Fix the test suite on s390x

CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (bz #1722463, bz #1720115)
CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients (bz #1722462, bz #1720114)
CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API (bz #1722464, bz #1720117)
CVE-2019-10168: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz #1722466, bz #1720118)
CVE-2019-3886: virsh domhostname command discloses guest hostname in readonly mode [fedora-rawhide
Failed to attache NEW rbd device to guest (bz #1672620)
PCI hostdev interface segfault (bz #1692053)

0001-qemu-Allow-creating-ppc64-guests-with-graphics-and-n.patch

@@ -0,0 +1,112 @@
+From: Andrea Bolognani <abologna@redhat.com>
+Date: Wed, 27 Feb 2019 18:41:35 +0100
+Subject: [PATCH] qemu: Allow creating ppc64 guests with graphics and no USB
+ mouse
+
+The existing behavior for ppc64 guests is to always add a USB
+keyboard and mouse combo if graphics are present; unfortunately,
+this means any attempt to use a USB tablet will cause both pointing
+devices to show up in the guest, which in turn will result in poor
+user experience.
+
+We can't just stop adding the USB mouse or start adding a USB tablet
+instead, because existing applications and users might rely on the
+current behavior; however, we can avoid adding the USB mouse if a USB
+tablet is already present, thus allowing users and applications to
+create guests that contain a single pointing device.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1683681
+
+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
+Reviewed-by: Cole Robinson <crobinso@redhat.com>
+(cherry picked from commit 186bb479d0f409dc75175bea48a760838c479a6c)
+---
+ src/qemu/qemu_domain.c                        | 20 ++++++++
+ .../ppc64-pseries-graphics.ppc64-latest.args  | 47 +++++++++++++++++++
+ 2 files changed, 67 insertions(+)
+ create mode 100644 tests/qemuxml2argvdata/ppc64-pseries-graphics.ppc64-latest.args
+
+diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
+index f161cf6c84..764ffacb2e 100644
+--- a/src/qemu/qemu_domain.c
++++ b/src/qemu/qemu_domain.c
+@@ -3384,6 +3384,26 @@ qemuDomainDefAddDefaultDevices(virDomainDefPtr def,
+         def->memballoon = memballoon;
+     }
+ 
++    if (addDefaultUSBMouse) {
++        bool hasUSBTablet = false;
++        size_t j;
++
++        for (j = 0; j < def->ninputs; j++) {
++            if (def->inputs[j]->type == VIR_DOMAIN_INPUT_TYPE_TABLET &&
++                def->inputs[j]->bus == VIR_DOMAIN_INPUT_BUS_USB) {
++                hasUSBTablet = true;
++                break;
++            }
++        }
++
++        /* Historically, we have automatically added USB keyboard and
++         * mouse to some guests. While the former device is generally
++         * safe to have, adding the latter is undesiderable if a USB
++         * tablet is already present in the guest */
++        if (hasUSBTablet)
++            addDefaultUSBMouse = false;
++    }
++
+     if (addDefaultUSBKBD &&
+         def->ngraphics > 0 &&
+         virDomainDefMaybeAddInput(def,
+diff --git a/tests/qemuxml2argvdata/ppc64-pseries-graphics.ppc64-latest.args b/tests/qemuxml2argvdata/ppc64-pseries-graphics.ppc64-latest.args
+new file mode 100644
+index 0000000000..b81648f078
+--- /dev/null
++++ b/tests/qemuxml2argvdata/ppc64-pseries-graphics.ppc64-latest.args
+@@ -0,0 +1,47 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/home/test \
++USER=test \
++LOGNAME=test \
++QEMU_AUDIO_DRV=none \
++/usr/bin/qemu-system-ppc64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object secret,id=masterKey0,format=raw,\
++file=/tmp/lib/domain--1-guest/master-key.aes \
++-machine pseries,accel=tcg,usb=off,dump-guest-core=off \
++-m 4096 \
++-realtime mlock=off \
++-smp 4,sockets=4,cores=1,threads=1 \
++-uuid b35969f7-e7cf-4d90-a9a0-4dd9000f9824 \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server,nowait \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.0,addr=0x2 \
++-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x3 \
++-drive file=/var/lib/libvirt/images/guest.qcow2,format=qcow2,if=none,\
++id=drive-virtio-disk0 \
++-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
++id=virtio-disk0,bootindex=1 \
++-netdev user,id=hostnet0 \
++-device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:a2:44:92,bus=pci.0,\
++addr=0x1 \
++-chardev pty,id=charserial0 \
++-device spapr-vty,chardev=charserial0,id=serial0,reg=0x30000000 \
++-chardev socket,id=charchannel0,fd=1729,server,nowait \
++-device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,\
++id=channel0,name=org.qemu.guest_agent.0 \
++-device usb-tablet,id=input0,bus=usb.0,port=1 \
++-device usb-kbd,id=input1,bus=usb.0,port=2 \
++-vnc 127.0.0.1:0 \
++-device VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x7 \
++-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 \
++-object rng-random,id=objrng0,filename=/dev/urandom \
++-device virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.0,addr=0x6 \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
++resourcecontrol=deny \
++-msg timestamp=on

0001-src-security-Replace-bitwise-OR-with-logical-OR.patch

@@ -1,31 +0,0 @@
-From: Erik Skultety <eskultet@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:09 +0200
-Subject: [PATCH] src: security: Replace bitwise OR with logical OR
-
-Typo introduced by commit d73f3f58360.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1738483
-
-Signed-off-by: Erik Skultety <eskultet@redhat.com>
-(cherry picked from commit 5801ef06ec29fdbac6718e455015450f7c243c1b)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740024
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/security/security_util.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/security/security_util.c b/src/security/security_util.c
-index ad265b0bc5..9d3f483f6b 100644
---- a/src/security/security_util.c
-+++ b/src/security/security_util.c
-@@ -268,7 +268,7 @@ virSecurityMoveRememberedLabel(const char *name,
-     VIR_AUTOFREE(char *) attr_name = NULL;
-     VIR_AUTOFREE(char *) attr_value = NULL;
- 
--    if (!(ref_name = virSecurityGetRefCountAttrName(name)) |
-+    if (!(ref_name = virSecurityGetRefCountAttrName(name)) ||
-         !(attr_name = virSecurityGetAttrName(name)))
-         return -1;
- 

0002-qemu-Remove-duplicated-qemuAgentCheckError.patch

@@ -0,0 +1,34 @@
+From: John Ferlan <jferlan@redhat.com>
+Date: Fri, 7 Sep 2018 16:01:27 -0400
+Subject: [PATCH] qemu: Remove duplicated qemuAgentCheckError
+
+Commit 5b3492fadb moved qemuAgentCheckError calls into
+qemuAgentCommand for various reasons; however, subsequent
+commit 0977b8aa0 adding a new command made call again
+So let's just remove the duplicitous call from
+qemuAgentGetInterfaces.
+
+Signed-off-by: John Ferlan <jferlan@redhat.com>
+ACKed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 9ed175fbc2deecfdaeabca7bc77c7e7ae33a3377)
+---
+ src/qemu/qemu_agent.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
+index bf08871f18..d235c058a5 100644
+--- a/src/qemu/qemu_agent.c
++++ b/src/qemu/qemu_agent.c
+@@ -1987,10 +1987,9 @@ qemuAgentGetInterfaces(qemuAgentPtr mon,
+     if (!(cmd = qemuAgentMakeCommand("guest-network-get-interfaces", NULL)))
+         goto cleanup;
+ 
+-    if (qemuAgentCommand(mon, cmd, &reply, false, VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0 ||
+-        qemuAgentCheckError(cmd, reply) < 0) {
++    if (qemuAgentCommand(mon, cmd, &reply, false,
++                         VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0)
+         goto cleanup;
+-    }
+ 
+     if (!(ret_array = virJSONValueObjectGet(reply, "return"))) {
+         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",

0002-security_util-Use-more-VIR_AUTOFREE.patch

@@ -1,176 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:10 +0200
-Subject: [PATCH] security_util: Use more VIR_AUTOFREE()
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 8ced0909e5a0c41a44c2110d7060f6518b65f0db)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740024
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/security/security_util.c | 78 +++++++++++++++---------------------
- 1 file changed, 32 insertions(+), 46 deletions(-)
-
-diff --git a/src/security/security_util.c b/src/security/security_util.c
-index 9d3f483f6b..04347f51e5 100644
---- a/src/security/security_util.c
-+++ b/src/security/security_util.c
-@@ -113,34 +113,32 @@ virSecurityGetRememberedLabel(const char *name,
-                               const char *path,
-                               char **label)
- {
--    char *ref_name = NULL;
--    char *attr_name = NULL;
--    char *value = NULL;
-+    VIR_AUTOFREE(char *) ref_name = NULL;
-+    VIR_AUTOFREE(char *) attr_name = NULL;
-+    VIR_AUTOFREE(char *) value = NULL;
-     unsigned int refcount = 0;
--    int ret = -1;
- 
-     *label = NULL;
- 
-     if (!(ref_name = virSecurityGetRefCountAttrName(name)))
--        goto cleanup;
-+        return -1;
- 
-     if (virFileGetXAttrQuiet(path, ref_name, &value) < 0) {
--        if (errno == ENOSYS || errno == ENODATA || errno == ENOTSUP) {
--            ret = -2;
--        } else {
--            virReportSystemError(errno,
--                                 _("Unable to get XATTR %s on %s"),
--                                 ref_name,
--                                 path);
--        }
--        goto cleanup;
-+        if (errno == ENOSYS || errno == ENODATA || errno == ENOTSUP)
-+            return -2;
-+
-+        virReportSystemError(errno,
-+                             _("Unable to get XATTR %s on %s"),
-+                             ref_name,
-+                             path);
-+        return -1;
-     }
- 
-     if (virStrToLong_ui(value, NULL, 10, &refcount) < 0) {
-         virReportError(VIR_ERR_INTERNAL_ERROR,
-                        _("malformed refcount %s on %s"),
-                        value, path);
--        goto cleanup;
-+        return -1;
-     }
- 
-     VIR_FREE(value);
-@@ -149,30 +147,25 @@ virSecurityGetRememberedLabel(const char *name,
- 
-     if (refcount > 0) {
-         if (virAsprintf(&value, "%u", refcount) < 0)
--            goto cleanup;
-+            return -1;
- 
-         if (virFileSetXAttr(path, ref_name, value) < 0)
--            goto cleanup;
-+            return -1;
-     } else {
-         if (virFileRemoveXAttr(path, ref_name) < 0)
--            goto cleanup;
-+            return -1;
- 
-         if (!(attr_name = virSecurityGetAttrName(name)))
--            goto cleanup;
-+            return -1;
- 
-         if (virFileGetXAttr(path, attr_name, label) < 0)
--            goto cleanup;
-+            return -1;
- 
-         if (virFileRemoveXAttr(path, attr_name) < 0)
--            goto cleanup;
-+            return -1;
-     }
- 
--    ret = 0;
-- cleanup:
--    VIR_FREE(value);
--    VIR_FREE(attr_name);
--    VIR_FREE(ref_name);
--    return ret;
-+    return 0;
- }
- 
- 
-@@ -201,25 +194,23 @@ virSecuritySetRememberedLabel(const char *name,
-                               const char *path,
-                               const char *label)
- {
--    char *ref_name = NULL;
--    char *attr_name = NULL;
--    char *value = NULL;
-+    VIR_AUTOFREE(char *) ref_name = NULL;
-+    VIR_AUTOFREE(char *) attr_name = NULL;
-+    VIR_AUTOFREE(char *) value = NULL;
-     unsigned int refcount = 0;
--    int ret = -1;
- 
-     if (!(ref_name = virSecurityGetRefCountAttrName(name)))
--        goto cleanup;
-+        return -1;
- 
-     if (virFileGetXAttrQuiet(path, ref_name, &value) < 0) {
-         if (errno == ENOSYS || errno == ENOTSUP) {
--            ret = -2;
--            goto cleanup;
-+            return -2;
-         } else if (errno != ENODATA) {
-             virReportSystemError(errno,
-                                  _("Unable to get XATTR %s on %s"),
-                                  ref_name,
-                                  path);
--            goto cleanup;
-+            return -1;
-         }
-     }
- 
-@@ -228,7 +219,7 @@ virSecuritySetRememberedLabel(const char *name,
-         virReportError(VIR_ERR_INTERNAL_ERROR,
-                        _("malformed refcount %s on %s"),
-                        value, path);
--        goto cleanup;
-+        return -1;
-     }
- 
-     VIR_FREE(value);
-@@ -237,24 +228,19 @@ virSecuritySetRememberedLabel(const char *name,
- 
-     if (refcount == 1) {
-         if (!(attr_name = virSecurityGetAttrName(name)))
--            goto cleanup;
-+            return -1;
- 
-         if (virFileSetXAttr(path, attr_name, label) < 0)
--            goto cleanup;
-+            return -1;
-     }
- 
-     if (virAsprintf(&value, "%u", refcount) < 0)
--        goto cleanup;
-+        return -1;
- 
-     if (virFileSetXAttr(path, ref_name, value) < 0)
--        goto cleanup;
-+        return -1;
- 
--    ret = refcount;
-- cleanup:
--    VIR_FREE(value);
--    VIR_FREE(attr_name);
--    VIR_FREE(ref_name);
--    return ret;
-+    return refcount;
- }
- 
- 

0003-qemu-require-reply-from-guest-agent-in-qemuAgentGetI.patch

@@ -0,0 +1,40 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Fri, 4 Jan 2019 10:17:46 +0100
+Subject: [PATCH] qemu: require reply from guest agent in
+ qemuAgentGetInterfaces
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since its introduction in commit 0977b8aa071 (released in v1.2.14)
+qemuAgentGetInterfaces calls qemuAgentCommand with needReply=false,
+which allows qemuAgentCommand to return 0 even when it did not get
+any reply from the agent.
+
+Set needReply to true, since we dereference it right after.
+
+This can be hit if libvirt is waiting for an event from the agent
+(e.g. shutdown) and the agent cannot reply in time (e.g. due to
+the guest being shut down), as reported in:
+https://bugzilla.redhat.com/show_bug.cgi?id=1663051
+
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from commit 7cfd1fbb1332ae5df678b9f41a62156cb2e88c73)
+---
+ src/qemu/qemu_agent.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
+index d235c058a5..af0c054f99 100644
+--- a/src/qemu/qemu_agent.c
++++ b/src/qemu/qemu_agent.c
+@@ -1987,7 +1987,7 @@ qemuAgentGetInterfaces(qemuAgentPtr mon,
+     if (!(cmd = qemuAgentMakeCommand("guest-network-get-interfaces", NULL)))
+         goto cleanup;
+ 
+-    if (qemuAgentCommand(mon, cmd, &reply, false,
++    if (qemuAgentCommand(mon, cmd, &reply, true,
+                          VIR_DOMAIN_QEMU_AGENT_COMMAND_BLOCK) < 0)
+         goto cleanup;
+ 

0003-security_util-Document-virSecurityMoveRememberedLabe.patch

@@ -1,39 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:11 +0200
-Subject: [PATCH] security_util: Document virSecurityMoveRememberedLabel
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 359c7c1e94e0c54bf7e7a5a8365f066904b4387b)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740024
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/security/security_util.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/src/security/security_util.c b/src/security/security_util.c
-index 04347f51e5..365b2dd2d6 100644
---- a/src/security/security_util.c
-+++ b/src/security/security_util.c
-@@ -244,6 +244,19 @@ virSecuritySetRememberedLabel(const char *name,
- }
- 
- 
-+/**
-+ * virSecurityMoveRememberedLabel:
-+ * @name: security driver name
-+ * @src: source file
-+ * @dst: destination file
-+ *
-+ * For given security driver @name, move all XATTRs related to seclabel
-+ * remembering from @src to @dst. However, if @dst is NULL, then XATTRs
-+ * are just removed from @src.
-+ *
-+ * Returns: 0 on success,
-+ *         -1 otherwise.
-+ */
- int
- virSecurityMoveRememberedLabel(const char *name,
-                                const char *src,

0004-cpu_x86-Do-not-cache-microcode-version.patch

@@ -0,0 +1,51 @@
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 5 Apr 2019 11:33:32 +0200
+Subject: [PATCH] cpu_x86: Do not cache microcode version
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The microcode version checks are used to invalidate cached CPU data we
+get from QEMU. To minimize /proc/cpuinfo parsing the microcode version
+was only read when libvirtd started and cached for the daemon's
+lifetime. However, the CPU microcode can change anytime (updating the
+microcode package can automatically upload it to the CPU) and we need to
+stop caching it to avoid using stale CPU model data.
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b)
+---
+ src/cpu/cpu_x86.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
+index cb27550025..ce48ca6867 100644
+--- a/src/cpu/cpu_x86.c
++++ b/src/cpu/cpu_x86.c
+@@ -163,7 +163,6 @@ struct _virCPUx86Map {
+ };
+ 
+ static virCPUx86MapPtr cpuMap;
+-static unsigned int microcodeVersion;
+ 
+ int virCPUx86DriverOnceInit(void);
+ VIR_ONCE_GLOBAL_INIT(virCPUx86Driver);
+@@ -1331,8 +1330,6 @@ virCPUx86DriverOnceInit(void)
+     if (!(cpuMap = virCPUx86LoadMap()))
+         return -1;
+ 
+-    microcodeVersion = virHostCPUGetMicrocodeVersion();
+-
+     return 0;
+ }
+ 
+@@ -2372,7 +2369,7 @@ virCPUx86GetHost(virCPUDefPtr cpu,
+         goto cleanup;
+ 
+     ret = x86DecodeCPUData(cpu, cpuData, models);
+-    cpu->microcodeVersion = microcodeVersion;
++    cpu->microcodeVersion = virHostCPUGetMicrocodeVersion();
+ 
+  cleanup:
+     virCPUx86DataFree(cpuData);

0004-security-Don-t-increase-XATTRs-refcounter-on-failure.patch

@@ -1,164 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:12 +0200
-Subject: [PATCH] security: Don't increase XATTRs refcounter on failure
-
-If user has two domains, each have the same disk (configured for
-RW) but each runs with different seclabel then we deny start of
-the second domain because in order to do that we would need to
-relabel the disk but that would cut the first domain off. Even if
-we did not do that, qemu would fail to start because it would be
-unable to lock the disk image for the second time. So far, this
-behaviour is expected. But what is not expected is that we
-increase the refcounter in XATTRs and leave it like that.
-
-What happens is that when the second domain starts,
-virSecuritySetRememberedLabel() is called, and since there are
-XATTRs from the first domain it increments the refcounter and
-returns it (refcounter == 2 at this point). Then callers
-(virSecurityDACSetOwnership() and
-virSecuritySELinuxSetFileconHelper()) realize that refcounter is
-greater than 1 and desired seclabel doesn't match the one the
-disk image already has and an error is produced. But the
-refcounter is never decremented.
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740024
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 6a2806fd549c0bfdcb3eb83f130ee99ea8d213e1)
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/security/security_dac.c     | 41 ++++++++++++++++++---------------
- src/security/security_selinux.c | 18 ++++++++++-----
- 2 files changed, 34 insertions(+), 25 deletions(-)
-
-diff --git a/src/security/security_dac.c b/src/security/security_dac.c
-index 137daf5d28..4b4afef18a 100644
---- a/src/security/security_dac.c
-+++ b/src/security/security_dac.c
-@@ -751,6 +751,7 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
-                            bool remember)
- {
-     virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
-+    virErrorPtr origerr;
-     struct stat sb;
-     int refcount;
-     int rc;
-@@ -784,12 +785,13 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
-              * is @refcount domains using the @path. Do not
-              * change the label (as it would almost certainly
-              * cause the other domains to lose access to the
--             * @path). */
-+             * @path). However, the refcounter was incremented in
-+             * XATTRs so decrease it. */
-             if (sb.st_uid != uid || sb.st_gid != gid) {
-                 virReportError(VIR_ERR_OPERATION_INVALID,
-                                _("Setting different DAC user or group on %s "
-                                  "which is already in use"), path);
--                return -1;
-+                goto error;
-             }
-         }
-     }
-@@ -797,25 +799,26 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
-     VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'",
-              NULLSTR(src ? src->path : path), (long)uid, (long)gid);
- 
--    if (virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid) < 0) {
--        virErrorPtr origerr;
--
--        virErrorPreserveLast(&origerr);
--        /* Try to restore the label. This is done so that XATTRs
--         * are left in the same state as when the control entered
--         * this function. However, if our attempt fails, there's
--         * not much we can do. XATTRs refcounting is fubar'ed and
--         * the only option we have is warn users. */
--        if (virSecurityDACRestoreFileLabelInternal(mgr, src, path, remember) < 0)
--            VIR_WARN("Unable to restore label on '%s'. "
--                     "XATTRs might have been left in inconsistent state.",
--                     NULLSTR(src ? src->path : path));
--
--        virErrorRestore(&origerr);
--        return -1;
--    }
-+    if (virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid) < 0)
-+        goto error;
- 
-     return 0;
-+
-+ error:
-+    virErrorPreserveLast(&origerr);
-+    /* Try to restore the label. This is done so that XATTRs
-+     * are left in the same state as when the control entered
-+     * this function. However, if our attempt fails, there's
-+     * not much we can do. XATTRs refcounting is fubar'ed and
-+     * the only option we have is warn users. */
-+    if (virSecurityDACRestoreFileLabelInternal(mgr, src, path, remember) < 0)
-+        VIR_WARN("Unable to restore label on '%s'. "
-+                 "XATTRs might have been left in inconsistent state.",
-+                 NULLSTR(src ? src->path : path));
-+
-+    virErrorRestore(&origerr);
-+
-+    return -1;
- }
- 
- 
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index ea20373a90..9857223bbf 100644
---- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -1334,6 +1334,7 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
-     security_context_t econ = NULL;
-     int refcount;
-     int rc;
-+    bool rollback = false;
-     int ret = -1;
- 
-     if ((rc = virSecuritySELinuxTransactionAppend(path, tcon,
-@@ -1353,6 +1354,8 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
- 
-         if (econ) {
-             refcount = virSecuritySELinuxRememberLabel(path, econ);
-+            if (refcount > 0)
-+                rollback = true;
-             if (refcount == -2) {
-                 /* Not supported. Don't error though. */
-             } else if (refcount < 0) {
-@@ -1362,7 +1365,8 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
-                  * is @refcount domains using the @path. Do not
-                  * change the label (as it would almost certainly
-                  * cause the other domains to lose access to the
--                 * @path). */
-+                 * @path). However, the refcounter was
-+                 * incremented in XATTRs so decrease it. */
-                 if (STRNEQ(econ, tcon)) {
-                     virReportError(VIR_ERR_OPERATION_INVALID,
-                                    _("Setting different SELinux label on %s "
-@@ -1373,7 +1377,12 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
-         }
-     }
- 
--    if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged) < 0) {
-+    if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged) < 0)
-+        goto cleanup;
-+
-+    ret = 0;
-+ cleanup:
-+    if (ret < 0 && rollback) {
-         virErrorPtr origerr;
- 
-         virErrorPreserveLast(&origerr);
-@@ -1388,11 +1397,8 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
-                      path);
- 
-         virErrorRestore(&origerr);
--        goto cleanup;
--    }
- 
--    ret = 0;
-- cleanup:
-+    }
-     freecon(econ);
-     return ret;
- }

0005-qemu-Don-t-cache-microcode-version.patch

@@ -0,0 +1,147 @@
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 12 Apr 2019 21:21:05 +0200
+Subject: [PATCH] qemu: Don't cache microcode version
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+My earlier commit be46f61326 was incomplete. It removed caching of
+microcode version in the CPU driver, which means the capabilities XML
+will see the correct microcode version. But it is also cached in the
+QEMU capabilities cache where it is used to detect whether we need to
+reprobe QEMU. By missing the second place, the original commit
+be46f61326 made the situation even worse since libvirt would report
+correct microcode version while still using the old host CPU model
+(visible in domain capabilities XML).
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 673c62a3b7855a0685d8f116e227c402720b9ee9)
+
+Conflicts:
+        src/qemu/qemu_capabilities.c
+            - virQEMUCapsCacheLookupByArch refactoring (commits
+              7948ad4129a and 1a3de67001c) are missing
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/qemu/qemu_capabilities.c | 12 ++++++++----
+ src/qemu/qemu_capabilities.h |  3 +--
+ src/qemu/qemu_driver.c       |  9 +--------
+ tests/testutilsqemu.c        |  2 +-
+ 4 files changed, 11 insertions(+), 15 deletions(-)
+
+diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
+index a075677421..eaf369f5b1 100644
+--- a/src/qemu/qemu_capabilities.c
++++ b/src/qemu/qemu_capabilities.c
+@@ -4700,7 +4700,7 @@ virQEMUCapsNewData(const char *binary,
+                                            priv->libDir,
+                                            priv->runUid,
+                                            priv->runGid,
+-                                           priv->microcodeVersion,
++                                           virHostCPUGetMicrocodeVersion(),
+                                            priv->kernelVersion);
+ }
+ 
+@@ -4783,8 +4783,7 @@ virFileCachePtr
+ virQEMUCapsCacheNew(const char *libDir,
+                     const char *cacheDir,
+                     uid_t runUid,
+-                    gid_t runGid,
+-                    unsigned int microcodeVersion)
++                    gid_t runGid)
+ {
+     char *capsCacheDir = NULL;
+     virFileCachePtr cache = NULL;
+@@ -4808,7 +4807,6 @@ virQEMUCapsCacheNew(const char *libDir,
+ 
+     priv->runUid = runUid;
+     priv->runGid = runGid;
+-    priv->microcodeVersion = microcodeVersion;
+ 
+     if (uname(&uts) == 0 &&
+         virAsprintf(&priv->kernelVersion, "%s %s", uts.release, uts.version) < 0)
+@@ -4829,8 +4827,11 @@ virQEMUCapsPtr
+ virQEMUCapsCacheLookup(virFileCachePtr cache,
+                        const char *binary)
+ {
++    virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
+     virQEMUCapsPtr ret = NULL;
+ 
++    priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
++
+     ret = virFileCacheLookup(cache, binary);
+ 
+     VIR_DEBUG("Returning caps %p for %s", ret, binary);
+@@ -4876,10 +4877,13 @@ virQEMUCapsPtr
+ virQEMUCapsCacheLookupByArch(virFileCachePtr cache,
+                              virArch arch)
+ {
++    virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
+     virQEMUCapsPtr ret = NULL;
+     virArch target;
+     struct virQEMUCapsSearchData data = { .arch = arch };
+ 
++    priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
++
+     ret = virFileCacheLookupByFunc(cache, virQEMUCapsCompareArch, &data);
+     if (!ret) {
+         /* If the first attempt at finding capabilities has failed, try
+diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
+index 3d3a978759..956babc7eb 100644
+--- a/src/qemu/qemu_capabilities.h
++++ b/src/qemu/qemu_capabilities.h
+@@ -574,8 +574,7 @@ void virQEMUCapsFilterByMachineType(virQEMUCapsPtr qemuCaps,
+ virFileCachePtr virQEMUCapsCacheNew(const char *libDir,
+                                     const char *cacheDir,
+                                     uid_t uid,
+-                                    gid_t gid,
+-                                    unsigned int microcodeVersion);
++                                    gid_t gid);
+ virQEMUCapsPtr virQEMUCapsCacheLookup(virFileCachePtr cache,
+                                       const char *binary);
+ virQEMUCapsPtr virQEMUCapsCacheLookupCopy(virFileCachePtr cache,
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index a0f7c71675..75f8699e7d 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -592,8 +592,6 @@ qemuStateInitialize(bool privileged,
+     char *hugepagePath = NULL;
+     char *memoryBackingPath = NULL;
+     size_t i;
+-    virCPUDefPtr hostCPU = NULL;
+-    unsigned int microcodeVersion = 0;
+ 
+     if (VIR_ALLOC(qemu_driver) < 0)
+         return -1;
+@@ -813,15 +811,10 @@ qemuStateInitialize(bool privileged,
+         run_gid = cfg->group;
+     }
+ 
+-    if ((hostCPU = virCPUProbeHost(virArchFromHost())))
+-        microcodeVersion = hostCPU->microcodeVersion;
+-    virCPUDefFree(hostCPU);
+-
+     qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir,
+                                                      cfg->cacheDir,
+                                                      run_uid,
+-                                                     run_gid,
+-                                                     microcodeVersion);
++                                                     run_gid);
+     if (!qemu_driver->qemuCapsCache)
+         goto error;
+ 
+diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
+index 8438613f28..4e53f03f9e 100644
+--- a/tests/testutilsqemu.c
++++ b/tests/testutilsqemu.c
+@@ -707,7 +707,7 @@ int qemuTestDriverInit(virQEMUDriver *driver)
+ 
+     /* Using /dev/null for libDir and cacheDir automatically produces errors
+      * upon attempt to use any of them */
+-    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0, 0);
++    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0);
+     if (!driver->qemuCapsCache)
+         goto error;
+ 

0005-util-Introduce-virhostuptime.patch

@@ -1,183 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:13 +0200
-Subject: [PATCH] util: Introduce virhostuptime
-
-This module contains function to get host boot time.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 8b802f13cb47817706cba101f5d52e2c8957698d)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741140
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- configure.ac             |  1 +
- src/libvirt_private.syms |  4 ++
- src/util/Makefile.inc.am |  2 +
- src/util/virhostuptime.c | 81 ++++++++++++++++++++++++++++++++++++++++
- src/util/virhostuptime.h | 27 ++++++++++++++
- 5 files changed, 115 insertions(+)
- create mode 100644 src/util/virhostuptime.c
- create mode 100644 src/util/virhostuptime.h
-
-diff --git a/configure.ac b/configure.ac
-index d18d427695..771dd961a5 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -337,6 +337,7 @@ AC_CHECK_FUNCS_ONCE([\
-   getpwuid_r \
-   getrlimit \
-   getuid \
-+  getutxid \
-   if_indextoname \
-   mmap \
-   newlocale \
-diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
-index c323f679b3..9fd778272f 100644
---- a/src/libvirt_private.syms
-+++ b/src/libvirt_private.syms
-@@ -2135,6 +2135,10 @@ virHostMemGetStats;
- virHostMemSetParameters;
- 
- 
-+# util/virhostuptime.h
-+virHostGetBootTime;
-+
-+
- # util/viridentity.h
- virIdentityGetAttr;
- virIdentityGetCurrent;
-diff --git a/src/util/Makefile.inc.am b/src/util/Makefile.inc.am
-index a47f333a98..46866cf213 100644
---- a/src/util/Makefile.inc.am
-+++ b/src/util/Makefile.inc.am
-@@ -91,6 +91,8 @@ UTIL_SOURCES = \
- 	util/virhostdev.h \
- 	util/virhostmem.c \
- 	util/virhostmem.h \
-+	util/virhostuptime.c \
-+	util/virhostuptime.h \
- 	util/viridentity.c \
- 	util/viridentity.h \
- 	util/virinitctl.c \
-diff --git a/src/util/virhostuptime.c b/src/util/virhostuptime.c
-new file mode 100644
-index 0000000000..62b781acd5
---- /dev/null
-+++ b/src/util/virhostuptime.c
-@@ -0,0 +1,81 @@
-+/*
-+ * virhostuptime.c: helper APIs for host uptime
-+ *
-+ * Copyright (C) 2019 Red Hat, Inc.
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2.1 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this library.  If not, see
-+ * <http://www.gnu.org/licenses/>.
-+ */
-+
-+#include <config.h>
-+
-+#ifdef HAVE_GETUTXID
-+# include <utmpx.h>
-+#endif
-+
-+#include "virhostuptime.h"
-+#include "virthread.h"
-+
-+static unsigned long long bootTime;
-+static int bootTimeErrno;
-+static virOnceControl virHostGetBootTimeOnce = VIR_ONCE_CONTROL_INITIALIZER;
-+
-+#ifdef HAVE_GETUTXID
-+static void
-+virHostGetBootTimeOnceInit(void)
-+{
-+    struct utmpx id = {.ut_type = BOOT_TIME};
-+    struct utmpx *res = NULL;
-+
-+    if (!(res = getutxid(&id))) {
-+        bootTimeErrno = errno;
-+    } else {
-+        bootTime = res->ut_tv.tv_sec;
-+    }
-+
-+    endutxent();
-+}
-+
-+#else /* !HAVE_GETUTXID */
-+
-+static void
-+virHostGetBootTimeOnceInit(void)
-+{
-+    bootTimeErrno = ENOSYS;
-+}
-+#endif /* HAVE_GETUTXID */
-+
-+/**
-+ * virHostGetBootTime:
-+ * @when: UNIX timestamp of boot time
-+ *
-+ * Get a UNIX timestamp of host boot time and store it at @when.
-+ *
-+ * Return: 0 on success,
-+ *        -1 otherwise.
-+ */
-+int
-+virHostGetBootTime(unsigned long long *when)
-+{
-+    if (virOnce(&virHostGetBootTimeOnce, virHostGetBootTimeOnceInit) < 0)
-+        return -1;
-+
-+    if (bootTimeErrno) {
-+        errno = bootTimeErrno;
-+        return -1;
-+    }
-+
-+    *when = bootTime;
-+    return 0;
-+}
-diff --git a/src/util/virhostuptime.h b/src/util/virhostuptime.h
-new file mode 100644
-index 0000000000..03c1517a64
---- /dev/null
-+++ b/src/util/virhostuptime.h
-@@ -0,0 +1,27 @@
-+/*
-+ * virhostuptime.h: helper APIs for host uptime
-+ *
-+ * Copyright (C) 2019 Red Hat, Inc.
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2.1 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this library.  If not, see
-+ * <http://www.gnu.org/licenses/>.
-+ */
-+
-+#pragma once
-+
-+#include "internal.h"
-+
-+int
-+virHostGetBootTime(unsigned long long *when)
-+    ATTRIBUTE_NOINLINE;

