dist-git conversion

Fix typo that causes a failure to update the common directory. (releng
#2781)
2010-07-29 10:59:34 +00:00 · 2009-11-26 01:16:14 +00:00 · 2009-10-23 12:48:18 +00:00 · 2009-10-19 10:33:43 +00:00 · 2009-10-05 14:39:50 +00:00 · 2009-09-29 20:53:23 +00:00
32 changed files with 1909 additions and 640 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +0,0 @@
-qemu-kvm-0.10.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+qemu-kvm-*.tar.gz
--- a/01-tls-handshake-fix.patch
+++ b/01-tls-handshake-fix.patch
@ -1,8 +1,41 @@
-Index: qemu-kvm-0.10/qemu/vnc.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.c
-+++ qemu-kvm-0.10/qemu/vnc.c
-@@ -2096,14 +2096,6 @@ static int protocol_client_vencrypt_auth
+From 9883355cd27949061b396a42bb724853b75ce7f9 Mon Sep 17 00:00:00 2001
+From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Fri, 6 Mar 2009 20:27:02 +0000
+Subject: [PATCH] Fix bug in TLS authentication ("Daniel P. Berrange")
+
+This patch was previously posted here:
+
+  http://lists.gnu.org/archive/html/qemu-devel/2009-02/msg00820.html
+
+In the case where the TLS handshake does *not* block on I/O, QEMU
+sends the next 'start sub-auth' message twice. This seriously confuses
+the VNC client :-) Fortunately the chances of the handshake not blocking
+are close to zero for a TCP socket, which is why it has not been noticed
+thus far. Even with both client & server on localhost, I can only hit the
+bug 1 time in 20.
+
+NB, the diff context here is not too informative. If you look at the
+full code you'll see that a few lines early we called vnc_start_tls()
+which called vnc_continue_handshake() which called the method
+start_auth_vencrypt_subauth(). Hence, fixing the bug, just involves
+removing the 2nd bogus call to start_auth_vencrypt_subauth() as per
+this patch.
+
+(cherry picked from commit adc5ec856c557f75adc60b310e5b1d38210a289c)
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: 01-tls-handshake-fix.patch
+---
+ vnc.c |    8 --------
+ 1 files changed, 0 insertions(+), 8 deletions(-)
+
+diff --git a/vnc.c b/vnc.c
+index 28e8362..9fa0f82 100644
+--- a/vnc.c
+++ b/vnc.c
+@@ -2158,14 +2158,6 @@ static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len
 	    VNC_DEBUG("Failed to complete TLS\n");
 	    return 0;
 	}
@ -17,3 +50,6 @@ Index: qemu-kvm-0.10/qemu/vnc.c
     }
     return 0;
 }
+-- 
+1.6.2.5
+
--- a/02-vnc-monitor-info.patch
+++ b/02-vnc-monitor-info.patch
@ -1,7 +1,56 @@
-Index: qemu-kvm-0.10/qemu/vnc.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.c
-+++ qemu-kvm-0.10/qemu/vnc.c
+From 37beb4aa5dd10764a492d76822f2d7ec04b33fd0 Mon Sep 17 00:00:00 2001
+From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Fri, 6 Mar 2009 20:27:05 +0000
+Subject: [PATCH] Enhance 'info vnc' monitor output ("Daniel P. Berrange")
+
+The current 'info vnc' monitor output just displays the VNC server address
+as provided by the -vnc command line flag. This isn't particularly useful
+since it doesn't tell you what VNC is actually listening on. eg, if you
+use '-vnc :1' it is useful to know whether this translated to '0.0.0.0:5901'
+or chose IPv6 ':::5901'.  It is also useful to know the address of the
+client that is currently connected. It is also useful to know the active
+authentication (if any).
+
+This patch tweaks the monitor output to look like:
+
+   (qemu) info vnc
+    Server:
+         address: 0.0.0.0:5902
+            auth: vencrypt+x509
+    Client: none
+
+And when 2 clients are connected
+
+   (qemu) info vnc
+    Server:
+         address: 0.0.0.0:5902
+            auth: vencrypt+x509
+    Client:
+         address: 10.33.6.67:38621
+    Client:
+         address: 10.33.6.63:38620
+
+More data will be added to this later in the patch series...
+
+The 'addr_to_string' helper method in this patch is overly generic
+for the needs of this patch alone. This is because it will be re-used
+by the later SASL patches in this series, where the flexibility is
+important.
+
+(cherry picked from commit 1ff7df1a848044f58d0f3540f1447db4bb1d2d20)
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: 02-vnc-monitor-info.patch
+---
+ vnc.c |  139 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
+ 1 files changed, 128 insertions(+), 11 deletions(-)
+
+diff --git a/vnc.c b/vnc.c
+index 9fa0f82..7853635 100644
+--- a/vnc.c
+++ b/vnc.c
@@ -166,19 +166,136 @@ struct VncState
 static VncDisplay *vnc_display; /* needed for info vnc */
 static DisplayChangeListener *dcl;
@ -150,3 +199,6 @@ Index: qemu-kvm-0.10/qemu/vnc.c
     }
 }
 
+-- 
+1.6.2.5
+
--- a/03-display-keymaps.patch
+++ b/03-display-keymaps.patch
@ -1,7 +1,39 @@
-Index: qemu-kvm-0.10/qemu/Makefile
-===================================================================
--- qemu-kvm-0.10.orig/qemu/Makefile
-+++ qemu-kvm-0.10/qemu/Makefile
+From 15a868dc4e7a982f9d684a0231938602757c0c25 Mon Sep 17 00:00:00 2001
+From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Fri, 6 Mar 2009 20:27:10 +0000
+Subject: [PATCH] Refactor keymap code to avoid duplication ("Daniel P. Berrange")
+
+Each of the graphical frontends #include a .c file, for keymap code
+resulting in duplicated definitions & duplicated compiled code. A
+couple of small changes allowed this to be sanitized, so instead of
+doing a #include "keymaps.c", duplicating all code, we can have a
+shared keymaps.h file, and only compile code once. This allows the
+next patch to move the VncState struct out into a header file without
+causing clashing definitions.
+
+(cherry picked from commit 0483755a4d1fd61fe9c284166f67ae08af8d858b)
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: 03-display-keymaps.patch
+---
+ Makefile      |    9 +++++--
+ curses.c      |    3 +-
+ curses_keys.h |    9 +++----
+ keymaps.c     |   45 ++++++++++++++++--------------------------
+ keymaps.h     |   60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ sdl.c         |    3 +-
+ sdl_keysym.h  |    7 ++---
+ vnc.c         |    5 +--
+ vnc_keysym.h  |    7 ++---
+ 9 files changed, 97 insertions(+), 51 deletions(-)
+ create mode 100644 keymaps.h
+
+diff --git a/Makefile b/Makefile
+index 92eb447..f74b7eb 100644
+--- a/Makefile
+++ b/Makefile
@@ -141,6 +141,7 @@ endif
 AUDIO_OBJS+= wavcapture.o
 OBJS+=$(addprefix audio/, $(AUDIO_OBJS))
@ -31,11 +63,11 @@ Index: qemu-kvm-0.10/qemu/Makefile
 
 bt-host.o: CFLAGS += $(CONFIG_BLUEZ_CFLAGS)
 
-Index: qemu-kvm-0.10/qemu/curses.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/curses.c
-+++ qemu-kvm-0.10/qemu/curses.c
-@@ -158,7 +158,6 @@ static void curses_cursor_position(Displ
+diff --git a/curses.c b/curses.c
+index d699b5e..434e1cf 100644
+--- a/curses.c
+++ b/curses.c
+@@ -158,7 +158,6 @@ static void curses_cursor_position(DisplayState *ds, int x, int y)
 /* generic keyboard conversion */
 
 #include "curses_keys.h"
@ -52,10 +84,10 @@ Index: qemu-kvm-0.10/qemu/curses.c
         if (!kbd_layout)
             exit(1);
     }
-Index: qemu-kvm-0.10/qemu/curses_keys.h
-===================================================================
--- qemu-kvm-0.10.orig/qemu/curses_keys.h
-+++ qemu-kvm-0.10/qemu/curses_keys.h
+diff --git a/curses_keys.h b/curses_keys.h
+index 0105279..fd25451 100644
+--- a/curses_keys.h
+++ b/curses_keys.h
@@ -21,6 +21,10 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
@ -67,7 +99,7 @@ Index: qemu-kvm-0.10/qemu/curses_keys.h
 #define KEY_RELEASE         0x80
 #define KEY_MASK            0x7f
 #define SHIFT_CODE          0x2a
-@@ -239,11 +243,6 @@ static const int curses2keysym[CURSES_KE
+@@ -239,11 +243,6 @@ static const int curses2keysym[CURSES_KEYS] = {
 
 };
 
@ -79,10 +111,10 @@ Index: qemu-kvm-0.10/qemu/curses_keys.h
 static const name2keysym_t name2keysym[] = {
     /* Plain ASCII */
     { "space", 0x020 },
-Index: qemu-kvm-0.10/qemu/keymaps.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/keymaps.c
-+++ qemu-kvm-0.10/qemu/keymaps.c
+diff --git a/keymaps.c b/keymaps.c
+index 216e378..3b86dc1 100644
+--- a/keymaps.c
+++ b/keymaps.c
@@ -22,34 +22,20 @@
  * THE SOFTWARE.
  */
@ -124,7 +156,7 @@ Index: qemu-kvm-0.10/qemu/keymaps.c
 
 static void add_to_key_range(struct key_range **krp, int code) {
     struct key_range *kr;
-@@ -73,7 +59,8 @@ static void add_to_key_range(struct key_
+@@ -73,7 +59,8 @@ static void add_to_key_range(struct key_range **krp, int code) {
     }
 }
 
@ -134,7 +166,7 @@ Index: qemu-kvm-0.10/qemu/keymaps.c
 					   kbd_layout_t * k)
 {
     FILE *f;
-@@ -102,7 +89,7 @@ static kbd_layout_t *parse_keyboard_layo
+@@ -102,7 +89,7 @@ static kbd_layout_t *parse_keyboard_layout(const char *language,
 	if (!strncmp(line, "map ", 4))
 	    continue;
 	if (!strncmp(line, "include ", 8)) {
@ -143,7 +175,7 @@ Index: qemu-kvm-0.10/qemu/keymaps.c
         } else {
 	    char *end_of_keysym = line;
 	    while (*end_of_keysym != 0 && *end_of_keysym != ' ')
-@@ -110,7 +97,7 @@ static kbd_layout_t *parse_keyboard_layo
+@@ -110,7 +97,7 @@ static kbd_layout_t *parse_keyboard_layout(const char *language,
 	    if (*end_of_keysym) {
 		int keysym;
 		*end_of_keysym = 0;
@ -152,7 +184,7 @@ Index: qemu-kvm-0.10/qemu/keymaps.c
 		if (keysym == 0) {
                     //		    fprintf(stderr, "Warning: unknown keysym %s\n", line);
 		} else {
-@@ -154,12 +141,14 @@ static kbd_layout_t *parse_keyboard_layo
+@@ -154,12 +141,14 @@ static kbd_layout_t *parse_keyboard_layout(const char *language,
     return k;
 }
 
@ -170,7 +202,7 @@ Index: qemu-kvm-0.10/qemu/keymaps.c
 {
     kbd_layout_t *k = kbd_layout;
     if (keysym < MAX_NORMAL_KEYCODE) {
-@@ -180,7 +169,7 @@ static int keysym2scancode(void *kbd_lay
+@@ -180,7 +169,7 @@ static int keysym2scancode(void *kbd_layout, int keysym)
     return 0;
 }
 
@ -179,7 +211,7 @@ Index: qemu-kvm-0.10/qemu/keymaps.c
 {
     kbd_layout_t *k = kbd_layout;
     struct key_range *kr;
-@@ -191,7 +180,7 @@ static inline int keycode_is_keypad(void
+@@ -191,7 +180,7 @@ static inline int keycode_is_keypad(void *kbd_layout, int keycode)
     return 0;
 }
 
@ -188,10 +220,11 @@ Index: qemu-kvm-0.10/qemu/keymaps.c
 {
     kbd_layout_t *k = kbd_layout;
     struct key_range *kr;
-Index: qemu-kvm-0.10/qemu/keymaps.h
-===================================================================
+diff --git a/keymaps.h b/keymaps.h
+new file mode 100644
+index 0000000..17f6efd
 --- /dev/null
-+++ qemu-kvm-0.10/qemu/keymaps.h
+++ b/keymaps.h
@@ -0,0 +1,60 @@
 +/*
 + * QEMU keysym to keycode conversion using rdesktop keymaps
@ -253,10 +286,10 @@ Index: qemu-kvm-0.10/qemu/keymaps.h
 +int keysym_is_numlock(void *kbd_layout, int keysym);
 +
 +#endif /* __QEMU_KEYMAPS_H__ */
-Index: qemu-kvm-0.10/qemu/sdl.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/sdl.c
-+++ qemu-kvm-0.10/qemu/sdl.c
+diff --git a/sdl.c b/sdl.c
+index 95efe8d..8b7a1fe 100644
+--- a/sdl.c
+++ b/sdl.c
@@ -109,7 +109,6 @@ static void sdl_resize(DisplayState *ds)
 /* generic keyboard conversion */
 
@ -265,7 +298,7 @@ Index: qemu-kvm-0.10/qemu/sdl.c
 
 static kbd_layout_t *kbd_layout = NULL;
 
-@@ -677,7 +676,7 @@ void sdl_display_init(DisplayState *ds, 
+@@ -680,7 +679,7 @@ void sdl_display_init(DisplayState *ds, int full_screen, int no_frame)
         keyboard_layout = "en-us";
 #endif
     if(keyboard_layout) {
@ -274,10 +307,10 @@ Index: qemu-kvm-0.10/qemu/sdl.c
         if (!kbd_layout)
             exit(1);
     }
-Index: qemu-kvm-0.10/qemu/sdl_keysym.h
-===================================================================
--- qemu-kvm-0.10.orig/qemu/sdl_keysym.h
-+++ qemu-kvm-0.10/qemu/sdl_keysym.h
+diff --git a/sdl_keysym.h b/sdl_keysym.h
+index c9087d7..c213ef8 100644
+--- a/sdl_keysym.h
+++ b/sdl_keysym.h
@@ -1,7 +1,6 @@
 -typedef struct {
 -	const char* name;
@ -289,10 +322,10 @@ Index: qemu-kvm-0.10/qemu/sdl_keysym.h
 static const name2keysym_t name2keysym[]={
 /* ascii */
     { "space",                0x020},
-Index: qemu-kvm-0.10/qemu/vnc.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.c
-+++ qemu-kvm-0.10/qemu/vnc.c
+diff --git a/vnc.c b/vnc.c
+index 7853635..239a9ce 100644
+--- a/vnc.c
+++ b/vnc.c
@@ -35,7 +35,6 @@
 
 #include "vnc.h"
@ -301,7 +334,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 #include "d3des.h"
 
 #ifdef CONFIG_VNC_TLS
-@@ -2420,9 +2419,9 @@ void vnc_display_init(DisplayState *ds)
+@@ -2483,9 +2482,9 @@ void vnc_display_init(DisplayState *ds)
     vs->ds = ds;
 
     if (keyboard_layout)
@ -313,10 +346,10 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 
     if (!vs->kbd_layout)
 	exit(1);
-Index: qemu-kvm-0.10/qemu/vnc_keysym.h
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc_keysym.h
-+++ qemu-kvm-0.10/qemu/vnc_keysym.h
+diff --git a/vnc_keysym.h b/vnc_keysym.h
+index ce355d8..2d255c9 100644
+--- a/vnc_keysym.h
+++ b/vnc_keysym.h
@@ -1,7 +1,6 @@
 -typedef struct {
 -	const char* name;
@ -328,3 +361,6 @@ Index: qemu-kvm-0.10/qemu/vnc_keysym.h
 static const name2keysym_t name2keysym[]={
 /* ascii */
     { "space",                0x020},
+-- 
+1.6.2.5
+
--- a/04-vnc-struct.patch
+++ b/04-vnc-struct.patch
@ -1,7 +1,27 @@
-Index: qemu-kvm-0.10/qemu/vnc.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.c
-+++ qemu-kvm-0.10/qemu/vnc.c
+From f710ba3ae8fdfa1206d22a3d77884487f9e52477 Mon Sep 17 00:00:00 2001
+From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Fri, 6 Mar 2009 20:27:13 +0000
+Subject: [PATCH] Move VNC structs into header file ("Daniel P. Berrange")
+
+This patch moves the definitions of VncState and VncDisplay structs
+out into a vnc.h header file. This is to allow the code for TLS
+and SASL auth mechanisms to be moved out of the main vnc.c file.
+
+(cherry picked from commit 19a490bfca85165de1acd2d5c3964fb44615746d)
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: 04-vnc-struct.patch
+---
+ vnc.c |  109 +----------------------------------------------
+ vnc.h |  149 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 148 insertions(+), 110 deletions(-)
+
+diff --git a/vnc.c b/vnc.c
+index 239a9ce..4d793ab 100644
+--- a/vnc.c
+++ b/vnc.c
@@ -3,6 +3,7 @@
  *
  * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
@ -37,7 +57,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 // #define _VNC_DEBUG 1
 
 #ifdef _VNC_DEBUG
-@@ -64,103 +56,6 @@ static void vnc_debug_gnutls_log(int lev
+@@ -64,103 +56,6 @@ static void vnc_debug_gnutls_log(int level, const char* str) {
     } \
 }
 
@ -141,10 +161,10 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 
 static VncDisplay *vnc_display; /* needed for info vnc */
 static DisplayChangeListener *dcl;
-Index: qemu-kvm-0.10/qemu/vnc.h
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.h
-+++ qemu-kvm-0.10/qemu/vnc.h
+diff --git a/vnc.h b/vnc.h
+index 6981606..eb33643 100644
+--- a/vnc.h
+++ b/vnc.h
@@ -1,5 +1,148 @@
 -#ifndef __VNCTIGHT_H
 -#define __VNCTIGHT_H
@ -302,3 +322,6 @@ Index: qemu-kvm-0.10/qemu/vnc.h
 
