Add upstream patches to:

* Fix crash in curl driver.
  * Add curl timeout option.
  * Add curl cookie option.

- Add upstream commit hashes to patches.

0001-block.curl-adding-timeout-option.patch

@@ -0,0 +1,115 @@
+From 212aefaa53d142baa9a22f5aadd2e72eb916c0c0 Mon Sep 17 00:00:00 2001
+From: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>
+Date: Wed, 13 Aug 2014 12:44:27 -0300
+Subject: [PATCH] block.curl: adding 'timeout' option
+
+The curl hardcoded timeout (5 seconds) sometimes is not long
+enough depending on the remote server configuration and network
+traffic. The user should be able to set how much long he is
+willing to wait for the connection.
+
+Adding a new option to set this timeout gives the user this
+flexibility. The previous default timeout of 5 seconds will be
+used if this option is not present.
+
+Reviewed-by: Fam Zheng <famz@redhat.com>
+Signed-off-by: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>
+Reviewed-by: Benoit Canet <benoit.canet@nodalink.com>
+Tested-by: Richard W.M. Jones <rjones@redhat.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ block/curl.c    | 13 ++++++++++++-
+ qemu-options.hx | 10 ++++++++--
+ 2 files changed, 20 insertions(+), 3 deletions(-)
+
+diff --git a/block/curl.c b/block/curl.c
+index d4b85d2..2698ae3 100644
+--- a/block/curl.c
++++ b/block/curl.c
+@@ -63,6 +63,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
+ #define CURL_NUM_ACB    8
+ #define SECTOR_SIZE     512
+ #define READ_AHEAD_DEFAULT (256 * 1024)
++#define CURL_TIMEOUT_DEFAULT 5
+ 
+ #define FIND_RET_NONE   0
+ #define FIND_RET_OK     1
+@@ -71,6 +72,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
+ #define CURL_BLOCK_OPT_URL       "url"
+ #define CURL_BLOCK_OPT_READAHEAD "readahead"
+ #define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
++#define CURL_BLOCK_OPT_TIMEOUT "timeout"
+ 
+ struct BDRVCURLState;
+ 
+@@ -109,6 +111,7 @@ typedef struct BDRVCURLState {
+     char *url;
+     size_t readahead_size;
+     bool sslverify;
++    int timeout;
+     bool accept_range;
+     AioContext *aio_context;
+ } BDRVCURLState;
+@@ -382,7 +385,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
+         curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
+         curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
+                          (long) s->sslverify);
+-        curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, 5);
++        curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, s->timeout);
+         curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
+                          (void *)curl_read_cb);
+         curl_easy_setopt(state->curl, CURLOPT_WRITEDATA, (void *)state);
+@@ -489,6 +492,11 @@ static QemuOptsList runtime_opts = {
+             .type = QEMU_OPT_BOOL,
+             .help = "Verify SSL certificate"
+         },
++        {
++            .name = CURL_BLOCK_OPT_TIMEOUT,
++            .type = QEMU_OPT_NUMBER,
++            .help = "Curl timeout"
++        },
+         { /* end of list */ }
+     },
+ };
+@@ -525,6 +533,9 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
+         goto out_noclean;
+     }
+ 
++    s->timeout = qemu_opt_get_number(opts, CURL_BLOCK_OPT_TIMEOUT,
++                                     CURL_TIMEOUT_DEFAULT);
++
+     s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
+ 
+     file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
+diff --git a/qemu-options.hx b/qemu-options.hx
+index c573dd8..52d56f4 100644
+--- a/qemu-options.hx
++++ b/qemu-options.hx
+@@ -2351,6 +2351,11 @@ multiple of 512 bytes. It defaults to 256k.
+ @item sslverify
+ Whether to verify the remote server's certificate when connecting over SSL. It
+ can have the value 'on' or 'off'. It defaults to 'on'.
++
++@item timeout
++Set the timeout in seconds of the CURL connection. This timeout is the time
++that CURL waits for a response from the remote server to get the size of the
++image to be downloaded. If not set, the default timeout of 5 seconds is used.
+ @end table
+ 
+ Note that when passing options to qemu explicitly, @option{driver} is the value
+@@ -2372,9 +2377,10 @@ qemu-system-x86_64 -drive file=/tmp/Fedora-x86_64-20-20131211.1-sda.qcow2,copy-o
+ @end example
+ 
+ Example: boot from an image stored on a VMware vSphere server with a self-signed
+-certificate using a local overlay for writes and a readahead of 64k
++certificate using a local overlay for writes, a readahead of 64k and a timeout
++of 10 seconds.
+ @example
+-qemu-img create -f qcow2 -o backing_file='json:@{"file.driver":"https",, "file.url":"https://user:password@@vsphere.example.com/folder/test/test-flat.vmdk?dcPath=Datacenter&dsName=datastore1",, "file.sslverify":"off",, "file.readahead":"64k"@}' /tmp/test.qcow2
++qemu-img create -f qcow2 -o backing_file='json:@{"file.driver":"https",, "file.url":"https://user:password@@vsphere.example.com/folder/test/test-flat.vmdk?dcPath=Datacenter&dsName=datastore1",, "file.sslverify":"off",, "file.readahead":"64k",, "file.timeout":10@}' /tmp/test.qcow2
+ 
+ qemu-system-x86_64 -drive file=/tmp/test.qcow2
+ @end example
+-- 
+2.0.4
+