0006-cputest-Add-data-for-Intel-R-Xeon-R-CPU-E3-1225-v5.patch

@@ -0,0 +1,880 @@
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 5 Apr 2019 11:19:30 +0200
+Subject: [PATCH] cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from commit 5cd9db3ac11e88846cbcf95fad9f6fae9d880dee)
+
+CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+
+Conflicts:
+	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+            - intel-pt feature is missing
+	    - stibp feature is missing
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ tests/cputest.c                               |   1 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml |   7 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml  |   8 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml    |  26 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml     |  27 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml     |  10 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5.json         | 652 ++++++++++++++++++
+ .../x86_64-cpuid-Xeon-E3-1225-v5.sig          |   4 +
+ .../x86_64-cpuid-Xeon-E3-1225-v5.xml          |  47 ++
+ 9 files changed, 782 insertions(+)
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
+ create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
+
+diff --git a/tests/cputest.c b/tests/cputest.c
+index baf2b3c648..fbb2a86af8 100644
+--- a/tests/cputest.c
++++ b/tests/cputest.c
+@@ -1190,6 +1190,7 @@ mymain(void)
+     DO_TEST_CPUID(VIR_ARCH_X86_64, "Phenom-B95", JSON_HOST);
+     DO_TEST_CPUID(VIR_ARCH_X86_64, "Ryzen-7-1800X-Eight-Core", JSON_HOST);
+     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-5110", JSON_NONE);
++    DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1225-v5", JSON_MODELS);
+     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1245-v5", JSON_MODELS);
+     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2609-v3", JSON_MODELS);
+     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2623-v4", JSON_MODELS);
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
+new file mode 100644
+index 0000000000..ce51903e53
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
+@@ -0,0 +1,7 @@
++<!-- Features disabled by QEMU -->
++<cpudata arch='x86'>
++  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0800c1fc' edx='0xb0600000'/>
++  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x02000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
++</cpudata>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+new file mode 100644
+index 0000000000..0deca9fba6
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+@@ -0,0 +1,8 @@
++<!-- Features enabled by QEMU -->
++<cpudata arch='x86'>
++  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
++  <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
++  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
++</cpudata>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+new file mode 100644
+index 0000000000..993db80cc9
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+@@ -0,0 +1,26 @@
++<cpu mode='custom' match='exact'>
++  <model fallback='forbid'>Skylake-Client-IBRS</model>
++  <vendor>Intel</vendor>
++  <feature policy='require' name='ds'/>
++  <feature policy='require' name='acpi'/>
++  <feature policy='require' name='ss'/>
++  <feature policy='require' name='ht'/>
++  <feature policy='require' name='tm'/>
++  <feature policy='require' name='pbe'/>
++  <feature policy='require' name='dtes64'/>
++  <feature policy='require' name='monitor'/>
++  <feature policy='require' name='ds_cpl'/>
++  <feature policy='require' name='vmx'/>
++  <feature policy='require' name='smx'/>
++  <feature policy='require' name='est'/>
++  <feature policy='require' name='tm2'/>
++  <feature policy='require' name='xtpr'/>
++  <feature policy='require' name='pdcm'/>
++  <feature policy='require' name='osxsave'/>
++  <feature policy='require' name='tsc_adjust'/>
++  <feature policy='require' name='clflushopt'/>
++  <feature policy='require' name='ssbd'/>
++  <feature policy='require' name='xsaves'/>
++  <feature policy='require' name='pdpe1gb'/>
++  <feature policy='require' name='invtsc'/>
++</cpu>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+new file mode 100644
+index 0000000000..074a39ba1d
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+@@ -0,0 +1,27 @@
++<cpu>
++  <arch>x86_64</arch>
++  <model>Skylake-Client-IBRS</model>
++  <vendor>Intel</vendor>
++  <feature name='ds'/>
++  <feature name='acpi'/>
++  <feature name='ss'/>
++  <feature name='ht'/>
++  <feature name='tm'/>
++  <feature name='pbe'/>
++  <feature name='dtes64'/>
++  <feature name='monitor'/>
++  <feature name='ds_cpl'/>
++  <feature name='vmx'/>
++  <feature name='smx'/>
++  <feature name='est'/>
++  <feature name='tm2'/>
++  <feature name='xtpr'/>
++  <feature name='pdcm'/>
++  <feature name='osxsave'/>
++  <feature name='tsc_adjust'/>
++  <feature name='clflushopt'/>
++  <feature name='ssbd'/>
++  <feature name='xsaves'/>
++  <feature name='pdpe1gb'/>
++  <feature name='invtsc'/>
++</cpu>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+new file mode 100644
+index 0000000000..1984bd4cf2
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+@@ -0,0 +1,10 @@
++<cpu mode='custom' match='exact'>
++  <model fallback='forbid'>Skylake-Client-IBRS</model>
++  <vendor>Intel</vendor>
++  <feature policy='require' name='ss'/>
++  <feature policy='require' name='hypervisor'/>
++  <feature policy='require' name='tsc_adjust'/>
++  <feature policy='require' name='clflushopt'/>
++  <feature policy='require' name='ssbd'/>
++  <feature policy='require' name='pdpe1gb'/>
++</cpu>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
+new file mode 100644
+index 0000000000..084747556b
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
+@@ -0,0 +1,652 @@
++{
++  "return": {
++    "model": {
++      "name": "base",
++      "props": {
++        "phys-bits": 0,
++        "core-id": -1,
++        "xlevel": 2147483656,
++        "cmov": true,
++        "ia64": false,
++        "aes": true,
++        "mmx": true,
++        "rdpid": false,
++        "arat": true,
++        "gfni": false,
++        "pause-filter": false,
++        "xsavec": true,
++        "intel-pt": false,
++        "osxsave": false,
++        "hv-frequencies": false,
++        "tsc-frequency": 0,
++        "xd": true,
++        "hv-vendor-id": "",
++        "kvm-asyncpf": true,
++        "kvm_asyncpf": true,
++        "perfctr_core": false,
++        "perfctr-core": false,
++        "mpx": true,
++        "pbe": false,
++        "decodeassists": false,
++        "avx512cd": false,
++        "sse4_1": true,
++        "sse4.1": true,
++        "sse4-1": true,
++        "family": 6,
++        "legacy-cache": true,
++        "vmware-cpuid-freq": true,
++        "avx512f": false,
++        "msr": true,
++        "mce": true,
++        "mca": true,
++        "hv-runtime": false,
++        "xcrypt": false,
++        "thread-id": -1,
++        "min-level": 13,
++        "xgetbv1": true,
++        "cid": false,
++        "hv-relaxed": false,
++        "hv-crash": false,
++        "ds": false,
++        "fxsr": true,
++        "xsaveopt": true,
++        "xtpr": false,
++        "avx512vl": false,
++        "avx512-vpopcntdq": false,
++        "phe": false,
++        "extapic": false,
++        "3dnowprefetch": true,
++        "avx512vbmi2": false,
++        "cr8legacy": false,
++        "stibp": true,
++        "cpuid-0xb": true,
++        "xcrypt-en": false,
++        "kvm_pv_eoi": true,
++        "apic-id": 4294967295,
++        "pn": false,
++        "dca": false,
++        "vendor": "GenuineIntel",
++        "pku": false,
++        "smx": false,
++        "cmp_legacy": false,
++        "cmp-legacy": false,
++        "node-id": -1,
++        "avx512-4fmaps": false,
++        "vmcb_clean": false,
++        "vmcb-clean": false,
++        "3dnowext": false,
++        "hle": true,
++        "npt": false,
++        "memory": "/machine/unattached/system[0]",
++        "clwb": false,
++        "lbrv": false,
++        "adx": true,
++        "ss": true,
++        "pni": true,
++        "svm_lock": false,
++        "svm-lock": false,
++        "pfthreshold": false,
++        "smep": true,
++        "smap": true,
++        "x2apic": true,
++        "avx512vbmi": false,
++        "avx512vnni": false,
++        "hv-stimer": false,
++        "i64": true,
++        "flushbyasid": false,
++        "f16c": true,
++        "ace2-en": false,
++        "pat": true,
++        "pae": true,
++        "sse": true,
++        "phe-en": false,
++        "kvm_nopiodelay": true,
++        "kvm-nopiodelay": true,
++        "tm": false,
++        "kvmclock-stable-bit": true,
++        "hypervisor": true,
++        "socket-id": -1,
++        "pcommit": false,
++        "syscall": true,
++        "level": 13,
++        "avx512dq": false,
++        "svm": false,
++        "full-cpuid-auto-level": true,
++        "hv-reset": false,
++        "invtsc": false,
++        "sse3": true,
++        "sse2": true,
++        "ssbd": true,
++        "est": false,
++        "avx512ifma": false,
++        "tm2": false,
++        "kvm-pv-eoi": true,
++        "cx8": true,
++        "kvm_mmu": false,
++        "kvm-mmu": false,
++        "sse4_2": true,
++        "sse4.2": true,
++        "sse4-2": true,
++        "pge": true,
++        "fill-mtrr-mask": true,
++        "avx512bitalg": false,
++        "nodeid_msr": false,
++        "pdcm": false,
++        "movbe": true,
++        "model": 94,
++        "nrip_save": false,
++        "nrip-save": false,
++        "kvm_pv_unhalt": true,
++        "ssse3": true,
++        "sse4a": false,
++        "invpcid": true,
++        "pdpe1gb": true,
++        "tsc-deadline": true,
++        "fma": true,
++        "cx16": true,
++        "de": true,
++        "enforce": false,
++        "stepping": 3,
++        "xsave": true,
++        "clflush": true,
++        "skinit": false,
++        "tsc": true,
++        "tce": false,
++        "fpu": true,
++        "ibs": false,
++        "ds_cpl": false,
++        "ds-cpl": false,
++        "host-phys-bits": true,
++        "fma4": false,
++        "la57": false,
++        "osvw": false,
++        "check": true,
++        "hv-spinlocks": -1,
++        "pmu": false,
++        "pmm": false,
++        "apic": true,
++        "spec-ctrl": true,
++        "min-xlevel2": 0,
++        "tsc-adjust": true,
++        "tsc_adjust": true,
++        "kvm-steal-time": true,
++        "kvm_steal_time": true,
++        "kvmclock": true,
++        "l3-cache": true,
++        "lwp": false,
++        "ibpb": false,
++        "xop": false,
++        "avx": true,
++        "ospke": false,
++        "ace2": false,
++        "avx512bw": false,
++        "acpi": false,
++        "hv-vapic": false,
++        "fsgsbase": true,
++        "ht": false,
++        "nx": true,
++        "pclmulqdq": true,
++        "mmxext": false,
++        "vaes": false,
++        "popcnt": true,
++        "xsaves": false,
++        "tcg-cpuid": true,
++        "lm": true,
++        "umip": false,
++        "pse": true,
++        "avx2": true,
++        "sep": true,
++        "pclmuldq": true,
++        "virt-ssbd": false,
++        "x-hv-max-vps": -1,
++        "nodeid-msr": false,
++        "md-clear": true,
++        "kvm": true,
++        "misalignsse": false,
++        "min-xlevel": 2147483656,
++        "kvm-pv-unhalt": true,
++        "bmi2": true,
++        "bmi1": true,
++        "realized": false,
++        "tsc_scale": false,
++        "tsc-scale": false,
++        "topoext": false,
++        "hv-vpindex": false,
++        "xlevel2": 0,
++        "clflushopt": true,
++        "kvm-no-smi-migration": false,
++        "monitor": false,
++        "avx512er": false,
++        "pmm-en": false,
++        "pcid": true,
++        "3dnow": false,
++        "erms": true,
++        "lahf-lm": true,
++        "lahf_lm": true,
++        "vpclmulqdq": false,
++        "fxsr-opt": false,
++        "hv-synic": false,
++        "xstore": false,
++        "fxsr_opt": false,
++        "kvm-hint-dedicated": false,
++        "rtm": true,
++        "lmce": true,
++        "hv-time": false,
++        "perfctr-nb": false,
++        "perfctr_nb": false,
++        "ffxsr": false,
++        "rdrand": true,
++        "rdseed": true,
++        "avx512-4vnniw": false,
++        "vmx": false,
++        "vme": true,
++        "dtes64": false,
++        "mtrr": true,
++        "rdtscp": true,
++        "pse36": true,
++        "kvm-pv-tlb-flush": false,
++        "tbm": false,
++        "wdt": false,
++        "pause_filter": false,
++        "sha-ni": false,
++        "model-id": "Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz",
++        "abm": true,
++        "avx512pf": false,
++        "xstore-en": false
++      }
++    }
++  },
++  "id": "model-expansion"
++}
++
++{
++  "return": [
++    {
++      "name": "max",
++      "typename": "max-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": false
++    },
++    {
++      "name": "host",
++      "typename": "host-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": false
++    },
++    {
++      "name": "base",
++      "typename": "base-x86_64-cpu",
++      "unavailable-features": [],
++      "static": true,
++      "migration-safe": true
++    },
++    {
++      "name": "qemu64",
++      "typename": "qemu64-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "qemu32",
++      "typename": "qemu32-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "phenom",
++      "typename": "phenom-x86_64-cpu",
++      "unavailable-features": [
++        "mmxext",
++        "fxsr-opt",
++        "3dnowext",
++        "3dnow",
++        "sse4a",
++        "npt"
++      ],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "pentium3",
++      "typename": "pentium3-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "pentium2",
++      "typename": "pentium2-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "pentium",
++      "typename": "pentium-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "n270",
++      "typename": "n270-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "kvm64",
++      "typename": "kvm64-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "kvm32",
++      "typename": "kvm32-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "cpu64-rhel6",
++      "typename": "cpu64-rhel6-x86_64-cpu",
++      "unavailable-features": [
++        "sse4a"
++      ],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "coreduo",
++      "typename": "coreduo-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "core2duo",
++      "typename": "core2duo-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "athlon",
++      "typename": "athlon-x86_64-cpu",
++      "unavailable-features": [
++        "mmxext",
++        "3dnowext",
++        "3dnow"
++      ],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Westmere",
++      "typename": "Westmere-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Westmere-IBRS",
++      "typename": "Westmere-IBRS-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Skylake-Server",
++      "typename": "Skylake-Server-x86_64-cpu",
++      "unavailable-features": [
++        "avx512f",
++        "avx512dq",
++        "clwb",
++        "avx512cd",
++        "avx512bw",
++        "avx512vl",
++        "avx512f",
++        "avx512f",
++        "avx512f"
++      ],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Skylake-Server-IBRS",
++      "typename": "Skylake-Server-IBRS-x86_64-cpu",
++      "unavailable-features": [
++        "avx512f",
++        "avx512dq",
++        "clwb",
++        "avx512cd",
++        "avx512bw",
++        "avx512vl",
++        "avx512f",
++        "avx512f",
++        "avx512f"
++      ],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Skylake-Client",
++      "typename": "Skylake-Client-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Skylake-Client-IBRS",
++      "typename": "Skylake-Client-IBRS-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "SandyBridge",
++      "typename": "SandyBridge-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "SandyBridge-IBRS",
++      "typename": "SandyBridge-IBRS-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Penryn",
++      "typename": "Penryn-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Opteron_G5",
++      "typename": "Opteron_G5-x86_64-cpu",
++      "unavailable-features": [
++        "sse4a",
++        "misalignsse",
++        "xop",
++        "fma4",
++        "tbm"
++      ],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Opteron_G4",
++      "typename": "Opteron_G4-x86_64-cpu",
++      "unavailable-features": [
++        "sse4a",
++        "misalignsse",
++        "xop",
++        "fma4"
++      ],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Opteron_G3",
++      "typename": "Opteron_G3-x86_64-cpu",
++      "unavailable-features": [
++        "sse4a",
++        "misalignsse"
++      ],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Opteron_G2",
++      "typename": "Opteron_G2-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Opteron_G1",
++      "typename": "Opteron_G1-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Nehalem",
++      "typename": "Nehalem-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Nehalem-IBRS",
++      "typename": "Nehalem-IBRS-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "IvyBridge",
++      "typename": "IvyBridge-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "IvyBridge-IBRS",
++      "typename": "IvyBridge-IBRS-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Haswell",
++      "typename": "Haswell-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Haswell-noTSX",
++      "typename": "Haswell-noTSX-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Haswell-noTSX-IBRS",
++      "typename": "Haswell-noTSX-IBRS-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Haswell-IBRS",
++      "typename": "Haswell-IBRS-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "EPYC",
++      "typename": "EPYC-x86_64-cpu",
++      "unavailable-features": [
++        "sha-ni",
++        "mmxext",
++        "fxsr-opt",
++        "cr8legacy",
++        "sse4a",
++        "misalignsse",
++        "osvw"
++      ],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "EPYC-IBPB",
++      "typename": "EPYC-IBPB-x86_64-cpu",
++      "unavailable-features": [
++        "sha-ni",
++        "mmxext",
++        "fxsr-opt",
++        "cr8legacy",
++        "sse4a",
++        "misalignsse",
++        "osvw",
++        "ibpb"
++      ],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Conroe",
++      "typename": "Conroe-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Broadwell",
++      "typename": "Broadwell-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Broadwell-noTSX",
++      "typename": "Broadwell-noTSX-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Broadwell-noTSX-IBRS",
++      "typename": "Broadwell-noTSX-IBRS-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "Broadwell-IBRS",
++      "typename": "Broadwell-IBRS-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    },
++    {
++      "name": "486",
++      "typename": "486-x86_64-cpu",
++      "unavailable-features": [],
++      "static": false,
++      "migration-safe": true
++    }
++  ],
++  "id": "definitions"
++}
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
+new file mode 100644
+index 0000000000..7e57c2ded6
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
+@@ -0,0 +1,4 @@
++0506e3
++family:     6 (0x06)
++model:     94 (0x5e)
++stepping:   3 (0x03)
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
+new file mode 100644
+index 0000000000..437429d61d
+--- /dev/null
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
+@@ -0,0 +1,47 @@
++<!-- Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz -->
++<cpudata arch='x86'>
++  <cpuid eax_in='0x00000000' ecx_in='0x00' eax='0x00000016' ebx='0x756e6547' ecx='0x6c65746e' edx='0x49656e69'/>
++  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x000506e3' ebx='0x06100800' ecx='0x7ffafbff' edx='0xbfebfbff'/>
++  <cpuid eax_in='0x00000002' ecx_in='0x00' eax='0x76036301' ebx='0x00f0b6ff' ecx='0x00000000' edx='0x00c30000'/>
++  <cpuid eax_in='0x00000003' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x00000004' ecx_in='0x00' eax='0x1c004121' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
++  <cpuid eax_in='0x00000004' ecx_in='0x01' eax='0x1c004122' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
++  <cpuid eax_in='0x00000004' ecx_in='0x02' eax='0x1c004143' ebx='0x00c0003f' ecx='0x000003ff' edx='0x00000000'/>
++  <cpuid eax_in='0x00000004' ecx_in='0x03' eax='0x1c03c163' ebx='0x03c0003f' ecx='0x00001fff' edx='0x00000006'/>
++  <cpuid eax_in='0x00000005' ecx_in='0x00' eax='0x00000040' ebx='0x00000040' ecx='0x00000003' edx='0x00142120'/>
++  <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x000027f7' ebx='0x00000002' ecx='0x00000009' edx='0x00000000'/>
++  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x029c6fbf' ecx='0x00000000' edx='0x9c002400'/>
++  <cpuid eax_in='0x00000008' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x00000009' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x0000000a' ecx_in='0x00' eax='0x07300804' ebx='0x00000000' ecx='0x00000000' edx='0x00000603'/>
++  <cpuid eax_in='0x0000000b' ecx_in='0x00' eax='0x00000001' ebx='0x00000001' ecx='0x00000100' edx='0x00000006'/>
++  <cpuid eax_in='0x0000000b' ecx_in='0x01' eax='0x00000004' ebx='0x00000004' ecx='0x00000201' edx='0x00000006'/>
++  <cpuid eax_in='0x0000000c' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x0000000d' ecx_in='0x00' eax='0x0000001f' ebx='0x00000440' ecx='0x00000440' edx='0x00000000'/>
++  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x0000000f' ebx='0x000003c0' ecx='0x00000100' edx='0x00000000'/>
++  <cpuid eax_in='0x0000000d' ecx_in='0x02' eax='0x00000100' ebx='0x00000240' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x0000000d' ecx_in='0x03' eax='0x00000040' ebx='0x000003c0' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x0000000d' ecx_in='0x04' eax='0x00000040' ebx='0x00000400' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x0000000d' ecx_in='0x08' eax='0x00000080' ebx='0x00000000' ecx='0x00000001' edx='0x00000000'/>
++  <cpuid eax_in='0x0000000e' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x0000000f' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x00000010' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x00000011' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x00000012' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x00000013' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x00000014' ecx_in='0x00' eax='0x00000001' ebx='0x0000000f' ecx='0x00000007' edx='0x00000000'/>
++  <cpuid eax_in='0x00000014' ecx_in='0x01' eax='0x02490002' ebx='0x003f3fff' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x00000015' ecx_in='0x00' eax='0x00000002' ebx='0x00000114' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x00000016' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
++  <cpuid eax_in='0x80000000' ecx_in='0x00' eax='0x80000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
++  <cpuid eax_in='0x80000002' ecx_in='0x00' eax='0x65746e49' ebx='0x2952286c' ecx='0x6f655820' edx='0x2952286e'/>
++  <cpuid eax_in='0x80000003' ecx_in='0x00' eax='0x55504320' ebx='0x2d334520' ecx='0x35323231' edx='0x20357620'/>
++  <cpuid eax_in='0x80000004' ecx_in='0x00' eax='0x2e332040' ebx='0x48473033' ecx='0x0000007a' edx='0x00000000'/>
++  <cpuid eax_in='0x80000005' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x80000006' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x01006040' edx='0x00000000'/>
++  <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
++  <cpuid eax_in='0x80000008' ecx_in='0x00' eax='0x00003027' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
++  <cpuid eax_in='0x80860000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
++  <cpuid eax_in='0xc0000000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
++</cpudata>

0006-security_util-Remove-stale-XATTRs.patch

@@ -1,344 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:14 +0200
-Subject: [PATCH] security_util: Remove stale XATTRs
-
-It may happen that we leave some XATTRs behind. For instance, on
-a sudden power loss, the host just shuts down without calling
-restore on domain paths. This creates a problem, because when the
-host starts up again, the XATTRs are there but they don't reflect
-the true state and this may result in libvirt denying start of a
-domain.
-
-To solve this, save a unique timestamp (host boot time) among
-with our XATTRs.
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741140
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 7cfb7aab573a031880a1f4fd20747843fea109ba)
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/security/security_util.c    | 194 +++++++++++++++++++++++++++++++-
- tests/qemusecuritymock.c        |  12 ++
- tools/libvirt_recover_xattrs.sh |   2 +-
- 3 files changed, 206 insertions(+), 2 deletions(-)
-
-diff --git a/src/security/security_util.c b/src/security/security_util.c
-index 365b2dd2d6..31f41cedfd 100644
---- a/src/security/security_util.c
-+++ b/src/security/security_util.c
-@@ -22,11 +22,16 @@
- #include "virfile.h"
- #include "virstring.h"
- #include "virerror.h"
-+#include "virlog.h"
-+#include "viruuid.h"
-+#include "virhostuptime.h"
- 
- #include "security_util.h"
- 
- #define VIR_FROM_THIS VIR_FROM_SECURITY
- 
-+VIR_LOG_INIT("security.security_util");
-+
- /* There are four namespaces available on Linux (xattr(7)):
-  *
-  *  user - can be modified by anybody,
-@@ -83,6 +88,153 @@ virSecurityGetRefCountAttrName(const char *name ATTRIBUTE_UNUSED)
- }
- 
- 
-+#ifdef XATTR_NAMESPACE
-+static char *
-+virSecurityGetTimestampAttrName(const char *name)
-+{
-+    char *ret = NULL;
-+    ignore_value(virAsprintf(&ret, XATTR_NAMESPACE ".libvirt.security.timestamp_%s", name));
-+    return ret;
-+}
-+#else /* !XATTR_NAMESPACE */
-+static char *
-+virSecurityGetTimestampAttrName(const char *name ATTRIBUTE_UNUSED)
-+{
-+    errno = ENOSYS;
-+    virReportSystemError(errno, "%s",
-+                         _("Extended attributes are not supported on this system"));
-+    return NULL;
-+}
-+#endif /* !XATTR_NAMESPACE */
-+
-+
-+static char *
-+virSecurityGetTimestamp(void)
-+{
-+    unsigned long long boottime = 0;
-+    char *ret = NULL;
-+
-+    if (virHostGetBootTime(&boottime) < 0) {
-+        virReportSystemError(errno, "%s",
-+                             _("Unable to get host boot time"));
-+        return NULL;
-+    }
-+
-+    ignore_value(virAsprintf(&ret, "%llu", boottime));
-+    return ret;
-+}
-+
-+
-+/**
-+ * virSecurityValidateTimestamp:
-+ * @name: security driver name
-+ * @path: file name
-+ *
-+ * Check if remembered label on @path for security driver @name
-+ * is valid, i.e. the label has been set since the last boot. If
-+ * the label was set in previous runs, all XATTRs related to
-+ * @name are removed so that clean slate is restored.
-+ *
-+ * This is done having extra attribute timestamp_$SECDRIVER which
-+ * contains the host boot time. Its value is then compared to
-+ * actual host boot time. If these two values don't match then
-+ * XATTRs are considered as stale and thus invalid.
-+ *
-+ * In ideal world, where there network file systems have XATTRs
-+ * using plain host boot time is not enough as it may lead to a
-+ * situation where a freshly started host sees XATTRs, sees the
-+ * timestamp put there by some longer running host and considers
-+ * the XATTRs invalid. Well, there is not an easy way out. We
-+ * would need to somehow check if the longer running host is
-+ * still there and uses the @path (how?).
-+ * Fortunately, there is only one network file system which
-+ * supports XATTRs currently (GlusterFS via FUSE) and it is used
-+ * so rarely that it's almost a corner case.
-+ * The worst thing that happens there is that we remove XATTRs
-+ * and thus return @path to the default label for $SECDRIVER.
-+ *
-+ * Returns: 0 if remembered label is valid,
-+ *          1 if remembered label was not valid,
-+ *         -2 if underlying file system doesn't support XATTRs,
-+ *         -1 otherwise.
-+ */
-+static int
-+virSecurityValidateTimestamp(const char *name,
-+                             const char *path)
-+{
-+    VIR_AUTOFREE(char *) expected_timestamp = NULL;
-+    VIR_AUTOFREE(char *) timestamp_name = NULL;
-+    VIR_AUTOFREE(char *) value = NULL;
-+
-+    if (!(expected_timestamp = virSecurityGetTimestamp()) ||
-+        !(timestamp_name = virSecurityGetTimestampAttrName(name)))
-+        return -1;
-+
-+    errno = 0;
-+    if (virFileGetXAttrQuiet(path, timestamp_name, &value) < 0) {
-+        if (errno == ENOSYS || errno == ENOTSUP) {
-+            return -2;
-+        } else if (errno != ENODATA) {
-+            virReportSystemError(errno,
-+                                 _("Unable to get XATTR %s on %s"),
-+                                 timestamp_name,
-+                                 path);
-+            return -1;
-+        }
-+
-+        /* Timestamp is missing. We could continue and claim a valid timestamp.
-+         * But then we would never remove stale XATTRs. Therefore, claim it
-+         * invalid and have the code below remove all XATTRs. This of course
-+         * means that we will not restore the original owner, but the plus side
-+         * is that we reset refcounter which will represent the true state.
-+         */
-+    }
-+
-+    if (STREQ_NULLABLE(value, expected_timestamp)) {
-+        VIR_DEBUG("XATTRs on %s secdriver=%s are valid", path, name);
-+        return 0;
-+    }
-+
-+    VIR_WARN("Invalid XATTR timestamp detected on %s secdriver=%s", path, name);
-+
-+    if (virSecurityMoveRememberedLabel(name, path, NULL) < 0)
-+        return -1;
-+
-+    return 1;
-+}
-+
-+
-+static int
-+virSecurityAddTimestamp(const char *name,
-+                        const char *path)
-+{
-+    VIR_AUTOFREE(char *) timestamp_name = NULL;
-+    VIR_AUTOFREE(char *) timestamp_value = NULL;
-+
-+    if (!(timestamp_value = virSecurityGetTimestamp()) ||
-+        !(timestamp_name = virSecurityGetTimestampAttrName(name)))
-+        return -1;
-+
-+    return virFileSetXAttr(path, timestamp_name, timestamp_value);
-+}
-+
-+
-+static int
-+virSecurityRemoveTimestamp(const char *name,
-+                           const char *path)
-+{
-+    VIR_AUTOFREE(char *) timestamp_name = NULL;
-+
-+    if (!(timestamp_name = virSecurityGetTimestampAttrName(name)))
-+        return -1;
-+
-+    if (virFileRemoveXAttr(path, timestamp_name) < 0 && errno != ENOENT)
-+        return -1;
-+
-+    return 0;
-+}
-+
-+
- /**
-  * virSecurityGetRememberedLabel:
-  * @name: security driver name
-@@ -117,9 +269,13 @@ virSecurityGetRememberedLabel(const char *name,
-     VIR_AUTOFREE(char *) attr_name = NULL;
-     VIR_AUTOFREE(char *) value = NULL;
-     unsigned int refcount = 0;
-+    int rc;
- 
-     *label = NULL;
- 
-+    if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
-+        return rc;
-+
-     if (!(ref_name = virSecurityGetRefCountAttrName(name)))
-         return -1;
- 
-@@ -163,6 +319,9 @@ virSecurityGetRememberedLabel(const char *name,
- 
-         if (virFileRemoveXAttr(path, attr_name) < 0)
-             return -1;
-+
-+        if (virSecurityRemoveTimestamp(name, path) < 0)
-+            return -1;
-     }
- 
-     return 0;
-@@ -198,6 +357,10 @@ virSecuritySetRememberedLabel(const char *name,
-     VIR_AUTOFREE(char *) attr_name = NULL;
-     VIR_AUTOFREE(char *) value = NULL;
-     unsigned int refcount = 0;
-+    int rc;
-+
-+    if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
-+        return rc;
- 
-     if (!(ref_name = virSecurityGetRefCountAttrName(name)))
-         return -1;
-@@ -232,6 +395,9 @@ virSecuritySetRememberedLabel(const char *name,
- 
-         if (virFileSetXAttr(path, attr_name, label) < 0)
-             return -1;
-+
-+        if (virSecurityAddTimestamp(name, path) < 0)
-+            return -1;
-     }
- 
-     if (virAsprintf(&value, "%u", refcount) < 0)
-@@ -266,9 +432,12 @@ virSecurityMoveRememberedLabel(const char *name,
-     VIR_AUTOFREE(char *) ref_value = NULL;
-     VIR_AUTOFREE(char *) attr_name = NULL;
-     VIR_AUTOFREE(char *) attr_value = NULL;
-+    VIR_AUTOFREE(char *) timestamp_name = NULL;
-+    VIR_AUTOFREE(char *) timestamp_value = NULL;
- 
-     if (!(ref_name = virSecurityGetRefCountAttrName(name)) ||
--        !(attr_name = virSecurityGetAttrName(name)))
-+        !(attr_name = virSecurityGetAttrName(name)) ||
-+        !(timestamp_name = virSecurityGetTimestampAttrName(name)))
-         return -1;
- 
-     if (virFileGetXAttrQuiet(src, ref_name, &ref_value) < 0) {
-@@ -293,6 +462,17 @@ virSecurityMoveRememberedLabel(const char *name,
-         }
-     }
- 
-+    if (virFileGetXAttrQuiet(src, timestamp_name, &timestamp_value) < 0) {
-+        if (errno == ENOSYS || errno == ENOTSUP) {
-+            return -2;
-+        } else if (errno != ENODATA) {
-+            virReportSystemError(errno,
-+                                 _("Unable to get XATTR %s on %s"),
-+                                 attr_name, src);
-+            return -1;
-+        }
-+    }
-+
-     if (ref_value &&
-         virFileRemoveXAttr(src, ref_name) < 0) {
-         return -1;
-@@ -303,6 +483,11 @@ virSecurityMoveRememberedLabel(const char *name,
-         return -1;
-     }
- 
-+    if (timestamp_value &&
-+        virFileRemoveXAttr(src, timestamp_name) < 0) {
-+        return -1;
-+    }
-+
-     if (dst) {
-         if (ref_value &&
-             virFileSetXAttr(dst, ref_name, ref_value) < 0) {
-@@ -314,6 +499,13 @@ virSecurityMoveRememberedLabel(const char *name,
-             ignore_value(virFileRemoveXAttr(dst, ref_name));
-             return -1;
-         }
-+
-+        if (timestamp_value &&
-+            virFileSetXAttr(dst, timestamp_name, timestamp_value) < 0) {
-+            ignore_value(virFileRemoveXAttr(dst, ref_name));
-+            ignore_value(virFileRemoveXAttr(dst, attr_name));
-+            return -1;
-+        }
-     }
- 
-     return 0;
-diff --git a/tests/qemusecuritymock.c b/tests/qemusecuritymock.c
-index a15eef29c9..373d64305a 100644
---- a/tests/qemusecuritymock.c
-+++ b/tests/qemusecuritymock.c
-@@ -32,6 +32,7 @@
- #include "viralloc.h"
- #include "qemusecuritytest.h"
- #include "security/security_manager.h"
-+#include "virhostuptime.h"
- 
- #define VIR_FROM_THIS VIR_FROM_NONE
- 
-@@ -488,3 +489,14 @@ virProcessRunInFork(virProcessForkCallback cb,
- {
-     return cb(-1, opaque);
- }
-+
-+
-+/* We don't really need to mock this function. The qemusecuritytest doesn't
-+ * care about the actual value. However, travis runs build and tests in a
-+ * container where utmp is missing and thus this function fails. */
-+int
-+virHostGetBootTime(unsigned long long *when)
-+{
-+    *when = 1234567890;
-+    return 0;
-+}
-diff --git a/tools/libvirt_recover_xattrs.sh b/tools/libvirt_recover_xattrs.sh
-index 58f02f8dfb..3907413c63 100755
---- a/tools/libvirt_recover_xattrs.sh
-+++ b/tools/libvirt_recover_xattrs.sh
-@@ -74,7 +74,7 @@ fi
- declare -a XATTRS
- for i in "dac" "selinux"; do
-     for p in ${LIBVIRT_XATTR_PREFIXES[@]}; do
--        XATTRS+=("$p.$i" "$p.ref_$i")
-+        XATTRS+=("$p.$i" "$p.ref_$i" "$p.timestamp_$i")
-     done
- done
- 