 -#endif /* __VNCTIGHT_H */
 +#endif /* __QEMU_VNC_H */
+-- 
+1.6.2.5
+
--- a/05-vnc-tls-vencrypt.patch
+++ b/05-vnc-tls-vencrypt.patch
@ -1,7 +1,57 @@
-Index: qemu-kvm-0.10/qemu/Makefile
-===================================================================
--- qemu-kvm-0.10.orig/qemu/Makefile
-+++ qemu-kvm-0.10/qemu/Makefile
+From a2f48883d67b606218c98dc4996cbb41d3dc0990 Mon Sep 17 00:00:00 2001
+From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Fri, 6 Mar 2009 20:27:23 +0000
+Subject: [PATCH] Move TLS auth into separate file ("Daniel P. Berrange")
+
+This patch refactors the existing TLS code to make the main VNC code
+more managable. The code moves to two new files
+
+ - vnc-tls.c: generic helpers for TLS handshake & credential setup
+ - vnc-auth-vencrypt.c: the actual VNC TLS authentication mechanism.
+
+The reason for this split is that there are other TLS based auth
+mechanisms which we may like to use in the future. These can all
+share the same vnc-tls.c routines. In addition this will facilitate
+anyone who may want to port the vnc-tls.c file to allow for choice
+of GNUTLS & NSS for impl.
+
+The TLS state is moved out of the VncState struct, and into a separate
+VncStateTLS struct, defined in vnc-tls.h. This is then referenced from
+the main VncState. End size of the struct is the same, but it keeps
+things a little more managable.
+
+The vnc.h file gains a bunch more function prototypes, for functions
+in vnc.c that were previously static, but now need to be accessed
+from the separate auth code files.
+
+The only TLS related code still in the main vl.c is the command line
+argument handling / setup, and the low level I/O routines calling
+gnutls_send/recv.
+
+(cherry picked from commit 5fb6c7a8b26eab1a22207d24b4784bd2b39ab54b)
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: 05-vnc-tls-vencrypt.patch
+---
+ Makefile            |   11 +-
+ vnc-auth-vencrypt.c |  167 +++++++++++++++
+ vnc-auth-vencrypt.h |   33 +++
+ vnc-tls.c           |  414 ++++++++++++++++++++++++++++++++++++
+ vnc-tls.h           |   70 ++++++
+ vnc.c               |  581 ++++-----------------------------------------------
+ vnc.h               |   76 +++++---
+ 7 files changed, 780 insertions(+), 572 deletions(-)
+ create mode 100644 vnc-auth-vencrypt.c
+ create mode 100644 vnc-auth-vencrypt.h
+ create mode 100644 vnc-tls.c
+ create mode 100644 vnc-tls.h
+
+diff --git a/Makefile b/Makefile
+index f74b7eb..680939f 100644
+--- a/Makefile
+++ b/Makefile
@@ -149,6 +149,9 @@ ifdef CONFIG_CURSES
 OBJS+=curses.o
 endif
@ -30,10 +80,11 @@ Index: qemu-kvm-0.10/qemu/Makefile
 curses.o: curses.c keymaps.h curses_keys.h
 
 bt-host.o: CFLAGS += $(CONFIG_BLUEZ_CFLAGS)
-Index: qemu-kvm-0.10/qemu/vnc-auth-vencrypt.c
-===================================================================
+diff --git a/vnc-auth-vencrypt.c b/vnc-auth-vencrypt.c
+new file mode 100644
+index 0000000..1f113a7
 --- /dev/null
-+++ qemu-kvm-0.10/qemu/vnc-auth-vencrypt.c
+++ b/vnc-auth-vencrypt.c
@@ -0,0 +1,167 @@
 +/*
 + * QEMU VNC display driver: VeNCrypt authentication setup
@ -202,10 +253,11 @@ Index: qemu-kvm-0.10/qemu/vnc-auth-vencrypt.c
 +    vnc_read_when(vs, protocol_client_vencrypt_init, 2);
 +}
 +
-Index: qemu-kvm-0.10/qemu/vnc-auth-vencrypt.h
-===================================================================
+diff --git a/vnc-auth-vencrypt.h b/vnc-auth-vencrypt.h
+new file mode 100644
+index 0000000..9f674c5
 --- /dev/null
-+++ qemu-kvm-0.10/qemu/vnc-auth-vencrypt.h
+++ b/vnc-auth-vencrypt.h
@@ -0,0 +1,33 @@
 +/*
 + * QEMU VNC display driver
@ -240,10 +292,11 @@ Index: qemu-kvm-0.10/qemu/vnc-auth-vencrypt.h
 +void start_auth_vencrypt(VncState *vs);
 +
 +#endif /* __QEMU_VNC_AUTH_VENCRYPT_H__ */
-Index: qemu-kvm-0.10/qemu/vnc-tls.c
-===================================================================
+diff --git a/vnc-tls.c b/vnc-tls.c
+new file mode 100644
+index 0000000..666aa07
 --- /dev/null
-+++ qemu-kvm-0.10/qemu/vnc-tls.c
+++ b/vnc-tls.c
@@ -0,0 +1,414 @@
 +/*
 + * QEMU VNC display driver: TLS helpers
@ -659,10 +712,11 @@ Index: qemu-kvm-0.10/qemu/vnc-tls.c
 +    return -1;
 +}
 +
-Index: qemu-kvm-0.10/qemu/vnc-tls.h
-===================================================================
+diff --git a/vnc-tls.h b/vnc-tls.h
+new file mode 100644
+index 0000000..cda95b9
 --- /dev/null
-+++ qemu-kvm-0.10/qemu/vnc-tls.h
+++ b/vnc-tls.h
@@ -0,0 +1,70 @@
 +/*
 + * QEMU VNC display driver. TLS helpers
@ -734,10 +788,10 @@ Index: qemu-kvm-0.10/qemu/vnc-tls.h
 +
 +#endif /* __QEMU_VNC_TLS_H__ */
 +
-Index: qemu-kvm-0.10/qemu/vnc.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.c
-+++ qemu-kvm-0.10/qemu/vnc.c
+diff --git a/vnc.c b/vnc.c
+index 4d793ab..4da5fbb 100644
+--- a/vnc.c
+++ b/vnc.c
@@ -34,21 +34,6 @@
 #include "vnc_keysym.h"
 #include "d3des.h"
@ -760,7 +814,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 #define count_bits(c, v) { \
     for (c = 0; v; v >>= 1) \
     { \
-@@ -204,14 +189,7 @@ static inline uint32_t vnc_has_feature(V
+@@ -204,16 +189,9 @@ static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
    3) resolutions > 1024
 */
 
@ -771,23 +825,25 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 -static void vnc_write_u8(VncState *vs, uint8_t value);
 -static void vnc_flush(VncState *vs);
 static void vnc_update_client(void *opaque);
+ static void vnc_disconnect_start(VncState *vs);
+ static void vnc_disconnect_finish(VncState *vs);
 -static void vnc_client_read(void *opaque);
 
 static void vnc_colordepth(VncState *vs);
 
-@@ -867,10 +845,7 @@ static int vnc_client_io_error(VncState 
-         if (vs->input.buffer) qemu_free(vs->input.buffer);
-         if (vs->output.buffer) qemu_free(vs->output.buffer);
+@@ -894,10 +872,7 @@ static void vnc_disconnect_finish(VncState *vs)
+     if (vs->input.buffer) qemu_free(vs->input.buffer);
+     if (vs->output.buffer) qemu_free(vs->output.buffer);
 #ifdef CONFIG_VNC_TLS
-	if (vs->tls_session) {
-	    gnutls_deinit(vs->tls_session);
-	    vs->tls_session = NULL;
-	}
-+	vnc_tls_client_cleanup(vs);
+-    if (vs->tls_session) {
+-        gnutls_deinit(vs->tls_session);
+-        vs->tls_session = NULL;
+-    }
+    vnc_tls_client_cleanup(vs);
 #endif /* CONFIG_VNC_TLS */
-         audio_del(vs);
+     audio_del(vs);
 
-@@ -896,19 +871,20 @@ static int vnc_client_io_error(VncState 
+@@ -943,20 +918,21 @@ static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
     return ret;
 }
 
@ -795,7 +851,8 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 +
 +void vnc_client_error(VncState *vs)
 {
-     vnc_client_io_error(vs, -1, EINVAL);
+     VNC_DEBUG("Closing down client sock: protocol error\n");
+     vnc_disconnect_start(vs);
 }
 
 -static void vnc_client_write(void *opaque)
@ -812,7 +869,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 	if (ret < 0) {
 	    if (ret == GNUTLS_E_AGAIN)
 		errno = EAGAIN;
-@@ -931,13 +907,13 @@ static void vnc_client_write(void *opaqu
+@@ -979,13 +955,13 @@ static void vnc_client_write(void *opaque)
     }
 }
 
@ -828,7 +885,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 {
     VncState *vs = opaque;
     long ret;
-@@ -945,8 +921,8 @@ static void vnc_client_read(void *opaque
+@@ -993,8 +969,8 @@ static void vnc_client_read(void *opaque)
     buffer_reserve(&vs->input, 4096);
 
 #ifdef CONFIG_VNC_TLS
@ -839,7 +896,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 	if (ret < 0) {
 	    if (ret == GNUTLS_E_AGAIN)
 		errno = EAGAIN;
-@@ -980,7 +956,7 @@ static void vnc_client_read(void *opaque
+@@ -1033,7 +1009,7 @@ static void vnc_client_read(void *opaque)
     }
 }
 
@ -848,7 +905,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 {
     buffer_reserve(&vs->output, len);
 
-@@ -991,12 +967,12 @@ static void vnc_write(VncState *vs, cons
+@@ -1044,12 +1020,12 @@ static void vnc_write(VncState *vs, const void *data, size_t len)
     buffer_append(&vs->output, data, len);
 }
 
@ -863,7 +920,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 {
     uint8_t buf[4];
 
-@@ -1008,7 +984,7 @@ static void vnc_write_u32(VncState *vs, 
+@@ -1061,7 +1037,7 @@ static void vnc_write_u32(VncState *vs, uint32_t value)
     vnc_write(vs, buf, 4);
 }
 
@ -872,7 +929,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 {
     uint8_t buf[2];
 
-@@ -1018,74 +994,39 @@ static void vnc_write_u16(VncState *vs, 
+@@ -1071,74 +1047,39 @@ static void vnc_write_u16(VncState *vs, uint16_t value)
     vnc_write(vs, buf, 2);
 }
 
@ -885,7 +942,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 -static void vnc_flush(VncState *vs)
 +void vnc_flush(VncState *vs)
 {
-     if (vs->output.offset)
+     if (vs->csock != -1 && vs->output.offset)
 	vnc_client_write(vs);
 }
 
@ -953,7 +1010,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
 {
 }
-@@ -1668,6 +1609,11 @@ static int protocol_client_init(VncState
+@@ -1730,6 +1671,11 @@ static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
     return 0;
 }
 
@ -965,7 +1022,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 static void make_challenge(VncState *vs)
 {
     int i;
-@@ -1723,12 +1669,12 @@ static int protocol_client_auth_vnc(VncS
+@@ -1785,12 +1731,12 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
 	vnc_write_u32(vs, 0); /* Accept auth */
 	vnc_flush(vs);
 
@ -980,7 +1037,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 {
     make_challenge(vs);
     /* Send client a 'random' challenge */
-@@ -1736,411 +1682,9 @@ static int start_auth_vnc(VncState *vs)
+@@ -1798,410 +1744,8 @@ static int start_auth_vnc(VncState *vs)
     vnc_flush(vs);
 
     vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
@ -1031,9 +1088,9 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 -    gnutls_anon_set_server_dh_params(anon_cred, dh_params);
 -
 -    return anon_cred;
- }
- 
- 
+-}
+-
+-
 -static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
 -{
 -    gnutls_certificate_credentials_t x509_cred;
@ -1237,8 +1294,8 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 -
 -    VNC_DEBUG("Handshake IO continue\n");
 -    vnc_continue_handshake(vs);
-}
-
+ }
+ 
 -#define NEED_X509_AUTH(vs)			      \
 -    ((vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509NONE ||   \
 -     (vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509VNC ||    \
@ -1388,11 +1445,10 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 -    return 0;
 -}
 -#endif /* CONFIG_VNC_TLS */
-
+ 
 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
 {
-     /* We only advertise 1 auth scheme at a time, so client
-@@ -2163,17 +1707,19 @@ static int protocol_client_auth(VncState
+@@ -2225,17 +1769,19 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
                vnc_write_u32(vs, 0); /* Accept auth completion */
                vnc_flush(vs);
            }
@ -1415,7 +1471,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 #endif /* CONFIG_VNC_TLS */
 
        default: /* Should not be possible, but just in case */
-@@ -2226,7 +1772,7 @@ static int protocol_version(VncState *vs
+@@ -2288,7 +1834,7 @@ static int protocol_version(VncState *vs, uint8_t *version, size_t len)
             VNC_DEBUG("Tell client auth none\n");
             vnc_write_u32(vs, vs->vd->auth);
             vnc_flush(vs);
@ -1424,7 +1480,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
        } else if (vs->vd->auth == VNC_AUTH_VNC) {
             VNC_DEBUG("Tell client VNC auth\n");
             vnc_write_u32(vs, vs->vd->auth);
-@@ -2328,61 +1874,6 @@ void vnc_display_init(DisplayState *ds)
+@@ -2391,61 +1937,6 @@ void vnc_display_init(DisplayState *ds)
     register_displaychangelistener(ds, dcl);
 }
 
@ -1486,7 +1542,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 
 void vnc_display_close(DisplayState *ds)
 {
-@@ -2402,7 +1893,7 @@ void vnc_display_close(DisplayState *ds)
+@@ -2465,7 +1956,7 @@ void vnc_display_close(DisplayState *ds)
     vs->auth = VNC_AUTH_INVALID;
 #ifdef CONFIG_VNC_TLS
     vs->subauth = VNC_AUTH_INVALID;
@ -1495,7 +1551,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 #endif
 }
 
-@@ -2458,7 +1949,7 @@ int vnc_display_open(DisplayState *ds, c
+@@ -2521,7 +2012,7 @@ int vnc_display_open(DisplayState *ds, const char *display)
 	    char *start, *end;
 	    x509 = 1; /* Require x509 certificates */
 	    if (strncmp(options, "x509verify", 10) == 0)
@ -1504,7 +1560,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 
 	    /* Now check for 'x509=/some/path' postfix
 	     * and use that to setup x509 certificate/key paths */
-@@ -2469,7 +1960,7 @@ int vnc_display_open(DisplayState *ds, c
+@@ -2532,7 +2023,7 @@ int vnc_display_open(DisplayState *ds, const char *display)
 		char *path = qemu_strndup(start + 1, len);
 
 		VNC_DEBUG("Trying certificate path '%s'\n", path);
@ -1513,10 +1569,10 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 		    fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
 		    qemu_free(path);
 		    qemu_free(vs->display);
-Index: qemu-kvm-0.10/qemu/vnc.h
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.h
-+++ qemu-kvm-0.10/qemu/vnc.h
+diff --git a/vnc.h b/vnc.h
+index eb33643..d69b295 100644
+--- a/vnc.h
+++ b/vnc.h
@@ -32,13 +32,16 @@
 #include "audio/audio.h"
 #include <zlib.h>
@ -1539,7 +1595,7 @@ Index: qemu-kvm-0.10/qemu/vnc.h
 /*****************************************************************************
  *
  * Core data structures
-@@ -72,6 +75,11 @@ typedef void VncSendHextileTile(VncState
+@@ -72,6 +75,11 @@ typedef void VncSendHextileTile(VncState *vs,
 
 typedef struct VncDisplay VncDisplay;
 
@ -1642,3 +1698,6 @@ Index: qemu-kvm-0.10/qemu/vnc.h
 +void start_auth_vnc(VncState *vs);
 +
 #endif /* __QEMU_VNC_H */
+-- 
+1.6.2.5
+
--- a/06-vnc-sasl.patch
+++ b/06-vnc-sasl.patch
@ -1,7 +1,95 @@
-Index: qemu-kvm-0.10/qemu/Makefile
-===================================================================
--- qemu-kvm-0.10.orig/qemu/Makefile
-+++ qemu-kvm-0.10/qemu/Makefile
+From 655a2c8e445a6992bf483de3ba326306b8bf951f Mon Sep 17 00:00:00 2001
+From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Fri, 6 Mar 2009 20:27:28 +0000
+Subject: [PATCH] Add SASL authentication support ("Daniel P. Berrange")
+
+This patch adds the new SASL authentication protocol to the VNC server.
+
+It is enabled by setting the 'sasl' flag when launching VNC. SASL can
+optionally provide encryption via its SSF layer, if a suitable mechanism
+is configured (eg, GSSAPI/Kerberos, or Digest-MD5).  If an SSF layer is
+not available, then it should be combined with the x509 VNC authentication
+protocol which provides encryption.
+
+eg, if using GSSAPI
+
+   qemu -vnc localhost:1,sasl
+
+eg if using  TLS/x509 for encryption
+
+   qemu -vnc localhost:1,sasl,tls,x509
+
+By default the Cyrus SASL library will look for its configuration in
+the file /etc/sasl2/qemu.conf.  For non-root users, this can be overridden
+by setting the SASL_CONF_PATH environment variable, eg to make it look in
+$HOME/.sasl2.  NB unprivileged users may not have access to the full range
+of SASL mechanisms, since some of them require some administrative privileges
+to configure. The patch includes an example SASL configuration file which
+illustrates config for GSSAPI and Digest-MD5, though it should be noted that
+the latter is not really considered secure any more.
+
+Most of the SASL authentication code is located in a separate source file,
+vnc-auth-sasl.c.  The main vnc.c file only contains minimal integration
+glue, specifically parsing of command line flags / setup, and calls to
+start the SASL auth process, to do encoding/decoding for data.
+
+There are several possible stacks for reading & writing of data, depending
+on the combo of VNC authentication methods in use
+
+ - Clear.    read/write straight to socket
+ - TLS.      read/write via GNUTLS helpers
+ - SASL.     encode/decode via SASL SSF layer, then read/write to socket
+ - SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
+
+Hence, the vnc_client_read & vnc_client_write methods have been refactored
+a little.
+
+   vnc_client_read:  main entry point for reading, calls either
+
+       - vnc_client_read_plain   reading, with no intermediate decoding
+       - vnc_client_read_sasl    reading, with SASL SSF decoding
+
+   These two methods, then call vnc_client_read_buf(). This decides
+   whether to write to the socket directly or write via GNUTLS.
+
+The situation is the same for writing data. More extensive comments
+have been added in the code / patch. The vnc_client_read_sasl and
+vnc_client_write_sasl method implementations live in the separate
+vnc-auth-sasl.c file.
+
+The state required for the SASL auth mechanism is kept in a separate
+VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
+main VncState.
+
+The configure script probes for SASL and automatically enables it
+if found, unless --disable-vnc-sasl was given to override it.
+
+(cherry picked from commit 2f9606b3736c3be4dbd606c46525c7b770ced119)
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: 06-vnc-sasl.patch
+---
+ Makefile            |    7 +-
+ Makefile.target     |    5 +
+ configure           |   34 +++
+ qemu-doc.texi       |   97 ++++++++
+ qemu.sasl           |   34 +++
+ vnc-auth-sasl.c     |  626 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ vnc-auth-sasl.h     |   67 ++++++
+ vnc-auth-vencrypt.c |   12 +-
+ vnc.c               |  248 ++++++++++++++++++---
+ vnc.h               |   31 +++-
+ 10 files changed, 1128 insertions(+), 33 deletions(-)
+ create mode 100644 qemu.sasl
+ create mode 100644 vnc-auth-sasl.c
+ create mode 100644 vnc-auth-sasl.h
+
+diff --git a/Makefile b/Makefile
+index 680939f..13ae73d 100644
+--- a/Makefile
+++ b/Makefile
@@ -152,6 +152,9 @@ OBJS+=vnc.o d3des.o
 ifdef CONFIG_VNC_TLS
 OBJS+=vnc-tls.o vnc-auth-vencrypt.o
@ -30,10 +118,10 @@ Index: qemu-kvm-0.10/qemu/Makefile
 curses.o: curses.c keymaps.h curses_keys.h
 
 bt-host.o: CFLAGS += $(CONFIG_BLUEZ_CFLAGS)
-Index: qemu-kvm-0.10/qemu/Makefile.target
-===================================================================
--- qemu-kvm-0.10.orig/qemu/Makefile.target
-+++ qemu-kvm-0.10/qemu/Makefile.target
+diff --git a/Makefile.target b/Makefile.target
+index a8b198c..e2e23bf 100644
+--- a/Makefile.target
+++ b/Makefile.target
@@ -613,6 +613,11 @@ CPPFLAGS += $(CONFIG_VNC_TLS_CFLAGS)
 LIBS += $(CONFIG_VNC_TLS_LIBS)
 endif
@ -46,11 +134,11 @@ Index: qemu-kvm-0.10/qemu/Makefile.target
 ifdef CONFIG_BLUEZ
 LIBS += $(CONFIG_BLUEZ_LIBS)
 endif
-Index: qemu-kvm-0.10/qemu/configure
-===================================================================
--- qemu-kvm-0.10.orig/qemu/configure
-+++ qemu-kvm-0.10/qemu/configure
-@@ -164,6 +164,7 @@ fmod_lib=""
+diff --git a/configure b/configure
+index 23ac0ef..e3522f2 100755
+--- a/configure
+++ b/configure
+@@ -175,6 +175,7 @@ fmod_lib=""
 fmod_inc=""
 oss_lib=""
 vnc_tls="yes"
@ -58,7 +146,7 @@ Index: qemu-kvm-0.10/qemu/configure
 bsd="no"
 linux="no"
 solaris="no"
-@@ -404,6 +405,8 @@ for opt do
+@@ -417,6 +418,8 @@ for opt do
   ;;
   --disable-vnc-tls) vnc_tls="no"
   ;;
@ -67,7 +155,7 @@ Index: qemu-kvm-0.10/qemu/configure
   --disable-slirp) slirp="no"
   ;;
   --disable-vde) vde="no"
-@@ -563,6 +566,7 @@ echo "                           Availab
+@@ -578,6 +581,7 @@ echo "                           Available cards: $audio_possible_cards"
 echo "  --enable-mixemu          enable mixer emulation"
 echo "  --disable-brlapi         disable BrlAPI"
 echo "  --disable-vnc-tls        disable TLS encryption for VNC server"
@ -75,7 +163,7 @@ Index: qemu-kvm-0.10/qemu/configure
 echo "  --disable-curses         disable curses output"
 echo "  --disable-bluez          disable bluez stack connectivity"
 echo "  --disable-kvm            disable KVM acceleration support"
-@@ -890,6 +894,25 @@ EOF
+@@ -919,6 +923,25 @@ EOF
 fi
 
 ##########################################
@ -101,7 +189,7 @@ Index: qemu-kvm-0.10/qemu/configure
 # vde libraries probe
 if test "$vde" = "yes" ; then
   cat > $TMPC << EOF
-@@ -1224,6 +1247,11 @@ if test "$vnc_tls" = "yes" ; then
+@@ -1240,6 +1263,11 @@ if test "$vnc_tls" = "yes" ; then
     echo "    TLS CFLAGS    $vnc_tls_cflags"
     echo "    TLS LIBS      $vnc_tls_libs"
 fi
@ -113,7 +201,7 @@ Index: qemu-kvm-0.10/qemu/configure
 if test -n "$sparc_cpu"; then
     echo "Target Sparc Arch $sparc_cpu"
 fi
-@@ -1467,6 +1495,12 @@ if test "$vnc_tls" = "yes" ; then
+@@ -1483,6 +1511,12 @@ if test "$vnc_tls" = "yes" ; then
   echo "CONFIG_VNC_TLS_LIBS=$vnc_tls_libs" >> $config_mak
   echo "#define CONFIG_VNC_TLS 1" >> $config_h
 fi
@ -126,11 +214,11 @@ Index: qemu-kvm-0.10/qemu/configure
 qemu_version=`head $source_path/VERSION`
 echo "VERSION=$qemu_version" >>$config_mak
 echo "#define QEMU_VERSION \"$qemu_version\"" >> $config_h
-Index: qemu-kvm-0.10/qemu/qemu-doc.texi
-===================================================================
--- qemu-kvm-0.10.orig/qemu/qemu-doc.texi
-+++ qemu-kvm-0.10/qemu/qemu-doc.texi
-@@ -624,6 +624,21 @@ path following this option specifies whe
+diff --git a/qemu-doc.texi b/qemu-doc.texi
+index 1cb3318..3ba727e 100644
+--- a/qemu-doc.texi
+++ b/qemu-doc.texi
+@@ -624,6 +624,21 @@ path following this option specifies where the x509 certificates are to
 be loaded from. See the @ref{vnc_security} section for details on generating
 certificates.
 
