi" != "no" ; then
 #include <iscsi/iscsi.h>
 int main(void) { iscsi_unmap_sync(NULL,0,0,0,NULL,0); return 0; }
 EOF
 -  if compile_prog "" "-liscsi" ; then
 +  if $pkg_config --atleast-version=1.7.0 libiscsi --modversion >/dev/null 2>&1; then
 +    libiscsi="yes"
 +    libiscsi_cflags=$($pkg_config --cflags libiscsi 2>/dev/null)
 +    libiscsi_libs=$($pkg_config --libs libiscsi 2>/dev/null)
 +    CFLAGS="$CFLAGS $libiscsi_cflags"
 +    LIBS="$LIBS $libiscsi_libs"
 +  elif compile_prog "" "-liscsi" ; then
     libiscsi="yes"
     LIBS="$LIBS -liscsi"
   else
 -- 
 1.8.1.2
--- a/0109-tcg-Fix-occasional-TCG-broken-problem-when-ldst-opti.patch
+++ b/0109-tcg-Fix-occasional-TCG-broken-problem-when-ldst-opti.patch
@ -1,41 +0,0 @@
 From bf18257d85734fc6b116108e7c6511dbd4ad8be8 Mon Sep 17 00:00:00 2001
 From: Yeongkyoon Lee <yeongkyoon.lee@samsung.com>
 Date: Fri, 22 Mar 2013 21:50:17 +0900
 Subject: [PATCH] tcg: Fix occasional TCG broken problem when ldst optimization
 enabled
 is_tcg_gen_code() checks the upper limit of TCG generated code range wrong, so
 that TCG could get broken occasionally only when CONFIG_QEMU_LDST_OPTIMIZATION
 enabled. The reason is code_gen_buffer_max_size does not cover the upper range
 up to (TCG_MAX_OP_SIZE * OPC_BUF_SIZE), thus code_gen_buffer_max_size should be
 modified to code_gen_buffer_size.
 CC: qemu-stable@nongnu.org
 Signed-off-by: Yeongkyoon Lee <yeongkyoon.lee@samsung.com>
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
 (cherry picked from commit 52ae646d4a3ebdcdcc973492c6a56f2c49b6578f)
 Conflicts:
 	translate-all.c
 ---
 translate-all.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/translate-all.c b/translate-all.c
 index d367fc4..bf1db09 100644
 --- a/translate-all.c
 +++ b/translate-all.c
@@ -1310,10 +1310,10 @@ static void tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc,
 /* check whether the given addr is in TCG generated code buffer or not */
 bool is_tcg_gen_code(uintptr_t tc_ptr)
 {
 -    /* This can be called during code generation, code_gen_buffer_max_size
 +    /* This can be called during code generation, code_gen_buffer_size
        is used instead of code_gen_ptr for upper boundary checking */
     return (tc_ptr >= (uintptr_t)code_gen_buffer &&
 -            tc_ptr < (uintptr_t)(code_gen_buffer + code_gen_buffer_max_size));
 +            tc_ptr < (uintptr_t)(code_gen_buffer + code_gen_buffer_size));
 }
 #endif
--- a/0110-qxl-better-vga-init-in-enter_vga_mode.patch
+++ b/0110-qxl-better-vga-init-in-enter_vga_mode.patch
@ -1,28 +0,0 @@
 From 73a438802ea86374404df8de9f690589efea3727 Mon Sep 17 00:00:00 2001
 From: Gerd Hoffmann <kraxel@redhat.com>
 Date: Thu, 28 Feb 2013 11:08:50 +0100
 Subject: [PATCH] qxl: better vga init in enter_vga_mode
 Ask the vga core to update the display.  Will trigger dpy_gfx_resize
 if needed.  More complete than just calling dpy_gfx_resize.
 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
 (cherry picked from commit c099e7aa0295678859d58e9e60b7619f6ae3bac8)
 ---
 hw/qxl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/hw/qxl.c b/hw/qxl.c
 index 436e375..80bd92a 100644
 --- a/hw/qxl.c
 +++ b/hw/qxl.c
@@ -1073,8 +1073,8 @@ static void qxl_enter_vga_mode(PCIQXLDevice *d)
     trace_qxl_enter_vga_mode(d->id);
     qemu_spice_create_host_primary(&d->ssd);
     d->mode = QXL_MODE_VGA;
 -    dpy_gfx_resize(d->ssd.ds);
     vga_dirty_log_start(&d->vga);
 +    vga_hw_update();
 }
 static void qxl_exit_vga_mode(PCIQXLDevice *d)
--- a/0111-usb-tablet-Don-t-claim-wakeup-capability-for-USB-2-v.patch
+++ b/0111-usb-tablet-Don-t-claim-wakeup-capability-for-USB-2-v.patch
@ -1,32 +0,0 @@
 From 2d3225f34dbe42d215c7809f5f82186eafe7f4c2 Mon Sep 17 00:00:00 2001
 From: Hans de Goede <hdegoede@redhat.com>
 Date: Tue, 2 Apr 2013 19:13:06 +0200
 Subject: [PATCH 1/2] usb-tablet: Don't claim wakeup capability for USB-2
 version
 Our ehci code does not implement wakeup support, so claiming support for
 it with usb-tablet in USB-2 mode causes all tablet events to get lost.