0007-cpu_map-Define-md-clear-CPUID-bit.patch

@@ -0,0 +1,102 @@
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Tue, 9 Apr 2019 12:35:52 +0200
+Subject: [PATCH] cpu_map: Define md-clear CPUID bit
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+
+The bit is set when microcode provides the mechanism to invoke a flush
+of various exploitable CPU buffers by invoking the VERW instruction.
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85)
+
+Conflicts:
+        src/cpu_map/x86_features.xml
+            - missing pconfig feature
+
+        tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
+        tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
+            - test data missing downstream
+
+        tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+        tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+            - intel-pt feature is missing
+	    - stibp feature is missing
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/cpu_map/x86_features.xml                               | 3 +++
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +-
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml   | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml    | 1 +
+ tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml    | 1 +
+ 5 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
+index 109c653dbc..c8ae540ccc 100644
+--- a/src/cpu_map/x86_features.xml
++++ b/src/cpu_map/x86_features.xml
+@@ -290,6 +290,9 @@
+   <feature name='avx512-4fmaps'>
+     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
+   </feature>
++  <feature name='md-clear'> <!-- md_clear -->
++    <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
++  </feature>
+   <feature name='spec-ctrl'>
+     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
+   </feature>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+index 0deca9fba6..74763a462b 100644
+--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
+@@ -2,7 +2,7 @@
+ <cpudata arch='x86'>
+   <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
+   <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+-  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
++  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
+   <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+   <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
+ </cpudata>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+index 993db80cc9..29c1fdb80a 100644
+--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
+@@ -19,6 +19,7 @@
+   <feature policy='require' name='osxsave'/>
+   <feature policy='require' name='tsc_adjust'/>
+   <feature policy='require' name='clflushopt'/>
++  <feature policy='require' name='md-clear'/>
+   <feature policy='require' name='ssbd'/>
+   <feature policy='require' name='xsaves'/>
+   <feature policy='require' name='pdpe1gb'/>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+index 074a39ba1d..2003ca9ef6 100644
+--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
+@@ -20,6 +20,7 @@
+   <feature name='osxsave'/>
+   <feature name='tsc_adjust'/>
+   <feature name='clflushopt'/>
++  <feature name='md-clear'/>
+   <feature name='ssbd'/>
+   <feature name='xsaves'/>
+   <feature name='pdpe1gb'/>
+diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+index 1984bd4cf2..d6529c59a3 100644
+--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
+@@ -5,6 +5,7 @@
+   <feature policy='require' name='hypervisor'/>
+   <feature policy='require' name='tsc_adjust'/>
+   <feature policy='require' name='clflushopt'/>
++  <feature policy='require' name='md-clear'/>
+   <feature policy='require' name='ssbd'/>
+   <feature policy='require' name='pdpe1gb'/>
+ </cpu>

0007-security_util-verify-xattrs-only-if-ref-is-present.patch

@@ -1,96 +0,0 @@
-From: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-Date: Mon, 2 Sep 2019 13:25:15 +0200
-Subject: [PATCH] security_util: verify xattrs only if ref is present
-
-After 7cfb7aab573 commit starting a domain pullutes logs with
-warnings like [1]. The reason is resource files do not
-have timestamp before starting a domain and after destroying
-domain the timestamp is cleared. Let's check the timestamp
-only if attribute with refcounter is found.
-
-[1] warning : virSecurityValidateTimestamp:198 : Invalid XATTR timestamp detected on \
-    /some/path secdriver=dac
-
-Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 7c40211a5a0fd15f5885e38dc571e81b9a3fd699)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741140
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/security/security_util.c | 36 ++++++++++++++++++++++++++++--------
- 1 file changed, 28 insertions(+), 8 deletions(-)
-
-diff --git a/src/security/security_util.c b/src/security/security_util.c
-index 31f41cedfd..865b3ec905 100644
---- a/src/security/security_util.c
-+++ b/src/security/security_util.c
-@@ -269,13 +269,9 @@ virSecurityGetRememberedLabel(const char *name,
-     VIR_AUTOFREE(char *) attr_name = NULL;
-     VIR_AUTOFREE(char *) value = NULL;
-     unsigned int refcount = 0;
--    int rc;
- 
-     *label = NULL;
- 
--    if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
--        return rc;
--
-     if (!(ref_name = virSecurityGetRefCountAttrName(name)))
-         return -1;
- 
-@@ -290,6 +286,20 @@ virSecurityGetRememberedLabel(const char *name,
-         return -1;
-     }
- 
-+    if (value) {
-+        int rc;
-+
-+        /* Do this after we've tried to get refcounter to ensure underlying FS
-+         * supports XATTRs and @path has refcounter attribute set, because
-+         * validator might throws a warning. */
-+        if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
-+            return rc;
-+
-+        /* Invalid label is like a non-existent one */
-+        if (rc == 1)
-+            return -2;
-+    }
-+
-     if (virStrToLong_ui(value, NULL, 10, &refcount) < 0) {
-         virReportError(VIR_ERR_INTERNAL_ERROR,
-                        _("malformed refcount %s on %s"),
-@@ -357,10 +367,6 @@ virSecuritySetRememberedLabel(const char *name,
-     VIR_AUTOFREE(char *) attr_name = NULL;
-     VIR_AUTOFREE(char *) value = NULL;
-     unsigned int refcount = 0;
--    int rc;
--
--    if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
--        return rc;
- 
-     if (!(ref_name = virSecurityGetRefCountAttrName(name)))
-         return -1;
-@@ -377,6 +383,20 @@ virSecuritySetRememberedLabel(const char *name,
-         }
-     }
- 
-+    if (value) {
-+        int rc;
-+
-+        /* Do this after we've tried to get refcounter to ensure underlying FS
-+         * supports XATTRs and @path has refcounter attribute set, because
-+         * validator might throws a warning. */
-+        if ((rc = virSecurityValidateTimestamp(name, path)) < 0)
-+            return rc;
-+
-+        /* Invalid label is like a non-existent one */
-+        if (rc == 1)
-+            VIR_FREE(value);
-+    }
-+
-     if (value &&
-         virStrToLong_ui(value, NULL, 10, &refcount) < 0) {
-         virReportError(VIR_ERR_INTERNAL_ERROR,

0008-admin-reject-clients-unless-their-UID-matches-the-cu.patch

@@ -0,0 +1,54 @@
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 30 Apr 2019 17:26:13 +0100
+Subject: [PATCH] admin: reject clients unless their UID matches the current
+ UID
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The admin protocol RPC messages are only intended for use by the user
+running the daemon. As such they should not be allowed for any client
+UID that does not match the server UID.
+
+Fixes CVE-2019-10132
+
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)
+---
+ src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
+index b78ff902c0..9f25813ae3 100644
+--- a/src/admin/admin_server_dispatch.c
++++ b/src/admin/admin_server_dispatch.c
+@@ -66,6 +66,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
+                    void *opaque)
+ {
+     struct daemonAdmClientPrivate *priv;
++    uid_t clientuid;
++    gid_t clientgid;
++    pid_t clientpid;
++    unsigned long long timestamp;
++
++    if (virNetServerClientGetUNIXIdentity(client,
++                                          &clientuid,
++                                          &clientgid,
++                                          &clientpid,
++                                          &timestamp) < 0)
++        return NULL;
++
++    VIR_DEBUG("New client pid %lld uid %lld",
++              (long long)clientpid,
++              (long long)clientuid);
++
++    if (geteuid() != clientuid) {
++        virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
++                                 (long long)clientpid,
++                                 (long long)clientuid);
++        return NULL;
++    }
+ 
+     if (VIR_ALLOC(priv) < 0)
+         return NULL;

0008-virSecuritySELinuxSetFileconImpl-Drop-optional-argum.patch

@@ -1,97 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:16 +0200
-Subject: [PATCH] virSecuritySELinuxSetFileconImpl: Drop @optional argument
-
-The only thing that the @optional argument does is that it makes
-the function return 1 instead of 0 if setting SELinux context
-failed in a non-critical fashion. Drop the argument then and
-return 1 in that case. This enables caller to learn if SELinux
-context was set or not.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 34712a5e3b313fb9ca2223c54ea46f626429a6c4)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740506
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/security/security_selinux.c | 35 +++++++++++++++++++++++----------
- 1 file changed, 25 insertions(+), 10 deletions(-)
-
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 9857223bbf..766f334faf 100644
---- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -1257,12 +1257,27 @@ virSecuritySELinuxGetProcessLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
-     return 0;
- }
- 
--/* Attempt to change the label of PATH to TCON.  If OPTIONAL is true,
-- * return 1 if labelling was not possible.  Otherwise, require a label
-- * change, and return 0 for success, -1 for failure.  */
-+/**
-+ * virSecuritySELinuxSetFileconImpl:
-+ * @path: path to the file to set context on
-+ * @tcon: target context to set
-+ * @privileged: whether running as privileged user
-+ *
-+ * Set @tcon SELinux context on @path. If unable to do so, check SELinux
-+ * configuration and produce sensible error message suggesting solution.
-+ * It may happen that setting context fails but hypervisor will be able to
-+ * open the @path successfully. This is because some file systems don't
-+ * support SELinux, are RO, or the @path had the correct context from the
-+ * start. If that is the case, a positive one is returned.
-+ *
-+ * Returns:  0 if context was set successfully
-+ *           1 if setting the context failed in a non-critical fashion
-+ *           -1 in case of error
-+ */
- static int
--virSecuritySELinuxSetFileconImpl(const char *path, const char *tcon,
--                                 bool optional, bool privileged)
-+virSecuritySELinuxSetFileconImpl(const char *path,
-+                                 const char *tcon,
-+                                 bool privileged)
- {
-     security_context_t econ;
- 
-@@ -1278,7 +1293,7 @@ virSecuritySELinuxSetFileconImpl(const char *path, const char *tcon,
-             if (STREQ(tcon, econ)) {
-                 freecon(econ);
-                 /* It's alright, there's nothing to change anyway. */
--                return optional ? 1 : 0;
-+                return 1;
-             }
-             freecon(econ);
-         }
-@@ -1315,9 +1330,9 @@ virSecuritySELinuxSetFileconImpl(const char *path, const char *tcon,
-                 VIR_INFO("Setting security context '%s' on '%s' not supported",
-                          tcon, path);
-             }
--            if (optional)
--                return 1;
-         }
-+
-+        return 1;
-     }
-     return 0;
- }
-@@ -1377,7 +1392,7 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
-         }
-     }
- 
--    if (virSecuritySELinuxSetFileconImpl(path, tcon, optional, privileged) < 0)
-+    if (virSecuritySELinuxSetFileconImpl(path, tcon, privileged) < 0)
-         goto cleanup;
- 
-     ret = 0;
-@@ -1542,7 +1557,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
-         }
-     }
- 
--    if (virSecuritySELinuxSetFileconImpl(newpath, fcon, false, privileged) < 0)
-+    if (virSecuritySELinuxSetFileconImpl(newpath, fcon, privileged) < 0)
-         goto cleanup;
- 
-     ret = 0;

0009-locking-restrict-sockets-to-mode-0600.patch

@@ -0,0 +1,47 @@
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 30 Apr 2019 16:51:37 +0100
+Subject: [PATCH] locking: restrict sockets to mode 0600
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The virtlockd daemon's only intended client is the libvirtd daemon. As
+such it should never allow clients from other user accounts to connect.
+The code already enforces this and drops clients from other UIDs, but
+we can get earlier (and thus stronger) protection against DoS by setting
+the socket permissions to 0600
+
+Fixes CVE-2019-10132
+
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit f111e09468693909b1f067aa575efdafd9a262a1)
+---
+ src/locking/virtlockd-admin.socket.in | 1 +
+ src/locking/virtlockd.socket.in       | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in
+index 2a7500f3d0..f674c492f7 100644
+--- a/src/locking/virtlockd-admin.socket.in
++++ b/src/locking/virtlockd-admin.socket.in
+@@ -5,6 +5,7 @@ Before=libvirtd.service
+ [Socket]
+ ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
+ Service=virtlockd.service
++SocketMode=0600
+ 
+ [Install]
+ WantedBy=sockets.target
+diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
+index 45e0f20235..d701b27516 100644
+--- a/src/locking/virtlockd.socket.in
++++ b/src/locking/virtlockd.socket.in
+@@ -4,6 +4,7 @@ Before=libvirtd.service
+ 
+ [Socket]
+ ListenStream=@localstatedir@/run/libvirt/virtlockd-sock
++SocketMode=0600
+ 
+ [Install]
+ WantedBy=sockets.target

0009-security_selinux-Drop-virSecuritySELinuxSetFileconOp.patch

@@ -1,106 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:17 +0200
-Subject: [PATCH] security_selinux: Drop virSecuritySELinuxSetFileconOptional()
-
-There is no real difference between
-virSecuritySELinuxSetFilecon() and
-virSecuritySELinuxSetFileconOptional(). Drop the latter in favour
-of the former.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 079c1d6a291869ab4ee5d7f70bfd9a0f716c508e)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740506
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/security/security_selinux.c | 53 ++++++++++++++-------------------
- 1 file changed, 22 insertions(+), 31 deletions(-)
-
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 766f334faf..87e1ba202d 100644
---- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -1419,15 +1419,6 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
- }
- 
- 
--static int
--virSecuritySELinuxSetFileconOptional(virSecurityManagerPtr mgr,
--                                     const char *path,
--                                     const char *tcon,
--                                     bool remember)
--{
--    return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, true, remember);
--}
--
- static int
- virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
-                              const char *path,
-@@ -1884,28 +1875,28 @@ virSecuritySELinuxSetImageLabelInternal(virSecurityManagerPtr mgr,
-                                            parent_seclabel->label, remember);
-     } else if (!parent || parent == src) {
-         if (src->shared) {
--            ret = virSecuritySELinuxSetFileconOptional(mgr,
--                                                       src->path,
--                                                       data->file_context,
--                                                       remember);
-+            ret = virSecuritySELinuxSetFilecon(mgr,
-+                                               src->path,
-+                                               data->file_context,
-+                                               remember);
-         } else if (src->readonly) {
--            ret = virSecuritySELinuxSetFileconOptional(mgr,
--                                                       src->path,
--                                                       data->content_context,
--                                                       remember);
-+            ret = virSecuritySELinuxSetFilecon(mgr,
-+                                               src->path,
-+                                               data->content_context,
-+                                               remember);
-         } else if (secdef->imagelabel) {
--            ret = virSecuritySELinuxSetFileconOptional(mgr,
--                                                       src->path,
--                                                       secdef->imagelabel,
--                                                       remember);
-+            ret = virSecuritySELinuxSetFilecon(mgr,
-+                                               src->path,
-+                                               secdef->imagelabel,
-+                                               remember);
-         } else {
-             ret = 0;
-         }
-     } else {
--        ret = virSecuritySELinuxSetFileconOptional(mgr,
--                                                   src->path,
--                                                   data->content_context,
--                                                   remember);
-+        ret = virSecuritySELinuxSetFilecon(mgr,
-+                                           src->path,
-+                                           data->content_context,
-+                                           remember);
-     }
- 
-     if (ret == 1 && !disk_seclabel) {
-@@ -2045,14 +2036,14 @@ virSecuritySELinuxSetSCSILabel(virSCSIDevicePtr dev,
-         return 0;
- 
-     if (virSCSIDeviceGetShareable(dev))
--        return virSecuritySELinuxSetFileconOptional(mgr, file,
--                                                    data->file_context, true);
-+        return virSecuritySELinuxSetFilecon(mgr, file,
-+                                            data->file_context, true);
-     else if (virSCSIDeviceGetReadonly(dev))
--        return virSecuritySELinuxSetFileconOptional(mgr, file,
--                                                    data->content_context, true);
-+        return virSecuritySELinuxSetFilecon(mgr, file,
-+                                            data->content_context, true);
-     else
--        return virSecuritySELinuxSetFileconOptional(mgr, file,
--                                                    secdef->imagelabel, true);
-+        return virSecuritySELinuxSetFilecon(mgr, file,
-+                                            secdef->imagelabel, true);
- }
- 
- static int

0010-logging-restrict-sockets-to-mode-0600.patch

@@ -0,0 +1,47 @@
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 30 Apr 2019 17:27:41 +0100
+Subject: [PATCH] logging: restrict sockets to mode 0600
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The virtlogd daemon's only intended client is the libvirtd daemon. As
+such it should never allow clients from other user accounts to connect.
+The code already enforces this and drops clients from other UIDs, but
+we can get earlier (and thus stronger) protection against DoS by setting
+the socket permissions to 0600
+
+Fixes CVE-2019-10132
+
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit e37bd65f9948c1185456b2cdaa3bd6e875af680f)
+---
+ src/logging/virtlogd-admin.socket.in | 1 +
+ src/logging/virtlogd.socket.in       | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in
+index 595e6c4c4b..5c41dfeb7b 100644
+--- a/src/logging/virtlogd-admin.socket.in
++++ b/src/logging/virtlogd-admin.socket.in
+@@ -5,6 +5,7 @@ Before=libvirtd.service
+ [Socket]
+ ListenStream=@localstatedir@/run/libvirt/virtlogd-admin-sock
+ Service=virtlogd.service
++SocketMode=0600
+ 
+ [Install]
+ WantedBy=sockets.target
+diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in
+index 22b9360c8d..ae48cdab9a 100644
+--- a/src/logging/virtlogd.socket.in
++++ b/src/logging/virtlogd.socket.in
+@@ -4,6 +4,7 @@ Before=libvirtd.service
+ 
+ [Socket]
+ ListenStream=@localstatedir@/run/libvirt/virtlogd-sock
++SocketMode=0600
+ 
+ [Install]
+ WantedBy=sockets.target

0010-security_selinux-Drop-optional-from-_virSecuritySELi.patch

@@ -1,126 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:18 +0200
-Subject: [PATCH] security_selinux: Drop @optional from
- _virSecuritySELinuxContextItem
-
-Now, that we don't need to remember if setting context is
-'optional' (the argument only made
-virSecuritySELinuxSetFileconImpl() return a different success
-code), we can drop it from the _virSecuritySELinuxContextItem
-structure as we don't need to remember it in transactions.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit b71d54f44707e80aae6fd01a766bb254882f5163)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740506
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/security/security_selinux.c | 16 ++++------------
- 1 file changed, 4 insertions(+), 12 deletions(-)
-
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 87e1ba202d..e5b55fccb4 100644
---- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -81,7 +81,6 @@ typedef virSecuritySELinuxContextItem *virSecuritySELinuxContextItemPtr;
- struct _virSecuritySELinuxContextItem {
-     char *path;
-     char *tcon;
--    bool optional;
-     bool remember; /* Whether owner remembering should be done for @path/@src */
-     bool restore; /* Whether current operation is 'set' or 'restore' */
- };
-@@ -122,7 +121,6 @@ static int
- virSecuritySELinuxContextListAppend(virSecuritySELinuxContextListPtr list,
-                                     const char *path,
-                                     const char *tcon,
--                                    bool optional,
-                                     bool remember,
-                                     bool restore)
- {
-@@ -135,7 +133,6 @@ virSecuritySELinuxContextListAppend(virSecuritySELinuxContextListPtr list,
-     if (VIR_STRDUP(item->path, path) < 0 || VIR_STRDUP(item->tcon, tcon) < 0)
-         goto cleanup;
- 
--    item->optional = optional;
-     item->remember = remember;
-     item->restore = restore;
- 
-@@ -170,7 +167,6 @@ virSecuritySELinuxContextListFree(void *opaque)
-  * virSecuritySELinuxTransactionAppend:
-  * @path: Path to chown
-  * @tcon: target context
-- * @optional: true if setting @tcon is optional
-  * @remember: if the original owner should be recorded/recalled
-  * @restore: if current operation is set or restore
-  *
-@@ -187,7 +183,6 @@ virSecuritySELinuxContextListFree(void *opaque)
- static int
- virSecuritySELinuxTransactionAppend(const char *path,
-                                     const char *tcon,
--                                    bool optional,
-                                     bool remember,
-                                     bool restore)
- {
-@@ -198,7 +193,7 @@ virSecuritySELinuxTransactionAppend(const char *path,
-         return 0;
- 
-     if (virSecuritySELinuxContextListAppend(list, path, tcon,
--                                            optional, remember, restore) < 0)
-+                                            remember, restore) < 0)
-         return -1;
- 
-     return 1;
-@@ -234,7 +229,6 @@ virSecuritySELinuxRecallLabel(const char *path,
- static int virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
-                                               const char *path,
-                                               const char *tcon,
--                                              bool optional,
-                                               bool remember);
- 
- 
-@@ -290,7 +284,6 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
-             rv = virSecuritySELinuxSetFileconHelper(list->manager,
-                                                     item->path,
-                                                     item->tcon,
--                                                    item->optional,
-                                                     remember);
-         } else {
-             rv = virSecuritySELinuxRestoreFileLabel(list->manager,
-@@ -1342,7 +1335,6 @@ static int
- virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
-                                    const char *path,
-                                    const char *tcon,
--                                   bool optional,
-                                    bool remember)
- {
-     bool privileged = virSecurityManagerGetPrivileged(mgr);
-@@ -1353,7 +1345,7 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
-     int ret = -1;
- 
-     if ((rc = virSecuritySELinuxTransactionAppend(path, tcon,
--                                                  optional, remember, false)) < 0)
-+                                                  remember, false)) < 0)
-         return -1;
-     else if (rc > 0)
-         return 0;
-@@ -1425,7 +1417,7 @@ virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
-                              const char *tcon,
-                              bool remember)
- {
--    return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, false, remember);
-+    return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, remember);
- }
- 
- static int
-@@ -1512,7 +1504,7 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
-     }
- 
-     if ((rc = virSecuritySELinuxTransactionAppend(path, NULL,
--                                                  false, recall, true)) < 0) {
-+                                                  recall, true)) < 0) {
-         goto cleanup;
-     } else if (rc > 0) {
-         ret = 0;

0011-api-disallow-virDomainSaveImageGetXMLDesc-on-read-on.patch

@@ -0,0 +1,80 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Fri, 14 Jun 2019 08:47:42 +0200
+Subject: [PATCH] api: disallow virDomainSaveImageGetXMLDesc on read-only
+ connections
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The virDomainSaveImageGetXMLDesc API is taking a path parameter,
+which can point to any path on the system. This file will then be
+read and parsed by libvirtd running with root privileges.
+
+Forbid it on read-only connections.
+
+Fixes: CVE-2019-10161
+Reported-by: Matthias Gerstner <mgerstner@suse.de>
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit aed6a032cead4386472afb24b16196579e239580)
+---
+ src/libvirt-domain.c         | 10 ++--------
+ src/qemu/qemu_driver.c       |  2 +-
+ src/remote/remote_protocol.x |  3 +--
+ 3 files changed, 4 insertions(+), 11 deletions(-)
+
+diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
+index ef460277f7..cda579180b 100644
+--- a/src/libvirt-domain.c
++++ b/src/libvirt-domain.c
+@@ -1073,8 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn, const char *from, const char *dxml,
+  * previously by virDomainSave() or virDomainSaveFlags().
+  *
+  * No security-sensitive data will be included unless @flags contains
+- * VIR_DOMAIN_XML_SECURE; this flag is rejected on read-only
+- * connections.  For this API, @flags should not contain either
++ * VIR_DOMAIN_XML_SECURE
+  * VIR_DOMAIN_XML_INACTIVE or VIR_DOMAIN_XML_UPDATE_CPU.
+  *
+  * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of
+@@ -1091,12 +1090,7 @@ virDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *file,
+ 
+     virCheckConnectReturn(conn, NULL);
+     virCheckNonNullArgGoto(file, error);
+-
+-    if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) {
+-        virReportError(VIR_ERR_OPERATION_DENIED, "%s",
+-                       _("virDomainSaveImageGetXMLDesc with secure flag"));
+-        goto error;
+-    }
++    virCheckReadOnlyGoto(conn->flags, error);
+ 
+     if (conn->driver->domainSaveImageGetXMLDesc) {
+         char *ret;
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 75f8699e7d..933f71c7b8 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -6791,7 +6791,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
+     if (fd < 0)
+         goto cleanup;
+ 
+-    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
++    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
+         goto cleanup;
+ 
+     ret = qemuDomainDefFormatXML(driver, def, flags);
+diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
+index 28c8febabd..52b92334fa 100644
+--- a/src/remote/remote_protocol.x
++++ b/src/remote/remote_protocol.x
+@@ -5226,8 +5226,7 @@ enum remote_procedure {
+     /**
+      * @generate: both
+      * @priority: high
+-     * @acl: domain:read
+-     * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
++     * @acl: domain:write
+      */
+     REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
+ 

0011-security_selinux-Drop-virSecuritySELinuxSetFileconHe.patch

@@ -1,83 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:19 +0200
-Subject: [PATCH] security_selinux: Drop virSecuritySELinuxSetFileconHelper
-
-This function is no longer needed because after previous commits
-it's just an alias to virSecuritySELinuxSetFilecon.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit eaa2a064fa9a7cf6220349ac8706a22593cbf607)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740506
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/security/security_selinux.c | 33 ++++++++++++---------------------
- 1 file changed, 12 insertions(+), 21 deletions(-)
-
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index e5b55fccb4..1df04d7358 100644
---- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -226,10 +226,10 @@ virSecuritySELinuxRecallLabel(const char *path,
- }
- 
- 
--static int virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
--                                              const char *path,
--                                              const char *tcon,
--                                              bool remember);
-+static int virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
-+                                        const char *path,
-+                                        const char *tcon,
-+                                        bool remember);
- 
- 
- static int virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr,
-@@ -281,10 +281,10 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
-         const bool remember = item->remember && list->lock;
- 
-         if (!item->restore) {
--            rv = virSecuritySELinuxSetFileconHelper(list->manager,
--                                                    item->path,
--                                                    item->tcon,
--                                                    remember);
-+            rv = virSecuritySELinuxSetFilecon(list->manager,
-+                                              item->path,
-+                                              item->tcon,
-+                                              remember);
-         } else {
-             rv = virSecuritySELinuxRestoreFileLabel(list->manager,
-                                                     item->path,
-@@ -1332,10 +1332,10 @@ virSecuritySELinuxSetFileconImpl(const char *path,
- 
- 
- static int
--virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
--                                   const char *path,
--                                   const char *tcon,
--                                   bool remember)
-+virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
-+                             const char *path,
-+                             const char *tcon,
-+                             bool remember)
- {
-     bool privileged = virSecurityManagerGetPrivileged(mgr);
-     security_context_t econ = NULL;
-@@ -1411,15 +1411,6 @@ virSecuritySELinuxSetFileconHelper(virSecurityManagerPtr mgr,
- }
- 
- 
--static int
--virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
--                             const char *path,
--                             const char *tcon,
--                             bool remember)
--{
--    return virSecuritySELinuxSetFileconHelper(mgr, path, tcon, remember);
--}
--
- static int
- virSecuritySELinuxFSetFilecon(int fd, char *tcon)
- {

0012-api-disallow-virDomainManagedSaveDefineXML-on-read-o.patch

@@ -0,0 +1,33 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Fri, 14 Jun 2019 09:14:53 +0200
+Subject: [PATCH] api: disallow virDomainManagedSaveDefineXML on read-only
+ connections
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The virDomainManagedSaveDefineXML can be used to alter the domain's
+config used for managedsave or even execute arbitrary emulator binaries.
+Forbid it on read-only connections.
+
+Fixes: CVE-2019-10166
+Reported-by: Matthias Gerstner <mgerstner@suse.de>
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a)
+---
+ src/libvirt-domain.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
+index cda579180b..4c0355180e 100644
+--- a/src/libvirt-domain.c
++++ b/src/libvirt-domain.c
+@@ -9483,6 +9483,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, const char *dxml,
+ 
+     virCheckDomainReturn(domain, -1);
+     conn = domain->conn;
++    virCheckReadOnlyGoto(conn->flags, error);
+ 
+     if (conn->driver->domainManagedSaveDefineXML) {
+         int ret;

0012-security_selinux-Play-nicely-with-network-FS-that-on.patch

@@ -1,49 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:20 +0200
-Subject: [PATCH] security_selinux: Play nicely with network FS that only
- emulates SELinux
-
-There are some network file systems that do support XATTRs (e.g.
-gluster via FUSE). And they appear to support SELinux too.
-However, not really. Problem is, that it is impossible to change
-SELinux label of a file stored there, and yet we claim success
-(rightfully - hypervisor succeeds in opening the file). But this
-creates a problem for us - from XATTR bookkeeping POV, we haven't
-changed the label and thus if we remembered any label, we must
-roll back and remove it.
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740506
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 8fe953805a535097cf3b819b3b68fbfb166efed4)
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/security/security_selinux.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 1df04d7358..39d616ba44 100644
---- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -1384,12 +1384,18 @@ virSecuritySELinuxSetFilecon(virSecurityManagerPtr mgr,
-         }
-     }
- 
--    if (virSecuritySELinuxSetFileconImpl(path, tcon, privileged) < 0)
-+    rc = virSecuritySELinuxSetFileconImpl(path, tcon, privileged);
-+    if (rc < 0)
-         goto cleanup;
- 
-+    /* Do not try restoring the label if it was not changed
-+     * (setting it failed in a non-critical fashion) */
-+    if (rc == 0)
-+        rollback = false;
-+
-     ret = 0;
-  cleanup:
--    if (ret < 0 && rollback) {
-+    if (rollback) {
-         virErrorPtr origerr;
- 
-         virErrorPreserveLast(&origerr);

0013-api-disallow-virConnectGetDomainCapabilities-on-read.patch

@@ -0,0 +1,31 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Fri, 14 Jun 2019 09:16:14 +0200
+Subject: [PATCH] api: disallow virConnectGetDomainCapabilities on read-only
+ connections
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This API can be used to execute arbitrary emulators.
+Forbid it on read-only connections.
+
+Fixes: CVE-2019-10167
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26)
+---
+ src/libvirt-domain.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
+index 4c0355180e..8ecb964381 100644
+--- a/src/libvirt-domain.c
++++ b/src/libvirt-domain.c
+@@ -11275,6 +11275,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn,
+     virResetLastError();
+ 
+     virCheckConnectReturn(conn, NULL);
++    virCheckReadOnlyGoto(conn->flags, error);
+ 
+     if (conn->driver->connectGetDomainCapabilities) {
+         char *ret;

0013-qemu_blockjob-Print-image-path-on-failed-security-me.patch

@@ -1,42 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:21 +0200
-Subject: [PATCH] qemu_blockjob: Print image path on failed security metadata
- move too
-
-When a block job is completed, the security image metadata are
-moved to the new image. If this fails an warning is printed, but
-the message contains only domain name and lacks image paths. Put
-them both into the warning message.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-ACKed-by: Peter Krempa <pkrempa@redhat.com>
-(cherry picked from commit 7f99d8a739c01a280ca0c173ecd6051a92f0c897)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741456
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/qemu/qemu_blockjob.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c
-index a5b558b9ab..b3c0f784cd 100644
---- a/src/qemu/qemu_blockjob.c
-+++ b/src/qemu/qemu_blockjob.c
-@@ -584,8 +584,14 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverPtr driver,
-         virDomainLockImageDetach(driver->lockManager, vm, disk->src);
- 
-         /* Move secret driver metadata */
--        if (qemuSecurityMoveImageMetadata(driver, vm, disk->src, disk->mirror) < 0)
--            VIR_WARN("Unable to move disk metadata on vm %s", vm->def->name);
-+        if (qemuSecurityMoveImageMetadata(driver, vm, disk->src, disk->mirror) < 0) {
-+            VIR_WARN("Unable to move disk metadata on "
-+                     "vm %s from %s to %s (disk target %s)",
-+                     vm->def->name,
-+                     NULLSTR(disk->src->path),
-+                     NULLSTR(disk->mirror->path),
-+                     disk->dst);
-+        }
- 
-         virObjectUnref(disk->src);
-         disk->src = disk->mirror;

0014-api-disallow-virConnect-HypervisorCPU-on-read-only-c.patch

@@ -0,0 +1,39 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Fri, 14 Jun 2019 09:17:39 +0200
+Subject: [PATCH] api: disallow virConnect*HypervisorCPU on read-only
+ connections
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+These APIs can be used to execute arbitrary emulators.
+Forbid them on read-only connections.
+
+Fixes: CVE-2019-10168
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit bf6c2830b6c338b1f5699b095df36f374777b291)
+---
+ src/libvirt-host.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/libvirt-host.c b/src/libvirt-host.c
+index e20d6ee250..2978825d22 100644
+--- a/src/libvirt-host.c
++++ b/src/libvirt-host.c
+@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnectPtr conn,
+ 
+     virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR);
+     virCheckNonNullArgGoto(xmlCPU, error);
++    virCheckReadOnlyGoto(conn->flags, error);
+ 
+     if (conn->driver->connectCompareHypervisorCPU) {
+         int ret;
+@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConnectPtr conn,
+ 
+     virCheckConnectReturn(conn, NULL);
+     virCheckNonNullArgGoto(xmlCPUs, error);
++    virCheckReadOnlyGoto(conn->flags, error);
+ 
+     if (conn->driver->connectBaselineHypervisorCPU) {
+         char *cpu;

