Rediff patches

Dropped patches for things fixed upstream:
 CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch
 apparmor-allow-usr-lib-qemu-qemu-bridge-helper.patchupstream
 virt-aa-helper-apparmor-allow-usr-share-OVMF-too.patch
 Allow-access-to-libnl-3-config-files.patch
 Dropped qemu-skip-QMP-probing-of-CPU-definitions-when-missing.patch

debian/patches/Allow-access-to-libnl-3-config-files.patch

-From: Felix Geyer <fgeyer@debian.org>
-Date: Sat, 13 Jun 2015 10:22:40 +0200
-Subject: Allow access to libnl-3 config files
-
-Closes: #786650
----
- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
-index 4a8f197..7804b72 100644
---- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
-+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
-@@ -16,9 +16,16 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
-   owner @{PROC}/[0-9]*/status r,
-   @{PROC}/filesystems r,
- 
-+  /etc/libnl-3/classid r,
-+
-   # for hostdev
-   /sys/devices/ r,
-   /sys/devices/** r,
-+  deny /dev/sd* r,
-+  deny /dev/vd* r,
-+  deny /dev/dm-* r,
-+  deny /dev/mapper/ r,
-+  deny /dev/mapper/* r,
- 
-   /usr/{lib,lib64}/libvirt/virt-aa-helper mr,
-   /{usr/,}sbin/apparmor_parser Ux,

debian/patches/Allow-xen-toolstack-to-find-it-s-binaries.patch

@@ -19,10 +19,10 @@ Closes: #685749
  12 files changed, 24 insertions(+), 26 deletions(-)
 
 diff --git a/docs/schemas/capability.rng b/docs/schemas/capability.rng
-index 88e08d2..bfbc8c9 100644
+index 071090c..fb20125 100644
 --- a/docs/schemas/capability.rng
 +++ b/docs/schemas/capability.rng
-@@ -294,13 +294,13 @@
+@@ -351,13 +351,13 @@
  
    <define name='emulator'>
      <element name='emulator'>

debian/patches/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch

@@ -7,10 +7,10 @@ Subject: Pass GPG_TTY env var to the ssh binary
  1 file changed, 1 insertion(+)
 
 diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
-index 325a7c7..8d20074 100644
+index d228c8a..021687f 100644
 --- a/src/rpc/virnetsocket.c
 +++ b/src/rpc/virnetsocket.c
-@@ -848,6 +848,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
+@@ -849,6 +849,7 @@ int virNetSocketNewConnectSSH(const char *nodename,
      virCommandAddEnvPassBlockSUID(cmd, "KRB5CCNAME", NULL);
      virCommandAddEnvPassBlockSUID(cmd, "SSH_AUTH_SOCK", NULL);
      virCommandAddEnvPassBlockSUID(cmd, "SSH_ASKPASS", NULL);

debian/patches/Reduce-udevadm-settle-timeout-to-10-seconds.patch

@@ -10,11 +10,11 @@ Closes: #663931
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/util/virutil.c b/src/util/virutil.c
-index bb0f2d2..61c436e 100644
+index e4de4ca..22d82ee5 100644
 --- a/src/util/virutil.c
 +++ b/src/util/virutil.c
-@@ -1585,7 +1585,7 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
- void virFileWaitForDevices(void)
+@@ -1521,7 +1521,7 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
+ void virWaitForDevices(void)
  {
  # ifdef UDEVADM
 -    const char *const settleprog[] = { UDEVADM, "settle", NULL };

debian/patches/Skip-vircgrouptest.patch

@@ -9,7 +9,7 @@ without sysfs mounted.
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/tests/vircgrouptest.c b/tests/vircgrouptest.c
-index f55ef74..9f8bc76 100644
+index 8af5e2c..8715800 100644
 --- a/tests/vircgrouptest.c
 +++ b/tests/vircgrouptest.c
 @@ -22,7 +22,7 @@

debian/patches/apparmor-allow-usr-lib-qemu-qemu-bridge-helper.patch

-From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
-Date: Thu, 16 Mar 2017 17:50:33 +0100
-Subject: apparmor: allow /usr/lib/qemu/qemu-bridge-helper
-
-This unbreaks e.g. gnome-boxes
----
- examples/apparmor/usr.sbin.libvirtd | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
-index c40930b..ef241a5 100644
---- a/examples/apparmor/usr.sbin.libvirtd
-+++ b/examples/apparmor/usr.sbin.libvirtd
-@@ -67,7 +67,7 @@
-   # allow changing to our UUID-based named profiles
-   change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
- 
--  /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
-+  /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
-   # child profile for bridge helper process
-   profile qemu_bridge_helper {
-    #include <abstractions/base>
-@@ -83,7 +83,7 @@
-    /etc/qemu/** r,
-    owner @{PROC}/*/status r,
- 
--   /usr/{lib,libexec}/qemu-bridge-helper rmix,
-+   /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
-   }
-   
-   # Site-specific additions and overrides. See local/README for details.