 http://bugzilla.redhat.com/show_bug.cgi?id=929068
 Signed-off-by: Hans de Goede <hdegoede@redhat.com>
 ---
 hw/usb/dev-hid.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/hw/usb/dev-hid.c b/hw/usb/dev-hid.c
 index 9701048..317b474 100644
 --- a/hw/usb/dev-hid.c
 +++ b/hw/usb/dev-hid.c
@@ -236,7 +236,7 @@ static const USBDescDevice desc_device_tablet2 = {
             .bNumInterfaces        = 1,
             .bConfigurationValue   = 1,
             .iConfiguration        = STR_CONFIG_TABLET,
 -            .bmAttributes          = 0xa0,
 +            .bmAttributes          = 0x80,
             .bMaxPower             = 50,
             .nif = 1,
             .ifs = &desc_iface_tablet2,
 -- 
 1.8.1.4
--- a/qemu.spec
+++ b/qemu.spec
@ -127,8 +127,8 @@
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
-Version: 1.4.0
+Version: 1.4.1
-Release: 11%{?dist}
+Release: 1%{?dist}
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 Epoch: 2
 License: GPLv2+ and LGPLv2+ and BSD
@ -193,16 +193,6 @@ Patch0104: 0104-pc_piix-Add-compat-handling-for-qemu-kvm-VGA-mem-siz.patch
 Patch0105: 0105-qxl-Add-rom_size-compat-property-fix-migration-from-.patch
 # Fix generating docs with texinfo 5 (posted upstream)
 Patch0106: 0106-docs-Fix-generating-qemu-doc.html-with-texinfo-5.patch
 # Fix test ordering with latest glib
 Patch0107: 0107-rtc-test-Fix-test-failures-with-recent-glib.patch
 # Fixes for iscsi dep
 Patch0108: 0108-iscsi-look-for-pkg-config-file-too.patch
 # Fix TCG ld/st optimization (lp 1127369)
 Patch0109: 0109-tcg-Fix-occasional-TCG-broken-problem-when-ldst-opti.patch
 # Fix possible crash with VNC and qxl (bz #919777)
 Patch0110: 0110-qxl-better-vga-init-in-enter_vga_mode.patch
 # Fix USB-tablet not working with some Linux guests (bz #929068)
 Patch0111: 0111-usb-tablet-Don-t-claim-wakeup-capability-for-USB-2-v.patch
 BuildRequires: SDL-devel
 BuildRequires: zlib-devel
@ -670,16 +660,6 @@ CAC emulation development files.
 %patch0105 -p1
 # Fix generating docs with texinfo 5 (posted upstream)
 %patch0106 -p1
 # Fix test ordering with latest glib
 %patch0107 -p1
 # Fixes for iscsi dep
 %patch0108 -p1
 # Fix TCG ld/st optimization (lp 1127369)
 %patch0109 -p1
 # Fix possible crash with VNC and qxl (bz #919777)
 %patch0110 -p1
 # Fix USB-tablet not working with some Linux guests (bz #929068)
 %patch0111 -p1
 %build
@ -1291,6 +1271,12 @@ getent passwd qemu >/dev/null || \
 %endif
 %changelog
 * Sat Apr 20 2013 Cole Robinson <crobinso@redhat.com> - 2:1.4.1-1
 - Rebased to version 1.4.1
 - qemu stable release 1.4.1 (bz 952599)
 - CVE-2013-1922: qemu-nbd block format auto-detection vulnerability (bz
  952574, bz 923219)
 * Thu Apr 04 2013 Richard W.M. Jones <rjones@redhat.com> - 2:1.4.0-11
 - Rebuild to attempt to fix broken dep on libbrlapi.so.0.5
--- a/2
+++ b/2
@ -1 +1 @@
-78f13b774814b6b7ebcaf4f9b9204318  qemu-1.4.0.tar.bz2
+eb2d696956324722b5ecfa46e41f9a75  qemu-1.4.1.tar.bz2
`@ -1 +1 @@`
	`78f13b774814b6b7ebcaf4f9b9204318 qemu-1.4.0.tar.bz2`	`eb2d696956324722b5ecfa46e41f9a75 qemu-1.4.1.tar.bz2`