0014-qemu_blockjob-Remove-secdriver-metadata-more-frequen.patch

@@ -1,79 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 2 Sep 2019 13:25:22 +0200
-Subject: [PATCH] qemu_blockjob: Remove secdriver metadata more frequently
-
-If a block job reaches failed/cancelled state, or is completed
-without pivot then we must remove security driver metadata
-associated to the backing chain so that we don't leave any
-metadata behind.
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741456
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-ACKed-by: Peter Krempa <pkrempa@redhat.com>
-(cherry picked from commit 16fb3c8b83fb39f9931e942f7d1738ffe024d234)
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-
-Conflicts:
-- src/qemu/qemu_blockjob.c:
-qemuBlockJobProcessEventFailedActiveCommit() doesn't exist as
-v5.7.0-rc2~2 isn't backported (blockdev is not going to be
-enabled with RHEL-AV-8.1.0).
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/qemu/qemu_blockjob.c | 32 ++++++++++++++++++++++++++++++++
- 1 file changed, 32 insertions(+)
-
-diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c
-index b3c0f784cd..beda9bd64e 100644
---- a/src/qemu/qemu_blockjob.c
-+++ b/src/qemu/qemu_blockjob.c
-@@ -597,7 +597,23 @@ qemuBlockJobEventProcessLegacyCompleted(virQEMUDriverPtr driver,
-         disk->src = disk->mirror;
-     } else {
-         if (disk->mirror) {
-+            virStorageSourcePtr n;
-+
-             virDomainLockImageDetach(driver->lockManager, vm, disk->mirror);
-+
-+            /* Ideally, we would restore seclabels on the backing chain here
-+             * but we don't know if somebody else is not using parts of it.
-+             * Remove security driver metadata so that they are not leaked. */
-+            for (n = disk->mirror; virStorageSourceIsBacking(n); n = n->backingStore) {
-+                if (qemuSecurityMoveImageMetadata(driver, vm, n, NULL) < 0) {
-+                    VIR_WARN("Unable to remove disk metadata on "
-+                             "vm %s from %s (disk target %s)",
-+                             vm->def->name,
-+                             NULLSTR(disk->src->path),
-+                             disk->dst);
-+                }
-+            }
-+
-             virObjectUnref(disk->mirror);
-         }
-     }
-@@ -666,7 +682,23 @@ qemuBlockJobEventProcessLegacy(virQEMUDriverPtr driver,
-     case VIR_DOMAIN_BLOCK_JOB_FAILED:
-     case VIR_DOMAIN_BLOCK_JOB_CANCELED:
-         if (disk->mirror) {
-+            virStorageSourcePtr n;
-+
-             virDomainLockImageDetach(driver->lockManager, vm, disk->mirror);
-+
-+            /* Ideally, we would restore seclabels on the backing chain here
-+             * but we don't know if somebody else is not using parts of it.
-+             * Remove security driver metadata so that they are not leaked. */
-+            for (n = disk->mirror; virStorageSourceIsBacking(n); n = n->backingStore) {
-+                if (qemuSecurityMoveImageMetadata(driver, vm, n, NULL) < 0) {
-+                    VIR_WARN("Unable to remove disk metadata on "
-+                             "vm %s from %s (disk target %s)",
-+                             vm->def->name,
-+                             NULLSTR(disk->src->path),
-+                             disk->dst);
-+                }
-+            }
-+
-             virObjectUnref(disk->mirror);
-             disk->mirror = NULL;
-         }

0015-api-disallow-virDomainGetHostname-for-read-only-conn.patch

@@ -0,0 +1,32 @@
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Wed, 27 Mar 2019 10:59:58 +0000
+Subject: [PATCH] api: disallow virDomainGetHostname for read-only connections
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The virDomainGetHostname API is fetching guest information and this may
+involve use of an untrusted guest agent. As such its use must be
+forbidden on a read-only connection to libvirt.
+
+Fixes CVE-2019-3886
+Reviewed-by: Jim Fehlig <jfehlig@suse.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 2a07c990bd9143d7a0fe8d1b6b7c763c52185240)
+---
+ src/libvirt-domain.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
+index 8ecb964381..cc2f61275d 100644
+--- a/src/libvirt-domain.c
++++ b/src/libvirt-domain.c
+@@ -10940,6 +10940,8 @@ virDomainGetHostname(virDomainPtr domain, unsigned int flags)
+     virCheckDomainReturn(domain, NULL);
+     conn = domain->conn;
+ 
++    virCheckReadOnlyGoto(domain->conn->flags, error);
++
+     if (conn->driver->domainGetHostname) {
+         char *ret;
+         ret = conn->driver->domainGetHostname(domain, flags);

0016-remote-enforce-ACL-write-permission-for-getting-gues.patch

@@ -0,0 +1,42 @@
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Wed, 27 Mar 2019 11:22:49 +0000
+Subject: [PATCH] remote: enforce ACL write permission for getting guest time &
+ hostname
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Getting the guest time and hostname both require use of guest agent
+commands. These must not be allowed for read-only users, so the
+permissions check must validate "write" permission not "read".
+
+Fixes CVE-2019-3886
+Reviewed-by: Jim Fehlig <jfehlig@suse.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit ae076bb40e0e150aef41361b64001138d04d6c60)
+---
+ src/remote/remote_protocol.x | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
+index 52b92334fa..58ab4ab039 100644
+--- a/src/remote/remote_protocol.x
++++ b/src/remote/remote_protocol.x
+@@ -5496,7 +5496,7 @@ enum remote_procedure {
+ 
+     /**
+      * @generate: both
+-     * @acl: domain:read
++     * @acl: domain:write
+      */
+     REMOTE_PROC_DOMAIN_GET_HOSTNAME = 277,
+ 
+@@ -5891,7 +5891,7 @@ enum remote_procedure {
+ 
+     /**
+      * @generate: none
+-     * @acl: domain:read
++     * @acl: domain:write
+      */
+     REMOTE_PROC_DOMAIN_GET_TIME = 337,
+ 

0017-Revert-qemu-hotplug-Prepare-disk-source-in-qemuDomai.patch

@@ -0,0 +1,75 @@
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Mon, 24 Sep 2018 16:49:01 +0200
+Subject: [PATCH] Revert "qemu: hotplug: Prepare disk source in
+ qemuDomainAttachDeviceDiskLive"
+
+Preparing the storage source prior to assigning the alias will not work
+as the names of the certain objects depend on the alias for the legacy
+hotplug case as we generate the object names for the secrets based on
+the alias.
+
+This reverts commit 192fdaa614e3800255048a8a70c1292ccf18397a.
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+(cherry picked from commit 9ac196997839a29486029a02d8f519df54ae0186)
+---
+ src/qemu/qemu_hotplug.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
+index 4f290b5648..421cc2c174 100644
+--- a/src/qemu/qemu_hotplug.c
++++ b/src/qemu/qemu_hotplug.c
+@@ -781,6 +781,7 @@ qemuDomainAttachDiskGeneric(virQEMUDriverPtr driver,
+     qemuDomainObjPrivatePtr priv = vm->privateData;
+     qemuHotplugDiskSourceDataPtr diskdata = NULL;
+     char *devstr = NULL;
++    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+ 
+     if (qemuHotplugPrepareDiskAccess(driver, vm, disk, NULL, false) < 0)
+         goto cleanup;
+@@ -788,6 +789,9 @@ qemuDomainAttachDiskGeneric(virQEMUDriverPtr driver,
+     if (qemuAssignDeviceDiskAlias(vm->def, disk, priv->qemuCaps) < 0)
+         goto error;
+ 
++    if (qemuDomainPrepareDiskSource(disk, priv, cfg) < 0)
++        goto error;
++
+     if (!(diskdata = qemuHotplugDiskSourceAttachPrepare(disk, priv->qemuCaps)))
+         goto error;
+ 
+@@ -822,6 +826,7 @@ qemuDomainAttachDiskGeneric(virQEMUDriverPtr driver,
+     qemuHotplugDiskSourceDataFree(diskdata);
+     qemuDomainSecretDiskDestroy(disk);
+     VIR_FREE(devstr);
++    virObjectUnref(cfg);
+     return ret;
+ 
+  exit_monitor:
+@@ -1062,8 +1067,6 @@ qemuDomainAttachDeviceDiskLive(virQEMUDriverPtr driver,
+                                bool forceMediaChange)
+ {
+     size_t i;
+-    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+-    qemuDomainObjPrivatePtr priv = vm->privateData;
+     virDomainDiskDefPtr disk = dev->data.disk;
+     virDomainDiskDefPtr orig_disk = NULL;
+     int ret = -1;
+@@ -1080,9 +1083,6 @@ qemuDomainAttachDeviceDiskLive(virQEMUDriverPtr driver,
+     if (qemuDomainDetermineDiskChain(driver, vm, disk, true) < 0)
+         goto cleanup;
+ 
+-    if (qemuDomainPrepareDiskSource(disk, priv, cfg) < 0)
+-        goto cleanup;
+-
+     switch ((virDomainDiskDevice) disk->device)  {
+     case VIR_DOMAIN_DISK_DEVICE_CDROM:
+     case VIR_DOMAIN_DISK_DEVICE_FLOPPY:
+@@ -1153,7 +1153,6 @@ qemuDomainAttachDeviceDiskLive(virQEMUDriverPtr driver,
+  cleanup:
+     if (ret != 0)
+         ignore_value(qemuRemoveSharedDevice(driver, dev, vm->def->name));
+-    virObjectUnref(cfg);
+     return ret;
+ }
+ 

0018-util-Fixing-invalid-error-checking-from-virPCIGetNet.patch

@@ -0,0 +1,29 @@
+From: Radoslaw Biernacki <radoslaw.biernacki@linaro.org>
+Date: Tue, 22 Jan 2019 12:26:15 -0700
+Subject: [PATCH] util: Fixing invalid error checking from virPCIGetNetname()
+
+The @linkdev is In/Out function parameter as second order
+reference pointer so requires first order dereference for
+checking NULL which can be the result of virPCIGetNetName().
+
+Fixes: d6ee56d7237 (util: change virPCIGetNetName() to not return error if device has no net name)
+Signed-off-by: Radoslaw Biernacki <radoslaw.biernacki@linaro.org>
+Signed-off-by: dann frazier <dann.frazier@canonical.com>
+(cherry picked from commit 04983c3c6a821f67994b1c65d4d6175f3ac49d69)
+---
+ src/util/virhostdev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/util/virhostdev.c b/src/util/virhostdev.c
+index ca79c37787..d9a3711386 100644
+--- a/src/util/virhostdev.c
++++ b/src/util/virhostdev.c
+@@ -319,7 +319,7 @@ virHostdevNetDevice(virDomainHostdevDefPtr hostdev,
+         if (virPCIGetNetName(sysfs_path, 0, NULL, linkdev) < 0)
+             return -1;
+ 
+-        if (!linkdev) {
++        if (!(*linkdev)) {
+             virReportError(VIR_ERR_INTERNAL_ERROR,
+                            _("The device at %s has no network device name"),
+                              sysfs_path);

0019-tests-merge-code-for-UNIX-and-TCP-socket-testing.patch

@@ -0,0 +1,203 @@
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 1 May 2018 11:34:51 +0100
+Subject: [PATCH] tests: merge code for UNIX and TCP socket testing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The test code for UNIX and TCP sockets will need to be rewritten and
+extended later, and will benefit from code sharing.
+
+Reviewed-by: Andrea Bolognani <abologna@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 9e2fad87b429060842a536de26d6af61ea3d96ea)
+---
+ tests/virnetsockettest.c | 120 +++++++++++++++++----------------------
+ 1 file changed, 51 insertions(+), 69 deletions(-)
+
+diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
+index 9f9a243484..e463d432ff 100644
+--- a/tests/virnetsockettest.c
++++ b/tests/virnetsockettest.c
+@@ -116,38 +116,67 @@ checkProtocols(bool *hasIPv4, bool *hasIPv6,
+ }
+ 
+ 
+-struct testTCPData {
++struct testSocketData {
+     const char *lnode;
+     int port;
+     const char *cnode;
+ };
+ 
+-static int testSocketTCPAccept(const void *opaque)
++static int testSocketAccept(const void *opaque)
+ {
+     virNetSocketPtr *lsock = NULL; /* Listen socket */
+     size_t nlsock = 0, i;
+     virNetSocketPtr ssock = NULL; /* Server socket */
+     virNetSocketPtr csock = NULL; /* Client socket */
+-    const struct testTCPData *data = opaque;
++    const struct testSocketData *data = opaque;
+     int ret = -1;
+     char portstr[100];
++    char *tmpdir = NULL;
++    char *path = NULL;
++    char template[] = "/tmp/libvirt_XXXXXX";
+ 
+-    snprintf(portstr, sizeof(portstr), "%d", data->port);
++    if (!data) {
++        virNetSocketPtr usock;
++        tmpdir = mkdtemp(template);
++        if (tmpdir == NULL) {
++            VIR_WARN("Failed to create temporary directory");
++            goto cleanup;
++        }
++        if (virAsprintf(&path, "%s/test.sock", tmpdir) < 0)
++            goto cleanup;
+ 
+-    if (virNetSocketNewListenTCP(data->lnode, portstr,
+-                                 AF_UNSPEC,
+-                                 &lsock, &nlsock) < 0)
+-        goto cleanup;
++        if (virNetSocketNewListenUNIX(path, 0700, -1, getegid(), &usock) < 0)
++            goto cleanup;
++
++        if (VIR_ALLOC_N(lsock, 1) < 0) {
++            virObjectUnref(usock);
++            goto cleanup;
++        }
++
++        lsock[0] = usock;
++        nlsock = 1;
++    } else {
++        snprintf(portstr, sizeof(portstr), "%d", data->port);
++        if (virNetSocketNewListenTCP(data->lnode, portstr,
++                                     AF_UNSPEC,
++                                     &lsock, &nlsock) < 0)
++            goto cleanup;
++    }
+ 
+     for (i = 0; i < nlsock; i++) {
+         if (virNetSocketListen(lsock[i], 0) < 0)
+             goto cleanup;
+     }
+ 
+-    if (virNetSocketNewConnectTCP(data->cnode, portstr,
+-                                  AF_UNSPEC,
+-                                  &csock) < 0)
+-        goto cleanup;
++    if (!data) {
++        if (virNetSocketNewConnectUNIX(path, false, NULL, &csock) < 0)
++            goto cleanup;
++    } else {
++        if (virNetSocketNewConnectTCP(data->cnode, portstr,
++                                      AF_UNSPEC,
++                                      &csock) < 0)
++            goto cleanup;
++    }
+ 
+     virObjectUnref(csock);
+ 
+@@ -171,62 +200,15 @@ static int testSocketTCPAccept(const void *opaque)
+     for (i = 0; i < nlsock; i++)
+         virObjectUnref(lsock[i]);
+     VIR_FREE(lsock);
+-    return ret;
+-}
+-#endif
+-
+-
+-#ifndef WIN32
+-static int testSocketUNIXAccept(const void *data ATTRIBUTE_UNUSED)
+-{
+-    virNetSocketPtr lsock = NULL; /* Listen socket */
+-    virNetSocketPtr ssock = NULL; /* Server socket */
+-    virNetSocketPtr csock = NULL; /* Client socket */
+-    int ret = -1;
+-
+-    char *path = NULL;
+-    char *tmpdir;
+-    char template[] = "/tmp/libvirt_XXXXXX";
+-
+-    tmpdir = mkdtemp(template);
+-    if (tmpdir == NULL) {
+-        VIR_WARN("Failed to create temporary directory");
+-        goto cleanup;
+-    }
+-    if (virAsprintf(&path, "%s/test.sock", tmpdir) < 0)
+-        goto cleanup;
+-
+-    if (virNetSocketNewListenUNIX(path, 0700, -1, getegid(), &lsock) < 0)
+-        goto cleanup;
+-
+-    if (virNetSocketListen(lsock, 0) < 0)
+-        goto cleanup;
+-
+-    if (virNetSocketNewConnectUNIX(path, false, NULL, &csock) < 0)
+-        goto cleanup;
+-
+-    virObjectUnref(csock);
+-
+-    if (virNetSocketAccept(lsock, &ssock) != -1) {
+-        char c = 'a';
+-        if (virNetSocketWrite(ssock, &c, 1) != -1) {
+-            VIR_DEBUG("Unexpected client socket present");
+-            goto cleanup;
+-        }
+-    }
+-
+-    ret = 0;
+-
+- cleanup:
+     VIR_FREE(path);
+-    virObjectUnref(lsock);
+-    virObjectUnref(ssock);
+     if (tmpdir)
+         rmdir(tmpdir);
+     return ret;
+ }
++#endif
+ 
+ 
++#ifndef WIN32
+ static int testSocketUNIXAddrs(const void *data ATTRIBUTE_UNUSED)
+ {
+     virNetSocketPtr lsock = NULL; /* Listen socket */
+@@ -456,28 +438,28 @@ mymain(void)
+     }
+ 
+     if (hasIPv4) {
+-        struct testTCPData tcpData = { "127.0.0.1", freePort, "127.0.0.1" };
+-        if (virTestRun("Socket TCP/IPv4 Accept", testSocketTCPAccept, &tcpData) < 0)
++        struct testSocketData tcpData = { "127.0.0.1", freePort, "127.0.0.1" };
++        if (virTestRun("Socket TCP/IPv4 Accept", testSocketAccept, &tcpData) < 0)
+             ret = -1;
+     }
+     if (hasIPv6) {
+-        struct testTCPData tcpData = { "::1", freePort, "::1" };
+-        if (virTestRun("Socket TCP/IPv6 Accept", testSocketTCPAccept, &tcpData) < 0)
++        struct testSocketData tcpData = { "::1", freePort, "::1" };
++        if (virTestRun("Socket TCP/IPv6 Accept", testSocketAccept, &tcpData) < 0)
+             ret = -1;
+     }
+     if (hasIPv6 && hasIPv4) {
+-        struct testTCPData tcpData = { NULL, freePort, "127.0.0.1" };
+-        if (virTestRun("Socket TCP/IPv4+IPv6 Accept", testSocketTCPAccept, &tcpData) < 0)
++        struct testSocketData tcpData = { NULL, freePort, "127.0.0.1" };
++        if (virTestRun("Socket TCP/IPv4+IPv6 Accept", testSocketAccept, &tcpData) < 0)
+             ret = -1;
+ 
+         tcpData.cnode = "::1";
+-        if (virTestRun("Socket TCP/IPv4+IPv6 Accept", testSocketTCPAccept, &tcpData) < 0)
++        if (virTestRun("Socket TCP/IPv4+IPv6 Accept", testSocketAccept, &tcpData) < 0)
+             ret = -1;
+     }
+ #endif
+ 
+ #ifndef WIN32
+-    if (virTestRun("Socket UNIX Accept", testSocketUNIXAccept, NULL) < 0)
++    if (virTestRun("Socket UNIX Accept", testSocketAccept, NULL) < 0)
+         ret = -1;
+ 
+     if (virTestRun("Socket UNIX Addrs", testSocketUNIXAddrs, NULL) < 0)

0020-tests-rewrite-socket-to-do-something-sensible-and-re.patch

@@ -0,0 +1,241 @@
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 1 May 2018 11:55:02 +0100
+Subject: [PATCH] tests: rewrite socket to do something sensible and reliable
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The current socket test is rather crazy in that it sets up a server
+listening for sockets and then runs a client connect call, relying on
+the fact that the kernel will accept this despite the application
+not having called accept() yet. It then closes the client socket and
+calls accept() on the server. On Linux accept() will always see that
+the client has gone and so skip the rest of the code. On FreeBSD,
+however, the accept sometimes succeeds, causing us to then go into
+code that attempts to read and write to the client which will fail
+aborting the test. The accept() never succeeds on FreeBSD guests
+with a single CPU, but as you add more CPUs, accept() becomes more and
+more likely to succeed, giving a 100% failure rate for the test when
+using 8 CPUs.
+
+This completely rewrites the test so that it is avoids this designed in
+race condition. We simply spawn a background thread to act as the
+client, which will read a byte from the server and write it back again.
+The main thread can now properly listen and accept the client in a
+synchronous manner avoiding any races.
+
+Reviewed-by: Andrea Bolognani <abologna@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 39015a6f3a0d4f9ca2041b9227094f0bcc2217e9)
+---
+ tests/virnetsockettest.c | 141 +++++++++++++++++++++++++++++++++------
+ 1 file changed, 120 insertions(+), 21 deletions(-)
+
+diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
+index e463d432ff..cccb90d0be 100644
+--- a/tests/virnetsockettest.c
++++ b/tests/virnetsockettest.c
+@@ -115,6 +115,56 @@ checkProtocols(bool *hasIPv4, bool *hasIPv6,
+     return ret;
+ }
+ 
++struct testClientData {
++    const char *path;
++    const char *cnode;
++    const char *portstr;
++};
++
++static void
++testSocketClient(void *opaque)
++{
++    struct testClientData *data = opaque;
++    char c;
++    virNetSocketPtr csock = NULL;
++
++    if (data->path) {
++        if (virNetSocketNewConnectUNIX(data->path, false,
++                                       NULL, &csock) < 0)
++            return;
++    } else {
++        if (virNetSocketNewConnectTCP(data->cnode, data->portstr,
++                                      AF_UNSPEC,
++                                      &csock) < 0)
++            return;
++    }
++
++    virNetSocketSetBlocking(csock, true);
++
++    if (virNetSocketRead(csock, &c, 1) != 1) {
++        VIR_DEBUG("Cannot read from server");
++        goto done;
++    }
++    if (virNetSocketWrite(csock, &c, 1) != 1) {
++        VIR_DEBUG("Cannot write to server");
++        goto done;
++    }
++
++ done:
++    virObjectUnref(csock);
++}
++
++
++static void
++testSocketIncoming(virNetSocketPtr sock,
++                   int events ATTRIBUTE_UNUSED,
++                   void *opaque)
++{
++    virNetSocketPtr *retsock = opaque;
++    VIR_DEBUG("Incoming sock=%p events=%d\n", sock, events);
++    *retsock = sock;
++}
++
+ 
+ struct testSocketData {
+     const char *lnode;
+@@ -122,18 +172,25 @@ struct testSocketData {
+     const char *cnode;
+ };
+ 
+-static int testSocketAccept(const void *opaque)
++
++static int
++testSocketAccept(const void *opaque)
+ {
+     virNetSocketPtr *lsock = NULL; /* Listen socket */
+     size_t nlsock = 0, i;
+     virNetSocketPtr ssock = NULL; /* Server socket */
+-    virNetSocketPtr csock = NULL; /* Client socket */
++    virNetSocketPtr rsock = NULL; /* Incoming client socket */
+     const struct testSocketData *data = opaque;
+     int ret = -1;
+     char portstr[100];
+     char *tmpdir = NULL;
+     char *path = NULL;
+     char template[] = "/tmp/libvirt_XXXXXX";
++    virThread th;
++    struct testClientData cdata = { 0 };
++    bool goodsock = false;
++    char a = 'a';
++    char b = '\0';
+ 
+     if (!data) {
+         virNetSocketPtr usock;
+@@ -155,50 +212,90 @@ static int testSocketAccept(const void *opaque)
+ 
+         lsock[0] = usock;
+         nlsock = 1;
++
++        cdata.path = path;
+     } else {
+         snprintf(portstr, sizeof(portstr), "%d", data->port);
+         if (virNetSocketNewListenTCP(data->lnode, portstr,
+                                      AF_UNSPEC,
+                                      &lsock, &nlsock) < 0)
+             goto cleanup;
++
++        cdata.cnode = data->cnode;
++        cdata.portstr = portstr;
+     }
+ 
+     for (i = 0; i < nlsock; i++) {
+         if (virNetSocketListen(lsock[i], 0) < 0)
+             goto cleanup;
+-    }
+ 
+-    if (!data) {
+-        if (virNetSocketNewConnectUNIX(path, false, NULL, &csock) < 0)
+-            goto cleanup;
+-    } else {
+-        if (virNetSocketNewConnectTCP(data->cnode, portstr,
+-                                      AF_UNSPEC,
+-                                      &csock) < 0)
++        if (virNetSocketAddIOCallback(lsock[i],
++                                      VIR_EVENT_HANDLE_READABLE,
++                                      testSocketIncoming,
++                                      &rsock,
++                                      NULL) < 0) {
+             goto cleanup;
++        }
+     }
+ 
+-    virObjectUnref(csock);
++    if (virThreadCreate(&th, true,
++                        testSocketClient,
++                        &cdata) < 0)
++        goto cleanup;
++
++    while (rsock == NULL)
++        virEventRunDefaultImpl();
+ 
+     for (i = 0; i < nlsock; i++) {
+-        if (virNetSocketAccept(lsock[i], &ssock) != -1 && ssock) {
+-            char c = 'a';
+-            if (virNetSocketWrite(ssock, &c, 1) != -1 &&
+-                virNetSocketRead(ssock, &c, 1) != -1) {
+-                VIR_DEBUG("Unexpected client socket present");
+-                goto cleanup;
+-            }
++        if (lsock[i] == rsock) {
++            goodsock = true;
++            break;
+         }
+-        virObjectUnref(ssock);
+-        ssock = NULL;
+     }
+ 
++    if (!goodsock) {
++        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
++                       "Unexpected server socket seen");
++        goto join;
++    }
++
++    if (virNetSocketAccept(rsock, &ssock) < 0)
++        goto join;
++
++    if (!ssock) {
++        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
++                       "Client went away unexpectedly");
++        goto join;
++    }
++
++    virNetSocketSetBlocking(ssock, true);
++
++    if (virNetSocketWrite(ssock, &a, 1) < 0 ||
++        virNetSocketRead(ssock, &b, 1) < 0) {
++        goto join;
++    }
++
++    if (a != b) {
++        virReportError(VIR_ERR_INTERNAL_ERROR,
++                       "Bad data received '%x' != '%x'", a, b);
++        goto join;
++    }
++
++    virObjectUnref(ssock);
++    ssock = NULL;
++
+     ret = 0;
+ 
++ join:
++    virThreadJoin(&th);
++
+  cleanup:
+     virObjectUnref(ssock);
+-    for (i = 0; i < nlsock; i++)
++    for (i = 0; i < nlsock; i++) {
++        virNetSocketRemoveIOCallback(lsock[i]);
++        virNetSocketClose(lsock[i]);
+         virObjectUnref(lsock[i]);
++    }
+     VIR_FREE(lsock);
+     VIR_FREE(path);
+     if (tmpdir)
+@@ -431,6 +528,8 @@ mymain(void)
+ 
+     signal(SIGPIPE, SIG_IGN);
+ 
++    virEventRegisterDefaultImpl();
++
+ #ifdef HAVE_IFADDRS_H
+     if (checkProtocols(&hasIPv4, &hasIPv6, &freePort) < 0) {
+         fprintf(stderr, "Cannot identify IPv4/6 availability\n");

0021-test-Remove-possible-infinite-loop-in-virnetsockette.patch

@@ -0,0 +1,34 @@
+From: John Ferlan <jferlan@redhat.com>
+Date: Fri, 7 Sep 2018 08:20:15 -0400
+Subject: [PATCH] test: Remove possible infinite loop in virnetsockettest
+
+Commit 39015a6f3 modified the test to be more reliable/realistic,
+but without checking the return status of virEventRunDefaultImpl
+it's possible that the test could run infinitely.
+
+Found by Coverity
+
+Signed-off-by: John Ferlan <jferlan@redhat.com>
+ACKed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit a0ba31c0069e89f178f064e724ddbc8540b64d32)
+---
+ tests/virnetsockettest.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
+index cccb90d0be..5927be1f80 100644
+--- a/tests/virnetsockettest.c
++++ b/tests/virnetsockettest.c
+@@ -243,8 +243,10 @@ testSocketAccept(const void *opaque)
+                         &cdata) < 0)
+         goto cleanup;
+ 
+-    while (rsock == NULL)
+-        virEventRunDefaultImpl();
++    while (rsock == NULL) {
++        if (virEventRunDefaultImpl() < 0)
++            break;
++    }
+ 
+     for (i = 0; i < nlsock; i++) {
+         if (lsock[i] == rsock) {

0101-Revert-tpm-Check-TPM-XML-device-configuration-change.patch

@@ -1,192 +0,0 @@
-From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
-Date: Fri, 9 Aug 2019 10:48:35 +0200
-Subject: [PATCH] Revert "tpm: Check TPM XML device configuration changes after
- edit"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Redefining a domain via virDomainDefineXML should not give different results
-based on an already existing definition.
-
-Also, there's a crasher somewhere in the code:
-https://bugzilla.redhat.com/show_bug.cgi?id=1739338
-
-This reverts commit 94b3aa55f83ada33a9fdda66068d58ef1a56c0a5
-
-Signed-off-by: Ján Tomko <jtomko@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit d8326cb8826170019c74018511d76c58665ab282)
----
- src/conf/domain_conf.c    | 56 ---------------------------------------
- src/conf/domain_conf.h    |  3 ---
- src/libvirt_private.syms  |  1 -
- src/qemu/qemu_driver.c    | 28 --------------------
- src/qemu/qemu_extdevice.c |  2 +-
- src/qemu/qemu_extdevice.h |  3 ---
- 6 files changed, 1 insertion(+), 92 deletions(-)
-
-diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
-index 441eb1a5a2..ac0561ddc5 100644
---- a/src/conf/domain_conf.c
-+++ b/src/conf/domain_conf.c
-@@ -31436,59 +31436,3 @@ virDomainGraphicsNeedsAutoRenderNode(const virDomainGraphicsDef *graphics)
- 
-     return true;
- }
--
--
--static int
--virDomainCheckTPMChanges(virDomainDefPtr def,
--                         virDomainDefPtr newDef)
--{
--    bool oldEnc, newEnc;
--
--    if (!def->tpm)
--        return 0;
--
--    switch (def->tpm->type) {
--    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
--        if (virFileExists(def->tpm->data.emulator.storagepath)) {
--            /* VM has been started */
--            /* Once a VM was started with an encrypted state we allow
--             * less configuration changes.
--             */
--            oldEnc = def->tpm->data.emulator.hassecretuuid;
--            if (oldEnc && def->tpm->type != newDef->tpm->type) {
--                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
--                               _("Changing the type of TPM is not allowed"));
--                return -1;
--            }
--            if (oldEnc && !newDef->tpm) {
--                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
--                               _("Removing an encrypted TPM is not allowed"));
--                return -1;
--            }
--            newEnc = newDef->tpm->data.emulator.hassecretuuid;
--            if (oldEnc != newEnc) {
--                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
--                   _("TPM state encryption cannot be changed "
--                     "once VM was started"));
--                return -1;
--            }
--        }
--        break;
--    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
--    case VIR_DOMAIN_TPM_TYPE_LAST:
--        break;
--    }
--
--    return 0;
--}
--
--
--int
--virDomainCheckDeviceChanges(virDomainDefPtr def,
--                            virDomainDefPtr newDef)
--{
--    if (!def || !newDef)
--        return 0;
--
--    return virDomainCheckTPMChanges(def, newDef);
--}
-diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
-index 8a4425df64..d5190a20db 100644
---- a/src/conf/domain_conf.h
-+++ b/src/conf/domain_conf.h
-@@ -3638,6 +3638,3 @@ virDomainGraphicsGetRenderNode(const virDomainGraphicsDef *graphics);
- 
- bool
- virDomainGraphicsNeedsAutoRenderNode(const virDomainGraphicsDef *graphics);
--
--int
--virDomainCheckDeviceChanges(virDomainDefPtr def, virDomainDefPtr newDef);
-diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
-index 9fd778272f..bbc5144aa2 100644
---- a/src/libvirt_private.syms
-+++ b/src/libvirt_private.syms
-@@ -216,7 +216,6 @@ virDomainBootTypeFromString;
- virDomainBootTypeToString;
- virDomainCapabilitiesPolicyTypeToString;
- virDomainCapsFeatureTypeToString;
--virDomainCheckDeviceChanges;
- virDomainChrConsoleTargetTypeFromString;
- virDomainChrConsoleTargetTypeToString;
- virDomainChrDefForeach;
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 4ca3eb7bde..1ba6def419 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -53,7 +53,6 @@
- #include "qemu_migration_params.h"
- #include "qemu_blockjob.h"
- #include "qemu_security.h"
--#include "qemu_extdevice.h"
- 
- #include "virerror.h"
- #include "virlog.h"
-@@ -7760,30 +7759,6 @@ qemuDomainCreate(virDomainPtr dom)
-     return qemuDomainCreateWithFlags(dom, 0);
- }
- 
--static int
--qemuDomainCheckDeviceChanges(virQEMUDriverPtr driver,
--                             virDomainDefPtr def)
--{
--    virDomainObjPtr vm;
--    int ret;
--
--    vm = virDomainObjListFindByUUID(driver->domains, def->uuid);
--    if (!vm)
--        return 0;
--
--    if (qemuExtDevicesInitPaths(driver, vm->def) < 0) {
--        ret = -1;
--        goto cleanup;
--    }
--
--    ret = virDomainCheckDeviceChanges(vm->def, def);
--
-- cleanup:
--    virDomainObjEndAPI(&vm);
--
--    return ret;
--}
--
- static virDomainPtr
- qemuDomainDefineXMLFlags(virConnectPtr conn,
-                          const char *xml,
-@@ -7820,9 +7795,6 @@ qemuDomainDefineXMLFlags(virConnectPtr conn,
-     if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
-         goto cleanup;
- 
--    if (qemuDomainCheckDeviceChanges(driver, def) < 0)
--        goto cleanup;
--
-     if (!(vm = virDomainObjListAdd(driver->domains, def,
-                                    driver->xmlopt,
-                                    0, &oldDef)))
-diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
-index af52466421..dc032aa60c 100644
---- a/src/qemu/qemu_extdevice.c
-+++ b/src/qemu/qemu_extdevice.c
-@@ -79,7 +79,7 @@ qemuExtDeviceLogCommand(qemuDomainLogContextPtr logCtxt,
-  * stored and we can remove directories and files in case of domain XML
-  * changes.
-  */
--int
-+static int
- qemuExtDevicesInitPaths(virQEMUDriverPtr driver,
-                         virDomainDefPtr def)
- {
-diff --git a/src/qemu/qemu_extdevice.h b/src/qemu/qemu_extdevice.h
-index 5a53c79f38..039b3e60dd 100644
---- a/src/qemu/qemu_extdevice.h
-+++ b/src/qemu/qemu_extdevice.h
-@@ -54,6 +54,3 @@ bool qemuExtDevicesHasDevice(virDomainDefPtr def);
- int qemuExtDevicesSetupCgroup(virQEMUDriverPtr driver,
-                               virDomainDefPtr def,
-                               virCgroupPtr cgroup);
--
--int qemuExtDevicesInitPaths(virQEMUDriverPtr driver,
--                            virDomainDefPtr def);

