tools/virsh.pod | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] remove-rhism.diff

src/Makefile.am | 3 0 + 3 - 0 !
src/Makefile.in | 3 0 + 3 - 0 !
2 files changed, 6 deletions(-)

 [patch] qemu-disable-network.diff

daemon/libvirtd.conf | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 [patch] allow libvirt group to access the socket

src/xen/xen_hypervisor.c | 2 1 + 1 - 0 !
tests/xencapsdata/xen-i686-pae-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-be-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-ia64-hvm.xml | 2 1 + 1 - 0 !
tests/xencapsdata/xen-x86_64-hvm.xml | 4 2 + 2 - 0 !
5 files changed, 6 insertions(+), 6 deletions(-)

 [patch] fix debian specific path to hvm loader

Closes: #517059

src/remote/remote_driver.c | 47 40 + 7 - 0 !
1 file changed, 40 insertions(+), 7 deletions(-)

 [patch] autodetect if the remote nc command supports the -q option

src/qemu/qemu_monitor_text.c | 10 9 + 1 - 0 !
1 file changed, 9 insertions(+), 1 deletion(-)

 [patch] patch qemumonitortextgetmigrationstatus to intercept unknown command 'info migrate'

Debian package kvm up to version 72 has not implemented the command 'info migrate'.
This command interface returns help page of info commands and looks like this:

src/xen/block_stats.c | 12 12 + 0 - 0 !
1 file changed, 12 insertions(+)

 [patch] fix block statistics with newer versions of xen

Apparently the xen block device statistics moved from
"/sys/devices/xen-backend/vbd-%d-%d/statistics/%s"
to
"/sys/bus/xen-backend/devices/vbd-%d-%d/statistics/%s"

* src/xen/block_stats.c: try the extra path in case of failure to
  find the statistics in /sys

src/util/iptables.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch] disable checksum rule

not supported by Squeeze's iptables

Closes: #598330

src/lxc/lxc_controller.c | 4 3 + 1 - 0 !
src/lxc/lxc_driver.c | 11 8 + 3 - 0 !
2 files changed, 11 insertions(+), 4 deletions(-)

 [patch] don't fail lxc domain start when memory controller support is missing

Debian stock kernel has CONFIG_CGROUP_MEM_RES_CTLR disabled due to the
overhead [1]. Allow to start containers if the corresponding files in
the cgroup filesystem are missing.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534964

Closes: #566180

src/conf/nwfilter_conf.c | 18 18 + 0 - 0 !
src/conf/nwfilter_conf.h | 6 6 + 0 - 0 !
src/libvirt_private.syms | 2 2 + 0 - 0 !
src/nwfilter/nwfilter_driver.c | 13 13 + 0 - 0 !
src/qemu/qemu_driver.c | 18 14 + 4 - 0 !
5 files changed, 53 insertions(+), 4 deletions(-)

 [patch] nwfilter: resolve deadlock between vm operations and filter update

src/openvz/openvz_driver.c | 40 1 + 39 - 0 !
1 file changed, 1 insertion(+), 39 deletions(-)

 [patch] openvz: take veid from vmdef->name when defining new domains

to fix domain creation.

src/openvz/openvz_driver.c | 10 4 + 6 - 0 !
1 file changed, 4 insertions(+), 6 deletions(-)

 [patch] openvz: fix some overwritten error codes

Don't overwrite errors during domain creation/definition to ease
tracking down problems.

src/libvirt.c | 27 27 + 0 - 0 !
1 file changed, 27 insertions(+)

 add missing checks for read only connections

As pointed on CVE-2011-1146, some API forgot to check the read-only
status of the connection for entry point which modify the state
of the system or may lead to a remote execution using user data.
The entry points concerned are:
  - virConnectDomainXMLToNative
  - virNodeDeviceDettach
  - virNodeDeviceReAttach
  - virNodeDeviceReset
  - virDomainRevertToSnapshot
  - virDomainSnapshotDelete

* src/libvirt.c: fix the above set of entry points to error on read-only
                 connections

daemon/dispatch.c | 8 2 + 6 - 0 !
daemon/remote.c | 216 112 + 104 - 0 !
2 files changed, 114 insertions(+), 110 deletions(-)

 make error reporting in libvirtd thread safe

daemon/remote.c | 4 3 + 1 - 0 !
gnulib/lib/intprops.h | 61 61 + 0 - 0 !
src/libvirt.c | 5 3 + 2 - 0 !
src/remote/remote_driver.c | 4 3 + 1 - 0 !
4 files changed, 70 insertions(+), 4 deletions(-)

 fix integer overflow in virdomaingetvcpus

Patch taken from upsteam. (CVE-2011-2511)

Closes: #633630

daemon/libvirtd.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 add missing return on error path

configure.ac | 2 1 + 1 - 0 !
src/util/util.c | 64 64 + 0 - 0 !
src/util/util.h | 2 2 + 0 - 0 !
3 files changed, 67 insertions(+), 1 deletion(-)

 new virsetuidgid() utility function

virSetUIDGID() sets both the real and effective group and user of the
process, and additionally calls initgroups() to assure that the
process joins all the auxiliary groups that the given uid is a member
of.

src/qemu/qemu_driver.c | 27 22 + 5 - 0 !
1 file changed, 22 insertions(+), 5 deletions(-)

 run initgroups() in qemudopenasuid()

qemudOpenAsUID is intended to open a file with the credentials of a
specified uid. Current implementation fails if the file is accessible to
one of uid's groups but not owned by uid.

This patch replaces the supplementary group list that the child process
inherited from libvirtd with the default group list of uid.

src/qemu/qemu_driver.c | 44 14 + 30 - 0 !
src/qemu/qemu_security_dac.c | 18 2 + 16 - 0 !
2 files changed, 16 insertions(+), 46 deletions(-)

 replace setuid/setgid/initgroups with virsetuidgid()

This patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=664406

config.h.in | 3 3 + 0 - 0 !
configure | 1 1 + 0 - 0 !
2 files changed, 4 insertions(+)

 rerun autoconf