@ -152,7 +240,7 @@ Index: qemu-kvm-0.10/qemu/qemu-doc.texi
 @end table
 
 @end table
-@@ -2069,7 +2084,10 @@ considerations depending on the deployme
+@@ -2069,7 +2084,10 @@ considerations depending on the deployment scenarios.
 * vnc_sec_certificate::
 * vnc_sec_certificate_verify::
 * vnc_sec_certificate_pw::
@ -256,10 +344,11 @@ Index: qemu-kvm-0.10/qemu/qemu-doc.texi
 @node gdb_usage
 @section GDB usage
 
-Index: qemu-kvm-0.10/qemu/qemu.sasl
-===================================================================
+diff --git a/qemu.sasl b/qemu.sasl
+new file mode 100644
+index 0000000..cf19cf8
 --- /dev/null
-+++ qemu-kvm-0.10/qemu/qemu.sasl
+++ b/qemu.sasl
@@ -0,0 +1,34 @@
 +# If you want to use the non-TLS socket, then you *must* include
 +# the GSSAPI or DIGEST-MD5 mechanisms, because they are the only
@ -295,10 +384,11 @@ Index: qemu-kvm-0.10/qemu/qemu.sasl
 +
 +auxprop_plugin: sasldb
 +
-Index: qemu-kvm-0.10/qemu/vnc-auth-sasl.c
-===================================================================
+diff --git a/vnc-auth-sasl.c b/vnc-auth-sasl.c
+new file mode 100644
+index 0000000..2882a35
 --- /dev/null
-+++ qemu-kvm-0.10/qemu/vnc-auth-sasl.c
+++ b/vnc-auth-sasl.c
@@ -0,0 +1,626 @@
 +/*
 + * QEMU VNC display driver: SASL auth protocol
@ -926,10 +1016,11 @@ Index: qemu-kvm-0.10/qemu/vnc-auth-sasl.c
 +}
 +
 +
-Index: qemu-kvm-0.10/qemu/vnc-auth-sasl.h
-===================================================================
+diff --git a/vnc-auth-sasl.h b/vnc-auth-sasl.h
+new file mode 100644
+index 0000000..a72973a
 --- /dev/null
-+++ qemu-kvm-0.10/qemu/vnc-auth-sasl.h
+++ b/vnc-auth-sasl.h
@@ -0,0 +1,67 @@
 +/*
 + * QEMU VNC display driver: SASL auth protocol
@ -998,11 +1089,11 @@ Index: qemu-kvm-0.10/qemu/vnc-auth-sasl.h
 +
 +#endif /* __QEMU_VNC_AUTH_SASL_H__ */
 +
-Index: qemu-kvm-0.10/qemu/vnc-auth-vencrypt.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc-auth-vencrypt.c
-+++ qemu-kvm-0.10/qemu/vnc-auth-vencrypt.c
-@@ -43,8 +43,15 @@ static void start_auth_vencrypt_subauth(
+diff --git a/vnc-auth-vencrypt.c b/vnc-auth-vencrypt.c
+index 1f113a7..9ed642c 100644
+--- a/vnc-auth-vencrypt.c
+++ b/vnc-auth-vencrypt.c
+@@ -43,8 +43,15 @@ static void start_auth_vencrypt_subauth(VncState *vs)
        start_auth_vnc(vs);
        break;
 
@ -1019,7 +1110,7 @@ Index: qemu-kvm-0.10/qemu/vnc-auth-vencrypt.c
        vnc_write_u8(vs, 1);
        if (vs->minor >= 8) {
            static const char err[] = "Unsupported authentication type";
-@@ -105,7 +112,8 @@ static void vnc_tls_handshake_io(void *o
+@@ -105,7 +112,8 @@ static void vnc_tls_handshake_io(void *opaque) {
 #define NEED_X509_AUTH(vs)			      \
     ((vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509NONE ||   \
      (vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509VNC ||    \
@ -1029,11 +1120,11 @@ Index: qemu-kvm-0.10/qemu/vnc-auth-vencrypt.c
 
 
 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
-Index: qemu-kvm-0.10/qemu/vnc.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.c
-+++ qemu-kvm-0.10/qemu/vnc.c
-@@ -68,7 +68,8 @@ static char *addr_to_string(const char *
+diff --git a/vnc.c b/vnc.c
+index 4da5fbb..0b62000 100644
+--- a/vnc.c
+++ b/vnc.c
+@@ -68,7 +68,8 @@ static char *addr_to_string(const char *format,
     return addr;
 }
 
@ -1043,7 +1134,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
     struct sockaddr_storage sa;
     socklen_t salen;
 
-@@ -79,7 +80,8 @@ static char *vnc_socket_local_addr(const
+@@ -79,7 +80,8 @@ static char *vnc_socket_local_addr(const char *format, int fd) {
     return addr_to_string(format, &sa, salen);
 }
 
@ -1053,7 +1144,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
     struct sockaddr_storage sa;
     socklen_t salen;
 
-@@ -125,12 +127,18 @@ static const char *vnc_auth_name(VncDisp
+@@ -125,12 +127,18 @@ static const char *vnc_auth_name(VncDisplay *vd) {
 	    return "vencrypt+x509+vnc";
 	case VNC_AUTH_VENCRYPT_X509PLAIN:
 	    return "vencrypt+x509+plain";
@ -1072,7 +1163,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
     }
     return "unknown";
 }
-@@ -278,7 +286,7 @@ static void vnc_framebuffer_update(VncSt
+@@ -280,7 +288,7 @@ static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
     vnc_write_s32(vs, encoding);
 }
 
@ -1081,7 +1172,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 {
     if ((buffer->capacity - buffer->offset) < len) {
 	buffer->capacity += (len + 1024);
-@@ -290,22 +298,22 @@ static void buffer_reserve(Buffer *buffe
+@@ -292,22 +300,22 @@ static void buffer_reserve(Buffer *buffer, size_t len)
     }
 }
 
@ -1108,28 +1199,27 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 {
     memcpy(buffer->buffer + buffer->offset, data, len);
     buffer->offset += len;
-@@ -821,7 +829,8 @@ static void audio_del(VncState *vs)
-     }
+@@ -874,6 +882,9 @@ static void vnc_disconnect_finish(VncState *vs)
+ #ifdef CONFIG_VNC_TLS
+     vnc_tls_client_cleanup(vs);
+ #endif /* CONFIG_VNC_TLS */
+#ifdef CONFIG_VNC_SASL
+    vnc_sasl_client_cleanup(vs);
+#endif /* CONFIG_VNC_SASL */
+     audio_del(vs);
+ 
+     VncState *p, *parent = NULL;
+@@ -894,7 +905,7 @@ static void vnc_disconnect_finish(VncState *vs)
+     qemu_free(vs);
 }
 
 -static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
-+
 +int vnc_client_io_error(VncState *vs, int ret, int last_errno)
 {
     if (ret == 0 || ret == -1) {
         if (ret == -1) {
-@@ -847,6 +856,9 @@ static int vnc_client_io_error(VncState 
- #ifdef CONFIG_VNC_TLS
- 	vnc_tls_client_cleanup(vs);
- #endif /* CONFIG_VNC_TLS */
-+#ifdef CONFIG_VNC_SASL
-+        vnc_sasl_client_cleanup(vs);
-+#endif /* CONFIG_VNC_SASL */
-         audio_del(vs);
- 
-         VncState *p, *parent = NULL;
-@@ -877,14 +889,28 @@ void vnc_client_error(VncState *vs)
-     vnc_client_io_error(vs, -1, EINVAL);
+@@ -925,14 +936,28 @@ void vnc_client_error(VncState *vs)
+     vnc_disconnect_start(vs);
 }
 
 -void vnc_client_write(void *opaque)
@ -1161,7 +1251,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 	if (ret < 0) {
 	    if (ret == GNUTLS_E_AGAIN)
 		errno = EAGAIN;
-@@ -894,10 +920,42 @@ void vnc_client_write(void *opaque)
+@@ -942,10 +967,42 @@ void vnc_client_write(void *opaque)
 	}
     } else
 #endif /* CONFIG_VNC_TLS */
@ -1207,7 +1297,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 
     memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
     vs->output.offset -= ret;
-@@ -905,6 +963,29 @@ void vnc_client_write(void *opaque)
+@@ -953,6 +1010,29 @@ void vnc_client_write(void *opaque)
     if (vs->output.offset == 0) {
 	qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
     }
@ -1237,7 +1327,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 }
 
 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
-@@ -913,16 +994,28 @@ void vnc_read_when(VncState *vs, VncRead
+@@ -961,16 +1041,28 @@ void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
     vs->read_handler_expect = expecting;
 }
 
@ -1272,19 +1362,17 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 	if (ret < 0) {
 	    if (ret == GNUTLS_E_AGAIN)
 		errno = EAGAIN;
-@@ -932,12 +1025,52 @@ void vnc_client_read(void *opaque)
+@@ -980,16 +1072,56 @@ void vnc_client_read(void *opaque)
 	}
     } else
 #endif /* CONFIG_VNC_TLS */
 -	ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
 -    ret = vnc_client_io_error(vs, ret, socket_error());
-    if (!ret)
-	return;
 +	ret = recv(vs->csock, data, datalen, 0);
 +    VNC_DEBUG("Read wire %p %d -> %ld\n", data, datalen, ret);
 +    return vnc_client_io_error(vs, ret, socket_error());
 +}
- 
+
 +
 +/*
 + * Called to read data from the client socket to the input buffer,
@ -1303,7 +1391,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 +    ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
 +    if (!ret)
 +        return 0;
-     vs->input.offset += ret;
+    vs->input.offset += ret;
 +    return ret;
 +}
 +
@ -1324,12 +1412,18 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 +    else
 +#endif /* CONFIG_VNC_SASL */
 +        ret = vnc_client_read_plain(vs);
-+    if (!ret)
-+	return;
+     if (!ret) {
+         if (vs->csock == -1)
+             vnc_disconnect_finish(vs);
+ 	return;
+     }
 
+-    vs->input.offset += ret;
+-
     while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
 	size_t len = vs->read_handler_expect;
-@@ -1722,6 +1855,13 @@ static int protocol_client_auth(VncState
+ 	int ret;
+@@ -1784,6 +1916,13 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
            break;
 #endif /* CONFIG_VNC_TLS */
 
@ -1343,7 +1437,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
        default: /* Should not be possible, but just in case */
            VNC_DEBUG("Reject auth %d\n", vs->vd->auth);
            vnc_write_u8(vs, 1);
-@@ -1923,6 +2063,10 @@ int vnc_display_open(DisplayState *ds, c
+@@ -1986,6 +2125,10 @@ int vnc_display_open(DisplayState *ds, const char *display)
 #ifdef CONFIG_VNC_TLS
     int tls = 0, x509 = 0;
 #endif
@ -1354,7 +1448,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 
     if (!vnc_display)
         return -1;
-@@ -1942,6 +2086,10 @@ int vnc_display_open(DisplayState *ds, c
+@@ -2005,6 +2148,10 @@ int vnc_display_open(DisplayState *ds, const char *display)
 	    reverse = 1;
 	} else if (strncmp(options, "to=", 3) == 0) {
             to_port = atoi(options+3) + 5900;
@ -1365,7 +1459,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 #ifdef CONFIG_VNC_TLS
 	} else if (strncmp(options, "tls", 3) == 0) {
 	    tls = 1; /* Require TLS */
-@@ -1978,6 +2126,22 @@ int vnc_display_open(DisplayState *ds, c
+@@ -2041,6 +2188,22 @@ int vnc_display_open(DisplayState *ds, const char *display)
 	}
     }
 
@ -1388,7 +1482,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
     if (password) {
 #ifdef CONFIG_VNC_TLS
 	if (tls) {
-@@ -1990,13 +2154,34 @@ int vnc_display_open(DisplayState *ds, c
+@@ -2053,13 +2216,34 @@ int vnc_display_open(DisplayState *ds, const char *display)
 		vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
 	    }
 	} else {
@ -1425,7 +1519,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
     } else {
 #ifdef CONFIG_VNC_TLS
 	if (tls) {
-@@ -2018,6 +2203,16 @@ int vnc_display_open(DisplayState *ds, c
+@@ -2081,6 +2265,16 @@ int vnc_display_open(DisplayState *ds, const char *display)
 #endif
     }
 
@ -1442,10 +1536,10 @@ Index: qemu-kvm-0.10/qemu/vnc.c
     if (reverse) {
         /* connect to viewer */
         if (strncmp(display, "unix:", 5) == 0)
-Index: qemu-kvm-0.10/qemu/vnc.h
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.h
-+++ qemu-kvm-0.10/qemu/vnc.h
+diff --git a/vnc.h b/vnc.h
+index d69b295..ca39c23 100644
+--- a/vnc.h
+++ b/vnc.h
@@ -79,6 +79,10 @@ typedef struct VncDisplay VncDisplay;
 #include "vnc-tls.h"
 #include "vnc-auth-vencrypt.h"
@ -1501,7 +1595,7 @@ Index: qemu-kvm-0.10/qemu/vnc.h
 
 /* Protocol I/O functions */
 void vnc_write(VncState *vs, const void *data, size_t len);
-@@ -274,8 +285,22 @@ uint32_t read_u32(uint8_t *data, size_t 
+@@ -274,8 +285,22 @@ uint32_t read_u32(uint8_t *data, size_t offset);
 
 /* Protocol stage functions */
 void vnc_client_error(VncState *vs);
@ -1524,3 +1618,6 @@ Index: qemu-kvm-0.10/qemu/vnc.h
 +char *vnc_socket_remote_addr(const char *format, int fd);
 +
 #endif /* __QEMU_VNC_H */
+-- 
+1.6.2.5
+
--- a/07-vnc-monitor-authinfo.patch
+++ b/07-vnc-monitor-authinfo.patch
@ -1,8 +1,47 @@
-Index: qemu-kvm-0.10/qemu/vnc-tls.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc-tls.c
-+++ qemu-kvm-0.10/qemu/vnc-tls.c
-@@ -241,6 +241,22 @@ int vnc_tls_validate_certificate(struct 
+From 54d323707c4e1603795259fc3078f3e4ef9487d2 Mon Sep 17 00:00:00 2001
+From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Fri, 6 Mar 2009 20:27:32 +0000
+Subject: [PATCH] Include auth credentials in 'info vnc' ("Daniel P. Berrange")
+
+This patch extends the 'info vnc' monitor output to include information
+about the VNC client authentication credentials.
+
+For clients authenticated using SASL, this will output the username.
+
+For clients authenticated using x509 certificates, this will output
+the x509 distinguished name.
+
+Auth can be stacked, so both username & x509 dname may be shown.
+
+    Server:
+         address: 0.0.0.0:5902
+            auth: vencrypt+x509+sasl
+    Client:
+         address: 10.33.6.67:38621
+      x509 dname: C=GB,O=ACME,L=London,ST=London,CN=localhost
+        username: admin
+    Client:
+         address: 10.33.6.63:38620
+      x509 dname: C=GB,O=ACME,L=London,ST=London,CN=localhost
+        username: admin
+
+(cherry picked from commit 1263b7d6131cdaed2c460cf03757aaaf5696ec47)
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: 07-vnc-monitor-authinfo.patch
+---
+ vnc-tls.c |   17 +++++++++++++++++
+ vnc-tls.h |    3 +++
+ vnc.c     |   19 +++++++++++++++++--
+ 3 files changed, 37 insertions(+), 2 deletions(-)
+
+diff --git a/vnc-tls.c b/vnc-tls.c
+index 666aa07..a37a0b4 100644
+--- a/vnc-tls.c
+++ b/vnc-tls.c
+@@ -241,6 +241,22 @@ int vnc_tls_validate_certificate(struct VncState *vs)
 	    return -1;
 	}
 
@ -25,7 +64,7 @@ Index: qemu-kvm-0.10/qemu/vnc-tls.c
 	gnutls_x509_crt_deinit (cert);
     }
 
-@@ -347,6 +363,7 @@ void vnc_tls_client_cleanup(struct VncSt
+@@ -347,6 +363,7 @@ void vnc_tls_client_cleanup(struct VncState *vs)
 	vs->tls.session = NULL;
     }
     vs->tls.wiremode = VNC_WIREMODE_CLEAR;
@ -33,10 +72,10 @@ Index: qemu-kvm-0.10/qemu/vnc-tls.c
 }
 