0102-network-fix-crash-during-cleanup-from-failure-to-all.patch

@@ -1,59 +0,0 @@
-From: Laine Stump <laine@redhat.com>
-Date: Thu, 15 Aug 2019 21:52:28 -0400
-Subject: [PATCH] network: fix crash during cleanup from failure to allocate
- port
-
-During networkPortCreateXML, if networkAllocatePort() failed,
-networkReleasePort() would be called, which would (in the case of
-network pools of macvtap passthrough devices) attempt to find the
-allocated device by comparing port->plug.direct.linkdev to each device
-in the pool. Since port->plug.direct.linkdev was still NULL, the
-attempted strcmp would result in a SEGV.
-
-Calling networkReleasePort() during error cleanup is something that
-should only be done if networkAllocatePort() has already succeeded. It
-turns out there is one other possible error exit from
-networkPortCreateXML() that happens after networkAllocatePort() has
-succeeded, so the code to call networkReleasePort() was just moved
-down to there.
-
-Resolves: https://bugzilla.redhat.com/1741390
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit dac697e8d7d6d9a607e61caeeec06b259edf513f)
----
- src/network/bridge_driver.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index 41fa89a4af..bc0f781c56 100644
---- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -5592,20 +5592,20 @@ networkPortCreateXML(virNetworkPtr net,
-         rc = networkNotifyPort(obj, portdef);
-     else
-         rc = networkAllocatePort(obj, portdef);
--    if (rc < 0) {
-+    if (rc < 0)
-+        goto cleanup;
-+
-+    if (virNetworkObjAddPort(obj, portdef, driver->stateDir) < 0) {
-         virErrorPtr saved;
-+
-         saved = virSaveLastError();
-         ignore_value(networkReleasePort(obj, portdef));
-+        virNetworkPortDefFree(portdef);
-         virSetError(saved);
-         virFreeError(saved);
-         goto cleanup;
-     }
- 
--    if (virNetworkObjAddPort(obj, portdef, driver->stateDir) < 0) {
--        virNetworkPortDefFree(portdef);
--        goto cleanup;
--    }
--
-     ret = virGetNetworkPort(net, portdef->uuid);
-  cleanup:
-     virNetworkObjEndAPI(&obj);

0103-network-replace-virSaveLastError-with-virErrorPreser.patch

@@ -1,57 +0,0 @@
-From: Laine Stump <laine@redhat.com>
-Date: Thu, 15 Aug 2019 22:28:27 -0400
-Subject: [PATCH] network: replace virSaveLastError() with
- virErrorPreserveLast()
-
-virErrorPreserveLast()/virErrorRestore() (added in commit 8333e7455
-back in 2017), do a better better job of saving and restoring the last
-libvirt error than virSaveLastError()/virErrorRestore() (they're
-simpler, and they also save/restore the system errno).
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 39de732aa728ae9b8a9414ad08b8d0ee7ed02732)
----
- src/network/bridge_driver.c | 17 ++++++++---------
- 1 file changed, 8 insertions(+), 9 deletions(-)
-
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index bc0f781c56..c7e5151d09 100644
---- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -2987,13 +2987,12 @@ networkStartNetwork(virNetworkDriverStatePtr driver,
- 
-  cleanup:
-     if (ret < 0) {
-+        virErrorPtr save_err;
-+
-+        virErrorPreserveLast(&save_err);
-         virNetworkObjUnsetDefTransient(obj);
--        virErrorPtr save_err = virSaveLastError();
--        int save_errno = errno;
-         networkShutdownNetwork(driver, obj);
--        virSetError(save_err);
--        virFreeError(save_err);
--        errno = save_errno;
-+        virErrorRestore(&save_err);
-     }
-     return ret;
- }
-@@ -5596,13 +5595,13 @@ networkPortCreateXML(virNetworkPtr net,
-         goto cleanup;
- 
-     if (virNetworkObjAddPort(obj, portdef, driver->stateDir) < 0) {
--        virErrorPtr saved;
-+        virErrorPtr save_err;
- 
--        saved = virSaveLastError();
-+        virErrorPreserveLast(&save_err);
-         ignore_value(networkReleasePort(obj, portdef));
-         virNetworkPortDefFree(portdef);
--        virSetError(saved);
--        virFreeError(saved);
-+        virErrorRestore(&save_err);
-+
-         goto cleanup;
-     }
- 

0104-access-fix-incorrect-addition-to-virAccessPermNetwor.patch

@@ -1,53 +0,0 @@
-From: Laine Stump <laine@redhat.com>
-Date: Thu, 15 Aug 2019 16:34:21 -0400
-Subject: [PATCH] access: fix incorrect addition to virAccessPermNetwork
-
-Commit e69444e17 (first appeared in libvirt-5.5.0) added the new value
-"VIR_ACCESS_PERM_NETWORK_SEARCH_PORTS" to the virAccessPerNetwork
-enum, and also the string "search_ports" to the VIR_ENUM_IMPL() macro
-for that enum. Unfortunately, the enum value was added in the middle
-of the list, while the string was added to the end of the
-VIR_ENUM_IMPL().
-
-This patch corrects that error by moving the new value to the end of
-the enum definition, so that the order matches that of the string
-list.
-
-Resolves: https://bugzilla.redhat.com/1741428
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 8d6eaf5e099dab8400aa76bcc9a0ac74ff6f46e1)
----
- src/access/viraccessperm.h | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
-index a42512d5e0..7480ee8c2f 100644
---- a/src/access/viraccessperm.h
-+++ b/src/access/viraccessperm.h
-@@ -410,18 +410,18 @@ typedef enum {
-      */
-     VIR_ACCESS_PERM_NETWORK_START,
- 
--    /**
--     * @desc: List network ports
--     * @message: Listing network ports requires authorization
--     */
--    VIR_ACCESS_PERM_NETWORK_SEARCH_PORTS,
--
-     /**
-      * @desc: Stop network
-      * @message: Stopping network requires authorization
-      */
-     VIR_ACCESS_PERM_NETWORK_STOP,
- 
-+    /**
-+     * @desc: List network ports
-+     * @message: Listing network ports requires authorization
-+     */
-+    VIR_ACCESS_PERM_NETWORK_SEARCH_PORTS,
-+
-     VIR_ACCESS_PERM_NETWORK_LAST
- } virAccessPermNetwork;
- 

0105-network-fix-ability-to-use-openvswitch-with-vlans.patch

@@ -1,36 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Thu, 8 Aug 2019 13:42:24 +0100
-Subject: [PATCH] network: fix ability to use openvswitch with vlans
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Use the correct enum constant when validating vlan usage.
-This fixes a merge error in
-
-  commit 6cb0ec48bd95c95489a987e05a88e8bcf1f9109c
-  Author: Daniel P. Berrangé <berrange@redhat.com>
-  Date:   Mon Sep 3 17:34:22 2018 +0100
-
-    network: convert networkAllocateActualDevice to virNetworkPortDef
-
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 93c1d5fe7bb7a62ef884eb41b505b2809d1704b6)
----
- src/network/bridge_driver.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index c7e5151d09..acaeb5c9a2 100644
---- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -4813,7 +4813,7 @@ networkAllocatePort(virNetworkObjPtr obj,
-         if (!(port->plugtype == VIR_NETWORK_PORT_PLUG_TYPE_HOSTDEV_PCI ||
-               (port->plugtype == VIR_NETWORK_PORT_PLUG_TYPE_DIRECT &&
-                port->plug.direct.mode == VIR_NETDEV_MACVLAN_MODE_PASSTHRU) ||
--              (port->plugtype == VIR_DOMAIN_NET_TYPE_BRIDGE &&
-+              (port->plugtype == VIR_NETWORK_PORT_PLUG_TYPE_BRIDGE &&
-                port->virtPortProfile &&
-                port->virtPortProfile->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH))) {
-             virReportError(VIR_ERR_CONFIG_UNSUPPORTED,

0106-util-allow-tap-based-guest-interfaces-to-have-MAC-ad.patch

@@ -1,127 +0,0 @@
-From: Laine Stump <laine@redhat.com>
-Date: Sun, 11 Aug 2019 16:21:42 -0400
-Subject: [PATCH] util: allow tap-based guest interfaces to have MAC address
- prefix 0xFE
-
-Back in July 2010, commit 6ea90b84 (meant to resolve
-https://bugzilla.redhat.com/571991 ) added code to set the MAC address
-of any tap device to the associated guest interface's MAC, but with
-the first byte replaced with 0xFE. This was done in order to assure
-that
-
-1) the tap MAC and guest interface MAC were different (otherwise L2
-   forwarding through the tap would not work, and the kernel would
-   repeatedly issue a warning stating as much).
-
-2) any bridge device that had one of these taps attached would *not*
-   take on the MAC of the tap (leading to network instability as
-   guests started and stopped)
-
-A couple years later, https://bugzilla.redhat.com/798467 was filed,
-complaining that a user could configure a tap-based guest interface to
-have a MAC address that itself had a first byte of 0xFE, silently
-(other than the kernel warning messages) resulting in a non-working
-configuration. This was fixed by commit 5d571045, which logged an
-error and failed the guest start / interface attach if the MAC's first
-byte was 0xFE.
-
-Although this restriction only reduces the potential pool of MAC
-addresses from 2^46 (last two bits of byte 1 must be set to 10) by
-2^32 (still 4 orders of magnitude larger than the entire IPv4 address
-space), it also means that management software that autogenerates MAC
-addresses must have special code to avoid an 0xFE prefix. Now after 7
-years, someone has noticed this restriction and requested that we
-remove it.
-
-So instead of failing when 0xFE is found as the first byte, this patch
-removes the restriction by just replacing the first byte in the tap
-device MAC with 0xFA if the first byte in the guest interface is
-0xFE. 0xFA is the next-highest value that still has 10 as the lowest
-two bits, and still
-
-2) meets the requirement of "tap MAC must be different from guest
-   interface MAC", and
-
-3) is high enough that there should never be an issue of the attached
-   bridge device taking on the MAC of the tap.
-
-The result is that *any* MAC can be chosen by management software
-(although it would still not work correctly if a multicast MAC (lowest
-bit of first byte set to 1) was chosen), but that's a different
-issue).
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com
-(cherry picked from commit a60ee914009aa7f1a27fc0563337ded08b09247f)
----
- src/qemu/qemu_interface.c | 11 ++++++++++-
- src/util/virnetdevtap.c   | 26 ++++++++++++--------------
- 2 files changed, 22 insertions(+), 15 deletions(-)
-
-diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c
-index c8effa68f4..72ed51cb1f 100644
---- a/src/qemu/qemu_interface.c
-+++ b/src/qemu/qemu_interface.c
-@@ -444,8 +444,17 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def,
-     }
- 
-     virDomainAuditNetDevice(def, net, tunpath, true);
-+
-+    /* The tap device's MAC address cannot match the MAC address
-+     * used by the guest. This results in "received packet on
-+     * vnetX with own address as source address" error logs from
-+     * the kernel.
-+     */
-     virMacAddrSet(&tapmac, &net->mac);
--    tapmac.addr[0] = 0xFE;
-+    if (tapmac.addr[0] == 0xFE)
-+        tapmac.addr[0] = 0xFA;
-+    else
-+        tapmac.addr[0] = 0xFE;
- 
-     if (virNetDevSetMAC(net->ifname, &tapmac) < 0)
-         goto cleanup;
-diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c
-index b65c26bee1..4548b51b5b 100644
---- a/src/util/virnetdevtap.c
-+++ b/src/util/virnetdevtap.c
-@@ -668,7 +668,6 @@ int virNetDevTapCreateInBridgePort(const char *brname,
-                                    unsigned int flags)
- {
-     virMacAddr tapmac;
--    char macaddrstr[VIR_MAC_STRING_BUFLEN];
-     size_t i;
- 
-     if (virNetDevTapCreate(ifname, tunpath, tapfd, tapfdSize, flags) < 0)
-@@ -682,19 +681,18 @@ int virNetDevTapCreateInBridgePort(const char *brname,
-      */
-     virMacAddrSet(&tapmac, macaddr);
-     if (!(flags & VIR_NETDEV_TAP_CREATE_USE_MAC_FOR_BRIDGE)) {
--        if (macaddr->addr[0] == 0xFE) {
--            /* For normal use, the tap device's MAC address cannot
--             * match the MAC address used by the guest. This results
--             * in "received packet on vnetX with own address as source
--             * address" error logs from the kernel.
--             */
--            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
--                           _("Unable to use MAC address starting with "
--                             "reserved value 0xFE - '%s' - "),
--                           virMacAddrFormat(macaddr, macaddrstr));
--            goto error;
--        }
--        tapmac.addr[0] = 0xFE; /* Discourage bridge from using TAP dev MAC */
-+        /* The tap device's MAC address cannot match the MAC address
-+         * used by the guest. This results in "received packet on
-+         * vnetX with own address as source address" error logs from
-+         * the kernel. Making the tap address as high as possible
-+         * discourages the bridge from using this tap's MAC as its own
-+         * (a Linux host bridge will take on the lowest numbered MAC
-+         * of all devices attached to it).
-+         */
-+        if (tapmac.addr[0] == 0xFE)
-+            tapmac.addr[0] = 0xFA;
-+        else
-+            tapmac.addr[0] = 0xFE;
-     }
- 
-     if (virNetDevSetMAC(*ifname, &tapmac) < 0)

0107-remote-use-Wants-instead-of-Requires-for-libvirtd-so.patch

@@ -1,39 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Thu, 22 Aug 2019 14:48:46 +0100
-Subject: [PATCH] remote: use Wants instead of Requires for libvirtd sockets
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-To facilitate upgrades from earlier versions of libvirt which did not
-use socket activation for libvirtd, we want to allow the libvirtd socket
-units to be disabled (masked). This can only be supported if we use the
-weaker Wants statement instead of Requires.
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit ec7e31ed32065837e201cd3d8a3fb882e43b7fdb)
----
- src/remote/libvirtd.service.in | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
-index 3ddf0e229b..914bcbd5c4 100644
---- a/src/remote/libvirtd.service.in
-+++ b/src/remote/libvirtd.service.in
-@@ -2,9 +2,12 @@
- Description=Virtualization daemon
- Requires=virtlogd.socket
- Requires=virtlockd.socket
--Requires=libvirtd.socket
--Requires=libvirtd-ro.socket
--Requires=libvirtd-admin.socket
-+# Use Wants instead of Requires so that users
-+# can disable these three .socket units to revert
-+# to a traditional non-activation deployment setup
-+Wants=libvirtd.socket
-+Wants=libvirtd-ro.socket
-+Wants=libvirtd-admin.socket
- Wants=systemd-machined.service
- Before=libvirt-guests.service
- After=network.target

0108-remote-move-timeout-arg-into-sysconf-file.patch

@@ -1,67 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Thu, 29 Aug 2019 12:04:42 +0100
-Subject: [PATCH] remote: move timeout arg into sysconf file
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We need to give users the ability to customize the length of the
-shutdown timeout, or even disable timeouts entirely. Thus we must move
-the timeout arg into the sysconf file, instead of the service unit.
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 581767a98ab5f674ac335d6c270efa8576bfdfbf)
-
- Conflicts:
-	src/remote/libvirtd.service.in - due to not having
-	5b816e16968ba02def56f067774ecd9a8c8d44d7 in rhel8
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741403
-Message-Id: <20190829110444.12163-3-berrange@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- src/remote/libvirtd.service.in |  6 +-----
- src/remote/libvirtd.sysconf    | 12 +++++++++---
- 2 files changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
-index 914bcbd5c4..d5d98f0c12 100644
---- a/src/remote/libvirtd.service.in
-+++ b/src/remote/libvirtd.service.in
-@@ -24,11 +24,7 @@ Documentation=https://libvirt.org
- [Service]
- Type=notify
- EnvironmentFile=-/etc/sysconfig/libvirtd
--# libvirtd.service is set to run on boot so that autostart of
--# VMs can be performed. We don't want it to stick around if
--# unused though, so we set a timeout. The socket activation
--# then ensures it gets started again if anything needs it
--ExecStart=@sbindir@/libvirtd --timeout 120 $LIBVIRTD_ARGS
-+ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
- ExecReload=/bin/kill -HUP $MAINPID
- KillMode=process
- Restart=on-failure
-diff --git a/src/remote/libvirtd.sysconf b/src/remote/libvirtd.sysconf
-index 5969518bf2..ee9db22bab 100644
---- a/src/remote/libvirtd.sysconf
-+++ b/src/remote/libvirtd.sysconf
-@@ -1,8 +1,14 @@
- # Customizations for the libvirtd.service systemd unit
- 
--# Listen for TCP/IP connections. This is not required if using systemd
--# socket activation.
--# NB. must setup TLS/SSL keys prior to using this
-+# Default behaviour is for libvirtd.service to start on boot
-+# so that VM autostart can be performed. We then want it to
-+# shutdown again if nothing was started and rely on systemd
-+# socket activation to start it again when some client app
-+# connects.
-+LIBVIRTD_ARGS="--timeout 120"
-+
-+# If systemd socket activation is disabled, then the following
-+# can be used to listen on TCP/TLS sockets
- #LIBVIRTD_ARGS="--listen"
- 
- # Override Kerberos service keytab for SASL/GSSAPI

0109-remote-forbid-the-listen-arg-when-systemd-socket-act.patch

@@ -1,99 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Thu, 29 Aug 2019 12:04:43 +0100
-Subject: [PATCH] remote: forbid the --listen arg when systemd socket
- activation
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When using systemd socket activation the --listen arg has no
-effect. This is confusing to users upgrading from previous versions of
-libvirt as their config is silently ignored. Turn use of --listen into a
-fatal error when sockets are passed from systemd.
-
-This helps the admin discover the change in behaviour and thus decide
-whether to stick with socket activation or revert to previous behaviour.
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 3a6a725b8f575890ee6c151ad1f46ea0ceea1f3b)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741403
-Message-Id: <20190829110444.12163-4-berrange@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- src/remote/libvirtd.pod    | 33 ++++++++++++++++++++++++++++++++-
- src/remote/remote_daemon.c |  8 ++++++++
- 2 files changed, 40 insertions(+), 1 deletion(-)
-
-diff --git a/src/remote/libvirtd.pod b/src/remote/libvirtd.pod
-index 4721e0f4ec..fa30d6a37a 100644
---- a/src/remote/libvirtd.pod
-+++ b/src/remote/libvirtd.pod
-@@ -30,6 +30,35 @@ and will be picked up automatically if their XML configuration has been
- defined.  Any guests whose XML configuration has not been defined will be lost
- from the configuration.
- 
-+=head1 SYSTEM SOCKET ACTIVATION
-+
-+The B<libvirtd> daemon is capable of starting in two modes.
-+
-+In the traditional mode, it will create and listen on UNIX sockets itself.
-+If the B<--listen> parameter is given, it will also listen on TCP/IP socket(s),
-+according to the B<listen_tcp> and B<listen_tls> options in
-+B</etc/libvirt/libvirtd.conf>
-+
-+In socket activation mode, it will rely on systemd to create and listen
-+on the UNIX, and optionally TCP/IP, sockets and pass them as pre-opened
-+file descriptors. In this mode, it is not permitted to pass the B<--listen>
-+parameter, and most of the socket related config options in
-+B</etc/libvirt/libvirtd.conf> will no longer have any effect. To enable
-+TCP or TLS sockets use either
-+
-+B<$ systemctl start libvirtd-tls.socket>
-+
-+Or
-+
-+B<$ systemctl start libvirtd-tcp.socket>
-+
-+Socket activation mode is generally the default when running on a host
-+OS that uses systemd. To revert to the traditional mode, all the socket
-+unit files must be masked:
-+
-+B<$ systemctl mask libvirtd.socket libvirtd-ro.socket \
-+      libvirtd-admin.socket libvirtd-tls.socket libvirtd-tcp.socket>
-+
- =head1 OPTIONS
- 
- =over
-@@ -48,7 +77,9 @@ Use this configuration file, overriding the default value.
- 
- =item B<-l, --listen>
- 
--Listen for TCP/IP connections.
-+Listen for TCP/IP connections. This should not be set if using systemd
-+socket activation. Instead activate the libvirtd-tls.socket or
-+libvirtd-tcp.socket unit files.
- 
- =item B<-p, --pid-file> I<FILE>
- 
-diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
-index d887b7abfb..b7ee1cf49b 100644
---- a/src/remote/remote_daemon.c
-+++ b/src/remote/remote_daemon.c
-@@ -391,6 +391,14 @@ daemonSetupNetworking(virNetServerPtr srv,
-     if (virSystemdGetActivation(actmap, ARRAY_CARDINALITY(actmap), &act) < 0)
-         return -1;
- 
-+#ifdef WITH_IP
-+    if (act && ipsock) {
-+        VIR_ERROR(_("--listen parameter not permitted with systemd activation "
-+                    "sockets, see 'man libvirtd' for further guidance"));
-+        return -1;
-+    }
-+#endif /* ! WITH_IP */
-+
-     if (config->unix_sock_group) {
-         if (virGetGroupID(config->unix_sock_group, &unix_sock_gid) < 0)
-             return ret;

0110-rpm-don-t-enable-socket-activation-in-upgrade-if-lis.patch

@@ -1,86 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Thu, 29 Aug 2019 12:04:44 +0100
-Subject: [PATCH] rpm: don't enable socket activation in upgrade if --listen
- present
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Currently during RPM upgrade we restart libvirtd and unconditionally
-enable use of systemd socket activation for the UNIX sockets.
-
-If the user had previously given the --listen arg to libvirtd though,
-this will no longer be honoured if socket activation is used.
-
-We could start libvirtd-tcp.socket or libvirtd-tls.socket for this,
-but mgmt tools like puppet/ansible might not be expecting this.
-So for now we silently disable socket activation if we see --listen
-was previously set on the host.
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 66d04312d03c24c62bcf3b1dc2706f8775d4e2d3)
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1741403
-Message-Id: <20190829110444.12163-5-berrange@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- libvirt.spec.in | 44 +++++++++++++++++++++++++++++++-------------
- 1 file changed, 31 insertions(+), 13 deletions(-)
-
-diff --git a/libvirt.spec.in b/libvirt.spec.in
-index 045c0fed1a..58f7cae092 100644
---- a/libvirt.spec.in
-+++ b/libvirt.spec.in
-@@ -1378,19 +1378,37 @@ fi
- 
- %posttrans daemon
- if [ -f %{_localstatedir}/lib/rpm-state/libvirt/restart ]; then
--    # Old libvirtd owns the sockets and will delete them on
--    # shutdown. Can't use a try-restart as libvirtd will simply
--    # own the sockets again when it comes back up. Thus we must
--    # do this particular ordering
--    /bin/systemctl is-active libvirtd.service 1>/dev/null 2>&1
--    if test $? = 0 ; then
--        /bin/systemctl stop libvirtd.service >/dev/null 2>&1 || :
--
--        /bin/systemctl try-restart libvirtd.socket >/dev/null 2>&1 || :
--        /bin/systemctl try-restart libvirtd-ro.socket >/dev/null 2>&1 || :
--        /bin/systemctl try-restart libvirtd-admin.socket >/dev/null 2>&1 || :
--
--        /bin/systemctl start libvirtd.service >/dev/null 2>&1 || :
-+    # See if user has previously modified their install to
-+    # tell libvirtd to use --listen
-+    grep -E '^LIBVIRTD_ARGS=.*--listen' /etc/sysconfig/libvirtd 1>/dev/null 2>&1
-+    if test $? = 0
-+    then
-+        # Then lets keep honouring --listen and *not* use
-+        # systemd socket activation, because switching things
-+        # might confuse mgmt tool like puppet/ansible that
-+        # expect the old style libvirtd
-+        /bin/systemctl mask libvirtd.socket >/dev/null 2>&1 || :
-+        /bin/systemctl mask libvirtd-ro.socket >/dev/null 2>&1 || :
-+        /bin/systemctl mask libvirtd-admin.socket >/dev/null 2>&1 || :
-+        /bin/systemctl mask libvirtd-tls.socket >/dev/null 2>&1 || :
-+        /bin/systemctl mask libvirtd-tcp.socket >/dev/null 2>&1 || :
-+    else
-+        # Old libvirtd owns the sockets and will delete them on
-+        # shutdown. Can't use a try-restart as libvirtd will simply
-+        # own the sockets again when it comes back up. Thus we must
-+        # do this particular ordering, so that we get libvirtd
-+        # running with socket activation in use
-+        /bin/systemctl is-active libvirtd.service 1>/dev/null 2>&1
-+        if test $? = 0
-+        then
-+            /bin/systemctl stop libvirtd.service >/dev/null 2>&1 || :
-+
-+            /bin/systemctl try-restart libvirtd.socket >/dev/null 2>&1 || :
-+            /bin/systemctl try-restart libvirtd-ro.socket >/dev/null 2>&1 || :
-+            /bin/systemctl try-restart libvirtd-admin.socket >/dev/null 2>&1 || :
-+
-+            /bin/systemctl start libvirtd.service >/dev/null 2>&1 || :
-+        fi
-     fi
- fi
- rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :

0111-remote-fix-registration-of-TLS-socket.patch

@@ -1,27 +0,0 @@
-From: Michael Chapman <mike@very.puzzling.org>
-Date: Tue, 17 Sep 2019 17:03:57 +1000
-Subject: [PATCH] remote: fix registration of TLS socket
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Michael Chapman <mike@very.puzzling.org>
-(cherry picked from commit 522b3d2b24d0f7ac78dad442c990d4e34db0eaf2)
----
- src/remote/remote_daemon.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
-index b7ee1cf49b..6b5a6c1523 100644
---- a/src/remote/remote_daemon.c
-+++ b/src/remote/remote_daemon.c
-@@ -473,7 +473,7 @@ daemonSetupNetworking(virNetServerPtr srv,
-                                   config->max_client_requests) < 0)
-         goto cleanup;
- 
--    if (((ipsock && config->listen_tls) || (act && virSystemdActivationHasName(act, "ip-tls")))) {
-+    if (((ipsock && config->listen_tls) || (act && virSystemdActivationHasName(act, "libvirtd-tls.socket")))) {
-         virNetTLSContextPtr ctxt = NULL;
- 
-         if (config->ca_file ||

0112-vircgroupv2-fix-setting-cpu.max-period.patch

@@ -1,34 +0,0 @@
-From: Pavel Hrdina <phrdina@redhat.com>
-Date: Thu, 5 Sep 2019 11:22:11 +0200
-Subject: [PATCH] vircgroupv2: fix setting cpu.max period
-
-When we set cpu.max period we need to parse the cpu.max file first as
-it contains both quota and period values separated by space.  When only
-a single number is written to that file it will set quota.  However,
-in order to change period we need to write both values.
-
-The code was prepared for that but mistakenly used new line to end the
-string with the first value.
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1749227
-
-Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
-Reviewed-by: Erik Skultety <eskultet@redhat.com>
-(cherry picked from commit 0bd4ad193d8ba7f0104f4739f19f2731e7cf9f56)
----
- src/util/vircgroupv2.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
-index e36c36685b..d8abe18943 100644
---- a/src/util/vircgroupv2.c
-+++ b/src/util/vircgroupv2.c
-@@ -1507,7 +1507,7 @@ virCgroupV2SetCpuCfsPeriod(virCgroupPtr group,
-                        _("Invalid 'cpu.max' data."));
-         return -1;
-     }
--    *tmp = '\n';
-+    *tmp = '\0';
- 
-     if (virAsprintf(&value, "%s %llu", str, cfs_period) < 0)
-         return -1;

0113-vircgroupv2-Fix-VM-startup-when-legacy-cgroups-are-d.patch

@@ -1,55 +0,0 @@
-From: Cole Robinson <crobinso@redhat.com>
-Date: Thu, 26 Sep 2019 15:00:55 -0400
-Subject: [PATCH] vircgroupv2: Fix VM startup when legacy cgroups are defined
-
-On Fedora 31, starting a 'mock' build alters /proc/$pid/cgroup,
-probably due to usage of systemd-nspawn.
-
-Before:
-$ cat /proc/self/cgroup
-0::/user.slice/user-1000.slice/...
-
-After:
-$ cat /proc/self/cgroup
-1:name=systemd:/
-0::/user.slice/user-1000.slice/...
-
-The cgroupv2 code mishandles that first line in the second case, which
-causes VM startup to fail with: Unable to read from
-'/sys/fs/cgroup/machine/cgroup.controllers': No such file or directory
-
-The kernel docs[1] say that the cgroupv2 path will always start with
-'0::', which in the code here controllers="". Only set the v2 placement
-path when we see that cgroup file entry.
-
-[1] https://www.kernel.org/doc/html/v5.3/admin-guide/cgroup-v2.html#processes
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1751120
-
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- src/util/vircgroupv2.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
-index d8abe18943..acd48d1259 100644
---- a/src/util/vircgroupv2.c
-+++ b/src/util/vircgroupv2.c
-@@ -194,12 +194,16 @@ virCgroupV2DetectMounts(virCgroupPtr group,
- static int
- virCgroupV2DetectPlacement(virCgroupPtr group,
-                            const char *path,
--                           const char *controllers ATTRIBUTE_UNUSED,
-+                           const char *controllers,
-                            const char *selfpath)
- {
-     if (group->unified.placement)
-         return 0;
- 
-+    /* controllers="" indicates the cgroupv2 controller path */
-+    if (STRNEQ_NULLABLE(controllers, ""))
-+        return 0;
-+
-     /*
-      * selfpath == "/" + path="" -> "/"
-      * selfpath == "/libvirt.service" + path == "" -> "/libvirt.service"

0114-vircgroup-Add-some-VIR_DEBUG-statements.patch

@@ -1,72 +0,0 @@
-From: Cole Robinson <crobinso@redhat.com>
-Date: Thu, 26 Sep 2019 15:25:52 -0400
-Subject: [PATCH] vircgroup: Add some VIR_DEBUG statements
-
-These helped with debugging
-https://bugzilla.redhat.com/show_bug.cgi?id=1612383
-
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- src/util/vircgroup.c   | 3 ++-
- src/util/vircgroupv2.c | 9 +++++++++
- 2 files changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
-index 825f62a97b..4f9d80666d 100644
---- a/src/util/vircgroup.c
-+++ b/src/util/vircgroup.c
-@@ -1157,7 +1157,8 @@ virCgroupNewMachineSystemd(const char *name,
-     virCgroupFree(&init);
- 
-     if (!path || STREQ(path, "/") || path[0] != '/') {
--        VIR_DEBUG("Systemd didn't setup its controller");
-+        VIR_DEBUG("Systemd didn't setup its controller, path=%s",
-+                  NULLSTR(path));
-         return -2;
-     }
- 
-diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
-index acd48d1259..c536be0cd9 100644
---- a/src/util/vircgroupv2.c
-+++ b/src/util/vircgroupv2.c
-@@ -155,10 +155,14 @@ virCgroupV2CopyPlacement(virCgroupPtr group,
-                          const char *path,
-                          virCgroupPtr parent)
- {
-+    VIR_DEBUG("group=%p path=%s parent=%p", group, path, parent);
-+
-     if (path[0] == '/') {
-         if (VIR_STRDUP(group->unified.placement, path) < 0)
-             return -1;
-     } else {
-+        VIR_DEBUG("parent->unified.placement=%s", parent->unified.placement);
-+
-         /*
-          * parent == "/" + path="" => "/"
-          * parent == "/libvirt.service" + path == "" => "/libvirt.service"
-@@ -172,6 +176,7 @@ virCgroupV2CopyPlacement(virCgroupPtr group,
-             return -1;
-     }
- 
-+    VIR_DEBUG("set group->unified.placement=%s", group->unified.placement);
-     return 0;
- }
- 
-@@ -200,6 +205,9 @@ virCgroupV2DetectPlacement(virCgroupPtr group,
-     if (group->unified.placement)
-         return 0;
- 
-+    VIR_DEBUG("group=%p path=%s controllers=%s selfpath=%s",
-+              group, path, controllers, selfpath);
-+
-     /* controllers="" indicates the cgroupv2 controller path */
-     if (STRNEQ_NULLABLE(controllers, ""))
-         return 0;
-@@ -216,6 +224,7 @@ virCgroupV2DetectPlacement(virCgroupPtr group,
-                     path) < 0)
-         return -1;
- 
-+    VIR_DEBUG("set group->unified.placement=%s", group->unified.placement);
-     return 0;
- }
- 