0001-curl-Allow-a-cookie-or-cookies-to-be-sent-with-http-.patch

@@ -0,0 +1,126 @@
+From a94f83d94fdf907680f068f1be7ad13d1f697067 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Fri, 29 Aug 2014 16:03:12 +0100
+Subject: [PATCH] curl: Allow a cookie or cookies to be sent with http/https
+ requests.
+
+In order to access VMware ESX efficiently, we need to send a session
+cookie.  This patch is very simple and just allows you to send that
+session cookie.  It punts on the question of how you get the session
+cookie in the first place, but in practice you can just run a `curl'
+command against the server and extract the cookie that way.
+
+To use it, add file.cookie to the curl URL.  For example:
+
+$ qemu-img info 'json: {
+    "file.driver":"https",
+    "file.url":"https://vcenter/folder/Windows%202003/Windows%202003-flat.vmdk?dcPath=Datacenter&dsName=datastore1",
+    "file.sslverify":"off",
+    "file.cookie":"vmware_soap_session=\"52a01262-bf93-ccce-d379-8dabb3e55560\""}'
+image: [...]
+file format: raw
+virtual size: 8.0G (8589934592 bytes)
+disk size: unavailable
+
+Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ block/curl.c    | 16 ++++++++++++++++
+ qemu-options.hx |  5 +++++
+ 2 files changed, 21 insertions(+)
+
+diff --git a/block/curl.c b/block/curl.c
+index 2698ae3..9051bc0 100644
+--- a/block/curl.c
++++ b/block/curl.c
+@@ -73,6 +73,7 @@ static CURLMcode __curl_multi_socket_action(CURLM *multi_handle,
+ #define CURL_BLOCK_OPT_READAHEAD "readahead"
+ #define CURL_BLOCK_OPT_SSLVERIFY "sslverify"
+ #define CURL_BLOCK_OPT_TIMEOUT "timeout"
++#define CURL_BLOCK_OPT_COOKIE    "cookie"
+ 
+ struct BDRVCURLState;
+ 
+@@ -112,6 +113,7 @@ typedef struct BDRVCURLState {
+     size_t readahead_size;
+     bool sslverify;
+     int timeout;
++    char *cookie;
+     bool accept_range;
+     AioContext *aio_context;
+ } BDRVCURLState;
+@@ -385,6 +387,9 @@ static CURLState *curl_init_state(BDRVCURLState *s)
+         curl_easy_setopt(state->curl, CURLOPT_URL, s->url);
+         curl_easy_setopt(state->curl, CURLOPT_SSL_VERIFYPEER,
+                          (long) s->sslverify);
++        if (s->cookie) {
++            curl_easy_setopt(state->curl, CURLOPT_COOKIE, s->cookie);
++        }
+         curl_easy_setopt(state->curl, CURLOPT_TIMEOUT, s->timeout);
