From: Richard Henderson <richard.henderson@linaro.org>
Date: Sat, 25 Oct 2025 08:42:55 +0000 (+0200)
Subject: Merge tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu into staging
X-Git-Tag: v10.2.0-rc1~44
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=36076d24f04ea9dc3357c0fbe7bb14917375819c;p=thirdparty%2Fqemu.git

Merge tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu into staging

Merge misc, crypto and I/O subsystems changes

 * Fix use after free in websocket handshake (CVE-2025-11234)
 * Improved stack traces fatal errors/aborts raised for
   user creatable objects
 * Stop requiring 'key encipherment' usage in x509 certs
 * Only sanity check CA certs needed in the chain of trust
 * Allow intermediate CA certs to be present in client/server
   cert file
 * Fix regression propagating errors in premature shutdown
   of TLS connections

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmj7nZQACgkQvobrtBUQ
# T9+ezBAAsgKl5O/8FYGoSAaVHq4dzbXl/Q0NzHzX7NJ7W8K6LvNy4w8zpuPZEWIt
# luo3uAeRFmWGCE5kAe/rfySwvNAYfKTJWbd4+c/DN6spK8MViMfY/mL2Zows3LsJ
# LDkmi7OVZpTO+JTDt9O0LpjXmtRGunDsm1Wq8WZcrLtsMe0KatVaQen0nFqc8aUf
# uwAgMrZiMpsGp23PLlxaqQVBV2lzXGQHb1Y2UR0DkMBn19861ovPeNRgODc1SpmV
# pvqoeXNVu3Mw4CmY3jb0fArRD8G6g8y0USahVNfXV3cYFXp1/SaEL4sNbYU3VhxG
# MJXvA+uVir6HHJWiDbjiAG+6zjoggaPAwkp5f4M89fnPGgX9sRRAsCdJnR5IIEDo
# 58bc1WWni+KzkDXY/GJ1lMQ6jJuQxavIcpW/zi/sSLu1ceK+j+JqLmjGzpr1mPrk
# D63MvLSOsKFgJNP51OeC5s3GN9UOo6jO/wOMyLTDUTdhc/WOz3Q+f5/E/bRXtaE0
# S+NxMTHJdwDfeRpDXMglL9f5K1ApBo7GAMmjhwXCD3XqUb1pD7RbFNu+QKMqgT4Z
# Jv/Rsik3XOHMFNoMtm+fSaUfeETASJBQQancnLyUcCUrWR9MTKBAtlm0fJypxaBp
# 787FL5LthIX5u7tNf5Btl67BJalHFICVEQrFe/gPq5YnuIRDmwo=
# =WY6C
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 24 Oct 2025 05:39:00 PM CEST
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [unknown]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* tag 'next-pr-pull-request' of https://gitlab.com/berrange/qemu:
  crypto: switch to newer gnutls API for distinguished name
  crypto: stop requiring "key encipherment" usage in x509 certs
  crypto: allow client/server cert chains
  crypto: fix error reporting in cert chain checks
  crypto: validate an error is reported in test expected fails
  crypto: remove extraneous pointer usage in gnutls certs
  crypto: only verify CA certs in chain of trust
  io: fix use after free in websocket handshake code
  io: move websock resource release to close method
  io: release active GSource in TLS channel finalizer
  tests: use macros for registering char tests for sockets
  qom: use ERRP_GUARD in user_creatable_complete
  crypto: propagate Error object on premature termination

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---

36076d24f04ea9dc3357c0fbe7bb14917375819c