 
-Index: qemu-kvm-0.10/qemu/vnc-tls.h
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc-tls.h
-+++ qemu-kvm-0.10/qemu/vnc-tls.h
+diff --git a/vnc-tls.h b/vnc-tls.h
+index cda95b9..fd0a2d9 100644
+--- a/vnc-tls.h
+++ b/vnc-tls.h
@@ -55,6 +55,9 @@ struct VncStateTLS {
     /* Whether data is being TLS encrypted yet */
     int wiremode;
@ -47,11 +86,11 @@ Index: qemu-kvm-0.10/qemu/vnc-tls.h
 };
 
 int vnc_tls_client_setup(VncState *vs, int x509Creds);
-Index: qemu-kvm-0.10/qemu/vnc.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.c
-+++ qemu-kvm-0.10/qemu/vnc.c
-@@ -156,6 +156,21 @@ static void do_info_vnc_client(VncState 
+diff --git a/vnc.c b/vnc.c
+index 0b62000..de7b3b4 100644
+--- a/vnc.c
+++ b/vnc.c
+@@ -156,6 +156,21 @@ static void do_info_vnc_client(VncState *client)
     term_puts("Client:\n");
     term_puts(clientAddr);
     free(clientAddr);
@ -73,7 +112,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 }
 
 void do_info_vnc(void)
-@@ -1823,7 +1838,7 @@ static int protocol_client_auth(VncState
+@@ -1884,7 +1899,7 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
     /* We only advertise 1 auth scheme at a time, so client
      * must pick the one we sent. Verify this */
     if (data[0] != vs->vd->auth) { /* Reject auth */
@ -82,7 +121,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
        vnc_write_u32(vs, 1);
        if (vs->minor >= 8) {
            static const char err[] = "Authentication failed";
-@@ -1863,7 +1878,7 @@ static int protocol_client_auth(VncState
+@@ -1924,7 +1939,7 @@ static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
 #endif /* CONFIG_VNC_SASL */
 
        default: /* Should not be possible, but just in case */
@ -91,3 +130,6 @@ Index: qemu-kvm-0.10/qemu/vnc.c
            vnc_write_u8(vs, 1);
            if (vs->minor >= 8) {
                static const char err[] = "Authentication failed";
+-- 
+1.6.2.5
+
--- a/08-vnc-acl-mgmt.patch
+++ b/08-vnc-acl-mgmt.patch
@ -1,7 +1,97 @@
-Index: qemu-kvm-0.10/qemu/Makefile
-===================================================================
--- qemu-kvm-0.10.orig/qemu/Makefile
-+++ qemu-kvm-0.10/qemu/Makefile
+From e71cbebb569fa3d9b285a03a72802609b43bd6e9 Mon Sep 17 00:00:00 2001
+From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Fri, 6 Mar 2009 20:27:37 +0000
+Subject: [PATCH] Support ACLs for controlling VNC access ("Daniel P. Berrange")
+
+This patch introduces a generic internal API for access control lists
+to be used by network servers in QEMU. It adds support for checking
+these ACL in the VNC server, in two places. The first ACL is for the
+SASL authentication mechanism, checking the SASL username. This ACL
+is called 'vnc.username'. The second is for the TLS authentication
+mechanism, when x509 client certificates are turned on, checking against
+the Distinguished Name of the client. This ACL is called 'vnc.x509dname'
+
+The internal API provides for an ACL with the following characteristics
+
+ - A unique name, eg  vnc.username, and vnc.x509dname.
+ - A default policy, allow or deny
+ - An ordered series of match rules, with allow or deny policy
+
+If none of the match rules apply, then the default policy is
+used.
+
+There is a monitor API to manipulate the ACLs, which I'll describe via
+examples
+
+  (qemu) acl show vnc.username
+  policy: allow
+  (qemu) acl policy vnc.username denya
+  acl: policy set to 'deny'
+  (qemu) acl allow vnc.username fred
+  acl: added rule at position 1
+  (qemu) acl allow vnc.username bob
+  acl: added rule at position 2
+  (qemu) acl allow vnc.username joe 1
+  acl: added rule at position 1
+  (qemu) acl show vnc.username
+  policy: deny
+  0: allow fred
+  1: allow joe
+  2: allow bob
+
+  (qemu) acl show vnc.x509dname
+  policy: allow
+  (qemu) acl policy vnc.x509dname deny
+  acl: policy set to 'deny'
+  (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=London,CN=*
+  acl: added rule at position 1
+  (qemu) acl allow vnc.x509dname C=GB,O=ACME,L=Boston,CN=bob
+  acl: added rule at position 2
+  (qemu) acl show vnc.x509dname
+  policy: deny
+  0: allow C=GB,O=ACME,L=London,CN=*
+  1: allow C=GB,O=ACME,L=Boston,CN=bob
+
+By default the VNC server will not use any ACLs, allowing access to
+the server if the user successfully authenticates. To enable use of
+ACLs to restrict user access, the ',acl' flag should be given when
+starting QEMU. The initial ACL activated will be a 'deny all' policy
+and should be customized using monitor commands.
+
+eg enable SASL auth and ACLs
+
+    qemu ....  -vnc localhost:1,sasl,acl
+
+The next patch will provide a way to load a pre-defined ACL when
+starting up
+
+(cherry picked from commit 76655d6dece88bd00e190956e8e4285b682edcbb)
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: 08-vnc-acl-mgmt.patch
+---
+ Makefile        |    6 +-
+ acl.c           |  185 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ acl.h           |   74 ++++++++++++++++++++++
+ configure       |   18 +++++
+ monitor.c       |   96 ++++++++++++++++++++++++++++
+ qemu-doc.texi   |   49 +++++++++++++++
+ vnc-auth-sasl.c |   16 ++++-
+ vnc-auth-sasl.h |    7 ++
+ vnc-tls.c       |   19 ++++++
+ vnc-tls.h       |    3 +
+ vnc.c           |   21 ++++++
+ vnc.h           |    3 +
+ 12 files changed, 492 insertions(+), 5 deletions(-)
+ create mode 100644 acl.c
+ create mode 100644 acl.h
+
+diff --git a/Makefile b/Makefile
+index 13ae73d..fa1afdc 100644
+--- a/Makefile
+++ b/Makefile
@@ -148,7 +148,7 @@ endif
 ifdef CONFIG_CURSES
 OBJS+=curses.o
@ -24,10 +114,11 @@ Index: qemu-kvm-0.10/qemu/Makefile
 
 vnc.o: CFLAGS += $(CONFIG_VNC_TLS_CFLAGS)
 
-Index: qemu-kvm-0.10/qemu/acl.c
-===================================================================
+diff --git a/acl.c b/acl.c
+new file mode 100644
+index 0000000..173bf95
 --- /dev/null
-+++ qemu-kvm-0.10/qemu/acl.c
+++ b/acl.c
@@ -0,0 +1,185 @@
 +/*
 + * QEMU access control list management
@ -214,10 +305,11 @@ Index: qemu-kvm-0.10/qemu/acl.c
 + *  tab-width: 8
 + * End:
 + */
-Index: qemu-kvm-0.10/qemu/acl.h
-===================================================================
+diff --git a/acl.h b/acl.h
+new file mode 100644
+index 0000000..62a5e56
 --- /dev/null
-+++ qemu-kvm-0.10/qemu/acl.h
+++ b/acl.h
@@ -0,0 +1,74 @@
 +/*
 + * QEMU access control list management
@ -293,11 +385,11 @@ Index: qemu-kvm-0.10/qemu/acl.h
 + *  tab-width: 8
 + * End:
 + */
-Index: qemu-kvm-0.10/qemu/configure
-===================================================================
--- qemu-kvm-0.10.orig/qemu/configure
-+++ qemu-kvm-0.10/qemu/configure
-@@ -913,6 +913,21 @@ EOF
+diff --git a/configure b/configure
+index e3522f2..e00893f 100755
+--- a/configure
+++ b/configure
+@@ -942,6 +942,21 @@ EOF
 fi
 
 ##########################################
@ -319,7 +411,7 @@ Index: qemu-kvm-0.10/qemu/configure
 # vde libraries probe
 if test "$vde" = "yes" ; then
   cat > $TMPC << EOF
-@@ -1501,6 +1516,9 @@ if test "$vnc_sasl" = "yes" ; then
+@@ -1517,6 +1532,9 @@ if test "$vnc_sasl" = "yes" ; then
   echo "CONFIG_VNC_SASL_LIBS=$vnc_sasl_libs" >> $config_mak
   echo "#define CONFIG_VNC_SASL 1" >> $config_h
 fi
@ -329,10 +421,10 @@ Index: qemu-kvm-0.10/qemu/configure
 qemu_version=`head $source_path/VERSION`
 echo "VERSION=$qemu_version" >>$config_mak
 echo "#define QEMU_VERSION \"$qemu_version\"" >> $config_h
-Index: qemu-kvm-0.10/qemu/monitor.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/monitor.c
-+++ qemu-kvm-0.10/qemu/monitor.c
+diff --git a/monitor.c b/monitor.c
+index 49091e4..022697c 100644
+--- a/monitor.c
+++ b/monitor.c
@@ -39,6 +39,7 @@
 #include "qemu-timer.h"
 #include "migration.h"
@ -448,7 +540,7 @@ Index: qemu-kvm-0.10/qemu/monitor.c
     { NULL, NULL, },
 };
 
-@@ -2995,3 +3082,12 @@ int monitor_read_bdrv_key(BlockDriverSta
+@@ -2995,3 +3082,12 @@ int monitor_read_bdrv_key(BlockDriverState *bs)
     }
     return -EPERM;
 }
@ -461,11 +553,11 @@ Index: qemu-kvm-0.10/qemu/monitor.c
 + *  tab-width: 8
 + * End:
 + */
-Index: qemu-kvm-0.10/qemu/qemu-doc.texi
-===================================================================
--- qemu-kvm-0.10.orig/qemu/qemu-doc.texi
-+++ qemu-kvm-0.10/qemu/qemu-doc.texi
-@@ -639,6 +639,19 @@ ensures a data encryption preventing com
+diff --git a/qemu-doc.texi b/qemu-doc.texi
+index 3ba727e..0cccddd 100644
+--- a/qemu-doc.texi
+++ b/qemu-doc.texi
+@@ -639,6 +639,19 @@ ensures a data encryption preventing compromise of authentication
 credentials. See the @ref{vnc_security} section for details on using
 SASL authentication.
 
@ -528,11 +620,11 @@ Index: qemu-kvm-0.10/qemu/qemu-doc.texi
 @item screendump @var{filename}
 Save screen into PPM image @var{filename}.
 
-Index: qemu-kvm-0.10/qemu/vnc-auth-sasl.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc-auth-sasl.c
-+++ qemu-kvm-0.10/qemu/vnc-auth-sasl.c
-@@ -120,22 +120,32 @@ static int vnc_auth_sasl_check_access(Vn
+diff --git a/vnc-auth-sasl.c b/vnc-auth-sasl.c
+index 2882a35..4b4aca9 100644
+--- a/vnc-auth-sasl.c
+++ b/vnc-auth-sasl.c
+@@ -120,22 +120,32 @@ static int vnc_auth_sasl_check_access(VncState *vs)
 {
     const void *val;
     int err;
@ -568,10 +660,10 @@ Index: qemu-kvm-0.10/qemu/vnc-auth-sasl.c
 }
 
 static int vnc_auth_sasl_check_ssf(VncState *vs)
-Index: qemu-kvm-0.10/qemu/vnc-auth-sasl.h
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc-auth-sasl.h
-+++ qemu-kvm-0.10/qemu/vnc-auth-sasl.h
+diff --git a/vnc-auth-sasl.h b/vnc-auth-sasl.h
+index a72973a..fd9b18a 100644
+--- a/vnc-auth-sasl.h
+++ b/vnc-auth-sasl.h
@@ -30,6 +30,9 @@
 #include <sasl/sasl.h>
 
@ -593,11 +685,11 @@ Index: qemu-kvm-0.10/qemu/vnc-auth-sasl.h
 void vnc_sasl_client_cleanup(VncState *vs);
 
 long vnc_client_read_sasl(VncState *vs);
-Index: qemu-kvm-0.10/qemu/vnc-tls.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc-tls.c
-+++ qemu-kvm-0.10/qemu/vnc-tls.c
-@@ -255,6 +255,25 @@ int vnc_tls_validate_certificate(struct 
+diff --git a/vnc-tls.c b/vnc-tls.c
+index a37a0b4..2d62ac9 100644
+--- a/vnc-tls.c
+++ b/vnc-tls.c
+@@ -255,6 +255,25 @@ int vnc_tls_validate_certificate(struct VncState *vs)
 			  gnutls_strerror (ret));
 		return -1;
 	    }
@ -623,10 +715,10 @@ Index: qemu-kvm-0.10/qemu/vnc-tls.c
 	}
 
 	gnutls_x509_crt_deinit (cert);
-Index: qemu-kvm-0.10/qemu/vnc-tls.h
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc-tls.h
-+++ qemu-kvm-0.10/qemu/vnc-tls.h
+diff --git a/vnc-tls.h b/vnc-tls.h
+index fd0a2d9..2b93633 100644
+--- a/vnc-tls.h
+++ b/vnc-tls.h
@@ -31,6 +31,8 @@
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
@ -644,10 +736,10 @@ Index: qemu-kvm-0.10/qemu/vnc-tls.h
 
     /* Paths to x509 certs/keys */
     char *x509cacert;
-Index: qemu-kvm-0.10/qemu/vnc.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.c
-+++ qemu-kvm-0.10/qemu/vnc.c
+diff --git a/vnc.c b/vnc.c
+index 9f0e16b..f797878 100644
+--- a/vnc.c
+++ b/vnc.c
@@ -28,6 +28,7 @@
 #include "sysemu.h"
 #include "qemu_socket.h"
@ -656,7 +748,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 
 #define VNC_REFRESH_INTERVAL (1000 / 30)
 
-@@ -2082,6 +2083,7 @@ int vnc_display_open(DisplayState *ds, c
+@@ -2090,6 +2091,7 @@ int vnc_display_open(DisplayState *ds, const char *display)
     int sasl = 0;
     int saslErr;
 #endif
@ -664,7 +756,7 @@ Index: qemu-kvm-0.10/qemu/vnc.c
 
     if (!vnc_display)
         return -1;
-@@ -2138,9 +2140,28 @@ int vnc_display_open(DisplayState *ds, c
+@@ -2146,9 +2148,28 @@ int vnc_display_open(DisplayState *ds, const char *display)
 		return -1;
 	    }
 #endif
@ -693,10 +785,10 @@ Index: qemu-kvm-0.10/qemu/vnc.c
     /*
      * Combinations we support here:
      *
-Index: qemu-kvm-0.10/qemu/vnc.h
-===================================================================
--- qemu-kvm-0.10.orig/qemu/vnc.h
-+++ qemu-kvm-0.10/qemu/vnc.h
+diff --git a/vnc.h b/vnc.h
+index ca39c23..6a60f8d 100644
+--- a/vnc.h
+++ b/vnc.h
@@ -98,6 +98,9 @@ struct VncDisplay
     int subauth; /* Used by VeNCrypt */
     VncDisplayTLS tls;
@ -707,3 +799,6 @@ Index: qemu-kvm-0.10/qemu/vnc.h
 };
 
 struct VncState
+-- 
+1.6.2.5
+
--- a/21
+++ b/21
@ -1,21 +0,0 @@
-# Makefile for source rpm: qemu
-# $Id$
-NAME := qemu
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attept a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)
--- a/kvm-upstream-ppc.patch
+++ b/kvm-upstream-ppc.patch
@ -1,6 +1,6 @@
-From 796d42657fb238cf23a78620051f533662557e2b Mon Sep 17 00:00:00 2001
+From d842e3222f8ce614769d1cf8227bb3b8dbf209bc Mon Sep 17 00:00:00 2001
 From: Glauber Costa <glommer@redhat.com>
-Date: Fri, 13 Feb 2009 13:00:31 -0500
+Date: Wed, 24 Jun 2009 14:22:57 +0100
 Subject: [PATCH] use KVM_UPSTREAM for ppc.

 ppc should compile with upstream qemu code, so, put these
@ -11,17 +11,19 @@ files (like vl.c) that includes both kvm.h and qemu-kvm.h,
 and would break compilation.

 Signed-off-by: Glauber Costa <glommer@redhat.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: kvm-upstream-ppc.patch
 ---
 hw/ppc440.c            |    1 +
 hw/ppc440_bamboo.c     |    1 +
 hw/ppce500_mpc8544ds.c |    1 +
- target-ppc/helper.c    |    2 +-
- 4 files changed, 4 insertions(+), 1 deletion(-)
+ target-ppc/helper.c    |    1 +
+ 4 files changed, 4 insertions(+), 0 deletions(-)

-Index: qemu-kvm-0.10/qemu/hw/ppc440.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/hw/ppc440.c
-+++ qemu-kvm-0.10/qemu/hw/ppc440.c
+diff --git a/hw/ppc440.c b/hw/ppc440.c
+index 00d82e4..164c326 100644
+--- a/hw/ppc440.c
+++ b/hw/ppc440.c
@@ -18,6 +18,7 @@
 #include "ppc440.h"
 #include "ppc405.h"
@ -30,10 +32,10 @@ Index: qemu-kvm-0.10/qemu/hw/ppc440.c
 #include "kvm.h"
 
 #define PPC440EP_PCI_CONFIG     0xeec00000
-Index: qemu-kvm-0.10/qemu/hw/ppc440_bamboo.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/hw/ppc440_bamboo.c
-+++ qemu-kvm-0.10/qemu/hw/ppc440_bamboo.c
+diff --git a/hw/ppc440_bamboo.c b/hw/ppc440_bamboo.c
+index fbd447c..60ddaf4 100644
+--- a/hw/ppc440_bamboo.c
+++ b/hw/ppc440_bamboo.c
@@ -21,6 +21,7 @@
 #include "boards.h"
 #include "sysemu.h"
@ -42,10 +44,10 @@ Index: qemu-kvm-0.10/qemu/hw/ppc440_bamboo.c
 #include "kvm.h"
 #include "kvm_ppc.h"
 #include "device_tree.h"
-Index: qemu-kvm-0.10/qemu/hw/ppce500_mpc8544ds.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/hw/ppce500_mpc8544ds.c
-+++ qemu-kvm-0.10/qemu/hw/ppce500_mpc8544ds.c
+diff --git a/hw/ppce500_mpc8544ds.c b/hw/ppce500_mpc8544ds.c
+index 8fa0383..47e35e6 100644
+--- a/hw/ppce500_mpc8544ds.c
+++ b/hw/ppce500_mpc8544ds.c
@@ -16,6 +16,7 @@
 
 #include <dirent.h>
@ -54,10 +56,10 @@ Index: qemu-kvm-0.10/qemu/hw/ppce500_mpc8544ds.c
 #include "config.h"
 #include "qemu-common.h"
 #include "net.h"
-Index: qemu-kvm-0.10/qemu/target-ppc/helper.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/target-ppc/helper.c
-+++ qemu-kvm-0.10/qemu/target-ppc/helper.c
+diff --git a/target-ppc/helper.c b/target-ppc/helper.c
+index e02dcb0..027c8e7 100644
+--- a/target-ppc/helper.c
+++ b/target-ppc/helper.c
@@ -29,6 +29,7 @@
 #include "exec-all.h"
 #include "helper_regs.h"
@ -66,3 +68,6 @@ Index: qemu-kvm-0.10/qemu/target-ppc/helper.c
 #include "kvm.h"
 
 //#define DEBUG_MMU
+-- 
+1.6.2.5
+
--- a/kvm.modules
+++ b/kvm.modules
@ -1,9 +1,9 @@
 #!/bin/sh

 if [ $(grep -c vmx /proc/cpuinfo) -ne 0 ]; then 
-    modprobe kvm-intel >/dev/null 2>&1
+    modprobe -b kvm-intel >/dev/null 2>&1
 fi

 if [ $(grep -c svm /proc/cpuinfo) -ne 0 ]; then 
-    modprobe kvm-amd >/dev/null 2>&1
+    modprobe -b kvm-amd >/dev/null 2>&1
 fi
--- a/qemu-allow-pulseaudio-to-be-the-default.patch
+++ b/qemu-allow-pulseaudio-to-be-the-default.patch
@ -0,0 +1,37 @@
+From a9459944fec8e338826eedbce844ce5c1c1ff948 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Fri, 4 Sep 2009 11:24:03 +0100
+Subject: [PATCH] Allow pulseaudio backend to be the default
+
+We're seeing various issues with the SDL audio backend and want to
+switch to the pulseaudio backend. See e.g.
+
+  https://bugzilla.redhat.com/495964
+  https://bugzilla.redhat.com/519540
+  https://bugzilla.redhat.com/496627
+
+The pulseaudio backend seems to work well, so we should allow it to be
+selected as the default.
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: qemu-allow-pulseaudio-to-be-the-default.patch
+---
+ audio/paaudio.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/audio/paaudio.c b/audio/paaudio.c
+index ff43bdd..081087a 100644
+--- a/audio/paaudio.c
+++ b/audio/paaudio.c
+@@ -507,7 +507,7 @@ struct audio_driver pa_audio_driver = {
+     INIT_FIELD (init           = ) qpa_audio_init,
+     INIT_FIELD (fini           = ) qpa_audio_fini,
+     INIT_FIELD (pcm_ops        = ) &qpa_pcm_ops,
+-    INIT_FIELD (can_be_default = ) 0,
+    INIT_FIELD (can_be_default = ) 1,
+     INIT_FIELD (max_voices_out = ) INT_MAX,
+     INIT_FIELD (max_voices_in  = ) INT_MAX,
+     INIT_FIELD (voice_size_out = ) sizeof (PAVoiceOut),
+-- 
+1.6.2.5
+
--- a/qemu-avoid-harmless-msr-warnings.patch
+++ b/qemu-avoid-harmless-msr-warnings.patch
@ -0,0 +1,74 @@
+From 319ef9346bb0d1786ca6f77c6510731d7f764ff1 Mon Sep 17 00:00:00 2001
+From: Marcelo Tosatti <mtosatti@redhat.com>
+Date: Wed, 24 Jun 2009 14:38:34 +0100
+Subject: [PATCH 17/18] Avoid harmless unhandled wrmsr 0xc0010117 messages
+
+Olders kernel which don't contain kvm.git commit
+61a6bd672bda3b9468bf5895c1be085c4e481138 display the following message:
+
+kvm: 32301: cpu0 unhandled wrmsr: 0xc0010117 data 0
+
+When kvm_arch_load_regs is called. This is confusing in bug reports.
+
+Avoid it by checking whether the host advertises the MSR, similarly to
+how MSR_STAR is handled.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+---
+ qemu-kvm-x86.c |   15 +++++++++++----
+ 1 files changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/qemu-kvm-x86.c b/qemu-kvm-x86.c
+index 838ae18..8e0f0b2 100644
+--- a/qemu-kvm-x86.c
+++ b/qemu-kvm-x86.c
+@@ -25,6 +25,7 @@
+ static struct kvm_msr_list *kvm_msr_list;
+ extern unsigned int kvm_shadow_memory;
+ static int kvm_has_msr_star;
+static int kvm_has_vm_hsave_pa;
+ 
+ static int lm_capable_kernel;
+ 
+@@ -54,10 +55,14 @@ int kvm_arch_qemu_create_context(void)
+     kvm_msr_list = kvm_get_msr_list(kvm_context);
+     if (!kvm_msr_list)
+ 		return -1;
+-    for (i = 0; i < kvm_msr_list->nmsrs; ++i)
+    for (i = 0; i < kvm_msr_list->nmsrs; ++i) {
+ 	if (kvm_msr_list->indices[i] == MSR_STAR)
+ 	    kvm_has_msr_star = 1;
+-	return 0;
+        if (kvm_msr_list->indices[i] == MSR_VM_HSAVE_PA)
+            kvm_has_vm_hsave_pa = 1;
+    }
+
+    return 0;
+ }
+ 
+ static void set_msr_entry(struct kvm_msr_entry *entry, uint32_t index,
+@@ -260,7 +265,8 @@ void kvm_arch_load_regs(CPUState *env)
+     set_msr_entry(&msrs[n++], MSR_IA32_SYSENTER_EIP, env->sysenter_eip);
+     if (kvm_has_msr_star)
+ 	set_msr_entry(&msrs[n++], MSR_STAR,              env->star);
+-    set_msr_entry(&msrs[n++], MSR_VM_HSAVE_PA, env->vm_hsave);
+    if (kvm_has_vm_hsave_pa)
+        set_msr_entry(&msrs[n++], MSR_VM_HSAVE_PA, env->vm_hsave);
+ #ifdef TARGET_X86_64
+     if (lm_capable_kernel) {
+         set_msr_entry(&msrs[n++], MSR_CSTAR,             env->cstar);
+@@ -435,7 +441,8 @@ void kvm_arch_save_regs(CPUState *env)
+     if (kvm_has_msr_star)
+ 	msrs[n++].index = MSR_STAR;
+     msrs[n++].index = MSR_IA32_TSC;
+-    msrs[n++].index = MSR_VM_HSAVE_PA;
+    if (kvm_has_vm_hsave_pa)
+        msrs[n++].index = MSR_VM_HSAVE_PA;
+ #ifdef TARGET_X86_64
+     if (lm_capable_kernel) {
+         msrs[n++].index = MSR_CSTAR;
+-- 
+1.6.2.2
+
--- a/qemu-bios-bigger-roms.patch
+++ b/qemu-bios-bigger-roms.patch
@ -1,7 +1,30 @@
-diff --git a/bios/rombios.c b/bios/rombios.c
+From 664484dc8aa91fff6c8906ede14ce492b7904129 Mon Sep 17 00:00:00 2001
+From: Glauber Costa <glommer@redhat.com>
+Date: Wed, 24 Jun 2009 14:31:41 +0100
+Subject: [PATCH 13/18] compute checksum for roms bigger than a segment
+
+Some option roms (e1000 provided by gpxe project as an example)
+are bigger than a segment. The current algorithm to compute the
+checksum fails in such case. To proper compute the checksum, this
+patch deals with the possibility of the rom's size crossing a
+segment border.
+
+We don't need to worry about it crossing more than one segment
+border, since the option roms format only save one byte to store
+the image size (thus, maximum size = 0xff = 128k = 2 segments)
+
+[ including improvements suggested by malc ]
+
+Signed-off-by: Glauber Costa <glommer@redhat.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+---
+ kvm/bios/rombios.c |   33 +++++++++++++++++++++++++++------
+ 1 files changed, 27 insertions(+), 6 deletions(-)
+
+diff --git a/kvm/bios/rombios.c b/kvm/bios/rombios.c
 index c4f6ccd..c4bfe60 100644
--- a/bios/rombios.c
-+++ b/bios/rombios.c
+--- a/kvm/bios/rombios.c
+++ b/kvm/bios/rombios.c
@@ -10196,22 +10196,43 @@ no_serial:
   ret
 