0115-qemu_driver-Fix-comment-of-qemuStateCleanup.patch

@@ -1,30 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 4 Oct 2019 16:33:37 +0200
-Subject: [PATCH] qemu_driver: Fix comment of qemuStateCleanup()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The comment says that the function kills domains and networks.
-This is obviously not the case.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit e0b90162c94c45a9b0cf197e45b71f26036725d8)
----
- src/qemu/qemu_driver.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 1ba6def419..69416d6d1a 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -1190,7 +1190,7 @@ qemuStateStop(void)
- /**
-  * qemuStateCleanup:
-  *
-- * Shutdown the QEMU daemon, it will stop all active domains and networks
-+ * Release resources allocated by QEMU driver (no domain is shut off though)
-  */
- static int
- qemuStateCleanup(void)

0116-driver-Introduce-virDriverShouldAutostart.patch

@@ -1,123 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 4 Oct 2019 16:57:04 +0200
-Subject: [PATCH] driver: Introduce virDriverShouldAutostart()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some of objects we manage can be autostarted on libvirtd startup
-(e.g. domains, network, storage pools). The idea was that when
-the host is started up these objects are started too without need
-of user intervention. However, with the latest daemon split and
-switch to socket activated, short lived daemons (we put --timeout
-120 onto each daemon's command line) this doesn't do what we want
-it to. The problem is not new though, we already had the session
-daemon come and go and we circumvented this problem by
-documenting it (see v4.10.0-92-g61b4e8aaf1). But now that we meet
-the same problem at all fronts it's time to deal with it.
-
-The solution implemented in this commit is to have a file (one
-per each driver) that:
-
-  1) if doesn't exist, is created and autostart is allowed for
-     given driver,
-
-  2) if it does exist, then autostart is suppressed for given
-     driver.
-
-All the files live in a location that doesn't survive host
-reboots (/var/run/ for instance) and thus the file is
-automatically not there on fresh host boot.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit ee16a195d97315ba3610b3640d347d3f4a358b55)
----
- src/driver.c             | 39 +++++++++++++++++++++++++++++++++++++++
- src/driver.h             |  3 +++
- src/libvirt_private.syms |  1 +
- 3 files changed, 43 insertions(+)
-
-diff --git a/src/driver.c b/src/driver.c
-index 5e8f68f6df..471053686f 100644
---- a/src/driver.c
-+++ b/src/driver.c
-@@ -29,6 +29,7 @@
- #include "virfile.h"
- #include "virlog.h"
- #include "virmodule.h"
-+#include "virstring.h"
- #include "virthread.h"
- #include "configmake.h"
- 
-@@ -69,6 +70,44 @@ virDriverLoadModule(const char *name,
- 
- /* XXX unload modules, but we can't until we can unregister libvirt drivers */
- 
-+/**
-+ * virDriverShouldAutostart:
-+ * @dir: driver's run state directory (usually /var/run/libvirt/$driver)
-+ * @autostart: whether driver should initiate autostart
-+ *
-+ * Automatic starting of libvirt's objects (e.g. domains, networks, storage
-+ * pools, etc.) doesn't play nice with using '--timeout' on daemon's command
-+ * line because the objects are attempted to autostart on every start of
-+ * corresponding driver/daemon. To resolve this problem, a file is created in
-+ * driver's private directory (which doesn't survive host's reboot) and thus
-+ * autostart is attempted only once.
-+ */
-+int
-+virDriverShouldAutostart(const char *dir,
-+                         bool *autostart)
-+{
-+    VIR_AUTOFREE(char *) path = NULL;
-+
-+    *autostart = false;
-+
-+    if (virAsprintf(&path, "%s/autostarted", dir) < 0)
-+        return -1;
-+
-+    if (virFileExists(path)) {
-+        VIR_DEBUG("Autostart file %s exists, skipping autostart", path);
-+        return 0;
-+    }
-+
-+    VIR_DEBUG("Autostart file %s does not exist, do autostart", path);
-+    *autostart = true;
-+
-+    if (virFileTouch(path, 0600) < 0)
-+        return -1;
-+
-+    return 0;
-+}
-+
-+
- virThreadLocal connectInterface;
- virThreadLocal connectNetwork;
- virThreadLocal connectNWFilter;
-diff --git a/src/driver.h b/src/driver.h
-index 898fb96df4..c52284498e 100644
---- a/src/driver.h
-+++ b/src/driver.h
-@@ -112,6 +112,9 @@ int virDriverLoadModule(const char *name,
-                         const char *regfunc,
-                         bool required);
- 
-+int virDriverShouldAutostart(const char *name,
-+                             bool *autostart);
-+
- virConnectPtr virGetConnectInterface(void);
- virConnectPtr virGetConnectNetwork(void);
- virConnectPtr virGetConnectNWFilter(void);
-diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
-index bbc5144aa2..c1c3974133 100644
---- a/src/libvirt_private.syms
-+++ b/src/libvirt_private.syms
-@@ -1337,6 +1337,7 @@ virStreamClass;
- 
- 
- # driver.h
-+virDriverShouldAutostart;
- virGetConnectInterface;
- virGetConnectNetwork;
- virGetConnectNodeDev;

0117-lib-autostart-objects-exactly-once.patch

@@ -1,187 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Sat, 5 Oct 2019 09:15:24 +0200
-Subject: [PATCH] lib: autostart objects exactly once
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1755303
-
-With the recent work in daemon split and socket activation
-daemons can come and go. They can and will be started many times
-during a session which results in objects being autostarted
-multiple times. This is not optimal. Use
-virDriverShouldAutostart() to determine if autostart should be
-done or not.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit bab464f8ea54d177e163f32c7c3476220694665c)
----
- src/bhyve/bhyve_driver.c     |  8 +++++++-
- src/libxl/libxl_driver.c     | 10 ++++++++--
- src/lxc/lxc_driver.c         |  7 ++++++-
- src/network/bridge_driver.c  | 12 +++++++++---
- src/qemu/qemu_driver.c       |  7 ++++++-
- src/storage/storage_driver.c |  7 ++++++-
- 6 files changed, 42 insertions(+), 9 deletions(-)
-
-diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c
-index 5387ac5570..12788155a8 100644
---- a/src/bhyve/bhyve_driver.c
-+++ b/src/bhyve/bhyve_driver.c
-@@ -1218,6 +1218,8 @@ bhyveStateInitialize(bool privileged,
-                      virStateInhibitCallback callback ATTRIBUTE_UNUSED,
-                      void *opaque ATTRIBUTE_UNUSED)
- {
-+    bool autostart = true;
-+
-     if (!privileged) {
-         VIR_INFO("Not running privileged, disabling driver");
-         return 0;
-@@ -1301,7 +1303,11 @@ bhyveStateInitialize(bool privileged,
- 
-     virBhyveProcessReconnectAll(bhyve_driver);
- 
--    bhyveAutostartDomains(bhyve_driver);
-+    if (virDriverShouldAutostart(BHYVE_STATE_DIR, &autostart) < 0)
-+        goto cleanup;
-+
-+    if (autostart)
-+        bhyveAutostartDomains(bhyve_driver);
- 
-     return 0;
- 
-diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
-index 492028c487..c1c94767c3 100644
---- a/src/libxl/libxl_driver.c
-+++ b/src/libxl/libxl_driver.c
-@@ -655,6 +655,7 @@ libxlStateInitialize(bool privileged,
-     libxlDriverConfigPtr cfg;
-     char *driverConf = NULL;
-     char ebuf[1024];
-+    bool autostart = true;
- 
-     if (!libxlDriverShouldLoad(privileged))
-         return 0;
-@@ -800,8 +801,13 @@ libxlStateInitialize(bool privileged,
-                                        NULL, NULL) < 0)
-         goto error;
- 
--    virDomainObjListForEach(libxl_driver->domains, libxlAutostartDomain,
--                            libxl_driver);
-+    if (virDriverShouldAutostart(cfg->stateDir, &autostart) < 0)
-+        goto error;
-+
-+    if (autostart) {
-+        virDomainObjListForEach(libxl_driver->domains, libxlAutostartDomain,
-+                                libxl_driver);
-+    }
- 
-     virDomainObjListForEach(libxl_driver->domains, libxlDomainManagedSaveLoad,
-                             libxl_driver);
-diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
-index d0b6703101..24e6773f09 100644
---- a/src/lxc/lxc_driver.c
-+++ b/src/lxc/lxc_driver.c
-@@ -1541,6 +1541,7 @@ static int lxcStateInitialize(bool privileged,
- {
-     virCapsPtr caps = NULL;
-     virLXCDriverConfigPtr cfg = NULL;
-+    bool autostart = true;
- 
-     /* Check that the user is root, silently disable if not */
-     if (!privileged) {
-@@ -1630,7 +1631,11 @@ static int lxcStateInitialize(bool privileged,
-                                        NULL, NULL) < 0)
-         goto cleanup;
- 
--    virLXCProcessAutostartAll(lxc_driver);
-+    if (virDriverShouldAutostart(cfg->stateDir, &autostart) < 0)
-+        goto cleanup;
-+
-+    if (autostart)
-+        virLXCProcessAutostartAll(lxc_driver);
- 
-     virObjectUnref(caps);
-     return 0;
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index acaeb5c9a2..b830cdba42 100644
---- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -716,6 +716,7 @@ networkStateInitialize(bool privileged,
-     int ret = -1;
-     char *configdir = NULL;
-     char *rundir = NULL;
-+    bool autostart = true;
- #ifdef WITH_FIREWALLD
-     DBusConnection *sysbus = NULL;
- #endif
-@@ -816,9 +817,14 @@ networkStateInitialize(bool privileged,
-     networkReloadFirewallRules(network_driver, true);
-     networkRefreshDaemons(network_driver);
- 
--    virNetworkObjListForEach(network_driver->networks,
--                             networkAutostartConfig,
--                             network_driver);
-+    if (virDriverShouldAutostart(network_driver->stateDir, &autostart) < 0)
-+        goto error;
-+
-+    if (autostart) {
-+        virNetworkObjListForEach(network_driver->networks,
-+                                 networkAutostartConfig,
-+                                 network_driver);
-+    }
- 
-     network_driver->networkEventState = virObjectEventStateNew();
- 
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 69416d6d1a..5dd2616c7b 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -726,6 +726,7 @@ qemuStateInitialize(bool privileged,
-     gid_t run_gid = -1;
-     char *hugepagePath = NULL;
-     char *memoryBackingPath = NULL;
-+    bool autostart = true;
-     size_t i;
- 
-     if (VIR_ALLOC(qemu_driver) < 0)
-@@ -1071,7 +1072,11 @@ qemuStateInitialize(bool privileged,
- 
-     qemuProcessReconnectAll(qemu_driver);
- 
--    qemuAutostartDomains(qemu_driver);
-+    if (virDriverShouldAutostart(cfg->stateDir, &autostart) < 0)
-+        goto error;
-+
-+    if (autostart)
-+        qemuAutostartDomains(qemu_driver);
- 
-     return 0;
- 
-diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
-index 03ac6a6845..05192027d6 100644
---- a/src/storage/storage_driver.c
-+++ b/src/storage/storage_driver.c
-@@ -253,6 +253,7 @@ storageStateInitialize(bool privileged,
- {
-     VIR_AUTOFREE(char *) configdir = NULL;
-     VIR_AUTOFREE(char *) rundir = NULL;
-+    bool autostart = true;
- 
-     if (VIR_ALLOC(driver) < 0)
-         return -1;
-@@ -314,7 +315,11 @@ storageStateInitialize(bool privileged,
- 
-     storagePoolUpdateAllState();
- 
--    storageDriverAutostart();
-+    if (virDriverShouldAutostart(driver->stateDir, &autostart) < 0)
-+        goto error;
-+
-+    if (autostart)
-+        storageDriverAutostart();
- 
-     driver->storageEventState = virObjectEventStateNew();
- 

0118-Revert-src-Document-autostart-for-session-demon.patch

@@ -1,34 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Sat, 5 Oct 2019 09:22:15 +0200
-Subject: [PATCH] Revert "src: Document autostart for session demon"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This reverts commit 61b4e8aaf1bce07f282c152de556c3d6aa8d65be.
-
-After previous commits this is no longer needed.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 897d8b34c8577d6e663b7b9bdb17ea4f5f1b83b9)
----
- src/libvirt-domain.c | 5 -----
- 1 file changed, 5 deletions(-)
-
-diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
-index 2fe9bb8e91..d01fef358f 100644
---- a/src/libvirt-domain.c
-+++ b/src/libvirt-domain.c
-@@ -6693,11 +6693,6 @@ virDomainCreateWithFiles(virDomainPtr domain, unsigned int nfiles,
-  * configured to be automatically started when the host
-  * machine boots.
-  *
-- * Please note that this might result in unexpected behaviour if
-- * used for some session URIs. Since the session daemon is started
-- * with --timeout it comes and goes and as it does so it
-- * autostarts domains which might have been shut off recently.
-- *
-  * Returns -1 in case of error, 0 in case of success
-  */
- int

0119-util-allow-sending-mac-addr-to-virNetNewLink-without.patch

@@ -1,39 +0,0 @@
-From: Laine Stump <laine@laine.org>
-Date: Wed, 16 Oct 2019 14:06:54 -0400
-Subject: [PATCH] util: allow sending mac addr to virNetNewLink without ifindex
-
-Although until now, any use of the extra_args argument (a pointer to a
-struct containing extra attributes to add the the RTM_NEWLINK message)
-would always have the ifindex and mac set, so the code could assume it
-was safe to add both to the message if extra_args != NULL. There is
-now a use for setting a MAC address in the RTM_NEWLINK without setting
-the ifindex, so we should check each of these separately.
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit b596d6c106cd87d6d452c5dd4ad923a034544fbf)
----
- src/util/virnetlink.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/src/util/virnetlink.c b/src/util/virnetlink.c
-index 7b3c6bf05f..394495ee2b 100644
---- a/src/util/virnetlink.c
-+++ b/src/util/virnetlink.c
-@@ -548,9 +548,14 @@ virNetlinkNewLink(const char *ifname,
-     NETLINK_MSG_NEST_END(nl_msg, linkinfo);
- 
-     if (extra_args) {
--        NETLINK_MSG_PUT(nl_msg, IFLA_LINK,
-+        if (extra_args->ifindex) {
-+            NETLINK_MSG_PUT(nl_msg, IFLA_LINK,
-                         sizeof(uint32_t), extra_args->ifindex);
--        NETLINK_MSG_PUT(nl_msg, IFLA_ADDRESS, VIR_MAC_BUFLEN, extra_args->mac);
-+        }
-+        if (extra_args->mac) {
-+            NETLINK_MSG_PUT(nl_msg, IFLA_ADDRESS,
-+                            VIR_MAC_BUFLEN, extra_args->mac);
-+        }
-     }
- 
-     if (virNetlinkCommand(nl_msg, &resp, &buflen, 0, 0, NETLINK_ROUTE, 0) < 0)

0120-util-set-bridge-device-MAC-address-explicitly-during.patch

@@ -1,213 +0,0 @@
-From: Laine Stump <laine@laine.org>
-Date: Thu, 17 Oct 2019 21:12:30 -0400
-Subject: [PATCH] util: set bridge device MAC address explicitly during
- virNetDevBridgeCreate
-
-When libvirt first implemented a stable and configurable MAC address
-for the bridges created for libvirt virtual networks (commit
-5754dbd56d, in libvirt v0.8.8) most distro stable releases didn't
-support explicitly setting the MAC address of a bridge; the bridge
-just always assumed the lowest numbered MAC of all attached
-interfaces. Because of this, we stabilized the bridge MAC address by
-creating a "dummy" tap interface with a MAC address guaranteed to be
-lower than any of the guest tap devices' MACs (which all started with
-0xFE, so it's not difficult to do) and attached it to the bridge -
-this was the inception of the "virbr0-nic" device that has confused so
-many people over the years.
-
-Even though the linux kernel had recently gained support for
-explicitly setting a bridge MAC, we deemed it unnecessary to set the
-MAC that way, because the other (indirect) method worked everywhere.
-
-But recently there have been reports that the bridge MAC address was
-not following the setting in the network config, and mismatched the
-MAC of the dummy tap device (which was still correct). It turns out
-that this is due to a change in systemd-242 that persists whatever MAC
-address is set for a bridge when it's initially started. According to
-the systemd NEWS file entry for version 242
-(https://github.com/systemd/systemd/blob/master/NEWS):
-
-  "if a bridge interface is created without any slaves, and gains
-   a slave later, then now the bridge does not inherit slave's MAC."
-
-This change was the result of:
-
-  https://github.com/systemd/systemd/issues/3374
-
-(apparently if there is no MAC saved for a bridge by the name of a
-bridge being created, the random MAC generated during creation is
-saved, and then that same MAC is used to explicitly set the MAC each
-time it is created). Once a bridge has an explicitly set MAC, the "use
-the lowest numbered MAC of attached devices" rule is ignored, so our
-dummy tap device is like the goggles - it does nothing! (well, almost).
-
-We could whine about changes in default behavior, etc. etc., but
-because the change was in response to actual user problems, that seems
-likely a fruitless task. Fortunately, time has marched on, and even
-distro releases that are old enough that they are no longer supported
-by upstream libvirt (e.g. RHEL6) have support for explicitly setting a
-bridge device MAC address, either during creation or with a separate
-ioctl after creation, so we can now do that.
-
-To enable explicitly setting the mac during bridge creation, we add a
-mac arg to virNetDevBridgeCreate().  In the case of platforms where
-the bridge is created with a netlink RTM_NEWLINK message, we just add
-that mac to the message. For platforms that still use an ioctl (either
-SIOCBRADDBR or SIOCIFCREATE2), we make a separate call to
-virNetDevSetMAC() after creating the bridge.
-
-(NB: I was unable to test the calling of virNetDevSetMAC() from the
-SIOCIFCREATE2 (BSD) version of virNetDevBridgeCreate(); even though I
-managed to get a FreeBSD system setup and libvirt built there, when I
-tried to start the default network the SIOCIFCREATE2 ioctl itself
-failed, so it never even got to the virNetDevSetMAC(). That leaves the
-FreeBSD implementation untested.)
-
-This makes the dummy tap pointless for purposes of setting the MAC
-address, but it is still useful for IPv6 DAD initialization (which
-apparently requires at least one interface to be attached to the
-bridge and online), as well as for setting an initial MTU for the
-bridge, so it hasn't been removed.
-
-(NB: we can safely *always* call virNetDevBridgeCreate() with
-&def->mac from the network driver because, in spite of the existence
-of a "mac_specified" bool in the config suggesting that it may not
-always be present, in reality a mac address will always be added to
-any network that doesn't have one - this is guaranteed in all cases by
-commit a47ae7c004)
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1760851
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 13ec827052fcd79a4350f499aab5f4aa20ea83fa)
----
- src/network/bridge_driver.c |  2 +-
- src/util/virnetdevbridge.c  | 44 ++++++++++++++++++++++++++++++-------
- src/util/virnetdevbridge.h  |  3 ++-
- 3 files changed, 39 insertions(+), 10 deletions(-)
-
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index b830cdba42..d5c544f556 100644
---- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -2510,7 +2510,7 @@ networkStartNetworkVirtual(virNetworkDriverStatePtr driver,
-                        def->name);
-         return -1;
-     }
--    if (virNetDevBridgeCreate(def->bridge) < 0)
-+    if (virNetDevBridgeCreate(def->bridge, &def->mac) < 0)
-         return -1;
- 
-     if (def->mac_specified) {
-diff --git a/src/util/virnetdevbridge.c b/src/util/virnetdevbridge.c
-index 4f21a82fb7..368ce912d1 100644
---- a/src/util/virnetdevbridge.c
-+++ b/src/util/virnetdevbridge.c
-@@ -379,7 +379,8 @@ virNetDevBridgePortSetUnicastFlood(const char *brname ATTRIBUTE_UNUSED,
-  */
- #if defined(HAVE_STRUCT_IFREQ) && defined(SIOCBRADDBR)
- static int
--virNetDevBridgeCreateWithIoctl(const char *brname)
-+virNetDevBridgeCreateWithIoctl(const char *brname,
-+                               const virMacAddr *mac)
- {
-     VIR_AUTOCLOSE fd = -1;
- 
-@@ -392,22 +393,36 @@ virNetDevBridgeCreateWithIoctl(const char *brname)
-         return -1;
-     }
- 
-+    if (virNetDevSetMAC(brname, mac) < 0) {
-+        virErrorPtr savederr;
-+
-+        virErrorPreserveLast(&savederr);
-+        ignore_value(ioctl(fd, SIOCBRDELBR, brname));
-+        virErrorRestore(&savederr);
-+        return -1;
-+    }
-+
-     return 0;
- }
- #endif
- 
- #if defined(__linux__) && defined(HAVE_LIBNL)
- int
--virNetDevBridgeCreate(const char *brname)
-+virNetDevBridgeCreate(const char *brname,
-+                      const virMacAddr *mac)
- {
-     /* use a netlink RTM_NEWLINK message to create the bridge */
-     int error = 0;
-+    virNetlinkNewLinkData data = {
-+        .mac = mac,
-+    };
-+
- 
--    if (virNetlinkNewLink(brname, "bridge", NULL, &error) < 0) {
-+    if (virNetlinkNewLink(brname, "bridge", &data, &error) < 0) {
- # if defined(HAVE_STRUCT_IFREQ) && defined(SIOCBRADDBR)
-         if (error == -EOPNOTSUPP) {
-             /* fallback to ioctl if netlink doesn't support creating bridges */
--            return virNetDevBridgeCreateWithIoctl(brname);
-+            return virNetDevBridgeCreateWithIoctl(brname, mac);
-         }
- # endif
-         if (error < 0)
-@@ -423,15 +438,17 @@ virNetDevBridgeCreate(const char *brname)
- 
- #elif defined(HAVE_STRUCT_IFREQ) && defined(SIOCBRADDBR)
- int
--virNetDevBridgeCreate(const char *brname)
-+virNetDevBridgeCreate(const char *brname,
-+                      const virMacAddr *mac)
- {
--    return virNetDevBridgeCreateWithIoctl(brname);
-+    return virNetDevBridgeCreateWithIoctl(brname, mac);
- }
- 
- 
- #elif defined(HAVE_STRUCT_IFREQ) && defined(SIOCIFCREATE2)
- int
--virNetDevBridgeCreate(const char *brname)
-+virNetDevBridgeCreate(const char *brname,
-+                      const virMacAddr *mac)
- {
-     struct ifreq ifr;
-     VIR_AUTOCLOSE s = -1;
-@@ -448,10 +465,21 @@ virNetDevBridgeCreate(const char *brname)
-     if (virNetDevSetName(ifr.ifr_name, brname) == -1)
-         return -1;
- 
-+    if (virNetDevSetMAC(brname, mac) < 0) {
-+        virErrorPtr savederr;
-+
-+        virErrorPreserveLast(&savederr);
-+        ignore_value(virNetDevBridgeDelete(brname));
-+        virErrorRestore(&savederr);
-+        return -1;
-+    }
-+
-     return 0;
- }
- #else
--int virNetDevBridgeCreate(const char *brname)
-+int
-+virNetDevBridgeCreate(const char *brname,
-+                      const virMacAddr *mac G_GNUC_UNUSED)
- {
-     virReportSystemError(ENOSYS,
-                          _("Unable to create bridge %s"), brname);
-diff --git a/src/util/virnetdevbridge.h b/src/util/virnetdevbridge.h
-index 8df5e51c2e..2a2bde8d0e 100644
---- a/src/util/virnetdevbridge.h
-+++ b/src/util/virnetdevbridge.h
-@@ -21,7 +21,8 @@
- #include "internal.h"
- #include "virmacaddr.h"
- 
--int virNetDevBridgeCreate(const char *brname)
-+int virNetDevBridgeCreate(const char *brname,
-+                          const virMacAddr *mac)
-     ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK;
- int virNetDevBridgeDelete(const char *brname)
-     ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK;

0121-virhostuptime-Add-linux-stub-for-musl.patch

@@ -1,122 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 14 Oct 2019 16:37:03 +0200
-Subject: [PATCH] virhostuptime: Add linux stub for musl
-
-When we want to know the boot timestamp of the host, we can call
-virHostGetBootTime(). Under the hood, it uses getutxid() which is
-defined by POSIX and properly check for in configure. However,
-musl took a path where it declares the function but instead of
-providing any useful implementation it returns NULL meaning "no
-record found". If that's the case, use our second best option -
-/proc/uptime and a bit of maths.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1760885
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Cole Robinson <crobinso@redhat.com>
-(cherry picked from commit 070d6969fe912b8f2e9aadee88c6bdda00a65f4f)
-Signed-off-by: rpm-build <rpm-build>
-
-Conflicts:
-po/POTFILES.in
----
- src/util/virhostuptime.c | 62 ++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 59 insertions(+), 3 deletions(-)
-
-diff --git a/src/util/virhostuptime.c b/src/util/virhostuptime.c
-index 62b781acd5..a203961996 100644
---- a/src/util/virhostuptime.c
-+++ b/src/util/virhostuptime.c
-@@ -25,16 +25,68 @@
- #endif
- 
- #include "virhostuptime.h"
-+#include "viralloc.h"
-+#include "virfile.h"
-+#include "virlog.h"
-+#include "virstring.h"
-+#include "virtime.h"
- #include "virthread.h"
- 
-+#define VIR_FROM_THIS VIR_FROM_NONE
-+
-+VIR_LOG_INIT("util.virhostuptime");
-+
- static unsigned long long bootTime;
- static int bootTimeErrno;
- static virOnceControl virHostGetBootTimeOnce = VIR_ONCE_CONTROL_INITIALIZER;
- 
--#ifdef HAVE_GETUTXID
-+#if defined(__linux__)
-+# define UPTIME_FILE  "/proc/uptime"
-+static int
-+virHostGetBootTimeProcfs(unsigned long long *btime)
-+{
-+    unsigned long long now;
-+    double up;
-+    VIR_AUTOFREE(char *) buf = NULL;
-+    char *tmp;
-+
-+    if (virTimeMillisNow(&now) < 0)
-+        return -errno;
-+
-+    /* 1KiB limit is more than enough. */
-+    if (virFileReadAll(UPTIME_FILE, 1024, &buf) < 0)
-+        return -errno;
-+
-+    /* buf contains two doubles now:
-+     *   $uptime $idle_time
-+     * We're interested only in the first one */
-+    if (!(tmp = strchr(buf, ' '))) {
-+        virReportError(VIR_ERR_INTERNAL_ERROR,
-+                       _("uptime file has unexpected format '%s'"),
-+                       buf);
-+        return -EINVAL;
-+    }
-+
-+    *tmp = '\0';
-+
-+    if (virStrToDouble(buf, NULL, &up) < 0) {
-+        virReportError(VIR_ERR_INTERNAL_ERROR,
-+                       _("Unable to parse uptime value '%s'"),
-+                       buf);
-+        return -EINVAL;
-+    }
-+
-+    *btime = now / 1000 - up + 0.5;
-+
-+    return 0;
-+}
-+#endif /* defined(__linux__) */
-+
-+#if defined(HAVE_GETUTXID) || defined(__linux__)
- static void
- virHostGetBootTimeOnceInit(void)
- {
-+# ifdef HAVE_GETUTXID
-     struct utmpx id = {.ut_type = BOOT_TIME};
-     struct utmpx *res = NULL;
- 
-@@ -45,16 +97,20 @@ virHostGetBootTimeOnceInit(void)
-     }
- 
-     endutxent();
-+# endif /* HAVE_GETUTXID */
-+
-+    if (bootTimeErrno != 0 || bootTime == 0)
-+        bootTimeErrno = -virHostGetBootTimeProcfs(&bootTime);
- }
- 
--#else /* !HAVE_GETUTXID */
-+#else /* !defined(HAVE_GETUTXID) && !defined(__linux__) */
- 
- static void
- virHostGetBootTimeOnceInit(void)
- {
-     bootTimeErrno = ENOSYS;
- }
--#endif /* HAVE_GETUTXID */
-+#endif /* !defined(HAVE_GETUTXID) && !defined(__linux__) */
- 
- /**
-  * virHostGetBootTime:

0122-virhostuptime-Wrap-virHostGetBootTimeProcfs-call-in-.patch

@@ -1,31 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Thu, 14 Nov 2019 16:42:51 +0100
-Subject: [PATCH] virhostuptime: Wrap virHostGetBootTimeProcfs() call in an
- ifdef
-
-The virHostGetBootTimeProcfs() function is defined only for Linux
-and therefore it's only call should also be done if we're on
-Linux.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 1b0de07f41bbe0d23ab96b604428ae55fd22aec0)
-Signed-off-by: rpm-build <rpm-build>
----
- src/util/virhostuptime.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/util/virhostuptime.c b/src/util/virhostuptime.c
-index a203961996..94004d05db 100644
---- a/src/util/virhostuptime.c
-+++ b/src/util/virhostuptime.c
-@@ -99,8 +99,10 @@ virHostGetBootTimeOnceInit(void)
-     endutxent();
- # endif /* HAVE_GETUTXID */
- 
-+# ifdef __linux__
-     if (bootTimeErrno != 0 || bootTime == 0)
-         bootTimeErrno = -virHostGetBootTimeProcfs(&bootTime);
-+# endif /* __linux__ */
- }
- 
- #else /* !defined(HAVE_GETUTXID) && !defined(__linux__) */

0123-virhostuptime-Introduce-virHostBootTimeInit.patch

@@ -1,71 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Thu, 19 Dec 2019 10:11:04 +0100
-Subject: [PATCH] virhostuptime: Introduce virHostBootTimeInit()
-
-The idea is to offer callers an init function that they can call
-independently to ensure that the global variables get
-initialized.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Cole Robinson <crobinso@redhat.com>
-(cherry picked from commit 9d69bc19b94544b06838b2e2895826991d107178)
-Signed-off-by: rpm-build <rpm-build>
-
-Conflicts:
-	src/util/virhostuptime.h
----
- src/libvirt_private.syms |  1 +
- src/util/virhostuptime.c | 12 +++++++++++-
- src/util/virhostuptime.h |  3 +++
- 3 files changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
-index c1c3974133..fbd1c25597 100644
---- a/src/libvirt_private.syms
-+++ b/src/libvirt_private.syms
-@@ -2136,6 +2136,7 @@ virHostMemSetParameters;
- 
- 
- # util/virhostuptime.h
-+virHostBootTimeInit;
- virHostGetBootTime;
- 
- 
-diff --git a/src/util/virhostuptime.c b/src/util/virhostuptime.c
-index 94004d05db..d82e268264 100644
---- a/src/util/virhostuptime.c
-+++ b/src/util/virhostuptime.c
-@@ -126,7 +126,7 @@ virHostGetBootTimeOnceInit(void)
- int
- virHostGetBootTime(unsigned long long *when)
- {
--    if (virOnce(&virHostGetBootTimeOnce, virHostGetBootTimeOnceInit) < 0)
-+    if (virHostBootTimeInit() < 0)
-         return -1;
- 
-     if (bootTimeErrno) {
-@@ -137,3 +137,13 @@ virHostGetBootTime(unsigned long long *when)
-     *when = bootTime;
-     return 0;
- }
-+
-+
-+int
-+virHostBootTimeInit(void)
-+{
-+    if (virOnce(&virHostGetBootTimeOnce, virHostGetBootTimeOnceInit) < 0)
-+        return -1;
-+
-+    return 0;
-+}
-diff --git a/src/util/virhostuptime.h b/src/util/virhostuptime.h
-index 03c1517a64..0886b03767 100644
---- a/src/util/virhostuptime.h
-+++ b/src/util/virhostuptime.h
-@@ -25,3 +25,6 @@
- int
- virHostGetBootTime(unsigned long long *when)
-     ATTRIBUTE_NOINLINE;
-+
-+int
-+virHostBootTimeInit(void);

0124-remote_daemon-Initialize-host-boot-time-global-varia.patch

@@ -1,54 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Tue, 17 Dec 2019 14:08:42 +0100
-Subject: [PATCH] remote_daemon: Initialize host boot time global variable
-
-This is not strictly needed, but it makes sure we initialize the
-@bootTime global variable. Thing is, in order to validate XATTRs
-and prune those set in some previous runs of the host, a
-timestamp is recorded in XATTRs. The host boot time was unique
-enough so it was chosen as the timestamp value. And to avoid
-querying and parsing /proc/uptime every time, the query function
-does that only once and stores the boot time in a global
-variable. However, the only time the query function is called is
-in a child process that does lock files and changes seclabels. So
-effectively, we are doing exactly what we wanted to prevent from
-happening.
-
-The fix is simple, call the virHostBootTimeInit() function which
-sets the global variable.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Cole Robinson <crobinso@redhat.com>
-(cherry picked from commit 35d603d5ae0abe91b8b48203c5b7051b1800682b)
-Signed-off-by: rpm-build <rpm-build>
----
- src/remote/remote_daemon.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c
-index 6b5a6c1523..43f9527405 100644
---- a/src/remote/remote_daemon.c
-+++ b/src/remote/remote_daemon.c
-@@ -57,6 +57,7 @@
- #include "virgettext.h"
- #include "util/virnetdevopenvswitch.h"
- #include "virsystemd.h"
-+#include "virhostuptime.h"
- 
- #include "driver.h"
- 
-@@ -1088,6 +1089,14 @@ int main(int argc, char **argv) {
-         exit(EXIT_FAILURE);
-     }
- 
-+    /* Let's try to initialize global variable that holds the host's boot time. */
-+    if (virHostBootTimeInit() < 0) {
-+        /* This is acceptable failure. Maybe we won't need the boot time
-+         * anyway, and if we do, then virHostGetBootTime() returns an
-+         * appropriate error. */
-+        VIR_DEBUG("Ignoring failed boot time init");
-+    }
-+
-     daemonSetupNetDevOpenvswitch(config);
- 
-     if (daemonSetupAccessManager(config) < 0) {