+         curl_easy_setopt(state->curl, CURLOPT_WRITEFUNCTION,
+                          (void *)curl_read_cb);
+@@ -497,6 +502,11 @@ static QemuOptsList runtime_opts = {
+             .type = QEMU_OPT_NUMBER,
+             .help = "Curl timeout"
+         },
++        {
++            .name = CURL_BLOCK_OPT_COOKIE,
++            .type = QEMU_OPT_STRING,
++            .help = "Pass the cookie or list of cookies with each request"
++        },
+         { /* end of list */ }
+     },
+ };
+@@ -509,6 +519,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
+     QemuOpts *opts;
+     Error *local_err = NULL;
+     const char *file;
++    const char *cookie;
+     double d;
+ 
+     static int inited = 0;
+@@ -538,6 +549,9 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
+ 
+     s->sslverify = qemu_opt_get_bool(opts, CURL_BLOCK_OPT_SSLVERIFY, true);
+ 
++    cookie = qemu_opt_get(opts, CURL_BLOCK_OPT_COOKIE);
++    s->cookie = g_strdup(cookie);
++
+     file = qemu_opt_get(opts, CURL_BLOCK_OPT_URL);
+     if (file == NULL) {
+         error_setg(errp, "curl block driver requires an 'url' option");
+@@ -593,6 +607,7 @@ out:
+     curl_easy_cleanup(state->curl);
+     state->curl = NULL;
+ out_noclean:
++    g_free(s->cookie);
+     g_free(s->url);
+     qemu_opts_del(opts);
+     return -EINVAL;
+@@ -695,6 +710,7 @@ static void curl_close(BlockDriverState *bs)
+     DPRINTF("CURL: Close\n");
+     curl_detach_aio_context(bs);
+ 
++    g_free(s->cookie);
+     g_free(s->url);
+ }
+ 
+diff --git a/qemu-options.hx b/qemu-options.hx
+index 52d56f4..5479cf5 100644
+--- a/qemu-options.hx
++++ b/qemu-options.hx
+@@ -2352,6 +2352,11 @@ multiple of 512 bytes. It defaults to 256k.
+ Whether to verify the remote server's certificate when connecting over SSL. It
+ can have the value 'on' or 'off'. It defaults to 'on'.
+ 
++@item cookie
++Send this cookie (it can also be a list of cookies separated by ';') with
++each outgoing request.  Only supported when using protocols such as HTTP
++which support cookies, otherwise ignored.
++
+ @item timeout
+ Set the timeout in seconds of the CURL connection. This timeout is the time
+ that CURL waits for a response from the remote server to get the size of the
+-- 
+2.0.4
+