@ -50,3 +73,8 @@ index c4f6ccd..c4bfe60 100644
 +  pop  ds
 +  popa 
   ret
+ 
+ 
+-- 
+1.6.2.2
+
--- a/qemu-disable-copyrect-encoding.patch
+++ b/qemu-disable-copyrect-encoding.patch
@ -0,0 +1,39 @@
+From 1df8bf2b825dafd9b3c0ea24af184db988fc0741 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Fri, 23 Oct 2009 13:41:52 +0100
+Subject: [PATCH] Disable the vnc CopyRect encoding
+
+Our CopyRect implementation seems to be broken still:
+
+  https://bugzilla.redhat.com/503156
+
+Let's just disable it until someone has a chance to debug further.
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: qemu-disable-copyrect-encoding.patch
+---
+ vnc.c |    7 +++++++
+ 1 files changed, 7 insertions(+), 0 deletions(-)
+
+diff --git a/vnc.c b/vnc.c
+index 119c982..508f40d 100644
+--- a/vnc.c
+++ b/vnc.c
+@@ -1499,7 +1499,14 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
+             vs->vnc_encoding = enc;
+             break;
+         case VNC_ENCODING_COPYRECT:
+            /* Our CopyRect handling still seems to be broken, see:
+             *
+             *  https://bugzilla.redhat.com/503156
+             *
+             */
+#ifdef FIXME
+             vs->features |= VNC_FEATURE_COPYRECT_MASK;
+#endif
+             break;
+         case VNC_ENCODING_HEXTILE:
+             vs->features |= VNC_FEATURE_HEXTILE_MASK;
+-- 
+1.6.2.5
+
--- a/qemu-fix-debuginfo.patch
+++ b/qemu-fix-debuginfo.patch
@ -1,24 +1,29 @@
-From: Riku Voipio <riku.voipio@iki.fi>
-Subject: [Qemu-devel] [PATCH] Make binary stripping conditional
+From 7fe411e73b6e6c7f8cc3eb9c3202b7c575a7670c Mon Sep 17 00:00:00 2001
+From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Sun, 5 Apr 2009 17:41:02 +0000
+Subject: [PATCH 10/18] Make binary stripping conditional (Riku Voipio)

 Currently qemu unconditionally strips binaries on install. This
 is a problem for packagers who may want to store/ship debug symbols
 of compiled packages for debugging purposes.

 Keep stripping as default for the oldtimers and add a
--disable-strip flag to override.
+ --disable-strip flag to override.
+
+(cherry picked from commit 1625af873aa8c9e4d22ad50a08e877110bf40623)

 Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
 ---
- Makefile        |    2 +-
- Makefile.target |    2 +-
- configure       |    9 ++++++++-
- 3 files changed, 10 insertions(+), 3 deletions(-)
+ Makefile  |    2 +-
+ configure |    9 ++++++++-
+ 2 files changed, 9 insertions(+), 2 deletions(-)