debian/patches/debian/Debianize-systemd-service-files.patch

@@ -8,7 +8,7 @@ Subject: Debianize systemd service files
  2 files changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/daemon/libvirtd.service.in b/daemon/libvirtd.service.in
-index c72dde5..8ce8622 100644
+index fbaf02f..0a73713 100644
 --- a/daemon/libvirtd.service.in
 +++ b/daemon/libvirtd.service.in
 @@ -19,8 +19,8 @@ Documentation=http://libvirt.org

debian/patches/debian/Debianize-virtlockd.patch

@@ -7,7 +7,7 @@ Subject: Debianize virtlockd
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
-index 69b568f..9fa2f9f 100644
+index c369591..1062f2c 100644
 --- a/src/locking/virtlockd.service.in
 +++ b/src/locking/virtlockd.service.in
 @@ -6,7 +6,7 @@ Documentation=man:virtlockd(8)

debian/patches/debian/Debianize-virtlogd.patch

@@ -7,7 +7,7 @@ Subject: Debianize virtlogd
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
-index 09e0740..87ac468 100644
+index 8b67317..959e625 100644
 --- a/src/logging/virtlogd.service.in
 +++ b/src/logging/virtlogd.service.in
 @@ -6,7 +6,7 @@ Documentation=man:virtlogd(8)

debian/patches/debian/Don-t-enable-default-network-on-boot.patch

@@ -9,10 +9,10 @@ to not interfere with existing network configurations
  2 files changed, 2 insertions(+), 4 deletions(-)
 
 diff --git a/src/Makefile.am b/src/Makefile.am
-index a85cd0d..3d5e5cf 100644
+index eae32dc..0848c2c 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
-@@ -3321,8 +3321,7 @@ if WITH_NETWORK
+@@ -3415,8 +3415,7 @@ if WITH_NETWORK
  	      $(DESTDIR)$(confdir)/qemu/networks/default.xml && \
  	    rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
  	( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \
@@ -23,10 +23,10 @@ index a85cd0d..3d5e5cf 100644
  
  uninstall-local:: uninstall-init uninstall-systemd
 diff --git a/src/Makefile.in b/src/Makefile.in
-index 81e1405..c068bdc 100644
+index cf7b25f..7c042c9 100644
 --- a/src/Makefile.in
 +++ b/src/Makefile.in
-@@ -12260,8 +12260,7 @@ install-data-local: install-init install-systemd
+@@ -12483,8 +12483,7 @@ install-data-local: install-init install-systemd
  @WITH_NETWORK_TRUE@	      $(DESTDIR)$(confdir)/qemu/networks/default.xml && \
  @WITH_NETWORK_TRUE@	    rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; }
  @WITH_NETWORK_TRUE@	( cd $(DESTDIR)$(confdir)/qemu/networks/autostart && \

debian/patches/debian/Use-upstreams-polkit-rule.patch

@@ -8,10 +8,10 @@ As of 1.2.16 upstream ships a Polkit rule like Debian does.
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/daemon/Makefile.am b/daemon/Makefile.am
-index 60c7368..6929d77 100644
+index d02ab33..b24994b 100644
 --- a/daemon/Makefile.am
 +++ b/daemon/Makefile.am
-@@ -306,14 +306,14 @@ install-data-polkit::
+@@ -308,14 +308,14 @@ install-data-polkit::
  	$(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
  if ! WITH_POLKIT0
  	$(MKDIR_P) $(DESTDIR)$(rulesdir)

debian/patches/debian/apparmor_profiles_local_include.patch

@@ -9,10 +9,10 @@ Include local apparmor profile
  2 files changed, 6 insertions(+)
 
 diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
-index 7804b72..abf340d 100644
+index 012080c..93ba74e 100644
 --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
 +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
-@@ -52,4 +52,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
+@@ -56,4 +56,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
    /**.vmdk r,
    /**.[iI][sS][oO] r,
    /**/disk{,.*} r,
@@ -21,12 +21,12 @@ index 7804b72..abf340d 100644
 +  #include <local/usr.lib.libvirt.virt-aa-helper>
  }
 diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
-index 8893e75..c40930b 100644
+index acb59e0..d9869a5 100644
 --- a/examples/apparmor/usr.sbin.libvirtd
 +++ b/examples/apparmor/usr.sbin.libvirtd
-@@ -85,4 +85,7 @@
+@@ -86,4 +86,7 @@
  
-    /usr/{lib,libexec}/qemu-bridge-helper rmix,
+    /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
    }
 +  
 +  # Site-specific additions and overrides. See local/README for details.