0001-curl-Don-t-deref-NULL-pointer-in-call-to-aio_poll.patch

@@ -0,0 +1,79 @@
+From a2f468e48f8b6559ec9123e94948bc373b788941 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Thu, 28 Aug 2014 09:04:21 +0100
+Subject: [PATCH] curl: Don't deref NULL pointer in call to aio_poll.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In commit 63f0f45f2e89b60ff8245fec81328ddfde42a303 the following
+mechanical change was made:
+
+         if (!state) {
+-            qemu_aio_wait();
++            aio_poll(state->s->aio_context, true);
+         }
+
+The new code now checks if state is NULL and then dereferences it
+('state->s') which is obviously incorrect.
+
+This commit replaces state->s->aio_context with
+bdrv_get_aio_context(bs), fixing this problem.  The two other hunks
+are concerned with getting the BlockDriverState pointer bs to where it
+is needed.
+
+The original bug causes a segfault when using libguestfs to access a
+VMware vCenter Server and doing any kind of complex read-heavy
+operations.  With this commit the segfault goes away.
+
+Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Reviewed-by: Benoît Canet <benoit.canet@nodalink.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ block/curl.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/block/curl.c b/block/curl.c
+index 9051bc0..0258339 100644
+--- a/block/curl.c
++++ b/block/curl.c
+@@ -357,7 +357,7 @@ static void curl_multi_timeout_do(void *arg)
+ #endif
+ }
+ 
+-static CURLState *curl_init_state(BDRVCURLState *s)
++static CURLState *curl_init_state(BlockDriverState *bs, BDRVCURLState *s)
+ {
+     CURLState *state = NULL;
+     int i, j;
+@@ -375,7 +375,7 @@ static CURLState *curl_init_state(BDRVCURLState *s)
+             break;
+         }
+         if (!state) {
+-            aio_poll(state->s->aio_context, true);
++            aio_poll(bdrv_get_aio_context(bs), true);
+         }
+     } while(!state);
+ 
+@@ -566,7 +566,7 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags,
+     DPRINTF("CURL: Opening %s\n", file);
+     s->aio_context = bdrv_get_aio_context(bs);
+     s->url = g_strdup(file);
+-    state = curl_init_state(s);
++    state = curl_init_state(bs, s);
+     if (!state)
+         goto out_noclean;
+ 
+@@ -651,7 +651,7 @@ static void curl_readv_bh_cb(void *p)
+     }
+ 
+     // No cache found, so let's start a new request
+-    state = curl_init_state(s);
++    state = curl_init_state(acb->common.bs, s);
+     if (!state) {
+         acb->common.cb(acb->common.opaque, -EIO);
+         qemu_aio_release(acb);
+-- 
+2.0.4
+

qemu.spec

@@ -192,8 +192,16 @@ Source12: bridge.conf
 # qemu-kvm back compat wrapper
 Source13: qemu-kvm.sh
 
+# Upstream commit: 235e74afcb85285a8e35e75f0cb6e6811267bb75
 Patch1: 0001-loader-Add-load_image_gzipped-function.patch
+# Upstream commit: 6f5d3cbe8892367026526a7deed0ceecc700a7ad
 Patch2: 0002-aarch64-Allow-kernel-option-to-take-a-gzip-compresse.patch
+# Upstream commit: 212aefaa53d142baa9a22f5aadd2e72eb916c0c0
+Patch3: 0001-block.curl-adding-timeout-option.patch
+# Upstream commit: a94f83d94fdf907680f068f1be7ad13d1f697067
+Patch4: 0001-curl-Allow-a-cookie-or-cookies-to-be-sent-with-http-.patch
+# Upstream commit: a2f468e48f8b6559ec9123e94948bc373b788941
+Patch5: 0001-curl-Don-t-deref-NULL-pointer-in-call-to-aio_poll.patch
 
 BuildRequires: SDL2-devel
 BuildRequires: zlib-devel
@@ -721,6 +729,9 @@ CAC emulation development files.
 
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
 
 
 %build
@@ -1500,6 +1511,13 @@ getent passwd qemu >/dev/null || \
 %endif
 
 %changelog
+* Wed Sep  3 2014 Richard W.M. Jones <rjones@redhat.com> 2:2.1.0-6
+- Add upstream patches to:
+  * Fix crash in curl driver.
+  * Add curl timeout option.
+  * Add curl cookie option.
+- Add upstream commit hashes to patches.
+
 * Wed Aug 20 2014 Richard W.M. Jones <rjones@redhat.com> 2:2.1.0-5
 - Add patch for aarch64 which uncompresses -kernel parameter (in arm.next).