-Index: qemu-kvm-0.10/qemu/Makefile
-===================================================================
--- qemu-kvm-0.10.orig/qemu/Makefile
-+++ qemu-kvm-0.10/qemu/Makefile
+diff --git a/Makefile b/Makefile
+index 2af4c06..1162f35 100644
+--- a/Makefile
+++ b/Makefile
@@ -256,7 +256,7 @@ endif
 install: all $(if $(BUILD_DOCS),install-doc)
 	mkdir -p "$(DESTDIR)$(bindir)"
@ -28,19 +33,19 @@ Index: qemu-kvm-0.10/qemu/Makefile
 endif
 ifneq ($(BLOBS),)
 	mkdir -p "$(DESTDIR)$(datadir)"
-Index: qemu-kvm-0.10/qemu/configure
-===================================================================
--- qemu-kvm-0.10.orig/qemu/configure
-+++ qemu-kvm-0.10/qemu/configure
-@@ -154,6 +154,7 @@ case "$cpu" in
- esac
+diff --git a/configure b/configure
+index e00893f..2fed692 100755
+--- a/configure
+++ b/configure
+@@ -165,6 +165,7 @@ kvm_version() {
+ 
 gprof="no"
 sparse="no"
 +strip_opt="yes"
 bigendian="no"
 mingw32="no"
 EXESUF=""
-@@ -403,6 +404,8 @@ for opt do
+@@ -416,6 +417,8 @@ for opt do
   ;;
   --disable-sparse) sparse="no"
   ;;
@ -49,7 +54,7 @@ Index: qemu-kvm-0.10/qemu/configure
   --disable-vnc-tls) vnc_tls="no"
   ;;
   --disable-vnc-sasl) vnc_sasl="no"
-@@ -556,6 +559,7 @@ echo "  --install=INSTALL        use spe
+@@ -571,6 +574,7 @@ echo "  --install=INSTALL        use specified install [$install]"
 echo "  --static                 enable static build [$static]"
 echo "  --enable-sparse          enable sparse checker"
 echo "  --disable-sparse         disable sparse checker (default)"
@ -57,7 +62,7 @@ Index: qemu-kvm-0.10/qemu/configure
 echo "  --disable-werror         disable compilation abort on warning"
 echo "  --disable-sdl            disable SDL"
 echo "  --enable-cocoa           enable COCOA (Mac OS X only)"
-@@ -1242,6 +1246,7 @@ echo "host big endian   $bigendian"
+@@ -1258,6 +1262,7 @@ echo "host big endian   $bigendian"
 echo "target list       $target_list"
 echo "gprof enabled     $gprof"
 echo "sparse enabled    $sparse"
@ -65,7 +70,7 @@ Index: qemu-kvm-0.10/qemu/configure
 echo "profiler          $profiler"
 echo "static build      $static"
 echo "-Werror enabled   $werror"
-@@ -1318,7 +1323,6 @@ echo "INSTALL=$install" >> $config_mak
+@@ -1334,7 +1339,6 @@ echo "INSTALL=$install" >> $config_mak
 echo "CC=$cc" >> $config_mak
 echo "HOST_CC=$host_cc" >> $config_mak
 echo "AR=$ar" >> $config_mak
@ -73,7 +78,7 @@ Index: qemu-kvm-0.10/qemu/configure
 # XXX: only use CFLAGS and LDFLAGS ?  
 # XXX: should export HOST_CFLAGS and HOST_LDFLAGS for cross
 # compilation of dyngen tool (useful for win32 build on Linux host)
-@@ -1405,6 +1409,9 @@ if test "$sparse" = "yes" ; then
+@@ -1421,6 +1425,9 @@ if test "$sparse" = "yes" ; then
   echo "HOST_CC := REAL_CC=\"\$(HOST_CC)\" cgcc"  >> $config_mak
   echo "CFLAGS  += -Wbitwise -Wno-transparent-union -Wno-old-initializer -Wno-non-pointer-null" >> $config_mak
 fi
@ -83,3 +88,6 @@ Index: qemu-kvm-0.10/qemu/configure
 if test "$bigendian" = "yes" ; then
   echo "WORDS_BIGENDIAN=yes" >> $config_mak
   echo "#define WORDS_BIGENDIAN 1" >> $config_h
+-- 
+1.6.2.2
+
--- a/qemu-fix-display-breakage.patch
+++ b/qemu-fix-display-breakage.patch
@ -1,35 +0,0 @@
-From 9d1b494a2d5dd2c129994edcf4eb7630bb554964 Mon Sep 17 00:00:00 2001
-From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
-Date: Tue, 7 Apr 2009 20:55:58 +0000
-Subject: [PATCH 1/1] Fix crash on resolution change -> screen dump -> vga redraw (Avi Kivity)
-
-The vga screen dump function updates last_width and last_height,
-but does not change the DisplaySurface that these variables describe.
-A consequent vga_draw_graphic() will therefore fail to resize the
-surface and crash.
-
-Fix by invalidating the display state after a screen dump, forcing
-vga_draw_graphic() to reallocate the DisplaySurface.
-
-Signed-off-by: Avi Kivity <avi@redhat.com>
-Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-
-
-git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@7026 c046a42c-6fe2-441c-8c8c-71466251a162
---
- qemu/hw/vga.c |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/qemu/hw/vga.c b/qemu/hw/vga.c
-index b1e4373..4d1049b 100644
--- a/qemu/hw/vga.c
-+++ b/qemu/hw/vga.c
-@@ -2678,4 +2678,5 @@ static void vga_screen_dump(void *opaque, const char *filename)
-         vga_screen_dump_graphic(s, filename);
-     else
-         vga_screen_dump_text(s, filename);
-+    vga_invalidate_display(s);
- }
-- 
-1.6.0.6
-
--- a/qemu-fix-gcc.patch
+++ b/qemu-fix-gcc.patch
@ -1,79 +0,0 @@
-From 2ced1d80f01645885ac2e28107f724886eb1cd5a Mon Sep 17 00:00:00 2001
-From: Jochen Roth <jroth@linux.vnet.ibm.com>
-Date: Thu, 12 Mar 2009 14:19:19 +0100
-Subject: [PATCH] kvm: testsuite: compile fix - avoid raw string literal
-
-This patch fixes compilation problems of kvm-userspace on current gcc
-4.4 compilers which implement the following standard:
-http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2442.htm
-
-Signed-off-by: Jochen Roth <jroth@linux.vnet.ibm.com>
-Signed-off-by: Avi Kivity <avi@redhat.com>
---
- user/test/x86/apic.c   |   32 ++++++++++++++++----------------
- user/test/x86/vmexit.c |    2 +-
- 2 files changed, 17 insertions(+), 17 deletions(-)
-
-Index: qemu-kvm-0.10/user/test/x86/apic.c
-===================================================================
--- qemu-kvm-0.10.orig/user/test/x86/apic.c
-+++ qemu-kvm-0.10/user/test/x86/apic.c
-@@ -54,14 +54,14 @@ asm (
-     "push %r9  \n\t"
-     "push %r8  \n\t"
- #endif
-    "push %"R"di \n\t"
-    "push %"R"si \n\t"
-    "push %"R"bp \n\t"
-    "push %"R"sp \n\t"
-    "push %"R"bx \n\t"
-    "push %"R"dx \n\t"
-    "push %"R"cx \n\t"
-    "push %"R"ax \n\t"
-+    "push %"R "di \n\t"
-+    "push %"R "si \n\t"
-+    "push %"R "bp \n\t"
-+    "push %"R "sp \n\t"
-+    "push %"R "bx \n\t"
-+    "push %"R "dx \n\t"
-+    "push %"R "cx \n\t"
-+    "push %"R "ax \n\t"
- #ifdef __x86_64__
-     "mov %rsp, %rdi \n\t"
-     "callq *8*16(%rsp) \n\t"
-@@ -70,14 +70,14 @@ asm (
-     "calll *4+4*8(%esp) \n\t"
-     "add $4, %esp \n\t"
- #endif
-    "pop %"R"ax \n\t"
-    "pop %"R"cx \n\t"
-    "pop %"R"dx \n\t"
-    "pop %"R"bx \n\t"
-    "pop %"R"bp \n\t"
-    "pop %"R"bp \n\t"
-    "pop %"R"si \n\t"
-    "pop %"R"di \n\t"
-+    "pop %"R "ax \n\t"
-+    "pop %"R "cx \n\t"
-+    "pop %"R "dx \n\t"
-+    "pop %"R "bx \n\t"
-+    "pop %"R "bp \n\t"
-+    "pop %"R "bp \n\t"
-+    "pop %"R "si \n\t"
-+    "pop %"R "di \n\t"
- #ifdef __x86_64__
-     "pop %r8  \n\t"
-     "pop %r9  \n\t"
-Index: qemu-kvm-0.10/user/test/x86/vmexit.c
-===================================================================
--- qemu-kvm-0.10.orig/user/test/x86/vmexit.c
-+++ qemu-kvm-0.10/user/test/x86/vmexit.c
-@@ -31,7 +31,7 @@ int main()
- 
- 	t1 = rdtsc();
- 	for (i = 0; i < N; ++i)
-		asm volatile ("push %%"R"bx; cpuid; pop %%"R"bx"
-+		asm volatile ("push %%"R "bx; cpuid; pop %%"R "bx"
- 			      : : : "eax", "ecx", "edx");
- 	t2 = rdtsc();
- 	printf("vmexit latency: %d\n", (int)((t2 - t1) / N));
--- a/qemu-fix-msr-count-potential-segfault.patch
+++ b/qemu-fix-msr-count-potential-segfault.patch
@ -0,0 +1,67 @@
+From 3ea6ac6fde5cd46d5d8593a493a75eb29e2ccc9b Mon Sep 17 00:00:00 2001
+From: Eduardo Habkost <ehabkost@redhat.com>
+Date: Wed, 14 Oct 2009 15:02:27 -0300
+Subject: [PATCH] fix MSR_COUNT for kvm_arch_save_regs()
+
+A new register was added to the load/save list on commit
+d283d5a65a2bdcc570065267be21848bd6fe3d78, but MSR_COUNT was not updated, leading
+to potential stack corruption on kvm_arch_save_regs().
+
+The following registers are saved by kvm_arch_save_regs():
+
+ 1) MSR_IA32_SYSENTER_CS
+ 2) MSR_IA32_SYSENTER_ESP
+ 3) MSR_IA32_SYSENTER_EIP
+ 4) MSR_STAR
+ 5) MSR_IA32_TSC
+ 6) MSR_VM_HSAVE_PA
+ 7) MSR_CSTAR (x86_64 only)
+ 8) MSR_KERNELGSBASE (x86_64 only)
+ 9) MSR_FMASK (x86_64 only)
+10) MSR_LSTAR (x86_64 only)
+
+(cherry picked from commit e7e5448ba387adc20be1cf08411a5b526d684299)
+
+Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: qemu-fix-msr-count-potential-segfault.patch
+---
+ qemu-kvm-x86.c |    6 ++++--
+ 1 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/qemu-kvm-x86.c b/qemu-kvm-x86.c
+index 8e0f0b2..89fe77c 100644
+--- a/qemu-kvm-x86.c
+++ b/qemu-kvm-x86.c
+@@ -116,9 +116,9 @@ static int get_msr_entry(struct kvm_msr_entry *entry, CPUState *env)
+ }
+ 
+ #ifdef TARGET_X86_64
+-#define MSR_COUNT 9
+#define MSR_COUNT 10
+ #else
+-#define MSR_COUNT 5
+#define MSR_COUNT 6
+ #endif
+ 
+ static void set_v8086_seg(struct kvm_segment *lhs, const SegmentCache *rhs)
+@@ -260,6 +260,7 @@ void kvm_arch_load_regs(CPUState *env)
+ 
+     /* msrs */
+     n = 0;
+    /* Remember to increase MSR_COUNT if you add new registers below */
+     set_msr_entry(&msrs[n++], MSR_IA32_SYSENTER_CS,  env->sysenter_cs);
+     set_msr_entry(&msrs[n++], MSR_IA32_SYSENTER_ESP, env->sysenter_esp);
+     set_msr_entry(&msrs[n++], MSR_IA32_SYSENTER_EIP, env->sysenter_eip);
+@@ -435,6 +436,7 @@ void kvm_arch_save_regs(CPUState *env)
+ 
+     /* msrs */
+     n = 0;
+    /* Remember to increase MSR_COUNT if you add new registers below */
+     msrs[n++].index = MSR_IA32_SYSENTER_CS;
+     msrs[n++].index = MSR_IA32_SYSENTER_ESP;
+     msrs[n++].index = MSR_IA32_SYSENTER_EIP;
+-- 
+1.6.2.5
+
--- a/qemu-fix-qcow2-2TB.patch
+++ b/qemu-fix-qcow2-2TB.patch
@ -1,77 +0,0 @@
-From 2d2431f03fc78b532f3a1c5f858cf78859d50fc3 Mon Sep 17 00:00:00 2001
-From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
-Date: Sun, 5 Apr 2009 17:40:58 +0000
-Subject: [PATCH] qcow2: fix image creation for large, > ~2TB, images (Chris Wright)
-
-When creating large disk images w/ qcow2 format, qcow2_create is hard
-coded to creating a single refcount block.  This is insufficient for
-large images, and will cause qemu-img to segfault as it walks off the
-end of the refcount block.  Keep track of the space needed during image
-create and create proper number of refcount blocks accordingly.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=491943
-
-Signed-off-by: Chris Wright <chrisw@redhat.com>
-Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-
-
-git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6982 c046a42c-6fe2-441c-8c8c-71466251a162
---
- block-qcow2.c |   20 +++++++++++++-------
- 1 files changed, 13 insertions(+), 7 deletions(-)
-
-Index: qemu-kvm-0.10/qemu/block-qcow2.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/block-qcow2.c
-+++ qemu-kvm-0.10/qemu/block-qcow2.c
-@@ -1458,6 +1458,7 @@ static int qcow_create(const char *filen
-                       const char *backing_file, int flags)
- {
-     int fd, header_size, backing_filename_len, l1_size, i, shift, l2_bits;
-+    int ref_clusters = 0;
-     QCowHeader header;
-     uint64_t tmp, offset;
-     QCowCreateState s1, *s = &s1;
-@@ -1498,22 +1499,28 @@ static int qcow_create(const char *filen
-     offset += align_offset(l1_size * sizeof(uint64_t), s->cluster_size);
- 
-     s->refcount_table = qemu_mallocz(s->cluster_size);
-    s->refcount_block = qemu_mallocz(s->cluster_size);
- 
-     s->refcount_table_offset = offset;
-     header.refcount_table_offset = cpu_to_be64(offset);
-     header.refcount_table_clusters = cpu_to_be32(1);
-     offset += s->cluster_size;
-
-    s->refcount_table[0] = cpu_to_be64(offset);
-     s->refcount_block_offset = offset;
-    offset += s->cluster_size;
-+
-+    /* count how many refcount blocks needed */
-+    tmp = offset >> s->cluster_bits;
-+    ref_clusters = (tmp >> (s->cluster_bits - REFCOUNT_SHIFT)) + 1;
-+    for (i=0; i < ref_clusters; i++) {
-+        s->refcount_table[i] = cpu_to_be64(offset);
-+        offset += s->cluster_size;
-+    }
-+
-+    s->refcount_block = qemu_mallocz(ref_clusters * s->cluster_size);
- 
-     /* update refcounts */
-     create_refcount_update(s, 0, header_size);
-     create_refcount_update(s, s->l1_table_offset, l1_size * sizeof(uint64_t));
-     create_refcount_update(s, s->refcount_table_offset, s->cluster_size);
-    create_refcount_update(s, s->refcount_block_offset, s->cluster_size);
-+    create_refcount_update(s, s->refcount_block_offset, ref_clusters * s->cluster_size);
- 
-     /* write all the data */
-     write(fd, &header, sizeof(header));
-@@ -1529,7 +1536,7 @@ static int qcow_create(const char *filen
-     write(fd, s->refcount_table, s->cluster_size);
- 
-     lseek(fd, s->refcount_block_offset, SEEK_SET);
-    write(fd, s->refcount_block, s->cluster_size);
-+    write(fd, s->refcount_block, ref_clusters * s->cluster_size);
- 
-     qemu_free(s->refcount_table);
-     qemu_free(s->refcount_block);
--- a/qemu-fix-virtio-net-gso-support.patch
+++ b/qemu-fix-virtio-net-gso-support.patch
@ -0,0 +1,42 @@
+From 0a662a2983f1afeb5dce338d7dbe906d5c4c91a7 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Tue, 5 May 2009 09:56:25 +0100
+Subject: [PATCH] virtio-net: Re-instate GSO code removed upstream
+
+This commit:
+
+   commit 559a8f45f34cc50d1a60b4f67a06614d506b2e01
+   Subject: Remove stray GSO code from virtio_net (Mark McLoughlin)
+
+Removed some GSO code from upstream qemu.git, but it needs to
+be re-instated in qemu-kvm.git.
+
+(cherry picked from commit 6e57bb9a636cefdaba7decbd5ac10f1508ff64c0)
+
+Reported-by: Sridhar Samudrala <sri@us.ibm.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Fedora-patch: qemu-fix-virtio-net-gso-support.patch
+---
+ hw/virtio-net.c |    5 +++++
+ 1 files changed, 5 insertions(+), 0 deletions(-)
+
+diff --git a/hw/virtio-net.c b/hw/virtio-net.c
+index f65ecd7..aaab83b 100644
+--- a/hw/virtio-net.c
+++ b/hw/virtio-net.c
+@@ -424,6 +424,11 @@ static int receive_filter(VirtIONet *n, const uint8_t *buf, int size)
+     if (n->promisc)
+         return 1;
+ 
+#ifdef TAP_VNET_HDR
+    if (tap_has_vnet_hdr(n->vc->vlan->first_client))
+        ptr += sizeof(struct virtio_net_hdr);
+#endif
+
+     if (!memcmp(&ptr[12], vlan, sizeof(vlan))) {
+         int vid = be16_to_cpup((uint16_t *)(ptr + 14)) & 0xfff;
+         if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))
+-- 
+1.6.2.5
+
--- a/qemu-fix-vnc-copyrect-screen-corruption.patch
+++ b/qemu-fix-vnc-copyrect-screen-corruption.patch
@ -0,0 +1,68 @@
+From 30157150182db6907cde111d8c3d76224b0841df Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 27 Jul 2009 17:10:48 +0200
+Subject: [PATCH] BACKPORT: vnc: fix copyrect screen corruption
+
+When sending a copyrect command to the vnc client, we must also update
+the local server surface.  Otherwise the server's and the client's idea
+of the screen content run out of sync and screen updates don't work
+correctly.
+
+[ backport: uses ds_get_data() instead of direct dereference ]
+
+(cherry picked from commit 74ccfe8b7e9c351b3196f68795126e76060903b3)
+
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+Signed-off-by: Glauber Costa <glommer@redhat.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: qemu-fix-vnc-copyrect-screen-corruption.patch
+---
+ vnc.c |   23 +++++++++++++++++++++++
+ 1 files changed, 23 insertions(+), 0 deletions(-)
+
+diff --git a/vnc.c b/vnc.c
+index 1d8ebe7..c0700c0 100644
+--- a/vnc.c
+++ b/vnc.c
+@@ -633,8 +633,14 @@ static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
+ 
+ static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
+ {
+
+    uint8_t *src_row;
+    uint8_t *dst_row;
+    int y,pitch,depth;
+
+     vnc_update_client(vs);
+ 
+    /* send bitblit op to the vnc client */
+     vnc_write_u8(vs, 0);  /* msg id */
+     vnc_write_u8(vs, 0);
+     vnc_write_u16(vs, 1); /* number of rects */
+@@ -642,6 +648,23 @@ static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, i
+     vnc_write_u16(vs, src_x);
+     vnc_write_u16(vs, src_y);
+     vnc_flush(vs);
+
+    /* do bitblit op on the local surface too */
+    pitch = ds_get_linesize(vs->ds);
+    depth = ds_get_bytes_per_pixel(vs->ds);
+    src_row = ds_get_data(vs->ds) + pitch * src_y + depth * src_x;
+    dst_row = ds_get_data(vs->ds) + pitch * dst_y + depth * dst_x;
+    if (dst_y > src_y) {
+        /* copy backwards */
+        src_row += pitch * (h-1);
+        dst_row += pitch * (h-1);
+        pitch = -pitch;
+    }
+    for (y = 0; y < h; y++) {
+        memmove(dst_row, src_row, w * depth);
+        src_row += pitch;
+        dst_row += pitch;
+    }
+ }
+ 
+ static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
+-- 
+1.6.2.5
+
--- a/qemu-fix-vnc-disconnect-segfault.patch
+++ b/qemu-fix-vnc-disconnect-segfault.patch
@ -0,0 +1,232 @@
+From 977b3b69b2e06f0aab0c48ff08a236bff8763f2e Mon Sep 17 00:00:00 2001
+From: Chris Webb <chris@arachsys.com>
+Date: Wed, 26 Aug 2009 22:52:43 +0000
+Subject: [PATCH] vnc: rework VncState release workflow
+
+Split socket closing and releasing of VncState into two steps. First close
+the socket and set the variable to -1 to indicate shutdown in progress. Do
+the actual release in a few places where we can be sure it doesn't cause
+trouble in form of use-after-free. Add some checks for a valid socket handle
+to make sure we don't try to use the closed socket.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
+
+Backported to 0.10-stable, removing references to vs->force_update and
+changing vnc_disconnect_finish() to match the code in the 0.10 version of
+vnc_client_io_error() in place of the master branch version.
+
+(cherry picked from commit c2723a9606dae5af5c614a55296ee37e2ed7801a)
+
+Signed-off-by: Chris Webb <chris@arachsys.com>
+Signed-off-by: Glauber Costa <glommer@redhat.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: qemu-fix-vnc-disconnect-segfault.patch
+---
+ vnc.c |  110 ++++++++++++++++++++++++++++++++++++++++++-----------------------
+ 1 files changed, 71 insertions(+), 39 deletions(-)
+
+diff --git a/vnc.c b/vnc.c
+index c0700c0..28e8362 100644
+--- a/vnc.c
+++ b/vnc.c
+@@ -200,6 +200,8 @@ static void vnc_write_u16(VncState *vs, uint16_t value);
+ static void vnc_write_u8(VncState *vs, uint8_t value);
+ static void vnc_flush(VncState *vs);
+ static void vnc_update_client(void *opaque);
+static void vnc_disconnect_start(VncState *vs);
+static void vnc_disconnect_finish(VncState *vs);
+ static void vnc_client_read(void *opaque);
+ 
+ static void vnc_colordepth(VncState *vs);
+@@ -670,13 +672,21 @@ static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, i
+ static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
+ {
+     VncDisplay *vd = ds->opaque;
+-    VncState *vs = vd->clients;
+-    while (vs != NULL) {
+    VncState *vs, *vn;
+
+    for (vs = vd->clients; vs != NULL; vs = vn) {
+        vn = vs->next;
+        if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
+            vnc_update_client(vs);
+            /* vs might be free()ed here */
+        }
+    }
+
+    for (vs = vd->clients; vs != NULL; vs = vs->next) {
+         if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
+             vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
+         else /* TODO */
+             vnc_update(vs, dst_x, dst_y, w, h);
+-        vs = vs->next;
+     }
+ }
+ 
+@@ -786,6 +796,8 @@ static void vnc_update_client(void *opaque)
+ 
+     if (vs->csock != -1) {
+         qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
+    } else {
+        vnc_disconnect_finish(vs);
+     }
+ 
+ }
+@@ -855,6 +867,47 @@ static void audio_del(VncState *vs)
+     }
+ }
+ 
+static void vnc_disconnect_start(VncState *vs)
+{
+    if (vs->csock == -1)
+        return;
+    qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
+    closesocket(vs->csock);
+    vs->csock = -1;
+}
+
+static void vnc_disconnect_finish(VncState *vs)
+{
+    qemu_del_timer(vs->timer);
+    qemu_free_timer(vs->timer);
+    if (vs->input.buffer) qemu_free(vs->input.buffer);
+    if (vs->output.buffer) qemu_free(vs->output.buffer);
+#ifdef CONFIG_VNC_TLS
+    if (vs->tls_session) {
+        gnutls_deinit(vs->tls_session);
+        vs->tls_session = NULL;
+    }
+#endif /* CONFIG_VNC_TLS */
+    audio_del(vs);
+
+    VncState *p, *parent = NULL;
+    for (p = vs->vd->clients; p != NULL; p = p->next) {
+        if (p == vs) {
+            if (parent)
+                parent->next = p->next;
+            else
+                vs->vd->clients = p->next;
+            break;
+        }
+        parent = p;
+    }
+    if (!vs->vd->clients)
+        dcl->idle = 1;
+
+    qemu_free(vs->old_data);
+    qemu_free(vs);
+}
+
+ static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
+ {
+     if (ret == 0 || ret == -1) {
+@@ -872,36 +925,7 @@ static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
+         }
+ 
+ 	VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
+-	qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
+-	closesocket(vs->csock);
+-        qemu_del_timer(vs->timer);
+-        qemu_free_timer(vs->timer);
+-        if (vs->input.buffer) qemu_free(vs->input.buffer);
+-        if (vs->output.buffer) qemu_free(vs->output.buffer);
+-#ifdef CONFIG_VNC_TLS
+-	if (vs->tls_session) {
+-	    gnutls_deinit(vs->tls_session);
+-	    vs->tls_session = NULL;
+-	}
+-#endif /* CONFIG_VNC_TLS */
+-        audio_del(vs);
+-
+-        VncState *p, *parent = NULL;
+-        for (p = vs->vd->clients; p != NULL; p = p->next) {
+-            if (p == vs) {
+-                if (parent)
+-                    parent->next = p->next;
+-                else
+-                    vs->vd->clients = p->next;
+-                break;
+-            }
+-            parent = p;
+-        }
+-        if (!vs->vd->clients)
+-            dcl->idle = 1;
+-
+-        qemu_free(vs->old_data);
+-        qemu_free(vs);
+        vnc_disconnect_start(vs);
+   
+ 	return 0;
+     }
+@@ -910,7 +934,8 @@ static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
+ 
+ static void vnc_client_error(VncState *vs)
+ {
+-    vnc_client_io_error(vs, -1, EINVAL);
+    VNC_DEBUG("Closing down client sock: protocol error\n");
+    vnc_disconnect_start(vs);
+ }
+ 
+ static void vnc_client_write(void *opaque)
+@@ -970,8 +995,11 @@ static void vnc_client_read(void *opaque)
+ #endif /* CONFIG_VNC_TLS */
+ 	ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
+     ret = vnc_client_io_error(vs, ret, socket_error());
+-    if (!ret)
+    if (!ret) {
+        if (vs->csock == -1)
+            vnc_disconnect_finish(vs);
+ 	return;
+    }
+ 
+     vs->input.offset += ret;
+ 
+@@ -980,8 +1008,10 @@ static void vnc_client_read(void *opaque)
+ 	int ret;
+ 
+ 	ret = vs->read_handler(vs, vs->input.buffer, len);
+-	if (vs->csock == -1)
+	if (vs->csock == -1) {
+            vnc_disconnect_finish(vs);
+ 	    return;
+        }
+ 
+ 	if (!ret) {
+ 	    memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
+@@ -996,7 +1026,7 @@ static void vnc_write(VncState *vs, const void *data, size_t len)
+ {
+     buffer_reserve(&vs->output, len);
+ 
+-    if (buffer_empty(&vs->output)) {
+    if (vs->csock != -1 && buffer_empty(&vs->output)) {
+ 	qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
+     }
+ 
+@@ -1037,7 +1067,7 @@ static void vnc_write_u8(VncState *vs, uint8_t value)
+ 
+ static void vnc_flush(VncState *vs)
+ {
+-    if (vs->output.offset)
+    if (vs->csock != -1 && vs->output.offset)
+ 	vnc_client_write(vs);
+ }
+ 
+@@ -2305,11 +2335,13 @@ static void vnc_connect(VncDisplay *vd, int csock)
+     vnc_read_when(vs, protocol_version, 12);
+     memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
+     memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
+-    vnc_update_client(vs);
+     reset_keys(vs);
+ 
+     vs->next = vd->clients;
+     vd->clients = vs;
+
+    vnc_update_client(vs);
+    /* vs might be free()ed here */
+ }
+ 
+ static void vnc_listen_read(void *opaque)
+-- 
+1.6.2.5
+
--- a/qemu-kvm-fix-kerneldir-includes.patch
+++ b/qemu-kvm-fix-kerneldir-includes.patch
@ -0,0 +1,80 @@
+From 3b56420544e3b40486d7dc0f8823c20af72256e3 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Wed, 24 Jun 2009 14:34:36 +0100
+Subject: [PATCH 14/18] kvm: user: include arch specific headers from $(KERNELDIR)
+
+Currently we only include $(KERNELDIR)/include in CFLAGS,
+but we also have $(KERNELDIR)/arch/$(arch)/include or else
+we'll get mis-matched headers.
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+---
+ kvm/user/config-i386.mak       |    1 -
+ kvm/user/config-ia64.mak       |    1 +
+ kvm/user/config-powerpc.mak    |    1 +
+ kvm/user/config-x86-common.mak |    2 ++
+ kvm/user/config-x86_64.mak     |    1 -
+ 5 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/kvm/user/config-i386.mak b/kvm/user/config-i386.mak
+index 09175d5..eebb9de 100644
+--- a/kvm/user/config-i386.mak
+++ b/kvm/user/config-i386.mak
+@@ -3,7 +3,6 @@ cstart.o = $(TEST_DIR)/cstart.o
+ bits = 32
+ ldarch = elf32-i386
+ CFLAGS += -D__i386__
+-CFLAGS += -I $(KERNELDIR)/include
+ 
+ tests=
+ 
+diff --git a/kvm/user/config-ia64.mak b/kvm/user/config-ia64.mak
+index c4c639e..e8803a0 100644
+--- a/kvm/user/config-ia64.mak
+++ b/kvm/user/config-ia64.mak
+@@ -2,6 +2,7 @@ bits = 64
+ CFLAGS += -m64
+ CFLAGS += -D__ia64__
+ CFLAGS += -I $(KERNELDIR)/include
+CFLAGS += -I $(KERNELDIR)/arch/ia64/include
+ 
+ all:
+ 
+diff --git a/kvm/user/config-powerpc.mak b/kvm/user/config-powerpc.mak
+index dd7ef54..589aa61 100644
+--- a/kvm/user/config-powerpc.mak
+++ b/kvm/user/config-powerpc.mak
+@@ -1,4 +1,5 @@
+ CFLAGS += -I $(KERNELDIR)/include
+CFLAGS += -I $(KERNELDIR)/arch/powerpc/include
+ CFLAGS += -Wa,-mregnames -I test/lib
+ CFLAGS += -ffreestanding
+ 
+diff --git a/kvm/user/config-x86-common.mak b/kvm/user/config-x86-common.mak
+index e789fd4..8d8fadf 100644
+--- a/kvm/user/config-x86-common.mak
+++ b/kvm/user/config-x86-common.mak
+@@ -12,6 +12,8 @@ cflatobjs += \
+ $(libcflat): LDFLAGS += -nostdlib
+ $(libcflat): CFLAGS += -ffreestanding -I test/lib
+ 
+CFLAGS += -I $(KERNELDIR)/include
+CFLAGS += -I $(KERNELDIR)/arch/x86/include
+ CFLAGS += -m$(bits)
+ 
+ FLATLIBS = test/lib/libcflat.a $(libgcc)
+diff --git a/kvm/user/config-x86_64.mak b/kvm/user/config-x86_64.mak
+index b50b540..d88f54c 100644
+--- a/kvm/user/config-x86_64.mak
+++ b/kvm/user/config-x86_64.mak
+@@ -3,7 +3,6 @@ cstart.o = $(TEST_DIR)/cstart64.o
+ bits = 64
+ ldarch = elf64-x86-64
+ CFLAGS += -D__x86_64__
+-CFLAGS += -I $(KERNELDIR)/include
+ 
+ tests = $(TEST_DIR)/access.flat $(TEST_DIR)/irq.flat $(TEST_DIR)/sieve.flat \
+       $(TEST_DIR)/simple.flat $(TEST_DIR)/stringio.flat \
+-- 
+1.6.2.2
+
--- a/qemu-ppc-on-ppc.patch
+++ b/qemu-ppc-on-ppc.patch
@ -0,0 +1,40 @@
+From 739f7adcf6eeb8486e60fabc7816fff75fac63f9 Mon Sep 17 00:00:00 2001
+From: malc <malc@c046a42c-6fe2-441c-8c8c-71466251a162>
+Date: Thu, 2 Apr 2009 01:16:39 +0000
+Subject: [PATCH 18/18] Temporary workaround for ppc on ppc
+
+target-ppc/translate.c puts values of type opcode_t into .opcodes
+section, using GCC extension to do so, and hoping that this will make
+them appear contiguously and in the source order in the resulting
+executable. This assumption is not safe and is known to be violated
+with certain versions of GCC, certain flags passed to it and on
+certain platforms (gcc 4.3.0, -O and PPC/PPC64 for instance)
+
+The workaround consists of adding -fno-unit-at-a-time to the list of
+GCC command line options while building PPC translate.o on a PPC.
+
+(cherry picked from commit d19076faca944c31bb051b95d285e75ec67902f7)
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+---
+ Makefile.target |    4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+
+diff --git a/Makefile.target b/Makefile.target
+index e2e23bf..7e18719 100644
+--- a/Makefile.target
+++ b/Makefile.target
+@@ -91,6 +91,10 @@ ifeq ($(ARCH),i386)
+ HELPER_CFLAGS+=-fomit-frame-pointer
+ endif
+ 
+ifeq ($(subst ppc64,ppc,$(ARCH))$(TARGET_BASE_ARCH),ppcppc)
+translate.o: CFLAGS := $(CFLAGS) $(call cc-option, $(CFLAGS), -fno-unit-at-a-time,)
+endif
+
+ ifeq ($(ARCH),sparc)
+   CFLAGS+=-ffixed-g2 -ffixed-g3
+   ifneq ($(CONFIG_SOLARIS),yes)
+-- 
+1.6.2.2
+
--- a/qemu-roms-more-room-fix-vga-align.patch
+++ b/qemu-roms-more-room-fix-vga-align.patch
@ -0,0 +1,39 @@
+From 803934e62dc6394df92ef08fc8df9e49c0c834e7 Mon Sep 17 00:00:00 2001
+From: Glauber Costa <glommer@redhat.com>
+Date: Wed, 24 Jun 2009 14:28:30 +0100
+Subject: [PATCH 12/18] align vga rom to 4k boundary.
+
+Instead of aligning to 2k boundary, as required by the bios,
+align to 4k boundary, as required by kvm memory functions. Without
+this patch, starting kvm with -vga std option fails with:
+
+create_userspace_phys_mem: Invalid argument
+kvm_cpu_register_physical_memory: failed
+
+as described by: https://bugzilla.redhat.com/494376
+
+It does not fail with cirrus vga, because it is naturally aligned.
+This problem does not seem to affect upstream qemu.
+
+Signed-off-by: Glauber Costa <glommer@redhat.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+---
+ hw/pc.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/hw/pc.c b/hw/pc.c
+index 413da6f..fb6edf4 100644
+--- a/hw/pc.c
+++ b/hw/pc.c
+@@ -925,7 +925,7 @@ vga_bios_error:
+             exit(1);
+         }
+ 	/* Round up vga bios size to the next 2k boundary */
+-	vga_bios_size = (vga_bios_size + 2047) & ~2047;
+	vga_bios_size = (vga_bios_size + 4095) & ~4095;
+ 	option_rom_start = 0xc0000 + vga_bios_size;
+ 
+         /* setup basic memory access */
+-- 
+1.6.2.2
+
--- a/qemu-roms-more-room.patch
+++ b/qemu-roms-more-room.patch
@ -1,7 +1,7 @@
-From 34b39c2ba6cc08239a707b52bfb2886df2aa8dec Mon Sep 17 00:00:00 2001
+From 0a61b11b0e5e5a39598e7edc900ba272fd407877 Mon Sep 17 00:00:00 2001
 From: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162>
 Date: Sat, 28 Mar 2009 17:28:45 +0000
-Subject: [PATCH] get roms more room. (Glauber Costa)
+Subject: [PATCH 11/18] get roms more room. (Glauber Costa)

 This patch increases by 50 % the size available for option roms.
 The main motivator is that some roms grew bigger than the 64k we
@ -22,20 +22,20 @@ urgent need to do it.