debian/patches/debian/remove-RHism.diff.patch

@@ -7,7 +7,7 @@ Subject: remove-RHism.diff
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/tools/virsh.pod b/tools/virsh.pod
-index 6c06ee0..b2e20e2 100644
+index 43d6f0c..2c604e7 100644
 --- a/tools/virsh.pod
 +++ b/tools/virsh.pod
 @@ -119,7 +119,7 @@ virsh is coming from and which options and driver are compiled in.

debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch

@@ -42,10 +42,10 @@ to savely detect that the command 'info migrate' is not implemented.
  1 file changed, 9 insertions(+), 1 deletion(-)
 
 diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
-index 9c9eeea..93bc334 100644
+index 737e838..47ffb59 100644
 --- a/src/qemu/qemu_monitor_text.c
 +++ b/src/qemu/qemu_monitor_text.c
-@@ -1482,7 +1482,15 @@ int qemuMonitorTextGetMigrationStats(qemuMonitorPtr mon,
+@@ -1476,7 +1476,15 @@ int qemuMonitorTextGetMigrationStats(qemuMonitorPtr mon,
              }
              stats->disk_total *= 1024;
          }

debian/patches/series

@@ -10,14 +10,9 @@ Allow-xen-toolstack-to-find-it-s-binaries.patch
 Skip-vircgrouptest.patch
 debian/Debianize-virtlockd.patch
 debian/Use-upstreams-polkit-rule.patch
-Allow-access-to-libnl-3-config-files.patch
 debian/apparmor_profiles_local_include.patch
-virt-aa-helper-apparmor-allow-usr-share-OVMF-too.patch
 Set-defaults-for-zfs-tools.patch
 Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
 openpty-Skip-test-if-no-pty-is-available.patch
 test-posix_openpt-don-t-fail-on-EACCESS.patch
 debian/Debianize-virtlogd.patch
-CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch
-apparmor-allow-usr-lib-qemu-qemu-bridge-helper.patch
-qemu-skip-QMP-probing-of-CPU-definitions-when-missing.patch

debian/patches/virt-aa-helper-apparmor-allow-usr-share-OVMF-too.patch

-From: Simon McVittie <smcv@debian.org>
-Date: Tue, 19 Jan 2016 21:27:57 +0000
-Subject: virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
-
-The split firmware and variables files introduced by
-https://bugs.debian.org/764918 are in a different directory for
-some reason. Let the virtual machine read both.
----
- examples/apparmor/libvirt-qemu | 1 +
- src/security/virt-aa-helper.c  | 1 +
- tests/virt-aa-helper-test      | 7 ++++++-
- 3 files changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
-index a9020aa..e0988bb 100644
---- a/examples/apparmor/libvirt-qemu
-+++ b/examples/apparmor/libvirt-qemu
-@@ -70,6 +70,7 @@
-   /usr/share/vgabios/** r,
-   /usr/share/seabios/** r,
-   /usr/share/ovmf/** r,
-+  /usr/share/OVMF/** r,
- 
-   # access PKI infrastructure
-   /etc/pki/libvirt-vnc/** r,
-diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
-index 5f5d1cd..6c5fc28 100644
---- a/src/security/virt-aa-helper.c
-+++ b/src/security/virt-aa-helper.c
-@@ -512,6 +512,7 @@ valid_path(const char *path, const bool readonly)
-         "/vmlinuz",
-         "/initrd",
-         "/initrd.img",
-+        "/usr/share/OVMF/",              /* for OVMF images */
-         "/usr/share/ovmf/"               /* for OVMF images */
-     };
-     /* override the above with these */
-diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
-index 1d03f5f..7e7a032 100755
---- a/tests/virt-aa-helper-test
-+++ b/tests/virt-aa-helper-test
-@@ -296,8 +296,13 @@ if [ -f /usr/share/ovmf/OVMF.fd ]; then
-         -e "s,###DISK###,$disk1,g" \
-         -e "s,</os>,<loader readonly='yes' type='pflash'>/usr/share/ovmf/OVMF.fd</loader></os>,g" "$template_xml" > "$test_xml"
-     testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml"
-+elif [ -f /usr/share/OVMF/OVMF.fd ]; then
-+    sed -e "s,###UUID###,$uuid,g"  \
-+        -e "s,###DISK###,$disk1,g" \
-+        -e "s,</os>,<loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF.fd</loader></os>,g" "$template_xml" > "$test_xml"
-+    testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml"
- else
--    echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd"
-+    echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd or /usr/share/OVMF/OVMF.fd"
- fi
- 
- sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<initrd>$tmpdir/initrd</initrd></os>,g" "$template_xml" > "$test_xml"