0125-network-make-it-safe-to-call-networkSetupPrivateChai.patch

@@ -1,55 +0,0 @@
-From: Laine Stump <laine@redhat.com>
-Date: Thu, 7 May 2020 22:32:59 -0400
-Subject: [PATCH] network: make it safe to call networkSetupPrivateChains()
- multiple times
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-networkSetupPrivateChains() is currently called only once per run of
-libvirtd, so it can assume that errInitV4 and errInitV6 are empty/null
-when it is called. In preparation for potentially calling this
-function multiple times during one run, this patch moves the reset of
-errInitV[46] to the top of the function, to assure no memory is
-leaked.
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit de110f110fb917a31b9f33ad8e4b3c1d3284766a)
----
- src/network/bridge_driver_linux.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
-index 35459c10d1..f4e4e2df76 100644
---- a/src/network/bridge_driver_linux.c
-+++ b/src/network/bridge_driver_linux.c
-@@ -48,6 +48,10 @@ static void networkSetupPrivateChains(void)
-     VIR_DEBUG("Setting up global firewall chains");
- 
-     createdChains = false;
-+    virFreeError(errInitV4);
-+    errInitV4 = NULL;
-+    virFreeError(errInitV6);
-+    errInitV6 = NULL;
- 
-     rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV4);
-     if (rc < 0) {
-@@ -56,8 +60,6 @@ static void networkSetupPrivateChains(void)
-         errInitV4 = virSaveLastError();
-         virResetLastError();
-     } else {
--        virFreeError(errInitV4);
--        errInitV4 = NULL;
-         if (rc) {
-             VIR_DEBUG("Created global IPv4 chains");
-             createdChains = true;
-@@ -73,8 +75,6 @@ static void networkSetupPrivateChains(void)
-         errInitV6 = virSaveLastError();
-         virResetLastError();
-     } else {
--        virFreeError(errInitV6);
--        errInitV6 = NULL;
-         if (rc) {
-             VIR_DEBUG("Created global IPv6 chains");
-             createdChains = true;

0126-network-force-re-creation-of-iptables-private-chains.patch

@@ -1,265 +0,0 @@
-From: Laine Stump <laine@redhat.com>
-Date: Thu, 7 May 2020 21:54:39 -0400
-Subject: [PATCH] network: force re-creation of iptables private chains on
- firewalld restart
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When firewalld is stopped, it removes *all* iptables rules and chains,
-including those added by libvirt. Since restarting firewalld means
-stopping and then starting it, any time it is restarted, libvirt needs
-to recreate all the private iptables chains it uses, along with all
-the rules it adds.
-
-We already have code in place to call networkReloadFirewallRules() any
-time we're notified of a firewalld start, and
-networkReloadFirewallRules() will call
-networkPreReloadFirewallRules(), which calls
-networkSetupPrivateChains(); unfortunately that last call is called
-using virOnce(), meaning that it will only be called the first time
-through networkPreReloadFirewallRules() after libvirtd starts - so of
-course when firewalld is later restarted, the call to
-networkSetupPrivateChains() is skipped.
-
-The neat and tidy way to fix this would be if there was a standard way
-to reset a pthread_once_t object so that the next time virOnce was
-called, it would think the function hadn't been called, and call it
-again. Unfortunately, there isn't any official way of doing that (we
-*could* just fill it with 0 and hope for the best, but that doesn't
-seem very safe.
-
-So instead, this patch just adds a static variable called
-chainInitDone, which is set to true after networkSetupPrivateChains()
-is called for the first time, and then during calls to
-networkPreReloadFirewallRules(), if chainInitDone is set, we call
-networkSetupPrivateChains() directly instead of via virOnce().
-
-It may seem unsafe to directly call a function that is meant to be
-called only once, but I think in this case we're safe - there's
-nothing in the function that is inherently "once only" - it doesn't
-initialize anything that can't safely be re-initialized (as long as
-two threads don't try to do it at the same time), and it only happens
-when responding to a dbus message that firewalld has been started (and
-I don't think it's possible for us to be processing two of those at
-once), and even then only if the initial call to the function has
-already been completed (so we're safe if we receive a firewalld
-restart call at a time when we haven't yet called it, or even if
-another thread is already in the process of executing it. The only
-problematic bit I can think of is if another thread is in the process
-of adding an iptable rule at the time we're executing this function,
-but 1) none of those threads will be trying to add chains, and 2) if
-there was a concurrency problem with other threads adding iptables
-rules while firewalld was being restarted, it would still be a problem
-even without this change.
-
-This is yet another patch that fixes an occurrence of this error:
-
-COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --insert LIBVIRT_INP --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: No chain/target/match by that name.
-
-In particular, this resolves: https://bugzilla.redhat.com/1813830
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit f5418b427e7d2f26803880309478de9103680826)
----
- src/network/bridge_driver.c          | 16 ++++---
- src/network/bridge_driver_linux.c    | 69 ++++++++++++++++++----------
- src/network/bridge_driver_nop.c      |  3 +-
- src/network/bridge_driver_platform.h |  2 +-
- 4 files changed, 58 insertions(+), 32 deletions(-)
-
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index d5c544f556..981b4e4578 100644
---- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -289,7 +289,9 @@ static int
- networkShutdownNetworkExternal(virNetworkObjPtr obj);
- 
- static void
--networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup);
-+networkReloadFirewallRules(virNetworkDriverStatePtr driver,
-+                           bool startup,
-+                           bool force);
- 
- static void
- networkRefreshDaemons(virNetworkDriverStatePtr driver);
-@@ -695,7 +697,7 @@ firewalld_dbus_filter_bridge(DBusConnection *connection ATTRIBUTE_UNUSED,
- 
-     if (reload) {
-         VIR_DEBUG("Reload in bridge_driver because of firewalld.");
--        networkReloadFirewallRules(driver, false);
-+        networkReloadFirewallRules(driver, false, true);
-     }
- 
-     return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
-@@ -814,7 +816,7 @@ networkStateInitialize(bool privileged,
-     virNetworkObjListPrune(network_driver->networks,
-                            VIR_CONNECT_LIST_NETWORKS_INACTIVE |
-                            VIR_CONNECT_LIST_NETWORKS_TRANSIENT);
--    networkReloadFirewallRules(network_driver, true);
-+    networkReloadFirewallRules(network_driver, true, false);
-     networkRefreshDaemons(network_driver);
- 
-     if (virDriverShouldAutostart(network_driver->stateDir, &autostart) < 0)
-@@ -884,7 +886,7 @@ networkStateReload(void)
-                                 network_driver->networkConfigDir,
-                                 network_driver->networkAutostartDir,
-                                 network_driver->xmlopt);
--    networkReloadFirewallRules(network_driver, false);
-+    networkReloadFirewallRules(network_driver, false, false);
-     networkRefreshDaemons(network_driver);
-     virNetworkObjListForEach(network_driver->networks,
-                              networkAutostartConfig,
-@@ -2267,14 +2269,16 @@ networkReloadFirewallRulesHelper(virNetworkObjPtr obj,
- 
- 
- static void
--networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
-+networkReloadFirewallRules(virNetworkDriverStatePtr driver,
-+                           bool startup,
-+                           bool force)
- {
-     VIR_INFO("Reloading iptables rules");
-     /* Ideally we'd not even register the driver when unprivilegd
-      * but until we untangle the virt driver that's not viable */
-     if (!driver->privileged)
-         return;
--    networkPreReloadFirewallRules(driver, startup);
-+    networkPreReloadFirewallRules(driver, startup, force);
-     virNetworkObjListForEach(driver->networks,
-                              networkReloadFirewallRulesHelper,
-                              NULL);
-diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
-index f4e4e2df76..f65928e556 100644
---- a/src/network/bridge_driver_linux.c
-+++ b/src/network/bridge_driver_linux.c
-@@ -36,11 +36,14 @@ VIR_LOG_INIT("network.bridge_driver_linux");
- #define PROC_NET_ROUTE "/proc/net/route"
- 
- static virOnceControl createdOnce;
--static bool createdChains;
-+static bool chainInitDone; /* true iff networkSetupPrivateChains was ever called */
-+static bool createdChains; /* true iff networkSetupPrivateChains created chains during most recent call */
- static virErrorPtr errInitV4;
- static virErrorPtr errInitV6;
- 
--/* Only call via virOnce */
-+/* Usually only called via virOnce, but can also be called directly in
-+ * response to firewalld reload (if chainInitDone == true)
-+ */
- static void networkSetupPrivateChains(void)
- {
-     int rc;
-@@ -82,6 +85,8 @@ static void networkSetupPrivateChains(void)
-             VIR_DEBUG("Global IPv6 chains already exist");
-         }
-     }
-+
-+    chainInitDone = true;
- }
- 
- 
-@@ -111,7 +116,10 @@ networkHasRunningNetworks(virNetworkDriverStatePtr driver)
- }
- 
- 
--void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
-+void
-+networkPreReloadFirewallRules(virNetworkDriverStatePtr driver,
-+                              bool startup,
-+                              bool force)
- {
-     /*
-      * If there are any running networks, we need to
-@@ -130,29 +138,42 @@ void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup
-      * of starting the network though as that makes them
-      * more likely to be seen by a human
-      */
--    if (!networkHasRunningNetworks(driver)) {
--        VIR_DEBUG("Delayed global rule setup as no networks are running");
--        return;
--    }
-+    if (chainInitDone && force) {
-+        /* The Private chains have already been initialized once
-+         * during this run of libvirtd, so 1) we can't do it again via
-+         * virOnce(), and 2) we need to re-add the private chains even
-+         * if there are currently no running networks, because the
-+         * next time a network is started, libvirt will expect that
-+         * the chains have already been added. So we call directly
-+         * instead of via virOnce().
-+         */
-+        networkSetupPrivateChains();
- 
--    ignore_value(virOnce(&createdOnce, networkSetupPrivateChains));
-+    } else {
-+        if (!networkHasRunningNetworks(driver)) {
-+            VIR_DEBUG("Delayed global rule setup as no networks are running");
-+            return;
-+        }
- 
--    /*
--     * If this is initial startup, and we just created the
--     * top level private chains we either
--     *
--     *   - upgraded from old libvirt
--     *   - freshly booted from clean state
--     *
--     * In the first case we must delete the old rules from
--     * the built-in chains, instead of our new private chains.
--     * In the second case it doesn't matter, since no existing
--     * rules will be present. Thus we can safely just tell it
--     * to always delete from the builin chain
--     */
--    if (startup && createdChains) {
--        VIR_DEBUG("Requesting cleanup of legacy firewall rules");
--        iptablesSetDeletePrivate(false);
-+        ignore_value(virOnce(&createdOnce, networkSetupPrivateChains));
-+
-+        /*
-+         * If this is initial startup, and we just created the
-+         * top level private chains we either
-+         *
-+         *   - upgraded from old libvirt
-+         *   - freshly booted from clean state
-+         *
-+         * In the first case we must delete the old rules from
-+         * the built-in chains, instead of our new private chains.
-+         * In the second case it doesn't matter, since no existing
-+         * rules will be present. Thus we can safely just tell it
-+         * to always delete from the builin chain
-+         */
-+        if (startup && createdChains) {
-+            VIR_DEBUG("Requesting cleanup of legacy firewall rules");
-+            iptablesSetDeletePrivate(false);
-+        }
-     }
- }
- 
-diff --git a/src/network/bridge_driver_nop.c b/src/network/bridge_driver_nop.c
-index ec7b1ed8b7..74a9b87158 100644
---- a/src/network/bridge_driver_nop.c
-+++ b/src/network/bridge_driver_nop.c
-@@ -20,7 +20,8 @@
- #include <config.h>
- 
- void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver ATTRIBUTE_UNUSED,
--                                   bool startup ATTRIBUTE_UNUSED)
-+                                   bool startup ATTRIBUTE_UNUSED,
-+                                   bool force ATTRIBUTE_UNUSED)
- {
- }
- 
-diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driver_platform.h
-index 169417a6c0..48ab52c160 100644
---- a/src/network/bridge_driver_platform.h
-+++ b/src/network/bridge_driver_platform.h
-@@ -62,7 +62,7 @@ struct _virNetworkDriverState {
- typedef struct _virNetworkDriverState virNetworkDriverState;
- typedef virNetworkDriverState *virNetworkDriverStatePtr;
- 
--void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup);
-+void networkPreReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup, bool force);
- void networkPostReloadFirewallRules(bool startup);
- 
- int networkCheckRouteCollision(virNetworkDefPtr def);

0127-systemd-start-libvirtd-after-firewalld-iptables-serv.patch

@@ -1,85 +0,0 @@
-From: Laine Stump <laine@redhat.com>
-Date: Fri, 1 May 2020 00:05:50 -0400
-Subject: [PATCH] systemd: start libvirtd after firewalld/iptables services
-
-When a system has enabled the iptables/ip6tables services rather than
-firewalld, there is no explicit ordering of the start of those
-services vs. libvirtd. This creates a problem when libvirtd.service is
-started before ip[6]tables, as the latter, when it finally is started,
-will remove all of the iptables rules that had previously been added
-by libvirt, including the custom chains where libvirt's rules are
-kept. This results in an error message similar to the following when a
-user subsequently tries to start a new libvirt network:
-
- "Error while activating network: Call to virNetworkCreate failed:
- internal error: Failed to apply firewall rules
- /usr/sbin/ip6tables -w --table filter --insert LIBVIRT_FWO \
-   --in-interface virbr2 --jump REJECT:
- ip6tables: No chain/target/match by that name."
-
-(Prior to logging this error, it also would have caused failure to
-forward (or block) traffic in some cases, e.g. for guests on a NATed
-network, since libvirt's rules to forward/block had all been deleted
-and libvirt didn't know about it, so it couldn't fix the problem)
-
-When this happens, the problem can be remedied by simply restarting
-libvirtd.service (which has the side-effect of reloading all
-libvirt-generated firewall rules)
-
-Instead, we can just explicitly stating in the libvirtd.service file
-that libvirtd.service should start after ip6tables.service and
-ip6tables.service, eliminating the race condition that leads to the
-error.
-
-There is also nothing (that I can see) in the systemd .service files
-to guarantee that firewalld.service will be started (if enabled) prior
-to libvirtd.service. The same error scenario given above would occur
-if libvirtd.service started before firewalld.service.  Even before
-that, though libvirtd would have detected that firewalld.service was
-disabled, and then turn off all firewalld support. So, for example,
-firewalld's libvirt zone wouldn't be used, and most likely traffic
-from guests would therefore be blocked (all with no external
-indication of the source of the problem other than a debug-level log
-when libvirtd was started saying that firewalld wasn't in use); also
-libvirtd wouldn't notice when firewalld reloaded its rules (which also
-simultaneously deletes all of libvirt's rules).
-
-I'm not aware of any reports that have been traced back to
-libvirtd.service starting before firewalld.service, but have seen that
-error reported multiple times, and also don't see an existing
-dependency that would guarantee firewalld.service starts before
-libvirtd.service, so it's possible it's been happening and we just
-haven't gotten to the bottom of it.
-
-This patch adds an After= line to the libvirtd.service file for each
-of iptables.service, ip6tables.service, and firewalld.servicee, which
-should guarantee that libvirtd.service isn't started until systemd has
-started whichever of the others is enabled.
-
-This race was diagnosed, and patch proposed, by Jason Montleon in
-https://bugzilla.redhat.com/1723698 . At the time (April 2019) danpb
-agreed with him that this change to libvirtd.service was a reasonable
-thing to do, but I guess everyone thought someone else was going to
-post a patch, so in the end nobody did.
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 0756415f147dda15a417bd79eef9a62027d176e6)
----
- src/remote/libvirtd.service.in | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
-index d5d98f0c12..ada5be62e6 100644
---- a/src/remote/libvirtd.service.in
-+++ b/src/remote/libvirtd.service.in
-@@ -11,6 +11,9 @@ Wants=libvirtd-admin.socket
- Wants=systemd-machined.service
- Before=libvirt-guests.service
- After=network.target
-+After=firewalld.service
-+After=iptables.service
-+After=ip6tables.service
- After=dbus.service
- After=iscsid.service
- After=apparmor.service

0128-qemuDomainGetStatsIOThread-Don-t-leak-array-with-0-i.patch

@@ -1,41 +0,0 @@
-From: Peter Krempa <pkrempa@redhat.com>
-Date: Wed, 19 Feb 2020 08:40:59 +0100
-Subject: [PATCH] qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-qemuMonitorGetIOThreads returns a NULL-terminated list even when 0
-iothreads are present. The caller didn't perform cleanup if there were 0
-iothreads leaking the array.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1804548
-
-Fixes: d1eac92784573559b6fd56836e33b215c89308e3
-Reported-by: Jing Yan <jiyan@redhat.com>
-Signed-off-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-(cherry picked from commit 9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581)
----
- src/qemu/qemu_driver.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 5dd2616c7b..331e53b971 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -21632,8 +21632,12 @@ qemuDomainGetStatsIOThread(virQEMUDriverPtr driver,
-     if ((niothreads = qemuDomainGetIOThreadsMon(driver, dom, &iothreads)) < 0)
-         return -1;
- 
--    if (niothreads == 0)
--        return 0;
-+    /* qemuDomainGetIOThreadsMon returns a NULL-terminated list, so we must free
-+     * it even if it returns 0 */
-+    if (niothreads == 0) {
-+        ret = 0;
-+        goto cleanup;
-+    }
- 
-     QEMU_ADD_COUNT_PARAM(record, maxparams, "iothread", niothreads);
- 

0129-storage-Fix-daemon-crash-on-lookup-storagepool-by-ta.patch

@@ -1,47 +0,0 @@
-From: Yi Li <yili@winhong.com>
-Date: Sat, 21 Dec 2019 08:33:33 +0800
-Subject: [PATCH] storage: Fix daemon crash on lookup storagepool by targetpath
-
-Causing a crash when storagePoolLookupByTargetPath beacuse of
-Some types of storage pool have no target elements.
-Use STREQ_NULLABLE instead of STREQ
-Avoids segfaults when using NULL arguments.
-
-Core was generated by `/usr/sbin/libvirtd'.
-Program terminated with signal 11, Segmentation fault.
-(gdb) bt
-0  0x0000ffff9e951388 in strcmp () from /lib64/libc.so.6
-1  0x0000ffff92103e9c in storagePoolLookupByTargetPathCallback (
-    obj=0xffff7009aab0, opaque=0xffff801058b0) at storage/storage_driver.c:1649
-2  0x0000ffff9f2c52a4 in virStoragePoolObjListSearchCb (
-    payload=0xffff801058b0, name=<optimized out>, opaque=<optimized out>)
-    at conf/virstorageobj.c:476
-3  0x0000ffff9f1f2f7c in virHashSearch (ctable=0xffff800f4f60,
-    iter=iter@entry=0xffff9f2c5278 <virStoragePoolObjListSearchCb>,
-    data=data@entry=0xffff95af7488, name=name@entry=0x0) at util/virhash.c:696
-4  0x0000ffff9f2c64f0 in virStoragePoolObjListSearch (pools=0xffff800f2ce0,
-    searcher=searcher@entry=0xffff92103e68 <storagePoolLookupByTargetPathCallback>,
-     opaque=<optimized out>) at conf/virstorageobj.c:505
-5  0x0000ffff92101f54 in storagePoolLookupByTargetPath (conn=0xffff5c0009f0,
-path=0xffff7009a850 "/vms/images") at storage/storage_driver.c:1672
-
-Reviewed-by: Cole Robinson <crobinso@redhat.com>
-Signed-off-by: Yi Li <yili@winhong.com>
-(cherry picked from commit dfff16a7c261f8d28e3abe60a47165f845fa952f)
----
- src/storage/storage_driver.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
-index 05192027d6..d878b0be92 100644
---- a/src/storage/storage_driver.c
-+++ b/src/storage/storage_driver.c
-@@ -1675,7 +1675,7 @@ storagePoolLookupByTargetPathCallback(virStoragePoolObjPtr obj,
-         return false;
- 
-     def = virStoragePoolObjGetDef(obj);
--    return STREQ(path, def->target.path);
-+    return STREQ_NULLABLE(path, def->target.path);
- }
- 
- 

0130-qemu-don-t-hold-both-jobs-for-suspend.patch

@@ -1,168 +0,0 @@
-From: Jonathon Jongsma <jjongsma@redhat.com>
-Date: Thu, 5 Dec 2019 10:08:52 -0600
-Subject: [PATCH] qemu: don't hold both jobs for suspend
-
-We have to assume that the guest agent may be malicious so we don't want
-to allow any agent queries to block any other libvirt API. By holding a
-monitor job while we're querying the agent, we open ourselves up to a
-DoS.
-
-So split the function up a bit to only hold the monitor job while
-querying qemu for whether the domain supports suspend. Then acquire only
-an agent job while issuing the agent suspend command.
-
-Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit a663a860819287e041c3de672aad1d8543098ecc)
----
- src/qemu/qemu_driver.c | 94 ++++++++++++++++++++++++++----------------
- 1 file changed, 59 insertions(+), 35 deletions(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 331e53b971..96c0b3505a 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -19867,6 +19867,59 @@ qemuDomainProbeQMPCurrentMachine(virQEMUDriverPtr driver,
- }
- 
- 
-+/* returns -1 on error, or if query is not supported, 0 if query was successful */
-+static int
-+qemuDomainQueryWakeupSuspendSupport(virQEMUDriverPtr driver,
-+                                    virDomainObjPtr vm,
-+                                    bool *wakeupSupported)
-+{
-+    qemuDomainObjPrivatePtr priv = vm->privateData;
-+    int ret = -1;
-+
-+    if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_QUERY_CURRENT_MACHINE))
-+        return -1;
-+
-+    if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
-+        return -1;
-+
-+    if ((ret = virDomainObjCheckActive(vm)) < 0)
-+        goto endjob;
-+
-+    ret = qemuDomainProbeQMPCurrentMachine(driver, vm, wakeupSupported);
-+
-+ endjob:
-+    qemuDomainObjEndJob(driver, vm);
-+    return ret;
-+}
-+
-+
-+static int
-+qemuDomainPMSuspendAgent(virQEMUDriverPtr driver,
-+                         virDomainObjPtr vm,
-+                         unsigned int target)
-+{
-+    qemuAgentPtr agent;
-+    int ret = -1;
-+
-+    if (qemuDomainObjBeginAgentJob(driver, vm, QEMU_AGENT_JOB_MODIFY) < 0)
-+        return -1;
-+
-+    if ((ret = virDomainObjCheckActive(vm)) < 0)
-+        goto endjob;
-+
-+    if (!qemuDomainAgentAvailable(vm, true))
-+        goto endjob;
-+
-+    agent = qemuDomainObjEnterAgent(vm);
-+    ret = qemuAgentSuspend(agent, target);
-+    qemuDomainObjExitAgent(vm, agent);
-+
-+ endjob:
-+    qemuDomainObjEndAgentJob(vm);
-+    return ret;
-+}
-+
-+
- static int
- qemuDomainPMSuspendForDuration(virDomainPtr dom,
-                                unsigned int target,
-@@ -19874,11 +19927,9 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom,
-                                unsigned int flags)
- {
-     virQEMUDriverPtr driver = dom->conn->privateData;
--    qemuDomainObjPrivatePtr priv;
-     virDomainObjPtr vm;
--    qemuAgentPtr agent;
--    qemuDomainJob job = QEMU_JOB_NONE;
-     int ret = -1;
-+    bool wakeupSupported;
- 
-     virCheckFlags(0, -1);
- 
-@@ -19903,17 +19954,6 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom,
-     if (virDomainPMSuspendForDurationEnsureACL(dom->conn, vm->def) < 0)
-         goto cleanup;
- 
--    priv = vm->privateData;
--
--    if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_QUERY_CURRENT_MACHINE))
--        job = QEMU_JOB_MODIFY;
--
--    if (qemuDomainObjBeginJobWithAgent(driver, vm, job, QEMU_AGENT_JOB_MODIFY) < 0)
--        goto cleanup;
--
--    if (virDomainObjCheckActive(vm) < 0)
--        goto endjob;
--
-     /*
-      * The case we want to handle here is when QEMU has the API (i.e.
-      * QEMU_CAPS_QUERY_CURRENT_MACHINE is set). Otherwise, do not interfere
-@@ -19921,16 +19961,11 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom,
-      * that don't know about this cap, will keep their old behavior of
-      * suspending 'in the dark'.
-      */
--    if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_QUERY_CURRENT_MACHINE)) {
--        bool wakeupSupported;
--
--        if (qemuDomainProbeQMPCurrentMachine(driver, vm, &wakeupSupported) < 0)
--            goto endjob;
--
-+    if (qemuDomainQueryWakeupSuspendSupport(driver, vm, &wakeupSupported) == 0) {
-         if (!wakeupSupported) {
-             virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
-                            _("Domain does not have suspend support"));
--            goto endjob;
-+            goto cleanup;
-         }
-     }
- 
-@@ -19940,29 +19975,18 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom,
-              target == VIR_NODE_SUSPEND_TARGET_HYBRID)) {
-             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                            _("S3 state is disabled for this domain"));
--            goto endjob;
-+            goto cleanup;
-         }
- 
-         if (vm->def->pm.s4 == VIR_TRISTATE_BOOL_NO &&
-             target == VIR_NODE_SUSPEND_TARGET_DISK) {
-             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                            _("S4 state is disabled for this domain"));
--            goto endjob;
-+            goto cleanup;
-         }
-     }
- 
--    if (!qemuDomainAgentAvailable(vm, true))
--        goto endjob;
--
--    agent = qemuDomainObjEnterAgent(vm);
--    ret = qemuAgentSuspend(agent, target);
--    qemuDomainObjExitAgent(vm, agent);
--
-- endjob:
--    if (job)
--        qemuDomainObjEndJobWithAgent(driver, vm);
--    else
--        qemuDomainObjEndAgentJob(vm);
-+    ret = qemuDomainPMSuspendAgent(driver, vm, target);
- 
-  cleanup:
-     virDomainObjEndAPI(&vm);

Makefile

@@ -0,0 +1,21 @@
+# Makefile for source rpm: libvirt
+# $Id$
+NAME := libvirt
+SPECFILE = $(firstword $(wildcard *.spec))
+
+define find-makefile-common
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+endef
+
+MAKEFILE_COMMON := $(shell $(find-makefile-common))
+
+ifeq ($(MAKEFILE_COMMON),)
+# attempt a checkout
+define checkout-makefile-common
+test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
+endef
+
+MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
+endif
+
+include $(MAKEFILE_COMMON)

libvirt.spec

@@ -4,7 +4,7 @@
 # that's still supported by the vendor. It may work on other distros
 # or versions, but no effort will be made to ensure that going forward.
 %define min_rhel 7
-%define min_fedora 29
+%define min_fedora 26
 
 %if (0%{?fedora} && 0%{?fedora} >= %{min_fedora}) || (0%{?rhel} && 0%{?rhel} >= %{min_rhel})
     %define supported_platform 1
@@ -16,12 +16,11 @@
 # (or provide a command-line override) if they backport any patches that
 # touch configure.ac or Makefile.am.
 %{!?enable_autotools:%global enable_autotools 0}
-# fedora31: Some patches require this
-%global enable_autotools 1
 
 # The hypervisor drivers that run in libvirtd
 %define with_qemu          0%{!?_without_qemu:1}
 %define with_lxc           0%{!?_without_lxc:1}
+%define with_uml           0%{!?_without_uml:1}
 %define with_libxl         0%{!?_without_libxl:1}
 %define with_vbox          0%{!?_without_vbox:1}
 
@@ -73,7 +72,7 @@
 %endif
 
 # We need a recent enough libiscsi (>= 1.18.0)
-%if 0%{?fedora} || 0%{?rhel} > 7
+%if 0%{?fedora} >= 28 || 0%{?rhel} > 7
     %define with_storage_iscsi_direct 0%{!?_without_storage_iscsi_direct:1}
 %else
     %define with_storage_iscsi_direct 0
@@ -84,7 +83,6 @@
 %define with_sanlock       0%{!?_without_sanlock:0}
 %define with_numad         0%{!?_without_numad:0}
 %define with_firewalld     0%{!?_without_firewalld:0}
-%define with_firewalld_zone 0%{!?_without_firewalld_zone:0}
 %define with_libssh2       0%{!?_without_libssh2:0}
 %define with_wireshark     0%{!?_without_wireshark:0}
 %define with_libssh        0%{!?_without_libssh:0}
@@ -102,29 +100,38 @@
     %define with_vbox 0
 %endif
 
-# Numactl is not available on many non-x86 archs
+# Numactl is not available on s390[x] and ARM
 %ifarch s390 s390x %{arm} riscv64
     %define with_numactl 0
 %endif
 
+# libgfapi is built only on x86_64 on rhel
+%ifnarch x86_64
+    %if 0%{?rhel}
+        %define with_storage_gluster 0
+    %endif
+%endif
+
+# librados and librbd are built only on x86_64 on rhel
+%ifnarch x86_64
+    %if 0%{?rhel}
+        %define with_storage_rbd 0
+    %endif
+%endif
+
 # zfs-fuse is not available on some architectures
 %ifarch s390 s390x aarch64 riscv64
     %define with_storage_zfs 0
 %endif
 
-# Ceph dropping support for 32-bit hosts
-%if 0%{?fedora} >= 30
-    %ifarch %{arm} %{ix86}
-        %define with_storage_rbd 0
-    %endif
-%endif
 
-# RHEL doesn't ship OpenVZ, VBox, PowerHypervisor,
+# RHEL doesn't ship OpenVZ, VBox, UML, PowerHypervisor,
 # VMware, libxenserver (xenapi), libxenlight (Xen 4.1 and newer),
 # or HyperV.
 %if 0%{?rhel}
     %define with_openvz 0
     %define with_vbox 0
+    %define with_uml 0
     %define with_phyp 0
     %define with_vmware 0
     %define with_xenapi 0
@@ -139,11 +146,6 @@
 
 %define with_firewalld 1
 
-%if 0%{?fedora} >= 31 || 0%{?rhel} > 7
-    %define with_firewalld_zone 0%{!?_without_firewalld_zone:1}
-%endif
-
-
 # fuse is used to provide virtualized /proc for LXC
 %if %{with_lxc}
     %define with_fuse      0%{!?_without_fuse:1}
@@ -168,7 +170,11 @@
 # Enable wireshark plugins for all distros shipping libvirt 1.2.2 or newer
 %if 0%{?fedora}
     %define with_wireshark 0%{!?_without_wireshark:1}
-    %define wireshark_plugindir %(pkg-config --variable plugindir wireshark)/epan
+%endif
+%if 0%{?fedora} || 0%{?rhel} > 7
+    %define wireshark_plugindir %(pkg-config --variable plugindir wireshark)
+%else
+    %define wireshark_plugindir %{_libdir}/wireshark/plugins
 %endif
 
 # Enable libssh transport for new enough distros
@@ -186,9 +192,9 @@
 %endif
 
 
-%if %{with_qemu} || %{with_lxc}
+%if %{with_qemu} || %{with_lxc} || %{with_uml}
 # numad is used to manage the CPU and memory placement dynamically,
-# it's not available on many non-x86 architectures.
+# it's not available on s390[x] and ARM.
     %ifnarch s390 s390x %{arm} riscv64
         %define with_numad    0%{!?_without_numad:1}
     %endif
@@ -208,17 +214,17 @@
     %define enable_werror --disable-werror
 %endif
 
-%if 0%{?rhel} == 7
-    %define tls_priority "NORMAL"
-%else
+%if 0%{?fedora}
     %define tls_priority "@LIBVIRT,SYSTEM"
+%else
+    %define tls_priority "NORMAL"
 %endif
 
 
 Summary: Library providing a simple virtualization API
 Name: libvirt
-Version: 5.6.0
-Release: 7%{?dist}
+Version: 4.7.0
+Release: 5%{?dist}%{?extra_release}
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -227,69 +233,48 @@ URL: https://libvirt.org/
 %endif
 Source: https://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.xz
 