 [ fix case for vgabioses smaller than 30k, by Carl-Daniel Hailfinger ]

+(cherry picked from commit 34b39c2ba6cc08239a707b52bfb2886df2aa8dec)
+
 Signed-off-by: Glauber Costa <glommer@redhat.com>
 Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-
-
-git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6896 c046a42c-6fe2-441c-8c8c-71466251a162
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
 ---
- hw/pc.c |   29 +++++++++++++++++++----------
- 1 files changed, 19 insertions(+), 10 deletions(-)
+ hw/pc.c |   33 +++++++++++++++++++++------------
+ 1 files changed, 21 insertions(+), 12 deletions(-)

-Index: qemu-kvm-0.10/qemu/hw/pc.c
-===================================================================
--- qemu-kvm-0.10.orig/qemu/hw/pc.c
-+++ qemu-kvm-0.10/qemu/hw/pc.c
-@@ -813,7 +813,7 @@ static void pc_init1(ram_addr_t ram_size
+diff --git a/hw/pc.c b/hw/pc.c
+index 1b8d47a..413da6f 100644
+--- a/hw/pc.c
+++ b/hw/pc.c
+@@ -818,7 +818,7 @@ static void pc_init1(ram_addr_t ram_size, int vga_ram_size,
 {
     char buf[1024];
     int ret, linux_boot, i;
@ -44,7 +44,7 @@ Index: qemu-kvm-0.10/qemu/hw/pc.c
     ram_addr_t below_4g_mem_size, above_4g_mem_size = 0;
     int bios_size, isa_bios_size, vga_bios_size;
     int pci_option_rom_offset;
-@@ -825,6 +825,7 @@ static void pc_init1(ram_addr_t ram_size
+@@ -830,6 +830,7 @@ static void pc_init1(ram_addr_t ram_size, int vga_ram_size,
     int index;
     BlockDriverState *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
     BlockDriverState *fd[MAX_FD];
@ -52,7 +52,7 @@ Index: qemu-kvm-0.10/qemu/hw/pc.c
 
     if (ram_size >= 0xe0000000 ) {
         above_4g_mem_size = ram_size - 0xe0000000;
-@@ -900,7 +901,7 @@ static void pc_init1(ram_addr_t ram_size
+@@ -905,7 +906,7 @@ static void pc_init1(ram_addr_t ram_size, int vga_ram_size,
         exit(1);
     }
 
@ -61,7 +61,7 @@ Index: qemu-kvm-0.10/qemu/hw/pc.c
         /* VGA BIOS load */
         if (cirrus_vga_enabled) {
             snprintf(buf, sizeof(buf), "%s/%s", bios_dir, VGABIOS_CIRRUS_FILENAME);
-@@ -918,12 +919,21 @@ vga_bios_error:
+@@ -923,12 +924,21 @@ vga_bios_error:
             fprintf(stderr, "qemu: could not load VGA BIOS '%s'\n", buf);
             exit(1);
         }
@ -84,7 +84,7 @@ Index: qemu-kvm-0.10/qemu/hw/pc.c
     /* map the last 128KB of the BIOS in ISA space */
     isa_bios_size = bios_size;
     if (isa_bios_size > (128 * 1024))
-@@ -944,14 +954,14 @@ vga_bios_error:
+@@ -949,14 +959,14 @@ vga_bios_error:
         ram_addr_t option_rom_offset;
         int size, offset;
 
@ -92,17 +92,18 @@ Index: qemu-kvm-0.10/qemu/hw/pc.c
 +        offset = option_rom_start;
         if (linux_boot) {
             option_rom_offset = qemu_ram_alloc(TARGET_PAGE_SIZE);
-             load_linux(phys_ram_base + option_rom_offset,
-                        kernel_filename, initrd_filename, kernel_cmdline);
 -            cpu_register_physical_memory(0xd0000, TARGET_PAGE_SIZE,
 +            cpu_register_physical_memory(option_rom_start, TARGET_PAGE_SIZE,
-                                          option_rom_offset | IO_MEM_ROM);
+                                          option_rom_offset);
+-            load_linux(0xd0000,
+            load_linux(option_rom_start,
+                        kernel_filename, initrd_filename, kernel_cmdline, below_4g_mem_size);
 -            offset = TARGET_PAGE_SIZE;
 +            offset += TARGET_PAGE_SIZE;
         }
 
         for (i = 0; i < nb_option_roms; i++) {
-@@ -961,13 +971,13 @@ vga_bios_error:
+@@ -966,13 +976,13 @@ vga_bios_error:
                         option_rom[i]);
                 exit(1);
             }
@ -118,7 +119,7 @@ Index: qemu-kvm-0.10/qemu/hw/pc.c
                 exit(1);
             }
             size = (size + 4095) & ~4095;
-@@ -975,9 +985,8 @@ vga_bios_error:
+@@ -980,9 +990,8 @@ vga_bios_error:
        initialization, and (optionally) marked readonly by the BIOS
        before INT 19h.  See the PNPBIOS specification, appendix B.
        DDIM support is mandatory for proper PCI expansion ROM support. */
@ -130,3 +131,6 @@ Index: qemu-kvm-0.10/qemu/hw/pc.c
             offset += size;
         }
         pci_option_rom_offset = offset;
+-- 
+1.6.2.2
+
--- a/qemu-use-statfs-to-determine-huge-page-size.patch
+++ b/qemu-use-statfs-to-determine-huge-page-size.patch
@ -0,0 +1,117 @@
+From 046661932789fd11acc1293e2106a3eba3e6c840 Mon Sep 17 00:00:00 2001
+From: Joerg Roedel <joerg.roedel@amd.com>
+Date: Fri, 27 Mar 2009 15:34:38 +0100
+Subject: [PATCH] Use statfs to determine size of huge pages
+
+The current method of finding out the size of huge pages does not work
+reliably anymore. Current Linux supports more than one huge page size
+but /proc/meminfo only show one of the supported sizes.
+To find out the real page size used can be found by calling statfs. This
+patch changes qemu to use statfs instead of parsing /proc/meminfo.
+
+(cherry picked from commit f1ac0931a1aeadab2569b7001ec35250e695d94f)
+
+Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
+Signed-off-by: Avi Kivity <avi@redhat.com>
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: qemu-use-statfs-to-determine-huge-page-size.patch
+---
+ sysemu.h |    2 +-
+ vl.c     |   42 +++++++++++++++++++-----------------------
+ 2 files changed, 20 insertions(+), 24 deletions(-)
+
+diff --git a/sysemu.h b/sysemu.h
+index 7ca08c1..e8e746d 100644
+--- a/sysemu.h
+++ b/sysemu.h
+@@ -100,7 +100,7 @@ extern int graphic_rotate;
+ extern int no_quit;
+ extern int semihosting_enabled;
+ extern int old_param;
+-extern int hpagesize;
+extern long hpagesize;
+ extern const char *bootp_filename;
+ 
+ #ifdef USE_KQEMU
+diff --git a/vl.c b/vl.c
+index 1774d1c..0bfa380 100644
+--- a/vl.c
+++ b/vl.c
+@@ -62,6 +62,7 @@
+ #include <sys/ioctl.h>
+ #include <sys/resource.h>
+ #include <sys/socket.h>
+#include <sys/vfs.h>
+ #include <netinet/in.h>
+ #include <net/if.h>
+ #if defined(__NetBSD__)
+@@ -256,7 +257,7 @@ const char *mem_path = NULL;
+ #ifdef MAP_POPULATE
+ int mem_prealloc = 1;	/* force preallocation of physical target memory */
+ #endif
+-int hpagesize = 0;
+long hpagesize = 0;
+ const char *cpu_vendor_string;
+ #ifdef TARGET_ARM
+ int old_param = 0;
+@@ -4722,32 +4723,27 @@ void qemu_get_launch_info(int *argc, char ***argv, int *opt_daemonize, const cha
+ }
+ 
+ #ifdef USE_KVM
+-static int gethugepagesize(void)
+
+#define HUGETLBFS_MAGIC       0x958458f6
+
+static long gethugepagesize(const char *path)
+ {
+-    int ret, fd;
+-    char buf[4096];
+-    const char *needle = "Hugepagesize:";
+-    char *size;
+-    unsigned long hugepagesize;
+    struct statfs fs;
+    int ret;
+ 
+-    fd = open("/proc/meminfo", O_RDONLY);
+-    if (fd < 0) {
+-	perror("open");
+-	exit(0);
+-    }
+    do {
+	    ret = statfs(path, &fs);
+    } while (ret != 0 && errno == EINTR);
+ 
+-    ret = read(fd, buf, sizeof(buf));
+-    if (ret < 0) {
+-	perror("read");
+-	exit(0);
+    if (ret != 0) {
+	    perror("statfs");
+	    return 0;
+     }
+ 
+-    size = strstr(buf, needle);
+-    if (!size)
+-	return 0;
+-    size += strlen(needle);
+-    hugepagesize = strtol(size, NULL, 0);
+-    return hugepagesize;
+    if (fs.f_type != HUGETLBFS_MAGIC)
+	    fprintf(stderr, "Warning: path not on HugeTLBFS: %s\n", path);
+
+    return fs.f_bsize;
+ }
+ 
+ static void *alloc_mem_area(size_t memory, unsigned long *len, const char *path)
+@@ -4767,7 +4763,7 @@ static void *alloc_mem_area(size_t memory, unsigned long *len, const char *path)
+     if (asprintf(&filename, "%s/kvm.XXXXXX", path) == -1)
+ 	return NULL;
+ 
+-    hpagesize = gethugepagesize() * 1024;
+    hpagesize = gethugepagesize(path);
+     if (!hpagesize)
+ 	return NULL;
+ 
+-- 
+1.6.2.5
+
--- a/qemu.spec
+++ b/qemu.spec
@ -1,25 +1,21 @@
 Summary: QEMU is a FAST! processor emulator
 Name: qemu
-Version: 0.10
-Release: 8%{?dist}
-# I have mistakenly thought the revision name would be 1.0.
-# So 0.10 series get Epoch = 1
+Version: 0.10.6
+Release: 9%{?dist}
+# Epoch because we pushed a qemu-1.0 package
 Epoch: 2
 License: GPLv2+ and LGPLv2+ and BSD
 Group: Development/Tools
 URL: http://www.qemu.org/
-#Source0: http://www.qemu.org/%{name}-%{version}.tar.gz
-# git clone git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm.git
-# git clone git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm-userspace.git
-# echo "kdir=$(pwd)/kvm" > ~/.kvm-release-config
-# cd kvm-userspace
-# mkdir $(HOME)/sf-releases
-# ./scripts/make-release kvm-85rc-1.git-snapshot-date +%Y%m%d HEAD HEAD

-Source0: qemu-kvm-%{version}.tar.gz
+Source0: http://downloads.sourceforge.net/sourceforge/kvm/qemu-kvm-%{version}.tar.gz
 Source1: qemu.init
 Source2: kvm.modules

+# Patches for bug #503156 and bug #501131
+# Both will be include in qemu-kvm-0.10.7
+Patch100: qemu-fix-vnc-copyrect-screen-corruption.patch
+Patch101: qemu-fix-vnc-disconnect-segfault.patch

 Patch1: 01-tls-handshake-fix.patch
 Patch2: 02-vnc-monitor-info.patch
@ -32,16 +28,23 @@ Patch8: 08-vnc-acl-mgmt.patch

 Patch9: kvm-upstream-ppc.patch
 Patch10: qemu-fix-debuginfo.patch
-Patch11: qemu-fix-gcc.patch
-Patch12: qemu-roms-more-room.patch
+Patch11: qemu-roms-more-room.patch
+Patch12: qemu-roms-more-room-fix-vga-align.patch
 Patch13: qemu-bios-bigger-roms.patch
-Patch14: qemu-fix-display-breakage.patch
-Patch15: qemu-fix-qcow2-2TB.patch
+Patch14: qemu-kvm-fix-kerneldir-includes.patch
+Patch15: qemu-avoid-harmless-msr-warnings.patch
+Patch16: qemu-ppc-on-ppc.patch
+Patch17: qemu-use-statfs-to-determine-huge-page-size.patch
+Patch18: qemu-allow-pulseaudio-to-be-the-default.patch
+Patch19: qemu-fix-virtio-net-gso-support.patch
+Patch20: qemu-fix-msr-count-potential-segfault.patch
+Patch21: qemu-disable-copyrect-encoding.patch

 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: SDL-devel zlib-devel which texi2html gnutls-devel cyrus-sasl-devel
 BuildRequires: rsync dev86 iasl
 BuildRequires: pciutils-devel
+BuildRequires: pulseaudio-libs-devel
 Requires: %{name}-user = %{epoch}:%{version}-%{release}
 Requires: %{name}-system-x86 = %{epoch}:%{version}-%{release}
 Requires: %{name}-system-sparc = %{epoch}:%{version}-%{release}
@ -68,6 +71,21 @@ emulation speed by using dynamic translation. QEMU has two operating modes:

 As QEMU requires no host kernel patches to run, it is safe and easy to use.

+%package kvm
+Summary: QEMU metapackage for KVM support
+Group: Development/Tools
+%ifarch %{ix86} x86_64
+Requires: qemu-system-x86 = %{epoch}:%{version}-%{release}
+%endif
+%ifarch ppc ppc64
+Requires: qemu-system-ppc = %{epoch}:%{version}-%{release}
+%endif
+
+%description kvm
+This is a meta-package that provides a qemu-system-<arch> package for native
+architectures where kvm can be enabled. For example, in an x86 system, this
+will install qemu-system-x86
+
 %package  img
 Summary: QEMU command line tool for manipulating disk images
 Group: Development/Tools
@ -103,14 +121,15 @@ This package provides the user mode emulation of qemu targets
 Summary: QEMU system emulator for x86
 Group: Development/Tools
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
-Requires: etherboot-zroms-kvm
-Requires: vgabios
-Requires: bochs-bios >= 2.3.8-0.5
 Provides: kvm = 85
 Obsoletes: kvm < 85
-%ifarch %{ix86} x86_64
-Provides: qemu-kvm = %{epoch}:%{version}-%{release}
-%endif
+Requires: vgabios
+Requires: bochs-bios >= 2.3.8-0.5
+Requires: /usr/share/etherboot/e1000-82542.zrom
+Requires: /usr/share/etherboot/rtl8029.zrom
+Requires: /usr/share/etherboot/pcnet32.zrom
+Requires: /usr/share/etherboot/rtl8139.zrom
+Requires: /usr/share/etherboot/virtio-net.zrom

 %description system-x86
 QEMU is a generic and open source processor emulator which achieves a good
@ -125,9 +144,6 @@ Summary: QEMU system emulator for ppc
 Group: Development/Tools
 Requires: %{name}-common = %{epoch}:%{version}-%{release}
 Requires: openbios-ppc
-%ifarch ppc ppc64
-Provides: qemu-kvm = %{epoch}:%{version}-%{release}
-%endif
 %description system-ppc
 QEMU is a generic and open source processor emulator which achieves a good
 emulation speed by using dynamic translation.
@ -207,6 +223,9 @@ such as kvmtrace and kvm_stat.
 %prep
 %setup -q -n qemu-kvm-%{version}

+%patch100 -p1
+%patch101 -p1
+
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
@ -222,6 +241,12 @@ such as kvmtrace and kvm_stat.
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
+%patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
+%patch20 -p1
+%patch21 -p1

 %build
 # systems like rhel build system does not have a recent enough linker so
@ -241,26 +266,28 @@ else
 fi

 %ifarch %{ix86} x86_64
-# sdl outputs to alsa or pulseaudio directly depending on what the system has configured
+# sdl outputs to alsa or pulseaudio depending on system config, but it's broken (#495964)
 # alsa works, but causes huge CPU load due to bugs
 # oss works, but is very problematic because it grabs exclusive control of the device causing other apps to go haywire
 ./configure --target-list=x86_64-softmmu \
-            --kerneldir=$(pwd)/kernel --prefix=%{_prefix} \
-            --audio-drv-list=sdl,alsa,oss \
-            --with-patched-kernel \
+            --prefix=%{_prefix} \
+            --audio-drv-list=pa,sdl,alsa,oss \
            --disable-strip \
-            --qemu-ldflags=$extraldflags \
-            --qemu-cflags="$RPM_OPT_FLAGS"
+            --extra-ldflags=$extraldflags \
+            --extra-cflags="$RPM_OPT_FLAGS"

 make V=1 %{?_smp_mflags} $buildldflags
-cp qemu/x86_64-softmmu/qemu-system-x86_64 qemu-kvm
-cp user/kvmtrace  .
-cp user/kvmtrace_format  .
+cp -a x86_64-softmmu/qemu-system-x86_64 qemu-kvm
 make clean
+
+make -C kvm/extboot extboot.bin
+
+cd kvm/user
+./configure --prefix=%{_prefix} --kerneldir=$(pwd)/../kernel/
+make kvmtrace
+cd ../../
 %endif

-echo "%{name}-%{version}" > $(pwd)/kernel/.kernelrelease
-cd qemu
 ./configure \
    --target-list="i386-softmmu x86_64-softmmu arm-softmmu cris-softmmu m68k-softmmu \
                mips-softmmu mipsel-softmmu mips64-softmmu mips64el-softmmu ppc-softmmu \
@ -272,15 +299,13 @@ cd qemu
                sparc32plus-linux-user" \
    --prefix=%{_prefix} \
    --interp-prefix=%{_prefix}/qemu-%%M \
-    --kerneldir=$(pwd)/../kernel --prefix=%{_prefix} \
-    --disable-strip \
+    --audio-drv-list=pa,sdl,alsa,oss \
    --disable-kvm \
+    --disable-strip \
    --extra-ldflags=$extraldflags \
-    --audio-drv-list=sdl,alsa,oss \
    --extra-cflags="$RPM_OPT_FLAGS"

-
-make %{?_smp_mflags} $buildldflags
+make V=1 %{?_smp_mflags} $buildldflags

 %install
 rm -rf $RPM_BUILD_ROOT
@ -288,34 +313,34 @@ rm -rf $RPM_BUILD_ROOT
 %ifarch %{ix86} x86_64
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/modules
 mkdir -p $RPM_BUILD_ROOT%{_bindir}/
+mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}

 install -m 0755 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sysconfig/modules/kvm.modules
-install -m 0755 kvmtrace $RPM_BUILD_ROOT%{_bindir}/
-install -m 0755 kvmtrace_format $RPM_BUILD_ROOT%{_bindir}/
-install -m 0755 kvm_stat $RPM_BUILD_ROOT%{_bindir}/
-
+install -m 0755 kvm/extboot/extboot.bin $RPM_BUILD_ROOT%{_datadir}/%{name}
+install -m 0755 kvm/user/kvmtrace $RPM_BUILD_ROOT%{_bindir}/
+install -m 0755 kvm/user/kvmtrace_format $RPM_BUILD_ROOT%{_bindir}/
+install -m 0755 kvm/kvm_stat $RPM_BUILD_ROOT%{_bindir}/
 install -m 0755 qemu-kvm $RPM_BUILD_ROOT%{_bindir}/
 %endif

