qemu: Let empty default VNC password work as documented v0.10.2-maint
authorJiri Denemark <jdenemar@redhat.com>
Tue, 28 Jun 2016 12:39:58 +0000 (14:39 +0200)
committerDaniel P. Berrange <berrange@redhat.com>
Thu, 30 Jun 2016 13:47:18 +0000 (14:47 +0100)
commit418a165da6e61ab548349408e4ba0c0d612ef5af
tree4fe1b185bf5280c6871bd66363e32d90555f2ac2
parenta397e887ed40898cc177e118dffdea8e1f4c6184
qemu: Let empty default VNC password work as documented

CVE-2016-5008

Setting an empty graphics password is documented as a way to disable
VNC/SPICE access, but QEMU does not always behaves like that. VNC would
happily accept the empty password. Let's enforce the behavior by setting
password expiration to "now".

https://bugzilla.redhat.com/show_bug.cgi?id=1180092

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit bb848feec0f3f10e92dd8e5231ae7aa89b5598f3)
(cherry picked from commit d933f68ee660566b52cd90330aee0d5f414636a4)
(cherry picked from commit 139a4265774b7aa194f8479a82188bc1337cd7a4)
src/qemu/qemu_hotplug.c