-# Fix issues with qemu.conf remember_owner (bz #1748079)
-Patch0001: 0001-src-security-Replace-bitwise-OR-with-logical-OR.patch
-Patch0002: 0002-security_util-Use-more-VIR_AUTOFREE.patch
-Patch0003: 0003-security_util-Document-virSecurityMoveRememberedLabe.patch
-Patch0004: 0004-security-Don-t-increase-XATTRs-refcounter-on-failure.patch
-Patch0005: 0005-util-Introduce-virhostuptime.patch
-Patch0006: 0006-security_util-Remove-stale-XATTRs.patch
-Patch0007: 0007-security_util-verify-xattrs-only-if-ref-is-present.patch
-Patch0008: 0008-virSecuritySELinuxSetFileconImpl-Drop-optional-argum.patch
-Patch0009: 0009-security_selinux-Drop-virSecuritySELinuxSetFileconOp.patch
-Patch0010: 0010-security_selinux-Drop-optional-from-_virSecuritySELi.patch
-Patch0011: 0011-security_selinux-Drop-virSecuritySELinuxSetFileconHe.patch
-Patch0012: 0012-security_selinux-Play-nicely-with-network-FS-that-on.patch
-Patch0013: 0013-qemu_blockjob-Print-image-path-on-failed-security-me.patch
-Patch0014: 0014-qemu_blockjob-Remove-secdriver-metadata-more-frequen.patch
+# Mouse cursor doubled on QEMU VNC on ppc64le (bz #1565253)
+Patch0001: 0001-qemu-Allow-creating-ppc64-guests-with-graphics-and-n.patch
+# CVE-2019-3840: NULL deref after running qemuAgentGetInterfaces (bz
+# #1665229)
+Patch0002: 0002-qemu-Remove-duplicated-qemuAgentCheckError.patch
+Patch0003: 0003-qemu-require-reply-from-guest-agent-in-qemuAgentGetI.patch
+# Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
+# CVE-2019-11091)
+Patch0004: 0004-cpu_x86-Do-not-cache-microcode-version.patch
+Patch0005: 0005-qemu-Don-t-cache-microcode-version.patch
+Patch0006: 0006-cputest-Add-data-for-Intel-R-Xeon-R-CPU-E3-1225-v5.patch
+Patch0007: 0007-cpu_map-Define-md-clear-CPUID-bit.patch
+# Fix systemd socket permissions (CVE-2019-10132)
+Patch0008: 0008-admin-reject-clients-unless-their-UID-matches-the-cu.patch
+Patch0009: 0009-locking-restrict-sockets-to-mode-0600.patch
+Patch0010: 0010-logging-restrict-sockets-to-mode-0600.patch
+# CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc
+# API (bz #1722463, bz #1720115)
+Patch0011: 0011-api-disallow-virDomainSaveImageGetXMLDesc-on-read-on.patch
+# CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly
+# clients (bz #1722462, bz #1720114)
+Patch0012: 0012-api-disallow-virDomainManagedSaveDefineXML-on-read-o.patch
+# CVE-2019-10167: arbitrary command execution via
+# virConnectGetDomainCapabilities API (bz #1722464, bz #1720117)
+Patch0013: 0013-api-disallow-virConnectGetDomainCapabilities-on-read.patch
+# CVE-2019-10168: arbitrary command execution via
+# virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz
+# #1722466, bz #1720118)
+Patch0014: 0014-api-disallow-virConnect-HypervisorCPU-on-read-only-c.patch
+# CVE-2019-3886: virsh domhostname command discloses guest hostname in
+# readonly mode [fedora-rawhide
+Patch0015: 0015-api-disallow-virDomainGetHostname-for-read-only-conn.patch
+Patch0016: 0016-remote-enforce-ACL-write-permission-for-getting-gues.patch
+# Failed to attache NEW rbd device to guest (bz #1672620)
+Patch0017: 0017-Revert-qemu-hotplug-Prepare-disk-source-in-qemuDomai.patch
+# PCI hostdev interface segfault (bz #1692053)
+Patch0018: 0018-util-Fixing-invalid-error-checking-from-virPCIGetNet.patch
+# Fix the test suite
+Patch0019: 0019-tests-merge-code-for-UNIX-and-TCP-socket-testing.patch
+Patch0020: 0020-tests-rewrite-socket-to-do-something-sensible-and-re.patch
+Patch0021: 0021-test-Remove-possible-infinite-loop-in-virnetsockette.patch
 
-# Misc upstream bugfixes
-Patch0101: 0101-Revert-tpm-Check-TPM-XML-device-configuration-change.patch
-Patch0102: 0102-network-fix-crash-during-cleanup-from-failure-to-all.patch
-Patch0103: 0103-network-replace-virSaveLastError-with-virErrorPreser.patch
-Patch0104: 0104-access-fix-incorrect-addition-to-virAccessPermNetwor.patch
-Patch0105: 0105-network-fix-ability-to-use-openvswitch-with-vlans.patch
-# allow tap-based guest interfaces to have MAC address prefix 0xFE (bz
-# #1743349)
-Patch0106: 0106-util-allow-tap-based-guest-interfaces-to-have-MAC-ad.patch
-# systemd socket fixes
-Patch0107: 0107-remote-use-Wants-instead-of-Requires-for-libvirtd-so.patch
-Patch0108: 0108-remote-move-timeout-arg-into-sysconf-file.patch
-Patch0109: 0109-remote-forbid-the-listen-arg-when-systemd-socket-act.patch
-Patch0110: 0110-rpm-don-t-enable-socket-activation-in-upgrade-if-lis.patch
-Patch0111: 0111-remote-fix-registration-of-TLS-socket.patch
-# vircgroupv2: fix setting cpu.max period (bz #1749227)
-Patch0112: 0112-vircgroupv2-fix-setting-cpu.max-period.patch
-# Fix VM startup when legacy cgroups are defined (bz #1612383)
-Patch0113: 0113-vircgroupv2-Fix-VM-startup-when-legacy-cgroups-are-d.patch
-Patch0114: 0114-vircgroup-Add-some-VIR_DEBUG-statements.patch
-# Don't re-autostart objects when using socket activation (bz #1759613)
-Patch0115: 0115-qemu_driver-Fix-comment-of-qemuStateCleanup.patch
-Patch0116: 0116-driver-Introduce-virDriverShouldAutostart.patch
-Patch0117: 0117-lib-autostart-objects-exactly-once.patch
-Patch0118: 0118-Revert-src-Document-autostart-for-session-demon.patch
-# set bridge device MAC address explicitly (bz #1760851)
-Patch0119: 0119-util-allow-sending-mac-addr-to-virNetNewLink-without.patch
-Patch0120: 0120-util-set-bridge-device-MAC-address-explicitly-during.patch
-# Fix issues with uptime detection (bz #1783715)
-Patch0121: 0121-virhostuptime-Add-linux-stub-for-musl.patch
-Patch0122: 0122-virhostuptime-Wrap-virHostGetBootTimeProcfs-call-in-.patch
-Patch0123: 0123-virhostuptime-Introduce-virHostBootTimeInit.patch
-Patch0124: 0124-remote_daemon-Initialize-host-boot-time-global-varia.patch
-# Fix iptables No chain/target/match by that name (bz #1813830)
-Patch0125: 0125-network-make-it-safe-to-call-networkSetupPrivateChai.patch
-Patch0126: 0126-network-force-re-creation-of-iptables-private-chains.patch
-# systemd: start libvirtd after firewalld/iptables services (bz #1697636)
-Patch0127: 0127-systemd-start-libvirtd-after-firewalld-iptables-serv.patch
-# CVE-2020-12430: memory leak in domstats may allow read-only user to
-# perform DoS attack (bz #1828216, bz #1828190)
-Patch0128: 0128-qemuDomainGetStatsIOThread-Don-t-leak-array-with-0-i.patch
-# CVE-2020-10703: Potential denial of service via active pool without target
-# path (bz #1820690, bz #1816650)
-Patch0129: 0129-storage-Fix-daemon-crash-on-lookup-storagepool-by-ta.patch
-# CVE-2019-20485: potential DoS by holding a monitor job while querying QEMU
-# guest-agent (bz #1809741, bz #1809740)
-Patch0130: 0130-qemu-don-t-hold-both-jobs-for-suspend.patch
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -303,9 +288,9 @@ Requires: libvirt-daemon-driver-lxc = %{version}-%{release}
 %if %{with_qemu}
 Requires: libvirt-daemon-driver-qemu = %{version}-%{release}
 %endif
-# We had UML driver, but we've removed it.
-Obsoletes: libvirt-daemon-driver-uml <= 5.0.0
-Obsoletes: libvirt-daemon-uml <= 5.0.0
+%if %{with_uml}
+Requires: libvirt-daemon-driver-uml = %{version}-%{release}
+%endif
 %if %{with_vbox}
 Requires: libvirt-daemon-driver-vbox = %{version}-%{release}
 %endif
@@ -330,7 +315,7 @@ BuildRequires: /usr/bin/pod2man
 %endif
 BuildRequires: gcc
 BuildRequires: git
-%if 0%{?fedora} || 0%{?rhel} > 7
+%if 0%{?fedora} >= 27 || 0%{?rhel} > 7
 BuildRequires: perl-interpreter
 %else
 BuildRequires: perl
@@ -363,6 +348,7 @@ BuildRequires: sanlock-devel >= 2.4
 %endif
 BuildRequires: libpcap-devel
 BuildRequires: libnl3-devel
+BuildRequires: avahi-devel
 BuildRequires: libselinux-devel
 BuildRequires: dnsmasq >= 2.41
 BuildRequires: iptables
@@ -391,8 +377,6 @@ BuildRequires: libiscsi-devel
 BuildRequires: parted-devel
 # For Multipath support
 BuildRequires: device-mapper-devel
-# For XFS reflink clone support
-BuildRequires: xfsprogs-devel
 %if %{with_storage_rbd}
 BuildRequires: librados2-devel
 BuildRequires: librbd1-devel
@@ -452,22 +436,18 @@ BuildRequires: numad
 %endif
 
 %if %{with_wireshark}
-BuildRequires: wireshark-devel >= 2.4.0
+BuildRequires: wireshark-devel >= 2.1.0
 %endif
 
 %if %{with_libssh}
 BuildRequires: libssh-devel >= 0.7.0
 %endif
 
-%if 0%{?fedora} || 0%{?rhel} > 7
+%if 0%{?fedora} > 27 || 0%{?rhel} > 7
 BuildRequires: rpcgen
 BuildRequires: libtirpc-devel
 %endif
 
-%if %{with_firewalld_zone}
-BuildRequires: firewalld-filesystem
-%endif
-
 Provides: bundled(gnulib)
 
 %description
@@ -501,6 +481,7 @@ Requires: iproute
 Requires: iproute-tc
 %endif
 
+Requires: avahi-libs
 Requires: polkit >= 0.112
 %ifarch %{ix86} x86_64 ia64
 # For virConnectGetSysinfo
@@ -614,9 +595,6 @@ Requires: util-linux
 # From QEMU RPMs
 Requires: /usr/bin/qemu-img
 %endif
-%if !%{with_storage_rbd}
-Obsoletes: libvirt-daemon-driver-storage-rbd < %{version}-%{release}
-%endif
 
 %description daemon-driver-storage-core
 The storage driver plugin for the libvirtd daemon, providing
@@ -784,6 +762,9 @@ parted and more.
 Summary: QEMU driver plugin for the libvirtd daemon
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-libs = %{version}-%{release}
+# There really is a hard cross-driver dependency here
+Requires: libvirt-daemon-driver-network = %{version}-%{release}
+Requires: libvirt-daemon-driver-storage-core = %{version}-%{release}
 Requires: /usr/bin/qemu-img
 # For image compression
 Requires: gzip
@@ -819,6 +800,19 @@ the Linux kernel
 %endif
 
 
+%if %{with_uml}
+%package daemon-driver-uml
+Summary: Uml driver plugin for the libvirtd daemon
+Requires: libvirt-daemon = %{version}-%{release}
+Requires: libvirt-libs = %{version}-%{release}
+
+%description daemon-driver-uml
+The UML driver plugin for the libvirtd daemon, providing
+an implementation of the hypervisor driver APIs using
+User Mode Linux
+%endif
+
+
 %if %{with_vbox}
 %package daemon-driver-vbox
 Summary: VirtualBox driver plugin for the libvirtd daemon
@@ -906,6 +900,26 @@ capabilities of LXC
 %endif
 
 
+%if %{with_uml}
+%package daemon-uml
+Summary: Server side daemon & driver required to run UML guests
+
+Requires: libvirt-daemon = %{version}-%{release}
+Requires: libvirt-daemon-driver-uml = %{version}-%{release}
+Requires: libvirt-daemon-driver-interface = %{version}-%{release}
+Requires: libvirt-daemon-driver-network = %{version}-%{release}
+Requires: libvirt-daemon-driver-nodedev = %{version}-%{release}
+Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release}
+Requires: libvirt-daemon-driver-secret = %{version}-%{release}
+Requires: libvirt-daemon-driver-storage = %{version}-%{release}
+# There are no UML kernel RPMs in Fedora/RHEL to depend on.
+
+%description daemon-uml
+Server side daemon and driver required to manage the virtualization
+capabilities of UML
+%endif
+
+
 %if %{with_libxl}
 %package daemon-xen
 Summary: Server side daemon & driver required to run XEN guests
@@ -997,7 +1011,7 @@ Bash completion script stub.
 %if %{with_wireshark}
 %package wireshark
 Summary: Wireshark dissector plugin for libvirt RPC transactions
-Requires: wireshark >= 2.4.0
+Requires: wireshark >= 1.12.6-4
 Requires: %{name}-libs = %{version}-%{release}
 
 %description wireshark
@@ -1111,6 +1125,12 @@ exit 1
     %define arg_vmware --without-vmware
 %endif
 
+%if %{with_uml}
+    %define arg_uml --with-uml
+%else
+    %define arg_uml --without-uml
+%endif
+
 %if %{with_storage_rbd}
     %define arg_storage_rbd --with-storage-rbd
 %else
@@ -1165,12 +1185,6 @@ exit 1
     %define arg_firewalld --without-firewalld
 %endif
 
-%if %{with_firewalld_zone}
-    %define arg_firewalld_zone --with-firewalld-zone
-%else
-    %define arg_firewalld_zone --without-firewalld-zone
-%endif
-
 %if %{with_wireshark}
     %define arg_wireshark --with-wireshark-dissector
 %else
@@ -1227,8 +1241,10 @@ rm -f po/stamp-po
            %{?arg_vbox} \
            %{?arg_libxl} \
            --with-sasl \
+           --with-avahi \
            --with-polkit \
            --with-libvirtd \
+           %{?arg_uml} \
            %{?arg_phyp} \
            %{?arg_esx} \
            %{?arg_hyperv} \
@@ -1268,7 +1284,6 @@ rm -f po/stamp-po
            --with-dtrace \
            --with-driver-modules \
            %{?arg_firewalld} \
-           %{?arg_firewalld_zone} \
            %{?arg_wireshark} \
            --without-pm-utils \
            --with-nss-plugin \
@@ -1292,6 +1307,8 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/%{name}.spec)
 
 %make_install %{?_smp_mflags} SYSTEMD_UNIT_DIR=%{_unitdir} V=1
 
+make %{?_smp_mflags} -C examples distclean V=1
+
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
 rm -f $RPM_BUILD_ROOT%{_libdir}/libvirt/lock-driver/*.la
@@ -1313,8 +1330,8 @@ install -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/lib/libvirt/dnsmasq/
 install -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/
 cp $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml \
    $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml
-# libvirt saves this file with mode 0600
-chmod 0600 $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
 
 # nwfilter files are installed in /usr/share/libvirt and copied to /etc in %post
 # to avoid verification errors on changed files in /etc
@@ -1356,9 +1373,12 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.libxl
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_libxl.aug
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_libxl.aug
 %endif
+%if ! %{with_uml}
+rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml
+%endif
 
 # Copied into libvirt-docs subpackage eventually
-mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt libvirt-docs
+mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version} libvirt-docs
 
 %ifarch %{power64} s390x x86_64 ia64 alpha sparc64
 mv $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/libvirt_probes.stp \
@@ -1386,16 +1406,6 @@ then
   exit 1
 fi
 
-%post libs
-%if 0%{?rhel} == 7
-/sbin/ldconfig
-%endif
-
-%postun libs
-%if 0%{?rhel} == 7
-/sbin/ldconfig
-%endif
-
 %pre daemon
 # 'libvirt' group is just to allow password-less polkit access to
 # libvirtd. The uid number is irrelevant, so we use dynamic allocation
@@ -1408,8 +1418,6 @@ exit 0
 
 %systemd_post virtlockd.socket virtlockd-admin.socket
 %systemd_post virtlogd.socket virtlogd-admin.socket
-%systemd_post libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket
-%systemd_post libvirtd-tcp.socket libvirtd-tls.socket
 %systemd_post libvirtd.service
 
 # request daemon restart in posttrans
@@ -1418,8 +1426,6 @@ touch %{_localstatedir}/lib/rpm-state/libvirt/restart || :
 
 %preun daemon
 %systemd_preun libvirtd.service
-%systemd_preun libvirtd-tcp.socket libvirtd-tls.socket
-%systemd_preun libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket
 %systemd_preun virtlogd.socket virtlogd-admin.socket virtlogd.service
 %systemd_preun virtlockd.socket virtlockd-admin.socket virtlockd.service
 
@@ -1444,33 +1450,10 @@ fi
 
 %posttrans daemon
 if [ -f %{_localstatedir}/lib/rpm-state/libvirt/restart ]; then
-    # Old libvirtd owns the sockets and will delete them on
-    # shutdown. Can't use a try-restart as libvirtd will simply
-    # own the sockets again when it comes back up. Thus we must
-    # do this particular ordering
-    /bin/systemctl is-active libvirtd.service 1>/dev/null 2>&1
-    if test $? = 0 ; then
-        /bin/systemctl stop libvirtd.service >/dev/null 2>&1 || :
-
-        /bin/systemctl try-restart libvirtd.socket >/dev/null 2>&1 || :
-        /bin/systemctl try-restart libvirtd-ro.socket >/dev/null 2>&1 || :
-        /bin/systemctl try-restart libvirtd-admin.socket >/dev/null 2>&1 || :
-
-        /bin/systemctl start libvirtd.service >/dev/null 2>&1 || :
-    fi
+    /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
 fi
 rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
 
-%post daemon-driver-network
-%if %{with_firewalld_zone}
-    %firewalld_reload
-%endif
-
-%postun daemon-driver-network
-%if %{with_firewalld_zone}
-    %firewalld_reload
-%endif
-
 %post daemon-config-network
 if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ; then
     # see if the network used by default network creates a conflict,
@@ -1507,8 +1490,6 @@ if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ;
          < %{_datadir}/libvirt/networks/default.xml \
          > %{_sysconfdir}/libvirt/qemu/networks/default.xml
     ln -s ../default.xml %{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
-    # libvirt saves this file with mode 0600
-    chmod 0600 %{_sysconfdir}/libvirt/qemu/networks/default.xml
 
     # Make sure libvirt picks up the new network defininiton
     mkdir -p %{_localstatedir}/lib/rpm-state/libvirt || :
@@ -1523,8 +1504,6 @@ rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
 
 %post daemon-config-nwfilter
 cp %{_datadir}/libvirt/nwfilter/*.xml %{_sysconfdir}/libvirt/nwfilter/
-# libvirt saves these files with mode 600
-chmod 600 %{_sysconfdir}/libvirt/nwfilter/*.xml
 # Make sure libvirt picks up the new nwfilter defininitons
 mkdir -p %{_localstatedir}/lib/rpm-state/libvirt || :
 touch %{_localstatedir}/lib/rpm-state/libvirt/restart || :
@@ -1536,6 +1515,16 @@ fi
 rm -rf %{_localstatedir}/lib/rpm-state/libvirt || :
 
 
+%triggerun -- libvirt < 0.9.4
+%{_bindir}/systemd-sysv-convert --save libvirtd >/dev/null 2>&1 ||:
+
+# If the package is allowed to autostart:
+/bin/systemctl --no-reload enable libvirtd.service >/dev/null 2>&1 ||:
+
+# Run these because the SysV package being removed won't do them
+/sbin/chkconfig --del libvirtd >/dev/null 2>&1 || :
+/bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 || :
+
 %if %{with_qemu}
 %pre daemon-driver-qemu
 # We want soft static allocation of well-known ids, as disk images
@@ -1558,11 +1547,32 @@ exit 0
 %systemd_preun libvirt-guests.service
 
 %post client
+
+/sbin/ldconfig
 %systemd_post libvirt-guests.service
 
 %postun client
+
+/sbin/ldconfig
 %systemd_postun libvirt-guests.service
 
+%triggerun client -- libvirt < 0.9.4
+%{_bindir}/systemd-sysv-convert --save libvirt-guests >/dev/null 2>&1 ||:
+
+# If the package is allowed to autostart:
+/bin/systemctl --no-reload enable libvirt-guests.service >/dev/null 2>&1 ||:
+
+# Run this because the SysV package being removed won't do them
+/sbin/chkconfig --del libvirt-guests >/dev/null 2>&1 || :
+
+%if %{with_sanlock}
+%post lock-sanlock
+if getent group sanlock > /dev/null ; then
+    chmod 0770 %{_localstatedir}/lib/libvirt/sanlock
+    chown root:sanlock %{_localstatedir}/lib/libvirt/sanlock
+fi
+%endif
+
 %if %{with_lxc}
 %pre login-shell
 getent group virtlogin >/dev/null || groupadd -r virtlogin
@@ -1581,6 +1591,16 @@ exit 0
 %doc %{_datadir}/gtk-doc/html/libvirt/*.html
 %doc %{_datadir}/gtk-doc/html/libvirt/*.png
 %doc %{_datadir}/gtk-doc/html/libvirt/*.css
+%doc examples/hellolibvirt
+%doc examples/object-events
+%doc examples/dominfo
+%doc examples/domsuspend
+%doc examples/dommigrate
+%doc examples/openauth
+%doc examples/xml
+%doc examples/rename
+%doc examples/systemtap
+%doc examples/admin
 
 
 %files daemon
@@ -1588,11 +1608,6 @@ exit 0
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/
 
 %{_unitdir}/libvirtd.service
-%{_unitdir}/libvirtd.socket
-%{_unitdir}/libvirtd-ro.socket
-%{_unitdir}/libvirtd-admin.socket
-%{_unitdir}/libvirtd-tcp.socket
-%{_unitdir}/libvirtd-tls.socket
 %{_unitdir}/virt-guest-shutdown.target
 %{_unitdir}/virtlogd.service
 %{_unitdir}/virtlogd.socket
@@ -1653,11 +1668,11 @@ exit 0
 %{_mandir}/man8/virtlockd.8*
 %{_mandir}/man7/virkey*.7*
 
+%doc examples/polkit/*.rules
+
 %files daemon-config-network
 %dir %{_datadir}/libvirt/networks/
 %{_datadir}/libvirt/networks/default.xml
-%ghost %{_sysconfdir}/libvirt/qemu/networks/default.xml
-%ghost %{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
 
 %files daemon-config-nwfilter
 %dir %{_datadir}/libvirt/nwfilter/
@@ -1677,10 +1692,6 @@ exit 0
 %attr(0755, root, root) %{_libexecdir}/libvirt_leaseshelper
 %{_libdir}/%{name}/connection-driver/libvirt_driver_network.so
 
-%if %{with_firewalld_zone}
-%{_prefix}/lib/firewalld/zones/libvirt.xml
-%endif
-
 %files daemon-driver-nodedev
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so
 
@@ -1748,7 +1759,7 @@ exit 0
 %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
 %config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
-%ghost %dir %{_localstatedir}/run/libvirt/qemu/
+%ghost %dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/
 %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
 %dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
 %{_datadir}/augeas/lenses/libvirtd_qemu.aug
@@ -1771,6 +1782,15 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_lxc.so
 %endif
 
+%if %{with_uml}
+%files daemon-driver-uml
+%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/
+%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml
+%ghost %dir %{_localstatedir}/run/libvirt/uml/
+%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/
+%{_libdir}/%{name}/connection-driver/libvirt_driver_uml.so
+%endif
+
 %if %{with_libxl}
 %files daemon-driver-libxl
 %config(noreplace) %{_sysconfdir}/libvirt/libxl.conf
@@ -1801,6 +1821,10 @@ exit 0
 %files daemon-lxc
 %endif
 
+%if %{with_uml}
+%files daemon-uml
+%endif
+
 %if %{with_libxl}
 %files daemon-xen
 %endif
@@ -1820,7 +1844,7 @@ exit 0
 %attr(0755, root, root) %{_libdir}/libvirt/lock-driver/sanlock.so
 %{_datadir}/augeas/lenses/libvirt_sanlock.aug
 %{_datadir}/augeas/lenses/tests/test_libvirt_sanlock.aug
-%dir %attr(0770, root, sanlock) %{_localstatedir}/lib/libvirt/sanlock
+%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/sanlock
 %{_sbindir}/virt-sanlock-cleanup
 %{_mandir}/man8/virt-sanlock-cleanup.8*
 %attr(0755, root, root) %{_libexecdir}/libvirt_sanlock_helper
@@ -1868,13 +1892,11 @@ exit 0
 %{_datadir}/libvirt/schemas/cputypes.rng
 %{_datadir}/libvirt/schemas/domain.rng
 %{_datadir}/libvirt/schemas/domaincaps.rng
-%{_datadir}/libvirt/schemas/domaincheckpoint.rng
 %{_datadir}/libvirt/schemas/domaincommon.rng
 %{_datadir}/libvirt/schemas/domainsnapshot.rng
 %{_datadir}/libvirt/schemas/interface.rng
 %{_datadir}/libvirt/schemas/network.rng
 %{_datadir}/libvirt/schemas/networkcommon.rng
-%{_datadir}/libvirt/schemas/networkport.rng
 %{_datadir}/libvirt/schemas/nodedev.rng
 %{_datadir}/libvirt/schemas/nwfilter.rng
 %{_datadir}/libvirt/schemas/nwfilter_params.rng
@@ -1882,7 +1904,6 @@ exit 0
 %{_datadir}/libvirt/schemas/secret.rng
 %{_datadir}/libvirt/schemas/storagecommon.rng
 %{_datadir}/libvirt/schemas/storagepool.rng
-%{_datadir}/libvirt/schemas/storagepoolcaps.rng
 %{_datadir}/libvirt/schemas/storagevol.rng
 
 %{_datadir}/libvirt/cpu_map/*.xml
@@ -1928,7 +1949,6 @@ exit 0
 %{_includedir}/libvirt/libvirt-admin.h
 %{_includedir}/libvirt/libvirt-common.h
 %{_includedir}/libvirt/libvirt-domain.h
-%{_includedir}/libvirt/libvirt-domain-checkpoint.h
 %{_includedir}/libvirt/libvirt-domain-snapshot.h
 %{_includedir}/libvirt/libvirt-event.h
 %{_includedir}/libvirt/libvirt-host.h
@@ -1951,49 +1971,12 @@ exit 0
 %{_datadir}/libvirt/api/libvirt-admin-api.xml
 %{_datadir}/libvirt/api/libvirt-qemu-api.xml
 %{_datadir}/libvirt/api/libvirt-lxc-api.xml
+# Needed building python bindings
+%doc docs/libvirt-api.xml
 
 
 %changelog
-* Wed May 27 2020 Cole Robinson <crobinso@redhat.com> - 5.6.0-7
-- Fix iptables No chain/target/match by that name (bz #1813830)
-- systemd: start libvirtd after firewalld/iptables services (bz #1697636)
-- CVE-2020-12430: memory leak in domstats may allow read-only user to
-  perform DoS attack (bz #1828216, bz #1828190)
-- CVE-2020-10703: Potential denial of service via active pool without target
-  path (bz #1820690, bz #1816650)
-- CVE-2019-20485: potential DoS by holding a monitor job while querying QEMU
-  guest-agent (bz #1809741, bz #1809740)
-
-* Tue Apr 07 2020 Cole Robinson <crobinso@redhat.com> - 5.6.0-6
-- Fix issues with uptime detection (bz #1783715)
-
-* Mon Nov 11 2019 Cole Robinson <crobinso@redhat.com> - 5.6.0-5
-- Don't re-autostart objects when using socket activation (bz #1759613)
-- set bridge device MAC address explicitly (bz #1760851)
-
-* Thu Sep 26 2019 Cole Robinson <crobinso@redhat.com> - 5.6.0-4
-- Fix VM startup when legacy cgroups are defined (bz #1612383)
-
-* Tue Sep 17 2019 Cole Robinson <crobinso@redhat.com> - 5.6.0-3
-- allow tap-based guest interfaces to have MAC address prefix 0xFE (bz
-  #1743349)
-- systemd socket fixes
-- vircgroupv2: fix setting cpu.max period (bz #1749227)
-
-* Thu Sep 05 2019 Cole Robinson <crobinso@redhat.com> - 5.6.0-2
-- Fix issues with qemu.conf remember_owner (bz #1748079)
-- Misc upstream bugfixes
-
-* Tue Aug 06 2019 Cole Robinson <crobinso@redhat.com> - 5.6.0-1
-- Update to version 5.6.0
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.5.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Wed Jul 03 2019 Cole Robinson <crobinso@redhat.com> - 5.5.0-1
-- Rebased to version 5.5.0
-
-* Thu Jun 20 2019 Cole Robinson <crobinso@redhat.com> - 5.4.0-2
+* Thu Jun 20 2019 Cole Robinson <crobinso@redhat.com> - 4.7.0-5
 - CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc
   API (bz #1722463, bz #1720115)
 - CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly
@@ -2003,61 +1986,24 @@ exit 0
 - CVE-2019-10168: arbitrary command execution via
   virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (bz
   #1722466, bz #1720118)
+- CVE-2019-3886: virsh domhostname command discloses guest hostname in
+  readonly mode [fedora-rawhide
+- Failed to attache NEW rbd device to guest (bz #1672620)
+- PCI hostdev interface segfault (bz #1692053)
 
-* Wed Jun 12 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.4.0-1
-- Update to 5.4.0 release
-
-* Tue May 21 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.3.0-3
+* Tue May 21 2019 Daniel P. Berrangé <berrange@redhat.com> - 4.7.0-4
 - Fix systemd socket permissions
 - Resolves: rhbz #1712498 (CVE-2019-10132)
 
-* Tue May 14 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.3.0-2
+* Tue May 14 2019 Daniel P. Berrangé <berrange@redhat.com> - 4.7.0-3
 - Define md-clear CPUID bit
 - Resolves: rhbz #1709977 (CVE-2018-12126), rhbz #1709979 (CVE-2018-12127),
   rhbz #1709997 (CVE-2018-12130), rhbz #1709984 (CVE-2019-11091)
 
-* Tue May  7 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.3.0-1
-- Update to 5.3.0 release
-
-* Mon Apr 08 2019 Cole Robinson <crobinso@redhat.com> - 5.2.0-2
-- Rebuild for xen 4.12 soname bump
-
-* Wed Apr  3 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.2.0-1
-- Update to 5.2.0 release
-
-* Wed Mar 20 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.1.0-3
-- Fix upgrades for rbd on i686 (rhbz #1688121)
-- Add missing xfsprogs-devel dep
-- Fix use of deprecated RBD features
-- Avoid using firewalld if unprivileged
-- Don't require ipv6 firewall support at startup (rhbz #1688968)
-
-* Wed Mar 06 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 5.1.0-2
-- Remove obsolete scriptlets
-
-* Mon Mar  4 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.1.0-1
-- Update to 5.1.0 release
-
-* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 5.0.0-3
-- Rebuild for readline 8.0
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Mon Jan 21 2019 Daniel P. Berrangé <berrange@redhat.com> - 5.0.0-1
-- Update to 5.0.0 release
-
-* Mon Dec 10 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.10.0-2
-- Disable RBD on 32-bit arches (rhbz #1657928)
-
-* Mon Dec  3 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.10.0-1
-- Update to 4.10.0 release
-
-* Mon Nov 12 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.9.0-1
-- Update to 4.9.0 release
-
-* Fri Oct  5 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.8.0-1
-- Update to 4.8.0 release
+* Tue Apr 02 2019 Cole Robinson <crobinso@redhat.com> - 4.7.0-2
+- Mouse cursor doubled on QEMU VNC on ppc64le (bz #1565253)
+- CVE-2019-3840: NULL deref after running qemuAgentGetInterfaces (bz
+  #1665229)
 
 * Tue Sep  4 2018 Daniel P. Berrangé <berrange@redhat.com> - 4.7.0-1
 - Update to 4.7.0 release
@@ -2101,3 +2047,51 @@ exit 0
 
 * Fri Jan 19 2018 Daniel P. Berrange <berrange@redhat.com> - 4.0.0-1
 - Rebase to version 4.0.0
+
+* Wed Dec 20 2017 Cole Robinson <crobinso@redhat.com> - 3.10.0-2
+- Rebuild for xen 4.10
+
+* Tue Dec  5 2017 Daniel P. Berrange <berrange@redhat.com> - 3.10.0-1
+- Rebase to version 3.10.0
+
+* Fri Nov  3 2017 Daniel P. Berrange <berrange@redhat.com> - 3.9.0-1
+- Rebase to version 3.9.0
+
+* Wed Oct  4 2017 Daniel P. Berrange <berrange@redhat.com> - 3.8.0-1
+- Rebase to version 3.8.0
+
+* Mon Sep  4 2017 Daniel P. Berrange <berrange@redhat.com> - 3.7.0-1
+- Rebase to version 3.7.0
+
+* Wed Aug  2 2017 Daniel P. Berrange <berrange@redhat.com> - 3.6.0-1
+- Rebase to version 3.6.0
+
+* Sun Jul 30 2017 Florian Weimer <fweimer@redhat.com> - 3.5.0-4
+- Rebuild with binutils fix for ppc64le (#1475636)
+
+* Tue Jul 25 2017 Daniel P. Berrange <berrange@redhat.com> - 3.5.0-3
+- Disabled RBD on i386, arm, ppc64 (rhbz #1474743)
+
+* Mon Jul 17 2017 Cole Robinson <crobinso@redhat.com> - 3.5.0-2
+- Rebuild for xen 4.9
+
+* Thu Jul  6 2017 Daniel P. Berrange <berrange@redhat.com> - 3.5.0-1
+- Rebase to version 3.5.0
+
+* Fri Jun  2 2017 Daniel P. Berrange <berrange@redhat.com> - 3.4.0-1
+- Rebase to version 3.4.0
+
+* Mon May  8 2017 Daniel P. Berrange <berrange@redhat.com> - 3.3.0-1
+- Rebase to version 3.3.0
+
+* Mon Apr  3 2017 Daniel P. Berrange <berrange@redhat.com> - 3.2.0-1
+- Rebase to version 3.2.0
+
+* Fri Mar  3 2017 Daniel P. Berrange <berrange@redhat.com> - 3.1.0-1
+- Rebase to version 3.1.0
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Jan 19 2017 Daniel P. Berrange <berrange@redhat.com> - 3.0.0-1
+- Rebase to version 3.0.0

sources

@@ -1 +1 @@
-SHA512 (libvirt-5.6.0.tar.xz) = 95fe931394fb31288faf73349bb298f08f63cf062f851b9935303145f8166f69128be9360757f0e1845256c14f4d7672843dba0dc6c086b1c3c8bfc035cc8986
+SHA512 (libvirt-4.7.0.tar.xz) = a4b320460b923508d9519c65c8be18b5013eb7ed4d581984cc5edf0d3476c34f959d69ad4ca7a0e257dac91351e11718785efc3f201d4b58fa999dbca1daac47