-cd qemu
 make prefix="${RPM_BUILD_ROOT}%{_prefix}" \
     bindir="${RPM_BUILD_ROOT}%{_bindir}" \
-     sharedir="${RPM_BUILD_ROOT}%{_prefix}/share/qemu" \
+     sharedir="${RPM_BUILD_ROOT}%{_datadir}/%{name}" \
     mandir="${RPM_BUILD_ROOT}%{_mandir}" \
     docdir="${RPM_BUILD_ROOT}%{_docdir}/%{name}-%{version}" \
-     datadir="${RPM_BUILD_ROOT}%{_prefix}/share/qemu" install
+     datadir="${RPM_BUILD_ROOT}%{_datadir}/%{name}" install
 chmod -x ${RPM_BUILD_ROOT}%{_mandir}/man1/*
 install -D -p -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/qemu
 install -D -p -m 0644 -t ${RPM_BUILD_ROOT}/%{qemudocdir} Changelog README TODO COPYING COPYING.LIB LICENSE

 install -D -p -m 0644 qemu.sasl $RPM_BUILD_ROOT%{_sysconfdir}/sasl2/qemu.conf

-rm -rf ${RPM_BUILD_ROOT}/usr/share//qemu/pxe*bin
-rm -rf ${RPM_BUILD_ROOT}/usr/share//qemu/vgabios*bin
-rm -rf ${RPM_BUILD_ROOT}/usr/share//qemu/bios.bin
-rm -rf ${RPM_BUILD_ROOT}/usr/share//qemu/openbios-ppc
-rm -rf ${RPM_BUILD_ROOT}/usr/share//qemu/openbios-sparc32
-rm -rf ${RPM_BUILD_ROOT}/usr/share//qemu/openbios-sparc64
+rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/pxe*bin
+rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/vgabios*bin
+rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/bios.bin
+rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/openbios-ppc
+rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/openbios-sparc32
+rm -rf ${RPM_BUILD_ROOT}%{_datadir}/%{name}/openbios-sparc64

 # the pxe etherboot images will be symlinks to the images on
 # /usr/share/etherboot, as QEMU doesn't know how to look
@ -329,20 +354,18 @@ pxe_link ne2k_pci ne
 pxe_link pcnet pcnet32
 pxe_link rtl8139 rtl8139
 pxe_link virtio virtio-net
-ln -s ../vgabios/VGABIOS-lgpl-latest.bin  %{buildroot}/%{_prefix}/share/qemu/vgabios.bin
-ln -s ../vgabios/VGABIOS-lgpl-latest.cirrus.bin %{buildroot}/%{_prefix}/share/qemu/vgabios-cirrus.bin
-ln -s ../bochs/BIOS-bochs-kvm %{buildroot}/%{_prefix}/share/qemu/bios.bin
-ln -s ../openbios/openbios-ppc %{buildroot}/%{_prefix}/share/qemu/openbios-ppc
-ln -s ../openbios/openbios-sparc32 %{buildroot}/%{_prefix}/share/qemu/openbios-sparc32
-ln -s ../openbios/openbios-sparc64 %{buildroot}/%{_prefix}/share/qemu/openbios-sparc64
-
-
+ln -s ../vgabios/VGABIOS-lgpl-latest.bin  %{buildroot}/%{_datadir}/%{name}/vgabios.bin
+ln -s ../vgabios/VGABIOS-lgpl-latest.cirrus.bin %{buildroot}/%{_datadir}/%{name}/vgabios-cirrus.bin
+ln -s ../bochs/BIOS-bochs-kvm %{buildroot}/%{_datadir}/%{name}/bios.bin
+ln -s ../openbios/openbios-ppc %{buildroot}/%{_datadir}/%{name}/openbios-ppc
+ln -s ../openbios/openbios-sparc32 %{buildroot}/%{_datadir}/%{name}/openbios-sparc32
+ln -s ../openbios/openbios-sparc64 %{buildroot}/%{_datadir}/%{name}/openbios-sparc64

 %clean
 rm -rf $RPM_BUILD_ROOT

 %post system-x86
-%ifarch %{ix86}
+%ifarch %{ix86} x86_64
 # load kvm modules now, so we can make sure no reboot is needed.
 # If there's already a kvm module installed, we don't mess with it
 sh /%{_sysconfdir}/sysconfig/modules/kvm.modules
@ -365,6 +388,9 @@ fi
 %files 
 %defattr(-,root,root)

+%files kvm
+%defattr(-,root,root)
+
 %files common
 %defattr(-,root,root)
 %doc %{qemudocdir}/Changelog
@ -375,8 +401,8 @@ fi
 %doc %{qemudocdir}/COPYING 
 %doc %{qemudocdir}/COPYING.LIB 
 %doc %{qemudocdir}/LICENSE
-%dir %{_prefix}/share/qemu/
-%{_prefix}/share/qemu/keymaps/
+%dir %{_datadir}/%{name}/
+%{_datadir}/%{name}/keymaps/
 %{_mandir}/man1/qemu.1*
 %{_mandir}/man8/qemu-nbd.8*
 %{_bindir}/qemu-nbd
@ -405,16 +431,16 @@ fi
 %defattr(-,root,root)
 %{_bindir}/qemu
 %{_bindir}/qemu-system-x86_64
-%{_prefix}/share/qemu/bios.bin
-%{_prefix}/share/qemu/vgabios.bin
-%{_prefix}/share/qemu/vgabios-cirrus.bin
-%{_prefix}/share/qemu/pxe-e1000.bin
-%{_prefix}/share/qemu/pxe-virtio.bin
-%{_prefix}/share/qemu/pxe-pcnet.bin
-%{_prefix}/share/qemu/pxe-rtl8139.bin
-%{_prefix}/share/qemu/pxe-ne2k_pci.bin
+%{_datadir}/%{name}/bios.bin
+%{_datadir}/%{name}/vgabios.bin
+%{_datadir}/%{name}/vgabios-cirrus.bin
+%{_datadir}/%{name}/pxe-e1000.bin
+%{_datadir}/%{name}/pxe-virtio.bin
+%{_datadir}/%{name}/pxe-pcnet.bin
+%{_datadir}/%{name}/pxe-rtl8139.bin
+%{_datadir}/%{name}/pxe-ne2k_pci.bin
 %ifarch %{ix86} x86_64
-%{_prefix}/share/qemu/extboot.bin
+%{_datadir}/%{name}/extboot.bin
 %{_bindir}/qemu-kvm
 %{_sysconfdir}/sysconfig/modules/kvm.modules
 %files kvm-tools
@ -426,8 +452,8 @@ fi
 %files system-sparc
 %defattr(-,root,root)
 %{_bindir}/qemu-system-sparc
-%{_prefix}/share/qemu/openbios-sparc32
-%{_prefix}/share/qemu/openbios-sparc64
+%{_datadir}/%{name}/openbios-sparc32
+%{_datadir}/%{name}/openbios-sparc64
 %files system-arm
 %defattr(-,root,root)
 %{_bindir}/qemu-system-arm
@ -442,10 +468,10 @@ fi
 %{_bindir}/qemu-system-ppc
 %{_bindir}/qemu-system-ppc64
 %{_bindir}/qemu-system-ppcemb
-%{_prefix}/share/qemu/openbios-ppc
-%{_prefix}/share/qemu/video.x
-%{_prefix}/share/qemu/bamboo.dtb
-%{_prefix}/share/qemu/ppc_rom.bin
+%{_datadir}/%{name}/openbios-ppc
+%{_datadir}/%{name}/video.x
+%{_datadir}/%{name}/bamboo.dtb
+%{_datadir}/%{name}/ppc_rom.bin
 %files system-cris
 %defattr(-,root,root)
 %{_bindir}/qemu-system-cris
@ -463,6 +489,141 @@ fi
 %{_mandir}/man1/qemu-img.1*

 %changelog
+* Fri Oct 23 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.6-9
+- Disable the vnc CopyRect encoding since it's still broken (#503156)
+
+* Mon Oct 19 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.6-8
+- Fix potential segfault from too small MSR_COUNT (#528901)
+
+* Mon Oct  5 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.6-7
+- Use rtl8029 PXE rom for ne2k_pci, not ne (#526243)
+- Also, replace the etherboot-zroms-kvm pkg requires with file-based requires
+
+* Tue Sep 29 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.6-6
+- Fix broken virtio-net with 2.6.30 guests (#522994)
+
+* Fri Sep 11 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.6-5
+- Fix vnc segfault on disconnect (#501131)
+- Fix vnc screen corruption with e.g. xterm (#503156)
+- Rebase vnc sasl patches on top of these two vnc fixes
+
+* Fri Sep  4 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.6-4
+- Make pulseaudio the default audio backend (#519540, #495964, #496627)
+
+* Fri Sep  4 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.6-3
+- Use statfs to determine huge page size, fixing fd leak (#519378)
+
+* Tue Aug 18 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.6-2
+- Allow blacklisting of kvm modules (#517866)
+
+* Tue Aug  4 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.6-1
+- Update to qemu-kvm-0.10.6; upstream ChangeLog:
+   - merge qemu 0.10.6
+      - fix -net socket,listen
+      - live migration: don't send gratuitous packets all at once
+      - serial: fix lost characters after sysrq
+      - Delete io-handler before closing fd after migration
+      - Fix qemu_aio_flush
+      - i386: fix cpu reset
+      - Prevent CD-ROM eject while device is locked
+      - Fix migration after hot remove with eepro100
+      - Don't start a VM after failed migration if stopped
+      - Fix live migration under heavy IO load
+      - Honor -S on incoming migration
+      - Reset PS2 keyboard/mouse on reset
+   - build and install extboot
+- Drop upstreamed qemu-prevent-cdrom-media-eject-while-device-is-locked.patch
+  and qemu-fix-net-socket-list-init.patch and
+
+* Wed Jun 17 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.5-3
+- ppc-on-ppc fix (#504273)
+- Fix -kernel regression (#506443)
+
+* Wed Jun  3 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.5-2
+- Prevent locked cdrom eject - fixes hang at end of anaconda installs (#501412)
+- Fix crash with '-net socket,listen=...' (#501264)
+- Avoid harmless 'unhandled wrmsr' warnings (#499712)
+
+* Sun May 31 2009 Glauber Costa <glommer@redhat.com> - 2:0.10.5-1
+- Update to 0.10.5, and remove already upstream patches
+    qemu-fix-gcc.patch
+    qemu-fix-load-linux.patch
+    qemu-dma-aio-cancellation1.patch
+    qemu-dma-aio-cancellation2.patch
+    qemu-dma-aio-cancellation3.patch
+    qemu-dma-aio-cancellation4.patch
+    + all cpuid trimming
+
+  Conflicts:
+    qemu-roms-more-room.patch
+
+* Mon May 18 2009 Glauber Costa <glommer@redhat.com> - 2:0.10.4-5
+- Backport cpuid trimming from upstream (#499596)
+
+* Thu May 14 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.4-4
+- Cherry pick more DMA AIO cancellation fixes from upstream (#497170)
+
+* Wed May 13 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.4-3
+- Fix mixup between kvm.modules and the init script (reported by Rich Jones)
+
+* Wed May 13 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.4-2
+- Fix -kernel bustage in upstream 0.10.4
+
+* Tue May 12 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10.4-1
+- Update to 0.10.4
+- Fix yet more qcow2 corruption (#498405)
+- AIO cancellation fixes (#497170)
+- Fix VPC image size overflow (#491981)
+- Fix oops with 2.6.25 virtio guest (#470386)
+- Enable pulseaudio driver (#495964, #496627)
+- Fix cpuid initialization
+- Fix HPET emulation
+- Fix storage hotplug error handling
+- Migration fixes
+- Block range checking fixes
+- Make PCI config status register read-only
+- Handle newer Xorg keymap names
+- Don't leak memory on NIC hot-unplug
+- Hook up keypad keys for qemu console emulation
+- Correctly run on kernels lacking mmu notifiers
+- Support DDIM option ROMs
+- Fix PCI NIC error handling
+- Fix in-kernel LAPIC initialization
+- Fix broken e1000 PCI config space
+- Drop some patches which have been upstreamed
+- Drop the make-release script; we have an official tarball now
+
+* Tue May 12 2009 Glauber Costa <glommer@redhat.com> - 2:0.10-18
+- move option rom setup function to the beginning of the file. This
+  avoids static vs non-static issues, and is the way upstream does
+
+* Tue May 12 2009 Glauber Costa <glommer@redhat.com> - 2:0.10-17
+- fix reboot with -kernel parameter (#499666)
+
+* Fri May  1 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10-16
+- Really provide qemu-kvm as a metapackage
+
+* Fri Apr 27 2009 Glauber Costa <glommer@redhat.com> - 2:0.10-15
+- provide qemu-kvm as a metapackage
+
+* Fri Apr 24 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10-14
+- Fix source numbering typos caused by make-release addition
+
+* Thu Apr 23 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10-13
+- Improve instructions for generating the tarball
+
+* Tue Apr 21 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10-12
+- Another qcow2 image corruption fix (#496642)
+
+* Mon Apr 20 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10-11
+- Fix qcow2 image corruption (#496642)
+
+* Sun Apr 19 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10-10
+- Run sysconfig.modules from %post on x86_64 too (#494739)
+
+* Sun Apr 19 2009 Mark McLoughlin <markmc@redhat.com> - 2:0.10-9
+- Align VGA ROM to 4k boundary - fixes 'qemu-kvm -std vga' (#494376)
+
 * Tue Apr  14 2009 Glauber Costa <glommer@redhat.com> - 2:0.10-8
 - Provide qemu-kvm conditional on the architecture.

--- a/2
+++ b/2
@ -1 +1 @@
-04c32fb43c722f180654f53e04ad17dd  qemu-kvm-0.10.tar.gz
+704101efb98a271763342ef5b187a3bd  qemu-kvm-0.10.6.tar.gz
Author	SHA1	Message	Date
Fedora Release Engineering	3624912650	dist-git conversion	2010-07-29 10:59:34 +00:00
Bill Nottingham	faa75016c8	Fix typo that causes a failure to update the common directory. (releng #2781)	2009-11-26 01:16:14 +00:00
Mark McLoughlin	12c209d40c	- Disable the vnc CopyRect encoding since it's still broken (#503156 )	2009-10-23 12:48:18 +00:00
Mark McLoughlin	7238c68414	- Fix potential segfault from too small MSR_COUNT (#528901 )	2009-10-19 10:33:43 +00:00
Mark McLoughlin	05392e2b17	- Use rtl8029 PXE rom for ne2k_pci, not ne (#526243 ) - Also, replace the etherboot-zroms-kvm pkg requires with file-based requires	2009-10-05 14:39:50 +00:00
Mark McLoughlin	f79b7a0f75	- Fix broken virtio-net with 2.6.30 guests (#522994 )	2009-09-29 20:53:23 +00:00
Mark McLoughlin	9de18a3c72	Fix changelog	2009-09-11 11:16:05 +00:00
Mark McLoughlin	188e3980df	- Fix vnc segfault on disconnect (#501131 ) - Fix vnc screen corruption with e.g. xterm (#503156) - Rebase vnc sasl patches on top of these two vnc fixes	2009-09-11 11:13:08 +00:00
Mark McLoughlin	98ab730460	- Make pulseaudio the default audio backend (#519540 , #495964 , #496627 )	2009-09-04 10:38:39 +00:00
Mark McLoughlin	09f1b9b09f	- Use statfs to determine huge page size, fixing fd leak (#519378 )	2009-09-04 10:09:56 +00:00
Mark McLoughlin	37ffcaef87	- Allow blacklisting of kvm modules (#517866 )	2009-08-18 10:06:17 +00:00
Mark McLoughlin	d28bc6cae6	- Update to qemu-kvm-0.10.6; upstream ChangeLog: - merge qemu 0.10.6 - fix -net socket,listen - live migration: don't send gratuitous packets all at once - serial: fix lost characters after sysrq - Delete io-handler before closing fd after migration - Fix qemu_aio_flush - i386: fix cpu reset - Prevent CD-ROM eject while device is locked - Fix migration after hot remove with eepro100 - Don't start a VM after failed migration if stopped - Fix live migration under heavy IO load - Honor -S on incoming migration - Reset PS2 keyboard/mouse on reset - build and install extboot - Drop upstreamed qemu-prevent-cdrom-media-eject-while-device-is-locked.patch and qemu-fix-net-socket-list-init.patch and	2009-08-04 15:35:42 +00:00
Mark McLoughlin	be685f76dc	Patches now managed in a git tree: http://git.et.redhat.com/?p=qemu-fedora.git Update the current patches with ones produced using format-patch, no real changes here. Drop a couple of patches which aren't referenced in the spec file	2009-06-24 16:43:44 +00:00
Mark McLoughlin	64e09b6f85	Fix the fix	2009-06-17 13:03:00 +00:00
Mark McLoughlin	4e10e2ca03	- ppc-on-ppc fix (#504273 ) - Fix -kernel regression (#506443)	2009-06-17 12:02:48 +00:00
Mark McLoughlin	693d0df483	- Prevent locked cdrom eject - fixes hang at end of anaconda installs (#501412) - Fix crash with '-net socket,listen=...' (#501264) - Avoid harmless 'unhandled wrmsr' warnings (#499712)	2009-06-03 15:04:28 +00:00
Glauber Costa	a3a6d37506	stable 0.10.5	2009-05-31 14:42:34 +00:00
Mark McLoughlin	7bfaaeea5b	file qemu-vnc-segfault.patch was initially added on branch private-markmc-bz501131.	2009-05-22 15:19:29 +00:00
Glauber Costa	230a700d68	- Backport cpuid trimming from upstream (#499596 )	2009-05-19 03:00:56 +00:00
Mark McLoughlin	55174971f3	- Cherry pick more DMA AIO cancellation fixes from upstream (#497170 )	2009-05-14 11:00:13 +00:00
Mark McLoughlin	da507400d2	- Fix mixup between kvm.modules and the init script (reported by Rich Jones)	2009-05-13 14:27:42 +00:00
Mark McLoughlin	3be7fb57ab	- Fix -kernel bustage in upstream 0.10.4	2009-05-13 11:21:59 +00:00
Mark McLoughlin	35aa5183e5	- Update to 0.10.4 - Fix yet more qcow2 corruption (#498405) - AIO cancellation fixes (#497170) - Fix VPC image size overflow (#491981) - Fix oops with 2.6.25 virtio guest (#470386) - Enable pulseaudio driver (#495964, #496627) - Fix cpuid initialization - Fix HPET emulation - Fix storage hotplug error handling - Migration fixes - Block range checking fixes - Make PCI config status register read-only - Handle newer Xorg keymap names - Don't leak memory on NIC hot-unplug - Hook up keypad keys for qemu console emulation - Correctly run on kernels lacking mmu notifiers - Support DDIM option ROMs - Fix PCI NIC error handling - Fix in-kernel LAPIC initialization - Fix broken e1000 PCI config space - Drop some patches which have been upstreamed - Drop the make-release script; we have an official tarball now	2009-05-13 08:35:55 +00:00
Mark McLoughlin	c3836569ba	Add a bug number for the -kernel fix	2009-05-12 15:31:15 +00:00
Glauber Costa	e1b91d5560	move definition of option rom reset functions to beginning of file	2009-05-12 14:15:52 +00:00
Glauber Costa	fe1b7c1a3e	fix boot with -kernel parameter	2009-05-12 13:34:16 +00:00
Mark McLoughlin	e5eca305a1	- Really provide qemu-kvm as a metapackage	2009-05-01 12:13:58 +00:00
Glauber Costa	bfaa34d5d0	qemu-kvm metapackage	2009-04-28 00:37:11 +00:00
Mark McLoughlin	221f79032f	- Fix source numbering typos caused by make-release addition	2009-04-24 17:11:36 +00:00
Mark McLoughlin	1c67dd08be	Add forgotten file	2009-04-23 10:29:46 +00:00
Mark McLoughlin	864e5d1926	Include the make-release script in the src.rpm	2009-04-23 10:22:54 +00:00
Mark McLoughlin	de59df8344	- Improve instructions for generating the tarball	2009-04-23 10:14:18 +00:00
Mark McLoughlin	618edfe5f3	- Another qcow2 image corruption fix (#496642 )	2009-04-21 09:04:20 +00:00
Mark McLoughlin	749234291f	- Fix qcow2 image corruption (#496642 )	2009-04-20 13:52:28 +00:00
Mark McLoughlin	664b398980	- Run sysconfig.modules from %post on x86_64 too (#494739 )	2009-04-19 15:35:03 +00:00
Mark McLoughlin	af8c55bb62	- Align VGA ROM to 4k boundary - fixes 'qemu-kvm -std vga' (#494376 )	2009-04-19 11:02:16 +00:00
Jesse Keating	b8f8668a84	Initialize branch F-11 for qemu	2009-04-15 07:05:18 +00:00