Drop patches applied upstream

  Allow-libvirt-to-kill-unconfined-domains.patch
  Drop qemu-avoid-denial-of-service-reading-from-QEMU-monitor-CV.patch

debian/patches/Allow-libvirt-to-kill-unconfined-domains.patch

-From: intrigeri <intrigeri+libvirt@boum.org>
-Date: Mon, 15 Jan 2018 09:29:47 +0100
-Subject: Allow libvirt to kill unconfined domains
-
-On startup libvirtd runs a number of QEMU processes unconfined such as:
-
-  /usr/bin/qemu-system-x86_64 -S -no-user-config -nodefaults -nographic -machine none,accel=kvm:tcg -qmp unix:/var/lib/libvirt/qemu/capabilities.monitor.sock,server,nowait -pidfile /var/lib/libvirt/qemu/capabilities.pidfile -daemonize
-
-libvirtd needs to be allowed to kill these processes, otherwise they
-remain running.
----
- examples/apparmor/usr.sbin.libvirtd | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
-index bd7796c..4d220c2 100644
---- a/examples/apparmor/usr.sbin.libvirtd
-+++ b/examples/apparmor/usr.sbin.libvirtd
-@@ -63,6 +63,7 @@
- 
-   signal (send) peer=/usr/sbin/dnsmasq,
-   signal (read, send) peer=libvirt-*,
-+  signal (send) set=("kill") peer=unconfined,
- 
-   # Very lenient profile for libvirtd since we want to first focus on confining
-   # the guests. Guests will have a very restricted profile.

debian/patches/debian/apparmor_profiles_local_include.patch

@@ -20,10 +20,10 @@ index 6869685..f806e3c 100644
    #include <local/usr.lib.libvirt.virt-aa-helper>
  }
 diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
-index a1083b0..bd7796c 100644
+index 0ddec3f..4d220c2 100644
 --- a/examples/apparmor/usr.sbin.libvirtd
 +++ b/examples/apparmor/usr.sbin.libvirtd
-@@ -117,4 +117,7 @@
+@@ -118,4 +118,7 @@
  
     /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
    }

debian/patches/qemu-avoid-denial-of-service-reading-from-QEMU-monitor-CV.patch

-From: "Daniel P. Berrange" <berrange@redhat.com>
-Date: Tue, 16 Jan 2018 17:00:11 +0000
-Subject: qemu: avoid denial of service reading from QEMU monitor
- (CVE-2018-5748)
-
-We read from QEMU until seeing a \r\n pair to indicate a completed reply
-or event. To avoid memory denial-of-service though, we must have a size
-limit on amount of data we buffer. 10 MB is large enough that it ought
-to cope with normal QEMU replies, and small enough that we're not
-consuming unreasonable mem.
-
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
----
- src/qemu/qemu_monitor.c | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
-index 046caf0..85c7d68 100644
---- a/src/qemu/qemu_monitor.c
-+++ b/src/qemu/qemu_monitor.c
-@@ -55,6 +55,15 @@ VIR_LOG_INIT("qemu.qemu_monitor");
- #define DEBUG_IO 0
- #define DEBUG_RAW_IO 0
- 
-+/* We read from QEMU until seeing a \r\n pair to indicate a
-+ * completed reply or event. To avoid memory denial-of-service
-+ * though, we must have a size limit on amount of data we
-+ * buffer. 10 MB is large enough that it ought to cope with
-+ * normal QEMU replies, and small enough that we're not
-+ * consuming unreasonable mem.
-+ */
-+#define QEMU_MONITOR_MAX_RESPONSE (10 * 1024 * 1024)
-+
- struct _qemuMonitor {
-     virObjectLockable parent;
- 
-@@ -575,6 +584,12 @@ qemuMonitorIORead(qemuMonitorPtr mon)
-     int ret = 0;
- 
-     if (avail < 1024) {
-+        if (mon->bufferLength >= QEMU_MONITOR_MAX_RESPONSE) {
-+            virReportSystemError(ERANGE,
-+                                 _("No complete monitor response found in %d bytes"),
-+                                 QEMU_MONITOR_MAX_RESPONSE);
-+            return -1;
-+        }
-         if (VIR_REALLOC_N(mon->buffer,
-                           mon->bufferLength + 1024) < 0)
-             return -1;

debian/patches/series

@@ -17,6 +17,4 @@ debian/apparmor_profiles_local_include.patch
 Set-defaults-for-zfs-tools.patch
 Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
 apparmor-Allow-virt-aa-helper-to-access-the-name-service-.patch
-Allow-libvirt-to-kill-unconfined-domains.patch
 apparmor-allow-libvirt-to-send-term-signal-to-unconfined.patch
-qemu-avoid-denial-of-service-reading-from-QEMU-monitor-CV.patch